[OE-core][kirkstone 00/22] Patch review

[OE-core][kirkstone 00/22] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3756

The following changes since commit 27815774c983f7c2c849513efe087a6d77eaf443:

  lzo: Add further info to a patch and mark as Inactive-Upstream (2022-06-02 06:54:27 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Dmitry Baryshkov (2):
  linux-firmware: package new Qualcomm firmware
  linux-firmware: split ath3k firmware

Jeremy Puhlman (1):
  gcc: depend on zstd-native

Marcel Ziswiler (1):
  alsa-plugins: fix libavtp vs. avtp packageconfig

Marta Rybczynska (4):
  cve-check: move update_symlinks to a library
  cve-check: write empty fragment files in the text mode
  cve-check: fix return type in check_cves
  cve-update-db-native: make it possible to disable database updates

Martin Jansa (1):
  patch.py: make sure that patches/series file exists before quilt pop

Mingli Yu (1):
  perl: Fix build with gcc-12

Peter Kjellerstedt (2):
  libseccomp: Correct LIC_FILES_CHKSUM
  license.bbclass: Bound beginline and endline in copy_license_files()

Richard Purdie (6):
  glib-2.0: upgrade 2.72.1 -> 2.72.2
  libxkbcommon: upgrade 1.4.0 -> 1.4.1
  gtk+3: upgrade 3.24.33 -> 3.24.34
  webkitgtk: upgrade 2.36.1 -> 2.36.3
  openssl: Backport fix for ptest cert expiry
  gcc-cross-canadian: Add nativesdk-zstd dependency

Sean Anderson (1):
  rootfs.py: find .ko.zst kernel modules

Stefan Wiehler (1):
  kernel-yocto.bbclass: Reset to exiting on non-zero return code at end
    of task

wangmy (2):
  cups: upgrade 2.4.1 -> 2.4.2
  logrotate: upgrade 3.19.0 -> 3.20.1

 meta/classes/cve-check.bbclass                |  40 +++--
 meta/classes/kernel-yocto.bbclass             |   8 +
 meta/classes/license.bbclass                  |   8 +-
 meta/lib/oe/cve_check.py                      |  10 ++
 meta/lib/oe/patch.py                          |   2 +
 meta/lib/oe/rootfs.py                         |   2 +-
 ...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch |  55 +++++++
 .../openssl/openssl_3.0.3.bb                  |   1 +
 .../glib-2.0/glib-2.0/relocate-modules.patch  |   2 +-
 ...{glib-2.0_2.72.1.bb => glib-2.0_2.72.2.bb} |   2 +-
 .../recipes-core/meta/cve-update-db-native.bb |   6 +-
 meta/recipes-devtools/gcc/gcc-11.3.inc        |   2 +-
 .../gcc/gcc-cross-canadian.inc                |   2 +-
 .../files/0001-Fix-build-with-gcc-12.patch    | 143 ++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.34.1.bb     |   1 +
 .../cups/{cups_2.4.1.bb => cups_2.4.2.bb}     |   2 +-
 ...ogrotate_3.19.0.bb => logrotate_3.20.1.bb} |   2 +-
 .../{gtk+3_3.24.33.bb => gtk+3_3.24.34.bb}    |   2 +-
 ...bcommon_1.4.0.bb => libxkbcommon_1.4.1.bb} |   2 +-
 .../linux-firmware/linux-firmware_20220509.bb |  19 ++-
 .../alsa/alsa-plugins_1.2.6.bb                |   2 +-
 ...ebkitgtk_2.36.1.bb => webkitgtk_2.36.3.bb} |   2 +-
 .../libseccomp/libseccomp_2.5.3.bb            |   2 +-
 23 files changed, 273 insertions(+), 44 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.72.1.bb => glib-2.0_2.72.2.bb} (96%)
 create mode 100644 meta/recipes-devtools/perl/files/0001-Fix-build-with-gcc-12.patch
 rename meta/recipes-extended/cups/{cups_2.4.1.bb => cups_2.4.2.bb} (51%)
 rename meta/recipes-extended/logrotate/{logrotate_3.19.0.bb => logrotate_3.20.1.bb} (97%)
 rename meta/recipes-gnome/gtk+/{gtk+3_3.24.33.bb => gtk+3_3.24.34.bb} (89%)
 rename meta/recipes-graphics/xorg-lib/{libxkbcommon_1.4.0.bb => libxkbcommon_1.4.1.bb} (94%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.36.1.bb => webkitgtk_2.36.3.bb} (98%)

-- 
2.25.1

[OE-core][kirkstone 01/22] cve-check: move update_symlinks to a library

[Steve Sakoman]

From: Marta Rybczynska <rybczynska@gmail.com>

Move the function to a library, it could be useful in other places.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit debd37abcdde8788761ebdb4a05bc61f7394cbb8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 11 +++--------
 meta/lib/oe/cve_check.py       | 10 ++++++++++
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index c80a365819..3844efcddb 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -80,16 +80,10 @@ CVE_CHECK_LAYER_INCLUDELIST ??= ""
 # set to "alphabetical" for version using single alphabetical character as increment release
 CVE_VERSION_SUFFIX ??= ""
 
-def update_symlinks(target_path, link_path):
-    if link_path != target_path and os.path.exists(target_path):
-        if os.path.exists(os.path.realpath(link_path)):
-            os.remove(link_path)
-        os.symlink(os.path.basename(target_path), link_path)
-
 def generate_json_report(d, out_path, link_path):
     if os.path.exists(d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")):
         import json
-        from oe.cve_check import cve_check_merge_jsons
+        from oe.cve_check import cve_check_merge_jsons, update_symlinks
 
         bb.note("Generating JSON CVE summary")
         index_file = d.getVar("CVE_CHECK_SUMMARY_INDEX_PATH")
@@ -110,6 +104,7 @@ def generate_json_report(d, out_path, link_path):
 python cve_save_summary_handler () {
     import shutil
     import datetime
+    from oe.cve_check import update_symlinks
 
     cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
 
@@ -179,7 +174,7 @@ python cve_check_write_rootfs_manifest () {
     import shutil
     import json
     from oe.rootfs import image_list_installed_packages
-    from oe.cve_check import cve_check_merge_jsons
+    from oe.cve_check import cve_check_merge_jsons, update_symlinks
 
     if d.getVar("CVE_CHECK_COPY_FILES") == "1":
         deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index dc7d2e2826..aa06497727 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -163,3 +163,13 @@ def cve_check_merge_jsons(output, data):
             return
 
     output["package"].append(data["package"][0])
+
+def update_symlinks(target_path, link_path):
+    """
+    Update a symbolic link link_path to point to target_path.
+    Remove the link and recreate it if exist and is different.
+    """
+    if link_path != target_path and os.path.exists(target_path):
+        if os.path.exists(os.path.realpath(link_path)):
+            os.remove(link_path)
+        os.symlink(os.path.basename(target_path), link_path)
-- 
2.25.1

[OE-core][kirkstone 02/22] cve-check: write empty fragment files in the text mode

[Steve Sakoman]

From: Marta Rybczynska <rybczynska@gmail.com>

In the cve-check text mode output, we didn't write fragment
files if there are no CVEs (if CVE_CHECK_REPORT_PATCHED is 1),
or no unpached CVEs otherwise.

However, in a system after multiple builds,
cve_check_write_rootfs_manifest might find older files and use
them as current, what leads to incorrect reporting.

Fix it by always writing a fragment file, even if empty.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1b7877acd0f6e3626faa57d9f89809cfcdfd0f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 3844efcddb..0c5f40b78d 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -435,23 +435,22 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
     if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
         bb.warn("Found unpatched CVE (%s), for more information check %s" % (" ".join(unpatched_cves),cve_file))
 
-    if write_string:
-        with open(cve_file, "w") as f:
-            bb.note("Writing file %s with CVE information" % cve_file)
-            f.write(write_string)
+    with open(cve_file, "w") as f:
+        bb.note("Writing file %s with CVE information" % cve_file)
+        f.write(write_string)
 
-        if d.getVar("CVE_CHECK_COPY_FILES") == "1":
-            deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
-            bb.utils.mkdirhier(os.path.dirname(deploy_file))
-            with open(deploy_file, "w") as f:
-                f.write(write_string)
+    if d.getVar("CVE_CHECK_COPY_FILES") == "1":
+        deploy_file = d.getVar("CVE_CHECK_RECIPE_FILE")
+        bb.utils.mkdirhier(os.path.dirname(deploy_file))
+        with open(deploy_file, "w") as f:
+            f.write(write_string)
 
-        if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
-            cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
-            bb.utils.mkdirhier(cvelogpath)
+    if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+        cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+        bb.utils.mkdirhier(cvelogpath)
 
-            with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
-                f.write("%s" % write_string)
+        with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
+            f.write("%s" % write_string)
 
 def cve_check_write_json_output(d, output, direct_file, deploy_file, manifest_file):
     """
-- 
2.25.1

[OE-core][kirkstone 03/22] cve-check: fix return type in check_cves

[Steve Sakoman]

From: Marta Rybczynska <rybczynska@gmail.com>

Make empty return types in check_cvs the same for all code paths.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f86393c93dec47b24e837d0c4c5761a716ecdbb6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 0c5f40b78d..1b4910f737 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -264,7 +264,7 @@ def check_cves(d, patched_cves):
     products = d.getVar("CVE_PRODUCT").split()
     # If this has been unset then we're not scanning for CVEs here (for example, image recipes)
     if not products:
-        return ([], [], [], {})
+        return ([], [], [], [])
     pv = d.getVar("CVE_VERSION").split("+git")[0]
 
     # If the recipe has been skipped/ignored we return empty lists
-- 
2.25.1

[OE-core][kirkstone 04/22] cve-update-db-native: make it possible to disable database updates

[Steve Sakoman]

From: Marta Rybczynska <rybczynska@gmail.com>

Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.

Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5c2269240327c2a8f93b9e55354698f52c976f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index c8c1cbf115..18af89b53e 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -15,6 +15,7 @@ deltask do_populate_sysroot
 NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
 # CVE database update interval, in seconds. By default: once a day (24*60*60).
 # Use 0 to force the update
+# Use a negative value to skip the update
 CVE_DB_UPDATE_INTERVAL ?= "86400"
 
 python () {
@@ -51,8 +52,9 @@ python do_fetch() {
     try:
         import time
         update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
-        if (update_interval < 0):
-            update_interval = 0
+        if update_interval < 0:
+            bb.note("CVE database update skipped")
+            return
         if time.time() - os.path.getmtime(db_file) < update_interval:
             bb.debug(2, "Recently updated, skipping")
             return
-- 
2.25.1

[OE-core][kirkstone 05/22] cups: upgrade 2.4.1 -> 2.4.2

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

Changelog:
==========
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The cupsFileOpen function no longer opens files for append in read-write
  mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
  closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
- IPP Everywhere queue (Issues #340, #343)
- The lpstat command now reports when the scheduler is not running
  (Issue #352)
- Updated the man pages concerning the -h option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
  "cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
  backend reports it needs authentication info but doesn't set a method for
  authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
  pkg-config is not available (Issue #375)
- Fixed the prototype for the httpWriteResponse function (Issue #380)
- Brought back minimal AIX support (Issue #389)
  cupsGetResponse did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
  interface.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6f4131e73553f47709e19871c23a411275ab3857)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/cups/{cups_2.4.1.bb => cups_2.4.2.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/cups/{cups_2.4.1.bb => cups_2.4.2.bb} (51%)

diff --git a/meta/recipes-extended/cups/cups_2.4.1.bb b/meta/recipes-extended/cups/cups_2.4.2.bb
similarity index 51%
rename from meta/recipes-extended/cups/cups_2.4.1.bb
rename to meta/recipes-extended/cups/cups_2.4.2.bb
index 27c88f82c7..f5ca749bac 100644
--- a/meta/recipes-extended/cups/cups_2.4.1.bb
+++ b/meta/recipes-extended/cups/cups_2.4.2.bb
@@ -2,4 +2,4 @@ require cups.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-SRC_URI[sha256sum] = "c7339f75f8d4f2dec50c673341a45fc06b6885bb6d4366d6bf59a4e6c10ae178"
+SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908"
-- 
2.25.1

[OE-core][kirkstone 06/22] logrotate: upgrade 3.19.0 -> 3.20.1

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

Changelog:
=========
drop world-readable permission on state file even when ACLs are enabled (#446)
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 391fdcf742c4669c1c4654f9b022b3d277aa0038)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../logrotate/{logrotate_3.19.0.bb => logrotate_3.20.1.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/logrotate/{logrotate_3.19.0.bb => logrotate_3.20.1.bb} (97%)

diff --git a/meta/recipes-extended/logrotate/logrotate_3.19.0.bb b/meta/recipes-extended/logrotate/logrotate_3.20.1.bb
similarity index 97%
rename from meta/recipes-extended/logrotate/logrotate_3.19.0.bb
rename to meta/recipes-extended/logrotate/logrotate_3.20.1.bb
index 2a60d9b31f..35977535aa 100644
--- a/meta/recipes-extended/logrotate/logrotate_3.19.0.bb
+++ b/meta/recipes-extended/logrotate/logrotate_3.20.1.bb
@@ -15,7 +15,7 @@ UPSTREAM_CHECK_REGEX = "logrotate-(?P<pver>\d+(\.\d+)+).tar"
 
 SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
 
-SRC_URI[sha256sum] = "ddd5274d684c5c99ca724e8069329f343ebe376e07493d537d9effdc501214ba"
+SRC_URI[sha256sum] = "742f6d6e18eceffa49a4bacd933686d3e42931cfccfb694d7f6369b704e5d094"
 
 # These CVEs are debian, gentoo or SUSE specific on the way logrotate was installed/used
 CVE_CHECK_IGNORE += "CVE-2011-1548 CVE-2011-1549 CVE-2011-1550"
-- 
2.25.1

[OE-core][kirkstone 07/22] glib-2.0: upgrade 2.72.1 -> 2.72.2

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Bugs fixed:

2640 UWP warnings about extensions and verbs with glib 2.72.1
2605 Backport !2449 and !2600 mingw test fixes to glib-2-72
2616 Backport !2615 “Meson: Fix gio-windows-2.0 override name” to glib-2-72
2629 Backport !2626, !2627 minor leak fixes to glib-2-72
2643 Backport !2642 “meson: Check rres.compiled() before calling rres.returncode()” to glib-2-72
2644 Backport !2631 “Cast to guintptr instead of subtracting by null” to glib-2-72
2662 Backport !2654 “gtask: use g_strconcat() in g_task_return() only if needed” to glib-2-72
2691 Backport !2661 “win32appinfo: change log level from warning to debug” to glib-2-72

Translation updates:

Croatian
Danish
English (United Kingdom)
French
Galician
German
Nepali
Portuguese (Brazil)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 780d40c9cc98fd5e9369be974acbbb60d7531a60)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch      | 2 +-
 .../glib-2.0/{glib-2.0_2.72.1.bb => glib-2.0_2.72.2.bb}         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.72.1.bb => glib-2.0_2.72.2.bb} (96%)

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch b/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
index 816b790ce7..fb50fff6a5 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
@@ -1,4 +1,4 @@
-From d52b1b530c5d8a1e70ae45d6e2139e9d3f25207f Mon Sep 17 00:00:00 2001
+From a30eb17c20e070124b55523d86729348f2929f95 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Fri, 11 Mar 2016 15:35:55 +0000
 Subject: [PATCH] glib-2.0: relocate the GIO module directory for native builds
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.1.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.2.bb
similarity index 96%
rename from meta/recipes-core/glib-2.0/glib-2.0_2.72.1.bb
rename to meta/recipes-core/glib-2.0/glib-2.0_2.72.2.bb
index c9ccedd81f..c4a8a4b8ad 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.1.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.2.bb
@@ -19,7 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            "
 SRC_URI:append:class-native = " file://relocate-modules.patch"
 
-SRC_URI[sha256sum] = "c07e57147b254cef92ce80a0378dc0c02a4358e7de4702e9f403069781095fe2"
+SRC_URI[sha256sum] = "78d599a133dba7fe2036dfa8db8fb6131ab9642783fc9578b07a20995252d2de"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.
-- 
2.25.1

[OE-core][kirkstone 08/22] libxkbcommon: upgrade 1.4.0 -> 1.4.1

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

libxkbcommon 1.4.1 - 2022-05-21
==================

- Fix compose sequence overriding (common prefix) not working correctly.
  Regressed in 1.2.0.

- Remove various bogus currency sign (particulary Euro and Korean Won) entries
  from the keysym <-> Unicode mappings. They prevented the real
  keysyms/codepoints for these from mapping correctly.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 75655c8b48b425beb42b23d8e596d3c987047792)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xorg-lib/{libxkbcommon_1.4.0.bb => libxkbcommon_1.4.1.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-lib/{libxkbcommon_1.4.0.bb => libxkbcommon_1.4.1.bb} (94%)

diff --git a/meta/recipes-graphics/xorg-lib/libxkbcommon_1.4.0.bb b/meta/recipes-graphics/xorg-lib/libxkbcommon_1.4.1.bb
similarity index 94%
rename from meta/recipes-graphics/xorg-lib/libxkbcommon_1.4.0.bb
rename to meta/recipes-graphics/xorg-lib/libxkbcommon_1.4.1.bb
index 34652e9c4e..89093e6786 100644
--- a/meta/recipes-graphics/xorg-lib/libxkbcommon_1.4.0.bb
+++ b/meta/recipes-graphics/xorg-lib/libxkbcommon_1.4.1.bb
@@ -9,7 +9,7 @@ DEPENDS = "flex-native bison-native"
 
 SRC_URI = "http://xkbcommon.org/download/${BPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "106cec5263f9100a7e79b5f7220f889bc78e7d7ffc55d2b6fdb1efefb8024031"
+SRC_URI[sha256sum] = "943c07a1e2198026d8102b17270a1f406e4d3d6bbc4ae105b9e1b82d7d136b39"
 
 UPSTREAM_CHECK_URI = "http://xkbcommon.org/"
 
-- 
2.25.1

[OE-core][kirkstone 09/22] gtk+3: upgrade 3.24.33 -> 3.24.34

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Overview of Changes in GTK+ 3.24.34, 05-18-2022
===============================================
* Include legacy hicolor icons
* Fix the build with gcc 12
* MacOS:
 - Restore QUARTZ_RELOCATION support
* X11:
 - Trap errors when getting output properties
* Wayland:
 - Ignore empty preedit updates This fixes a problem with
   textview scrolling
* Translation updates
 Danish
 Dutch
 French
 German
 Hungarian
 Italian
 Kazakh
 Latvian
 Lithuanian
 Norwegian Bokmål
 Swedish

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a652d392a47aa7c0652aac941fb7d550aea192ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-gnome/gtk+/{gtk+3_3.24.33.bb => gtk+3_3.24.34.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-gnome/gtk+/{gtk+3_3.24.33.bb => gtk+3_3.24.34.bb} (89%)

diff --git a/meta/recipes-gnome/gtk+/gtk+3_3.24.33.bb b/meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb
similarity index 89%
rename from meta/recipes-gnome/gtk+/gtk+3_3.24.33.bb
rename to meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb
index fb9e29dd8c..f862e143d4 100644
--- a/meta/recipes-gnome/gtk+/gtk+3_3.24.33.bb
+++ b/meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb
@@ -7,7 +7,7 @@ SRC_URI = "http://ftp.gnome.org/pub/gnome/sources/gtk+/${MAJ_VER}/gtk+-${PV}.tar
            file://0003-Add-disable-opengl-configure-option.patch \
            file://link_fribidi.patch \
            "
-SRC_URI[sha256sum] = "588b06522e25d1579e989b6f9d8a1bdbf2fe13cde01a04e904ff346a225e7801"
+SRC_URI[sha256sum] = "dbc69f90ddc821b8d1441f00374dc1da4323a2eafa9078e61edbe5eeefa852ec"
 
 S = "${WORKDIR}/gtk+-${PV}"
 
-- 
2.25.1

[OE-core][kirkstone 10/22] webkitgtk: upgrade 2.36.1 -> 2.36.3

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This is a bug fix release in the stable 2.36 series.

Support capturing already encoded video streams, which takes advantage of encoding done in hardware by devices which support this feature.
Avoid using experimental GStreamer elements for video demuxing.
Avoid using the legacy GStreamer VA-API decoding plug-ins, which often cause rendering issues and are not much maintained. Their usage can be re-enabled setting WEBKIT_GST_ENABLE_LEGACY_VAAPI=1 in the environment.
Fix playback of YouTube streams which use dynamic ad insertion.
Fix display capture with Pipewire.
Fix the build without the X11 target when X11 headers are not present.
Fix several crashes and rendering issues.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69e1c72417a4ea5594c17ead7bff2f9a0298e6c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../webkit/{webkitgtk_2.36.1.bb => webkitgtk_2.36.3.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-sato/webkit/{webkitgtk_2.36.1.bb => webkitgtk_2.36.3.bb} (98%)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.1.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.3.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.36.1.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.36.3.bb
index 65757c36a7..83b6f8a6ee 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.1.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.3.bb
@@ -17,7 +17,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
            "
 
-SRC_URI[sha256sum] = "0149ea5fb1d20f2a9981677d45c952a047330001ea24a8dc29035239f12c0c8f"
+SRC_URI[sha256sum] = "732fcf8c4ec644b8ed28b46ebbd7c1ebab9d9e0afea9bdf5e5d12786afc478d1"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc
 
-- 
2.25.1

[OE-core][kirkstone 11/22] linux-firmware: package new Qualcomm firmware

[Steve Sakoman]

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

Create separate packages with firmware files for APQ8096 SoC and for
Adreno 2xx/4xx. Include A330 firmware into the 3xx package.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a0cb8f9131d1f238dc150e583a7ff816645765f)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20220509.bb       | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
index 87d2efef12..7da5eca893 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
@@ -307,8 +307,9 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-qcom-license \
              ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
              ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
-             ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \
+             ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
              ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
+             ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
              ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
              ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
              ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
@@ -961,11 +962,15 @@ FILES:${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
 FILES:${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
 FILES:${PN}-qcom-vpu-1.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-1.0/*"
 FILES:${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
-FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
+FILES:${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw"
+FILES:${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
+FILES:${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
 FILES:${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
 FILES:${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
 FILES:${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
 FILES:${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
+FILES:${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
+FILES:${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
 FILES:${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
 FILES:${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
 FILES:${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
@@ -977,11 +982,15 @@ RDEPENDS:${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-vpu-1.0 = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-vpu-2.0 = "${PN}-qcom-license"
+RDEPENDS:${PN}-qcom-adreno-a2xx = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
+RDEPENDS:${PN}-qcom-adreno-a4xx = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
+RDEPENDS:${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
+RDEPENDS:${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-sdm845-audio = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-sdm845-compute = "${PN}-qcom-license"
 RDEPENDS:${PN}-qcom-sdm845-modem = "${PN}-qcom-license"
-- 
2.25.1

[OE-core][kirkstone 12/22] linux-firmware: split ath3k firmware

[Steve Sakoman]

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

Atheros AR3011 Bluetooth devices require special ath3k-1.fw firmware
file. Package it separately from the main linux-firmware package to
allow deploying this firmware on embedded devices.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit a12a5606f4c7003d9a90c493380c656ee557dea5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20220509.bb               | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
index 7da5eca893..6e328e5726 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
@@ -270,7 +270,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-bcm4373 \
              ${PN}-bcm43xx \
              ${PN}-bcm43xx-hdr \
-             ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k \
+             ${PN}-atheros-license ${PN}-ar9170 ${PN}-ath6k ${PN}-ath9k ${PN}-ath3k \
              ${PN}-gplv2-license ${PN}-carl9170 \
              ${PN}-ar3k-license ${PN}-ar3k ${PN}-ath10k-license ${PN}-ath10k ${PN}-ath11k ${PN}-qca \
              \
@@ -320,6 +320,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
 
 # For atheros
 LICENSE:${PN}-ar9170 = "Firmware-atheros_firmware"
+LICENSE:${PN}-ath3k = "Firmware-atheros_firmware"
 LICENSE:${PN}-ath6k = "Firmware-atheros_firmware"
 LICENSE:${PN}-ath9k = "Firmware-atheros_firmware"
 LICENSE:${PN}-atheros-license = "Firmware-atheros_firmware"
@@ -328,6 +329,9 @@ FILES:${PN}-atheros-license = "${nonarch_base_libdir}/firmware/LICENCE.atheros_f
 FILES:${PN}-ar9170 = " \
   ${nonarch_base_libdir}/firmware/ar9170*.fw \
 "
+FILES:${PN}-ath3k = " \
+  ${nonarch_base_libdir}/firmware/ath3k*fw \
+"
 FILES:${PN}-ath6k = " \
   ${nonarch_base_libdir}/firmware/ath6k \
 "
-- 
2.25.1

[OE-core][kirkstone 13/22] patch.py: make sure that patches/series file exists before quilt pop

[Steve Sakoman]

From: Martin Jansa <Martin.Jansa@gmail.com>

* Since quilt upgrade to 0.67 some recipes sometimes fail in do_patch with
  errors like:

  ERROR: Applying patch 'GPLv2.patch' on target directory '/OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/keymaps/1.0-r31'
  CmdError('quilt --quiltrc /OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/keymaps/1.0-r31/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout:
  stderr: File series fully applied, ends at patch GPLv2.patch
  ')

* It affects only recipes with S = "${WORKDIR}", which wipe only
  ${S}/patches, because in other cases whole ${S} is wiped when
  do_unpack is re-executed.

* It was originally added in:
  https://git.openembedded.org/openembedded-core/commit/?id=5fe5e6a15f26f23f0c5b863fafad7a0d382a55e2

  since then it was extended to wipe whole ${S} when ${S} != ${WORKDIR} in:
  https://git.openembedded.org/openembedded-core/commit/?id=5fe5e6a15f26f23f0c5b863fafad7a0d382a55e2
  https://git.openembedded.org/openembedded-core/commit/?id=eccae514b71394ffaed8fc45dea7942152a334a1

  this is now causing issues to quilt-0.67 because it checks that
  ${S}/patches/series exists during 'quilt pop -a -f' which we call
  from QuiltTree.Clean to undo patches possibly already applied
  in ${S} in previous do_patch execution.

* There are couple recipes affected by this e.g. keymaps (.patch already
  removed in oe-core), makedevs (.patch removal sent to ML yesterday
  https://lists.openembedded.org/g/openembedded-core/message/166172),
  devmem2
  (https://lists.openembedded.org/g/openembedded-devel/message/97270), but
  there are other recipes with S = "${WORKDIR}" where you can trigger this
  e.g. by having a .patch file in DISTRO layer .bbappend (e.g. tzdata with
  webOS
  https://github.com/webosose/meta-webosose/blob/06e5298d9f5c47679b679081d9930f8d1c776142/meta-webos/recipes-extended/tzdata/tzdata.bbappend#L10)

  This do_patch issue is caused by:
  https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=8b39a960afcf45cd4f5804ae62b6b0656bdb191d
  introduced in kirkstone with:
  https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=fa71afcee9ab42198c619333b77a15bd2ae02b20

  The shortest sequence to reproduce this is just
  bitbake keymaps -c patch
  bitbake keymaps -c unpack -f
  bitbake keymaps -c patch
  with
  https://git.openembedded.org/openembedded-core/commit/?id=17d981005a0c0c97702ad88602b7181b69bcc9eb
  reverted.

  And the change in quilt behavior is causing QuiltTree.Clean (quilt pop -a -f) in:
  https://git.openembedded.org/openembedded-core/tree/meta/lib/oe/patch.py?id=17d981005a0c0c97702ad88602b7181b69bcc9eb#n601

  to silently fail with "No series file found" before undoing the
  patches in ${S} and then quilt push failing, because all the
  patches are _still_ applied in ${S}.

  Removing ".pc" doesn't help, because we really
  need quilt's help to undo the patches (in this case to delete COPYING
  file from WORKDIR before applying the .patch which tries to add it
  again), because do_unpack cannot just wipe S and start over (because S
  == WORKDIR) - nor selectively removing the files listed in SRC_URI,
  because COPYING file isn't listed there.

  Using skip_series_check in 'quilt pop' (partially reverting the change
  from upstream) does fix this as well and it's simple one line patch
  (just adding skip_series_check=1 in pop.in), but might be difficult
  to upstream, because it's this strange OE specific behavior that we
  remove 'patches' directory and then still need quilt pop to work.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9d36882044b1c633d8611a77df54cd68c9bee25)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/patch.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 9034fcae03..95b915a6ab 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -598,6 +598,8 @@ class QuiltTree(PatchSet):
 
     def Clean(self):
         try:
+            # make sure that patches/series file exists before quilt pop to keep quilt-0.67 happy
+            open(os.path.join(self.dir, "patches","series"), 'a').close()
             self._runcmd(["pop", "-a", "-f"])
             oe.path.remove(os.path.join(self.dir, "patches","series"))
         except Exception:
-- 
2.25.1

[OE-core][kirkstone 14/22] openssl: Backport fix for ptest cert expiry

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

ptests in in openssl have started failing as one of the test certificates has
expired. Backport a fix for this from upstream, replacing the test
certificate to allow the ptests to pass again.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f26f0b34f12bbca2beed153da402a3594d127374)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 +++++++++++++++++++
 .../openssl/openssl_3.0.3.bb                  |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch b/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
new file mode 100644
index 0000000000..0249d4181b
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
@@ -0,0 +1,55 @@
+From 770aea88c3888cc5cb3ebc94ffcef706c68bc1d2 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 1 Jun 2022 12:06:33 +0200
+Subject: [PATCH] Update expired SCT issuer certificate
+
+Fixes #15179
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/18444)
+
+Upstream-Status: Backport
+[Fixes ptest failures in OE-Core]
+---
+ test/certs/embeddedSCTs1_issuer.pem | 30 ++++++++++++++---------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
+index 1fa449d5a098..6aa9455f09ed 100644
+--- a/test/certs/embeddedSCTs1_issuer.pem
++++ b/test/certs/embeddedSCTs1_issuer.pem
+@@ -1,18 +1,18 @@
+ -----BEGIN CERTIFICATE-----
+-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
++MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+ MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
+-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
+-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
+-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
+-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
+-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
+-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
+-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
+-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
+-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
+-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
+-OwqULg==
++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
++ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
++YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
++gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
++0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
++SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
++acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
++wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
++CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
++MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
++AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
+++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
++2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
++Doud4XrO
+ -----END CERTIFICATE-----
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.3.bb b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb
index fd88ae807d..35a62755ad 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.3.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.3.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           file://770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
-- 
2.25.1

[OE-core][kirkstone 15/22] gcc: depend on zstd-native

[Steve Sakoman]

From: Jeremy Puhlman <jpuhlman@mvista.com>

Sharing sstate cache binaries between two systems, one with libzstd installed
and the other without, leads to various gcc components being linked against
the system libzstd and failing to run on the system with out it installed.

Make zstd-native from our system available.

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2b0a6f03137f24b211c8881cebf65732e550a942)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-11.3.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.3.inc
index b1ef9d25af..acbb43a25f 100644
--- a/meta/recipes-devtools/gcc/gcc-11.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.3.inc
@@ -11,7 +11,7 @@ BINV = "11.3.0"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
 
 DEPENDS =+ "mpfr gmp libmpc zlib flex-native"
-NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native flex-native"
+NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native flex-native zstd-native"
 
 LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
 
-- 
2.25.1

[OE-core][kirkstone 16/22] gcc-cross-canadian: Add nativesdk-zstd dependency

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

To match the changes to gcc-cross, add a nativesdk-zstd dependency to ensure
our configurations match.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c145e00710fe557b5a3832fdc556ad53434b3615)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-cross-canadian.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
index 168486bd4e..a87b446c4f 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
@@ -175,7 +175,7 @@ do_install () {
 }
 
 ELFUTILS = "nativesdk-elfutils"
-DEPENDS += "nativesdk-gmp nativesdk-mpfr nativesdk-libmpc ${ELFUTILS} nativesdk-zlib"
+DEPENDS += "nativesdk-gmp nativesdk-mpfr nativesdk-libmpc ${ELFUTILS} nativesdk-zlib nativesdk-zstd"
 RDEPENDS:${PN} += "nativesdk-mpfr nativesdk-libmpc ${ELFUTILS}"
 
 SYSTEMHEADERS = "${target_includedir}/"
-- 
2.25.1

[OE-core][kirkstone 17/22] perl: Fix build with gcc-12

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

Fix the build failure when debug build is enabled.
Add DEBUG_BUILD = "1" in conf/local.conf.
 $ bitbake perl
  | In function 'dynprep',
    inlined from 'S_sortsv_flags_impl' at pp_sort.c:358:20,
    inlined from 'sortsv_amagic_i_ncmp' at pp_sort.c:572:5:
  |  pp_sort.c:1232:1: error: inlining failed in call to 'always_inline' 'S_amagic_i_ncmp': function not considered for inlining
  | 1232 | S_amagic_i_ncmp(pTHX_ SV *const a, SV *const b)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 880296e68cfd92cfd4c9474972c8d8e6f21a2a40)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../files/0001-Fix-build-with-gcc-12.patch    | 143 ++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.34.1.bb     |   1 +
 2 files changed, 144 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/files/0001-Fix-build-with-gcc-12.patch

diff --git a/meta/recipes-devtools/perl/files/0001-Fix-build-with-gcc-12.patch b/meta/recipes-devtools/perl/files/0001-Fix-build-with-gcc-12.patch
new file mode 100644
index 0000000000..1d98e1389b
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/0001-Fix-build-with-gcc-12.patch
@@ -0,0 +1,143 @@
+From ee957eb9e4ec29a462cdbb2f3bbe29d4270534ef Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Thu, 2 Jun 2022 13:01:37 +0800
+Subject: [PATCH] proto.h: Fix build with gcc-12
+
+Fixes:
+  In function 'dynprep',
+    inlined from 'S_sortsv_flags_impl' at pp_sort.c:358:20,
+    inlined from 'sortsv_amagic_i_ncmp' at pp_sort.c:572:5:
+    pp_sort.c:1232:1: error: inlining failed in call to 'always_inline' 'S_amagic_i_ncmp': function not considered for inlining
+  1232 | S_amagic_i_ncmp(pTHX_ SV *const a, SV *const b)
+
+Upstream-Status: Submitted [https://github.com/Perl/perl5/pull/19808]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ proto.h | 42 ++++++++++++++----------------------------
+ 1 file changed, 14 insertions(+), 28 deletions(-)
+
+diff --git a/proto.h b/proto.h
+index faca6d1..3a76c04 100644
+--- a/proto.h
++++ b/proto.h
+@@ -5606,50 +5606,43 @@ STATIC SSize_t	S_unpack_rec(pTHX_ struct tempsym* symptr, const char *s, const c
+ #endif
+ #if defined(PERL_IN_PP_SORT_C)
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp(pTHX_ SV *const str1, SV *const str2)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp(pTHX_ SV *const str1, SV *const str2);
+ #define PERL_ARGS_ASSERT_AMAGIC_CMP	\
+ 	assert(str1); assert(str2)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp_desc(pTHX_ SV *const str1, SV *const str2)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp_desc(pTHX_ SV *const str1, SV *const str2);
+ #define PERL_ARGS_ASSERT_AMAGIC_CMP_DESC	\
+ 	assert(str1); assert(str2)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_i_ncmp(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_i_ncmp(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_AMAGIC_I_NCMP	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_i_ncmp_desc(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_i_ncmp_desc(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_AMAGIC_I_NCMP_DESC	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_ncmp(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_ncmp(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_AMAGIC_NCMP	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_ncmp_desc(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_ncmp_desc(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_AMAGIC_NCMP_DESC	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_cmp_desc(pTHX_ SV *const str1, SV *const str2)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_cmp_desc(pTHX_ SV *const str1, SV *const str2);
+ #define PERL_ARGS_ASSERT_CMP_DESC	\
+ 	assert(str1); assert(str2)
+ #endif
+@@ -5671,51 +5664,44 @@ PERL_STATIC_FORCE_INLINE void	S_sortsv_flags_impl(pTHX_ SV** array, size_t num_e
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_sv_i_ncmp(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_sv_i_ncmp(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_SV_I_NCMP	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_sv_i_ncmp_desc(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_sv_i_ncmp_desc(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_SV_I_NCMP_DESC	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_sv_ncmp(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_sv_ncmp(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_SV_NCMP	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_sv_ncmp_desc(pTHX_ SV *const a, SV *const b)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_sv_ncmp_desc(pTHX_ SV *const a, SV *const b);
+ #define PERL_ARGS_ASSERT_SV_NCMP_DESC	\
+ 	assert(a); assert(b)
+ #endif
+ 
+ #  if defined(USE_LOCALE_COLLATE)
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp_locale(pTHX_ SV *const str1, SV *const str2)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp_locale(pTHX_ SV *const str1, SV *const str2);
+ #define PERL_ARGS_ASSERT_AMAGIC_CMP_LOCALE	\
+ 	assert(str1); assert(str2)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp_locale_desc(pTHX_ SV *const str1, SV *const str2)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_amagic_cmp_locale_desc(pTHX_ SV *const str1, SV *const str2);
+ #define PERL_ARGS_ASSERT_AMAGIC_CMP_LOCALE_DESC	\
+ 	assert(str1); assert(str2)
+ #endif
+ 
+ #ifndef PERL_NO_INLINE_FUNCTIONS
+-PERL_STATIC_FORCE_INLINE I32	S_cmp_locale_desc(pTHX_ SV *const str1, SV *const str2)
+-			__attribute__always_inline__;
++PERL_STATIC_FORCE_INLINE I32	S_cmp_locale_desc(pTHX_ SV *const str1, SV *const str2);
+ #define PERL_ARGS_ASSERT_CMP_LOCALE_DESC	\
+ 	assert(str1); assert(str2)
+ #endif
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/perl/perl_5.34.1.bb b/meta/recipes-devtools/perl/perl_5.34.1.bb
index 0e9d0c032e..4b9d2e2c50 100644
--- a/meta/recipes-devtools/perl/perl_5.34.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
            file://0002-Constant-Fix-up-shebang.patch \
            file://determinism.patch \
            file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
+           file://0001-Fix-build-with-gcc-12.patch \
            "
 SRC_URI:append:class-native = " \
            file://perl-configpm-switch.patch \
-- 
2.25.1

[OE-core][kirkstone 18/22] kernel-yocto.bbclass: Reset to exiting on non-zero return code at end of task

[Steve Sakoman]

From: Stefan Wiehler <stefan.wiehler@nokia.com>

Several tasks deactivate exiting on non-zero return codes via set +e because
they run subcommands that have legitimate non-zero return codes. However when
appending to those tasks, this behavior is not expected and can lead to builds
silently proceeding in case of an error. Therefore reset the default behavior
at the end of the respective tasks via set -e.

Signed-off-by: Stefan Wiehler <stefan.wiehler@nokia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 83a6f28d2e464f00202090e998a63045adba9e4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-yocto.bbclass | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index 4cb638864c..afccffcf17 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -310,6 +310,8 @@ do_kernel_metadata() {
 		bbnote "KERNEL_FEATURES: $KERNEL_FEATURES_FINAL"
 		bbnote "Final scc/cfg list: $sccs_defconfig $bsp_definition $sccs $KERNEL_FEATURES_FINAL"
 	fi
+
+	set -e
 }
 
 do_patch() {
@@ -339,6 +341,8 @@ do_patch() {
 			fi
 		done
 	fi
+
+	set -e
 }
 
 do_kernel_checkout() {
@@ -397,6 +401,8 @@ do_kernel_checkout() {
 		git commit -q -m "baseline commit: creating repo for ${PN}-${PV}"
 		git clean -d -f
 	fi
+
+	set -e
 }
 do_kernel_checkout[dirs] = "${S} ${WORKDIR}"
 
@@ -691,6 +697,8 @@ do_validate_branches() {
 			kgit-s2q --clean
 		fi
 	fi
+
+	set -e
 }
 
 OE_TERMINAL_EXPORTS += "KBUILD_OUTPUT"
-- 
2.25.1

[OE-core][kirkstone 19/22] alsa-plugins: fix libavtp vs. avtp packageconfig

[Steve Sakoman]

From: Marcel Ziswiler <marcel.ziswiler@toradex.com>

Fix PACKAGECONFIG to refer to libavtp instead of avtp as this is what
the project and everything is really called everywhere.

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8824d91fe2063195014c38c134b97946d3b429c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/alsa/alsa-plugins_1.2.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/alsa/alsa-plugins_1.2.6.bb b/meta/recipes-multimedia/alsa/alsa-plugins_1.2.6.bb
index c435f61d4c..560fd80f0b 100644
--- a/meta/recipes-multimedia/alsa/alsa-plugins_1.2.6.bb
+++ b/meta/recipes-multimedia/alsa/alsa-plugins_1.2.6.bb
@@ -34,7 +34,7 @@ PACKAGECONFIG ??= "\
         speexdsp \
         ${@bb.utils.filter('DISTRO_FEATURES', 'pulseaudio', d)} \
 "
-PACKAGECONFIG[aaf] = "--enable-aaf,--disable-aaf,avtp"
+PACKAGECONFIG[aaf] = "--enable-aaf,--disable-aaf,libavtp"
 PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack"
 PACKAGECONFIG[libav] = "--enable-libav,--disable-libav,libav"
 PACKAGECONFIG[maemo-plugin] = "--enable-maemo-plugin,--disable-maemo-plugin"
-- 
2.25.1

[OE-core][kirkstone 20/22] libseccomp: Correct LIC_FILES_CHKSUM

[Steve Sakoman]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

Previously, only the first line of the LICENSE file was included,
which only covered the license name and thus would not detect a change
to the version (or anything else for that matter).

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ac45755dffc611fb46f5cd1c07f4876d3094893)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/libseccomp/libseccomp_2.5.3.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb
index d47200e01c..4c0fb1d7b3 100644
--- a/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb
+++ b/meta/recipes-support/libseccomp/libseccomp_2.5.3.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "The libseccomp library provides and easy to use, platform indepen
 HOMEPAGE = "https://github.com/seccomp/libseccomp"
 SECTION = "security"
 LICENSE = "LGPL-2.1-only"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7c13b3376cea0ce68d2d2da0a1b3a72c"
 
 DEPENDS += "gperf-native"
 
-- 
2.25.1

[OE-core][kirkstone 21/22] license.bbclass: Bound beginline and endline in copy_license_files()

[Steve Sakoman]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

Ensure that begin_idx (i.e., beginline - 1) and end_idx (i.e.,
endline) are positive numbers in copy_license_files(). This makes sure
the same lines are copied as populate_lic_qa_checksum() uses when it
calculates the checksum. Before, beginline=0 would typically lead to
that no lines were copied at all.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ab3cc3651d08d226675c461da760cda0bb6c0ce0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/license.bbclass | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index 0c637e966e..4ebfc4fb92 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -84,17 +84,17 @@ def copy_license_files(lic_files_paths, destdir):
                     os.link(src, dst)
                 except OSError as err:
                     if err.errno == errno.EXDEV:
-                        # Copy license files if hard-link is not possible even if st_dev is the
+                        # Copy license files if hardlink is not possible even if st_dev is the
                         # same on source and destination (docker container with device-mapper?)
                         canlink = False
                     else:
                         raise
-                # Only chown if we did hardling, and, we're running under pseudo
+                # Only chown if we did hardlink and we're running under pseudo
                 if canlink and os.environ.get('PSEUDO_DISABLED') == '0':
                     os.chown(dst,0,0)
             if not canlink:
-                begin_idx = int(beginline)-1 if beginline is not None else None
-                end_idx = int(endline) if endline is not None else None
+                begin_idx = max(0, int(beginline) - 1) if beginline is not None else None
+                end_idx = max(0, int(endline)) if endline is not None else None
                 if begin_idx is None and end_idx is None:
                     shutil.copyfile(src, dst)
                 else:
-- 
2.25.1

[OE-core][kirkstone 22/22] rootfs.py: find .ko.zst kernel modules

[Steve Sakoman]

From: Sean Anderson <sean.anderson@seco.com>

With CONFIG_MODULE_COMPRESS_ZSTD enabled, kernel modules will have a
.ko.zst extension. This fixes depmod not being run.

Fixes: 1b696a45ddb ("rootfs.py: Add check for kernel modules before running depmod")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 425efac7110f0f42d70643e0a448e834d0f01a7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/rootfs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/rootfs.py b/meta/lib/oe/rootfs.py
index 98cf3f244d..61ccf369f1 100644
--- a/meta/lib/oe/rootfs.py
+++ b/meta/lib/oe/rootfs.py
@@ -311,7 +311,7 @@ class Rootfs(object, metaclass=ABCMeta):
     def _check_for_kernel_modules(self, modules_dir):
         for root, dirs, files in os.walk(modules_dir, topdown=True):
             for name in files:
-                found_ko = name.endswith((".ko", ".ko.gz", ".ko.xz"))
+                found_ko = name.endswith((".ko", ".ko.gz", ".ko.xz", ".ko.zst"))
                 if found_ko:
                     return found_ko
         return False
-- 
2.25.1

[OE-core][kirkstone 00/22] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5050

The following changes since commit 9e8cbf46fe6e4e257b76b228de56d4a891199896:

  nghttp2: never build python bindings (2023-03-06 04:10:00 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bruce Ashfield (3):
  linux-yocto/5.15: update to v5.15.94
  linux-yocto/5.15: update to v5.15.96
  linux-yocto-rt/5.15: update to -rt59

Chee Yang Lee (1):
  tiff: fix multiple CVEs

Ming Liu (1):
  linux: inherit pkgconfig in kernel.bbclass

Narpat Mali (1):
  libmicrohttpd: upgrade 0.9.75 -> 0.9.76

Peter Marko (1):
  systemd: add group sgx to udev package

Poonam (1):
  python3-setuptools-rust-native: Add direct dependency of native
    python3 modules

Richard Purdie (2):
  binutils: Fix nativesdk ld.so search
  oeqa/selftest/prservice: Improve debug output for failure

Ross Burton (2):
  shadow: ignore CVE-2016-15024
  vim: add missing pkgconfig inherit

Shubham Kulkarni (1):
  glibc: Security fix for CVE-2023-0687

Siddharth Doshi (2):
  epiphany: Security fix for CVE-2023-26081
  harfbuzz: Security fix for CVE-2023-25193

Tom Hochstein (2):
  meson: Fix wrapper handling of implicit setup command
  oeqa/sdk: Improve Meson test

Vivek Kumbhar (1):
  gnutls: fix CVE-2023-0361 timing side-channel in the TLS RSA key
    exchange code

Wang Mingyu (3):
  iso-codes: upgrade 4.12.0 -> 4.13.0
  lua: Fix install conflict when enable multilib.
  vala: Fix install conflict when enable multilib.

Xiangyu Chen (1):
  sudo: update 1.9.12p2 -> 1.9.13p3

 meta-selftest/files/static-group              |   1 +
 meta/classes/kernel.bbclass                   |   2 +-
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |   2 +-
 meta/lib/oeqa/selftest/cases/prservice.py     |   2 +-
 .../glibc/glibc/CVE-2023-0687.patch           |  82 ++++++++
 meta/recipes-core/glibc/glibc_2.35.bb         |   1 +
 meta/recipes-core/systemd/systemd_250.5.bb    |   2 +-
 ...dk-Search-for-alternative-ld.so.conf.patch |   2 +-
 meta/recipes-devtools/lua/lua_5.4.4.bb        |   3 +
 .../meson/meson/meson-wrapper                 |  17 +-
 .../python3-setuptools-rust-native_1.1.2.bb   |   4 +-
 meta/recipes-devtools/vala/vala.inc           |   5 +-
 meta/recipes-extended/shadow/shadow_4.11.1.bb |   3 +
 ...o.conf.in-fix-conflict-with-multilib.patch |  21 +-
 meta/recipes-extended/sudo/sudo.inc           |   2 +-
 .../{sudo_1.9.12p2.bb => sudo_1.9.13p3.bb}    |   2 +-
 meta/recipes-gnome/epiphany/epiphany_42.4.bb  |   1 +
 .../epiphany/files/CVE-2023-26081.patch       |  90 +++++++++
 .../harfbuzz/CVE-2023-25193-pre1.patch        | 135 +++++++++++++
 .../harfbuzz/harfbuzz/CVE-2023-25193.patch    | 185 ++++++++++++++++++
 .../harfbuzz/harfbuzz_4.0.1.bb                |   4 +-
 meta/recipes-kernel/linux/linux-yocto-dev.bb  |   2 -
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto.inc     |   1 -
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +--
 .../libtiff/tiff/CVE-2022-48281.patch         |  26 +++
 .../CVE-2023-0800_0801_0802_0803_0804.patch   | 128 ++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   2 +
 .../gnutls/gnutls/CVE-2023-0361.patch         |  85 ++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   1 +
 ...so-codes_4.12.0.bb => iso-codes_4.13.0.bb} |   2 +-
 ...ttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} |   2 +-
 meta/recipes-support/vim/vim.inc              |   2 +-
 34 files changed, 799 insertions(+), 56 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-0687.patch
 rename meta/recipes-extended/sudo/{sudo_1.9.12p2.bb => sudo_1.9.13p3.bb} (96%)
 create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
 create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193-pre1.patch
 create mode 100644 meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-48281.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-0800_0801_0802_0803_0804.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
 rename meta/recipes-support/iso-codes/{iso-codes_4.12.0.bb => iso-codes_4.13.0.bb} (94%)
 rename meta/recipes-support/libmicrohttpd/{libmicrohttpd_0.9.75.bb => libmicrohttpd_0.9.76.bb} (91%)

-- 
2.34.1

[OE-core][kirkstone 00/22] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, February 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6610

The following changes since commit 59cc2e75c15f8c6371a4c4a3b7bd2e6c3f145fbc:

  Revert "kernel: fix localversion in v6.3+" (2024-02-15 15:45:23 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  runqemu: direct mesa to use its own drivers, rather than ones provided
    by host distro

Bruce Ashfield (13):
  linux-yocto/5.10: update to v5.10.203
  linux-yocto/5.10: update to v5.10.205
  linux-yocto/5.10: update to v5.10.206
  linux-yocto/5.10: update to v5.10.209
  linux-yocto/5.15: update to v5.15.141
  linux-yocto/5.15: update to v5.15.142
  linux-yocto/5.15: update to v5.15.145
  linux-yocto/5.15: update to v5.15.146
  linux-yocto/5.15: update CVE exclusions
  linux-yocto/5.15: update to v5.15.147
  linux-yocto/5.15: update CVE exclusions
  linux-yocto/5.15: update to v5.15.148
  linux-yocto/5.15: update CVE exclusions

Fabien Mahot (1):
  ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an
    ELF file

Hugo SIMELIERE (1):
  libuv: fix CVE-2024-24806

Ming Liu (1):
  go: add a complementary fix for CVE-2023-29406

Ross Burton (2):
  curl: don't enable debug builds
  oeqa/selftest/runtime_test: only run the virgl tests on qemux86-64

Steve Sakoman (1):
  cve-exclusion_5.10.inc: update for 5.10.209

Tim Orling (1):
  vim: upgrade v9.0.2130 -> v9.0.2190

Zahir Hussain (1):
  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

 meta/lib/oeqa/selftest/cases/runtime_test.py  |   5 +-
 .../libuv/libuv/CVE-2024-24806-1.patch        |  56 +++
 .../libuv/libuv/CVE-2024-24806-2.patch        |  44 +++
 .../libuv/libuv/CVE-2024-24806-3.patch        |  31 ++
 .../libuv/libuv_1.44.2.bb                     |   6 +-
 ...-.dynstr-located-in-separate-segment.patch | 178 +++++++++
 .../glibc/ldconfig-native_2.12.1.bb           |   1 +
 .../cmake/cmake/OEToolchainConfig.cmake       |   3 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   3 +-
 ...023-29406.patch => CVE-2023-29406-1.patch} |   0
 .../go/go-1.18/CVE-2023-29406-2.patch         | 114 ++++++
 .../linux/cve-exclusion_5.10.inc              | 199 +++++++++-
 .../linux/cve-exclusion_5.15.inc              | 372 ++++++++++++++++--
 .../linux/linux-yocto-rt_5.10.bb              |   6 +-
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |   8 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 meta/recipes-support/curl/curl_7.82.0.bb      |   4 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/runqemu                               |  34 +-
 22 files changed, 1013 insertions(+), 117 deletions(-)
 create mode 100644 meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch
 create mode 100644 meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch
 create mode 100644 meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-3.patch
 create mode 100644 meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig-handle-.dynstr-located-in-separate-segment.patch
 rename meta/recipes-devtools/go/go-1.18/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406-2.patch

-- 
2.34.1

[OE-core][kirkstone 00/22] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7324

The following changes since commit c40a3fec49942ac6d25ba33e57e801a550e252c9:

  build-appliance-image: Update to kirkstone head revision (2024-09-07 05:39:34 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexandre Belloni (1):
  cve-exclusion: Drop the version comparision/warning

Archana Polampalli (3):
  expat: fix CVE-2024-45490
  expat: fix CVE-2024-45491
  expat: fix CVE-2024-45492

Bruce Ashfield (6):
  linux-yocto/5.10: update to v5.10.216
  linux-yocto/5.10: remove obsolete options
  linux-yocto/5.10: update to v5.10.223
  linux-yocto/5.10: fix NFSV3 config warning
  linux-yocto/5.15: update to v5.15.165
  linux-yocto/5.15: update to v5.15.166

Hitendra Prajapati (1):
  python3: fix CVE-2023-27043

Hugo SIMELIERE (1):
  python3: CVE-2024-6232 CVE-2024-7592 fixes

Niko Mauno (6):
  iw: Fix LICENSE
  dejagnu: Fix LICENSE
  unzip: Fix LICENSE
  zip: Fix LICENSE
  tiff: Fix LICENSE
  gcr: Fix LICENSE

Richard Purdie (2):
  ruby: Make docs generation deterministic
  libedit: Make docs generation deterministic

Siddharth Doshi (1):
  openssl: Upgrade 3.0.14 -> 3.0.15

Vijay Anusuri (1):
  qemu: Backport fix for CVE-2024-4467

 meta/recipes-connectivity/iw/iw_5.16.bb       |    2 +-
 .../openssl/openssl/CVE-2024-5535_1.patch     |  115 --
 .../openssl/openssl/CVE-2024-5535_2.patch     |   44 -
 .../openssl/openssl/CVE-2024-5535_3.patch     |   84 --
 .../openssl/openssl/CVE-2024-5535_4.patch     |  178 ---
 .../openssl/openssl/CVE-2024-5535_5.patch     | 1175 -----------------
 .../openssl/openssl/CVE-2024-5535_6.patch     |   45 -
 .../openssl/openssl/CVE-2024-5535_7.patch     |   68 -
 .../openssl/openssl/CVE-2024-5535_8.patch     |  273 ----
 .../openssl/openssl/CVE-2024-5535_9.patch     |  205 ---
 .../{openssl_3.0.14.bb => openssl_3.0.15.bb}  |   13 +-
 .../expat/expat/CVE-2024-45490-0001.patch     |   35 +
 .../expat/expat/CVE-2024-45490-0002.patch     |  250 ++++
 .../expat/expat/CVE-2024-45490-0003.patch     |   91 ++
 .../expat/expat/CVE-2024-45490-0004.patch     |   49 +
 .../expat/expat/CVE-2024-45491.patch          |   39 +
 .../expat/expat/CVE-2024-45492.patch          |   38 +
 meta/recipes-core/expat/expat_2.5.0.bb        |    6 +
 .../recipes-devtools/dejagnu/dejagnu_1.6.3.bb |    2 +-
 .../libedit/libedit_20210910-3.1.bb           |    7 +
 .../python/python3/CVE-2023-27043.patch       |  510 +++++++
 .../python/python3/CVE-2024-6232.patch        |  251 ++++
 .../python/python3/CVE-2024-7592.patch        |  140 ++
 .../python/python3_3.10.14.bb                 |    3 +
 meta/recipes-devtools/qemu/qemu.inc           |    5 +
 .../qemu/qemu/CVE-2024-4467-0001.patch        |  214 +++
 .../qemu/qemu/CVE-2024-4467-0002.patch        |   73 +
 .../qemu/qemu/CVE-2024-4467-0003.patch        |   76 ++
 .../qemu/qemu/CVE-2024-4467-0004.patch        |  571 ++++++++
 .../qemu/qemu/CVE-2024-4467-0005.patch        |  265 ++++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |    1 +
 meta/recipes-extended/unzip/unzip_6.0.bb      |    2 +-
 meta/recipes-extended/zip/zip_3.0.bb          |    2 +-
 meta/recipes-gnome/gcr/gcr_3.40.0.bb          |    2 +-
 .../linux/cve-exclusion_5.10.inc              |   14 +-
 .../linux/cve-exclusion_5.15.inc              |   14 +-
 .../linux/linux-yocto-rt_5.10.bb              |    6 +-
 .../linux/linux-yocto-rt_5.15.bb              |    6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |    8 +-
 .../linux/linux-yocto-tiny_5.15.bb            |    6 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |   24 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |   26 +-
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |    2 +-
 43 files changed, 2684 insertions(+), 2256 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.14.bb => openssl_3.0.15.bb} (94%)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-45490-0001.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-45490-0002.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-45490-0003.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-45490-0004.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-45491.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-45492.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2023-27043.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2024-6232.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch

-- 
2.34.1

[OE-core][kirkstone 00/22] Patch review

[Steve Sakoman]

Please review this set of hcanges for kirkstone and have comments back by
end of day Thursday, February 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1076

The following changes since commit 573f5b2d8fec9f8a4ed17e836ef3feeb6de62e5a:

  procps: replaced one use of fputs(3) with a write(2) call (2025-02-19 06:43:20 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (5):
  gstreamer1.0-rtsp-server: fix CVE-2024-44331
  ffmpeg: fix CVE-2024-36618
  ffmpeg: fix CVE-2024-28661
  ffmpeg: fix CVE-2024-35369
  ffmpeg: fix CVE-2025-25473

Carlos Dominguez (1):
  u-boot: Fix CVE-2022-30767

Divya Chellam (1):
  vim: Upgrade 9.1.0764 -> 9.1.1043

Hitendra Prajapati (1):
  libcap: fix CVE-2025-1390

Hongxu Jia (6):
  u-boot: fix CVE-2024-57254
  u-boot: fix CVE-2024-57255
  u-boot: fix CVE-2024-57256
  u-boot: fix CVE-2024-57257
  u-boot: fix CVE-2024-57258
  u-boot: fix CVE-2024-57259

Kai Kang (2):
  Revert "ovmf: Fix CVE-2023-45237"
  Revert "ovmf: Fix CVE-2023-45236"

Peter Marko (5):
  libxml2: fix compilation of explicit child axis in pattern
  libxml2: patch CVE-2024-56171
  libxml2: patch CVE-2025-24928
  ffmpeg: ignore 5 CVEs
  ffmpeg: ignore CVE-2024-7272

Sakib Sajal (1):
  u-boot: fix CVE-2022-2347 and CVE-2022-30790

 .../u-boot/files/0001-CVE-2022-30767.patch    |   44 +
 .../u-boot/files/CVE-2022-2347_1.patch        |  129 ++
 .../u-boot/files/CVE-2022-2347_2.patch        |   66 +
 .../u-boot/files/CVE-2022-30790.patch         |  149 ++
 .../u-boot/files/CVE-2024-57254.patch         |   47 +
 .../u-boot/files/CVE-2024-57255.patch         |   53 +
 .../u-boot/files/CVE-2024-57256.patch         |   51 +
 .../u-boot/files/CVE-2024-57257.patch         |  228 +++
 .../u-boot/files/CVE-2024-57258-1.patch       |   47 +
 .../u-boot/files/CVE-2024-57258-2.patch       |   43 +
 .../u-boot/files/CVE-2024-57258-3.patch       |   40 +
 .../u-boot/files/CVE-2024-57259.patch         |   41 +
 meta/recipes-bsp/u-boot/u-boot_2022.01.bb     |   12 +
 ...x-compilation-of-explicit-child-axis.patch |   31 +
 .../libxml/libxml2/CVE-2024-56171.patch       |   42 +
 .../libxml/libxml2/CVE-2025-24928.patch       |   58 +
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |    3 +
 .../ovmf/ovmf/CVE-2023-45236.patch            |  829 -----------
 .../ovmf/ovmf/CVE-2023-45237-0001.patch       |   78 -
 .../ovmf/ovmf/CVE-2023-45237-0002.patch       | 1288 -----------------
 meta/recipes-core/ovmf/ovmf_git.bb            |    3 -
 .../ffmpeg/ffmpeg/CVE-2024-28661.patch        |   40 +
 .../ffmpeg/ffmpeg/CVE-2024-35369.patch        |   38 +
 .../ffmpeg/ffmpeg/CVE-2024-36618.patch        |   36 +
 .../ffmpeg/ffmpeg/CVE-2025-25473.patch        |   36 +
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |   27 +
 .../CVE-2024-44331.patch                      |   44 +
 .../gstreamer1.0-rtsp-server_1.20.7.bb        |    4 +-
 .../libcap/files/CVE-2025-1390.patch          |   36 +
 meta/recipes-support/libcap/libcap_2.66.bb    |    1 +
 meta/recipes-support/vim/vim.inc              |    4 +-
 31 files changed, 1347 insertions(+), 2201 deletions(-)
 create mode 100644 meta/recipes-bsp/u-boot/files/0001-CVE-2022-30767.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2022-2347_1.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2022-2347_2.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2022-30790.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57254.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57255.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57256.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57257.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57258-1.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57258-2.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57258-3.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-57259.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/0001-pattern-Fix-compilation-of-explicit-child-axis.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-56171.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-24928.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2023-45236.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2023-45237-0001.patch
 delete mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2023-45237-0002.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25473.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
 create mode 100644 meta/recipes-support/libcap/files/CVE-2025-1390.patch

-- 
2.43.0