[OE-core][scarthgap 00/18] Patch review

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, August 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7256

The following changes since commit bbb8db8fec7fbee56fcdbc665a758b911d73a767:

  u-boot.inc: Refactor do_* steps into functions that can be overridden (2024-08-15 06:02:17 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexis Lothoré (1):
  oeqa/utils/postactions: transfer whole archive over ssh instead of
    doing individual copies

Ashish Sharma (1):
  ruby: Backport fix for CVE-2024-27282

Daniel Semkowicz (1):
  os-release: Fix VERSION_CODENAME in case it is empty

Gauthier HADERER (1):
  populate_sdk_ext.bclass: make sure OECORE_NATIVE_SYSROOT is exported.

Jon Mason (2):
  oeqa/runtime/ssh: add retry logic and sleeps to allow for slower
    systems
  oeqa/runtime/ssh: check for all errors at the end

Jose Quaresma (1):
  go: upgrade 1.22.5 -> 1.22.6

Kai Kang (1):
  glibc: fix fortran header file conflict for arm

Martin Jansa (1):
  libgfortran.inc: fix nativesdk-libgfortran dependencies

Mingli Yu (1):
  llvm: Enable libllvm for native build

Richard Purdie (2):
  oeqa/runtime/ssh: In case of failure, show exit code and handle -15
    (SIGTERM)
  oeqa/selftest/reproducibile: Explicitly list virtual targets

Ross Burton (2):
  gstreamer1.0: disable flaky baseparser tests
  librsvg: don't try to run target code at build time

Siddharth Doshi (1):
  Tiff: Security fix for CVE-2024-7006

Trevor Gamblin (1):
  maintainers.inc: add self for unassigned python recipes

Ulrich Ölmann (1):
  initramfs-framework: fix typos

Weisser, Pascal.ext (1):
  qemuboot: Trigger write_qemuboot_conf task on changes of kernel image
    realpath

 meta/classes-recipe/populate_sdk_ext.bbclass  |  2 +-
 meta/classes-recipe/qemuboot.bbclass          |  3 +-
 meta/conf/distro/include/maintainers.inc      |  8 +--
 meta/lib/oeqa/runtime/cases/ssh.py            | 31 ++++++---
 meta/lib/oeqa/selftest/cases/reproducible.py  |  3 +-
 meta/lib/oeqa/utils/postactions.py            | 19 +++---
 meta/recipes-core/glibc/glibc-package.inc     |  8 ++-
 .../initrdscripts/initramfs-framework/init    |  2 +-
 .../initrdscripts/initramfs-framework/rootfs  |  2 +-
 meta/recipes-core/os-release/os-release.bb    |  2 +-
 meta/recipes-devtools/gcc/libgfortran.inc     |  3 +-
 .../go/{go-1.22.5.inc => go-1.22.6.inc}       |  2 +-
 ...e_1.22.5.bb => go-binary-native_1.22.6.bb} |  6 +-
 ..._1.22.5.bb => go-cross-canadian_1.22.6.bb} |  0
 ...{go-cross_1.22.5.bb => go-cross_1.22.6.bb} |  0
 ...osssdk_1.22.5.bb => go-crosssdk_1.22.6.bb} |  0
 ...runtime_1.22.5.bb => go-runtime_1.22.6.bb} |  0
 .../go/{go_1.22.5.bb => go_1.22.6.bb}         |  0
 meta/recipes-devtools/llvm/llvm_18.1.6.bb     |  1 -
 .../ruby/ruby/CVE-2024-27282.patch            | 28 ++++++++
 meta/recipes-devtools/ruby/ruby_3.2.2.bb      |  1 +
 .../librsvg/disable-rsvg-loader-test.patch    | 40 ++++++++++++
 meta/recipes-gnome/librsvg/librsvg_2.57.1.bb  |  1 +
 .../gstreamer/gstreamer1.0/run-ptest          |  7 +-
 .../libtiff/tiff/CVE-2024-7006.patch          | 65 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |  1 +
 26 files changed, 198 insertions(+), 37 deletions(-)
 rename meta/recipes-devtools/go/{go-1.22.5.inc => go-1.22.6.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.5.bb => go-binary-native_1.22.6.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.5.bb => go-cross-canadian_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.5.bb => go-cross_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.5.bb => go-crosssdk_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.5.bb => go-runtime_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.5.bb => go_1.22.6.bb} (100%)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
 create mode 100644 meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch

-- 
2.34.1

[OE-core][scarthgap 01/18] ruby: Backport fix for CVE-2024-27282

[Steve Sakoman]

From: Ashish Sharma <asharma@mvista.com>

Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ruby/ruby/CVE-2024-27282.patch            | 28 +++++++++++++++++++
 meta/recipes-devtools/ruby/ruby_3.2.2.bb      |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
new file mode 100644
index 0000000000..dde7979278
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
@@ -0,0 +1,28 @@
+From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 12 Apr 2024 15:01:47 +1000
+Subject: [PATCH] Fix Use-After-Free issue for Regexp
+
+Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
+
+Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
+CVE: CVE-2024-27282
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ regexec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/regexec.c b/regexec.c
+index 73694ab14a0b0a..140691ad42489f 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+     CASE(OP_MEMORY_END_PUSH_REC)  MOP_IN(OP_MEMORY_END_PUSH_REC);
+       GET_MEMNUM_INC(mem, p);
+       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
+-      STACK_PUSH_MEM_END(mem, s);
+       mem_start_stk[mem] = GET_STACK_INDEX(stkp);
++      STACK_PUSH_MEM_END(mem, s);
+       MOP_OUT;
+       JUMP;
+ 
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
index 5c2b07e5e4..f1aff315b7 100644
--- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
            file://CVE-2023-36617_1.patch \
            file://CVE-2023-36617_2.patch \
            file://CVE-2024-27281.patch \
+           file://CVE-2024-27282.patch \
            "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
 
-- 
2.34.1

[OE-core][scarthgap 02/18] Tiff: Security fix for CVE-2024-7006

[Steve Sakoman]

From: Siddharth Doshi <sdoshi@mvista.com>

Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e]

CVE's Fixed:
CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5313b4b233a486e8a1483757ad9c9aed3a213aae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/tiff/CVE-2024-7006.patch          | 65 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch
new file mode 100644
index 0000000000..785244bdea
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch
@@ -0,0 +1,65 @@
+From 8ee0e7d2bdcc1a5a5a3241904b243964ab947b7b Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 1 Dec 2023 20:12:25 +0100
+Subject: [PATCH] Check return value of _TIFFCreateAnonField().
+
+Fixes #624
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e]
+CVE: CVE-2024-7006
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ libtiff/tif_dirinfo.c |  2 +-
+ libtiff/tif_dirread.c | 16 ++++++----------
+ 2 files changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 0e705e8..4cfdaad 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
+     if (fld == NULL)
+     {
+         fld = _TIFFCreateAnonField(tif, tag, dt);
+-        if (!_TIFFMergeFields(tif, fld, 1))
++        if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             return NULL;
+     }
+ 
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 58a4276..738df9f 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -4275,11 +4275,9 @@ int TIFFReadDirectory(TIFF *tif)
+                                 dp->tdir_tag, dp->tdir_tag);
+                 /* the following knowingly leaks the
+                    anonymous field structure */
+-                if (!_TIFFMergeFields(
+-                        tif,
+-                        _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                             (TIFFDataType)dp->tdir_type),
+-                        1))
++                const TIFFField *fld = _TIFFCreateAnonField(
++                    tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++                if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+                 {
+                     TIFFWarningExtR(
+                         tif, module,
+@@ -5153,11 +5151,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
+                             "Unknown field with tag %" PRIu16 " (0x%" PRIx16
+                             ") encountered",
+                             dp->tdir_tag, dp->tdir_tag);
+-            if (!_TIFFMergeFields(
+-                    tif,
+-                    _TIFFCreateAnonField(tif, dp->tdir_tag,
+-                                         (TIFFDataType)dp->tdir_type),
+-                    1))
++            const TIFFField *fld = _TIFFCreateAnonField(
++                tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
++            if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
+             {
+                 TIFFWarningExtR(tif, module,
+                                 "Registering anonymous field with tag %" PRIu16
+-- 
+2.44.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index d42ea6a6e5..89681be634 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-52355-0001.patch \
            file://CVE-2023-52355-0002.patch \
            file://CVE-2023-52356.patch \
+           file://CVE-2024-7006.patch \
            "
 
 SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a"
-- 
2.34.1

[OE-core][scarthgap 03/18] go: upgrade 1.22.5 -> 1.22.6

[Steve Sakoman]

From: Jose Quaresma <quaresma.jose@gmail.com>

Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.5..go1.22.6
cb4eee693c (tag: go1.22.6, origin/release-branch.go1.22) [release-branch.go1.22] go1.22.6
8c8adffd53 [release-branch.go1.22] cmd/compile: add 0-sized-value simplification to copyelim
70a1aae67f [release-branch.go1.22] cmd/trace/v2: make the -pprof actually useful
2c88c1d599 [release-branch.go1.22] cmd/trace/v2: handle the -pprof flag
4c50f9162c [release-branch.go1.22] cmd/internal/cov: close counter data files eagerly
9e148a4150 [release-branch.go1.22] internal/bytealg: extend memchr result correctly on wasm
4b27560db9 [release-branch.go1.22] go/types: fix assertion failure when range over int is not permitted
4e548f2c8e [release-branch.go1.22] cmd/link: don't let dsymutil delete our temp directory
45f9ded1df [release-branch.go1.22] cmd/compile: don't elide zero extension on top of signed values
49906f9575 [release-branch.go1.22] cmd/go: fix build config before creating actions for 'go list -cover'
ea96074191 [release-branch.go1.22] os/exec: only use cachedLookExtensions if Cmd.Path is unmodified

[1] https://github.com/golang/go/compare/go1.22.5...go1.22.6

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edaedfce685f13decad7608aefa36dece02665b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/{go-1.22.5.inc => go-1.22.6.inc}   | 2 +-
 ...o-binary-native_1.22.5.bb => go-binary-native_1.22.6.bb} | 6 +++---
 ...cross-canadian_1.22.5.bb => go-cross-canadian_1.22.6.bb} | 0
 .../go/{go-cross_1.22.5.bb => go-cross_1.22.6.bb}           | 0
 .../go/{go-crosssdk_1.22.5.bb => go-crosssdk_1.22.6.bb}     | 0
 .../go/{go-runtime_1.22.5.bb => go-runtime_1.22.6.bb}       | 0
 meta/recipes-devtools/go/{go_1.22.5.bb => go_1.22.6.bb}     | 0
 7 files changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/go/{go-1.22.5.inc => go-1.22.6.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.5.bb => go-binary-native_1.22.6.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.5.bb => go-cross-canadian_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.5.bb => go-cross_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.5.bb => go-crosssdk_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.5.bb => go-runtime_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.5.bb => go_1.22.6.bb} (100%)

diff --git a/meta/recipes-devtools/go/go-1.22.5.inc b/meta/recipes-devtools/go/go-1.22.6.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.22.5.inc
rename to meta/recipes-devtools/go/go-1.22.6.inc
index 7f7d8377ca..834debaf9b 100644
--- a/meta/recipes-devtools/go/go-1.22.5.inc
+++ b/meta/recipes-devtools/go/go-1.22.6.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
     file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
 "
-SRC_URI[main.sha256sum] = "ac9c723f224969aee624bc34fd34c9e13f2a212d75c71c807de644bb46e112f6"
+SRC_URI[main.sha256sum] = "9e48d99d519882579917d8189c17e98c373ce25abaebb98772e2927088992a51"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.5.bb b/meta/recipes-devtools/go/go-binary-native_1.22.6.bb
similarity index 78%
rename from meta/recipes-devtools/go/go-binary-native_1.22.5.bb
rename to meta/recipes-devtools/go/go-binary-native_1.22.6.bb
index b00857f001..ea4577f20a 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.5.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.6.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
 
 # Checksums available at https://go.dev/dl/
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "904b924d435eaea086515bc63235b192ea441bd8c9b198c507e85009e6e4c7f0"
-SRC_URI[go_linux_arm64.sha256sum] = "8d21325bfcf431be3660527c1a39d3d9ad71535fabdf5041c826e44e31642b5a"
-SRC_URI[go_linux_ppc64le.sha256sum] = "5312bb420ac0b59175a58927e70b4660b14ab7319aab54398b6071fabcbfbb09"
+SRC_URI[go_linux_amd64.sha256sum] = "999805bed7d9039ec3da1a53bfbcafc13e367da52aa823cb60b68ba22d44c616"
+SRC_URI[go_linux_arm64.sha256sum] = "c15fa895341b8eaf7f219fada25c36a610eb042985dc1a912410c1c90098eaf2"
+SRC_URI[go_linux_ppc64le.sha256sum] = "9d99fce3f6f72a76630fe91ec0884dfe3db828def4713368424900fa98bb2bd6"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.5.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.6.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.22.5.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.22.6.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.22.5.bb b/meta/recipes-devtools/go/go-cross_1.22.6.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.22.5.bb
rename to meta/recipes-devtools/go/go-cross_1.22.6.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.5.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.6.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.22.5.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.22.6.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.5.bb b/meta/recipes-devtools/go/go-runtime_1.22.6.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.22.5.bb
rename to meta/recipes-devtools/go/go-runtime_1.22.6.bb
diff --git a/meta/recipes-devtools/go/go_1.22.5.bb b/meta/recipes-devtools/go/go_1.22.6.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.22.5.bb
rename to meta/recipes-devtools/go/go_1.22.6.bb
-- 
2.34.1

[OE-core][scarthgap 04/18] llvm: Enable libllvm for native build

[Steve Sakoman]

From: Mingli Yu <mingli.yu@windriver.com>

The bpftrace recipe under meta-clang[1] needs llvm-objcopy [2] during
do_confgure phase otherwise there comes below error:
  | CMake Error at tests/data/CMakeLists.txt:6 (find_program):
  |   Could not find LLVM_OBJCOPY using the following names: llvm-objcopy,
  |   llvm-objcopy-18, llvm18-objcopy

The commit ec22bfa67f llvm: allow building libllvm in native builds, subject to PACKAGECONFIG [3]
introduces libllvm to manage the llvm function for native build
maybe because there is only mesa-native to use llvm-native.

Considering there are other recipes such as bpftrace needs llvm-native,
so enable libllvm for native build.

[1] https://github.com/kraj/meta-clang
[2] https://github.com/bpftrace/bpftrace/blob/master/tests/data/CMakeLists.txt
[3] https://git.openembedded.org/openembedded-core/commit/?id=ec22bfa67f6f1766102501d4593ce29aafe8c166

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/llvm/llvm_18.1.6.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-devtools/llvm/llvm_18.1.6.bb b/meta/recipes-devtools/llvm/llvm_18.1.6.bb
index b2df5b60e3..0496b8ed14 100644
--- a/meta/recipes-devtools/llvm/llvm_18.1.6.bb
+++ b/meta/recipes-devtools/llvm/llvm_18.1.6.bb
@@ -55,7 +55,6 @@ def get_llvm_host_arch(bb, d):
     return get_llvm_arch(bb, d, 'HOST_ARCH')
 
 PACKAGECONFIG ??= "libllvm"
-PACKAGECONFIG:class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'libllvm', '', d)}"
 # if optviewer OFF, force the modules to be not found or the ones on the host would be found
 PACKAGECONFIG[optviewer] = ",-DPY_PYGMENTS_FOUND=OFF -DPY_PYGMENTS_LEXERS_C_CPP_FOUND=OFF -DPY_YAML_FOUND=OFF,python3-pygments python3-pyyaml,python3-pygments python3-pyyaml"
 PACKAGECONFIG[libllvm] = ""
-- 
2.34.1

[OE-core][scarthgap 05/18] maintainers.inc: add self for unassigned python recipes

[Steve Sakoman]

From: Trevor Gamblin <tgamblin@baylibre.com>

Add myself as maintainer for the following:

- python3-setuptools
- python3-smmap
- python3-subunit
- python3-testtools

With that, every Python recipe in oe-core has a maintainer assigned.

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f7c4ab54d3ff1895d9fcb9aa20dece5e0661579d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/maintainers.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 12dfab80a8..baaf971a9a 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -697,12 +697,12 @@ RECIPE_MAINTAINER:pn-python3-rpds-py = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-ruamel-yaml = "Bruce Ashfield <bruce.ashfield@gmail.com>"
 RECIPE_MAINTAINER:pn-python3-scons = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-semantic-version = "Tim Orling <tim.orling@konsulko.com>"
-RECIPE_MAINTAINER:pn-python3-setuptools = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-python3-setuptools = "Trevor Gamblin <tgamblin@baylibre.com>"
 RECIPE_MAINTAINER:pn-python3-setuptools-rust = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-setuptools-scm = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-six = "Zang Ruochen <zangruochen@loongson.cn>"
 RECIPE_MAINTAINER:pn-python3-smartypants = "Alexander Kanavin <alex.kanavin@gmail.com>"
-RECIPE_MAINTAINER:pn-python3-smmap = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-python3-smmap = "Trevor Gamblin <tgamblin@baylibre.com>"
 RECIPE_MAINTAINER:pn-python3-snowballstemmer = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-sortedcontainers = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-spdx-tools = "Marta Rybczynska <mrybczynska@syslinbit.com>"
@@ -715,8 +715,8 @@ RECIPE_MAINTAINER:pn-python3-sphinxcontrib-jquery = "Tim Orling <tim.orling@kons
 RECIPE_MAINTAINER:pn-python3-sphinxcontrib-qthelp = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-sphinxcontrib-serializinghtml = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-sphinx-rtd-theme = "Tim Orling <tim.orling@konsulko.com>"
-RECIPE_MAINTAINER:pn-python3-subunit = "Unassigned <unassigned@yoctoproject.org>"
-RECIPE_MAINTAINER:pn-python3-testtools = "Unassigned <unassigned@yoctoproject.org>"
+RECIPE_MAINTAINER:pn-python3-subunit = "Trevor Gamblin <tgamblin@baylibre.com>"
+RECIPE_MAINTAINER:pn-python3-testtools = "Trevor Gamblin <tgamblin@baylibre.com>"
 RECIPE_MAINTAINER:pn-python3-toml = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-tomli = "Tim Orling <tim.orling@konsulko.com>"
 RECIPE_MAINTAINER:pn-python3-trove-classifiers = "Trevor Gamblin <tgamblin@baylibre.com>"
-- 
2.34.1

[OE-core][scarthgap 06/18] initramfs-framework: fix typos

[Steve Sakoman]

From: Ulrich Ölmann <u.oelmann@pengutronix.de>

Fix typos in debugging and error messages.

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 4995e222ebdc9b5508c2f03a11868f184e4629a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/initrdscripts/initramfs-framework/init   | 2 +-
 meta/recipes-core/initrdscripts/initramfs-framework/rootfs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/init b/meta/recipes-core/initrdscripts/initramfs-framework/init
index 567694aff7..20c0455ec8 100755
--- a/meta/recipes-core/initrdscripts/initramfs-framework/init
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/init
@@ -117,7 +117,7 @@ if grep -q devtmpfs /proc/filesystems; then
 	mount -t devtmpfs devtmpfs /dev
 else
 	if [ ! -d /dev ]; then
-		fatal "ERROR: /dev doesn't exist and kernel doesn't has devtmpfs enabled."
+		fatal "ERROR: /dev doesn't exist and kernel doesn't have devtmpfs enabled."
 	fi
 fi
 
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/rootfs b/meta/recipes-core/initrdscripts/initramfs-framework/rootfs
index e0efbe6ebe..38e138f618 100644
--- a/meta/recipes-core/initrdscripts/initramfs-framework/rootfs
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/rootfs
@@ -59,7 +59,7 @@ rootfs_run() {
 				fi
 			fi
 		fi
-		debug "Sleeping for $delay second(s) to wait root to settle..."
+		debug "Sleeping for $delay second(s) to wait for root to settle..."
 		sleep $delay
 		C=$(( $C + 1 ))
 	done
-- 
2.34.1

[OE-core][scarthgap 07/18] os-release: Fix VERSION_CODENAME in case it is empty

[Steve Sakoman]

From: Daniel Semkowicz <dse@thaumatec.com>

If DISTRO_CODENAME was not set, VERSION_CODENAME field was populated
with unparsed string. This resulted in the following line in os-release
file:

  VERSION_CODENAME="${DISTRO_CODENAME}"

According to systemd documentation, this field is optional.
Fix the problem by setting VERSION_CODENAME conditionally, only if
DISTRO_CODENAME was set.

Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70a0b8bc1d846c857be90ce2e97e60c5ee32558e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/os-release/os-release.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb
index 8906906bc3..93af08c182 100644
--- a/meta/recipes-core/os-release/os-release.bb
+++ b/meta/recipes-core/os-release/os-release.bb
@@ -24,7 +24,7 @@ ID = "${DISTRO}"
 NAME = "${DISTRO_NAME}"
 VERSION = "${DISTRO_VERSION}${@' (%s)' % DISTRO_CODENAME if 'DISTRO_CODENAME' in d else ''}"
 VERSION_ID = "${DISTRO_VERSION}"
-VERSION_CODENAME = "${DISTRO_CODENAME}"
+VERSION_CODENAME = "${@d.getVar('DISTRO_CODENAME') or ''}"
 PRETTY_NAME = "${DISTRO_NAME} ${VERSION}"
 
 # The vendor field is hardcoded to "openembedded" deliberately. We'd
-- 
2.34.1

[OE-core][scarthgap 08/18] libgfortran.inc: fix nativesdk-libgfortran dependencies

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* use virtual/* variables as INHIBIT_DEFAULT_DEPS does to avoid dependency on gcc-cross-
  from nativesdk-libgfortran

* the dependency was added in:
  https://git.openembedded.org/openembedded-core/commit/?id=00fba52c8a6f6383137cf89fc7aa34cc3e2ff45f
  causing:

  build/oe-core $ bitbake -g nativesdk-libgfortran
  NOTE: Resolving any missing task queue dependencies
  ERROR: Nothing PROVIDES 'gcc-cross-x86_64' (but virtual:nativesdk:/OE/build/oe-core/openembedded-core/meta/recipes-devtools/gcc/libgfortran_14.1.bb DEPENDS on or otherwise requires it). Close matches:
  gcc-cross-aarch64
  ...

  with:
  MACHINE=qemuarm64
  FORTRAN:forcevariable = ",fortran"

* after:
  https://git.openembedded.org/openembedded-core/commit/?id=44fc7aa1468ff042739cc5a91c84ef5c2a09e0a3
  nativesdk-libgfortran is pulled as dependency of nativesdk-gcc so this affects
  more people who didn't explicitly use nativesdk-libgfortran before

* the INHIBIT_DEFAULT_DEPS and gcc-runtime was there since gcc-4.8:
  https://git.openembedded.org/openembedded-core/commit/?id=a5e7ee5770b9e0cf719c573efffd874440f74289

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5ce2e9c66cd2c08e141913ec65386f940353a8c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/libgfortran.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/libgfortran.inc b/meta/recipes-devtools/gcc/libgfortran.inc
index e810146d4d..c68645e392 100644
--- a/meta/recipes-devtools/gcc/libgfortran.inc
+++ b/meta/recipes-devtools/gcc/libgfortran.inc
@@ -47,8 +47,9 @@ do_install () {
 	chown -R root:root ${D}
 }
 
+# avoid virtual/libc
 INHIBIT_DEFAULT_DEPS = "1"
-DEPENDS = "gcc-runtime gcc-cross-${TARGET_ARCH}"
+DEPENDS = "virtual/${HOST_PREFIX}gcc virtual/${HOST_PREFIX}compilerlibs"
 
 BBCLASSEXTEND = "nativesdk"
 
-- 
2.34.1

[OE-core][scarthgap 09/18] glibc: fix fortran header file conflict for arm

[Steve Sakoman]

From: Kai Kang <kai.kang@windriver.com>

There is a file conflict for arm when multilib enabled:

| Error: Transaction test error:
|   file /usr/include/finclude/math-vector-fortran.h conflicts between attempted installs of
    lib32-libc6-dev-2.39+git0+312e159626-r0.armv7at2hf_neon and libc6-dev-2.39+git0+312e159626-r0.cortexa72

Install math-vector-fortran.h to the gfortran default search directory
which is arch specific to avoid the conflict.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d2165543e796d4558c632af24eb7b115bca45969)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-package.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc
index 1ef987be0a..b90ff66612 100644
--- a/meta/recipes-core/glibc/glibc-package.inc
+++ b/meta/recipes-core/glibc/glibc-package.inc
@@ -39,7 +39,7 @@ FILES:sln = "${base_sbindir}/sln"
 FILES:${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o"
 FILES:libsotruss = "${libdir}/audit/sotruss-lib.so"
 FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}"
-FILES:${PN}-dev += "${libdir}/libpthread.a ${libdir}/libdl.a ${libdir}/libutil.a ${libdir}/libanl.a ${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal"
+FILES:${PN}-dev += "${libdir}/libpthread.a ${libdir}/libdl.a ${libdir}/libutil.a ${libdir}/libanl.a ${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal ${libdir}/gcc/${TARGET_SYS}/*/finclude"
 RDEPENDS:${PN}-dev = "linux-libc-headers-dev"
 FILES:${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a"
 FILES:nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd ${systemd_system_unitdir}/nscd* ${nonarch_libdir}/tmpfiles.d/nscd.conf \
@@ -169,6 +169,12 @@ do_install_armmultilib () {
 	oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h sys/user.h
 }
 
+do_install_armmultilib:append:class-target() {
+    gcc_version=$($CC -dumpversion)
+    mkdir -p ${D}${libdir}/gcc/${TARGET_SYS}/${gcc_version}/finclude
+    mv ${D}${includedir}/finclude/math-vector-fortran.h ${D}${libdir}/gcc/${TARGET_SYS}/${gcc_version}/finclude/
+    rmdir --ignore-fail-on-non-empty ${D}${includedir}/finclude
+}
 
 LOCALESTASH = "${WORKDIR}/stashed-locale"
 bashscripts = "mtrace sotruss xtrace"
-- 
2.34.1

[OE-core][scarthgap 10/18] gstreamer1.0: disable flaky baseparser tests

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

There are three baseparser tests which are causing trouble on the AB,
so disable them as we've filed an upstream bug.

Also fix a typo when we were attempting to disable parser_pull_short_read
where a colon was used instead of a comma.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91dbe8d6c57805f38bd287f1b392759df066589b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest
index ab2df80dcc..7fee5a3d09 100755
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/run-ptest
@@ -16,6 +16,11 @@ GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_functioning"
 GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,test_infinite_seek_50_src_live"
 
 # Known unreliable tests as per subprojects/gst-devtools/validate/launcher/testsuites/check.py:
-GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE:parser_pull_short_read"
+GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,parser_pull_short_read"
+
+# These tests are fragile
+# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14884
+# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3524
+GST_CHECKS_IGNORE="$GST_CHECKS_IGNORE,parser_convert_duration,parser_pull_frame_growth,parser_reverse_playback"
 
 gnome-desktop-testing-runner gstreamer
-- 
2.34.1

[OE-core][scarthgap 11/18] librsvg: don't try to run target code at build time

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

The rsvg-loader test binary isn't installed but building it causes a mix
of build host and target code to be executed.  As we don't install the
test, don't build it.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78667e67a77df39c2af417e56ebf480962ff2e42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../librsvg/disable-rsvg-loader-test.patch    | 40 +++++++++++++++++++
 meta/recipes-gnome/librsvg/librsvg_2.57.1.bb  |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch

diff --git a/meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch b/meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch
new file mode 100644
index 0000000000..e56772a7e2
--- /dev/null
+++ b/meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch
@@ -0,0 +1,40 @@
+From df94cfa4a637c229fef32c349b5c2dfee2dca3fc Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Thu, 27 Jun 2024 17:09:11 +0100
+Subject: [PATCH] Don't build rsvg-loader in cross builds
+
+This binary is a non-installed test binary that isn't any use in cross builds, and
+causes problems because it generates a gdk-pixbuf loader cache at build time using
+a mix of host and target libraries.
+
+As we don't install the binary, we can just not build it.
+
+Upstream-Status: Inappropriate [upstream has moved to Meson]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ gdk-pixbuf-loader/Makefile.am | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gdk-pixbuf-loader/Makefile.am b/gdk-pixbuf-loader/Makefile.am
+index 44df9c6c..fb417d24 100644
+--- a/gdk-pixbuf-loader/Makefile.am
++++ b/gdk-pixbuf-loader/Makefile.am
+@@ -30,6 +30,7 @@ if PLATFORM_WIN32
+ libpixbufloader_svg_la_LDFLAGS += -no-undefined
+ endif
+ 
++if !CROSS_COMPILING
+ noinst_PROGRAMS = rsvg-loader
+ 
+ rsvg_loader_SOURCES = \
+@@ -52,6 +53,7 @@ EXTRA_rsvg_loader_DEPENDENCIES = libpixbufloader-svg.la gdk-pixbuf-loaders
+ 
+ gdk-pixbuf-loaders: Makefile
+ 	$(AM_V_GEN) ( $(GDK_PIXBUF_QUERYLOADERS) ./libpixbufloader-svg.la && GDK_PIXBUF_MODULEDIR=$(gdk_pixbuf_moduledir) $(GDK_PIXBUF_QUERYLOADERS)) > gdk-pixbuf.loaders 2>/dev/null
++endif
+ 
+ if CROSS_COMPILING
+ RUN_QUERY_LOADER_TEST=false
+-- 
+2.34.1
+
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb b/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb
index 4b52d4062b..ceaf1dfc00 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.57.1.bb
@@ -21,6 +21,7 @@ require ${BPN}-crates.inc
 
 SRC_URI += " \
            file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.patch \
+           file://disable-rsvg-loader-test.patch \
            "
 
 SRC_URI[archive.sha256sum] = "074671a3ed6fbcd67cae2a40e539107f4f097ca8a4ab1a894c05e2524ff340ef"
-- 
2.34.1

[OE-core][scarthgap 12/18] populate_sdk_ext.bclass: make sure OECORE_NATIVE_SYSROOT is exported.

[Steve Sakoman]

From: Gauthier HADERER <ghaderer@wyplay.com>

Fixes bug 15464.

OECORE_NATIVE_SYSROOT is correctly set up and exported in the SDK's
environment file. But it's then unset in buildtools/environment-setup-*.
The value is restored in the SDK's environment file but is not exported
again.

Signed-off-by: Gauthier HADERER <ghaderer@wyplay.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 825c996b7995d3ad510933b1a88229831ca5ea29)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/populate_sdk_ext.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass
index 09d5e2aeb6..e76ef60720 100644
--- a/meta/classes-recipe/populate_sdk_ext.bbclass
+++ b/meta/classes-recipe/populate_sdk_ext.bbclass
@@ -732,7 +732,7 @@ sdk_ext_postinst() {
 		echo "# Save and reset OECORE_NATIVE_SYSROOT as buildtools may change it" >> $env_setup_script
 		echo "SAVED=\"\$OECORE_NATIVE_SYSROOT\"" >> $env_setup_script
 		echo ". $target_sdk_dir/buildtools/environment-setup*" >> $env_setup_script
-		echo "OECORE_NATIVE_SYSROOT=\"\$SAVED\"" >> $env_setup_script
+		echo "export OECORE_NATIVE_SYSROOT=\"\$SAVED\"" >> $env_setup_script
 	fi
 
 	# Allow bitbake environment setup to be ran as part of this sdk.
-- 
2.34.1

[OE-core][scarthgap 13/18] qemuboot: Trigger write_qemuboot_conf task on changes of kernel image realpath

[Steve Sakoman]

From: "Weisser, Pascal.ext" <Pascal.Weisser.ext@karlstorz.com>

The qemuboot.conf file contains the realpath of the kernel image
referenced by QB_DEFAULT_KERNEL. So, it must be recreated in case the
realpath of the referenced kernel image changes.

The variables KERNEL_IMAGE_NAME and KERNEL_IMAGE_BIN_EXT determine the
realpath of the kernel image relative to DEPLOY_DIR_IMAGE. Adding both of
them to the vardeps of the write_qemuboot_conf task triggers the
write_qemuboot_conf task in case the realpath of the kernel image
referenced by QB_DEFAULT_KERNEL changes.

Fixes: [YOCTO 15525]

Signed-off-by: "Weisser, Pascal" <pascal.weisser.ext@karlstorz.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8b3975a9ce36ea7af5fd76243a823da2842415b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/qemuboot.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes-recipe/qemuboot.bbclass b/meta/classes-recipe/qemuboot.bbclass
index 895fd38d68..0f80c60ab5 100644
--- a/meta/classes-recipe/qemuboot.bbclass
+++ b/meta/classes-recipe/qemuboot.bbclass
@@ -129,7 +129,8 @@ addtask do_write_qemuboot_conf after do_rootfs before do_image
 
 def qemuboot_vars(d):
     build_vars = ['MACHINE', 'TUNE_ARCH', 'DEPLOY_DIR_IMAGE',
-                'KERNEL_IMAGETYPE', 'IMAGE_NAME', 'IMAGE_LINK_NAME',
+                'KERNEL_IMAGETYPE', 'KERNEL_IMAGE_NAME',
+                'KERNEL_IMAGE_BIN_EXT', 'IMAGE_NAME', 'IMAGE_LINK_NAME',
                 'STAGING_DIR_NATIVE', 'STAGING_BINDIR_NATIVE',
                 'STAGING_DIR_HOST', 'SERIAL_CONSOLES', 'UNINATIVE_LOADER']
     return build_vars + [k for k in d.keys() if k.startswith('QB_')]
-- 
2.34.1

[OE-core][scarthgap 14/18] oeqa/runtime/ssh: add retry logic and sleeps to allow for slower systems

[Steve Sakoman]

From: Jon Mason <jdmason@kudzu.us>

On exceptionally slow systems, the ssh test can intermittently fail due
to a race between when ping works and the networking applications being
brought up.  To work around this issue, add some retry logic when ssh
fails to connect.  According to the man page of ssh, "ssh exits
with the exit status of the remote command or with 255 if an error
occurred."  So, only retry if the return code is 255, and limit the
number of retries to prevent it looping forever.

Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f0fe0b490d309cdf1c97754f85a61b5b948b7f28)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/ssh.py | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/ssh.py b/meta/lib/oeqa/runtime/cases/ssh.py
index cdbef59500..ae92bb34cd 100644
--- a/meta/lib/oeqa/runtime/cases/ssh.py
+++ b/meta/lib/oeqa/runtime/cases/ssh.py
@@ -4,6 +4,8 @@
 # SPDX-License-Identifier: MIT
 #
 
+import time
+
 from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
 from oeqa.runtime.decorator.package import OEHasPackage
@@ -13,12 +15,20 @@ class SSHTest(OERuntimeTestCase):
     @OETestDepends(['ping.PingTest.test_ping'])
     @OEHasPackage(['dropbear', 'openssh-sshd'])
     def test_ssh(self):
-        (status, output) = self.target.run('sleep 20', timeout=2)
-        msg='run() timed out but return code was zero.'
-        self.assertNotEqual(status, 0, msg=msg)
-        (status, output) = self.target.run('uname -a')
-        self.assertEqual(status, 0, msg='SSH Test failed: %s' % output)
-        (status, output) = self.target.run('cat /etc/controllerimage')
-        msg = "This isn't the right image  - /etc/controllerimage " \
-              "shouldn't be here %s" % output
-        self.assertEqual(status, 1, msg=msg)
+        for i in range(5):
+          status, output = self.target.run("uname -a", timeout=5)
+          if status == 0:
+              break
+          elif status == 255:
+              # ssh returns 255 only if a ssh error occurs.  This could
+              # be an issue with "Connection refused" because the port
+              # isn't open yet, and this could check explicitly for that
+              # here.  However, let's keep it simple and just retry for
+              # all errors a limited amount of times with a sleep to
+              # give it time for the port to open.
+              time.sleep(5)
+              continue
+          else:
+              self.fail("uname failed with \"%s\"" %output)
+        if status == 255:
+            self.fail("ssh error %s" %output)
-- 
2.34.1

[OE-core][scarthgap 15/18] oeqa/runtime/ssh: In case of failure, show exit code and handle -15 (SIGTERM)

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Ensure we show the failing exit code in case of failures.

We're seeing autobuilder failures with -15 (SIGTERM) which is probably from
slow boot/init. Retry in these cases for now.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 127d3bd8d5509ae17e359c1365859fd362ffc74f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/ssh.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/ssh.py b/meta/lib/oeqa/runtime/cases/ssh.py
index ae92bb34cd..9a8deb3f25 100644
--- a/meta/lib/oeqa/runtime/cases/ssh.py
+++ b/meta/lib/oeqa/runtime/cases/ssh.py
@@ -5,6 +5,7 @@
 #
 
 import time
+import signal
 
 from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
@@ -19,16 +20,18 @@ class SSHTest(OERuntimeTestCase):
           status, output = self.target.run("uname -a", timeout=5)
           if status == 0:
               break
-          elif status == 255:
+          elif status == 255 or status == -signal.SIGTERM:
               # ssh returns 255 only if a ssh error occurs.  This could
               # be an issue with "Connection refused" because the port
               # isn't open yet, and this could check explicitly for that
               # here.  However, let's keep it simple and just retry for
               # all errors a limited amount of times with a sleep to
               # give it time for the port to open.
+              # We sometimes see -15 (SIGTERM) on slow emulation machines too, likely
+              # from boot/init not being 100% complete, retry for these too.
               time.sleep(5)
               continue
           else:
-              self.fail("uname failed with \"%s\"" %output)
+              self.fail("uname failed with \"%s\" (exit code %s)" % (output, status))
         if status == 255:
             self.fail("ssh error %s" %output)
-- 
2.34.1

[OE-core][scarthgap 16/18] oeqa/runtime/ssh: check for all errors at the end

[Steve Sakoman]

From: Jon Mason <jdmason@kudzu.us>

With the retry for the -SIGTERM, it is possible to still see that error
after the 5th attempt and mark the run a success.  Check for any
non-zero status in the final check and error out to close the gap.
While there, make the error print match the one above and be a little
more verbose.  Also, I'm seeing it take roughly 6 attempts on my local
(very slow) system to pass.  So, increasing the number of attempts to
10.

Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c3ebe591eef6e0479d623ec2237cfea16db5c80)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/ssh.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/ssh.py b/meta/lib/oeqa/runtime/cases/ssh.py
index 9a8deb3f25..08430ae9db 100644
--- a/meta/lib/oeqa/runtime/cases/ssh.py
+++ b/meta/lib/oeqa/runtime/cases/ssh.py
@@ -16,7 +16,7 @@ class SSHTest(OERuntimeTestCase):
     @OETestDepends(['ping.PingTest.test_ping'])
     @OEHasPackage(['dropbear', 'openssh-sshd'])
     def test_ssh(self):
-        for i in range(5):
+        for i in range(10):
           status, output = self.target.run("uname -a", timeout=5)
           if status == 0:
               break
@@ -33,5 +33,5 @@ class SSHTest(OERuntimeTestCase):
               continue
           else:
               self.fail("uname failed with \"%s\" (exit code %s)" % (output, status))
-        if status == 255:
-            self.fail("ssh error %s" %output)
+        if status != 0:
+            self.fail("ssh failed with \"%s\" (exit code %s)" % (output, status))
-- 
2.34.1

[OE-core][scarthgap 17/18] oeqa/selftest/reproducibile: Explicitly list virtual targets

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We're seeing reproducibility failures where some packages don't appear
in the "from sstate" builds. The common factor is these are all recipes
with PROVIDES = "virtual/XXX".

In a full build from scratch, these are build but in a build from sstate,
there are situations where they aren't. For now, to try and keep builds
working, work around the problem until we can better look into the problem.
It is likely recent taskhash imrovements have caused this to occur more
regularly.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68086a333acc54390e4e589ef928dc90da3edb48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/reproducible.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py
index 80e830136f..021e894012 100644
--- a/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -133,7 +133,8 @@ class ReproducibleTests(OESelftestTestCase):
     max_report_size = 250 * 1024 * 1024
 
     # targets are the things we want to test the reproducibility of
-    targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world']
+    # Have to add the virtual targets manually for now as builds may or may not include them as they're exclude from world
+    targets = ['core-image-minimal', 'core-image-sato', 'core-image-full-cmdline', 'core-image-weston', 'world', 'virtual/librpc', 'virtual/libsdl2', 'virtual/crypt']
 
     # sstate targets are things to pull from sstate to potentially cut build/debugging time
     sstate_targets = []
-- 
2.34.1

[OE-core][scarthgap 18/18] oeqa/utils/postactions: transfer whole archive over ssh instead of doing individual copies

[Steve Sakoman]

From: Alexis Lothoré <alexis.lothore@bootlin.com>

Fixes [YOCTO 15536]

The postactions retrieval actions currently rely on scp executed
individually on any file or directory expanded from
TESTIMAGE_FAILED_QA_ARTIFACTS. Unfortunately, symlinks are not preserved
with this mechanism, which lead to big storage space consumption. Things
may go even worse if those symlinks create some circular chains. This
mechanism then needs to be updated to preserve symlinks instead of
following them during copy. There are multiple ways to do it:
- create a local archive on the target and execute scp on this file
- use rsync instead of scp for all files
- create an archive and pipe it to ssh instead of storing it onto the
  target

The first solution may create pressure on targets storage space, while the
second assumes that rsync is installed on the target, which may not be
true. So the third one is a compromise: tar is very likely present, at
least through busybox, and no disk space is used on the target.

Replace the current per-file scp call by a single call to tar run on the
target. Retrieve the generated compressed archive directly from SSH output,
and feed it to another tar process but on host, to uncompress and extract
it at the same place as before.

Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4aeb10aa38efc6768928fbb74985e36e972b8e46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/utils/postactions.py | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/meta/lib/oeqa/utils/postactions.py b/meta/lib/oeqa/utils/postactions.py
index ecdddd2d40..2a08129d6c 100644
--- a/meta/lib/oeqa/utils/postactions.py
+++ b/meta/lib/oeqa/utils/postactions.py
@@ -62,17 +62,16 @@ def get_artifacts_list(target, raw_list):
     return result
 
 def retrieve_test_artifacts(target, artifacts_list, target_dir):
+    import io, subprocess
     local_artifacts_dir = os.path.join(target_dir, "artifacts")
-    for artifact_path in artifacts_list:
-        if not os.path.isabs(artifact_path):
-            bb.warn(f"{artifact_path} is not an absolute path")
-            continue
-        try:
-            dest_dir = os.path.join(local_artifacts_dir, os.path.dirname(artifact_path[1:]))
-            os.makedirs(dest_dir, exist_ok=True)
-            target.copyFrom(artifact_path, dest_dir)
-        except Exception as e:
-            bb.warn(f"Can not retrieve {artifact_path} from test target: {e}")
+    try:
+        cmd = "tar zcf - " + " ".join(artifacts_list)
+        (status, output) = target.run(cmd, raw = True)
+        if status != 0 or not output:
+            raise Exception("Error while fetching compressed artifacts")
+        p = subprocess.run(["tar", "zxf", "-", "-C", local_artifacts_dir], input=output)
+    except Exception as e:
+        bb.warn(f"Can not retrieve {artifact_path} from test target: {e}")
 
 def list_and_fetch_failed_tests_artifacts(d, tc):
     artifacts_list = get_artifacts_list(tc.target, d.getVar("TESTIMAGE_FAILED_QA_ARTIFACTS"))
-- 
2.34.1

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, December 30

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2919

The following changes since commit 2b3d2b671a149cbeea2bdc9ba42192da2015c3b7:

  Revert "lib/oe/go: document map_arch, and raise an error on unknown architecture" (2025-12-11 13:41:59 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adarsh Jagadish Kamini (1):
  rsync: fix CVE-2025-10158

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.14

Daniel Turull (1):
  cmake-native: fix CVE-2025-9301

Deepak Rathore (2):
  cups 2.4.11: Fix CVE-2025-58436
  cups 2.4.11: Fix CVE-2025-61915

Deepesh Varatharajan (1):
  binutils: Fix CVE-2025-11494

Enrico Jörns (1):
  cml1.bbclass: use consistent make flags for menuconfig

Jiaying Song (1):
  python3-urllib3: fix CVE-2025-66418 CVE-2025-66471

Kai Kang (1):
  qemu: fix CVE-2025-12464

Kamel Bouhara (Schneider Electric) (3):
  kernel.bbclass: Add task to export kernel configuration to SPDX
  spdx30_tasks: Add support for exporting PACKAGECONFIG to SPDX
  oeqa/selftest: oe-selftest: Add SPDX tests for kernel config and
    PACKAGECONFIG

Martin Jansa (1):
  cross.bbclass: Propagate dependencies to outhash

Mingli Yu (2):
  libxslt: Fix CVE-2025-11731
  ruby: Upgrade 3.3.5 -> 3.3.10

Moritz Haase (1):
  curl: Use host CA bundle by default for native(sdk) builds

Yash Shinde (2):
  binutils: fix CVE-2025-11839
  binutils: fix CVE-2025-11840

 meta/classes-recipe/cml1.bbclass              |   2 +-
 meta/classes-recipe/cross.bbclass             |  36 +
 meta/classes-recipe/kernel.bbclass            |  67 +-
 meta/classes/create-spdx-3.0.bbclass          |  11 +
 meta/lib/oe/spdx30_tasks.py                   |  20 +
 meta/lib/oeqa/selftest/cases/spdx.py          |  57 ++
 .../binutils/binutils-2.42.inc                |   3 +
 .../binutils/0028-CVE-2025-11494.patch        |  43 ++
 .../binutils/0029-CVE-2025-11839.patch        |  32 +
 .../binutils/0030-CVE-2025-11840.patch        |  37 +
 .../cmake/cmake-native_3.28.3.bb              |   1 +
 .../python3-urllib3/CVE-2025-66418.patch      |  80 +++
 .../python3-urllib3/CVE-2025-66471.patch      | 585 ++++++++++++++++
 .../python/python3-urllib3_2.2.2.bb           |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2025-12464.patch            |  70 ++
 .../rsync/files/CVE-2025-10158.patch          |  36 +
 meta/recipes-devtools/rsync/rsync_3.2.7.bb    |   1 +
 .../ruby/ruby/CVE-2025-27219.patch            |  31 -
 .../ruby/ruby/CVE-2025-27220.patch            |  78 ---
 .../ruby/ruby/CVE-2025-27221-0001.patch       |  57 --
 .../ruby/ruby/CVE-2025-27221-0002.patch       |  73 --
 .../ruby/{ruby_3.3.5.bb => ruby_3.3.10.bb}    |   6 +-
 meta/recipes-extended/cups/cups.inc           |   2 +
 .../cups/cups/CVE-2025-58436.patch            | 635 ++++++++++++++++++
 .../cups/cups/CVE-2025-61915.patch            | 491 ++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  11 +-
 .../libxslt/files/CVE-2025-11731.patch        |  42 ++
 .../recipes-support/libxslt/libxslt_1.1.43.bb |   3 +-
 scripts/install-buildtools                    |   4 +-
 30 files changed, 2263 insertions(+), 254 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0028-CVE-2025-11494.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0029-CVE-2025-11839.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0030-CVE-2025-11840.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2025-10158.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0001.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0002.patch
 rename meta/recipes-devtools/ruby/{ruby_3.3.5.bb => ruby_3.3.10.bb} (95%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch
 create mode 100644 meta/recipes-support/libxslt/files/CVE-2025-11731.patch

-- 
2.43.0

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, October 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553

The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:

  expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.12

Archana Polampalli (1):
  go: fix CVE-2025-47906

Deepesh Varatharajan (1):
  glibc: stable 2.39 branch updates

Gyorgy Sarvari (1):
  conf/bitbake.conf: use gnu mirror instead of main server

Hitendra Prajapati (1):
  grub2: mark CVE-2024-2312 as not applicable

Peter Marko (10):
  busybox: patch CVE-2025-46394
  gstreamer1.0: ignore CVEs fixed in plugins
  gstreamer1.0: ignore CVE-2025-2759
  ghostscript: patch CVE-2025-59798
  ghostscript: patch CVE-2025-59799
  ghostscript: patch CVE-2025-59800
  expat: follow-up for CVE-2024-8176
  tiff: ignore 5 CVEs
  ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
  openssl: upgrade 3.2.4 -> 3.2.6

Ross Burton (1):
  pulseaudio: ignore CVE-2024-11586

Steve Sakoman (2):
  selftest/cases/meta_ide.py: use use gnu mirror instead of main server
  oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

 meta/conf/bitbake.conf                        |    2 +-
 meta/lib/oeqa/sdk/cases/buildcpio.py          |    2 +-
 meta/lib/oeqa/selftest/cases/meta_ide.py      |    2 +-
 meta/recipes-bsp/grub/grub2.inc               |    1 +
 .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
 .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
 .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
 .../busybox/busybox/CVE-2025-46394-01.patch   |   57 +
 .../busybox/busybox/CVE-2025-46394-02.patch   |   32 +
 meta/recipes-core/busybox/busybox_1.36.1.bb   |    2 +
 .../expat/expat/CVE-2024-8176-03.patch        |   35 +
 .../expat/expat/CVE-2024-8176-04.patch        |  115 +
 .../expat/expat/CVE-2024-8176-05.patch        |   78 +
 meta/recipes-core/expat/expat_2.6.4.bb        |    3 +
 meta/recipes-core/glibc/glibc-version.inc     |    4 +-
 meta/recipes-devtools/go/go-1.22.12.inc       |    1 +
 .../go/go/CVE-2025-47906.patch                |  183 ++
 .../ghostscript/CVE-2025-59798.patch          |  134 ++
 .../ghostscript/CVE-2025-59799.patch          |   41 +
 .../ghostscript/CVE-2025-59800.patch          |   36 +
 .../ghostscript/ghostscript_10.05.1.bb        |    3 +
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb |    4 +
 .../gstreamer/gstreamer1.0_1.22.12.bb         |   19 +-
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |    4 +
 .../pulseaudio/pulseaudio.inc                 |    2 +
 scripts/install-buildtools                    |    4 +-
 26 files changed, 754 insertions(+), 2061 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch

-- 
2.43.0

Re: [OE-core][scarthgap 00/18] Patch review

[Gyorgy Sarvari]

On 10/10/25 04:50, Steve Sakoman via lists.openembedded.org wrote:
> Please review this set of changes for scarthgap and have comments back by
> end of day Monday, October 13
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553

This didn't pass... though I guess it's some infra problem?

> The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:
>
>   expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
>   https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
>
> Aleksandar Nikolic (1):
>   scripts/install-buildtools: Update to 5.0.12
>
> Archana Polampalli (1):
>   go: fix CVE-2025-47906
>
> Deepesh Varatharajan (1):
>   glibc: stable 2.39 branch updates
>
> Gyorgy Sarvari (1):
>   conf/bitbake.conf: use gnu mirror instead of main server
>
> Hitendra Prajapati (1):
>   grub2: mark CVE-2024-2312 as not applicable
>
> Peter Marko (10):
>   busybox: patch CVE-2025-46394
>   gstreamer1.0: ignore CVEs fixed in plugins
>   gstreamer1.0: ignore CVE-2025-2759
>   ghostscript: patch CVE-2025-59798
>   ghostscript: patch CVE-2025-59799
>   ghostscript: patch CVE-2025-59800
>   expat: follow-up for CVE-2024-8176
>   tiff: ignore 5 CVEs
>   ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
>   openssl: upgrade 3.2.4 -> 3.2.6
>
> Ross Burton (1):
>   pulseaudio: ignore CVE-2024-11586
>
> Steve Sakoman (2):
>   selftest/cases/meta_ide.py: use use gnu mirror instead of main server
>   oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
>
>  meta/conf/bitbake.conf                        |    2 +-
>  meta/lib/oeqa/sdk/cases/buildcpio.py          |    2 +-
>  meta/lib/oeqa/selftest/cases/meta_ide.py      |    2 +-
>  meta/recipes-bsp/grub/grub2.inc               |    1 +
>  .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
>  .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
>  .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
>  .../busybox/busybox/CVE-2025-46394-01.patch   |   57 +
>  .../busybox/busybox/CVE-2025-46394-02.patch   |   32 +
>  meta/recipes-core/busybox/busybox_1.36.1.bb   |    2 +
>  .../expat/expat/CVE-2024-8176-03.patch        |   35 +
>  .../expat/expat/CVE-2024-8176-04.patch        |  115 +
>  .../expat/expat/CVE-2024-8176-05.patch        |   78 +
>  meta/recipes-core/expat/expat_2.6.4.bb        |    3 +
>  meta/recipes-core/glibc/glibc-version.inc     |    4 +-
>  meta/recipes-devtools/go/go-1.22.12.inc       |    1 +
>  .../go/go/CVE-2025-47906.patch                |  183 ++
>  .../ghostscript/CVE-2025-59798.patch          |  134 ++
>  .../ghostscript/CVE-2025-59799.patch          |   41 +
>  .../ghostscript/CVE-2025-59800.patch          |   36 +
>  .../ghostscript/ghostscript_10.05.1.bb        |    3 +
>  .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb |    4 +
>  .../gstreamer/gstreamer1.0_1.22.12.bb         |   19 +-
>  meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |    4 +
>  .../pulseaudio/pulseaudio.inc                 |    2 +
>  scripts/install-buildtools                    |    4 +-
>  26 files changed, 754 insertions(+), 2061 deletions(-)
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
>  rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
>  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
>  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
>  create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
>  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
>  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
>  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#224644): https://lists.openembedded.org/g/openembedded-core/message/224644
> Mute This Topic: https://lists.openembedded.org/mt/115683663/6084445
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

On Sun, Oct 12, 2025 at 12:02 PM Gyorgy Sarvari <skandigraun@gmail.com> wrote:
>
> On 10/10/25 04:50, Steve Sakoman via lists.openembedded.org wrote:
> > Please review this set of changes for scarthgap and have comments back by
> > end of day Monday, October 13
> >
> > Passed a-full on autobuilder:
> >
> > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553
>
> This didn't pass... though I guess it's some infra problem?

Yes, intermittent issue.  I retested that one failing test and it succeeded:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/66/builds/2483

Steve

>
> > The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:
> >
> >   expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)
> >
> > are available in the Git repository at:
> >
> >   https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
> >   https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
> >
> > Aleksandar Nikolic (1):
> >   scripts/install-buildtools: Update to 5.0.12
> >
> > Archana Polampalli (1):
> >   go: fix CVE-2025-47906
> >
> > Deepesh Varatharajan (1):
> >   glibc: stable 2.39 branch updates
> >
> > Gyorgy Sarvari (1):
> >   conf/bitbake.conf: use gnu mirror instead of main server
> >
> > Hitendra Prajapati (1):
> >   grub2: mark CVE-2024-2312 as not applicable
> >
> > Peter Marko (10):
> >   busybox: patch CVE-2025-46394
> >   gstreamer1.0: ignore CVEs fixed in plugins
> >   gstreamer1.0: ignore CVE-2025-2759
> >   ghostscript: patch CVE-2025-59798
> >   ghostscript: patch CVE-2025-59799
> >   ghostscript: patch CVE-2025-59800
> >   expat: follow-up for CVE-2024-8176
> >   tiff: ignore 5 CVEs
> >   ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
> >   openssl: upgrade 3.2.4 -> 3.2.6
> >
> > Ross Burton (1):
> >   pulseaudio: ignore CVE-2024-11586
> >
> > Steve Sakoman (2):
> >   selftest/cases/meta_ide.py: use use gnu mirror instead of main server
> >   oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
> >
> >  meta/conf/bitbake.conf                        |    2 +-
> >  meta/lib/oeqa/sdk/cases/buildcpio.py          |    2 +-
> >  meta/lib/oeqa/selftest/cases/meta_ide.py      |    2 +-
> >  meta/recipes-bsp/grub/grub2.inc               |    1 +
> >  .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
> >  .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
> >  .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
> >  .../busybox/busybox/CVE-2025-46394-01.patch   |   57 +
> >  .../busybox/busybox/CVE-2025-46394-02.patch   |   32 +
> >  meta/recipes-core/busybox/busybox_1.36.1.bb   |    2 +
> >  .../expat/expat/CVE-2024-8176-03.patch        |   35 +
> >  .../expat/expat/CVE-2024-8176-04.patch        |  115 +
> >  .../expat/expat/CVE-2024-8176-05.patch        |   78 +
> >  meta/recipes-core/expat/expat_2.6.4.bb        |    3 +
> >  meta/recipes-core/glibc/glibc-version.inc     |    4 +-
> >  meta/recipes-devtools/go/go-1.22.12.inc       |    1 +
> >  .../go/go/CVE-2025-47906.patch                |  183 ++
> >  .../ghostscript/CVE-2025-59798.patch          |  134 ++
> >  .../ghostscript/CVE-2025-59799.patch          |   41 +
> >  .../ghostscript/CVE-2025-59800.patch          |   36 +
> >  .../ghostscript/ghostscript_10.05.1.bb        |    3 +
> >  .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb |    4 +
> >  .../gstreamer/gstreamer1.0_1.22.12.bb         |   19 +-
> >  meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |    4 +
> >  .../pulseaudio/pulseaudio.inc                 |    2 +
> >  scripts/install-buildtools                    |    4 +-
> >  26 files changed, 754 insertions(+), 2061 deletions(-)
> >  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
> >  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
> >  rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
> >  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
> >  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
> >  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
> >  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
> >  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
> >  create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
> >  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
> >  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
> >  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#224644): https://lists.openembedded.org/g/openembedded-core/message/224644
> > Mute This Topic: https://lists.openembedded.org/mt/115683663/6084445
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, October 17

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/277

The following changes since commit 5ea3ba00532265165e0d30f6d2eed568f5b5867f:

  meta-world-pkgdata: Inherit nopackages (2024-10-06 06:07:52 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  sysvinit: take release tarballs from github

Claus Stovgaard (1):
  lib/oe/package-manager: skip processing installed-pkgs with empty
    globs

Hitendra Prajapati (2):
  cups: Backport fix for CVE-2024-47175
  libarchive: fix CVE-2024-48957 & CVE-2024-48958

Jaeyoon Jung (1):
  makedevs: Fix matching uid/gid

Jörg Sommer (2):
  ptest-runner: Update 2.4.4 -> 2.4.5
  runqemu: Fix detection of -serial parameter

Khem Raj (1):
  libpcre2: Update base uri PhilipHazel -> PCRE2Project

Louis Rannou (1):
  image_qa: fix error handling

Macpaul Lin (1):
  linux-firmware: upgrade 20240312 -> 20240909

Paul Barker (1):
  meta-ide-support: Mark recipe as MACHINE-specific

Paul Gerber (1):
  uboot-sign: fix counters in do_uboot_assemble_fitimage

Peter Marko (1):
  rust: ignore CVE-2024-43402

Purushottam Choudhary (1):
  virglrenderer: Add patch to fix -int-conversion build issue

Richard Purdie (2):
  license: Fix directory layout issues
  libsdl2: Fix non-deterministic configure option for libsamplerate

Teresa Remmet (1):
  recipes-bsp: usbutils: Fix usb-devices command using busybox

Yogita Urade (1):
  ruby: upgrade 3.2.2 -> 3.3.5

 meta/classes-global/license.bbclass           |  10 +-
 meta/classes-recipe/image.bbclass             |  11 +-
 meta/classes-recipe/uboot-sign.bbclass        |   3 +-
 meta/lib/oe/package_manager/__init__.py       |  76 +++---
 meta/lib/oe/utils.py                          |   2 +-
 meta/lib/oeqa/selftest/cases/meta_ide.py      |   4 +-
 ...devices-Fix-usb-devices-with-busybox.patch |  37 +++
 meta/recipes-bsp/usbutils/usbutils_017.bb     |   1 +
 meta/recipes-core/meta/meta-ide-support.bb    |   1 +
 meta/recipes-core/sysvinit/sysvinit_3.04.bb   |   5 +-
 .../makedevs/makedevs/makedevs.c              |  12 +-
 ...Alignof-to-define-ALIGN_OF-when-poss.patch |  52 ----
 ...e.in-do-not-write-host-cross-cc-item.patch |  32 ---
 ...Obey-LDFLAGS-for-the-link-of-libruby.patch |  25 --
 ...-Makefile.in-filter-out-f-prefix-map.patch |  42 ---
 ...eproducible-change-fixing-784225-too.patch |  26 +-
 .../0006-Make-gemspecs-reproducible.patch     |  18 +-
 .../ruby/ruby/CVE-2023-36617_1.patch          |  56 ----
 .../ruby/ruby/CVE-2023-36617_2.patch          |  52 ----
 .../ruby/ruby/CVE-2024-27281.patch            |  97 -------
 .../ruby/ruby/CVE-2024-27282.patch            |  28 --
 .../ruby/ruby/remove_has_include_macros.patch |  35 ---
 .../ruby/{ruby_3.2.2.bb => ruby_3.3.5.bb}     |  13 +-
 meta/recipes-devtools/rust/rust-source.inc    |   1 +
 meta/recipes-extended/cups/cups.inc           |   5 +
 .../cups/cups/CVE-2024-47175-1.patch          |  73 +++++
 .../cups/cups/CVE-2024-47175-2.patch          | 151 +++++++++++
 .../cups/cups/CVE-2024-47175-3.patch          | 119 +++++++++
 .../cups/cups/CVE-2024-47175-4.patch          | 249 ++++++++++++++++++
 .../cups/cups/CVE-2024-47175-5.patch          |  40 +++
 .../libarchive/CVE-2024-48957.patch           |  36 +++
 .../libarchive/CVE-2024-48958.patch           |  40 +++
 .../libarchive/libarchive_3.7.4.bb            |   5 +-
 .../libsdl2/libsdl2_2.30.1.bb                 |   1 +
 ...nversion-fatal-build-error-with-GCC-.patch |  41 +++
 .../virglrenderer/virglrenderer_1.0.1.bb      |   1 +
 ...20240312.bb => linux-firmware_20240909.bb} |   8 +-
 .../recipes-support/libpcre/libpcre2_10.43.bb |   2 +-
 ...-runner_2.4.4.bb => ptest-runner_2.4.5.bb} |   2 +-
 scripts/runqemu                               |   4 +-
 40 files changed, 898 insertions(+), 518 deletions(-)
 create mode 100755 meta/recipes-bsp/usbutils/usbutils/0001-usb-devices-Fix-usb-devices-with-busybox.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch
 rename meta/recipes-devtools/ruby/{ruby_3.2.2.bb => ruby_3.3.5.bb} (88%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
 create mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/0001-vrend-Fix-int-conversion-fatal-build-error-with-GCC-.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20240312.bb => linux-firmware_20240909.bb} (99%)
 rename meta/recipes-support/ptest-runner/{ptest-runner_2.4.4.bb => ptest-runner_2.4.5.bb} (95%)

-- 
2.34.1

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, August 6

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7208

The following changes since commit 1c9d3c22718bf49ae85c2d06e0ee60ebdc2fd0c1:

  openssh: systemd notification was implemented upstream (2024-07-28 19:27:16 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Changqing Li (1):
  rt-tests: rt_bmark.py: fix TypeError

Christian Taedcke (1):
  iptables: fix memory corruption when parsing nft rules

Khem Raj (2):
  busybox: CVE-2023-42364 and CVE-2023-42365 fixes
  busybox: Add fix for CVE-2023-42366

Mark Hatle (5):
  package.py: Fix static debuginfo split
  package.py: Fix static library processing
  selftest-hardlink: Add additional test cases
  create-spdx-*: Support multilibs via SPDX_MULTILIB_SSTATE_ARCHS
  oeqa sdk cases: Skip SDK test cases when TCLIBC is newlib

Niko Mauno (1):
  libyaml: Fix warning regarding unpatched CVE

Patrick Wicki (1):
  gpgme: move gpgme-tool to own sub-package

Peter Marko (1):
  libstd-rs,rust-cross-canadian: set CVE_PRODUCT to rust

Ranjitsinh Rathod (1):
  rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS

Richard Purdie (3):
  create-spdx-3.0/populate_sdk_base: Add SDK_CLASSES inherit mechanism
    to fix tarball SPDX manifests
  pseudo: Fix to work with glibc 2.40
  pseudo: Update to include open symlink handling bugfix

Wadim Egorov (1):
  watchdog: Set watchdog_module in default config

Yogita Urade (1):
  qemu: upgrade 8.2.2 -> 8.2.3

 .../selftest-hardlink/selftest-hardlink.bb    |  13 ++
 meta/classes-recipe/populate_sdk_base.bbclass |   7 +
 meta/classes-recipe/testimage.bbclass         |   2 -
 meta/classes/create-spdx-2.2.bbclass          |  14 +-
 meta/lib/oe/package.py                        |  57 ++++-
 meta/lib/oeqa/sdk/cases/assimp.py             |   4 +
 meta/lib/oeqa/sdk/cases/buildcpio.py          |   5 +
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |   4 +
 meta/lib/oeqa/sdk/cases/buildgalculator.py    |   4 +
 meta/lib/oeqa/sdk/cases/buildlzip.py          |   5 +
 meta/lib/oeqa/sdk/cases/gcc.py                |   4 +
 meta/lib/oeqa/selftest/cases/package.py       |  26 +++
 ...01-awk-fix-precedence-of-relative-to.patch | 197 ++++++++++++++++++
 ...1-awk.c-fix-CVE-2023-42366-bug-15874.patch |  37 ++++
 ...x-ternary-operator-and-precedence-of.patch |  96 +++++++++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |   3 +
 meta/recipes-core/meta/buildtools-tarball.bb  |   3 +
 .../pseudo/files/glibc238.patch               |  10 +-
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   2 +-
 ...u-native_8.2.2.bb => qemu-native_8.2.3.bb} |   0
 ...e_8.2.2.bb => qemu-system-native_8.2.3.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc           |   8 +-
 ...4-Handle-the-vsyscall-page-in-open_s.patch |  56 -----
 .../qemu/qemu/CVE-2024-3446-01.patch          |  73 -------
 .../qemu/qemu/CVE-2024-3446-02.patch          |  48 -----
 .../qemu/qemu/CVE-2024-3446-03.patch          |  47 -----
 .../qemu/qemu/CVE-2024-3446-04.patch          |  52 -----
 .../qemu/qemu/CVE-2024-3567.patch             |  48 -----
 .../qemu/{qemu_8.2.2.bb => qemu_8.2.3.bb}     |   0
 .../recipes-devtools/rust/libstd-rs_1.75.0.bb |   2 +
 .../rust/rust-cross-canadian.inc              |   1 +
 meta/recipes-devtools/rust/rust_1.75.0.bb     |   6 +-
 ...se-Add-missing-braces-around-ternary.patch |  37 ++++
 .../iptables/iptables_1.8.10.bb               |   1 +
 .../watchdog/watchdog-config/watchdog.default |   1 +
 meta/recipes-rt/rt-tests/files/rt_bmark.py    |   2 +-
 meta/recipes-support/gpgme/gpgme_1.23.2.bb    |  16 +-
 meta/recipes-support/libyaml/libyaml_0.2.5.bb |   2 +
 38 files changed, 537 insertions(+), 356 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
 rename meta/recipes-devtools/qemu/{qemu-native_8.2.2.bb => qemu-native_8.2.3.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_8.2.2.bb => qemu-system-native_8.2.3.bb} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
 rename meta/recipes-devtools/qemu/{qemu_8.2.2.bb => qemu_8.2.3.bb} (100%)
 create mode 100644 meta/recipes-extended/iptables/iptables/0005-nft-ruleparse-Add-missing-braces-around-ternary.patch

-- 
2.34.1