[OE-core][kirkstone 0/5] Patch review

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by end
of day Friday.  This should be the final set of patches for the 4.0.4 release.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4225

The following changes since commit 08406e03abddc7290c0c2296aa179725a58155d3:

  runqemu: display host uptime when starting (2022-09-12 04:45:14 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  lighttpd: upgrade 1.4.65 -> 1.4.66

Richard Purdie (1):
  vim: Upgrade 9.0.0341 -> 9.0.0453

niko.mauno@vaisala.com (2):
  systemd: Fix unwritable /var/lock when no sysvinit handling
  systemd: Add 'no-dns-fallback' PACKAGECONFIG option

wangmy (1):
  lighttpd: upgrade 1.4.64 -> 1.4.65

 meta/recipes-core/systemd/systemd/00-create-volatile.conf     | 1 +
 meta/recipes-core/systemd/systemd_250.5.bb                    | 1 +
 .../lighttpd/{lighttpd_1.4.64.bb => lighttpd_1.4.66.bb}       | 2 +-
 meta/recipes-support/vim/vim.inc                              | 4 ++--
 4 files changed, 5 insertions(+), 3 deletions(-)
 rename meta/recipes-extended/lighttpd/{lighttpd_1.4.64.bb => lighttpd_1.4.66.bb} (97%)

-- 
2.25.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 14

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6324

The following changes since commit 09ecafaf0e128c4dea062d359de37cbef461aed2:

  native: Clear TUNE_FEATURES/ABIEXTENSION (2023-12-07 08:09:37 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  gstreamer1.0-plugins-base: enable glx/opengl support

Archana Polampalli (1):
  bluez5: fix CVE-2023-45866

Mikko Rapeli (1):
  openssh: drop sudo from ptest dependencies

Vijay Anusuri (2):
  avahi: backport CVE-2023-1981 & CVE's follow-up patches
  gnutls: Backport fix for CVE-2023-5981

 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  10 +-
 .../avahi/files/CVE-2023-1981.patch           |  58 +++++
 ...023-38469.patch => CVE-2023-38469-1.patch} |   0
 .../avahi/files/CVE-2023-38469-2.patch        |  65 ++++++
 ...023-38470.patch => CVE-2023-38470-1.patch} |   0
 .../avahi/files/CVE-2023-38470-2.patch        |  52 +++++
 ...023-38471.patch => CVE-2023-38471-1.patch} |   0
 .../avahi/files/CVE-2023-38471-2.patch        |  52 +++++
 .../avahi/files/CVE-2023-38472.patch          |  44 ++--
 meta/recipes-connectivity/bluez5/bluez5.inc   |   1 +
 .../bluez5/bluez5/CVE-2023-45866.patch        |  56 +++++
 .../openssh/openssh/run-ptest                 |   2 +-
 .../openssh/openssh_8.9p1.bb                  |   2 +-
 .../gstreamer1.0-plugins-base_1.20.7.bb       |   6 +-
 .../gnutls/gnutls/CVE-2023-5981.patch         | 206 ++++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   1 +
 16 files changed, 526 insertions(+), 29 deletions(-)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
 rename meta/recipes-connectivity/avahi/files/{CVE-2023-38469.patch => CVE-2023-38469-1.patch} (100%)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
 rename meta/recipes-connectivity/avahi/files/{CVE-2023-38470.patch => CVE-2023-38470-1.patch} (100%)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
 rename meta/recipes-connectivity/avahi/files/{CVE-2023-38471.patch => CVE-2023-38471-1.patch} (100%)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, May 1

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6857

The following changes since commit b7182571242dc4e23e5250a449d90348e62a6abc:

  build-appliance-image: Update to kirkstone head revision (2024-04-22 16:57:58 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (2):
  gnutls: fix CVE-2024-28834
  gnutls: fix CVE-2024-28835

Michael Glembotzki (1):
  rootfs-postcommands.bbclass: Only set DROPBEAR_RSAKEY_DIR once

Peter Marko (1):
  glibc: Update to latest on stable 2.35 branch

Vijay Anusuri (1):
  go: Fix for CVE-2023-45288

 meta/classes/rootfs-postcommands.bbclass      |   4 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 meta/recipes-core/glibc/glibc_2.35.bb         |   2 +-
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.18/CVE-2023-45288.patch           |  95 ++++
 .../gnutls/gnutls/CVE-2024-28834.patch        | 457 ++++++++++++++++++
 .../gnutls/gnutls/CVE-2024-28835.patch        | 406 ++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   2 +
 8 files changed, 966 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-45288.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-28834.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-28835.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 2

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7193

The following changes since commit f6de96c9fa8d0b6c81c32016f342ad93c8940d9e:

  uboot-sign: Fix index error in concat_dtb_helper() with multiple configs (2024-07-19 05:44:22 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Deepthi Hemraj (2):
  llvm: Fix CVE-2023-46049
  llvm: Fix CVE-2024-31852

Peter Marko (2):
  wpa-supplicant: Patch CVE-2023-52160
  gcc-runtime: remove bashism

Wang Mingyu (1):
  wireless-regdb: upgrade 2024.01.23 -> 2024.05.08

 ...te-Phase-2-authentication-requiremen.patch | 213 ++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   1 +
 meta/recipes-devtools/gcc/gcc-runtime.inc     |   2 +-
 .../llvm/llvm/CVE-2023-46049.patch            |  34 +++
 .../llvm/llvm/CVE-2024-31852-1.patch          |  85 +++++++
 .../llvm/llvm/CVE-2024-31852-2.patch          | 117 ++++++++++
 meta/recipes-devtools/llvm/llvm_git.bb        |   3 +
 ....01.23.bb => wireless-regdb_2024.05.08.bb} |   2 +-
 8 files changed, 455 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.01.23.bb => wireless-regdb_2024.05.08.bb} (94%)

-- 
2.34.1

[OE-core][kirkstone 1/5] wpa-supplicant: Patch CVE-2023-52160

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

PEAP client: Update Phase 2 authentication requirements. Also see
https://www.top10vpn.com/research/wifi-vulnerabilities/

Patch is copied from scarthgap, the recipes differ too much for
cherry-pick even if they have the same version.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...te-Phase-2-authentication-requiremen.patch | 213 ++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   1 +
 2 files changed, 214 insertions(+)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
new file mode 100644
index 0000000000..bc2db972c3
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
@@ -0,0 +1,213 @@
+From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 8 Jul 2023 19:55:32 +0300
+Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements
+
+The previous PEAP client behavior allowed the server to skip Phase 2
+authentication with the expectation that the server was authenticated
+during Phase 1 through TLS server certificate validation. Various PEAP
+specifications are not exactly clear on what the behavior on this front
+is supposed to be and as such, this ended up being more flexible than
+the TTLS/FAST/TEAP cases. However, this is not really ideal when
+unfortunately common misconfiguration of PEAP is used in deployed
+devices where the server trust root (ca_cert) is not configured or the
+user has an easy option for allowing this validation step to be skipped.
+
+Change the default PEAP client behavior to be to require Phase 2
+authentication to be successfully completed for cases where TLS session
+resumption is not used and the client certificate has not been
+configured. Those two exceptions are the main cases where a deployed
+authentication server might skip Phase 2 and as such, where a more
+strict default behavior could result in undesired interoperability
+issues. Requiring Phase 2 authentication will end up disabling TLS
+session resumption automatically to avoid interoperability issues.
+
+Allow Phase 2 authentication behavior to be configured with a new phase1
+configuration parameter option:
+'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
+tunnel) behavior for PEAP:
+ * 0 = do not require Phase 2 authentication
+ * 1 = require Phase 2 authentication when client certificate
+   (private_key/client_cert) is no used and TLS session resumption was
+   not used (default)
+ * 2 = require Phase 2 authentication in all cases
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2023-52160
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c]
+
+Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/eap_peer/eap_config.h          |  8 ++++++
+ src/eap_peer/eap_peap.c            | 40 +++++++++++++++++++++++++++---
+ src/eap_peer/eap_tls_common.c      |  6 +++++
+ src/eap_peer/eap_tls_common.h      |  5 ++++
+ wpa_supplicant/wpa_supplicant.conf |  7 ++++++
+ 5 files changed, 63 insertions(+), 3 deletions(-)
+
+diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
+index 3238f74..047eec2 100644
+--- a/src/eap_peer/eap_config.h
++++ b/src/eap_peer/eap_config.h
+@@ -469,6 +469,14 @@ struct eap_peer_config {
+ 	 * 1 = use cryptobinding if server supports it
+ 	 * 2 = require cryptobinding
+ 	 *
++	 * phase2_auth option can be used to control Phase 2 (i.e., within TLS
++	 * tunnel) behavior for PEAP:
++	 * 0 = do not require Phase 2 authentication
++	 * 1 = require Phase 2 authentication when client certificate
++	 *  (private_key/client_cert) is no used and TLS session resumption was
++	 *  not used (default)
++	 * 2 = require Phase 2 authentication in all cases
++	 *
+ 	 * EAP-WSC (WPS) uses following options: pin=Device_Password and
+ 	 * uuid=Device_UUID
+ 	 *
+diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
+index 12e30df..6080697 100644
+--- a/src/eap_peer/eap_peap.c
++++ b/src/eap_peer/eap_peap.c
+@@ -67,6 +67,7 @@ struct eap_peap_data {
+ 	u8 cmk[20];
+ 	int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
+ 		  * is enabled. */
++	enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
+ };
+ 
+ 
+@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
+ 		wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
+ 	}
+ 
++	if (os_strstr(phase1, "phase2_auth=0")) {
++		data->phase2_auth = NO_AUTH;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Do not require Phase 2 authentication");
++	} else if (os_strstr(phase1, "phase2_auth=1")) {
++		data->phase2_auth = FOR_INITIAL;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Require Phase 2 authentication for initial connection");
++	} else if (os_strstr(phase1, "phase2_auth=2")) {
++		data->phase2_auth = ALWAYS;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Require Phase 2 authentication for all cases");
++	}
+ #ifdef EAP_TNC
+ 	if (os_strstr(phase1, "tnc=soh2")) {
+ 		data->soh = 2;
+@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
+ 	data->force_peap_version = -1;
+ 	data->peap_outer_success = 2;
+ 	data->crypto_binding = OPTIONAL_BINDING;
++	data->phase2_auth = FOR_INITIAL;
+ 
+ 	if (config && config->phase1)
+ 		eap_peap_parse_phase1(data, config->phase1);
+@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
+ }
+ 
+ 
++static bool peap_phase2_sufficient(struct eap_sm *sm,
++				   struct eap_peap_data *data)
++{
++	if ((data->phase2_auth == ALWAYS ||
++	     (data->phase2_auth == FOR_INITIAL &&
++	      !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
++	      !data->ssl.client_cert_conf) ||
++	     data->phase2_eap_started) &&
++	    !data->phase2_eap_success)
++		return false;
++	return true;
++}
++
++
+ /**
+  * eap_tlv_process - Process a received EAP-TLV message and generate a response
+  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
+@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
+ 					   " - force failed Phase 2");
+ 				resp_status = EAP_TLV_RESULT_FAILURE;
+ 				ret->decision = DECISION_FAIL;
++			} else if (!peap_phase2_sufficient(sm, data)) {
++				wpa_printf(MSG_INFO,
++					   "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
++				resp_status = EAP_TLV_RESULT_FAILURE;
++				ret->decision = DECISION_FAIL;
+ 			} else {
+ 				resp_status = EAP_TLV_RESULT_SUCCESS;
+ 				ret->decision = DECISION_UNCOND_SUCC;
+@@ -887,8 +921,7 @@ continue_req:
+ 			/* EAP-Success within TLS tunnel is used to indicate
+ 			 * shutdown of the TLS channel. The authentication has
+ 			 * been completed. */
+-			if (data->phase2_eap_started &&
+-			    !data->phase2_eap_success) {
++			if (!peap_phase2_sufficient(sm, data)) {
+ 				wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+ 					   "Success used to indicate success, "
+ 					   "but Phase 2 EAP was not yet "
+@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
+ static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
+ {
+ 	struct eap_peap_data *data = priv;
++
+ 	return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+-		data->phase2_success;
++		data->phase2_success && data->phase2_auth != ALWAYS;
+ }
+ 
+ 
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index c1837db..a53eeb1 100644
+--- a/src/eap_peer/eap_tls_common.c
++++ b/src/eap_peer/eap_tls_common.c
+@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
+ 
+ 	sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
+ 
++	if (!phase2)
++		data->client_cert_conf = params->client_cert ||
++			params->client_cert_blob ||
++			params->private_key ||
++			params->private_key_blob;
++
+ 	return 0;
+ }
+ 
+diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
+index 9ac0012..3348634 100644
+--- a/src/eap_peer/eap_tls_common.h
++++ b/src/eap_peer/eap_tls_common.h
+@@ -79,6 +79,11 @@ struct eap_ssl_data {
+ 	 * tls_v13 - Whether TLS v1.3 or newer is used
+ 	 */
+ 	int tls_v13;
++
++	/**
++	 * client_cert_conf: Whether client certificate has been configured
++	 */
++	bool client_cert_conf;
+ };
+ 
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
+index 6619d6b..d63f73c 100644
+--- a/wpa_supplicant/wpa_supplicant.conf
++++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1321,6 +1321,13 @@ fast_reauth=1
+ #	 * 0 = do not use cryptobinding (default)
+ #	 * 1 = use cryptobinding if server supports it
+ #	 * 2 = require cryptobinding
++#	'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
++#	tunnel) behavior for PEAP:
++#	 * 0 = do not require Phase 2 authentication
++#	 * 1 = require Phase 2 authentication when client certificate
++#	   (private_key/client_cert) is no used and TLS session resumption was
++#	   not used (default)
++#	 * 2 = require Phase 2 authentication in all cases
+ #	EAP-WSC (WPS) uses following options: pin=<Device Password> or
+ #	pbc=1.
+ #
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 6e80ac7de3..70f1fd6fc9 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://wpa_supplicant.conf \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
+           file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \
            "
 SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
 
-- 
2.34.1

[OE-core][kirkstone 2/5] llvm: Fix CVE-2023-46049

[Steve Sakoman]

From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>

[Bitcode] Add some missing GetTypeByID failure checks

Print an error instead of crashing.

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../llvm/llvm/CVE-2023-46049.patch            | 34 +++++++++++++++++++
 meta/recipes-devtools/llvm/llvm_git.bb        |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch

diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch b/meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch
new file mode 100644
index 0000000000..c34e9ae69c
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch
@@ -0,0 +1,34 @@
+commit c2515a8f2be5dd23354c9891f41ad104000f88c4
+Author: Nikita Popov <npopov@redhat.com>
+Date:   Tue Sep 26 16:51:40 2023 +0200
+
+    [Bitcode] Add some missing GetTypeByID failure checks
+
+    Print an error instead of crashing.
+
+    Fixes https://github.com/llvm/llvm-project/issues/67388.
+
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/c2515a8f2be5dd23354c9891f41ad104000f88c4]
+CVE: CVE-2023-46049
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+--- a/llvm/lib/Bitcode/Reader/MetadataLoader.cpp	2022-01-20 13:31:59.000000000 -0800
++++ b/llvm/lib/Bitcode/Reader/MetadataLoader.cpp	2024-07-28 21:35:31.062992219 -0700
+@@ -1235,7 +1235,7 @@
+     }
+ 
+     Type *Ty = getTypeByID(Record[0]);
+-    if (Ty->isMetadataTy() || Ty->isVoidTy()) {
++    if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) {
+       dropRecord();
+       break;
+     }
+@@ -1277,7 +1277,7 @@
+       return error("Invalid record");
+ 
+     Type *Ty = getTypeByID(Record[0]);
+-    if (Ty->isMetadataTy() || Ty->isVoidTy())
++    if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy())
+       return error("Invalid record");
+ 
+     MetadataList.assignValue(
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index cedbfb138e..dbf1ff45d4 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -33,6 +33,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http
            file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
            file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
            file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \
+           file://CVE-2023-46049.patch;striplevel=2 \
            "
 
 UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
-- 
2.34.1

[OE-core][kirkstone 3/5] llvm: Fix CVE-2024-31852

[Steve Sakoman]

From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../llvm/llvm/CVE-2024-31852-1.patch          |  85 +++++++++++++
 .../llvm/llvm/CVE-2024-31852-2.patch          | 117 ++++++++++++++++++
 meta/recipes-devtools/llvm/llvm_git.bb        |   2 +
 3 files changed, 204 insertions(+)
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch

diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
new file mode 100644
index 0000000000..7cf4a52715
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
@@ -0,0 +1,85 @@
+commit b1a5ee1febd8a903cec3dfdad61d57900dc3823e
+Author: Florian Hahn <flo@fhahn.com>
+Date:   Wed Dec 20 16:56:15 2023 +0100
+
+    [ARM] Check all terms in emitPopInst when clearing Restored for LR. (#75527)
+    
+    emitPopInst checks a single function exit MBB. If other paths also exit
+    the function and any of there terminators uses LR implicitly, it is not
+    save to clear the Restored bit.
+    
+    Check all terminators for the function before clearing Restored.
+    
+    This fixes a mis-compile in outlined-fn-may-clobber-lr-in-caller.ll
+    where the machine-outliner previously introduced BLs that clobbered LR
+    which in turn is used by the tail call return.
+    
+    Alternative to #73553
+
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/b1a5ee1febd8a903cec3dfdad61d57900dc3823e]
+CVE: CVE-2024-31852
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+index 025e43444f9c..a9acf338ebf5 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
++++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+@@ -1236,9 +1236,6 @@ void ARMFrameLowering::emitPopInst(MachineBasicBlock &MBB,
+         // Fold the return instruction into the LDM.
+         DeleteRet = true;
+         LdmOpc = AFI->isThumbFunction() ? ARM::t2LDMIA_RET : ARM::LDMIA_RET;
+-        // We 'restore' LR into PC so it is not live out of the return block:
+-        // Clear Restored bit.
+-        Info.setRestored(false);
+       }
+ 
+       // If NoGap is true, pop consecutive registers and then leave the rest
+@@ -2292,6 +2289,33 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
+   AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
+ }
+ 
++void ARMFrameLowering::processFunctionBeforeFrameFinalized(
++    MachineFunction &MF, RegScavenger *RS) const {
++  TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
++
++  MachineFrameInfo &MFI = MF.getFrameInfo();
++  if (!MFI.isCalleeSavedInfoValid())
++    return;
++
++  // Check if all terminators do not implicitly use LR. Then we can 'restore' LR
++  // into PC so it is not live out of the return block: Clear the Restored bit
++  // in that case.
++  for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
++    if (Info.getReg() != ARM::LR)
++      continue;
++    if (all_of(MF, [](const MachineBasicBlock &MBB) {
++          return all_of(MBB.terminators(), [](const MachineInstr &Term) {
++            return !Term.isReturn() || Term.getOpcode() == ARM::LDMIA_RET ||
++                   Term.getOpcode() == ARM::t2LDMIA_RET ||
++                   Term.getOpcode() == ARM::tPOP_RET;
++          });
++        })) {
++      Info.setRestored(false);
++      break;
++    }
++  }
++}
++
+ void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
+                                       BitVector &SavedRegs) const {
+   TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
+index 9822e2321bb4..266d642bb97b 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
++++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
+@@ -58,6 +58,9 @@ public:
+   void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
+                             RegScavenger *RS) const override;
+
++  void processFunctionBeforeFrameFinalized(
++                 MachineFunction &MF, RegScavenger *RS = nullptr) const override;
++
+   void adjustForSegmentedStacks(MachineFunction &MF,
+                                 MachineBasicBlock &MBB) const override;
+
+
diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
new file mode 100644
index 0000000000..b6082b0ef3
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
@@ -0,0 +1,117 @@
+commit 0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
+Author: ostannard <oliver.stannard@arm.com>
+Date:   Mon Feb 26 12:23:25 2024 +0000
+
+    [ARM] Update IsRestored for LR based on all returns (#82745)
+    
+    PR #75527 fixed ARMFrameLowering to set the IsRestored flag for LR based
+    on all of the return instructions in the function, not just one.
+    However, there is also code in ARMLoadStoreOptimizer which changes
+    return instructions, but it set IsRestored based on the one instruction
+    it changed, not the whole function.
+    
+    The fix is to factor out the code added in #75527, and also call it from
+    ARMLoadStoreOptimizer if it made a change to return instructions.
+    
+    Fixes #80287.
+    
+    (cherry picked from commit 749384c08e042739342c88b521c8ba5dac1b9276)
+
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2]
+CVE: CVE-2024-31852
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+index a9acf338ebf5..13d3cbf650ed 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
++++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+@@ -2289,10 +2289,7 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
+   AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
+ }
+ 
+-void ARMFrameLowering::processFunctionBeforeFrameFinalized(
+-    MachineFunction &MF, RegScavenger *RS) const {
+-  TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
+-
++void ARMFrameLowering::updateLRRestored(MachineFunction &MF) {
+   MachineFrameInfo &MFI = MF.getFrameInfo();
+   if (!MFI.isCalleeSavedInfoValid())
+     return;
+@@ -2316,6 +2313,12 @@ void ARMFrameLowering::processFunctionBeforeFrameFinalized(
+   }
+ }
+ 
++void ARMFrameLowering::processFunctionBeforeFrameFinalized(
++    MachineFunction &MF, RegScavenger *RS) const {
++  TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
++  updateLRRestored(MF);
++}
++
+ void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
+                                       BitVector &SavedRegs) const {
+   TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
+index 67505b61a5e1..b13b76d7086c 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
++++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
+@@ -58,6 +58,10 @@ public:
+   void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
+                             RegScavenger *RS) const override;
+
++  /// Update the IsRestored flag on LR if it is spilled, based on the return
++  /// instructions.
++  static void updateLRRestored(MachineFunction &MF);
++
+   void processFunctionBeforeFrameFinalized(
+                  MachineFunction &MF, RegScavenger *RS = nullptr) const override;
+
+diff --git a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
+index fd06bfdf352c..561c1396190d 100644
+--- a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
++++ b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
+@@ -2060,17 +2060,6 @@ bool ARMLoadStoreOpt::MergeReturnIntoLDM(MachineBasicBlock &MBB) {
+       MO.setReg(ARM::PC);
+       PrevMI.copyImplicitOps(*MBB.getParent(), *MBBI);
+       MBB.erase(MBBI);
+-      // We now restore LR into PC so it is not live-out of the return block
+-      // anymore: Clear the CSI Restored bit.
+-      MachineFrameInfo &MFI = MBB.getParent()->getFrameInfo();
+-      // CSI should be fixed after PrologEpilog Insertion
+-      assert(MFI.isCalleeSavedInfoValid() && "CSI should be valid");
+-      for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
+-        if (Info.getReg() == ARM::LR) {
+-          Info.setRestored(false);
+-          break;
+-        }
+-      }
+       return true;
+     }
+   }
+@@ -2118,16 +2107,24 @@ bool ARMLoadStoreOpt::runOnMachineFunction(MachineFunction &Fn) {
+   isThumb2 = AFI->isThumb2Function();
+   isThumb1 = AFI->isThumbFunction() && !isThumb2;
+
+-  bool Modified = false;
++  bool Modified = false, ModifiedLDMReturn = false;
+   for (MachineFunction::iterator MFI = Fn.begin(), E = Fn.end(); MFI != E;
+        ++MFI) {
+     MachineBasicBlock &MBB = *MFI;
+     Modified |= LoadStoreMultipleOpti(MBB);
+     if (STI->hasV5TOps())
+-      Modified |= MergeReturnIntoLDM(MBB);
++      ModifiedLDMReturn |= MergeReturnIntoLDM(MBB);
+     if (isThumb1)
+       Modified |= CombineMovBx(MBB);
+   }
++  Modified |= ModifiedLDMReturn;
++
++  // If we merged a BX instruction into an LDM, we need to re-calculate whether
++  // LR is restored. This check needs to consider the whole function, not just
++  // the instruction(s) we changed, because there may be other BX returns which
++  // still need LR to be restored.
++  if (ModifiedLDMReturn)
++    ARMFrameLowering::updateLRRestored(Fn);
+
+   Allocator.DestroyAll();
+   return Modified;
+
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index dbf1ff45d4..6c2e8a5570 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -34,6 +34,8 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http
            file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
            file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \
            file://CVE-2023-46049.patch;striplevel=2 \
+           file://CVE-2024-31852-1.patch;striplevel=2 \
+           file://CVE-2024-31852-2.patch;striplevel=2 \
            "
 
 UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
-- 
2.34.1

[OE-core][kirkstone 4/5] wireless-regdb: upgrade 2024.01.23 -> 2024.05.08

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0823e8ea83ac907b37bc9eb0ec7dc32862997eff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ireless-regdb_2024.01.23.bb => wireless-regdb_2024.05.08.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.01.23.bb => wireless-regdb_2024.05.08.bb} (94%)

diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.05.08.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.05.08.bb
index 8fde236ab4..95e33d9fb1 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.05.08.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55"
+SRC_URI[sha256sum] = "9aee1d86ebebb363b714bec941b2820f31e3b7f1a485ddc9fcbd9985c7d3e7c4"
 
 inherit bin_package allarch
 
-- 
2.34.1

[OE-core][kirkstone 5/5] gcc-runtime: remove bashism

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Debian 12 no longer supports replacing dash with bash as default shell.
Therefore to achieve compatibility with Debian 12, all bashisms need
to be removed.

Shell comparison via == gives an error with dash and thus the condition
is always false.

(From OE-Core rev: 3723b26f82219ff71823335d550dbf29086d63d4)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-runtime.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc
index d019b0790b..3aa8fe4045 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime.inc
+++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
@@ -145,7 +145,7 @@ do_install:append:class-target () {
 		ln -s ../${TARGET_SYS}/ext ${D}${includedir}/c++/${BINV}/${TARGET_ARCH}${TARGET_VENDOR_MULTILIB_ORIGINAL}-${TARGET_OS}/ext
 	fi
 
-	if [ "${TARGET_ARCH}" == "x86_64" -a "${MULTILIB_VARIANTS}" != "" ];then
+	if [ "${TARGET_ARCH}" = "x86_64" -a "${MULTILIB_VARIANTS}" != "" ];then
 		ln -sf ../${X86ARCH32}${TARGET_VENDOR}-${TARGET_OS} ${D}${includedir}/c++/${BINV}/${TARGET_ARCH}${TARGET_VENDOR}-${TARGET_OS}/32
 	fi
 
-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, October 11

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7379

The following changes since commit 3b646f322b4ffd5ed520f3815ce0726cf225ced2:

  populate_sdk_base: inherit nopackages (2024-10-01 15:29:08 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Martin Jansa (2):
  meta-world-pkgdata: Inherit nopackages
  cdrtools-native: fix build with gcc-14

Massimiliano Minella (1):
  zstd: fix LICENSE statement

Peter Marko (1):
  rust: ignore CVE-2024-43402

Vijay Anusuri (1):
  cups: Backport fix for CVE-2024-47175

 meta/recipes-core/meta/meta-world-pkgdata.bb  |   1 +
 .../cdrtools/cdrtools-native_3.01.bb          |   6 +-
 meta/recipes-devtools/rust/rust-source.inc    |   4 +-
 meta/recipes-extended/cups/cups.inc           |   5 +
 .../cups/cups/CVE-2024-47175-1.patch          |  73 +++++
 .../cups/cups/CVE-2024-47175-2.patch          | 148 +++++++++++
 .../cups/cups/CVE-2024-47175-3.patch          | 116 ++++++++
 .../cups/cups/CVE-2024-47175-4.patch          | 249 ++++++++++++++++++
 .../cups/cups/CVE-2024-47175-5.patch          |  37 +++
 meta/recipes-extended/zstd/zstd_1.5.2.bb      |   2 +-
 10 files changed, 637 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, October 21

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/283

The following changes since commit f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf:

  build-appliance-image: Update to kirkstone head revision (2024-10-12 05:20:21 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Ashish Sharma (1):
  libarchive: Fix CVE-2024-48957 & CVE-2024-48958

Khem Raj (1):
  syslinux: Disable error on implicit-function-declaration

Macpaul Lin (1):
  linux-firmware: upgrade 20240220 -> 20240909

Peter Marko (1):
  gcc: ignore CVE-2023-4039

Randolph Sapp (1):
  kmscube: create_framebuffer: backport modifier fix

 meta/recipes-devtools/gcc/gcc-11.5.inc        |  3 ++
 .../syslinux/syslinux_6.04-pre2.bb            |  2 +-
 .../libarchive/CVE-2024-48957.patch           | 33 +++++++++++++++++
 .../libarchive/CVE-2024-48958.patch           | 37 +++++++++++++++++++
 .../libarchive/libarchive_3.6.2.bb            |  2 +
 ...common.c-do-not-use-invalid-modifier.patch | 31 ++++++++++++++++
 meta/recipes-graphics/kmscube/kmscube_git.bb  |  1 +
 ...20240220.bb => linux-firmware_20240909.bb} |  8 ++--
 8 files changed, 112 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
 create mode 100644 meta/recipes-graphics/kmscube/kmscube/0001-drm-common.c-do-not-use-invalid-modifier.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20240220.bb => linux-firmware_20240909.bb} (99%)

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 8

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/398

The following changes since commit 2c913a7b66ea756ebc65a573e1b5bb5dba6834d2:

  util-linux: Define pidfd_* function signatures (2024-10-29 07:51:17 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Martin Jansa (1):
  xmlto: backport a patch to fix build with gcc-14 on host

Peter Marko (1):
  zstd: patch CVE-2022-4899

Richard Purdie (2):
  cve_check: Use a local copy of the database during builds
  package: Switch debug source handling to use prefix map

Ruiqiang Hao (1):
  gcc: restore a patch for Neoverse N2 core

 meta/classes/cve-check.bbclass                |    7 +-
 meta/classes/package.bbclass                  |   68 +-
 .../meta/cve-update-nvd2-native.bb            |   18 +-
 meta/recipes-devtools/gcc/gcc-11.5.inc        |    1 +
 ...4-Update-Neoverse-N2-core-definition.patch |   40 +
 ...001-Fix-return-type-of-main-function.patch |   42 +
 ...mlif.c-and-update-xmlif.l-to-comply-.patch | 1259 +++++++++++++++++
 .../0001-fix-Wimplicit-int-for-ifsense.patch  |   33 +
 meta/recipes-devtools/xmlto/xmlto_0.0.28.bb   |   10 +
 .../zstd/zstd/CVE-2022-4899-1.patch           |   66 +
 .../zstd/zstd/CVE-2022-4899-2.patch           |   83 ++
 meta/recipes-extended/zstd/zstd_1.5.2.bb      |    5 +-
 12 files changed, 1583 insertions(+), 49 deletions(-)
 create mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-definition.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Fix-return-type-of-main-function.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-fix-Wimplicit-int-for-ifsense.patch
 create mode 100644 meta/recipes-extended/zstd/zstd/CVE-2022-4899-1.patch
 create mode 100644 meta/recipes-extended/zstd/zstd/CVE-2022-4899-2.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, September 11

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2346

The following changes since commit 71ed9d8394f7e625270ee66f9c2816bba4aa2016:

  pulseaudio: Add audio group explicitly (2025-09-02 09:20:07 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (3):
  ffmpeg: fix CVE-2025-7700
  ffmpeg: fix multiple CVEs
  ffmpeg: fix CVE-2025-1594

Divya Chellam (1):
  wpa-supplicant: fix CVE-2022-37660

Gyorgy Sarvari (1):
  llvm: fix typo in CVE-2024-0151.patch

 .../wpa-supplicant/CVE-2022-37660-0001.patch  | 254 +++++
 .../wpa-supplicant/CVE-2022-37660-0002.patch  | 139 +++
 .../wpa-supplicant/CVE-2022-37660-0003.patch  | 196 ++++
 .../wpa-supplicant/CVE-2022-37660-0004.patch  | 941 ++++++++++++++++++
 .../wpa-supplicant/CVE-2022-37660-0005.patch  | 144 +++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   5 +
 .../llvm/llvm/CVE-2024-0151.patch             |  13 +-
 ...602-CVE-2023-6604-CVE-2023-6605-0001.patch |  79 ++
 ...602-CVE-2023-6604-CVE-2023-6605-0002.patch | 142 +++
 ...602-CVE-2023-6604-CVE-2023-6605-0003.patch |  45 +
 .../ffmpeg/ffmpeg/CVE-2025-1594.patch         | 104 ++
 .../ffmpeg/ffmpeg/CVE-2025-7700.patch         |  52 +
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb |   5 +
 13 files changed, 2114 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0001.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0002.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0003.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0004.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0005.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0001.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-1594.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-7700.patch

-- 
2.43.0