kirkstone: subtree updates
meta-raspberrypi: 2a06e4e84b..43683cb14b:
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
meta-openembedded: df452d9d98..f95484417e:
Arsalan H. Awan (1):
meta-networking/licenses/netperf: remove unused license
Bhargav Das (2):
tslib: Add native & nativestdk package support
pointercal: Add native & nativestdk package support
Changqing Li (1):
redis: fix do_patch fuzz warning
Chee Yang Lee (3):
tinyproxy: fix CVE-2022-40468
capnproto: upgrade to 0.9.2
freerdp: fix CVE-2022-39316/39318/39319
Gianluigi Spagnuolo (1):
libbpf: add native and nativesdk BBCLASSEXTEND
Jasper Orschulko (1):
python3-gcovr: Add missing runtime dependency
Jonas Gorski (3):
frr: Security fix CVE-2022-36440 / CVE-2022-40302
frr: Security fix CVE-2022-40318
frr: Security fix CVE-2022-43681
Khem Raj (1):
nodejs: Fix build with gcc13
Martin Jansa (1):
abseil-cpp: backport a fix for build with gcc-13
Narpat Mali (3):
python3-werkzeug: fix for CVE-2023-25577
python3-django: upgrade 4.0.2 -> 4.2.1
python3-m2crypto: fix for CVE-2020-25657
Natasha Bailey (1):
libyang: backport a fix for CVE-2023-26916
Valeria Petrov (1):
apache2: upgrade 2.4.56 -> 2.4.57
Xiangyu Chen (3):
pahole: fix native package build error
Revert "pahole: fix native package build error"
libbpf: installing uapi headers for native package
poky: 4cc0e9438b..43b94d2b84:
Alexander Kanavin (1):
dhcpcd: use git instead of tarballs
Archana Polampalli (4):
nasm: fix CVE-2022-44370
git: fix CVE-2023-29007
git: fix CVE-2023-25652
git: ignore CVE-2023-25815
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Bhabu Bindu (4):
curl: Fix CVE-2023-28319
curl: Fix CVE-2023-28320
curl: Fix CVE-2023-28321
curl: Fix CVE-2023-28322
Bruce Ashfield (9):
linux-yocto/5.15: update to v5.15.106
linux-yocto/5.15: update to v5.15.107
linux-yocto/5.15: update to v5.15.108
kernel: improve initramfs bundle processing time
linux-yocto/5.10: update to v5.10.176
linux-yocto/5.10: update to v5.10.177
linux-yocto/5.10: update to v5.10.178
linux-yocto/5.10: update to v5.10.179
linux-yocto/5.10: update to v5.10.180
C. Andy Martin (1):
systemd-networkd: backport fix for rm unmanaged wifi
Christoph Lauer (1):
populate_sdk_base: add zip options
Daniel Ammann (1):
overview-manual: concepts.rst: Fix a typo
Deepthi Hemraj (5):
glibc: stable 2.35 branch updates.
binutils : Fix CVE-2023-25584
binutils : Fix CVE-2023-25585
binutils : Fix CVE-2023-1972
binutils : Fix CVE-2023-25588
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Eero Aaltonen (1):
avahi: fix D-Bus introspection
Enrico Jörns (1):
package_manager/ipk: fix config path generation in _create_custom_config()
Hitendra Prajapati (2):
connman: fix CVE-2023-28488 DoS in client.c
sysstat: Fix CVE-2023-33204
Jan Luebbe (1):
p11-kit: add native to BBCLASSEXTEND
Joe Slater (1):
ghostscript: fix CVE-2023-29979
Kai Kang (1):
webkitgtk: fix CVE-2022-32888 & CVE-2022-32923
Khem Raj (2):
gcc-runtime: Use static dummy libstdc++
quilt: Fix merge.test race condition
Lee Chee Yang (1):
migration-guides: add release notes for 4.0.10
Marek Vasut (1):
cpio: Fix wrong CRC with ASCII CRC for large files
Martin Jansa (3):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
llvm: backport a fix for build with gcc-13
kernel-devicetree: make shell scripts posix compliant
Martin Siegumfeldt (1):
systemd-systemctl: fix instance template WantedBy symlink construction
Michael Halstead (2):
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Michael Opdenacker (2):
conf.py: add macro for Mitre CVE links
migration-guides: use new cve_mitre macro
Ming Liu (1):
weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland
Mingli Yu (1):
ruby: Fix CVE-2023-28755
Narpat Mali (3):
ffmpeg: fix for CVE-2022-48434
python3-cryptography: fix for CVE-2023-23931
python3-requests: fix for CVE-2023-32681
Omkar Patil (1):
curl: Correction for CVE-2023-27536
Pablo Saavedra (1):
gstreamer1.0: upgrade 1.20.5 -> 1.20.6
Pascal Bach (1):
cmake: add CMAKE_SYSROOT to generated toolchain file
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Kjellerstedt (1):
license.bbclass: Include LICENSE in the output when it fails to parse
Peter Marko (2):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
openssl: Upgrade 3.0.8 -> 3.0.9
Piotr Łobacz (1):
libarchive: Enable acls, xattr for native as well as target
Quentin Schulz (1):
Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"
Randolph Sapp (4):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
kernel-devicetree: allow specification of dtb directory
package: enable recursion on file globs
kernel-devicetree: recursively search for dtbs
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Richard Purdie (3):
maintainers.inc: Fix email address typo
maintainers.inc: Move repo to unassigned
selftest/reproducible: Allow native/cross reuse in test
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Ross Burton (1):
xserver-xorg: backport fix for CVE-2023-1393
Sakib Sajal (1):
go: fix CVE-2023-24540
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Soumya (1):
perl: fix CVE-2023-31484
Steve Sakoman (3):
Revert "xserver-xorg: backport fix for CVE-2023-1393"
poky.conf: bump version for 4.0.10
build-appliance-image: Update to kirkstone head revision
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
Tom Hochstein (2):
piglit: Add PACKAGECONFIG for glx and opencl
piglit: Add missing glslang dependencies
Upgrade Helper (1):
waffle: upgrade 1.7.0 -> 1.7.2
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
Vivek Kumbhar (3):
freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
go: fix CVE-2023-24534 denial of service from excessive memory allocation
go: fix CVE-2023-24539 html/template improper sanitization of CSS values
Wang Mingyu (2):
wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
xserver-xorg: upgrade 21.1.7 -> 21.1.8
Yoann Congal (1):
linux-yocto: Exclude 121 CVEs already fixed upstream
Yogita Urade (2):
xorg-lib-common: Add variable to set tarball type
libxpm: upgrade 3.5.13 -> 3.5.15
Zhixiong Chi (1):
libpam: Fix the xtests/tst-pam_motd[1|3] failures
Zoltan Boszormenyi (1):
piglit: Fix build time dependency
bkylerussell@gmail.com (1):
kernel-devsrc: depend on python3-core instead of python3
leimaohui (1):
nghttp2: Deleted the entries for -client and -server, and removed a dependency on them from the main package.
meta-security: cc20e2af2a..d398cc6ea6:
Armin Kuster (1):
apparmor: fix ownership issues
Josh Harley (1):
Add EROFS support to dm-verity-img class
Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images
Peter Marko (1):
tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I683201033cfd1b1135738f49b0faf6df2e6348b6
diff --git a/meta-openembedded/meta-networking/licenses/netperf b/meta-openembedded/meta-networking/licenses/netperf
deleted file mode 100644
index 3f3ceb2..0000000
--- a/meta-openembedded/meta-networking/licenses/netperf
+++ /dev/null
@@ -1,43 +0,0 @@
-
-
- Copyright (C) 1993 Hewlett-Packard Company
- ALL RIGHTS RESERVED.
-
- The enclosed software and documentation includes copyrighted works
- of Hewlett-Packard Co. For as long as you comply with the following
- limitations, you are hereby authorized to (i) use, reproduce, and
- modify the software and documentation, and to (ii) distribute the
- software and documentation, including modifications, for
- non-commercial purposes only.
-
- 1. The enclosed software and documentation is made available at no
- charge in order to advance the general development of
- high-performance networking products.
-
- 2. You may not delete any copyright notices contained in the
- software or documentation. All hard copies, and copies in
- source code or object code form, of the software or
- documentation (including modifications) must contain at least
- one of the copyright notices.
-
- 3. The enclosed software and documentation has not been subjected
- to testing and quality control and is not a Hewlett-Packard Co.
- product. At a future time, Hewlett-Packard Co. may or may not
- offer a version of the software and documentation as a product.
-
- 4. THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS".
- HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE,
- REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
- DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL
- PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR
- DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES,
- EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE
- DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
- 5. HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY
- DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
- (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION,
- MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION.
-
-
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch
new file mode 100644
index 0000000..c06de49
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch
@@ -0,0 +1,71 @@
+From 02a0e45f66160f571196a105b217e1bb84d1a835 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 30 Sep 2022 08:51:45 -0400
+Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
+ peek_for_as4_capability
+
+In peek_for_as4_capability the code is checking that the
+stream has at least 2 bytes to read ( the opt_type and the
+opt_length ). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+is configured then FRR is reading 3 bytes. Which is not good
+since the packet could be badly formated. Ensure that
+FRR has the appropriate data length to read the data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 3e46b43e3788f0f87bae56a86b54d412b4710286)
+
+CVE: CVE-2022-36440
+CVE: CVE-2022-40302
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/02a0e45f66160f571196a105b217e1bb84d1a835]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_open.c | 27 +++++++++++++++++++++------
+ 1 file changed, 21 insertions(+), 6 deletions(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index c2562c75d3fc..fe4c24a8c979 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -1116,15 +1116,30 @@ as_t peek_for_as4_capability(struct peer *peer, uint16_t length)
+ uint8_t opt_type;
+ uint16_t opt_length;
+
+- /* Check the length. */
+- if (stream_get_getp(s) + 2 > end)
++ /* Ensure we can read the option type */
++ if (stream_get_getp(s) + 1 > end)
+ goto end;
+
+- /* Fetch option type and length. */
++ /* Fetch the option type */
+ opt_type = stream_getc(s);
+- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+- ? stream_getw(s)
+- : stream_getc(s);
++
++ /*
++ * Check the length and fetch the opt_length
++ * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
++ * then we do a getw which is 2 bytes. So we need to
++ * ensure that we can read that as well
++ */
++ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
++ if (stream_get_getp(s) + 2 > end)
++ goto end;
++
++ opt_length = stream_getw(s);
++ } else {
++ if (stream_get_getp(s) + 1 > end)
++ goto end;
++
++ opt_length = stream_getc(s);
++ }
+
+ /* Option length check. */
+ if (stream_get_getp(s) + opt_length > end)
+--
+2.40.1
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch
new file mode 100644
index 0000000..9d6dcfb
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch
@@ -0,0 +1,81 @@
+From 72088b05d469a6b6a8b9a2b250885246ea0c2acb Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Fri, 30 Sep 2022 08:57:43 -0400
+Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in
+ bgp_open_option_parse
+
+In bgp_open_option_parse the code is checking that the
+stream has at least 2 bytes to read ( the opt_type and
+the opt_length). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+is configured then FRR is reading 3 bytes. Which is not good
+since the packet could be badly formateed. Ensure that
+FRR has the appropriate data length to read the data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 1117baca3c592877a4d8a13ed6a1d9bd83977487)
+
+CVE: CVE-2022-40318
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/72088b05d469a6b6a8b9a2b250885246ea0c2acb]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_open.c | 35 ++++++++++++++++++++++++++++-------
+ 1 file changed, 28 insertions(+), 7 deletions(-)
+
+diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c
+index fe4c24a8c979..de550d2ac607 100644
+--- a/bgpd/bgp_open.c
++++ b/bgpd/bgp_open.c
+@@ -1209,19 +1209,40 @@ int bgp_open_option_parse(struct peer *peer, uint16_t length,
+ uint8_t opt_type;
+ uint16_t opt_length;
+
+- /* Must have at least an OPEN option header */
+- if (STREAM_READABLE(s) < 2) {
++ /*
++ * Check that we can read the opt_type and fetch it
++ */
++ if (STREAM_READABLE(s) < 1) {
+ zlog_info("%s Option length error", peer->host);
+ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
+ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
+ return -1;
+ }
+-
+- /* Fetch option type and length. */
+ opt_type = stream_getc(s);
+- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)
+- ? stream_getw(s)
+- : stream_getc(s);
++
++ /*
++ * Check the length of the stream to ensure that
++ * FRR can properly read the opt_length. Then read it
++ */
++ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) {
++ if (STREAM_READABLE(s) < 2) {
++ zlog_info("%s Option length error", peer->host);
++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++ return -1;
++ }
++
++ opt_length = stream_getw(s);
++ } else {
++ if (STREAM_READABLE(s) < 1) {
++ zlog_info("%s Option length error", peer->host);
++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++ return -1;
++ }
++
++ opt_length = stream_getc(s);
++ }
+
+ /* Option length check. */
+ if (STREAM_READABLE(s) < opt_length) {
+--
+2.40.1
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch
new file mode 100644
index 0000000..77a011d
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch
@@ -0,0 +1,58 @@
+From f316975cedd8ef17d47b56be0d3d21711fe44a25 Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Wed, 2 Nov 2022 13:24:48 -0400
+Subject: [PATCH] bgpd: Ensure that bgp open message stream has enough data to
+ read
+
+If a operator receives an invalid packet that is of insufficient size
+then it is possible for BGP to assert during reading of the packet
+instead of gracefully resetting the connection with the peer.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+(cherry picked from commit 766eec1b7accffe2c04a5c9ebb14e9f487bb9f78)
+
+CVE: CVE-2022-43681
+
+Upstream-Status: Backport
+[https://github.com/FRRouting/frr/commit/766eec1b7accffe2c04a5c9ebb14e9f487bb9f78]
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+---
+ bgpd/bgp_packet.c | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index bcd47e32d453..5225db29fe09 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -1176,8 +1176,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
+ || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) {
+ uint8_t opttype;
+
++ if (STREAM_READABLE(peer->curr) < 1) {
++ flog_err(
++ EC_BGP_PKT_OPEN,
++ "%s: stream does not have enough bytes for extended optional parameters",
++ peer->host);
++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++ return BGP_Stop;
++ }
++
+ opttype = stream_getc(peer->curr);
+ if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) {
++ if (STREAM_READABLE(peer->curr) < 2) {
++ flog_err(
++ EC_BGP_PKT_OPEN,
++ "%s: stream does not have enough bytes to read the extended optional parameters optlen",
++ peer->host);
++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR,
++ BGP_NOTIFY_OPEN_MALFORMED_ATTR);
++ return BGP_Stop;
++ }
+ optlen = stream_getw(peer->curr);
+ SET_FLAG(peer->sflags,
+ PEER_STATUS_EXT_OPT_PARAMS_LENGTH);
+--
+2.40.1
+
diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index 80f4729..92aca8e 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -13,6 +13,9 @@
file://CVE-2022-37035.patch \
file://CVE-2022-37032.patch \
file://CVE-2022-42917.patch \
+ file://CVE-2022-36440.patch \
+ file://CVE-2022-40318.patch \
+ file://CVE-2022-43681.patch \
file://frr.pam \
"
diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
new file mode 100644
index 0000000..4e2157c
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
@@ -0,0 +1,33 @@
+From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 8 Sep 2022 15:18:04 +0000
+Subject: [PATCH] prevent junk from showing up in error page in invalid
+ requests
+
+fixes #457
+
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
+Upstream-Status: Backport
+CVE: CVE-2022-40468
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ src/reqs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index bce69819..45db118d 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
+ goto fail;
+ }
+
++ /* zero-terminate the strings so they don't contain junk in error page */
++ request->method[0] = url[0] = request->protocol[0] = 0;
++
+ ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+ request->method, url, request->protocol);
++
+ if (ret == 2 && !strcasecmp (request->method, "GET")) {
+ request->protocol[0] = 0;
+
diff --git a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
index 388f7ae..4ddb202 100644
--- a/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
+++ b/meta-openembedded/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb
@@ -7,6 +7,7 @@
file://disable-documentation.patch \
file://tinyproxy.service \
file://tinyproxy.conf \
+ file://CVE-2022-40468.patch \
"
SRC_URI[md5sum] = "658db5558ffb849414341b756a546a99"
diff --git a/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb b/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
index d3e7973..9b72ffe 100644
--- a/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
+++ b/meta-openembedded/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb
@@ -20,3 +20,5 @@
ALLOW_EMPTY:${PN} = "1"
PACKAGE_ARCH = "${MACHINE_ARCH}"
INHIBIT_DEFAULT_DEPS = "1"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch
new file mode 100644
index 0000000..88f3816
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch
@@ -0,0 +1,31 @@
+From b436bc4ef31e29d73363d60b84e77eb419f46c50 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Fri, 27 May 2022 22:27:58 +0100
+Subject: [PATCH] absl/strings/internal/str_format/extension.h: add missing
+ <stdint.h> include
+
+Without the change absl-cpp build fails on this week's gcc-13 snapshot as:
+
+ /build/abseil-cpp/absl/strings/internal/str_format/extension.h:34:33: error: found ':' in nested-name-specifier, expected '::'
+ 34 | enum class FormatConversionChar : uint8_t;
+ | ^
+ | ::
+
+Upstream-Status: Backport [20220623.0 36a4b073f1e7e02ed7d1ac140767e36f82f09b7c]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ absl/strings/internal/str_format/extension.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/absl/strings/internal/str_format/extension.h b/absl/strings/internal/str_format/extension.h
+index c47536d6..08c3fbeb 100644
+--- a/absl/strings/internal/str_format/extension.h
++++ b/absl/strings/internal/str_format/extension.h
+@@ -17,6 +17,7 @@
+ #define ABSL_STRINGS_INTERNAL_STR_FORMAT_EXTENSION_H_
+
+ #include <limits.h>
++#include <stdint.h>
+
+ #include <cstddef>
+ #include <cstring>
diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
index 1bb27d4..30eef75 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
@@ -14,6 +14,7 @@
file://0001-absl-always-use-asm-sgidefs.h.patch \
file://0002-Remove-maes-option-from-cross-compilation.patch \
file://abseil-ppc-fixes.patch \
+ file://0001-absl-strings-internal-str_format-extension.h-add-mis.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb b/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
similarity index 93%
rename from meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb
rename to meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
index d14bd84..d114ad0 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb
@@ -7,7 +7,7 @@
SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \
"
-SRCREV = "b49431c48d40490ef979247d308af63345376cee"
+SRCREV = "0274bf17374df912ea834687c667bed33bd318db"
S = "${WORKDIR}/git/c++"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch
new file mode 100644
index 0000000..bff3497
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/gcc13.patch
@@ -0,0 +1,75 @@
+From 576aed71db7b40c90b44c623580629792a606928 Mon Sep 17 00:00:00 2001
+From: Jiawen Geng <technicalcute@gmail.com>
+Date: Fri, 14 Oct 2022 09:54:33 +0800
+Subject: [PATCH] deps: V8: cherry-pick c2792e58035f
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Original commit message:
+
+ [base] Fix build with gcc-13
+
+ See https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes.
+
+ Also see Gentoo Linux bug report: https://bugs.gentoo.org/865981
+
+ Change-Id: I421f396b02ba37e12ee70048ee33e034f8113566
+ Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3934140
+ Reviewed-by: Clemens Backes <clemensb@chromium.org>
+ Reviewed-by: Simon Zünd <szuend@chromium.org>
+ Commit-Queue: Clemens Backes <clemensb@chromium.org>
+ Cr-Commit-Position: refs/heads/main@{#83587}
+
+Refs: https://github.com/v8/v8/commit/c2792e58035fcbaa16d0cb70998852fbeb5df4cc
+PR-URL: https://github.com/nodejs/node/pull/44961
+Fixes: https://github.com/nodejs/node/issues/43642
+Reviewed-By: Michaël Zasso <targos@protonmail.com>
+Reviewed-By: Richard Lau <rlau@redhat.com>
+Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
+Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
+
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/0be1c5728173ea9ac42843058e26b6268568acf0]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ deps/v8/AUTHORS | 1 +
+ deps/v8/src/base/logging.h | 1 +
+ deps/v8/src/inspector/v8-string-conversions.h | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/deps/v8/AUTHORS b/deps/v8/AUTHORS
+index 35c49a01..736d3df9 100644
+--- a/deps/v8/AUTHORS
++++ b/deps/v8/AUTHORS
+@@ -236,6 +236,7 @@ Vlad Burlik <vladbph@gmail.com>
+ Vladimir Krivosheev <develar@gmail.com>
+ Vladimir Shutoff <vovan@shutoff.ru>
+ Wael Almattar <waelsy123@gmail.com>
++WANG Xuerui <git@xen0n.name>
+ Wei Wu <lazyparser@gmail.com>
+ Wenlu Wang <kingwenlu@gmail.com>
+ Wenyu Zhao <wenyu.zhao@anu.edu.au>
+diff --git a/deps/v8/src/base/logging.h b/deps/v8/src/base/logging.h
+index 08db24a9..38be165f 100644
+--- a/deps/v8/src/base/logging.h
++++ b/deps/v8/src/base/logging.h
+@@ -5,6 +5,7 @@
+ #ifndef V8_BASE_LOGGING_H_
+ #define V8_BASE_LOGGING_H_
+
++#include <cstdint>
+ #include <cstring>
+ #include <sstream>
+ #include <string>
+diff --git a/deps/v8/src/inspector/v8-string-conversions.h b/deps/v8/src/inspector/v8-string-conversions.h
+index c1d69c18..eb33c681 100644
+--- a/deps/v8/src/inspector/v8-string-conversions.h
++++ b/deps/v8/src/inspector/v8-string-conversions.h
+@@ -5,6 +5,7 @@
+ #ifndef V8_INSPECTOR_V8_STRING_CONVERSIONS_H_
+ #define V8_INSPECTOR_V8_STRING_CONVERSIONS_H_
+
++#include <cstdint>
+ #include <string>
+
+ // Conversion routines between UT8 and UTF16, used by string-16.{h,cc}. You may
diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb
index 0661fd6..dfc4af3 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_16.19.1.bb
@@ -26,6 +26,7 @@
file://0001-liftoff-Correct-function-signatures.patch \
file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \
file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \
+ file://gcc13.patch \
"
SRC_URI:append:class-target = " \
file://0001-Using-native-binaries.patch \
diff --git a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
new file mode 100644
index 0000000..f3af3db
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch
@@ -0,0 +1,57 @@
+From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Mon, 13 Feb 2023 10:23:13 +0100
+Subject: [PATCH] schema compile UPDATE do not implement 2 same modules
+
+CVE: CVE-2023-26916
+Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096]
+
+Refs #1979
+---
+ src/schema_compile.c | 20 +++++++-------------
+ 1 file changed, 7 insertions(+), 13 deletions(-)
+
+diff --git a/src/schema_compile.c b/src/schema_compile.c
+index ed768ba0..68c0d681 100644
+--- a/src/schema_compile.c
++++ b/src/schema_compile.c
+@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod)
+ LY_ERR
+ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres)
+ {
+- LY_ERR ret;
++ LY_ERR r;
+ struct lys_module *m;
+
+ assert(!mod->implemented);
+@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr
+ m = ly_ctx_get_module_implemented(mod->ctx, mod->name);
+ if (m) {
+ assert(m != mod);
+- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) {
+- /* special case for newer internal module, continue */
+- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.",
+- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+- } else {
+- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
+- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
+- return LY_EDENIED;
+- }
++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".",
++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>");
++ return LY_EDENIED;
+ }
+
+ /* set features */
+- ret = lys_set_features(mod->parsed, features);
+- if (ret && (ret != LY_EEXIST)) {
+- return ret;
++ r = lys_set_features(mod->parsed, features);
++ if (r && (r != LY_EEXIST)) {
++ return r;
+ }
+
+ /*
+--
+2.34.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
index 2817be7..7875c1e 100644
--- a/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb
@@ -11,6 +11,7 @@
SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \
file://libyang-add-stdint-h.patch \
file://run-ptest \
+ file://CVE-2023-26916.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch b/meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch
similarity index 100%
rename from meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch
rename to meta-openembedded/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE-7.patch
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb
index e6bfa22..4626044 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.11.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=8ffdd6c926faaece928cf9d9640132d2"
DEPENDS = "readline lua ncurses"
-FILESPATH =. "${FILE_DIRNAME}/${PN}-7:"
+FILESPATH =. "${FILE_DIRNAME}/${BPN}-7:"
SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
file://redis.conf \
@@ -16,7 +16,7 @@
file://lua-update-Makefile-to-use-environment-build-setting.patch \
file://oe-use-libc-malloc.patch \
file://0001-src-Do-not-reset-FINAL_LIBS.patch \
- file://GNU_SOURCE.patch \
+ file://GNU_SOURCE-7.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
"
SRC_URI[sha256sum] = "ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3"
diff --git a/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
index c2000b2..cb25632 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/tslib/tslib_1.22.bb
@@ -81,3 +81,5 @@
FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \
${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
index 461e6b0..5f687b2 100644
--- a/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
+++ b/meta-openembedded/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb
@@ -17,6 +17,7 @@
S = "${WORKDIR}/git/src"
EXTRA_OEMAKE += "DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}"
+EXTRA_OEMAKE:append:class-native = " UAPIDIR=${includedir}"
inherit pkgconfig
@@ -27,3 +28,9 @@
do_install() {
oe_runmake install
}
+
+do_install:append:class-native() {
+ oe_runmake install_uapi_headers
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch
new file mode 100644
index 0000000..a60b285
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch
@@ -0,0 +1,53 @@
+https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0
+CVE: CVE-2022-39316
+Upstream-Status: Backport
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 09:09:28 +0200
+Subject: [PATCH] Added missing length checks in zgfx_decompress_segment
+
+(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816)
+---
+ libfreerdp/codec/zgfx.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c
+index 20fbd354571..e260aa6e28a 100644
+--- a/libfreerdp/codec/zgfx.c
++++ b/libfreerdp/codec/zgfx.c
+@@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t
+ BYTE* pbSegment;
+ size_t cbSegment;
+
+- if (!zgfx || !stream)
++ if (!zgfx || !stream || (segmentSize < 2))
+ return FALSE;
+
+ cbSegment = segmentSize - 1;
+
+- if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) ||
+- (segmentSize > UINT32_MAX))
++ if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX))
+ return FALSE;
+
+ Stream_Read_UINT8(stream, flags); /* header (1 byte) */
+ zgfx->OutputCount = 0;
+ pbSegment = Stream_Pointer(stream);
+- Stream_Seek(stream, cbSegment);
++ if (!Stream_SafeSeek(stream, cbSegment))
++ return FALSE;
+
+ if (!(flags & PACKET_COMPRESSED))
+ {
+@@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t
+ if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount)
+ return FALSE;
+
++ if (count > zgfx->cBitsRemaining / 8)
++ return FALSE;
++
+ CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent,
+ count);
+ zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count);
diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch
new file mode 100644
index 0000000..76a9e00
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch
@@ -0,0 +1,41 @@
+https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea
+CVE: CVE-2022-39318 CVE-2022-39319
+Upstream-Status: Backport
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 08:27:41 +0200
+Subject: [PATCH] Fixed division by zero in urbdrc
+
+(cherry picked from commit 731f8419d04b481d7160de1f34062d630ed48765)
+---
+ channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c
+index 505c31d7b55..ef87f195f38 100644
+--- a/channels/urbdrc/client/libusb/libusb_udevice.c
++++ b/channels/urbdrc/client/libusb/libusb_udevice.c
+@@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c
+ if (!Buffer)
+ Stream_Seek(user_data->data, (NumberOfPackets * 12));
+
+- iso_packet_size = BufferSize / NumberOfPackets;
+- iso_transfer = libusb_alloc_transfer(NumberOfPackets);
++ if (NumberOfPackets > 0)
++ {
++ iso_packet_size = BufferSize / NumberOfPackets;
++ iso_transfer = libusb_alloc_transfer((int)NumberOfPackets);
++ }
+
+ if (iso_transfer == NULL)
+ {
+- WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer.");
++ WLog_Print(urbdrc->log, WLOG_ERROR,
++ "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32
++ " ]",
++ NumberOfPackets, BufferSize);
+ async_transfer_user_data_free(user_data);
+ return -1;
+ }
diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index ece2f56..9da8b27 100644
--- a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -16,6 +16,8 @@
SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1"
SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
file://winpr-makecert-Build-with-install-RPATH.patch \
+ file://CVE-2022-39316.patch \
+ file://CVE-2022-39318-39319.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.0.2.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb
similarity index 77%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.0.2.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb
index 690b980..4daca65 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.0.2.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb
@@ -1,7 +1,7 @@
require python-django.inc
inherit setuptools3
-SRC_URI[sha256sum] = "110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a"
+SRC_URI[sha256sum] = "7efa6b1f781a6119a10ac94b4794ded90db8accbe7802281cd26f8664ffed59c"
RDEPENDS:${PN} += "\
${PYTHON_PN}-sqlparse \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
index 995f3b7..1c4279f 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb
@@ -12,6 +12,6 @@
inherit setuptools3
PIP_INSTALL_PACKAGE = "gcovr"
-RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments"
+RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
new file mode 100644
index 0000000..cc915f1
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
@@ -0,0 +1,175 @@
+From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Thu, 1 Jun 2023 14:56:34 +0000
+Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
+ decryption API (CVE-2020-25657)
+
+Fixes #282
+
+CVE: CVE-2020-25657
+
+Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
+ src/SWIG/_rsa.i | 20 ++++++++++++--------
+ tests/test_rsa.py | 15 +++++++--------
+ 3 files changed, 31 insertions(+), 24 deletions(-)
+
+diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
+index 3db88b9..6aafe1f 100644
+--- a/src/SWIG/_m2crypto_wrap.c
++++ b/src/SWIG/_m2crypto_wrap.c
+@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
+index bc714e0..1377b8b 100644
+--- a/src/SWIG/_rsa.i
++++ b/src/SWIG/_rsa.i
+@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
+ tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 7bb3af7..5e75d68 100644
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
+ # The other paddings.
+ for padding in self.s_padding_nok:
+ p = getattr(RSA, padding)
+- with self.assertRaises(RSA.RSAError):
+- priv.private_encrypt(self.data, p)
++ # Exception disabled as a part of mitigation against CVE-2020-25657
++ # with self.assertRaises(RSA.RSAError):
++ priv.private_encrypt(self.data, p)
+ # Type-check the data to be encrypted.
+ with self.assertRaises(TypeError):
+ priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
+ self.assertEqual(ptxt, self.data)
+
+ # no_padding
+- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+- priv.public_encrypt(self.data, RSA.no_padding)
++ # Exception disabled as a part of mitigation against CVE-2020-25657
++ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
++ priv.public_encrypt(self.data, RSA.no_padding)
+
+ # Type-check the data to be encrypted.
++ # Exception disabled as a part of mitigation against CVE-2020-25657
+ with self.assertRaises(TypeError):
+ priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
+
+@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
+ b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
+ with self.assertRaises(RSA.RSAError):
+ setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+- with self.assertRaises(RSA.RSAError):
+- rsa.private_encrypt(1)
+- with self.assertRaises(RSA.RSAError):
+- rsa.private_decrypt(1)
+ assert rsa.check_key()
+
+ def test_loadpub_bad(self):
+--
+2.40.0
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
index 51a0dd6..155a906 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb
@@ -10,6 +10,7 @@
file://cross-compile-platform.patch \
file://avoid-host-contamination.patch \
file://0001-setup.py-address-openssl-3.x-build-issue.patch \
+ file://CVE-2020-25657.patch \
"
SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
new file mode 100644
index 0000000..61551d8
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch
@@ -0,0 +1,231 @@
+From 5a56cdcbaec2153cd67596c6c2c8056e1ea5ed56 Mon Sep 17 00:00:00 2001
+From: David Lord <davidism@gmail.com>
+Date: Tue, 2 May 2023 11:31:10 +0000
+Subject: [PATCH] Merge pull request from GHSA-xg9f-g7g7-2323
+
+limit the maximum number of multipart form parts
+
+CVE: CVE-2023-25577
+
+Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ CHANGES.rst | 5 +++++
+ docs/request_data.rst | 37 +++++++++++++++++---------------
+ src/werkzeug/formparser.py | 12 ++++++++++-
+ src/werkzeug/sansio/multipart.py | 8 +++++++
+ src/werkzeug/wrappers/request.py | 8 +++++++
+ tests/test_formparser.py | 9 ++++++++
+ 6 files changed, 61 insertions(+), 18 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index a351d7c..6e809ba 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -1,5 +1,10 @@
+ .. currentmodule:: werkzeug
+
++- Specify a maximum number of multipart parts, default 1000, after which a
++ ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
++ attack where a larger number of form/file parts would result in disproportionate
++ resource use.
++
+ Version 2.1.1
+ -------------
+
+diff --git a/docs/request_data.rst b/docs/request_data.rst
+index 83c6278..e55841e 100644
+--- a/docs/request_data.rst
++++ b/docs/request_data.rst
+@@ -73,23 +73,26 @@ read the stream *or* call :meth:`~Request.get_data`.
+ Limiting Request Data
+ ---------------------
+
+-To avoid being the victim of a DDOS attack you can set the maximum
+-accepted content length and request field sizes. The :class:`Request`
+-class has two attributes for that: :attr:`~Request.max_content_length`
+-and :attr:`~Request.max_form_memory_size`.
+-
+-The first one can be used to limit the total content length. For example
+-by setting it to ``1024 * 1024 * 16`` the request won't accept more than
+-16MB of transmitted data.
+-
+-Because certain data can't be moved to the hard disk (regular post data)
+-whereas temporary files can, there is a second limit you can set. The
+-:attr:`~Request.max_form_memory_size` limits the size of `POST`
+-transmitted form data. By setting it to ``1024 * 1024 * 2`` you can make
+-sure that all in memory-stored fields are not more than 2MB in size.
+-
+-This however does *not* affect in-memory stored files if the
+-`stream_factory` used returns a in-memory file.
++The :class:`Request` class provides a few attributes to control how much data is
++processed from the request body. This can help mitigate DoS attacks that craft the
++request in such a way that the server uses too many resources to handle it. Each of
++these limits will raise a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` if they are
++exceeded.
++
++- :attr:`~Request.max_content_length` Stop reading request data after this number
++ of bytes. It's better to configure this in the WSGI server or HTTP server, rather
++ than the WSGI application.
++- :attr:`~Request.max_form_memory_size` Stop reading request data if any form part is
++ larger than this number of bytes. While file parts can be moved to disk, regular
++ form field data is stored in memory only.
++- :attr:`~Request.max_form_parts` Stop reading request data if more than this number
++ of parts are sent in multipart form data. This is useful to stop a very large number
++ of very small parts, especially file parts. The default is 1000.
++
++Using Werkzeug to set these limits is only one layer of protection. WSGI servers
++and HTTPS servers should set their own limits on size and timeouts. The operating system
++or container manager should set limits on memory and processing time for server
++processes.
+
+
+ How to extend Parsing?
+diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
+index 10d58ca..bebb2fc 100644
+--- a/src/werkzeug/formparser.py
++++ b/src/werkzeug/formparser.py
+@@ -179,6 +179,8 @@ class FormDataParser:
+ :param cls: an optional dict class to use. If this is not specified
+ or `None` the default :class:`MultiDict` is used.
+ :param silent: If set to False parsing errors will not be caught.
++ :param max_form_parts: The maximum number of parts to be parsed. If this is
++ exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
+ """
+
+ def __init__(
+@@ -190,6 +192,8 @@ class FormDataParser:
+ max_content_length: t.Optional[int] = None,
+ cls: t.Optional[t.Type[MultiDict]] = None,
+ silent: bool = True,
++ *,
++ max_form_parts: t.Optional[int] = None,
+ ) -> None:
+ if stream_factory is None:
+ stream_factory = default_stream_factory
+@@ -199,6 +203,7 @@ class FormDataParser:
+ self.errors = errors
+ self.max_form_memory_size = max_form_memory_size
+ self.max_content_length = max_content_length
++ self.max_form_parts = max_form_parts
+
+ if cls is None:
+ cls = MultiDict
+@@ -281,6 +286,7 @@ class FormDataParser:
+ self.errors,
+ max_form_memory_size=self.max_form_memory_size,
+ cls=self.cls,
++ max_form_parts=self.max_form_parts,
+ )
+ boundary = options.get("boundary", "").encode("ascii")
+
+@@ -346,10 +352,12 @@ class MultiPartParser:
+ max_form_memory_size: t.Optional[int] = None,
+ cls: t.Optional[t.Type[MultiDict]] = None,
+ buffer_size: int = 64 * 1024,
++ max_form_parts: t.Optional[int] = None,
+ ) -> None:
+ self.charset = charset
+ self.errors = errors
+ self.max_form_memory_size = max_form_memory_size
++ self.max_form_parts = max_form_parts
+
+ if stream_factory is None:
+ stream_factory = default_stream_factory
+@@ -409,7 +417,9 @@ class MultiPartParser:
+ [None],
+ )
+
+- parser = MultipartDecoder(boundary, self.max_form_memory_size)
++ parser = MultipartDecoder(
++ boundary, self.max_form_memory_size, max_parts=self.max_form_parts
++ )
+
+ fields = []
+ files = []
+diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py
+index 2d54422..e7d742b 100644
+--- a/src/werkzeug/sansio/multipart.py
++++ b/src/werkzeug/sansio/multipart.py
+@@ -83,10 +83,13 @@ class MultipartDecoder:
+ self,
+ boundary: bytes,
+ max_form_memory_size: Optional[int] = None,
++ *,
++ max_parts: Optional[int] = None,
+ ) -> None:
+ self.buffer = bytearray()
+ self.complete = False
+ self.max_form_memory_size = max_form_memory_size
++ self.max_parts = max_parts
+ self.state = State.PREAMBLE
+ self.boundary = boundary
+
+@@ -113,6 +116,7 @@ class MultipartDecoder:
+ % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
+ re.MULTILINE,
+ )
++ self._parts_decoded = 0
+
+ def last_newline(self) -> int:
+ try:
+@@ -177,6 +181,10 @@ class MultipartDecoder:
+ name=name,
+ )
+ self.state = State.DATA
++ self._parts_decoded += 1
++
++ if self.max_parts is not None and self._parts_decoded > self.max_parts:
++ raise RequestEntityTooLarge()
+
+ elif self.state == State.DATA:
+ if self.buffer.find(b"--" + self.boundary) == -1:
+diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
+index 57b739c..a6d5429 100644
+--- a/src/werkzeug/wrappers/request.py
++++ b/src/werkzeug/wrappers/request.py
+@@ -83,6 +83,13 @@ class Request(_SansIORequest):
+ #: .. versionadded:: 0.5
+ max_form_memory_size: t.Optional[int] = None
+
++ #: The maximum number of multipart parts to parse, passed to
++ #: :attr:`form_data_parser_class`. Parsing form data with more than this
++ #: many parts will raise :exc:`~.RequestEntityTooLarge`.
++ #:
++ #: .. versionadded:: 2.2.3
++ max_form_parts = 1000
++
+ #: The form data parser that should be used. Can be replaced to customize
+ #: the form date parsing.
+ form_data_parser_class: t.Type[FormDataParser] = FormDataParser
+@@ -246,6 +253,7 @@ class Request(_SansIORequest):
+ self.max_form_memory_size,
+ self.max_content_length,
+ self.parameter_storage_class,
++ max_form_parts=self.max_form_parts,
+ )
+
+ def _load_form_data(self) -> None:
+diff --git a/tests/test_formparser.py b/tests/test_formparser.py
+index 5fc803e..834324f 100644
+--- a/tests/test_formparser.py
++++ b/tests/test_formparser.py
+@@ -127,6 +127,15 @@ class TestFormParser:
+ req.max_form_memory_size = 400
+ assert req.form["foo"] == "Hello World"
+
++ req = Request.from_values(
++ input_stream=io.BytesIO(data),
++ content_length=len(data),
++ content_type="multipart/form-data; boundary=foo",
++ method="POST",
++ )
++ req.max_form_parts = 1
++ pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"])
++
+ def test_missing_multipart_boundary(self):
+ data = (
+ b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n"
+--
+2.40.0
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
index 476a3a5..324a4b7 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb
@@ -12,6 +12,8 @@
PYPI_PACKAGE = "Werkzeug"
+SRC_URI += "file://CVE-2023-25577.patch"
+
SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
new file mode 100644
index 0000000..996eabf
--- /dev/null
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch
@@ -0,0 +1,31 @@
+From 5c9257fa34335ff83f7c01581cf953111072a457 Mon Sep 17 00:00:00 2001
+From: Valeria Petrov <valeria.petrov@spinetix.com>
+Date: Tue, 18 Apr 2023 15:38:53 +0200
+Subject: [PATCH] * modules/mappers/config9.m4: Add 'server' directory to
+ include path if mod_rewrite is enabled.
+
+Upstream-Status: Accepted [https://svn.apache.org/viewvc?view=revision&revision=1909241]
+
+---
+ modules/mappers/config9.m4 | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/modules/mappers/config9.m4 b/modules/mappers/config9.m4
+index 55a97ab993..7120b729b7 100644
+--- a/modules/mappers/config9.m4
++++ b/modules/mappers/config9.m4
+@@ -14,6 +14,11 @@ APACHE_MODULE(userdir, mapping of requests to user-specific directories, , , mos
+ APACHE_MODULE(alias, mapping of requests to different filesystem parts, , , yes)
+ APACHE_MODULE(rewrite, rule based URL manipulation, , , most)
+
++if test "x$enable_rewrite" != "xno"; then
++ # mod_rewrite needs test_char.h
++ APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server])
++fi
++
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
+
+ APACHE_MODPATH_FINISH
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
similarity index 97%
rename from meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb
rename to meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
index 8b857d2..9ffdf32 100644
--- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.56.bb
+++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb
@@ -16,6 +16,7 @@
file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch \
+ file://0011-modules-mappers-config9.m4-Add-server-directory-to-i.patch \
"
SRC_URI:append:class-target = " \
@@ -27,7 +28,7 @@
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "d8d45f1398ba84edd05bb33ca7593ac2989b17cb9c7a0cafe5442d41afdb2d7c"
+SRC_URI[sha256sum] = "dbccb84aee95e095edfbb81e5eb926ccd24e6ada55dcd83caecb262e5cf94d2a"
S = "${WORKDIR}/httpd-${PV}"
diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
index 42cfcdd..3ae4385 100644
--- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
+++ b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi.bb
@@ -3,16 +3,17 @@
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
SRC_URI = " \
- file://99-com.rules \
+ git://github.com/RPi-Distro/raspberrypi-sys-mods;protocol=https;branch=master \
file://can.rules \
"
+SRCREV = "5ce3ef2b7f377c23fea440ca9df0e30f3f8447cf"
-S = "${WORKDIR}"
+S = "${WORKDIR}/git"
INHIBIT_DEFAULT_DEPS = "1"
do_install () {
install -d ${D}${sysconfdir}/udev/rules.d
- install -m 0644 ${WORKDIR}/99-com.rules ${D}${sysconfdir}/udev/rules.d/
+ install -m 0644 ${S}/etc.armhf/udev/rules.d/99-com.rules ${D}${sysconfdir}/udev/rules.d/
install -m 0644 ${WORKDIR}/can.rules ${D}${sysconfdir}/udev/rules.d/
}
diff --git a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules b/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules
deleted file mode 100644
index ddd1e17..0000000
--- a/meta-raspberrypi/recipes-core/udev/udev-rules-rpi/99-com.rules
+++ /dev/null
@@ -1,21 +0,0 @@
-KERNEL=="ttyAMA[01]", PROGRAM="/bin/sh -c '\
- ALIASES=/proc/device-tree/aliases; \
- if cmp -s $$ALIASES/uart0 $$ALIASES/serial0; then \
- echo 0;\
- elif cmp -s $$ALIASES/uart0 $$ALIASES/serial1; then \
- echo 1; \
- else \
- exit 1; \
- fi\
-'", SYMLINK+="serial%c"
-
-KERNEL=="ttyS0", PROGRAM="/bin/sh -c '\
- ALIASES=/proc/device-tree/aliases; \
- if cmp -s $$ALIASES/uart1 $$ALIASES/serial0; then \
- echo 0; \
- elif cmp -s $$ALIASES/uart1 $$ALIASES/serial1; then \
- echo 1; \
- else \
- exit 1; \
- fi \
-'", SYMLINK+="serial%c"
diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass
index 93f667d..e5946bc 100644
--- a/meta-security/classes/dm-verity-img.bbclass
+++ b/meta-security/classes/dm-verity-img.bbclass
@@ -63,7 +63,12 @@
veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity
}
-VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity"
+VERITY_TYPES = " \
+ ext2.verity ext3.verity ext4.verity \
+ btrfs.verity \
+ erofs.verity erofs-lz4.verity erofs-lz4hc.verity \
+ squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \
+"
IMAGE_TYPES += "${VERITY_TYPES}"
CONVERSIONTYPES += "verity"
CONVERSION_CMD:verity = "verity_setup ${type}"
@@ -90,6 +95,6 @@
# If we're using wic: we'll have to use partition images and not the rootfs
# source plugin so add the appropriate dependency.
if 'wic' in image_fstypes:
- dep = ' %s:do_image_%s' % (pn, verity_type)
+ dep = ' %s:do_image_%s' % (pn, verity_type.replace("-", "_"))
d.appendVarFlag('do_image_wic', 'depends', dep)
}
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb
similarity index 90%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb
index 8440bb9..9b76c2f 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.2.bb
@@ -10,7 +10,7 @@
file://fixup_hosttools.patch \
"
-SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912"
+SRC_URI[sha256sum] = "ba9e52117f254f357ff502e7d60fce652b3bfb26327d236bbf5ab634235e40f1"
inherit autotools pkgconfig systemd useradd
@@ -26,11 +26,6 @@
GROUPADD_PARAM:${PN} = "--system tss"
USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
-do_configure:prepend() {
- # do not extract the version number from git
- sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
-}
-
do_install:append() {
# Remove /run as it is created on startup
rm -rf ${D}/run
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb
index 046a3a0..896abfe 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb
@@ -101,6 +101,8 @@
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd
fi
+ chown root:root -R ${D}/${sysconfdir}/apparmor.d
+ chown root:root -R ${D}/${datadir}/apparmor
}
#Building ptest on arm fails.
diff --git a/poky/documentation/conf.py b/poky/documentation/conf.py
index 203b85d..5ff5ec8 100644
--- a/poky/documentation/conf.py
+++ b/poky/documentation/conf.py
@@ -90,7 +90,8 @@
# external links and substitutions
extlinks = {
- 'cve': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-'),
+ 'cve': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'),
+ 'cve_mitre': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-%s'),
'yocto_home': ('https://www.yoctoproject.org%s', None),
'yocto_wiki': ('https://wiki.yoctoproject.org/wiki%s', None),
'yocto_dl': ('https://downloads.yoctoproject.org%s', None),
diff --git a/poky/documentation/migration-guides/release-4.0.rst b/poky/documentation/migration-guides/release-4.0.rst
index 1fc74a0..05c2705 100644
--- a/poky/documentation/migration-guides/release-4.0.rst
+++ b/poky/documentation/migration-guides/release-4.0.rst
@@ -16,3 +16,4 @@
release-notes-4.0.7
release-notes-4.0.8
release-notes-4.0.9
+ release-notes-4.0.10
diff --git a/poky/documentation/migration-guides/release-notes-4.0.10.rst b/poky/documentation/migration-guides/release-notes-4.0.10.rst
new file mode 100644
index 0000000..f37c347
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.0.10.rst
@@ -0,0 +1,180 @@
+.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
+
+Release notes for Yocto-4.0.10 (Kirkstone)
+------------------------------------------
+
+Security Fixes in Yocto-4.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- binutils: Fix :cve:`2023-1579`, :cve:`2023-1972`, :cve_mitre:`2023-25584`, :cve_mitre:`2023-25585` and :cve_mitre:`2023-25588`
+- cargo : Ignore :cve:`2022-46176`
+- connman: Fix :cve:`2023-28488`
+- curl: Fix :cve:`2023-27533`, :cve:`2023-27534`, :cve:`2023-27535`, :cve:`2023-27536` and :cve:`2023-27538`
+- ffmpeg: Fix :cve:`2022-48434`
+- freetype: Fix :cve:`2023-2004`
+- ghostscript: Fix :cve_mitre:`2023-29979`
+- git: Fix :cve:`2023-25652` and :cve:`2023-29007`
+- go: Fix :cve:`2022-41722`, :cve:`2022-41724`, :cve:`2022-41725`, :cve:`2023-24534`, :cve:`2023-24537` and :cve:`2023-24538`
+- go: Ignore :cve:`2022-41716`
+- libxml2: Fix :cve:`2023-28484` and :cve:`2023-29469`
+- libxpm: Fix :cve:`2022-44617`, :cve:`2022-46285` and :cve:`2022-4883`
+- linux-yocto: Ignore :cve:`2021-3759`, :cve:`2021-4135`, :cve:`2021-4155`, :cve:`2022-0168`, :cve:`2022-0171`, :cve:`2022-1016`, :cve:`2022-1184`, :cve:`2022-1198`, :cve:`2022-1199`, :cve:`2022-1462`, :cve:`2022-1734`, :cve:`2022-1852`, :cve:`2022-1882`, :cve:`2022-1998`, :cve:`2022-2078`, :cve:`2022-2196`, :cve:`2022-2318`, :cve:`2022-2380`, :cve:`2022-2503`, :cve:`2022-26365`, :cve:`2022-2663`, :cve:`2022-2873`, :cve:`2022-2905`, :cve:`2022-2959`, :cve:`2022-3028`, :cve:`2022-3078`, :cve:`2022-3104`, :cve:`2022-3105`, :cve:`2022-3106`, :cve:`2022-3107`, :cve:`2022-3111`, :cve:`2022-3112`, :cve:`2022-3113`, :cve:`2022-3115`, :cve:`2022-3202`, :cve:`2022-32250`, :cve:`2022-32296`, :cve:`2022-32981`, :cve:`2022-3303`, :cve:`2022-33740`, :cve:`2022-33741`, :cve:`2022-33742`, :cve:`2022-33743`, :cve:`2022-33744`, :cve:`2022-33981`, :cve:`2022-3424`, :cve:`2022-3435`, :cve:`2022-34918`, :cve:`2022-3521`, :cve:`2022-3545`, :cve:`2022-3564`, :cve:`2022-3586`, :cve:`2022-3594`, :cve:`2022-36123`, :cve:`2022-3621`, :cve:`2022-3623`, :cve:`2022-3629`, :cve:`2022-3633`, :cve:`2022-3635`, :cve:`2022-3646`, :cve:`2022-3649`, :cve:`2022-36879`, :cve:`2022-36946`, :cve:`2022-3707`, :cve:`2022-39188`, :cve:`2022-39190`, :cve:`2022-39842`, :cve:`2022-40307`, :cve:`2022-40768`, :cve:`2022-4095`, :cve:`2022-41218`, :cve:`2022-4139`, :cve:`2022-41849`, :cve:`2022-41850`, :cve:`2022-41858`, :cve:`2022-42328`, :cve:`2022-42329`, :cve:`2022-42703`, :cve:`2022-42721`, :cve:`2022-42722`, :cve:`2022-42895`, :cve:`2022-4382`, :cve:`2022-4662`, :cve:`2022-47518`, :cve:`2022-47519`, :cve:`2022-47520`, :cve:`2022-47929`, :cve:`2023-0179`, :cve:`2023-0394`, :cve:`2023-0461`, :cve:`2023-0590`, :cve:`2023-1073`, :cve:`2023-1074`, :cve:`2023-1077`, :cve:`2023-1078`, :cve:`2023-1079`, :cve:`2023-1095`, :cve:`2023-1118`, :cve:`2023-1249`, :cve:`2023-1252`, :cve:`2023-1281`, :cve:`2023-1382`, :cve:`2023-1513`, :cve:`2023-1829`, :cve:`2023-1838`, :cve:`2023-1998`, :cve:`2023-2006`, :cve:`2023-2008`, :cve:`2023-2162`, :cve:`2023-2166`, :cve:`2023-2177`, :cve:`2023-22999`, :cve:`2023-23002`, :cve:`2023-23004`, :cve:`2023-23454`, :cve:`2023-23455`, :cve:`2023-23559`, :cve:`2023-25012`, :cve:`2023-26545`, :cve:`2023-28327` and :cve:`2023-28328`
+- nasm: Fix :cve:`2022-44370`
+- python3-cryptography: Fix :cve:`2023-23931`
+- qemu: Ignore :cve:`2023-0664`
+- ruby: Fix :cve:`2023-28755` and :cve:`2023-28756`
+- screen: Fix :cve:`2023-24626`
+- shadow: Fix :cve:`2023-29383`
+- tiff: Fix :cve:`2022-4645`
+- webkitgtk: Fix :cve:`2022-32888` and :cve:`2022-32923`
+- xserver-xorg: Fix :cve:`2023-1393`
+
+
+Fixes in Yocto-4.0.10
+~~~~~~~~~~~~~~~~~~~~~
+
+- bitbake: bin/utils: Ensure locale en_US.UTF-8 is available on the system
+- build-appliance-image: Update to kirkstone head revision
+- cmake: add CMAKE_SYSROOT to generated toolchain file
+- glibc: stable 2.35 branch updates.
+- kernel-devsrc: depend on python3-core instead of python3
+- kernel: improve initramfs bundle processing time
+- libarchive: Enable acls, xattr for native as well as target
+- libbsd: Add correct license for all packages
+- libpam: Fix the xtests/tst-pam_motd[1|3] failures
+- libxpm: upgrade to 3.5.15
+- linux-firmware: upgrade to 20230404
+- linux-yocto/5.15: upgrade to v5.15.108
+- migration-guides: add release-notes for 4.0.9
+- oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
+- openssl: Move microblaze to linux-latomic config
+- package.bbclass: correct check for /build in copydebugsources()
+- poky.conf: bump version for 4.0.10
+- populate_sdk_base: add zip options
+- populate_sdk_ext.bbclass: set :term:`METADATA_REVISION` with an :term:`DISTRO` override
+- run-postinsts: Set dependency for ldconfig to avoid boot issues
+- update-alternatives.bbclass: fix old override syntax
+- wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
+- wpebackend-fdo: upgrade to 1.14.2
+- xorg-lib-common: Add variable to set tarball type
+- xserver-xorg: upgrade to 21.1.8
+
+
+Known Issues in Yocto-4.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- N/A
+
+
+Contributors to Yocto-4.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Archana Polampalli
+- Arturo Buzarra
+- Bruce Ashfield
+- Christoph Lauer
+- Deepthi Hemraj
+- Dmitry Baryshkov
+- Frank de Brabander
+- Hitendra Prajapati
+- Joe Slater
+- Kai Kang
+- Kyle Russell
+- Lee Chee Yang
+- Mark Hatle
+- Martin Jansa
+- Mingli Yu
+- Narpat Mali
+- Pascal Bach
+- Pawan Badganchi
+- Peter Bergin
+- Peter Marko
+- Piotr Łobacz
+- Randolph Sapp
+- Ranjitsinh Rathod
+- Ross Burton
+- Shubham Kulkarni
+- Siddharth Doshi
+- Steve Sakoman
+- Sundeep KOKKONDA
+- Thomas Roos
+- Virendra Thakur
+- Vivek Kumbhar
+- Wang Mingyu
+- Xiangyu Chen
+- Yash Shinde
+- Yoann Congal
+- Yogita Urade
+- Zhixiong Chi
+
+
+Repositories / Downloads for Yocto-4.0.10
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+poky
+
+- Repository Location: :yocto_git:`/poky`
+- Branch: :yocto_git:`kirkstone </poky/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.10 </poky/log/?h=yocto-4.0.10>`
+- Git Revision: :yocto_git:`f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f </poky/commit/?id=f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f>`
+- Release Artefact: poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f
+- sha: 8820aeac857ce6bbd1c7ef26cadbb86eca02be93deded253b4a5f07ddd69255d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/poky-f53ab3a2ff206a130cdc843839dd0ea5ec4ad02f.tar.bz2
+
+openembedded-core
+
+- Repository Location: :oe_git:`/openembedded-core`
+- Branch: :oe_git:`kirkstone </openembedded-core/log/?h=kirkstone>`
+- Tag: :oe_git:`yocto-4.0.10 </openembedded-core/log/?h=yocto-4.0.10>`
+- Git Revision: :oe_git:`d2713785f9cd2d58731df877bc8b7bcc71b6c8e6 </openembedded-core/commit/?id=d2713785f9cd2d58731df877bc8b7bcc71b6c8e6>`
+- Release Artefact: oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6
+- sha: 78e084a1aceaaa6ec022702f29f80eaffade3159e9c42b6b8985c1b7ddd2fbab
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/oecore-d2713785f9cd2d58731df877bc8b7bcc71b6c8e6.tar.bz2
+
+meta-mingw
+
+- Repository Location: :yocto_git:`/meta-mingw`
+- Branch: :yocto_git:`kirkstone </meta-mingw/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.10 </meta-mingw/log/?h=yocto-4.0.10>`
+- Git Revision: :yocto_git:`a90614a6498c3345704e9611f2842eb933dc51c1 </meta-mingw/commit/?id=a90614a6498c3345704e9611f2842eb933dc51c1>`
+- Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1
+- sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1.tar.bz2
+
+meta-gplv2
+
+- Repository Location: :yocto_git:`/meta-gplv2`
+- Branch: :yocto_git:`kirkstone </meta-gplv2/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.10 </meta-gplv2/log/?h=yocto-4.0.10>`
+- Git Revision: :yocto_git:`d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a </meta-gplv2/commit/?id=d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a>`
+- Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a
+- sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a.tar.bz2
+
+bitbake
+
+- Repository Location: :oe_git:`/bitbake`
+- Branch: :oe_git:`2.0 </bitbake/log/?h=2.0>`
+- Tag: :oe_git:`yocto-4.0.10 </bitbake/log/?h=yocto-4.0.10>`
+- Git Revision: :oe_git:`0c6f86b60cfba67c20733516957c0a654eb2b44c </bitbake/commit/?id=0c6f86b60cfba67c20733516957c0a654eb2b44c>`
+- Release Artefact: bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c
+- sha: 4caa94ee4d644017b0cc51b702e330191677f7d179018cbcec8b1793949ebc74
+- Download Locations:
+ http://downloads.yoctoproject.org/releases/yocto/yocto-4.0.10/bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c.tar.bz2
+ http://mirrors.kernel.org/yocto/yocto/yocto-4.0.10/bitbake-0c6f86b60cfba67c20733516957c0a654eb2b44c.tar.bz2
+
+yocto-docs
+
+- Repository Location: :yocto_git:`/yocto-docs`
+- Branch: :yocto_git:`kirkstone </yocto-docs/log/?h=kirkstone>`
+- Tag: :yocto_git:`yocto-4.0.10 </yocto-docs/log/?h=yocto-4.0.10>`
+- Git Revision: :yocto_git:`8388be749806bd0bf4fccf1005dae8f643aa4ef4 </yocto-docs/commit/?id=8388be749806bd0bf4fccf1005dae8f643aa4ef4>`
+
diff --git a/poky/documentation/migration-guides/release-notes-4.0.7.rst b/poky/documentation/migration-guides/release-notes-4.0.7.rst
index 9e8ad51..95f5b6a 100644
--- a/poky/documentation/migration-guides/release-notes-4.0.7.rst
+++ b/poky/documentation/migration-guides/release-notes-4.0.7.rst
@@ -7,7 +7,7 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- binutils: Fix :cve:`2022-4285`
-- curl: Fix :cve:`2022-43551` and `CVE-2022-43552 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552>`__
+- curl: Fix :cve:`2022-43551` and :cve_mitre:`2022-43552`
- ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341`
- go: Fix :cve:`2022-41715` and :cve:`2022-41717`
- libX11: Fix :cve:`2022-3554` and :cve:`2022-3555`
@@ -24,7 +24,7 @@
- sqlite: Fix :cve:`2022-46908`
- systemd: Fix :cve:`2022-45873`
- vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088`
-- webkitgtk: Fix :cve:`2022-32886`, `CVE-2022-32891 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891>`__ and :cve:`2022-32912`
+- webkitgtk: Fix :cve:`2022-32886`, :cve_mitre:`2022-32891`
Fixes in Yocto-4.0.7
diff --git a/poky/documentation/overview-manual/concepts.rst b/poky/documentation/overview-manual/concepts.rst
index 065d958..2631e41 100644
--- a/poky/documentation/overview-manual/concepts.rst
+++ b/poky/documentation/overview-manual/concepts.rst
@@ -1982,7 +1982,7 @@
task hash, and BitBake will be able to retrieve their output from
the Shared State cache, instead of re-executing them. Similarly, the
output of further downstream tasks can also be retrieved from Shared
-Shate.
+State.
If the output hash is unknown, a new entry will be created on the Hash
Equivalence server, matching the task hash to that output.
diff --git a/poky/meta-poky/conf/distro/poky.conf b/poky/meta-poky/conf/distro/poky.conf
index f265162..c07df14 100644
--- a/poky/meta-poky/conf/distro/poky.conf
+++ b/poky/meta-poky/conf/distro/poky.conf
@@ -1,7 +1,7 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
#DISTRO_VERSION = "3.4+snapshot-${METADATA_REVISION}"
-DISTRO_VERSION = "4.0.9"
+DISTRO_VERSION = "4.0.10"
DISTRO_CODENAME = "kirkstone"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
diff --git a/poky/meta/classes/cmake.bbclass b/poky/meta/classes/cmake.bbclass
index d9bcddb..7ec6ca5 100644
--- a/poky/meta/classes/cmake.bbclass
+++ b/poky/meta/classes/cmake.bbclass
@@ -85,9 +85,12 @@
return "ppc64"
return host_arch
+
cmake_do_generate_toolchain_file() {
if [ "${BUILD_SYS}" = "${HOST_SYS}" ]; then
cmake_crosscompiling="set( CMAKE_CROSSCOMPILING FALSE )"
+ else
+ cmake_sysroot="set( CMAKE_SYSROOT \"${RECIPE_SYSROOT}\" )"
fi
cat > ${WORKDIR}/toolchain.cmake <<EOF
# CMake system name must be something like "Linux".
@@ -120,6 +123,8 @@
set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
set( CMAKE_PROGRAM_PATH "/" )
+$cmake_sysroot
+
# Use qt.conf settings
set( ENV{QT_CONF_PATH} ${WORKDIR}/qt.conf )
diff --git a/poky/meta/classes/kernel-devicetree.bbclass b/poky/meta/classes/kernel-devicetree.bbclass
index b4338da..18ab6b4 100644
--- a/poky/meta/classes/kernel-devicetree.bbclass
+++ b/poky/meta/classes/kernel-devicetree.bbclass
@@ -6,7 +6,12 @@
d.appendVar("PACKAGES", " ${KERNEL_PACKAGE_NAME}-image-zimage-bundle")
}
-FILES:${KERNEL_PACKAGE_NAME}-devicetree = "/${KERNEL_IMAGEDEST}/*.dtb /${KERNEL_IMAGEDEST}/*.dtbo"
+# recursivly search for devicetree files
+FILES:${KERNEL_PACKAGE_NAME}-devicetree = " \
+ /${KERNEL_DTBDEST}/**/*.dtb \
+ /${KERNEL_DTBDEST}/**/*.dtbo \
+"
+
FILES:${KERNEL_PACKAGE_NAME}-image-zimage-bundle = "/${KERNEL_IMAGEDEST}/zImage-*.dtb.bin"
# Generate kernel+devicetree bundle
@@ -67,12 +72,16 @@
}
do_install:append() {
+ install -d ${D}/${KERNEL_DTBDEST}
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
- dtb_ext=${dtb##*.}
- dtb_base_name=`basename $dtb .$dtb_ext`
dtb_path=`get_real_dtb_path_in_kernel "$dtb"`
- install -m 0644 $dtb_path ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext
+ if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
+ dtb_ext=${dtb##*.}
+ dtb_base_name=`basename $dtb .$dtb_ext`
+ dtb=$dtb_base_name.$dtb_ext
+ fi
+ install -Dm 0644 $dtb_path ${D}/${KERNEL_DTBDEST}/$dtb
done
}
@@ -82,7 +91,10 @@
dtb_ext=${dtb##*.}
dtb_base_name=`basename $dtb .$dtb_ext`
install -d $deployDir
- install -m 0644 ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
+ if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
+ dtb=$dtb_base_name.$dtb_ext
+ fi
+ install -m 0644 ${D}/${KERNEL_DTBDEST}/$dtb $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
if [ "${KERNEL_IMAGETYPE_SYMLINK}" = "1" ] ; then
ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name.$dtb_ext
fi
diff --git a/poky/meta/classes/kernel.bbclass b/poky/meta/classes/kernel.bbclass
index b315737..3d5422b 100644
--- a/poky/meta/classes/kernel.bbclass
+++ b/poky/meta/classes/kernel.bbclass
@@ -210,6 +210,8 @@
# The directory where built kernel lies in the kernel tree
KERNEL_OUTPUT_DIR ?= "arch/${ARCH}/boot"
KERNEL_IMAGEDEST ?= "boot"
+KERNEL_DTBDEST ?= "${KERNEL_IMAGEDEST}"
+KERNEL_DTBVENDORED ?= "0"
#
# configuration
@@ -377,7 +379,7 @@
use_alternate_initrd=CONFIG_INITRAMFS_SOURCE=${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio
fi
for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
- oe_runmake ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd
+ oe_runmake ${PARALLEL_MAKE} ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd
done
}
diff --git a/poky/meta/classes/license.bbclass b/poky/meta/classes/license.bbclass
index 4ebfc4f..b92838c 100644
--- a/poky/meta/classes/license.bbclass
+++ b/poky/meta/classes/license.bbclass
@@ -223,7 +223,7 @@
bb.fatal('%s: %s' % (d.getVar('PF'), exc))
except SyntaxError:
oe.qa.handle_error("license-syntax",
- "%s: Failed to parse it's LICENSE field." % (d.getVar('PF')), d)
+ "%s: Failed to parse LICENSE: %s" % (d.getVar('PF'), d.getVar('LICENSE')), d)
# Add files from LIC_FILES_CHKSUM to list of license files
lic_chksum_paths = defaultdict(OrderedDict)
for path, data in sorted(lic_chksums.items()):
diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass
index 67acc27..fed2f55 100644
--- a/poky/meta/classes/package.bbclass
+++ b/poky/meta/classes/package.bbclass
@@ -262,7 +262,7 @@
f = '.' + f
if not f.startswith("./"):
f = './' + f
- globbed = glob.glob(f)
+ globbed = glob.glob(f, recursive=True)
if globbed:
if [ f ] != globbed:
files += globbed
diff --git a/poky/meta/classes/populate_sdk_base.bbclass b/poky/meta/classes/populate_sdk_base.bbclass
index 16f929b..fb00460 100644
--- a/poky/meta/classes/populate_sdk_base.bbclass
+++ b/poky/meta/classes/populate_sdk_base.bbclass
@@ -53,6 +53,8 @@
SDK_ARCHIVE_TYPE ?= "tar.xz"
SDK_XZ_COMPRESSION_LEVEL ?= "-9"
SDK_XZ_OPTIONS ?= "${XZ_DEFAULTS} ${SDK_XZ_COMPRESSION_LEVEL}"
+SDK_ZIP_OPTIONS ?= "-y"
+
# To support different sdk type according to SDK_ARCHIVE_TYPE, now support zip and tar.xz
python () {
@@ -60,7 +62,7 @@
d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native')
# SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR}
# recommand to cd into input dir first to avoid archive with buildpath
- d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .')
+ d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDK_ZIP_OPTIONS} ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .')
else:
d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native')
d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}')
diff --git a/poky/meta/classes/populate_sdk_ext.bbclass b/poky/meta/classes/populate_sdk_ext.bbclass
index a673af7..ca1b775 100644
--- a/poky/meta/classes/populate_sdk_ext.bbclass
+++ b/poky/meta/classes/populate_sdk_ext.bbclass
@@ -363,7 +363,8 @@
f.write('BUILDCFG_HEADER = ""\n\n')
# Write METADATA_REVISION
- f.write('METADATA_REVISION = "%s"\n\n' % d.getVar('METADATA_REVISION'))
+ # Needs distro override so it can override the value set in the bbclass code (later than local.conf)
+ f.write('METADATA_REVISION:%s = "%s"\n\n' % (d.getVar('DISTRO'), d.getVar('METADATA_REVISION')))
f.write('# Provide a flag to indicate we are in the EXT_SDK Context\n')
f.write('WITHIN_EXT_SDK = "1"\n\n')
diff --git a/poky/meta/classes/update-alternatives.bbclass b/poky/meta/classes/update-alternatives.bbclass
index 7581a70..2804299 100644
--- a/poky/meta/classes/update-alternatives.bbclass
+++ b/poky/meta/classes/update-alternatives.bbclass
@@ -80,10 +80,10 @@
for p in pkgs:
for v in vars:
- for flag in sorted((d.getVarFlags("%s_%s" % (v,p)) or {}).keys()):
+ for flag in sorted((d.getVarFlags("%s:%s" % (v,p)) or {}).keys()):
if flag == "doc" or flag == "vardeps" or flag == "vardepsexp":
continue
- d.appendVar('%s_VARDEPS_%s' % (v,p), ' %s:%s' % (flag, d.getVarFlag('%s_%s' % (v,p), flag, False)))
+ d.appendVar('%s_VARDEPS_%s' % (v,p), ' %s:%s' % (flag, d.getVarFlag('%s:%s' % (v,p), flag, False)))
def ua_extend_depends(d):
if not 'virtual/update-alternatives' in d.getVar('PROVIDES'):
diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc
index 4778b1e..19bc297 100644
--- a/poky/meta/conf/distro/include/maintainers.inc
+++ b/poky/meta/conf/distro/include/maintainers.inc
@@ -280,7 +280,7 @@
RECIPE_MAINTAINER:pn-iproute2 = "Changhyeok Bae <changhyeok.bae@gmail.com>"
RECIPE_MAINTAINER:pn-iptables = "Changhyeok Bae <changhyeok.bae@gmail.com>"
RECIPE_MAINTAINER:pn-iputils = "Changhyeok Bae <changhyeok.bae@gmail.com>"
-RECIPE_MAINTAINER:pn-iso-codes = "Wang Mingyu <wangmy@cn.ujitsu.com>"
+RECIPE_MAINTAINER:pn-iso-codes = "Wang Mingyu <wangmy@cn.fujitsu.com>"
RECIPE_MAINTAINER:pn-itstool = "Andreas Müller <schnitzeltony@gmail.com>"
RECIPE_MAINTAINER:pn-iw = "Changhyeok Bae <changhyeok.bae@gmail.com>"
RECIPE_MAINTAINER:pn-libjpeg-turbo = "Anuj Mittal <anuj.mittal@intel.com>"
@@ -700,7 +700,7 @@
RECIPE_MAINTAINER:pn-quota = "Anuj Mittal <anuj.mittal@intel.com>"
RECIPE_MAINTAINER:pn-re2c = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-readline = "Hongxu Jia <hongxu.jia@windriver.com>"
-RECIPE_MAINTAINER:pn-repo = "Jasper Orschulko <Jasper.Orschulko@iris-sensing.com>"
+RECIPE_MAINTAINER:pn-repo = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi <Qi.Chen@windriver.com>"
RECIPE_MAINTAINER:pn-rgb = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia <hongxu.jia@windriver.com>"
diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc
index 8a5cab5..ad4816a 100644
--- a/poky/meta/conf/distro/include/yocto-uninative.inc
+++ b/poky/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
#
UNINATIVE_MAXGLIBCVERSION = "2.37"
-UNINATIVE_VERSION = "3.9"
+UNINATIVE_VERSION = "4.0"
UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "de35708c95c34573af140da910132c3291ba4fd26ebf7b74b755ada432cdf07b"
-UNINATIVE_CHECKSUM[i686] ?= "adac07b08adb88eb26fc7fd87fee0cec9d5be167bf7c5ffd3a549a2a6699c29c"
-UNINATIVE_CHECKSUM[x86_64] ?= "3dd82c3fbdb59e87bf091c3eef555a05fae528eeda3083828f76cd4deaceca8b"
+UNINATIVE_CHECKSUM[aarch64] ?= "7baa8418a302df52e00916193b0a04f318356d9d2670c9a2bce3e966efefd738"
+UNINATIVE_CHECKSUM[i686] ?= "83114d36883d43a521e280742b9849bf85d039b2f83d8e21d480659babe75ee8"
+UNINATIVE_CHECKSUM[x86_64] ?= "fd75b2a1a67a10f6b7d65afb7d0f3e71a63b0038e428f34dfe420bb37716558a"
diff --git a/poky/meta/lib/oe/package_manager/ipk/__init__.py b/poky/meta/lib/oe/package_manager/ipk/__init__.py
index 9f60f3a..fd61340 100644
--- a/poky/meta/lib/oe/package_manager/ipk/__init__.py
+++ b/poky/meta/lib/oe/package_manager/ipk/__init__.py
@@ -245,7 +245,7 @@
"""
if (self.d.getVar('FEED_DEPLOYDIR_BASE_URI') or "") != "":
for arch in self.pkg_archs.split():
- cfg_file_name = os.path.join(self.target_rootfs,
+ cfg_file_name = oe.path.join(self.target_rootfs,
self.d.getVar("sysconfdir"),
"opkg",
"local-%s-feed.conf" % arch)
diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
index 5042c11..2c9bc0b 100644
--- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -149,7 +149,7 @@
def setUpLocal(self):
super().setUpLocal()
- needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS']
+ needed_vars = ['TOPDIR', 'TARGET_PREFIX', 'BB_NUMBER_THREADS', 'BB_HASHSERVE']
bb_vars = get_bb_vars(needed_vars)
for v in needed_vars:
setattr(self, v.lower(), bb_vars[v])
@@ -223,7 +223,7 @@
# mirror, forcing a complete build from scratch
config += textwrap.dedent('''\
SSTATE_DIR = "${TMPDIR}/sstate"
- SSTATE_MIRRORS = ""
+ SSTATE_MIRRORS = "file://.*/.*-native.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH file://.*/.*-cross.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH"
''')
self.logger.info("Building %s (sstate%s allowed)..." % (name, '' if use_sstate else ' NOT'))
diff --git a/poky/meta/lib/oeqa/utils/metadata.py b/poky/meta/lib/oeqa/utils/metadata.py
index 8013aa6..15ec190 100644
--- a/poky/meta/lib/oeqa/utils/metadata.py
+++ b/poky/meta/lib/oeqa/utils/metadata.py
@@ -27,9 +27,9 @@
data_dict = get_bb_vars()
# Distro information
- info_dict['distro'] = {'id': data_dict['DISTRO'],
- 'version_id': data_dict['DISTRO_VERSION'],
- 'pretty_name': '%s %s' % (data_dict['DISTRO'], data_dict['DISTRO_VERSION'])}
+ info_dict['distro'] = {'id': data_dict.get('DISTRO', 'NODISTRO'),
+ 'version_id': data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'),
+ 'pretty_name': '%s %s' % (data_dict.get('DISTRO', 'NODISTRO'), data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'))}
# Host distro information
os_release = get_os_release()
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 9bb5e58..b5c966c 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -83,7 +83,6 @@
do_install() {
autotools_do_install
rm -rf ${D}/run
- rm -rf ${D}${datadir}/dbus-1/interfaces
test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
rm -rf ${D}${libdir}/avahi
@@ -135,7 +134,7 @@
${sysconfdir}/avahi/services \
${sysconfdir}/dbus-1 \
${sysconfdir}/init.d/avahi-daemon \
- ${datadir}/avahi/introspection/*.introspect \
+ ${datadir}/dbus-1/interfaces \
${datadir}/avahi/avahi-service.dtd \
${datadir}/avahi/service-types \
${datadir}/dbus-1/system-services"
diff --git a/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch b/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
new file mode 100644
index 0000000..a6cabdf
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
@@ -0,0 +1,60 @@
+From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Tue, 11 Apr 2023 08:12:56 +0200
+Subject: gdhcp: Verify and sanitize packet length first
+
+Avoid overwriting the read packet length after the initial test. Thus
+move all the length checks which depends on the total length first
+and do not use the total lenght from the IP packet afterwards.
+
+Reported by Polina Smirnova <moe.hwr@gmail.com>
+
+CVE: CVE-2023-28488
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ gdhcp/client.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index 3016dfc..28fa606 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes)
+ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ struct sockaddr_in *dst_addr)
+ {
+- int bytes;
+ struct ip_udp_dhcp_packet packet;
+ uint16_t check;
++ int bytes, tot_len;
+
+ memset(&packet, 0, sizeof(packet));
+
+@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd,
+ if (bytes < 0)
+ return -1;
+
+- if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
+- return -1;
+-
+- if (bytes < ntohs(packet.ip.tot_len))
++ tot_len = ntohs(packet.ip.tot_len);
++ if (bytes > tot_len) {
++ /* ignore any extra garbage bytes */
++ bytes = tot_len;
++ } else if (bytes < tot_len) {
+ /* packet is bigger than sizeof(packet), we did partial read */
+ return -1;
++ }
+
+- /* ignore any extra garbage bytes */
+- bytes = ntohs(packet.ip.tot_len);
++ if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp)))
++ return -1;
+
+ if (!sanity_check(&packet, bytes))
+ return -1;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.41.bb b/poky/meta/recipes-connectivity/connman/connman_1.41.bb
index 79542b2..27b28be 100644
--- a/poky/meta/recipes-connectivity/connman/connman_1.41.bb
+++ b/poky/meta/recipes-connectivity/connman/connman_1.41.bb
@@ -8,6 +8,7 @@
file://CVE-2022-32293_p1.patch \
file://CVE-2022-32293_p2.patch \
file://CVE-2022-32292.patch \
+ file://CVE-2023-28488.patch \
"
SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
index 579fa95..21b2eeb 100644
--- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
+++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -9,9 +9,7 @@
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d148485768fe85b9f1072b186a7e9b4d"
-UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/"
-
-SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
+SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=dhcpcd-9 \
file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \
@@ -22,7 +20,8 @@
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
"
-SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c"
+SRCREV = "3c458fc7fa4146029a1e4f9e98cd7e7adf03081a"
+S = "${WORKDIR}/git"
inherit pkgconfig autotools-brokensep systemd useradd
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
new file mode 100644
index 0000000..ebdff1f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
@@ -0,0 +1,984 @@
+From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Fri, 24 Mar 2023 13:56:25 +1100
+Subject: [PATCH] remove support for old libcrypto
+
+OpenSSH now requires LibreSSL 3.1.0 or greater or
+OpenSSL 1.1.1 or greater
+
+with/ok dtucker@
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
+Comment: Hunk are refreshed, removed couple of hunks from configure.ac as hunk code is not prasent
+and backported to the existing code.
+Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
+
+---
+ .github/workflows/c-cpp.yml | 7 -
+ INSTALL | 8 +-
+ cipher-aes.c | 2 +-
+ configure.ac | 96 ++---
+ openbsd-compat/libressl-api-compat.c | 556 +--------------------------
+ openbsd-compat/openssl-compat.h | 151 +-------
+ 6 files changed, 40 insertions(+), 780 deletions(-)
+
+diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
+index 3d9aa22dba5..d299a32468d 100644
+--- a/.github/workflows/c-cpp.yml
++++ b/.github/workflows/c-cpp.yml
+@@ -40,18 +40,11 @@
+ - { os: ubuntu-20.04, configs: tcmalloc }
+ - { os: ubuntu-20.04, configs: musl }
+ - { os: ubuntu-latest, configs: libressl-master }
+- - { os: ubuntu-latest, configs: libressl-2.2.9 }
+- - { os: ubuntu-latest, configs: libressl-2.8.3 }
+- - { os: ubuntu-latest, configs: libressl-3.0.2 }
+ - { os: ubuntu-latest, configs: libressl-3.2.6 }
+ - { os: ubuntu-latest, configs: libressl-3.3.4 }
+ - { os: ubuntu-latest, configs: libressl-3.4.1 }
+ - { os: ubuntu-latest, configs: openssl-master }
+ - { os: ubuntu-latest, configs: openssl-noec }
+- - { os: ubuntu-latest, configs: openssl-1.0.1 }
+- - { os: ubuntu-latest, configs: openssl-1.0.1u }
+- - { os: ubuntu-latest, configs: openssl-1.0.2u }
+- - { os: ubuntu-latest, configs: openssl-1.1.0h }
+ - { os: ubuntu-latest, configs: openssl-1.1.1 }
+ - { os: ubuntu-latest, configs: openssl-1.1.1k }
+ - { os: ubuntu-latest, configs: openssl-3.0.0 }
+diff --git a/INSTALL b/INSTALL
+index 68b15e13190..f99d1e2a809 100644
+--- a/INSTALL
++++ b/INSTALL
+@@ -21,12 +21,8 @@ https://zlib.net/
+
+ libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
+ is supported but severely restricts the available ciphers and algorithms.
+- - LibreSSL (https://www.libressl.org/)
+- - OpenSSL (https://www.openssl.org) with any of the following versions:
+- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
+-
+-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
+-1.1.0g can't be used.
++ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
++ - OpenSSL (https://www.openssl.org) 1.1.1 or greater
+
+ LibreSSL/OpenSSL should be compiled as a position-independent library
+ (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
+diff --git a/cipher-aes.c b/cipher-aes.c
+index 8b101727284..87c763353d8 100644
+--- a/cipher-aes.c
++++ b/cipher-aes.c
+@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+
+ static int
+ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+- LIBCRYPTO_EVP_INL_TYPE len)
++ size_t len)
+ {
+ struct ssh_rijndael_ctx *c;
+ u_char buf[RIJNDAEL_BLOCKSIZE];
+diff --git a/configure.ac b/configure.ac
+index 22fee70f604..1c0ccdf19c5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2744,42 +2744,40 @@
+ #include <openssl/crypto.h>
+ #define DATA "conftest.ssllibver"
+ ]], [[
+- FILE *fd;
+- int rc;
++ FILE *f;
+
+- fd = fopen(DATA,"w");
+- if(fd == NULL)
++ if ((f = fopen(DATA, "w")) == NULL)
+ exit(1);
+-#ifndef OPENSSL_VERSION
+-# define OPENSSL_VERSION SSLEAY_VERSION
+-#endif
+-#ifndef HAVE_OPENSSL_VERSION
+-# define OpenSSL_version SSLeay_version
+-#endif
+-#ifndef HAVE_OPENSSL_VERSION_NUM
+-# define OpenSSL_version_num SSLeay
+-#endif
+- if ((rc = fprintf(fd, "%08lx (%s)\n",
++ if (fprintf(f, "%08lx (%s)",
+ (unsigned long)OpenSSL_version_num(),
+- OpenSSL_version(OPENSSL_VERSION))) < 0)
++ OpenSSL_version(OPENSSL_VERSION)) < 0)
++ exit(1);
++#ifdef LIBRESSL_VERSION_NUMBER
++ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
++ exit(1);
++#endif
++ if (fputc('\n', f) == EOF || fclose(f) == EOF)
+ exit(1);
+-
+ exit(0);
+ ]])],
+ [
+- ssl_library_ver=`cat conftest.ssllibver`
++ sslver=`cat conftest.ssllibver`
++ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
+ # Check version is supported.
+- case "$ssl_library_ver" in
+- 10000*|0*)
+- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
+- ;;
+- 100*) ;; # 1.0.x
+- 101000[[0123456]]*)
+- # https://github.com/openssl/openssl/pull/4613
+- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
++ case "$sslver" in
++ 100*|10100*) # 1.0.x, 1.1.0x
++ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
+ ;;
+ 101*) ;; # 1.1.x
+- 200*) ;; # LibreSSL
++ 200*) # LibreSSL
++ lver=`echo "$sslver" | sed 's/.*libressl-//'`
++ case "$lver" in
++ 2*|300*) # 2.x, 3.0.0
++ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
++ ;;
++ *) ;; # Assume all other versions are good.
++ esac
++ ;;
+ 300*) ;; # OpenSSL 3
+ 301*) ;; # OpenSSL development branch.
+ *)
+@@ -2781,10 +2781,10 @@
+ 300*) ;; # OpenSSL 3
+ 301*) ;; # OpenSSL development branch.
+ *)
+- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
++ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
+ ;;
+ esac
+- AC_MSG_RESULT([$ssl_library_ver])
++ AC_MSG_RESULT([$ssl_showver])
+ ],
+ [
+ AC_MSG_RESULT([not found])
+@@ -2804,9 +2804,6 @@
+ #include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
+ ]], [[
+-#ifndef HAVE_OPENSSL_VERSION_NUM
+-# define OpenSSL_version_num SSLeay
+-#endif
+ exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
+ ]])],
+ [
+@@ -2881,44 +2878,13 @@
+ )
+ )
+
+- # LibreSSL/OpenSSL 1.1x API
++ # LibreSSL/OpenSSL API differences
+ AC_CHECK_FUNCS([ \
+- OPENSSL_init_crypto \
+- DH_get0_key \
+- DH_get0_pqg \
+- DH_set0_key \
+- DH_set_length \
+- DH_set0_pqg \
+- DSA_get0_key \
+- DSA_get0_pqg \
+- DSA_set0_key \
+- DSA_set0_pqg \
+- DSA_SIG_get0 \
+- DSA_SIG_set0 \
+- ECDSA_SIG_get0 \
+- ECDSA_SIG_set0 \
+ EVP_CIPHER_CTX_iv \
+ EVP_CIPHER_CTX_iv_noconst \
+ EVP_CIPHER_CTX_get_iv \
+ EVP_CIPHER_CTX_get_updated_iv \
+ EVP_CIPHER_CTX_set_iv \
+- RSA_get0_crt_params \
+- RSA_get0_factors \
+- RSA_get0_key \
+- RSA_set0_crt_params \
+- RSA_set0_factors \
+- RSA_set0_key \
+- RSA_meth_free \
+- RSA_meth_dup \
+- RSA_meth_set1_name \
+- RSA_meth_get_finish \
+- RSA_meth_set_priv_enc \
+- RSA_meth_set_priv_dec \
+- RSA_meth_set_finish \
+- EVP_PKEY_get0_RSA \
+- EVP_MD_CTX_new \
+- EVP_MD_CTX_free \
+- EVP_chacha20 \
+ ])
+
+ if test "x$openssl_engine" = "xyes" ; then
+@@ -3040,8 +3006,8 @@
+ fi
+ AC_CHECK_FUNCS([crypt DES_crypt])
+
+- # Check for SHA256, SHA384 and SHA512 support in OpenSSL
+- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
++ # Check for various EVP support in OpenSSL
++ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
+
+ # Check complete ECC support in OpenSSL
+ AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
+diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
+index 498180dc894..59be17397c5 100644
+--- a/openbsd-compat/libressl-api-compat.c
++++ b/openbsd-compat/libressl-api-compat.c
+@@ -1,129 +1,5 @@
+-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
+-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
+-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
+-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
+-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
+-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- *
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to. The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- *
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- * must display the following acknowledgement:
+- * "This product includes cryptographic software written by
+- * Eric Young (eay@cryptsoft.com)"
+- * The word 'cryptographic' can be left out if the rouines from the library
+- * being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from
+- * the apps directory (application code) you must include an acknowledgement:
+- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- *
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- *
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed. i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
+-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
+-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
+-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+- * project 2000.
+- */
+-/* ====================================================================
+- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- *
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in
+- * the documentation and/or other materials provided with the
+- * distribution.
+- *
+- * 3. All advertising materials mentioning features or use of this
+- * software must display the following acknowledgment:
+- * "This product includes software developed by the OpenSSL Project
+- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+- *
+- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+- * endorse or promote products derived from this software without
+- * prior written permission. For written permission, please contact
+- * licensing@OpenSSL.org.
+- *
+- * 5. Products derived from this software may not be called "OpenSSL"
+- * nor may "OpenSSL" appear in their names without prior written
+- * permission of the OpenSSL Project.
+- *
+- * 6. Redistributions of any form whatsoever must retain the following
+- * acknowledgment:
+- * "This product includes software developed by the OpenSSL Project
+- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- * ====================================================================
+- *
+- * This product includes cryptographic software written by Eric Young
+- * (eay@cryptsoft.com). This product includes software written by Tim
+- * Hudson (tjh@cryptsoft.com).
+- *
+- */
+-
+-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
+ /*
+- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
++ * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+@@ -147,192 +23,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+
+-#include <openssl/err.h>
+-#include <openssl/bn.h>
+-#include <openssl/dsa.h>
+-#include <openssl/rsa.h>
+ #include <openssl/evp.h>
+-#ifdef OPENSSL_HAS_ECC
+-#include <openssl/ecdsa.h>
+-#endif
+-#include <openssl/dh.h>
+-
+-#ifndef HAVE_DSA_GET0_PQG
+-void
+-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+-{
+- if (p != NULL)
+- *p = d->p;
+- if (q != NULL)
+- *q = d->q;
+- if (g != NULL)
+- *g = d->g;
+-}
+-#endif /* HAVE_DSA_GET0_PQG */
+-
+-#ifndef HAVE_DSA_SET0_PQG
+-int
+-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+-{
+- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
+- (d->g == NULL && g == NULL))
+- return 0;
+-
+- if (p != NULL) {
+- BN_free(d->p);
+- d->p = p;
+- }
+- if (q != NULL) {
+- BN_free(d->q);
+- d->q = q;
+- }
+- if (g != NULL) {
+- BN_free(d->g);
+- d->g = g;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_DSA_SET0_PQG */
+-
+-#ifndef HAVE_DSA_GET0_KEY
+-void
+-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
+-{
+- if (pub_key != NULL)
+- *pub_key = d->pub_key;
+- if (priv_key != NULL)
+- *priv_key = d->priv_key;
+-}
+-#endif /* HAVE_DSA_GET0_KEY */
+-
+-#ifndef HAVE_DSA_SET0_KEY
+-int
+-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+-{
+- if (d->pub_key == NULL && pub_key == NULL)
+- return 0;
+-
+- if (pub_key != NULL) {
+- BN_free(d->pub_key);
+- d->pub_key = pub_key;
+- }
+- if (priv_key != NULL) {
+- BN_free(d->priv_key);
+- d->priv_key = priv_key;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_DSA_SET0_KEY */
+-
+-#ifndef HAVE_RSA_GET0_KEY
+-void
+-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+-{
+- if (n != NULL)
+- *n = r->n;
+- if (e != NULL)
+- *e = r->e;
+- if (d != NULL)
+- *d = r->d;
+-}
+-#endif /* HAVE_RSA_GET0_KEY */
+-
+-#ifndef HAVE_RSA_SET0_KEY
+-int
+-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+-{
+- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
+- return 0;
+-
+- if (n != NULL) {
+- BN_free(r->n);
+- r->n = n;
+- }
+- if (e != NULL) {
+- BN_free(r->e);
+- r->e = e;
+- }
+- if (d != NULL) {
+- BN_free(r->d);
+- r->d = d;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_RSA_SET0_KEY */
+-
+-#ifndef HAVE_RSA_GET0_CRT_PARAMS
+-void
+-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+- const BIGNUM **iqmp)
+-{
+- if (dmp1 != NULL)
+- *dmp1 = r->dmp1;
+- if (dmq1 != NULL)
+- *dmq1 = r->dmq1;
+- if (iqmp != NULL)
+- *iqmp = r->iqmp;
+-}
+-#endif /* HAVE_RSA_GET0_CRT_PARAMS */
+-
+-#ifndef HAVE_RSA_SET0_CRT_PARAMS
+-int
+-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+-{
+- if ((r->dmp1 == NULL && dmp1 == NULL) ||
+- (r->dmq1 == NULL && dmq1 == NULL) ||
+- (r->iqmp == NULL && iqmp == NULL))
+- return 0;
+-
+- if (dmp1 != NULL) {
+- BN_free(r->dmp1);
+- r->dmp1 = dmp1;
+- }
+- if (dmq1 != NULL) {
+- BN_free(r->dmq1);
+- r->dmq1 = dmq1;
+- }
+- if (iqmp != NULL) {
+- BN_free(r->iqmp);
+- r->iqmp = iqmp;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_RSA_SET0_CRT_PARAMS */
+-
+-#ifndef HAVE_RSA_GET0_FACTORS
+-void
+-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+-{
+- if (p != NULL)
+- *p = r->p;
+- if (q != NULL)
+- *q = r->q;
+-}
+-#endif /* HAVE_RSA_GET0_FACTORS */
+-
+-#ifndef HAVE_RSA_SET0_FACTORS
+-int
+-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+-{
+- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
+- return 0;
+-
+- if (p != NULL) {
+- BN_free(r->p);
+- r->p = p;
+- }
+- if (q != NULL) {
+- BN_free(r->q);
+- r->q = q;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_RSA_SET0_FACTORS */
+
+ #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+ int
+@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
+ }
+ #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
+
+-#ifndef HAVE_DSA_SIG_GET0
+-void
+-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+-{
+- if (pr != NULL)
+- *pr = sig->r;
+- if (ps != NULL)
+- *ps = sig->s;
+-}
+-#endif /* HAVE_DSA_SIG_GET0 */
+-
+-#ifndef HAVE_DSA_SIG_SET0
+-int
+-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+-{
+- if (r == NULL || s == NULL)
+- return 0;
+-
+- BN_clear_free(sig->r);
+- sig->r = r;
+- BN_clear_free(sig->s);
+- sig->s = s;
+-
+- return 1;
+-}
+-#endif /* HAVE_DSA_SIG_SET0 */
+-
+-#ifdef OPENSSL_HAS_ECC
+-#ifndef HAVE_ECDSA_SIG_GET0
+-void
+-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+-{
+- if (pr != NULL)
+- *pr = sig->r;
+- if (ps != NULL)
+- *ps = sig->s;
+-}
+-#endif /* HAVE_ECDSA_SIG_GET0 */
+-
+-#ifndef HAVE_ECDSA_SIG_SET0
+-int
+-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+-{
+- if (r == NULL || s == NULL)
+- return 0;
+-
+- BN_clear_free(sig->r);
+- BN_clear_free(sig->s);
+- sig->r = r;
+- sig->s = s;
+- return 1;
+-}
+-#endif /* HAVE_ECDSA_SIG_SET0 */
+-#endif /* OPENSSL_HAS_ECC */
+-
+-#ifndef HAVE_DH_GET0_PQG
+-void
+-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+-{
+- if (p != NULL)
+- *p = dh->p;
+- if (q != NULL)
+- *q = dh->q;
+- if (g != NULL)
+- *g = dh->g;
+-}
+-#endif /* HAVE_DH_GET0_PQG */
+-
+-#ifndef HAVE_DH_SET0_PQG
+-int
+-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+-{
+- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
+- return 0;
+-
+- if (p != NULL) {
+- BN_free(dh->p);
+- dh->p = p;
+- }
+- if (q != NULL) {
+- BN_free(dh->q);
+- dh->q = q;
+- }
+- if (g != NULL) {
+- BN_free(dh->g);
+- dh->g = g;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_DH_SET0_PQG */
+-
+-#ifndef HAVE_DH_GET0_KEY
+-void
+-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+-{
+- if (pub_key != NULL)
+- *pub_key = dh->pub_key;
+- if (priv_key != NULL)
+- *priv_key = dh->priv_key;
+-}
+-#endif /* HAVE_DH_GET0_KEY */
+-
+-#ifndef HAVE_DH_SET0_KEY
+-int
+-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+-{
+- if (pub_key != NULL) {
+- BN_free(dh->pub_key);
+- dh->pub_key = pub_key;
+- }
+- if (priv_key != NULL) {
+- BN_free(dh->priv_key);
+- dh->priv_key = priv_key;
+- }
+-
+- return 1;
+-}
+-#endif /* HAVE_DH_SET0_KEY */
+-
+-#ifndef HAVE_DH_SET_LENGTH
+-int
+-DH_set_length(DH *dh, long length)
+-{
+- if (length < 0 || length > INT_MAX)
+- return 0;
+-
+- dh->length = length;
+- return 1;
+-}
+-#endif /* HAVE_DH_SET_LENGTH */
+-
+-#ifndef HAVE_RSA_METH_FREE
+-void
+-RSA_meth_free(RSA_METHOD *meth)
+-{
+- if (meth != NULL) {
+- free((char *)meth->name);
+- free(meth);
+- }
+-}
+-#endif /* HAVE_RSA_METH_FREE */
+-
+-#ifndef HAVE_RSA_METH_DUP
+-RSA_METHOD *
+-RSA_meth_dup(const RSA_METHOD *meth)
+-{
+- RSA_METHOD *copy;
+-
+- if ((copy = calloc(1, sizeof(*copy))) == NULL)
+- return NULL;
+- memcpy(copy, meth, sizeof(*copy));
+- if ((copy->name = strdup(meth->name)) == NULL) {
+- free(copy);
+- return NULL;
+- }
+-
+- return copy;
+-}
+-#endif /* HAVE_RSA_METH_DUP */
+-
+-#ifndef HAVE_RSA_METH_SET1_NAME
+-int
+-RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+-{
+- char *copy;
+-
+- if ((copy = strdup(name)) == NULL)
+- return 0;
+- free((char *)meth->name);
+- meth->name = copy;
+- return 1;
+-}
+-#endif /* HAVE_RSA_METH_SET1_NAME */
+-
+-#ifndef HAVE_RSA_METH_GET_FINISH
+-int
+-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
+-{
+- return meth->finish;
+-}
+-#endif /* HAVE_RSA_METH_GET_FINISH */
+-
+-#ifndef HAVE_RSA_METH_SET_PRIV_ENC
+-int
+-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
+- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
+-{
+- meth->rsa_priv_enc = priv_enc;
+- return 1;
+-}
+-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
+-
+-#ifndef HAVE_RSA_METH_SET_PRIV_DEC
+-int
+-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
+- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
+-{
+- meth->rsa_priv_dec = priv_dec;
+- return 1;
+-}
+-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
+-
+-#ifndef HAVE_RSA_METH_SET_FINISH
+-int
+-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
+-{
+- meth->finish = finish;
+- return 1;
+-}
+-#endif /* HAVE_RSA_METH_SET_FINISH */
+-
+-#ifndef HAVE_EVP_PKEY_GET0_RSA
+-RSA *
+-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+-{
+- if (pkey->type != EVP_PKEY_RSA) {
+- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
+- return NULL;
+- }
+- return pkey->pkey.rsa;
+-}
+-#endif /* HAVE_EVP_PKEY_GET0_RSA */
+-
+-#ifndef HAVE_EVP_MD_CTX_NEW
+-EVP_MD_CTX *
+-EVP_MD_CTX_new(void)
+-{
+- return calloc(1, sizeof(EVP_MD_CTX));
+-}
+-#endif /* HAVE_EVP_MD_CTX_NEW */
+-
+-#ifndef HAVE_EVP_MD_CTX_FREE
+-void
+-EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+-{
+- if (ctx == NULL)
+- return;
+-
+- EVP_MD_CTX_cleanup(ctx);
+-
+- free(ctx);
+-}
+-#endif /* HAVE_EVP_MD_CTX_FREE */
+-
+ #endif /* WITH_OPENSSL */
+diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
+index 61a69dd56eb..d0dd2c3450d 100644
+--- a/openbsd-compat/openssl-compat.h
++++ b/openbsd-compat/openssl-compat.h
+@@ -33,26 +33,13 @@
+ int ssh_compatible_openssl(long, long);
+ void ssh_libcrypto_init(void);
+
+-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
+-# error OpenSSL 1.0.1 or greater is required
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++# error OpenSSL 1.1.0 or greater is required
+ #endif
+-
+-#ifndef OPENSSL_VERSION
+-# define OPENSSL_VERSION SSLEAY_VERSION
+-#endif
+-
+-#ifndef HAVE_OPENSSL_VERSION
+-# define OpenSSL_version(x) SSLeay_version(x)
+-#endif
+-
+-#ifndef HAVE_OPENSSL_VERSION_NUM
+-# define OpenSSL_version_num SSLeay
+-#endif
+-
+-#if OPENSSL_VERSION_NUMBER < 0x10000001L
+-# define LIBCRYPTO_EVP_INL_TYPE unsigned int
+-#else
+-# define LIBCRYPTO_EVP_INL_TYPE size_t
++#ifdef LIBRESSL_VERSION_NUMBER
++# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
++# error LibreSSL 3.1.0 or greater is required
++# endif
+ #endif
+
+ #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void);
+ # endif
+ #endif
+
+-/* LibreSSL/OpenSSL 1.1x API compat */
+-#ifndef HAVE_DSA_GET0_PQG
+-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
+- const BIGNUM **g);
+-#endif /* HAVE_DSA_GET0_PQG */
+-
+-#ifndef HAVE_DSA_SET0_PQG
+-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+-#endif /* HAVE_DSA_SET0_PQG */
+-
+-#ifndef HAVE_DSA_GET0_KEY
+-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
+- const BIGNUM **priv_key);
+-#endif /* HAVE_DSA_GET0_KEY */
+-
+-#ifndef HAVE_DSA_SET0_KEY
+-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+-#endif /* HAVE_DSA_SET0_KEY */
+-
+ #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+ # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
+ # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
+@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
+ const unsigned char *iv, size_t len);
+ #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
+
+-#ifndef HAVE_RSA_GET0_KEY
+-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
+- const BIGNUM **d);
+-#endif /* HAVE_RSA_GET0_KEY */
+-
+-#ifndef HAVE_RSA_SET0_KEY
+-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+-#endif /* HAVE_RSA_SET0_KEY */
+-
+-#ifndef HAVE_RSA_GET0_CRT_PARAMS
+-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+- const BIGNUM **iqmp);
+-#endif /* HAVE_RSA_GET0_CRT_PARAMS */
+-
+-#ifndef HAVE_RSA_SET0_CRT_PARAMS
+-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+-#endif /* HAVE_RSA_SET0_CRT_PARAMS */
+-
+-#ifndef HAVE_RSA_GET0_FACTORS
+-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+-#endif /* HAVE_RSA_GET0_FACTORS */
+-
+-#ifndef HAVE_RSA_SET0_FACTORS
+-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+-#endif /* HAVE_RSA_SET0_FACTORS */
+-
+-#ifndef DSA_SIG_GET0
+-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+-#endif /* DSA_SIG_GET0 */
+-
+-#ifndef DSA_SIG_SET0
+-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+-#endif /* DSA_SIG_SET0 */
+-
+-#ifdef OPENSSL_HAS_ECC
+-#ifndef HAVE_ECDSA_SIG_GET0
+-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+-#endif /* HAVE_ECDSA_SIG_GET0 */
+-
+-#ifndef HAVE_ECDSA_SIG_SET0
+-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+-#endif /* HAVE_ECDSA_SIG_SET0 */
+-#endif /* OPENSSL_HAS_ECC */
+-
+-#ifndef HAVE_DH_GET0_PQG
+-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
+- const BIGNUM **g);
+-#endif /* HAVE_DH_GET0_PQG */
+-
+-#ifndef HAVE_DH_SET0_PQG
+-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+-#endif /* HAVE_DH_SET0_PQG */
+-
+-#ifndef HAVE_DH_GET0_KEY
+-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
+-#endif /* HAVE_DH_GET0_KEY */
+-
+-#ifndef HAVE_DH_SET0_KEY
+-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+-#endif /* HAVE_DH_SET0_KEY */
+-
+-#ifndef HAVE_DH_SET_LENGTH
+-int DH_set_length(DH *dh, long length);
+-#endif /* HAVE_DH_SET_LENGTH */
+-
+-#ifndef HAVE_RSA_METH_FREE
+-void RSA_meth_free(RSA_METHOD *meth);
+-#endif /* HAVE_RSA_METH_FREE */
+-
+-#ifndef HAVE_RSA_METH_DUP
+-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+-#endif /* HAVE_RSA_METH_DUP */
+-
+-#ifndef HAVE_RSA_METH_SET1_NAME
+-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+-#endif /* HAVE_RSA_METH_SET1_NAME */
+-
+-#ifndef HAVE_RSA_METH_GET_FINISH
+-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+-#endif /* HAVE_RSA_METH_GET_FINISH */
+-
+-#ifndef HAVE_RSA_METH_SET_PRIV_ENC
+-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
+- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
+-
+-#ifndef HAVE_RSA_METH_SET_PRIV_DEC
+-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
+- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
+-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
+-
+-#ifndef HAVE_RSA_METH_SET_FINISH
+-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
+-#endif /* HAVE_RSA_METH_SET_FINISH */
+-
+-#ifndef HAVE_EVP_PKEY_GET0_RSA
+-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+-#endif /* HAVE_EVP_PKEY_GET0_RSA */
+-
+-#ifndef HAVE_EVP_MD_CTX_new
+-EVP_MD_CTX *EVP_MD_CTX_new(void);
+-#endif /* HAVE_EVP_MD_CTX_new */
+-
+-#ifndef HAVE_EVP_MD_CTX_free
+-void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+-#endif /* HAVE_EVP_MD_CTX_free */
+-
+ #endif /* WITH_OPENSSL */
+ #endif /* _OPENSSL_COMPAT_H */
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index 6057d05..1d53c24 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -26,6 +26,7 @@
file://add-test-support-for-busybox.patch \
file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
+ file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
"
SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
index 0b7abc3..af43547 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -22,7 +22,7 @@
}
-if ($target =~ /linux.*-mips/ && !$disabled{asm}
-- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
- # minimally required architecture flags for assembly modules
- my $value;
- $value = '-mips2' if ($target =~ /mips32/);
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
deleted file mode 100644
index 3b94c48..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001
-From: Pauli <pauli@openssl.org>
-Date: Wed, 8 Mar 2023 15:28:20 +1100
-Subject: [PATCH] x509: excessive resource use verifying policy constraints
-
-A security vulnerability has been identified in all supported versions
-of OpenSSL related to the verification of X.509 certificate chains
-that include policy constraints. Attackers may be able to exploit this
-vulnerability by creating a malicious certificate chain that triggers
-exponential use of computational resources, leading to a denial-of-service
-(DoS) attack on affected systems.
-
-Fixes CVE-2023-0464
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
-(Merged from https://github.com/openssl/openssl/pull/20568)
-
-Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1]
-CVE: CVE-2023-0464
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
----
- crypto/x509/pcy_local.h | 8 +++++++-
- crypto/x509/pcy_node.c | 12 +++++++++---
- crypto/x509/pcy_tree.c | 36 ++++++++++++++++++++++++++----------
- 3 files changed, 42 insertions(+), 14 deletions(-)
-
-diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
-index 18b53cc..cba107c 100644
---- a/crypto/x509/pcy_local.h
-+++ b/crypto/x509/pcy_local.h
-@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
- };
-
- struct X509_POLICY_TREE_st {
-+ /* The number of nodes in the tree */
-+ size_t node_count;
-+ /* The maximum number of nodes in the tree */
-+ size_t node_maximum;
-+
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
-@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree);
-+ X509_POLICY_TREE *tree,
-+ int extra_data);
- void ossl_policy_node_free(X509_POLICY_NODE *node);
- int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
- const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
-index 9d9a7ea..450f95a 100644
---- a/crypto/x509/pcy_node.c
-+++ b/crypto/x509/pcy_node.c
-@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
- X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
-- X509_POLICY_TREE *tree)
-+ X509_POLICY_TREE *tree,
-+ int extra_data)
- {
- X509_POLICY_NODE *node;
-
-+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
-+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
-+ return NULL;
-+
- node = OPENSSL_zalloc(sizeof(*node));
- if (node == NULL) {
- ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
-@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- node->data = data;
- node->parent = parent;
-- if (level) {
-+ if (level != NULL) {
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
- if (level->anyPolicy)
- goto node_error;
-@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-- if (tree) {
-+ if (extra_data) {
- if (tree->extra_data == NULL)
- tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (tree->extra_data == NULL){
-@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
- }
- }
-
-+ tree->node_count++;
- if (parent)
- parent->nchild++;
-
-diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
-index fa45da5..f953a05 100644
---- a/crypto/x509/pcy_tree.c
-+++ b/crypto/x509/pcy_tree.c
-@@ -14,6 +14,17 @@
-
- #include "pcy_local.h"
-
-+/*
-+ * If the maximum number of nodes in the policy tree isn't defined, set it to
-+ * a generous default of 1000 nodes.
-+ *
-+ * Defining this to be zero means unlimited policy tree growth which opens the
-+ * door on CVE-2023-0464.
-+ */
-+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
-+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
-+#endif
-+
- static void expected_print(BIO *channel,
- X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
- int indent)
-@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- return X509_PCY_TREE_INTERNAL;
- }
-
-+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
-+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
-+
- /*
- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
- *
-@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- if ((data = ossl_policy_data_new(NULL,
- OBJ_nid2obj(NID_any_policy), 0)) == NULL)
- goto bad_tree;
-- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
-+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- goto bad_tree;
- }
-@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- * Return value: 1 on success, 0 otherwise
- */
- static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-- X509_POLICY_DATA *data)
-+ X509_POLICY_DATA *data,
-+ X509_POLICY_TREE *tree)
- {
- X509_POLICY_LEVEL *last = curr - 1;
- int i, matched = 0;
-@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
- if (ossl_policy_node_match(last, node, data->valid_policy)) {
-- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
- return 0;
- matched = 1;
- }
- }
- if (!matched && last->anyPolicy) {
-- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
-+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
- return 0;
- }
- return 1;
-@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- * Return value: 1 on success, 0 otherwise.
- */
- static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-- const X509_POLICY_CACHE *cache)
-+ const X509_POLICY_CACHE *cache,
-+ X509_POLICY_TREE *tree)
- {
- int i;
-
-@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
-
- /* Look for matching nodes in previous level */
-- if (!tree_link_matching_nodes(curr, data))
-+ if (!tree_link_matching_nodes(curr, data, tree))
- return 0;
- }
- return 1;
-@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
-+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
- ossl_policy_data_free(data);
- return 0;
- }
-@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
- /* Finally add link to anyPolicy */
- if (last->anyPolicy &&
- ossl_policy_level_add_node(curr, cache->anyPolicy,
-- last->anyPolicy, NULL) == NULL)
-+ last->anyPolicy, tree, 0) == NULL)
- return 0;
- return 1;
- }
-@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
- | POLICY_DATA_FLAG_EXTRA_NODE;
- node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
-- tree);
-+ tree, 1);
- }
- if (!tree->user_policies) {
- tree->user_policies = sk_X509_POLICY_NODE_new_null();
-@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
-
- for (i = 1; i < tree->nlevel; i++, curr++) {
- cache = ossl_policy_cache_set(curr->cert);
-- if (!tree_link_nodes(curr, cache))
-+ if (!tree_link_nodes(curr, cache, tree))
- return X509_PCY_TREE_INTERNAL;
-
- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
---
-2.35.7
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
deleted file mode 100644
index 57fd494..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 7 Mar 2023 16:52:55 +0000
-Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
- certs
-
-Even though we check the leaf cert to confirm it is valid, we
-later ignored the invalid flag and did not notice that the leaf
-cert was bad.
-
-Fixes: CVE-2023-0465
-
-Reviewed-by: Hugo Landau <hlandau@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/20587)
-
-Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb]
-CVE: CVE-2023-0465
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
----
- crypto/x509/x509_vfy.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 9384f1d..a0282c3 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
- goto memerr;
- /* Invalid or inconsistent extensions */
- if (ret == X509_PCY_TREE_INVALID) {
-- int i;
-+ int i, cbcalled = 0;
-
- /* Locate certificates with bad extensions and notify callback. */
-- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
- X509 *x = sk_X509_value(ctx->chain, i);
-
-+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
-+ cbcalled = 1;
- CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
- ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
- }
-+ if (!cbcalled) {
-+ /* Should not be able to get here */
-+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ /* The callback ignored the error so we return success */
- return 1;
- }
- if (ret == X509_PCY_TREE_FAILURE) {
---
-2.35.7
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
deleted file mode 100644
index a16bfe4..0000000
--- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 21 Mar 2023 16:15:47 +0100
-Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
-
-The function was incorrectly documented as enabling policy checking.
-
-Fixes: CVE-2023-0466
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/20563)
-
-Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908]
-CVE: CVE-2023-0466
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
----
- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-index 75a1677..43c1900 100644
---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
-@@ -98,8 +98,9 @@ B<trust>.
- X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
- B<t>. Normally the current time is used.
-
--X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
--by default) and adds B<policy> to the acceptable policy set.
-+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
-+Contrary to preexisting documentation of this function it does not enable
-+policy checking.
-
- X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
- by default) and sets the acceptable policy set to B<policies>. Any existing
-@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
- The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
- and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
-
-+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
-+enabling policy checking however the implementation has never done this.
-+The documentation was changed to align with the implementation.
-+
- =head1 COPYRIGHT
-
- Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
---
-2.35.7
-
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
similarity index 97%
rename from poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
rename to poky/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index 82f3e18..849bd7e 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -12,16 +12,13 @@
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
- file://CVE-2023-0464.patch \
- file://CVE-2023-0465.patch \
- file://CVE-2023-0466.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
+SRC_URI[sha256sum] = "eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"
inherit lib_package multilib_header multilib_script ptest perlnative
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc
index d36da0c..4d8d96c 100644
--- a/poky/meta/recipes-core/glibc/glibc-version.inc
+++ b/poky/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.35/master"
PV = "2.35"
-SRCREV_glibc ?= "293211b6fddf60fc407d21fcba0326dd2148f76b"
+SRCREV_glibc ?= "1c7f51c75ae300fe52ccb636e71b8e28cb20824c"
SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index e77353f..330f262 100644
--- a/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/poky/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,7 +24,7 @@
inherit core-image setuptools3
-SRCREV ?= "c3038cddbce42b7e4268c1f0b45e9fba85caa231"
+SRCREV ?= "133d542a70d0e78390100b4e52a3d440a6b5b750"
SRC_URI = "git://git.yoctoproject.org/poky;branch=kirkstone \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
new file mode 100644
index 0000000..907f2c4
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
@@ -0,0 +1,79 @@
+From e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+
+CVE: CVE-2023-28484
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ result/schemas/issue491_0_0.err | 1 +
+ test/schemas/issue491_0.xml | 1 +
+ test/schemas/issue491_0.xsd | 18 ++++++++++++++++++
+ xmlschemas.c | 2 +-
+ 4 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 result/schemas/issue491_0_0.err
+ create mode 100644 test/schemas/issue491_0.xml
+ create mode 100644 test/schemas/issue491_0.xsd
+
+diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
+new file mode 100644
+index 00000000..9b2bb969
+--- /dev/null
++++ b/result/schemas/issue491_0_0.err
+@@ -0,0 +1 @@
++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
+diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
+new file mode 100644
+index 00000000..e2b2fc2e
+--- /dev/null
++++ b/test/schemas/issue491_0.xml
+@@ -0,0 +1 @@
++<Child xmlns="http://www.test.com">5</Child>
+diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
+new file mode 100644
+index 00000000..81702649
+--- /dev/null
++++ b/test/schemas/issue491_0.xsd
+@@ -0,0 +1,18 @@
++<?xml version='1.0' encoding='UTF-8'?>
++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified">
++ <xs:complexType name="BaseType">
++ <xs:simpleContent>
++ <xs:extension base="xs:int" />
++ </xs:simpleContent>
++ </xs:complexType>
++ <xs:complexType name="ChildType">
++ <xs:complexContent>
++ <xs:extension base="BaseType">
++ <xs:sequence>
++ <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/>
++ </xs:sequence>
++ </xs:extension>
++ </xs:complexContent>
++ </xs:complexType>
++ <xs:element name="Child" type="ChildType" />
++</xs:schema>
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 6a353858..a4eaf591 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -18632,7 +18632,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+ "allowed to appear inside other model groups",
+ NULL, NULL);
+
+- } else if (! dummySequence) {
++ } else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+ xmlSchemaTreeItemPtr effectiveContent =
+ (xmlSchemaTreeItemPtr) type->subtypes;
+ /*
+--
+GitLab
+
diff --git a/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
new file mode 100644
index 0000000..f60d160
--- /dev/null
+++ b/poky/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
@@ -0,0 +1,42 @@
+From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
+ deterministic
+
+When hashing empty strings which aren't null-terminated,
+xmlDictComputeFastKey could produce inconsistent results. This could
+lead to various logic or memory errors, including double frees.
+
+For consistency the seed is also taken into account, but this shouldn't
+have an impact on security.
+
+Found by OSS-Fuzz.
+
+Fixes #510.
+
+CVE: CVE-2023-29469
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ dict.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dict.c b/dict.c
+index 86c3f6d7..d7fd1a06 100644
+--- a/dict.c
++++ b/dict.c
+@@ -433,7 +433,8 @@ static unsigned long
+ xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+ unsigned long value = seed;
+
+- if (name == NULL) return(0);
++ if ((name == NULL) || (namelen <= 0))
++ return(value);
+ value += *name;
+ value <<= 5;
+ if (namelen > 10) {
+--
+GitLab
+
diff --git a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
index e15f8eb..9241b27 100644
--- a/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/poky/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -25,6 +25,8 @@
file://0001-Port-gentest.py-to-Python-3.patch \
file://CVE-2022-40303.patch \
file://CVE-2022-40304.patch \
+ file://CVE-2023-28484.patch \
+ file://CVE-2023-29469.patch \
"
SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 6d19666..1c87bea 100755
--- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -184,12 +184,19 @@
raise SystemdUnitNotFoundError(self.root, unit)
- def _process_deps(self, config, service, location, prop, dirstem):
+ def _process_deps(self, config, service, location, prop, dirstem, instance):
systemdir = self.root / SYSCONFDIR / "systemd" / "system"
target = ROOT / location.relative_to(self.root)
try:
for dependent in config.get('Install', prop):
+ # determine whether or not dependent is a template with an actual
+ # instance (i.e. a '@%i')
+ dependent_is_template = re.match(r"[^@]+@(?P<instance>[^\.]*)\.", dependent)
+ if dependent_is_template:
+ # if so, replace with the actual instance to achieve
+ # svc-wants@a.service.wants/svc-wanted-by@a.service
+ dependent = re.sub(dependent_is_template.group('instance'), instance, dependent, 1)
wants = systemdir / "{}.{}".format(dependent, dirstem) / service
add_link(wants, target)
@@ -229,8 +236,8 @@
else:
service = self.unit
- self._process_deps(config, service, path, 'WantedBy', 'wants')
- self._process_deps(config, service, path, 'RequiredBy', 'requires')
+ self._process_deps(config, service, path, 'WantedBy', 'wants', instance)
+ self._process_deps(config, service, path, 'RequiredBy', 'requires', instance)
try:
for also in config.get('Install', 'Also'):
diff --git a/poky/meta/recipes-core/systemd/systemd/0001-network-remove-only-managed-configs-on-reconfigure-o.patch b/poky/meta/recipes-core/systemd/systemd/0001-network-remove-only-managed-configs-on-reconfigure-o.patch
new file mode 100644
index 0000000..8950981
--- /dev/null
+++ b/poky/meta/recipes-core/systemd/systemd/0001-network-remove-only-managed-configs-on-reconfigure-o.patch
@@ -0,0 +1,358 @@
+From 31b25c7d360a2ef2da1717aa39f190de5222d11a Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 31 Jan 2022 19:08:27 +0900
+Subject: [PATCH] network: remove only managed configs on reconfigure or
+ carrier lost
+
+Otherwise, if the carrir of the non-managed interface is lost, the
+configs such as addresses or routes on the interface will be removed by
+networkd.
+
+Upstream-Status: Backport [systemd v251 a0e99a377a2f22c0ba460d3e7228214008714c14]
+Signed-off-by: C. Andy Martin <cam@myfastmail.com>
+---
+ src/network/networkd-address.c | 13 +++++--------
+ src/network/networkd-address.h | 2 +-
+ src/network/networkd-link.c | 18 ++++++++++--------
+ src/network/networkd-neighbor.c | 6 +++++-
+ src/network/networkd-neighbor.h | 2 +-
+ src/network/networkd-nexthop.c | 16 ++++++++++------
+ src/network/networkd-nexthop.h | 2 +-
+ src/network/networkd-route.c | 16 ++++++++++------
+ src/network/networkd-route.h | 2 +-
+ src/network/networkd-routing-policy-rule.c | 4 ++--
+ src/network/networkd-routing-policy-rule.h | 2 +-
+ test/test-network/systemd-networkd-tests.py | 2 +-
+ 12 files changed, 48 insertions(+), 37 deletions(-)
+
+diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
+index 7df743efb5..01c1d88dec 100644
+--- a/src/network/networkd-address.c
++++ b/src/network/networkd-address.c
+@@ -891,22 +891,19 @@ int link_drop_foreign_addresses(Link *link) {
+ return r;
+ }
+
+-int link_drop_addresses(Link *link) {
++int link_drop_managed_addresses(Link *link) {
+ Address *address;
+ int k, r = 0;
+
+ assert(link);
+
+ SET_FOREACH(address, link->addresses) {
+- /* Ignore addresses not assigned yet or already removing. */
+- if (!address_exists(address))
++ /* Do not touch addresses managed by kernel or other tools. */
++ if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN)
+ continue;
+
+- /* Do not drop IPv6LL addresses assigned by the kernel here. They will be dropped in
+- * link_drop_ipv6ll_addresses() if IPv6LL addressing is disabled. */
+- if (address->source == NETWORK_CONFIG_SOURCE_FOREIGN &&
+- address->family == AF_INET6 &&
+- in6_addr_is_link_local(&address->in_addr.in6))
++ /* Ignore addresses not assigned yet or already removing. */
++ if (!address_exists(address))
+ continue;
+
+ k = address_remove(address);
+diff --git a/src/network/networkd-address.h b/src/network/networkd-address.h
+index 41c4ce6fa4..b2110d8d21 100644
+--- a/src/network/networkd-address.h
++++ b/src/network/networkd-address.h
+@@ -74,7 +74,7 @@ void address_set_broadcast(Address *a);
+
+ DEFINE_NETWORK_SECTION_FUNCTIONS(Address, address_free);
+
+-int link_drop_addresses(Link *link);
++int link_drop_managed_addresses(Link *link);
+ int link_drop_foreign_addresses(Link *link);
+ int link_drop_ipv6ll_addresses(Link *link);
+ void link_foreignize_addresses(Link *link);
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index b62a154828..12c592b257 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1070,27 +1070,27 @@ static int link_drop_foreign_config(Link *link) {
+ return r;
+ }
+
+-static int link_drop_config(Link *link) {
++static int link_drop_managed_config(Link *link) {
+ int k, r;
+
+ assert(link);
+ assert(link->manager);
+
+- r = link_drop_routes(link);
++ r = link_drop_managed_routes(link);
+
+- k = link_drop_nexthops(link);
++ k = link_drop_managed_nexthops(link);
+ if (k < 0 && r >= 0)
+ r = k;
+
+- k = link_drop_addresses(link);
++ k = link_drop_managed_addresses(link);
+ if (k < 0 && r >= 0)
+ r = k;
+
+- k = link_drop_neighbors(link);
++ k = link_drop_managed_neighbors(link);
+ if (k < 0 && r >= 0)
+ r = k;
+
+- k = link_drop_routing_policy_rules(link);
++ k = link_drop_managed_routing_policy_rules(link);
+ if (k < 0 && r >= 0)
+ r = k;
+
+@@ -1318,7 +1318,9 @@ static int link_reconfigure_impl(Link *link, bool force) {
+ * link_drop_foreign_config() in link_configure(). */
+ link_foreignize_config(link);
+ else {
+- r = link_drop_config(link);
++ /* Remove all managed configs. Note, foreign configs are removed in later by
++ * link_configure() -> link_drop_foreign_config() if the link is managed by us. */
++ r = link_drop_managed_config(link);
+ if (r < 0)
+ return r;
+ }
+@@ -1705,7 +1707,7 @@ static int link_carrier_lost_impl(Link *link) {
+ if (r < 0)
+ ret = r;
+
+- r = link_drop_config(link);
++ r = link_drop_managed_config(link);
+ if (r < 0 && ret >= 0)
+ ret = r;
+
+diff --git a/src/network/networkd-neighbor.c b/src/network/networkd-neighbor.c
+index 1766095e53..b58898a6dc 100644
+--- a/src/network/networkd-neighbor.c
++++ b/src/network/networkd-neighbor.c
+@@ -406,13 +406,17 @@ int link_drop_foreign_neighbors(Link *link) {
+ return r;
+ }
+
+-int link_drop_neighbors(Link *link) {
++int link_drop_managed_neighbors(Link *link) {
+ Neighbor *neighbor;
+ int k, r = 0;
+
+ assert(link);
+
+ SET_FOREACH(neighbor, link->neighbors) {
++ /* Do not touch nexthops managed by kernel or other tools. */
++ if (neighbor->source == NETWORK_CONFIG_SOURCE_FOREIGN)
++ continue;
++
+ /* Ignore neighbors not assigned yet or already removing. */
+ if (!neighbor_exists(neighbor))
+ continue;
+diff --git a/src/network/networkd-neighbor.h b/src/network/networkd-neighbor.h
+index e9e1854110..8e3c510cd5 100644
+--- a/src/network/networkd-neighbor.h
++++ b/src/network/networkd-neighbor.h
+@@ -34,7 +34,7 @@ int neighbor_compare_func(const Neighbor *a, const Neighbor *b);
+
+ void network_drop_invalid_neighbors(Network *network);
+
+-int link_drop_neighbors(Link *link);
++int link_drop_managed_neighbors(Link *link);
+ int link_drop_foreign_neighbors(Link *link);
+ void link_foreignize_neighbors(Link *link);
+
+diff --git a/src/network/networkd-nexthop.c b/src/network/networkd-nexthop.c
+index b829aaab90..42aa8c4c59 100644
+--- a/src/network/networkd-nexthop.c
++++ b/src/network/networkd-nexthop.c
+@@ -613,8 +613,8 @@ static void manager_mark_nexthops(Manager *manager, bool foreign, const Link *ex
+ if (nexthop->protocol == RTPROT_KERNEL)
+ continue;
+
+- /* When 'foreign' is true, do not remove nexthops we configured. */
+- if (foreign && nexthop->source != NETWORK_CONFIG_SOURCE_FOREIGN)
++ /* When 'foreign' is true, mark only foreign nexthops, and vice versa. */
++ if (foreign != (nexthop->source == NETWORK_CONFIG_SOURCE_FOREIGN))
+ continue;
+
+ /* Ignore nexthops not assigned yet or already removed. */
+@@ -641,7 +641,7 @@ static void manager_mark_nexthops(Manager *manager, bool foreign, const Link *ex
+ }
+ }
+
+-static int manager_drop_nexthops(Manager *manager) {
++static int manager_drop_marked_nexthops(Manager *manager) {
+ NextHop *nexthop;
+ int k, r = 0;
+
+@@ -704,14 +704,14 @@ int link_drop_foreign_nexthops(Link *link) {
+
+ manager_mark_nexthops(link->manager, /* foreign = */ true, NULL);
+
+- k = manager_drop_nexthops(link->manager);
++ k = manager_drop_marked_nexthops(link->manager);
+ if (k < 0 && r >= 0)
+ r = k;
+
+ return r;
+ }
+
+-int link_drop_nexthops(Link *link) {
++int link_drop_managed_nexthops(Link *link) {
+ NextHop *nexthop;
+ int k, r = 0;
+
+@@ -723,6 +723,10 @@ int link_drop_nexthops(Link *link) {
+ if (nexthop->protocol == RTPROT_KERNEL)
+ continue;
+
++ /* Do not touch addresses managed by kernel or other tools. */
++ if (nexthop->source == NETWORK_CONFIG_SOURCE_FOREIGN)
++ continue;
++
+ /* Ignore nexthops not assigned yet or already removing. */
+ if (!nexthop_exists(nexthop))
+ continue;
+@@ -734,7 +738,7 @@ int link_drop_nexthops(Link *link) {
+
+ manager_mark_nexthops(link->manager, /* foreign = */ false, link);
+
+- k = manager_drop_nexthops(link->manager);
++ k = manager_drop_marked_nexthops(link->manager);
+ if (k < 0 && r >= 0)
+ r = k;
+
+diff --git a/src/network/networkd-nexthop.h b/src/network/networkd-nexthop.h
+index 7a8920238c..1e54e9f211 100644
+--- a/src/network/networkd-nexthop.h
++++ b/src/network/networkd-nexthop.h
+@@ -44,7 +44,7 @@ int nexthop_compare_func(const NextHop *a, const NextHop *b);
+
+ void network_drop_invalid_nexthops(Network *network);
+
+-int link_drop_nexthops(Link *link);
++int link_drop_managed_nexthops(Link *link);
+ int link_drop_foreign_nexthops(Link *link);
+ void link_foreignize_nexthops(Link *link);
+
+diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
+index ee7a535075..7e6fe8bc11 100644
+--- a/src/network/networkd-route.c
++++ b/src/network/networkd-route.c
+@@ -788,8 +788,8 @@ static void manager_mark_routes(Manager *manager, bool foreign, const Link *exce
+ if (route->protocol == RTPROT_KERNEL)
+ continue;
+
+- /* When 'foreign' is true, do not remove routes we configured. */
+- if (foreign && route->source != NETWORK_CONFIG_SOURCE_FOREIGN)
++ /* When 'foreign' is true, mark only foreign routes, and vice versa. */
++ if (foreign != (route->source == NETWORK_CONFIG_SOURCE_FOREIGN))
+ continue;
+
+ /* Do not touch dynamic routes. They will removed by dhcp_pd_prefix_lost() */
+@@ -834,7 +834,7 @@ static void manager_mark_routes(Manager *manager, bool foreign, const Link *exce
+ }
+ }
+
+-static int manager_drop_routes(Manager *manager) {
++static int manager_drop_marked_routes(Manager *manager) {
+ Route *route;
+ int k, r = 0;
+
+@@ -955,14 +955,14 @@ int link_drop_foreign_routes(Link *link) {
+
+ manager_mark_routes(link->manager, /* foreign = */ true, NULL);
+
+- k = manager_drop_routes(link->manager);
++ k = manager_drop_marked_routes(link->manager);
+ if (k < 0 && r >= 0)
+ r = k;
+
+ return r;
+ }
+
+-int link_drop_routes(Link *link) {
++int link_drop_managed_routes(Link *link) {
+ Route *route;
+ int k, r = 0;
+
+@@ -973,6 +973,10 @@ int link_drop_routes(Link *link) {
+ if (route_by_kernel(route))
+ continue;
+
++ /* Do not touch routes managed by kernel or other tools. */
++ if (route->source == NETWORK_CONFIG_SOURCE_FOREIGN)
++ continue;
++
+ if (!route_exists(route))
+ continue;
+
+@@ -983,7 +987,7 @@ int link_drop_routes(Link *link) {
+
+ manager_mark_routes(link->manager, /* foreign = */ false, link);
+
+- k = manager_drop_routes(link->manager);
++ k = manager_drop_marked_routes(link->manager);
+ if (k < 0 && r >= 0)
+ r = k;
+
+diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h
+index e3e22a5985..2180a196fc 100644
+--- a/src/network/networkd-route.h
++++ b/src/network/networkd-route.h
+@@ -82,7 +82,7 @@ int route_remove(Route *route);
+
+ int route_get(Manager *manager, Link *link, const Route *in, Route **ret);
+
+-int link_drop_routes(Link *link);
++int link_drop_managed_routes(Link *link);
+ int link_drop_foreign_routes(Link *link);
+ void link_foreignize_routes(Link *link);
+
+diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c
+index 90086f35a7..d4363060d8 100644
+--- a/src/network/networkd-routing-policy-rule.c
++++ b/src/network/networkd-routing-policy-rule.c
+@@ -653,8 +653,8 @@ static void manager_mark_routing_policy_rules(Manager *m, bool foreign, const Li
+ if (rule->protocol == RTPROT_KERNEL)
+ continue;
+
+- /* When 'foreign' is true, do not remove rules we configured. */
+- if (foreign && rule->source != NETWORK_CONFIG_SOURCE_FOREIGN)
++ /* When 'foreign' is true, mark only foreign rules, and vice versa. */
++ if (foreign != (rule->source == NETWORK_CONFIG_SOURCE_FOREIGN))
+ continue;
+
+ /* Ignore rules not assigned yet or already removing. */
+diff --git a/src/network/networkd-routing-policy-rule.h b/src/network/networkd-routing-policy-rule.h
+index f52943bd2e..7cc6f55c8d 100644
+--- a/src/network/networkd-routing-policy-rule.h
++++ b/src/network/networkd-routing-policy-rule.h
+@@ -71,7 +71,7 @@ int manager_drop_routing_policy_rules_internal(Manager *m, bool foreign, const L
+ static inline int manager_drop_foreign_routing_policy_rules(Manager *m) {
+ return manager_drop_routing_policy_rules_internal(m, true, NULL);
+ }
+-static inline int link_drop_routing_policy_rules(Link *link) {
++static inline int link_drop_managed_routing_policy_rules(Link *link) {
+ assert(link);
+ return manager_drop_routing_policy_rules_internal(link->manager, false, link);
+ }
+diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
+index ac2c1ba034..ed4d4992b1 100755
+--- a/test/test-network/systemd-networkd-tests.py
++++ b/test/test-network/systemd-networkd-tests.py
+@@ -3876,7 +3876,7 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities):
+ print(output)
+ self.assertRegex(output, 'NO-CARRIER')
+ self.assertNotRegex(output, '192.168.0.15/24')
+- self.assertNotRegex(output, '192.168.0.16/24')
++ self.assertRegex(output, '192.168.0.16/24') # foreign address is kept
+
+ print('### ip -6 route list table all dev bridge99')
+ output = check_output('ip -6 route list table all dev bridge99')
+--
+2.34.1
+
diff --git a/poky/meta/recipes-core/systemd/systemd_250.5.bb b/poky/meta/recipes-core/systemd/systemd_250.5.bb
index 784a7af..21a09d8 100644
--- a/poky/meta/recipes-core/systemd/systemd_250.5.bb
+++ b/poky/meta/recipes-core/systemd/systemd_250.5.bb
@@ -30,6 +30,7 @@
file://0001-shared-json-allow-json_variant_dump-to-return-an-err.patch \
file://CVE-2022-4415-1.patch \
file://CVE-2022-4415-2.patch \
+ file://0001-network-remove-only-managed-configs-on-reconfigure-o.patch \
"
# patches needed by musl
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc
index bf44e6c..5c3ff3d 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -50,5 +50,11 @@
file://0021-CVE-2023-1579-2.patch \
file://0021-CVE-2023-1579-3.patch \
file://0021-CVE-2023-1579-4.patch \
+ file://0022-CVE-2023-25584-1.patch \
+ file://0022-CVE-2023-25584-2.patch \
+ file://0022-CVE-2023-25584-3.patch \
+ file://0023-CVE-2023-25585.patch \
+ file://0026-CVE-2023-1972.patch \
+ file://0025-CVE-2023-25588.patch \
"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
new file mode 100644
index 0000000..990243f
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
@@ -0,0 +1,56 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030)
+Subject: ubsan: Null dereference in parse_module
+X-Git-Tag: gdb-12.1-release~59
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2
+
+ubsan: Null dereference in parse_module
+
+ * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
+ has set module->func_table for DST__K_RTNEND. Check return
+ of bfd_zalloc.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 4a92574c850..1129c98f0e2 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ /* Initialize tables with zero element. */
+ curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
++ if (!curr_srec)
++ return false;
+ module->srec_table = curr_srec;
+
+ curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
++ if (!curr_line)
++ return false;
+ module->line_table = curr_line;
+
+ while (length == -1 || ptr < maxptr)
+@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ case DST__K_RTNBEG:
+ funcinfo = (struct funcinfo *)
+ bfd_zalloc (abfd, sizeof (struct funcinfo));
++ if (!funcinfo)
++ return false;
+ funcinfo->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+ maxptr - (ptr + DST_S_B_RTNBEG_NAME));
+@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ break;
+
+ case DST__K_RTNEND:
++ if (!module->func_table)
++ return false;
+ module->func_table->high = module->func_table->low
+ + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
new file mode 100644
index 0000000..f4c5ed2
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
@@ -0,0 +1,38 @@
+From da928f639002002dfc649ed9f50492d5d6cb4cee Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Dec 2022 11:11:44 +0000
+Subject: [PATCH] Fix an illegal memory access when parsing a corrupt VMS Alpha
+ file.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix an illegal memory access when parsing a corrupt VMS Alpha file.
+
+ PR 29848
+ * vms-alpha.c (parse_module): Fix potential out of bounds memory
+ access.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=942fa4fb32738ecbb447546d54f1e5f0312d2ed4]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+ bfd/vms-alpha.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index c548722c..53b3f1bf 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ return false;
+ module->line_table = curr_line;
+
+- while (length == -1 || ptr < maxptr)
++ while (length == -1 || (ptr + 3) < maxptr)
+ {
+ /* The first byte is not counted in the recorded length. */
+ int rec_length = bfd_getl16 (ptr) + 1;
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
new file mode 100644
index 0000000..abe501e
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
@@ -0,0 +1,534 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 12 Dec 2022 07:58:49 +0000 (+1030)
+Subject: Lack of bounds checking in vms-alpha.c parse_module
+X-Git-Tag: gdb-13-branchpoint~87
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44
+
+Lack of bounds checking in vms-alpha.c parse_module
+
+ PR 29873
+ PR 29874
+ PR 29875
+ PR 29876
+ PR 29877
+ PR 29878
+ PR 29879
+ PR 29880
+ PR 29881
+ PR 29882
+ PR 29883
+ PR 29884
+ PR 29885
+ PR 29886
+ PR 29887
+ PR 29888
+ PR 29889
+ PR 29890
+ PR 29891
+ * vms-alpha.c (parse_module): Make length param bfd_size_type.
+ Delete length == -1 checks. Sanity check record_length.
+ Sanity check DST__K_MODBEG, DST__K_RTNBEG, DST__K_RTNEND lengths.
+ Sanity check DST__K_SOURCE and DST__K_LINE_NUM elements
+ before accessing.
+ (build_module_list): Pass dst_section size to parse_module.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index c0eb5bc5a2a..3b63259cc81 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4340,7 +4340,7 @@ new_module (bfd *abfd)
+
+ static bool
+ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+- int length)
++ bfd_size_type length)
+ {
+ unsigned char *maxptr = ptr + length;
+ unsigned char *src_ptr, *pcl_ptr;
+@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ return false;
+ module->line_table = curr_line;
+
+- while (length == -1 || (ptr + 3) < maxptr)
++ while (ptr + 3 < maxptr)
+ {
+ /* The first byte is not counted in the recorded length. */
+ int rec_length = bfd_getl16 (ptr) + 1;
+@@ -4369,15 +4369,19 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ vms_debug2 ((2, "DST record: leng %d, type %d\n", rec_length, rec_type));
+
+- if (length == -1 && rec_type == DST__K_MODEND)
++ if (rec_length > maxptr - ptr)
++ break;
++ if (rec_type == DST__K_MODEND)
+ break;
+
+ switch (rec_type)
+ {
+ case DST__K_MODBEG:
++ if (rec_length <= DST_S_B_MODBEG_NAME)
++ break;
+ module->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_MODBEG_NAME,
+- maxptr - (ptr + DST_S_B_MODBEG_NAME));
++ rec_length - DST_S_B_MODBEG_NAME);
+
+ curr_pc = 0;
+ prev_pc = 0;
+@@ -4391,13 +4395,15 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ break;
+
+ case DST__K_RTNBEG:
++ if (rec_length <= DST_S_B_RTNBEG_NAME)
++ break;
+ funcinfo = (struct funcinfo *)
+ bfd_zalloc (abfd, sizeof (struct funcinfo));
+ if (!funcinfo)
+ return false;
+ funcinfo->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+- maxptr - (ptr + DST_S_B_RTNBEG_NAME));
++ rec_length - DST_S_B_RTNBEG_NAME);
+ funcinfo->low = bfd_getl32 (ptr + DST_S_L_RTNBEG_ADDRESS);
+ funcinfo->next = module->func_table;
+ module->func_table = funcinfo;
+@@ -4407,6 +4413,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ break;
+
+ case DST__K_RTNEND:
++ if (rec_length < DST_S_L_RTNEND_SIZE + 4)
++ break;
+ if (!module->func_table)
+ return false;
+ module->func_table->high = module->func_table->low
+@@ -4439,10 +4447,63 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ vms_debug2 ((3, "source info\n"));
+
+- while (src_ptr < ptr + rec_length)
++ while (src_ptr - ptr < rec_length)
+ {
+ int cmd = src_ptr[0], cmd_length, data;
+
++ switch (cmd)
++ {
++ case DST__K_SRC_DECLFILE:
++ if (src_ptr - ptr + DST_S_B_SRC_DF_LENGTH >= rec_length)
++ cmd_length = 0x10000;
++ else
++ cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2;
++ break;
++
++ case DST__K_SRC_DEFLINES_B:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SRC_DEFLINES_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_INCRLNUM_B:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SRC_SETFILE:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_SETLNUM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SRC_SETLNUM_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_SETREC_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SRC_SETREC_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_FORMFEED:
++ cmd_length = 1;
++ break;
++
++ default:
++ cmd_length = 2;
++ break;
++ }
++
++ if (src_ptr - ptr + cmd_length > rec_length)
++ break;
++
+ switch (cmd)
+ {
+ case DST__K_SRC_DECLFILE:
+@@ -4467,7 +4528,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ module->file_table [fileid].name = filename;
+ module->file_table [fileid].srec = 1;
+- cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2;
+ vms_debug2 ((4, "DST_S_C_SRC_DECLFILE: %d, %s\n",
+ fileid, module->file_table [fileid].name));
+ }
+@@ -4484,7 +4544,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ srec->sfile = curr_srec->sfile;
+ curr_srec->next = srec;
+ curr_srec = srec;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_B: %d\n", data));
+ break;
+
+@@ -4499,14 +4558,12 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ srec->sfile = curr_srec->sfile;
+ curr_srec->next = srec;
+ curr_srec = srec;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_W: %d\n", data));
+ break;
+
+ case DST__K_SRC_INCRLNUM_B:
+ data = src_ptr[DST_S_B_SRC_UNSBYTE];
+ curr_srec->line += data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST_S_C_SRC_INCRLNUM_B: %d\n", data));
+ break;
+
+@@ -4514,21 +4571,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD);
+ curr_srec->sfile = data;
+ curr_srec->srec = module->file_table[data].srec;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_SETFILE: %d\n", data));
+ break;
+
+ case DST__K_SRC_SETLNUM_L:
+ data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG);
+ curr_srec->line = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_L: %d\n", data));
+ break;
+
+ case DST__K_SRC_SETLNUM_W:
+ data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD);
+ curr_srec->line = data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_W: %d\n", data));
+ break;
+
+@@ -4536,7 +4590,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG);
+ curr_srec->srec = data;
+ module->file_table[curr_srec->sfile].srec = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST_S_C_SRC_SETREC_L: %d\n", data));
+ break;
+
+@@ -4544,19 +4597,16 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD);
+ curr_srec->srec = data;
+ module->file_table[curr_srec->sfile].srec = data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_SETREC_W: %d\n", data));
+ break;
+
+ case DST__K_SRC_FORMFEED:
+- cmd_length = 1;
+ vms_debug2 ((4, "DST_S_C_SRC_FORMFEED\n"));
+ break;
+
+ default:
+ _bfd_error_handler (_("unknown source command %d"),
+ cmd);
+- cmd_length = 2;
+ break;
+ }
+
+@@ -4569,18 +4619,114 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ vms_debug2 ((3, "line info\n"));
+
+- while (pcl_ptr < ptr + rec_length)
++ while (pcl_ptr - ptr < rec_length)
+ {
+ /* The command byte is signed so we must sign-extend it. */
+ int cmd = ((signed char *)pcl_ptr)[0], cmd_length, data;
+
++ switch (cmd)
++ {
++ case DST__K_DELTA_PC_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_DELTA_PC_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_INCR_LINUM:
++ cmd_length = 2;
++ break;
++
++ case DST__K_INCR_LINUM_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_INCR_LINUM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_LINUM_INCR:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SET_LINUM_INCR_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_RESET_LINUM_INCR:
++ cmd_length = 1;
++ break;
++
++ case DST__K_BEG_STMT_MODE:
++ cmd_length = 1;
++ break;
++
++ case DST__K_END_STMT_MODE:
++ cmd_length = 1;
++ break;
++
++ case DST__K_SET_LINUM_B:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SET_LINUM:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SET_LINUM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_PC:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SET_PC_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SET_PC_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_STMTNUM:
++ cmd_length = 2;
++ break;
++
++ case DST__K_TERM:
++ cmd_length = 2;
++ break;
++
++ case DST__K_TERM_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_TERM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_ABS_PC:
++ cmd_length = 5;
++ break;
++
++ default:
++ if (cmd <= 0)
++ cmd_length = 1;
++ else
++ cmd_length = 2;
++ break;
++ }
++
++ if (pcl_ptr - ptr + cmd_length > rec_length)
++ break;
++
+ switch (cmd)
+ {
+ case DST__K_DELTA_PC_W:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_pc += data;
+ curr_linenum += 1;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_DELTA_PC_W: %d\n", data));
+ break;
+
+@@ -4588,131 +4734,111 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_pc += data;
+ curr_linenum += 1;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_DELTA_PC_L: %d\n", data));
+ break;
+
+ case DST__K_INCR_LINUM:
+ data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE];
+ curr_linenum += data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST__K_INCR_LINUM: %d\n", data));
+ break;
+
+ case DST__K_INCR_LINUM_W:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_linenum += data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_INCR_LINUM_W: %d\n", data));
+ break;
+
+ case DST__K_INCR_LINUM_L:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_linenum += data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_INCR_LINUM_L: %d\n", data));
+ break;
+
+ case DST__K_SET_LINUM_INCR:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_LINUM_INCR");
+- cmd_length = 2;
+ break;
+
+ case DST__K_SET_LINUM_INCR_W:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_LINUM_INCR_W");
+- cmd_length = 3;
+ break;
+
+ case DST__K_RESET_LINUM_INCR:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_RESET_LINUM_INCR");
+- cmd_length = 1;
+ break;
+
+ case DST__K_BEG_STMT_MODE:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_BEG_STMT_MODE");
+- cmd_length = 1;
+ break;
+
+ case DST__K_END_STMT_MODE:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_END_STMT_MODE");
+- cmd_length = 1;
+ break;
+
+ case DST__K_SET_LINUM_B:
+ data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE];
+ curr_linenum = data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST__K_SET_LINUM_B: %d\n", data));
+ break;
+
+ case DST__K_SET_LINUM:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_linenum = data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_SET_LINE_NUM: %d\n", data));
+ break;
+
+ case DST__K_SET_LINUM_L:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_linenum = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_SET_LINUM_L: %d\n", data));
+ break;
+
+ case DST__K_SET_PC:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_PC");
+- cmd_length = 2;
+ break;
+
+ case DST__K_SET_PC_W:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_PC_W");
+- cmd_length = 3;
+ break;
+
+ case DST__K_SET_PC_L:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_PC_L");
+- cmd_length = 5;
+ break;
+
+ case DST__K_SET_STMTNUM:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_STMTNUM");
+- cmd_length = 2;
+ break;
+
+ case DST__K_TERM:
+ data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE];
+ curr_pc += data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST__K_TERM: %d\n", data));
+ break;
+
+ case DST__K_TERM_W:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_pc += data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_TERM_W: %d\n", data));
+ break;
+
+ case DST__K_TERM_L:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_pc += data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_TERM_L: %d\n", data));
+ break;
+
+ case DST__K_SET_ABS_PC:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_pc = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_SET_ABS_PC: 0x%x\n", data));
+ break;
+
+@@ -4721,15 +4847,11 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ {
+ curr_pc -= cmd;
+ curr_linenum += 1;
+- cmd_length = 1;
+ vms_debug2 ((4, "bump pc to 0x%lx and line to %d\n",
+ (unsigned long)curr_pc, curr_linenum));
+ }
+ else
+- {
+- _bfd_error_handler (_("unknown line command %d"), cmd);
+- cmd_length = 2;
+- }
++ _bfd_error_handler (_("unknown line command %d"), cmd);
+ break;
+ }
+
+@@ -4859,7 +4981,8 @@ build_module_list (bfd *abfd)
+ return NULL;
+
+ module = new_module (abfd);
+- if (!parse_module (abfd, module, PRIV (dst_section)->contents, -1))
++ if (!parse_module (abfd, module, PRIV (dst_section)->contents,
++ PRIV (dst_section)->size))
+ return NULL;
+ list = module;
+ }
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch b/poky/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
new file mode 100644
index 0000000..e31a027
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
@@ -0,0 +1,54 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030)
+Subject: PR29892, Field file_table of struct module is uninitialized
+X-Git-Tag: gdb-13-branchpoint~86
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
+
+PR29892, Field file_table of struct module is uninitialized
+
+ PR 29892
+ * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table.
+ (parse_module): Rewrite file_table reallocation code and clear.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
+
+CVE: CVE-2023-25585
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 3b63259cc81..6ee7060b0b2 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4337,7 +4337,7 @@ new_module (bfd *abfd)
+ = (struct module *) bfd_zalloc (abfd, sizeof (struct module));
+ module->file_table_count = 16; /* Arbitrary. */
+ module->file_table
+- = bfd_malloc (module->file_table_count * sizeof (struct fileinfo));
++ = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo));
+ return module;
+ }
+
+@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ src_ptr + DST_S_B_SRC_DF_FILENAME,
+ ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME));
+
+- while (fileid >= module->file_table_count)
++ if (fileid >= module->file_table_count)
+ {
+- module->file_table_count *= 2;
++ unsigned int old_count = module->file_table_count;
++ module->file_table_count += fileid;
+ module->file_table
+ = bfd_realloc_or_free (module->file_table,
+ module->file_table_count
+ * sizeof (struct fileinfo));
+ if (module->file_table == NULL)
+ return false;
++ memset (module->file_table + old_count, 0,
++ fileid * sizeof (struct fileinfo));
+ }
+
+ module->file_table [fileid].name = filename;
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch b/poky/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
new file mode 100644
index 0000000..142d201
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
@@ -0,0 +1,147 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 14 Oct 2022 00:00:21 +0000 (+1030)
+Subject: PR29677, Field `the_bfd` of `asymbol` is uninitialised
+X-Git-Tag: gdb-13-branchpoint~871
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
+
+PR29677, Field `the_bfd` of `asymbol` is uninitialised
+
+Besides not initialising the_bfd of synthetic symbols, counting
+symbols when sizing didn't match symbols created if there were any
+dynsyms named "". We don't want synthetic symbols without names
+anyway, so get rid of them. Also, simplify and correct sanity checks.
+
+ PR 29677
+ * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
+
+CVE: CVE-2023-25588
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/mach-o.c b/bfd/mach-o.c
+index acb35e7f0c6..5279343768c 100644
+--- a/bfd/mach-o.c
++++ b/bfd/mach-o.c
+@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ bfd_mach_o_symtab_command *symtab = mdata->symtab;
+ asymbol *s;
+ char * s_start;
+- char * s_end;
+ unsigned long count, i, j, n;
+ size_t size;
+ char *names;
+- char *nul_name;
+ const char stub [] = "$stub";
+
+ *ret = NULL;
+@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ /* We need to allocate a bfd symbol for every indirect symbol and to
+ allocate the memory for its name. */
+ count = dysymtab->nindirectsyms;
+- size = count * sizeof (asymbol) + 1;
+-
++ size = 0;
+ for (j = 0; j < count; j++)
+ {
+- const char * strng;
+ unsigned int isym = dysymtab->indirect_syms[j];
++ const char *str;
+
+ /* Some indirect symbols are anonymous. */
+- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
+- /* PR 17512: file: f5b8eeba. */
+- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
++ if (isym < symtab->nsyms
++ && (str = symtab->symbols[isym].symbol.name) != NULL)
++ {
++ /* PR 17512: file: f5b8eeba. */
++ size += strnlen (str, symtab->strsize - (str - symtab->strtab));
++ size += sizeof (stub);
++ }
+ }
+
+- s_start = bfd_malloc (size);
++ s_start = bfd_malloc (size + count * sizeof (asymbol));
+ s = *ret = (asymbol *) s_start;
+ if (s == NULL)
+ return -1;
+ names = (char *) (s + count);
+- nul_name = names;
+- *names++ = 0;
+- s_end = s_start + size;
+
+ n = 0;
+ for (i = 0; i < mdata->nsects; i++)
+@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
+
+ /* PR 17512: file: 08e15eec. */
+- if (first >= count || last >= count || first > last)
++ if (first >= count || last > count || first > last)
+ goto fail;
+
+ for (j = first; j < last; j++)
+ {
+ unsigned int isym = dysymtab->indirect_syms[j];
+-
+- /* PR 17512: file: 04d64d9b. */
+- if (((char *) s) + sizeof (* s) > s_end)
+- goto fail;
+-
+- s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
+- s->section = sec->bfdsection;
+- s->value = addr - sec->addr;
+- s->udata.p = NULL;
++ const char *str;
++ size_t len;
+
+ if (isym < symtab->nsyms
+- && symtab->symbols[isym].symbol.name)
++ && (str = symtab->symbols[isym].symbol.name) != NULL)
+ {
+- const char *sym = symtab->symbols[isym].symbol.name;
+- size_t len;
+-
+- s->name = names;
+- len = strlen (sym);
+- /* PR 17512: file: 47dfd4d2. */
+- if (names + len >= s_end)
++ /* PR 17512: file: 04d64d9b. */
++ if (n >= count)
+ goto fail;
+- memcpy (names, sym, len);
+- names += len;
+- /* PR 17512: file: 18f340a4. */
+- if (names + sizeof (stub) >= s_end)
++ len = strnlen (str, symtab->strsize - (str - symtab->strtab));
++ /* PR 17512: file: 47dfd4d2, 18f340a4. */
++ if (size < len + sizeof (stub))
+ goto fail;
+- memcpy (names, stub, sizeof (stub));
+- names += sizeof (stub);
++ memcpy (names, str, len);
++ memcpy (names + len, stub, sizeof (stub));
++ s->name = names;
++ names += len + sizeof (stub);
++ size -= len + sizeof (stub);
++ s->the_bfd = symtab->symbols[isym].symbol.the_bfd;
++ s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
++ s->section = sec->bfdsection;
++ s->value = addr - sec->addr;
++ s->udata.p = NULL;
++ s++;
++ n++;
+ }
+- else
+- s->name = nul_name;
+-
+ addr += entry_size;
+- s++;
+- n++;
+ }
+ break;
+ default:
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch b/poky/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
new file mode 100644
index 0000000..f86adad
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
@@ -0,0 +1,41 @@
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100)
+Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
+
+Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+
+ PR 30285
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
+
+CVE: CVE-2023-1972
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 027d0143735..185028cbd97 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verdef;
+ }
++
++ if (amt == 0)
++ goto error_return_verdef;
+ elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return_verdef;
+@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return;
+ }
++ if (amt == 0)
++ goto error_return;
+ elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return;
diff --git a/poky/meta/recipes-devtools/gcc/gcc-runtime.inc b/poky/meta/recipes-devtools/gcc/gcc-runtime.inc
index 8074bf1..d019b07 100644
--- a/poky/meta/recipes-devtools/gcc/gcc-runtime.inc
+++ b/poky/meta/recipes-devtools/gcc/gcc-runtime.inc
@@ -68,7 +68,8 @@
# libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure
# tests. Create a dummy empty lib for the purposes of configure.
mkdir -p ${WORKDIR}/dummylib
- ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so
+ ${CC} -x c /dev/null -c -o ${WORKDIR}/dummylib/dummylib.o
+ ${AR} rcs ${WORKDIR}/dummylib/libstdc++.a ${WORKDIR}/dummylib/dummylib.o
for d in libgcc ${RUNTIMETARGET}; do
echo "Configuring $d"
rm -rf ${B}/${TARGET_SYS}/$d/
diff --git a/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch b/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch
new file mode 100644
index 0000000..825701e
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch
@@ -0,0 +1,94 @@
+From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
+Date: Thu Mar 9 16:02:54 2023 +0100
+Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it
+ exists
+
+ The `git apply --reject` is expected to write out `.rej` files in case
+ one or more hunks fail to apply cleanly. Historically, the command
+ overwrites any existing `.rej` files. The idea being that
+ apply/reject/edit cycles are relatively common, and the generated `.rej`
+ files are not considered precious.
+
+ But the command does not overwrite existing `.rej` symbolic links, and
+ instead follows them. This is unsafe because the same patch could
+ potentially create such a symbolic link and point at arbitrary paths
+ outside the current worktree, and `git apply` would write the contents
+ of the `.rej` file into that location.
+
+ Therefore, let's make sure that any existing `.rej` file or symbolic
+ link is removed before writing it.
+
+ Reported-by: RyotaK <ryotak.mail@gmail.com>
+ Helped-by: Taylor Blau <me@ttaylorr.com>
+ Helped-by: Junio C Hamano <gitster@pobox.com>
+ Helped-by: Linus Torvalds <torvalds@linuxfoundation.org>
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+CVE: CVE-2023-25652
+Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ apply.c | 14 ++++++++++++--
+ t/t4115-apply-symlink.sh | 15 +++++++++++++++
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/apply.c b/apply.c
+index fc6f484..47f2686 100644
+--- a/apply.c
++++ b/apply.c
+@@ -4584,7 +4584,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+ FILE *rej;
+ char namebuf[PATH_MAX];
+ struct fragment *frag;
+- int cnt = 0;
++ int fd, cnt = 0;
+ struct strbuf sb = STRBUF_INIT;
+
+ for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) {
+@@ -4624,7 +4624,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+ memcpy(namebuf, patch->new_name, cnt);
+ memcpy(namebuf + cnt, ".rej", 5);
+
+- rej = fopen(namebuf, "w");
++ fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++ if (fd < 0) {
++ if (errno != EEXIST)
++ return error_errno(_("cannot open %s"), namebuf);
++ if (unlink(namebuf))
++ return error_errno(_("cannot unlink '%s'"), namebuf);
++ fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++ if (fd < 0)
++ return error_errno(_("cannot open %s"), namebuf);
++ }
++ rej = fdopen(fd, "w");
+ if (!rej)
+ return error_errno(_("cannot open %s"), namebuf);
+
+diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh
+index 65ac7df..e95e6d4 100755
+--- a/t/t4115-apply-symlink.sh
++++ b/t/t4115-apply-symlink.sh
+@@ -126,4 +126,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' '
+ test_path_is_file .git/delete-me
+ '
+
++test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' '
++ test_when_finished "git reset --hard && git clean -dfx" &&
++
++ test_commit file &&
++ echo modified >file.t &&
++ git diff -- file.t >patch &&
++ echo modified-again >file.t &&
++
++ ln -s foo file.t.rej &&
++ test_must_fail git apply patch --reject 2>err &&
++ test_i18ngrep "Rejected hunk" err &&
++ test_path_is_missing foo &&
++ test_path_is_file file.t.rej
++'
++
+ test_done
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch b/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch
new file mode 100644
index 0000000..472f402
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch
@@ -0,0 +1,162 @@
+From 057c07a7b1fae22fdeef26c243f4cfbe3afc90ce Mon Sep 17 00:00:00 2001
+From: Taylor Blau <me@ttaylorr.com>
+Date: Fri, 14 Apr 2023 11:46:59 -0400
+Subject: [PATCH] Merge branch 'tb/config-copy-or-rename-in-file-injection'
+
+Avoids issues with renaming or deleting sections with long lines, where
+configuration values may be interpreted as sections, leading to
+configuration injection. Addresses CVE-2023-29007.
+
+* tb/config-copy-or-rename-in-file-injection:
+ config.c: disallow overly-long lines in `copy_or_rename_section_in_file()`
+ config.c: avoid integer truncation in `copy_or_rename_section_in_file()`
+ config: avoid fixed-sized buffer when renaming/deleting a section
+ t1300: demonstrate failure when renaming sections with long lines
+
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+
+Upstream-Status: Backport
+CVE: CVE-2023-29007
+
+Reference to upstream patch:
+https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ config.c | 36 +++++++++++++++++++++++++-----------
+ t/t1300-config.sh | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+), 11 deletions(-)
+
+diff --git a/config.c b/config.c
+index 2bffa8d..6a01938 100644
+--- a/config.c
++++ b/config.c
+@@ -3192,9 +3192,10 @@ void git_config_set_multivar(const char *key, const char *value,
+ flags);
+ }
+
+-static int section_name_match (const char *buf, const char *name)
++static size_t section_name_match (const char *buf, const char *name)
+ {
+- int i = 0, j = 0, dot = 0;
++ size_t i = 0, j = 0;
++ int dot = 0;
+ if (buf[i] != '[')
+ return 0;
+ for (i = 1; buf[i] && buf[i] != ']'; i++) {
+@@ -3247,6 +3248,8 @@ static int section_name_is_ok(const char *name)
+ return 1;
+ }
+
++#define GIT_CONFIG_MAX_LINE_LEN (512 * 1024)
++
+ /* if new_name == NULL, the section is removed instead */
+ static int git_config_copy_or_rename_section_in_file(const char *config_filename,
+ const char *old_name,
+@@ -3256,11 +3259,12 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ char *filename_buf = NULL;
+ struct lock_file lock = LOCK_INIT;
+ int out_fd;
+- char buf[1024];
++ struct strbuf buf = STRBUF_INIT;
+ FILE *config_file = NULL;
+ struct stat st;
+ struct strbuf copystr = STRBUF_INIT;
+ struct config_store_data store;
++ uint32_t line_nr = 0;
+
+ memset(&store, 0, sizeof(store));
+
+@@ -3297,16 +3301,25 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ goto out;
+ }
+
+- while (fgets(buf, sizeof(buf), config_file)) {
+- unsigned i;
+- int length;
++ while (!strbuf_getwholeline(&buf, config_file, '\n')) {
++ size_t i, length;
+ int is_section = 0;
+- char *output = buf;
+- for (i = 0; buf[i] && isspace(buf[i]); i++)
++ char *output = buf.buf;
++
++ line_nr++;
++
++ if (buf.len >= GIT_CONFIG_MAX_LINE_LEN) {
++ ret = error(_("refusing to work with overly long line "
++ "in '%s' on line %"PRIuMAX),
++ config_filename, (uintmax_t)line_nr);
++ goto out;
++ }
++
++ for (i = 0; buf.buf[i] && isspace(buf.buf[i]); i++)
+ ; /* do nothing */
+- if (buf[i] == '[') {
++ if (buf.buf[i] == '[') {
+ /* it's a section */
+- int offset;
++ size_t offset;
+ is_section = 1;
+
+ /*
+@@ -3323,7 +3336,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ strbuf_reset(©str);
+ }
+
+- offset = section_name_match(&buf[i], old_name);
++ offset = section_name_match(&buf.buf[i], old_name);
+ if (offset > 0) {
+ ret++;
+ if (new_name == NULL) {
+@@ -3398,6 +3411,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ out_no_rollback:
+ free(filename_buf);
+ config_store_data_clear(&store);
++ strbuf_release(&buf);
+ return ret;
+ }
+
+diff --git a/t/t1300-config.sh b/t/t1300-config.sh
+index 78359f1..b07feb1 100755
+--- a/t/t1300-config.sh
++++ b/t/t1300-config.sh
+@@ -617,6 +617,36 @@ test_expect_success 'renaming to bogus section is rejected' '
+ test_must_fail git config --rename-section branch.zwei "bogus name"
+ '
+
++test_expect_success 'renaming a section with a long line' '
++ {
++ printf "[b]\\n" &&
++ printf " c = d %1024s [a] e = f\\n" " " &&
++ printf "[a] g = h\\n"
++ } >y &&
++ git config -f y --rename-section a xyz &&
++ test_must_fail git config -f y b.e
++'
++
++test_expect_success 'renaming an embedded section with a long line' '
++ {
++ printf "[b]\\n" &&
++ printf " c = d %1024s [a] [foo] e = f\\n" " " &&
++ printf "[a] g = h\\n"
++ } >y &&
++ git config -f y --rename-section a xyz &&
++ test_must_fail git config -f y foo.e
++'
++
++test_expect_success 'renaming a section with an overly-long line' '
++ {
++ printf "[b]\\n" &&
++ printf " c = d %525000s e" " " &&
++ printf "[a] g = h\\n"
++ } >y &&
++ test_must_fail git config -f y --rename-section a xyz 2>err &&
++ test_i18ngrep "refusing to work with overly long line in .y. on line 2" err
++'
++
+ cat >> .git/config << EOF
+ [branch "zwei"] a = 1 [branch "vier"]
+ EOF
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/git/git_2.35.7.bb b/poky/meta/recipes-devtools/git/git_2.35.7.bb
index faf0b67..9e7b0a8 100644
--- a/poky/meta/recipes-devtools/git/git_2.35.7.bb
+++ b/poky/meta/recipes-devtools/git/git_2.35.7.bb
@@ -10,6 +10,8 @@
SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
file://fixsort.patch \
file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \
+ file://CVE-2023-29007.patch \
+ file://CVE-2023-25652.patch \
"
S = "${WORKDIR}/git-${PV}"
@@ -35,6 +37,8 @@
CVE_CHECK_IGNORE += "CVE-2022-41953"
# specific to Git for Windows
CVE_CHECK_IGNORE += "CVE-2023-22743"
+# This is specific to Git-for-Windows
+CVE_CHECK_IGNORE += "CVE-2023-25815"
PACKAGECONFIG ??= "expat curl"
PACKAGECONFIG[cvsserver] = ""
diff --git a/poky/meta/recipes-devtools/go/go-1.17.13.inc b/poky/meta/recipes-devtools/go/go-1.17.13.inc
index cda9227..d430e06 100644
--- a/poky/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/poky/meta/recipes-devtools/go/go-1.17.13.inc
@@ -28,6 +28,10 @@
file://cve-2022-41725.patch \
file://CVE-2022-41722.patch \
file://CVE-2023-24537.patch \
+ file://CVE-2023-24534.patch \
+ file://CVE-2023-24538.patch \
+ file://CVE-2023-24540.patch \
+ file://CVE-2023-24539.patch \
"
SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
new file mode 100644
index 0000000..c65c785
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
@@ -0,0 +1,200 @@
+From d6759e7a059f4208f07aa781402841d7ddaaef96 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Fri, 10 Mar 2023 14:21:05 -0800
+Subject: [PATCH] [release-branch.go1.19] net/textproto: avoid overpredicting
+ the number of MIME header keys
+
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802452
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+(cherry picked from commit f739f080a72fd5b06d35c8e244165159645e2ed6)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802393
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Change-Id: I675451438d619a9130360c56daf529559004903f
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481982
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96]
+CVE: CVE-2023-24534
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+
+---
+ src/bytes/bytes.go | 14 ++++++++
+ src/net/textproto/reader.go | 30 ++++++++++------
+ src/net/textproto/reader_test.go | 59 ++++++++++++++++++++++++++++++++
+ 3 files changed, 92 insertions(+), 11 deletions(-)
+
+diff --git a/src/bytes/bytes.go b/src/bytes/bytes.go
+index ce52649..95ff31c 100644
+--- a/src/bytes/bytes.go
++++ b/src/bytes/bytes.go
+@@ -1174,3 +1174,17 @@ func Index(s, sep []byte) int {
+ }
+ return -1
+ }
++
++// Cut slices s around the first instance of sep,
++// returning the text before and after sep.
++// The found result reports whether sep appears in s.
++// If sep does not appear in s, cut returns s, nil, false.
++//
++// Cut returns slices of the original slice s, not copies.
++func Cut(s, sep []byte) (before, after []byte, found bool) {
++ if i := Index(s, sep); i >= 0 {
++ return s[:i], s[i+len(sep):], true
++ }
++ return s, nil, false
++}
++
+diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
+index 6a680f4..fcbede8 100644
+--- a/src/net/textproto/reader.go
++++ b/src/net/textproto/reader.go
+@@ -493,8 +493,11 @@ func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) {
+ // large one ahead of time which we'll cut up into smaller
+ // slices. If this isn't big enough later, we allocate small ones.
+ var strs []string
+- hint := r.upcomingHeaderNewlines()
++ hint := r.upcomingHeaderKeys()
+ if hint > 0 {
++ if hint > 1000 {
++ hint = 1000 // set a cap to avoid overallocation
++ }
+ strs = make([]string, hint)
+ }
+
+@@ -589,9 +592,11 @@ func mustHaveFieldNameColon(line []byte) error {
+ return nil
+ }
+
+-// upcomingHeaderNewlines returns an approximation of the number of newlines
++var nl = []byte("\n")
++
++// upcomingHeaderKeys returns an approximation of the number of keys
+ // that will be in this header. If it gets confused, it returns 0.
+-func (r *Reader) upcomingHeaderNewlines() (n int) {
++func (r *Reader) upcomingHeaderKeys() (n int) {
+ // Try to determine the 'hint' size.
+ r.R.Peek(1) // force a buffer load if empty
+ s := r.R.Buffered()
+@@ -599,17 +604,20 @@ func (r *Reader) upcomingHeaderNewlines() (n int) {
+ return
+ }
+ peek, _ := r.R.Peek(s)
+- for len(peek) > 0 {
+- i := bytes.IndexByte(peek, '\n')
+- if i < 3 {
+- // Not present (-1) or found within the next few bytes,
+- // implying we're at the end ("\r\n\r\n" or "\n\n")
+- return
++ for len(peek) > 0 && n < 1000 {
++ var line []byte
++ line, peek, _ = bytes.Cut(peek, nl)
++ if len(line) == 0 || (len(line) == 1 && line[0] == '\r') {
++ // Blank line separating headers from the body.
++ break
++ }
++ if line[0] == ' ' || line[0] == '\t' {
++ // Folded continuation of the previous line.
++ continue
+ }
+ n++
+- peek = peek[i+1:]
+ }
+- return
++ return n
+ }
+
+ // CanonicalMIMEHeaderKey returns the canonical format of the
+diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go
+index 3124d43..3ae0de1 100644
+--- a/src/net/textproto/reader_test.go
++++ b/src/net/textproto/reader_test.go
+@@ -9,6 +9,7 @@ import (
+ "bytes"
+ "io"
+ "reflect"
++ "runtime"
+ "strings"
+ "testing"
+ )
+@@ -127,6 +128,42 @@ func TestReadMIMEHeaderSingle(t *testing.T) {
+ }
+ }
+
++// TestReaderUpcomingHeaderKeys is testing an internal function, but it's very
++// difficult to test well via the external API.
++func TestReaderUpcomingHeaderKeys(t *testing.T) {
++ for _, test := range []struct {
++ input string
++ want int
++ }{{
++ input: "",
++ want: 0,
++ }, {
++ input: "A: v",
++ want: 1,
++ }, {
++ input: "A: v\r\nB: v\r\n",
++ want: 2,
++ }, {
++ input: "A: v\nB: v\n",
++ want: 2,
++ }, {
++ input: "A: v\r\n continued\r\n still continued\r\nB: v\r\n\r\n",
++ want: 2,
++ }, {
++ input: "A: v\r\n\r\nB: v\r\nC: v\r\n",
++ want: 1,
++ }, {
++ input: "A: v" + strings.Repeat("\n", 1000),
++ want: 1,
++ }} {
++ r := reader(test.input)
++ got := r.upcomingHeaderKeys()
++ if test.want != got {
++ t.Fatalf("upcomingHeaderKeys(%q): %v; want %v", test.input, got, test.want)
++ }
++ }
++}
++
+ func TestReadMIMEHeaderNoKey(t *testing.T) {
+ r := reader(": bar\ntest-1: 1\n\n")
+ m, err := r.ReadMIMEHeader()
+@@ -223,6 +260,28 @@ func TestReadMIMEHeaderTrimContinued(t *testing.T) {
+ }
+ }
+
++// Test that reading a header doesn't overallocate. Issue 58975.
++func TestReadMIMEHeaderAllocations(t *testing.T) {
++ var totalAlloc uint64
++ const count = 200
++ for i := 0; i < count; i++ {
++ r := reader("A: b\r\n\r\n" + strings.Repeat("\n", 4096))
++ var m1, m2 runtime.MemStats
++ runtime.ReadMemStats(&m1)
++ _, err := r.ReadMIMEHeader()
++ if err != nil {
++ t.Fatalf("ReadMIMEHeader: %v", err)
++ }
++ runtime.ReadMemStats(&m2)
++ totalAlloc += m2.TotalAlloc - m1.TotalAlloc
++ }
++ // 32k is large and we actually allocate substantially less,
++ // but prior to the fix for #58975 we allocated ~400k in this case.
++ if got, want := totalAlloc/count, uint64(32768); got > want {
++ t.Fatalf("ReadMIMEHeader allocated %v bytes, want < %v", got, want)
++ }
++}
++
+ type readResponseTest struct {
+ in string
+ inCode int
+--
+2.25.1
+
diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
new file mode 100644
index 0000000..502486b
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
@@ -0,0 +1,208 @@
+From 07cc3b8711a8efbb5885f56dd90d854049ad2f7d Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 20 Mar 2023 11:01:13 -0700
+Subject: [PATCH] html/template: disallow actions in JS template literals
+
+ECMAScript 6 introduced template literals[0][1] which are delimited with
+backticks. These need to be escaped in a similar fashion to the
+delimiters for other string literals. Additionally template literals can
+contain special syntax for string interpolation.
+
+There is no clear way to allow safe insertion of actions within JS
+template literals, as handling (JS) string interpolation inside of these
+literals is rather complex. As such we've chosen to simply disallow
+template actions within these template literals.
+
+A new error code is added for this parsing failure case, errJsTmplLit,
+but it is unexported as it is not backwards compatible with other minor
+release versions to introduce an API change in a minor release. We will
+export this code in the next major release.
+
+The previous behavior (with the cavet that backticks are now escaped
+properly) can be re-enabled with GODEBUG=jstmpllitinterp=1.
+
+This change subsumes CL471455.
+
+Thanks to Sohom Datta, Manipal Institute of Technology, for reporting
+this issue.
+
+Fixes CVE-2023-24538
+For #59234
+Fixes #59271
+
+[0] https://tc39.es/ecma262/multipage/ecmascript-language-expressions.html#sec-template-literals
+[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals
+
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802457
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802612
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Change-Id: Ic7f10595615f2b2740d9c85ad7ef40dc0e78c04c
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481987
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+
+Upstream-Status: Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/html/template/context.go | 2 ++
+ src/html/template/error.go | 13 +++++++++++++
+ src/html/template/escape.go | 11 +++++++++++
+ src/html/template/js.go | 2 ++
+ src/html/template/jsctx_string.go | 9 +++++++++
+ src/html/template/transition.go | 7 ++++++-
+ 6 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/context.go b/src/html/template/context.go
+index f7d4849..0b65313 100644
+--- a/src/html/template/context.go
++++ b/src/html/template/context.go
+@@ -116,6 +116,8 @@ const (
+ stateJSDqStr
+ // stateJSSqStr occurs inside a JavaScript single quoted string.
+ stateJSSqStr
++ // stateJSBqStr occurs inside a JavaScript back quoted string.
++ stateJSBqStr
+ // stateJSRegexp occurs inside a JavaScript regexp literal.
+ stateJSRegexp
+ // stateJSBlockCmt occurs inside a JavaScript /* block comment */.
+diff --git a/src/html/template/error.go b/src/html/template/error.go
+index 0e52706..fd26b64 100644
+--- a/src/html/template/error.go
++++ b/src/html/template/error.go
+@@ -211,6 +211,19 @@ const (
+ // pipeline occurs in an unquoted attribute value context, "html" is
+ // disallowed. Avoid using "html" and "urlquery" entirely in new templates.
+ ErrPredefinedEscaper
++
++ // errJSTmplLit: "... appears in a JS template literal"
++ // Example:
++ // <script>var tmpl = `{{.Interp}`</script>
++ // Discussion:
++ // Package html/template does not support actions inside of JS template
++ // literals.
++ //
++ // TODO(rolandshoemaker): we cannot add this as an exported error in a minor
++ // release, since it is backwards incompatible with the other minor
++ // releases. As such we need to leave it unexported, and then we'll add it
++ // in the next major release.
++ errJSTmplLit
+ )
+
+ func (e *Error) Error() string {
+diff --git a/src/html/template/escape.go b/src/html/template/escape.go
+index 8739735..ca078f4 100644
+--- a/src/html/template/escape.go
++++ b/src/html/template/escape.go
+@@ -8,6 +8,7 @@ import (
+ "bytes"
+ "fmt"
+ "html"
++ "internal/godebug"
+ "io"
+ "text/template"
+ "text/template/parse"
+@@ -205,6 +206,16 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context {
+ c.jsCtx = jsCtxDivOp
+ case stateJSDqStr, stateJSSqStr:
+ s = append(s, "_html_template_jsstrescaper")
++ case stateJSBqStr:
++ debugAllowActionJSTmpl := godebug.Get("jstmpllitinterp")
++ if debugAllowActionJSTmpl == "1" {
++ s = append(s, "_html_template_jsstrescaper")
++ } else {
++ return context{
++ state: stateError,
++ err: errorf(errJSTmplLit, n, n.Line, "%s appears in a JS template literal", n),
++ }
++ }
+ case stateJSRegexp:
+ s = append(s, "_html_template_jsregexpescaper")
+ case stateCSS:
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index ea9c183..b888eaf 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -308,6 +308,7 @@ var jsStrReplacementTable = []string{
+ // Encode HTML specials as hex so the output can be embedded
+ // in HTML attributes without further encoding.
+ '"': `\u0022`,
++ '`': `\u0060`,
+ '&': `\u0026`,
+ '\'': `\u0027`,
+ '+': `\u002b`,
+@@ -331,6 +332,7 @@ var jsStrNormReplacementTable = []string{
+ '"': `\u0022`,
+ '&': `\u0026`,
+ '\'': `\u0027`,
++ '`': `\u0060`,
+ '+': `\u002b`,
+ '/': `\/`,
+ '<': `\u003c`,
+diff --git a/src/html/template/jsctx_string.go b/src/html/template/jsctx_string.go
+index dd1d87e..2394893 100644
+--- a/src/html/template/jsctx_string.go
++++ b/src/html/template/jsctx_string.go
+@@ -4,6 +4,15 @@ package template
+
+ import "strconv"
+
++func _() {
++ // An "invalid array index" compiler error signifies that the constant values have changed.
++ // Re-run the stringer command to generate them again.
++ var x [1]struct{}
++ _ = x[jsCtxRegexp-0]
++ _ = x[jsCtxDivOp-1]
++ _ = x[jsCtxUnknown-2]
++}
++
+ const _jsCtx_name = "jsCtxRegexpjsCtxDivOpjsCtxUnknown"
+
+ var _jsCtx_index = [...]uint8{0, 11, 21, 33}
+diff --git a/src/html/template/transition.go b/src/html/template/transition.go
+index 06df679..92eb351 100644
+--- a/src/html/template/transition.go
++++ b/src/html/template/transition.go
+@@ -27,6 +27,7 @@ var transitionFunc = [...]func(context, []byte) (context, int){
+ stateJS: tJS,
+ stateJSDqStr: tJSDelimited,
+ stateJSSqStr: tJSDelimited,
++ stateJSBqStr: tJSDelimited,
+ stateJSRegexp: tJSDelimited,
+ stateJSBlockCmt: tBlockCmt,
+ stateJSLineCmt: tLineCmt,
+@@ -262,7 +263,7 @@ func tURL(c context, s []byte) (context, int) {
+
+ // tJS is the context transition function for the JS state.
+ func tJS(c context, s []byte) (context, int) {
+- i := bytes.IndexAny(s, `"'/`)
++ i := bytes.IndexAny(s, "\"`'/")
+ if i == -1 {
+ // Entire input is non string, comment, regexp tokens.
+ c.jsCtx = nextJSCtx(s, c.jsCtx)
+@@ -274,6 +275,8 @@ func tJS(c context, s []byte) (context, int) {
+ c.state, c.jsCtx = stateJSDqStr, jsCtxRegexp
+ case '\'':
+ c.state, c.jsCtx = stateJSSqStr, jsCtxRegexp
++ case '`':
++ c.state, c.jsCtx = stateJSBqStr, jsCtxRegexp
+ case '/':
+ switch {
+ case i+1 < len(s) && s[i+1] == '/':
+@@ -303,6 +306,8 @@ func tJSDelimited(c context, s []byte) (context, int) {
+ switch c.state {
+ case stateJSSqStr:
+ specials = `\'`
++ case stateJSBqStr:
++ specials = "`\\"
+ case stateJSRegexp:
+ specials = `\/[]`
+ }
+--
+2.7.4
diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24539.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24539.patch
new file mode 100644
index 0000000..fa19e18
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24539.patch
@@ -0,0 +1,53 @@
+From e49282327b05192e46086bf25fd3ac691205fe80 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Thu, 13 Apr 2023 15:40:44 -0700
+Subject: [PATCH] [release-branch.go1.19] html/template: disallow angle
+ brackets in CSS values
+
+Change-Id: Iccc659c9a18415992b0c05c178792228e3a7bae4
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1826636
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851496
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/491335
+Run-TryBot: Carlos Amedee <carlos@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80]
+CVE: CVE-2023-24539
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/html/template/css.go | 2 +-
+ src/html/template/css_test.go | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/css.go b/src/html/template/css.go
+index 890a0c6b227fe..f650d8b3e843a 100644
+--- a/src/html/template/css.go
++++ b/src/html/template/css.go
+@@ -238,7 +238,7 @@ func cssValueFilter(args ...any) string {
+ // inside a string that might embed JavaScript source.
+ for i, c := range b {
+ switch c {
+- case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}':
++ case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}', '<', '>':
+ return filterFailsafe
+ case '-':
+ // Disallow <!-- or -->.
+diff --git a/src/html/template/css_test.go b/src/html/template/css_test.go
+index a735638b0314f..2b76256a766e9 100644
+--- a/src/html/template/css_test.go
++++ b/src/html/template/css_test.go
+@@ -231,6 +231,8 @@ func TestCSSValueFilter(t *testing.T) {
+ {`-exp\000052 ession(alert(1337))`, "ZgotmplZ"},
+ {`-expre\0000073sion`, "-expre\x073sion"},
+ {`@import url evil.css`, "ZgotmplZ"},
++ {"<", "ZgotmplZ"},
++ {">", "ZgotmplZ"},
+ }
+ for _, test := range tests {
+ got := cssValueFilter(test.css)
diff --git a/poky/meta/recipes-devtools/go/go-1.19/CVE-2023-24540.patch b/poky/meta/recipes-devtools/go/go-1.19/CVE-2023-24540.patch
new file mode 100644
index 0000000..7e6e871
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.19/CVE-2023-24540.patch
@@ -0,0 +1,93 @@
+From 2305cdb2aa5ac8e9960bd64e548a119c7dd87530 Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Tue, 11 Apr 2023 16:27:43 +0100
+Subject: [PATCH] html/template: handle all JS whitespace characters
+
+Rather than just a small set. Character class as defined by \s [0].
+
+Thanks to Juho Nurminen of Mattermost for reporting this.
+
+For #59721
+Fixes #59813
+Fixes CVE-2023-24540
+
+[0] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions/Character_Classes
+
+Change-Id: I56d4fa1ef08125b417106ee7dbfb5b0923b901ba
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1821459
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1851497
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/491355
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Carlos Amedee <carlos@golang.org>
+TryBot-Bypass: Carlos Amedee <carlos@golang.org>
+Run-TryBot: Carlos Amedee <carlos@golang.org>
+
+CVE: CVE-2023-24540
+Upstream-Status: Backport [https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ src/html/template/js.go | 8 +++++++-
+ src/html/template/js_test.go | 11 +++++++----
+ 2 files changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index b888eaf..35994f0 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -13,6 +13,11 @@ import (
+ "unicode/utf8"
+ )
+
++// jsWhitespace contains all of the JS whitespace characters, as defined
++// by the \s character class.
++// See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions/Character_classes.
++const jsWhitespace = "\f\n\r\t\v\u0020\u00a0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u2028\u2029\u202f\u205f\u3000\ufeff"
++
+ // nextJSCtx returns the context that determines whether a slash after the
+ // given run of tokens starts a regular expression instead of a division
+ // operator: / or /=.
+@@ -26,7 +31,8 @@ import (
+ // JavaScript 2.0 lexical grammar and requires one token of lookbehind:
+ // https://www.mozilla.org/js/language/js20-2000-07/rationale/syntax.html
+ func nextJSCtx(s []byte, preceding jsCtx) jsCtx {
+- s = bytes.TrimRight(s, "\t\n\f\r \u2028\u2029")
++ // Trim all JS whitespace characters
++ s = bytes.TrimRight(s, jsWhitespace)
+ if len(s) == 0 {
+ return preceding
+ }
+diff --git a/src/html/template/js_test.go b/src/html/template/js_test.go
+index d7ee47b..8f5d76d 100644
+--- a/src/html/template/js_test.go
++++ b/src/html/template/js_test.go
+@@ -81,14 +81,17 @@ func TestNextJsCtx(t *testing.T) {
+ {jsCtxDivOp, "0"},
+ // Dots that are part of a number are div preceders.
+ {jsCtxDivOp, "0."},
++ // Some JS interpreters treat NBSP as a normal space, so
++ // we must too in order to properly escape things.
++ {jsCtxRegexp, "=\u00A0"},
+ }
+
+ for _, test := range tests {
+- if nextJSCtx([]byte(test.s), jsCtxRegexp) != test.jsCtx {
+- t.Errorf("want %s got %q", test.jsCtx, test.s)
++ if ctx := nextJSCtx([]byte(test.s), jsCtxRegexp); ctx != test.jsCtx {
++ t.Errorf("%q: want %s got %s", test.s, test.jsCtx, ctx)
+ }
+- if nextJSCtx([]byte(test.s), jsCtxDivOp) != test.jsCtx {
+- t.Errorf("want %s got %q", test.jsCtx, test.s)
++ if ctx := nextJSCtx([]byte(test.s), jsCtxDivOp); ctx != test.jsCtx {
++ t.Errorf("%q: want %s got %s", test.s, test.jsCtx, ctx)
+ }
+ }
+
+--
+2.40.0
+
diff --git a/poky/meta/recipes-devtools/llvm/llvm/0001-Support-Add-missing-cstdint-header-to-Signals.h.patch b/poky/meta/recipes-devtools/llvm/llvm/0001-Support-Add-missing-cstdint-header-to-Signals.h.patch
new file mode 100644
index 0000000..fdb6307
--- /dev/null
+++ b/poky/meta/recipes-devtools/llvm/llvm/0001-Support-Add-missing-cstdint-header-to-Signals.h.patch
@@ -0,0 +1,31 @@
+From a94bf34221fc4519bd8ec72560c2d363ffe2de4c Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Mon, 23 May 2022 08:03:23 +0100
+Subject: [PATCH] [Support] Add missing <cstdint> header to Signals.h
+
+Without the change llvm build fails on this week's gcc-13 snapshot as:
+
+ [ 0%] Building CXX object lib/Support/CMakeFiles/LLVMSupport.dir/Signals.cpp.o
+ In file included from llvm/lib/Support/Signals.cpp:14:
+ llvm/include/llvm/Support/Signals.h:119:8: error: variable or field 'CleanupOnSignal' declared void
+ 119 | void CleanupOnSignal(uintptr_t Context);
+ | ^~~~~~~~~~~~~~~
+
+Upstream-Status: Backport [llvmorg-15.0.0 ff1681ddb303223973653f7f5f3f3435b48a1983]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ llvm/include/llvm/Support/Signals.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/llvm/include/llvm/Support/Signals.h b/llvm/include/llvm/Support/Signals.h
+index 44f5a750ff5c..937e0572d4a7 100644
+--- a/llvm/include/llvm/Support/Signals.h
++++ b/llvm/include/llvm/Support/Signals.h
+@@ -14,6 +14,7 @@
+ #ifndef LLVM_SUPPORT_SIGNALS_H
+ #define LLVM_SUPPORT_SIGNALS_H
+
++#include <cstdint>
+ #include <string>
+
+ namespace llvm {
diff --git a/poky/meta/recipes-devtools/llvm/llvm_git.bb b/poky/meta/recipes-devtools/llvm/llvm_git.bb
index 9400bf0..cedbfb1 100644
--- a/poky/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/poky/meta/recipes-devtools/llvm/llvm_git.bb
@@ -32,6 +32,7 @@
file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2 \
file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
+ file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \
"
UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
diff --git a/poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch b/poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
new file mode 100644
index 0000000..1bd49c9
--- /dev/null
+++ b/poky/meta/recipes-devtools/nasm/nasm/CVE-2022-44370.patch
@@ -0,0 +1,104 @@
+From b37677f7e40276bd8f504584bcba2c092f1146a8 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Mon, 7 Nov 2022 10:26:03 -0800
+Subject: [PATCH] quote_for_pmake: fix counter underrun resulting in segfault
+
+while (nbs--) { ... } ends with nbs == -1. Rather than a minimal fix,
+introduce mempset() to make these kinds of errors less likely in the
+future.
+
+Fixes: https://bugzilla.nasm.us/show_bug.cgi?id=3392815
+Reported-by: <13579and24680@gmail.com>
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-4437
+
+Reference to upstream patch:
+[https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ asm/nasm.c | 12 +++++-------
+ configure.ac | 1 +
+ include/compiler.h | 7 +++++++
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/asm/nasm.c b/asm/nasm.c
+index 7a7f8b4..675cff4 100644
+--- a/asm/nasm.c
++++ b/asm/nasm.c
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------- *
+ *
+- * Copyright 1996-2020 The NASM Authors - All Rights Reserved
++ * Copyright 1996-2022 The NASM Authors - All Rights Reserved
+ * See the file AUTHORS included with the NASM distribution for
+ * the specific copyright holders.
+ *
+@@ -814,8 +814,7 @@ static char *quote_for_pmake(const char *str)
+ }
+
+ /* Convert N backslashes at the end of filename to 2N backslashes */
+- if (nbs)
+- n += nbs;
++ n += nbs;
+
+ os = q = nasm_malloc(n);
+
+@@ -824,10 +823,10 @@ static char *quote_for_pmake(const char *str)
+ switch (*p) {
+ case ' ':
+ case '\t':
+- while (nbs--)
+- *q++ = '\\';
++ q = mempset(q, '\\', nbs);
+ *q++ = '\\';
+ *q++ = *p;
++ nbs = 0;
+ break;
+ case '$':
+ *q++ = *p;
+@@ -849,9 +848,8 @@ static char *quote_for_pmake(const char *str)
+ break;
+ }
+ }
+- while (nbs--)
+- *q++ = '\\';
+
++ q = mempset(q, '\\', nbs);
+ *q = '\0';
+
+ return os;
+diff --git a/configure.ac b/configure.ac
+index 39680b1..940ebe2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -199,6 +199,7 @@ AC_CHECK_FUNCS(strrchrnul)
+ AC_CHECK_FUNCS(iscntrl)
+ AC_CHECK_FUNCS(isascii)
+ AC_CHECK_FUNCS(mempcpy)
++AC_CHECK_FUNCS(mempset)
+
+ AC_CHECK_FUNCS(getuid)
+ AC_CHECK_FUNCS(getgid)
+diff --git a/include/compiler.h b/include/compiler.h
+index db3d6d6..b64da6a 100644
+--- a/include/compiler.h
++++ b/include/compiler.h
+@@ -256,6 +256,13 @@ static inline void *mempcpy(void *dst, const void *src, size_t n)
+ }
+ #endif
+
++#ifndef HAVE_MEMPSET
++static inline void *mempset(void *dst, int c, size_t n)
++{
++ return (char *)memset(dst, c, n) + n;
++}
++#endif
++
+ /*
+ * Hack to support external-linkage inline functions
+ */
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb
index edc17ae..59b1121 100644
--- a/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb
+++ b/poky/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -8,6 +8,7 @@
SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
file://0001-stdlib-Add-strlcat.patch \
file://0002-Add-debug-prefix-map-option.patch \
+ file://CVE-2022-44370.patch \
"
SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"
diff --git a/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
new file mode 100644
index 0000000..1f7cbd0
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
@@ -0,0 +1,29 @@
+From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist <git@stig.io>
+Date: Tue, 28 Feb 2023 11:54:06 +0100
+Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
+ identity
+
+Upstream-Status: Backport [https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0]
+
+CVE: CVE-2023-31484
+
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+index 4fc792c..a616fee 100644
+--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
++++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+@@ -32,6 +32,7 @@ sub mirror {
+
+ my $want_proxy = $self->_want_proxy($uri);
+ my $http = HTTP::Tiny->new(
++ verify_SSL => 1,
+ $want_proxy ? (proxy => $self->{proxy}) : ()
+ );
+
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/perl/perl_5.34.1.bb b/poky/meta/recipes-devtools/perl/perl_5.34.1.bb
index 42bcb8b..e0ee006 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.34.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.34.1.bb
@@ -18,6 +18,7 @@
file://determinism.patch \
file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
file://0001-Fix-build-with-gcc-12.patch \
+ file://CVE-2023-31484.patch \
"
SRC_URI:append:class-native = " \
file://perl-configpm-switch.patch \
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch b/poky/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
new file mode 100644
index 0000000..5fc4878
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
@@ -0,0 +1,49 @@
+From 9fbf84efc861668755ab645530ec7be9cf3c6696 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Tue, 7 Feb 2023 11:34:18 -0500
+Subject: [PATCH] Don't allow update_into to mutate immutable objects (#8230)
+
+CVE: CVE-2023-23931
+
+Upstream-Status: Backport [https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
+ tests/hazmat/primitives/test_ciphers.py | 8 ++++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 286583f93..075d68fb9 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -156,7 +156,7 @@ class _CipherContext:
+ data_processed = 0
+ total_out = 0
+ outlen = self._backend._ffi.new("int *")
+- baseoutbuf = self._backend._ffi.from_buffer(buf)
++ baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
+ baseinbuf = self._backend._ffi.from_buffer(data)
+
+ while data_processed != total_data_len:
+diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
+index 02127dd9c..bf3b047de 100644
+--- a/tests/hazmat/primitives/test_ciphers.py
++++ b/tests/hazmat/primitives/test_ciphers.py
+@@ -318,6 +318,14 @@ class TestCipherUpdateInto:
+ with pytest.raises(ValueError):
+ encryptor.update_into(b"testing", buf)
+
++ def test_update_into_immutable(self, backend):
++ key = b"\x00" * 16
++ c = ciphers.Cipher(AES(key), modes.ECB(), backend)
++ encryptor = c.encryptor()
++ buf = b"\x00" * 32
++ with pytest.raises((TypeError, BufferError)):
++ encryptor.update_into(b"testing", buf)
++
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb b/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
index 9ef5ff3..c3ae0c1 100644
--- a/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
+++ b/poky/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
@@ -17,6 +17,7 @@
file://0001-Cargo.toml-specify-pem-version.patch \
file://0002-Cargo.toml-edition-2018-2021.patch \
file://fix-leak-metric.patch \
+ file://CVE-2023-23931.patch \
"
inherit pypi python_setuptools3_rust
diff --git a/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch b/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch
new file mode 100644
index 0000000..35b4241
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3-requests/CVE-2023-32681.patch
@@ -0,0 +1,63 @@
+From cd0128c0becd8729d0f8733bf42fbd333d51f833 Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Mon, 5 Jun 2023 09:31:36 +0000
+Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q
+
+CVE: CVE-2023-32681
+
+Upstream-Status: Backport [https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ requests/sessions.py | 4 +++-
+ tests/test_requests.py | 20 ++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/requests/sessions.py b/requests/sessions.py
+index 3f59cab..648cffa 100644
+--- a/requests/sessions.py
++++ b/requests/sessions.py
+@@ -293,7 +293,9 @@ class SessionRedirectMixin(object):
+ except KeyError:
+ username, password = None, None
+
+- if username and password:
++ # urllib3 handles proxy authorization for us in the standard adapter.
++ # Avoid appending this to TLS tunneled requests where it may be leaked.
++ if not scheme.startswith('https') and username and password:
+ headers['Proxy-Authorization'] = _basic_auth_str(username, password)
+
+ return new_proxies
+diff --git a/tests/test_requests.py b/tests/test_requests.py
+index 29b3aca..6a37777 100644
+--- a/tests/test_requests.py
++++ b/tests/test_requests.py
+@@ -601,6 +601,26 @@ class TestRequests:
+
+ assert sent_headers.get("Proxy-Authorization") == proxy_auth_value
+
++
++ @pytest.mark.parametrize(
++ "url,has_proxy_auth",
++ (
++ ('http://example.com', True),
++ ('https://example.com', False),
++ ),
++ )
++ def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth):
++ session = requests.Session()
++ proxies = {
++ 'http': 'http://test:pass@localhost:8080',
++ 'https': 'http://test:pass@localhost:8090',
++ }
++ req = requests.Request('GET', url)
++ prep = req.prepare()
++ session.rebuild_proxies(prep, proxies)
++
++ assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth
++
+ def test_basicauth_with_netrc(self, httpbin):
+ auth = ('user', 'pass')
+ wrong_auth = ('wronguser', 'wrongpass')
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb b/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb
index af52b7c..635a6af 100644
--- a/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb
+++ b/poky/meta/recipes-devtools/python/python3-requests_2.27.1.bb
@@ -3,6 +3,8 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
+SRC_URI += "file://CVE-2023-32681.patch"
+
SRC_URI[sha256sum] = "68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"
inherit pypi setuptools3
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index a6ee958..7f2b52f 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -112,6 +112,11 @@
# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
CVE_CHECK_IGNORE += "CVE-2018-18438"
+# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
+# https://bugzilla.redhat.com/show_bug.cgi?id=2167423
+# this bug related to windows specific.
+CVE_CHECK_IGNORE += "CVE-2023-0664"
+
COMPATIBLE_HOST:mipsarchn32 = "null"
COMPATIBLE_HOST:mipsarchn64 = "null"
COMPATIBLE_HOST:riscv32 = "null"
diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc
index fce8101..72deb24 100644
--- a/poky/meta/recipes-devtools/quilt/quilt.inc
+++ b/poky/meta/recipes-devtools/quilt/quilt.inc
@@ -14,6 +14,7 @@
file://0001-tests-Allow-different-output-from-mv.patch \
file://fix-grep-3.8.patch \
file://faildiff-order.patch \
+ file://0001-test-Fix-a-race-condition-in-merge.test.patch \
"
SRC_URI:append:class-target = " file://gnu_patch_test_fix_target.patch"
diff --git a/poky/meta/recipes-devtools/quilt/quilt/0001-test-Fix-a-race-condition-in-merge.test.patch b/poky/meta/recipes-devtools/quilt/quilt/0001-test-Fix-a-race-condition-in-merge.test.patch
new file mode 100644
index 0000000..01d4c8b
--- /dev/null
+++ b/poky/meta/recipes-devtools/quilt/quilt/0001-test-Fix-a-race-condition-in-merge.test.patch
@@ -0,0 +1,48 @@
+From c1ce964f3e9312100a60f03c1e1fdd601e1911f2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Tue, 28 Feb 2023 18:45:15 +0100
+Subject: [PATCH] test: Fix a race condition in merge.test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Just like commit 4dfe7f9, (test: Fix a race condition, 2023-01-20),
+this fix a test race when stdout and stderr in any order.
+
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/quilt.git/commit/?id=c1ce964f3e9312100a60f03c1e1fdd601e1911f2]
+Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+---
+ test/merge.test | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/test/merge.test b/test/merge.test
+index c64b33d..2e67d4f 100644
+--- a/test/merge.test
++++ b/test/merge.test
+@@ -39,8 +39,9 @@ Test the patch merging functionality of `quilt diff'.
+ > Applying patch %{P}c.diff
+ > Now at patch %{P}c.diff
+
+- $ quilt diff -P b.diff | grep -v "^\\(---\\|+++\\)"
++ $ quilt diff -P b.diff >/dev/null
+ > Warning: more recent patches modify files in patch %{P}b.diff
++ $ quilt diff -P b.diff 2>/dev/null | grep -v "^\\(---\\|+++\\)"
+ >~ Index: [^/]+/abc\.txt
+ > ===================================================================
+ > @@ -1,3 +1,3 @@
+@@ -49,8 +50,9 @@ Test the patch merging functionality of `quilt diff'.
+ > +b+
+ > c
+
+- $ quilt diff --combine a.diff -P b.diff | grep -v "^\\(---\\|+++\\)"
++ $ quilt diff --combine a.diff -P b.diff >/dev/null
+ > Warning: more recent patches modify files in patch %{P}b.diff
++ $ quilt diff --combine a.diff -P b.diff 2>/dev/null | grep -v "^\\(---\\|+++\\)"
+ >~ Index: [^/]+/abc\.txt
+ > ===================================================================
+ > @@ -1,3 +1,3 @@
+--
+2.40.0
+
diff --git a/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28755.patch b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28755.patch
new file mode 100644
index 0000000..d611c41
--- /dev/null
+++ b/poky/meta/recipes-devtools/ruby/ruby/CVE-2023-28755.patch
@@ -0,0 +1,68 @@
+From db4bb57d4af6d097a0c29490536793d95f1d8983 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Mon, 24 Apr 2023 08:27:24 +0000
+Subject: [PATCH] Merge URI-0.12.1
+
+CVE: CVE-2023-28755
+
+Upstream-Status: Backport [https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/uri/rfc3986_parser.rb | 4 ++--
+ lib/uri/version.rb | 2 +-
+ test/uri/test_common.rb | 11 +++++++++++
+ 3 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
+index 3e07de4..3c89311 100644
+--- a/lib/uri/rfc3986_parser.rb
++++ b/lib/uri/rfc3986_parser.rb
+@@ -3,8 +3,8 @@ module URI
+ class RFC3986_Parser # :nodoc:
+ # URI defined in RFC3986
+ # this regexp is modified not to host is not empty string
+- RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
+- RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+)\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
++ RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])*+))(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
++ RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
+ attr_reader :regexp
+
+ def initialize
+diff --git a/lib/uri/version.rb b/lib/uri/version.rb
+index 82188e2..7497a7d 100644
+--- a/lib/uri/version.rb
++++ b/lib/uri/version.rb
+@@ -1,6 +1,6 @@
+ module URI
+ # :stopdoc:
+- VERSION_CODE = '001100'.freeze
++ VERSION_CODE = '001201'.freeze
+ VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
+ # :startdoc:
+ end
+diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb
+index 5e30cda..1d34783 100644
+--- a/test/uri/test_common.rb
++++ b/test/uri/test_common.rb
+@@ -78,6 +78,17 @@ class TestCommon < Test::Unit::TestCase
+ assert_raise(NoMethodError) { Object.new.URI("http://www.ruby-lang.org/") }
+ end
+
++ def test_parse_timeout
++ pre = ->(n) {
++ 'https://example.com/dir/' + 'a' * (n * 100) + '/##.jpg'
++ }
++ assert_linear_performance((1..10).map {|i| i * 100}, rehearsal: 1000, pre: pre) do |uri|
++ assert_raise(URI::InvalidURIError) do
++ URI.parse(uri)
++ end
++ end
++ end
++
+ def test_encode_www_form_component
+ assert_equal("%00+%21%22%23%24%25%26%27%28%29*%2B%2C-.%2F09%3A%3B%3C%3D%3E%3F%40" \
+ "AZ%5B%5C%5D%5E_%60az%7B%7C%7D%7E",
+--
+2.35.5
+
diff --git a/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 92efc5d..7203050 100644
--- a/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/poky/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -30,6 +30,7 @@
file://0006-Make-gemspecs-reproducible.patch \
file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
file://CVE-2023-28756.patch \
+ file://CVE-2023-28755.patch \
"
UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
diff --git a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
index 7f72f33..b6b81d5 100644
--- a/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
+++ b/poky/meta/recipes-devtools/run-postinsts/run-postinsts/run-postinsts.service
@@ -1,7 +1,7 @@
[Unit]
Description=Run pending postinsts
DefaultDependencies=no
-After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount
+After=systemd-remount-fs.service systemd-tmpfiles-setup.service tmp.mount ldconfig.service
Before=sysinit.target
[Service]
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
new file mode 100644
index 0000000..4b96e43
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
@@ -0,0 +1,39 @@
+From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001
+From: Stefano Babic <sbabic@denx.de>
+Date: Fri, 28 Jul 2017 13:20:52 +0200
+Subject: [PATCH] Wrong CRC with ASCII CRC for large files
+
+Due to signedness, the checksum is not computed when filesize is bigger
+a 2GB.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html]
+Signed-off-by: Stefano Babic <sbabic@denx.de>
+---
+ src/copyout.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..727aeca 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -34,13 +34,13 @@
+ compute and return a checksum for them. */
+
+ static uint32_t
+-read_for_checksum (int in_file_des, int file_size, char *file_name)
++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name)
+ {
+ uint32_t crc;
+ char buf[BUFSIZ];
+- int bytes_left;
+- int bytes_read;
+- int i;
++ unsigned int bytes_left;
++ unsigned int bytes_read;
++ unsigned int i;
+
+ crc = 0;
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.13.bb b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
index e72a114..dd35410 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.13.bb
@@ -10,6 +10,7 @@
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \
file://CVE-2021-38185.patch \
+ file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \
"
SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810"
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
new file mode 100644
index 0000000..9b057d6
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
@@ -0,0 +1,60 @@
+From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Fri, 24 Mar 2023 13:19:57 +0000
+Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
+
+Bug #706494 "Buffer Overflow in s_xBCPE_process"
+
+As described in detail in the bug report, if the write buffer is filled
+to one byte less than full, and we then try to write an escaped
+character, we overrun the buffer because we don't check before
+writing two bytes to it.
+
+This just checks if we have two bytes before starting to write an
+escaped character and exits if we don't (replacing the consumed byte
+of the input).
+
+Up for further discussion; why do we even permit a BCP encoding filter
+anyway ? I think we should remove this, at least when SAFER is true.
+---
+CVE: CVE-2023-28879
+
+Upstream-Status: Backport [see text]
+
+git://git.ghostscript.com/ghostpdl
+cherry-pick
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ base/sbcp.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/base/sbcp.c b/base/sbcp.c
+index 979ae0992..47fc233ec 100644
+--- a/base/sbcp.c
++++ b/base/sbcp.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2001-2021 Artifex Software, Inc.
++/* Copyright (C) 2001-2023 Artifex Software, Inc.
+ All Rights Reserved.
+
+ This software is provided AS-IS with no warranty, either express or
+@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
+ byte ch = *++p;
+
+ if (ch <= 31 && escaped[ch]) {
++ /* Make sure we have space to store two characters in the write buffer,
++ * if we don't then exit without consuming the input character, we'll process
++ * that on the next time round.
++ */
++ if (pw->limit - q < 2) {
++ p--;
++ break;
++ }
+ if (p == rlimit) {
+ p--;
+ break;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 365420f..f29c57b 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -34,6 +34,7 @@
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://CVE-2022-2085.patch \
+ file://cve-2023-28879.patch \
"
SRC_URI = "${SRC_URI_BASE} \
diff --git a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index acc84de..ffcc103 100644
--- a/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/poky/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -7,11 +7,7 @@
DEPENDS = "e2fsprogs-native"
-PACKAGECONFIG ?= "zlib bz2 xz lzo zstd"
-
-PACKAGECONFIG:append:class-target = "\
- ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \
-"
+PACKAGECONFIG ?= "zlib bz2 xz lzo zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}"
DEPENDS_BZIP2 = "bzip2-replacement-native"
DEPENDS_BZIP2:class-target = "bzip2"
diff --git a/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
new file mode 100644
index 0000000..94dcb04
--- /dev/null
+++ b/poky/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
@@ -0,0 +1,108 @@
+From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
+From: Per Jessen <per@jessen.ch>
+Date: Fri, 22 Apr 2022 18:15:36 +0200
+Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
+
+When using scandir() to look for MOTD files to display, we wrongly
+relied on all filesystems providing a filetype. This is a fix to divert
+to lstat() when we have no filetype. To maintain MT safety, it isn't
+possible to use lstat() in the scandir() filter function, so all of the
+filtering has been moved to an additional loop after scanning all the
+motd dirs.
+Also, remove superfluous alphasort from scandir(), we are doing
+a qsort() later.
+
+Resolves: https://github.com/linux-pam/linux-pam/issues/455
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
+
+Signed-off-by: Per Jessen <per@jessen.ch>
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++-------
+ 1 file changed, 40 insertions(+), 9 deletions(-)
+
+diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
+index 6ac8cba2..5ca486e4 100644
+--- a/modules/pam_motd/pam_motd.c
++++ b/modules/pam_motd/pam_motd.c
+@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
+ }
+ }
+
+-static int filter_dirents(const struct dirent *d)
+-{
+- return (d->d_type == DT_REG || d->d_type == DT_LNK);
+-}
+-
+ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
+ {
+@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+
+ for (i = 0; i < num_motd_dirs; i++) {
+ int rv;
+- rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
+- filter_dirents, alphasort);
++ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
+ if (rv < 0) {
+ if (errno != ENOENT || report_missing) {
+ pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
+@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ if (dirscans_size_total == 0)
+ goto out;
+
++ /* filter out unwanted names, directories, and complement data with lstat() */
++ for (i = 0; i < num_motd_dirs; i++) {
++ struct dirent **d = dirscans[i];
++ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
++ int rc;
++ char *fullpath;
++ struct stat s;
++
++ switch(d[j]->d_type) { /* the filetype determines how to proceed */
++ case DT_REG: /* regular files and */
++ case DT_LNK: /* symlinks */
++ continue; /* are good. */
++ case DT_UNKNOWN: /* for file systems that do not provide */
++ /* a filetype, we use lstat() */
++ if (join_dir_strings(&fullpath, motd_dir_path_split[i],
++ d[j]->d_name) <= 0)
++ break;
++ rc = lstat(fullpath, &s);
++ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */
++ if (rc != 0) /* if the lstat() somehow failed */
++ break;
++
++ if (S_ISREG(s.st_mode) || /* regular files and */
++ S_ISLNK(s.st_mode)) continue; /* symlinks are good */
++ break;
++ case DT_DIR: /* We don't want directories */
++ default: /* nor anything else */
++ break;
++ }
++ _pam_drop(d[j]); /* free memory */
++ d[j] = NULL; /* indicate this one was dropped */
++ dirscans_size_total--;
++ }
++ }
++
+ /* Allocate space for all file names found in the directories, including duplicates. */
+ if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
+@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ unsigned int j;
+
+ for (j = 0; j < dirscans_sizes[i]; j++) {
+- dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
+- i_dirnames++;
++ if (NULL != dirscans[i][j]) {
++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
++ i_dirnames++;
++ }
+ }
+ }
+
+--
+2.39.0
+
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
new file mode 100644
index 0000000..3a12f7a
--- /dev/null
+++ b/poky/meta/recipes-extended/sysstat/sysstat/CVE-2023-33204.patch
@@ -0,0 +1,80 @@
+From e806a902cc90a0b87da00854de8d5fd8222540fc Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov <pkopylov@>
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+
+Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/954ff2e2673c]
+CVE: CVE-2023-33204
+
+Signed-off-by: Xiangyu Chen <xiangyu.chen@...>
+Signed-off-by: Sanjay Chitroda <schitrod@...>
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ common.c | 18 ++++++++++--------
+ common.h | 2 +-
+ sa_common.c | 4 ++--
+ 3 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/common.c b/common.c
+index db9b0ed..e05c5bb 100644
+--- a/common.c
++++ b/common.c
+@@ -1640,17 +1640,19 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+ * @val3 Third value.
+ ***************************************************************************
+ */
+-void check_overflow(size_t val1, size_t val2, size_t val3)
++void check_overflow(unsigned int val1, unsigned int val2,
++ unsigned int val3)
+ {
+- if ((unsigned long long) val1 *
+- (unsigned long long) val2 *
+- (unsigned long long) val3 > UINT_MAX) {
++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++ (((unsigned long long) UINT_MAX / (unsigned long long) val1 <
++ (unsigned long long) val2) ||
++ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) <
++ (unsigned long long) val3))) {
+ #ifdef DEBUG
+- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+- __FUNCTION__,
+- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n",
++ __FUNCTION__, val1, val2, val3);
+ #endif
+- exit(4);
++ exit(4);
+ }
+ }
+
+diff --git a/common.h b/common.h
+index 0ac5896..b2ffe9f 100644
+--- a/common.h
++++ b/common.h
+@@ -256,7 +256,7 @@ int check_dir
+
+ #ifndef SOURCE_SADC
+ void check_overflow
+- (size_t, size_t, size_t);
++ (unsigned int, unsigned int, unsigned int);
+ int count_bits
+ (void *, int);
+ int count_csvalues
+diff --git a/sa_common.c b/sa_common.c
+index 1b8fcaa..1144cfe 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -452,8 +452,8 @@ void allocate_structures(struct activity *act[])
+ if (act[i]->nr_ini > 0) {
+
+ /* Look for a possible overflow */
+- check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
+- (size_t) act[i]->nr2);
++ check_overflow((unsigned int) act[i]->msize, (unsigned int) act[i]->nr_ini,
++ (unsigned int) act[i]->nr2);
+
+ for (j = 0; j < 3; j++) {
+ SREALLOC(act[i]->buf[j], void,
+--
+2.25.1
+
diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
index 3a3d1fb..f8a950e 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
+++ b/poky/meta/recipes-extended/sysstat/sysstat_12.4.5.bb
@@ -3,6 +3,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
SRC_URI += "file://0001-configure.in-remove-check-for-chkconfig.patch \
- file://CVE-2022-39377.patch"
-
+ file://CVE-2022-39377.patch \
+ file://CVE-2023-33204.patch \
+ "
SRC_URI[sha256sum] = "ef445acea301bbb996e410842f6290a8d049e884d4868cfef7e85dc04b7eee5b"
diff --git a/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
new file mode 100644
index 0000000..f600309
--- /dev/null
+++ b/poky/meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
@@ -0,0 +1,41 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+
+Upstream-Status: Backport [https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611]
+CVE: CVE-2023-2004
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/truetype/ttgxvar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
+index 7f2db0c..8968111 100644
+--- a/src/truetype/ttgxvar.c
++++ b/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include <ft2build.h>
+ #include <freetype/internal/ftdebug.h>
+ #include FT_CONFIG_CONFIG_H
++#include <freetype/internal/ftcalc.h>
+ #include <freetype/internal/ftstream.h>
+ #include <freetype/internal/sfnt.h>
+ #include <freetype/tttags.h>
+@@ -1147,7 +1148,7 @@
+ delta == 1 ? "" : "s",
+ vertical ? "VVAR" : "HVAR" ));
+
+- *avalue += delta;
++ *avalue = ADD_INT( *avalue, delta );
+
+ Exit:
+ return error;
+--
+2.25.1
+
diff --git a/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb
index d425e16..29f4d8d 100644
--- a/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb
+++ b/poky/meta/recipes-graphics/freetype/freetype_2.11.1.bb
@@ -16,6 +16,7 @@
file://CVE-2022-27404.patch \
file://CVE-2022-27405.patch \
file://CVE-2022-27406.patch \
+ file://CVE-2023-2004.patch \
"
SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8"
diff --git a/poky/meta/recipes-graphics/piglit/piglit/0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch b/poky/meta/recipes-graphics/piglit/piglit/0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch
similarity index 100%
rename from poky/meta/recipes-graphics/piglit/piglit/0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch
rename to poky/meta/recipes-graphics/piglit/piglit/0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch
diff --git a/poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch b/poky/meta/recipes-graphics/piglit/piglit/0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
similarity index 100%
rename from poky/meta/recipes-graphics/piglit/piglit/0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
rename to poky/meta/recipes-graphics/piglit/piglit/0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch
diff --git a/poky/meta/recipes-graphics/piglit/piglit/0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch b/poky/meta/recipes-graphics/piglit/piglit/0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch
new file mode 100644
index 0000000..ef6fda0
--- /dev/null
+++ b/poky/meta/recipes-graphics/piglit/piglit/0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch
@@ -0,0 +1,32 @@
+From 13ff43fe760ac343b33d8e8c84b89886aac07116 Mon Sep 17 00:00:00 2001
+From: Tom Hochstein <tom.hochstein@nxp.com>
+Date: Fri, 3 Jun 2022 10:44:29 -0500
+Subject: [PATCH] cmake: Don't enable GLX if tests are disabled
+
+Allow building for systems that don't support GLX.
+
+Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/piglit/-/merge_requests/720]
+Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
+---
+ CMakeLists.txt | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index e1aeb5ddf..85e171aba 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -134,10 +134,7 @@ if(PIGLIT_BUILD_CL_TESTS)
+ endif(PIGLIT_BUILD_CL_TESTS)
+
+ IF(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+- if(X11_FOUND AND OPENGL_gl_LIBRARY)
+- # Assume the system has GLX. In the future, systems may exist
+- # with libGL and libX11 but no GLX, but that world hasn't
+- # arrived yet.
++ if(X11_FOUND AND OPENGL_gl_LIBRARY AND PIGLIT_BUILD_GLX_TESTS)
+ set(PIGLIT_HAS_GLX True)
+ add_definitions(-DPIGLIT_HAS_GLX)
+ endif()
+--
+2.17.1
+
diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb
index 3ae7a14..78a5d62 100644
--- a/poky/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb
@@ -8,10 +8,11 @@
SRC_URI = "git://gitlab.freedesktop.org/mesa/piglit.git;protocol=https;branch=main \
file://0001-cmake-install-bash-completions-in-the-right-place.patch \
- file://0001-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \
file://0001-Add-a-missing-include-for-htobe32-definition.patch \
- file://0002-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch \
- "
+ file://0002-cmake-use-proper-WAYLAND_INCLUDE_DIRS-variable.patch \
+ file://0003-tests-util-piglit-shader.c-do-not-hardcode-build-pat.patch \
+ file://0005-cmake-Don-t-enable-GLX-if-tests-are-disabled.patch"
+
UPSTREAM_CHECK_COMMITS = "1"
SRCREV = "2f80c7cc9c02d37574dc8ba3140b7dd8eb3cbf82"
@@ -36,10 +37,12 @@
export TEMP = "${B}/temp/"
do_compile[dirs] =+ "${B}/temp/"
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}"
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 glx', '', d)}"
PACKAGECONFIG[freeglut] = "-DPIGLIT_USE_GLUT=1,-DPIGLIT_USE_GLUT=0,freeglut,"
+PACKAGECONFIG[glx] = "-DPIGLIT_BUILD_GLX_TESTS=ON,-DPIGLIT_BUILD_GLX_TESTS=OFF"
+PACKAGECONFIG[opencl] = "-DPIGLIT_BUILD_CL_TESTS=ON,-DPIGLIT_BUILD_CL_TESTS=OFF,virtual/opencl-icd"
PACKAGECONFIG[x11] = "-DPIGLIT_BUILD_GL_TESTS=ON,-DPIGLIT_BUILD_GL_TESTS=OFF,${X11_DEPS}, ${X11_RDEPS}"
-PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,vulkan-loader"
+PACKAGECONFIG[vulkan] = "-DPIGLIT_BUILD_VK_TESTS=ON,-DPIGLIT_BUILD_VK_TESTS=OFF,glslang-native vulkan-loader,glslang"
export PIGLIT_BUILD_DIR = "../../../../git"
diff --git a/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch b/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch
index 1b62db9..4b3a0e7 100644
--- a/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch
+++ b/poky/meta/recipes-graphics/waffle/waffle/0001-meson.build-request-native-wayland-scanner.patch
@@ -1,4 +1,4 @@
-From 2195cec1e5bc66128d72049c11ff381ca4516a4b Mon Sep 17 00:00:00 2001
+From 0961787d2bf0d359a3ead89e9cec642818b32dea Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Tue, 5 Jul 2022 11:51:39 +0200
Subject: [PATCH] meson.build: request native wayland-scanner
@@ -8,15 +8,16 @@
Upstream-Status: Submitted [https://gitlab.freedesktop.org/mesa/waffle/-/merge_requests/110]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
-index 0bb6128..0b6da1f 100644
+index ca6a212..3177bde 100644
--- a/meson.build
+++ b/meson.build
-@@ -108,7 +108,7 @@ else
+@@ -110,7 +110,7 @@ else
'wayland-egl', version : '>= 9.1', required : get_option('wayland'),
)
dep_wayland_scanner = dependency(
@@ -24,4 +25,4 @@
+ 'wayland-scanner', version : '>= 1.15', required : get_option('wayland'), native: true,
)
if dep_wayland_scanner.found()
- prog_wayland_scanner = find_program(dep_wayland_scanner.get_pkgconfig_variable('wayland_scanner'))
+ prog_wayland_scanner = find_program(dep_wayland_scanner.get_variable(pkgconfig: 'wayland_scanner'))
diff --git a/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch b/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch
index 24b2de5..60e6318 100644
--- a/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch
+++ b/poky/meta/recipes-graphics/waffle/waffle/0001-waffle-do-not-make-core-protocol-into-the-library.patch
@@ -1,4 +1,4 @@
-From 7610ec4b572d3a54d30fca6798f0c406f3fd8a46 Mon Sep 17 00:00:00 2001
+From 71f9399d6cea1e2e885a98b98d82eb628832a86e Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Tue, 26 Oct 2021 08:52:17 +0200
Subject: [PATCH] waffle: do not make core protocol into the library
@@ -9,28 +9,13 @@
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- meson.build | 4 ----
- src/waffle/meson.build | 7 -------
- 2 files changed, 11 deletions(-)
-diff --git a/meson.build b/meson.build
-index ffc02ff..0bb6128 100644
---- a/meson.build
-+++ b/meson.build
-@@ -104,10 +104,6 @@ else
- dep_wayland_client = dependency(
- 'wayland-client', version : '>= 1.10', required : get_option('wayland'),
- )
-- if dep_wayland_client.found()
-- wayland_core_xml = join_paths(dep_wayland_client.get_pkgconfig_variable('pkgdatadir'),
-- 'wayland.xml')
-- endif
- dep_wayland_egl = dependency(
- 'wayland-egl', version : '>= 9.1', required : get_option('wayland'),
- )
+---
+ src/waffle/meson.build | 7 -------
+ 1 file changed, 7 deletions(-)
+
diff --git a/src/waffle/meson.build b/src/waffle/meson.build
-index 01898c8..6245868 100644
+index e2636c7..3ff5762 100644
--- a/src/waffle/meson.build
+++ b/src/waffle/meson.build
@@ -88,12 +88,6 @@ if build_surfaceless
diff --git a/poky/meta/recipes-graphics/waffle/waffle_1.7.0.bb b/poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb
similarity index 91%
rename from poky/meta/recipes-graphics/waffle/waffle_1.7.0.bb
rename to poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb
index dc47590..cb917d8 100644
--- a/poky/meta/recipes-graphics/waffle/waffle_1.7.0.bb
+++ b/poky/meta/recipes-graphics/waffle/waffle_1.7.2.bb
@@ -9,16 +9,16 @@
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \
file://include/waffle-1/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf"
-SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=master \
+SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=maint-1.7 \
file://0001-waffle-do-not-make-core-protocol-into-the-library.patch \
file://0001-meson.build-request-native-wayland-scanner.patch \
"
-SRCREV = "905c6c10f2483adf0cbfa024e2d3c2ed541fb300"
+SRCREV = "f3b42a7216105498842bc6ba77d8481b90d6f5f9"
S = "${WORKDIR}/git"
inherit meson features_check lib_package bash-completion pkgconfig
-DEPENDS:append = " python3 cmake-native"
+DEPENDS:append = " python3"
# This should be overridden per-machine to reflect the capabilities of the GL
# stack.
@@ -47,5 +47,5 @@
# TODO: optionally build manpages and examples
do_install:append() {
- sed -i -e "s,${WORKDIR},,g" ${D}/${libdir}/cmake/Waffle/WaffleConfig.cmake
+ rm -rf ${D}${datadir}/zsh
}
diff --git a/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb
index f81a33f..e09f94d 100644
--- a/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb
+++ b/poky/meta/recipes-graphics/wayland/weston_10.0.2.bb
@@ -74,7 +74,7 @@
# Weston with systemd-login support
PACKAGECONFIG[systemd] = "-Dsystemd=true -Dlauncher-logind=true,-Dsystemd=false -Dlauncher-logind=false,systemd dbus"
# Weston with Xwayland support (requires X11 and Wayland)
-PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false"
+PACKAGECONFIG[xwayland] = "-Dxwayland=true,-Dxwayland=false,xwayland"
# colord CMS support
PACKAGECONFIG[colord] = "-Dcolor-management-colord=true,-Dcolor-management-colord=false,colord"
# Clients support
diff --git a/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb b/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.15.bb
similarity index 67%
rename from poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb
rename to poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.15.bb
index 4f0a5d7..22e322a 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.13.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libxpm_3.5.15.bb
@@ -11,17 +11,19 @@
protocol."
LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=51f4270b012ecd4ab1a164f5f4ed6cf7"
+LIC_FILES_CHKSUM = "file://COPYING;md5=903942ebc9d807dfb68540f40bae5aff"
DEPENDS += "libxext libsm libxt gettext-native"
PE = "1"
XORG_PN = "libXpm"
+XORG_EXT = "tar.xz"
+EXTRA_OECONF += "--disable-open-zfile"
PACKAGES =+ "sxpm cxpm"
FILES:cxpm = "${bindir}/cxpm"
FILES:sxpm = "${bindir}/sxpm"
-SRC_URI[md5sum] = "6f0ecf8d103d528cfc803aa475137afa"
-SRC_URI[sha256sum] = "9cd1da57588b6cb71450eff2273ef6b657537a9ac4d02d0014228845b935ac25"
+SRC_URI[md5sum] = "b3c58c94e284fd6940d3615e660a0007"
+SRC_URI[sha256sum] = "60bb906c5c317a6db863e39b69c4a83fdbd2ae2154fcf47640f8fefc9fdfd1c1"
BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc b/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc
index 60bc8c7..68137c4 100644
--- a/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc
+++ b/poky/meta/recipes-graphics/xorg-lib/xorg-lib-common.inc
@@ -6,8 +6,9 @@
DEPENDS = "util-macros"
XORG_PN = "${BPN}"
+XORG_EXT ?= "tar.bz2"
-SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.bz2"
+SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.${XORG_EXT}"
S = "${WORKDIR}/${XORG_PN}-${PV}"
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
similarity index 91%
rename from poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
rename to poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 212c7d3..19db7ea 100644
--- a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -3,7 +3,7 @@
SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
"
-SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
+SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
similarity index 99%
rename from poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
rename to poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
index bf5d4f5..7412c02 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
@@ -108,7 +108,7 @@
file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
- file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+ file://LICENCE.qat_firmware;md5=72de83dfd9b87be7685ed099a39fbea4 \
file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
@@ -134,7 +134,7 @@
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22"
+WHENCE_CHKSUM = "0782deea054d4b1b7f10c92c3a245da4"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a"
+SRC_URI[sha256sum] = "c3f9ad2bb5311cce2490f37a8052f836703d6936aabd840246b6576f1f71f607"
inherit allarch
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion.inc b/poky/meta/recipes-kernel/linux/cve-exclusion.inc
new file mode 100644
index 0000000..45b7a3d
--- /dev/null
+++ b/poky/meta/recipes-kernel/linux/cve-exclusion.inc
@@ -0,0 +1,875 @@
+# Kernel CVE exclusion file
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_IGNORE += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4135
+# Patched in kernel since v5.16 481221775d53d6215a6e5e9ce1cce6d2b4ab9a46
+# Backported in version v5.4.168 699e794c12a3cd79045ff135bc87a53b97024e43
+# Backported in version v5.10.88 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8
+# Backported in version v5.15.11 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0
+CVE_CHECK_IGNORE += "CVE-2021-4135"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4155
+# Patched in kernel since v5.16 983d8e60f50806f90534cc5373d0ce867e5aaf79
+# Backported in version v5.4.171 102af6edfd3a372db6e229177762a91f552e5f5e
+# Backported in version v5.10.91 16d8568378f9ee2d1e69216d39961aa72710209f
+# Backported in version v5.15.14 b0e72ba9e520b95346e68800afff0db65e766ca8
+CVE_CHECK_IGNORE += "CVE-2021-4155"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0168
+# Patched in kernel since v5.18 b92e358757b91c2827af112cae9af513f26a3f34
+# Backported in version v5.10.110 9963ccea6087268e1275b992dca5d0dd4b938765
+# Backported in version v5.15.33 f143f8334fb9eb2f6c7c15b9da1472d9c965fd84
+CVE_CHECK_IGNORE += "CVE-2022-0168"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0171
+# Patched in kernel since v5.18 683412ccf61294d727ead4a73d97397396e69a6b
+# Backported in version v5.10.146 a60babeb60ff276963d4756c7fd2e7bf242bb777
+# Backported in version v5.15.70 39b0235284c7aa33a64e07b825add7a2c108094a
+CVE_CHECK_IGNORE += "CVE-2022-0171"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1016
+# Patched in kernel since v5.18 4c905f6740a365464e91467aa50916555b28213d
+# Backported in version v5.4.188 06f0ff82c70241a766a811ae1acf07d6e2734dcb
+# Backported in version v5.10.109 2c74374c2e88c7b7992bf808d9f9391f7452f9d9
+# Backported in version v5.15.32 fafb904156fbb8f1dd34970cd5223e00b47c33be
+CVE_CHECK_IGNORE += "CVE-2022-1016"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Patched in kernel since v6.1 61a1d87a324ad5e3ed27c6699dfc93218fcf3201
+# Backported in version v5.10.150 483831ad0440f62c10d1707c97ce824bd82d98ae
+# Backported in version v5.15.75 dd366295d1eca557e7a9000407ec3952f691d27b
+# Backported in version v5.19.17 edb71f055684f9023fd97e2f85c6f31380d163c1
+CVE_CHECK_IGNORE += "CVE-2022-1184"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1198
+# Patched in kernel since v5.17 efe4186e6a1b54bf38b9e05450d43b0da1fd7739
+# Backported in version v5.4.189 28c8fd84bea13cbf238d7b19d392de2fcc31331c
+# Backported in version v5.10.110 f67a1400788f550d201c71aeaf56706afe57f0da
+# Backported in version v5.15.33 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1
+CVE_CHECK_IGNORE += "CVE-2022-1198"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1199
+# Patched in kernel since v5.17 71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac
+# Backported in version v5.4.185 0a64aea5fe023cf1e4973676b11f49038b1f045b
+# Backported in version v5.10.106 e2201ef32f933944ee02e59205adb566bafcdf91
+# Backported in version v5.15.29 46ad629e58ce3a88c924ff3c5a7e9129b0df5659
+CVE_CHECK_IGNORE += "CVE-2022-1199"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_IGNORE += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1734
+# Patched in kernel since v5.18 d270453a0d9ec10bb8a802a142fb1b3601a83098
+# Backported in version v5.4.193 33d3e76fc7a7037f402246c824d750542e2eb37f
+# Backported in version v5.10.115 1961c5a688edb53fe3bc25cbda57f47adf12563c
+# Backported in version v5.15.39 b8f2b836e7d0a553b886654e8b3925a85862d2eb
+CVE_CHECK_IGNORE += "CVE-2022-1734"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1852
+# Patched in kernel since v5.19 fee060cd52d69c114b62d1a2948ea9648b5131f9
+# Backported in version v5.10.120 3d8fc6e28f321d753ab727e3c3e740daf36a8fa3
+# Backported in version v5.15.45 531d1070d864c78283b7597449e60ddc53319d88
+CVE_CHECK_IGNORE += "CVE-2022-1852"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1882
+# Patched in kernel since v5.19 353f7988dd8413c47718f7ca79c030b6fb62cfe5
+# Backported in version v5.10.134 0adf21eec59040b31af113e626efd85eb153c728
+# Backported in version v5.15.58 ba3a8af8a21a81cfd0c8c689a81261caba934f97
+CVE_CHECK_IGNORE += "CVE-2022-1882"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1998
+# Patched in kernel since v5.17 ee12595147ac1fbfb5bcb23837e26dd58d94b15d
+# Backported in version v5.10.97 7b4741644cf718c422187e74fb07661ef1d68e85
+# Backported in version v5.15.20 60765e43e40fbf7a1df828116172440510fcc3e4
+CVE_CHECK_IGNORE += "CVE-2022-1998"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2078
+# Patched in kernel since v5.19 fecf31ee395b0295f2d7260aa29946b7605f7c85
+# Backported in version v5.10.120 c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048
+# Backported in version v5.15.45 89ef50fe03a55feccf5681c237673a2f98161161
+CVE_CHECK_IGNORE += "CVE-2022-2078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
+# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
+# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
+# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
+# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
+# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
+CVE_CHECK_IGNORE += "CVE-2022-2196"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2318
+# Patched in kernel since v5.19 9cc02ede696272c5271a401e4f27c262359bc2f6
+# Backported in version v5.4.204 bb91556d2af066f8ca2e7fd8e334d652e731ee29
+# Backported in version v5.10.129 8f74cb27c2b4872fd14bf046201fa7b36a46885e
+# Backported in version v5.15.53 659d39545260100628d8a30020d09fb6bf63b915
+CVE_CHECK_IGNORE += "CVE-2022-2318"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2380
+# Patched in kernel since v5.18 bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8
+# Backported in version v5.4.189 478154be3a8c21ff106310bb1037b1fc9d81dc62
+# Backported in version v5.10.110 72af8810922eb143ed4f116db246789ead2d8543
+# Backported in version v5.15.33 46cdbff26c88fd75dccbf28df1d07cbe18007eac
+CVE_CHECK_IGNORE += "CVE-2022-2380"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2503
+# Patched in kernel since v5.19 4caae58406f8ceb741603eee460d79bacca9b1b5
+# Backported in version v5.4.197 fd2f7e9984850a0162bfb6948b98ffac9fb5fa58
+# Backported in version v5.10.120 8df42bcd364cc3b41105215d841792aea787b133
+# Backported in version v5.15.45 69712b170237ec5979f168149cd31e851a465853
+CVE_CHECK_IGNORE += "CVE-2022-2503"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Patched in kernel since v6.0 e8d5dfd1d8747b56077d02664a8838c71ced948e
+# Backported in version v5.4.215 d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2
+# Backported in version v5.10.146 9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d
+# Backported in version v5.15.71 dc33ffbc361e2579a8f31b8724ef85d4117440e4
+# Backported in version v5.19.12 510ea9eae5ee45f4e443023556532bda99387351
+CVE_CHECK_IGNORE += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2873
+# Patched in kernel since v6.2 39244cc754829bf707dccd12e2ce37510f5b1f8d
+# Backported in version v5.4.229 cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
+# Backported in version v5.10.163 9ac541a0898e8ec187a3fa7024b9701cffae6bf2
+# Backported in version v5.15.86 96c12fd0ec74641295e1c3c34dea3dce1b6c3422
+# Backported in version v6.1.2 233348a04becf133283f0076e20b317302de21d9
+CVE_CHECK_IGNORE += "CVE-2022-2873"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2905
+# Patched in kernel since v6.0 a657182a5c5150cdfacb6640aad1d2712571a409
+# Backported in version v5.10.140 e8979807178434db8ceaa84dfcd44363e71e50bb
+# Backported in version v5.15.64 4f672112f8665102a5842c170be1713f8ff95919
+# Backported in version v5.19.6 a36df92c7ff7ecde2fb362241d0ab024dddd0597
+CVE_CHECK_IGNORE += "CVE-2022-2905"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2959
+# Patched in kernel since v5.19 189b0ddc245139af81198d1a3637cac74f96e13a
+# Backported in version v5.10.120 8fbd54ab06c955d247c1a91d5d980cddc868f1e7
+# Backported in version v5.15.45 cf2fbc56c478a34a68ff1fa6ad08460054dfd499
+CVE_CHECK_IGNORE += "CVE-2022-2959"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3028
+# Patched in kernel since v6.0 ba953a9d89a00c078b85f4b190bc1dde66fe16b5
+# Backported in version v5.4.212 8ee27a4f0f1ad36d430221842767880df6494147
+# Backported in version v5.10.140 c5c4d4c9806dadac7bc82f9c29ef4e1b78894775
+# Backported in version v5.15.64 103bd319c0fc90f1cb013c3a508615e6df8af823
+# Backported in version v5.19.6 6901885656c029c976498290b52f67f2c251e6a0
+CVE_CHECK_IGNORE += "CVE-2022-3028"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3078
+# Patched in kernel since v5.18 e6a21a14106d9718aa4f8e115b1e474888eeba44
+# Backported in version v5.10.110 663e7a72871f89f7a10cc8d7b2f17f27c64e071d
+# Backported in version v5.15.33 9dd2fd7a1f84c947561af29424c5ddcecfcf2cbe
+CVE_CHECK_IGNORE += "CVE-2022-3078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3104
+# Patched in kernel since v5.19 4a9800c81d2f34afb66b4b42e0330ae8298019a2
+# Backported in version v5.10.122 56ac04f35fc5dc8b5b67a1fa2f7204282aa887d5
+# Backported in version v5.15.47 1aeeca2b8397e3805c16a4ff26bf3cc8485f9853
+CVE_CHECK_IGNORE += "CVE-2022-3104"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3105
+# Patched in kernel since v5.16 7694a7de22c53a312ea98960fcafc6ec62046531
+# Backported in version v5.4.171 7646a340b25bb68cfb6d2e087a608802346d0f7b
+# Backported in version v5.10.91 16e5cad6eca1e506c38c39dc256298643fa1852a
+# Backported in version v5.15.14 0ea8bb0811ba0ec22903cbb48ff2cd872382e8d4
+CVE_CHECK_IGNORE += "CVE-2022-3105"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3106
+# Patched in kernel since v5.16 407ecd1bd726f240123f704620d46e285ff30dd9
+# Backported in version v5.10.88 734a3f3106053ee41cecae2a995b3d4d0c246764
+# Backported in version v5.15.11 9a77c02d1d2147a76bd187af1bf5a34242662d12
+CVE_CHECK_IGNORE += "CVE-2022-3106"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3107
+# Patched in kernel since v5.17 886e44c9298a6b428ae046e2fa092ca52e822e6a
+# Backported in version v5.4.187 b01e2df5fbf68719dfb8e766c1ca6089234144c2
+# Backported in version v5.10.108 9b763ceda6f8963cc99df5772540c54ba46ba37c
+# Backported in version v5.15.31 ab0ab176183191cffc69fe9dd8ac6c8db23f60d3
+CVE_CHECK_IGNORE += "CVE-2022-3107"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3111
+# Patched in kernel since v5.18 6dee930f6f6776d1e5a7edf542c6863b47d9f078
+# Backported in version v5.4.189 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa
+# Backported in version v5.10.110 48d23ef90116c8c702bfa4cad93744e4e5588d7d
+# Backported in version v5.15.33 4124966fbd95eeecca26d52433f393e2b9649a33
+CVE_CHECK_IGNORE += "CVE-2022-3111"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3112
+# Patched in kernel since v5.18 c8c80c996182239ff9b05eda4db50184cf3b2e99
+# Backported in version v5.10.110 032b141a91a82a5f0107ce664a35b201e60c5ce1
+# Backported in version v5.15.33 b0b890dd8df3b9a2fe726826980b1cffe17b9679
+CVE_CHECK_IGNORE += "CVE-2022-3112"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3113
+# Patched in kernel since v5.18 e25a89f743b18c029bfbe5e1663ae0c7190912b0
+# Backported in version v5.10.110 bc2573abc691a269b54a6c14a2660f26d88876a5
+# Backported in version v5.15.33 0022dc8cafa5fcd156da8ae7bfc9ca99497bdffc
+CVE_CHECK_IGNORE += "CVE-2022-3113"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3115
+# Patched in kernel since v5.19 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33
+# Backported in version v5.4.198 fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f
+# Backported in version v5.10.121 b4c7dd0037e6aeecad9b947b30f0d9eaeda11762
+# Backported in version v5.15.46 4cb37f715f601cee5b026c6f9091a466266b5ba5
+CVE_CHECK_IGNORE += "CVE-2022-3115"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3202
+# Patched in kernel since v5.18 a53046291020ec41e09181396c1e829287b48d47
+# Backported in version v5.4.189 e19c3149a80e4fc8df298d6546640e01601f3758
+# Backported in version v5.10.111 b9c5ac0a15f24d63b20f899072fa6dd8c93af136
+# Backported in version v5.15.34 d925b7e78b62805fcc5440d1521181c82b6f03cb
+CVE_CHECK_IGNORE += "CVE-2022-3202"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3303
+# Patched in kernel since v6.0 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d
+# Backported in version v5.4.215 4051324a6dafd7053c74c475e80b3ba10ae672b0
+# Backported in version v5.10.148 fce793a056c604b41a298317cf704dae255f1b36
+# Backported in version v5.15.68 8015ef9e8a0ee5cecfd0cb6805834d007ab26f86
+# Backported in version v5.19.9 723ac5ab2891b6c10dd6cc78ef5456af593490eb
+CVE_CHECK_IGNORE += "CVE-2022-3303"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
+# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
+# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
+# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
+# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
+CVE_CHECK_IGNORE += "CVE-2022-3424"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_IGNORE += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3521
+# Patched in kernel since v6.1 ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
+# Backported in version v5.4.225 ad39d09190a545d0f05ae0a82900eee96c5facea
+# Backported in version v5.10.156 7deb7a9d33e4941c5ff190108146d3a56bf69e9d
+# Backported in version v5.15.80 27d706b0d394a907ff8c4f83ffef9d3e5817fa84
+CVE_CHECK_IGNORE += "CVE-2022-3521"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3545
+# Patched in kernel since v6.0 02e1a114fdb71e59ee6770294166c30d437bf86a
+# Backported in version v5.4.228 3c837460f920a63165961d2b88b425703f59affb
+# Backported in version v5.10.160 eb6313c12955c58c3d3d40f086c22e44ca1c9a1b
+# Backported in version v5.15.84 9d933af8fef33c32799b9f2d3ff6bf58a63d7f24
+CVE_CHECK_IGNORE += "CVE-2022-3545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.4.224 4cd094fd5d872862ca278e15b9b51b07e915ef3f
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_IGNORE += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3586
+# Patched in kernel since v6.0 9efd23297cca530bb35e1848665805d3fcdd7889
+# Backported in version v5.4.213 279c7668e354fa151d5fd2e8c42b5153a1de3135
+# Backported in version v5.10.143 2ee85ac1b29dbd2ebd2d8e5ac1dd5793235d516b
+# Backported in version v5.15.68 1a889da60afc017050e1f517b3b976b462846668
+# Backported in version v5.19.9 8f796f36f5ba839c11eb4685150ebeed496c546f
+CVE_CHECK_IGNORE += "CVE-2022-3586"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3594
+# Patched in kernel since v6.1 93e2be344a7db169b7119de21ac1bf253b8c6907
+# Backported in version v5.4.220 61fd56b0a1a3e923aced4455071177778dd59e88
+# Backported in version v5.10.150 484400d433ca1903a87268c55f019e932297538a
+# Backported in version v5.15.75 b3179865cf7e892b26eedab3d6c54b4747c774a2
+# Backported in version v5.19.17 2e896abccf99fef76691d8e1019bd44105a12e1f
+CVE_CHECK_IGNORE += "CVE-2022-3594"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_IGNORE += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_IGNORE += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_IGNORE += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_IGNORE += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_IGNORE += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_IGNORE += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_IGNORE += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3707
+# Patched in kernel since v6.2 4a61648af68f5ba4884f0e3b494ee1cabc4b6620
+# Backported in version v5.4.233 787ef0db014085df8691e5aeb58ab0bb081e5ff0
+# Backported in version v5.10.170 3d743415c6fb092167df6c23e9c7e9f6df7db625
+# Backported in version v5.15.96 0d3d5099a50badadad6837edda00e42149b2f657
+# Backported in version v6.1.5 1022519da69d99d455c58ca181a6c499c562c70e
+CVE_CHECK_IGNORE += "CVE-2022-3707"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4095
+# Patched in kernel since v6.0 e230a4455ac3e9b112f0367d1b8e255e141afae0
+# Backported in version v5.4.213 d0aac7146e96bf39e79c65087d21dfa02ef8db38
+# Backported in version v5.10.142 19e3f69d19801940abc2ac37c169882769ed9770
+# Backported in version v5.15.66 dc02aaf950015850e7589696521c7fca767cea77
+# Backported in version v5.19.8 b1727def850904e4b8ba384043775672841663a1
+CVE_CHECK_IGNORE += "CVE-2022-4095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4139
+# Patched in kernel since v6.1 04aa64375f48a5d430b5550d9271f8428883e550
+# Backported in version v5.4.226 3659e33c1e4f8cfc62c6c15aca5d797010c277a4
+# Backported in version v5.10.157 86f0082fb9470904b15546726417f28077088fee
+# Backported in version v5.15.81 ee2d04f23bbb16208045c3de545c6127aaa1ed0e
+CVE_CHECK_IGNORE += "CVE-2022-4139"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Patched in kernel since v6.2 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_IGNORE += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4662
+# Patched in kernel since v6.0 9c6d778800b921bde3bff3cff5003d1650f942d1
+# Backported in version v5.4.213 df1875084898b15cbc42f712e93d7f113ae6271b
+# Backported in version v5.10.142 abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8
+# Backported in version v5.15.66 c548b99e1c37db6f7df86ecfe9a1f895d6c5966e
+# Backported in version v5.19.8 d5eb850b3e8836197a38475840725260b9783e94
+CVE_CHECK_IGNORE += "CVE-2022-4662"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_IGNORE += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32250
+# Patched in kernel since v5.19 520778042ccca019f3ffa136dd0ca565c486cedd
+# Backported in version v5.4.198 f36736fbd48491a8d85cd22f4740d542c5a1546e
+# Backported in version v5.10.120 ea62d169b6e731e0b54abda1d692406f6bc6a696
+# Backported in version v5.15.45 f692bcffd1f2ce5488d24fbcb8eab5f351abf79d
+CVE_CHECK_IGNORE += "CVE-2022-32250"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32296
+# Patched in kernel since v5.18 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
+# Backported in version v5.4.201 c26e1addf15763ae404f4bbf131719a724e768ab
+# Backported in version v5.10.125 9429b75bc271b6f29e50dbb0ee0751800ff87dd9
+# Backported in version v5.15.41 952a238d779eea4ecb2f8deb5004c8f56be79bc9
+CVE_CHECK_IGNORE += "CVE-2022-32296"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32981
+# Patched in kernel since v5.19 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9
+# Backported in version v5.4.198 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b
+# Backported in version v5.10.122 3be74fc0afbeadc2aff8dc69f3bf9716fbe66486
+# Backported in version v5.15.47 2a0165d278973e30f2282c15c52d91788749d2d4
+CVE_CHECK_IGNORE += "CVE-2022-32981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_IGNORE += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_IGNORE += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_IGNORE += "CVE-2022-33742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33743
+# Patched in kernel since v5.19 f63c2c2032c2e3caad9add3b82cc6e91c376fd26
+# Backported in version v5.10.129 547b7c640df545a344358ede93e491a89194cdfa
+# Backported in version v5.15.53 1052fc2b7391a43b25168ae69ad658fff5170f04
+CVE_CHECK_IGNORE += "CVE-2022-33743"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33744
+# Patched in kernel since v5.19 b75cd218274e01d026dc5240e86fdeb44bbed0c8
+# Backported in version v5.4.204 5c03cad51b84fb26ccea7fd99130d8ec47949cfc
+# Backported in version v5.10.129 43c8d33ce353091f15312cb6de3531517d7bba90
+# Backported in version v5.15.53 9f83c8f6ab14bbf4311b70bf1b7290d131059101
+CVE_CHECK_IGNORE += "CVE-2022-33744"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33981
+# Patched in kernel since v5.18 233087ca063686964a53c829d547c7571e3f67bf
+# Backported in version v5.4.192 7dea5913000c6a2974a00d9af8e7ffb54e47eac1
+# Backported in version v5.10.114 54c028cfc49624bfc27a571b94edecc79bbaaab4
+# Backported in version v5.15.37 e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3
+CVE_CHECK_IGNORE += "CVE-2022-33981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-34918
+# Patched in kernel since v5.19 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
+# Backported in version v5.10.130 0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf
+# Backported in version v5.15.54 c1784d2075138992b00c17ab4ffc6d855171fe6d
+CVE_CHECK_IGNORE += "CVE-2022-34918"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36123
+# Patched in kernel since v5.19 38fa5479b41376dc9d7f57e71c83514285a25ca0
+# Backported in version v5.4.207 a3c7c1a726a4c6b63b85e8c183f207543fd75e1b
+# Backported in version v5.10.132 136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87
+# Backported in version v5.15.56 26bb7afc027ce6ac8ab6747babec674d55689ff0
+CVE_CHECK_IGNORE += "CVE-2022-36123"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36879
+# Patched in kernel since v5.19 f85daf0e725358be78dfd208dea5fd665d8cb901
+# Backported in version v5.4.208 f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20
+# Backported in version v5.10.134 47b696dd654450cdec3103a833e5bf29c4b83bfa
+# Backported in version v5.15.58 c8e32bca0676ac663266a3b16562cb017300adcd
+CVE_CHECK_IGNORE += "CVE-2022-36879"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36946
+# Patched in kernel since v5.19 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
+# Backported in version v5.4.209 52be29e8b6455788a4d0f501bd87aa679ca3ba3c
+# Backported in version v5.10.135 440dccd80f627e0e11ceb0429e4cdab61857d17e
+# Backported in version v5.15.59 91c11008aab0282957b8b8ccb0707d90e74cc3b9
+CVE_CHECK_IGNORE += "CVE-2022-36946"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39188
+# Patched in kernel since v5.19 b67fbebd4cf980aecbcc750e1462128bffe8ae15
+# Backported in version v5.4.212 c9c5501e815132530d741ec9fdd22657f91656bc
+# Backported in version v5.10.141 895428ee124ad70b9763259308354877b725c31d
+# Backported in version v5.15.65 3ffb97fce282df03723995f5eed6a559d008078e
+CVE_CHECK_IGNORE += "CVE-2022-39188"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39190
+# Patched in kernel since v6.0 e02f0d3970404bfea385b6edb86f2d936db0ea2b
+# Backported in version v5.10.140 c08a104a8bce832f6e7a4e8d9ac091777b9982ea
+# Backported in version v5.15.64 51f192ae71c3431aa69a988449ee2fd288e57648
+# Backported in version v5.19.6 fdca693fcf26c11596e7aa1e540af2b4a5288c76
+CVE_CHECK_IGNORE += "CVE-2022-39190"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39842
+# Patched in kernel since v5.19 a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
+# Backported in version v5.4.215 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9
+# Backported in version v5.10.145 06e194e1130c98f82d46beb40cdbc88a0d4fd6de
+# Backported in version v5.15.70 ab5140c6ddd7473509e12f468948de91138b124e
+CVE_CHECK_IGNORE += "CVE-2022-39842"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40307
+# Patched in kernel since v6.0 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
+# Backported in version v5.4.213 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997
+# Backported in version v5.10.143 918d9c4a4bdf5205f2fb3f64dddfb56c9a1d01d6
+# Backported in version v5.15.68 dd291e070be0eca8807476b022bda00c891d9066
+# Backported in version v5.19.9 d46815a8f26ca6db2336106a148265239f73b0af
+CVE_CHECK_IGNORE += "CVE-2022-40307"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40768
+# Patched in kernel since v6.1 6022f210461fef67e6e676fd8544ca02d1bcfa7a
+# Backported in version v5.4.218 20a5bde605979af270f94b9151f753ec2caf8b05
+# Backported in version v5.10.148 36b33c63515a93246487691046d18dd37a9f589b
+# Backported in version v5.15.74 76efb4897bc38b2f16176bae27ae801037ebf49a
+# Backported in version v5.19.16 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86
+CVE_CHECK_IGNORE += "CVE-2022-40768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41218
+# Patched in kernel since v6.2 fd3d91ab1c6ab0628fe642dd570b56302c30a792
+# Backported in version v5.4.229 a29d6213098816ed4574824b6adae94fb1c0457d
+# Backported in version v5.10.163 3df07728abde249e2d3f47cf22f134cb4d4f5fb1
+# Backported in version v5.15.87 8b45a3b19a2e909e830d09a90a7e1ec8601927d9
+# Backported in version v6.1.4 530ca64b44625f7d39eb1d5efb6f9ff21da991e2
+CVE_CHECK_IGNORE += "CVE-2022-41218"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41849
+# Patched in kernel since v6.1 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c
+# Backported in version v5.4.220 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c
+# Backported in version v5.10.150 e50472949604f385e09ce3fa4e74dce9f44fb19b
+# Backported in version v5.15.75 2b0897e33682a332167b7d355eec28693b62119e
+# Backported in version v5.19.17 02c871d44090c851b07770176f88c6f5564808a1
+CVE_CHECK_IGNORE += "CVE-2022-41849"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41850
+# Patched in kernel since v6.1 cacdb14b1c8d3804a3a7d31773bc7569837b71a4
+# Backported in version v5.4.220 e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd
+# Backported in version v5.10.150 dbcca76435a606a352c794956e6df62eedd3a353
+# Backported in version v5.15.75 c61786dc727d1850336d12c85a032c9a36ae396d
+# Backported in version v5.19.17 2d38886ae0365463cdba3db669170eef1e3d55c0
+CVE_CHECK_IGNORE += "CVE-2022-41850"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41858
+# Patched in kernel since v5.18 ec4eb8a86ade4d22633e1da2a7d85a846b7d1798
+# Backported in version v5.4.190 d05cd68ed8460cb158cc62c41ffe39fe0ca16169
+# Backported in version v5.10.112 ca24c5e8f0ac3d43ec0cff29e1c861be73aff165
+# Backported in version v5.15.35 efb020924a71391fc12e6f204eaf25694cc116a1
+CVE_CHECK_IGNORE += "CVE-2022-41858"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42328
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_IGNORE += "CVE-2022-42328"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42329
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_IGNORE += "CVE-2022-42329"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42703
+# Patched in kernel since v6.0 2555283eb40df89945557273121e9393ef9b542b
+# Backported in version v5.4.212 2fe3eee48899a890310177d54537d5b8e255eb31
+# Backported in version v5.10.141 98f401d36396134c0c86e9e3bd00b6b6b028b521
+# Backported in version v5.15.65 c18a209b56e37b2a60414f714bd70b084ef25835
+# Backported in version v5.19.7 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c
+CVE_CHECK_IGNORE += "CVE-2022-42703"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42721
+# Patched in kernel since v6.1 bcca852027e5878aec911a347407ecc88d6fff7f
+# Backported in version v5.4.218 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc
+# Backported in version v5.10.148 b0e5c5deb7880be5b8a459d584e13e1f9879d307
+# Backported in version v5.15.74 0a8ee682e4f992eccce226b012bba600bb2251e2
+# Backported in version v5.19.16 1d73c990e9bafc2754b1ced71345f73f5beb1781
+CVE_CHECK_IGNORE += "CVE-2022-42721"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42722
+# Patched in kernel since v6.1 b2d03cabe2b2e150ff5a381731ea0355459be09f
+# Backported in version v5.10.148 58c0306d0bcd5f541714bea8765d23111c9af68a
+# Backported in version v5.15.74 93a3a32554079432b49cf87f326607b2a2fab4f2
+# Backported in version v5.19.16 fa63b5f6f8853ace755d9a23fb75817d5ba20df5
+CVE_CHECK_IGNORE += "CVE-2022-42722"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+CVE_CHECK_IGNORE += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47518
+# Patched in kernel since v6.1 0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0
+# Backported in version v5.10.157 3eb6b89a4e9f9e44c3170d70d8d16c3c8dc8c800
+# Backported in version v5.15.81 7aed1dd5d221dabe3fe258f13ecf5fc7df393cbb
+CVE_CHECK_IGNORE += "CVE-2022-47518"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47519
+# Patched in kernel since v6.1 051ae669e4505abbe05165bebf6be7922de11f41
+# Backported in version v5.10.157 905f886eae4b065656a575e8a02544045cbaadcf
+# Backported in version v5.15.81 143232cb5a4c96d69a7d90b643568665463c6191
+CVE_CHECK_IGNORE += "CVE-2022-47519"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47520
+# Patched in kernel since v6.1 cd21d99e595ec1d8721e1058dcdd4f1f7de1d793
+# Backported in version v5.10.157 7c6535fb4d67ea37c98a1d1d24ca33dd5ec42693
+# Backported in version v5.15.81 cd9c4869710bb6e38cfae4478c23e64e91438442
+CVE_CHECK_IGNORE += "CVE-2022-47520"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47929
+# Patched in kernel since v6.2 96398560f26aa07e8f2969d73c8197e6a6d10407
+# Backported in version v5.4.229 9b83ec63d0de7b1f379daa1571e128bc7b9570f8
+# Backported in version v5.10.163 9f7bc28a6b8afc2274e25650511555e93f45470f
+# Backported in version v5.15.88 04941c1d5bb59d64165e09813de2947bdf6f4f28
+# Backported in version v6.1.6 e8988e878af693ac13b0fa80ba2e72d22d68f2dd
+CVE_CHECK_IGNORE += "CVE-2022-47929"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
+# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
+# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
+# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
+# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
+CVE_CHECK_IGNORE += "CVE-2023-0179"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_IGNORE += "CVE-2023-0394"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
+# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+CVE_CHECK_IGNORE += "CVE-2023-0461"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0590
+# Patched in kernel since v6.1 ebda44da44f6f309d302522b049f43d6f829f7aa
+# Backported in version v5.10.152 7aa3d623c11b9ab60f86b7833666e5d55bac4be9
+# Backported in version v5.15.76 ce1234573d183db1ebcab524668ca2d85543bf80
+CVE_CHECK_IGNORE += "CVE-2023-0590"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Patched in kernel since v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version v5.4.231 89e7fe3999e057c91f157b6ba663264f4cdfcb55
+# Backported in version v5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version v5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version v6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_CHECK_IGNORE += "CVE-2023-1073"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel since v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version v5.4.231 a7585028ac0a5836f39139c11594d79ede97d975
+# Backported in version v5.10.166 6ef652f35dcfaa1ab2b2cf6c1694718595148eee
+# Backported in version v5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version v6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_CHECK_IGNORE += "CVE-2023-1074"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel since v6.3 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version v5.4.235 084cd75643b61fb924f70cba98a71dea14942938
+# Backported in version v5.10.173 80a1751730b302d8ab63a084b2fa52c820ad0273
+# Backported in version v5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version v6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+# Backported in version v6.2.3 1099004ae1664703ec573fc4c61ffb24144bcb63
+CVE_CHECK_IGNORE += "CVE-2023-1077"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel since v6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version v5.4.232 ba38eacade35dd2316d77b37494e6e0c01bab595
+# Backported in version v5.10.168 c53f34ec3fbf3e9f67574118a6bb35ae1146f7ca
+# Backported in version v5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version v6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_CHECK_IGNORE += "CVE-2023-1078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_CHECK_IGNORE += "CVE-2023-1079"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1095
+# Patched in kernel since v6.0 580077855a40741cf511766129702d97ff02f4d9
+# Backported in version v5.4.211 a452bc3deb23bf93f8a13d3e24611b7ef39645dc
+# Backported in version v5.10.137 80977126bc20309f7f7bae6d8621356b393e8b41
+# Backported in version v5.15.61 8a2df34b5bf652566f2889d9fa321f3b398547ef
+# Backported in version v5.19.2 109539c9ba8497aad2948af4f09077f6a65059fe
+CVE_CHECK_IGNORE += "CVE-2023-1095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
+# Patched in kernel since v6.3 29b0589a865b6f66d141d79b2dd1373e4e50fe17
+# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
+# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
+# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
+# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
+# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
+CVE_CHECK_IGNORE += "CVE-2023-1118"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1249
+# Patched in kernel since v5.18 390031c942116d4733310f0684beb8db19885fe6
+# Backported in version v5.10.110 558564db44755dfb3e48b0d64de327d20981e950
+# Backported in version v5.15.33 39fd0cc079c98dafcf355997ada7b5e67f0bb10a
+CVE_CHECK_IGNORE += "CVE-2023-1249"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1252
+# Patched in kernel since v5.16 9a254403760041528bc8f69fe2f5e1ef86950991
+# Backported in version v5.10.80 4fd9f0509a1452b45e89c668e2bab854cb05cd25
+# Backported in version v5.15.3 2f372e38f5724301056e005353c8beecc3f8d257
+CVE_CHECK_IGNORE += "CVE-2023-1252"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
+# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2
+# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
+# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
+# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
+CVE_CHECK_IGNORE += "CVE-2023-1281"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1382
+# Patched in kernel since v6.1 a7b42969d63f47320853a802efd879fbdc4e010e
+# Backported in version v5.4.226 59f9aad22fd743572bdafa37d3e1dd5dc5658e26
+# Backported in version v5.10.157 4058e3b74ab3eabe0835cee9a0c6deda79e8a295
+# Backported in version v5.15.81 33fb115a76ae6683e34f76f7e07f6f0734b2525f
+CVE_CHECK_IGNORE += "CVE-2023-1382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_CHECK_IGNORE += "CVE-2023-1513"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+CVE_CHECK_IGNORE += "CVE-2023-1829"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1838
+# Patched in kernel since v5.18 fb4554c2232e44d595920f4d5c66cf8f7d13f9bc
+# Backported in version v5.4.196 3a12b2c413b20c17832ec51cb836a0b713b916ac
+# Backported in version v5.10.118 ec0d801d1a44d9259377142c6218885ecd685e41
+# Backported in version v5.15.42 42d8a6dc45fc6619b8def1a70b7bd0800bcc4574
+CVE_CHECK_IGNORE += "CVE-2023-1838"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1998
+# Patched in kernel since v6.3 6921ed9049bc7457f66c1596c5b78aec0dae4a9d
+# Backported in version v5.4.235 34c1b60e7a80404056c03936dd9c2438da2789d4
+# Backported in version v5.10.173 abfed855f05863d292de2d0ebab4656791bab9c8
+# Backported in version v5.15.99 e7f1ddebd9f5b12de40bc37db9243957678f1448
+# Backported in version v6.1.16 08d87c87d6461d16827c9b88d84c48c26b6c994a
+# Backported in version v6.2.3 ead3c8e54d28fa1d5454b1f8a21b96b4a969b1cb
+CVE_CHECK_IGNORE += "CVE-2023-1998"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2006
+# Patched in kernel since v6.1 3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5
+# Backported in version v5.10.157 3535c632e6d16c98f76e615da8dc0cb2750c66cc
+# Backported in version v5.15.81 38fe0988bd516f35c614ea9a5ff86c0d29f90c9a
+CVE_CHECK_IGNORE += "CVE-2023-2006"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2008
+# Patched in kernel since v5.19 05b252cccb2e5c3f56119d25de684b4f810ba40a
+# Backported in version v5.4.202 c7bdaad9cbfe17c83e4f56c7bb7a2d87d944f0fb
+# Backported in version v5.10.127 20119c1e0fff89542ff3272ace87e04cf6ee6bea
+# Backported in version v5.15.51 5b45535865d62633e3816ee30eb8d3213038dc17
+CVE_CHECK_IGNORE += "CVE-2023-2008"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2162
+# Patched in kernel since v6.2 f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3
+# Backported in version v5.4.232 d4d765f4761f9e3a2d62992f825aeee593bcb6b9
+# Backported in version v5.10.168 9758ffe1c07b86aefd7ca8e40d9a461293427ca0
+# Backported in version v5.15.93 0aaabdb900c7415caa2006ef580322f7eac5f6b6
+# Backported in version v6.1.11 61e43ebfd243bcbad11be26bd921723027b77441
+CVE_CHECK_IGNORE += "CVE-2023-2162"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2166
+# Patched in kernel since v6.1 0acc442309a0a1b01bcdaa135e56e6398a49439c
+# Backported in version v5.4.227 3982652957e8d79ac32efcb725450580650a8644
+# Backported in version v5.10.159 c42221efb1159d6a3c89e96685ee38acdce86b6f
+# Backported in version v5.15.83 c142cba37de29f740a3852f01f59876af8ae462a
+CVE_CHECK_IGNORE += "CVE-2023-2166"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2177
+# Patched in kernel since v5.19 181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d
+# Backported in version v5.4.209 8d6dab81ee3d0309c09987ff76164a25486c43e0
+# Backported in version v5.10.135 6f3505588d66b27220f07d0cab18da380fae2e2d
+# Backported in version v5.15.59 e796e1fe20ecaf6da419ef6a5841ba181bba7a0c
+CVE_CHECK_IGNORE += "CVE-2023-2177"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-22999
+# Patched in kernel since v5.17 b52fe2dbb3e655eb1483000adfab68a219549e13
+# Backported in version v5.10.94 94177fcecc35e9e9d3aecaa5813556c6b5aed7b6
+# Backported in version v5.15.17 5157828d3975768b53a51cdf569203b953184022
+CVE_CHECK_IGNORE += "CVE-2023-22999"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23002
+# Patched in kernel since v5.17 6845667146a28c09b5dfc401c1ad112374087944
+# Backported in version v5.10.94 4579954bf4cc0bdfc4a42c88b16fe596f1e7f82d
+# Backported in version v5.15.17 9186e6ba52af11ba7b5f432aa2321f36e00ad721
+CVE_CHECK_IGNORE += "CVE-2023-23002"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23004
+# Patched in kernel since v5.19 15342f930ebebcfe36f2415049736a77d7d2e045
+# Backported in version v5.10.173 a5bbea50d622b8f49ab8ee3b0eb283107febcf1a
+# Backported in version v5.15.100 1c7988d5c79f72287177bb774cde15fde69f3c97
+CVE_CHECK_IGNORE += "CVE-2023-23004"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23454
+# Patched in kernel since v6.2 caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
+# Backported in version v5.4.229 6b17b84634f932f4787f04578f5d030874b9ff32
+# Backported in version v5.10.163 b2c917e510e5ddbc7896329c87d20036c8b82952
+# Backported in version v5.15.87 04dc4003e5df33fb38d3dd85568b763910c479d4
+# Backported in version v6.1.5 dc46e39b727fddc5aacc0272ef83ee872d51be16
+CVE_CHECK_IGNORE += "CVE-2023-23454"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23455
+# Patched in kernel since v6.2 a2965c7be0522eaa18808684b7b82b248515511b
+# Backported in version v5.4.229 63e469cb54a87df53edcfd85bb5bcdd84327ae4a
+# Backported in version v5.10.163 5f65f48516bfeebaab1ccc52c8fad698ddf21282
+# Backported in version v5.15.87 f02327a4877a06cbc8277e22d4834cb189565187
+# Backported in version v6.1.5 85655c63877aeafdc23226510ea268a9fa0af807
+CVE_CHECK_IGNORE += "CVE-2023-23455"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23559
+# Patched in kernel since v6.2 b870e73a56c4cccbec33224233eaf295839f228c
+# Backported in version v5.4.231 9042a9a3f29c942387e6d6036551d90c9ae6ce4f
+# Backported in version v5.10.166 802fd7623e9ed19ee809b503e93fccc1e3f37bd6
+# Backported in version v5.15.91 8cbf932c5c40b0c20597fa623c308d5bde0848b5
+# Backported in version v6.1.9 7794efa358bca8b8a2a80070c6e088a74945f018
+CVE_CHECK_IGNORE += "CVE-2023-23559"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-25012
+# Patched in kernel since v6.3 76ca8da989c7d97a7f76c75d475fe95a584439d7
+# Backported in version v5.4.235 25e14bf0c894f9003247e3475372f33d9be1e424
+# Backported in version v5.10.173 fddde36316da8acb45a3cca2e5fda102f5215877
+# Backported in version v5.15.99 0fd9998052926ed24cfb30ab1a294cfeda4d0a8f
+# Backported in version v6.1.16 f2bf592ebd5077661e00aa11e12e054c4c8f6dd0
+# Backported in version v6.2.3 90289e71514e9533a9c44d694e2b492be9ed2b77
+CVE_CHECK_IGNORE += "CVE-2023-25012"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-26545
+# Patched in kernel since v6.2 fda6c89fe3d9aca073495a664e1d5aea28cd4377
+# Backported in version v5.4.232 df099e65564aa47478eb1cacf81ba69024fb5c69
+# Backported in version v5.10.169 7ff0fdba82298d1f456c685e24930da89703c0fb
+# Backported in version v5.15.95 59a74da8da75bdfb464cbdb399e87ba4f7500e96
+# Backported in version v6.1.13 c376227845eef8f2e62e2c29c3cf2140d35dd8e8
+CVE_CHECK_IGNORE += "CVE-2023-26545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28327
+# Patched in kernel since v6.1 b3abe42e94900bdd045c472f9c9be620ba5ce553
+# Backported in version v5.4.227 c66d78aee55dab72c92020ebfbebc464d4f5dd2a
+# Backported in version v5.10.159 575a6266f63dbb3b8eb1da03671451f0d81b8034
+# Backported in version v5.15.83 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91
+CVE_CHECK_IGNORE += "CVE-2023-28327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28328
+# Patched in kernel since v6.2 0ed554fd769a19ea8464bb83e9ac201002ef74ad
+# Backported in version v5.4.229 8b256d23361c51aa4b7fdb71176c1ca50966fb39
+# Backported in version v5.10.163 559891d430e3f3a178040c4371ed419edbfa7d65
+# Backported in version v5.15.86 210fcf64be4db82c0e190e74b5111e4eef661a7a
+# Backported in version v6.1.2 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70
+CVE_CHECK_IGNORE += "CVE-2023-28328"
diff --git a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
index f8f7171..ed9746f 100644
--- a/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/poky/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -334,7 +334,7 @@
FILES:${PN} = "${KERNEL_BUILD_ROOT} ${KERNEL_SRC_PATH}"
FILES:${PN}-dbg += "${KERNEL_BUILD_ROOT}*/build/scripts/*/.debug/*"
-RDEPENDS:${PN} = "bc python3 flex bison ${TCLIBC}-utils"
+RDEPENDS:${PN} = "bc python3-core flex bison ${TCLIBC}-utils"
# 4.15+ needs these next two RDEPENDS
RDEPENDS:${PN} += "openssl-dev util-linux"
# and x86 needs a bit more for 4.15+
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index f257451..332a193 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "6462fa707bd003b62bee6042c20e8ab1f391df96"
-SRCREV_meta ?= "8ea689ac1980b5c09cd049a3403f72e75a8739da"
+SRCREV_machine ?= "8008621f28248a94b5f1154350a4fc9c71b130d5"
+SRCREV_meta ?= "4476e17760bea9d68c392368f2396a2e9efa86c3"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.175"
+LINUX_VERSION ?= "5.10.180"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 38daab6..2937979 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "e1ca9a177aff19013178aa30a8eccb4d7b2b67d7"
-SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2"
+SRCREV_machine ?= "8e0611e36c848a07f9cdd778903c9e51bb90b319"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.103"
+LINUX_VERSION ?= "5.15.108"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 798fb84..e8d4eee 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.175"
+LINUX_VERSION ?= "5.10.180"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine:qemuarm ?= "d90caed79c490df9aab86920b33698bc29899d45"
-SRCREV_machine ?= "878a6b6459feacfa733cf27a14b9f70b9922ba65"
-SRCREV_meta ?= "8ea689ac1980b5c09cd049a3403f72e75a8739da"
+SRCREV_machine:qemuarm ?= "d0dc3a46c784849731fc25990679b676f4306cef"
+SRCREV_machine ?= "5ca66907abef1e8a0be5d3109fd3f0d50f77bc5f"
+SRCREV_meta ?= "4476e17760bea9d68c392368f2396a2e9efa86c3"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index eb6af62..c19c289 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.103"
+LINUX_VERSION ?= "5.15.108"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "4ae6c9a73f4e6e356186a541e3fcbea4fa6a09f1"
-SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2"
+SRCREV_machine ?= "3d762b85647844790979dd1e17a762003aaa7476"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto.inc b/poky/meta/recipes-kernel/linux/linux-yocto.inc
index 1f8289b..4943d5a 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/poky/meta/recipes-kernel/linux/linux-yocto.inc
@@ -69,3 +69,6 @@
d.setVarFlag("PKG_CONFIG_SYSROOT_DIR", "unexport", "1")
d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR")
}
+
+# CVE exclusion
+include recipes-kernel/linux/cve-exclusion.inc
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 92666e4..cb28294 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,23 +13,23 @@
KBRANCH:qemux86-64 ?= "v5.10/standard/base"
KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "1784e127b2ebee50ade30dc697d9f2c9ccda64d6"
-SRCREV_machine:qemuarm64 ?= "3189034276f25e203dae9df3df5fd33849a63ddb"
-SRCREV_machine:qemumips ?= "ed305aee0a2d924dd532eea364036736a43b008e"
-SRCREV_machine:qemuppc ?= "43e2751f24c4c35341b877429f5c62f57cc23616"
-SRCREV_machine:qemuriscv64 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb"
-SRCREV_machine:qemuriscv32 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb"
-SRCREV_machine:qemux86 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb"
-SRCREV_machine:qemux86-64 ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb"
-SRCREV_machine:qemumips64 ?= "82870b2da104e88b79174aece820f233e0c4bd72"
-SRCREV_machine ?= "96f3a7ef51f544080250e995b21e66004fdbb2bb"
-SRCREV_meta ?= "8ea689ac1980b5c09cd049a3403f72e75a8739da"
+SRCREV_machine:qemuarm ?= "1cf6a458134cbbe232467622d8e34d2e9d10e92b"
+SRCREV_machine:qemuarm64 ?= "5db230097771631366812f12c9b04c8379f53c24"
+SRCREV_machine:qemumips ?= "795276fa64f0874a4ee0dcfa9c78e572314bdfa1"
+SRCREV_machine:qemuppc ?= "6ccfcf5138703538662241bf8ed897a1ef2a3def"
+SRCREV_machine:qemuriscv64 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f"
+SRCREV_machine:qemuriscv32 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f"
+SRCREV_machine:qemux86 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f"
+SRCREV_machine:qemux86-64 ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f"
+SRCREV_machine:qemumips64 ?= "4d6b146f00b8efc99e3d3d1d8a63220c29590c8d"
+SRCREV_machine ?= "c6515d2a698792220bed8fd39ccbcfec64d1130f"
+SRCREV_meta ?= "4476e17760bea9d68c392368f2396a2e9efa86c3"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.175"
+LINUX_VERSION ?= "5.10.180"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 41f20c9..785944c 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -13,24 +13,24 @@
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "21687086c27bb112f19b0aac455d800961c0b830"
-SRCREV_machine:qemuarm64 ?= "7144f86a73fe2ffe4fe57c9e6cf28d8fc8db4b6a"
-SRCREV_machine:qemumips ?= "557c06060cb218ade536fccc66f8f3e755537f31"
-SRCREV_machine:qemuppc ?= "db19dbdcdf51b9d2a071dcf180ba9e20b8286e9b"
-SRCREV_machine:qemuriscv64 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemuriscv32 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemux86 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemux86-64 ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_machine:qemumips64 ?= "6f1dbe8c258d49f4dba59827124dfe9aa2c151db"
-SRCREV_machine ?= "024d08fb706170a9723e9751e505681f9d4c7ab6"
-SRCREV_meta ?= "441f5fe00073620cec471166cf6e94c4ef9c69b2"
+SRCREV_machine:qemuarm ?= "80421c525a12141d31bf1592b0d8c176defe3010"
+SRCREV_machine:qemuarm64 ?= "9d140dbc3171bf272f51b524edeeb2f22783aca5"
+SRCREV_machine:qemumips ?= "b29a8fa62d88db512f1fa5d60e430a851d7e3aaf"
+SRCREV_machine:qemuppc ?= "7ee6b7fc4b57933114376cf012218c2ae3d23558"
+SRCREV_machine:qemuriscv64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemuriscv32 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemux86-64 ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_machine:qemumips64 ?= "5c900befc90365f6daa80989e8de0ccc546ff0f5"
+SRCREV_machine ?= "e8c818cce43dd720c366d831aeb102c20c237652"
+SRCREV_meta ?= "e4b95ec17228274acb38bf10061448224df3a312"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "8020ae3c051d1c9ec7b7a872e226f9720547649b"
+SRCREV_machine:class-devupstream ?= "3299fb36854fdc288bddc2c4d265f8a2e5105944"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -38,7 +38,7 @@
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.103"
+LINUX_VERSION ?= "5.15.108"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
new file mode 100644
index 0000000..3cd374d
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
@@ -0,0 +1,130 @@
+From e40c964a0678908e2c756741343ed50d6a99ee12 Mon Sep 17 00:00:00 2001
+From: Anton Khirnov <anton@khirnov.net>
+Date: Fri, 28 Apr 2023 11:45:30 +0000
+Subject: [PATCH] lavc/pthread_frame: avoid leaving stale hwaccel state in
+ worker threads
+
+This state is not refcounted, so make sure it always has a well-defined
+owner.
+
+Remove the block added in 091341f, as
+this commit also solves that issue in a more general way.
+
+CVE:CVE-2022-48434
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11]
+
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+---
+ libavcodec/pthread_frame.c | 46 +++++++++++++++++++++++++++++---------
+ 1 file changed, 35 insertions(+), 11 deletions(-)
+
+diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
+index 85a6bc9..e40dced 100644
+--- a/libavcodec/pthread_frame.c
++++ b/libavcodec/pthread_frame.c
+@@ -145,6 +145,12 @@ typedef struct FrameThreadContext {
+ * Set for the first N packets, where N is the number of threads.
+ * While it is set, ff_thread_en/decode_frame won't return any results.
+ */
++
++ /* hwaccel state is temporarily stored here in order to transfer its ownership
++ * to the next decoding thread without the need for extra synchronization */
++ const AVHWAccel *stash_hwaccel;
++ void *stash_hwaccel_context;
++ void *stash_hwaccel_priv;
+ } FrameThreadContext;
+
+ #if FF_API_THREAD_SAFE_CALLBACKS
+@@ -229,9 +235,17 @@ FF_ENABLE_DEPRECATION_WARNINGS
+ ff_thread_finish_setup(avctx);
+
+ if (p->hwaccel_serializing) {
++ /* wipe hwaccel state to avoid stale pointers lying around;
++ * the state was transferred to FrameThreadContext in
++ * ff_thread_finish_setup(), so nothing is leaked */
++ avctx->hwaccel = NULL;
++ avctx->hwaccel_context = NULL;
++ avctx->internal->hwaccel_priv_data = NULL;
++
+ p->hwaccel_serializing = 0;
+ pthread_mutex_unlock(&p->parent->hwaccel_mutex);
+ }
++ av_assert0(!avctx->hwaccel);
+
+ if (p->async_serializing) {
+ p->async_serializing = 0;
+@@ -294,14 +308,10 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src,
+ dst->color_range = src->color_range;
+ dst->chroma_sample_location = src->chroma_sample_location;
+
+- dst->hwaccel = src->hwaccel;
+- dst->hwaccel_context = src->hwaccel_context;
+-
+ dst->channels = src->channels;
+ dst->sample_rate = src->sample_rate;
+ dst->sample_fmt = src->sample_fmt;
+ dst->channel_layout = src->channel_layout;
+- dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data;
+
+ if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx ||
+ (dst->hw_frames_ctx && dst->hw_frames_ctx->data != src->hw_frames_ctx->data)) {
+@@ -442,6 +452,12 @@ static int submit_packet(PerThreadContext *p, AVCodecContext *user_avctx,
+ pthread_mutex_unlock(&p->mutex);
+ return err;
+ }
++
++ /* transfer hwaccel state stashed from previous thread, if any */
++ av_assert0(!p->avctx->hwaccel);
++ FFSWAP(const AVHWAccel*, p->avctx->hwaccel, fctx->stash_hwaccel);
++ FFSWAP(void*, p->avctx->hwaccel_context, fctx->stash_hwaccel_context);
++ FFSWAP(void*, p->avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv);
+ }
+
+ av_packet_unref(p->avpkt);
+@@ -647,6 +663,14 @@ void ff_thread_finish_setup(AVCodecContext *avctx) {
+ async_lock(p->parent);
+ }
+
++ /* save hwaccel state for passing to the next thread;
++ * this is done here so that this worker thread can wipe its own hwaccel
++ * state after decoding, without requiring synchronization */
++ av_assert0(!p->parent->stash_hwaccel);
++ p->parent->stash_hwaccel = avctx->hwaccel;
++ p->parent->stash_hwaccel_context = avctx->hwaccel_context;
++ p->parent->stash_hwaccel_priv = avctx->internal->hwaccel_priv_data;
++
+ pthread_mutex_lock(&p->progress_mutex);
+ if(atomic_load(&p->state) == STATE_SETUP_FINISHED){
+ av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n");
+@@ -700,13 +724,6 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
+
+ park_frame_worker_threads(fctx, thread_count);
+
+- if (fctx->prev_thread && avctx->internal->hwaccel_priv_data !=
+- fctx->prev_thread->avctx->internal->hwaccel_priv_data) {
+- if (update_context_from_thread(avctx, fctx->prev_thread->avctx, 1) < 0) {
+- av_log(avctx, AV_LOG_ERROR, "Failed to update user thread.\n");
+- }
+- }
+-
+ if (fctx->prev_thread && fctx->prev_thread != fctx->threads)
+ if (update_context_from_thread(fctx->threads->avctx, fctx->prev_thread->avctx, 0) < 0) {
+ av_log(avctx, AV_LOG_ERROR, "Final thread update failed\n");
+@@ -760,6 +777,13 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
+ av_freep(&fctx->threads);
+ ff_pthread_free(fctx, thread_ctx_offsets);
+
++ /* if we have stashed hwaccel state, move it to the user-facing context,
++ * so it will be freed in avcodec_close() */
++ av_assert0(!avctx->hwaccel);
++ FFSWAP(const AVHWAccel*, avctx->hwaccel, fctx->stash_hwaccel);
++ FFSWAP(void*, avctx->hwaccel_context, fctx->stash_hwaccel_context);
++ FFSWAP(void*, avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv);
++
+ av_freep(&avctx->internal->thread_ctx);
+ }
+
+--
+2.40.0
+
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 4bcbda9..6ece34f 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -28,7 +28,8 @@
file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
- "
+ file://CVE-2022-48434.patch \
+ "
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.6.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.6.bb
index 9db31c1..2eee50e 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-devtools_1.20.6.bb
@@ -12,7 +12,7 @@
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "5684436121b8bae07fd00b74395f95e44b5f26323dce4fa045fa665676807bba"
+SRC_URI[sha256sum] = "2c64037c823fb88751a47dacf3d4752a52b7951190d6e05fc44855e912e81d71"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.6.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.6.bb
index e5925c6..c54913e 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.20.6.bb
@@ -12,7 +12,7 @@
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "b152e3cc49d014899f53c39d8a6224a44e1399b4cf76aa5f9a903fdf9793c3cc"
+SRC_URI[sha256sum] = "7d619a030542a4a5a11e0302742a3d9b05f8e5cfc453025683a0379bc50aa013"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.6.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.6.bb
index ec5efcd..b29d393 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.20.6.bb
@@ -10,7 +10,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "bcccbc02548cdc123fd49944dd44a4f1adc5d107e36f010d320eb526e2107806"
+SRC_URI[sha256sum] = "48e82008a2a0ad5f4b525aba8a6c49c4ca2d7d25c6b1b14d107dd747e26d5a8e"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.6.bb
similarity index 98%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.6.bb
index 80766b9..fdb4509 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.6.bb
@@ -11,7 +11,7 @@
file://0003-ensure-valid-sentinals-for-gst_structure_get-etc.patch \
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
"
-SRC_URI[sha256sum] = "f431214b0754d7037adcde93c3195106196588973e5b32dcb24938805f866363"
+SRC_URI[sha256sum] = "d98c73fa5cdddb372a91199464515cfc80c89bbe05e3d4387ea4381e4224483a"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.6.bb
similarity index 97%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.6.bb
index c37b542..8d1aef1 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.20.6.bb
@@ -11,7 +11,7 @@
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
"
-SRC_URI[sha256sum] = "11f911ef65f3095d7cf698a1ad1fc5242ac3ad6c9270465fb5c9e7f4f9c19b35"
+SRC_URI[sha256sum] = "54eac357d6cd66f183b94a26e493bf4d5781bc76bc60cad122742626caf8f1a3"
S = "${WORKDIR}/gst-plugins-base-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.6.bb
similarity index 97%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.6.bb
index 80aed01..81f5dd0 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.20.6.bb
@@ -8,7 +8,7 @@
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
"
-SRC_URI[sha256sum] = "e83ab4d12ca24959489bbb0ec4fac9b90e32f741d49cda357cb554b2cb8b97f9"
+SRC_URI[sha256sum] = "e51365cfa9b19bd736dafe2c8828254a55d66996a3c60550bb0d50041c381a44"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.6.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.6.bb
index f765e62..e62e9e9 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.20.6.bb
@@ -14,7 +14,7 @@
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "af67d8ba7cab230f64d0594352112c2c443e2aa36a87c35f9f98a43d11430b87"
+SRC_URI[sha256sum] = "ca3fb6abc9f6e981d204a736c254e50cc1786a2f5038d83023e42ea009b10246"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.6.bb
similarity index 91%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.6.bb
index 05e9ace..77745b8 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.20.6.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "27487652318659cfd7dc42784b713c78d29cc7a7df4fb397134c8c125f65e3b2"
+SRC_URI[sha256sum] = "aa619e08ddd9f92755f4bd24ba9577e81ae4c86bff170c3e574153ec3cdc80cc"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.6.bb
similarity index 90%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.6.bb
index c9cf429..017edec 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.20.6.bb
@@ -10,7 +10,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "ba398a7ddd559cce56ef4b91f448d174e0dccad98a493563d2d59c41a2ef39c5"
+SRC_URI[sha256sum] = "800122a798387bd4b18b558737d30a010d94154f41bd210d4c4cc2d80ecae90f"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.6.bb
similarity index 95%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.6.bb
index 716f50e..d67abf4 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.20.6.bb
@@ -11,7 +11,7 @@
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "510c6fb4ff3f676d7946ce1800e04ccf5aabe5a586d4e164d1961808fab8c94b"
+SRC_URI[sha256sum] = "57028a2cdabb749eb38a53f45cfa36f02b4e5368fb6d8684ef31d9e73ddf653b"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
deleted file mode 100644
index f1fac2d..0000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bin-Fix-race-conditions-in-tests.patch
+++ /dev/null
@@ -1,300 +0,0 @@
-From e1e2d8d58c1e09e065849cdb1f6466c0537a7c51 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 21 Jun 2022 11:51:35 +0300
-Subject: [PATCH] bin: Fix race conditions in tests
-
-The latency messages are non-deterministic and can arrive before/after
-async-done or during state-changes as they are posted by e.g. sinks from
-their streaming thread but bins are finishing asynchronous state changes
-from a secondary helper thread.
-
-To solve this, expect latency messages at any time and assert that we
-receive one at some point during the test.
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643>
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2643]
-Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
----
- .../gstreamer/tests/check/gst/gstbin.c | 132 ++++++++++++------
- 1 file changed, 92 insertions(+), 40 deletions(-)
-
-diff --git a/subprojects/gstreamer/tests/check/gst/gstbin.c b/subprojects/gstreamer/tests/check/gst/gstbin.c
-index e366d5fe20f..88ff44db0c3 100644
---- a/subprojects/gstreamer/tests/check/gst/gstbin.c
-+++ b/subprojects/gstreamer/tests/check/gst/gstbin.c
-@@ -27,50 +27,95 @@
- #include <gst/base/gstbasesrc.h>
-
- static void
--pop_async_done (GstBus * bus)
-+pop_async_done (GstBus * bus, gboolean * had_latency)
- {
- GstMessage *message;
-+ GstMessageType types = GST_MESSAGE_ASYNC_DONE;
-+
-+ if (!*had_latency)
-+ types |= GST_MESSAGE_LATENCY;
-
- GST_DEBUG ("popping async-done message");
-- message = gst_bus_poll (bus, GST_MESSAGE_ASYNC_DONE, -1);
-
-- fail_unless (message && GST_MESSAGE_TYPE (message)
-- == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
-+ do {
-+ message = gst_bus_poll (bus, types, -1);
-
-- gst_message_unref (message);
-- GST_DEBUG ("popped message");
-+ fail_unless (message);
-+ GST_DEBUG ("popped message %s",
-+ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
-+
-+ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
-+ fail_unless (*had_latency == FALSE);
-+ *had_latency = TRUE;
-+ gst_clear_message (&message);
-+ types &= ~GST_MESSAGE_LATENCY;
-+ continue;
-+ }
-+
-+ fail_unless (GST_MESSAGE_TYPE (message)
-+ == GST_MESSAGE_ASYNC_DONE, "did not get GST_MESSAGE_ASYNC_DONE");
-+
-+ gst_clear_message (&message);
-+ break;
-+ } while (TRUE);
- }
-
- static void
--pop_latency (GstBus * bus)
-+pop_latency (GstBus * bus, gboolean * had_latency)
- {
- GstMessage *message;
-
-- GST_DEBUG ("popping async-done message");
-+ if (*had_latency)
-+ return;
-+
-+ GST_DEBUG ("popping latency message");
- message = gst_bus_poll (bus, GST_MESSAGE_LATENCY, -1);
-
-- fail_unless (message && GST_MESSAGE_TYPE (message)
-+ fail_unless (message);
-+ fail_unless (GST_MESSAGE_TYPE (message)
- == GST_MESSAGE_LATENCY, "did not get GST_MESSAGE_LATENCY");
-
-- gst_message_unref (message);
-- GST_DEBUG ("popped message");
-+ GST_DEBUG ("popped message %s",
-+ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
-+ gst_clear_message (&message);
-+
-+ *had_latency = TRUE;
- }
-
- static void
--pop_state_changed (GstBus * bus, int count)
-+pop_state_changed (GstBus * bus, int count, gboolean * had_latency)
- {
- GstMessage *message;
--
-+ GstMessageType types = GST_MESSAGE_STATE_CHANGED;
- int i;
-
-+ if (!*had_latency)
-+ types |= GST_MESSAGE_LATENCY;
-+
- GST_DEBUG ("popping %d messages", count);
- for (i = 0; i < count; ++i) {
-- message = gst_bus_poll (bus, GST_MESSAGE_STATE_CHANGED, -1);
--
-- fail_unless (message && GST_MESSAGE_TYPE (message)
-- == GST_MESSAGE_STATE_CHANGED, "did not get GST_MESSAGE_STATE_CHANGED");
--
-- gst_message_unref (message);
-+ do {
-+ message = gst_bus_poll (bus, types, -1);
-+
-+ fail_unless (message);
-+ GST_DEBUG ("popped message %s",
-+ gst_message_type_get_name (GST_MESSAGE_TYPE (message)));
-+
-+ if (GST_MESSAGE_TYPE (message) == GST_MESSAGE_LATENCY) {
-+ fail_unless (*had_latency == FALSE);
-+ *had_latency = TRUE;
-+ gst_clear_message (&message);
-+ types &= ~GST_MESSAGE_LATENCY;
-+ continue;
-+ }
-+
-+ fail_unless (GST_MESSAGE_TYPE (message)
-+ == GST_MESSAGE_STATE_CHANGED,
-+ "did not get GST_MESSAGE_STATE_CHANGED");
-+
-+ gst_message_unref (message);
-+ break;
-+ } while (TRUE);
- }
- GST_DEBUG ("popped %d messages", count);
- }
-@@ -538,6 +583,7 @@ GST_START_TEST (test_message_state_changed_children)
- GstBus *bus;
- GstStateChangeReturn ret;
- GstState current, pending;
-+ gboolean had_latency = FALSE;
-
- pipeline = GST_PIPELINE (gst_pipeline_new (NULL));
- fail_unless (pipeline != NULL, "Could not create pipeline");
-@@ -576,7 +622,7 @@ GST_START_TEST (test_message_state_changed_children)
- ASSERT_OBJECT_REFCOUNT (sink, "sink", 2);
- ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 2);
-
-- pop_state_changed (bus, 3);
-+ pop_state_changed (bus, 3, &had_latency);
- fail_if (gst_bus_have_pending (bus), "unexpected pending messages");
-
- ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
-@@ -619,9 +665,9 @@ GST_START_TEST (test_message_state_changed_children)
- * its state_change message */
- ASSERT_OBJECT_REFCOUNT_BETWEEN (pipeline, "pipeline", 3, 4);
-
-- pop_state_changed (bus, 3);
-- pop_async_done (bus);
-- pop_latency (bus);
-+ pop_state_changed (bus, 3, &had_latency);
-+ pop_async_done (bus, &had_latency);
-+ pop_latency (bus, &had_latency);
- fail_if ((gst_bus_pop (bus)) != NULL);
-
- ASSERT_OBJECT_REFCOUNT_BETWEEN (bus, "bus", 2, 3);
-@@ -648,7 +694,7 @@ GST_START_TEST (test_message_state_changed_children)
- ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 2, 4);
- ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
-
-- pop_state_changed (bus, 3);
-+ pop_state_changed (bus, 3, &had_latency);
- fail_if ((gst_bus_pop (bus)) != NULL);
-
- ASSERT_OBJECT_REFCOUNT (bus, "bus", 2);
-@@ -669,7 +715,7 @@ GST_START_TEST (test_message_state_changed_children)
- ASSERT_OBJECT_REFCOUNT_BETWEEN (sink, "sink", 3, 4);
- ASSERT_OBJECT_REFCOUNT (pipeline, "pipeline", 3);
-
-- pop_state_changed (bus, 6);
-+ pop_state_changed (bus, 6, &had_latency);
- fail_if ((gst_bus_pop (bus)) != NULL);
-
- ASSERT_OBJECT_REFCOUNT (src, "src", 1);
-@@ -696,6 +742,7 @@ GST_START_TEST (test_watch_for_state_change)
- GstElement *src, *sink, *bin;
- GstBus *bus;
- GstStateChangeReturn ret;
-+ gboolean had_latency = FALSE;
-
- bin = gst_element_factory_make ("bin", NULL);
- fail_unless (bin != NULL, "Could not create bin");
-@@ -722,9 +769,9 @@ GST_START_TEST (test_watch_for_state_change)
- GST_CLOCK_TIME_NONE);
- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
-
-- pop_state_changed (bus, 6);
-- pop_async_done (bus);
-- pop_latency (bus);
-+ pop_state_changed (bus, 6, &had_latency);
-+ pop_async_done (bus, &had_latency);
-+ pop_latency (bus, &had_latency);
-
- fail_unless (gst_bus_have_pending (bus) == FALSE,
- "Unexpected messages on bus");
-@@ -732,16 +779,17 @@ GST_START_TEST (test_watch_for_state_change)
- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PLAYING);
- fail_unless (ret == GST_STATE_CHANGE_SUCCESS);
-
-- pop_state_changed (bus, 3);
-+ pop_state_changed (bus, 3, &had_latency);
-
-+ had_latency = FALSE;
- /* this one might return either SUCCESS or ASYNC, likely SUCCESS */
- ret = gst_element_set_state (GST_ELEMENT (bin), GST_STATE_PAUSED);
- gst_element_get_state (GST_ELEMENT (bin), NULL, NULL, GST_CLOCK_TIME_NONE);
-
-- pop_state_changed (bus, 3);
-+ pop_state_changed (bus, 3, &had_latency);
- if (ret == GST_STATE_CHANGE_ASYNC) {
-- pop_async_done (bus);
-- pop_latency (bus);
-+ pop_async_done (bus, &had_latency);
-+ pop_latency (bus, &had_latency);
- }
-
- fail_unless (gst_bus_have_pending (bus) == FALSE,
-@@ -898,6 +946,7 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
- GstStateChangeReturn ret;
- GstState current, pending;
- GstBus *bus;
-+ gboolean had_latency = FALSE;
-
- pipeline = gst_pipeline_new (NULL);
- fail_unless (pipeline != NULL, "Could not create pipeline");
-@@ -951,10 +1000,11 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
- ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 107);
- #else
-
-- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
-+ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
- ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
- 108);
-- pop_async_done (bus);
-+ pop_async_done (bus, &had_latency);
-+ pop_latency (bus, &had_latency);
- #endif
- /* PAUSED => PLAYING */
- GST_DEBUG ("popping PAUSED -> PLAYING messages");
-@@ -972,8 +1022,8 @@ GST_START_TEST (test_children_state_change_order_flagged_sink)
- fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
-
- /* TODO: do we need to check downwards state change order as well? */
-- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
-- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
-+ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
-+ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
-
- while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
- THREAD_SWITCH ();
-@@ -1002,6 +1052,7 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
- GstStateChangeReturn ret;
- GstState current, pending;
- GstBus *bus;
-+ gboolean had_latency = FALSE;
-
- /* (2) Now again, but check other code path where we don't have
- * a proper sink correctly flagged as such, but a 'semi-sink' */
-@@ -1056,10 +1107,11 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
- ASSERT_STATE_CHANGE_MSG (bus, src, GST_STATE_READY, GST_STATE_PAUSED, 206);
- ASSERT_STATE_CHANGE_MSG (bus, sink, GST_STATE_READY, GST_STATE_PAUSED, 207);
- #else
-- pop_state_changed (bus, 2); /* pop remaining ready => paused messages off the bus */
-+ pop_state_changed (bus, 2, &had_latency); /* pop remaining ready => paused messages off the bus */
- ASSERT_STATE_CHANGE_MSG (bus, pipeline, GST_STATE_READY, GST_STATE_PAUSED,
- 208);
-- pop_async_done (bus);
-+ pop_async_done (bus, &had_latency);
-+ pop_latency (bus, &had_latency);
-
- /* PAUSED => PLAYING */
- GST_DEBUG ("popping PAUSED -> PLAYING messages");
-@@ -1076,8 +1128,8 @@ GST_START_TEST (test_children_state_change_order_semi_sink)
- fail_if (ret != GST_STATE_CHANGE_SUCCESS, "State change to READY failed");
-
- /* TODO: do we need to check downwards state change order as well? */
-- pop_state_changed (bus, 4); /* pop playing => paused messages off the bus */
-- pop_state_changed (bus, 4); /* pop paused => ready messages off the bus */
-+ pop_state_changed (bus, 4, &had_latency); /* pop playing => paused messages off the bus */
-+ pop_state_changed (bus, 4, &had_latency); /* pop paused => ready messages off the bus */
-
- GST_DEBUG ("waiting for pipeline to reach refcount 1");
- while (GST_OBJECT_REFCOUNT_VALUE (pipeline) > 1)
---
-GitLab
-
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.6.bb
similarity index 94%
rename from poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
rename to poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.6.bb
index ce9c1c1..7ceb319 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.5.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.20.6.bb
@@ -21,9 +21,8 @@
file://0002-tests-add-support-for-install-the-tests.patch;striplevel=3 \
file://0003-tests-use-a-dictionaries-for-environment.patch;striplevel=3 \
file://0004-tests-add-helper-script-to-run-the-installed_tests.patch;striplevel=3 \
- file://0005-bin-Fix-race-conditions-in-tests.patch;striplevel=3 \
"
-SRC_URI[sha256sum] = "5a19083faaf361d21fc391124f78ba6d609be55845a82fa8f658230e5fa03dff"
+SRC_URI[sha256sum] = "0545b030960680f71a95f9d39c95daae54b4d317d335e8f239d81138773c9b90"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
new file mode 100644
index 0000000..1a6b685
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
@@ -0,0 +1,41 @@
+CVE: CVE-2022-32888
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/a3dd7dc]
+
+[1]: https://support.apple.com/en-us/HT213446
+[2]: https://bugs.webkit.org/show_bug.cgi?id=242047
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From a3dd7dc5f60b87a7cfd14c372e40ebd339076763 Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki <ysuzuki@apple.com>
+Date: Mon, 27 Jun 2022 21:34:55 -0700
+Subject: [PATCH] [JSC] Drop wasm stale assertion
+ https://bugs.webkit.org/show_bug.cgi?id=242047 rdar://95866655
+
+Reviewed by Mark Lam.
+
+This patch drops stale assertion in addDelegateToUnreachable.
+
+* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
+(JSC::Wasm::LLIntGenerator::addDelegateToUnreachable):
+
+Canonical link: https://commits.webkit.org/251902@main
+---
+ Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp b/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
+index 39fb39b3331f..d0d2b9725991 100644
+--- a/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
++++ b/Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
+@@ -1182,7 +1182,6 @@ auto LLIntGenerator::addDelegateToUnreachable(ControlType& target, ControlType&
+
+ ControlTry& tryData = std::get<ControlTry>(data);
+ m_codeBlock->addExceptionHandler({ HandlerType::Delegate, tryData.m_try->location(), delegateLabel->location(), 0, m_tryDepth, targetDepth });
+- checkConsistency();
+ return { };
+ }
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
new file mode 100644
index 0000000..60342a1
--- /dev/null
+++ b/poky/meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
@@ -0,0 +1,435 @@
+CVE: CVE-2022-32923
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/ef76e31]
+
+[1]: https://support.apple.com/en-us/HT213495
+[2]: https://bugs.webkit.org/show_bug.cgi?id=242964
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From ef76e31a2a066c3d65a9c94a9e2cd88133260c1f Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki <ysuzuki@apple.com>
+Date: Wed, 20 Jul 2022 19:30:48 -0700
+Subject: [PATCH] [JSC] BakcwardPropagationPhase should carry NaN / Infinity
+ handling https://bugs.webkit.org/show_bug.cgi?id=242964 rdar://96791603
+
+Reviewed by Mark Lam.
+
+For correctness, we should carry NaN / Infinity handling to make it more clear in the code generation site.
+
+* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
+(JSC::DFG::BackwardsPropagationPhase::propagate):
+* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
+(JSC::DFG::FixupPhase::fixupArithDivInt32):
+(JSC::DFG::FixupPhase::fixupArithDiv):
+* Source/JavaScriptCore/dfg/DFGGraph.h:
+* Source/JavaScriptCore/dfg/DFGNode.h:
+* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
+(JSC::DFG::dumpNodeFlags):
+* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
+(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity):
+(JSC::DFG::nodeCanSpeculateInt32ForDiv):
+* Source/JavaScriptCore/dfg/DFGNodeType.h:
+
+Canonical link: https://commits.webkit.org/252675@main
+---
+ .../dfg/DFGBackwardsPropagationPhase.cpp | 51 +++++++++++--------
+ Source/JavaScriptCore/dfg/DFGFixupPhase.cpp | 6 ++-
+ Source/JavaScriptCore/dfg/DFGGraph.h | 11 ++++
+ Source/JavaScriptCore/dfg/DFGNode.h | 12 +++--
+ Source/JavaScriptCore/dfg/DFGNodeFlags.cpp | 10 ++--
+ Source/JavaScriptCore/dfg/DFGNodeFlags.h | 37 +++++++++++---
+ Source/JavaScriptCore/dfg/DFGNodeType.h | 3 +-
+ 7 files changed, 91 insertions(+), 39 deletions(-)
+
+diff --git a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
+index 306ea5d6b974..83a08aff7c20 100644
+--- a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
++++ b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
+@@ -272,7 +272,7 @@ private:
+ case ValueBitNot:
+ case ArithBitNot: {
+ flags |= NodeBytecodeUsesAsInt;
+- flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther);
++ flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther);
+ flags &= ~NodeBytecodeUsesAsArrayIndex;
+ node->child1()->mergeFlags(flags);
+ break;
+@@ -291,7 +291,7 @@ private:
+ case BitURShift:
+ case ArithIMul: {
+ flags |= NodeBytecodeUsesAsInt;
+- flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther);
++ flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther);
+ flags &= ~NodeBytecodeUsesAsArrayIndex;
+ node->child1()->mergeFlags(flags);
+ node->child2()->mergeFlags(flags);
+@@ -308,9 +308,9 @@ private:
+
+ case StringSlice: {
+ node->child1()->mergeFlags(NodeBytecodeUsesAsValue);
+- node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
++ node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity);
+ if (node->child3())
+- node->child3()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
++ node->child3()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity);
+ break;
+ }
+
+@@ -320,11 +320,11 @@ private:
+ if (node->numChildren() == 2)
+ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsValue);
+ else if (node->numChildren() == 3) {
+- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity);
+ m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsValue);
+ } else if (node->numChildren() == 4) {
+- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
+- m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity);
++ m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity);
+ m_graph.varArgChild(node, 3)->mergeFlags(NodeBytecodeUsesAsValue);
+ }
+ break;
+@@ -345,6 +345,7 @@ private:
+ flags |= NodeBytecodeUsesAsNumber;
+ if (!m_allowNestedOverflowingAdditions)
+ flags |= NodeBytecodeUsesAsNumber;
++ flags |= NodeBytecodeNeedsNaNOrInfinity;
+
+ node->child1()->mergeFlags(flags);
+ node->child2()->mergeFlags(flags);
+@@ -359,6 +360,7 @@ private:
+ flags |= NodeBytecodeUsesAsNumber;
+ if (!m_allowNestedOverflowingAdditions)
+ flags |= NodeBytecodeUsesAsNumber;
++ flags |= NodeBytecodeNeedsNaNOrInfinity;
+
+ node->child1()->mergeFlags(flags);
+ node->child2()->mergeFlags(flags);
+@@ -366,7 +368,7 @@ private:
+ }
+
+ case ArithClz32: {
+- flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther | ~NodeBytecodeUsesAsArrayIndex);
++ flags &= ~(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther | ~NodeBytecodeUsesAsArrayIndex);
+ flags |= NodeBytecodeUsesAsInt;
+ node->child1()->mergeFlags(flags);
+ break;
+@@ -380,6 +382,7 @@ private:
+ flags |= NodeBytecodeUsesAsNumber;
+ if (!m_allowNestedOverflowingAdditions)
+ flags |= NodeBytecodeUsesAsNumber;
++ flags |= NodeBytecodeNeedsNaNOrInfinity;
+
+ node->child1()->mergeFlags(flags);
+ node->child2()->mergeFlags(flags);
+@@ -387,6 +390,7 @@ private:
+ }
+
+ case ArithNegate: {
++ // negation does not care about NaN, Infinity, -Infinity are converted into 0 if the result is evaluated under the integer context.
+ flags &= ~NodeBytecodeUsesAsOther;
+
+ node->child1()->mergeFlags(flags);
+@@ -401,6 +405,7 @@ private:
+ flags |= NodeBytecodeUsesAsNumber;
+ if (!m_allowNestedOverflowingAdditions)
+ flags |= NodeBytecodeUsesAsNumber;
++ flags |= NodeBytecodeNeedsNaNOrInfinity;
+
+ node->child1()->mergeFlags(flags);
+ break;
+@@ -421,7 +426,7 @@ private:
+
+ node->mergeFlags(flags);
+
+- flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero;
++ flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity;
+ flags &= ~NodeBytecodeUsesAsOther;
+
+ node->child1()->mergeFlags(flags);
+@@ -431,7 +436,13 @@ private:
+
+ case ValueDiv:
+ case ArithDiv: {
+- flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero;
++ // ArithDiv / ValueDiv need to have NodeBytecodeUsesAsNumber even if it is used in the context of integer.
++ // For example,
++ // ((@x / @y) + @z) | 0
++ // In this context, (@x / @y) can have integer context at first, but the result can be different if div
++ // generates NaN. Div and Mod are operations that can produce NaN / Infinity though only taking binary Int32 operands.
++ // Thus, we always need to check for overflow since it can affect downstream calculations.
++ flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity;
+ flags &= ~NodeBytecodeUsesAsOther;
+
+ node->child1()->mergeFlags(flags);
+@@ -441,7 +452,7 @@ private:
+
+ case ValueMod:
+ case ArithMod: {
+- flags |= NodeBytecodeUsesAsNumber;
++ flags |= NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity;
+ flags &= ~NodeBytecodeUsesAsOther;
+
+ node->child1()->mergeFlags(flags);
+@@ -452,7 +463,7 @@ private:
+ case EnumeratorGetByVal:
+ case GetByVal: {
+ m_graph.varArgChild(node, 0)->mergeFlags(NodeBytecodeUsesAsValue);
+- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsArrayIndex);
+ break;
+ }
+
+@@ -461,13 +472,13 @@ private:
+ // Negative zero is not observable. NaN versus undefined are only observable
+ // in that you would get a different exception message. So, like, whatever: we
+ // claim here that NaN v. undefined is observable.
+- node->child1()->mergeFlags(NodeBytecodeUsesAsInt | NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsArrayIndex);
++ node->child1()->mergeFlags(NodeBytecodeUsesAsInt | NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsArrayIndex);
+ break;
+ }
+
+ case ToString:
+ case CallStringConstructor: {
+- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther);
++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity);
+ break;
+ }
+
+@@ -487,15 +498,15 @@ private:
+ case CompareBelowEq:
+ case CompareEq:
+ case CompareStrictEq: {
+- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther);
+- node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther);
++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity);
++ node->child2()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity);
+ break;
+ }
+
+ case PutByValDirect:
+ case PutByVal: {
+ m_graph.varArgChild(node, 0)->mergeFlags(NodeBytecodeUsesAsValue);
+- m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex);
++ m_graph.varArgChild(node, 1)->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex | NodeBytecodeNeedsNaNOrInfinity);
+ m_graph.varArgChild(node, 2)->mergeFlags(NodeBytecodeUsesAsValue);
+ break;
+ }
+@@ -508,20 +519,20 @@ private:
+ // then -0 and 0 are treated the same. We don't need NodeBytecodeUsesAsOther
+ // because if all of the cases are integers then NaN and undefined are
+ // treated the same (i.e. they will take default).
+- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsInt);
++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsInt | NodeBytecodeNeedsNaNOrInfinity);
+ break;
+ case SwitchChar: {
+ // We don't need NodeBytecodeNeedsNegZero because if the cases are all strings
+ // then -0 and 0 are treated the same. We don't need NodeBytecodeUsesAsOther
+ // because if all of the cases are single-character strings then NaN
+ // and undefined are treated the same (i.e. they will take default).
+- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber);
++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNaNOrInfinity);
+ break;
+ }
+ case SwitchString:
+ // We don't need NodeBytecodeNeedsNegZero because if the cases are all strings
+ // then -0 and 0 are treated the same.
+- node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther);
++ node->child1()->mergeFlags(NodeBytecodeUsesAsNumber | NodeBytecodeUsesAsOther | NodeBytecodeNeedsNaNOrInfinity);
+ break;
+ case SwitchCell:
+ // There is currently no point to being clever here since this is used for switching
+diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+index e8bee58ada15..b679539de2e6 100644
+--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
++++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+@@ -81,7 +81,9 @@ private:
+ if (optimizeForX86() || optimizeForARM64() || optimizeForARMv7IDIVSupported()) {
+ fixIntOrBooleanEdge(leftChild);
+ fixIntOrBooleanEdge(rightChild);
+- if (bytecodeCanTruncateInteger(node->arithNodeFlags()))
++ // We need to be careful about skipping overflow check because div / mod can generate non integer values
++ // from (Int32, Int32) inputs. For now, we always check non-zero divisor.
++ if (bytecodeCanTruncateInteger(node->arithNodeFlags()) && bytecodeCanIgnoreNaNAndInfinity(node->arithNodeFlags()) && bytecodeCanIgnoreNegativeZero(node->arithNodeFlags()))
+ node->setArithMode(Arith::Unchecked);
+ else if (bytecodeCanIgnoreNegativeZero(node->arithNodeFlags()))
+ node->setArithMode(Arith::CheckOverflow);
+@@ -122,7 +124,7 @@ private:
+
+ void fixupArithDiv(Node* node, Edge& leftChild, Edge& rightChild)
+ {
+- if (m_graph.binaryArithShouldSpeculateInt32(node, FixupPass)) {
++ if (m_graph.divShouldSpeculateInt32(node, FixupPass)) {
+ fixupArithDivInt32(node, leftChild, rightChild);
+ return;
+ }
+diff --git a/Source/JavaScriptCore/dfg/DFGGraph.h b/Source/JavaScriptCore/dfg/DFGGraph.h
+index ca566d3a484e..284c87672849 100644
+--- a/Source/JavaScriptCore/dfg/DFGGraph.h
++++ b/Source/JavaScriptCore/dfg/DFGGraph.h
+@@ -373,6 +373,17 @@ public:
+
+ return shouldSpeculateInt52ForAdd(left) && shouldSpeculateInt52ForAdd(right);
+ }
++
++ bool divShouldSpeculateInt32(Node* node, PredictionPass pass)
++ {
++ // Even if inputs are Int32, div can generate NaN or Infinity.
++ // Thus, Overflow in div can be caused by these non integer values as well as actual Int32 overflow.
++ Node* left = node->child1().node();
++ Node* right = node->child2().node();
++
++ return Node::shouldSpeculateInt32OrBooleanForArithmetic(left, right)
++ && nodeCanSpeculateInt32ForDiv(node->arithNodeFlags(), node->sourceFor(pass));
++ }
+
+ bool binaryArithShouldSpeculateInt32(Node* node, PredictionPass pass)
+ {
+diff --git a/Source/JavaScriptCore/dfg/DFGNode.h b/Source/JavaScriptCore/dfg/DFGNode.h
+index f9ff50658e93..04509a3846ca 100644
+--- a/Source/JavaScriptCore/dfg/DFGNode.h
++++ b/Source/JavaScriptCore/dfg/DFGNode.h
+@@ -3308,21 +3308,25 @@ public:
+ out.printf(", @%u", child3()->index());
+ }
+
+- NodeOrigin origin;
++ NO_UNIQUE_ADDRESS NodeOrigin origin;
+
++private:
++ NO_UNIQUE_ADDRESS NodeType m_op;
++
++ NO_UNIQUE_ADDRESS unsigned m_index { std::numeric_limits<unsigned>::max() };
++
++public:
+ // References to up to 3 children, or links to a variable length set of children.
+ AdjacencyList children;
+
+ private:
+ friend class B3::SparseCollection<Node>;
+
+- unsigned m_index { std::numeric_limits<unsigned>::max() };
+- unsigned m_op : 10; // real type is NodeType
+- unsigned m_flags : 21;
+ // The virtual register number (spill location) associated with this .
+ VirtualRegister m_virtualRegister;
+ // The number of uses of the result of this operation (+1 for 'must generate' nodes, which have side-effects).
+ unsigned m_refCount;
++ NodeFlags m_flags;
+ // The prediction ascribed to this node after propagation.
+ SpeculatedType m_prediction { SpecNone };
+ // Immediate values, accesses type-checked via accessors above.
+diff --git a/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp b/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
+index 88242947f6ef..0c53cd976c5c 100644
+--- a/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
++++ b/Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
+@@ -74,12 +74,14 @@ void dumpNodeFlags(PrintStream& actualOut, NodeFlags flags)
+ out.print(comma, "VarArgs");
+
+ if (flags & NodeResultMask) {
+- if (!(flags & NodeBytecodeUsesAsNumber) && !(flags & NodeBytecodeNeedsNegZero))
++ if (!(flags & NodeBytecodeUsesAsNumber))
+ out.print(comma, "PureInt");
+- else if (!(flags & NodeBytecodeUsesAsNumber))
+- out.print(comma, "PureInt(w/ neg zero)");
+- else if (!(flags & NodeBytecodeNeedsNegZero))
++ else
+ out.print(comma, "PureNum");
++ if (flags & NodeBytecodeNeedsNegZero)
++ out.print(comma, "NeedsNegZero");
++ if (flags & NodeBytecodeNeedsNaNOrInfinity)
++ out.print(comma, "NeedsNaNOrInfinity");
+ if (flags & NodeBytecodeUsesAsOther)
+ out.print(comma, "UseAsOther");
+ }
+diff --git a/Source/JavaScriptCore/dfg/DFGNodeFlags.h b/Source/JavaScriptCore/dfg/DFGNodeFlags.h
+index 2ebe3544f601..aa60db7e6ba0 100644
+--- a/Source/JavaScriptCore/dfg/DFGNodeFlags.h
++++ b/Source/JavaScriptCore/dfg/DFGNodeFlags.h
+@@ -61,18 +61,19 @@ namespace JSC { namespace DFG {
+ #define NodeBytecodeUseBottom 0x00000
+ #define NodeBytecodeUsesAsNumber 0x04000 // The result of this computation may be used in a context that observes fractional, or bigger-than-int32, results.
+ #define NodeBytecodeNeedsNegZero 0x08000 // The result of this computation may be used in a context that observes -0.
+-#define NodeBytecodeUsesAsOther 0x10000 // The result of this computation may be used in a context that distinguishes between NaN and other things (like undefined).
+-#define NodeBytecodeUsesAsInt 0x20000 // The result of this computation is known to be used in a context that prefers, but does not require, integer values.
+-#define NodeBytecodeUsesAsArrayIndex 0x40000 // The result of this computation is known to be used in a context that strongly prefers integer values, to the point that we should avoid using doubles if at all possible.
+-#define NodeBytecodeUsesAsValue (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther)
+-#define NodeBytecodeBackPropMask (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex)
++#define NodeBytecodeNeedsNaNOrInfinity 0x10000 // The result of this computation may be used in a context that observes NaN or Infinity.
++#define NodeBytecodeUsesAsOther 0x20000 // The result of this computation may be used in a context that distinguishes between NaN and other things (like undefined).
++#define NodeBytecodeUsesAsInt 0x40000 // The result of this computation is known to be used in a context that prefers, but does not require, integer values.
++#define NodeBytecodeUsesAsArrayIndex 0x80000 // The result of this computation is known to be used in a context that strongly prefers integer values, to the point that we should avoid using doubles if at all possible.
++#define NodeBytecodeUsesAsValue (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther)
++#define NodeBytecodeBackPropMask (NodeBytecodeUsesAsNumber | NodeBytecodeNeedsNegZero | NodeBytecodeNeedsNaNOrInfinity | NodeBytecodeUsesAsOther | NodeBytecodeUsesAsInt | NodeBytecodeUsesAsArrayIndex)
+
+ #define NodeArithFlagsMask (NodeBehaviorMask | NodeBytecodeBackPropMask)
+
+-#define NodeIsFlushed 0x80000 // Computed by CPSRethreadingPhase, will tell you which local nodes are backwards-reachable from a Flush.
++#define NodeIsFlushed 0x100000 // Computed by CPSRethreadingPhase, will tell you which local nodes are backwards-reachable from a Flush.
+
+-#define NodeMiscFlag1 0x100000
+-#define NodeMiscFlag2 0x200000
++#define NodeMiscFlag1 0x200000
++#define NodeMiscFlag2 0x400000
+
+ typedef uint32_t NodeFlags;
+
+@@ -91,6 +92,11 @@ static inline bool bytecodeCanIgnoreNegativeZero(NodeFlags flags)
+ return !(flags & NodeBytecodeNeedsNegZero);
+ }
+
++static inline bool bytecodeCanIgnoreNaNAndInfinity(NodeFlags flags)
++{
++ return !(flags & NodeBytecodeNeedsNaNOrInfinity);
++}
++
+ enum RareCaseProfilingSource {
+ BaselineRareCase, // Comes from slow case counting in the baseline JIT.
+ DFGRareCase, // Comes from OSR exit profiles.
+@@ -147,6 +153,21 @@ static inline bool nodeCanSpeculateInt32(NodeFlags flags, RareCaseProfilingSourc
+ return true;
+ }
+
++static inline bool nodeCanSpeculateInt32ForDiv(NodeFlags flags, RareCaseProfilingSource source)
++{
++ if (nodeMayOverflowInt32(flags, source)) {
++ if (bytecodeUsesAsNumber(flags))
++ return false;
++ if (!bytecodeCanIgnoreNaNAndInfinity(flags))
++ return false;
++ }
++
++ if (nodeMayNegZero(flags, source))
++ return bytecodeCanIgnoreNegativeZero(flags);
++
++ return true;
++}
++
+ static inline bool nodeCanSpeculateInt52(NodeFlags flags, RareCaseProfilingSource source)
+ {
+ if (nodeMayOverflowInt52(flags, source))
+diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h
+index 8f885b570665..aad4d559ccf7 100644
+--- a/Source/JavaScriptCore/dfg/DFGNodeType.h
++++ b/Source/JavaScriptCore/dfg/DFGNodeType.h
+@@ -567,7 +567,7 @@ namespace JSC { namespace DFG {
+
+ // This enum generates a monotonically increasing id for all Node types,
+ // and is used by the subsequent enum to fill out the id (as accessed via the NodeIdMask).
+-enum NodeType {
++enum NodeType : uint16_t {
+ #define DFG_OP_ENUM(opcode, flags) opcode,
+ FOR_EACH_DFG_OP(DFG_OP_ENUM)
+ #undef DFG_OP_ENUM
+@@ -577,6 +577,7 @@ enum NodeType {
+ #define DFG_OP_COUNT(opcode, flags) + 1
+ constexpr unsigned numberOfNodeTypes = FOR_EACH_DFG_OP(DFG_OP_COUNT);
+ #undef DFG_OP_COUNT
++static_assert(numberOfNodeTypes <= UINT16_MAX);
+
+ // Specifies the default flags for each node.
+ inline NodeFlags defaultFlags(NodeType op)
+--
+2.34.1
+
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 7b2c5c6..1dac4f5 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -15,6 +15,8 @@
file://0001-Fix-build-without-opengl-or-es.patch \
file://reproducibility.patch \
file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
+ file://CVE-2022-32888.patch \
+ file://CVE-2022-32923.patch \
"
SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
diff --git a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb
similarity index 90%
rename from poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
rename to poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb
index 7082010..b3d7b22 100644
--- a/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
+++ b/poky/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb
@@ -13,7 +13,7 @@
REQUIRED_DISTRO_FEATURES = "opengl"
SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155"
+SRC_URI[sha256sum] = "93c9766ae9864eeaeaee2b0a74f22cbca08df42c1a1bdb55b086f2528e380d38"
# Especially helps compiling with clang which enable this as error when
# using c++11
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch
index fb3ee6a..d3d1d2d 100644
--- a/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-27536.patch
@@ -3,10 +3,11 @@
Date: Fri, 10 Mar 2023 09:22:43 +0100
Subject: [PATCH] url: only reuse connections with same GSS delegation
-Upstream-Status: Backport from [https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]
+Upstream-Status: Backport from [https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5]
CVE: CVE-2023-27536
Signed-off-by: Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com>
---
lib/url.c | 6 ++++++
lib/urldata.h | 1 +
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch
new file mode 100644
index 0000000..c0bca9a
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28319.patch
@@ -0,0 +1,33 @@
+From 8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 8 May 2023 14:33:54 +0200
+Subject: [PATCH] libssh2: free fingerprint better
+
+Reported-by: Wei Chong Tan
+Closes #11088
+
+CVE: CVE-2023-28319
+Upstream-Status: Backport [https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c]
+Comments: Hunks Refreshed
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ lib/vssh/libssh2.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
+index bfcc94e160178..dd39a844c646b 100644
+--- a/lib/vssh/libssh2.c
++++ b/lib/vssh/libssh2.c
+@@ -695,11 +695,10 @@
+ */
+ if((pub_pos != b64_pos) ||
+ Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) {
+- free(fingerprint_b64);
+-
+ failf(data,
+ "Denied establishing ssh session: mismatch sha256 fingerprint. "
+ "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
++ free(fingerprint_b64);
+ state(data, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch
new file mode 100644
index 0000000..1e0fc75
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28320.patch
@@ -0,0 +1,83 @@
+From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Tue, 25 Apr 2023 09:22:26 +0200
+Subject: [PATCH] hostip: add locks around use of global buffer for alarm()
+
+When building with the sync name resolver and timeout ability we now
+require thread-safety to be present to enable it.
+
+Closes #11030
+
+CVE: CVE-2023-28320
+Upstream-Status: Backport [https://github.com/curl/curl/commit/13718030ad4b3209a7583b]
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ lib/hostip.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/lib/hostip.c b/lib/hostip.c
+index 2381290fdd43e..e410cda69ae6e 100644
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -70,12 +70,19 @@
+ #include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
+ #endif
+
+-#if defined(CURLRES_SYNCH) && \
+- defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP)
++#if defined(CURLRES_SYNCH) && \
++ defined(HAVE_ALARM) && \
++ defined(SIGALRM) && \
++ defined(HAVE_SIGSETJMP) && \
++ defined(GLOBAL_INIT_IS_THREADSAFE)
+ /* alarm-based timeouts can only be used with all the dependencies satisfied */
+ #define USE_ALARM_TIMEOUT
+ #endif
+
++#ifdef USE_ALARM_TIMEOUT
++#include "easy_lock.h"
++#endif
++
+ #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
+
+ /*
+@@ -254,11 +261,12 @@ void Curl_hostcache_prune(struct Curl_easy *data)
+ Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+ }
+
+-#ifdef HAVE_SIGSETJMP
++#ifdef USE_ALARM_TIMEOUT
+ /* Beware this is a global and unique instance. This is used to store the
+ return address that we can jump back to from inside a signal handler. This
+ is not thread-safe stuff. */
+ sigjmp_buf curl_jmpenv;
++curl_simple_lock curl_jmpenv_lock;
+ #endif
+
+ /* lookup address, returns entry if found and not stale */
+@@ -832,7 +840,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
+ static
+ void alarmfunc(int sig)
+ {
+- /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */
+ (void)sig;
+ siglongjmp(curl_jmpenv, 1);
+ }
+@@ -912,6 +919,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
+ This should be the last thing we do before calling Curl_resolv(),
+ as otherwise we'd have to worry about variables that get modified
+ before we invoke Curl_resolv() (and thus use "volatile"). */
++ curl_simple_lock_lock(&curl_jmpenv_lock);
++
+ if(sigsetjmp(curl_jmpenv, 1)) {
+ /* this is coming from a siglongjmp() after an alarm signal */
+ failf(data, "name lookup timed out");
+@@ -980,6 +989,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
+ #endif
+ #endif /* HAVE_SIGACTION */
+
++ curl_simple_lock_unlock(&curl_jmpenv_lock);
++
+ /* switch back the alarm() to either zero or to what it was before minus
+ the time we spent until now! */
+ if(prev_alarm) {
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch
new file mode 100644
index 0000000..bcd8b11
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28321.patch
@@ -0,0 +1,302 @@
+From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 24 Apr 2023 21:07:02 +0200
+Subject: [PATCH] hostcheck: fix host name wildcard checking
+
+The leftmost "label" of the host name can now only match against single
+'*'. Like the browsers have worked for a long time.
+
+- extended unit test 1397 for this
+- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
+
+Reported-by: Hiroki Kurosawa
+Closes #11018
+
+CVE: CVE-2023-28321
+Upstream-Status: Backport [https://github.com/curl/curl/commit/199f2d440d8659b42]
+Comments: Hunks removed as changes already exist
+Removed hunks from files:
+tests/unit/Makefile.am
+tests/unit/Makefile.inc
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ lib/vtls/hostcheck.c | 50 +++++++--------
+ tests/data/test1397 | 10 ++-
+ tests/unit/Makefile.am | 94 ----------------------------
+ tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++
+ tests/unit/unit1397.c | 134 ++++++++++++++++++++++++----------------
+ 5 files changed, 202 insertions(+), 180 deletions(-)
+
+diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c
+index e827dc58f378c..d061c6356f97f 100644
+--- a/lib/vtls/hostcheck.c
++++ b/lib/vtls/hostcheck.c
+@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen,
+ * apparent distinction between a name and an IP. We need to detect the use of
+ * an IP address and not wildcard match on such names.
+ *
++ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor
++ * "*b".
++ *
+ * Return TRUE on a match. FALSE if not.
++ *
++ * @unittest: 1397
+ */
+
+ static bool hostmatch(const char *hostname,
+@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname,
+ const char *pattern,
+ size_t patternlen)
+ {
+- const char *pattern_label_end, *wildcard, *hostname_label_end;
+- size_t prefixlen, suffixlen;
++ const char *pattern_label_end;
+
+- /* normalize pattern and hostname by stripping off trailing dots */
++ DEBUGASSERT(pattern);
+ DEBUGASSERT(patternlen);
++ DEBUGASSERT(hostname);
++ DEBUGASSERT(hostlen);
++
++ /* normalize pattern and hostname by stripping off trailing dots */
+ if(hostname[hostlen-1]=='.')
+ hostlen--;
+ if(pattern[patternlen-1]=='.')
+ patternlen--;
+
+- wildcard = memchr(pattern, '*', patternlen);
+- if(!wildcard)
++ if(strncmp(pattern, "*.", 2))
+ return pmatch(hostname, hostlen, pattern, patternlen);
+
+ /* detect IP address as hostname and fail the match if so */
+- if(Curl_host_is_ipnum(hostname))
++ else if(Curl_host_is_ipnum(hostname))
+ return FALSE;
+
+ /* We require at least 2 dots in the pattern to avoid too wide wildcard
+ match. */
+ pattern_label_end = memchr(pattern, '.', patternlen);
+ if(!pattern_label_end ||
+- (memrchr(pattern, '.', patternlen) == pattern_label_end) ||
+- strncasecompare(pattern, "xn--", 4))
++ (memrchr(pattern, '.', patternlen) == pattern_label_end))
+ return pmatch(hostname, hostlen, pattern, patternlen);
+-
+- hostname_label_end = memchr(hostname, '.', hostlen);
+- if(!hostname_label_end)
+- return FALSE;
+ else {
+- size_t skiphost = hostname_label_end - hostname;
+- size_t skiplen = pattern_label_end - pattern;
+- if(!pmatch(hostname_label_end, hostlen - skiphost,
+- pattern_label_end, patternlen - skiplen))
+- return FALSE;
++ const char *hostname_label_end = memchr(hostname, '.', hostlen);
++ if(hostname_label_end) {
++ size_t skiphost = hostname_label_end - hostname;
++ size_t skiplen = pattern_label_end - pattern;
++ return pmatch(hostname_label_end, hostlen - skiphost,
++ pattern_label_end, patternlen - skiplen);
++ }
+ }
+- /* The wildcard must match at least one character, so the left-most
+- label of the hostname is at least as large as the left-most label
+- of the pattern. */
+- if(hostname_label_end - hostname < pattern_label_end - pattern)
+- return FALSE;
+-
+- prefixlen = wildcard - pattern;
+- suffixlen = pattern_label_end - (wildcard + 1);
+- return strncasecompare(pattern, hostname, prefixlen) &&
+- strncasecompare(wildcard + 1, hostname_label_end - suffixlen,
+- suffixlen) ? TRUE : FALSE;
++ return FALSE;
+ }
+
+ /*
+diff --git a/tests/data/test1397 b/tests/data/test1397
+index 84f962abebee3..f31b2c2a3f330 100644
+--- a/tests/data/test1397
++++ b/tests/data/test1397
+@@ -2,8 +2,7 @@
+ <info>
+ <keywords>
+ unittest
+-ssl
+-wildcard
++Curl_cert_hostcheck
+ </keywords>
+ </info>
+
+@@ -16,9 +15,8 @@ none
+ <features>
+ unittest
+ </features>
+- <name>
+-Check wildcard certificate matching function Curl_cert_hostcheck
+- </name>
++<name>
++Curl_cert_hostcheck unit tests
++</name>
+ </client>
+-
+ </testcase>
+diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
+index 2f3d3aa4d09e1..3ae75618d5d10 100644
+--- a/tests/unit/unit1397.c
++++ b/tests/unit/unit1397.c
+@@ -23,7 +23,6 @@
+ ***************************************************************************/
+ #include "curlcheck.h"
+
+-#include "vtls/hostcheck.h" /* from the lib dir */
+
+ static CURLcode unit_setup(void)
+ {
+@@ -32,63 +31,94 @@ static CURLcode unit_setup(void)
+
+ static void unit_stop(void)
+ {
+- /* done before shutting down and exiting */
+ }
+
+-UNITTEST_START
+-
+ /* only these backends define the tested functions */
+-#if defined(USE_OPENSSL) || defined(USE_GSKIT)
+-
+- /* here you start doing things and checking that the results are good */
++#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
++#include "vtls/hostcheck.h"
++struct testcase {
++ const char *host;
++ const char *pattern;
++ bool match;
++};
+
+-fail_unless(Curl_cert_hostcheck(STRCONST("www.example.com"),
+- STRCONST("www.example.com")), "good 1");
+-fail_unless(Curl_cert_hostcheck(STRCONST("*.example.com"),
+- STRCONST("www.example.com")),
+- "good 2");
+-fail_unless(Curl_cert_hostcheck(STRCONST("xxx*.example.com"),
+- STRCONST("xxxwww.example.com")), "good 3");
+-fail_unless(Curl_cert_hostcheck(STRCONST("f*.example.com"),
+- STRCONST("foo.example.com")), "good 4");
+-fail_unless(Curl_cert_hostcheck(STRCONST("192.168.0.0"),
+- STRCONST("192.168.0.0")), "good 5");
++static struct testcase tests[] = {
++ {"", "", FALSE},
++ {"a", "", FALSE},
++ {"", "b", FALSE},
++ {"a", "b", FALSE},
++ {"aa", "bb", FALSE},
++ {"\xff", "\xff", TRUE},
++ {"aa.aa.aa", "aa.aa.bb", FALSE},
++ {"aa.aa.aa", "aa.aa.aa", TRUE},
++ {"aa.aa.aa", "*.aa.bb", FALSE},
++ {"aa.aa.aa", "*.aa.aa", TRUE},
++ {"192.168.0.1", "192.168.0.1", TRUE},
++ {"192.168.0.1", "*.168.0.1", FALSE},
++ {"192.168.0.1", "*.0.1", FALSE},
++ {"h.ello", "*.ello", FALSE},
++ {"h.ello.", "*.ello", FALSE},
++ {"h.ello", "*.ello.", FALSE},
++ {"h.e.llo", "*.e.llo", TRUE},
++ {"h.e.llo", " *.e.llo", FALSE},
++ {" h.e.llo", "*.e.llo", TRUE},
++ {"h.e.llo.", "*.e.llo", TRUE},
++ {"*.e.llo.", "*.e.llo", TRUE},
++ {"************.e.llo.", "*.e.llo", TRUE},
++ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
++ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
++ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
++ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
++ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
++ ".e.llo.", "*.e.llo", TRUE},
++ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
++ {"h.e.llo.", "*.e.llo.", TRUE},
++ {"h.e.llo", "*.e.llo.", TRUE},
++ {".h.e.llo", "*.e.llo.", FALSE},
++ {"h.e.llo", "*.*.llo.", FALSE},
++ {"h.e.llo", "h.*.llo", FALSE},
++ {"h.e.llo", "h.e.*", FALSE},
++ {"hello", "*.ello", FALSE},
++ {"hello", "**llo", FALSE},
++ {"bar.foo.example.com", "*.example.com", FALSE},
++ {"foo.example.com", "*.example.com", TRUE},
++ {"baz.example.net", "b*z.example.net", FALSE},
++ {"foobaz.example.net", "*baz.example.net", FALSE},
++ {"xn--l8j.example.local", "x*.example.local", FALSE},
++ {"xn--l8j.example.net", "*.example.net", TRUE},
++ {"xn--l8j.example.net", "*j.example.net", FALSE},
++ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
++ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
++ {"xl8j.example.net", "*.example.net", TRUE},
++ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
++ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
++ {NULL, NULL, FALSE}
++};
+
+-fail_if(Curl_cert_hostcheck(STRCONST("xxx.example.com"),
+- STRCONST("www.example.com")), "bad 1");
+-fail_if(Curl_cert_hostcheck(STRCONST("*"),
+- STRCONST("www.example.com")),"bad 2");
+-fail_if(Curl_cert_hostcheck(STRCONST("*.*.com"),
+- STRCONST("www.example.com")), "bad 3");
+-fail_if(Curl_cert_hostcheck(STRCONST("*.example.com"),
+- STRCONST("baa.foo.example.com")), "bad 4");
+-fail_if(Curl_cert_hostcheck(STRCONST("f*.example.com"),
+- STRCONST("baa.example.com")), "bad 5");
+-fail_if(Curl_cert_hostcheck(STRCONST("*.com"),
+- STRCONST("example.com")), "bad 6");
+-fail_if(Curl_cert_hostcheck(STRCONST("*fail.com"),
+- STRCONST("example.com")), "bad 7");
+-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
+- STRCONST("www.example.")), "bad 8");
+-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
+- STRCONST("www.example")), "bad 9");
+-fail_if(Curl_cert_hostcheck(STRCONST(""), STRCONST("www")), "bad 10");
+-fail_if(Curl_cert_hostcheck(STRCONST("*"), STRCONST("www")), "bad 11");
+-fail_if(Curl_cert_hostcheck(STRCONST("*.168.0.0"),
+- STRCONST("192.168.0.0")), "bad 12");
+-fail_if(Curl_cert_hostcheck(STRCONST("www.example.com"),
+- STRCONST("192.168.0.0")), "bad 13");
+-
+-#ifdef ENABLE_IPV6
+-fail_if(Curl_cert_hostcheck(STRCONST("*::3285:a9ff:fe46:b619"),
+- STRCONST("fe80::3285:a9ff:fe46:b619")), "bad 14");
+-fail_unless(Curl_cert_hostcheck(STRCONST("fe80::3285:a9ff:fe46:b619"),
+- STRCONST("fe80::3285:a9ff:fe46:b619")),
+- "good 6");
+-#endif
++UNITTEST_START
++{
++ int i;
++ for(i = 0; tests[i].host; i++) {
++ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
++ strlen(tests[i].pattern),
++ tests[i].host,
++ strlen(tests[i].host))) {
++ fprintf(stderr,
++ "HOST: %s\n"
++ "PTRN: %s\n"
++ "did %sMATCH\n",
++ tests[i].host,
++ tests[i].pattern,
++ tests[i].match ? "NOT ": "");
++ unitfail++;
++ }
++ }
++}
+
+-#endif
++UNITTEST_STOP
++#else
+
+- /* you end the test code like this: */
++UNITTEST_START
+
+ UNITTEST_STOP
++#endif
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch
new file mode 100644
index 0000000..5471270
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-1.patch
@@ -0,0 +1,84 @@
+From efbf02111aa66bda9288506b7d5cc0226bf5453e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 12 Feb 2023 13:24:08 +0100
+Subject: [PATCH] smb: return error on upload without size
+
+The protocol needs to know the size ahead of time, this is now a known
+restriction and not a bug.
+
+Also output a clearer error if the URL path does not contain proper
+share.
+
+Ref: #7896
+Closes #10484
+
+CVE: CVE-2023-28322
+Upstream-Status: Backport [https://github.com/curl/curl/commit/efbf02111aa66bda9288506b7d5cc0226bf5453e]
+Comments: Hunks refreshed
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ docs/KNOWN_BUGS | 5 -----
+ docs/URL-SYNTAX.md | 3 +++
+ lib/smb.c | 6 ++++++
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
+index cbf5be352a279..a515e7a59bdfd 100644
+--- a/docs/KNOWN_BUGS
++++ b/docs/KNOWN_BUGS
+@@ -58,7 +58,6 @@
+ 5.7 Visual Studio project gaps
+ 5.8 configure finding libs in wrong directory
+ 5.9 Utilize Requires.private directives in libcurl.pc
+- 5.10 curl hangs on SMB upload over stdin
+ 5.11 configure --with-gssapi with Heimdal is ignored on macOS
+ 5.12 flaky Windows CI builds
+
+@@ -332,10 +331,6 @@ problems may have been fixed or changed somewhat since this was written.
+
+ https://github.com/curl/curl/issues/864
+
+-5.10 curl hangs on SMB upload over stdin
+-
+- See https://github.com/curl/curl/issues/7896
+-
+ 5.11 configure --with-gssapi with Heimdal is ignored on macOS
+
+ ... unless you also pass --with-gssapi-libs
+diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md
+index 691fcceacd66c..802bbdef96979 100644
+--- a/docs/URL-SYNTAX.md
++++ b/docs/URL-SYNTAX.md
+@@ -360,6 +360,9 @@ share and directory or the share to upload to and as such, may not be omitted.
+ If the user name is embedded in the URL then it must contain the domain name
+ and as such, the backslash must be URL encoded as %2f.
+
++When uploading to SMB, the size of the file needs to be known ahead of time,
++meaning that you can upload a file passed to curl over a pipe like stdin.
++
+ curl supports SMB version 1 (only)
+
+ ## SMTP
+diff --git a/lib/smb.c b/lib/smb.c
+index 8a76763c157ce..dc0abe784bcee 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -763,6 +763,11 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+ void *msg = NULL;
+ const struct smb_nt_create_response *smb_m;
+
++ if(data->set.upload && (data->state.infilesize < 0)) {
++ failf(data, "SMB upload needs to know the size up front");
++ return CURLE_SEND_ERROR;
++ }
++
+ /* Start the request */
+ if(req->state == SMB_REQUESTING) {
+ result = smb_send_tree_connect(data);
+@@ -993,6 +998,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data,
+ /* The share must be present */
+ if(!slash) {
+ Curl_safefree(smbc->share);
++ failf(data, "missing share in URL path for SMB");
+ return CURLE_URL_MALFORMAT;
+ }
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch
new file mode 100644
index 0000000..f2134dd
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2023-28322-2.patch
@@ -0,0 +1,436 @@
+From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2023 08:28:01 +0200
+Subject: [PATCH] lib: unify the upload/method handling
+
+By making sure we set state.upload based on the set.method value and not
+independently as set.upload, we reduce confusion and mixup risks, both
+internally and externally.
+
+Closes #11017
+
+CVE: CVE-2023-28322
+Upstream-Status: Backport [https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de]
+Comments: Hunks refreshed
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ lib/curl_rtmp.c | 4 ++--
+ lib/file.c | 4 ++--
+ lib/ftp.c | 8 ++++----
+ lib/http.c | 4 ++--
+ lib/imap.c | 6 +++---
+ lib/rtsp.c | 4 ++--
+ lib/setopt.c | 6 ++----
+ lib/smb.c | 6 +++---
+ lib/smtp.c | 4 ++--
+ lib/tftp.c | 8 ++++----
+ lib/transfer.c | 4 ++--
+ lib/urldata.h | 2 +-
+ lib/vssh/libssh.c | 6 +++---
+ lib/vssh/libssh2.c | 6 +++---
+ lib/vssh/wolfssh.c | 2 +-
+ 15 files changed, 36 insertions(+), 38 deletions(-)
+
+diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
+index 2679a2cdc1afe..406fb42ac0f44 100644
+--- a/lib/curl_rtmp.c
++++ b/lib/curl_rtmp.c
+@@ -231,7 +231,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done)
+ /* We have to know if it's a write before we send the
+ * connect request packet
+ */
+- if(data->set.upload)
++ if(data->state.upload)
+ r->Link.protocol |= RTMP_FEATURE_WRITE;
+
+ /* For plain streams, use the buffer toggle trick to keep data flowing */
+@@ -263,7 +263,7 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done)
+ if(!RTMP_ConnectStream(r, 0))
+ return CURLE_FAILED_INIT;
+
+- if(data->set.upload) {
++ if(data->state.upload) {
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
+ Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET);
+ }
+diff --git a/lib/file.c b/lib/file.c
+index 51c5d07ce40ab..c751e8861a99b 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -240,7 +240,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done)
+ file->freepath = real_path; /* free this when done */
+
+ file->fd = fd;
+- if(!data->set.upload && (fd == -1)) {
++ if(!data->state.upload && (fd == -1)) {
+ failf(data, "Couldn't open file %s", data->state.up.path);
+ file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
+ return CURLE_FILE_COULDNT_READ_FILE;
+@@ -422,7 +422,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
+
+ Curl_pgrsStartNow(data);
+
+- if(data->set.upload)
++ if(data->state.upload)
+ return file_upload(data);
+
+ file = data->req.p.file;
+diff --git a/lib/ftp.c b/lib/ftp.c
+index f50d7baf622f8..4ff68cc454cbc 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -1348,7 +1348,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data)
+ data->set.str[STRING_CUSTOMREQUEST]?
+ data->set.str[STRING_CUSTOMREQUEST]:
+ (data->state.list_only?"NLST":"LIST"));
+- else if(data->set.upload)
++ else if(data->state.upload)
+ result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s",
+ conn->proto.ftpc.file);
+ else
+@@ -3384,7 +3384,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
+ /* the response code from the transfer showed an error already so no
+ use checking further */
+ ;
+- else if(data->set.upload) {
++ else if(data->state.upload) {
+ if((-1 != data->state.infilesize) &&
+ (data->state.infilesize != data->req.writebytecount) &&
+ !data->set.crlf &&
+@@ -3640,7 +3640,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep)
+ connected back to us */
+ }
+ }
+- else if(data->set.upload) {
++ else if(data->state.upload) {
+ result = ftp_nb_type(data, conn, data->state.prefer_ascii,
+ FTP_STOR_TYPE);
+ if(result)
+@@ -4233,7 +4233,7 @@
+ ftpc->file = NULL; /* instead of point to a zero byte,
+ we make it a NULL pointer */
+
+- if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
++ if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
+ /* We need a file name when uploading. Return error! */
+ failf(data, "Uploading to a URL without a file name!");
+ free(rawPath);
+diff --git a/lib/http.c b/lib/http.c
+index 80e43f6f361e8..bffdd3468536d 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -2033,7 +2033,7 @@
+ Curl_HttpReq httpreq = data->state.httpreq;
+ const char *request;
+ if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
+- data->set.upload)
++ data->state.upload)
+ httpreq = HTTPREQ_PUT;
+
+ /* Now set the 'request' pointer to the proper request string */
+@@ -2423,7 +2423,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn,
+ if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+ (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
+ http->postsize < 0) ||
+- ((data->set.upload || httpreq == HTTPREQ_POST) &&
++ ((data->state.upload || httpreq == HTTPREQ_POST) &&
+ data->state.infilesize == -1))) {
+ if(conn->bits.authneg)
+ /* don't enable chunked during auth neg */
+diff --git a/lib/imap.c b/lib/imap.c
+index c2f675d4b2618..1952e66a1efcd 100644
+--- a/lib/imap.c
++++ b/lib/imap.c
+@@ -1511,11 +1511,11 @@ static CURLcode imap_done(struct Curl_easy *data, CURLcode status,
+ result = status; /* use the already set error code */
+ }
+ else if(!data->set.connect_only && !imap->custom &&
+- (imap->uid || imap->mindex || data->set.upload ||
++ (imap->uid || imap->mindex || data->state.upload ||
+ data->set.mimepost.kind != MIMEKIND_NONE)) {
+ /* Handle responses after FETCH or APPEND transfer has finished */
+
+- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
++ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
+ state(data, IMAP_FETCH_FINAL);
+ else {
+ /* End the APPEND command first by sending an empty line */
+@@ -1581,7 +1581,7 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected,
+ selected = TRUE;
+
+ /* Start the first command in the DO phase */
+- if(data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
++ if(data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)
+ /* APPEND can be executed directly */
+ result = imap_perform_append(data);
+ else if(imap->custom && (selected || !imap->mailbox))
+diff --git a/lib/rtsp.c b/lib/rtsp.c
+index ea99d720ec4eb..ccd7264b00e74 100644
+--- a/lib/rtsp.c
++++ b/lib/rtsp.c
+@@ -493,7 +493,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
+ rtspreq == RTSPREQ_SET_PARAMETER ||
+ rtspreq == RTSPREQ_GET_PARAMETER) {
+
+- if(data->set.upload) {
++ if(data->state.upload) {
+ putsize = data->state.infilesize;
+ data->state.httpreq = HTTPREQ_PUT;
+
+@@ -512,7 +512,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
+ result =
+ Curl_dyn_addf(&req_buffer,
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
+- (data->set.upload ? putsize : postsize));
++ (data->state.upload ? putsize : postsize));
+ if(result)
+ return result;
+ }
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 38f5711e44191..0c3b9634d1192 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -333,8 +333,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+ * We want to sent data to the remote host. If this is HTTP, that equals
+ * using the PUT request.
+ */
+- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
+- if(data->set.upload) {
++ arg = va_arg(param, long);
++ if(arg) {
+ /* If this is HTTP, PUT is what's needed to "upload" */
+ data->set.method = HTTPREQ_PUT;
+ data->set.opt_no_body = FALSE; /* this is implied */
+@@ -625,7 +625,6 @@
+ }
+ else
+ data->set.method = HTTPREQ_GET;
+- data->set.upload = FALSE;
+ break;
+
+ case CURLOPT_HTTPPOST:
+@@ -888,7 +887,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+ */
+ if(va_arg(param, long)) {
+ data->set.method = HTTPREQ_GET;
+- data->set.upload = FALSE; /* switch off upload */
+ data->set.opt_no_body = FALSE; /* this is implied */
+ }
+ break;
+diff --git a/lib/smb.c b/lib/smb.c
+index a1e444ee6b97e..d6822213529bc 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -530,7 +530,7 @@ static CURLcode smb_send_open(struct Curl_easy *data)
+ byte_count = strlen(req->path);
+ msg.name_length = smb_swap16((unsigned short)byte_count);
+ msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
+- if(data->set.upload) {
++ if(data->state.upload) {
+ msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
+ msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
+ }
+@@ -762,7 +762,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+ void *msg = NULL;
+ const struct smb_nt_create_response *smb_m;
+
+- if(data->set.upload && (data->state.infilesize < 0)) {
++ if(data->state.upload && (data->state.infilesize < 0)) {
+ failf(data, "SMB upload needs to know the size up front");
+ return CURLE_SEND_ERROR;
+ }
+@@ -813,7 +813,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+ smb_m = (const struct smb_nt_create_response*) msg;
+ req->fid = smb_swap16(smb_m->fid);
+ data->req.offset = 0;
+- if(data->set.upload) {
++ if(data->state.upload) {
+ data->req.size = data->state.infilesize;
+ Curl_pgrsSetUploadSize(data, data->req.size);
+ next_state = SMB_UPLOAD;
+diff --git a/lib/smtp.c b/lib/smtp.c
+index 7a030308d4689..c182cace742d7 100644
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -1419,7 +1419,7 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status,
+ result = status; /* use the already set error code */
+ }
+ else if(!data->set.connect_only && data->set.mail_rcpt &&
+- (data->set.upload || data->set.mimepost.kind)) {
++ (data->state.upload || data->set.mimepost.kind)) {
+ /* Calculate the EOB taking into account any terminating CRLF from the
+ previous line of the email or the CRLF of the DATA command when there
+ is "no mail data". RFC-5321, sect. 4.1.1.4.
+@@ -1511,7 +1511,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected,
+ smtp->eob = 2;
+
+ /* Start the first command in the DO phase */
+- if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
++ if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+ /* MAIL transfer */
+ result = smtp_perform_mail(data);
+ else
+diff --git a/lib/tftp.c b/lib/tftp.c
+index 164d3c723c5b9..8ed1b887b4d21 100644
+--- a/lib/tftp.c
++++ b/lib/tftp.c
+@@ -370,7 +370,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state,
+
+ /* tsize should be ignored on upload: Who cares about the size of the
+ remote file? */
+- if(!data->set.upload) {
++ if(!data->state.upload) {
+ if(!tsize) {
+ failf(data, "invalid tsize -:%s:- value in OACK packet", value);
+ return CURLE_TFTP_ILLEGAL;
+@@ -451,7 +451,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
+ return result;
+ }
+
+- if(data->set.upload) {
++ if(data->state.upload) {
+ /* If we are uploading, send an WRQ */
+ setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
+ state->data->req.upload_fromhere =
+@@ -486,7 +486,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
+ if(!data->set.tftp_no_options) {
+ char buf[64];
+ /* add tsize option */
+- if(data->set.upload && (data->state.infilesize != -1))
++ if(data->state.upload && (data->state.infilesize != -1))
+ msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
+ data->state.infilesize);
+ else
+@@ -540,7 +540,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
+ break;
+
+ case TFTP_EVENT_OACK:
+- if(data->set.upload) {
++ if(data->state.upload) {
+ result = tftp_connect_for_tx(state, event);
+ }
+ else {
+diff --git a/lib/transfer.c b/lib/transfer.c
+index e9ab8fbf09510..cb69f3365855a 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1293,6 +1293,7 @@ void Curl_init_CONNECT(struct Curl_easy *data)
+ {
+ data->state.fread_func = data->set.fread_func_set;
+ data->state.in = data->set.in_set;
++ data->state.upload = (data->state.httpreq == HTTPREQ_PUT);
+ }
+
+ /*
+@@ -1767,7 +1767,6 @@
+ data->state.httpreq != HTTPREQ_POST_MIME) ||
+ !(data->set.keep_post & CURL_REDIR_POST_303))) {
+ data->state.httpreq = HTTPREQ_GET;
+- data->set.upload = false;
+ infof(data, "Switch to %s",
+ data->set.opt_no_body?"HEAD":"GET");
+ }
+@@ -1770,7 +1770,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url)
+
+ /* if we're talking upload, we can't do the checks below, unless the protocol
+ is HTTP as when uploading over HTTP we will still get a response */
+- if(data->set.upload &&
++ if(data->state.upload &&
+ !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
+ return CURLE_OK;
+
+diff --git a/lib/urldata.h b/lib/urldata.h
+index cca992a0295aa..a8580bdb66fe8 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1487,6 +1487,7 @@
+ BIT(url_alloc); /* URL string is malloc()'ed */
+ BIT(referer_alloc); /* referer string is malloc()ed */
+ BIT(wildcard_resolve); /* Set to true if any resolve change is a wildcard */
++ BIT(upload); /* upload request */
+ };
+
+ /*
+@@ -1838,7 +1839,6 @@ struct UserDefined {
+ BIT(http_auto_referer); /* set "correct" referer when following
+ location: */
+ BIT(opt_no_body); /* as set with CURLOPT_NOBODY */
+- BIT(upload); /* upload request */
+ BIT(verbose); /* output verbosity */
+ BIT(krb); /* Kerberos connection requested */
+ BIT(reuse_forbid); /* forbidden to be reused, close after use */
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index b31f741ba9492..d60edaa303642 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -1209,7 +1209,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+ }
+
+ case SSH_SFTP_TRANS_INIT:
+- if(data->set.upload)
++ if(data->state.upload)
+ state(data, SSH_SFTP_UPLOAD_INIT);
+ else {
+ if(protop->path[strlen(protop->path)-1] == '/')
+@@ -1802,7 +1802,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+ /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
+ ssh_set_blocking(sshc->ssh_session, 1);
+
+- if(data->set.upload) {
++ if(data->state.upload) {
+ if(data->state.infilesize < 0) {
+ failf(data, "SCP requires a known file size for upload");
+ sshc->actualcode = CURLE_UPLOAD_FAILED;
+@@ -1907,7 +1907,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+ break;
+ }
+ case SSH_SCP_DONE:
+- if(data->set.upload)
++ if(data->state.upload)
+ state(data, SSH_SCP_SEND_EOF);
+ else
+ state(data, SSH_SCP_CHANNEL_FREE);
+diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
+index f1154dc47a74e..f2e5352d1fd3a 100644
+--- a/lib/vssh/libssh2.c
++++ b/lib/vssh/libssh2.c
+@@ -2019,7 +2019,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
+ }
+
+ case SSH_SFTP_TRANS_INIT:
+- if(data->set.upload)
++ if(data->state.upload)
+ state(data, SSH_SFTP_UPLOAD_INIT);
+ else {
+ if(sshp->path[strlen(sshp->path)-1] == '/')
+@@ -2691,7 +2691,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
+ break;
+ }
+
+- if(data->set.upload) {
++ if(data->state.upload) {
+ if(data->state.infilesize < 0) {
+ failf(data, "SCP requires a known file size for upload");
+ sshc->actualcode = CURLE_UPLOAD_FAILED;
+@@ -2831,7 +2831,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
+ break;
+
+ case SSH_SCP_DONE:
+- if(data->set.upload)
++ if(data->state.upload)
+ state(data, SSH_SCP_SEND_EOF);
+ else
+ state(data, SSH_SCP_CHANNEL_FREE);
+diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
+index 17d59ecd23bc8..2ca91b7363b1d 100644
+--- a/lib/vssh/wolfssh.c
++++ b/lib/vssh/wolfssh.c
+@@ -557,7 +557,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
+ }
+ break;
+ case SSH_SFTP_TRANS_INIT:
+- if(data->set.upload)
++ if(data->state.upload)
+ state(data, SSH_SFTP_UPLOAD_INIT);
+ else {
+ if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
diff --git a/poky/meta/recipes-support/curl/curl_7.82.0.bb b/poky/meta/recipes-support/curl/curl_7.82.0.bb
index 70ceb9f..96280b3 100644
--- a/poky/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.82.0.bb
@@ -45,6 +45,11 @@
file://CVE-2023-27535-pre1.patch \
file://CVE-2023-27535_and_CVE-2023-27538.patch \
file://CVE-2023-27536.patch \
+ file://CVE-2023-28319.patch \
+ file://CVE-2023-28320.patch \
+ file://CVE-2023-28321.patch \
+ file://CVE-2023-28322-1.patch \
+ file://CVE-2023-28322-2.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
diff --git a/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb b/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb
index bb8766a..21af378 100644
--- a/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb
+++ b/poky/meta/recipes-support/libbsd/libbsd_0.11.5.bb
@@ -29,6 +29,13 @@
# License: public-domain-Colin-Plumb
LICENSE = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
LICENSE:${PN} = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dbg = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-dev = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-doc = "BSD-3-Clause & BSD-4-Clause & ISC & PD"
+LICENSE:${PN}-locale = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-src = "BSD-3-Clause & ISC & PD"
+LICENSE:${PN}-staticdev = "BSD-3-Clause & ISC & PD"
+
LIC_FILES_CHKSUM = "file://COPYING;md5=0b31944ca2c1075410a30f0c17379d3b"
SECTION = "libs"
diff --git a/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb b/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
index becacd4..90d3286 100644
--- a/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
+++ b/poky/meta/recipes-support/nghttp2/nghttp2_1.47.0.bb
@@ -23,17 +23,15 @@
#
EXTRA_OECMAKE += "-DENABLE_PYTHON_BINDINGS=OFF"
-PACKAGES =+ "lib${BPN} ${PN}-client ${PN}-proxy ${PN}-server"
+PACKAGES =+ "lib${BPN} ${PN}-proxy "
-RDEPENDS:${PN} = "${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server (>= ${PV})"
+RDEPENDS:${PN} = "${PN}-proxy (>= ${PV})"
RDEPENDS:${PN}:class-native = ""
RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell"
ALLOW_EMPTY:${PN} = "1"
FILES:${PN} = ""
FILES:lib${BPN} = "${libdir}/*${SOLIBS}"
-FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp"
FILES:${PN}-proxy = "${bindir}/nghttpx ${datadir}/${BPN}/fetch-ocsp-response"
-FILES:${PN}-server = "${bindir}/nghttpd"
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb
index 59cbb67..72b4462 100644
--- a/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb
+++ b/poky/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb
@@ -29,4 +29,4 @@
# PN contains p11-kit-proxy.so, a symlink to a loadable module
INSANE_SKIP:${PN} = "dev-so"
-BBCLASSEXTEND = "nativesdk"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
index a65a5b9..c28d391 100644
--- a/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/poky/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -390,6 +390,13 @@
logger.debug("Added %d extra blocks to %s to get to %d total blocks",
extra_blocks, part.mountpoint, blocks)
+ # required for compatibility with certain devices expecting file system
+ # block count to be equal to partition block count
+ if blocks < part.fixed_size:
+ blocks = part.fixed_size
+ logger.debug("Overriding %s to %d total blocks for compatibility",
+ part.mountpoint, blocks)
+
# dosfs image, created by mkdosfs
bootimg = "%s/boot.img" % cr_workdir