[OE-core][kirkstone 00/19] Patch review

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3703

The following changes since commit d3beac233558242ab6895e9ba8536a6df9df8eb3:

  selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES (2022-05-22 11:40:26 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (15):
  gst-devtools: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0: upgrade 1.20.1 -> 1.20.2
  gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2
  libcgroup: upgrade 2.0.1 -> 2.0.2
  mesa: upgrade 22.0.2 -> 22.0.3
  mobile-broadband-provider-info: upgrade 20220315 -> 20220511
  sqlite3: upgrade 3.38.3 -> 3.38.5

Hitendra Prajapati (1):
  pcre2: CVE-2022-1586 Out-of-bounds read

Peter Kjellerstedt (1):
  license_image.bbclass: Make QA errors fail the build

Ross Burton (1):
  oeqa/selftest/cve_check: add tests for recipe and image reports

Steve Sakoman (1):
  go: upgrade 1.17.8 -> 1.17.10

 meta/classes/license_image.bbclass            |  2 +
 meta/lib/oeqa/selftest/cases/cve_check.py     | 77 ++++++++++++++++++-
 .../mobile-broadband-provider-info_git.bb     |  4 +-
 ...{libcgroup_2.0.1.bb => libcgroup_2.0.2.bb} |  2 +-
 .../go/{go-1.17.8.inc => go-1.17.10.inc}      |  2 +-
 ..._1.17.8.bb => go-binary-native_1.17.10.bb} |  4 +-
 ...1.17.8.bb => go-cross-canadian_1.17.10.bb} |  0
 ...go-cross_1.17.8.bb => go-cross_1.17.10.bb} |  0
 ...sssdk_1.17.8.bb => go-crosssdk_1.17.10.bb} |  0
 ...-native_1.17.8.bb => go-native_1.17.10.bb} |  0
 ...untime_1.17.8.bb => go-runtime_1.17.10.bb} |  0
 .../go/{go_1.17.8.bb => go_1.17.10.bb}        |  0
 .../{mesa-gl_22.0.2.bb => mesa-gl_22.0.3.bb}  |  0
 meta/recipes-graphics/mesa/mesa.inc           |  2 +-
 .../mesa/{mesa_22.0.2.bb => mesa_22.0.3.bb}   |  0
 ...tools_1.20.1.bb => gst-devtools_1.20.2.bb} |  2 +-
 ...1.20.1.bb => gstreamer1.0-libav_1.20.2.bb} |  2 +-
 ...x_1.20.1.bb => gstreamer1.0-omx_1.20.2.bb} |  2 +-
 ....bb => gstreamer1.0-plugins-bad_1.20.2.bb} |  2 +-
 ...bb => gstreamer1.0-plugins-base_1.20.2.bb} |  2 +-
 ...bb => gstreamer1.0-plugins-good_1.20.2.bb} |  2 +-
 ...bb => gstreamer1.0-plugins-ugly_1.20.2.bb} |  2 +-
 ....20.1.bb => gstreamer1.0-python_1.20.2.bb} |  2 +-
 ....bb => gstreamer1.0-rtsp-server_1.20.2.bb} |  2 +-
 ...1.20.1.bb => gstreamer1.0-vaapi_1.20.2.bb} |  2 +-
 ...er1.0_1.20.1.bb => gstreamer1.0_1.20.2.bb} |  2 +-
 .../libpcre/libpcre2/CVE-2022-1586.patch      | 58 ++++++++++++++
 .../recipes-support/libpcre/libpcre2_10.39.bb |  5 +-
 .../{sqlite3_3.38.3.bb => sqlite3_3.38.5.bb}  |  2 +-
 29 files changed, 158 insertions(+), 22 deletions(-)
 rename meta/recipes-core/libcgroup/{libcgroup_2.0.1.bb => libcgroup_2.0.2.bb} (93%)
 rename meta/recipes-devtools/go/{go-1.17.8.inc => go-1.17.10.inc} (92%)
 rename meta/recipes-devtools/go/{go-binary-native_1.17.8.bb => go-binary-native_1.17.10.bb} (83%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.17.8.bb => go-cross-canadian_1.17.10.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.17.8.bb => go-cross_1.17.10.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.17.8.bb => go-crosssdk_1.17.10.bb} (100%)
 rename meta/recipes-devtools/go/{go-native_1.17.8.bb => go-native_1.17.10.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.17.8.bb => go-runtime_1.17.10.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.17.8.bb => go_1.17.10.bb} (100%)
 rename meta/recipes-graphics/mesa/{mesa-gl_22.0.2.bb => mesa-gl_22.0.3.bb} (100%)
 rename meta/recipes-graphics/mesa/{mesa_22.0.2.bb => mesa_22.0.3.bb} (100%)
 rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.1.bb => gst-devtools_1.20.2.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.1.bb => gstreamer1.0-libav_1.20.2.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.1.bb => gstreamer1.0-omx_1.20.2.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.1.bb => gstreamer1.0-plugins-bad_1.20.2.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.1.bb => gstreamer1.0-plugins-base_1.20.2.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.1.bb => gstreamer1.0-plugins-good_1.20.2.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.1.bb => gstreamer1.0-plugins-ugly_1.20.2.bb} (94%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.1.bb => gstreamer1.0-python_1.20.2.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.1.bb => gstreamer1.0-rtsp-server_1.20.2.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.1.bb => gstreamer1.0-vaapi_1.20.2.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.1.bb => gstreamer1.0_1.20.2.bb} (97%)
 create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
 rename meta/recipes-support/sqlite/{sqlite3_3.38.3.bb => sqlite3_3.38.5.bb} (86%)

-- 
2.25.1

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4160

with the exception of an autobuilder NAS timeout on qemux86-world which
passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/3450

The following changes since commit 92f122e0c1a7589bec3b628474548aad7fe159b4:

  wic: depend on cross-binutils (2022-08-31 04:16:07 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  bind: upgrade 9.18.4 -> 9.18.5

Andrei Gherzan (4):
  linux-yocto: Fix COMPATIBLE_MACHINE regex match
  shadow: Enable subid support
  rootfspostcommands.py: Cleanup subid backup files generated by
    shadow-utils
  shadow: Avoid nss warning/error with musl

Bruce Ashfield (4):
  linux-yocto/5.15: update to v5.15.60
  linux-yocto/5.15: update to v5.15.62
  linux-yocto/5.10: update to v5.10.136
  linux-yocto/5.10: update to v5.10.137

Khem Raj (5):
  xinetd: Pass missing -D_GNU_SOURCE
  watchdog: Include needed system header for function decls
  pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
  apr: Use correct strerror_r implementation based on libc type
  gcr: Define _GNU_SOURCE

Mateusz Marciniec (1):
  util-linux: Remove --enable-raw from EXTRA_OECONF

Pavel Zhukov (1):
  parselogs: Ignore xf86OpenConsole error

Ross Burton (1):
  libxml2: wrap xmllint to use the correct XML catalogues

Steve Sakoman (1):
  lttng-modules: fix build for kernel 5.10.137

ghassaneben (1):
  sqlite: fix CVE-2022-35737

 meta/lib/oeqa/runtime/cases/parselogs.py      |  1 +
 meta/lib/rootfspostcommands.py                |  7 ++
 ...1-avoid-start-failure-with-bind-user.patch |  0
 ...d-V-and-start-log-hide-build-options.patch |  0
 ...ching-for-json-headers-searches-sysr.patch |  0
 .../bind/{bind-9.18.4 => bind-9.18.5}/bind9   |  0
 .../{bind-9.18.4 => bind-9.18.5}/conf.patch   |  0
 .../generate-rndc-key.sh                      |  0
 ...t.d-add-support-for-read-only-rootfs.patch |  0
 .../make-etc-initd-bind-stop-work.patch       |  0
 .../named.service                             |  0
 .../bind/{bind_9.18.4.bb => bind_9.18.5.bb}   |  2 +-
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |  2 +
 .../util-linux/util-linux_2.37.4.bb           |  2 +-
 ...f-message-when-not-in-place-eg.-musl.patch | 27 ++++++
 meta/recipes-extended/shadow/shadow.inc       |  9 ++
 ...guard-sys-quota.h-sys-swap.h-and-sys.patch | 37 ++++++++
 .../watchdog/watchdog_5.16.bb                 |  1 +
 .../xinetd/xinetd_2.3.15.4.bb                 |  2 +
 meta/recipes-gnome/gcr/gcr_3.40.0.bb          |  2 +
 meta/recipes-kernel/linux/linux-yocto-dev.bb  |  2 +-
 .../linux/linux-yocto-rt_5.10.bb              |  8 +-
 .../linux/linux-yocto-rt_5.15.bb              |  8 +-
 .../linux/linux-yocto-tiny_5.10.bb            | 10 +-
 .../linux/linux-yocto-tiny_5.15.bb            |  8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 26 +++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 28 +++---
 ...djust-range-v5.10.137-in-block-probe.patch | 92 +++++++++++++++++++
 .../lttng/lttng-modules_2.13.4.bb             |  1 +
 ...CHE_CHECK-for-strerror_r-return-type.patch | 52 +++++++++++
 meta/recipes-support/apr/apr_1.7.0.bb         |  4 +
 .../pinentry/pinentry_1.2.0.bb                |  3 +
 ...riables-in-the-printf-implementation.patch | 26 ++++++
 33 files changed, 313 insertions(+), 47 deletions(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.4 => bind-9.18.5}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.4.bb => bind_9.18.5.bb} (97%)
 create mode 100644 meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
 create mode 100644 meta/recipes-extended/watchdog/watchdog/0001-shutdown-Do-not-guard-sys-quota.h-sys-swap.h-and-sys.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-adjust-range-v5.10.137-in-block-probe.patch
 create mode 100644 meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
 create mode 100644 meta/recipes-support/sqlite/files/0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch

-- 
2.25.1

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4645

The following changes since commit 45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2:

  build-appliance-image: Update to kirkstone head revision (2022-12-13 15:59:33 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Stewart (1):
  lsof: add update-alternatives logic

Carlos Alberto Lopez Perez (1):
  xwayland: libxshmfence is needed when dri3 is enabled

Chen Qi (2):
  bc: extend to nativesdk
  rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work

Florin Diaconescu (1):
  python3: upgrade 3.10.8 -> 3.10.9

Hitendra Prajapati (2):
  golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing
    regexps
  libxml2: Fix CVE-2022-40303 && CVE-2022-40304

Marta Rybczynska (1):
  efibootmgr: update compilation with musl

Mathieu Dubois-Briand (1):
  dbus: Add missing CVE product name

Peter Marko (2):
  externalsrc: fix lookup for .gitmodules
  oeqa/selftest/externalsrc: add test for srctree_hash_files

Richard Purdie (1):
  yocto-check-layer: Allow OE-Core to be tested

Ross Burton (4):
  lib/buildstats: fix parsing of trees with reduced_proc_pressure
    directories
  combo-layer: remove unused import
  combo-layer: dont use bb.utils.rename
  combo-layer: add sync-revs command

Wang Mingyu (3):
  bind: upgrade 9.18.8 -> 9.18.9
  mpfr: upgrade 4.1.0 -> 4.1.1
  libxcrypt-compat: upgrade 4.4.30 -> 4.4.33

 meta/classes/externalsrc.bbclass              |   2 +-
 meta/classes/rm_work.bbclass                  |   2 +-
 meta/lib/oeqa/selftest/cases/externalsrc.py   |  44 ++
 meta/recipes-bsp/efibootmgr/efibootmgr_17.bb  |   2 -
 ...1-avoid-start-failure-with-bind-user.patch |   0
 ...d-V-and-start-log-hide-build-options.patch |   0
 ...ching-for-json-headers-searches-sysr.patch |   0
 .../bind/{bind-9.18.8 => bind-9.18.9}/bind9   |   0
 .../{bind-9.18.8 => bind-9.18.9}/conf.patch   |   0
 .../generate-rndc-key.sh                      |   0
 ...t.d-add-support-for-read-only-rootfs.patch |   0
 .../make-etc-initd-bind-stop-work.patch       |   0
 .../named.service                             |   0
 .../bind/{bind_9.18.8.bb => bind_9.18.9.bb}   |   2 +-
 meta/recipes-core/dbus/dbus_1.14.4.bb         |   2 +
 ...t_4.4.30.bb => libxcrypt-compat_4.4.33.bb} |   0
 meta/recipes-core/libxcrypt/libxcrypt.inc     |   2 +-
 .../libxml/libxml2/CVE-2022-40303.patch       | 624 ++++++++++++++++++
 .../libxml/libxml2/CVE-2022-40304.patch       | 106 +++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   2 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.18/CVE-2022-41715.patch           | 270 ++++++++
 .../python/python3/CVE-2022-42919.patch       |  70 --
 .../python/python3/cve-2022-37454.patch       | 108 ---
 .../{python3_3.10.8.bb => python3_3.10.9.bb}  |   3 +-
 meta/recipes-extended/bc/bc_1.07.1.bb         |   2 +-
 meta/recipes-extended/lsof/lsof_4.94.0.bb     |   9 +
 .../xwayland/xwayland_22.1.5.bb               |   2 +-
 .../mpfr/{mpfr_4.1.0.bb => mpfr_4.1.1.bb}     |   2 +-
 scripts/combo-layer                           |  30 +-
 scripts/lib/buildstats.py                     |   4 +-
 scripts/lib/checklayer/__init__.py            |  11 +-
 scripts/lib/checklayer/cases/bsp.py           |   2 +-
 scripts/lib/checklayer/cases/common.py        |   3 +
 scripts/lib/checklayer/cases/distro.py        |   2 +-
 scripts/yocto-check-layer                     |   5 +-
 36 files changed, 1107 insertions(+), 205 deletions(-)
 create mode 100644 meta/lib/oeqa/selftest/cases/externalsrc.py
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.8 => bind-9.18.9}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.8.bb => bind_9.18.9.bb} (97%)
 rename meta/recipes-core/libxcrypt/{libxcrypt-compat_4.4.30.bb => libxcrypt-compat_4.4.33.bb} (100%)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40303.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-40304.patch
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41715.patch
 delete mode 100644 meta/recipes-devtools/python/python3/CVE-2022-42919.patch
 delete mode 100644 meta/recipes-devtools/python/python3/cve-2022-37454.patch
 rename meta/recipes-devtools/python/{python3_3.10.8.bb => python3_3.10.9.bb} (99%)
 rename meta/recipes-support/mpfr/{mpfr_4.1.0.bb => mpfr_4.1.1.bb} (91%)

-- 
2.25.1

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, October 31

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/362

The following changes since commit 983e3efb51ab22f1fa5f90cbbfba2d701aa425fc:

  kmscube: create_framebuffer: backport modifier fix (2024-10-16 06:55:13 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Antoine Lubineau (1):
  cve-check: add CVSS vector string to CVE database and reports

Ashish Sharma (1):
  ghostscript: Backport CVE-2024-29508

Eilís 'pidge' Ní Fhlannagáin (1):
  nativesdk-intercept: Fix bad intercept chgrp/chown logic

Khem Raj (3):
  zip: Make configure checks to be more robust
  zip: Fix build with gcc-14
  util-linux: Define pidfd_* function signatures

Martin Jansa (3):
  vala: add -Wno-error=incompatible-pointer-types work around
  libffi: backport a fix to build libffi-native with gcc-14
  at-spi2-core: backport a patch to fix build with gcc-14 on host

Peter Marko (3):
  openssl: patch CVE-2024-9143
  python3: ignore fixed CVEs
  cve-check: add support for cvss v4.0

Rohini Sangam (1):
  vim: Upgrade 9.1.0698 -> 9.1.0764

Siddharth Doshi (1):
  vim: Upgrade 9.1.0682 -> 9.1.0698

Steve Sakoman (1):
  bmap-tools: update HOMEPAGE and SRC_URI

Wang Mingyu (1):
  orc: upgrade 0.4.39 -> 0.4.40

Yogita Urade (1):
  qemu: fix CVE-2023-3019

Zoltan Boszormenyi (1):
  cracklib: Modify patch to compile with GCC 14

baruch@tkos.co.il (1):
  overlayfs-etc: add option to skip creation of mount dirs

 meta/classes/cve-check.bbclass                |  12 +-
 meta/classes/overlayfs-etc.bbclass            |   5 +-
 meta/files/overlayfs-etc-preinit.sh.in        |  16 +-
 .../openssl/openssl/CVE-2024-9143.patch       | 202 ++++++
 .../openssl/openssl_3.0.15.bb                 |   1 +
 .../meta/cve-update-nvd2-native.bb            |  19 +-
 meta/recipes-core/util-linux/util-linux.inc   |   1 +
 .../0001-check-for-sys-pidfd.h.patch          |  50 ++
 .../orc/{orc_0.4.39.bb => orc_0.4.40.bb}      |   2 +-
 .../python/python3_3.10.15.bb                 |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |  18 +-
 .../qemu/qemu/CVE-2023-3019-0001.patch        | 622 ++++++++++++++++++
 .../qemu/qemu/CVE-2023-3019-0002.patch        |  91 +++
 meta/recipes-devtools/vala/vala.inc           |   4 +
 ...port-dictionary-byte-order-dependent.patch |   2 +-
 .../ghostscript/CVE-2024-29508-1.patch        | 308 +++++++++
 .../ghostscript/CVE-2024-29508-2.patch        |  29 +
 .../ghostscript/ghostscript_9.55.0.bb         |   2 +
 ...e-dirent.h-for-closedir-opendir-APIs.patch |  45 ++
 ...y-correct-function-signatures-and-de.patch | 134 ++++
 meta/recipes-extended/zip/zip_3.0.bb          |   2 +
 .../0001-Fix-function-prototype.patch         |  27 +
 .../atk/at-spi2-core_2.42.0.bb                |   1 +
 .../bmap-tools/bmap-tools_git.bb              |   4 +-
 ...ward-declare-open_temp_exec_file-764.patch |  47 ++
 meta/recipes-support/libffi/libffi_3.4.4.bb   |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/nativesdk-intercept/chgrp             |   5 +-
 scripts/nativesdk-intercept/chown             |   5 +-
 29 files changed, 1630 insertions(+), 31 deletions(-)
 create mode 100755 meta/recipes-connectivity/openssl/openssl/CVE-2024-9143.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/0001-check-for-sys-pidfd.h.patch
 rename meta/recipes-devtools/orc/{orc_0.4.39.bb => orc_0.4.40.bb} (92%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-1.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29508-2.patch
 create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch
 create mode 100644 meta/recipes-extended/zip/zip-3.0/0001-configure-Specify-correct-function-signatures-and-de.patch
 create mode 100644 meta/recipes-support/atk/at-spi2-core/0001-Fix-function-prototype.patch
 create mode 100644 meta/recipes-support/libffi/libffi/0001-Forward-declare-open_temp_exec_file-764.patch

-- 
2.34.1

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 14

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/426

The following changes since commit 2e8819c0b9ada2b600aecc40c974a18eb7c0a666:

  xmlto: backport a patch to fix build with gcc-14 on host (2024-11-05 14:15:16 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexandre Belloni (1):
  pseudo: Update to pull in fd leak fix

Archana Polampalli (1):
  ghostscript: fix CVE-2023-46361

Khem Raj (1):
  pseudo: Disable LFS on 32bit arches

Ola x Nilsson (1):
  patch.py: Use shlex instead of deprecated pipe

Peter Marko (4):
  curl: patch CVE-2024-9681
  gstreamer1.0: ignore CVE-2024-0444
  expat: patch CVE-2024-50602
  glib-2.0: patch regression of CVE-2023-32665

Philip Lorenz (1):
  cmake: Fix sporadic issues when determining compiler internals

Richard Purdie (10):
  pseudo: Update to pull in linux-libc-headers race fix
  pseudo: Switch back to the master branch
  pseudo: Update to include logic fix
  pseudo: Update to pull in syncfs probe fix
  pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
  pseudo: Update to pull in fchmodat fix
  pseudo: Update to pull in python 3.12+ fix
  pseudo: Fix to work with glibc 2.40
  pseudo: Update to include open symlink handling bugfix
  pseudo: Fix envp bug and add posix_spawn wrapper

 meta/lib/oe/patch.py                          | 11 ++-
 .../expat/expat/CVE-2024-50602-01.patch       | 56 ++++++++++++
 .../expat/expat/CVE-2024-50602-02.patch       | 38 +++++++++
 meta/recipes-core/expat/expat_2.5.0.bb        |  2 +
 ...aliser-Convert-endianness-of-offsets.patch | 68 +++++++++++++++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
 meta/recipes-devtools/cmake/cmake.inc         |  1 +
 ...mpilerABI-Strip-pipe-from-compile-fl.patch | 52 ++++++++++++
 .../pseudo/files/glibc238.patch               | 23 ++---
 meta/recipes-devtools/pseudo/pseudo_git.bb    | 11 ++-
 .../ghostscript/CVE-2023-46361.patch          | 32 +++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  1 +
 .../gstreamer/gstreamer1.0_1.20.7.bb          |  3 +
 .../curl/curl/CVE-2024-9681.patch             | 85 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 +
 15 files changed, 362 insertions(+), 23 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-02.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gvariant-serialiser-Convert-endianness-of-offsets.patch
 create mode 100644 meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-9681.patch

-- 
2.34.1

[OE-core][kirkstone 01/19] ghostscript: fix CVE-2023-46361

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability
via jbig2_error at /jbig2dec/jbig2.c.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2023-46361.patch          | 32 +++++++++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch
new file mode 100644
index 0000000000..d91a94e9d0
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch
@@ -0,0 +1,32 @@
+From 44ca5b9d023e1de33fcb8984c85bb29619c4db7e Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 5 Nov 2023 12:21:52 +0100
+Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in
+ command-line tool.
+
+This fixes CVE-2023-46361.
+
+CVE: CVE-2023-46361
+
+Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=44ca5b9d023e1de33fcb8984c85bb29619c4db7e]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ jbig2dec/jbig2dec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/jbig2dec/jbig2dec.c b/jbig2dec/jbig2dec.c
+index dc1fd56..78c8e89 100644
+--- a/jbig2dec/jbig2dec.c
++++ b/jbig2dec/jbig2dec.c
+@@ -567,7 +567,7 @@ main(int argc, char **argv)
+ {
+     jbig2dec_params_t params;
+     jbig2dec_error_callback_state_t error_callback_state;
+-    jbig2dec_allocator_t allocator_;
++    jbig2dec_allocator_t allocator_ = { 0 };
+     jbig2dec_allocator_t *allocator = &allocator_;
+     Jbig2Ctx *ctx = NULL;
+     FILE *f = NULL, *f_page = NULL;
+--
+2.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 969e637f5e..9f368a291f 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -56,6 +56,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2024-29506.patch \
                 file://CVE-2024-29508-1.patch \
                 file://CVE-2024-29508-2.patch \
+                file://CVE-2023-46361.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \
-- 
2.34.1

[OE-core][kirkstone 02/19] curl: patch CVE-2024-9681

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Picked commit [1] per solution described in [2].

[1] https://github.com/curl/curl/commit/a94973805df96269bf
[2] https://curl.se/docs/CVE-2024-9681.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2024-9681.patch             | 85 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 +
 2 files changed, 86 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-9681.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2024-9681.patch b/meta/recipes-support/curl/curl/CVE-2024-9681.patch
new file mode 100644
index 0000000000..e6c8bf7223
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-9681.patch
@@ -0,0 +1,85 @@
+From a94973805df96269bf3f3bf0a20ccb9887313316 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 9 Oct 2024 10:04:35 +0200
+Subject: [PATCH] hsts: improve subdomain handling
+
+- on load, only replace existing HSTS entries if there is a full host
+  match
+
+- on matching, prefer a full host match and secondary the longest tail
+  subdomain match
+
+Closes #15210
+
+CVE: CVE-2024-9681
+Upstream-Status: Backport [https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/hsts.c          | 14 ++++++++++----
+ tests/data/test1660 |  2 +-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/lib/hsts.c b/lib/hsts.c
+index d5e883f51ef0f7..12052ce53c1c5a 100644
+--- a/lib/hsts.c
++++ b/lib/hsts.c
+@@ -247,12 +247,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
+ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+                            bool subdomain)
+ {
++  struct stsentry *bestsub = NULL;
+   if(h) {
+     char buffer[MAX_HSTS_HOSTLEN + 1];
+     time_t now = time(NULL);
+     size_t hlen = strlen(hostname);
+     struct Curl_llist_element *e;
+     struct Curl_llist_element *n;
++    size_t blen = 0;
+ 
+     if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
+       return NULL;
+@@ -277,15 +279,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+         if(ntail < hlen) {
+           size_t offs = hlen - ntail;
+           if((hostname[offs-1] == '.') &&
+-             Curl_strncasecompare(&hostname[offs], sts->host, ntail))
+-            return sts;
++             Curl_strncasecompare(&hostname[offs], sts->host, ntail) &&
++             (ntail > blen)) {
++            /* save the tail match with the longest tail */
++            bestsub = sts;
++            blen = ntail;
++          }
+         }
+       }
+       if(Curl_strcasecompare(hostname, sts->host))
+         return sts;
+     }
+   }
+-  return NULL; /* no match */
++  return bestsub;
+ }
+ 
+ /*
+@@ -447,7 +453,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
+     e = Curl_hsts(h, p, subdomain);
+     if(!e)
+       result = hsts_create(h, p, subdomain, expires);
+-    else {
++    else if(Curl_strcasecompare(p, e->host)) {
+       /* the same host name, use the largest expire time */
+       if(expires > e->expires)
+         e->expires = expires;
+diff --git a/tests/data/test1660 b/tests/data/test1660
+index f86126d19cf269..4b6f9615c9d517 100644
+--- a/tests/data/test1660
++++ b/tests/data/test1660
+@@ -52,7 +52,7 @@ this.example [this.example]: 1548400797
+ Input 12: error 43
+ Input 13: error 43
+ Input 14: error 43
+-3.example.com [example.com]: 1569905261 includeSubDomains
++3.example.com [3.example.com]: 1569905261 includeSubDomains
+ 3.example.com [example.com]: 1569905261 includeSubDomains
+ foo.example.com [example.com]: 1569905261 includeSubDomains
+ 'foo.xample.com' is not HSTS
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index ba3abadac9..cda42da4d3 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -62,6 +62,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2024-7264_2.patch \
            file://CVE-2024-8096.patch \
            file://0001-url-free-old-conn-better-on-reuse.patch \
+           file://CVE-2024-9681.patch \
            "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.34.1

[OE-core][kirkstone 03/19] gstreamer1.0: ignore CVE-2024-0444

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

This CVE is patched in gstreamer1.0-plugins-bad.
cpe product is set to gstreamer, they share source git repository.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.7.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.7.bb
index 6d002198ae..2c9c6944b0 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.7.bb
@@ -69,4 +69,7 @@ FILES:${PN}-dbg += "${datadir}/gdb ${datadir}/gstreamer-1.0/gdb"
 
 CVE_PRODUCT = "gstreamer"
 
+# this CVE is patched in gstreamer1.0-plugins-bad
+CVE_CHECK_IGNORE += "CVE-2024-0444"
+
 PTEST_BUILD_HOST_FILES = ""
-- 
2.34.1

[OE-core][kirkstone 04/19] expat: patch CVE-2024-50602

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Pick commits from https://github.com/libexpat/libexpat/pull/915

Not picking test is suboptimal, but test structure was changed meanwhile
so we'd have to invent new code.
Skipping tests was already done in previous expat/kirkstone CVE patches.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2024-50602-01.patch       | 56 +++++++++++++++++++
 .../expat/expat/CVE-2024-50602-02.patch       | 38 +++++++++++++
 meta/recipes-core/expat/expat_2.5.0.bb        |  2 +
 3 files changed, 96 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-02.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch
new file mode 100644
index 0000000000..6abaa85261
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch
@@ -0,0 +1,56 @@
+From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 21 Oct 2024 01:42:54 +0200
+Subject: [PATCH 1/2] lib: Make XML_StopParser refuse to stop/suspend an
+ unstarted parser
+
+CVE: CVE-2024-50602
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/51c7019069b862e88d94ed228659e70bddd5de09]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ expat/lib/expat.h    | 4 +++-
+ expat/lib/xmlparse.c | 6 ++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/lib/expat.h b/lib/expat.h
+index d0d6015a..3ba61304 100644
+--- a/lib/expat.h
++++ b/lib/expat.h
+@@ -127,7 +127,9 @@ enum XML_Error {
+   /* Added in 2.3.0. */
+   XML_ERROR_NO_BUFFER,
+   /* Added in 2.4.0. */
+-  XML_ERROR_AMPLIFICATION_LIMIT_BREACH
++  XML_ERROR_AMPLIFICATION_LIMIT_BREACH,
++  /* Added in 2.6.4. */
++  XML_ERROR_NOT_STARTED,
+ };
+ 
+ enum XML_Content_Type {
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index d9285b21..fa02537f 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -2189,6 +2189,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+   if (parser == NULL)
+     return XML_STATUS_ERROR;
+   switch (parser->m_parsingStatus.parsing) {
++  case XML_INITIALIZED:
++    parser->m_errorCode = XML_ERROR_NOT_STARTED;
++    return XML_STATUS_ERROR;
+   case XML_SUSPENDED:
+     if (resumable) {
+       parser->m_errorCode = XML_ERROR_SUSPENDED;
+@@ -2474,6 +2477,9 @@ XML_ErrorString(enum XML_Error code) {
+   case XML_ERROR_AMPLIFICATION_LIMIT_BREACH:
+     return XML_L(
+         "limit on input amplification factor (from DTD and entities) breached");
++  /* Added in 2.6.4. */
++  case XML_ERROR_NOT_STARTED:
++    return XML_L("parser not started");
+   }
+   return NULL;
+ }
+-- 
+2.30.2
+
diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch
new file mode 100644
index 0000000000..4d99eb738c
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch
@@ -0,0 +1,38 @@
+From 5fb89e7b3afa1c314b34834fe729cd063f65a4d4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 21 Oct 2024 01:46:11 +0200
+Subject: [PATCH 2/2] lib: Be explicit about XML_PARSING in XML_StopParser
+
+CVE: CVE-2024-50602
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5fb89e7b3afa1c314b34834fe729cd063f65a4d4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ expat/lib/xmlparse.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index fa02537f..983f6df0 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -2202,7 +2202,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+   case XML_FINISHED:
+     parser->m_errorCode = XML_ERROR_FINISHED;
+     return XML_STATUS_ERROR;
+-  default:
++  case XML_PARSING:
+     if (resumable) {
+ #ifdef XML_DTD
+       if (parser->m_isParamEntity) {
+@@ -2213,6 +2213,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) {
+       parser->m_parsingStatus.parsing = XML_SUSPENDED;
+     } else
+       parser->m_parsingStatus.parsing = XML_FINISHED;
++    break;
++  default:
++    assert(0);
+   }
+   return XML_STATUS_OK;
+ }
+-- 
+2.30.2
+
diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb
index 26190383e3..33207ff0da 100644
--- a/meta/recipes-core/expat/expat_2.5.0.bb
+++ b/meta/recipes-core/expat/expat_2.5.0.bb
@@ -28,6 +28,8 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
 	   file://CVE-2024-45490-0004.patch \
 	   file://CVE-2024-45491.patch \
 	   file://CVE-2024-45492.patch \
+	   file://CVE-2024-50602-01.patch \
+	   file://CVE-2024-50602-02.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
-- 
2.34.1

[OE-core][kirkstone 05/19] glib-2.0: patch regression of CVE-2023-32665

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Official CVE-2023-32665 patch introduced a regression for big-endian
architectures.
This code was backported in CVE-2023-32665-0003.patch

Reported in [1] and fixed by [2] where this patch is picked from.

[1] https://gitlab.gnome.org/GNOME/glib/-/issues/2839
[2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3136

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...aliser-Convert-endianness-of-offsets.patch | 68 +++++++++++++++++++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
 2 files changed, 69 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0001-gvariant-serialiser-Convert-endianness-of-offsets.patch

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gvariant-serialiser-Convert-endianness-of-offsets.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gvariant-serialiser-Convert-endianness-of-offsets.patch
new file mode 100644
index 0000000000..86cce768ed
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gvariant-serialiser-Convert-endianness-of-offsets.patch
@@ -0,0 +1,68 @@
+From dc16dffed0480d0c8cdd6a05ede68263fc8723a9 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Thu, 15 Dec 2022 12:51:37 +0000
+Subject: [PATCH] gvariant-serialiser: Convert endianness of offsets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The array of offsets is little-endian, even on big-endian architectures
+like s390x.
+
+Fixes: ade71fb5 "gvariant: Don’t allow child elements to overlap with each other"
+Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2839
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/dc16dffed0480d0c8cdd6a05ede68263fc8723a9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ glib/gvariant-serialiser.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
+index 25c85b30b..e9b0eab2b 100644
+--- a/glib/gvariant-serialiser.c
++++ b/glib/gvariant-serialiser.c
+@@ -712,17 +712,19 @@ gvs_variable_sized_array_n_children (GVariantSerialised value)
+ /* Find the index of the first out-of-order element in @data, assuming that
+  * @data is an array of elements of given @type, starting at index @start and
+  * containing a further @len-@start elements. */
+-#define DEFINE_FIND_UNORDERED(type) \
++#define DEFINE_FIND_UNORDERED(type, le_to_native) \
+   static gsize \
+   find_unordered_##type (const guint8 *data, gsize start, gsize len) \
+   { \
+     gsize off; \
+-    type current, previous; \
++    type current_le, previous_le, current, previous; \
+     \
+-    memcpy (&previous, data + start * sizeof (current), sizeof (current)); \
++    memcpy (&previous_le, data + start * sizeof (current), sizeof (current)); \
++    previous = le_to_native (previous_le); \
+     for (off = (start + 1) * sizeof (current); off < len * sizeof (current); off += sizeof (current)) \
+       { \
+-        memcpy (&current, data + off, sizeof (current)); \
++        memcpy (&current_le, data + off, sizeof (current)); \
++        current = le_to_native (current_le); \
+         if (current < previous) \
+           break; \
+         previous = current; \
+@@ -730,10 +732,11 @@ gvs_variable_sized_array_n_children (GVariantSerialised value)
+     return off / sizeof (current) - 1; \
+   }
+ 
+-DEFINE_FIND_UNORDERED (guint8);
+-DEFINE_FIND_UNORDERED (guint16);
+-DEFINE_FIND_UNORDERED (guint32);
+-DEFINE_FIND_UNORDERED (guint64);
++#define NO_CONVERSION(x) (x)
++DEFINE_FIND_UNORDERED (guint8, NO_CONVERSION);
++DEFINE_FIND_UNORDERED (guint16, GUINT16_FROM_LE);
++DEFINE_FIND_UNORDERED (guint32, GUINT32_FROM_LE);
++DEFINE_FIND_UNORDERED (guint64, GUINT64_FROM_LE);
+ 
+ static GVariantSerialised
+ gvs_variable_sized_array_get_child (GVariantSerialised value,
+-- 
+2.30.2
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 35b51a3ec9..239099d568 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -49,6 +49,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://CVE-2024-34397_16.patch \
            file://CVE-2024-34397_17.patch \
            file://CVE-2024-34397_18.patch \
+           file://0001-gvariant-serialiser-Convert-endianness-of-offsets.patch \
            "
 SRC_URI:append:class-native = " file://relocate-modules.patch"
 
-- 
2.34.1

[OE-core][kirkstone 06/19] patch.py: Use shlex instead of deprecated pipe

[Steve Sakoman]

From: Ola x Nilsson <olani@axis.com>

The pipe library is deprecated in Python 3.11 and will be removed in
Python 3.13.  pipe.quote is just an import of shlex.quote anyway.

Clean up imports while we're at it.

Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5f33c7b99a991c380d1813da8248ba5470ca4d4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/patch.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 4ec9caed45..e607148ec7 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -2,9 +2,11 @@
 # SPDX-License-Identifier: GPL-2.0-only
 #
 
+import os
+import shlex
+import subprocess
 import oe.path
 import oe.types
-import subprocess
 
 class NotFoundError(bb.BBHandledException):
     def __init__(self, path):
@@ -25,8 +27,6 @@ class CmdError(bb.BBHandledException):
 
 
 def runcmd(args, dir = None):
-    import pipes
-
     if dir:
         olddir = os.path.abspath(os.curdir)
         if not os.path.exists(dir):
@@ -35,7 +35,7 @@ def runcmd(args, dir = None):
         # print("cwd: %s -> %s" % (olddir, dir))
 
     try:
-        args = [ pipes.quote(str(arg)) for arg in args ]
+        args = [ shlex.quote(str(arg)) for arg in args ]
         cmd = " ".join(args)
         # print("cmd: %s" % cmd)
         proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
@@ -215,7 +215,7 @@ class PatchTree(PatchSet):
         with open(self.seriespath, 'w') as f:
             for p in patches:
                 f.write(p)
-         
+
     def Import(self, patch, force = None):
         """"""
         PatchSet.Import(self, patch, force)
@@ -919,4 +919,3 @@ def should_apply(parm, d):
             return False, "applies to later version"
 
     return True, None
-
-- 
2.34.1

[OE-core][kirkstone 07/19] cmake: Fix sporadic issues when determining compiler internals

[Steve Sakoman]

From: Philip Lorenz <philip.lorenz@bmw.de>

When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.

In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:

    recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
        stdlib.h: No such file or directory
    |    75 | #include_next <stdlib.h>
    |       |               ^~~~~~~~~~
    | compilation terminated.
    | ninja: build stopped: subcommand failed.
    | WARNING: exit code 1 from a shell command.

Fix this stripping `-pipe` from the command line used to determine
compiler internals.

Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/cmake/cmake.inc         |  1 +
 ...mpilerABI-Strip-pipe-from-compile-fl.patch | 52 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch

diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index d500321138..3811aae9c4 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -17,6 +17,7 @@ LIC_FILES_CHKSUM = "file://Copyright.txt;md5=31023e1d3f51ca90a58f55bcee8e2339 \
 CMAKE_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
 
 SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
+           file://0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch \
            file://0003-cmake-support-OpenEmbedded-Qt4-tool-binary-names.patch \
            file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \
 "
diff --git a/meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch b/meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch
new file mode 100644
index 0000000000..a30273458f
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/0001-CMakeDetermineCompilerABI-Strip-pipe-from-compile-fl.patch
@@ -0,0 +1,52 @@
+From dab7ba34f87be0172f6586325656ee962de0029e Mon Sep 17 00:00:00 2001
+From: Philip Lorenz <philip.lorenz@bmw.de>
+Date: Mon, 3 Jun 2024 13:19:24 +0200
+Subject: [PATCH] CMakeDetermineCompilerABI: Strip -pipe from compile flags
+
+When `-pipe` is enabled, GCC passes data between its different
+executables using pipes instead of temporary files. This leads to issues
+when cmake attempts to infer compiler internals via the `-v` parameter
+as each executable will print to `stderr` in parallel.
+
+For example we have observed the following outputs in our builds which
+sporadically lead to build failures as system include directories were
+not detected reliably:
+
+Parsed CXX implicit include dir info from above output: rv=done
+  found start of include info
+  found start of implicit include info
+    add: [.../usr/bin/x86_64-poky-linux/../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/11.4.0/include]
+    add: [.../usr/bin/x86_64-poky-linux/../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/11.4.0/include-fixed]
+    add: [.../usr/include/c++/11.4.0]
+    add: [.../usr/include/c++/11.4.0/x86_64-poky-linux]
+    add: [.../usr/include/c++/11.4.0/backward]
+    add: [.../usr/lib/x86_64-poky-linux/11.4.0/include]
+    add: [...GNU assembler version 2.38 (x86_64-poky-linux) using BFD version (GNU Binutils) 2.38.20220708]
+    add: [/usr/include]
+  end of search list found
+
+Fix this issue by stripping the `-pipe` parameter from the compilation
+flag when determining the toolchain configuration.
+
+Upstream-Status: Backport [3.32.0, 71be059f3f32b6791427893a48ba4815a19e2e78]
+Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
+---
+ Modules/CMakeDetermineCompilerABI.cmake | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/Modules/CMakeDetermineCompilerABI.cmake b/Modules/CMakeDetermineCompilerABI.cmake
+index 8191d819bf..ae4c9ee44e 100644
+--- a/Modules/CMakeDetermineCompilerABI.cmake
++++ b/Modules/CMakeDetermineCompilerABI.cmake
+@@ -35,6 +35,11 @@ function(CMAKE_DETERMINE_COMPILER_ABI lang src)
+ 
+     # Avoid failing ABI detection on warnings.
+     string(REGEX REPLACE "(^| )-Werror([= ][^ ]*)?( |$)" " " CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS}")
++    # Avoid passing of "-pipe" when determining the compiler internals. With
++    # "-pipe" GCC will use pipes to pass data between the involved
++    # executables.  This may lead to issues when their stderr output (which
++    # contains the relevant compiler internals) becomes interweaved.
++    string(REGEX REPLACE "(^| )-pipe( |$)" " " CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS}")
+ 
+     # Save the current LC_ALL, LC_MESSAGES, and LANG environment variables
+     # and set them to "C" that way GCC's "search starts here" text is in
-- 
2.34.1

[OE-core][kirkstone 08/19] pseudo: Update to pull in linux-libc-headers race fix

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Update to pull in:

    pseudo.c: Avoid patch mismatch errors for NAMELESS file entries

    In rare cases we see failures, often in linux-libc-headers for things like:

    |   INSTALL /XXX/linux-libc-headers/6.1-r0/image/usr/include
    | abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this.

    Pseudo log:
    path mismatch [2 links]: ino 46662476 db 'NAMELESS FILE' req '/XXX/linux-libc-headers/6.1-r0/image/usr'.
    Setup complete, sending SIGUSR1 to pid 3630890.

    Whilst this doesn't easily reproduce, the issue is that multiple different processes are
    likely working on the directory and the creation in pseudo might not match accesses
    made by other processes.

    Ultimately, the "NAMELESS FILE" is harmless and pseudo will reconcile things
    so rather than error out, we should ignore this case.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f30a1a74828e105cbe69677b3fbe5623f371543)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 4dd9156238..6b0cb598e2 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "c9670c27ff67ab899007ce749254b16091577e55"
+SRCREV = "cc1f6167cb5065daba1462056e2dce8ff72aa855"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 09/19] pseudo: Disable LFS on 32bit arches

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

pseudo overrides certain libc functions which are aliases when LFS64 is
enabled. In anycase pseudo may not be of much use on 32bit systems

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 6b0cb598e2..00af809689 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -18,5 +18,12 @@ SRCREV = "cc1f6167cb5065daba1462056e2dce8ff72aa855"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
+# largefile and 64bit time_t support adds these macros via compiler flags globally
+# remove them for pseudo since pseudo intercepts some of the functions which will be
+# aliased due to this e.g. open/open64 and it will complain about duplicate definitions
+# pseudo on 32bit systems is not much of use anyway and these features are not of much
+# use for it.
+TARGET_CPPFLAGS:remove = "-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+
 # error: use of undeclared identifier '_STAT_VER'
 COMPATIBLE_HOST:libc-musl = 'null'
-- 
2.34.1

[OE-core][kirkstone 10/19] pseudo: Switch back to the master branch

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

OE is the main user of pseudo and we've had the changes in the oe-core branch
around long enough that we're going to run with them. Swicth back to directly
using the master branch.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Luca: re-add 'branch' parameter to fix "does not set any branch parameter" warning]
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 00af809689..f40ad9f6f1 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -1,6 +1,6 @@
 require pseudo.inc
 
-SRC_URI = "git://git.yoctoproject.org/pseudo;branch=oe-core \
+SRC_URI = "git://git.yoctoproject.org/pseudo;branch=master \
            file://0001-configure-Prune-PIE-flags.patch \
            file://glibc238.patch \
            file://fallback-passwd \
-- 
2.34.1

[OE-core][kirkstone 11/19] pseudo: Update to include logic fix

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The logic in the previous commit was reversed, update to fix it.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index f40ad9f6f1..d38c9d79c0 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "cc1f6167cb5065daba1462056e2dce8ff72aa855"
+SRCREV = "9df045968d739ead0bebacce415d05269694de4e"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 12/19] pseudo: Update to pull in fd leak fix

[Steve Sakoman]

From: Alexandre Belloni <alexandre.belloni@bootlin.com>

Pull in:
    pseudo_util.c: Open file with O_CLOEXEC to avoid fd leak

    Use close-on-exec (O_CLOEXEC) flag when open log file to
    make sure its file descriptor is not leaked to parent
    process on fork/exec.

    Fixes [YOCTO #13311]

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index d38c9d79c0..134d941609 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "9df045968d739ead0bebacce415d05269694de4e"
+SRCREV = "ec6151a2b057109b3f798f151a36690af582e166"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 13/19] pseudo: Update to pull in syncfs probe fix

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Pulls in the changes:

Eilís 'pidge' Ní Fhlannagáin (1):
      subports: Add _GNU_SOURCE for syncfs probe

Richard Purdie (1):
      SECURITY.md: Add file

Wu Zhenyu (1):
      pseudo.1: Fix a typo

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 134d941609..067fb6b378 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "ec6151a2b057109b3f798f151a36690af582e166"
+SRCREV = "a8453eea4d902bbb0e01c786f1cb4a178c3bbee3"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 14/19] pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

rpm 4.19 now builds with LFS64 support enabled by default,
so it calls statvfs64() to get the space available on the
filesystem it is installing packages into.  This is not
getting caught by pseudo, so rpm is checking the host's
root filesystem, rather than the filesystem where the
build is happening.

Merge in that fix and a gcc14 fix.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/files/glibc238.patch | 13 -------------
 meta/recipes-devtools/pseudo/pseudo_git.bb        |  2 +-
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/meta/recipes-devtools/pseudo/files/glibc238.patch b/meta/recipes-devtools/pseudo/files/glibc238.patch
index 76ca8c11eb..da4b8caee3 100644
--- a/meta/recipes-devtools/pseudo/files/glibc238.patch
+++ b/meta/recipes-devtools/pseudo/files/glibc238.patch
@@ -44,19 +44,6 @@ Index: git/pseudo_util.c
  
  #include <ctype.h>
  #include <errno.h>
-Index: git/pseudolog.c
-===================================================================
---- git.orig/pseudolog.c
-+++ git/pseudolog.c
-@@ -8,7 +8,7 @@
-  */
- /* We need _XOPEN_SOURCE for strptime(), but if we define that,
-  * we then don't get S_IFSOCK... _GNU_SOURCE turns on everything. */
--#define _GNU_SOURCE
-+#define _DEFAULT_SOURCE
- 
- #include <ctype.h>
- #include <limits.h>
 Index: git/pseudo_client.c
 ===================================================================
 --- git.orig/pseudo_client.c
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 067fb6b378..ad7067a08f 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "a8453eea4d902bbb0e01c786f1cb4a178c3bbee3"
+SRCREV = "516a0a3c4b46f046895d27bfa019d685fe462dfa"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 15/19] pseudo: Update to pull in fchmodat fix

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This is needed to work with coreutils 9.5.

Also contains some README tweaks.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index ad7067a08f..5a7ccb5761 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "516a0a3c4b46f046895d27bfa019d685fe462dfa"
+SRCREV = "0d292df61aeb886ae8ca33d9edc3b6d0ff5c0f0f"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 16/19] pseudo: Update to pull in python 3.12+ fix

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Pull in a fix which avoids syntax warnings with python 3.12.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 5a7ccb5761..50c3b59975 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "0d292df61aeb886ae8ca33d9edc3b6d0ff5c0f0f"
+SRCREV = "e11ae91da7d0711f5e33ea9dfbf1875dde3c1734"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 17/19] pseudo: Fix to work with glibc 2.40

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/files/glibc238.patch | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/pseudo/files/glibc238.patch b/meta/recipes-devtools/pseudo/files/glibc238.patch
index da4b8caee3..dfb5c283f6 100644
--- a/meta/recipes-devtools/pseudo/files/glibc238.patch
+++ b/meta/recipes-devtools/pseudo/files/glibc238.patch
@@ -9,7 +9,7 @@ Index: git/pseudo_wrappers.c
 ===================================================================
 --- git.orig/pseudo_wrappers.c
 +++ git/pseudo_wrappers.c
-@@ -6,6 +6,15 @@
+@@ -6,6 +6,18 @@
   * SPDX-License-Identifier: LGPL-2.1-only
   *
   */
@@ -21,6 +21,9 @@ Index: git/pseudo_wrappers.c
 +#undef __GLIBC_USE_ISOC2X
 +#undef __GLIBC_USE_C2X_STRTOL
 +#define __GLIBC_USE_C2X_STRTOL 0
++#undef __GLIBC_USE_ISOC23
++#undef __GLIBC_USE_C23_STRTOL
++#define __GLIBC_USE_C23_STRTOL 0
 +
  #include <assert.h>
  #include <stdlib.h>
@@ -29,7 +32,7 @@ Index: git/pseudo_util.c
 ===================================================================
 --- git.orig/pseudo_util.c
 +++ git/pseudo_util.c
-@@ -8,6 +8,14 @@
+@@ -8,6 +8,17 @@
   */
  /* we need access to RTLD_NEXT for a horrible workaround */
  #define _GNU_SOURCE
@@ -41,6 +44,9 @@ Index: git/pseudo_util.c
 +#undef __GLIBC_USE_ISOC2X
 +#undef __GLIBC_USE_C2X_STRTOL
 +#define __GLIBC_USE_C2X_STRTOL 0
++#undef __GLIBC_USE_ISOC23
++#undef __GLIBC_USE_C23_STRTOL
++#define __GLIBC_USE_C23_STRTOL 0
  
  #include <ctype.h>
  #include <errno.h>
-- 
2.34.1

[OE-core][kirkstone 18/19] pseudo: Update to include open symlink handling bugfix

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Update to a new revision which includes "Bugfix for Linux open(O_CREAT|O_EXCL)"

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 50c3b59975..b390ca7db9 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "e11ae91da7d0711f5e33ea9dfbf1875dde3c1734"
+SRCREV = "374089f2ed83da4d0d4e58df067142ff99c7eb12"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

[OE-core][kirkstone 19/19] pseudo: Fix envp bug and add posix_spawn wrapper

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index b390ca7db9..405d2340ae 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -14,7 +14,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "374089f2ed83da4d0d4e58df067142ff99c7eb12"
+SRCREV = "28dcefb809ce95db997811b5662f0b893b9923e0"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.34.1

Patchtest results for [OE-core][kirkstone 05/19] glib-2.0: patch regression of CVE-2023-32665

[patchtest]

[-- Attachment #1: Type: text/plain, Size: 2991 bytes --]

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/kirkstone-05-19-glib-2.0-patch-regression-of-CVE-2023-32665.patch

FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)

PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)

SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, November 26

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/505

The following changes since commit fb45c5cf8c2b663af293acb069d446610f77ff1a:

  build-appliance-image: Update to kirkstone head revision (2024-11-15 12:18:46 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.22

Archana Polampalli (6):
  ffmpeg: fix CVE-2024-32230
  ffmpeg: fix CVE-2023-51793
  ffmpeg: fix CVE-2023-50008
  ffmpeg: fix CVE-2024-31582
  ffmpeg: fix CVE-2024-31578
  ffmpeg: fix CVE-2023-51794

Chen Qi (1):
  toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails

Khem Raj (1):
  webkitgtk: Fix build on 32bit arm

Liyin Zhang (1):
  lttng-modules: fix build error after kernel update to 5.15.171

Ovidiu Panait (1):
  webkitgtk: fix perl-native dependency

Regis Dargent (1):
  udev-extraconf: fix network.sh script did not configure hotplugged
    interfaces

Ross Burton (1):
  webkitgtk: reduce size of -dbg package

Steve Sakoman (1):
  llvm: reduce size of -dbg package

Vijay Anusuri (4):
  ghostscript: Backport fix for multiple CVE's
  libsoup: Fix for CVE-2024-52530 and CVE-2024-52532
  libsoup-2.4: Backport fix for CVE-2024-52530 and CVE-2024-52532
  glib-2.0: Backport fix for CVE-2024-52533

Wang Mingyu (1):
  wireless-regdb: upgrade 2024.07.04 -> 2024.10.07

 meta/files/toolchain-shar-extract.sh          |   4 +
 .../glib-2.0/glib-2.0/CVE-2024-52533.patch    |  49 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |   1 +
 .../udev/udev-extraconf/network.sh            |  32 --
 meta/recipes-devtools/llvm/llvm_git.bb        |   2 +
 .../ghostscript/CVE-2024-46951.patch          |  31 ++
 .../ghostscript/CVE-2024-46952.patch          |  62 ++++
 .../ghostscript/CVE-2024-46953.patch          |  67 ++++
 .../ghostscript/CVE-2024-46955.patch          |  60 ++++
 .../ghostscript/CVE-2024-46956.patch          |  30 ++
 .../ghostscript/ghostscript_9.55.0.bb         |   5 +
 ...c-fix-tracepoint-mm_page_alloc_zone_.patch |  61 ++++
 .../lttng/lttng-modules_2.13.14.bb            |   1 +
 ....07.04.bb => wireless-regdb_2024.10.07.bb} |   2 +-
 .../ffmpeg/ffmpeg/CVE-2023-50008.patch        |  29 ++
 .../ffmpeg/ffmpeg/CVE-2023-51793.patch        |  67 ++++
 .../ffmpeg/ffmpeg/CVE-2023-51794.patch        |  35 +++
 .../ffmpeg/ffmpeg/CVE-2024-31578.patch        |  49 +++
 .../ffmpeg/ffmpeg/CVE-2024-31582.patch        |  34 ++
 .../ffmpeg/ffmpeg/CVE-2024-32230.patch        |  35 +++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |   6 +
 ...44e17d258106617b0e6d783d073b188a2548.patch | 296 ++++++++++++++++++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   7 +-
 .../libsoup/libsoup-2.4/CVE-2024-52530.patch  | 149 +++++++++
 .../libsoup-2.4/CVE-2024-52532-1.patch        |  36 +++
 .../libsoup-2.4/CVE-2024-52532-2.patch        |  42 +++
 .../libsoup/libsoup-2.4_2.74.2.bb             |   3 +
 .../libsoup/libsoup/CVE-2024-52530.patch      | 149 +++++++++
 .../libsoup/libsoup/CVE-2024-52532-1.patch    |  36 +++
 .../libsoup/libsoup/CVE-2024-52532-2.patch    |  42 +++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |   6 +-
 scripts/install-buildtools                    |   4 +-
 32 files changed, 1395 insertions(+), 37 deletions(-)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.07.04.bb => wireless-regdb_2024.10.07.bb} (94%)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch

-- 
2.34.1

[OE-core][kirkstone 00/19] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, January 9

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/758

The following changes since commit fb9ebc811800eb8880e3687243d75bafab77a700:

  ovmf-native: remove .pyc files from install (2025-01-06 05:56:49 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bruce Ashfield (10):
  linux-yocto/5.15: update to v5.15.167
  linux-yocto/5.10: update to v5.10.226
  linux-yocto/5.10: update to v5.10.227
  linux-yocto/5.15: update to v5.15.168
  linux-yocto/5.15: update to v5.15.169
  linux-yocto/5.15: update to v5.15.170
  linux-yocto/5.15: update to v5.15.171
  linux-yocto/5.15: update to v5.15.173
  linux-yocto/5.15: update to v5.15.174
  linux-yocto/5.15: update to v5.15.175

Vijay Anusuri (9):
  gstreamer1.0-plugins-base: Fix for multiple CVE's
  gstreamer1.0: Backport fix for CVE-2024-47606
  gstreamer1.0-plugins-good: fix several CVE's
  gstreamer1.0-plugins-good: Fix for CVE-2024-47599
  gstreamer1.0-plugins-good: Fix multiple CVEs
  gstreamer1.0-plugins-good: Fix CVE-2024-47606
  gstreamer1.0-plugins-good: Fix CVE-2024-47613
  gstreamer1.0-plugins-good: Fix CVE-2024-47774
  gstreamer1.0-plugins-good: Fix multiple CVE's

 .../linux/linux-yocto-rt_5.10.bb              |   6 +-
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |   8 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 .../CVE-2024-47538.patch                      |  35 ++
 .../CVE-2024-47541-1.patch                    |  38 ++
 .../CVE-2024-47541-2.patch                    |  99 ++++
 .../CVE-2024-47542.patch                      |  64 +++
 .../CVE-2024-47600.patch                      |  38 ++
 .../CVE-2024-47607.patch                      |  41 ++
 .../CVE-2024-47615-1.patch                    |  79 +++
 .../CVE-2024-47615-2.patch                    | 168 +++++++
 .../CVE-2024-47835.patch                      |  39 ++
 .../gstreamer1.0-plugins-base_1.20.7.bb       |   9 +
 ...7544_47545_47546_47596_47597_47598-1.patch |  64 +++
 ...544_47545_47546_47596_47597_47598-10.patch |  97 ++++
 ...544_47545_47546_47596_47597_47598-11.patch |  36 ++
 ...544_47545_47546_47596_47597_47598-12.patch |  37 ++
 ...7544_47545_47546_47596_47597_47598-2.patch |  73 +++
 ...7544_47545_47546_47596_47597_47598-3.patch |  36 ++
 ...7544_47545_47546_47596_47597_47598-4.patch |  63 +++
 ...7544_47545_47546_47596_47597_47598-5.patch |  44 ++
 ...7544_47545_47546_47596_47597_47598-6.patch | 120 +++++
 ...7544_47545_47546_47596_47597_47598-7.patch | 449 ++++++++++++++++++
 ...7544_47545_47546_47596_47597_47598-8.patch |  56 +++
 ...7544_47545_47546_47596_47597_47598-9.patch |  49 ++
 ...4_47545_47546_47596_47597_47598-pre1.patch | 127 +++++
 ...2024-47540_47601_47602_47603_47834-1.patch |  56 +++
 ...2024-47540_47601_47602_47603_47834-2.patch |  31 ++
 ...2024-47540_47601_47602_47603_47834-3.patch |  39 ++
 ...2024-47540_47601_47602_47603_47834-4.patch |  47 ++
 ...2024-47540_47601_47602_47603_47834-5.patch |  48 ++
 ...2024-47540_47601_47602_47603_47834-6.patch |  39 ++
 ...2024-47540_47601_47602_47603_47834-7.patch |  40 ++
 .../CVE-2024-47599.patch                      |  99 ++++
 .../CVE-2024-47606.patch                      |  44 ++
 .../CVE-2024-47613.patch                      |  53 +++
 .../CVE-2024-47774.patch                      |  46 ++
 .../CVE-2024-47775_47776_47777_47778-1.patch  | 171 +++++++
 .../CVE-2024-47775_47776_47777_47778-2.patch  |  38 ++
 .../CVE-2024-47775_47776_47777_47778-3.patch  |  62 +++
 .../CVE-2024-47775_47776_47777_47778-4.patch  |  34 ++
 .../CVE-2024-47775_47776_47777_47778-5.patch  |  37 ++
 .../CVE-2024-47775_47776_47777_47778-6.patch  |  44 ++
 .../CVE-2024-47775_47776_47777_47778-7.patch  |  38 ++
 .../gstreamer1.0-plugins-good_1.20.7.bb       |  31 ++
 .../gstreamer1.0/CVE-2024-47606.patch         |  56 +++
 .../gstreamer/gstreamer1.0_1.20.7.bb          |   1 +
 50 files changed, 2953 insertions(+), 38 deletions(-)
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47538.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47541-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47541-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47542.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47600.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47607.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47615-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47615-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-47835.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-10.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-11.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-12.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-3.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-4.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-5.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-6.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-7.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-8.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-9.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47537_47539_47543_47544_47545_47546_47596_47597_47598-pre1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-3.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-4.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-5.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-6.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47540_47601_47602_47603_47834-7.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47599.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47606.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47613.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47774.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-3.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-4.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-5.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-6.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2024-47775_47776_47777_47778-7.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/CVE-2024-47606.patch

-- 
2.43.0