[OE-core][kirkstone 0/9] Patch review

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by end
of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3692

The following changes since commit ec9e9497730f0a9c8ad3d696c8cdcec06267aacf:

  base-passwd: Disable shell for default users (2022-05-16 13:59:44 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  mmc-utils: upgrade to latest revision

Claudius Heine (1):
  classes: rootfs-postcommands: add skip option to overlayfs_qa_check

Marta Rybczynska (1):
  cve-check: Fix report generation

Richard Purdie (2):
  staging: Fix rare sysroot corruption issue
  selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES

Robert Joslyn (1):
  curl: Backport CVE fixes

Samuli Piippo (1):
  binutils: Bump to latest 2.38 release branch

Steve Sakoman (1):
  python3: fix reproducibility issue with python3-core

wangmy (1):
  librepo: upgrade 1.14.2 -> 1.14.3

 meta/classes/cve-check.bbclass                |  18 +-
 meta/classes/rootfs-postcommands.bbclass      |  10 +-
 meta/classes/staging.bbclass                  |  24 +
 meta/lib/oeqa/selftest/cases/imagefeatures.py |   2 +-
 meta/lib/oeqa/selftest/cases/overlayfs.py     |  36 +-
 .../binutils/binutils-2.38.inc                |   2 +-
 .../{librepo_1.14.2.bb => librepo_1.14.3.bb}  |   2 +-
 meta/recipes-devtools/mmc/mmc-utils_git.bb    |   2 +-
 .../recipes-devtools/python/python3_3.10.4.bb |   5 +
 .../curl/curl/CVE-2022-22576.patch            | 145 ++++++
 .../curl/curl/CVE-2022-27774-1.patch          |  45 ++
 .../curl/curl/CVE-2022-27774-2.patch          |  80 +++
 .../curl/curl/CVE-2022-27774-3.patch          |  83 ++++
 .../curl/curl/CVE-2022-27774-4.patch          |  35 ++
 .../curl/curl/CVE-2022-27775.patch            |  37 ++
 .../curl/curl/CVE-2022-27776.patch            | 115 +++++
 .../curl/curl/CVE-2022-27779.patch            |  42 ++
 .../curl/curl/CVE-2022-27780.patch            |  33 ++
 .../curl/curl/CVE-2022-27781.patch            |  43 ++
 .../curl/curl/CVE-2022-27782-1.patch          | 458 ++++++++++++++++++
 .../curl/curl/CVE-2022-27782-2.patch          |  71 +++
 .../curl/curl/CVE-2022-30115.patch            |  82 ++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  16 +-
 23 files changed, 1362 insertions(+), 24 deletions(-)
 rename meta/recipes-devtools/librepo/{librepo_1.14.2.bb => librepo_1.14.3.bb} (94%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-22576.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27775.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27776.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27779.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27780.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-30115.patch

-- 
2.25.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of patchesd for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4468

The following changes since commit 0c0723757fbba9a4b88c0f98477a18d1e220da2e:

  mirrors.bbclass: use shallow tarball for binutils-native (2022-11-06 06:00:05 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (2):
  lttng-modules: upgrade 2.13.4 -> 2.13.5
  quilt: backport a patch to address grep 3.8 failures

Hitendra Prajapati (1):
  QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext
    leads to CPU exhaustion

Michael Opdenacker (1):
  create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED

Narpat Mali (1):
  python3-mako: backport fix for CVE-2022-40023

Ross Burton (3):
  pixman: backport fix for CVE-2022-44638
  sanity: check for GNU tar specifically
  qemu: add io_uring PACKAGECONFIG

ciarancourtney (1):
  wic: swap partitions are not added to fstab

 meta/classes/create-spdx.bbclass              |   2 -
 meta/classes/sanity.bbclass                   |   8 +
 .../python/python3-mako/CVE-2022-40023.patch  | 119 +++++++++++++++
 .../python/python3-mako_1.1.6.bb              |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +-
 .../qemu/qemu/CVE-2022-3165.patch             |  61 ++++++++
 meta/recipes-devtools/quilt/quilt.inc         |   1 +
 .../quilt/quilt/fix-grep-3.8.patch            | 144 ++++++++++++++++++
 .../xorg-lib/pixman/CVE-2022-44638.patch      |  33 ++++
 .../xorg-lib/pixman_0.40.0.bb                 |   1 +
 .../lttng-modules/0001-fix-compaction.patch   |  68 ---------
 ...c-fix-tracepoint-mm_page_alloc_zone_.patch | 106 -------------
 ...oduce-kfree_skb_reason-v5.15.58.v5.1.patch |  53 -------
 ...ags-parameter-from-aops-write_begin-.patch |  76 ---------
 ...Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 ---------------
 ...ules_2.13.4.bb => lttng-modules_2.13.5.bb} |   7 +-
 scripts/lib/wic/plugins/imager/direct.py      |   2 +-
 17 files changed, 373 insertions(+), 437 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
 create mode 100644 meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
 rename meta/recipes-kernel/lttng/{lttng-modules_2.13.4.bb => lttng-modules_2.13.5.bb} (78%)

-- 
2.25.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4800

The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee:

  devtool: process local files only for the main branch (2023-01-12 04:56:26 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bhabu Bindu (1):
  qemu: Fix CVE-2022-4144

Daniel Gomez (1):
  gtk-icon-cache: Fix GTKIC_CMD if-else condition

KARN JYE LAU (1):
  freetype:update mirror site.

Martin Jansa (1):
  ffmpeg: refresh patches to apply cleanly

Narpat Mali (3):
  python3-setuptools: fix for CVE-2022-40897
  python3-wheel: fix for CVE-2022-40898
  python3-git: fix for CVE-2022-24439

Yash Shinde (1):
  glibc: stable 2.35 branch updates.

Yogita Urade (1):
  libksba: fix CVE-2022-47629

 meta/classes/gtk-icon-cache.bbclass           |   2 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 ...-git-CVE-2022-24439-fix-from-PR-1518.patch |  97 ++++
 ...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++
 .../python/python3-git_3.1.27.bb              |   4 +
 ...-of-whitespace-to-search-backtrack.-.patch |  31 ++
 .../python/python3-setuptools_59.5.0.bb       |   1 +
 ...tential-DoS-attack-via-WHEEL_INFO_RE.patch |  32 ++
 .../python/python3-wheel_0.37.1.bb            |   4 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-4144.patch             |  99 ++++
 .../freetype/freetype_2.11.1.bb               |   2 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |  19 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |   7 +-
 ...-vp3-Add-missing-check-for-av_malloc.patch |  12 +-
 ...overflow-in-the-CRL-signature-parser.patch |  72 +++
 meta/recipes-support/libksba/libksba_1.6.2.bb |   3 +-
 17 files changed, 848 insertions(+), 28 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
 create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
 create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
 create mode 100644 meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch

-- 
2.25.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5492

The following changes since commit 0e17a5a4f0e3301bf78f77bb5ca4aaf3e4dbc7af:

  Revert "ipk: Decode byte data to string in manifest handling" (2023-06-17 05:18:44 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (1):
  nasm: fix CVE-2022-46457

Bruce Ashfield (1):
  kernel: don't force PAHOLE=false

Chen Qi (1):
  staging.bbclass: do not add extend_recipe_sysroot to prefuncs of
    prepare_recipe_sysroot

Lorenzo Arena (1):
  conf: add nice level to the hash config ignred variables

Martin Jansa (1):
  go.bbclass: don't use test to check output from ls

Pavel Zhukov (1):
  lib/terminal.py: Add urxvt terminal

Ranjitsinh Rathod (1):
  kmscube: Correct DEPENDS to avoid overwrite

Thomas Roos (1):
  oeqa/selftest/cases/devtool.py: skip all tests require folder a git
    repo

Wang Mingyu (1):
  iso-codes: upgrade 4.13.0 -> 4.15.0

 meta/classes/go.bbclass                       |  2 +-
 meta/classes/kernel.bbclass                   |  2 +-
 meta/classes/staging.bbclass                  |  2 +-
 meta/conf/bitbake.conf                        |  2 +-
 meta/lib/oe/terminal.py                       |  4 ++
 meta/lib/oeqa/selftest/cases/devtool.py       |  8 +++
 .../nasm/nasm/CVE-2022-46457.patch            | 50 +++++++++++++++++++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb    |  1 +
 meta/recipes-graphics/kmscube/kmscube_git.bb  |  3 +-
 ...so-codes_4.13.0.bb => iso-codes_4.15.0.bb} |  2 +-
 10 files changed, 69 insertions(+), 7 deletions(-)
 create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
 rename meta/recipes-support/iso-codes/{iso-codes_4.13.0.bb => iso-codes_4.15.0.bb} (94%)

-- 
2.34.1

[OE-core][kirkstone 1/9] nasm: fix CVE-2022-46457

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

NASM v2.16 was discovered to contain a segmentation violation
in the component ieee_write_file at /output/outieee.c.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46457

Upstream patches:
https://github.com/netwide-assembler/nasm/commit/c8af73112027fad0ecbb277e9cba257678c405af

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../nasm/nasm/CVE-2022-46457.patch            | 50 +++++++++++++++++++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb    |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch

diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch b/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
new file mode 100644
index 0000000000..3502d572cd
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
@@ -0,0 +1,50 @@
+From c8af73112027fad0ecbb277e9cba257678c405af Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Wed, 7 Dec 2022 10:23:46 -0800
+Subject: [PATCH] outieee: fix segfault on empty input
+
+Fix the IEEE backend crashing if the input file is empty.
+
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+
+Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/c8af73112027fad0ecbb277e9cba257678c405af]
+CVE: CVE-2022-46457
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ output/outieee.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/output/outieee.c b/output/outieee.c
+index cdb8333..8bc5eaa 100644
+--- a/output/outieee.c
++++ b/output/outieee.c
+@@ -919,7 +919,7 @@ static void ieee_write_file(void)
+      * Write the section headers
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
++    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         char buf[256];
+@@ -954,7 +954,7 @@ static void ieee_write_file(void)
+     /*
+      * write the start address if there is one
+      */
+-    if (ieee_entry_seg) {
++    if (ieee_entry_seg && seghead) {
+         for (seg = seghead; seg; seg = seg->next)
+             if (seg->index == ieee_entry_seg)
+                 break;
+@@ -1067,7 +1067,7 @@ static void ieee_write_file(void)
+      *  put out section data;
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
++    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         if (seg->currentpos) {
+--
+2.40.0
diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
index 59b1121bd4..bcb7e071d6 100644
--- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
            file://0001-stdlib-Add-strlcat.patch \
            file://0002-Add-debug-prefix-map-option.patch \
            file://CVE-2022-44370.patch \
+           file://CVE-2022-46457.patch \
            "
 
 SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"
-- 
2.34.1

[OE-core][kirkstone 2/9] iso-codes: upgrade 4.13.0 -> 4.15.0

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
==========
- Translation updates for ISO 3166-1
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 3166-1
- Translation updates for ISO 3166-2
- Translation updates for ISO 3166-3
- Translation updates for ISO 639-2
- Translation updates for ISO 639-3
- Translation updates for ISO 639-5
- Translation updates for ISO 4217
- Translation updates for ISO 15924
* ISO 3166-2: Fix wrong Spanish translation

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 355f2f9fe8a1e6c5e78f136cb3ed77c9004fb75c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit b189240b211e5d8f40747a0128834ed83c38a8f4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../iso-codes/{iso-codes_4.13.0.bb => iso-codes_4.15.0.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/iso-codes/{iso-codes_4.13.0.bb => iso-codes_4.15.0.bb} (94%)

diff --git a/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb b/meta/recipes-support/iso-codes/iso-codes_4.15.0.bb
similarity index 94%
rename from meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
rename to meta/recipes-support/iso-codes/iso-codes_4.15.0.bb
index f3ead5e8c1..b789a99035 100644
--- a/meta/recipes-support/iso-codes/iso-codes_4.13.0.bb
+++ b/meta/recipes-support/iso-codes/iso-codes_4.15.0.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 
 SRC_URI = "git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=https;branch=main;"
-SRCREV = "ab6b01d5b56af7da9f0d2d1619a3cf84e43ed76a"
+SRCREV = "69ba16daef3c5c5e3c18f2d919e25296a4b946be"
 
 # inherit gettext cannot be used, because it adds gettext-native to BASEDEPENDS which
 # are inhibited by allarch
-- 
2.34.1

[OE-core][kirkstone 3/9] go.bbclass: don't use test to check output from ls

[Steve Sakoman]

From: Martin Jansa <Martin.Jansa@gmail.com>

* avoids possibly confusing error message in log.do_install like:
  ls: cannot access 'etcd/3.5.7-r0/build/bin/linux_arm64/': No such file or directory

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2f1777e6ac5269a71203b6a2c562a43503be95ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/go.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/go.bbclass b/meta/classes/go.bbclass
index f3d83febbf..d944722309 100644
--- a/meta/classes/go.bbclass
+++ b/meta/classes/go.bbclass
@@ -122,7 +122,7 @@ go_do_install() {
 	tar -C ${B} -cf - --exclude-vcs --exclude '*.test' --exclude 'testdata' pkg | \
 		tar -C ${D}${libdir}/go --no-same-owner -xf -
 
-	if [ -n "`ls ${B}/${GO_BUILD_BINDIR}/`" ]; then
+	if ls ${B}/${GO_BUILD_BINDIR}/* >/dev/null 2>/dev/null ; then
 		install -d ${D}${bindir}
 		install -m 0755 ${B}/${GO_BUILD_BINDIR}/* ${D}${bindir}/
 	fi
-- 
2.34.1

[OE-core][kirkstone 4/9] conf: add nice level to the hash config ignred variables

[Steve Sakoman]

From: Lorenzo Arena <arena.lor@gmail.com>

This is needed as each user could be setting different nice levels
while building, however this should not make the shared cache unusable.

Signed-off-by: Lorenzo Arena <arena.lor@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 42784f9360345da1c01d988070253e7ffd5ac4ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 82b115e3a2..8ef4b00d08 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -948,7 +948,7 @@ BB_HASHCONFIG_IGNORE_VARS ?= "${BB_HASHEXCLUDE_COMMON} DATE TIME SSH_AGENT_PID \
     PARALLEL_MAKE BB_NUMBER_THREADS BB_ORIGENV BB_INVALIDCONF BBINCLUDED \
     GIT_PROXY_COMMAND ALL_PROXY all_proxy NO_PROXY no_proxy FTP_PROXY ftp_proxy \
     HTTP_PROXY http_proxy HTTPS_PROXY https_proxy SOCKS5_USER SOCKS5_PASSWD \
-    BB_SETSCENE_ENFORCE BB_CMDLINE BB_SERVER_TIMEOUT"
+    BB_SETSCENE_ENFORCE BB_CMDLINE BB_SERVER_TIMEOUT BB_NICE_LEVEL"
 BB_SIGNATURE_EXCLUDE_FLAGS ?= "doc deps depends \
     lockfiles vardepsexclude vardeps vardepvalue vardepvalueexclude \
     file-checksums python task nostamp \
-- 
2.34.1

[OE-core][kirkstone 5/9] kernel: don't force PAHOLE=false

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

If a specific kernel provider or configuration wants to enable BTF
and pahole analysis, it isn't currently possible due to the explicit
definition to false in the base kernel build arguments.

pahole is now detected by the kernel built itself, so unless
pahole-native is enabled, the result is the same.

If a kernel does require an explicit disable of pahole, it is better
to carry PAHOLE=false in those specific recipes.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1e4851a36ed47ce6ba880a49264b9a57c78cf4f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 3d5422b09e..fc48737869 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -232,7 +232,7 @@ KERNEL_EXTRA_ARGS ?= ""
 
 EXTRA_OEMAKE += ' CC="${KERNEL_CC}" LD="${KERNEL_LD}"'
 EXTRA_OEMAKE += ' HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"'
-EXTRA_OEMAKE += ' HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}" PAHOLE=false'
+EXTRA_OEMAKE += ' HOSTCXX="${BUILD_CXX}" HOSTCXXFLAGS="${BUILD_CXXFLAGS}"'
 
 KERNEL_ALT_IMAGETYPE ??= ""
 
-- 
2.34.1

[OE-core][kirkstone 6/9] kmscube: Correct DEPENDS to avoid overwrite

[Steve Sakoman]

From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

As part of the below commit, DEPENDS gets overwrite which is wrong
Link: https://git.yoctoproject.org/poky/commit/?id=bd947d3343dcd96e79fc8157f32a2a087cd710a7

So correct the DEPENDS varibales

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63f338255000874c62bf01ccc11f2c100014c3d9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/kmscube/kmscube_git.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-graphics/kmscube/kmscube_git.bb b/meta/recipes-graphics/kmscube/kmscube_git.bb
index 58ce26a3d5..98f110527e 100644
--- a/meta/recipes-graphics/kmscube/kmscube_git.bb
+++ b/meta/recipes-graphics/kmscube/kmscube_git.bb
@@ -6,7 +6,7 @@ OpenGL or OpenGL ES."
 HOMEPAGE = "https://cgit.freedesktop.org/mesa/kmscube/"
 LICENSE = "MIT"
 SECTION = "graphics"
-DEPENDS = "virtual/libgles3 virtual/libgles2 virtual/egl libdrm"
+DEPENDS = "virtual/libgles3 virtual/libgles2 virtual/egl libdrm virtual/libgbm"
 
 LIC_FILES_CHKSUM = "file://kmscube.c;beginline=1;endline=23;md5=8b309d4ee67b7315ff7381270dd631fb"
 
@@ -20,7 +20,6 @@ S = "${WORKDIR}/git"
 inherit meson pkgconfig features_check
 
 REQUIRED_DISTRO_FEATURES = "opengl"
-DEPENDS = "virtual/libgbm"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gstreamer] = "-Dgstreamer=enabled,-Dgstreamer=disabled,gstreamer1.0 gstreamer1.0-plugins-base"
-- 
2.34.1

[OE-core][kirkstone 7/9] oeqa/selftest/cases/devtool.py: skip all tests require folder a git repo

[Steve Sakoman]

From: Thomas Roos <throos@amazon.de>

Devtool selftests require poky dir a git repo, when downloading poky as a tar,
this is not the case. Those tests will now skipped.

[YOCTO #12389]

Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 95a5bc130dc51ea9de95c64dbf0e9c7892415d50)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/devtool.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index f512ebc0a0..64179d4004 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -8,6 +8,7 @@ import shutil
 import tempfile
 import glob
 import fnmatch
+import unittest
 
 from oeqa.selftest.case import OESelftestTestCase
 from oeqa.utils.commands import runCmd, bitbake, get_bb_var, create_temp_layer
@@ -38,6 +39,13 @@ def setUpModule():
             canonical_layerpath = os.path.realpath(canonical_layerpath) + '/'
             edited_layers.append(layerpath)
             oldmetapath = os.path.realpath(layerpath)
+
+            # when downloading poky from tar.gz some tests will be skipped (BUG 12389)
+            try:
+                runCmd('git rev-parse --is-inside-work-tree', cwd=canonical_layerpath)
+            except:
+                raise unittest.SkipTest("devtool tests require folder to be a git repo")
+
             result = runCmd('git rev-parse --show-toplevel', cwd=canonical_layerpath)
             oldreporoot = result.output.rstrip()
             newmetapath = os.path.join(corecopydir, os.path.relpath(oldmetapath, oldreporoot))
-- 
2.34.1

[OE-core][kirkstone 8/9] staging.bbclass: do not add extend_recipe_sysroot to prefuncs of prepare_recipe_sysroot

[Steve Sakoman]

From: Chen Qi <Qi.Chen@windriver.com>

When running prepare_recipe_sysroot task, the extend_recipe_sysroot
is run twice.

What prepare_recipe_sysroot does is executing extend_recipe_sysroot,
there's no need to add extend_recipe_sysroot to its prefuncs.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf7584a2ac16ee46ff5b41536b06bb46d0cbada7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/staging.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/staging.bbclass b/meta/classes/staging.bbclass
index 044873c9ae..a78839bdc2 100644
--- a/meta/classes/staging.bbclass
+++ b/meta/classes/staging.bbclass
@@ -648,7 +648,7 @@ python staging_taskhandler() {
     bbtasks = e.tasklist
     for task in bbtasks:
         deps = d.getVarFlag(task, "depends")
-        if task == "do_configure" or (deps and "populate_sysroot" in deps):
+        if task != 'do_prepare_recipe_sysroot' and (task == "do_configure" or (deps and "populate_sysroot" in deps)):
             d.prependVarFlag(task, "prefuncs", "extend_recipe_sysroot ")
 }
 staging_taskhandler[eventmask] = "bb.event.RecipeTaskPreProcess"
-- 
2.34.1

[OE-core][kirkstone 9/9] lib/terminal.py: Add urxvt terminal

[Steve Sakoman]

From: Pavel Zhukov <pazhukov@suse.de>

This fixes failure [1] of menuconfig task in rxvt-unicode terminal in case if
xterm/Konsole/Gnome is not installed. Tested with rxvt-unicode-256color

[1]
WARNING: Terminal screen is supported but did not start
ERROR: No valid terminal found, unable to open devshell.
Tried the following commands:
	tmux split-window -c "{cwd}" "do_terminal"
	tmux new-window -c "{cwd}" -n "zephyr-helloworld Configuration" "do_terminal"
	xfce4-terminal -T "zephyr-helloworld Configuration" -e "do_terminal"
	terminology -T="zephyr-helloworld Configuration" -e do_terminal
	mate-terminal --disable-factory -t "zephyr-helloworld Configuration" -x do_terminal
	konsole --separate --workdir . -p tabtitle="zephyr-helloworld Configuration" -e do_terminal
	gnome-terminal -t "zephyr-helloworld Configuration" -- do_terminal
	xterm -T "zephyr-helloworld Configuration" -e do_terminal
	rxvt -T "zephyr-helloworld Configuration" -e do_terminal
	tmux new -c "{cwd}" -d -s devshell -n devshell "do_terminal"
	screen -D -m -t "zephyr-helloworld Configuration" -S devshell do_terminal
DEBUG: Python function do_menuconfig finished

Signed-off-by: Pavel Zhukov <pazhukov@suse.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d2fe4df8ae33e033caf4119a76715f085be1d15)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/terminal.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/lib/oe/terminal.py b/meta/lib/oe/terminal.py
index de8dcebf94..b674335654 100644
--- a/meta/lib/oe/terminal.py
+++ b/meta/lib/oe/terminal.py
@@ -102,6 +102,10 @@ class Rxvt(XTerminal):
     command = 'rxvt -T "{title}" -e {command}'
     priority = 1
 
+class URxvt(XTerminal):
+    command = 'urxvt -T "{title}" -e {command}'
+    priority = 1
+
 class Screen(Terminal):
     command = 'screen -D -m -t "{title}" -S devshell {command}'
 
-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Unfortunately this series of linux-yocto version bumps has caused a
number of issues with adding and resizing partitions.  The problem was
introduced in 5.15.132 and has not been fixed in any of the subsequent
version bumps.

Bruce and have decided to revert this series until we have an acceptable fix.

Please have any comments back by end of day Monday, March 11.

The following changes since commit e5aae8a371717215a7d78459788ad67dfaefe37e:

  golang: Fix CVE-2023-45289 & CVE-2023-45290 (2024-03-07 04:18:33 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Steve Sakoman (9):
  Revert "linux-yocto/5.15: update CVE exclusions"
  Revert "linux-yocto/5.15: update to v5.15.148"
  Revert "linux-yocto/5.15: update CVE exclusions"
  Revert "linux-yocto/5.15: update to v5.15.147"
  Revert "linux-yocto/5.15: update CVE exclusions"
  Revert "linux-yocto/5.15: update to v5.15.146"
  Revert "linux-yocto/5.15: update to v5.15.145"
  Revert "linux-yocto/5.15: update to v5.15.142"
  Revert "linux-yocto/5.15: update to v5.15.141"

 .../linux/cve-exclusion_5.15.inc              | 372 ++----------------
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 4 files changed, 57 insertions(+), 353 deletions(-)

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6758

The following changes since commit 1b5405955c7c2579ed1f52522e2e177d0281fa33:

  glibc: Fix subscript typos for get_nscd_addresses (2024-03-19 03:33:32 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Claus Stovgaard (1):
  gcc: Backport sanitizer fix for 32-bit ALSR

Colin McAllister (1):
  common-licenses: Backport missing license

Lee Chee Yang (2):
  xwayland: fix CVE-2023-6816 CVE-2024-0408/0409
  tiff: fix CVE-2023-52356 CVE-2023-6277

Meenali Gupta (1):
  expat: fix CVE-2023-52425

Tan Wen Yan (1):
  python3-urllib3: update to v1.26.18

Vijay Anusuri (2):
  curl: backport Debian patch for CVE-2024-2398
  qemu: Fix for CVE-2023-6683

aszh07 (1):
  nghttp2: fix CVE-2023-44487

 .../LGPL-3.0-with-zeromq-exception            | 181 ++++
 .../expat/expat/CVE-2023-52425-0001.patch     |  40 +
 .../expat/expat/CVE-2023-52425-0002.patch     |  87 ++
 .../expat/expat/CVE-2023-52425-0003.patch     | 222 +++++
 .../expat/expat/CVE-2023-52425-0004.patch     |  42 +
 .../expat/expat/CVE-2023-52425-0005.patch     |  69 ++
 .../expat/expat/CVE-2023-52425-0006.patch     |  67 ++
 .../expat/expat/CVE-2023-52425-0007.patch     | 159 +++
 .../expat/expat/CVE-2023-52425-0008.patch     |  95 ++
 .../expat/expat/CVE-2023-52425-0009.patch     |  52 +
 .../expat/expat/CVE-2023-52425-0010.patch     | 111 +++
 .../expat/expat/CVE-2023-52425-0011.patch     |  89 ++
 .../expat/expat/CVE-2023-52425-0012.patch     |  87 ++
 meta/recipes-core/expat/expat_2.5.0.bb        |  12 +
 meta/recipes-devtools/gcc/gcc-11.4.inc        |   1 +
 .../gcc/gcc/0031-gcc-sanitizers-fix.patch     |  63 ++
 ..._1.26.17.bb => python3-urllib3_1.26.18.bb} |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2023-6683.patch             |  92 ++
 .../xwayland/xwayland/CVE-2023-6816.patch     |  57 ++
 .../xwayland/xwayland/CVE-2024-0408.patch     |  65 ++
 .../xwayland/xwayland/CVE-2024-0409.patch     |  47 +
 .../xwayland/xwayland_22.1.8.bb               |   3 +
 .../libtiff/tiff/CVE-2023-52356.patch         |  54 +
 .../libtiff/tiff/CVE-2023-6277-1.patch        | 178 ++++
 .../libtiff/tiff/CVE-2023-6277-2.patch        | 151 +++
 .../libtiff/tiff/CVE-2023-6277-3.patch        |  46 +
 .../libtiff/tiff/CVE-2023-6277-4.patch        |  93 ++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   5 +
 .../curl/curl/CVE-2024-2398.patch             |  89 ++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 .../nghttp2/nghttp2/CVE-2023-44487.patch      | 927 ++++++++++++++++++
 .../recipes-support/nghttp2/nghttp2_1.47.0.bb |   1 +
 33 files changed, 3188 insertions(+), 1 deletion(-)
 create mode 100644 meta/files/common-licenses/LGPL-3.0-with-zeromq-exception
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
 rename meta/recipes-devtools/python/{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} (86%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0409.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch
 create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and hjave comments back by
end of day Tuesday, June 25

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7065

The following changes since commit ab2649ef6c83f0ae7cac554a72e6bea4dcda0e99:

  build-appliance-image: Update to kirkstone head revision (2024-06-01 19:12:27 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Changqing Li (1):
  man-pages: remove conflict pages

Deepthi Hemraj (1):
  glibc: stable 2.35 branch updates

Khem Raj (1):
  gobject-introspection: Do not hardcode objdump name

Peter Marko (1):
  glib-2.0: patch CVE-2024-34397

Siddharth (1):
  openssl: Upgrade 3.0.13 -> 3.0.14

Siddharth Doshi (1):
  libxml2: Security fix for CVE-2024-34459

Thomas Perrot (1):
  man-pages: add an alternative link name for crypt_r.3

Yogita Urade (2):
  acpica: fix CVE-2024-24856
  ruby: fix CVE-2024-27280

 .../openssl/openssl/CVE-2024-2511.patch       | 122 ---
 .../openssl/openssl/CVE-2024-4603.patch       | 180 ----
 .../{openssl_3.0.13.bb => openssl_3.0.14.bb}  |   4 +-
 .../glib-2.0/glib-2.0/CVE-2024-34397_01.patch | 129 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_02.patch |  62 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_03.patch | 985 ++++++++++++++++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_04.patch | 253 +++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_05.patch |  88 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_06.patch | 263 +++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_07.patch |  45 +
 .../glib-2.0/glib-2.0/CVE-2024-34397_08.patch | 168 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_09.patch |  81 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_10.patch | 108 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_11.patch | 133 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_12.patch | 173 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_13.patch | 513 +++++++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_14.patch |  75 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_15.patch |  47 +
 .../glib-2.0/glib-2.0/CVE-2024-34397_16.patch |  62 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_17.patch | 121 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_18.patch |  50 +
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  18 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../libxml/libxml2/CVE-2024-34459.patch       |  30 +
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   1 +
 .../ruby/ruby/CVE-2024-27280.patch            |  87 ++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 .../acpica/acpica/CVE-2024-24856.patch        |  33 +
 .../acpica/acpica_20211217.bb                 |   4 +-
 .../man-pages/man-pages_5.13.bb               |  12 +-
 .../gobject-introspection_1.72.0.bb           |   2 +-
 31 files changed, 3536 insertions(+), 316 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.13.bb => openssl_3.0.14.bb} (98%)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_02.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_03.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_04.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_05.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_06.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_07.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_08.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_09.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_10.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_11.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_12.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_13.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_14.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_15.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_16.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_17.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_18.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27280.patch
 create mode 100644 meta/recipes-extended/acpica/acpica/CVE-2024-24856.patch

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 19

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/663

The following changes since commit b132b817f5931b290e5348dd4a17fbfdc5c6e2c4:

  dbus: disable assertions and enable only modular tests (2024-12-10 05:38:29 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  base-passwd: Add the sgx group

Alexandre Belloni (1):
  base-passwd: fix patchreview warning

Ernst Persson (1):
  package.bbclass: Use shlex instead of deprecated pipes

Jiaying Song (1):
  subversion: fix CVE-2024-46901

Louis Rannou (1):
  base-passwd: add the wheel group

Peter Kjellerstedt (3):
  base-passwd: Regenerate the patches
  base-passwd: Update to 3.5.52
  base-passwd: Update the status for two patches

Yogita Urade (1):
  xserver-xorg: fix CVE-2024-9632

 meta/classes/package.bbclass                  |   4 +-
 .../0001-Add-a-shutdown-group.patch           |  26 +++
 .../0001-base-passwd-Add-the-sgx-group.patch  |  30 ++++
 ...nstead-of-bin-bash-for-the-root-user.patch |  23 +++
 ...t-since-we-do-not-have-an-etc-shadow.patch |  21 +++
 ...put-group-for-the-dev-input-devices.patch} |  17 +-
 .../{kvm.patch => 0005-Add-kvm-group.patch}   |   2 +-
 ...ble-to-build-without-debconf-support.patch | 129 ++++++++++++++
 ...-to-disable-the-generation-of-the-do.patch |  46 +++++
 .../base-passwd/0008-Add-wheel-group.patch    |  20 +++
 .../base-passwd/add_shutdown.patch            |  19 ---
 .../base-passwd/disable-docs.patch            |  24 ---
 .../base-passwd/disable-shell.patch           |  57 -------
 .../base-passwd/base-passwd/nobash.patch      |  15 --
 .../base-passwd/base-passwd/noshadow.patch    |  14 --
 ...passwd_3.5.29.bb => base-passwd_3.5.52.bb} |  30 ++--
 .../subversion/CVE-2024-46901.patch           | 161 ++++++++++++++++++
 .../subversion/subversion_1.14.2.bb           |   3 +-
 .../xserver-xorg/CVE-2024-9632.patch          |  58 +++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   1 +
 20 files changed, 547 insertions(+), 153 deletions(-)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
 rename meta/recipes-core/base-passwd/base-passwd/{input.patch => 0004-Add-an-input-group-for-the-dev-input-devices.patch} (42%)
 rename meta/recipes-core/base-passwd/base-passwd/{kvm.patch => 0005-Add-kvm-group.patch} (88%)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/nobash.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/noshadow.patch
 rename meta/recipes-core/base-passwd/{base-passwd_3.5.29.bb => base-passwd_3.5.52.bb} (79%)
 create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, July 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1949

The following changes since commit 75e54301c5076eb0454aee33c870adf078f563fd:

  build-appliance-image: Update to kirkstone head revision (2025-06-27 08:10:04 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (6):
  xwayland: fix CVE-2025-49175
  xwayland: fix CVE-2025-49176
  xwayland: fix CVE-2025-49177
  xwayland: fix CVE-2025-49178
  xwayland: fix CVE-2025-49178
  xwayland: fix CVE-2025-49180

Chen Qi (1):
  systemd: backport patches to fix CVE-2025-4598

Colin Pinnell McAllister (1):
  libarchive: Fix CVE-2025-5914

Yogita Urade (1):
  python3-urllib3: fix CVE-2025-50181

 .../systemd/systemd/CVE-2025-4598-0001.patch  |  92 ++++++++
 .../systemd/systemd/CVE-2025-4598-0002.patch  | 106 +++++++++
 .../systemd/systemd/CVE-2025-4598-0003.patch  | 144 ++++++++++++
 .../systemd/systemd/CVE-2025-4598-0004.patch  |  36 +++
 meta/recipes-core/systemd/systemd_250.14.bb   |   4 +
 .../python3-urllib3/CVE-2025-50181.patch      | 214 ++++++++++++++++++
 .../python/python3-urllib3_1.26.18.bb         |   4 +
 .../libarchive/libarchive/CVE-2025-5914.patch |  46 ++++
 .../libarchive/libarchive_3.6.2.bb            |   1 +
 .../xwayland/xwayland/CVE-2025-49175.patch    |  92 ++++++++
 .../xwayland/CVE-2025-49176-0001.patch        |  93 ++++++++
 .../xwayland/CVE-2025-49176-0002.patch        |  38 ++++
 .../xwayland/xwayland/CVE-2025-49177.patch    |  55 +++++
 .../xwayland/xwayland/CVE-2025-49178.patch    |  50 ++++
 .../xwayland/xwayland/CVE-2025-49179.patch    |  69 ++++++
 .../xwayland/xwayland/CVE-2025-49180.patch    |  45 ++++
 .../xwayland/xwayland_22.1.8.bb               |   7 +
 17 files changed, 1096 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0001.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0002.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0003.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0004.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49175.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49177.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49178.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49179.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49180.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, August 21

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2236

The following changes since commit 3d1c037a7cb7858a4e3c33a94f5d343a81aac5f7:

  go-helloworld: fix license (2025-08-12 09:57:24 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Dan McGregor (1):
  systemd: Fix manpage build after CVE-2025-4598

Hitendra Prajapati (3):
  gstreamer1.0-plugins-base: fix CVE-2025-47806 & CVE-2025-47808
  gstreamer1.0-plugins-good: fix CVE-2025-47183 & CVE-2025-47219
  git: fix CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835

Peter Marko (1):
  glib-2.0: ignore CVE-2025-4056

Vijay Anusuri (3):
  xserver-xorg: Fix for CVE-2025-49175
  xserver-xorg: Fix for CVE-2025-49176
  xserver-xorg: Fix for CVE-2025-49177

Youngseok Jeong (1):
  libubootenv: backport patch to fix unknown type name 'size_t'

 ...-Include-cstddef-in-the-header-for-C.patch |   27 +
 meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb  |    6 +-
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |    3 +
 .../systemd/systemd/CVE-2025-4598-0003.patch  |    7 +-
 ...-27613-CVE-2025-46334-CVE-2025-46835.patch | 2500 +++++++++++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |    1 +
 .../xserver-xorg/CVE-2025-49175.patch         |   91 +
 .../xserver-xorg/CVE-2025-49176-1.patch       |   92 +
 .../xserver-xorg/CVE-2025-49176-2.patch       |   37 +
 .../xserver-xorg/CVE-2025-49177.patch         |   54 +
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |    4 +
 .../CVE-2025-47806.patch                      |   50 +
 .../CVE-2025-47808.patch                      |   36 +
 .../gstreamer1.0-plugins-base_1.20.7.bb       |    2 +
 .../CVE-2025-47183-001.patch                  |  151 +
 .../CVE-2025-47183-002.patch                  |   80 +
 .../CVE-2025-47219.patch                      |   40 +
 .../gstreamer1.0-plugins-good_1.20.7.bb       |    3 +
 18 files changed, 3179 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-bsp/u-boot/files/0001-Include-cstddef-in-the-header-for-C.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49175.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49177.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2267

The following changes since commit e401a16d8e26d25cec95fcea98d6530036cffca1:

  libubootenv: backport patch to fix unknown type name 'size_t' (2025-08-19 10:14:55 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (1):
  gstreamer1.0-plugins-base: fix CVE-2025-47807

Jiaying Song (1):
  openssl: fix CVE-2023-50781

Peter Marko (4):
  qemu: ignore CVE-2024-7730
  glib-2.0: patch CVE-2025-7039
  dpkg: patch CVE-2025-6297
  libarchive: patch regression of patch for CVE-2025-5918

Vijay Anusuri (3):
  xserver-xorg: Fix for CVE-2025-49178
  xserver-xorg: Fix for CVE-2025-49179
  xserver-xorg: Fix for CVE-2025-49180

 .../openssl/openssl/CVE-2023-50781-1.patch    | 618 ++++++++++++++++++
 .../openssl/openssl/CVE-2023-50781-2.patch    | 358 ++++++++++
 .../openssl/openssl/CVE-2023-50781-3.patch    |  41 ++
 .../openssl/openssl/CVE-2023-50781-4.patch    | 441 +++++++++++++
 .../openssl/openssl/CVE-2023-50781-5.patch    | 284 ++++++++
 .../openssl/openssl/CVE-2023-50781-6.patch    |  57 ++
 .../openssl/openssl_3.0.17.bb                 |   8 +-
 .../glib-2.0/glib-2.0/CVE-2025-7039-01.patch  |  40 ++
 .../glib-2.0/glib-2.0/CVE-2025-7039-02.patch  |  43 ++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |   2 +
 .../dpkg/dpkg/CVE-2025-6297.patch             | 125 ++++
 meta/recipes-devtools/dpkg/dpkg_1.21.4.bb     |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +
 ...2025-5918.patch => CVE-2025-5918-01.patch} |   0
 .../libarchive/CVE-2025-5918-02.patch         |  51 ++
 .../libarchive/libarchive_3.6.2.bb            |   3 +-
 .../xserver-xorg/CVE-2025-49178.patch         |  49 ++
 .../xserver-xorg/CVE-2025-49179.patch         |  67 ++
 .../xserver-xorg/CVE-2025-49180-1.patch       |  44 ++
 .../xserver-xorg/CVE-2025-49180-2.patch       |  52 ++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   4 +
 .../CVE-2025-47807.patch                      |  49 ++
 .../gstreamer1.0-plugins-base_1.20.7.bb       |   1 +
 23 files changed, 2339 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
 create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
 rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-5918.patch => CVE-2025-5918-01.patch} (100%)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 5

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2309

The following changes since commit 36cf6bb39df081b27306d27b20155995b73e1a01:

  Revert "sqlite3: patch CVE-2025-7458" (2025-09-01 08:18:45 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Deepak Rathore (1):
  default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue

Kyungjik Min (1):
  pulseaudio: Add audio group explicitly

Mingli Yu (1):
  vim: not adjust script pathnames for native scripts either

Peter Marko (2):
  vim: upgrade 9.1.1198 -> 9.1.1652
  sudo: remove devtool FIXME comment

Praveen Kumar (1):
  git: fix CVE-2025-48384

Yogita Urade (3):
  tiff: fix CVE-2024-13978
  tiff: fix CVE-2025-8534
  tiff: fix CVE-2025-8851

 meta-selftest/files/static-group              |  1 +
 .../distro/include/default-distrovars.inc     |  2 +-
 meta/lib/oeqa/sdk/buildtools-cases/https.py   |  4 +-
 .../git/git/CVE-2025-48384.patch              | 85 +++++++++++++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |  1 +
 meta/recipes-extended/sudo/sudo_1.9.17p1.bb   | 52 ------------
 .../libtiff/tiff/CVE-2024-13978.patch         | 47 ++++++++++
 .../libtiff/tiff/CVE-2025-8534.patch          | 60 +++++++++++++
 .../libtiff/tiff/CVE-2025-8851.patch          | 71 ++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  3 +
 .../pulseaudio/pulseaudio.inc                 |  2 +-
 ...src-Makefile-improve-reproducibility.patch | 10 +--
 .../vim/files/disable_acl_header_check.patch  | 12 +--
 .../vim/files/no-path-adjust.patch            | 35 +++++---
 meta/recipes-support/vim/vim.inc              |  7 +-
 15 files changed, 308 insertions(+), 84 deletions(-)
 create mode 100644 meta/recipes-devtools/git/git/CVE-2025-48384.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8851.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2776

The following changes since commit ff72b41a3f0bf1820405b8782f0d125cd10e3406:

  oe-build-perf-report: relax metadata matching rules (2025-11-19 08:28:19 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Divya Chellam (3):
  ruby: fix CVE-2024-35176
  ruby: fix CVE-2024-39908
  ruby: fix CVE-2024-41123

Gyorgy Sarvari (1):
  flac: patch seeking bug

Peter Marko (3):
  libarchive: patch 3.8.3 security issue 1
  libarchive: patch 3.8.3 security issue 2
  libarchive: patch CVE-2025-60753

Praveen Kumar (1):
  python3: fix CVE-2025-6075

Vijay Anusuri (1):
  python3-idna: Fix CVE-2024-3651

 .../python/python3-idna/CVE-2024-3651.patch   | 2484 +++++++++++++++++
 .../python/python3-idna_3.3.bb                |    2 +
 .../python/python3/CVE-2025-6075.patch        |  364 +++
 .../python/python3_3.10.19.bb                 |    1 +
 .../ruby/ruby/CVE-2024-35176.patch            |  112 +
 .../ruby/ruby/CVE-2024-39908-0001.patch       |   46 +
 .../ruby/ruby/CVE-2024-39908-0002.patch       |  130 +
 .../ruby/ruby/CVE-2024-39908-0003.patch       |   46 +
 .../ruby/ruby/CVE-2024-39908-0004.patch       |   76 +
 .../ruby/ruby/CVE-2024-39908-0005.patch       |   87 +
 .../ruby/ruby/CVE-2024-39908-0006.patch       |   44 +
 .../ruby/ruby/CVE-2024-39908-0007.patch       |   44 +
 .../ruby/ruby/CVE-2024-39908-0008.patch       |   44 +
 .../ruby/ruby/CVE-2024-39908-0009.patch       |   36 +
 .../ruby/ruby/CVE-2024-39908-0010.patch       |   53 +
 .../ruby/ruby/CVE-2024-39908-0011.patch       |   35 +
 .../ruby/ruby/CVE-2024-39908-0012.patch       |   36 +
 .../ruby/ruby/CVE-2024-41123-0001.patch       |   44 +
 .../ruby/ruby/CVE-2024-41123-0002.patch       |   37 +
 .../ruby/ruby/CVE-2024-41123-0003.patch       |   55 +
 .../ruby/ruby/CVE-2024-41123-0004.patch       |  163 ++
 .../ruby/ruby/CVE-2024-41123-0005.patch       |  111 +
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   18 +
 ...ax-path-length-metadata-writing-2243.patch |   30 +
 ...request-2696-from-al3xtjames-mkstemp.patch |   28 +
 ...st-2749-from-KlaraSystems-des-tempdi.patch |  183 ++
 ...st-2753-from-KlaraSystems-des-temp-f.patch |  190 ++
 ...-request-2768-from-Commandoss-master.patch |   28 +
 .../libarchive/CVE-2025-60753.patch           |   76 +
 .../libarchive/libarchive_3.6.2.bb            |    6 +
 .../flac/files/0001-Fix-seeking-bug.patch     |   34 +
 meta/recipes-multimedia/flac/flac_1.3.4.bb    |    3 +-
 32 files changed, 4645 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
 create mode 100644 meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch

-- 
2.43.0