[OE-core][scarthgap 0/8] Patch review

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, January 24

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/869

The following changes since commit 660e00469f9c99fe733cc8b37f67438a96ff2e97:

  libgfortran: fix buildpath QA issue (2025-01-21 12:33:25 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (6):
  rsync: fix CVE-2024-12084
  rsync: fix CVE-2024-12085
  rsync: fix CVE-2024-12086
  rsync: fix CVE-2024-12087
  rsync: fix CVE-2024-12088
  rsync: fix CVE-2024-12747

Harish Sadineni (1):
  rust-target-config: Fix TARGET_C_INT_WIDTH with correct size

Jiaying Song (1):
  boost: fix do_fetch error

 .../classes-recipe/rust-target-config.bbclass |  10 +-
 .../rsync/files/CVE-2024-12084-0001.patch     | 156 ++++++++++++++
 .../rsync/files/CVE-2024-12084-0002.patch     |  43 ++++
 .../rsync/files/CVE-2024-12085.patch          |  32 +++
 .../rsync/files/CVE-2024-12086-0001.patch     |  42 ++++
 .../rsync/files/CVE-2024-12086-0002.patch     | 108 ++++++++++
 .../rsync/files/CVE-2024-12086-0003.patch     | 108 ++++++++++
 .../rsync/files/CVE-2024-12086-0004.patch     |  41 ++++
 .../rsync/files/CVE-2024-12087-0001.patch     |  49 +++++
 .../rsync/files/CVE-2024-12087-0002.patch     |  31 +++
 .../rsync/files/CVE-2024-12087-0003.patch     |  40 ++++
 .../rsync/files/CVE-2024-12088.patch          | 141 +++++++++++++
 .../rsync/files/CVE-2024-12747.patch          | 192 ++++++++++++++++++
 meta/recipes-devtools/rsync/rsync_3.2.7.bb    |  12 ++
 meta/recipes-support/boost/boost-1.84.0.inc   |   2 +-
 15 files changed, 1001 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12088.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12747.patch

-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, April 15

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1386

Note: there was a failure during oe-selftest-fedora cve_check which is related to NFS issues on the autobuilder infrastructure and not this patch set

The following changes since commit 4003b5faa1e5acfa025e1d0df4e021e06cf8724c:

  mc: set ac_cv_path_ZIP to avoid buildpaths QA issues (2025-04-01 08:10:07 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (2):
  go: fix CVE-2025-22870
  ghostscript: upgrade 10.04.0 -> 10.05.0

Changqing Li (1):
  patch.py: set commituser and commitemail for addNote

Hitendra Prajapati (1):
  go: fix CVE-2025-22871

Peter Marko (4):
  ofono: patch CVE-2024-7537
  cve-update-nvd2-native: add workaround for json5 style list
  xz: upgrade 5.4.6 -> 5.4.7
  xz: patch CVE-2025-31115

 meta/lib/oe/patch.py                          |  14 +-
 .../ofono/ofono/CVE-2024-7537.patch           |  59 ++++++
 meta/recipes-connectivity/ofono/ofono_2.4.bb  |   1 +
 .../meta/cve-update-nvd2-native.bb            |   5 +
 meta/recipes-devtools/go/go-1.22.12.inc       |   2 +
 .../go/go/CVE-2025-22870.patch                |  80 ++++++++
 .../go/go/CVE-2025-22871.patch                | 172 ++++++++++++++++++
 ...ript_10.04.0.bb => ghostscript_10.05.0.bb} |   2 +-
 .../xz/xz/CVE-2025-31115-01.patch             |  29 +++
 .../xz/xz/CVE-2025-31115-02.patch             | 152 ++++++++++++++++
 .../xz/xz/CVE-2025-31115-03.patch             |  98 ++++++++++
 .../xz/xz/CVE-2025-31115-04.patch             |  56 ++++++
 .../xz/{xz_5.4.6.bb => xz_5.4.7.bb}           |   8 +-
 13 files changed, 669 insertions(+), 9 deletions(-)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-22870.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-22871.patch
 rename meta/recipes-extended/ghostscript/{ghostscript_10.04.0.bb => ghostscript_10.05.0.bb} (97%)
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch
 rename meta/recipes-extended/xz/{xz_5.4.6.bb => xz_5.4.7.bb} (89%)

-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, May 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1557

The following changes since commit 45c50169fa7e34349acf3e24fc19e573cbab4e65:

  bluez5: backport a patch to fix btmgmt -i (2025-05-06 09:01:45 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Haixiao Yan (1):
  glibc: Add single-threaded fast path to rand()

Praveen Kumar (1):
  connman :fix CVE-2025-32743

Vijay Anusuri (6):
  libsoup-2.4: Fix CVE-2024-52530
  libsoup-2.4: Fix CVE-2024-52531
  libsoup-2.4: Fix CVE-2024-52532
  libsoup-2.4: Fix CVE-2025-32906
  libsoup-2.4: Fix CVE-2025-32909
  libsoup: Fix CVE-2025-32914

 .../connman/connman/CVE-2025-32743.patch      |  48 ++++++
 .../connman/connman_1.42.bb                   |   1 +
 ...dd-single-threaded-fast-path-to-rand.patch |  47 ++++++
 meta/recipes-core/glibc/glibc_2.39.bb         |   1 +
 .../libsoup/libsoup-2.4/CVE-2024-52530.patch  | 149 ++++++++++++++++++
 .../libsoup-2.4/CVE-2024-52531-1.patch        | 131 +++++++++++++++
 .../libsoup-2.4/CVE-2024-52531-2.patch        |  36 +++++
 .../libsoup-2.4/CVE-2024-52532-1.patch        |  36 +++++
 .../libsoup-2.4/CVE-2024-52532-2.patch        |  42 +++++
 .../libsoup-2.4/CVE-2024-52532-3.patch        |  46 ++++++
 .../libsoup-2.4/CVE-2025-32906-1.patch        |  61 +++++++
 .../libsoup-2.4/CVE-2025-32906-2.patch        |  83 ++++++++++
 .../libsoup/libsoup-2.4/CVE-2025-32909.patch  |  36 +++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |  12 +-
 .../libsoup-3.4.4/CVE-2025-32914.patch        | 111 +++++++++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   1 +
 16 files changed, 840 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52531-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32914.patch

-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, June 19

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1820

The following changes since commit f7ee6db8ca5dc72b7a468531e31403b60e6a0020:

  testimage: get real os-release file (2025-06-09 08:06:42 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.10

Colin Pinnell McAllister (1):
  ffmpeg: fix CVE-2025-1373

Deepesh Varatharajan (1):
  gcc: Upgrade to GCC 13.4

Jiaying Song (1):
  python3-requests: upgrade 2.32.3 -> 2.32.4

Peter Marko (1):
  net-tools: patch CVE-2025-46836

Poonam Jadhav (1):
  libpng: Add ptest

Sandeep Gundlupet Raju (1):
  tune-cortexr52: Remove aarch64 for ARM Cortex-R52

Savvas Etairidis (1):
  systemd: Rename systemd_v255.21 to systemd_255.21

 meta/conf/distro/include/maintainers.inc      |   2 +-
 .../distro/include/ptest-packagelists.inc     |   1 +
 .../include/arm/armv8r/tune-cortexr52.inc     |   5 +-
 .../{systemd_v255.21.bb => systemd_255.21.bb} |   0
 .../gcc/{gcc-13.3.inc => gcc-13.4.inc}        |   8 +-
 ...ian_13.3.bb => gcc-cross-canadian_13.4.bb} |   0
 .../{gcc-cross_13.3.bb => gcc-cross_13.4.bb}  |   0
 ...-crosssdk_13.3.bb => gcc-crosssdk_13.4.bb} |   0
 ...cc-runtime_13.3.bb => gcc-runtime_13.4.bb} |   0
 ...itizers_13.3.bb => gcc-sanitizers_13.4.bb} |   0
 ...{gcc-source_13.3.bb => gcc-source_13.4.bb} |   0
 ...ix-c-tweak-for-Wrange-loop-construct.patch | 113 ----
 ...4fffe3fc82a710bea66ad651720d71c938b8.patch | 549 ------------------
 .../gcc/{gcc_13.3.bb => gcc_13.4.bb}          |   0
 ...initial_13.3.bb => libgcc-initial_13.4.bb} |   0
 .../gcc/{libgcc_13.3.bb => libgcc_13.4.bb}    |   0
 ...ibgfortran_13.3.bb => libgfortran_13.4.bb} |   0
 ...s_2.32.3.bb => python3-requests_2.32.4.bb} |   2 +-
 .../net-tools/CVE-2025-46836-01.patch         |  91 +++
 .../net-tools/CVE-2025-46836-02.patch         |  31 +
 .../net-tools/net-tools_2.10.bb               |   2 +
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb |   4 +
 .../recipes-multimedia/libpng/files/run-ptest |   7 +
 .../libpng/libpng_1.6.42.bb                   |  42 +-
 scripts/install-buildtools                    |   4 +-
 25 files changed, 185 insertions(+), 676 deletions(-)
 rename meta/recipes-core/systemd/{systemd_v255.21.bb => systemd_255.21.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-13.3.inc => gcc-13.4.inc} (94%)
 rename meta/recipes-devtools/gcc/{gcc-cross-canadian_13.3.bb => gcc-cross-canadian_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-cross_13.3.bb => gcc-cross_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-crosssdk_13.3.bb => gcc-crosssdk_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-runtime_13.3.bb => gcc-runtime_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-sanitizers_13.3.bb => gcc-sanitizers_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{gcc-source_13.3.bb => gcc-source_13.4.bb} (100%)
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0028-gcc-Fix-c-tweak-for-Wrange-loop-construct.patch
 delete mode 100644 meta/recipes-devtools/gcc/gcc/gcc.git-ab884fffe3fc82a710bea66ad651720d71c938b8.patch
 rename meta/recipes-devtools/gcc/{gcc_13.3.bb => gcc_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc-initial_13.3.bb => libgcc-initial_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgcc_13.3.bb => libgcc_13.4.bb} (100%)
 rename meta/recipes-devtools/gcc/{libgfortran_13.3.bb => libgfortran_13.4.bb} (100%)
 rename meta/recipes-devtools/python/{python3-requests_2.32.3.bb => python3-requests_2.32.4.bb} (91%)
 create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-01.patch
 create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836-02.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/run-ptest

-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, Spetember 19

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2395

The following changes since commit baa5e7ea5f37f54c2a00080798ad7fb4c0664f69:

  pulseaudio: Add audio group explicitly (2025-09-02 09:27:13 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Divya Chellam (1):
  wpa-supplicant: fix CVE-2022-37660

Haixiao Yan (1):
  buildtools-tarball: fix unbound variable issues under 'set -u'

Jinfeng Wang (1):
  systemtap: Fix task_work_cancel build

Libo Chen (1):
  runqemu: fix special characters bug

Martin Jansa (1):
  license.py: avoid deprecated ast.Str

Ross Burton (1):
  grub2: fix CVE-2024-56738

Vijay Anusuri (2):
  cups: upgrade 2.4.10 -> 2.4.11
  cups: Fix for CVE-2025-58060 and CVE-2025-58364

 meta/lib/oe/license.py                        |   4 +-
 .../grub/files/CVE-2024-56738.patch           |  75 ++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 .../openssl/files/environment.d-openssl.sh    |  24 +-
 .../wpa-supplicant/CVE-2022-37660-0001.patch  | 254 +++++
 .../wpa-supplicant/CVE-2022-37660-0002.patch  | 139 +++
 .../wpa-supplicant/CVE-2022-37660-0003.patch  | 196 ++++
 .../wpa-supplicant/CVE-2022-37660-0004.patch  | 941 ++++++++++++++++++
 .../wpa-supplicant/CVE-2022-37660-0005.patch  | 144 +++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   5 +
 .../git/git/environment.d-git.sh              |   8 +-
 .../environment.d-python3-requests.sh         |   4 +-
 meta/recipes-extended/cups/cups.inc           |   9 +-
 .../cups/0001-use-echo-only-in-init.patch     |   2 +-
 ...-don-t-try-to-run-generated-binaries.patch |   2 +-
 ...-fix-multilib-install-file-conflicts.patch |   6 +-
 .../cups/cups/CVE-2024-47175-1.patch          |  73 --
 .../cups/cups/CVE-2024-47175-2.patch          | 151 ---
 .../cups/cups/CVE-2024-47175-3.patch          | 119 ---
 .../cups/cups/CVE-2024-47175-4.patch          | 249 -----
 .../cups/cups/CVE-2024-47175-5.patch          |  40 -
 .../cups/cups/CVE-2025-58060.patch            |  60 ++
 .../cups/cups/CVE-2025-58364.patch            |  61 ++
 .../cups/cups/libexecdir.patch                |   5 +-
 .../cups/{cups_2.4.10.bb => cups_2.4.11.bb}   |   2 +-
 ...sk_work-compatible-with-6.11-kernels.patch | 103 ++
 .../recipes-kernel/systemtap/systemtap_git.bb |   1 +
 .../curl/curl/environment.d-curl.sh           |   8 +-
 scripts/runqemu                               |   7 +-
 29 files changed, 2019 insertions(+), 674 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0001.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0002.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0003.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0004.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2022-37660-0005.patch
 delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
 delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
 delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
 delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
 delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58060.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58364.patch
 rename meta/recipes-extended/cups/{cups_2.4.10.bb => cups_2.4.11.bb} (51%)
 create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-Make-stp_task_work-compatible-with-6.11-kernels.patch

-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, October 7

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2495

The following changes since commit 55e0c38dc28b73fa689446e2d5e564d235a24084:

  vim: upgrade 9.1.1652 -> 9.1.1683 (2025-09-29 13:04:14 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adrian Freihofer (2):
  expect: Revert "expect-native: fix do_compile failure with gcc-14"
  expect: fix native build with GCC 15

Khem Raj (1):
  expect: Fix build with GCC 15

Ross Burton (3):
  expect: update code for Tcl channel implementation
  expect: don't run aclocal in do_configure
  expect: cleanup do_install

Vijay Anusuri (1):
  gstreamer1.0-plugins-bad: Fix CVE-2025-3887

Yogita Urade (1):
  tiff: fix CVE-2025-9900

 .../expect/expect/tcl840.patch                | 27 ++++++
 meta/recipes-devtools/expect/expect_5.45.4.bb | 18 ++--
 .../CVE-2025-3887-1.patch                     | 50 ++++++++++
 .../CVE-2025-3887-2.patch                     | 95 +++++++++++++++++++
 .../gstreamer1.0-plugins-bad_1.22.12.bb       |  2 +
 .../libtiff/tiff/CVE-2025-9900.patch          | 54 +++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |  1 +
 7 files changed, 237 insertions(+), 10 deletions(-)
 create mode 100644 meta/recipes-devtools/expect/expect/tcl840.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch

-- 
2.43.0

[OE-core][scarthgap 1/8] tiff: fix CVE-2025-9900

[Steve Sakoman]

From: Yogita Urade <yogita.urade@windriver.com>

A flaw was found in Libtiff. This vulnerability is a "write-what-where"
condition, triggered when the library processes a specially crafted TIFF
image file.[EOL][EOL]By providing an abnormally large image height value
in the file's metadata, an attacker can trick the library into writing
attacker-controlled color data to an arbitrary memory location. This
memory corruption can be exploited to cause a denial of service (application
crash) or to achieve arbitrary code execution with the permissions of the user.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9900

Upstream patch:
https://gitlab.com/libtiff/libtiff/-/commit/3e0dcf0ec651638b2bd849b2e6f3124b36890d99

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/tiff/CVE-2025-9900.patch          | 54 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |  1 +
 2 files changed, 55 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch
new file mode 100644
index 0000000000..97858163e2
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch
@@ -0,0 +1,54 @@
+From 3e0dcf0ec651638b2bd849b2e6f3124b36890d99 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Wed, 11 Jun 2025 19:45:19 +0000
+Subject: [PATCH] tif_getimage.c: Fix buffer underflow crash for less raster
+ rows at TIFFReadRGBAImageOriented()
+
+CVE: CVE-2025-9900
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/3e0dcf0ec651638b2bd849b2e6f3124b36890d99]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ libtiff/tif_getimage.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index 3c9fc4f..fc8b22e 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -600,6 +600,22 @@ int TIFFRGBAImageGet(TIFFRGBAImage *img, uint32_t *raster, uint32_t w,
+             "No \"put\" routine setupl; probably can not handle image format");
+         return (0);
+     }
++    /* Verify raster width and height against image width and height. */
++    if (h > img->height)
++    {
++        /* Adapt parameters to read only available lines and put image at
++         * the bottom of the raster. */
++        raster += (size_t)(h - img->height) * w;
++        h = img->height;
++    }
++    if (w > img->width)
++    {
++        TIFFWarningExtR(img->tif, TIFFFileName(img->tif),
++                        "Raster width of %d shall not be larger than image "
++                        "width of %d -> raster width adapted for reading",
++                        w, img->width);
++        w = img->width;
++    }
+     return (*img->get)(img, raster, w, h);
+ }
+
+@@ -617,9 +633,7 @@ int TIFFReadRGBAImageOriented(TIFF *tif, uint32_t rwidth, uint32_t rheight,
+     if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(&img, tif, stop, emsg))
+     {
+         img.req_orientation = (uint16_t)orientation;
+-        /* XXX verify rwidth and rheight against width and height */
+-        ok = TIFFRGBAImageGet(&img, raster + (rheight - img.height) * rwidth,
+-                              rwidth, img.height);
++        ok = TIFFRGBAImageGet(&img, raster, rwidth, rheight);
+         TIFFRGBAImageEnd(&img);
+     }
+     else
+--
+2.40.0
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 6bf7010ba2..1d3d08ff9d 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-52355-0002.patch \
            file://CVE-2023-52356.patch \
            file://CVE-2024-7006.patch \
+           file://CVE-2025-9900.patch \
            "
 
 SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a"
-- 
2.43.0

[OE-core][scarthgap 2/8] gstreamer1.0-plugins-bad: Fix CVE-2025-3887

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5463f0e09768ca90aa8c58357c1f4c645db580db
& https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bcaab3609805ea10fb3d9ac0c9d947b4c3563948

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2025-3887-1.patch                     | 50 ++++++++++
 .../CVE-2025-3887-2.patch                     | 95 +++++++++++++++++++
 .../gstreamer1.0-plugins-bad_1.22.12.bb       |  2 +
 3 files changed, 147 insertions(+)
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
new file mode 100644
index 0000000000..3508f62409
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
@@ -0,0 +1,50 @@
+From 5463f0e09768ca90aa8c58357c1f4c645db580db Mon Sep 17 00:00:00 2001
+From: Seungha Yang <seungha@centricular.com>
+Date: Sat, 15 Mar 2025 22:39:44 +0900
+Subject: [PATCH] h265parser: Fix max_dec_pic_buffering_minus1 bound check
+
+Allowed max value is MaxDpbSize - 1
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8885>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5463f0e09768ca90aa8c58357c1f4c645db580db]
+CVE: CVE-2025-3887
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gst-libs/gst/codecparsers/gsth265parser.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/gst-libs/gst/codecparsers/gsth265parser.c b/gst-libs/gst/codecparsers/gsth265parser.c
+index 44b7237..5d5a2db 100644
+--- a/gst-libs/gst/codecparsers/gsth265parser.c
++++ b/gst-libs/gst/codecparsers/gsth265parser.c
+@@ -72,6 +72,8 @@
+ #include <string.h>
+ #include <math.h>
+ 
++#define MAX_DPB_SIZE 16
++
+ #ifndef GST_DISABLE_GST_DEBUG
+ #define GST_CAT_DEFAULT gst_h265_debug_category_get()
+ static GstDebugCategory *
+@@ -1861,7 +1863,7 @@ gst_h265_parse_vps (GstH265NalUnit * nalu, GstH265VPS * vps)
+   for (i =
+       (vps->sub_layer_ordering_info_present_flag ? 0 :
+           vps->max_sub_layers_minus1); i <= vps->max_sub_layers_minus1; i++) {
+-    READ_UE_MAX (&nr, vps->max_dec_pic_buffering_minus1[i], G_MAXUINT32 - 1);
++    READ_UE_MAX (&nr, vps->max_dec_pic_buffering_minus1[i], MAX_DPB_SIZE - 1);
+     READ_UE_MAX (&nr, vps->max_num_reorder_pics[i],
+         vps->max_dec_pic_buffering_minus1[i]);
+     READ_UE_MAX (&nr, vps->max_latency_increase_plus1[i], G_MAXUINT32 - 1);
+@@ -2048,7 +2050,7 @@ gst_h265_parse_sps (GstH265Parser * parser, GstH265NalUnit * nalu,
+   for (i =
+       (sps->sub_layer_ordering_info_present_flag ? 0 :
+           sps->max_sub_layers_minus1); i <= sps->max_sub_layers_minus1; i++) {
+-    READ_UE_MAX (&nr, sps->max_dec_pic_buffering_minus1[i], 16);
++    READ_UE_MAX (&nr, sps->max_dec_pic_buffering_minus1[i], MAX_DPB_SIZE - 1);
+     READ_UE_MAX (&nr, sps->max_num_reorder_pics[i],
+         sps->max_dec_pic_buffering_minus1[i]);
+     READ_UE_MAX (&nr, sps->max_latency_increase_plus1[i], G_MAXUINT32 - 1);
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
new file mode 100644
index 0000000000..be663c2530
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
@@ -0,0 +1,95 @@
+From bcaab3609805ea10fb3d9ac0c9d947b4c3563948 Mon Sep 17 00:00:00 2001
+From: Seungha Yang <seungha@centricular.com>
+Date: Sat, 15 Mar 2025 23:48:52 +0900
+Subject: [PATCH] h265parser: Fix num_long_term_pics bound check
+
+As defined in the spec 7.4.7.1, calculates allowed maximum
+value of num_long_term_pics
+
+Fixes ZDI-CAN-26596
+
+Fixes: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4285
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8885>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bcaab3609805ea10fb3d9ac0c9d947b4c3563948]
+CVE: CVE-2025-3887
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gst-libs/gst/codecparsers/gsth265parser.c | 40 +++++++++++++++++++++--
+ 1 file changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/gst-libs/gst/codecparsers/gsth265parser.c b/gst-libs/gst/codecparsers/gsth265parser.c
+index 5d5a2db..abcc05d 100644
+--- a/gst-libs/gst/codecparsers/gsth265parser.c
++++ b/gst-libs/gst/codecparsers/gsth265parser.c
+@@ -2779,6 +2779,8 @@ gst_h265_parser_parse_slice_hdr (GstH265Parser * parser,
+       READ_UINT8 (&nr, slice->colour_plane_id, 2);
+ 
+     if (!GST_H265_IS_NAL_TYPE_IDR (nalu->type)) {
++      const GstH265ShortTermRefPicSet *ref_pic_sets = NULL;
++
+       READ_UINT16 (&nr, slice->pic_order_cnt_lsb,
+           (sps->log2_max_pic_order_cnt_lsb_minus4 + 4));
+ 
+@@ -2795,23 +2797,55 @@ gst_h265_parser_parse_slice_hdr (GstH265Parser * parser,
+         slice->short_term_ref_pic_set_size =
+             (nal_reader_get_pos (&nr) - pos) -
+             (8 * (nal_reader_get_epb_count (&nr) - epb_pos));
++
++	ref_pic_sets = &slice->short_term_ref_pic_sets;
+       } else if (sps->num_short_term_ref_pic_sets > 1) {
+         const guint n = ceil_log2 (sps->num_short_term_ref_pic_sets);
+         READ_UINT8 (&nr, slice->short_term_ref_pic_set_idx, n);
+         CHECK_ALLOWED_MAX (slice->short_term_ref_pic_set_idx,
+             sps->num_short_term_ref_pic_sets - 1);
++	ref_pic_sets =
++	    &sps->short_term_ref_pic_set[slice->short_term_ref_pic_set_idx];
++      } else {
++	ref_pic_sets = &sps->short_term_ref_pic_set[0];
+       }
+ 
+       if (sps->long_term_ref_pics_present_flag) {
+         guint32 limit;
+         guint pos = nal_reader_get_pos (&nr);
+         guint epb_pos = nal_reader_get_epb_count (&nr);
++	gint max_num_long_term_pics = 0;
++	gint TwoVersionsOfCurrDecPicFlag = 0;
+ 
+-        if (sps->num_long_term_ref_pics_sps > 0)
++        if (sps->num_long_term_ref_pics_sps > 0) {
+           READ_UE_MAX (&nr, slice->num_long_term_sps,
+               sps->num_long_term_ref_pics_sps);
+-
+-        READ_UE_MAX (&nr, slice->num_long_term_pics, 16);
++	}
++
++	/* 7.4.3.3.3 */
++	if (pps->pps_scc_extension_flag &&
++	    pps->pps_scc_extension_params.pps_curr_pic_ref_enabled_flag &&
++	    (sps->sample_adaptive_offset_enabled_flag ||
++	        !pps->deblocking_filter_disabled_flag ||
++		pps->deblocking_filter_override_enabled_flag)) {
++	  TwoVersionsOfCurrDecPicFlag = 1;
++	}
++
++	/* Calculated upper bound num_long_term_pics can have. 7.4.7.1 */
++	max_num_long_term_pics =
++	    /* sps_max_dec_pic_buffering_minus1[TemporalId], allowed max is
++	     * MaxDpbSize - 1 */
++	    MAX_DPB_SIZE - 1
++	    - (gint) slice->num_long_term_sps
++	    - (gint) ref_pic_sets->NumNegativePics
++	    - (gint) ref_pic_sets->NumPositivePics -
++	    TwoVersionsOfCurrDecPicFlag;
++	if (max_num_long_term_pics < 0) {
++	  GST_WARNING ("Invalid stream, too many reference pictures");
++	  goto error;
++	}
++
++        READ_UE_MAX (&nr, slice->num_long_term_pics, max_num_long_term_pics);
+         limit = slice->num_long_term_sps + slice->num_long_term_pics;
+         for (i = 0; i < limit; i++) {
+           if (i < slice->num_long_term_sps) {
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb
index 01c95ac85f..e4fa2a412f 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.22.12.bb
@@ -9,6 +9,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
            file://0001-fix-maybe-uninitialized-warnings-when-compiling-with.patch \
            file://0002-avoid-including-sys-poll.h-directly.patch \
            file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
+           file://CVE-2025-3887-1.patch \
+           file://CVE-2025-3887-2.patch \
            "
 SRC_URI[sha256sum] = "388b4c4412f42e36a38b17cc34119bc11879bd4d9fbd4ff6d03b2c7fc6b4d494"
 
-- 
2.43.0

[OE-core][scarthgap 3/8] expect: Revert "expect-native: fix do_compile failure with gcc-14"

[Steve Sakoman]

From: Adrian Freihofer <adrian.freihofer@siemens.com>

In the meantime there is a cleaner fix on the master branch and we also
need to back-port more patches to support gcc-15 as well.

This reverts commit 8bfdb53247c917559e7813c2e1bd2f6eb13c811d which is
not in the master branch as a preparation for cherry-picking the newer
fixes from there.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/expect/expect_5.45.4.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb
index 158e7af030..174b35ec73 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -85,4 +85,4 @@ BBCLASSEXTEND = "native nativesdk"
 
 # http://errors.yoctoproject.org/Errors/Details/766950/
 # expect5.45.4/exp_chan.c:62:5: error: initialization of 'struct Tcl_ChannelTypeVersion_ *' from incompatible pointer type 'int (*)(void *, int)' [-Wincompatible-pointer-types]
-CFLAGS:append = " -Wno-error=incompatible-pointer-types"
+CFLAGS += "-Wno-error=incompatible-pointer-types"
-- 
2.43.0

[OE-core][scarthgap 4/8] expect: update code for Tcl channel implementation

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

Tcl 8.4.0 changed the channel implementation, take a patch submitted
upstream to update the code for the new interface and remove the silencing
of the incompatible assignment error which was due to this issue.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expect/expect/tcl840.patch                | 27 +++++++++++++++++++
 meta/recipes-devtools/expect/expect_5.45.4.bb |  5 +---
 2 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-devtools/expect/expect/tcl840.patch

diff --git a/meta/recipes-devtools/expect/expect/tcl840.patch b/meta/recipes-devtools/expect/expect/tcl840.patch
new file mode 100644
index 0000000000..8c7b0e7a7f
--- /dev/null
+++ b/meta/recipes-devtools/expect/expect/tcl840.patch
@@ -0,0 +1,27 @@
+Adjustments for compatibility with the currrent (Tcl 8.4.0+) channel
+implementation.
+
+Upstream-Status: Submitted [https://sourceforge.net/p/expect/patches/24/]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/exp_chan.c b/exp_chan.c
+index c92e26b6fbd02305..944200a63b102672 100644
+--- a/exp_chan.c
++++ b/exp_chan.c
+@@ -60,7 +60,7 @@ void			exp_background_channelhandler _ANSI_ARGS_((ClientData,
+ 
+ Tcl_ChannelType expChannelType = {
+     "exp",				/* Type name. */
+-    ExpBlockModeProc,			/* Set blocking/nonblocking mode.*/
++    TCL_CHANNEL_VERSION_2,
+     ExpCloseProc,			/* Close proc. */
+     ExpInputProc,			/* Input proc. */
+     ExpOutputProc,			/* Output proc. */
+@@ -70,6 +70,7 @@ Tcl_ChannelType expChannelType = {
+     ExpWatchProc,			/* Initialize notifier. */
+     ExpGetHandleProc,			/* Get OS handles out of channel. */
+     NULL,				/* Close2 proc */
++    ExpBlockModeProc,			/* Set blocking/nonblocking mode.*/
+ };
+ 
+ typedef struct ThreadSpecificData {
diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb
index 174b35ec73..461a2c093a 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -28,6 +28,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/expect/Expect/${PV}/${BPN}${PV}.tar.gz \
            file://0001-fixline1-fix-line-1.patch \
            file://0001-Add-prototype-to-function-definitions.patch \
            file://expect-configure-c99.patch \
+           file://tcl840.patch \
            file://run-ptest \
            "
 SRC_URI[md5sum] = "00fce8de158422f5ccd2666512329bd2"
@@ -82,7 +83,3 @@ FILES:${PN} += "${libdir}/libexpect${PV}.so \
                "
 
 BBCLASSEXTEND = "native nativesdk"
-
-# http://errors.yoctoproject.org/Errors/Details/766950/
-# expect5.45.4/exp_chan.c:62:5: error: initialization of 'struct Tcl_ChannelTypeVersion_ *' from incompatible pointer type 'int (*)(void *, int)' [-Wincompatible-pointer-types]
-CFLAGS += "-Wno-error=incompatible-pointer-types"
-- 
2.43.0

[OE-core][scarthgap 5/8] expect: don't run aclocal in do_configure

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

expect has a hand-maintained aclocal.m4 so don't run aclocal, which has the
side effect of not deleting the aclocal.m4 file which pulls in macros.

The build works without this change more through luck and a combination
of behaviours than design.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/expect/expect_5.45.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb
index 461a2c093a..4d4c91891c 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -39,6 +39,8 @@ UPSTREAM_CHECK_REGEX = "/Expect/(?P<pver>(\d+[\.\-_]*)+)/"
 
 S = "${WORKDIR}/${BPN}${PV}"
 
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
 do_install:append() {
 	install -d ${D}${libdir}
         install -m 0755 ${D}${libdir}/expect${PV}/libexpect*.so   ${D}${libdir}/
-- 
2.43.0

[OE-core][scarthgap 6/8] expect: cleanup do_install

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

Clean up the do_install append, and remove a long-standing unused
variable that appears to be intending to not install the scripts but
would have never actually done that as the relevant override since 2008
has been task-install.  As we've been installing the scripts, keep
instaling them.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/expect/expect_5.45.4.bb | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb
index 4d4c91891c..48f7e1a539 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -42,11 +42,9 @@ S = "${WORKDIR}/${BPN}${PV}"
 EXTRA_AUTORECONF += "--exclude=aclocal"
 
 do_install:append() {
-	install -d ${D}${libdir}
-        install -m 0755 ${D}${libdir}/expect${PV}/libexpect*.so   ${D}${libdir}/
-        install -m 0755 ${S}/fixline1           ${D}${libdir}/expect${PV}/
-        rm ${D}${libdir}/expect${PV}/libexpect*.so
-        sed -e 's|$dir|${libdir}|' -i ${D}${libdir}/expect${PV}/pkgIndex.tcl
+    mv ${D}${libdir}/expect${PV}/libexpect*.so ${D}${libdir}/
+    install -m 0755 ${S}/fixline1 ${D}${libdir}/expect${PV}/
+    sed -e 's|$dir|${libdir}|' -i ${D}${libdir}/expect${PV}/pkgIndex.tcl
 }
 
 do_install_ptest() {
@@ -65,7 +63,6 @@ EXTRA_OECONF += "--with-tcl=${STAGING_LIBDIR} \
                  --disable-rpath \
                  ${TCL_INCLUDE_PATH} \
                 "
-EXTRA_OEMAKE_install = " 'SCRIPTS=' "
 
 ALTERNATIVE:${PN}  = "mkpasswd"
 ALTERNATIVE_LINK_NAME[mkpasswd] = "${bindir}/mkpasswd"
-- 
2.43.0

[OE-core][scarthgap 7/8] expect: Fix build with GCC 15

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Stick to C17 standard as GCC 15 switches to C23

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/expect/expect_5.45.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb
index 48f7e1a539..a89b48ef1c 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -41,6 +41,8 @@ S = "${WORKDIR}/${BPN}${PV}"
 
 EXTRA_AUTORECONF += "--exclude=aclocal"
 
+CFLAGS += "-std=gnu17"
+
 do_install:append() {
     mv ${D}${libdir}/expect${PV}/libexpect*.so ${D}${libdir}/
     install -m 0755 ${S}/fixline1 ${D}${libdir}/expect${PV}/
-- 
2.43.0

[OE-core][scarthgap 8/8] expect: fix native build with GCC 15

[Steve Sakoman]

From: Adrian Freihofer <adrian.freihofer@siemens.com>

This does not work for native builds:
  CFLAGS += "-std=gnu17"
The line from native.bbclass gets priority:
  CFLAGS = "${BUILD_CFLAGS}"

From bitbake-getvar -r expect-native CFLAGS
  ...
  append ...poky/meta/recipes-devtools/expect/expect_5.45.4.bb:44
     "-std=gnu17"
  set ...poky/meta/classes-recipe/native.bbclass:44
     "${BUILD_CFLAGS}"
  ...

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/expect/expect_5.45.4.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/expect/expect_5.45.4.bb b/meta/recipes-devtools/expect/expect_5.45.4.bb
index a89b48ef1c..f1d30d8217 100644
--- a/meta/recipes-devtools/expect/expect_5.45.4.bb
+++ b/meta/recipes-devtools/expect/expect_5.45.4.bb
@@ -41,7 +41,7 @@ S = "${WORKDIR}/${BPN}${PV}"
 
 EXTRA_AUTORECONF += "--exclude=aclocal"
 
-CFLAGS += "-std=gnu17"
+CFLAGS:append = " -std=gnu17"
 
 do_install:append() {
     mv ${D}${libdir}/expect${PV}/libexpect*.so ${D}${libdir}/
-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, October 30

Passed a-full on the autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2645

with the exception of the meta-aws test, which failed due to a meta-aws commit
changing the distro from poky-agl to agl
The following changes since commit 649147913e89cd8f7390cb17cd0be94c9710ffa6:

  oeqa/runtime/ping: don't bother trying to ping localhost (2025-10-17 07:47:32 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Anders Heimer (1):
  libpam: mark CVE-2025-6018 as not applicable

Daniel Semkowicz (1):
  gstreamer1.0-plugins-bad: fix buffer allocation fail for v4l2codecs

Martin Jansa (1):
  flex: fix build with gcc-15 on host

Matthias Schiffer (1):
  curl: only set CA bundle in target build

Peter Marko (1):
  expat: patch CVE-2025-59375

Rasmus Villemoes (1):
  iptables: remove /etc/ethertypes

Soumya Sambu (2):
  elfutils: Fix CVE-2025-1376
  elfutils: Fix CVE-2025-1377

 .../expat/expat/CVE-2025-59375-00.patch       |  52 ++
 .../expat/expat/CVE-2025-59375-01.patch       |  48 ++
 .../expat/expat/CVE-2025-59375-02.patch       | 109 ++++
 .../expat/expat/CVE-2025-59375-03.patch       | 127 ++++
 .../expat/expat/CVE-2025-59375-04.patch       |  62 ++
 .../expat/expat/CVE-2025-59375-05.patch       |  64 ++
 .../expat/expat/CVE-2025-59375-06.patch       |  68 +++
 .../expat/expat/CVE-2025-59375-07.patch       |  52 ++
 .../expat/expat/CVE-2025-59375-08.patch       | 577 ++++++++++++++++++
 .../expat/expat/CVE-2025-59375-09.patch       |  43 ++
 .../expat/expat/CVE-2025-59375-10.patch       |  54 ++
 .../expat/expat/CVE-2025-59375-11.patch       |  66 ++
 .../expat/expat/CVE-2025-59375-12.patch       |  58 ++
 .../expat/expat/CVE-2025-59375-13.patch       | 309 ++++++++++
 .../expat/expat/CVE-2025-59375-14.patch       | 122 ++++
 .../expat/expat/CVE-2025-59375-15.patch       |  70 +++
 .../expat/expat/CVE-2025-59375-16.patch       | 146 +++++
 .../expat/expat/CVE-2025-59375-17.patch       |  28 +
 .../expat/expat/CVE-2025-59375-18.patch       |  74 +++
 .../expat/expat/CVE-2025-59375-19.patch       | 103 ++++
 .../expat/expat/CVE-2025-59375-20.patch       | 285 +++++++++
 .../expat/expat/CVE-2025-59375-21.patch       | 196 ++++++
 .../expat/expat/CVE-2025-59375-22.patch       |  37 ++
 .../expat/expat/CVE-2025-59375-23.patch       |  47 ++
 .../expat/expat/CVE-2025-59375-24.patch       |  36 ++
 meta/recipes-core/expat/expat_2.6.4.bb        |  25 +
 .../elfutils/elfutils_0.191.bb                |   2 +
 .../elfutils/files/CVE-2025-1376.patch        |  58 ++
 .../elfutils/files/CVE-2025-1377.patch        |  69 +++
 ...01-Match-malloc-signature-to-its-use.patch |  25 +
 meta/recipes-devtools/flex/flex_2.6.4.bb      |   1 +
 .../iptables/iptables_1.8.10.bb               |   2 +
 meta/recipes-extended/pam/libpam_1.5.3.bb     |   2 +
 ...s-chain-up-to-parent-decide_allocati.patch |  87 +++
 .../gstreamer1.0-plugins-bad_1.22.12.bb       |   1 +
 meta/recipes-support/curl/curl_8.7.1.bb       |   4 +-
 36 files changed, 3108 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-00.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-02.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-03.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-04.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-05.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-06.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-07.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-08.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-09.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-10.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-11.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-12.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-13.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-14.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-15.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-16.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-17.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-18.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-19.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-20.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-21.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-22.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-23.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2025-59375-24.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
 create mode 100644 meta/recipes-devtools/flex/flex/0001-Match-malloc-signature-to-its-use.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/0005-v4l2codecs-Always-chain-up-to-parent-decide_allocati.patch

-- 
2.43.0

[OE-core][scarthgap 0/8] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, December 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2811

The following changes since commit 1fbd9eddbdf0da062df0510cabff6f6ee33d5752:

  libarchive: patch CVE-2025-60753 (2025-11-24 08:08:18 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Changqing Li (1):
  libmicrohttpd: fix CVE-2025-59777, CVE-2025-62689

Moritz Haase (1):
  curl: Ensure 'CURL_CA_BUNDLE' from host env is indeed respected

Peter Marko (5):
  gnutls: patch CVE-2025-9820
  libpng: patch CVE-2025-64505
  libpng: patch CVE-2025-64506
  libpng: patch CVE-2025-64720
  libpng: patch CVE-2025-65018

Praveen Kumar (1):
  python3: fix CVE-2025-6075

 .../python/python3/CVE-2025-6075.patch        |   355 +
 .../python/python3_3.12.12.bb                 |     1 +
 .../libpng/files/CVE-2025-64505-01.patch      |   111 +
 .../libpng/files/CVE-2025-64505-02.patch      |   163 +
 .../libpng/files/CVE-2025-64505-03.patch      |    52 +
 .../libpng/files/CVE-2025-64506.patch         |    57 +
 .../libpng/files/CVE-2025-64720.patch         |   103 +
 .../libpng/files/CVE-2025-65018-01.patch      |    60 +
 .../libpng/files/CVE-2025-65018-02.patch      |   163 +
 .../libpng/libpng_1.6.42.bb                   |     7 +
 .../curl/curl/environment.d-curl.sh           |     4 +-
 .../gnutls/gnutls/CVE-2025-9820.patch         |   250 +
 meta/recipes-support/gnutls/gnutls_3.8.4.bb   |     1 +
 ...0001-Remove-broken-experimental-code.patch | 14471 ++++++++++++++++
 .../libmicrohttpd/libmicrohttpd_1.0.1.bb      |     3 +-
 15 files changed, 15798 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-64505-01.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-64505-02.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-64505-03.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-64506.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-64720.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-65018-01.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-65018-02.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-9820.patch
 create mode 100644 meta/recipes-support/libmicrohttpd/files/0001-Remove-broken-experimental-code.patch

-- 
2.43.0