* [OE-core][kirkstone 0/8] Patch review
@ 2022-08-09 21:27 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2022-08-09 21:27 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for the kirkstone 4.0.3 release.
The following changes since commit c33eb7fb1d1e91a005b22b65d221d4b899ec69dc:
openssh: Add openssh-sftp-server to openssh RDEPENDS (2022-08-02 12:32:44 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
lttng-modules: update 2.13.3 -> 2.13.4
Bruce Ashfield (5):
linux-yocto/5.10: update to v5.10.135
linux-yocto/5.15: update to v5.15.58
linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
linux-yocto/5.15: update to v5.15.59
linux-yocto/5.15: fix reproducibility issues
He Zhe (1):
lttng-modules: Fix build failure for kernel v5.15.58
Sundeep KOKKONDA (1):
glibc : stable 2.35 branch updates
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +--
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
...x-compaction-migratepages-event-name.patch | 37 ----
...oduce-kfree_skb_reason-v5.15.58.v5.1.patch | 53 +++++
...emove-unused-tracepoints-v5.10-v5.15.patch | 44 -----
...g-Append-prev_state-to-tp-args-inste.patch | 59 ------
...vent-allow-same-provider-and-event-n.patch | 48 -----
...g-Don-t-re-read-p-state-when-emittin.patch | 183 ------------------
.../0004-fix-block-remove-genhd.h-v5.18.patch | 45 -----
...emove-REQ_OP_WRITE_SAME-support-v5.1.patch | 79 --------
...ndom-remove-unused-tracepoints-v5.18.patch | 47 -----
...rethook-for-kretprobe-if-possible-v5.patch | 72 -------
...ore-Remove-scsi-scsi_request.h-v5.18.patch | 44 -----
...n-cleanup-the-compaction-trace-event.patch | 106 ----------
...ules_2.13.3.bb => lttng-modules_2.13.4.bb} | 16 +-
20 files changed, 95 insertions(+), 816 deletions(-)
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-compaction-migratepages-event-name.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-random-remove-unused-tracepoints-v5.10-v5.15.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-sched-tracing-Append-prev_state-to-tp-args-inste.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0004-fix-block-remove-genhd.h-v5.18.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0006-fix-random-remove-unused-tracepoints-v5.18.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch
delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.13.3.bb => lttng-modules_2.13.4.bb} (60%)
--
2.25.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2022-10-27 2:36 Steve Sakoman
2022-10-28 2:07 ` Tim Orling
0 siblings, 1 reply; 25+ messages in thread
From: Steve Sakoman @ 2022-10-27 2:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Friday.
This should be the final set of patches for the 4.0.5 release.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4380
The following changes since commit 4781fee6aea9512b7cb390b76e6f9f0a86a5bd11:
lttng-modules: Fix crash on powerpc64 (2022-10-17 04:30:43 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (2):
linux-yocto/5.10: update to v5.10.147
linux-yocto/5.10: update to v5.10.149
Steve Sakoman (1):
Revert "lttng-tools: Upgrade 2.13.4 -> 2.13.8"
Tim Orling (1):
git: upgrade 2.35.4 -> 2.35.5
Vyacheslav Yurkov (2):
files: overlayfs-etc: refactor preinit template
classes: files: Extend overlayfs-etc class
Yash Shinde (2):
binutils: stable 2.38 branch updates
glibc: stable 2.35 branch updates.
meta/classes/overlayfs-etc.bbclass | 5 +++-
meta/files/overlayfs-etc-preinit.sh.in | 23 ++++++++++++++----
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../binutils/binutils-2.38.inc | 2 +-
.../git/{git_2.35.4.bb => git_2.35.5.bb} | 2 +-
.../linux/linux-yocto-rt_5.10.bb | 6 ++---
.../linux/linux-yocto-tiny_5.10.bb | 8 +++----
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
...-tools_2.13.8.bb => lttng-tools_2.13.4.bb} | 2 +-
9 files changed, 45 insertions(+), 29 deletions(-)
rename meta/recipes-devtools/git/{git_2.35.4.bb => git_2.35.5.bb} (98%)
rename meta/recipes-kernel/lttng/{lttng-tools_2.13.8.bb => lttng-tools_2.13.4.bb} (98%)
--
2.25.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [OE-core][kirkstone 0/8] Patch review
2022-10-27 2:36 Steve Sakoman
@ 2022-10-28 2:07 ` Tim Orling
0 siblings, 0 replies; 25+ messages in thread
From: Tim Orling @ 2022-10-28 2:07 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 2531 bytes --]
On Wed, Oct 26, 2022 at 7:36 PM Steve Sakoman <steve@sakoman.com> wrote:
> Please review this set of patches for kirkstone and have comments back by
> end of day Friday.
>
> This should be the final set of patches for the 4.0.5 release.
I am intentionally holding off on a Python 3.10.8 upgrade just to let this
release get out in a stable manner.
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4380
>
> The following changes since commit
> 4781fee6aea9512b7cb390b76e6f9f0a86a5bd11:
>
> lttng-modules: Fix crash on powerpc64 (2022-10-17 04:30:43 -1000)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib
> stable/kirkstone-nut
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>
> Bruce Ashfield (2):
> linux-yocto/5.10: update to v5.10.147
> linux-yocto/5.10: update to v5.10.149
>
> Steve Sakoman (1):
> Revert "lttng-tools: Upgrade 2.13.4 -> 2.13.8"
>
> Tim Orling (1):
> git: upgrade 2.35.4 -> 2.35.5
>
> Vyacheslav Yurkov (2):
> files: overlayfs-etc: refactor preinit template
> classes: files: Extend overlayfs-etc class
>
> Yash Shinde (2):
> binutils: stable 2.38 branch updates
> glibc: stable 2.35 branch updates.
>
> meta/classes/overlayfs-etc.bbclass | 5 +++-
> meta/files/overlayfs-etc-preinit.sh.in | 23 ++++++++++++++----
> meta/recipes-core/glibc/glibc-version.inc | 2 +-
> .../binutils/binutils-2.38.inc | 2 +-
> .../git/{git_2.35.4.bb => git_2.35.5.bb} | 2 +-
> .../linux/linux-yocto-rt_5.10.bb | 6 ++---
> .../linux/linux-yocto-tiny_5.10.bb | 8 +++----
> meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
> ...-tools_2.13.8.bb => lttng-tools_2.13.4.bb} | 2 +-
> 9 files changed, 45 insertions(+), 29 deletions(-)
> rename meta/recipes-devtools/git/{git_2.35.4.bb => git_2.35.5.bb} (98%)
> rename meta/recipes-kernel/lttng/{lttng-tools_2.13.8.bb =>
> lttng-tools_2.13.4.bb} (98%)
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#172179):
> https://lists.openembedded.org/g/openembedded-core/message/172179
> Mute This Topic: https://lists.openembedded.org/mt/94596838/924729
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ticotimo@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 5084 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-04-22 15:54 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2023-04-22 15:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5209
The following changes since commit b67e714b367a08fdeeeff68c2d9495ec9bc07304:
package.bbclass: correct check for /build in copydebugsources() (2023-04-14 07:19:08 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
ruby: CVE-2023-28756 ReDoS vulnerability in Time
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Peter Marko (1):
go: ignore CVE-2022-41716
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41722
Siddharth Doshi (1):
curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
Sundeep KOKKONDA (1):
cargo : non vulnerable cve-2022-46176 added to excluded list
Vivek Kumbhar (1):
go: fix CVE-2023-24537 Infinite loop in parsing
Xiangyu Chen (1):
shadow: backport patch to fix CVE-2023-29383
.../distro/include/cve-extra-exclusions.inc | 5 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +
.../go/go-1.18/CVE-2022-41722.patch | 103 +++++++++
.../go/go-1.18/CVE-2023-24537.patch | 75 +++++++
.../ruby/ruby/CVE-2023-28756.patch | 73 +++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../screen/screen/CVE-2023-24626.patch | 40 ++++
meta/recipes-extended/screen/screen_4.9.0.bb | 1 +
.../files/0001-Overhaul-valid_field.patch | 65 ++++++
.../shadow/files/CVE-2023-29383.patch | 53 +++++
meta/recipes-extended/shadow/shadow.inc | 2 +
.../curl/curl/CVE-2023-27535-pre1.patch | 196 ++++++++++++++++++
.../CVE-2023-27535_and_CVE-2023-27538.patch | 170 +++++++++++++++
.../curl/curl/CVE-2023-27536.patch | 52 +++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
15 files changed, 844 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41722.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24537.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
create mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-07-24 2:33 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2023-07-24 2:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5638
The following changes since commit d877d5f07772ec4a05332068ddc03cf387313036:
cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDK (2023-07-17 04:45:01 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
ghostscript: fix CVE-2023-36664
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.119
linux-yocto/5.15: update to v5.15.120
Richard Purdie (1):
gcc-testsuite: Fix ppc cpu specification
Ross Burton (2):
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
Vijay Anusuri (1):
qemu: backport Debian patch to fix CVE-2023-0330
Xiangyu Chen (1):
package.bbclass: moving field data process before variable process in
process_pkgconfig
meta/classes/package.bbclass | 12 +-
meta/conf/machine/include/arm/arch-arm64.inc | 5 +
.../gcc/gcc-configure-common.inc | 1 -
meta/recipes-devtools/gcc/gcc-testsuite.inc | 5 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-0330.patch | 75 +++++++++
.../ghostscript/CVE-2023-36664-0001.patch | 146 ++++++++++++++++++
.../ghostscript/CVE-2023-36664-0002.patch | 60 +++++++
.../ghostscript/ghostscript_9.55.0.bb | 2 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 ++--
12 files changed, 317 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0001.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-0002.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-08-27 20:52 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2023-08-27 20:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, August 29.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5789
The following changes since commit ea920e3c8075f3a1b79039341f8c889f6197a07f:
glibc-locale: use stricter matching for metapackages' runtime dependencies (2023-08-22 07:07:13 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Narpat Mali (2):
ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018
python3-git: upgrade 3.1.27 -> 3.1.32
Ross Burton (3):
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
linux/cve-exclusion: add generated CVE_CHECK_IGNORES.
linux/cve-exclusion: remove obsolete manual entries
Siddharth (1):
Qemu: Resolve undefined reference issue in CVE-2023-2861
Soumya Sambu (1):
go: Fix CVE-2023-29409
Yogita Urade (1):
nghttp2: fix CVE-2023-35945
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.19/CVE-2023-29409.patch | 175 +
...-git-CVE-2022-24439-fix-from-PR-1518.patch | 97 -
...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 --
...n3-git_3.1.27.bb => python3-git_3.1.32.bb} | 6 +-
.../qemu/qemu/CVE-2023-2861.patch | 66 +-
meta/recipes-kernel/linux/cve-exclusion.inc | 869 --
.../linux/cve-exclusion_5.15.inc | 7193 +++++++++++++++++
.../linux/generate-cve-exclusions.py | 101 +
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 1 +
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 6 +
.../nghttp2/nghttp2/CVE-2023-35945.patch | 151 +
.../recipes-support/nghttp2/nghttp2_1.47.0.bb | 1 +
13 files changed, 7667 insertions(+), 1488 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.19/CVE-2023-29409.patch
delete mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
delete mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
rename meta/recipes-devtools/python/{python3-git_3.1.27.bb => python3-git_3.1.32.bb} (80%)
create mode 100644 meta/recipes-kernel/linux/cve-exclusion_5.15.inc
create mode 100755 meta/recipes-kernel/linux/generate-cve-exclusions.py
create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-35945.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-09-13 14:30 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2023-09-13 14:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 15.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5876
The following changes since commit 47a1dd7f389e3cf4ac2dc5fc21dccc870aafab4a:
sysklogd: fix integration with systemd-journald (2023-09-05 13:34:12 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Meenali Gupta (1):
flac: fix CVE-2020-22219
Michael Halstead (1):
yocto-uninative: Update to 4.3
Narpat Mali (1):
python3-pygments: Fix CVE-2022-40896
Siddharth Doshi (1):
gdb: Fix CVE-2023-39128
Soumya Sambu (1):
libxml2: Fix CVE-2023-39615
Yogita Urade (3):
dropbear: fix CVE-2023-36328
qemu: fix CVE-2021-3638
webkitgtk: fix CVE-2022-48503
meta/conf/distro/include/yocto-uninative.inc | 8 +-
meta/recipes-core/dropbear/dropbear.inc | 1 +
.../dropbear/dropbear/CVE-2023-36328.patch | 144 +++++++++++
.../libxml/libxml2/CVE-2023-39615-0001.patch | 37 +++
.../libxml/libxml2/CVE-2023-39615-0002.patch | 72 ++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
meta/recipes-devtools/gdb/gdb.inc | 1 +
.../gdb/gdb/0011-CVE-2023-39128.patch | 75 ++++++
.../python3-pygments/CVE-2022-40896.patch | 124 ++++++++++
.../python/python3-pygments_2.11.2.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2021-3638.patch | 88 +++++++
.../flac/files/CVE-2020-22219.patch | 197 +++++++++++++++
meta/recipes-multimedia/flac/flac_1.3.4.bb | 1 +
.../webkit/webkitgtk/CVE-2022-48503.patch | 225 ++++++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
16 files changed, 975 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0001.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-39615-0002.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0011-CVE-2023-39128.patch
create mode 100644 meta/recipes-devtools/python/python3-pygments/CVE-2022-40896.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
create mode 100644 meta/recipes-multimedia/flac/files/CVE-2020-22219.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-48503.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2023-11-29 23:04 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2023-11-29 23:04 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 1
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6260
The following changes since commit 8726ae02d760270f9e7fe7ef5715d8f7553371ce:
goarch: Move Go architecture mapping to a library (2023-11-21 05:32:39 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
gstreamer1.0-plugins-bad: fix CVE-2023-44429
vim: Upgrade 9.0.2048 -> 9.0.2068
Hitendra Prajapati (1):
grub: fix CVE-2023-4693
Li Wang (1):
systemtap_git: fix used uninitialized error
Ninad Palsule (1):
kernel-fitImage: Strip path component from dtb
Richard Purdie (1):
vim: Improve locale handling
Steve Sakoman (1):
vim: use upstream generated .po files
Vivek Kumbhar (1):
openssl: fix CVE-2023-5678 Generating excessively long X9.42 DH keys
or checking excessively long X9.42 DH keys or parameters may be very
slow
meta/classes/kernel-fitimage.bbclass | 5 +
.../grub/files/CVE-2023-4693.patch | 62 ++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
.../openssl/openssl/CVE-2023-5678.patch | 180 ++++++++++++++++++
.../openssl/openssl_3.0.12.bb | 1 +
...x-Prevent-Werror-maybe-uninitialized.patch | 53 ++++++
.../recipes-kernel/systemtap/systemtap_git.bb | 1 +
.../CVE-2023-44429.patch | 38 ++++
.../gstreamer1.0-plugins-bad_1.20.7.bb | 1 +
meta/recipes-support/vim/vim.inc | 20 +-
10 files changed, 350 insertions(+), 12 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44429.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-02-12 13:54 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-02-12 13:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, February 14
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6556
The following changes since commit 2bdae590ab20dc4518ba247c903060fa67ed0fc4:
openssl: Upgrade 3.0.12 -> 3.0.13 (2024-02-05 03:56:38 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
curl: Fix CVE-2023-46219
Bruce Ashfield (1):
kernel: fix localversion in v6.3+
Jermain Horsman (1):
systemd: Only add myhostname to nsswitch.conf if in PACKAGECONFIG
Kai Kang (1):
ghostscript: correct LICENSE with AGPLv3
Narpat Mali (1):
python3-pycryptodome: Fix CVE-2023-52323
Soumya Sambu (2):
go: Fix CVE-2023-45285 and CVE-2023-45287
libgit2: Fix CVE-2024-24575 and CVE-2024-24577
Vijay Anusuri (1):
libxml2: Fix for CVE-2024-25062
meta/classes/kernel-arch.bbclass | 7 +
meta/classes/kernel.bbclass | 10 +-
.../libxml/libxml2/CVE-2024-25062.patch | 33 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
meta/recipes-core/systemd/systemd_250.5.bb | 16 +-
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.20/CVE-2023-45285.patch | 110 ++
.../go/go-1.20/CVE-2023-45287.patch | 1695 +++++++++++++++++
.../python3-pycryptodome/CVE-2023-52323.patch | 436 +++++
.../python/python3-pycryptodome_3.14.1.bb | 1 +
.../CVE-2023-52323.patch | 436 +++++
.../python/python3-pycryptodomex_3.14.1.bb | 2 +
.../ghostscript/ghostscript_9.55.0.bb | 2 +-
.../curl/curl/CVE-2023-46219-0001.patch | 42 +
.../curl/curl/CVE-2023-46219-0002.patch | 133 ++
.../curl/curl/CVE-2023-46219-0003.patch | 81 +
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
.../libgit2/libgit2/CVE-2024-24575.patch | 56 +
.../libgit2/libgit2/CVE-2024-24577.patch | 52 +
meta/recipes-support/libgit2/libgit2_1.4.5.bb | 5 +-
20 files changed, 3113 insertions(+), 10 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-25062.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-45285.patch
create mode 100644 meta/recipes-devtools/go/go-1.20/CVE-2023-45287.patch
create mode 100644 meta/recipes-devtools/python/python3-pycryptodome/CVE-2023-52323.patch
create mode 100644 meta/recipes-devtools/python/python3-pycryptodomex/CVE-2023-52323.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219-0001.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219-0002.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219-0003.patch
create mode 100644 meta/recipes-support/libgit2/libgit2/CVE-2024-24575.patch
create mode 100644 meta/recipes-support/libgit2/libgit2/CVE-2024-24577.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-03-12 13:53 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-03-12 13:53 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, March 13
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6670
The following changes since commit e5aae8a371717215a7d78459788ad67dfaefe37e:
golang: Fix CVE-2023-45289 & CVE-2023-45290 (2024-03-07 04:18:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (6):
linux-yocto/5.15: update to v5.15.149
linux-yocto/5.15: update CVE exclusions
linux-yocto/5.10: update to v5.10.210
linux-yocto/5.15: update to v5.15.150
linux-yocto/5.15: update CVE exclusions (5.15.150)
linux-yocto/5.15: fix partion scanning
Nikhil R (1):
librsvg: Fix do_package_qa error for librsvg
Vivek Kumbhar (1):
go: Backport fix CVE-2024-24784 & CVE-2024-24785
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.18/CVE-2024-24784.patch | 207 ++++++++++++++++++
.../go/go-1.18/CVE-2024-24785.patch | 196 +++++++++++++++++
meta/recipes-gnome/librsvg/librsvg_2.52.10.bb | 2 +
.../linux/cve-exclusion_5.15.inc | 197 ++++++++++++++++-
.../linux/linux-yocto-rt_5.10.bb | 4 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 22 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
11 files changed, 632 insertions(+), 42 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2024-24784.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2024-24785.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-05-24 12:14 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-05-24 12:14 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, May 28
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6956
The following changes since commit f85d5dfc91d536a00669ca3148d8c3b2727b183d:
libpciaccess: Remove duplicated license entry (2024-05-10 05:05:54 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bob Henz (1):
systemd-systemctl: Fix WantedBy processing
Colin McAllister (1):
initscripts: Add custom mount args for /var/lib
Dmitry Baryshkov (1):
go.bbclass: fix path to linker in native Go builds
Joerg Vehlow (1):
go: Always pass interpreter to linker
Peter Marko (1):
openssl: patch CVE-2024-4603
Stefan Herbrechtsmeier (1):
classes: go-mod: do not pack go mod cache
Vijay Anusuri (1):
binutils: Rename CVE-2022-38126 patch to CVE-2022-35205
Yogita Urade (1):
libarchive: fix CVE-2024-26256
meta/classes/go-mod.bbclass | 4 +
meta/classes/go.bbclass | 6 +-
.../openssl/openssl/CVE-2024-4603.patch | 180 ++++++++++++++++++
.../openssl/openssl_3.0.13.bb | 1 +
.../initscripts-1.0/read-only-rootfs-hook.sh | 4 +-
.../initscripts/initscripts_1.0.bb | 2 +
.../systemd/systemd-systemctl/systemctl | 11 ++
.../binutils/binutils-2.38.inc | 2 +-
...-38126.patch => 0016-CVE-2022-35205.patch} | 3 +-
.../libarchive/CVE-2024-26256.patch | 29 +++
.../libarchive/libarchive_3.6.2.bb | 5 +-
11 files changed, 240 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
rename meta/recipes-devtools/binutils/binutils/{0016-CVE-2022-38126.patch => 0016-CVE-2022-35205.patch} (94%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-26256.patch
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2024-08-04 17:08 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2024-08-04 17:08 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, August 6
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7206
The following changes since commit c6cafd2aa50357c80fbab79741d575ff567c5766:
gcc-runtime: remove bashism (2024-07-31 04:59:21 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ashish Sharma (1):
gtk+3 : backport fix for CVE-2024-6655
Bruce Ashfield (5):
linux-yocto/5.15: update to v5.15.158
linux-yocto/5.15: update to v5.15.160
linux-yocto/5.15: update to v5.15.161
linux-yocto/5.15: update to v5.15.162
linux-yocto/5.15: update to v5.15.164
Siddharth Doshi (1):
lttng-modules: Upgrade 2.13.9 -> 2.13.14
Soumya Sambu (1):
go: Fix CVE-2024-24789
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-24789.patch | 78 +++++++++++++++++++
.../gtk+/gtk+3/CVE-2024-6655.patch | 39 ++++++++++
meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb | 1 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++----
.../0009-Rename-genhd-wrapper-to-blkdev.patch | 19 +++--
...les_2.13.9.bb => lttng-modules_2.13.14.bb} | 4 +-
9 files changed, 151 insertions(+), 29 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-24789.patch
create mode 100644 meta/recipes-gnome/gtk+/gtk+3/CVE-2024-6655.patch
rename meta/recipes-kernel/lttng/{lttng-modules_2.13.9.bb => lttng-modules_2.13.14.bb} (89%)
--
2.34.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-04-01 22:36 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 1/8] zlib: fix CVE-2014-9485 Steve Sakoman
` (7 more replies)
0 siblings, 8 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1311
The following changes since commit 453c5c8d9031be2b3a25e2a04e0f5f6325ef7298:
cve-update-nvd2-native: handle missing vulnStatus (2025-03-31 09:13:54 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepesh Varatharajan (1):
llvm : Fix CVE-2024-0151
Divya Chellam (1):
zlib: fix CVE-2014-9485
Guocai He (1):
mesa: Update SRC_URI
Haixiao Yan (1):
glibc: Add single-threaded fast path to rand()
Michael Halstead (1):
yocto-uninative: Update to 4.7 for glibc 2.41
Peter Marko (3):
libarchive: ignore CVE-2025-1632
perl: ignore CVE-2023-47038
freetype: patch CVE-2025-27363
meta/conf/distro/include/yocto-uninative.inc | 10 +-
...dd-single-threaded-fast-path-to-rand.patch | 47 +
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
.../zlib/zlib/CVE-2014-9485.patch | 64 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
.../llvm/llvm/CVE-2024-0151.patch | 1087 +++++++++++++++++
meta/recipes-devtools/llvm/llvm_git.bb | 1 +
meta/recipes-devtools/perl/perl_5.34.3.bb | 2 +
.../libarchive/libarchive_3.6.2.bb | 2 +
.../freetype/freetype/CVE-2025-27363.patch | 44 +
.../freetype/freetype_2.11.1.bb | 1 +
.../recipes-graphics/mesa/mesa-demos_8.4.0.bb | 2 +-
meta/recipes-graphics/mesa/mesa.inc | 2 +-
13 files changed, 1257 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2014-9485.patch
create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
--
2.43.0
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 1/8] zlib: fix CVE-2014-9485
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 2/8] libarchive: ignore CVE-2025-1632 Steve Sakoman
` (6 subsequent siblings)
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Divya Chellam <divya.chellam@windriver.com>
Directory traversal vulnerability in the do_extract_currentfile
function in miniunz.c in miniunzip in minizip before 1.1-5 might
allow remote attackers to write to arbitrary files via a crafted
entry in a ZIP archive.
Reference:
https://security-tracker.debian.org/tracker/CVE-2014-9485
Upstream-patch:
https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../zlib/zlib/CVE-2014-9485.patch | 64 +++++++++++++++++++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
2 files changed, 65 insertions(+)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2014-9485.patch
diff --git a/meta/recipes-core/zlib/zlib/CVE-2014-9485.patch b/meta/recipes-core/zlib/zlib/CVE-2014-9485.patch
new file mode 100644
index 0000000000..bf575d59f7
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2014-9485.patch
@@ -0,0 +1,64 @@
+From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001
+From: Matt Wilson <msw@amazon.com>
+Date: Wed, 17 Jan 2024 14:46:18 -0800
+Subject: [PATCH] Neutralize zip file traversal attacks in miniunz.
+
+Archive formats such as .zip files are generally susceptible to
+so-called "traversal attacks". This allows an attacker to craft
+an archive that writes to unexpected locations of the file system
+(e.g., /etc/shadow) if an unspecting root user were to unpack a
+malicious archive.
+
+This patch neutralizes absolute paths such as /tmp/moo and deeply
+relative paths such as dummy/../../../../../../../../../../tmp/moo
+
+The Debian project requested CVE-2014-9485 be allocated for the
+first identified weakness. The fix was incomplete, resulting in a
+revised patch applied here. Since there wasn't an updated version
+released by Debian with the incomplete fix, I suggest we use this
+CVE to identify both issues.
+
+Link: https://security.snyk.io/research/zip-slip-vulnerability
+Link: https://bugs.debian.org/774321
+Link: https://bugs.debian.org/776831
+Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
+Reported-by: Jakub Wilk <jwilk@debian.org>
+Fixed-by: Michael Gilbert <mgilbert@debian.org>
+
+CVE: CVE-2014-9485
+
+Upstream-Status: Backport [https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ contrib/minizip/miniunz.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c
+index 3d65401..479e475 100644
+--- a/contrib/minizip/miniunz.c
++++ b/contrib/minizip/miniunz.c
+@@ -367,6 +367,20 @@ int do_extract_currentfile(uf,popt_extract_without_path,popt_overwrite,password)
+ else
+ write_filename = filename_withoutpath;
+
++ if (write_filename[0]!='\0')
++ {
++ const char* relative_check = write_filename;
++ while (relative_check[1]!='\0')
++ {
++ if (relative_check[0]=='.' && relative_check[1]=='.')
++ write_filename = relative_check;
++ relative_check++;
++ }
++ }
++
++ while (write_filename[0]=='/' || write_filename[0]=='.')
++ write_filename++;
++
+ err = unzOpenCurrentFilePassword(uf,password);
+ if (err!=UNZ_OK)
+ {
+--
+2.40.0
+
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index 393ac61e3d..dc8f7c6c85 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://CVE-2022-37434.patch \
file://CVE-2023-45853.patch \
+ file://CVE-2014-9485.patch \
"
UPSTREAM_CHECK_URI = "http://zlib.net/"
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 2/8] libarchive: ignore CVE-2025-1632
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 1/8] zlib: fix CVE-2014-9485 Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 3/8] perl: ignore CVE-2023-47038 Steve Sakoman
` (5 subsequent siblings)
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
As already mentioned in [1] when backporting commit including fix for
this CVE, this vulnerability applies only from libarchive 3.7.0 commit
[2] which introduced bsdunzip which contains this vulnerability.
[1] https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ec837d3b21b4f8b98abac53e2833f1490ba6bf1e
[2] https://github.com/libarchive/libarchive/commit/c157e4ce8eb170a92945cc2d292fd7106bdfcce1
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/libarchive/libarchive_3.6.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 4ceb0df2c0..f7e576b688 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -44,6 +44,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f
CVE_CHECK_IGNORE += "CVE-2023-30571"
# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948
CVE_CHECK_IGNORE += "CVE-2024-37407"
+# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
+CVE_CHECK_IGNORE += "CVE-2025-1632"
inherit autotools update-alternatives pkgconfig
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 3/8] perl: ignore CVE-2023-47038
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 1/8] zlib: fix CVE-2014-9485 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 2/8] libarchive: ignore CVE-2025-1632 Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 4/8] freetype: patch CVE-2025-27363 Steve Sakoman
` (4 subsequent siblings)
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Fix for this CVE was backported to 5.34.2 in
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
This commit is listed in
https://security-tracker.debian.org/tracker/CVE-2023-47038
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/perl/perl_5.34.3.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb
index 215990c8fa..ed3518b62d 100644
--- a/meta/recipes-devtools/perl/perl_5.34.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.3.bb
@@ -50,6 +50,8 @@ export ENC2XS_NO_COMMENTS = "1"
# Duplicate of CVE-2023-47038, which has already been patched as of perl_5.34.3
CVE_CHECK_IGNORE:append = " CVE-2023-47100"
+# This is fixed in 5.34.2 via https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
+CVE_CHECK_IGNORE:append = " CVE-2023-47038"
do_configure:prepend() {
cp -rfp ${STAGING_DATADIR_NATIVE}/perl-cross/* ${S}
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 4/8] freetype: patch CVE-2025-27363
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-04-01 22:36 ` [OE-core][kirkstone 3/8] perl: ignore CVE-2023-47038 Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 5/8] llvm : Fix CVE-2024-0151 Steve Sakoman
` (3 subsequent siblings)
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
From [1]:
An out of bounds write exists in FreeType versions 2.13.0 and below
(newer versions of FreeType are not vulnerable) when attempting to
parse font subglyph structures related to TrueType GX and variable font
files. The vulnerable code assigns a signed short value to an unsigned
long and then adds a static value causing it to wrap around and
allocate too small of a heap buffer. The code then writes up to 6
signed long integers out of bounds relative to this buffer. This may
result in arbitrary code execution. This vulnerability may have been
exploited in the wild.
Per [2] patches [3] and [4] are needed.
Unfortunately, the code changed since 2.11.1 and it's not possible to do
backport without significant changes. Since Debian and Ubuntu have
already patched this CVE, take the patch from them - [5]/[6].
The patch is a combination of patch originally proposed in [7] and
follow-up patch [4].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-27363
[2] https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
[3] https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d
[4] https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442
[5] https://git.launchpad.net/ubuntu/+source/freetype/commit/?h=applied/ubuntu/jammy-devel&id=fc406fb02653852dfa5979672e3d8d56ed329186
[6] https://salsa.debian.org/debian/freetype/-/commit/13295227b5b0d717a343f276d77ad3b89fcc6ed0
[7] https://www.openwall.com/lists/oss-security/2025/03/14/3
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../freetype/freetype/CVE-2025-27363.patch | 44 +++++++++++++++++++
.../freetype/freetype_2.11.1.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch b/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
new file mode 100644
index 0000000000..28fc50c0cb
--- /dev/null
+++ b/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
@@ -0,0 +1,44 @@
+From 26b83ec58c60ced0e6c423df438227fb33ccca2e Mon Sep 17 00:00:00 2001
+From: Marc Deslauriers <marc.deslauriers@ubuntu.com>
+Date: Thu, 13 Mar 2025 08:41:20 -0400
+Subject: [PATCH] fix OOB write when when attempting to parse font subglyph
+ structures
+
+Gbp-Pq: CVE-2025-27363.patch.
+
+Source: https://git.launchpad.net/ubuntu/+source/freetype/commit/?h=applied/ubuntu/jammy-devel&id=fc406fb02653852dfa5979672e3d8d56ed329186
+
+CVE: CVE-2025-27363
+Upstream-Status: Inappropriate [cannot do exact patch backport as the code changed too much]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/truetype/ttgload.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
+index 11968f6..f5aa292 100644
+--- a/src/truetype/ttgload.c
++++ b/src/truetype/ttgload.c
+@@ -1948,7 +1948,7 @@
+ short i, limit;
+ FT_SubGlyph subglyph;
+
+- FT_Outline outline;
++ FT_Outline outline = { 0, 0, NULL, NULL, NULL, 0 };
+ FT_Vector* points = NULL;
+ char* tags = NULL;
+ short* contours = NULL;
+@@ -1957,6 +1957,13 @@
+
+ limit = (short)gloader->current.num_subglyphs;
+
++ /* make sure this isn't negative as we're going to add 4 later */
++ if ( limit < 0 )
++ {
++ error = FT_THROW( Invalid_Argument );
++ goto Exit;
++ }
++
+ /* construct an outline structure for */
+ /* communication with `TT_Vary_Apply_Glyph_Deltas' */
+ outline.n_points = (short)( gloader->current.num_subglyphs + 4 );
diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb
index 29f4d8dfb7..22158511c1 100644
--- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.xz \
file://CVE-2022-27405.patch \
file://CVE-2022-27406.patch \
file://CVE-2023-2004.patch \
+ file://CVE-2025-27363.patch \
"
SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8"
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 5/8] llvm : Fix CVE-2024-0151
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-04-01 22:36 ` [OE-core][kirkstone 4/8] freetype: patch CVE-2025-27363 Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 6/8] yocto-uninative: Update to 4.7 for glibc 2.41 Steve Sakoman
` (2 subsequent siblings)
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Backport a patch from upstream to fix CVE-2024-0151
Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea]
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../llvm/llvm/CVE-2024-0151.patch | 1087 +++++++++++++++++
meta/recipes-devtools/llvm/llvm_git.bb | 1 +
2 files changed, 1088 insertions(+)
create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch
diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch
new file mode 100644
index 0000000000..cbe6f5bf3f
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch
@@ -0,0 +1,1087 @@
+commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea
+Author: Lucas Duarte Prates <lucas.prates@arm.com>
+Date: Thu Jun 20 10:22:01 2024 +0100
+
+ [ARM] CMSE security mitigation on function arguments and returned values (#89944)
+
+ The ABI mandates two things related to function calls:
+ - Function arguments must be sign- or zero-extended to the register
+ size by the caller.
+ - Return values must be sign- or zero-extended to the register size by
+ the callee.
+
+ As consequence, callees can assume that function arguments have been
+ extended and so can callers with regards to return values.
+
+ Here lies the problem: Nonsecure code might deliberately ignore this
+ mandate with the intent of attempting an exploit. It might try to pass
+ values that lie outside the expected type's value range in order to
+ trigger undefined behaviour, e.g. out of bounds access.
+
+ With the mitigation implemented, Secure code always performs extension
+ of values passed by Nonsecure code.
+
+ This addresses the vulnerability described in CVE-2024-0151.
+
+ Patches by Victor Campos.
+
+ ---------
+
+ Co-authored-by: Victor Campos <victor.campos@arm.com>
+
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea]
+CVE: CVE-2024-0151
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMISelLowering.cpp b/llvm/lib/Target/ARM/ARMISelLowering.cpp
+index 900113244e41..e12f8c183db2 100644
+--- a/llvm/lib/Target/ARM/ARMISelLowering.cpp
++++ b/llvm/lib/Target/ARM/ARMISelLowering.cpp
+@@ -154,6 +154,17 @@ static const MCPhysReg GPRArgRegs[] = {
+ ARM::R0, ARM::R1, ARM::R2, ARM::R3
+ };
+
++static SDValue handleCMSEValue(const SDValue &Value, const ISD::InputArg &Arg,
++ SelectionDAG &DAG, const SDLoc &DL) {
++ assert(Arg.ArgVT.isScalarInteger());
++ assert(Arg.ArgVT.bitsLT(MVT::i32));
++ SDValue Trunc = DAG.getNode(ISD::TRUNCATE, DL, Arg.ArgVT, Value);
++ SDValue Ext =
++ DAG.getNode(Arg.Flags.isSExt() ? ISD::SIGN_EXTEND : ISD::ZERO_EXTEND, DL,
++ MVT::i32, Trunc);
++ return Ext;
++}
++
+ void ARMTargetLowering::addTypeForNEON(MVT VT, MVT PromotedLdStVT) {
+ if (VT != PromotedLdStVT) {
+ setOperationAction(ISD::LOAD, VT, Promote);
+@@ -2113,7 +2124,7 @@ SDValue ARMTargetLowering::LowerCallResult(
+ SDValue Chain, SDValue InFlag, CallingConv::ID CallConv, bool isVarArg,
+ const SmallVectorImpl<ISD::InputArg> &Ins, const SDLoc &dl,
+ SelectionDAG &DAG, SmallVectorImpl<SDValue> &InVals, bool isThisReturn,
+- SDValue ThisVal) const {
++ SDValue ThisVal, bool isCmseNSCall) const {
+ // Assign locations to each value returned by this call.
+ SmallVector<CCValAssign, 16> RVLocs;
+ CCState CCInfo(CallConv, isVarArg, DAG.getMachineFunction(), RVLocs,
+@@ -2191,6 +2202,15 @@ SDValue ARMTargetLowering::LowerCallResult(
+ (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16))
+ Val = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), Val);
+
++ // On CMSE Non-secure Calls, call results (returned values) whose bitwidth
++ // is less than 32 bits must be sign- or zero-extended after the call for
++ // security reasons. Although the ABI mandates an extension done by the
++ // callee, the latter cannot be trusted to follow the rules of the ABI.
++ const ISD::InputArg &Arg = Ins[VA.getValNo()];
++ if (isCmseNSCall && Arg.ArgVT.isScalarInteger() &&
++ VA.getLocVT().isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32))
++ Val = handleCMSEValue(Val, Arg, DAG, dl);
++
+ InVals.push_back(Val);
+ }
+
+@@ -2787,7 +2807,7 @@ ARMTargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
+ // return.
+ return LowerCallResult(Chain, InFlag, CallConv, isVarArg, Ins, dl, DAG,
+ InVals, isThisReturn,
+- isThisReturn ? OutVals[0] : SDValue());
++ isThisReturn ? OutVals[0] : SDValue(), isCmseNSCall);
+ }
+
+ /// HandleByVal - Every parameter *after* a byval parameter is passed
+@@ -4377,8 +4397,6 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ *DAG.getContext());
+ CCInfo.AnalyzeFormalArguments(Ins, CCAssignFnForCall(CallConv, isVarArg));
+
+- SmallVector<SDValue, 16> ArgValues;
+- SDValue ArgValue;
+ Function::const_arg_iterator CurOrigArg = MF.getFunction().arg_begin();
+ unsigned CurArgIdx = 0;
+
+@@ -4432,7 +4450,7 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ }
+ // Arguments stored in registers.
+ if (VA.isRegLoc()) {
+- EVT RegVT = VA.getLocVT();
++ SDValue ArgValue;
+
+ if (VA.needsCustom() && VA.getLocVT() == MVT::v2f64) {
+ // f64 and vector types are split up into multiple registers or
+@@ -4496,16 +4514,6 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ case CCValAssign::BCvt:
+ ArgValue = DAG.getNode(ISD::BITCAST, dl, VA.getValVT(), ArgValue);
+ break;
+- case CCValAssign::SExt:
+- ArgValue = DAG.getNode(ISD::AssertSext, dl, RegVT, ArgValue,
+- DAG.getValueType(VA.getValVT()));
+- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue);
+- break;
+- case CCValAssign::ZExt:
+- ArgValue = DAG.getNode(ISD::AssertZext, dl, RegVT, ArgValue,
+- DAG.getValueType(VA.getValVT()));
+- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue);
+- break;
+ }
+
+ // f16 arguments have their size extended to 4 bytes and passed as if they
+@@ -4515,6 +4523,15 @@ SDValue ARMTargetLowering::LowerFormalArguments(
+ (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16))
+ ArgValue = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), ArgValue);
+
++ // On CMSE Entry Functions, formal integer arguments whose bitwidth is
++ // less than 32 bits must be sign- or zero-extended in the callee for
++ // security reasons. Although the ABI mandates an extension done by the
++ // caller, the latter cannot be trusted to follow the rules of the ABI.
++ const ISD::InputArg &Arg = Ins[VA.getValNo()];
++ if (AFI->isCmseNSEntryFunction() && Arg.ArgVT.isScalarInteger() &&
++ RegVT.isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32))
++ ArgValue = handleCMSEValue(ArgValue, Arg, DAG, dl);
++
+ InVals.push_back(ArgValue);
+ } else { // VA.isRegLoc()
+ // sanity check
+diff --git a/llvm/lib/Target/ARM/ARMISelLowering.h b/llvm/lib/Target/ARM/ARMISelLowering.h
+index 844b7d4f1707..2168a4a73589 100644
+--- a/llvm/lib/Target/ARM/ARMISelLowering.h
++++ b/llvm/lib/Target/ARM/ARMISelLowering.h
+@@ -865,7 +865,7 @@ class VectorType;
+ const SmallVectorImpl<ISD::InputArg> &Ins,
+ const SDLoc &dl, SelectionDAG &DAG,
+ SmallVectorImpl<SDValue> &InVals, bool isThisReturn,
+- SDValue ThisVal) const;
++ SDValue ThisVal, bool isCmseNSCall) const;
+
+ bool supportSplitCSR(MachineFunction *MF) const override {
+ return MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS &&
+diff --git a/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
+new file mode 100644
+index 0000000000..58eef443c2
+--- /dev/null
++++ b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll
+@@ -0,0 +1,552 @@
++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE
++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE
++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE
++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE
++
++@get_idx = hidden local_unnamed_addr global ptr null, align 4
++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4
++
++define i32 @access_i16() {
++; V8M-COMMON-LABEL: access_i16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call signext i16 %0() "cmse_nonsecure_call"
++ %idxprom = sext i16 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_u16() {
++; V8M-COMMON-LABEL: access_u16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i16 %0() "cmse_nonsecure_call"
++ %idxprom = zext i16 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i8() {
++; V8M-COMMON-LABEL: access_i8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call signext i8 %0() "cmse_nonsecure_call"
++ %idxprom = sext i8 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_u8() {
++; V8M-COMMON-LABEL: access_u8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i8 %0() "cmse_nonsecure_call"
++ %idxprom = zext i8 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i1() {
++; V8M-COMMON-LABEL: access_i1:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i1:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i1 %0() "cmse_nonsecure_call"
++ %idxprom = zext i1 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i5() {
++; V8M-COMMON-LABEL: access_i5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call signext i5 %0() "cmse_nonsecure_call"
++ %idxprom = sext i5 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_u5() {
++; V8M-COMMON-LABEL: access_u5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V8M-COMMON-NEXT: ldr r0, [r0]
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: and r0, r0, #31
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx
++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx
++; V81M-COMMON-NEXT: ldr r0, [r0]
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: and r0, r0, #31
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %0 = load ptr, ptr @get_idx, align 4
++ %call = tail call zeroext i5 %0() "cmse_nonsecure_call"
++ %idxprom = zext i5 %call to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %1 = load i32, ptr %arrayidx, align 4
++ ret i32 %1
++}
++
++define i32 @access_i33(ptr %f) {
++; V8M-COMMON-LABEL: access_i33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: rsb.w r0, r0, #0
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_i33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: rsb.w r0, r0, #0
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %call = tail call i33 %f() "cmse_nonsecure_call"
++ %shr = ashr i33 %call, 32
++ %conv = trunc nsw i33 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_u33(ptr %f) {
++; V8M-COMMON-LABEL: access_u33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: push {r7, lr}
++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-COMMON-NEXT: bic r0, r0, #1
++; V8M-COMMON-NEXT: sub sp, #136
++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V8M-COMMON-NEXT: mov r1, r0
++; V8M-COMMON-NEXT: mov r2, r0
++; V8M-COMMON-NEXT: mov r3, r0
++; V8M-COMMON-NEXT: mov r4, r0
++; V8M-COMMON-NEXT: mov r5, r0
++; V8M-COMMON-NEXT: mov r6, r0
++; V8M-COMMON-NEXT: mov r7, r0
++; V8M-COMMON-NEXT: mov r8, r0
++; V8M-COMMON-NEXT: mov r9, r0
++; V8M-COMMON-NEXT: mov r10, r0
++; V8M-COMMON-NEXT: mov r11, r0
++; V8M-COMMON-NEXT: mov r12, r0
++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0
++; V8M-COMMON-NEXT: blxns r0
++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V8M-COMMON-NEXT: add sp, #136
++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: pop {r7, pc}
++;
++; V81M-COMMON-LABEL: access_u33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: push {r7, lr}
++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-COMMON-NEXT: bic r0, r0, #1
++; V81M-COMMON-NEXT: sub sp, #136
++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15}
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr}
++; V81M-COMMON-NEXT: blxns r0
++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15}
++; V81M-COMMON-NEXT: add sp, #136
++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11}
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: pop {r7, pc}
++entry:
++ %call = tail call i33 %f() "cmse_nonsecure_call"
++ %shr = lshr i33 %call, 32
++ %conv = trunc nuw nsw i33 %shr to i32
++ ret i32 %conv
++}
+diff --git a/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll
+new file mode 100644
+index 0000000000..c66ab00566
+--- /dev/null
++++ b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll
+@@ -0,0 +1,368 @@
++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE
++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE
++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE
++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE
++
++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4
++
++define i32 @access_i16(i16 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = sext i16 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_u16(i16 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u16:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxth r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u16:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxth r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i16 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i8(i8 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = sext i8 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_u8(i8 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u8:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: uxtb r0, r0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u8:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: uxtb r0, r0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i8 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i1(i1 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i1:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: rsbs r0, r0, #0
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i1:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: rsbs r0, r0, #0
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i1 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i5(i5 signext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = sext i5 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_u5(i5 zeroext %idx) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u5:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: movw r1, :lower16:arr
++; V8M-COMMON-NEXT: and r0, r0, #31
++; V8M-COMMON-NEXT: movt r1, :upper16:arr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u5:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: movw r1, :lower16:arr
++; V81M-COMMON-NEXT: and r0, r0, #31
++; V81M-COMMON-NEXT: movt r1, :upper16:arr
++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2]
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %idxprom = zext i5 %idx to i32
++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom
++ %0 = load i32, ptr %arrayidx, align 4
++ ret i32 %0
++}
++
++define i32 @access_i33(i33 %arg) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: rsbs r0, r0, #0
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: rsbs r0, r0, #0
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %shr = ashr i33 %arg, 32
++ %conv = trunc nsw i33 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_u33(i33 %arg) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u33:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-LE-NEXT: and r0, r1, #1
++; V8M-BE-NEXT: and r0, r0, #1
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u33:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-LE-NEXT: and r0, r1, #1
++; V81M-BE-NEXT: and r0, r0, #1
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %shr = lshr i33 %arg, 32
++ %conv = trunc nuw nsw i33 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_i65(ptr byval(i65) %0) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_i65:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: sub sp, #16
++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V8M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V8M-LE-NEXT: and r0, r0, #1
++; V8M-LE-NEXT: rsbs r0, r0, #0
++; V8M-BE-NEXT: movs r1, #0
++; V8M-BE-NEXT: sub.w r0, r1, r0, lsr #24
++; V8M-COMMON-NEXT: add sp, #16
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_i65:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: sub sp, #16
++; V81M-COMMON-NEXT: add sp, #4
++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V81M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V81M-LE-NEXT: and r0, r0, #1
++; V81M-LE-NEXT: rsbs r0, r0, #0
++; V81M-BE-NEXT: movs r1, #0
++; V81M-BE-NEXT: sub.w r0, r1, r0, lsr #24
++; V81M-COMMON-NEXT: sub sp, #4
++; V81M-COMMON-NEXT: add sp, #16
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %arg = load i65, ptr %0, align 8
++ %shr = ashr i65 %arg, 64
++ %conv = trunc nsw i65 %shr to i32
++ ret i32 %conv
++}
++
++define i32 @access_u65(ptr byval(i65) %0) "cmse_nonsecure_entry" {
++; V8M-COMMON-LABEL: access_u65:
++; V8M-COMMON: @ %bb.0: @ %entry
++; V8M-COMMON-NEXT: sub sp, #16
++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V8M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V8M-BE-NEXT: lsrs r0, r0, #24
++; V8M-COMMON-NEXT: add sp, #16
++; V8M-COMMON-NEXT: mov r1, lr
++; V8M-COMMON-NEXT: mov r2, lr
++; V8M-COMMON-NEXT: mov r3, lr
++; V8M-COMMON-NEXT: mov r12, lr
++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr
++; V8M-COMMON-NEXT: bxns lr
++;
++; V81M-COMMON-LABEL: access_u65:
++; V81M-COMMON: @ %bb.0: @ %entry
++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]!
++; V81M-COMMON-NEXT: sub sp, #16
++; V81M-COMMON-NEXT: add sp, #4
++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3}
++; V81M-LE-NEXT: ldrb.w r0, [sp, #8]
++; V81M-BE-NEXT: lsrs r0, r0, #24
++; V81M-COMMON-NEXT: sub sp, #4
++; V81M-COMMON-NEXT: add sp, #16
++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr}
++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4
++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr}
++; V81M-COMMON-NEXT: bxns lr
++entry:
++ %arg = load i65, ptr %0, align 8
++ %shr = lshr i65 %arg, 64
++ %conv = trunc nuw nsw i65 %shr to i32
++ ret i32 %conv
++}
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index 8dcd124c71..1531e12fff 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -36,6 +36,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http
file://CVE-2023-46049.patch;striplevel=2 \
file://CVE-2024-31852-1.patch;striplevel=2 \
file://CVE-2024-31852-2.patch;striplevel=2 \
+ file://CVE-2024-0151.patch;striplevel=2 \
"
UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 6/8] yocto-uninative: Update to 4.7 for glibc 2.41
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-04-01 22:36 ` [OE-core][kirkstone 5/8] llvm : Fix CVE-2024-0151 Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 7/8] mesa: Update SRC_URI Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand() Steve Sakoman
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index a6f7107dfe..3d0f1fdccd 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.40"
-UNINATIVE_VERSION = "4.6"
+UNINATIVE_MAXGLIBCVERSION = "2.41"
+UNINATIVE_VERSION = "4.7"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "c2d36338272eba101580f648dd8dff5352cdb4c1809db7dedf8fc4d7e7df716c"
-UNINATIVE_CHECKSUM[i686] ?= "0041584678109c18deca48fb59eaf14cf725cf024a170ab537b354b63240c504"
-UNINATIVE_CHECKSUM[x86_64] ?= "6bf00154c5a7bc48adbf63fd17684bb87eb07f4814fbb482a3fbd817c1ccf4c5"
+UNINATIVE_CHECKSUM[aarch64] ?= "ac440e4fc80665c79f9718c665c6e28d771e51609c088c3c97ba3ad5cfed197a"
+UNINATIVE_CHECKSUM[i686] ?= "c5efa31450f3bbd63ea961d4e7c747ae41317937d429f65e1d5cf2050338e27a"
+UNINATIVE_CHECKSUM[x86_64] ?= "5800d4e9a129d1be09cf548918d25f74e91a7c1193ae5239d5b0c9246c486d2c"
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 7/8] mesa: Update SRC_URI
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-04-01 22:36 ` [OE-core][kirkstone 6/8] yocto-uninative: Update to 4.7 for glibc 2.41 Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand() Steve Sakoman
7 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Guocai He <guocai.he.cn@windriver.com>
Update SRC_URI for mesa.
The the tarball of mesa has been changed
from:
https://mesa.freedesktop.org/archive/
to:
https://archive.mesa3d.org/
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb | 2 +-
meta/recipes-graphics/mesa/mesa.inc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb b/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb
index 01e5b35d0e..11ecb9a9eb 100644
--- a/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb
+++ b/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb
@@ -9,7 +9,7 @@ LICENSE = "MIT & PD"
LIC_FILES_CHKSUM = "file://src/xdemos/glxgears.c;beginline=1;endline=20;md5=914225785450eff644a86c871d3ae00e \
file://src/xdemos/glxdemo.c;beginline=1;endline=8;md5=b01d5ab1aee94d35b7efaa2ef48e1a06"
-SRC_URI = "https://mesa.freedesktop.org/archive/demos/${BPN}-${PV}.tar.bz2 \
+SRC_URI = "https://archive.mesa3d.org/demos/${BPN}-${PV}.tar.bz2 \
file://0001-mesa-demos-Add-missing-data-files.patch \
file://0003-configure-Allow-to-disable-demos-which-require-GLEW-.patch \
file://0004-Use-DEMOS_DATA_DIR-to-locate-data-files.patch \
diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc
index 3c85a3ac55..16d3e108a4 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://docs/license.rst;md5=9a383ee9f65a4e939d6630e9b067ff58
PE = "2"
-SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
+SRC_URI = "https://archive.mesa3d.org/older-versions/22.x/mesa-${PV}.tar.xz \
file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \
file://0002-meson.build-make-TLS-ELF-optional.patch \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand()
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-04-01 22:36 ` [OE-core][kirkstone 7/8] mesa: Update SRC_URI Steve Sakoman
@ 2025-04-01 22:36 ` Steve Sakoman
2025-04-01 22:54 ` Richard Purdie
7 siblings, 1 reply; 25+ messages in thread
From: Steve Sakoman @ 2025-04-01 22:36 UTC (permalink / raw)
To: openembedded-core
From: Haixiao Yan <haixiao.yan.cn@windriver.com>
Backport a patch [1] to improve performance of rand() and __random()[2]
by adding a single-threaded fast path.
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...dd-single-threaded-fast-path-to-rand.patch | 47 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
diff --git a/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
new file mode 100644
index 0000000000..736fc51f38
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
@@ -0,0 +1,47 @@
+From 4f54b0dfc16dbe0df86afccb90e447df5f7f571e Mon Sep 17 00:00:00 2001
+From: Wilco Dijkstra <wilco.dijkstra@arm.com>
+Date: Mon, 18 Mar 2024 15:18:20 +0000
+Subject: [PATCH] stdlib: Add single-threaded fast path to rand()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Improve performance of rand() and __random() by adding a single-threaded
+fast path. Bench-random-lock shows about 5x speedup on Neoverse V1.
+
+Upstream-Status: Backport [be0cfd848d9ad7378800d6302bc11467cf2b514f]
+
+Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
+---
+ stdlib/random.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/stdlib/random.c b/stdlib/random.c
+index 17cc61ba8f55..5d482a857065 100644
+--- a/stdlib/random.c
++++ b/stdlib/random.c
+@@ -51,6 +51,7 @@
+ SUCH DAMAGE.*/
+
+ #include <libc-lock.h>
++#include <sys/single_threaded.h>
+ #include <limits.h>
+ #include <stddef.h>
+ #include <stdlib.h>
+@@ -288,6 +289,12 @@ __random (void)
+ {
+ int32_t retval;
+
++ if (SINGLE_THREAD_P)
++ {
++ (void) __random_r (&unsafe_state, &retval);
++ return retval;
++ }
++
+ __libc_lock_lock (lock);
+
+ (void) __random_r (&unsafe_state, &retval);
+--
+2.34.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index d9cae79ac2..9073e04537 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -65,6 +65,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
file://0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch \
+ file://0001-stdlib-Add-single-threaded-fast-path-to-rand.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.43.0
^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand()
2025-04-01 22:36 ` [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand() Steve Sakoman
@ 2025-04-01 22:54 ` Richard Purdie
0 siblings, 0 replies; 25+ messages in thread
From: Richard Purdie @ 2025-04-01 22:54 UTC (permalink / raw)
To: steve, openembedded-core
On Tue, 2025-04-01 at 15:36 -0700, Steve Sakoman via lists.openembedded.org wrote:
> From: Haixiao Yan <haixiao.yan.cn@windriver.com>
>
> Backport a patch [1] to improve performance of rand() and __random()[2]
> by adding a single-threaded fast path.
>
> [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f
> [2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777
> Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> ...dd-single-threaded-fast-path-to-rand.patch | 47 +++++++++++++++++++
> meta/recipes-core/glibc/glibc_2.35.bb | 1 +
> 2 files changed, 48 insertions(+)
> create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
Not sure this has made master yet!
Cheers,
Richard
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-08-13 21:28 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-08-13 21:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, August 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2196
The following changes since commit bd620eb14660075fd0f7476bbbb65d5da6293874:
build-appliance-image: Update to kirkstone head revision (2025-08-08 06:31:30 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Guocai He (1):
gnupg: disable tests to avoid running target binaries at build time
Hitendra Prajapati (1):
libxslt: fix CVE-2023-40403
Peter Marko (3):
python3: patch CVE-2025-8194
go: ignore CVE-2025-0913
libarchive: patch CVE-2025-5918
Quentin Schulz (1):
go-helloworld: fix license
Yogita Urade (2):
tiff: fix CVE-2025-8176
tiff: fix CVE-2025-8177
meta/recipes-devtools/go/go-1.17.13.inc | 2 +-
.../python/python3/CVE-2025-8194.patch | 219 +++++++++++
.../python/python3_3.10.18.bb | 7 +-
.../go-examples/go-helloworld_0.1.bb | 4 +-
.../0001-FILE-seeking-support-2539.patch | 190 ++++++++++
.../0001-Improve-lseek-handling-2564.patch | 320 ++++++++++++++++
.../libarchive/libarchive/CVE-2025-5918.patch | 217 +++++++++++
.../libarchive/libarchive_3.6.2.bb | 3 +
.../libtiff/tiff/CVE-2025-8176-0001.patch | 61 +++
.../libtiff/tiff/CVE-2025-8176-0002.patch | 31 ++
.../libtiff/tiff/CVE-2025-8176-0003.patch | 28 ++
.../libtiff/tiff/CVE-2025-8177.patch | 35 ++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 +
meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 +
.../libxslt/libxslt/CVE-2023-40403-001.patch | 257 +++++++++++++
.../libxslt/libxslt/CVE-2023-40403-002.patch | 147 ++++++++
.../libxslt/libxslt/CVE-2023-40403-003.patch | 231 ++++++++++++
.../libxslt/libxslt/CVE-2023-40403-004.patch | 349 ++++++++++++++++++
.../libxslt/libxslt/CVE-2023-40403-005.patch | 55 +++
.../recipes-support/libxslt/libxslt_1.1.35.bb | 5 +
20 files changed, 2160 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-8194.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-FILE-seeking-support-2539.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Improve-lseek-handling-2564.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0001.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0002.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176-0003.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-001.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-002.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-003.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-004.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2023-40403-005.patch
--
2.43.0
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-10-17 20:43 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-10-17 20:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 21
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2607
The following changes since commit 8f1000d9dad5e51f08a40b0f6650204425cc8efb:
glibc: : PTHREAD_COND_INITIALIZER compatibility with pre-2.41 versions (bug 32786) (2025-10-14 10:35:12 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (4):
linux-yocto/5.15: update to v5.15.188
linux-yocto/5.15: update to v5.15.189
linux-yocto/5.15: update to v5.15.193
linux-yocto/5.15: update to v5.15.194
Peter Marko (1):
python3: upgrade 3.10.18 -> 3.10.19
Rajeshkumar Ramasamy (2):
glib-networking: fix CVE-2025-60018
glib-networking: fix CVE-2025-60019
Saravanan (1):
cmake: fix CVE-2025-9301
.../glib-networking/CVE-2025-60018.patch | 83 +++++++
.../glib-networking/CVE-2025-60019.patch | 137 +++++++++++
.../glib-networking/glib-networking_2.72.2.bb | 2 +
.../cmake/cmake/CVE-2025-9301.patch | 71 ++++++
meta/recipes-devtools/cmake/cmake_3.22.3.bb | 1 +
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
.../python/python3/CVE-2025-8194.patch | 219 ------------------
...{python3_3.10.18.bb => python3_3.10.19.bb} | 3 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
11 files changed, 315 insertions(+), 241 deletions(-)
create mode 100644 meta/recipes-core/glib-networking/glib-networking/CVE-2025-60018.patch
create mode 100644 meta/recipes-core/glib-networking/glib-networking/CVE-2025-60019.patch
create mode 100644 meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-8194.patch
rename meta/recipes-devtools/python/{python3_3.10.18.bb => python3_3.10.19.bb} (99%)
--
2.43.0
^ permalink raw reply [flat|nested] 25+ messages in thread
* [OE-core][kirkstone 0/8] Patch review
@ 2025-11-03 20:59 Steve Sakoman
0 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2025-11-03 20:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, November 5
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2677
The following changes since commit 99204008786f659ab03538cd2ae2fd23ed4164c5:
build-appliance-image: Update to kirkstone head revision (2025-10-31 06:30:23 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (1):
openssh: fix CVE-2025-61985
Hitendra Prajapati (1):
go: fix CVE-2024-24783
Hongxu Jia (1):
u-boot: fix CVE-2024-42040
Jason Schonberg (1):
Don't use ftp.gnome.org
Peter Marko (3):
wpa-supplicant: patch CVE-2025-24912
binutils: patch CVE-2025-11412
binutils: patch CVE-2025-11413
Praveen Kumar (1):
bind: upgrade 9.18.33 -> 9.18.41
.../u-boot/files/CVE-2024-42040.patch | 56 +++++++++++++
meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +-
.../bind/{bind_9.18.33.bb => bind_9.18.41.bb} | 2 +-
.../openssh/openssh/CVE-2025-61985.patch | 35 ++++++++
.../openssh/openssh_8.9p1.bb | 1 +
.../wpa-supplicant/CVE-2025-24912-01.patch | 79 ++++++++++++++++++
.../wpa-supplicant/CVE-2025-24912-02.patch | 70 ++++++++++++++++
.../wpa-supplicant/wpa-supplicant_2.10.bb | 2 +
.../binutils/binutils-2.38.inc | 2 +
.../binutils/binutils/CVE-2025-11412.patch | 35 ++++++++
.../binutils/binutils/CVE-2025-11413.patch | 38 +++++++++
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2024-24783.patch | 83 +++++++++++++++++++
.../python/python3-pygobject_3.42.0.bb | 2 +-
meta/recipes-devtools/vala/vala.inc | 2 +-
meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb | 2 +-
meta/recipes-gnome/libgudev/libgudev_237.bb | 2 +-
.../recipes-support/libxslt/libxslt_1.1.35.bb | 2 +-
18 files changed, 411 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-42040.patch
rename meta/recipes-connectivity/bind/{bind_9.18.33.bb => bind_9.18.41.bb} (97%)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-61985.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-01.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2025-24912-02.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-11412.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-24783.patch
--
2.43.0
^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2025-11-03 20:59 UTC | newest]
Thread overview: 25+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-01 22:36 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 1/8] zlib: fix CVE-2014-9485 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 2/8] libarchive: ignore CVE-2025-1632 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 3/8] perl: ignore CVE-2023-47038 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 4/8] freetype: patch CVE-2025-27363 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 5/8] llvm : Fix CVE-2024-0151 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 6/8] yocto-uninative: Update to 4.7 for glibc 2.41 Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 7/8] mesa: Update SRC_URI Steve Sakoman
2025-04-01 22:36 ` [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand() Steve Sakoman
2025-04-01 22:54 ` Richard Purdie
-- strict thread matches above, loose matches on Subject: below --
2025-11-03 20:59 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-10-17 20:43 Steve Sakoman
2025-08-13 21:28 Steve Sakoman
2024-08-04 17:08 Steve Sakoman
2024-05-24 12:14 Steve Sakoman
2024-03-12 13:53 Steve Sakoman
2024-02-12 13:54 Steve Sakoman
2023-11-29 23:04 Steve Sakoman
2023-09-13 14:30 Steve Sakoman
2023-08-27 20:52 Steve Sakoman
2023-07-24 2:33 Steve Sakoman
2023-04-22 15:54 Steve Sakoman
2022-10-27 2:36 Steve Sakoman
2022-10-28 2:07 ` Tim Orling
2022-08-09 21:27 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox