[OE-core][kirkstone 00/16] Patch review

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 18.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5748

The following changes since commit e1a604db8d2cf8782038b4016cc2e2052467333b:

  build-appliance-image: Update to kirkstone head revision (2023-08-07 04:41:22 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Adrian Freihofer (1):
  dmidecode: fixup for CVE-2023-30630

Alberto Planas (1):
  rpm2cpio.sh: update to the last 4.x version

Alexander Kanavin (1):
  libxcrypt: update PV to match SRCREV

Archana Polampalli (2):
  ghostscript: fix CVE-2023-38559
  qemu: fix CVE-2023-3180

Ashish Sharma (1):
  curl: Backport fix CVE-2023-32001

Bruce Ashfield (3):
  linux-yocto/5.10: update to v5.10.186
  linux-yocto/5.10: update to v5.10.187
  linux-yocto/5.10: update to v5.10.188

Marek Vasut (1):
  linux-firmware: Fix mediatek mt7601u firmware path

Martin Jansa (1):
  npm.bbclass: avoid DeprecationWarning with new python

Narpat Mali (1):
  python3-certifi: fix CVE-2023-37920

Pavel Zhukov (1):
  scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2

Peter Marko (1):
  procps: patch CVE-2023-4016

Vivek Kumbhar (1):
  qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS
    handshake can lead to remote unauthenticated denial of service

Yogita Urade (1):
  qemu: fix CVE-2020-14394

 meta/classes/npm.bbclass                      |   2 +-
 ...ibxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} |   0
 .../dmidecode/CVE-2023-30630_1a.patch         | 236 ++++++++++++++
 ...-30630_1.patch => CVE-2023-30630_1b.patch} | 126 +++-----
 .../dmidecode/CVE-2023-30630_2.patch          |  11 +-
 .../dmidecode/CVE-2023-30630_3.patch          |  60 ++--
 .../dmidecode/CVE-2023-30630_4.patch          | 149 ++++-----
 .../dmidecode/dmidecode_3.3.bb                |   3 +-
 .../python3-certifi/CVE-2023-37920.patch      | 301 ++++++++++++++++++
 .../python/python3-certifi_2021.10.8.bb       |   4 +-
 meta/recipes-devtools/qemu/qemu.inc           |   3 +
 .../qemu/qemu/CVE-2020-14394.patch            |  79 +++++
 .../qemu/qemu/CVE-2023-3180.patch             |  50 +++
 .../qemu/qemu/CVE-2023-3354.patch             |  87 +++++
 .../ghostscript/CVE-2023-38559.patch          |  32 ++
 .../ghostscript/ghostscript_9.55.0.bb         |   1 +
 .../procps/procps/CVE-2023-4016.patch         |  85 +++++
 meta/recipes-extended/procps/procps_3.3.17.bb |   1 +
 .../linux-firmware/linux-firmware_20230515.bb |   2 +-
 .../linux/linux-yocto-rt_5.10.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 .../curl/curl/CVE-2023-32001.patch            |  39 +++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 scripts/rpm2cpio.sh                           |  30 +-
 25 files changed, 1117 insertions(+), 223 deletions(-)
 rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} (100%)
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
 rename meta/recipes-devtools/dmidecode/dmidecode/{CVE-2023-30630_1.patch => CVE-2023-30630_1b.patch} (63%)
 create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
 create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch

-- 
2.34.1

[OE-core][kirkstone 01/16] python3-certifi: fix CVE-2023-37920

[Steve Sakoman]

From: Narpat Mali <narpat.mali@windriver.com>

Certifi is a curated collection of Root Certificates for validating
the trustworthiness of SSL certificates while verifying the identity
of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra"
root certificates. e-Tugra's root certificates were subject to an
investigation prompted by reporting of security issues in their systems.
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the
root store.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-37920
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../python3-certifi/CVE-2023-37920.patch      | 301 ++++++++++++++++++
 .../python/python3-certifi_2021.10.8.bb       |   4 +-
 2 files changed, 304 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch

diff --git a/meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch b/meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch
new file mode 100644
index 0000000000..62187ec469
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-certifi/CVE-2023-37920.patch
@@ -0,0 +1,301 @@
+From 2dfddd74a75e4a1fa9bb901ba31a96e13b98a4e2 Mon Sep 17 00:00:00 2001
+From: Narpat Mali <narpat.mali@windriver.com>
+Date: Wed, 2 Aug 2023 16:05:04 +0000
+Subject: [PATCH] Certifi is a curated collection of Root Certificates for
+ validating the trustworthiness of SSL certificates while verifying the
+ identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes
+ "e-Tugra" root certificates. e-Tugra's root certificates were subject to an
+ investigation prompted by reporting of security issues in their systems.
+ Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root
+ store.
+
+CVE: CVE-2023-37920
+
+Upstream-Status: Backport [https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ certifi/cacert.pem | 257 ++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 185 insertions(+), 72 deletions(-)
+
+diff --git a/certifi/cacert.pem b/certifi/cacert.pem
+index 6bae3e4..1bec256 100644
+--- a/certifi/cacert.pem
++++ b/certifi/cacert.pem
+@@ -879,34 +879,6 @@ uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
+ XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+ -----END CERTIFICATE-----
+
+-# Issuer: CN=Hongkong Post Root CA 1 O=Hongkong Post
+-# Subject: CN=Hongkong Post Root CA 1 O=Hongkong Post
+-# Label: "Hongkong Post Root CA 1"
+-# Serial: 1000
+-# MD5 Fingerprint: a8:0d:6f:39:78:b9:43:6d:77:42:6d:98:5a:cc:23:ca
+-# SHA1 Fingerprint: d6:da:a8:20:8d:09:d2:15:4d:24:b5:2f:cb:34:6e:b2:58:b2:8a:58
+-# SHA256 Fingerprint: f9:e6:7d:33:6c:51:00:2a:c0:54:c6:32:02:2d:66:dd:a2:e7:e3:ff:f1:0a:d0:61:ed:31:d8:bb:b4:10:cf:b2
+------BEGIN CERTIFICATE-----
+-MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+-FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+-Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
+-A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+-b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+-AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
+-jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
+-PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
+-ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
+-nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
+-q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
+-MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
+-mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
+-7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
+-oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
+-EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
+-fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
+-AmvZWg==
+------END CERTIFICATE-----
+-
+ # Issuer: CN=SecureSign RootCA11 O=Japan Certification Services, Inc.
+ # Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc.
+ # Label: "SecureSign RootCA11"
+@@ -1836,50 +1808,6 @@ HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx
+ SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+ -----END CERTIFICATE-----
+
+-# Issuer: CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi
+-# Subject: CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi
+-# Label: "E-Tugra Certification Authority"
+-# Serial: 7667447206703254355
+-# MD5 Fingerprint: b8:a1:03:63:b0:bd:21:71:70:8a:6f:13:3a:bb:79:49
+-# SHA1 Fingerprint: 51:c6:e7:08:49:06:6e:f3:92:d4:5c:a0:0d:6d:a3:62:8f:c3:52:39
+-# SHA256 Fingerprint: b0:bf:d5:2b:b0:d7:d9:bd:92:bf:5d:4d:c1:3d:a2:55:c0:2c:54:2f:37:83:65:ea:89:39:11:f5:5e:55:f2:3c
+------BEGIN CERTIFICATE-----
+-MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV
+-BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC
+-aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV
+-BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1
+-Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz
+-MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+
+-BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp
+-em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+-ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY
+-B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH
+-D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF
+-Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo
+-q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D
+-k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH
+-fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut
+-dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM
+-ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8
+-zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+-rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX
+-U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6
+-Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5
+-XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF
+-Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR
+-HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY
+-GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c
+-77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3
+-+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK
+-vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6
+-FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl
+-yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P
+-AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD
+-y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
+-NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
+------END CERTIFICATE-----
+-
+ # Issuer: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center
+ # Subject: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center
+ # Label: "T-TeleSec GlobalRoot Class 2"
+@@ -4179,3 +4107,188 @@ AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw
+ SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN
+ nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps
+ -----END CERTIFICATE-----
++
++# Issuer: CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited
++# Subject: CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited
++# Label: "Sectigo Public Server Authentication Root E46"
++# Serial: 88989738453351742415770396670917916916
++# MD5 Fingerprint: 28:23:f8:b2:98:5c:37:16:3b:3e:46:13:4e:b0:b3:01
++# SHA1 Fingerprint: ec:8a:39:6c:40:f0:2e:bc:42:75:d4:9f:ab:1c:1a:5b:67:be:d2:9a
++# SHA256 Fingerprint: c9:0f:26:f0:fb:1b:40:18:b2:22:27:51:9b:5c:a2:b5:3e:2c:a5:b3:be:5c:f1:8e:fe:1b:ef:47:38:0c:53:83
++-----BEGIN CERTIFICATE-----
++MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw
++CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T
++ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN
++MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG
++A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT
++ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA
++IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC
++WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+
++6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B
++Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa
++qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q
++4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw==
++-----END CERTIFICATE-----
++
++# Issuer: CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited
++# Subject: CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited
++# Label: "Sectigo Public Server Authentication Root R46"
++# Serial: 156256931880233212765902055439220583700
++# MD5 Fingerprint: 32:10:09:52:00:d5:7e:6c:43:df:15:c0:b1:16:93:e5
++# SHA1 Fingerprint: ad:98:f9:f3:e4:7d:75:3b:65:d4:82:b3:a4:52:17:bb:6e:f5:e4:38
++# SHA256 Fingerprint: 7b:b6:47:a6:2a:ee:ac:88:bf:25:7a:a5:22:d0:1f:fe:a3:95:e0:ab:45:c7:3f:93:f6:56:54:ec:38:f2:5a:06
++-----BEGIN CERTIFICATE-----
++MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf
++MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD
++Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw
++HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY
++MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp
++YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB
++AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa
++ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz
++SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf
++iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X
++ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3
++IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS
++VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE
++SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu
+++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt
++8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L
++HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt
++zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P
++AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c
++mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ
++YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52
++gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA
++Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB
++JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX
++DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui
++TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5
++dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65
++LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp
++0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY
++QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL
++-----END CERTIFICATE-----
++
++# Issuer: CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation
++# Subject: CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation
++# Label: "SSL.com TLS RSA Root CA 2022"
++# Serial: 148535279242832292258835760425842727825
++# MD5 Fingerprint: d8:4e:c6:59:30:d8:fe:a0:d6:7a:5a:2c:2c:69:78:da
++# SHA1 Fingerprint: ec:2c:83:40:72:af:26:95:10:ff:0e:f2:03:ee:31:70:f6:78:9d:ca
++# SHA256 Fingerprint: 8f:af:7d:2e:2c:b4:70:9b:b8:e0:b3:36:66:bf:75:a5:dd:45:b5:de:48:0f:8e:a8:d4:bf:e6:be:bc:17:f2:ed
++-----BEGIN CERTIFICATE-----
++MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO
++MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD
++DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX
++DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw
++b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC
++AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP
++L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY
++t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins
++S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3
++PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO
++L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3
++R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w
++dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS
+++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS
++d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG
++AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f
++gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j
++BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z
++NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
++hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM
++QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf
++R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ
++DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW
++P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy
++lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq
++bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w
++AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q
++r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji
++Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU
++98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
++-----END CERTIFICATE-----
++
++# Issuer: CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation
++# Subject: CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation
++# Label: "SSL.com TLS ECC Root CA 2022"
++# Serial: 26605119622390491762507526719404364228
++# MD5 Fingerprint: 99:d7:5c:f1:51:36:cc:e9:ce:d9:19:2e:77:71:56:c5
++# SHA1 Fingerprint: 9f:5f:d9:1a:54:6d:f5:0c:71:f0:ee:7a:bd:17:49:98:84:73:e2:39
++# SHA256 Fingerprint: c3:2f:fd:9f:46:f9:36:d1:6c:36:73:99:09:59:43:4b:9a:d6:0a:af:bb:9e:7c:f3:36:54:f1:44:cc:1b:a1:43
++-----BEGIN CERTIFICATE-----
++MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw
++CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT
++U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2
++MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh
++dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG
++ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm
++acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN
++SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
++GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW
++uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp
++15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN
++b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g==
++-----END CERTIFICATE-----
++
++# Issuer: CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos
++# Subject: CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos
++# Label: "Atos TrustedRoot Root CA ECC TLS 2021"
++# Serial: 81873346711060652204712539181482831616
++# MD5 Fingerprint: 16:9f:ad:f1:70:ad:79:d6:ed:29:b4:d1:c5:79:70:a8
++# SHA1 Fingerprint: 9e:bc:75:10:42:b3:02:f3:81:f4:f7:30:62:d4:8f:c3:a7:51:b2:dd
++# SHA256 Fingerprint: b2:fa:e5:3e:14:cc:d7:ab:92:12:06:47:01:ae:27:9c:1d:89:88:fa:cb:77:5f:a8:a0:08:91:4e:66:39:88:a8
++-----BEGIN CERTIFICATE-----
++MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w
++LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w
++CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0
++MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF
++Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI
++zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X
++tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4
++AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2
++KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD
++aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu
++CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo
++9H1/IISpQuQo
++-----END CERTIFICATE-----
++
++# Issuer: CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos
++# Subject: CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos
++# Label: "Atos TrustedRoot Root CA RSA TLS 2021"
++# Serial: 111436099570196163832749341232207667876
++# MD5 Fingerprint: d4:d3:46:b8:9a:c0:9c:76:5d:9e:3a:c3:b9:99:31:d2
++# SHA1 Fingerprint: 18:52:3b:0d:06:37:e4:d6:3a:df:23:e4:98:fb:5b:16:fb:86:74:48
++# SHA256 Fingerprint: 81:a9:08:8e:a5:9f:b3:64:c5:48:a6:f8:55:59:09:9b:6f:04:05:ef:bf:18:e5:32:4e:c9:f4:57:ba:00:11:2f
++-----BEGIN CERTIFICATE-----
++MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM
++MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx
++MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00
++MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD
++QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN
++BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z
++4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv
++Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ
++kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs
++GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln
++nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh
++3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD
++0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy
++geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8
++ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB
++c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI
++pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
++dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
++DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS
++4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs
++o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ
++qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw
++xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM
++rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4
++AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR
++0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY
++o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5
++dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE
++oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ==
++-----END CERTIFICATE-----
+--
+2.40.0
diff --git a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
index 57bd59ba44..eb1574adf6 100644
--- a/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
+++ b/meta/recipes-devtools/python/python3-certifi_2021.10.8.bb
@@ -7,7 +7,9 @@ HOMEPAGE = " http://certifi.io/"
 LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=67da0714c3f9471067b729eca6c9fbe8"
 
-SRC_URI += "file://CVE-2022-23491.patch"
+SRC_URI += "file://CVE-2022-23491.patch \
+            file://CVE-2023-37920.patch \
+           "
 
 SRC_URI[sha256sum] = "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"
 
-- 
2.34.1

[OE-core][kirkstone 02/16] qemu: fix CVE-2020-14394

[Steve Sakoman]

From: Yogita Urade <yogita.urade@windriver.com>

QEMU: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c

Reference:
https://gitlab.com/qemu-project/qemu/-/issues/646

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2020-14394.patch            | 79 +++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 96a1cc93a5..8182342f92 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -97,6 +97,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2023-3301.patch \
            file://CVE-2023-3255.patch \
            file://CVE-2023-2861.patch \
+	   file://CVE-2020-14394.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch
new file mode 100644
index 0000000000..aff91a7355
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-14394.patch
@@ -0,0 +1,79 @@
+From effaf5a240e03020f4ae953e10b764622c3e87cc Mon Sep 17 00:00:00 2001
+From: Thomas Huth <thuth@redhat.com>
+Date: Tue, 8 Aug 2023 10:44:51 +0000
+Subject: [PATCH] hw/usb/hcd-xhci: Fix unbounded loop in
+ xhci_ring_chain_length() (CVE-2020-14394)
+
+The loop condition in xhci_ring_chain_length() is under control of
+the guest, and additionally the code does not check for failed DMA
+transfers (e.g. if reaching the end of the RAM), so the loop there
+could run for a very long time or even forever. Fix it by checking
+the return value of dma_memory_read() and by introducing a maximum
+loop length.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646
+Message-Id: <20220804131300.96368-1-thuth@redhat.com>
+Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+
+CVE: CVE-2020-14394
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/effaf5a240e03020f4ae953e10b764622c3e87cc]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ hw/usb/hcd-xhci.c | 23 +++++++++++++++++++----
+ 1 file changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
+index 14bdb8967..c63a36dcc 100644
+--- a/hw/usb/hcd-xhci.c
++++ b/hw/usb/hcd-xhci.c
+@@ -21,6 +21,7 @@
+
+ #include "qemu/osdep.h"
+ #include "qemu/timer.h"
++#include "qemu/log.h"
+ #include "qemu/module.h"
+ #include "qemu/queue.h"
+ #include "migration/vmstate.h"
+@@ -725,10 +726,14 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
+     bool control_td_set = 0;
+     uint32_t link_cnt = 0;
+
+-    while (1) {
++    do {
+         TRBType type;
+-        dma_memory_read(xhci->as, dequeue, &trb, TRB_SIZE,
+-                        MEMTXATTRS_UNSPECIFIED);
++	if (dma_memory_read(xhci->as, dequeue, &trb, TRB_SIZE,
++                        MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) {
++            qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n",
++                          __func__);
++            return -1;
++	}
+         le64_to_cpus(&trb.parameter);
+         le32_to_cpus(&trb.status);
+         le32_to_cpus(&trb.control);
+@@ -762,7 +767,17 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
+         if (!control_td_set && !(trb.control & TRB_TR_CH)) {
+             return length;
+         }
+-    }
++
++	/*
++	 * According to the xHCI spec, Transfer Ring segments should have
++	 * a maximum size of 64 kB (see chapter "6 Data Structures")
++	 */
++    } while (length < TRB_LINK_LIMIT * 65536 / TRB_SIZE);
++
++    qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum tranfer ring size!\n",
++                          __func__);
++
++    return -1;
+ }
+
+ static void xhci_er_reset(XHCIState *xhci, int v)
+--
+2.35.5
-- 
2.34.1

[OE-core][kirkstone 03/16] qemu: fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service

[Steve Sakoman]

From: Vivek Kumbhar <vkumbhar@mvista.com>

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2023-3354.patch             | 87 +++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 8182342f92..3347a99e19 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -98,6 +98,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2023-3255.patch \
            file://CVE-2023-2861.patch \
 	   file://CVE-2020-14394.patch \
+	   file://CVE-2023-3354.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
new file mode 100644
index 0000000000..250716fcfc
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch
@@ -0,0 +1,87 @@
+From 10be627d2b5ec2d6b3dce045144aa739eef678b4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 20 Jun 2023 09:45:34 +0100
+Subject: [PATCH] io: remove io watch if TLS channel is closed during handshake
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The TLS handshake make take some time to complete, during which time an
+I/O watch might be registered with the main loop. If the owner of the
+I/O channel invokes qio_channel_close() while the handshake is waiting
+to continue the I/O watch must be removed. Failing to remove it will
+later trigger the completion callback which the owner is not expecting
+to receive. In the case of the VNC server, this results in a SEGV as
+vnc_disconnect_start() tries to shutdown a client connection that is
+already gone / NULL.
+
+CVE-2023-3354
+Reported-by: jiangyegen <jiangyegen@huawei.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4]
+CVE: CVE-2023-3354
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ include/io/channel-tls.h |  1 +
+ io/channel-tls.c         | 18 ++++++++++++------
+ 2 files changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/include/io/channel-tls.h b/include/io/channel-tls.h
+index 5672479e9..26c67f17e 100644
+--- a/include/io/channel-tls.h
++++ b/include/io/channel-tls.h
+@@ -48,6 +48,7 @@ struct QIOChannelTLS {
+     QIOChannel *master;
+     QCryptoTLSSession *session;
+     QIOChannelShutdown shutdown;
++    guint hs_ioc_tag;
+ };
+ 
+ /**
+diff --git a/io/channel-tls.c b/io/channel-tls.c
+index 2ae1b92fc..34476e6b7 100644
+--- a/io/channel-tls.c
++++ b/io/channel-tls.c
+@@ -195,12 +195,13 @@ static void qio_channel_tls_handshake_task(QIOChannelTLS *ioc,
+         }
+ 
+         trace_qio_channel_tls_handshake_pending(ioc, status);
+-        qio_channel_add_watch_full(ioc->master,
+-                                   condition,
+-                                   qio_channel_tls_handshake_io,
+-                                   data,
+-                                   NULL,
+-                                   context);
++        ioc->hs_ioc_tag =
++            qio_channel_add_watch_full(ioc->master,
++                                       condition,
++                                       qio_channel_tls_handshake_io,
++                                       data,
++                                       NULL,
++                                       context);
+     }
+ }
+ 
+@@ -215,6 +216,7 @@ static gboolean qio_channel_tls_handshake_io(QIOChannel *ioc,
+     QIOChannelTLS *tioc = QIO_CHANNEL_TLS(
+         qio_task_get_source(task));
+ 
++    tioc->hs_ioc_tag = 0;
+     g_free(data);
+     qio_channel_tls_handshake_task(tioc, task, context);
+ 
+@@ -373,6 +375,10 @@ static int qio_channel_tls_close(QIOChannel *ioc,
+ {
+     QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
+ 
++    if (tioc->hs_ioc_tag) {
++        g_clear_handle_id(&tioc->hs_ioc_tag, g_source_remove);
++    }
++
+     return qio_channel_close(tioc->master, errp);
+ }
+ 
+-- 
+2.25.1
+
-- 
2.34.1

[OE-core][kirkstone 04/16] ghostscript: fix CVE-2023-38559

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559

Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2023-38559.patch          | 32 +++++++++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
new file mode 100644
index 0000000000..2b2b85fa27
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch
@@ -0,0 +1,32 @@
+From 34b0eec257c3a597e0515946f17fb973a33a7b5b Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Mon, 17 Jul 2023 14:06:37 +0100
+Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
+ devices/gdevpcx.c
+
+Bounds check the buffer, before dereferencing the pointer.
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f]
+
+CVE: CVE-2023-38559
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gdevdevn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/base/gdevdevn.c b/base/gdevdevn.c
+index f679127..66c771b 100644
+--- a/base/gdevdevn.c
++++ b/base/gdevdevn.c
+@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
+         byte data = *from;
+
+         from += step;
+-        if (data != *from || from == end) {
++        if (from >= end || data != *from) {
+             if (data >= 0xc0)
+                 gp_fputc(0xc1, file);
+         } else {
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 48508fd6a2..ad0b008cab 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -37,6 +37,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://cve-2023-28879.patch \
                 file://CVE-2023-36664-0001.patch \
                 file://CVE-2023-36664-0002.patch \
+                file://CVE-2023-38559.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \
-- 
2.34.1

[OE-core][kirkstone 05/16] procps: patch CVE-2023-4016

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Backport patch from upstream master.

There were three changes needed to apply the patch:
* move NEWS change to start of the file
* change file location from src/ps/ to ps/
* change xmalloc/xcmalloc to malloc/cmalloc

The x*malloc functions were introduced in commit in future version.
https://gitlab.com/procps-ng/procps/-/commit/584028dbe513127ef68c55aa631480454bcc26bf
They call the original function plus additionally throw error when out of memory.
https://gitlab.com/procps-ng/procps/-/blob/v4.0.3/local/xalloc.h?ref_type=tags
So this replacement is correct in context of our version.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../procps/procps/CVE-2023-4016.patch         | 85 +++++++++++++++++++
 meta/recipes-extended/procps/procps_3.3.17.bb |  1 +
 2 files changed, 86 insertions(+)
 create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch

diff --git a/meta/recipes-extended/procps/procps/CVE-2023-4016.patch b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch
new file mode 100644
index 0000000000..c530b1cfea
--- /dev/null
+++ b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch
@@ -0,0 +1,85 @@
+From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001
+From: Craig Small <csmall@dropbear.xyz>
+Date: Thu, 10 Aug 2023 21:18:38 +1000
+Subject: [PATCH] ps: Fix possible buffer overflow in -C option
+
+ps allocates memory using malloc(length of arg * len of struct).
+In certain strange circumstances, the arg length could be very large
+and the multiplecation will overflow, allocating a small amount of
+memory.
+
+Subsequent strncpy() will then write into unallocated memory.
+The fix is to use calloc. It's slower but this is a one-time
+allocation. Other malloc(x * y) calls have also been replaced
+by calloc(x, y)
+
+References:
+ https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016
+ https://nvd.nist.gov/vuln/detail/CVE-2023-4016
+ https://gitlab.com/procps-ng/procps/-/issues/297
+ https://bugs.debian.org/1042887
+
+Signed-off-by: Craig Small <csmall@dropbear.xyz>
+
+CVE: CVE-2023-4016
+Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+---
+ NEWS        | 1 +
+ ps/parser.c | 8 ++++----
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index b9509734..64fa3da8 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,5 @@
++  * ps: Fix buffer overflow in -C option CVE-2023-4016     Debian #1042887, issue #297
++
+ procps-ng-3.3.17
+ ---------------
+   * library: Incremented to 8:3:0
+diff --git a/ps/parser.c b/ps/parser.c
+index 248aa741..15873dfa 100644
+--- a/ps/parser.c
++++ b/ps/parser.c
+@@ -184,7 +184,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
+   const char *err;       /* error code that could or did happen */
+   /*** prepare to operate ***/
+   node = malloc(sizeof(selection_node));
+-  node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
+   node->n = 0;
+   buf = strdup(arg);
+   /*** sanity check and count items ***/
+@@ -205,6 +204,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
+   } while (*++walk);
+   if(need_item) goto parse_error;
+   node->n = items;
++  node->u = calloc(items, sizeof(sel_union));
+   /*** actually parse the list ***/
+   walk = buf;
+   while(items--){
+@@ -1031,15 +1031,15 @@ static const char *parse_trailing_pids(void){
+   thisarg = ps_argc - 1;   /* we must be at the end now */
+ 
+   pidnode = malloc(sizeof(selection_node));
+-  pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  pidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */
+   pidnode->n = 0;
+ 
+   grpnode = malloc(sizeof(selection_node));
+-  grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  grpnode->u = calloc(i,sizeof(sel_union)); /* waste is insignificant */
+   grpnode->n = 0;
+ 
+   sidnode = malloc(sizeof(selection_node));
+-  sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  sidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */
+   sidnode->n = 0;
+ 
+   while(i--){
+-- 
+GitLab
+
diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb
index 0f5575c9ab..897f28f187 100644
--- a/meta/recipes-extended/procps/procps_3.3.17.bb
+++ b/meta/recipes-extended/procps/procps_3.3.17.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \
            file://sysctl.conf \
            file://0001-w.c-correct-musl-builds.patch \
            file://0002-proc-escape.c-add-missing-include.patch \
+           file://CVE-2023-4016.patch \
            "
 SRCREV = "19a508ea121c0c4ac6d0224575a036de745eaaf8"
 
-- 
2.34.1

[OE-core][kirkstone 06/16] qemu: fix CVE-2023-3180

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

A flaw was found in the QEMU virtual crypto device while handling data
encryption/decryption requests in virtio_crypto_handle_sym_req.
There is no check for the value of `src_len` and `dst_len` in
virtio_crypto_sym_op_helper, potentially leading to a heap buffer
overflow when the two values differ.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3180

Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2023-3180.patch             | 50 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 3347a99e19..d77c376bb6 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -99,6 +99,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2023-2861.patch \
 	   file://CVE-2020-14394.patch \
 	   file://CVE-2023-3354.patch \
+	   file://CVE-2023-3180.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
new file mode 100644
index 0000000000..30080924c8
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch
@@ -0,0 +1,50 @@
+From 49f1e02bac166821c712534aaa775f50e1afe17f Mon Sep 17 00:00:00 2001
+From: zhenwei pi <pizhenwei@bytedance.com>
+Date: Thu, 3 Aug 2023 10:43:13 +0800
+Subject: [PATCH] virtio-crypto: verify src&dst buffer length for sym request
+
+For symmetric algorithms, the length of ciphertext must be as same
+as the plaintext.
+The missing verification of the src_len and the dst_len in
+virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
+
+This patch is originally written by Yiming Tao for QEMU-SECURITY,
+resend it(a few changes of error message) in qemu-devel.
+
+Fixes: CVE-2023-3180
+Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler")
+Cc: Gonglei <arei.gonglei@huawei.com>
+Cc: Mauro Matteo Cascella <mcascell@redhat.com>
+Cc: Yiming Tao <taoym@zju.edu.cn>
+Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
+Message-Id: <20230803024314.29962-2-pizhenwei@bytedance.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry picked from commit 9d38a8434721a6479fe03fb5afb150ca793d3980)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f]
+CVE: CVE-2023-3180
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ hw/virtio/virtio-crypto.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index a1d122b9aa..ccaa704530 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -635,6 +635,11 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
+         return NULL;
+     }
+
++    if (unlikely(src_len != dst_len)) {
++        virtio_error(vdev, "sym request src len is different from dst len");
++        return NULL;
++    }
++
+     max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
+     if (unlikely(max_len > vcrypto->conf.max_size)) {
+         virtio_error(vdev, "virtio-crypto too big length");
+--
+2.40.0
-- 
2.34.1

[OE-core][kirkstone 07/16] curl: Backport fix CVE-2023-32001

[Steve Sakoman]

From: Ashish Sharma <asharma@mvista.com>

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2023-32001.patch            | 39 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
new file mode 100644
index 0000000000..7ea3073755
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
@@ -0,0 +1,39 @@
+From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
+From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
+Date: Mon, 10 Jul 2023 21:43:28 +0200
+Subject: [PATCH] fopen: optimize
+
+Closes #11419
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
+CVE: CVE-2023-32001
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+
+ lib/fopen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index c9c9e3d6e73a2..b6e3cadddef65 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   int fd = -1;
+   *tempname = NULL;
+ 
+-  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
+-    /* a non-regular file, fallback to direct fopen() */
+-    *fh = fopen(filename, FOPEN_WRITETEXT);
+-    if(*fh)
+-      return CURLE_OK;
++  *fh = fopen(filename, FOPEN_WRITETEXT);
++  if(!*fh)
+     goto fail;
+-  }
++  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
++    return CURLE_OK;
++  fclose(*fh);
++  *fh = NULL;
+ 
+   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+   if(result)
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 7f18ef7ee6..af52ecad13 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -51,6 +51,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2023-28321.patch \
            file://CVE-2023-28322-1.patch \
            file://CVE-2023-28322-2.patch \
+           file://CVE-2023-32001.patch \
            "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.34.1

[OE-core][kirkstone 08/16] dmidecode: fixup for CVE-2023-30630

[Steve Sakoman]

From: Adrian Freihofer <adrian.freihofer@gmail.com>

The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags & FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dmidecode/CVE-2023-30630_1a.patch         | 236 ++++++++++++++++++
 ...-30630_1.patch => CVE-2023-30630_1b.patch} | 126 ++++------
 .../dmidecode/CVE-2023-30630_2.patch          |  11 +-
 .../dmidecode/CVE-2023-30630_3.patch          |  60 ++---
 .../dmidecode/CVE-2023-30630_4.patch          | 149 +++++------
 .../dmidecode/dmidecode_3.3.bb                |   3 +-
 6 files changed, 394 insertions(+), 191 deletions(-)
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
 rename meta/recipes-devtools/dmidecode/dmidecode/{CVE-2023-30630_1.patch => CVE-2023-30630_1b.patch} (63%)

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
new file mode 100644
index 0000000000..bf93fbc13c
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
@@ -0,0 +1,236 @@
+From ee6db10dd70b8fdc7a93cffd7cf5bc7a28f9d3d7 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Feb 2023 14:53:21 +0100
+Subject: [PATCH 1/5] dmidecode: Split table fetching from decoding
+
+Clean up function dmi_table so that it does only one thing:
+* dmi_table() is renamed to dmi_table_get(). It now retrieves the
+  DMI table, but does not process it any longer.
+* Decoding or dumping the table is now done in smbios3_decode(),
+  smbios_decode() and legacy_decode().
+No functional change.
+
+A side effect of this change is that writing the header and body of
+dump files is now done in a single location. This is required to
+further consolidate the writing of dump files.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=39b2dd7b6ab719b920e96ed832cfb4bdd664e808]
+
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ dmidecode.c | 86 ++++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 62 insertions(+), 24 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index cd2b5c9..b082c03 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5247,8 +5247,9 @@ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+ 	}
+ }
+ 
+-static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+-		      u32 flags)
++/* Allocates a buffer for the table, must be freed by the caller */
++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver,
++			 const char *devmem, u32 flags)
+ {
+ 	u8 *buf;
+ 
+@@ -5267,7 +5268,7 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ 		{
+ 			if (num)
+ 				pr_info("%u structures occupying %u bytes.",
+-					num, len);
++					num, *len);
+ 			if (!(opt.flags & FLAG_FROM_DUMP))
+ 				pr_info("Table at 0x%08llX.",
+ 					(unsigned long long)base);
+@@ -5285,19 +5286,19 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ 		 * would be the result of the kernel truncating the table on
+ 		 * parse error.
+ 		 */
+-		size_t size = len;
++		size_t size = *len;
+ 		buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base,
+ 			&size, devmem);
+-		if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len)
++		if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len)
+ 		{
+ 			fprintf(stderr, "Wrong DMI structures length: %u bytes "
+ 				"announced, only %lu bytes available.\n",
+-				len, (unsigned long)size);
++				*len, (unsigned long)size);
+ 		}
+-		len = size;
++		*len = size;
+ 	}
+ 	else
+-		buf = mem_chunk(base, len, devmem);
++		buf = mem_chunk(base, *len, devmem);
+ 
+ 	if (buf == NULL)
+ 	{
+@@ -5307,15 +5308,9 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ 			fprintf(stderr,
+ 				"Try compiling dmidecode with -DUSE_MMAP.\n");
+ #endif
+-		return;
+ 	}
+ 
+-	if (opt.flags & FLAG_DUMP_BIN)
+-		dmi_table_dump(buf, len);
+-	else
+-		dmi_table_decode(buf, len, num, ver >> 8, flags);
+-
+-	free(buf);
++	return buf;
+ }
+ 
+ 
+@@ -5350,8 +5345,9 @@ static void overwrite_smbios3_address(u8 *buf)
+ 
+ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+-	u32 ver;
++	u32 ver, len;
+ 	u64 offset;
++	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
+ 	if (buf[0x06] > 0x20)
+@@ -5377,8 +5373,12 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 		return 0;
+ 	}
+ 
+-	dmi_table(((off_t)offset.h << 32) | offset.l,
+-		  DWORD(buf + 0x0C), 0, ver, devmem, flags | FLAG_STOP_AT_EOT);
++	/* Maximum length, may get trimmed */
++	len = DWORD(buf + 0x0C);
++	table = dmi_table_get(((off_t)offset.h << 32) | offset.l, &len, 0, ver,
++			      devmem, flags | FLAG_STOP_AT_EOT);
++	if (table == NULL)
++		return 1;
+ 
+ 	if (opt.flags & FLAG_DUMP_BIN)
+ 	{
+@@ -5387,18 +5387,28 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_smbios3_address(crafted);
+ 
++		dmi_table_dump(table, len);
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_comment("Writing %d bytes to %s.", crafted[0x06],
+ 				   opt.dumpfile);
+ 		write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+ 	}
++	else
++	{
++		dmi_table_decode(table, len, 0, ver >> 8,
++				 flags | FLAG_STOP_AT_EOT);
++	}
++
++	free(table);
+ 
+ 	return 1;
+ }
+ 
+ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+-	u16 ver;
++	u16 ver, num;
++	u32 len;
++	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
+ 	if (buf[0x05] > 0x20)
+@@ -5438,8 +5448,13 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ 		pr_info("SMBIOS %u.%u present.",
+ 			ver >> 8, ver & 0xFF);
+ 
+-	dmi_table(DWORD(buf + 0x18), WORD(buf + 0x16), WORD(buf + 0x1C),
+-		ver << 8, devmem, flags);
++	/* Maximum length, may get trimmed */
++	len = WORD(buf + 0x16);
++	num = WORD(buf + 0x1C);
++	table = dmi_table_get(DWORD(buf + 0x18), &len, num, ver << 8,
++			      devmem, flags);
++	if (table == NULL)
++		return 1;
+ 
+ 	if (opt.flags & FLAG_DUMP_BIN)
+ 	{
+@@ -5448,27 +5463,43 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_dmi_address(crafted + 0x10);
+ 
++		dmi_table_dump(table, len);
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_comment("Writing %d bytes to %s.", crafted[0x05],
+ 				   opt.dumpfile);
+ 		write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ 	}
++	else
++	{
++		dmi_table_decode(table, len, num, ver, flags);
++	}
++
++	free(table);
+ 
+ 	return 1;
+ }
+ 
+ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ {
++	u16 ver, num;
++	u32 len;
++	u8 *table;
++
+ 	if (!checksum(buf, 0x0F))
+ 		return 0;
+ 
++	ver = ((buf[0x0E] & 0xF0) << 4) + (buf[0x0E] & 0x0F);
+ 	if (!(opt.flags & FLAG_QUIET))
+ 		pr_info("Legacy DMI %u.%u present.",
+ 			buf[0x0E] >> 4, buf[0x0E] & 0x0F);
+ 
+-	dmi_table(DWORD(buf + 0x08), WORD(buf + 0x06), WORD(buf + 0x0C),
+-		((buf[0x0E] & 0xF0) << 12) + ((buf[0x0E] & 0x0F) << 8),
+-		devmem, flags);
++	/* Maximum length, may get trimmed */
++	len = WORD(buf + 0x06);
++	num = WORD(buf + 0x0C);
++	table = dmi_table_get(DWORD(buf + 0x08), &len, num, ver << 8,
++			      devmem, flags);
++	if (table == NULL)
++		return 1;
+ 
+ 	if (opt.flags & FLAG_DUMP_BIN)
+ 	{
+@@ -5477,11 +5508,18 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 16);
+ 		overwrite_dmi_address(crafted);
+ 
++		dmi_table_dump(table, len);
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_comment("Writing %d bytes to %s.", 0x0F,
+ 				   opt.dumpfile);
+ 		write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+ 	}
++	else
++	{
++		dmi_table_decode(table, len, num, ver, flags);
++	}
++
++	free(table);
+ 
+ 	return 1;
+ }
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
similarity index 63%
rename from meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
rename to meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
index 53480d6299..e03bda05e4 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
@@ -1,7 +1,7 @@
-From  d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001
+From d362549bce92ac22860cda8cad4532c1a3fe6928 Mon Sep 17 00:00:00 2001
 From: Jean Delvare <jdelvare@suse.de>
-Date: Tue, 27 Jun 2023 09:40:23 +0000
-Subject: [PATCH] dmidecode: Write the whole dump file at once
+Date: Mon, 20 Feb 2023 14:53:25 +0100
+Subject: [PATCH 2/5] dmidecode: Write the whole dump file at once
 
 When option --dump-bin is used, write the whole dump file at once,
 instead of opening and closing the file separately for the table
@@ -19,25 +19,23 @@ Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
 
 CVE: CVE-2023-30630
 
-Reference: https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
 
-Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
-
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
 ---
- dmidecode.c | 79 +++++++++++++++++++++++++++++++++++++++--------------
- util.c      | 40 ---------------------------
+ dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c      | 40 -------------------------------
  util.h      |  1 -
- 3 files changed, 58 insertions(+), 62 deletions(-)
+ 3 files changed, 51 insertions(+), 59 deletions(-)
 
 diff --git a/dmidecode.c b/dmidecode.c
-index 9aeff91..5477309 100644
+index b082c03..a80a140 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
-@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
-	}
+@@ -5130,11 +5130,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ 	}
  }
-
+ 
 -static void dmi_table_dump(const u8 *buf, u32 len)
 +static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
 +			  u32 table_len)
@@ -68,7 +66,7 @@ index 9aeff91..5477309 100644
 +		goto err_close;
 +	}
 +
-	if (!(opt.flags & FLAG_QUIET))
+ 	if (!(opt.flags & FLAG_QUIET))
 -		pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
 -	write_dump(32, len, buf, opt.dumpfile, 0);
 +		pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
@@ -92,94 +90,55 @@ index 9aeff91..5477309 100644
 +	fclose(f);
 +	return -1;
  }
-
+ 
  static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
-@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
-		return;
-	}
-
--	if (opt.flags & FLAG_DUMP_BIN)
--		dmi_table_dump(buf, len);
--	else
--		dmi_table_decode(buf, len, num, ver >> 8, flags);
--
-	free(buf);
- }
-
-@@ -5688,8 +5728,9 @@ static void overwrite_smbios3_address(u8 *buf)
-
- static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
- {
--	u32 ver;
-+	u32 ver, len;
-	u64 offset;
-+	u8 *table;
-
-	/* Don't let checksum run beyond the buffer */
-	if (buf[0x06] > 0x20)
-@@ -5725,10 +5766,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
-		memcpy(crafted, buf, 32);
-		overwrite_smbios3_address(crafted);
-
+@@ -5387,11 +5432,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_smbios3_address(crafted);
+ 
+-		dmi_table_dump(table, len);
 -		if (!(opt.flags & FLAG_QUIET))
 -			pr_comment("Writing %d bytes to %s.", crafted[0x06],
 -				   opt.dumpfile);
 -		write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
 +		dmi_table_dump(crafted, crafted[0x06], table, len);
-	}
-
-	return 1;
-@@ -5737,6 +5775,8 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
- static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
- {
-	u16 ver;
-+	u32 len;
-+        u8 *table;
-
-	/* Don't let checksum run beyond the buffer */
-	if (buf[0x05] > 0x20)
-@@ -5786,10 +5826,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
-		memcpy(crafted, buf, 32);
-		overwrite_dmi_address(crafted + 0x10);
-
+ 	}
+ 	else
+ 	{
+@@ -5463,11 +5504,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_dmi_address(crafted + 0x10);
+ 
+-		dmi_table_dump(table, len);
 -		if (!(opt.flags & FLAG_QUIET))
 -			pr_comment("Writing %d bytes to %s.", crafted[0x05],
 -				   opt.dumpfile);
 -		write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
 +		dmi_table_dump(crafted, crafted[0x05], table, len);
-	}
-
-	return 1;
-@@ -5797,6 +5834,9 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
-
- static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
- {
-+	u32 len;
-+	u8 *table;
-+
-	if (!checksum(buf, 0x0F))
-		return 0;
-
-@@ -5815,10 +5855,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
-		memcpy(crafted, buf, 16);
-		overwrite_dmi_address(crafted);
-
+ 	}
+ 	else
+ 	{
+@@ -5508,11 +5545,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 16);
+ 		overwrite_dmi_address(crafted);
+ 
+-		dmi_table_dump(table, len);
 -		if (!(opt.flags & FLAG_QUIET))
 -			pr_comment("Writing %d bytes to %s.", 0x0F,
 -				   opt.dumpfile);
 -		write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
 +		dmi_table_dump(crafted, 0x0F, table, len);
-	}
-
-	return 1;
+ 	}
+ 	else
+ 	{
 diff --git a/util.c b/util.c
 index 04aaadd..1547096 100644
 --- a/util.c
 +++ b/util.c
 @@ -259,46 +259,6 @@ out:
-	return p;
+ 	return p;
  }
-
+ 
 -int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
 -{
 -	FILE *f;
@@ -233,5 +192,6 @@ index 3094cf8..ef24eb9 100644
  void *mem_chunk(off_t base, size_t len, const char *devmem);
 -int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
  u64 u64_range(u64 start, u64 end);
---
-2.35.5
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
index 9f53a205ac..37167a9c4f 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
@@ -1,7 +1,8 @@
-From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
+From 2d26f187c734635d072d24ea401255b84f03f4c4 Mon Sep 17 00:00:00 2001
 From: Jean Delvare <jdelvare@suse.de>
 Date: Tue, 27 Jun 2023 10:03:53 +0000
-Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
+Subject: [PATCH 3/5] dmidecode: Do not let --dump-bin overwrite an existing
+ file
 
 Make sure that the file passed to option --dump-bin does not already
 exist. In practice, it is rather unlikely that an honest user would
@@ -17,14 +18,13 @@ Upstream-Status: Backport
 [https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
 
 Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
-
 ---
  dmidecode.c     | 14 ++++++++++++--
  man/dmidecode.8 |  3 ++-
  2 files changed, 14 insertions(+), 3 deletions(-)
 
 diff --git a/dmidecode.c b/dmidecode.c
-index ae461de..6446040 100644
+index a80a140..32a77cc 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
 @@ -60,6 +60,7 @@
@@ -78,3 +78,6 @@ index 64dc7e7..d5b7f01 100644
  .TP
  .BR "  " "  " "--from-dump FILE"
  Read the DMI data from a binary file previously generated using 
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
index 01d0d1f867..181092a3fd 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
@@ -1,7 +1,8 @@
-From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001
+From ac881f801b92b57fd8daac65fb16fff6d84fd366 Mon Sep 17 00:00:00 2001
 From: Jean Delvare <jdelvare@suse.de>
 Date: Tue, 27 Jun 2023 10:25:50 +0000
-Subject: [PATCH] Consistently use read_file() when reading from a dump file
+Subject: [PATCH 4/5] Consistently use read_file() when reading from a dump
+ file
 
 Use read_file() instead of mem_chunk() to read the entry point from a
 dump file. This is faster, and consistent with how we then read the
@@ -27,26 +28,26 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
  1 file changed, 9 insertions(+), 2 deletions(-)
 
 diff --git a/dmidecode.c b/dmidecode.c
-index 98f9692..b4dbc9d 100644
+index 32a77cc..9a691e0 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
-@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
-		pr_comment("dmidecode %s", VERSION);
-
-	/* Read from dump if so instructed */
+@@ -5693,17 +5693,25 @@ int main(int argc, char * const argv[])
+ 		pr_comment("dmidecode %s", VERSION);
+ 
+ 	/* Read from dump if so instructed */
 +        size = 0x20;
-	if (opt.flags & FLAG_FROM_DUMP)
-	{
-		if (!(opt.flags & FLAG_QUIET))
-			pr_info("Reading SMBIOS/DMI data from file %s.",
-				opt.dumpfile);
+ 	if (opt.flags & FLAG_FROM_DUMP)
+ 	{
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_info("Reading SMBIOS/DMI data from file %s.",
+ 				opt.dumpfile);
 -		if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
 +                if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
-		{
-			ret = 1;
-			goto exit_free;
-		}
-
+ 		{
+ 			ret = 1;
+ 			goto exit_free;
+ 		}
+ 
 +                /* Truncated entry point can't be processed */
 +                if (size < 0x20)
 +                {
@@ -54,16 +55,17 @@ index 98f9692..b4dbc9d 100644
 +                        goto done;
 +                }
 +
-		if (memcmp(buf, "_SM3_", 5) == 0)
-		{
-			if (smbios3_decode(buf, opt.dumpfile, 0))
-@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
-	 * contain one of several types of entry points, so read enough for
-	 * the largest one, then determine what type it contains.
-	 */
+ 		if (memcmp(buf, "_SM3_", 5) == 0)
+ 		{
+ 			if (smbios3_decode(buf, opt.dumpfile, 0))
+@@ -5727,7 +5735,6 @@ int main(int argc, char * const argv[])
+ 	 * contain one of several types of entry points, so read enough for
+ 	 * the largest one, then determine what type it contains.
+ 	 */
 -	size = 0x20;
-	if (!(opt.flags & FLAG_NO_SYSFS)
-	 && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
-	{
---
-2.40.0
+ 	if (!(opt.flags & FLAG_NO_SYSFS)
+ 	 && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
+ 	{
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
index 5fa72b4f9b..b7d7f4ff96 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -1,7 +1,7 @@
-From 2b83c4b898f8325313162f588765411e8e3e5561 Mon Sep 17 00:00:00 2001
+From 2fb126eef436389a2dc48d4225b4a9888b0625a8 Mon Sep 17 00:00:00 2001
 From: Jean Delvare <jdelvare@suse.de>
 Date: Tue, 27 Jun 2023 10:58:11 +0000
-Subject: [PATCH] Don't read beyond sysfs entry point buffer
+Subject: [PATCH 5/5] Don't read beyond sysfs entry point buffer
 
 Functions smbios_decode() and smbios3_decode() include a check
 against buffer overrun. This check assumes that the buffer length is
@@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
  1 file changed, 12 insertions(+), 12 deletions(-)
 
 diff --git a/dmidecode.c b/dmidecode.c
-index b4dbc9d..870d94e 100644
+index 9a691e0..e725801 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
-@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
-	buf[0x17] = 0;
+@@ -5398,14 +5398,14 @@ static void overwrite_smbios3_address(u8 *buf)
+ 	buf[0x17] = 0;
  }
-
+ 
 -static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
 +static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
  {
-	u32 ver, len;
-	u64 offset;
-	u8 *table;
-
-	/* Don't let checksum run beyond the buffer */
+ 	u32 ver, len;
+ 	u64 offset;
+ 	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
 -	if (buf[0x06] > 0x20)
 +        if (buf[0x06] > buf_len)
-	{
-		fprintf(stderr,
-			"Entry point length too large (%u bytes, expected %u).\n",
-@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
-	return 1;
+ 	{
+ 		fprintf(stderr,
+ 			"Entry point length too large (%u bytes, expected %u).\n",
+@@ -5455,14 +5455,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 	return 1;
  }
-
+ 
 -static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
 +static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
  {
-	u16 ver;
-	u32 len;
-         u8 *table;
-
-	/* Don't let checksum run beyond the buffer */
+ 	u16 ver, num;
+ 	u32 len;
+ 	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
 -	if (buf[0x05] > 0x20)
 +        if (buf[0x05] > buf_len)
-	{
-		fprintf(stderr,
-			"Entry point length too large (%u bytes, expected %u).\n",
-@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
-
-		if (memcmp(buf, "_SM3_", 5) == 0)
-		{
+ 	{
+ 		fprintf(stderr,
+ 			"Entry point length too large (%u bytes, expected %u).\n",
+@@ -5714,12 +5714,12 @@ int main(int argc, char * const argv[])
+ 
+ 		if (memcmp(buf, "_SM3_", 5) == 0)
+ 		{
 -			if (smbios3_decode(buf, opt.dumpfile, 0))
 +                        if (smbios3_decode(buf, size, opt.dumpfile, 0))
-				found++;
-		}
-		else if (memcmp(buf, "_SM_", 4) == 0)
-		{
+ 				found++;
+ 		}
+ 		else if (memcmp(buf, "_SM_", 4) == 0)
+ 		{
 -			if (smbios_decode(buf, opt.dumpfile, 0))
 +                        if (smbios_decode(buf, size, opt.dumpfile, 0))
-				found++;
-		}
-		else if (memcmp(buf, "_DMI_", 5) == 0)
-@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
-			pr_info("Getting SMBIOS data from sysfs.");
-		if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
-		{
+ 				found++;
+ 		}
+ 		else if (memcmp(buf, "_DMI_", 5) == 0)
+@@ -5742,12 +5742,12 @@ int main(int argc, char * const argv[])
+ 			pr_info("Getting SMBIOS data from sysfs.");
+ 		if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+ 		{
 -			if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
 +                        if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
-				found++;
-		}
-		else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
-		{
+ 				found++;
+ 		}
+ 		else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+ 		{
 -			if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
 +                        if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
-				found++;
-		}
-		else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
-@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
-
-	if (memcmp(buf, "_SM3_", 5) == 0)
-	{
+ 				found++;
+ 		}
+ 		else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+@@ -5784,12 +5784,12 @@ int main(int argc, char * const argv[])
+ 
+ 	if (memcmp(buf, "_SM3_", 5) == 0)
+ 	{
 -		if (smbios3_decode(buf, opt.devmem, 0))
 +                if (smbios3_decode(buf, 0x20, opt.devmem, 0))
-			found++;
-	}
-	else if (memcmp(buf, "_SM_", 4) == 0)
-	{
+ 			found++;
+ 	}
+ 	else if (memcmp(buf, "_SM_", 4) == 0)
+ 	{
 -		if (smbios_decode(buf, opt.devmem, 0))
 +                if (smbios_decode(buf, 0x20, opt.devmem, 0))
-			found++;
-	}
-	goto done;
-@@ -6114,7 +6114,7 @@ memory_scan:
-	{
-		if (memcmp(buf + fp, "_SM3_", 5) == 0)
-		{
+ 			found++;
+ 	}
+ 	goto done;
+@@ -5810,7 +5810,7 @@ memory_scan:
+ 	{
+ 		if (memcmp(buf + fp, "_SM3_", 5) == 0)
+ 		{
 -			if (smbios3_decode(buf + fp, opt.devmem, 0))
 +                        if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
-			{
-				found++;
-				goto done;
-@@ -6127,7 +6127,7 @@ memory_scan:
-	{
-		if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
-		{
+ 			{
+ 				found++;
+ 				goto done;
+@@ -5823,7 +5823,7 @@ memory_scan:
+ 	{
+ 		if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
+ 		{
 -			if (smbios_decode(buf + fp, opt.devmem, 0))
 +                        if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
-			{
-				found++;
-				goto done;
---
-2.35.5
+ 			{
+ 				found++;
+ 				goto done;
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
index b99c2ea99d..c0f6b45313 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
+++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
@@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
            file://0001-Committing-changes-from-do_unpack_extra.patch \
-           file://CVE-2023-30630_1.patch \
+           file://CVE-2023-30630_1a.patch \
+           file://CVE-2023-30630_1b.patch \
            file://CVE-2023-30630_2.patch \
            file://CVE-2023-30630_3.patch \
            file://CVE-2023-30630_4.patch \
-- 
2.34.1

[OE-core][kirkstone 09/16] linux-yocto/5.10: update to v5.10.186

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    381518b4a916 Linux 5.10.186
    29917a20be43 bpf/btf: Accept function names that contain dots
    8b7454dd984a netfilter: nf_tables: hold mutex on netns pre_exit path
    9e8d927cfa56 netfilter: nf_tables: validate registers coming from userspace.
    f19a4818a92a netfilter: nftables: statify nft_parse_register()
    42997367cb67 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
    5a257f355366 x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    d8efc77f23c8 drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    485fe165084b drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    0b0fdc43b2ab drm/exynos: vidi: fix a wrong error return
    32134e7a0f21 ARM: dts: Fix erroneous ADS touchscreen polarities
    79cf5657be38 s390/purgatory: disable branch profiling
    a819de62ec2b ASoC: nau8824: Add quirk to active-high jack-detect
    fa08753c2d04 ASoC: simple-card: Add missing of_node_put() in case of error
    9138ed7e2b43 spi: lpspi: disable lpspi module irq in DMA mode
    97b6c4c1d1a8 s390/cio: unregister device when the only path is gone
    fe949c1662c9 Input: soc_button_array - add invalid acpi_index DMI quirk handling
    eaf1fa945206 usb: gadget: udc: fix NULL dereference in remove()
    7d1a0733a55e nfcsim.c: Fix error checking for debugfs_create_dir
    dc357c0787e8 media: cec: core: don't set last_initiator if tx in progress
    c13573032b7b arm64: Add missing Set/Way CMO encodings
    49a2b18f4972 HID: wacom: Add error check to wacom_parse_and_register()
    2b43198de03f scsi: target: iscsi: Prevent login threads from racing between each other
    75aa3f255c88 gpiolib: Fix GPIO chip IRQ initialization restriction
    304802e5b038 gpio: Allow per-parent interrupt data
    bc75968b494a sch_netem: acquire qdisc lock in netem_change()
    caddeadd0d03 Revert "net: phy: dp83867: perform soft reset and retain established link"
    5702afa2c331 netfilter: nfnetlink_osf: fix module autoload
    3d5c09c782a3 netfilter: nf_tables: disallow element updates of bound anonymous sets
    2a90da8e0dd5 netfilter: nft_set_pipapo: .walk does not deal with generations
    792bfe26a655 be2net: Extend xmit workaround to BE3 chip
    cebb5cee0984 net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    7a1ae0000509 ipvs: align inner_mac_header for encapsulation
    f2547bc71663 mmc: usdhi60rol0: fix deferred probing
    4a99e35c5a62 mmc: sh_mmcif: fix deferred probing
    c2278de1382b mmc: sdhci-acpi: fix deferred probing
    f6e176ef894a mmc: owl: fix deferred probing
    f29d0ab0e6bd mmc: omap_hsmmc: fix deferred probing
    65d9318e3d56 mmc: omap: fix deferred probing
    9ad3c21fb66d mmc: mvsdio: fix deferred probing
    9b0417fd402f mmc: mtk-sd: fix deferred probing
    ced13bc50ef0 net: qca_spi: Avoid high load if QCA7000 is not available
    b1b9c81e29d2 xfrm: Linearize the skb after offloading if needed.
    31cd0d4a4470 selftests: net: fcnal-test: check if FIPS mode is enabled
    2af75a36af8d selftests: net: vrf-xfrm-tests: change authentication and encryption algos
    07fbbddae5af xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
    562800447f8b bpf: Fix verifier id tracking of scalars on spill
    3b0a96db670b bpf: track immediate values written to stack by BPF_ST instruction
    bff7824db681 xfrm: Ensure policies always checked on XFRM-I input path
    01af67ed83d0 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
    cdaa6e1105c0 xfrm: Treat already-verified secpath entries as optional
    47be2931c4e5 ieee802154: hwsim: Fix possible memory leaks
    051d6421337b memfd: check for non-NULL file_seals in memfd_create() syscall
    1ac6e9ee8428 sysctl: move some boundary constants from sysctl.c to sysctl_vals
    e1aa3fe3e282 mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30%
    ad10dd211370 x86/mm: Avoid using set_pgd() outside of real PGD pages
    4de2093674f2 nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    3845c38417bd io_uring/net: disable partial retries for recvmsg with cmsg
    826ee9fa3647 io_uring/net: clear msg_controllen on partial sendmsg retry
    5fdea4468f57 io_uring/net: save msghdr->msg_control for retries
    5a7101d8faab writeback: fix dereferencing NULL mapping->host on writeback_page_template
    f00cd687c2cd regmap: spi-avmm: Fix regmap_bus max_raw_write
    bc35f93e4bd7 regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
    5938470f9c80 ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
    2e454015ca27 mmc: mmci: stm32: fix max busy timeout calculation
    1be288fd3b0d mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    1b97630cd9a9 mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
    63608437a83d cgroup: Do not corrupt task iteration when rebinding subsystem
    988d06f5eb32 PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
    8f2d5ebdfef7 PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
    8b7484676994 Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
    79ceb758e3db PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    8b8c9812c048 Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    b435298349ab nilfs2: fix buffer corruption due to concurrent device reads
    524a2c0bcf99 selftests: mptcp: join: skip check if MIB counter not supported
    e508d9cef887 selftests: mptcp: pm nl: remove hardcoded default limits
    4c4ca42418a5 selftests: mptcp: lib: skip if not below kernel version
    6d20cfbc578d selftests: mptcp: lib: skip if missing symbol
    3cc7935d3221 tick/common: Align tick period during sched_timer setup
    db4ab0c97a4d tracing: Add tracing_reset_all_online_cpus_unlocked() function
    9ced73049016 net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
    b1b42fff8ae1 drm/amd/display: fix the system hang while disable PSR

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.10.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.10.bb            |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 7976b96a61..6d8effd6e2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "46fb028ad9413cfa8d47a6dc8bf9a57d9d5edf8b"
-SRCREV_meta ?= "c1168e10ecf30b123a341ca500966eebf3fe2cc2"
+SRCREV_machine ?= "4a1803ede76bf613f627954d55abc14bc3ce33a2"
+SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.185"
+LINUX_VERSION ?= "5.10.186"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 85dac1d874..8a013a3862 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.10.185"
+LINUX_VERSION ?= "5.10.186"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "6e0299be775387485e22edcd57ac6099c08f4356"
-SRCREV_machine ?= "772cf990473f73ebf34c1a1ef4f06eb3e297c4db"
-SRCREV_meta ?= "c1168e10ecf30b123a341ca500966eebf3fe2cc2"
+SRCREV_machine:qemuarm ?= "be5fe90e1270855b9cc67ae6312fe04fa4d19693"
+SRCREV_machine ?= "1d287024a6dd075a6dc4027679fea5df640cebd6"
+SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 2c7a3e2597..2ccedd8c45 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,23 +13,23 @@ KBRANCH:qemux86  ?= "v5.10/standard/base"
 KBRANCH:qemux86-64 ?= "v5.10/standard/base"
 KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "08e7e91e009a1d738962de06f48f9704075d3a56"
-SRCREV_machine:qemuarm64 ?= "f23a4523287d5199b67a135e5d1cf3680fe58a3a"
-SRCREV_machine:qemumips ?= "82bae5b9d4316474df162ca7e5a2dff35c4ede39"
-SRCREV_machine:qemuppc ?= "8b5027212160436c9d466b80e0c385f265acfbdb"
-SRCREV_machine:qemuriscv64 ?= "dafc025b033585311d1693255c80b60b690b0e54"
-SRCREV_machine:qemuriscv32 ?= "dafc025b033585311d1693255c80b60b690b0e54"
-SRCREV_machine:qemux86 ?= "dafc025b033585311d1693255c80b60b690b0e54"
-SRCREV_machine:qemux86-64 ?= "dafc025b033585311d1693255c80b60b690b0e54"
-SRCREV_machine:qemumips64 ?= "ee18c4343db52d5846a0f332cd6df26a6f72dd45"
-SRCREV_machine ?= "dafc025b033585311d1693255c80b60b690b0e54"
-SRCREV_meta ?= "c1168e10ecf30b123a341ca500966eebf3fe2cc2"
+SRCREV_machine:qemuarm ?= "f9df75cf799c8ac43b932476c7ad6b4b4fba33de"
+SRCREV_machine:qemuarm64 ?= "404cf5c05b3fc82b4d8395fcc5abe4b26407665a"
+SRCREV_machine:qemumips ?= "9d39a0ab63dfaa32be0ddd02b61acd2fe1a2b156"
+SRCREV_machine:qemuppc ?= "e55cd861f7167730eb17a5c82891fad17c515b64"
+SRCREV_machine:qemuriscv64 ?= "cfcf13659ada4eee41e11484404de999ce571196"
+SRCREV_machine:qemuriscv32 ?= "cfcf13659ada4eee41e11484404de999ce571196"
+SRCREV_machine:qemux86 ?= "cfcf13659ada4eee41e11484404de999ce571196"
+SRCREV_machine:qemux86-64 ?= "cfcf13659ada4eee41e11484404de999ce571196"
+SRCREV_machine:qemumips64 ?= "7d139a5b0b4abc1a7104845c5c9f2523dce0d589"
+SRCREV_machine ?= "cfcf13659ada4eee41e11484404de999ce571196"
+SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.185"
+LINUX_VERSION ?= "5.10.186"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 10/16] linux-yocto/5.10: update to v5.10.187

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    140d69b4e41d Linux 5.10.187
    93df00f9d48d x86/cpu/amd: Add a Zenbleed fix
    191b8f9b0e37 x86/cpu/amd: Move the errata checking functionality up
    113ce5ed59fc x86/microcode/AMD: Load late on both threads too

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.10.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.10.bb            |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 6d8effd6e2..5feaa9811a 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "4a1803ede76bf613f627954d55abc14bc3ce33a2"
-SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1"
+SRCREV_machine ?= "0a7d0eaa4e53eede45702dde31a3580e4cce0034"
+SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.186"
+LINUX_VERSION ?= "5.10.187"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 8a013a3862..1e401e2499 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.10.186"
+LINUX_VERSION ?= "5.10.187"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "be5fe90e1270855b9cc67ae6312fe04fa4d19693"
-SRCREV_machine ?= "1d287024a6dd075a6dc4027679fea5df640cebd6"
-SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1"
+SRCREV_machine:qemuarm ?= "54fe699b2a16739a9fb3905d3a6c6ff7475214ea"
+SRCREV_machine ?= "2fe6f9bdf89df6d468f7e2c7fc070993a11f029a"
+SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 2ccedd8c45..93eff2bd58 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,23 +13,23 @@ KBRANCH:qemux86  ?= "v5.10/standard/base"
 KBRANCH:qemux86-64 ?= "v5.10/standard/base"
 KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "f9df75cf799c8ac43b932476c7ad6b4b4fba33de"
-SRCREV_machine:qemuarm64 ?= "404cf5c05b3fc82b4d8395fcc5abe4b26407665a"
-SRCREV_machine:qemumips ?= "9d39a0ab63dfaa32be0ddd02b61acd2fe1a2b156"
-SRCREV_machine:qemuppc ?= "e55cd861f7167730eb17a5c82891fad17c515b64"
-SRCREV_machine:qemuriscv64 ?= "cfcf13659ada4eee41e11484404de999ce571196"
-SRCREV_machine:qemuriscv32 ?= "cfcf13659ada4eee41e11484404de999ce571196"
-SRCREV_machine:qemux86 ?= "cfcf13659ada4eee41e11484404de999ce571196"
-SRCREV_machine:qemux86-64 ?= "cfcf13659ada4eee41e11484404de999ce571196"
-SRCREV_machine:qemumips64 ?= "7d139a5b0b4abc1a7104845c5c9f2523dce0d589"
-SRCREV_machine ?= "cfcf13659ada4eee41e11484404de999ce571196"
-SRCREV_meta ?= "2edebf2a655a6ee6f23846cf9af1f81352fc5cd1"
+SRCREV_machine:qemuarm ?= "ca4bf25fb041f115ee9144acf175266e7d2c5495"
+SRCREV_machine:qemuarm64 ?= "7ef1d2f467aa45b98241421262e607ec080e0921"
+SRCREV_machine:qemumips ?= "f275b4829346d60d1cb600d4b8195eb6812361fd"
+SRCREV_machine:qemuppc ?= "af1960c76a2c940eee2e7b4c20e07c248b030b02"
+SRCREV_machine:qemuriscv64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
+SRCREV_machine:qemuriscv32 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
+SRCREV_machine:qemux86 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
+SRCREV_machine:qemux86-64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
+SRCREV_machine:qemumips64 ?= "2f630e9e4b3c809cf48d8e252477845c405195cc"
+SRCREV_machine ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
+SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.186"
+LINUX_VERSION ?= "5.10.187"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 11/16] linux-yocto/5.10: update to v5.10.188

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    3602dbc57b55 Linux 5.10.188
    edce5fba78cc ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
    115b19f89353 ftrace: Store the order of pages allocated in ftrace_page
    1a1e793e021d tracing: Fix memory leak of iter->temp when reading trace_pipe
    43e786aa51b8 tracing/histograms: Return an error if we fail to add histogram to hist_vars list
    e3da59f42820 net: phy: prevent stale pointer dereference in phy_init()
    e0ac63e194f4 tcp: annotate data-races around fastopenq.max_qlen
    d01afbfc2f7d tcp: annotate data-races around icsk->icsk_user_timeout
    3cf0a0f11d39 tcp: annotate data-races around tp->notsent_lowat
    9c786d5faf3a tcp: annotate data-races around rskq_defer_accept
    f891375eba6e tcp: annotate data-races around tp->linger2
    9168bd8f54c5 tcp: annotate data-races around icsk->icsk_syn_retries
    7b0084918c5f tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries.
    cf6c06ac7487 net: Introduce net.ipv4.tcp_migrate_req.
    a5c30a518764 tcp: annotate data-races around tp->keepalive_probes
    93715448f116 tcp: annotate data-races around tp->keepalive_intvl
    7b52a78a91fd tcp: annotate data-races around tp->keepalive_time
    1d4f2c4be136 tcp: annotate data-races around tp->tcp_tx_delay
    30e5460d69e6 netfilter: nf_tables: skip bound chain on rule flush
    94c10c0fa51b netfilter: nf_tables: skip bound chain in netns release path
    3a91099ecd59 netfilter: nft_set_pipapo: fix improper element removal
    9c2df17e3cfc netfilter: nf_tables: can't schedule in nft_chain_validate
    533193a23914 netfilter: nf_tables: fix spurious set element insertion failure
    a6f1988780a7 llc: Don't drop packet from non-root netns.
    49e435ca02c7 fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    bc9d4d432f78 Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    d06fc7b39199 net:ipv6: check return value of pskb_trim()
    1a478ad1297a net: ipv4: Use kfree_sensitive instead of kfree
    937105d2b0bf tcp: annotate data-races around tcp_rsk(req)->ts_recent
    41b00238699a octeontx2-pf: Dont allocate BPIDs for LBK interfaces
    5bc78ba88905 security: keys: Modify mismatched function name
    b92defe4e8ee iavf: Fix out-of-bounds when setting channels on remove
    a4635f190f33 iavf: Fix use-after-free in free_netdev
    b37bc3b07eab bridge: Add extack warning when enabling STP in netns.
    f6d311b95394 net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    54aa4c03861e pinctrl: amd: Use amd_pinconf_set() for all config options
    7041605e8594 fbdev: imxfb: warn about invalid left/right margin
    6e88cc510f27 spi: bcm63xx: fix max prepend length
    994c2ceb70ea igb: Fix igb_down hung on surprise removal
    a956c3af70fa wifi: iwlwifi: mvm: avoid baid size integer overflow
    85cf0d5f45cb wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
    2864cc9a1fd1 devlink: report devlink_port_type_warn source device
    b6d9a4062c94 bpf: Address KCSAN report on bpf_lru_list
    532f8bac6041 wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range
    6b0c79aa3307 sched/fair: Don't balance task to its current running CPU
    32020fc2a837 arm64: mm: fix VA-range sanity check
    c71d6934c6ac arm64: set __exception_irq_entry with __irq_entry as a default
    71e3f2354072 ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version)
    776a72f612a8 ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
    e090f70ae4cc ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
    ae51eb90bcca btrfs: add xxhash to fast checksum implementations
    322377cc909d posix-timers: Ensure timer ID search-loop limit is valid
    634daf6b2c81 md/raid10: prevent soft lockup while flush writes
    b02939413e5c md: fix data corruption for raid456 when reshape restart while grow up
    4a2c62c8d67c nbd: Add the maximum limit of allocated index in nbd_dev_add
    5f84a34b646f debugobjects: Recheck debug_objects_enabled before reporting
    5d5aa5b64887 ext4: correct inline offset when handling xattrs in inode body
    48aa53937584 ASoC: fsl_sai: Disable bit clock with transmitter
    5f2a12f64347 drm/client: Fix memory leak in drm_client_modeset_probe
    105275879a80 drm/client: Fix memory leak in drm_client_target_cloned
    cf254b4f68e4 can: bcm: Fix UAF in bcm_proc_show()
    3e412b6e2b57 regmap: Account for register length in SMBus I/O limits
    8b3dd8d23fa0 regmap: Drop initial version of maximum transfer length fixes
    4935761daa33 selftests: tc: add 'ct' action kconfig dep
    1ab5aa1846a5 selftests: tc: set timeout to 15 minutes
    dad97c205af2 fuse: revalidate: don't invalidate if interrupted
    d2c667cc1831 btrfs: fix warning when putting transaction with qgroups enabled after abort
    4410f4a938ae perf probe: Add test for regression introduced by switch to die_get_decl_file()
    0a6b0ca58685 keys: Fix linking a duplicate key to a keyring's assoc_array
    a26208e184ae ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    ce2a7e7b504c ALSA: hda/realtek - remove 3k pull low procedure
    f09c0ac142c5 drm/atomic: Fix potential use-after-free in nonblocking commits
    9a085fa9b7d6 RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
    73e72a5380a2 net/sched: sch_qfq: reintroduce lmax bound check for MTU
    0b1ce92fabdb scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
    5addd62586a9 scsi: qla2xxx: Pointer may be dereferenced
    e8de73238d5d scsi: qla2xxx: Correct the index of array
    921d68446255 scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
    2bea9c1c9831 scsi: qla2xxx: Fix potential NULL pointer dereference
    eecb8a491c82 scsi: qla2xxx: Fix buffer overrun
    bcd773969a87 scsi: qla2xxx: Array index may go out of bound
    a9fe97fb7b4e scsi: qla2xxx: Wait for io return on terminate rport
    6ea2a408d3e3 tracing/probes: Fix not to count error code to total length
    7060e5aac6dc tracing: Fix null pointer dereference in tracing_err_log_open()
    81fb8a58d4ec xtensa: ISS: fix call to split_if_spec
    5e68f1f3a20f ring-buffer: Fix deadloop issue on reading trace_pipe
    1e760b2d18bf net: ena: fix shift-out-of-bounds in exponential backoff
    1f2a8f083575 samples: ftrace: Save required argument registers in sample trampolines
    1576f0df7b4d tracing/histograms: Add histograms to hist_vars if they have referenced variables
    07edd294b16a s390/decompressor: fix misaligned symbol build error
    5f4a1111ad04 Revert "8250: add support for ASIX devices with a FIFO bug"
    7f2f0e6ec561 meson saradc: fix clock divider mask length
    790e4e82c57d xhci: Show ZHAOXIN xHCI root hub speed correctly
    c52e04c58ded xhci: Fix TRB prefetch issue of ZHAOXIN hosts
    b56a07c2a550 xhci: Fix resume issue of some ZHAOXIN hosts
    8e807eadf0b9 ceph: don't let check_caps skip sending responses for revoke msgs
    c04ed61ebf01 firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()
    1962717c4649 tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
    a49e5a05121c tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
    08673739ed85 serial: atmel: don't enable IRQs prematurely
    4016d36fec63 drm/amd/display: Correct `DMUB_FW_VERSION` macro
    d89bd2ecd39b drm/rockchip: vop: Leave vblank enabled in self-refresh
    b9ec9372a47a drm/atomic: Allow vblank-enabled + self-refresh "disable"
    23d5004ee7aa fs: dlm: return positive pid value for F_GETLK
    5e9aff5b10c2 md/raid0: add discard support for the 'original' layout
    8e3c7776405a misc: pci_endpoint_test: Re-init completion for every test
    cdf9a7e2cdc7 misc: pci_endpoint_test: Free IRQs before removing the device
    8c90c466e38e PCI: rockchip: Set address alignment for endpoint mode
    f1986416cfb4 PCI: rockchip: Use u32 variable to access 32-bit registers
    36eb13031227 PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
    c417a4c7de1d PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
    ddda61419af3 PCI: rockchip: Write PCI Device ID to correct register
    bec3e0f7f272 PCI: rockchip: Assert PCI Configuration Enable bit after probe
    48e11e7c81b9 PCI: qcom: Disable write access to read only registers for IP v2.3.3
    aca71b004a66 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
    d3bab5de91c6 PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
    5a89a5cc817e hwrng: imx-rngc - fix the timeout for init and self check
    47b7eaae08e8 jfs: jfs_dmap: Validate db_l2nbperpage while mounting
    84293af5455b ext4: only update i_reserved_data_blocks on successful block allocation
    0a5d12e7107e ext4: fix wrong unit use in ext4_mb_new_blocks
    514220246aa8 ext4: get block from bh in ext4_free_blocks for fast commit replay
    d054422eb609 ext4: fix wrong unit use in ext4_mb_clear_bb
    be99faf0c4db ext4: Fix reusing stale buffer heads from last failed mounting
    8fbe951d6546 MIPS: Loongson: Fix cpu_probe_loongson() again
    8c723eef989b erofs: fix compact 4B support for 16k block size
    3bd4d316b1a8 misc: fastrpc: Create fastrpc scalar with correct buffer count
    3d1d037f2749 powerpc: Fail build if using recordmcount with binutils v2.37
    fe1ae1fb507a net: bcmgenet: Ensure MDIO unregistration has clocks enabled
    21d5d3eb36bf mtd: rawnand: meson: fix unaligned DMA buffers handling
    9ff7fcb3a2ed tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
    59490249c2c0 pinctrl: amd: Only use special debounce behavior for GPIO 0
    4f77a87ce919 pinctrl: amd: Detect internal GPIO0 debounce handling
    3674b9c056ad pinctrl: amd: Fix mistake in handling clearing pins at startup
    b39ef5b52f10 f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
    f4ff37981235 nvme-pci: fix DMA direction of unmapping integrity data
    8359ee85fd6d net/sched: sch_qfq: account for stab overhead in qfq_enqueue
    5bef780e06d2 net/sched: sch_qfq: refactor parsing of netlink parameters
    1d7ae38daac7 net/sched: make psched_mtu() RTNL-less safe
    d5ca61b7642b netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
    9b69cdb6e534 net/sched: flower: Ensure both minimum and maximum ports are specified
    934c85b8ecd1 wifi: airo: avoid uninitialized warning in airo_get_rate()
    4511499138ae erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
    bbc500ff3f2c riscv, bpf: Fix inconsistent JIT image generation
    a976adc3bca4 bpf, riscv: Support riscv jit to provide bpf_line_info
    eb3d1d84f3d6 riscv: bpf: Avoid breaking W^X
    7c616437981f riscv: bpf: Move bpf_jit_alloc_exec() and bpf_jit_free_exec() to core
    83579a626169 igc: Fix inserting of empty frame for launchtime
    c48e8ee81ad3 igc: Fix launchtime before start of cycle
    cdf5b9af92da platform/x86: wmi: Break possible infinite loop when parsing GUID
    7157ee0de522 platform/x86: wmi: move variables
    4bb2bb69bd9a platform/x86: wmi: use guid_t and guid_equal()
    88dfb592d2c1 platform/x86: wmi: remove unnecessary argument
    2ad31ce40e81 ipv6/addrconf: fix a potential refcount underflow for idev
    8271145523a5 NTB: ntb_tool: Add check for devm_kcalloc
    41c6d8ff71cd NTB: ntb_transport: fix possible memory leak while device_register() fails
    03cfa0653406 ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
    23e09f0a868f NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
    0bb2683b0cde ntb: idt: Fix error handling in idt_pci_driver_init()
    3e8fed805cf3 udp6: fix udp6_ehashfn() typo
    d30ddd7ff15d icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
    bc3ab5d2ab69 net: prevent skb corruption on frag list segmentation
    cddd04f34124 net: bgmac: postpone turning IRQs off to avoid SoC hangs
    f8cc4fd99a32 ionic: remove WARN_ON to prevent panic_on_warn
    9085429821b4 gve: Set default duplex configuration to full
    80e0e8d5f543 net/sched: cls_fw: Fix improper refcount update leads to use-after-free
    d341f246123e net: mvneta: fix txq_map in case of txq_number==1
    c175603d84d3 scsi: qla2xxx: Fix error code in qla2x00_start_sp()
    b687b7836157 igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings
    30c281a77fb1 net/mlx5e: Check for NOT_READY flag state after locking
    de6e6b07974c net/mlx5e: fix double free in mlx5e_destroy_flow_table
    3d4bba694aed igc: Remove delay during TX ring configuration
    2a587b71c532 drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags
    547ab8ea86c1 drm/panel: simple: Add connector_type for innolux_at043tn24
    13c353dc5c2e workqueue: clean up WORK_* constant types, clarify masking
    fc359e5b45da net: lan743x: Don't sleep in atomic context
    dc4a25fa7565 io_uring: add reschedule point to handle_tw_list()
    297883bbcab1 io_uring: Use io_schedule* in cqring wait
    bb2f7e4bfe81 block/partition: fix signedness issue for Amiga partitions
    4f91de9a81bd rcu-tasks: Simplify trc_read_check_handler() atomic operations
    3a64cd01cdd6 rcu-tasks: Mark ->trc_reader_special.b.need_qs data races
    058f077d09ba rcu-tasks: Mark ->trc_reader_nesting data races
    83be9fd7843c tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
    999f3b6104ed wireguard: netlink: send staged packets when setting initial private key
    1b7107040596 wireguard: queueing: use saner cpu selection wrapping
    ea213922249c netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
    4ae2e501331a netfilter: nf_tables: do not ignore genmask when looking up chain by id
    8289d422f5e4 netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
    be6478f5cce6 netfilter: nf_tables: fix scheduling-while-atomic splat
    a07e415be383 netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    a136b7942ad2 netfilter: nf_tables: drop map element references from preparation phase
    21cf0d66ef88 netfilter: nftables: rename set element data activation/deactivation functions
    237f37f7b9f0 netfilter: nf_tables: reject unbound chain set before commit phase
    0205dd16edeb netfilter: nf_tables: reject unbound anonymous set before commit phase
    34d09fe49f59 netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
    d53c295c1f43 netfilter: nf_tables: fix chain binding transaction logic
    8180fc2fadd4 netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
    e546e6ebb19d netfilter: nf_tables: add rescheduling points during loop detection walks
    3f51f1157f67 netfilter: nf_tables: use net_generic infra for transaction data
    01248dd65155 sh: pgtable-3level: Fix cast to pointer from integer of different size
    87410743b548 block: add overflow checks for Amiga partition support
    f0aec6c403a0 selftests/bpf: Add verifier test for PTR_TO_MEM spill
    88bffb61bc03 tpm, tpm_tis: Claim locality in interrupt handler
    5bf73af8b382 fanotify: disallow mount/sb marks on kernel internal pseudo fs
    5cb46b80ecda fs: no need to check source
    66a0647cdc56 leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
    5d6fbb624576 ARM: orion5x: fix d2net gpio initialization
    9b0f7940e212 ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
    1dac8584be0c ASoC: mediatek: mt8173: Fix irq error path
    6819bb0b8552 btrfs: fix race when deleting quota root from the dirty cow roots list
    a3fbd156bd2c btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
    59efb8671105 fs: Lock moved directories
    c5b5e72df13d fs: Establish locking order for unrelated directories
    4b03f503b730 Revert "f2fs: fix potential corruption when moving a directory"
    2b563acd2dfa ext4: Remove ext4 locking of moved directory
    5e7d18a52c88 fs: avoid empty option when generating legacy mount string
    988a5d791156 jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
    5fada3751137 shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
    79bef379d55a autofs: use flexible array in ioctl structure
    8bf91a8d4871 integrity: Fix possible multiple allocation in integrity_inode_get()
    9658a03f80b2 um: Use HOST_DIR for mrproper
    a4405f6ee033 bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
    db9439cef0b5 bcache: Remove unnecessary NULL point check in node allocations
    bcb295778afd bcache: fixup btree_cache_wait list damage
    dc3287206a32 mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used.
    191628e2d96a mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
    02c8c2b5f680 mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
    6f9708e5c110 mmc: core: disable TRIM on Kingston EMMC04G-M627
    28e649dc9947 io_uring: wait interruptibly for request completions on exit
    8482ac2e5a26 NFSD: add encoding of op_recall flag for write delegation
    8d36cb6d1aed i2c: qup: Add missing unwind goto in qup_i2c_probe()
    e41a8e461561 ALSA: jack: Fix mutex call in snd_jack_report()
    e71714ad24d8 i2c: xiic: Don't try to handle more interrupt events after error
    b6eefa7a27a6 i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
    023bd9dc410c apparmor: fix missing error check for rhashtable_insert_fast
    d1c946552af2 sh: dma: Fix DMA channel offset calculation
    37750131d2a5 s390/qeth: Fix vipa deletion
    9f5548e4214d net: dsa: tag_sja1105: fix MAC DA patching from meta frames
    2758fb81bbc9 pptp: Fix fib lookup calls.
    0b08ff091f31 net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
    2434a6715f59 xsk: Honor SO_BINDTODEVICE on bind
    b785ba0acc82 tcp: annotate data races in __tcp_oow_rate_limited()
    73f512bedfd4 net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
    9a9d468fdcca powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
    f970b05c9b76 octeontx2-af: Fix mapping for NIX block from CGX connection
    5ded9e8aa53e f2fs: fix error path handling in truncate_dnode()
    358145cc3797 mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
    32b9c8f7892c spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
    1f3643f9cfca net: dsa: vsc73xx: fix MTU configuration
    c377451012ce Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
    6d2243ab783b sctp: fix potential deadlock on &net->sctp.addr_wq_lock
    620993d5ee5b media: cec: i2c: ch7322: also select REGMAP
    f733a7bfe8f8 rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
    aa70e5dd7268 pwm: sysfs: Do not apply state to already disabled PWMs
    8a0413be8a1e pwm: imx-tpm: force 'real_period' to be zero in suspend
    e4845cdea71e phy: tegra: xusb: check return value of devm_kzalloc()
    442e1a98bd02 mfd: stmpe: Only disable the regulators if they are enabled
    724448d6021d KVM: s390: vsie: fix the length of APCB bitmap
    c5e2f6f2bb66 mfd: stmfx: Nullify stmfx->vdd in case of error
    30ead8b9bf0d mfd: stmfx: Fix error path in stmfx_chip_init
    4d2405147385 test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
    5b31ac1d6d88 serial: 8250_omap: Use force_suspend and resume for system suspend
    8e00ae25a371 Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection"
    a81e1f22e17f mfd: intel-lpss: Add missing check for platform_get_resource
    1dc07edc01d2 usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
    7ade555ac58d usb: common: usb-conn-gpio: Set last role to unknown before initial detection
    0e9e127835c8 usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
    a6171452085b usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
    96898fb476d1 KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
    4e8e838fce5e media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
    b754ea60e690 media: venus: helpers: Fix ALIGN() of non power of two
    02b22660231d mfd: rt5033: Drop rt5033-battery sub-device
    e52019c09535 coresight: Fix loss of connection info when a module is unloaded
    018eddcb6bef kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
    a59f64a83516 serial: 8250: lock port for UART_IER access in omap8250_irq()
    8d65d0a2bfd5 serial: 8250: lock port for stop_rx() in omap8250_irq()
    d66ddb61fa23 usb: hide unused usbfs_notify_suspend/resume functions
    56901de56335 usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
    6538e5d9f7eb extcon: Fix kernel doc of property capability fields to avoid warnings
    dac7d7efcb54 extcon: Fix kernel doc of property fields to avoid warnings
    2788a3553f74 usb: gadget: u_serial: Add null pointer check in gserial_suspend
    74f8606ddfa4 usb: dwc3: qcom: Fix potential memory leak
    bdce16c1e650 clk: qcom: ipq6018: fix networking resets
    ee3f494cfc3e clk: qcom: reset: support resetting multiple bits
    35fd1a213fa4 clk: qcom: reset: Allow specifying custom reset delay
    d87ef4e857b7 media: usb: siano: Fix warning due to null work_func_t function pointer
    300388887cbb media: videodev2.h: Fix struct v4l2_input tuner index comment
    5f3f4aa673a0 media: usb: Check az6007_read() return value
    32809afb6063 clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
    bb81ca33ace3 serial: 8250: omap: Fix freeing of resources on failed register
    ed68e8e22ee1 sh: j2: Use ioremap() to translate device tree address into kernel memory
    a7890637b3b9 w1: fix loop in w1_fini()
    a27aeae714cd w1: w1_therm: fix locking behavior in convert_t
    cd5ec3ee52ce SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
    e4a9b3333e67 block: change all __u32 annotations to __be32 in affs_hardblocks.h
    54da6c4c143f block: fix signed int overflow in Amiga partition support
    b6a107c52073 phy: tegra: xusb: Clear the driver reference in usb-phy dev
    fac7be49f1e6 usb: dwc3: gadget: Propagate core init errors to UDC during pullup
    8b0a55b59244 USB: serial: option: add LARA-R6 01B PIDs
    810e401b34c4 io_uring: ensure IOPOLL locks around deferred work
    cd5837564ff5 hwrng: st - keep clock enabled while hwrng is registered
    557e528255d5 dax: Introduce alloc_dev_dax_id()
    94a85474f5e3 dax: Fix dax_mapping_release() use after free
    7c9f5a14d93b NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
    bab0bf567797 ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
    cb0cdca5c979 modpost: fix off by one in is_executable_section()
    f0350516b9d2 crypto: marvell/cesa - Fix type mismatch warning
    b54069445591 modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
    88978ef7fdef modpost: fix section mismatch message for R_ARM_ABS32
    31195ee328e9 crypto: nx - fix build warnings when DEBUG_FS is not enabled
    77471e4912d3 hwrng: virtio - Fix race on data_avail and actual data
    e8f51401d642 hwrng: virtio - always add a pending request
    ffc5ce9c272f hwrng: virtio - don't waste entropy
    d13ea82bfe15 hwrng: virtio - don't wait on cleanup
    5f23dae018c6 hwrng: virtio - add an internal buffer
    aba192bb31df powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary
    7afd0de0cc14 powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
    7289ca7a5170 mm: rename p4d_page_vaddr to p4d_pgtable and make it return pud_t *
    bfad11018806 mm: rename pud_page_vaddr to pud_pgtable and make it return pmd_t *
    07c19c0ad4b0 powerpc/powernv/sriov: perform null check on iov before dereferencing iov
    f3c7b95c9991 pinctrl: at91-pio4: check return value of devm_kasprintf()
    b7a38fc3f384 perf dwarf-aux: Fix off-by-one in die_get_varname()
    75a3cb1e2317 perf script: Fix allocation of evsel->priv related to per-event dump files
    647c6d35ccfe perf script: Fixup 'struct evsel_script' method prefix
    958acb479ef2 kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
    5533f0eb0a29 pinctrl: cherryview: Return correct value if pin in push-pull mode
    4b63caf86eda perf bench: Add missing setlocale() call to allow usage of %'d style formatting
    345ee8521655 perf bench: Use unbuffered output when pipe/tee'ing to a file
    f0d2310f6b46 PCI: Add pci_clear_master() stub for non-CONFIG_PCI
    b65fe59b2d62 PCI: ftpci100: Release the clock resources
    cb389e8edf64 PCI: pciehp: Cancel bringup sequence if card is not present
    b9895a4c95f3 scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    7badf4d6f49a PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
    d27238fc83b9 pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
    ac64019e4d4b scsi: qedf: Fix NULL dereference in error handling
    8e9907e9219f PCI: cadence: Fix Gen2 Link Retraining process
    07be8e60f27f ASoC: imx-audmix: check return value of devm_kasprintf()
    714ba10a6dd1 ovl: update of dentry revalidate flags after copy up
    47f4d875aa54 drivers: meson: secure-pwrc: always enable DMA domain
    5f149d053898 clk: ti: clkctrl: check return value of kasprintf()
    fd9324fa4d81 clk: keystone: sci-clk: check return value of kasprintf()
    0b754f9cfd66 clk: si5341: free unused memory on probe failure
    dc8d0178d506 clk: si5341: check return value of {devm_}kasprintf()
    dc3eef648055 clk: si5341: return error if one synth clock registration fails
    040113980081 clk: si5341: Add sysfs properties to allow checking/resetting device faults
    fc813d05739e clk: si5341: Allow different output VDD_SEL values
    f64fcd3acf1f clk: cdce925: check return value of kasprintf()
    866d4340c6c9 clk: vc5: check memory returned by kasprintf()
    c67a55f7cc8d drm/msm/dp: Free resources after unregistering them
    c3b63584d8c2 drm/msm/dpu: do not enable color-management if DSPPs are not available
    f923a582217b ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
    404e9f741acf clk: tegra: tegra124-emc: Fix potential memory leak
    cb047c13bbf9 clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
    294321349bd3 clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
    e749bc5a9054 RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
    9341501e2f7a RDMA/bnxt_re: wraparound mbox producer index
    968e27fd037e amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
    e070120e6d68 drm/radeon: fix possible division-by-zero errors
    a77b80825bf1 drm/amdkfd: Fix potential deallocation of previously deallocated memory.
    245aa7c0233e ARM: dts: BCM5301X: fix duplex-full => full-duplex
    7e2edb84fe7c hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
    580e9b987b89 hwmon: (adm1275) Allow setting sample averaging
    a3c5d148b78b hwmon: (adm1275) enable adm1272 temperature reporting
    4610efa404be hwmon: (gsc-hwmon) fix fan pwm temperature scaling
    6e12311dcedd ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
    badeb7fe2450 ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
    17cd31487dc3 arm64: dts: ti: k3-j7200: Fix physical address of pin
    ce6e0434e502 fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
    34e1e2f3cf5a arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
    6817914c67b7 ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
    220f86cc19dc RDMA/hns: Fix hns_roce_table_get return value
    9196f44239cf RDMA/hns: Clean the hardware related code for HEM
    aa495b927f9c RDMA/hns: Use refcount_t APIs for HEM
    de1049dd18bd RDMA/hns: Fix coding style issues
    cc1b04b699e6 RDMA: Remove uverbs_ex_cmd_mask values that are linked to functions
    7dcb9ea3ee4b IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
    6cf8f3d690bb IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
    2d38866a99ba IB/hfi1: Use bitmap_zalloc() when applicable
    42b6865bf58c soc/fsl/qe: fix usb.c build errors
    9c14d1406662 ARM: dts: meson8: correct uart_B and uart_C clock references
    684a2f180e46 ASoC: es8316: Do not set rate constraints for unsupported MCLKs
    d883e16c7f35 ASoC: es8316: Increment max value for ALC Capture Target Volume control
    105af71974ea memory: brcmstb_dpfe: fix testing array offset after use
    ddc74d6ea3dc ARM: dts: stm32: Shorten the AV96 HDMI sound card name
    392ee3cc995d arm64: dts: qcom: apq8096: fix fixed regulator name property
    c85a076215a9 ARM: omap2: fix missing tick_broadcast() prototype
    aec18da74194 ARM: ep93xx: fix missing-prototype warnings
    b574cd7e4dfc drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
    02d8b008ffee arm64: dts: qcom: msm8996: correct camss unit address
    6d103b1cc133 arm64: dts: qcom: msm8994: correct SPMI unit address
    160ac75a5a82 arm64: dts: qcom: msm8916: correct camss unit address
    e8b131d21638 ARM: dts: gta04: Move model property out of pinctrl node
    b0b180a712ee RDMA/bnxt_re: Fix to remove an unnecessary log
    446092f136d3 RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
    b54b26ac50a2 RDMA/bnxt_re: Use unique names while registering interrupts
    11bd3882c3a6 RDMA/bnxt_re: Fix to remove unnecessary return labels
    7080ef46ad3d RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
    2a9895df8088 arm64: dts: microchip: sparx5: do not use PSCI on reference boards
    726fdf47c148 bus: ti-sysc: Fix dispc quirk masking bool variables
    8ee24ddf45f0 ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
    617a4da09d77 drm/panel: sharp-ls043t1le01: adjust mode settings
    3c87c98225be drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
    39305592dc97 Input: adxl34x - do not hardcode interrupt trigger type
    e629efc6d602 ARM: dts: meson8b: correct uart_B and uart_C clock references
    bd46ade71497 ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
    20ecae1af578 drm/vram-helper: fix function names in vram helper doc
    46a34e145955 drm/bridge: tc358768: fix THS_TRAILCNT computation
    f2f7d0a4a22a drm/bridge: tc358768: fix TXTAGOCNT computation
    8e47328fe089 drm/bridge: tc358768: fix THS_ZEROCNT computation
    6b9450723bab drm/bridge: tc358768: fix TCLK_TRAILCNT computation
    33abcfbb17b0 drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
    43b2d11ccffb drm/bridge: tc358768: fix TCLK_ZEROCNT computation
    46b741718989 drm/bridge: tc358768: fix PLL target frequency
    825b00c68589 drm/bridge: tc358768: fix PLL parameters computation
    1b4f23fdf27f drm/bridge: tc358768: always enable HS video mode
    4e0fd4f54bea Input: drv260x - sleep between polling GO bit
    2780d5844855 drm/amd/display: Explicitly specify update type per plane info change
    b2213fc60b83 radeon: avoid double free in ci_dpm_init()
    472a615e66b9 netlink: Add __sock_i_ino() for __netlink_diag_dump().
    d10b38036977 ipvlan: Fix return value of ipvlan_queue_xmit()
    5215c0096839 netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
    9bdcda7abaf2 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
    36e07e8acfb9 lib/ts_bm: reset initial match offset for every block of text
    96f2c6f272ec net: nfc: Fix use-after-free caused by nfc_llcp_find_local
    a3a1550c4d2e nfc: llcp: simplify llcp_sock_connect() error paths
    cb1aa7cc562c sfc: fix crash when reading stats while NIC is resetting
    6ccfec84f025 net: axienet: Move reset before 64-bit DMA detection
    bccc7ace12e6 gtp: Fix use-after-free in __gtp_encap_destroy().
    4d9cd4b330d8 selftests: rtnetlink: remove netdevsim device after ipsec offload test
    44db85c6e1a1 netlink: do not hard code device address lenth in fdb dumps
    cde7b90e0539 netlink: fix potential deadlock in netlink_set_err()
    0c9e48428f6b net: stmmac: fix double serdes powerdown
    1ba91ffa1a0e igc: Fix race condition in PTP tx code
    660d4e73efb0 wifi: ath9k: convert msecs to jiffies where needed
    150ca0768b50 wifi: cfg80211: rewrite merging of inherited elements
    4e321c18ef92 wifi: iwlwifi: pull from TXQs with softirqs disabled
    2715617c2aad rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
    581401cd3cf9 wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
    6b22c2c649a1 memstick r592: make memstick_debug_get_tpc_name() static
    6cb477e7226b kexec: fix a memory leak in crash_shrink_memory()
    fdb07728d8ff watchdog/perf: more properly prevent false positives with turbo modes
    ac23d7f41426 watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
    22da8363e35f wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    b2aeb97fd470 wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
    1044187e7249 wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    c10c6ea9b3a2 wifi: ray_cs: Fix an error handling path in ray_probe()
    8825991838fc wifi: ray_cs: Drop useless status variable in parse_addr()
    a66e3fd3801a wifi: ray_cs: Utilize strnlen() in parse_addr()
    18d71562f70d wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    b6f793de619b wl3501_cs: use eth_hw_addr_set()
    cbd44a9e1cf1 net: create netdev->dev_addr assignment helpers
    13cf0e3894d1 wl3501_cs: Fix misspelling and provide missing documentation
    5512db9bd404 wifi: atmel: Fix an error handling path in atmel_probe()
    86ebbcbdc7b1 wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    fb7d78feb55a wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    8782dc2504da regulator: core: Streamline debugfs operations
    92bcd8494126 regulator: core: Fix more error checking for debugfs_create_dir()
    78f390aa0eb5 bpftool: JIT limited misreported as negative value on aarch64
    107e849f3c6a nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
    0be9de2ea01e nfc: constify several pointers to u8, char and sk_buff
    ef7fe1b5c4fb libbpf: fix offsetof() and container_of() to work with CO-RE
    b190ced50a5e sctp: add bpf_bypass_getsockopt proto callback
    08f61a349135 bpf: Remove extra lock_sock for TCP_ZEROCOPY_RECEIVE
    c62e2ac02e28 wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
    3ae910a375b6 wifi: wilc1000: fix for absent RSN capabilities WFA testcase
    795ef550307c spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    bd3e880dce27 samples/bpf: Fix buffer overflow in tcp_basertt
    250efb4d3f5b wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    0f3f41b47533 wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    cbd0f41a5362 igc: Enable and fix RX hash usage by netstack
    a14cb307267b pstore/ram: Add check for kstrdup
    628709a05708 ima: Fix build warnings
    16ec59c03ad2 evm: Complete description of evm_inode_setattr()
    cba85e1cb79f x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
    365f546de584 perf/ibs: Fix interface via core pmu events
    604d6a5ff718 rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
    d414e24d1509 rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
    ecc5e6dbc269 rcuscale: Move shutdown from wait_event() to wait_event_idle()
    b62c816bdb5e rcuscale: Always log error message
    8cd9917c13a7 rcuscale: Console output claims too few grace periods
    456f783b83f8 thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
    bacc49b2d561 cpufreq: intel_pstate: Fix energy_performance_preference for passive
    a8bfe527556b ARM: 9303/1: kprobes: avoid missing-declaration warnings
    a50b75c13d37 powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    23f6efd22644 perf/arm-cmn: Fix DTC reset
    b69868d50df4 PM: domains: fix integer overflow issues in genpd_parse_state()
    ebdff0986513 clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    a2f83a4c7cb5 tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    f1be1ed32daa posix-timers: Prevent RT livelock in itimer_delete()
    b315d57da456 irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    495cee0e1417 irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
    9d1cccdad080 md/raid10: fix io loss while replacement replace rdev
    2990e2ece18d md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    b1d8f38310bc md/raid10: fix wrong setting of max_corr_read_errors
    b3a0bc4a01fa md/raid10: fix overflow of md/safe_mode_delay
    39fa14e824ac md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    8563b58a4360 blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
    3db97cc79b82 x86/resctrl: Only show tasks' pid in current pid namespace
    1a82005f3f63 fs: pipe: reveal missing function protoypes
    f70407e8e027 nubus: Partially revert proc_create_single_data() conversion
    0336c8f07223 drm/amdgpu: Validate VM ioctl flags.
    c484b65f93e0 scripts/tags.sh: Resolve gtags empty index generation
    649104c834ba Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe"
    02a4c4e225f4 HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
    9598a647ecc8 HID: wacom: Use ktime_t rather than int when dealing with timestamps
    2bf70b88cc35 fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    5b813734a0d2 video: imsttfb: check for ioremap() failures
    02fbf62df99f can: isotp: isotp_sendmsg(): fix return error fix on TX path
    8667f7113107 x86/smp: Use dedicated cache-line for mwait_play_dead()
    1d0fe3fb5d4b media: atomisp: fix "variable dereferenced before check 'asd'"

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.10.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.10.bb            |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index 5feaa9811a..5b59ebac16 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "0a7d0eaa4e53eede45702dde31a3580e4cce0034"
-SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d"
+SRCREV_machine ?= "40d51460c17be51e4ebcdcc54a8ee8c86707c56c"
+SRCREV_meta ?= "9b0d4e338b1bbdd683347cf9365bacfec2169035"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.187"
+LINUX_VERSION ?= "5.10.188"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 1e401e2499..3a58a1a659 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.10.187"
+LINUX_VERSION ?= "5.10.188"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "54fe699b2a16739a9fb3905d3a6c6ff7475214ea"
-SRCREV_machine ?= "2fe6f9bdf89df6d468f7e2c7fc070993a11f029a"
-SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d"
+SRCREV_machine:qemuarm ?= "41daa5d20567419e303d0b684fd3c3c859446d24"
+SRCREV_machine ?= "085bed8577aa6435339ff83339e38dfd9e7994a6"
+SRCREV_meta ?= "9b0d4e338b1bbdd683347cf9365bacfec2169035"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 93eff2bd58..6807a6b2d8 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,23 +13,23 @@ KBRANCH:qemux86  ?= "v5.10/standard/base"
 KBRANCH:qemux86-64 ?= "v5.10/standard/base"
 KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "ca4bf25fb041f115ee9144acf175266e7d2c5495"
-SRCREV_machine:qemuarm64 ?= "7ef1d2f467aa45b98241421262e607ec080e0921"
-SRCREV_machine:qemumips ?= "f275b4829346d60d1cb600d4b8195eb6812361fd"
-SRCREV_machine:qemuppc ?= "af1960c76a2c940eee2e7b4c20e07c248b030b02"
-SRCREV_machine:qemuriscv64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
-SRCREV_machine:qemuriscv32 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
-SRCREV_machine:qemux86 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
-SRCREV_machine:qemux86-64 ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
-SRCREV_machine:qemumips64 ?= "2f630e9e4b3c809cf48d8e252477845c405195cc"
-SRCREV_machine ?= "c4d95d557212e22763382fd345d8c7efc92f825f"
-SRCREV_meta ?= "35a34e59a7c16f5f115ab371352ff2712c695d4d"
+SRCREV_machine:qemuarm ?= "66536572b0fe35ac0e5158d69d12641281ab93ef"
+SRCREV_machine:qemuarm64 ?= "00d0178dae976305eaecc7fc119da63930bcf07f"
+SRCREV_machine:qemumips ?= "8cc44bb4c536028438decbb5abf2d8b731898ec0"
+SRCREV_machine:qemuppc ?= "1f2a193c7f82e2f2c7eefc2fa35dce5b96cc3ba9"
+SRCREV_machine:qemuriscv64 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c"
+SRCREV_machine:qemuriscv32 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c"
+SRCREV_machine:qemux86 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c"
+SRCREV_machine:qemux86-64 ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c"
+SRCREV_machine:qemumips64 ?= "2fe172b06a5b6d8840c0c0226a1501b627b9e703"
+SRCREV_machine ?= "d3e6aa7bf695da482f46a6f5575dfd66bd48ba6c"
+SRCREV_meta ?= "9b0d4e338b1bbdd683347cf9365bacfec2169035"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.187"
+LINUX_VERSION ?= "5.10.188"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 12/16] linux-firmware: Fix mediatek mt7601u firmware path

[Steve Sakoman]

From: Marek Vasut <marex@denx.de>

The following linux-firmware commit moved the mt7601u firmware blob
into a mediatek/ subdirectory, update the path accordingly.
8451c2b1 ("mt76xx: Move the old Mediatek WiFi firmware to mediatek")

(From OE-Core rev: 6fa5c4967a7e70192e9233c92534f27ec3e394c8)

Fixes: 64603f602d ("linux-firmware: upgrade 20230404 -> 20230515")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
index 3470131294..d304b75c5f 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
@@ -417,7 +417,7 @@ LICENSE:${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware"
 
 FILES:${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware"
 FILES:${PN}-mt7601u = " \
-  ${nonarch_base_libdir}/firmware/mt7601u.bin \
+  ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \
 "
 
 RDEPENDS:${PN}-mt7601u += "${PN}-mt7601u-license"
-- 
2.34.1

[OE-core][kirkstone 13/16] npm.bbclass: avoid DeprecationWarning with new python

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

meta/classes-recipe/npm.bbclass:85: DeprecationWarning: invalid escape sequence '\.'
  '--transform', 's,^\./,package/,',

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 8379c7b988..45e6b4fac7 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -82,7 +82,7 @@ def npm_pack(env, srcdir, workdir):
     subprocess.run(['tar', 'czf', tarball,
                     '--exclude', './node-modules',
                     '--exclude-vcs',
-                    '--transform', 's,^\./,package/,',
+                    '--transform', r's,^\./,package/,',
                     '--mtime', '1985-10-26T08:15:00.000Z',
                     '.'],
                    check = True, cwd = srcdir)
-- 
2.34.1

[OE-core][kirkstone 14/16] scripts/rpm2cpio.sh: Use bzip2 instead of bunzip2

[Steve Sakoman]

From: Pavel Zhukov <pavel@zhukoff.net>

bzip2 is in HOSTTOOLS already and used in few other places already.
This fixes bin_package class for RPM packages without adding bunzip2 to
HOSTTOOLS.

Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit eb3ec7469fff857c819332371ad1d586f43c79c3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/rpm2cpio.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
index 7cd771bbe7..2034373fe4 100755
--- a/scripts/rpm2cpio.sh
+++ b/scripts/rpm2cpio.sh
@@ -47,7 +47,7 @@ calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
 hdrsize=$rsize
 
 case "$(_dd $offset bs=3 count=1)" in
-	"$(printf '\102\132')"*) _dd $offset | bunzip2 ;; # '\x42\x5a'
+	"$(printf '\102\132')"*) _dd $offset | bzip2 -d ;; # '\x42\x5a'
 	"$(printf '\037\213')"*) _dd $offset | gunzip  ;; # '\x1f\x8b'
 	"$(printf '\375\067')"*) _dd $offset | xzcat   ;; # '\xfd\x37'
 	"$(printf '\135\000')"*) _dd $offset | unlzma  ;; # '\x5d\x00'
-- 
2.34.1

[OE-core][kirkstone 15/16] rpm2cpio.sh: update to the last 4.x version

[Steve Sakoman]

From: Alberto Planas <aplanas@suse.com>

openSUSE RPMs are compressing the RPM payload using zstd, that
correspond to the magic ID 0x28, 0xb5, 0x2f.

This patch update the script to the last version from the rpm project,
and add support to this compression format, and extract the cpio payload
using the "unzstd" binary.

Signed-off-by: Alberto Planas <aplanas@suse.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3aba44a75dd565b192f7328f2a0150a313de3cc1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/rpm2cpio.sh | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/scripts/rpm2cpio.sh b/scripts/rpm2cpio.sh
index 2034373fe4..8199b43784 100755
--- a/scripts/rpm2cpio.sh
+++ b/scripts/rpm2cpio.sh
@@ -7,7 +7,7 @@ fatal() {
 }
 
 pkg="$1"
-[ -n "$pkg" -a -e "$pkg" ] ||
+[ -n "$pkg" ] && [ -e "$pkg" ] ||
 	fatal "No package supplied"
 
 _dd() {
@@ -16,14 +16,23 @@ _dd() {
 }
 
 calcsize() {
+
+	case "$(_dd $1 bs=4 count=1 | tr -d '\0')" in
+		"$(printf '\216\255\350')"*) ;; # '\x8e\xad\xe8'
+		*) fatal "File doesn't look like rpm: $pkg" ;;
+	esac
+
 	offset=$(($1 + 8))
 
 	local i b b0 b1 b2 b3 b4 b5 b6 b7
 
 	i=0
 	while [ $i -lt 8 ]; do
- 		b=$(_dd $(($offset + $i)) bs=1 count=1; echo X)
- 		b=${b%X}
+		# add . to not loose \n
+		# strip \0 as it gets dropped with warning otherwise
+		b="$(_dd $(($offset + $i)) bs=1 count=1 | tr -d '\0' ; echo .)"
+		b=${b%.}    # strip . again
+
 		[ -z "$b" ] &&
 			b="0" ||
 			b="$(exec printf '%u\n' "'$b")"
@@ -35,7 +44,7 @@ calcsize() {
 	offset=$(($offset + $rsize))
 }
 
-case "$(_dd 0 bs=8 count=1)" in
+case "$(_dd 0 bs=4 count=1 | tr -d '\0')" in
 	"$(printf '\355\253\356\333')"*) ;; # '\xed\xab\xee\xdb'
 	*) fatal "File doesn't look like rpm: $pkg" ;;
 esac
@@ -46,10 +55,11 @@ sigsize=$rsize
 calcsize $(($offset + (8 - ($sigsize % 8)) % 8))
 hdrsize=$rsize
 
-case "$(_dd $offset bs=3 count=1)" in
-	"$(printf '\102\132')"*) _dd $offset | bzip2 -d ;; # '\x42\x5a'
-	"$(printf '\037\213')"*) _dd $offset | gunzip  ;; # '\x1f\x8b'
-	"$(printf '\375\067')"*) _dd $offset | xzcat   ;; # '\xfd\x37'
-	"$(printf '\135\000')"*) _dd $offset | unlzma  ;; # '\x5d\x00'
-	*) fatal "Unrecognized rpm file: $pkg" ;;
+case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in
+	"$(printf '\102\132')") _dd $offset | bunzip2 ;; # '\x42\x5a'
+	"$(printf '\037\213')") _dd $offset | gunzip  ;; # '\x1f\x8b'
+	"$(printf '\375\067')") _dd $offset | xzcat   ;; # '\xfd\x37'
+	"$(printf '\135')") _dd $offset | unlzma      ;; # '\x5d\x00'
+	"$(printf '\050\265')") _dd $offset | unzstd  ;; # '\x28\xb5'
+	*) fatal "Unrecognized payload compression format in rpm file: $pkg" ;;
 esac
-- 
2.34.1

[OE-core][kirkstone 16/16] libxcrypt: update PV to match SRCREV

[Steve Sakoman]

From: Alexander Kanavin <alex.kanavin@gmail.com>

When SRCREV was updated, only libxcrypt-compat was renamed to match,
but not libxcrypt proper.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 98c89359532778a894f50ddea1cc6ab922d6e562)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb}        | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename meta/recipes-core/libxcrypt/{libxcrypt_4.4.30.bb => libxcrypt_4.4.33.bb} (100%)

diff --git a/meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb b/meta/recipes-core/libxcrypt/libxcrypt_4.4.33.bb
similarity index 100%
rename from meta/recipes-core/libxcrypt/libxcrypt_4.4.30.bb
rename to meta/recipes-core/libxcrypt/libxcrypt_4.4.33.bb
-- 
2.34.1

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, July 17

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2021

The following changes since commit a7cea8a5c91d26ba7c3f72448f0897f5c2f81fd1:

  linux-yocto/5.15: update to v5.15.186 (2025-07-08 09:05:09 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (4):
  openssl: fix CVE-2024-41996
  ofono: fix CVE-2023-4232
  ofono: fix CVE-2023-4235
  gdk-pixbuf: fix CVE-2025-7345

Chen Qi (2):
  coreutils: fix CVE-2025-5278
  sudo: upgrade from 1.9.15p2 to 1.9.15p5

Deepesh Varatharajan (1):
  bintuils: stable 2.38 branch update

Guocai He (1):
  tcf-agent: correct the SRC_URI

Hitendra Prajapati (1):
  libxml2: fix CVE-2025-49794 & CVE-2025-49796

Peter Marko (4):
  python3: update CVE product
  openssl: upgrade 3.0.16 -> 3.0.17
  ghostscript: ignore CVE-2025-46646
  iputils: patch CVE-2025-48964

Praveen Kumar (1):
  sudo: upgrade 1.9.15p5 -> 1.9.17p1

Ross Burton (1):
  oeqa/core/decorator: add decorators to skip based on HOST_ARCH

Steve Sakoman (1):
  Revert "coreutils: fix CVE-2025-5278"

 meta/lib/oeqa/core/decorator/data.py          |  24 +++
 .../ofono/ofono/CVE-2023-4232.patch           |  30 +++
 .../ofono/ofono/CVE-2023-4235.patch           |  37 ++++
 meta/recipes-connectivity/ofono/ofono_1.34.bb |   2 +
 .../openssl/openssl/CVE-2024-41996.patch      |  48 +++++
 .../{openssl_3.0.16.bb => openssl_3.0.17.bb}  |   3 +-
 .../coreutils/coreutils/CVE-2025-5278.patch   |  10 +-
 .../CVE-2025-49794-CVE-2025-49796.patch       | 181 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   1 +
 .../binutils/binutils-2.38.inc                |   2 +-
 .../python/python3_3.10.18.bb                 |   2 +-
 .../tcf-agent/tcf-agent_git.bb                |   2 +-
 .../ghostscript/ghostscript_9.55.0.bb         |   2 +
 .../iputils/iputils/CVE-2025-48964.patch      |  99 ++++++++++
 .../iputils/iputils_20211215.bb               |   1 +
 ...o.conf.in-fix-conflict-with-multilib.patch |   7 +-
 meta/recipes-extended/sudo/sudo.inc           |   2 +-
 .../{sudo_1.9.15p2.bb => sudo_1.9.17p1.bb}    |  54 +++++-
 .../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch |  55 ++++++
 .../gdk-pixbuf/gdk-pixbuf_2.42.10.bb          |   1 +
 20 files changed, 548 insertions(+), 15 deletions(-)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.16.bb => openssl_3.0.17.bb} (98%)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
 create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
 rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.17p1.bb} (52%)
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch

-- 
2.43.0

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, March 7

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1121

The following changes since commit 8ea258ad9c83be5d9548a796f7dda4ac820fc435:

  elfutils: Fix multiple CVEs (2025-02-28 07:18:33 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Johannes Kauffmann (1):
  mesa: Fix missing GLES3 headers in SDK sysroot

Peter Marko (1):
  libxml2: mark patch as fixing CVE-2025-27113

Vijay Anusuri (14):
  xwayland: Fix CVE-2024-21885
  xwayland: Fix CVE-2024-21886
  xwayland: Fix CVE-2024-31080
  xwayland: Fix CVE-2024-31081
  xwayland: Fix CVE-2024-31083
  xwayland: Fix CVE-2024-9632
  xwayland: Fix CVE-2025-26594
  xwayland: Fix CVE-2025-26595
  xwayland: Fix CVE-2025-26596
  xwayland: Fix CVE-2025-26597
  xwayland: Fix CVE-2025-26598
  xwayland: Fix CVE-2025-26599
  xwayland: Fix CVE-2025-26600
  xwayland: Fix CVE-2025-26601

 ...-child-axis.patch => CVE-2025-27113.patch} |   1 +
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   2 +-
 meta/recipes-graphics/mesa/mesa.inc           |   5 +
 .../xwayland/xwayland/CVE-2024-21885.patch    | 113 +++++++++++++++
 .../xwayland/xwayland/CVE-2024-21886-1.patch  |  74 ++++++++++
 .../xwayland/xwayland/CVE-2024-21886-2.patch  |  57 ++++++++
 .../xwayland/xwayland/CVE-2024-31080.patch    |  49 +++++++
 .../xwayland/xwayland/CVE-2024-31081.patch    |  47 +++++++
 .../xwayland/CVE-2024-31083-0001.patch        | 118 ++++++++++++++++
 .../xwayland/CVE-2024-31083-0002.patch        |  77 ++++++++++
 .../xwayland/xwayland/CVE-2024-9632.patch     |  59 ++++++++
 .../xwayland/xwayland/CVE-2025-26594-1.patch  |  54 +++++++
 .../xwayland/xwayland/CVE-2025-26594-2.patch  |  51 +++++++
 .../xwayland/xwayland/CVE-2025-26595.patch    |  65 +++++++++
 .../xwayland/xwayland/CVE-2025-26596.patch    |  49 +++++++
 .../xwayland/xwayland/CVE-2025-26597.patch    |  46 ++++++
 .../xwayland/xwayland/CVE-2025-26598.patch    | 120 ++++++++++++++++
 .../xwayland/xwayland/CVE-2025-26599-1.patch  |  66 +++++++++
 .../xwayland/xwayland/CVE-2025-26599-2.patch  | 129 +++++++++++++++++
 .../xwayland/xwayland/CVE-2025-26600.patch    |  68 +++++++++
 .../xwayland/xwayland/CVE-2025-26601-1.patch  |  71 ++++++++++
 .../xwayland/xwayland/CVE-2025-26601-2.patch  |  85 +++++++++++
 .../xwayland/xwayland/CVE-2025-26601-3.patch  |  52 +++++++
 .../xwayland/xwayland/CVE-2025-26601-4.patch  | 132 ++++++++++++++++++
 .../xwayland/xwayland_22.1.8.bb               |  21 +++
 25 files changed, 1610 insertions(+), 1 deletion(-)
 rename meta/recipes-core/libxml/libxml2/{0001-pattern-Fix-compilation-of-explicit-child-axis.patch => CVE-2025-27113.patch} (98%)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21885.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21886-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-21886-2.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31080.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31081.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31083-0001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-31083-0002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-9632.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26594-2.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26595.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26596.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26597.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26598.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26599-2.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26600.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-2.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-3.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-26601-4.patch

-- 
2.43.0

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, January 22

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/842

The following changes since commit 8c32d91b64ae296d7832ddeb42983f4f3c237946:

  ofono: fix CVE-2024-7547 (2025-01-14 05:49:41 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.23

Alexander Kanavin (1):
  rsync: update 3.2.5 -> 3.2.7

Archana Polampalli (6):
  rsync: fix CVE-2024-12084
  rsync: fix CVE-2024-12085
  rsync: fix CVE-2024-12086
  rsync: fix CVE-2024-12087
  rsync: fix CVE-2024-12088
  rsync: fix CVE-2024-12747

Divya Chellam (1):
  wget: fix CVE-2024-10524

Khem Raj (1):
  rsync: Delete pedantic errors re-ordering patch

Peter Marko (2):
  socat: patch CVE-2024-54661
  ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542

Ross Burton (2):
  classes/nativesdk: also override TUNE_PKGARCH
  classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package
    architecture

Zhang Peng (2):
  avahi: fix CVE-2024-52616
  vte: fix CVE-2024-37535

 meta/classes/nativesdk.bbclass                |   1 +
 meta/classes/qemu.bbclass                     |   8 +-
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   1 +
 .../avahi/files/CVE-2024-52616.patch          | 104 +++++++++
 ...024-7540_CVE-2024-7541_CVE-2024-7542.patch |  52 +++++
 meta/recipes-connectivity/ofono/ofono_1.34.bb |   1 +
 .../socat/socat/CVE-2024-54661.patch          | 113 ++++++++++
 .../socat/socat_1.7.4.4.bb                    |   4 +-
 meta/recipes-devtools/gcc/gcc-testsuite.inc   |   6 +-
 ...-prototypes-to-function-declarations.patch |  28 ++-
 ...antic-errors-at-the-end-of-configure.patch |  68 ------
 .../rsync/files/CVE-2024-12084-0001.patch     | 156 ++++++++++++++
 .../rsync/files/CVE-2024-12084-0002.patch     |  43 ++++
 .../rsync/files/CVE-2024-12085.patch          |  32 +++
 .../rsync/files/CVE-2024-12086-0001.patch     |  42 ++++
 .../rsync/files/CVE-2024-12086-0002.patch     | 108 ++++++++++
 .../rsync/files/CVE-2024-12086-0003.patch     | 108 ++++++++++
 .../rsync/files/CVE-2024-12086-0004.patch     |  41 ++++
 .../rsync/files/CVE-2024-12087-0001.patch     |  49 +++++
 .../rsync/files/CVE-2024-12087-0002.patch     |  31 +++
 .../rsync/files/CVE-2024-12087-0003.patch     |  40 ++++
 .../rsync/files/CVE-2024-12088.patch          | 141 +++++++++++++
 .../rsync/files/CVE-2024-12747.patch          | 192 +++++++++++++++++
 .../rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb}  |  15 +-
 .../wget/wget/CVE-2024-10524.patch            | 197 ++++++++++++++++++
 meta/recipes-extended/wget/wget_1.21.4.bb     |   1 +
 .../vte/vte/CVE-2024-37535-0001.patch         |  63 ++++++
 .../vte/vte/CVE-2024-37535-0002.patch         |  85 ++++++++
 meta/recipes-support/vte/vte_0.66.2.bb        |   9 +-
 scripts/install-buildtools                    |   4 +-
 30 files changed, 1645 insertions(+), 98 deletions(-)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
 create mode 100644 meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch
 delete mode 100644 meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12747.patch
 rename meta/recipes-devtools/rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} (81%)
 create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch
 create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch
 create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch

-- 
2.43.0

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, October 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7370

The following changes since commit ff720f337e40761c7d4d544c963cf518ad5403ad:

  lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex (2024-09-21 06:18:58 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (3):
  install-buildtools: remove md5 checksum validation
  install-buildtools: fix "test installation" step
  scripts/install-buildtools: Update to 4.0.21

Deepthi Hemraj (3):
  gcc: upgrade to v11.5
  glibc: stable 2.35 branch updates
  bintuils: stable 2.38 branch update

Jinfeng Wang (1):
  procps: patch CVE-2023-4016

Martin Jansa (1):
  populate_sdk_base: inherit nopackages

Mingli Yu (1):
  curl: free old conn better on reuse

Paul Eggleton (1):
  install-buildtools: support buildtools-make-tarball and update to 4.1

Peter Marko (4):
  gnupg: Document CVE-2022-3219 and mark wontfix
  wpa-supplicant: Ignore CVE-2024-5290
  wpa-supplicant: Patch CVE-2024-3596
  wpa-supplicant: Patch security advisory 2024-2

Purushottam Choudhary (1):
  kmscube: Add patch to fix -int-conversion build error

Vijay Anusuri (1):
  curl: backport Debian patch for CVE-2024-8096

 meta/classes/populate_sdk_base.bbclass        |    2 +-
 meta/conf/distro/include/maintainers.inc      |    2 +-
 ...valid-Rejected-Groups-element-length.patch |   52 +
 ...valid-Rejected-Groups-element-length.patch |   50 +
 ...id-Rejected-Groups-element-in-the-pa.patch |   38 +
 .../wpa-supplicant/CVE-2024-3596_00.patch     |   82 +
 .../wpa-supplicant/CVE-2024-3596_01.patch     |  165 +
 .../wpa-supplicant/CVE-2024-3596_02.patch     |   62 +
 .../wpa-supplicant/CVE-2024-3596_03.patch     |   37 +
 .../wpa-supplicant/CVE-2024-3596_04.patch     |   52 +
 .../wpa-supplicant/CVE-2024-3596_05.patch     |   51 +
 .../wpa-supplicant/CVE-2024-3596_06.patch     |   46 +
 .../wpa-supplicant/CVE-2024-3596_07.patch     |   67 +
 .../wpa-supplicant/CVE-2024-3596_08.patch     |   47 +
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   15 +
 meta/recipes-core/glibc/glibc-version.inc     |    2 +-
 .../binutils/binutils-2.38.inc                |    2 +-
 .../gcc/{gcc-11.4.inc => gcc-11.5.inc}        |    8 +-
 ...ian_11.4.bb => gcc-cross-canadian_11.5.bb} |    0
 .../{gcc-cross_11.4.bb => gcc-cross_11.5.bb}  |    0
 ...-crosssdk_11.4.bb => gcc-crosssdk_11.5.bb} |    0
 ...cc-runtime_11.4.bb => gcc-runtime_11.5.bb} |    0
 ...itizers_11.4.bb => gcc-sanitizers_11.5.bb} |    0
 ...{gcc-source_11.4.bb => gcc-source_11.5.bb} |    0
 ...rch64-Update-Neoverse-N2-core-defini.patch |   38 -
 .../gcc/gcc/CVE-2023-4039.patch               | 2893 -----------------
 .../gcc/{gcc_11.4.bb => gcc_11.5.bb}          |    0
 ...initial_11.4.bb => libgcc-initial_11.5.bb} |    0
 .../gcc/{libgcc_11.4.bb => libgcc_11.5.bb}    |    0
 ...ibgfortran_11.4.bb => libgfortran_11.5.bb} |    0
 .../procps/procps/CVE-2023-4016-2.patch       |   60 +
 meta/recipes-extended/procps/procps_3.3.17.bb |    3 +-
 ...001-common-fix-cast-type-in-init_egl.patch |   34 +
 meta/recipes-graphics/kmscube/kmscube_git.bb  |    6 +-
 ...01-url-free-old-conn-better-on-reuse.patch |   95 +
 .../curl/curl/CVE-2024-8096.patch             |  210 ++
 meta/recipes-support/curl/curl_7.82.0.bb      |    2 +
 meta/recipes-support/gnupg/gnupg_2.3.7.bb     |    2 +
 scripts/install-buildtools                    |   63 +-
 39 files changed, 1219 insertions(+), 2967 deletions(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
 rename meta/recipes-devtools/gcc/{gcc-11.4.inc => gcc-11.5.inc} (95%)
 rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.4.bb => gcc-cross-canadian_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-cross_11.4.bb => gcc-cross_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.4.bb => gcc-crosssdk_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-runtime_11.4.bb => gcc-runtime_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.4.bb => gcc-sanitizers_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-source_11.4.bb => gcc-source_11.5.bb} (100%)
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2023-4039.patch
 rename meta/recipes-devtools/gcc/{gcc_11.4.bb => gcc_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc-initial_11.4.bb => libgcc-initial_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc_11.4.bb => libgcc_11.5.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgfortran_11.4.bb => libgfortran_11.5.bb} (100%)
 create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016-2.patch
 create mode 100644 meta/recipes-graphics/kmscube/kmscube/0001-common-fix-cast-type-in-init_egl.patch
 create mode 100644 meta/recipes-support/curl/curl/0001-url-free-old-conn-better-on-reuse.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-8096.patch

-- 
2.34.1

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 29

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6616

The following changes since commit 5103ce67741782e43612f495bcc851c6509b734b:

  runqemu: direct mesa to use its own drivers, rather than ones provided by host distro (2024-02-25 05:51:38 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Adrian Freihofer (8):
  oeqa: replace deprecated assertEquals
  oeqa/selftest/recipetool: fix for python 3.12
  oeqa/selftest/recipetool: expect meson.bb
  oeqa/selftest/oelib/buildhistory: git default branch
  feature-microblaze-versions.inc: python 3.12 regex
  meta/lib/oeqa: python 3.12 regex
  meta/recipes: python 3.12 regex
  scripts: python 3.12 regex

Bruce Ashfield (2):
  kernel: fix localversion in v6.3+
  kernel: make LOCALVERSION consistent between recipes

Chris Laplante (1):
  recipetool/create_buildsys_python: use importlib instead of imp

Ming Liu (1):
  kernel.bbclass: introduce KERNEL_LOCALVERSION

Ross Burton (3):
  populate_sdk_ext: use ConfigParser instead of SafeConfigParser
  runqemu: add qmp socket support
  oeqa/selftest/recipetool: downgrade meson version to not use
    pyproject.toml

Trevor Gamblin (1):
  scripts/runqemu: fix regex escape sequences

 meta/classes/kernel-arch.bbclass              |  1 -
 meta/classes/kernel.bbclass                   | 24 +++++++++++-
 meta/classes/kernelsrc.bbclass                |  1 +
 meta/classes/linux-kernel-base.bbclass        | 11 ++++++
 meta/classes/module-base.bbclass              |  1 +
 meta/classes/populate_sdk_ext.bbclass         |  2 +-
 meta/conf/documentation.conf                  |  1 +
 .../feature-microblaze-versions.inc           |  2 +-
 meta/lib/oeqa/oetest.py                       |  2 +-
 meta/lib/oeqa/sdk/buildtools-cases/sanity.py  |  2 +-
 meta/lib/oeqa/selftest/cases/bblayers.py      |  2 +-
 meta/lib/oeqa/selftest/cases/devtool.py       |  2 +-
 meta/lib/oeqa/selftest/cases/fitimage.py      |  6 +--
 meta/lib/oeqa/selftest/cases/liboe.py         |  2 +-
 .../oeqa/selftest/cases/oelib/buildhistory.py | 18 +++++++--
 meta/lib/oeqa/selftest/cases/recipetool.py    | 19 ++++++----
 .../make-mod-scripts/make-mod-scripts_1.0.bb  |  3 ++
 .../perf/perf/sort-pmuevents.py               |  8 ++--
 meta/recipes-rt/rt-tests/files/rt_bmark.py    |  2 +-
 scripts/combo-layer                           |  2 +-
 scripts/contrib/bbvars.py                     |  6 +--
 scripts/contrib/convert-overrides.py          |  8 ++--
 scripts/lib/checklayer/__init__.py            |  4 +-
 scripts/lib/recipetool/create.py              | 12 +++---
 scripts/lib/recipetool/create_buildsys.py     | 38 +++++++++----------
 .../lib/recipetool/create_buildsys_python.py  |  5 +--
 scripts/oe-check-sstate                       |  2 +-
 scripts/oe-pkgdata-util                       |  2 +-
 scripts/opkg-query-helper.py                  |  2 +-
 scripts/runqemu                               | 19 ++++++++--
 30 files changed, 134 insertions(+), 75 deletions(-)

-- 
2.34.1

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6227

The following changes since commit 4bb6373e5f4a1330a063d1afe855d6c24d5461e7:

  python3-jinja2: Fixed ptest result output as per the standard (2023-11-08 04:10:02 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Chaitanya Vadrevu (1):
  go: Fix issue in DNS resolver

Deepthi Hemraj (2):
  binutils: Fix CVE-2022-47007
  binutils: Fix CVE-2022-48064

Lee Chee Yang (1):
  ghostscript: ignore GhostPCL CVE-2023-38560

Meenali Gupta (5):
  avahi: fix CVE-2023-38471
  avahi: fix CVE-2023-38470
  avahi: fix CVE-2023-38469
  avahi: fix CVE-2023-38472
  avahi: fix CVE-2023-38473

Niranjan Pradhan (1):
  qemu 6.2.0: Fix CVE-2023-1544

Peter Marko (2):
  go: ignore CVE-2023-45283 and CVE-2023-45284
  goarch: Move Go architecture mapping to a library

Soumya Sambu (1):
  sudo: upgrade 1.9.13p3 -> 1.9.15p2

Vijay Anusuri (1):
  tiff: Backport fix for CVE-2023-41175

Wenlin Kang (1):
  libxcrypt: fixed some build error for nativesdk with mingw

Yogita Urade (1):
  grub: fix CVE-2023-4692

 meta/classes/base.bbclass                     |   2 +-
 meta/classes/goarch.bbclass                   |  27 +----
 meta/lib/oe/go.py                             |  32 ++++++
 .../grub/files/CVE-2023-4692.patch            |  97 ++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   5 +
 .../avahi/files/CVE-2023-38469.patch          |  47 ++++++++
 .../avahi/files/CVE-2023-38470.patch          |  59 ++++++++++
 .../avahi/files/CVE-2023-38471.patch          |  73 ++++++++++++
 .../avahi/files/CVE-2023-38472.patch          |  46 ++++++++
 .../avahi/files/CVE-2023-38473.patch          | 108 ++++++++++++++++++
 .../0001-Fix-for-compilation-on-Windows.patch |  37 ++++++
 ...dom-bytes.c-fixed-conversion-error-w.patch |  47 ++++++++
 meta/recipes-core/libxcrypt/libxcrypt.inc     |   4 +
 .../binutils/binutils-2.38.inc                |   2 +
 .../binutils/0033-CVE-2022-47007.patch        |  34 ++++++
 .../binutils/0034-CVE-2022-48064.patch        |  57 +++++++++
 meta/recipes-devtools/go/go-1.17.13.inc       |   5 +-
 ...Fix-issue-with-DNS-not-being-updated.patch |  51 +++++++++
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2023-1544.patch             |  70 ++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |   3 +
 ...me.c-correctly-include-header-for-ou.patch |  25 ----
 meta/recipes-extended/sudo/sudo.inc           |   5 +-
 .../{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb}    |   3 +-
 .../libtiff/tiff/CVE-2023-41175.patch         |  69 +++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 27 files changed, 854 insertions(+), 57 deletions(-)
 create mode 100644 meta/lib/oe/go.py
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38472.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38473.patch
 create mode 100644 meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch
 create mode 100644 meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
 create mode 100644 meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-1544.patch
 delete mode 100644 meta/recipes-extended/sudo/files/0001-lib-util-mksigname.c-correctly-include-header-for-ou.patch
 rename meta/recipes-extended/sudo/{sudo_1.9.13p3.bb => sudo_1.9.15p2.bb} (92%)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-41175.patch

-- 
2.34.1

[OE-core][kirkstone 00/16] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4220

The following changes since commit bfce90b1260d07f01a8dc2998c9e63ca36d4ebbe:

  npm: use npm_registry to cache package (2022-09-06 07:10:59 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alejandro Hernandez Samaniego (1):
  rootfs.py: dont try to list installed packages for baremetal images

Alexandre Belloni (2):
  ruby: drop capstone support
  runqemu: display host uptime when starting

Joshua Watt (1):
  oeqa: qemurunner: Report UNIX Epoch timestamp on login

Khem Raj (2):
  autoconf: Fix strict prototype errors in generated tests
  autoconf: Update K & R stype functions

Kristian Amlie (1):
  externalsrc: Don't wipe out src dir when EXPORT_FUNCTIONS is used.

Martin Jansa (1):
  libxml2: Port gentest.py to Python-3

Pavel Zhukov (1):
  core-image.bbclass: Exclude openssh complementary packages

Peter Bergin (1):
  rootfs-postcommands.bbclass: avoid moving ssh host keys if etc is
    writable

Peter Kjellerstedt (1):
  cairo: Adapt the license information based on what is being built

Richard Purdie (3):
  gcc-multilib-config: Fix i686 toolchain relocation issues
  kernel: Always set CC and LD for the kernel build
  kernel: Use consistent make flags for menuconfig

wangmy (2):
  cracklib: upgrade 2.9.7 -> 2.9.8
  vala: upgrade 0.56.2 -> 0.56.3

 meta/classes/core-image.bbclass               |   4 +
 meta/classes/externalsrc.bbclass              |   8 +-
 meta/classes/kernel.bbclass                   |  16 +-
 meta/classes/rootfs-postcommands.bbclass      |  30 +-
 meta/lib/oe/rootfs.py                         |   4 +
 meta/lib/oeqa/utils/qemurunner.py             |   4 +-
 .../0001-Port-gentest.py-to-Python-3.patch    | 814 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |  11 +
 ...ilers-that-moan-about-K-R-func-decls.patch | 138 +++
 .../autoconf/autoconf_2.71.bb                 |   1 +
 .../gcc/gcc-multilib-config.inc               |   2 +-
 ...001-Remove-dependency-on-libcapstone.patch |  36 +
 meta/recipes-devtools/ruby/ruby_3.1.2.bb      |   2 +-
 meta/recipes-devtools/vala/vala_0.56.2.bb     |   3 -
 meta/recipes-devtools/vala/vala_0.56.3.bb     |   3 +
 ...01-rules-Drop-using-register-keyword.patch | 278 ------
 ...rrect-parameter-types-to-Debug-calls.patch |  40 -
 .../{cracklib_2.9.7.bb => cracklib_2.9.8.bb}  |   4 +-
 meta/recipes-graphics/cairo/cairo_1.16.0.bb   |   6 +-
 scripts/runqemu                               |   6 +
 20 files changed, 1058 insertions(+), 352 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch
 create mode 100644 meta/recipes-devtools/autoconf/autoconf/0001-Port-to-compilers-that-moan-about-K-R-func-decls.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
 delete mode 100644 meta/recipes-devtools/vala/vala_0.56.2.bb
 create mode 100644 meta/recipes-devtools/vala/vala_0.56.3.bb
 delete mode 100644 meta/recipes-extended/cracklib/cracklib/0001-rules-Drop-using-register-keyword.patch
 delete mode 100644 meta/recipes-extended/cracklib/cracklib/0002-rules-Correct-parameter-types-to-Debug-calls.patch
 rename meta/recipes-extended/cracklib/{cracklib_2.9.7.bb => cracklib_2.9.8.bb} (83%)

-- 
2.25.1