[OE-core][kirkstone 0/7] Patch review

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back
by end of day Sunday.

This should be the almost final set of patches for the 4.0.3 release -
there remains an intermittent linux-yocto reproducibility issue that
needs to get fixed.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4015

The following changes since commit 3564ce3d9b2030dd420362c66147bd327090915c:

  initscripts: run umountnfs as a KILL script (2022-07-28 05:32:25 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  openssh: Add openssh-sftp-server to openssh RDEPENDS

Dmitry Baryshkov (1):
  linux-firwmare: restore WHENCE_CHKSUM variable

Khem Raj (1):
  libgcc: Fix standalone target builds with usrmerge distro feature

Martin Jansa (1):
  kernel.bbclass: pass LD also in savedefconfig

Mingli Yu (1):
  strace: set COMPATIBLE_HOST for riscv32

Shruthi Ravichandran (1):
  package_manager/ipk: do not pipe stderr to stdout

Sundeep KOKKONDA (1):
  binutils: stable 2.38 branch updates

 meta/classes/kernel.bbclass                   |  2 +-
 meta/lib/oe/package_manager/ipk/__init__.py   | 23 +++++++++++--------
 .../openssh/openssh_8.9p1.bb                  |  2 +-
 .../binutils/binutils-2.38.inc                |  2 +-
 meta/recipes-devtools/gcc/libgcc-common.inc   |  8 +++++--
 meta/recipes-devtools/strace/strace_5.16.bb   |  3 +++
 .../linux-firmware/linux-firmware_20220708.bb |  5 +++-
 7 files changed, 29 insertions(+), 16 deletions(-)

-- 
2.25.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5185

The following changes since commit ff4b57ffff903a93b710284c7c7f916ddd74712f:

  uninative: Upgrade to 3.9 to include glibc 2.37 (2023-04-04 05:32:01 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (2):
  curl: CVE-2023-27533 TELNET option IAC injection
  curl: CVE-2023-27534 SFTP path resolving discrepancy

Joe Slater (1):
  go: fix CVE-2022-41724, 41725

Mark Hatle (1):
  openssl: Move microblaze to linux-latomic config

Pawan Badganchi (1):
  tiff: Add fix for CVE-2022-4645

Peter Marko (1):
  package.bbclass: correct check for /build in copydebugsources()

Yash Shinde (1):
  binutils : Fix CVE-2023-1579

 meta/classes/package.bbclass                  |    2 +-
 .../openssl/openssl_3.0.8.bb                  |    4 +-
 .../binutils/binutils-2.38.inc                |    4 +
 .../binutils/0021-CVE-2023-1579-1.patch       |  459 ++++
 .../binutils/0021-CVE-2023-1579-2.patch       | 2127 +++++++++++++++
 .../binutils/0021-CVE-2023-1579-3.patch       |  156 ++
 .../binutils/0021-CVE-2023-1579-4.patch       |   37 +
 meta/recipes-devtools/go/go-1.17.13.inc       |    5 +-
 .../go/go-1.19/add_godebug.patch              |   84 +
 .../go/go-1.19/cve-2022-41724.patch           | 2391 +++++++++++++++++
 .../go/go-1.19/cve-2022-41725.patch           |  652 +++++
 ...-of-TIFFTAG_INKNAMES-and-related-TIF.patch |    5 +-
 .../curl/curl/CVE-2023-27533.patch            |  208 ++
 .../curl/curl/CVE-2023-27534.patch            |  122 +
 meta/recipes-support/curl/curl_7.82.0.bb      |    2 +
 15 files changed, 6252 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.19/add_godebug.patch
 create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41724.patch
 create mode 100644 meta/recipes-devtools/go/go-1.19/cve-2022-41725.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, October 31

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6115

The following changes since commit 7681436190354b5c5b6c3a82b3094badd81113de:

  vim: Upgrade 9.0.2009 -> 9.0.2048 (2023-10-20 06:38:00 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (2):
  curl: fix CVE-2023-38545
  curl: fix CVE-2023-38546

Fahad Arslan (2):
  linux-firmware: create separate package for cirrus and cnm firmwares
  linux-firmware: create separate packages

Niko Mauno (1):
  package_rpm: Allow compression mode override

Peter Marko (1):
  openssl: Upgrade 3.0.11 -> 3.0.12

Steve Sakoman (1):
  cve-exclusion_5.10.inc: update for 5.10.197

 meta/classes/package_rpm.bbclass              |   6 +-
 .../{openssl_3.0.11.bb => openssl_3.0.12.bb}  |   2 +-
 .../linux-firmware/linux-firmware_20230804.bb | 260 +++++++++++++++++-
 .../linux/cve-exclusion_5.10.inc              | 123 +++++++--
 .../curl/curl/CVE-2023-38545.patch            | 133 +++++++++
 .../curl/curl/CVE-2023-38546.patch            | 137 +++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   2 +
 7 files changed, 633 insertions(+), 30 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.11.bb => openssl_3.0.12.bb} (99%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38545.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-38546.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 10

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6158

The following changes since commit 0eb8e67aa6833df0cde29833568a70e65c21d7e5:

  build-appliance-image: Update to kirkstone head revision (2023-11-03 04:27:49 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Narpat Mali (1):
  python3-jinja2: Fixed ptest result output as per the standard

Ross Burton (3):
  cve-check: sort the package list in the JSON report
  cve-check: slightly more verbose warning when adding the same package
    twice
  cve-check: don't warn if a patch is remote

Sanjana (1):
  binutils: Fix CVE-2022-47010

Soumya Sambu (1):
  libwebp: Fix CVE-2023-4863

Vijay Anusuri (1):
  xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380

 meta/classes/cve-check.bbclass                |   2 +
 meta/lib/oe/cve_check.py                      |  13 +--
 .../binutils/binutils-2.38.inc                |   1 +
 .../binutils/0032-CVE-2022-47010.patch        |  38 +++++++
 .../python/python3-jinja2/run-ptest           |   2 +-
 .../xserver-xorg/CVE-2023-5367.patch          |  84 +++++++++++++++
 .../xserver-xorg/CVE-2023-5380.patch          | 102 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   2 +
 ...23-5129.patch => CVE-2023-4863-0001.patch} |  20 ++--
 .../webp/files/CVE-2023-4863-0002.patch       |  53 +++++++++
 meta/recipes-multimedia/webp/libwebp_1.2.4.bb |   3 +-
 11 files changed, 303 insertions(+), 17 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch
 rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (97%)
 create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please reviwe this set of changes for kirkstone and have comments back by
end of day Friday, January 19

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6458

The following changes since commit 8e27f96c0befbbb5cf8a2f7076b7a1ffd79addb6:

  linux-firmware: upgrade 20230804 -> 20231030 (2024-01-09 05:50:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (1):
  systemd: fix CVE-2023-7008

Martin Jansa (1):
  pybootchartgui: fix 2 SyntaxWarnings

Peter Marko (2):
  sqlite3: backport patch for CVE-2023-7104
  zlib: ignore CVE-2023-6992

Poonam Jadhav (1):
  Revert "curl: Backport fix CVE-2023-32001"

Soumya Sambu (1):
  cpio: upgrade to 2.14

Vivek Kumbhar (1):
  openssl: Backport fix for CVE-2023-6129

 .../openssl/openssl/CVE-2023-6129.patch       | 113 ++++
 .../openssl/openssl_3.0.12.bb                 |   1 +
 .../systemd/systemd/CVE-2023-7008.patch       |  40 ++
 meta/recipes-core/systemd/systemd_250.5.bb    |   1 +
 meta/recipes-core/zlib/zlib_1.2.11.bb         |   3 +
 ...charset_alias-when-building-for-musl.patch |  30 -
 ...ove-superfluous-declaration-of-progr.patch |  28 -
 ...-calculation-of-CRC-in-copy-out-mode.patch |  58 --
 ...appending-to-archives-bigger-than-2G.patch | 312 ----------
 .../cpio/cpio-2.13/CVE-2021-38185.patch       | 581 ------------------
 .../cpio/{cpio_2.13.bb => cpio_2.14.bb}       |   9 +-
 ...e-needed-header-for-major-minor-macr.patch |  47 ++
 .../curl/curl/CVE-2023-32001.patch            |  39 --
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 -
 .../sqlite/files/CVE-2023-7104.patch          |  44 ++
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   1 +
 scripts/pybootchartgui/pybootchartgui/draw.py |   4 +-
 17 files changed, 254 insertions(+), 1058 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
 rename meta/recipes-extended/cpio/{cpio_2.13.bb => cpio_2.14.bb} (74%)
 create mode 100644 meta/recipes-extended/cpio/files/0001-configure-Include-needed-header-for-major-minor-macr.patch
 delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2023-7104.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6539

The following changes since commit 60d88989698968c13f8e641f0ba1a82fcf700fb7:

  image-live.bbclass: LIVE_ROOTFS_TYPE support compression (2024-01-30 07:10:42 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Deepthi Hemraj (4):
  binutils: internal gdb: Fix CVE-2023-39129
  binutils: internal gdb: Fix CVE-2023-39130
  gdb: Fix CVE-2023-39129
  gdb: Fix CVE-2023-39130

Peter Marko (3):
  curl: ignore CVE-2023-42915
  gcc-shared-source: ignore CVE-2023-4039
  openssl: Upgrade 3.0.12 -> 3.0.13

 .../openssl/openssl/CVE-2023-5678.patch       | 180 ----------
 .../openssl/openssl/CVE-2023-6129.patch       | 113 ------
 .../openssl/openssl/CVE-2023-6237.patch       | 127 -------
 .../{openssl_3.0.12.bb => openssl_3.0.13.bb}  |   6 +-
 .../binutils/binutils-2.38.inc                |   2 +
 .../binutils/0035-CVE-2023-39129.patch        |  50 +++
 .../binutils/0036-CVE-2023-39130.patch        | 326 ++++++++++++++++++
 .../gcc/gcc-shared-source.inc                 |   3 +
 meta/recipes-devtools/gdb/gdb.inc             |   2 +
 .../gdb/gdb/0012-CVE-2023-39129.patch         |  50 +++
 .../gdb/gdb/0013-CVE-2023-39130.patch         | 326 ++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   3 +
 12 files changed, 764 insertions(+), 424 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6129.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-6237.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.12.bb => openssl_3.0.13.bb} (97%)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0012-CVE-2023-39129.patch
 create mode 100644 meta/recipes-devtools/gdb/gdb/0013-CVE-2023-39130.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, April 19

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6817

The following changes since commit f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7:

  tcl: skip async and event tests in run-ptest (2024-04-16 05:00:24 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Harish Sadineni (1):
  rust: add CVE_CHECK_IGNORE for CVE-2024-24576

Meenali Gupta (1):
  libssh2: fix CVE-2023-48795

Poonam Jadhav (1):
  ppp: Add RSA-MD in LICENSE

Sana Kazi (1):
  systemd: Fix vlan qos mapping

Soumya Sambu (1):
  nghttp2: Fix CVE-2024-28182

Steve Sakoman (1):
  valgrind: skip intermittently failing ptest

Yogita Urade (1):
  ruby: fix CVE-2024-27281

 meta/recipes-connectivity/ppp/ppp_2.4.9.bb    |   2 +-
 .../systemd/fix-vlan-qos-mapping.patch        | 140 ++++++
 meta/recipes-core/systemd/systemd_250.5.bb    |   1 +
 .../ruby/ruby/CVE-2024-27281.patch            |  97 ++++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 meta/recipes-devtools/rust/rust-source.inc    |   3 +
 .../valgrind/valgrind/remove-for-all          |   2 +
 .../libssh2/libssh2/CVE-2023-48795.patch      | 459 ++++++++++++++++++
 .../recipes-support/libssh2/libssh2_1.10.0.bb |   1 +
 .../nghttp2/nghttp2/CVE-2024-28182-0001.patch | 110 +++++
 .../nghttp2/nghttp2/CVE-2024-28182-0002.patch | 105 ++++
 .../recipes-support/nghttp2/nghttp2_1.47.0.bb |   2 +
 12 files changed, 922 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/systemd/systemd/fix-vlan-qos-mapping.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
 create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0001.patch
 create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2024-28182-0002.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirktsone and have comments back by
end of day Saturday, June 1

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6984

The following changes since commit e0a1ed7aa1f2b12d985414db9a75d6e151ae8d21:

  initscripts: Add custom mount args for /var/lib (2024-05-22 05:07:30 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (5):
  ghostscript: fix CVE-2024-33870
  ghostscript: fix CVE-2024-33869
  ghostscript: fix CVE-2024-33871
  ghostscript: fix CVE-2024-29510
  ghostscript: fix CVE-2023-52722

Soumya Sambu (2):
  util-linux: Fix CVE-2024-28085
  git: Fix multiple CVEs

 meta/recipes-core/util-linux/util-linux.inc   |    5 +
 .../util-linux/CVE-2024-28085-0001.patch      |  202 +
 .../util-linux/CVE-2024-28085-0002.patch      |  172 +
 .../util-linux/CVE-2024-28085-0003.patch      |  223 +
 .../util-linux/CVE-2024-28085-0004.patch      |   36 +
 .../util-linux/CVE-2024-28085-0005.patch      |   34 +
 .../git/git/CVE-2024-32002-0001.patch         |   69 +
 .../git/git/CVE-2024-32002-0002.patch         |  213 +
 .../git/git/CVE-2024-32002-0003.patch         |  141 +
 .../git/git/CVE-2024-32002-0004.patch         |  150 +
 .../git/git/CVE-2024-32004-0001.patch         |   95 +
 .../git/git/CVE-2024-32004-0002.patch         |  187 +
 .../git/git/CVE-2024-32004-0003.patch         |  158 +
 .../git/git/CVE-2024-32020.patch              |  114 +
 .../git/git/CVE-2024-32021-0001.patch         |   89 +
 .../git/git/CVE-2024-32021-0002.patch         |   65 +
 .../git/git/CVE-2024-32465.patch              |  206 +
 meta/recipes-devtools/git/git_2.35.7.bb       |   11 +
 .../ghostscript/CVE-2023-52722.patch          |   43 +
 .../ghostscript/CVE-2024-29510.patch          |   84 +
 .../ghostscript/CVE-2024-33869-0001.patch     |   39 +
 .../ghostscript/CVE-2024-33869-0002.patch     |   52 +
 .../ghostscript/CVE-2024-33870.patch          |   92 +
 .../ghostscript/CVE-2024-33871-0001.patch     | 4863 +++++++++++++++++
 .../ghostscript/CVE-2024-33871-0002.patch     |   43 +
 .../ghostscript/ghostscript_9.55.0.bb         |    7 +
 26 files changed, 7393 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0001.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0002.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0003.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0004.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2024-28085-0005.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0003.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32002-0004.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32004-0003.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32020.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0001.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32021-0002.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2024-32465.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-52722.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29510.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33869-0002.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33870.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0001.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-33871-0002.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, July 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7103

The following changes since commit fbc8f5381e8e1da0d06f7f8e5b8c63a49b1858c2:

  man-pages: remove conflict pages (2024-06-21 12:37:32 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (1):
  gstreamer1.0-plugins-base: fix CVE-2024-4453

Jonas Gorski (1):
  linuxloader: add -armhf on arm only for TARGET_FPU 'hard'

Jose Quaresma (1):
  openssh: fix CVE-2024-6387

Poonam Jadhav (2):
  glibc-tests: correctly pull in the actual tests when installing -ptest
    package
  glibc-tests: Add missing bash ptest dependency

Siddharth Doshi (1):
  OpenSSL: Security fix for CVE-2024-5535

Vijay Anusuri (1):
  wget: Fix for CVE-2024-38428

 meta/classes/linuxloader.bbclass              |    2 +-
 .../openssh/openssh/CVE-2024-6387.patch       |   27 +
 .../openssh/openssh_8.9p1.bb                  |    1 +
 .../openssl/openssl/CVE-2024-5535_1.patch     |  115 ++
 .../openssl/openssl/CVE-2024-5535_2.patch     |   44 +
 .../openssl/openssl/CVE-2024-5535_3.patch     |   84 ++
 .../openssl/openssl/CVE-2024-5535_4.patch     |  178 +++
 .../openssl/openssl/CVE-2024-5535_5.patch     | 1175 +++++++++++++++++
 .../openssl/openssl/CVE-2024-5535_6.patch     |   45 +
 .../openssl/openssl/CVE-2024-5535_7.patch     |   68 +
 .../openssl/openssl/CVE-2024-5535_8.patch     |  273 ++++
 .../openssl/openssl/CVE-2024-5535_9.patch     |  205 +++
 .../openssl/openssl_3.0.14.bb                 |    9 +
 meta/recipes-core/glibc/glibc-tests_2.35.bb   |    4 +-
 meta/recipes-core/glibc/glibc/run-ptest       |    2 +-
 .../wget/wget/CVE-2024-38428.patch            |   79 ++
 meta/recipes-extended/wget/wget_1.21.4.bb     |    1 +
 .../CVE-2024-4453.patch                       |   65 +
 .../gstreamer1.0-plugins-base_1.20.7.bb       |    1 +
 19 files changed, 2374 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_1.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_3.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_4.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_5.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_6.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_7.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_8.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-5535_9.patch
 create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-38428.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2024-4453.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 3

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7295

The following changes since commit 963085afced737863cf4ff8515a1cf08365d5d87:

  libsoup: fix compile error on centos7 (2024-08-23 14:34:03 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Divya Chellam (1):
  bind: Upgrade 9.18.24 -> 9.18.28

Hitendra Prajapati (1):
  vim: upgrade from 9.0.2190 -> 9.1.0114

Hugo SIMELIERE (1):
  cryptodev-module: Fix build for linux 5.10.220

Ming Liu (1):
  grub: fs/fat: Don't error when mtime is 0

Peter Marko (2):
  libyaml: Ignore CVE-2024-35325
  curl: Ignore CVE-2024-32928

Siddharth Doshi (1):
  vim: Upgrade 9.1.0114 -> 9.1.0682

 ...1-fs-fat-Don-t-error-when-mtime-is-0.patch | 70 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 .../bind/{bind_9.18.24.bb => bind_9.18.28.bb} |  2 +-
 .../cryptodev/cryptodev-module_1.12.bb        |  1 +
 .../0001-Fix-build-for-linux-5.10.220.patch   | 32 +++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  2 +
 meta/recipes-support/libyaml/libyaml_0.2.5.bb |  2 +
 ...m-add-knob-whether-elf.h-are-checked.patch | 39 -----------
 .../vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb}  |  0
 meta/recipes-support/vim/vim.inc              |  5 +-
 .../vim/{vim_9.0.bb => vim_9.1.bb}            |  0
 11 files changed, 111 insertions(+), 43 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/0001-fs-fat-Don-t-error-when-mtime-is-0.patch
 rename meta/recipes-connectivity/bind/{bind_9.18.24.bb => bind_9.18.28.bb} (97%)
 create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Fix-build-for-linux-5.10.220.patch
 delete mode 100644 meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
 rename meta/recipes-support/vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} (100%)
 rename meta/recipes-support/vim/{vim_9.0.bb => vim_9.1.bb} (100%)

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, December 13

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/615

The following changes since commit e42b6a40a3a01e328966bb5ee1bb3e0993975b15:

  resulttool: Improve repo layout for oeselftest results (2024-12-04 05:50:49 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  dbus: disable assertions and enable only modular tests

Divya Chellam (1):
  libpam: fix CVE-2024-10041

Jiaying Song (1):
  python3-requests: fix CVE-2024-35195

Khem Raj (1):
  unzip: Fix configure tests to use modern C

Peter Marko (2):
  libsdl2: ignore CVE-2020-14409 and CVE-2020-14410
  rootfs-postcommands.bbclass: make opkg status reproducible

Ross Burton (1):
  sanity: check for working user namespaces

 meta/classes/rootfs-postcommands.bbclass      |   4 +
 meta/classes/sanity.bbclass                   |  24 ++++
 meta/recipes-core/dbus/dbus_1.14.8.bb         |   3 +-
 .../python3-requests/CVE-2024-35195.patch     | 121 ++++++++++++++++++
 .../python/python3-requests_2.27.1.bb         |   4 +-
 .../pam/libpam/CVE-2024-10041.patch           |  98 ++++++++++++++
 meta/recipes-extended/pam/libpam_1.5.2.bb     |   1 +
 ...rrect-system-headers-and-prototypes-.patch | 112 ++++++++++++++++
 meta/recipes-extended/unzip/unzip_6.0.bb      |   1 +
 .../libsdl2/libsdl2_2.0.20.bb                 |   3 +
 10 files changed, 368 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2024-35195.patch
 create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch

-- 
2.34.1

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, February 14

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1001

The following changes since commit a397c152abf4f3da1323594e79ebac844a2c9f45:

  glibc: stable 2.35 branch updates (2025-01-30 08:17:32 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bruce Ashfield (2):
  linux-yocto/5.15: update to v5.15.176
  linux-yocto/5.15: update to v5.15.178

Khem Raj (1):
  python3: Treat UID/GID overflow as failure

Nikhil R (1):
  glibc: Suppress GCC -Os warning on user2netname for sunrpc

Pedro Ferreira (1):
  rust-common.bbclass: soft assignment for RUSTLIB path

Peter Marko (1):
  cmake: apply parallel build settings to ptest tasks

Praveen Kumar (1):
  go: Fix CVE-2024-45336

 meta/classes/cmake.bbclass                    |   2 +
 meta/classes/rust-common.bbclass              |   2 +-
 ...press-gcc-os-warning-on-user2netname.patch |  61 +++
 meta/recipes-core/glibc/glibc_2.35.bb         |   1 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.21/CVE-2024-45336.patch           | 394 ++++++++++++++++++
 ...e-treat-overflow-in-UID-GID-as-failu.patch |  40 ++
 .../python/python3_3.10.16.bb                 |   1 +
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 11 files changed, 520 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2024-45336.patch
 create mode 100644 meta/recipes-devtools/python/python3/0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch

-- 
2.43.0

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, March 18

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1187

The following changes since commit 0216c229d5c60d0023b0a7d6e8ee41bdfa16f8ef:

  tzcode-native: Fix compiler setting from 2023d version (2025-03-07 07:00:55 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Ashish Sharma (1):
  ruby: Fix CVE-2025-27219

Divya Chellam (1):
  vim: Upgrade 9.1.1043 -> 9.1.1115

Hitendra Prajapati (2):
  grub: Fix multiple CVEs
  grub: Fix multiple CVEs

Peter Marko (2):
  puzzles: ignore three new CVEs for a different puzzles
  libarchive: patch CVE-2025-25724

Zhang Peng (1):
  mpg123: fix CVE-2024-10573

 .../0001-misc-Implement-grub_strlcpy.patch    |  68 ++
 .../grub/files/CVE-2024-45774.patch           |  40 +
 .../grub/files/CVE-2024-45775.patch           |  41 +
 .../grub/files/CVE-2024-45776.patch           |  42 +
 .../grub/files/CVE-2024-45777.patch           |  60 ++
 .../files/CVE-2024-45778_CVE-2024-45779.patch |  58 ++
 .../grub/files/CVE-2024-45780.patch           |  96 ++
 .../grub/files/CVE-2024-45781.patch           |  38 +
 .../files/CVE-2024-45782_CVE-2024-56737.patch |  39 +
 .../grub/files/CVE-2024-45783.patch           |  42 +
 .../grub/files/CVE-2025-0622-01.patch         |  39 +
 .../grub/files/CVE-2025-0622-02.patch         |  44 +
 .../grub/files/CVE-2025-0622-03.patch         |  41 +
 .../grub/files/CVE-2025-0624.patch            |  87 ++
 ...025-0685_CVE-2025-0686_CVE-2025-0689.patch | 380 +++++++
 .../files/CVE-2025-0678_CVE-2025-1125.patch   |  90 ++
 .../grub/files/CVE-2025-0690.patch            |  75 ++
 .../grub/files/CVE-2025-1118.patch            |  40 +
 meta/recipes-bsp/grub/grub2.inc               |  18 +
 .../ruby/ruby/CVE-2025-27219.patch            |  31 +
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 .../libarchive/CVE-2025-25724.patch           |  40 +
 .../libarchive/libarchive_3.6.2.bb            |   1 +
 .../mpg123/mpg123/CVE-2024-10573.patch        | 978 ++++++++++++++++++
 .../mpg123/mpg123_1.29.3.bb                   |   4 +-
 meta/recipes-sato/puzzles/puzzles_git.bb      |   2 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 27 files changed, 2396 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/0001-misc-Implement-grub_strlcpy.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45774.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45775.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45776.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45777.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45778_CVE-2024-45779.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45780.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45781.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-45783.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-01.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-02.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0624.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0678_CVE-2025-1125.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-0690.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-1118.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-25724.patch
 create mode 100644 meta/recipes-multimedia/mpg123/mpg123/CVE-2024-10573.patch

-- 
2.43.0

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone ande have comments back by
end of day Thursday, October 2

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2467

The following changes since commit d381eeb5e70bd0ce9e78032c909e4a23564f4dd7:

  build-appliance-image: Update to kirkstone head revision (2025-09-19 07:04:23 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Divya Chellam (1):
  vim: upgrade 9.1.1652 -> 9.1.1683

Gyorgy Sarvari (1):
  libhandy: update git branch name

Praveen Kumar (1):
  go: fix CVE-2025-47907

Soumya Sambu (1):
  python3-jinja2: upgrade 3.1.4 -> 3.1.6

Yogita Urade (3):
  grub2: fix CVE-2024-56738
  curl: fix CVE-2025-9086
  tiff: fix CVE-2025-9900

 .../grub/files/CVE-2024-56738.patch           |  75 ++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 meta/recipes-devtools/go/go-1.17.13.inc       | 125 ++++---
 .../go/go-1.21/CVE-2025-47907-pre-0001.patch  | 354 ++++++++++++++++++
 .../go/go-1.21/CVE-2025-47907-pre-0002.patch  | 232 ++++++++++++
 .../go/go-1.21/CVE-2025-47907.patch           | 327 ++++++++++++++++
 ...inja2_3.1.4.bb => python3-jinja2_3.1.6.bb} |   5 +-
 meta/recipes-gnome/libhandy/libhandy_1.5.0.bb |   2 +-
 .../libtiff/tiff/CVE-2025-9900.patch          |  57 +++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   1 +
 .../curl/curl/CVE-2025-9086.patch             |  55 +++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 13 files changed, 1174 insertions(+), 65 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0001.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907-pre-0002.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47907.patch
 rename meta/recipes-devtools/python/{python3-jinja2_3.1.4.bb => python3-jinja2_3.1.6.bb} (82%)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9900.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-9086.patch

-- 
2.43.0

[OE-core][kirkstone 0/7] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, November 21

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2748

The following changes since commit 8aad87c12a809d790175b9848f5802d0a28eecac:

  goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures (2025-11-13 08:39:38 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Gyorgy Sarvari (1):
  musl: patch CVE-2025-26519

Richard Purdie (1):
  oe-build-perf-report: relax metadata matching rules

Soumya Sambu (2):
  elfutils: Fix CVE-2025-1376
  elfutils: Fix CVE-2025-1377

Vijay Anusuri (3):
  xwayland: Fix for CVE-2025-62229
  xwayland: Fix for CVE-2025-62230
  xwayland: Fix for CVE-2025-62231

 .../musl/musl/CVE-2025-26519-1.patch          | 39 ++++++++
 .../musl/musl/CVE-2025-26519-2.patch          | 38 ++++++++
 meta/recipes-core/musl/musl_git.bb            |  4 +-
 .../elfutils/elfutils_0.186.bb                |  2 +
 .../elfutils/files/CVE-2025-1376.patch        | 58 ++++++++++++
 .../elfutils/files/CVE-2025-1377.patch        | 68 ++++++++++++++
 .../xwayland/xwayland/CVE-2025-62229.patch    | 89 ++++++++++++++++++
 .../xwayland/xwayland/CVE-2025-62230-1.patch  | 63 +++++++++++++
 .../xwayland/xwayland/CVE-2025-62230-2.patch  | 92 +++++++++++++++++++
 .../xwayland/xwayland/CVE-2025-62231.patch    | 53 +++++++++++
 .../xwayland/xwayland_22.1.8.bb               |  4 +
 scripts/lib/build_perf/report.py              |  9 +-
 12 files changed, 515 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch

-- 
2.43.0

[OE-core][kirkstone 1/7] elfutils: Fix CVE-2025-1376

[Steve Sakoman]

From: Soumya Sambu <soumya.sambu@windriver.com>

A vulnerability classified as problematic was found in GNU elfutils 0.192. This
vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c
of the component eu-strip. The manipulation leads to denial of service. It is
possible to launch the attack on the local host. The complexity of an attack is
rather high. The exploitation appears to be difficult. The exploit has been
disclosed to the public and may be used. The name of the patch is
b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to
fix this issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-1376

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../elfutils/elfutils_0.186.bb                |  1 +
 .../elfutils/files/CVE-2025-1376.patch        | 58 +++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.186.bb b/meta/recipes-devtools/elfutils/elfutils_0.186.bb
index b945766b75..9f0fb43d50 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.186.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.186.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
            file://0001-debuginfod-debuginfod-client.c-use-long-for-cache-ti.patch \
            file://CVE-2025-1352.patch \
            file://CVE-2025-1372.patch \
+           file://CVE-2025-1376.patch \
            "
 SRC_URI:append:libc-musl = " \
            file://0003-musl-utils.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
new file mode 100644
index 0000000000..1f40add305
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1376.patch
@@ -0,0 +1,58 @@
+From b16f441cca0a4841050e3215a9f120a6d8aea918 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 13 Feb 2025 00:02:32 +0100
+Subject: [PATCH] libelf: Handle elf_strptr on section without any data
+
+In the unlikely situation that elf_strptr was called on a section with
+sh_size already set, but that doesn't have any data yet we could crash
+trying to verify the string to return.
+
+This could happen for example when a new section was created with
+elf_newscn, but no data having been added yet.
+
+        * libelf/elf_strptr.c (elf_strptr): Check strscn->rawdata_base
+        is not NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32672
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+CVE: CVE-2025-1376
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ libelf/elf_strptr.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c
+index c5a94f8..7be7f5e 100644
+--- a/libelf/elf_strptr.c
++++ b/libelf/elf_strptr.c
+@@ -1,5 +1,6 @@
+ /* Return string pointer from string section.
+    Copyright (C) 1998-2002, 2004, 2008, 2009, 2015 Red Hat, Inc.
++   Copyright (C) 2025 Mark J. Wielaard <mark@klomp.org>
+    This file is part of elfutils.
+    Contributed by Ulrich Drepper <drepper@redhat.com>, 1998.
+ 
+@@ -183,9 +184,12 @@ elf_strptr (Elf *elf, size_t idx, size_t offset)
+       // initialized yet (when data_read is zero). So we cannot just
+       // look at the rawdata.d.d_size.
+ 
+-      /* Make sure the string is NUL terminated.  Start from the end,
+-	 which very likely is a NUL char.  */
+-      if (likely (validate_str (strscn->rawdata_base, offset, sh_size)))
++      /* First check there actually is any data.  This could be a new
++         section which hasn't had any data set yet.  Then make sure
++         the string is at a valid offset and NUL terminated.  */
++      if (unlikely (strscn->rawdata_base == NULL))
++	__libelf_seterrno (ELF_E_INVALID_SECTION);
++      else if (likely (validate_str (strscn->rawdata_base, offset, sh_size)))
+ 	result = &strscn->rawdata_base[offset];
+       else
+ 	__libelf_seterrno (ELF_E_INVALID_INDEX);
+-- 
+2.40.0
+
-- 
2.43.0

[OE-core][kirkstone 2/7] elfutils: Fix CVE-2025-1377

[Steve Sakoman]

From: Soumya Sambu <soumya.sambu@windriver.com>

A vulnerability, which was classified as problematic, has been found in GNU elfutils
0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the
component eu-strip. The manipulation leads to denial of service. The attack needs to
be approached locally. The exploit has been disclosed to the public and may be used.
The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is
recommended to apply a patch to fix this issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-1377

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=fbf1df9ca286de3323ae541973b08449f8d03aba

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../elfutils/elfutils_0.186.bb                |  1 +
 .../elfutils/files/CVE-2025-1377.patch        | 68 +++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.186.bb b/meta/recipes-devtools/elfutils/elfutils_0.186.bb
index 9f0fb43d50..f97a97c673 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.186.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.186.bb
@@ -26,6 +26,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
            file://CVE-2025-1352.patch \
            file://CVE-2025-1372.patch \
            file://CVE-2025-1376.patch \
+           file://CVE-2025-1377.patch \
            "
 SRC_URI:append:libc-musl = " \
            file://0003-musl-utils.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
new file mode 100644
index 0000000000..de263738f2
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
@@ -0,0 +1,68 @@
+From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 13 Feb 2025 14:59:34 +0100
+Subject: [PATCH] strip: Verify symbol table is a real symbol table
+
+We didn't check the symbol table referenced from the relocation table
+was a real symbol table. This could cause a crash if that section
+happened to be an SHT_NOBITS section without any data. Fix this by
+adding an explicit check.
+
+       * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
+       message string to display.
+       (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
+       (remove_debug_relocations): Check the sh_link referenced
+       section is real and isn't a SHT_NOBITS section.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32673
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+
+CVE: CVE-2025-1377
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=fbf1df9ca286de3323ae541973b08449f8d03aba]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/strip.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/strip.c b/src/strip.c
+index d5b753d..0cfd8c8 100644
+--- a/src/strip.c
++++ b/src/strip.c
+@@ -127,13 +127,14 @@ static char *tmp_debug_fname = NULL;
+ /* Close debug file descriptor, if opened. And remove temporary debug file.  */
+ static void cleanup_debug (void);
+ 
+-#define INTERNAL_ERROR(fname) \
++#define INTERNAL_ERROR_MSG(fname, msg) \
+   do { \
+     cleanup_debug (); \
+     error (EXIT_FAILURE, 0, _("%s: INTERNAL ERROR %d (%s): %s"),      \
+-	   fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \
++	   fname, __LINE__, PACKAGE_VERSION, msg); \
+   } while (0)
+ 
++#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
+ 
+ /* Name of the output file.  */
+ static const char *output_fname;
+@@ -632,7 +633,13 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr,
+ 	     resolve relocation symbol indexes.  */
+ 	  Elf64_Word symt = shdr->sh_link;
+ 	  Elf_Data *symdata, *xndxdata;
+-	  Elf_Scn * symscn = elf_getscn (elf, symt);
++	  Elf_Scn *symscn = elf_getscn (elf, symt);GElf_Shdr symshdr_mem;
++          GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
++          if (symshdr == NULL)
++            INTERNAL_ERROR (fname);
++          if (symshdr->sh_type == SHT_NOBITS)
++            INTERNAL_ERROR_MSG (fname, "NOBITS section");
++
+ 	  symdata = elf_getdata (symscn, NULL);
+ 	  xndxdata = get_xndxdata (elf, symscn);
+ 	  if (symdata == NULL)
+-- 
+2.40.0
+
-- 
2.43.0

[OE-core][kirkstone 3/7] xwayland: Fix for CVE-2025-62229

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/xwayland/CVE-2025-62229.patch    | 89 +++++++++++++++++++
 .../xwayland/xwayland_22.1.8.bb               |  1 +
 2 files changed, 90 insertions(+)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch

diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
new file mode 100644
index 0000000000..634e8d44f1
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62229.patch
@@ -0,0 +1,89 @@
+From 5a4286b13f631b66c20f5bc8db7b68211dcbd1d0 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 2 Jul 2025 09:46:22 +0200
+Subject: [PATCH] present: Fix use-after-free in present_create_notifies()
+
+Using the Present extension, if an error occurs while processing and
+adding the notifications after presenting a pixmap, the function
+present_create_notifies() will clean up and remove the notifications
+it added.
+
+However, there are two different code paths that can lead to an error
+creating the notify, one being before the notify is being added to the
+list, and another one after the notify is added.
+
+When the error occurs before it's been added, it removes the elements up
+to the last added element, instead of the actual number of elements
+which were added.
+
+As a result, in case of error, as with an invalid window for example, it
+leaves a dangling pointer to the last element, leading to a use after
+free case later:
+
+ |  Invalid write of size 8
+ |     at 0x5361D5: present_clear_window_notifies (present_notify.c:42)
+ |     by 0x534A56: present_destroy_window (present_screen.c:107)
+ |     by 0x41E441: xwl_destroy_window (xwayland-window.c:1959)
+ |     by 0x4F9EC9: compDestroyWindow (compwindow.c:622)
+ |     by 0x51EAC4: damageDestroyWindow (damage.c:1592)
+ |     by 0x4FDC29: DbeDestroyWindow (dbe.c:1291)
+ |     by 0x4EAC55: FreeWindowResources (window.c:1023)
+ |     by 0x4EAF59: DeleteWindow (window.c:1091)
+ |     by 0x4DE59A: doFreeResource (resource.c:890)
+ |     by 0x4DEFB2: FreeClientResources (resource.c:1156)
+ |     by 0x4A9AFB: CloseDownClient (dispatch.c:3567)
+ |     by 0x5DCC78: ClientReady (connection.c:603)
+ |   Address 0x16126200 is 16 bytes inside a block of size 2,048 free'd
+ |     at 0x4841E43: free (vg_replace_malloc.c:989)
+ |     by 0x5363DD: present_destroy_notifies (present_notify.c:111)
+ |     by 0x53638D: present_create_notifies (present_notify.c:100)
+ |     by 0x5368E9: proc_present_pixmap_common (present_request.c:164)
+ |     by 0x536A7D: proc_present_pixmap (present_request.c:189)
+ |     by 0x536FA9: proc_present_dispatch (present_request.c:337)
+ |     by 0x4A1E4E: Dispatch (dispatch.c:561)
+ |     by 0x4B00F1: dix_main (main.c:284)
+ |     by 0x42879D: main (stubmain.c:34)
+ |   Block was alloc'd at
+ |     at 0x48463F3: calloc (vg_replace_malloc.c:1675)
+ |     by 0x5362A1: present_create_notifies (present_notify.c:81)
+ |     by 0x5368E9: proc_present_pixmap_common (present_request.c:164)
+ |     by 0x536A7D: proc_present_pixmap (present_request.c:189)
+ |     by 0x536FA9: proc_present_dispatch (present_request.c:337)
+ |     by 0x4A1E4E: Dispatch (dispatch.c:561)
+ |     by 0x4B00F1: dix_main (main.c:284)
+ |     by 0x42879D: main (stubmain.c:34)
+
+To fix the issue, count and remove the actual number of notify elements
+added in case of error.
+
+CVE-2025-62229, ZDI-CAN-27238
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2086>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0]
+CVE: CVE-2025-62229
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ present/present_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/present/present_notify.c b/present/present_notify.c
+index 7d19d9cfe1..fe84d1f070 100644
+--- a/present/present_notify.c
++++ b/present/present_notify.c
+@@ -92,7 +92,7 @@ present_create_notifies(ClientPtr client, int num_notifies, xPresentNotify *x_no
+         if (status != Success)
+             goto bail;
+ 
+-        added = i;
++        added++;
+     }
+     return Success;
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
index 73f5a05ce7..ba0ed6048e 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
@@ -50,6 +50,7 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
            file://CVE-2025-49178.patch \
            file://CVE-2025-49179.patch \
            file://CVE-2025-49180.patch \
+           file://CVE-2025-62229.patch \
 "
 SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
 
-- 
2.43.0

[OE-core][kirkstone 4/7] xwayland: Fix for CVE-2025-62230

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175
& https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/xwayland/CVE-2025-62230-1.patch  | 63 +++++++++++++
 .../xwayland/xwayland/CVE-2025-62230-2.patch  | 92 +++++++++++++++++++
 .../xwayland/xwayland_22.1.8.bb               |  2 +
 3 files changed, 157 insertions(+)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch

diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
new file mode 100644
index 0000000000..a3a0bae2d5
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-1.patch
@@ -0,0 +1,63 @@
+From 865089ca70840c0f13a61df135f7b44a9782a175 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 15:55:06 +0200
+Subject: [PATCH] xkb: Make the RT_XKBCLIENT resource private
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently, the resource in only available to the xkb.c source file.
+
+In preparation for the next commit, to be able to free the resources
+from XkbRemoveResourceClient(), make that variable private instead.
+
+This is related to:
+
+CVE-2025-62230, ZDI-CAN-27545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 99790a2c9205a52fbbec01f21a92c9b7f4ed1d8f)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175]
+CVE: CVE-2025-62230
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ include/xkbsrv.h | 2 ++
+ xkb/xkb.c        | 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/xkbsrv.h b/include/xkbsrv.h
+index fbb5427e1c..b2766277cf 100644
+--- a/include/xkbsrv.h
++++ b/include/xkbsrv.h
+@@ -58,6 +58,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ #include "inputstr.h"
+ #include "events.h"
+ 
++extern RESTYPE RT_XKBCLIENT;
++
+ typedef struct _XkbInterest {
+     DeviceIntPtr dev;
+     ClientPtr client;
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 5131bfcdf7..26d965d482 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -51,7 +51,7 @@ int XkbKeyboardErrorCode;
+ CARD32 xkbDebugFlags = 0;
+ static CARD32 xkbDebugCtrls = 0;
+ 
+-static RESTYPE RT_XKBCLIENT;
++RESTYPE RT_XKBCLIENT = 0;
+ 
+ /***====================================================================***/
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch
new file mode 100644
index 0000000000..0e4a69c64e
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62230-2.patch
@@ -0,0 +1,92 @@
+From 87fe2553937a99fd914ad0cde999376a3adc3839 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 15:58:57 +0200
+Subject: [PATCH] xkb: Free the XKB resource when freeing XkbInterest
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+XkbRemoveResourceClient() would free the XkbInterest data associated
+with the device, but not the resource associated with it.
+
+As a result, when the client terminates, the resource delete function
+gets called and accesses already freed memory:
+
+ | Invalid read of size 8
+ |   at 0x5BC0C0: XkbRemoveResourceClient (xkbEvents.c:1047)
+ |   by 0x5B3391: XkbClientGone (xkb.c:7094)
+ |   by 0x4DF138: doFreeResource (resource.c:890)
+ |   by 0x4DFB50: FreeClientResources (resource.c:1156)
+ |   by 0x4A9A59: CloseDownClient (dispatch.c:3550)
+ |   by 0x5E0A53: ClientReady (connection.c:601)
+ |   by 0x5E4FEF: ospoll_wait (ospoll.c:657)
+ |   by 0x5DC834: WaitForSomething (WaitFor.c:206)
+ |   by 0x4A1BA5: Dispatch (dispatch.c:491)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+ | Address 0x1893e278 is 184 bytes inside a block of size 928 free'd
+ |   at 0x4842E43: free (vg_replace_malloc.c:989)
+ |   by 0x49C1A6: CloseDevice (devices.c:1067)
+ |   by 0x49C522: CloseOneDevice (devices.c:1193)
+ |   by 0x49C6E4: RemoveDevice (devices.c:1244)
+ |   by 0x5873D4: remove_master (xichangehierarchy.c:348)
+ |   by 0x587921: ProcXIChangeHierarchy (xichangehierarchy.c:504)
+ |   by 0x579BF1: ProcIDispatch (extinit.c:390)
+ |   by 0x4A1D85: Dispatch (dispatch.c:551)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+ | Block was alloc'd at
+ |   at 0x48473F3: calloc (vg_replace_malloc.c:1675)
+ |   by 0x49A118: AddInputDevice (devices.c:262)
+ |   by 0x4A0E58: AllocDevicePair (devices.c:2846)
+ |   by 0x5866EE: add_master (xichangehierarchy.c:153)
+ |   by 0x5878C2: ProcXIChangeHierarchy (xichangehierarchy.c:493)
+ |   by 0x579BF1: ProcIDispatch (extinit.c:390)
+ |   by 0x4A1D85: Dispatch (dispatch.c:551)
+ |   by 0x4B0070: dix_main (main.c:277)
+ |   by 0x4285E7: main (stubmain.c:34)
+
+To avoid that issue, make sure to free the resources when freeing the
+device XkbInterest data.
+
+CVE-2025-62230, ZDI-CAN-27545
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 10c94238bdad17c11707e0bdaaa3a9cd54c504be)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839]
+CVE: CVE-2025-62230
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkbEvents.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
+index 0bbd661867..3d04ecf0c4 100644
+--- a/xkb/xkbEvents.c
++++ b/xkb/xkbEvents.c
+@@ -1056,6 +1056,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id)
+             autoCtrls = interest->autoCtrls;
+             autoValues = interest->autoCtrlValues;
+             client = interest->client;
++            FreeResource(interest->resource, RT_XKBCLIENT);
+             free(interest);
+             found = TRUE;
+         }
+@@ -1067,6 +1068,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id)
+                 autoCtrls = victim->autoCtrls;
+                 autoValues = victim->autoCtrlValues;
+                 client = victim->client;
++                FreeResource(victim->resource, RT_XKBCLIENT);
+                 free(victim);
+                 found = TRUE;
+             }
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
index ba0ed6048e..4fa88fbcff 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
@@ -51,6 +51,8 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
            file://CVE-2025-49179.patch \
            file://CVE-2025-49180.patch \
            file://CVE-2025-62229.patch \
+           file://CVE-2025-62230-1.patch \
+           file://CVE-2025-62230-2.patch \
 "
 SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
 
-- 
2.43.0

[OE-core][kirkstone 5/7] xwayland: Fix for CVE-2025-62231

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/xwayland/CVE-2025-62231.patch    | 53 +++++++++++++++++++
 .../xwayland/xwayland_22.1.8.bb               |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch

diff --git a/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
new file mode 100644
index 0000000000..4bcf362531
--- /dev/null
+++ b/meta/recipes-graphics/xwayland/xwayland/CVE-2025-62231.patch
@@ -0,0 +1,53 @@
+From 3baad99f9c15028ed8c3e3d8408e5ec35db155aa Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 10 Sep 2025 16:30:29 +0200
+Subject: [PATCH] xkb: Prevent overflow in XkbSetCompatMap()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The XkbCompatMap structure stores its "num_si" and "size_si" fields
+using an unsigned short.
+
+However, the function _XkbSetCompatMap() will store the sum of the
+input data "firstSI" and "nSI" in both XkbCompatMap's "num_si" and
+"size_si" without first checking if the sum overflows the maximum
+unsigned short value, leading to a possible overflow.
+
+To avoid the issue, check whether the sum does not exceed the maximum
+unsigned short value, or return a "BadValue" error otherwise.
+
+CVE-2025-62231, ZDI-CAN-27560
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
+(cherry picked from commit 475d9f49acd0e55bc0b089ed77f732ad18585470)
+
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2087>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa]
+CVE: CVE-2025-62231
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 26d965d482..137d70da27 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -2992,6 +2992,8 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+ 
++        if ((unsigned) (req->firstSI + req->nSI) > USHRT_MAX)
++            return BadValue;
+         if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
+             compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
index 4fa88fbcff..745a2dd2ef 100644
--- a/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_22.1.8.bb
@@ -53,6 +53,7 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
            file://CVE-2025-62229.patch \
            file://CVE-2025-62230-1.patch \
            file://CVE-2025-62230-2.patch \
+           file://CVE-2025-62231.patch \
 "
 SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
 
-- 
2.43.0

[OE-core][kirkstone 6/7] musl: patch CVE-2025-26519

[Steve Sakoman]

From: Gyorgy Sarvari <skandigraun@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26519

Pick the patches that are attached to the musl advisory:
https://www.openwall.com/lists/musl/2025/02/13/1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../musl/musl/CVE-2025-26519-1.patch          | 39 +++++++++++++++++++
 .../musl/musl/CVE-2025-26519-2.patch          | 38 ++++++++++++++++++
 meta/recipes-core/musl/musl_git.bb            |  4 +-
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
 create mode 100644 meta/recipes-core/musl/musl/CVE-2025-26519-2.patch

diff --git a/meta/recipes-core/musl/musl/CVE-2025-26519-1.patch b/meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
new file mode 100644
index 0000000000..a9ea3b4149
--- /dev/null
+++ b/meta/recipes-core/musl/musl/CVE-2025-26519-1.patch
@@ -0,0 +1,39 @@
+From 345d2a053c32f3443dbfdd313f49346ce30b92f8 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 19 Nov 2025 13:23:38 +0100
+Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder
+
+as a result of incorrect bounds checking on the lead byte being
+decoded, certain invalid inputs which should produce an encoding
+error, such as "\xc8\x41", instead produced out-of-bounds loads from
+the ksc table.
+
+in a worst case, the loaded value may not be a valid unicode scalar
+value, in which case, if the output encoding was UTF-8, wctomb would
+return (size_t)-1, causing an overflow in the output pointer and
+remaining buffer size which could clobber memory outside of the output
+buffer.
+
+bug report was submitted in private by Nick Wellnhofer on account of
+potential security implications.
+
+CVE: CVE-2025-26519
+Upstream-Status: Backport [https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/locale/iconv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 3047c27b..1fb66bc8 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 			if (c >= 93 || d >= 94) {
+ 				c += (0xa1-0x81);
+ 				d += 0xa1;
+-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
++				if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
+ 					goto ilseq;
+ 				if (d-'A'<26) d = d-'A';
+ 				else if (d-'a'<26) d = d-'a'+26;
diff --git a/meta/recipes-core/musl/musl/CVE-2025-26519-2.patch b/meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
new file mode 100644
index 0000000000..82a09af535
--- /dev/null
+++ b/meta/recipes-core/musl/musl/CVE-2025-26519-2.patch
@@ -0,0 +1,38 @@
+From b81230050f6c3348038fe470d260028824b9a9e5 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 19 Nov 2025 13:27:15 +0100
+Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
+ bugs
+
+the UTF-8 output code was written assuming an invariant that iconv's
+decoders only emit valid Unicode Scalar Values which wctomb can encode
+successfully, thereby always returning a value between 1 and 4.
+
+if this invariant is not satisfied, wctomb returns (size_t)-1, and the
+subsequent adjustments to the output buffer pointer and remaining
+output byte count overflow, moving the output position backwards,
+potentially past the beginning of the buffer, without storing any
+bytes.
+
+CVE: CVE-2025-26519
+Upstream-Status: Backport [https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/locale/iconv.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 1fb66bc8..fb1d3217 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 				if (*outb < k) goto toobig;
+ 				memcpy(*out, tmp, k);
+ 			} else k = wctomb_utf8(*out, c);
++			/* This failure condition should be unreachable, but
++			 * is included to prevent decoder bugs from translating
++			 * into advancement outside the output buffer range. */
++			if (k>4) goto ilseq;
+ 			*out += k;
+ 			*outb -= k;
+ 			break;
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index 4b85401360..f24da3b2cb 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -15,7 +15,9 @@ PV = "${BASEVER}+git${SRCPV}"
 SRC_URI = "git://git.musl-libc.org/musl;branch=master \
            file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
            file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \
-          "
+           file://CVE-2025-26519-1.patch \
+           file://CVE-2025-26519-2.patch \
+           "
 
 S = "${WORKDIR}/git"
 
-- 
2.43.0

[OE-core][kirkstone 7/7] oe-build-perf-report: relax metadata matching rules

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

As the poky repository is no longer used, measurements are indexed using
the oe-core commit. But as bitbake, oe-core and meta-yocto are now
retrieved from separate gits, while measuring performances for a given branch
at some time interval, we can get the same commit for oe-core but
different ones for bitbake or meta-yocto. As a consequence, metadata
associated with the same index (oe-core commit) might differ.

To work around this, relax the equality checks for commit, commit_time
and commit_count since they might no longer match.

Ideally we'd group them into separate results but for now, treat them
as being the same.

[Based on work from Mathieu Dubois-Briand but fixed differently]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e7dc42e30c76bf0fbb4d3cc019bbec675bac55fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/build_perf/report.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/lib/build_perf/report.py b/scripts/lib/build_perf/report.py
index ab77424cc7..a143b74653 100644
--- a/scripts/lib/build_perf/report.py
+++ b/scripts/lib/build_perf/report.py
@@ -137,9 +137,12 @@ def results_xml_to_json(elem):
 
 def aggregate_metadata(metadata):
     """Aggregate metadata into one, basically a sanity check"""
-    mutable_keys = ('pretty_name', 'version_id')
 
-    def aggregate_obj(aggregate, obj, assert_str=True):
+    # A given OE-Core commit may point at different meta-yocto/bitbake commits so we have
+    # to ignore commit/commit_count/commit_time differences
+    mutable_keys = ('pretty_name', 'version_id', 'commit', 'commit_count', 'commit_time')
+
+    def aggregate_obj(aggregate, obj, assert_obj=True):
         """Aggregate objects together"""
         assert type(aggregate) is type(obj), \
                 "Type mismatch: {} != {}".format(type(aggregate), type(obj))
@@ -151,7 +154,7 @@ def aggregate_metadata(metadata):
             assert len(aggregate) == len(obj)
             for i, val in enumerate(obj):
                 aggregate_obj(aggregate[i], val)
-        elif not isinstance(obj, str) or (isinstance(obj, str) and assert_str):
+        elif assert_obj:
             assert aggregate == obj, "Data mismatch {} != {}".format(aggregate, obj)
 
     if not metadata:
-- 
2.43.0