[OE-core][kirkstone 0/6] Patch review

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, May 17

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6895

The following changes since commit 24fd9b6756728a0337100f53a1c6e92aba092f9d:

  ppp: Add RSA-MD in LICENSE (2024-05-08 05:19:26 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (2):
  xserver-xorg: fix CVE-2024-31082
  xserver-xorg: fix CVE-2024-31083

Bhabu Bindu (1):
  libpciaccess: Remove duplicated license entry

Peter Marko (1):
  glibc: Update to latest on stable 2.35 branch

Vijay Anusuri (2):
  bluez5: Fix CVE-2023-27349 CVE-2023-50229 & CVE-2023-50230
  gstreamer1.0-plugins-bad: fix CVE-2023-50186

 meta/recipes-connectivity/bluez5/bluez5.inc   |   2 +
 .../bluez5/bluez5/CVE-2023-27349.patch        |  48 +++++++
 .../CVE-2023-50229_CVE-2023-50230.patch       |  67 ++++++++++
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 ...y-the-header-between-arm-and-aarch64.patch |  64 +++++-----
 meta/recipes-core/glibc/glibc_2.35.bb         |   5 +-
 .../xorg-lib/libpciaccess_0.16.bb             |   2 +-
 .../xserver-xorg/CVE-2024-31082.patch         |  52 ++++++++
 .../xserver-xorg/CVE-2024-31083-0001.patch    | 117 ++++++++++++++++++
 .../xserver-xorg/CVE-2024-31083-0002.patch    |  76 ++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   3 +
 .../CVE-2023-50186.patch                      |  70 +++++++++++
 .../gstreamer1.0-plugins-bad_1.20.7.bb        |   1 +
 13 files changed, 478 insertions(+), 31 deletions(-)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch

-- 
2.34.1

[OE-core][kirkstone 1/6] xserver-xorg: fix CVE-2024-31082

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2024-31082.patch         | 52 +++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch
new file mode 100644
index 0000000000..81d76977bb
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31082.patch
@@ -0,0 +1,52 @@
+From 6c684d035c06fd41c727f0ef0744517580864cef Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 22 Mar 2024 19:07:34 -0700
+Subject: [PATCH] Xquartz: ProcAppleDRICreatePixmap needs to use unswapped
+ length to send reply
+
+CVE-2024-31082
+
+Fixes: 14205ade0 ("XQuartz: appledri: Fix byte swapping in replies")
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
+
+CVE: CVE-2024-31082
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd4]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ hw/xquartz/xpr/appledri.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c
+index 7757465..40422b6 100644
+--- a/hw/xquartz/xpr/appledri.c
++++ b/hw/xquartz/xpr/appledri.c
+@@ -272,6 +272,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
+     xAppleDRICreatePixmapReply rep;
+     int width, height, pitch, bpp;
+     void *ptr;
++    CARD32 stringLength;
+
+     REQUEST_SIZE_MATCH(xAppleDRICreatePixmapReq);
+
+@@ -307,6 +308,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
+     if (sizeof(rep) != sz_xAppleDRICreatePixmapReply)
+         ErrorF("error sizeof(rep) is %zu\n", sizeof(rep));
+
++    stringLength = rep.stringLength;  /* save unswapped value */
+     if (client->swapped) {
+         swaps(&rep.sequenceNumber);
+         swapl(&rep.length);
+@@ -319,7 +321,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
+     }
+
+     WriteToClient(client, sizeof(rep), &rep);
+-    WriteToClient(client, rep.stringLength, path);
++    WriteToClient(client, stringLength, path);
+
+     return Success;
+ }
+--
+2.40.0
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index b9eed92103..0a8cb7d81a 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -18,6 +18,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2024-0409.patch \
            file://CVE-2024-31080.patch \
            file://CVE-2024-31081.patch \
+           file://CVE-2024-31082.patch \
            "
 SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
 
-- 
2.34.1

[OE-core][kirkstone 2/6] xserver-xorg: fix CVE-2024-31083

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

FreeGlyph() function declared in render/glyphstr_priv.h, it is not present in
current recipe version and introduced in later versions, added this change to
render/glyphstr.h

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2024-31083-0001.patch    | 117 ++++++++++++++++++
 .../xserver-xorg/CVE-2024-31083-0002.patch    |  76 ++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   2 +
 3 files changed, 195 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch
new file mode 100644
index 0000000000..1ef9d933ae
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0001.patch
@@ -0,0 +1,117 @@
+From bdca6c3d1f5057eeb31609b1280fc93237b00c77 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 30 Jan 2024 13:13:35 +1000
+Subject: [PATCH] render: fix refcounting of glyphs during ProcRenderAddGlyphs
+
+Previously, AllocateGlyph would return a new glyph with refcount=0 and a
+re-used glyph would end up not changing the refcount at all. The
+resulting glyph_new array would thus have multiple entries pointing to
+the same non-refcounted glyphs.
+
+AddGlyph may free a glyph, resulting in a UAF when the same glyph
+pointer is then later used.
+
+Fix this by returning a refcount of 1 for a new glyph and always
+incrementing the refcount for a re-used glyph, followed by dropping that
+refcount back down again when we're done with it.
+
+CVE-2024-31083, ZDI-CAN-22880
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
+
+CVE: CVE-2024-31083
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057ee]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ render/glyph.c    |  5 +++--
+ render/glyphstr.h |  2 ++
+ render/render.c   | 15 +++++++++++----
+ 3 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/render/glyph.c b/render/glyph.c
+index f3ed9cf..d5fc5f3 100644
+--- a/render/glyph.c
++++ b/render/glyph.c
+@@ -245,10 +245,11 @@ FreeGlyphPicture(GlyphPtr glyph)
+     }
+ }
+
+-static void
++void
+ FreeGlyph(GlyphPtr glyph, int format)
+ {
+     CheckDuplicates(&globalGlyphs[format], "FreeGlyph");
++    BUG_RETURN(glyph->refcnt == 0);
+     if (--glyph->refcnt == 0) {
+         GlyphRefPtr gr;
+         int i;
+@@ -354,7 +355,7 @@ AllocateGlyph(xGlyphInfo * gi, int fdepth)
+     glyph = (GlyphPtr) malloc(size);
+     if (!glyph)
+         return 0;
+-    glyph->refcnt = 0;
++    glyph->refcnt = 1;
+     glyph->size = size + sizeof(xGlyphInfo);
+     glyph->info = *gi;
+     dixInitPrivates(glyph, (char *) glyph + head_size, PRIVATE_GLYPH);
+diff --git a/render/glyphstr.h b/render/glyphstr.h
+index 2f51bd2..68f8c9e 100644
+--- a/render/glyphstr.h
++++ b/render/glyphstr.h
+@@ -117,6 +117,8 @@ extern GlyphSetPtr AllocateGlyphSet(int fdepth, PictFormatPtr format);
+ extern int
+  FreeGlyphSet(void *value, XID gid);
+
++void FreeGlyph(GlyphPtr glyph, int format);
++
+ #define GLYPH_HAS_GLYPH_PICTURE_ACCESSOR 1 /* used for api compat */
+ extern _X_EXPORT PicturePtr
+  GetGlyphPicture(GlyphPtr glyph, ScreenPtr pScreen);
+diff --git a/render/render.c b/render/render.c
+index 456f156..5bc2a20 100644
+--- a/render/render.c
++++ b/render/render.c
+@@ -1076,6 +1076,7 @@ ProcRenderAddGlyphs(ClientPtr client)
+
+         if (glyph_new->glyph && glyph_new->glyph != DeletedGlyph) {
+             glyph_new->found = TRUE;
++            ++glyph_new->glyph->refcnt;
+         }
+         else {
+             GlyphPtr glyph;
+@@ -1168,8 +1169,10 @@ ProcRenderAddGlyphs(ClientPtr client)
+         err = BadAlloc;
+         goto bail;
+     }
+-    for (i = 0; i < nglyphs; i++)
++    for (i = 0; i < nglyphs; i++) {
+         AddGlyph(glyphSet, glyphs[i].glyph, glyphs[i].id);
++        FreeGlyph(glyphs[i].glyph, glyphSet->fdepth);
++    }
+
+     if (glyphsBase != glyphsLocal)
+         free(glyphsBase);
+@@ -1179,9 +1182,13 @@ ProcRenderAddGlyphs(ClientPtr client)
+         FreePicture((void *) pSrc, 0);
+     if (pSrcPix)
+         FreeScratchPixmapHeader(pSrcPix);
+-    for (i = 0; i < nglyphs; i++)
+-        if (glyphs[i].glyph && !glyphs[i].found)
+-            free(glyphs[i].glyph);
++    for (i = 0; i < nglyphs; i++) {
++        if (glyphs[i].glyph) {
++            --glyphs[i].glyph->refcnt;
++            if (!glyphs[i].found)
++                free(glyphs[i].glyph);
++        }
++    }
+     if (glyphsBase != glyphsLocal)
+         free(glyphsBase);
+     return err;
+--
+2.40.0
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch
new file mode 100644
index 0000000000..3cea29f001
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31083-0002.patch
@@ -0,0 +1,76 @@
+From 337d8d48b618d4fc0168a7b978be4c3447650b04 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Fri, 5 Apr 2024 15:24:49 +0200
+Subject: [PATCH] render: Avoid possible double-free in ProcRenderAddGlyphs()
+ ProcRenderAddGlyphs() adds the glyph to the glyphset using AddGlyph() and
+ then frees it using FreeGlyph() to decrease the reference count, after
+ AddGlyph() has increased it.
+
+AddGlyph() however may chose to reuse an existing glyph if it's already
+in the glyphSet, and free the glyph that was given, in which case the
+caller function, ProcRenderAddGlyphs() will call FreeGlyph() on an
+already freed glyph, as reported by ASan:
+
+  READ of size 4 thread T0
+    #0 in FreeGlyph xserver/render/glyph.c:252
+    #1 in ProcRenderAddGlyphs xserver/render/render.c:1174
+    #2 in Dispatch xserver/dix/dispatch.c:546
+    #3 in dix_main xserver/dix/main.c:271
+    #4 in main xserver/dix/stubmain.c:34
+    #5 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+    #6 in __libc_start_main_impl ../csu/libc-start.c:360
+    #7  (/usr/bin/Xwayland+0x44fe4)
+  Address is located 0 bytes inside of 64-byte region
+  freed by thread T0 here:
+    #0 in __interceptor_free libsanitizer/asan/asan_malloc_linux.cpp:52
+    #1 in _dixFreeObjectWithPrivates xserver/dix/privates.c:538
+    #2 in AddGlyph xserver/render/glyph.c:295
+    #3 in ProcRenderAddGlyphs xserver/render/render.c:1173
+    #4 in Dispatch xserver/dix/dispatch.c:546
+    #5 in dix_main xserver/dix/main.c:271
+    #6 in main xserver/dix/stubmain.c:34
+    #7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+  previously allocated by thread T0 here:
+    #0 in __interceptor_malloc libsanitizer/asan/asan_malloc_linux.cpp:69
+    #1 in AllocateGlyph xserver/render/glyph.c:355
+    #2 in ProcRenderAddGlyphs xserver/render/render.c:1085
+    #3 in Dispatch xserver/dix/dispatch.c:546
+    #4 in dix_main xserver/dix/main.c:271
+    #5 in main xserver/dix/stubmain.c:34
+    #6 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+  SUMMARY: AddressSanitizer: heap-use-after-free xserver/render/glyph.c:252 in FreeGlyph
+
+To avoid that, make sure not to free the given glyph in AddGlyph().
+
+v2: Simplify the test using the boolean returned from AddGlyph() (Michel)
+v3: Simplify even more by not freeing the glyph in AddGlyph() (Peter)
+
+Fixes: bdca6c3d1 - render: fix refcounting of glyphs during ProcRenderAddGlyphs
+Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1476>
+
+CVE: CVE-2024-31083
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ render/glyph.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/render/glyph.c b/render/glyph.c
+index d5fc5f3..f5069d4 100644
+--- a/render/glyph.c
++++ b/render/glyph.c
+@@ -291,8 +291,6 @@ AddGlyph(GlyphSetPtr glyphSet, GlyphPtr glyph, Glyph id)
+     gr = FindGlyphRef(&globalGlyphs[glyphSet->fdepth], signature,
+                       TRUE, glyph->sha1);
+     if (gr->glyph && gr->glyph != DeletedGlyph && gr->glyph != glyph) {
+-        FreeGlyphPicture(glyph);
+-        dixFreeObjectWithPrivates(glyph, PRIVATE_GLYPH);
+         glyph = gr->glyph;
+     }
+     else if (gr->glyph != glyph) {
+--
+2.40.0
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 0a8cb7d81a..fe577050d9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -19,6 +19,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2024-31080.patch \
            file://CVE-2024-31081.patch \
            file://CVE-2024-31082.patch \
+           file://CVE-2024-31083-0001.patch \
+           file://CVE-2024-31083-0002.patch \
            "
 SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
 
-- 
2.34.1

[OE-core][kirkstone 3/6] bluez5: Fix CVE-2023-27349 CVE-2023-50229 & CVE-2023-50230

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport
[https://github.com/bluez/bluez/commit/f54299a850676d92c3dafd83e9174fcfe420ccc9
&
https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/bluez5/bluez5.inc   |  2 +
 .../bluez5/bluez5/CVE-2023-27349.patch        | 48 +++++++++++++
 .../CVE-2023-50229_CVE-2023-50230.patch       | 67 +++++++++++++++++++
 3 files changed, 117 insertions(+)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 7786b65670..97193a5f1c 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -55,6 +55,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
 	   file://CVE-2023-45866.patch \
+	   file://CVE-2023-27349.patch \
+	   file://CVE-2023-50229_CVE-2023-50230.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch
new file mode 100644
index 0000000000..946208099a
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-27349.patch
@@ -0,0 +1,48 @@
+From f54299a850676d92c3dafd83e9174fcfe420ccc9 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 22 Mar 2023 11:34:24 -0700
+Subject: [PATCH] avrcp: Fix crash while handling unsupported events
+
+The following crash can be observed if the remote peer send and
+unsupported event:
+
+ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
+ at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
+ WRITE of size 1 at 0x60b000148f11 thread T0
+     #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
+     #1 0x559644536c22 in control_response profiles/audio/avctp.c:939
+     #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
+     #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
+     #4 0x7fbcb3ea66c7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
+     #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
+     #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
+     #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
+     #8 0x5596445bb963 in main src/main.c:1289
+     #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+     #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
+     #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)
+
+Upstream-Status: Backport [https://github.com/bluez/bluez/commit/f54299a850676d92c3dafd83e9174fcfe420ccc9]
+CVE: CVE-2023-27349
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ profiles/audio/avrcp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
+index 80f34c7a77..dda9a303fb 100644
+--- a/profiles/audio/avrcp.c
++++ b/profiles/audio/avrcp.c
+@@ -3901,6 +3901,12 @@ static gboolean avrcp_handle_event(struct avctp *conn, uint8_t code,
+ 	case AVRCP_EVENT_UIDS_CHANGED:
+ 		avrcp_uids_changed(session, pdu);
+ 		break;
++	default:
++		if (event > AVRCP_EVENT_LAST) {
++			warn("Unsupported event: %u", event);
++			return FALSE;
++		}
++		break;
+ 	}
+ 
+ 	session->registered_events |= (1 << event);
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch
new file mode 100644
index 0000000000..92684d8210
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-50229_CVE-2023-50230.patch
@@ -0,0 +1,67 @@
+From 5ab5352531a9cc7058cce569607f3a6831464443 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 19 Sep 2023 12:14:01 -0700
+Subject: [PATCH] pbap: Fix not checking Primary/Secundary Counter length
+
+Primary/Secundary Counters are supposed to be 16 bytes values, if the
+server has implemented them incorrectly it may lead to the following
+crash:
+
+=================================================================
+==31860==ERROR: AddressSanitizer: heap-buffer-overflow on address
+0x607000001878 at pc 0x7f95a1575638 bp 0x7fff58c6bb80 sp 0x7fff58c6b328
+
+ READ of size 48 at 0x607000001878 thread T0
+     #0 0x7f95a1575637 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
+     #1 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
+     #2 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
+     #3 0x564df69c77a0 in read_version obexd/client/pbap.c:288
+     #4 0x564df69c77a0 in read_return_apparam obexd/client/pbap.c:352
+     #5 0x564df69c77a0 in phonebook_size_callback obexd/client/pbap.c:374
+     #6 0x564df69bea3c in session_terminate_transfer obexd/client/session.c:921
+     #7 0x564df69d56b0 in get_xfer_progress_first obexd/client/transfer.c:729
+     #8 0x564df698b9ee in handle_response gobex/gobex.c:1140
+     #9 0x564df698cdea in incoming_data gobex/gobex.c:1385
+     #10 0x7f95a12fdc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
+     #11 0x7f95a13526c7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
+     #12 0x7f95a12fd2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
+     #13 0x564df6977d41 in main obexd/src/main.c:307
+     #14 0x7f95a10a7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+     #15 0x7f95a10a7e3f in __libc_start_main_impl ../csu/libc-start.c:392
+     #16 0x564df6978704 in _start (/usr/local/libexec/bluetooth/obexd+0x8b704)
+ 0x607000001878 is located 0 bytes to the right of 72-byte region [0x607000001830,0x607000001878)
+
+ allocated by thread T0 here:
+     #0 0x7f95a1595a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
+     #1 0x564df69c8b6a in pbap_probe obexd/client/pbap.c:1259
+
+Upstream-Status: Backport [https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443]
+CVE: CVE-2023-50229 CVE-2023-50230
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ obexd/client/pbap.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c
+index 1ed8c68ecc..2d2aa95089 100644
+--- a/obexd/client/pbap.c
++++ b/obexd/client/pbap.c
+@@ -285,7 +285,7 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam)
+ 		data = value;
+ 	}
+ 
+-	if (memcmp(pbap->primary, data, len)) {
++	if (len == sizeof(pbap->primary) && memcmp(pbap->primary, data, len)) {
+ 		memcpy(pbap->primary, data, len);
+ 		g_dbus_emit_property_changed(conn,
+ 					obc_session_get_path(pbap->session),
+@@ -299,7 +299,8 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam)
+ 		data = value;
+ 	}
+ 
+-	if (memcmp(pbap->secondary, data, len)) {
++	if (len == sizeof(pbap->secondary) &&
++			memcmp(pbap->secondary, data, len)) {
+ 		memcpy(pbap->secondary, data, len);
+ 		g_dbus_emit_property_changed(conn,
+ 					obc_session_get_path(pbap->session),
-- 
2.34.1

[OE-core][kirkstone 4/6] gstreamer1.0-plugins-bad: fix CVE-2023-50186

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport
[https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2023-50186.patch                      | 70 +++++++++++++++++++
 .../gstreamer1.0-plugins-bad_1.20.7.bb        |  1 +
 2 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch
new file mode 100644
index 0000000000..86bae8fcaa
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-50186.patch
@@ -0,0 +1,70 @@
+From a46737a73155fe1c19fa5115df40da35426f9fb5 Mon Sep 17 00:00:00 2001
+From: Seungha Yang <seungha@centricular.com>
+Date: Thu, 23 Nov 2023 20:24:42 +0900
+Subject: [PATCH] av1parser: Fix array sizes in scalability structure
+
+Since the AV1 specification is not explicitly mentioning about
+the array size bounds, array sizes in scalability structure
+should be defined as possible maximum sizes that can have.
+
+Also, this commit removes GST_AV1_MAX_SPATIAL_LAYERS define from
+public header which is API break but the define is misleading
+and this patch is introducing ABI break already
+
+ZDI-CAN-22300
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5824>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5]
+CVE: CVE-2023-50186
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gst-libs/gst/codecparsers/gstav1parser.h | 11 +++++------
+ gst/videoparsers/gstav1parse.c           |  2 +-
+ 2 files changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/gst-libs/gst/codecparsers/gstav1parser.h b/gst-libs/gst/codecparsers/gstav1parser.h
+index 31f5945..ef6ce9e 100644
+--- a/gst-libs/gst/codecparsers/gstav1parser.h
++++ b/gst-libs/gst/codecparsers/gstav1parser.h
+@@ -71,9 +71,8 @@ G_BEGIN_DECLS
+ #define GST_AV1_MAX_TILE_COUNT                 512
+ #define GST_AV1_MAX_OPERATING_POINTS    \
+   (GST_AV1_MAX_NUM_TEMPORAL_LAYERS * GST_AV1_MAX_NUM_SPATIAL_LAYERS)
+-#define GST_AV1_MAX_SPATIAL_LAYERS             2  /* correct? */
+-#define GST_AV1_MAX_TEMPORAL_GROUP_SIZE        8  /* correct? */
+-#define GST_AV1_MAX_TEMPORAL_GROUP_REFERENCES  8  /* correct? */
++#define GST_AV1_MAX_TEMPORAL_GROUP_SIZE        255
++#define GST_AV1_MAX_TEMPORAL_GROUP_REFERENCES  7
+ #define GST_AV1_MAX_NUM_Y_POINTS               16
+ #define GST_AV1_MAX_NUM_CB_POINTS              16
+ #define GST_AV1_MAX_NUM_CR_POINTS              16
+@@ -968,9 +967,9 @@ struct _GstAV1MetadataScalability {
+   gboolean spatial_layer_dimensions_present_flag;
+   gboolean spatial_layer_description_present_flag;
+   gboolean temporal_group_description_present_flag;
+-  guint16 spatial_layer_max_width[GST_AV1_MAX_SPATIAL_LAYERS];
+-  guint16 spatial_layer_max_height[GST_AV1_MAX_SPATIAL_LAYERS];
+-  guint8 spatial_layer_ref_id[GST_AV1_MAX_SPATIAL_LAYERS];
++  guint16 spatial_layer_max_width[GST_AV1_MAX_NUM_SPATIAL_LAYERS];
++  guint16 spatial_layer_max_height[GST_AV1_MAX_NUM_SPATIAL_LAYERS];
++  guint8 spatial_layer_ref_id[GST_AV1_MAX_NUM_SPATIAL_LAYERS];
+   guint8 temporal_group_size;
+ 
+   guint8 temporal_group_temporal_id[GST_AV1_MAX_TEMPORAL_GROUP_SIZE];
+diff --git a/gst/videoparsers/gstav1parse.c b/gst/videoparsers/gstav1parse.c
+index f127856..ef1bc74 100644
+--- a/gst/videoparsers/gstav1parse.c
++++ b/gst/videoparsers/gstav1parse.c
+@@ -1229,7 +1229,7 @@ gst_av1_parse_handle_sequence_obu (GstAV1Parse * self, GstAV1OBU * obu)
+   }
+ 
+   val = (self->parser->state.operating_point_idc >> 8) & 0x0f;
+-  for (i = 0; i < (1 << GST_AV1_MAX_SPATIAL_LAYERS); i++) {
++  for (i = 0; i < GST_AV1_MAX_NUM_SPATIAL_LAYERS; i++) {
+     if (val & (1 << i))
+       self->highest_spatial_id = i;
+   }
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
index 4151e54284..dbe2b64c32 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
@@ -16,6 +16,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
            file://CVE-2023-44429.patch \
            file://CVE-2024-0444.patch \
            file://CVE-2023-44446.patch \
+           file://CVE-2023-50186.patch \
            "
 SRC_URI[sha256sum] = "87251beebfd1325e5118cc67774061f6e8971761ca65a9e5957919610080d195"
 
-- 
2.34.1

[OE-core][kirkstone 5/6] glibc: Update to latest on stable 2.35 branch

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Adresses CVEs: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602

Changes:
54a666dc5c elf: Disable some subtests of ifuncmain1, ifuncmain5 for !PIE
3a38600cc7 malloc: Exit early on test failure in tst-realloc
924a98402a nscd: Use time_t for return type of addgetnetgrentX
396f065496 login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
77d8f49058 login: Check default sizes of structs utmp, utmpx, lastlog
8e7f0eba01 sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)
55771aba9d elf: Also compile dl-misc.os with $(rtld-early-cflags)
7a5864cac6 CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
bafadc589f CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
4370bef52b CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
7a95873543 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)

Since glibc introduced file sysdeps/arm/bits/wordsize.h
our multilib patch needed to be updated.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc     |  2 +-
 ...y-the-header-between-arm-and-aarch64.patch | 64 +++++++++++--------
 meta/recipes-core/glibc/glibc_2.35.bb         |  5 +-
 3 files changed, 41 insertions(+), 30 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index cd8c7ecf94..1a8d51ef63 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.35/master"
 PV = "2.35"
-SRCREV_glibc ?= "36280d1ce5e245aabefb877fe4d3c6cff95dabfa"
+SRCREV_glibc ?= "54a666dc5c94897dab63856ba264ab2c53503303"
 SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch b/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
index 3b2d638b5f..789d2edf23 100644
--- a/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
+++ b/meta/recipes-core/glibc/glibc/0018-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
@@ -11,16 +11,15 @@ Upstream-Status: Inappropriate [ OE-Specific ]
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- sysdeps/aarch64/bits/wordsize.h          |  8 ++++++--
- sysdeps/{aarch64 => arm}/bits/wordsize.h | 10 +++++++---
- 2 files changed, 13 insertions(+), 5 deletions(-)
- copy sysdeps/{aarch64 => arm}/bits/wordsize.h (80%)
+ sysdeps/aarch64/bits/wordsize.h | 11 +++++++++--
+ sysdeps/arm/bits/wordsize.h     | 16 +++++++++++++++-
+ 2 files changed, 24 insertions(+), 3 deletions(-)
 
 diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h
-index 4635431f0e..5ef0ed21f3 100644
+index 4635431f0e..1639bcb063 100644
 --- a/sysdeps/aarch64/bits/wordsize.h
 +++ b/sysdeps/aarch64/bits/wordsize.h
-@@ -17,12 +17,16 @@
+@@ -17,12 +17,19 @@
     License along with the GNU C Library; if not, see
     <https://www.gnu.org/licenses/>.  */
  
@@ -33,38 +32,47 @@ index 4635431f0e..5ef0ed21f3 100644
  # define __WORDSIZE32_SIZE_ULONG	1
  # define __WORDSIZE32_PTRDIFF_LONG	1
 +#else
-+# define __WORDSIZE			32
-+# define __WORDSIZE32_SIZE_ULONG	0
-+# define __WORDSIZE32_PTRDIFF_LONG	0
++#define __WORDSIZE			32
++#define __WORDSIZE_TIME64_COMPAT32	1
++#define __WORDSIZE32_SIZE_ULONG		0
++#define __WORDSIZE32_PTRDIFF_LONG	0
  #endif
  
++#ifdef __aarch64__
  #define __WORDSIZE_TIME64_COMPAT32	0
-diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
-similarity index 80%
-copy from sysdeps/aarch64/bits/wordsize.h
-copy to sysdeps/arm/bits/wordsize.h
-index 4635431f0e..34fcdef1f1 100644
---- a/sysdeps/aarch64/bits/wordsize.h
++#endif
+diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
+index 6ecbfe7c86..1639bcb063 100644
+--- a/sysdeps/arm/bits/wordsize.h
 +++ b/sysdeps/arm/bits/wordsize.h
-@@ -17,12 +17,16 @@
+@@ -1,4 +1,6 @@
+-/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
++/* Determine the wordsize from the preprocessor defines.
++
++   Copyright (C) 2016-2022 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -15,7 +17,19 @@
     License along with the GNU C Library; if not, see
     <https://www.gnu.org/licenses/>.  */
  
--#ifdef __LP64__
 +#if defined (__aarch64__) && defined (__LP64__)
- # define __WORDSIZE			64
--#else
++# define __WORDSIZE			64
 +#elif defined (__aarch64__)
- # define __WORDSIZE			32
- # define __WORDSIZE32_SIZE_ULONG	1
- # define __WORDSIZE32_PTRDIFF_LONG	1
-+#else
 +# define __WORDSIZE			32
-+# define __WORDSIZE32_SIZE_ULONG	0
-+# define __WORDSIZE32_PTRDIFF_LONG	0
- #endif
- 
- #define __WORDSIZE_TIME64_COMPAT32	0
++# define __WORDSIZE32_SIZE_ULONG	1
++# define __WORDSIZE32_PTRDIFF_LONG	1
++#else
+ #define __WORDSIZE			32
+ #define __WORDSIZE_TIME64_COMPAT32	1
+ #define __WORDSIZE32_SIZE_ULONG		0
+ #define __WORDSIZE32_PTRDIFF_LONG	0
++#endif
++
++#ifdef __aarch64__
++#define __WORDSIZE_TIME64_COMPAT32	0
++#endif
 -- 
 2.34.1
 
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 74d7f753d8..9400e1e920 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -24,7 +24,10 @@ CVE_CHECK_IGNORE += "CVE-2019-1010025"
 CVE_CHECK_IGNORE += "CVE-2023-4527"
 
 # To avoid these in cve-check reports since the recipe version did not change
-CVE_CHECK_IGNORE += "CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 CVE-2024-2961"
+CVE_CHECK_IGNORE += " \
+    CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 \
+    CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 \
+"
 
 DEPENDS += "gperf-native bison-native"
 
-- 
2.34.1

[OE-core][kirkstone 6/6] libpciaccess: Remove duplicated license entry

[Steve Sakoman]

From: Bhabu Bindu <bhabu.bindu@kpit.com>

Remove duplicated MIT license entry for libpciaccess

Duplication was done as part of below commit:

Link: https://git.yoctoproject.org/poky/commit/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb?h=kirkstone&id=b0130fcf91daee0d905af755302fabe608da141c

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb b/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb
index d55315efc2..445f3751fe 100644
--- a/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb
+++ b/meta/recipes-graphics/xorg-lib/libpciaccess_0.16.bb
@@ -11,7 +11,7 @@ SRC_URI += "\
 SRC_URI[md5sum] = "b34e2cbdd6aa8f9cc3fa613fd401a6d6"
 SRC_URI[sha256sum] = "214c9d0d884fdd7375ec8da8dcb91a8d3169f263294c9a90c575bf1938b9f489"
 
-LICENSE = "MIT & MIT"
+LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=277aada5222b9a22fbf3471ff3687068"
 
 REQUIRED_DISTRO_FEATURES = ""
-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, May 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1554

The following changes since commit 25ba9895b98715adb66a06e50f644aea2e2c9eb6:

  Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR" (2025-04-29 07:45:33 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Haixiao Yan (1):
  glibc: Add single-threaded fast path to rand()

Hitendra Prajapati (1):
  busybox: fix CVE-2023-39810

Peter Marko (3):
  ghostscript: ignore CVE-2025-27837
  ghostscript: ignore CVE-2024-29507
  qemu: ignore CVE-2023-1386

Praveen Kumar (1):
  connman :fix CVE-2025-32743

 .../connman/connman/CVE-2025-32743.patch      |  43 ++++++
 .../connman/connman_1.41.bb                   |   1 +
 .../busybox/busybox/CVE-2023-39810.patch      | 131 ++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   1 +
 ...dd-single-threaded-fast-path-to-rand.patch |  47 +++++++
 meta/recipes-core/glibc/glibc_2.35.bb         |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +
 .../ghostscript/ghostscript_9.55.0.bb         |   4 +-
 8 files changed, 230 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch

-- 
2.43.0

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, March 26

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1242

The following changes since commit acb88b244e89bc1300a24f60d0a44c21e0ab1af6:

  vim: Upgrade 9.1.1043 -> 9.1.1115 (2025-03-13 09:19:58 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Peter Marko (1):
  tiff: mark CVE-2023-30774 as patched

Robert Yang (1):
  libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt

Vijay Anusuri (2):
  libxslt: Fix for CVE-2024-55549
  libxslt: Fix for CVE-2025-24855

Yogita Urade (2):
  xserver-xorg: fix CVE-2022-49737
  xwayland: fix CVE-2022-49737

 .../libxcrypt/libxcrypt-compat_4.4.33.bb      |   2 +-
 .../xserver-xorg/CVE-2022-49737.patch         |  90 ++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   1 +
 .../xwayland/xwayland/CVE-2022-49737.patch    |  90 ++++++++++++
 .../xwayland/xwayland_22.1.8.bb               |   1 +
 ...-of-TIFFTAG_INKNAMES-and-related-TIF.patch |   4 +-
 .../libxslt/libxslt/CVE-2024-55549.patch      |  49 +++++++
 .../libxslt/libxslt/CVE-2025-24855.patch      | 134 ++++++++++++++++++
 .../recipes-support/libxslt/libxslt_1.1.35.bb |   5 +-
 9 files changed, 373 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-49737.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2022-49737.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2024-55549.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-24855.patch

-- 
2.43.0

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, March 12

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1152

The following changes since commit 0d9f2fcc2058407eb138297d9f8f12595851b963:

  mesa: Fix missing GLES3 headers in SDK sysroot (2025-03-04 08:43:39 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alessio Cascone (1):
  tzcode-native: Fix compiler setting from 2023d version

Deepesh Varatharajan (1):
  binutils: Fix CVE-2025-0840

Hitendra Prajapati (1):
  ruby: Fix CVE-2025-27220

Priyal Doshi (1):
  tzdata/tzcode-native: upgrade 2024b -> 2025a

Vijay Anusuri (2):
  openssh: Fix CVE-2025-26465
  libtasn1: upgrade 4.19.0 -> 4.20.0

 .../openssh/openssh/CVE-2025-26465.patch      | 140 ++++++++++++++++++
 .../openssh/openssh_8.9p1.bb                  |   1 +
 .../binutils/binutils-2.38.inc                |   1 +
 .../binutils/0038-CVE-2025-0840.patch         |  53 +++++++
 .../ruby/ruby/CVE-2025-27220.patch            |  76 ++++++++++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../timezone/tzcode-native.bb                 |   2 +-
 ...{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} |   7 +-
 9 files changed, 279 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-26465.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0038-CVE-2025-0840.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
 rename meta/recipes-support/gnutls/{libtasn1_4.19.0.bb => libtasn1_4.20.0.bb} (63%)

-- 
2.43.0

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 6

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7310

The following changes since commit 6992437d725f9cc88da4261814b69aaadc5ef0f2:

  grub: fs/fat: Don't error when mtime is 0 (2024-08-29 06:13:56 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (1):
  qemu: fix CVE-2024-7409

Rohini Sangam (1):
  python3: Security fix for CVE-2024-8088

Vijay Anusuri (1):
  apr: upgrade 1.7.2 -> 1.7.5

Vrushti Dabhi (2):
  sqlite3: CVE-ID correction for CVE-2023-7104
  sqlite3: Rename patch for CVE-2022-35737

Wang Mingyu (1):
  wireless-regdb: upgrade 2024.05.08 -> 2024.07.04

 .../python/python3/CVE-2024-8088.patch        | 124 +++++++++++++
 .../python/python3_3.10.14.bb                 |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   4 +
 .../qemu/qemu/CVE-2024-7409-0001.patch        | 162 ++++++++++++++++
 .../qemu/qemu/CVE-2024-7409-0002.patch        | 174 ++++++++++++++++++
 .../qemu/qemu/CVE-2024-7409-0003.patch        | 122 ++++++++++++
 .../qemu/qemu/CVE-2024-7409-0004.patch        | 163 ++++++++++++++++
 ....05.08.bb => wireless-regdb_2024.07.04.bb} |   2 +-
 ...-runtime-test-for-mmap-that-can-map-.patch |   2 +-
 .../apr/{apr_1.7.2.bb => apr_1.7.5.bb}        |   2 +-
 ...lementation.patch => CVE-2022-35737.patch} |   0
 .../sqlite/files/CVE-2023-7104.patch          |  10 +-
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   4 +-
 13 files changed, 761 insertions(+), 9 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.05.08.bb => wireless-regdb_2024.07.04.bb} (94%)
 rename meta/recipes-support/apr/{apr_1.7.2.bb => apr_1.7.5.bb} (98%)
 rename meta/recipes-support/sqlite/files/{0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch => CVE-2022-35737.patch} (100%)

-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, August 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7272

The following changes since commit 6c1000a2bbfe5e618e42bc5be2058332337d4177:

  python3-pycryptodome(x): use python_setuptools_build_meta build class (2024-08-15 05:58:11 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Guocai He (1):
  libsoup: fix compile error on centos7

Leon Anavi (1):
  python3: add PACKAGECONFIG[editline]

Niko Mauno (1):
  image_types.bbclass: Use --force also with lz4,lzop

Peter Marko (1):
  libyaml: ignore CVE-2024-35326

Siddharth Doshi (2):
  Tiff: Security fix for CVE-2024-7006
  curl: Security fix for CVE-2024-7264

 meta/classes/image_types.bbclass              |   4 +-
 .../python/python3_3.10.14.bb                 |   5 +-
 .../libtiff/tiff/CVE-2024-7006.patch          |  64 ++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 .../curl/curl/CVE-2024-7264_1.patch           |  66 ++++
 .../curl/curl/CVE-2024-7264_2.patch           | 320 ++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   2 +
 .../0001-meson.build-set-c_std-to-gnu99.patch |  44 +++
 .../libsoup/libsoup-2.4_2.74.2.bb             |   4 +-
 meta/recipes-support/libyaml/libyaml_0.2.5.bb |   2 +-
 10 files changed, 506 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264_1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264_2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/0001-meson.build-set-c_std-to-gnu99.patch

-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, July 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7158

The following changes since commit 5d97b0576e98a2cf402abab1a1edcab223545d87:

  build-appliance-image: Update to kirkstone head revision (2024-07-15 10:31:11 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Ashish Sharma (1):
  ruby: backport fix for CVE-2024-27282

Florian Amstutz (1):
  uboot-sign: Fix index error in concat_dtb_helper() with multiple
    configs

Hitendra Prajapati (1):
  busybox: Fix CVE-2023-42363

Peter Marko (2):
  busybox: Patch CVE-2021-42380
  libarchive: ignore CVE-2024-37407

Vijay Anusuri (1):
  python3-jinja2: Upgrade 3.1.3 -> 3.1.4

 meta/classes/uboot-sign.bbclass               |   6 +-
 .../busybox/busybox/CVE-2021-42380.patch      | 151 ++++++++++++++++++
 .../busybox/busybox/CVE-2023-42363.patch      |  68 ++++++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   2 +
 ...inja2_3.1.3.bb => python3-jinja2_3.1.4.bb} |   8 +-
 .../ruby/ruby/CVE-2024-27282.patch            |  29 ++++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 .../libarchive/libarchive_3.6.2.bb            |   2 +
 8 files changed, 261 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
 rename meta/recipes-devtools/python/{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} (82%)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch

-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, January 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6471

The following changes since commit ebd61290a644a6d9f2b3701e0e7ea050636da76c:

  pybootchartgui: fix 2 SyntaxWarnings (2024-01-16 04:10:03 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (2):
  openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA
    public keys
  pam: fix CVE-2024-22365 pam_namespace misses

Peter Marko (1):
  dropbear: backport patch for CVE-2023-48795

Vijay Anusuri (2):
  gnutls: Fix for CVE-2024-0553 and CVE-2024-0567
  xserver-xorg: Multiple CVE fixes

Yogita Urade (1):
  tiff: fix CVE-2023-6228

 .../openssl/openssl/CVE-2023-6237.patch       | 127 ++++++++++
 .../openssl/openssl_3.0.12.bb                 |   1 +
 meta/recipes-core/dropbear/dropbear.inc       |   1 +
 .../dropbear/dropbear/CVE-2023-48795.patch    | 234 ++++++++++++++++++
 .../pam/libpam/CVE-2024-22365.patch           |  62 +++++
 meta/recipes-extended/pam/libpam_1.5.2.bb     |   1 +
 .../xserver-xorg/CVE-2023-6816.patch          |  55 ++++
 .../xserver-xorg/CVE-2024-0229-1.patch        |  87 +++++++
 .../xserver-xorg/CVE-2024-0229-2.patch        | 221 +++++++++++++++++
 .../xserver-xorg/CVE-2024-0229-3.patch        |  41 +++
 .../xserver-xorg/CVE-2024-0229-4.patch        |  45 ++++
 .../xserver-xorg/CVE-2024-0408.patch          |  64 +++++
 .../xserver-xorg/CVE-2024-0409.patch          |  46 ++++
 .../xserver-xorg/CVE-2024-21885.patch         | 113 +++++++++
 .../xserver-xorg/CVE-2024-21886-1.patch       |  74 ++++++
 .../xserver-xorg/CVE-2024-21886-2.patch       |  57 +++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |  10 +
 .../libtiff/tiff/CVE-2023-6228.patch          |  31 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 .../gnutls/gnutls/CVE-2024-0553.patch         | 125 ++++++++++
 .../gnutls/gnutls/CVE-2024-0567.patch         | 184 ++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   2 +
 22 files changed, 1582 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-48795.patch
 create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-22365.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6816.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-3.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0229-4.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0408.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-0409.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21885.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-21886-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6228.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch

-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, January 10

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6425

The following changes since commit 227b3d4edad31b0d0045f41133271693265240b0:

  tzdata: Upgrade to 2023d (2024-01-02 03:46:18 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Dhairya Nagodra (2):
  cve-update-nvd2-native: faster requests with API keys
  cve-update-nvd2-native: increase the delay between subsequent request
    failures

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20230804 -> 20231030

Peter Marko (2):
  cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
  cve-update-nvd2-native: make number of fetch attemtps configurable

Vijay Anusuri (1):
  xserver-xorg: Fix for CVE-2023-6377 and CVE-2023-6478

 .../meta/cve-update-nvd2-native.bb            | 27 +++++--
 .../xserver-xorg/CVE-2023-6377.patch          | 79 +++++++++++++++++++
 .../xserver-xorg/CVE-2023-6478.patch          | 63 +++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |  2 +
 ...20230804.bb => linux-firmware_20231030.bb} |  4 +-
 5 files changed, 165 insertions(+), 10 deletions(-)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230804.bb => linux-firmware_20231030.bb} (99%)

-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 24

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6084

The following changes since commit 5570e49791b770271f176a4deeb5f6f1a028cb4a:

  uboot-extlinux-config.bbclass: fix missed override syntax migration (2023-10-17 12:19:37 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Lee Chee Yang (1):
  qemu: ignore RHEL specific CVE-2023-2680

Meenali Gupta (1):
  linux-firmware: upgrade 20230625 -> 20230804

Peter Marko (1):
  zlib: patch CVE-2023-45853

Siddharth Doshi (2):
  libx11: Security Fix for CVE-2023-43785, CVE-2023-43786 and
    CVE-2023-43787
  vim: Upgrade 9.0.2009 -> 9.0.2048

Vijay Anusuri (1):
  gawk: backport Debian patch to fix CVE-2023-4156

 .../zlib/zlib/CVE-2023-45853.patch            | 42 +++++++++++++
 meta/recipes-core/zlib/zlib_1.2.11.bb         |  1 +
 meta/recipes-devtools/qemu/qemu.inc           |  4 ++
 .../gawk/gawk/CVE-2023-4156.patch             | 28 +++++++++
 meta/recipes-extended/gawk/gawk_5.1.1.bb      |  1 +
 .../xorg-lib/libx11/CVE-2023-43785.patch      | 62 ++++++++++++++++++
 .../xorg-lib/libx11/CVE-2023-43786-0001.patch | 41 ++++++++++++
 .../xorg-lib/libx11/CVE-2023-43786-0002.patch | 45 +++++++++++++
 .../xorg-lib/libx11/CVE-2023-43786-0003.patch | 51 +++++++++++++++
 .../xorg-lib/libx11/CVE-2023-43787.patch      | 63 +++++++++++++++++++
 .../xorg-lib/libx11_1.7.3.1.bb                |  5 ++
 ...20230625.bb => linux-firmware_20230804.bb} |  4 +-
 meta/recipes-support/vim/vim.inc              |  4 +-
 13 files changed, 347 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
 create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43785.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0001.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0002.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43786-0003.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2023-43787.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230625.bb => linux-firmware_20230804.bb} (99%)

-- 
2.34.1

[OE-core][kirkstone 0/6] Patch review

[Steve Sakoman]

Please review this final set of patches for the kirkstone 4.0.9 release and
have comments back by end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5147

The following changes since commit 3eeab90fd45a1e8de6d9d16dfdec79c72639614b:

  rsync: Turn on -pedantic-errors at the end of 'configure' (2023-03-30 08:29:50 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  patchelf: replace a rejected patch with an equivalent
    uninative.bbclass tweak

Michael Halstead (2):
  uninative: Upgrade to 3.8.1 to include libgcc
  uninative: Upgrade to 3.9 to include glibc 2.37

Shubham Kulkarni (1):
  go-runtime: Security fix for CVE-2022-41723

Simone Weiss (1):
  json-c: Add ptest for json-c

pawan (1):
  curl: Add fix for CVE-2023-23916

 meta/classes/uninative.bbclass                |   2 +
 .../distro/include/ptest-packagelists.inc     |   1 +
 meta/conf/distro/include/yocto-uninative.inc  |  10 +-
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.18/CVE-2022-41723.patch           | 156 +++++++++++++
 meta/recipes-devtools/json-c/json-c/run-ptest |  20 ++
 meta/recipes-devtools/json-c/json-c_0.15.bb   |  16 +-
 .../patchelf/handle-read-only-files.patch     |  65 ------
 .../patchelf/patchelf_0.14.5.bb               |   1 -
 .../curl/curl/CVE-2023-23916.patch            | 219 ++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 11 files changed, 419 insertions(+), 73 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41723.patch
 create mode 100644 meta/recipes-devtools/json-c/json-c/run-ptest
 delete mode 100644 meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch

-- 
2.34.1