[OE-core][dunfell 00/14] Patch review

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1464

The following changes since commit 552739383321bd9b4780bd0026d6107ece530522:

  perl: fix ptest test count (2020-10-05 04:29:40 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (4):
  linux-yocto/5.4: fix kprobes build warning
  linux-yocto/5.4: update to v5.4.67
  linux-yocto/5.4: update to v5.4.68
  linux-yocto/5.4: update to v5.4.69

Joshua Watt (1):
  classes/sanity: Bump minimum python version to 3.5

Marek Vasut (4):
  lttng-modules: update to 2.11.6
  lttng-tools: update to 2.11.5
  lttng-ust: update to 2.11.1
  stress-ng: Upgrade 0.11.01 -> 0.11.17

Richard Purdie (2):
  glibc: do_stash_locale must not delete files from ${D}
  libtools-cross/shadow-sysroot: Use nopackages inherit

Steve Sakoman (1):
  Revert "lttng-modules: backport writeback.h changes from 2.12.x to fix
    kernel 5.4.62+"

Victor Kamensky (2):
  qemu: add 34Kf-64tlb fictitious cpu type
  qemumips: use 34Kf-64tlb CPU emulation

 meta/classes/sanity.bbclass                   |   4 +-
 meta/conf/machine/qemumips.conf               |   2 +-
 meta/recipes-core/glibc/glibc-package.inc     |   1 -
 .../libtool/libtool-cross_2.4.6.bb            |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 ...tlb-fictitious-cpu-type-like-34Kf-bu.patch | 118 ++++++++++++++++
 .../shadow/shadow-sysroot_4.6.bb              |   2 +
 ...ownership-when-installing-example-jo.patch |   2 +-
 ...ess-ng_0.11.01.bb => stress-ng_0.11.17.bb} |   4 +-
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +--
 ...ckport-writeback.h-changes-from-2.12.patch | 128 ------------------
 ...ules_2.11.2.bb => lttng-modules_2.11.6.bb} |  11 +-
 ...-tools_2.11.2.bb => lttng-tools_2.11.5.bb} |   4 +-
 ...ttng-ust_2.11.1.bb => lttng-ust_2.11.2.bb} |   4 +-
 16 files changed, 156 insertions(+), 163 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/0001-mips-add-34Kf-64tlb-fictitious-cpu-type-like-34Kf-bu.patch
 rename meta/recipes-extended/stress-ng/{stress-ng_0.11.01.bb => stress-ng_0.11.17.bb} (83%)
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-lttng-modules-backport-writeback.h-changes-from-2.12.patch
 rename meta/recipes-kernel/lttng/{lttng-modules_2.11.2.bb => lttng-modules_2.11.6.bb} (81%)
 rename meta/recipes-kernel/lttng/{lttng-tools_2.11.2.bb => lttng-tools_2.11.5.bb} (98%)
 rename meta/recipes-kernel/lttng/{lttng-ust_2.11.1.bb => lttng-ust_2.11.2.bb} (93%)

-- 
2.17.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1501

The following changes since commit 3ee9590f96cb50e93864db768b254773e2ff9465:

  uninative: Fix typo in error message (2020-10-19 04:27:15 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  selftest/virgl: drop the custom 30 sec timeout

Changqing Li (1):
  toolchain-shar-extract.sh: don't print useless info

Khem Raj (1):
  packagegroup-core-tools-debug: Disable for rv32/glibc as well

Lee Chee Yang (3):
  libproxy: fix CVE-2020-25219
  python3: fix CVE-2020-26116
  grub2: fix CVE-2020-10713

Martin Jansa (7):
  arch-armv7a.inc: fix typo
  arch-mips.inc: remove duplicated mips64el-o32 from
    PACKAGE_EXTRA_ARCHS_tune-mips64el-o32
  tune-mips64r6.inc: fix typo in mipsisa64r6-nf
  tune-ep9312.inc: add t suffix for thumb to
    PACKAGE_EXTRA_ARCHS_tune-ep9312
  tune-riscv.inc: use nf suffix also for TUNE_PKGARCH
  siteinfo: Recognize 32bit PPC LE
  siteinfo: Recognize bigendian sh3be and sh4be

Victor Kamensky (1):
  qemu: change TLBs number to 64 in 34Kf mips cpu model

 meta-selftest/lib/oeqa/runtime/cases/virgl.py |   2 +-
 meta/classes/siteinfo.bbclass                 |   5 +
 meta/conf/machine/include/arm/arch-armv7a.inc |   2 +-
 meta/conf/machine/include/mips/arch-mips.inc  |   2 +-
 .../conf/machine/include/riscv/tune-riscv.inc |   4 +-
 meta/conf/machine/include/tune-ep9312.inc     |   3 +-
 meta/conf/machine/include/tune-mips64r6.inc   |   2 +-
 meta/files/toolchain-shar-extract.sh          |   2 +-
 .../grub/files/CVE-2020-10713.patch           |  73 ++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 .../packagegroup-core-tools-debug.bb          |   2 +-
 .../python/python3/CVE-2020-26116.patch       | 104 ++++++++++++++++++
 meta/recipes-devtools/python/python3_3.8.2.bb |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 ...ease-number-of-TLB-entries-on-the-34.patch |  59 ++++++++++
 .../libproxy/libproxy/CVE-2020-25219.patch    |  61 ++++++++++
 .../libproxy/libproxy_0.4.15.bb               |   1 +
 17 files changed, 315 insertions(+), 10 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-10713.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch
 create mode 100644 meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch

-- 
2.17.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2291

The following changes since commit ac8181d9b9ad8360f7dba03aba8b00f008c6ebb4:

  Revert "python3: fix CVE-2021-23336" (2021-06-19 13:11:58 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Jasper Orschulko (3):
  expat: fix CVE-2013-0340
  libxml2: Fix CVE-2021-3518
  libx11: Fix CVE-2021-31535

Michael Halstead (1):
  uninative: Upgrade to 3.2 (gcc11 support)

Tim Orling (10):
  python3: upgrade 3.8.2 -> 3.8.3
  python3: upgrade 3.8.3 -> 3.8.4
  python3: upgrade 3.8.4 -> 3.8.5
  python3: upgrade 3.8.5 -> 3.8.6
  python3: upgrade 3.8.6 -> 3.8.7
  python3: upgrade 3.8.7 -> 3.8.8
  powertop: fix aclocal error too many loops
  python3: upgrade 3.8.8 -> 3.8.9
  python3: upgrade 3.8.9 -> 3.8.10
  python3-ptest: add newly discovered missing rdeps

 meta/conf/distro/include/yocto-uninative.inc  |    8 +-
 .../expat/expat/CVE-2013-0340.patch           | 1758 +++++++++++++++++
 .../expat/expat/libtool-tag.patch             |   41 +-
 meta/recipes-core/expat/expat_2.2.9.bb        |   12 +-
 .../libxml/libxml2/CVE-2021-3518.patch        |  112 ++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |    1 +
 ...20-8492-Fix-AbstractBasicAuthHandler.patch |  248 ---
 ...le.py-correct-the-test-output-format.patch |   24 +-
 .../python/python3/CVE-2019-20907.patch       |   44 -
 .../python/python3/CVE-2020-14422.patch       |   77 -
 .../python/python3/CVE-2020-26116.patch       |  104 -
 .../python/python3/CVE-2020-27619.patch       |   70 -
 .../python/python3/CVE-2021-3177.patch        |  191 --
 .../{python3_3.8.2.bb => python3_3.8.10.bb}   |   19 +-
 .../xorg-lib/libx11/CVE-2021-31535.patch      |  333 ++++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |    1 +
 ...2-configure.ac-ax_add_fortify_source.patch |   70 +
 ...003-configure-Use-AX_REQUIRE_DEFINED.patch |   29 +
 meta/recipes-kernel/powertop/powertop_2.10.bb |    8 +-
 19 files changed, 2357 insertions(+), 793 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2013-0340.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3518.patch
 delete mode 100644 meta/recipes-devtools/python/python3/0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2019-20907.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-14422.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-26116.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2020-27619.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2021-3177.patch
 rename meta/recipes-devtools/python/{python3_3.8.2.bb => python3_3.8.10.bb} (95%)
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2021-31535.patch
 create mode 100644 meta/recipes-kernel/powertop/powertop/0002-configure.ac-ax_add_fortify_source.patch
 create mode 100644 meta/recipes-kernel/powertop/powertop/0003-configure-Use-AX_REQUIRE_DEFINED.patch

-- 
2.25.1

Re: [OE-core] [dunfell 00/14] Patch review

[Steve Sakoman]

On Mon, Jun 28, 2021 at 2:13 PM Minjae Kim <flowergom@gmail.com> wrote:

> How about this patch? I already tested on qemux86-64.
> https://lists.openembedded.org/g/openembedded-core/message/153284
> Do I need more testing?

It will be in the next set of patches.  I haven't seen any issues on
the autobuilder.

Steve

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Friday.

The following changes since commit 38fc0807eea14dc12610da4ba73c082d5a4b0744:

  meta/scripts: Manual git url branch additions (2021-11-03 08:43:53 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Jose Quaresma (1):
  sstate: another fix for touching files inside pseudo

Joshua Watt (1):
  oeqa: reproducible: Fix test not producing diffs

Khem Raj (1):
  webkitgtk: Fix reproducibility in minibrowser

Marek Vasut (1):
  piglit: upgrade to latest revision

Mark Hatle (1):
  reproducible_build: Remove BUILD_REPRODUCIBLE_BINARIES checking

Mingli Yu (1):
  python3-magic: add the missing rdepends

Richard Purdie (6):
  linunistring: Add missing gperf-native dependency
  pseudo: Add in ability to flush database with shutdown request
  pseudo: Add fcntl64 wrapper
  mirrors: Add uninative mirror on kernel.org
  sstate: Ensure SDE is accounted for in package task timestamps
  sstate: Avoid deploy_source_date_epoch sstate when unneeded

Steve Sakoman (2):
  python3-magic: add missing DEPENDS
  selftest/reproducible: add webkitgtk back to exclusion list for
    dunfell

 meta/classes/mirrors.bbclass                  |  1 +
 meta/classes/reproducible_build.bbclass       | 53 ++++++++++++-------
 meta/classes/sstate.bbclass                   | 34 +++++++++---
 .../oeqa/selftest/cases/diffoscope/A/file.txt |  1 +
 .../oeqa/selftest/cases/diffoscope/B/file.txt |  1 +
 meta/lib/oeqa/selftest/cases/reproducible.py  | 29 +++++++++-
 meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
 .../python/python3-magic_0.4.15.bb            |  7 ++-
 ...ssing-include-for-htobe32-definition.patch | 27 ++++++++++
 ...file.py-make-test-lists-reproducible.patch | 31 +++++++++++
 ...gen_tcs-tes_input_tests.py-do-not-ha.patch | 44 +++++++++++++++
 ...lizer.py-make-.gz-files-reproducible.patch | 30 +++++++++++
 ...sort-the-file-list-before-working-on.patch | 28 ++++++++++
 ...t-shader.c-do-not-hardcode-build-pat.patch | 30 +++++++++++
 meta/recipes-graphics/piglit/piglit_git.bb    | 12 ++++-
 .../0001-MiniBrowser-Fix-reproduciblity.patch | 31 +++++++++++
 meta/recipes-sato/webkit/webkitgtk_2.28.4.bb  |  1 +
 .../libunistring/libunistring_0.9.10.bb       |  1 +
 18 files changed, 333 insertions(+), 30 deletions(-)
 create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt
 create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt
 create mode 100644 meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch
 create mode 100644 meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch
 create mode 100644 meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch
 create mode 100644 meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch
 create mode 100644 meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch
 create mode 100644 meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch

-- 
2.25.1

Re: [OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

On Wed, Nov 10, 2021 at 6:08 PM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> Please review this set of patches for dunfell and have comments back by end
> of day Friday.

I forgot to add:

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2910

>
> The following changes since commit 38fc0807eea14dc12610da4ba73c082d5a4b0744:
>
>   meta/scripts: Manual git url branch additions (2021-11-03 08:43:53 -1000)
>
> are available in the Git repository at:
>
>   git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
>   http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
>
> Jose Quaresma (1):
>   sstate: another fix for touching files inside pseudo
>
> Joshua Watt (1):
>   oeqa: reproducible: Fix test not producing diffs
>
> Khem Raj (1):
>   webkitgtk: Fix reproducibility in minibrowser
>
> Marek Vasut (1):
>   piglit: upgrade to latest revision
>
> Mark Hatle (1):
>   reproducible_build: Remove BUILD_REPRODUCIBLE_BINARIES checking
>
> Mingli Yu (1):
>   python3-magic: add the missing rdepends
>
> Richard Purdie (6):
>   linunistring: Add missing gperf-native dependency
>   pseudo: Add in ability to flush database with shutdown request
>   pseudo: Add fcntl64 wrapper
>   mirrors: Add uninative mirror on kernel.org
>   sstate: Ensure SDE is accounted for in package task timestamps
>   sstate: Avoid deploy_source_date_epoch sstate when unneeded
>
> Steve Sakoman (2):
>   python3-magic: add missing DEPENDS
>   selftest/reproducible: add webkitgtk back to exclusion list for
>     dunfell
>
>  meta/classes/mirrors.bbclass                  |  1 +
>  meta/classes/reproducible_build.bbclass       | 53 ++++++++++++-------
>  meta/classes/sstate.bbclass                   | 34 +++++++++---
>  .../oeqa/selftest/cases/diffoscope/A/file.txt |  1 +
>  .../oeqa/selftest/cases/diffoscope/B/file.txt |  1 +
>  meta/lib/oeqa/selftest/cases/reproducible.py  | 29 +++++++++-
>  meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
>  .../python/python3-magic_0.4.15.bb            |  7 ++-
>  ...ssing-include-for-htobe32-definition.patch | 27 ++++++++++
>  ...file.py-make-test-lists-reproducible.patch | 31 +++++++++++
>  ...gen_tcs-tes_input_tests.py-do-not-ha.patch | 44 +++++++++++++++
>  ...lizer.py-make-.gz-files-reproducible.patch | 30 +++++++++++
>  ...sort-the-file-list-before-working-on.patch | 28 ++++++++++
>  ...t-shader.c-do-not-hardcode-build-pat.patch | 30 +++++++++++
>  meta/recipes-graphics/piglit/piglit_git.bb    | 12 ++++-
>  .../0001-MiniBrowser-Fix-reproduciblity.patch | 31 +++++++++++
>  meta/recipes-sato/webkit/webkitgtk_2.28.4.bb  |  1 +
>  .../libunistring/libunistring_0.9.10.bb       |  1 +
>  18 files changed, 333 insertions(+), 30 deletions(-)
>  create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/A/file.txt
>  create mode 100644 meta/lib/oeqa/selftest/cases/diffoscope/B/file.txt
>  create mode 100644 meta/recipes-graphics/piglit/piglit/0001-Add-a-missing-include-for-htobe32-definition.patch
>  create mode 100644 meta/recipes-graphics/piglit/piglit/0001-framework-profile.py-make-test-lists-reproducible.patch
>  create mode 100644 meta/recipes-graphics/piglit/piglit/0001-generated_tests-gen_tcs-tes_input_tests.py-do-not-ha.patch
>  create mode 100644 meta/recipes-graphics/piglit/piglit/0001-serializer.py-make-.gz-files-reproducible.patch
>  create mode 100644 meta/recipes-graphics/piglit/piglit/0001-tests-shader.py-sort-the-file-list-before-working-on.patch
>  create mode 100644 meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
>  create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-MiniBrowser-Fix-reproduciblity.patch
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#158132): https://lists.openembedded.org/g/openembedded-core/message/158132
> Mute This Topic: https://lists.openembedded.org/mt/86975084/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3047

with the exception of a known intermittent autobuilder issue on oe-selftest-centos
which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/2977

The following changes since commit 90a07178ea26be453d101c2e8b33d3a0f437635d:

  build-appliance-image: Update to dunfell head revision (2021-12-14 22:49:32 +0000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Anuj Mittal (1):
  gstreamer1.0: fix failing ptest

Bruce Ashfield (5):
  linux-yocto/5.4: update to v5.4.159
  linux-yocto/5.4: update to v5.4.162
  linux-yocto/5.4: update to v5.4.163
  linux-yocto/5.4: update to v5.4.165
  linux-yocto/5.4: update to v5.4.167

Ernst Sjöstrand (1):
  dropbear: Fix CVE-2020-36254

Marta Rybczynska (1):
  bluez: fix CVE-2021-0129

Mingli Yu (1):
  bootchart2: remove wait_boot logic

Minjae Kim (2):
  vim: fix CVE-2021-4069
  inetutils: fix CVE-2021-40491

Steve Sakoman (1):
  selftest: skip virgl test on fedora 34 entirely

sana kazi (2):
  openssh: Fix CVE-2021-41617
  openssh: Whitelist CVE-2016-20012

 meta/lib/oeqa/selftest/cases/runtime_test.py  |   2 +
 meta/recipes-connectivity/bluez5/bluez5.inc   |   1 +
 .../bluez5/bluez5/CVE-2021-0129.patch         | 109 ++++++++++++++++++
 .../inetutils/inetutils/CVE-2021-40491.patch  |  67 +++++++++++
 .../inetutils/inetutils_1.9.4.bb              |   1 +
 .../openssh/openssh/CVE-2021-41617.patch      |  52 +++++++++
 .../openssh/openssh_8.2p1.bb                  |  10 ++
 meta/recipes-core/dropbear/dropbear.inc       |   4 +-
 .../dropbear/dropbear/CVE-2020-36254.patch    |  29 +++++
 ...ake-sure-only-one-bootchartd-process.patch |  68 +++++++++++
 .../bootchart2/bootchart2_0.14.9.bb           |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 ++--
 ...-use-too-strict-timeout-for-validati.patch |  33 ++++++
 .../gstreamer/gstreamer1.0_1.16.3.bb          |   1 +
 .../vim/files/CVE-2021-4069.patch             |  43 +++++++
 meta/recipes-support/vim/vim.inc              |   1 +
 18 files changed, 439 insertions(+), 19 deletions(-)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2021-0129.patch
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2021-40491.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch
 create mode 100644 meta/recipes-devtools/bootchart2/bootchart2/0001-bootchartd.in-make-sure-only-one-bootchartd-process.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0006-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2021-4069.patch

-- 
2.25.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3648

with the exception of the newly added meta-virt test (which has never
worked with dunfell)

The following changes since commit 7c0345ab1058a7e29d37f110923ecd368e102ed7:

  uninative: Upgrade to 3.6 with gcc 12 support (2022-05-09 11:51:55 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.192

Davide Gardenal (3):
  cve-check: add JSON format to summary output
  cve-check: fix symlinks where link and output path are equal
  rootfs-postcommands: fix symlinks where link and output path are equal

Marta Rybczynska (2):
  cve-update-db-native: update the CVE database once a day only
  cve-update-db-native: let the user to drive the update interval

Pawan Badganchi (2):
  fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310
  libinput: Add fix for CVE-2022-1215

Portia (1):
  volatile-binds: Change DefaultDependencies from false to no

Richard Purdie (3):
  base: Avoid circular references to our own scripts
  scripts: Make git intercept global
  scripts/git: Ensure we don't have circular references

Ross Burton (1):
  cve-check: no need to depend on the fetch task

Steve Sakoman (1):
  busybox: fix CVE-2022-28391

 meta/classes/base.bbclass                     |   4 +
 meta/classes/cve-check.bbclass                |  72 ++--
 meta/classes/rootfs-postcommands.bbclass      |  14 +-
 ...tr-ensure-only-printable-characters-.patch |  38 ++
 ...e-all-printed-strings-with-printable.patch |  64 ++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   2 +
 .../recipes-core/meta/cve-update-db-native.bb |  13 +-
 .../files/volatile-binds.service.in           |   2 +-
 .../wayland/libinput/CVE-2022-1215.patch      | 360 ++++++++++++++++++
 .../wayland/libinput_1.15.2.bb                |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../fribidi/fribidi/CVE-2022-25308.patch      |  50 +++
 .../fribidi/fribidi/CVE-2022-25309.patch      |  31 ++
 .../fribidi/fribidi/CVE-2022-25310.patch      |  30 ++
 meta/recipes-support/fribidi/fribidi_1.0.9.bb |   3 +
 scripts/{git-intercept => }/git               |   9 +-
 18 files changed, 674 insertions(+), 55 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
 create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2022-1215.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch
 create mode 100644 meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch
 rename scripts/{git-intercept => }/git (52%)

-- 
2.25.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3760

The following changes since commit 4051d1a3aa5f70da96c381f9dea5f52cd9306939:

  openssl: Backport fix for ptest cert expiry (2022-06-07 11:33:46 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.196

Hitendra Prajapati (2):
  e2fsprogs: CVE-2022-1304 out-of-bounds read/write via crafted
    filesystem
  pcre2: CVE-2022-1587 Out-of-bounds read

Marta Rybczynska (4):
  cve-check: move update_symlinks to a library
  cve-check: write empty fragment files in the text mode
  cve-check: add coverage statistics on recipes with/without CVEs
  cve-update-db-native: make it possible to disable database updates

Richard Purdie (1):
  libxslt: Mark CVE-2022-29824 as not applying

Robert Joslyn (2):
  curl: Backport CVE fixes
  curl: Fix CVE_CHECK_WHITELIST typo

Steve Sakoman (3):
  Revert "openssl: Backport fix for ptest cert expiry"
  openssl: backport fix for ptest certificate expiration
  openssl: update the epoch time for ct_test ptest

omkar patil (1):
  libxslt: Fix CVE-2021-30560

 meta/classes/cve-check.bbclass                |  86 ++-
 meta/lib/oe/cve_check.py                      |  10 +
 ...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 +++++
 ...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch |  55 --
 ...611887cfac633aacc052b2e71a7f195418b8.patch |  29 +
 .../openssl/openssl_1.1.1o.bb                 |   3 +-
 .../recipes-core/meta/cve-update-db-native.bb |   6 +-
 .../e2fsprogs/e2fsprogs/CVE-2022-1304.patch   |  42 ++
 .../e2fsprogs/e2fsprogs_1.45.7.bb             |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../curl/curl/CVE-2022-27774-1.patch          |  45 ++
 .../curl/curl/CVE-2022-27774-2.patch          |  80 +++
 .../curl/curl/CVE-2022-27774-3.patch          |  83 +++
 .../curl/curl/CVE-2022-27774-4.patch          |  35 +
 .../curl/curl/CVE-2022-27781.patch            |  46 ++
 .../curl/curl/CVE-2022-27782-1.patch          | 363 ++++++++++
 .../curl/curl/CVE-2022-27782-2.patch          |  71 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |   9 +-
 .../libpcre/libpcre2/CVE-2022-1587.patch      | 660 ++++++++++++++++++
 .../recipes-support/libpcre/libpcre2_10.34.bb |   1 +
 .../libxslt/libxslt/CVE-2021-30560.patch      | 201 ++++++
 .../recipes-support/libxslt/libxslt_1.1.34.bb |   5 +
 24 files changed, 1949 insertions(+), 110 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
 create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2022-1304.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
 create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2021-30560.patch

-- 
2.25.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3880

The following changes since commit b75caf4a985e3c20996531785125eaffdc832104:

  insane.bbclass: host-user-contaminated: Correct per package home path (2022-06-29 05:15:49 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Anuj Mittal (1):
  efivar: change branch name to main

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.199
  linux-yocto/5.4: update to v5.4.203

Jate Sujjavanich (1):
  IMAGE_LOCALES_ARCHIVE: add option to prevent locale archive creation

Ranjitsinh Rathod (1):
  openssl: Minor security upgrade 1.1.1o to 1.1.1p

Richard Purdie (5):
  cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
  vim: 8.2.5083 -> 9.0.0005
  oeqa/runtime/scp: Disable scp test for dropbear
  packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
  oe-selftest-image: Ensure the image has sftp as well as dropbear

Ross Burton (1):
  cve-check: hook cleanup to the BuildCompleted event, not CookerExit

Steve Sakoman (3):
  openssh: break dependency on base package for -dev package
  dropbear: break dependency on base package for -dev package
  qemu: add PACKAGECONFIG for capstone

 .../recipes-test/images/oe-selftest-image.bb  |   2 +-
 meta/classes/cve-check.bbclass                |   2 +-
 meta/classes/image.bbclass                    |   5 +-
 .../distro/include/cve-extra-exclusions.inc   |  31 ++-
 meta/lib/oe/package_manager.py                |  13 +-
 meta/lib/oeqa/runtime/cases/scp.py            |   2 +-
 meta/recipes-bsp/efivar/efivar_37.bb          |   2 +-
 .../openssh/openssh_8.2p1.bb                  |   5 +
 ...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 ------------------
 ...611887cfac633aacc052b2e71a7f195418b8.patch |  29 ---
 .../{openssl_1.1.1o.bb => openssl_1.1.1p.bb}  |   4 +-
 meta/recipes-core/dropbear/dropbear.inc       |   5 +
 .../packagegroup-core-ssh-dropbear.bb         |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb}  |   0
 meta/recipes-support/vim/vim.inc              |   6 +-
 .../vim/{vim_8.2.bb => vim_9.0.bb}            |   0
 20 files changed, 64 insertions(+), 272 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1o.bb => openssl_1.1.1p.bb} (97%)
 rename meta/recipes-support/vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} (100%)
 rename meta/recipes-support/vim/{vim_8.2.bb => vim_9.0.bb} (100%)

-- 
2.25.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by end
of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4151

The following changes since commit a3cba15142e98177119ef36c09f553d09acf35ef:

  build-appliance-image: Update to dunfell head revision (2022-08-22 16:07:02 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (3):
  mobile-broadband-provider-info: upgrade 20220511 -> 20220725
  tzdata: upgrade 2022a -> 2022b
  wireless-regdb: upgrade 2022.06.06 -> 2022.08.12

Anuj Mittal (1):
  cryptodev-module: fix build with 5.11+ kernels

Bruce Ashfield (1):
  linux-yocto/5.4: update to v5.4.210

Ernst Sjöstrand (1):
  cve-check: Don't use f-strings

Hitendra Prajapati (5):
  libtiff: CVE-2022-34526 A stack overflow was discovered
  golang: fix CVE-2022-30629 and CVE-2022-30631
  golang: fix CVE-2022-30632 and CVE-2022-30633
  golang: fix CVE-2022-30635 and CVE-2022-32148
  golang: CVE-2022-32189 a denial of service

Paul Eggleton (1):
  relocate_sdk.py: ensure interpreter size error causes relocation to
    fail

Pawan Badganchi (1):
  libxml2: Add fix for CVE-2016-3709

Richard Purdie (1):
  vim: Upgrade 9.0.0115 -> 9.0.0242

 meta/lib/oe/cve_check.py                      |   2 +-
 .../mobile-broadband-provider-info_git.bb     |   4 +-
 .../libxml/libxml2/CVE-2016-3709.patch        |  89 ++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |   1 +
 meta/recipes-devtools/go/go-1.14.inc          |   7 +
 .../go/go-1.14/CVE-2022-30629.patch           |  47 +++++++
 .../go/go-1.14/CVE-2022-30631.patch           | 116 ++++++++++++++++
 .../go/go-1.14/CVE-2022-30632.patch           |  71 ++++++++++
 .../go/go-1.14/CVE-2022-30633.patch           | 131 ++++++++++++++++++
 .../go/go-1.14/CVE-2022-30635.patch           | 120 ++++++++++++++++
 .../go/go-1.14/CVE-2022-32148.patch           |  49 +++++++
 .../go/go-1.14/CVE-2022-32189.patch           | 113 +++++++++++++++
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../cryptodev/cryptodev-module_1.10.bb        |   1 +
 .../files/fix-build-for-Linux-5.11-rc1.patch  |  32 +++++
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +--
 ....06.06.bb => wireless-regdb_2022.08.12.bb} |   2 +-
 .../libtiff/files/CVE-2022-34526.patch        |  29 ++++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/relocate_sdk.py                       |  10 +-
 23 files changed, 842 insertions(+), 29 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2016-3709.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30631.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30632.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30633.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-30635.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-32189.patch
 create mode 100644 meta/recipes-kernel/cryptodev/files/fix-build-for-Linux-5.11-rc1.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.06.06.bb => wireless-regdb_2022.08.12.bb} (94%)
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch

-- 
2.25.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review these patches for dunfell and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5073

The following changes since commit efb1a73a13907bed3acac8e06053aef3e2ef57f5:

  build-appliance-image: Update to dunfell head revision (2023-03-15 23:09:39 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alban Bedel (1):
  systemd: Fix systemd when used with busybox less

Andrej Valek (1):
  libarchive: fix CVE-2022-26280

Chee Yang Lee (2):
  ghostscript: add CVE tag for
    check-stack-limits-after-function-evalution.patch
  libksba: fix CVE-2022-3515

Hitendra Prajapati (1):
  QEMU: CVE-2022-4144 QXL: qxl_phys2virt unsafe address translation can
    lead to out-of-bounds read

Kenfe-Mickael Laventure (3):
  buildtools-tarball: Handle spaces within user $PATH
  toolchain-scripts: Handle spaces within user $PATH
  populate_sdk_ext: Handle spaces within user $PATH

Richard Purdie (4):
  staging: Separate out different multiconfig manifests
  staging/multilib: Fix manifest corruption
  glibc: Add missing binutils dependency
  base-files: Drop localhost.localdomain from hosts file

Ross Burton (2):
  vim: upgrade to 9.0.1403
  vim: set modified-by to the recipe MAINTAINER

 meta/classes/multilib.bbclass                 |   1 +
 meta/classes/populate_sdk_ext.bbclass         |   2 +-
 meta/classes/staging.bbclass                  |   4 +
 meta/classes/toolchain-scripts.bbclass        |   2 +-
 meta/recipes-core/base-files/base-files/hosts |   2 +-
 meta/recipes-core/glibc/glibc.inc             |   4 +-
 meta/recipes-core/meta/buildtools-tarball.bb  |   2 +-
 .../systemd/systemd/systemd-pager.sh          |   7 ++
 meta/recipes-core/systemd/systemd_244.5.bb    |   5 +
 meta/recipes-devtools/qemu/qemu.inc           |   9 +-
 .../qemu/qemu/CVE-2022-4144.patch             | 103 ++++++++++++++++++
 ...tack-limits-after-function-evalution.patch |   2 +-
 .../libarchive/CVE-2022-26280.patch           |  29 +++++
 .../libarchive/libarchive_3.4.2.bb            |   1 +
 .../libksba/libksba/CVE-2022-3515.patch       |  47 ++++++++
 meta/recipes-support/libksba/libksba_1.3.5.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   8 +-
 17 files changed, 215 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-core/systemd/systemd/systemd-pager.sh
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2022-26280.patch
 create mode 100644 meta/recipes-support/libksba/libksba/CVE-2022-3515.patch

-- 
2.34.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5493

The following changes since commit 77f6fbfa18b4ad77c3756cfdc45d441a20210781:

  build-appliance-image: Update to dunfell head revision (2023-06-17 09:47:49 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Abdellatif El Khlifi (1):
  kernel-fitimage: adding support for Initramfs bundle and u-boot script

Andrej Valek (1):
  kernel-fitimage: use correct kernel image

Hitendra Prajapati (1):
  openssl: CVE-2023-2650 Possible DoS translating ASN.1 object
    identifiers

Ian Ray (1):
  systemd-systemctl: support instance expansion in WantedBy

Jan Vermaete (1):
  cve-update-nvd2-native: added the missing http import

Marta Rybczynska (1):
  cve-update-nvd2-native: new CVE database fetcher

Martin Siegumfeldt (1):
  systemd-systemctl: fix instance template WantedBy symlink construction

Michael Halstead (4):
  uninative: Upgrade to 3.8.1 to include libgcc
  uninative: Upgrade to 3.9 to include glibc 2.37
  uninative: Upgrade to 3.10 to support gcc 13
  uninative: Upgrade to 4.0 to include latest gcc 13.1.1

Richard Purdie (1):
  uninative: Ensure uninative is enabled in all cases for BuildStarted
    event

Sanjay Chitroda (1):
  cups: Fix CVE-2023-32324

Steve Sakoman (1):
  uninative.bbclass: handle read only files outside of patchelf

 meta/classes/cve-check.bbclass                |   4 +-
 meta/classes/kernel-fitimage.bbclass          | 142 ++++++--
 meta/classes/uninative.bbclass                |   4 +
 meta/conf/distro/include/yocto-uninative.inc  |  10 +-
 .../openssl/openssl/CVE-2023-2650.patch       | 122 +++++++
 .../openssl/openssl_1.1.1t.bb                 |   1 +
 .../meta/cve-update-nvd2-native.bb            | 334 ++++++++++++++++++
 .../systemd/systemd-systemctl/systemctl       |   8 +-
 meta/recipes-extended/cups/cups.inc           |   1 +
 .../cups/cups/CVE-2023-32324.patch            |  36 ++
 10 files changed, 629 insertions(+), 33 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch
 create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch

-- 
2.34.1

Re: [OE-core][dunfell 00/14] Patch review

[Marta Rybczynska]

[-- Attachment #1: Type: text/plain, Size: 2867 bytes --]

On Thu, Jun 22, 2023 at 5:31 PM Steve Sakoman <steve@sakoman.com> wrote:

> Please review this set of changes for dunfell and have comments back by
> end of day Monday.
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5493
>
> The following changes since commit
> 77f6fbfa18b4ad77c3756cfdc45d441a20210781:
>
>   build-appliance-image: Update to dunfell head revision (2023-06-17
> 09:47:49 -1000)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/openembedded-core-contrib
> stable/dunfell-nut
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
>
> Abdellatif El Khlifi (1):
>   kernel-fitimage: adding support for Initramfs bundle and u-boot script
>
> Andrej Valek (1):
>   kernel-fitimage: use correct kernel image
>
> Hitendra Prajapati (1):
>   openssl: CVE-2023-2650 Possible DoS translating ASN.1 object
>     identifiers
>
> Ian Ray (1):
>   systemd-systemctl: support instance expansion in WantedBy
>
> Jan Vermaete (1):
>   cve-update-nvd2-native: added the missing http import
>
> Marta Rybczynska (1):
>   cve-update-nvd2-native: new CVE database fetcher
>
> Martin Siegumfeldt (1):
>   systemd-systemctl: fix instance template WantedBy symlink construction
>
> Michael Halstead (4):
>   uninative: Upgrade to 3.8.1 to include libgcc
>   uninative: Upgrade to 3.9 to include glibc 2.37
>   uninative: Upgrade to 3.10 to support gcc 13
>   uninative: Upgrade to 4.0 to include latest gcc 13.1.1
>
> Richard Purdie (1):
>   uninative: Ensure uninative is enabled in all cases for BuildStarted
>     event
>
> Sanjay Chitroda (1):
>   cups: Fix CVE-2023-32324
>
> Steve Sakoman (1):
>   uninative.bbclass: handle read only files outside of patchelf
>
>  meta/classes/cve-check.bbclass                |   4 +-
>  meta/classes/kernel-fitimage.bbclass          | 142 ++++++--
>  meta/classes/uninative.bbclass                |   4 +
>  meta/conf/distro/include/yocto-uninative.inc  |  10 +-
>  .../openssl/openssl/CVE-2023-2650.patch       | 122 +++++++
>  .../openssl/openssl_1.1.1t.bb                 |   1 +
>  .../meta/cve-update-nvd2-native.bb            | 334 ++++++++++++++++++
>  .../systemd/systemd-systemctl/systemctl       |   8 +-
>  meta/recipes-extended/cups/cups.inc           |   1 +
>  .../cups/cups/CVE-2023-32324.patch            |  36 ++
>  10 files changed, 629 insertions(+), 33 deletions(-)
>  create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch
>  create mode 100644 meta/recipes-core/meta/cve-update-nvd2-native.bb
>  create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32324.patch
>
>
Tested this version for the CVE fetcher backport to dunfell, no unexpected
issues seen.

Kind regards,
Marta

[-- Attachment #2: Type: text/html, Size: 4051 bytes --]

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Satuday, August 26.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5779

The following changes since commit b70a8333a7467162b9d148b99f5970c0af2a531f:

  kernel: skip installing fitImage when using Initramfs bundles (2023-08-12 05:38:11 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ashish Sharma (1):
  curl: Backport fix CVE-2023-32001

BELOUARGA Mohamed (1):
  linux-firmware : Add firmware of RTL8822 serie

Chee Yang Lee (1):
  tiff: CVE-2022-3599.patch also fix CVE-2022-4645 CVE-2023-30774

Dmitry Baryshkov (2):
  linux-firmware: package firmare for Dragonboard 410c
  linux-firmware: split platform-specific Adreno shaders to separate
    packages

Jasper Orschulko (1):
  cve_check: Fix cpe_id generation

Kai Kang (1):
  grub2.inc: remove '-O2' from CFLAGS

Michael Halstead (2):
  yocto-uninative: Update hashes for uninative 4.1
  yocto-uninative: Update to 4.2 for glibc 2.38

Ross Burton (1):
  oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case

Trevor Gamblin (1):
  linux-firmware: upgrade 20230515 -> 20230625

Vijay Anusuri (1):
  elfutils: Backport fix for CVE-2021-33294

Wang Mingyu (1):
  libnss-nis: upgrade 3.1 -> 3.2

Yoann Congal (1):
  recipetool: Fix inherit in created -native* recipes

 meta/conf/distro/include/yocto-uninative.inc  | 10 +--
 meta/lib/oe/cve_check.py                      |  2 +-
 meta/lib/oeqa/runtime/cases/rpm.py            |  4 +-
 meta/recipes-bsp/grub/grub2.inc               |  2 +
 .../elfutils/elfutils_0.178.bb                |  1 +
 .../elfutils/files/CVE-2021-33294.patch       | 72 +++++++++++++++++++
 .../recipes-extended/libnss-nis/libnss-nis.bb |  4 +-
 ...20230515.bb => linux-firmware_20230625.bb} | 37 +++++++---
 .../libtiff/files/CVE-2022-3599.patch         |  2 +-
 .../curl/curl/CVE-2023-32001.patch            | 38 ++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |  1 +
 scripts/lib/recipetool/create.py              |  4 ++
 12 files changed, 158 insertions(+), 19 deletions(-)
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230515.bb => linux-firmware_20230625.bb} (96%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch

-- 
2.34.1

[OE-core][dunfell 01/14] curl: Backport fix CVE-2023-32001

[Steve Sakoman]

From: Ashish Sharma <asharma@mvista.com>

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2023-32001.patch            | 38 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
new file mode 100644
index 0000000000..f533992bcd
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
@@ -0,0 +1,38 @@
+From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
+From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
+Date: Mon, 10 Jul 2023 21:43:28 +0200
+Subject: [PATCH] fopen: optimize
+
+Closes #11419
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
+CVE: CVE-2023-32001
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ lib/fopen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index c9c9e3d6e73a2..b6e3cadddef65 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   int fd = -1;
+   *tempname = NULL;
+ 
+-  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
+-    /* a non-regular file, fallback to direct fopen() */
+-    *fh = fopen(filename, FOPEN_WRITETEXT);
+-    if(*fh)
+-      return CURLE_OK;
++  *fh = fopen(filename, FOPEN_WRITETEXT);
++  if(!*fh)
+     goto fail;
+-  }
++  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
++    return CURLE_OK;
++  fclose(*fh);
++  *fh = NULL;
+ 
+   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
+   if(result)
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index ce81df0f05..2a52e8233e 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -52,6 +52,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://CVE-2023-27536.patch \
            file://CVE-2023-28320.patch \
            file://CVE-2023-28320-fol1.patch \
+           file://CVE-2023-32001.patch \
 "
 
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
-- 
2.34.1

[OE-core][dunfell 02/14] elfutils: Backport fix for CVE-2021-33294

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55

Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-33294
https://sourceware.org/bugzilla/show_bug.cgi?id=27501

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../elfutils/elfutils_0.178.bb                |  1 +
 .../elfutils/files/CVE-2021-33294.patch       | 72 +++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.178.bb b/meta/recipes-devtools/elfutils/elfutils_0.178.bb
index 97d033e356..29a3bbfffb 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.178.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.178.bb
@@ -34,6 +34,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
            file://0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch \
            file://run-ptest \
            file://ptest.patch \
+           file://CVE-2021-33294.patch \
            "
 SRC_URI_append_libc-musl = " \
            file://0001-musl-obstack-fts.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
new file mode 100644
index 0000000000..0500a4cf83
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2021-33294.patch
@@ -0,0 +1,72 @@
+From 480b6fa3662ba8ffeee274bf0d37423413c01e55 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 3 Mar 2021 21:40:53 +0100
+Subject: [PATCH] readelf: Sanity check verneed and verdef offsets in handle_symtab.
+
+We are going through vna_next, vn_next and vd_next in a while loop.
+Make sure that all offsets are sane. We don't want things to wrap
+around so we go in cycles.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=27501
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55]
+CVE: CVE-2021-33294
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/ChangeLog |  5 +++++
+ src/readelf.c | 10 +++++++++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/ChangeLog b/src/ChangeLog
+index 6af977e..f0d9e39 100644
+--- a/src/ChangeLog
++++ b/src/ChangeLog
+@@ -1,3 +1,8 @@
++2021-03-03  Mark Wielaard  <mark@klomp.org>
++
++	* readelf.c (handle_symtab): Sanity check verneed vna_next,
++	vn_next and verdef vd_next offsets.
++
+ 2019-11-26  Mark Wielaard  <mark@klomp.org>
+ 
+ 	* Makefile.am (BUILD_STATIC): Add libraries needed for libdw.
+diff --git a/src/readelf.c b/src/readelf.c
+index 5994615..ab7a1c1 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -2550,7 +2550,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+ 						 &vernaux_mem);
+ 		      while (vernaux != NULL
+ 			     && vernaux->vna_other != *versym
+-			     && vernaux->vna_next != 0)
++			     && vernaux->vna_next != 0
++			     && (verneed_data->d_size - vna_offset
++				 >= vernaux->vna_next))
+ 			{
+ 			  /* Update the offset.  */
+ 			  vna_offset += vernaux->vna_next;
+@@ -2567,6 +2569,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+ 			/* Found it.  */
+ 			break;
+ 
++		      if (verneed_data->d_size - vn_offset < verneed->vn_next)
++			break;
++
+ 		      vn_offset += verneed->vn_next;
+ 		      verneed = (verneed->vn_next == 0
+ 				 ? NULL
+@@ -2602,6 +2607,9 @@ handle_symtab (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr)
+ 			/* Found the definition.  */
+ 			break;
+ 
++		      if (verdef_data->d_size - vd_offset < verdef->vd_next)
++			break;
++
+ 		      vd_offset += verdef->vd_next;
+ 		      verdef = (verdef->vd_next == 0
+ 				? NULL
+-- 
+2.25.1
+
-- 
2.34.1

[OE-core][dunfell 03/14] tiff: CVE-2022-3599.patch also fix CVE-2022-4645 CVE-2023-30774

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

The same patch also fix CVE-2022-4645 CVE-2023-30774
CVE-2022-4645 - https://gitlab.com/libtiff/libtiff/-/issues/277
CVE-2023-30774 - https://gitlab.com/libtiff/libtiff/-/issues/463

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch
index 9689a99638..b3232d9002 100644
--- a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch
@@ -4,7 +4,7 @@ Date: Tue, 30 Aug 2022 16:56:48 +0200
 Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related
 
 Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ]
-CVE: CVE-2022-3599
+CVE: CVE-2022-3599 CVE-2022-4645 CVE-2023-30774
 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
 
 Origin: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
-- 
2.34.1

[OE-core][dunfell 04/14] cve_check: Fix cpe_id generation

[Steve Sakoman]

From: Jasper Orschulko <jasper@fancydomain.eu>

Use "*" (wildcard) instead of "a" (application)in cpe_id generation,
as the product is not necessarily of type application, e.g.
linux_kernel, which is of type "o" (operating system).

(From OE-Core rev: cae9528b002c06143bf048b991b9d7e93968cb6b)

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/cve_check.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index c508865738..aada53bf38 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -168,7 +168,7 @@ def get_cpe_ids(cve_product, version):
         else:
             vendor = "*"
 
-        cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
+        cpe_id = 'cpe:2.3:*:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
         cpe_ids.append(cpe_id)
 
     return cpe_ids
-- 
2.34.1

[OE-core][dunfell 05/14] libnss-nis: upgrade 3.1 -> 3.2

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
* Do not call malloc_usable_size

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5cd967503c0574f45b814572da9503182556b431)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/libnss-nis/libnss-nis.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-extended/libnss-nis/libnss-nis.bb b/meta/recipes-extended/libnss-nis/libnss-nis.bb
index 984cc98fc2..0ec64544be 100644
--- a/meta/recipes-extended/libnss-nis/libnss-nis.bb
+++ b/meta/recipes-extended/libnss-nis/libnss-nis.bb
@@ -13,9 +13,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 SECTION = "libs"
 DEPENDS += "libtirpc libnsl2"
 
-PV = "3.1+git${SRCPV}"
+PV = "3.2"
 
-SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad"
+SRCREV = "cd0d391af9535b56e612ed227c1b89be269f3d59"
 
 SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \
           "
-- 
2.34.1

[OE-core][dunfell 06/14] linux-firmware: upgrade 20230515 -> 20230625

[Steve Sakoman]

From: Trevor Gamblin <tgamblin@baylibre.com>

WHENCE checksum changed because of updated version lists and removal of
information for the RTL8188EU driver.

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 986f8ca9d4c2c22d368f69e65b2ab76d661edca0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...{linux-firmware_20230515.bb => linux-firmware_20230625.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230515.bb => linux-firmware_20230625.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
index 206de1bcd1..046272337e 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
@@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "a0997fc7a9af4e46d96529d6ef13b58a"
+WHENCE_CHKSUM  = "57bf874056926f12aec2405d3fc390d9"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "8b1acfa16f1ee94732a6acb50d9d6c835cf53af11068bd89ed207bbe04a1e951"
+SRC_URI[sha256sum] = "87597111c0d4b71b31e53cb85a92c386921b84c825a402db8c82e0e86015500d"
 
 inherit allarch
 
-- 
2.34.1

[OE-core][dunfell 07/14] linux-firmware: package firmare for Dragonboard 410c

[Steve Sakoman]

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

Latest linux-firmware archive inclues firmware for the Dragonboard 410c
device (Qualcomm apq8016 SBC). Follow the rest of linux-firmware-qcom-*
packages as a template and create packages for the new firmware files.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 380216e8d3b63d563ebfb10445fc6eb5e77eb9f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20230625.bb              | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
index 046272337e..4f6dd409f4 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
@@ -313,6 +313,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-qcom-vpu-1.0 ${PN}-qcom-vpu-2.0 \
              ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
              ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
+             ${PN}-qcom-apq8016-modem ${PN}-qcom-apq8016-wifi \
              ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
              ${PN}-qcom-sc8280xp-lenovo-x13s-compat \
              ${PN}-qcom-sc8280xp-lenovo-x13s-audio \
@@ -978,6 +979,8 @@ LICENSE_${PN}-qcom-adreno-a530 = "Firmware-qcom"
 LICENSE_${PN}-qcom-adreno-a630 = "Firmware-qcom"
 LICENSE_${PN}-qcom-adreno-a650 = "Firmware-qcom"
 LICENSE_${PN}-qcom-adreno-a660 = "Firmware-qcom"
+LICENSE_${PN}-qcom-apq8016-modem = "Firmware-qcom"
+LICENSE_${PN}-qcom-apq8016-wifi = "Firmware-qcom"
 LICENSE_${PN}-qcom-apq8096-audio = "Firmware-qcom"
 LICENSE_${PN}-qcom-apq8096-modem = "Firmware-qcom"
 LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom"
@@ -1005,6 +1008,8 @@ FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
 FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
 FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
 FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
+FILES_${PN}-qcom-apq8016-modem = "${nonarch_base_libdir}/firmware/qcom/apq8016/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/modem.mbn"
+FILES_${PN}-qcom-apq8016-wifi = "${nonarch_base_libdir}/firmware/qcom/apq8016/wcnss.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/WCNSS*"
 FILES_${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
 FILES_${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
 FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX"
@@ -1030,6 +1035,8 @@ RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-adreno-a650 = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-adreno-a660 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-apq8016-modem = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-apq8016-wifi = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-apq8096-audio = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-apq8096-modem = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${PN}-qcom-license"
-- 
2.34.1

[OE-core][dunfell 08/14] linux-firmware : Add firmware of RTL8822 serie

[Steve Sakoman]

From: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>

RTL8822 is a serie of wireless modules that need firmwares to function correctly.
The linux firmware recipe does not have a package of these firmwares, and this commit add them.

Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6459959beeb91c0b694f5f17b6587a12c6dcb087)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20230625.bb             | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
index 4f6dd409f4..ff7cb94859 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
@@ -239,6 +239,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-rs9113 ${PN}-rs9116 \
              ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
              ${PN}-rtl8168 \
+             ${PN}-rtl8822 \
              ${PN}-cypress-license \
              ${PN}-broadcom-license \
              ${PN}-bcm-0bb4-0306 \
@@ -564,6 +565,7 @@ LICENSE_${PN}-rtl8192ce = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8822 = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8168 = "WHENCE"
 
@@ -591,6 +593,11 @@ FILES_${PN}-rtl8821 = " \
 FILES_${PN}-rtl8168 = " \
   ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
 "
+FILES_${PN}-rtl8822 = " \
+  ${nonarch_base_libdir}/firmware/rtl_bt/rtl8822*.bin \
+  ${nonarch_base_libdir}/firmware/rtw88/rtw8822*.bin \
+  ${nonarch_base_libdir}/firmware/rtlwifi/rtl8822*.bin \
+"
 
 RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license"
@@ -598,6 +605,7 @@ RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8822 += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license"
 
 # For ti-connectivity
-- 
2.34.1

[OE-core][dunfell 09/14] linux-firmware: split platform-specific Adreno shaders to separate packages

[Steve Sakoman]

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

For newest Qualcomm platforms the firmware for the Adreno GPU consists
of two parts: platform-independent SQE/GMU/GPMU/PFP/PM4 and
platform-specific ZAP shader, which is used during the boot process. As
the platform-independent parts can be shared between different
platforms, split the platform-specific part to the separate package.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bf00a042d2fa2eb4b20d8c5982926758821bf990)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20230625.bb  | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
index ff7cb94859..7fe7e51240 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230625.bb
@@ -315,14 +315,14 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-qcom-adreno-a2xx ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a4xx ${PN}-qcom-adreno-a530 \
              ${PN}-qcom-adreno-a630 ${PN}-qcom-adreno-a650 ${PN}-qcom-adreno-a660 \
              ${PN}-qcom-apq8016-modem ${PN}-qcom-apq8016-wifi \
-             ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
+             ${PN}-qcom-apq8096-adreno ${PN}-qcom-apq8096-audio ${PN}-qcom-apq8096-modem \
              ${PN}-qcom-sc8280xp-lenovo-x13s-compat \
              ${PN}-qcom-sc8280xp-lenovo-x13s-audio \
              ${PN}-qcom-sc8280xp-lenovo-x13s-adreno \
              ${PN}-qcom-sc8280xp-lenovo-x13s-compute \
              ${PN}-qcom-sc8280xp-lenovo-x13s-sensors \
-             ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
-             ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
+             ${PN}-qcom-sdm845-adreno ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
+             ${PN}-qcom-sm8250-adreno ${PN}-qcom-sm8250-audio ${PN}-qcom-sm8250-compute \
              ${PN}-amlogic-vdec-license ${PN}-amlogic-vdec \
              ${PN}-lt9611uxc ${PN}-lontium-license \
              ${PN}-whence-license \
@@ -990,15 +990,18 @@ LICENSE_${PN}-qcom-adreno-a660 = "Firmware-qcom"
 LICENSE_${PN}-qcom-apq8016-modem = "Firmware-qcom"
 LICENSE_${PN}-qcom-apq8016-wifi = "Firmware-qcom"
 LICENSE_${PN}-qcom-apq8096-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-apq8096-adreno = "Firmware-qcom"
 LICENSE_${PN}-qcom-apq8096-modem = "Firmware-qcom"
 LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "Firmware-qcom"
 LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "Firmware-qcom"
 LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "Firmware-qcom"
 LICENSE_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "Firmware-qcom"
 LICENSE_${PN}-qcom-sdm845-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-sdm845-adreno = "Firmware-qcom"
 LICENSE_${PN}-qcom-sdm845-compute = "Firmware-qcom"
 LICENSE_${PN}-qcom-sdm845-modem = "Firmware-qcom"
 LICENSE_${PN}-qcom-sm8250-audio = "Firmware-qcom"
+LICENSE_${PN}-qcom-sm8250-adreno = "Firmware-qcom"
 LICENSE_${PN}-qcom-sm8250-compute = "Firmware-qcom"
 
 FILES_${PN}-qcom-license   = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
@@ -1012,12 +1015,13 @@ FILES_${PN}-qcom-vpu-2.0 = "${nonarch_base_libdir}/firmware/qcom/vpu-2.0/*"
 FILES_${PN}-qcom-adreno-a2xx = "${nonarch_base_libdir}/firmware/qcom/leia_*.fw ${nonarch_base_libdir}/firmware/qcom/yamato_*.fw"
 FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a3*_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
 FILES_${PN}-qcom-adreno-a4xx = "${nonarch_base_libdir}/firmware/qcom/a4*_*.fw"
-FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
-FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
-FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.* ${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
+FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.fw*"
+FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.*"
+FILES_${PN}-qcom-adreno-a650 = "${nonarch_base_libdir}/firmware/qcom/a650*.*"
 FILES_${PN}-qcom-adreno-a660 = "${nonarch_base_libdir}/firmware/qcom/a660*.*"
 FILES_${PN}-qcom-apq8016-modem = "${nonarch_base_libdir}/firmware/qcom/apq8016/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/modem.mbn"
 FILES_${PN}-qcom-apq8016-wifi = "${nonarch_base_libdir}/firmware/qcom/apq8016/wcnss.mbn ${nonarch_base_libdir}/firmware/qcom/apq8016/WCNSS*"
+FILES_${PN}-qcom-apq8096-adreno = "${nonarch_base_libdir}/firmware/qcom/apq8096/a530_zap.mbn ${nonarch_base_libdir}/firmware/qcom/a530_zap.mdt"
 FILES_${PN}-qcom-apq8096-audio = "${nonarch_base_libdir}/firmware/qcom/apq8096/adsp*.*"
 FILES_${PN}-qcom-apq8096-modem = "${nonarch_base_libdir}/firmware/qcom/apq8096/mba.mbn ${nonarch_base_libdir}/firmware/qcom/apq8096/modem*.* ${nonarch_base_libdir}/firmware/qcom/apq8096/wlanmdsp.mbn"
 FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compat = "${nonarch_base_libdir}/firmware/qcom/LENOVO/21BX"
@@ -1025,9 +1029,11 @@ FILES_${PN}-qcom-sc8280xp-lenovo-x13s-audio = "${nonarch_base_libdir}/firmware/q
 FILES_${PN}-qcom-sc8280xp-lenovo-x13s-adreno = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn"
 FILES_${PN}-qcom-sc8280xp-lenovo-x13s-compute = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*cdsp*.*"
 FILES_${PN}-qcom-sc8280xp-lenovo-x13s-sensors = "${nonarch_base_libdir}/firmware/qcom/sc8280xp/LENOVO/21BX/*slpi*.*"
+FILES_${PN}-qcom-sdm845-adreno = "${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
 FILES_${PN}-qcom-sdm845-audio = "${nonarch_base_libdir}/firmware/qcom/sdm845/adsp*.*"
 FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/cdsp*.*"
 FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
+FILES_${PN}-qcom-sm8250-adreno = "${nonarch_base_libdir}/firmware/qcom/sm8250/a650*.*"
 FILES_${PN}-qcom-sm8250-audio = "${nonarch_base_libdir}/firmware/qcom/sm8250/adsp*.*"
 FILES_${PN}-qcom-sm8250-compute = "${nonarch_base_libdir}/firmware/qcom/sm8250/cdsp*.*"
 RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
-- 
2.34.1

[OE-core][dunfell 10/14] yocto-uninative: Update hashes for uninative 4.1

[Steve Sakoman]

From: Michael Halstead <mhalstead@linuxfoundation.org>

This version includes fixes to patchelf.

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c5c8ff97ba0a7f9adc592d702b865b3d166a24b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/yocto-uninative.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index ad4816a1f3..b3bd7794fb 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
 #
 
 UNINATIVE_MAXGLIBCVERSION = "2.37"
-UNINATIVE_VERSION = "4.0"
+UNINATIVE_VERSION = "4.1"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "7baa8418a302df52e00916193b0a04f318356d9d2670c9a2bce3e966efefd738"
-UNINATIVE_CHECKSUM[i686] ?= "83114d36883d43a521e280742b9849bf85d039b2f83d8e21d480659babe75ee8"
-UNINATIVE_CHECKSUM[x86_64] ?= "fd75b2a1a67a10f6b7d65afb7d0f3e71a63b0038e428f34dfe420bb37716558a"
+UNINATIVE_CHECKSUM[aarch64] ?= "b6ff9171aa7d3828bc81197822e804725908856bbd488bf412121cc0deddcb60"
+UNINATIVE_CHECKSUM[i686] ?= "6354fd2e09af1f111bad5e34ce7af4f9ad7cd266188af7eeceaeb982afd5354b"
+UNINATIVE_CHECKSUM[x86_64] ?= "f83eca543170adfd2432b135ca655922a4303622d73cc4b13e92b973cdf49e3a"
-- 
2.34.1

[OE-core][dunfell 11/14] yocto-uninative: Update to 4.2 for glibc 2.38

[Steve Sakoman]

From: Michael Halstead <mhalstead@linuxfoundation.org>

Uninative 4.2 adds glibc 2.38.

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6654fab00a1b4e4bb05eec8b77c8c60e1f8a709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index b3bd7794fb..6596c0f4a2 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.37"
-UNINATIVE_VERSION = "4.1"
+UNINATIVE_MAXGLIBCVERSION = "2.38"
+UNINATIVE_VERSION = "4.2"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "b6ff9171aa7d3828bc81197822e804725908856bbd488bf412121cc0deddcb60"
-UNINATIVE_CHECKSUM[i686] ?= "6354fd2e09af1f111bad5e34ce7af4f9ad7cd266188af7eeceaeb982afd5354b"
-UNINATIVE_CHECKSUM[x86_64] ?= "f83eca543170adfd2432b135ca655922a4303622d73cc4b13e92b973cdf49e3a"
+UNINATIVE_CHECKSUM[aarch64] ?= "cff40e7bdde50aeda06707af8c001796a71b4cf33c5ae1616e5c47943ff6b94e"
+UNINATIVE_CHECKSUM[i686] ?= "a70516447e9a9f1465ffaf1c7f89e79d1692d2356d86fd2a5a63acd908db1ff2"
+UNINATIVE_CHECKSUM[x86_64] ?= "6a86d71eeafba4fefec600c9bf8cf4a01324d1eb52788b6e398d3f23c10d19fb"
-- 
2.34.1

[OE-core][dunfell 12/14] recipetool: Fix inherit in created -native* recipes

[Steve Sakoman]

From: Yoann Congal <yoann.congal@smile.fr>

native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6614fd800cbe791264aeb102d379ba79bd145c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/recipetool/create.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 798cb0cefe..a2c6d052a6 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -745,6 +745,10 @@ def create_recipe(args):
     for handler in handlers:
         handler.process(srctree_use, classes, lines_before, lines_after, handled, extravalues)
 
+    # native and nativesdk classes are special and must be inherited last
+    # If present, put them at the end of the classes list
+    classes.sort(key=lambda c: c in ("native", "nativesdk"))
+
     extrafiles = extravalues.pop('extrafiles', {})
     extra_pn = extravalues.pop('PN', None)
     extra_pv = extravalues.pop('PV', None)
-- 
2.34.1

[OE-core][dunfell 13/14] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

str.format() doesn't use % notation, update the formatting to work.

assertTrue() is a member of self not a global, and assertTrue(True) will
always pass. Change this to just self.fail() as this is the failure case.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 017f3a0b1265c1a3b69c20bdb56bbf446111977e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/rpm.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/rpm.py b/meta/lib/oeqa/runtime/cases/rpm.py
index 2b6cfe5ff2..203fcc8505 100644
--- a/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/meta/lib/oeqa/runtime/cases/rpm.py
@@ -57,8 +57,8 @@ class RpmBasicTest(OERuntimeTestCase):
                     return
                 time.sleep(1)
             user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
-            msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
-            assertTrue(True, msg=msg)
+            msg = "User %s has processes still running: %s" % (u, "\n".join(user_pss))
+            self.fail(msg=msg)
 
         def unset_up_test_user(u):
             # ensure no test1 process in running
-- 
2.34.1

[OE-core][dunfell 14/14] grub2.inc: remove '-O2' from CFLAGS

[Steve Sakoman]

From: Kai Kang <kai.kang@windriver.com>

It fails to boot grub after upgrade grub to 2.06. According to
description in

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14367

it is introduced by a commit to fix CVE. So remove option '-O2' from
CFLAGS rather than revert the commit to avoid the failure.

[YOCTO #14367]

CC: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69805629b8f47fd46a37b7c5cc435982e2ac3d1d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/grub/grub2.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 5a6e213936..bfcda76c24 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -128,6 +128,8 @@ GRUBPLATFORM ??= "pc"
 
 inherit autotools gettext texinfo pkgconfig
 
+CFLAGS_remove = "-O2"
+
 EXTRA_OECONF = "--with-platform=${GRUBPLATFORM} \
                 --disable-grub-mkfont \
                 --program-prefix="" \
-- 
2.34.1

[OE-core][dunfell 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, September 14.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5868

The following changes since commit c953ccba6c2a334cc58a97eee073bdb51a68f1d3:

  linux/cve-exclusion: remove obsolete manual entries (2023-08-31 04:26:32 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Anuj Mittal (4):
  glibc/check-test-wrapper: don't emit warnings from ssh
  selftest/cases/glibc.py: increase the memory for testing
  oeqa/utils/nfs: allow requesting non-udp ports
  selftest/cases/glibc.py: switch to using NFS over TCP

Ashish Sharma (1):
  qemu: Backport fix CVE-2023-3180

Michael Halstead (2):
  yocto-uninative: Update to 4.3
  resulttool/resultutils: allow index generation despite corrupt json

Priyal Doshi (1):
  rootfs-post: remove traling blanks from tasks

Richard Purdie (2):
  oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
  oeqa/runtime/ltp: Increase ltp test output timeout

Shubham Kulkarni (1):
  openssh: Securiry fix for CVE-2023-38408

Staffan Rydén (1):
  kernel: Fix path comparison in kernel staging dir symlinking

Vijay Anusuri (2):
  bind: Backport fix for CVE-2023-2828
  qemu: Backport fix for CVE-2023-0330

 meta/classes/kernel.bbclass                   |   7 +-
 meta/classes/rootfs-postcommands.bbclass      |   6 +-
 meta/classes/rootfsdebugfiles.bbclass         |   2 +-
 meta/conf/distro/include/yocto-uninative.inc  |   8 +-
 meta/lib/oeqa/core/target/ssh.py              |   3 +
 meta/lib/oeqa/runtime/cases/ltp.py            |   2 +-
 meta/lib/oeqa/selftest/cases/glibc.py         |   6 +-
 meta/lib/oeqa/utils/nfs.py                    |   4 +-
 .../bind/bind/CVE-2023-2828.patch             | 166 +++++
 .../recipes-connectivity/bind/bind_9.11.37.bb |   1 +
 .../openssh/openssh/CVE-2023-38408-01.patch   | 189 ++++++
 .../openssh/openssh/CVE-2023-38408-02.patch   | 581 ++++++++++++++++++
 .../openssh/openssh/CVE-2023-38408-03.patch   | 171 ++++++
 .../openssh/openssh/CVE-2023-38408-04.patch   |  34 +
 .../openssh/openssh/CVE-2023-38408-05.patch   | 194 ++++++
 .../openssh/openssh/CVE-2023-38408-06.patch   |  73 +++
 .../openssh/openssh/CVE-2023-38408-07.patch   | 125 ++++
 .../openssh/openssh/CVE-2023-38408-08.patch   | 315 ++++++++++
 .../openssh/openssh/CVE-2023-38408-09.patch   |  38 ++
 .../openssh/openssh/CVE-2023-38408-10.patch   |  39 ++
 .../openssh/openssh/CVE-2023-38408-11.patch   | 307 +++++++++
 .../openssh/openssh/CVE-2023-38408-12.patch   | 120 ++++
 .../openssh/openssh_8.2p1.bb                  |  12 +
 .../glibc/glibc/check-test-wrapper            |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   4 +-
 ...-2023-0330.patch => CVE-2023-0330_1.patch} |   0
 .../qemu/qemu/CVE-2023-0330_2.patch           | 135 ++++
 .../qemu/qemu/CVE-2023-3180.patch             |  49 ++
 scripts/lib/resulttool/resultutils.py         |   6 +-
 29 files changed, 2579 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2023-2828.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-01.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-02.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-03.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-04.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-05.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-06.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-07.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-08.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-09.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-11.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-12.patch
 rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330.patch => CVE-2023-0330_1.patch} (100%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3180.patch

-- 
2.34.1