[OE-core][kirkstone][PATCH] qemu: Fix for CVE-2024-24474

[Vijay Anusuri via lists.openembedded.org]

From: Vijay Anusuri 

Upstream-Status: Backport
[https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52]

Signed-off-by: Vijay Anusuri 
---
 meta/recipes-devtools/qemu/qemu.inc   |  1 +
 .../qemu/qemu/CVE-2024-24474.patch| 44 +++
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-24474.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index c5fb9b1eab..18752af274 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -103,6 +103,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
   file://CVE-2021-3638.patch \
   file://CVE-2023-1544.patch \
   file://CVE-2023-5088.patch \
+  file://CVE-2024-24474.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-24474.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2024-24474.patch
new file mode 100644
index 00..e890fe56cf
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-24474.patch
@@ -0,0 +1,44 @@
+From 77668e4b9bca03a856c27ba899a2513ddf52bb52 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland 
+Date: Wed, 13 Sep 2023 21:44:09 +0100
+Subject: [PATCH] esp: restrict non-DMA transfer length to that of available
+ data
+
+In the case where a SCSI layer transfer is incorrectly terminated, it is
+possible for a TI command to cause a SCSI buffer overflow due to the
+expected transfer data length being less than the available data in the
+FIFO. When this occurs the unsigned async_len variable underflows and
+becomes a large offset which writes past the end of the allocated SCSI
+buffer.
+
+Restrict the non-DMA transfer length to be the smallest of the expected
+transfer length and the available FIFO data to ensure that it is no longer
+possible for the SCSI buffer overflow to occur.
+
+Signed-off-by: Mark Cave-Ayland 
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1810
+Reviewed-by: Thomas Huth 
+Message-ID: <20230913204410.65650-3-mark.cave-ayl...@ilande.co.uk>
+Signed-off-by: Paolo Bonzini 
+
+Upstream-Status: Backport 
[https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52]
+CVE: CVE-2024-24474
+Signed-off-by: Vijay Anusuri 
+---
+ hw/scsi/esp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
+index 4218a6a96054..9b11d8c5738a 100644
+--- a/hw/scsi/esp.c
 b/hw/scsi/esp.c
+@@ -759,7 +759,8 @@ static void esp_do_nodma(ESPState *s)
+ }
+ 
+ if (to_device) {
+-len = MIN(fifo8_num_used(>fifo), ESP_FIFO_SZ);
++len = MIN(s->async_len, ESP_FIFO_SZ);
++len = MIN(len, fifo8_num_used(>fifo));
+ esp_fifo_pop_buf(>fifo, s->async_buf, len);
+ s->async_buf += len;
+ s->async_len -= len;
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196182): 
https://lists.openembedded.org/g/openembedded-core/message/196182
Mute This Topic: https://lists.openembedded.org/mt/104578182/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell][PATCH] less: Fix for CVE-2022-48624

[Vijay Anusuri via lists.openembedded.org]

From: Vijay Anusuri 

Upstream-Status: Backport 
[https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144]

Signed-off-by: Vijay Anusuri 
---
 .../less/less/CVE-2022-48624.patch| 41 +++
 meta/recipes-extended/less/less_551.bb|  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-extended/less/less/CVE-2022-48624.patch

diff --git a/meta/recipes-extended/less/less/CVE-2022-48624.patch 
b/meta/recipes-extended/less/less/CVE-2022-48624.patch
new file mode 100644
index 00..409730bd4f
--- /dev/null
+++ b/meta/recipes-extended/less/less/CVE-2022-48624.patch
@@ -0,0 +1,41 @@
+From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman 
+Date: Sat, 25 Jun 2022 11:54:43 -0700
+Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
+
+Upstream-Status: Backport 
[https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144]
+CVE: CVE-2022-48624
+Signed-off-by: Vijay Anusuri 
+---
+ filename.c | 10 --
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/filename.c b/filename.c
+index 5824e385..dff20c08 100644
+--- a/filename.c
 b/filename.c
+@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
+ {
+ #if HAVE_POPEN
+   char *lessclose;
++  char *qfilename;
++  char *qaltfilename;
+   FILE *fd;
+   char *cmd;
+   int len;
+@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
+   error("LESSCLOSE ignored; must contain no more than 2 %%s", 
NULL_PARG);
+   return;
+   }
+-  len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) 
+ 2);
++  qfilename = shell_quote(filename);
++  qaltfilename = shell_quote(altfilename);
++  len = (int) (strlen(lessclose) + strlen(qfilename) + 
strlen(qaltfilename) + 2);
+   cmd = (char *) ecalloc(len, sizeof(char));
+-  SNPRINTF2(cmd, len, lessclose, filename, altfilename);
++  SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
++  free(qaltfilename);
++  free(qfilename);
+   fd = shellcmd(cmd);
+   free(cmd);
+   if (fd != NULL)
diff --git a/meta/recipes-extended/less/less_551.bb 
b/meta/recipes-extended/less/less_551.bb
index a818c68fc7..401f40bed5 100644
--- a/meta/recipes-extended/less/less_551.bb
+++ b/meta/recipes-extended/less/less_551.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
 DEPENDS = "ncurses"
 
 SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
+   file://CVE-2022-48624.patch \
  "
 
 SRC_URI[md5sum] = "4ad4408b06d7a6626a055cb453f36819"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196181): 
https://lists.openembedded.org/g/openembedded-core/message/196181
Mute This Topic: https://lists.openembedded.org/mt/104578130/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] glibc: Fix conflict error when enbale multilib on aarch64.

[Khem Raj]

lgtm.

On Sun, Feb 25, 2024 at 9:32 PM leimaohui via lists.openembedded.org
 wrote:
>
> From: Lei Maohui 
>
> Error: Transaction test error:
>   file /usr/include/finclude/math-vector-fortran.h from install of 
> lib32-libc6-dev-2.39+git0+312e159626-r0.armv7ahf_neon conflicts with file 
> from package libc6-dev-2.39+git0+312e159626-r0.aarch64
>
> The difference of math-vector-fortran.h between 32bit and 64bit is as
> the following:
>
> --- 
> tmp/work/aarch64-linux/glibc/2.39+git/image/usr/include/finclude/math-vector-fortran.h
> 2024-02-26 03:41:59.56000 +
> +++ 
> tmp/work/armv7ahf-neon-xmllib32-linux-gnueabi/lib32-glibc/2.39+git/image/usr/include/finclude/math-vector-fortran.h
>  2024-02-26 02:22:28.59200 +
> @@ -15,33 +15,5 @@
>  !   You should have received a copy of the GNU Lesser General Public
>  !   License along with the GNU C Library; if not, see
>  !   .
> -!GCC$ builtin (acos) attributes simd (notinbranch)
> -!GCC$ builtin (acosf) attributes simd (notinbranch)
> -!GCC$ builtin (asin) attributes simd (notinbranch)
> -!GCC$ builtin (asinf) attributes simd (notinbranch)
> -!GCC$ builtin (atan) attributes simd (notinbranch)
> -!GCC$ builtin (atanf) attributes simd (notinbranch)
> -!GCC$ builtin (atan2) attributes simd (notinbranch)
> -!GCC$ builtin (atan2f) attributes simd (notinbranch)
> -!GCC$ builtin (cos) attributes simd (notinbranch)
> -!GCC$ builtin (cosf) attributes simd (notinbranch)
> -!GCC$ builtin (exp) attributes simd (notinbranch)
> -!GCC$ builtin (expf) attributes simd (notinbranch)
> -!GCC$ builtin (exp10) attributes simd (notinbranch)
> -!GCC$ builtin (exp10f) attributes simd (notinbranch)
> -!GCC$ builtin (exp2) attributes simd (notinbranch)
> -!GCC$ builtin (exp2f) attributes simd (notinbranch)
> -!GCC$ builtin (expm1) attributes simd (notinbranch)
> -!GCC$ builtin (expm1f) attributes simd (notinbranch)
> -!GCC$ builtin (log) attributes simd (notinbranch)
> -!GCC$ builtin (logf) attributes simd (notinbranch)
> -!GCC$ builtin (log10) attributes simd (notinbranch)
> -!GCC$ builtin (log10f) attributes simd (notinbranch)
> -!GCC$ builtin (log1p) attributes simd (notinbranch)
> -!GCC$ builtin (log1pf) attributes simd (notinbranch)
> -!GCC$ builtin (log2) attributes simd (notinbranch)
> -!GCC$ builtin (log2f) attributes simd (notinbranch)
> -!GCC$ builtin (sin) attributes simd (notinbranch)
> -!GCC$ builtin (sinf) attributes simd (notinbranch)
> -!GCC$ builtin (tan) attributes simd (notinbranch)
> -!GCC$ builtin (tanf) attributes simd (notinbranch)
> +
> +! No SIMD math functions are available for this platform.
>
> Signed-off-by: Lei Maohui 
> ---
>  meta/recipes-core/glibc/glibc-package.inc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/glibc/glibc-package.inc 
> b/meta/recipes-core/glibc/glibc-package.inc
> index 1ef987be0a..19eb7afa81 100644
> --- a/meta/recipes-core/glibc/glibc-package.inc
> +++ b/meta/recipes-core/glibc/glibc-package.inc
> @@ -167,6 +167,7 @@ do_install_armmultilib () {
> oe_multilib_header fpu_control.h gnu/lib-names.h gnu/stubs.h ieee754.h
>
> oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h 
> sys/user.h
> +   oe_multilib_header finclude/math-vector-fortran.h
>  }
>
>
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196180): 
https://lists.openembedded.org/g/openembedded-core/message/196180
Mute This Topic: https://lists.openembedded.org/mt/104577604/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] glibc: Fix conflict error when enbale multilib on aarch64.

[leimaohui via lists.openembedded.org]

From: Lei Maohui 

Error: Transaction test error:
  file /usr/include/finclude/math-vector-fortran.h from install of 
lib32-libc6-dev-2.39+git0+312e159626-r0.armv7ahf_neon conflicts with file from 
package libc6-dev-2.39+git0+312e159626-r0.aarch64

The difference of math-vector-fortran.h between 32bit and 64bit is as
the following:

--- 
tmp/work/aarch64-linux/glibc/2.39+git/image/usr/include/finclude/math-vector-fortran.h
2024-02-26 03:41:59.56000 +
+++ 
tmp/work/armv7ahf-neon-xmllib32-linux-gnueabi/lib32-glibc/2.39+git/image/usr/include/finclude/math-vector-fortran.h
 2024-02-26 02:22:28.59200 +
@@ -15,33 +15,5 @@
 !   You should have received a copy of the GNU Lesser General Public
 !   License along with the GNU C Library; if not, see
 !   .
-!GCC$ builtin (acos) attributes simd (notinbranch)
-!GCC$ builtin (acosf) attributes simd (notinbranch)
-!GCC$ builtin (asin) attributes simd (notinbranch)
-!GCC$ builtin (asinf) attributes simd (notinbranch)
-!GCC$ builtin (atan) attributes simd (notinbranch)
-!GCC$ builtin (atanf) attributes simd (notinbranch)
-!GCC$ builtin (atan2) attributes simd (notinbranch)
-!GCC$ builtin (atan2f) attributes simd (notinbranch)
-!GCC$ builtin (cos) attributes simd (notinbranch)
-!GCC$ builtin (cosf) attributes simd (notinbranch)
-!GCC$ builtin (exp) attributes simd (notinbranch)
-!GCC$ builtin (expf) attributes simd (notinbranch)
-!GCC$ builtin (exp10) attributes simd (notinbranch)
-!GCC$ builtin (exp10f) attributes simd (notinbranch)
-!GCC$ builtin (exp2) attributes simd (notinbranch)
-!GCC$ builtin (exp2f) attributes simd (notinbranch)
-!GCC$ builtin (expm1) attributes simd (notinbranch)
-!GCC$ builtin (expm1f) attributes simd (notinbranch)
-!GCC$ builtin (log) attributes simd (notinbranch)
-!GCC$ builtin (logf) attributes simd (notinbranch)
-!GCC$ builtin (log10) attributes simd (notinbranch)
-!GCC$ builtin (log10f) attributes simd (notinbranch)
-!GCC$ builtin (log1p) attributes simd (notinbranch)
-!GCC$ builtin (log1pf) attributes simd (notinbranch)
-!GCC$ builtin (log2) attributes simd (notinbranch)
-!GCC$ builtin (log2f) attributes simd (notinbranch)
-!GCC$ builtin (sin) attributes simd (notinbranch)
-!GCC$ builtin (sinf) attributes simd (notinbranch)
-!GCC$ builtin (tan) attributes simd (notinbranch)
-!GCC$ builtin (tanf) attributes simd (notinbranch)
+
+! No SIMD math functions are available for this platform.

Signed-off-by: Lei Maohui 
---
 meta/recipes-core/glibc/glibc-package.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/glibc/glibc-package.inc 
b/meta/recipes-core/glibc/glibc-package.inc
index 1ef987be0a..19eb7afa81 100644
--- a/meta/recipes-core/glibc/glibc-package.inc
+++ b/meta/recipes-core/glibc/glibc-package.inc
@@ -167,6 +167,7 @@ do_install_armmultilib () {
oe_multilib_header fpu_control.h gnu/lib-names.h gnu/stubs.h ieee754.h
 
oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h 
sys/user.h
+   oe_multilib_header finclude/math-vector-fortran.h
 }
 
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196179): 
https://lists.openembedded.org/g/openembedded-core/message/196179
Mute This Topic: https://lists.openembedded.org/mt/104577604/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [kirkstone][PATCH v2] shadow: backport patch to fix CVE-2023-29383

[Pawan Badganchi]

Hi,

Could please help here?

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196178): 
https://lists.openembedded.org/g/openembedded-core/message/196178
Mute This Topic: https://lists.openembedded.org/mt/98361235/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone][PATCH 1/1] bind: Upgrade 9.18.19 -> 9.18.24

[Soumya via lists.openembedded.org]

From: Soumya Sambu 

Includes security fixes for - CVE-2023-4408, CVE-2023-5517,
CVE-2023-5679, CVE-2023-50868 and CVE-2023-50387

Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.24/CHANGES

Signed-off-by: Soumya Sambu 
---
 .../bind/{bind_9.18.19.bb => bind_9.18.24.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/bind/{bind_9.18.19.bb => bind_9.18.24.bb} 
(97%)

diff --git a/meta/recipes-connectivity/bind/bind_9.18.19.bb 
b/meta/recipes-connectivity/bind/bind_9.18.24.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.19.bb
rename to meta/recipes-connectivity/bind/bind_9.18.24.bb
index a829cc566d..fbbebe89ad 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.19.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb
@@ -20,7 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
 
-SRC_URI[sha256sum] = 
"115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc"
+SRC_URI[sha256sum] = 
"709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
 # follow the ESV versions divisible by 2
-- 
2.40.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196177): 
https://lists.openembedded.org/g/openembedded-core/message/196177
Mute This Topic: https://lists.openembedded.org/mt/104576297/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] Patchtest results for [PATCH] wic: 'empty' plugin: fix typo in comment

[Patchtest]

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch 
/home/patchtest/share/mboxes/wic-empty-plugin-fix-typo-in-comment.patch

FAIL: test commit message presence: Please include a commit message on your 
patch explaining the change (test_mbox.TestMbox.test_commit_message_presence)

PASS: pretest pylint (test_python_pylint.PyLint.pretest_pylint)
PASS: test Signed-off-by presence 
(test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test pylint (test_python_pylint.PyLint.test_pylint)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)

SKIP: pretest src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE check ignore: No modified recipes or older target branch, 
skipping test (test_metadata.TestMetadata.test_cve_check_ignore)
SKIP: test CVE tag format: No new CVE patches introduced 
(test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced 
(test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced 
(test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found 
(test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, 
skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_license_presence)
SKIP: test series merge on head: Merge test is disabled for now 
(test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest 
(test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test 
(test_metadata.TestMetadata.test_summary_presence)
SKIP: test target mailing list: Series merged, no reason to check other mailing 
lists (test_mbox.TestMbox.test_target_mailing_list)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196176): 
https://lists.openembedded.org/g/openembedded-core/message/196176
Mute This Topic: https://lists.openembedded.org/mt/104573825/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] wic: 'empty' plugin: fix typo in comment

[Enrico Jörns]

Signed-off-by: Enrico Jorns 
---
 scripts/lib/wic/plugins/source/empty.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/wic/plugins/source/empty.py 
b/scripts/lib/wic/plugins/source/empty.py
index 0a9f5fa27c..4178912377 100644
--- a/scripts/lib/wic/plugins/source/empty.py
+++ b/scripts/lib/wic/plugins/source/empty.py
@@ -14,7 +14,7 @@
 # partition. This is useful to overwrite old content like
 # filesystem signatures which may be re-recognized otherwise.
 # This feature can be enabled with
-# '--soucreparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
+# '--sourceparams="[fill|size=[S|s|K|k|M|G]][,][bs=[S|s|K|k|M|G]]"'
 # Conflicting or missing options throw errors.
 
 import logging
-- 
2.39.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196175): 
https://lists.openembedded.org/g/openembedded-core/message/196175
Mute This Topic: https://lists.openembedded.org/mt/104572675/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 22/22] runqemu: direct mesa to use its own drivers, rather than ones provided by host distro

[Steve Sakoman]

From: Alexander Kanavin 

With mesa 23.0, it is not longer possible to use the host drivers, as
mesa upstream has added strict checks for matching builds between
drivers and libraries that load them.

Add a check and a hint to runqemu so that there is a helpful error when
there is no native/nativesdk opengl/virgl support.

Signed-off-by: Alexander Kanavin 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit f0946844df7270fe368858d8929e6b380675b78b)
Signed-off-by: Steve Sakoman 
---
 scripts/runqemu | 34 ++
 1 file changed, 10 insertions(+), 24 deletions(-)

diff --git a/scripts/runqemu b/scripts/runqemu
index 729b067a9f..8e5d22888d 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -447,30 +447,16 @@ class BaseConfig(object):
 self.set("MACHINE", arg)
 
 def set_dri_path(self):
-# As runqemu can be run within bitbake (when using testimage, for 
example),
-# we need to ensure that we run host pkg-config, and that it does not
-# get mis-directed to native build paths set by bitbake.
-env = os.environ.copy()
-try:
-del env['PKG_CONFIG_PATH']
-del env['PKG_CONFIG_DIR']
-del env['PKG_CONFIG_LIBDIR']
-del env['PKG_CONFIG_SYSROOT_DIR']
-except KeyError:
-pass
-try:
-dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH 
pkg-config --variable=dridriverdir dri", shell=True, env=env)
-except subprocess.CalledProcessError as e:
-raise RunQemuError("Could not determine the path to dri drivers on 
the host via pkg-config.\nPlease install Mesa development files (particularly, 
dri.pc) on the host machine.")
-self.qemu_environ['LIBGL_DRIVERS_PATH'] = 
dripath.decode('utf-8').strip()
-
-# This preloads uninative libc pieces and therefore ensures that 
RPATH/RUNPATH
-# in host mesa drivers doesn't trick uninative into loading host libc.
-preload_items = ['libdl.so.2', 'librt.so.1', 'libpthread.so.0']
-uninative_path = os.path.dirname(self.get("UNINATIVE_LOADER"))
-if os.path.exists(uninative_path):
-preload_paths = [os.path.join(uninative_path, i) for i in 
preload_items]
-self.qemu_environ['LD_PRELOAD'] = " ".join(preload_paths)
+drivers_path = os.path.join(self.bindir_native, '../lib/dri')
+if not os.path.exists(drivers_path) or not os.listdir(drivers_path):
+raise RunQemuError("""
+qemu has been built without opengl support and accelerated graphics support is 
not available.
+To enable it, add:
+DISTRO_FEATURES_NATIVE:append = " opengl"
+DISTRO_FEATURES_NATIVESDK:append = " opengl"
+to your build configuration.
+""")
+self.qemu_environ['LIBGL_DRIVERS_PATH'] = drivers_path
 
 def check_args(self):
 for debug in ("-d", "--debug"):
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196174): 
https://lists.openembedded.org/g/openembedded-core/message/196174
Mute This Topic: https://lists.openembedded.org/mt/104571863/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 21/22] oeqa/selftest/runtime_test: only run the virgl tests on qemux86-64

[Steve Sakoman]

From: Ross Burton 

These tests should be able to work on qemuarm64, but this is untested
and the runners will need configuration.

Signed-off-by: Ross Burton 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit 09b9558e20e58b473154895b93cff16261c7f561)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oeqa/selftest/cases/runtime_test.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py 
b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 29e82881d1..d06d480c2b 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -8,7 +8,7 @@ from oeqa.core.decorator import OETestTag
 import os
 import tempfile
 import oe.lsb
-from oeqa.core.decorator.data import skipIfNotQemu
+from oeqa.core.decorator.data import skipIfNotQemu, skipIfNotMachine
 
 class TestExport(OESelftestTestCase):
 
@@ -200,6 +200,8 @@ class TestImage(OESelftestTestCase):
 bitbake('core-image-full-cmdline socat')
 bitbake('-c testimage core-image-full-cmdline')
 
+# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14966
+@skipIfNotMachine("qemux86-64", "test needs qemux86-64")
 def test_testimage_virgl_gtk_sdl(self):
 """
 Summary: Check host-assisted accelerate OpenGL functionality in qemu 
with gtk and SDL frontends
@@ -241,6 +243,7 @@ class TestImage(OESelftestTestCase):
 bitbake('core-image-minimal')
 bitbake('-c testimage core-image-minimal')
 
+@skipIfNotMachine("qemux86-64", "test needs qemux86-64")
 def test_testimage_virgl_headless(self):
 """
 Summary: Check host-assisted accelerate OpenGL functionality in qemu 
with egl-headless frontend
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196173): 
https://lists.openembedded.org/g/openembedded-core/message/196173
Mute This Topic: https://lists.openembedded.org/mt/104571862/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 20/22] ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an ELF file

[Steve Sakoman]

From: Fabien Mahot 

When ldconfig-native reads an ELF file, it computes an offset from a LOAD
segment, to point on DT NEEDED entries of dynstr section.
Without this patch, ldconfig-native uses only the first LOAD segment, even if
the offset is incorrect.
This patch adds conditions to compute the offset by parsing all LOAD segments,
one by one.

This is a backport from [0], ported to support endianness and 32/64 bits.

[0]: 
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=58e8f5fd2ba47b6dc47fd4d0a35e4175c7c87aaa

Signed-off-by: Fabien Mahot 
Reviewed-by: Yoann Congal 
Signed-off-by: Richard Purdie 
Signed-off-by: Steve Sakoman 
---
 ...-.dynstr-located-in-separate-segment.patch | 178 ++
 .../glibc/ldconfig-native_2.12.1.bb   |   1 +
 2 files changed, 179 insertions(+)
 create mode 100644 
meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig-handle-.dynstr-located-in-separate-segment.patch

diff --git 
a/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig-handle-.dynstr-located-in-separate-segment.patch
 
b/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig-handle-.dynstr-located-in-separate-segment.patch
new file mode 100644
index 00..36f04adfde
--- /dev/null
+++ 
b/meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig-handle-.dynstr-located-in-separate-segment.patch
@@ -0,0 +1,178 @@
+From 864054a6cb971688a181316b8227ae0361b4d69e Mon Sep 17 00:00:00 2001
+From: Andreas Schwab 
+Date: Wed, 9 Oct 2019 17:46:47 +0200
+Subject: [PATCH] ldconfig: handle .dynstr located in separate segment (bug
+ 25087)
+
+To determine the load offset of the DT_STRTAB section search for the
+segment containing it, instead of using the load offset of the first
+segment.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=58e8f5fd2ba47b6dc47fd4d0a35e4175c7c87aaa]
+
+Backported: ported to support endianness and 32/64 bits.
+Signed-off-by: Fabien Mahot 
+---
+ readelflib.c | 86 +++-
+ 1 file changed, 52 insertions(+), 34 deletions(-)
+
+diff --git a/readelflib.c b/readelflib.c
+index a01e1cede3..380aed563d 100644
+--- a/readelflib.c
 b/readelflib.c
+@@ -80,7 +80,6 @@ process_elf_file32 (const char *file_name, const char *lib, 
int *flag,
+ {
+   int i;
+   unsigned int j;
+-  Elf32_Addr loadaddr;
+   unsigned int dynamic_addr;
+   size_t dynamic_size;
+   char *program_interpreter;
+@@ -110,7 +109,6 @@ process_elf_file32 (const char *file_name, const char 
*lib, int *flag,
+  libc5/libc6.  */
+   *flag = FLAG_ELF;
+ 
+-  loadaddr = -1;
+   dynamic_addr = 0;
+   dynamic_size = 0;
+   program_interpreter = NULL;
+@@ -121,11 +119,6 @@ process_elf_file32 (const char *file_name, const char 
*lib, int *flag,
+ 
+   switch (read32(segment->p_type, be))
+   {
+-  case PT_LOAD:
+-if (loadaddr == (Elf32_Addr) -1)
+-  loadaddr = read32(segment->p_vaddr, be) - read32(segment->p_offset, 
be);
+-break;
+-
+   case PT_DYNAMIC:
+ if (dynamic_addr)
+   error (0, 0, _("more than one dynamic segment\n"));
+@@ -188,11 +181,6 @@ process_elf_file32 (const char *file_name, const char 
*lib, int *flag,
+   }
+ 
+ }
+-  if (loadaddr == (Elf32_Addr) -1)
+-{
+-  /* Very strange. */
+-  loadaddr = 0;
+-}
+ 
+   /* Now we can read the dynamic sections.  */
+   if (dynamic_size == 0)
+@@ -208,11 +196,32 @@ process_elf_file32 (const char *file_name, const char 
*lib, int *flag,
+ {
+   check_ptr (dyn_entry);
+   if (read32(dyn_entry->d_tag, be) == DT_STRTAB)
+-  {
+-dynamic_strings = (char *) (file_contents + 
read32(dyn_entry->d_un.d_val, be) - loadaddr);
+-check_ptr (dynamic_strings);
+-break;
+-  }
++{
++  /* Find the file offset of the segment containing the dynamic
++ string table.  */
++  Elf32_Off loadoff = -1;
++  for (i = 0, segment = elf_pheader;
++   i < read16(elf_header->e_phnum, be); i++, segment++)
++{
++  if (read32(segment->p_type, be) == PT_LOAD
++  && read32(dyn_entry->d_un.d_val, be) >= 
read32(segment->p_vaddr, be)
++  && (read32(dyn_entry->d_un.d_val, be) - 
read32(segment->p_vaddr, be)
++  < read32(segment->p_filesz, be)))
++{
++  loadoff = read32(segment->p_vaddr, be) - 
read32(segment->p_offset, be);
++  break;
++}
++}
++  if (loadoff == (Elf32_Off) -1)
++{
++  /* Very strange. */
++  loadoff = 0;
++}
++
++  dynamic_strings = (char *) (file_contents + 
read32(dyn_entry->d_un.d_val, be) - loadoff);
++  check_ptr (dynamic_strings);
++  break;
++}
+ }
+ 
+   if (dynamic_strings == NULL)
+@@ -269,7 +278,6 @@ process_elf_file64 (const char *file_name, const char 
*lib, int *flag,
+ {
+ 

[OE-core][kirkstone 19/22] cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

[Steve Sakoman]

From: Zahir Hussain 

As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake.

The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly
during do_compile the code. Due to this getting sporadic error like below,

fatal error: stdlib.h: No such file or directory
|75 | #include_next 
|   |   ^~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.

As cmake already correctly initializes the variable from environment,
So we have to unset it in the toolchain file to avoid overwriting the
variable definition again.

Signed-off-by: aszh07 
Signed-off-by: Zahir Hussain 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake 
b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
index d6a1e0464c..6434b27371 100644
--- a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
+++ b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
@@ -18,3 +18,6 @@ file( GLOB toolchain_config_files 
"${CMAKE_CURRENT_LIST_FILE}.d/*.cmake" )
 foreach(config ${toolchain_config_files})
 include(${config})
 endforeach()
+
+unset(CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES)
+unset(CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES)
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196171): 
https://lists.openembedded.org/g/openembedded-core/message/196171
Mute This Topic: https://lists.openembedded.org/mt/104571858/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 18/22] curl: don't enable debug builds

[Steve Sakoman]

From: Ross Burton 

In oe-core 27824261 --enable-debug was added to the configure arguments
to turn on debugging symbols.  However, enabling debug mode does more
than turn on debugging symbols and introduces some codepaths that can be
controlled with environment variables.  Bluntly, the curl maintainer
says that --enable-debug should not be used in production:

https://curl.se/mail/lib-2023-01/0039.html

I did a build and verified that the curl-dbg package doesn't massively
shrink, so the debug symbols are still being built.

Remove the debug options and hide them behind a PACKAGECONFIG, with a
comment that it should not be used in production.

Signed-off-by: Ross Burton 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
Signed-off-by: Alex Kiernan 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/curl/curl_7.82.0.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index de69d3d53b..383cf415d9 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -79,6 +79,8 @@ PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random 
threaded-resolver ver
 PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
 PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
 PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
+# Don't use this in production
+PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
 PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
 PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
 PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
@@ -115,9 +117,7 @@ EXTRA_OECONF = " \
 --enable-crypto-auth \
 --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
 --without-libpsl \
---enable-debug \
 --enable-optimize \
---disable-curldebug \
 ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls 
nss openssl', d) == '') else ''} \
 "
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196170): 
https://lists.openembedded.org/g/openembedded-core/message/196170
Mute This Topic: https://lists.openembedded.org/mt/104571857/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 17/22] linux-yocto/5.15: update CVE exclusions

[Steve Sakoman]

From: Bruce Ashfield 

Data pulled from: https://github.com/nluedtke/linux_kernel_cves

1/1 [
Author: Nicholas Luedtke
Email: nicholas.lued...@uwalumni.com
Subject: Update 3Feb24
Date: Sat, 3 Feb 2024 00:42:14 -0500

]

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/cve-exclusion_5.15.inc  | 91 +--
 1 file changed, 85 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc 
b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 0d54b414d9..d33f2b3c7f 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147
+# Generated at 2024-02-06 21:02:11.546853 for version 5.15.148
 
 python check_kernel_cve_status_version() {
-this_version = "5.15.147"
+this_version = "5.15.148"
 kernel_version = d.getVar("LINUX_VERSION")
 if kernel_version != this_version:
 bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -5299,6 +5299,12 @@ CVE_CHECK_IGNORE += "CVE-2021-3348"
 # fixed-version: Fixed after version 5.13rc7
 CVE_CHECK_IGNORE += "CVE-2021-33624"
 
+# fixed-version: Fixed after version 5.4rc1
+CVE_CHECK_IGNORE += "CVE-2021-33630"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2021-33631"
+
 # cpe-stable-backport: Backported in 5.15.54
 CVE_CHECK_IGNORE += "CVE-2021-33655"
 
@@ -6395,7 +6401,8 @@ CVE_CHECK_IGNORE += "CVE-2022-3635"
 # fixed-version: only affects 5.19 onwards
 CVE_CHECK_IGNORE += "CVE-2022-3640"
 
-# CVE-2022-36402 has no known resolution
+# cpe-stable-backport: Backported in 5.15.129
+CVE_CHECK_IGNORE += "CVE-2022-36402"
 
 # CVE-2022-3642 has no known resolution
 
@@ -7368,9 +7375,15 @@ CVE_CHECK_IGNORE += "CVE-2023-4611"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-4623"
 
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-46343"
+
 # cpe-stable-backport: Backported in 5.15.137
 CVE_CHECK_IGNORE += "CVE-2023-46813"
 
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-46838"
+
 # cpe-stable-backport: Backported in 5.15.140
 CVE_CHECK_IGNORE += "CVE-2023-46862"
 
@@ -7385,11 +7398,17 @@ CVE_CHECK_IGNORE += "CVE-2023-4881"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-4921"
 
-# CVE-2023-50431 has no known resolution
+# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
 
 # fixed-version: only affects 6.0rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5090"
 
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-51042"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-51043"
+
 # cpe-stable-backport: Backported in 5.15.135
 CVE_CHECK_IGNORE += "CVE-2023-5158"
 
@@ -7411,6 +7430,9 @@ CVE_CHECK_IGNORE += "CVE-2023-51782"
 # cpe-stable-backport: Backported in 5.15.134
 CVE_CHECK_IGNORE += "CVE-2023-5197"
 
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2023-52340"
+
 # fixed-version: only affects 6.1rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5345"
 
@@ -7425,7 +7447,8 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
 
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
 
-# CVE-2023-6040 needs backporting (fixed from 5.18rc1)
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2023-6040"
 
 # fixed-version: only affects 6.6rc3 onwards
 CVE_CHECK_IGNORE += "CVE-2023-6111"
@@ -7436,6 +7459,9 @@ CVE_CHECK_IGNORE += "CVE-2023-6121"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-6176"
 
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6200"
+
 # CVE-2023-6238 has no known resolution
 
 # CVE-2023-6270 has no known resolution
@@ -7468,6 +7494,9 @@ CVE_CHECK_IGNORE += "CVE-2023-6679"
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6817"
 
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-6915"
+
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6931"
 
@@ -7487,5 +7516,55 @@ CVE_CHECK_IGNORE += "CVE-2024-0193"
 # fixed-version: only affects 6.2rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2024-0443"
 
-# Skipping dd=CVE-2023-1476, no affected_versions
+# cpe-stable-backport: Backported in 5.15.64
+CVE_CHECK_IGNORE += "CVE-2024-0562"
+
+# CVE-2024-0564 has no known resolution
+
+# CVE-2024-0565 needs backporting (fixed from 6.7rc6)
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0582"
+
+# cpe-stable-backport: Backported in 5.15.142
+CVE_CHECK_IGNORE += "CVE-2024-0584"
+
+# cpe-stable-backport: Backported in 5.15.140
+CVE_CHECK_IGNORE += "CVE-2024-0607"
+
+# cpe-stable-backport: Backported in 5.15.121

[OE-core][kirkstone 16/22] linux-yocto/5.15: update to v5.15.148

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:

6139f2a02fe0 Linux 5.15.148
84c39986fe6d Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in 
raid5d""
c8483a4845a0 arm64: dts: armada-3720-turris-mox: set irq type for RTC
98052220f174 netfilter: nft_quota: copy content when cloning expression
3be3c6123275 netfilter: nft_last: copy content when cloning expression
42d461784889 netfilter: nft_limit: Clone packet limits' cost value
d80880585128 netfilter: nft_limit: fix stateful object memory leak
e562d8422555 netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails
10823cfe8e91 netfilter: nf_tables: typo NULL check in _clone() function
0f2dca516541 block: Remove special-casing of compound pages
08bf561118ca i2c: s3c24xx: fix transferring more than one message in 
polling mode
38ce342a19ea i2c: s3c24xx: fix read transfers in polling mode
62b3387beef1 ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
58485b95fde6 selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes
348112522a35 mlxsw: spectrum_acl_tcam: Fix stack corruption
005f2d10f915 mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward 
declarations
077c4776d798 mlxsw: spectrum_acl_tcam: Make fini symmetric to init
d28048d31975 mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()
196f3595e869 mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
87c54033935b mlxsw: spectrum_acl_erp: Fix error flow of pool allocation 
failure
3732db294ea3 ethtool: netlink: Add missing ethnl_ops_begin/complete
7f3d781e0df1 kdb: Fix a potential buffer overflow in kdb_local()
995d6099d8b1 ipvs: avoid stat macros calls from preemptible context
27513eff4c0c netfilter: nf_tables: reject NFT_SET_CONCAT with not field 
length description
d6420b66ad70 netfilter: nf_tables: skip dead set elements in netlink dump
77be8c495a3f netfilter: nf_tables: do not allow mismatch field size and set 
key length
b8eb65bd13a6 netfilter: nft_limit: do not ignore unsupported flags
d7b5da4fde7f netfilter: nf_tables: memcg accounting for dynamically 
allocated objects
3bb4403d20b7 netfilter: nft_limit: move stateful fields out of expression 
data
8a6635074a65 netfilter: nft_limit: rename stateful structure
e2e8fdd0ad8e netfilter: nft_quota: move stateful fields out of expression 
data
b147911d2a7b netfilter: nft_last: move stateful fields out of expression 
data
36997eb13d53 netfilter: nft_connlimit: move stateful fields out of 
expression data
713a13885579 netfilter: nf_tables: reject invalid set policy
78e85466460d net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
29ffa63f21bc bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS
684290895aa0 net: stmmac: ethtool: Fixed calltrace caused by unbalanced 
disable_irq_wake calls
8e481c7f81e2 net: ravb: Fix dma_addr_t truncation in error case
f05301ad0574 mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
413b91350732 mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
9b82d5f5d042 mptcp: strict validation before using mp_opt->hmac
c99f490a422b mptcp: drop unused sk in mptcp_get_options
cbe983d0e4d5 mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
4f2c4ba3216d net: phy: micrel: populate .soft_reset for KSZ9131
890bc96ef147 net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet 
frames
3b5254862258 net: qualcomm: rmnet: fix global oob in rmnet_policy
18babcfa365d s390/pci: fix max size calculation in zpci_memcpy_toio()
bf3304054e45 PCI: keystone: Fix race condition when initializing PHYs
a300f741f692 nvmet-tcp: Fix the H2C expected PDU len calculation
b02a005b19bb nvmet: re-fix tracing strncpy() warning
763c67e96b05 serial: imx: Correct clock error message in function probe()
1ed3c202051c usb: xhci-mtk: fix a short packet issue of gen1 isoc-in 
transfer
0a12db736edb apparmor: avoid crash when parsed profile name is empty
367d061a1864 perf env: Avoid recursively taking env->bpf_progs.lock
0613a2fbdf8d nvmet-tcp: fix a crash in nvmet_req_complete()
4cb3cf7177ae nvmet-tcp: Fix a kernel panic when host sends an invalid H2C 
PDU length
013d7878c729 usb: cdc-acm: return correct error code on unsupported break
c50f88954cd0 tty: use 'if' in send_break() instead of 'goto'
a222bd01ca5a tty: don't check for signal_pending() in send_break()
370b18aefe40 tty: early return from send_break() on 
TTY_DRIVER_HARDWARE_BREAK
6f98751fa44d tty: change tty_write_lock()'s ndelay parameter to bool
7ab8ef24fd0f perf genelf: Set ELF program header addresses properly
08715e4fa58e iio: adc: ad9467: fix scale setting
d7773702f813 iio: adc: ad9467: don't ignore error codes
fd1957c706f3 iio: adc: ad9467: fix reset gpio handling
71204292a722 iio: adc: ad9467: Benefit from 

[OE-core][kirkstone 15/22] linux-yocto/5.15: update CVE exclusions

[Steve Sakoman]

From: Bruce Ashfield 

Data pulled from: https://github.com/nluedtke/linux_kernel_cves

1/1 [
Author: Nicholas Luedtke
Email: nicholas.lued...@uwalumni.com
Subject: Update 15Jan24
Date: Mon, 15 Jan 2024 12:48:45 -0500

]

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/cve-exclusion_5.15.inc  | 44 ---
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc 
b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 84d0becb8d..0d54b414d9 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-11 21:16:55.956074 for version 5.15.146
+# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147
 
 python check_kernel_cve_status_version() {
-this_version = "5.15.146"
+this_version = "5.15.147"
 kernel_version = d.getVar("LINUX_VERSION")
 if kernel_version != this_version:
 bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -6626,6 +6626,9 @@ CVE_CHECK_IGNORE += "CVE-2022-48425"
 # cpe-stable-backport: Backported in 5.15.121
 CVE_CHECK_IGNORE += "CVE-2022-48502"
 
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2022-48619"
+
 # fixed-version: Fixed after version 5.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-0030"
 
@@ -6747,6 +6750,8 @@ CVE_CHECK_IGNORE += "CVE-2023-1382"
 # fixed-version: Fixed after version 5.11rc4
 CVE_CHECK_IGNORE += "CVE-2023-1390"
 
+# CVE-2023-1476 has no known resolution
+
 # cpe-stable-backport: Backported in 5.15.95
 CVE_CHECK_IGNORE += "CVE-2023-1513"
 
@@ -6921,7 +6926,8 @@ CVE_CHECK_IGNORE += "CVE-2023-23559"
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2023-23586"
 
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-2430"
 
 # cpe-stable-backport: Backported in 5.15.105
 CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -7351,7 +7357,8 @@ CVE_CHECK_IGNORE += "CVE-2023-45871"
 # fixed-version: only affects 6.5rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-45898"
 
-# CVE-2023-4610 needs backporting (fixed from 6.4)
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4610"
 
 # fixed-version: only affects 6.4rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4611"
@@ -7386,7 +7393,8 @@ CVE_CHECK_IGNORE += "CVE-2023-5090"
 # cpe-stable-backport: Backported in 5.15.135
 CVE_CHECK_IGNORE += "CVE-2023-5158"
 
-# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
+# cpe-stable-backport: Backported in 5.15.146
+CVE_CHECK_IGNORE += "CVE-2023-51779"
 
 # cpe-stable-backport: Backported in 5.15.137
 CVE_CHECK_IGNORE += "CVE-2023-5178"
@@ -7417,6 +7425,8 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
 
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
 
+# CVE-2023-6040 needs backporting (fixed from 5.18rc1)
+
 # fixed-version: only affects 6.6rc3 onwards
 CVE_CHECK_IGNORE += "CVE-2023-6111"
 
@@ -7428,8 +7438,13 @@ CVE_CHECK_IGNORE += "CVE-2023-6176"
 
 # CVE-2023-6238 has no known resolution
 
+# CVE-2023-6270 has no known resolution
+
 # CVE-2023-6356 has no known resolution
 
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6531"
+
 # CVE-2023-6535 has no known resolution
 
 # CVE-2023-6536 has no known resolution
@@ -7439,14 +7454,16 @@ CVE_CHECK_IGNORE += "CVE-2023-6546"
 
 # CVE-2023-6560 needs backporting (fixed from 6.7rc4)
 
-# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
+# cpe-stable-backport: Backported in 5.15.146
+CVE_CHECK_IGNORE += "CVE-2023-6606"
 
 # CVE-2023-6610 needs backporting (fixed from 6.7rc7)
 
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6622"
 
-# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6679"
 
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6817"
@@ -7459,3 +7476,16 @@ CVE_CHECK_IGNORE += "CVE-2023-6932"
 
 # CVE-2023-7042 has no known resolution
 
+# cpe-stable-backport: Backported in 5.15.100
+CVE_CHECK_IGNORE += "CVE-2023-7192"
+
+# fixed-version: only affects 6.5rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0193"
+
+# CVE-2024-0340 needs backporting (fixed from 6.4rc6)
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0443"
+
+# Skipping dd=CVE-2023-1476, no affected_versions
+
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196167): 
https://lists.openembedded.org/g/openembedded-core/message/196167
Mute This Topic: https://lists.openembedded.org/mt/104571853/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: 

[OE-core][kirkstone 14/22] linux-yocto/5.15: update to v5.15.147

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:

ddcaf4999061 Linux 5.15.147
231752a0a05d net: usb: ax88179_178a: move priv to driver_priv
d800d18ba132 net: usb: ax88179_178a: remove redundant init code
329197033bb0 tracing/kprobes: Fix symbol counting logic by looking at 
modules as well
ccb7eef5f2f3 kallsyms: Make module_kallsyms_on_each_symbol generally 
available
ab3a3aadb373 netfilter: nf_tables: Reject tables of unsupported family
0eb556b2386d perf inject: Fix GEN_ELF_TEXT_OFFSET for jit
b8a5308feedd ipv6: remove max_size check inline with ipv4
ba5efd8544fa net: tls, update curr on splice as well
06bb52d2efb3 mmc: sdhci-sprd: Fix eMMC init failure after hw reset
6722186854a7 mmc: core: Cancel delayed work before releasing host
edaefc210e10 mmc: rpmb: fixes pause retune on all RPMB partitions.
41f20ac9bdc4 mmc: meson-mx-sdhc: Fix initialization frozen issue
91432aebce51 mm: fix unmap_mapping_range high bits shift bug
5e44f5da1266 i2c: core: Fix atomic xfer check for non-preempt config
1d5c1617e1e1 x86/kprobes: fix incorrect return address calculation in 
kprobe_emulate_call_indirect
10086ff58ce4 firewire: ohci: suppress unexpected system reboot in AMD Ryzen 
machines and ASM108x/VT630x PCIe cards
660b3c3bc8a7 mm/memory-failure: check the mapcount of the precise page
80eb449f809c selftests: secretmem: floor the memory size to the multiple of 
page_size
a58ae5ab714d net: Implement missing SO_TIMESTAMPING_NEW cmsg support
500c7f32ad43 bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
fda00eb3cd41 asix: Add check for usbnet_get_endpoints
0817c1b21561 octeontx2-af: Re-enable MAC TX in otx2_stop processing
20fce91b4fa0 octeontx2-af: Always configure NIX TX link credits based on 
max frame size
6bbbcff3c798 octeontx2-af: Set NIX link credits based on max LMAC
6ef9a28e1bb2 octeontx2-af: Don't enable Pause frames by default
bc56ed720e06 net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
cfcf5490145a igc: Fix hicredit calculation
6c853b57684e i40e: Restore VF MSI-X state during PCI reset
9400f854facd ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
e08b666e4415 ASoC: meson: g12a-toacodec: Fix event generation
3a78a57764f0 ASoC: meson: g12a-tohdmitx: Validate written enum values
f74281f241ff ASoC: meson: g12a-toacodec: Validate written enum values
947db598acb8 i40e: fix use-after-free in i40e_aqc_add_filters()
975d6f66f2b6 net: Save and restore msg_namelen in sock_sendmsg
b2869e7600f4 netfilter: nft_immediate: drop chain reference counter on error
51976846f202 net: bcmgenet: Fix FCS generation for fragmented skbuffs
c748c358debe sfc: fix a double-free bug in efx_probe_filters
5c161f2220f5 ARM: sun9i: smp: Fix array-index-out-of-bounds read in 
sunxi_mc_smp_init
fd2e7829239e net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps
dc5643abc1ac can: raw: add support for SO_MARK
464fb49ca9bb can: raw: add support for SO_TXTIME/SCM_TXTIME
ba80ff7a85b6 net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)
5636941e42d5 r8169: Fix PCI error on system resume
0ce9a244d33b net: sched: em_text: fix possible memory leak in 
em_text_destroy()
c0b56aa9d1a6 mlxbf_gige: fix receive packet race condition
271567afd4c2 ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable
1867a9094743 igc: Check VLAN EtherType mask
f24370ddf75d igc: Check VLAN TCI mask
4ec5efdb9034 igc: Report VLAN EtherType matching back to user
b17f8024a5f0 i40e: Fix filter input checks to prevent config with invalid 
values
def90597ef5b drm/i915/dp: Fix passing the correct DPCD_REV for 
drm_dp_set_phy_test_pattern
a7b67635de1a octeontx2-af: Fix marking couple of structure as __packed
802af3c88ad1 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a 
ref to llcp_local
5d3e98ef12f6 drm/bridge: ti-sn65dsi86: Never store more than msg->size 
bytes in AUX xfer
2f8cefc8b638 wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ
1f2f662c8bec Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
200cecd6ff1e ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 
440 G6
90ab9a70f0d8 block: Don't invalidate pagecache for invalid falloc modes
c496c35310e6 keys, dns: Fix missing size check of V1 server-list header

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/linux-yocto-rt_5.15.bb  |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb|  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 1e61698222..e64f21b2f0 100644
--- 

[OE-core][kirkstone 13/22] linux-yocto/5.15: update CVE exclusions

[Steve Sakoman]

From: Bruce Ashfield 

Data pulled from: https://github.com/nluedtke/linux_kernel_cves

1/1 [
Author: Nicholas Luedtke
Email: nicholas.lued...@uwalumni.com
Subject: Update 27Dec23
Date: Wed, 27 Dec 2023 19:47:13 -0500

]

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/cve-exclusion_5.15.inc  | 259 +++---
 1 file changed, 223 insertions(+), 36 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc 
b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 7822040782..84d0becb8d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-23 10:40:51.641475 for version 5.15.124
+# Generated at 2024-01-11 21:16:55.956074 for version 5.15.146
 
 python check_kernel_cve_status_version() {
-this_version = "5.15.124"
+this_version = "5.15.146"
 kernel_version = d.getVar("LINUX_VERSION")
 if kernel_version != this_version:
 bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -4839,7 +4839,8 @@ CVE_CHECK_IGNORE += "CVE-2020-27194"
 # fixed-version: Fixed after version 5.6rc4
 CVE_CHECK_IGNORE += "CVE-2020-2732"
 
-# CVE-2020-27418 has no known resolution
+# fixed-version: Fixed after version 5.6rc5
+CVE_CHECK_IGNORE += "CVE-2020-27418"
 
 # fixed-version: Fixed after version 5.10rc1
 CVE_CHECK_IGNORE += "CVE-2020-27673"
@@ -4981,6 +4982,9 @@ CVE_CHECK_IGNORE += "CVE-2020-36691"
 # fixed-version: Fixed after version 5.10
 CVE_CHECK_IGNORE += "CVE-2020-36694"
 
+# fixed-version: Fixed after version 5.9rc1
+CVE_CHECK_IGNORE += "CVE-2020-36766"
+
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2020-3702"
 
@@ -6450,7 +6454,8 @@ CVE_CHECK_IGNORE += "CVE-2022-40768"
 # cpe-stable-backport: Backported in 5.15.66
 CVE_CHECK_IGNORE += "CVE-2022-4095"
 
-# CVE-2022-40982 needs backporting (fixed from 5.15.125)
+# cpe-stable-backport: Backported in 5.15.125
+CVE_CHECK_IGNORE += "CVE-2022-40982"
 
 # cpe-stable-backport: Backported in 5.15.87
 CVE_CHECK_IGNORE += "CVE-2022-41218"
@@ -6536,7 +6541,7 @@ CVE_CHECK_IGNORE += "CVE-2022-43945"
 
 # CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44034 has no known resolution
+# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-4543 has no known resolution
 
@@ -6591,7 +6596,8 @@ CVE_CHECK_IGNORE += "CVE-2022-47938"
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2022-47939"
 
-# CVE-2022-47940 needs backporting (fixed from 5.19rc1)
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2022-47940"
 
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2022-47941"
@@ -6708,9 +6714,11 @@ CVE_CHECK_IGNORE += "CVE-2023-1118"
 # cpe-stable-backport: Backported in 5.15.113
 CVE_CHECK_IGNORE += "CVE-2023-1192"
 
-# CVE-2023-1193 has no known resolution
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-1193"
 
-# CVE-2023-1194 has no known resolution
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-1194"
 
 # fixed-version: only affects 5.16rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-1195"
@@ -6797,9 +6805,11 @@ CVE_CHECK_IGNORE += "CVE-2023-2008"
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2023-2019"
 
-# CVE-2023-20569 needs backporting (fixed from 5.15.125)
+# cpe-stable-backport: Backported in 5.15.125
+CVE_CHECK_IGNORE += "CVE-2023-20569"
 
-# CVE-2023-20588 needs backporting (fixed from 5.15.126)
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-20588"
 
 # cpe-stable-backport: Backported in 5.15.122
 CVE_CHECK_IGNORE += "CVE-2023-20593"
@@ -6922,7 +6932,8 @@ CVE_CHECK_IGNORE += "CVE-2023-25012"
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2023-2513"
 
-# CVE-2023-25775 needs backporting (fixed from 6.6rc1)
+# cpe-stable-backport: Backported in 5.15.144
+CVE_CHECK_IGNORE += "CVE-2023-25775"
 
 # fixed-version: only affects 6.3rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-2598"
@@ -7003,7 +7014,8 @@ CVE_CHECK_IGNORE += "CVE-2023-3106"
 
 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)
 
-# CVE-2023-31085 has no known resolution
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-31085"
 
 # cpe-stable-backport: Backported in 5.15.63
 CVE_CHECK_IGNORE += "CVE-2023-3111"
@@ -7035,20 +7047,26 @@ CVE_CHECK_IGNORE += "CVE-2023-3220"
 # cpe-stable-backport: Backported in 5.15.111
 CVE_CHECK_IGNORE += "CVE-2023-32233"
 
-# CVE-2023-32247 needs backporting (fixed from 6.4rc1)
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32247"
 
 # cpe-stable-backport: Backported in 5.15.111
 CVE_CHECK_IGNORE += "CVE-2023-32248"
 
-# 

[OE-core][kirkstone 12/22] linux-yocto/5.15: update to v5.15.146

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:

26c690eff0a5 Linux 5.15.146
13578b4ea461 bpf: Fix prog_array_map_poke_run map poke update
339add0430e7 device property: Allow const parameter to dev_fwnode()
4d9dcdb333ca dm-integrity: don't modify bio's immutable bio_vec in 
integrity_metadata()
a033bb82a10c ring-buffer: Fix slowpath of interrupted event
d10f7540c554 netfilter: nf_tables: skip set commit for deleted/destroyed 
sets
d739f2b6d8f5 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
53bed9b9f431 ring-buffer: Remove useless update to write_stamp in 
rb_try_to_discard()
7fb264aedec9 tracing: Fix blocked reader of snapshot buffer
c73cb01af11f ring-buffer: Fix wake ups when buffer_percent is set to 100
c0be52181f35 mm/filemap: avoid buffered read/write race to read 
inconsistent data
2b16d960c79a Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
ded3cfdefec8 smb: client: fix OOB in smbCalcSize()
bfd18c0f570e smb: client: fix OOB in SMB2_query_info_init()
1228354a9889 iio: imu: adis16475: add spi_device_id table
bd1be85dbbbd spi: Introduce spi_get_device_match_data() helper
fcf6fce2f147 device property: Add const qualifier to 
device_get_match_data() parameter
d63fafd6cc28 net: usb: ax88179_178a: avoid failed operations when device is 
disconnected
f860413aa00c net: usb: ax88179_178a: wol optimizations
2964a0de7526 net: usb: ax88179_178a: clean up pm calls
597305fd7708 ethernet: constify references to netdev->dev_addr in drivers
32d9a4ce5240 usb: fotg210-hcd: delete an incorrect bounds test
d529cc227897 ARM: dts: Fix occasional boot hang for am3 usb
8bf06286d740 ksmbd: fix wrong allocation size update in smb2_open()
06208a04a7bd ksmbd: avoid duplicate opinfo_put() call on error of 
smb21_lease_break_ack()
9444c47d2c3b ksmbd: lazy v2 lease break on smb2_write()
f58afd8c7011 ksmbd: send v2 lease break notification for directory
86967f696586 ksmbd: downgrade RWH lease caching state to RH for directory
f7c8270be3cb ksmbd: set v2 lease capability
1bf476d8a89a ksmbd: set epoch in create context v2 lease
ac385518598f ksmbd: have a dependency on cifs ARC4
b54b9fbc16a0 fuse: share lookup state between submount and its parent
1c811b7c83a4 x86/alternatives: Sync core before enabling interrupts
ccda72aa73c7 KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy
46bc250b082c lib/vsprintf: Fix %pfwf when current node refcount == 0
f9dc6e0a0b02 gpio: dwapb: mask/unmask IRQ when disable/enale it
e4d3534c6818 bus: ti-sysc: Flush posted write only after srst_udelay
d47b2b6a087a tracing / synthetic: Disable events after testing in 
synth_event_gen_test_init()
da95f8b7bc6a scsi: core: Always send batch on reset or error handling 
command
686774523f8e dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp
7c25c5d72746 net: ks8851: Fix TX stall caused by TX buffer overrun
28855385bff1 net: rfkill: gpio: set GPIO direction
4431cf7c3310 net: 9p: avoid freeing uninit memory in p9pdu_vreadf
85fd35ce5bc0 Input: soc_button_array - add mapping for airplane mode button
a346cfc6389a Bluetooth: MGMT/SMP: Fix address type when using SMP over 
BREDR/LE
916ca52a3e28 Bluetooth: L2CAP: Send reject on command corrupted request
70db6466c029 Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has 
been sent
094ae245f7aa USB: serial: option: add Quectel RM500Q R13 firmware support
d0adf8fe08b9 USB: serial: option: add Foxconn T99W265 with new baseline
a67f0b5bc2fa USB: serial: option: add Quectel EG912Y module support
0e285069fd2a USB: serial: ftdi_sio: update Actisense PIDs constant names
433889344e82 wifi: cfg80211: fix certs build to not depend on file order
69fab6dc3748 wifi: cfg80211: Add my certificate
498f212a774f ALSA: usb-audio: Increase delay in MOTU M quirk
5a16bb60b8ce iio: triggered-buffer: prevent possible freeing of wrong buffer
3becd9bc5af3 iio: adc: ti_am335x_adc: Fix return value check of 
tiadc_request_dma()
b9ccf18e315f iio: common: ms_sensors: ms_sensors_i2c: fix humidity 
conversion time table
f1d9a66e9ce9 scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
1e3effe67e75 Input: ipaq-micro-keys - add error handling for devm_kmemdup
25c441a07360 iio: imu: inv_mpu6050: fix an error code problem in 
inv_mpu6050_read_raw
3cbae23d481b interconnect: Treat xlate() returning NULL node as an error
f47e3f60f239 smb: client: fix OOB in smb2_query_reparse_point()
fd3951b798c8 smb: client: fix NULL deref in asn1_ber_decoder()
6ded9038e4b1 drm/i915: Fix intel_atomic_setup_scalers() plane_state handling
f9954b18c4fa drm/i915: Relocate intel_atomic_setup_scalers()
2a4ef0d6e5f0 drm/i915/mtl: limit second scaler vertical scaling in ver >= 14
6bbeb3960aad ksmbd: fix wrong name of 

[OE-core][kirkstone 11/22] linux-yocto/5.15: update to v5.15.145

[Steve Sakoman]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

d93fa2c78854 Linux 5.15.145
ee41f667aa64 kasan: disable kasan_non_canonical_hook() for HW tags
f30f893143b9 tracing/kprobes: Return EADDRNOTAVAIL when func matches 
several symbols
7aa33c99b513 Revert "drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers"
4a8350a0ea76 Revert "drm/bridge: lt9611uxc: Register and attach our DSI 
device at probe"
e21817ce167e Revert "drm/bridge: lt9611uxc: fix the race in the error path"
811b5eaee70e ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error
bd47f9c8b53b ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId
5e1f31378a81 ksmbd: release interim response after sending status pending 
response
c21d0445088d ksmbd: move oplock handling after unlock parent dir
772d81aeecd3 ksmbd: separately allocate ci per dentry
8ed1118da8c4 ksmbd: fix possible deadlock in smb2_open
ae3356cbe9ac ksmbd: prevent memory leak on error return
8dc9eb7d3503 ksmbd: handle malformed smb1 message
1f50c418d47a ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()
3fecda5d853c ksmbd: no need to wait for binded connection termination at 
logoff
841bcade0964 ksmbd: add support for surrogate pair conversion
0eaeb8aec49f ksmbd: fix missing RDMA-capable flag for IPoIB device in 
ksmbd_rdma_capable_netdev()
20b4f6bd4cf9 ksmbd: fix recursive locking in vfs helpers
f30a2ff71561 ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()
df79244f7339 ksmbd: reorganize ksmbd_iov_pin_rsp()
845837fbfe79 ksmbd: Remove unused field in ksmbd_user struct
fab0175b7f8e ksmbd: fix potential double free on smb2_read_pipe() error path
ef435dec8a84 ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
4b9b7ea1ffb1 ksmbd: fix wrong error response status by using 
set_smb2_rsp_status()
dd45db4d9bbc ksmbd: fix race condition between tree conn lookup and 
disconnect
0901be8dc6ea ksmbd: fix race condition from parallel smb2 lock requests
50e13932ba55 ksmbd: fix race condition from parallel smb2 logoff requests
f99d5d1d2a25 ksmbd: fix race condition with fp
c77fd3e25a51 ksmbd: fix race condition between session lookup and expire
b9a3e4549676 ksmbd: check iov vector index in ksmbd_conn_write()
01df133b1a7d ksmbd: return invalid parameter error response if smb2 request 
is invalid
4a67467f1134 ksmbd: fix passing freed memory 'aux_payload_buf'
fbed0adfe507 ksmbd: remove unneeded mark_inode_dirty in set_info_sec()
a9128c4134f1 ksmbd: remove experimental warning
6997fa65bf9e ksmbd: add missing calling smb2_set_err_rsp() on error
bd554ed4fdc3 ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
7019440463df ksmbd: Fix one kernel-doc comment
c5aa74449a41 ksmbd: reduce descriptor size if remaining bytes is less than 
request size
e12b09241693 ksmbd: fix `force create mode' and `force directory mode'
6f0207218c4c ksmbd: fix wrong interim response on compound
f2283680a805 ksmbd: add support for read compound
d7ad0ac5a8f6 ksmbd: switch to use kmemdup_nul() helper
5c0df9d30c28 ksmbd: fix out of bounds in init_smb2_rsp_hdr()
017d85c94f02 ksmbd: validate session id and tree id in compound request
4a027b96515e ksmbd: check if a mount point is crossed during path lookup
cf63b94fec60 ksmbd: Fix unsigned expression compared with zero
5f36e22910c2 ksmbd: Replace one-element array with flexible-array member
d9902ad14f82 ksmbd: Use struct_size() helper in 
ksmbd_negotiate_smb_dialect()
97f5c1e3086c ksmbd: add missing compound request handing in some commands
676392184785 ksmbd: fix out of bounds read in smb2_sess_setup
d91ba80185e4 ksmbd: Replace the ternary conditional operator with min()
ada0959b ksmbd: use kvzalloc instead of kvmalloc
638043bef94a ksmbd: Change the return value of 
ksmbd_vfs_query_maximal_access to void
7585898ddf5a ksmbd: return a literal instead of 'err' in 
ksmbd_vfs_kern_path_locked()
4910a79a5f61 ksmbd: use kzalloc() instead of __GFP_ZERO
b657622862ba ksmbd: remove unused ksmbd_tree_conn_share function
ce95f7d2dcdf ksmbd: add mnt_want_write to ksmbd vfs functions
0d1a3f97efbe ksmbd: validate smb request protocol id
df3a4518aee6 ksmbd: check the validation of pdu_size in 
ksmbd_conn_handler_loop
ae33f07c87ab ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
55ceeb4e1c71 ksmbd: fix out-of-bound read in parse_lease_state()
4adb4fbd7481 ksmbd: fix out-of-bound read in deassemble_neg_contexts()
049ed0f953da ksmbd: call putname after using the last component
b423ddab6138 ksmbd: fix UAF issue from opinfo->conn
19b2b9af315e ksmbd: fix multiple out-of-bounds read during context decoding
61a306c1cc75 ksmbd: fix uninitialized pointer read in smb2_create_link()
ea799dd27584 ksmbd: fix uninitialized pointer read in 

[OE-core][kirkstone 10/22] linux-yocto/5.15: update to v5.15.142

[Steve Sakoman]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

8a1d809b0545 Linux 5.15.142
4d9bd1b108d7 iomap: update ki_pos a little later in iomap_dio_complete
6ed02493ef14 r8169: fix deadlock on RTL8125 in jumbo mtu mode
0249024aa48e r8169: disable ASPM in case of tx timeout
8912dbddb25f mmc: sdhci-sprd: Fix vqmmc not shutting down after the card 
was pulled
68156ce2527f mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
9807860f6ad4 iommu/vt-d: Make context clearing consistent with context 
mapping
7960f2cf4378 iommu/vt-d: Omit devTLB invalidation requests when TES=0
cfd842b71db2 cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
f0b6880658f5 cpufreq: imx6q: don't warn for disabling a non-existing 
frequency
bb08df40d451 smb3: fix caching of ctime on setxattr
15b4158c872d fs: add ctime accessors infrastructure
db78835b68c6 fbdev: stifb: Make the STI next font pointer a 32-bit signed 
offset
711ee151a303 ASoC: SOF: sof-pci-dev: Fix community key quirk detection
81952f82e32b ASoC: SOF: sof-pci-dev: don't use the community key on APL 
Chromebooks
fa0a570d84b7 ASoC: SOF: sof-pci-dev: add parameter to override topology 
filename
0d38d659a9d2 ASoC: SOF: sof-pci-dev: use community key on all Up boards
f3db01e4d012 ASoC: Intel: Move soc_intel_is_foo() helpers to a generic 
header
b4329a3a93d3 smb3: fix touch -h of symlink
b60187f610fb selftests/resctrl: Move _GNU_SOURCE define into Makefile
072c17d4003a selftests/resctrl: Add missing SPDX license to Makefile
1e9973aea221 perf intel-pt: Fix async branch flags
0a6b5321dcb0 net: ravb: Stop DMA in case of failures on ravb_open()
a4515a2f5b1e net: ravb: Start TX queues after HW initialization succeeded
2ba0a8330dae net: ravb: Use pm_runtime_resume_and_get()
5823191fb2ba net: ravb: Check return value of reset_control_deassert()
24681e92e517 ravb: Fix races between ravb_tx_timeout_work() and net related 
ops
9750941783a2 r8169: prevent potential deadlock in rtl8169_close
666250692881 Revert "workqueue: remove unused cancel_work()"
2587d8fe1484 octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 
64
54260f148377 net: stmmac: xgmac: Disable FPE MMC interrupts
9af4884b8ae6 octeontx2-af: Fix possible buffer overflow
f4499f0fc1e6 selftests/net: ipsec: fix constant out of range
8454f0e090d4 uapi: propagate __struct_group() attributes to the container 
union
0bf95654e999 dpaa2-eth: increase the needed headroom to account for 
alignment
c4a00c47a140 ipv4: igmp: fix refcnt uaf issue when receiving igmp query 
packet
64c27b7b2357 usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
e704db8ea64a USB: core: Change configuration warnings to notices
bec3ae293810 hv_netvsc: fix race of netvsc and VF register_netdevice
69732d2151b5 rcu: Avoid tracing a few functions executed in stop machine
02caa78cbc22 vlan: move dev_put into vlan_dev_uninit
842801181864 vlan: introduce vlan_dev_free_egress_priority
a8604a90e1db Input: xpad - add HyperX Clutch Gladiate Support
875eeda48161 btrfs: make error messages more clear when getting a chunk map
47693835edb1 btrfs: send: ensure send_fd is writable
36b98806d243 btrfs: fix off-by-one when checking chunk map includes logical 
address
0ffd9d356ea0 btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
a480eb262b17 btrfs: add dmesg output for first mount and last unmount of a 
filesystem
2e931b33060c parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
f0d052223488 powerpc: Don't clobber f0/vs0 during fp|altivec register save
d48f9008e892 iommu/vt-d: Add MTL to quirk list to skip TE disabling
0c7fa41e3e74 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
c986cb72eb41 dm verity: don't perform FEC for failed readahead IO
9a2590b400d4 dm-verity: align struct dm_verity_fec_io properly
61a982f9a575 ALSA: hda/realtek: Add supported ALC257 for ChromeOS
5fe4d96502e8 ALSA: hda/realtek: Headset Mic VREF to 100%
4ed5ad052286 ALSA: hda: Disable power-save on KONTRON SinglePC
a75793684734 mmc: block: Be sure to wait while busy in CQE error recovery
8dfdd6038e32 mmc: block: Do not lose cache flush during CQE error recovery
129984dc9b1b mmc: block: Retry commands in CQE error recovery
85afaefa9568 mmc: cqhci: Fix task clearing in CQE error recovery
ceec82319989 mmc: cqhci: Warn of halt or task clear failure
9edc063598c9 mmc: cqhci: Increase recovery halt timeout
443829382220 firewire: core: fix possible memory leak in create_units()
b20f71c8098b pinctrl: avoid reload of p state in list iteration

Signed-off-by: Bruce Ashfield 
Signed-off-by: Steve Sakoman 
---
 .../linux/linux-yocto-rt_5.15.bb  |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb|  6 ++---
 

[OE-core][kirkstone 08/22] cve-exclusion_5.10.inc: update for 5.10.209

[Steve Sakoman]

Signed-off-by: Steve Sakoman 
---
 .../linux/cve-exclusion_5.10.inc  | 199 +-
 1 file changed, 189 insertions(+), 10 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.10.inc 
b/meta/recipes-kernel/linux/cve-exclusion_5.10.inc
index 583d81d0f2..4d959c90b1 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.10.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.10.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-12-05 05:25:07.507188 for version 5.10.202
+# Generated at 2024-02-21 03:55:27.305577 for version 5.10.209
 
 python check_kernel_cve_status_version() {
-this_version = "5.10.202"
+this_version = "5.10.209"
 kernel_version = d.getVar("LINUX_VERSION")
 if kernel_version != this_version:
 bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -5293,6 +5293,12 @@ CVE_CHECK_IGNORE += "CVE-2021-3348"
 # cpe-stable-backport: Backported in 5.10.46
 CVE_CHECK_IGNORE += "CVE-2021-33624"
 
+# fixed-version: Fixed after version 5.4rc1
+CVE_CHECK_IGNORE += "CVE-2021-33630"
+
+# cpe-stable-backport: Backported in 5.10.177
+CVE_CHECK_IGNORE += "CVE-2021-33631"
+
 # cpe-stable-backport: Backported in 5.10.130
 CVE_CHECK_IGNORE += "CVE-2021-33655"
 
@@ -5822,7 +5828,8 @@ CVE_CHECK_IGNORE += "CVE-2022-1419"
 # cpe-stable-backport: Backported in 5.10.134
 CVE_CHECK_IGNORE += "CVE-2022-1462"
 
-# CVE-2022-1508 needs backporting (fixed from 5.15rc1)
+# fixed-version: only affects 5.11rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-1508"
 
 # cpe-stable-backport: Backported in 5.10.110
 CVE_CHECK_IGNORE += "CVE-2022-1516"
@@ -6370,7 +6377,8 @@ CVE_CHECK_IGNORE += "CVE-2022-3635"
 # fixed-version: only affects 5.19 onwards
 CVE_CHECK_IGNORE += "CVE-2022-3640"
 
-# CVE-2022-36402 has no known resolution
+# cpe-stable-backport: Backported in 5.10.193
+CVE_CHECK_IGNORE += "CVE-2022-36402"
 
 # CVE-2022-3642 has no known resolution
 
@@ -6600,6 +6608,9 @@ CVE_CHECK_IGNORE += "CVE-2022-48425"
 # fixed-version: only affects 5.15rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2022-48502"
 
+# cpe-stable-backport: Backported in 5.10.118
+CVE_CHECK_IGNORE += "CVE-2022-48619"
+
 # fixed-version: Fixed after version 5.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-0030"
 
@@ -6719,6 +6730,8 @@ CVE_CHECK_IGNORE += "CVE-2023-1382"
 # cpe-stable-backport: Backported in 5.10.10
 CVE_CHECK_IGNORE += "CVE-2023-1390"
 
+# CVE-2023-1476 has no known resolution
+
 # cpe-stable-backport: Backported in 5.10.169
 CVE_CHECK_IGNORE += "CVE-2023-1513"
 
@@ -6891,7 +6904,8 @@ CVE_CHECK_IGNORE += "CVE-2023-23559"
 
 # CVE-2023-23586 needs backporting (fixed from 5.12rc1)
 
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-2430"
 
 # cpe-stable-backport: Backported in 5.10.177
 CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -7221,7 +7235,8 @@ CVE_CHECK_IGNORE += "CVE-2023-39194"
 # cpe-stable-backport: Backported in 5.10.188
 CVE_CHECK_IGNORE += "CVE-2023-39197"
 
-# CVE-2023-39198 needs backporting (fixed from 6.5rc7)
+# cpe-stable-backport: Backported in 5.10.208
+CVE_CHECK_IGNORE += "CVE-2023-39198"
 
 # cpe-stable-backport: Backported in 5.10.188
 CVE_CHECK_IGNORE += "CVE-2023-4004"
@@ -7322,7 +7337,8 @@ CVE_CHECK_IGNORE += "CVE-2023-45871"
 # fixed-version: only affects 6.5rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-45898"
 
-# CVE-2023-4610 needs backporting (fixed from 6.4)
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4610"
 
 # fixed-version: only affects 6.4rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4611"
@@ -7332,9 +7348,15 @@ CVE_CHECK_IGNORE += "CVE-2023-4611"
 # cpe-stable-backport: Backported in 5.10.195
 CVE_CHECK_IGNORE += "CVE-2023-4623"
 
+# cpe-stable-backport: Backported in 5.10.199
+CVE_CHECK_IGNORE += "CVE-2023-46343"
+
 # cpe-stable-backport: Backported in 5.10.199
 CVE_CHECK_IGNORE += "CVE-2023-46813"
 
+# cpe-stable-backport: Backported in 5.10.209
+CVE_CHECK_IGNORE += "CVE-2023-46838"
+
 # cpe-stable-backport: Backported in 5.10.202
 CVE_CHECK_IGNORE += "CVE-2023-46862"
 
@@ -7349,18 +7371,41 @@ CVE_CHECK_IGNORE += "CVE-2023-4881"
 # cpe-stable-backport: Backported in 5.10.195
 CVE_CHECK_IGNORE += "CVE-2023-4921"
 
+# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
+
 # fixed-version: only affects 6.0rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5090"
 
+# cpe-stable-backport: Backported in 5.10.192
+CVE_CHECK_IGNORE += "CVE-2023-51042"
+
+# cpe-stable-backport: Backported in 5.10.188
+CVE_CHECK_IGNORE += "CVE-2023-51043"
+
 # fixed-version: only affects 5.13rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5158"
 
+# cpe-stable-backport: Backported in 5.10.206
+CVE_CHECK_IGNORE += "CVE-2023-51779"
+
 # cpe-stable-backport: Backported in 5.10.199
 CVE_CHECK_IGNORE += "CVE-2023-5178"
 
+# cpe-stable-backport: Backported in 5.10.205
+CVE_CHECK_IGNORE += "CVE-2023-51780"
+

[OE-core][kirkstone 05/22] linux-yocto/5.10: update to v5.10.205

[Steve Sakoman]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

ca4427ebc626 Linux 5.10.205
05c547e8427a powerpc/ftrace: Fix stack teardown in ftrace_no_trace
e30e62f0e178 powerpc/ftrace: Create a dummy stackframe to fix stack unwind
5a82cf64f8ad tty: n_gsm: add sanity check for gsm->receive in 
gsm_receive_buf()
a11ea2c08f51 tty: n_gsm, remove duplicates of parameters
b8faa754b523 tty: n_gsm: fix tty registration before control channel open
918ba07224e9 USB: gadget: core: adjust uevent timing on gadget unbind
20c2cb79a38c ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
9f5bf009f77d ring-buffer: Fix writing to the buffer with max_data_size
3e8055fc3b21 ring-buffer: Have saved event hold the entire event
d7a293981427 tracing: Update snapshot buffer on resize if it is allocated
a3580b2bfe90 ring-buffer: Fix memory leak of free page
5ffda6998be5 team: Fix use-after-free when an option instance allocation 
fails
33fb8ac30c3e arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
26eeec522aca ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
6e2628dfade5 soundwire: stream: fix NULL pointer dereference for multi_link
7ccfc078cd47 perf: Fix perf_event_validate_size() lockdep splat
5984306f6ce7 HID: hid-asus: add const to read-only outgoing usb buffer
e9709a88a8ee net: usb: qmi_wwan: claim interface 4 for ZTE MF290
09c8ee5f9bb3 asm-generic: qspinlock: fix queued_spin_value_unlocked() 
implementation
f6a1bf429978 HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
744027bb8ee0 HID: hid-asus: reset the backlight brightness level on resume
1ac7379d2e18 HID: add ALWAYS_POLL quirk for Apple kb
a64a9f38ae3e HID: glorious: fix Glorious Model I HID report
6026a862f351 platform/x86: intel_telemetry: Fix kernel doc descriptions
e01135763b9b bcache: avoid NULL checking to c->root in run_cache_set()
a724e325 bcache: add code comments for bch_btree_node_get() and 
__bch_btree_node_alloc()
3b48e1c0485a bcache: remove redundant assignment to variable cur_idx
ea2341d08255 bcache: avoid oversize memory allocation by small stripe_size
dbf0cdacdb4e blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read 
lock required!"
d69581c17608 usb: aqc111: check packet for fixup for true limit
1e3ea8d2bad8 drm/mediatek: Add spinlock for setting vblank event in 
atomic_begin
022b82336a62 PCI: loongson: Limit MRRS to 256
791bca1b0996 Revert "PCI: acpiphp: Reassign resources on bridge if 
necessary"
7e2afd088506 ALSA: hda/realtek: Apply mute LED quirk for HP15-db
063302851147 ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 
variants
851783a0c4ff fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()
2623cf1fe825 cred: switch to using atomic_long_t
03b50868ae53 net: atlantic: fix double free in ring reinit logic
a232eb81c7cb appletalk: Fix Use-After-Free in atalk_ioctl
9deccfbaed4b net: stmmac: Handle disabled MDIO busses from devicetree
5470533a7d7e net: stmmac: use dev_err_probe() for reporting mdio bus 
registration failure
52a4c0e82a24 vsock/virtio: Fix unsigned integer wrap around in 
virtio_transport_has_space()
4c0d7e826160 sign-file: Fix incorrect return values check
25bfae19b84a net: ena: Fix XDP redirection error
c83544b70cc8 net: ena: Destroy correct number of xdp queues upon failure
7ed59c4027a8 net: Remove acked SYN flag from packet in the transmit queue 
correctly
10760f4234f7 qed: Fix a potential use-after-free in qed_cxt_tables_alloc
7eda5960a533 net/rose: Fix Use-After-Free in rose_ioctl
64a032015c33 atm: Fix Use-After-Free in do_vcc_ioctl
c20f425e0692 net: fec: correct queue selection
d15e4b825dc0 net: vlan: introduce skb_vlan_eth_hdr()
bc0860a3c49c atm: solos-pci: Fix potential deadlock on _queue_lock
df5c24df63c4 atm: solos-pci: Fix potential deadlock on _queue_lock
6a7b673e6ec7 qca_spi: Fix reset behavior
347d10877bde qca_debug: Fix ethtool -G iface tx behavior
a07e5568d95f qca_debug: Prevent crash on TX ring changes
97275e470c2a net: ipv6: support reporting otherwise unknown prefix flags in 
RTM_NEWPREFIX
b30fbeb390d0 HID: lenovo: Restrict detection of patched firmware only to 
USB cptkbd
84eed654ff33 afs: Fix refcount underflow from error handling race
8ee7b2c46594 netfilter: nf_tables: fix 'exist' matching on bigendian arches
b50306f77190 Linux 5.10.204
fa49e956b725 r8169: fix rtl8125b PAUSE frames blasting when suspended
9e3ca02b1164 devcoredump: Send uevent once devcd is ready
9e0ca920123f devcoredump : Serialize devcd_del work
12467ad3f3d4 smb: client: fix potential NULL deref in parse_dfs_referrals()
0b1711b486de cifs: Fix non-availability of dedup breaking generic/304
8cb1209989fb Revert "btrfs: add dmesg output for first mount and last 
unmount of a 

[OE-core][kirkstone 07/22] linux-yocto/5.10: update to v5.10.209

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

16ad71c250c1 Linux 5.10.209
66e4f4a84791 arm64: dts: armada-3720-turris-mox: set irq type for RTC
2e23761beb90 i2c: s3c24xx: fix transferring more than one message in 
polling mode
da60686bab6b i2c: s3c24xx: fix read transfers in polling mode
8ba74e90162e selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes
3e1ca8065926 selftests: mlxsw: qos_pfc: Convert to iproute2 dcb
56750ea5d154 mlxsw: spectrum_acl_tcam: Fix stack corruption
a9b233b287aa mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward 
declarations
d3669ebc4c2a mlxsw: spectrum_acl_tcam: Make fini symmetric to init
a557dbda6407 mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()
936d06d699c3 mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
e8bfdf630142 mlxsw: spectrum_acl_erp: Fix error flow of pool allocation 
failure
f90b1cebc442 ethtool: netlink: Add missing ethnl_ops_begin/complete
b44e1aec8038 kdb: Fix a potential buffer overflow in kdb_local()
977c2cf5637a ipvs: avoid stat macros calls from preemptible context
00a86f81c80e netfilter: nf_tables: reject NFT_SET_CONCAT with not field 
length description
9a4d25267d50 netfilter: nf_tables: skip dead set elements in netlink dump
2d4c0798a1ef netfilter: nf_tables: do not allow mismatch field size and set 
key length
b099b495e1da net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
6c8a5bbca6e6 net: ravb: Fix dma_addr_t truncation in error case
ba77c8b4e106 net: phy: micrel: populate .soft_reset for KSZ9131
1658d7a7a207 net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet 
frames
2295c22348fa net: qualcomm: rmnet: fix global oob in rmnet_policy
b55808b96e63 s390/pci: fix max size calculation in zpci_memcpy_toio()
178b4373446d PCI: keystone: Fix race condition when initializing PHYs
0de2e62067d2 nvmet-tcp: Fix the H2C expected PDU len calculation
172276460ab5 serial: imx: Correct clock error message in function probe()
5ff00408e502 apparmor: avoid crash when parsed profile name is empty
866d32bff035 perf env: Avoid recursively taking env->bpf_progs.lock
39669fae69f3 nvmet-tcp: fix a crash in nvmet_req_complete()
f775f2621c2a nvmet-tcp: Fix a kernel panic when host sends an invalid H2C 
PDU length
1550b870ae9c usb: cdc-acm: return correct error code on unsupported break
d7c74b010aae tty: use 'if' in send_break() instead of 'goto'
3483ca0390c1 tty: don't check for signal_pending() in send_break()
2cf81d344032 tty: early return from send_break() on 
TTY_DRIVER_HARDWARE_BREAK
4e76dbd7c360 tty: change tty_write_lock()'s ndelay parameter to bool
abcc25a23731 perf genelf: Set ELF program header addresses properly
1e17feb4ada9 iio: adc: ad9467: fix scale setting
a3167e5ab5b8 iio: adc: ad9467: don't ignore error codes
00e916d9985f iio: adc: ad9467: fix reset gpio handling
8083d6840179 iio: adc: ad9467: Benefit from devm_clk_get_enabled() to 
simplify
6e04a9d30509 serial: imx: fix tx statemachine deadlock
6746f3e8939d software node: Let args be NULL in 
software_node_get_reference_args
381bea33a86e acpi: property: Let args be NULL in 
__acpi_node_get_property_reference
7166e8e9135e libapi: Add missing linux/types.h header to get the __u64 type 
on io.h
bc57f3ef8a9e serial: 8250: omap: Don't skip resource freeing if 
pm_runtime_resume_and_get() failed
89b97e6b19a8 power: supply: cw2015: correct time_to_empty units in sysfs
5e3995ec39c4 MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
c3ed63f6a1c2 MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
9995dee8b952 mips: Fix incorrect max_low_pfn adjustment
5cdda6239ce6 mips: dmi: Fix early remap on MIPS32
b1528687739b leds: aw2013: Select missing dependency REGMAP_I2C
927626a20738 mfd: syscon: Fix null pointer dereference in 
of_syscon_register()
c964a0597b50 HID: wacom: Correct behavior when processing some confidence 
== false touches
c7883c9f83e6 iio: adc: ad7091r: Pass iio_dev to event handler
ba7be6667408 KVM: arm64: vgic-its: Avoid potential UAF in LPI translation 
cache
9b5a278594b9 KVM: arm64: vgic-v4: Restore pending state on host userspace 
write
7521ea8f62b2 x86/kvm: Do not try to disable kvmclock if it was not enabled
322c5fe40f7f wifi: mwifiex: configure BSSID consistently when starting AP
ba8a4fba622a wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
3dc3122b0be3 wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable 
code
5e9142b6a200 iommu/arm-smmu-qcom: Add missing GMU entry to match table
394c6c0b6d9b Bluetooth: Fix atomicity violation in {min,max}_key_size_set
3b8d7a1b8519 rootfs: Fix support for rootfstype= when root= is given
8c0b563e9b4d io_uring/rw: ensure io->bytes_done is always 

[OE-core][kirkstone 06/22] linux-yocto/5.10: update to v5.10.206

[Steve Sakoman]

From: Bruce Ashfield 

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

cf13ba74e8eb Linux 5.10.206
2df1e1887c68 spi: atmel: Fix PDC transfer setup bug
2a0a658ed6ef Bluetooth: SMP: Fix crash when receiving new connection when 
debug is enabled
ecd50f820d86 Revert "MIPS: Loongson64: Enable DMA noncoherent support"
9175341bd80b dm-integrity: don't modify bio's immutable bio_vec in 
integrity_metadata()
73117ea03363 netfilter: nf_tables: skip set commit for deleted/destroyed 
sets
8bf79dec73fe tracing: Fix blocked reader of snapshot buffer
0afe42022865 ring-buffer: Fix wake ups when buffer_percent is set to 100
9db5239d7533 scsi: core: Always send batch on reset or error handling 
command
f2d30198c053 scsi: core: Use a structure member to track the SCSI command 
submitter
df83ca8e986d scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
d054858a9c9e scsi: core: Make scsi_get_lba() return the LBA
f230e6d4249b scsi: core: Introduce scsi_get_sector()
294d66c35a4e scsi: core: Add scsi_prot_ref_tag() helper
929f475ebaf0 spi: atmel: Fix CS and initialization bug
23d9267c548b spi: atmel: Switch to transfer_one transfer method
db1b14eec8c6 Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
0c54b79d1d9b smb: client: fix OOB in smbCalcSize()
203a412e52b5 smb: client: fix OOB in SMB2_query_info_init()
79e158ddc3c7 usb: fotg210-hcd: delete an incorrect bounds test
da448f145f8d Bluetooth: MGMT/SMP: Fix address type when using SMP over 
BREDR/LE
4bc912140b1c Bluetooth: use inclusive language in SMP
e219c3110a16 Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg
cdbc4a1115a5 ARM: dts: Fix occasional boot hang for am3 usb
1e2db0124c69 9p/net: fix possible memory leak in p9_check_errors()
c4a7f7eb x86/alternatives: Sync core before enabling interrupts
7d407ef18327 lib/vsprintf: Fix %pfwf when current node refcount == 0
565fadc3ea91 bus: ti-sysc: Flush posted write only after srst_udelay
e50cfb544742 tracing / synthetic: Disable events after testing in 
synth_event_gen_test_init()
cd6e41593ed7 dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp
786788bb1396 net: ks8851: Fix TX stall caused by TX buffer overrun
391c1019a005 net: rfkill: gpio: set GPIO direction
6d7b8e5a6d91 net: 9p: avoid freeing uninit memory in p9pdu_vreadf
45b63f09ba89 Input: soc_button_array - add mapping for airplane mode button
2aa744ad0e9e Bluetooth: L2CAP: Send reject on command corrupted request
25a6fdd26d13 Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has 
been sent
71e1c7654010 USB: serial: option: add Quectel RM500Q R13 firmware support
d521896bcc0b USB: serial: option: add Foxconn T99W265 with new baseline
d0cf8a4bee42 USB: serial: option: add Quectel EG912Y module support
f41f44cea9eb USB: serial: ftdi_sio: update Actisense PIDs constant names
20d84a19466f wifi: cfg80211: fix certs build to not depend on file order
7a0a5cbfea34 wifi: cfg80211: Add my certificate
9dcf50da596d iio: adc: ti_am335x_adc: Fix return value check of 
tiadc_request_dma()
abbebddb19ac iio: common: ms_sensors: ms_sensors_i2c: fix humidity 
conversion time table
c40db29812f9 scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
e3749f85fddc Input: ipaq-micro-keys - add error handling for devm_kmemdup
b5f67cea27fa iio: imu: inv_mpu6050: fix an error code problem in 
inv_mpu6050_read_raw
505df1c0abe6 interconnect: Treat xlate() returning NULL node as an error
cc5eec86a4ff btrfs: do not allow non subvolume root targets for snapshot
bd267af18f7b smb: client: fix NULL deref in asn1_ber_decoder()
41350e813acf ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
a4692c38cd57 ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10
e032ddb0e387 pinctrl: at91-pio4: use dedicated lock class for IRQ
0b85149a9dc1 i2c: aspeed: Handle the coalesced stop conditions with the 
start conditions.
3dce7a52b2fa afs: Fix overwriting of result of DNS query
97be1e865e70 keys, dns: Allow key types (eg. DNS) to be reclaimed 
immediately on expiry
9e0d18f946b2 net: check dev->gso_max_size in gso_features_check()
59dc16ce095d net: warn if gso_type isn't set for a GSO SKB
63ad66d4844b afs: Fix dynamic root lookup DNS check
65d2c287fc00 afs: Fix the dynamic root's d_delete to always delete unused 
dentries
a3218319ee86 net: check vlan filter feature in vlan_vids_add_by_dev() and 
vlan_vids_del_by_dev()
12e5a4719c99 net/rose: fix races in rose_kill_by_device()
be0988c9b075 ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
8b6f8bfe3a3a net: sched: ife: fix potential use-after-free
f245312e9f4f net/mlx5e: Correct snprintf truncation handling for fw_version 
buffer used by representors
e8ba688a64f9 net/mlx5: Fix fw tracer first block check
 

[OE-core][kirkstone 04/22] linux-yocto/5.10: update to v5.10.203

[Steve Sakoman]

From: Bruce Ashfield 

Updating  to the latest korg -stable release that comprises
the following commits:

d330ef1d295d Linux 5.10.203
9c957e2b5254 driver core: Release all resources during unbind before 
updating device links
2325d3b6b10f r8169: fix deadlock on RTL8125 in jumbo mtu mode
b29e6055db1e r8169: disable ASPM in case of tx timeout
8b76708eb9f1 mmc: sdhci-sprd: Fix vqmmc not shutting down after the card 
was pulled
b532bc9b73e6 mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
376fabe3677a mmc: block: Retry commands in CQE error recovery
bf62a283a779 mmc: core: convert comma to semicolon
bb785011843e mmc: cqhci: Fix task clearing in CQE error recovery
cb9ca7cc273b mmc: cqhci: Warn of halt or task clear failure
e94ededefc42 mmc: cqhci: Increase recovery halt timeout
2011f06e32ab cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
6b35f36ff8f0 cpufreq: imx6q: don't warn for disabling a non-existing 
frequency
910566a789a2 scsi: qla2xxx: Fix system crash due to bad pointer access
46a4bf13502f scsi: qla2xxx: Use scsi_cmd_to_rq() instead of 
scsi_cmnd.request
b19fe82b4b92 scsi: core: Introduce the scsi_cmd_to_rq() function
c2b6f7e48e38 smb3: fix caching of ctime on setxattr
f9aa2857c6e6 fs: add ctime accessors infrastructure
8d4237a149e3 drm/amdgpu: don't use ATRM for external devices
2df04d76c97d driver core: Move the "removable" attribute from USB to core
01fbfcd8105c ima: annotate iint mutex to avoid lockdep false positive 
warnings
8a3322a35f74 fbdev: stifb: Make the STI next font pointer a 32-bit signed 
offset
15bc430fc176 misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP 
device support
a6128ad78771 misc: pci_endpoint_test: Add deviceID for AM64 and J7200
c922282d11b3 s390/cmma: fix detection of DAT pages
03e07092c6ce s390/mm: fix phys vs virt confusion in mark_kernel_pXd() 
functions family
cb420e35571c ASoC: SOF: sof-pci-dev: Fix community key quirk detection
b37e1fbe6d30 ASoC: SOF: sof-pci-dev: don't use the community key on APL 
Chromebooks
3a79fcb743f7 ASoC: SOF: sof-pci-dev: add parameter to override topology 
filename
4aeb3320d70e ASoC: SOF: sof-pci-dev: use community key on all Up boards
6368a32d26a3 ASoC: Intel: Move soc_intel_is_foo() helpers to a generic 
header
8e52b19d92e1 smb3: fix touch -h of symlink
889c84e2b200 net: ravb: Start TX queues after HW initialization succeeded
5d428cda38e8 net: ravb: Use pm_runtime_resume_and_get()
f78d0f301395 ravb: Fix races between ravb_tx_timeout_work() and net related 
ops
a36e00e957a2 r8169: prevent potential deadlock in rtl8169_close
8a909c119827 Revert "workqueue: remove unused cancel_work()"
72ce3379cd5e octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 
64
ef7af2105a25 net: stmmac: xgmac: Disable FPE MMC interrupts
f18bcace1294 selftests/net: mptcp: fix uninitialized variable warnings
cb1644f9f005 selftests/net: ipsec: fix constant out of range
fe7fd9c209e8 dpaa2-eth: increase the needed headroom to account for 
alignment
772fe1da9a8d ipv4: igmp: fix refcnt uaf issue when receiving igmp query 
packet
9ef94ec8e52e usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
713530d3c8f1 USB: core: Change configuration warnings to notices
ae6e41066e6e hv_netvsc: fix race of netvsc and VF register_netdevice
4937fb36bbb8 Input: xpad - add HyperX Clutch Gladiate Support
5c4d5c8556ee btrfs: make error messages more clear when getting a chunk map
74ff16c84433 btrfs: send: ensure send_fd is writable
12a0ec5ed7cf btrfs: fix off-by-one when checking chunk map includes logical 
address
baaab02a8c0b btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
2d6c2238acf8 btrfs: add dmesg output for first mount and last unmount of a 
filesystem
bab9cec493b6 parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
b53dc7c766ae powerpc: Don't clobber f0/vs0 during fp|altivec register save
b5cbbc2b2da9 iommu/vt-d: Add MTL to quirk list to skip TE disabling
f62ceb880a71 bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
18ac427906af dm verity: don't perform FEC for failed readahead IO
c3c9f9273822 dm-verity: align struct dm_verity_fec_io properly
5de40a7ffaa0 ALSA: hda/realtek: Add supported ALC257 for ChromeOS
cf80c538061e ALSA: hda/realtek: Headset Mic VREF to 100%
f338f738d7bd ALSA: hda: Disable power-save on KONTRON SinglePC
b02b66194d54 mmc: block: Do not lose cache flush during CQE error recovery
71c9fb31e18b firewire: core: fix possible memory leak in create_units()
d6bac7048f28 pinctrl: avoid reload of p state in list iteration
8fb79be6e980 io_uring: fix off-by one bvec index
f5f85ea5bb6a USB: dwc3: qcom: fix wakeup after probe deferral
5ac96667ea32 usb: dwc3: set the dma max_seg_size
2620c5977f49 usb: dwc3: Fix default mode initialization

[OE-core][kirkstone 03/22] vim: upgrade v9.0.2130 -> v9.0.2190

[Steve Sakoman]

From: Tim Orling 

This is the latest/last of the 9.0.z upgrades, since 9.1 is now
released.

CVE: CVE-2024-22667
(includes the patch for .2142 
https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47)

Changes:
https://github.com/vim/vim/compare/v9.0.2130...v9.0.2190

Signed-off-by: Tim Orling 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 6b440d8947..906aa53a16 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
 
-PV .= ".2130"
-SRCREV = "075ad7047457debfeef13442c01e74088b461092"
+PV .= ".2190"
+SRCREV = "6a950da86d7a6eb09d5ebeab17657986420d07ac"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196155): 
https://lists.openembedded.org/g/openembedded-core/message/196155
Mute This Topic: https://lists.openembedded.org/mt/104571827/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 01/22] go: add a complementary fix for CVE-2023-29406

[Steve Sakoman]

From: Ming Liu 

The original CVE-2023-29406.patch is not complete, causing docker
failures at runtime, backport a complementary fix from golang upstream.

Signed-off-by: Ming Liu 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/go/go-1.17.13.inc   |   3 +-
 ...023-29406.patch => CVE-2023-29406-1.patch} |   0
 .../go/go-1.18/CVE-2023-29406-2.patch | 114 ++
 3 files changed, 116 insertions(+), 1 deletion(-)
 rename meta/recipes-devtools/go/go-1.18/{CVE-2023-29406.patch => 
CVE-2023-29406-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406-2.patch

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc 
b/meta/recipes-devtools/go/go-1.17.13.inc
index 6fc07bb910..c02da60f68 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -38,7 +38,8 @@ SRC_URI += "\
 file://CVE-2023-29405.patch \
 file://CVE-2023-29402.patch \
 file://CVE-2023-29400.patch \
-file://CVE-2023-29406.patch \
+file://CVE-2023-29406-1.patch \
+file://CVE-2023-29406-2.patch \
 file://CVE-2023-24536_1.patch \
 file://CVE-2023-24536_2.patch \
 file://CVE-2023-24536_3.patch \
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch 
b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406-1.patch
similarity index 100%
rename from meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
rename to meta/recipes-devtools/go/go-1.18/CVE-2023-29406-1.patch
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-29406-2.patch 
b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406-2.patch
new file mode 100644
index 00..637f46a537
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406-2.patch
@@ -0,0 +1,114 @@
+From c08a5fa413a34111c9a37fd9e545de27ab0978b1 Mon Sep 17 00:00:00 2001
+From: Damien Neil 
+Date: Wed, 19 Jul 2023 10:30:46 -0700
+Subject: [PATCH] [release-branch.go1.19] net/http: permit requests with
+ invalid Host headers
+
+Historically, the Transport has silently truncated invalid
+Host headers at the first '/' or ' ' character. CL 506996 changed
+this behavior to reject invalid Host headers entirely.
+Unfortunately, Docker appears to rely on the previous behavior.
+
+When sending a HTTP/1 request with an invalid Host, send an empty
+Host header. This is safer than truncation: If you care about the
+Host, then you should get the one you set; if you don't care,
+then an empty Host should be fine.
+
+Continue to fully validate Host headers sent to a proxy,
+since proxies generally can't productively forward requests
+without a Host.
+
+For #60374
+Fixes #61431
+Fixes #61825
+
+Change-Id: If170c7dd860aa20eb58fe32990fc93af832742b6
+Reviewed-on: https://go-review.googlesource.com/c/go/+/511155
+TryBot-Result: Gopher Robot 
+Reviewed-by: Roland Shoemaker 
+Run-TryBot: Damien Neil 
+(cherry picked from commit b9153f6ef338baee5fe02a867c8fbc83a8b29dd1)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/518855
+Auto-Submit: Dmitri Shuralyov 
+Run-TryBot: Roland Shoemaker 
+Reviewed-by: Russ Cox 
+
+Upstream-Status: Backport 
[https://github.com/golang/go/commit/c08a5fa413a34111c9a37fd9e545de27ab0978b1]
+CVE: CVE-2023-29406
+Signed-off-by: Ming Liu 
+---
+ src/net/http/request.go  | 23 ++-
+ src/net/http/request_test.go | 17 -
+ 2 files changed, 34 insertions(+), 6 deletions(-)
+
+diff --git a/src/net/http/request.go b/src/net/http/request.go
+index 3100037386..91cb8a66b9 100644
+--- a/src/net/http/request.go
 b/src/net/http/request.go
+@@ -582,8 +582,29 @@ func (r *Request) write(w io.Writer, usingProxy bool, 
extraHeaders Header, waitF
+   if err != nil {
+   return err
+   }
++  // Validate that the Host header is a valid header in general,
++  // but don't validate the host itself. This is sufficient to avoid
++  // header or request smuggling via the Host field.
++  // The server can (and will, if it's a net/http server) reject
++  // the request if it doesn't consider the host valid.
+   if !httpguts.ValidHostHeader(host) {
+-  return errors.New("http: invalid Host header")
++  // Historically, we would truncate the Host header after '/' or 
' '.
++  // Some users have relied on this truncation to convert a 
network
++  // address such as Unix domain socket path into a valid, ignored
++  // Host header (see https://go.dev/issue/61431).
++  //
++  // We don't preserve the truncation, because sending an altered
++  // header field opens a smuggling vector. Instead, zero out the
++  // Host header entirely if it isn't valid. (An empty Host is 
valid;
++  // see RFC 9112 Section 3.2.)
++  //
++  // Return an error if we're sending to a proxy, since the proxy
++  // probably can't do anything useful with an empty Host header.
++  

[OE-core][kirkstone 00/22] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, February 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6610

The following changes since commit 59cc2e75c15f8c6371a4c4a3b7bd2e6c3f145fbc:

  Revert "kernel: fix localversion in v6.3+" (2024-02-15 15:45:23 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  runqemu: direct mesa to use its own drivers, rather than ones provided
by host distro

Bruce Ashfield (13):
  linux-yocto/5.10: update to v5.10.203
  linux-yocto/5.10: update to v5.10.205
  linux-yocto/5.10: update to v5.10.206
  linux-yocto/5.10: update to v5.10.209
  linux-yocto/5.15: update to v5.15.141
  linux-yocto/5.15: update to v5.15.142
  linux-yocto/5.15: update to v5.15.145
  linux-yocto/5.15: update to v5.15.146
  linux-yocto/5.15: update CVE exclusions
  linux-yocto/5.15: update to v5.15.147
  linux-yocto/5.15: update CVE exclusions
  linux-yocto/5.15: update to v5.15.148
  linux-yocto/5.15: update CVE exclusions

Fabien Mahot (1):
  ldconfig-native: Fix to point correctly on the DT_NEEDED entries in an
ELF file

Hugo SIMELIERE (1):
  libuv: fix CVE-2024-24806

Ming Liu (1):
  go: add a complementary fix for CVE-2023-29406

Ross Burton (2):
  curl: don't enable debug builds
  oeqa/selftest/runtime_test: only run the virgl tests on qemux86-64

Steve Sakoman (1):
  cve-exclusion_5.10.inc: update for 5.10.209

Tim Orling (1):
  vim: upgrade v9.0.2130 -> v9.0.2190

Zahir Hussain (1):
  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

 meta/lib/oeqa/selftest/cases/runtime_test.py  |   5 +-
 .../libuv/libuv/CVE-2024-24806-1.patch|  56 +++
 .../libuv/libuv/CVE-2024-24806-2.patch|  44 +++
 .../libuv/libuv/CVE-2024-24806-3.patch|  31 ++
 .../libuv/libuv_1.44.2.bb |   6 +-
 ...-.dynstr-located-in-separate-segment.patch | 178 +
 .../glibc/ldconfig-native_2.12.1.bb   |   1 +
 .../cmake/cmake/OEToolchainConfig.cmake   |   3 +
 meta/recipes-devtools/go/go-1.17.13.inc   |   3 +-
 ...023-29406.patch => CVE-2023-29406-1.patch} |   0
 .../go/go-1.18/CVE-2023-29406-2.patch | 114 ++
 .../linux/cve-exclusion_5.10.inc  | 199 +-
 .../linux/cve-exclusion_5.15.inc  | 372 --
 .../linux/linux-yocto-rt_5.10.bb  |   6 +-
 .../linux/linux-yocto-rt_5.15.bb  |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb|   8 +-
 .../linux/linux-yocto-tiny_5.15.bb|   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 meta/recipes-support/curl/curl_7.82.0.bb  |   4 +-
 meta/recipes-support/vim/vim.inc  |   4 +-
 scripts/runqemu   |  34 +-
 22 files changed, 1013 insertions(+), 117 deletions(-)
 create mode 100644 meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-1.patch
 create mode 100644 meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-2.patch
 create mode 100644 meta/recipes-connectivity/libuv/libuv/CVE-2024-24806-3.patch
 create mode 100644 
meta/recipes-core/glibc/ldconfig-native-2.12.1/ldconfig-handle-.dynstr-located-in-separate-segment.patch
 rename meta/recipes-devtools/go/go-1.18/{CVE-2023-29406.patch => 
CVE-2023-29406-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406-2.patch

-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196152): 
https://lists.openembedded.org/g/openembedded-core/message/196152
Mute This Topic: https://lists.openembedded.org/mt/104571823/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2 2/5] devtool: code: Add source mapping for debug source files

[Adrian Freihofer]

On Thu, 2024-02-22 at 16:51 +0100, Enguerrand de Ribaucourt wrote:
> 
> 
> On 22/02/2024 14:00, adrian.freiho...@gmail.com wrote:
> > On Wed, 2024-02-21 at 15:56 +0100, Enguerrand de Ribaucourt wrote:
> > > 
> > > 
> > > On 21/02/2024 15:12, Enguerrand de Ribaucourt wrote:
> > > > 
> > > > 
> > > > On 20/02/2024 10:01, adrian.freiho...@gmail.com wrote:
> > > > > On Mon, 2024-02-19 at 17:55 +0100, Enguerrand de Ribaucourt
> > > > > wrote:
> > > > > > When launching the debug configuration, the source files
> > > > > > from
> > > > > > the
> > > > > > debug
> > > > > > rootfs were openened in the editor instead of the local
> > > > > > workspace
> > > > > > files.
> > > > > > We add an exception to properly map them to the file being
> > > > > > developed
> > > > > > and
> > > > > > compiled by the IDE integration. This also more closely
> > > > > > matches
> > > > > > what
> > > > > > the
> > > > > > user would expect compared to native development.
> > > > > > 
> > > > > > This is also true for the devtool fallback mode.
> > > > > 
> > > > > This looks still wrong to me. If files from the rootfs are
> > > > > openend for
> > > > > a recipe which is in the workspace, the SDK is broken and we
> > > > > need
> > > > > to
> > > > > understand and fix that. This patch does not solve that, but
> > > > > will
> > > > > make
> > > > > it much harder to find the right solution for this issue.
> > > > Hi Adrian,
> > > > 
> > > > This is affecting essentially the devtool fallback mode. Since
> > > > it's
> > > > compiled through devtool, it's using the bitbake packaging
> > > > information.
> > > > 
> > > > Steps to reproduce:
> > > >    - devtool modify powertop (autotools recipe, currently
> > > > fallback)
> > > >    - devtool ide-sdk powertop [args...]
> > > >    - open the powertop sources workspace
> > > >    - run the debug launch configuration
> > > >    - initial breakpoint opens the rootfs-dbg main.cpp instead
> > > > of the
> > > > current workspace
> > > > 
> > > > This probably will get fixed for autotools with your specific
> > > > class
> > > > support, but will remain for the fallback mode.
> > > > 
> > > > Do we want to keep this source map, but only for the fallback
> > > > mode?
> > > > Like
> > > > you say, it's kinda "cheating" the debug information, but since
> > > > we
> > > > are
> > > > in fallback mode, the devtool packaging is supposed to be using
> > > > the
> > > > sources from the workspace, so it's more like "hinting" at the
> > > > proper
> > > > source.
> > > It also affects more meson projects like lighttpd. The "hint"
> > > would
> > > still be valid given how it's built and deployed now. If you are
> > > still
> > > working on an alternative tinfoil deploy method, maybe it's not
> > > affected.
> > 
> > It looks like the devtool deploy-target step is missing. If you
> > debug
> > packaged files this would behave like this. It's important to over
> > write the packaged files with the not packaged file from the image
> > folder. This is what the devtool deploy-target command does. It's
> > expected that this just happens, probably there is a bug in the
> > dependencies. Could you please try to run it explicit? Something
> > like
> > this:
> > 
> > - devtool modify powertop (autotools recipe, currently fallback)
> > - devtool ide-sdk powertop [args...]
> > 
> > - devtool build powertop
> > - devtool deploy-target powertop
> > 
> > - open the powertop sources workspace
> > - run the debug launch configuration
> > 
> > I guess this would work as expected. The question is then: Why is
> > the
> > deploy not executed?
> The deploy-target is actually executed automatically through the
> launch 
> configuration. I also get the same result if I deploy manually. I 
> believe that the problem is rather how "devtool build" compiles and 
> packages the binary.

You are right. We need this additional source mapping. I found some
time to look into the details. I propose to go with these 4 patches
(including your patch as well):
https://lists.openembedded.org/g/openembedded-core/message/196146

Adrian

> > 
> > Adrian
> > 
> > 
> > > > > 
> > > > > Adrian
> > > > > 
> > > > > > 
> > > > > > Signed-off-by: Enguerrand de Ribaucourt
> > > > > > 
> > > > > > ---
> > > > > >    scripts/lib/devtool/ide_plugins/ide_code.py | 1 +
> > > > > >    scripts/lib/devtool/ide_sdk.py  | 1 +
> > > > > >    2 files changed, 2 insertions(+)
> > > > > > 
> > > > > > diff --git a/scripts/lib/devtool/ide_plugins/ide_code.py
> > > > > > b/scripts/lib/devtool/ide_plugins/ide_code.py
> > > > > > index b2193130d2e..c063b7d0590 100644
> > > > > > --- a/scripts/lib/devtool/ide_plugins/ide_code.py
> > > > > > +++ b/scripts/lib/devtool/ide_plugins/ide_code.py
> > > > > > @@ -234,6 +234,7 @@ class IdeVSCode(IdeBase):
> > > > > >    if gdb_cross_config.image_recipe.rootfs_dbg:
> > > > > >    launch_config['additionalSOLibSearchPath'] =
> > > > > > modified_recipe.solib_search_path_str(
> > > > > >  

[OE-core] [PATCH 4/4] oe-selftest devtool: ide-sdk tests

[Adrian Freihofer]

Improve the GDB related tests. Verify GDB finds the correct source
files.

Signed-off-by: Adrian Freihofer 
---
 meta/lib/oeqa/selftest/cases/devtool.py | 42 +++--
 1 file changed, 33 insertions(+), 9 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py 
b/meta/lib/oeqa/selftest/cases/devtool.py
index d37848bdefc..ecff3a9ebdf 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -2544,6 +2544,10 @@ class DevtoolIdeSdkTests(DevtoolBase):
 self.assertEqual(status, 0, msg="%s failed: %s" % (ptest_cmd, output))
 self.assertIn("PASS: cpp-example-lib", output)
 
+# Verify remote debugging works
+self._gdb_cross_debugging(
+qemu, recipe_name, example_exe, MAGIC_STRING_ORIG)
+
 # Replace the Magic String in the code, compile and deploy to Qemu
 cpp_example_lib_hpp = os.path.join(tempdir, 'cpp-example-lib.hpp')
 with open(cpp_example_lib_hpp, 'r') as file:
@@ -2565,6 +2569,10 @@ class DevtoolIdeSdkTests(DevtoolBase):
 self.assertEqual(status, 0, msg="%s failed: %s" % (ptest_cmd, output))
 self.assertIn("PASS: cpp-example-lib", output)
 
+# Verify remote debugging works wit the modified magic string
+self._gdb_cross_debugging(
+qemu, recipe_name, example_exe, MAGIC_STRING_NEW)
+
 def _gdb_cross(self):
 """Verify gdb-cross is provided by devtool ide-sdk"""
 target_arch = self.td["TARGET_ARCH"]
@@ -2578,13 +2586,22 @@ class DevtoolIdeSdkTests(DevtoolBase):
 self.assertEqual(r.status, 0)
 self.assertIn("GNU gdb", r.output)
 
-def _gdb_cross_debugging(self, qemu, recipe_name, example_exe):
+def _gdb_cross_debugging(self, qemu, recipe_name, example_exe, 
magic_string):
 """Verify gdb-cross is working
 
 Test remote debugging:
 break main
 run
 continue
+break CppExample::print_json()
+continue
+print CppExample::test_string.compare("cpp-example-lib Magic: 
123456789")
+$1 = 0
+print CppExample::test_string.compare("cpp-example-lib Magic: 
123456789aaa")
+$2 = -3
+list cpp-example-lib.hpp:13,13
+13 inline static const std::string test_string = 
"cpp-example-lib Magic: 123456789";
+continue
 """
 sshargs = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
 gdbserver_script = os.path.join(self._workspace_scripts_dir(
@@ -2609,10 +2626,21 @@ class DevtoolIdeSdkTests(DevtoolBase):
 self.assertIn("gdbserver", r.output)
 
 # Test remote debugging works
-r = runCmd(
-gdb_script + " --batch -ex 'break main' --ex 'run' -ex 'continue'")
+gdb_batch_cmd = " --batch -ex 'break main' -ex 'run'"
+gdb_batch_cmd += " -ex 'break CppExample::print_json()' -ex 'continue'"
+gdb_batch_cmd += " -ex 'print 
CppExample::test_string.compare(\"cpp-example-lib %s\")'" % magic_string
+gdb_batch_cmd += " -ex 'print 
CppExample::test_string.compare(\"cpp-example-lib %saaa\")'" % magic_string
+gdb_batch_cmd += " -ex 'list cpp-example-lib.hpp:13,13'"
+gdb_batch_cmd += " -ex 'continue'"
+r = runCmd(gdb_script + gdb_batch_cmd)
+self.logger.debug("%s %s returned: %s", gdb_script,
+  gdb_batch_cmd, r.output)
 self.assertEqual(r.status, 0)
 self.assertIn("Breakpoint 1, main", r.output)
+self.assertIn("$1 = 0", r.output)  # test.string.compare equal
+self.assertIn("$2 = -3", r.output)  # test.string.compare longer
+self.assertIn(
+'inline static const std::string test_string = "cpp-example-lib 
%s";' % magic_string, r.output)
 self.assertIn("exited normally", r.output)
 
 # Stop the gdbserver
@@ -2689,14 +2717,12 @@ class DevtoolIdeSdkTests(DevtoolBase):
 bitbake_sdk_cmd = 'devtool ide-sdk %s %s -t root@%s -c --ide=none' 
% (
 recipe_name, testimage, qemu.ip)
 runCmd(bitbake_sdk_cmd)
+self._gdb_cross()
 self._verify_cmake_preset(tempdir)
 self._devtool_ide_sdk_qemu(tempdir, qemu, recipe_name, example_exe)
 # Verify the oe-scripts sym-link is valid
 self.assertEqual(self._workspace_scripts_dir(
 recipe_name), self._sources_scripts_dir(tempdir))
-# Verify GDB is working after devtool ide-sdk
-self._gdb_cross()
-self._gdb_cross_debugging(qemu, recipe_name, example_exe)
 
 # meson-example recipe
 recipe_name = "meson-example"
@@ -2707,13 +2733,11 @@ class DevtoolIdeSdkTests(DevtoolBase):
 bitbake_sdk_cmd = 'devtool ide-sdk %s %s -t root@%s -c --ide=none' 
% (
 recipe_name, testimage, qemu.ip)
 runCmd(bitbake_sdk_cmd)
+self._gdb_cross()
 

[OE-core] [PATCH 2/4] devtool: ide-sdk source mapping for vscode

[Adrian Freihofer]

From: Enguerrand de Ribaucourt 

When launching the debug configuration, the source files from the debug
rootfs were openened in the editor instead of the local workspace files.
We add an exception to properly map them to the file being developed and
compiled by the IDE integration. This also more closely matches what the
user would expect compared to native development.

This is also true for the devtool fallback mode.

Signed-off-by: Enguerrand de Ribaucourt 

---
 scripts/lib/devtool/ide_plugins/ide_code.py | 1 +
 scripts/lib/devtool/ide_sdk.py  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/scripts/lib/devtool/ide_plugins/ide_code.py 
b/scripts/lib/devtool/ide_plugins/ide_code.py
index d58d0bdc539..09f0bb2a07e 100644
--- a/scripts/lib/devtool/ide_plugins/ide_code.py
+++ b/scripts/lib/devtool/ide_plugins/ide_code.py
@@ -242,6 +242,7 @@ class IdeVSCode(IdeBase):
 if gdb_cross_config.image_recipe.rootfs_dbg:
 launch_config['additionalSOLibSearchPath'] = 
modified_recipe.solib_search_path_str(
 gdb_cross_config.image_recipe)
+src_file_map[os.path.join("/usr/src/debug", modified_recipe.pn, 
modified_recipe.pv)] = "${workspaceFolder}"
 src_file_map["/usr/src/debug"] = os.path.join(
 gdb_cross_config.image_recipe.rootfs_dbg, "usr", "src", 
"debug")
 else:
diff --git a/scripts/lib/devtool/ide_sdk.py b/scripts/lib/devtool/ide_sdk.py
index 3bfeb5a3fce..289bbbf47c2 100755
--- a/scripts/lib/devtool/ide_sdk.py
+++ b/scripts/lib/devtool/ide_sdk.py
@@ -357,6 +357,7 @@ class RecipeModified:
 'PACKAGE_DEBUG_SPLIT_STYLE')
 self.path = recipe_d.getVar('PATH')
 self.pn = recipe_d.getVar('PN')
+self.pv = recipe_d.getVar('PV')
 self.recipe_sysroot = os.path.realpath(
 recipe_d.getVar('RECIPE_SYSROOT'))
 self.recipe_sysroot_native = os.path.realpath(
-- 
2.43.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196148): 
https://lists.openembedded.org/g/openembedded-core/message/196148
Mute This Topic: https://lists.openembedded.org/mt/104570747/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/4] devtool: ide-sdk prefer sources from workspace

[Adrian Freihofer]

Improve the previous commit:
- log an error if some assumptions are not true
- Use TARGET_DBGSRC_DIR variable
- Do the same for ide none

Why the additional source mapping is required:

For example the cmake-example recipe refers to sources like this:
./recipe-sysroot-native/usr/bin/x86_64-poky-linux/x86_64-poky-linux-readelf \
  -wi image/usr/bin/cmake-example | grep -B1 DW_AT_comp_dir
...
<560>   DW_AT_name: (indirect line string, offset: 0x1da):
/usr/src/debug/cmake-example/1.0/oe-local-files/cpp-example.cpp
...

Another example is powertop:
./recipe-sysroot-native/usr/bin/x86_64-poky-linux/x86_64-poky-linux-readelf \
  -wi image/usr/sbin/powertop | grep -B1 DW_AT_comp_dir
...
<561>   DW_AT_name: (indirect line string, offset: 0x1da):
/usr/src/debug/powertop/2.15/src/devlist.cpp
...

For recipes with local files this works. The oe-local-files folder is
not available in the rootfs-dbg and therefore the sources are first
found in the workspace folder. GDB searches for source files in various
places:
https://sourceware.org/gdb/current/onlinedocs/gdb.html/Source-Path.html
However, for the powertop example the sources opened in the editor are
from the rootfs-dbg instead of from the workspace.

Bitbake calls the compiler with
  -fmacro-prefix-map=${S}=${TARGET_DBGSRC_DIR}
where TARGET_DBGSRC_DIR defaults to "/usr/src/debug/${PN}/${PV}".

A source map which maps the recipe specific path from TARGET_DBGSRC_DIR
to the workspace fixes this.
The already existing source map for /usr/src/debug applies for all other
recipes. It finds the sources (read only) in the rootfs-dbg folder.

Signed-off-by: Adrian Freihofer 
---
 scripts/lib/devtool/ide_plugins/__init__.py | 19 +--
 scripts/lib/devtool/ide_plugins/ide_code.py | 16 +---
 scripts/lib/devtool/ide_sdk.py  |  3 ++-
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/scripts/lib/devtool/ide_plugins/__init__.py 
b/scripts/lib/devtool/ide_plugins/__init__.py
index 02707bfc37b..19c2f61c5fd 100644
--- a/scripts/lib/devtool/ide_plugins/__init__.py
+++ b/scripts/lib/devtool/ide_plugins/__init__.py
@@ -134,8 +134,23 @@ class GdbCrossConfig:
 if self.image_recipe.rootfs_dbg:
 gdbinit_lines.append(
 'set solib-search-path "' + 
self.modified_recipe.solib_search_path_str(self.image_recipe) + '"')
-gdbinit_lines.append('set substitute-path "/usr/src/debug" "' + 
os.path.join(
-self.image_recipe.rootfs_dbg, 'usr', 'src', 'debug') + '"')
+# First: Search for sources of this recipe in the workspace folder
+if self.modified_recipe.pn in 
self.modified_recipe.target_dbgsrc_dir:
+gdbinit_lines.append('set substitute-path "%s" "%s"' %
+ (self.modified_recipe.target_dbgsrc_dir, 
self.modified_recipe.real_srctree))
+else:
+logger.error(
+"TARGET_DBGSRC_DIR must contain the recipe name PN.")
+# Second: Search for sources of other recipes in the rootfs-dbg
+if 
self.modified_recipe.target_dbgsrc_dir.startswith("/usr/src/debug"):
+gdbinit_lines.append('set substitute-path "/usr/src/debug" 
"%s"' % os.path.join(
+self.image_recipe.rootfs_dbg, "usr", "src", "debug"))
+else:
+logger.error(
+"TARGET_DBGSRC_DIR must start with /usr/src/debug.")
+else:
+logger.warning(
+"Cannot setup debug symbols configuration for GDB. 
IMAGE_GEN_DEBUGFS is not enabled.")
 gdbinit_lines.append(
 '%s %s:%d' % (remote_cmd, self.gdb_cross.host, 
self.gdbserver_port))
 gdbinit_lines.append('set remote exec-file ' + self.binary)
diff --git a/scripts/lib/devtool/ide_plugins/ide_code.py 
b/scripts/lib/devtool/ide_plugins/ide_code.py
index 09f0bb2a07e..a62b93224ee 100644
--- a/scripts/lib/devtool/ide_plugins/ide_code.py
+++ b/scripts/lib/devtool/ide_plugins/ide_code.py
@@ -242,9 +242,19 @@ class IdeVSCode(IdeBase):
 if gdb_cross_config.image_recipe.rootfs_dbg:
 launch_config['additionalSOLibSearchPath'] = 
modified_recipe.solib_search_path_str(
 gdb_cross_config.image_recipe)
-src_file_map[os.path.join("/usr/src/debug", modified_recipe.pn, 
modified_recipe.pv)] = "${workspaceFolder}"
-src_file_map["/usr/src/debug"] = os.path.join(
-gdb_cross_config.image_recipe.rootfs_dbg, "usr", "src", 
"debug")
+# First: Search for sources of this recipe in the workspace folder
+if modified_recipe.pn in modified_recipe.target_dbgsrc_dir:
+src_file_map[modified_recipe.target_dbgsrc_dir] = 
"${workspaceFolder}"
+else:
+logger.error(
+"TARGET_DBGSRC_DIR must contain the recipe name PN.")
+# Second: Search for 

[OE-core] [PATCH 1/4] devtool: ide-sdk launch.json per recipe only

[Adrian Freihofer]

If multiple recipes are processed at once, the launch.json and the
tasks.json of the second recipe contains also the configurations for the
binaries of the first recipe.

Example:
  devtool ide-sdk powertop cmake-example oe-selftest-image
generated a launch and a tasks configuration for the cmake-example
recipe which also offers debugging the powertop binary.

Signed-off-by: Adrian Freihofer 
---
 scripts/lib/devtool/ide_plugins/ide_code.py | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/devtool/ide_plugins/ide_code.py 
b/scripts/lib/devtool/ide_plugins/ide_code.py
index d5e3a4f4215..d58d0bdc539 100644
--- a/scripts/lib/devtool/ide_plugins/ide_code.py
+++ b/scripts/lib/devtool/ide_plugins/ide_code.py
@@ -255,8 +255,10 @@ class IdeVSCode(IdeBase):
 def vscode_launch(self, modified_recipe):
 """GDB Launch configuration for binaries (elf files)"""
 
-configurations = [self.vscode_launch_bin_dbg(
-gdb_cross_config) for gdb_cross_config in self.gdb_cross_configs]
+configurations = []
+for gdb_cross_config in self.gdb_cross_configs:
+if gdb_cross_config.modified_recipe is modified_recipe:
+
configurations.append(self.vscode_launch_bin_dbg(gdb_cross_config))
 launch_dict = {
 "version": "0.2.0",
 "configurations": configurations
@@ -280,6 +282,8 @@ class IdeVSCode(IdeBase):
 ]
 }
 for gdb_cross_config in self.gdb_cross_configs:
+if gdb_cross_config.modified_recipe is not modified_recipe:
+continue
 tasks_dict['tasks'].append(
 {
 "label": gdb_cross_config.id_pretty,
@@ -394,6 +398,8 @@ class IdeVSCode(IdeBase):
 }
 if modified_recipe.gdb_cross:
 for gdb_cross_config in self.gdb_cross_configs:
+if gdb_cross_config.modified_recipe is not modified_recipe:
+continue
 tasks_dict['tasks'].append(
 {
 "label": gdb_cross_config.id_pretty,
-- 
2.43.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196147): 
https://lists.openembedded.org/g/openembedded-core/message/196147
Mute This Topic: https://lists.openembedded.org/mt/104570746/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 0/4] devtool ide-sdk source mappings

[Adrian Freihofer]

This is an improved version of the patch from Enguerrand de Ribaucourt
which was originally published here:
https://lists.openembedded.org/g/openembedded-core/message/196037

The basic idea is still the same but the implementation is a bit
different and the commit message and some comments explain how this is
supposed to work.

The tests have been improved to check whether GDB really uses the
correct source files. The tests still use the cpp example project, which
only provides local files. Problems in relation to source files that are
retrieved from a Git repository, for example, are therefore not yet
detected.

The commit "devtool: ide-sdk launch.json per recipe only" is a fix for
an issue which was discoverd during testing.

Adrian Freihofer (3):
  devtool: ide-sdk launch.json per recipe only
  devtool: ide-sdk prefer sources from workspace
  oe-selftest devtool: ide-sdk tests

Enguerrand de Ribaucourt (1):
  devtool: ide-sdk source mapping for vscode

 meta/lib/oeqa/selftest/cases/devtool.py | 42 -
 scripts/lib/devtool/ide_plugins/__init__.py | 19 +-
 scripts/lib/devtool/ide_plugins/ide_code.py | 25 ++--
 scripts/lib/devtool/ide_sdk.py  |  2 +
 4 files changed, 73 insertions(+), 15 deletions(-)

-- 
2.43.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196146): 
https://lists.openembedded.org/g/openembedded-core/message/196146
Mute This Topic: https://lists.openembedded.org/mt/104570745/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] package_rpm: Fix backtrace on missing directory.

[Jeremy Puhlman via lists.openembedded.org]

On 2/25/2024 10:32 AM, Jeremy Puhlman wrote:



On 2/25/2024 9:22 AM, Jeremy Puhlman wrote:



On 2/24/2024 2:13 PM, Richard Purdie wrote:

On Fri, 2024-02-23 at 12:33 -0800, Jeremy Puhlman via
lists.openembedded.org wrote:

It says usr//usr in the comment, but when I ran on a clean build it
started complaining about opt//opt as well. Its not really clear why
it is looking for those directories, and I am sure this is not likely
the correct solution, but I wanted to get it out here so someone who
has kicked this area of code might know what may be happening.

Unfortunately there are layers of different pieces which could be the
issue, such as pseudo in combination with the host distro libraries and
uninative.

Can you create a test case which reproduces the issue?
Yeah, I was going to try to get to it, but time got away from me. 
Hopefully I should

be able to get some time later today.


Trying to reduce the recipe to bare bones, I narrowed it down the the 
DIRFILES setting.
Deep in the top level class configuration for the layer, it sets 
DIRFILES="1", which looks
wrong given the code. OTOH, nothing else in any of the layers we are 
using sets the value
to anything, so what ever recent changes that were made there are 
untested by anything.


Turning that off should resolve my issue, but it looks like that code 
path may be vestigial at

this point.


As an aside, adding:
DIRFILES = "${bindir}"
To something like the bash recipe, reproduces the behavior.




  Does it always
happen with this recipe?
Yes. Originally it was happening in our distro setup, minimizing it 
to just poky and the
meta-oe/meta-python, it happens with the recipe with the default 
distro as well.



  Does it happen on different host distros?

I have not tried that, so far it was just rocky 8.


  Are
you using uninative?

Yes. It happens with the default poky distro, too.


What about buildtools-tarball?
We always use buildtools-extended-tarball, to isolate as much as 
possible from the host.




Cheers,

Richard






--
Jeremy Puhlman
jpuhl...@mvista.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196145): 
https://lists.openembedded.org/g/openembedded-core/message/196145
Mute This Topic: https://lists.openembedded.org/mt/104536226/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] package_rpm: Fix backtrace on missing directory.

[Jeremy Puhlman via lists.openembedded.org]

On 2/25/2024 9:22 AM, Jeremy Puhlman wrote:



On 2/24/2024 2:13 PM, Richard Purdie wrote:

On Fri, 2024-02-23 at 12:33 -0800, Jeremy Puhlman via
lists.openembedded.org wrote:

It says usr//usr in the comment, but when I ran on a clean build it
started complaining about opt//opt as well. Its not really clear why
it is looking for those directories, and I am sure this is not likely
the correct solution, but I wanted to get it out here so someone who
has kicked this area of code might know what may be happening.

Unfortunately there are layers of different pieces which could be the
issue, such as pseudo in combination with the host distro libraries and
uninative.

Can you create a test case which reproduces the issue?
Yeah, I was going to try to get to it, but time got away from me. 
Hopefully I should

be able to get some time later today.


Trying to reduce the recipe to bare bones, I narrowed it down the the 
DIRFILES setting.
Deep in the top level class configuration for the layer, it sets 
DIRFILES="1", which looks
wrong given the code. OTOH, nothing else in any of the layers we are 
using sets the value
to anything, so what ever recent changes that were made there are 
untested by anything.


Turning that off should resolve my issue, but it looks like that code 
path may be vestigial at

this point.




  Does it always
happen with this recipe?
Yes. Originally it was happening in our distro setup, minimizing it to 
just poky and the
meta-oe/meta-python, it happens with the recipe with the default 
distro as well.



  Does it happen on different host distros?

I have not tried that, so far it was just rocky 8.


  Are
you using uninative?

Yes. It happens with the default poky distro, too.


What about buildtools-tarball?
We always use buildtools-extended-tarball, to isolate as much as 
possible from the host.




Cheers,

Richard




--
Jeremy Puhlman
jpuhl...@mvista.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196144): 
https://lists.openembedded.org/g/openembedded-core/message/196144
Mute This Topic: https://lists.openembedded.org/mt/104536226/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] package_rpm: Fix backtrace on missing directory.

[Jeremy Puhlman via lists.openembedded.org]

On 2/24/2024 2:13 PM, Richard Purdie wrote:

On Fri, 2024-02-23 at 12:33 -0800, Jeremy Puhlman via
lists.openembedded.org wrote:

It says usr//usr in the comment, but when I ran on a clean build it
started complaining about opt//opt as well. Its not really clear why
it is looking for those directories, and I am sure this is not likely
the correct solution, but I wanted to get it out here so someone who
has kicked this area of code might know what may be happening.

Unfortunately there are layers of different pieces which could be the
issue, such as pseudo in combination with the host distro libraries and
uninative.

Can you create a test case which reproduces the issue?
Yeah, I was going to try to get to it, but time got away from me. 
Hopefully I should

be able to get some time later today.


  Does it always
happen with this recipe?
Yes. Originally it was happening in our distro setup, minimizing it to 
just poky and the
meta-oe/meta-python, it happens with the recipe with the default distro 
as well.



  Does it happen on different host distros?

I have not tried that, so far it was just rocky 8.


  Are
you using uninative?

Yes. It happens with the default poky distro, too.


What about buildtools-tarball?
We always use buildtools-extended-tarball, to isolate as much as 
possible from the host.




Cheers,

Richard


--
Jeremy Puhlman
jpuhl...@mvista.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196143): 
https://lists.openembedded.org/g/openembedded-core/message/196143
Mute This Topic: https://lists.openembedded.org/mt/104536226/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v2] kernel.bbclass: Set pkg-config variables for building modules

[Bruce Ashfield]

On Sat, Feb 24, 2024 at 2:21 AM Munehisa Kamata  wrote:
>
> Hi Bruce,
>
> > That is indeed not a simple workflow!
> >
> > In the past, we've always had the existing packageconfig results picked up 
> > and
> > used by later stages of the kernel build which prevented things like this 
> > from
> > happening.
> >
> > Have you figured out exactly which packageconfig is triggering the rebuild, 
> > and
> > had a look to see if something change such that the existing results
> > aren't used ?
>
> The missing of libcrypto.pc and libelf.pc triggers the rebuild of
> certs/extract-cert and objtool respectively. When PKG_CONFIG_DIR is set to
> recipe-sysroot at module build time, it points to a non-existent directory
> and therefore pkg-config can't find .pc for the requested library whereas
> they are present in the recipe-sysroot-native, then it causes make to
> rebuild the target.
>
> Although I admit that I don't fully understand how make particularly
> decides to trigger the rebuild in this case.

Fair enough. I can't say that I always understand how the kernel's
Makefiles are triggering difficult builds without significant hacking
up of the Makefiles, and it isn't worth doing for this.

At a minimum, it is good to know that the .pc files are being consulted
so we do have something reproducible between builds when everything
is full defined.

>
> > All that being said, rather than repeating the exports, it would be
> > better to have
> > them in a common place, since eventually everything but the HOSTPKG_CONFIG
> > definition will be dropped.
> >
> > Have you tried a more class-global export of the values ? We have a
> > few of those,
> > but admittedly, we have way more exports that are duplicated between 
> > do_compile
> > and do_compile_kernelmodules(), so the duplicated exports aren't a big 
> > issue.
>
> Yes, I actually tried it first and it worked at lesat for simple kernel
> building. But I wasn't entirely sure if it was safe enough for the
> ecosystem and came up with the change that is hopefully less impact. That
> said, if you think it's fine, I'm happy to submit v3 with the class-global
> export. It would be better indeed.
>

It is something that should be safe, since really, whenever we build
anything in the kernel having a consistent environment should be in
place. The kernel modules build has expanded over the years and
more of the kernel tools and common build components are coming
into play, so things we didn't previously need .. are now needed in
the modules compilation.

I had recommended that this go into test on Friday via IRC, but
there's no harm in doing a cleaned up v3 with a class global set
of exports. We can always apply it post release if it is decided there
is extra risk .. but at least it will be a reference to how we should
start consolidating some of the exports.

Bruce

>
> Thanks,
> Munehisa
>
> > Bruce
> >
> > >
> > > Signed-off-by: Munehisa Kamata 
> > > ---
> > >
> > > v1 -> v2: Rewrote the commit message with the repro steps
> > >
> > >  meta/classes-recipe/kernel.bbclass | 12 +---
> > >  1 file changed, 9 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/meta/classes-recipe/kernel.bbclass 
> > > b/meta/classes-recipe/kernel.bbclass
> > > index a76aaee5ba..db4461e551 100644
> > > --- a/meta/classes-recipe/kernel.bbclass
> > > +++ b/meta/classes-recipe/kernel.bbclass
> > > @@ -239,6 +239,8 @@ KERNEL_EXTRA_ARGS ?= ""
> > >  EXTRA_OEMAKE += ' CC="${KERNEL_CC}" LD="${KERNEL_LD}" 
> > > OBJCOPY="${KERNEL_OBJCOPY}" STRIP="${KERNEL_STRIP}"'
> > >  EXTRA_OEMAKE += ' HOSTCC="${BUILD_CC}" HOSTCFLAGS="${BUILD_CFLAGS}" 
> > > HOSTLDFLAGS="${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}"'
> > >  EXTRA_OEMAKE += ' HOSTCXX="${BUILD_CXX}" 
> > > HOSTCXXFLAGS="${BUILD_CXXFLAGS}"'
> > > +# Only for newer kernels (5.19+), native pkg-config variables are set 
> > > for older kernels when building kernel and modules
> > > +EXTRA_OEMAKE += ' HOSTPKG_CONFIG="pkg-config-native"'
> > >
> > >  KERNEL_ALT_IMAGETYPE ??= ""
> > >
> > > @@ -356,9 +358,6 @@ kernel_do_compile() {
> > > export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR"
> > > export PKG_CONFIG_SYSROOT_DIR=""
> > >
> > > -   # for newer kernels (5.19+) there's a dedicated variable
> > > -   export HOSTPKG_CONFIG="pkg-config-native"
> > > -
> > > if [ "${KERNEL_DEBUG_TIMESTAMPS}" != "1" ]; then
> > > # kernel sources do not use do_unpack, so 
> > > SOURCE_DATE_EPOCH may not
> > > # be set
> > > @@ -408,6 +407,13 @@ addtask transform_kernel after do_compile before 
> > > do_install
> > >
> > >  do_compile_kernelmodules() {
> > > unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE
> > > +
> > > +   # setup native pkg-config variables (kconfig scripts call 
> > > pkg-config directly, cannot generically be overriden to pkg-config-native)
> > > +   export 
> > > PKG_CONFIG_DIR="${STAGING_DIR_NATIVE}${libdir_native}/pkgconfig"
> > > +   export 
> > > 

[OE-core] OE-core CVE metrics for nanbield on Sun 25 Feb 2024 04:00:01 AM HST

[Steve Sakoman]

Branch: nanbield

New this week: 5 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-50387 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50387 *
CVE-2023-6816 (CVSS3: 9.8 CRITICAL): xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 *
CVE-2024-0408 (CVSS3: 5.5 MEDIUM): xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0408 *
CVE-2024-0409 (CVSS3: 7.8 HIGH): xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0409 *

Removed this week: 16 CVEs
CVE-2023-25584 (CVSS3: 7.1 HIGH): 
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 *
CVE-2023-4039 (CVSS3: 4.8 MEDIUM): 
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 *
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-52071 (CVSS3: N/A): curl:curl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52071 *
CVE-2023-52355 (CVSS3: 7.5 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 *
CVE-2023-52356 (CVSS3: 7.5 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 *
CVE-2023-6228 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 *
CVE-2023-6246 (CVSS3: 7.8 HIGH): glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6246 *
CVE-2023-6377 (CVSS3: 7.8 HIGH): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 *
CVE-2023-6478 (CVSS3: 7.5 HIGH): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 *
CVE-2023-6779 (CVSS3: 7.5 HIGH): glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6779 *
CVE-2023-6780 (CVSS3: 5.3 MEDIUM): glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6780 *
CVE-2023-6816 (CVSS3: 9.8 CRITICAL): xserver-xorg:xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 *
CVE-2023-6992 (CVSS3: 5.5 MEDIUM): zlib:zlib-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6992 *
CVE-2024-0408 (CVSS3: 5.5 MEDIUM): xserver-xorg:xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0408 *
CVE-2024-0409 (CVSS3: 7.8 HIGH): xserver-xorg:xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0409 *

Full list:  Found 116 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 *
CVE-2023-3164 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 *
CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 *
CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 *
CVE-2023-38559 (CVSS3: 5.5 MEDIUM): ghostscript 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 *
CVE-2023-39189 (CVSS3: 6.0 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39189 *
CVE-2023-39192 (CVSS3: 6.0 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39192 *
CVE-2023-39193 (CVSS3: 6.0 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39193 *
CVE-2023-39928 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 *
CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native 

[OE-core] OE-core CVE metrics for kirkstone on Sun 25 Feb 2024 03:00:01 AM HST

[Steve Sakoman]

Branch: kirkstone

New this week: 0 CVEs

Removed this week: 0 CVEs

Full list:  Found 50 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2022-36648 (CVSS3: 10.0 CRITICAL): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36648 *
CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 *
CVE-2023-0687 (CVSS3: 9.8 CRITICAL): glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 *
CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 *
CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 *
CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 *
CVE-2023-28198 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28198 *
CVE-2023-29403 (CVSS3: 7.8 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 *
CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 *
CVE-2023-3164 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 *
CVE-2023-32370 (CVSS3: 5.3 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32370 *
CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 *
CVE-2023-39323 (CVSS3: 8.1 HIGH): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39323 *
CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 *
CVE-2023-40397 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40397 *
CVE-2023-42467 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42467 *
CVE-2023-44487 (CVSS3: 7.5 HIGH): go:nghttp2 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44487 *
CVE-2023-45803 (CVSS3: 4.2 MEDIUM): python3-urllib3 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45803 *
CVE-2023-46407 (CVSS3: 5.5 MEDIUM): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 *
CVE-2023-47100 (CVSS3: 9.8 CRITICAL): perl:perl-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47100 *
CVE-2023-47470 (CVSS3: 7.8 HIGH): ffmpeg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 *
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-49292 (CVSS3: 4.8 MEDIUM): go 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 *
CVE-2023-50387 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50387 *
CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 *
CVE-2023-52355 (CVSS3: 7.5 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52355 *
CVE-2023-52356 (CVSS3: 7.5 HIGH): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 *
CVE-2023-52425 (CVSS3: 7.5 HIGH): expat:expat-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52425 *
CVE-2023-52426 (CVSS3: 5.5 MEDIUM): expat:expat-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52426 *
CVE-2023-5380 (CVSS3: 4.7 MEDIUM): xwayland 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5380 *
CVE-2023-5574 (CVSS3: 7.0 HIGH): xserver-xorg 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 *
CVE-2023-6277 (CVSS3: 6.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6277 *
CVE-2023-6683 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 *
CVE-2023-6693 (CVSS3: 5.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6693 *
CVE-2023-6779 (CVSS3: 7.5 HIGH): glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6779 *
CVE-2023-6816 (CVSS3: 9.8 CRITICAL): xwayland 

Re: [OE-core] OE-core CVE metrics for master on Sun 25 Feb 2024 01:00:01 AM HST

[Simone Weiß]

Hi,

quick summary (besides linux-yocto):
- No new CVEs
- 13 fixed in oe-core
- qemu: CVE-2023-6683: Fixed upstream on master now via
https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a
- coreutils: CVE-2024-0684: Fixed upstream via
https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9
- libxml2 upgrade is still ongoing from last week.
- Rest is all still open upstream

Simone

On Sun, 2024-02-25 at 01:18 -1000, Steve Sakoman wrote:
> Branch: master
> 
> New this week: 0 CVEs
> 
> Removed this week: 13 CVEs
> 
=> I updated the wiki

> 
> Full list:  Found 42 unpatched CVEs
> CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
> CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
> CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
> CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
> CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
Hypothetical DoS. A patch was proposed upstream, but hasn't been reviewed
or merged. 
> CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
> CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
> CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
Buffer overflow, still open upstream.
> CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
still open upstream.
> CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 *
> CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 *
> CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 *
> CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 *
> CVE-2023-42364 (CVSS3: 5.5 MEDIUM): busybox
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 *
> CVE-2023-42365 (CVSS3: 5.5 MEDIUM): busybox
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 *
> CVE-2023-42366 (CVSS3: 5.5 MEDIUM): busybox
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 *
All 4 busybox issues above are still open upstream. Proposed patch for
CVE-2023-42366 is not reviewed/merged.
> CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 *
authentication bypass via row hammer attack, Upstream bug  (still open, no
patch) Real-world impacts seem quite low
> CVE-2023-6238 (CVSS3: 6.7 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 *
> CVE-2023-6240 (CVSS3: 6.5 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6240 *
> CVE-2023-6270 (CVSS3: 7.0 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6270 *
> CVE-2023-6356 (CVSS3: 7.5 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6356 *
> CVE-2023-6535 (CVSS3: 7.5 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6535 *
> CVE-2023-6536 (CVSS3: 7.5 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6536 *
> CVE-2023-6683 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 *
patch is now merged to master
> CVE-2023-6780 (CVSS3: 5.3 MEDIUM): glibc
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6780 *
=> wrong cpe, I will ping NVD again
> CVE-2023-7042 (CVSS3: 5.5 MEDIUM): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7042 *
> CVE-2023-7216 (CVSS3: 8.8 HIGH): cpio
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7216 *
open upstream
> CVE-2024-0684 (CVSS3: 5.5 MEDIUM): coreutils:coreutils-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0684 *
Fix available in master branch of coreutils, but not in any release yet. 
> CVE-2024-0841 (CVSS3: 7.8 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0841 *
> CVE-2024-21803 (CVSS3: 7.8 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21803 *
> CVE-2024-23307 (CVSS3: 7.8 HIGH): linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23307 *
> CVE-2024-23848 (CVSS3: 5.5 MEDIUM): linux-yocto
> 

[OE-core] OE-core CVE metrics for dunfell on Sun 25 Feb 2024 02:00:01 AM HST

[Steve Sakoman]

Branch: dunfell

New this week: 1 CVEs
CVE-2023-50387 (CVSS3: 7.5 HIGH): bind 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50387 *

Removed this week: 0 CVEs

Full list:  Found 113 unpatched CVEs
CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 *
CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 *
CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 *
CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 *
CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 *
CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 *
CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 *
CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 *
CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 *
CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 *
CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 *
CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 *
CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 *
CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 *
CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 *
CVE-2022-0358 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0358 *
CVE-2022-2294 (CVSS3: 8.8 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294 *
CVE-2022-2347 (CVSS3: 7.1 HIGH): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2347 *
CVE-2022-23773 (CVSS3: 7.5 HIGH): go:go-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23773 *
CVE-2022-24765 (CVSS3: 7.8 HIGH): git 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24765 *
CVE-2022-2953 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2953 *
CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 *
CVE-2022-30293 (CVSS3: 7.5 HIGH): webkitgtk 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30293 *
CVE-2022-30767 (CVSS3: 9.8 CRITICAL): u-boot 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30767 *
CVE-2022-3219 

[OE-core] OE-core CVE metrics for master on Sun 25 Feb 2024 01:00:01 AM HST

[Steve Sakoman]

Branch: master

New this week: 0 CVEs

Removed this week: 13 CVEs
CVE-2023-25584 (CVSS3: 7.1 HIGH): 
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 *
CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 *
CVE-2023-3164 (CVSS3: 5.5 MEDIUM): tiff 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164 *
CVE-2023-38559 (CVSS3: 5.5 MEDIUM): ghostscript 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 *
CVE-2023-4692 (CVSS3: 7.8 HIGH): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 *
CVE-2023-4693 (CVSS3: 4.6 MEDIUM): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 *
CVE-2023-5088 (CVSS3: 7.0 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 *
CVE-2023-6693 (CVSS3: 5.3 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6693 *
CVE-2024-1048 (CVSS3: 3.3 LOW): grub:grub-efi:grub-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1048 *
CVE-2024-22667 (CVSS3: 7.8 HIGH): vim 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22667 *
CVE-2024-24575 (CVSS3: 7.5 HIGH): libgit2 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24575 *
CVE-2024-24577 (CVSS3: 9.8 CRITICAL): libgit2 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24577 *
CVE-2024-24806 (CVSS3: 9.8 CRITICAL): libuv 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24806 *

Full list:  Found 42 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2021-3714 (CVSS3: 5.9 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 *
CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 *
CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 *
CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 *
CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 *
CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 *
CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 *
CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 *
CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 *
CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 *
CVE-2023-3640 (CVSS3: 7.8 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 *
CVE-2023-4010 (CVSS3: 4.6 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 *
CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 *
CVE-2023-42364 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 *
CVE-2023-42365 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 *
CVE-2023-42366 (CVSS3: 5.5 MEDIUM): busybox 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 *
CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 *
CVE-2023-6238 (CVSS3: 6.7 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 *
CVE-2023-6240 (CVSS3: 6.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6240 *
CVE-2023-6270 (CVSS3: 7.0 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6270 *
CVE-2023-6356 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6356 *
CVE-2023-6535 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6535 *
CVE-2023-6536 (CVSS3: 7.5 HIGH): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6536 *
CVE-2023-6683 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 *
CVE-2023-6780 (CVSS3: 5.3 MEDIUM): glibc 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6780 *
CVE-2023-7042 (CVSS3: 5.5 MEDIUM): linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7042 *
CVE-2023-7216 (CVSS3: 8.8 HIGH): cpio 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7216 *
CVE-2024-0684 (CVSS3: 5.5 MEDIUM): coreutils:coreutils-native 

[OE-core] [PATCH] glib-2.0: backport a switch from distutils to packaging in codegen

[Martin Jansa]

* to fix build on hosts with python-3.12, now it fails with:

Traceback (most recent call last):
  File "recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in 
from codegen import codegen_main
  File "recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 
29, in 
from . import dbustypes
  File "recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 
22, in 
from . import utils
  File "recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in 

import distutils.version
ModuleNotFoundError: No module named 'distutils'
CMake Error at CMakeLists.txt:90 (message):
  Error in generating code for connman interface using gdbus-codegen

Signed-off-by: Martin Jansa 
---
 ...deprecated-distutils-module-to-the-p.patch | 34 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb |  1 +
 meta/recipes-core/glib-2.0/glib.inc   |  4 +--
 3 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 
meta/recipes-core/glib-2.0/glib-2.0/0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch

diff --git 
a/meta/recipes-core/glib-2.0/glib-2.0/0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch
 
b/meta/recipes-core/glib-2.0/glib-2.0/0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch
new file mode 100644
index 00..50368ed22c
--- /dev/null
+++ 
b/meta/recipes-core/glib-2.0/glib-2.0/0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch
@@ -0,0 +1,34 @@
+From 05f0674c93d94fe6b29c1b707980aac469ddcd72 Mon Sep 17 00:00:00 2001
+From: Jordan Williams 
+Date: Fri, 1 Dec 2023 09:53:50 -0600
+Subject: [PATCH] Switch from the deprecated distutils module to the packaging
+ module
+
+The distutils module was removed in Python 3.12.
+
+Upstream-Status: Backport 
[https://gitlab.gnome.org/GNOME/glib/-/commit/6ef967a0f930ce37a8c9b5aff969693b34714291]
+
+Signed-off-by: Martin Jansa 
+---
+ gio/gdbus-2.0/codegen/utils.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gdbus-2.0/codegen/utils.py b/gio/gdbus-2.0/codegen/utils.py
+index 0204610..08f1ba9 100644
+--- a/gio/gdbus-2.0/codegen/utils.py
 b/gio/gdbus-2.0/codegen/utils.py
+@@ -19,7 +19,7 @@
+ #
+ # Author: David Zeuthen 
+ 
+-import distutils.version
++import packaging.version
+ import os
+ import sys
+ 
+@@ -166,4 +166,4 @@ def version_cmp_key(key):
+ v = str(key[0])
+ else:
+ v = "0"
+-return (distutils.version.LooseVersion(v), key[1])
++return (packaging.version.Version(v), key[1])
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb 
b/meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb
index 42814ba544..6c3e99c641 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz 
\
file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
file://0001-meson-Run-atomics-test-on-clang-as-well.patch \

file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
+   
file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
file://memory-monitor.patch \
file://native-gtkdoc.patch \
"
diff --git a/meta/recipes-core/glib-2.0/glib.inc 
b/meta/recipes-core/glib-2.0/glib.inc
index 5a57549d85..fac8875d84 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -144,9 +144,7 @@ do_install:append:mingw32() {
 rm -f ${D}${bindir}/gtester-report
 }
 
-# remove setuptools dependency when usage of distutils is dropped in
-# 
https://gitlab.gnome.org/GNOME/glib/-/blob/main/gio/gdbus-2.0/codegen/utils.py
-CODEGEN_PYTHON_RDEPENDS = "python3 python3-setuptools python3-xml"
+CODEGEN_PYTHON_RDEPENDS = "python3 python3-packaging python3-xml"
 CODEGEN_PYTHON_RDEPENDS:mingw32 = ""
 
 RDEPENDS:${PN}-codegen += "${CODEGEN_PYTHON_RDEPENDS}"
-- 
2.43.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196136): 
https://lists.openembedded.org/g/openembedded-core/message/196136
Mute This Topic: https://lists.openembedded.org/mt/104560766/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-