[OE-core][scarthgap 00/12] Patch review

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, July 21

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7150

The following changes since commit bf3fe8c01c5cc00ada22049f4f0abb485e2a626f:

  webkitgtk: fix do_compile errors on beaglebone-yocto (2024-07-13 07:07:10 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (1):
  less: fix CVE-2024-32487

Changqing Li (4):
  vulkan-samples: fix do_compile error when -Og enabled
  multilib.conf: remove appending to PKG_CONFIG_PATH
  gettext: fix a parallel build issue
  pixman: fixing inline failure with -Og

Deepthi Hemraj (1):
  binutils: stable 2.42 branch updates

Hitendra Prajapati (1):
  vte: fix CVE-2024-37535

Jose Quaresma (1):
  go: upgrade 1.22.4 -> 1.22.5

Peter Marko (2):
  busybox: Patch CVE-2021-42380
  busybox: Patch CVE-2023-42363

Steve Sakoman (1):
  Revert "apt: runtime error: filename too long (tmpdir length)"

Vijay Anusuri (1):
  openssh: fix CVE-2024-39894

 meta/conf/multilib.conf                       |   9 --
 .../openssh/openssh/CVE-2024-39894.patch      |  35 ++++
 .../openssh/openssh_9.6p1.bb                  |   1 +
 ...-fix-segfault-when-compiled-by-clang.patch |  41 +++++
 .../busybox/busybox/CVE-2021-42380.patch      | 151 ++++++++++++++++++
 .../busybox/busybox/CVE-2023-42363.patch      |  67 ++++++++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |   3 +
 ...1-intl-Fix-build-failure-with-make-j.patch |  35 ++++
 meta/recipes-core/gettext/gettext_0.22.5.bb   |   1 +
 ...he-filename-can-t-be-longer-than-255.patch |  40 -----
 meta/recipes-devtools/apt/apt_2.6.1.bb        |   1 -
 .../binutils/binutils-2.42.inc                |   2 +-
 .../go/{go-1.22.4.inc => go-1.22.5.inc}       |   2 +-
 ...e_1.22.4.bb => go-binary-native_1.22.5.bb} |   6 +-
 ..._1.22.4.bb => go-cross-canadian_1.22.5.bb} |   0
 ...{go-cross_1.22.4.bb => go-cross_1.22.5.bb} |   0
 ...osssdk_1.22.4.bb => go-crosssdk_1.22.5.bb} |   0
 ...runtime_1.22.4.bb => go-runtime_1.22.5.bb} |   0
 ...ent-based-hash-generation-less-pedan.patch |  11 +-
 ...OOLDIR-to-be-overridden-in-the-envir.patch |  12 +-
 ...3-ld-add-soname-to-shareable-objects.patch |   9 +-
 ...de-CC-when-building-dist-and-go_boot.patch |  10 +-
 ...dist-separate-host-and-target-builds.patch |   9 +-
 ...d-go-make-GOROOT-precious-by-default.patch |  13 +-
 ...ut-build-specific-paths-from-linker-.patch |  12 +-
 ...ldgo.go-do-not-hardcode-host-compile.patch |  11 +-
 ...uild-paths-on-staticly-linked-arches.patch |   9 +-
 .../go/{go_1.22.4.bb => go_1.22.5.bb}         |   0
 .../less/files/CVE-2024-32487.patch           |  74 +++++++++
 meta/recipes-extended/less/less_643.bb        |   1 +
 ...ce-FORCE_INLINE_TEMPLATE-with-inline.patch |  52 ++++++
 .../vulkan/vulkan-samples_git.bb              |   1 +
 ...loat.c-fix-inlining-failed-in-call-t.patch |  56 +++++++
 .../xorg-lib/pixman_0.42.2.bb                 |   1 +
 .../vte/vte/CVE-2024-37535-01.patch           |  64 ++++++++
 .../vte/vte/CVE-2024-37535-02.patch           |  85 ++++++++++
 meta/recipes-support/vte/vte_0.74.2.bb        |   5 +-
 37 files changed, 711 insertions(+), 118 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
 create mode 100644 meta/recipes-core/gettext/gettext/0001-intl-Fix-build-failure-with-make-j.patch
 delete mode 100644 meta/recipes-devtools/apt/apt/0001-strutl.cc-the-filename-can-t-be-longer-than-255.patch
 rename meta/recipes-devtools/go/{go-1.22.4.inc => go-1.22.5.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.4.bb => go-binary-native_1.22.5.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.4.bb => go-cross-canadian_1.22.5.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.4.bb => go-cross_1.22.5.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.4.bb => go-crosssdk_1.22.5.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.4.bb => go-runtime_1.22.5.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.4.bb => go_1.22.5.bb} (100%)
 create mode 100644 meta/recipes-extended/less/files/CVE-2024-32487.patch
 create mode 100644 meta/recipes-graphics/vulkan/vulkan-samples/0001-zstd.c-replace-FORCE_INLINE_TEMPLATE-with-inline.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/pixman/0001-pixman-combine-float.c-fix-inlining-failed-in-call-t.patch
 create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-01.patch
 create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-02.patch

-- 
2.34.1

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, September 2

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7287

The following changes since commit 8b5c66c91d94f4c8521fe9443e65d86063dba5e5:

  oeqa/utils/postactions: transfer whole archive over ssh instead of doing individual copies (2024-08-20 05:03:49 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (2):
  ffmpeg: fix CVE-2024-32230
  qemu: fix CVE-2024-7409

Bartosz Golaszewski (1):
  linux-firmware: add a package for ath12k firmware

Changqing Li (2):
  expect-native: fix do_compile failure with gcc-14
  libcap-ng: update SRC_URI

Niko Mauno (1):
  util-linux: Add PACKAGECONFIG option to mitigate rootfs remount error

Peter Marko (2):
  libyaml: Ignore CVE-2024-35325
  curl: Patch CVE-2024-7264

Quentin Schulz (1):
  weston-init: fix weston not starting when xwayland is enabled

Siddharth Doshi (1):
  vim: Upgrade 9.1.0114 -> 9.1.0682

Simone Weiß (1):
  curl: Ignore CVE-2024-32928

Yogita Urade (1):
  qemu: fix CVE-2024-4467

 .../util-linux/util-linux_2.39.3.bb           |   12 +-
 meta/recipes-devtools/expect/expect_5.45.4.bb |    2 +-
 meta/recipes-devtools/qemu/qemu.inc           |    9 +
 .../qemu/qemu/CVE-2024-4467-0001.patch        |  112 ++
 .../qemu/qemu/CVE-2024-4467-0002.patch        |   55 +
 .../qemu/qemu/CVE-2024-4467-0003.patch        |   57 +
 .../qemu/qemu/CVE-2024-4467-0004.patch        | 1187 +++++++++++++++++
 .../qemu/qemu/CVE-2024-4467-0005.patch        |  239 ++++
 .../qemu/qemu/CVE-2024-7409-0001.patch        |  167 +++
 .../qemu/qemu/CVE-2024-7409-0002.patch        |  175 +++
 .../qemu/qemu/CVE-2024-7409-0003.patch        |  126 ++
 .../qemu/qemu/CVE-2024-7409-0004.patch        |  164 +++
 meta/recipes-graphics/wayland/weston-init.bb  |    2 +-
 .../linux-firmware/linux-firmware_20240312.bb |    8 +-
 .../ffmpeg/ffmpeg/CVE-2024-32230.patch        |   36 +
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |    1 +
 .../curl/curl/CVE-2024-7264-1.patch           |   61 +
 .../curl/curl/CVE-2024-7264-2.patch           |  316 +++++
 meta/recipes-support/curl/curl_8.7.1.bb       |    3 +
 .../libcap-ng/libcap-ng-python_0.8.5.bb       |    2 -
 meta/recipes-support/libcap-ng/libcap-ng.inc  |    8 +-
 meta/recipes-support/libyaml/libyaml_0.2.5.bb |    1 +
 ...m-add-knob-whether-elf.h-are-checked.patch |   39 -
 meta/recipes-support/vim/vim.inc              |    5 +-
 24 files changed, 2737 insertions(+), 50 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0001.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0002.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0003.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0004.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-4467-0005.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0001.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0002.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0003.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-7409-0004.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-7264-2.patch
 delete mode 100644 meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch

-- 
2.34.1

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, December 12

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/616

The following changes since commit 92cb4641ff4ec8c1f681bca21cfeaf2ba6923ab7:

  resulttool: Improve repo layout for oeselftest results (2024-12-04 06:02:55 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (5):
  ffmpeg: fix CVE-2023-49501
  ffmpeg: fix CVE-2024-28661
  ffmpeg: fix CVE-2023-50007
  ffmpeg: fix CVE-2023-49528
  ffmpeg: fix CVE-2024-7055

Divya Chellam (1):
  libpam: fix CVE-2024-10041

Guðni Már Gilbert (4):
  systemd: drop intltool-native from DEPENDS
  systemd-boot: drop intltool-native from DEPENDS
  python3-poetry-core: drop python3-six from RDEPENDS
  dnf: drop python3-iniparse from DEPENDS and RDEPENDS

Peter Marko (1):
  qemu: set CVE-2024-6505 to fixed

Ross Burton (1):
  sanity: check for working user namespaces

 meta/classes-global/sanity.bbclass            | 24 +++++
 .../systemd/systemd-boot_255.13.bb            |  2 +-
 meta/recipes-core/systemd/systemd_255.13.bb   |  2 +-
 meta/recipes-devtools/dnf/dnf_4.19.0.bb       |  3 +-
 .../python/python3-poetry-core_1.9.0.bb       |  1 -
 meta/recipes-devtools/qemu/qemu.inc           |  3 +
 .../pam/libpam/CVE-2024-10041.patch           | 98 +++++++++++++++++++
 meta/recipes-extended/pam/libpam_1.5.3.bb     |  1 +
 .../ffmpeg/ffmpeg/CVE-2023-49501.patch        | 30 ++++++
 .../ffmpeg/ffmpeg/CVE-2023-49528.patch        | 58 +++++++++++
 .../ffmpeg/ffmpeg/CVE-2023-50007.patch        | 78 +++++++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-28661.patch        | 37 +++++++
 .../ffmpeg/ffmpeg/CVE-2024-7055.patch         | 38 +++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  5 +
 14 files changed, 375 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch

-- 
2.34.1

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, January 31

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/907

The following changes since commit 62cb12967391db709315820d48853ffa4c6b4740:

  build-appliance-image: Update to scarthgap head revision (2025-01-26 14:05:12 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adrian Freihofer (6):
  devtool: modify support debug-builds
  devtool: ide-sdk sort cmake preset
  devtool: ide-sdk recommend DEBUG_BUILD
  oe-selftest: devtool ide-sdk use modify debug-build
  devtool: ide-sdk remove the plugin from eSDK installer
  uboot-config: fix devtool modify with kernel-fitimage

Guðni Már Gilbert (1):
  systemd: upgrade 255.13 -> 255.17

Marek Vasut (1):
  u-boot: kernel-fitimage: Fix dependency loop if UBOOT_SIGN_ENABLE and
    UBOOT_ENV enabled

Peter Marko (4):
  openssl: patch CVE-2024-13176
  go: upgrade 1.22.8 -> 1.22.9
  go: upgrade 1.22.9 -> 1.22.10
  go: upgrade 1.22.10 -> 1.22.11

 meta/classes-recipe/kernel-fitimage.bbclass   |  53 +-------
 meta/classes-recipe/uboot-config.bbclass      |  17 ++-
 meta/classes-recipe/uboot-sign.bbclass        |  26 ++--
 meta/conf/image-fitimage.conf                 |  53 ++++++++
 meta/lib/oeqa/selftest/cases/devtool.py       |   2 +-
 .../openssl/openssl/CVE-2024-13176.patch      | 126 ++++++++++++++++++
 .../openssl/openssl_3.2.3.bb                  |   1 +
 ...55.13.bb => systemd-boot-native_255.17.bb} |   0
 ...-boot_255.13.bb => systemd-boot_255.17.bb} |   0
 meta/recipes-core/systemd/systemd.inc         |   2 +-
 ...1-missing_type.h-add-comparison_fn_t.patch |   2 +-
 ...k-parse_printf_format-implementation.patch |   6 +-
 ...tall-dependency-links-at-install-tim.patch |   2 +-
 ...missing.h-check-for-missing-strndupa.patch |  33 +++--
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   2 +-
 ...005-add-missing-FTW_-macros-for-musl.patch |   2 +-
 ...06-Use-uintmax_t-for-handling-rlim_t.patch |   6 +-
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |   2 +-
 ...patible-basename-for-non-glibc-syste.patch |   2 +-
 ...implment-systemd-sysv-install-for-OE.patch |   2 +-
 ...uffering-when-writing-to-oom_score_a.patch |   4 +-
 ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
 ...definition-of-prctl_mm_map-structure.patch |   2 +-
 ...-not-disable-buffer-in-writing-files.patch |  34 ++---
 .../0013-Handle-__cpu_mask-usage.patch        |   2 +-
 .../systemd/0014-Handle-missing-gshadow.patch |   2 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   2 +-
 ...ass-correct-parameters-to-getdents64.patch |   2 +-
 .../0017-Adjust-for-musl-headers.patch        |   6 +-
 ...trerror-is-assumed-to-be-GNU-specifi.patch |   2 +-
 ...util-Make-STRERROR-portable-for-musl.patch |   2 +-
 ...ake-malloc_trim-conditional-on-glibc.patch |   4 +-
 ...hared-Do-not-use-malloc_info-on-musl.patch |   2 +-
 ...22-avoid-missing-LOCK_EX-declaration.patch |   4 +-
 .../{systemd_255.13.bb => systemd_255.17.bb}  |   0
 .../go/{go-1.22.8.inc => go-1.22.11.inc}      |   2 +-
 ..._1.22.8.bb => go-binary-native_1.22.11.bb} |   6 +-
 ...1.22.8.bb => go-cross-canadian_1.22.11.bb} |   0
 ...go-cross_1.22.8.bb => go-cross_1.22.11.bb} |   0
 ...sssdk_1.22.8.bb => go-crosssdk_1.22.11.bb} |   0
 ...untime_1.22.8.bb => go-runtime_1.22.11.bb} |   0
 .../go/{go_1.22.8.bb => go_1.22.11.bb}        |   0
 scripts/lib/devtool/ide_sdk.py                |  63 +++------
 scripts/lib/devtool/standard.py               |   3 +
 44 files changed, 301 insertions(+), 182 deletions(-)
 create mode 100644 meta/conf/image-fitimage.conf
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch
 rename meta/recipes-core/systemd/{systemd-boot-native_255.13.bb => systemd-boot-native_255.17.bb} (100%)
 rename meta/recipes-core/systemd/{systemd-boot_255.13.bb => systemd-boot_255.17.bb} (100%)
 rename meta/recipes-core/systemd/{systemd_255.13.bb => systemd_255.17.bb} (100%)
 rename meta/recipes-devtools/go/{go-1.22.8.inc => go-1.22.11.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.8.bb => go-binary-native_1.22.11.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.8.bb => go-cross-canadian_1.22.11.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.8.bb => go-cross_1.22.11.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.8.bb => go-crosssdk_1.22.11.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.8.bb => go-runtime_1.22.11.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.8.bb => go_1.22.11.bb} (100%)

-- 
2.43.0

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 10

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1740

The following changes since commit d1b64f190c1686f081f5ba2c4f2b320048f6a514:

  sstatetests: Switch to new CDN (2025-06-02 07:21:18 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Changqing Li (6):
  libsoup: fix CVE-2025-32908
  libsoup: fix CVE-2025-32907
  libsoup-2.4: fix CVE-2025-32907
  libsoup-2.4: fix do_compile failure
  libsoup-2.4: fix CVE-2025-32053
  libsoup: fix CVE-2025-32053

Deepesh Varatharajan (2):
  binutils: Fix CVE-2025-5245
  binutils: Fix CVE-2025-5244

Divya Chellam (2):
  screen: fix CVE-2025-46802
  screen: fix CVE-2025-46804

Guðni Már Gilbert (1):
  systemd: upgrade 255.18 -> 255.21

Vijay Anusuri (1):
  python3-setuptools: Fix CVE-2025-47273

 ...55.18.bb => systemd-boot-native_255.21.bb} |   0
 ...-boot_255.18.bb => systemd-boot_255.21.bb} |   0
 meta/recipes-core/systemd/systemd.inc         |   2 +-
 ...1-missing_type.h-add-comparison_fn_t.patch |   2 +-
 ...k-parse_printf_format-implementation.patch |   2 +-
 ...tall-dependency-links-at-install-tim.patch |   2 +-
 ...missing.h-check-for-missing-strndupa.patch |  10 +-
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   2 +-
 ...005-add-missing-FTW_-macros-for-musl.patch |   2 +-
 ...06-Use-uintmax_t-for-handling-rlim_t.patch |   2 +-
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |   2 +-
 ...patible-basename-for-non-glibc-syste.patch |   2 +-
 ...implment-systemd-sysv-install-for-OE.patch |   2 +-
 ...uffering-when-writing-to-oom_score_a.patch |   2 +-
 ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
 ...definition-of-prctl_mm_map-structure.patch |   2 +-
 ...-not-disable-buffer-in-writing-files.patch |   8 +-
 .../0013-Handle-__cpu_mask-usage.patch        |   2 +-
 .../systemd/0014-Handle-missing-gshadow.patch |   2 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   2 +-
 ...ass-correct-parameters-to-getdents64.patch |   2 +-
 .../0017-Adjust-for-musl-headers.patch        |   2 +-
 ...trerror-is-assumed-to-be-GNU-specifi.patch |   2 +-
 ...util-Make-STRERROR-portable-for-musl.patch |   2 +-
 ...ake-malloc_trim-conditional-on-glibc.patch |   2 +-
 ...hared-Do-not-use-malloc_info-on-musl.patch |   2 +-
 ...22-avoid-missing-LOCK_EX-declaration.patch |   4 +-
 .../{systemd_255.18.bb => systemd_v255.21.bb} |   0
 .../binutils/binutils-2.42.inc                |   2 +
 .../binutils/0022-CVE-2025-5244.patch         |  25 +++
 .../binutils/0022-CVE-2025-5245.patch         |  38 ++++
 .../CVE-2025-47273-pre1.patch                 |  54 +++++
 .../python3-setuptools/CVE-2025-47273.patch   |  59 ++++++
 .../python/python3-setuptools_69.1.1.bb       |   2 +
 .../screen/screen/CVE-2025-46802.patch        | 146 +++++++++++++
 .../screen/screen/CVE-2025-46804.patch        | 131 ++++++++++++
 meta/recipes-extended/screen/screen_4.9.1.bb  |   2 +
 .../libsoup/libsoup-2.4/CVE-2025-32053.patch  |  39 ++++
 .../libsoup/libsoup-2.4/CVE-2025-32907.patch  |  39 ++++
 .../libsoup-2.4/CVE-2025-32910-1.patch        |  79 +------
 .../libsoup-2.4/CVE-2025-32910-2.patch        |  60 +-----
 .../libsoup-2.4/CVE-2025-32912-1.patch        |  20 +-
 .../libsoup/libsoup-2.4_2.74.3.bb             |   4 +-
 .../libsoup-3.4.4/CVE-2025-32053.patch        |  40 ++++
 .../libsoup-3.4.4/CVE-2025-32907-1.patch      | 200 ++++++++++++++++++
 .../libsoup-3.4.4/CVE-2025-32907-2.patch      |  68 ++++++
 .../libsoup-3.4.4/CVE-2025-32908-1.patch      |  89 ++++++++
 .../libsoup-3.4.4/CVE-2025-32908-2.patch      |  53 +++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   7 +-
 49 files changed, 1053 insertions(+), 170 deletions(-)
 rename meta/recipes-core/systemd/{systemd-boot-native_255.18.bb => systemd-boot-native_255.21.bb} (100%)
 rename meta/recipes-core/systemd/{systemd-boot_255.18.bb => systemd-boot_255.21.bb} (100%)
 rename meta/recipes-core/systemd/{systemd_255.18.bb => systemd_v255.21.bb} (100%)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch

-- 
2.43.0

[OE-core][scarthgap 01/12] libsoup: fix CVE-2025-32908

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-3.4.4/CVE-2025-32908-1.patch      | 89 +++++++++++++++++++
 .../libsoup-3.4.4/CVE-2025-32908-2.patch      | 53 +++++++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |  4 +-
 3 files changed, 145 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
new file mode 100644
index 0000000000..8ad0e16d45
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch
@@ -0,0 +1,89 @@
+From 56b8eb061a02c4e99644d6f1e62e601d0d814beb Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 09:59:05 +0200
+Subject: [PATCH 1/2] soup-server-http2: Check validity of the constructed
+ connection URI
+
+The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects
+and returns NULL, but the soup-server did not check the validity and could
+abort the server itself later in the code.
+
+Closes #429
+
+CVE: CVE-2025-32908
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/451/diffs?commit_id=a792b23ab87cacbf4dd9462bf7b675fa678efbae]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../http2/soup-server-message-io-http2.c      |  4 +++
+ tests/http2-test.c                            | 28 +++++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index 943ecfd..f1fe2d5 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,9 +771,13 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
++		if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
++			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
++		if (uri == NULL)
++			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+diff --git a/tests/http2-test.c b/tests/http2-test.c
+index ef097f4..df86d9b 100644
+--- a/tests/http2-test.c
++++ b/tests/http2-test.c
+@@ -1241,6 +1241,30 @@ do_connection_closed_test (Test *test, gconstpointer data)
+         g_uri_unref (uri);
+ }
+ 
++static void
++do_broken_pseudo_header_test (Test *test, gconstpointer data)
++{
++	char *path;
++	SoupMessage *msg;
++	GUri *uri;
++	GBytes *body = NULL;
++	GError *error = NULL;
++
++	uri = g_uri_parse_relative (base_uri, "/ag", SOUP_HTTP_URI_FLAGS, NULL);
++
++	/* an ugly cheat to construct a broken URI, which can be sent from other libs */
++	path = (char *) g_uri_get_path (uri);
++	path[1] = '%';
++
++	msg = soup_message_new_from_uri (SOUP_METHOD_GET, uri);
++	body = soup_test_session_async_send (test->session, msg, NULL, &error);
++	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_PARTIAL_INPUT);
++	g_assert_null (body);
++	g_clear_error (&error);
++	g_object_unref (msg);
++	g_uri_unref (uri);
++}
++
+ static gboolean
+ unpause_message (SoupServerMessage *msg)
+ {
+@@ -1549,6 +1573,10 @@ main (int argc, char **argv)
+                     setup_session,
+                     do_connection_closed_test,
+                     teardown_session);
++        g_test_add ("/http2/broken-pseudo-header", Test, NULL,
++                    setup_session,
++                    do_broken_pseudo_header_test,
++                    teardown_session);
+ 
+ 	ret = g_test_run ();
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch
new file mode 100644
index 0000000000..b53c7efb7b
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch
@@ -0,0 +1,53 @@
+From aad0dcf22ee9fdfefa6b72055268240cceccfe4c Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Mon, 28 Apr 2025 10:55:42 +0200
+Subject: [PATCH 2/2] soup-server-http2: Correct check of the validity of the
+ constructed connection URI
+
+RFC 5740: the CONNECT has unset the "scheme" and "path", thus allow them unset.
+
+The commit a792b23ab87cacbf4dd9462bf7b675fa678efbae also missed to decrement
+the `io->in_callback` in the early returns.
+
+Related to #429
+
+CVE: CVE-2025-32908
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/453/diffs?commit_id=527428a033df573ef4558ce1106e080fd9ec5c71]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ .../server/http2/soup-server-message-io-http2.c   | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c
+index f1fe2d5..913afb4 100644
+--- a/libsoup/server/http2/soup-server-message-io-http2.c
++++ b/libsoup/server/http2/soup-server-message-io-http2.c
+@@ -771,13 +771,18 @@ on_frame_recv_callback (nghttp2_session     *session,
+                 char *uri_string;
+                 GUri *uri;
+ 
+-		if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL)
+-			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+-                uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path);
++                if (msg_io->authority == NULL) {
++                        io->in_callback--;
++                        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                }
++                /* RFC 5740: the CONNECT has unset the "scheme" and "path", but the GUri requires the scheme, thus let it be "(null)" */
++                uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path == NULL ? "" : msg_io->path);
+                 uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL);
+                 g_free (uri_string);
+-		if (uri == NULL)
+-			return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                if (uri == NULL) {
++                        io->in_callback--;
++                        return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
++                }
+                 soup_server_message_set_uri (msg_io->msg, uri);
+                 g_uri_unref (uri);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index 21a1bbe6cd..c19be9b5f4 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -32,7 +32,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32914.patch \
            file://CVE-2025-4476.patch \
            file://CVE-2025-4969.patch \
-          "
+           file://CVE-2025-32908-1.patch \
+           file://CVE-2025-32908-2.patch \
+"
 SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
 
 PROVIDES = "libsoup-3.0"
-- 
2.43.0

[OE-core][scarthgap 02/12] libsoup: fix CVE-2025-32907

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-3.4.4/CVE-2025-32907-1.patch      | 200 ++++++++++++++++++
 .../libsoup-3.4.4/CVE-2025-32907-2.patch      |  68 ++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   2 +
 3 files changed, 270 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
new file mode 100644
index 0000000000..41b7d276a4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
@@ -0,0 +1,200 @@
+From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+
+Closes #428
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ tests/meson.build              |   1 +
+ tests/server-mem-limit-test.c  | 144 +++++++++++++++++++++++++++++++++
+ 3 files changed, 146 insertions(+)
+ create mode 100644 tests/server-mem-limit-test.c
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index ee7a3cb..f101d4b 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+ 			if (cur->start <= prev->end) {
+ 				prev->end = MAX (prev->end, cur->end);
+ 				g_array_remove_index (array, i);
++				i--;
+ 			}
+ 		}
+ 	}
+diff --git a/tests/meson.build b/tests/meson.build
+index ee118a0..8e7b51d 100644
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -102,6 +102,7 @@ tests = [
+   {'name': 'samesite'},
+   {'name': 'session'},
+   {'name': 'server-auth'},
++  {'name': 'server-mem-limit'},
+   {'name': 'server'},
+   {'name': 'sniffing',
+     'depends': [test_resources],
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+new file mode 100644
+index 0000000..98f1c40
+--- /dev/null
++++ b/tests/server-mem-limit-test.c
+@@ -0,0 +1,144 @@
++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
++/*
++ * Copyright (C) 2025 Red Hat <www.redhat.com>
++ */
++
++#include "test-utils.h"
++
++#include <sys/resource.h>
++
++/*
++ This test limits memory usage to trigger too large buffer allocation crash.
++ As restoring the limits back to what it was does not always work, it's split
++ out of the server-test.c test with copied minimal server code.
++ */
++
++typedef struct {
++	SoupServer *server;
++	GUri *base_uri, *ssl_base_uri;
++	GSList *handlers;
++} ServerData;
++
++static void
++server_setup_nohandler (ServerData *sd, gconstpointer test_data)
++{
++	sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
++	sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL);
++	if (tls_available)
++		sd->ssl_base_uri = soup_test_server_get_uri (sd->server, "https", NULL);
++}
++
++static void
++server_add_handler (ServerData         *sd,
++		    const char         *path,
++		    SoupServerCallback  callback,
++		    gpointer            user_data,
++		    GDestroyNotify      destroy)
++{
++	soup_server_add_handler (sd->server, path, callback, user_data, destroy);
++	sd->handlers = g_slist_prepend (sd->handlers, g_strdup (path));
++}
++
++static void
++server_setup (ServerData *sd, gconstpointer test_data)
++{
++	server_setup_nohandler (sd, test_data);
++}
++
++static void
++server_teardown (ServerData *sd, gconstpointer test_data)
++{
++	GSList *iter;
++
++	for (iter = sd->handlers; iter; iter = iter->next)
++		soup_server_remove_handler (sd->server, iter->data);
++	g_slist_free_full (sd->handlers, g_free);
++
++	g_clear_pointer (&sd->server, soup_test_server_quit_unref);
++	g_clear_pointer (&sd->base_uri, g_uri_unref);
++	g_clear_pointer (&sd->ssl_base_uri, g_uri_unref);
++}
++
++static void
++server_file_callback (SoupServer        *server,
++		      SoupServerMessage *msg,
++		      const char        *path,
++		      GHashTable        *query,
++		      gpointer           data)
++{
++	void *mem;
++
++	g_assert_cmpstr (path, ==, "/file");
++	g_assert_cmpstr (soup_server_message_get_method (msg), ==, SOUP_METHOD_GET);
++
++	mem = g_malloc0 (sizeof (char) * 1024 * 1024);
++	/* fedora-scan CI claims a warning about possibly leaked `mem` variable, thus use
++	   the copy and free it explicitly, to workaround the false positive; the g_steal_pointer()
++	   did not help for the malloc-ed memory */
++	soup_server_message_set_response (msg, "application/octet-stream", SOUP_MEMORY_COPY, mem, sizeof (char) * 1024 *1024);
++	soup_server_message_set_status (msg, SOUP_STATUS_OK, NULL);
++	g_free (mem);
++}
++
++static void
++do_ranges_overlaps_test (ServerData *sd, gconstpointer test_data)
++{
++	SoupSession *session;
++	SoupMessage *msg;
++	GString *range;
++	GUri *uri;
++	const char *chunk = ",0,0,0,0,0,0,0,0,0,0,0";
++
++	g_test_bug ("428");
++
++	#ifdef G_OS_WIN32
++	g_test_skip ("Cannot run under windows");
++	return;
++	#endif
++
++	range = g_string_sized_new (99 * 1024);
++	g_string_append (range, "bytes=1024");
++	while (range->len < 99 * 1024)
++		g_string_append (range, chunk);
++
++	session = soup_test_session_new (NULL);
++	server_add_handler (sd, "/file", server_file_callback, NULL, NULL);
++
++	uri = g_uri_parse_relative (sd->base_uri, "/file", SOUP_HTTP_URI_FLAGS, NULL);
++
++	msg = soup_message_new_from_uri ("GET", uri);
++	soup_message_headers_append (soup_message_get_request_headers (msg), "Range", range->str);
++
++	soup_test_session_send_message (session, msg);
++
++	soup_test_assert_message_status (msg, SOUP_STATUS_PARTIAL_CONTENT);
++
++	g_object_unref (msg);
++
++	g_string_free (range, TRUE);
++	g_uri_unref (uri);
++
++	soup_test_session_abort_unref (session);
++}
++
++int
++main (int argc, char **argv)
++{
++	int ret;
++
++	test_init (argc, argv, NULL);
++
++	#ifndef G_OS_WIN32
++	struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
++	/* limit memory usage, to trigger too large memory allocation abort */
++	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
++	#endif
++
++	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
++		    server_setup, do_ranges_overlaps_test, server_teardown);
++
++	ret = g_test_run ();
++
++	test_cleanup ();
++	return ret;
++}
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
new file mode 100644
index 0000000000..9c838a55af
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
@@ -0,0 +1,68 @@
+From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 13 May 2025 14:20:46 +0200
+Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
+ built witha sanitizer
+
+A build with -Db_sanitize=address crashes with failed mmap(), which is done
+inside libasan. The test requires 20.0TB of virtual memory when running with
+the sanitizer, which is beyond unsigned integer limits and may not trigger
+the bug anyway.
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ meson.build                   |  4 ++++
+ tests/server-mem-limit-test.c | 13 +++++++++----
+ 2 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index d4110da..74323ea 100644
+--- a/meson.build
++++ b/meson.build
+@@ -357,6 +357,10 @@ configinc = include_directories('.')
+ 
+ prefix = get_option('prefix')
+ 
++if get_option('b_sanitize') != 'none'
++  cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize'))
++endif
++
+ cdata.set_quoted('PACKAGE_VERSION', soup_version)
+ cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir')))
+ cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name)
+diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
+index 98f1c40..65dc875 100644
+--- a/tests/server-mem-limit-test.c
++++ b/tests/server-mem-limit-test.c
+@@ -126,14 +126,19 @@ main (int argc, char **argv)
+ {
+ 	int ret;
+ 
+-	test_init (argc, argv, NULL);
+-
+-	#ifndef G_OS_WIN32
+-	struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 };
++	/* a build with an address sanitizer may crash on mmap() with the limit,
++	   thus skip the limit set in such case, even it may not necessarily
++	   trigger the bug if it regresses */
++	#if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION)
++	struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL };
+ 	/* limit memory usage, to trigger too large memory allocation abort */
+ 	g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0);
++	#else
++	g_message ("server-mem-limit-test: Running without memory limit");
+ 	#endif
+ 
++	test_init (argc, argv, NULL);
++
+ 	g_test_add ("/server-mem/range-overlaps", ServerData, NULL,
+ 		    server_setup, do_ranges_overlaps_test, server_teardown);
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index c19be9b5f4..687b14d9d6 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -34,6 +34,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-4969.patch \
            file://CVE-2025-32908-1.patch \
            file://CVE-2025-32908-2.patch \
+           file://CVE-2025-32907-1.patch \
+           file://CVE-2025-32907-2.patch \
 "
 SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
 
-- 
2.43.0

[OE-core][scarthgap 03/12] libsoup-2.4: fix CVE-2025-32907

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32907.patch  | 39 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  3 +-
 .../libsoup-3.4.4/CVE-2025-32907-1.patch      | 14 +++----
 .../libsoup-3.4.4/CVE-2025-32907-2.patch      |  6 +--
 4 files changed, 51 insertions(+), 11 deletions(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
new file mode 100644
index 0000000000..41dd3ff3f4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch
@@ -0,0 +1,39 @@
+From 8158b4084dcba2a233dfcb7359c53ab2840148f7 Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Tue, 15 Apr 2025 12:17:39 +0200
+Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
+
+It had been skipping every second range, which generated an array
+of a lot of insane ranges, causing large memory usage by the server.
+
+Closes #428
+
+Part-of: <https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452>
+
+CVE: CVE-2025-32907
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/diffs?commit_id=9bb92f7a685e31e10e9e8221d0342280432ce836]
+
+Test part not applied since test codes use some functions not in this
+version
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-message-headers.c |   1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
+index 78b2455..00b9763 100644
+--- a/libsoup/soup-message-headers.c
++++ b/libsoup/soup-message-headers.c
+@@ -1024,6 +1024,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+ 			if (cur->start <= prev->end) {
+ 				prev->end = MAX (prev->end, cur->end);
+ 				g_array_remove_index (array, i);
++				i--;
+ 			}
+ 		}
+ 	}
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index df97a68b9c..c20069edef 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -32,7 +32,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32912-2.patch \
            file://CVE-2025-32914.patch \
            file://CVE-2025-4969.patch \
-          "
+           file://CVE-2025-32907.patch \
+"
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 
 CVE_PRODUCT = "libsoup"
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
index 41b7d276a4..026a38c39a 100644
--- a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch
@@ -1,4 +1,4 @@
-From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001
+From 4741bc288ece52f5dbaebc568e72ce14da3e2757 Mon Sep 17 00:00:00 2001
 From: Milan Crha <mcrha@redhat.com>
 Date: Tue, 15 Apr 2025 12:17:39 +0200
 Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges
@@ -22,10 +22,10 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
  create mode 100644 tests/server-mem-limit-test.c
 
 diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
-index ee7a3cb..f101d4b 100644
+index 95e2c31..d69d6e8 100644
 --- a/libsoup/soup-message-headers.c
 +++ b/libsoup/soup-message-headers.c
-@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
+@@ -1210,6 +1210,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders  *hdrs,
  			if (cur->start <= prev->end) {
  				prev->end = MAX (prev->end, cur->end);
  				g_array_remove_index (array, i);
@@ -34,17 +34,17 @@ index ee7a3cb..f101d4b 100644
  		}
  	}
 diff --git a/tests/meson.build b/tests/meson.build
-index ee118a0..8e7b51d 100644
+index 9bf88be..7ef7ac5 100644
 --- a/tests/meson.build
 +++ b/tests/meson.build
-@@ -102,6 +102,7 @@ tests = [
+@@ -93,6 +93,7 @@ tests = [
    {'name': 'samesite'},
    {'name': 'session'},
    {'name': 'server-auth'},
 +  {'name': 'server-mem-limit'},
    {'name': 'server'},
-   {'name': 'sniffing',
-     'depends': [test_resources],
+   {'name': 'sniffing'},
+   {'name': 'ssl',
 diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c
 new file mode 100644
 index 0000000..98f1c40
diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
index 9c838a55af..c1b6a1feba 100644
--- a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch
@@ -1,4 +1,4 @@
-From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001
+From 85716d2769b3e1acda024d2c7cbfb68139c5d90b Mon Sep 17 00:00:00 2001
 From: Milan Crha <mcrha@redhat.com>
 Date: Tue, 13 May 2025 14:20:46 +0200
 Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not
@@ -21,10 +21,10 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
  2 files changed, 13 insertions(+), 4 deletions(-)
 
 diff --git a/meson.build b/meson.build
-index d4110da..74323ea 100644
+index 73a9fa0..a9531a4 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -357,6 +357,10 @@ configinc = include_directories('.')
+@@ -374,6 +374,10 @@ configinc = include_directories('.')
  
  prefix = get_option('prefix')
  
-- 
2.43.0

[OE-core][scarthgap 04/12] libsoup-2.4: fix do_compile failure

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Remove test code for fixing do_compile failure:
../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
 1554 |                                       SoupServerMessage *msg,
      |

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-2.4/CVE-2025-32910-1.patch        | 79 +++----------------
 .../libsoup-2.4/CVE-2025-32910-2.patch        | 60 +++-----------
 .../libsoup-2.4/CVE-2025-32912-1.patch        | 20 ++---
 3 files changed, 24 insertions(+), 135 deletions(-)

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
index de4faf5380..847c76c2b7 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch
@@ -8,10 +8,17 @@ Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-tea
 Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe]
 CVE: CVE-2025-32910
 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+Remove test code for fixing do_compile failure of libsoup-2.4, test codes include
+new type added in 3.x version
+../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
+ 1554 |                                       SoupServerMessage *msg,
+      |                                       ^~~~~~~~~~~~~~~~~
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
  libsoup/soup-auth-digest.c |  3 +++
- tests/auth-test.c          | 50 ++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 53 insertions(+)
+ 1 files changed, 3 insertions(+)
 
 diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
 index e8ba990..263a15a 100644
@@ -27,71 +34,3 @@ index e8ba990..263a15a 100644
  	g_free (priv->domain);
  	g_free (priv->nonce);
  	g_free (priv->opaque);
-diff --git a/tests/auth-test.c b/tests/auth-test.c
-index 8295ec3..dfc6b09 100644
---- a/tests/auth-test.c
-+++ b/tests/auth-test.c
-@@ -1549,6 +1549,55 @@ do_cancel_after_retry_test (void)
-         soup_test_session_abort_unref (session);
- }
- 
-+static void
-+on_request_read_for_missing_realm (SoupServer        *server,
-+                                   SoupServerMessage *msg,
-+                                   gpointer           user_data)
-+{
-+        SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
-+        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
-+}
-+
-+static void
-+do_missing_realm_test (void)
-+{
-+        SoupSession *session;
-+        SoupMessage *msg;
-+        SoupServer *server;
-+        SoupAuthDomain *digest_auth_domain;
-+        gint status;
-+        GUri *uri;
-+
-+        server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
-+	soup_server_add_handler (server, NULL,
-+				 server_callback, NULL, NULL);
-+	uri = soup_test_server_get_uri (server, "http", NULL);
-+
-+	digest_auth_domain = soup_auth_domain_digest_new (
-+		"realm", "auth-test",
-+		"auth-callback", server_digest_auth_callback,
-+		NULL);
-+        soup_auth_domain_add_path (digest_auth_domain, "/");
-+	soup_server_add_auth_domain (server, digest_auth_domain);
-+        g_object_unref (digest_auth_domain);
-+
-+        g_signal_connect (server, "request-read",
-+                          G_CALLBACK (on_request_read_for_missing_realm),
-+                          NULL);
-+
-+        session = soup_test_session_new (NULL);
-+        msg = soup_message_new_from_uri ("GET", uri);
-+        g_signal_connect (msg, "authenticate",
-+                          G_CALLBACK (on_digest_authenticate),
-+                          NULL);
-+
-+        status = soup_test_session_send_message (session, msg);
-+
-+        g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED);
-+	g_uri_unref (uri);
-+	soup_test_server_quit_unref (server);
-+}
-+
- int
- main (int argc, char **argv)
- {
-@@ -1576,6 +1625,7 @@ main (int argc, char **argv)
- 	g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
- 	g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
- 	g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
-+        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
- 
- 	ret = g_test_run ();
- 
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
index 0d72afa1d6..a2168177a4 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch
@@ -8,10 +8,17 @@ Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-tea
 Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a]
 CVE: CVE-2025-32910
 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+Remove test code for fixing do_compile failure of libsoup-2.4, test codes include
+new type added in 3.x version
+../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
+ 1554 |                                       SoupServerMessage *msg,
+      |                                       ^~~~~~~~~~~~~~~~~
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
  libsoup/soup-auth-digest.c | 45 +++++++++++++++++++++++++++++++++++----------
- tests/auth-test.c          | 19 +++++++++++--------
- 2 files changed, 46 insertions(+), 18 deletions(-)
+ 1 files changed, 35 insertions(+), 10 deletions(-)
 
 diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
 index 263a15a..393adb6 100644
@@ -97,52 +104,3 @@ index 263a15a..393adb6 100644
  	soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
  					   priv->qop, priv->nonce,
  					   priv->cnonce, priv->nc,
-diff --git a/tests/auth-test.c b/tests/auth-test.c
-index dfc6b09..6fb1e4a 100644
---- a/tests/auth-test.c
-+++ b/tests/auth-test.c
-@@ -1550,16 +1550,17 @@ do_cancel_after_retry_test (void)
- }
- 
- static void
--on_request_read_for_missing_realm (SoupServer        *server,
--                                   SoupServerMessage *msg,
--                                   gpointer           user_data)
-+on_request_read_for_missing_params (SoupServer        *server,
-+                                      SoupServerMessage *msg,
-+                                      gpointer           user_data)
- {
-+        const char *auth_header = user_data;
-         SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg);
--        soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\"");
-+        soup_message_headers_replace (response_headers, "WWW-Authenticate", auth_header);
- }
- 
- static void
--do_missing_realm_test (void)
-+do_missing_params_test (gconstpointer auth_header)
- {
-         SoupSession *session;
-         SoupMessage *msg;
-@@ -1582,8 +1583,8 @@ do_missing_realm_test (void)
-         g_object_unref (digest_auth_domain);
- 
-         g_signal_connect (server, "request-read",
--                          G_CALLBACK (on_request_read_for_missing_realm),
--                          NULL);
-+                          G_CALLBACK (on_request_read_for_missing_params),
-+                          (gpointer)auth_header);
- 
-         session = soup_test_session_new (NULL);
-         msg = soup_message_new_from_uri ("GET", uri);
-@@ -1625,7 +1626,9 @@ main (int argc, char **argv)
- 	g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test);
- 	g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test);
- 	g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test);
--        g_test_add_func ("/auth/missing-realm", do_missing_realm_test);
-+        g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
-+        g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
-+        g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
- 
- 	ret = g_test_run ();
- 
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch
index 2a6f37cb58..906a889c13 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch
@@ -6,10 +6,14 @@ Subject: [PATCH 1/2] auth-digest: Handle missing nonce
 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992]
 CVE: CVE-2025-32912
 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+
+The test codes is based on CVE-2025-32910, test code in CVE-2025-32910
+is removed for fixing do_compile failure. So also remove this test code
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
  libsoup/soup-auth-digest.c | 2 +-
- tests/auth-test.c          | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
+ 1 files changed, 1 insertions(+), 1 deletion(-)
 
 diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
 index a1db188..f0edb81 100644
@@ -24,18 +28,6 @@ index a1db188..f0edb81 100644
                  return FALSE;
  
  	g_free (priv->domain);
-diff --git a/tests/auth-test.c b/tests/auth-test.c
-index 6fb1e4a..343d7a5 100644
---- a/tests/auth-test.c
-+++ b/tests/auth-test.c
-@@ -1629,6 +1629,7 @@ main (int argc, char **argv)
-         g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test);
-         g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test);
-         g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test);
-+	g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test);
- 
- 	ret = g_test_run ();
- 
 -- 
 2.25.1
 
-- 
2.43.0

[OE-core][scarthgap 05/12] libsoup-2.4: fix CVE-2025-32053

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2025-32053.patch  | 39 +++++++++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
new file mode 100644
index 0000000000..0d829d6200
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch
@@ -0,0 +1,39 @@
+From d9bcffd6cd5e8ec32889a594f7348d67a5101b3a Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 12 May 2025 13:58:42 +0800
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+CVE: CVE-2025-32053
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
+index 967ec61..5f2896e 100644
+--- a/libsoup/soup-content-sniffer.c
++++ b/libsoup/soup-content-sniffer.c
+@@ -620,7 +620,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+ 	       (resource[*pos] == '\x0D')) {
+ 		*pos = *pos + 1;
+ 
+-		if (*pos > resource_length)
++		if (*pos >= resource_length)
+ 			return TRUE;
+ 	}
+ 
+@@ -682,7 +682,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
+ 		do {
+ 			pos++;
+ 
+-			if (pos > resource_length)
++			if ((pos + 1) > resource_length)
+ 				goto text_html;
+ 		} while (resource[pos] != '>');
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
index c20069edef..9a2778bf92 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb
@@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32914.patch \
            file://CVE-2025-4969.patch \
            file://CVE-2025-32907.patch \
+           file://CVE-2025-32053.patch \
 "
 SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13"
 
-- 
2.43.0

[OE-core][scarthgap 06/12] libsoup: fix CVE-2025-32053

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/426

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup-3.4.4/CVE-2025-32053.patch        | 40 +++++++++++++++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch

diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch
new file mode 100644
index 0000000000..93fa69e06c
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch
@@ -0,0 +1,40 @@
+From 819dbc0fcf174b8182cdb279f7be15ea1cde649f Mon Sep 17 00:00:00 2001
+From: Ar Jun <pkillarjun@protonmail.com>
+Date: Mon, 18 Nov 2024 14:59:51 -0600
+Subject: [PATCH] Fix heap buffer overflow in
+ soup-content-sniffer.c:sniff_feed_or_html()
+
+CVE: CVE-2025-32053
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libsoup/content-sniffer/soup-content-sniffer.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c
+index 2351c3f..23d5aaa 100644
+--- a/libsoup/content-sniffer/soup-content-sniffer.c
++++ b/libsoup/content-sniffer/soup-content-sniffer.c
+@@ -646,7 +646,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length)
+ 	       (resource[*pos] == '\x0D')) {
+ 		*pos = *pos + 1;
+ 
+-		if (*pos > resource_length)
++		if (*pos >= resource_length)
+ 			return TRUE;
+ 	}
+ 
+@@ -709,7 +709,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer)
+ 		do {
+ 			pos++;
+ 
+-			if (pos > resource_length)
++			if ((pos + 1) > resource_length)
+ 				goto text_html;
+ 		} while (resource[pos] != '>');
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
index 687b14d9d6..ff0ae0afad 100644
--- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb
@@ -36,6 +36,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://CVE-2025-32908-2.patch \
            file://CVE-2025-32907-1.patch \
            file://CVE-2025-32907-2.patch \
+           file://CVE-2025-32053.patch \
 "
 SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa"
 
-- 
2.43.0

[OE-core][scarthgap 07/12] python3-setuptools: Fix CVE-2025-47273

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a
& https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2025-47273-pre1.patch                 | 54 +++++++++++++++++
 .../python3-setuptools/CVE-2025-47273.patch   | 59 +++++++++++++++++++
 .../python/python3-setuptools_69.1.1.bb       |  2 +
 3 files changed, 115 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch

diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
new file mode 100644
index 0000000000..72bcaea435
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
@@ -0,0 +1,54 @@
+From d8390feaa99091d1ba9626bec0e4ba7072fc507a Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Sat, 19 Apr 2025 12:49:55 -0400
+Subject: [PATCH] Extract _resolve_download_filename with test.
+
+Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a]
+CVE: CVE-2025-47273 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ setuptools/package_index.py | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 00a972d..d460fcb 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -815,9 +815,16 @@ class PackageIndex(Environment):
+             else:
+                 raise DistutilsError("Download error for %s: %s" % (url, v)) from v
+ 
+-    def _download_url(self, url, tmpdir):
+-        # Determine download filename
+-        #
++    @staticmethod
++    def _resolve_download_filename(url, tmpdir):
++        """
++        >>> du = PackageIndex._resolve_download_filename
++        >>> root = getfixture('tmp_path')
++        >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz'
++        >>> import pathlib
++        >>> str(pathlib.Path(du(url, root)).relative_to(root))
++        'setuptools-78.1.0.tar.gz'
++        """
+         name, fragment = egg_info_for_url(url)
+         if name:
+             while '..' in name:
+@@ -828,8 +835,13 @@ class PackageIndex(Environment):
+         if name.endswith('.egg.zip'):
+             name = name[:-4]  # strip the extra .zip before download
+ 
+-        filename = os.path.join(tmpdir, name)
++        return os.path.join(tmpdir, name)
+ 
++    def _download_url(self, url, tmpdir):
++        """
++        Determine the download filename.
++        """
++        filename = self._resolve_download_filename(url, tmpdir)
+         return self._download_vcs(url, filename) or self._download_other(url, filename)
+ 
+     @staticmethod
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
new file mode 100644
index 0000000000..be6617e0f6
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
@@ -0,0 +1,59 @@
+From 250a6d17978f9f6ac3ac887091f2d32886fbbb0b Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs" <jaraco@jaraco.com>
+Date: Sat, 19 Apr 2025 13:03:47 -0400
+Subject: [PATCH] Add a check to ensure the name resolves relative to the
+ tmpdir.
+
+Closes #4946
+
+Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b]
+CVE: CVE-2025-47273
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ setuptools/package_index.py | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index d460fcb..6c7874d 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -818,12 +818,20 @@ class PackageIndex(Environment):
+     @staticmethod
+     def _resolve_download_filename(url, tmpdir):
+         """
++        >>> import pathlib
+         >>> du = PackageIndex._resolve_download_filename
+         >>> root = getfixture('tmp_path')
+         >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz'
+-        >>> import pathlib
+         >>> str(pathlib.Path(du(url, root)).relative_to(root))
+         'setuptools-78.1.0.tar.gz'
++
++        Ensures the target is always in tmpdir.
++
++        >>> url = 'https://anyhost/%2fhome%2fuser%2f.ssh%2fauthorized_keys'
++        >>> du(url, root)
++        Traceback (most recent call last):
++        ...
++        ValueError: Invalid filename...
+         """
+         name, fragment = egg_info_for_url(url)
+         if name:
+@@ -835,7 +843,13 @@ class PackageIndex(Environment):
+         if name.endswith('.egg.zip'):
+             name = name[:-4]  # strip the extra .zip before download
+ 
+-        return os.path.join(tmpdir, name)
++        filename = os.path.join(tmpdir, name)
++
++        # ensure path resolves within the tmpdir
++        if not filename.startswith(str(tmpdir)):
++            raise ValueError(f"Invalid filename {filename}")
++
++        return filename
+ 
+     def _download_url(self, url, tmpdir):
+         """
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
index 7663101f23..46b2f0ab00 100644
--- a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb
@@ -13,6 +13,8 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e
 SRC_URI += " \
             file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \
             file://CVE-2024-6345.patch \
+            file://CVE-2025-47273-pre1.patch \
+            file://CVE-2025-47273.patch \
 "
 
 SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8"
-- 
2.43.0

[OE-core][scarthgap 08/12] binutils: Fix CVE-2025-5245

[Steve Sakoman]

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

PR32829, SEGV on objdump function debug_type_samep
u.kenum is always non-NULL, see debug_make_enum_type.

Backport a patch from upstream to fix CVE-2025-5245
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.42.inc                |  1 +
 .../binutils/0022-CVE-2025-5245.patch         | 38 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 16db8bc05e..c6fec579ae 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -51,5 +51,6 @@ SRC_URI = "\
      file://0021-CVE-2025-1153-3.patch \
      file://CVE-2025-1179-pre.patch \
      file://CVE-2025-1179.patch \
+     file://0022-CVE-2025-5245.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch
new file mode 100644
index 0000000000..d4b7d55966
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch
@@ -0,0 +1,38 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 1 Apr 2025 22:36:54 +1030
+
+PR32829, SEGV on objdump function debug_type_samep
+u.kenum is always non-NULL, see debug_make_enum_type.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]
+CVE: CVE-2025-5245
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/debug.c b/binutils/debug.c
+index dcc8ccde..465b18e7 100644
+--- a/binutils/debug.c
++++ b/binutils/debug.c
+@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info,
+     case DEBUG_KIND_UNION_CLASS:
+       return debug_write_class_type (info, fns, fhandle, type, tag);
+     case DEBUG_KIND_ENUM:
+-      if (type->u.kenum == NULL)
+-	return (*fns->enum_type) (fhandle, tag, (const char **) NULL,
+-				  (bfd_signed_vma *) NULL);
+       return (*fns->enum_type) (fhandle, tag, type->u.kenum->names,
+ 				type->u.kenum->values);
+     case DEBUG_KIND_POINTER:
+@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1,
+       break;
+ 
+     case DEBUG_KIND_ENUM:
+-      if (t1->u.kenum == NULL)
+-	ret = t2->u.kenum == NULL;
+-      else if (t2->u.kenum == NULL)
++      if (t1->u.kenum->names == NULL)
++	ret = t2->u.kenum->names == NULL;
++      else if (t2->u.kenum->names == NULL)
+ 	ret = false;
+       else
+ 	{
-- 
2.43.0

[OE-core][scarthgap 09/12] binutils: Fix CVE-2025-5244

[Steve Sakoman]

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

PR32858 ld segfault on fuzzed object
We missed one place where it is necessary to check for empty groups.

Backport a patch from upstream to fix CVE-2025-5244
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.42.inc                |  1 +
 .../binutils/0022-CVE-2025-5244.patch         | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index c6fec579ae..ea018a48a3 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -52,5 +52,6 @@ SRC_URI = "\
      file://CVE-2025-1179-pre.patch \
      file://CVE-2025-1179.patch \
      file://0022-CVE-2025-5245.patch \
+     file://0022-CVE-2025-5244.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch
new file mode 100644
index 0000000000..e8855a4b4b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch
@@ -0,0 +1,25 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 10 Apr 2025 19:41:49 +0930
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5]
+CVE: CVE-2025-5244
+
+PR32858 ld segfault on fuzzed object
+We missed one place where it is necessary to check for empty groups.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index a76e8e38da7..549b7b7dd92 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info)
+ 	  if (o->flags & SEC_GROUP)
+ 	    {
+ 	      asection *first = elf_next_in_group (o);
+-	      o->gc_mark = first->gc_mark;
++	      if (first != NULL)
++		o->gc_mark = first->gc_mark;
+ 	    }
+ 
+ 	  if (o->gc_mark)
-- 
2.43.0

[OE-core][scarthgap 10/12] screen: fix CVE-2025-46802

[Steve Sakoman]

From: Divya Chellam <divya.chellam@windriver.com>

For a short time they PTY is set to mode 666, allowing any user on the
system to connect to the screen session.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-46802

Upstream-patch:
https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../screen/screen/CVE-2025-46802.patch        | 146 ++++++++++++++++++
 meta/recipes-extended/screen/screen_4.9.1.bb  |   1 +
 2 files changed, 147 insertions(+)
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch

diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46802.patch b/meta/recipes-extended/screen/screen/CVE-2025-46802.patch
new file mode 100644
index 0000000000..e46affc480
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2025-46802.patch
@@ -0,0 +1,146 @@
+From 049b26b22e197ba3be9c46e5c193032e01a4724a Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Mon, 12 May 2025 15:15:38 +0200
+Subject: [PATCH] fix CVE-2025-46802: attacher.c - prevent temporary 0666 mode
+ on PTYs
+
+This temporary chmod of the PTY to mode 0666 is most likely a remnant of
+past times, before the PTY file descriptor was passed to the target
+session via the UNIX domain socket.
+
+This chmod() causes a race condition during which any other user in the
+system can open the PTY for reading and writing, and thus allows PTY
+hijacking.
+
+Simply remove this logic completely.
+
+CVE: CVE-2025-46802
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ attacher.c | 27 ---------------------------
+ screen.c   | 19 -------------------
+ 2 files changed, 46 deletions(-)
+
+diff --git a/attacher.c b/attacher.c
+index c35ae7a..16b151e 100644
+--- a/attacher.c
++++ b/attacher.c
+@@ -73,7 +73,6 @@ extern int MasterPid, attach_fd;
+ #ifdef MULTIUSER
+ extern char *multi;
+ extern int multiattach, multi_uid, own_uid;
+-extern int tty_mode, tty_oldmode;
+ # ifndef USE_SETEUID
+ static int multipipe[2];
+ # endif
+@@ -160,9 +159,6 @@ int how;
+ 
+       if (pipe(multipipe))
+ 	Panic(errno, "pipe");
+-      if (chmod(attach_tty, 0666))
+-	Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = tty_mode;
+       eff_uid = -1;	/* make UserContext fork */
+       real_uid = multi_uid;
+       if ((ret = UserContext()) <= 0)
+@@ -174,11 +170,6 @@ int how;
+ 	    Panic(errno, "UserContext");
+ 	  close(multipipe[1]);
+ 	  read(multipipe[0], &dummy, 1);
+-	  if (tty_oldmode >= 0)
+-	    {
+-	      chmod(attach_tty, tty_oldmode);
+-	      tty_oldmode = -1;
+-	    }
+ 	  ret = UserStatus();
+ #ifdef LOCK
+ 	  if (ret == SIG_LOCK)
+@@ -224,9 +215,6 @@ int how;
+       xseteuid(multi_uid);
+       xseteuid(own_uid);
+ #endif
+-      if (chmod(attach_tty, 0666))
+-	Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = tty_mode;
+     }
+ # endif /* USE_SETEUID */
+ #endif /* MULTIUSER */
+@@ -423,13 +411,6 @@ int how;
+       ContinuePlease = 0;
+ # ifndef USE_SETEUID
+       close(multipipe[1]);
+-# else
+-      xseteuid(own_uid);
+-      if (tty_oldmode >= 0)
+-        if (chmod(attach_tty, tty_oldmode))
+-          Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = -1;
+-      xseteuid(real_uid);
+ # endif
+     }
+ #endif
+@@ -505,14 +486,6 @@ AttacherFinit SIGDEFARG
+ 	  close(s);
+ 	}
+     }
+-#ifdef MULTIUSER
+-  if (tty_oldmode >= 0)
+-    {
+-      if (setuid(own_uid))
+-        Panic(errno, "setuid");
+-      chmod(attach_tty, tty_oldmode);
+-    }
+-#endif
+   exit(0);
+   SIGRETURN;
+ }
+diff --git a/screen.c b/screen.c
+index 7653cd1..1a23e1a 100644
+--- a/screen.c
++++ b/screen.c
+@@ -230,8 +230,6 @@ char *multi_home;
+ int multi_uid;
+ int own_uid;
+ int multiattach;
+-int tty_mode;
+-int tty_oldmode = -1;
+ #endif
+ 
+ char HostName[MAXSTR];
+@@ -1009,9 +1007,6 @@ int main(int ac, char** av)
+ 
+     /* ttyname implies isatty */
+     SetTtyname(true, &st);
+-#ifdef MULTIUSER
+-    tty_mode = (int)st.st_mode & 0777;
+-#endif
+ 
+     fl = fcntl(0, F_GETFL, 0);
+     if (fl != -1 && (fl & (O_RDWR|O_RDONLY|O_WRONLY)) == O_RDWR)
+@@ -2170,20 +2165,6 @@ DEFINE_VARARGS_FN(Panic)
+       if (D_userpid)
+         Kill(D_userpid, SIG_BYE);
+     }
+-#ifdef MULTIUSER
+-  if (tty_oldmode >= 0) {
+-
+-# ifdef USE_SETEUID
+-    if (setuid(own_uid))
+-      xseteuid(own_uid);	/* may be a loop. sigh. */
+-# else
+-      setuid(own_uid);
+-# endif
+-
+-    debug1("Panic: changing back modes from %s\n", attach_tty);
+-    chmod(attach_tty, tty_oldmode);
+-  }
+-#endif
+   eexit(1);
+ }
+ 
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/screen/screen_4.9.1.bb b/meta/recipes-extended/screen/screen_4.9.1.bb
index 96f8021255..bc4928ff77 100644
--- a/meta/recipes-extended/screen/screen_4.9.1.bb
+++ b/meta/recipes-extended/screen/screen_4.9.1.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            file://0001-fix-for-multijob-build.patch \
            file://0001-Remove-more-compatibility-stuff.patch \
            file://CVE-2025-46805.patch \
+           file://CVE-2025-46802.patch \
            "
 
 SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
-- 
2.43.0

[OE-core][scarthgap 11/12] screen: fix CVE-2025-46804

[Steve Sakoman]

From: Divya Chellam <divya.chellam@windriver.com>

A minor information leak when running Screen with setuid-root
privileges allosw unprivileged users to deduce information
about a path that would otherwise not be available.

Affected are older Screen versions, as well as version 5.0.0.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-46804

Upstream-patch:
https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../screen/screen/CVE-2025-46804.patch        | 131 ++++++++++++++++++
 meta/recipes-extended/screen/screen_4.9.1.bb  |   1 +
 2 files changed, 132 insertions(+)
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch

diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46804.patch b/meta/recipes-extended/screen/screen/CVE-2025-46804.patch
new file mode 100644
index 0000000000..918c2c5ce9
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2025-46804.patch
@@ -0,0 +1,131 @@
+From e0eef5aac453fa98a2664416a56c50ad1d00cb30 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Mon, 12 May 2025 15:26:11 +0200
+Subject: [PATCH] fix CVE-2025-46804: avoid file existence test information 
+ leaks
+
+In setuid-root context the current error messages give away whether
+certain paths not accessible by the real user exist and what type they
+have. To prevent this only output generic error messages in setuid-root
+context.
+
+In some situations, when an error is pertaining a directory and the
+directory is owner by the real user then we can still output more
+detailed diagnostics.
+
+This change can lead to less helpful error messages when Screen is
+install setuid-root. More complex changes would be needed to avoid this
+(e.g.  only open the `SocketPath` with raised privileges when
+multi-attach is requested).
+
+There might still be lingering some code paths that allow such
+information leaks, since `SocketPath` is a global variable that is used
+across the code base. The majority of issues should be caught with this
+fix, however.
+
+CVE: CVE-2025-46804
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ screen.c | 45 ++++++++++++++++++++++++++++++++++-----------
+ socket.c |  9 +++++++--
+ 2 files changed, 41 insertions(+), 13 deletions(-)
+
+diff --git a/screen.c b/screen.c
+index 1a23e1a..6eec151 100644
+--- a/screen.c
++++ b/screen.c
+@@ -1122,15 +1122,28 @@ int main(int ac, char** av)
+ #endif
+   }
+ 
+-  if (stat(SockPath, &st) == -1)
+-    Panic(errno, "Cannot access %s", SockPath);
+-  else
+-    if (!S_ISDIR(st.st_mode))
++  if (stat(SockPath, &st) == -1) {
++    if (eff_uid == real_uid) {
++      Panic(errno, "Cannot access %s", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  } else if (!S_ISDIR(st.st_mode)) {
++    if (eff_uid == real_uid || st.st_uid == real_uid) {
+       Panic(0, "%s is not a directory.", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  }
+ #ifdef MULTIUSER
+   if (multi) {
+-    if ((int)st.st_uid != multi_uid)
+-      Panic(0, "%s is not the owner of %s.", multi, SockPath);
++    if ((int)st.st_uid != multi_uid) {
++      if (eff_uid == real_uid || st.st_uid == real_uid) {
++        Panic(0, "%s is not the owner of %s.", multi, SockPath);
++      } else {
++        Panic(0, "Error accessing %s", SockPath);
++      }
++    }
+   }
+   else
+ #endif
+@@ -1144,9 +1157,13 @@ int main(int ac, char** av)
+       Panic(0, "You are not the owner of %s.", SockPath);
+ #endif
+   }
+-
+-  if ((st.st_mode & 0777) != 0700)
+-    Panic(0, "Directory %s must have mode 700.", SockPath);
++  if ((st.st_mode & 0777) != 0700) {
++    if (eff_uid == real_uid || st.st_uid == real_uid) {
++      Panic(0, "Directory %s must have mode 700.", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  }
+   if (SockMatch && index(SockMatch, '/'))
+     Panic(0, "Bad session name '%s'", SockMatch);
+   SockName = SockPath + strlen(SockPath) + 1;
+@@ -1184,8 +1201,14 @@ int main(int ac, char** av)
+       else
+         exit(9 + (fo || oth ? 1 : 0) + fo);
+     }
+-    if (fo == 0)
+-      Panic(0, "No Sockets found in %s.\n", SockPath);
++    if (fo == 0) {
++      if (eff_uid == real_uid || st.st_uid == real_uid) {
++        Panic(0, "No Sockets found in %s.\n", SockPath);
++      } else {
++        Panic(0, "Error accessing %s", SockPath);
++      }
++    }
++
+     Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SockPath);
+     eexit(0);
+   }
+diff --git a/socket.c b/socket.c
+index 54d8cb8..6c3502f 100644
+--- a/socket.c
++++ b/socket.c
+@@ -169,8 +169,13 @@ bool *is_sock;
+   xsetegid(real_gid);
+ #endif
+ 
+-  if ((dirp = opendir(SockPath)) == 0)
+-    Panic(errno, "Cannot opendir %s", SockPath);
++  if ((dirp = opendir(SockPath)) == 0) {
++    if (eff_uid == real_uid) {
++      Panic(errno, "Cannot opendir %s", SockPath);
++    } else {
++      Panic(0, "Error accessing %s", SockPath);
++    }
++  }
+ 
+   slist = 0;
+   slisttail = &slist;
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/screen/screen_4.9.1.bb b/meta/recipes-extended/screen/screen_4.9.1.bb
index bc4928ff77..706351a593 100644
--- a/meta/recipes-extended/screen/screen_4.9.1.bb
+++ b/meta/recipes-extended/screen/screen_4.9.1.bb
@@ -23,6 +23,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            file://0001-Remove-more-compatibility-stuff.patch \
            file://CVE-2025-46805.patch \
            file://CVE-2025-46802.patch \
+           file://CVE-2025-46804.patch \
            "
 
 SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
-- 
2.43.0

[OE-core][scarthgap 12/12] systemd: upgrade 255.18 -> 255.21

[Steve Sakoman]

From: Guðni Már Gilbert <gudni.m.g@gmail.com>

The update includes 79 commits. Full list of changes can be found on
Github [1]

All patches were refreshed with devtool.

[1] https://github.com/systemd/systemd-stable/compare/v255.18...v255.21

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-native_255.18.bb => systemd-boot-native_255.21.bb} |  0
 .../{systemd-boot_255.18.bb => systemd-boot_255.21.bb} |  0
 meta/recipes-core/systemd/systemd.inc                  |  2 +-
 .../0001-missing_type.h-add-comparison_fn_t.patch      |  2 +-
 ...d-fallback-parse_printf_format-implementation.patch |  2 +-
 ...Don-t-install-dependency-links-at-install-tim.patch |  2 +-
 ...rc-basic-missing.h-check-for-missing-strndupa.patch | 10 +++++-----
 ...ail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |  2 +-
 .../0005-add-missing-FTW_-macros-for-musl.patch        |  2 +-
 .../0006-Use-uintmax_t-for-handling-rlim_t.patch       |  2 +-
 ...-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |  2 +-
 ...glibc-compatible-basename-for-non-glibc-syste.patch |  2 +-
 .../0008-implment-systemd-sysv-install-for-OE.patch    |  2 +-
 ...disable-buffering-when-writing-to-oom_score_a.patch |  2 +-
 ...uish-XSI-compliant-strerror_r-from-GNU-specif.patch |  2 +-
 ...-avoid-redefinition-of-prctl_mm_map-structure.patch |  2 +-
 .../0012-do-not-disable-buffer-in-writing-files.patch  |  8 ++++----
 .../systemd/systemd/0013-Handle-__cpu_mask-usage.patch |  2 +-
 .../systemd/systemd/0014-Handle-missing-gshadow.patch  |  2 +-
 ...ng_syscall.h-Define-MIPS-ABI-defines-for-musl.patch |  2 +-
 .../0016-pass-correct-parameters-to-getdents64.patch   |  2 +-
 .../systemd/systemd/0017-Adjust-for-musl-headers.patch |  2 +-
 ...s-error-strerror-is-assumed-to-be-GNU-specifi.patch |  2 +-
 ...19-errno-util-Make-STRERROR-portable-for-musl.patch |  2 +-
 ...d-event-Make-malloc_trim-conditional-on-glibc.patch |  2 +-
 .../0021-shared-Do-not-use-malloc_info-on-musl.patch   |  2 +-
 .../0022-avoid-missing-LOCK_EX-declaration.patch       |  4 ++--
 .../systemd/{systemd_255.18.bb => systemd_v255.21.bb}  |  0
 28 files changed, 33 insertions(+), 33 deletions(-)
 rename meta/recipes-core/systemd/{systemd-boot-native_255.18.bb => systemd-boot-native_255.21.bb} (100%)
 rename meta/recipes-core/systemd/{systemd-boot_255.18.bb => systemd-boot_255.21.bb} (100%)
 rename meta/recipes-core/systemd/{systemd_255.18.bb => systemd_v255.21.bb} (100%)

diff --git a/meta/recipes-core/systemd/systemd-boot-native_255.18.bb b/meta/recipes-core/systemd/systemd-boot-native_255.21.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd-boot-native_255.18.bb
rename to meta/recipes-core/systemd/systemd-boot-native_255.21.bb
diff --git a/meta/recipes-core/systemd/systemd-boot_255.18.bb b/meta/recipes-core/systemd/systemd-boot_255.21.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd-boot_255.18.bb
rename to meta/recipes-core/systemd/systemd-boot_255.21.bb
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 8e134d8c86..28392b6b09 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
                     file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
 
-SRCREV = "20415d357fb0e253df7444019a47674fac4ed1d6"
+SRCREV = "70500d37992a01d3275b1c414c3ed161d6f91f9e"
 SRCBRANCH = "v255-stable"
 SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}"
 
diff --git a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
index d2ffdd8de4..22f0468460 100644
--- a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
+++ b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch
@@ -1,4 +1,4 @@
-From 7bbb54406dd77c358eab9df08b100ee85e176052 Mon Sep 17 00:00:00 2001
+From b270af4c086d254758fdcd1d294b15a555a4b3ea Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 13:55:12 +0800
 Subject: [PATCH] missing_type.h: add comparison_fn_t
diff --git a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
index df9e978e55..6cce960299 100644
--- a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
+++ b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch
@@ -1,4 +1,4 @@
-From d0b08484a6c3113b6209d8f8e1dc1186a6427b99 Mon Sep 17 00:00:00 2001
+From 0660aea3d7c8058d73c9f7b2971f4daf35dd7a32 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Sat, 22 May 2021 20:26:24 +0200
 Subject: [PATCH] add fallback parse_printf_format implementation
diff --git a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
index 784f0898c0..4472dda2e8 100644
--- a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
+++ b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch
@@ -1,4 +1,4 @@
-From 7e4fae68909ce4932e073dd060e22581edc39ad2 Mon Sep 17 00:00:00 2001
+From edc39fe19419120f70341cd50d4d097a514ac9cb Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 21 Feb 2019 16:23:24 +0800
 Subject: [PATCH] binfmt: Don't install dependency links at install time for
diff --git a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
index e46b4386aa..715a0c7ec8 100644
--- a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,4 +1,4 @@
-From ca0b48676132744b78d99ee3ec2d33f11bb73c28 Mon Sep 17 00:00:00 2001
+From c728a728cd54c372162f5447aa94921efb0c35f0 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:18:21 +0800
 Subject: [PATCH] src/basic/missing.h: check for missing strndupa
@@ -280,7 +280,7 @@ index b3baf03afc..7404784a01 100644
  
  BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve);
 diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
-index 2d05ba7e1d..61a7de0037 100644
+index 71b07a6ec1..174a94e8a0 100644
 --- a/src/core/dbus-execute.c
 +++ b/src/core/dbus-execute.c
 @@ -42,6 +42,7 @@
@@ -352,7 +352,7 @@ index 7e0c98cb7d..978a7f5874 100644
  #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL)           /* 1 MiB */
  #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL)   /* 4 GiB */
 diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
-index 016f3baa7f..b1def81313 100644
+index e7caf510ba..79b252cad7 100644
 --- a/src/fstab-generator/fstab-generator.c
 +++ b/src/fstab-generator/fstab-generator.c
 @@ -37,6 +37,7 @@
@@ -424,7 +424,7 @@ index 5ade8e99aa..7553cf319d 100644
  #define SNDBUF_SIZE (8*1024*1024)
  
 diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
-index 8befc97460..6ee4d4f595 100644
+index b32cd6c6a0..cc484454e0 100644
 --- a/src/libsystemd/sd-bus/sd-bus.c
 +++ b/src/libsystemd/sd-bus/sd-bus.c
 @@ -46,6 +46,7 @@
@@ -616,7 +616,7 @@ index 0a31be382f..92d629e7e0 100644
  /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */
  #define PRINT_LINE_THRESHOLD 3
 diff --git a/src/shared/pager.c b/src/shared/pager.c
-index 19deefab56..6b6d0af1a0 100644
+index 41dd7bffdc..9ca45d8b91 100644
 --- a/src/shared/pager.c
 +++ b/src/shared/pager.c
 @@ -25,6 +25,7 @@
diff --git a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index 43ba526792..19eaf9170d 100644
--- a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,4 +1,4 @@
-From 3ea9cc03431c93c86cf0ca63ad04219af221a2d0 Mon Sep 17 00:00:00 2001
+From 674232187bf337c31a6528b4d241eafeb27ac85e Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 14:56:21 +0800
 Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
diff --git a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
index c25ccde9e2..dbd94d473d 100644
--- a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch
@@ -1,4 +1,4 @@
-From 885a6880ad1b687e3fbf1b9f35e218bee1fcc835 Mon Sep 17 00:00:00 2001
+From cdaafa37983753d309d2b37f8262e71f95798e52 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:00:06 +0800
 Subject: [PATCH] add missing FTW_ macros for musl
diff --git a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
index 13c155745a..09ffbcb70a 100644
--- a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,4 +1,4 @@
-From 646c3ced29922065eed64ac9b23af8276e989608 Mon Sep 17 00:00:00 2001
+From 8c33fe6338c448dca8533b9d3f9933e2794bda61 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:12:41 +0800
 Subject: [PATCH] Use uintmax_t for handling rlim_t
diff --git a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index 55405c5d0b..563f033b0d 100644
--- a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,4 +1,4 @@
-From f772369a2519b378c09bb89bd48c3743a62404e3 Mon Sep 17 00:00:00 2001
+From 68ab3364c0fe1073bba3adf02add7108de80a17c Mon Sep 17 00:00:00 2001
 From: Andre McCurdy <armccurdy@gmail.com>
 Date: Tue, 10 Oct 2017 14:33:30 -0700
 Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
diff --git a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index 6005b621ee..cc9f7771be 100644
--- a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,4 +1,4 @@
-From 45b1226ddbd981798e0448da41ddc4901e246b45 Mon Sep 17 00:00:00 2001
+From 6dd1aa50da27c07530a434218b5a7a384d0c6747 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sun, 27 May 2018 08:36:44 -0700
 Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
diff --git a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
index d43eaeff7a..21faa10a95 100644
--- a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
+++ b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch
@@ -1,4 +1,4 @@
-From abca5814cb0b5b98a1e7af829cc166e76c524f1a Mon Sep 17 00:00:00 2001
+From 8da2b10dcbf423f791db79b7dfcc6cfaf8e26f8b Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 5 Sep 2015 06:31:47 +0000
 Subject: [PATCH] implment systemd-sysv-install for OE
diff --git a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index 3e557b764f..66aa8551ac 100644
--- a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,4 +1,4 @@
-From 8d61cecff3ba0687ad2c10aacb7d2aee7cb3fa79 Mon Sep 17 00:00:00 2001
+From ed33f139195794477ac854214022034db306f42d Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Wed, 4 Jul 2018 15:00:44 +0800
 Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
diff --git a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index d4b67d15f4..66fab46128 100644
--- a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,4 +1,4 @@
-From 2180b639665bd314905ef058dee9a5e4a534333e Mon Sep 17 00:00:00 2001
+From ef261a0122ff5a4340897c9afe1fae04d14eb0dd Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Tue, 10 Jul 2018 15:40:17 +0800
 Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
diff --git a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
index ad8888895f..1ad9a302ff 100644
--- a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,4 +1,4 @@
-From 3b1639c7052d9d574dd05d268364e7919b6f2580 Mon Sep 17 00:00:00 2001
+From 8b76e1f027d73e26cfc8e13bd49f43197dbb9004 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Mon, 25 Feb 2019 15:44:54 +0800
 Subject: [PATCH] avoid redefinition of prctl_mm_map structure
diff --git a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
index f0eafd6fea..3ff247debb 100644
--- a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
+++ b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch
@@ -1,4 +1,4 @@
-From c1a375d93edbfaf3f64bec88c75cfcf436d4ba05 Mon Sep 17 00:00:00 2001
+From 9686b8c52bd9e532ebe687dd31352d884873e0a4 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Fri, 1 Mar 2019 15:22:15 +0800
 Subject: [PATCH] do not disable buffer in writing files
@@ -188,10 +188,10 @@ index d21f3f79ff..258607cc7e 100644
                          log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m");
                  else
 diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 61539afdbf..77e2b35daf 100644
+index d398655b0a..9558f38a72 100644
 --- a/src/core/cgroup.c
 +++ b/src/core/cgroup.c
-@@ -4581,7 +4581,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
+@@ -4589,7 +4589,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) {
                          u->freezer_state = FREEZER_THAWING;
          }
  
@@ -201,7 +201,7 @@ index 61539afdbf..77e2b35daf 100644
                  return r;
  
 diff --git a/src/core/main.c b/src/core/main.c
-index 8373a156cb..33e866942c 100644
+index 364dc895d1..d28ec42030 100644
 --- a/src/core/main.c
 +++ b/src/core/main.c
 @@ -1683,7 +1683,7 @@ static void initialize_core_pattern(bool skip_setup) {
diff --git a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
index 5427671553..a92d4db101 100644
--- a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
+++ b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch
@@ -1,4 +1,4 @@
-From b10a273f5e26536068a90f961c2a7a6c6528083b Mon Sep 17 00:00:00 2001
+From 385fbcc3cec50b995299e25f913d9683ddf51174 Mon Sep 17 00:00:00 2001
 From: Scott Murray <scott.murray@konsulko.com>
 Date: Fri, 13 Sep 2019 19:26:27 -0400
 Subject: [PATCH] Handle __cpu_mask usage
diff --git a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
index 679b42ff95..f84f289c2f 100644
--- a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
+++ b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch
@@ -1,4 +1,4 @@
-From c55dd0f9e1ea05749d0a54082daa69729ee946af Mon Sep 17 00:00:00 2001
+From bc62e5e507cc3f10fde7d35d16059a06a78757b6 Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Tue, 10 Mar 2020 11:05:20 +0000
 Subject: [PATCH] Handle missing gshadow
diff --git a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index 2bd683785d..c1297f27dd 100644
--- a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,4 +1,4 @@
-From 4733cb758285ec7f63e834894aa8f09d9bc77ad5 Mon Sep 17 00:00:00 2001
+From 79f2f3e90229f4812d93c6965cb67385642dfcc4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 12 Apr 2021 23:44:53 -0700
 Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
diff --git a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
index 3e359d976a..d932d7cc76 100644
--- a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
+++ b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch
@@ -1,4 +1,4 @@
-From 1118d270cf2cd7c6cb99eb40ab42c3d07b20476c Mon Sep 17 00:00:00 2001
+From a8e07d87adfeb1c72c6eaf5402db465a78e08ee6 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 21 Jan 2022 15:15:11 -0800
 Subject: [PATCH] pass correct parameters to getdents64
diff --git a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
index 6ae6cdfe54..6a2dcc355d 100644
--- a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
+++ b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch
@@ -1,4 +1,4 @@
-From ab78d7938e732125012f8276e357e8f6d4a51476 Mon Sep 17 00:00:00 2001
+From 5da745dc6f60f6fac65371a60eee7cecaf575eae Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 21 Jan 2022 22:19:37 -0800
 Subject: [PATCH] Adjust for musl headers
diff --git a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
index 5d74d08201..89ef33c156 100644
--- a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
+++ b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch
@@ -1,4 +1,4 @@
-From 20cf3569dff21f5c4e46855c3956606fa0141710 Mon Sep 17 00:00:00 2001
+From 1c5c9714a2a9bc651687bf2c583019c52ed93ac4 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Tue, 8 Nov 2022 13:31:34 -0800
 Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific
diff --git a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
index a20e21ee08..7911add5ea 100644
--- a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch
@@ -1,4 +1,4 @@
-From 5e3e71f93adf5bdbfd470bcd93320dab314dc3ef Mon Sep 17 00:00:00 2001
+From 43f56ac05ff4b9c7774b6f580612f2a7896a4885 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 23 Jan 2023 23:39:46 -0800
 Subject: [PATCH] errno-util: Make STRERROR portable for musl
diff --git a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
index bdcff34f2c..be0a0da013 100644
--- a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
+++ b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch
@@ -1,4 +1,4 @@
-From 18201d3350b443c79cc85274f3944bf64de33da0 Mon Sep 17 00:00:00 2001
+From cda1cc94bd81c8ff9135255895a414fb938e2c79 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 2 Aug 2023 12:06:27 -0700
 Subject: [PATCH] sd-event: Make malloc_trim() conditional on glibc
diff --git a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
index 451511be16..9aa08e59cd 100644
--- a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch
@@ -1,4 +1,4 @@
-From 96c3d0d3a2359dd248685c2ede876d66c3faa3f9 Mon Sep 17 00:00:00 2001
+From 2913e608d6e91c8037d698534f72970b4c365d8f Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 2 Aug 2023 12:20:40 -0700
 Subject: [PATCH] shared: Do not use malloc_info on musl
diff --git a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
index cd22adf0e5..e0a342355f 100644
--- a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
+++ b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch
@@ -1,4 +1,4 @@
-From f3bc7816d9cca9963a2737857763ee76e300a232 Mon Sep 17 00:00:00 2001
+From 9d151b5bb3105fb21d55a301def3d97b5a314580 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Tue, 2 Jan 2024 11:03:27 +0800
 Subject: [PATCH] avoid missing LOCK_EX declaration
@@ -15,7 +15,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  2 files changed, 2 insertions(+)
 
 diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
-index 22bc8d10c1..9bced8f420 100644
+index 9d27280ed0..569311422d 100644
 --- a/src/core/exec-invoke.c
 +++ b/src/core/exec-invoke.c
 @@ -5,6 +5,7 @@
diff --git a/meta/recipes-core/systemd/systemd_255.18.bb b/meta/recipes-core/systemd/systemd_v255.21.bb
similarity index 100%
rename from meta/recipes-core/systemd/systemd_255.18.bb
rename to meta/recipes-core/systemd/systemd_v255.21.bb
-- 
2.43.0

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tursday, July 10

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1980

The following changes since commit 15881f41f8c00c5f0a68628c2d49ca1aa1999c2e:

  xwayland: fix CVE-2025-49180 (2025-07-03 09:04:44 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Bruce Ashfield (3):
  linux-yocto/6.6: update to v6.6.93
  linux-yocto/6.6: update to v6.6.94
  linux-yocto/6.6: update to v6.6.96

Changqing Li (4):
  icu: fix CVE-2025-5222
  libsoup-2.4: refresh CVE-2025-4969.patch
  libsoup-2.4: fix CVE-2025-4945
  libsoup: fix CVE-2025-4945

Guocai He (1):
  minicom: correct the SRC_URI

Hitendra Prajapati (1):
  libxml2: fix CVE-2025-6021

Vijay Anusuri (1):
  sudo: Fix CVE-2025-32462

Virendra Thakur (1):
  curl: set conditional CVE_STATUS for CVE-2025-5025

Yogita Urade (1):
  python3-urllib3: fix CVE-2025-50181

 .../libxml/libxml2/CVE-2025-6021.patch        |  56 ++++
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |   1 +
 .../python3-urllib3/CVE-2025-50181.patch      | 283 ++++++++++++++++++
 .../python/python3-urllib3_2.2.2.bb           |   4 +
 meta/recipes-extended/minicom/minicom_2.9.bb  |   2 +-
 .../sudo/files/CVE-2025-32462.patch           |  42 +++
 meta/recipes-extended/sudo/sudo_1.9.15p5.bb   |   1 +
 .../linux/linux-yocto-rt_6.6.bb               |   6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  |  28 +-
 meta/recipes-support/curl/curl_8.7.1.bb       |   2 +
 .../icu/icu/CVE-2025-5222.patch               | 166 ++++++++++
 meta/recipes-support/icu/icu_74-2.bb          |   1 +
 .../libsoup/libsoup-2.4/CVE-2025-4945.patch   | 117 ++++++++
 .../libsoup/libsoup-2.4/CVE-2025-4969.patch   |  54 +---
 .../libsoup/libsoup-2.4_2.74.3.bb             |   1 +
 .../libsoup/libsoup-3.4.4/CVE-2025-4945.patch | 118 ++++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   1 +
 18 files changed, 826 insertions(+), 63 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch
 create mode 100644 meta/recipes-extended/sudo/files/CVE-2025-32462.patch
 create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4945.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4945.patch

-- 
2.43.0

[OE-core][scarthgap 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, July 18

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2032

The following changes since commit 7a59dc5ee6edd9596e87c2fbcd1f2594c06b3d1b:

  build-appliance-image: Update to scarthgap head revision (2025-07-11 08:14:46 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (1):
  gdk-pixbuf: fix CVE-2025-7345

Deepesh Varatharajan (1):
  binutils: stable 2.42 branch updates

Hitendra Prajapati (1):
  libxml2: fix CVE-2025-49794 & CVE-2025-49796

Joe Slater (1):
  oe-debuginfod: add option for data storage

Michal Seben (1):
  timedated: wait for jobs before SetNTP response

Peter Marko (3):
  python3: update CVE product
  busybox: apply patch for CVE-2023-39810
  iputils: patch CVE-2025-48964

Praveen Kumar (1):
  sudo: upgrade 1.9.15p5 -> 1.9.17p1

Steve Sakoman (1):
  Revert "sudo: Fix CVE-2025-32462"

Vijay Anusuri (1):
  git: Upgrade 2.44.3 -> 2.44.4

Yi Zhao (1):
  kea: set correct permissions for /var/run/kea

 .../kea/files/kea-dhcp-ddns.service           |   1 +
 .../kea/files/kea-dhcp4.service               |   1 +
 .../kea/files/kea-dhcp6.service               |   1 +
 .../busybox/busybox/CVE-2023-39810.patch      | 136 +++++++++++++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |   1 +
 .../CVE-2025-49794-CVE-2025-49796.patch       | 186 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |   1 +
 ...d-on-org.freedesktop.timedate1.SetNT.patch |  97 +++++++++
 meta/recipes-core/systemd/systemd_255.21.bb   |   1 +
 .../binutils/binutils-2.42.inc                |   2 +-
 .../git/{git_2.44.3.bb => git_2.44.4.bb}      |   2 +-
 .../python/python3_3.12.11.bb                 |   2 +-
 .../iputils/iputils/CVE-2025-48964.patch      |  99 ++++++++++
 .../iputils/iputils_20240117.bb               |   1 +
 ...o.conf.in-fix-conflict-with-multilib.patch |   7 +-
 .../sudo/files/CVE-2025-32462.patch           |  42 ----
 meta/recipes-extended/sudo/sudo.inc           |   2 +-
 .../{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb}    |  55 +++++-
 .../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch |  55 ++++++
 .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb          |   1 +
 scripts/oe-debuginfod                         |  17 +-
 21 files changed, 657 insertions(+), 53 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794-CVE-2025-49796.patch
 create mode 100644 meta/recipes-core/systemd/systemd/0003-timedated-Respond-on-org.freedesktop.timedate1.SetNT.patch
 rename meta/recipes-devtools/git/{git_2.44.3.bb => git_2.44.4.bb} (98%)
 create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
 delete mode 100644 meta/recipes-extended/sudo/files/CVE-2025-32462.patch
 rename meta/recipes-extended/sudo/{sudo_1.9.15p5.bb => sudo_1.9.17p1.bb} (52%)
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch

-- 
2.43.0