[OE-core][dunfell 0/7] Patch review

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

Passed a-full on autobuilder (other than 500 server error posting report for qemumips-alt):

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1265

The following changes since commit b95d6aeafb70765e22d2e1254e749a48f508d489:

  uninative: Handle PREMIRRORS generically (2020-08-09 09:26:54 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (3):
  linux-yocto-rt/5.4: update to rt32
  linux-yocto/5.4: update to v5.4.56
  linux-yocto/5.4: update to v5.4.57

Khem Raj (4):
  glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
  gcc-9.3.inc: Mark CVE-2019-15847 as fixed
  go: update 1.14.4 -> 1.14.6
  go: Upgrade to 1.14.7

 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/0016-Add-unused-attribute.patch     |  31 ---
 .../glibc/glibc/CVE-2020-6096.patch           | 112 ----------
 .../glibc/glibc/CVE-2020-6096_2.patch         | 194 ------------------
 meta/recipes-core/glibc/glibc_2.31.bb         |   5 +-
 meta/recipes-devtools/gcc/gcc-9.3.inc         |   2 +
 meta/recipes-devtools/go/go-1.14.inc          |   5 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 10 files changed, 24 insertions(+), 363 deletions(-)
 delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch

-- 
2.17.1

[OE-core][dunfell 1/7] glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Drop 0016-Add-unused-attribute.patch since its fixed by Rewrite iconv
option parsing [BZ #19519] [1]

Upgrade to latest on 2.31 branch which brings following bug fixes

* 6fdf971c9db (origin/release/2.31/master) Add NEWS entry for CVE-2016-10228 (bug 19519)
* 70d585151c0 Rewrite iconv option parsing [BZ #19519]
* 1c8efe848bf powerpc: Fix incorrect cache line size load in memset (bug 26332)
* 7611339a9b5 nptl: Zero-extend arguments to SETXID syscalls [BZ #26248]
* 21b760cc2fa Disable warnings due to deprecated libselinux symbols used by nss and nscd
* 6f3459f9859 Add NEWS entry for CVE-2020-6096 (bug 25620)
* 64246fccafc arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
* 9bbd2b61729 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
* 4e8a33a9590 NEWS: Mention BZ 25933 fix
* fd15ba932d2 Fix avx2 strncmp offset compare condition check [BZ #25933]
* 3a44844c97a nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
* c8391752678 aarch64: fix strcpy and strnlen for big-endian [BZ #25824]
* 10947412240 aarch64: Accept PLT calls to __getauxval within libc.so
* a98b8b221cf NEWS: Mention fixes for BZ 25810/25896/25902/25966
* 4c833bbebe3 x86-64: Use RDX_LP on __x86_shared_non_temporal_threshold [BZ #25966]
* 3b9ceb33204 NEWS: Mention bug 25639 fixed in 2.31 branch
* bb44fe7711a oc_FR locale: Fix spelling of April (bug 25639)
* f2ac7920474 oc_FR locale: Fix spelling of Thursday (bug 25639)
* 18fdba553dd Add a C wrapper for prctl [BZ #25896]
* 7c9e054afdd powerpc: Rename argN to _argN in LOADARGS_N [BZ #25902]
* 9c5ae39a644 Add C wrappers for process_vm_readv/process_vm_writev [BZ #25810]
* 63c3696a4ac Mark unsigned long arguments with U in more syscalls [BZ #25810]
* 5b9d49293b7 Add a syscall test for [BZ #25810]
* 496b5963a75 Add SYSCALL_ULONG_ARG_[12] to pass long to syscall [BZ #25810]
* 04330f85263 x32: Properly pass long to syscall [BZ #25810]
* de371d1581f Fix build with GCC 10 when long double = double.
* ece4e11d55d Add new file missed in previous hppa commit.
* 91b909315c4 Fix data race in setting function descriptors during lazy binding on hppa.
* b999c0098ae nios2: delete sysdeps/unix/sysv/linux/nios2/kernel-features.h
* 54ba2541b3a mips: Fix bracktrace result for signal frames
* 83d3eec6728 stdlib: Move tst-system to tests-container
* ad9b0037ccc support/shell-container.c: Add builtin kill
* 2448ba1d724 support/shell-container.c: Add builtin exit
* 5810e6d75ff support/shell-container.c: Return 127 if execve fails
* d39fb022c26 Add NEWS entry for CVE-2020-1751 (bug 25423)
* 46bbbd46223 posix: Fix system error return value [BZ #25715]
* 3937f6806d9 Add NEWS entry for CVE-2020-1752 (bug 25414)
* ab029a2801d Fix use-after-free in glob when expanding ~user (bug 25414)
* a3189fb15b4 Update syscall lists for Linux 5.5.
* 05c08d5aea9 NEWS: update list of bugs fixed on the 2.31 branch
* 123d48b33a5 Add NEWS entry for CVE-2020-10029 (bug 25487)
* 03f44ce0938 math/test-sinl-pseudo: Use stack protector only if available
* e85a88e00c1 sparc: Move sigreturn stub to assembly
* a9ae2062d57 arm: Fix softp-fp Implies (BZ #25635)
* da6ce60e3cb linux/sysipc: Include linux/posix_types.h for __kernel_mode_t
* 9db2970506c linux: Clear mode_t padding bits (BZ#25623)
* 44f2c26ee4f i386: Use comdat instead of .gnu.linkonce for i386 setup pic register (BZ #20543)
* f2d95cf030f Improve IFUNC check [BZ #25506]
* 9f997ceca28 Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487).

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=70d585151c03ede999bd2ad5a724243914cb5f54

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/0016-Add-unused-attribute.patch     |  31 ---
 .../glibc/glibc/CVE-2020-6096.patch           | 112 ----------
 .../glibc/glibc/CVE-2020-6096_2.patch         | 194 ------------------
 meta/recipes-core/glibc/glibc_2.31.bb         |   5 +-
 5 files changed, 2 insertions(+), 342 deletions(-)
 delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index c2d68979eb..3bcd336de4 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.31/master"
 PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "109474122400ca7d60782b131dc867a5c1f2fe55"
+SRCREV_glibc ?= "6fdf971c9dbf7dac9bea552113fe4694015bbc4d"
 SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch b/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
deleted file mode 100644
index 574e7c3503..0000000000
--- a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c323125744020a29f79e50dc4d024b55c482eafc Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 18 Mar 2015 00:28:41 +0000
-Subject: [PATCH] Add unused attribute
-
-Helps in avoiding gcc warning when header is is included in
-a source file which does not use both functions
-
-        * iconv/gconv_charset.h (strip):
-        Add unused attribute.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Upstream-Status: Pending
----
- iconv/gconv_charset.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/iconv/gconv_charset.h b/iconv/gconv_charset.h
-index 348acc089b..fa92465d89 100644
---- a/iconv/gconv_charset.h
-+++ b/iconv/gconv_charset.h
-@@ -21,7 +21,7 @@
- #include <locale.h>
- 
- 
--static void
-+static void __attribute__ ((unused))
- strip (char *wp, const char *s)
- {
-   int slash_count = 0;
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
deleted file mode 100644
index 9c26f76432..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
-From: Alexander Anisimov <a.anisimov@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:31 +0200
-Subject: [PATCH] arm: CVE-2020-6096: Fix multiarch memcpy for negative length
- [BZ #25620]
-
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy.
-This commit fixes the armv7 version.
-
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #1
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- sysdeps/arm/armv7/multiarch/memcpy_impl.S | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-index bf4ac7077f..379bb56fc9 100644
---- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-+++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-@@ -268,7 +268,7 @@ ENTRY(memcpy)
- 
- 	mov	dst, dstin	/* Preserve dstin, we need to return it.  */
- 	cmp	count, #64
--	bge	.Lcpy_not_short
-+	bhs	.Lcpy_not_short
- 	/* Deal with small copies quickly by dropping straight into the
- 	   exit block.  */
- 
-@@ -351,10 +351,10 @@ ENTRY(memcpy)
- 
- 1:
- 	subs	tmp2, count, #64	/* Use tmp2 for count.  */
--	blt	.Ltail63aligned
-+	blo	.Ltail63aligned
- 
- 	cmp	tmp2, #512
--	bge	.Lcpy_body_long
-+	bhs	.Lcpy_body_long
- 
- .Lcpy_body_medium:			/* Count in tmp2.  */
- #ifdef USE_VFP
-@@ -378,7 +378,7 @@ ENTRY(memcpy)
- 	add	src, src, #64
- 	vstr	d1, [dst, #56]
- 	add	dst, dst, #64
--	bge	1b
-+	bhs	1b
- 	tst	tmp2, #0x3f
- 	beq	.Ldone
- 
-@@ -412,7 +412,7 @@ ENTRY(memcpy)
- 	ldrd	A_l, A_h, [src, #64]!
- 	strd	A_l, A_h, [dst, #64]!
- 	subs	tmp2, tmp2, #64
--	bge	1b
-+	bhs	1b
- 	tst	tmp2, #0x3f
- 	bne	1f
- 	ldr	tmp2,[sp], #FRAME_SIZE
-@@ -482,7 +482,7 @@ ENTRY(memcpy)
- 	add	src, src, #32
- 
- 	subs	tmp2, tmp2, #prefetch_lines * 64 * 2
--	blt	2f
-+	blo	2f
- 1:
- 	cpy_line_vfp	d3, 0
- 	cpy_line_vfp	d4, 64
-@@ -494,7 +494,7 @@ ENTRY(memcpy)
- 	add	dst, dst, #2 * 64
- 	add	src, src, #2 * 64
- 	subs	tmp2, tmp2, #prefetch_lines * 64
--	bge	1b
-+	bhs	1b
- 
- 2:
- 	cpy_tail_vfp	d3, 0
-@@ -615,8 +615,8 @@ ENTRY(memcpy)
- 1:
- 	pld	[src, #(3 * 64)]
- 	subs	count, count, #64
--	ldrmi	tmp2, [sp], #FRAME_SIZE
--	bmi	.Ltail63unaligned
-+	ldrlo	tmp2, [sp], #FRAME_SIZE
-+	blo	.Ltail63unaligned
- 	pld	[src, #(4 * 64)]
- 
- #ifdef USE_NEON
-@@ -633,7 +633,7 @@ ENTRY(memcpy)
- 	neon_load_multi d0-d3, src
- 	neon_load_multi d4-d7, src
- 	subs	count, count, #64
--	bmi	2f
-+	blo	2f
- 1:
- 	pld	[src, #(4 * 64)]
- 	neon_store_multi d0-d3, dst
-@@ -641,7 +641,7 @@ ENTRY(memcpy)
- 	neon_store_multi d4-d7, dst
- 	neon_load_multi d4-d7, src
- 	subs	count, count, #64
--	bpl	1b
-+	bhs	1b
- 2:
- 	neon_store_multi d0-d3, dst
- 	neon_store_multi d4-d7, dst
--- 
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
deleted file mode 100644
index 905e44c8e3..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
-From: Evgeny Eremin <e.eremin@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:19 +0200
-Subject: [PATCH] arm: CVE-2020-6096: fix memcpy and memmove for negative
- length [BZ #25620]
-
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy and memmove.
-This commit fixes the generic arm implementation of memcpy amd memmove.
-
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #2
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- sysdeps/arm/memcpy.S  | 24 ++++++++++--------------
- sysdeps/arm/memmove.S | 24 ++++++++++--------------
- 2 files changed, 20 insertions(+), 28 deletions(-)
-
-diff --git a/sysdeps/arm/memcpy.S b/sysdeps/arm/memcpy.S
-index 510e8adaf2..bcfbc51d99 100644
---- a/sysdeps/arm/memcpy.S
-+++ b/sysdeps/arm/memcpy.S
-@@ -68,7 +68,7 @@ ENTRY(memcpy)
- 		cfi_remember_state
- 
- 		subs	r2, r2, #4
--		blt	8f
-+		blo	8f
- 		ands	ip, r0, #3
- 	PLD(	pld	[r1, #0]		)
- 		bne	9f
-@@ -82,7 +82,7 @@ ENTRY(memcpy)
- 		cfi_rel_offset (r6, 4)
- 		cfi_rel_offset (r7, 8)
- 		cfi_rel_offset (r8, 12)
--		blt	5f
-+		blo	5f
- 
- 	CALGN(	ands	ip, r1, #31		)
- 	CALGN(	rsb	r3, ip, #32		)
-@@ -98,9 +98,9 @@ ENTRY(memcpy)
- #endif
- 
- 	PLD(	pld	[r1, #0]		)
--2:	PLD(	subs	r2, r2, #96		)
-+2:	PLD(	cmp	r2, #96			)
- 	PLD(	pld	[r1, #28]		)
--	PLD(	blt	4f			)
-+	PLD(	blo	4f			)
- 	PLD(	pld	[r1, #60]		)
- 	PLD(	pld	[r1, #92]		)
- 
-@@ -108,9 +108,7 @@ ENTRY(memcpy)
- 4:		ldmia	r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
- 		subs	r2, r2, #32
- 		stmia	r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
--		bge	3b
--	PLD(	cmn	r2, #96			)
--	PLD(	bge	4b			)
-+		bhs	3b
- 
- 5:		ands	ip, r2, #28
- 		rsb	ip, ip, #32
-@@ -222,7 +220,7 @@ ENTRY(memcpy)
- 		strbge	r4, [r0], #1
- 		subs	r2, r2, ip
- 		strb	lr, [r0], #1
--		blt	8b
-+		blo	8b
- 		ands	ip, r1, #3
- 		beq	1b
- 
-@@ -236,7 +234,7 @@ ENTRY(memcpy)
- 		.macro	forward_copy_shift pull push
- 
- 		subs	r2, r2, #28
--		blt	14f
-+		blo	14f
- 
- 	CALGN(	ands	ip, r1, #31		)
- 	CALGN(	rsb	ip, ip, #32		)
-@@ -253,9 +251,9 @@ ENTRY(memcpy)
- 		cfi_rel_offset (r10, 16)
- 
- 	PLD(	pld	[r1, #0]		)
--	PLD(	subs	r2, r2, #96		)
-+	PLD(	cmp	r2, #96			)
- 	PLD(	pld	[r1, #28]		)
--	PLD(	blt	13f			)
-+	PLD(	blo	13f			)
- 	PLD(	pld	[r1, #60]		)
- 	PLD(	pld	[r1, #92]		)
- 
-@@ -280,9 +278,7 @@ ENTRY(memcpy)
- 		mov	ip, ip, PULL #\pull
- 		orr	ip, ip, lr, PUSH #\push
- 		stmia	r0!, {r3, r4, r5, r6, r7, r8, r10, ip}
--		bge	12b
--	PLD(	cmn	r2, #96			)
--	PLD(	bge	13b			)
-+		bhs	12b
- 
- 		pop	{r5 - r8, r10}
- 		cfi_adjust_cfa_offset (-20)
-diff --git a/sysdeps/arm/memmove.S b/sysdeps/arm/memmove.S
-index 954037ef3a..0d07b76ee6 100644
---- a/sysdeps/arm/memmove.S
-+++ b/sysdeps/arm/memmove.S
-@@ -85,7 +85,7 @@ ENTRY(memmove)
- 		add	r1, r1, r2
- 		add	r0, r0, r2
- 		subs	r2, r2, #4
--		blt	8f
-+		blo	8f
- 		ands	ip, r0, #3
- 	PLD(	pld	[r1, #-4]		)
- 		bne	9f
-@@ -99,7 +99,7 @@ ENTRY(memmove)
- 		cfi_rel_offset (r6, 4)
- 		cfi_rel_offset (r7, 8)
- 		cfi_rel_offset (r8, 12)
--		blt	5f
-+		blo     5f
- 
- 	CALGN(	ands	ip, r1, #31		)
- 	CALGN(	sbcsne	r4, ip, r2		)  @ C is always set here
-@@ -114,9 +114,9 @@ ENTRY(memmove)
- #endif
- 
- 	PLD(	pld	[r1, #-4]		)
--2:	PLD(	subs	r2, r2, #96		)
-+2:	PLD(	cmp	r2, #96			)
- 	PLD(	pld	[r1, #-32]		)
--	PLD(	blt	4f			)
-+	PLD(    blo     4f                      )
- 	PLD(	pld	[r1, #-64]		)
- 	PLD(	pld	[r1, #-96]		)
- 
-@@ -124,9 +124,7 @@ ENTRY(memmove)
- 4:		ldmdb	r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
- 		subs	r2, r2, #32
- 		stmdb	r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
--		bge	3b
--	PLD(	cmn	r2, #96			)
--	PLD(	bge	4b			)
-+		bhs     3b
- 
- 5:		ands	ip, r2, #28
- 		rsb	ip, ip, #32
-@@ -237,7 +235,7 @@ ENTRY(memmove)
- 		strbge	r4, [r0, #-1]!
- 		subs	r2, r2, ip
- 		strb	lr, [r0, #-1]!
--		blt	8b
-+		blo	8b
- 		ands	ip, r1, #3
- 		beq	1b
- 
-@@ -251,7 +249,7 @@ ENTRY(memmove)
- 		.macro	backward_copy_shift push pull
- 
- 		subs	r2, r2, #28
--		blt	14f
-+		blo	14f
- 
- 	CALGN(	ands	ip, r1, #31		)
- 	CALGN(	rsb	ip, ip, #32		)
-@@ -268,9 +266,9 @@ ENTRY(memmove)
- 		cfi_rel_offset (r10, 16)
- 
- 	PLD(	pld	[r1, #-4]		)
--	PLD(	subs	r2, r2, #96		)
-+	PLD(	cmp	r2, #96			)
- 	PLD(	pld	[r1, #-32]		)
--	PLD(	blt	13f			)
-+	PLD(	blo	13f			)
- 	PLD(	pld	[r1, #-64]		)
- 	PLD(	pld	[r1, #-96]		)
- 
-@@ -295,9 +293,7 @@ ENTRY(memmove)
- 		mov     r4, r4, PUSH #\push
- 		orr     r4, r4, r3, PULL #\pull
- 		stmdb   r0!, {r4 - r8, r10, ip, lr}
--		bge	12b
--	PLD(	cmn	r2, #96			)
--	PLD(	bge	13b			)
-+		bhs	12b
- 
- 		pop	{r5 - r8, r10}
- 		cfi_adjust_cfa_offset (-20)
--- 
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index e8e11f5438..3d486fbb59 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,7 +1,7 @@
 require glibc.inc
 require glibc-version.inc
 
-CVE_CHECK_WHITELIST += "CVE-2020-10029"
+CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
 
 DEPENDS += "gperf-native bison-native make-native"
 
@@ -28,7 +28,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
            file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
            file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
-           file://0016-Add-unused-attribute.patch \
            file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
            file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
            file://0019-Remove-bash-dependency-for-nscd-init-script.patch \
@@ -42,8 +41,6 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
            file://0028-inject-file-assembly-directives.patch \
            file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
-           file://CVE-2020-6096.patch \
-           file://CVE-2020-6096_2.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
-- 
2.17.1

[OE-core][dunfell 2/7] gcc-9.3.inc: Mark CVE-2019-15847 as fixed

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

We do not have explicit patch to mark it and cve checker gets confused,
so help it out

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-9.3.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.3.inc
index b0411078d3..38dee001d4 100644
--- a/meta/recipes-devtools/gcc/gcc-9.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.3.inc
@@ -23,6 +23,8 @@ LIC_FILES_CHKSUM = "\
     file://COPYING.RUNTIME;md5=fe60d87048567d4fe8c8a0ed2448bcc8 \
 "
 
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
 BASEURI ?= "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.xz"
 #RELEASE ?= "5a5ca2d"
 #BASEURI ?= "https://repo.or.cz/official-gcc.git/snapshot/${RELEASE}.tar.gz;downloadfilename=gcc-${RELEASE}.tar.gz"
-- 
2.17.1

[OE-core][dunfell 3/7] go: update 1.14.4 -> 1.14.6

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Includes security Fixes for CVE-2020-14039 and CVE-2020-15586

(cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
(cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
(cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index c52593db6b..64c2768f7e 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.14"
-GO_MINOR = ".1"
+GO_MINOR = ".6"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -18,5 +18,4 @@ SRC_URI += "\
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
+SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
-- 
2.17.1

[OE-core][dunfell 4/7] go: Upgrade to 1.14.7

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

CVE_CHECK_WHITELIST += "CVE-2020-16845"

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91580c9d335e0fbee95f94be6f9b34298d3e9a48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.14.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 64c2768f7e..8f8ed89de8 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -1,7 +1,7 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.14"
-GO_MINOR = ".6"
+GO_MINOR = ".7"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -18,4 +18,4 @@ SRC_URI += "\
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
+SRC_URI[main.sha256sum] = "064392433563660c73186991c0a315787688e7c38a561e26647686f89b6c30e3"
-- 
2.17.1

[OE-core][dunfell 5/7] linux-yocto-rt/5.4: update to rt32

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Integrating the following commit(s) to linux-yocto/5.4:

    2739bdb0bfa0 Linux 5.4.54-rt32
    0124e412ea96 Linux 5.4.52-rt31
    d85676a72421 Linux 5.4.49-rt30
    72bbd8083a44 Linux 5.4.48-rt29

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b21783c173594e5dac3c437e290b26643382c2e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb   | 4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index ec0beeba76..6d3adb5dbd 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,8 +11,8 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "37478f8c6f336b271b26e783c14bcaf7fa8ca9a6"
-SRCREV_meta ?= "96883b38c16febfa10668d16fe08a5cdc3419872"
+SRCREV_machine ?= "2739bdb0bfa0d9b423ffa940150e539c80bc0bfd"
+SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 9881b09a9f..3cc8537973 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "58d322d637edd20fe24aadfdc0d621f63700c009"
 SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "96883b38c16febfa10668d16fe08a5cdc3419872"
+SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 3829748269..7904850317 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -21,7 +21,7 @@ SRCREV_machine_qemux86 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
 SRCREV_machine_qemux86-64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
 SRCREV_machine_qemumips64 ?= "3a515b583c3efc896cafa4f7f1e784456a360f8f"
 SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "96883b38c16febfa10668d16fe08a5cdc3419872"
+SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.17.1

[OE-core][dunfell 6/7] linux-yocto/5.4: update to v5.4.56

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    1b940bbc5c55 Linux 5.4.56
    df35e878d0a5 perf bench: Share some global variables to fix build with gcc 10
    702d1b287fd2 perf env: Do not return pointers to local variables
    73d2d6b421df perf tests bp_account: Make global variable static
    39568546706f x86/i8259: Use printk_deferred() to prevent deadlock
    01ac46c6baf0 KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
    fd412846a6ec KVM: arm64: Don't inherit exec permission across page-table levels
    1aff51292ee8 drivers/net/wan: lapb: Corrected the usage of skb_cow
    f88c909dc28c RISC-V: Set maximum number of mapped pages correctly
    e3043abb5baa xen-netfront: fix potential deadlock in xennet_remove()
    a7b488d65d39 cxgb4: add missing release on skb in uld_send()
    5f4e6b874b57 x86/stacktrace: Fix reliable check for empty user task stacks
    32344d2993b0 x86/unwind/orc: Fix ORC for newly forked tasks
    a14d6a9ddf33 Revert "i2c: cadence: Fix the hold bit setting"
    df366abb9c8f net: ethernet: ravb: exit if re-initialization fails in tx timeout
    ac7c3b8f34ec parisc: add support for cmpxchg on u8 pointers
    a0ba41317c89 scsi: core: Run queue in case of I/O resource contention failure
    0ac155dcf048 nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
    50c5f89637bc selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support
    78c7532b80c6 qed: Disable "MFW indication via attention" SPAM every 5 minutes
    6e4620df9cbc selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion
    5b235c1d9022 usb: hso: Fix debug compile warning on sparc32
    cac2b7ad0915 vxlan: fix memleak of fdb
    1df0000b30cd perf tools: Fix record failure when mixed with ARM SPE event
    568995fb61e7 net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
    e68b7b9b03fb net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe()
    1158aa743a0b net: nixge: fix potential memory leak in nixge_probe()
    9acd96f14a49 Bluetooth: fix kernel oops in store_pending_adv_report
    3bb2f52ad9e7 arm64: csum: Fix handling of bad packets
    8a90b436a0c9 arm64/alternatives: move length validation inside the subsection
    4a50753aacb5 mac80211: mesh: Free pending skb when destroying a mpath
    3f15e3e62c80 mac80211: mesh: Free ie data when leaving mesh
    fe58e3dd6e11 bpf: Fix map leak in HASH_OF_MAPS map
    43c390b751ba ibmvnic: Fix IRQ mapping disposal in error path
    ea559138b331 mlxsw: core: Free EMAD transactions using kfree_rcu()
    57f498ced731 mlxsw: core: Increase scope of RCU read-side critical section
    0f424eda4705 mlx4: disable device on shutdown
    c3883876d3f1 rhashtable: Fix unprotected RCU dereference in __rht_ptr
    b1d629d32910 net: lan78xx: fix transfer-buffer memory leak
    9db3040eb952 net: lan78xx: add missing endpoint sanity check
    32ec4441cca1 net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev
    475cbcef491a net/mlx5e: Modify uplink state on interface up/down
    43608372b84d net/mlx5: Verify Hardware supports requested ptp function on a given pin
    8901896f69d4 net/mlx5e: Fix error path of device attach
    00bedd730d1f net/mlx5: E-switch, Destroy TSAR when fail to enable the mode
    d70f9a3cc32c net: hns3: fix aRFS FD rules leftover after add a user FD rule
    475b8d619268 net: hns3: fix a TX timeout issue
    5fc02e8d1bfd sh: Fix validation of system call number
    2f2674997dfb sh/tlb: Fix PGTABLE_LEVELS > 2
    222dbeca05fb selftests/net: so_txtime: fix clang issues for target arch PowerPC
    d817b2c8d3cf selftests/net: psock_fanout: fix clang issues for target arch PowerPC
    22f84cce9527 selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
    831c904a0f68 nvme-tcp: fix possible hang waiting for icresp response
    9a1d0084cbe1 ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds
    731e013e33b3 xfrm: Fix crash when the hold queue is used.
    a4c902887f1d ARM: dts sunxi: Relax a bit the CMA pool allocation range
    0307da686660 xfrm: policy: match with both mark and mask on user interfaces
    bbb13adb07af net/x25: Fix null-ptr-deref in x25_disconnect
    69cd304cfa5c net/x25: Fix x25_neigh refcnt leak when x25 disconnect
    c2fd34d43110 libtraceevent: Fix build with binutils 2.35
    2ec69499b758 rds: Prevent kernel-infoleak in rds_notify_queue_get()
    6a9428427da1 drm: hold gem reference until object is no longer accessed
    7eef3b463d88 drm/dbi: Fix SPI Type 1 (9-bit) transfer
    8ea180f1c7ec drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
    f1b4bdde2bdc drm/amd/display: Clear dm_state for fast updates
    22d3202e51a7 Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
    cea6633d5382 virtio_balloon: fix up endian-ness for free cmd id
    c2f787f904e0 ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect
    b9274613114a ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2
    c4738c67a569 ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2
    3b7e4a5ba95d ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
    b8fa0b037047 wireless: Use offsetof instead of custom macro.
    d3472f74d229 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
    96f105943cff vhost/scsi: fix up req type endian-ness
    951117a2079b IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE
    dc731d262811 ALSA: hda/hdmi: Fix keep_power assignment for non-component devices
    6a67b05c6f30 ALSA: hda/realtek - Fixed HP right speaker no sound
    09832a9e0b76 ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256)
    e9f147c937a5 ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289
    cd76d30f51fb ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289
    6d84a8cf8a02 ALSA: usb-audio: Add implicit feedback quirk for SSL2
    47e20933814f mm/filemap.c: don't bother dropping mmap_sem for zero size readahead
    140210554274 PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    2ff65580d477 ath10k: enable transmit data ack RSSI for QCA9884
    98cef10fbcca sunrpc: check that domain table is empty at module unload.
    84da97713b91 media: rc: prevent memory leak in cx23888_ir_probe
    ecfa7fa198fc crypto: ccp - Release all allocated memory if sha type is invalid
    169b93899c7d Linux 5.4.55
    909dbf09cd01 Revert "dpaa_eth: fix usage as DSA master, try 3"
    4918285a6c7d PM: wakeup: Show statistics for deleted wakeup sources again
    59242fa1d2ba regmap: debugfs: check count when read regmap file
    df89c1ee034c udp: Improve load balancing for SO_REUSEPORT.
    6735c126d272 udp: Copy has_conns in reuseport_grow().
    86512c6938a9 sctp: shrink stream outq when fails to do addstream reconf
    46e7c7efc30d sctp: shrink stream outq only when new outcnt < old outcnt
    bbf6af4a938a AX.25: Prevent integer overflows in connect and sendmsg
    182ffc66456b tcp: allow at most one TLP probe per flight
    e2f904fd79a0 rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
    01c928350641 rtnetlink: Fix memory(net_device) leak when ->newlink fails
    b7d3d6df72a8 qrtr: orphan socket in qrtr_release()
    2bf797a8691a net: udp: Fix wrong clean up for IS_UDPLITE macro
    274b40b6df6c net-sysfs: add a newline when printing 'tx_timeout' by sysfs
    8d9f13dd400c ip6_gre: fix null-ptr-deref in ip6gre_init_net()
    fbcd85cd11de drivers/net/wan/x25_asy: Fix to make it work
    d109acd58052 dev: Defer free of skbs in flush_backlog
    52aeeec1a635 AX.25: Prevent out-of-bounds read in ax25_sendmsg()
    2f1624faf647 AX.25: Fix out-of-bounds read in ax25_connect()

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a9b3ecf377a1c01979311dc7082c401c957ca6ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 6d3adb5dbd..56f6c2462a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "2739bdb0bfa0d9b423ffa940150e539c80bc0bfd"
-SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
+SRCREV_machine ?= "de6b368e4875392d9dc0342a0991f74285e4955d"
+SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.54"
+LINUX_VERSION ?= "5.4.56"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 3cc8537973..4aeb560f2a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.54"
+LINUX_VERSION ?= "5.4.56"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "58d322d637edd20fe24aadfdc0d621f63700c009"
-SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
+SRCREV_machine_qemuarm ?= "0f2bcc4968dd118d71c06c59f3159b8fd0eafbe9"
+SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 7904850317..8874c40623 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "84e270de836971e9fec8e6acbe06f8a2e1405916"
-SRCREV_machine_qemuarm64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemumips ?= "f418fa62aec041e4c3b5c28df853a8c636fa2f62"
-SRCREV_machine_qemuppc ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemuriscv64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemux86 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemux86-64 ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_machine_qemumips64 ?= "3a515b583c3efc896cafa4f7f1e784456a360f8f"
-SRCREV_machine ?= "9fc2fb2e73466a520ee9a3c48b3ca2f5b21415dc"
-SRCREV_meta ?= "ab5ecb9b0e0afbc0ba3502405f4e3d4e7d170fac"
+SRCREV_machine_qemuarm ?= "078735bf2317d85576c7d144b867c13c02dfc317"
+SRCREV_machine_qemuarm64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemumips ?= "7db7c284d5a9fb3a19d3c0ee1218be340cd48506"
+SRCREV_machine_qemuppc ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemuriscv64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemux86 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemux86-64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_machine_qemumips64 ?= "dce45211b696761c4cef078eb682f278ea38a72b"
+SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
+SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.54"
+LINUX_VERSION ?= "5.4.56"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.17.1

[OE-core][dunfell 7/7] linux-yocto/5.4: update to v5.4.57

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    d9939285fc81 Linux 5.4.57
    ca7ace8fd26d bpf: sockmap: Require attach_bpf_fd when detaching a program
    9fe975acb53f selftests: bpf: Fix detach from sockmap tests
    c77610435355 ext4: fix direct I/O read error
    6330b0cb2ace arm64: Workaround circular dependency in pointer_auth.h
    f06d60ff794a random32: move the pseudo-random 32-bit definitions to prandom.h
    c131009987f2 random32: remove net_rand_state from the latent entropy gcc plugin
    7471f3228e7a random: fix circular include dependency on arm64 after addition of percpu.h
    50bf89625bba ARM: percpu.h: fix build error
    c15a77bdda2c random32: update the net random state on interrupt and activity

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00ea26a7e535c70998a5b9228185403e3f440042)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 56f6c2462a..24cc5353e3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "de6b368e4875392d9dc0342a0991f74285e4955d"
-SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
+SRCREV_machine ?= "9b7e1eef068382c132768964ccac22d35ac05d7b"
+SRCREV_meta ?= "4aeda12f7f7eb84613ae1fe6e22cd9cd9790c20b"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.56"
+LINUX_VERSION ?= "5.4.57"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 4aeb560f2a..c4bdfd61b1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.56"
+LINUX_VERSION ?= "5.4.57"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "0f2bcc4968dd118d71c06c59f3159b8fd0eafbe9"
-SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
+SRCREV_machine_qemuarm ?= "afcbe2154b65d2ab1da70eaf38388b3c64366f8f"
+SRCREV_machine ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_meta ?= "4aeda12f7f7eb84613ae1fe6e22cd9cd9790c20b"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 8874c40623..8014d2ec29 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "078735bf2317d85576c7d144b867c13c02dfc317"
-SRCREV_machine_qemuarm64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemumips ?= "7db7c284d5a9fb3a19d3c0ee1218be340cd48506"
-SRCREV_machine_qemuppc ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemuriscv64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemux86 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemux86-64 ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_machine_qemumips64 ?= "dce45211b696761c4cef078eb682f278ea38a72b"
-SRCREV_machine ?= "eaeb8b7e17aaf93a3b727a51731b1c9a3916009f"
-SRCREV_meta ?= "33bd5e8ac6fa46d5d7891b6e850603159f095b1a"
+SRCREV_machine_qemuarm ?= "69c2cb15ed433d0c54548167b771aa86edf731b0"
+SRCREV_machine_qemuarm64 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemumips ?= "f0d91ff7f58bb7b6e6676abce3b2e56d8031c7a5"
+SRCREV_machine_qemuppc ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemuriscv64 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemux86 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemux86-64 ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_machine_qemumips64 ?= "053475d8f61a47f2aa66f2be0ca6c668a73ff784"
+SRCREV_machine ?= "d3100abbe1a46aeefdf62d6a31fed31e94b9537d"
+SRCREV_meta ?= "4aeda12f7f7eb84613ae1fe6e22cd9cd9790c20b"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.56"
+LINUX_VERSION ?= "5.4.57"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.17.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Monday.

The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:

  cve-check: avoid FileNotFoundError if no do_cve_check task has run (2020-09-14 04:26:37 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Christophe GUIBOUT (1):
  initramfs-framework: support kernel cmdline with double quotes

Geoff Parker (1):
  systemd-serialgetty: Replace sed quoting using ' with " to allow var
    expansion

Khem Raj (1):
  populate_sdk_ext: Do not assume local.conf will always exist

Michael Gloff (1):
  sysvinit: Remove ${B} assignment

Pierre-Jean Texier (1):
  libubootenv: upgrade 0.3 -> 0.3.1

Rahul Kumar (1):
  systemd-serialgetty: Fix sed expression quoting

Steve Sakoman (1):
  Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"

 meta/classes/kernel.bbclass                         |  2 +-
 meta/classes/populate_sdk_ext.bbclass               |  5 +++--
 .../{libubootenv_0.3.bb => libubootenv_0.3.1.bb}    |  2 +-
 .../initrdscripts/initramfs-framework/init          | 13 +++++++++++++
 meta/recipes-core/systemd/systemd-serialgetty.bb    |  4 ++--
 meta/recipes-core/sysvinit/sysvinit_2.96.bb         |  1 -
 6 files changed, 20 insertions(+), 7 deletions(-)
 rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)

-- 
2.17.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2350

The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:

  report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Andrej Valek (1):
  busybox: add tmpdir option into mktemp applet

Richard Purdie (3):
  pseudo: Add uninative configuration sanity check
  pseudo: Update to latest version including statx fix
  sstate: Drop pseudo exclusion

Steve Sakoman (3):
  bluez: fix CVE-2021-3588
  gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
  gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed

 meta/classes/sstate.bbclass                   |  2 -
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/CVE-2021-3588.patch         | 34 ++++++++
 .../0001-mktemp-add-tmpdir-option.patch       | 81 +++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |  1 +
 meta/recipes-devtools/pseudo/pseudo.inc       | 13 +++
 meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
 .../gstreamer1.0-plugins-base_1.16.3.bb       |  4 +
 .../gstreamer1.0-plugins-good_1.16.3.bb       |  5 ++
 9 files changed, 140 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch

-- 
2.25.1

Re: [OE-core][dunfell 0/7] Patch review

[Andrej Valek]

Hello Steve,

Busybox patch looks fine.

Cheers,
Andrej

> Please review this next set of patches for dunfell and have comments back by end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F83%2Fbuilds%2F2350&data=04%7C01%7Candrej.valek%40siemens.com%> 7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHIY6jrIIjgQrMFGZI5aGHjaqK4A5Y17uptGKbI%2ByXQ%3D&reserved=0
>
> The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
>
>   report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
>
> are available in the Git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
>   https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcgit.openembedded.org%2Fopenembedded-core-contrib%2Flog%2F%3Fh%3Dstable%2Fdunfell-nut&data=04%7C01%7Candrej.valek%40siemens.com%7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RqxpOBjsL%2B6GJnZwWtQ7KHLi%2FAcp1A0KZza9ow9p%2FPc%3D&reserved=0

> Andrej Valek (1):
>   busybox: add tmpdir option into mktemp applet
>
> Richard Purdie (3):
>   pseudo: Add uninative configuration sanity check
>   pseudo: Update to latest version including statx fix
>   sstate: Drop pseudo exclusion
>
> Steve Sakoman (3):
>   bluez: fix CVE-2021-3588
>   gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
>   gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
>
>  meta/classes/sstate.bbclass                   |  2 -
>  meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
>  .../bluez5/bluez5/CVE-2021-3588.patch         | 34 ++++++++
>  .../0001-mktemp-add-tmpdir-option.patch       | 81 +++++++++++++++++++
>  meta/recipes-core/busybox/busybox_1.31.1.bb   |  1 +
>  meta/recipes-devtools/pseudo/pseudo.inc       | 13 +++
>  meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
>  .../gstreamer1.0-plugins-base_1.16.3.bb       |  4 +
>  .../gstreamer1.0-plugins-good_1.16.3.bb       |  5 ++
>  9 files changed, 140 insertions(+), 3 deletions(-)  create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-> 2021-3588.patch
>  create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
>
> --
> 2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3445

The following changes since commit da5cba5ec56cc437ede46d8aa71219a2a34cbe9e:

  oeqa/selftest/tinfoil: Fix intermittent event loss issue in test (2022-03-26 16:25:24 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve Sakoman (7):
  util-linux: fix CVE-2022-0563
  xserver-xorg: update to 1.20.9
  xserver-xorg: update to 1.20.10
  xserver-xorg: update to 1.20.11
  xserver-xorg: update to 1.20.12
  xserver-xorg: update to 1.20.13
  xserver-xorg: update to 1.20.14

 .../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++
 .../util-linux/util-linux_2.35.1.bb           |   1 +
 .../xorg-xserver/xserver-xorg.inc             |   2 +-
 .../xserver-xorg/CVE-2020-14345.patch         | 182 ------------------
 .../xserver-xorg/CVE-2020-14346.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14347.patch         |  38 ----
 .../xserver-xorg/CVE-2020-14360.patch         | 132 -------------
 .../xserver-xorg/CVE-2020-14361.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14362.patch         |  70 -------
 .../xserver-xorg/CVE-2020-25712.patch         | 102 ----------
 ...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} |  11 +-
 11 files changed, 165 insertions(+), 606 deletions(-)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3993

The following changes since commit 3f40d5f095ceb099b604750db96058df00fcd49e:

  build-appliance-image: Update to dunfell head revision (2022-07-25 15:09:15 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (5):
  gnupg: CVE-2022-34903 possible signature forgery via injection into
    the status line
  grub2: Fix buffer underflow write in the heap
  qemu: CVE-2022-35414 can perform an uninitialized read on the
    translate_fail path, leading to an io_readx or io_writex crash
  libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By
    Zero Error
  libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections

LUIS ENRIQUEZ (1):
  kernel-fitimage.bbclass: add padding algorithm property in config
    nodes

Sana.Kazi (1):
  libjpeg-turbo: Fix CVE-2021-46822

 meta/classes/kernel-fitimage.bbclass          |   5 +
 .../grub/files/CVE-2021-3695.patch            | 178 +++++++++++++++++
 .../grub/files/CVE-2021-3696.patch            |  46 +++++
 .../grub/files/CVE-2021-3697.patch            |  82 ++++++++
 meta/recipes-bsp/grub/grub2.inc               |   5 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-35414.patch            |  53 +++++
 .../libtirpc/libtirpc/CVE-2021-46828.patch    | 155 +++++++++++++++
 .../libtirpc/libtirpc_1.2.6.bb                |   4 +-
 .../jpeg/files/CVE-2021-46822.patch           | 133 +++++++++++++
 .../jpeg/libjpeg-turbo_2.0.4.bb               |   1 +
 ...022-2056-CVE-2022-2057-CVE-2022-2058.patch | 183 ++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   1 +
 .../gnupg/gnupg/CVE-2022-34903.patch          |  44 +++++
 meta/recipes-support/gnupg/gnupg_2.2.27.bb    |   1 +
 15 files changed, 890 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3695.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3696.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3697.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
 create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
 create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2021-46822.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
 create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200

The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2:

  relocate_sdk.py: ensure interpreter size error causes relocation to fail (2022-08-29 05:02:16 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (1):
  sqlite: CVE-2022-35737 assertion failure

Joshua Watt (1):
  classes: cve-check: Get shared database lock

Ranjitsinh Rathod (2):
  libarchive: Fix CVE-2021-23177 issue
  libarchive: Fix CVE-2021-31566 issue

Richard Purdie (1):
  vim: Upgrade 9.0.0242 -> 9.0.0341

Robert Joslyn (1):
  curl: Backport patch for CVE-2022-35252

Ross Burton (1):
  cve-check: close cursors as soon as possible

 meta/classes/cve-check.bbclass                |  36 ++--
 .../recipes-core/meta/cve-update-db-native.bb |  51 ++---
 .../libarchive/CVE-2021-23177.patch           | 183 ++++++++++++++++++
 .../libarchive/CVE-2021-31566-01.patch        |  23 +++
 .../libarchive/CVE-2021-31566-02.patch        | 172 ++++++++++++++++
 .../libarchive/libarchive_3.4.2.bb            |   3 +
 .../curl/curl/CVE-2022-35252.patch            |  72 +++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 .../sqlite/files/CVE-2022-35737.patch         |  29 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 11 files changed, 535 insertions(+), 40 deletions(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4364

The following changes since commit aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f:

  qemu: Avoid accidental librdmacm linkage (2022-10-12 05:13:44 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.216
  linux-yocto/5.4: update to v5.4.219

Omkar (1):
  dbus: upgrade 1.12.22 -> 1.12.24

Paul Eggleton (1):
  classes/kernel-fitimage: add ability to add additional signing options

Steve Sakoman (2):
  devtool: add HostKeyAlgorithms option to ssh and scp commands
  selftest: skip virgl test on all Alma Linux

wangmy (1):
  dbus: upgrade 1.12.20 -> 1.12.22

 meta/classes/kernel-fitimage.bbclass          |  6 ++++-
 meta/lib/oeqa/selftest/cases/devtool.py       |  2 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |  4 ++--
 ...s-test_1.12.20.bb => dbus-test_1.12.24.bb} |  0
 meta/recipes-core/dbus/dbus.inc               |  3 +--
 .../dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} |  0
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 scripts/lib/devtool/deploy.py                 |  8 +++----
 10 files changed, 31 insertions(+), 28 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.24.bb} (100%)
 rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} (100%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4565

The following changes since commit 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba:

  sstate: Account for reserved characters when shortening sstate filenames (2022-11-23 00:26:19 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  linux-firmware: upgrade 20220913 -> 20221012

Chen Qi (1):
  kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20221012 -> 20221109

Mike Crowe (1):
  kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE

Ross Burton (1):
  pixman: backport fix for CVE-2022-44638

Vivek Kumbhar (1):
  qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead
    to guest crash

Wang Mingyu (1):
  mobile-broadband-provider-info: upgrade 20220725 -> 20221107

 meta/classes/kernel.bbclass                   | 29 ++++++++-
 .../mobile-broadband-provider-info_git.bb     |  4 +-
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2021-20196.patch            | 62 +++++++++++++++++++
 .../xorg-lib/pixman/CVE-2022-44638.patch      | 34 ++++++++++
 .../xorg-lib/pixman_0.38.4.bb                 |  1 +
 ...20220913.bb => linux-firmware_20221109.bb} |  6 +-
 7 files changed, 129 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221109.bb} (99%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5141

The following changes since commit 1c7d555379c4b0962bccd018870989050d87675f:

  classes/package: Use gzip for extended package data (2023-03-27 16:29:20 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Geoffrey GIRY (1):
  cve-check: Fix false negative version issue

Hitendra Prajapati (2):
  curl: CVE-2023-23916 HTTP multi-header compression denial of service
  qemu: fix compile error which imported by CVE-2022-4144

Martin Jansa (1):
  bmap-tools: switch to main branch

Randy MacLeod (1):
  vim: upgrade 9.0.1403 -> 9.0.1429

Shubham Kulkarni (1):
  go-runtime: Security fix for CVE-2022-41723

Vijay Anusuri (1):
  git: Security fix for CVE-2023-22490 and CVE-2023-23946

 meta/classes/cve-check.bbclass                |   5 +-
 meta/lib/oe/cve_check.py                      |  37 +++
 meta/lib/oeqa/selftest/cases/cve_check.py     |  19 ++
 .../git/files/CVE-2023-22490-1.patch          | 179 +++++++++++++
 .../git/files/CVE-2023-22490-2.patch          | 122 +++++++++
 .../git/files/CVE-2023-22490-3.patch          | 154 ++++++++++++
 .../git/files/CVE-2023-23946.patch            | 184 ++++++++++++++
 meta/recipes-devtools/git/git.inc             |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-41723.patch           | 156 ++++++++++++
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 ...ass-requested-buffer-size-to-qxl_phy.patch | 236 ++++++++++++++++++
 .../bmap-tools/bmap-tools_3.5.bb              |   2 +-
 .../curl/curl/CVE-2023-23916.patch            | 231 +++++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 16 files changed, 1332 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-1.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-2.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-23946.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210

The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:

  curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (2):
  curl: CVE-2023-27538 fix SSH connection too eager reuse
  screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

Peter Marko (1):
  go: ignore CVE-2022-41716

Shubham Kulkarni (2):
  go-runtime: Security fix for CVE-2022-41722
  go: Security fix for CVE-2020-29510

Vivek Kumbhar (1):
  go: fix CVE-2023-24537 Infinite loop in parsing

rajmohan r (1):
  systemd: Fix CVE-2023-26604

 .../systemd/systemd/CVE-2023-26604-1.patch    | 115 ++++++++
 .../systemd/systemd/CVE-2023-26604-2.patch    | 264 ++++++++++++++++++
 .../systemd/systemd/CVE-2023-26604-3.patch    | 182 ++++++++++++
 .../systemd/systemd/CVE-2023-26604-4.patch    |  32 +++
 meta/recipes-core/systemd/systemd_244.5.bb    |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   7 +
 .../go/go-1.14/CVE-2020-29510.patch           |  65 +++++
 .../go/go-1.14/CVE-2022-41722-1.patch         |  53 ++++
 .../go/go-1.14/CVE-2022-41722-2.patch         | 104 +++++++
 .../go/go-1.14/CVE-2023-24537.patch           |  76 +++++
 .../screen/screen/CVE-2023-24626.patch        |  40 +++
 meta/recipes-extended/screen/screen_4.8.0.bb  |   1 +
 .../curl/curl/CVE-2023-27538.patch            |  31 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 14 files changed, 975 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5294

The following changes since commit fd4cc8d7b5156c43d162a1a5a809fae507457ef4:

  build-appliance-image: Update to dunfell head revision (2023-05-03 12:29:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Arturo Buzarra (1):
  run-postinsts: Set dependency for ldconfig to avoid boot issues

Ashish Sharma (1):
  connman: Fix CVE-2023-28488 DoS in client.c

Peter Marko (1):
  libxml2: patch CVE-2023-28484 and CVE-2023-29469

Ranjitsinh Rathod (1):
  libbsd: Add correct license for all packages

Shubham Kulkarni (1):
  go: Security fix for CVE-2023-24538

Vivek Kumbhar (1):
  freetype: fix CVE-2023-2004 integer overflowin in
    tt_hvadvance_adjust() in src/truetype/ttgxvar.c

Yoann Congal (1):
  linux-yocto: Exclude 294 CVEs already fixed upstream

 .../connman/connman/CVE-2023-28488.patch      |   54 +
 .../connman/connman_1.37.bb                   |    1 +
 .../libxml/libxml2/CVE-2023-28484.patch       |   79 +
 .../libxml/libxml2/CVE-2023-29469.patch       |   42 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    2 +
 meta/recipes-devtools/go/go-1.14.inc          |    3 +
 .../go/go-1.14/CVE-2023-24538-1.patch         |  125 ++
 .../go/go-1.14/CVE-2023-24538-2.patch         |  196 ++
 .../go/go-1.14/CVE-2023-24538-3.patch         |  208 ++
 .../run-postinsts/run-postinsts.service       |    2 +-
 .../freetype/freetype/CVE-2023-2004.patch     |   40 +
 .../freetype/freetype_2.10.1.bb               |    1 +
 meta/recipes-kernel/linux/cve-exclusion.inc   | 1840 +++++++++++++++++
 meta/recipes-kernel/linux/linux-yocto.inc     |    3 +
 meta/recipes-support/libbsd/libbsd_0.10.0.bb  |    6 +
 15 files changed, 2601 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947

The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a:

  build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Archana Polampalli (1):
  vim: upgrade 9.0.1592 -> 9.0.1664

Michael Opdenacker (1):
  flac: fix CVE-2020-22219

Richard Purdie (1):
  vim: Upgrade 9.0.1664 -> 9.0.1894

Ross Burton (1):
  gcc: Fix -fstack-protector issue on aarch64

Siddharth Doshi (2):
  gdb: Fix CVE-2023-39128
  libxml2: Fix CVE-2023-39615

Vijay Anusuri (1):
  go: Backport fix for CVE-2022-41725 and CVE-2023-24536

 .../libxml/libxml2/CVE-2023-39615-0001.patch  |   36 +
 .../libxml/libxml2/CVE-2023-39615-0002.patch  |   71 +
 .../libxml/libxml2/CVE-2023-39615-pre.patch   |   44 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    3 +
 meta/recipes-devtools/gcc/gcc-9.5.inc         |    1 +
 .../gcc/gcc-9.5/CVE-2023-4039.patch           | 1506 +++++++++++++++++
 meta/recipes-devtools/gdb/gdb-9.1.inc         |    1 +
 .../gdb/gdb/0012-CVE-2023-39128.patch         |   75 +
 meta/recipes-devtools/go/go-1.14.inc          |    7 +
 .../go/go-1.14/CVE-2022-41725-pre1.patch      |   85 +
 .../go/go-1.14/CVE-2022-41725-pre2.patch      |   97 ++
 .../go/go-1.14/CVE-2022-41725-pre3.patch      |   98 ++
 .../go/go-1.14/CVE-2022-41725.patch           |  660 ++++++++
 .../go/go-1.14/CVE-2023-24536_1.patch         |  134 ++
 .../go/go-1.14/CVE-2023-24536_2.patch         |  184 ++
 .../go/go-1.14/CVE-2023-24536_3.patch         |  349 ++++
 .../flac/files/CVE-2020-22219.patch           |  197 +++
 meta/recipes-multimedia/flac/flac_1.3.3.bb    |    1 +
 meta/recipes-support/vim/vim.inc              |    6 +-
 19 files changed, 3552 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, February 15

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6564

The following changes since commit 18ae4fea4bf8681f9138d21124589918e336ff6b:

  systemtap: Fix build with gcc-12 (2024-01-25 03:58:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Matthias Schmitz (1):
  rsync: Fix rsync hanging when used with --relative

Ming Liu (1):
  go: add a complementary fix for CVE-2023-29406

Peter Marko (1):
  curl: ignore CVE-2023-42915

Vijay Anusuri (1):
  ghostscript: Backport fix for CVE-2020-36773

Zahir Hussain (1):
  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

virendra thakur (2):
  perl: Whitelist CVE-2023-47039
  ncurses: Fix CVE-2023-29491

 .../ncurses/files/CVE-2023-29491.patch        |  45 +++++++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |   3 +-
 .../cmake/cmake/OEToolchainConfig.cmake       |   3 +
 meta/recipes-devtools/go/go-1.14.inc          |   3 +-
 ...023-29406.patch => CVE-2023-29406-1.patch} |   0
 .../go/go-1.14/CVE-2023-29406-2.patch         | 114 ++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.30.1.bb     |   4 +
 ...lative-when-copying-an-absolute-path.patch |  31 +++++
 meta/recipes-devtools/rsync/rsync_3.1.3.bb    |   1 +
 .../ghostscript/CVE-2020-36773.patch          | 109 +++++++++++++++++
 .../ghostscript/ghostscript_9.52.bb           |   1 +
 meta/recipes-support/curl/curl_7.69.1.bb      |   3 +
 12 files changed, 315 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
 rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch
 create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, April 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6757

The following changes since commit d0811b98fa3847dbbfcfe6a80694509bb29aaf9c:

  yocto-uninative: Update to 4.4 for glibc 2.39 (2024-03-18 11:44:32 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve Sakoman (2):
  tar: bump PR to deal with sstate corruption on autobuilder
  perf: bump PR to deal with sstate corruption on autobuilder

Vijay Anusuri (4):
  libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356
  go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785
  tar: Fix for CVE-2023-39804
  curl: backport Debian patch for CVE-2024-2398

virendra thakur (1):
  openssl: Fix CVE-2024-0727

 .../openssl/openssl/CVE-2024-0727.patch       | 122 ++++++++
 .../openssl/openssl_1.1.1w.bb                 |   1 +
 meta/recipes-devtools/go/go-1.14.inc          |   3 +
 .../go/go-1.14/CVE-2023-45289.patch           | 121 ++++++++
 .../go/go-1.14/CVE-2023-45290.patch           | 271 ++++++++++++++++++
 .../go/go-1.14/CVE-2024-24785.patch           | 197 +++++++++++++
 .../tar/tar/CVE-2023-39804.patch              |  64 +++++
 meta/recipes-extended/tar/tar_1.32.bb         |   3 +
 meta/recipes-kernel/perf/perf.bb              |   2 +-
 .../libtiff/files/CVE-2023-52356.patch        |  53 ++++
 .../libtiff/files/CVE-2023-6277-1.patch       | 191 ++++++++++++
 .../libtiff/files/CVE-2023-6277-2.patch       | 152 ++++++++++
 .../libtiff/files/CVE-2023-6277-3.patch       |  46 +++
 .../libtiff/files/CVE-2023-6277-4.patch       |  94 ++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   5 +
 .../curl/curl/CVE-2024-2398.patch             |  88 ++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 17 files changed, 1413 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2023-39804.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch

-- 
2.34.1