[OE-core][mickledore 00/11] Patch review

[OE-core][mickledore 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for mickledore and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5637

The following changes since commit 8d1bc34cffdd9f054e51db4e880747c79bf834fe:

  testimage/oeqa: Drop testimage_dump_host functionality (2023-07-14 06:06:00 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/mickledore-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/mickledore-nut

Archana Polampalli (1):
  qemu: fix CVE-2023-0330

Bruce Ashfield (2):
  linux-yocto/5.15: update to v5.15.119
  linux-yocto/5.15: update to v5.15.120

Kai Kang (1):
  webkitgtk: 2.38.5 -> 2.38.6

Mingli Yu (1):
  acpica: Update SRC_URI

Richard Purdie (1):
  gcc-testsuite: Fix ppc cpu specification

Ross Burton (3):
  tiff: upgrade to 4.5.1
  gcc: don't pass --enable-standard-branch-protection
  machine/arch-arm64: add -mbranch-protection=standard

Sakib Sajal (1):
  go: fix CVE-2023-24531

Trevor Gamblin (1):
  vim: upgrade 9.0.1527 -> 9.0.1592

 meta/conf/machine/include/arm/arch-arm64.inc  |   5 +
 .../gcc/gcc-configure-common.inc              |   1 -
 meta/recipes-devtools/gcc/gcc-testsuite.inc   |   5 +-
 meta/recipes-devtools/go/go-1.20.5.inc        |   2 +
 .../go/go/CVE-2023-24531_1.patch              | 266 ++++++++++++++++++
 .../go/go/CVE-2023-24531_2.patch              |  47 ++++
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2023-0330.patch             |  75 +++++
 .../acpica/acpica_20220331.bb                 |   2 +-
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 .../libtiff/files/CVE-2022-48281.patch        |  29 --
 .../libtiff/files/CVE-2023-25434.patch        | 159 -----------
 .../libtiff/files/CVE-2023-26965.patch        |  99 -------
 .../libtiff/files/CVE-2023-2731.patch         |  39 ---
 .../libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb}  |  14 +-
 ...ebkitgtk_2.38.5.bb => webkitgtk_2.38.6.bb} |   2 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 19 files changed, 424 insertions(+), 364 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2023-24531_1.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2023-24531_2.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25434.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
 rename meta/recipes-multimedia/libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb} (81%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.38.5.bb => webkitgtk_2.38.6.bb} (98%)

-- 
2.34.1

[OE-core][mickledore 01/11] qemu: fix CVE-2023-0330

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

A vulnerability in the lsi53c895a device affects the latest version
of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption
bugs like stack overflow or use-after-free.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-0330

Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2023-0330.patch             | 75 +++++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 4c9be91cb0..15eba6163f 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -36,6 +36,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
            file://ppc.patch \
+	   file://CVE-2023-0330.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
new file mode 100644
index 0000000000..f609ea29b4
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
@@ -0,0 +1,75 @@
+From b987718bbb1d0eabf95499b976212dd5f0120d75 Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Mon, 22 May 2023 11:10:11 +0200
+Subject: [PATCH] hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI
+ controller (CVE-2023-0330)
+
+We cannot use the generic reentrancy guard in the LSI code, so
+we have to manually prevent endless reentrancy here. The problematic
+lsi_execute_script() function has already a way to detect whether
+too many instructions have been executed - we just have to slightly
+change the logic here that it also takes into account if the function
+has been called too often in a reentrant way.
+
+The code in fuzz-lsi53c895a-test.c has been taken from an earlier
+patch by Mauro Matteo Cascella.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563
+Message-Id: <20230522091011.1082574-1-thuth@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75]
+CVE: CVE-2023-0330
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ hw/scsi/lsi53c895a.c               | 23 +++++++++++++++------
+ tests/qtest/fuzz-lsi53c895a-test.c | 33 ++++++++++++++++++++++++++++++
+ 2 files changed, 50 insertions(+), 6 deletions(-)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index 048436352b7a..f7d45b0b20fb 100644
+--- a/hw/scsi/lsi53c895a.c
++++ b/hw/scsi/lsi53c895a.c
+@@ -1134,15 +1134,24 @@ static void lsi_execute_script(LSIState *s)
+     uint32_t addr, addr_high;
+     int opcode;
+     int insn_processed = 0;
++    static int reentrancy_level;
++
++    reentrancy_level++;
+
+     s->istat1 |= LSI_ISTAT1_SRUN;
+ again:
+-    if (++insn_processed > LSI_MAX_INSN) {
+-        /* Some windows drivers make the device spin waiting for a memory
+-           location to change.  If we have been executed a lot of code then
+-           assume this is the case and force an unexpected device disconnect.
+-           This is apparently sufficient to beat the drivers into submission.
+-         */
++    /*
++     * Some windows drivers make the device spin waiting for a memory location
++     * to change. If we have executed more than LSI_MAX_INSN instructions then
++     * assume this is the case and force an unexpected device disconnect. This
++     * is apparently sufficient to beat the drivers into submission.
++     *
++     * Another issue (CVE-2023-0330) can occur if the script is programmed to
++     * trigger itself again and again. Avoid this problem by stopping after
++     * being called multiple times in a reentrant way (8 is an arbitrary value
++     * which should be enough for all valid use cases).
++     */
++    if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) {
+         if (!(s->sien0 & LSI_SIST0_UDC)) {
+             qemu_log_mask(LOG_GUEST_ERROR,
+                           "lsi_scsi: inf. loop with UDC masked");
+@@ -1596,6 +1605,8 @@ static void lsi_execute_script(LSIState *s)
+         }
+     }
+     trace_lsi_execute_script_stop();
++
++    reentrancy_level--;
+ }
+
+ static uint8_t lsi_reg_readb(LSIState *s, int offset)
-- 
2.34.1

[OE-core][mickledore 02/11] go: fix CVE-2023-24531

[Steve Sakoman]

From: Sakib Sajal <sakib.sajal@windriver.com>

Backport required commits to fix CVE-2023-24531.

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.20.5.inc        |   2 +
 .../go/go/CVE-2023-24531_1.patch              | 266 ++++++++++++++++++
 .../go/go/CVE-2023-24531_2.patch              |  47 ++++
 3 files changed, 315 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2023-24531_1.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2023-24531_2.patch

diff --git a/meta/recipes-devtools/go/go-1.20.5.inc b/meta/recipes-devtools/go/go-1.20.5.inc
index 4e4e57d5cb..9cc79a8073 100644
--- a/meta/recipes-devtools/go/go-1.20.5.inc
+++ b/meta/recipes-devtools/go/go-1.20.5.inc
@@ -14,5 +14,7 @@ SRC_URI += "\
     file://0007-exec.go-do-not-write-linker-flags-into-buildids.patch \
     file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
+    file://CVE-2023-24531_1.patch \
+    file://CVE-2023-24531_2.patch \
 "
 SRC_URI[main.sha256sum] = "9a15c133ba2cfafe79652f4815b62e7cfc267f68df1b9454c6ab2a3ca8b96a88"
diff --git a/meta/recipes-devtools/go/go/CVE-2023-24531_1.patch b/meta/recipes-devtools/go/go/CVE-2023-24531_1.patch
new file mode 100644
index 0000000000..9de701b64b
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2023-24531_1.patch
@@ -0,0 +1,266 @@
+From c5463ec922a57d8b175c6639186ba9cbe15e6bc1 Mon Sep 17 00:00:00 2001
+From: Michael Matloob <matloob@golang.org>
+Date: Mon, 24 Apr 2023 16:57:28 -0400
+Subject: [PATCH 1/2] cmd/go: sanitize go env outputs
+
+go env, without any arguments, outputs the environment variables in
+the form of a script that can be run on the host OS. On Unix, single
+quote the strings and place single quotes themselves outside the
+single quoted strings. On windows use the set "var=val" syntax with
+the quote starting before the variable.
+
+Fixes #58508
+
+Change-Id: Iecd379a4af7285ea9b2024f0202250c74fd9a2bd
+Reviewed-on: https://go-review.googlesource.com/c/go/+/488375
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Michael Matloob <matloob@golang.org>
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Michael Matloob <matloob@golang.org>
+Reviewed-by: Bryan Mills <bcmills@google.com>
+Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
+
+CVE: CVE-2023-24531
+Upstream-Status: Backport [f379e78951a405e7e99a60fb231eeedbf976c108]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/cmd/go/internal/envcmd/env.go           | 60 ++++++++++++-
+ src/cmd/go/internal/envcmd/env_test.go      | 94 +++++++++++++++++++++
+ src/cmd/go/testdata/script/env_sanitize.txt |  5 ++
+ src/cmd/go/testdata/script/work_env.txt     |  2 +-
+ 4 files changed, 158 insertions(+), 3 deletions(-)
+ create mode 100644 src/cmd/go/internal/envcmd/env_test.go
+ create mode 100644 src/cmd/go/testdata/script/env_sanitize.txt
+
+diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
+index fb7448a..5b52fad 100644
+--- a/src/cmd/go/internal/envcmd/env.go
++++ b/src/cmd/go/internal/envcmd/env.go
+@@ -6,6 +6,7 @@
+ package envcmd
+ 
+ import (
++	"bytes"
+ 	"context"
+ 	"encoding/json"
+ 	"fmt"
+@@ -17,6 +18,7 @@ import (
+ 	"runtime"
+ 	"sort"
+ 	"strings"
++	"unicode"
+ 	"unicode/utf8"
+ 
+ 	"cmd/go/internal/base"
+@@ -413,9 +415,12 @@ func checkBuildConfig(add map[string]string, del map[string]bool) error {
+ func PrintEnv(w io.Writer, env []cfg.EnvVar) {
+ 	for _, e := range env {
+ 		if e.Name != "TERM" {
++			if runtime.GOOS != "plan9" && bytes.Contains([]byte(e.Value), []byte{0}) {
++				base.Fatalf("go: internal error: encountered null byte in environment variable %s on non-plan9 platform", e.Name)
++			}
+ 			switch runtime.GOOS {
+ 			default:
+-				fmt.Fprintf(w, "%s=\"%s\"\n", e.Name, e.Value)
++				fmt.Fprintf(w, "%s=%s\n", e.Name, shellQuote(e.Value))
+ 			case "plan9":
+ 				if strings.IndexByte(e.Value, '\x00') < 0 {
+ 					fmt.Fprintf(w, "%s='%s'\n", e.Name, strings.ReplaceAll(e.Value, "'", "''"))
+@@ -426,17 +431,68 @@ func PrintEnv(w io.Writer, env []cfg.EnvVar) {
+ 						if x > 0 {
+ 							fmt.Fprintf(w, " ")
+ 						}
++						// TODO(#59979): Does this need to be quoted like above?
+ 						fmt.Fprintf(w, "%s", s)
+ 					}
+ 					fmt.Fprintf(w, ")\n")
+ 				}
+ 			case "windows":
+-				fmt.Fprintf(w, "set %s=%s\n", e.Name, e.Value)
++				if hasNonGraphic(e.Value) {
++					base.Errorf("go: stripping unprintable or unescapable characters from %%%q%%", e.Name)
++				}
++				fmt.Fprintf(w, "set %s=%s\n", e.Name, batchEscape(e.Value))
+ 			}
+ 		}
+ 	}
+ }
+ 
++func hasNonGraphic(s string) bool {
++	for _, c := range []byte(s) {
++		if c == '\r' || c == '\n' || (!unicode.IsGraphic(rune(c)) && !unicode.IsSpace(rune(c))) {
++			return true
++		}
++	}
++	return false
++}
++
++func shellQuote(s string) string {
++	var b bytes.Buffer
++	b.WriteByte('\'')
++	for _, x := range []byte(s) {
++		if x == '\'' {
++			// Close the single quoted string, add an escaped single quote,
++			// and start another single quoted string.
++			b.WriteString(`'\''`)
++		} else {
++			b.WriteByte(x)
++		}
++	}
++	b.WriteByte('\'')
++	return b.String()
++}
++
++func batchEscape(s string) string {
++	var b bytes.Buffer
++	for _, x := range []byte(s) {
++		if x == '\r' || x == '\n' || (!unicode.IsGraphic(rune(x)) && !unicode.IsSpace(rune(x))) {
++			b.WriteRune(unicode.ReplacementChar)
++			continue
++		}
++		switch x {
++		case '%':
++			b.WriteString("%%")
++		case '<', '>', '|', '&', '^':
++			// These are special characters that need to be escaped with ^. See
++			// https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/set_1.
++			b.WriteByte('^')
++			b.WriteByte(x)
++		default:
++			b.WriteByte(x)
++		}
++	}
++	return b.String()
++}
++
+ func printEnvAsJSON(env []cfg.EnvVar) {
+ 	m := make(map[string]string)
+ 	for _, e := range env {
+diff --git a/src/cmd/go/internal/envcmd/env_test.go b/src/cmd/go/internal/envcmd/env_test.go
+new file mode 100644
+index 0000000..32d99fd
+--- /dev/null
++++ b/src/cmd/go/internal/envcmd/env_test.go
+@@ -0,0 +1,94 @@
++// Copyright 2022 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++//go:build unix || windows
++
++package envcmd
++
++import (
++	"bytes"
++	"cmd/go/internal/cfg"
++	"fmt"
++	"internal/testenv"
++	"os"
++	"os/exec"
++	"path/filepath"
++	"runtime"
++	"testing"
++	"unicode"
++)
++
++func FuzzPrintEnvEscape(f *testing.F) {
++	f.Add(`$(echo 'cc"'; echo 'OOPS="oops')`)
++	f.Add("$(echo shell expansion 1>&2)")
++	f.Add("''")
++	f.Add(`C:\"Program Files"\`)
++	f.Add(`\\"Quoted Host"\\share`)
++	f.Add("\xfb")
++	f.Add("0")
++	f.Add("")
++	f.Add("''''''''")
++	f.Add("\r")
++	f.Add("\n")
++	f.Add("E,%")
++	f.Fuzz(func(t *testing.T, s string) {
++		t.Parallel()
++
++		for _, c := range []byte(s) {
++			if c == 0 {
++				t.Skipf("skipping %q: contains a null byte. Null bytes can't occur in the environment"+
++					" outside of Plan 9, which has different code path than Windows and Unix that this test"+
++					" isn't testing.", s)
++			}
++			if c > unicode.MaxASCII {
++				t.Skipf("skipping %#q: contains a non-ASCII character %q", s, c)
++			}
++			if !unicode.IsGraphic(rune(c)) && !unicode.IsSpace(rune(c)) {
++				t.Skipf("skipping %#q: contains non-graphic character %q", s, c)
++			}
++			if runtime.GOOS == "windows" && c == '\r' || c == '\n' {
++				t.Skipf("skipping %#q on Windows: contains unescapable character %q", s, c)
++			}
++		}
++
++		var b bytes.Buffer
++		if runtime.GOOS == "windows" {
++			b.WriteString("@echo off\n")
++		}
++		PrintEnv(&b, []cfg.EnvVar{{Name: "var", Value: s}})
++		var want string
++		if runtime.GOOS == "windows" {
++			fmt.Fprintf(&b, "echo \"%%var%%\"\n")
++			want += "\"" + s + "\"\r\n"
++		} else {
++			fmt.Fprintf(&b, "printf '%%s\\n' \"$var\"\n")
++			want += s + "\n"
++		}
++		scriptfilename := "script.sh"
++		if runtime.GOOS == "windows" {
++			scriptfilename = "script.bat"
++		}
++		scriptfile := filepath.Join(t.TempDir(), scriptfilename)
++		if err := os.WriteFile(scriptfile, b.Bytes(), 0777); err != nil {
++			t.Fatal(err)
++		}
++		t.Log(b.String())
++		var cmd *exec.Cmd
++		if runtime.GOOS == "windows" {
++			cmd = testenv.Command(t, "cmd.exe", "/C", scriptfile)
++		} else {
++			cmd = testenv.Command(t, "sh", "-c", scriptfile)
++		}
++		out, err := cmd.Output()
++		t.Log(string(out))
++		if err != nil {
++			t.Fatal(err)
++		}
++
++		if string(out) != want {
++			t.Fatalf("output of running PrintEnv script and echoing variable: got: %q, want: %q",
++				string(out), want)
++		}
++	})
++}
+diff --git a/src/cmd/go/testdata/script/env_sanitize.txt b/src/cmd/go/testdata/script/env_sanitize.txt
+new file mode 100644
+index 0000000..cc4d23a
+--- /dev/null
++++ b/src/cmd/go/testdata/script/env_sanitize.txt
+@@ -0,0 +1,5 @@
++env GOFLAGS='$(echo ''cc"''; echo ''OOPS="oops'')'
++go env
++[GOOS:darwin] stdout 'GOFLAGS=''\$\(echo ''\\''''cc"''\\''''; echo ''\\''''OOPS="oops''\\''''\)'''
++[GOOS:linux] stdout 'GOFLAGS=''\$\(echo ''\\''''cc"''\\''''; echo ''\\''''OOPS="oops''\\''''\)'''
++[GOOS:windows] stdout 'set GOFLAGS=\$\(echo ''cc"''; echo ''OOPS="oops''\)'
+diff --git a/src/cmd/go/testdata/script/work_env.txt b/src/cmd/go/testdata/script/work_env.txt
+index 511bb4e..8b1779e 100644
+--- a/src/cmd/go/testdata/script/work_env.txt
++++ b/src/cmd/go/testdata/script/work_env.txt
+@@ -1,7 +1,7 @@
+ go env GOWORK
+ stdout '^'$GOPATH'[\\/]src[\\/]go.work$'
+ go env
+-stdout '^(set )?GOWORK="?'$GOPATH'[\\/]src[\\/]go.work"?$'
++stdout '^(set )?GOWORK=''?'$GOPATH'[\\/]src[\\/]go.work''?$'
+ 
+ cd ..
+ go env GOWORK
+-- 
+2.39.0
+
diff --git a/meta/recipes-devtools/go/go/CVE-2023-24531_2.patch b/meta/recipes-devtools/go/go/CVE-2023-24531_2.patch
new file mode 100644
index 0000000000..dec36f9d42
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2023-24531_2.patch
@@ -0,0 +1,47 @@
+From 24f1def536c5344e0067a3119790b83ee6224058 Mon Sep 17 00:00:00 2001
+From: miller <millerresearch@gmail.com>
+Date: Mon, 8 May 2023 16:56:21 +0100
+Subject: [PATCH 2/2] cmd/go: quote entries in list-valued variables for go env
+ in plan9
+
+When 'go env' without an argument prints environment variables as
+a script which can be executed by the shell, variables with a
+list value in Plan 9 (such as GOPATH) need to be printed with each
+element enclosed in single quotes in case it contains characters
+significant to the Plan 9 shell (such as ' ' or '=').
+
+For #58508
+
+Change-Id: Ia30f51307cc6d07a7e3ada6bf9d60bf9951982ff
+Reviewed-on: https://go-review.googlesource.com/c/go/+/493535
+Run-TryBot: Cherry Mui <cherryyz@google.com>
+Reviewed-by: Cherry Mui <cherryyz@google.com>
+Reviewed-by: Russ Cox <rsc@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
+
+CVE: CVE-2023-24531
+Upstream-Status: Backport [05cc9e55876874462a4726ca0101c970838c80e5]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/cmd/go/internal/envcmd/env.go | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
+index 5b52fad..d4fc399 100644
+--- a/src/cmd/go/internal/envcmd/env.go
++++ b/src/cmd/go/internal/envcmd/env.go
+@@ -431,8 +431,7 @@ func PrintEnv(w io.Writer, env []cfg.EnvVar) {
+ 						if x > 0 {
+ 							fmt.Fprintf(w, " ")
+ 						}
+-						// TODO(#59979): Does this need to be quoted like above?
+-						fmt.Fprintf(w, "%s", s)
++						fmt.Fprintf(w, "'%s'", strings.ReplaceAll(s, "'", "''"))
+ 					}
+ 					fmt.Fprintf(w, ")\n")
+ 				}
+-- 
+2.39.0
+
-- 
2.34.1

[OE-core][mickledore 03/11] webkitgtk: 2.38.5 -> 2.38.6

[Steve Sakoman]

From: Kai Kang <kai.kang@windriver.com>

Update webkitgtk from 2.38.5 to 2.38.6. It fixes CVE-2023-27932 and
CVE-2023-27954.

What’s new in the WebKitGTK 2.38.6 release?

* Enable the Asynchronous Clipboard API to make certain pages work (e.g.
  GithHub started recently requiring it).
* Support :has() CSS selectors in content filters.
* Apply basic font properties as font variation settings.
* The Bubblewrap sandbox no longer requires setting an application
  identifier via GApplication to operate correctly. Using GApplication
  is still recommended, but optional.
* Improvements to the GStreamer multimedia playback, in particular
  around MSE, WebRTC, and seeking.
* Fix the build with journald support enabled when using elogind instead
  of the systemd libraries.
* Fix the build with Link-Time Optimization enabled (-flto=auto).
* Fix context menus not working in the remote Web Inspector.
* Fix usage of the remote Web Inspector over HTTP.
* Fix debug logs not being emitted in release builds.
* Fix several crashes and rendering issues.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../webkit/{webkitgtk_2.38.5.bb => webkitgtk_2.38.6.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-sato/webkit/{webkitgtk_2.38.5.bb => webkitgtk_2.38.6.bb} (98%)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb b/meta/recipes-sato/webkit/webkitgtk_2.38.6.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.38.5.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.38.6.bb
index 36c6233b33..5e8adf50fc 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.38.5.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.38.6.bb
@@ -15,7 +15,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://0d3344e17d258106617b0e6d783d073b188a2548.patch \
            file://d318bb461f040b90453bc4e100dcf967243ecd98.patch \
            "
-SRC_URI[sha256sum] = "40c20c43022274df5893f22b1054fa894c3eea057389bb08aee08c5b0bb0c1a7"
+SRC_URI[sha256sum] = "1c614c9589389db1a79ea9ba4293bbe8ac3ab0a2234cac700935fae0724ad48b"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
 
-- 
2.34.1

[OE-core][mickledore 04/11] linux-yocto/5.15: update to v5.15.119

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    4af60700a60c Linux 5.15.119
    10fbd2e04e40 act_mirred: remove unneded merge conflict markers
    2230b3f874d9 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
    907a069ec38f x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    7949f83f7ecc vhost_net: revert upend_idx only on retriable error
    fdac0aa4a175 drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    f012d3037c15 drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    a44b4230d2ba drm/exynos: vidi: fix a wrong error return
    79b4125bce96 ARM: dts: Fix erroneous ADS touchscreen polarities
    9684c4fdeeca s390/purgatory: disable branch profiling
    3c4d87e9fa8a ASoC: nau8824: Add quirk to active-high jack-detect
    d77eac1b14e0 soundwire: dmi-quirks: add new mapping for HP Spectre x360
    53ad4af4ec90 ASoC: simple-card: Add missing of_node_put() in case of error
    bb45dc7b67c5 spi: lpspi: disable lpspi module irq in DMA mode
    f8d9d8f1727d s390/cio: unregister device when the only path is gone
    e10d15fdfced Input: soc_button_array - add invalid acpi_index DMI quirk handling
    26bde09a1512 nvme: double KA polling frequency to avoid KATO with TBKAS on
    e3bbc148377d usb: gadget: udc: fix NULL dereference in remove()
    cce681383d34 nfcsim.c: Fix error checking for debugfs_create_dir
    8a5ddd1430d4 media: cec: core: don't set last_initiator if tx in progress
    01cf989090da arm64: Add missing Set/Way CMO encodings
    f97b16c0a538 HID: wacom: Add error check to wacom_parse_and_register()
    e8bdb1f88699 scsi: target: iscsi: Prevent login threads from racing between each other
    1cc379d53b66 gpio: sifive: add missing check for platform_get_irq
    497d40140865 gpiolib: Fix GPIO chip IRQ initialization restriction
    7973c4b3b97d gpio: Allow per-parent interrupt data
    c1a2b52d999e sch_netem: acquire qdisc lock in netem_change()
    3138c85031e8 selftests: forwarding: Fix race condition in mirror installation
    b7db41a86541 bpf/btf: Accept function names that contain dots
    0f8d81254fd6 Revert "net: phy: dp83867: perform soft reset and retain established link"
    57130334da4e netfilter: nfnetlink_osf: fix module autoload
    53defc6ecff4 netfilter: nf_tables: disallow updates of anonymous sets
    2f2f9eaa6da1 netfilter: nf_tables: reject unbound chain set before commit phase
    2938e7d582d7 netfilter: nf_tables: reject unbound anonymous set before commit phase
    baa3ec1b31f5 netfilter: nf_tables: disallow element updates of bound anonymous sets
    45eb6944d0f5 netfilter: nft_set_pipapo: .walk does not deal with generations
    4004f12aaca8 netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
    314a8697d080 netfilter: nf_tables: fix chain binding transaction logic
    1328e8d4c3ee be2net: Extend xmit workaround to BE3 chip
    768f94c5f639 net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
    aa528e7d379f net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    efea112a87b6 ipvs: align inner_mac_header for encapsulation
    24d7d9aee03d mmc: usdhi60rol0: fix deferred probing
    d1e08bed0307 mmc: sh_mmcif: fix deferred probing
    34c4906b9a06 mmc: sdhci-acpi: fix deferred probing
    41f1e8dab08d mmc: owl: fix deferred probing
    b86ca9e08ca9 mmc: omap_hsmmc: fix deferred probing
    445a9568dec1 mmc: omap: fix deferred probing
    840deb8d1418 mmc: mvsdio: fix deferred probing
    92f73c4f927c mmc: mtk-sd: fix deferred probing
    aedecd013d2c net: qca_spi: Avoid high load if QCA7000 is not available
    156dd06fb337 xfrm: Linearize the skb after offloading if needed.
    d967bd7ea6cc selftests: net: fcnal-test: check if FIPS mode is enabled
    964cfdfd4b4f xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
    25e89fa7b5a8 bpf: Fix verifier id tracking of scalars on spill
    0b180495f6b0 bpf: track immediate values written to stack by BPF_ST instruction
    3229a29e95f5 xfrm: Ensure policies always checked on XFRM-I input path
    d055ee18cab8 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
    491ce3c1d98a xfrm: Treat already-verified secpath entries as optional
    0ce3d0c068d9 ieee802154: hwsim: Fix possible memory leaks
    29672dc47d99 mmc: meson-gx: fix deferred probing
    9bac4a2b7326 memfd: check for non-NULL file_seals in memfd_create() syscall
    103734b429b9 x86/mm: Avoid using set_pgd() outside of real PGD pages
    793d0224bb60 nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    96987c383c2b io_uring/net: disable partial retries for recvmsg with cmsg
    25a543ca3005 io_uring/net: clear msg_controllen on partial sendmsg retry
    34a7e5021a43 io_uring/net: save msghdr->msg_control for retries
    b07bb2914ada writeback: fix dereferencing NULL mapping->host on writeback_page_template
    3c46a240ddba regmap: spi-avmm: Fix regmap_bus max_raw_write
    4796d9b06917 regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
    ba9952e2f50b ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
    acee272283f4 mmc: mmci: stm32: fix max busy timeout calculation
    999173f295cc mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    00010b52c705 mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
    4a557910bbed cgroup: Do not corrupt task iteration when rebinding subsystem
    815b24401165 PCI: hv: Add a per-bus mutex state_lock
    34e21b8ff3e6 PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
    7d852ca7af37 PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
    5e0d33cc7813 Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
    ac0df91c7d98 PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    80c5d97b4aa1 Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    4d31eb2e266c Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
    953dd7e2df81 KVM: Avoid illegal stage2 mapping on invalid memory slot
    1d6c93206839 ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
    b12011cea56b nilfs2: fix buffer corruption due to concurrent device reads
    485f6be2549c selftests: mptcp: join: skip check if MIB counter not supported
    64cb73ea77ab selftests: mptcp: join: use 'iptables-legacy' if available
    979a941d7ed3 selftests: mptcp: pm nl: remove hardcoded default limits
    ac65930751c4 selftests/mount_setattr: fix redefine struct mount_attr build error
    726d033133e7 selftests: mptcp: lib: skip if not below kernel version
    b28fc26683b4 selftests: mptcp: lib: skip if missing symbol
    024a24e5d4dd tick/common: Align tick period during sched_timer setup
    3c1aa91b37f9 drm/amd/display: Add wrapper to call planes and stream update
    eea850c025b5 drm/amd/display: Use dc_update_planes_and_stream
    fb7c68bbccad drm/amd/display: Add minimal pipe split transition state
    b5f0e898f674 tpm, tpm_tis: Claim locality in interrupt handler
    39e787253720 tracing: Add tracing_reset_all_online_cpus_unlocked() function
    5a24be76af79 drm/amd/display: fix the system hang while disable PSR

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 6ca7873910..a75eef5d8b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "b2a7dbd4edac7627c091c2ab14fec83726a4c79b"
-SRCREV_meta ?= "b647d9611cb4936536e60a438292fc22df2fe000"
+SRCREV_machine ?= "482797bf5730cf22143afe28d489363ca4bf44a2"
+SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "5.15.118"
+LINUX_VERSION ?= "5.15.119"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 616cc47202..6d7939ba83 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.118"
+LINUX_VERSION ?= "5.15.119"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "b79e89ab973aeb8ec48e2cd987436ab52678e795"
-SRCREV_meta ?= "b647d9611cb4936536e60a438292fc22df2fe000"
+SRCREV_machine ?= "ded230a888ef81ccedf0044bd8c2236f3b809599"
+SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 4ae03f1cb4..dfe9171ddd 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "2290ac7e8d7fbb8e13a34468b85066c398c7d1f3"
-SRCREV_machine:qemuarm64 ?= "3f3f2067c3ee4d9dffaed9b757583d013671cf25"
-SRCREV_machine:qemumips ?= "f61a3b045bdfc9aa7da440852e0a79fd8d9b4d69"
-SRCREV_machine:qemuppc ?= "7a2773ad8fb4ae4eb0183ccda8ec133098d13ec9"
-SRCREV_machine:qemuriscv64 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemuriscv32 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemux86 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemux86-64 ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_machine:qemumips64 ?= "47d334232ab28f0f8d5316e07e11f8f14c6aaecc"
-SRCREV_machine ?= "079c88490578df99b38570c8968b836b8347ed44"
-SRCREV_meta ?= "b647d9611cb4936536e60a438292fc22df2fe000"
+SRCREV_machine:qemuarm ?= "9ae4c8018039201ce683ff26bde47a3e3e6664ef"
+SRCREV_machine:qemuarm64 ?= "58394274da1b4fdf69ca780001bf25eebfd1950f"
+SRCREV_machine:qemumips ?= "bacfb28c9349b36afe3041e57d98551aa723bbc2"
+SRCREV_machine:qemuppc ?= "d9efae0cb3731ab62cb81778c2fa5689594d34b1"
+SRCREV_machine:qemuriscv64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemuriscv32 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemux86 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemux86-64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_machine:qemumips64 ?= "2ae09c410d8a5a0ec66d50368579dd3d3616072b"
+SRCREV_machine ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
+SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "f67653019430833d5003f16817d7fa85272a6a76"
+SRCREV_machine:class-devupstream ?= "4af60700a60cc45ee4fb6d579cccf1b7bca20c34"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.118"
+LINUX_VERSION ?= "5.15.119"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][mickledore 05/11] linux-yocto/5.15: update to v5.15.120

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    d54cfc420586 Linux 5.15.120
    c06edf13f4cf nubus: Partially revert proc_create_single_data() conversion
    6e65fa33edf5 parisc: Delete redundant register definitions in <asm/assembly.h>
    b4d8f8900021 drm/amdgpu: Validate VM ioctl flags.
    26eb191bf5a0 scripts/tags.sh: Resolve gtags empty index generation
    989b4a753c7e perf symbols: Symbol lookup with kcore can fail if multiple segments match stext
    87f51cf60e3e Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe"
    6a28f3490d3d HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
    67ce7724637c HID: wacom: Use ktime_t rather than int when dealing with timestamps
    347732317749 bpf: ensure main program has an extable
    d874cf9799a9 can: isotp: isotp_sendmsg(): fix return error fix on TX path
    27d03d15bb8b x86/smp: Use dedicated cache-line for mwait_play_dead()
    d6c745ca4fc5 x86/microcode/AMD: Load late on both threads too
    9052349685e9 drm/amdgpu: Set vmbo destroy after pt bo is created
    796481bedc3e mm, hwpoison: when copy-on-write hits poison, take page offline
    6713b8f11aa0 mm, hwpoison: try to recover from copy-on write faults
    b46021ab8304 mptcp: consolidate fallback and non fallback state machine
    42ff95b4bd11 mptcp: fix possible divide by zero in recvmsg()

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index a75eef5d8b..94b0df3f4d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "482797bf5730cf22143afe28d489363ca4bf44a2"
-SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
+SRCREV_machine ?= "0b2e44360ea08b441883f16826c4720546a0886c"
+SRCREV_meta ?= "820b9bdb192ae263be93e609da415c570d5acc79"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "5.15.119"
+LINUX_VERSION ?= "5.15.120"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 6d7939ba83..e5d181598d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.119"
+LINUX_VERSION ?= "5.15.120"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "ded230a888ef81ccedf0044bd8c2236f3b809599"
-SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
+SRCREV_machine ?= "bb0cc3f9542c03fba314f5da44e91556c641706f"
+SRCREV_meta ?= "820b9bdb192ae263be93e609da415c570d5acc79"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index dfe9171ddd..80cc5239cd 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "9ae4c8018039201ce683ff26bde47a3e3e6664ef"
-SRCREV_machine:qemuarm64 ?= "58394274da1b4fdf69ca780001bf25eebfd1950f"
-SRCREV_machine:qemumips ?= "bacfb28c9349b36afe3041e57d98551aa723bbc2"
-SRCREV_machine:qemuppc ?= "d9efae0cb3731ab62cb81778c2fa5689594d34b1"
-SRCREV_machine:qemuriscv64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemuriscv32 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemux86 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemux86-64 ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_machine:qemumips64 ?= "2ae09c410d8a5a0ec66d50368579dd3d3616072b"
-SRCREV_machine ?= "a05c1b953b7b7dbd195b7f826e8879d79587a4a3"
-SRCREV_meta ?= "58ef8845366aea0e1719d00618444be34a765c15"
+SRCREV_machine:qemuarm ?= "938c0c130bc6403d7e54ffc026a1eb32d10b34f9"
+SRCREV_machine:qemuarm64 ?= "d248c07ace0f6bf2a94eaba26a2bdbdbcfb2ec15"
+SRCREV_machine:qemumips ?= "19fdaea3b322820eb042622e68ede3cc99cdf87f"
+SRCREV_machine:qemuppc ?= "8db87cbed6574bec3ece05bf4cbb275fd3497f50"
+SRCREV_machine:qemuriscv64 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemuriscv32 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemux86 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemux86-64 ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_machine:qemumips64 ?= "f7673229ddb5c9f3d77b5fb521c98f7dcd20f2ea"
+SRCREV_machine ?= "74c80e559b24dd2c75214e4affc86d71f3d8cc8a"
+SRCREV_meta ?= "820b9bdb192ae263be93e609da415c570d5acc79"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "4af60700a60cc45ee4fb6d579cccf1b7bca20c34"
+SRCREV_machine:class-devupstream ?= "d54cfc420586425d418a53871290cc4a59d33501"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -38,7 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.119"
+LINUX_VERSION ?= "5.15.120"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][mickledore 06/11] vim: upgrade 9.0.1527 -> 9.0.1592

[Steve Sakoman]

From: Trevor Gamblin <tgamblin@baylibre.com>

Fixes:

https://nvd.nist.gov/vuln/detail/CVE-2023-2609
d1ae836 patch 9.0.1531: crash when register contents ends up being invalid
https://nvd.nist.gov/vuln/detail/CVE-2023-2610
ab9a2d8 patch 9.0.1532: crash when expanding "~" in substitute causes very long text

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index e1d2563316..33ae0d8079 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".1527"
-SRCREV = "c28e7a2b2f23dbd246a1ad7ad7aaa6f7ab2e5887"
+PV .= ".1592"
+SRCREV = "29b4c513b11deb37f0e0538df53d195f602fa42c"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.34.1

[OE-core][mickledore 07/11] tiff: upgrade to 4.5.1

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE
updates.

This is a backport from master. Mickledore had one extra CVE patch that
was not on master at the time of upgrade, so it had to be manually
removed here.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Natasha Bailey <nat.bailey@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/files/CVE-2022-48281.patch        |  29 ----
 .../libtiff/files/CVE-2023-25434.patch        | 159 ------------------
 .../libtiff/files/CVE-2023-26965.patch        |  99 -----------
 .../libtiff/files/CVE-2023-2731.patch         |  39 -----
 .../libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb}  |  14 +-
 5 files changed, 2 insertions(+), 338 deletions(-)
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25434.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch
 delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
 rename meta/recipes-multimedia/libtiff/{tiff_4.5.0.bb => tiff_4.5.1.bb} (81%)

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
deleted file mode 100644
index e356d377ea..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-CVE: CVE-2022-48281
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
-From: Su Laus <sulau@freenet.de>
-Date: Sat, 21 Jan 2023 15:58:10 +0000
-Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
-
----
- tools/tiffcrop.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 14fa18da..7db69883 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
-                     cropsize + NUM_BUFF_OVERSIZE_BYTES);
-             else
-             {
--                prev_cropsize = seg_buffs[0].size;
-+                prev_cropsize = seg_buffs[i].size;
-                 if (prev_cropsize < cropsize)
-                 {
-                     next_buff = _TIFFrealloc(
--- 
-GitLab
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-25434.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-25434.patch
deleted file mode 100644
index a78c9709f9..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2023-25434.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-From 69818e2f2d246e6631ac2a2da692c3706b849c38 Mon Sep 17 00:00:00 2001
-From: Su_Laus <sulau@freenet.de>
-Date: Sun, 29 Jan 2023 11:09:26 +0100
-Subject: [PATCH] tiffcrop: Amend rotateImage() not to toggle the input (main)
- image width and length parameters when only cropped image sections are
- rotated. Remove buffptr from region structure because never used.
-
-Closes #492 #493 #494 #495 #499 #518 #519
-
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38]
-CVE: CVE-2023-25434
-
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
----
- tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++--------------------
- 1 file changed, 30 insertions(+), 21 deletions(-)
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index fc5b34b..6e1acc4 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -296,7 +296,6 @@ struct region
-     uint32_t width;    /* width in pixels */
-     uint32_t length;   /* length in pixels */
-     uint32_t buffsize; /* size of buffer needed to hold the cropped region */
--    unsigned char *buffptr; /* address of start of the region */
- };
- 
- /* Cropping parameters from command line and image data
-@@ -577,7 +576,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
- static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
-                                      uint32_t, uint32_t, uint8_t *, uint8_t *);
- static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
--                       unsigned char **);
-+                       unsigned char **, int);
- static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
-                        unsigned char *);
- static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
-@@ -5779,7 +5778,6 @@ static void initCropMasks(struct crop_mask *cps)
-         cps->regionlist[i].width = 0;
-         cps->regionlist[i].length = 0;
-         cps->regionlist[i].buffsize = 0;
--        cps->regionlist[i].buffptr = NULL;
-         cps->zonelist[i].position = 0;
-         cps->zonelist[i].total = 0;
-     }
-@@ -7221,8 +7219,13 @@ static int correct_orientation(struct image_data *image,
-             return (-1);
-         }
- 
--        if (rotateImage(rotation, image, &image->width, &image->length,
--                        work_buff_ptr))
-+        /* Dummy variable in order not to switch two times the
-+         * image->width,->length within rotateImage(),
-+         * but switch xres, yres there. */
-+        uint32_t width = image->width;
-+        uint32_t length = image->length;
-+        if (rotateImage(rotation, image, &width, &length, work_buff_ptr,
-+                        TRUE))
-         {
-             TIFFError("correct_orientation", "Unable to rotate image");
-             return (-1);
-@@ -7291,7 +7294,6 @@ static int extractCompositeRegions(struct image_data *image,
-         /* These should not be needed for composite images */
-         crop->regionlist[i].width = crop_width;
-         crop->regionlist[i].length = crop_length;
--        crop->regionlist[i].buffptr = crop_buff;
- 
-         src_rowsize = ((img_width * bps * spp) + 7) / 8;
-         dst_rowsize = (((crop_width * bps * count) + 7) / 8);
-@@ -7552,7 +7554,6 @@ static int extractSeparateRegion(struct image_data *image,
- 
-     crop->regionlist[region].width = crop_width;
-     crop->regionlist[region].length = crop_length;
--    crop->regionlist[region].buffptr = crop_buff;
- 
-     src = read_buff;
-     dst = crop_buff;
-@@ -8543,7 +8544,7 @@ static int processCropSelections(struct image_data *image,
-                                               reallocate the buffer */
-         {
-             if (rotateImage(crop->rotation, image, &crop->combined_width,
--                            &crop->combined_length, &crop_buff))
-+                            &crop->combined_length, &crop_buff, FALSE))
-             {
-                 TIFFError("processCropSelections",
-                           "Failed to rotate composite regions by %" PRIu32
-@@ -8668,7 +8669,7 @@ static int processCropSelections(struct image_data *image,
-                  */
-                 if (rotateImage(crop->rotation, image,
-                                 &crop->regionlist[i].width,
--                                &crop->regionlist[i].length, &crop_buff))
-+                                &crop->regionlist[i].length, &crop_buff, FALSE))
-                 {
-                     TIFFError("processCropSelections",
-                               "Failed to rotate crop region by %" PRIu16
-@@ -8815,7 +8816,7 @@ static int createCroppedImage(struct image_data *image, struct crop_mask *crop,
-         CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
-     {
-         if (rotateImage(crop->rotation, image, &crop->combined_width,
--                        &crop->combined_length, crop_buff_ptr))
-+                        &crop->combined_length, crop_buff_ptr, TRUE))
-         {
-             TIFFError("createCroppedImage",
-                       "Failed to rotate image or cropped selection by %" PRIu16
-@@ -9531,7 +9532,7 @@ static int rotateContigSamples32bits(uint16_t rotation, uint16_t spp,
- /* Rotate an image by a multiple of 90 degrees clockwise */
- static int rotateImage(uint16_t rotation, struct image_data *image,
-                        uint32_t *img_width, uint32_t *img_length,
--                       unsigned char **ibuff_ptr)
-+                       unsigned char **ibuff_ptr, int rot_image_params)
- {
-     int shift_width;
-     uint32_t bytes_per_pixel, bytes_per_sample;
-@@ -9747,11 +9748,15 @@ static int rotateImage(uint16_t rotation, struct image_data *image,
- 
-             *img_width = length;
-             *img_length = width;
--            image->width = length;
--            image->length = width;
--            res_temp = image->xres;
--            image->xres = image->yres;
--            image->yres = res_temp;
-+            /* Only toggle image parameters if whole input image is rotated. */
-+            if (rot_image_params)
-+            {
-+                image->width = length;
-+                image->length = width;
-+                res_temp = image->xres;
-+                image->xres = image->yres;
-+                image->yres = res_temp;
-+            }
-             break;
- 
-         case 270:
-@@ -9834,11 +9839,15 @@ static int rotateImage(uint16_t rotation, struct image_data *image,
- 
-             *img_width = length;
-             *img_length = width;
--            image->width = length;
--            image->length = width;
--            res_temp = image->xres;
--            image->xres = image->yres;
--            image->yres = res_temp;
-+            /* Only toggle image parameters if whole input image is rotated. */
-+            if (rot_image_params)
-+            {
-+                image->width = length;
-+                image->length = width;
-+                res_temp = image->xres;
-+                image->xres = image->yres;
-+                image->yres = res_temp;
-+            }
-             break;
-         default:
-             break;
--- 
-2.35.7
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch
deleted file mode 100644
index 09161c9165..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Mon Sep 17 00:00:00 2001
-From: Su_Laus <sulau@freenet.de>
-Date: Tue, 14 Feb 2023 20:43:43 +0100
-Subject: [PATCH] tiffcrop: Do not reuse input buffer for subsequent images.
- Fix issue 527
-
-Reuse of read_buff within loadImage() from previous image is quite unsafe, because other functions (like rotateImage() etc.) reallocate that buffer with different size without updating the local prev_readsize value.
-
-Closes #527
-
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf]
-CVE: CVE-2023-26965
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
----
- tools/tiffcrop.c | 47 +++++++++++++----------------------------------
- 1 file changed, 13 insertions(+), 34 deletions(-)
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index fb0fbb2..58ed3ab 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -6746,9 +6746,7 @@ static int loadImage(TIFF *in, struct image_data *image, struct dump_opts *dump,
-     uint32_t tw = 0, tl = 0; /* Tile width and length */
-     tmsize_t tile_rowsize = 0;
-     unsigned char *read_buff = NULL;
--    unsigned char *new_buff = NULL;
-     int readunit = 0;
--    static tmsize_t prev_readsize = 0;
- 
-     TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
-     TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp);
-@@ -7072,43 +7070,25 @@ static int loadImage(TIFF *in, struct image_data *image, struct dump_opts *dump,
-     }
- 
-     read_buff = *read_ptr;
--    /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */
--    /* outside buffer */
--    if (!read_buff)
-+    /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit
-+     * outside buffer */
-+    /* Reuse of read_buff from previous image is quite unsafe, because other
-+     * functions (like rotateImage() etc.) reallocate that buffer with different
-+     * size without updating the local prev_readsize value. */
-+    if (read_buff)
-     {
--        if (buffsize > 0xFFFFFFFFU - 3)
--        {
--            TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
--            return (-1);
--        }
--        read_buff =
--            (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
-+        _TIFFfree(read_buff);
-     }
--    else
-+    if (buffsize > 0xFFFFFFFFU - 3)
-     {
--        if (prev_readsize < buffsize)
--        {
--            if (buffsize > 0xFFFFFFFFU - 3)
--            {
--                TIFFError("loadImage",
--                          "Unable to allocate/reallocate read buffer");
--                return (-1);
--            }
--            new_buff =
--                _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
--            if (!new_buff)
--            {
--                free(read_buff);
--                read_buff = (unsigned char *)limitMalloc(
--                    buffsize + NUM_BUFF_OVERSIZE_BYTES);
--            }
--            else
--                read_buff = new_buff;
--        }
-+        TIFFError("loadImage", "Required read buffer size too large");
-+        return (-1);
-     }
-+    read_buff =
-+        (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
-     if (!read_buff)
-     {
--        TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
-+        TIFFError("loadImage", "Unable to allocate read buffer");
-         return (-1);
-     }
- 
-@@ -7116,7 +7096,6 @@ static int loadImage(TIFF *in, struct image_data *image, struct dump_opts *dump,
-     read_buff[buffsize + 1] = 0;
-     read_buff[buffsize + 2] = 0;
- 
--    prev_readsize = buffsize;
-     *read_ptr = read_buff;
- 
-     /* N.B. The read functions used copy separate plane data into a buffer as
--- 
-2.35.7
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
deleted file mode 100644
index 7db0a35f72..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 29 Apr 2023 12:20:46 +0200
-Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
- strip whith a missing end-of-information marker (fixes #548)
-
-CVE: CVE-2023-2731
-Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b]
-
----
- libtiff/tif_lzw.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index ba75a07e..d631fa10 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
- 
-     if (sp->read_error)
-     {
-+        TIFFErrorExtR(tif, module,
-+                      "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
-+                      "previous error",
-+                      tif->tif_row);
-         return 0;
-     }
- 
-@@ -742,6 +746,7 @@ after_loop:
-     return (1);
- 
- no_eoi:
-+    sp->read_error = 1;
-     TIFFErrorExtR(tif, module,
-                   "LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
-                   tif->tif_curstrip);
--- 
-2.34.1
-
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
similarity index 81%
rename from meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
rename to meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
index 220f7e2816..5af3f84265 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
@@ -8,14 +8,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
 
 CVE_PRODUCT = "libtiff"
 
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
-           file://CVE-2022-48281.patch \
-           file://CVE-2023-2731.patch \
-           file://CVE-2023-25434.patch \
-           file://CVE-2023-26965.patch \
-"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"
+SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b"
 
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
@@ -23,11 +18,6 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 # Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
 # and 4.3.0 doesn't have the issue
 CVE_CHECK_IGNORE += "CVE-2015-7313"
-# These issues only affect libtiff post-4.3.0 but before 4.4.0,
-# caused by 3079627e and fixed by b4e79bfa.
-CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
-# Issue is in jbig which we don't enable
-CVE_CHECK_IGNORE += "CVE-2022-1210"
 
 inherit autotools multilib_header
 
-- 
2.34.1

[OE-core][mickledore 08/11] gcc: don't pass --enable-standard-branch-protection

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

By changing the default code generation of GCC we're inadvertently
breaking the GCC test suite, which has ~120K+ more failures when run for
aarch64 compared to x86-64.

This was because the generated code fragments included the BTI
instructions, which the test case wasn't expecting.  We can't tell the
tests globally to run without branch protection, as that will break the
tests which also turn it on.

Remove the enabling of branch protection by standard in GCC, we'll
enable it in the tune files instead.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb4b9017db6a893ed054a2d2ad4cc671dec09c42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-configure-common.inc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc
index e4cdb73f0a..dba25eb754 100644
--- a/meta/recipes-devtools/gcc/gcc-configure-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc
@@ -40,7 +40,6 @@ EXTRA_OECONF = "\
     ${@get_gcc_mips_plt_setting(bb, d)} \
     ${@get_gcc_ppc_plt_settings(bb, d)} \
     ${@get_gcc_multiarch_setting(bb, d)} \
-	--enable-standard-branch-protection \
 "
 
 # glibc version is a minimum controlling whether features are enabled. 
-- 
2.34.1

[OE-core][mickledore 09/11] machine/arch-arm64: add -mbranch-protection=standard

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

Enable branch protection (PAC/BTI) for all aarch64 builds.  This was
previously enabled at a global level in the GCC build, but that breaks
the gcc test suite.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8905639d1cdc5ce809cc5ecd9672f5e86bf8a579)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/machine/include/arm/arch-arm64.inc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/conf/machine/include/arm/arch-arm64.inc b/meta/conf/machine/include/arm/arch-arm64.inc
index 0e2efb5a40..832d0000ac 100644
--- a/meta/conf/machine/include/arm/arch-arm64.inc
+++ b/meta/conf/machine/include/arm/arch-arm64.inc
@@ -37,3 +37,8 @@ TUNE_ARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_ARCH_64}',
 TUNE_PKGARCH = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TUNE_PKGARCH_64}', '${TUNE_PKGARCH_32}', d)}"
 ABIEXTENSION = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${ABIEXTENSION_64}', '${ABIEXTENSION_32}', d)}"
 TARGET_FPU = "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', '${TARGET_FPU_64}', '${TARGET_FPU_32}', d)}"
+
+# Emit branch protection (PAC/BTI) instructions.  On hardware that doesn't
+# support these they're meaningless NOP instructions, so there's very little
+# reason not to.
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'aarch64', ' -mbranch-protection=standard', '', d)}"
-- 
2.34.1

[OE-core][mickledore 10/11] gcc-testsuite: Fix ppc cpu specification

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

After this change in qemu:

https://gitlab.com/qemu-project/qemu/-/commit/c7e89de13224c1e6409152602ac760ac91f606b4

there is no 'max' cpu model on ppc. Drop it to clean up ppc gcc testsuite failures.

In order for this to work we do need to pull in the alternative cpu option from
QEMU_EXTRAOPTIONS on powerpc.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c447f2b21b20fb2b1829d540af2cc0bf8242700c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-testsuite.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc
index f68fec58ed..64f60c730f 100644
--- a/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -51,9 +51,10 @@ python check_prepare() {
         # enable all valid instructions, since the test suite itself does not
         # limit itself to the target cpu options.
         #   - valid for x86*, powerpc, arm, arm64
-        if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "ppc", "arm", "aarch64"]:
+        if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]:
             args += ["-cpu", "max"]
-
+        elif qemu_binary.lstrip("qemu-") in ["ppc"]:
+            args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split()
         sysroot = d.getVar("RECIPE_SYSROOT")
         args += ["-L", sysroot]
         # lib paths are static here instead of using $libdir since this is used by a -cross recipe
-- 
2.34.1

[OE-core][mickledore 11/11] acpica: Update SRC_URI

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

Update the SRC_URI to fix the do_fetch warning.
 $ wget https://acpica.org/sites/acpica/files/acpica-unix-20220331.tar.gz
--2023-07-19 02:45:33--  https://acpica.org/sites/acpica/files/acpica-unix-20220331.tar.gz
Resolving acpica.org... 20.29.206.128
Connecting to acpica.org|20.29.206.128|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.intel.com/content/www/us/en/developer/topic-technology/open/acpica/overview.html [following]
--2023-07-19 02:45:33--  https://www.intel.com/content/www/us/en/developer/topic-technology/open/acpica/overview.html
Resolving www.intel.com... 23.72.14.54
Connecting to www.intel.com|23.72.14.54|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2023-07-19 02:45:34 ERROR 403: Forbidden.

 $ wget https://downloadmirror.intel.com/774879/acpica-unix-20220331.tar.gz
--2023-07-19 02:46:04--  https://downloadmirror.intel.com/774879/acpica-unix-20220331.tar.gz
Resolving downloadmirror.intel.com... 18.164.154.85, 18.164.154.5, 18.164.154.74, ...
Connecting to downloadmirror.intel.com|18.164.154.85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1911044 (1.8M) [application/gzip]
Saving to: ‘acpica-unix-20220331.tar.gz’

acpica-unix-20220331.tar.gz           100%[=========================================================================>]   1.82M  1.61MB/s    in 1.1s

2023-07-19 02:46:06 (1.61 MB/s) - ‘acpica-unix-20220331.tar.gz’ saved [1911044/1911044]

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/acpica/acpica_20220331.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/acpica/acpica_20220331.bb b/meta/recipes-extended/acpica/acpica_20220331.bb
index 2c554f863a..73b9154ee7 100644
--- a/meta/recipes-extended/acpica/acpica_20220331.bb
+++ b/meta/recipes-extended/acpica/acpica_20220331.bb
@@ -16,7 +16,7 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
 
 DEPENDS = "m4-native flex-native bison-native"
 
-SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
+SRC_URI = "https://downloadmirror.intel.com/774879/acpica-unix-${PV}.tar.gz"
 SRC_URI[sha256sum] = "acaff68b14f1e0804ebbfc4b97268a4ccbefcfa053b02ed9924f2b14d8a98e21"
 
 UPSTREAM_CHECK_URI = "https://acpica.org/downloads"
-- 
2.34.1