[OE-core][kirkstone 0/5] Patch review

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by end
of day Friday.  This should be the final set of patches for the 4.0.4 release.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4225

The following changes since commit 08406e03abddc7290c0c2296aa179725a58155d3:

  runqemu: display host uptime when starting (2022-09-12 04:45:14 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  lighttpd: upgrade 1.4.65 -> 1.4.66

Richard Purdie (1):
  vim: Upgrade 9.0.0341 -> 9.0.0453

niko.mauno@vaisala.com (2):
  systemd: Fix unwritable /var/lock when no sysvinit handling
  systemd: Add 'no-dns-fallback' PACKAGECONFIG option

wangmy (1):
  lighttpd: upgrade 1.4.64 -> 1.4.65

 meta/recipes-core/systemd/systemd/00-create-volatile.conf     | 1 +
 meta/recipes-core/systemd/systemd_250.5.bb                    | 1 +
 .../lighttpd/{lighttpd_1.4.64.bb => lighttpd_1.4.66.bb}       | 2 +-
 meta/recipes-support/vim/vim.inc                              | 4 ++--
 4 files changed, 5 insertions(+), 3 deletions(-)
 rename meta/recipes-extended/lighttpd/{lighttpd_1.4.64.bb => lighttpd_1.4.66.bb} (97%)

-- 
2.25.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 14

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6324

The following changes since commit 09ecafaf0e128c4dea062d359de37cbef461aed2:

  native: Clear TUNE_FEATURES/ABIEXTENSION (2023-12-07 08:09:37 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  gstreamer1.0-plugins-base: enable glx/opengl support

Archana Polampalli (1):
  bluez5: fix CVE-2023-45866

Mikko Rapeli (1):
  openssh: drop sudo from ptest dependencies

Vijay Anusuri (2):
  avahi: backport CVE-2023-1981 & CVE's follow-up patches
  gnutls: Backport fix for CVE-2023-5981

 meta/recipes-connectivity/avahi/avahi_0.8.bb  |  10 +-
 .../avahi/files/CVE-2023-1981.patch           |  58 +++++
 ...023-38469.patch => CVE-2023-38469-1.patch} |   0
 .../avahi/files/CVE-2023-38469-2.patch        |  65 ++++++
 ...023-38470.patch => CVE-2023-38470-1.patch} |   0
 .../avahi/files/CVE-2023-38470-2.patch        |  52 +++++
 ...023-38471.patch => CVE-2023-38471-1.patch} |   0
 .../avahi/files/CVE-2023-38471-2.patch        |  52 +++++
 .../avahi/files/CVE-2023-38472.patch          |  44 ++--
 meta/recipes-connectivity/bluez5/bluez5.inc   |   1 +
 .../bluez5/bluez5/CVE-2023-45866.patch        |  56 +++++
 .../openssh/openssh/run-ptest                 |   2 +-
 .../openssh/openssh_8.9p1.bb                  |   2 +-
 .../gstreamer1.0-plugins-base_1.20.7.bb       |   6 +-
 .../gnutls/gnutls/CVE-2023-5981.patch         | 206 ++++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   1 +
 16 files changed, 526 insertions(+), 29 deletions(-)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-1981.patch
 rename meta/recipes-connectivity/avahi/files/{CVE-2023-38469.patch => CVE-2023-38469-1.patch} (100%)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38469-2.patch
 rename meta/recipes-connectivity/avahi/files/{CVE-2023-38470.patch => CVE-2023-38470-1.patch} (100%)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38470-2.patch
 rename meta/recipes-connectivity/avahi/files/{CVE-2023-38471.patch => CVE-2023-38471-1.patch} (100%)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2023-38471-2.patch
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, May 1

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6857

The following changes since commit b7182571242dc4e23e5250a449d90348e62a6abc:

  build-appliance-image: Update to kirkstone head revision (2024-04-22 16:57:58 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (2):
  gnutls: fix CVE-2024-28834
  gnutls: fix CVE-2024-28835

Michael Glembotzki (1):
  rootfs-postcommands.bbclass: Only set DROPBEAR_RSAKEY_DIR once

Peter Marko (1):
  glibc: Update to latest on stable 2.35 branch

Vijay Anusuri (1):
  go: Fix for CVE-2023-45288

 meta/classes/rootfs-postcommands.bbclass      |   4 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 meta/recipes-core/glibc/glibc_2.35.bb         |   2 +-
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.18/CVE-2023-45288.patch           |  95 ++++
 .../gnutls/gnutls/CVE-2024-28834.patch        | 457 ++++++++++++++++++
 .../gnutls/gnutls/CVE-2024-28835.patch        | 406 ++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.7.4.bb   |   2 +
 8 files changed, 966 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-45288.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-28834.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-28835.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 2

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7193

The following changes since commit f6de96c9fa8d0b6c81c32016f342ad93c8940d9e:

  uboot-sign: Fix index error in concat_dtb_helper() with multiple configs (2024-07-19 05:44:22 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Deepthi Hemraj (2):
  llvm: Fix CVE-2023-46049
  llvm: Fix CVE-2024-31852

Peter Marko (2):
  wpa-supplicant: Patch CVE-2023-52160
  gcc-runtime: remove bashism

Wang Mingyu (1):
  wireless-regdb: upgrade 2024.01.23 -> 2024.05.08

 ...te-Phase-2-authentication-requiremen.patch | 213 ++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   1 +
 meta/recipes-devtools/gcc/gcc-runtime.inc     |   2 +-
 .../llvm/llvm/CVE-2023-46049.patch            |  34 +++
 .../llvm/llvm/CVE-2024-31852-1.patch          |  85 +++++++
 .../llvm/llvm/CVE-2024-31852-2.patch          | 117 ++++++++++
 meta/recipes-devtools/llvm/llvm_git.bb        |   3 +
 ....01.23.bb => wireless-regdb_2024.05.08.bb} |   2 +-
 8 files changed, 455 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
 create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.01.23.bb => wireless-regdb_2024.05.08.bb} (94%)

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, October 11

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7379

The following changes since commit 3b646f322b4ffd5ed520f3815ce0726cf225ced2:

  populate_sdk_base: inherit nopackages (2024-10-01 15:29:08 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Martin Jansa (2):
  meta-world-pkgdata: Inherit nopackages
  cdrtools-native: fix build with gcc-14

Massimiliano Minella (1):
  zstd: fix LICENSE statement

Peter Marko (1):
  rust: ignore CVE-2024-43402

Vijay Anusuri (1):
  cups: Backport fix for CVE-2024-47175

 meta/recipes-core/meta/meta-world-pkgdata.bb  |   1 +
 .../cdrtools/cdrtools-native_3.01.bb          |   6 +-
 meta/recipes-devtools/rust/rust-source.inc    |   4 +-
 meta/recipes-extended/cups/cups.inc           |   5 +
 .../cups/cups/CVE-2024-47175-1.patch          |  73 +++++
 .../cups/cups/CVE-2024-47175-2.patch          | 148 +++++++++++
 .../cups/cups/CVE-2024-47175-3.patch          | 116 ++++++++
 .../cups/cups/CVE-2024-47175-4.patch          | 249 ++++++++++++++++++
 .../cups/cups/CVE-2024-47175-5.patch          |  37 +++
 meta/recipes-extended/zstd/zstd_1.5.2.bb      |   2 +-
 10 files changed, 637 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, October 21

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/283

The following changes since commit f09fca692f96c9c428e89c5ef53fbcb92ac0c9bf:

  build-appliance-image: Update to kirkstone head revision (2024-10-12 05:20:21 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Ashish Sharma (1):
  libarchive: Fix CVE-2024-48957 & CVE-2024-48958

Khem Raj (1):
  syslinux: Disable error on implicit-function-declaration

Macpaul Lin (1):
  linux-firmware: upgrade 20240220 -> 20240909

Peter Marko (1):
  gcc: ignore CVE-2023-4039

Randolph Sapp (1):
  kmscube: create_framebuffer: backport modifier fix

 meta/recipes-devtools/gcc/gcc-11.5.inc        |  3 ++
 .../syslinux/syslinux_6.04-pre2.bb            |  2 +-
 .../libarchive/CVE-2024-48957.patch           | 33 +++++++++++++++++
 .../libarchive/CVE-2024-48958.patch           | 37 +++++++++++++++++++
 .../libarchive/libarchive_3.6.2.bb            |  2 +
 ...common.c-do-not-use-invalid-modifier.patch | 31 ++++++++++++++++
 meta/recipes-graphics/kmscube/kmscube_git.bb  |  1 +
 ...20240220.bb => linux-firmware_20240909.bb} |  8 ++--
 8 files changed, 112 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
 create mode 100644 meta/recipes-graphics/kmscube/kmscube/0001-drm-common.c-do-not-use-invalid-modifier.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20240220.bb => linux-firmware_20240909.bb} (99%)

-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 8

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/398

The following changes since commit 2c913a7b66ea756ebc65a573e1b5bb5dba6834d2:

  util-linux: Define pidfd_* function signatures (2024-10-29 07:51:17 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Martin Jansa (1):
  xmlto: backport a patch to fix build with gcc-14 on host

Peter Marko (1):
  zstd: patch CVE-2022-4899

Richard Purdie (2):
  cve_check: Use a local copy of the database during builds
  package: Switch debug source handling to use prefix map

Ruiqiang Hao (1):
  gcc: restore a patch for Neoverse N2 core

 meta/classes/cve-check.bbclass                |    7 +-
 meta/classes/package.bbclass                  |   68 +-
 .../meta/cve-update-nvd2-native.bb            |   18 +-
 meta/recipes-devtools/gcc/gcc-11.5.inc        |    1 +
 ...4-Update-Neoverse-N2-core-definition.patch |   40 +
 ...001-Fix-return-type-of-main-function.patch |   42 +
 ...mlif.c-and-update-xmlif.l-to-comply-.patch | 1259 +++++++++++++++++
 .../0001-fix-Wimplicit-int-for-ifsense.patch  |   33 +
 meta/recipes-devtools/xmlto/xmlto_0.0.28.bb   |   10 +
 .../zstd/zstd/CVE-2022-4899-1.patch           |   66 +
 .../zstd/zstd/CVE-2022-4899-2.patch           |   83 ++
 meta/recipes-extended/zstd/zstd_1.5.2.bb      |    5 +-
 12 files changed, 1583 insertions(+), 49 deletions(-)
 create mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-definition.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Fix-return-type-of-main-function.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-fix-Wimplicit-int-for-ifsense.patch
 create mode 100644 meta/recipes-extended/zstd/zstd/CVE-2022-4899-1.patch
 create mode 100644 meta/recipes-extended/zstd/zstd/CVE-2022-4899-2.patch

-- 
2.34.1

[OE-core][kirkstone 1/5] zstd: patch CVE-2022-4899

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Pick commits from [1] linked from [2] via [3].

[1] https://github.com/facebook/zstd/pull/3220
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899
[3] https://github.com/facebook/zstd/issues/3200

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../zstd/zstd/CVE-2022-4899-1.patch           | 66 +++++++++++++++
 .../zstd/zstd/CVE-2022-4899-2.patch           | 83 +++++++++++++++++++
 meta/recipes-extended/zstd/zstd_1.5.2.bb      |  5 +-
 3 files changed, 153 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/zstd/zstd/CVE-2022-4899-1.patch
 create mode 100644 meta/recipes-extended/zstd/zstd/CVE-2022-4899-2.patch

diff --git a/meta/recipes-extended/zstd/zstd/CVE-2022-4899-1.patch b/meta/recipes-extended/zstd/zstd/CVE-2022-4899-1.patch
new file mode 100644
index 0000000000..c21aae7cb1
--- /dev/null
+++ b/meta/recipes-extended/zstd/zstd/CVE-2022-4899-1.patch
@@ -0,0 +1,66 @@
+From e1873ad576cb478fff0e6e44ad99599cd5fd2846 Mon Sep 17 00:00:00 2001
+From: Elliot Gorokhovsky <embg@fb.com>
+Date: Fri, 29 Jul 2022 11:10:47 -0700
+Subject: [PATCH 1/2] Fix buffer underflow for null dir1
+
+CVE: CVE-2022-4899
+Upstream-Status: Backport [https://github.com/facebook/zstd/pull/3220/commits/e1873ad576cb478fff0e6e44ad99599cd5fd2846]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ programs/util.c | 38 +++++++++++++++++++-------------------
+ 1 file changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/programs/util.c b/programs/util.c
+index f53eb03fbe..b874344c4d 100644
+--- a/programs/util.c
++++ b/programs/util.c
+@@ -870,30 +870,30 @@ static const char * trimPath(const char *pathname)
+ 
+ static char* mallocAndJoin2Dir(const char *dir1, const char *dir2)
+ {
+-    const size_t dir1Size = strlen(dir1);
+-    const size_t dir2Size = strlen(dir2);
+-    char *outDirBuffer, *buffer, trailingChar;
+-
+     assert(dir1 != NULL && dir2 != NULL);
+-    outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
+-    CONTROL(outDirBuffer != NULL);
++    {   const size_t dir1Size = strlen(dir1);
++        const size_t dir2Size = strlen(dir2);
++        char *outDirBuffer, *buffer;
+ 
+-    memcpy(outDirBuffer, dir1, dir1Size);
+-    outDirBuffer[dir1Size] = '\0';
++        outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
++        CONTROL(outDirBuffer != NULL);
+ 
+-    if (dir2[0] == '.')
+-        return outDirBuffer;
++        memcpy(outDirBuffer, dir1, dir1Size);
++        outDirBuffer[dir1Size] = '\0';
+ 
+-    buffer = outDirBuffer + dir1Size;
+-    trailingChar = *(buffer - 1);
+-    if (trailingChar != PATH_SEP) {
+-        *buffer = PATH_SEP;
+-        buffer++;
+-    }
+-    memcpy(buffer, dir2, dir2Size);
+-    buffer[dir2Size] = '\0';
++        if (dir2[0] == '.')
++            return outDirBuffer;
+ 
+-    return outDirBuffer;
++        buffer = outDirBuffer + dir1Size;
++        if (dir1Size > 0 && *(buffer - 1) != PATH_SEP) {
++            *buffer = PATH_SEP;
++            buffer++;
++        }
++        memcpy(buffer, dir2, dir2Size);
++        buffer[dir2Size] = '\0';
++
++        return outDirBuffer;
++    }
+ }
+ 
+ /* this function will return NULL if input srcFileName is not valid name for mirrored output path */
diff --git a/meta/recipes-extended/zstd/zstd/CVE-2022-4899-2.patch b/meta/recipes-extended/zstd/zstd/CVE-2022-4899-2.patch
new file mode 100644
index 0000000000..15dcda5ddc
--- /dev/null
+++ b/meta/recipes-extended/zstd/zstd/CVE-2022-4899-2.patch
@@ -0,0 +1,83 @@
+From f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa Mon Sep 17 00:00:00 2001
+From: Elliot Gorokhovsky <embg@fb.com>
+Date: Fri, 29 Jul 2022 14:44:22 -0700
+Subject: [PATCH 2/2] Disallow empty output directory
+
+CVE: CVE-2022-4899
+Upstream-Status: Backport [https://github.com/facebook/zstd/pull/3220/commits/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ programs/zstdcli.c                             | 18 ++++++++++++++++--
+ tests/cli-tests/basic/output_dir.sh            |  7 +++++++
+ .../cli-tests/basic/output_dir.sh.stderr.exact |  2 ++
+ .../cli-tests/basic/output_dir.sh.stdout.exact |  2 ++
+ 4 files changed, 27 insertions(+), 2 deletions(-)
+ create mode 100755 tests/cli-tests/basic/output_dir.sh
+ create mode 100644 tests/cli-tests/basic/output_dir.sh.stderr.exact
+ create mode 100644 tests/cli-tests/basic/output_dir.sh.stdout.exact
+
+diff --git a/programs/zstdcli.c b/programs/zstdcli.c
+index fbacb908a9..1143ac3fe8 100644
+--- a/programs/zstdcli.c
++++ b/programs/zstdcli.c
+@@ -990,7 +990,14 @@ int main(int argCount, const char* argv[])
+                 if (longCommandWArg(&argument, "--stream-size=")) { streamSrcSize = readSizeTFromChar(&argument); continue; }
+                 if (longCommandWArg(&argument, "--target-compressed-block-size=")) { targetCBlockSize = readSizeTFromChar(&argument); continue; }
+                 if (longCommandWArg(&argument, "--size-hint=")) { srcSizeHint = readSizeTFromChar(&argument); continue; }
+-                if (longCommandWArg(&argument, "--output-dir-flat")) { NEXT_FIELD(outDirName); continue; }
++                if (longCommandWArg(&argument, "--output-dir-flat")) {
++                    NEXT_FIELD(outDirName);
++                    if (strlen(outDirName) == 0) {
++                        DISPLAY("error: output dir cannot be empty string (did you mean to pass '.' instead?)\n");
++                        CLEAN_RETURN(1);
++                    }
++                    continue;
++                }
+ #ifdef ZSTD_MULTITHREAD
+                 if (longCommandWArg(&argument, "--auto-threads")) {
+                     const char* threadDefault = NULL;
+@@ -1001,7 +1008,14 @@ int main(int argCount, const char* argv[])
+                 }
+ #endif
+ #ifdef UTIL_HAS_MIRRORFILELIST
+-                if (longCommandWArg(&argument, "--output-dir-mirror")) { NEXT_FIELD(outMirroredDirName); continue; }
++                if (longCommandWArg(&argument, "--output-dir-mirror")) {
++                    NEXT_FIELD(outMirroredDirName);
++                    if (strlen(outMirroredDirName) == 0) {
++                        DISPLAY("error: output dir cannot be empty string (did you mean to pass '.' instead?)\n");
++                        CLEAN_RETURN(1);
++                    }
++                    continue;
++                }
+ #endif
+ #ifndef ZSTD_NOTRACE
+                 if (longCommandWArg(&argument, "--trace")) { char const* traceFile; NEXT_FIELD(traceFile); TRACE_enable(traceFile); continue; }
+diff --git a/tests/cli-tests/basic/output_dir.sh b/tests/cli-tests/basic/output_dir.sh
+new file mode 100755
+index 0000000000..a8819d2926
+--- /dev/null
++++ b/tests/cli-tests/basic/output_dir.sh
+@@ -0,0 +1,7 @@
++#!/bin/sh
++
++println "+ zstd -r * --output-dir-mirror=\"\""
++zstd -r * --output-dir-mirror="" && die "Should not allow empty output dir!"
++println "+ zstd -r * --output-dir-flat=\"\""
++zstd -r * --output-dir-flat="" && die "Should not allow empty output dir!"
++exit 0
+diff --git a/tests/cli-tests/basic/output_dir.sh.stderr.exact b/tests/cli-tests/basic/output_dir.sh.stderr.exact
+new file mode 100644
+index 0000000000..e12b50427c
+--- /dev/null
++++ b/tests/cli-tests/basic/output_dir.sh.stderr.exact
+@@ -0,0 +1,2 @@
++error: output dir cannot be empty string (did you mean to pass '.' instead?)
++error: output dir cannot be empty string (did you mean to pass '.' instead?)
+diff --git a/tests/cli-tests/basic/output_dir.sh.stdout.exact b/tests/cli-tests/basic/output_dir.sh.stdout.exact
+new file mode 100644
+index 0000000000..1e478cd753
+--- /dev/null
++++ b/tests/cli-tests/basic/output_dir.sh.stdout.exact
+@@ -0,0 +1,2 @@
+++ zstd -r * --output-dir-mirror=""
+++ zstd -r * --output-dir-flat=""
diff --git a/meta/recipes-extended/zstd/zstd_1.5.2.bb b/meta/recipes-extended/zstd/zstd_1.5.2.bb
index 591e823049..63bf0d3fb9 100644
--- a/meta/recipes-extended/zstd/zstd_1.5.2.bb
+++ b/meta/recipes-extended/zstd/zstd_1.5.2.bb
@@ -9,7 +9,10 @@ LICENSE = "BSD-3-Clause | GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \
                     file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0"
 
-SRC_URI = "git://github.com/facebook/zstd.git;branch=release;protocol=https"
+SRC_URI = "git://github.com/facebook/zstd.git;branch=release;protocol=https \
+    file://CVE-2022-4899-1.patch \
+    file://CVE-2022-4899-2.patch \
+"
 
 SRCREV = "e47e674cd09583ff0503f0f6defd6d23d8b718d3"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
-- 
2.34.1

[OE-core][kirkstone 2/5] cve_check: Use a local copy of the database during builds

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Rtaher than trying to use a sqlite database over NFS from DL_DIR, work from
a local copy in STAGING DIR after fetching.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03596904392d257572a905a182b92c780d636744)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass                 |  7 ++++---
 .../meta/cve-update-nvd2-native.bb             | 18 +++++++++++++-----
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index dd9847f366..ac13b0a863 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -25,8 +25,9 @@
 CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
-CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-2.db"
+CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db"
+CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}"
 CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -157,7 +158,7 @@ python do_cve_check () {
 }
 
 addtask cve_check before do_build
-do_cve_check[depends] = "cve-update-nvd2-native:do_fetch"
+do_cve_check[depends] = "cve-update-nvd2-native:do_unpack"
 do_cve_check[nostamp] = "1"
 
 python cve_check_cleanup () {
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index b4c46ef756..dc742df06d 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -8,7 +8,6 @@ INHIBIT_DEFAULT_DEPS = "1"
 
 inherit native
 
-deltask do_unpack
 deltask do_patch
 deltask do_configure
 deltask do_compile
@@ -35,7 +34,9 @@ CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000"
 # Number of attempts for each http query to nvd server before giving up
 CVE_DB_UPDATE_ATTEMPTS ?= "5"
 
-CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
+CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK/${CVE_CHECK_DB_FILENAME}"
+CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock"
+CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp"
 
 python () {
     if not bb.data.inherits_class("cve-check", d):
@@ -52,9 +53,9 @@ python do_fetch() {
 
     bb.utils.export_proxies(d)
 
-    db_file = d.getVar("CVE_CHECK_DB_FILE")
+    db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE")
     db_dir = os.path.dirname(db_file)
-    db_tmp_file = d.getVar("CVE_DB_TEMP_FILE")
+    db_tmp_file = d.getVar("CVE_CHECK_DB_TEMP_FILE")
 
     cleanup_db_download(db_file, db_tmp_file)
     # By default let's update the whole database (since time 0)
@@ -77,6 +78,7 @@ python do_fetch() {
         pass
 
     bb.utils.mkdirhier(db_dir)
+    bb.utils.mkdirhier(os.path.dirname(db_tmp_file))
     if os.path.exists(db_file):
         shutil.copy2(db_file, db_tmp_file)
 
@@ -89,10 +91,16 @@ python do_fetch() {
         os.remove(db_tmp_file)
 }
 
-do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}"
 do_fetch[file-checksums] = ""
 do_fetch[vardeps] = ""
 
+python do_unpack() {
+    import shutil
+    shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE"))
+}
+do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}"
+
 def cleanup_db_download(db_file, db_tmp_file):
     """
     Cleanup the download space from possible failed downloads
-- 
2.34.1

[OE-core][kirkstone 3/5] gcc: restore a patch for Neoverse N2 core

[Steve Sakoman]

From: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>

Commit 7806e21e7d47 ("gcc: upgrade to v11.5") removed one patch named
0001-aarch64-Update-Neoverse-N2-core-defini.patch by mistake, this will
cause the Neoverse N2 core to be identified as the armv8.5 architecture,
restore this patch to avoid related compilation issues.

Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-11.5.inc        |  1 +
 ...4-Update-Neoverse-N2-core-definition.patch | 40 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-definition.patch

diff --git a/meta/recipes-devtools/gcc/gcc-11.5.inc b/meta/recipes-devtools/gcc/gcc-11.5.inc
index 5d29b8e61e..f17ec9da5c 100644
--- a/meta/recipes-devtools/gcc/gcc-11.5.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.5.inc
@@ -65,6 +65,7 @@ SRC_URI = "\
            file://0003-CVE-2021-42574.patch \
            file://0004-CVE-2021-42574.patch \
            file://0001-CVE-2021-46195.patch \
+           file://0001-aarch64-Update-Neoverse-N2-core-definition.patch \
 	   file://0002-aarch64-add-armv9-a-to-march.patch \
 	   file://0003-aarch64-Enable-FP16-feature-by-default-for-Armv9.patch \
 	   file://0004-arm-add-armv9-a-architecture-to-march.patch \
diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-definition.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-definition.patch
new file mode 100644
index 0000000000..4159042ebb
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-definition.patch
@@ -0,0 +1,40 @@
+From 30ade014c7b7d22a2a26697b5a2079a278ea560d Mon Sep 17 00:00:00 2001
+From: Andre Vieira <andre.simoesdiasvieira@arm.com>
+Date: Thu, 8 Sep 2022 06:02:18 +0000
+Subject: [PATCH] aarch64: Update Neoverse N2 core definition
+
+commit 9f37d31324f89d0b7b2abac988a976d121ae29c6 from upstream.
+
+gcc/ChangeLog:
+
+        * config/aarch64/aarch64-cores.def: Update Neoverse N2 core entry.
+
+Upstream-Status: Backport
+Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
+---
+ gcc/config/aarch64/aarch64-cores.def | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-cores.def
+index 0243e3d4d..722f3e64e 100644
+--- a/gcc/config/aarch64/aarch64-cores.def
++++ b/gcc/config/aarch64/aarch64-cores.def
+@@ -147,7 +147,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A,  AARCH64_FL_FOR
+ AARCH64_CORE("saphira",     saphira,    saphira,    8_4A,  AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO, saphira,   0x51, 0xC01, -1)
+ 
+ /* Armv8.5-A Architecture Processors.  */
+-AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1)
+ AARCH64_CORE("cobalt-100",   cobalt100, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x6d, 0xd49, -1)
+ AARCH64_CORE("neoverse-v2", neoversev2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoverse512tvb, 0x41, 0xd4f, -1)
+ AARCH64_CORE("grace", grace, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_CRYPTO | AARCH64_FL_SHA3 | AARCH64_FL_SM4 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_SVE2_AES | AARCH64_FL_SVE2_SM4 | AARCH64_FL_SVE2_SHA3, neoverse512tvb, 0x41, 0xd4f, -1)
+@@ -167,4 +166,7 @@ AARCH64_CORE("cortex-a76.cortex-a55",  cortexa76cortexa55, cortexa53, 8_2A,  AAR
+ /* Armv8-R Architecture Processors.  */
+ AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1)
+ 
++/* Armv9-A Architecture Processors. */
++AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1)
++
+ #undef AARCH64_CORE
+-- 
+2.46.2
+
-- 
2.34.1

[OE-core][kirkstone 4/5] package: Switch debug source handling to use prefix map

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Reproducible builds are no longer a configuration option but are required.
We also rely on the prefix mapping capability of the compilers now.

As such, rewrite the source locating code to use the prefix maps instead
of taking a guess about WORKDIR which isn't correct for kernels, gcc,
externalsrc and probably more.

Instead, iterate the maps to locate any matching source code, keeping
in mind that multiple maps may map to one target location.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cbd6144a9769d21371ae0fe04db2adc05f6eed02)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package.bbclass | 68 +++++++++++++++---------------------
 1 file changed, 28 insertions(+), 40 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 67351b2510..07bf5eb426 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -574,26 +574,16 @@ def copydebugsources(debugsrcdir, sources, d):
         objcopy = d.getVar("OBJCOPY")
         workdir = d.getVar("WORKDIR")
         sdir = d.getVar("S")
-        sparentdir = os.path.dirname(os.path.dirname(sdir))
-        sbasedir = os.path.basename(os.path.dirname(sdir)) + "/" + os.path.basename(sdir)
-        workparentdir = os.path.dirname(os.path.dirname(workdir))
-        workbasedir = os.path.basename(os.path.dirname(workdir)) + "/" + os.path.basename(workdir)
-
-        # If S isnt based on WORKDIR we can infer our sources are located elsewhere,
-        # e.g. using externalsrc; use S as base for our dirs
-        if workdir in sdir or 'work-shared' in sdir:
-            basedir = workbasedir
-            parentdir = workparentdir
-        else:
-            basedir = sbasedir
-            parentdir = sparentdir
+        cflags = d.expand("${CFLAGS}")
 
-        # If build path exists in sourcefile, it means toolchain did not use
-        # -fdebug-prefix-map to compile
-        if checkbuildpath(sourcefile, d):
-            localsrc_prefix = parentdir + "/"
-        else:
-            localsrc_prefix = "/usr/src/debug/"
+        prefixmap = {}
+        for flag in cflags.split():
+            if not flag.startswith("-fdebug-prefix-map"):
+                continue
+            if "recipe-sysroot" in flag:
+                continue
+            flag = flag.split("=")
+            prefixmap[flag[1]] = flag[2]
 
         nosuchdir = []
         basepath = dvar
@@ -604,28 +594,26 @@ def copydebugsources(debugsrcdir, sources, d):
         bb.utils.mkdirhier(basepath)
         cpath.updatecache(basepath)
 
-        # Ignore files from the recipe sysroots (target and native)
-        processdebugsrc =  "LC_ALL=C ; sort -z -u '%s' | egrep -v -z '((<internal>|<built-in>)$|/.*recipe-sysroot.*/)' | "
-        # We need to ignore files that are not actually ours
-        # we do this by only paying attention to items from this package
-        processdebugsrc += "fgrep -zw '%s' | "
-        # Remove prefix in the source paths
-        processdebugsrc += "sed 's#%s##g' | "
-        processdebugsrc += "(cd '%s' ; cpio -pd0mlL --no-preserve-owner '%s%s' 2>/dev/null)"
-
-        cmd = processdebugsrc % (sourcefile, basedir, localsrc_prefix, parentdir, dvar, debugsrcdir)
-        try:
-            subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
-        except subprocess.CalledProcessError:
-            # Can "fail" if internal headers/transient sources are attempted
-            pass
-
-        # cpio seems to have a bug with -lL together and symbolic links are just copied, not dereferenced.
-        # Work around this by manually finding and copying any symbolic links that made it through.
-        cmd = "find %s%s -type l -print0 -delete | sed s#%s%s/##g | (cd '%s' ; cpio -pd0mL --no-preserve-owner '%s%s')" % \
-                (dvar, debugsrcdir, dvar, debugsrcdir, parentdir, dvar, debugsrcdir)
-        subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+        for pmap in prefixmap:
+            # Ignore files from the recipe sysroots (target and native)
+            cmd =  "LC_ALL=C ; sort -z -u '%s' | egrep -v -z '((<internal>|<built-in>)$|/.*recipe-sysroot.*/)' | " % sourcefile
+            # We need to ignore files that are not actually ours
+            # we do this by only paying attention to items from this package
+            cmd += "fgrep -zw '%s' | " % prefixmap[pmap]
+            # Remove prefix in the source paths
+            cmd += "sed 's#%s/##g' | " % (prefixmap[pmap])
+            cmd += "(cd '%s' ; cpio -pd0mlL --no-preserve-owner '%s%s' 2>/dev/null)" % (pmap, dvar, prefixmap[pmap])
 
+            try:
+                subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+            except subprocess.CalledProcessError:
+                # Can "fail" if internal headers/transient sources are attempted
+                pass
+            # cpio seems to have a bug with -lL together and symbolic links are just copied, not dereferenced.
+            # Work around this by manually finding and copying any symbolic links that made it through.
+            cmd = "find %s%s -type l -print0 -delete | sed s#%s%s/##g | (cd '%s' ; cpio -pd0mL --no-preserve-owner '%s%s')" % \
+                    (dvar, prefixmap[pmap], dvar, prefixmap[pmap], pmap, dvar, prefixmap[pmap])
+            subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
 
         # debugsources.list may be polluted from the host if we used externalsrc,
         # cpio uses copy-pass and may have just created a directory structure
-- 
2.34.1

[OE-core][kirkstone 5/5] xmlto: backport a patch to fix build with gcc-14 on host

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* need to add dependency on flex-native because now when the
  .l file is modified by the .patch file it will try to regenerate
  the c code and fail:

| make[1]: Entering directory 'work/x86_64-linux/xmlto-native/0.0.28-r0/build'
| /bin/bash ../xmlto-0.0.28/ylwrap ../xmlto-0.0.28/xmlif/xmlif.l .c xmlif/xmlif.c -- /bin/bash 'work/x86_64-linux/xmlto-native/0.0.28-r0/xmlto-0.0.28/missing' flex
| work/x86_64-linux/xmlto-native/0.0.28-r0/xmlto-0.0.28/missing: line 81: flex: command not found
| WARNING: 'flex' is missing on your system.
|          You should only need it if you modified a '.l' file.
|          You may want to install the Fast Lexical Analyzer package:
|          <https://github.com/westes/flex>

* backport
  https://pagure.io/xmlto/c/32376c053733c6c0ebaca3c25c0725509342fdf3?branch=master
  as well, so that patched xmlif/xmlif.c is newer than xmlif/xmlif.l and the build
  won't try to regenerate it with flex as that leads to random build failures reported
  in:
  https://lists.openembedded.org/g/openembedded-core/message/206412
  https://errors.yoctoproject.org/Errors/Details/810853/
  https://lists.openembedded.org/g/openembedded-core/message/206496
  https://valkyrie.yoctoproject.org/#/builders/29/builds/355

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...001-Fix-return-type-of-main-function.patch |   42 +
 ...mlif.c-and-update-xmlif.l-to-comply-.patch | 1259 +++++++++++++++++
 .../0001-fix-Wimplicit-int-for-ifsense.patch  |   33 +
 meta/recipes-devtools/xmlto/xmlto_0.0.28.bb   |   10 +
 4 files changed, 1344 insertions(+)
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Fix-return-type-of-main-function.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch
 create mode 100644 meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-fix-Wimplicit-int-for-ifsense.patch

diff --git a/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Fix-return-type-of-main-function.patch b/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Fix-return-type-of-main-function.patch
new file mode 100644
index 0000000000..f28f1fb56a
--- /dev/null
+++ b/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Fix-return-type-of-main-function.patch
@@ -0,0 +1,42 @@
+From 6347e1b9da2140acdd55e3e7ac1199456793e17c Mon Sep 17 00:00:00 2001
+From: Thomas Kuehne <thomas@kuehne.cn>
+Date: Sat, 11 Dec 2021 20:56:00 +0000
+Subject: [PATCH] Fix return type of main function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes:
+xmlif/xmlif.l:242:1: warning: return type defaults to ‘int’ [-Wimplicit-int]
+  242 | main(int argc, char *argv[])
+      | ^~~~
+
+Signed-off-by: Thomas Kuehne <thomas@kuehne.cn>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [v0.0.29 https://pagure.io/xmlto/c/8e34f087bf410bcc5fe445933d6ad9bae54f24b5?branch=master]
+---
+ xmlif/xmlif.l | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xmlif/xmlif.l b/xmlif/xmlif.l
+index ac42136..78a62bc 100644
+--- a/xmlif/xmlif.l
++++ b/xmlif/xmlif.l
+@@ -239,7 +239,7 @@ WS		[ \t\n]*
+ 
+ int yywrap() {exit(0);};
+ 
+-main(int argc, char *argv[])
++int main(int argc, char *argv[])
+ {
+     int i;
+ 
+@@ -265,7 +265,7 @@ main(int argc, char *argv[])
+ 	    exit(1);
+ 	}
+ 
+-    yylex();
++    return yylex();
+ }
+ 
+ /*
diff --git a/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch b/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch
new file mode 100644
index 0000000000..2e5344158c
--- /dev/null
+++ b/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch
@@ -0,0 +1,1259 @@
+From 32376c053733c6c0ebaca3c25c0725509342fdf3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sloup?= <osloup@redhat.com>
+Date: Thu, 11 Apr 2024 18:09:37 +0200
+Subject: [PATCH] Regenerate the xmlif.c and update xmlif.l to comply with the
+ new version of flex and gcc
+
+Removes warnings in the build process
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [v0.0.29 https://pagure.io/xmlto/c/32376c053733c6c0ebaca3c25c0725509342fdf3?branch=master]
+---
+ xmlif/xmlif.c | 449 ++++++++++++++++++++++++++------------------------
+ xmlif/xmlif.l |   2 +-
+ 2 files changed, 232 insertions(+), 219 deletions(-)
+
+diff --git a/xmlif/xmlif.c b/xmlif/xmlif.c
+index 50aa1bc..1b87a9e 100644
+--- a/xmlif/xmlif.c
++++ b/xmlif/xmlif.c
+@@ -1,3 +1,4 @@
++#line 1 "xmlif/xmlif.c"
+ 
+ #line 3 "xmlif/xmlif.c"
+ 
+@@ -7,8 +8,8 @@
+ 
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+-#define YY_FLEX_MINOR_VERSION 5
+-#define YY_FLEX_SUBMINOR_VERSION 37
++#define YY_FLEX_MINOR_VERSION 6
++#define YY_FLEX_SUBMINOR_VERSION 4
+ #if YY_FLEX_SUBMINOR_VERSION > 0
+ #define FLEX_BETA
+ #endif
+@@ -83,65 +84,61 @@ typedef unsigned int flex_uint32_t;
+ #define UINT32_MAX             (4294967295U)
+ #endif
+ 
++#ifndef SIZE_MAX
++#define SIZE_MAX               (~(size_t)0)
++#endif
++
+ #endif /* ! C99 */
+ 
+ #endif /* ! FLEXINT_H */
+ 
+-#ifdef __cplusplus
+-
+-/* The "const" storage-class-modifier is valid. */
+-#define YY_USE_CONST
+-
+-#else	/* ! __cplusplus */
+-
+-/* C99 requires __STDC__ to be defined as 1. */
+-#if defined (__STDC__)
+-
+-#define YY_USE_CONST
+-
+-#endif	/* defined (__STDC__) */
+-#endif	/* ! __cplusplus */
++/* begin standard C++ headers. */
+ 
+-#ifdef YY_USE_CONST
++/* TODO: this is always defined, so inline it */
+ #define yyconst const
++
++#if defined(__GNUC__) && __GNUC__ >= 3
++#define yynoreturn __attribute__((__noreturn__))
+ #else
+-#define yyconst
++#define yynoreturn
+ #endif
+ 
+ /* Returned upon end-of-file. */
+ #define YY_NULL 0
+ 
+-/* Promotes a possibly negative, possibly signed char to an unsigned
+- * integer for use as an array index.  If the signed char is negative,
+- * we want to instead treat it as an 8-bit unsigned char, hence the
+- * double cast.
++/* Promotes a possibly negative, possibly signed char to an
++ *   integer in range [0..255] for use as an array index.
+  */
+-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
++#define YY_SC_TO_UI(c) ((YY_CHAR) (c))
+ 
+ /* Enter a start condition.  This macro really ought to take a parameter,
+  * but we do it the disgusting crufty way forced on us by the ()-less
+  * definition of BEGIN.
+  */
+ #define BEGIN (yy_start) = 1 + 2 *
+-
+ /* Translate the current start state into a value that can be later handed
+  * to BEGIN to return to the state.  The YYSTATE alias is for lex
+  * compatibility.
+  */
+ #define YY_START (((yy_start) - 1) / 2)
+ #define YYSTATE YY_START
+-
+ /* Action number for EOF rule of a given start state. */
+ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+-
+ /* Special action meaning "start processing a new file". */
+-#define YY_NEW_FILE yyrestart(yyin  )
+-
++#define YY_NEW_FILE yyrestart( yyin  )
+ #define YY_END_OF_BUFFER_CHAR 0
+ 
+ /* Size of default input buffer. */
+ #ifndef YY_BUF_SIZE
++#ifdef __ia64__
++/* On IA-64, the buffer size is 16k, not 8k.
++ * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
++ * Ditto for the __ia64__ case accordingly.
++ */
++#define YY_BUF_SIZE 32768
++#else
+ #define YY_BUF_SIZE 16384
++#endif /* __ia64__ */
+ #endif
+ 
+ /* The state buf must be large enough to hold one state per character in the main buffer.
+@@ -158,15 +155,16 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE;
+ typedef size_t yy_size_t;
+ #endif
+ 
+-extern yy_size_t yyleng;
++extern int yyleng;
+ 
+ extern FILE *yyin, *yyout;
+ 
+ #define EOB_ACT_CONTINUE_SCAN 0
+ #define EOB_ACT_END_OF_FILE 1
+ #define EOB_ACT_LAST_MATCH 2
+-
++    
+     #define YY_LESS_LINENO(n)
++    #define YY_LINENO_REWIND_TO(ptr)
+     
+ /* Return all but the first "n" matched characters back to the input stream. */
+ #define yyless(n) \
+@@ -181,7 +179,6 @@ extern FILE *yyin, *yyout;
+ 		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ 		} \
+ 	while ( 0 )
+-
+ #define unput(c) yyunput( c, (yytext_ptr)  )
+ 
+ #ifndef YY_STRUCT_YY_BUFFER_STATE
+@@ -196,12 +193,12 @@ struct yy_buffer_state
+ 	/* Size of input buffer in bytes, not including room for EOB
+ 	 * characters.
+ 	 */
+-	yy_size_t yy_buf_size;
++	int yy_buf_size;
+ 
+ 	/* Number of characters read into yy_ch_buf, not including EOB
+ 	 * characters.
+ 	 */
+-	yy_size_t yy_n_chars;
++	int yy_n_chars;
+ 
+ 	/* Whether we "own" the buffer - i.e., we know we created it,
+ 	 * and can realloc() it to grow it, and should free() it to
+@@ -224,7 +221,7 @@ struct yy_buffer_state
+ 
+     int yy_bs_lineno; /**< The line count. */
+     int yy_bs_column; /**< The column count. */
+-    
++
+ 	/* Whether to try to fill the input buffer when we reach the
+ 	 * end of it.
+ 	 */
+@@ -252,7 +249,7 @@ struct yy_buffer_state
+ /* Stack of input buffers. */
+ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
++static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */
+ 
+ /* We provide macros for accessing buffer states in case in the
+  * future we want to put the buffer states in a more general
+@@ -263,7 +260,6 @@ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+                           ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+                           : NULL)
+-
+ /* Same as previous macro, but useful when we know that the buffer stack is not
+  * NULL or when we need an lvalue. For internal use only.
+  */
+@@ -271,11 +267,11 @@ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+ 
+ /* yy_hold_char holds the character lost when yytext is formed. */
+ static char yy_hold_char;
+-static yy_size_t yy_n_chars;		/* number of characters read into yy_ch_buf */
+-yy_size_t yyleng;
++static int yy_n_chars;		/* number of characters read into yy_ch_buf */
++int yyleng;
+ 
+ /* Points to current character in buffer. */
+-static char *yy_c_buf_p = (char *) 0;
++static char *yy_c_buf_p = NULL;
+ static int yy_init = 0;		/* whether we need to initialize */
+ static int yy_start = 0;	/* start state number */
+ 
+@@ -284,82 +280,78 @@ static int yy_start = 0;	/* start state number */
+  */
+ static int yy_did_buffer_switch_on_eof;
+ 
+-void yyrestart (FILE *input_file  );
+-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
+-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
+-void yy_delete_buffer (YY_BUFFER_STATE b  );
+-void yy_flush_buffer (YY_BUFFER_STATE b  );
+-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
+-void yypop_buffer_state (void );
+-
+-static void yyensure_buffer_stack (void );
+-static void yy_load_buffer_state (void );
+-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
++void yyrestart ( FILE *input_file  );
++void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer  );
++YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size  );
++void yy_delete_buffer ( YY_BUFFER_STATE b  );
++void yy_flush_buffer ( YY_BUFFER_STATE b  );
++void yypush_buffer_state ( YY_BUFFER_STATE new_buffer  );
++void yypop_buffer_state ( void );
+ 
+-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
++static void yyensure_buffer_stack ( void );
++static void yy_load_buffer_state ( void );
++static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file  );
++#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER )
+ 
+-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
+-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
+-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len  );
++YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size  );
++YY_BUFFER_STATE yy_scan_string ( const char *yy_str  );
++YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len  );
+ 
+-void *yyalloc (yy_size_t  );
+-void *yyrealloc (void *,yy_size_t  );
+-void yyfree (void *  );
++void *yyalloc ( yy_size_t  );
++void *yyrealloc ( void *, yy_size_t  );
++void yyfree ( void *  );
+ 
+ #define yy_new_buffer yy_create_buffer
+-
+ #define yy_set_interactive(is_interactive) \
+ 	{ \
+ 	if ( ! YY_CURRENT_BUFFER ){ \
+         yyensure_buffer_stack (); \
+ 		YY_CURRENT_BUFFER_LVALUE =    \
+-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
++            yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ 	} \
+ 	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ 	}
+-
+ #define yy_set_bol(at_bol) \
+ 	{ \
+ 	if ( ! YY_CURRENT_BUFFER ){\
+         yyensure_buffer_stack (); \
+ 		YY_CURRENT_BUFFER_LVALUE =    \
+-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
++            yy_create_buffer( yyin, YY_BUF_SIZE ); \
+ 	} \
+ 	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ 	}
+-
+ #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+ 
+ /* Begin user sect3 */
++typedef flex_uint8_t YY_CHAR;
+ 
+-typedef unsigned char YY_CHAR;
+-
+-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
++FILE *yyin = NULL, *yyout = NULL;
+ 
+-typedef yyconst struct yy_trans_info *yy_state_type;
++typedef const struct yy_trans_info *yy_state_type;
+ 
+ extern int yylineno;
+-
+ int yylineno = 1;
+ 
+ extern char *yytext;
++#ifdef yytext_ptr
++#undef yytext_ptr
++#endif
+ #define yytext_ptr yytext
+ 
+-static yy_state_type yy_get_previous_state (void );
+-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
+-static int yy_get_next_buffer (void );
+-static void yy_fatal_error (yyconst char msg[]  );
++static yy_state_type yy_get_previous_state ( void );
++static yy_state_type yy_try_NUL_trans ( yy_state_type current_state  );
++static int yy_get_next_buffer ( void );
++static void yynoreturn yy_fatal_error ( const char* msg  );
+ 
+ /* Done after the current pattern has been matched and before the
+  * corresponding action - sets up yytext.
+  */
+ #define YY_DO_BEFORE_ACTION \
+ 	(yytext_ptr) = yy_bp; \
+-	yyleng = (size_t) (yy_cp - yy_bp); \
++	yyleng = (int) (yy_cp - yy_bp); \
+ 	(yy_hold_char) = *yy_cp; \
+ 	*yy_cp = '\0'; \
+ 	(yy_c_buf_p) = yy_cp;
+-
+ #define YY_NUM_RULES 13
+ #define YY_END_OF_BUFFER 14
+ struct yy_trans_info
+@@ -367,7 +359,7 @@ struct yy_trans_info
+ 	flex_int16_t yy_verify;
+ 	flex_int16_t yy_nxt;
+ 	};
+-static yyconst struct yy_trans_info yy_transition[3478] =
++static const struct yy_trans_info yy_transition[3478] =
+     {
+  {   0,   0 }, {   0,3222 }, {   0,   0 }, {   0,3220 }, {   1,1548 },
+  {   2,1548 }, {   3,1548 }, {   4,1548 }, {   5,1548 }, {   6,1548 },
+@@ -1079,7 +1071,7 @@ static yyconst struct yy_trans_info yy_transition[3478] =
+  {   0,   0 }, {   0,   0 }, {   0,   0 }, {   0,   0 }, {   0,   0 },
+  {   0,   0 }, {   0,   0 }, { 257,  14 }, {   1,   0 },    };
+ 
+-static yyconst struct yy_trans_info *yy_start_state_list[7] =
++static const struct yy_trans_info *yy_start_state_list[7] =
+     {
+     &yy_transition[1],
+     &yy_transition[3],
+@@ -1145,13 +1137,14 @@ char *yytext;
+  */
+ #include <string.h>
+ #include <stdlib.h>
++#include <strings.h>
+ 
+ #define TRUE	1
+ #define FALSE	0
+ 
+ static char **selections;	/* selection tokens */
+ static int nselections;		/* number of selections */
+-static ifsense;			/* sense of last `if' or unless seen */
++static int ifsense;		/* sense of last `if' or unless seen */
+ static char *attribute;		/* last attribute scanned */
+ 
+ struct stack_t {
+@@ -1301,8 +1294,9 @@ static void process_else()
+ }
+ 
+ 
++#line 1297 "xmlif/xmlif.c"
+ 
+-#line 1306 "xmlif/xmlif.c"
++#line 1299 "xmlif/xmlif.c"
+ 
+ #define INITIAL 0
+ #define attrib 1
+@@ -1320,36 +1314,36 @@ static void process_else()
+ #define YY_EXTRA_TYPE void *
+ #endif
+ 
+-static int yy_init_globals (void );
++static int yy_init_globals ( void );
+ 
+ /* Accessor methods to globals.
+    These are made visible to non-reentrant scanners for convenience. */
+ 
+-int yylex_destroy (void );
++int yylex_destroy ( void );
+ 
+-int yyget_debug (void );
++int yyget_debug ( void );
+ 
+-void yyset_debug (int debug_flag  );
++void yyset_debug ( int debug_flag  );
+ 
+-YY_EXTRA_TYPE yyget_extra (void );
++YY_EXTRA_TYPE yyget_extra ( void );
+ 
+-void yyset_extra (YY_EXTRA_TYPE user_defined  );
++void yyset_extra ( YY_EXTRA_TYPE user_defined  );
+ 
+-FILE *yyget_in (void );
++FILE *yyget_in ( void );
+ 
+-void yyset_in  (FILE * in_str  );
++void yyset_in  ( FILE * _in_str  );
+ 
+-FILE *yyget_out (void );
++FILE *yyget_out ( void );
+ 
+-void yyset_out  (FILE * out_str  );
++void yyset_out  ( FILE * _out_str  );
+ 
+-yy_size_t yyget_leng (void );
++			int yyget_leng ( void );
+ 
+-char *yyget_text (void );
++char *yyget_text ( void );
+ 
+-int yyget_lineno (void );
++int yyget_lineno ( void );
+ 
+-void yyset_lineno (int line_number  );
++void yyset_lineno ( int _line_number  );
+ 
+ /* Macros after this point can all be overridden by user definitions in
+  * section 1.
+@@ -1357,35 +1351,43 @@ void yyset_lineno (int line_number  );
+ 
+ #ifndef YY_SKIP_YYWRAP
+ #ifdef __cplusplus
+-extern "C" int yywrap (void );
++extern "C" int yywrap ( void );
+ #else
+-extern int yywrap (void );
++extern int yywrap ( void );
+ #endif
+ #endif
+ 
+-    static void yyunput (int c,char *buf_ptr  );
++#ifndef YY_NO_UNPUT
++    
++    static void yyunput ( int c, char *buf_ptr  );
+     
++#endif
++
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy (char *,yyconst char *,int );
++static void yy_flex_strncpy ( char *, const char *, int );
+ #endif
+ 
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen (yyconst char * );
++static int yy_flex_strlen ( const char * );
+ #endif
+ 
+ #ifndef YY_NO_INPUT
+-
+ #ifdef __cplusplus
+-static int yyinput (void );
++static int yyinput ( void );
+ #else
+-static int input (void );
++static int input ( void );
+ #endif
+ 
+ #endif
+ 
+ /* Amount of stuff to slurp up with each read. */
+ #ifndef YY_READ_BUF_SIZE
++#ifdef __ia64__
++/* On IA-64, the buffer size is 16k, not 8k */
++#define YY_READ_BUF_SIZE 16384
++#else
+ #define YY_READ_BUF_SIZE 8192
++#endif /* __ia64__ */
+ #endif
+ 
+ /* Copy whatever the last rule matched to the standard output. */
+@@ -1393,7 +1395,7 @@ static int input (void );
+ /* This used to be an fputs(), but since the string might contain NUL's,
+  * we now use fwrite().
+  */
+-#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)
++#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0)
+ #endif
+ 
+ /* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+@@ -1402,7 +1404,7 @@ static int input (void );
+ #ifndef YY_INPUT
+ #define YY_INPUT(buf,result,max_size) \
+ 	errno=0; \
+-	while ( (result = read( fileno(yyin), (char *) buf, max_size )) < 0 ) \
++	while ( (result = (int) read( fileno(yyin), buf, (yy_size_t) max_size )) < 0 ) \
+ 	{ \
+ 		if( errno != EINTR) \
+ 		{ \
+@@ -1456,7 +1458,7 @@ extern int yylex (void);
+ 
+ /* Code executed at the end of each rule. */
+ #ifndef YY_BREAK
+-#define YY_BREAK break;
++#define YY_BREAK /*LINTED*/break;
+ #endif
+ 
+ #define YY_RULE_SETUP \
+@@ -1466,14 +1468,10 @@ extern int yylex (void);
+  */
+ YY_DECL
+ {
+-	register yy_state_type yy_current_state;
+-	register char *yy_cp, *yy_bp;
+-	register int yy_act;
++	yy_state_type yy_current_state;
++	char *yy_cp, *yy_bp;
++	int yy_act;
+     
+-#line 207 "xmlif/xmlif.l"
+-
+-#line 1476 "xmlif/xmlif.c"
+-
+ 	if ( !(yy_init) )
+ 		{
+ 		(yy_init) = 1;
+@@ -1494,13 +1492,18 @@ YY_DECL
+ 		if ( ! YY_CURRENT_BUFFER ) {
+ 			yyensure_buffer_stack ();
+ 			YY_CURRENT_BUFFER_LVALUE =
+-				yy_create_buffer(yyin,YY_BUF_SIZE );
++				yy_create_buffer( yyin, YY_BUF_SIZE );
+ 		}
+ 
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ 		}
+ 
+-	while ( 1 )		/* loops until end-of-file is reached */
++	{
++#line 208 "xmlif/xmlif.l"
++
++#line 1504 "xmlif/xmlif.c"
++
++	while ( /*CONSTCOND*/1 )		/* loops until end-of-file is reached */
+ 		{
+ 		yy_cp = (yy_c_buf_p);
+ 
+@@ -1515,12 +1518,12 @@ YY_DECL
+ 		yy_current_state = yy_start_state_list[(yy_start)];
+ yy_match:
+ 		{
+-		register yyconst struct yy_trans_info *yy_trans_info;
++		const struct yy_trans_info *yy_trans_info;
+ 
+-		register YY_CHAR yy_c;
++		YY_CHAR yy_c;
+ 
+ 		for ( yy_c = YY_SC_TO_UI(*yy_cp);
+-		      (yy_trans_info = &yy_current_state[(unsigned int) yy_c])->
++		      (yy_trans_info = &yy_current_state[yy_c])->
+ 		yy_verify == yy_c;
+ 		      yy_c = YY_SC_TO_UI(*++yy_cp) )
+ 			{
+@@ -1553,58 +1556,58 @@ do_action:	/* This label is used only to access EOF actions. */
+ case 1:
+ /* rule 1 can match eol */
+ YY_RULE_SETUP
+-#line 208 "xmlif/xmlif.l"
++#line 209 "xmlif/xmlif.l"
+ {BEGIN(attrib); ifsense = FALSE; push_level();}
+ 	YY_BREAK
+ case 2:
+ /* rule 2 can match eol */
+ YY_RULE_SETUP
+-#line 209 "xmlif/xmlif.l"
++#line 210 "xmlif/xmlif.l"
+ {BEGIN(attrib); ifsense = TRUE;  push_level();}
+ 	YY_BREAK
+ case 3:
+ /* rule 3 can match eol */
+ YY_RULE_SETUP
+-#line 210 "xmlif/xmlif.l"
++#line 211 "xmlif/xmlif.l"
+ {BEGIN(attrib); ifsense = FALSE;}
+ 	YY_BREAK
+ case 4:
+ /* rule 4 can match eol */
+ YY_RULE_SETUP
+-#line 211 "xmlif/xmlif.l"
++#line 212 "xmlif/xmlif.l"
+ {BEGIN(attrib); ifsense = TRUE;}
+ 	YY_BREAK
+ case 5:
+ /* rule 5 can match eol */
+ YY_RULE_SETUP
+-#line 212 "xmlif/xmlif.l"
++#line 213 "xmlif/xmlif.l"
+ {process_else();}
+ 	YY_BREAK
+ case 6:
+ /* rule 6 can match eol */
+ YY_RULE_SETUP
+-#line 214 "xmlif/xmlif.l"
++#line 215 "xmlif/xmlif.l"
+ {pop_level();}
+ 	YY_BREAK
+ case 7:
+ YY_RULE_SETUP
+-#line 216 "xmlif/xmlif.l"
++#line 217 "xmlif/xmlif.l"
+ {stash_attribute(yytext);}
+ 	YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 217 "xmlif/xmlif.l"
++#line 218 "xmlif/xmlif.l"
+ {BEGIN(val);}
+ 	YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 218 "xmlif/xmlif.l"
++#line 219 "xmlif/xmlif.l"
+ {BEGIN(INITIAL); end_attribute();}
+ 	YY_BREAK
+ case 10:
+ /* rule 10 can match eol */
+ YY_RULE_SETUP
+-#line 219 "xmlif/xmlif.l"
++#line 220 "xmlif/xmlif.l"
+ {
+ 				    yytext[strlen(yytext)-1]='\0';
+ 				    process_value(yytext+1);
+@@ -1613,7 +1616,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 224 "xmlif/xmlif.l"
++#line 225 "xmlif/xmlif.l"
+ {
+ 				    fprintf(stderr,
+ 					"xmlif: > where value expected\n");
+@@ -1622,7 +1625,7 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 230 "xmlif/xmlif.l"
++#line 231 "xmlif/xmlif.l"
+ {
+ 				    if (!end->suppressed)
+ 					putchar(yytext[0]);
+@@ -1630,10 +1633,10 @@ YY_RULE_SETUP
+ 	YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 235 "xmlif/xmlif.l"
++#line 236 "xmlif/xmlif.l"
+ ECHO;
+ 	YY_BREAK
+-#line 1637 "xmlif/xmlif.c"
++#line 1639 "xmlif/xmlif.c"
+ case YY_STATE_EOF(INITIAL):
+ case YY_STATE_EOF(attrib):
+ case YY_STATE_EOF(val):
+@@ -1713,7 +1716,7 @@ case YY_STATE_EOF(val):
+ 				{
+ 				(yy_did_buffer_switch_on_eof) = 0;
+ 
+-				if ( yywrap( ) )
++				if ( yywrap(  ) )
+ 					{
+ 					/* Note: because we've taken care in
+ 					 * yy_get_next_buffer() to have set up
+@@ -1766,6 +1769,7 @@ case YY_STATE_EOF(val):
+ 			"fatal flex scanner internal error--no action found" );
+ 	} /* end of action switch */
+ 		} /* end of scanning one token */
++	} /* end of user's declarations */
+ } /* end of yylex */
+ 
+ /* yy_get_next_buffer - try to read in a new buffer
+@@ -1777,9 +1781,9 @@ case YY_STATE_EOF(val):
+  */
+ static int yy_get_next_buffer (void)
+ {
+-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+-	register char *source = (yytext_ptr);
+-	register int number_to_move, i;
++    	char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
++	char *source = (yytext_ptr);
++	int number_to_move, i;
+ 	int ret_val;
+ 
+ 	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+@@ -1808,7 +1812,7 @@ static int yy_get_next_buffer (void)
+ 	/* Try to read more data. */
+ 
+ 	/* First move last chars to start of buffer. */
+-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
++	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1);
+ 
+ 	for ( i = 0; i < number_to_move; ++i )
+ 		*(dest++) = *(source++);
+@@ -1821,7 +1825,7 @@ static int yy_get_next_buffer (void)
+ 
+ 	else
+ 		{
+-			yy_size_t num_to_read =
++			int num_to_read =
+ 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+ 
+ 		while ( num_to_read <= 0 )
+@@ -1835,7 +1839,7 @@ static int yy_get_next_buffer (void)
+ 
+ 			if ( b->yy_is_our_buffer )
+ 				{
+-				yy_size_t new_size = b->yy_buf_size * 2;
++				int new_size = b->yy_buf_size * 2;
+ 
+ 				if ( new_size <= 0 )
+ 					b->yy_buf_size += b->yy_buf_size / 8;
+@@ -1844,11 +1848,12 @@ static int yy_get_next_buffer (void)
+ 
+ 				b->yy_ch_buf = (char *)
+ 					/* Include room in for 2 EOB chars. */
+-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
++					yyrealloc( (void *) b->yy_ch_buf,
++							 (yy_size_t) (b->yy_buf_size + 2)  );
+ 				}
+ 			else
+ 				/* Can't grow it, we don't own it. */
+-				b->yy_ch_buf = 0;
++				b->yy_ch_buf = NULL;
+ 
+ 			if ( ! b->yy_ch_buf )
+ 				YY_FATAL_ERROR(
+@@ -1876,7 +1881,7 @@ static int yy_get_next_buffer (void)
+ 		if ( number_to_move == YY_MORE_ADJ )
+ 			{
+ 			ret_val = EOB_ACT_END_OF_FILE;
+-			yyrestart(yyin  );
++			yyrestart( yyin  );
+ 			}
+ 
+ 		else
+@@ -1890,12 +1895,15 @@ static int yy_get_next_buffer (void)
+ 	else
+ 		ret_val = EOB_ACT_CONTINUE_SCAN;
+ 
+-	if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
++	if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
+ 		/* Extend the array by 50%, plus the number we really need. */
+-		yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
+-		YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size  );
++		int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
++		YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc(
++			(void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size  );
+ 		if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ 			YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
++		/* "- 2" to take care of EOB's */
++		YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2);
+ 	}
+ 
+ 	(yy_n_chars) += number_to_move;
+@@ -1911,8 +1919,8 @@ static int yy_get_next_buffer (void)
+ 
+     static yy_state_type yy_get_previous_state (void)
+ {
+-	register yy_state_type yy_current_state;
+-	register char *yy_cp;
++	yy_state_type yy_current_state;
++	char *yy_cp;
+     
+ 	yy_current_state = yy_start_state_list[(yy_start)];
+ 
+@@ -1936,11 +1944,11 @@ static int yy_get_next_buffer (void)
+  */
+     static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
+ {
+-	register int yy_is_jam;
+-    	register char *yy_cp = (yy_c_buf_p);
++	int yy_is_jam;
++    	char *yy_cp = (yy_c_buf_p);
+ 
+-	register int yy_c = 256;
+-	register yyconst struct yy_trans_info *yy_trans_info;
++	int yy_c = 256;
++	const struct yy_trans_info *yy_trans_info;
+ 
+ 	yy_trans_info = &yy_current_state[(unsigned int) yy_c];
+ 	yy_current_state += yy_trans_info->yy_nxt;
+@@ -1958,9 +1966,11 @@ static int yy_get_next_buffer (void)
+ 		return yy_is_jam ? 0 : yy_current_state;
+ }
+ 
+-    static void yyunput (int c, register char * yy_bp )
++#ifndef YY_NO_UNPUT
++
++    static void yyunput (int c, char * yy_bp )
+ {
+-	register char *yy_cp;
++	char *yy_cp;
+     
+     yy_cp = (yy_c_buf_p);
+ 
+@@ -1970,10 +1980,10 @@ static int yy_get_next_buffer (void)
+ 	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ 		{ /* need to shift things up to make room */
+ 		/* +2 for EOB chars. */
+-		register yy_size_t number_to_move = (yy_n_chars) + 2;
+-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
++		int number_to_move = (yy_n_chars) + 2;
++		char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ 					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+-		register char *source =
++		char *source =
+ 				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+ 
+ 		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+@@ -1982,7 +1992,7 @@ static int yy_get_next_buffer (void)
+ 		yy_cp += (int) (dest - source);
+ 		yy_bp += (int) (dest - source);
+ 		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
++			(yy_n_chars) = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+ 
+ 		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ 			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+@@ -1995,6 +2005,8 @@ static int yy_get_next_buffer (void)
+ 	(yy_c_buf_p) = yy_cp;
+ }
+ 
++#endif
++
+ #ifndef YY_NO_INPUT
+ #ifdef __cplusplus
+     static int yyinput (void)
+@@ -2019,7 +2031,7 @@ static int yy_get_next_buffer (void)
+ 
+ 		else
+ 			{ /* need more input */
+-			yy_size_t offset = (yy_c_buf_p) - (yytext_ptr);
++			int offset = (int) ((yy_c_buf_p) - (yytext_ptr));
+ 			++(yy_c_buf_p);
+ 
+ 			switch ( yy_get_next_buffer(  ) )
+@@ -2036,14 +2048,14 @@ static int yy_get_next_buffer (void)
+ 					 */
+ 
+ 					/* Reset buffer status. */
+-					yyrestart(yyin );
++					yyrestart( yyin );
+ 
+ 					/*FALLTHROUGH*/
+ 
+ 				case EOB_ACT_END_OF_FILE:
+ 					{
+-					if ( yywrap( ) )
+-						return EOF;
++					if ( yywrap(  ) )
++						return 0;
+ 
+ 					if ( ! (yy_did_buffer_switch_on_eof) )
+ 						YY_NEW_FILE;
+@@ -2080,11 +2092,11 @@ static int yy_get_next_buffer (void)
+ 	if ( ! YY_CURRENT_BUFFER ){
+         yyensure_buffer_stack ();
+ 		YY_CURRENT_BUFFER_LVALUE =
+-            yy_create_buffer(yyin,YY_BUF_SIZE );
++            yy_create_buffer( yyin, YY_BUF_SIZE );
+ 	}
+ 
+-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+-	yy_load_buffer_state( );
++	yy_init_buffer( YY_CURRENT_BUFFER, input_file );
++	yy_load_buffer_state(  );
+ }
+ 
+ /** Switch to a different input buffer.
+@@ -2112,7 +2124,7 @@ static int yy_get_next_buffer (void)
+ 		}
+ 
+ 	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+-	yy_load_buffer_state( );
++	yy_load_buffer_state(  );
+ 
+ 	/* We don't actually know whether we did this switch during
+ 	 * EOF (yywrap()) processing, but the only time this flag
+@@ -2140,7 +2152,7 @@ static void yy_load_buffer_state  (void)
+ {
+ 	YY_BUFFER_STATE b;
+     
+-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
++	b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state )  );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ 
+@@ -2149,13 +2161,13 @@ static void yy_load_buffer_state  (void)
+ 	/* yy_ch_buf has to be 2 characters longer than the size given because
+ 	 * we need to put in 2 end-of-buffer characters.
+ 	 */
+-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
++	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2)  );
+ 	if ( ! b->yy_ch_buf )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+ 
+ 	b->yy_is_our_buffer = 1;
+ 
+-	yy_init_buffer(b,file );
++	yy_init_buffer( b, file );
+ 
+ 	return b;
+ }
+@@ -2174,9 +2186,9 @@ static void yy_load_buffer_state  (void)
+ 		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+ 
+ 	if ( b->yy_is_our_buffer )
+-		yyfree((void *) b->yy_ch_buf  );
++		yyfree( (void *) b->yy_ch_buf  );
+ 
+-	yyfree((void *) b  );
++	yyfree( (void *) b  );
+ }
+ 
+ /* Initializes or reinitializes a buffer.
+@@ -2188,7 +2200,7 @@ static void yy_load_buffer_state  (void)
+ {
+ 	int oerrno = errno;
+     
+-	yy_flush_buffer(b );
++	yy_flush_buffer( b );
+ 
+ 	b->yy_input_file = file;
+ 	b->yy_fill_buffer = 1;
+@@ -2231,7 +2243,7 @@ static void yy_load_buffer_state  (void)
+ 	b->yy_buffer_status = YY_BUFFER_NEW;
+ 
+ 	if ( b == YY_CURRENT_BUFFER )
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ }
+ 
+ /** Pushes the new state onto the stack. The new state becomes
+@@ -2262,7 +2274,7 @@ void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
+ 	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ 
+ 	/* copied from yy_switch_to_buffer. */
+-	yy_load_buffer_state( );
++	yy_load_buffer_state(  );
+ 	(yy_did_buffer_switch_on_eof) = 1;
+ }
+ 
+@@ -2281,7 +2293,7 @@ void yypop_buffer_state (void)
+ 		--(yy_buffer_stack_top);
+ 
+ 	if (YY_CURRENT_BUFFER) {
+-		yy_load_buffer_state( );
++		yy_load_buffer_state(  );
+ 		(yy_did_buffer_switch_on_eof) = 1;
+ 	}
+ }
+@@ -2299,15 +2311,15 @@ static void yyensure_buffer_stack (void)
+ 		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ 		 * immediate realloc on the next call.
+          */
+-		num_to_alloc = 1;
++      num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */
+ 		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ 								(num_to_alloc * sizeof(struct yy_buffer_state*)
+ 								);
+ 		if ( ! (yy_buffer_stack) )
+ 			YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
+-								  
++
+ 		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+-				
++
+ 		(yy_buffer_stack_max) = num_to_alloc;
+ 		(yy_buffer_stack_top) = 0;
+ 		return;
+@@ -2316,7 +2328,7 @@ static void yyensure_buffer_stack (void)
+ 	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+ 
+ 		/* Increase the buffer to prepare for a possible push. */
+-		int grow_size = 8 /* arbitrary grow size */;
++		yy_size_t grow_size = 8 /* arbitrary grow size */;
+ 
+ 		num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ 		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+@@ -2336,7 +2348,7 @@ static void yyensure_buffer_stack (void)
+  * @param base the character buffer
+  * @param size the size in bytes of the character buffer
+  * 
+- * @return the newly allocated buffer state object. 
++ * @return the newly allocated buffer state object.
+  */
+ YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
+ {
+@@ -2346,23 +2358,23 @@ YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
+ 	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ 	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+ 		/* They forgot to leave room for the EOB's. */
+-		return 0;
++		return NULL;
+ 
+-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
++	b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state )  );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+ 
+-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
++	b->yy_buf_size = (int) (size - 2);	/* "- 2" to take care of EOB's */
+ 	b->yy_buf_pos = b->yy_ch_buf = base;
+ 	b->yy_is_our_buffer = 0;
+-	b->yy_input_file = 0;
++	b->yy_input_file = NULL;
+ 	b->yy_n_chars = b->yy_buf_size;
+ 	b->yy_is_interactive = 0;
+ 	b->yy_at_bol = 1;
+ 	b->yy_fill_buffer = 0;
+ 	b->yy_buffer_status = YY_BUFFER_NEW;
+ 
+-	yy_switch_to_buffer(b  );
++	yy_switch_to_buffer( b  );
+ 
+ 	return b;
+ }
+@@ -2375,10 +2387,10 @@ YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
+  * @note If you want to scan bytes that may contain NUL values, then use
+  *       yy_scan_bytes() instead.
+  */
+-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
++YY_BUFFER_STATE yy_scan_string (const char * yystr )
+ {
+     
+-	return yy_scan_bytes(yystr,strlen(yystr) );
++	return yy_scan_bytes( yystr, (int) strlen(yystr) );
+ }
+ 
+ /** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+@@ -2388,7 +2400,7 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
+  * 
+  * @return the newly allocated buffer state object.
+  */
+-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len )
++YY_BUFFER_STATE yy_scan_bytes  (const char * yybytes, int  _yybytes_len )
+ {
+ 	YY_BUFFER_STATE b;
+ 	char *buf;
+@@ -2396,8 +2408,8 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len
+ 	int i;
+     
+ 	/* Get memory for full buffer, including space for trailing EOB's. */
+-	n = _yybytes_len + 2;
+-	buf = (char *) yyalloc(n  );
++	n = (yy_size_t) (_yybytes_len + 2);
++	buf = (char *) yyalloc( n  );
+ 	if ( ! buf )
+ 		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+ 
+@@ -2406,7 +2418,7 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len
+ 
+ 	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+ 
+-	b = yy_scan_buffer(buf,n );
++	b = yy_scan_buffer( buf, n );
+ 	if ( ! b )
+ 		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+ 
+@@ -2422,9 +2434,9 @@ YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, yy_size_t  _yybytes_len
+ #define YY_EXIT_FAILURE 2
+ #endif
+ 
+-static void yy_fatal_error (yyconst char* msg )
++static void yynoreturn yy_fatal_error (const char* msg )
+ {
+-    	(void) fprintf( stderr, "%s\n", msg );
++			fprintf( stderr, "%s\n", msg );
+ 	exit( YY_EXIT_FAILURE );
+ }
+ 
+@@ -2452,7 +2464,7 @@ static void yy_fatal_error (yyconst char* msg )
+  */
+ int yyget_lineno  (void)
+ {
+-        
++    
+     return yylineno;
+ }
+ 
+@@ -2475,7 +2487,7 @@ FILE *yyget_out  (void)
+ /** Get the length of the current token.
+  * 
+  */
+-yy_size_t yyget_leng  (void)
++int yyget_leng  (void)
+ {
+         return yyleng;
+ }
+@@ -2490,29 +2502,29 @@ char *yyget_text  (void)
+ }
+ 
+ /** Set the current line number.
+- * @param line_number
++ * @param _line_number line number
+  * 
+  */
+-void yyset_lineno (int  line_number )
++void yyset_lineno (int  _line_number )
+ {
+     
+-    yylineno = line_number;
++    yylineno = _line_number;
+ }
+ 
+ /** Set the input stream. This does not discard the current
+  * input buffer.
+- * @param in_str A readable stream.
++ * @param _in_str A readable stream.
+  * 
+  * @see yy_switch_to_buffer
+  */
+-void yyset_in (FILE *  in_str )
++void yyset_in (FILE *  _in_str )
+ {
+-        yyin = in_str ;
++        yyin = _in_str ;
+ }
+ 
+-void yyset_out (FILE *  out_str )
++void yyset_out (FILE *  _out_str )
+ {
+-        yyout = out_str ;
++        yyout = _out_str ;
+ }
+ 
+ int yyget_debug  (void)
+@@ -2520,9 +2532,9 @@ int yyget_debug  (void)
+         return yy_flex_debug;
+ }
+ 
+-void yyset_debug (int  bdebug )
++void yyset_debug (int  _bdebug )
+ {
+-        yy_flex_debug = bdebug ;
++        yy_flex_debug = _bdebug ;
+ }
+ 
+ static int yy_init_globals (void)
+@@ -2531,10 +2543,10 @@ static int yy_init_globals (void)
+      * This function is called from yylex_destroy(), so don't allocate here.
+      */
+ 
+-    (yy_buffer_stack) = 0;
++    (yy_buffer_stack) = NULL;
+     (yy_buffer_stack_top) = 0;
+     (yy_buffer_stack_max) = 0;
+-    (yy_c_buf_p) = (char *) 0;
++    (yy_c_buf_p) = NULL;
+     (yy_init) = 0;
+     (yy_start) = 0;
+ 
+@@ -2543,8 +2555,8 @@ static int yy_init_globals (void)
+     yyin = stdin;
+     yyout = stdout;
+ #else
+-    yyin = (FILE *) 0;
+-    yyout = (FILE *) 0;
++    yyin = NULL;
++    yyout = NULL;
+ #endif
+ 
+     /* For future reference: Set errno on error, since we are called by
+@@ -2559,7 +2571,7 @@ int yylex_destroy  (void)
+     
+     /* Pop the buffer stack, destroying each element. */
+ 	while(YY_CURRENT_BUFFER){
+-		yy_delete_buffer(YY_CURRENT_BUFFER  );
++		yy_delete_buffer( YY_CURRENT_BUFFER  );
+ 		YY_CURRENT_BUFFER_LVALUE = NULL;
+ 		yypop_buffer_state();
+ 	}
+@@ -2580,18 +2592,19 @@ int yylex_destroy  (void)
+  */
+ 
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
++static void yy_flex_strncpy (char* s1, const char * s2, int n )
+ {
+-	register int i;
++		
++	int i;
+ 	for ( i = 0; i < n; ++i )
+ 		s1[i] = s2[i];
+ }
+ #endif
+ 
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen (yyconst char * s )
++static int yy_flex_strlen (const char * s )
+ {
+-	register int n;
++	int n;
+ 	for ( n = 0; s[n]; ++n )
+ 		;
+ 
+@@ -2601,11 +2614,12 @@ static int yy_flex_strlen (yyconst char * s )
+ 
+ void *yyalloc (yy_size_t  size )
+ {
+-	return (void *) malloc( size );
++			return malloc(size);
+ }
+ 
+ void *yyrealloc  (void * ptr, yy_size_t  size )
+ {
++		
+ 	/* The cast to (char *) in the following accommodates both
+ 	 * implementations that use char* generic pointers, and those
+ 	 * that use void* generic pointers.  It works with the latter
+@@ -2613,26 +2627,25 @@ void *yyrealloc  (void * ptr, yy_size_t  size )
+ 	 * any pointer type to void*, and deal with argument conversions
+ 	 * as though doing an assignment.
+ 	 */
+-	return (void *) realloc( (char *) ptr, size );
++	return realloc(ptr, size);
+ }
+ 
+ void yyfree (void * ptr )
+ {
+-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
++			free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
+ }
+ 
+ #define YYTABLES_NAME "yytables"
+ 
+-#line 235 "xmlif/xmlif.l"
+-
++#line 236 "xmlif/xmlif.l"
+ 
+ #include <string.h>
+ 
+ #include "config.h"
+ 
+-int yywrap() {exit(0);};
++int yywrap() {exit(0);}
+ 
+-main(int argc, char *argv[])
++int main(int argc, char *argv[])
+ {
+     int i;
+ 
+@@ -2658,7 +2671,7 @@ main(int argc, char *argv[])
+ 	    exit(1);
+ 	}
+ 
+-    yylex();
++    return yylex();
+ }
+ 
+ /*
+diff --git a/xmlif/xmlif.l b/xmlif/xmlif.l
+index 294fbc7..560508e 100644
+--- a/xmlif/xmlif.l
++++ b/xmlif/xmlif.l
+@@ -203,7 +203,7 @@ WS		[ \t\n]*
+ 
+ %x attrib val
+ 
+-%option batch never-interactive fast 8bit
++%option batch never-interactive fast 8bit yywrap
+ 
+ %%
+ <INITIAL>\<\?xmlif{WS}if{WS}not{WS}	{BEGIN(attrib); ifsense = FALSE; push_level();}
diff --git a/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-fix-Wimplicit-int-for-ifsense.patch b/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-fix-Wimplicit-int-for-ifsense.patch
new file mode 100644
index 0000000000..d5c25ba08a
--- /dev/null
+++ b/meta/recipes-devtools/xmlto/xmlto-0.0.28/0001-fix-Wimplicit-int-for-ifsense.patch
@@ -0,0 +1,33 @@
+From 1375e2df75530cd198bd16ac3de38e2b0d126276 Mon Sep 17 00:00:00 2001
+From: Thomas Kuehne <thomas@kuehne.cn>
+Date: Sat, 11 Dec 2021 21:10:41 +0100
+Subject: [PATCH] fix -Wimplicit-int for ifsense
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+fixes:
+xmlif/xmlif.l:46:8: warning: type defaults to ‘int’ in declaration of ‘ifsense’ [-Wimplicit-int]
+   46 | static ifsense;                 /* sense of last `if' or unless seen */
+      |        ^~~~~~~
+
+Signed-off-by: Thomas Kuehne <thomas@kuehne.cn>
+Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
+Upstream-Status: Backport [v0.0.29 https://pagure.io/xmlto/c/1375e2df75530cd198bd16ac3de38e2b0d126276?branch=master
+---
+ xmlif/xmlif.l | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmlif/xmlif.l b/xmlif/xmlif.l
+index ac42136..6e5970e 100644
+--- a/xmlif/xmlif.l
++++ b/xmlif/xmlif.l
+@@ -43,7 +43,7 @@
+ 
+ static char **selections;	/* selection tokens */
+ static int nselections;		/* number of selections */
+-static ifsense;			/* sense of last `if' or unless seen */
++static int ifsense;		/* sense of last `if' or unless seen */
+ static char *attribute;		/* last attribute scanned */
+ 
+ struct stack_t {
diff --git a/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb b/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb
index 5cb9a4c57b..ce6680c507 100644
--- a/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb
+++ b/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb
@@ -8,6 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
 
 SRC_URI = "https://releases.pagure.org/xmlto/xmlto-${PV}.tar.gz \
            file://configure.in-drop-the-test-of-xmllint-and-xsltproc.patch \
+           file://0001-Fix-return-type-of-main-function.patch \
+           file://0001-fix-Wimplicit-int-for-ifsense.patch \
+           file://0001-Regenerate-the-xmlif.c-and-update-xmlif.l-to-comply-.patch \
 "
 SRC_URI[md5sum] = "a1fefad9d83499a15576768f60f847c6"
 SRC_URI[sha256sum] = "2f986b7c9a0e9ac6728147668e776d405465284e13c74d4146c9cbc51fd8aad3"
@@ -36,6 +39,13 @@ BBCLASSEXTEND = "native"
 
 EXTRA_OECONF:append = " BASH=/bin/bash GCP=/bin/cp XMLLINT=xmllint XSLTPROC=xsltproc"
 
+do_configure:prepend() {
+    # make sure xmlif.c is newer than xmlif.l after do_patch (order of
+    # .patch files in SRC_URI isn't enough) to prevent regenerating it
+    # with flex-native which isn't in DEPENDS
+    touch ${S}/xmlif/xmlif.c
+}
+
 do_install:append:class-native() {
     create_wrapper ${D}${bindir}/xmlto XML_CATALOG_FILES=${sysconfdir}/xml/catalog
 }
-- 
2.34.1

[OE-core][kirkstone 0/5] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, September 11

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2346

The following changes since commit 71ed9d8394f7e625270ee66f9c2816bba4aa2016:

  pulseaudio: Add audio group explicitly (2025-09-02 09:20:07 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (3):
  ffmpeg: fix CVE-2025-7700
  ffmpeg: fix multiple CVEs
  ffmpeg: fix CVE-2025-1594

Divya Chellam (1):
  wpa-supplicant: fix CVE-2022-37660

Gyorgy Sarvari (1):
  llvm: fix typo in CVE-2024-0151.patch

 .../wpa-supplicant/CVE-2022-37660-0001.patch  | 254 +++++
 .../wpa-supplicant/CVE-2022-37660-0002.patch  | 139 +++
 .../wpa-supplicant/CVE-2022-37660-0003.patch  | 196 ++++
 .../wpa-supplicant/CVE-2022-37660-0004.patch  | 941 ++++++++++++++++++
 .../wpa-supplicant/CVE-2022-37660-0005.patch  | 144 +++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   5 +
 .../llvm/llvm/CVE-2024-0151.patch             |  13 +-
 ...602-CVE-2023-6604-CVE-2023-6605-0001.patch |  79 ++
 ...602-CVE-2023-6604-CVE-2023-6605-0002.patch | 142 +++
 ...602-CVE-2023-6604-CVE-2023-6605-0003.patch |  45 +
 .../ffmpeg/ffmpeg/CVE-2025-1594.patch         | 104 ++
 .../ffmpeg/ffmpeg/CVE-2025-7700.patch         |  52 +
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb |   5 +
 13 files changed, 2114 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0001.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0002.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0003.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0004.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0005.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0001.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0002.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-6602-CVE-2023-6604-CVE-2023-6605-0003.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-1594.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-7700.patch

-- 
2.43.0