[OE-core][kirkstone 0/7] Patch review

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back
by end of day Sunday.

This should be the almost final set of patches for the 4.0.3 release -
there remains an intermittent linux-yocto reproducibility issue that
needs to get fixed.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4015

The following changes since commit 3564ce3d9b2030dd420362c66147bd327090915c:

  initscripts: run umountnfs as a KILL script (2022-07-28 05:32:25 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  openssh: Add openssh-sftp-server to openssh RDEPENDS

Dmitry Baryshkov (1):
  linux-firwmare: restore WHENCE_CHKSUM variable

Khem Raj (1):
  libgcc: Fix standalone target builds with usrmerge distro feature

Martin Jansa (1):
  kernel.bbclass: pass LD also in savedefconfig

Mingli Yu (1):
  strace: set COMPATIBLE_HOST for riscv32

Shruthi Ravichandran (1):
  package_manager/ipk: do not pipe stderr to stdout

Sundeep KOKKONDA (1):
  binutils: stable 2.38 branch updates

 meta/classes/kernel.bbclass                   |  2 +-
 meta/lib/oe/package_manager/ipk/__init__.py   | 23 +++++++++++--------
 .../openssh/openssh_8.9p1.bb                  |  2 +-
 .../binutils/binutils-2.38.inc                |  2 +-
 meta/recipes-devtools/gcc/libgcc-common.inc   |  8 +++++--
 meta/recipes-devtools/strace/strace_5.16.bb   |  3 +++
 .../linux-firmware/linux-firmware_20220708.bb |  5 +++-
 7 files changed, 29 insertions(+), 16 deletions(-)

-- 
2.25.1

[OE-core][kirkstone 1/7] binutils: stable 2.38 branch updates

[Steve Sakoman]

From: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>

Below commits on Binutils-2.38 development branch are updated.
5c0b4ee4060 i386: Don't allow GOTOFF relocation against IFUNC symbol for PIC
19892fedb7b x86: Properly check invalid relocation against protected symbol
b8a2baa80b1 libctf: tests: prune warnings from compiler output
7f9a495a167 libctf: fix linking together multiple objects derived from the same source
97dd8079feb PowerPC64: fix assertion in ppc_build_one_stub with -Os code

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/binutils/binutils-2.38.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 742ca86379..eed252976a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_38-branch"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
-SRCREV ?= "eed56ee299b9ef8754bb4e53f2e9cf2a7c28c04d"
+SRCREV ?= "5c0b4ee406035917d0e50aa138194fab57ae6bf8"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \
-- 
2.25.1

[OE-core][kirkstone 2/7] package_manager/ipk: do not pipe stderr to stdout

[Steve Sakoman]

From: Shruthi Ravichandran <shruthi.ravichandran@ni.com>

Some opkg commands print an error during cleanup when the tmp_dir
does not exist and an attempt is made to delete it. The error messages
are harmless and the opkg commands eventually succeed.
When these commands are run and stderr is piped to stdout, the error
messages may clobber the stdout and cause unexpected results while
parsing the output of the command. Therefore, when parsing the output
of a command, do not pipe stderr to stdout. Instead, capture stderr
and stdout separately, and upon success, send stderr to bb.note().

Signed-off-by: Shruthi Ravichandran <shruthi.ravichandran@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f2167ae80258253eb47a5b148546b265320284cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/package_manager/ipk/__init__.py | 23 ++++++++++++---------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/meta/lib/oe/package_manager/ipk/__init__.py b/meta/lib/oe/package_manager/ipk/__init__.py
index 4cd3963111..9f60f3abcc 100644
--- a/meta/lib/oe/package_manager/ipk/__init__.py
+++ b/meta/lib/oe/package_manager/ipk/__init__.py
@@ -102,12 +102,14 @@ class OpkgDpkgPM(PackageManager):
         This method extracts the common parts for Opkg and Dpkg
         """
 
-        try:
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True).decode("utf-8")
-        except subprocess.CalledProcessError as e:
+        proc = subprocess.run(cmd, capture_output=True, encoding="utf-8", shell=True)
+        if proc.returncode:
             bb.fatal("Unable to list available packages. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
-        return opkg_query(output)
+                     "returned %d:\n%s" % (cmd, proc.returncode, proc.stderr))
+        elif proc.stderr:
+            bb.note("Command '%s' returned stderr: %s" % (cmd, proc.stderr))
+
+        return opkg_query(proc.stdout)
 
     def extract(self, pkg, pkg_info):
         """
@@ -443,15 +445,16 @@ class OpkgPM(OpkgDpkgPM):
         cmd = "%s %s --noaction install %s " % (self.opkg_cmd,
                                                 opkg_args,
                                                 ' '.join(pkgs))
-        try:
-            output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
-        except subprocess.CalledProcessError as e:
+        proc = subprocess.run(cmd, capture_output=True, encoding="utf-8", shell=True)
+        if proc.returncode:
             bb.fatal("Unable to dummy install packages. Command '%s' "
-                     "returned %d:\n%s" % (cmd, e.returncode, e.output.decode("utf-8")))
+                     "returned %d:\n%s" % (cmd, proc.returncode, proc.stderr))
+        elif proc.stderr:
+            bb.note("Command '%s' returned stderr: %s" % (cmd, proc.stderr))
 
         bb.utils.remove(temp_rootfs, True)
 
-        return output
+        return proc.stdout
 
     def backup_packaging_data(self):
         # Save the opkglib for increment ipk image generation
-- 
2.25.1

[OE-core][kirkstone 3/7] libgcc: Fix standalone target builds with usrmerge distro feature

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Ignore the rmdir cmd if using usrmerge distro feature since the
intention is to delete /lib or /lib64 but not libdir under /usr and
base_libdir = libdir when usrmerge is enabled in distro

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b7f6b0e0f1f16f89cd924aac001b4f661c145ca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/libgcc-common.inc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/gcc/libgcc-common.inc b/meta/recipes-devtools/gcc/libgcc-common.inc
index d48dc8b823..31f629acaa 100644
--- a/meta/recipes-devtools/gcc/libgcc-common.inc
+++ b/meta/recipes-devtools/gcc/libgcc-common.inc
@@ -45,10 +45,14 @@ do_install () {
 }
 
 do_install:append:libc-baremetal () {
-	rmdir ${D}${base_libdir}
+	if [ "${base_libdir}" != "${libdir}" ]; then
+		rmdir ${D}${base_libdir}
+	fi
 }
 do_install:append:libc-newlib () {
-	rmdir ${D}${base_libdir}
+	if [ "${base_libdir}" != "${libdir}" ]; then
+		rmdir ${D}${base_libdir}
+	fi
 }
 
 # No rpm package is actually created but -dev depends on it, avoid dnf error
-- 
2.25.1

[OE-core][kirkstone 4/7] linux-firwmare: restore WHENCE_CHKSUM variable

[Steve Sakoman]

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

Restore WHENCE_CHKSUM variable which is used to hold the WHENCE file
checksum. It is necessary to allow easily overriding it from local.conf
if the devupstream version is selected:

PREFERRED_VERSION_linux-firmware = "1:20220708+git%"
SRCREV:class-devupstream = "${AUTOREV}"
WHENCE_CHKSUM:class-devupstream:pn-linux-firmware = "abf1077491eeb261ecdcb680a34fc059"

Without the WHENCE_CHECKSUM one would need to manually patch the
LIC_FILES_CHKSUM variable to change the checksum of WHENC (e.g. using
the anonymous python function or remove expression).

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 554be2af1e0a03a2d23032d48afbbe0913a45409)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../recipes-kernel/linux-firmware/linux-firmware_20220708.bb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb
index bde7178164..91c32e49d6 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220708.bb
@@ -128,8 +128,11 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
                     file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
                     file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-                    file://WHENCE;md5=def08711eb23ba967fb7e1f8cff66178 \
+                    file://WHENCE;md5=${WHENCE_CHKSUM} \
                     "
+# WHENCE checksum is defined separately to ease overriding it if
+# class-devupstream is selected.
+WHENCE_CHKSUM  = "def08711eb23ba967fb7e1f8cff66178"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
-- 
2.25.1

[OE-core][kirkstone 5/7] kernel.bbclass: pass LD also in savedefconfig

[Steve Sakoman]

From: Martin Jansa <Martin.Jansa@gmail.com>

* similar to:
  https://git.openembedded.org/openembedded-core/commit/?id=66c1f4b0abd3483759f9e4141a80f982eaf8ccfd
  https://git.openembedded.org/openembedded-core/commit/?id=36fe2efc91fec5a52374a2dc4814a69076a2d28e
  but for savedefconfig task
* otherwise with ld-is-gold it will fail with:
  gold linker is not supported as it is not capable of linking the kernel proper.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f0c9e1bf35289afa63f040bbc13ca1755e4db0f9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 8299b394a7..c29bd3d5f3 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -629,7 +629,7 @@ kernel_do_configure() {
 
 do_savedefconfig() {
 	bbplain "Saving defconfig to:\n${B}/defconfig"
-	oe_runmake -C ${B} savedefconfig
+	oe_runmake -C ${B} LD='${KERNEL_LD}' savedefconfig
 }
 do_savedefconfig[nostamp] = "1"
 addtask savedefconfig after do_configure
-- 
2.25.1

[OE-core][kirkstone 6/7] strace: set COMPATIBLE_HOST for riscv32

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

Disable the build on riscv32 as it's not supported on riscv32 [1].

[1] https://github.com/strace/strace/commit/69ff62ea5087506ad36a27599db088096db215da

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5276a9a845d0277936e9321ada296818f7bfd84b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/strace/strace_5.16.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/strace/strace_5.16.bb b/meta/recipes-devtools/strace/strace_5.16.bb
index ae19318c20..23ffa25d29 100644
--- a/meta/recipes-devtools/strace/strace_5.16.bb
+++ b/meta/recipes-devtools/strace/strace_5.16.bb
@@ -19,6 +19,9 @@ SRC_URI[sha256sum] = "dc7db230ff3e57c249830ba94acab2b862da1fcaac55417e9b85041a83
 
 inherit autotools ptest
 
+# Not yet ported to rv32
+COMPATIBLE_HOST:riscv32 = "null"
+
 PACKAGECONFIG:class-target ??= "\
     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
 "
-- 
2.25.1

[OE-core][kirkstone 7/7] openssh: Add openssh-sftp-server to openssh RDEPENDS

[Steve Sakoman]

From: Alex Kiernan <alex.kiernan@gmail.com>

OpenSSH 9.0 uses sftp by default as the transport for scp, add in
sftp-server so that this works as expected for users, rather than being
left with a confusing "scp: Connection closed" message.

Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be61b9dac78f0d85c870a0d8304fb4b536ec4bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index a3a0016ce5..e4446280d9 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -160,7 +160,7 @@ FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
 FILES:${PN}-keygen = "${bindir}/ssh-keygen"
 
-RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
+RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
 RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
 RRECOMMENDS:${PN}-sshd:append:class-target = "\
     ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
-- 
2.25.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5185

The following changes since commit ff4b57ffff903a93b710284c7c7f916ddd74712f:

  uninative: Upgrade to 3.9 to include glibc 2.37 (2023-04-04 05:32:01 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (2):
  curl: CVE-2023-27533 TELNET option IAC injection
  curl: CVE-2023-27534 SFTP path resolving discrepancy

Joe Slater (1):
  go: fix CVE-2022-41724, 41725

Mark Hatle (1):
  openssl: Move microblaze to linux-latomic config

Pawan Badganchi (1):
  tiff: Add fix for CVE-2022-4645

Peter Marko (1):
  package.bbclass: correct check for /build in copydebugsources()

Yash Shinde (1):
  binutils : Fix CVE-2023-1579

 meta/classes/package.bbclass                  |    2 +-
 .../openssl/openssl_3.0.8.bb                  |    4 +-
 .../binutils/binutils-2.38.inc                |    4 +
 .../binutils/0021-CVE-2023-1579-1.patch       |  459 ++++
 .../binutils/0021-CVE-2023-1579-2.patch       | 2127 +++++++++++++++
 .../binutils/0021-CVE-2023-1579-3.patch       |  156 ++
 .../binutils/0021-CVE-2023-1579-4.patch       |   37 +
 meta/recipes-devtools/go/go-1.17.13.inc       |    5 +-
 .../go/go-1.19/add_godebug.patch              |   84 +
 .../go/go-1.19/cve-2022-41724.patch           | 2391 +++++++++++++++++
 .../go/go-1.19/cve-2022-41725.patch           |  652 +++++
 ...-of-TIFFTAG_INKNAMES-and-related-TIF.patch |    5 +-
 .../curl/curl/CVE-2023-27533.patch            |  208 ++
 .../curl/curl/CVE-2023-27534.patch            |  122 +
 meta/recipes-support/curl/curl_7.82.0.bb      |    2 +
 15 files changed, 6252 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.19/add_godebug.patch
 create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch
 create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41725.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 31

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6115

The following changes since commit 7681436190354b5c5b6c3a82b3094badd81113de:

  vim: Upgrade 9.0.2009 -> 9.0.2048 (2023-10-20 06:38:00 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (2):
  curl: fix CVE-2023-38545
  curl: fix CVE-2023-38546

Fahad Arslan (2):
  linux-firmware: create separate package for cirrus and cnm firmwares
  linux-firmware: create separate packages

Niko Mauno (1):
  package_rpm: Allow compression mode override

Peter Marko (1):
  openssl: Upgrade 3.0.11 -> 3.0.12

Steve Sakoman (1):
  cve-exclusion_5.10.inc: update for 5.10.197

 meta/classes/package_rpm.bbclass              |   6 +-
 .../{openssl_3.0.11.bb => openssl_3.0.12.bb}  |   2 +-
 .../linux-firmware/linux-firmware_20230804.bb | 260 +++++++++++++++++-
 .../linux/cve-exclusion_5.10.inc              | 123 +++++++--
 .../curl/curl/CVE-2023-38545.patch            | 133 +++++++++
 .../curl/curl/CVE-2023-38546.patch            | 137 +++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   2 +
 7 files changed, 633 insertions(+), 30 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} (99%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 10

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6158

The following changes since commit 0eb8e67aa6833df0cde29833568a70e65c21d7e5:

  build-appliance-image: Update to kirkstone head revision (2023-11-03 04:27:49 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Narpat Mali (1):
  python3-jinja2: Fixed ptest result output as per the standard

Ross Burton (3):
  cve-check: sort the package list in the JSON report
  cve-check: slightly more verbose warning when adding the same package
    twice
  cve-check: don't warn if a patch is remote

Sanjana (1):
  binutils: Fix CVE-2022-47010

Soumya Sambu (1):
  libwebp: Fix CVE-2023-4863

Vijay Anusuri (1):
  xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380

 meta/classes/cve-check.bbclass                |   2 +
 meta/lib/oe/cve_check.py                      |  13 +--
 .../binutils/binutils-2.38.inc                |   1 +
 .../binutils/0032-CVE-2022-47010.patch        |  38 +++++++
 .../python/python3-jinja2/run-ptest           |   2 +-
 .../xserver-xorg/CVE-2023-5367.patch          |  84 +++++++++++++++
 .../xserver-xorg/CVE-2023-5380.patch          | 102 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   2 +
 ...23-5129.patch => CVE-2023-4863-0001.patch} |  20 ++--
 .../webp/files/CVE-2023-4863-0002.patch       |  53 +++++++++
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |   3 +-
 11 files changed, 303 insertions(+), 17 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (97%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please reviwe this set of changes for kirkstone and have comments back by
end of day Friday, January 19

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6458

The following changes since commit 8e27f96c0befbbb5cf8a2f7076b7a1ffd79addb6:

  linux-firmware: upgrade 20230804 -> 20231030 (2024-01-09 05:50:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (1):
  systemd: fix CVE-2023-7008

Martin Jansa (1):
  pybootchartgui: fix 2 SyntaxWarnings

Peter Marko (2):
  sqlite3: backport patch for CVE-2023-7104
  zlib: ignore CVE-2023-6992

Poonam Jadhav (1):
  Revert "curl: Backport fix CVE-2023-32001"

Soumya Sambu (1):
  cpio: upgrade to 2.14

Vivek Kumbhar (1):
  openssl: Backport fix for CVE-2023-6129

 .../openssl/openssl/CVE-2023-6129.patch       | 113 ++++
 .../openssl/openssl_3.0.12.bb                 |   1 +
 .../systemd/systemd/CVE-2023-7008.patch       |  40 ++
 meta/recipes-core/systemd/systemd_250.5.bb    |   1 +
 meta/recipes-core/zlib/zlib_1.2.11.bb         |   3 +
 ...charset_alias-when-building-for-musl.patch |  30 -
 ...ove-superfluous-declaration-of-progr.patch |  28 -
 ...-calculation-of-CRC-in-copy-out-mode.patch |  58 --
 ...appending-to-archives-bigger-than-2G.patch | 312 ----------
 .../cpio/cpio-2.13/CVE-2021-38185.patch       | 581 ------------------
 .../cpio/{cpio_2.13.bb => cpio_2.14.bb}       |   9 +-
 ...e-needed-header-for-major-minor-macr.patch |  47 ++
 .../curl/curl/CVE-2023-32001.patch            |  39 --
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 -
 .../sqlite/files/CVE-2023-7104.patch          |  44 ++
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   1 +
 scripts/pybootchartgui/pybootchartgui/draw.py |   4 +-
 17 files changed, 254 insertions(+), 1058 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
 rename meta/recipes-extended/cpio/{cpio_2.13.bb => cpio_2.14.bb} (74%)
 create mode 100644 meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch
 delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6539

The following changes since commit 60d88989698968c13f8e641f0ba1a82fcf700fb7:

  image-live.bbclass: LIVE_ROOTFS_TYPE support compression (2024-01-30 07:10:42 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Deepthi Hemraj (4):
  binutils: internal gdb: Fix CVE-2023-39129
  binutils: internal gdb: Fix CVE-2023-39130
  gdb: Fix CVE-2023-39129
  gdb: Fix CVE-2023-39130

Peter Marko (3):
  curl: ignore CVE-2023-42915
  gcc-shared-source: ignore CVE-2023-4039
  openssl: Upgrade 3.0.12 -> 3.0.13

 .../openssl/openssl/CVE-2023-5678.patch       | 180 ----------
 .../openssl/openssl/CVE-2023-6129.patch       | 113 ------
 .../openssl/openssl/CVE-2023-6237.patch       | 127 -------
 .../{openssl_3.0.12.bb => openssl_3.0.13.bb}  |   6 +-
 .../binutils/binutils-2.38.inc                |   2 +
 .../binutils/0035-CVE-2023-39129.patch        |  50 +++
 .../binutils/0036-CVE-2023-39130.patch        | 326 ++++++++++++++++++
 .../gcc/gcc-shared-source.inc                 |   3 +
 meta/recipes-devtools/gdb/gdb.inc             |   2 +
 .../gdb/gdb/0012-CVE-2023-39129.patch         |  50 +++
 .../gdb/gdb/0013-CVE-2023-39130.patch         | 326 ++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   3 +
 12 files changed, 764 insertions(+), 424 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.12.bb => openssl_3.0.13.bb} (97%)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39129.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, April 19

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6817

The following changes since commit f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7:

  tcl: skip async and event tests in run-ptest (2024-04-16 05:00:24 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Harish Sadineni (1):
  rust: add CVE_CHECK_IGNORE for CVE-2024-24576

Meenali Gupta (1):
  libssh2: fix CVE-2023-48795

Poonam Jadhav (1):
  ppp: Add RSA-MD in LICENSE

Sana Kazi (1):
  systemd: Fix vlan qos mapping

Soumya Sambu (1):
  nghttp2: Fix CVE-2024-28182

Steve Sakoman (1):
  valgrind: skip intermittently failing ptest

Yogita Urade (1):
  ruby: fix CVE-2024-27281

 meta/recipes-connectivity/ppp/ppp_2.4.9.bb    |   2 +-
 .../systemd/fix-vlan-qos-mapping.patch        | 140 ++++++
 meta/recipes-core/systemd/systemd_250.5.bb    |   1 +
 .../ruby/ruby/CVE-2024-27281.patch            |  97 ++++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 meta/recipes-devtools/rust/rust-source.inc    |   3 +
 .../valgrind/valgrind/remove-for-all          |   2 +
 .../libssh2/libssh2/CVE-2023-48795.patch      | 459 ++++++++++++++++++
 .../recipes-support/libssh2/libssh2_1.10.0.bb |   1 +
 .../nghttp2/nghttp2/CVE-2024-28182-0001.patch | 110 +++++
 .../nghttp2/nghttp2/CVE-2024-28182-0002.patch | 105 ++++
 .../recipes-support/nghttp2/nghttp2_1.47.0.bb |   2 +
 12 files changed, 922 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/systemd/systemd/fix-vlan-qos-mapping.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
 create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0001.patch
 create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0002.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirktsone and have comments back by
end of day Saturday, June 1

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6984

The following changes since commit e0a1ed7aa1f2b12d985414db9a75d6e151ae8d21:

  initscripts: Add custom mount args for /var/lib (2024-05-22 05:07:30 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (5):
  ghostscript: fix CVE-2024-33870
  ghostscript: fix CVE-2024-33869
  ghostscript: fix CVE-2024-33871
  ghostscript: fix CVE-2024-29510
  ghostscript: fix CVE-2023-52722

Soumya Sambu (2):
  util-linux: Fix CVE-2024-28085
  git: Fix multiple CVEs

 meta/recipes-core/util-linux/util-linux.inc   |    5 +
 .../util-linux/CVE-2024-28085-0001.patch      |  202 +
 .../util-linux/CVE-2024-28085-0002.patch      |  172 +
 .../util-linux/CVE-2024-28085-0003.patch      |  223 +
 .../util-linux/CVE-2024-28085-0004.patch      |   36 +
 .../util-linux/CVE-2024-28085-0005.patch      |   34 +
 .../git/git/CVE-2024-32002-0001.patch         |   69 +
 .../git/git/CVE-2024-32002-0002.patch         |  213 +
 .../git/git/CVE-2024-32002-0003.patch         |  141 +
 .../git/git/CVE-2024-32002-0004.patch         |  150 +
 .../git/git/CVE-2024-32004-0001.patch         |   95 +
 .../git/git/CVE-2024-32004-0002.patch         |  187 +
 .../git/git/CVE-2024-32004-0003.patch         |  158 +
 .../git/git/CVE-2024-32020.patch              |  114 +
 .../git/git/CVE-2024-32021-0001.patch         |   89 +
 .../git/git/CVE-2024-32021-0002.patch         |   65 +
 .../git/git/CVE-2024-32465.patch              |  206 +
 meta/recipes-devtools/git/git_2.35.7.bb       |   11 +
 .../ghostscript/CVE-2023-52722.patch          |   43 +
 .../ghostscript/CVE-2024-29510.patch          |   84 +
 .../ghostscript/CVE-2024-33869-0001.patch     |   39 +
 .../ghostscript/CVE-2024-33869-0002.patch     |   52 +
 .../ghostscript/CVE-2024-33870.patch          |   92 +
 .../ghostscript/CVE-2024-33871-0001.patch     | 4863 +++++++++++++++++
 .../ghostscript/CVE-2024-33871-0002.patch     |   43 +
 .../ghostscript/ghostscript_9.55.0.bb         |    7 +
 26 files changed, 7393 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0003.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0004.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0005.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0003.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0004.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0003.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32020.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32465.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-52722.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0002.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, July 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7103

The following changes since commit fbc8f5381e8e1da0d06f7f8e5b8c63a49b1858c2:

  man-pages: remove conflict pages (2024-06-21 12:37:32 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (1):
  gstreamer1.0-plugins-base: fix CVE-2024-4453

Jonas Gorski (1):
  linuxloader: add -armhf on arm only for TARGET_FPU 'hard'

Jose Quaresma (1):
  openssh: fix CVE-2024-6387

Poonam Jadhav (2):
  glibc-tests: correctly pull in the actual tests when installing -ptest
    package
  glibc-tests: Add missing bash ptest dependency

Siddharth Doshi (1):
  OpenSSL: Security fix for CVE-2024-5535

Vijay Anusuri (1):
  wget: Fix for CVE-2024-38428

 meta/classes/linuxloader.bbclass              |    2 +-
 .../openssh/openssh/CVE-2024-6387.patch       |   27 +
 .../openssh/openssh_8.9p1.bb                  |    1 +
 .../openssl/openssl/CVE-2024-5535_1.patch     |  115 ++
 .../openssl/openssl/CVE-2024-5535_2.patch     |   44 +
 .../openssl/openssl/CVE-2024-5535_3.patch     |   84 ++
 .../openssl/openssl/CVE-2024-5535_4.patch     |  178 +++
 .../openssl/openssl/CVE-2024-5535_5.patch     | 1175 +++++++++++++++++
 .../openssl/openssl/CVE-2024-5535_6.patch     |   45 +
 .../openssl/openssl/CVE-2024-5535_7.patch     |   68 +
 .../openssl/openssl/CVE-2024-5535_8.patch     |  273 ++++
 .../openssl/openssl/CVE-2024-5535_9.patch     |  205 +++
 .../openssl/openssl_3.0.14.bb                 |    9 +
 meta/recipes-core/glibc/glibc-tests_2.35.bb   |    4 +-
 meta/recipes-core/glibc/glibc/run-ptest       |    2 +-
 .../wget/wget/CVE-2024-38428.patch            |   79 ++
 meta/recipes-extended/wget/wget_1.21.4.bb     |    1 +
 .../CVE-2024-4453.patch                       |   65 +
 .../gstreamer1.0-plugins-base_1.20.7.bb       |    1 +
 19 files changed, 2374 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
 create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-38428.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-4453.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 3

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7295

The following changes since commit 963085afced737863cf4ff8515a1cf08365d5d87:

  libsoup: fix compile error on centos7 (2024-08-23 14:34:03 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Divya Chellam (1):
  bind: Upgrade 9.18.24 -> 9.18.28

Hitendra Prajapati (1):
  vim: upgrade from 9.0.2190 -> 9.1.0114

Hugo SIMELIERE (1):
  cryptodev-module: Fix build for linux 5.10.220

Ming Liu (1):
  grub: fs/fat: Don't error when mtime is 0

Peter Marko (2):
  libyaml: Ignore CVE-2024-35325
  curl: Ignore CVE-2024-32928

Siddharth Doshi (1):
  vim: Upgrade 9.1.0114 -> 9.1.0682

 ...1-fs-fat-Don-t-error-when-mtime-is-0.patch | 70 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 .../bind/{bind_9.18.24.bb => bind_9.18.28.bb} |  2 +-
 .../cryptodev/cryptodev-module_1.12.bb        |  1 +
 .../0001-Fix-build-for-linux-5.10.220.patch   | 32 +++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  2 +
 meta/recipes-support/libyaml/libyaml_0.2.5.bb |  2 +
 ...m-add-knob-whether-elf.h-are-checked.patch | 39 -----------
 .../vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb}  |  0
 meta/recipes-support/vim/vim.inc              |  5 +-
 .../vim/{vim_9.0.bb => vim_9.1.bb}            |  0
 11 files changed, 111 insertions(+), 43 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch
 rename meta/recipes-connectivity/bind/{bind_9.18.24.bb => bind_9.18.28.bb} (97%)
 create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-linux-5.10.220.patch
 delete mode 100644 meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
 rename meta/recipes-support/vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} (100%)
 rename meta/recipes-support/vim/{vim_9.0.bb => vim_9.1.bb} (100%)

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 13

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/615

The following changes since commit e42b6a40a3a01e328966bb5ee1bb3e0993975b15:

  resulttool: Improve repo layout for oeselftest results (2024-12-04 05:50:49 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  dbus: disable assertions and enable only modular tests

Divya Chellam (1):
  libpam: fix CVE-2024-10041

Jiaying Song (1):
  python3-requests: fix CVE-2024-35195

Khem Raj (1):
  unzip: Fix configure tests to use modern C

Peter Marko (2):
  libsdl2: ignore CVE-2020-14409 and CVE-2020-14410
  rootfs-postcommands.bbclass: make opkg status reproducible

Ross Burton (1):
  sanity: check for working user namespaces

 meta/classes/rootfs-postcommands.bbclass      |   4 +
 meta/classes/sanity.bbclass                   |  24 ++++
 meta/recipes-core/dbus/dbus_1.14.8.bb         |   3 +-
 .../python3-requests/CVE-2024-35195.patch     | 121 ++++++++++++++++++
 .../python/python3-requests_2.27.1.bb         |   4 +-
 .../pam/libpam/CVE-2024-10041.patch           |  98 ++++++++++++++
 meta/recipes-extended/pam/libpam_1.5.2.bb     |   1 +
 ...rrect-system-headers-and-prototypes-.patch | 112 ++++++++++++++++
 meta/recipes-extended/unzip/unzip_6.0.bb      |   1 +
 .../libsdl2/libsdl2_2.0.20.bb                 |   3 +
 10 files changed, 368 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2024-35195.patch
 create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, February 14

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1001

The following changes since commit a397c152abf4f3da1323594e79ebac844a2c9f45:

  glibc: stable 2.35 branch updates (2025-01-30 08:17:32 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bruce Ashfield (2):
  linux-yocto/5.15: update to v5.15.176
  linux-yocto/5.15: update to v5.15.178

Khem Raj (1):
  python3: Treat UID/GID overflow as failure

Nikhil R (1):
  glibc: Suppress GCC -Os warning on user2netname for sunrpc

Pedro Ferreira (1):
  rust-common.bbclass: soft assignment for RUSTLIB path

Peter Marko (1):
  cmake: apply parallel build settings to ptest tasks

Praveen Kumar (1):
  go: Fix CVE-2024-45336

 meta/classes/cmake.bbclass                    |   2 +
 meta/classes/rust-common.bbclass              |   2 +-
 ...press-gcc-os-warning-on-user2netname.patch |  61 +++
 meta/recipes-core/glibc/glibc_2.35.bb         |   1 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.21/CVE-2024-45336.patch           | 394 ++++++++++++++++++
 ...e-treat-overflow-in-UID-GID-as-failu.patch |  40 ++
 .../python/python3_3.10.16.bb                 |   1 +
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 11 files changed, 520 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
 create mode 100644 meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch

-- 
2.43.0

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, March 18

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1187

The following changes since commit 0216c229d5c60d0023b0a7d6e8ee41bdfa16f8ef:

  tzcode-native: Fix compiler setting from 2023d version (2025-03-07 07:00:55 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Ashish Sharma (1):
  ruby: Fix CVE-2025-27219

Divya Chellam (1):
  vim: Upgrade 9.1.1043 -> 9.1.1115

Hitendra Prajapati (2):
  grub: Fix multiple CVEs
  grub: Fix multiple CVEs

Peter Marko (2):
  puzzles: ignore three new CVEs for a different puzzles
  libarchive: patch CVE-2025-25724

Zhang Peng (1):
  mpg123: fix CVE-2024-10573

 .../0001-misc-Implement-grub_strlcpy.patch    |  68 ++
 .../grub/files/CVE-2024-45774.patch           |  40 +
 .../grub/files/CVE-2024-45775.patch           |  41 +
 .../grub/files/CVE-2024-45776.patch           |  42 +
 .../grub/files/CVE-2024-45777.patch           |  60 ++
 .../files/CVE-2024-45778_CVE-2024-45779.patch |  58 ++
 .../grub/files/CVE-2024-45780.patch           |  96 ++
 .../grub/files/CVE-2024-45781.patch           |  38 +
 .../files/CVE-2024-45782_CVE-2024-56737.patch |  39 +
 .../grub/files/CVE-2024-45783.patch           |  42 +
 .../grub/files/CVE-2025-0622-01.patch         |  39 +
 .../grub/files/CVE-2025-0622-02.patch         |  44 +
 .../grub/files/CVE-2025-0622-03.patch         |  41 +
 .../grub/files/CVE-2025-0624.patch            |  87 ++
 ...025-0685_CVE-2025-0686_CVE-2025-0689.patch | 380 +++++++
 .../files/CVE-2025-0678_CVE-2025-1125.patch   |  90 ++
 .../grub/files/CVE-2025-0690.patch            |  75 ++
 .../grub/files/CVE-2025-1118.patch            |  40 +
 meta/recipes-bsp/grub/grub2.inc               |  18 +
 .../ruby/ruby/CVE-2025-27219.patch            |  31 +
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 .../libarchive/CVE-2025-25724.patch           |  40 +
 .../libarchive/libarchive_3.6.2.bb            |   1 +
 .../mpg123/mpg123/CVE-2024-10573.patch        | 978 ++++++++++++++++++
 .../mpg123/mpg123_1.29.3.bb                   |   4 +-
 meta/recipes-sato/puzzles/puzzles_git.bb      |   2 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 27 files changed, 2396 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45774.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45775.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45776.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45777.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45780.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45781.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45783.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0624.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0690.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-1118.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-25724.patch
 create mode 100644 meta/recipes-multimedia/mpg123/mpg123/CVE-2024-10573.patch

-- 
2.43.0

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone ande have comments back by
end of day Thursday, October 2

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2467

The following changes since commit d381eeb5e70bd0ce9e78032c909e4a23564f4dd7:

  build-appliance-image: Update to kirkstone head revision (2025-09-19 07:04:23 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Divya Chellam (1):
  vim: upgrade 9.1.1652 -> 9.1.1683

Gyorgy Sarvari (1):
  libhandy: update git branch name

Praveen Kumar (1):
  go: fix CVE-2025-47907

Soumya Sambu (1):
  python3-jinja2: upgrade 3.1.4 -> 3.1.6

Yogita Urade (3):
  grub2: fix CVE-2024-56738
  curl: fix CVE-2025-9086
  tiff: fix CVE-2025-9900

 .../grub/files/CVE-2024-56738.patch           |  75 ++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 meta/recipes-devtools/go/go-1.17.13.inc       | 125 ++++---
 .../go/go-1.21/CVE-2025-47907-pre-0001.patch  | 354 ++++++++++++++++++
 .../go/go-1.21/CVE-2025-47907-pre-0002.patch  | 232 ++++++++++++
 .../go/go-1.21/CVE-2025-47907.patch           | 327 ++++++++++++++++
 ...inja2_3.1.4.bb => python3-jinja2_3.1.6.bb} |   5 +-
 meta/recipes-gnome/libhandy/libhandy_1.5.0.bb |   2 +-
 .../libtiff/tiff/CVE-2025-9900.patch          |  57 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 .../curl/curl/CVE-2025-9086.patch             |  55 +++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 13 files changed, 1174 insertions(+), 65 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0001.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0002.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907.patch
 rename meta/recipes-devtools/python/{python3-jinja2_3.1.4.bb => python3-jinja2_3.1.6.bb} (82%)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-9086.patch

-- 
2.43.0

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 21

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2748

The following changes since commit 8aad87c12a809d790175b9848f5802d0a28eecac:

  goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures (2025-11-13 08:39:38 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Gyorgy Sarvari (1):
  musl: patch CVE-2025-26519

Richard Purdie (1):
  oe-build-perf-report: relax metadata matching rules

Soumya Sambu (2):
  elfutils: Fix CVE-2025-1376
  elfutils: Fix CVE-2025-1377

Vijay Anusuri (3):
  xwayland: Fix for CVE-2025-62229
  xwayland: Fix for CVE-2025-62230
  xwayland: Fix for CVE-2025-62231

 .../musl/musl/CVE-2025-26519-1.patch          | 39 ++++++++
 .../musl/musl/CVE-2025-26519-2.patch          | 38 ++++++++
 meta/recipes-core/musl/musl_git.bb            |  4 +-
 .../elfutils/elfutils_0.186.bb                |  2 +
 .../elfutils/files/CVE-2025-1376.patch        | 58 ++++++++++++
 .../elfutils/files/CVE-2025-1377.patch        | 68 ++++++++++++++
 .../xwayland/xwayland/CVE-2025-62229.patch    | 89 ++++++++++++++++++
 .../xwayland/xwayland/CVE-2025-62230-1.patch  | 63 +++++++++++++
 .../xwayland/xwayland/CVE-2025-62230-2.patch  | 92 +++++++++++++++++++
 .../xwayland/xwayland/CVE-2025-62231.patch    | 53 +++++++++++
 .../xwayland/xwayland_22.1.8.bb               |  4 +
 scripts/lib/build_perf/report.py              |  9 +-
 12 files changed, 515 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch

-- 
2.43.0