subtree updates
meta-raspberrypi: b6a1645a97..c57b464b88:
Lluis Campos (1):
rpi-cmdline: do_compile: Use pure Python syntax to get `CMDLINE`
meta-openembedded: 2eb39477a7..a755af4fb5:
Adrian Zaharia (1):
lapack: add packageconfig for lapacke
Akash Hadke (1):
polkit: Add --shell /bin/nologin to polkitd user
Alex Kiernan (3):
ntpsec: Add UPSTREAM_CHECK_URI
libgpiod: Detect ptest using PTEST_ENABLED
ostree: Cleanup PACKAGECONFIGs
Anuj Mittal (1):
yasm: fix buildpaths warning
Atanas Bunchev (1):
python3-twitter: Upgrade 4.8.0 -> 4.10.1
Bartosz Golaszewski (4):
imagemagick: add PACKAGECONFIG for C++ bindings
python3-matplotlib: don't use PYTHON_PN
python3-matplotlib: add packaging to RDEPENDS
python3-matplotlib: bump to 3.5.2
Bruce Ashfield (3):
vboxguestdrivers: fix build against 5.19 kernel / libc-headers
zfs: update to v2.1.5
vboxguestdrivers: make kernel shared directory dependency explicit
Carsten Bäcker (1):
spdlog: Fix CMake flag
Changqing Li (3):
fuse3: support ptest
redis: fix do_patch fuzz warning
dlt-daemon: fix dlt-system.service failed since buffer overflow
Clément Péron (1):
python: add Pydantic data validation package
Devendra Tewari (1):
android-tools: sleep more in android-gadget-start
Ed Tanous (1):
Add python-requests-unixsocket recipe
Enguerrand de Ribaucourt (1):
mdio-tools: add recipes
Etienne Cordonnier (1):
uutils-coreutils: add recipe
Jagadeesh Krishnanjanappa (4):
python3-asgiref: add recipe
python3-django: make 3.2.x as default version
python3-django: Add python3-asgiref runtime dependency
python3-django: remove 2.2.x recipe
Jan Luebbe (2):
chrony: add support for config and source snippet includes
gensio: upgrade 2.3.1 -> 2.5.2
Jan Vermaete (1):
makeself: added makeself as new recipe
Jim Broadus (1):
networkmanager: fix iptables and nft paths
Jose Quaresma (2):
wireguard-module: 1.0.20210219 -> 1.0.20220627
wireguard-tools: Add a new package for wg-quick
Julian Haller (2):
pcsc-lite: upgrade 1.9.0 -> 1.9.8
ccid: upgrade 1.4.33 -> 1.5.0
Justin Bronder (1):
lmdb: only set SONAME on the shared library
Khem Raj (61):
mariadb: Inherit pkgconfig
mariadb: Add packageconfig for lz4 and enable it
ibus: Swith to use main branch instead of master
kronosnet: Upgrade to 1.24
ostree: Upgrade to 2022.5 release
sdbus-c++-libsystemd: Fix build with glibc 2.36
xfstests: Upgrade to v2022.07.10
autofs: Fix build with glibc 2.36
audit: Upgrade to 3.0.8 and fix build with linux 5.17+
pcp: Add to USERADD_PACKAGES instead of override
mozjs: Use RUST_HOST_SYS and RUST_TARGET_SYS
fluentbit: Fix build with clang
audit: Fix build with musl
fluentbit: Fix build with musl
klibc: Upgrade to 2.0.10
gnome-keyring,cunit,xfce4-panel: Do not inherit remove-libtool class here
mpd: Update to 0.23.8
openipmi: Enable largefile cflags
proftpd: Always enable largefile support
netperf: Always enable largefile support
openipmi: Always enable largefile support
unbound: Always enable largefile support
sysbench: Always enable largefile support
libmtp: Always enable largefile support
toybox: Fix build with glibc 2.36+
xfstests: Upgrade to 2022.07.31 release
libmpd: Fix function returns and casts
audit: Revert the tweak done in configure step in do_install
mpd: Upgrade to 0.23.9
fluentbit: Use CMAKE_C_STANDARD_LIBRARIES cmake var to pass libatomic
fluentbit: Upgrade to 1.9.7 and fix build on x86
klibc: Fix build with kernel 5.19 headers
ntpsec: Add -D_GNU_SOURCE and fix building with devtool
gd: Fix build with clang-15
cpulimit: Define -D_GNU_SOURCE
safec: Remove unused variable 'len'
ncftp: Enable autoreconf
ncftp: Fix TMPDIR path embedding into ncftpget
libb64: Switch to github fork and upgrade to 2.0.0.1+git
dhrystone: Disable warnings as errors with clang
dibbler: Fix build with musl
fio: Fix additional warnings seen with musl
ssmtp: Fix null pointer assignments
gst-editing-services: Add recipe
rygel: Upgrade to 0.40.4
libesmtp: Define _GNU_SOURCE
python3-grpcio: Enable largefile support explicitly
libteam: Include missing headers for strrchr and memcmp
neon: Upgrade to 0.32.2
satyr: Fix build on musl/clang
libmusicbrainz: Avoid -Wnonnull warning
aom: Upgrade to 3.4.0
vorbis-tools: Fix build on musl
dvb-apps: Use tarball for SRC_URI and fix build on musl
python3-netifaces: Fix build with python3 and musl
python3-pyephem: Fix build with python3 and musl
samba: Fix warnings in configure tests for rpath checks
lirc: Fix build on musl
mongodb: Fix boost build with clang-15
crda: Fix build with clang-15
monkey: Fix build with musl
Lei Maohui (2):
dnf-plugin-tui: Fix somw issue in postinstall process.
xrdp: Fix buildpaths warning.
Leon Anavi (16):
python3-nocasedict: Upgrade 1.0.3 -> 1.0.4
python3-frozenlist: Upgrade 1.3.0 -> 1.3.1
python3-networkx: Upgrade 2.8.4 -> 2.8.5
python3-pyhamcrest: Upgrade 2.0.3 -> 2.0.4
python3-aiohue: Upgrade 4.4.2 -> 4.5.0
python3-pyperf: Upgrade 2.3.0 -> 2.4.1
python3-eth-abi: Upgrade 3.0.0 -> 3.0.1
python3-cytoolz: Upgrade 0.11.2 -> 0.12.0
python3-yarl: Upgrade 1.7.2 -> 1.8.1
python3-term: Upgrade 2.3 -> 2.4
python3-coverage: Upgrade 6.4.1 -> 6.4.4
python3-regex: Upgrade 2022.7.25 -> 2022.8.17
python3-awesomeversion: Upgrade 22.6.0 -> 22.8.0
python3-typed-ast: Upgrade 1.5.2 -> 1.5.4
python3-prompt-toolkit: Upgrade 3.0.24 -> 3.0.30
python3-prettytable: Upgrade 3.1.1 -> 3.3.0
Markus Volk (6):
libass: update to v1.16.0
spdlog: update to v1.10.0
waylandpp: add recipe
wireplumber: update to v0.4.11
pipewire: update to v0.3.56
pipewire: improve runtime dependency settings
Marta Rybczynska (1):
polkit: update patches for musl compilation
Matthias Klein (1):
libftdi: update to 1.5
Mike Crowe (1):
yasm: Only depend on xmlto when docs are enabled
Mike Petersen (1):
sshpass: add recipe
Mingli Yu (10):
net-snmp: set ac_cv_path_PSPROG
postgresql: Fix the buildpaths issue
freeradius: Fix buildpaths issue
openipmi: Fix buildpaths issue
apache2: Fix the buildpaths issue
frr: fix buildpaths issue
nspr: fix buildpaths issue
liblockfile: fix buildpaths issue
freediameter: fix buildpaths issue
postgresql: make sure pam conf installed when pam enabled
Ovidiu Panait (1):
net-snmp: upgrade 5.9.1 -> 5.9.3
Paulo Neves (1):
fluentbit Upgrade to 1.3.5 -> 1.9.6
Philip Balister (2):
python3-pybind11: Update to Version 2.10.0.
Remove dead link and old information from the README.
Potin Lai (7):
libplist: add libplist_git.bb
libimobiledevice-glue: SRCREV bump bc6c44b..d2ff796
libimobiledevice: add libimobiledevice_git.bb
libirecovery: SRCREV bump e190945..ab5b4d8
libusbmuxd: add libusbmuxd_git.bb
usbmuxd: add usbmuxd_git.bb
idevicerestore: SRCREV bump 280575b..7d622d9
Richard Purdie (1):
lmdb: Don't inherit base
Sam Van Den Berge (1):
python3-jsonrpcserver: add patch to use importlib.resources instead of pkg_resources
Saul Wold (10):
libipc-signal-perl: Fix LICENSE string
libdigest-hmac-perl: Fix LICENSE string
libio-socket-ssl-perl: Fix LICENSE string
libdigest-sha1-perl: Fix LICENSE string
libmime-types-perl: Fix LICENSE string
libauthen-sasl-perl: Fix LICENSE string
libnet-ldap-perl: Fix LICENSE string
libxml-libxml-perl: Fix LICENSE string
libnet-telnet-perl: Fix LICENSE string
libproc-waitstat-perl: Fix LICENSE string
Sean Anderson (2):
image_types_sparse: Pad source image to block size
image_types_sparse: Generate "don't care" chunks
Vyacheslav Yurkov (4):
protobuf: correct ptest dependency
protobuf: 3.19.4 -> 3.21.5 upgrade
protobuf: change build system to cmake
protobuf: disable protoc binary for target
Wang Mingyu (60):
cifs-utils: upgrade 6.15 -> 7.0
geocode-glib: upgrade 3.26.3 -> 3.26.4
gjs: upgrade 1.72.1 -> 1.72.2
htpdate: upgrade 1.3.5 -> 1.3.6
icewm: upgrade 2.9.8 -> 2.9.9
ipc-run: upgrade 20200505.0 -> 20220807.0
iwd: upgrade 1.28 -> 1.29
ldns: upgrade 1.8.1 -> 1.8.2
libadwaita: upgrade 1.1.3 -> 1.1.4
libencode-perl: upgrade 3.18 -> 3.19
libmime-charset-perl: upgrade 1.012.2 -> 1.013.1
libtest-warn-perl: upgrade 0.36 -> 0.37
nano: upgrade 6.3 -> 6.4
nbdkit: upgrade 1.31.15 -> 1.32.1
netdata: upgrade 1.35.1 -> 1.36.0
fio: upgrade 3.30 -> 3.31
nlohmann-json: upgrade 3.10.5 -> 3.11.2
poco: upgrade 1.12.1 -> 1.12.2
postgresql: upgrade 14.4 -> 14.5
poppler: upgrade 22.07.0 -> 22.08.0
smarty: upgrade 4.1.1 -> 4.2.0
tracker: upgrade 3.3.2 -> 3.3.3
uftp: upgrade 5.0 -> 5.0.1
xdg-user-dirs: upgrade 0.17 -> 0.18
python3-pycodestyle: upgrade 2.9.0 -> 2.9.1
python3-pyzmq: upgrade 23.2.0 -> 23.2.1
python3-setuptools-declarative-requirements: upgrade 1.2.0 -> 1.3.0
python3-sqlalchemy: upgrade 1.4.39 -> 1.4.40
python3-werkzeug: upgrade 2.2.1 -> 2.2.2
python3-xmlschema: upgrade 2.0.1 -> 2.0.2
python3-yappi: upgrade 1.3.5 -> 1.3.6
ade: upgrade 0.1.1f -> 0.1.2
babl: upgrade 0.1.92 -> 0.1.94
ctags: upgrade 5.9.20220703.0 -> 5.9.20220821.0
grilo-plugins: upgrade 0.3.14 -> 0.3.15
ldns: upgrade 1.8.2 -> 1.8.3
libcurses-perl: upgrade 1.38 -> 1.41
mosquitto: upgrade 2.0.14 -> 2.0.15
nbdkit: upgrade 1.32.1 -> 1.33.1
netdata: upgrade 1.36.0 -> 1.36.1
libsdl2-ttf: upgrade 2.20.0 -> 2.20.1
xfstests: upgrade 2022.07.31 -> 2022.08.07
php: upgrade 8.1.8 -> 8.1.9
rdma-core: upgrade 41.0 -> 42.0
spitools: upgrade 1.0.1 -> 1.0.2
unbound: upgrade 1.16.1 -> 1.16.2
zlog: upgrade 1.2.15 -> 1.2.16
python3-hexbytes: upgrade 0.2.3 -> 0.3.0
python3-pythonping: upgrade 1.1.2 -> 1.1.3
python3-jsonrpcserver: Add dependence python3-typing-extensions
feh: upgrade 3.9 -> 3.9.1
gnome-bluetooth: upgrade 42.2 -> 42.3
hunspell: upgrade 1.7.0 -> 1.7.1
gtk4: upgrade 4.6.6 -> 4.6.7
logwatch: upgrade 7.6 -> 7.7
bdwgc: upgrade 8.2.0 -> 8.2.2
tcpreplay: upgrade 4.4.1 -> 4.4.2
tree: upgrade 2.0.2 -> 2.0.3
xfsdump: upgrade 3.1.10 -> 3.1.11
babl: upgrade 0.1.94 -> 0.1.96
Wolfgang Meyer (1):
libsdl2-ttf: upgrade 2.0.18 -> 2.20.0
Xu Huan (18):
python3-protobuf: upgrade 4.21.3 -> 4.21.4
python3-pycodestyle: upgrade 2.8.0 -> 2.9.0
python3-pyflakes: upgrade 2.4.0 -> 2.5.0
python3-pythonping: upgrade 1.1.1 -> 1.1.2
python3-regex: upgrade 2022.7.24 -> 2022.7.25
python3-werkzeug: upgrade 2.2.0 -> 2.2.1
python3-google-auth: upgrade 2.9.1 -> 2.10.0
python3-humanize: upgrade 4.2.3 -> 4.3.0
python3-hexbytes: upgrade 0.2.2 -> 0.2.3
python3-imageio: upgrade 2.21.0 -> 2.21.1
python3-nocaselist: upgrade 1.0.5 -> 1.0.6
python3-protobuf: upgrade 4.21.4 -> 4.21.5
python3-pycares: upgrade 4.2.1 -> 4.2.2
python3-fastjsonschema: upgrade 2.16.1 -> 2.16.2
python3-google-api-python-client: upgrade 2.56.0 -> 2.57.0
python3-google-auth: upgrade 2.10.0 -> 2.11.0
python3-grpcio-tools: upgrade 1.47.0 -> 1.48.0
python3-grpcio: upgrade 1.47.0 -> 1.48.0
Yi Zhao (5):
strongswan: upgrade 5.9.6 -> 5.9.7
libldb: upgrade 2.3.3 -> 2.3.4
samba: upgrade 4.14.13 -> 4.14.14
python3-jsonrpcserver: upgrade 5.0.7 -> 5.0.8
samba: fix buildpaths issue
wangmy (16):
gedit: upgrade 42.1 -> 42.2
libwacom: upgrade 2.3.0 -> 2.4.0
htpdate: upgrade 1.3.4 -> 1.3.5
nbdkit: upgrade 1.31.14 -> 1.31.15
pure-ftpd: upgrade 1.0.50 -> 1.0.51
avro-c: upgrade 1.11.0 -> 1.11.1
debootstrap: upgrade 1.0.126 -> 1.0.127
freerdp: upgrade 2.7.0 -> 2.8.0
icewm: upgrade 2.9.7 -> 2.9.8
libmxml: upgrade 3.3 -> 3.3.1
poco: upgrade 1.12.0 -> 1.12.1
xfontsel: upgrade 1.0.6 -> 1.1.0
xmessage: upgrade 1.0.5 -> 1.0.6
xrefresh: upgrade 1.0.6 -> 1.0.7
zabbix: upgrade 6.0.5 -> 6.2.1
xrdp: upgrade 0.9.18 -> 0.9.19
zhengrq.fnst (4):
python3-asttokens: upgrade 2.0.7 -> 2.0.8
python3-charset-normalizer: upgrade 2.1.0 -> 2.1.1
python3-eth-account: 0.6.1 -> 0.7.0
python3-cantools: upgrade 37.1.0 -> 37.1.2
zhengruoqin (12):
python3-dominate: upgrade 2.6.0 -> 2.7.0
python3-flask-login: upgrade 0.6.1 -> 0.6.2
python3-google-api-python-client: upgrade 2.54.0 -> 2.55.0
python3-haversine: upgrade 2.5.1 -> 2.6.0
python3-imageio: upgrade 2.19.5 -> 2.21.0
python3-autobahn: upgrade 22.6.1 -> 22.7.1
python3-engineio: upgrade 4.3.3 -> 4.3.4
python3-flask: upgrade 2.1.3 -> 2.2.2
python3-gcovr: upgrade 5.1 -> 5.2
python3-google-api-python-client: upgrade 2.55.0 -> 2.56.0
python3-asttokens: upgrade 2.0.5 -> 2.0.7
python3-zeroconf: upgrade 0.38.7 -> 0.39.0
meta-security: 2a2d650ee0..10fdc2b13a:
Anton Antonov (2):
Use CARGO_TARGET_SUBDIR in do_install
parsec-service: Update oeqa tests
Armin Kuster (8):
python3-privacyidea: update to 3.7.3
lkrg-module: update to 0.9.5
apparmor: update to 3.0.6
packagegroup-core-security: add space for appends
cryptmount: Add new pkg
packagegroup-core-security: add pkg to grp
cyptmount: Fix mount.h conflicts seen with glibc 2.36+
kas: update testimage inherit
John Edward Broadbent (1):
meta-security: Add recipe for Glome
Mingli Yu (1):
samhain-standalone: fix buildpaths issue
poky: fc59c28724..9b1db65e7d:
Alejandro Hernandez Samaniego (1):
baremetal-image.bbclass: Emulate image.bbclass to handle new classes scope
Alex Stewart (1):
maintainers: update opkg maintainer
Alexander Kanavin (113):
kmscube: address linux 5.19 fails
rpm: update 4.17.0 -> 4.17.1
go: update 1.18.4 -> 1.19
bluez5: update 5.64 -> 5.65
python3-pip: update 22.2.1 -> 22.2.2
ffmpeg: update 5.0.1 -> 5.1
iproute2: upgrade 5.18.0 -> 5.19.0
harfbuzz: upgrade 4.4.1 -> 5.1.0
libwpe: upgrade 1.12.0 -> 1.12.2
bind: upgrade 9.18.4 -> 9.18.5
diffoscope: upgrade 218 -> 220
ell: upgrade 0.51 -> 0.52
gnutls: upgrade 3.7.6 -> 3.7.7
iso-codes: upgrade 4.10.0 -> 4.11.0
kea: upgrade 2.0.2 -> 2.2.0
kexec-tools: upgrade 2.0.24 -> 2.0.25
libcap: upgrade 2.64 -> 2.65
libevdev: upgrade 1.12.1 -> 1.13.0
libnotify: upgrade 0.8.0 -> 0.8.1
libwebp: upgrade 1.2.2 -> 1.2.3
libxcvt: upgrade 0.1.1 -> 0.1.2
mesa: upgrade 22.1.3 -> 22.1.5
mobile-broadband-provider-info: upgrade 20220511 -> 20220725
nettle: upgrade 3.8 -> 3.8.1
piglit: upgrade to latest revision
puzzles: upgrade to latest revision
python3: upgrade 3.10.5 -> 3.10.6
python3-dtschema: upgrade 2022.7 -> 2022.8
python3-hypothesis: upgrade 6.50.1 -> 6.54.1
python3-jsonschema: upgrade 4.9.0 -> 4.9.1
python3-markdown: upgrade 3.3.7 -> 3.4.1
python3-setuptools: upgrade 63.3.0 -> 63.4.1
python3-sphinx: upgrade 5.0.2 -> 5.1.1
python3-urllib3: upgrade 1.26.10 -> 1.26.11
sqlite3: upgrade 3.39.1 -> 3.39.2
sysklogd: upgrade 2.4.0 -> 2.4.2
webkitgtk: upgrade 2.36.4 -> 2.36.5
kernel-dev: working with kernel using devtool does not require building and installing eSDK
sdk-manual: describe how to use extensible SDK functionality directly in a Yocto build
dropbear: merge .inc into .bb
rust: update 1.62.0 -> 1.62.1
cmake: update 3.23.2 -> 3.24.0
weston: upgrade 10.0.1 -> 10.0.2
patchelf: update 0.14.5 -> 0.15.0
patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak
weston: exclude pre-releases from version check
tzdata: upgrade 2022a -> 2022b
libcgroup: update 2.0.2 -> 3.0.0
python3-setuptools-rust: update 1.4.1 -> 1.5.1
shadow: update 4.11.1 -> 4.12.1
slang: update 2.3.2 -> 2.3.3
xz: update 5.2.5 -> 5.2.6
gdk-pixbuf: update 2.42.8 -> 2.42.9
xorgproto: update 2022.1 -> 2022.2
boost-build-native: update 4.4.1 -> 1.80.0
boost: update 1.79.0 -> 1.80.0
vulkan-samples: update to latest revision
epiphany: upgrade 42.3 -> 42.4
git: upgrade 2.37.1 -> 2.37.2
glib-networking: upgrade 2.72.1 -> 2.72.2
gnu-efi: upgrade 3.0.14 -> 3.0.15
gpgme: upgrade 1.17.1 -> 1.18.0
libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
libwebp: upgrade 1.2.3 -> 1.2.4
lighttpd: upgrade 1.4.65 -> 1.4.66
mesa: upgrade 22.1.5 -> 22.1.6
meson: upgrade 0.63.0 -> 0.63.1
mpg123: upgrade 1.30.1 -> 1.30.2
pango: upgrade 1.50.8 -> 1.50.9
piglit: upgrade to latest revision
pkgconf: upgrade 1.8.0 -> 1.9.2
python3-dtschema: upgrade 2022.8 -> 2022.8.1
python3-more-itertools: upgrade 8.13.0 -> 8.14.0
python3-numpy: upgrade 1.23.1 -> 1.23.2
python3-pbr: upgrade 5.9.0 -> 5.10.0
python3-pyelftools: upgrade 0.28 -> 0.29
python3-pytz: upgrade 2022.1 -> 2022.2.1
strace: upgrade 5.18 -> 5.19
sysklogd: upgrade 2.4.2 -> 2.4.4
wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
wpebackend-fdo: upgrade 1.12.0 -> 1.12.1
python3-hatchling: update 1.6.0 -> 1.8.0
python3-setuptools: update 63.4.1 -> 65.0.2
devtool: do not leave behind source trees in workspace/sources
systemtap: add a patch to address a python 3.11 failure
bitbake: bitbake-layers: initialize tinfoil before registering command line arguments
scripts/oe-setup-builddir: add a check that TEMPLATECONF is valid
bitbake-layers: add a command to save the active build configuration as a template into a layer
bitbake-layers: add ability to save current layer repository configuration into a file
scripts/oe-setup-layers: add a script that restores the layer configuration from a json file
selftest/bblayers: add a test for creating a layer setup and using it to restore the layers
selftest/bblayers: adjust the revision for the layer setup test
perl: run builds from a pristine source tree
meta-poky/conf: move default templates to conf/templates/default/
syslinux: mark all pending patches as Inactive-Upstream
shadow: correct the pam patch status
mtd-utils: remove patch that adds -I option
gstreamer1.0-plugins-bad: remove an unneeded patch
ghostscript: remove unneeded patch
ovmf: drop the force no-stack-protector patch
python: submit CC to cc_basename patch upstream
mc: submit perl warnings patch upstream
sysvinit: send install.patch upstream
valgrind: (re)send ppc instructions patch upstream
gdk-pixbuf: submit fatal-loader.patch upstream
libsdl2: follow upstream version is even rule
python3-pip: submit reproducible.patch upstream
python3-pip: remove unneeded reproducible.patch
llvm: remove 0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch
scripts/oe-setup-builddir: migrate build/conf/templateconf.cfg to new template locations
meta/files/layers.schema.json: drop the layers property
scripts/oe-setup-builddir: write to conf/templateconf.cfg after the build is set up
scripts/oe-setup-builddir: make environment variable the highest priority source for TEMPLATECONF
Alexandre Belloni (1):
ruby: drop capstone support
Andrei Gherzan (7):
shadow: Enable subid support
rootfspostcommands.py: Restructure sort_passwd and related functions
rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils
selftest: Add module for testing rootfs postcommands
rootfs-postcommands.bbclass: Follow function rename in rootfspostcommands.py
shadow: Avoid nss warning/error with musl
linux-yocto: Fix COMPATIBLE_MACHINE regex match
Andrey Konovalov (2):
mesa: add pipe-loader's libraries to libopencl-mesa package
mesa: build clover with native LLVM codegen support for freedreno
Anuj Mittal (1):
poky.conf: add ubuntu-22.04 to tested distros
Armin Kuster (1):
system-requirements.rst: remove EOL and Centos7 hosts
Aryaman Gupta (1):
bitbake: runqueue: add memory pressure regulation
Awais Belal (1):
kernel-fitimage.bbclass: only package unique DTBs
Beniamin Sandu (1):
libpam: use /run instead of /var/run in systemd tmpfiles
Bertrand Marquis (1):
sysvinit-inittab/start_getty: Fix respawn too fast
Bruce Ashfield (22):
linux-yocto/5.15: update to v5.15.58
linux-yocto/5.10: update to v5.10.134
linux-yocto-rt/5.15: update to -rt48 (and fix -stable merge)
linux-libc-headers: update to v5.19
kernel-devsrc: support arm v5.19+ on target build
kernel-devsrc: support powerpc on v5.19+
lttng-modules: fix build against mips and v5.19 kernel
linux-yocto: introduce v5.19 reference kernel recipes
meta/conf: update preferred linux-yocto version to v5.19
linux-yocto: drop v5.10 reference kernel recipes
linux-yocto/5.15: update to v5.15.59
linux-yocto/5.15: fix reproducibility issues
linux-yocto/5.19: cfg: update x32 configuration fragment
linux-yocto/5.19: fix reproducibility issues
poky: update preferred version to v5.19
poky: change preferred kernel version to 5.15 in poky-alt
yocto-bsp: drop v5.10 bbappend and create 5.19 placeholder
lttng-modules: replace mips compaction fix with upstream change
linux-yocto/5.15: update to v5.15.60
linux-yocto/5.19: update to v5.19.1
linux-yocto/5.19: update to v5.19.3
linux-yocto/5.15: update to v5.15.62
Changqing Li (1):
apt: fix nativesdk-apt build failure during the second time build
Chen Qi (2):
python3-hypothesis: revert back to 6.46.11
python3-requests: add python3-compression dependency
Drew Moseley (1):
rng-tools: Replace obsolete "wants systemd-udev-settle"
Enrico Scholz (2):
npm.bbclass: fix typo in 'fund' config option
npm.bbclass: fix architecture mapping
Ernst Sjöstrand (1):
cve-check: Don't use f-strings
Jacob Kroon (1):
python3-cython: Remove debug lines
Jan Luebbe (2):
openssh: sync local ssh_config + sshd_config files with upstream 8.7p1
openssh: add support for config snippet includes to ssh and sshd
JeongBong Seo (1):
wic: add 'none' fstype for custom image
Johannes Schneider (1):
classes: rootfs-postcommands: autologin root on serial-getty
Jon Mason (2):
oeqa/parselogs: add qemuarmv5 arm-charlcd masking
ref-manual: add numa to machine features
Jose Quaresma (4):
bitbake: build: prefix the tasks with a timestamp in the log task_order
archiver.bbclass: some recipes that uses the kernelsrc bbclass uses the shared source
linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
shaderc: upgrade 2022.1 -> 2022.2
Joshua Watt (4):
bitbake: siggen: Fix insufficent entropy in sigtask file names
bitbake: utils: Pass lock argument in fileslocked
classes: cve-check: Get shared database lock
meta/files: add layer setup JSON schema and example
Kai Kang (1):
packagegroup-self-hosted: update for strace
Kevin Hao (1):
uboot-config.bbclass: Don't bail out early in multi configs
Khem Raj (83):
qemu: Fix build with glibc 2.36
mtd-utils: Fix build with glibc 2.36
stress-ng: Upgrade to 0.14.03
bootchart2: Fix build with glibc 2.36+
ltp: Fix sys/mount.h conflicts needed for glibc 2.36+ compile
efivar: Fix build with glibc 2.36
cracklib: Drop using register keyword
util-linux: Define pidfd_* function signatures
util-linux: Upgrade to 2.38.1
tcp-wrappers: Fix implicit-function-declaration warnings
perl-cross: Correct function signatures in configure_func.sh
perl: Pass additional flags to enable lfs and gnu source
sysvinit: Fix mount.h conflicts seen with glibc 2.36+
glibc: Bump to 2.36
glibc: Update patch status
zip: Enable largefile support based on distro feature
zip: Make configure checks to be more robust
unzip: Fix configure tests to use modern C
unzip: Enable largefile support when enabled in distro
iproute2: Fix netns check during configure
glibc: Bump to latest 2.36 branch
gstreamer1.0-plugins-base: Include required system headers for isspace() and sscanf()
musl: Upgrade to latest tip of trunk
zip: Always enable LARGE_FILE_SUPPORT
libmicrohttpd: Enable largefile support unconditionally
unzip: Always enable largefile support
default-distrovars: Remove largefile from defualt DISTRO_FEATURES
zlib: Resolve CVE-2022-37434
json-c: Fix function prototypes
rsync: Backport fix to address CVE-2022-29154
rsync: Upgrade to 3.2.5
libtirpc: Backport fix for CVE-2021-46828
libxml2: Ignore CVE-2016-3709
tiff: Backport a patch for CVE-2022-34526
libtirpc: Upgrade to 1.3.3
perf: Add packageconfig for libbfd support and use disabled as default
connman: Backports for security fixes
systemd: Upgrade to 251.4 and fix build with binutils 2.39
time: Add missing include for memset
screen: Add missing include files in configure checks
setserial: Fix build with clang
expect: Fix implicit-function-declaration warnings
spirv-tools: Remove default copy constructor in header
boost: Compile out stdlib unary/binary_functions for c++11 and newer
vulkan-samples: Qualify move as std::move
apt: Do not use std::binary_function
ltp: Fix sys/mount.h and linux/mount.h conflict
rpm: Remove -Wimplicit-function-declaration warnings
binutils: Upgrade to 2.39 release
binutils-cross: Disable gprofng for when building cross binutils
binutils: Package up gprofng
binutils: Disable gprofng when using clang
binutils-cross-canadian: Package up new gprofng.rc file
autoconf: Fix strict prototype errors in generated tests
rsync: Add missing prototypes to function declarations
nfs-utils: Upgrade to 2.6.2
webkitgtk: Upgrade to 2.36.6 minor update
musl: Update to tip
binutils: Disable gprofng on musl systems
binutils: Upgrade to latest on 2.39 release branch
cargo_common.bbclass: Add missing space in shell conditional code
rng-tools: Remove depndencies on hwrng
ccache: Update the patch status
ccache: Fix build with gcc12 on musl
alsa-plugins: Include missing string.h
xinetd: Pass missing -D_GNU_SOURCE
watchdog: Include needed system header for function decls
libcgroup: Use GNU strerror_r only when its available
pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses
apr: Use correct strerror_r implementation based on libc type
gcr: Define _GNU_SOURCE
ltp: Adjust types to match create_fifo_thread return
gcc: Upgrade to 12.2.0
glibc: Update to latest on 2.36
ltp: Remove -mfpmath=sse on x86-64 too
apr: Cache configure tests which use AC_TRY_RUN
rust: Fix build failure on riscv32
ncurses: Fix configure tests for exit and mbstate_t
rust-llvm: Update to matching LLVM_VERSION from rust-source
librepo: Fix build on musl
rsync: Turn on -pedantic-errors at the end of 'configure'
ccache: Upgrade to 4.6.2
xmlto: Update to use upstream tip of trunk
Konrad Weihmann (1):
python3: disable user site-pkg for native target
Lee Chee Yang (1):
migration guides: add release notes for 4.0.3
Luca Ceresoli (1):
libmnl: remove unneeded SRC_URI 'name' option
Markus Volk (2):
connman: add PACKAGECONFIG to support iwd
packagegroup-base.bb: add a configure option to set the wireless-daemon
Martin Jansa (5):
glibc: revert one upstream change to work around broken DEBUG_BUILD build
syslinux: Fix build with glibc-2.36
syslinux: refresh patches with devtool
glibc: fix new upstream build issue with DEBUG_BUILD build
glibc: apply proposed patch from upstream instead of revert
Mateusz Marciniec (2):
util-linux: Remove --enable-raw from EXTRA_OECONF
util-linux: Improve check for magic in configure.ac
Michael Halstead (1):
uninative: Upgrade to 3.7 to work with glibc 2.36
Michael Opdenacker (1):
dev-manual: use proper note directive
Mingli Yu (1):
bitbake: fetch: use BPN instead
Neil Horman (1):
bitbake: Fix npm to use https rather than http
Paul Eggleton (1):
relocate_sdk.py: ensure interpreter size error causes relocation to fail
Pavel Zhukov (6):
package_rpm: Do not replace square brackets in %files
selftest: Add regression test for rpm filesnames
parselogs: Ignore xf86OpenConsole error
bitbake: gitsm: Error out if submodule refers to parent repo
bitbake: tests: Add Timeout class
bitbake: tests: Add test for possible gitsm deadlock
Peter Bergin (3):
rust-cross-canadian: rename shell variables for easier appends
packagegroup-rust-cross-canadian: add native compiler environment
oeqa/sdk: extend rust test to also use a build script
Peter Marko (1):
create-spdx: handle links to inaccessible locations
Quentin Schulz (3):
docs: conf.py: update yocto_git base URL
docs: README: add TeX font package required for building PDF
docs: ref-manual: system-requirements: add missing packages
Randy MacLeod (1):
rust: update from 1.62.1 to 1.63.0
Rasmus Villemoes (1):
bitbake.conf: set BB_DEFAULT_UMASK using ??=
Richard Purdie (85):
oeqa/selftest/sstate: Ensure tests are deterministic
nativesdk: Clear TUNE_FEATURES
populate_sdk_base: Disable rust SDK for MIPS n32
selftest/reproducible: Exclude rust/rust-dbg for now until we can fix
conf/distro/no-static-libs: Allow static musl for rust
rust-target-config: Add mips n32 target information
rust-common: Add CXXFLAGS
rust-common: Drop export directive from wrappers
rust-common: Rework wrappers to handle musl
rust: Work around reproducibility issues
rust: Switch to use RUST_XXX_SYS consistently
rust.inc: Rename variables to make code clearer
rust.inc: Fix cross build llvm-config handling
rust/mesa: Drop obsolete YOCTO_ALTERNATE_MULTILIB_NAME
rust-target-config: Show clear error when target isn't defined
rust: Generate per recipe target configuration files
rust-common/rust: Improve bootstrap BUILD_SYS handling
cargo_common: Handle build SYS as well as HOST/TARGET
rust-llvm: Enable nativesdk variant
rust.inc: Fix for cross compilation configuration
rust-common: Update to match cross targets
rust-target-config: Make target workaround generic
rust-common: Simplify libc handling
cargo: Drop cross-canadian variant and fix/use nativesdk
rust-common: Set rustlibdir to match target expectation
rust-cross-canadian: Simplify and fix
rust: Drop cross/crosssdk
rust: Enable nativesdk and target builds + replace rust-tools-cross-canadian
rust: Fix musl builds
rust: Ensure buildpaths are handled in debug symbols correctly
rust: Update README
selftest/wic: Tweak test case to not depend on kernel size
bitbake: runqueue: Ensure deferred tasks are sorted by multiconfig
bitbake: runqueue: Improve deadlock warning messages
bitbake: runqueue: Drop deadlock breaking force fail
rust-common: Remove conflict with utils create_wrapper
kern-devsrc: Drop auto.conf creation
cargo: Work around host system library conflicts
rust-cross-canadian: Use shell from SDK, not the host
buildhistory: Only use image-artifact-names as an image class
rust: Remove unneeded RUST_TARGETGENS settings
meta-skeleton/hello-mod: Switch to SPDX-License-Identifier
perf: Fix reproducibility issues with 5.19 onwards
selftest/runtime_test/incompatible_lic: Use IMAGE_CLASSES for testimage
testexport: Fix to work as an image class
testexport: Use IMAGE_CLASSES for testimage
selftest/runtime_test: Use testexport in IMAGE_CLASSES, not globally
bitbake: BBHandler: Allow earlier exit for classes not found
bitbake: BBHandler: Make inherit calls more directly
bitbake: bitbake: Add copyright headers where missing
bitbake: BBHandler/cooker: Implement recipe and global classes
classes: Add copyright statements to files without one
scripts: Add copyright statements to files without one
classes: Add SPDX license identifiers
lib: Add copyright statements to files without one
insane: Update to allow for class layout changes
classes: Update classes to match new bitbake class scope functionality
recipetool: Update for class changes
package: Switch debug source handling to use prefix map
libgcc/gcc-runtime: Improve source reference handling
bitbake.conf: Handle S and B separately for debug mapping
python3-cython: Update code to match debug path changes
gcc-cross: Fix relative links
gcc: Resolve relative prefix-map filenames
gcc: Add a patch to avoid hardcoded paths in libgcc on powerpc
gcc: Update patch status to submitted for two patches
valgrind: Disable drd/tests/std_thread2 ptest
valgrind: Update to match debug file layout changes
skeleton/service: Ensure debug path handling works as intended
distrooverrides: Move back to classes whilst it's usage is clarified
vim: Upgrade 9.0.0115 -> 9.0.0242
icu: Drop binconfig support (icu-config)
libtirpc: Mark CVE-2021-46828 as resolved
bitbake: runqueue: Change pressure file warning to a note
rust-target-config: Drop has-elf-tls option
llvm: Add llvm-config wrapper to improve flags handling
mesa: Rework llvm handling
rust-target-config: Fix qemuppc target cpu option
rust: Fix crossbeam-utils for arches without atomics
pseudo: Update to include recent upstream minor fixes
bitbake: Revert "fetch: use BPN instead"
vim: Upgrade 9.0.0242 -> 9.0.0341
gcc-multilib-config: Fix i686 toolchain relocation issues
kernel: Always set CC and LD for the kernel build
kernel: Use consistent make flags for menuconfig
Robert Joslyn (1):
curl: Update to 7.85.0
Ross Burton (9):
oeqa/qemurunner: add run_serial() comment
oeqa/commands: add support for running cross tools to runCmd
oeqa/selftest: rewrite gdbserver test
libxml2: wrap xmllint to use the correct XML catalogues
oeqa/selftest: add test for debuginfod
libgcrypt: remove obsolete pkgconfig install
libgcrypt: remove obsolete patch
libgcrypt: rewrite ptest
cve-check: close cursors as soon as possible
Sakib Sajal (2):
qemu: fix CVE-2021-3507
qemu: fix CVE-2022-0216
Shubham Kulkarni (1):
sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct
Simone Weiss (1):
json-c: Add ptest for json-c
Sundeep KOKKONDA (1):
glibc : stable 2.35 branch updates
Thomas Roos (1):
oeqa devtool: Add tests to cover devtool handling of various git URL styles
Tom Hochstein (1):
piglit: Add PACKAGECONFIG for glx and opencl
Tom Rini (1):
qemux86-64: Allow higher tunes
Ulrich Ölmann (1):
scripts/runqemu.README: fix typos and trailing whitespaces
William A. Kennington III (1):
image_types: Set SOURCE_DATE_EPOCH for squashfs
Yang Xu (1):
insane.bbclass: Skip patches not in oe-core by full path
Yogesh Tyagi (1):
gdbserver : add selftest
Yongxin Liu (1):
grub2: fix several CVEs
wangmy (19):
msmtp: upgrade 1.8.20 -> 1.8.22
bind: upgrade 9.18.5 -> 9.18.6
btrfs-tools: upgrade 5.18.1 -> 5.19
libdnf: upgrade 0.67.0 -> 0.68.0
librepo: upgrade 1.14.3 -> 1.14.4
pkgconf: upgrade 1.9.2 -> 1.9.3
python3-pygments: upgrade 2.12.0 -> 2.13.0
ethtool: upgrade 5.18 -> 5.19
librsvg: upgrade 2.54.4 -> 2.54.5
libtasn1: upgrade 4.18.0 -> 4.19.0
liburcu: upgrade 0.13.1 -> 0.13.2
libwpe: upgrade 1.12.2 -> 1.12.3
lttng-tools: upgrade 2.13.7 -> 2.13.8
lttng-ust: upgrade 2.13.3 -> 2.13.4
libatomic-ops: upgrade 7.6.12 -> 7.6.14
lz4: upgrade 1.9.3 -> 1.9.4
python3-hatchling: upgrade 1.8.0 -> 1.8.1
python3-urllib3: upgrade 1.26.11 -> 1.26.12
repo: upgrade 2.28 -> 2.29.1
meta-arm: 20a629180c..52f07a4b0b:
Anton Antonov (11):
arm/optee-os: backport RWX permission error patch
work around for too few arguments to function init_disassemble_info() error
arm/optee-os: backport linker warning patches
arm/tf-a-tests: work around RWX permission error on segment
Recipes for Trusted Services dependencies.
Recipes for Trusted Services Secure Partitions
ARM-FFA kernel drivers and kernel configs for Trusted Services
Trusted Services test/demo NWd tools
psa-api-tests for Trusted Services
Include Trusted Services SPs into optee-os image
Define qemuarm64-secureboot-ts CI pipeline and include it into meta-arm
Gowtham Suresh Kumar (2):
arm-bsp/secure-partitions: fix SMM gateway bug for EFI GetVariable()
arm-bsp/u-boot: drop EFI GetVariable() workarounds patches
Jon Mason (11):
arm-bsp/fvp-base-arm32: Update kernel patch for v5.19
arm/qemuarm64-secureboot: remove tfa memory patch
arm/linux-yocto: remove optee num pages kernel config variable
arm-bsp/juno: drop scmi patch
arm/qemuarm-secureboot: remove vmalloc from QB_KERNEL_CMDLINE_APPEND
arm/fvp: use image-artifact-names as an image class
atp/atp: drop package inherits
arm/optee: Update to 3.18
arm-bsp/fvp-base: set preferred kernel to 5.15
arm/arm-bsp: Add yocto-kernel-cache bluetooth support
arm-bsp/corstone1000: use compressed kernel image
Khem Raj (2):
gator-daemon: Define _GNU_SOURCE feature test macro
optee-os: Add section attribute parameters when clang is used
Peter Hoyes (3):
docs: Update FVP_CONSOLES in runfvp documentation
docs: Introduce meta-arm OEQA documentation
arm/oeqa: Make linuxboot test case timeout configurable
Richard Purdie (1):
gem5/gem5-m5ops: Drop uneeded package inherit
Ross Burton (2):
arm/trusted-firmware-a: remove redundant patches
arm/trusted-firmware-a: work around RWX permission error on segment
Rui Miguel Silva (2):
arm-bsp:corstone500: rebase u-boot patches on v2022.07
arm-bsp/corstone1000: rebase u-boot patches on top v2022.07
Vishnu Banavath (3):
arm-bsp/trusted-firmware-a: Bump TF-A version for N1SDP
arm-bsp/optee: add optee-os support for N1SDP target
arm/optee: update optee-client to v3.18
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I90aa0a94410dd208163af126566d22c77787abc2
diff --git a/poky/meta/recipes-bsp/efivar/efivar/0001-Fix-glibc-2.36-build-mount.h-conflicts.patch b/poky/meta/recipes-bsp/efivar/efivar/0001-Fix-glibc-2.36-build-mount.h-conflicts.patch
new file mode 100644
index 0000000..28dadab
--- /dev/null
+++ b/poky/meta/recipes-bsp/efivar/efivar/0001-Fix-glibc-2.36-build-mount.h-conflicts.patch
@@ -0,0 +1,60 @@
+From 7b0e7ba674321ec1ddd6b9cbb419e5fb44f88bb3 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 28 Jul 2022 16:11:24 -0400
+Subject: [PATCH] Fix glibc 2.36 build (mount.h conflicts)
+
+glibc has decided that sys/mount.h and linux/mount.h are no longer
+usable at the same time. This broke the build, since linux/fs.h itself
+includes linux/mount.h. For now, fix the build by only including
+sys/mount.h where we need it.
+
+See-also: https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+Resolves: #227
+
+Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/bc65d63ebf8fe6ac8a099ff15ca200986dba1565]
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+---
+ src/gpt.c | 1 +
+ src/linux.c | 1 +
+ src/util.h | 1 -
+ 3 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/gpt.c b/src/gpt.c
+index 1eda049..21413c3 100644
+--- a/src/gpt.c
++++ b/src/gpt.c
+@@ -17,6 +17,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <sys/mount.h>
+ #include <sys/param.h>
+ #include <sys/stat.h>
+ #include <sys/utsname.h>
+diff --git a/src/linux.c b/src/linux.c
+index 47e45ae..1780816 100644
+--- a/src/linux.c
++++ b/src/linux.c
+@@ -20,6 +20,7 @@
+ #include <stdbool.h>
+ #include <stdio.h>
+ #include <sys/ioctl.h>
++#include <sys/mount.h>
+ #include <sys/socket.h>
+ #include <sys/sysmacros.h>
+ #include <sys/types.h>
+diff --git a/src/util.h b/src/util.h
+index 3300666..1e67e44 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -23,7 +23,6 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <sys/ioctl.h>
+-#include <sys/mount.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <tgmath.h>
+--
+2.37.1
+
diff --git a/poky/meta/recipes-bsp/efivar/efivar_38.bb b/poky/meta/recipes-bsp/efivar/efivar_38.bb
index 42625fa..6a69189 100644
--- a/poky/meta/recipes-bsp/efivar/efivar_38.bb
+++ b/poky/meta/recipes-bsp/efivar/efivar_38.bb
@@ -12,6 +12,7 @@
file://0001-src-Makefile-build-util.c-separately-for-makeguids.patch \
file://efisecdb-fix-build-with-musl-libc.patch \
file://0001-Fix-invalid-free-in-main.patch \
+ file://0001-Fix-glibc-2.36-build-mount.h-conflicts.patch \
"
SRCREV = "1753149d4176ebfb2b135ac0aaf79340bf0e7a93"
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/lib-Makefile-fix-parallel-issue.patch b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/lib-Makefile-fix-parallel-issue.patch
deleted file mode 100644
index dc00b8f..0000000
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/lib-Makefile-fix-parallel-issue.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 3ec8c2a70304eabd5760937a4ec3fbc4068a77ed Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 23 Apr 2015 01:49:31 -0700
-Subject: [PATCH 2/3] lib/Makefile: fix parallel issue
-
-Fixed:
-Assembler messages:
-Fatal error: can't create runtime/rtlock.o: No such file or directory
-Assembler messages:
-Fatal error: can't create runtime/rtdata.o: No such file or directory
-Assembler messages:
-Fatal error: can't create runtime/vm.o: No such file or directory
-Assembler messages:
-Fatal error: can't create runtime/efirtlib.o: No such file or directory
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- lib/Makefile | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/Makefile b/lib/Makefile
-index 048751a..ed39bbb 100644
---- a/lib/Makefile
-+++ b/lib/Makefile
-@@ -74,6 +74,8 @@ all: libsubdirs libefi.a
- libsubdirs:
- for sdir in $(SUBDIRS); do mkdir -p $$sdir; done
-
-+$(OBJS): libsubdirs
-+
- libefi.a: $(OBJS)
- $(AR) $(ARFLAGS) $@ $(OBJS)
-
---
-2.7.4
-
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
index 8a0138b..63d9b6f 100644
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
+++ b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
@@ -1,7 +1,7 @@
-From 48b2cdbcd761105e8ebad412fcbf23db1ac4ef7c Mon Sep 17 00:00:00 2001
+From f56ddb00a656af2e84f839738fad19909ac65047 Mon Sep 17 00:00:00 2001
From: Saul Wold <sgw@linux.intel.com>
Date: Sun, 9 Mar 2014 15:22:15 +0200
-Subject: [PATCH 1/3] Fix parallel make failure for archives
+Subject: [PATCH] Fix parallel make failure for archives
Upstream-Status: Pending
@@ -20,12 +20,16 @@
[Rebased for 3.0.8]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ lib/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
diff --git a/lib/Makefile b/lib/Makefile
-index 0e6410d..048751a 100644
+index 1fc6a47..54b0ca7 100644
--- a/lib/Makefile
+++ b/lib/Makefile
-@@ -75,7 +75,7 @@ libsubdirs:
- for sdir in $(SUBDIRS); do mkdir -p $$sdir; done
+@@ -77,7 +77,7 @@ libsubdirs:
+ $(OBJS): libsubdirs
libefi.a: $(OBJS)
- $(AR) $(ARFLAGS) $@ $^
@@ -33,6 +37,3 @@
clean:
rm -f libefi.a *~ $(OBJS) */*.o
---
-2.7.4
-
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.14.bb b/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.15.bb
similarity index 94%
rename from poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.14.bb
rename to poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.15.bb
index 36d1035..5ae6f39 100644
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.14.bb
+++ b/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.15.bb
@@ -14,11 +14,10 @@
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/files/${BP}.tar.bz2 \
file://parallel-make-archives.patch \
- file://lib-Makefile-fix-parallel-issue.patch \
file://gnu-efi-3.0.9-fix-clang-build.patch \
"
-SRC_URI[sha256sum] = "b73b643a0d5697d1f396d7431448e886dd805668789578e3e1a28277c9528435"
+SRC_URI[sha256sum] = "931a257b9c5c1ba65ff519f18373c438a26825f2db7866b163e96d1b168f20ea"
COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*|riscv64.*)-linux"
COMPATIBLE_HOST:armv4 = 'null'
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
new file mode 100644
index 0000000..7f7bb1a
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
@@ -0,0 +1,179 @@
+From e623866d9286410156e8b9d2c82d6253a1b22d08 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 6 Jul 2021 18:51:35 +1000
+Subject: [PATCH] video/readers/png: Drop greyscale support to fix heap
+ out-of-bounds write
+
+A 16-bit greyscale PNG without alpha is processed in the following loop:
+
+ for (i = 0; i < (data->image_width * data->image_height);
+ i++, d1 += 4, d2 += 2)
+ {
+ d1[R3] = d2[1];
+ d1[G3] = d2[1];
+ d1[B3] = d2[1];
+ }
+
+The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration,
+but there are only 3 bytes allocated for storage. This means that image
+data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes
+out of every 4 following the end of the image.
+
+This has existed since greyscale support was added in 2013 in commit
+3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale).
+
+Saving starfield.png as a 16-bit greyscale image without alpha in the gimp
+and attempting to load it causes grub-emu to crash - I don't think this code
+has ever worked.
+
+Delete all PNG greyscale support.
+
+Fixes: CVE-2021-3695
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3695
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e623866d9286410156e8b9d2c82d6253a1b22d08
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/video/readers/png.c | 87 +++--------------------------------
+ 1 file changed, 7 insertions(+), 80 deletions(-)
+
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index 35ae553c8..a3161e25b 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -100,7 +100,7 @@ struct grub_png_data
+
+ unsigned image_width, image_height;
+ int bpp, is_16bit;
+- int raw_bytes, is_gray, is_alpha, is_palette;
++ int raw_bytes, is_alpha, is_palette;
+ int row_bytes, color_bits;
+ grub_uint8_t *image_data;
+
+@@ -296,13 +296,13 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ data->bpp = 3;
+ else
+ {
+- data->is_gray = 1;
+- data->bpp = 1;
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "png: color type not supported");
+ }
+
+ if ((color_bits != 8) && (color_bits != 16)
+ && (color_bits != 4
+- || !(data->is_gray || data->is_palette)))
++ || !data->is_palette))
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "png: bit depth must be 8 or 16");
+
+@@ -331,7 +331,7 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ }
+
+ #ifndef GRUB_CPU_WORDS_BIGENDIAN
+- if (data->is_16bit || data->is_gray || data->is_palette)
++ if (data->is_16bit || data->is_palette)
+ #endif
+ {
+ data->image_data = grub_calloc (data->image_height, data->row_bytes);
+@@ -899,27 +899,8 @@ grub_png_convert_image (struct grub_png_data *data)
+ int shift;
+ int mask = (1 << data->color_bits) - 1;
+ unsigned j;
+- if (data->is_gray)
+- {
+- /* Generic formula is
+- (0xff * i) / ((1U << data->color_bits) - 1)
+- but for allowed bit depth of 1, 2 and for it's
+- equivalent to
+- (0xff / ((1U << data->color_bits) - 1)) * i
+- Precompute the multipliers to avoid division.
+- */
+-
+- const grub_uint8_t multipliers[5] = { 0xff, 0xff, 0x55, 0x24, 0x11 };
+- for (i = 0; i < (1U << data->color_bits); i++)
+- {
+- grub_uint8_t col = multipliers[data->color_bits] * i;
+- palette[i][0] = col;
+- palette[i][1] = col;
+- palette[i][2] = col;
+- }
+- }
+- else
+- grub_memcpy (palette, data->palette, 3 << data->color_bits);
++
++ grub_memcpy (palette, data->palette, 3 << data->color_bits);
+ d1c = d1;
+ d2c = d2;
+ for (j = 0; j < data->image_height; j++, d1c += data->image_width * 3,
+@@ -957,60 +938,6 @@ grub_png_convert_image (struct grub_png_data *data)
+ return;
+ }
+
+- if (data->is_gray)
+- {
+- switch (data->bpp)
+- {
+- case 4:
+- /* 16-bit gray with alpha. */
+- for (i = 0; i < (data->image_width * data->image_height);
+- i++, d1 += 4, d2 += 4)
+- {
+- d1[R4] = d2[3];
+- d1[G4] = d2[3];
+- d1[B4] = d2[3];
+- d1[A4] = d2[1];
+- }
+- break;
+- case 2:
+- if (data->is_16bit)
+- /* 16-bit gray without alpha. */
+- {
+- for (i = 0; i < (data->image_width * data->image_height);
+- i++, d1 += 4, d2 += 2)
+- {
+- d1[R3] = d2[1];
+- d1[G3] = d2[1];
+- d1[B3] = d2[1];
+- }
+- }
+- else
+- /* 8-bit gray with alpha. */
+- {
+- for (i = 0; i < (data->image_width * data->image_height);
+- i++, d1 += 4, d2 += 2)
+- {
+- d1[R4] = d2[1];
+- d1[G4] = d2[1];
+- d1[B4] = d2[1];
+- d1[A4] = d2[0];
+- }
+- }
+- break;
+- /* 8-bit gray without alpha. */
+- case 1:
+- for (i = 0; i < (data->image_width * data->image_height);
+- i++, d1 += 3, d2++)
+- {
+- d1[R3] = d2[0];
+- d1[G3] = d2[0];
+- d1[B3] = d2[0];
+- }
+- break;
+- }
+- return;
+- }
+-
+ {
+ /* Only copy the upper 8 bit. */
+ #ifndef GRUB_CPU_WORDS_BIGENDIAN
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch
new file mode 100644
index 0000000..f06514e
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch
@@ -0,0 +1,50 @@
+From 210245129c932dc9e1c2748d9d35524fb95b5042 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 6 Jul 2021 23:25:07 +1000
+Subject: [PATCH] video/readers/png: Avoid heap OOB R/W inserting huff table
+ items
+
+In fuzzing we observed crashes where a code would attempt to be inserted
+into a huffman table before the start, leading to a set of heap OOB reads
+and writes as table entries with negative indices were shifted around and
+the new code written in.
+
+Catch the case where we would underflow the array and bail.
+
+Fixes: CVE-2021-3696
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3696
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=210245129c932dc9e1c2748d9d35524fb95b5042
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/video/readers/png.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index a3161e25b..d7ed5aa6c 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -438,6 +438,13 @@ grub_png_insert_huff_item (struct huff_table *ht, int code, int len)
+ for (i = len; i < ht->max_length; i++)
+ n += ht->maxval[i];
+
++ if (n > ht->num_values)
++ {
++ grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "png: out of range inserting huffman table item");
++ return;
++ }
++
+ for (i = 0; i < n; i++)
+ ht->values[ht->num_values - i] = ht->values[ht->num_values - i - 1];
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch
new file mode 100644
index 0000000..e9fc52d
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch
@@ -0,0 +1,84 @@
+From 22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Wed, 7 Jul 2021 15:38:19 +1000
+Subject: [PATCH] video/readers/jpeg: Block int underflow -> wild pointer write
+
+Certain 1 px wide images caused a wild pointer write in
+grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(),
+we have the following loop:
+
+for (; data->r1 < nr1 && (!data->dri || rst);
+ data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
+
+We did not check if vb * width >= hb * nc1.
+
+On a 64-bit platform, if that turns out to be negative, it will underflow,
+be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so
+we see data->bitmap_ptr jump, e.g.:
+
+0x6180_0000_0480 to
+0x6181_0000_0498
+ ^
+ ~--- carry has occurred and this pointer is now far away from
+ any object.
+
+On a 32-bit platform, it will decrement the pointer, creating a pointer
+that won't crash but will overwrite random data.
+
+Catch the underflow and error out.
+
+Fixes: CVE-2021-3697
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3697
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=22a3f97d39f6a10b08ad7fd1cc47c4dcd10413f6
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/video/readers/jpeg.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 579bbe8a4..09596fbf5 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -23,6 +23,7 @@
+ #include <grub/mm.h>
+ #include <grub/misc.h>
+ #include <grub/bufio.h>
++#include <grub/safemath.h>
+
+ GRUB_MOD_LICENSE ("GPLv3+");
+
+@@ -699,6 +700,7 @@ static grub_err_t
+ grub_jpeg_decode_data (struct grub_jpeg_data *data)
+ {
+ unsigned c1, vb, hb, nr1, nc1;
++ unsigned stride_a, stride_b, stride;
+ int rst = data->dri;
+ grub_err_t err = GRUB_ERR_NONE;
+
+@@ -711,8 +713,14 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: attempted to decode data before start of stream");
+
++ if (grub_mul(vb, data->image_width, &stride_a) ||
++ grub_mul(hb, nc1, &stride_b) ||
++ grub_sub(stride_a, stride_b, &stride))
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "jpeg: cannot decode image with these dimensions");
++
+ for (; data->r1 < nr1 && (!data->dri || rst);
+- data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
++ data->r1++, data->bitmap_ptr += stride * 3)
+ for (c1 = 0; c1 < nc1 && (!data->dri || rst);
+ c1++, rst--, data->bitmap_ptr += hb * 3)
+ {
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch
new file mode 100644
index 0000000..8bf9090
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch
@@ -0,0 +1,63 @@
+From 3e4817538de828319ba6d59ced2fbb9b5ca13287 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 20 Dec 2021 19:41:21 +1100
+Subject: [PATCH] net/ip: Do IP fragment maths safely
+
+We can receive packets with invalid IP fragmentation information. This
+can lead to rsm->total_len underflowing and becoming very large.
+
+Then, in grub_netbuff_alloc(), we add to this very large number, which can
+cause it to overflow and wrap back around to a small positive number.
+The allocation then succeeds, but the resulting buffer is too small and
+subsequent operations can write past the end of the buffer.
+
+Catch the underflow here.
+
+Fixes: CVE-2022-28733
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-28733
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e4817538de828319ba6d59ced2fbb9b5ca13287
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+
+---
+ grub-core/net/ip.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c
+index e3d62e97f..3c3d0be0e 100644
+--- a/grub-core/net/ip.c
++++ b/grub-core/net/ip.c
+@@ -25,6 +25,7 @@
+ #include <grub/net/netbuff.h>
+ #include <grub/mm.h>
+ #include <grub/priority_queue.h>
++#include <grub/safemath.h>
+ #include <grub/time.h>
+
+ struct iphdr {
+@@ -512,7 +513,14 @@ grub_net_recv_ip4_packets (struct grub_net_buff *nb,
+ {
+ rsm->total_len = (8 * (grub_be_to_cpu16 (iph->frags) & OFFSET_MASK)
+ + (nb->tail - nb->data));
+- rsm->total_len -= ((iph->verhdrlen & 0xf) * sizeof (grub_uint32_t));
++
++ if (grub_sub (rsm->total_len, (iph->verhdrlen & 0xf) * sizeof (grub_uint32_t),
++ &rsm->total_len))
++ {
++ grub_dprintf ("net", "IP reassembly size underflow\n");
++ return GRUB_ERR_NONE;
++ }
++
+ rsm->asm_netbuff = grub_netbuff_alloc (rsm->total_len);
+ if (!rsm->asm_netbuff)
+ {
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch
new file mode 100644
index 0000000..f31167d
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch
@@ -0,0 +1,58 @@
+From b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 8 Mar 2022 19:04:40 +1100
+Subject: [PATCH] net/http: Error out on headers with LF without CR
+
+In a similar vein to the previous patch, parse_line() would write
+a NUL byte past the end of the buffer if there was an HTTP header
+with a LF rather than a CRLF.
+
+RFC-2616 says:
+
+ Many HTTP/1.1 header field values consist of words separated by LWS
+ or special characters. These special characters MUST be in a quoted
+ string to be used within a parameter value (as defined in section 3.6).
+
+We don't support quoted sections or continuation lines, etc.
+
+If we see an LF that's not part of a CRLF, bail out.
+
+Fixes: CVE-2022-28734
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-28734
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b26b4c08e7119281ff30d0fb4a6169bd2afa8fe4
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/net/http.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/grub-core/net/http.c b/grub-core/net/http.c
+index 33a0a28c4..9291a13e2 100644
+--- a/grub-core/net/http.c
++++ b/grub-core/net/http.c
+@@ -68,7 +68,15 @@ parse_line (grub_file_t file, http_data_t data, char *ptr, grub_size_t len)
+ char *end = ptr + len;
+ while (end > ptr && *(end - 1) == '\r')
+ end--;
++
++ /* LF without CR. */
++ if (end == ptr + len)
++ {
++ data->errmsg = grub_strdup (_("invalid HTTP header - LF without CR"));
++ return GRUB_ERR_NONE;
++ }
+ *end = 0;
++
+ /* Trailing CRLF. */
+ if (data->in_chunk_len == 1)
+ {
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch
new file mode 100644
index 0000000..e0ca1ee
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch
@@ -0,0 +1,56 @@
+From ec6bfd3237394c1c7dbf2fd73417173318d22f4b Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 8 Mar 2022 18:17:03 +1100
+Subject: [PATCH] net/http: Fix OOB write for split http headers
+
+GRUB has special code for handling an http header that is split
+across two packets.
+
+The code tracks the end of line by looking for a "\n" byte. The
+code for split headers has always advanced the pointer just past the
+end of the line, whereas the code that handles unsplit headers does
+not advance the pointer. This extra advance causes the length to be
+one greater, which breaks an assumption in parse_line(), leading to
+it writing a NUL byte one byte past the end of the buffer where we
+reconstruct the line from the two packets.
+
+It's conceivable that an attacker controlled set of packets could
+cause this to zero out the first byte of the "next" pointer of the
+grub_mm_region structure following the current_line buffer.
+
+Do not advance the pointer in the split header case.
+
+Fixes: CVE-2022-28734
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2022-28734
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=ec6bfd3237394c1c7dbf2fd73417173318d22f4b
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/net/http.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/grub-core/net/http.c b/grub-core/net/http.c
+index f8d7bf0cd..33a0a28c4 100644
+--- a/grub-core/net/http.c
++++ b/grub-core/net/http.c
+@@ -190,9 +190,7 @@ http_receive (grub_net_tcp_socket_t sock __attribute__ ((unused)),
+ int have_line = 1;
+ char *t;
+ ptr = grub_memchr (nb->data, '\n', nb->tail - nb->data);
+- if (ptr)
+- ptr++;
+- else
++ if (ptr == NULL)
+ {
+ have_line = 0;
+ ptr = (char *) nb->tail;
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
new file mode 100644
index 0000000..7a59f10
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
@@ -0,0 +1,111 @@
+From 6fe755c5c07bb386fda58306bfd19e4a1c974c53 Mon Sep 17 00:00:00 2001
+From: Julian Andres Klode <julian.klode@canonical.com>
+Date: Thu, 2 Dec 2021 15:03:53 +0100
+Subject: [PATCH] kern/efi/sb: Reject non-kernel files in the shim_lock
+ verifier
+
+We must not allow other verifiers to pass things like the GRUB modules.
+Instead of maintaining a blocklist, maintain an allowlist of things
+that we do not care about.
+
+This allowlist really should be made reusable, and shared by the
+lockdown verifier, but this is the minimal patch addressing
+security concerns where the TPM verifier was able to mark modules
+as verified (or the OpenPGP verifier for that matter), when it
+should not do so on shim-powered secure boot systems.
+
+Fixes: CVE-2022-28735
+
+Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE:CVE-2022-28735
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6fe755c5c07bb386fda58306bfd19e4a1c974c53
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/kern/efi/sb.c | 39 ++++++++++++++++++++++++++++++++++++---
+ include/grub/verify.h | 1 +
+ 2 files changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
+index c52ec6226..89c4bb3fd 100644
+--- a/grub-core/kern/efi/sb.c
++++ b/grub-core/kern/efi/sb.c
+@@ -119,10 +119,11 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
+ void **context __attribute__ ((unused)),
+ enum grub_verify_flags *flags)
+ {
+- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
++ *flags = GRUB_VERIFY_FLAGS_NONE;
+
+ switch (type & GRUB_FILE_TYPE_MASK)
+ {
++ /* Files we check. */
+ case GRUB_FILE_TYPE_LINUX_KERNEL:
+ case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
+ case GRUB_FILE_TYPE_BSD_KERNEL:
+@@ -130,11 +131,43 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
+ case GRUB_FILE_TYPE_PLAN9_KERNEL:
+ case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
+ *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
++ return GRUB_ERR_NONE;
+
+- /* Fall through. */
++ /* Files that do not affect secureboot state. */
++ case GRUB_FILE_TYPE_NONE:
++ case GRUB_FILE_TYPE_LOOPBACK:
++ case GRUB_FILE_TYPE_LINUX_INITRD:
++ case GRUB_FILE_TYPE_OPENBSD_RAMDISK:
++ case GRUB_FILE_TYPE_XNU_RAMDISK:
++ case GRUB_FILE_TYPE_SIGNATURE:
++ case GRUB_FILE_TYPE_PUBLIC_KEY:
++ case GRUB_FILE_TYPE_PUBLIC_KEY_TRUST:
++ case GRUB_FILE_TYPE_PRINT_BLOCKLIST:
++ case GRUB_FILE_TYPE_TESTLOAD:
++ case GRUB_FILE_TYPE_GET_SIZE:
++ case GRUB_FILE_TYPE_FONT:
++ case GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY:
++ case GRUB_FILE_TYPE_CAT:
++ case GRUB_FILE_TYPE_HEXCAT:
++ case GRUB_FILE_TYPE_CMP:
++ case GRUB_FILE_TYPE_HASHLIST:
++ case GRUB_FILE_TYPE_TO_HASH:
++ case GRUB_FILE_TYPE_KEYBOARD_LAYOUT:
++ case GRUB_FILE_TYPE_PIXMAP:
++ case GRUB_FILE_TYPE_GRUB_MODULE_LIST:
++ case GRUB_FILE_TYPE_CONFIG:
++ case GRUB_FILE_TYPE_THEME:
++ case GRUB_FILE_TYPE_GETTEXT_CATALOG:
++ case GRUB_FILE_TYPE_FS_SEARCH:
++ case GRUB_FILE_TYPE_LOADENV:
++ case GRUB_FILE_TYPE_SAVEENV:
++ case GRUB_FILE_TYPE_VERIFY_SIGNATURE:
++ *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
++ return GRUB_ERR_NONE;
+
++ /* Other files. */
+ default:
+- return GRUB_ERR_NONE;
++ return grub_error (GRUB_ERR_ACCESS_DENIED, N_("prohibited by secure boot policy"));
+ }
+ }
+
+diff --git a/include/grub/verify.h b/include/grub/verify.h
+index cd129c398..672ae1692 100644
+--- a/include/grub/verify.h
++++ b/include/grub/verify.h
+@@ -24,6 +24,7 @@
+
+ enum grub_verify_flags
+ {
++ GRUB_VERIFY_FLAGS_NONE = 0,
+ GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
+ GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
+ /* Defer verification to another authority. */
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch
new file mode 100644
index 0000000..2db9bcb
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/video-Remove-trailing-whitespaces.patch
@@ -0,0 +1,693 @@
+From 1f48917d8ddb490dcdc70176e0f58136b7f7811a Mon Sep 17 00:00:00 2001
+From: Elyes Haouas <ehaouas@noos.fr>
+Date: Fri, 4 Mar 2022 07:42:13 +0100
+Subject: [PATCH] video: Remove trailing whitespaces
+
+Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=1f48917d8ddb490dcdc70176e0f58136b7f7811a
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/video/bochs.c | 2 +-
+ grub-core/video/capture.c | 2 +-
+ grub-core/video/cirrus.c | 4 ++--
+ grub-core/video/coreboot/cbfb.c | 2 +-
+ grub-core/video/efi_gop.c | 22 +++++++++----------
+ grub-core/video/fb/fbblit.c | 8 +++----
+ grub-core/video/fb/video_fb.c | 10 ++++-----
+ grub-core/video/i386/pc/vbe.c | 34 ++++++++++++++---------------
+ grub-core/video/i386/pc/vga.c | 6 ++---
+ grub-core/video/ieee1275.c | 4 ++--
+ grub-core/video/radeon_fuloong2e.c | 6 ++---
+ grub-core/video/radeon_yeeloong3a.c | 6 ++---
+ grub-core/video/readers/png.c | 2 +-
+ grub-core/video/readers/tga.c | 2 +-
+ grub-core/video/sis315_init.c | 2 +-
+ grub-core/video/sis315pro.c | 8 +++----
+ grub-core/video/sm712.c | 10 ++++-----
+ grub-core/video/video.c | 8 +++----
+ 18 files changed, 69 insertions(+), 69 deletions(-)
+
+diff --git a/grub-core/video/bochs.c b/grub-core/video/bochs.c
+index 30ea1bd82..edc651697 100644
+--- a/grub-core/video/bochs.c
++++ b/grub-core/video/bochs.c
+@@ -212,7 +212,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
+
+ if (((class >> 16) & 0xffff) != 0x0300 || pciid != 0x11111234)
+ return 0;
+-
++
+ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
+ framebuffer.base = grub_pci_read (addr) & GRUB_PCI_ADDR_MEM_MASK;
+ if (!framebuffer.base)
+diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c
+index 4d3195e01..c653d89f9 100644
+--- a/grub-core/video/capture.c
++++ b/grub-core/video/capture.c
+@@ -92,7 +92,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info,
+ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch);
+ if (!framebuffer.ptr)
+ return grub_errno;
+-
++
+ err = grub_video_fb_create_render_target_from_pointer (&framebuffer.render_target,
+ &framebuffer.mode_info,
+ framebuffer.ptr);
+diff --git a/grub-core/video/cirrus.c b/grub-core/video/cirrus.c
+index e2149e8ce..f5542ccdc 100644
+--- a/grub-core/video/cirrus.c
++++ b/grub-core/video/cirrus.c
+@@ -354,11 +354,11 @@ grub_video_cirrus_setup (unsigned int width, unsigned int height,
+ grub_uint8_t sr_ext = 0, hidden_dac = 0;
+
+ grub_vga_set_geometry (&config, grub_vga_cr_write);
+-
++
+ grub_vga_gr_write (GRUB_VGA_GR_MODE_256_COLOR | GRUB_VGA_GR_MODE_READ_MODE1,
+ GRUB_VGA_GR_MODE);
+ grub_vga_gr_write (GRUB_VGA_GR_GR6_GRAPHICS_MODE, GRUB_VGA_GR_GR6);
+-
++
+ grub_vga_sr_write (GRUB_VGA_SR_MEMORY_MODE_NORMAL, GRUB_VGA_SR_MEMORY_MODE);
+
+ grub_vga_cr_write ((config.pitch >> CIRRUS_CR_EXTENDED_DISPLAY_PITCH_SHIFT)
+diff --git a/grub-core/video/coreboot/cbfb.c b/grub-core/video/coreboot/cbfb.c
+index 9af81fa5b..986003c51 100644
+--- a/grub-core/video/coreboot/cbfb.c
++++ b/grub-core/video/coreboot/cbfb.c
+@@ -106,7 +106,7 @@ grub_video_cbfb_setup (unsigned int width, unsigned int height,
+
+ grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
+ grub_video_fbstd_colors);
+-
++
+ return err;
+ }
+
+diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
+index b7590dc6c..7a5054631 100644
+--- a/grub-core/video/efi_gop.c
++++ b/grub-core/video/efi_gop.c
+@@ -273,7 +273,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
+ grub_efi_status_t status;
+ struct grub_efi_gop_mode_info *info = NULL;
+ struct grub_video_mode_info mode_info;
+-
++
+ status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
+
+ if (status)
+@@ -390,7 +390,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ found = 1;
+ }
+ }
+-
++
+ if (!found)
+ {
+ unsigned mode;
+@@ -399,7 +399,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ {
+ grub_efi_uintn_t size;
+ grub_efi_status_t status;
+-
++
+ status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
+ if (status)
+ {
+@@ -472,11 +472,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
+ framebuffer.offscreen
+ = grub_malloc (framebuffer.mode_info.height
+- * framebuffer.mode_info.width
++ * framebuffer.mode_info.width
+ * sizeof (struct grub_efi_gop_blt_pixel));
+
+ buffer = framebuffer.offscreen;
+-
++
+ if (!buffer)
+ {
+ grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
+@@ -485,11 +485,11 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ &framebuffer.mode_info);
+ buffer = framebuffer.ptr;
+ }
+-
++
+ grub_dprintf ("video", "GOP: initialising FB @ %p %dx%dx%d\n",
+ framebuffer.ptr, framebuffer.mode_info.width,
+ framebuffer.mode_info.height, framebuffer.mode_info.bpp);
+-
++
+ err = grub_video_fb_create_render_target_from_pointer
+ (&framebuffer.render_target, &framebuffer.mode_info, buffer);
+
+@@ -498,15 +498,15 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ grub_dprintf ("video", "GOP: Couldn't create FB target\n");
+ return err;
+ }
+-
++
+ err = grub_video_fb_set_active_render_target (framebuffer.render_target);
+-
++
+ if (err)
+ {
+ grub_dprintf ("video", "GOP: Couldn't set FB target\n");
+ return err;
+ }
+-
++
+ err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
+ grub_video_fbstd_colors);
+
+@@ -514,7 +514,7 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ grub_dprintf ("video", "GOP: Couldn't set palette\n");
+ else
+ grub_dprintf ("video", "GOP: Success\n");
+-
++
+ return err;
+ }
+
+diff --git a/grub-core/video/fb/fbblit.c b/grub-core/video/fb/fbblit.c
+index d55924837..1010ef393 100644
+--- a/grub-core/video/fb/fbblit.c
++++ b/grub-core/video/fb/fbblit.c
+@@ -466,7 +466,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
+ for (i = 0; i < width; i++)
+ {
+ register grub_uint32_t col;
+- if (*srcptr == 0xf0)
++ if (*srcptr == 0xf0)
+ col = palette[16];
+ else
+ col = palette[*srcptr & 0xf];
+@@ -478,7 +478,7 @@ grub_video_fbblit_replace_24bit_indexa (struct grub_video_fbblit_info *dst,
+ *dstptr++ = col >> 0;
+ *dstptr++ = col >> 8;
+ *dstptr++ = col >> 16;
+-#endif
++#endif
+ srcptr++;
+ }
+
+@@ -651,7 +651,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
+ for (i = 0; i < width; i++)
+ {
+ register grub_uint32_t col;
+- if (*srcptr != 0xf0)
++ if (*srcptr != 0xf0)
+ {
+ col = palette[*srcptr & 0xf];
+ #ifdef GRUB_CPU_WORDS_BIGENDIAN
+@@ -662,7 +662,7 @@ grub_video_fbblit_blend_24bit_indexa (struct grub_video_fbblit_info *dst,
+ *dstptr++ = col >> 0;
+ *dstptr++ = col >> 8;
+ *dstptr++ = col >> 16;
+-#endif
++#endif
+ }
+ else
+ dstptr += 3;
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index ae6b89f9a..fa4ebde26 100644
+--- a/grub-core/video/fb/video_fb.c
++++ b/grub-core/video/fb/video_fb.c
+@@ -754,7 +754,7 @@ grub_video_fb_unmap_color_int (struct grub_video_fbblit_info * source,
+ *alpha = 0;
+ return;
+ }
+-
++
+ /* If we have an out-of-bounds color, return transparent black. */
+ if (color > 255)
+ {
+@@ -1141,7 +1141,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
+ /* If everything is aligned on 32-bit use 32-bit copy. */
+ if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
+ % sizeof (grub_uint32_t) == 0
+- && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y)
++ && (grub_addr_t) grub_video_fb_get_video_ptr (&target, dst_x, dst_y)
+ % sizeof (grub_uint32_t) == 0
+ && linelen % sizeof (grub_uint32_t) == 0
+ && linedelta % sizeof (grub_uint32_t) == 0)
+@@ -1155,7 +1155,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
+ else if ((grub_addr_t) grub_video_fb_get_video_ptr (&target, src_x, src_y)
+ % sizeof (grub_uint16_t) == 0
+ && (grub_addr_t) grub_video_fb_get_video_ptr (&target,
+- dst_x, dst_y)
++ dst_x, dst_y)
+ % sizeof (grub_uint16_t) == 0
+ && linelen % sizeof (grub_uint16_t) == 0
+ && linedelta % sizeof (grub_uint16_t) == 0)
+@@ -1170,7 +1170,7 @@ grub_video_fb_scroll (grub_video_color_t color, int dx, int dy)
+ {
+ grub_uint8_t *src, *dst;
+ DO_SCROLL
+- }
++ }
+ }
+
+ /* 4. Fill empty space with specified color. In this implementation
+@@ -1615,7 +1615,7 @@ grub_video_fb_setup (unsigned int mode_type, unsigned int mode_mask,
+ framebuffer.render_target = framebuffer.back_target;
+ return GRUB_ERR_NONE;
+ }
+-
++
+ mode_info->mode_type &= ~(GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
+ | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
+
+diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c
+index b7f911926..0e65b5206 100644
+--- a/grub-core/video/i386/pc/vbe.c
++++ b/grub-core/video/i386/pc/vbe.c
+@@ -219,7 +219,7 @@ grub_vbe_disable_mtrr (int mtrr)
+ }
+
+ /* Call VESA BIOS 0x4f09 to set palette data, return status. */
+-static grub_vbe_status_t
++static grub_vbe_status_t
+ grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
+ grub_uint32_t start_index,
+ struct grub_vbe_palette_data *palette_data)
+@@ -237,7 +237,7 @@ grub_vbe_bios_set_palette_data (grub_uint32_t color_count,
+ }
+
+ /* Call VESA BIOS 0x4f00 to get VBE Controller Information, return status. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
+ {
+ struct grub_bios_int_registers regs;
+@@ -251,7 +251,7 @@ grub_vbe_bios_get_controller_info (struct grub_vbe_info_block *ci)
+ }
+
+ /* Call VESA BIOS 0x4f01 to get VBE Mode Information, return status. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_get_mode_info (grub_uint32_t mode,
+ struct grub_vbe_mode_info_block *mode_info)
+ {
+@@ -285,7 +285,7 @@ grub_vbe_bios_set_mode (grub_uint32_t mode,
+ }
+
+ /* Call VESA BIOS 0x4f03 to return current VBE Mode, return status. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_get_mode (grub_uint32_t *mode)
+ {
+ struct grub_bios_int_registers regs;
+@@ -298,7 +298,7 @@ grub_vbe_bios_get_mode (grub_uint32_t *mode)
+ return regs.eax & 0xffff;
+ }
+
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_getset_dac_palette_width (int set, int *dac_mask_size)
+ {
+ struct grub_bios_int_registers regs;
+@@ -346,7 +346,7 @@ grub_vbe_bios_get_memory_window (grub_uint32_t window,
+ }
+
+ /* Call VESA BIOS 0x4f06 to set scanline length (in bytes), return status. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_set_scanline_length (grub_uint32_t length)
+ {
+ struct grub_bios_int_registers regs;
+@@ -354,14 +354,14 @@ grub_vbe_bios_set_scanline_length (grub_uint32_t length)
+ regs.ecx = length;
+ regs.eax = 0x4f06;
+ /* BL = 2, Set Scan Line in Bytes. */
+- regs.ebx = 0x0002;
++ regs.ebx = 0x0002;
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ grub_bios_interrupt (0x10, ®s);
+ return regs.eax & 0xffff;
+ }
+
+ /* Call VESA BIOS 0x4f06 to return scanline length (in bytes), return status. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
+ {
+ struct grub_bios_int_registers regs;
+@@ -377,7 +377,7 @@ grub_vbe_bios_get_scanline_length (grub_uint32_t *length)
+ }
+
+ /* Call VESA BIOS 0x4f07 to set display start, return status. */
+-static grub_vbe_status_t
++static grub_vbe_status_t
+ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
+ {
+ struct grub_bios_int_registers regs;
+@@ -390,7 +390,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
+ regs.edx = y;
+ regs.eax = 0x4f07;
+ /* BL = 80h, Set Display Start during Vertical Retrace. */
+- regs.ebx = 0x0080;
++ regs.ebx = 0x0080;
+ regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
+ grub_bios_interrupt (0x10, ®s);
+
+@@ -401,7 +401,7 @@ grub_vbe_bios_set_display_start (grub_uint32_t x, grub_uint32_t y)
+ }
+
+ /* Call VESA BIOS 0x4f07 to get display start, return status. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_get_display_start (grub_uint32_t *x,
+ grub_uint32_t *y)
+ {
+@@ -419,7 +419,7 @@ grub_vbe_bios_get_display_start (grub_uint32_t *x,
+ }
+
+ /* Call VESA BIOS 0x4f0a. */
+-grub_vbe_status_t
++grub_vbe_status_t
+ grub_vbe_bios_get_pm_interface (grub_uint16_t *segment, grub_uint16_t *offset,
+ grub_uint16_t *length)
+ {
+@@ -896,7 +896,7 @@ vbe2videoinfo (grub_uint32_t mode,
+ case GRUB_VBE_MEMORY_MODEL_YUV:
+ mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_YUV;
+ break;
+-
++
+ case GRUB_VBE_MEMORY_MODEL_DIRECT_COLOR:
+ mode_info->mode_type |= GRUB_VIDEO_MODE_TYPE_RGB;
+ break;
+@@ -923,10 +923,10 @@ vbe2videoinfo (grub_uint32_t mode,
+ break;
+ case 8:
+ mode_info->bytes_per_pixel = 1;
+- break;
++ break;
+ case 4:
+ mode_info->bytes_per_pixel = 0;
+- break;
++ break;
+ }
+
+ if (controller_info.version >= 0x300)
+@@ -976,7 +976,7 @@ grub_video_vbe_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
+
+ static grub_err_t
+ grub_video_vbe_setup (unsigned int width, unsigned int height,
+- grub_video_mode_type_t mode_type,
++ grub_video_mode_type_t mode_type,
+ grub_video_mode_type_t mode_mask)
+ {
+ grub_uint16_t *p;
+@@ -1193,7 +1193,7 @@ grub_video_vbe_print_adapter_specific_info (void)
+ controller_info.version & 0xFF,
+ controller_info.oem_software_rev >> 8,
+ controller_info.oem_software_rev & 0xFF);
+-
++
+ /* The total_memory field is in 64 KiB units. */
+ grub_printf_ (N_(" total memory: %d KiB\n"),
+ (controller_info.total_memory << 6));
+diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c
+index b2f776c99..50d0b5e02 100644
+--- a/grub-core/video/i386/pc/vga.c
++++ b/grub-core/video/i386/pc/vga.c
+@@ -48,7 +48,7 @@ static struct
+ int back_page;
+ } framebuffer;
+
+-static unsigned char
++static unsigned char
+ grub_vga_set_mode (unsigned char mode)
+ {
+ struct grub_bios_int_registers regs;
+@@ -182,10 +182,10 @@ grub_video_vga_setup (unsigned int width, unsigned int height,
+
+ is_target = 1;
+ err = grub_video_fb_set_active_render_target (framebuffer.render_target);
+-
++
+ if (err)
+ return err;
+-
++
+ err = grub_video_fb_set_palette (0, GRUB_VIDEO_FBSTD_NUMCOLORS,
+ grub_video_fbstd_colors);
+
+diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c
+index f437fb0df..ca3d3c3b2 100644
+--- a/grub-core/video/ieee1275.c
++++ b/grub-core/video/ieee1275.c
+@@ -233,7 +233,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
+ /* TODO. */
+ return grub_error (GRUB_ERR_IO, "can't set mode %dx%d", width, height);
+ }
+-
++
+ err = grub_video_ieee1275_fill_mode_info (dev, &framebuffer.mode_info);
+ if (err)
+ {
+@@ -260,7 +260,7 @@ grub_video_ieee1275_setup (unsigned int width, unsigned int height,
+
+ grub_video_ieee1275_set_palette (0, framebuffer.mode_info.number_of_colors,
+ grub_video_fbstd_colors);
+-
++
+ return err;
+ }
+
+diff --git a/grub-core/video/radeon_fuloong2e.c b/grub-core/video/radeon_fuloong2e.c
+index b4da34b5e..40917acb7 100644
+--- a/grub-core/video/radeon_fuloong2e.c
++++ b/grub-core/video/radeon_fuloong2e.c
+@@ -75,7 +75,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
+ if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
+ || pciid != 0x515a1002)
+ return 0;
+-
++
+ *found = 1;
+
+ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
+@@ -139,7 +139,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
+ framebuffer.mapped = 1;
+
+ /* Prevent garbage from appearing on the screen. */
+- grub_memset (framebuffer.ptr, 0x55,
++ grub_memset (framebuffer.ptr, 0x55,
+ framebuffer.mode_info.height * framebuffer.mode_info.pitch);
+
+ #ifndef TEST
+@@ -152,7 +152,7 @@ grub_video_radeon_fuloong2e_setup (unsigned int width, unsigned int height,
+ return err;
+
+ err = grub_video_fb_set_active_render_target (framebuffer.render_target);
+-
++
+ if (err)
+ return err;
+
+diff --git a/grub-core/video/radeon_yeeloong3a.c b/grub-core/video/radeon_yeeloong3a.c
+index 52614feb6..48631c181 100644
+--- a/grub-core/video/radeon_yeeloong3a.c
++++ b/grub-core/video/radeon_yeeloong3a.c
+@@ -74,7 +74,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
+ if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
+ || pciid != 0x96151002)
+ return 0;
+-
++
+ *found = 1;
+
+ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
+@@ -137,7 +137,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
+ #endif
+
+ /* Prevent garbage from appearing on the screen. */
+- grub_memset (framebuffer.ptr, 0,
++ grub_memset (framebuffer.ptr, 0,
+ framebuffer.mode_info.height * framebuffer.mode_info.pitch);
+
+ #ifndef TEST
+@@ -150,7 +150,7 @@ grub_video_radeon_yeeloong3a_setup (unsigned int width, unsigned int height,
+ return err;
+
+ err = grub_video_fb_set_active_render_target (framebuffer.render_target);
+-
++
+ if (err)
+ return err;
+
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index 0157ff742..54dfedf43 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -916,7 +916,7 @@ grub_png_convert_image (struct grub_png_data *data)
+ }
+ return;
+ }
+-
++
+ if (data->is_gray)
+ {
+ switch (data->bpp)
+diff --git a/grub-core/video/readers/tga.c b/grub-core/video/readers/tga.c
+index 7cb9d1d2a..a9ec3a1b6 100644
+--- a/grub-core/video/readers/tga.c
++++ b/grub-core/video/readers/tga.c
+@@ -127,7 +127,7 @@ tga_load_palette (struct tga_data *data)
+
+ if (len > sizeof (data->palette))
+ len = sizeof (data->palette);
+-
++
+ if (grub_file_read (data->file, &data->palette, len)
+ != (grub_ssize_t) len)
+ return grub_errno;
+diff --git a/grub-core/video/sis315_init.c b/grub-core/video/sis315_init.c
+index ae5c1419c..09c3c7bbe 100644
+--- a/grub-core/video/sis315_init.c
++++ b/grub-core/video/sis315_init.c
+@@ -1,4 +1,4 @@
+-static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] =
++static const struct { grub_uint8_t reg; grub_uint8_t val; } sr_dump [] =
+ {
+ { 0x28, 0x81 },
+ { 0x2a, 0x00 },
+diff --git a/grub-core/video/sis315pro.c b/grub-core/video/sis315pro.c
+index 22a0c85a6..4d2f9999a 100644
+--- a/grub-core/video/sis315pro.c
++++ b/grub-core/video/sis315pro.c
+@@ -103,7 +103,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
+ if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
+ || pciid != GRUB_SIS315PRO_PCIID)
+ return 0;
+-
++
+ *found = 1;
+
+ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
+@@ -218,7 +218,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
+
+ #ifndef TEST
+ /* Prevent garbage from appearing on the screen. */
+- grub_memset (framebuffer.ptr, 0,
++ grub_memset (framebuffer.ptr, 0,
+ framebuffer.mode_info.height * framebuffer.mode_info.pitch);
+ grub_arch_sync_dma_caches (framebuffer.ptr,
+ framebuffer.mode_info.height
+@@ -231,7 +231,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
+ | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
+ | GRUB_VGA_IO_MISC_28MHZ
+ | GRUB_VGA_IO_MISC_ENABLE_VRAM_ACCESS
+- | GRUB_VGA_IO_MISC_COLOR,
++ | GRUB_VGA_IO_MISC_COLOR,
+ GRUB_VGA_IO_MISC_WRITE + GRUB_MACHINE_PCI_IO_BASE);
+
+ grub_vga_sr_write (0x86, 5);
+@@ -335,7 +335,7 @@ grub_video_sis315pro_setup (unsigned int width, unsigned int height,
+ {
+ if (read_sis_cmd (0x5) != 0xa1)
+ write_sis_cmd (0x86, 0x5);
+-
++
+ write_sis_cmd (read_sis_cmd (0x20) | 0xa1, 0x20);
+ write_sis_cmd (read_sis_cmd (0x1e) | 0xda, 0x1e);
+
+diff --git a/grub-core/video/sm712.c b/grub-core/video/sm712.c
+index 10c46eb65..65f59f84b 100644
+--- a/grub-core/video/sm712.c
++++ b/grub-core/video/sm712.c
+@@ -167,7 +167,7 @@ enum
+ GRUB_SM712_CR_SHADOW_VGA_VBLANK_START = 0x46,
+ GRUB_SM712_CR_SHADOW_VGA_VBLANK_END = 0x47,
+ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_START = 0x48,
+- GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,
++ GRUB_SM712_CR_SHADOW_VGA_VRETRACE_END = 0x49,
+ GRUB_SM712_CR_SHADOW_VGA_OVERFLOW = 0x4a,
+ GRUB_SM712_CR_SHADOW_VGA_CELL_HEIGHT = 0x4b,
+ GRUB_SM712_CR_SHADOW_VGA_HDISPLAY_END = 0x4c,
+@@ -375,7 +375,7 @@ find_card (grub_pci_device_t dev, grub_pci_id_t pciid, void *data)
+ if (((class >> 16) & 0xffff) != GRUB_PCI_CLASS_SUBCLASS_VGA
+ || pciid != GRUB_SM712_PCIID)
+ return 0;
+-
++
+ *found = 1;
+
+ addr = grub_pci_make_address (dev, GRUB_PCI_REG_ADDRESS_REG0);
+@@ -471,7 +471,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
+
+ #if !defined (TEST) && !defined(GENINIT)
+ /* Prevent garbage from appearing on the screen. */
+- grub_memset ((void *) framebuffer.cached_ptr, 0,
++ grub_memset ((void *) framebuffer.cached_ptr, 0,
+ framebuffer.mode_info.height * framebuffer.mode_info.pitch);
+ #endif
+
+@@ -482,7 +482,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
+ grub_sm712_sr_write (0x2, 0x6b);
+ grub_sm712_write_reg (0, GRUB_VGA_IO_PIXEL_MASK);
+ grub_sm712_sr_write (GRUB_VGA_SR_RESET_ASYNC, GRUB_VGA_SR_RESET);
+- grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY
++ grub_sm712_write_reg (GRUB_VGA_IO_MISC_NEGATIVE_VERT_POLARITY
+ | GRUB_VGA_IO_MISC_NEGATIVE_HORIZ_POLARITY
+ | GRUB_VGA_IO_MISC_UPPER_64K
+ | GRUB_VGA_IO_MISC_EXTERNAL_CLOCK_0
+@@ -694,7 +694,7 @@ grub_video_sm712_setup (unsigned int width, unsigned int height,
+ for (i = 0; i < ARRAY_SIZE (dda_lookups); i++)
+ grub_sm712_write_dda_lookup (i, dda_lookups[i].compare, dda_lookups[i].dda,
+ dda_lookups[i].vcentering);
+-
++
+ /* Undocumented */
+ grub_sm712_cr_write (0, 0x9c);
+ grub_sm712_cr_write (0, 0x9d);
+diff --git a/grub-core/video/video.c b/grub-core/video/video.c
+index 983424107..8937da745 100644
+--- a/grub-core/video/video.c
++++ b/grub-core/video/video.c
+@@ -491,13 +491,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
+ current_mode);
+
+ param++;
+-
++
+ *width = grub_strtoul (value, 0, 0);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("invalid video mode specification `%s'"),
+ current_mode);
+-
++
+ /* Find height value. */
+ value = param;
+ param = grub_strchr(param, 'x');
+@@ -513,13 +513,13 @@ parse_modespec (const char *current_mode, int *width, int *height, int *depth)
+ {
+ /* We have optional color depth value. */
+ param++;
+-
++
+ *height = grub_strtoul (value, 0, 0);
+ if (grub_errno != GRUB_ERR_NONE)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("invalid video mode specification `%s'"),
+ current_mode);
+-
++
+ /* Convert color depth value. */
+ value = param;
+ *depth = grub_strtoul (value, 0, 0);
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
new file mode 100644
index 0000000..0c7deae
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
@@ -0,0 +1,264 @@
+From d5caac8ab79d068ad9a41030c772d03a4d4fbd7b Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 28 Jun 2021 14:16:14 +1000
+Subject: [PATCH] video/readers/jpeg: Abort sooner if a read operation fails
+
+Fuzzing revealed some inputs that were taking a long time, potentially
+forever, because they did not bail quickly upon encountering an I/O error.
+
+Try to catch I/O errors sooner and bail out.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=d5caac8ab79d068ad9a41030c772d03a4d4fbd7b
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/video/readers/jpeg.c | 86 +++++++++++++++++++++++++++-------
+ 1 file changed, 70 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index c47ffd651..806c56c78 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -109,9 +109,17 @@ static grub_uint8_t
+ grub_jpeg_get_byte (struct grub_jpeg_data *data)
+ {
+ grub_uint8_t r;
++ grub_ssize_t bytes_read;
+
+ r = 0;
+- grub_file_read (data->file, &r, 1);
++ bytes_read = grub_file_read (data->file, &r, 1);
++
++ if (bytes_read != 1)
++ {
++ grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "jpeg: unexpected end of data");
++ return 0;
++ }
+
+ return r;
+ }
+@@ -120,9 +128,17 @@ static grub_uint16_t
+ grub_jpeg_get_word (struct grub_jpeg_data *data)
+ {
+ grub_uint16_t r;
++ grub_ssize_t bytes_read;
+
+ r = 0;
+- grub_file_read (data->file, &r, sizeof (grub_uint16_t));
++ bytes_read = grub_file_read (data->file, &r, sizeof (grub_uint16_t));
++
++ if (bytes_read != sizeof (grub_uint16_t))
++ {
++ grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "jpeg: unexpected end of data");
++ return 0;
++ }
+
+ return grub_be_to_cpu16 (r);
+ }
+@@ -135,6 +151,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data)
+ if (data->bit_mask == 0)
+ {
+ data->bit_save = grub_jpeg_get_byte (data);
++ if (grub_errno != GRUB_ERR_NONE) {
++ grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "jpeg: file read error");
++ return 0;
++ }
+ if (data->bit_save == JPEG_ESC_CHAR)
+ {
+ if (grub_jpeg_get_byte (data) != 0)
+@@ -143,6 +164,11 @@ grub_jpeg_get_bit (struct grub_jpeg_data *data)
+ "jpeg: invalid 0xFF in data stream");
+ return 0;
+ }
++ if (grub_errno != GRUB_ERR_NONE)
++ {
++ grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: file read error");
++ return 0;
++ }
+ }
+ data->bit_mask = 0x80;
+ }
+@@ -161,7 +187,7 @@ grub_jpeg_get_number (struct grub_jpeg_data *data, int num)
+ return 0;
+
+ msb = value = grub_jpeg_get_bit (data);
+- for (i = 1; i < num; i++)
++ for (i = 1; i < num && grub_errno == GRUB_ERR_NONE; i++)
+ value = (value << 1) + (grub_jpeg_get_bit (data) != 0);
+ if (!msb)
+ value += 1 - (1 << num);
+@@ -208,6 +234,8 @@ grub_jpeg_decode_huff_table (struct grub_jpeg_data *data)
+ while (data->file->offset + sizeof (count) + 1 <= next_marker)
+ {
+ id = grub_jpeg_get_byte (data);
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ ac = (id >> 4) & 1;
+ id &= 0xF;
+ if (id > 1)
+@@ -258,6 +286,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
+
+ next_marker = data->file->offset;
+ next_marker += grub_jpeg_get_word (data);
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+
+ if (next_marker > data->file->size)
+ {
+@@ -269,6 +299,8 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
+ <= next_marker)
+ {
+ id = grub_jpeg_get_byte (data);
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ if (id >= 0x10) /* Upper 4-bit is precision. */
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: only 8-bit precision is supported");
+@@ -300,6 +332,9 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
+ next_marker = data->file->offset;
+ next_marker += grub_jpeg_get_word (data);
+
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
++
+ if (grub_jpeg_get_byte (data) != 8)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: only 8-bit precision is supported");
+@@ -325,6 +360,8 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index");
+
+ ss = grub_jpeg_get_byte (data); /* Sampling factor. */
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ if (!id)
+ {
+ grub_uint8_t vs, hs;
+@@ -504,7 +541,7 @@ grub_jpeg_idct_transform (jpeg_data_unit_t du)
+ }
+ }
+
+-static void
++static grub_err_t
+ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
+ {
+ int h1, h2, qt;
+@@ -519,6 +556,9 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
+ data->dc_value[id] +=
+ grub_jpeg_get_number (data, grub_jpeg_get_huff_code (data, h1));
+
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
++
+ du[0] = data->dc_value[id] * (int) data->quan_table[qt][0];
+ pos = 1;
+ while (pos < ARRAY_SIZE (data->quan_table[qt]))
+@@ -533,11 +573,13 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
+ num >>= 4;
+ pos += num;
+
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
++
+ if (pos >= ARRAY_SIZE (jpeg_zigzag_order))
+ {
+- grub_error (GRUB_ERR_BAD_FILE_TYPE,
+- "jpeg: invalid position in zigzag order!?");
+- return;
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "jpeg: invalid position in zigzag order!?");
+ }
+
+ du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos];
+@@ -545,6 +587,7 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
+ }
+
+ grub_jpeg_idct_transform (du);
++ return GRUB_ERR_NONE;
+ }
+
+ static void
+@@ -603,7 +646,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
+ data_offset += grub_jpeg_get_word (data);
+
+ cc = grub_jpeg_get_byte (data);
+-
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ if (cc != 3 && cc != 1)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ "jpeg: component count must be 1 or 3");
+@@ -616,7 +660,8 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
+ id = grub_jpeg_get_byte (data) - 1;
+ if ((id < 0) || (id >= 3))
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid index");
+-
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ ht = grub_jpeg_get_byte (data);
+ data->comp_index[id][1] = (ht >> 4);
+ data->comp_index[id][2] = (ht & 0xF) + 2;
+@@ -624,11 +669,14 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
+ if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) ||
+ (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3))
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index");
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ }
+
+ grub_jpeg_get_byte (data); /* Skip 3 unused bytes. */
+ grub_jpeg_get_word (data);
+-
++ if (grub_errno != GRUB_ERR_NONE)
++ return grub_errno;
+ if (data->file->offset != data_offset)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
+
+@@ -646,6 +694,7 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
+ {
+ unsigned c1, vb, hb, nr1, nc1;
+ int rst = data->dri;
++ grub_err_t err = GRUB_ERR_NONE;
+
+ vb = 8 << data->log_vs;
+ hb = 8 << data->log_hs;
+@@ -666,17 +715,22 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
+
+ for (r2 = 0; r2 < (1U << data->log_vs); r2++)
+ for (c2 = 0; c2 < (1U << data->log_hs); c2++)
+- grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]);
++ {
++ err = grub_jpeg_decode_du (data, 0, data->ydu[r2 * 2 + c2]);
++ if (err != GRUB_ERR_NONE)
++ return err;
++ }
+
+ if (data->color_components >= 3)
+ {
+- grub_jpeg_decode_du (data, 1, data->cbdu);
+- grub_jpeg_decode_du (data, 2, data->crdu);
++ err = grub_jpeg_decode_du (data, 1, data->cbdu);
++ if (err != GRUB_ERR_NONE)
++ return err;
++ err = grub_jpeg_decode_du (data, 2, data->crdu);
++ if (err != GRUB_ERR_NONE)
++ return err;
+ }
+
+- if (grub_errno)
+- return grub_errno;
+-
+ nr2 = (data->r1 == nr1 - 1) ? (data->image_height - data->r1 * vb) : vb;
+ nc2 = (c1 == nc1 - 1) ? (data->image_width - c1 * hb) : hb;
+
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
new file mode 100644
index 0000000..91ecaad
--- /dev/null
+++ b/poky/meta/recipes-bsp/grub/files/video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
@@ -0,0 +1,53 @@
+From 166a4d61448f74745afe1dac2f2cfb85d04909bf Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 28 Jun 2021 14:25:17 +1000
+Subject: [PATCH] video/readers/jpeg: Refuse to handle multiple start of
+ streams
+
+An invalid file could contain multiple start of stream blocks, which
+would cause us to reallocate and leak our bitmap. Refuse to handle
+multiple start of streams.
+
+Additionally, fix a grub_error() call formatting.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=166a4d61448f74745afe1dac2f2cfb85d04909bf
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ grub-core/video/readers/jpeg.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 2284a6c06..579bbe8a4 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -683,6 +683,9 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
+ if (data->file->offset != data_offset)
+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: extra byte in sos");
+
++ if (*data->bitmap)
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: too many start of scan blocks");
++
+ if (grub_video_bitmap_create (data->bitmap, data->image_width,
+ data->image_height,
+ GRUB_VIDEO_BLIT_FORMAT_RGB_888))
+@@ -705,8 +708,8 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
+ nc1 = (data->image_width + hb - 1) >> (3 + data->log_hs);
+
+ if (data->bitmap_ptr == NULL)
+- return grub_error(GRUB_ERR_BAD_FILE_TYPE,
+- "jpeg: attempted to decode data before start of stream");
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ "jpeg: attempted to decode data before start of stream");
+
+ for (; data->r1 < nr1 && (!data->dri || rst);
+ data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
+--
+2.34.1
+
diff --git a/poky/meta/recipes-bsp/grub/grub2.inc b/poky/meta/recipes-bsp/grub/grub2.inc
index 45852ab..47ea561 100644
--- a/poky/meta/recipes-bsp/grub/grub2.inc
+++ b/poky/meta/recipes-bsp/grub/grub2.inc
@@ -22,6 +22,16 @@
file://0001-RISC-V-Restore-the-typcast-to-long.patch \
file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
file://0001-configure.ac-Use-_zicsr_zifencei-extentions-on-riscv.patch \
+ file://video-Remove-trailing-whitespaces.patch \
+ file://CVE-2021-3695-video-readers-png-Drop-greyscale-support-to-fix-heap.patch \
+ file://CVE-2021-3696-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff.patch \
+ file://video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch \
+ file://video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch \
+ file://CVE-2021-3697-video-readers-jpeg-Block-int-underflow-wild-pointer.patch \
+ file://CVE-2022-28733-net-ip-Do-IP-fragment-maths-safely.patch \
+ file://CVE-2022-28734-net-http-Fix-OOB-write-for-split-http-headers.patch \
+ file://CVE-2022-28734-net-http-Error-out-on-headers-with-LF-without-CR.patch \
+ file://CVE-2022-28735-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch \
"
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
diff --git a/poky/meta/recipes-bsp/setserial/setserial/0001-setserial.c-Add-needed-system-headers-for-ioctl-and-.patch b/poky/meta/recipes-bsp/setserial/setserial/0001-setserial.c-Add-needed-system-headers-for-ioctl-and-.patch
new file mode 100644
index 0000000..10c6ae8
--- /dev/null
+++ b/poky/meta/recipes-bsp/setserial/setserial/0001-setserial.c-Add-needed-system-headers-for-ioctl-and-.patch
@@ -0,0 +1,41 @@
+From 9bbb342f5d9ad5dc75486fd35ada8e287ba19299 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 15 Aug 2022 13:03:17 -0700
+Subject: [PATCH] setserial.c: Add needed system headers for ioctl() and
+ close() calls
+
+Add int return type for main() function
+
+Fixes
+error: type specifier missing, defaults to 'int'; ISO C99 and later do not support implicit int [-Wimplicit-int]
+error: call to undeclared function 'close'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declarat
+ion]
+
+Upstream-Status: Submitted [https://sourceforge.net/p/setserial/discussion/7060/thread/95d874c12c/]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ setserial.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/setserial.c b/setserial.c
+index bfda8fd..6a95513 100644
+--- a/setserial.c
++++ b/setserial.c
+@@ -16,6 +16,8 @@
+ #include <termios.h>
+ #include <string.h>
+ #include <errno.h>
++#include <unistd.h>
++#include <sys/ioctl.h>
+
+ #ifdef HAVE_ASM_IOCTLS_H
+ #include <asm/ioctls.h>
+@@ -715,7 +717,7 @@ fprintf(stderr, "\t* port\t\tset the I/O port\n");
+ exit(1);
+ }
+
+-main(int argc, char **argv)
++int main(int argc, char **argv)
+ {
+ int get_flag = 0, wild_intr_flag = 0;
+ int c;
diff --git a/poky/meta/recipes-bsp/setserial/setserial_2.17.bb b/poky/meta/recipes-bsp/setserial/setserial_2.17.bb
index 5b31cd1..e46aeb9 100644
--- a/poky/meta/recipes-bsp/setserial/setserial_2.17.bb
+++ b/poky/meta/recipes-bsp/setserial/setserial_2.17.bb
@@ -15,7 +15,8 @@
SRC_URI = "${SOURCEFORGE_MIRROR}/setserial/${BPN}-${PV}.tar.gz \
file://add_stdlib.patch \
file://ldflags.patch \
- "
+ file://0001-setserial.c-Add-needed-system-headers-for-ioctl-and-.patch \
+ "
SRC_URI[md5sum] = "c4867d72c41564318e0107745eb7a0f2"
SRC_URI[sha256sum] = "7e4487d320ac31558563424189435d396ddf77953bb23111a17a3d1487b5794a"