[OE-core][dunfell 0/7] Patch review

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4364

The following changes since commit aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f:

  qemu: Avoid accidental librdmacm linkage (2022-10-12 05:13:44 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.216
  linux-yocto/5.4: update to v5.4.219

Omkar (1):
  dbus: upgrade 1.12.22 -> 1.12.24

Paul Eggleton (1):
  classes/kernel-fitimage: add ability to add additional signing options

Steve Sakoman (2):
  devtool: add HostKeyAlgorithms option to ssh and scp commands
  selftest: skip virgl test on all Alma Linux

wangmy (1):
  dbus: upgrade 1.12.20 -> 1.12.22

 meta/classes/kernel-fitimage.bbclass          |  6 ++++-
 meta/lib/oeqa/selftest/cases/devtool.py       |  2 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |  4 ++--
 ...s-test_1.12.20.bb => dbus-test_1.12.24.bb} |  0
 meta/recipes-core/dbus/dbus.inc               |  3 +--
 .../dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} |  0
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 scripts/lib/devtool/deploy.py                 |  8 +++----
 10 files changed, 31 insertions(+), 28 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.24.bb} (100%)
 rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.24.bb} (100%)

-- 
2.25.1

[OE-core][dunfell 1/7] linux-yocto/5.4: update to v5.4.216

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    f28b7414ab71 Linux 5.4.216
    b8b87cb13681 clk: iproc: Do not rely on node name for correct PLL setup
    d417d5eb29d7 clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    762706bd12a6 selftests: Fix the if conditions of in test_extra_filter()
    ae0d3a431639 nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    18ef5cd4c53c nvme: add new line after variable declatation
    3ea4a5342452 usbnet: Fix memory leak in usbnet_disconnect()
    6ca922ec7598 Input: melfas_mip4 - fix return value check in mip4_probe()
    38c4d8230f93 Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time"
    7291d19a9eeb soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    cdbcdfc96126 soc: sunxi: sram: Fix probe function ordering issues
    73dbc6e136b5 soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource()
    26170e4fd145 soc: sunxi: sram: Prevent the driver from being unbound
    883778a1f4fa soc: sunxi: sram: Actually claim SRAM regions
    1ba52486082b ARM: dts: am33xx: Fix MMCHS0 dma properties
    d0c69c722ff1 ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    d18565280076 media: dvb_vb2: fix possible out of bound access
    0f4634f70bfd mm: fix madivse_pageout mishandling on non-LRU page
    ffd11370b74f mm/migrate_device.c: flush TLB while holding PTL
    b9e31f4885c4 mm: prevent page_frag_alloc() from corrupting the memory
    d535fb83844e mm/page_alloc: fix race condition between build_all_zonelists and page allocation
    2ec4949738c8 mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    bb7c23e4e523 libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    5cebfac6a8c9 Revert "net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()"
    9a3740f448be ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    46e784cf4a84 ARM: dts: integrator: Tag PCI host with device_type
    85b5edb1b429 clk: ingenic-tcu: Properly enable registers before accessing timers
    f8a2e22289e4 net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    43699b8fbcf1 uas: ignore UAS for Thinkplus chips
    fc540f6e4bb4 usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    383c663c7359 uas: add no-uas quirk for Hiksemi usb_disk
    6215647d9699 Linux 5.4.215
    579976dc0d9f ext4: make directory inode spreading reflect flexbg size
    26e7c965f41b xfs: fix use-after-free when aborting corrupt attr inactivation
    8b3c9eb1b3dd xfs: fix an ABBA deadlock in xfs_rename
    37ec5a20c80d xfs: don't commit sunit/swidth updates to disk if that would cause repair failures
    4668f08cda30 xfs: split the sunit parameter update into two parts
    fd6c5da3fa2b xfs: refactor agfl length computation function
    6363fdf7acac xfs: use bitops interface for buf log item AIL flag check
    a95582d9d500 xfs: stabilize insert range start boundary to avoid COW writeback race
    7a20c664a7d8 xfs: fix some memory leaks in log recovery
    ad9759d48802 xfs: always log corruption errors
    0336599b645e xfs: constify the buffer pointer arguments to error functions
    8856a6572fed xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    9185003c93b3 xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()
    796ff09598cd xfs: attach dquots and reserve quota blocks during unwritten conversion
    a33bcad48b48 xfs: range check ri_cnt when recovering log items
    a102869fb173 xfs: add missing assert in xfs_fsmap_owner_from_rmap
    979eb1230413 xfs: slightly tweak an assert in xfs_fs_map_blocks
    c494dbca9928 xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    bb7eb3ca4b3b ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    04aa8187eba5 workqueue: don't skip lockdep work dependency in cancel_work_sync()
    a874609522b5 drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    75ed7dee26ab drm/amd/display: Limit user regamma to a valid value
    c89849ecfd2e drm/amdgpu: use dirty framebuffer helper
    0b467eab0aad Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
    8c8d0f7ac82f cifs: always initialize struct msghdr smb_msg completely
    1438e412aeda usb: xhci-mtk: fix issue of out-of-bounds array access
    2e473351400e s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    9eb710d1843a serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    6cc0434f9d44 serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    556e827b0f63 serial: Create uart_xmit_advance()
    903f7d322c17 net: sched: fix possible refcount leak in tc_new_tfilter()
    0e8de8f54b04 net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    67199c26a006 perf kcore_copy: Do not check /proc/modules is unchanged
    80b2f37b3370 perf jit: Include program header in ELF files
    95c5637d3d1f can: gs_usb: gs_can_open(): fix race dev->can.state condition
    11ebf32fde46 netfilter: ebtables: fix memory leak when blob is malformed
    6a3239f80682 net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
    d12a1eb07003 net/sched: taprio: avoid disabling offload when it was never enabled
    420c9b10737b of: mdio: Add of_node_put() when breaking out of for_each_xx
    d2ac2baf1fc4 i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    450d106804ff i40e: Fix VF set max MTU size
    3daf09781982 iavf: Fix set max MTU size with port VLAN and jumbo frames
    bfaff9adaa89 iavf: Fix bad page state
    9bf52411eeaa MIPS: Loongson32: Fix PHY-mode being left unspecified
    405bd0ebb00c MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    37f79374bba4 net: team: Unsync device addresses on ndo_stop
    346e94aa4a99 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    b84fdb6be105 iavf: Fix cached head and tail value for iavf_get_tx_pending
    721ea8ac063d netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    d0a24bc8e2aa netfilter: nf_conntrack_irc: Tighten matching on DCC message
    0376a77fa7bc netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    c9355b7e5a6f arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    312eb4574d16 arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    a52ef6ae2842 arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    016b150992ee mm/slub: fix to return errno if kmalloc() fails
    cafb9cad9bcc efi: libstub: check Shim mode using MokSBStateRT
    9599d4601941 ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    befadcf8f7f2 ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    b90ac48c0540 ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    5f622518a7d0 ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    8f8a740e9160 ALSA: hda/realtek: Re-arrange quirk table entries
    dafeac1226a4 ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    95b9a7f0bfbb ALSA: hda: add Intel 5 Series / 3400 PCI DID
    7fff38ab90b8 ALSA: hda/tegra: set depop delay for tegra
    78d3ae9bfad6 USB: serial: option: add Quectel RM520N
    55f0f59e8227 USB: serial: option: add Quectel BG95 0x0203 composition
    95b97afdde75 USB: core: Fix RST error in hub.c
    f5e322ffe7aa Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    430c9bd664ec Revert "usb: add quirks for Lenovo OneLink+ Dock"
    05ec31717feb usb: cdns3: fix issue with rearming ISO OUT endpoint
    10c5d34f6f68 usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    ddf7bc221817 usb: add quirks for Lenovo OneLink+ Dock
    da8ac086943e tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    e56a40281997 serial: atmel: remove redundant assignment in rs485_config
    85a64208b319 tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    9ad48cbf8b07 wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    9a3695bde9c7 usb: xhci-mtk: relax TT periodic bandwidth allocation
    174645cc63c3 usb: xhci-mtk: allow multiple Start-Split in a microframe
    6cfde07c5d8e usb: xhci-mtk: add some schedule error number
    664b0b8f4efa usb: xhci-mtk: add a function to (un)load bandwidth info
    d1eed0d3fb8c usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    1833e8e049d0 usb: xhci-mtk: add only one extra CS for FS/LS INTR
    3826d4f0ef89 usb: xhci-mtk: get the microframe boundary for ESIT
    4ccf7afa4729 usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    a5bdea59f43d usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    67bf926f16b3 usb: dwc3: gadget: Refactor pullup()
    24e4f6308d95 usb: dwc3: gadget: Prevent repeat pullup()
    62b6cbc5983e usb: dwc3: Issue core soft reset before enabling run/stop
    e24f90d7617b usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    85371aad2855 ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    07191f984842 cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    1878eaf0edb8 video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    47c5ef29e52f mksysmap: Fix the mismatch of 'L0' symbols in System.map
    f0ebdfc10bd1 MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    c53c3cbca5ef afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    1aea20f98ed3 net: usb: qmi_wwan: add Quectel RM520N
    447f95d41397 ALSA: hda/tegra: Align BDL entry to 4KB boundary
    9f55da12d05d ALSA: hda/sigmatel: Keep power up while beep is enabled
    39265647c4a6 rxrpc: Fix calc of resend age
    cc273ed79e7c rxrpc: Fix local destruction being repeated
    da01ec04a0b0 regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
    17a21341d953 ASoC: nau8824: Fix semaphore unbalance at error paths
    323f289a9044 iomap: iomap that extends beyond EOF should be marked dirty
    d88039e6fee4 MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    36128fd71f03 cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    81081a5c9c74 cifs: revalidate mapping when doing direct writes
    834f4d856fda tracing: hold caller_addr to hardirq_{enable,disable}_ip
    2c4e260d45fd task_stack, x86/cea: Force-inline stack helpers
    4051324a6daf ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    47d7e6af5bd4 parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    2aae9b7d0723 drm/meson: Fix OSD1 RGB to YCbCr coefficient
    5dd9cb66b712 drm/meson: Correct OSD1 global alpha value
    f1de50e1db99 gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    82e276e5fcdc NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    e0e88c25f88b of: fdt: fix off-by-one error in unflatten_dt_nodes()
    9f02aa34e179 Linux 5.4.214
    c629ec4ddd4f tracefs: Only clobber mode/uid/gid on remount if asked
    fe26b6ca0404 soc: fsl: select FSL_GUTS driver for DPIO
    1bd66f1053be net: dp83822: disable rx error interrupt
    c128bff9ff35 mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    bf3cd8f2c69b usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    72b31dc26415 platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    0573dc9f154a perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    baba0cfc3df0 nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    161e7555520b Input: iforce - add support for Boeder Force Feedback Wheel
    a725bc34d81a ieee802154: cc2520: add rc code in cc2520_tx()
    2670d1d3f59c tg3: Disable tg3 device on system reboot to avoid triggering AER
    c118ae56a5fb hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    3e89e8d1c634 HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    7e214f5b2f34 drm/msm/rd: Fix FIFO-full deadlock

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 1a0e6d7b67..09ff50469a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "03cd66d9814a26fff4681d3a053654848e519fd6"
-SRCREV_meta ?= "2f18e629f78da51cacf531bed58a83568724a376"
+SRCREV_machine ?= "f06a67473d2422ed3bdfb951e0897929b0959678"
+SRCREV_meta ?= "cb04dbc35b99660032c9b278e96b206c7fc3b106"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.213"
+LINUX_VERSION ?= "5.4.216"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 0f71051d0f..3523945155 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.213"
+LINUX_VERSION ?= "5.4.216"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "284fd0f6e11db890ad6cfd246a2c47521db4a05f"
-SRCREV_machine ?= "6d8cf8757864e674bb8f55b6ff68de5e3387d110"
-SRCREV_meta ?= "2f18e629f78da51cacf531bed58a83568724a376"
+SRCREV_machine_qemuarm ?= "3513255b2d77e6a6bf2ebad2697e05cfd42215ab"
+SRCREV_machine ?= "6f25ed1235d5c2556a2c1b491ffa3d3815fb26eb"
+SRCREV_meta ?= "cb04dbc35b99660032c9b278e96b206c7fc3b106"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index d60a44e4a3..acda5ebe78 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "bcf3f5cf5f1bcfac1df54a2a9f19c92a49fc7538"
-SRCREV_machine_qemuarm64 ?= "fea87c9d80c7531f85f69fee97cf9500403cef6b"
-SRCREV_machine_qemumips ?= "f1d654a16a5b5a3bbc9288936827628a4a4553a2"
-SRCREV_machine_qemuppc ?= "f6bbc9d216fd3cef1df3ced215b0b22503c48906"
-SRCREV_machine_qemuriscv64 ?= "c0b728020967728840c39994e472db7ed7b727cf"
-SRCREV_machine_qemux86 ?= "c0b728020967728840c39994e472db7ed7b727cf"
-SRCREV_machine_qemux86-64 ?= "c0b728020967728840c39994e472db7ed7b727cf"
-SRCREV_machine_qemumips64 ?= "841245c9bd427e2e7cc786b92cecaf4390e5dd52"
-SRCREV_machine ?= "c0b728020967728840c39994e472db7ed7b727cf"
-SRCREV_meta ?= "2f18e629f78da51cacf531bed58a83568724a376"
+SRCREV_machine_qemuarm ?= "26b50c67881dd59a4d31bfcd667df69dc9e9ea52"
+SRCREV_machine_qemuarm64 ?= "08307edd8480dc6a3ce10d84e27c816423f396e4"
+SRCREV_machine_qemumips ?= "f49695f1e70bc9eeef061edcb2f22753520f7a43"
+SRCREV_machine_qemuppc ?= "f87963b9e6cc4e036a49def1714f850488bae5b1"
+SRCREV_machine_qemuriscv64 ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
+SRCREV_machine_qemux86 ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
+SRCREV_machine_qemux86-64 ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
+SRCREV_machine_qemumips64 ?= "ae1f3a35c011a787423fedf843f0330f936e5bab"
+SRCREV_machine ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
+SRCREV_meta ?= "cb04dbc35b99660032c9b278e96b206c7fc3b106"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.213"
+LINUX_VERSION ?= "5.4.216"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 2/7] linux-yocto/5.4: update to v5.4.219

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    fd92cfed8bc6 Linux 5.4.219
    0cb5be43dc4b wifi: mac80211: fix MBSSID parsing use-after-free
    9478c5f9c007 wifi: mac80211: don't parse mbssid in assoc response
    7f441a6c90fe mac80211: mlme: find auth challenge directly
    c248c3330d5f Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
    1d0da8674c23 Linux 5.4.218
    3ff54a91e4ea Input: xpad - fix wireless 360 controller breaking after suspend
    690467759573 Input: xpad - add supported devices as contributed on github
    9389750ac6b0 wifi: cfg80211: update hidden BSSes to avoid WARN_ON
    7fab3bf52059 wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
    77bb20ccb9df wifi: cfg80211: avoid nontransmitted BSS list corruption
    785eaabfe310 wifi: cfg80211: fix BSS refcounting bugs
    359ce507f751 wifi: cfg80211: ensure length byte is present before access
    43689bf2cd8e wifi: cfg80211/mac80211: reject bad MBSSID elements
    020402c7dd58 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
    c634a9107f6a random: use expired timer rather than wq for mixing fast pool
    39800adc38f6 random: avoid reading two cache lines on irq randomness
    bc0375ca434b random: restore O_NONBLOCK support
    49d2fc9f998b USB: serial: qcserial: add new usb-id for Dell branded EM7455
    20a5bde60597 scsi: stex: Properly zero out the passthrough command structure
    46b822a7550d efi: Correct Macmini DMI match in uefi cert quirk
    b719d10f7ec3 ALSA: hda: Fix position reporting on Poulsbo
    e5d25a3bfde4 random: clamp credited irq bits to maximum mixed
    194f59391d6c ceph: don't truncate file in atomic_open
    259c0f68168a nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    b7e409d11db9 nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    792211333ad7 nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
    963089ad76cb rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    2da677c0c725 mmc: core: Terminate infinite loop in SD-UHS voltage switch
    373eca05b5b8 mmc: core: Replace with already defined values for readability
    7ec8f073c2bf USB: serial: ftdi_sio: fix 300 bps rate for SIO
    21446ad9cb98 usb: mon: make mmapped memory read only
    d2f3a51ca27e arch: um: Mark the stack non-executable to fix a binutils warning
    bb2d4c37b1fc um: Cleanup compiler warning in arch/x86/um/tls_32.c
    9e26e0eef622 um: Cleanup syscall_handler_t cast in syscalls_32.h
    3c9a75b3d2f7 net/ieee802154: fix uninit value bug in dgram_sendmsg
    61be8898d704 scsi: qedf: Fix a UAF bug in __qedf_probe()
    c790d3a00d42 ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    aefe2f55a986 dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
    db702ecd713a dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    59684c877783 firmware: arm_scmi: Add SCMI PM driver remove routine
    70e4f70d54e0 fs: fix UAF/GPF bug in nilfs_mdt_destroy
    398312c687bb perf tools: Fixup get_current_dir_name() compilation
    393a1aa4215b mm: pagewalk: Fix race between unmap and page walker
    6e150d605c9e Linux 5.4.217
    0c41153c367b docs: update mediator information in CoC docs
    096740d67560 Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    e911caf9a158 Revert "drm/amdgpu: use dirty framebuffer helper"
    ae19c3c76dc4 xfs: remove unused variable 'done'
    538657def702 xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    9ff41b8d71ba xfs: streamline xfs_attr3_leaf_inactive
    c893fedaf10c xfs: move incore structures out of xfs_da_format.h
    5e13ad940a2a xfs: fix memory corruption during remote attr value buffer invalidation
    821e0951b4b3 xfs: refactor remote attr value buffer invalidation
    a1b66abe30da xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    1e4a0723eb38 xfs: fix s_maxbytes computation on 32-bit kernels
    16de74ee3ad6 xfs: truncate should remove all blocks, not just to the end of the page cache
    87e73331e4b7 xfs: introduce XFS_MAX_FILEOFF
    bd67d06b099d xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    24f45c878299 x86/speculation: Add RSB VM Exit protections
    564275d4b93f x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    4891e5fd1001 x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    9862c0f4fd6c x86/speculation: Disable RRSBA behavior
    b9ae02c3c253 x86/bugs: Add Cannon lake to RETBleed affected CPU list
    d6a8a470dc22 x86/cpu/amd: Enumerate BTC_NO
    2edfa537f3b1 x86/common: Stamp out the stepping madness
    17a9fc4a7b91 x86/speculation: Fill RSB on vmexit for IBRS
    2242cf215013 KVM: VMX: Fix IBRS handling after vmexit
    51c71ed134e9 KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    a31bdec99a95 KVM: VMX: Convert launched argument to flags
    5895a9297e60 KVM: VMX: Flatten __vmx_vcpu_run()
    64723cd346ea KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
    57ba312f1037 KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
    87dfe68a3513 x86/speculation: Remove x86_spec_ctrl_mask
    4109a8ce107d x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    0fd086edf887 x86/speculation: Fix SPEC_CTRL write on SMT state change
    18d5a93fd202 x86/speculation: Fix firmware entry SPEC_CTRL handling
    03a575a0f954 x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    8afd1c7da2b0 x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
    3ee9e9a5af07 intel_idle: Disable IBRS during long idle
    97bc52c14a93 x86/bugs: Report Intel retbleed vulnerability
    fd67fe3db93f x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
    2d4ce2d72c3b x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    e2d793a3742a x86/bugs: Optimize SPEC_CTRL MSR writes
    a3111faed5c1 x86/entry: Add kernel IBRS implementation
    fd32a31553a1 x86/entry: Remove skip_r11rcx
    3c93ff4e23ea x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    9a596426d7bd x86/bugs: Add AMD retbleed= boot parameter
    063b7f980607 x86/bugs: Report AMD retbleed vulnerability
    954d591a84d0 x86/cpufeatures: Move RETPOLINE flags to word 11
    893cd858b09c x86/kvm/vmx: Make noinstr clean
    f62d272c2fec x86/cpu: Add a steppings field to struct x86_cpu_id
    69460b1ed63d x86/cpu: Add consistent CPU match macros
    87449d94e75c x86/devicetable: Move x86 specific macro out of generic code
    fbd29b7549b2 Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
    3a8ff61e6f13 Revert "x86/speculation: Add RSB VM Exit protections"

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 09ff50469a..5da86988ce 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "f06a67473d2422ed3bdfb951e0897929b0959678"
-SRCREV_meta ?= "cb04dbc35b99660032c9b278e96b206c7fc3b106"
+SRCREV_machine ?= "983b2c21d3fa76840461947f3f644dd9442d8e40"
+SRCREV_meta ?= "7e9781b04df1fc0aac9309734bbe23b36c050b42"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.216"
+LINUX_VERSION ?= "5.4.219"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 3523945155..269ad6e459 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.216"
+LINUX_VERSION ?= "5.4.219"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "3513255b2d77e6a6bf2ebad2697e05cfd42215ab"
-SRCREV_machine ?= "6f25ed1235d5c2556a2c1b491ffa3d3815fb26eb"
-SRCREV_meta ?= "cb04dbc35b99660032c9b278e96b206c7fc3b106"
+SRCREV_machine_qemuarm ?= "a4c846b5cacb954ae98a8eba9e0450812f1db42c"
+SRCREV_machine ?= "ae25c500cf7dae5520897489b3fe49bdf068528b"
+SRCREV_meta ?= "7e9781b04df1fc0aac9309734bbe23b36c050b42"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index acda5ebe78..d740333ff4 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "26b50c67881dd59a4d31bfcd667df69dc9e9ea52"
-SRCREV_machine_qemuarm64 ?= "08307edd8480dc6a3ce10d84e27c816423f396e4"
-SRCREV_machine_qemumips ?= "f49695f1e70bc9eeef061edcb2f22753520f7a43"
-SRCREV_machine_qemuppc ?= "f87963b9e6cc4e036a49def1714f850488bae5b1"
-SRCREV_machine_qemuriscv64 ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
-SRCREV_machine_qemux86 ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
-SRCREV_machine_qemux86-64 ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
-SRCREV_machine_qemumips64 ?= "ae1f3a35c011a787423fedf843f0330f936e5bab"
-SRCREV_machine ?= "070ae01dd2e7c99939a8b67bb4d8f8cd433396d1"
-SRCREV_meta ?= "cb04dbc35b99660032c9b278e96b206c7fc3b106"
+SRCREV_machine_qemuarm ?= "88065fdc7d5d404312da98b78229996b61f56c21"
+SRCREV_machine_qemuarm64 ?= "ac9667e4dba109088d7ed5922f28d6ef1ba66e9b"
+SRCREV_machine_qemumips ?= "e0dd90f622f78e0ad05797996756528623070da4"
+SRCREV_machine_qemuppc ?= "0d45c84c8240fadec9a36a13d9cf077b6793bcfb"
+SRCREV_machine_qemuriscv64 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
+SRCREV_machine_qemux86 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
+SRCREV_machine_qemux86-64 ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
+SRCREV_machine_qemumips64 ?= "a5cc27ae60c504fc309926d8e72129128befdbd5"
+SRCREV_machine ?= "35826e154ee014b64ccfa0d1f12d36b8f8a75939"
+SRCREV_meta ?= "7e9781b04df1fc0aac9309734bbe23b36c050b42"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.216"
+LINUX_VERSION ?= "5.4.219"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 3/7] dbus: upgrade 1.12.20 -> 1.12.22

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

(From OE-Core rev: 1fb8ea03cf6c4df4d8c2cc9329dfe80c83a37e2d)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc98fba73aeac4d1e661475dfb4acfca94d6c8f8)
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.22.bb}        | 0
 meta/recipes-core/dbus/dbus.inc                                | 3 +--
 meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.22.bb}    | 0
 3 files changed, 1 insertion(+), 2 deletions(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.20.bb => dbus-test_1.12.22.bb} (100%)
 rename meta/recipes-core/dbus/{dbus_1.12.20.bb => dbus_1.12.22.bb} (100%)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.20.bb b/meta/recipes-core/dbus/dbus-test_1.12.22.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus-test_1.12.20.bb
rename to meta/recipes-core/dbus/dbus-test_1.12.22.bb
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
index dcbcc0a9d6..8219f0875e 100644
--- a/meta/recipes-core/dbus/dbus.inc
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -10,8 +10,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
            file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
 "
 
-SRC_URI[md5sum] = "dfe8a71f412e0b53be26ed4fbfdc91c4"
-SRC_URI[sha256sum] = "f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe"
+SRC_URI[sha256sum] = "8d25785c798ec4f892e6f9d177fb0ceeb8b29867b119798f9d5228561d3ad474"
 
 EXTRA_OECONF = "--disable-xml-docs \
                 --disable-doxygen-docs \
diff --git a/meta/recipes-core/dbus/dbus_1.12.20.bb b/meta/recipes-core/dbus/dbus_1.12.22.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus_1.12.20.bb
rename to meta/recipes-core/dbus/dbus_1.12.22.bb
-- 
2.25.1

[OE-core][dunfell 4/7] dbus: upgrade 1.12.22 -> 1.12.24

[Steve Sakoman]

From: Omkar <omkar.patil@kpit.com>

Upgrade dbus from 1.12.22 to 1.12.24

Fix Below CVE's:
2022-42010
2022-42011
2022-42012

Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dbus/{dbus-test_1.12.22.bb => dbus-test_1.12.24.bb}         | 0
 meta/recipes-core/dbus/dbus.inc                                 | 2 +-
 meta/recipes-core/dbus/{dbus_1.12.22.bb => dbus_1.12.24.bb}     | 0
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/dbus/{dbus-test_1.12.22.bb => dbus-test_1.12.24.bb} (100%)
 rename meta/recipes-core/dbus/{dbus_1.12.22.bb => dbus_1.12.24.bb} (100%)

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.22.bb b/meta/recipes-core/dbus/dbus-test_1.12.24.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus-test_1.12.22.bb
rename to meta/recipes-core/dbus/dbus-test_1.12.24.bb
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
index 8219f0875e..82e91c7b13 100644
--- a/meta/recipes-core/dbus/dbus.inc
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -10,7 +10,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
            file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
 "
 
-SRC_URI[sha256sum] = "8d25785c798ec4f892e6f9d177fb0ceeb8b29867b119798f9d5228561d3ad474"
+SRC_URI[sha256sum] = "bc42d196c1756ac520d61bf3ccd6f42013617def45dd1e591a6091abf51dca38"
 
 EXTRA_OECONF = "--disable-xml-docs \
                 --disable-doxygen-docs \
diff --git a/meta/recipes-core/dbus/dbus_1.12.22.bb b/meta/recipes-core/dbus/dbus_1.12.24.bb
similarity index 100%
rename from meta/recipes-core/dbus/dbus_1.12.22.bb
rename to meta/recipes-core/dbus/dbus_1.12.24.bb
-- 
2.25.1

[OE-core][dunfell 5/7] classes/kernel-fitimage: add ability to add additional signing options

[Steve Sakoman]

From: Paul Eggleton <paul.eggleton@microsoft.com>

Add a UBOOT_MKIMAGE_SIGN_ARGS variable to enable passing additional
options to uboot-mkimage when it is run the second time to perform
signing.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8fd7ee7414b45a1feeef7982af3583475902a677)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-fitimage.bbclass | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 7c0d93625b..e0dd215167 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -59,6 +59,9 @@ FIT_SIGN_ALG ?= "rsa2048"
 # fitImage Padding Algo
 FIT_PAD_ALG ?= "pkcs-1.5"
 
+# Arguments passed to mkimage for signing
+UBOOT_MKIMAGE_SIGN_ARGS ?= ""
+
 #
 # Emit the fitImage ITS header
 #
@@ -479,7 +482,8 @@ fitimage_assemble() {
 			${@'-D "${UBOOT_MKIMAGE_DTCOPTS}"' if len('${UBOOT_MKIMAGE_DTCOPTS}') else ''} \
 			-F -k "${UBOOT_SIGN_KEYDIR}" \
 			$add_key_to_u_boot \
-			-r arch/${ARCH}/boot/${2}
+			-r arch/${ARCH}/boot/${2} \
+			${UBOOT_MKIMAGE_SIGN_ARGS}
 	fi
 }
 
-- 
2.25.1

[OE-core][dunfell 6/7] devtool: add HostKeyAlgorithms option to ssh and scp commands

[Steve Sakoman]

With the newer version of ssh in Ubuntu 22.04 we are getting errors of this type:

Unable to negotiate with 192.168.7.2 port 22: no matching host key type found. Their offer: ssh-rsa

Add -o HostKeyAlgorithms=+ssh-rsa to command invocation as suggested at:

http://www.openssh.com/legacy.html

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/devtool.py | 2 +-
 scripts/lib/devtool/deploy.py           | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 87e71632ab..5febdde28e 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -1323,7 +1323,7 @@ class DevtoolExtractTests(DevtoolBase):
             # Now really test deploy-target
             result = runCmd('devtool deploy-target -c %s root@%s' % (testrecipe, qemu.ip))
             # Run a test command to see if it was installed properly
-            sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
+            sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-rsa'
             result = runCmd('ssh %s root@%s %s' % (sshargs, qemu.ip, testcommand))
             # Check if it deployed all of the files with the right ownership/perms
             # First look on the host - need to do this under pseudo to get the correct ownership/perms
diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
index e0f8e64b9c..b4f9fbfe45 100644
--- a/scripts/lib/devtool/deploy.py
+++ b/scripts/lib/devtool/deploy.py
@@ -201,9 +201,9 @@ def deploy(args, config, basepath, workspace):
                 print('  %s' % item)
             return 0
 
-        extraoptions = ''
+        extraoptions = '-o HostKeyAlgorithms=+ssh-rsa'
         if args.no_host_check:
-            extraoptions += '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
+            extraoptions += ' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
         if not args.show_status:
             extraoptions += ' -q'
 
@@ -274,9 +274,9 @@ def undeploy(args, config, basepath, workspace):
     elif not args.recipename and not args.all:
         raise argparse_oe.ArgumentUsageError('If you don\'t specify a recipe, you must specify -a/--all', 'undeploy-target')
 
-    extraoptions = ''
+    extraoptions = '-o HostKeyAlgorithms=+ssh-rsa'
     if args.no_host_check:
-        extraoptions += '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
+        extraoptions += ' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
     if not args.show_status:
         extraoptions += ' -q'
 
-- 
2.25.1

[OE-core][dunfell 7/7] selftest: skip virgl test on all Alma Linux

[Steve Sakoman]

This test will fail any time the host has libdrm > 2.4.107

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/runtime_test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 399727de49..aeda01848a 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -175,8 +175,8 @@ class TestImage(OESelftestTestCase):
         if "DISPLAY" not in os.environ:
             self.skipTest("virgl gtk test must be run inside a X session")
         distro = oe.lsb.distro_identifier()
-        if distro and distro == 'almalinux-8.6':
-            self.skipTest('virgl isn\'t working with Alma 8')
+        if distro and distro.startswith('almalinux'):
+            self.skipTest('virgl isn\'t working with Alma Linux')
         if distro and distro == 'debian-8':
             self.skipTest('virgl isn\'t working with Debian 8')
         if distro and distro == 'centos-7':
-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, April 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6757

The following changes since commit d0811b98fa3847dbbfcfe6a80694509bb29aaf9c:

  yocto-uninative: Update to 4.4 for glibc 2.39 (2024-03-18 11:44:32 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve Sakoman (2):
  tar: bump PR to deal with sstate corruption on autobuilder
  perf: bump PR to deal with sstate corruption on autobuilder

Vijay Anusuri (4):
  libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356
  go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785
  tar: Fix for CVE-2023-39804
  curl: backport Debian patch for CVE-2024-2398

virendra thakur (1):
  openssl: Fix CVE-2024-0727

 .../openssl/openssl/CVE-2024-0727.patch       | 122 ++++++++
 .../openssl/openssl_1.1.1w.bb                 |   1 +
 meta/recipes-devtools/go/go-1.14.inc          |   3 +
 .../go/go-1.14/CVE-2023-45289.patch           | 121 ++++++++
 .../go/go-1.14/CVE-2023-45290.patch           | 271 ++++++++++++++++++
 .../go/go-1.14/CVE-2024-24785.patch           | 197 +++++++++++++
 .../tar/tar/CVE-2023-39804.patch              |  64 +++++
 meta/recipes-extended/tar/tar_1.32.bb         |   3 +
 meta/recipes-kernel/perf/perf.bb              |   2 +-
 .../libtiff/files/CVE-2023-52356.patch        |  53 ++++
 .../libtiff/files/CVE-2023-6277-1.patch       | 191 ++++++++++++
 .../libtiff/files/CVE-2023-6277-2.patch       | 152 ++++++++++
 .../libtiff/files/CVE-2023-6277-3.patch       |  46 +++
 .../libtiff/files/CVE-2023-6277-4.patch       |  94 ++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   5 +
 .../curl/curl/CVE-2024-2398.patch             |  88 ++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 17 files changed, 1413 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2023-39804.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, February 15

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6564

The following changes since commit 18ae4fea4bf8681f9138d21124589918e336ff6b:

  systemtap: Fix build with gcc-12 (2024-01-25 03:58:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Matthias Schmitz (1):
  rsync: Fix rsync hanging when used with --relative

Ming Liu (1):
  go: add a complementary fix for CVE-2023-29406

Peter Marko (1):
  curl: ignore CVE-2023-42915

Vijay Anusuri (1):
  ghostscript: Backport fix for CVE-2020-36773

Zahir Hussain (1):
  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

virendra thakur (2):
  perl: Whitelist CVE-2023-47039
  ncurses: Fix CVE-2023-29491

 .../ncurses/files/CVE-2023-29491.patch        |  45 +++++++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |   3 +-
 .../cmake/cmake/OEToolchainConfig.cmake       |   3 +
 meta/recipes-devtools/go/go-1.14.inc          |   3 +-
 ...023-29406.patch => CVE-2023-29406-1.patch} |   0
 .../go/go-1.14/CVE-2023-29406-2.patch         | 114 ++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.30.1.bb     |   4 +
 ...lative-when-copying-an-absolute-path.patch |  31 +++++
 meta/recipes-devtools/rsync/rsync_3.1.3.bb    |   1 +
 .../ghostscript/CVE-2020-36773.patch          | 109 +++++++++++++++++
 .../ghostscript/ghostscript_9.52.bb           |   1 +
 meta/recipes-support/curl/curl_7.69.1.bb      |   3 +
 12 files changed, 315 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
 rename meta/recipes-devtools/go/go-1.14/{CVE-2023-29406.patch => CVE-2023-29406-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406-2.patch
 create mode 100644 meta/recipes-devtools/rsync/files/0001-Fix-relative-when-copying-an-absolute-path.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2020-36773.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5947

The following changes since commit 8b91c463fb3546836789e1890b3c68acf69c162a:

  build-appliance-image: Update to dunfell head revision (2023-09-16 11:16:49 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Archana Polampalli (1):
  vim: upgrade 9.0.1592 -> 9.0.1664

Michael Opdenacker (1):
  flac: fix CVE-2020-22219

Richard Purdie (1):
  vim: Upgrade 9.0.1664 -> 9.0.1894

Ross Burton (1):
  gcc: Fix -fstack-protector issue on aarch64

Siddharth Doshi (2):
  gdb: Fix CVE-2023-39128
  libxml2: Fix CVE-2023-39615

Vijay Anusuri (1):
  go: Backport fix for CVE-2022-41725 and CVE-2023-24536

 .../libxml/libxml2/CVE-2023-39615-0001.patch  |   36 +
 .../libxml/libxml2/CVE-2023-39615-0002.patch  |   71 +
 .../libxml/libxml2/CVE-2023-39615-pre.patch   |   44 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    3 +
 meta/recipes-devtools/gcc/gcc-9.5.inc         |    1 +
 .../gcc/gcc-9.5/CVE-2023-4039.patch           | 1506 +++++++++++++++++
 meta/recipes-devtools/gdb/gdb-9.1.inc         |    1 +
 .../gdb/gdb/0012-CVE-2023-39128.patch         |   75 +
 meta/recipes-devtools/go/go-1.14.inc          |    7 +
 .../go/go-1.14/CVE-2022-41725-pre1.patch      |   85 +
 .../go/go-1.14/CVE-2022-41725-pre2.patch      |   97 ++
 .../go/go-1.14/CVE-2022-41725-pre3.patch      |   98 ++
 .../go/go-1.14/CVE-2022-41725.patch           |  660 ++++++++
 .../go/go-1.14/CVE-2023-24536_1.patch         |  134 ++
 .../go/go-1.14/CVE-2023-24536_2.patch         |  184 ++
 .../go/go-1.14/CVE-2023-24536_3.patch         |  349 ++++
 .../flac/files/CVE-2020-22219.patch           |  197 +++
 meta/recipes-multimedia/flac/flac_1.3.3.bb    |    1 +
 meta/recipes-support/vim/vim.inc              |    6 +-
 19 files changed, 3552 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-pre.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc-9.5/CVE-2023-4039.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39128.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725-pre3.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41725.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24536_3.patch
 create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5294

The following changes since commit fd4cc8d7b5156c43d162a1a5a809fae507457ef4:

  build-appliance-image: Update to dunfell head revision (2023-05-03 12:29:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Arturo Buzarra (1):
  run-postinsts: Set dependency for ldconfig to avoid boot issues

Ashish Sharma (1):
  connman: Fix CVE-2023-28488 DoS in client.c

Peter Marko (1):
  libxml2: patch CVE-2023-28484 and CVE-2023-29469

Ranjitsinh Rathod (1):
  libbsd: Add correct license for all packages

Shubham Kulkarni (1):
  go: Security fix for CVE-2023-24538

Vivek Kumbhar (1):
  freetype: fix CVE-2023-2004 integer overflowin in
    tt_hvadvance_adjust() in src/truetype/ttgxvar.c

Yoann Congal (1):
  linux-yocto: Exclude 294 CVEs already fixed upstream

 .../connman/connman/CVE-2023-28488.patch      |   54 +
 .../connman/connman_1.37.bb                   |    1 +
 .../libxml/libxml2/CVE-2023-28484.patch       |   79 +
 .../libxml/libxml2/CVE-2023-29469.patch       |   42 +
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    2 +
 meta/recipes-devtools/go/go-1.14.inc          |    3 +
 .../go/go-1.14/CVE-2023-24538-1.patch         |  125 ++
 .../go/go-1.14/CVE-2023-24538-2.patch         |  196 ++
 .../go/go-1.14/CVE-2023-24538-3.patch         |  208 ++
 .../run-postinsts/run-postinsts.service       |    2 +-
 .../freetype/freetype/CVE-2023-2004.patch     |   40 +
 .../freetype/freetype_2.10.1.bb               |    1 +
 meta/recipes-kernel/linux/cve-exclusion.inc   | 1840 +++++++++++++++++
 meta/recipes-kernel/linux/linux-yocto.inc     |    3 +
 meta/recipes-support/libbsd/libbsd_0.10.0.bb  |    6 +
 15 files changed, 2601 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538-3.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210

The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:

  curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (2):
  curl: CVE-2023-27538 fix SSH connection too eager reuse
  screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

Peter Marko (1):
  go: ignore CVE-2022-41716

Shubham Kulkarni (2):
  go-runtime: Security fix for CVE-2022-41722
  go: Security fix for CVE-2020-29510

Vivek Kumbhar (1):
  go: fix CVE-2023-24537 Infinite loop in parsing

rajmohan r (1):
  systemd: Fix CVE-2023-26604

 .../systemd/systemd/CVE-2023-26604-1.patch    | 115 ++++++++
 .../systemd/systemd/CVE-2023-26604-2.patch    | 264 ++++++++++++++++++
 .../systemd/systemd/CVE-2023-26604-3.patch    | 182 ++++++++++++
 .../systemd/systemd/CVE-2023-26604-4.patch    |  32 +++
 meta/recipes-core/systemd/systemd_244.5.bb    |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   7 +
 .../go/go-1.14/CVE-2020-29510.patch           |  65 +++++
 .../go/go-1.14/CVE-2022-41722-1.patch         |  53 ++++
 .../go/go-1.14/CVE-2022-41722-2.patch         | 104 +++++++
 .../go/go-1.14/CVE-2023-24537.patch           |  76 +++++
 .../screen/screen/CVE-2023-24626.patch        |  40 +++
 meta/recipes-extended/screen/screen_4.8.0.bb  |   1 +
 .../curl/curl/CVE-2023-27538.patch            |  31 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 14 files changed, 975 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5141

The following changes since commit 1c7d555379c4b0962bccd018870989050d87675f:

  classes/package: Use gzip for extended package data (2023-03-27 16:29:20 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Geoffrey GIRY (1):
  cve-check: Fix false negative version issue

Hitendra Prajapati (2):
  curl: CVE-2023-23916 HTTP multi-header compression denial of service
  qemu: fix compile error which imported by CVE-2022-4144

Martin Jansa (1):
  bmap-tools: switch to main branch

Randy MacLeod (1):
  vim: upgrade 9.0.1403 -> 9.0.1429

Shubham Kulkarni (1):
  go-runtime: Security fix for CVE-2022-41723

Vijay Anusuri (1):
  git: Security fix for CVE-2023-22490 and CVE-2023-23946

 meta/classes/cve-check.bbclass                |   5 +-
 meta/lib/oe/cve_check.py                      |  37 +++
 meta/lib/oeqa/selftest/cases/cve_check.py     |  19 ++
 .../git/files/CVE-2023-22490-1.patch          | 179 +++++++++++++
 .../git/files/CVE-2023-22490-2.patch          | 122 +++++++++
 .../git/files/CVE-2023-22490-3.patch          | 154 ++++++++++++
 .../git/files/CVE-2023-23946.patch            | 184 ++++++++++++++
 meta/recipes-devtools/git/git.inc             |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-41723.patch           | 156 ++++++++++++
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 ...ass-requested-buffer-size-to-qxl_phy.patch | 236 ++++++++++++++++++
 .../bmap-tools/bmap-tools_3.5.bb              |   2 +-
 .../curl/curl/CVE-2023-23916.patch            | 231 +++++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 16 files changed, 1332 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-1.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-2.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-23946.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41723.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch

-- 
2.34.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4565

The following changes since commit 408bf1b4bb4f4ed126c17fb3676f9fa0513065ba:

  sstate: Account for reserved characters when shortening sstate filenames (2022-11-23 00:26:19 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  linux-firmware: upgrade 20220913 -> 20221012

Chen Qi (1):
  kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20221012 -> 20221109

Mike Crowe (1):
  kernel: improve transformation from KERNEL_IMAGETYPE_FOR_MAKE

Ross Burton (1):
  pixman: backport fix for CVE-2022-44638

Vivek Kumbhar (1):
  qemu: fix CVE-2021-20196 block fdc null pointer dereference may lead
    to guest crash

Wang Mingyu (1):
  mobile-broadband-provider-info: upgrade 20220725 -> 20221107

 meta/classes/kernel.bbclass                   | 29 ++++++++-
 .../mobile-broadband-provider-info_git.bb     |  4 +-
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2021-20196.patch            | 62 +++++++++++++++++++
 .../xorg-lib/pixman/CVE-2022-44638.patch      | 34 ++++++++++
 .../xorg-lib/pixman_0.38.4.bb                 |  1 +
 ...20220913.bb => linux-firmware_20221109.bb} |  6 +-
 7 files changed, 129 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221109.bb} (99%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200

The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2:

  relocate_sdk.py: ensure interpreter size error causes relocation to fail (2022-08-29 05:02:16 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (1):
  sqlite: CVE-2022-35737 assertion failure

Joshua Watt (1):
  classes: cve-check: Get shared database lock

Ranjitsinh Rathod (2):
  libarchive: Fix CVE-2021-23177 issue
  libarchive: Fix CVE-2021-31566 issue

Richard Purdie (1):
  vim: Upgrade 9.0.0242 -> 9.0.0341

Robert Joslyn (1):
  curl: Backport patch for CVE-2022-35252

Ross Burton (1):
  cve-check: close cursors as soon as possible

 meta/classes/cve-check.bbclass                |  36 ++--
 .../recipes-core/meta/cve-update-db-native.bb |  51 ++---
 .../libarchive/CVE-2021-23177.patch           | 183 ++++++++++++++++++
 .../libarchive/CVE-2021-31566-01.patch        |  23 +++
 .../libarchive/CVE-2021-31566-02.patch        | 172 ++++++++++++++++
 .../libarchive/libarchive_3.4.2.bb            |   3 +
 .../curl/curl/CVE-2022-35252.patch            |  72 +++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 .../sqlite/files/CVE-2022-35737.patch         |  29 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 11 files changed, 535 insertions(+), 40 deletions(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3993

The following changes since commit 3f40d5f095ceb099b604750db96058df00fcd49e:

  build-appliance-image: Update to dunfell head revision (2022-07-25 15:09:15 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (5):
  gnupg: CVE-2022-34903 possible signature forgery via injection into
    the status line
  grub2: Fix buffer underflow write in the heap
  qemu: CVE-2022-35414 can perform an uninitialized read on the
    translate_fail path, leading to an io_readx or io_writex crash
  libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By
    Zero Error
  libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections

LUIS ENRIQUEZ (1):
  kernel-fitimage.bbclass: add padding algorithm property in config
    nodes

Sana.Kazi (1):
  libjpeg-turbo: Fix CVE-2021-46822

 meta/classes/kernel-fitimage.bbclass          |   5 +
 .../grub/files/CVE-2021-3695.patch            | 178 +++++++++++++++++
 .../grub/files/CVE-2021-3696.patch            |  46 +++++
 .../grub/files/CVE-2021-3697.patch            |  82 ++++++++
 meta/recipes-bsp/grub/grub2.inc               |   5 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-35414.patch            |  53 +++++
 .../libtirpc/libtirpc/CVE-2021-46828.patch    | 155 +++++++++++++++
 .../libtirpc/libtirpc_1.2.6.bb                |   4 +-
 .../jpeg/files/CVE-2021-46822.patch           | 133 +++++++++++++
 .../jpeg/libjpeg-turbo_2.0.4.bb               |   1 +
 ...022-2056-CVE-2022-2057-CVE-2022-2058.patch | 183 ++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   1 +
 .../gnupg/gnupg/CVE-2022-34903.patch          |  44 +++++
 meta/recipes-support/gnupg/gnupg_2.2.27.bb    |   1 +
 15 files changed, 890 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3695.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3696.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3697.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
 create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
 create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2021-46822.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
 create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3445

The following changes since commit da5cba5ec56cc437ede46d8aa71219a2a34cbe9e:

  oeqa/selftest/tinfoil: Fix intermittent event loss issue in test (2022-03-26 16:25:24 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve Sakoman (7):
  util-linux: fix CVE-2022-0563
  xserver-xorg: update to 1.20.9
  xserver-xorg: update to 1.20.10
  xserver-xorg: update to 1.20.11
  xserver-xorg: update to 1.20.12
  xserver-xorg: update to 1.20.13
  xserver-xorg: update to 1.20.14

 .../util-linux/util-linux/CVE-2022-0563.patch | 161 ++++++++++++++++
 .../util-linux/util-linux_2.35.1.bb           |   1 +
 .../xorg-xserver/xserver-xorg.inc             |   2 +-
 .../xserver-xorg/CVE-2020-14345.patch         | 182 ------------------
 .../xserver-xorg/CVE-2020-14346.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14347.patch         |  38 ----
 .../xserver-xorg/CVE-2020-14360.patch         | 132 -------------
 .../xserver-xorg/CVE-2020-14361.patch         |  36 ----
 .../xserver-xorg/CVE-2020-14362.patch         |  70 -------
 .../xserver-xorg/CVE-2020-25712.patch         | 102 ----------
 ...xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} |  11 +-
 11 files changed, 165 insertions(+), 606 deletions(-)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14345.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14360.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14361.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-25712.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_1.20.8.bb => xserver-xorg_1.20.14.bb} (73%)

-- 
2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2350

The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:

  report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Andrej Valek (1):
  busybox: add tmpdir option into mktemp applet

Richard Purdie (3):
  pseudo: Add uninative configuration sanity check
  pseudo: Update to latest version including statx fix
  sstate: Drop pseudo exclusion

Steve Sakoman (3):
  bluez: fix CVE-2021-3588
  gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
  gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed

 meta/classes/sstate.bbclass                   |  2 -
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/CVE-2021-3588.patch         | 34 ++++++++
 .../0001-mktemp-add-tmpdir-option.patch       | 81 +++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |  1 +
 meta/recipes-devtools/pseudo/pseudo.inc       | 13 +++
 meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
 .../gstreamer1.0-plugins-base_1.16.3.bb       |  4 +
 .../gstreamer1.0-plugins-good_1.16.3.bb       |  5 ++
 9 files changed, 140 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-3588.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch

-- 
2.25.1

Re: [OE-core][dunfell 0/7] Patch review

[Andrej Valek]

Hello Steve,

Busybox patch looks fine.

Cheers,
Andrej

> Please review this next set of patches for dunfell and have comments back by end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Ftyphoon%2F%23%2Fbuilders%2F83%2Fbuilds%2F2350&data=04%7C01%7Candrej.valek%40siemens.com%> 7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lHIY6jrIIjgQrMFGZI5aGHjaqK4A5Y17uptGKbI%2ByXQ%3D&reserved=0
>
> The following changes since commit cfd74f2bae51413d9c327e0f08ecf751325c2d74:
>
>   report-error: Drop pointless inherit (2021-07-11 06:19:43 -1000)
>
> are available in the Git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
>   https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcgit.openembedded.org%2Fopenembedded-core-contrib%2Flog%2F%3Fh%3Dstable%2Fdunfell-nut&data=04%7C01%7Candrej.valek%40siemens.com%7C0b3180079754416d5b4808d9479a07ea%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637619549152185601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RqxpOBjsL%2B6GJnZwWtQ7KHLi%2FAcp1A0KZza9ow9p%2FPc%3D&reserved=0

> Andrej Valek (1):
>   busybox: add tmpdir option into mktemp applet
>
> Richard Purdie (3):
>   pseudo: Add uninative configuration sanity check
>   pseudo: Update to latest version including statx fix
>   sstate: Drop pseudo exclusion
>
> Steve Sakoman (3):
>   bluez: fix CVE-2021-3588
>   gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
>   gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
>
>  meta/classes/sstate.bbclass                   |  2 -
>  meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
>  .../bluez5/bluez5/CVE-2021-3588.patch         | 34 ++++++++
>  .../0001-mktemp-add-tmpdir-option.patch       | 81 +++++++++++++++++++
>  meta/recipes-core/busybox/busybox_1.31.1.bb   |  1 +
>  meta/recipes-devtools/pseudo/pseudo.inc       | 13 +++
>  meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
>  .../gstreamer1.0-plugins-base_1.16.3.bb       |  4 +
>  .../gstreamer1.0-plugins-good_1.16.3.bb       |  5 ++
>  9 files changed, 140 insertions(+), 3 deletions(-)  create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-> 2021-3588.patch
>  create mode 100644 meta/recipes-core/busybox/busybox/0001-mktemp-add-tmpdir-option.patch
>
> --
> 2.25.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Monday.

The following changes since commit b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a:

  cve-check: avoid FileNotFoundError if no do_cve_check task has run (2020-09-14 04:26:37 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Christophe GUIBOUT (1):
  initramfs-framework: support kernel cmdline with double quotes

Geoff Parker (1):
  systemd-serialgetty: Replace sed quoting using ' with " to allow var
    expansion

Khem Raj (1):
  populate_sdk_ext: Do not assume local.conf will always exist

Michael Gloff (1):
  sysvinit: Remove ${B} assignment

Pierre-Jean Texier (1):
  libubootenv: upgrade 0.3 -> 0.3.1

Rahul Kumar (1):
  systemd-serialgetty: Fix sed expression quoting

Steve Sakoman (1):
  Revert "kernel.bbclass: run do_symlink_kernsrc before do_patch"

 meta/classes/kernel.bbclass                         |  2 +-
 meta/classes/populate_sdk_ext.bbclass               |  5 +++--
 .../{libubootenv_0.3.bb => libubootenv_0.3.1.bb}    |  2 +-
 .../initrdscripts/initramfs-framework/init          | 13 +++++++++++++
 meta/recipes-core/systemd/systemd-serialgetty.bb    |  4 ++--
 meta/recipes-core/sysvinit/sysvinit_2.96.bb         |  1 -
 6 files changed, 20 insertions(+), 7 deletions(-)
 rename meta/recipes-bsp/u-boot/{libubootenv_0.3.bb => libubootenv_0.3.1.bb} (94%)

-- 
2.17.1

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

Passed a-full on autobuilder (other than 500 server error posting report for qemumips-alt):

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1265

The following changes since commit b95d6aeafb70765e22d2e1254e749a48f508d489:

  uninative: Handle PREMIRRORS generically (2020-08-09 09:26:54 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (3):
  linux-yocto-rt/5.4: update to rt32
  linux-yocto/5.4: update to v5.4.56
  linux-yocto/5.4: update to v5.4.57

Khem Raj (4):
  glibc: Bring in CVE fixes and other bugfixes from 2.31 release branch
  gcc-9.3.inc: Mark CVE-2019-15847 as fixed
  go: update 1.14.4 -> 1.14.6
  go: Upgrade to 1.14.7

 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/0016-Add-unused-attribute.patch     |  31 ---
 .../glibc/glibc/CVE-2020-6096.patch           | 112 ----------
 .../glibc/glibc/CVE-2020-6096_2.patch         | 194 ------------------
 meta/recipes-core/glibc/glibc_2.31.bb         |   5 +-
 meta/recipes-devtools/gcc/gcc-9.3.inc         |   2 +
 meta/recipes-devtools/go/go-1.14.inc          |   5 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 10 files changed, 24 insertions(+), 363 deletions(-)
 delete mode 100644 meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
 delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch

-- 
2.17.1