[OE-core][scarthgap 00/10] Patch review

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, August 9

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7220

with the exception of a load related parsing failure on qemuarm64-armhost
which passed on subsequent re-test:

https://autobuilder.yoctoproject.org/typhoon/#/builders/97/builds/8717

The following changes since commit 136a25567499191b23a4d000a06bf83a473224ca:

  rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS (2024-08-03 11:45:57 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (1):
  ffmpeg: fix CVE-2024-31582

Ashish Sharma (1):
  bind: Upgrade 9.18.25 -> 9.18.28

Changqing Li (2):
  curl: correct the PACKAGECONFIG for native/nativesdk
  libpng: update SRC_URI

Peter Marko (4):
  curl: Patch CVE-2024-6197
  glibc: cleanup old cve status
  qemu: set cve status for CVE-2023-6683
  libmnl: explicitly disable doxygen

Richard Purdie (1):
  nasm: Upgrade 2.16.01 -> 2.16.03

Wang Mingyu (1):
  orc: upgrade 0.4.38 -> 0.4.39

 .../bind/{bind_9.18.25.bb => bind_9.18.28.bb} |  2 +-
 meta/recipes-core/glibc/glibc-version.inc     |  2 --
 .../nasm/{nasm_2.16.01.bb => nasm_2.16.03.bb} |  2 +-
 .../orc/{orc_0.4.38.bb => orc_0.4.39.bb}      |  2 +-
 meta/recipes-devtools/qemu/qemu.inc           |  2 ++
 meta/recipes-extended/libmnl/libmnl_1.0.5.bb  |  2 ++
 .../ffmpeg/ffmpeg/CVE-2024-31582.patch        | 34 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 .../libpng/libpng_1.6.42.bb                   |  2 +-
 .../curl/curl/CVE-2024-6197.patch             | 24 +++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  5 +--
 11 files changed, 70 insertions(+), 8 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.25.bb => bind_9.18.28.bb} (97%)
 rename meta/recipes-devtools/nasm/{nasm_2.16.01.bb => nasm_2.16.03.bb} (88%)
 rename meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} (92%)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-6197.patch

-- 
2.34.1

[OE-core][scarthgap 01/10] curl: Patch CVE-2024-6197

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Picked commit per https://curl.se/docs/CVE-2024-6197.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2024-6197.patch             | 24 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-6197.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2024-6197.patch b/meta/recipes-support/curl/curl/CVE-2024-6197.patch
new file mode 100644
index 0000000000..0622e70dc8
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-6197.patch
@@ -0,0 +1,24 @@
+From 3a537a4db9e65e545ec45b1b5d5575ee09a2569d Mon Sep 17 00:00:00 2001
+From: z2_ <88509734+z2-2z@users.noreply.github.com>
+Date: Fri, 28 Jun 2024 14:45:47 +0200
+Subject: [PATCH] x509asn1: remove superfluous free()
+
+CVE: CVE-2024-6197
+Upstream-Status: Backport [https://github.com/curl/curl/commit/3a537a4db9e65e545ec45b1b5d5575ee09a2569d.patch]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vtls/x509asn1.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
+index f71ab0b90a5931..1bc4243ddae343 100644
+--- a/lib/vtls/x509asn1.c
++++ b/lib/vtls/x509asn1.c
+@@ -393,7 +393,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
+         if(wc >= 0x00000800) {
+           if(wc >= 0x00010000) {
+             if(wc >= 0x00200000) {
+-              free(buf);
+               /* Invalid char. size for target encoding. */
+               return CURLE_WEIRD_SERVER_REPLY;
+             }
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index 3fdad6a4cf..136782ffec 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     file://run-ptest \
     file://disable-tests \
     file://no-test-timeout.patch \
+    file://CVE-2024-6197.patch \
 "
 SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"
 
-- 
2.34.1

[OE-core][scarthgap 02/10] glibc: cleanup old cve status

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

This CVE status should have been removed on version update.
CPE says >=2.34 and <2.39 while our version is already 2.39.

(From OE-Core rev: b568a8f428e76f75bb8c374983f62822325ebe8a)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index ad58bebcf1..955b22bc38 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -6,5 +6,3 @@ SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)"
-
-CVE_STATUS[CVE-2023-4911] = "fixed-version: Fixed in stable branch updates"
-- 
2.34.1

[OE-core][scarthgap 03/10] qemu: set cve status for CVE-2023-6683

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

This CVE is fixed in v8.2.2 with v8.2.1-55-g480a6adc83

https://github.com/qemu/qemu/commit/480a6adc83a7bbc84bfe67229e084603dc061824

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 41af9ca045..3643b9a544 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -74,6 +74,8 @@ CVE_STATUS[CVE-2023-3019] = "cpe-incorrect: Applies only against versions before
 
 CVE_STATUS[CVE-2023-5088] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
 
+CVE_STATUS[CVE-2023-6683] = "cpe-incorrect: Applies only against version 8.2.1 and earlier"
+
 CVE_STATUS[CVE-2023-6693] = "cpe-incorrect: Applies only against version 8.2.0 and earlier"
 
 COMPATIBLE_HOST:mipsarchn32 = "null"
-- 
2.34.1

[OE-core][scarthgap 04/10] ffmpeg: fix CVE-2024-31582

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-31582.patch        | 34 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
new file mode 100644
index 0000000000..2ade3ab6b1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
@@ -0,0 +1,34 @@
+From 1d1a05b393ece9fa3df825bfef3724b7370aefdc Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Fri, 29 Dec 2023 05:56:43 +0800
+Subject: [PATCH] avfilter/vf_codecview: fix heap buffer overflow
+
+And improve the performance by a little bit.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+
+CVE: CVE-2024-31582
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_codecview.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c
+index 55d9c8c..f65ccbd 100644
+--- a/libavfilter/vf_codecview.c
++++ b/libavfilter/vf_codecview.c
+@@ -216,9 +216,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, ptr
+         buf[sx + w - 1] = color;
+         buf += stride;
+     }
+-
+-    for (int x = sx; x < sx + w; x++)
+-        buf[x] = color;
+ }
+
+ static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 06bd36e2e2..05919e6ffd 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -29,6 +29,7 @@ SRC_URI = " \
     file://vulkan_fix_gcc14.patch \
     file://CVE-2023-49502.patch \
     file://CVE-2024-31578.patch \
+    file://CVE-2024-31582.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.34.1

[OE-core][scarthgap 05/10] nasm: Upgrade 2.16.01 -> 2.16.03

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Removes CVE-2022-46456 from reports.

(From OE-Core rev: 4a5b6e8dd315b2281afb232410db585d431be00f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/nasm/{nasm_2.16.01.bb => nasm_2.16.03.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/nasm/{nasm_2.16.01.bb => nasm_2.16.03.bb} (88%)

diff --git a/meta/recipes-devtools/nasm/nasm_2.16.01.bb b/meta/recipes-devtools/nasm/nasm_2.16.03.bb
similarity index 88%
rename from meta/recipes-devtools/nasm/nasm_2.16.01.bb
rename to meta/recipes-devtools/nasm/nasm_2.16.03.bb
index 219cc49360..281f3940e7 100644
--- a/meta/recipes-devtools/nasm/nasm_2.16.01.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.16.03.bb
@@ -10,7 +10,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
            file://0002-Add-debug-prefix-map-option.patch \
            "
 
-SRC_URI[sha256sum] = "35b6ad2ee048d41c4779f073f3efca7762a822b7d2d4ef4e8df24cf65747bb2e"
+SRC_URI[sha256sum] = "bef3de159bcd61adf98bb7cc87ee9046e944644ad76b7633f18ab063edb29e57"
 
 EXTRA_AUTORECONF:append = " -I autoconf/m4"
 
-- 
2.34.1

[OE-core][scarthgap 06/10] orc: upgrade 0.4.38 -> 0.4.39

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bcbaaa9f7d88686915c354fb66682cbe9b1d0536)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/orc/{orc_0.4.38.bb => orc_0.4.39.bb} (92%)

diff --git a/meta/recipes-devtools/orc/orc_0.4.38.bb b/meta/recipes-devtools/orc/orc_0.4.39.bb
similarity index 92%
rename from meta/recipes-devtools/orc/orc_0.4.38.bb
rename to meta/recipes-devtools/orc/orc_0.4.39.bb
index 5d2296694a..320abf536a 100644
--- a/meta/recipes-devtools/orc/orc_0.4.38.bb
+++ b/meta/recipes-devtools/orc/orc_0.4.39.bb
@@ -5,7 +5,7 @@ LICENSE = "BSD-2-Clause & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=1400bd9d09e8af56b9ec982b3d85797e"
 
 SRC_URI = "http://gstreamer.freedesktop.org/src/orc/orc-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a55a98d4772567aa3faed8fb84d540c3db77eaba16d3e2e10b044fbc9228668d"
+SRC_URI[sha256sum] = "33ed2387f49b825fa1b9c3b0072e05f259141b895474ad085ae51143d3040cc0"
 
 inherit meson pkgconfig gtk-doc
 
-- 
2.34.1

[OE-core][scarthgap 07/10] bind: Upgrade 9.18.25 -> 9.18.28

[Steve Sakoman]

From: Ashish Sharma <asharma@mvista.com>

Includes security fixes for:
			CVE-2024-1975
			CVE-2024-1737
			CVE-2024-0760
			CVE-2024-4076

Changelog:
=========
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.28/CHANGES

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../bind/{bind_9.18.25.bb => bind_9.18.28.bb}                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.25.bb => bind_9.18.28.bb} (97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.18.25.bb b/meta/recipes-connectivity/bind/bind_9.18.28.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.25.bb
rename to meta/recipes-connectivity/bind/bind_9.18.28.bb
index cc35604aba..ca2aef233b 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.25.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.28.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
            file://0001-avoid-start-failure-with-bind-user.patch \
            "
 
-SRC_URI[sha256sum] = "5a4a70432a33d009f0e6e9dbb328aae7a5e27507e98e28bf3c0c6b250ccb2ab3"
+SRC_URI[sha256sum] = "e7cce9a165f7b619eefc4832f0a8dc16b005d29e3890aed6008c506ea286a5e7"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 # follow the ESV versions divisible by 2
-- 
2.34.1

[OE-core][scarthgap 08/10] curl: correct the PACKAGECONFIG for native/nativesdk

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Since commit 148de08220 [ curl: Update from 8.2.1 to 8.3.0 ],
--enable-crypto-auth option was removed and split into separate options
for basic-auth, bearer-auth, digest-auth, kerberos-auth negotiate-auth,
and aws. In this commit, --enable-crypto-auth is removed from
EXTRA_OECONF, and the separate options is added into PACKAGECONFIG for
target. But not added into PACKAGECONFIG for native/nativesdk, this make
curl/git in buildtools not works well to connect basic auth https
server.

Failed commands:
git ls-remote https://xxx(input username/passwd)
curl -u name:passwd https://xxx

Error:
Authentication failed xxx
HTTP/1.1 401 Unauthorized

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/curl/curl_8.7.1.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index 136782ffec..6d2886f70c 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -28,8 +28,8 @@ inherit autotools pkgconfig binconfig multilib_header ptest
 RANDOM ?= "/dev/urandom"
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib"
-PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib"
-PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib"
+PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib aws basic-auth bearer-auth digest-auth negotiate-auth"
+PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib aws basic-auth bearer-auth digest-auth negotiate-auth"
 
 # 'ares' and 'threaded-resolver' are mutually exclusive
 PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
-- 
2.34.1

[OE-core][scarthgap 09/10] libmnl: explicitly disable doxygen

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

libmnl autoconf autodetects doxygen to generate manpages.
If doxygen is provided via hosttools, the build fails.
Also until now manpages were not needed.
So explicitly disable doxygen in configure step.

(From OE-Core rev: 8d7bbf4d6936d831e341e9443a6b3711be09c7ab)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/libmnl/libmnl_1.0.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/libmnl/libmnl_1.0.5.bb b/meta/recipes-extended/libmnl/libmnl_1.0.5.bb
index 748326c0a0..66b30d7f60 100644
--- a/meta/recipes-extended/libmnl/libmnl_1.0.5.bb
+++ b/meta/recipes-extended/libmnl/libmnl_1.0.5.bb
@@ -11,4 +11,6 @@ SRC_URI[sha256sum] = "274b9b919ef3152bfb3da3a13c950dd60d6e2bcd54230ffeca298d03b4
 
 inherit autotools pkgconfig
 
+EXTRA_OECONF += "--with-doxygen=no"
+
 BBCLASSEXTEND = "native"
-- 
2.34.1

[OE-core][scarthgap 10/10] libpng: update SRC_URI

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

update SRC_URI to fix do_fetch warning:
WARNING: libpng-1.6.42-r0 do_fetch: Failed to fetch URL https://downloads.sourceforge.net/project/libpng/libpng16/libpng-1.6.42.tar.xz, attempting MIRRORS if available

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/libpng/libpng_1.6.42.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb
index cadbe957db..673133bb4a 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb
@@ -10,7 +10,7 @@ DEPENDS = "zlib"
 
 LIBV = "16"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${BP}.tar.xz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz"
 SRC_URI[sha256sum] = "c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450"
 
 MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/"
-- 
2.34.1

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 21

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2234

The following changes since commit fa45d6d5bec8fe503ff6b9166a3b4af31ea95369:

  go-helloworld: fix license (2025-08-14 07:34:07 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Daniel Turull (2):
  xz: ignore CVE-2024-47611
  libxml2: ignore CVE-2025-8732

Khem Raj (3):
  e2fsprogs: Fix build failure with gcc 15
  parted: Fix build with GCC 15
  bash: Stick to C17 std

Martin Jansa (2):
  cairo: fix build with gcc-15 on host
  bash: use -std=gnu17 also for native CFLAGS

Peter Marko (2):
  dropbear: patch CVE-2025-47203
  glib-2.0: ignore CVE-2025-4056

Philip Lorenz (1):
  cve-check: Add missing call to exit_if_errors

 meta/classes/cve-check.bbclass                |   1 +
 ...iable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch |  27 ++
 ...-length-paths-and-commands-in-multih.patch |  63 +++
 ...and-also-forward-this-when-multihop-.patch |  81 ++++
 ...add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch |  29 ++
 .../dropbear/dropbear/CVE-2025-47203.patch    | 367 ++++++++++++++++++
 .../recipes-core/dropbear/dropbear_2022.83.bb |   5 +
 meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb |   2 +
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |   4 +
 ...-libext2fs-fix-std-c23-build-failure.patch |  42 ++
 .../e2fsprogs/e2fsprogs_1.47.0.bb             |   1 +
 meta/recipes-extended/bash/bash_5.2.21.bb     |   5 +
 ...CH-parted-fix-do_version-declaration.patch |  40 ++
 meta/recipes-extended/parted/parted_3.6.bb    |   1 +
 meta/recipes-extended/xz/xz_5.4.7.bb          |   2 +
 .../cairo/cairo/0001-Require-C11.patch        |  25 ++
 .../cairo/cairo/0002-Meson-Require-C-11.patch |  22 ++
 meta/recipes-graphics/cairo/cairo_1.18.0.bb   |   2 +
 18 files changed, 719 insertions(+)
 create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch
 create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch
 create mode 100644 meta/recipes-core/dropbear/dropbear/0001-add-o-BatchMode-and-also-forward-this-when-multihop-.patch
 create mode 100644 meta/recipes-core/dropbear/dropbear/0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch
 create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-std-c23-build-failure.patch
 create mode 100644 meta/recipes-extended/parted/files/0001-bug-74444-PATCH-parted-fix-do_version-declaration.patch
 create mode 100644 meta/recipes-graphics/cairo/cairo/0001-Require-C11.patch
 create mode 100644 meta/recipes-graphics/cairo/cairo/0002-Meson-Require-C-11.patch

-- 
2.43.0

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, March 31

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1283

The following changes since commit a720df7ad77af1f8b1c00a211c88537e5f23edbc:

  nativesdk-libtool: sanitize the script, remove buildpaths (2025-03-20 12:51:41 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Bruce Ashfield (6):
  linux-yocto/6.6: update to v6.6.77
  linux-yocto/6.6: update to v6.6.78
  linux-yocto/6.6: update to v6.6.80
  linux-yocto/6.6: update to v6.6.82
  linux-yocto/6.6: update to v6.6.83
  linux-yocto/6.6: update to v6.6.84

Divya Chellam (1):
  ruby: fix CVE-2025-27220

Madhu Marri (1):
  qemu 8.2.7: ignore CVE-2023-1386

Stefan Mueller-Klieser (1):
  kernel-arch: add macro-prefix-map in KERNEL_CC

Vijay Anusuri (1):
  vim: Upgrade 9.1.1115 -> 9.1.1198

 meta/classes-recipe/kernel-arch.bbclass       |  8 +-
 meta/recipes-devtools/qemu/qemu.inc           |  2 +
 .../ruby/ruby/CVE-2025-27220.patch            | 78 +++++++++++++++++++
 meta/recipes-devtools/ruby/ruby_3.3.5.bb      |  1 +
 .../linux/linux-yocto-rt_6.6.bb               |  6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |  6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++----
 meta/recipes-support/vim/vim.inc              |  4 +-
 8 files changed, 110 insertions(+), 23 deletions(-)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch

-- 
2.43.0

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, February 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1081

The following changes since commit fc46705cc629a151f85717a57f7d789de8fd9b64:

  icu: remove host references in nativesdk to fix reproducibility (2025-02-19 06:28:10 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Etienne Cordonnier (1):
  python3-setuptools-scm: respect GIT_CEILING_DIRECTORIES

Hitendra Prajapati (1):
  libcap: fix CVE-2025-1390

Hongxu Jia (6):
  u-boot: fix CVE-2024-57254
  u-boot: fix CVE-2024-57255
  u-boot: fix CVE-2024-57256
  u-boot: fix CVE-2024-57257
  u-boot: fix CVE-2024-57258
  u-boot: fix CVE-2024-57259

Peter Marko (1):
  libxml2: upgrade 2.12.9 -> 2.12.10

Vijay Anusuri (1):
  bind: Upgrade 9.18.28 -> 9.18.33

 .../u-boot/files/CVE-2024-57254.patch         |  47 ++++
 .../u-boot/files/CVE-2024-57255.patch         |  53 ++++
 .../u-boot/files/CVE-2024-57256.patch         |  51 ++++
 .../u-boot/files/CVE-2024-57257.patch         | 227 ++++++++++++++++++
 .../u-boot/files/CVE-2024-57258-1.patch       |  47 ++++
 .../u-boot/files/CVE-2024-57258-2.patch       |  43 ++++
 .../u-boot/files/CVE-2024-57258-3.patch       |  40 +++
 .../u-boot/files/CVE-2024-57259.patch         |  41 ++++
 meta/recipes-bsp/u-boot/u-boot-common.inc     |  11 +-
 .../bind/{bind_9.18.28.bb => bind_9.18.33.bb} |   2 +-
 .../{libxml2_2.12.9.bb => libxml2_2.12.10.bb} |   2 +-
 ...0001-respect-GIT_CEILING_DIRECTORIES.patch |  36 +++
 .../python/python3-setuptools-scm_8.0.4.bb    |   1 +
 .../libcap/files/CVE-2025-1390.patch          |  36 +++
 meta/recipes-support/libcap/libcap_2.69.bb    |   1 +
 15 files changed, 635 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57254.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57256.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57257.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57258-1.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57258-2.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57258-3.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57259.patch
 rename meta/recipes-connectivity/bind/{bind_9.18.28.bb => bind_9.18.33.bb} (97%)
 rename meta/recipes-core/libxml/{libxml2_2.12.9.bb => libxml2_2.12.10.bb} (97%)
 create mode 100644 meta/recipes-devtools/python/python3-setuptools-scm/0001-respect-GIT_CEILING_DIRECTORIES.patch
 create mode 100644 meta/recipes-support/libcap/files/CVE-2025-1390.patch

-- 
2.43.0

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, December 20

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/674

The following changes since commit b19b1e905d966443c4e4d17dfaeb299ae2526575:

  cve-update-nvd2-native: Tweak to work better with NFS DL_DIR (2024-12-18 06:41:14 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  rust: add reproducibility patch to eliminate host leakage

Archana Polampalli (3):
  ffmpeg: fix CVE-2024-35366
  ffmpeg: fix CVE-2024-35367
  ffmpeg: fix CVE-2024-35368

Hongxu Jia (1):
  kern-tools-native: fix SyntaxWarning for RegEx calls on Python 3.12

Jiaying Song (1):
  subversion: fix CVE-2024-46901

Khem Raj (1):
  python3: Drop empty patch

Ross Burton (1):
  python3: add dependency on -compression to -core

Sunil Dora (1):
  gcc: Fix c++: tweak for Wrange-loop-construct

Yash Shinde (1):
  binutils: Fix CVE-2024-53589

 .../binutils/binutils-2.42.inc                |   1 +
 .../binutils/0016-CVE-2024-53589.patch        |  92 ++++++++++
 meta/recipes-devtools/gcc/gcc-13.3.inc        |   1 +
 ...ix-c-tweak-for-Wrange-loop-construct.patch | 113 ++++++++++++
 ...lize-struct-termios-before-calling-t.patch |  26 ---
 .../python/python3/python3-manifest.json      |   2 +-
 .../recipes-devtools/python/python3_3.12.6.bb |   1 -
 ...te-host-information-into-compilation.patch |  51 ++++++
 meta/recipes-devtools/rust/rust-source.inc    |   1 +
 .../subversion/CVE-2024-46901.patch           | 161 ++++++++++++++++++
 .../subversion/subversion_1.14.3.bb           |   3 +-
 ...yntaxWarning-for-RegEx-calls-on-Pyth.patch |  60 +++++++
 .../kern-tools/kern-tools-native_git.bb       |   4 +-
 .../ffmpeg/ffmpeg/CVE-2024-35366.patch        |  35 ++++
 .../ffmpeg/ffmpeg/CVE-2024-35367.patch        |  47 +++++
 .../ffmpeg/ffmpeg/CVE-2024-35368.patch        |  41 +++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |   3 +
 17 files changed, 612 insertions(+), 30 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc/0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch
 delete mode 100644 meta/recipes-devtools/python/python3/0001-gh-114492-Initialize-struct-termios-before-calling-t.patch
 create mode 100644 meta/recipes-devtools/rust/files/0001-cargo-do-not-write-host-information-into-compilation.patch
 create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
 create mode 100644 meta/recipes-kernel/kern-tools/files/0001-symbol_why-fix-SyntaxWarning-for-RegEx-calls-on-Pyth.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch

-- 
2.34.1

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of patches for scarthgap and have comments back by
end of day Friday, November 8

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/400

The following changes since commit bcd4e6d77dc7455a453e69b6d37769ec94cc02ad:

  lsb-release: fix Distro Codename shell escaping (2024-10-24 06:09:29 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Aditya Tayade (1):
  e2fsprogs: removed 'sed -u' option

Deepthi Hemraj (1):
  rust-llvm: Fix CVE-2024-0151

Hiago De Franco (1):
  weston: backport patch to allow neatvnc < v0.9.0

Martin Jansa (1):
  python3-lxml=v5.0.2

Peter Marko (3):
  cve-check: add support for cvss v4.0
  go: upgrade 1.22.6 -> 1.22.7
  go: upgrade 1.22.7 -> 1.22.8

Richard Purdie (1):
  cve_check: Use a local copy of the database during builds

Vijay Anusuri (1):
  xserver-xorg: upgrade 21.1.13 -> 21.1.14

Wang Mingyu (1):
  orc: upgrade 0.4.39 -> 0.4.40

 meta/classes/cve-check.bbclass                |   16 +-
 .../meta/cve-update-nvd2-native.bb            |   32 +-
 .../e2fsprogs/e2fsprogs/run-ptest             |    3 +-
 .../go/{go-1.22.6.inc => go-1.22.8.inc}       |    2 +-
 ...e_1.22.6.bb => go-binary-native_1.22.8.bb} |    6 +-
 ..._1.22.6.bb => go-cross-canadian_1.22.8.bb} |    0
 ...{go-cross_1.22.6.bb => go-cross_1.22.8.bb} |    0
 ...osssdk_1.22.6.bb => go-crosssdk_1.22.8.bb} |    0
 ...runtime_1.22.6.bb => go-runtime_1.22.8.bb} |    0
 .../go/{go_1.22.6.bb => go_1.22.8.bb}         |    0
 .../orc/{orc_0.4.39.bb => orc_0.4.40.bb}      |    2 +-
 ...n3-lxml_5.0.0.bb => python3-lxml_5.0.2.bb} |    3 +-
 .../0004-llvm-Fix-CVE-2024-0151.patch         | 1086 +++++++++++++++++
 .../recipes-devtools/rust/rust-llvm_1.75.0.bb |    3 +-
 ...1-vnc-Allow-neatvnc-in-version-0.8.0.patch |   27 +
 .../recipes-graphics/wayland/weston_13.0.1.bb |    1 +
 ...org_21.1.13.bb => xserver-xorg_21.1.14.bb} |    2 +-
 17 files changed, 1158 insertions(+), 25 deletions(-)
 rename meta/recipes-devtools/go/{go-1.22.6.inc => go-1.22.8.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.6.bb => go-binary-native_1.22.8.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.6.bb => go-cross-canadian_1.22.8.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.6.bb => go-cross_1.22.8.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.6.bb => go-crosssdk_1.22.8.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.6.bb => go-runtime_1.22.8.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.6.bb => go_1.22.8.bb} (100%)
 rename meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} (92%)
 rename meta/recipes-devtools/python/{python3-lxml_5.0.0.bb => python3-lxml_5.0.2.bb} (94%)
 create mode 100644 meta/recipes-devtools/rust/rust-llvm/0004-llvm-Fix-CVE-2024-0151.patch
 create mode 100644 meta/recipes-graphics/wayland/weston/0001-vnc-Allow-neatvnc-in-version-0.8.0.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.13.bb => xserver-xorg_21.1.14.bb} (92%)

-- 
2.34.1

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, October 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7374

The following changes since commit 3d894863f442188bad446095bd7fdd82665bb54b:

  makedevs: Fix issue when rootdir of / is given (2024-09-28 05:21:51 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Deepesh Varatharajan (1):
  glibc: stable 2.39 branch updates.

Hitendra Prajapati (1):
  webkitgtk: upgrade 2.44.1 -> 2.44.3

Khem Raj (2):
  gnupg: Document CVE-2022-3219 and mark wontfix
  openssh: Mark CVE-2023-51767 as wont-fix

Martin Jansa (2):
  populate_sdk_base: inherit nopackages
  meta-world-pkgdata: Inherit nopackages

Peter Marko (3):
  wpa-supplicant: Ignore CVE-2024-5290
  wpa-supplicant: Patch CVE-2024-3596
  wpa-supplicant: Patch security advisory 2024-2

Wang Mingyu (1):
  cryptodev: upgrade 1.13 -> 1.14

 meta/classes-recipe/populate_sdk_base.bbclass |   2 +-
 .../openssh/openssh_9.6p1.bb                  |   1 +
 ...valid-Rejected-Groups-element-length.patch |  52 ++++++
 ...valid-Rejected-Groups-element-length.patch |  50 ++++++
 ...id-Rejected-Groups-element-in-the-pa.patch |  38 ++++
 .../wpa-supplicant/CVE-2024-3596_00.patch     |  82 +++++++++
 .../wpa-supplicant/CVE-2024-3596_01.patch     | 165 ++++++++++++++++++
 .../wpa-supplicant/CVE-2024-3596_02.patch     |  62 +++++++
 .../wpa-supplicant/CVE-2024-3596_03.patch     |  37 ++++
 .../wpa-supplicant/CVE-2024-3596_04.patch     |  52 ++++++
 .../wpa-supplicant/CVE-2024-3596_05.patch     |  51 ++++++
 .../wpa-supplicant/CVE-2024-3596_06.patch     |  46 +++++
 .../wpa-supplicant/CVE-2024-3596_07.patch     |  67 +++++++
 .../wpa-supplicant/CVE-2024-3596_08.patch     |  47 +++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |  14 ++
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 meta/recipes-core/meta/meta-world-pkgdata.bb  |   1 +
 ...-linux_1.13.bb => cryptodev-linux_1.14.bb} |   0
 ...odule_1.13.bb => cryptodev-module_1.14.bb} |   3 -
 ...-tests_1.13.bb => cryptodev-tests_1.14.bb} |   4 -
 meta/recipes-kernel/cryptodev/cryptodev.inc   |   4 +-
 ...ng-header-file-provided-by-another-p.patch |  25 ---
 ...001-tests-Makefile-do-not-use-Werror.patch |  25 ---
 ...able-to-control-macro-__PAS_ALWAYS_I.patch |   6 +-
 ...spection.cmake-prefix-variables-obta.patch |   2 +-
 ...fic-declarations-in-FELighting.h-unn.patch |  44 -----
 ...icDowncast-adoption-in-platform-code.patch |  65 -------
 ...d5e22213fdaca2a29ec3400c927d710a37a8.patch |   2 +-
 .../webkit/webkitgtk/no-musttail-arm.patch    |   6 +-
 .../webkit/webkitgtk/reproducibility.patch    |   2 +-
 .../webkit/webkitgtk/t6-not-declared.patch    |  12 +-
 ...ebkitgtk_2.44.1.bb => webkitgtk_2.44.3.bb} |   6 +-
 meta/recipes-support/gnupg/gnupg_2.4.4.bb     |   1 +
 33 files changed, 786 insertions(+), 190 deletions(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
 rename meta/recipes-kernel/cryptodev/{cryptodev-linux_1.13.bb => cryptodev-linux_1.14.bb} (100%)
 rename meta/recipes-kernel/cryptodev/{cryptodev-module_1.13.bb => cryptodev-module_1.14.bb} (74%)
 rename meta/recipes-kernel/cryptodev/{cryptodev-tests_1.13.bb => cryptodev-tests_1.14.bb} (74%)
 delete mode 100644 meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
 delete mode 100644 meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.44.1.bb => webkitgtk_2.44.3.bb} (96%)

-- 
2.34.1

Re: [OE-core][scarthgap 00/10] Patch review

[Khem Raj]

series looks ok to me.

On Sun, Oct 6, 2024 at 6:55 PM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> Please review this set of changes for scarthgap and have comments back by
> end of day Tuesday, October 8
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7374
>
> The following changes since commit 3d894863f442188bad446095bd7fdd82665bb54b:
>
>   makedevs: Fix issue when rootdir of / is given (2024-09-28 05:21:51 -0700)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
>   https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
>
> Deepesh Varatharajan (1):
>   glibc: stable 2.39 branch updates.
>
> Hitendra Prajapati (1):
>   webkitgtk: upgrade 2.44.1 -> 2.44.3
>
> Khem Raj (2):
>   gnupg: Document CVE-2022-3219 and mark wontfix
>   openssh: Mark CVE-2023-51767 as wont-fix
>
> Martin Jansa (2):
>   populate_sdk_base: inherit nopackages
>   meta-world-pkgdata: Inherit nopackages
>
> Peter Marko (3):
>   wpa-supplicant: Ignore CVE-2024-5290
>   wpa-supplicant: Patch CVE-2024-3596
>   wpa-supplicant: Patch security advisory 2024-2
>
> Wang Mingyu (1):
>   cryptodev: upgrade 1.13 -> 1.14
>
>  meta/classes-recipe/populate_sdk_base.bbclass |   2 +-
>  .../openssh/openssh_9.6p1.bb                  |   1 +
>  ...valid-Rejected-Groups-element-length.patch |  52 ++++++
>  ...valid-Rejected-Groups-element-length.patch |  50 ++++++
>  ...id-Rejected-Groups-element-in-the-pa.patch |  38 ++++
>  .../wpa-supplicant/CVE-2024-3596_00.patch     |  82 +++++++++
>  .../wpa-supplicant/CVE-2024-3596_01.patch     | 165 ++++++++++++++++++
>  .../wpa-supplicant/CVE-2024-3596_02.patch     |  62 +++++++
>  .../wpa-supplicant/CVE-2024-3596_03.patch     |  37 ++++
>  .../wpa-supplicant/CVE-2024-3596_04.patch     |  52 ++++++
>  .../wpa-supplicant/CVE-2024-3596_05.patch     |  51 ++++++
>  .../wpa-supplicant/CVE-2024-3596_06.patch     |  46 +++++
>  .../wpa-supplicant/CVE-2024-3596_07.patch     |  67 +++++++
>  .../wpa-supplicant/CVE-2024-3596_08.patch     |  47 +++++
>  .../wpa-supplicant/wpa-supplicant_2.10.bb     |  14 ++
>  meta/recipes-core/glibc/glibc-version.inc     |   2 +-
>  meta/recipes-core/meta/meta-world-pkgdata.bb  |   1 +
>  ...-linux_1.13.bb => cryptodev-linux_1.14.bb} |   0
>  ...odule_1.13.bb => cryptodev-module_1.14.bb} |   3 -
>  ...-tests_1.13.bb => cryptodev-tests_1.14.bb} |   4 -
>  meta/recipes-kernel/cryptodev/cryptodev.inc   |   4 +-
>  ...ng-header-file-provided-by-another-p.patch |  25 ---
>  ...001-tests-Makefile-do-not-use-Werror.patch |  25 ---
>  ...able-to-control-macro-__PAS_ALWAYS_I.patch |   6 +-
>  ...spection.cmake-prefix-variables-obta.patch |   2 +-
>  ...fic-declarations-in-FELighting.h-unn.patch |  44 -----
>  ...icDowncast-adoption-in-platform-code.patch |  65 -------
>  ...d5e22213fdaca2a29ec3400c927d710a37a8.patch |   2 +-
>  .../webkit/webkitgtk/no-musttail-arm.patch    |   6 +-
>  .../webkit/webkitgtk/reproducibility.patch    |   2 +-
>  .../webkit/webkitgtk/t6-not-declared.patch    |  12 +-
>  ...ebkitgtk_2.44.1.bb => webkitgtk_2.44.3.bb} |   6 +-
>  meta/recipes-support/gnupg/gnupg_2.4.4.bb     |   1 +
>  33 files changed, 786 insertions(+), 190 deletions(-)
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
>  create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
>  rename meta/recipes-kernel/cryptodev/{cryptodev-linux_1.13.bb => cryptodev-linux_1.14.bb} (100%)
>  rename meta/recipes-kernel/cryptodev/{cryptodev-module_1.13.bb => cryptodev-module_1.14.bb} (74%)
>  rename meta/recipes-kernel/cryptodev/{cryptodev-tests_1.13.bb => cryptodev-tests_1.14.bb} (74%)
>  delete mode 100644 meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
>  delete mode 100644 meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch
>  delete mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
>  delete mode 100644 meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
>  rename meta/recipes-sato/webkit/{webkitgtk_2.44.1.bb => webkitgtk_2.44.3.bb} (96%)
>
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#205248): https://lists.openembedded.org/g/openembedded-core/message/205248
> Mute This Topic: https://lists.openembedded.org/mt/108861069/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

[OE-core][scarthgap 00/10] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, June 13.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7024

The following changes since commit a3f5ac9f9fee2c8e10fec7c3f758e49513fef724:

  git: set --with-gitconfig=/etc/gitconfig for -native builds (2024-05-31 14:02:17 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Deepthi Hemraj (1):
  gcc : upgrade to v13.3

Lei Maohui (1):
  run-postinsts.service: Removed --no-reload to fix reload warning when
    users execute systemctl in the first boot.

Mark Hatle (1):
  binutils: Fix aarch64 disassembly abort

Martin Hundeb?ll (1):
  classes: image_types: quote variable assignment needed by dash

Robert Joslyn (1):
  libgloss: Do not apply non-existent patch

Ross Burton (1):
  gdk-pixbuf: upgrade 2.42.11 -> 2.42.12

Siddharth (1):
  openssl: Upgrade 3.2.1 -> 3.2.2

Soumya Sambu (2):
  util-linux: Fix CVE-2024-28085
  git: upgrade 2.44.0 -> 2.44.1

Wang Mingyu (1):
  gdk-pixbuf: upgrade 2.42.10 -> 2.42.11

 meta/classes-recipe/image_types.bbclass       |    2 +-
 meta/conf/distro/include/maintainers.inc      |    2 +-
 .../openssl/openssl/CVE-2024-2511.patch       |  120 -
 .../openssl/openssl/CVE-2024-4603.patch       |  179 -
 .../openssl/openssl/bti.patch                 |   58 -
 .../{openssl_3.2.1.bb => openssl_3.2.2.bb}    |    5 +-
 meta/recipes-core/newlib/libgloss_git.bb      |    1 -
 meta/recipes-core/util-linux/util-linux.inc   |    2 +
 .../util-linux/CVE-2024-28085-0001.patch      |   36 +
 .../util-linux/CVE-2024-28085-0002.patch      |   34 +
 .../binutils/binutils-2.42.inc                |    1 +
 ...sserts-from-operand-qualifier-decode.patch |  382 ++
 .../gcc/{gcc-13.2.inc => gcc-13.3.inc}        |    9 +-
 ...ian_13.2.bb => gcc-cross-canadian_13.3.bb} |    0
 .../{gcc-cross_13.2.bb => gcc-cross_13.3.bb}  |    0
 ...-crosssdk_13.2.bb => gcc-crosssdk_13.3.bb} |    0
 ...cc-runtime_13.2.bb => gcc-runtime_13.3.bb} |    0
 ...itizers_13.2.bb => gcc-sanitizers_13.3.bb} |    0
 ...{gcc-source_13.2.bb => gcc-source_13.3.bb} |    0
 ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch |    9 +-
 ...ch64-Fix-loose-ldpstp-check-PR111411.patch |  117 -
 .../gcc/gcc/CVE-2023-4039.patch               | 3093 -----------------
 .../gcc/gcc/CVE-2024-0151.patch               |  315 --
 .../gcc/{gcc_13.2.bb => gcc_13.3.bb}          |    0
 ...initial_13.2.bb => libgcc-initial_13.3.bb} |    0
 .../gcc/{libgcc_13.2.bb => libgcc_13.3.bb}    |    0
 ...ibgfortran_13.2.bb => libgfortran_13.3.bb} |    0
 .../git/{git_2.44.0.bb => git_2.44.1.bb}      |    2 +-
 .../run-postinsts/run-postinsts.service       |    2 +-
 ...w-a-subset-of-tests-in-cross-compile.patch |   10 +-
 .../gdk-pixbuf/gdk-pixbuf/fatal-loader.patch  |    7 +-
 ...ixbuf_2.42.10.bb => gdk-pixbuf_2.42.12.bb} |    2 +-
 32 files changed, 479 insertions(+), 3909 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/bti.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.2.1.bb => openssl_3.2.2.bb} (97%)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0016-aarch64-Remove-asserts-from-operand-qualifier-decode.patch
 rename meta/recipes-devtools/gcc/{gcc-13.2.inc => gcc-13.3.inc} (94%)
 rename meta/recipes-devtools/gcc/{gcc-cross-canadian_13.2.bb => gcc-cross-canadian_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-cross_13.2.bb => gcc-cross_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-crosssdk_13.2.bb => gcc-crosssdk_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-runtime_13.2.bb => gcc-runtime_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-sanitizers_13.2.bb => gcc-sanitizers_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-source_13.2.bb => gcc-source_13.3.bb} (100%)
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch
 rename meta/recipes-devtools/gcc/{gcc_13.2.bb => gcc_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc-initial_13.2.bb => libgcc-initial_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc_13.2.bb => libgcc_13.3.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgfortran_13.2.bb => libgfortran_13.3.bb} (100%)
 rename meta/recipes-devtools/git/{git_2.44.0.bb => git_2.44.1.bb} (98%)
 rename meta/recipes-gnome/gdk-pixbuf/{gdk-pixbuf_2.42.10.bb => gdk-pixbuf_2.42.12.bb} (98%)

-- 
2.34.1