[OE-core][dunfell 0/7] Patch review

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

Passed a-full on autobuilder (other than 500 server error posting report for qemumips-alt):

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1265

The following changes since commit b95d6aeafb70765e22d2e1254e749a48f508d489:

  uninative: Handle PREMIRRORS generically (2020-08-09 09:26:54 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (3):
  linux-yocto-rt/5.4: update to rt32
  linux-yocto/5.4: update to v5.4.56
  linux-yocto/5.4: update to v5.4.57

Khem Raj (4):
  glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
  gcc-9.3.inc: Mark CVE-2019-15847 as fixed
  go: update 1.14.4 -> 1.14.6
  go: Upgrade to 1.14.7

 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/0016-Add-unused-attribute.patch     |  31 ---
 .../glibc/glibc/CVE-2020-6096.patch           | 112 ----------
 .../glibc/glibc/CVE-2020-6096_2.patch         | 194 ------------------
 meta/recipes-core/glibc/glibc_2.31.bb         |   5 +-
 meta/recipes-devtools/gcc/gcc-9.3.inc         |   2 +
 meta/recipes-devtools/go/go-1.14.inc          |   5 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 10 files changed, 24 insertions(+), 363 deletions(-)
 delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch

-- 
2.17.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Monday.

The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:

  cve-check: avoid FileNotFoundError if no do_cve_check task has run (2020-09-14 04:26:37 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Christophe GUIBOUT (1):
  initramfs-framework: support kernel cmdline with double quotes

Geoff Parker (1):
  systemd-serialgetty: Replace sed quoting using ' with " to allow var
    expansion

Khem Raj (1):
  populate_sdk_ext: Do not assume local.conf will always exist

Michael Gloff (1):
  sysvinit: Remove ${B} assignment

Pierre-Jean Texier (1):
  libubootenv: upgrade 0.3 -> 0.3.1

Rahul Kumar (1):
  systemd-serialgetty: Fix sed expression quoting

Steve Sakoman (1):
  Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"

 meta/classes/kernel.bbclass                         |  2 +-
 meta/classes/populate_sdk_ext.bbclass               |  5 +++--
 .../{libubootenv_0.3.bb => libubootenv_0.3.1.bb}    |  2 +-
 .../initrdscripts/initramfs-framework/init          | 13 +++++++++++++
 meta/recipes-core/systemd/systemd-serialgetty.bb    |  4 ++--
 meta/recipes-core/sysvinit/sysvinit_2.96.bb         |  1 -
 6 files changed, 20 insertions(+), 7 deletions(-)
 rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)

-- 
2.17.1

[OE-core][dunfell 1/7] systemd-serialgetty: Fix sed expression quoting

[Steve Sakoman]

From: Rahul Kumar <rahulk@mvista.com>

Fix sed: -e expression #1, char 13: unterminated `s' command

Error Message:
| NOTE: Installed into sysroot: []
| NOTE: Skipping as already exists in sysroot: ['pseudo-native', 'glibc', 'patch-native', 'quilt-native', 'gcc-cross-arm', 'gcc-runtime', 'linux-libc-headers', 'libgcc', 'flex-native', 'xz-native', 'libtool-native', 'automake-native', 'binutils-cross-arm', 'zlib-native', 'mpfr-native', 'texinfo-dummy-native', 'autoconf-native', 'libmpc-native', 'gnu-config-native', 'gmp-native', 'attr-native', 'm4-native', 'gettext-minimal-native']
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing shell function do_install
| sed: -e expression #1, char 13: unterminated `s' command
| WARNING: exit code 1 from a shell command.
| ERROR: Execution of '/opt/Projects/poky/build/tmp/work/qemux86_64-poky-linux/systemd-serialgetty/1.0-r5/temp/run.do_install.11228' failed with exit code 1:
| sed: -e expression #1, char 13: unterminated `s' command
| WARNING: exit code 1 from a shell command.
|

To Fix this Issue using the strong (single quote) character in sed command.
It is recommend to use quotes. If we have meta-characters in the command, quotes are necessary.

Signed-off-by: Rahul Kumar <rahulk@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2fea05e150dcfec4b7dfbd8edddb53897026bf9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/systemd/systemd-serialgetty.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd-serialgetty.bb b/meta/recipes-core/systemd/systemd-serialgetty.bb
index 044c6c5b67..059fccc2b6 100644
--- a/meta/recipes-core/systemd/systemd-serialgetty.bb
+++ b/meta/recipes-core/systemd/systemd-serialgetty.bb
@@ -21,7 +21,7 @@ do_install() {
 		install -d ${D}${systemd_unitdir}/system/
 		install -d ${D}${sysconfdir}/systemd/system/getty.target.wants/
 		install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/
-		sed -i -e s/\@BAUDRATE\@/$default_baudrate/g ${D}${systemd_unitdir}/system/serial-getty@.service
+		sed -i -e 's/\@BAUDRATE\@/$default_baudrate/g' ${D}${systemd_unitdir}/system/serial-getty@.service
 
 		tmp="${SERIAL_CONSOLES}"
 		for entry in $tmp ; do
-- 
2.17.1

[OE-core][dunfell 2/7] systemd-serialgetty: Replace sed quoting using ' with " to allow var expansion

[Steve Sakoman]

From: Geoff Parker <geoffhp@gmail.com>

A recent commit added single quotes around the sed regex's. This prevented the
expansion of $default_baudrate in do_install(), and ended up with systemd's'
serial-getty@.service file having a literal $default_baudrate.

This broke the serial console getty service.

serial-getty@.service was getting a line which looked like this:

  ExecStart=-/sbin/agetty -8 -L %I $default_baudrate $TERM

Rather than:

  ExecStart=-/sbin/agetty -8 -L %I 115200 $TERM

Fixed by repacing the single quotes with double quotes in the sed expressions.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 80b721bfa4fe300a2f52f233f44fa2835426d304)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/systemd/systemd-serialgetty.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/systemd/systemd-serialgetty.bb b/meta/recipes-core/systemd/systemd-serialgetty.bb
index 059fccc2b6..0cc0dc8c79 100644
--- a/meta/recipes-core/systemd/systemd-serialgetty.bb
+++ b/meta/recipes-core/systemd/systemd-serialgetty.bb
@@ -21,7 +21,7 @@ do_install() {
 		install -d ${D}${systemd_unitdir}/system/
 		install -d ${D}${sysconfdir}/systemd/system/getty.target.wants/
 		install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/
-		sed -i -e 's/\@BAUDRATE\@/$default_baudrate/g' ${D}${systemd_unitdir}/system/serial-getty@.service
+		sed -i -e "s/\@BAUDRATE\@/$default_baudrate/g" ${D}${systemd_unitdir}/system/serial-getty@.service
 
 		tmp="${SERIAL_CONSOLES}"
 		for entry in $tmp ; do
@@ -34,7 +34,7 @@ do_install() {
 			else
 				# install custom service file for the non-default baudrate
 				install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
-				sed -i -e s/\@BAUDRATE\@/$baudrate/g ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
+				sed -i -e "s/\@BAUDRATE\@/$baudrate/g" ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
 				# enable the service
 				ln -sf ${systemd_unitdir}/system/serial-getty$baudrate@.service \
 					${D}${sysconfdir}/systemd/system/getty.target.wants/serial-getty$baudrate@$ttydev.service
-- 
2.17.1

[OE-core][dunfell 3/7] initramfs-framework: support kernel cmdline with double quotes

[Steve Sakoman]

From: Christophe GUIBOUT <christophe.guibout@st.com>

It avoids init to crash when kernel cmdline contains a string with
spaces inside, like that:
dyndbg="file drivers/usb/core/hub.c +pltf"

Signed-off-by: Christophe Guibout <christophe.guibout@st.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 88b8b94bd2d052bca29d27bd5cd00eddb0f5999d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../initrdscripts/initramfs-framework/init          | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/init b/meta/recipes-core/initrdscripts/initramfs-framework/init
index c71ce0ce8c..567694aff7 100755
--- a/meta/recipes-core/initrdscripts/initramfs-framework/init
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/init
@@ -88,12 +88,25 @@ fi
 
 # populate bootparam environment
 for p in `cat /proc/cmdline`; do
+	if [ -n "$quoted" ]; then
+		value="$value $p"
+		if [ "`echo $p | sed -e 's/\"$//'`" != "$p" ]; then
+			eval "bootparam_${quoted}=${value}"
+			unset quoted
+		fi
+		continue
+	fi
+
 	opt=`echo $p | cut -d'=' -f1`
 	opt=`echo $opt | sed -e 'y/.-/__/'`
 	if [ "`echo $p | cut -d'=' -f1`" = "$p" ]; then
 		eval "bootparam_${opt}=true"
 	else
 		value="`echo $p | cut -d'=' -f2-`"
+		if [ "`echo $value | sed -e 's/^\"//'`" != "$value" ]; then
+			quoted=${opt}
+			continue
+		fi
 		eval "bootparam_${opt}=\"${value}\""
 	fi
 done
-- 
2.17.1

[OE-core][dunfell 4/7] libubootenv: upgrade 0.3 -> 0.3.1

[Steve Sakoman]

From: Pierre-Jean Texier <pjtexier@koncepto.io>

This is a bugfix release which includes the following changes:

824551a Prepare 0.3.1
ca6aaa1 Fix file reading/writing when the environment is in EEPROM
a031dea Fix regression in UBI volume support
c91c150 Define SOVERSION to indicate API version

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 447eb941ef43cd5af19aed650fb7da718cedda61)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)

diff --git a/meta/recipes-bsp/u-boot/libubootenv_0.3.bb b/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
similarity index 94%
rename from meta/recipes-bsp/u-boot/libubootenv_0.3.bb
rename to meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
index 07711484ac..613e3161fb 100644
--- a/meta/recipes-bsp/u-boot/libubootenv_0.3.bb
+++ b/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b36
 SECTION = "libs"
 
 SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https"
-SRCREV = "ad253cfdb07c8492f2ee46a52fbc607ad0b96414"
+SRCREV = "824551ac77bab1d0f7ae34d7a7c77b155240e754"
 
 S = "${WORKDIR}/git"
 
-- 
2.17.1

[OE-core][dunfell 5/7] sysvinit: Remove ${B} assignment

[Steve Sakoman]

From: Michael Gloff <mgloff@emacinc.com>

The VERSION variable is not set unless the
top level Makefile is used as the version is
derived from the Changelog.
If VERSION is not set, none of the binaries built
in the sysvinit recipe will have a valid version
output.
Before:
INIT: version  booting
After:
INIT: version 2.96 booting

Using the top level Makefile does not cause any
additional builds to occur.

Signed-off-by: Michael Gloff <mgloff@emacinc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10992ad4f343d0f92d9d6246cc2e58effd3f3eeb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/sysvinit/sysvinit_2.96.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-core/sysvinit/sysvinit_2.96.bb b/meta/recipes-core/sysvinit/sysvinit_2.96.bb
index d2b85ed9c0..7358f02385 100644
--- a/meta/recipes-core/sysvinit/sysvinit_2.96.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_2.96.bb
@@ -25,7 +25,6 @@ SRC_URI[md5sum] = "48cebffebf2a96ab09bec14bf9976016"
 SRC_URI[sha256sum] = "2a2e26b72aa235a23ab1c8471005f890309ce1196c83fbc9413c57b9ab62b587"
 
 S = "${WORKDIR}/sysvinit-${PV}"
-B = "${S}/src"
 
 inherit update-alternatives features_check
 DEPENDS_append = " update-rc.d-native base-passwd virtual/crypt"
-- 
2.17.1

[OE-core][dunfell 6/7] populate_sdk_ext: Do not assume local.conf will always exist

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Some distros may not have local.conf, and use auto.conf or site.conf
alone to describe distro config metadata, therefore make code robust
to not fail eSDK builds for such setups

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6379f951ba92b2b86a55de5fc267bacf8c6095d2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/populate_sdk_ext.bbclass | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index fd0da16e7e..71686bc993 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -310,8 +310,9 @@ python copy_buildsystem () {
         if os.path.exists(builddir + '/conf/auto.conf'):
             with open(builddir + '/conf/auto.conf', 'r') as f:
                 oldlines += f.readlines()
-        with open(builddir + '/conf/local.conf', 'r') as f:
-            oldlines += f.readlines()
+        if os.path.exists(builddir + '/conf/local.conf'):
+            with open(builddir + '/conf/local.conf', 'r') as f:
+                oldlines += f.readlines()
         (updated, newlines) = bb.utils.edit_metadata(oldlines, varlist, handle_var)
 
         with open(baseoutpath + '/conf/local.conf', 'w') as f:
-- 
2.17.1

[OE-core][dunfell 7/7] Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"

[Steve Sakoman]

This reverts commit 914d8a00e34a8edf75a349da6f5978e4ed60e6d5.

Due to bug introduced for externalsrc

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14044

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 9eb9bd2844..9e3c34ad48 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -152,7 +152,7 @@ python do_symlink_kernsrc () {
             shutil.move(s, kernsrc)
             os.symlink(kernsrc, s)
 }
-addtask symlink_kernsrc before do_patch after do_unpack
+addtask symlink_kernsrc before do_configure after do_unpack
 
 inherit kernel-arch deploy
 
-- 
2.17.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2350

The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:

  report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Andrej Valek (1):
  busybox: add tmpdir option into mktemp applet

Richard Purdie (3):
  pseudo: Add uninative configuration sanity check
  pseudo: Update to latest version including statx fix
  sstate: Drop pseudo exclusion

Steve Sakoman (3):
  bluez: fix CVE-2021-3588
  gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
  gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed

 meta/classes/sstate.bbclass                   |  2 -
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/CVE-2021-3588.patch         | 34 ++++++++
 .../0001-mktemp-add-tmpdir-option.patch       | 81 +++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |  1 +
 meta/recipes-devtools/pseudo/pseudo.inc       | 13 +++
 meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
 .../gstreamer1.0-plugins-base_1.16.3.bb       |  4 +
 .../gstreamer1.0-plugins-good_1.16.3.bb       |  5 ++
 9 files changed, 140 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch

-- 
2.25.1

Re: [OE-core][dunfell 0/7] Patch review

[Andrej Valek]

Hello Steve,

Busybox patch looks fine.

Cheers,
Andrej

> Please review this next set of patches for dunfell and have comments back by end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F83%2Fbuilds%2F2350&data=04%7C01%7Candrej.valek%40siemens.com%> 7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHIY6jrIIjgQrMFGZI5aGHjaqK4A5Y17uptGKbI%2ByXQ%3D&reserved=0
>
> The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
>
>   report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
>
> are available in the Git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
>   https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcgit.openembedded.org%2Fopenembedded-core-contrib%2Flog%2F%3Fh%3Dstable%2Fdunfell-nut&data=04%7C01%7Candrej.valek%40siemens.com%7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RqxpOBjsL%2B6GJnZwWtQ7KHLi%2FAcp1A0KZza9ow9p%2FPc%3D&reserved=0

> Andrej Valek (1):
>   busybox: add tmpdir option into mktemp applet
>
> Richard Purdie (3):
>   pseudo: Add uninative configuration sanity check
>   pseudo: Update to latest version including statx fix
>   sstate: Drop pseudo exclusion
>
> Steve Sakoman (3):
>   bluez: fix CVE-2021-3588
>   gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
>   gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
>
>  meta/classes/sstate.bbclass                   |  2 -
>  meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
>  .../bluez5/bluez5/CVE-2021-3588.patch         | 34 ++++++++
>  .../0001-mktemp-add-tmpdir-option.patch       | 81 +++++++++++++++++++
>  meta/recipes-core/busybox/busybox_1.31.1.bb   |  1 +
>  meta/recipes-devtools/pseudo/pseudo.inc       | 13 +++
>  meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
>  .../gstreamer1.0-plugins-base_1.16.3.bb       |  4 +
>  .../gstreamer1.0-plugins-good_1.16.3.bb       |  5 ++
>  9 files changed, 140 insertions(+), 3 deletions(-)  create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-> 2021-3588.patch
>  create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
>
> --
> 2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3445

The following changes since commit da5cba5ec56cc437ede46d8aa71219a2a34cbe9e:

  oeqa/selftest/tinfoil: Fix intermittent event loss issue in test (2022-03-26 16:25:24 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve Sakoman (7):
  util-linux: fix CVE-2022-0563
  xserver-xorg: update to 1.20.9
  xserver-xorg: update to 1.20.10
  xserver-xorg: update to 1.20.11
  xserver-xorg: update to 1.20.12
  xserver-xorg: update to 1.20.13
  xserver-xorg: update to 1.20.14

 .../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++
 .../util-linux/util-linux_2.35.1.bb           |   1 +
 .../xorg-xserver/xserver-xorg.inc             |   2 +-
 .../xserver-xorg/CVE-2020-14345.patch         | 182 ------------------
 .../xserver-xorg/CVE-2020-14346.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14347.patch         |  38 ----
 .../xserver-xorg/CVE-2020-14360.patch         | 132 -------------
 .../xserver-xorg/CVE-2020-14361.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14362.patch         |  70 -------
 .../xserver-xorg/CVE-2020-25712.patch         | 102 ----------
 ...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} |  11 +-
 11 files changed, 165 insertions(+), 606 deletions(-)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3993

The following changes since commit 3f40d5f095ceb099b604750db96058df00fcd49e:

  build-appliance-image: Update to dunfell head revision (2022-07-25 15:09:15 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (5):
  gnupg: CVE-2022-34903 possible signature forgery via injection into
    the status line
  grub2: Fix buffer underflow write in the heap
  qemu: CVE-2022-35414 can perform an uninitialized read on the
    translate_fail path, leading to an io_readx or io_writex crash
  libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By
    Zero Error
  libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections

LUIS ENRIQUEZ (1):
  kernel-fitimage.bbclass: add padding algorithm property in config
    nodes

Sana.Kazi (1):
  libjpeg-turbo: Fix CVE-2021-46822

 meta/classes/kernel-fitimage.bbclass          |   5 +
 .../grub/files/CVE-2021-3695.patch            | 178 +++++++++++++++++
 .../grub/files/CVE-2021-3696.patch            |  46 +++++
 .../grub/files/CVE-2021-3697.patch            |  82 ++++++++
 meta/recipes-bsp/grub/grub2.inc               |   5 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-35414.patch            |  53 +++++
 .../libtirpc/libtirpc/CVE-2021-46828.patch    | 155 +++++++++++++++
 .../libtirpc/libtirpc_1.2.6.bb                |   4 +-
 .../jpeg/files/CVE-2021-46822.patch           | 133 +++++++++++++
 .../jpeg/libjpeg-turbo_2.0.4.bb               |   1 +
 ...022-2056-CVE-2022-2057-CVE-2022-2058.patch | 183 ++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   1 +
 .../gnupg/gnupg/CVE-2022-34903.patch          |  44 +++++
 meta/recipes-support/gnupg/gnupg_2.2.27.bb    |   1 +
 15 files changed, 890 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3695.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3696.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3697.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
 create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
 create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2021-46822.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
 create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200

The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2:

  relocate_sdk.py: ensure interpreter size error causes relocation to fail (2022-08-29 05:02:16 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (1):
  sqlite: CVE-2022-35737 assertion failure

Joshua Watt (1):
  classes: cve-check: Get shared database lock

Ranjitsinh Rathod (2):
  libarchive: Fix CVE-2021-23177 issue
  libarchive: Fix CVE-2021-31566 issue

Richard Purdie (1):
  vim: Upgrade 9.0.0242 -> 9.0.0341

Robert Joslyn (1):
  curl: Backport patch for CVE-2022-35252

Ross Burton (1):
  cve-check: close cursors as soon as possible

 meta/classes/cve-check.bbclass                |  36 ++--
 .../recipes-core/meta/cve-update-db-native.bb |  51 ++---
 .../libarchive/CVE-2021-23177.patch           | 183 ++++++++++++++++++
 .../libarchive/CVE-2021-31566-01.patch        |  23 +++
 .../libarchive/CVE-2021-31566-02.patch        | 172 ++++++++++++++++
 .../libarchive/libarchive_3.4.2.bb            |   3 +
 .../curl/curl/CVE-2022-35252.patch            |  72 +++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 .../sqlite/files/CVE-2022-35737.patch         |  29 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 11 files changed, 535 insertions(+), 40 deletions(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4364

The following changes since commit aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f:

  qemu: Avoid accidental librdmacm linkage (2022-10-12 05:13:44 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.216
  linux-yocto/5.4: update to v5.4.219

Omkar (1):
  dbus: upgrade 1.12.22 -> 1.12.24

Paul Eggleton (1):
  classes/kernel-fitimage: add ability to add additional signing options

Steve Sakoman (2):
  devtool: add HostKeyAlgorithms option to ssh and scp commands
  selftest: skip virgl test on all Alma Linux

wangmy (1):
  dbus: upgrade 1.12.20 -> 1.12.22

 meta/classes/kernel-fitimage.bbclass          |  6 ++++-
 meta/lib/oeqa/selftest/cases/devtool.py       |  2 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |  4 ++--
 ...s-test_1.12.20.bb => dbus-test_1.12.24.bb} |  0
 meta/recipes-core/dbus/dbus.inc               |  3 +--
 .../dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} |  0
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 scripts/lib/devtool/deploy.py                 |  8 +++----
 10 files changed, 31 insertions(+), 28 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.24.bb} (100%)
 rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} (100%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4565

The following changes since commit 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba:

  sstate: Account for reserved characters when shortening sstate filenames (2022-11-23 00:26:19 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  linux-firmware: upgrade 20220913 -> 20221012

Chen Qi (1):
  kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20221012 -> 20221109

Mike Crowe (1):
  kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE

Ross Burton (1):
  pixman: backport fix for CVE-2022-44638

Vivek Kumbhar (1):
  qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead
    to guest crash

Wang Mingyu (1):
  mobile-broadband-provider-info: upgrade 20220725 -> 20221107

 meta/classes/kernel.bbclass                   | 29 ++++++++-
 .../mobile-broadband-provider-info_git.bb     |  4 +-
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2021-20196.patch            | 62 +++++++++++++++++++
 .../xorg-lib/pixman/CVE-2022-44638.patch      | 34 ++++++++++
 .../xorg-lib/pixman_0.38.4.bb                 |  1 +
 ...20220913.bb => linux-firmware_20221109.bb} |  6 +-
 7 files changed, 129 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221109.bb} (99%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5141

The following changes since commit 1c7d555379c4b0962bccd018870989050d87675f:

  classes/package: Use gzip for extended package data (2023-03-27 16:29:20 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Geoffrey GIRY (1):
  cve-check: Fix false negative version issue

Hitendra Prajapati (2):
  curl: CVE-2023-23916 HTTP multi-header compression denial of service
  qemu: fix compile error which imported by CVE-2022-4144

Martin Jansa (1):
  bmap-tools: switch to main branch

Randy MacLeod (1):
  vim: upgrade 9.0.1403 -> 9.0.1429

Shubham Kulkarni (1):
  go-runtime: Security fix for CVE-2022-41723

Vijay Anusuri (1):
  git: Security fix for CVE-2023-22490 and CVE-2023-23946

 meta/classes/cve-check.bbclass                |   5 +-
 meta/lib/oe/cve_check.py                      |  37 +++
 meta/lib/oeqa/selftest/cases/cve_check.py     |  19 ++
 .../git/files/CVE-2023-22490-1.patch          | 179 +++++++++++++
 .../git/files/CVE-2023-22490-2.patch          | 122 +++++++++
 .../git/files/CVE-2023-22490-3.patch          | 154 ++++++++++++
 .../git/files/CVE-2023-23946.patch            | 184 ++++++++++++++
 meta/recipes-devtools/git/git.inc             |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-41723.patch           | 156 ++++++++++++
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 ...ass-requested-buffer-size-to-qxl_phy.patch | 236 ++++++++++++++++++
 .../bmap-tools/bmap-tools_3.5.bb              |   2 +-
 .../curl/curl/CVE-2023-23916.patch            | 231 +++++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 16 files changed, 1332 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-1.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-2.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-23946.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210

The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:

  curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (2):
  curl: CVE-2023-27538 fix SSH connection too eager reuse
  screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

Peter Marko (1):
  go: ignore CVE-2022-41716

Shubham Kulkarni (2):
  go-runtime: Security fix for CVE-2022-41722
  go: Security fix for CVE-2020-29510

Vivek Kumbhar (1):
  go: fix CVE-2023-24537 Infinite loop in parsing

rajmohan r (1):
  systemd: Fix CVE-2023-26604

 .../systemd/systemd/CVE-2023-26604-1.patch    | 115 ++++++++
 .../systemd/systemd/CVE-2023-26604-2.patch    | 264 ++++++++++++++++++
 .../systemd/systemd/CVE-2023-26604-3.patch    | 182 ++++++++++++
 .../systemd/systemd/CVE-2023-26604-4.patch    |  32 +++
 meta/recipes-core/systemd/systemd_244.5.bb    |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   7 +
 .../go/go-1.14/CVE-2020-29510.patch           |  65 +++++
 .../go/go-1.14/CVE-2022-41722-1.patch         |  53 ++++
 .../go/go-1.14/CVE-2022-41722-2.patch         | 104 +++++++
 .../go/go-1.14/CVE-2023-24537.patch           |  76 +++++
 .../screen/screen/CVE-2023-24626.patch        |  40 +++
 meta/recipes-extended/screen/screen_4.8.0.bb  |   1 +
 .../curl/curl/CVE-2023-27538.patch            |  31 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 14 files changed, 975 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5294

The following changes since commit fd4cc8d7b5156c43d162a1a5a809fae507457ef4:

  build-appliance-image: Update to dunfell head revision (2023-05-03 12:29:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Arturo Buzarra (1):
  run-postinsts: Set dependency for ldconfig to avoid boot issues

Ashish Sharma (1):
  connman: Fix CVE-2023-28488 DoS in client.c

Peter Marko (1):
  libxml2: patch CVE-2023-28484 and CVE-2023-29469

Ranjitsinh Rathod (1):
  libbsd: Add correct license for all packages

Shubham Kulkarni (1):
  go: Security fix for CVE-2023-24538

Vivek Kumbhar (1):
  freetype: fix CVE-2023-2004 integer overflowin in
    tt_hvadvance_adjust() in src/truetype/ttgxvar.c

Yoann Congal (1):
  linux-yocto: Exclude 294 CVEs already fixed upstream

 .../connman/connman/CVE-2023-28488.patch      |   54 +
 .../connman/connman_1.37.bb                   |    1 +
 .../libxml/libxml2/CVE-2023-28484.patch       |   79 +
 .../libxml/libxml2/CVE-2023-29469.patch       |   42 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    2 +
 meta/recipes-devtools/go/go-1.14.inc          |    3 +
 .../go/go-1.14/CVE-2023-24538-1.patch         |  125 ++
 .../go/go-1.14/CVE-2023-24538-2.patch         |  196 ++
 .../go/go-1.14/CVE-2023-24538-3.patch         |  208 ++
 .../run-postinsts/run-postinsts.service       |    2 +-
 .../freetype/freetype/CVE-2023-2004.patch     |   40 +
 .../freetype/freetype_2.10.1.bb               |    1 +
 meta/recipes-kernel/linux/cve-exclusion.inc   | 1840 +++++++++++++++++
 meta/recipes-kernel/linux/linux-yocto.inc     |    3 +
 meta/recipes-support/libbsd/libbsd_0.10.0.bb  |    6 +
 15 files changed, 2601 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947

The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a:

  build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Archana Polampalli (1):
  vim: upgrade 9.0.1592 -> 9.0.1664

Michael Opdenacker (1):
  flac: fix CVE-2020-22219

Richard Purdie (1):
  vim: Upgrade 9.0.1664 -> 9.0.1894

Ross Burton (1):
  gcc: Fix -fstack-protector issue on aarch64

Siddharth Doshi (2):
  gdb: Fix CVE-2023-39128
  libxml2: Fix CVE-2023-39615

Vijay Anusuri (1):
  go: Backport fix for CVE-2022-41725 and CVE-2023-24536

 .../libxml/libxml2/CVE-2023-39615-0001.patch  |   36 +
 .../libxml/libxml2/CVE-2023-39615-0002.patch  |   71 +
 .../libxml/libxml2/CVE-2023-39615-pre.patch   |   44 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    3 +
 meta/recipes-devtools/gcc/gcc-9.5.inc         |    1 +
 .../gcc/gcc-9.5/CVE-2023-4039.patch           | 1506 +++++++++++++++++
 meta/recipes-devtools/gdb/gdb-9.1.inc         |    1 +
 .../gdb/gdb/0012-CVE-2023-39128.patch         |   75 +
 meta/recipes-devtools/go/go-1.14.inc          |    7 +
 .../go/go-1.14/CVE-2022-41725-pre1.patch      |   85 +
 .../go/go-1.14/CVE-2022-41725-pre2.patch      |   97 ++
 .../go/go-1.14/CVE-2022-41725-pre3.patch      |   98 ++
 .../go/go-1.14/CVE-2022-41725.patch           |  660 ++++++++
 .../go/go-1.14/CVE-2023-24536_1.patch         |  134 ++
 .../go/go-1.14/CVE-2023-24536_2.patch         |  184 ++
 .../go/go-1.14/CVE-2023-24536_3.patch         |  349 ++++
 .../flac/files/CVE-2020-22219.patch           |  197 +++
 meta/recipes-multimedia/flac/flac_1.3.3.bb    |    1 +
 meta/recipes-support/vim/vim.inc              |    6 +-
 19 files changed, 3552 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, February 15

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6564

The following changes since commit 18ae4fea4bf8681f9138d21124589918e336ff6b:

  systemtap: Fix build with gcc-12 (2024-01-25 03:58:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Matthias Schmitz (1):
  rsync: Fix rsync hanging when used with --relative

Ming Liu (1):
  go: add a complementary fix for CVE-2023-29406

Peter Marko (1):
  curl: ignore CVE-2023-42915

Vijay Anusuri (1):
  ghostscript: Backport fix for CVE-2020-36773

Zahir Hussain (1):
  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

virendra thakur (2):
  perl: Whitelist CVE-2023-47039
  ncurses: Fix CVE-2023-29491

 .../ncurses/files/CVE-2023-29491.patch        |  45 +++++++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |   3 +-
 .../cmake/cmake/OEToolchainConfig.cmake       |   3 +
 meta/recipes-devtools/go/go-1.14.inc          |   3 +-
 ...023-29406.patch => CVE-2023-29406-1.patch} |   0
 .../go/go-1.14/CVE-2023-29406-2.patch         | 114 ++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.30.1.bb     |   4 +
 ...lative-when-copying-an-absolute-path.patch |  31 +++++
 meta/recipes-devtools/rsync/rsync_3.1.3.bb    |   1 +
 .../ghostscript/CVE-2020-36773.patch          | 109 +++++++++++++++++
 .../ghostscript/ghostscript_9.52.bb           |   1 +
 meta/recipes-support/curl/curl_7.69.1.bb      |   3 +
 12 files changed, 315 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
 rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch
 create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, April 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6757

The following changes since commit d0811b98fa3847dbbfcfe6a80694509bb29aaf9c:

  yocto-uninative: Update to 4.4 for glibc 2.39 (2024-03-18 11:44:32 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve Sakoman (2):
  tar: bump PR to deal with sstate corruption on autobuilder
  perf: bump PR to deal with sstate corruption on autobuilder

Vijay Anusuri (4):
  libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356
  go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785
  tar: Fix for CVE-2023-39804
  curl: backport Debian patch for CVE-2024-2398

virendra thakur (1):
  openssl: Fix CVE-2024-0727

 .../openssl/openssl/CVE-2024-0727.patch       | 122 ++++++++
 .../openssl/openssl_1.1.1w.bb                 |   1 +
 meta/recipes-devtools/go/go-1.14.inc          |   3 +
 .../go/go-1.14/CVE-2023-45289.patch           | 121 ++++++++
 .../go/go-1.14/CVE-2023-45290.patch           | 271 ++++++++++++++++++
 .../go/go-1.14/CVE-2024-24785.patch           | 197 +++++++++++++
 .../tar/tar/CVE-2023-39804.patch              |  64 +++++
 meta/recipes-extended/tar/tar_1.32.bb         |   3 +
 meta/recipes-kernel/perf/perf.bb              |   2 +-
 .../libtiff/files/CVE-2023-52356.patch        |  53 ++++
 .../libtiff/files/CVE-2023-6277-1.patch       | 191 ++++++++++++
 .../libtiff/files/CVE-2023-6277-2.patch       | 152 ++++++++++
 .../libtiff/files/CVE-2023-6277-3.patch       |  46 +++
 .../libtiff/files/CVE-2023-6277-4.patch       |  94 ++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   5 +
 .../curl/curl/CVE-2024-2398.patch             |  88 ++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 17 files changed, 1413 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2023-39804.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch

-- 
2.34.1