[OE-core][scarthgap 00/18] Patch review

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Monday, October 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553

The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:

  expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.12

Archana Polampalli (1):
  go: fix CVE-2025-47906

Deepesh Varatharajan (1):
  glibc: stable 2.39 branch updates

Gyorgy Sarvari (1):
  conf/bitbake.conf: use gnu mirror instead of main server

Hitendra Prajapati (1):
  grub2: mark CVE-2024-2312 as not applicable

Peter Marko (10):
  busybox: patch CVE-2025-46394
  gstreamer1.0: ignore CVEs fixed in plugins
  gstreamer1.0: ignore CVE-2025-2759
  ghostscript: patch CVE-2025-59798
  ghostscript: patch CVE-2025-59799
  ghostscript: patch CVE-2025-59800
  expat: follow-up for CVE-2024-8176
  tiff: ignore 5 CVEs
  ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
  openssl: upgrade 3.2.4 -> 3.2.6

Ross Burton (1):
  pulseaudio: ignore CVE-2024-11586

Steve Sakoman (2):
  selftest/cases/meta_ide.py: use use gnu mirror instead of main server
  oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

 meta/conf/bitbake.conf                        |    2 +-
 meta/lib/oeqa/sdk/cases/buildcpio.py          |    2 +-
 meta/lib/oeqa/selftest/cases/meta_ide.py      |    2 +-
 meta/recipes-bsp/grub/grub2.inc               |    1 +
 .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
 .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
 .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
 .../busybox/busybox/CVE-2025-46394-01.patch   |   57 +
 .../busybox/busybox/CVE-2025-46394-02.patch   |   32 +
 meta/recipes-core/busybox/busybox_1.36.1.bb   |    2 +
 .../expat/expat/CVE-2024-8176-03.patch        |   35 +
 .../expat/expat/CVE-2024-8176-04.patch        |  115 +
 .../expat/expat/CVE-2024-8176-05.patch        |   78 +
 meta/recipes-core/expat/expat_2.6.4.bb        |    3 +
 meta/recipes-core/glibc/glibc-version.inc     |    4 +-
 meta/recipes-devtools/go/go-1.22.12.inc       |    1 +
 .../go/go/CVE-2025-47906.patch                |  183 ++
 .../ghostscript/CVE-2025-59798.patch          |  134 ++
 .../ghostscript/CVE-2025-59799.patch          |   41 +
 .../ghostscript/CVE-2025-59800.patch          |   36 +
 .../ghostscript/ghostscript_10.05.1.bb        |    3 +
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb |    4 +
 .../gstreamer/gstreamer1.0_1.22.12.bb         |   19 +-
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |    4 +
 .../pulseaudio/pulseaudio.inc                 |    2 +
 scripts/install-buildtools                    |    4 +-
 26 files changed, 754 insertions(+), 2061 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch

-- 
2.43.0

[OE-core][scarthgap 01/18] busybox: patch CVE-2025-46394

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioning this CVE.
Additionally fix test broken by the CVE fix.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/busybox/CVE-2025-46394-01.patch   | 57 +++++++++++++++++++
 .../busybox/busybox/CVE-2025-46394-02.patch   | 32 +++++++++++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |  2 +
 3 files changed, 91 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch b/meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
new file mode 100644
index 0000000000..c95cba3c33
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
@@ -0,0 +1,57 @@
+From f5e1bf966b19ea1821f00a8c9ecd7774598689b4 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 24 Sep 2025 03:28:47 +0200
+Subject: [PATCH] archival/libarchive: sanitize filenames on output (prevent
+ control sequence attacks
+
+This fixes CVE-2025-46394 (terminal escape sequence injection)
+
+Original credit: Ian.Norton at entrust.com
+
+function                                             old     new   delta
+header_list                                            9      15      +6
+header_verbose_list                                  239     244      +5
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 11/0)               Total: 11 bytes
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+CVE: CVE-2025-46394
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=f5e1bf966b19ea1821f00a8c9ecd7774598689b4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ archival/libarchive/header_list.c         | 2 +-
+ archival/libarchive/header_verbose_list.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/archival/libarchive/header_list.c b/archival/libarchive/header_list.c
+index 0621aa406..9490b3635 100644
+--- a/archival/libarchive/header_list.c
++++ b/archival/libarchive/header_list.c
+@@ -8,5 +8,5 @@
+ void FAST_FUNC header_list(const file_header_t *file_header)
+ {
+ //TODO: cpio -vp DIR should output "DIR/NAME", not just "NAME" */
+-	puts(file_header->name);
++	puts(printable_string(file_header->name));
+ }
+diff --git a/archival/libarchive/header_verbose_list.c b/archival/libarchive/header_verbose_list.c
+index a575a08a0..e7a09430d 100644
+--- a/archival/libarchive/header_verbose_list.c
++++ b/archival/libarchive/header_verbose_list.c
+@@ -57,13 +57,13 @@ void FAST_FUNC header_verbose_list(const file_header_t *file_header)
+ 		ptm->tm_hour,
+ 		ptm->tm_min,
+ 		ptm->tm_sec,
+-		file_header->name);
++		printable_string(file_header->name));
+ 
+ #endif /* FEATURE_TAR_UNAME_GNAME */
+ 
+ 	/* NB: GNU tar shows "->" for symlinks and "link to" for hardlinks */
+ 	if (file_header->link_target) {
+-		printf(" -> %s", file_header->link_target);
++		printf(" -> %s", printable_string(file_header->link_target));
+ 	}
+ 	bb_putchar('\n');
+ }
diff --git a/meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch b/meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
new file mode 100644
index 0000000000..ec17b9285a
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
@@ -0,0 +1,32 @@
+From 7378db981d87b4a2264e14d60340a7fb5c67ae59 Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Fri, 3 Oct 2025 16:12:56 +0200
+Subject: [PATCH] testsuite/tar.tests: fix test after CVE-2025-46394
+
+tar now sanitizes output and this test needs to expect that.
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+CVE: CVE-2025-46394
+Upstream-Status: Submitted [https://lists.busybox.net/pipermail/busybox/2025-October/091743.html]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ testsuite/tar.tests | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/testsuite/tar.tests b/testsuite/tar.tests
+index 0f2e89112..48fc38114 100755
+--- a/testsuite/tar.tests
++++ b/testsuite/tar.tests
+@@ -325,9 +325,9 @@ unset LANG
+ rm -rf etc usr
+ ' "\
+ etc/ssl/certs/3b2716e5.0
+-etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
++etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??.pem
+ etc/ssl/certs/f80cc7f6.0
+-usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
++usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??.crt
+ 0
+ etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
+ etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb
index 069544cc8a..d3f259d45b 100644
--- a/meta/recipes-core/busybox/busybox_1.36.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.36.1.bb
@@ -59,6 +59,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \
            file://CVE-2022-48174.patch \
            file://CVE-2023-39810.patch \
+           file://CVE-2025-46394-01.patch \
+           file://CVE-2025-46394-02.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html
-- 
2.43.0

[OE-core][scarthgap 02/18] grub2: mark CVE-2024-2312 as not applicable

[Steve Sakoman]

From: Hitendra Prajapati <hprajapati@mvista.com>

This issue is specific to the peimage module that Ubuntu add, and is not
an upstream issue.

(From OE-Core rev: 8d2fe3f403e6435e1ffe122a6776381090752d8a)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/grub/grub2.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index fd671d88ad..edb87ef2ea 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -45,6 +45,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
 CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
+CVE_STATUS[CVE-2024-2312]  = "not-applicable-platform: Applies only to Ubuntu"
 
 DEPENDS = "flex-native bison-native gettext-native"
 
-- 
2.43.0

[OE-core][scarthgap 03/18] gstreamer1.0: ignore CVEs fixed in plugins

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

All these CVEs were fixed in recent commits.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gstreamer/gstreamer1.0_1.22.12.bb           | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index 3f28459e2d..cfc66745e3 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -74,17 +74,26 @@ CVE_PRODUCT = "gstreamer"
 
 CVE_STATUS[CVE-2024-0444] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9"
 
+CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BAD"
+CVE_STATUS_PLUGINS_BAD = " \
+    CVE-2025-3887 \
+"
+CVE_STATUS_PLUGINS_BAD[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad"
+
 CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BASE"
-CVE_STATUS_PLUGINS_BASE = "CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835"
-CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-base"
+CVE_STATUS_PLUGINS_BASE = " \
+    CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 \
+    CVE-2025-47806 CVE-2025-47807 CVE-2025-47808 \
+"
+CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-base"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_GOOD"
 CVE_STATUS_PLUGINS_GOOD = " \
     CVE-2024-47537 CVE-2024-47539 CVE-2024-47540 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 \
     CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601 \
     CVE-2024-47602 CVE-2024-47603 CVE-2024-47613 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 \
-    CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 \
+    CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 CVE-2025-47183 CVE-2025-47219 \
 "
-CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-good"
+CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-good"
 
 PTEST_BUILD_HOST_FILES = ""
-- 
2.43.0

[OE-core][scarthgap 04/18] gstreamer1.0: ignore CVE-2025-2759

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Copy statement from [1] that it is problem of installers (non-Linux).
Also [2] linked in NVD says "Fixed in 1.25.1 Gstreamer Installer".
Since Yocto builds from sources into our own packages, ignore it.

[1] https://security-tracker.debian.org/tracker/CVE-2025-2759
[2] https://www.zerodayinitiative.com/advisories/ZDI-25-268/

(From OE-Core rev: 99ee1df6bde2ffd4fa2ddea44c0a9b94d9d77bae)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index cfc66745e3..5b0ba37977 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -96,4 +96,6 @@ CVE_STATUS_PLUGINS_GOOD = " \
 "
 CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-good"
 
+CVE_STATUS[CVE-2025-2759] = "not-applicable-platform: affects installation packages for non Linux OSes"
+
 PTEST_BUILD_HOST_FILES = ""
-- 
2.43.0

[OE-core][scarthgap 05/18] ghostscript: patch CVE-2025-59798

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59798.patch          | 134 ++++++++++++++++++
 .../ghostscript/ghostscript_10.05.1.bb        |   1 +
 2 files changed, 135 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
new file mode 100644
index 0000000000..9432126e85
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
@@ -0,0 +1,134 @@
+From 0cae41b23a9669e801211dd4cf97b6dadd6dbdd7 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Thu, 22 May 2025 12:25:41 +0100
+Subject: [PATCH] pdfwrite - avoid buffer overrun
+
+Bug #708539 "Buffer overflow in pdf_write_cmap"
+
+The proposed fix in the report solves the buffer overrun, but does not
+tackle a number of other problems.
+
+This commit checks the result of stream_puts() in
+pdf_write_cid_system_info_to_stream() and correctly signals an error to
+the caller if that fails.
+
+In pdf_write_cid_system_info we replace a (rather small!) fixed size
+buffer with a dynamically allocated one using the lengths of the strings
+which pdf_write_cid_system_info_to_stream() will write, and a small
+fixed overhead to deal with the keys and initial byte '/'.
+
+Because 'buf' is used in the stream 's', if it is too small to hold all
+the CIDSystemInfo then we would get an error which was simply discarded
+previously.
+
+We now should avoid the potential error by ensuring the buffer is large
+enough for all the information, and if we do get an error we no longer
+silently ignore it, which would write an invalid PDF file.
+
+CVE: CVE-2025-59798
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/0cae41b23a9669e801211dd4cf97b6dadd6dbdd7]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/vector/gdevpdtw.c | 52 ++++++++++++++++++++++++++++++---------
+ 1 file changed, 41 insertions(+), 11 deletions(-)
+
+diff --git a/devices/vector/gdevpdtw.c b/devices/vector/gdevpdtw.c
+index ced15c9b2..fe24dd73a 100644
+--- a/devices/vector/gdevpdtw.c
++++ b/devices/vector/gdevpdtw.c
+@@ -703,7 +703,8 @@ static int
+ pdf_write_cid_system_info_to_stream(gx_device_pdf *pdev, stream *s,
+                           const gs_cid_system_info_t *pcidsi, gs_id object_id)
+ {
+-    byte *Registry, *Ordering;
++    byte *Registry = NULL, *Ordering = NULL;
++    int code = 0;
+ 
+     Registry = gs_alloc_bytes(pdev->pdf_memory, pcidsi->Registry.size, "temporary buffer for Registry");
+     if (!Registry)
+@@ -734,14 +735,19 @@ pdf_write_cid_system_info_to_stream(gx_device_pdf *pdev, stream *s,
+         }
+         s_arcfour_process_buffer(&sarc4, Ordering, pcidsi->Ordering.size);
+     }
+-    stream_puts(s, "<<\n/Registry");
++    code = stream_puts(s, "<<\n/Registry");
++    if (code < 0)
++        goto error;
+     s_write_ps_string(s, Registry, pcidsi->Registry.size, PRINT_HEX_NOT_OK);
+-    stream_puts(s, "\n/Ordering");
++    code = stream_puts(s, "\n/Ordering");
++    if(code < 0)
++        goto error;
+     s_write_ps_string(s, Ordering, pcidsi->Ordering.size, PRINT_HEX_NOT_OK);
++error:
+     pprintd1(s, "\n/Supplement %d\n>>\n", pcidsi->Supplement);
+     gs_free_object(pdev->pdf_memory, Registry, "free temporary Registry buffer");
+     gs_free_object(pdev->pdf_memory, Ordering, "free temporary Ordering buffer");
+-    return 0;
++    return code;
+ }
+ 
+ int
+@@ -786,31 +792,55 @@ pdf_write_cmap(gx_device_pdf *pdev, const gs_cmap_t *pcmap,
+     *ppres = writer.pres;
+     writer.pres->where_used = 0; /* CMap isn't a PDF resource. */
+     if (!pcmap->ToUnicode) {
+-        byte buf[200];
++        byte *buf = NULL;
++        uint64_t buflen = 0;
+         cos_dict_t *pcd = (cos_dict_t *)writer.pres->object;
+         stream s;
+ 
++        /* We use 'buf' for the stream 's' below and that needs to have some extra
++         * space for the CIDSystemInfo. We also need an extra byte for the leading '/'
++         * 100 bytes is ample for the overhead.
++         */
++        buflen = pcmap->CIDSystemInfo->Registry.size + pcmap->CIDSystemInfo->Ordering.size + pcmap->CMapName.size + 100;
++        if (buflen > max_uint)
++            return_error(gs_error_limitcheck);
++
++        buf = gs_alloc_bytes(pdev->memory, buflen, "pdf_write_cmap");
++        if (buf == NULL)
++            return_error(gs_error_VMerror);
++
+         code = cos_dict_put_c_key_int(pcd, "/WMode", pcmap->WMode);
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         buf[0] = '/';
+         memcpy(buf + 1, pcmap->CMapName.data, pcmap->CMapName.size);
+         code = cos_dict_put_c_key_string(pcd, "/CMapName",
+                         buf, pcmap->CMapName.size + 1);
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         s_init(&s, pdev->memory);
+-        swrite_string(&s, buf, sizeof(buf));
++        swrite_string(&s, buf, buflen);
+         code = pdf_write_cid_system_info_to_stream(pdev, &s, pcmap->CIDSystemInfo, 0);
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         code = cos_dict_put_c_key_string(pcd, "/CIDSystemInfo",
+                         buf, stell(&s));
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         code = cos_dict_put_string_copy(pcd, "/Type", "/CMap");
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
++        gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+     }
+     if (pcmap->CMapName.size == 0) {
+         /* Create an arbitrary name (for ToUnicode CMap). */
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index bd34058517..0ae939e780 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -25,6 +25,7 @@ def gs_verdir(v):
 SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \
            file://ghostscript-9.16-Werror-return-type.patch \
            file://avoid-host-contamination.patch \
+           file://CVE-2025-59798.patch \
            "
 
 SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"
-- 
2.43.0

[OE-core][scarthgap 06/18] ghostscript: patch CVE-2025-59799

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59799.patch          | 41 +++++++++++++++++++
 .../ghostscript/ghostscript_10.05.1.bb        |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
new file mode 100644
index 0000000000..9401474c47
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
@@ -0,0 +1,41 @@
+From 6dab38fb211f15226c242ab7a83fa53e4b0ff781 Mon Sep 17 00:00:00 2001
+From: Piotr Kajda <petermasterperfect@gmail.com>
+Date: Thu, 8 May 2025 11:37:09 +0100
+Subject: [PATCH] pdfwrite - bounds check some strings
+
+Bug #708517
+
+This differs very slightly from the proposed patch in the bug report, I
+had a quick scout through the C file and found another similar case.
+
+Both fixed here.
+
+CVE: CVE-2025-59799
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/6dab38fb211f15226c242ab7a83fa53e4b0ff781]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/vector/gdevpdfm.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/devices/vector/gdevpdfm.c b/devices/vector/gdevpdfm.c
+index 5aa3644e2..4b1d7d89c 100644
+--- a/devices/vector/gdevpdfm.c
++++ b/devices/vector/gdevpdfm.c
+@@ -199,6 +199,8 @@ pdfmark_coerce_dest(gs_param_string *dstr, char dest[MAX_DEST_STRING])
+ {
+     const byte *data = dstr->data;
+     uint size = dstr->size;
++    if (size > MAX_DEST_STRING)
++        return_error(gs_error_limitcheck);
+     if (size == 0 || data[0] != '(')
+         return 0;
+     /****** HANDLE ESCAPES ******/
+@@ -859,6 +861,8 @@ pdfmark_put_ao_pairs(gx_device_pdf * pdev, cos_dict_t *pcd,
+             char buf[30];
+             int d0, d1;
+ 
++            if (Action[1].size > 29)
++                return_error(gs_error_rangecheck);
+             memcpy(buf, Action[1].data, Action[1].size);
+             buf[Action[1].size] = 0;
+             if (sscanf(buf, "%d %d R", &d0, &d1) == 2)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index 0ae939e780..0f123d4899 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -26,6 +26,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://ghostscript-9.16-Werror-return-type.patch \
            file://avoid-host-contamination.patch \
            file://CVE-2025-59798.patch \
+           file://CVE-2025-59799.patch \
            "
 
 SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"
-- 
2.43.0

[OE-core][scarthgap 07/18] ghostscript: patch CVE-2025-59800

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59800.patch          | 36 +++++++++++++++++++
 .../ghostscript/ghostscript_10.05.1.bb        |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
new file mode 100644
index 0000000000..5d50865271
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
@@ -0,0 +1,36 @@
+From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Tue, 1 Jul 2025 10:31:17 +0100
+Subject: [PATCH] PDF OCR 8 bit device - avoid overflow
+
+Bug 708602 "Heap overflow in ocr_line8"
+
+Make sure the calculation of the required raster size does not overflow
+an int.
+
+CVE: CVE-2025-59800
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/gdevpdfocr.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index f27dc11db..6362f4104 100644
+--- a/devices/gdevpdfocr.c
++++ b/devices/gdevpdfocr.c
+@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row)
+ static int
+ ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp)
+ {
+-    int raster = (w+3)&~3;
++    int64_t raster = (w + 3) & ~3;
+ 
+-    dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page");
++    raster = raster * (int64_t)h;
++    if (raster < 0 || raster > max_size_t)
++        return gs_note_error(gs_error_VMerror);
++    dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page");
+     if (dev->ocr.data == NULL)
+         return_error(gs_error_VMerror);
+     dev->ocr.w = w;
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index 0f123d4899..a48ad671c7 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://avoid-host-contamination.patch \
            file://CVE-2025-59798.patch \
            file://CVE-2025-59799.patch \
+           file://CVE-2025-59800.patch \
            "
 
 SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"
-- 
2.43.0

[OE-core][scarthgap 08/18] expat: follow-up for CVE-2024-8176

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Expat release 2.7.3 implemented a follow-up for this CVE.
References:
* https://github.com/libexpat/libexpat/blob/R_2_7_3/expat/Changes
* https://security-tracker.debian.org/tracker/CVE-2024-8176
* https://github.com/libexpat/libexpat/pull/1059

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2024-8176-03.patch        |  35 ++++++
 .../expat/expat/CVE-2024-8176-04.patch        | 115 ++++++++++++++++++
 .../expat/expat/CVE-2024-8176-05.patch        |  78 ++++++++++++
 meta/recipes-core/expat/expat_2.6.4.bb        |   3 +
 4 files changed, 231 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-03.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
new file mode 100644
index 0000000000..c9990d5547
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
@@ -0,0 +1,35 @@
+From ba80428c2207259103b73871d447dee34755340c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@tum.de>
+Date: Tue, 23 Sep 2025 11:22:14 +0200
+Subject: [PATCH] lib: Fix detection of asynchronous tags in entities
+
+According to the XML standard, tags must be closed within the same
+element in which they are opened. Since the change of the entity
+processing method in version 2.7.0, violations of this rule have not
+been handled correctly for entities.
+
+This commit adds the required checks to detect any violations and
+restores the correct behaviour.
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/xmlparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index ce29ab6f..ba4e3c48 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -6087,6 +6087,10 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
+     // process its possible inner entities (which are added to the
+     // m_openInternalEntities during doProlog or doContent calls above)
+     entity->hasMore = XML_FALSE;
++    if (! entity->is_param
++        && (openEntity->startTagLevel != parser->m_tagLevel)) {
++      return XML_ERROR_ASYNC_ENTITY;
++    }
+     triggerReenter(parser);
+     return result;
+   } // End of entity processing, "if" block will return here
diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-04.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
new file mode 100644
index 0000000000..9623467698
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
@@ -0,0 +1,115 @@
+From 81a114f7eebcd41a6993337128cda337986a26f4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 15 Sep 2025 21:57:07 +0200
+Subject: [PATCH] tests: Cover XML_ERROR_ASYNC_ENTITY cases
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tests/misc_tests.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 87 insertions(+)
+
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 3346bce6..19f41df7 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -621,6 +621,91 @@ START_TEST(test_misc_expected_event_ptr_issue_980) {
+ }
+ END_TEST
+ 
++START_TEST(test_misc_sync_entity_tolerated) {
++  const char *const doc = "<!DOCTYPE t0 [\n"
++                          "   <!ENTITY a '<t1></t1>'>\n"
++                          "   <!ENTITY b '<t2>two</t2>'>\n"
++                          "   <!ENTITY c '<t3>three<t4>four</t4>three</t3>'>\n"
++                          "   <!ENTITY d '<t5>&b;</t5>'>\n"
++                          "]>\n"
++                          "<t0>&a;&b;&c;&d;</t0>\n";
++  XML_Parser parser = XML_ParserCreate(NULL);
++
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                      /*isFinal=*/XML_TRUE)
++              == XML_STATUS_OK);
++
++  XML_ParserFree(parser);
++}
++END_TEST
++
++START_TEST(test_misc_async_entity_rejected) {
++  struct test_case {
++    const char *doc;
++    enum XML_Status expectedStatusNoGE;
++    enum XML_Error expectedErrorNoGE;
++  };
++  const struct test_case cases[] = {
++      // Opened by one entity, closed by another
++      {"<!DOCTYPE t0 [\n"
++       "   <!ENTITY open '<t1>'>\n"
++       "   <!ENTITY close '</t1>'>\n"
++       "]>\n"
++       "<t0>&open;&close;</t0>\n",
++       XML_STATUS_OK, XML_ERROR_NONE},
++      // Opened by tag, closed by entity (non-root case)
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY g0 ''>\n"
++       "  <!ENTITY g1 '&g0;</t1>'>\n"
++       "]>\n"
++       "<t0><t1>&g1;</t0>\n",
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++      // Opened by tag, closed by entity (root case)
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY g0 ''>\n"
++       "  <!ENTITY g1 '&g0;</t0>'>\n"
++       "]>\n"
++       "<t0>&g1;\n",
++       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS},
++      // Opened by entity, closed by tag <-- regression from 2.7.0
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY g0 ''>\n"
++       "  <!ENTITY g1 '<t1>&g0;'>\n"
++       "]>\n"
++       "<t0>&g1;</t1></t0>\n",
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++      // Opened by tag, closed by entity; then the other way around
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY open '<t1>'>\n"
++       "  <!ENTITY close '</t1>'>\n"
++       "]>\n"
++       "<t0><t1>&close;&open;</t1></t0>\n",
++       XML_STATUS_OK, XML_ERROR_NONE},
++  };
++
++  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
++    const struct test_case testCase = cases[i];
++    set_subtest("cases[%d]", (int)i);
++
++    const char *const doc = testCase.doc;
++#if XML_GE == 1
++    const enum XML_Status expectedStatus = XML_STATUS_ERROR;
++    const enum XML_Error expectedError = XML_ERROR_ASYNC_ENTITY;
++#else
++    const enum XML_Status expectedStatus = testCase.expectedStatusNoGE;
++    const enum XML_Error expectedError = testCase.expectedErrorNoGE;
++#endif
++
++    XML_Parser parser = XML_ParserCreate(NULL);
++    assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                        /*isFinal=*/XML_TRUE)
++                == expectedStatus);
++    assert_true(XML_GetErrorCode(parser) == expectedError);
++    XML_ParserFree(parser);
++  }
++}
++END_TEST
++
+ void
+ make_miscellaneous_test_case(Suite *s) {
+   TCase *tc_misc = tcase_create("miscellaneous tests");
+@@ -649,4 +734,6 @@ make_miscellaneous_test_case(Suite *s) {
+   tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
+   tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content);
+   tcase_add_test(tc_misc, test_misc_expected_event_ptr_issue_980);
++  tcase_add_test(tc_misc, test_misc_sync_entity_tolerated);
++  tcase_add_test(tc_misc, test_misc_async_entity_rejected);
+ }
diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-05.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
new file mode 100644
index 0000000000..063a590a11
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
@@ -0,0 +1,78 @@
+From a9aaf85cfc3025b7013b5adc4bef2ce32ecc7fb1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@tum.de>
+Date: Tue, 23 Sep 2025 12:12:50 +0200
+Subject: [PATCH] tests: Add line/column checks to async entity tests
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tests/misc_tests.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 19f41df7..7a4d2455 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -644,6 +644,8 @@ START_TEST(test_misc_async_entity_rejected) {
+     const char *doc;
+     enum XML_Status expectedStatusNoGE;
+     enum XML_Error expectedErrorNoGE;
++    XML_Size expectedErrorLine;
++    XML_Size expectedErrorColumn;
+   };
+   const struct test_case cases[] = {
+       // Opened by one entity, closed by another
+@@ -652,35 +654,35 @@ START_TEST(test_misc_async_entity_rejected) {
+        "   <!ENTITY close '</t1>'>\n"
+        "]>\n"
+        "<t0>&open;&close;</t0>\n",
+-       XML_STATUS_OK, XML_ERROR_NONE},
++       XML_STATUS_OK, XML_ERROR_NONE, 5, 4},
+       // Opened by tag, closed by entity (non-root case)
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY g0 ''>\n"
+        "  <!ENTITY g1 '&g0;</t1>'>\n"
+        "]>\n"
+        "<t0><t1>&g1;</t0>\n",
+-       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 8},
+       // Opened by tag, closed by entity (root case)
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY g0 ''>\n"
+        "  <!ENTITY g1 '&g0;</t0>'>\n"
+        "]>\n"
+        "<t0>&g1;\n",
+-       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS},
++       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS, 5, 4},
+       // Opened by entity, closed by tag <-- regression from 2.7.0
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY g0 ''>\n"
+        "  <!ENTITY g1 '<t1>&g0;'>\n"
+        "]>\n"
+        "<t0>&g1;</t1></t0>\n",
+-       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 4},
+       // Opened by tag, closed by entity; then the other way around
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY open '<t1>'>\n"
+        "  <!ENTITY close '</t1>'>\n"
+        "]>\n"
+        "<t0><t1>&close;&open;</t1></t0>\n",
+-       XML_STATUS_OK, XML_ERROR_NONE},
++       XML_STATUS_OK, XML_ERROR_NONE, 5, 8},
+   };
+ 
+   for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+@@ -701,6 +703,11 @@ START_TEST(test_misc_async_entity_rejected) {
+                                         /*isFinal=*/XML_TRUE)
+                 == expectedStatus);
+     assert_true(XML_GetErrorCode(parser) == expectedError);
++#if XML_GE == 1
++    assert_true(XML_GetCurrentLineNumber(parser) == testCase.expectedErrorLine);
++    assert_true(XML_GetCurrentColumnNumber(parser)
++                == testCase.expectedErrorColumn);
++#endif
+     XML_ParserFree(parser);
+   }
+ }
diff --git a/meta/recipes-core/expat/expat_2.6.4.bb b/meta/recipes-core/expat/expat_2.6.4.bb
index ab0b1d54c1..816beaa8a3 100644
--- a/meta/recipes-core/expat/expat_2.6.4.bb
+++ b/meta/recipes-core/expat/expat_2.6.4.bb
@@ -13,6 +13,9 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
            file://0001-tests-Cover-indirect-entity-recursion.patch;striplevel=2 \
            file://CVE-2024-8176-01.patch;striplevel=2 \
            file://CVE-2024-8176-02.patch;striplevel=2 \
+           file://CVE-2024-8176-03.patch \
+           file://CVE-2024-8176-04.patch \
+           file://CVE-2024-8176-05.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"
-- 
2.43.0

[OE-core][scarthgap 09/18] pulseaudio: ignore CVE-2024-11586

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

As per the linked ticket, this issue is related to an Ubuntu-specific
patch that we don't have.

(From OE-Core rev: dc81fdc6bdf8ab39b7f2fd994d50256430c36558)

(From OE-Core rev: 72e63e44a0c6ad5a408c4dc59a24288c36463439)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/pulseaudio/pulseaudio.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
index a93ef8f338..26e9e08a63 100644
--- a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
+++ b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
@@ -281,3 +281,5 @@ RDEPENDS:pulseaudio-server += "\
 RDEPENDS:pulseaudio-server += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', \
                                   bb.utils.contains('DISTRO_FEATURES', 'systemd', 'pulseaudio-module-systemd-login', 'pulseaudio-module-console-kit', d), \
                                   '', d)}"
+
+CVE_STATUS[CVE-2024-11586] = "not-applicable-platform: specific to Ubuntu 16.04"
-- 
2.43.0

[OE-core][scarthgap 10/18] tiff: ignore 5 CVEs

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

These CVEs are for tools which were removed in v4.6.0 via [1] and
re-introduced again in v4.7.0 via [2].

[1] https://gitlab.com/libtiff/libtiff/-/commit/eab89a627f0a65e9a1a47c4b30b4802c80b1ac45
[2] https://gitlab.com/libtiff/libtiff/-/commit/9ab54a858049bef020d578c71d82669531551c00

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 1d3d08ff9d..9957699fb2 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -28,6 +28,10 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
 CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"
 
+CVE_STATUS_GROUPS += "CVE_STATUS_REMOVED_TOOLS"
+CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851"
+CVE_STATUS_REMOVED_TOOLS[status] = "cpe-incorrect: tools affected by these CVEs are not present in this release"
+
 inherit autotools multilib_header
 
 CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"
-- 
2.43.0

[OE-core][scarthgap 11/18] ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Following are mentioned in commit upgrading the recipe to 6.1.3:
* CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31578 CVE-2024-31582

Following are fixed via mentioned commits already in 6.1.1:
* CVE-2023-50009: https://github.com/FFmpeg/FFmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba
* CVE-2023-50010: https://github.com/FFmpeg/FFmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1
* CVE-2024-31585: https://github.com/FFmpeg/FFmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
index dbd0a3f270..38c6d1f2b7 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
@@ -50,6 +50,10 @@ CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wr
 # Fixed: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
 CVE_STATUS[CVE-2025-1373]  = "fixed-version: Vulnerable code not present in any release"
 
+CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x"
+CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585"
+CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x"
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"
-- 
2.43.0

[OE-core][scarthgap 12/18] go: fix CVE-2025-47906

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

If the PATH environment variable contains paths which are executables
(rather than just directories), passing certain strings to LookPath
("", ".", and ".."), can result in the binaries listed in the PATH
 being unexpectedly returned.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.22.12.inc       |   1 +
 .../go/go/CVE-2025-47906.patch                | 183 ++++++++++++++++++
 2 files changed, 184 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch

diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index d0ce333117..a364e1aae8 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -20,6 +20,7 @@ SRC_URI += "\
     file://CVE-2025-4674.patch \
     file://CVE-2025-47907-pre.patch \
     file://CVE-2025-47907.patch \
+    file://CVE-2025-47906.patch \
 "
 SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
 
diff --git a/meta/recipes-devtools/go/go/CVE-2025-47906.patch b/meta/recipes-devtools/go/go/CVE-2025-47906.patch
new file mode 100644
index 0000000000..88895f496d
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-47906.patch
@@ -0,0 +1,183 @@
+From 8fa31a2d7d9e60c50a3a94080c097b6e65773f4b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= <olivier.mengue@gmail.com>
+Date: Mon, 30 Jun 2025 16:58:59 +0200
+Subject: [PATCH] [release-branch.go1.23] os/exec: fix incorrect expansion of
+ "", "." and ".." in LookPath Fix incorrect expansion of "" and "." when $PATH
+ contains an executable file or, on Windows, a parent directory of a %PATH%
+ element contains an file with the same name as the %PATH% element but with
+ one of the %PATHEXT% extension (ex: C:\utils\bin is in PATH, and
+ C:\utils\bin.exe exists).
+
+Fix incorrect expansion of ".." when $PATH contains an element which is
+an the concatenation of the path to an executable file (or on Windows
+a path that can be expanded to an executable by appending a %PATHEXT%
+extension), a path separator and a name.
+
+"", "." and ".." are now rejected early with ErrNotFound.
+
+Fixes CVE-2025-47906
+Fixes #74803
+
+Change-Id: Ie50cc0a660fce8fbdc952a7f2e05c36062dcb50e
+Reviewed-on: https://go-review.googlesource.com/c/go/+/685755
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Reviewed-by: Damien Neil <dneil@google.com>
+(cherry picked from commit e0b07dc)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/691855
+Reviewed-by: Michael Knyszek <mknyszek@google.com>
+
+CVE: CVE-2025-47906
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/8fa31a2d7d9e60c50a3a94080c097b6e65773f4b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/os/exec/dot_test.go   | 56 +++++++++++++++++++++++++++++++++++++++
+ src/os/exec/exec.go       | 10 +++++++
+ src/os/exec/lp_plan9.go   |  4 +++
+ src/os/exec/lp_unix.go    |  4 +++
+ src/os/exec/lp_windows.go |  7 +++++
+ 5 files changed, 81 insertions(+)
+
+diff --git a/src/os/exec/dot_test.go b/src/os/exec/dot_test.go
+index ed4bad2..86e9cbb 100644
+--- a/src/os/exec/dot_test.go
++++ b/src/os/exec/dot_test.go
+@@ -178,4 +178,60 @@ func TestLookPath(t *testing.T) {
+			}
+		}
+	})
++
++	checker := func(test string) func(t *testing.T) {
++		return func(t *testing.T) {
++			t.Helper()
++			t.Logf("PATH=%s", os.Getenv("PATH"))
++			p, err := LookPath(test)
++			if err == nil {
++				t.Errorf("%q: error expected, got nil", test)
++			}
++			if p != "" {
++				t.Errorf("%q: path returned should be \"\". Got %q", test, p)
++			}
++		}
++	}
++
++	// Reference behavior for the next test
++	t.Run(pathVar+"=$OTHER2", func(t *testing.T) {
++		t.Run("empty", checker(""))
++		t.Run("dot", checker("."))
++		t.Run("dotdot1", checker("abc/.."))
++		t.Run("dotdot2", checker(".."))
++	})
++
++	// Test the behavior when PATH contains an executable file which is not a directory
++	t.Run(pathVar+"=exe", func(t *testing.T) {
++		// Inject an executable file (not a directory) in PATH.
++		// Use our own binary os.Args[0].
++		testenv.MustHaveExec(t)
++		exe, err := os.Executable()
++		if err != nil {
++			t.Fatal(err)
++		}
++
++		t.Setenv(pathVar, exe)
++		t.Run("empty", checker(""))
++		t.Run("dot", checker("."))
++		t.Run("dotdot1", checker("abc/.."))
++		t.Run("dotdot2", checker(".."))
++	})
++
++	// Test the behavior when PATH contains an executable file which is not a directory
++	t.Run(pathVar+"=exe/xx", func(t *testing.T) {
++		// Inject an executable file (not a directory) in PATH.
++		// Use our own binary os.Args[0].
++		testenv.MustHaveExec(t)
++		exe, err := os.Executable()
++		if err != nil {
++			t.Fatal(err)
++		}
++
++		t.Setenv(pathVar, filepath.Join(exe, "xx"))
++		t.Run("empty", checker(""))
++		t.Run("dot", checker("."))
++		t.Run("dotdot1", checker("abc/.."))
++		t.Run("dotdot2", checker(".."))
++	})
+ }
+diff --git a/src/os/exec/exec.go b/src/os/exec/exec.go
+index b8ef5a0..2c7f510 100644
+--- a/src/os/exec/exec.go
++++ b/src/os/exec/exec.go
+@@ -1310,3 +1310,13 @@ func addCriticalEnv(env []string) []string {
+ // Code should use errors.Is(err, ErrDot), not err == ErrDot,
+ // to test whether a returned error err is due to this condition.
+ var ErrDot = errors.New("cannot run executable found relative to current directory")
++
++// validateLookPath excludes paths that can't be valid
++// executable names. See issue #74466 and CVE-2025-47906.
++func validateLookPath(s string) error {
++	switch s {
++	case "", ".", "..":
++		return ErrNotFound
++	}
++	return nil
++}
+diff --git a/src/os/exec/lp_plan9.go b/src/os/exec/lp_plan9.go
+index dffdbac..39f3d33 100644
+--- a/src/os/exec/lp_plan9.go
++++ b/src/os/exec/lp_plan9.go
+@@ -36,6 +36,10 @@ func findExecutable(file string) error {
+ // As of Go 1.19, LookPath will instead return that path along with an error satisfying
+ // errors.Is(err, ErrDot). See the package documentation for more details.
+ func LookPath(file string) (string, error) {
++	if err := validateLookPath(file); err != nil {
++		return "", &Error{file, err}
++	}
++
+	// skip the path lookup for these prefixes
+	skip := []string{"/", "#", "./", "../"}
+
+diff --git a/src/os/exec/lp_unix.go b/src/os/exec/lp_unix.go
+index 3787132..2543525 100644
+--- a/src/os/exec/lp_unix.go
++++ b/src/os/exec/lp_unix.go
+@@ -54,6 +54,10 @@ func LookPath(file string) (string, error) {
+	// (only bypass the path if file begins with / or ./ or ../)
+	// but that would not match all the Unix shells.
+
++	if err := validateLookPath(file); err != nil {
++		return "", &Error{file, err}
++	}
++
+	if strings.Contains(file, "/") {
+		err := findExecutable(file)
+		if err == nil {
+diff --git a/src/os/exec/lp_windows.go b/src/os/exec/lp_windows.go
+index 698a97c..e0b74e3 100644
+--- a/src/os/exec/lp_windows.go
++++ b/src/os/exec/lp_windows.go
+@@ -68,6 +68,9 @@ func findExecutable(file string, exts []string) (string, error) {
+ // As of Go 1.19, LookPath will instead return that path along with an error satisfying
+ // errors.Is(err, ErrDot). See the package documentation for more details.
+ func LookPath(file string) (string, error) {
++	if err := validateLookPath(file); err != nil {
++		return "", &Error{file, err}
++	}
+	return lookPath(file, pathExt())
+ }
+
+@@ -81,6 +84,10 @@ func LookPath(file string) (string, error) {
+ // "C:\foo\example.com" would be returned as-is even if the
+ // program is actually "C:\foo\example.com.exe".
+ func lookExtensions(path, dir string) (string, error) {
++	if err := validateLookPath(path); err != nil {
++		return "", &Error{path, err}
++	}
++
+	if filepath.Base(path) == path {
+		path = "." + string(filepath.Separator) + path
+	}
+--
+2.40.0
-- 
2.43.0

[OE-core][scarthgap 13/18] glibc: stable 2.39 branch updates

[Steve Sakoman]

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

git log --oneline b027d5b145f1b2908f370bdb96dfe40180d0fcb6..765534258e7f2c33719e3a5bc13432552991513b

765534258e (HEAD, origin/release/2.39/master) nss: Group merge does not react to ERANGE during merge (bug 33361)
7ce7b4b2f4 Rename new tst-sem17 test to tst-sem18
a6ac06abeb Avoid uninitialized result in sem_open when file does not exist
ff6ce67220 elf: handle addition overflow in _dl_find_object_update_1 [BZ #32245]
fffc2df8a3 Optimize __libc_tsd_* thread variable access
83340b35cc i386: Add GLIBC_ABI_GNU_TLS version [BZ #33221]
5541edb1bd i386: Also add GLIBC_ABI_GNU2_TLS version [BZ #33129]
1f17635507 debug: Fix tst-longjmp_chk3 build failure on Hurd
3b6c8ea878 debug: Wire up tst-longjmp_chk3
89596f46e3 i386: Update ___tls_get_addr to preserve vector registers
4c2509882f elf: Preserve _rtld_global layout for the release branch
cf0e7d512d elf: Compile _dl_debug_state separately (bug 33224)
5cd1f4b1a1 elf: Restore support for _r_debug interpositions and copy relocations
97017da5ef elf: Introduce _dl_debug_change_state
5601ad79b7 elf: Introduce separate _r_debug_array variable
24c94ea84e elf: Test dlopen (NULL, RTLD_LAZY) from an ELF constructor
79d84b5da5 elf: Fix handling of symbol versions which hash to zero (bug 29190)
5f5c411132 elf: Second ld.so relocation only if libc.so has been loaded
4c9b1877fd elf: Reorder audit events in dlcose to match _dl_fini (bug 32066)
f407a14ff7 elf: Call la_objclose for proxy link maps in _dl_fini (bug 32065)
e27601b385 elf: Signal la_objopen for the proxy link map in dlmopen (bug 31985)
fef226255d elf: Add the endswith function to <endswith.h>
d21a217fa0 elf: Update DSO list, write audit log to elf/tst-audit23.out
4f145bb35d elf: Switch to main malloc after final ld.so self-relocation
65d86471ce elf: Introduce _dl_relocate_object_no_relro
5434cc2c41 elf: Do not define consider_profiling, consider_symbind as macros
b2d8c6cbe7 elf: rtld_multiple_ref is always true
2b89de7c91 Revert "elf: Run constructors on cyclic recursive dlopen (bug 31986)"
46e3ecad27 elf: Fix map_complete Systemtap probe in dl_open_worker
5f225025db elf: Signal RT_CONSISTENT after relocation processing in dlopen (bug 31986)
d6cc325fcf elf: Signal LA_ACT_CONSISTENT to auditors after RT_CONSISTENT switch
6917fde6f9 elf: Run constructors on cyclic recursive dlopen (bug 31986)
9fa7cc6a0b ldconfig: Move endswithn into a new header file
269e89bd8d x86-64: Add GLIBC_ABI_DT_X86_64_PLT [BZ #33212]
62ff85fd09 x86-64: Add GLIBC_ABI_GNU2_TLS version [BZ #33129]
f0e8d04eef libio: Test for fdopen memory leak without SEEK_END support (bug 31840)
42a8cb7560 Remove memory leak in fdopen (bug 31840)
d1c1f78e9e math: Remove no-mathvec flag
20d2d69a2f Use TLS initial-exec model for __libc_tsd_CTYPE_* thread variables [BZ #33234]
c11950503f ctype: Fallback initialization of TLS using relocations (bug 19341, bug 32483)
25c537c3b3 Use proper extern declaration for _nl_C_LC_CTYPE_{class,toupper,tolower}
fbdf9680cc Remove <libc-tsd.h>
fca5937510 ctype: Reformat Makefile.
49f0e73fa3 elf: Handle ld.so with LOAD segment gaps in _dl_find_object (bug 31943)
64488b4b31 elf: Extract rtld_setup_phdr function from dl_main
9833fcf7ce elf: Do not add a copy of _dl_find_object to libc.so
fbade65338 arm: Use _dl_find_object on __gnu_Unwind_Find_exidx (BZ 31405)
392e6cf1e8 AArch64: Improve codegen in SVE log1p
3a78a276a3 AArch64: Optimize inverse trig functions
b6ea8902a7 AArch64: Avoid memset ifunc in cpu-features.c [BZ #33112]

Testing Results:
            Before     After    Diff
PASS         5080      5096      +16
XPASS        4         4          0
FAIL         119       123       +4
XFAIL        16        16         0
UNSUPPORTED  154       154        0

Testcases changes

testcase-name                                                before           after

debug/tst-longjmp_chk3(new)                                    -               PASS
elf/check-dt-x86-64-plt(new)                                   -               PASS
elf/check-gnu2-tls(new)                                        -               PASS
lf/tst-dlmopen4-nonpic(new)                                    -               PASS
elf/tst-dlmopen4-pic(new)                                      -               PASS
elf/tst-dlopen-auditdup(new)                                   -               PASS
elf/tst-dlopen-constructor-null(new)                           -               PASS
elf/tst-link-map-contiguous-ldso(new)                          -               PASS
elf/tst-link-map-contiguous-libc(new)                          -               PASS
elf/tst-nolink-libc-1(new)                                     -               PASS
elf/tst-nolink-libc-2(new)                                     -               PASS
elf/tst-rtld-no-malloc(new)                                    -               PASS
elf/tst-rtld-no-malloc-audit(new)                              -               PASS
elf/tst-rtld-no-malloc-preload(new)                            -               PASS
elf/tst-tls23(new)                                             -               PASS
elf/tst-version-hash-zero(new)                                 -               PASS
libio/tst-fdopen-seek-failure(new)                             -               PASS
libio/tst-fdopen-seek-failure-mem(new)                         -               PASS
nptl/tst-sem18(new)                                            -               PASS
ctype/tst-ctype-tls-dlmopen(new)                               -               FAIL
ctype/tst-ctype-tls-dlopen-static(new)                         -               FAIL
stdio-common/tst-scanf-bz27650                                FAIL             PASS
malloc/tst-aligned-alloc-random-thread-cross-malloc-check     PASS             FAIL
malloc/tst-aligned-alloc-random-thread-malloc-check           PASS             FAIL
timezone/tst-tzset                                            PASS             FAIL
elf/ifuncmain8                                                PASS              -

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 89e532fd67..f63eb0ad56 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,7 +1,7 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "b027d5b145f1b2908f370bdb96dfe40180d0fcb6"
-SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
+SRCREV_glibc ?= "765534258e7f2c33719e3a5bc13432552991513b"
+SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
 
-- 
2.43.0

[OE-core][scarthgap 14/18] scripts/install-buildtools: Update to 5.0.12

[Steve Sakoman]

From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>

Update to the 5.0.12 release of the 5.0 series for buildtools

Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/install-buildtools | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 0dd23fe0e4..a449e45cff 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
 
 DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
 DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-5.0.11'
-DEFAULT_INSTALLER_VERSION = '5.0.11'
+DEFAULT_RELEASE = 'yocto-5.0.12'
+DEFAULT_INSTALLER_VERSION = '5.0.12'
 DEFAULT_BUILDDATE = '202110XX'
 
 # Python version sanity check
-- 
2.43.0

[OE-core][scarthgap 15/18] openssl: upgrade 3.2.4 -> 3.2.6

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

3.2.6 has fixed 3.2.5 regression which broke python3 ptests so we can
upgrade now. We can also drop CVE-2025-27587 patch which was taken
instead of 3.2.5 upgrade under:
https://github.com/openssl/openssl/pull/28198

Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3017-and-openssl-3018-30-sep-2025

OpenSSL 3.2.6 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)

Release information:
https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-324-and-openssl-325-1-jul-2025

OpenSSL 3.2.5 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Miscellaneous minor bug fixes.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
 .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
 .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
 3 files changed, 1 insertion(+), 2050 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
deleted file mode 100644
index eb3fc52dca..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
+++ /dev/null
@@ -1,1918 +0,0 @@
-From 14ac0f0e4e1f36793d09b41ffd5e482575289ab2 Mon Sep 17 00:00:00 2001
-From: Danny Tsen <dtsen@us.ibm.com>
-Date: Tue, 11 Feb 2025 13:48:01 -0500
-Subject: [PATCH] Fix Minerva timing side-channel signal for P-384 curve on PPC
-
-1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
-   for Montgomery multiplication.
-2. ecp_nistp384-ppc64.pl:
-   - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
-     minumum perl wrapper.
-   - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
-   - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
-3. ecp_nistp384.c:
-   - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.
-
-Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/26709)
-
-(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5)
-
-CVE: CVE-2025-27587
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/14ac0f0e4e1f36793d09b41ffd5e482575289ab2]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- crypto/bn/bn_ppc.c                  |    3 +
- crypto/ec/asm/ecp_nistp384-ppc64.pl | 1724 +++++++++++++++++++++++----
- crypto/ec/ecp_nistp384.c            |   28 +-
- 3 files changed, 1504 insertions(+), 251 deletions(-)
-
-diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
-index 1e9421bee2..29293bad55 100644
---- a/crypto/bn/bn_ppc.c
-+++ b/crypto/bn/bn_ppc.c
-@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-      */
- 
- #if defined(_ARCH_PPC64) && !defined(__ILP32__)
-+    /* Minerva side-channel fix danny */
-+# if defined(USE_FIXED_N6)
-     if (num == 6) {
-         if (OPENSSL_ppccap_P & PPC_MADD300)
-             return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
-         else
-             return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
-     }
-+# endif
- #endif
- 
-     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl
-index 28f4168e52..b663bddfc6 100755
---- a/crypto/ec/asm/ecp_nistp384-ppc64.pl
-+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
-@@ -7,13 +7,15 @@
- # https://www.openssl.org/source/license.html
- #
- # ====================================================================
--# Written by Rohan McLure <rmclure@linux.ibm.com> for the OpenSSL
--# project.
-+# Written by Danny Tsen <dtsen@us.ibm.com> # for the OpenSSL project.
-+#
-+# Copyright 2025- IBM Corp.
- # ====================================================================
- #
--# p384 lower-level primitives for PPC64 using vector instructions.
-+# p384 lower-level primitives for PPC64.
- #
- 
-+
- use strict;
- use warnings;
- 
-@@ -21,7 +23,7 @@ my $flavour = shift;
- my $output = "";
- while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
- if (!$output) {
--    $output = "-";
-+        $output = "-";
- }
- 
- my ($xlate, $dir);
-@@ -35,271 +37,1495 @@ open OUT,"| \"$^X\" $xlate $flavour $output";
- 
- my $code = "";
- 
--my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
--
--my $vzero = "v32";
--
--sub startproc($)
--{
--    my ($name) = @_;
--
--    $code.=<<___;
--    .globl ${name}
--    .align 5
--${name}:
--
--___
--}
--
--sub endproc($)
--{
--    my ($name) = @_;
--
--    $code.=<<___;
--    blr
--        .size ${name},.-${name}
--
--___
--}
--
--sub load_vrs($$)
--{
--    my ($pointer, $reg_list) = @_;
--
--    for (my $i = 0; $i <= 6; $i++) {
--        my $offset = $i * 8;
--        $code.=<<___;
--    lxsd        $reg_list->[$i],$offset($pointer)
--___
--    }
--
--    $code.=<<___;
--
--___
--}
--
--sub store_vrs($$)
--{
--    my ($pointer, $reg_list) = @_;
--
--    for (my $i = 0; $i <= 12; $i++) {
--        my $offset = $i * 16;
--        $code.=<<___;
--    stxv        $reg_list->[$i],$offset($pointer)
--___
--    }
--
--    $code.=<<___;
--
--___
--}
--
- $code.=<<___;
--.machine    "any"
-+.machine "any"
- .text
- 
--___
-+.globl  p384_felem_mul
-+.type   p384_felem_mul,\@function
-+.align	4
-+p384_felem_mul:
- 
--{
--    # mul/square common
--    my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
--    my ($zero, $one) = ("r8", "r9");
--    my $out = "v51";
-+	stdu	1, -176(1)
-+	mflr	0
-+	std	14, 56(1)
-+	std	15, 64(1)
-+	std	16, 72(1)
-+	std	17, 80(1)
-+	std	18, 88(1)
-+	std	19, 96(1)
-+	std	20, 104(1)
-+	std	21, 112(1)
-+	std	22, 120(1)
- 
--    {
--        #
--        # p384_felem_mul
--        #
-+	bl	_p384_felem_mul_core
- 
--        my ($in1p, $in2p) = ("r4", "r5");
--        my @in1 = map("v$_",(44..50));
--        my @in2 = map("v$_",(35..41));
-+	mtlr	0
-+	ld	14, 56(1)
-+	ld	15, 64(1)
-+	ld	16, 72(1)
-+	ld	17, 80(1)
-+	ld	18, 88(1)
-+	ld	19, 96(1)
-+	ld	20, 104(1)
-+	ld	21, 112(1)
-+	ld	22, 120(1)
-+	addi	1, 1, 176
-+	blr
-+.size   p384_felem_mul,.-p384_felem_mul
- 
--        startproc("p384_felem_mul");
-+.globl  p384_felem_square
-+.type   p384_felem_square,\@function
-+.align	4
-+p384_felem_square:
- 
--        $code.=<<___;
--    vspltisw    $vzero,0
-+	stdu	1, -176(1)
-+	mflr	0
-+	std	14, 56(1)
-+	std	15, 64(1)
-+	std	16, 72(1)
-+	std	17, 80(1)
- 
--___
-+	bl	_p384_felem_square_core
- 
--        load_vrs($in1p, \@in1);
--        load_vrs($in2p, \@in2);
--
--        $code.=<<___;
--    vmsumudm    $out,$in1[0],$in2[0],$vzero
--    stxv        $out,0($outp)
--
--    xxpermdi    $t1,$in1[0],$in1[1],0b00
--    xxpermdi    $t2,$in2[1],$in2[0],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,16($outp)
--
--    xxpermdi    $t2,$in2[2],$in2[1],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in1[2],$in2[0],$out
--    stxv        $out,32($outp)
--
--    xxpermdi    $t2,$in2[1],$in2[0],0b00
--    xxpermdi    $t3,$in1[2],$in1[3],0b00
--    xxpermdi    $t4,$in2[3],$in2[2],0b00
--    vmsumudm    $out,$t1,$t4,$vzero
--    vmsumudm    $out,$t3,$t2,$out
--    stxv        $out,48($outp)
--
--    xxpermdi    $t2,$in2[4],$in2[3],0b00
--    xxpermdi    $t4,$in2[2],$in2[1],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    vmsumudm    $out,$in1[4],$in2[0],$out
--    stxv        $out,64($outp)
--
--    xxpermdi    $t2,$in2[5],$in2[4],0b00
--    xxpermdi    $t4,$in2[3],$in2[2],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    xxpermdi    $t4,$in2[1],$in2[0],0b00
--    xxpermdi    $t1,$in1[4],$in1[5],0b00
--    vmsumudm    $out,$t1,$t4,$out
--    stxv        $out,80($outp)
--
--    xxpermdi    $t1,$in1[0],$in1[1],0b00
--    xxpermdi    $t2,$in2[6],$in2[5],0b00
--    xxpermdi    $t4,$in2[4],$in2[3],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    xxpermdi    $t2,$in2[2],$in2[1],0b00
--    xxpermdi    $t1,$in1[4],$in1[5],0b00
--    vmsumudm    $out,$t1,$t2,$out
--    vmsumudm    $out,$in1[6],$in2[0],$out
--    stxv        $out,96($outp)
--
--    xxpermdi    $t1,$in1[1],$in1[2],0b00
--    xxpermdi    $t2,$in2[6],$in2[5],0b00
--    xxpermdi    $t3,$in1[3],$in1[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    xxpermdi    $t3,$in2[2],$in2[1],0b00
--    xxpermdi    $t1,$in1[5],$in1[6],0b00
--    vmsumudm    $out,$t1,$t3,$out
--    stxv        $out,112($outp)
--
--    xxpermdi    $t1,$in1[2],$in1[3],0b00
--    xxpermdi    $t3,$in1[4],$in1[5],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    vmsumudm    $out,$in1[6],$in2[2],$out
--    stxv        $out,128($outp)
--
--    xxpermdi    $t1,$in1[3],$in1[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    xxpermdi    $t1,$in1[5],$in1[6],0b00
--    vmsumudm    $out,$t1,$t4,$out
--    stxv        $out,144($outp)
--
--    vmsumudm    $out,$t3,$t2,$vzero
--    vmsumudm    $out,$in1[6],$in2[4],$out
--    stxv        $out,160($outp)
--
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,176($outp)
--
--    vmsumudm    $out,$in1[6],$in2[6],$vzero
--    stxv        $out,192($outp)
--___
-+	mtlr	0
-+	ld	14, 56(1)
-+	ld	15, 64(1)
-+	ld	16, 72(1)
-+	ld	17, 80(1)
-+	addi	1, 1, 176
-+	blr
-+.size   p384_felem_square,.-p384_felem_square
- 
--        endproc("p384_felem_mul");
--    }
-+#
-+# Felem mul core function -
-+# r3, r4 and r5 need to pre-loaded.
-+#
-+.type   _p384_felem_mul_core,\@function
-+.align	4
-+_p384_felem_mul_core:
- 
--    {
--        #
--        # p384_felem_square
--        #
-+	ld	6,0(4)
-+	ld	14,0(5)
-+	ld	7,8(4)
-+	ld	15,8(5)
-+	ld	8,16(4)
-+	ld	16,16(5)
-+	ld	9,24(4)
-+	ld	17,24(5)
-+	ld	10,32(4)
-+	ld	18,32(5)
-+	ld	11,40(4)
-+	ld	19,40(5)
-+	ld	12,48(4)
-+	ld	20,48(5)
- 
--        my ($inp) = ("r4");
--        my @in = map("v$_",(44..50));
--        my @inx2 = map("v$_",(35..41));
-+	# out0
-+	mulld	21, 14, 6
-+	mulhdu	22, 14, 6
-+	std	21, 0(3)
-+	std	22, 8(3)
- 
--        startproc("p384_felem_square");
-+	vxor	0, 0, 0
- 
--        $code.=<<___;
--    vspltisw    $vzero,0
-+	# out1
-+	mtvsrdd	32+13, 14, 6
-+	mtvsrdd	32+14, 7, 15
-+	vmsumudm 1, 13, 14, 0
- 
--___
-+	# out2
-+	mtvsrdd	32+15, 15, 6
-+	mtvsrdd	32+16, 7, 16
-+	mtvsrdd	32+17, 0, 8
-+	mtvsrdd	32+18, 0, 14
-+	vmsumudm 19, 15, 16, 0
-+	vmsumudm 2, 17, 18, 19
- 
--        load_vrs($inp, \@in);
-+	# out3
-+	mtvsrdd	32+13, 16, 6
-+	mtvsrdd	32+14, 7, 17
-+	mtvsrdd	32+15, 14, 8
-+	mtvsrdd	32+16, 9, 15
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 3, 15, 16, 19
- 
--        $code.=<<___;
--    li        $zero,0
--    li        $one,1
--    mtvsrdd        $t1,$one,$zero
--___
-+	# out4
-+	mtvsrdd	32+13, 17, 6
-+	mtvsrdd	32+14, 7, 18
-+	mtvsrdd	32+15, 15, 8
-+	mtvsrdd	32+16, 9, 16
-+	mtvsrdd	32+17, 0, 10
-+	mtvsrdd	32+18, 0, 14
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 4, 15, 16, 19
-+	vmsumudm 4, 17, 18, 4
- 
--        for (my $i = 0; $i <= 6; $i++) {
--            $code.=<<___;
--    vsld        $inx2[$i],$in[$i],$t1
--___
--        }
--
--        $code.=<<___;
--    vmsumudm    $out,$in[0],$in[0],$vzero
--    stxv        $out,0($outp)
--
--    vmsumudm    $out,$in[0],$inx2[1],$vzero
--    stxv        $out,16($outp)
--
--    vmsumudm    $out,$in[0],$inx2[2],$vzero
--    vmsumudm    $out,$in[1],$in[1],$out
--    stxv        $out,32($outp)
--
--    xxpermdi    $t1,$in[0],$in[1],0b00
--    xxpermdi    $t2,$inx2[3],$inx2[2],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,48($outp)
--
--    xxpermdi    $t4,$inx2[4],$inx2[3],0b00
--    vmsumudm    $out,$t1,$t4,$vzero
--    vmsumudm    $out,$in[2],$in[2],$out
--    stxv        $out,64($outp)
--
--    xxpermdi    $t2,$inx2[5],$inx2[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in[2],$inx2[3],$out
--    stxv        $out,80($outp)
--
--    xxpermdi    $t2,$inx2[6],$inx2[5],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in[2],$inx2[4],$out
--    vmsumudm    $out,$in[3],$in[3],$out
--    stxv        $out,96($outp)
--
--    xxpermdi    $t3,$in[1],$in[2],0b00
--    vmsumudm    $out,$t3,$t2,$vzero
--    vmsumudm    $out,$in[3],$inx2[4],$out
--    stxv        $out,112($outp)
--
--    xxpermdi    $t1,$in[2],$in[3],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in[4],$in[4],$out
--    stxv        $out,128($outp)
--
--    xxpermdi    $t1,$in[3],$in[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,144($outp)
--
--    vmsumudm    $out,$in[4],$inx2[6],$vzero
--    vmsumudm    $out,$in[5],$in[5],$out
--    stxv        $out,160($outp)
--
--    vmsumudm    $out,$in[5],$inx2[6],$vzero
--    stxv        $out,176($outp)
--
--    vmsumudm    $out,$in[6],$in[6],$vzero
--    stxv        $out,192($outp)
--___
-+	# out5
-+	mtvsrdd	32+13, 18, 6
-+	mtvsrdd	32+14, 7, 19
-+	mtvsrdd	32+15, 16, 8
-+	mtvsrdd	32+16, 9, 17
-+	mtvsrdd	32+17, 14, 10
-+	mtvsrdd	32+18, 11, 15
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 5, 15, 16, 19
-+	vmsumudm 5, 17, 18, 5
-+
-+	stxv	32+1, 16(3)
-+	stxv	32+2, 32(3)
-+	stxv	32+3, 48(3)
-+	stxv	32+4, 64(3)
-+	stxv	32+5, 80(3)
-+
-+	# out6
-+	mtvsrdd	32+13, 19, 6
-+	mtvsrdd	32+14, 7, 20
-+	mtvsrdd	32+15, 17, 8
-+	mtvsrdd	32+16, 9, 18
-+	mtvsrdd	32+17, 15, 10
-+	mtvsrdd	32+18, 11, 16
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 6, 15, 16, 19
-+	mtvsrdd	32+13, 0, 12
-+	mtvsrdd	32+14, 0, 14
-+	vmsumudm 19, 17, 18, 6
-+	vmsumudm 6, 13, 14, 19
-+
-+	# out7
-+	mtvsrdd	32+13, 19, 7
-+	mtvsrdd	32+14, 8, 20
-+	mtvsrdd	32+15, 17, 9
-+	mtvsrdd	32+16, 10, 18
-+	mtvsrdd	32+17, 15, 11
-+	mtvsrdd	32+18, 12, 16
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 7, 15, 16, 19
-+	vmsumudm 7, 17, 18, 7
-+
-+	# out8
-+	mtvsrdd	32+13, 19, 8
-+	mtvsrdd	32+14, 9, 20
-+	mtvsrdd	32+15, 17, 10
-+	mtvsrdd	32+16, 11, 18
-+	mtvsrdd	32+17, 0, 12
-+	mtvsrdd	32+18, 0, 16
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 8, 15, 16, 19
-+	vmsumudm 8, 17, 18, 8
-+
-+	# out9
-+	mtvsrdd	32+13, 19, 9
-+	mtvsrdd	32+14, 10, 20
-+	mtvsrdd	32+15, 17, 11
-+	mtvsrdd	32+16, 12, 18
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 9, 15, 16, 19
-+
-+	# out10
-+	mtvsrdd	32+13, 19, 10
-+	mtvsrdd	32+14, 11, 20
-+	mtvsrdd	32+15, 0, 12
-+	mtvsrdd	32+16, 0, 18
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 10, 15, 16, 19
-+
-+	# out11
-+	mtvsrdd	32+17, 19, 11
-+	mtvsrdd	32+18, 12, 20
-+	vmsumudm 11, 17, 18, 0
-+
-+	stxv	32+6, 96(3)
-+	stxv	32+7, 112(3)
-+	stxv	32+8, 128(3)
-+	stxv	32+9, 144(3)
-+	stxv	32+10, 160(3)
-+	stxv	32+11, 176(3)
-+
-+	# out12
-+	mulld	21, 20, 12
-+	mulhdu	22, 20, 12	# out12
-+
-+	std	21, 192(3)
-+	std	22, 200(3)
-+
-+	blr
-+.size   _p384_felem_mul_core,.-_p384_felem_mul_core
-+
-+#
-+# Felem square core function -
-+# r3 and r4 need to pre-loaded.
-+#
-+.type   _p384_felem_square_core,\@function
-+.align	4
-+_p384_felem_square_core:
-+
-+	ld	6, 0(4)
-+	ld	7, 8(4)
-+	ld	8, 16(4)
-+	ld	9, 24(4)
-+	ld	10, 32(4)
-+	ld	11, 40(4)
-+	ld	12, 48(4)
-+
-+	vxor	0, 0, 0
-+
-+	# out0
-+	mulld	14, 6, 6
-+	mulhdu	15, 6, 6
-+	std	14, 0(3)
-+	std	15, 8(3)
-+
-+	# out1
-+	add	14, 6, 6
-+	mtvsrdd	32+13, 0, 14
-+	mtvsrdd	32+14, 0, 7
-+	vmsumudm 1, 13, 14, 0
-+
-+	# out2
-+	mtvsrdd	32+15, 7, 14
-+	mtvsrdd	32+16, 7, 8
-+	vmsumudm 2, 15, 16, 0
-+
-+	# out3
-+	add	15, 7, 7
-+	mtvsrdd	32+13, 8, 14
-+	mtvsrdd	32+14, 15, 9
-+	vmsumudm 3, 13, 14, 0
-+
-+	# out4
-+	mtvsrdd	32+13, 9, 14
-+	mtvsrdd	32+14, 15, 10
-+	mtvsrdd	32+15, 0, 8
-+	vmsumudm 4, 13, 14, 0
-+	vmsumudm 4, 15, 15, 4
-+
-+	# out5
-+	mtvsrdd	32+13, 10, 14
-+	mtvsrdd	32+14, 15, 11
-+	add	16, 8, 8
-+	mtvsrdd	32+15, 0, 16
-+	mtvsrdd	32+16, 0, 9
-+	vmsumudm 5, 13, 14, 0
-+	vmsumudm 5, 15, 16, 5
-+
-+	stxv	32+1, 16(3)
-+	stxv	32+2, 32(3)
-+	stxv	32+3, 48(3)
-+	stxv	32+4, 64(3)
-+
-+	# out6
-+	mtvsrdd	32+13, 11, 14
-+	mtvsrdd	32+14, 15, 12
-+	mtvsrdd	32+15, 9, 16
-+	mtvsrdd	32+16, 9, 10
-+	stxv	32+5, 80(3)
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 6, 15, 16, 19
-+
-+	# out7
-+	add	17, 9, 9
-+	mtvsrdd	32+13, 11, 15
-+	mtvsrdd	32+14, 16, 12
-+	mtvsrdd	32+15, 0, 17
-+	mtvsrdd	32+16, 0, 10
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 7, 15, 16, 19
-+
-+	# out8
-+	mtvsrdd	32+13, 11, 16
-+	mtvsrdd	32+14, 17, 12
-+	mtvsrdd	32+15, 0, 10
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 8, 15, 15, 19
-+
-+	# out9
-+	add	14, 10, 10
-+	mtvsrdd	32+13, 11, 17
-+	mtvsrdd	32+14, 14, 12
-+	vmsumudm 9, 13, 14, 0
-+
-+	# out10
-+	mtvsrdd	32+13, 11, 14
-+	mtvsrdd	32+14, 11, 12
-+	vmsumudm 10, 13, 14, 0
-+
-+	stxv	32+6, 96(3)
-+	stxv	32+7, 112(3)
-+
-+	# out11
-+	#add	14, 11, 11
-+	#mtvsrdd	32+13, 0, 14
-+	#mtvsrdd	32+14, 0, 12
-+	#vmsumudm 11, 13, 14, 0
-+
-+	mulld	6, 12, 11
-+	mulhdu	7, 12, 11
-+	addc	8, 6, 6
-+	adde	9, 7, 7
-+
-+	stxv	32+8, 128(3)
-+	stxv	32+9, 144(3)
-+	stxv	32+10, 160(3)
-+	#stxv	32+11, 176(3)
-+
-+	# out12
-+	mulld	14, 12, 12
-+	mulhdu	15, 12, 12
-+
-+	std	8, 176(3)
-+	std	9, 184(3)
-+	std	14, 192(3)
-+	std	15, 200(3)
-+
-+	blr
-+.size   _p384_felem_square_core,.-_p384_felem_square_core
-+
-+#
-+# widefelem (128 bits) * 8
-+#
-+.macro F128_X_8 _off1 _off2
-+	ld	9,\\_off1(3)
-+	ld	8,\\_off2(3)
-+	srdi	10,9,61
-+	rldimi	10,8,3,0
-+	sldi	9,9,3
-+	std	9,\\_off1(3)
-+	std	10,\\_off2(3)
-+.endm
-+
-+.globl p384_felem128_mul_by_8
-+.type	p384_felem128_mul_by_8, \@function
-+.align 4
-+p384_felem128_mul_by_8:
-+
-+	F128_X_8 0, 8
-+
-+	F128_X_8 16, 24
-+
-+	F128_X_8 32, 40
-+
-+	F128_X_8 48, 56
-+
-+	F128_X_8 64, 72
-+
-+	F128_X_8 80, 88
-+
-+	F128_X_8 96, 104
-+
-+	F128_X_8 112, 120
-+
-+	F128_X_8 128, 136
-+
-+	F128_X_8 144, 152
-+
-+	F128_X_8 160, 168
-+
-+	F128_X_8 176, 184
-+
-+	F128_X_8 192, 200
-+
-+	blr
-+.size	p384_felem128_mul_by_8,.-p384_felem128_mul_by_8
-+
-+#
-+# widefelem (128 bits) * 2
-+#
-+.macro F128_X_2 _off1 _off2
-+	ld	9,\\_off1(3)
-+	ld	8,\\_off2(3)
-+	srdi	10,9,63
-+	rldimi	10,8,1,0
-+	sldi	9,9,1
-+	std	9,\\_off1(3)
-+	std	10,\\_off2(3)
-+.endm
-+
-+.globl p384_felem128_mul_by_2
-+.type	p384_felem128_mul_by_2, \@function
-+.align 4
-+p384_felem128_mul_by_2:
-+
-+	F128_X_2 0, 8
-+
-+	F128_X_2 16, 24
-+
-+	F128_X_2 32, 40
-+
-+	F128_X_2 48, 56
-+
-+	F128_X_2 64, 72
-+
-+	F128_X_2 80, 88
-+
-+	F128_X_2 96, 104
-+
-+	F128_X_2 112, 120
-+
-+	F128_X_2 128, 136
-+
-+	F128_X_2 144, 152
-+
-+	F128_X_2 160, 168
-+
-+	F128_X_2 176, 184
-+
-+	F128_X_2 192, 200
-+
-+	blr
-+.size	p384_felem128_mul_by_2,.-p384_felem128_mul_by_2
-+
-+.globl p384_felem_diff128
-+.type	p384_felem_diff128, \@function
-+.align 4
-+p384_felem_diff128:
-+
-+	addis   5, 2, .LConst_two127\@toc\@ha
-+	addi    5, 5, .LConst_two127\@toc\@l
-+
-+	ld	10, 0(3)
-+	ld	8, 8(3)
-+	li	9, 0
-+	addc	10, 10, 9
-+	li	7, -1
-+	rldicr	7, 7, 0, 0	# two127
-+	adde	8, 8, 7
-+	ld	11, 0(4)
-+	ld	12, 8(4)
-+	subfc	11, 11, 10
-+	subfe	12, 12, 8
-+	std	11, 0(3)	# out0
-+	std	12, 8(3)
-+
-+	# two127m71 = (r10, r9)
-+	ld	8, 16(3)
-+	ld	7, 24(3)
-+	ld	10, 24(5)	# two127m71
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 16(4)
-+	ld	12, 24(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 16(3)	# out1
-+	std	12, 24(3)
-+
-+	ld	8, 32(3)
-+	ld	7, 40(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 32(4)
-+	ld	12, 40(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 32(3)	# out2
-+	std	12, 40(3)
-+
-+	ld	8, 48(3)
-+	ld	7, 56(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 48(4)
-+	ld	12, 56(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 48(3)	# out3
-+	std	12, 56(3)
-+
-+	ld	8, 64(3)
-+	ld	7, 72(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 64(4)
-+	ld	12, 72(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 64(3)	# out4
-+	std	12, 72(3)
-+
-+	ld	8, 80(3)
-+	ld	7, 88(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 80(4)
-+	ld	12, 88(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 80(3)	# out5
-+	std	12, 88(3)
-+
-+	ld	8, 96(3)
-+	ld	7, 104(3)
-+	ld	6, 40(5)	# two127p111m79m71
-+	addc	8, 8, 9
-+	adde	7, 7, 6
-+	ld	11, 96(4)
-+	ld	12, 104(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 96(3)	# out6
-+	std	12, 104(3)
-+
-+	ld	8, 112(3)
-+	ld	7, 120(3)
-+	ld	6, 56(5)	# two127m119m71
-+	addc	8, 8, 9
-+	adde	7, 7, 6
-+	ld	11, 112(4)
-+	ld	12, 120(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 112(3)	# out7
-+	std	12, 120(3)
-+
-+	ld	8, 128(3)
-+	ld	7, 136(3)
-+	ld	6, 72(5)	# two127m95m71
-+	addc	8, 8, 9
-+	adde	7, 7, 6
-+	ld	11, 128(4)
-+	ld	12, 136(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 128(3)	# out8
-+	std	12, 136(3)
-+
-+	ld	8, 144(3)
-+	ld	7, 152(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 144(4)
-+	ld	12, 152(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 144(3)	# out9
-+	std	12, 152(3)
-+
-+	ld	8, 160(3)
-+	ld	7, 168(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 160(4)
-+	ld	12, 168(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 160(3)	# out10
-+	std	12, 168(3)
-+
-+	ld	8, 176(3)
-+	ld	7, 184(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 176(4)
-+	ld	12, 184(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 176(3)	# out11
-+	std	12, 184(3)
-+
-+	ld	8, 192(3)
-+	ld	7, 200(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 192(4)
-+	ld	12, 200(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 192(3)	# out12
-+	std	12, 200(3)
-+
-+	blr
-+.size	p384_felem_diff128,.-p384_felem_diff128
-+
-+.data
-+.align 4
-+.LConst_two127:
-+#two127
-+.long 0x00000000, 0x00000000, 0x00000000, 0x80000000
-+#two127m71
-+.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff
-+#two127p111m79m71
-+.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff
-+#two127m119m71
-+.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff
-+#two127m95m71
-+.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff
-+
-+.text
-+
-+.globl p384_felem_diff_128_64
-+.type	p384_felem_diff_128_64, \@function
-+.align 4
-+p384_felem_diff_128_64:
-+	addis   5, 2, .LConst_128_two64\@toc\@ha
-+	addi    5, 5, .LConst_128_two64\@toc\@l
-+
-+	ld	9, 0(3)
-+	ld	10, 8(3)
-+	ld	8, 48(5)	# two64p48m16
-+	li	7, 0
-+	addc	9, 9, 8
-+	li	6, 1
-+	adde	10, 10, 6
-+	ld	11, 0(4)
-+	subfc	8, 11, 9
-+	subfe	12, 7, 10
-+	std	8, 0(3)		# out0
-+	std	12, 8(3)
-+
-+	ld	9, 16(3)
-+	ld	10, 24(3)
-+	ld	8, 0(5)		# two64m56m8
-+	addc	9, 9, 8
-+	addze	10, 10
-+	ld	11, 8(4)
-+	subfc	11, 11, 9
-+	subfe	12, 7, 10
-+	std	11, 16(3)	# out1
-+	std	12, 24(3)
-+
-+	ld	9, 32(3)
-+	ld	10, 40(3)
-+	ld	8, 16(5)	# two64m32m8
-+	addc	9, 9, 8
-+	addze	10, 10
-+	ld	11, 16(4)
-+	subfc	11, 11, 9
-+	subfe	12, 7, 10
-+	std	11, 32(3)	# out2
-+	std	12, 40(3)
-+
-+	ld	10, 48(3)
-+	ld	8, 56(3)
-+	#ld	9, 32(5)	# two64m8
-+	li	9, -256		# two64m8
-+	addc	10, 10, 9
-+	addze	8, 8
-+	ld	11, 24(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 8
-+	std	11, 48(3)	# out3
-+	std	12, 56(3)
-+
-+	ld	10, 64(3)
-+	ld	8, 72(3)
-+	addc	10, 10, 9
-+	addze	8, 8
-+	ld	11, 32(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 8
-+	std	11, 64(3)	# out4
-+	std	12, 72(3)
-+
-+	ld	10, 80(3)
-+	ld	8, 88(3)
-+	addc	10, 10, 9
-+	addze	8, 8
-+	ld	11, 40(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 8
-+	std	11, 80(3)	# out5
-+	std	12, 88(3)
-+
-+	ld	10, 96(3)
-+	ld	8, 104(3)
-+	addc	10, 10, 9
-+	addze	9, 8
-+	ld	11, 48(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 9
-+	std	11, 96(3)	# out6
-+	std	12, 104(3)
-+
-+	blr
-+.size	p384_felem_diff_128_64,.-p384_felem_diff_128_64
-+
-+.data
-+.align 4
-+.LConst_128_two64:
-+#two64m56m8
-+.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000
-+#two64m32m8
-+.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000
-+#two64m8
-+.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000
-+#two64p48m16
-+.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000
-+
-+.LConst_two60:
-+#two60m52m4
-+.long 0xfffffff0, 0x0fefffff, 0x0, 0x0
-+#two60p44m12
-+.long 0xfffff000, 0x10000fff, 0x0, 0x0
-+#two60m28m4
-+.long 0xeffffff0, 0x0fffffff, 0x0, 0x0
-+#two60m4
-+.long 0xfffffff0, 0x0fffffff, 0x0, 0x0
-+
-+.text
-+#
-+# static void felem_diff64(felem out, const felem in)
-+#
-+.globl p384_felem_diff64
-+.type	p384_felem_diff64, \@function
-+.align 4
-+p384_felem_diff64:
-+	addis   5, 2, .LConst_two60\@toc\@ha
-+	addi    5, 5, .LConst_two60\@toc\@l
-+
-+	ld	9, 0(3)
-+	ld	8, 16(5)	# two60p44m12
-+	li	7, 0
-+	add	9, 9, 8
-+	ld	11, 0(4)
-+	subf	8, 11, 9
-+	std	8, 0(3)		# out0
-+
-+	ld	9, 8(3)
-+	ld	8, 0(5)		# two60m52m4
-+	add	9, 9, 8
-+	ld	11, 8(4)
-+	subf	11, 11, 9
-+	std	11, 8(3)	# out1
-+
-+	ld	9, 16(3)
-+	ld	8, 32(5)	# two60m28m4
-+	add	9, 9, 8
-+	ld	11, 16(4)
-+	subf	11, 11, 9
-+	std	11, 16(3)	# out2
-+
-+	ld	10, 24(3)
-+	ld	9, 48(5)	# two60m4
-+	add	10, 10, 9
-+	ld	12, 24(4)
-+	subf	12, 12, 10
-+	std	12, 24(3)	# out3
-+
-+	ld	10, 32(3)
-+	add	10, 10, 9
-+	ld	11, 32(4)
-+	subf	11, 11, 10
-+	std	11, 32(3)	# out4
-+
-+	ld	10, 40(3)
-+	add	10, 10, 9
-+	ld	12, 40(4)
-+	subf	12, 12, 10
-+	std	12, 40(3)	# out5
- 
--        endproc("p384_felem_square");
--    }
--}
-+	ld	10, 48(3)
-+	add	10, 10, 9
-+	ld	11, 48(4)
-+	subf	11, 11, 10
-+	std	11, 48(3)	# out6
-+
-+	blr
-+.size	p384_felem_diff64,.-p384_felem_diff64
-+
-+.text
-+#
-+# Shift 128 bits right <nbits>
-+#
-+.macro SHR o_h o_l in_h in_l nbits
-+	srdi	\\o_l, \\in_l, \\nbits		# shift lower right <nbits>
-+	rldimi	\\o_l, \\in_h, 64-\\nbits, 0	# insert <64-nbits> from hi
-+	srdi	\\o_h, \\in_h, \\nbits		# shift higher right <nbits>
-+.endm
-+
-+#
-+# static void felem_reduce(felem out, const widefelem in)
-+#
-+.global p384_felem_reduce
-+.type   p384_felem_reduce,\@function
-+.align 4
-+p384_felem_reduce:
-+
-+	stdu    1, -208(1)
-+	mflr	0
-+	std     14, 56(1)
-+	std     15, 64(1)
-+	std     16, 72(1)
-+	std     17, 80(1)
-+	std     18, 88(1)
-+	std     19, 96(1)
-+	std     20, 104(1)
-+	std     21, 112(1)
-+	std     22, 120(1)
-+	std     23, 128(1)
-+	std     24, 136(1)
-+	std     25, 144(1)
-+	std     26, 152(1)
-+	std     27, 160(1)
-+	std     28, 168(1)
-+	std     29, 176(1)
-+	std     30, 184(1)
-+	std     31, 192(1)
-+
-+	bl	_p384_felem_reduce_core
-+
-+	mtlr	0
-+	ld     14, 56(1)
-+	ld     15, 64(1)
-+	ld     16, 72(1)
-+	ld     17, 80(1)
-+	ld     18, 88(1)
-+	ld     19, 96(1)
-+	ld     20, 104(1)
-+	ld     21, 112(1)
-+	ld     22, 120(1)
-+	ld     23, 128(1)
-+	ld     24, 136(1)
-+	ld     25, 144(1)
-+	ld     26, 152(1)
-+	ld     27, 160(1)
-+	ld     28, 168(1)
-+	ld     29, 176(1)
-+	ld     30, 184(1)
-+	ld     31, 192(1)
-+	addi	1, 1, 208
-+	blr
-+.size   p384_felem_reduce,.-p384_felem_reduce
-+
-+#
-+# Felem reduction core function -
-+# r3 and r4 need to pre-loaded.
-+#
-+.type   _p384_felem_reduce_core,\@function
-+.align 4
-+_p384_felem_reduce_core:
-+	addis   12, 2, .LConst\@toc\@ha
-+	addi    12, 12, .LConst\@toc\@l
-+
-+	# load constat p
-+	ld	11, 8(12)	# hi - two124m68
-+
-+	# acc[6] = in[6] + two124m68;
-+	ld	26, 96(4)	# in[6].l
-+	ld	27, 96+8(4)	# in[6].h
-+	add	27, 27, 11
-+
-+	# acc[5] = in[5] + two124m68;
-+	ld	24, 80(4)	# in[5].l
-+	ld	25, 80+8(4)	# in[5].h
-+	add	25, 25, 11
-+
-+	# acc[4] = in[4] + two124m68;
-+	ld	22, 64(4)	# in[4].l
-+	ld	23, 64+8(4)	# in[4].h
-+	add	23, 23, 11
-+
-+	# acc[3] = in[3] + two124m68;
-+	ld	20, 48(4)	# in[3].l
-+	ld	21, 48+8(4)	# in[3].h
-+	add	21, 21, 11
-+
-+	ld	11, 48+8(12)	# hi - two124m92m68
-+
-+	# acc[2] = in[2] + two124m92m68;
-+	ld	18, 32(4)	# in[2].l
-+	ld	19, 32+8(4)	# in[2].h
-+	add	19, 19, 11
-+
-+	ld	11, 16+8(12)	# high - two124m116m68
-+
-+	# acc[1] = in[1] + two124m116m68;
-+	ld	16, 16(4)	# in[1].l
-+	ld	17, 16+8(4)	# in[1].h
-+	add	17, 17, 11
-+
-+	ld	11, 32+8(12)	# high - two124p108m76
-+
-+	# acc[0] = in[0] + two124p108m76;
-+	ld	14, 0(4)	# in[0].l
-+	ld	15, 0+8(4)	# in[0].h
-+	add	15, 15, 11
-+
-+	# compute mask
-+	li	7, -1
-+
-+	# Eliminate in[12]
-+
-+	# acc[8] += in[12] >> 32;
-+	ld	5, 192(4)	# in[12].l
-+	ld	6, 192+8(4)	# in[12].h
-+	SHR 9, 10, 6, 5, 32
-+	ld	30, 128(4)	# in[8].l
-+	ld	31, 136(4)	# in[8].h
-+	addc	30, 30, 10
-+	adde	31, 31, 9
-+
-+	# acc[7] += (in[12] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	ld	28, 112(4)	# in[7].l
-+	ld	29, 120(4)	# in[7].h
-+	addc	28, 28, 11
-+	addze	29, 29
-+
-+	# acc[7] += in[12] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	28, 28, 10
-+	adde	29, 29, 9
-+
-+	# acc[6] += (in[12] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	26, 26, 11
-+	addze	27, 27
-+
-+	# acc[6] -= in[12] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	26, 10, 26
-+	subfe	27, 9, 27
-+
-+	# acc[5] -= (in[12] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	24, 11, 24
-+	subfe	25, 9, 25
-+
-+	# acc[6] += in[12] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] += (in[12] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	24, 24, 11
-+	addze	25, 25
-+
-+	# Eliminate in[11]
-+
-+	# acc[7] += in[11] >> 32;
-+	ld	5, 176(4)	# in[11].l
-+	ld	6, 176+8(4)	# in[11].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	28, 28, 10
-+	adde	29, 29, 9
-+
-+	# acc[6] += (in[11] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	26, 26, 11
-+	addze	27, 27
-+
-+	# acc[6] += in[11] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] += (in[11] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	24, 24, 11
-+	addze	25, 25
-+
-+	# acc[5] -= in[11] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	24, 10, 24
-+	subfe	25, 9, 25
-+
-+	# acc[4] -= (in[11] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	22, 11, 22
-+	subfe	23, 9, 23
-+
-+	# acc[5] += in[11] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] += (in[11] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	22, 22, 11
-+	addze	23, 23
-+
-+	# Eliminate in[10]
-+
-+	# acc[6] += in[10] >> 32;
-+	ld	5, 160(4)	# in[10].l
-+	ld	6, 160+8(4)	# in[10].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] += (in[10] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	24, 24, 11
-+	addze	25, 25
-+
-+	# acc[5] += in[10] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] += (in[10] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	22, 22, 11
-+	addze	23, 23
-+
-+	# acc[4] -= in[10] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	22, 10, 22
-+	subfe	23, 9, 23
-+
-+	# acc[3] -= (in[10] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	20, 11, 20
-+	subfe	21, 9, 21
-+
-+	# acc[4] += in[10] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] += (in[10] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	20, 20, 11
-+	addze	21, 21
-+
-+	# Eliminate in[9]
-+
-+	# acc[5] += in[9] >> 32;
-+	ld	5, 144(4)	# in[9].l
-+	ld	6, 144+8(4)	# in[9].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] += (in[9] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	22, 22, 11
-+	addze	23, 23
-+
-+	# acc[4] += in[9] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] += (in[9] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	20, 20, 11
-+	addze	21, 21
-+
-+	# acc[3] -= in[9] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	20, 10, 20
-+	subfe	21, 9, 21
-+
-+	# acc[2] -= (in[9] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	18, 11, 18
-+	subfe	19, 9, 19
-+
-+	# acc[3] += in[9] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (in[9] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	18, 18, 11
-+	addze	19, 19
-+
-+	# Eliminate acc[8]
-+
-+	# acc[4] += acc[8] >> 32;
-+	mr	5, 30		# acc[8].l
-+	mr	6, 31		# acc[8].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] += (acc[8] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	20, 20, 11
-+	addze	21, 21
-+
-+	# acc[3] += acc[8] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (acc[8] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	18, 18, 11
-+	addze	19, 19
-+
-+	# acc[2] -= acc[8] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	18, 10, 18
-+	subfe	19, 9, 19
-+
-+	# acc[1] -= (acc[8] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	16, 11, 16
-+	subfe	17, 9, 17
-+
-+	#acc[2] += acc[8] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] += (acc[8] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	16, 16, 11
-+	addze	17, 17
-+
-+	# Eliminate acc[7]
-+
-+	# acc[3] += acc[7] >> 32;
-+	mr	5, 28		# acc[7].l
-+	mr	6, 29		# acc[7].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (acc[7] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	18, 18, 11
-+	addze	19, 19
-+
-+	# acc[2] += acc[7] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] += (acc[7] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	16, 16, 11
-+	addze	17, 17
-+
-+	# acc[1] -= acc[7] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	16, 10, 16
-+	subfe	17, 9, 17
-+
-+	# acc[0] -= (acc[7] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	14, 11, 14
-+	subfe	15, 9, 15
-+
-+	# acc[1] += acc[7] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	16, 16, 10
-+	adde	17, 17, 9
-+
-+	# acc[0] += (acc[7] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	14, 14, 11
-+	addze	15, 15
-+
-+	#
-+	# Carry 4 -> 5 -> 6
-+	#
-+	# acc[5] += acc[4] >> 56;
-+	# acc[4] &= 0x00ffffffffffffff;
-+	SHR 9, 10, 23, 22, 56
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+	srdi	11, 7, 8	# 0x00ffffffffffffff
-+	and	22, 22, 11
-+	li	23, 0
-+
-+	# acc[6] += acc[5] >> 56;
-+	# acc[5] &= 0x00ffffffffffffff;
-+	SHR 9, 10, 25, 24, 56
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+	and	24, 24, 11
-+	li	25, 0
-+
-+	# [3]: Eliminate high bits of acc[6] */
-+	# temp = acc[6] >> 48;
-+	# acc[6] &= 0x0000ffffffffffff;
-+	SHR 31, 30, 27, 26, 48	# temp = acc[6] >> 48
-+	srdi	11, 7, 16	# 0x0000ffffffffffff
-+	and	26, 26, 11
-+	li	27, 0
-+
-+	# temp < 2^80
-+	# acc[3] += temp >> 40;
-+	SHR 9, 10, 31, 30, 40
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (temp & 0xffffffffff) << 16;
-+	srdi	11, 7, 24	# 0xffffffffff
-+	and	10, 30, 11
-+	sldi	10, 10, 16
-+	addc	18, 18, 10
-+	addze	19, 19
-+
-+	# acc[2] += temp >> 16;
-+	SHR 9, 10, 31, 30, 16
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] += (temp & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	10, 30, 11
-+	sldi	10, 10, 40
-+	addc	16, 16, 10
-+	addze	17, 17
-+
-+	# acc[1] -= temp >> 24;
-+	SHR 9, 10, 31, 30, 24
-+	subfc	16, 10, 16
-+	subfe	17, 9, 17
-+
-+	# acc[0] -= (temp & 0xffffff) << 32;
-+	srdi	11, 7, 40	# 0xffffff
-+	and	10, 30, 11
-+	sldi	10, 10, 32
-+	li	9, 0
-+	subfc	14, 10, 14
-+	subfe	15, 9, 15
-+
-+	# acc[0] += temp;
-+	addc	14, 14, 30
-+	adde	15, 15, 31
-+
-+	# Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6
-+	#
-+	# acc[1] += acc[0] >> 56;   /* acc[1] < acc_old[1] + 2^72 */
-+	SHR 9, 10, 15, 14, 56
-+	addc	16, 16, 10
-+	adde	17, 17, 9
-+
-+	# acc[0] &= 0x00ffffffffffffff;
-+	srdi	11, 7, 8	# 0x00ffffffffffffff
-+	and	14, 14, 11
-+	li	15, 0
-+
-+	# acc[2] += acc[1] >> 56;   /* acc[2] < acc_old[2] + 2^72 + 2^16 */
-+	SHR 9, 10, 17, 16, 56
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] &= 0x00ffffffffffffff;
-+	and	16, 16, 11
-+	li	17, 0
-+
-+	# acc[3] += acc[2] >> 56;   /* acc[3] < acc_old[3] + 2^72 + 2^16 */
-+	SHR 9, 10, 19, 18, 56
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] &= 0x00ffffffffffffff;
-+	and	18, 18, 11
-+	li	19, 0
-+
-+	# acc[4] += acc[3] >> 56;
-+	SHR 9, 10, 21, 20, 56
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] &= 0x00ffffffffffffff;
-+	and	20, 20, 11
-+	li	21, 0
-+
-+	# acc[5] += acc[4] >> 56;
-+	SHR 9, 10, 23, 22, 56
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] &= 0x00ffffffffffffff;
-+	and	22, 22, 11
-+
-+	# acc[6] += acc[5] >> 56;
-+	SHR 9, 10, 25, 24, 56
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] &= 0x00ffffffffffffff;
-+	and	24, 24, 11
-+
-+	std	14, 0(3)
-+	std	16, 8(3)
-+	std	18, 16(3)
-+	std	20, 24(3)
-+	std	22, 32(3)
-+	std	24, 40(3)
-+	std	26, 48(3)
-+	blr
-+.size   _p384_felem_reduce_core,.-_p384_felem_reduce_core
-+
-+.data
-+.align 4
-+.LConst:
-+# two124m68:
-+.long 0x0, 0x0, 0xfffffff0, 0xfffffff
-+# two124m116m68:
-+.long 0x0, 0x0, 0xfffffff0, 0xfefffff
-+#two124p108m76:
-+.long 0x0, 0x0, 0xfffff000, 0x10000fff
-+#two124m92m68:
-+.long 0x0, 0x0, 0xeffffff0, 0xfffffff
-+
-+.text
-+
-+#
-+# void p384_felem_square_reduce(felem out, const felem in)
-+#
-+.global p384_felem_square_reduce
-+.type   p384_felem_square_reduce,\@function
-+.align 4
-+p384_felem_square_reduce:
-+	stdu    1, -512(1)
-+	mflr	0
-+	std     14, 56(1)
-+	std     15, 64(1)
-+	std     16, 72(1)
-+	std     17, 80(1)
-+	std     18, 88(1)
-+	std     19, 96(1)
-+	std     20, 104(1)
-+	std     21, 112(1)
-+	std     22, 120(1)
-+	std     23, 128(1)
-+	std     24, 136(1)
-+	std     25, 144(1)
-+	std     26, 152(1)
-+	std     27, 160(1)
-+	std     28, 168(1)
-+	std     29, 176(1)
-+	std     30, 184(1)
-+	std     31, 192(1)
-+
-+	std	3, 496(1)
-+	addi	3, 1, 208
-+	bl _p384_felem_square_core
-+
-+	mr	4, 3
-+	ld	3, 496(1)
-+	bl _p384_felem_reduce_core
-+
-+	ld     14, 56(1)
-+	ld     15, 64(1)
-+	ld     16, 72(1)
-+	ld     17, 80(1)
-+	ld     18, 88(1)
-+	ld     19, 96(1)
-+	ld     20, 104(1)
-+	ld     21, 112(1)
-+	ld     22, 120(1)
-+	ld     23, 128(1)
-+	ld     24, 136(1)
-+	ld     25, 144(1)
-+	ld     26, 152(1)
-+	ld     27, 160(1)
-+	ld     28, 168(1)
-+	ld     29, 176(1)
-+	ld     30, 184(1)
-+	ld     31, 192(1)
-+	addi	1, 1, 512
-+	mtlr	0
-+	blr
-+.size   p384_felem_square_reduce,.-p384_felem_square_reduce
-+
-+#
-+# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2)
-+#
-+.global p384_felem_mul_reduce
-+.type   p384_felem_mul_reduce,\@function
-+.align 5
-+p384_felem_mul_reduce:
-+	stdu    1, -512(1)
-+	mflr	0
-+	std     14, 56(1)
-+	std     15, 64(1)
-+	std     16, 72(1)
-+	std     17, 80(1)
-+	std     18, 88(1)
-+	std     19, 96(1)
-+	std     20, 104(1)
-+	std     21, 112(1)
-+	std     22, 120(1)
-+	std     23, 128(1)
-+	std     24, 136(1)
-+	std     25, 144(1)
-+	std     26, 152(1)
-+	std     27, 160(1)
-+	std     28, 168(1)
-+	std     29, 176(1)
-+	std     30, 184(1)
-+	std     31, 192(1)
-+
-+	std	3, 496(1)
-+	addi	3, 1, 208
-+	bl _p384_felem_mul_core
-+
-+	mr	4, 3
-+	ld	3, 496(1)
-+	bl _p384_felem_reduce_core
-+
-+	ld     14, 56(1)
-+	ld     15, 64(1)
-+	ld     16, 72(1)
-+	ld     17, 80(1)
-+	ld     18, 88(1)
-+	ld     19, 96(1)
-+	ld     20, 104(1)
-+	ld     21, 112(1)
-+	ld     22, 120(1)
-+	ld     23, 128(1)
-+	ld     24, 136(1)
-+	ld     25, 144(1)
-+	ld     26, 152(1)
-+	ld     27, 160(1)
-+	ld     28, 168(1)
-+	ld     29, 176(1)
-+	ld     30, 184(1)
-+	ld     31, 192(1)
-+	addi	1, 1, 512
-+	mtlr	0
-+	blr
-+.size   p384_felem_mul_reduce,.-p384_felem_mul_reduce
-+___
- 
- $code =~ s/\`([^\`]*)\`/eval $1/gem;
- print $code;
-diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
-index 3fd7a40020..e0b5786bc1 100644
---- a/crypto/ec/ecp_nistp384.c
-+++ b/crypto/ec/ecp_nistp384.c
-@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in)
-     out[6] = two60m4 - in[6];
- }
- 
-+#if defined(ECP_NISTP384_ASM)
-+void p384_felem_diff64(felem out, const felem in);
-+void p384_felem_diff128(widefelem out, const widefelem in);
-+void p384_felem_diff_128_64(widefelem out, const felem in);
-+
-+# define felem_diff64           p384_felem_diff64
-+# define felem_diff128          p384_felem_diff128
-+# define felem_diff_128_64      p384_felem_diff_128_64
-+
-+#else
- /*-
-  * felem_diff64 subtracts |in| from |out|
-  * On entry:
-@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in)
-     for (i = 0; i < 2*NLIMBS-1; i++)
-         out[i] -= in[i];
- }
-+#endif /* ECP_NISTP384_ASM */
- 
- static void felem_square_ref(widefelem out, const felem in)
- {
-@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2)
-  * [3]: Y = 2^48 (acc[6] >> 48)
-  * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d)
-  */
--static void felem_reduce(felem out, const widefelem in)
-+static void felem_reduce_ref(felem out, const widefelem in)
- {
-     /*
-      * In order to prevent underflow, we add a multiple of p before subtracting.
-@@ -682,8 +693,11 @@ static void (*felem_square_p)(widefelem out, const felem in) =
- static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
-     felem_mul_wrapper;
- 
-+static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
-+
- void p384_felem_square(widefelem out, const felem in);
- void p384_felem_mul(widefelem out, const felem in1, const felem in2);
-+void p384_felem_reduce(felem out, const widefelem in);
- 
- # if defined(_ARCH_PPC64)
- #  include "crypto/ppc_arch.h"
-@@ -695,6 +709,7 @@ static void felem_select(void)
-     if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
-         felem_square_p = p384_felem_square;
-         felem_mul_p = p384_felem_mul;
-+        felem_reduce_p = p384_felem_reduce;
- 
-         return;
-     }
-@@ -703,6 +718,7 @@ static void felem_select(void)
-     /* Default */
-     felem_square_p = felem_square_ref;
-     felem_mul_p = felem_mul_ref;
-+    felem_reduce_p = p384_felem_reduce;
- }
- 
- static void felem_square_wrapper(widefelem out, const felem in)
-@@ -719,10 +735,17 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
- 
- # define felem_square felem_square_p
- # define felem_mul felem_mul_p
-+# define felem_reduce felem_reduce_p
-+
-+void p384_felem_square_reduce(felem out, const felem in);
-+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-+
-+# define felem_square_reduce p384_felem_square_reduce
-+# define felem_mul_reduce p384_felem_mul_reduce
- #else
- # define felem_square felem_square_ref
- # define felem_mul felem_mul_ref
--#endif
-+# define felem_reduce felem_reduce_ref
- 
- static ossl_inline void felem_square_reduce(felem out, const felem in)
- {
-@@ -739,6 +762,7 @@ static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem
-     felem_mul(tmp, in1, in2);
-     felem_reduce(out, tmp);
- }
-+#endif
- 
- /*-
-  * felem_inv calculates |out| = |in|^{-1}
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
deleted file mode 100644
index 0659a9d6d9..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 6b1646e472c9e8c08bb14066ba2a7c3eed45f84a Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Thu, 17 Apr 2025 08:51:53 -0500
-Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets
-
-The change adding an asm implementation of p384_felem_reduce incorrectly
-uses the accelerated version on both targets that support the intrinsics
-*and* targets that don't, instead of falling back to the generics on older
-targets.  This results in crashes when trying to use P-384 on < Power9.
-
-Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
-Closes: #27350
-Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/27429)
-
-(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
-
-CVE: CVE-2025-27587
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/6b1646e472c9e8c08bb14066ba2a7c3eed45f84a]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++----------------
- 1 file changed, 33 insertions(+), 21 deletions(-)
-
-diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
-index e0b5786bc1..439b4d03a3 100644
---- a/crypto/ec/ecp_nistp384.c
-+++ b/crypto/ec/ecp_nistp384.c
-@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
-         out[i] = acc[i];
- }
- 
-+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
-+{
-+    widefelem tmp;
-+
-+    felem_square_ref(tmp, in);
-+    felem_reduce_ref(out, tmp);
-+}
-+
-+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
-+{
-+    widefelem tmp;
-+
-+    felem_mul_ref(tmp, in1, in2);
-+    felem_reduce_ref(out, tmp);
-+}
-+
- #if defined(ECP_NISTP384_ASM)
- static void felem_square_wrapper(widefelem out, const felem in);
- static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
-@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
- 
- static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
- 
-+static void (*felem_square_reduce_p)(felem out, const felem in) =
-+    felem_square_reduce_ref;
-+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
-+    felem_mul_reduce_ref;
-+
- void p384_felem_square(widefelem out, const felem in);
- void p384_felem_mul(widefelem out, const felem in1, const felem in2);
- void p384_felem_reduce(felem out, const widefelem in);
- 
-+void p384_felem_square_reduce(felem out, const felem in);
-+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-+
- # if defined(_ARCH_PPC64)
- #  include "crypto/ppc_arch.h"
- # endif
-@@ -710,6 +734,8 @@ static void felem_select(void)
-         felem_square_p = p384_felem_square;
-         felem_mul_p = p384_felem_mul;
-         felem_reduce_p = p384_felem_reduce;
-+        felem_square_reduce_p = p384_felem_square_reduce;
-+        felem_mul_reduce_p = p384_felem_mul_reduce;
- 
-         return;
-     }
-@@ -718,7 +744,9 @@ static void felem_select(void)
-     /* Default */
-     felem_square_p = felem_square_ref;
-     felem_mul_p = felem_mul_ref;
--    felem_reduce_p = p384_felem_reduce;
-+    felem_reduce_p = felem_reduce_ref;
-+    felem_square_reduce_p = felem_square_reduce_ref;
-+    felem_mul_reduce_p = felem_mul_reduce_ref;
- }
- 
- static void felem_square_wrapper(widefelem out, const felem in)
-@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
- # define felem_mul felem_mul_p
- # define felem_reduce felem_reduce_p
- 
--void p384_felem_square_reduce(felem out, const felem in);
--void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
--
--# define felem_square_reduce p384_felem_square_reduce
--# define felem_mul_reduce p384_felem_mul_reduce
-+# define felem_square_reduce felem_square_reduce_p
-+# define felem_mul_reduce felem_mul_reduce_p
- #else
- # define felem_square felem_square_ref
- # define felem_mul felem_mul_ref
- # define felem_reduce felem_reduce_ref
- 
--static ossl_inline void felem_square_reduce(felem out, const felem in)
--{
--    widefelem tmp;
--
--    felem_square(tmp, in);
--    felem_reduce(out, tmp);
--}
--
--static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
--{
--    widefelem tmp;
--
--    felem_mul(tmp, in1, in2);
--    felem_reduce(out, tmp);
--}
-+# define felem_square_reduce felem_square_reduce_ref
-+# define felem_mul_reduce felem_mul_reduce_ref
- #endif
- 
- /*-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.2.4.bb
rename to meta/recipes-connectivity/openssl/openssl_3.2.6.bb
index fd98b32007..4756f5aaa6 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb
@@ -13,15 +13,13 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
            file://0001-Added-handshake-history-reporting-when-test-fails.patch \
            file://CVE-2024-41996.patch \
-           file://CVE-2025-27587-1.patch \
-           file://CVE-2025-27587-2.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "b23ad7fd9f73e43ad1767e636040e88ba7c9e5775bfa5618436a0dd2c17c3716"
+SRC_URI[sha256sum] = "89681a9ddaa9ed7cf25ea8ef61338db805200bae47d00510490623547380c148"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
-- 
2.43.0

[OE-core][scarthgap 16/18] conf/bitbake.conf: use gnu mirror instead of main server

[Steve Sakoman]

From: Gyorgy Sarvari <skandigraun@gmail.com>

ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.

Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.

This information was sourced from https://www.gnu.org/prep/ftp.html .

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8c6f01d7467e018aa0ed27a87850d9e4434a47a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index acf4e2d153..e20b17fad6 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -703,7 +703,7 @@ DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool"
 GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles"
 GNOME_GIT = "git://gitlab.gnome.org/GNOME"
 GNOME_MIRROR = "https://download.gnome.org/sources/"
-GNU_MIRROR = "https://ftp.gnu.org/gnu"
+GNU_MIRROR = "https://ftpmirror.gnu.org/gnu"
 GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt"
 GPE_MIRROR = "http://gpe.linuxtogo.org/download/source"
 KERNELORG_MIRROR = "https://cdn.kernel.org/pub"
-- 
2.43.0

[OE-core][scarthgap 17/18] selftest/cases/meta_ide.py: use use gnu mirror instead of main server

[Steve Sakoman]

ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.

Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.

This information was sourced from https://www.gnu.org/prep/ftp.html

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/meta_ide.py b/meta/lib/oeqa/selftest/cases/meta_ide.py
index 5a17ca52ea..086aac2655 100644
--- a/meta/lib/oeqa/selftest/cases/meta_ide.py
+++ b/meta/lib/oeqa/selftest/cases/meta_ide.py
@@ -44,7 +44,7 @@ class MetaIDE(OESelftestTestCase):
     def test_meta_ide_can_build_cpio_project(self):
         dl_dir = self.td.get('DL_DIR', None)
         self.project = SDKBuildProject(self.tmpdir_metaideQA + "/cpio/", self.environment_script_path,
-                        "https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz",
+                        "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.15.tar.gz",
                         self.tmpdir_metaideQA, self.td['DATETIME'], dl_dir=dl_dir)
         self.project.download_archive()
         self.assertEqual(self.project.run_configure('$CONFIGURE_FLAGS'), 0,
-- 
2.43.0

[OE-core][scarthgap 18/18] oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

[Steve Sakoman]

ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.

Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.

This information was sourced from https://www.gnu.org/prep/ftp.html

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/cases/buildcpio.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py
index ab8fc41876..4148463267 100644
--- a/meta/lib/oeqa/sdk/cases/buildcpio.py
+++ b/meta/lib/oeqa/sdk/cases/buildcpio.py
@@ -24,7 +24,7 @@ class BuildCpioTest(OESDKTestCase):
 
     def test_cpio(self):
         with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir:
-            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz")
+            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.15.tar.gz")
 
             dirs = {}
             dirs["source"] = os.path.join(testdir, "cpio-2.15")
-- 
2.43.0

Re: [OE-core][scarthgap 00/18] Patch review

[Gyorgy Sarvari]

On 10/10/25 04:50, Steve Sakoman via lists.openembedded.org wrote:
> Please review this set of changes for scarthgap and have comments back by
> end of day Monday, October 13
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553

This didn't pass... though I guess it's some infra problem?

> The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:
>
>   expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
>   https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
>
> Aleksandar Nikolic (1):
>   scripts/install-buildtools: Update to 5.0.12
>
> Archana Polampalli (1):
>   go: fix CVE-2025-47906
>
> Deepesh Varatharajan (1):
>   glibc: stable 2.39 branch updates
>
> Gyorgy Sarvari (1):
>   conf/bitbake.conf: use gnu mirror instead of main server
>
> Hitendra Prajapati (1):
>   grub2: mark CVE-2024-2312 as not applicable
>
> Peter Marko (10):
>   busybox: patch CVE-2025-46394
>   gstreamer1.0: ignore CVEs fixed in plugins
>   gstreamer1.0: ignore CVE-2025-2759
>   ghostscript: patch CVE-2025-59798
>   ghostscript: patch CVE-2025-59799
>   ghostscript: patch CVE-2025-59800
>   expat: follow-up for CVE-2024-8176
>   tiff: ignore 5 CVEs
>   ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
>   openssl: upgrade 3.2.4 -> 3.2.6
>
> Ross Burton (1):
>   pulseaudio: ignore CVE-2024-11586
>
> Steve Sakoman (2):
>   selftest/cases/meta_ide.py: use use gnu mirror instead of main server
>   oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
>
>  meta/conf/bitbake.conf                        |    2 +-
>  meta/lib/oeqa/sdk/cases/buildcpio.py          |    2 +-
>  meta/lib/oeqa/selftest/cases/meta_ide.py      |    2 +-
>  meta/recipes-bsp/grub/grub2.inc               |    1 +
>  .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
>  .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
>  .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
>  .../busybox/busybox/CVE-2025-46394-01.patch   |   57 +
>  .../busybox/busybox/CVE-2025-46394-02.patch   |   32 +
>  meta/recipes-core/busybox/busybox_1.36.1.bb   |    2 +
>  .../expat/expat/CVE-2024-8176-03.patch        |   35 +
>  .../expat/expat/CVE-2024-8176-04.patch        |  115 +
>  .../expat/expat/CVE-2024-8176-05.patch        |   78 +
>  meta/recipes-core/expat/expat_2.6.4.bb        |    3 +
>  meta/recipes-core/glibc/glibc-version.inc     |    4 +-
>  meta/recipes-devtools/go/go-1.22.12.inc       |    1 +
>  .../go/go/CVE-2025-47906.patch                |  183 ++
>  .../ghostscript/CVE-2025-59798.patch          |  134 ++
>  .../ghostscript/CVE-2025-59799.patch          |   41 +
>  .../ghostscript/CVE-2025-59800.patch          |   36 +
>  .../ghostscript/ghostscript_10.05.1.bb        |    3 +
>  .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb |    4 +
>  .../gstreamer/gstreamer1.0_1.22.12.bb         |   19 +-
>  meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |    4 +
>  .../pulseaudio/pulseaudio.inc                 |    2 +
>  scripts/install-buildtools                    |    4 +-
>  26 files changed, 754 insertions(+), 2061 deletions(-)
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
>  rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
>  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
>  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
>  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
>  create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
>  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
>  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
>  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#224644): https://lists.openembedded.org/g/openembedded-core/message/224644
> Mute This Topic: https://lists.openembedded.org/mt/115683663/6084445
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

On Sun, Oct 12, 2025 at 12:02 PM Gyorgy Sarvari <skandigraun@gmail.com> wrote:
>
> On 10/10/25 04:50, Steve Sakoman via lists.openembedded.org wrote:
> > Please review this set of changes for scarthgap and have comments back by
> > end of day Monday, October 13
> >
> > Passed a-full on autobuilder:
> >
> > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553
>
> This didn't pass... though I guess it's some infra problem?

Yes, intermittent issue.  I retested that one failing test and it succeeded:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/66/builds/2483

Steve

>
> > The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:
> >
> >   expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)
> >
> > are available in the Git repository at:
> >
> >   https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
> >   https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
> >
> > Aleksandar Nikolic (1):
> >   scripts/install-buildtools: Update to 5.0.12
> >
> > Archana Polampalli (1):
> >   go: fix CVE-2025-47906
> >
> > Deepesh Varatharajan (1):
> >   glibc: stable 2.39 branch updates
> >
> > Gyorgy Sarvari (1):
> >   conf/bitbake.conf: use gnu mirror instead of main server
> >
> > Hitendra Prajapati (1):
> >   grub2: mark CVE-2024-2312 as not applicable
> >
> > Peter Marko (10):
> >   busybox: patch CVE-2025-46394
> >   gstreamer1.0: ignore CVEs fixed in plugins
> >   gstreamer1.0: ignore CVE-2025-2759
> >   ghostscript: patch CVE-2025-59798
> >   ghostscript: patch CVE-2025-59799
> >   ghostscript: patch CVE-2025-59800
> >   expat: follow-up for CVE-2024-8176
> >   tiff: ignore 5 CVEs
> >   ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
> >   openssl: upgrade 3.2.4 -> 3.2.6
> >
> > Ross Burton (1):
> >   pulseaudio: ignore CVE-2024-11586
> >
> > Steve Sakoman (2):
> >   selftest/cases/meta_ide.py: use use gnu mirror instead of main server
> >   oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
> >
> >  meta/conf/bitbake.conf                        |    2 +-
> >  meta/lib/oeqa/sdk/cases/buildcpio.py          |    2 +-
> >  meta/lib/oeqa/selftest/cases/meta_ide.py      |    2 +-
> >  meta/recipes-bsp/grub/grub2.inc               |    1 +
> >  .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
> >  .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
> >  .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
> >  .../busybox/busybox/CVE-2025-46394-01.patch   |   57 +
> >  .../busybox/busybox/CVE-2025-46394-02.patch   |   32 +
> >  meta/recipes-core/busybox/busybox_1.36.1.bb   |    2 +
> >  .../expat/expat/CVE-2024-8176-03.patch        |   35 +
> >  .../expat/expat/CVE-2024-8176-04.patch        |  115 +
> >  .../expat/expat/CVE-2024-8176-05.patch        |   78 +
> >  meta/recipes-core/expat/expat_2.6.4.bb        |    3 +
> >  meta/recipes-core/glibc/glibc-version.inc     |    4 +-
> >  meta/recipes-devtools/go/go-1.22.12.inc       |    1 +
> >  .../go/go/CVE-2025-47906.patch                |  183 ++
> >  .../ghostscript/CVE-2025-59798.patch          |  134 ++
> >  .../ghostscript/CVE-2025-59799.patch          |   41 +
> >  .../ghostscript/CVE-2025-59800.patch          |   36 +
> >  .../ghostscript/ghostscript_10.05.1.bb        |    3 +
> >  .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb |    4 +
> >  .../gstreamer/gstreamer1.0_1.22.12.bb         |   19 +-
> >  meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |    4 +
> >  .../pulseaudio/pulseaudio.inc                 |    2 +
> >  scripts/install-buildtools                    |    4 +-
> >  26 files changed, 754 insertions(+), 2061 deletions(-)
> >  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
> >  delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
> >  rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
> >  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
> >  create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
> >  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
> >  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
> >  create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
> >  create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
> >  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
> >  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
> >  create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#224644): https://lists.openembedded.org/g/openembedded-core/message/224644
> > Mute This Topic: https://lists.openembedded.org/mt/115683663/6084445
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, December 30

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2919

The following changes since commit 2b3d2b671a149cbeea2bdc9ba42192da2015c3b7:

  Revert "lib/oe/go: document map_arch, and raise an error on unknown architecture" (2025-12-11 13:41:59 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adarsh Jagadish Kamini (1):
  rsync: fix CVE-2025-10158

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.14

Daniel Turull (1):
  cmake-native: fix CVE-2025-9301

Deepak Rathore (2):
  cups 2.4.11: Fix CVE-2025-58436
  cups 2.4.11: Fix CVE-2025-61915

Deepesh Varatharajan (1):
  binutils: Fix CVE-2025-11494

Enrico Jörns (1):
  cml1.bbclass: use consistent make flags for menuconfig

Jiaying Song (1):
  python3-urllib3: fix CVE-2025-66418 CVE-2025-66471

Kai Kang (1):
  qemu: fix CVE-2025-12464

Kamel Bouhara (Schneider Electric) (3):
  kernel.bbclass: Add task to export kernel configuration to SPDX
  spdx30_tasks: Add support for exporting PACKAGECONFIG to SPDX
  oeqa/selftest: oe-selftest: Add SPDX tests for kernel config and
    PACKAGECONFIG

Martin Jansa (1):
  cross.bbclass: Propagate dependencies to outhash

Mingli Yu (2):
  libxslt: Fix CVE-2025-11731
  ruby: Upgrade 3.3.5 -> 3.3.10

Moritz Haase (1):
  curl: Use host CA bundle by default for native(sdk) builds

Yash Shinde (2):
  binutils: fix CVE-2025-11839
  binutils: fix CVE-2025-11840

 meta/classes-recipe/cml1.bbclass              |   2 +-
 meta/classes-recipe/cross.bbclass             |  36 +
 meta/classes-recipe/kernel.bbclass            |  67 +-
 meta/classes/create-spdx-3.0.bbclass          |  11 +
 meta/lib/oe/spdx30_tasks.py                   |  20 +
 meta/lib/oeqa/selftest/cases/spdx.py          |  57 ++
 .../binutils/binutils-2.42.inc                |   3 +
 .../binutils/0028-CVE-2025-11494.patch        |  43 ++
 .../binutils/0029-CVE-2025-11839.patch        |  32 +
 .../binutils/0030-CVE-2025-11840.patch        |  37 +
 .../cmake/cmake-native_3.28.3.bb              |   1 +
 .../python3-urllib3/CVE-2025-66418.patch      |  80 +++
 .../python3-urllib3/CVE-2025-66471.patch      | 585 ++++++++++++++++
 .../python/python3-urllib3_2.2.2.bb           |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2025-12464.patch            |  70 ++
 .../rsync/files/CVE-2025-10158.patch          |  36 +
 meta/recipes-devtools/rsync/rsync_3.2.7.bb    |   1 +
 .../ruby/ruby/CVE-2025-27219.patch            |  31 -
 .../ruby/ruby/CVE-2025-27220.patch            |  78 ---
 .../ruby/ruby/CVE-2025-27221-0001.patch       |  57 --
 .../ruby/ruby/CVE-2025-27221-0002.patch       |  73 --
 .../ruby/{ruby_3.3.5.bb => ruby_3.3.10.bb}    |   6 +-
 meta/recipes-extended/cups/cups.inc           |   2 +
 .../cups/cups/CVE-2025-58436.patch            | 635 ++++++++++++++++++
 .../cups/cups/CVE-2025-61915.patch            | 491 ++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  11 +-
 .../libxslt/files/CVE-2025-11731.patch        |  42 ++
 .../recipes-support/libxslt/libxslt_1.1.43.bb |   3 +-
 scripts/install-buildtools                    |   4 +-
 30 files changed, 2263 insertions(+), 254 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0028-CVE-2025-11494.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0029-CVE-2025-11839.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0030-CVE-2025-11840.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2025-10158.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0001.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0002.patch
 rename meta/recipes-devtools/ruby/{ruby_3.3.5.bb => ruby_3.3.10.bb} (95%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch
 create mode 100644 meta/recipes-support/libxslt/files/CVE-2025-11731.patch

-- 
2.43.0

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, October 17

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/277

The following changes since commit 5ea3ba00532265165e0d30f6d2eed568f5b5867f:

  meta-world-pkgdata: Inherit nopackages (2024-10-06 06:07:52 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  sysvinit: take release tarballs from github

Claus Stovgaard (1):
  lib/oe/package-manager: skip processing installed-pkgs with empty
    globs

Hitendra Prajapati (2):
  cups: Backport fix for CVE-2024-47175
  libarchive: fix CVE-2024-48957 & CVE-2024-48958

Jaeyoon Jung (1):
  makedevs: Fix matching uid/gid

Jörg Sommer (2):
  ptest-runner: Update 2.4.4 -> 2.4.5
  runqemu: Fix detection of -serial parameter

Khem Raj (1):
  libpcre2: Update base uri PhilipHazel -> PCRE2Project

Louis Rannou (1):
  image_qa: fix error handling

Macpaul Lin (1):
  linux-firmware: upgrade 20240312 -> 20240909

Paul Barker (1):
  meta-ide-support: Mark recipe as MACHINE-specific

Paul Gerber (1):
  uboot-sign: fix counters in do_uboot_assemble_fitimage

Peter Marko (1):
  rust: ignore CVE-2024-43402

Purushottam Choudhary (1):
  virglrenderer: Add patch to fix -int-conversion build issue

Richard Purdie (2):
  license: Fix directory layout issues
  libsdl2: Fix non-deterministic configure option for libsamplerate

Teresa Remmet (1):
  recipes-bsp: usbutils: Fix usb-devices command using busybox

Yogita Urade (1):
  ruby: upgrade 3.2.2 -> 3.3.5

 meta/classes-global/license.bbclass           |  10 +-
 meta/classes-recipe/image.bbclass             |  11 +-
 meta/classes-recipe/uboot-sign.bbclass        |   3 +-
 meta/lib/oe/package_manager/__init__.py       |  76 +++---
 meta/lib/oe/utils.py                          |   2 +-
 meta/lib/oeqa/selftest/cases/meta_ide.py      |   4 +-
 ...devices-Fix-usb-devices-with-busybox.patch |  37 +++
 meta/recipes-bsp/usbutils/usbutils_017.bb     |   1 +
 meta/recipes-core/meta/meta-ide-support.bb    |   1 +
 meta/recipes-core/sysvinit/sysvinit_3.04.bb   |   5 +-
 .../makedevs/makedevs/makedevs.c              |  12 +-
 ...Alignof-to-define-ALIGN_OF-when-poss.patch |  52 ----
 ...e.in-do-not-write-host-cross-cc-item.patch |  32 ---
 ...Obey-LDFLAGS-for-the-link-of-libruby.patch |  25 --
 ...-Makefile.in-filter-out-f-prefix-map.patch |  42 ---
 ...eproducible-change-fixing-784225-too.patch |  26 +-
 .../0006-Make-gemspecs-reproducible.patch     |  18 +-
 .../ruby/ruby/CVE-2023-36617_1.patch          |  56 ----
 .../ruby/ruby/CVE-2023-36617_2.patch          |  52 ----
 .../ruby/ruby/CVE-2024-27281.patch            |  97 -------
 .../ruby/ruby/CVE-2024-27282.patch            |  28 --
 .../ruby/ruby/remove_has_include_macros.patch |  35 ---
 .../ruby/{ruby_3.2.2.bb => ruby_3.3.5.bb}     |  13 +-
 meta/recipes-devtools/rust/rust-source.inc    |   1 +
 meta/recipes-extended/cups/cups.inc           |   5 +
 .../cups/cups/CVE-2024-47175-1.patch          |  73 +++++
 .../cups/cups/CVE-2024-47175-2.patch          | 151 +++++++++++
 .../cups/cups/CVE-2024-47175-3.patch          | 119 +++++++++
 .../cups/cups/CVE-2024-47175-4.patch          | 249 ++++++++++++++++++
 .../cups/cups/CVE-2024-47175-5.patch          |  40 +++
 .../libarchive/CVE-2024-48957.patch           |  36 +++
 .../libarchive/CVE-2024-48958.patch           |  40 +++
 .../libarchive/libarchive_3.7.4.bb            |   5 +-
 .../libsdl2/libsdl2_2.30.1.bb                 |   1 +
 ...nversion-fatal-build-error-with-GCC-.patch |  41 +++
 .../virglrenderer/virglrenderer_1.0.1.bb      |   1 +
 ...20240312.bb => linux-firmware_20240909.bb} |   8 +-
 .../recipes-support/libpcre/libpcre2_10.43.bb |   2 +-
 ...-runner_2.4.4.bb => ptest-runner_2.4.5.bb} |   2 +-
 scripts/runqemu                               |   4 +-
 40 files changed, 898 insertions(+), 518 deletions(-)
 create mode 100755 meta/recipes-bsp/usbutils/usbutils/0001-usb-devices-Fix-usb-devices-with-busybox.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch
 rename meta/recipes-devtools/ruby/{ruby_3.2.2.bb => ruby_3.3.5.bb} (88%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
 create mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/0001-vrend-Fix-int-conversion-fatal-build-error-with-GCC-.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20240312.bb => linux-firmware_20240909.bb} (99%)
 rename meta/recipes-support/ptest-runner/{ptest-runner_2.4.4.bb => ptest-runner_2.4.5.bb} (95%)

-- 
2.34.1

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, August 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7256

The following changes since commit bbb8db8fec7fbee56fcdbc665a758b911d73a767:

  u-boot.inc: Refactor do_* steps into functions that can be overridden (2024-08-15 06:02:17 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexis Lothoré (1):
  oeqa/utils/postactions: transfer whole archive over ssh instead of
    doing individual copies

Ashish Sharma (1):
  ruby: Backport fix for CVE-2024-27282

Daniel Semkowicz (1):
  os-release: Fix VERSION_CODENAME in case it is empty

Gauthier HADERER (1):
  populate_sdk_ext.bclass: make sure OECORE_NATIVE_SYSROOT is exported.

Jon Mason (2):
  oeqa/runtime/ssh: add retry logic and sleeps to allow for slower
    systems
  oeqa/runtime/ssh: check for all errors at the end

Jose Quaresma (1):
  go: upgrade 1.22.5 -> 1.22.6

Kai Kang (1):
  glibc: fix fortran header file conflict for arm

Martin Jansa (1):
  libgfortran.inc: fix nativesdk-libgfortran dependencies

Mingli Yu (1):
  llvm: Enable libllvm for native build

Richard Purdie (2):
  oeqa/runtime/ssh: In case of failure, show exit code and handle -15
    (SIGTERM)
  oeqa/selftest/reproducibile: Explicitly list virtual targets

Ross Burton (2):
  gstreamer1.0: disable flaky baseparser tests
  librsvg: don't try to run target code at build time

Siddharth Doshi (1):
  Tiff: Security fix for CVE-2024-7006

Trevor Gamblin (1):
  maintainers.inc: add self for unassigned python recipes

Ulrich Ölmann (1):
  initramfs-framework: fix typos

Weisser, Pascal.ext (1):
  qemuboot: Trigger write_qemuboot_conf task on changes of kernel image
    realpath

 meta/classes-recipe/populate_sdk_ext.bbclass  |  2 +-
 meta/classes-recipe/qemuboot.bbclass          |  3 +-
 meta/conf/distro/include/maintainers.inc      |  8 +--
 meta/lib/oeqa/runtime/cases/ssh.py            | 31 ++++++---
 meta/lib/oeqa/selftest/cases/reproducible.py  |  3 +-
 meta/lib/oeqa/utils/postactions.py            | 19 +++---
 meta/recipes-core/glibc/glibc-package.inc     |  8 ++-
 .../initrdscripts/initramfs-framework/init    |  2 +-
 .../initrdscripts/initramfs-framework/rootfs  |  2 +-
 meta/recipes-core/os-release/os-release.bb    |  2 +-
 meta/recipes-devtools/gcc/libgfortran.inc     |  3 +-
 .../go/{go-1.22.5.inc => go-1.22.6.inc}       |  2 +-
 ...e_1.22.5.bb => go-binary-native_1.22.6.bb} |  6 +-
 ..._1.22.5.bb => go-cross-canadian_1.22.6.bb} |  0
 ...{go-cross_1.22.5.bb => go-cross_1.22.6.bb} |  0
 ...osssdk_1.22.5.bb => go-crosssdk_1.22.6.bb} |  0
 ...runtime_1.22.5.bb => go-runtime_1.22.6.bb} |  0
 .../go/{go_1.22.5.bb => go_1.22.6.bb}         |  0
 meta/recipes-devtools/llvm/llvm_18.1.6.bb     |  1 -
 .../ruby/ruby/CVE-2024-27282.patch            | 28 ++++++++
 meta/recipes-devtools/ruby/ruby_3.2.2.bb      |  1 +
 .../librsvg/disable-rsvg-loader-test.patch    | 40 ++++++++++++
 meta/recipes-gnome/librsvg/librsvg_2.57.1.bb  |  1 +
 .../gstreamer/gstreamer1.0/run-ptest          |  7 +-
 .../libtiff/tiff/CVE-2024-7006.patch          | 65 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |  1 +
 26 files changed, 198 insertions(+), 37 deletions(-)
 rename meta/recipes-devtools/go/{go-1.22.5.inc => go-1.22.6.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.5.bb => go-binary-native_1.22.6.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.5.bb => go-cross-canadian_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.5.bb => go-cross_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.5.bb => go-crosssdk_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.5.bb => go-runtime_1.22.6.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.5.bb => go_1.22.6.bb} (100%)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
 create mode 100644 meta/recipes-gnome/librsvg/librsvg/disable-rsvg-loader-test.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-7006.patch

-- 
2.34.1

[OE-core][scarthgap 00/18] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, August 6

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7208

The following changes since commit 1c9d3c22718bf49ae85c2d06e0ee60ebdc2fd0c1:

  openssh: systemd notification was implemented upstream (2024-07-28 19:27:16 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Changqing Li (1):
  rt-tests: rt_bmark.py: fix TypeError

Christian Taedcke (1):
  iptables: fix memory corruption when parsing nft rules

Khem Raj (2):
  busybox: CVE-2023-42364 and CVE-2023-42365 fixes
  busybox: Add fix for CVE-2023-42366

Mark Hatle (5):
  package.py: Fix static debuginfo split
  package.py: Fix static library processing
  selftest-hardlink: Add additional test cases
  create-spdx-*: Support multilibs via SPDX_MULTILIB_SSTATE_ARCHS
  oeqa sdk cases: Skip SDK test cases when TCLIBC is newlib

Niko Mauno (1):
  libyaml: Fix warning regarding unpatched CVE

Patrick Wicki (1):
  gpgme: move gpgme-tool to own sub-package

Peter Marko (1):
  libstd-rs,rust-cross-canadian: set CVE_PRODUCT to rust

Ranjitsinh Rathod (1):
  rust: Add new varaible RUST_ENABLE_EXTRA_TOOLS

Richard Purdie (3):
  create-spdx-3.0/populate_sdk_base: Add SDK_CLASSES inherit mechanism
    to fix tarball SPDX manifests
  pseudo: Fix to work with glibc 2.40
  pseudo: Update to include open symlink handling bugfix

Wadim Egorov (1):
  watchdog: Set watchdog_module in default config

Yogita Urade (1):
  qemu: upgrade 8.2.2 -> 8.2.3

 .../selftest-hardlink/selftest-hardlink.bb    |  13 ++
 meta/classes-recipe/populate_sdk_base.bbclass |   7 +
 meta/classes-recipe/testimage.bbclass         |   2 -
 meta/classes/create-spdx-2.2.bbclass          |  14 +-
 meta/lib/oe/package.py                        |  57 ++++-
 meta/lib/oeqa/sdk/cases/assimp.py             |   4 +
 meta/lib/oeqa/sdk/cases/buildcpio.py          |   5 +
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |   4 +
 meta/lib/oeqa/sdk/cases/buildgalculator.py    |   4 +
 meta/lib/oeqa/sdk/cases/buildlzip.py          |   5 +
 meta/lib/oeqa/sdk/cases/gcc.py                |   4 +
 meta/lib/oeqa/selftest/cases/package.py       |  26 +++
 ...01-awk-fix-precedence-of-relative-to.patch | 197 ++++++++++++++++++
 ...1-awk.c-fix-CVE-2023-42366-bug-15874.patch |  37 ++++
 ...x-ternary-operator-and-precedence-of.patch |  96 +++++++++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |   3 +
 meta/recipes-core/meta/buildtools-tarball.bb  |   3 +
 .../pseudo/files/glibc238.patch               |  10 +-
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   2 +-
 ...u-native_8.2.2.bb => qemu-native_8.2.3.bb} |   0
 ...e_8.2.2.bb => qemu-system-native_8.2.3.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc           |   8 +-
 ...4-Handle-the-vsyscall-page-in-open_s.patch |  56 -----
 .../qemu/qemu/CVE-2024-3446-01.patch          |  73 -------
 .../qemu/qemu/CVE-2024-3446-02.patch          |  48 -----
 .../qemu/qemu/CVE-2024-3446-03.patch          |  47 -----
 .../qemu/qemu/CVE-2024-3446-04.patch          |  52 -----
 .../qemu/qemu/CVE-2024-3567.patch             |  48 -----
 .../qemu/{qemu_8.2.2.bb => qemu_8.2.3.bb}     |   0
 .../recipes-devtools/rust/libstd-rs_1.75.0.bb |   2 +
 .../rust/rust-cross-canadian.inc              |   1 +
 meta/recipes-devtools/rust/rust_1.75.0.bb     |   6 +-
 ...se-Add-missing-braces-around-ternary.patch |  37 ++++
 .../iptables/iptables_1.8.10.bb               |   1 +
 .../watchdog/watchdog-config/watchdog.default |   1 +
 meta/recipes-rt/rt-tests/files/rt_bmark.py    |   2 +-
 meta/recipes-support/gpgme/gpgme_1.23.2.bb    |  16 +-
 meta/recipes-support/libyaml/libyaml_0.2.5.bb |   2 +
 38 files changed, 537 insertions(+), 356 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch
 create mode 100644 meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
 rename meta/recipes-devtools/qemu/{qemu-native_8.2.2.bb => qemu-native_8.2.3.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_8.2.2.bb => qemu-system-native_8.2.3.bb} (100%)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
 rename meta/recipes-devtools/qemu/{qemu_8.2.2.bb => qemu_8.2.3.bb} (100%)
 create mode 100644 meta/recipes-extended/iptables/iptables/0005-nft-ruleparse-Add-missing-braces-around-ternary.patch

-- 
2.34.1