[OE-core][scarthgap 00/21] Patch review

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, May 22

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6937

The following changes since commit 294a7dbe44f6b7c8d3a1de8c2cc182af37c4f916:

  build-appliance-image: Update to scarthgap head revision (2024-05-09 04:47:57 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adriaan Schmidt (1):
  libcgroup_3.1.0: fix build on non-systemd systems

Jose Quaresma (2):
  go: Drop the linkmode completely
  Revert "goarch: disable dynamic linking globally"

Kai Kang (1):
  webkitgtk: 2.44.0 -> 2.44.1

Martin Hundebøll (1):
  classes: image_types: apply EXTRA_IMAGECMD:squashfs* in
    oe_mksquashfs()

Mingli Yu (1):
  ncurses: Fix CVE-2023-50495

Peter Marko (6):
  openssl: patch CVE-2024-4603
  glib-2.0: Upgrade 2.78.4 -> 2.78.5
  glib-2.0: Upgrade 2.78.5 -> 2.78.6
  glibc: Update to latest on stable 2.39 branch
  glibc: Update to latest on stable 2.39 branch
  glibc: correct license

Ralph Siemsen (1):
  uboot-sign: fix loop in do_uboot_assemble_fitimage

Ross Burton (3):
  lib/oe/package-manager: allow including self in create_packages_dir
  selftest/classes: add localpkgfeed class
  oeqa/selftest/debuginfod: use localpkgfeed to speed server startup

Sven Schwermer (2):
  recipetool: Handle unclean response in go resolver
  recipetool: Handle several go-import tags in go resolver

Trevor Gamblin (1):
  patchtest: test_metadata: fix invalid escape sequences

Wang Mingyu (1):
  llvm: upgrade 18.1.2 -> 18.1.3

Zev Weiss (1):
  bash: Fix file-substitution error-handling bug

 meta-selftest/classes/localpkgfeed.bbclass    |  27 ++
 meta/classes-recipe/go.bbclass                |   2 -
 meta/classes-recipe/goarch.bbclass            |  14 +-
 meta/classes-recipe/image_types.bbclass       |  20 +-
 meta/classes-recipe/uboot-sign.bbclass        |   2 +-
 meta/lib/oe/package_manager/__init__.py       |   9 +-
 meta/lib/oeqa/selftest/cases/debuginfod.py    |  14 +-
 meta/lib/patchtest/tests/test_metadata.py     |   4 +-
 .../openssl/openssl/CVE-2024-4603.patch       | 179 +++++++++++
 .../openssl/openssl_3.2.1.bb                  |   1 +
 .../glib-2.0/glib-2.0/fix-regex.patch         |  54 ----
 ...{glib-2.0_2.78.4.bb => glib-2.0_2.78.6.bb} |   3 +-
 meta/recipes-core/glibc/glibc-common.inc      |   2 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 ...y-the-header-between-arm-and-aarch64.patch |  47 ++-
 ...e-Pass-mcpu-along-with-march-to-dete.patch |  62 ----
 ...ss.patch => 0023-qemu-stale-process.patch} |   0
 meta/recipes-core/glibc/glibc_2.39.bb         |   7 +-
 ...akefile-install-systemd.h-by-default.patch |  37 +++
 .../recipes-core/libcgroup/libcgroup_3.1.0.bb |   1 +
 .../ncurses/files/CVE-2023-50495.patch        | 301 ++++++++++++++++++
 meta/recipes-core/ncurses/ncurses_6.4.bb      |   1 +
 meta/recipes-devtools/go/go-runtime.inc       |   2 +-
 ...r-sort-ClassInfo-lists-by-name-as-we.patch |   6 +-
 .../bash/bash/fix-filesubst-errexit.patch     |  34 ++
 meta/recipes-extended/bash/bash_5.2.21.bb     |   1 +
 ...af379dc70b4b1a63b01d67179eb431f03ac4.patch |  38 ---
 ...ebkitgtk_2.44.0.bb => webkitgtk_2.44.1.bb} |   3 +-
 scripts/lib/recipetool/create_go.py           |  34 +-
 29 files changed, 685 insertions(+), 222 deletions(-)
 create mode 100644 meta-selftest/classes/localpkgfeed.bbclass
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
 delete mode 100644 meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.78.4.bb => glib-2.0_2.78.6.bb} (95%)
 delete mode 100644 meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch
 rename meta/recipes-core/glibc/glibc/{0024-qemu-stale-process.patch => 0023-qemu-stale-process.patch} (100%)
 create mode 100644 meta/recipes-core/libcgroup/libcgroup/0001-include-Makefile-install-systemd.h-by-default.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-50495.patch
 create mode 100644 meta/recipes-extended/bash/bash/fix-filesubst-errexit.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/2922af379dc70b4b1a63b01d67179eb431f03ac4.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.44.0.bb => webkitgtk_2.44.1.bb} (98%)

-- 
2.34.1

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6993

with two exceptions, the first a known reproducibility issue also present
on master:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=15491

and the second is a failure on meta-agl-core, which will require an update
to the ptest-runner override in meta-agl once "ptest-runner: Bump to 2.4.4 (95f528c)"
merges.


The following changes since commit 0795169be206f1d4d140fe378e2476a44d0ce02b:

  oeqa/selftest/debuginfod: use localpkgfeed to speed server startup (2024-05-19 13:50:01 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (5):
  ghostscript: fix CVE-2024-33870
  ghostscript: fix CVE-2024-33869
  ghostscript: fix CVE-2024-33871
  ghostscript: fix CVE-2024-29510
  xserver-xorg: upgrade 21.1.11 -> 21.1.12

Changqing Li (1):
  ptest-runner: Bump to 2.4.4 (95f528c)

Julien Stephan (2):
  devtool: standard: update-recipe/finish: fix update localfile in
    another layer
  oeqa/selftest/devtool: add test for updating local files into another
    layer

Khem Raj (3):
  llvm: Upgrade to 18.1.4
  llvm: Upgrade to 18.1.5
  llvm: Switch to using release tarballs

Marek Vasut (1):
  gstreamer1.0-plugins-good: Include qttools-native during the build
    with qt5 PACKAGECONFIG

Mark Hatle (1):
  gcc: Fix for CVE-2024-0151

Peter Marko (2):
  ttyrun: define CVE_PRODUCT
  update-rc.d: add +git to PV

Philip Lorenz (2):
  lib/package_manager/ipk: Do not hardcode payload compression algorithm
  ipk: Fix clean up of extracted IPK payload

Rasmus Villemoes (1):
  git: set --with-gitconfig=/etc/gitconfig for -native builds

Ricardo Simoes (1):
  libusb1: Set CVE_PRODUCT

Soumya Sambu (1):
  ncurses: Fix CVE-2023-45918

Yogita Urade (1):
  libarchive: upgrade 3.7.2 -> 3.7.4

 meta/lib/oe/package_manager/ipk/__init__.py   |  14 +-
 meta/lib/oeqa/selftest/cases/devtool.py       |  20 +-
 .../ncurses/files/CVE-2023-45918.patch        | 180 ++++++++++
 meta/recipes-core/ncurses/ncurses_6.4.bb      |   1 +
 meta/recipes-core/ttyrun/ttyrun_2.31.0.bb     |   2 +
 .../update-rc.d/update-rc.d_0.8.bb            |   1 +
 meta/recipes-devtools/gcc/gcc-13.2.inc        |   1 +
 .../gcc/gcc/CVE-2024-0151.patch               | 315 ++++++++++++++++++
 meta/recipes-devtools/git/git_2.44.0.bb       |   1 +
 .../llvm/{llvm_git.bb => llvm_18.1.5.bb}      |  13 +-
 .../ghostscript/CVE-2024-29510.patch          |  84 +++++
 .../ghostscript/CVE-2024-33869-0001.patch     |  39 +++
 .../ghostscript/CVE-2024-33869-0002.patch     |  52 +++
 .../ghostscript/CVE-2024-33870.patch          |  99 ++++++
 .../ghostscript/CVE-2024-33871.patch          |  43 +++
 .../ghostscript/ghostscript_10.02.1.bb        |   5 +
 .../libarchive/libarchive/configurehack.patch |  19 +-
 ...ibarchive_3.7.2.bb => libarchive_3.7.4.bb} |   2 +-
 ...org_21.1.11.bb => xserver-xorg_21.1.12.bb} |   2 +-
 .../gstreamer1.0-plugins-good_1.22.11.bb      |   2 +-
 meta/recipes-support/libusb/libusb1_1.0.27.bb |   2 +
 ...-runner_2.4.3.bb => ptest-runner_2.4.4.bb} |   2 +-
 scripts/lib/devtool/standard.py               |  23 +-
 23 files changed, 888 insertions(+), 34 deletions(-)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-45918.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch
 rename meta/recipes-devtools/llvm/{llvm_git.bb => llvm_18.1.5.bb} (93%)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
 rename meta/recipes-extended/libarchive/{libarchive_3.7.2.bb => libarchive_3.7.4.bb} (96%)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.11.bb => xserver-xorg_21.1.12.bb} (92%)
 rename meta/recipes-support/ptest-runner/{ptest-runner_2.4.3.bb => ptest-runner_2.4.4.bb} (95%)

-- 
2.34.1

[OE-core][scarthgap 01/21] ttyrun: define CVE_PRODUCT

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Single executable ttyrun is taken ouf of s390-tools repository
containing ton of other helper tools.
CVEs are not assigned to executables, but to whole components.
Historically there also already exists one CVE for s390-tools.

Most of the CVEs will not be for ttyrun, but this is the way
how to get notified even if most we get will have to be ignored.

(From oe-core rev: df28547387c2c122aef3e5326b216ec3f4d3caa7)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/ttyrun/ttyrun_2.31.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb b/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb
index 122dd9d8e7..fac11d6310 100644
--- a/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb
+++ b/meta/recipes-core/ttyrun/ttyrun_2.31.0.bb
@@ -9,6 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f5118f167b055bfd7c3450803f1847af"
 SRC_URI = "git://github.com/ibm-s390-linux/s390-tools;protocol=https;branch=master"
 SRCREV = "6f15ed326491a17d83ca60cd2bda47fb5e8a0175"
 
+CVE_PRODUCT = "s390-tools"
+
 S = "${WORKDIR}/git"
 
 EXTRA_OEMAKE = "\
-- 
2.34.1

[OE-core][scarthgap 02/21] ncurses: Fix CVE-2023-45918

[Steve Sakoman]

From: Soumya Sambu <soumya.sambu@windriver.com>

From: Soumya Sambu <soumya.sambu@windriver.com>

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918

(From OE-Core rev: 6573995adf4cfd48b036f8463b39f3864fcfd85b)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ncurses/files/CVE-2023-45918.patch        | 180 ++++++++++++++++++
 meta/recipes-core/ncurses/ncurses_6.4.bb      |   1 +
 2 files changed, 181 insertions(+)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-45918.patch

diff --git a/meta/recipes-core/ncurses/files/CVE-2023-45918.patch b/meta/recipes-core/ncurses/files/CVE-2023-45918.patch
new file mode 100644
index 0000000000..fbdae49a61
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2023-45918.patch
@@ -0,0 +1,180 @@
+From bcf02d3242f1c7d57224a95f7903fcf4b5e7695d Mon Sep 17 00:00:00 2001
+From: Thomas E. Dickey <dickey@invisible-island.net>
+Date: Fri, 16 Jun 2023 02:54:29 +0530
+Subject: [PATCH] Fix CVE-2023-45918
+
+CVE: CVE-2023-45918
+
+Upstream-Status: Backport [https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=bcf02d3242f1c7d57224a95f7903fcf4b5e7695d]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ ncurses/tinfo/comp_error.c | 15 ++++++---
+ ncurses/tinfo/read_entry.c | 65 ++++++++++++++++++++++++++------------
+ 2 files changed, 56 insertions(+), 24 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c
+index 48f48784..ee518e28 100644
+--- a/ncurses/tinfo/comp_error.c
++++ b/ncurses/tinfo/comp_error.c
+@@ -60,8 +60,15 @@ _nc_get_source(void)
+ NCURSES_EXPORT(void)
+ _nc_set_source(const char *const name)
+ {
+-    FreeIfNeeded(SourceName);
+-    SourceName = strdup(name);
++    if (name == NULL) {
++	free(SourceName);
++	SourceName = NULL;
++    } else if (SourceName == NULL) {
++	SourceName = strdup(name);
++    } else if (strcmp(name, SourceName)) {
++	free(SourceName);
++	SourceName = strdup(name);
++    }
+ }
+
+ NCURSES_EXPORT(void)
+@@ -95,9 +102,9 @@ static NCURSES_INLINE void
+ where_is_problem(void)
+ {
+     fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?");
+-    if (_nc_curr_line >= 0)
++    if (_nc_curr_line > 0)
+	fprintf(stderr, ", line %d", _nc_curr_line);
+-    if (_nc_curr_col >= 0)
++    if (_nc_curr_col > 0)
+	fprintf(stderr, ", col %d", _nc_curr_col);
+     if (TermType != 0 && TermType[0] != '\0')
+	fprintf(stderr, ", terminal '%s'", TermType);
+diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
+index 341337d2..b0c3ad26 100644
+--- a/ncurses/tinfo/read_entry.c
++++ b/ncurses/tinfo/read_entry.c
+@@ -138,12 +138,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count)
+ }
+ #endif
+
+-static void
+-convert_strings(char *buf, char **Strings, int count, int size, char *table)
++static bool
++convert_strings(char *buf, char **Strings, int count, int size,
++		char *table, bool always)
+ {
+     int i;
+     char *p;
+-    bool corrupt = FALSE;
++    bool success = TRUE;
+
+     for (i = 0; i < count; i++) {
+	if (IS_NEG1(buf + 2 * i)) {
+@@ -159,13 +160,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+		TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
+				    _nc_visbuf(Strings[i])));
+	    } else {
+-		if (!corrupt) {
+-		    corrupt = TRUE;
+-		    TR(TRACE_DATABASE,
+-		       ("ignore out-of-range index %d to Strings[]", nn));
+-		    _nc_warning("corrupt data found in convert_strings");
+-		}
+-		Strings[i] = ABSENT_STRING;
++		TR(TRACE_DATABASE,
++		   ("found out-of-range index %d to Strings[%d]", nn, i));
++		success = FALSE;
++		break;
+	    }
+	}
+
+@@ -175,10 +173,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+		if (*p == '\0')
+		    break;
+	    /* if there is no NUL, ignore the string */
+-	    if (p >= table + size)
++	    if (p >= table + size) {
+		Strings[i] = ABSENT_STRING;
++	    } else if (p == Strings[i] && always) {
++		TR(TRACE_DATABASE,
++		   ("found empty but required Strings[%d]", i));
++		success = FALSE;
++		break;
++	    }
++	} else if (always) {	/* names are always needed */
++	    TR(TRACE_DATABASE,
++	       ("found invalid but required Strings[%d]", i));
++	    success = FALSE;
++	    break;
+	}
+     }
++    if (!success) {
++	_nc_warning("corrupt data found in convert_strings");
++    }
++    return success;
+ }
+
+ static int
+@@ -382,7 +395,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+	if (Read(string_table, (unsigned) str_size) != str_size) {
+	    returnDB(TGETENT_NO);
+	}
+-	convert_strings(buf, ptr->Strings, str_count, str_size, string_table);
++	if (!convert_strings(buf, ptr->Strings, str_count, str_size,
++			     string_table, FALSE)) {
++	    returnDB(TGETENT_NO);
++	}
+     }
+ #if NCURSES_XNAMES
+
+@@ -483,8 +499,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+	       ("Before computing extended-string capabilities "
+		"str_count=%d, ext_str_count=%d",
+		str_count, ext_str_count));
+-	    convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+-			    ext_str_limit, ptr->ext_str_table);
++	    if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count,
++				 ext_str_limit, ptr->ext_str_table, FALSE)) {
++		returnDB(TGETENT_NO);
++	    }
+	    for (i = ext_str_count - 1; i >= 0; i--) {
+		TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s",
+				    i, i + str_count,
+@@ -516,10 +534,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+	    TR(TRACE_DATABASE,
+	       ("ext_NAMES starting @%d in extended_strings, first = %s",
+		base, _nc_visbuf(ptr->ext_str_table + base)));
+-	    convert_strings(buf + (2 * ext_str_count),
+-			    ptr->ext_Names,
+-			    (int) need,
+-			    ext_str_limit, ptr->ext_str_table + base);
++	    if (!convert_strings(buf + (2 * ext_str_count),
++				 ptr->ext_Names,
++				 (int) need,
++				 ext_str_limit, ptr->ext_str_table + base,
++				 TRUE)) {
++		returnDB(TGETENT_NO);
++	    }
+	}
+
+	TR(TRACE_DATABASE,
+@@ -572,13 +593,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr)
+	int limit;
+	char buffer[MAX_ENTRY_SIZE + 1];
+
+-	if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp))
+-	    > 0) {
++	limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp);
++	if (limit > 0) {
++	    const char *old_source = _nc_get_source();
+
+	    TR(TRACE_DATABASE, ("read terminfo %s", filename));
++	    if (old_source == NULL)
++		_nc_set_source(filename);
+	    if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) {
+		_nc_free_termtype2(ptr);
+	    }
++	    _nc_set_source(old_source);
+	} else {
+	    code = TGETENT_NO;
+	}
+--
+2.40.0
diff --git a/meta/recipes-core/ncurses/ncurses_6.4.bb b/meta/recipes-core/ncurses/ncurses_6.4.bb
index 31f18bbadc..97130c06d6 100644
--- a/meta/recipes-core/ncurses/ncurses_6.4.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.4.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://0001-tic-hang.patch \
            file://0001-Fix-CVE-2023-29491.patch \
            file://0001-Updating-reset-code-ncurses-6.4-patch-20231104.patch \
            file://CVE-2023-50495.patch \
+           file://CVE-2023-45918.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "79b9071f2be20a24c7be031655a5638f6032f29f"
-- 
2.34.1

[OE-core][scarthgap 03/21] libusb1: Set CVE_PRODUCT

[Steve Sakoman]

From: Ricardo Simoes <ricardo.simoes@pt.bosch.com>

From: Ricardo Simoes <ricardo.simoes@pt.bosch.com>

This commit sets the CVE_PRODUCT variable to "libusb" to match the
product name used in the NIST CPE database [1].

[1]: https://nvd.nist.gov/products/cpe/search

Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/libusb/libusb1_1.0.27.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/libusb/libusb1_1.0.27.bb b/meta/recipes-support/libusb/libusb1_1.0.27.bb
index f2431d75c8..5bf854f95d 100644
--- a/meta/recipes-support/libusb/libusb1_1.0.27.bb
+++ b/meta/recipes-support/libusb/libusb1_1.0.27.bb
@@ -8,6 +8,8 @@ SECTION = "libs"
 LICENSE = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
 
+CVE_PRODUCT = "libusb"
+
 BBCLASSEXTEND = "native nativesdk"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libusb-${PV}.tar.bz2 \
-- 
2.34.1

[OE-core][scarthgap 04/21] ghostscript: fix CVE-2024-33870

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-33870.patch          | 99 +++++++++++++++++++
 .../ghostscript/ghostscript_10.02.1.bb        |  1 +
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
new file mode 100644
index 0000000000..9c2b9dcfa2
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
@@ -0,0 +1,99 @@
+From 79aef19c685984dc3da2dc090450407d9fbcff80 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Tue, 26 Mar 2024 12:00:14 +0000
+Subject: [PATCH 1/5] Bug #707686
+
+See bug thread for details
+
+In addition to the noted bug; an error path (return from
+gp_file_name_reduce not successful) could elad to a memory leak as we
+did not free 'bufferfull'. Fix that too.
+
+This addresses CVE-2024-33870
+
+CVE: CVE-2024-33870
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gpmisc.c | 36 ++++++++++++++++++++++++++++++++----
+ 1 file changed, 32 insertions(+), 4 deletions(-)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index 2b0064b..c4a69b0 100644
+--- a/base/gpmisc.c
++++ b/base/gpmisc.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2001-2023 Artifex Software, Inc.
++/* Copyright (C) 2001-2024 Artifex Software, Inc.
+    All Rights Reserved.
+
+    This software is provided AS-IS with no warranty, either express or
+@@ -1042,7 +1042,7 @@ gp_validate_path_len(const gs_memory_t *mem,
+                      const uint         len,
+                      const char        *mode)
+ {
+-    char *buffer, *bufferfull;
++    char *buffer, *bufferfull = NULL;
+     uint rlen;
+     int code = 0;
+     const char *cdirstr = gp_file_name_current();
+@@ -1096,8 +1096,10 @@ gp_validate_path_len(const gs_memory_t *mem,
+             return gs_error_VMerror;
+
+         buffer = bufferfull + prefix_len;
+-        if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success)
+-            return gs_error_invalidfileaccess;
++        if (gp_file_name_reduce(path, (uint)len, buffer, &rlen) != gp_combine_success) {
++            code = gs_note_error(gs_error_invalidfileaccess);
++            goto exit;
++        }
+         buffer[rlen] = 0;
+     }
+     while (1) {
+@@ -1132,9 +1134,34 @@ gp_validate_path_len(const gs_memory_t *mem,
+             code = gs_note_error(gs_error_invalidfileaccess);
+         }
+         if (code < 0 && prefix_len > 0 && buffer > bufferfull) {
++            uint newlen = rlen + cdirstrl + dirsepstrl;
++            char *newbuffer;
++            int code;
++
+             buffer = bufferfull;
+             memcpy(buffer, cdirstr, cdirstrl);
+             memcpy(buffer + cdirstrl, dirsepstr, dirsepstrl);
++
++            /* We've prepended a './' or similar for the current working directory. We need
++             * to execute file_name_reduce on that, to eliminate any '../' or similar from
++             * the (new) full path.
++             */
++            newbuffer = (char *)gs_alloc_bytes(mem->thread_safe_memory, newlen + 1, "gp_validate_path");
++            if (newbuffer == NULL) {
++                code = gs_note_error(gs_error_VMerror);
++                goto exit;
++            }
++
++            memcpy(newbuffer, buffer, rlen + cdirstrl + dirsepstrl);
++            newbuffer[newlen] = 0x00;
++
++            code = gp_file_name_reduce(newbuffer, (uint)newlen, buffer, &newlen);
++            gs_free_object(mem->thread_safe_memory, newbuffer, "gp_validate_path");
++            if (code != gp_combine_success) {
++                code = gs_note_error(gs_error_invalidfileaccess);
++                goto exit;
++            }
++
+             continue;
+         }
+         else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
+@@ -1153,6 +1180,7 @@ gp_validate_path_len(const gs_memory_t *mem,
+                                            gs_path_control_flag_is_scratch_file);
+     }
+
++exit:
+     gs_free_object(mem->thread_safe_memory, bufferfull, "gp_validate_path");
+ #ifdef EACCES
+     if (code == gs_error_invalidfileaccess)
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
index 3dff16eec2..ca6f628f38 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
@@ -26,6 +26,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://ghostscript-9.16-Werror-return-type.patch \
            file://avoid-host-contamination.patch \
            file://configure.ac-add-option-to-explicitly-disable-neon.patch \
+           file://CVE-2024-33870.patch \
            "
 
 SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"
-- 
2.34.1

[OE-core][scarthgap 05/21] ghostscript: fix CVE-2024-33869

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-33869-0001.patch     | 39 ++++++++++++++
 .../ghostscript/CVE-2024-33869-0002.patch     | 52 +++++++++++++++++++
 .../ghostscript/ghostscript_10.02.1.bb        |  2 +
 3 files changed, 93 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
new file mode 100644
index 0000000000..2f20c66ea3
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
@@ -0,0 +1,39 @@
+From 5ae2e320d69a7d0973011796bd388cd5befa1a43 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Tue, 26 Mar 2024 12:02:57 +0000
+Subject: [PATCH 2/5] Bug #707691
+
+Part 1; when stripping a potential Current Working Dirctory specifier
+from a path, make certain it really is a CWD, and not simply large
+ebough to be a CWD.
+
+Reasons are in the bug thread, this is not (IMO) serious.
+
+This is part of the fix for CVE-2024-33869
+
+CVE: CVE-2024-33869
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gpmisc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index c4a69b0..1d4d5d8 100644
+--- a/base/gpmisc.c
++++ b/base/gpmisc.c
+@@ -1164,8 +1164,8 @@ gp_validate_path_len(const gs_memory_t *mem,
+
+             continue;
+         }
+-        else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull) {
+-            buffer = bufferfull + cdirstrl + dirsepstrl;
++        else if (code < 0 && cdirstrl > 0 && prefix_len == 0 && buffer == bufferfull
++            && memcmp(buffer, cdirstr, cdirstrl) && !memcmp(buffer + cdirstrl, dirsepstr, dirsepstrl)) {
+             continue;
+         }
+         break;
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
new file mode 100644
index 0000000000..5dcbcca998
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
@@ -0,0 +1,52 @@
+From f5336e5b4154f515ac83bc5b9eba94302e6618d4 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Tue, 26 Mar 2024 12:07:18 +0000
+Subject: [PATCH 3/5] Bug 707691 part 2
+
+See bug thread for details
+
+This is the second part of the fix for CVE-2024-33869
+
+CVE: CVE-2024-33869
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ base/gpmisc.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/base/gpmisc.c b/base/gpmisc.c
+index 1d4d5d8..b0d5c71 100644
+--- a/base/gpmisc.c
++++ b/base/gpmisc.c
+@@ -1090,6 +1090,27 @@ gp_validate_path_len(const gs_memory_t *mem,
+         rlen = len;
+     }
+     else {
++        char *test = (char *)path, *test1;
++        uint tlen = len, slen;
++
++        /* Look for any pipe (%pipe% or '|' specifications between path separators
++         * Reject any path spec which has a %pipe% or '|' anywhere except at the start.
++         */
++        while (tlen > 0) {
++            if (test[0] == '|' || (tlen > 5 && memcmp(test, "%pipe", 5) == 0)) {
++                code = gs_note_error(gs_error_invalidfileaccess);
++                goto exit;
++            }
++            test1 = test;
++            slen = search_separator((const char **)&test, path + len, test1, 1);
++            if(slen == 0)
++                break;
++            test += slen;
++            tlen -= test - test1;
++            if (test >= path + len)
++                break;
++        }
++
+         rlen = len+1;
+         bufferfull = (char *)gs_alloc_bytes(mem->thread_safe_memory, rlen + prefix_len, "gp_validate_path");
+         if (bufferfull == NULL)
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
index ca6f628f38..91285ed2ad 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
@@ -27,6 +27,8 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://avoid-host-contamination.patch \
            file://configure.ac-add-option-to-explicitly-disable-neon.patch \
            file://CVE-2024-33870.patch \
+           file://CVE-2024-33869-0001.patch \
+           file://CVE-2024-33869-0002.patch \
            "
 
 SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"
-- 
2.34.1

[OE-core][scarthgap 06/21] ghostscript: fix CVE-2024-33871

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-33871.patch          | 43 +++++++++++++++++++
 .../ghostscript/ghostscript_10.02.1.bb        |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
new file mode 100644
index 0000000000..abe6384997
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871.patch
@@ -0,0 +1,43 @@
+From 7145885041bb52cc23964f0aa2aec1b1c82b5908 Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Mon, 22 Apr 2024 13:33:47 +0100
+Subject: [PATCH 4/5] OPVP device - prevent unsafe parameter change with SAFER
+
+Bug #707754 "OPVP device - Arbitrary code execution via custom Driver library"
+
+The "Driver" parameter for the "opvp"/"oprp" device specifies the name
+of a dynamic library and allows any library to be loaded.
+
+The patch does not allow changing this parameter after activating path
+control.
+
+This addresses CVE-2024-33871
+
+CVE: CVE-2024-33871
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc2396]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ contrib/opvp/gdevopvp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/contrib/opvp/gdevopvp.c b/contrib/opvp/gdevopvp.c
+index 74200cf..80eb23b 100644
+--- a/contrib/opvp/gdevopvp.c
++++ b/contrib/opvp/gdevopvp.c
+@@ -3456,6 +3456,12 @@ _put_params(gx_device *dev, gs_param_list *plist)
+     code = param_read_string(plist, pname, &vdps);
+     switch (code) {
+     case 0:
++        if (gs_is_path_control_active(dev->memory)
++            && (!opdev->globals.vectorDriver || strlen(opdev->globals.vectorDriver) != vdps.size
++                || memcmp(opdev->globals.vectorDriver, vdps.data, vdps.size) != 0)) {
++            param_signal_error(plist, pname, gs_error_invalidaccess);
++            return_error(gs_error_invalidaccess);
++        }
+         buff = realloc(buff, vdps.size + 1);
+         memcpy(buff, vdps.data, vdps.size);
+         buff[vdps.size] = 0;
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
index 91285ed2ad..8bda4404cc 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
@@ -29,6 +29,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://CVE-2024-33870.patch \
            file://CVE-2024-33869-0001.patch \
            file://CVE-2024-33869-0002.patch \
+           file://CVE-2024-33871.patch \
            "
 
 SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"
-- 
2.34.1

[OE-core][scarthgap 07/21] ghostscript: fix CVE-2024-29510

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-29510.patch          | 84 +++++++++++++++++++
 .../ghostscript/ghostscript_10.02.1.bb        |  1 +
 2 files changed, 85 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
new file mode 100644
index 0000000000..692d35157f
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
@@ -0,0 +1,84 @@
+From 3b1735085ecef20b29e8db3416ab36de93e86d1f Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Thu, 21 Mar 2024 09:01:15 +0000
+Subject: [PATCH 5/5] Uniprint device - prevent string configuration changes
+ when SAFER
+
+Bug #707662
+
+We cannot sanitise the string arguments used by the Uniprint device
+because they can potentially include anything.
+
+This commit ensures that these strings are locked and cannot be
+changed by PostScript once SAFER is activated. Full configuration from
+the command line is still possible (see the *.upp files in lib).
+
+This addresses CVE-2024-29510
+
+CVE: CVE-2024-29510
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ devices/gdevupd.c | 31 +++++++++++++++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+
+diff --git a/devices/gdevupd.c b/devices/gdevupd.c
+index 740dae0..a50571a 100644
+--- a/devices/gdevupd.c
++++ b/devices/gdevupd.c
+@@ -1887,6 +1887,16 @@ out on this copies.
+       if(!upd_strings[i]) continue;
+       UPD_PARAM_READ(param_read_string,upd_strings[i],value,udev->memory);
+       if(0 == code) {
++        if (gs_is_path_control_active(udev->memory)) {
++            if (strings[i].size != value.size)
++              error = gs_error_invalidaccess;
++            else {
++                if (strings[i].data && memcmp(strings[i].data, value.data, strings[i].size) != 0)
++                    error = gs_error_invalidaccess;
++            }
++            if (error < 0)
++                goto exit;
++        }
+          if(0 <= error) error |= UPD_PUT_STRINGS;
+          UPD_MM_DEL_PARAM(udev->memory, strings[i]);
+          if(!value.size) {
+@@ -1904,6 +1914,26 @@ out on this copies.
+       if(!upd_string_a[i]) continue;
+       UPD_PARAM_READ(param_read_string_array,upd_string_a[i],value,udev->memory);
+       if(0 == code) {
++          if (gs_is_path_control_active(udev->memory)) {
++              if (string_a[i].size != value.size)
++                  error = gs_error_invalidaccess;
++              else {
++                  int loop;
++                  for (loop = 0;loop < string_a[i].size;loop++) {
++                      gs_param_string *tmp1 = (gs_param_string *)&(string_a[i].data[loop]);
++                      gs_param_string *tmp2 = (gs_param_string *)&value.data[loop];
++
++                      if (tmp1->size != tmp2->size)
++                          error = gs_error_invalidaccess;
++                      else {
++                          if (tmp1->data && memcmp(tmp1->data, tmp2->data, tmp1->size) != 0)
++                              error = gs_error_invalidaccess;
++                      }
++                  }
++              }
++            if (error < 0)
++                goto exit;
++          }
+          if(0 <= error) error |= UPD_PUT_STRING_A;
+          UPD_MM_DEL_APARAM(udev->memory, string_a[i]);
+          if(!value.size) {
+@@ -2098,6 +2128,7 @@ transferred into the device-structure. In the case of "uniprint", this may
+       if(0 > code) error = code;
+    }
+
++exit:
+    if(0 < error) { /* Actually something loaded without error */
+
+       if(!(upd = udev->upd)) {
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
index 8bda4404cc..db9481816a 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.02.1.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://CVE-2024-33869-0001.patch \
            file://CVE-2024-33869-0002.patch \
            file://CVE-2024-33871.patch \
+           file://CVE-2024-29510.patch \
            "
 
 SRC_URI[sha256sum] = "e429e4f5b01615a4f0f93a4128e8a1a4d932dff983b1774174c79c0630717ad9"
-- 
2.34.1

[OE-core][scarthgap 08/21] gcc: Fix for CVE-2024-0151

[Steve Sakoman]

From: Mark Hatle <mark.hatle@amd.com>

Fix for insufficient argument checking in Secure state Entry functions
in software using Cortex-M Security Extensions (CMSE), that has been
compiled using toolchains that implement 'Arm v8-M Security Extensions
Requirements on Development Tools' prior to version 1.4, allows an
attacker to pass values to Secure state that are out of range for types
smaller than 32-bits. Out of range values might lead to incorrect
operations in secure state.

Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-13.2.inc        |   1 +
 .../gcc/gcc/CVE-2024-0151.patch               | 315 ++++++++++++++++++
 2 files changed, 316 insertions(+)
 create mode 100644 meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch

diff --git a/meta/recipes-devtools/gcc/gcc-13.2.inc b/meta/recipes-devtools/gcc/gcc-13.2.inc
index 603377a49a..abf177822b 100644
--- a/meta/recipes-devtools/gcc/gcc-13.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.2.inc
@@ -68,6 +68,7 @@ SRC_URI = "${BASEURI} \
            file://CVE-2023-4039.patch \
            file://0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch \
            file://0027-Fix-gcc-vect-module-testcases.patch \
+           file://CVE-2024-0151.patch \
 "
 SRC_URI[sha256sum] = "e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da"
 
diff --git a/meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch b/meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch
new file mode 100644
index 0000000000..12883388cb
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/CVE-2024-0151.patch
@@ -0,0 +1,315 @@
+arm: Zero/Sign extends for CMSE security
+
+This patch makes the following changes:
+
+1) When calling a secure function from non-secure code then any arguments
+   smaller than 32-bits that are passed in registers are zero- or sign-extended.
+2) After a non-secure function returns into secure code then any return value
+   smaller than 32-bits that is passed in a register is  zero- or sign-extended.
+
+This patch addresses the following CVE-2024-0151.
+
+gcc/ChangeLog:
+        PR target/114837
+        * config/arm/arm.cc (cmse_nonsecure_call_inline_register_clear):
+          Add zero/sign extend.
+        (arm_expand_prologue): Add zero/sign extend.
+
+gcc/testsuite/ChangeLog:
+
+        * gcc.target/arm/cmse/extend-param.c: New test.
+        * gcc.target/arm/cmse/extend-return.c: New test.
+
+CVE: CVE-2024-0151
+Upstream-Status: Backport [https://gcc.gnu.org/pipermail/gcc-patches/2024-April/649973.html]
+Signed-off-by: Mark Hatle <mark.hatle@amd.com>
+
+diff --git a/gcc/config/arm/arm.cc b/gcc/config/arm/arm.cc
+index 0217abc218d60956ce727e6d008d46b9176dddc5..ea0c963a4d67ecd70e1571624e84dfe46d757df9 100644
+--- a/gcc/config/arm/arm.cc
++++ b/gcc/config/arm/arm.cc
+@@ -19210,6 +19210,30 @@ cmse_nonsecure_call_inline_register_clear (void)
+ 	  end_sequence ();
+ 	  emit_insn_before (seq, insn);
+ 
++	  /* The AAPCS requires the callee to widen integral types narrower
++	     than 32 bits to the full width of the register; but when handling
++	     calls to non-secure space, we cannot trust the callee to have
++	     correctly done so.  So forcibly re-widen the result here.  */
++	  tree ret_type = TREE_TYPE (fntype);
++	  if ((TREE_CODE (ret_type) == INTEGER_TYPE
++	      || TREE_CODE (ret_type) == ENUMERAL_TYPE
++	      || TREE_CODE (ret_type) == BOOLEAN_TYPE)
++	      && known_lt (GET_MODE_SIZE (TYPE_MODE (ret_type)), 4))
++	    {
++	      machine_mode ret_mode = TYPE_MODE (ret_type);
++	      rtx extend;
++	      if (TYPE_UNSIGNED (ret_type))
++		extend = gen_rtx_ZERO_EXTEND (SImode,
++					      gen_rtx_REG (ret_mode, R0_REGNUM));
++	      else
++		extend = gen_rtx_SIGN_EXTEND (SImode,
++					      gen_rtx_REG (ret_mode, R0_REGNUM));
++	      emit_insn_after (gen_rtx_SET (gen_rtx_REG (SImode, R0_REGNUM),
++					     extend), insn);
++
++	    }
++
++
+ 	  if (TARGET_HAVE_FPCXT_CMSE)
+ 	    {
+ 	      rtx_insn *last, *pop_insn, *after = insn;
+@@ -23652,6 +23676,51 @@ arm_expand_prologue (void)
+ 
+   ip_rtx = gen_rtx_REG (SImode, IP_REGNUM);
+ 
++  /* The AAPCS requires the callee to widen integral types narrower
++     than 32 bits to the full width of the register; but when handling
++     calls to non-secure space, we cannot trust the callee to have
++     correctly done so.  So forcibly re-widen the result here.  */
++  if (IS_CMSE_ENTRY (func_type))
++    {
++      function_args_iterator args_iter;
++      CUMULATIVE_ARGS args_so_far_v;
++      cumulative_args_t args_so_far;
++      bool first_param = true;
++      tree arg_type;
++      tree fndecl = current_function_decl;
++      tree fntype = TREE_TYPE (fndecl);
++      arm_init_cumulative_args (&args_so_far_v, fntype, NULL_RTX, fndecl);
++      args_so_far = pack_cumulative_args (&args_so_far_v);
++      FOREACH_FUNCTION_ARGS (fntype, arg_type, args_iter)
++	{
++	  rtx arg_rtx;
++
++	  if (VOID_TYPE_P (arg_type))
++	    break;
++
++	  function_arg_info arg (arg_type, /*named=*/true);
++	  if (!first_param)
++	    /* We should advance after processing the argument and pass
++	       the argument we're advancing past.  */
++	    arm_function_arg_advance (args_so_far, arg);
++	  first_param = false;
++	  arg_rtx = arm_function_arg (args_so_far, arg);
++	  gcc_assert (REG_P (arg_rtx));
++	  if ((TREE_CODE (arg_type) == INTEGER_TYPE
++	      || TREE_CODE (arg_type) == ENUMERAL_TYPE
++	      || TREE_CODE (arg_type) == BOOLEAN_TYPE)
++	      && known_lt (GET_MODE_SIZE (GET_MODE (arg_rtx)), 4))
++	    {
++	      if (TYPE_UNSIGNED (arg_type))
++		emit_set_insn (gen_rtx_REG (SImode, REGNO (arg_rtx)),
++			       gen_rtx_ZERO_EXTEND (SImode, arg_rtx));
++	      else
++		emit_set_insn (gen_rtx_REG (SImode, REGNO (arg_rtx)),
++			       gen_rtx_SIGN_EXTEND (SImode, arg_rtx));
++	    }
++	}
++    }
++
+   if (IS_STACKALIGN (func_type))
+     {
+       rtx r0, r1;
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/extend-param.c b/gcc/testsuite/gcc.target/arm/cmse/extend-param.c
+new file mode 100644
+index 0000000000000000000000000000000000000000..01fac7862385f871f3ecc246ede95eea180be025
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/arm/cmse/extend-param.c
+@@ -0,0 +1,96 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse" } */
++/* { dg-final { check-function-bodies "**" "" "" } } */
++
++#include <arm_cmse.h>
++#include <stdbool.h>
++
++#define ARRAY_SIZE (256)
++char array[ARRAY_SIZE];
++
++enum offset
++{
++    zero = 0,
++    one = 1,
++    two = 2
++};
++
++/*
++**__acle_se_unsignSecureFunc:
++**	...
++**	uxtb	r0, r0
++**	...
++*/
++__attribute__((cmse_nonsecure_entry)) char unsignSecureFunc (unsigned char index) {
++    if (index >= ARRAY_SIZE)
++      return 0;
++    return array[index];
++}
++
++/*
++**__acle_se_signSecureFunc:
++**	...
++**	sxtb	r0, r0
++**	...
++*/
++__attribute__((cmse_nonsecure_entry)) char signSecureFunc (signed char index) {
++    if (index >= ARRAY_SIZE)
++      return 0;
++    return array[index];
++}
++
++/*
++**__acle_se_shortUnsignSecureFunc:
++**	...
++**	uxth	r0, r0
++**	...
++*/
++__attribute__((cmse_nonsecure_entry)) char shortUnsignSecureFunc (unsigned short index) {
++    if (index >= ARRAY_SIZE)
++      return 0;
++    return array[index];
++}
++
++/*
++**__acle_se_shortSignSecureFunc:
++**	...
++**	sxth	r0, r0
++**	...
++*/
++__attribute__((cmse_nonsecure_entry)) char shortSignSecureFunc (signed short index) {
++    if (index >= ARRAY_SIZE)
++      return 0;
++    return array[index];
++}
++
++/*
++**__acle_se_enumSecureFunc:
++**	...
++**	uxtb	r0, r0
++**	...
++*/
++__attribute__((cmse_nonsecure_entry)) char enumSecureFunc (enum offset index) {
++
++  // Compiler may optimize away bounds check as value is an unsigned char.
++
++  // According to AAPCS caller will zero extend to ensure value is < 256.
++
++  if (index >= ARRAY_SIZE)
++    return 0;
++  return array[index];
++
++}
++
++/*
++**__acle_se_boolSecureFunc:
++**	...
++**	uxtb	r0, r0
++**	...
++*/
++__attribute__((cmse_nonsecure_entry)) char boolSecureFunc (bool index) {
++
++  if (index >= ARRAY_SIZE)
++    return 0;
++  return array[index];
++
++}
+\ No newline at end of file
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/extend-return.c b/gcc/testsuite/gcc.target/arm/cmse/extend-return.c
+new file mode 100644
+index 0000000000000000000000000000000000000000..cf731ed33df7e6dc101320c1970016f01b14c59a
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/arm/cmse/extend-return.c
+@@ -0,0 +1,92 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse" } */
++/* { dg-final { check-function-bodies "**" "" "" } } */
++
++#include <arm_cmse.h>
++#include <stdbool.h>
++
++enum offset
++{
++    zero = 0,
++    one = 1,
++    two = 2
++};
++
++typedef unsigned char __attribute__ ((cmse_nonsecure_call)) ns_unsign_foo_t (void);
++typedef signed char __attribute__ ((cmse_nonsecure_call)) ns_sign_foo_t (void);
++typedef unsigned short __attribute__ ((cmse_nonsecure_call)) ns_short_unsign_foo_t (void);
++typedef signed short __attribute__ ((cmse_nonsecure_call)) ns_short_sign_foo_t (void);
++typedef enum offset __attribute__ ((cmse_nonsecure_call)) ns_enum_foo_t (void);
++typedef bool __attribute__ ((cmse_nonsecure_call)) ns_bool_foo_t (void);
++
++/*
++**unsignNonsecure0:
++**	...
++**	bl	__gnu_cmse_nonsecure_call
++**	uxtb	r0, r0
++**	...
++*/
++unsigned char unsignNonsecure0 (ns_unsign_foo_t * ns_foo_p)
++{
++  return ns_foo_p ();
++}
++
++/*
++**signNonsecure0:
++**	...
++**	bl	__gnu_cmse_nonsecure_call
++**	sxtb	r0, r0
++**	...
++*/
++signed char signNonsecure0 (ns_sign_foo_t * ns_foo_p)
++{
++  return ns_foo_p ();
++}
++
++/*
++**shortUnsignNonsecure0:
++**	...
++**	bl	__gnu_cmse_nonsecure_call
++**	uxth	r0, r0
++**	...
++*/
++unsigned short shortUnsignNonsecure0 (ns_short_unsign_foo_t * ns_foo_p)
++{
++  return ns_foo_p ();
++}
++
++/*
++**shortSignNonsecure0:
++**	...
++**	bl	__gnu_cmse_nonsecure_call
++**	sxth	r0, r0
++**	...
++*/
++signed short shortSignNonsecure0 (ns_short_sign_foo_t * ns_foo_p)
++{
++  return ns_foo_p ();
++}
++
++/*
++**enumNonsecure0:
++**	...
++**	bl	__gnu_cmse_nonsecure_call
++**	uxtb	r0, r0
++**	...
++*/
++unsigned char __attribute__((noipa)) enumNonsecure0 (ns_enum_foo_t * ns_foo_p)
++{
++  return ns_foo_p ();
++}
++
++/*
++**boolNonsecure0:
++**	...
++**	bl	__gnu_cmse_nonsecure_call
++**	uxtb	r0, r0
++**	...
++*/
++unsigned char boolNonsecure0 (ns_bool_foo_t * ns_foo_p)
++{
++  return ns_foo_p ();
++}
+\ No newline at end of file
-- 
2.34.1

[OE-core][scarthgap 09/21] xserver-xorg: upgrade 21.1.11 -> 21.1.12

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

This release contains security fixes for

* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31082
* CVE-2024-31083

Changelog:
===========
101caa1b0 (tag: xorg-server-21.1.12) xserver 21.1.12
117315640 render: fix refcounting of glyphs during ProcRenderAddGlyphs
0e34d8ebc Xquartz: ProcAppleDRICreatePixmap needs to use unswapped length to send reply
cea92ca78 Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply
8a7cd0e3e Xi: ProcXIGetSelectedEvents needs to use unswapped length to send reply
5ca3a9513 Xext: SProcSyncCreateFence needs to swap drawable id too
5d7272f05 Allow disabling byte-swapped clients
8a46a463f Initialize Mode->name in xf86CVTMode()
f653d9a0a hw/xfree86: fix NULL pointer refrence to mode name
8b75ec34d dix: Fix use after free in input device shutdown

https://lists.x.org/archives/xorg-announce/2024-April/003497.html

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 12dfa6889a1c322d0e20fd9b7638dcb861e032f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_21.1.11.bb => xserver-xorg_21.1.12.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.11.bb => xserver-xorg_21.1.12.bb} (92%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb
index 6506d775ca..570e08d5ae 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.11.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.12.bb
@@ -3,7 +3,7 @@ require xserver-xorg.inc
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            "
-SRC_URI[sha256sum] = "1d3dadbd57fb86b16a018e9f5f957aeeadf744f56c0553f55737628d06d326ef"
+SRC_URI[sha256sum] = "1e016e2be1b5ccdd65eac3ea08e54bd13ce8f4f6c3fb32ad6fdac4e71729a90f"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.
-- 
2.34.1

[OE-core][scarthgap 10/21] llvm: Upgrade to 18.1.4

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

From: Khem Raj <raj.khem@gmail.com>

Brings following fixes

* e6c3289804a6 [CMake][Release] Disable PGO (#88465) (#89000)
* 028e425f86cc [MIPS] Fix the opcode of max.fmt and mina.fmt (#85609)
* e3c832b37b0a Fix override keyword being print to the left side
* 1deeee3f5da4 Revert "[Mips] Fix missing sign extension in expansion of sub-word atomic max (#77072)"
* 995539ce05ba [LLD] [COFF] Don't add pseudo relocs for dangling references (#88487)
* db67e6fb9ad1 [libc++] Fix -Wgnu-include-next in stddef.h (#88214)
* 647fbc710840 [SelectionDAG] Prevent combination on inconsistent type in `combineCarryDiamond` (#84888)
* eaae766a20fd [RISCV] Support rv{32, 64}e in the compiler builtins (#88252)
* c24b41d71f2e github-upload-release.py: Fix bug preventing release creation (#84571)
* c837970dd7e9 [Codegen][X86] Fix /HOTPATCH with clang-cl and inline asm (#87639)
* d0ddcce21d91 [InstSimplify] Make sure the simplified value doesn't generate poison in threadBinOpOverSelect (#87075)
* 4056cc29dfd3 Prepend all library intrinsics with `#` when building for Arm64EC (#87542)
* 6e071cf30599 [SLP]Fix a crash if the argument of call was affected by minbitwidth analysis.
* d89da2ac8839 [libcxx] coerce formatter precision to int (#87738)
* b6ebea7972cd [SPARC] Implement L and H inline asm argument modifiers (#87259)
* bffecba7ce4c [libc++] Simplify the implementation of <stddef.h> (#86843)
* 9899a2d76c8f [lit][ci] Publish lit wheels (#88072)
* 3ceccbdb1995 [clang-format] Correctly annotate braces of empty ctors/dtors (#82097)
* 429d62872525 [Headers] Don't declare unreachable() from stddef.h in C++ (#86748)
* feba8727f805 [ConstantRange] Fix off by 1 bugs in UIToFP and SIToFP handling. (#86041)
* e4259b583c92 [Float2Int] Pre-commit test for SIToFP/UIToFP ConstantRange bug. NFC
* daca56d8e162 Bump version to 18.1.4 (#87715)

(From OE-Core rev: adc2651a8e902af24fee6ff30a72f4b7c63bef6f)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/llvm/llvm_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index c4fd73f2d7..e7fa88b30e 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -17,14 +17,14 @@ inherit cmake pkgconfig
 # could be 'rcX' or 'git' or empty ( for release )
 VER_SUFFIX = ""
 
-PV = "18.1.3${VER_SUFFIX}"
+PV = "18.1.4${VER_SUFFIX}"
 
 MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}"
 
 LLVM_RELEASE = "${PV}"
 
 BRANCH = "release/${MAJOR_VERSION}.x"
-SRCREV = "c13b7485b87909fcf739f62cfa382b55407433c0"
+SRCREV = "e6c3289804a67ea0bb6a86fadbe454dd93b8d855"
 SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
            file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
            file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
-- 
2.34.1

[OE-core][scarthgap 11/21] llvm: Upgrade to 18.1.5

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

From: Khem Raj <raj.khem@gmail.com>

Brings

617a15a9eac9 [clang codegen] Fix MS ABI detection of user-provided constructors. (#90151)
20b9ed64ea07 [RISCV][ISel] Fix types in tryFoldSelectIntoOp (#90659)
ece9d35f1a70 [GlobalISel] Fix store merging incorrectly classifying an unknown index expr as 0. (#90375)
a7b8b890600a [X86] Enable EVEX512 when host CPU has AVX512 (#90479)
4da5b1417493 [GlobalISel] Don't form anyextending atomic loads.
a96b04442c9f [AArch64] Remove invalid uabdl patterns. (#89272)
aea091b70eda [clang][CoverageMapping] do not emit a gap region when either end doesn't have valid source locations (#89564)
58648f334d62 [X86][EVEX512] Check hasEVEX512 for canExtendTo512DQ (#90390)
6350acdb134d [CGP] Drop poison-generating flags after hoisting (#90382)
f341c76b9461 [Clang] Handle structs with inner structs and no fields (#89126)
abf6b13085fb [IRCE] Skip icmp ptr in InductiveRangeCheck::parseRangeCheckICmp (#89967)
ee5bb0c95667 Fix Objective-C++ Sret of non-trivial data types on Windows ARM64 (#88671)
6dbaa89433f7 [clang-format] Fix a regression in ContinuationIndenter (#88414)
51ff7f38b633 [clang-format] Fix a regression in annotating TrailingReturnArrow (#86624)
b544217fb31f [AMDGPU] Fix setting nontemporal in memory legalizer (#83815)
78b99c73ee4b [DAGCombiner] Fix miscompile bug in combineShiftOfShiftedLogic (#89616)
1aa91720cc4f [DAGCombiner] Pre-commit test case for miscompile bug in combineShiftOfShiftedLogic
35fea1032741 release/18.x: [clang-format] Correctly annotate braces in macros (#87953)
b9b73814ad8a [libcxx] [modules] Add _LIBCPP_USING_IF_EXISTS on aligned_alloc (#89827)
c0b48372d82a release/18.x: [clang-format] Revert breaking stream operators to previous default (#89016)
3b4ba7277bd7 [analyzer] Fix performance of getTaintedSymbolsImpl() (#89606)
7699b341b763 release/18.x: [clang-format] Fix a regression in annotating BK_BracedInit (#87450)
fb865928c8e0 [GlobalISel] Fix fewerElementsVectorPhi to insert after G_PHIs (#87927)
111ae4509c96 [X86] Fix miscompile in combineShiftRightArithmetic
76cbd417af50 [X86] Pre-commit tests (NFC)
e7c816b3cd3e [InstCombine] Fix unexpected overwriting in foldSelectWithSRem (#89539)
3685a599c866 ReleaseNote: Mention SpecialCaseList change (#89141)
a981a4f7653c [X86] Always use 64-bit relocations in no-PIC large code model (#89101)
4ddac856c55f [analyzer] Fix a security.cert.env.InvalidPtr crash
c6d63d4fc555 Bump version to 18.1.5 (#89291)

(From OE-Core rev: 02df2fc6241ac8fb0e78f2fdff97a04e5c561d54)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/llvm/llvm_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index e7fa88b30e..dfaa031012 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -17,14 +17,14 @@ inherit cmake pkgconfig
 # could be 'rcX' or 'git' or empty ( for release )
 VER_SUFFIX = ""
 
-PV = "18.1.4${VER_SUFFIX}"
+PV = "18.1.5${VER_SUFFIX}"
 
 MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}"
 
 LLVM_RELEASE = "${PV}"
 
 BRANCH = "release/${MAJOR_VERSION}.x"
-SRCREV = "e6c3289804a67ea0bb6a86fadbe454dd93b8d855"
+SRCREV = "617a15a9eac96088ae5e9134248d8236e34b91b1"
 SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
            file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
            file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
-- 
2.34.1

[OE-core][scarthgap 12/21] llvm: Switch to using release tarballs

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

From: Khem Raj <raj.khem@gmail.com>

git checkouts are in excess of 3G, which is not
ideal for everyone to download/clone, instead switch to
fetching release tarball which is ~126M as of 18.1.5 release

(From OE-Core rev: 800e6576e4f3af10846af13c2f217f986c1afdb4)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../llvm/{llvm_git.bb => llvm_18.1.5.bb}            | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)
 rename meta/recipes-devtools/llvm/{llvm_git.bb => llvm_18.1.5.bb} (93%)

diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_18.1.5.bb
similarity index 93%
rename from meta/recipes-devtools/llvm/llvm_git.bb
rename to meta/recipes-devtools/llvm/llvm_18.1.5.bb
index dfaa031012..4b6763e580 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_18.1.5.bb
@@ -13,27 +13,26 @@ DEPENDS = "libffi libxml2 zlib zstd libedit ninja-native llvm-native"
 RDEPENDS:${PN}:append:class-target = " ncurses-terminfo"
 
 inherit cmake pkgconfig
-
 # could be 'rcX' or 'git' or empty ( for release )
 VER_SUFFIX = ""
 
-PV = "18.1.5${VER_SUFFIX}"
+PV .= "${VER_SUFFIX}"
 
 MAJOR_VERSION = "${@oe.utils.trim_version("${PV}", 1)}"
 
 LLVM_RELEASE = "${PV}"
 
-BRANCH = "release/${MAJOR_VERSION}.x"
-SRCREV = "617a15a9eac96088ae5e9134248d8236e34b91b1"
-SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
+SRC_URI = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${PV}/llvm-project-${PV}.src.tar.xz \
            file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
            file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
            file://llvm-config \
            "
+SRC_URI[sha256sum] = "3591a52761a7d390ede51af01ea73abfecc4b1d16445f9d019b67a57edd7de56"
 
-UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
+UPSTREAM_CHECK_URI = "https://github.com/llvm/llvm-project"
+UPSTREAM_CHECK_REGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
 
-S = "${WORKDIR}/git/llvm"
+S = "${WORKDIR}/llvm-project-${PV}.src/llvm"
 
 LLVM_INSTALL_DIR = "${WORKDIR}/llvm-install"
 
-- 
2.34.1

[OE-core][scarthgap 13/21] ptest-runner: Bump to 2.4.4 (95f528c)

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Changes in 2.4.4:
95f528c utils.c: run_ptests improve error handling on ptests iteration
c48e5fc utils.c: run-ptests improve pseudo-terminal handling

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{ptest-runner_2.4.3.bb => ptest-runner_2.4.4.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/ptest-runner/{ptest-runner_2.4.3.bb => ptest-runner_2.4.4.bb} (95%)

diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.3.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb
similarity index 95%
rename from meta/recipes-support/ptest-runner/ptest-runner_2.4.3.bb
rename to meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb
index e6668da01f..2263e07280 100644
--- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.3.bb
+++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.4.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/"
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
 
-SRCREV = "92c1b97bfdb4a94acc1cabcaf97eef52dc29144c"
+SRCREV = "95f528cff0bc52903b98c292d4a322fcffa74471"
 PV .= "+git"
 
 SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master;protocol=https \
-- 
2.34.1

[OE-core][scarthgap 14/21] libarchive: upgrade 3.7.2 -> 3.7.4

[Steve Sakoman]

From: Yogita Urade <yogita.urade@windriver.com>

Changlog:
========
   rar: Fix OOB in rar e8 filter
   zip: Fix out of boundary access
   7zip: Limit amount of properties
   bsdtar: Fix error handling around strtol() usages
   passphrase: Improve newline handling on Windows
   passphrase: Never allow empty passwords
   rar: Fix "File CRC Error" when extracting specific rar4 archives
   xar: Avoid infinite link loop
   zip: Update AppleDouble support for directories
   zstd: Implement core detection
   PCRE2 support
   add trailing letter b to bsdtar(1) substitute pattern
   add support for long options "--group" and "--owner" to tar(1)
   Fix possible vulnerability in tar error reporting introduced in f27c173
   ISO9660: preserve the natural order of links
   rar5: fix decoding unicode filenames on Windows
   rar5: fix infinite loop if during rar5 decompression the last block produced no data
   xz filter: fix incorrect eof at the end of an lzip member
   zip: fix end-of-data marker processing when decompressing zip archives
   multiple bsdunzip(1) fixes
   filetime truncation fix on Windows

Adjusted configurehack.patch to align with upgraded version.

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libarchive/libarchive/configurehack.patch | 19 ++++++++++++-------
 ...ibarchive_3.7.2.bb => libarchive_3.7.4.bb} |  2 +-
 2 files changed, 13 insertions(+), 8 deletions(-)
 rename meta/recipes-extended/libarchive/{libarchive_3.7.2.bb => libarchive_3.7.4.bb} (96%)

diff --git a/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/meta/recipes-extended/libarchive/libarchive/configurehack.patch
index f3989d99eb..44720fdd53 100644
--- a/meta/recipes-extended/libarchive/libarchive/configurehack.patch
+++ b/meta/recipes-extended/libarchive/libarchive/configurehack.patch
@@ -2,12 +2,15 @@ To work with autoconf 2.73, tweak the macro ordering in configure.in.
 
 Upstream-Status: Pending
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+---
+ configure.ac | 26 +++++++++++++-------------
+ 1 file changed, 13 insertions(+), 13 deletions(-)
 
-Index: libarchive-3.6.2/configure.ac
-===================================================================
---- libarchive-3.6.2.orig/configure.ac
-+++ libarchive-3.6.2/configure.ac
-@@ -357,6 +357,19 @@ if test "x$with_bz2lib" != "xno"; then
+diff --git a/configure.ac b/configure.ac
+index 5668d41..7e65e49 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then
    esac
  fi
  
@@ -27,9 +30,9 @@ Index: libarchive-3.6.2/configure.ac
  AC_ARG_WITH([libb2],
    AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2]))
  
-@@ -558,19 +571,6 @@ LDFLAGS=$save_LDFLAGS
+@@ -678,19 +691,6 @@ fi
  
- AC_SUBST(GC_SECTIONS)
+ AC_SUBST(DEAD_CODE_REMOVAL)
  
 -# Checks for typedefs, structures, and compiler characteristics.
 -AC_C_CONST
@@ -47,3 +50,5 @@ Index: libarchive-3.6.2/configure.ac
  # Check for tm_gmtoff in struct tm
  AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,,
  [
+--
+2.40.0
diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.2.bb b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
similarity index 96%
rename from meta/recipes-extended/libarchive/libarchive_3.7.2.bb
rename to meta/recipes-extended/libarchive/libarchive_3.7.4.bb
index 91f521fa4d..da85764116 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
@@ -33,7 +33,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
 SRC_URI += "file://configurehack.patch"
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 
-SRC_URI[sha256sum] = "df404eb7222cf30b4f8f93828677890a2986b66ff8bf39dac32a804e96ddf104"
+SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8"
 
 CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe"
 
-- 
2.34.1

[OE-core][scarthgap 15/21] devtool: standard: update-recipe/finish: fix update localfile in another layer

[Steve Sakoman]

From: Julien Stephan <jstephan@baylibre.com>

When trying to use devtool update-recipe/finish on another layer, with modified
local file we have the following error:

  Traceback (most recent call last):
    File "<..>/poky/scripts/devtool", line 350, in <module>
      ret = main()
            ^^^^^^
    File "<..>/poky/scripts/devtool", line 337, in main
      ret = args.func(args, config, basepath, workspace)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<..>/poky/scripts/lib/devtool/standard.py", line 1968, in update_recipe
      updated, _, _ = _update_recipe(args.recipename, workspace, rd, args.mode, args.append, args.wildcard_version, args.no_remove, args.initial_rev, dry_run_outdir=dry_run_outdir, no_overrides=args.no_overrides, force_patch_refresh=args.force_patch_refresh)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<..>/poky/scripts/lib/devtool/standard.py", line 1930, in _update_recipe
      updated, appendf, removed = _update_recipe_patch(recipename, workspace, srctree, crd, appendlayerdir, wildcard_version, no_remove, no_report_remove, initial_rev, dry_run_outdir, force_patch_refresh)
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<..>/poky/scripts/lib/devtool/standard.py", line 1747, in _update_recipe_patch
      patchdir = param.get('patchdir', ".")
                 ^^^^^^^^^
  AttributeError: 'str' object has no attribute 'get'

This was introduced when adding support for git submodules.
No selftest case exists to catch this, so a selftest will be
added in another commit.

(From OE-Core rev: de7ca9f800e15e10271502da7e51e3ae08e0c85b)

Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jeff Harris <jefftharris@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/devtool/standard.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 6674e67267..10d0cd3b7c 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -1452,8 +1452,10 @@ def _export_local_files(srctree, rd, destdir, srctreebase):
          1. updated - files that already exist in SRCURI
          2. added - new files files that don't exist in SRCURI
          3  removed - files that exist in SRCURI but not in exported files
-      In each dict the key is the 'basepath' of the URI and value is the
-      absolute path to the existing file in recipe space (if any).
+       In each dict the key is the 'basepath' of the URI and value is:
+         - for updated and added dicts, a dict with 1 optionnal key:
+           - 'path': the absolute path to the existing file in recipe space (if any)
+         - for removed dict, the absolute path to the existing file in recipe space
     """
     import oe.recipeutils
 
@@ -1535,9 +1537,9 @@ def _export_local_files(srctree, rd, destdir, srctreebase):
                 origpath = existing_files.pop(fname)
                 workpath = os.path.join(local_files_dir, fname)
                 if not filecmp.cmp(origpath, workpath):
-                    updated[fname] = origpath
+                    updated[fname] = {'path' : origpath}
             elif fname != '.gitignore':
-                added[fname] = None
+                added[fname] = {}
 
         workdir = rd.getVar('WORKDIR')
         s = rd.getVar('S')
@@ -1554,7 +1556,7 @@ def _export_local_files(srctree, rd, destdir, srctreebase):
                     if os.path.exists(fpath):
                         origpath = existing_files.pop(fname)
                         if not filecmp.cmp(origpath, fpath):
-                            updated[fpath] = origpath
+                            updated[fpath] = {'path' : origpath}
 
         removed = existing_files
     return (updated, added, removed)
@@ -1640,7 +1642,8 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi
                     redirect_output=dry_run_outdir)
         else:
             files_dir = _determine_files_dir(rd)
-            for basepath, path in upd_f.items():
+            for basepath, param in upd_f.items():
+                path = param['path']
                 logger.info('Updating file %s%s' % (basepath, dry_run_suffix))
                 if os.path.isabs(basepath):
                     # Original file (probably with subdir pointing inside source tree)
@@ -1650,7 +1653,8 @@ def _update_recipe_srcrev(recipename, workspace, srctree, rd, appendlayerdir, wi
                     _move_file(os.path.join(local_files_dir, basepath), path,
                                dry_run_outdir=dry_run_outdir, base_outdir=recipedir)
                 update_srcuri= True
-            for basepath, path in new_f.items():
+            for basepath, param in new_f.items():
+                path = param['path']
                 logger.info('Adding new file %s%s' % (basepath, dry_run_suffix))
                 _move_file(os.path.join(local_files_dir, basepath),
                            os.path.join(files_dir, basepath),
@@ -1772,7 +1776,8 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil
         else:
             # Update existing files
             files_dir = _determine_files_dir(rd)
-            for basepath, path in upd_f.items():
+            for basepath, param in upd_f.items():
+                path = param['path']
                 logger.info('Updating file %s' % basepath)
                 if os.path.isabs(basepath):
                     # Original file (probably with subdir pointing inside source tree)
@@ -1806,7 +1811,7 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil
                            dry_run_outdir=dry_run_outdir, base_outdir=recipedir)
                 updatefiles = True
             # Add any new files
-            for basepath, path in new_f.items():
+            for basepath, param in new_f.items():
                 logger.info('Adding new file %s%s' % (basepath, dry_run_suffix))
                 _move_file(os.path.join(local_files_dir, basepath),
                            os.path.join(files_dir, basepath),
-- 
2.34.1

[OE-core][scarthgap 16/21] oeqa/selftest/devtool: add test for updating local files into another layer

[Steve Sakoman]

From: Julien Stephan <jstephan@baylibre.com>

We don't have a test to check if we can correctly devtool update-recipe/finish
into another layer. So update the existing test_devtool_update_recipe_local_files
to also check the updates into another layer.

(From OE-Core rev: bd44c895d36e246a25c7a6e40bf9f4089dc7a297)

Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jeff Harris <jefftharris@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/devtool.py | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index bc1e40ef83..51949e3c93 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -1405,14 +1405,30 @@ class DevtoolUpdateTests(DevtoolBase):
         runCmd('echo "Bar" > new-file', cwd=tempdir)
         runCmd('git add new-file', cwd=tempdir)
         runCmd('git commit -m "Add new file"', cwd=tempdir)
-        self.add_command_to_tearDown('cd %s; git clean -fd .; git checkout .' %
-                                     os.path.dirname(recipefile))
         runCmd('devtool update-recipe %s' % testrecipe)
         expected_status = [(' M', '.*/%s$' % os.path.basename(recipefile)),
                            (' M', '.*/makedevs/makedevs.c$'),
                            ('??', '.*/makedevs/new-local$'),
                            ('??', '.*/makedevs/0001-Add-new-file.patch$')]
         self._check_repo_status(os.path.dirname(recipefile), expected_status)
+        # Now try to update recipe in another layer, so first, clean it
+        runCmd('cd %s; git clean -fd .; git checkout .' % os.path.dirname(recipefile))
+        # Create a temporary layer and add it to bblayers.conf
+        self._create_temp_layer(templayerdir, True, 'templayer')
+        # Update recipe in templayer
+        result = runCmd('devtool update-recipe %s -a %s' % (testrecipe, templayerdir))
+        self.assertNotIn('WARNING:', result.output)
+        # Check recipe is still clean
+        self._check_repo_status(os.path.dirname(recipefile), [])
+        splitpath = os.path.dirname(recipefile).split(os.sep)
+        appenddir = os.path.join(templayerdir, splitpath[-2], splitpath[-1])
+        bbappendfile = self._check_bbappend(testrecipe, recipefile, appenddir)
+        patchfile = os.path.join(appenddir, testrecipe, '0001-Add-new-file.patch')
+        new_local_file = os.path.join(appenddir, testrecipe, 'new_local')
+        local_file = os.path.join(appenddir, testrecipe, 'makedevs.c')
+        self.assertExists(patchfile, 'Patch file 0001-Add-new-file.patch not created')
+        self.assertExists(local_file, 'File makedevs.c not created')
+        self.assertExists(patchfile, 'File new_local not created')
 
     def test_devtool_update_recipe_local_files_2(self):
         """Check local source files support when oe-local-files is in Git"""
-- 
2.34.1

[OE-core][scarthgap 17/21] gstreamer1.0-plugins-good: Include qttools-native during the build with qt5 PACKAGECONFIG

[Steve Sakoman]

From: Marek Vasut <marex@denx.de>

The qttools provide 'lrelease' tool, which is checked by recent
versions of meson build system. Unless the qttools are available
in sysroot, meson will fail to detect qt5 installation at build
time and the gstreamer build will fail. Fix this by including
the qttools-native.

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae2ca4af54695003638da38f8548aa8573d18201)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gstreamer/gstreamer1.0-plugins-good_1.22.11.bb              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb
index edd8609b7c..85143aa1b9 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.11.bb
@@ -52,7 +52,7 @@ PACKAGECONFIG[libpng]     = "-Dpng=enabled,-Dpng=disabled,libpng"
 PACKAGECONFIG[libv4l2]    = "-Dv4l2-libv4l2=enabled,-Dv4l2-libv4l2=disabled,v4l-utils"
 PACKAGECONFIG[mpg123]     = "-Dmpg123=enabled,-Dmpg123=disabled,mpg123"
 PACKAGECONFIG[pulseaudio] = "-Dpulse=enabled,-Dpulse=disabled,pulseaudio"
-PACKAGECONFIG[qt5]        = "-Dqt5=enabled,-Dqt5=disabled,qtbase qtdeclarative qtbase-native ${QT5WAYLANDDEPENDS}"
+PACKAGECONFIG[qt5]        = "-Dqt5=enabled,-Dqt5=disabled,qtbase qtdeclarative qtbase-native qttools-native ${QT5WAYLANDDEPENDS}"
 PACKAGECONFIG[soup2]      = "-Dsoup=enabled,,libsoup-2.4,,,soup3"
 PACKAGECONFIG[soup3]      = "-Dsoup=enabled,,libsoup,,,soup2"
 PACKAGECONFIG[speex]      = "-Dspeex=enabled,-Dspeex=disabled,speex"
-- 
2.34.1

[OE-core][scarthgap 18/21] update-rc.d: add +git to PV

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

This hash is ahead of the tag, so adapt PV accordingly.

(From OE-Core rev: c94e46019a7d443ccc4763ba16d87e7e97abe977)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/update-rc.d/update-rc.d_0.8.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
index ba622fe716..27723c88ef 100644
--- a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
+++ b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f5354
 
 SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master;protocol=https"
 SRCREV = "b8f950105010270a768aa12245d6abf166346015"
+PV .= "+git"
 
 UPSTREAM_CHECK_COMMITS = "1"
 
-- 
2.34.1

[OE-core][scarthgap 19/21] lib/package_manager/ipk: Do not hardcode payload compression algorithm

[Steve Sakoman]

From: Philip Lorenz <philip.lorenz@bmw.de>

The chosen payload compression algorithm can be changed by overriding
`OPKGBUILDCMD`. Ensure that package extraction deals with this by
globbing for "data.tar.*" to select the actual payload tarball.

Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2ad05635a6da403b4fadcc126fe7734067c12c73)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/package_manager/ipk/__init__.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oe/package_manager/ipk/__init__.py b/meta/lib/oe/package_manager/ipk/__init__.py
index 8cc9953a02..0f0038d00d 100644
--- a/meta/lib/oe/package_manager/ipk/__init__.py
+++ b/meta/lib/oe/package_manager/ipk/__init__.py
@@ -4,6 +4,7 @@
 # SPDX-License-Identifier: GPL-2.0-only
 #
 
+import glob
 import re
 import shutil
 import subprocess
@@ -134,11 +135,16 @@ class OpkgDpkgPM(PackageManager):
         tmp_dir = tempfile.mkdtemp()
         current_dir = os.getcwd()
         os.chdir(tmp_dir)
-        data_tar = 'data.tar.zst'
 
         try:
             cmd = [ar_cmd, 'x', pkg_path]
             output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
+            data_tar = glob.glob("data.tar.*")
+            if len(data_tar) != 1:
+                bb.fatal("Unable to extract %s package. Failed to identify "
+                         "data tarball (found tarballs '%s').",
+                         pkg_path, data_tar)
+            data_tar = data_tar[0]
             cmd = [tar_cmd, 'xf', data_tar]
             output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError as e:
-- 
2.34.1

[OE-core][scarthgap 20/21] ipk: Fix clean up of extracted IPK payload

[Steve Sakoman]

From: Philip Lorenz <philip.lorenz@bmw.de>

It turns out that the IPK payload tarball was actually cleaned up in the
concrete package manager implementation (most likely because at some
point Debian and IPK packages used different compression algorithms).

Globbing removes this ambiguity so move the removal of the payload into
the common extract method.

Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e2b02a54f482159e21902eeb997b21e00e9588e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/package_manager/ipk/__init__.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/meta/lib/oe/package_manager/ipk/__init__.py b/meta/lib/oe/package_manager/ipk/__init__.py
index 0f0038d00d..47e72cc7a6 100644
--- a/meta/lib/oe/package_manager/ipk/__init__.py
+++ b/meta/lib/oe/package_manager/ipk/__init__.py
@@ -159,6 +159,7 @@ class OpkgDpkgPM(PackageManager):
         bb.note("Extracted %s to %s" % (pkg_path, tmp_dir))
         bb.utils.remove(os.path.join(tmp_dir, "debian-binary"))
         bb.utils.remove(os.path.join(tmp_dir, "control.tar.gz"))
+        bb.utils.remove(os.path.join(tmp_dir, data_tar))
         os.chdir(current_dir)
 
         return tmp_dir
@@ -511,7 +512,4 @@ class OpkgPM(OpkgDpkgPM):
             bb.fatal("Unable to get information for package '%s' while "
                      "trying to extract the package."  % pkg)
 
-        tmp_dir = super(OpkgPM, self).extract(pkg, pkg_info)
-        bb.utils.remove(os.path.join(tmp_dir, "data.tar.zst"))
-
-        return tmp_dir
+        return super(OpkgPM, self).extract(pkg, pkg_info)
-- 
2.34.1

[OE-core][scarthgap 21/21] git: set --with-gitconfig=/etc/gitconfig for -native builds

[Steve Sakoman]

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

Commit 6c2ae2346db0 (kern-tools: depend on git-replacement-native)
broke our kernel builds. For saving space and time, we have a DL_DIR
shared between multiple users/buildbots, not all of which run with the
same uid (and with appropriate sticky bits set so that files
downloaded by one user become owned by a common group and are readable
by others). This works fine also for git sources because the docker
images we use all have a /etc/gitconfig with

  [safe]
    directory = *

But with the mentioned commit, the host's git is no longer used for
do_unpack (nor for do_fetch if re-building and sysroot has already
been populated by a previous build), causing spurious "fatal: detected
dubious ownership..." failures.

Currently, the path where the git-native binary searches for system
gitconfig is the sysroot from it was built, which obviously doesn't
contain a /etc/gitconfig. As for the nativesdk variant, respect the
host's /etc/gitconfig if present.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 572f511f7ff02fb559ac42d2d5dbd09fec478d97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/git/git_2.44.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/git/git_2.44.0.bb b/meta/recipes-devtools/git/git_2.44.0.bb
index 90e555eba7..78b00dd19f 100644
--- a/meta/recipes-devtools/git/git_2.44.0.bb
+++ b/meta/recipes-devtools/git/git_2.44.0.bb
@@ -40,6 +40,7 @@ EXTRA_OECONF = "--with-perl=${STAGING_BINDIR_NATIVE}/perl-native/perl \
 		--without-iconv \
 "
 EXTRA_OECONF:append:class-nativesdk = " --with-gitconfig=/etc/gitconfig "
+EXTRA_OECONF:append:class-native = " --with-gitconfig=/etc/gitconfig "
 
 # Needs brokensep as this doesn't use automake
 inherit autotools-brokensep perlnative bash-completion manpages
-- 
2.34.1

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, July 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7104

The following changes since commit 9abcb18014020804738dfc7d278d7097679f4d19:

  classes/create-spdx-2.2: Fix SPDX Namespace Prefix (2024-06-28 06:28:58 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Antonin Godard (1):
  devtool: ide-sdk: correct help typo

Archana Polampalli (1):
  gstreamer: upgrade 1.22.11 -> 1.22.12

Bruce Ashfield (3):
  linux-yocto/6.6: update to v6.6.34
  linux-yocto/6.6: update to v6.6.35
  linux-yocto/6.6: fix AMD boot trace

Deepthi Hemraj (1):
  llvm: Fix CVE-2024-0151

Guðni Már Gilbert (4):
  python3-requests: cleanup RDEPENDS
  python3-setuptools: drop python3-2to3 from RDEPENDS
  python3-bcrypt: drop python3-six from RDEPENDS
  python3-pyopenssl: drop python3-six from RDEPENDS

Hitendra Prajapati (1):
  QEMU: Fix CVE-2024-3446 & CVE-2024-3567

Jose Quaresma (1):
  openssh: fix CVE-2024-6387

Khem Raj (1):
  pcmanfm: Disable incompatible-pointer-types warning as error

Martin Jansa (1):
  rng-tools: ignore incompatible-pointer-types errors for now

Mingli Yu (1):
  ruby: Fix CVE-2023-36617

Richard Purdie (3):
  python3-jinja2: Upgrade 3.1.3 -> 3.1.4
  oeqa/selftest/recipetool: Fix for usrmerge in DISTRO_FEATURES
  oeqa/selftest/devtool: Fix for usrmerge in DISTRO_FEATURES

Ross Burton (1):
  curl: locale-base-en-us isn't glibc-specific

Siddharth Doshi (1):
  OpenSSL: Security fix for CVE-2024-5535

Yi Zhao (1):
  libpam: fix runtime error in pam_pwhistory moudle

 meta/lib/oeqa/selftest/cases/devtool.py       |    2 +
 meta/lib/oeqa/selftest/cases/recipetool.py    |   16 +-
 .../openssh/openssh/CVE-2024-6387.patch       |   27 +
 .../openssh/openssh_9.6p1.bb                  |    1 +
 .../openssl/openssl/CVE-2024-5535_1.patch     |  113 ++
 .../openssl/openssl/CVE-2024-5535_10.patch    |  203 +++
 .../openssl/openssl/CVE-2024-5535_2.patch     |   43 +
 .../openssl/openssl/CVE-2024-5535_3.patch     |   38 +
 .../openssl/openssl/CVE-2024-5535_4.patch     |   82 ++
 .../openssl/openssl/CVE-2024-5535_5.patch     |  176 +++
 .../openssl/openssl/CVE-2024-5535_6.patch     | 1173 +++++++++++++++++
 .../openssl/openssl/CVE-2024-5535_7.patch     |   43 +
 .../openssl/openssl/CVE-2024-5535_8.patch     |   66 +
 .../openssl/openssl/CVE-2024-5535_9.patch     |  271 ++++
 .../openssl/openssl_3.2.2.bb                  |   10 +
 .../llvm/0002-llvm-Fix-CVE-2024-0151.patch    | 1086 +++++++++++++++
 meta/recipes-devtools/llvm/llvm_18.1.5.bb     |    1 +
 .../python/python3-bcrypt_4.1.2.bb            |    1 -
 ...inja2_3.1.3.bb => python3-jinja2_3.1.4.bb} |    8 +-
 .../python/python3-pyopenssl_24.0.0.bb        |    1 -
 .../python/python3-requests_2.31.0.bb         |    6 +-
 .../python/python3-setuptools_69.1.1.bb       |    1 -
 meta/recipes-devtools/qemu/qemu.inc           |    5 +
 .../qemu/qemu/CVE-2024-3446-01.patch          |   73 +
 .../qemu/qemu/CVE-2024-3446-02.patch          |   48 +
 .../qemu/qemu/CVE-2024-3446-03.patch          |   47 +
 .../qemu/qemu/CVE-2024-3446-04.patch          |   52 +
 .../qemu/qemu/CVE-2024-3567.patch             |   48 +
 .../ruby/ruby/CVE-2023-36617_1.patch          |   56 +
 .../ruby/ruby/CVE-2023-36617_2.patch          |   52 +
 meta/recipes-devtools/ruby/ruby_3.2.2.bb      |    2 +
 ...x-passing-NULL-filename-argument-to-.patch |   69 +
 meta/recipes-extended/pam/libpam_1.5.3.bb     |    1 +
 .../linux/linux-yocto-rt_6.6.bb               |    6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |    6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  |   28 +-
 ...ols_1.22.11.bb => gst-devtools_1.22.12.bb} |    2 +-
 ...22.11.bb => gstreamer1.0-libav_1.22.12.bb} |    2 +-
 ...1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} |    2 +-
 ...bb => gstreamer1.0-plugins-bad_1.22.12.bb} |    2 +-
 ...b => gstreamer1.0-plugins-base_1.22.12.bb} |    2 +-
 ...b => gstreamer1.0-plugins-good_1.22.12.bb} |    2 +-
 ...b => gstreamer1.0-plugins-ugly_1.22.12.bb} |    2 +-
 ...2.11.bb => gstreamer1.0-python_1.22.12.bb} |    2 +-
 ...bb => gstreamer1.0-rtsp-server_1.22.12.bb} |    2 +-
 ...22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} |    2 +-
 ...1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} |    2 +-
 meta/recipes-sato/pcmanfm/pcmanfm_1.3.2.bb    |    2 +
 meta/recipes-support/curl/curl_8.7.1.bb       |    2 +-
 .../rng-tools/rng-tools_6.16.bb               |    4 +
 scripts/lib/devtool/ide_sdk.py                |    2 +-
 51 files changed, 3844 insertions(+), 49 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_10.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/0002-llvm-Fix-CVE-2024-0151.patch
 rename meta/recipes-devtools/python/{python3-jinja2_3.1.3.bb => python3-jinja2_3.1.4.bb} (79%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
 create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
 rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.22.11.bb => gst-devtools_1.22.12.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.22.11.bb => gstreamer1.0-libav_1.22.12.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.22.11.bb => gstreamer1.0-omx_1.22.12.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.22.11.bb => gstreamer1.0-plugins-bad_1.22.12.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.22.11.bb => gstreamer1.0-plugins-base_1.22.12.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.22.11.bb => gstreamer1.0-plugins-good_1.22.12.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.22.11.bb => gstreamer1.0-plugins-ugly_1.22.12.bb} (94%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.22.11.bb => gstreamer1.0-python_1.22.12.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.22.11.bb => gstreamer1.0-rtsp-server_1.22.12.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.22.11.bb => gstreamer1.0-vaapi_1.22.12.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.22.11.bb => gstreamer1.0_1.22.12.bb} (97%)

-- 
2.34.1

[OE-core][scarthgap 00/21] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, November 25

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2755

The following changes since commit 471adaa5f77fa3b974eab60a2ded48e360042828:

  build-appliance-image: Update to scarthgap head revision (2025-11-17 17:00:25 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task
    signatures

Gyorgy Sarvari (2):
  musl: patch CVE-2025-26519
  glslang: fix compiling with gcc15

Hongxu Jia (1):
  spdx30: Provide software_packageUrl field in SPDX 3.0 SBOM

Hugo SIMELIERE (1):
  sqlite3: patch CVE-2025-7709

Osama Abdelkader (3):
  go: add sdk test
  go: extend runtime test
  go: remove duplicate arch map in sdk test

Ovidiu Panait (1):
  rust-target-config: fix nativesdk-libstd-rs build with baremetal

Peter Marko (4):
  spdx30: fix cve status for patch files in VEX
  oeqa: fix package detection in go sdk tests
  oeqa: drop unnecessary dependency from go runtime tests
  oeqa/sdk/buildepoxy: skip test in eSDK

Ross Burton (5):
  xserver-xorg: remove redundant patch
  xserver-xorg: fix CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
  testsdk: allow user to specify which tests to run
  oe/sdk: fix empty SDK manifests
  lib/oe/go: document map_arch, and raise an error on unknown
    architecture

Yogita Urade (3):
  xwayland: fix CVE-2025-62229
  xwayland: fix CVE-2025-62230
  xwayland: fix CVE-2025-62231

 meta/classes-recipe/goarch.bbclass            |   3 +
 .../classes-recipe/rust-target-config.bbclass |   3 +-
 meta/classes-recipe/testsdk.bbclass           |   3 +
 meta/classes/create-spdx-3.0.bbclass          |   5 +
 meta/lib/oe/go.py                             |   6 +-
 meta/lib/oe/sdk.py                            |   3 +-
 meta/lib/oe/spdx30_tasks.py                   |  16 ++-
 meta/lib/oeqa/files/test.go                   |   7 ++
 meta/lib/oeqa/runtime/cases/go.py             |  66 +++++++++++
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |   4 +
 meta/lib/oeqa/sdk/cases/go.py                 | 107 ++++++++++++++++++
 meta/lib/oeqa/sdk/testsdk.py                  |   3 +-
 meta/lib/oeqa/sdkext/testsdk.py               |   3 +-
 .../musl/musl/CVE-2025-26519-1.patch          |  39 +++++++
 .../musl/musl/CVE-2025-26519-2.patch          |  38 +++++++
 meta/recipes-core/musl/musl_git.bb            |   4 +-
 ...uilder.h-add-missing-cstdint-include.patch |  30 +++++
 .../glslang/glslang_1.3.275.0.bb              |   1 +
 ...-duplicate-definitions-of-IOPortBase.patch |  28 -----
 ...after-free-in-present_create_notifie.patch |  91 +++++++++++++++
 ...ke-the-RT_XKBCLIENT-resource-private.patch |  63 +++++++++++
 ...KB-resource-when-freeing-XkbInterest.patch |  92 +++++++++++++++
 ...-Prevent-overflow-in-XkbSetCompatMap.patch |  53 +++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |   7 +-
 .../xwayland/xwayland/CVE-2025-62229.patch    |  89 +++++++++++++++
 .../xwayland/CVE-2025-62230-0001.patch        |  60 ++++++++++
 .../xwayland/CVE-2025-62230-0002.patch        |  89 +++++++++++++++
 .../xwayland/xwayland/CVE-2025-62231.patch    |  50 ++++++++
 .../xwayland/xwayland_23.2.5.bb               |   4 +
 .../sqlite/sqlite3/CVE-2025-7709.patch        |  33 ++++++
 meta/recipes-support/sqlite/sqlite3_3.45.3.bb |   1 +
 31 files changed, 964 insertions(+), 37 deletions(-)
 create mode 100644 meta/lib/oeqa/files/test.go
 create mode 100644 meta/lib/oeqa/sdk/cases/go.py
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
 create mode 100644 meta/recipes-graphics/glslang/glslang/0001-SPIRV-SpvBuilder.h-add-missing-cstdint-include.patch
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-Avoid-duplicate-definitions-of-IOPortBase.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-present-Fix-use-after-free-in-present_create_notifie.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-0002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
 create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-7709.patch

-- 
2.43.0