[OE-core][kirkstone 00/15] Patch review

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3799

The following changes since commit 0f7a8359ba370c7f5d5153453ed699e9566f5b1d:

  rootfs.py: close kernel_abi_ver_file (2022-06-10 05:13:53 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Jack Mitchell (1):
  meson.bbclass: add cython binary to cross/native toolchain config

Jose Quaresma (2):
  archiver: use bb.note instead of echo
  archiver: don't use machine variables in shared recipes

Kai Kang (1):
  xxhash: fix build with gcc 12

Mingli Yu (1):
  oescripts: change compare logic in OEListPackageconfigTests

Pavel Zhukov (1):
  systemd: update 0008-add-missing-FTW_-macros-for-musl.patch

Rasmus Villemoes (1):
  e2fsprogs: add alternatives handling of lsattr as well

Richard Purdie (5):
  vim: Upgrade 8.2.5034 -> 8.2.5083
  uboot-sign: Fix potential index error issues
  selftest/multiconfig: Test that multiconfigs in separate layers works
  gcc-source: Fix incorrect task dependencies from ${B}
  liberror-perl: Update sstate/equiv versions to clean cache

Xiaobing Luo (1):
  devtool: Fix _copy_file() TypeError

Yi Zhao (2):
  popt: fix override syntax in RDEPENDS
  git: fix override syntax in RDEPENDS

 meta-selftest/conf/multiconfig/muslmc.conf          |  2 ++
 meta/classes/archiver.bbclass                       | 11 ++++++++---
 meta/classes/meson.bbclass                          |  2 ++
 meta/classes/uboot-sign.bbclass                     |  2 ++
 meta/lib/oeqa/selftest/cases/multiconfig.py         | 13 +++++++++++++
 meta/lib/oeqa/selftest/cases/oescripts.py           |  3 ++-
 .../0008-add-missing-FTW_-macros-for-musl.patch     |  8 ++++----
 meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb |  5 ++++-
 meta/recipes-devtools/gcc/gcc-common.inc            |  2 +-
 meta/recipes-devtools/gcc/gcc-source.inc            |  1 +
 meta/recipes-devtools/git/git_2.35.3.bb             |  2 +-
 meta/recipes-devtools/perl/liberror-perl_0.17029.bb |  4 ++++
 meta/recipes-support/popt/popt_1.18.bb              |  2 +-
 meta/recipes-support/vim/vim.inc                    |  4 ++--
 meta/recipes-support/xxhash/xxhash_0.8.1.bb         |  2 ++
 scripts/lib/devtool/standard.py                     |  2 +-
 16 files changed, 50 insertions(+), 15 deletions(-)
 create mode 100644 meta-selftest/conf/multiconfig/muslmc.conf

-- 
2.25.1

[OE-core][kirkstone 01/15] vim: Upgrade 8.2.5034 -> 8.2.5083

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Includes fixes for CVE-2022-1927, CVE-2022-1942.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e740b5c2227c0040621ae63436d06db4873670f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index b22e8016ab..06707dbe11 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -21,8 +21,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://racefix.patch \
            "
 
-PV .= ".5034"
-SRCREV = "5a6ec10cc80ab02eeff644ab19b82312630ea855"
+PV .= ".5083"
+SRCREV = "db77c49401145d76441fbb3d22a1d7d987681c13"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.25.1

[OE-core][kirkstone 02/15] uboot-sign: Fix potential index error issues

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Someone reported that if some other shell function has left i or j set,
the concat_dtb_helper function could fail. Add a small tweak to avoid this.

[YOCTO #14815]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d219c97bdf5d30be89795fbf9b66ddc367bef384)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/uboot-sign.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 4ca8118eb2..31ffe1f472 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -134,6 +134,8 @@ concat_dtb_helper() {
 
 			if [ -n "${UBOOT_CONFIG}" ]
 			then
+				i=0
+				j=0
 				for config in ${UBOOT_MACHINE}; do
 					i=$(expr $i + 1);
 					for type in ${UBOOT_CONFIG}; do
-- 
2.25.1

[OE-core][kirkstone 03/15] selftest/multiconfig: Test that multiconfigs in separate layers works

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We should test that mutliconfigs from a layer work, not just build/conf.
This adds such a test.

[YOCTO #13566]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2306261fb85d5d03145989c3af9c6897111644ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta-selftest/conf/multiconfig/muslmc.conf  |  2 ++
 meta/lib/oeqa/selftest/cases/multiconfig.py | 13 +++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 meta-selftest/conf/multiconfig/muslmc.conf

diff --git a/meta-selftest/conf/multiconfig/muslmc.conf b/meta-selftest/conf/multiconfig/muslmc.conf
new file mode 100644
index 0000000000..043cd1ccc3
--- /dev/null
+++ b/meta-selftest/conf/multiconfig/muslmc.conf
@@ -0,0 +1,2 @@
+TCLIBC = "musl"
+TMPDIR = "${TOPDIR}/tmp-mc-musl"
diff --git a/meta/lib/oeqa/selftest/cases/multiconfig.py b/meta/lib/oeqa/selftest/cases/multiconfig.py
index baae9b456f..83cbd1345d 100644
--- a/meta/lib/oeqa/selftest/cases/multiconfig.py
+++ b/meta/lib/oeqa/selftest/cases/multiconfig.py
@@ -70,3 +70,16 @@ TMPDIR = "${TOPDIR}/tmp-mc-tiny"
 
         result = bitbake('mc:test:multiconfig-test-parse -c showvar')
         self.assertIn('MCTESTVAR=test2', result.output.splitlines())
+
+    def test_multiconfig_inlayer(self):
+        """
+        Test that a multiconfig from meta-selftest works.
+        """
+
+        config = """
+BBMULTICONFIG = "muslmc"
+"""
+        self.write_config(config)
+
+        # Build a core-image-minimal, only dry run needed to check config is present
+        bitbake('mc:muslmc:bash -n')
-- 
2.25.1

[OE-core][kirkstone 04/15] devtool: Fix _copy_file() TypeError

[Steve Sakoman]

From: Xiaobing Luo <luoxiaobing0926@gmail.com>

when devtool finish, the _copy_file() failed.
--------------------------------------------
TypeError: _copy_file() got an unexpected keyword argument
'base_outdir'
--------------------------------------------

Fixes: 05f2d5d2ce00 ("devtool: finish: add dry-run option")

Signed-off-by: Xiaobing Luo <luoxiaobing0926@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a45d9dc089fb2719ca69b92870917f8c0925f632)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/devtool/standard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 01fb5ad96f..4b50e3c63b 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -353,7 +353,7 @@ def _move_file(src, dst, dry_run_outdir=None, base_outdir=None):
             bb.utils.mkdirhier(dst_d)
         shutil.move(src, dst)
 
-def _copy_file(src, dst, dry_run_outdir=None):
+def _copy_file(src, dst, dry_run_outdir=None, base_outdir=None):
     """Copy a file. Creates all the directory components of destination path."""
     dry_run_suffix = ' (dry-run)' if dry_run_outdir else ''
     logger.debug('Copying %s to %s%s' % (src, dst, dry_run_suffix))
-- 
2.25.1

Re: [OE-core][kirkstone 04/15] devtool: Fix _copy_file() TypeError

[Frieder Schrempf]

Hi Steve,

On 19.06.22 21:30, Steve Sakoman via lists.openembedded.org wrote:
> From: Xiaobing Luo <luoxiaobing0926@gmail.com>
> 
> when devtool finish, the _copy_file() failed.
> --------------------------------------------
> TypeError: _copy_file() got an unexpected keyword argument
> 'base_outdir'
> --------------------------------------------
> 
> Fixes: 05f2d5d2ce00 ("devtool: finish: add dry-run option")
> 
> Signed-off-by: Xiaobing Luo <luoxiaobing0926@gmail.com>
> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit a45d9dc089fb2719ca69b92870917f8c0925f632)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Could you also apply this small fix for dunfell?
Cherry-picking 38f2a7717646 [1] should do.

Thanks
Frieder

[1]
https://git.yoctoproject.org/poky/commit?id=38f2a7717646e68953675757fd7b73c66450c979

Re: [OE-core][kirkstone 04/15] devtool: Fix _copy_file() TypeError

[Steve Sakoman]

On Wed, Jan 25, 2023 at 4:49 AM Frieder Schrempf
<frieder.schrempf@kontron.de> wrote:
>
> Hi Steve,
>
> On 19.06.22 21:30, Steve Sakoman via lists.openembedded.org wrote:
> > From: Xiaobing Luo <luoxiaobing0926@gmail.com>
> >
> > when devtool finish, the _copy_file() failed.
> > --------------------------------------------
> > TypeError: _copy_file() got an unexpected keyword argument
> > 'base_outdir'
> > --------------------------------------------
> >
> > Fixes: 05f2d5d2ce00 ("devtool: finish: add dry-run option")
> >
> > Signed-off-by: Xiaobing Luo <luoxiaobing0926@gmail.com>
> > Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit a45d9dc089fb2719ca69b92870917f8c0925f632)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
>
> Could you also apply this small fix for dunfell?

Yes, I will add this to my test queue.

Thanks!

Steve

[OE-core][kirkstone 05/15] meson.bbclass: add cython binary to cross/native toolchain config

[Steve Sakoman]

From: Jack Mitchell <ml@embed.me.uk>

This allows building Cython based Python modules with the native
meson support which has been present since meson version 0.59.

https://mesonbuild.com/Cython.html

Signed-off-by: Jack Mitchell <ml@embed.me.uk>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1dcb1eb69032c30f5a8faf4d7120fc6c4ecd051)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/meson.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/meson.bbclass b/meta/classes/meson.bbclass
index 0bfe945811..19b54e0fdc 100644
--- a/meta/classes/meson.bbclass
+++ b/meta/classes/meson.bbclass
@@ -59,6 +59,7 @@ do_write_config() {
 [binaries]
 c = ${@meson_array('CC', d)}
 cpp = ${@meson_array('CXX', d)}
+cython = 'cython3'
 ar = ${@meson_array('AR', d)}
 nm = ${@meson_array('NM', d)}
 strip = ${@meson_array('STRIP', d)}
@@ -98,6 +99,7 @@ EOF
 [binaries]
 c = ${@meson_array('BUILD_CC', d)}
 cpp = ${@meson_array('BUILD_CXX', d)}
+cython = 'cython3'
 ar = ${@meson_array('BUILD_AR', d)}
 nm = ${@meson_array('BUILD_NM', d)}
 strip = ${@meson_array('BUILD_STRIP', d)}
-- 
2.25.1

[OE-core][kirkstone 06/15] archiver: use bb.note instead of echo

[Steve Sakoman]

From: Jose Quaresma <quaresma.jose@gmail.com>

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6420c8a6a8143f53ccad7ab2d56b2ba06db83099)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/archiver.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index c19c770d11..8d026067f4 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -579,7 +579,7 @@ python do_dumpdata () {
 
 SSTATETASKS += "do_deploy_archives"
 do_deploy_archives () {
-    echo "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}."
+    bbnote "Deploying source archive files from ${ARCHIVER_TOPDIR} to ${DEPLOY_DIR_SRC}."
 }
 python do_deploy_archives_setscene () {
     sstate_setscene(d)
-- 
2.25.1

[OE-core][kirkstone 07/15] xxhash: fix build with gcc 12

[Steve Sakoman]

From: Kai Kang <kai.kang@windriver.com>

It fails to compile xxhash when '-Og' is set in CFLAGS via such as set
DEBUG_BUILD = '1' in local.conf. Check and disable inline when '-Og'
exists.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3464c67cd34acbb1a6705369e34dee8af7e348ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/xxhash/xxhash_0.8.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/xxhash/xxhash_0.8.1.bb b/meta/recipes-support/xxhash/xxhash_0.8.1.bb
index b3b9702598..222ba7b77c 100644
--- a/meta/recipes-support/xxhash/xxhash_0.8.1.bb
+++ b/meta/recipes-support/xxhash/xxhash_0.8.1.bb
@@ -14,6 +14,8 @@ SRCREV = "35b0373c697b5f160d3db26b1cbb45a0d5ba788c"
 
 S = "${WORKDIR}/git"
 
+CFLAGS += "${@bb.utils.contains('SELECTED_OPTIMIZATION', '-Og', '-DXXH_NO_INLINE_HINTS', '', d)}"
+
 do_compile () {
 	oe_runmake all
 }
-- 
2.25.1

[OE-core][kirkstone 08/15] oescripts: change compare logic in OEListPackageconfigTests

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

When multilib enabled and add layers/meta-openembedded/meta-oe in
conf/bblayers.conf, it reports below error when run oe-selftest.
 $ oe-selftest -r  oescripts
 [snip]
 [20:36:33-0700] 2022-05-16 03:36:33,494 - oe-selftest - INFO - RESULTS - oescripts.OEListPackageconfigTests.test_packageconfig_flags_option_flags: FAILED (585.37s)
 [snip]

 It is because the output of "list-packageconfig-flags.py -f" as below:
 $ ../scripts/contrib/list-packageconfig-flags.py -f
 [snip]
 qt                     lib32-pinentry  lib32-wxwidgets  nativesdk-pinentry  pinentry  pinentry-native  wxwidgets  wxwidgets-native
 secret                 lib32-pinentry  nativesdk-pinentry  pinentry  pinentry-native
 [snip]

 But the check logic as below:
 class OEListPackageconfigTests(OEScriptTests):
    #oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
    def check_endlines(self, results,  expected_endlines):
        for line in results.output.splitlines():
            for el in expected_endlines:
                if line.split() == el.split():
                    expected_endlines.remove(el)
                    break

 def test_packageconfig_flags_option_flags(self):
        results = runCmd('%s/contrib/list-packageconfig-flags.py -f' % self.scripts_dir)
        expected_endlines = []
        expected_endlines.append("PACKAGECONFIG FLAG     RECIPE NAMES")
        expected_endlines.append("qt                     nativesdk-pinentry  pinentry  pinentry-native")
        expected_endlines.append("secret                 nativesdk-pinentry  pinentry  pinentry-native")

        self.check_endlines(results, expected_endlines)

And the test will fail as line.split() doesn't equal el.split() as
line.split() is ['lib32-pinentry', 'lib32-wxwidgets', 'nativesdk-pinentry',
'pinentry', 'pinentry-native', 'wxwidgets', 'wxwidgets-native'] and
el.split() is ['nativesdk-pinentry', 'pinentry', 'pinentry-native'].

So change the compare logic to fix the gap.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 239f22847bcae0cb31769adb0a42b5440173a7c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/oescripts.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/oescripts.py b/meta/lib/oeqa/selftest/cases/oescripts.py
index cd687816c8..bd84f151cb 100644
--- a/meta/lib/oeqa/selftest/cases/oescripts.py
+++ b/meta/lib/oeqa/selftest/cases/oescripts.py
@@ -129,7 +129,8 @@ class OEListPackageconfigTests(OEScriptTests):
     def check_endlines(self, results,  expected_endlines): 
         for line in results.output.splitlines():
             for el in expected_endlines:
-                if line.split() == el.split():
+                if line and line.split()[0] == el.split()[0] and \
+                   ' '.join(sorted(el.split())) in ' '.join(sorted(line.split())):
                     expected_endlines.remove(el)
                     break
 
-- 
2.25.1

[OE-core][kirkstone 09/15] e2fsprogs: add alternatives handling of lsattr as well

[Steve Sakoman]

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

Building busybox with CONFIG_LSATTR=y and installing that in the same
filesystem as e2fsprogs breaks:

  ERROR: ... do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
  then please place them into pkg_postinst_ontarget:${PN} ().
  Deferring to first boot via 'exit 1' is no longer supported.

Fix that by also alternatifying lsattr just as chattr already is.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96703961eeb3460e9da26503d7942cc965d1e573)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
index ec48f419c7..5b2d1921f0 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
@@ -51,6 +51,7 @@ do_install () {
 	oe_multilib_header ext2fs/ext2_types.h
 	install -d ${D}${base_bindir}
 	mv ${D}${bindir}/chattr ${D}${base_bindir}/chattr.e2fsprogs
+	mv ${D}${bindir}/lsattr ${D}${base_bindir}/lsattr.e2fsprogs
 
 	install -v -m 755 ${S}/contrib/populate-extfs.sh ${D}${base_sbindir}/
 
@@ -99,10 +100,12 @@ FILES:libe2p = "${base_libdir}/libe2p.so.*"
 FILES:libext2fs = "${libdir}/e2initrd_helper ${base_libdir}/libext2fs.so.*"
 FILES:${PN}-dev += "${datadir}/*/*.awk ${datadir}/*/*.sed ${base_libdir}/*.so ${bindir}/compile_et ${bindir}/mk_cmds"
 
-ALTERNATIVE:${PN} = "chattr"
+ALTERNATIVE:${PN} = "chattr lsattr"
 ALTERNATIVE_PRIORITY = "100"
 ALTERNATIVE_LINK_NAME[chattr] = "${base_bindir}/chattr"
 ALTERNATIVE_TARGET[chattr] = "${base_bindir}/chattr.e2fsprogs"
+ALTERNATIVE_LINK_NAME[lsattr] = "${base_bindir}/lsattr"
+ALTERNATIVE_TARGET[lsattr] = "${base_bindir}/lsattr.e2fsprogs"
 
 ALTERNATIVE:${PN}-doc = "fsck.8"
 ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8"
-- 
2.25.1

[OE-core][kirkstone 10/15] popt: fix override syntax in RDEPENDS

[Steve Sakoman]

From: Yi Zhao <yi.zhao@windriver.com>

RDEPENDS_${PN}-ptest -> RDEPENDS:${PN}-ptest

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37a47bfced900c2f1e239b216d8614eb290f2f0c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/popt/popt_1.18.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/popt/popt_1.18.bb b/meta/recipes-support/popt/popt_1.18.bb
index af8add4ad6..b465f8817d 100644
--- a/meta/recipes-support/popt/popt_1.18.bb
+++ b/meta/recipes-support/popt/popt_1.18.bb
@@ -17,7 +17,7 @@ SRC_URI[sha256sum] = "5159bc03a20b28ce363aa96765f37df99ea4d8850b1ece17d1e6ad5c24
 
 inherit autotools gettext ptest
 
-RDEPENDS_${PN}-ptest += "bash"
+RDEPENDS:${PN}-ptest += "bash"
 
 do_compile_ptest() {
     sed 's#lt-test1#test1#g' ${S}/tests/testit.sh > ${B}/tests/testit.sh
-- 
2.25.1

[OE-core][kirkstone 11/15] git: fix override syntax in RDEPENDS

[Steve Sakoman]

From: Yi Zhao <yi.zhao@windriver.com>

RDEPENDS_${PN}-tk -> RDEPENDS:${PN}-tk

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1ed9267a318d53a302991a8ec7259d3bb809eaaa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/git/git_2.35.3.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/git/git_2.35.3.bb b/meta/recipes-devtools/git/git_2.35.3.bb
index 68981d4fde..794045c8b7 100644
--- a/meta/recipes-devtools/git/git_2.35.3.bb
+++ b/meta/recipes-devtools/git/git_2.35.3.bb
@@ -147,7 +147,7 @@ RDEPENDS:${PN}-perltools = "${PN} perl perl-module-file-path findutils"
 
 # git-tk package with gitk and git-gui
 PACKAGES =+ "${PN}-tk"
-#RDEPENDS_${PN}-tk = "${PN} tk tcl"
+#RDEPENDS:${PN}-tk = "${PN} tk tcl"
 #EXTRA_OEMAKE = "TCL_PATH=${STAGING_BINDIR_CROSS}/tclsh"
 FILES:${PN}-tk = " \
     ${bindir}/gitk \
-- 
2.25.1

[OE-core][kirkstone 12/15] gcc-source: Fix incorrect task dependencies from ${B}

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Some tasks may reference ${B} for gcc-source which in general would not exist.
It has dependencies on HOST_SYS and TARGET_SYS which are not appropriate for a
shared recipe like gcc-source. This causes problems for the archiver and
multiconfigs in particlar.

Set B to something else to avoid these task hash issues.

Acked-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit beb2a76c591e985c6fc7ed473abd1bee27f955a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-common.inc | 2 +-
 meta/recipes-devtools/gcc/gcc-source.inc | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/gcc-common.inc b/meta/recipes-devtools/gcc/gcc-common.inc
index 0f70be7dd4..2abc0e355d 100644
--- a/meta/recipes-devtools/gcc/gcc-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-common.inc
@@ -96,7 +96,7 @@ BINV = "${PV}"
 #S = "${WORKDIR}/gcc-${PV}"
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
 
-B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"
+B ?= "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"
 
 target_includedir ?= "${includedir}"
 target_libdir ?= "${libdir}"
diff --git a/meta/recipes-devtools/gcc/gcc-source.inc b/meta/recipes-devtools/gcc/gcc-source.inc
index 03bab97815..224b7778ef 100644
--- a/meta/recipes-devtools/gcc/gcc-source.inc
+++ b/meta/recipes-devtools/gcc/gcc-source.inc
@@ -18,6 +18,7 @@ INHIBIT_DEFAULT_DEPS = "1"
 DEPENDS = ""
 PACKAGES = ""
 
+B = "${WORKDIR}/build"
 
 # This needs to be Python to avoid lots of shell variables becoming dependencies.
 python do_preconfigure () {
-- 
2.25.1

[OE-core][kirkstone 13/15] archiver: don't use machine variables in shared recipes

[Steve Sakoman]

From: Jose Quaresma <quaresma.jose@gmail.com>

When using multiconfig with the same TMP folder we can have
races because the shared recipes like gcc-source run twice.

ARCHIVER_OUTDIR = ${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/
which includes TARGET_SYS and between the two different MACHINE values,
this changes  from 'arm-poky-linux-gnueabi' to 'aarch64-poky-linux'.
This leads to the task running twice, once for each multiconfig.

To solve this we need to store the shared output in a common place
for all machines and in this way the stamps will be the same for each
machine so the gcc-source will on run once regardless of the machine used.

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5abe497aad39a6ce8d72556fcdda1938a0f8c1bc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/archiver.bbclass | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index 8d026067f4..33070cd17f 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -55,9 +55,10 @@ ARCHIVER_MODE[compression] ?= "xz"
 
 DEPLOY_DIR_SRC ?= "${DEPLOY_DIR}/sources"
 ARCHIVER_TOPDIR ?= "${WORKDIR}/archiver-sources"
-ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${TARGET_SYS}/${PF}/"
+ARCHIVER_ARCH = "${TARGET_SYS}"
+ARCHIVER_OUTDIR = "${ARCHIVER_TOPDIR}/${ARCHIVER_ARCH}/${PF}/"
 ARCHIVER_RPMTOPDIR ?= "${WORKDIR}/deploy-sources-rpm"
-ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${TARGET_SYS}/${PF}/"
+ARCHIVER_RPMOUTDIR = "${ARCHIVER_RPMTOPDIR}/${ARCHIVER_ARCH}/${PF}/"
 ARCHIVER_WORKDIR = "${WORKDIR}/archiver-work/"
 
 # When producing a combined mirror directory, allow duplicates for the case
@@ -101,6 +102,10 @@ python () {
         bb.debug(1, 'archiver: %s is excluded, covered by gcc-source' % pn)
         return
 
+    # TARGET_SYS in ARCHIVER_ARCH will break the stamp for gcc-source in multiconfig
+    if pn.startswith('gcc-source'):
+        d.setVar('ARCHIVER_ARCH', "allarch")
+
     def hasTask(task):
         return bool(d.getVarFlag(task, "task", False)) and not bool(d.getVarFlag(task, "noexec", False))
 
-- 
2.25.1

[OE-core][kirkstone 14/15] systemd: update 0008-add-missing-FTW_-macros-for-musl.patch

[Steve Sakoman]

From: Pavel Zhukov <pavel@zhukoff.net>

Fixes fuzz warning with insane class ihnerited introduced in 4c3f51142b
Kirkstone specific, master has been updated to 251.2 and FTBFS with musl [Yocto 14838]

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../systemd/0008-add-missing-FTW_-macros-for-musl.patch   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
index 4cce9a3fe6..0c0d3d0b62 100644
--- a/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
@@ -21,12 +21,12 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  3 files changed, 22 insertions(+)
 
 diff --git a/src/basic/missing_type.h b/src/basic/missing_type.h
-index aeaf6ad5ec..3df1084ef2 100644
+index 6c0456349d..5140892e22 100644
 --- a/src/basic/missing_type.h
 +++ b/src/basic/missing_type.h
-@@ -19,3 +19,23 @@ typedef int (*comparison_fn_t)(const void *, const void *);
- #define __COMPAR_FN_T
- typedef int (*__compar_fn_t)(const void *, const void *);
+@@ -14,3 +14,23 @@
+ #ifndef __GLIBC__
+ typedef int (*comparison_fn_t)(const void *, const void *);
  #endif
 +
 +#ifndef FTW_ACTIONRETVAL
-- 
2.25.1

[OE-core][kirkstone 15/15] liberror-perl: Update sstate/equiv versions to clean cache

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

There are cached reproducibility issues on the autobuilder due to the PRServ
sstate checksum issues, flush the bad data out the system by bumping the
versions.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b12e6cfe3bb34e426c8bb74183d041948cb2ed89)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/perl/liberror-perl_0.17029.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-devtools/perl/liberror-perl_0.17029.bb b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
index 497f480347..67e5811f3c 100644
--- a/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
+++ b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
@@ -9,6 +9,10 @@ LICENSE = "Artistic-1.0 | GPL-1.0-or-later"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=8f3499d09ee74a050c0319391ff9d100"
 
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
+
 DEPENDS += "perl"
 
 RDEPENDS:${PN} += " \
-- 
2.25.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3979

The following changes since commit f1c2e21a28f8ad5dc6ff7b0db877aa22e01a9e00:

  pulseaudio: add m4-native to DEPENDS (2022-07-17 16:59:57 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  gnupg: update 2.3.4 -> 2.3.6

Joshua Watt (1):
  sstatesig: Include all dependencies in SPDX task signatures

Khem Raj (2):
  lua: Backport fix for CVE-2022-33099
  gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so

Ming Liu (1):
  rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}

Naveen (1):
  gcc: Backport a fix for gcc bug 105039

Richard Purdie (1):
  vim: Upgrade 9.0.0021 -> 9.0.0063

Sakib Sajal (3):
  dpkg: fix CVE-2022-1664
  go: update v1.17.10 -> v1.17.12
  git: upgrade v2.35.3 -> v2.35.4

Tom Hochstein (1):
  gobject-introspection-data: Disable cache for g-ir-scanner

Yi Zhao (1):
  tiff: Security fixes CVE-2022-1354 and CVE-2022-1355

Yue Tao (1):
  gnupg: upgrade to 2.3.7 to fix CVE-2022-34903

wangmy (2):
  bind: upgrade 9.18.2 -> 9.18.3
  bind: upgrade 9.18.3 -> 9.18.4

 .../gobject-introspection-data.bbclass        |   5 +
 meta/classes/rootfs-postcommands.bbclass      |   2 +-
 meta/lib/oe/sstatesig.py                      |   9 +
 ...1-avoid-start-failure-with-bind-user.patch |   0
 ...d-V-and-start-log-hide-build-options.patch |   0
 ...ching-for-json-headers-searches-sysr.patch |   0
 .../bind/{bind-9.18.2 => bind-9.18.4}/bind9   |   0
 .../{bind-9.18.2 => bind-9.18.4}/conf.patch   |   0
 .../generate-rndc-key.sh                      |   0
 ...t.d-add-support-for-read-only-rootfs.patch |   0
 .../make-etc-initd-bind-stop-work.patch       |   0
 .../named.service                             |   0
 .../bind/{bind_9.18.2.bb => bind_9.18.4.bb}   |   2 +-
 ...ive-Prevent-directory-traversal-for-.patch | 328 ++++++++++++++++++
 meta/recipes-devtools/dpkg/dpkg_1.21.4.bb     |   1 +
 meta/recipes-devtools/gcc/gcc-11.3.inc        |   2 +-
 meta/recipes-devtools/gcc/gcc-runtime.inc     |   3 +-
 .../gcc/gcc/0030-rust-recursion-limit.patch   |  92 +++++
 .../git/{git_2.35.3.bb => git_2.35.4.bb}      |   2 +-
 .../go/{go-1.17.10.inc => go-1.17.12.inc}     |   2 +-
 ...1.17.10.bb => go-binary-native_1.17.12.bb} |   4 +-
 ....17.10.bb => go-cross-canadian_1.17.12.bb} |   0
 ...o-cross_1.17.10.bb => go-cross_1.17.12.bb} |   0
 ...ssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} |   0
 ...native_1.17.10.bb => go-native_1.17.12.bb} |   0
 ...ntime_1.17.10.bb => go-runtime_1.17.12.bb} |   0
 .../go/{go_1.17.10.bb => go_1.17.12.bb}       |   0
 .../lua/lua/CVE-2022-33099.patch              |  61 ++++
 meta/recipes-devtools/lua/lua_5.4.4.bb        |   1 +
 .../gobject-introspection_1.72.0.bb           |   3 -
 .../libtiff/tiff/CVE-2022-1354.patch          | 212 +++++++++++
 .../libtiff/tiff/CVE-2022-1355.patch          |  62 ++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   2 +
 ...-a-custom-value-for-the-location-of-.patch |   6 +-
 .../0003-dirmngr-uses-libgpg-error.patch      |  29 --
 .../gnupg/gnupg/relocate.patch                |  18 +-
 .../gnupg/{gnupg_2.3.4.bb => gnupg_2.3.7.bb}  |   3 +-
 .../vim/files/crosscompile.patch              |  51 +++
 meta/recipes-support/vim/files/racefix.patch  |  12 +-
 meta/recipes-support/vim/vim.inc              |   9 +-
 40 files changed, 860 insertions(+), 61 deletions(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.2.bb => bind_9.18.4.bb} (98%)
 create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch
 rename meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} (98%)
 rename meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} (92%)
 rename meta/recipes-devtools/go/{go-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} (83%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-native_1.17.10.bb => go-native_1.17.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} (100%)
 create mode 100644 meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
 delete mode 100644 meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
 rename meta/recipes-support/gnupg/{gnupg_2.3.4.bb => gnupg_2.3.7.bb} (95%)
 create mode 100644 meta/recipes-support/vim/files/crosscompile.patch

-- 
2.25.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5269

The following changes since commit 2d67702bdfc64358d364dd6484ae41842ee7c52f:

  glibc: stable 2.35 branch updates. (2023-04-28 03:55:33 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Arturo Buzarra (1):
  run-postinsts: Set dependency for ldconfig to avoid boot issues

Deepthi Hemraj (4):
  binutils : Fix CVE-2023-25584
  binutils : Fix CVE-2023-25585
  binutils : Fix CVE-2023-1972
  binutils : Fix CVE-2023-25588

Hitendra Prajapati (1):
  connman: fix CVE-2023-28488 DoS in client.c

Kai Kang (1):
  webkitgtk: fix CVE-2022-32888 & CVE-2022-32923

Narpat Mali (2):
  ffmpeg: fix for CVE-2022-48434
  python3-cryptography: fix for CVE-2023-23931

Randolph Sapp (2):
  wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
  kernel-devicetree: allow specification of dtb directory

Ranjitsinh Rathod (1):
  libbsd: Add correct license for all packages

Shubham Kulkarni (1):
  go: Security fix for CVE-2023-24538

Vivek Kumbhar (2):
  freetype: fix CVE-2023-2004 integer overflowin in
    tt_hvadvance_adjust() in src/truetype/ttgxvar.c
  go: fix CVE-2023-24534 denial of service from excessive memory
    allocation

 meta/classes/kernel-devicetree.bbclass        |  22 +-
 meta/classes/kernel.bbclass                   |   2 +
 .../connman/connman/CVE-2023-28488.patch      |  60 ++
 .../connman/connman_1.41.bb                   |   1 +
 .../binutils/binutils-2.38.inc                |   6 +
 .../binutils/0022-CVE-2023-25584-1.patch      |  56 ++
 .../binutils/0022-CVE-2023-25584-2.patch      |  38 ++
 .../binutils/0022-CVE-2023-25584-3.patch      | 534 ++++++++++++++++++
 .../binutils/0023-CVE-2023-25585.patch        |  54 ++
 .../binutils/0025-CVE-2023-25588.patch        | 147 +++++
 .../binutils/0026-CVE-2023-1972.patch         |  41 ++
 meta/recipes-devtools/go/go-1.17.13.inc       |   2 +
 .../go/go-1.18/CVE-2023-24534.patch           | 200 +++++++
 .../go/go-1.18/CVE-2023-24538.patch           | 208 +++++++
 .../python3-cryptography/CVE-2023-23931.patch |  49 ++
 .../python/python3-cryptography_36.0.2.bb     |   1 +
 .../run-postinsts/run-postinsts.service       |   2 +-
 .../freetype/freetype/CVE-2023-2004.patch     |  41 ++
 .../freetype/freetype_2.11.1.bb               |   1 +
 .../ffmpeg/ffmpeg/CVE-2022-48434.patch        | 130 +++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |   3 +-
 .../webkit/webkitgtk/CVE-2022-32888.patch     |  41 ++
 .../webkit/webkitgtk/CVE-2022-32923.patch     | 435 ++++++++++++++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   2 +
 meta/recipes-support/libbsd/libbsd_0.11.5.bb  |   7 +
 scripts/lib/wic/plugins/source/bootimg-efi.py |   7 +
 26 files changed, 2083 insertions(+), 7 deletions(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
 create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch

-- 
2.34.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5285

The following changes since commit 5fca673d8fe0ee97dc37ed2c9941696842cd667a:

  run-postinsts: Set dependency for ldconfig to avoid boot issues (2023-05-08 04:15:11 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (2):
  git: fix CVE-2023-29007
  git: fix CVE-2023-25652

Bruce Ashfield (1):
  kernel: improve initramfs bundle processing time

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20230210 -> 20230404

Martin Jansa (1):
  populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO
    override

Peter Bergin (1):
  update-alternatives.bbclass: fix old override syntax

Peter Marko (1):
  libxml2: patch CVE-2023-28484 and CVE-2023-29469

Piotr Łobacz (1):
  libarchive: Enable acls, xattr for native as well as target

Steve Sakoman (1):
  Revert "xserver-xorg: backport fix for CVE-2023-1393"

Thomas Roos (1):
  oeqa/utils/metadata.py: Fix running oe-selftest running with no distro
    set

Wang Mingyu (2):
  wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
  xserver-xorg: upgrade 21.1.7 -> 21.1.8

Yoann Congal (1):
  linux-yocto: Exclude 121 CVEs already fixed upstream

Zhixiong Chi (1):
  libpam: Fix the xtests/tst-pam_motd[1|3] failures

bkylerussell@gmail.com (1):
  kernel-devsrc: depend on python3-core instead of python3

 meta/classes/kernel.bbclass                   |   2 +-
 meta/classes/populate_sdk_ext.bbclass         |   3 +-
 meta/classes/update-alternatives.bbclass      |   4 +-
 meta/lib/oeqa/utils/metadata.py               |   6 +-
 .../libxml/libxml2/CVE-2023-28484.patch       |  79 ++
 .../libxml/libxml2/CVE-2023-29469.patch       |  42 +
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   2 +
 .../git/git/CVE-2023-25652.patch              |  94 ++
 .../git/git/CVE-2023-29007.patch              | 162 ++++
 meta/recipes-devtools/git/git_2.35.7.bb       |   2 +
 .../libarchive/libarchive_3.6.2.bb            |   6 +-
 ...rely-on-all-filesystems-providing-a-.patch | 108 +++
 meta/recipes-extended/pam/libpam_1.5.2.bb     |   1 +
 ...posite-Fix-use-after-free-of-the-COW.patch |  46 -
 ...-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} |   5 +-
 ...20230210.bb => linux-firmware_20230404.bb} |   6 +-
 meta/recipes-kernel/linux/cve-exclusion.inc   | 875 ++++++++++++++++++
 meta/recipes-kernel/linux/kernel-devsrc.bb    |   2 +-
 meta/recipes-kernel/linux/linux-yocto.inc     |   3 +
 ...fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} |   2 +-
 20 files changed, 1384 insertions(+), 66 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2023-25652.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2023-29007.patch
 create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} (80%)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230210.bb => linux-firmware_20230404.bb} (99%)
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
 rename meta/recipes-sato/webkit/{wpebackend-fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} (90%)

-- 
2.34.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, December 11

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6300

The following changes since commit 11da43b58e19583a9bc16044309610cfb2e86469:

  systemtap_git: fix used uninitialized error (2023-11-28 05:11:52 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bruce Ashfield (3):
  linux-yocto/5.10: update to v5.10.198
  linux-yocto/5.10: update to v5.10.200
  linux-yocto/5.10: update to v5.10.202

Lee Chee Yang (1):
  xwayland: fix CVE-2023-5367

Narpat Mali (1):
  python3-cryptography: fix CVE-2023-49083

Niko Mauno (1):
  rust-llvm: Allow overriding LLVM target archs

Richard Purdie (5):
  rust-common: Set llvm-target correctly for cross SDK targets
  rust-cross-canadian: Fix ordering of target json config generation
  rust-cross/rust-common: Merge arm target handling code to fix
    cross-canadian
  rust-cross: Simplfy the rust_gen_target calls
  native: Clear TUNE_FEATURES/ABIEXTENSION

Steve Sakoman (1):
  cve-exclusion_5.10.inc: update for 5.10.202

Tim Orling (1):
  vim: upgrade 9.0.2068 -> 9.0.2130

Vivek Kumbhar (1):
  libsndfile: fix CVE-2022-33065 Signed integer overflow in src/mat4.c

Wenlin Kang (1):
  bash: changes to SIGINT handler while waiting for a child

 meta/classes/native.bbclass                   |   2 +
 .../python3-cryptography/CVE-2023-49083.patch |  53 ++++
 .../python/python3-cryptography_36.0.2.bb     |   1 +
 meta/recipes-devtools/rust/rust-common.inc    |  24 +-
 .../rust/rust-cross-canadian-common.inc       |   5 +-
 meta/recipes-devtools/rust/rust-cross.inc     |  21 +-
 meta/recipes-devtools/rust/rust-llvm.inc      |   4 +-
 ...T-handler-while-waiting-for-a-child-.patch | 229 ++++++++++++++++++
 meta/recipes-extended/bash/bash_5.1.16.bb     |   1 +
 .../xwayland/xwayland/CVE-2023-5367.patch     |  85 +++++++
 .../xwayland/xwayland_22.1.8.bb               |   4 +-
 .../linux/cve-exclusion_5.10.inc              |  92 +++++--
 .../linux/linux-yocto-rt_5.10.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 .../libsndfile1/CVE-2022-33065.patch          |  46 ++++
 .../libsndfile/libsndfile1_1.0.31.bb          |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 18 files changed, 542 insertions(+), 68 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-49083.patch
 create mode 100644 meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch

-- 
2.34.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, March 22

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6699

The following changes since commit 2501534c9581c6c3439f525d630be11554a57d24:

  build-appliance-image: Update to kirkstone head revision (2024-03-13 07:39:46 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23

Alexander Kanavin (1):
  linux-firmware: upgrade 20231211 -> 20240220

Haitao Liu (1):
  glibc: Fix subscript typos for get_nscd_addresses

Martin Jansa (1):
  stress-ng: avoid calling sync during do_compile

Meenali Gupta (1):
  expat: fix CVE-2023-52426

Michael Halstead (1):
  yocto-uninative: Update to 4.4 for glibc 2.39

Peter Marko (1):
  expat: patch CVE-2024-28757

Vijay Anusuri (1):
  python3-cryptography: Backport fix for CVE-2024-26130

Wang Mingyu (1):
  wireless-regdb: upgrade 2023.05.03 -> 2023.09.01

Yoann Congal (6):
  cve-update-nvd2-native: Fix typo in comment
  cve-update-nvd2-native: Add an age threshold for incremental update
  cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
  cve-update-nvd2-native: nvd_request_next: Improve comment
  cve-update-nvd2-native: Fix CVE configuration update
  cve-update-nvd2-native: Remove rejected CVE from database

 meta/conf/distro/include/yocto-uninative.inc  |  10 +-
 .../expat/expat/CVE-2023-52426-001.patch      |  35 ++
 .../expat/expat/CVE-2023-52426-002.patch      |  72 +++
 .../expat/expat/CVE-2023-52426-003.patch      |  28 ++
 .../expat/expat/CVE-2023-52426-004.patch      | 429 ++++++++++++++++++
 .../expat/expat/CVE-2023-52426-005.patch      |  34 ++
 .../expat/expat/CVE-2023-52426-006.patch      | 174 +++++++
 .../expat/expat/CVE-2023-52426-007.patch      |  53 +++
 .../expat/expat/CVE-2023-52426-008.patch      |  37 ++
 .../expat/expat/CVE-2023-52426-009.patch      | 354 +++++++++++++++
 .../expat/expat/CVE-2023-52426-010.patch      |  50 ++
 .../expat/expat/CVE-2023-52426-011.patch      |  45 ++
 .../expat/expat/CVE-2024-28757.patch          |  58 +++
 meta/recipes-core/expat/expat_2.5.0.bb        |  12 +
 ...dresses-Fix-subscript-typos-BZ-29605.patch |  40 ++
 meta/recipes-core/glibc/glibc_2.35.bb         |   1 +
 .../meta/cve-update-nvd2-native.bb            |  35 +-
 .../python3-cryptography/CVE-2024-26130.patch |  66 +++
 .../python/python3-cryptography_36.0.2.bb     |   1 +
 .../0001-Makefile-avoid-calling-sync.patch    |  35 ++
 .../stress-ng/stress-ng_0.13.12.bb            |   1 +
 ...20231211.bb => linux-firmware_20240220.bb} |   6 +-
 ....05.03.bb => wireless-regdb_2024.01.23.bb} |   4 +-
 23 files changed, 1562 insertions(+), 18 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-001.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-002.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-003.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-004.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-005.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-006.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-007.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-008.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-009.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-010.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
 create mode 100755 meta/recipes-core/expat/expat/CVE-2024-28757.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch
 create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2024-26130.patch
 create mode 100644 meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.05.03.bb => wireless-regdb_2024.01.23.bb} (88%)

-- 
2.34.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 24

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7353

The following changes since commit 88630352d6d1cfee06787fa84b73ca8ad335cb08:

  libedit: Make docs generation deterministic (2024-09-11 05:03:48 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Colin McAllister (2):
  busybox: Fix cut with "-s" flag
  udev-extraconf: Add collect flag to mount

Divya Chellam (1):
  python3: Upgrade 3.10.14 -> 3.10.15

Konrad Weihmann (3):
  runqemu: keep generating tap devices
  testimage: fallback for empty IMAGE_LINK_NAME
  testexport: fallback for empty IMAGE_LINK_NAME

Michael Halstead (2):
  yocto-uninative: Update to 4.5 for gcc 14
  yocto-uninative: Update to 4.6 for glibc 2.40

Pedro Ferreira (2):
  buildhistory: Fix intermittent package file list creation
  buildhistory: Restoring files from preserve list

Richard Purdie (1):
  buildhistory: Simplify intercept call sites and drop
    SSTATEPOSTINSTFUNC usage

Rohini Sangam (1):
  cups: Security fix for CVE-2024-35235

Ross Burton (1):
  lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex

Vijay Anusuri (1):
  libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006

Vivek Kumbhar (1):
  webkitgtk: Security fix CVE-2024-40779

 meta/classes/buildhistory.bbclass             |  71 ++-
 meta/classes/sstate.bbclass                   |   5 +-
 meta/classes/testexport.bbclass               |   2 +-
 meta/classes/testimage.bbclass                |   4 +-
 meta/conf/distro/include/yocto-uninative.inc  |  10 +-
 meta/lib/oeqa/selftest/cases/runcmd.py        |   4 +-
 .../libpcap/libpcap/CVE-2023-7256-pre1.patch  |  99 ++++
 .../libpcap/libpcap/CVE-2023-7256-pre2.patch  | 131 +++++
 .../libpcap/libpcap/CVE-2023-7256-pre3.patch  |  67 +++
 .../libpcap/libpcap/CVE-2023-7256-pre4.patch  |  37 ++
 .../libpcap/libpcap/CVE-2023-7256.patch       | 368 +++++++++++++
 .../libpcap/libpcap/CVE-2024-8006.patch       |  42 ++
 .../libpcap/libpcap_1.10.1.bb                 |  10 +-
 ...1-cut-Fix-s-flag-to-omit-blank-lines.patch |  66 +++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   1 +
 .../recipes-core/udev/udev-extraconf/mount.sh |   2 +-
 .../python/python3/CVE-2023-27043.patch       | 510 ------------------
 .../python/python3/CVE-2024-6232.patch        | 251 ---------
 .../python/python3/CVE-2024-7592.patch        | 140 -----
 .../python/python3/CVE-2024-8088.patch        | 124 -----
 ...{python3_3.10.14.bb => python3_3.10.15.bb} |   6 +-
 meta/recipes-extended/cups/cups.inc           |   1 +
 .../cups/cups/CVE-2024-35235.patch            | 121 +++++
 .../webkit/webkitgtk/CVE-2024-40779.patch     |  91 ++++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   1 +
 scripts/runqemu                               |  24 +-
 26 files changed, 1109 insertions(+), 1079 deletions(-)
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
 create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2023-27043.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-6232.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
 rename meta/recipes-devtools/python/{python3_3.10.14.bb => python3_3.10.15.bb} (98%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-35235.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch

-- 
2.34.1

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, March 3

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1094

The following changes since commit 73b5570a16708d1e749b1ec525299d10557cbf56:

  vim: Upgrade 9.1.0764 -> 9.1.1043 (2025-02-24 06:54:05 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Guocai He (2):
  tzcode: Update SRC_URI
  xz: Update SRC_URI

Jiaying Song (1):
  boost: fix do_fetch error

Libo Chen (1):
  virglrenderer: fix do_fetch error

Moritz Haase (1):
  meta: Enable '-o pipefail' for the SDK installer

Narpat Mali (1):
  systemd: upgrade 250.5 -> 250.14

Vijay Anusuri (9):
  xserver-xorg: Fix for CVE-2025-26594
  xserver-xorg: Fix for CVE-2025-26595
  xserver-xorg: Fix for CVE-2025-26596
  xserver-xorg: Fix for CVE-2025-26597
  xserver-xorg: Fix for CVE-2025-26598
  xserver-xorg: Fix for CVE-2025-26599
  xserver-xorg: Fix for CVE-2025-26600
  xserver-xorg: Fix for CVE-2025-26601
  bind: Upgrade 9.18.28 -> 9.18.33

 meta/files/toolchain-shar-extract.sh          |   5 +
 .../bind/{bind_9.18.28.bb => bind_9.18.33.bb} |   2 +-
 ...d-boot_250.5.bb => systemd-boot_250.14.bb} |   0
 meta/recipes-core/systemd/systemd.inc         |   2 +-
 .../0001-Adjust-for-musl-headers.patch        |  20 +-
 ...sysctl.d-binfmt.d-modules-load.d-to-.patch |  18 +-
 ...1-core-fix-build-when-seccomp-is-off.patch |  41 ++
 ...ass-correct-parameters-to-getdents64.patch |  49 ++-
 ...w-json_variant_dump-to-return-an-err.patch |  60 ---
 .../0002-Add-sys-stat.h-for-S_IFDIR.patch     |   6 +-
 ...3-missing_type.h-add-comparison_fn_t.patch |   6 +-
 ...k-parse_printf_format-implementation.patch |   6 +-
 ...missing.h-check-for-missing-strndupa.patch |  62 ++-
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   8 +-
 ...008-add-missing-FTW_-macros-for-musl.patch |   4 +-
 ..._register_atfork-for-non-glibc-build.patch |   6 +-
 ...10-Use-uintmax_t-for-handling-rlim_t.patch |   6 +-
 ...sable-tests-for-missing-typedefs-in-.patch |   2 +-
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |   4 +-
 ...patible-basename-for-non-glibc-syste.patch |   2 +-
 ...uffering-when-writing-to-oom_score_a.patch |   6 +-
 ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
 ...definition-of-prctl_mm_map-structure.patch |   2 +-
 .../0021-test-json.c-define-M_PIl.patch       |   4 +-
 ...-not-disable-buffer-in-writing-files.patch |  38 +-
 .../0025-Handle-__cpu_mask-usage.patch        |   2 +-
 .../systemd/0026-Handle-missing-gshadow.patch |   4 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   4 +-
 .../systemd/systemd/CVE-2022-3821.patch       |  45 --
 .../systemd/systemd/CVE-2022-4415-1.patch     | 109 -----
 .../systemd/systemd/CVE-2022-4415-2.patch     | 391 ------------------
 .../systemd/systemd/CVE-2022-45873.patch      | 124 ------
 .../systemd/systemd/CVE-2023-7008.patch       |  40 --
 .../{systemd_250.5.bb => systemd_250.14.bb}   |   7 +-
 meta/recipes-extended/timezone/timezone.inc   |   8 +-
 meta/recipes-extended/xz/xz_5.2.6.bb          |   2 +-
 .../virglrenderer/virglrenderer_0.9.1.bb      |   2 +-
 .../xserver-xorg/CVE-2025-26594-1.patch       |  54 +++
 .../xserver-xorg/CVE-2025-26594-2.patch       |  51 +++
 .../xserver-xorg/CVE-2025-26595.patch         |  65 +++
 .../xserver-xorg/CVE-2025-26596.patch         |  49 +++
 .../xserver-xorg/CVE-2025-26597.patch         |  46 +++
 .../xserver-xorg/CVE-2025-26598.patch         | 120 ++++++
 .../xserver-xorg/CVE-2025-26599-1.patch       |  66 +++
 .../xserver-xorg/CVE-2025-26599-2.patch       | 129 ++++++
 .../xserver-xorg/CVE-2025-26600.patch         |  68 +++
 .../xserver-xorg/CVE-2025-26601-1.patch       |  71 ++++
 .../xserver-xorg/CVE-2025-26601-2.patch       |  85 ++++
 .../xserver-xorg/CVE-2025-26601-3.patch       |  52 +++
 .../xserver-xorg/CVE-2025-26601-4.patch       | 132 ++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |  13 +
 meta/recipes-support/boost/boost-1.78.0.inc   |   2 +-
 52 files changed, 1201 insertions(+), 901 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.28.bb => bind_9.18.33.bb} (97%)
 rename meta/recipes-core/systemd/{systemd-boot_250.5.bb => systemd-boot_250.14.bb} (100%)
 create mode 100644 meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
 rename meta/recipes-core/systemd/{systemd_250.5.bb => systemd_250.14.bb} (99%)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch

-- 
2.43.0

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, May 15

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1582

The following changes since commit 00f7a2f60dd6de95a1a47fa642978613ce76dc56:

  glibc: Add single-threaded fast path to rand() (2025-05-09 09:01:16 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.26

Alexander Kanavin (1):
  perl: enable _GNU_SOURCE define via d_gnulibc

Alon Bar-Lev (1):
  module.bbclass: add KBUILD_EXTRA_SYMBOLS to install

Deepesh Varatharajan (1):
  glibc: stable 2.35 branch updates

Peter Marko (1):
  perl: patch CVE-2024-56406

Vijay Anusuri (10):
  libsoup-2.4: Update fix CVE-2024-52532
  libsoup-2.4: Fix CVE-2025-32906
  libsoup-2.4: Fix CVE-2025-32909
  libsoup: update fix CVE-2024-52532
  libsoup: Fix CVE-2025-32906
  libsoup: Fix CVE-2025-32909
  libsoup: Fix CVE-2025-32910
  libsoup: Fix CVE-2025-32911 & CVE-2025-32913
  libsoup: Fix CVE-2025-32912
  libsoup: Fix CVE-2025-32914

 meta/classes/module.bbclass                   |   1 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 ...4-56406-Heap-buffer-overflow-with-tr.patch |  30 ++++
 meta/recipes-devtools/perl/perl_5.34.3.bb     |   2 +
 .../libsoup-2.4/CVE-2024-52532-3.patch        |  46 ++++++
 .../libsoup-2.4/CVE-2025-32906-1.patch        |  61 +++++++
 .../libsoup-2.4/CVE-2025-32906-2.patch        |  83 ++++++++++
 .../libsoup/libsoup-2.4/CVE-2025-32909.patch  |  36 +++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |   4 +
 .../libsoup/libsoup/CVE-2024-52532-3.patch    |  46 ++++++
 .../libsoup/libsoup/CVE-2025-32906-1.patch    |  61 +++++++
 .../libsoup/libsoup/CVE-2025-32906-2.patch    |  83 ++++++++++
 .../libsoup/libsoup/CVE-2025-32909.patch      |  36 +++++
 .../libsoup/libsoup/CVE-2025-32910-1.patch    |  98 ++++++++++++
 .../libsoup/libsoup/CVE-2025-32910-2.patch    | 149 ++++++++++++++++++
 .../libsoup/libsoup/CVE-2025-32910-3.patch    |  27 ++++
 .../CVE-2025-32911_CVE-2025-32913-1.patch     |  72 +++++++++
 .../CVE-2025-32911_CVE-2025-32913-2.patch     |  44 ++++++
 .../libsoup/libsoup/CVE-2025-32912-1.patch    |  41 +++++
 .../libsoup/libsoup/CVE-2025-32912-2.patch    |  30 ++++
 .../libsoup/libsoup/CVE-2025-32914.patch      | 111 +++++++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  12 ++
 scripts/install-buildtools                    |   4 +-
 23 files changed, 1076 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch

-- 
2.43.0

[OE-core][kirkstone 00/15] Patch review

[Steve Sakoman]

Please review this set of hcanges for kirkstone and have comments back by
end of day Thursday, June 12

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1770

The following changes since commit 415e73d53e5342f3f6ff6acd521ded2df3fbca1f:

  nfs-utils: don't use signals to shut down nfs server. (2025-05-29 08:22:59 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (4):
  ghostscript: fix CVE-2025-48708
  ffmpeg: upgrade 5.0.1 -> 5.0.3
  ffmpeg: fix CVE-2025-22919
  ffmpeg: fix CVE-2025-22921

Deepesh Varatharajan (1):
  binutils: Fix CVE-2025-5244 & CVE-2025-5245

Divya Chellam (2):
  screen: fix CVE-2025-46802
  screen: fix CVE-2025-46804

Harish Sadineni (1):
  binutils: add CVE-2025-1182 patch file to SRC_URI

Hitendra Prajapati (1):
  icu: fix CVE-2025-5222

Jiaying Song (1):
  taglib: fix CVE-2023-47466

Martin Jansa (1):
  kernel.bbclass: add original package name to RPROVIDES for -image and
    -base

Peter Marko (1):
  python3: upgrade 3.10.16 -> 3.10.18

Vijay Anusuri (3):
  libsoup-2.4: Backport auth tests for CVE-2025-32910
  python3-setuptools: Fix CVE-2025-47273
  git: Fix CVE-2024-50349 and CVE-2024-52006

 meta/classes/kernel.bbclass                   |   3 +-
 .../binutils/binutils-2.38.inc                |   3 +
 .../binutils/0040-CVE-2025-1182.patch         |  18 +-
 .../binutils/0041-CVE-2025-5244.patch         |  25 ++
 .../binutils/0042-CVE-2025-5245.patch         |  38 +++
 .../git/git/CVE-2024-50349-0001.patch         | 100 ++++++
 .../git/git/CVE-2024-50349-0002.patch         | 321 ++++++++++++++++++
 .../git/git/CVE-2024-52006.patch              | 165 +++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |   3 +
 .../CVE-2025-47273-pre1.patch                 |  54 +++
 .../python3-setuptools/CVE-2025-47273.patch   |  59 ++++
 .../python/python3-setuptools_59.5.0.bb       |   2 +
 ...ib-termcap-to-linker-flags-to-avoid-.patch |   2 +-
 ...hell-version-of-python-config-that-w.patch |   2 +-
 ...file-do-not-compile-.pyc-in-parallel.patch |   2 +-
 ...sts-due-to-load-variability-on-YP-AB.patch |   6 +-
 ...e-treat-overflow-in-UID-GID-as-failu.patch |   2 +-
 ...asename-to-replace-CC-for-checking-c.patch |  16 +-
 ...detect-multiarch-paths-when-cross-co.patch |   2 +-
 ...orlines-skip-due-to-load-variability.patch |   2 +-
 ...report-missing-dependencies-for-disa.patch |   2 +-
 ...up.py-do-not-add-a-curses-include-pa.patch |   4 +-
 .../python/python3/CVE-2025-0938.patch        | 131 -------
 .../python3/avoid_warning_about_tkinter.patch |   2 +-
 .../python/python3/makerace.patch             |   2 +-
 ...{python3_3.10.16.bb => python3_3.10.18.bb} |   3 +-
 .../ghostscript/CVE-2025-48708.patch          |  46 +++
 .../ghostscript/ghostscript_9.55.0.bb         |   1 +
 .../screen/screen/CVE-2025-46802.patch        | 146 ++++++++
 .../screen/screen/CVE-2025-46804.patch        | 131 +++++++
 meta/recipes-extended/screen/screen_4.9.0.bb  |   2 +
 .../ffmpeg/ffmpeg/CVE-2024-36613.patch        |  18 +-
 .../ffmpeg/ffmpeg/CVE-2025-22919.patch        |  41 +++
 .../ffmpeg/ffmpeg/CVE-2025-22921.patch        |  34 ++
 .../{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb}      |   9 +-
 .../icu/icu/CVE-2025-5222.patch               | 164 +++++++++
 meta/recipes-support/icu/icu_70.1.bb          |   1 +
 ...ckport-auth-tests-for-CVE-2025-32910.patch |  76 +++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |   1 +
 .../taglib/files/CVE-2023-47466.patch         |  38 +++
 meta/recipes-support/taglib/taglib_1.12.bb    |   4 +-
 41 files changed, 1500 insertions(+), 181 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0041-CVE-2025-5244.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0042-CVE-2025-5245.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-52006.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-0938.patch
 rename meta/recipes-devtools/python/{python3_3.10.16.bb => python3_3.10.18.bb} (99%)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-48708.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} (96%)
 create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/Backport-auth-tests-for-CVE-2025-32910.patch
 create mode 100644 meta/recipes-support/taglib/files/CVE-2023-47466.patch

-- 
2.43.0