subtree updates: openembedded poky
poky: fb1853c66c..0907793d5e:
Alexander Kanavin (30):
sudo: update 1.9.12p2 -> 1.9.13p2
procps: update 3.3.17 -> 4.0.3
selftest/overlayfs: enable systemd via INIT_MANAGER
systemd: update 252.5 -> 253.1
dpkg: update 1.21.20 -> 1.21.21
libdnf: update 0.69.0 -> 0.70.0
ethtool: update 6.1 -> 6.2
iptables: update 1.8.8 -> 1.8.9
util-macros: do not probe into host triplet when checking manpage section names
encodings: update 1.0.6 -> 1.0.7
font-alias: update 1.0.4 -> 1.0.5
sqlite3: update 3.40.1 -> 3.41.0
enchant2: upgrade 2.3.3 -> 2.3.4
make: upgrade 4.4 -> 4.4.1
vte: upgrade 0.70.2 -> 0.70.3
pango: upgrade 1.50.12 -> 1.50.13
libnotify: upgrade 0.8.1 -> 0.8.2
puzzles: upgrade to latest revision
iproute2: upgrade 6.1.0 -> 6.2.0
bind: upgrade 9.18.11 -> 9.18.12
stress-ng: remove obsolete patch
piglit: upgrade to latest revision
apt: re-enable version check
devtool/upgrade: do not delete the workspace/recipes directory
runqemu: direct mesa to use its own drivers, rather than ones provided by host distro
mesa: allow mesa-native/nativesdk only subject to opengl/vulkan DISTRO_FEATURE
mesa: enable a rich set of drivers for native builds
llvm: allow building libllvm in native builds, subject to PACKAGECONFIG
mesa: do not strip rpaths from dri drivers
mesa: update 22.3.5 -> 23.0.0
Alexandre Belloni (2):
pseudo: Update to pull in fd leak fix
stress-ng: upgrade 0.15.04 -> 0.15.06
Alexis Lothoré (8):
scripts/resulttool: call fixup_ptest_names in regression_common
oeqa/selftest/resulttool: fix ptest filtering tests
oeqa/selftest/resulttool: fix fake data used for testing
scripts/resulttool: fix ptests results containing a non reproducible path
oeqa/selftest/resulttool: add test for error propagation in test name filtering
scripts/resulttool: do not count newly passing tests as regressions
scripts/yocto_testresults_query.py: set proper branches when using resulttool
scripts/yocto_testresults_query.py: fix regression reports for branches with slashes
Andrew Geissler (1):
filemap.py: enforce maximum of 4kb block size
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Bruce Ashfield (12):
perf: fix buildpaths QA warning
lttng-modules: update to v2.13.9
lttng-modules: fix for v6.3+ kernels
linux-yocto/6.1: update to v6.1.15
linux-yocto/5.15: update to v5.15.98
linux-yocto/6.1: update to v6.1.20
linux-yocto/5.15: update to v5.15.103
kernel-devsrc: fix mismatched compiler warning
linux-yocto-dev: bump to v6.3
kernel/kernel-devsrc: powerpc: add elfutils dependency
yocto-bsp/6.1: update reference boards to v6.1.20
yocto-bsp/5.15: update to v5.15.103
Carlos Alberto Lopez Perez (1):
mesa-demos: packageconfig weston should have a dependency on wayland-protocols
Changqing Li (1):
cpio: fix ptest failure
Chen Qi (4):
Revert "systemd-systemctl: Create machine-id with "uninitialized" text in it"
rpm: fix RPM_ETCCONFIGDIR value in SDK
debugedit: add recipe
rpm: add back find-debuginfo support
Clément Péron (2):
qemu: split out qemu-guest-agent, add startup scripts
runqemu: add an option to enable guest-agent virtio device
Daniel Ammann (1):
bitbake: fetch2/sftp: Fix fetching URIs with spaces
Dmitry Baryshkov (1):
mesa: import patch from upstream to fix tools build on musl
Fawzi KHABER (4):
bitbake: doc: ref-variables: add LAYERSERIES_COMPAT to term glossary
bitbake: bitbake-user-manual: update Hello World example
package.bbclass: check packages name conflict in do_package
oeqa/selftest/cases/package.py: adding unittest for package rename conflicts
Frederic Martinsons (7):
cargo.bbclass: use offline mode for building
bitbake: crate.py: authorize crate url with parameters
cargo-update-recipe-crates: generate checksum for each crates
python3-bcrypt: add crates checksums
python3-cryptography: add crates checksums
bitbake: fetch2: Add checksum capability for crate fetcher
bitbake: crate.py: make checksum verification mandatory
Geoffrey GIRY (1):
cve-check: Fix false negative version issue
James R T (1):
bitbake: ConfHandler: Allow the '@' character in variable flag names
Jialing Zhang (5):
class-recipe: add support for loongarch64
Do not remove the -m option for loongarch64
image-uefi: add support for loongarch64
add support for loongarch64
recipes: add support for loongarch64
Jose Quaresma (5):
go: fix some linkshared regression introduced in go 1.20
buildstats-summary: add an option to disable bold
oeqs/selftest: OESelftestTestContext: replace the os.environ after subprocess.check_output
oeqa/selftest: OESelftestTestContext: convert relative to full path when newbuilddir is provided
oeqa/selftest/reproducible: Split different packages from missing packages output
Joshua Watt (1):
runqemu: Fix TypeError when command fails
Kai Kang (1):
grub2: support metadata_csum_seed feature
Kenfe-Mickael Laventure (3):
buildtools-tarball: Handle spaces within user $PATH
toolchain-scripts: Handle spaces within user $PATH
populate_sdk_ext: Handle spaces within user $PATH
Khem Raj (9):
libcomps: Fix callback function prototype for PyCOMPS_hash
rpm: Fix hdr_hash function prototype
binutils: Enable --enable-new-dtags
systemd: Fix musl fix patch
systemd.bbclass: Add /usr/lib/systemd to searchpaths as well
systemtap: Disable dangling-pointer warning
glibc: Disable warnings as errors
vte: Upgrade to 0.72.0
Revert "runqemu: Add workaround for APIC hang on pre 4.15 kernels on qemux86"
Lee Chee Yang (2):
migration-guides: add release-notes for 4.0.8
migration-guides: add release-notes for 4.1.3
Maanya Goenka (1):
create-spdx: fix config build by adding dependency to enable reruns
Mark Asselstine (1):
bitbake: build: Make python output print to stdout when running with -v (verbose)
Mark Hatle (3):
bitbake: wget.py: Add catch TimeoutError exception
bitbake: wget.py: Combine urlopener exceptions
tcf-agent: Update to current version
Markus Volk (1):
gtk4: update 4.8.3 -> 4.10.0
Martin Jansa (22):
file: add few more PACKAGECONFIGs to avoid autodetected deps from host
npm.bbclass: avoid DeprecationWarning with new python
timezone: use 'tz' subdir instead of ${WORKDIR} directly
tzdata: use separate B instead of WORKDIR for zic output
git-submodule-test: disable upstream version check
tzcode-native: fix build with gcc-13 on host
selftest: devtool: set BB_HASHSERVE_UPSTREAM when setting SSTATE_MIRROR
selftest: wic: respect IMAGE_LINK_NAME
selftest: wic: respect IMAGE_LINK_NAME also in test_rawcopy_plugin_qemu
selftest: runqemu: respect IMAGE_LINK_NAME
image-artifact-names.bbclass: add INITRAMFS_IMAGE_NAME from kernel.bbclass
selftest: fitimage.py: respect INITRAMFS_IMAGE_NAME and KERNEL_FIT_LINK_NAME
image-artifact-names: add IMAGE_MACHINE_SUFFIX variable
selftest: gdbserver.py: respect IMAGE_LINK_NAME
selftest: minidebuginfo.py respect IMAGE_LINK_NAME
runqemu: get_first_file() rename cmd* to glob*
selftest: imagefeatures.py: respect IMAGE_LINK_NAME for debugfs and manifest as well
oeqa: loader.py: show warning when skipping selected module and abort if all are skipped
bmap-tools: switch to main branch
python3-scons: upgrade to v4.5.2
selftest: systemd_boot.py: respect IMAGE_LINK_NAME
selftest: eSDK rename to esdk
Martin Larsson (1):
libpam: Remove flex dependency
Michael Halstead (1):
selftest/runtime_test/virgl: Disable for all Rocky Linux
Michael Opdenacker (7):
ref-manual: clarify explanations about feature backfilling
overview-manual: add missing link to BitBake User Manual
manuals: simplify references to the BitBake User Manual
poky.yaml.in, system-requirements.rst: update system requirements
ref-manual: system-requirements.rst: simplify supported distro requirements
ref-manual: variables.rst: update LAYERSERIES_COMPAT
bitbake: bitbake-user-manual: fix links to supported release manuals
Mikko Rapeli (1):
oeqa rtc.py: skip if read-only-rootfs
Ming Liu (1):
linux: inherit pkgconfig in kernel.bbclass
Mingli Yu (4):
mdadm: Fix testcase 06wrmostly
mdadm: fix tests/02lineargrow
mdadm: Fix raid0 tests
mdadm: fix tests/00raid0
Ovidiu Panait (1):
gobject-introspection: inherit python3targetconfig
Peter Marko (2):
go: use go as CVE product for all golang recipe veriants
gcc-shared-source: do not use ${S}/.. in deploy_source_date_epoch
Piotr Łobacz (1):
systemd: fix wrong nobody-group assignment
Randy MacLeod (3):
valgrind: Disable drd/tests/bar_bad ptest
openssl: update from 3.0.8 to 3.1.0
vim: upgrade 9.0.1403 -> 9.0.1429
Richard Purdie (52):
gdb: Fix occasional build failure
staging: Separate out different multiconfig manifests
bitbake: server/xmlrpc: Fix after currentAsyncCommand locking changes
gdb: Mark patch as backport
glibc: Add missing binutils dependency
glibc: Update sstate/equiv versions to clean cache
staging/multilib: Fix manifest corruption
m4/opkg/ethtool/attr/libgpg-error: Add missing bash ptest dependency
openssl: Add missing ptest dependency on openssl-bin
valgrind: Add missing utf-32 gconv dependency for ptests
perl: Add missing procps-ps dependency for ptests
acl/attr: ptest fixes and improvements
m4: Add missing ptest dependency
libmodule-build-perl: Fix ptest dependencies
bc: Fix ptest test output naming
findutils: Fix ptest dependency issue
gawk: Fix ptest dependency
libconvert-asn1-perl: Fix ptest dependencies
libxml-sax-perl: Fix ptest dependencies
babeltrace2: Fix ptest execution in minimal images and add debug info
babeltrace: Fix ptest dependency
lttng-tools: Improve ptest debugging and fix dependencies
gettext: Add missing bash ptest dependency
glibc-tests: Add missing bash ptest dependency
opkg: Add missing python module ptest dependencies
libxml-perl: Add missing perl module ptest dependencies
gstreamer1.0: Add missing gconv ptest dependency
gnutls: Add missing python ptest dependency
busybox: Fix ptest dependencies
selftest/recipetool: Stop test corrupting tinfoil class
oeqa/selftest/sstate: Merge sstate test class with tests themselves
oeqa/selftest/sstate: Move common code to base class
oeqa/selftest/sstate: Split classes to allow more parallelism
base-files: Drop localhost.localdomain from hosts file
core-image-ptest: Switch to BBCLASSEXTEND parallel execution
ptest-packagelists: Simplify ptest list/code
scripts/combo-layer: Fix python deprecation warning
pybootchartui: Fix python syntax issue
pybootchart: Fix extents handling to account for cpu/io/mem pressure changes
matchbox-wm: Update 1.2.2 -> 1.2.3
matchbox-panel-2: Update 2.11 -> 2.12
matchbox-desktop-2: Update 2.2 -> 2.3
matchbox-terminal: Update to latest SRCREV
matchbox-config-gtk: Update to latest SRCREV
matchbox-terminal: Fix PV to match standard format
openssl: Fix reproducibility issue
resulttool: Improve overlapping ptest result reporting
poky-bleeding: Update and rework
bitbake: fetch2: Rename __BBSEENSRCREV -> __BBSRCREV_SEEN
bitbake: fetch2: Add autorev warning when it is set too late
abi_version/sstate: Handle pkgconfig output changes and bump output versions
bitbake: fetch2/local: Mention the value of localpath in failure message
Robert Joslyn (1):
curl: Update from 7.88.1 to 8.0.1
Robert Yang (3):
bitbake: fetch/git: Fix local clone url to make it work with repo
bitbake: cache: Make EXCLUDE_FROM_WORLD boolean
bitbake: bitbake: bitbake-user-manual: Update EXCLUDE_FROM_WORLD
Romuald JEANNE (1):
image_types: fix vname var init in multiubi_mkfs() function
Romuald Jeanne (2):
image_types: fix multiubi var init
oeqa/selftest/imagefeatures: set a test for mutliubi in test_image_fstypes
Ross Burton (35):
vim: add missing pkgconfig inherit
shadow: ignore CVE-2016-15024
epiphany: upgrade to 43.1
manpages: use an intercept to run mandb
oeqa/selftest/imagefeatures: add test for man-db
systemd: add ignore for CVE-2022-4415
meson: remove obsolete RPATH stripping patch
poky: set MAINTAINER clearly
vim: set modified-by to the recipe MAINTAINER
vim: upgrade to 9.0.1403
lib/resulttool: fix typo breaking resulttool log --ptest
resulttool: add log --list-ptest
python3-numpy: add missing dependency for the tests
python3: missing ptest dependencies
python3: add missing -modules dependencies
python3-unittest-automake-output: add new recipe for ptest integration
python3-atomicwrites: use python3-unittest-automake-output
python3-bcrypt: use python3-unittest-automake-output
python3-cryptography: use python3-unittest-automake-output
python3-hypothesis: use python3-unittest-automake-output
python3-jinja2: use python3-unittest-automake-output
python3-markupsafe: use python3-unittest-automake-output
python3-more-itertools: use python3-unittest-automake-output
python3-pluggy: use python3-unittest-automake-output
python3-pyasn1: : use python3-unittest-automake-output
python3-pytz: use python3-unittest-automake-output
python3-wcwidth: use python3-unittest-automake-output
python3-webcolors: use python3-unittest-automake-output
python3-jsonpointer: rewrite testing
scripts: add buildstats-summary
quilt: fix non-deterministic ownership in ptest package
scripts/lib/buildstats: handle top-level build_stats not being complete
go: fix CVE-2023-2453
libunwind: fix compile failures on 32-bit arm with Clang 16
tzdata: upgrade to 2023c
Siddharth Doshi (2):
OpenSSL: Security fix for CVE-2023-0464
openssh: upgrade 9.2p1 -> 9.3p1
Sudip Mukherjee (3):
libgit2: update license information
libgit2: upgrade to v1.6.3
cracklib: upgrade to v2.9.10
Sundeep KOKKONDA (1):
rust: added missing runtime dependencies to run rust on target
Thomas Roos (1):
qemuboot-x86.inc: allow overwrite of QB_CPU
Tim Orling (4):
cracklib: update github branch to 'main'
python3-wheel: upgrade 0.38.4 -> 0.40.0
bitbake: toaster: update gen_fixtures.py for mickledore
bitbake: toaster: update fixtures for mickledore
Tom Hochstein (2):
meson: Fix wrapper handling of implicit setup command
oeqa/sdk: Improve Meson test
Trevor Woerner (3):
cups: use BUILDROOT instead of DESTDIR
cups: check PACKAGECONFIG for pam feature
cups: add/fix web interface packaging
Ulrich Ölmann (1):
base: fix typos
Wang Mingyu (24):
autoconf-archive: upgrade 2022.09.03 -> 2023.02.20
font-util: upgrade 1.3.3 -> 1.4.0
harfbuzz: upgrade 7.0.1 -> 7.1.0
iso-codes: upgrade 4.12.0 -> 4.13.0
libmicrohttpd: upgrade 0.9.75 -> 0.9.76
meson: upgrade 1.0.0 -> 1.0.1
glib-2.0: upgrade 2.74.5 -> 2.74.6
python3-cryptography(-vectors): upgrade 39.0.1 -> 39.0.2
python3-setuptools: upgrade 67.3.3 -> 67.4.0
python3-git: upgrade 3.1.30 -> 3.1.31
repo: upgrade 2.31 -> 2.32
strace: upgrade 6.1 -> 6.2
stress-ng: upgrade 0.15.03 -> 0.15.04
lua: Fix install conflict when enable multilib.
vala: Fix install conflict when enable multilib.
dhcpcd: Fix install conflict when enable multilib.
grep: upgrade 3.8 -> 3.9
python3-setuptools: upgrade 67.4.0 -> 67.6.0
python3-poetry-core: upgrade 1.5.1 -> 1.5.2
python3-pytest: upgrade 7.2.1 -> 7.2.2
python3-scons: upgrade 4.4.0 -> 4.5.1
python3-testtools: upgrade 2.5.0 -> 2.6.0
python3-urllib3: upgrade 1.26.14 -> 1.26.15
xcb-proto: Fix install conflict when enable multilib.
Xiangyu Chen (3):
sudo: update 1.9.12p2 -> 1.9.13p3
rng-tools: splitting the rng-tools systemd/sysvinit serivce as a package
package: moving field data process before variable process in process_pkgconfig
Yash Shinde (1):
binutils: Fix CVE-2023-25586
Yoann Congal (1):
ref-manual: Add info on "mixin" layers
Yureka Lilian (1):
systemd: rebase musl patches
Zang Ruochen (1):
maintainers.inc: Modify email address
Zoltan Boszormenyi (2):
piglit: Fix build time dependency
pypi.bbclass: Set SRC_URI downloadfilename with an optional prefix
meta-openembedded: a9b2d1303b..17243e70c8:
AYP (1):
packagegroup-meta-networking: remove ntpdate
Andreas Helbech Kleist (1):
cli11: enable native/nativesdk builds
Archana Polampalli (1):
Nodejs: add missing run_ptest script
Bartosz Golaszewski (3):
libgpiod: update to v2.0
python3-gpiod: update to v2.0
reboot-mode: new package
Changqing Li (5):
rabbitmq-c: upgrade 0.11.0 -> 0.13.0
sg3-utils: upgrade 1.45 -> 1.47
liblockfile: upgrade 1.14 -> 1.17
syslog-ng: upgrade 3.38.1 -> 4.0.1
redis: upgrade 7.0.9 -> 7.0.10
Chen Pei (1):
meta-perl-base:fix SUMMARY
Christophe Vu-Brugier (2):
exfatprogs: add new recipe
exfat-utils: remove recipe
Clément Péron (1):
python3-click-repl: add mising prompt-toolkit runtime dependency
Etienne Cordonnier (8):
android-tools 10: import version from meta-clang
android-tools 10: remove dead code
android-tools 10: move adbd to its own package
android-tools 10: Add flag to enable adbd service
android-tools 10: various fixes
android-tools 10: port some patches from version 5
android-tools: fix TMPDIR
android-tools: update to 29.0.6.r14
Fabio Estevam (2):
iperf3: Update to 3.13
ettercap: Update Upstream-Status
Frederic Martinsons (2):
uutils-coreutils: Add crates checksum and use cargo-update-recipes-crates
python3-pyruvate: Add crates checksum and use cargo-update-recipes-crates
Jan Feemers (1):
nodejs: package-split between nodejs and nodejs-npm
Joe Slater (3):
libidn: update to 1.41
re2: move to version 2023-03-01
libreport: update to version 2.17.8
Justin Bronder (1):
tk: inherit pkgconfig
Khem Raj (41):
gnome-commander: Upgrade to 1.16.0 release
python3-lru-dict: Fix function pointer mismatch
hdf5: Upgrade to 1.14.0
python3-h5py: Upgrade to 3.8.0
pkcs11-helper: Update to latest tip of trunk
glm: Update to tip of trunk
libsdl2-ttf: Upgrade to 2.20.2
libsdl-image: Fix build with clang16
gphoto2: Fix build with clang16 + musl
pmdk: Upgrade to 1.12.1
pndk: Add missing dependency on native cmake
libx86-1: Fix build with clang16
mongodb: Upgrade to 4.4.19
glog: Disable 64bit atomics on rv32
mongodb: Fix type mitmatch found with clang16
gegl: Remove openmp dep for rv32 and ppc32
gnome-desktop: Make seccomp dependency optional for rv32
nodejs: Upgrade to 18.14.2
libx86-1: Fix build on 32bit x86
vlc: Upgrade to 3.0.18
redis: Upgrade 6.x recipe to 6.2.11
redis: Upgrade 7.x to 7.0.9
packagegroup-meta-multimedia: mycroft needs pulseaudio
pahole: Upgrade to tip of trunk
sg3-utils: Fix build with musl
gsoap: Upgrade to 2.8.126
waylandpp: Just enforce opengl for target recipe
freeglut: Drop -fcommon and add -Wno-implicit-function-declaration
nodejs: Depend on file-native
lirc: Fix build with usrmerge feature building on ubuntu hosts
rp-pppoe: Define _GNU_SOURCE
libssh: Fix build with clang16
packagegroup-meta-multimedia: Remove library only packages from rdeps
packagegroup-meta-oe: Remove mongodb from rdep list of packagegroup
packagegroup-meta-networking: Set PACKAGE_ARCH = "${MACHINE_ARCH}"
cmocka: Check for previous declaration of uintptr_t
ettercap: Fix build with libcurl >= 8
fluentbit: Disable upstart scripts
xfstests: Fix build with musl
nautilus: Fix build with clang and drop unused patch
gimp: Update to 2.10.34
Lei Maohui (2):
libiodbc: Install *.h files to /usr/include/iodbc to fix conflicts error with unixodbc reference to ubuntu:
pgpool2: Added a new recipe.
Manoj Saun (1):
postgresql: fix ptest failure of sysviews test
Markus Volk (13):
dav1d: add recipe
libavif: add recipe
xdg-dbus-proxy: add recipe
libnice: upgrade 0.1.18 -> 0.1.21
pipewire: update 0.3.66 -> 0.3.67
nv-codec-headers: update 11.1.5.2 -> 12.0.16.0
wireplumber: update 0.4.13 -> 0.4.14
libcamera: update 0.0.1 -> 0.0.4
xdg-desktop-portal: fix bwrap path
gvfs: add more PACKAGECONFIGS
evolution-data-server: update 3.46.3 -> 3.48.0
gtksourceview5: update 5.6.1 -> 5.7.1
libgtop: update 2.40.0 -> 2.41.1
Mingli Yu (4):
php: Upgrade to 8.1.16
opencv: Upgrade to 4.7.0
crash: Upgrade to 8.0.2
mcelog: Upgrade to v191
Peter Johennecken (1):
fluentbit: change of download name
Peter Marko (1):
dnsmasq: fix CVE-2023-28450
Petr Gotthard (4):
openvpn: upgrade 2.6.0 -> 2.6.1
libqmi: upgrade 1.32.2 -> 1.32.4
libmbim: upgrade 1.28.2 -> 1.28.4
modemmanager: upgrade 1.20.4 -> 1.20.6
Randy MacLeod (4):
rsyslog: update from 8.2212.0 to 8.2302.0
rsyslog: add disabled PACKAGECONFIG to drop capabilities
librelp: make inline errors be warnings in debug build
cmocka: update from 1.1.5+ to 1.1.7
Sakib Sajal (1):
libuser: upgrade v0.63 -> v0.64
Stefan Ghinea (1):
redis: fix service redis-server restart not working under sysvinit
Trevor Woerner (3):
cups-filters: remove duplicate configure option
cups-filters: fix ghostscript handling
hplip: add runtime dependency on ghostscript
Wang Mingyu (136):
logcheck: upgrade 1.4.0 -> 1.4.2
byacc: upgrade 20230201 -> 20230219
bubblewrap: upgrade 0.7.0 -> 0.8.0
bats: upgrade 1.8.2 -> 1.9.0
cryptsetup: upgrade 2.6.0 -> 2.6.1
c-ares: upgrade 1.18.1 -> 1.19.0
cukinia: upgrade 0.6.0 -> 0.6.1
python3-coverage: upgrade 7.2.0 -> 7.2.1
python3-decouple: upgrade 3.7 -> 3.8
python3-aiohue: upgrade 4.6.1 -> 4.6.2
python3-fastnumbers: upgrade 4.0.1 -> 5.0.1
python3-haversine: upgrade 2.7.0 -> 2.8.0
python3-google-auth: upgrade 2.16.1 -> 2.16.2
python3-google-api-python-client: upgrade 2.79.0 -> 2.80.0
python3-imageio: upgrade 2.25.1 -> 2.26.0
python3-ipython: upgrade 8.10.0 -> 8.11.0
python3-nocasedict: upgrade 1.1.0 -> 2.0.0
python3-natsort: upgrade 8.2.0 -> 8.3.1
python3-nocaselist: Upgrade 1.1.0 -> 1.1.1
python3-protobuf: upgrade 4.21.12 -> 4.22.0
python3-pydicti: upgrade 1.2.0 -> 1.2.1
python3-watchdog: upgrade 2.3.0-> 2.3.1
python3-pymisp: upgrade 2.4.168 -> 2.4.168.1
python3-wrapt: upgrade 1.14.1 -> 1.15.0
apache2: upgrade 2.4.55 -> 2.4.56
logwatch: upgrade 7.7 -> 7.8
libvpx: upgrade 1.12.0 -> 1.13.0
libjcat: upgrade 0.1.12 -> 0.1.13
librsync: upgrade 2.3.2 -> 2.3.4
lcms: upgrade 2.14 -> 2.15
gsoap: upgrade 2.0.106 -> 2.0.124
hwdata: upgrade 0.367 -> 0.368
ctags: upgrade 6.0.20230212.0 -> 6.0.20230305.0
freerdp: upgrade 2.9.0 -> 2.10.0
python3-mpmath: upgrade 1.2.1 -> 1.3.0
python3-alembic: upgrade 1.9.4 -> 1.10.2
python3-astroid: upgrade 2.14.2 -> 2.15.0
python3-charset-normalizer: upgrade 3.0.1 -> 3.1.0
python3-argcomplete upgrade 2.0.0 -> 2.1.1
python3-fastjsonschema: upgrade 2.16.2 -> 2.16.3
python3-protobuf: upgrade 4.22.0 -> 4.22.1
python3-xmlschema: upgrade 2.2.1 -> 2.2.2
python3-tqdm: upgrade 4.64.1 -> 4.65.0
python3-pyexpect: upgrade 1.0.21 -> 1.0.22
python3-pywbem: upgrade 1.6.0 -> 1.6.1
stunnel: upgrade 5.67 -> 5.69
rp-pppoe: upgrade 3.14 -> 3.15
nbdkit: upgrade 1.33.7 -> 1.33.10
php: update 8.1.16 -> 8.2.3
tcsh: upgrade 6.22.04 -> 6.24.07
monit: upgrade 5.32.0 -> 5.33.0
poppler: upgrade 23.02.0 -> 23.03.0
satyr: upgrade 0.40 -> 0.42
nginx: upgrade 1.20.1 -> 1.23.3
raptor2: upgrade 2.0.15 -> 2.0.16
spawn-fcgi: upgrade 1.6.4 -> 1.6.5
unixodbc: Fix install conflict when enable multilib.
xdebug: upgrade 3.1.1 -> 3.2.0
postgresql: Fix install conflict when enable multilib.
networkmanager: upgrade 1.42.0 -> 1.42.4
rdma-core: upgrade 44.0 -> 45.0
python3-gcovr: upgrade 5.2 -> 6.0
makeself: upgrade 2.4.5 -> 2.5.0
ctags: upgrade 6.0.20230305.0 -> 6.0.20230312.0
python3-gmqtt: upgrade 0.6.11 -> 0.6.12
python3-google-api-python-client: upgrade 2.80.0 -> 2.81.0
python3-msgpack: upgrade 1.0.4 -> 1.0.5
python3-portion: upgrade 2.3.1 -> 2.4.0
python3-paramiko: upgrade 3.0.0 -> 3.1.0
python3-openpyxl: upgrade 3.1.1 -> 3.1.2
python3-pymisp: upgrade 2.4.168.1 -> 2.4.169
python3-pydantic: upgrade 1.10.5 -> 1.10.6
python3-pytest-xdist: upgrade 3.2.0 -> 3.2.1
python3-pymodbus: upgrade 3.1.3 -> 3.2.0
python3-smpplib: upgrade 2.2.1 -> 2.2.2
python3-twitter: upgrade 4.12.1 -> 4.13.0
python3-unidiff: upgrade 0.7.4 -> 0.7.5
python3-xlsxwriter: upgrade 3.0.8 -> 3.0.9
python3-pykickstart: upgrade 3.44 -> 3.45
python3-web3: upgrade 5.31.3 -> 5.31.4
python3-pymodbus: upgrade 3.2.0 -> 3.2.1
python3-geojson: upgrade 2.5.0 -> 3.0.1
python3-sentry-sdk: upgrade 1.15.0 -> 1.17.0
python3-apt: upgrade 2.5.2 -> 2.5.3
python3-argcomplete: upgrade 2.1.1 -> 3.0.0
python3-cmake: upgrade 3.25.2 -> 3.26.0
python3-coverage: upgrade 7.2.1 -> 7.2.2
python3-eth-typing: upgrade 3.2.0 -> 3.3.0
python3-daemon: upgrade 2.3.2 -> 3.0.1
python3-engineio: upgrade 4.3.4 -> 4.4.0
python3-flask-socketio: upgrade 5.3.2 -> 5.3.3
python3-pykickstart: upgrade 3.45 -> 3.47
python3-pymisp: upgrade 2.4.169 -> 2.4.169.2
python3-simplejson: upgrade 3.18.3 -> 3.18.4
python3-rapidjson: upgrade 1.9 -> 1.10
python3-socketio: upgrade 5.7.2 -> 5.8.0
python3-sqlalchemy: upgrade 2.0.4 -> 2.0.7
python3-tzlocal: upgrade 4.2 -> 4.3
python3-typeguard: upgrade 2.13.3 -> 3.0.1
python3-web3: upgrade 5.31.4 -> 6.0.0
python3-zeroconf: upgrade 0.47.3 -> 0.47.4
tracker: upgrade 3.4.2 -> 3.5.0
xterm: upgrade 378 -> 379
python3-zopeinterface: upgrade 5.5.2 -> 6.0
xf86-video-amdgpu: upgrade 22.0.0 -> 23.0.0
libclass-method-modifiers-perl: upgrade 2.13 -> 2.15
libcompress-raw-bzip2-perl: upgrade 2.201 -> 2.204
libcompress-raw-lzma-perl: upgrade 2.201 -> 2.204
libcompress-raw-zlib-perl: upgrade 2.202 -> 2.204
libio-compress-lzma-perl: upgrade 2.201 -> 2.204
libio-compress-perl: upgrade 2.201 -> 2.204
libtest-deep-perl: upgrade 1.130 -> 1.204
opencl-headers: upgrade 2022.09.30 -> 2023.02.06
php: upgrade 8.2.3 -> 8.2.4
googletest: upgrade 1.12.1 -> 1.13.0
consolation: upgrade 0.0.8 -> 0.0.9
can-utils: upgrade 2021.08.0 -> 2023.03
nbdkit: upgrade 1.33.10 -> 1.33.11
adcli: upgrade 0.9.0 -> 0.9.2
gnome-chess: upgrade 43.1 -> 43.2
xfstests: upgrade 2023.01.01 -> 2023.03.05
gnome-backgrounds: upgrade 43 -> 44.0
libwacom: upgrade 2.5.0 -> 2.6.0
libass: upgrade 0.17.0 -> 0.17.1
libnet-dns-perl: upgrade 1.36 -> 1.37
libadwaita: upgrade 1.2.1 -> 1.3.1
libcgi-perl: upgrade 4.55 -> 4.56
libpeas: upgrade 1.34.0 -> 1.36.0
gvfs: upgrade 1.50.3 -> 1.50.4
gnome-system-monitor: upgrade 42.0 -> 44.0
nautilus: upgrade 43.2 -> 44.0
babl: upgrade 0.1.98 -> 0.1.102
ctags: upgrade 6.0.20230312.0 -> 6.0.20230319.0
folks: upgrade 0.15.5 -> 0.15.6
gegl: upgrade 0.4.40 -> 0.4.42
gnome-autoar: upgrade 0.4.3 -> 0.4.4
Xiangyu Chen (2):
libbpf: upgrade 0.8.0 -> 1.1.0
abseil-cpp: upgrade 20221014.0 -> 20230125.1
Yi Zhao (25):
audit: upgrade 3.0.9 -> 3.1
audit: drop version 2.8.5
frr: add UPSTREAM_CHECK_GITTAGREGEX
quagga: drop recipe
libssh: upgrade 0.8.9 -> 0.10.4
strongswan: 5.9.9 -> 5.9.10
libnfnetlink: upgrade 1.0.1 -> 1.0.2
libnetfilter-cthelper: upgrade 1.0.0 -> 1.0.1
libnetfilter-cttimeout: upgrade 1.0.0 -> 1.0.1
traceroute: upgrade 2.1.1 -> 2.1.2
freeradius: add UPSTREAM_CHECK_GITTAGREGEX
libyang: fix ptest
libyang: upgrade 2.0.194 -> 2.1.30
frr: support more arches
netplan: add missing runtime dependencies
python3-rich: add recipe
packagegroup-meta-networking: add frr
packagegroup-meta-oe: enable build libyang on riscv32/64
libnftnl: upgrade 1.2.4 -> 1.2.5
libldb: upgrade 2.6.1 -> 2.7.1
samba: upgrade 4.17.5 -> 4.18.0
libssh: add ptest
mbedtls: add ptest
libyang: upgrade 2.1.30 -> 2.1.55
tcpreplay: 4.4.2 -> 4.4.3
Yoann Congal (4):
libusb-compat: Revert "libusb-compat: move libraries to base_libdir"
libusb-compat: upgrade sources to fix -native build
libusb-compat: add simple ptest (example programs)
libusb-compat: RDEPENDS on libusb1
Yue Tao (1):
Introduce python3-trustme to fix ptest error of python3-requests-toolbelt
Zhixiong Chi (2):
ntp: drop the deprecated ntpdate
python3-betamax: fix ptest failture of fixture and record modes
Zoltán Böszörményi (13):
opencl-icd-loader: Add RPROVIDES:${PN} = "virtual/opencl-icd"
ocl-icd: Add PROVIDES and RPROVIDES for virtual/opencl-icd
meta-oe/conf/layer.conf: Add PREFERRED_[R]PROVIDER_virtual/opencl-icd
python3-ninja: New recipe
python3-cmake: New recipe
python3-scikit-build: New recipe
python3-pyproject-metadata: New recipe
opencv: Support OpenVINO
python3-executing: New recipe
python3-pure-eval: New recipe
python3-stack-data: New recipe
python3-ipython: Add missing dependency
opencv: Fix PACKAGECONFIG[openvino]
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Idbfcd5f4c03ed5bd9c72558714edbe0200495aad
diff --git a/poky/meta/recipes-devtools/go/go-1.20.1.inc b/poky/meta/recipes-devtools/go/go-1.20.1.inc
index aa3e2da..b1f5692 100644
--- a/poky/meta/recipes-devtools/go/go-1.20.1.inc
+++ b/poky/meta/recipes-devtools/go/go-1.20.1.inc
@@ -14,5 +14,7 @@
file://0007-exec.go-do-not-write-linker-flags-into-buildids.patch \
file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
+ file://0010-cmd-compile-re-compile-instantiated-generic-methods-.patch \
+ file://CVE-2023-24532.patch \
"
SRC_URI[main.sha256sum] = "b5c1a3af52c385a6d1c76aed5361cf26459023980d0320de7658bae3915831a2"
diff --git a/poky/meta/recipes-devtools/go/go-binary-native_1.20.1.bb b/poky/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
index 3eb80fd..2393345 100644
--- a/poky/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
+++ b/poky/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
@@ -16,6 +16,8 @@
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
+CVE_PRODUCT = "go"
+
S = "${WORKDIR}/go"
inherit goarch native
diff --git a/poky/meta/recipes-devtools/go/go-common.inc b/poky/meta/recipes-devtools/go/go-common.inc
index 83f8db7..96e32ee 100644
--- a/poky/meta/recipes-devtools/go/go-common.inc
+++ b/poky/meta/recipes-devtools/go/go-common.inc
@@ -19,6 +19,9 @@
B = "${S}"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
+# all recipe variants are created from the same product
+CVE_PRODUCT = "go"
+
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
SSTATE_SCAN_CMD = "true"
diff --git a/poky/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch b/poky/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch
new file mode 100644
index 0000000..f9ac202
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch
@@ -0,0 +1,90 @@
+From 7a3bb16b43efba73674629eae4369f9004e37f22 Mon Sep 17 00:00:00 2001
+From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
+Date: Sat, 18 Mar 2023 00:53:07 +0700
+Subject: [PATCH] cmd/compile: re-compile instantiated generic methods in
+ linkshared mode
+
+For G[T] that was seen and compiled in imported package, it is not added
+to typecheck.Target.Decls, prevent wasting compile time re-creating
+DUPOKS symbols. However, the linker do not support a type symbol
+referencing a method symbol across DSO boundary. That causes unreachable
+sym error when building under -linkshared mode.
+
+To fix it, always re-compile generic methods in linkshared mode.
+
+Fixes #58966
+
+Change-Id: I894b417cfe8234ae1fe809cc975889345df22cef
+Reviewed-on: https://go-review.googlesource.com/c/go/+/477375
+Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
+Reviewed-by: Cherry Mui <cherryyz@google.com>
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/bcd82125f85c7c552493e863fa1bb14e6c444557]
+
+Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
+---
+ misc/cgo/testshared/shared_test.go | 7 ++++++-
+ misc/cgo/testshared/testdata/issue58966/main.go | 15 +++++++++++++++
+ src/cmd/compile/internal/noder/unified.go | 6 +++++-
+ 3 files changed, 26 insertions(+), 2 deletions(-)
+ create mode 100644 misc/cgo/testshared/testdata/issue58966/main.go
+
+diff --git a/misc/cgo/testshared/shared_test.go b/misc/cgo/testshared/shared_test.go
+index b14fb1cb3a..03da8f9435 100644
+--- a/misc/cgo/testshared/shared_test.go
++++ b/misc/cgo/testshared/shared_test.go
+@@ -1112,8 +1112,13 @@ func TestStd(t *testing.T) {
+ t.Skip("skip in short mode")
+ }
+ t.Parallel()
++ tmpDir := t.TempDir()
+ // Use a temporary pkgdir to not interfere with other tests, and not write to GOROOT.
+ // Cannot use goCmd as it runs with cloned GOROOT which is incomplete.
+ runWithEnv(t, "building std", []string{"GOROOT=" + oldGOROOT},
+- filepath.Join(oldGOROOT, "bin", "go"), "install", "-buildmode=shared", "-pkgdir="+t.TempDir(), "std")
++ filepath.Join(oldGOROOT, "bin", "go"), "install", "-buildmode=shared", "-pkgdir="+tmpDir, "std")
++
++ // Issue #58966.
++ runWithEnv(t, "testing issue #58966", []string{"GOROOT=" + oldGOROOT},
++ filepath.Join(oldGOROOT, "bin", "go"), "run", "-linkshared", "-pkgdir="+tmpDir, "./issue58966/main.go")
+ }
+diff --git a/misc/cgo/testshared/testdata/issue58966/main.go b/misc/cgo/testshared/testdata/issue58966/main.go
+new file mode 100644
+index 0000000000..2d923c3607
+--- /dev/null
++++ b/misc/cgo/testshared/testdata/issue58966/main.go
+@@ -0,0 +1,15 @@
++// Copyright 2023 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package main
++
++import "crypto/elliptic"
++
++var curve elliptic.Curve
++
++func main() {
++ switch curve {
++ case elliptic.P224():
++ }
++}
+diff --git a/src/cmd/compile/internal/noder/unified.go b/src/cmd/compile/internal/noder/unified.go
+index ed97a09302..25136e6aad 100644
+--- a/src/cmd/compile/internal/noder/unified.go
++++ b/src/cmd/compile/internal/noder/unified.go
+@@ -158,7 +158,11 @@ func readBodies(target *ir.Package, duringInlining bool) {
+ // Instantiated generic function: add to Decls for typechecking
+ // and compilation.
+ if fn.OClosure == nil && len(pri.dict.targs) != 0 {
+- if duringInlining {
++ // cmd/link does not support a type symbol referencing a method symbol
++ // across DSO boundary, so force re-compiling methods on a generic type
++ // even it was seen from imported package in linkshared mode, see #58966.
++ canSkipNonGenericMethod := !(base.Ctxt.Flag_linkshared && ir.IsMethod(fn))
++ if duringInlining && canSkipNonGenericMethod {
+ inlDecls = append(inlDecls, fn)
+ } else {
+ target.Decls = append(target.Decls, fn)
diff --git a/poky/meta/recipes-devtools/go/go/CVE-2023-24532.patch b/poky/meta/recipes-devtools/go/go/CVE-2023-24532.patch
new file mode 100644
index 0000000..22f080d
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go/CVE-2023-24532.patch
@@ -0,0 +1,208 @@
+From 602eeaab387f24a4b28c5eccbb50fa934f3bc3c4 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Mon, 13 Feb 2023 15:16:27 +0100
+Subject: [PATCH] [release-branch.go1.20] crypto/internal/nistec: reduce P-256
+ scalar
+
+Unlike the rest of nistec, the P-256 assembly doesn't use complete
+addition formulas, meaning that p256PointAdd[Affine]Asm won't return the
+correct value if the two inputs are equal.
+
+This was (undocumentedly) ignored in the scalar multiplication loops
+because as long as the input point is not the identity and the scalar is
+lower than the order of the group, the addition inputs can't be the same.
+
+As part of the math/big rewrite, we went however from always reducing
+the scalar to only checking its length, under the incorrect assumption
+that the scalar multiplication loop didn't require reduction.
+
+Added a reduction, and while at it added it in P256OrdInverse, too, to
+enforce a universal reduction invariant on p256OrdElement values.
+
+Note that if the input point is the infinity, the code currently still
+relies on undefined behavior, but that's easily tested to behave
+acceptably, and will be addressed in a future CL.
+
+Updates #58647
+Fixes #58720
+Fixes CVE-2023-24532
+
+(Filed with the "safe APIs like complete addition formulas are good" dept.)
+
+Change-Id: I7b2c75238440e6852be2710fad66ff1fdc4e2b24
+Reviewed-on: https://go-review.googlesource.com/c/go/+/471255
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+Auto-Submit: Filippo Valsorda <filippo@golang.org>
+Reviewed-by: Damien Neil <dneil@google.com>
+(cherry picked from commit 203e59ad41bd288e1d92b6f617c2f55e70d3c8e3)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/471695
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Filippo Valsorda <filippo@golang.org>
+Run-TryBot: Roland Shoemaker <roland@golang.org>
+
+CVE: CVE-2023-24532
+Upstream-Status: Backport [602eeaab387f24a4b28c5eccbb50fa934f3bc3c4]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+---
+ src/crypto/internal/nistec/nistec_test.go | 81 +++++++++++++++++++++++
+ src/crypto/internal/nistec/p256_asm.go | 17 +++++
+ src/crypto/internal/nistec/p256_ordinv.go | 1 +
+ 3 files changed, 99 insertions(+)
+
+diff --git a/src/crypto/internal/nistec/nistec_test.go b/src/crypto/internal/nistec/nistec_test.go
+index 309f68be16a9f..9103608c18a0f 100644
+--- a/src/crypto/internal/nistec/nistec_test.go
++++ b/src/crypto/internal/nistec/nistec_test.go
+@@ -8,6 +8,7 @@ import (
+ "bytes"
+ "crypto/elliptic"
+ "crypto/internal/nistec"
++ "fmt"
+ "internal/testenv"
+ "math/big"
+ "math/rand"
+@@ -165,6 +166,86 @@ func testEquivalents[P nistPoint[P]](t *testing.T, newPoint func() P, c elliptic
+ }
+ }
+
++func TestScalarMult(t *testing.T) {
++ t.Run("P224", func(t *testing.T) {
++ testScalarMult(t, nistec.NewP224Point, elliptic.P224())
++ })
++ t.Run("P256", func(t *testing.T) {
++ testScalarMult(t, nistec.NewP256Point, elliptic.P256())
++ })
++ t.Run("P384", func(t *testing.T) {
++ testScalarMult(t, nistec.NewP384Point, elliptic.P384())
++ })
++ t.Run("P521", func(t *testing.T) {
++ testScalarMult(t, nistec.NewP521Point, elliptic.P521())
++ })
++}
++
++func testScalarMult[P nistPoint[P]](t *testing.T, newPoint func() P, c elliptic.Curve) {
++ G := newPoint().SetGenerator()
++ checkScalar := func(t *testing.T, scalar []byte) {
++ p1, err := newPoint().ScalarBaseMult(scalar)
++ fatalIfErr(t, err)
++ p2, err := newPoint().ScalarMult(G, scalar)
++ fatalIfErr(t, err)
++ if !bytes.Equal(p1.Bytes(), p2.Bytes()) {
++ t.Error("[k]G != ScalarBaseMult(k)")
++ }
++
++ d := new(big.Int).SetBytes(scalar)
++ d.Sub(c.Params().N, d)
++ d.Mod(d, c.Params().N)
++ g1, err := newPoint().ScalarBaseMult(d.FillBytes(make([]byte, len(scalar))))
++ fatalIfErr(t, err)
++ g1.Add(g1, p1)
++ if !bytes.Equal(g1.Bytes(), newPoint().Bytes()) {
++ t.Error("[N - k]G + [k]G != ∞")
++ }
++ }
++
++ byteLen := len(c.Params().N.Bytes())
++ bitLen := c.Params().N.BitLen()
++ t.Run("0", func(t *testing.T) { checkScalar(t, make([]byte, byteLen)) })
++ t.Run("1", func(t *testing.T) {
++ checkScalar(t, big.NewInt(1).FillBytes(make([]byte, byteLen)))
++ })
++ t.Run("N-1", func(t *testing.T) {
++ checkScalar(t, new(big.Int).Sub(c.Params().N, big.NewInt(1)).Bytes())
++ })
++ t.Run("N", func(t *testing.T) { checkScalar(t, c.Params().N.Bytes()) })
++ t.Run("N+1", func(t *testing.T) {
++ checkScalar(t, new(big.Int).Add(c.Params().N, big.NewInt(1)).Bytes())
++ })
++ t.Run("all1s", func(t *testing.T) {
++ s := new(big.Int).Lsh(big.NewInt(1), uint(bitLen))
++ s.Sub(s, big.NewInt(1))
++ checkScalar(t, s.Bytes())
++ })
++ if testing.Short() {
++ return
++ }
++ for i := 0; i < bitLen; i++ {
++ t.Run(fmt.Sprintf("1<<%d", i), func(t *testing.T) {
++ s := new(big.Int).Lsh(big.NewInt(1), uint(i))
++ checkScalar(t, s.FillBytes(make([]byte, byteLen)))
++ })
++ }
++ // Test N+1...N+32 since they risk overlapping with precomputed table values
++ // in the final additions.
++ for i := int64(2); i <= 32; i++ {
++ t.Run(fmt.Sprintf("N+%d", i), func(t *testing.T) {
++ checkScalar(t, new(big.Int).Add(c.Params().N, big.NewInt(i)).Bytes())
++ })
++ }
++}
++
++func fatalIfErr(t *testing.T, err error) {
++ t.Helper()
++ if err != nil {
++ t.Fatal(err)
++ }
++}
++
+ func BenchmarkScalarMult(b *testing.B) {
+ b.Run("P224", func(b *testing.B) {
+ benchmarkScalarMult(b, nistec.NewP224Point().SetGenerator(), 28)
+diff --git a/src/crypto/internal/nistec/p256_asm.go b/src/crypto/internal/nistec/p256_asm.go
+index 6ea161eb49953..99a22b833f028 100644
+--- a/src/crypto/internal/nistec/p256_asm.go
++++ b/src/crypto/internal/nistec/p256_asm.go
+@@ -364,6 +364,21 @@ func p256PointDoubleAsm(res, in *P256Point)
+ // Montgomery domain (with R 2²⁵⁶) as four uint64 limbs in little-endian order.
+ type p256OrdElement [4]uint64
+
++// p256OrdReduce ensures s is in the range [0, ord(G)-1].
++func p256OrdReduce(s *p256OrdElement) {
++ // Since 2 * ord(G) > 2²⁵⁶, we can just conditionally subtract ord(G),
++ // keeping the result if it doesn't underflow.
++ t0, b := bits.Sub64(s[0], 0xf3b9cac2fc632551, 0)
++ t1, b := bits.Sub64(s[1], 0xbce6faada7179e84, b)
++ t2, b := bits.Sub64(s[2], 0xffffffffffffffff, b)
++ t3, b := bits.Sub64(s[3], 0xffffffff00000000, b)
++ tMask := b - 1 // zero if subtraction underflowed
++ s[0] ^= (t0 ^ s[0]) & tMask
++ s[1] ^= (t1 ^ s[1]) & tMask
++ s[2] ^= (t2 ^ s[2]) & tMask
++ s[3] ^= (t3 ^ s[3]) & tMask
++}
++
+ // Add sets q = p1 + p2, and returns q. The points may overlap.
+ func (q *P256Point) Add(r1, r2 *P256Point) *P256Point {
+ var sum, double P256Point
+@@ -393,6 +408,7 @@ func (r *P256Point) ScalarBaseMult(scalar []byte) (*P256Point, error) {
+ }
+ scalarReversed := new(p256OrdElement)
+ p256OrdBigToLittle(scalarReversed, (*[32]byte)(scalar))
++ p256OrdReduce(scalarReversed)
+
+ r.p256BaseMult(scalarReversed)
+ return r, nil
+@@ -407,6 +423,7 @@ func (r *P256Point) ScalarMult(q *P256Point, scalar []byte) (*P256Point, error)
+ }
+ scalarReversed := new(p256OrdElement)
+ p256OrdBigToLittle(scalarReversed, (*[32]byte)(scalar))
++ p256OrdReduce(scalarReversed)
+
+ r.Set(q).p256ScalarMult(scalarReversed)
+ return r, nil
+diff --git a/src/crypto/internal/nistec/p256_ordinv.go b/src/crypto/internal/nistec/p256_ordinv.go
+index 86a7a230bdce8..1274fb7fd3f5c 100644
+--- a/src/crypto/internal/nistec/p256_ordinv.go
++++ b/src/crypto/internal/nistec/p256_ordinv.go
+@@ -25,6 +25,7 @@ func P256OrdInverse(k []byte) ([]byte, error) {
+
+ x := new(p256OrdElement)
+ p256OrdBigToLittle(x, (*[32]byte)(k))
++ p256OrdReduce(x)
+
+ // Inversion is implemented as exponentiation by n - 2, per Fermat's little theorem.
+ //