* [OE-core][kirkstone 00/15] Patch review
@ 2022-06-19 19:30 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-06-19 19:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3799
The following changes since commit 0f7a8359ba370c7f5d5153453ed699e9566f5b1d:
rootfs.py: close kernel_abi_ver_file (2022-06-10 05:13:53 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Jack Mitchell (1):
meson.bbclass: add cython binary to cross/native toolchain config
Jose Quaresma (2):
archiver: use bb.note instead of echo
archiver: don't use machine variables in shared recipes
Kai Kang (1):
xxhash: fix build with gcc 12
Mingli Yu (1):
oescripts: change compare logic in OEListPackageconfigTests
Pavel Zhukov (1):
systemd: update 0008-add-missing-FTW_-macros-for-musl.patch
Rasmus Villemoes (1):
e2fsprogs: add alternatives handling of lsattr as well
Richard Purdie (5):
vim: Upgrade 8.2.5034 -> 8.2.5083
uboot-sign: Fix potential index error issues
selftest/multiconfig: Test that multiconfigs in separate layers works
gcc-source: Fix incorrect task dependencies from ${B}
liberror-perl: Update sstate/equiv versions to clean cache
Xiaobing Luo (1):
devtool: Fix _copy_file() TypeError
Yi Zhao (2):
popt: fix override syntax in RDEPENDS
git: fix override syntax in RDEPENDS
meta-selftest/conf/multiconfig/muslmc.conf | 2 ++
meta/classes/archiver.bbclass | 11 ++++++++---
meta/classes/meson.bbclass | 2 ++
meta/classes/uboot-sign.bbclass | 2 ++
meta/lib/oeqa/selftest/cases/multiconfig.py | 13 +++++++++++++
meta/lib/oeqa/selftest/cases/oescripts.py | 3 ++-
.../0008-add-missing-FTW_-macros-for-musl.patch | 8 ++++----
meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb | 5 ++++-
meta/recipes-devtools/gcc/gcc-common.inc | 2 +-
meta/recipes-devtools/gcc/gcc-source.inc | 1 +
meta/recipes-devtools/git/git_2.35.3.bb | 2 +-
meta/recipes-devtools/perl/liberror-perl_0.17029.bb | 4 ++++
meta/recipes-support/popt/popt_1.18.bb | 2 +-
meta/recipes-support/vim/vim.inc | 4 ++--
meta/recipes-support/xxhash/xxhash_0.8.1.bb | 2 ++
scripts/lib/devtool/standard.py | 2 +-
16 files changed, 50 insertions(+), 15 deletions(-)
create mode 100644 meta-selftest/conf/multiconfig/muslmc.conf
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2022-07-27 0:40 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3979
The following changes since commit f1c2e21a28f8ad5dc6ff7b0db877aa22e01a9e00:
pulseaudio: add m4-native to DEPENDS (2022-07-17 16:59:57 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
gnupg: update 2.3.4 -> 2.3.6
Joshua Watt (1):
sstatesig: Include all dependencies in SPDX task signatures
Khem Raj (2):
lua: Backport fix for CVE-2022-33099
gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
Ming Liu (1):
rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
Naveen (1):
gcc: Backport a fix for gcc bug 105039
Richard Purdie (1):
vim: Upgrade 9.0.0021 -> 9.0.0063
Sakib Sajal (3):
dpkg: fix CVE-2022-1664
go: update v1.17.10 -> v1.17.12
git: upgrade v2.35.3 -> v2.35.4
Tom Hochstein (1):
gobject-introspection-data: Disable cache for g-ir-scanner
Yi Zhao (1):
tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
Yue Tao (1):
gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
wangmy (2):
bind: upgrade 9.18.2 -> 9.18.3
bind: upgrade 9.18.3 -> 9.18.4
.../gobject-introspection-data.bbclass | 5 +
meta/classes/rootfs-postcommands.bbclass | 2 +-
meta/lib/oe/sstatesig.py | 9 +
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.2 => bind-9.18.4}/bind9 | 0
.../{bind-9.18.2 => bind-9.18.4}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.2.bb => bind_9.18.4.bb} | 2 +-
...ive-Prevent-directory-traversal-for-.patch | 328 ++++++++++++++++++
meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 +
meta/recipes-devtools/gcc/gcc-11.3.inc | 2 +-
meta/recipes-devtools/gcc/gcc-runtime.inc | 3 +-
.../gcc/gcc/0030-rust-recursion-limit.patch | 92 +++++
.../git/{git_2.35.3.bb => git_2.35.4.bb} | 2 +-
.../go/{go-1.17.10.inc => go-1.17.12.inc} | 2 +-
...1.17.10.bb => go-binary-native_1.17.12.bb} | 4 +-
....17.10.bb => go-cross-canadian_1.17.12.bb} | 0
...o-cross_1.17.10.bb => go-cross_1.17.12.bb} | 0
...ssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} | 0
...native_1.17.10.bb => go-native_1.17.12.bb} | 0
...ntime_1.17.10.bb => go-runtime_1.17.12.bb} | 0
.../go/{go_1.17.10.bb => go_1.17.12.bb} | 0
.../lua/lua/CVE-2022-33099.patch | 61 ++++
meta/recipes-devtools/lua/lua_5.4.4.bb | 1 +
.../gobject-introspection_1.72.0.bb | 3 -
.../libtiff/tiff/CVE-2022-1354.patch | 212 +++++++++++
.../libtiff/tiff/CVE-2022-1355.patch | 62 ++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
...-a-custom-value-for-the-location-of-.patch | 6 +-
.../0003-dirmngr-uses-libgpg-error.patch | 29 --
.../gnupg/gnupg/relocate.patch | 18 +-
.../gnupg/{gnupg_2.3.4.bb => gnupg_2.3.7.bb} | 3 +-
.../vim/files/crosscompile.patch | 51 +++
meta/recipes-support/vim/files/racefix.patch | 12 +-
meta/recipes-support/vim/vim.inc | 9 +-
40 files changed, 860 insertions(+), 61 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.2.bb => bind_9.18.4.bb} (98%)
create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch
rename meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} (98%)
rename meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} (92%)
rename meta/recipes-devtools/go/{go-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.17.10.bb => go-native_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} (100%)
create mode 100644 meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
delete mode 100644 meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
rename meta/recipes-support/gnupg/{gnupg_2.3.4.bb => gnupg_2.3.7.bb} (95%)
create mode 100644 meta/recipes-support/vim/files/crosscompile.patch
--
2.25.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2023-05-06 15:24 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2023-05-06 15:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5269
The following changes since commit 2d67702bdfc64358d364dd6484ae41842ee7c52f:
glibc: stable 2.35 branch updates. (2023-04-28 03:55:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Deepthi Hemraj (4):
binutils : Fix CVE-2023-25584
binutils : Fix CVE-2023-25585
binutils : Fix CVE-2023-1972
binutils : Fix CVE-2023-25588
Hitendra Prajapati (1):
connman: fix CVE-2023-28488 DoS in client.c
Kai Kang (1):
webkitgtk: fix CVE-2022-32888 & CVE-2022-32923
Narpat Mali (2):
ffmpeg: fix for CVE-2022-48434
python3-cryptography: fix for CVE-2023-23931
Randolph Sapp (2):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
kernel-devicetree: allow specification of dtb directory
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Vivek Kumbhar (2):
freetype: fix CVE-2023-2004 integer overflowin in
tt_hvadvance_adjust() in src/truetype/ttgxvar.c
go: fix CVE-2023-24534 denial of service from excessive memory
allocation
meta/classes/kernel-devicetree.bbclass | 22 +-
meta/classes/kernel.bbclass | 2 +
.../connman/connman/CVE-2023-28488.patch | 60 ++
.../connman/connman_1.41.bb | 1 +
.../binutils/binutils-2.38.inc | 6 +
.../binutils/0022-CVE-2023-25584-1.patch | 56 ++
.../binutils/0022-CVE-2023-25584-2.patch | 38 ++
.../binutils/0022-CVE-2023-25584-3.patch | 534 ++++++++++++++++++
.../binutils/0023-CVE-2023-25585.patch | 54 ++
.../binutils/0025-CVE-2023-25588.patch | 147 +++++
.../binutils/0026-CVE-2023-1972.patch | 41 ++
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.18/CVE-2023-24534.patch | 200 +++++++
.../go/go-1.18/CVE-2023-24538.patch | 208 +++++++
.../python3-cryptography/CVE-2023-23931.patch | 49 ++
.../python/python3-cryptography_36.0.2.bb | 1 +
.../run-postinsts/run-postinsts.service | 2 +-
.../freetype/freetype/CVE-2023-2004.patch | 41 ++
.../freetype/freetype_2.11.1.bb | 1 +
.../ffmpeg/ffmpeg/CVE-2022-48434.patch | 130 +++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
.../webkit/webkitgtk/CVE-2022-32888.patch | 41 ++
.../webkit/webkitgtk/CVE-2022-32923.patch | 435 ++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 2 +
meta/recipes-support/libbsd/libbsd_0.11.5.bb | 7 +
scripts/lib/wic/plugins/source/bootimg-efi.py | 7 +
26 files changed, 2083 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2023-05-09 22:32 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2023-05-09 22:32 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5285
The following changes since commit 5fca673d8fe0ee97dc37ed2c9941696842cd667a:
run-postinsts: Set dependency for ldconfig to avoid boot issues (2023-05-08 04:15:11 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
git: fix CVE-2023-29007
git: fix CVE-2023-25652
Bruce Ashfield (1):
kernel: improve initramfs bundle processing time
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Martin Jansa (1):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO
override
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Piotr Łobacz (1):
libarchive: Enable acls, xattr for native as well as target
Steve Sakoman (1):
Revert "xserver-xorg: backport fix for CVE-2023-1393"
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro
set
Wang Mingyu (2):
wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
xserver-xorg: upgrade 21.1.7 -> 21.1.8
Yoann Congal (1):
linux-yocto: Exclude 121 CVEs already fixed upstream
Zhixiong Chi (1):
libpam: Fix the xtests/tst-pam_motd[1|3] failures
bkylerussell@gmail.com (1):
kernel-devsrc: depend on python3-core instead of python3
meta/classes/kernel.bbclass | 2 +-
meta/classes/populate_sdk_ext.bbclass | 3 +-
meta/classes/update-alternatives.bbclass | 4 +-
meta/lib/oeqa/utils/metadata.py | 6 +-
.../libxml/libxml2/CVE-2023-28484.patch | 79 ++
.../libxml/libxml2/CVE-2023-29469.patch | 42 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
.../git/git/CVE-2023-25652.patch | 94 ++
.../git/git/CVE-2023-29007.patch | 162 ++++
meta/recipes-devtools/git/git_2.35.7.bb | 2 +
.../libarchive/libarchive_3.6.2.bb | 6 +-
...rely-on-all-filesystems-providing-a-.patch | 108 +++
meta/recipes-extended/pam/libpam_1.5.2.bb | 1 +
...posite-Fix-use-after-free-of-the-COW.patch | 46 -
...-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} | 5 +-
...20230210.bb => linux-firmware_20230404.bb} | 6 +-
meta/recipes-kernel/linux/cve-exclusion.inc | 875 ++++++++++++++++++
meta/recipes-kernel/linux/kernel-devsrc.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto.inc | 3 +
...fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} | 2 +-
20 files changed, 1384 insertions(+), 66 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2023-25652.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2023-29007.patch
create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} (80%)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230210.bb => linux-firmware_20230404.bb} (99%)
create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
rename meta/recipes-sato/webkit/{wpebackend-fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} (90%)
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2023-12-08 2:33 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2023-12-08 2:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, December 11
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6300
The following changes since commit 11da43b58e19583a9bc16044309610cfb2e86469:
systemtap_git: fix used uninitialized error (2023-11-28 05:11:52 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (3):
linux-yocto/5.10: update to v5.10.198
linux-yocto/5.10: update to v5.10.200
linux-yocto/5.10: update to v5.10.202
Lee Chee Yang (1):
xwayland: fix CVE-2023-5367
Narpat Mali (1):
python3-cryptography: fix CVE-2023-49083
Niko Mauno (1):
rust-llvm: Allow overriding LLVM target archs
Richard Purdie (5):
rust-common: Set llvm-target correctly for cross SDK targets
rust-cross-canadian: Fix ordering of target json config generation
rust-cross/rust-common: Merge arm target handling code to fix
cross-canadian
rust-cross: Simplfy the rust_gen_target calls
native: Clear TUNE_FEATURES/ABIEXTENSION
Steve Sakoman (1):
cve-exclusion_5.10.inc: update for 5.10.202
Tim Orling (1):
vim: upgrade 9.0.2068 -> 9.0.2130
Vivek Kumbhar (1):
libsndfile: fix CVE-2022-33065 Signed integer overflow in src/mat4.c
Wenlin Kang (1):
bash: changes to SIGINT handler while waiting for a child
meta/classes/native.bbclass | 2 +
.../python3-cryptography/CVE-2023-49083.patch | 53 ++++
.../python/python3-cryptography_36.0.2.bb | 1 +
meta/recipes-devtools/rust/rust-common.inc | 24 +-
.../rust/rust-cross-canadian-common.inc | 5 +-
meta/recipes-devtools/rust/rust-cross.inc | 21 +-
meta/recipes-devtools/rust/rust-llvm.inc | 4 +-
...T-handler-while-waiting-for-a-child-.patch | 229 ++++++++++++++++++
meta/recipes-extended/bash/bash_5.1.16.bb | 1 +
.../xwayland/xwayland/CVE-2023-5367.patch | 85 +++++++
.../xwayland/xwayland_22.1.8.bb | 4 +-
.../linux/cve-exclusion_5.10.inc | 92 +++++--
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
.../libsndfile1/CVE-2022-33065.patch | 46 ++++
.../libsndfile/libsndfile1_1.0.31.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
18 files changed, 542 insertions(+), 68 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-49083.patch
create mode 100644 meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2024-03-20 16:09 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-03-20 16:09 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, March 22
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6699
The following changes since commit 2501534c9581c6c3439f525d630be11554a57d24:
build-appliance-image: Update to kirkstone head revision (2024-03-13 07:39:46 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23
Alexander Kanavin (1):
linux-firmware: upgrade 20231211 -> 20240220
Haitao Liu (1):
glibc: Fix subscript typos for get_nscd_addresses
Martin Jansa (1):
stress-ng: avoid calling sync during do_compile
Meenali Gupta (1):
expat: fix CVE-2023-52426
Michael Halstead (1):
yocto-uninative: Update to 4.4 for glibc 2.39
Peter Marko (1):
expat: patch CVE-2024-28757
Vijay Anusuri (1):
python3-cryptography: Backport fix for CVE-2024-26130
Wang Mingyu (1):
wireless-regdb: upgrade 2023.05.03 -> 2023.09.01
Yoann Congal (6):
cve-update-nvd2-native: Fix typo in comment
cve-update-nvd2-native: Add an age threshold for incremental update
cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
cve-update-nvd2-native: nvd_request_next: Improve comment
cve-update-nvd2-native: Fix CVE configuration update
cve-update-nvd2-native: Remove rejected CVE from database
meta/conf/distro/include/yocto-uninative.inc | 10 +-
.../expat/expat/CVE-2023-52426-001.patch | 35 ++
.../expat/expat/CVE-2023-52426-002.patch | 72 +++
.../expat/expat/CVE-2023-52426-003.patch | 28 ++
.../expat/expat/CVE-2023-52426-004.patch | 429 ++++++++++++++++++
.../expat/expat/CVE-2023-52426-005.patch | 34 ++
.../expat/expat/CVE-2023-52426-006.patch | 174 +++++++
.../expat/expat/CVE-2023-52426-007.patch | 53 +++
.../expat/expat/CVE-2023-52426-008.patch | 37 ++
.../expat/expat/CVE-2023-52426-009.patch | 354 +++++++++++++++
.../expat/expat/CVE-2023-52426-010.patch | 50 ++
.../expat/expat/CVE-2023-52426-011.patch | 45 ++
.../expat/expat/CVE-2024-28757.patch | 58 +++
meta/recipes-core/expat/expat_2.5.0.bb | 12 +
...dresses-Fix-subscript-typos-BZ-29605.patch | 40 ++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
.../meta/cve-update-nvd2-native.bb | 35 +-
.../python3-cryptography/CVE-2024-26130.patch | 66 +++
.../python/python3-cryptography_36.0.2.bb | 1 +
.../0001-Makefile-avoid-calling-sync.patch | 35 ++
.../stress-ng/stress-ng_0.13.12.bb | 1 +
...20231211.bb => linux-firmware_20240220.bb} | 6 +-
....05.03.bb => wireless-regdb_2024.01.23.bb} | 4 +-
23 files changed, 1562 insertions(+), 18 deletions(-)
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-001.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-002.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-003.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-004.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-005.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-006.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-007.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-008.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-009.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-010.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
create mode 100755 meta/recipes-core/expat/expat/CVE-2024-28757.patch
create mode 100644 meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2024-26130.patch
create mode 100644 meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%)
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.05.03.bb => wireless-regdb_2024.01.23.bb} (88%)
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2024-09-23 13:13 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2024-09-23 13:13 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 24
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7353
The following changes since commit 88630352d6d1cfee06787fa84b73ca8ad335cb08:
libedit: Make docs generation deterministic (2024-09-11 05:03:48 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Colin McAllister (2):
busybox: Fix cut with "-s" flag
udev-extraconf: Add collect flag to mount
Divya Chellam (1):
python3: Upgrade 3.10.14 -> 3.10.15
Konrad Weihmann (3):
runqemu: keep generating tap devices
testimage: fallback for empty IMAGE_LINK_NAME
testexport: fallback for empty IMAGE_LINK_NAME
Michael Halstead (2):
yocto-uninative: Update to 4.5 for gcc 14
yocto-uninative: Update to 4.6 for glibc 2.40
Pedro Ferreira (2):
buildhistory: Fix intermittent package file list creation
buildhistory: Restoring files from preserve list
Richard Purdie (1):
buildhistory: Simplify intercept call sites and drop
SSTATEPOSTINSTFUNC usage
Rohini Sangam (1):
cups: Security fix for CVE-2024-35235
Ross Burton (1):
lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex
Vijay Anusuri (1):
libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006
Vivek Kumbhar (1):
webkitgtk: Security fix CVE-2024-40779
meta/classes/buildhistory.bbclass | 71 ++-
meta/classes/sstate.bbclass | 5 +-
meta/classes/testexport.bbclass | 2 +-
meta/classes/testimage.bbclass | 4 +-
meta/conf/distro/include/yocto-uninative.inc | 10 +-
meta/lib/oeqa/selftest/cases/runcmd.py | 4 +-
.../libpcap/libpcap/CVE-2023-7256-pre1.patch | 99 ++++
.../libpcap/libpcap/CVE-2023-7256-pre2.patch | 131 +++++
.../libpcap/libpcap/CVE-2023-7256-pre3.patch | 67 +++
.../libpcap/libpcap/CVE-2023-7256-pre4.patch | 37 ++
.../libpcap/libpcap/CVE-2023-7256.patch | 368 +++++++++++++
.../libpcap/libpcap/CVE-2024-8006.patch | 42 ++
.../libpcap/libpcap_1.10.1.bb | 10 +-
...1-cut-Fix-s-flag-to-omit-blank-lines.patch | 66 +++
meta/recipes-core/busybox/busybox_1.35.0.bb | 1 +
.../recipes-core/udev/udev-extraconf/mount.sh | 2 +-
.../python/python3/CVE-2023-27043.patch | 510 ------------------
.../python/python3/CVE-2024-6232.patch | 251 ---------
.../python/python3/CVE-2024-7592.patch | 140 -----
.../python/python3/CVE-2024-8088.patch | 124 -----
...{python3_3.10.14.bb => python3_3.10.15.bb} | 6 +-
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2024-35235.patch | 121 +++++
.../webkit/webkitgtk/CVE-2024-40779.patch | 91 ++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
scripts/runqemu | 24 +-
26 files changed, 1109 insertions(+), 1079 deletions(-)
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
create mode 100644 meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2023-27043.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-6232.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
rename meta/recipes-devtools/python/{python3_3.10.14.bb => python3_3.10.15.bb} (98%)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-35235.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch
--
2.34.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2025-02-27 17:39 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 01/15] xserver-xorg: Fix for CVE-2025-26594 Steve Sakoman
` (14 more replies)
0 siblings, 15 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, March 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1094
The following changes since commit 73b5570a16708d1e749b1ec525299d10557cbf56:
vim: Upgrade 9.1.0764 -> 9.1.1043 (2025-02-24 06:54:05 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Guocai He (2):
tzcode: Update SRC_URI
xz: Update SRC_URI
Jiaying Song (1):
boost: fix do_fetch error
Libo Chen (1):
virglrenderer: fix do_fetch error
Moritz Haase (1):
meta: Enable '-o pipefail' for the SDK installer
Narpat Mali (1):
systemd: upgrade 250.5 -> 250.14
Vijay Anusuri (9):
xserver-xorg: Fix for CVE-2025-26594
xserver-xorg: Fix for CVE-2025-26595
xserver-xorg: Fix for CVE-2025-26596
xserver-xorg: Fix for CVE-2025-26597
xserver-xorg: Fix for CVE-2025-26598
xserver-xorg: Fix for CVE-2025-26599
xserver-xorg: Fix for CVE-2025-26600
xserver-xorg: Fix for CVE-2025-26601
bind: Upgrade 9.18.28 -> 9.18.33
meta/files/toolchain-shar-extract.sh | 5 +
.../bind/{bind_9.18.28.bb => bind_9.18.33.bb} | 2 +-
...d-boot_250.5.bb => systemd-boot_250.14.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
.../0001-Adjust-for-musl-headers.patch | 20 +-
...sysctl.d-binfmt.d-modules-load.d-to-.patch | 18 +-
...1-core-fix-build-when-seccomp-is-off.patch | 41 ++
...ass-correct-parameters-to-getdents64.patch | 49 ++-
...w-json_variant_dump-to-return-an-err.patch | 60 ---
.../0002-Add-sys-stat.h-for-S_IFDIR.patch | 6 +-
...3-missing_type.h-add-comparison_fn_t.patch | 6 +-
...k-parse_printf_format-implementation.patch | 6 +-
...missing.h-check-for-missing-strndupa.patch | 62 ++-
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 8 +-
...008-add-missing-FTW_-macros-for-musl.patch | 4 +-
..._register_atfork-for-non-glibc-build.patch | 6 +-
...10-Use-uintmax_t-for-handling-rlim_t.patch | 6 +-
...sable-tests-for-missing-typedefs-in-.patch | 2 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 4 +-
...patible-basename-for-non-glibc-syste.patch | 2 +-
...uffering-when-writing-to-oom_score_a.patch | 6 +-
...compliant-strerror_r-from-GNU-specif.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
.../0021-test-json.c-define-M_PIl.patch | 4 +-
...-not-disable-buffer-in-writing-files.patch | 38 +-
.../0025-Handle-__cpu_mask-usage.patch | 2 +-
.../systemd/0026-Handle-missing-gshadow.patch | 4 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 4 +-
.../systemd/systemd/CVE-2022-3821.patch | 45 --
.../systemd/systemd/CVE-2022-4415-1.patch | 109 -----
.../systemd/systemd/CVE-2022-4415-2.patch | 391 ------------------
.../systemd/systemd/CVE-2022-45873.patch | 124 ------
.../systemd/systemd/CVE-2023-7008.patch | 40 --
.../{systemd_250.5.bb => systemd_250.14.bb} | 7 +-
meta/recipes-extended/timezone/timezone.inc | 8 +-
meta/recipes-extended/xz/xz_5.2.6.bb | 2 +-
.../virglrenderer/virglrenderer_0.9.1.bb | 2 +-
.../xserver-xorg/CVE-2025-26594-1.patch | 54 +++
.../xserver-xorg/CVE-2025-26594-2.patch | 51 +++
.../xserver-xorg/CVE-2025-26595.patch | 65 +++
.../xserver-xorg/CVE-2025-26596.patch | 49 +++
.../xserver-xorg/CVE-2025-26597.patch | 46 +++
.../xserver-xorg/CVE-2025-26598.patch | 120 ++++++
.../xserver-xorg/CVE-2025-26599-1.patch | 66 +++
.../xserver-xorg/CVE-2025-26599-2.patch | 129 ++++++
.../xserver-xorg/CVE-2025-26600.patch | 68 +++
.../xserver-xorg/CVE-2025-26601-1.patch | 71 ++++
.../xserver-xorg/CVE-2025-26601-2.patch | 85 ++++
.../xserver-xorg/CVE-2025-26601-3.patch | 52 +++
.../xserver-xorg/CVE-2025-26601-4.patch | 132 ++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 13 +
meta/recipes-support/boost/boost-1.78.0.inc | 2 +-
52 files changed, 1201 insertions(+), 901 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.18.28.bb => bind_9.18.33.bb} (97%)
rename meta/recipes-core/systemd/{systemd-boot_250.5.bb => systemd-boot_250.14.bb} (100%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
rename meta/recipes-core/systemd/{systemd_250.5.bb => systemd_250.14.bb} (99%)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch
--
2.43.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 01/15] xserver-xorg: Fix for CVE-2025-26594
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 02/15] xserver-xorg: Fix for CVE-2025-26595 Steve Sakoman
` (13 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26594-1.patch | 54 +++++++++++++++++++
.../xserver-xorg/CVE-2025-26594-2.patch | 51 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
3 files changed, 107 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch
new file mode 100644
index 0000000000..f34a89e6ea
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch
@@ -0,0 +1,54 @@
+From 01642f263f12becf803b19be4db95a4a83f94acc Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 27 Nov 2024 11:27:05 +0100
+Subject: [PATCH] Cursor: Refuse to free the root cursor
+
+If a cursor reference count drops to 0, the cursor is freed.
+
+The root cursor however is referenced with a specific global variable,
+and when the root cursor is freed, the global variable may still point
+to freed memory.
+
+Make sure to prevent the rootCursor from being explicitly freed by a
+client.
+
+CVE-2025-26594, ZDI-CAN-25544
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+v2: Explicitly forbid XFreeCursor() on the root cursor (Peter Hutterer
+<peter.hutterer@who-t.net>)
+v3: Return BadCursor instead of BadValue (Michel Danzer
+<michel@daenzer.net>)
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Suggested-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26]
+CVE: CVE-2025-26594
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/dispatch.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dix/dispatch.c b/dix/dispatch.c
+index 4602961..30b95c1 100644
+--- a/dix/dispatch.c
++++ b/dix/dispatch.c
+@@ -3107,6 +3107,10 @@ ProcFreeCursor(ClientPtr client)
+ rc = dixLookupResourceByType((void **) &pCursor, stuff->id, RT_CURSOR,
+ client, DixDestroyAccess);
+ if (rc == Success) {
++ if (pCursor == rootCursor) {
++ client->errorValue = stuff->id;
++ return BadCursor;
++ }
+ FreeResource(stuff->id, RT_NONE);
+ return Success;
+ }
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch
new file mode 100644
index 0000000000..6ebf540ab9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch
@@ -0,0 +1,51 @@
+From b0a09ba6020147961acc62d9c73d807b4cccd9f7 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 4 Dec 2024 15:49:43 +1000
+Subject: [PATCH] dix: keep a ref to the rootCursor
+
+CreateCursor returns a cursor with refcount 1 - that refcount is used by
+the resource system, any caller needs to call RefCursor to get their own
+reference. That happens correctly for normal cursors but for our
+rootCursor we keep a variable to the cursor despite not having a ref for
+ourselves.
+
+Fix this by reffing/unreffing the rootCursor to ensure our pointer is
+valid.
+
+Related to CVE-2025-26594, ZDI-CAN-25544
+
+Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6]
+CVE: CVE-2025-26594
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dix/main.c b/dix/main.c
+index bfc8add..38e29ce 100644
+--- a/dix/main.c
++++ b/dix/main.c
+@@ -231,6 +231,8 @@ dix_main(int argc, char *argv[], char *envp[])
+ FatalError("could not open default cursor font");
+ }
+
++ rootCursor = RefCursor(rootCursor);
++
+ #ifdef PANORAMIX
+ /*
+ * Consolidate window and colourmap information for each screen
+@@ -271,6 +273,8 @@ dix_main(int argc, char *argv[], char *envp[])
+
+ Dispatch();
+
++ UnrefCursor(rootCursor);
++
+ UndisplayDevices();
+ DisableAllDevices();
+
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index a9cb1b5bde..11003db04d 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -22,6 +22,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2024-31083-0001.patch \
file://CVE-2024-31083-0002.patch \
file://CVE-2024-9632.patch \
+ file://CVE-2025-26594-1.patch \
+ file://CVE-2025-26594-2.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 02/15] xserver-xorg: Fix for CVE-2025-26595
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 01/15] xserver-xorg: Fix for CVE-2025-26594 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 03/15] xserver-xorg: Fix for CVE-2025-26596 Steve Sakoman
` (12 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26595.patch | 65 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 66 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch
new file mode 100644
index 0000000000..a7478d9e2a
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch
@@ -0,0 +1,65 @@
+From 11fcda8753e994e15eb915d28cf487660ec8e722 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 27 Nov 2024 14:41:45 +0100
+Subject: [PATCH] xkb: Fix buffer overflow in XkbVModMaskText()
+
+The code in XkbVModMaskText() allocates a fixed sized buffer on the
+stack and copies the virtual mod name.
+
+There's actually two issues in the code that can lead to a buffer
+overflow.
+
+First, the bound check mixes pointers and integers using misplaced
+parenthesis, defeating the bound check.
+
+But even though, if the check fails, the data is still copied, so the
+stack overflow will occur regardless.
+
+Change the logic to skip the copy entirely if the bound check fails.
+
+CVE-2025-26595, ZDI-CAN-25545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87]
+CVE: CVE-2025-26595
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkbtext.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/xkb/xkbtext.c b/xkb/xkbtext.c
+index 0184664207..93262528bb 100644
+--- a/xkb/xkbtext.c
++++ b/xkb/xkbtext.c
+@@ -173,14 +173,14 @@ XkbVModMaskText(XkbDescPtr xkb,
+ len = strlen(tmp) + 1 + (str == buf ? 0 : 1);
+ if (format == XkbCFile)
+ len += 4;
+- if ((str - (buf + len)) <= VMOD_BUFFER_SIZE) {
+- if (str != buf) {
+- if (format == XkbCFile)
+- *str++ = '|';
+- else
+- *str++ = '+';
+- len--;
+- }
++ if ((str - buf) + len > VMOD_BUFFER_SIZE)
++ continue; /* Skip */
++ if (str != buf) {
++ if (format == XkbCFile)
++ *str++ = '|';
++ else
++ *str++ = '+';
++ len--;
+ }
+ if (format == XkbCFile)
+ sprintf(str, "%sMask", tmp);
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 11003db04d..94381a1a16 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -24,6 +24,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2024-9632.patch \
file://CVE-2025-26594-1.patch \
file://CVE-2025-26594-2.patch \
+ file://CVE-2025-26595.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 03/15] xserver-xorg: Fix for CVE-2025-26596
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 01/15] xserver-xorg: Fix for CVE-2025-26594 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 02/15] xserver-xorg: Fix for CVE-2025-26595 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 04/15] xserver-xorg: Fix for CVE-2025-26597 Steve Sakoman
` (11 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26596.patch | 49 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch
new file mode 100644
index 0000000000..f9df8d75ea
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch
@@ -0,0 +1,49 @@
+From 80d69f01423fc065c950e1ff4e8ddf9f675df773 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Thu, 28 Nov 2024 11:49:34 +0100
+Subject: [PATCH] xkb: Fix computation of XkbSizeKeySyms
+
+The computation of the length in XkbSizeKeySyms() differs from what is
+actually written in XkbWriteKeySyms(), leading to a heap overflow.
+
+Fix the calculation in XkbSizeKeySyms() to match what kbWriteKeySyms()
+does.
+
+CVE-2025-26596, ZDI-CAN-25543
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01]
+CVE: CVE-2025-26596
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 85659382da..744dba63d7 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -1095,10 +1095,10 @@ XkbSizeKeySyms(XkbDescPtr xkb, xkbGetMapReply * rep)
+ len = rep->nKeySyms * SIZEOF(xkbSymMapWireDesc);
+ symMap = &xkb->map->key_sym_map[rep->firstKeySym];
+ for (i = nSyms = 0; i < rep->nKeySyms; i++, symMap++) {
+- if (symMap->offset != 0) {
+- nSymsThisKey = XkbNumGroups(symMap->group_info) * symMap->width;
+- nSyms += nSymsThisKey;
+- }
++ nSymsThisKey = XkbNumGroups(symMap->group_info) * symMap->width;
++ if (nSymsThisKey == 0)
++ continue;
++ nSyms += nSymsThisKey;
+ }
+ len += nSyms * 4;
+ rep->totalSyms = nSyms;
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 94381a1a16..ec6550e545 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -25,6 +25,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26594-1.patch \
file://CVE-2025-26594-2.patch \
file://CVE-2025-26595.patch \
+ file://CVE-2025-26596.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 04/15] xserver-xorg: Fix for CVE-2025-26597
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 03/15] xserver-xorg: Fix for CVE-2025-26596 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 05/15] xserver-xorg: Fix for CVE-2025-26598 Steve Sakoman
` (10 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26597.patch | 46 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch
new file mode 100644
index 0000000000..b0735d0b46
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch
@@ -0,0 +1,46 @@
+From 0e4ed94952b255c04fe910f6a1d9c852878dcd64 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Thu, 28 Nov 2024 14:09:04 +0100
+Subject: [PATCH] xkb: Fix buffer overflow in XkbChangeTypesOfKey()
+
+If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
+key syms to 0 but leave the key actions unchanged.
+
+If later, the same function is called with a non-zero value for nGroups,
+this will cause a buffer overflow because the key actions are of the wrong
+size.
+
+To avoid the issue, make sure to resize both the key syms and key actions
+when nGroups is 0.
+
+CVE-2025-26597, ZDI-CAN-25683
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949]
+CVE: CVE-2025-26597
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/XKBMisc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/xkb/XKBMisc.c b/xkb/XKBMisc.c
+index abbfed90eb..fd180fad2c 100644
+--- a/xkb/XKBMisc.c
++++ b/xkb/XKBMisc.c
+@@ -553,6 +553,7 @@ XkbChangeTypesOfKey(XkbDescPtr xkb,
+ i = XkbSetNumGroups(i, 0);
+ xkb->map->key_sym_map[key].group_info = i;
+ XkbResizeKeySyms(xkb, key, 0);
++ XkbResizeKeyActions(xkb, key, 0);
+ return Success;
+ }
+
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index ec6550e545..7c963e9fdf 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -26,6 +26,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26594-2.patch \
file://CVE-2025-26595.patch \
file://CVE-2025-26596.patch \
+ file://CVE-2025-26597.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 05/15] xserver-xorg: Fix for CVE-2025-26598
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 04/15] xserver-xorg: Fix for CVE-2025-26597 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 06/15] xserver-xorg: Fix for CVE-2025-26599 Steve Sakoman
` (9 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26598.patch | 120 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 121 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch
new file mode 100644
index 0000000000..210a76262a
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch
@@ -0,0 +1,120 @@
+From bba9df1a9d57234c76c0b93f88dacb143d01bca2 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 16 Dec 2024 11:25:11 +0100
+Subject: [PATCH] Xi: Fix barrier device search
+
+The function GetBarrierDevice() would search for the pointer device
+based on its device id and return the matching value, or supposedly NULL
+if no match was found.
+
+Unfortunately, as written, it would return the last element of the list
+if no matching device id was found which can lead to out of bounds
+memory access.
+
+Fix the search function to return NULL if not matching device is found,
+and adjust the callers to handle the case where the device cannot be
+found.
+
+CVE-2025-26598, ZDI-CAN-25740
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a]
+CVE: CVE-2025-26598
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/xibarriers.c | 27 +++++++++++++++++++++++----
+ 1 file changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xibarriers.c b/Xi/xibarriers.c
+index 700b2b8c53..6761bcb49a 100644
+--- a/Xi/xibarriers.c
++++ b/Xi/xibarriers.c
+@@ -132,14 +132,15 @@ static void FreePointerBarrierClient(struct PointerBarrierClient *c)
+
+ static struct PointerBarrierDevice *GetBarrierDevice(struct PointerBarrierClient *c, int deviceid)
+ {
+- struct PointerBarrierDevice *pbd = NULL;
++ struct PointerBarrierDevice *p, *pbd = NULL;
+
+- xorg_list_for_each_entry(pbd, &c->per_device, entry) {
+- if (pbd->deviceid == deviceid)
++ xorg_list_for_each_entry(p, &c->per_device, entry) {
++ if (p->deviceid == deviceid) {
++ pbd = p;
+ break;
++ }
+ }
+
+- BUG_WARN(!pbd);
+ return pbd;
+ }
+
+@@ -340,6 +341,9 @@ barrier_find_nearest(BarrierScreenPtr cs, DeviceIntPtr dev,
+ double distance;
+
+ pbd = GetBarrierDevice(c, dev->id);
++ if (!pbd)
++ continue;
++
+ if (pbd->seen)
+ continue;
+
+@@ -448,6 +452,9 @@ input_constrain_cursor(DeviceIntPtr dev, ScreenPtr screen,
+ nearest = &c->barrier;
+
+ pbd = GetBarrierDevice(c, master->id);
++ if (!pbd)
++ continue;
++
+ new_sequence = !pbd->hit;
+
+ pbd->seen = TRUE;
+@@ -488,6 +495,9 @@ input_constrain_cursor(DeviceIntPtr dev, ScreenPtr screen,
+ int flags = 0;
+
+ pbd = GetBarrierDevice(c, master->id);
++ if (!pbd)
++ continue;
++
+ pbd->seen = FALSE;
+ if (!pbd->hit)
+ continue;
+@@ -682,6 +692,9 @@ BarrierFreeBarrier(void *data, XID id)
+ continue;
+
+ pbd = GetBarrierDevice(c, dev->id);
++ if (!pbd)
++ continue;
++
+ if (!pbd->hit)
+ continue;
+
+@@ -741,6 +754,8 @@ static void remove_master_func(void *res, XID id, void *devid)
+ barrier = container_of(b, struct PointerBarrierClient, barrier);
+
+ pbd = GetBarrierDevice(barrier, *deviceid);
++ if (!pbd)
++ return;
+
+ if (pbd->hit) {
+ BarrierEvent ev = {
+@@ -905,6 +920,10 @@ ProcXIBarrierReleasePointer(ClientPtr client)
+ barrier = container_of(b, struct PointerBarrierClient, barrier);
+
+ pbd = GetBarrierDevice(barrier, dev->id);
++ if (!pbd) {
++ client->errorValue = dev->id;
++ return BadDevice;
++ }
+
+ if (pbd->barrier_event_id == event_id)
+ pbd->release_event_id = event_id;
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 7c963e9fdf..5b77dad16a 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -27,6 +27,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26595.patch \
file://CVE-2025-26596.patch \
file://CVE-2025-26597.patch \
+ file://CVE-2025-26598.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 06/15] xserver-xorg: Fix for CVE-2025-26599
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 05/15] xserver-xorg: Fix for CVE-2025-26598 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 07/15] xserver-xorg: Fix for CVE-2025-26600 Steve Sakoman
` (8 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26599-1.patch | 66 +++++++++
.../xserver-xorg/CVE-2025-26599-2.patch | 129 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 2 +
3 files changed, 197 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
new file mode 100644
index 0000000000..60b68a0d9a
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
@@ -0,0 +1,66 @@
+From c1ff84bef2569b4ba4be59323cf575d1798ba9be Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Tue, 17 Dec 2024 15:19:45 +0100
+Subject: [PATCH] composite: Handle failure to redirect in compRedirectWindow()
+
+The function compCheckRedirect() may fail if it cannot allocate the
+backing pixmap.
+
+In that case, compRedirectWindow() will return a BadAlloc error.
+
+However that failure code path will shortcut the validation of the
+window tree marked just before, which leaves the validate data partly
+initialized.
+
+That causes a use of uninitialized pointer later.
+
+The fix is to not shortcut the call to compHandleMarkedWindows() even in
+the case of compCheckRedirect() returning an error.
+
+CVE-2025-26599, ZDI-CAN-25851
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be]
+CVE: CVE-2025-26599
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ composite/compalloc.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/composite/compalloc.c b/composite/compalloc.c
+index eaabf0d..0bbbc55 100644
+--- a/composite/compalloc.c
++++ b/composite/compalloc.c
+@@ -140,6 +140,7 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
+ CompScreenPtr cs = GetCompScreen(pWin->drawable.pScreen);
+ WindowPtr pLayerWin;
+ Bool anyMarked = FALSE;
++ int status = Success;
+
+ if (pWin == cs->pOverlayWin) {
+ return Success;
+@@ -218,13 +219,13 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
+
+ if (!compCheckRedirect(pWin)) {
+ FreeResource(ccw->id, RT_NONE);
+- return BadAlloc;
++ status = BadAlloc;
+ }
+
+ if (anyMarked)
+ compHandleMarkedWindows(pWin, pLayerWin);
+
+- return Success;
++ return status;
+ }
+
+ void
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch
new file mode 100644
index 0000000000..252b033261
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch
@@ -0,0 +1,129 @@
+From b07192a8bedb90b039dc0f70ae69daf047ff9598 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 13 Jan 2025 16:09:43 +0100
+Subject: [PATCH] composite: initialize border clip even when pixmap alloc
+ fails
+
+If it fails to allocate the pixmap, the function compAllocPixmap() would
+return early and leave the borderClip region uninitialized, which may
+lead to the use of uninitialized value as reported by valgrind:
+
+ Conditional jump or move depends on uninitialised value(s)
+ at 0x4F9B33: compClipNotify (compwindow.c:317)
+ by 0x484FC9: miComputeClips (mivaltree.c:476)
+ by 0x48559A: miValidateTree (mivaltree.c:679)
+ by 0x4F0685: MapWindow (window.c:2693)
+ by 0x4A344A: ProcMapWindow (dispatch.c:922)
+ by 0x4A25B5: Dispatch (dispatch.c:560)
+ by 0x4B082A: dix_main (main.c:282)
+ by 0x429233: main (stubmain.c:34)
+ Uninitialised value was created by a heap allocation
+ at 0x4841866: malloc (vg_replace_malloc.c:446)
+ by 0x4F47BC: compRedirectWindow (compalloc.c:171)
+ by 0x4FA8AD: compCreateWindow (compwindow.c:592)
+ by 0x4EBB89: CreateWindow (window.c:925)
+ by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
+ by 0x4A25B5: Dispatch (dispatch.c:560)
+ by 0x4B082A: dix_main (main.c:282)
+ by 0x429233: main (stubmain.c:34)
+
+ Conditional jump or move depends on uninitialised value(s)
+ at 0x48EEDBC: pixman_region_translate (pixman-region.c:2233)
+ by 0x4F9255: RegionTranslate (regionstr.h:312)
+ by 0x4F9B7E: compClipNotify (compwindow.c:319)
+ by 0x484FC9: miComputeClips (mivaltree.c:476)
+ by 0x48559A: miValidateTree (mivaltree.c:679)
+ by 0x4F0685: MapWindow (window.c:2693)
+ by 0x4A344A: ProcMapWindow (dispatch.c:922)
+ by 0x4A25B5: Dispatch (dispatch.c:560)
+ by 0x4B082A: dix_main (main.c:282)
+ by 0x429233: main (stubmain.c:34)
+ Uninitialised value was created by a heap allocation
+ at 0x4841866: malloc (vg_replace_malloc.c:446)
+ by 0x4F47BC: compRedirectWindow (compalloc.c:171)
+ by 0x4FA8AD: compCreateWindow (compwindow.c:592)
+ by 0x4EBB89: CreateWindow (window.c:925)
+ by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
+ by 0x4A25B5: Dispatch (dispatch.c:560)
+ by 0x4B082A: dix_main (main.c:282)
+ by 0x429233: main (stubmain.c:34)
+
+ Conditional jump or move depends on uninitialised value(s)
+ at 0x48EEE33: UnknownInlinedFun (pixman-region.c:2241)
+ by 0x48EEE33: pixman_region_translate (pixman-region.c:2225)
+ by 0x4F9255: RegionTranslate (regionstr.h:312)
+ by 0x4F9B7E: compClipNotify (compwindow.c:319)
+ by 0x484FC9: miComputeClips (mivaltree.c:476)
+ by 0x48559A: miValidateTree (mivaltree.c:679)
+ by 0x4F0685: MapWindow (window.c:2693)
+ by 0x4A344A: ProcMapWindow (dispatch.c:922)
+ by 0x4A25B5: Dispatch (dispatch.c:560)
+ by 0x4B082A: dix_main (main.c:282)
+ by 0x429233: main (stubmain.c:34)
+ Uninitialised value was created by a heap allocation
+ at 0x4841866: malloc (vg_replace_malloc.c:446)
+ by 0x4F47BC: compRedirectWindow (compalloc.c:171)
+ by 0x4FA8AD: compCreateWindow (compwindow.c:592)
+ by 0x4EBB89: CreateWindow (window.c:925)
+ by 0x4A2E6E: ProcCreateWindow (dispatch.c:768)
+ by 0x4A25B5: Dispatch (dispatch.c:560)
+ by 0x4B082A: dix_main (main.c:282)
+ by 0x429233: main (stubmain.c:34)
+
+Fix compAllocPixmap() to initialize the border clip even if the creation
+of the backing pixmap has failed, to avoid depending later on
+uninitialized border clip values.
+
+Related to CVE-2025-26599, ZDI-CAN-25851
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8]
+CVE: CVE-2025-26599
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ composite/compalloc.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/composite/compalloc.c b/composite/compalloc.c
+index 7cf7351e00..4a1243170d 100644
+--- a/composite/compalloc.c
++++ b/composite/compalloc.c
+@@ -605,9 +605,12 @@ compAllocPixmap(WindowPtr pWin)
+ int h = pWin->drawable.height + (bw << 1);
+ PixmapPtr pPixmap = compNewPixmap(pWin, x, y, w, h);
+ CompWindowPtr cw = GetCompWindow(pWin);
++ Bool status;
+
+- if (!pPixmap)
+- return FALSE;
++ if (!pPixmap) {
++ status = FALSE;
++ goto out;
++ }
+ if (cw->update == CompositeRedirectAutomatic)
+ pWin->redirectDraw = RedirectDrawAutomatic;
+ else
+@@ -621,14 +624,16 @@ compAllocPixmap(WindowPtr pWin)
+ DamageRegister(&pWin->drawable, cw->damage);
+ cw->damageRegistered = TRUE;
+ }
++ status = TRUE;
+
++out:
+ /* Make sure our borderClip is up to date */
+ RegionUninit(&cw->borderClip);
+ RegionCopy(&cw->borderClip, &pWin->borderClip);
+ cw->borderClipX = pWin->drawable.x;
+ cw->borderClipY = pWin->drawable.y;
+
+- return TRUE;
++ return status;
+ }
+
+ void
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 5b77dad16a..e50d7bfb9e 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -28,6 +28,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26596.patch \
file://CVE-2025-26597.patch \
file://CVE-2025-26598.patch \
+ file://CVE-2025-26599-1.patch \
+ file://CVE-2025-26599-2.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 07/15] xserver-xorg: Fix for CVE-2025-26600
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 06/15] xserver-xorg: Fix for CVE-2025-26599 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 08/15] xserver-xorg: Fix for CVE-2025-26601 Steve Sakoman
` (7 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26600.patch | 68 +++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 1 +
2 files changed, 69 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch
new file mode 100644
index 0000000000..43b47b3ca3
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch
@@ -0,0 +1,68 @@
+From 6e0f332ba4c8b8c9a9945dc9d7989bfe06f80e14 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 16 Dec 2024 16:18:04 +0100
+Subject: [PATCH] dix: Dequeue pending events on frozen device on removal
+
+When a device is removed while still frozen, the events queued for that
+device remain while the device itself is freed.
+
+As a result, replaying the events will cause a use after free.
+
+To avoid the issue, make sure to dequeue and free any pending events on
+a frozen device when removed.
+
+CVE-2025-26600, ZDI-CAN-25871
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b]
+CVE: CVE-2025-26600
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dix/devices.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/dix/devices.c b/dix/devices.c
+index 1516147..459f1ed 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -962,6 +962,23 @@ FreeAllDeviceClasses(ClassesPtr classes)
+
+ }
+
++static void
++FreePendingFrozenDeviceEvents(DeviceIntPtr dev)
++{
++ QdEventPtr qe, tmp;
++
++ if (!dev->deviceGrab.sync.frozen)
++ return;
++
++ /* Dequeue any frozen pending events */
++ xorg_list_for_each_entry_safe(qe, tmp, &syncEvents.pending, next) {
++ if (qe->device == dev) {
++ xorg_list_del(&qe->next);
++ free(qe);
++ }
++ }
++}
++
+ /**
+ * Close down a device and free all resources.
+ * Once closed down, the driver will probably not expect you that you'll ever
+@@ -1026,6 +1043,7 @@ CloseDevice(DeviceIntPtr dev)
+ free(dev->last.touches[j].valuators);
+ free(dev->last.touches);
+ dev->config_info = NULL;
++ FreePendingFrozenDeviceEvents(dev);
+ dixFreePrivates(dev->devPrivates, PRIVATE_DEVICE);
+ free(dev);
+ }
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index e50d7bfb9e..d7b0e7b589 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -30,6 +30,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26598.patch \
file://CVE-2025-26599-1.patch \
file://CVE-2025-26599-2.patch \
+ file://CVE-2025-26600.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 08/15] xserver-xorg: Fix for CVE-2025-26601
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 07/15] xserver-xorg: Fix for CVE-2025-26600 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 09/15] bind: Upgrade 9.18.28 -> 9.18.33 Steve Sakoman
` (6 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d &
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f &
https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../xserver-xorg/CVE-2025-26601-1.patch | 71 ++++++++++
.../xserver-xorg/CVE-2025-26601-2.patch | 85 +++++++++++
.../xserver-xorg/CVE-2025-26601-3.patch | 52 +++++++
.../xserver-xorg/CVE-2025-26601-4.patch | 132 ++++++++++++++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 4 +
5 files changed, 344 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch
new file mode 100644
index 0000000000..df5416a452
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch
@@ -0,0 +1,71 @@
+From 16a1242d0ffc7f45ed3c595ee7564b5c04287e0b Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 16:52:01 +0100
+Subject: [PATCH] sync: Do not let sync objects uninitialized
+
+When changing an alarm, the change mask values are evaluated one after
+the other, changing the trigger values as requested and eventually,
+SyncInitTrigger() is called.
+
+SyncInitTrigger() will evaluate the XSyncCACounter first and may free
+the existing sync object.
+
+Other changes are then evaluated and may trigger an error and an early
+return, not adding the new sync object.
+
+This can be used to cause a use after free when the alarm eventually
+triggers.
+
+To avoid the issue, delete the existing sync object as late as possible
+only once we are sure that no further error will cause an early exit.
+
+CVE-2025-26601, ZDI-CAN-25870
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index ee0010e657..585cfa6f68 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -360,11 +360,6 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+ client->errorValue = syncObject;
+ return rc;
+ }
+- if (pSync != pTrigger->pSync) { /* new counter for trigger */
+- SyncDeleteTriggerFromSyncObject(pTrigger);
+- pTrigger->pSync = pSync;
+- newSyncObject = TRUE;
+- }
+ }
+
+ /* if system counter, ask it what the current value is */
+@@ -432,6 +427,14 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+ }
+ }
+
++ if (changes & XSyncCACounter) {
++ if (pSync != pTrigger->pSync) { /* new counter for trigger */
++ SyncDeleteTriggerFromSyncObject(pTrigger);
++ pTrigger->pSync = pSync;
++ newSyncObject = TRUE;
++ }
++ }
++
+ /* we wait until we're sure there are no errors before registering
+ * a new counter on a trigger
+ */
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch
new file mode 100644
index 0000000000..22e751c017
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch
@@ -0,0 +1,85 @@
+From f52cea2f93a0c891494eb3334894442a92368030 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 16:54:30 +0100
+Subject: [PATCH] sync: Check values before applying changes
+
+In SyncInitTrigger(), we would set the CheckTrigger function before
+validating the counter value.
+
+As a result, if the counter value overflowed, we would leave the
+function SyncInitTrigger() with the CheckTrigger applied but without
+updating the trigger object.
+
+To avoid that issue, move the portion of code checking for the trigger
+check value before updating the CheckTrigger function.
+
+Related to CVE-2025-26601, ZDI-CAN-25870
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 36 ++++++++++++++++++------------------
+ 1 file changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index 585cfa6f68..10302160fb 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -381,6 +381,24 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+ }
+ }
+
++ if (changes & (XSyncCAValueType | XSyncCAValue)) {
++ if (pTrigger->value_type == XSyncAbsolute)
++ pTrigger->test_value = pTrigger->wait_value;
++ else { /* relative */
++ Bool overflow;
++
++ if (pCounter == NULL)
++ return BadMatch;
++
++ overflow = checked_int64_add(&pTrigger->test_value,
++ pCounter->value, pTrigger->wait_value);
++ if (overflow) {
++ client->errorValue = pTrigger->wait_value >> 32;
++ return BadValue;
++ }
++ }
++ }
++
+ if (changes & XSyncCATestType) {
+
+ if (pSync && SYNC_FENCE == pSync->type) {
+@@ -409,24 +427,6 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+ }
+ }
+
+- if (changes & (XSyncCAValueType | XSyncCAValue)) {
+- if (pTrigger->value_type == XSyncAbsolute)
+- pTrigger->test_value = pTrigger->wait_value;
+- else { /* relative */
+- Bool overflow;
+-
+- if (pCounter == NULL)
+- return BadMatch;
+-
+- overflow = checked_int64_add(&pTrigger->test_value,
+- pCounter->value, pTrigger->wait_value);
+- if (overflow) {
+- client->errorValue = pTrigger->wait_value >> 32;
+- return BadValue;
+- }
+- }
+- }
+-
+ if (changes & XSyncCACounter) {
+ if (pSync != pTrigger->pSync) { /* new counter for trigger */
+ SyncDeleteTriggerFromSyncObject(pTrigger);
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch
new file mode 100644
index 0000000000..8d714f0302
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch
@@ -0,0 +1,52 @@
+From 8cbc90c8817306af75a60f494ec9dbb1061e50db Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 17:06:07 +0100
+Subject: [PATCH] sync: Do not fail SyncAddTriggerToSyncObject()
+
+We do not want to return a failure at the very last step in
+SyncInitTrigger() after having all changes applied.
+
+SyncAddTriggerToSyncObject() must not fail on memory allocation, if the
+allocation of the SyncTriggerList fails, trigger a FatalError() instead.
+
+Related to CVE-2025-26601, ZDI-CAN-25870
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index 10302160fb..65f2d43780 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -201,8 +201,8 @@ SyncAddTriggerToSyncObject(SyncTrigger * pTrigger)
+ return Success;
+ }
+
+- if (!(pCur = malloc(sizeof(SyncTriggerList))))
+- return BadAlloc;
++ /* Failure is not an option, it's succeed or burst! */
++ pCur = XNFalloc(sizeof(SyncTriggerList));
+
+ pCur->pTrigger = pTrigger;
+ pCur->next = pTrigger->pSync->pTriglist;
+@@ -439,8 +439,7 @@ SyncInitTrigger(ClientPtr client, SyncTrigger * pTrigger, XID syncObject,
+ * a new counter on a trigger
+ */
+ if (newSyncObject) {
+- if ((rc = SyncAddTriggerToSyncObject(pTrigger)) != Success)
+- return rc;
++ SyncAddTriggerToSyncObject(pTrigger);
+ }
+ else if (pCounter && IsSystemCounter(pCounter)) {
+ SyncComputeBracketValues(pCounter);
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch
new file mode 100644
index 0000000000..e2261192fa
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch
@@ -0,0 +1,132 @@
+From c285798984c6bb99e454a33772cde23d394d3dcd Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 20 Jan 2025 17:10:31 +0100
+Subject: [PATCH] sync: Apply changes last in SyncChangeAlarmAttributes()
+
+SyncChangeAlarmAttributes() would apply the various changes while
+checking for errors.
+
+If one of the changes triggers an error, the changes for the trigger,
+counter or delta value would remain, possibly leading to inconsistent
+changes.
+
+Postpone the actual changes until we're sure nothing else can go wrong.
+
+Related to CVE-2025-26601, ZDI-CAN-25870
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1828>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/c2857989]
+CVE: CVE-2025-26601
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xext/sync.c | 42 +++++++++++++++++++++++++++---------------
+ 1 file changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/Xext/sync.c b/Xext/sync.c
+index 65f2d43780..cab73be927 100644
+--- a/Xext/sync.c
++++ b/Xext/sync.c
+@@ -830,8 +830,14 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+ int status;
+ XSyncCounter counter;
+ Mask origmask = mask;
++ SyncTrigger trigger;
++ Bool select_events_changed = FALSE;
++ Bool select_events_value = FALSE;
++ int64_t delta;
+
+- counter = pAlarm->trigger.pSync ? pAlarm->trigger.pSync->id : None;
++ trigger = pAlarm->trigger;
++ delta = pAlarm->delta;
++ counter = trigger.pSync ? trigger.pSync->id : None;
+
+ while (mask) {
+ int index2 = lowbit(mask);
+@@ -847,24 +853,24 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+ case XSyncCAValueType:
+ mask &= ~XSyncCAValueType;
+ /* sanity check in SyncInitTrigger */
+- pAlarm->trigger.value_type = *values++;
++ trigger.value_type = *values++;
+ break;
+
+ case XSyncCAValue:
+ mask &= ~XSyncCAValue;
+- pAlarm->trigger.wait_value = ((int64_t)values[0] << 32) | values[1];
++ trigger.wait_value = ((int64_t)values[0] << 32) | values[1];
+ values += 2;
+ break;
+
+ case XSyncCATestType:
+ mask &= ~XSyncCATestType;
+ /* sanity check in SyncInitTrigger */
+- pAlarm->trigger.test_type = *values++;
++ trigger.test_type = *values++;
+ break;
+
+ case XSyncCADelta:
+ mask &= ~XSyncCADelta;
+- pAlarm->delta = ((int64_t)values[0] << 32) | values[1];
++ delta = ((int64_t)values[0] << 32) | values[1];
+ values += 2;
+ break;
+
+@@ -874,10 +880,8 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+ client->errorValue = *values;
+ return BadValue;
+ }
+- status = SyncEventSelectForAlarm(pAlarm, client,
+- (Bool) (*values++));
+- if (status != Success)
+- return status;
++ select_events_value = (Bool) (*values++);
++ select_events_changed = TRUE;
+ break;
+
+ default:
+@@ -886,25 +890,33 @@ SyncChangeAlarmAttributes(ClientPtr client, SyncAlarm * pAlarm, Mask mask,
+ }
+ }
+
++ if (select_events_changed) {
++ status = SyncEventSelectForAlarm(pAlarm, client, select_events_value);
++ if (status != Success)
++ return status;
++ }
++
+ /* "If the test-type is PositiveComparison or PositiveTransition
+ * and delta is less than zero, or if the test-type is
+ * NegativeComparison or NegativeTransition and delta is
+ * greater than zero, a Match error is generated."
+ */
+ if (origmask & (XSyncCADelta | XSyncCATestType)) {
+- if ((((pAlarm->trigger.test_type == XSyncPositiveComparison) ||
+- (pAlarm->trigger.test_type == XSyncPositiveTransition))
+- && pAlarm->delta < 0)
++ if ((((trigger.test_type == XSyncPositiveComparison) ||
++ (trigger.test_type == XSyncPositiveTransition))
++ && delta < 0)
+ ||
+- (((pAlarm->trigger.test_type == XSyncNegativeComparison) ||
+- (pAlarm->trigger.test_type == XSyncNegativeTransition))
+- && pAlarm->delta > 0)
++ (((trigger.test_type == XSyncNegativeComparison) ||
++ (trigger.test_type == XSyncNegativeTransition))
++ && delta > 0)
+ ) {
+ return BadMatch;
+ }
+ }
+
+ /* postpone this until now, when we're sure nothing else can go wrong */
++ pAlarm->delta = delta;
++ pAlarm->trigger = trigger;
+ if ((status = SyncInitTrigger(client, &pAlarm->trigger, counter, RTCounter,
+ origmask & XSyncCAAllTrigger)) != Success)
+ return status;
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index d7b0e7b589..e77b81eed6 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -31,6 +31,10 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://CVE-2025-26599-1.patch \
file://CVE-2025-26599-2.patch \
file://CVE-2025-26600.patch \
+ file://CVE-2025-26601-1.patch \
+ file://CVE-2025-26601-2.patch \
+ file://CVE-2025-26601-3.patch \
+ file://CVE-2025-26601-4.patch \
"
SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 09/15] bind: Upgrade 9.18.28 -> 9.18.33
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 08/15] xserver-xorg: Fix for CVE-2025-26601 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 10/15] systemd: upgrade 250.5 -> 250.14 Steve Sakoman
` (5 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Includes security fixes for CVE-2024-12705 CVE-2024-11187 and other bug
fixes
Release Notes:
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-32
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-31
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-30
https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-29
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../bind/{bind_9.18.28.bb => bind_9.18.33.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.28.bb => bind_9.18.33.bb} (97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.28.bb b/meta/recipes-connectivity/bind/bind_9.18.33.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.28.bb
rename to meta/recipes-connectivity/bind/bind_9.18.33.bb
index 67628a8650..ceea149699 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.28.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.33.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "e7cce9a165f7b619eefc4832f0a8dc16b005d29e3890aed6008c506ea286a5e7"
+SRC_URI[sha256sum] = "fb373fac5ebbc41c645160afd5a9fb451918f6c0e69ab1d9474154e2b515de40"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 10/15] systemd: upgrade 250.5 -> 250.14
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 09/15] bind: Upgrade 9.18.28 -> 9.18.33 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:52 ` Patchtest results for " patchtest
2025-02-27 17:39 ` [OE-core][kirkstone 11/15] boost: fix do_fetch error Steve Sakoman
` (4 subsequent siblings)
14 siblings, 1 reply; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Narpat Mali <narpat.falna@gmail.com>
Latest stable branch update which includes 396 commits and the full
list of changes can be found at:
https://github.com/systemd/systemd-stable/compare/v250.5...v250.14
All the patches were refreshed with devtool.
Backported this upstreamed patch to resolve the compile error while
building systemd with qemumips machine.
- 0001-core-fix-build-when-seccomp-is-off.patch
These 2 below patches were modified to resolve the merge conflicts
introduced by systemd v250.14 version:
1. 0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch
- This patch was just adjusted based on the systemd v250.14 version.
2. 0001-pass-correct-parameters-to-getdents64.patch
- For this patch, there was a commit reverted as part of the v250.8 tag:
https://github.com/systemd/systemd-stable/commit/51089e007f2f45fc15e37e7a9dcf3045416e1239
These below 6 patches were dropped as systemd v250.14 already has
the changes:
- 0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
- CVE-2022-3821.patch
- CVE-2022-4415-1.patch
- CVE-2022-4415-2.patch
- CVE-2022-45873.patch
- CVE-2023-7008.patch
Signed-off-by: Narpat Mali <narpat.falna@gmail.com>
Signed-off-by: Randy Macleod <randy.macleod@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...d-boot_250.5.bb => systemd-boot_250.14.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
| 20 +-
...sysctl.d-binfmt.d-modules-load.d-to-.patch | 18 +-
...1-core-fix-build-when-seccomp-is-off.patch | 41 ++
...ass-correct-parameters-to-getdents64.patch | 49 ++-
...w-json_variant_dump-to-return-an-err.patch | 60 ---
.../0002-Add-sys-stat.h-for-S_IFDIR.patch | 6 +-
...3-missing_type.h-add-comparison_fn_t.patch | 6 +-
...k-parse_printf_format-implementation.patch | 6 +-
...missing.h-check-for-missing-strndupa.patch | 62 ++-
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 8 +-
...008-add-missing-FTW_-macros-for-musl.patch | 4 +-
..._register_atfork-for-non-glibc-build.patch | 6 +-
...10-Use-uintmax_t-for-handling-rlim_t.patch | 6 +-
...sable-tests-for-missing-typedefs-in-.patch | 2 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 4 +-
...patible-basename-for-non-glibc-syste.patch | 2 +-
...uffering-when-writing-to-oom_score_a.patch | 6 +-
...compliant-strerror_r-from-GNU-specif.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
.../0021-test-json.c-define-M_PIl.patch | 4 +-
...-not-disable-buffer-in-writing-files.patch | 38 +-
.../0025-Handle-__cpu_mask-usage.patch | 2 +-
.../systemd/0026-Handle-missing-gshadow.patch | 4 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 4 +-
.../systemd/systemd/CVE-2022-3821.patch | 45 --
.../systemd/systemd/CVE-2022-4415-1.patch | 109 -----
.../systemd/systemd/CVE-2022-4415-2.patch | 391 ------------------
.../systemd/systemd/CVE-2022-45873.patch | 124 ------
.../systemd/systemd/CVE-2023-7008.patch | 40 --
.../{systemd_250.5.bb => systemd_250.14.bb} | 7 +-
32 files changed, 187 insertions(+), 893 deletions(-)
rename meta/recipes-core/systemd/{systemd-boot_250.5.bb => systemd-boot_250.14.bb} (100%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
rename meta/recipes-core/systemd/{systemd_250.5.bb => systemd_250.14.bb} (99%)
diff --git a/meta/recipes-core/systemd/systemd-boot_250.5.bb b/meta/recipes-core/systemd/systemd-boot_250.14.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd-boot_250.5.bb
rename to meta/recipes-core/systemd/systemd-boot_250.14.bb
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 309105290f..86ae4793c3 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -14,7 +14,7 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
-SRCREV = "4a31fa2fb040005b73253da75cf84949b8485175"
+SRCREV = "4ada1290584745ab6643eece9e1756a8c0e079ca"
SRCBRANCH = "v250-stable"
SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
--git a/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch b/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch
index c42c66786f..c3cc3ea790 100644
--- a/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch
+++ b/meta/recipes-core/systemd/systemd/0001-Adjust-for-musl-headers.patch
@@ -1,4 +1,4 @@
-From 9a1841402ce3ef21a10a7314a07a615f8196d406 Mon Sep 17 00:00:00 2001
+From 10ec14bf4a75891a99defa37f5e9452ac6fe12b3 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 21 Jan 2022 22:19:37 -0800
Subject: [PATCH] Adjust for musl headers
@@ -174,7 +174,7 @@ index d15766cd7b..60728b4f94 100644
#include "conf-parser.h"
#include "ipvlan.h"
diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c
-index f1a566a9ca..1f37927a83 100644
+index df0d924443..6400032f96 100644
--- a/src/network/netdev/macsec.c
+++ b/src/network/netdev/macsec.c
@@ -1,7 +1,7 @@
@@ -200,7 +200,7 @@ index c41be6e78f..ee2660c5bf 100644
#include "conf-parser.h"
#include "macvlan.h"
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
-index 8e7fe11c18..701ab2bd69 100644
+index b46b9ecc90..e6e58c5f0f 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -2,7 +2,7 @@
@@ -275,7 +275,7 @@ index c946e81fc0..d1a6be73f9 100644
#include "netlink-util.h"
diff --git a/src/network/netdev/vlan.c b/src/network/netdev/vlan.c
-index af3e77963e..efa4b0a164 100644
+index 58c2da32dd..f4a5fd7343 100644
--- a/src/network/netdev/vlan.c
+++ b/src/network/netdev/vlan.c
@@ -2,7 +2,7 @@
@@ -327,7 +327,7 @@ index 30b0855598..a065158801 100644
#include "conf-parser.h"
#include "alloc-util.h"
diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
-index 88f668753a..5fc753384b 100644
+index 6c251b3a2e..000e3d01a9 100644
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -6,7 +6,7 @@
@@ -373,7 +373,7 @@ index 10025a97ae..a0239ea83a 100644
#define STATIC_BRIDGE_MDB_ENTRIES_PER_NETWORK_MAX 1024U
diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c
-index 7996960bd1..e870b9ba26 100644
+index 4f13eada05..7e3ea2108b 100644
--- a/src/network/networkd-dhcp-common.c
+++ b/src/network/networkd-dhcp-common.c
@@ -1,7 +1,8 @@
@@ -421,7 +421,7 @@ index 9acfd17d49..3108289602 100644
#include "sd-dhcp-server.h"
diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
-index cb9c428ae9..a35d58f3f1 100644
+index f97e8033b8..21026ac0bf 100644
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@@ -3,7 +3,7 @@
@@ -434,7 +434,7 @@ index cb9c428ae9..a35d58f3f1 100644
#include "alloc-util.h"
#include "dhcp-client-internal.h"
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index b62a154828..75949e6094 100644
+index 090da53a1e..8b402a5b04 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -3,7 +3,7 @@
@@ -447,7 +447,7 @@ index b62a154828..75949e6094 100644
#include <linux/netdevice.h>
#include <sys/socket.h>
diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
-index ee7a535075..ce6ed64133 100644
+index f3b6f38967..5793fd93f8 100644
--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
@@ -1,9 +1,5 @@
@@ -472,7 +472,7 @@ index ee7a535075..ce6ed64133 100644
_cleanup_(route_freep) Route *route = NULL;
diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
-index e00cc1e589..e392c7e1a2 100644
+index 1ab58a5bd2..72860cc542 100644
--- a/src/network/networkd-setlink.c
+++ b/src/network/networkd-setlink.c
@@ -2,7 +2,7 @@
diff --git a/meta/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch b/meta/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch
index 31efc4cc4b..9303f42daf 100644
--- a/meta/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch
+++ b/meta/recipes-core/systemd/systemd/0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch
@@ -1,4 +1,4 @@
-From beb0219b71510bc63aed81d2a970a04349d6c616 Mon Sep 17 00:00:00 2001
+From e06212833237dd639a843b5f9733f8a49f3a9119 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 29 Sep 2020 18:01:41 -0700
Subject: [PATCH] Move sysusers.d/sysctl.d/binfmt.d/modules-load.d to /usr
@@ -7,21 +7,26 @@ These directories are moved to /lib since systemd v246, commit
4a56315a990b ("path: use ROOTPREFIX properly"), but in oe-core/yocto,
the old /usr/lib is still being used.
+Modified to resolve the merge conflict introduced by systemd v250.14
+version.
+
Upstream-Status: Inappropriate (OE-specific)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
+Signed-off-by: Narpat Mali <narpat.falna@gmail.com>
+
---
src/core/systemd.pc.in | 8 ++++----
src/libsystemd/sd-path/sd-path.c | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
-index fc0f8c34fa..65996bbed8 100644
+index 693433b34b..8368a3ff02 100644
--- a/src/core/systemd.pc.in
+++ b/src/core/systemd.pc.in
-@@ -65,16 +65,16 @@ systemdshutdowndir=${systemd_shutdown_dir}
- tmpfiles_dir=${prefix}/lib/tmpfiles.d
- tmpfilesdir=${tmpfiles_dir}
+@@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir}
+
+ user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d
-sysusers_dir=${rootprefix}/lib/sysusers.d
+sysusers_dir=${prefix}/lib/sysusers.d
@@ -68,6 +73,3 @@ index ff1e0d5f8e..19a001f47e 100644
return 0;
case SD_PATH_CATALOG:
---
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch b/meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch
new file mode 100644
index 0000000000..63100ce6da
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch
@@ -0,0 +1,41 @@
+From 10c567204edcd2926ce4f762d7015d5894756d52 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Thu, 12 Sep 2024 15:46:29 +0200
+Subject: [PATCH] core: fix build when seccomp is off
+
+Something went wrong when 6aa2c55522d7cac62ecfd5d5687a86a84f158d18 was
+cherry-picked for v250-stable, causing it to fail to build when seccomp
+is disabled.
+
+Fix this by changing the code to how it looks like in other versions of
+the backported commit, slightly adapted to the file's style in v250.
+
+Fixes the following build error:
+
+| ../git/src/core/main.c: In function 'parse_config_file':
+| ../git/src/core/main.c:721:101: error: lvalue required as unary '&' operand
+| 721 | { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &DISABLED_CONFIGURATION },
+| | ^
+
+Fixes: 8e8c7d51140b ("pid1: generate compat warning for SystemCallArchitectures= if seccomp is off")
+
+Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/b19b7c67e9cb74c44c43a0daf6172f9d32f134ec]
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+Signed-off-by: Narpat Mali <narpat.falna@gmail.com>
+---
+ src/core/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 19686fa475..5914be6a83 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -718,7 +718,7 @@ static int parse_config_file(void) {
+ #if HAVE_SECCOMP
+ { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
+ #else
+- { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &DISABLED_CONFIGURATION },
++ { "Manager", "SystemCallArchitectures", config_parse_warn_compat, DISABLED_CONFIGURATION, NULL },
+ #endif
+ { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
+ { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
diff --git a/meta/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch b/meta/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch
index 9ebff9825a..b64d6b30a7 100644
--- a/meta/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch
+++ b/meta/recipes-core/systemd/systemd/0001-pass-correct-parameters-to-getdents64.patch
@@ -1,4 +1,4 @@
-From dab02796780f00d689cc1c7a0ba81abe7c5f28d0 Mon Sep 17 00:00:00 2001
+From 2252b9a6c598f8ed4efe95d2a149f68db7fb9cc4 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 21 Jan 2022 15:15:11 -0800
Subject: [PATCH] pass correct parameters to getdents64
@@ -12,14 +12,33 @@ Fixes
n = getdents64(fd, &buffer, sizeof(buffer));
^~~~~~~
+Modified to resolve the merge conflict introduced by systemd v250.14 version.
+
Upstream-Status: Inappropriate [musl specific]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
+Signed-off-by: Narpat Mali <narpat.falna@gmail.com>
+
---
+ src/basic/dirent-util.h | 6 ++++++
src/basic/recurse-dir.c | 2 +-
- src/basic/stat-util.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
+ src/basic/stat-util.c | 8 ++++++--
+ 3 files changed, 13 insertions(+), 3 deletions(-)
+diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h
+index 04bc53003f..5fde9043a3 100644
+--- a/src/basic/dirent-util.h
++++ b/src/basic/dirent-util.h
+@@ -51,3 +51,9 @@ assert_cc(sizeof_field(struct dirent, d_name) == sizeof_field(struct dirent64, d
+ for (void *_end = (uint8_t*) ({ (de) = (buf); }) + (sz); \
+ (uint8_t*) (de) < (uint8_t*) _end; \
+ (de) = (struct dirent*) ((uint8_t*) (de) + (de)->d_reclen))
++
++#define DEFINE_DIRENT_BUFFER(name, sz) \
++ union { \
++ struct dirent de; \
++ uint8_t data[(sz) * DIRENT_SIZE_MAX]; \
++ } name
diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c
index efa1797b7b..03ff10ebe9 100644
--- a/src/basic/recurse-dir.c
@@ -34,18 +53,28 @@ index efa1797b7b..03ff10ebe9 100644
return -errno;
if (n == 0)
diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c
-index c2269844f8..7cd6c7fa42 100644
+index db22f06d0f..cb76726c37 100644
--- a/src/basic/stat-util.c
+++ b/src/basic/stat-util.c
-@@ -99,7 +99,7 @@ int dir_is_empty_at(int dir_fd, const char *path) {
+@@ -66,6 +66,10 @@ int is_device_node(const char *path) {
+ int dir_is_empty_at(int dir_fd, const char *path) {
+ _cleanup_close_ int fd = -1;
+ _cleanup_closedir_ DIR *d = NULL;
++ /* Allocate space for at least 3 full dirents, since every dir has at least two entries ("." +
++ * ".."), and only once we have seen if there's a third we know whether the dir is empty or not. */
++ DEFINE_DIRENT_BUFFER(buffer, 3);
++ ssize_t n;
+
+ if (path) {
+ assert(dir_fd >= 0 || dir_fd == AT_FDCWD);
+@@ -85,8 +89,8 @@ int dir_is_empty_at(int dir_fd, const char *path) {
return fd;
}
-- n = getdents64(fd, &buffer, sizeof(buffer));
+- d = take_fdopendir(&fd);
+- if (!d)
+ n = getdents64(fd, (struct dirent *)&buffer, sizeof(buffer));
- if (n < 0)
++ if (n < 0)
return -errno;
---
-2.34.1
-
+ FOREACH_DIRENT(de, d, return -errno)
diff --git a/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch b/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
deleted file mode 100644
index b23b735507..0000000000
--- a/meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 25492154b42f68a48752a7f61eaf1fb61e454e52 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 18 Oct 2022 18:09:06 +0200
-Subject: [PATCH] shared/json: allow json_variant_dump() to return an error
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/7922ead507e0d83e4ec72a8cbd2b67194766e58c]
-
-Needed to fix CVE-2022-45873.patch backported from systemd/main,
-otherwise it fails to build with:
-
-| ../git/src/shared/elf-util.c: In function 'parse_elf_object':
-| ../git/src/shared/elf-util.c:792:27: error: void value not ignored as it ought to be
-| 792 | r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
-| | ^
-
-Signed-off-by: Martin Jansa <martin2.jansa@lgepartner.com>
----
- src/shared/json.c | 7 ++++---
- src/shared/json.h | 2 +-
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/src/shared/json.c b/src/shared/json.c
-index dff95eda26..81c05efe22 100644
---- a/src/shared/json.c
-+++ b/src/shared/json.c
-@@ -1792,9 +1792,9 @@ int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret) {
- return (int) sz - 1;
- }
-
--void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
-+int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
- if (!v)
-- return;
-+ return 0;
-
- if (!f)
- f = stdout;
-@@ -1820,7 +1820,8 @@ void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const cha
- fputc('\n', f); /* In case of SSE add a second newline */
-
- if (flags & JSON_FORMAT_FLUSH)
-- fflush(f);
-+ return fflush_and_check(f);
-+ return 0;
- }
-
- int json_variant_filter(JsonVariant **v, char **to_remove) {
-diff --git a/src/shared/json.h b/src/shared/json.h
-index 8760354b66..c712700763 100644
---- a/src/shared/json.h
-+++ b/src/shared/json.h
-@@ -187,7 +187,7 @@ typedef enum JsonFormatFlags {
- } JsonFormatFlags;
-
- int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret);
--void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
-+int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
-
- int json_variant_filter(JsonVariant **v, char **to_remove);
-
diff --git a/meta/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch b/meta/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch
index 8cf0546450..5ed907412f 100644
--- a/meta/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch
+++ b/meta/recipes-core/systemd/systemd/0002-Add-sys-stat.h-for-S_IFDIR.patch
@@ -1,4 +1,4 @@
-From 4b731a5e2547b5292f9a774b849e14c0cf7b3955 Mon Sep 17 00:00:00 2001
+From 2e7d75e9a045f7580c60436dbee44301393a66c3 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 21 Jan 2022 15:17:37 -0800
Subject: [PATCH] Add sys/stat.h for S_IFDIR
@@ -14,10 +14,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
1 file changed, 1 insertion(+)
diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c
-index d36a6466d7..63b764cd83 100644
+index 5b1ac5d1e0..fa5802b894 100644
--- a/src/shared/mkdir-label.c
+++ b/src/shared/mkdir-label.c
-@@ -4,6 +4,7 @@
+@@ -6,6 +6,7 @@
#include "selinux-util.h"
#include "smack-util.h"
#include "user-util.h"
diff --git a/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch b/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch
index c28c8381e8..e1fedd71b8 100644
--- a/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch
+++ b/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-comparison_fn_t.patch
@@ -1,4 +1,4 @@
-From 5513b918d02900a3a78fd0e0300a118b163edfef Mon Sep 17 00:00:00 2001
+From a134b05d2cbc0d05a5ad7d9ebbb4ba57d424752c Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 13:55:12 +0800
Subject: [PATCH] missing_type.h: add comparison_fn_t
@@ -14,6 +14,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
[Rebased for v250, Drop __compare_fn_t]
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
+
---
src/basic/missing_type.h | 4 ++++
src/basic/sort-util.h | 1 +
@@ -56,6 +57,3 @@ index 8fc87b131a..36a6efdbd8 100644
const char * const catalog_file_dirs[] = {
"/usr/local/lib/systemd/catalog/",
---
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
index 1bd538b0c0..c233560e52 100644
--- a/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
+++ b/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
@@ -1,4 +1,4 @@
-From 3d9910dcda697b1e361bba49c99050ee0d116742 Mon Sep 17 00:00:00 2001
+From e53661c4dc9b15397a87077169fe729934ce5e13 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sat, 22 May 2021 20:26:24 +0200
Subject: [PATCH] add fallback parse_printf_format implementation
@@ -23,10 +23,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
create mode 100644 src/basic/parse-printf-format.h
diff --git a/meson.build b/meson.build
-index cb9936ee8b..ae53345260 100644
+index 01c4b4dc70..29129a83e2 100644
--- a/meson.build
+++ b/meson.build
-@@ -686,6 +686,7 @@ endif
+@@ -705,6 +705,7 @@ endif
foreach header : ['crypt.h',
'linux/memfd.h',
'linux/vm_sockets.h',
diff --git a/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
index 680930ca3c..786f8304ac 100644
--- a/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,4 +1,4 @@
-From 106b7bd7186c9d6c1dcd72bd4ca6457d3fa72d0b Mon Sep 17 00:00:00 2001
+From 38c8e75938a439dd8f961a9ea4084deca0c46269 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 14:18:21 +0800
Subject: [PATCH] src/basic/missing.h: check for missing strndupa
@@ -17,6 +17,7 @@ Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
[rebased for systemd 244]
[Rebased for v247]
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
+
---
meson.build | 1 +
src/backlight/backlight.c | 1 +
@@ -73,10 +74,10 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
52 files changed, 63 insertions(+)
diff --git a/meson.build b/meson.build
-index cb9936ee8b..7ab201c6d9 100644
+index 29129a83e2..3fec6aac3e 100644
--- a/meson.build
+++ b/meson.build
-@@ -507,6 +507,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
+@@ -526,6 +526,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
endforeach
foreach ident : [
@@ -97,7 +98,7 @@ index 5a3095cbba..22cfa4d526 100644
static int help(void) {
_cleanup_free_ char *link = NULL;
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index a626ecf2e2..f7dc6c8421 100644
+index e65ad678ab..d3bed80620 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -37,6 +37,7 @@
@@ -121,7 +122,7 @@ index 885967e7f3..d0b7dc845e 100644
/* We follow bash for the character set. Different shells have different rules. */
#define VALID_BASH_ENV_NAME_CHARS \
diff --git a/src/basic/log.c b/src/basic/log.c
-index 12071e2ebd..15254c7bbc 100644
+index 10de8bd7c0..4f0e7eaad3 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -36,6 +36,7 @@
@@ -153,7 +154,7 @@ index 8c76f93eb2..9068bfb4f0 100644
+ })
+#endif
diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
-index 51a0d74e87..03569f71f8 100644
+index 27144dd45a..0395c124da 100644
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -15,6 +15,7 @@
@@ -237,7 +238,7 @@ index 65f96abb06..e485a0196b 100644
int procfs_get_pid_max(uint64_t *ret) {
_cleanup_free_ char *value = NULL;
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
-index b659d6905d..020112be24 100644
+index 89dc593d44..ffbaffd451 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -26,6 +26,7 @@
@@ -273,7 +274,7 @@ index f0d8759e85..b4c1053e64 100644
BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve);
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
-index 5c499e5d06..e7ab1bb9a5 100644
+index db1698393c..77cc8bb507 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -44,6 +44,7 @@
@@ -297,10 +298,10 @@ index 32a2ec0ff9..36be2511e4 100644
int bus_property_get_triggered_unit(
sd_bus *bus,
diff --git a/src/core/execute.c b/src/core/execute.c
-index 0b20d386d3..fccfb9268c 100644
+index da0cd2dcbe..d2a7bf7e7b 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
-@@ -102,6 +102,7 @@
+@@ -103,6 +103,7 @@
#include "unit-serialize.h"
#include "user-util.h"
#include "utmp-wtmp.h"
@@ -321,7 +322,7 @@ index d054668b8e..9b4caa7651 100644
#if HAVE_KMOD
#include "module-util.h"
diff --git a/src/core/service.c b/src/core/service.c
-index 87f0d34c8c..ccda3feb29 100644
+index e02c2e38ad..2a64a14647 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -42,6 +42,7 @@
@@ -369,7 +370,7 @@ index 3e3646e45f..6a8fc60f6d 100644
#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
-index 3c4a7c0a7a..6a792404f2 100644
+index d4a751c575..b175b11a8f 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -73,6 +73,7 @@
@@ -381,7 +382,7 @@ index 3c4a7c0a7a..6a792404f2 100644
#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
#define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
-index 96529b422b..ddb5e9c698 100644
+index ca0b290ed2..3fa703eb61 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -20,6 +20,7 @@
@@ -393,11 +394,11 @@ index 96529b422b..ddb5e9c698 100644
static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored);
diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
-index 28d8336718..5d3ce88a53 100644
+index 5c6c6c5c5f..00499d53d1 100644
--- a/src/libsystemd/sd-bus/bus-objects.c
+++ b/src/libsystemd/sd-bus/bus-objects.c
-@@ -12,6 +12,7 @@
- #include "set.h"
+@@ -11,6 +11,7 @@
+ #include "missing_capability.h"
#include "string-util.h"
#include "strv.h"
+#include "missing_stdlib.h"
@@ -405,7 +406,7 @@ index 28d8336718..5d3ce88a53 100644
static int node_vtable_get_userdata(
sd_bus *bus,
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
-index 14951ccb33..b7f86ca501 100644
+index af67fc70eb..f80afa8327 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -28,6 +28,7 @@
@@ -417,7 +418,7 @@ index 14951ccb33..b7f86ca501 100644
#define SNDBUF_SIZE (8*1024*1024)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
-index 9e1d29cc1d..8c3165f0ce 100644
+index 8f12be6d56..01945df0c4 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -43,6 +43,7 @@
@@ -441,7 +442,7 @@ index 317653bedc..d028216c48 100644
#define MAX_SIZE (2*1024*1024)
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
-index 7a6cc4aca3..b7f7cd65c5 100644
+index de9deb2e6d..6f4e1856d5 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -41,6 +41,7 @@
@@ -450,10 +451,10 @@ index 7a6cc4aca3..b7f7cd65c5 100644
#include "syslog-util.h"
+#include "missing_stdlib.h"
- #define JOURNAL_FILES_MAX 7168
+ #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC)
diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c
-index 10d2ed7aec..4fbe3f6b4a 100644
+index eaa1c6f0d2..7014c1e227 100644
--- a/src/locale/keymap-util.c
+++ b/src/locale/keymap-util.c
@@ -24,6 +24,7 @@
@@ -489,7 +490,7 @@ index 063ad08d80..f9823a433b 100644
/*
# .network
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
-index 1f58bf3ed4..8457a3b0e3 100644
+index c4be8f5d4e..04ab34f165 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -17,6 +17,7 @@
@@ -513,7 +514,7 @@ index c64e79bdff..eda26b0b9a 100644
static void setup_logging_once(void) {
static pthread_once_t once = PTHREAD_ONCE_INIT;
diff --git a/src/portable/portable.c b/src/portable/portable.c
-index 0e6461ba93..54148d5924 100644
+index 3f73151bfe..452cadb764 100644
--- a/src/portable/portable.c
+++ b/src/portable/portable.c
@@ -39,6 +39,7 @@
@@ -525,7 +526,7 @@ index 0e6461ba93..54148d5924 100644
/* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was
* dropped there by the portable service logic and b) for which image it was dropped there. */
diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c
-index 5b3ceeff36..d36d1d57ae 100644
+index 5ec4b63568..5a6a32f691 100644
--- a/src/resolve/resolvectl.c
+++ b/src/resolve/resolvectl.c
@@ -43,6 +43,7 @@
@@ -561,7 +562,7 @@ index 87c0334fec..402ab3493b 100644
struct CGroupInfo {
char *cgroup_path;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
-index dcce530c99..faf5a5bda0 100644
+index ef134bcee4..48a5c3bec6 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -49,6 +49,7 @@
@@ -585,7 +586,7 @@ index 4a2b7684bc..ee6d687c58 100644
static int name_owner_change_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
sd_event *e = userdata;
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
-index f54b187a1b..299758c7e4 100644
+index 5e0d921487..f9a39b60d9 100644
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -17,6 +17,7 @@
@@ -609,7 +610,7 @@ index c6caf9330a..ebe33bd44a 100644
enum {
IMPORTER_STATE_LINE = 0, /* waiting to read, or reading line */
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
-index cf83eb6bca..e672a003a3 100644
+index e2315e6eb1..65533b412c 100644
--- a/src/shared/logs-show.c
+++ b/src/shared/logs-show.c
@@ -42,6 +42,7 @@
@@ -669,7 +670,7 @@ index cc9a7cb838..a679614a47 100644
TEST(hexchar) {
diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
-index ae92e45205..1e6f3205cb 100644
+index 1084eb2d81..db07b84124 100644
--- a/src/udev/udev-builtin-path_id.c
+++ b/src/udev/udev-builtin-path_id.c
@@ -22,6 +22,7 @@
@@ -693,7 +694,7 @@ index a60e4f294c..571c43765b 100644
typedef struct Spawn {
sd_device *device;
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index 1a384d6b38..0089833e3f 100644
+index cf461e1e68..9d6431d865 100644
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -34,6 +34,7 @@
@@ -704,6 +705,3 @@ index 1a384d6b38..0089833e3f 100644
#define RULES_DIRS (const char* const*) CONF_PATHS_STRV("udev/rules.d")
---
-2.34.1
-
diff --git a/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index b84fbaa67e..f3285b7a31 100644
--- a/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,4 +1,4 @@
-From 74c664bcd6b9a5fcf3466310c07f608d12456f7f Mon Sep 17 00:00:00 2001
+From 5de6ab5196cfd629f4a15f8d0d34f69b1e425715 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 14:56:21 +0800
Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
@@ -115,7 +115,7 @@ index ec8b74f48f..d99a6095df 100644
(void) rm_rf(template, REMOVE_ROOT|REMOVE_PHYSICAL);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index fcab51c208..fdef1807ae 100644
+index 07ef3af0a0..8293661aa7 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -67,6 +67,12 @@
@@ -131,7 +131,7 @@ index fcab51c208..fdef1807ae 100644
/* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
* them in the file system. This is intended to be used to create
* properly owned directories beneath /tmp, /var/tmp, /run, which are
-@@ -1961,7 +1967,9 @@ finish:
+@@ -1958,7 +1964,9 @@ finish:
static int glob_item(Item *i, action_t action) {
_cleanup_globfree_ glob_t g = {
@@ -141,7 +141,7 @@ index fcab51c208..fdef1807ae 100644
};
int r = 0, k;
char **fn;
-@@ -1981,7 +1989,9 @@ static int glob_item(Item *i, action_t action) {
+@@ -1978,7 +1986,9 @@ static int glob_item(Item *i, action_t action) {
static int glob_item_recursively(Item *i, fdaction_t action) {
_cleanup_globfree_ glob_t g = {
diff --git a/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
index 0c0d3d0b62..718dc659c9 100644
--- a/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
@@ -1,4 +1,4 @@
-From a0450f7909348e7ff1d58adc0aee4119a0519c1f Mon Sep 17 00:00:00 2001
+From 427534fec8c205a9a97b20a4075dd84e1faca611 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:00:06 +0800
Subject: [PATCH] add missing FTW_ macros for musl
@@ -49,7 +49,7 @@ index 6c0456349d..5140892e22 100644
+#define FTW_SKIP_SIBLINGS 3
+#endif
diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c
-index 7917968497..cc3d5baaab 100644
+index 7ba579ef63..2d62b1978f 100644
--- a/src/shared/mount-setup.c
+++ b/src/shared/mount-setup.c
@@ -32,6 +32,7 @@
diff --git a/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch b/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
index e7b7269f95..ea2b7f0aa3 100644
--- a/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
+++ b/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
@@ -1,4 +1,4 @@
-From 3ca0920429f7eaf8c59f9ac8afd30a43b83d95ed Mon Sep 17 00:00:00 2001
+From fefd1b6ae9dd75133f86c373ce17d4f15ef05e2d Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:03:47 +0800
Subject: [PATCH] fix missing of __register_atfork for non-glibc builds
@@ -15,7 +15,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
1 file changed, 7 insertions(+)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index c971852158..df6e85b1fc 100644
+index 5e27097cbb..db252b8dfe 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -18,6 +18,9 @@
@@ -28,7 +28,7 @@ index c971852158..df6e85b1fc 100644
#include "alloc-util.h"
#include "architecture.h"
-@@ -1161,11 +1164,15 @@ void reset_cached_pid(void) {
+@@ -1165,11 +1168,15 @@ void reset_cached_pid(void) {
cached_pid = CACHED_PID_UNSET;
}
diff --git a/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch b/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
index 3a47d09e8a..a8e45030ba 100644
--- a/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,4 +1,4 @@
-From 48a791aae7a47a2a08e9e60c18054071a43b8cda Mon Sep 17 00:00:00 2001
+From 4bf0a67c097c53129c772aab6123740d07b66823 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:12:41 +0800
Subject: [PATCH] Use uintmax_t for handling rlim_t
@@ -87,10 +87,10 @@ index 33dfde9d6c..e018fd81fd 100644
return 1;
}
diff --git a/src/core/execute.c b/src/core/execute.c
-index fccfb9268c..90f00e10a5 100644
+index d2a7bf7e7b..0cc806b929 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
-@@ -5633,9 +5633,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+@@ -5671,9 +5671,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
for (unsigned i = 0; i < RLIM_NLIMITS; i++)
if (c->rlimit[i]) {
fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
diff --git a/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch b/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
index 7e4587cc23..a91ecea6be 100644
--- a/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
+++ b/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
@@ -1,4 +1,4 @@
-From e8025c8eefdf1be4bba34c48f3430838f3859c52 Mon Sep 17 00:00:00 2001
+From 755d647dc2e0842b89c29211af839c4e61faf006 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 28 Feb 2018 21:25:22 -0800
Subject: [PATCH] test-sizeof.c: Disable tests for missing typedefs in musl
diff --git a/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index 6eecd3197c..68ad2a32d9 100644
--- a/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,4 +1,4 @@
-From 46fdc959257d60d9b32953cae0152ae118f8564b Mon Sep 17 00:00:00 2001
+From 5667af9b7ee73ee5a003221aaca5337c306469c7 Mon Sep 17 00:00:00 2001
From: Andre McCurdy <armccurdy@gmail.com>
Date: Tue, 10 Oct 2017 14:33:30 -0700
Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
@@ -65,7 +65,7 @@ index 0bbb3f6298..3dc494dbfb 100644
int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode);
int touch(const char *path);
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
-index 5f5328c8cf..d396bc99fe 100644
+index 2847bcb0fb..fc534435d3 100644
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -117,7 +117,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) {
diff --git a/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index 7b22d6214f..76642f90f6 100644
--- a/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,4 +1,4 @@
-From d0bdce977b7acc5e45e82cf84256c4bedc0e74c4 Mon Sep 17 00:00:00 2001
+From 1a1ae5dfb989af0e5f6294e26e0c12f49705860b Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 27 May 2018 08:36:44 -0700
Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
diff --git a/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index 015347cb6a..60ff964e7d 100644
--- a/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,4 +1,4 @@
-From e480d28305907c3874f4e58b722b8aa43c3ac7a2 Mon Sep 17 00:00:00 2001
+From 61158232373ec55693e8fa4513b8fcdfb875ecda Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 4 Jul 2018 15:00:44 +0800
Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
@@ -25,10 +25,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index df6e85b1fc..635dbb5d26 100644
+index db252b8dfe..66bdc74b3f 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
-@@ -1489,7 +1489,7 @@ int set_oom_score_adjust(int value) {
+@@ -1493,7 +1493,7 @@ int set_oom_score_adjust(int value) {
xsprintf(t, "%i", value);
return write_string_file("/proc/self/oom_score_adj", t,
diff --git a/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index c563982607..2312dcde68 100644
--- a/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,4 +1,4 @@
-From 0542d27ebbb250c09bdcfcf9f2ea3d27426fe522 Mon Sep 17 00:00:00 2001
+From 3a3c61daffa79ce7b70b6b851110ce13c652d731 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Tue, 10 Jul 2018 15:40:17 +0800
Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
diff --git a/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch b/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
index 1fcba7af08..943e2b2889 100644
--- a/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,4 +1,4 @@
-From e1d0210b47906dd121f936f3181092835df6a95c Mon Sep 17 00:00:00 2001
+From b90e69cab3da08fa890e8d276be4d02e39cd83aa Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:44:54 +0800
Subject: [PATCH] avoid redefinition of prctl_mm_map structure
diff --git a/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch b/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
index 82a01f732e..776fcdd6ca 100644
--- a/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
+++ b/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
@@ -1,4 +1,4 @@
-From e10a73de254b570bbc29b26423dbb86b4265bb05 Mon Sep 17 00:00:00 2001
+From 4f39aa56e738d99ac04e73ba75713db7e05f7252 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 16:53:06 +0800
Subject: [PATCH] test-json.c: define M_PIl
@@ -19,7 +19,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
1 file changed, 4 insertions(+)
diff --git a/src/test/test-json.c b/src/test/test-json.c
-index b385edc269..5e5830238c 100644
+index 2aecbe3557..f7112dc374 100644
--- a/src/test/test-json.c
+++ b/src/test/test-json.c
@@ -14,6 +14,10 @@
diff --git a/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
index 4dd6ff6e2e..8e1b8f25fa 100644
--- a/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
+++ b/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
@@ -1,4 +1,4 @@
-From 414e2f97008a1f3c26a260a6dc4d51a8c1fa6900 Mon Sep 17 00:00:00 2001
+From e79028fbfcc3036df8c2de9d199e4d89cbfff017 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Fri, 1 Mar 2019 15:22:15 +0800
Subject: [PATCH] do not disable buffer in writing files
@@ -44,10 +44,10 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
21 files changed, 39 insertions(+), 40 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index f7dc6c8421..5f7a27c2c4 100644
+index d3bed80620..9af2339353 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
-@@ -390,7 +390,7 @@ int cg_kill_kernel_sigkill(const char *controller, const char *path) {
+@@ -399,7 +399,7 @@ int cg_kill_kernel_sigkill(const char *controller, const char *path) {
if (r < 0)
return r;
@@ -56,7 +56,7 @@ index f7dc6c8421..5f7a27c2c4 100644
if (r < 0)
return r;
-@@ -803,7 +803,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -812,7 +812,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
sc = strstrip(contents);
if (isempty(sc)) {
@@ -65,7 +65,7 @@ index f7dc6c8421..5f7a27c2c4 100644
if (r < 0)
return r;
} else if (!path_equal(sc, agent))
-@@ -821,7 +821,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
+@@ -830,7 +830,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
sc = strstrip(contents);
if (streq(sc, "0")) {
@@ -74,7 +74,7 @@ index f7dc6c8421..5f7a27c2c4 100644
if (r < 0)
return r;
-@@ -848,7 +848,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -857,7 +857,7 @@ int cg_uninstall_release_agent(const char *controller) {
if (r < 0)
return r;
@@ -83,7 +83,7 @@ index f7dc6c8421..5f7a27c2c4 100644
if (r < 0)
return r;
-@@ -858,7 +858,7 @@ int cg_uninstall_release_agent(const char *controller) {
+@@ -867,7 +867,7 @@ int cg_uninstall_release_agent(const char *controller) {
if (r < 0)
return r;
@@ -92,7 +92,7 @@ index f7dc6c8421..5f7a27c2c4 100644
if (r < 0)
return r;
-@@ -1704,7 +1704,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
+@@ -1713,7 +1713,7 @@ int cg_set_attribute(const char *controller, const char *path, const char *attri
if (r < 0)
return r;
@@ -198,7 +198,7 @@ index 18231c2618..6c598d55c8 100644
log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m");
else
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index f58de95a49..7a97ab6f99 100644
+index 79681c65be..a346e5d35c 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -4140,7 +4140,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
@@ -211,10 +211,10 @@ index f58de95a49..7a97ab6f99 100644
return r;
diff --git a/src/core/main.c b/src/core/main.c
-index 57aedb9b93..7ef36d22f5 100644
+index 5914be6a83..a4706203f1 100644
--- a/src/core/main.c
+++ b/src/core/main.c
-@@ -1466,7 +1466,7 @@ static int bump_unix_max_dgram_qlen(void) {
+@@ -1468,7 +1468,7 @@ static int bump_unix_max_dgram_qlen(void) {
if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
return 0;
@@ -223,7 +223,7 @@ index 57aedb9b93..7ef36d22f5 100644
"%lu", DEFAULT_UNIX_MAX_DGRAM_QLEN);
if (r < 0)
return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
-@@ -1737,7 +1737,7 @@ static void initialize_core_pattern(bool skip_setup) {
+@@ -1739,7 +1739,7 @@ static void initialize_core_pattern(bool skip_setup) {
if (getpid_cached() != 1)
return;
@@ -285,10 +285,10 @@ index 9fdc74b775..9858a2b415 100644
log_warning_errno(r, "Failed to drop caches, ignoring: %m");
else
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
-index b163a0fb6b..fd6c5301d6 100644
+index 718a92549d..104222bb16 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
-@@ -2108,7 +2108,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
+@@ -2111,7 +2111,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
if (!value)
return -ENOMEM;
@@ -311,10 +311,10 @@ index d472e80c03..c7780c7fc6 100644
log_error_errno(r, "Failed to move process: %m");
goto finish;
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index fb6af295b5..0d83f1e4d2 100644
+index 573419d7f3..97a81ff8f8 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
-@@ -2759,7 +2759,7 @@ static int reset_audit_loginuid(void) {
+@@ -2768,7 +2768,7 @@ static int reset_audit_loginuid(void) {
if (streq(p, "4294967295"))
return 0;
@@ -323,7 +323,7 @@ index fb6af295b5..0d83f1e4d2 100644
if (r < 0) {
log_error_errno(r,
"Failed to reset audit login UID. This probably means that your kernel is too\n"
-@@ -4175,7 +4175,7 @@ static int setup_uid_map(
+@@ -4184,7 +4184,7 @@ static int setup_uid_map(
return log_oom();
xsprintf(uid_map, "/proc/" PID_FMT "/uid_map", pid);
@@ -332,7 +332,7 @@ index fb6af295b5..0d83f1e4d2 100644
if (r < 0)
return log_error_errno(r, "Failed to write UID map: %m");
-@@ -4185,7 +4185,7 @@ static int setup_uid_map(
+@@ -4194,7 +4194,7 @@ static int setup_uid_map(
return log_oom();
xsprintf(uid_map, "/proc/" PID_FMT "/gid_map", pid);
@@ -441,7 +441,7 @@ index 7064f3a905..8f2a7d9da2 100644
return 0;
log_debug_errno(k, "Failed to write '%s' to /sys/power/state: %m", *state);
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index 0089833e3f..0a6a3abbb4 100644
+index 9d6431d865..c162b6dbfe 100644
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -2181,7 +2181,6 @@ static int udev_rule_apply_token_to_event(
diff --git a/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch b/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
index 6981d70af0..33cbb66703 100644
--- a/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
+++ b/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
@@ -1,4 +1,4 @@
-From 8871f78c559f37169c0cfaf20b0af1dbec0399af Mon Sep 17 00:00:00 2001
+From 7a270f66384e95635ac512429b4cd51f817e3494 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Fri, 13 Sep 2019 19:26:27 -0400
Subject: [PATCH] Handle __cpu_mask usage
diff --git a/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
index 2c56838644..c6982af910 100644
--- a/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
+++ b/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
@@ -1,4 +1,4 @@
-From ec519727bb1ceda6e7787ccf86237a6aad07137c Mon Sep 17 00:00:00 2001
+From cac47a8efdf76eec005275162fbf28300dffc13c Mon Sep 17 00:00:00 2001
From: Alex Kiernan <alex.kiernan@gmail.com>
Date: Tue, 10 Mar 2020 11:05:20 +0000
Subject: [PATCH] Handle missing gshadow
@@ -139,7 +139,7 @@ index 22ab04d6ee..4e52e7a911 100644
#include <shadow.h>
diff --git a/src/shared/userdb.c b/src/shared/userdb.c
-index 0eddd382e6..d506b8e263 100644
+index ec0c835cad..5e4b1028c6 100644
--- a/src/shared/userdb.c
+++ b/src/shared/userdb.c
@@ -1046,13 +1046,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
diff --git a/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index 6c97a272e2..0845569c91 100644
--- a/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,4 +1,4 @@
-From 754a16eeb255c06dbdd4655632276573f0f075ec Mon Sep 17 00:00:00 2001
+From bf6d00a780db808de6a5dfc28e24906f699fd60e Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 12 Apr 2021 23:44:53 -0700
Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
@@ -34,7 +34,7 @@ index 793d111c55..9665848b88 100644
#include "missing_keyctl.h"
#include "missing_stat.h"
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
-index d396bc99fe..7e9c0c3412 100644
+index fc534435d3..5929ca1fce 100644
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -19,6 +19,7 @@
diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
deleted file mode 100644
index eb8b0cba12..0000000000
--- a/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From bff52d96598956163d73b7c7bdec7b0ad5b3c2d4 Mon Sep 17 00:00:00 2001
-From: Hitendra Prajapati <hprajapati@mvista.com>
-Date: Tue, 15 Nov 2022 16:52:03 +0530
-Subject: [PATCH] CVE-2022-3821
-
-Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7]
-CVE: CVE-2022-3821
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/basic/time-util.c | 2 +-
- src/test/test-time-util.c | 5 +++++
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/basic/time-util.c b/src/basic/time-util.c
-index b659d6905d..89dc593d44 100644
---- a/src/basic/time-util.c
-+++ b/src/basic/time-util.c
-@@ -588,7 +588,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) {
- t = b;
- }
-
-- n = MIN((size_t) k, l);
-+ n = MIN((size_t) k, l-1);
-
- l -= n;
- p += n;
-diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
-index 4d0131827e..8db6b25279 100644
---- a/src/test/test-time-util.c
-+++ b/src/test/test-time-util.c
-@@ -238,6 +238,11 @@ TEST(format_timespan) {
- test_format_timespan_accuracy(1);
- test_format_timespan_accuracy(USEC_PER_MSEC);
- test_format_timespan_accuracy(USEC_PER_SEC);
-+
-+ /* See issue #23928. */
-+ _cleanup_free_ char *buf;
-+ assert_se(buf = new(char, 5));
-+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
- }
-
- TEST(verify_timezone) {
---
-2.25.1
-
diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch b/meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch
deleted file mode 100644
index 5cf0fe284e..0000000000
--- a/meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 45d323fc889a55fae400a5b08a56273d5724ef4a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 29 Nov 2022 09:00:16 +0100
-Subject: [PATCH 1/2] coredump: adjust whitespace
-
-(cherry picked from commit 510a146634f3e095b34e2a26023b1b1f99dcb8c0)
-(cherry picked from commit cc2eb7a9b5fd6d9dd8ea35fb045ce6e5e16e1187)
-(cherry picked from commit cb044d734c44cd3c05a6e438b5b995b2a9cfa73c)
-
-Preparation to avoid conflicts when applying CVE CVE-2022-4415
-Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/45d323fc889a55fae400a5b08a56273d5724ef4a]
-
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- src/coredump/coredump.c | 56 ++++++++++++++++++++---------------------
- 1 file changed, 28 insertions(+), 28 deletions(-)
-
-diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
-index eaea63f682..8295b03ac7 100644
---- a/src/coredump/coredump.c
-+++ b/src/coredump/coredump.c
-@@ -103,16 +103,16 @@ enum {
- };
-
- static const char * const meta_field_names[_META_MAX] = {
-- [META_ARGV_PID] = "COREDUMP_PID=",
-- [META_ARGV_UID] = "COREDUMP_UID=",
-- [META_ARGV_GID] = "COREDUMP_GID=",
-- [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=",
-- [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=",
-- [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=",
-- [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=",
-- [META_COMM] = "COREDUMP_COMM=",
-- [META_EXE] = "COREDUMP_EXE=",
-- [META_UNIT] = "COREDUMP_UNIT=",
-+ [META_ARGV_PID] = "COREDUMP_PID=",
-+ [META_ARGV_UID] = "COREDUMP_UID=",
-+ [META_ARGV_GID] = "COREDUMP_GID=",
-+ [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=",
-+ [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=",
-+ [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=",
-+ [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=",
-+ [META_COMM] = "COREDUMP_COMM=",
-+ [META_EXE] = "COREDUMP_EXE=",
-+ [META_UNIT] = "COREDUMP_UNIT=",
- };
-
- typedef struct Context {
-@@ -131,9 +131,9 @@ typedef enum CoredumpStorage {
- } CoredumpStorage;
-
- static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = {
-- [COREDUMP_STORAGE_NONE] = "none",
-+ [COREDUMP_STORAGE_NONE] = "none",
- [COREDUMP_STORAGE_EXTERNAL] = "external",
-- [COREDUMP_STORAGE_JOURNAL] = "journal",
-+ [COREDUMP_STORAGE_JOURNAL] = "journal",
- };
-
- DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage);
-@@ -149,13 +149,13 @@ static uint64_t arg_max_use = UINT64_MAX;
-
- static int parse_config(void) {
- static const ConfigTableItem items[] = {
-- { "Coredump", "Storage", config_parse_coredump_storage, 0, &arg_storage },
-- { "Coredump", "Compress", config_parse_bool, 0, &arg_compress },
-- { "Coredump", "ProcessSizeMax", config_parse_iec_uint64, 0, &arg_process_size_max },
-- { "Coredump", "ExternalSizeMax", config_parse_iec_uint64_infinity, 0, &arg_external_size_max },
-- { "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max },
-- { "Coredump", "KeepFree", config_parse_iec_uint64, 0, &arg_keep_free },
-- { "Coredump", "MaxUse", config_parse_iec_uint64, 0, &arg_max_use },
-+ { "Coredump", "Storage", config_parse_coredump_storage, 0, &arg_storage },
-+ { "Coredump", "Compress", config_parse_bool, 0, &arg_compress },
-+ { "Coredump", "ProcessSizeMax", config_parse_iec_uint64, 0, &arg_process_size_max },
-+ { "Coredump", "ExternalSizeMax", config_parse_iec_uint64_infinity, 0, &arg_external_size_max },
-+ { "Coredump", "JournalSizeMax", config_parse_iec_size, 0, &arg_journal_size_max },
-+ { "Coredump", "KeepFree", config_parse_iec_uint64, 0, &arg_keep_free },
-+ { "Coredump", "MaxUse", config_parse_iec_uint64, 0, &arg_max_use },
- {}
- };
-
-@@ -201,15 +201,15 @@ static int fix_acl(int fd, uid_t uid) {
- static int fix_xattr(int fd, const Context *context) {
-
- static const char * const xattrs[_META_MAX] = {
-- [META_ARGV_PID] = "user.coredump.pid",
-- [META_ARGV_UID] = "user.coredump.uid",
-- [META_ARGV_GID] = "user.coredump.gid",
-- [META_ARGV_SIGNAL] = "user.coredump.signal",
-- [META_ARGV_TIMESTAMP] = "user.coredump.timestamp",
-- [META_ARGV_RLIMIT] = "user.coredump.rlimit",
-- [META_ARGV_HOSTNAME] = "user.coredump.hostname",
-- [META_COMM] = "user.coredump.comm",
-- [META_EXE] = "user.coredump.exe",
-+ [META_ARGV_PID] = "user.coredump.pid",
-+ [META_ARGV_UID] = "user.coredump.uid",
-+ [META_ARGV_GID] = "user.coredump.gid",
-+ [META_ARGV_SIGNAL] = "user.coredump.signal",
-+ [META_ARGV_TIMESTAMP] = "user.coredump.timestamp",
-+ [META_ARGV_RLIMIT] = "user.coredump.rlimit",
-+ [META_ARGV_HOSTNAME] = "user.coredump.hostname",
-+ [META_COMM] = "user.coredump.comm",
-+ [META_EXE] = "user.coredump.exe",
- };
-
- int r = 0;
---
-2.30.2
-
diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch b/meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch
deleted file mode 100644
index 8389ee8cd6..0000000000
--- a/meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch
+++ /dev/null
@@ -1,391 +0,0 @@
-From 1d5e0e9910500f3c3584485f77bfc35e601036e3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 28 Nov 2022 12:12:55 +0100
-Subject: [PATCH 2/2] coredump: do not allow user to access coredumps with
- changed uid/gid/capabilities
-
-When the user starts a program which elevates its permissions via setuid,
-setgid, or capabilities set on the file, it may access additional information
-which would then be visible in the coredump. We shouldn't make the the coredump
-visible to the user in such cases.
-
-Reported-by: Matthias Gerstner <mgerstner@suse.de>
-
-This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
-PROC_AUXV. Before the coredump is submitted, it is parsed and if either
-at_secure was set (which the kernel will do for processes that are setuid,
-setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
-is not made accessible to the user. If we can't access this data, we assume the
-file should not be made accessible either. In principle we could also access
-the auxv data from a note in the core file, but that is much more complex and
-it seems better to use the stand-alone file that is provided by the kernel.
-
-Attaching auxv is both convient for this patch (because this way it's passed
-between the stages along with other fields), but I think it makes sense to save
-it in general.
-
-We use the information early in the core file to figure out if the program was
-32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
-whether the format of the auxv structure. This test might reject some cases on
-fringe architecutes. But the impact would be limited: we just won't grant the
-user permissions to view the coredump file. If people report that we're missing
-some cases, we can always enhance this to support more architectures.
-
-I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
-ppc64el, but not the whole coredump handling.
-
-(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03)
-(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c)
-(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57)
-
-CVE: CVE-2022-4415
-Upstream-Status: Backport [https://github.com/systemd/systemd-stable/commit/1d5e0e9910500f3c3584485f77bfc35e601036e3]
-
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- src/basic/io-util.h | 9 ++
- src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++---
- 2 files changed, 192 insertions(+), 13 deletions(-)
-
-diff --git a/src/basic/io-util.h b/src/basic/io-util.h
-index 39728e06bc..3afb134266 100644
---- a/src/basic/io-util.h
-+++ b/src/basic/io-util.h
-@@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void);
- struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw);
- struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw);
- void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors);
-+
- int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len);
-+static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) {
-+ /* Move data into iovw or free on error */
-+ int r = iovw_put(iovw, data, len);
-+ if (r < 0)
-+ free(data);
-+ return r;
-+}
-+
- int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value);
- int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value);
- void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new);
-diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
-index 8295b03ac7..79280ab986 100644
---- a/src/coredump/coredump.c
-+++ b/src/coredump/coredump.c
-@@ -4,6 +4,7 @@
- #include <stdio.h>
- #include <sys/prctl.h>
- #include <sys/statvfs.h>
-+#include <sys/auxv.h>
- #include <sys/xattr.h>
- #include <unistd.h>
-
-@@ -99,6 +100,7 @@ enum {
-
- META_EXE = _META_MANDATORY_MAX,
- META_UNIT,
-+ META_PROC_AUXV,
- _META_MAX
- };
-
-@@ -113,10 +115,12 @@ static const char * const meta_field_names[_META_MAX] = {
- [META_COMM] = "COREDUMP_COMM=",
- [META_EXE] = "COREDUMP_EXE=",
- [META_UNIT] = "COREDUMP_UNIT=",
-+ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=",
- };
-
- typedef struct Context {
- const char *meta[_META_MAX];
-+ size_t meta_size[_META_MAX];
- pid_t pid;
- bool is_pid1;
- bool is_journald;
-@@ -178,13 +182,16 @@ static uint64_t storage_size_max(void) {
- return 0;
- }
-
--static int fix_acl(int fd, uid_t uid) {
-+static int fix_acl(int fd, uid_t uid, bool allow_user) {
-+ assert(fd >= 0);
-+ assert(uid_is_valid(uid));
-
- #if HAVE_ACL
- int r;
-
-- assert(fd >= 0);
-- assert(uid_is_valid(uid));
-+ /* We don't allow users to read coredumps if the uid or capabilities were changed. */
-+ if (!allow_user)
-+ return 0;
-
- if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
- return 0;
-@@ -244,7 +251,8 @@ static int fix_permissions(
- const char *filename,
- const char *target,
- const Context *context,
-- uid_t uid) {
-+ uid_t uid,
-+ bool allow_user) {
-
- int r;
-
-@@ -254,7 +262,7 @@ static int fix_permissions(
-
- /* Ignore errors on these */
- (void) fchmod(fd, 0640);
-- (void) fix_acl(fd, uid);
-+ (void) fix_acl(fd, uid, allow_user);
- (void) fix_xattr(fd, context);
-
- r = fsync_full(fd);
-@@ -324,6 +332,153 @@ static int make_filename(const Context *context, char **ret) {
- return 0;
- }
-
-+static int parse_auxv64(
-+ const uint64_t *auxv,
-+ size_t size_bytes,
-+ int *at_secure,
-+ uid_t *uid,
-+ uid_t *euid,
-+ gid_t *gid,
-+ gid_t *egid) {
-+
-+ assert(auxv || size_bytes == 0);
-+
-+ if (size_bytes % (2 * sizeof(uint64_t)) != 0)
-+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
-+
-+ size_t words = size_bytes / sizeof(uint64_t);
-+
-+ /* Note that we set output variables even on error. */
-+
-+ for (size_t i = 0; i + 1 < words; i += 2)
-+ switch (auxv[i]) {
-+ case AT_SECURE:
-+ *at_secure = auxv[i + 1] != 0;
-+ break;
-+ case AT_UID:
-+ *uid = auxv[i + 1];
-+ break;
-+ case AT_EUID:
-+ *euid = auxv[i + 1];
-+ break;
-+ case AT_GID:
-+ *gid = auxv[i + 1];
-+ break;
-+ case AT_EGID:
-+ *egid = auxv[i + 1];
-+ break;
-+ case AT_NULL:
-+ if (auxv[i + 1] != 0)
-+ goto error;
-+ return 0;
-+ }
-+ error:
-+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
-+ "AT_NULL terminator not found, cannot parse auxv structure.");
-+}
-+
-+static int parse_auxv32(
-+ const uint32_t *auxv,
-+ size_t size_bytes,
-+ int *at_secure,
-+ uid_t *uid,
-+ uid_t *euid,
-+ gid_t *gid,
-+ gid_t *egid) {
-+
-+ assert(auxv || size_bytes == 0);
-+
-+ size_t words = size_bytes / sizeof(uint32_t);
-+
-+ if (size_bytes % (2 * sizeof(uint32_t)) != 0)
-+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
-+
-+ /* Note that we set output variables even on error. */
-+
-+ for (size_t i = 0; i + 1 < words; i += 2)
-+ switch (auxv[i]) {
-+ case AT_SECURE:
-+ *at_secure = auxv[i + 1] != 0;
-+ break;
-+ case AT_UID:
-+ *uid = auxv[i + 1];
-+ break;
-+ case AT_EUID:
-+ *euid = auxv[i + 1];
-+ break;
-+ case AT_GID:
-+ *gid = auxv[i + 1];
-+ break;
-+ case AT_EGID:
-+ *egid = auxv[i + 1];
-+ break;
-+ case AT_NULL:
-+ if (auxv[i + 1] != 0)
-+ goto error;
-+ return 0;
-+ }
-+ error:
-+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
-+ "AT_NULL terminator not found, cannot parse auxv structure.");
-+}
-+
-+static int grant_user_access(int core_fd, const Context *context) {
-+ int at_secure = -1;
-+ uid_t uid = UID_INVALID, euid = UID_INVALID;
-+ uid_t gid = GID_INVALID, egid = GID_INVALID;
-+ int r;
-+
-+ assert(core_fd >= 0);
-+ assert(context);
-+
-+ if (!context->meta[META_PROC_AUXV])
-+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions.");
-+
-+ uint8_t elf[EI_NIDENT];
-+ errno = 0;
-+ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf))
-+ return log_warning_errno(errno_or_else(EIO),
-+ "Failed to pread from coredump fd: %s", errno != 0 ? strerror_safe(errno) : "Unexpected EOF");
-+
-+ if (elf[EI_MAG0] != ELFMAG0 ||
-+ elf[EI_MAG1] != ELFMAG1 ||
-+ elf[EI_MAG2] != ELFMAG2 ||
-+ elf[EI_MAG3] != ELFMAG3 ||
-+ elf[EI_VERSION] != EV_CURRENT)
-+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
-+ "Core file does not have ELF header, not adjusting permissions.");
-+ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) ||
-+ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB))
-+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
-+ "Core file has strange ELF class, not adjusting permissions.");
-+
-+ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN))
-+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
-+ "Core file has non-native endianness, not adjusting permissions.");
-+
-+ if (elf[EI_CLASS] == ELFCLASS64)
-+ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV],
-+ context->meta_size[META_PROC_AUXV],
-+ &at_secure, &uid, &euid, &gid, &egid);
-+ else
-+ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV],
-+ context->meta_size[META_PROC_AUXV],
-+ &at_secure, &uid, &euid, &gid, &egid);
-+ if (r < 0)
-+ return r;
-+
-+ /* We allow access if we got all the data and at_secure is not set and
-+ * the uid/gid matches euid/egid. */
-+ bool ret =
-+ at_secure == 0 &&
-+ uid != UID_INVALID && euid != UID_INVALID && uid == euid &&
-+ gid != GID_INVALID && egid != GID_INVALID && gid == egid;
-+ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)",
-+ ret ? "permit" : "restrict",
-+ uid, euid, gid, egid, yes_no(at_secure));
-+ return ret;
-+}
-+
- static int save_external_coredump(
- const Context *context,
- int input_fd,
-@@ -446,6 +601,8 @@ static int save_external_coredump(
- context->meta[META_ARGV_PID], context->meta[META_COMM]);
- truncated = r == 1;
-
-+ bool allow_user = grant_user_access(fd, context) > 0;
-+
- #if HAVE_COMPRESSION
- if (arg_compress) {
- _cleanup_(unlink_and_freep) char *tmp_compressed = NULL;
-@@ -483,7 +640,7 @@ static int save_external_coredump(
- uncompressed_size += partial_uncompressed_size;
- }
-
-- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
-+ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user);
- if (r < 0)
- return r;
-
-@@ -510,7 +667,7 @@ static int save_external_coredump(
- "SIZE_LIMIT=%zu", max_size,
- "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR);
-
-- r = fix_permissions(fd, tmp, fn, context, uid);
-+ r = fix_permissions(fd, tmp, fn, context, uid, allow_user);
- if (r < 0)
- return log_error_errno(r, "Failed to fix permissions and finalize coredump %s into %s: %m", coredump_tmpfile_name(tmp), fn);
-
-@@ -758,7 +915,7 @@ static int change_uid_gid(const Context *context) {
- }
-
- static int submit_coredump(
-- Context *context,
-+ const Context *context,
- struct iovec_wrapper *iovw,
- int input_fd) {
-
-@@ -919,16 +1076,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) {
- struct iovec *iovec = iovw->iovec + n;
-
- for (size_t i = 0; i < ELEMENTSOF(meta_field_names); i++) {
-- char *p;
--
- /* Note that these strings are NUL terminated, because we made sure that a
- * trailing NUL byte is in the buffer, though not included in the iov_len
- * count (see process_socket() and gather_pid_metadata_*()) */
- assert(((char*) iovec->iov_base)[iovec->iov_len] == 0);
-
-- p = startswith(iovec->iov_base, meta_field_names[i]);
-+ const char *p = startswith(iovec->iov_base, meta_field_names[i]);
- if (p) {
- context->meta[i] = p;
-+ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]);
- count++;
- break;
- }
-@@ -1170,6 +1326,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) {
- uid_t owner_uid;
- pid_t pid;
- char *t;
-+ size_t size;
- const char *p;
- int r;
-
-@@ -1234,13 +1391,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) {
- (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t);
-
- p = procfs_file_alloca(pid, "cgroup");
-- if (read_full_virtual_file(p, &t, NULL) >=0)
-+ if (read_full_virtual_file(p, &t, NULL) >= 0)
- (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t);
-
- p = procfs_file_alloca(pid, "mountinfo");
-- if (read_full_virtual_file(p, &t, NULL) >=0)
-+ if (read_full_virtual_file(p, &t, NULL) >= 0)
- (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t);
-
-+ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */
-+ p = procfs_file_alloca(pid, "auxv");
-+ if (read_full_virtual_file(p, &t, &size) >= 0) {
-+ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1);
-+ if (buf) {
-+ /* Add a dummy terminator to make save_context() happy. */
-+ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0';
-+ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV="));
-+ }
-+
-+ free(t);
-+ }
-+
- if (get_process_cwd(pid, &t) >= 0)
- (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t);
-
---
-2.30.2
-
diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch b/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
deleted file mode 100644
index 94bd22ca43..0000000000
--- a/meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 076b807be472630692c5348c60d0c2b7b28ad437 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 18 Oct 2022 18:23:53 +0200
-Subject: [PATCH] coredump: avoid deadlock when passing processed backtrace
- data
-
-We would deadlock when passing the data back from the forked-off process that
-was doing backtrace generation back to the coredump parent. This is because we
-fork the child and wait for it to exit. The child tries to write too much data
-to the output pipe, and and after the first 64k blocks on the parent because
-the pipe is full. The bug surfaced in Fedora because of a combination of four
-factors:
-- 87707784c70dc9894ec613df0a6e75e732a362a3 was backported to v251.5, which
- allowed coredump processing to be successful.
-- 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a was NOT backported, so the output
- was very verbose.
-- Fedora has the ELF package metadata available, so a lot of output can be
- generated. Most other distros just don't have the information.
-- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
- are generated for it.
-
-Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.
-
-The code is changed to try to write data opportunistically. If we get partial
-information, that is still logged. In is generally better to log partial
-backtrace information than nothing at all.
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437]
-CVE: CVE-2022-45873
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/shared/elf-util.c | 37 +++++++++++++++++++++++++++++++------
- 1 file changed, 31 insertions(+), 6 deletions(-)
-
-diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
-index 6d9fcfbbf2..bd27507346 100644
---- a/src/shared/elf-util.c
-+++ b/src/shared/elf-util.c
-@@ -30,6 +30,9 @@
- #define THREADS_MAX 64
- #define ELF_PACKAGE_METADATA_ID 0xcafe1a7e
-
-+/* The amount of data we're willing to write to each of the output pipes. */
-+#define COREDUMP_PIPE_MAX (1024*1024U)
-+
- static void *dw_dl = NULL;
- static void *elf_dl = NULL;
-
-@@ -700,13 +703,13 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
- return r;
-
- if (ret) {
-- r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC));
-+ r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC|O_NONBLOCK));
- if (r < 0)
- return r;
- }
-
- if (ret_package_metadata) {
-- r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC));
-+ r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC|O_NONBLOCK));
- if (r < 0)
- return r;
- }
-@@ -750,8 +753,24 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
- goto child_fail;
-
- if (buf) {
-- r = loop_write(return_pipe[1], buf, strlen(buf), false);
-- if (r < 0)
-+ size_t len = strlen(buf);
-+
-+ if (len > COREDUMP_PIPE_MAX) {
-+ /* This is iffy. A backtrace can be a few hundred kilobytes, but too much is
-+ * too much. Let's log a warning and ignore the rest. */
-+ log_warning("Generated backtrace is %zu bytes (more than the limit of %u bytes), backtrace will be truncated.",
-+ len, COREDUMP_PIPE_MAX);
-+ len = COREDUMP_PIPE_MAX;
-+ }
-+
-+ /* Bump the space for the returned string.
-+ * Failure is ignored, because partial output is still useful. */
-+ (void) fcntl(return_pipe[1], F_SETPIPE_SZ, len);
-+
-+ r = loop_write(return_pipe[1], buf, len, false);
-+ if (r == -EAGAIN)
-+ log_warning("Write failed, backtrace will be truncated.");
-+ else if (r < 0)
- goto child_fail;
-
- return_pipe[1] = safe_close(return_pipe[1]);
-@@ -760,13 +779,19 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
- if (package_metadata) {
- _cleanup_fclose_ FILE *json_out = NULL;
-
-+ /* Bump the space for the returned string. We don't know how much space we'll need in
-+ * advance, so we'll just try to write as much as possible and maybe fail later. */
-+ (void) fcntl(json_pipe[1], F_SETPIPE_SZ, COREDUMP_PIPE_MAX);
-+
- json_out = take_fdopen(&json_pipe[1], "w");
- if (!json_out) {
- r = -errno;
- goto child_fail;
- }
-
-- json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
-+ r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
-+ if (r < 0)
-+ log_warning_errno(r, "Failed to write JSON package metadata, ignoring: %m");
- }
-
- _exit(EXIT_SUCCESS);
-@@ -801,7 +826,7 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
-
- r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL);
- if (r < 0 && r != -EINVAL) /* EINVAL: json was empty, so we got nothing, but that's ok */
-- return r;
-+ log_warning_errno(r, "Failed to read or parse json metadata, ignoring: %m");
- }
-
- if (ret)
---
-2.25.1
-
diff --git a/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch b/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
deleted file mode 100644
index e2296abc49..0000000000
--- a/meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Wed, 20 Dec 2023 16:44:14 +0100
-Subject: [PATCH] resolved: actually check authenticated flag of SOA
- transaction
-
-Fixes #25676
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1]
-CVE: CVE-2023-7008
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/resolve/resolved-dns-transaction.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
-index f937f9f7b5..7deb598400 100644
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2761,7 +2761,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
- if (r == 0)
- continue;
-
-- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
-+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
- }
-
- return true;
-@@ -2788,7 +2788,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
- /* We found the transaction that was supposed to find the SOA RR for us. It was
- * successful, but found no RR for us. This means we are not at a zone cut. In this
- * case, we require authentication if the SOA lookup was authenticated too. */
-- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
-+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
- }
-
- return true;
---
-2.25.1
-
diff --git a/meta/recipes-core/systemd/systemd_250.5.bb b/meta/recipes-core/systemd/systemd_250.14.bb
similarity index 99%
rename from meta/recipes-core/systemd/systemd_250.5.bb
rename to meta/recipes-core/systemd/systemd_250.14.bb
index 4d520c85f3..ef0476fad9 100644
--- a/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/meta/recipes-core/systemd/systemd_250.14.bb
@@ -25,15 +25,10 @@ SRC_URI += "file://touchscreen.rules \
file://0003-implment-systemd-sysv-install-for-OE.patch \
file://0001-Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-to-.patch \
file://0001-resolve-Use-sockaddr-pointer-type-for-bind.patch \
- file://CVE-2022-3821.patch \
- file://CVE-2022-45873.patch \
- file://0001-shared-json-allow-json_variant_dump-to-return-an-err.patch \
- file://CVE-2022-4415-1.patch \
- file://CVE-2022-4415-2.patch \
file://0001-network-remove-only-managed-configs-on-reconfigure-o.patch \
file://0001-nspawn-make-sure-host-root-can-write-to-the-uidmappe.patch \
- file://CVE-2023-7008.patch \
file://fix-vlan-qos-mapping.patch \
+ file://0001-core-fix-build-when-seccomp-is-off.patch \
"
# patches needed by musl
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 11/15] boost: fix do_fetch error
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 10/15] systemd: upgrade 250.5 -> 250.14 Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 12/15] virglrenderer: " Steve Sakoman
` (3 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Jiaying Song <jsong-cn@ala-lpggp7.wrs.com>
Change the SRC_URI to the correct value due to the following error:
WARNING: boost-native-1.86.0-r0 do_fetch: Checksum failure encountered with download of https://boostorg.jfrog.io/artifactory/main/release/1.86.0/source/boost_1_86_0.tar.bz2 - will attempt other sources if available
Signed-off-by: Jiaying Song <jsong-cn@ala-lpggp7.wrs.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
backport to kirkstone.
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/boost/boost-1.78.0.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/boost/boost-1.78.0.inc b/meta/recipes-support/boost/boost-1.78.0.inc
index 729a47b54f..98f4f7ff30 100644
--- a/meta/recipes-support/boost/boost-1.78.0.inc
+++ b/meta/recipes-support/boost/boost-1.78.0.inc
@@ -11,7 +11,7 @@ BOOST_VER = "${@"_".join(d.getVar("PV").split("."))}"
BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
BOOST_P = "boost_${BOOST_VER}"
-SRC_URI = "https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2"
+SRC_URI = "https://archives.boost.io/release/${PV}/source/${BOOST_P}.tar.bz2"
SRC_URI[sha256sum] = "8681f175d4bdb26c52222665793eef08490d7758529330f98d3b29dd0735bccc"
UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 12/15] virglrenderer: fix do_fetch error
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 11/15] boost: fix do_fetch error Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 13/15] meta: Enable '-o pipefail' for the SDK installer Steve Sakoman
` (2 subsequent siblings)
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Libo Chen <libo.chen.cn@windriver.com>
Update SRC_URI to fix the following error:
WARNING: virglrenderer-native-0.9.1-r0 do_fetch: Failed to fetch URL
git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1,
attempting MIRRORS if available
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
index ad3688e300..8590539e55 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10"
DEPENDS = "libdrm virtual/egl virtual/libgbm libepoxy"
SRCREV = "363915595e05fb252e70d6514be2f0c0b5ca312b"
-SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1 \
+SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1;protocol=https \
file://0001-meson.build-use-python3-directly-for-python.patch \
file://cve-2022-0135.patch \
file://cve-2022-0175.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 13/15] meta: Enable '-o pipefail' for the SDK installer
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 12/15] virglrenderer: " Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 14/15] tzcode: Update SRC_URI Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 15/15] xz: " Steve Sakoman
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Moritz Haase <Moritz.Haase@bmw.de>
When testing a Yocto SDK installer on Alpine 3.21, we recently ended up with a
broken SDK. One of the commands the relocation script calls in a piped
multi-command chain failed (see [0]), but the installer did not realize that -
since it doesn't use 'set -o pipefail'. Thus, the error was never reported to
the user and the installer claimed to have set up the SDK correctly - which
wasn't the case.
Given that the SDK installer is a POSIX-compliant shell script and that the
'pipefail' option used to be missing from the standard, it's not surprising that
it isn't used. Thankfully however, in June of 2024, a new version of POSIX
(POSIX.1-2024) was released - and that one finally includes the 'pipefail'
option (see [1]). A number of shells already support it, so let's enable it if
available to make the SDK installer more robust.
The change has been tested locally using SDK installers for internal projects,
based on both Kirkstone and Scarthgap.
[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/16797
[1]: https://pubs.opengroup.org/onlinepubs/9799919799.2024edition/utilities/V3_chap02.html#set
(From OE-Core rev: 1cb4b41c7faf77fcc347b1276d86d4288968c926)
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10dce263f0230f94a44a017b5614811e696c5ce9)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 5 +++++
1 file changed, 5 insertions(+)
--git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index ec5e4aa922..380a25e761 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -1,6 +1,11 @@
#!/bin/sh
export LC_ALL=en_US.UTF-8
+
+# The pipefail option is now part of POSIX (POSIX.1-2024) and available in more
+# and more shells. Enable it if available to make the SDK installer more robust.
+(set -o pipefail 2> /dev/null) && set -o pipefail
+
#Make sure at least one python is installed
INIT_PYTHON=$(which python3 2>/dev/null )
[ -z "$INIT_PYTHON" ] && INIT_PYTHON=$(which python2 2>/dev/null)
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 14/15] tzcode: Update SRC_URI
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 13/15] meta: Enable '-o pipefail' for the SDK installer Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 15/15] xz: " Steve Sakoman
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Guocai He <guocai.he.cn@windriver.com>
Update SRC_URI for tzcode.
Update the http to https in SRC_URI to fix the do_fetch issue.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
---
meta/recipes-extended/timezone/timezone.inc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index adf095280f..8935d1cd8c 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -1,20 +1,20 @@
SUMMARY = "Timezone data"
DESCRIPTION = "The Time Zone Database contains code and data that represent \
the history of local time for many representative locations around the globe."
-HOMEPAGE = "http://www.iana.org/time-zones"
+HOMEPAGE = "https://www.iana.org/time-zones"
SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
PV = "2024b"
-SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
- http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
+SRC_URI =" https://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
+ https://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
"
S = "${WORKDIR}/tz"
-UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
+UPSTREAM_CHECK_URI = "https://www.iana.org/time-zones"
SRC_URI[tzcode.sha256sum] = "5e438fc449624906af16a18ff4573739f0cda9862e5ec28d3bcb19cbaed0f672"
SRC_URI[tzdata.sha256sum] = "70e754db126a8d0db3d16d6b4cb5f7ec1e04d5f261255e4558a67fe92d39e550"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 15/15] xz: Update SRC_URI
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-02-27 17:39 ` [OE-core][kirkstone 14/15] tzcode: Update SRC_URI Steve Sakoman
@ 2025-02-27 17:39 ` Steve Sakoman
14 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
From: Guocai He <guocai.he.cn@windriver.com>
Update SRC_URI for xz.
The the tarball of xz-.tar.gz has been changed from
https://tukaani.org/xz/xz-.tar.gz to
https://sourceforge.net/projects/lzmautils/files/xz-.tar.gz
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
---
meta/recipes-extended/xz/xz_5.2.6.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/xz/xz_5.2.6.bb b/meta/recipes-extended/xz/xz_5.2.6.bb
index 3482622471..7f889e4367 100644
--- a/meta/recipes-extended/xz/xz_5.2.6.bb
+++ b/meta/recipes-extended/xz/xz_5.2.6.bb
@@ -24,7 +24,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \
file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \
"
-SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz"
+SRC_URI = "https://sourceforge.net/projects/lzmautils/files/xz-${PV}.tar.gz"
SRC_URI[sha256sum] = "a2105abee17bcd2ebd15ced31b4f5eda6e17efd6b10f921a01cda4a44c91b3a0"
UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar"
--
2.43.0
^ permalink raw reply related [flat|nested] 26+ messages in thread
* Patchtest results for [OE-core][kirkstone 10/15] systemd: upgrade 250.5 -> 250.14
2025-02-27 17:39 ` [OE-core][kirkstone 10/15] systemd: upgrade 250.5 -> 250.14 Steve Sakoman
@ 2025-02-27 17:52 ` patchtest
0 siblings, 0 replies; 26+ messages in thread
From: patchtest @ 2025-02-27 17:52 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2978 bytes --]
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch /home/patchtest/share/mboxes/kirkstone-10-15-systemd-upgrade-250.5---250.14.patch
FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)
PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)
SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)
---
Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2025-05-13 19:07 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-05-13 19:07 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, May 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1582
The following changes since commit 00f7a2f60dd6de95a1a47fa642978613ce76dc56:
glibc: Add single-threaded fast path to rand() (2025-05-09 09:01:16 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.26
Alexander Kanavin (1):
perl: enable _GNU_SOURCE define via d_gnulibc
Alon Bar-Lev (1):
module.bbclass: add KBUILD_EXTRA_SYMBOLS to install
Deepesh Varatharajan (1):
glibc: stable 2.35 branch updates
Peter Marko (1):
perl: patch CVE-2024-56406
Vijay Anusuri (10):
libsoup-2.4: Update fix CVE-2024-52532
libsoup-2.4: Fix CVE-2025-32906
libsoup-2.4: Fix CVE-2025-32909
libsoup: update fix CVE-2024-52532
libsoup: Fix CVE-2025-32906
libsoup: Fix CVE-2025-32909
libsoup: Fix CVE-2025-32910
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
libsoup: Fix CVE-2025-32912
libsoup: Fix CVE-2025-32914
meta/classes/module.bbclass | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
...4-56406-Heap-buffer-overflow-with-tr.patch | 30 ++++
meta/recipes-devtools/perl/perl_5.34.3.bb | 2 +
.../libsoup-2.4/CVE-2024-52532-3.patch | 46 ++++++
.../libsoup-2.4/CVE-2025-32906-1.patch | 61 +++++++
.../libsoup-2.4/CVE-2025-32906-2.patch | 83 ++++++++++
.../libsoup/libsoup-2.4/CVE-2025-32909.patch | 36 +++++
.../libsoup/libsoup-2.4_2.74.2.bb | 4 +
.../libsoup/libsoup/CVE-2024-52532-3.patch | 46 ++++++
.../libsoup/libsoup/CVE-2025-32906-1.patch | 61 +++++++
.../libsoup/libsoup/CVE-2025-32906-2.patch | 83 ++++++++++
.../libsoup/libsoup/CVE-2025-32909.patch | 36 +++++
.../libsoup/libsoup/CVE-2025-32910-1.patch | 98 ++++++++++++
.../libsoup/libsoup/CVE-2025-32910-2.patch | 149 ++++++++++++++++++
.../libsoup/libsoup/CVE-2025-32910-3.patch | 27 ++++
.../CVE-2025-32911_CVE-2025-32913-1.patch | 72 +++++++++
.../CVE-2025-32911_CVE-2025-32913-2.patch | 44 ++++++
.../libsoup/libsoup/CVE-2025-32912-1.patch | 41 +++++
.../libsoup/libsoup/CVE-2025-32912-2.patch | 30 ++++
.../libsoup/libsoup/CVE-2025-32914.patch | 111 +++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++
scripts/install-buildtools | 4 +-
23 files changed, 1076 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch
--
2.43.0
^ permalink raw reply [flat|nested] 26+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2025-06-10 19:38 Steve Sakoman
0 siblings, 0 replies; 26+ messages in thread
From: Steve Sakoman @ 2025-06-10 19:38 UTC (permalink / raw)
To: openembedded-core
Please review this set of hcanges for kirkstone and have comments back by
end of day Thursday, June 12
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1770
The following changes since commit 415e73d53e5342f3f6ff6acd521ded2df3fbca1f:
nfs-utils: don't use signals to shut down nfs server. (2025-05-29 08:22:59 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
ghostscript: fix CVE-2025-48708
ffmpeg: upgrade 5.0.1 -> 5.0.3
ffmpeg: fix CVE-2025-22919
ffmpeg: fix CVE-2025-22921
Deepesh Varatharajan (1):
binutils: Fix CVE-2025-5244 & CVE-2025-5245
Divya Chellam (2):
screen: fix CVE-2025-46802
screen: fix CVE-2025-46804
Harish Sadineni (1):
binutils: add CVE-2025-1182 patch file to SRC_URI
Hitendra Prajapati (1):
icu: fix CVE-2025-5222
Jiaying Song (1):
taglib: fix CVE-2023-47466
Martin Jansa (1):
kernel.bbclass: add original package name to RPROVIDES for -image and
-base
Peter Marko (1):
python3: upgrade 3.10.16 -> 3.10.18
Vijay Anusuri (3):
libsoup-2.4: Backport auth tests for CVE-2025-32910
python3-setuptools: Fix CVE-2025-47273
git: Fix CVE-2024-50349 and CVE-2024-52006
meta/classes/kernel.bbclass | 3 +-
.../binutils/binutils-2.38.inc | 3 +
.../binutils/0040-CVE-2025-1182.patch | 18 +-
.../binutils/0041-CVE-2025-5244.patch | 25 ++
.../binutils/0042-CVE-2025-5245.patch | 38 +++
.../git/git/CVE-2024-50349-0001.patch | 100 ++++++
.../git/git/CVE-2024-50349-0002.patch | 321 ++++++++++++++++++
.../git/git/CVE-2024-52006.patch | 165 +++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 3 +
.../CVE-2025-47273-pre1.patch | 54 +++
.../python3-setuptools/CVE-2025-47273.patch | 59 ++++
.../python/python3-setuptools_59.5.0.bb | 2 +
...ib-termcap-to-linker-flags-to-avoid-.patch | 2 +-
...hell-version-of-python-config-that-w.patch | 2 +-
...file-do-not-compile-.pyc-in-parallel.patch | 2 +-
...sts-due-to-load-variability-on-YP-AB.patch | 6 +-
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
...asename-to-replace-CC-for-checking-c.patch | 16 +-
...detect-multiarch-paths-when-cross-co.patch | 2 +-
...orlines-skip-due-to-load-variability.patch | 2 +-
...report-missing-dependencies-for-disa.patch | 2 +-
...up.py-do-not-add-a-curses-include-pa.patch | 4 +-
.../python/python3/CVE-2025-0938.patch | 131 -------
.../python3/avoid_warning_about_tkinter.patch | 2 +-
.../python/python3/makerace.patch | 2 +-
...{python3_3.10.16.bb => python3_3.10.18.bb} | 3 +-
.../ghostscript/CVE-2025-48708.patch | 46 +++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../screen/screen/CVE-2025-46802.patch | 146 ++++++++
.../screen/screen/CVE-2025-46804.patch | 131 +++++++
meta/recipes-extended/screen/screen_4.9.0.bb | 2 +
.../ffmpeg/ffmpeg/CVE-2024-36613.patch | 18 +-
.../ffmpeg/ffmpeg/CVE-2025-22919.patch | 41 +++
.../ffmpeg/ffmpeg/CVE-2025-22921.patch | 34 ++
.../{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} | 9 +-
.../icu/icu/CVE-2025-5222.patch | 164 +++++++++
meta/recipes-support/icu/icu_70.1.bb | 1 +
...ckport-auth-tests-for-CVE-2025-32910.patch | 76 +++++
.../libsoup/libsoup-2.4_2.74.2.bb | 1 +
.../taglib/files/CVE-2023-47466.patch | 38 +++
meta/recipes-support/taglib/taglib_1.12.bb | 4 +-
41 files changed, 1500 insertions(+), 181 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0041-CVE-2025-5244.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0042-CVE-2025-5245.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-52006.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-0938.patch
rename meta/recipes-devtools/python/{python3_3.10.16.bb => python3_3.10.18.bb} (99%)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-48708.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} (96%)
create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/Backport-auth-tests-for-CVE-2025-32910.patch
create mode 100644 meta/recipes-support/taglib/files/CVE-2023-47466.patch
--
2.43.0
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2025-06-10 19:38 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-27 17:39 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 01/15] xserver-xorg: Fix for CVE-2025-26594 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 02/15] xserver-xorg: Fix for CVE-2025-26595 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 03/15] xserver-xorg: Fix for CVE-2025-26596 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 04/15] xserver-xorg: Fix for CVE-2025-26597 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 05/15] xserver-xorg: Fix for CVE-2025-26598 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 06/15] xserver-xorg: Fix for CVE-2025-26599 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 07/15] xserver-xorg: Fix for CVE-2025-26600 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 08/15] xserver-xorg: Fix for CVE-2025-26601 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 09/15] bind: Upgrade 9.18.28 -> 9.18.33 Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 10/15] systemd: upgrade 250.5 -> 250.14 Steve Sakoman
2025-02-27 17:52 ` Patchtest results for " patchtest
2025-02-27 17:39 ` [OE-core][kirkstone 11/15] boost: fix do_fetch error Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 12/15] virglrenderer: " Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 13/15] meta: Enable '-o pipefail' for the SDK installer Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 14/15] tzcode: Update SRC_URI Steve Sakoman
2025-02-27 17:39 ` [OE-core][kirkstone 15/15] xz: " Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-06-10 19:38 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2025-05-13 19:07 Steve Sakoman
2024-09-23 13:13 Steve Sakoman
2024-03-20 16:09 Steve Sakoman
2023-12-08 2:33 Steve Sakoman
2023-05-09 22:32 Steve Sakoman
2023-05-06 15:24 Steve Sakoman
2022-07-27 0:40 Steve Sakoman
2022-06-19 19:30 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox