[OE-core][kirkstone 00/31] Patch review

[OE-core][kirkstone 00/31] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Once again I've been proactive in cherry-picking security/bug fix version bumps for
select packages.  And as last time I've edited the commit messages to include
either the release notes or a commit list to make it easier to review the upgrade.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3673

The following changes since commit cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee:

  build-appliance-image: Update to kirkstone head revision (2022-05-15 08:59:03 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE

Alexander Kanavin (11):
  systemd: upgrade 250.4 -> 250.5
  mesa: upgrade 22.0.0 -> 22.0.2
  bind: upgrade 9.18.1 -> 9.18.2
  cronie: upgrade 1.6.0 -> 1.6.1
  epiphany: upgrade 42.0 -> 42.2
  ffmpeg: upgrade 5.0 -> 5.0.1
  fribidi: upgrade 1.0.11 -> 1.0.12
  libinput: upgrade 1.19.3 -> 1.19.4
  sqlite3: upgrade 3.38.2 -> 3.38.3
  webkitgtk: upgrade 2.36.0 -> 2.36.1
  xwayland: upgrade 22.1.0 -> 22.1.1

Aryaman Gupta (1):
  e2fsprogs: update upstream status

Claudius Heine (1):
  overlayfs: add docs about skipping QA check & service dependencies

Davide Gardenal (6):
  freetype: backport patch for CVE-2022-27404
  freetype: backport patch for CVE-2022-27405
  freetype: backport patch for CVE-2022-27406
  qemu: backport patch for CVE-2021-4206
  qemu: backport patch for CVE-2021-4207
  base-passwd: Disable shell for default users

Dmitry Baryshkov (2):
  linux-firmware: upgrade 20220411 -> 20220509
  image.bbclass: allow overriding dependency on virtual/kernel:do_deploy

Felix Moessbauer (1):
  wic/plugins/rootfs: Fix permissions when splitting rootfs folders
    across partitions

Jiaqing Zhao (3):
  libxml2: Upgrade 2.9.13 -> 2.9.14
  sed: Specify shell for "nobody" user in run-ptest
  strace: Don't run ptest as "nobody"

Khem Raj (1):
  systemd: Fix build regression with latest update

Konrad Weihmann (1):
  linux-firmware: replace mkdir by install

Richard Purdie (3):
  vim: Upgrade 8.2.4681 -> 8.2.4912
  cairo: Add missing GPLv3 license checksum entry
  sanity: Don't warn about make 4.2.1 for mint

 meta/classes/image.bbclass                    |   7 +-
 meta/classes/overlayfs.bbclass                |  18 +-
 meta/classes/pypi.bbclass                     |   2 +
 meta/classes/sanity.bbclass                   |   2 +-
 ...1-avoid-start-failure-with-bind-user.patch |   0
 ...d-V-and-start-log-hide-build-options.patch |   0
 ...ching-for-json-headers-searches-sysr.patch |   0
 .../bind/{bind-9.18.1 => bind-9.18.2}/bind9   |   0
 .../{bind-9.18.1 => bind-9.18.2}/conf.patch   |   0
 .../generate-rndc-key.sh                      |   0
 ...t.d-add-support-for-read-only-rootfs.patch |   0
 .../make-etc-initd-bind-stop-work.patch       |   0
 .../named.service                             |   0
 .../bind/{bind_9.18.1.bb => bind_9.18.2.bb}   |   2 +-
 .../base-passwd/disable-shell.patch           |  57 ++++
 .../base-passwd/base-passwd_3.5.29.bb         |   1 +
 .../CVE-2022-23308-fix-regression.patch       |  99 -------
 .../libxml2/libxml-m4-use-pkgconfig.patch     |  21 +-
 .../{libxml2_2.9.13.bb => libxml2_2.9.14.bb}  |   5 +-
 ...md-boot_250.4.bb => systemd-boot_250.5.bb} |   0
 meta/recipes-core/systemd/systemd.inc         |   2 +-
 .../0001-Adjust-for-musl-headers.patch        |  98 ++++++-
 ...ass-correct-parameters-to-getdents64.patch |  10 +-
 ...e-Use-sockaddr-pointer-type-for-bind.patch |  46 ++++
 .../0002-Add-sys-stat.h-for-S_IFDIR.patch     |   8 +-
 ...002-don-t-use-glibc-specific-qsort_r.patch |  20 +-
 ...dd-__compare_fn_t-and-comparison_fn_.patch |  10 +-
 ...k-parse_printf_format-implementation.patch |  20 +-
 ...missing.h-check-for-missing-strndupa.patch | 151 +++++++++--
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |  12 +-
 ...008-add-missing-FTW_-macros-for-musl.patch |  17 +-
 ..._register_atfork-for-non-glibc-build.patch |   6 +-
 ...10-Use-uintmax_t-for-handling-rlim_t.patch |  16 +-
 ...sable-tests-for-missing-typedefs-in-.patch |   4 +-
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |  18 +-
 ...patible-basename-for-non-glibc-syste.patch |   4 +-
 ...uffering-when-writing-to-oom_score_a.patch |   4 +-
 ...compliant-strerror_r-from-GNU-specif.patch |  10 +-
 ...S_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch |   4 +-
 ...ype.h-add-__compar_d_fn_t-definition.patch |   2 +-
 ...definition-of-prctl_mm_map-structure.patch |   2 +-
 .../systemd/0019-Handle-missing-LOCK_EX.patch |   4 +-
 ...ible-pointer-type-struct-sockaddr_un.patch |   6 +-
 .../0021-test-json.c-define-M_PIl.patch       |   4 +-
 ...-not-disable-buffer-in-writing-files.patch | 239 ++++++++++-------
 .../0025-Handle-__cpu_mask-usage.patch        |   4 +-
 .../systemd/0026-Handle-missing-gshadow.patch |  16 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |  11 +-
 ...eepConfiguration-when-running-on-net.patch | 253 ------------------
 .../{systemd_250.4.bb => systemd_250.5.bb}    |   2 +-
 .../e2fsprogs/e2fsprogs/extents.patch         |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   2 +
 .../qemu/qemu/CVE-2021-4206.patch             |  89 ++++++
 .../qemu/qemu/CVE-2021-4207.patch             |  43 +++
 meta/recipes-devtools/strace/strace/run-ptest |   6 +-
 .../{cronie_1.6.0.bb => cronie_1.6.1.bb}      |   2 +-
 meta/recipes-extended/sed/sed/run-ptest       |   2 +-
 .../{epiphany_42.0.bb => epiphany_42.2.bb}    |   2 +-
 meta/recipes-graphics/cairo/cairo_1.16.0.bb   |   5 +-
 .../freetype/freetype/CVE-2022-27404.patch    |  48 ++++
 .../freetype/freetype/CVE-2022-27405.patch    |  41 +++
 .../freetype/freetype/CVE-2022-27406.patch    |  32 +++
 .../freetype/freetype_2.11.1.bb               |   6 +-
 .../{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb}  |   0
 meta/recipes-graphics/mesa/mesa.inc           |   2 +-
 .../mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb}   |   0
 ...{libinput_1.19.3.bb => libinput_1.19.4.bb} |   2 +-
 ...{xwayland_22.1.0.bb => xwayland_22.1.1.bb} |   2 +-
 ...01-Makefile-replace-mkdir-by-install.patch |  84 ++++++
 ...20220411.bb => linux-firmware_20220509.bb} |   9 +-
 .../ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} |   2 +-
 .../webkitgtk/add_missing_include.patch       |  19 --
 ...ebkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} |   3 +-
 .../{fribidi_1.0.11.bb => fribidi_1.0.12.bb}  |   2 +-
 .../{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb}  |   2 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/lib/wic/plugins/source/rootfs.py      |   5 +-
 77 files changed, 1015 insertions(+), 618 deletions(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.1.bb => bind_9.18.2.bb} (98%)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
 rename meta/recipes-core/libxml/{libxml2_2.9.13.bb => libxml2_2.9.14.bb} (96%)
 rename meta/recipes-core/systemd/{systemd-boot_250.4.bb => systemd-boot_250.5.bb} (100%)
 create mode 100644 meta/recipes-core/systemd/systemd/0001-resolve-Use-sockaddr-pointer-type-for-bind.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/0029-network-enable-KeepConfiguration-when-running-on-net.patch
 rename meta/recipes-core/systemd/{systemd_250.4.bb => systemd_250.5.bb} (99%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
 rename meta/recipes-extended/cronie/{cronie_1.6.0.bb => cronie_1.6.1.bb} (97%)
 rename meta/recipes-gnome/epiphany/{epiphany_42.0.bb => epiphany_42.2.bb} (94%)
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch
 rename meta/recipes-graphics/mesa/{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} (100%)
 rename meta/recipes-graphics/mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} (100%)
 rename meta/recipes-graphics/wayland/{libinput_1.19.3.bb => libinput_1.19.4.bb} (95%)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.0.bb => xwayland_22.1.1.bb} (95%)
 create mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220411.bb => linux-firmware_20220509.bb} (99%)
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} (98%)
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/add_missing_include.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} (98%)
 rename meta/recipes-support/fribidi/{fribidi_1.0.11.bb => fribidi_1.0.12.bb} (90%)
 rename meta/recipes-support/sqlite/{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} (86%)

-- 
2.25.1

[OE-core][kirkstone 00/31] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4416

The following changes since commit fbdf93f43ff4b876487e1f26752598ec8abcb46e:

  build-appliance-image: Update to kirkstone head revision (2022-10-29 16:32:59 +0100)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  u-boot: Remove duplicate inherit of cml1

Bartosz Golaszewski (1):
  bluez5: add dbus to RDEPENDS

Bernhard Rosenkränzer (1):
  cmake-native: Fix host tool contamination (Bug: 14951)

Chen Qi (1):
  openssl: export necessary env vars in SDK

Ed Tanous (1):
  openssl: Upgrade 3.0.5 -> 3.0.7

Frank de Brabander (1):
  cve-update-db-native: add timeout to urlopen() calls

Hitendra Prajapati (1):
  openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead
    to NULL encryption

Jan-Simon Moeller (1):
  buildtools-tarball: export certificates to python and curl

Jeremy Puhlman (1):
  qemu-native: Add PACKAGECONFIG option for jack

Joshua Watt (2):
  runqemu: Do not perturb script environment
  runqemu: Fix gl-es argument from causing other arguments to be ignored

Keiya Nobuta (1):
  gnutls: Unified package names to lower-case

Khem Raj (1):
  perf: Depend on native setuptools3

Liam Beguin (1):
  meson: make wrapper options sub-command specific

Mark Hatle (1):
  insane.bbclass: Allow hashlib version that only accepts on parameter

Narpat Mali (1):
  wayland: fix CVE-2021-3782

Richard Purdie (1):
  openssl: Fix SSL_CERT_FILE to match ca-certs location

Ross Burton (7):
  lighttpd: fix CVE-2022-41556
  expat: backport the fix for CVE-2022-43680
  scripts/oe-check-sstate: cleanup
  scripts/oe-check-sstate: force build to run for all targets,
    specifically populate_sysroot
  opkg-utils: use a git clone, not a dynamic snapshot
  oe/packagemanager/rpm: don't leak file objects
  glib-2.0: fix rare GFileInfo test case failure

Teoh Jay Shen (1):
  vim: Upgrade 9.0.0598 -> 9.0.0614

Thomas Perrot (1):
  psplash: add psplash-default in rdepends

Tim Orling (1):
  vim: upgrade 9.0.0614 -> 9.0.0820

Vyacheslav Yurkov (1):
  overlayfs: Allow not used mount points

Xiangyu Chen (1):
  ltp: backport clock_gettime04 fix from upstream

Zheng Qiu (1):
  tiff: fix CVE-2022-2953

wangmy (1):
  ifupdown: upgrade 0.8.37 -> 0.8.39

 meta/classes/insane.bbclass                   |   5 +-
 meta/classes/overlayfs.bbclass                |   6 +-
 meta/lib/oe/overlayfs.py                      |   6 +-
 meta/lib/oe/package_manager/rpm/__init__.py   |  33 +-
 meta/recipes-bsp/u-boot/u-boot.inc            |   2 +-
 meta/recipes-connectivity/bluez5/bluez5.inc   |   1 +
 .../openssl/files/environment.d-openssl.sh    |   4 +
 .../{openssl_3.0.5.bb => openssl_3.0.7.bb}    |   2 +-
 .../expat/expat/CVE-2022-43680.patch          |  33 +
 meta/recipes-core/expat/expat_2.4.9.bb        |   1 +
 ...-info-don-t-assume-million-in-one-ev.patch |  51 ++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |   1 +
 ...{ifupdown_0.8.37.bb => ifupdown_0.8.39.bb} |   2 +-
 meta/recipes-core/meta/buildtools-tarball.bb  |   2 +
 .../recipes-core/meta/cve-update-db-native.bb |   9 +-
 meta/recipes-core/psplash/psplash_git.bb      |   2 +-
 .../cmake/cmake-native_3.22.3.bb              |   1 +
 .../meson/meson/meson-wrapper                 |  21 +-
 .../opkg-utils/opkg-utils_0.5.0.bb            |   6 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../lighttpd/lighttpd/CVE-2022-41556.patch    |  31 +
 .../lighttpd/lighttpd_1.4.66.bb               |   1 +
 ...set-threshold-based-on-the-clock-res.patch |  89 +++
 meta/recipes-extended/ltp/ltp_20220121.bb     |   1 +
 .../wayland/wayland/CVE-2021-3782.patch       | 111 ++++
 .../wayland/wayland_1.20.0.bb                 |   2 +
 meta/recipes-kernel/perf/perf.bb              |   2 +-
 ...ue-330-and-some-more-from-320-to-349.patch | 609 ++++++++++++++++++
 .../libtiff/tiff/CVE-2022-2953.patch          |  87 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   2 +
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   2 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/oe-check-sstate                       |   8 +-
 scripts/runqemu                               |  28 +-
 34 files changed, 1115 insertions(+), 51 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.5.bb => openssl_3.0.7.bb} (99%)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-g-file-info-don-t-assume-million-in-one-ev.patch
 rename meta/recipes-core/ifupdown/{ifupdown_0.8.37.bb => ifupdown_0.8.39.bb} (97%)
 create mode 100644 meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
 create mode 100644 meta/recipes-extended/ltp/ltp/0001-clock_gettime04-set-threshold-based-on-the-clock-res.patch
 create mode 100644 meta/recipes-graphics/wayland/wayland/CVE-2021-3782.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch

-- 
2.25.1

[OE-core][kirkstone 00/31] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4543

The following changes since commit da2c64b3158c58eb0a484d3acbdf0419df2d34e8:

  wic: make ext2/3/4 images reproducible (2022-11-17 07:23:06 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (11):
  linux-firmware: upgrade 20220913 -> 20221012
  xwayland: upgrade 22.1.3 -> 22.1.4
  libffi: upgrade 3.4.2 -> 3.4.4
  libical: upgrade 3.0.15 -> 3.0.16
  mtd-utils: upgrade 2.1.4 -> 2.1.5
  gdk-pixbuf: upgrade 2.42.9 -> 2.42.10
  gstreamer1.0: upgrade 1.20.3 -> 1.20.4
  libepoxy: convert to git
  libepoxy: update 1.5.9 -> 1.5.10
  vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only
    that
  gnomebase.bbclass: return the whole version for tarball directory if
    it is a number

Jose Quaresma (3):
  sstatesig: skip the rm_work task signature
  rm_work: exclude the SSTATETASKS from the rm_work tasks sinature
  sstate: Allow optimisation of do_deploy_archives task dependencies

Joshua Watt (2):
  qemu-helper-native: Re-write bridge helper as C program
  qemu-helper-native: Correctly pass program name as argv[0]

Konrad Weihmann (1):
  create-spdx: default share_src for shared sources

Martin Jansa (1):
  libsndfile1: Backport fix for CVE-2021-4156

Narpat Mali (2):
  ffmpeg: fix for CVE-2022-3964
  ffmpeg: fix for CVE-2022-3965

Peter Marko (2):
  systemd: add group render to udev package
  meta-selftest/staticids: add render group for systemd

Richard Purdie (1):
  sanity: Drop data finalize call

Ross Burton (1):
  linux-firmware: don't put the firmware into the sysroot

Sakib Sajal (1):
  go: fix CVE-2022-2880

Vivek Kumbhar (1):
  python3: fix CVE-2022-42919 local privilege escalation via the
    multiprocessing forkserver start method

Wang Mingyu (4):
  xwayland: upgrade 22.1.4 -> 22.1.5
  mobile-broadband-provider-info: upgrade 20220725 -> 20221107
  babeltrace: upgrade 1.5.8 -> 1.5.11
  iso-codes: upgrade 4.11.0 -> 4.12.0

Xiangyu Chen (1):
  bash: backport patch to fix CVE-2022-3715

 meta-selftest/files/static-group              |   1 +
 meta/classes/create-spdx.bbclass              |   5 +-
 meta/classes/gnomebase.bbclass                |   2 +-
 meta/classes/rm_work.bbclass                  |   2 +
 meta/classes/sanity.bbclass                   |  11 +-
 meta/classes/sstate.bbclass                   |   2 +-
 meta/lib/oe/sstatesig.py                      |   6 +
 .../mobile-broadband-provider-info_git.bb     |   4 +-
 meta/recipes-core/systemd/systemd_250.5.bb    |   2 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 ...util-avoid-query-parameter-smuggling.patch | 178 ++++++++++++++++++
 meta/recipes-devtools/mtd/mtd-utils_git.bb    |   4 +-
 .../python/python3/CVE-2022-42919.patch       |  70 +++++++
 .../recipes-devtools/python/python3_3.10.7.bb |   1 +
 .../qemu/qemu-helper-native_1.0.bb            |   6 +-
 .../qemu/qemu-helper/qemu-oe-bridge-helper    |  25 ---
 .../qemu/qemu-helper/qemu-oe-bridge-helper.c  |  34 ++++
 meta/recipes-devtools/vala/vala.inc           |  10 +-
 .../bash/bash/CVE-2022-3715.patch             |  33 ++++
 meta/recipes-extended/bash/bash_5.1.16.bb     |   1 +
 ...pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} |   2 +-
 .../{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} |   5 +-
 ...{xwayland_22.1.3.bb => xwayland_22.1.5.bb} |   2 +-
 ...20220913.bb => linux-firmware_20221012.bb} |   9 +-
 ...beltrace_1.5.8.bb => babeltrace_1.5.11.bb} |   2 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |  89 +++++++++
 ...c-stop-accessing-out-of-bounds-frame.patch | 108 +++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |   3 +
 ...tools_1.20.3.bb => gst-devtools_1.20.4.bb} |   2 +-
 ...r-APNG-encoder-property-registration.patch |  86 ---------
 ...1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} |   6 +-
 ...x_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} |   2 +-
 ....bb => gstreamer1.0-plugins-bad_1.20.4.bb} |   2 +-
 ...bb => gstreamer1.0-plugins-base_1.20.4.bb} |   2 +-
 ...bb => gstreamer1.0-plugins-good_1.20.4.bb} |   2 +-
 ...bb => gstreamer1.0-plugins-ugly_1.20.4.bb} |   2 +-
 ....20.3.bb => gstreamer1.0-python_1.20.4.bb} |   2 +-
 ....bb => gstreamer1.0-rtsp-server_1.20.4.bb} |   2 +-
 ...1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} |   2 +-
 ...er1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} |   2 +-
 ...flac-Fix-improper-buffer-reusing-732.patch |  29 +++
 .../libsndfile/libsndfile1_1.0.31.bb          |   1 +
 ...so-codes_4.11.0.bb => iso-codes_4.12.0.bb} |   2 +-
 ...m-sysv-reverted-clang-VFP-mitigation.patch |   6 +-
 .../libffi/libffi/not-win32.patch             |   8 +-
 .../{libffi_3.4.2.bb => libffi_3.4.4.bb}      |   4 +-
 .../{libical_3.0.15.bb => libical_3.0.16.bb}  |   2 +-
 47 files changed, 612 insertions(+), 170 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch
 delete mode 100755 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
 create mode 100644 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
 create mode 100644 meta/recipes-extended/bash/bash/CVE-2022-3715.patch
 rename meta/recipes-gnome/gdk-pixbuf/{gdk-pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} (98%)
 rename meta/recipes-graphics/libepoxy/{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} (86%)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.3.bb => xwayland_22.1.5.bb} (95%)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221012.bb} (99%)
 rename meta/recipes-kernel/lttng/{babeltrace_1.5.8.bb => babeltrace_1.5.11.bb} (98%)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
 rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.3.bb => gst-devtools_1.20.4.bb} (95%)
 delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} (82%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.3.bb => gstreamer1.0-plugins-bad_1.20.4.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.3.bb => gstreamer1.0-plugins-base_1.20.4.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.3.bb => gstreamer1.0-plugins-good_1.20.4.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.3.bb => gstreamer1.0-plugins-ugly_1.20.4.bb} (94%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.3.bb => gstreamer1.0-python_1.20.4.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.3.bb => gstreamer1.0-rtsp-server_1.20.4.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} (97%)
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
 rename meta/recipes-support/iso-codes/{iso-codes_4.11.0.bb => iso-codes_4.12.0.bb} (94%)
 rename meta/recipes-support/libffi/{libffi_3.4.2.bb => libffi_3.4.4.bb} (90%)
 rename meta/recipes-support/libical/{libical_3.0.15.bb => libical_3.0.16.bb} (96%)

-- 
2.25.1

[OE-core][kirkstone 01/31] libsndfile1: Backport fix for CVE-2021-4156

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

CVE: CVE-2021-4156

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...flac-Fix-improper-buffer-reusing-732.patch | 29 +++++++++++++++++++
 .../libsndfile/libsndfile1_1.0.31.bb          |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
new file mode 100644
index 0000000000..ede696180a
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-flac-Fix-improper-buffer-reusing-732.patch
@@ -0,0 +1,29 @@
+From 9e4e9224c39195bde8ec14d1295944f713adb79a Mon Sep 17 00:00:00 2001
+From: yuan <ssspeed00@gmail.com>
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc]
+CVE: CVE-2021-4156
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e..e3320450 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
index ea14fe29cb..f6ea585e34 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.31.bb
@@ -10,6 +10,7 @@ LICENSE = "LGPL-2.1-only"
 
 SRC_URI = "https://github.com/libsndfile/libsndfile/releases/download/${PV}/libsndfile-${PV}.tar.bz2 \
            file://noopus.patch \
+           file://0001-flac-Fix-improper-buffer-reusing-732.patch \
           "
 UPSTREAM_CHECK_URI = "https://github.com/libsndfile/libsndfile/releases/"
 
-- 
2.25.1

[OE-core][kirkstone 02/31] bash: backport patch to fix CVE-2022-3715

[Steve Sakoman]

From: Xiangyu Chen <xiangyu.chen@eng.windriver.com>

CVE Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-3715

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../bash/bash/CVE-2022-3715.patch             | 33 +++++++++++++++++++
 meta/recipes-extended/bash/bash_5.1.16.bb     |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-extended/bash/bash/CVE-2022-3715.patch

diff --git a/meta/recipes-extended/bash/bash/CVE-2022-3715.patch b/meta/recipes-extended/bash/bash/CVE-2022-3715.patch
new file mode 100644
index 0000000000..44f4d91949
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/CVE-2022-3715.patch
@@ -0,0 +1,33 @@
+From 15d2428d5d3df8dd826008baf51579ab7750d8b2 Mon Sep 17 00:00:00 2001
+From: Xiangyu Chen <xiangyu.chen@windriver.com>
+Date: Wed, 23 Nov 2022 11:17:01 +0800
+Subject: [OE-Core][kirkstone][PATCH] bash: heap-buffer-overflow in
+ valid_parameter_transform CVE-2022-3715
+
+Reference:https://bugzilla.redhat.com/show_bug.cgi?id=2126720
+
+CVE: CVE-2022-3715
+Upstream-Status: Backport from
+[https://git.savannah.gnu.org/cgit/bash.git/diff/subst.c?h=bash-5.2-testing&id=9cef6d01181525de119832d2b6a925899cdec08e]
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ subst.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/subst.c b/subst.c
+index 2b76256..38ee9ac 100644
+--- a/subst.c
++++ b/subst.c
+@@ -7962,7 +7962,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl
+       return ((char *)NULL);
+     }
+ 
+-  if (valid_parameter_transform (xform) == 0)
++  if (xform[0] == 0 || valid_parameter_transform (xform) == 0)
+     {
+       this_command_name = oname;
+ #if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */
+-- 
+2.34.1
+
diff --git a/meta/recipes-extended/bash/bash_5.1.16.bb b/meta/recipes-extended/bash/bash_5.1.16.bb
index d046faa4e5..11c2314fbf 100644
--- a/meta/recipes-extended/bash/bash_5.1.16.bb
+++ b/meta/recipes-extended/bash/bash_5.1.16.bb
@@ -15,6 +15,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
            file://use_aclocal.patch \
            file://makerace.patch \
            file://makerace2.patch \
+           file://CVE-2022-3715.patch \
            "
 
 SRC_URI[tarball.sha256sum] = "5bac17218d3911834520dad13cd1f85ab944e1c09ae1aba55906be1f8192f558"
-- 
2.25.1

[OE-core][kirkstone 03/31] ffmpeg: fix for CVE-2022-3964

[Steve Sakoman]

From: Narpat Mali <narpat.mali@windriver.com>

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file
libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size
leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is
92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated
identifier of this vulnerability is VDB-213543.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3964

Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...c-stop-accessing-out-of-bounds-frame.patch | 89 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  2 +
 2 files changed, 91 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 0000000000..2775a81cc8
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,89 @@
+From 92f9b28ed84a77138105475beba16c146bdaf984 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 12 Nov 2022 16:12:00 +0100
+Subject: [PATCH] avcodec/rpzaenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/92f9b28ed84a77138105475beba16c146bdaf984]
+
+Signed-off-by: <narpat.mali@windriver.com>
+
+---
+ libavcodec/rpzaenc.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
+index d710eb4f82..4ced9523e2 100644
+--- a/libavcodec/rpzaenc.c
++++ b/libavcodec/rpzaenc.c
+@@ -205,7 +205,7 @@ static void get_max_component_diff(const BlockInfo *bi, const uint16_t *block_pt
+ 
+     // loop thru and compare pixels
+     for (y = 0; y < bi->block_height; y++) {
+-        for (x = 0; x < bi->block_width; x++){
++        for (x = 0; x < bi->block_width; x++) {
+             // TODO:  optimize
+             min_r = FFMIN(R(block_ptr[x]), min_r);
+             min_g = FFMIN(G(block_ptr[x]), min_g);
+@@ -278,7 +278,7 @@ static int leastsquares(const uint16_t *block_ptr, const BlockInfo *bi,
+         return -1;
+ 
+     for (i = 0; i < bi->block_height; i++) {
+-        for (j = 0; j < bi->block_width; j++){
++        for (j = 0; j < bi->block_width; j++) {
+             x = GET_CHAN(block_ptr[j], xchannel);
+             y = GET_CHAN(block_ptr[j], ychannel);
+             sumx += x;
+@@ -325,7 +325,7 @@ static int calc_lsq_max_fit_error(const uint16_t *block_ptr, const BlockInfo *bi
+     int max_err = 0;
+ 
+     for (i = 0; i < bi->block_height; i++) {
+-        for (j = 0; j < bi->block_width; j++){
++        for (j = 0; j < bi->block_width; j++) {
+             int x_inc, lin_y, lin_x;
+             x = GET_CHAN(block_ptr[j], xchannel);
+             y = GET_CHAN(block_ptr[j], ychannel);
+@@ -420,7 +420,9 @@ static void update_block_in_prev_frame(const uint16_t *src_pixels,
+                                        uint16_t *dest_pixels,
+                                        const BlockInfo *bi, int block_counter)
+ {
+-    for (int y = 0; y < 4; y++) {
++    const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
++
++    for (int y = 0; y < y_size; y++) {
+         memcpy(dest_pixels, src_pixels, 8);
+         dest_pixels += bi->rowstride;
+         src_pixels += bi->rowstride;
+@@ -730,14 +732,15 @@ post_skip :
+ 
+             if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
+                 uint16_t *row_ptr;
+-                int rgb555;
++                int y_size, rgb555;
+ 
+                 block_offset = get_block_info(&bi, block_counter);
+ 
+                 row_ptr = &src_pixels[block_offset];
++                y_size = FFMIN(4, bi.image_height - bi.row * 4);
+ 
+-                for (int y = 0; y < 4; y++) {
+-                    for (int x = 0; x < 4; x++){
++                for (int y = 0; y < y_size; y++) {
++                    for (int x = 0; x < 4; x++) {
+                         rgb555 = row_ptr[x] & ~0x8000;
+ 
+                         put_bits(&s->pb, 16, rgb555);
+@@ -745,6 +748,11 @@ post_skip :
+                     row_ptr += bi.rowstride;
+                 }
+ 
++                for (int y = y_size; y < 4; y++) {
++                    for (int x = 0; x < 4; x++)
++                        put_bits(&s->pb, 16, 0);
++                }
++
+                 block_counter++;
+             } else { // FOUR COLOR BLOCK
+                 block_counter += encode_four_color_block(min_color, max_color,
+-- 
+2.34.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index dd14f8df6f..e8e3462098 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -24,7 +24,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
+           file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
            "
+
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
 
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
-- 
2.25.1

[OE-core][kirkstone 04/31] ffmpeg: fix for CVE-2022-3965

[Steve Sakoman]

From: Narpat Mali <narpat.mali@windriver.com>

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function
smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The
manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-213544.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3965

Upstream Fix:
https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...c-stop-accessing-out-of-bounds-frame.patch | 108 ++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |   1 +
 2 files changed, 109 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
new file mode 100644
index 0000000000..923fc6a9c1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch
@@ -0,0 +1,108 @@
+From 13c13109759090b7f7182480d075e13b36ed8edd Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Sat, 12 Nov 2022 15:19:21 +0100
+Subject: [PATCH] avcodec/smcenc: stop accessing out of bounds frame
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/13c13109759090b7f7182480d075e13b36ed8edd]
+
+Signed-off-by: <narpat.mali@windriver.com>
+
+---
+ libavcodec/smcenc.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/libavcodec/smcenc.c b/libavcodec/smcenc.c
+index f3d26a4e8d..33549b8ab4 100644
+--- a/libavcodec/smcenc.c
++++ b/libavcodec/smcenc.c
+@@ -61,6 +61,7 @@ typedef struct SMCContext {
+         { \
+             row_ptr += stride * 4; \
+             pixel_ptr = row_ptr; \
++            cur_y += 4; \
+         } \
+     } \
+ }
+@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+     const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0];
+     uint8_t *distinct_values = s->distinct_values;
+     const uint8_t *pixel_ptr, *row_ptr;
++    const int height = frame->height;
+     const int width = frame->width;
+     uint8_t block_values[16];
+     int block_counter = 0;
+@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+     int color_octet_index = 0;
+     int color_table_index;  /* indexes to color pair, quad, or octet tables */
+     int total_blocks;
++    int cur_y = 0;
+ 
+     memset(s->color_pairs, 0, sizeof(s->color_pairs));
+     memset(s->color_quads, 0, sizeof(s->color_quads));
+     memset(s->color_octets, 0, sizeof(s->color_octets));
+ 
+     /* Number of 4x4 blocks in frame. */
+-    total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4);
++    total_blocks = ((width + 3) / 4) * ((height + 3) / 4);
+ 
+     pixel_ptr = row_ptr = src_pixels;
+ 
+@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+         int cache_index;
+         int distinct = 0;
+         int blocks = 0;
++        int frame_y = cur_y;
+ 
+         while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) {
++            const int y_size = FFMIN(4, height - cur_y);
+             int compare = 0;
+ 
+-            for (int y = 0; y < 4; y++) {
++            for (int y = 0; y < y_size; y++) {
+                 const ptrdiff_t offset = pixel_ptr - src_pixels;
+                 const uint8_t *prev_pixel_ptr = prev_pixels + offset;
+ 
+@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ 
+         pixel_ptr = xpixel_ptr;
+         row_ptr = xrow_ptr;
++        cur_y = frame_y;
+ 
+         while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) {
++            const int y_size = FFMIN(4, height - cur_y);
+             const ptrdiff_t offset = pixel_ptr - src_pixels;
+             const int sy = offset / stride;
+             const int sx = offset % stride;
+@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+             const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride;
+             int compare = 0;
+ 
+-            for (int y = 0; y < 4; y++) {
++            for (int y = 0; y < y_size; y++) {
+                 compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4);
+                 if (compare)
+                     break;
+@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ 
+         pixel_ptr = xpixel_ptr;
+         row_ptr = xrow_ptr;
++        cur_y = frame_y;
+ 
+         while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) {
+-            for (int y = 0; y < 4; y++)
++            const int y_size = FFMIN(4, height - cur_y);
++            for (int y = 0; y < y_size; y++)
+                 memcpy(block_values + y * 4, pixel_ptr + y * stride, 4);
+ 
+             qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values);
+@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext *s, const AVFrame *frame,
+ 
+         pixel_ptr = xpixel_ptr;
+         row_ptr = xrow_ptr;
++        cur_y = frame_y;
+ 
+         blocks = coded_blocks;
+         distinct = coded_distinct;
+-- 
+2.34.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index e8e3462098..95b4bf50ac 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -25,6 +25,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
            file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
+           file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
            "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
-- 
2.25.1

[OE-core][kirkstone 05/31] python3: fix CVE-2022-42919 local privilege escalation via the multiprocessing forkserver start method

[Steve Sakoman]

From: Vivek Kumbhar <vkumbhar@mvista.com>

Upstream-Status: Backport from https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../python/python3/CVE-2022-42919.patch       | 70 +++++++++++++++++++
 .../recipes-devtools/python/python3_3.10.7.bb |  1 +
 2 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch

diff --git a/meta/recipes-devtools/python/python3/CVE-2022-42919.patch b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
new file mode 100644
index 0000000000..6040724dae
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch
@@ -0,0 +1,70 @@
+From 87ef80926ea0ec960a220af89d8ff4db99417b03 Mon Sep 17 00:00:00 2001
+From: Vivek Kumbhar <vkumbhar@mvista.com>
+Date: Thu, 24 Nov 2022 17:44:18 +0530
+Subject: [PATCH] CVE-2022-42919
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2]
+CVE: CVE-2022-42919
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+
+[3.10] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98503)
+
+Linux abstract sockets are insecure as they lack any form of filesystem
+permissions so their use allows anyone on the system to inject code into
+the process.
+
+This removes the default preference for abstract sockets in
+multiprocessing introduced in Python 3.9+ via
+https://github.com/python/cpython/pull/18866 while fixing
+https://github.com/python/cpython/issues/84031.
+
+Explicit use of an abstract socket by a user now generates a
+RuntimeWarning.  If we choose to keep this warning, it should be
+backported to the 3.7 and 3.8 branches.
+(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
+---
+ Lib/multiprocessing/connection.py                 |  5 -----
+ .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+
+diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
+index 510e4b5..8e2facf 100644
+--- a/Lib/multiprocessing/connection.py
++++ b/Lib/multiprocessing/connection.py
+@@ -73,11 +73,6 @@ def arbitrary_address(family):
+     if family == 'AF_INET':
+         return ('localhost', 0)
+     elif family == 'AF_UNIX':
+-        # Prefer abstract sockets if possible to avoid problems with the address
+-        # size.  When coding portable applications, some implementations have
+-        # sun_path as short as 92 bytes in the sockaddr_un struct.
+-        if util.abstract_sockets_supported:
+-            return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
+         return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
+     elif family == 'AF_PIPE':
+         return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
+diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+new file mode 100644
+index 0000000..02d95b5
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
+@@ -0,0 +1,15 @@
++On Linux the :mod:`multiprocessing` module returns to using filesystem backed
++unix domain sockets for communication with the *forkserver* process instead of
++the Linux abstract socket namespace.  Only code that chooses to use the
++:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
++
++Abstract sockets have no permissions and could allow any user on the system in
++the same `network namespace
++<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
++whole system) to inject code into the multiprocessing *forkserver* process.
++This was a potential privilege escalation. Filesystem based socket permissions
++restrict this to the *forkserver* process user as was the default in Python 3.8
++and earlier.
++
++This prevents Linux `CVE-2022-42919
++<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3_3.10.7.bb b/meta/recipes-devtools/python/python3_3.10.7.bb
index 404a582135..2d230793ef 100644
--- a/meta/recipes-devtools/python/python3_3.10.7.bb
+++ b/meta/recipes-devtools/python/python3_3.10.7.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
            file://deterministic_imports.patch \
            file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
+           file://CVE-2022-42919.patch \
            "
 
 SRC_URI:append:class-native = " \
-- 
2.25.1

[OE-core][kirkstone 06/31] go: fix CVE-2022-2880

[Steve Sakoman]

From: Sakib Sajal <sakib.sajal@windriver.com>

Backport patch to fix CVE-2022-2880.

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 ...util-avoid-query-parameter-smuggling.patch | 178 ++++++++++++++++++
 2 files changed, 179 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index b18de66f42..9c467d63b2 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -17,6 +17,7 @@ SRC_URI += "\
     file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
     file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://CVE-2022-27664.patch \
+    file://0001-net-http-httputil-avoid-query-parameter-smuggling.patch \
 "
 SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
 
diff --git a/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch b/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
new file mode 100644
index 0000000000..80fba1446e
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/0001-net-http-httputil-avoid-query-parameter-smuggling.patch
@@ -0,0 +1,178 @@
+From c8bdf59453c95528a444a85e1b206c1c09eb20f6 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Thu, 22 Sep 2022 13:32:00 -0700
+Subject: [PATCH] net/http/httputil: avoid query parameter smuggling
+
+Query parameter smuggling occurs when a proxy's interpretation
+of query parameters differs from that of a downstream server.
+Change ReverseProxy to avoid forwarding ignored query parameters.
+
+Remove unparsable query parameters from the outbound request
+
+   * if req.Form != nil after calling ReverseProxy.Director; and
+   * before calling ReverseProxy.Rewrite.
+
+This change preserves the existing behavior of forwarding the
+raw query untouched if a Director hook does not parse the query
+by calling Request.ParseForm (possibly indirectly).
+
+Fixes #55842
+For #54663
+For CVE-2022-2880
+
+Change-Id: If1621f6b0e73a49d79059dae9e6b256e0ff18ca9
+Reviewed-on: https://go-review.googlesource.com/c/go/+/432976
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Damien Neil <dneil@google.com>
+(cherry picked from commit 7c84234142149bd24a4096c6cab691d3593f3431)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/433695
+Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+CVE: CVE-2022-2880
+Upstream-Status: Backport [9d2c73a9fd69e45876509bb3bdb2af99bf77da1e]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/net/http/httputil/reverseproxy.go      | 36 +++++++++++
+ src/net/http/httputil/reverseproxy_test.go | 74 ++++++++++++++++++++++
+ 2 files changed, 110 insertions(+)
+
+diff --git a/src/net/http/httputil/reverseproxy.go b/src/net/http/httputil/reverseproxy.go
+index 8b63368..c76eec6 100644
+--- a/src/net/http/httputil/reverseproxy.go
++++ b/src/net/http/httputil/reverseproxy.go
+@@ -249,6 +249,9 @@ func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+ 	}
+ 
+ 	p.Director(outreq)
++	if outreq.Form != nil {
++		outreq.URL.RawQuery = cleanQueryParams(outreq.URL.RawQuery)
++	}
+ 	outreq.Close = false
+ 
+ 	reqUpType := upgradeType(outreq.Header)
+@@ -628,3 +631,36 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) {
+ 	_, err := io.Copy(c.backend, c.user)
+ 	errc <- err
+ }
++
++func cleanQueryParams(s string) string {
++	reencode := func(s string) string {
++		v, _ := url.ParseQuery(s)
++		return v.Encode()
++	}
++	for i := 0; i < len(s); {
++		switch s[i] {
++		case ';':
++			return reencode(s)
++		case '%':
++			if i+2 >= len(s) || !ishex(s[i+1]) || !ishex(s[i+2]) {
++				return reencode(s)
++			}
++			i += 3
++		default:
++			i++
++		}
++	}
++	return s
++}
++
++func ishex(c byte) bool {
++	switch {
++	case '0' <= c && c <= '9':
++		return true
++	case 'a' <= c && c <= 'f':
++		return true
++	case 'A' <= c && c <= 'F':
++		return true
++	}
++	return false
++}
+diff --git a/src/net/http/httputil/reverseproxy_test.go b/src/net/http/httputil/reverseproxy_test.go
+index 4b6ad77..8c0a4f1 100644
+--- a/src/net/http/httputil/reverseproxy_test.go
++++ b/src/net/http/httputil/reverseproxy_test.go
+@@ -1517,3 +1517,77 @@ func TestJoinURLPath(t *testing.T) {
+ 		}
+ 	}
+ }
++
++const (
++	testWantsCleanQuery = true
++	testWantsRawQuery   = false
++)
++
++func TestReverseProxyQueryParameterSmugglingDirectorDoesNotParseForm(t *testing.T) {
++	testReverseProxyQueryParameterSmuggling(t, testWantsRawQuery, func(u *url.URL) *ReverseProxy {
++		proxyHandler := NewSingleHostReverseProxy(u)
++		oldDirector := proxyHandler.Director
++		proxyHandler.Director = func(r *http.Request) {
++			oldDirector(r)
++		}
++		return proxyHandler
++	})
++}
++
++func TestReverseProxyQueryParameterSmugglingDirectorParsesForm(t *testing.T) {
++	testReverseProxyQueryParameterSmuggling(t, testWantsCleanQuery, func(u *url.URL) *ReverseProxy {
++		proxyHandler := NewSingleHostReverseProxy(u)
++		oldDirector := proxyHandler.Director
++		proxyHandler.Director = func(r *http.Request) {
++			// Parsing the form causes ReverseProxy to remove unparsable
++			// query parameters before forwarding.
++			r.FormValue("a")
++			oldDirector(r)
++		}
++		return proxyHandler
++	})
++}
++
++func testReverseProxyQueryParameterSmuggling(t *testing.T, wantCleanQuery bool, newProxy func(*url.URL) *ReverseProxy) {
++	const content = "response_content"
++	backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
++		w.Write([]byte(r.URL.RawQuery))
++	}))
++	defer backend.Close()
++	backendURL, err := url.Parse(backend.URL)
++	if err != nil {
++		t.Fatal(err)
++	}
++	proxyHandler := newProxy(backendURL)
++	frontend := httptest.NewServer(proxyHandler)
++	defer frontend.Close()
++
++	// Don't spam output with logs of queries containing semicolons.
++	backend.Config.ErrorLog = log.New(io.Discard, "", 0)
++	frontend.Config.ErrorLog = log.New(io.Discard, "", 0)
++
++	for _, test := range []struct {
++		rawQuery   string
++		cleanQuery string
++	}{{
++		rawQuery:   "a=1&a=2;b=3",
++		cleanQuery: "a=1",
++	}, {
++		rawQuery:   "a=1&a=%zz&b=3",
++		cleanQuery: "a=1&b=3",
++	}} {
++		res, err := frontend.Client().Get(frontend.URL + "?" + test.rawQuery)
++		if err != nil {
++			t.Fatalf("Get: %v", err)
++		}
++		defer res.Body.Close()
++		body, _ := io.ReadAll(res.Body)
++		wantQuery := test.rawQuery
++		if wantCleanQuery {
++			wantQuery = test.cleanQuery
++		}
++		if got, want := string(body), wantQuery; got != want {
++			t.Errorf("proxy forwarded raw query %q as %q, want %q", test.rawQuery, got, want)
++		}
++	}
++}
+-- 
+2.32.0
+
-- 
2.25.1

[OE-core][kirkstone 07/31] linux-firmware: upgrade 20220913 -> 20221012

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

License-Update: copyright years, additional firmwares

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9f658c724b6635e5745f30b25601bcc51a004be4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...inux-firmware_20220913.bb => linux-firmware_20221012.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220913.bb => linux-firmware_20221012.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
index 8f921e2d0e..6ba59a34c2 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20220913.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
@@ -71,7 +71,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
                     file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
                     file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \
-                    file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
+                    file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
                     file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
                     file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
                     file://LICENSE.atmel;md5=aa74ac0c60595dee4d4e239107ea77a3 \
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "98ecc3d3223df7ebdc23b0ec56aafb20"
+WHENCE_CHKSUM  = "d6d9d74a344a78028e6b0f1df80db14b"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "26fd00f2d8e96c4af6f44269a6b893eb857253044f75ad28ef6706a2250cd8e9"
+SRC_URI[sha256sum] = "e9d174af729511c8cccb60ec4e0b223b3c44b67d813b42d1ab9813acfa667fa5"
 
 inherit allarch
 
-- 
2.25.1

[OE-core][kirkstone 08/31] xwayland: upgrade 22.1.3 -> 22.1.4

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 553c080e0e30c8f6b69b4c5fae72903ee45ef6ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/{xwayland_22.1.3.bb => xwayland_22.1.4.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.3.bb => xwayland_22.1.4.bb} (95%)

diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
rename to meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
index da1b27525d..8597d07a7d 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.3.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a712eb7bce32cd934df36814b5dd046aa670899c16fe98f2afb003578f86a1c5"
+SRC_URI[sha256sum] = "5c39bdd77444c3fa7a0e2ef317ae69ddde89a901dc8914dbc8eac39a9313512a"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
 
-- 
2.25.1

[OE-core][kirkstone 09/31] xwayland: upgrade 22.1.4 -> 22.1.5

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 48ca760427f14ae291bf2ebf6f93f8d0fb27e3ab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/{xwayland_22.1.4.bb => xwayland_22.1.5.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.4.bb => xwayland_22.1.5.bb} (95%)

diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
rename to meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
index 8597d07a7d..c1c5407dee 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.4.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.5.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "5c39bdd77444c3fa7a0e2ef317ae69ddde89a901dc8914dbc8eac39a9313512a"
+SRC_URI[sha256sum] = "e317ac1f119f8321654921761420901e4abd95585a8c763ce26af3b045ac1672"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
 
-- 
2.25.1

[OE-core][kirkstone 10/31] libffi: upgrade 3.4.2 -> 3.4.4

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

3.4.4 Oct-23-2022
    Important aarch64 fixes, including support for linux builds
      with Link Time Optimization (-flto).
    Fix x86 stdcall stack alignment.
    Fix x86 Windows msvc assembler compatibility.
    Fix moxie and or1k small structure args.

3.4.3 Sep-19-22
    All struct args are passed by value, regardless of size, as per ABIs.
    Enable static trampolines for Cygwin.
    Add support for Loongson's LoongArch64 architecture.
    Fix x32 static trampolines.
    Fix 32-bit x86 stdcall stack corruption.
    Fix ILP32 aarch64 support.

License-Update: copyright years

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5b42ba98ef26a52bad8de1790b402938fec4a160)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../0001-arm-sysv-reverted-clang-VFP-mitigation.patch     | 6 ++----
 meta/recipes-support/libffi/libffi/not-win32.patch        | 8 ++++----
 .../libffi/{libffi_3.4.2.bb => libffi_3.4.4.bb}           | 4 ++--
 3 files changed, 8 insertions(+), 10 deletions(-)
 rename meta/recipes-support/libffi/{libffi_3.4.2.bb => libffi_3.4.4.bb} (90%)

diff --git a/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch b/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
index 4233799501..3ffcb3e128 100644
--- a/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
+++ b/meta/recipes-support/libffi/libffi/0001-arm-sysv-reverted-clang-VFP-mitigation.patch
@@ -1,4 +1,4 @@
-From 501a6b55853af549fae72723e74271f2a4ec7cf6 Mon Sep 17 00:00:00 2001
+From 000f1500b693a84880d2da49b77b1113f98dde35 Mon Sep 17 00:00:00 2001
 From: Brett Warren <brett.warren@arm.com>
 Date: Fri, 27 Nov 2020 15:28:42 +0000
 Subject: [PATCH] arm/sysv: reverted clang VFP mitigation
@@ -13,6 +13,7 @@ has been reverted.
 
 Upstream-Status: Submitted [https://github.com/libffi/libffi/pull/747]
 Signed-off-by: Brett Warren <brett.warren@arm.com>
+
 ---
  src/arm/sysv.S | 33 ---------------------------------
  1 file changed, 33 deletions(-)
@@ -99,6 +100,3 @@ index fb36213..e4272a1 100644
  	b	call_epilogue
  E(ARM_TYPE_INT64)
  	ldr	r1, [r2, #4]
--- 
-2.25.1
-
diff --git a/meta/recipes-support/libffi/libffi/not-win32.patch b/meta/recipes-support/libffi/libffi/not-win32.patch
index 62daaf4b38..38f9b0025c 100644
--- a/meta/recipes-support/libffi/libffi/not-win32.patch
+++ b/meta/recipes-support/libffi/libffi/not-win32.patch
@@ -1,4 +1,4 @@
-From 306719369a0d3608b4ff2737de74ae284788a14b Mon Sep 17 00:00:00 2001
+From 20bc4e03442e15965ae3907013e9a177878f0323 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Thu, 4 Feb 2016 16:22:50 +0000
 Subject: [PATCH] libffi: ensure sysroot paths are not in libffi.pc
@@ -21,11 +21,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index b764368..d51ce91 100644
+index 7e8cd98..cf37e88 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -354,7 +354,7 @@ AC_ARG_ENABLE(multi-os-directory,
-                           
+@@ -405,7 +405,7 @@ AC_ARG_ENABLE(multi-os-directory,
+ 
  # These variables are only ever used when we cross-build to X86_WIN32.
  # And we only support this with GCC, so...
 -if test "x$GCC" = "xyes"; then
diff --git a/meta/recipes-support/libffi/libffi_3.4.2.bb b/meta/recipes-support/libffi/libffi_3.4.4.bb
similarity index 90%
rename from meta/recipes-support/libffi/libffi_3.4.2.bb
rename to meta/recipes-support/libffi/libffi_3.4.4.bb
index 71d9518baf..4ceee6f3cc 100644
--- a/meta/recipes-support/libffi/libffi_3.4.2.bb
+++ b/meta/recipes-support/libffi/libffi_3.4.4.bb
@@ -8,13 +8,13 @@ library really only provides the lowest, machine dependent layer of a fully feat
 A layer must exist above `libffi' that handles type conversions for values passed between the two languages."
 
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=679b5c9bdc79a2b93ee574e193e7a7bc"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=32c0d09a0641daf4903e5d61cc8f23a8"
 
 SRC_URI = "https://github.com/libffi/libffi/releases/download/v${PV}/${BPN}-${PV}.tar.gz \
            file://not-win32.patch \
            file://0001-arm-sysv-reverted-clang-VFP-mitigation.patch \
            "
-SRC_URI[sha256sum] = "540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620"
+SRC_URI[sha256sum] = "d66c56ad259a82cf2a9dfc408b32bf5da52371500b84745f7fb8b645712df676"
 UPSTREAM_CHECK_URI = "https://github.com/libffi/libffi/releases/"
 UPSTREAM_CHECK_REGEX = "libffi-(?P<pver>\d+(\.\d+)+)\.tar"
 
-- 
2.25.1

[OE-core][kirkstone 11/31] libical: upgrade 3.0.15 -> 3.0.16

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Version 3.0.16 is a patch release.

- Fix regressions in 3.0.15 due to improperly tested fuzz fixes
- Fix argument guards in icaltime_as_timet to match documentation and tests.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 77d4557d6f6a1405d03bb5dc7ca23d7ee78c2037)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libical/{libical_3.0.15.bb => libical_3.0.16.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/libical/{libical_3.0.15.bb => libical_3.0.16.bb} (96%)

diff --git a/meta/recipes-support/libical/libical_3.0.15.bb b/meta/recipes-support/libical/libical_3.0.16.bb
similarity index 96%
rename from meta/recipes-support/libical/libical_3.0.15.bb
rename to meta/recipes-support/libical/libical_3.0.16.bb
index f5e9bb9372..c53b7ca375 100644
--- a/meta/recipes-support/libical/libical_3.0.15.bb
+++ b/meta/recipes-support/libical/libical_3.0.16.bb
@@ -15,7 +15,7 @@ SECTION = "libs"
 SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
            file://0001-cmake-Do-not-export-CC-into-gir-compiler.patch \
           "
-SRC_URI[sha256sum] = "019085ba99936f25546d86cb3e34852e5fe2b5a7d5f1cb4423a0cc42e399f629"
+SRC_URI[sha256sum] = "b44705dd71ca4538c86fb16248483ab4b48978524fb1da5097bd76aa2e0f0c33"
 UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases"
 
 inherit cmake pkgconfig gobject-introspection vala
-- 
2.25.1

[OE-core][kirkstone 12/31] mtd-utils: upgrade 2.1.4 -> 2.1.5

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Raw short log since the 2.1.4 release:

Alex Henrie (1):
       mkfs.jffs2: fix spelling of --compression-mode parameter in help text

Andrew Mellor (1):
       ubinfo: Fix --vol_id return code for absent volume id

Christophe Kerello (1):
       nandflipbits: fix corrupted oob

David Oberhollenzer (1):
       Release mtd-utils-2.1.5

Enrico Jorns (1):
       libmtd: do not ignore non-zero eraseblock size when MTD_NO_ERASE is set

Frederic Germain (2):
       .gitignore: add new ubiscan utility
       Fix warning about unaligned pointer in jffs2reader

Khem Raj (1):
       tests: Remove unused linux/fs.h header from includes

Michael Walle (1):
       mtd-utils: flash_otp_dump make offset optional

Mike Frysinger (1):
       fix test bashism

Rafał Miłecki (1):
       nandwrite: warn about writing 0xff blocks

Sascha Hauer (1):
       mtd-utils: nanddump: fix writing big images on 32bit machines

liaohua (1):
       nor-utils: fix memory leak

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a3289c988764e5b864873b4adc7656c101a5b9c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/mtd/mtd-utils_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 3318277477..6a4f7b0688 100644
--- a/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -11,9 +11,9 @@ inherit autotools pkgconfig update-alternatives
 DEPENDS = "zlib e2fsprogs util-linux"
 RDEPENDS:mtd-utils-tests += "bash"
 
-PV = "2.1.4"
+PV = "2.1.5"
 
-SRCREV = "c7f1bfa44a84d02061787e2f6093df5cc40b9f5c"
+SRCREV = "3f3b4cc6c3120107e7aaa21c6415772a255ac49c"
 SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \
            file://add-exclusion-to-mkfs-jffs2-git-2.patch \
            "
-- 
2.25.1

[OE-core][kirkstone 13/31] gdk-pixbuf: upgrade 2.42.9 -> 2.42.10

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

2.42.10 (stable)
===

- Search for rst2man.py [!145, Matt Turner]
- Update the memory size limit for JPEG images [#216, #218]
- Translation updates

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 01e1828f8e5bcb0ad88b89fe783c2973480695bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gdk-pixbuf/{gdk-pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-gnome/gdk-pixbuf/{gdk-pixbuf_2.42.9.bb => gdk-pixbuf_2.42.10.bb} (98%)

diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
similarity index 98%
rename from meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
rename to meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
index d33718e3ea..aa44515fbb 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.9.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
@@ -23,7 +23,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
            file://0001-Add-use_prebuilt_tools-option.patch \
            "
 
-SRC_URI[sha256sum] = "28f7958e7bf29a32d4e963556d241d0a41a6786582ff6a5ad11665e0347fc962"
+SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"
 
 inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even gobject-introspection gi-docgen lib_package
 
-- 
2.25.1

[OE-core][kirkstone 14/31] gstreamer1.0: upgrade 1.20.3 -> 1.20.4

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

The fourth 1.20 bug-fix release (1.20.4) was released on 12 October 2022.

This release only contains bugfixes and it should be safe to upgrade from 1.20.x.

Highlighted bugfixes in 1.20.4

- avaudiodec: fix playback issue with WMA files, would throw an error at EOS with FFmpeg 5.x
- Fix deadlock when loading gst-editing-services plugin
- Fix input buffering capacity in live mode for aggregator, video/audio aggregator subclasses, muxers
- glimagesink: fix crash on Android
- subtitle handling and subtitle overlay fixes
- matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9
- rtspsrc: fix control url handling for spec compliant servers and add fallback for incompliant servers
- WebRTC fixes
- RTP retransmission fixes
- video: fixes for formats with 4x subsampling and horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9)
- macOS build and packaging fixes, in particular fix finding of gio modules on macOS for https/TLS support
- Fix consuming of the macOS package as a framework in XCode
- Performance improvements
- Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 58e4825328dafd7f593d9eb42be5506408627a31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...tools_1.20.3.bb => gst-devtools_1.20.4.bb} |  2 +-
 ...r-APNG-encoder-property-registration.patch | 86 -------------------
 ...1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} |  6 +-
 ...x_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} |  2 +-
 ....bb => gstreamer1.0-plugins-bad_1.20.4.bb} |  2 +-
 ...bb => gstreamer1.0-plugins-base_1.20.4.bb} |  2 +-
 ...bb => gstreamer1.0-plugins-good_1.20.4.bb} |  2 +-
 ...bb => gstreamer1.0-plugins-ugly_1.20.4.bb} |  2 +-
 ....20.3.bb => gstreamer1.0-python_1.20.4.bb} |  2 +-
 ....bb => gstreamer1.0-rtsp-server_1.20.4.bb} |  2 +-
 ...1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} |  2 +-
 ...er1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} |  2 +-
 12 files changed, 12 insertions(+), 100 deletions(-)
 rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.3.bb => gst-devtools_1.20.4.bb} (95%)
 delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.3.bb => gstreamer1.0-libav_1.20.4.bb} (82%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.3.bb => gstreamer1.0-omx_1.20.4.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.3.bb => gstreamer1.0-plugins-bad_1.20.4.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.3.bb => gstreamer1.0-plugins-base_1.20.4.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.3.bb => gstreamer1.0-plugins-good_1.20.4.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.3.bb => gstreamer1.0-plugins-ugly_1.20.4.bb} (94%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.3.bb => gstreamer1.0-python_1.20.4.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.3.bb => gstreamer1.0-rtsp-server_1.20.4.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.3.bb => gstreamer1.0-vaapi_1.20.4.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.3.bb => gstreamer1.0_1.20.4.bb} (97%)

diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.4.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gst-devtools_1.20.4.bb
index c515e173c8..09b6e5a497 100644
--- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.4.bb
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
            file://0001-connect-has-a-different-signature-on-musl.patch \
            "
 
-SRC_URI[sha256sum] = "bbbd45ead703367ea8f4be9b3c082d7b62bef47b240a39083f27844e28758c47"
+SRC_URI[sha256sum] = "82a293600273f4dd3eed567aae510ca0c7d629c3807788b00e6cdbd1d2459a84"
 
 DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
 RRECOMMENDS:${PN} = "git"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
deleted file mode 100644
index 526bbb0037..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/0001-libav-Fix-for-APNG-encoder-property-registration.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 78a97c1ec35ada76d83fc67d0549ba56c74d8875 Mon Sep 17 00:00:00 2001
-From: Seungha Yang <seungha@centricular.com>
-Date: Thu, 7 Jul 2022 22:16:30 +0900
-Subject: [PATCH] libav: Fix for APNG encoder property registration
-
-The AVClass name of Animated PNG in FFmpeg 5.x is "(A)PNG"
-and it will be converted to "-a-png" through
-g_ascii_strdown() and g_strcanon(). But GLib disallow leading '-'
-character for a GType name. Strip leading '-' to workaround it.
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2724]
-
-Seungha Yangs patch was imported without modifications.
-
-Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
----
- ext/libav/gstavcfg.c | 29 +++++++++++++++++++++++------
- 1 file changed, 23 insertions(+), 6 deletions(-)
-
-diff --git a/ext/libav/gstavcfg.c b/ext/libav/gstavcfg.c
-index c736920..a8635a7 100644
---- a/ext/libav/gstavcfg.c
-+++ b/ext/libav/gstavcfg.c
-@@ -91,10 +91,19 @@ register_enum (const AVClass ** obj, const AVOption * top_opt)
-   gchar *lower_obj_name = g_ascii_strdown ((*obj)->class_name, -1);
-   gchar *enum_name = g_strdup_printf ("%s-%s", lower_obj_name, top_opt->unit);
-   gboolean none_default = TRUE;
-+  const gchar *enum_name_strip;
- 
-   g_strcanon (enum_name, G_CSET_a_2_z G_CSET_DIGITS, '-');
- 
--  if ((res = g_type_from_name (enum_name)))
-+  /* strip leading '-'s */
-+  enum_name_strip = enum_name;
-+  while (enum_name_strip[0] == '-')
-+    enum_name_strip++;
-+
-+  if (enum_name_strip[0] == '\0')
-+    goto done;
-+
-+  if ((res = g_type_from_name (enum_name_strip)))
-     goto done;
- 
-   while ((opt = av_opt_next (obj, opt))) {
-@@ -150,9 +159,8 @@ register_enum (const AVClass ** obj, const AVOption * top_opt)
-       }
-     }
- 
--    res =
--        g_enum_register_static (enum_name, &g_array_index (values, GEnumValue,
--            0));
-+    res = g_enum_register_static (enum_name_strip,
-+        &g_array_index (values, GEnumValue, 0));
- 
-     gst_type_mark_as_plugin_api (res, 0);
-   }
-@@ -177,10 +185,19 @@ register_flags (const AVClass ** obj, const AVOption * top_opt)
-   GArray *values = g_array_new (TRUE, TRUE, sizeof (GEnumValue));
-   gchar *lower_obj_name = g_ascii_strdown ((*obj)->class_name, -1);
-   gchar *flags_name = g_strdup_printf ("%s-%s", lower_obj_name, top_opt->unit);
-+  const gchar *flags_name_strip;
- 
-   g_strcanon (flags_name, G_CSET_a_2_z G_CSET_DIGITS, '-');
- 
--  if ((res = g_type_from_name (flags_name)))
-+  /* strip leading '-'s */
-+  flags_name_strip = flags_name;
-+  while (flags_name_strip[0] == '-')
-+    flags_name_strip++;
-+
-+  if (flags_name_strip[0] == '\0')
-+    goto done;
-+
-+  if ((res = g_type_from_name (flags_name_strip)))
-     goto done;
- 
-   while ((opt = av_opt_next (obj, opt))) {
-@@ -211,7 +228,7 @@ register_flags (const AVClass ** obj, const AVOption * top_opt)
-     g_array_sort (values, (GCompareFunc) cmp_flags_value);
- 
-     res =
--        g_flags_register_static (flags_name, &g_array_index (values,
-+        g_flags_register_static (flags_name_strip, &g_array_index (values,
-             GFlagsValue, 0));
- 
-     gst_type_mark_as_plugin_api (res, 0);
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.4.bb
similarity index 82%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.4.bb
index 7a2c0d1365..e23cf2e337 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.4.bb
@@ -11,10 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=69333daa044cb77e486cc36129f7a770 \
                     file://ext/libav/gstav.h;beginline=1;endline=18;md5=a752c35267d8276fd9ca3db6994fca9c \
                     "
 
-SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz \
-           file://0001-libav-Fix-for-APNG-encoder-property-registration.patch \
-           "
-SRC_URI[sha256sum] = "3fedd10560fcdfaa1b6462cbf79a38c4e7b57d7f390359393fc0cef6dbf27dfe"
+SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
+SRC_URI[sha256sum] = "04ccbdd58fb31dd94098da599209834a0e7661638c5703381dd0a862c56fc532"
 
 S = "${WORKDIR}/gst-libav-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.4.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.4.bb
index fb48562a2b..4d63db89a7 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.4.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "8db48040bb41f09edf8d17ff6d16c54888d7777ba4501c2c69f0083350ea9a15"
+SRC_URI[sha256sum] = "70ddd485e2dcab79070164d61ad2ff3a63e15a1d7abf9075d86eb77762b0edfd"
 
 S = "${WORKDIR}/gst-omx-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.4.bb
similarity index 98%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.4.bb
index 05de217c34..c83beb6632 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.4.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
            file://0003-ensure-valid-sentinals-for-gst_structure_get-etc.patch \
            file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
            "
-SRC_URI[sha256sum] = "7a11c13b55dd1d2386dd902219e41cbfcdda8e1e0aa3e738186c95074b35da4f"
+SRC_URI[sha256sum] = "a1a3f53b3604d9a04fdd0bf9a1a616c3d2dab5320489e9ecee1178e81e33a16a"
 
 S = "${WORKDIR}/gst-plugins-bad-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.4.bb
similarity index 97%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.4.bb
index 7eebbba949..a0f238a59d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.4.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
            file://0003-viv-fb-Make-sure-config.h-is-included.patch \
            file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
            "
-SRC_URI[sha256sum] = "7e30b3dd81a70380ff7554f998471d6996ff76bbe6fc5447096f851e24473c9f"
+SRC_URI[sha256sum] = "8d181b7abe4caf23ee9f9ec5b4d3e232640452464e39495bfffb6d776fc97225"
 
 S = "${WORKDIR}/gst-plugins-base-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.4.bb
similarity index 97%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.4.bb
index 0235935a4a..4a4672992e 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.4.bb
@@ -8,7 +8,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
            file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
            "
 
-SRC_URI[sha256sum] = "f8f3c206bf5cdabc00953920b47b3575af0ef15e9f871c0b6966f6d0aa5868b7"
+SRC_URI[sha256sum] = "b16130fbe632fa8547c2147a0ef575b0140fb521065c5cb121c72ddbd23b64da"
 
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.4.bb
similarity index 94%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.4.bb
index ad7b84b5ab..94b8c8e2cf 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.4.bb
@@ -14,7 +14,7 @@ LICENSE_FLAGS = "commercial"
 SRC_URI = " \
             https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
             "
-SRC_URI[sha256sum] = "8caa20789a09c304b49cf563d33cca9421b1875b84fcc187e4a385fa01d6aefd"
+SRC_URI[sha256sum] = "5c9ec6bab96517e438b3f9bae0ceb84d3436f3da9bbe180cf4d28e32a7251b59"
 
 S = "${WORKDIR}/gst-plugins-ugly-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.4.bb
similarity index 91%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.4.bb
index 57026ba73b..b514989864 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.4.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "db348120eae955b8cc4de3560a7ea06e36d6e1ddbaa99a7ad96b59846601cfdc"
+SRC_URI[sha256sum] = "5eb4136d03e2a495f4499c8b2e6d9d3e7b5e73c5a8b8acf9213d57bc6a7bd3c1"
 
 DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
 RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.4.bb
similarity index 90%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.4.bb
index fd4f82fcc3..4137b4993b 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.4.bb
@@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server"
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "ee402718be9b127f0e5e66ca4c1b4f42e4926ec93ba307b7ccca5dc6cc9794ca"
+SRC_URI[sha256sum] = "88d9ef634e59aeb8cc183ad5ae444557c5a88dd49d833b9072bc6e1fae6a3d7d"
 
 S = "${WORKDIR}/${PNREAL}-${PV}"
 
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.4.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.4.bb
index 6e580f9f79..81ec23d26e 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.4.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
 
 SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
 
-SRC_URI[sha256sum] = "6ee99eb316abdde9ad37002915bd8c3867918f6fdc74b7cf2ac4c1ae0d690b45"
+SRC_URI[sha256sum] = "ab12596144c05506e9782374c5d2cdfb3069fca89908d6de360d947bb77fd06a"
 
 S = "${WORKDIR}/${REALPN}-${PV}"
 DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.4.bb
similarity index 97%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.4.bb
index 1f4576c3e1..d0ba2919ee 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.4.bb
@@ -23,7 +23,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
            file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
            file://0005-tests-remove-gstbin-test_watch_for_state_change-test.patch \
            "
-SRC_URI[sha256sum] = "607daf64bbbd5fb18af9d17e21c0d22c4d702fffe83b23cb22d1b1af2ca23a2a"
+SRC_URI[sha256sum] = "67c1edf8c3c339cda5dde85f4f7b953bb9607c2d13ae970e2491c5c4c055ef5f"
 
 PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
                    check \
-- 
2.25.1

[OE-core][kirkstone 15/31] libepoxy: convert to git

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Latest version doesn't come with stable tarballs.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 4b6eed2bb323a3c7390ca3ad426afe27e9072bf0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb b/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
index 487fc00360..881010b1a3 100644
--- a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
+++ b/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
@@ -9,10 +9,11 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
 
-SRC_URI = "https://github.com/anholt/${BPN}/releases/download/${PV}/${BP}.tar.xz \
+SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https \
            file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \
            "
-SRC_URI[sha256sum] = "d168a19a6edfdd9977fef1308ccf516079856a4275cf876de688fb7927e365e4"
+SRCREV = "ecfa8e0f083084181d36966fa084aca9a6c97d53"
+S = "${WORKDIR}/git"
 UPSTREAM_CHECK_URI = "https://github.com/anholt/libepoxy/releases"
 
 inherit meson pkgconfig features_check
-- 
2.25.1

[OE-core][kirkstone 16/31] libepoxy: update 1.5.9 -> 1.5.10

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Changes since 1.5.9
- Fix for building with MSVC on non-English locale [Seungha Yang]
- Fix build on Android [Caolán McNamara]
- Add the right include paths for EGL and X11 headers [Alex Richardson]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 436cb3c98c582e17e6ed2491cc6598c56976af46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libepoxy/{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb}          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/libepoxy/{libepoxy_1.5.9.bb => libepoxy_1.5.10.bb} (95%)

diff --git a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb b/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
similarity index 95%
rename from meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
rename to meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
index 881010b1a3..c3e770dfa8 100644
--- a/meta/recipes-graphics/libepoxy/libepoxy_1.5.9.bb
+++ b/meta/recipes-graphics/libepoxy/libepoxy_1.5.10.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
 SRC_URI = "git://github.com/anholt/libepoxy;branch=master;protocol=https \
            file://0001-dispatch_common.h-define-also-EGL_NO_X11.patch \
            "
-SRCREV = "ecfa8e0f083084181d36966fa084aca9a6c97d53"
+SRCREV = "c84bc9459357a40e46e2fec0408d04fbdde2c973"
 S = "${WORKDIR}/git"
 UPSTREAM_CHECK_URI = "https://github.com/anholt/libepoxy/releases"
 
-- 
2.25.1

[OE-core][kirkstone 17/31] mobile-broadband-provider-info: upgrade 20220725 -> 20221107

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7e12fa1e6250fc358ba159a6b626458d871f7ccf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../mobile-broadband-provider-info_git.bb                     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 2cc92b7b47..e802bcee18 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -5,8 +5,8 @@ SECTION = "network"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
 
-SRCREV = "fe19892a8168bf19d81e3bc4ee319bf7f9f058f5"
-PV = "20220725"
+SRCREV = "22a5de3ef637990ce03141f786fbdb327e9c5a3f"
+PV = "20221107"
 PE = "1"
 
 SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
-- 
2.25.1

[OE-core][kirkstone 18/31] babeltrace: upgrade 1.5.8 -> 1.5.11

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
===========
* Fix: distutils removed in python 3.12
* Fix: use-after-free with popt 1.19
* configure.ac: Basic fixes for autoconf 2.70
* Add gerrit config for stable-1.5
* port: disable debug-info by default on FreeBSD
* port: add missing includes for FreeBSD compat
* bindings: try importing collections.abc first for forward compatibility
* man: fix typo in babeltrace.1

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a8f3e4f92f968eb96df11203ff442e6e42634915)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../lttng/{babeltrace_1.5.8.bb => babeltrace_1.5.11.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/lttng/{babeltrace_1.5.8.bb => babeltrace_1.5.11.bb} (98%)

diff --git a/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
similarity index 98%
rename from meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
rename to meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
index 19601e7d1b..8e2fe4164d 100644
--- a/meta/recipes-kernel/lttng/babeltrace_1.5.8.bb
+++ b/meta/recipes-kernel/lttng/babeltrace_1.5.11.bb
@@ -10,7 +10,7 @@ DEPENDS = "glib-2.0 util-linux popt bison-native flex-native"
 SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-1.5 \
 	   file://run-ptest \
 	  "
-SRCREV = "054a54ae10b01a271afc4f19496c041b10fb414c"
+SRCREV = "91c00f70884887ff5c4849a8e3d47e311a22ba9d"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>1(\.\d+)+)$"
 
 S = "${WORKDIR}/git"
-- 
2.25.1

[OE-core][kirkstone 19/31] iso-codes: upgrade 4.11.0 -> 4.12.0

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
=========
- ISO 3166-1: Update name for TR. Fixes #38
- Translation updates for ISO 3166-1
- Translation updates for ISO 3166-2. Closes: #1020633
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 639-3
- Translation updates for ISO 639-5
- Translation updates for ISO 4217
- Translation updates for ISO 15924

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 99917b4b7d5642b292cb95c770871b95e411dfc5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../iso-codes/{iso-codes_4.11.0.bb => iso-codes_4.12.0.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/iso-codes/{iso-codes_4.11.0.bb => iso-codes_4.12.0.bb} (94%)

diff --git a/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
similarity index 94%
rename from meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
rename to meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
index be573981b0..ea7c43cdae 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.11.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.12.0.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 
 SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "2651d7fe65582263c57385a852b0c6d8a49f6985"
+SRCREV = "5e4dddbd1f8902ab0252ccbb19b783cc0359505a"
 
 # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
 # are inhibited by allarch
-- 
2.25.1

[OE-core][kirkstone 20/31] qemu-helper-native: Re-write bridge helper as C program

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

The bridge helper program is invoked directly from QEMU when it needs to
attach to a network bridge. As such, it is subject to the environment of
QEMU itself. Specifically, if bridging is enabled with direct rendering
acceleration, QEMU is run with an LD_PRELOAD that attempts to preload
several uninative libraries; however /bin/sh doesn't use the uninative
loader which means it can fail to start with an error like:

 /bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE

Converting the helper program to a C program resolves this problem
because it will now use the uninative loader so the preload doesn't
cause errors.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f698e98f2f09952b34488b8cf9e73e82bd7aea07)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../qemu/qemu-helper-native_1.0.bb            |  6 +--
 .../qemu/qemu-helper/qemu-oe-bridge-helper    | 25 -----------
 .../qemu/qemu-helper/qemu-oe-bridge-helper.c  | 41 +++++++++++++++++++
 3 files changed, 44 insertions(+), 28 deletions(-)
 delete mode 100755 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
 create mode 100644 meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c

diff --git a/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index aa9e499c77..e297586bbb 100644
--- a/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5
 
 SRC_URI = "\
     file://tunctl.c \
-    file://qemu-oe-bridge-helper \
+    file://qemu-oe-bridge-helper.c \
     "
 
 S = "${WORKDIR}"
@@ -16,13 +16,13 @@ inherit native
 
 do_compile() {
 	${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl
+	${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o qemu-oe-bridge-helper
 }
 
 do_install() {
 	install -d ${D}${bindir}
 	install tunctl ${D}${bindir}/
-
-    install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/
+	install qemu-oe-bridge-helper ${D}${bindir}/
 }
 
 DEPENDS += "qemu-system-native"
diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
deleted file mode 100755
index f057d4eef0..0000000000
--- a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper
+++ /dev/null
@@ -1,25 +0,0 @@
-#! /bin/sh
-# Copyright 2020 Garmin Ltd. or its subsidiaries
-#
-# SPDX-License-Identifier: GPL-2.0
-#
-# Attempts to find and exec the host qemu-bridge-helper program
-
-# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it.
-if [ -n "$QEMU_BRIDGE_HELPER" ]; then
-    exec "$QEMU_BRIDGE_HELPER" "$@"
-fi
-
-# Search common paths for the helper program
-BN="qemu-bridge-helper"
-PATHS="/usr/libexec/ /usr/lib/qemu/"
-
-for p in $PATHS; do
-    if [ -e "$p/$BN" ]; then
-        exec "$p/$BN" "$@"
-    fi
-done
-
-echo "$BN not found!" > /dev/stderr
-exit 1
-
diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
new file mode 100644
index 0000000000..cadf2a012a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2022 Garmin Ltd. or its subsidiaries
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ *
+ * Attempts to find and exec the host qemu-bridge-helper program
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+
+void try_program(char const* path, char** args) {
+    if (access(path, X_OK) == 0) {
+        execv(path, args);
+    }
+}
+
+int main(int argc, char** argv) {
+    char* var;
+
+    /* Copy arguments so that they are a NULL terminated list, skipping argv[0]
+     * since it is this program name */
+    char** args = malloc(argc * sizeof(char*));
+    for (int i = 0; i < argc - 1; i++) {
+        args[i] = argv[i + 1];
+    }
+    args[argc - 1] = NULL;
+
+    var = getenv("QEMU_BRIDGE_HELPER");
+    if (var && var[0] != '\0') {
+        execvp(var, args);
+        return 1;
+    }
+
+    try_program("/usr/libexec/qemu-bridge-helper", args);
+    try_program("/usr/lib/qemu/qemu-bridge-helper", args);
+
+    fprintf(stderr, "No bridge helper found\n");
+    return 1;
+}
+
-- 
2.25.1

[OE-core][kirkstone 21/31] qemu-helper-native: Correctly pass program name as argv[0]

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

The previous version of this wasn't correctly passing the program name
as argv[0], and was also over-complicated anyway because argv[] is
guaranteed to be terminated with a NULL pointer, so it can be passed
directly to the execv'd process without needing to be copied.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6edf38add3c20c44efe0588e2815bb280d22e0c4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../qemu/qemu-helper/qemu-oe-bridge-helper.c      | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
index cadf2a012a..9434e1d269 100644
--- a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
+++ b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c
@@ -8,6 +8,7 @@
 
 #include <stdio.h>
 #include <unistd.h>
+#include <stdlib.h>
 
 void try_program(char const* path, char** args) {
     if (access(path, X_OK) == 0) {
@@ -18,22 +19,14 @@ void try_program(char const* path, char** args) {
 int main(int argc, char** argv) {
     char* var;
 
-    /* Copy arguments so that they are a NULL terminated list, skipping argv[0]
-     * since it is this program name */
-    char** args = malloc(argc * sizeof(char*));
-    for (int i = 0; i < argc - 1; i++) {
-        args[i] = argv[i + 1];
-    }
-    args[argc - 1] = NULL;
-
     var = getenv("QEMU_BRIDGE_HELPER");
     if (var && var[0] != '\0') {
-        execvp(var, args);
+        execvp(var, argv);
         return 1;
     }
 
-    try_program("/usr/libexec/qemu-bridge-helper", args);
-    try_program("/usr/lib/qemu/qemu-bridge-helper", args);
+    try_program("/usr/libexec/qemu-bridge-helper", argv);
+    try_program("/usr/lib/qemu/qemu-bridge-helper", argv);
 
     fprintf(stderr, "No bridge helper found\n");
     return 1;
-- 
2.25.1

[OE-core][kirkstone 22/31] linux-firmware: don't put the firmware into the sysroot

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

There's no need to have linux-firmware in the sysroot. The sysroot won't
ever be used anyway as nothing needs the firmware at build-time, but this
saves us building a ~900MB sysroot (~300MB sstate tarball).

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 26ed998c4f201c5cacf330f52e51e416afbd300c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
index 6ba59a34c2..c7ecee0d9a 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20221012.bb
@@ -1121,3 +1121,6 @@ INSANE_SKIP = "arch"
 
 # Don't warn about already stripped files
 INSANE_SKIP:${PN} = "already-stripped"
+
+# No need to put firmware into the sysroot
+SYSROOT_DIRS_IGNORE += "${nonarch_base_libdir}/firmware"
-- 
2.25.1

[OE-core][kirkstone 23/31] vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only that

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

Staging the whole /usr/bin is not correct, as it pulls in also
all the vala's cross binaries, which may be discovered by other recipes
and things will go wrong then.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 52629d9db0344146ff4734632b17bd731e247fd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/vala/vala.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-devtools/vala/vala.inc b/meta/recipes-devtools/vala/vala.inc
index 974baa33f5..d3daee37dc 100644
--- a/meta/recipes-devtools/vala/vala.inc
+++ b/meta/recipes-devtools/vala/vala.inc
@@ -42,20 +42,20 @@ EXTRA_OECONF += " --disable-valadoc"
 # Vapigen wrapper needs to be available system-wide, because it will be used
 # to build vapi files from all other packages with vala support
 do_install:append:class-target() {
-        install -d ${D}${bindir}/
-        install ${B}/vapigen-wrapper ${D}${bindir}/
+        install -d ${D}${bindir_crossscripts}/
+        install ${B}/vapigen-wrapper ${D}${bindir_crossscripts}/
 }
 
 # Put vapigen wrapper into target sysroot so that it can be used when building
 # vapi files.
-SYSROOT_DIRS:append:class-target = " ${bindir}"
+SYSROOT_DIRS += "${bindir_crossscripts}"
 
 SYSROOT_PREPROCESS_FUNCS:append:class-target = " vapigen_sysroot_preprocess"
 vapigen_sysroot_preprocess() {
         # Tweak the vapigen name in the vapigen pkgconfig file, so that it picks
         # up our wrapper.
         sed -i \
-           -e "s|vapigen=.*|vapigen=${bindir}/vapigen-wrapper|" \
+           -e "s|vapigen=.*|vapigen=${bindir_crossscripts}/vapigen-wrapper|" \
            ${SYSROOT_DESTDIR}${libdir}/pkgconfig/vapigen-${SHRT_VER}.pc
 }
 
@@ -64,5 +64,5 @@ SSTATE_SCAN_FILES += "vapigen-wrapper"
 PACKAGE_PREPROCESS_FUNCS += "vala_package_preprocess"
 
 vala_package_preprocess () {
-	sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir}/vapigen-wrapper
+	sed -i -e 's:${RECIPE_SYSROOT}::g;' ${PKGD}${bindir_crossscripts}/vapigen-wrapper
 }
-- 
2.25.1

[OE-core][kirkstone 24/31] gnomebase.bbclass: return the whole version for tarball directory if it is a number

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

E.g. if version is '43' without any dots, existing code would return ''.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 38c15322bdbb2423973939e861b5ad1ffb5c8b7f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/gnomebase.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/gnomebase.bbclass b/meta/classes/gnomebase.bbclass
index 9a5bd9a232..99ac472080 100644
--- a/meta/classes/gnomebase.bbclass
+++ b/meta/classes/gnomebase.bbclass
@@ -1,5 +1,5 @@
 def gnome_verdir(v):
-    return ".".join(v.split(".")[:-1])
+    return ".".join(v.split(".")[:-1]) or v
 
 
 GNOME_COMPRESS_TYPE ?= "xz"
-- 
2.25.1

[OE-core][kirkstone 25/31] sstatesig: skip the rm_work task signature

[Steve Sakoman]

From: Jose Quaresma <quaresma.jose@gmail.com>

We can skip the rm_work task signature to avoid running the task
when we remove some tasks from the dependencie chain.

The inject_rm_work handler on the rm_work bbclass triggers the
rm_work task running for any signature change in the dependencie
chain of the task do_build of each recipe.

i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work
when we collect the sstate cache with INHERIT = "create-spdx"

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 292305700e39d0ebd64763f5032c39ace5005fad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/sstatesig.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index de65244932..f5a77bea27 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -30,6 +30,12 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches):
     depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep)
     mc, _ = bb.runqueue.split_mc(fn)
 
+    # We can skip the rm_work task signature to avoid running the task
+    # when we remove some tasks from the dependencie chain
+    # i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work
+    if task == "do_rm_work":
+        return False
+
     # Keep all dependencies between SPDX tasks in the signature. SPDX documents
     # are linked together by hashes, which means if a dependent document changes,
     # all downstream documents must be re-written (even if they are "safe"
-- 
2.25.1

[OE-core][kirkstone 26/31] rm_work: exclude the SSTATETASKS from the rm_work tasks sinature

[Steve Sakoman]

From: Jose Quaresma <quaresma.jose@gmail.com>

We can exclude the SSTATETASKS from the rm_work task signature
to avoid running the task when we remove some setscene tasks
from the dependencie chain.

The inject_rm_work handler on the rm_work bbclass triggers the
rm_work task running for any signature change in the dependencie
chain of the task do_build of each recipe.

i.e INHERIT:remove = "create-spdx" will trigger the do_rm_work
when we collect the sstate cache with INHERIT = "create-spdx"

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 77729bea5b17d65dafb604fd1665c612091b28c7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/rm_work.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index 5f12d5aaeb..c2b569903a 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -106,6 +106,8 @@ do_rm_work () {
         fi
     done
 }
+do_rm_work[vardepsexclude] += "SSTATETASKS"
+
 do_rm_work_all () {
     :
 }
-- 
2.25.1

[OE-core][kirkstone 27/31] sstate: Allow optimisation of do_deploy_archives task dependencies

[Steve Sakoman]

From: Jose Quaresma <quaresma.jose@gmail.com>

do_deploy_archives tasks don't need their dependencies so we can optimistion
this as we do for some other tasks.

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 3dd9f6e398844380d3765c54d35afe0d2ccf82e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/sstate.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 3513269bca..dd6cf12920 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -1084,7 +1084,7 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None):
 
     logit("Considering setscene task: %s" % (str(taskdependees[task])), log)
 
-    directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx"]
+    directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_deploy_archives"]
 
     def isNativeCross(x):
         return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross")
-- 
2.25.1

[OE-core][kirkstone 28/31] sanity: Drop data finalize call

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This call was effectively like update_data and no longer did anything
in bitbake. Drop it as it is obsolete.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d3eb4531aae28a07cb7e52ed5fe1102445d2effd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/sanity.bbclass | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index f2b2e4dfaf..293e405f62 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -999,13 +999,6 @@ def check_sanity(sanity_data):
     if status.messages != "":
         raise_sanity_error(sanity_data.expand(status.messages), sanity_data, status.network_error)
 
-# Create a copy of the datastore and finalise it to ensure appends and 
-# overrides are set - the datastore has yet to be finalised at ConfigParsed
-def copy_data(e):
-    sanity_data = bb.data.createCopy(e.data)
-    sanity_data.finalize()
-    return sanity_data
-
 addhandler config_reparse_eventhandler
 config_reparse_eventhandler[eventmask] = "bb.event.ConfigParsed"
 python config_reparse_eventhandler() {
@@ -1016,13 +1009,13 @@ addhandler check_sanity_eventhandler
 check_sanity_eventhandler[eventmask] = "bb.event.SanityCheck bb.event.NetworkTest"
 python check_sanity_eventhandler() {
     if bb.event.getName(e) == "SanityCheck":
-        sanity_data = copy_data(e)
+        sanity_data = bb.data.createCopy(e.data)
         check_sanity(sanity_data)
         if e.generateevents:
             sanity_data.setVar("SANITY_USE_EVENTS", "1")
         bb.event.fire(bb.event.SanityCheckPassed(), e.data)
     elif bb.event.getName(e) == "NetworkTest":
-        sanity_data = copy_data(e)
+        sanity_data = bb.data.createCopy(e.data)
         if e.generateevents:
             sanity_data.setVar("SANITY_USE_EVENTS", "1")
         bb.event.fire(bb.event.NetworkTestFailed() if check_connectivity(sanity_data) else bb.event.NetworkTestPassed(), e.data)
-- 
2.25.1

[OE-core][kirkstone 29/31] systemd: add group render to udev package

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

From NEWS for v236:
* The "uaccess" udev tag has been dropped from /dev/kvm and
  /dev/dri/renderD*.  These devices now have the 0666 permissions by
  default (but this may be changed at build-time). /dev/dri/renderD*
  will now be owned by the "render" group along with /dev/kfd.

Without the group systemd-udevd startup logs:
  /lib/udev/rules.d/50-udev-default.rules:39 Unknown group 'render', ignoring
  /lib/udev/rules.d/50-udev-default.rules:40 Unknown group 'render', ignoring

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 84efd72d48616405dbe4d73ec95917077144ed09)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/systemd/systemd_250.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.5.bb
index 93cdd6fa16..ab349b7307 100644
--- a/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/meta/recipes-core/systemd/systemd_250.5.bb
@@ -389,11 +389,13 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm
 SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service"
 
 USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
+                    udev \
                     ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \
                     ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \
                     ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
 "
 GROUPADD_PARAM:${PN} = "-r systemd-journal;"
+GROUPADD_PARAM:udev = "-r render"
 GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"
-- 
2.25.1

[OE-core][kirkstone 30/31] meta-selftest/staticids: add render group for systemd

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5b761270267063afb0462d1ebf99cabe32ff4e0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta-selftest/files/static-group | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
index b2e0e2f870..b13dde3218 100644
--- a/meta-selftest/files/static-group
+++ b/meta-selftest/files/static-group
@@ -23,3 +23,4 @@ _apt:x:523:
 weston-launch:x:524:
 weston:x:525:
 wayland:x:526:
+render:x:527:
-- 
2.25.1

[OE-core][kirkstone 31/31] create-spdx: default share_src for shared sources

[Steve Sakoman]

From: Konrad Weihmann <kweihmann@witekio.com>

if a source is using work-shared but isn't a kernel,
like for instance llvm-source from meta-clang, share_src was
previously undefined leading to a crash of the python code.
Default to WORKDIR and just override it in case the source being
a kernel recipe.
Additionally changes the variable names in the following, as
they imply that it's only about the kernel, which is not the case
in every case

(From OE-Core rev: 34fa68a0b07328c4ed4eef81f8cde80137a91f18)

Signed-off-by: Konrad Weihmann <kweihmann@witekio.com>
On-behalf-of: Avnet Embedded <AvnetEmbedded@avnet.eu>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/create-spdx.bbclass | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index e405bd0cfa..212dfe0aa3 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -787,6 +787,7 @@ def spdx_get_src(d):
             bb.build.exec_func('do_unpack', d)
         # Copy source of kernel to spdx_workdir
         if is_work_shared_spdx(d):
+            share_src = d.getVar('WORKDIR')
             d.setVar('WORKDIR', spdx_workdir)
             d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
             src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
@@ -794,8 +795,8 @@ def spdx_get_src(d):
             if bb.data.inherits_class('kernel',d):
                 share_src = d.getVar('STAGING_KERNEL_DIR')
             cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
-            cmd_copy_kernel_result = os.popen(cmd_copy_share).read()
-            bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result)
+            cmd_copy_shared_res = os.popen(cmd_copy_share).read()
+            bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
 
             git_path = src_dir + "/.git"
             if os.path.exists(git_path):
-- 
2.25.1