[OE-core][kirkstone 32/32] selftest/virgl: use pkg-config from the host

From: Alexander Kanavin The check needs to report dri location on the host machine, so pkg-config binary needs to be capable of finding the needed dri.pc file on the host, and therefore needs to know where host .pc files are located. This may not be the case when using pkg-config from

[OE-core][kirkstone 31/32] lib/oe/reproducible: Use git log without gpg signature

From: Benoît Mauduit Previously, if "showSignature" is present in user gitconfig, parsing of the timestamp will fail. Ideally we should replace this command with a git plumbing command. Signed-off-by: Benoît Mauduit Signed-off-by: Alexandre Belloni (cherry picked from commit

[OE-core][kirkstone 30/32] at: Change when files are copied

From: Saul Wold The create_spdx code relies on patched code, if files are changed or added during the do_configure phase they will be missed by the create_spdx process. So we need to ensure files modifications/additions happen in the do_patch phase. Signed-off-by: Saul Wold Signed-off-by:

[OE-core][kirkstone 29/32] toolchain-scripts: compatibility with unbound variable protection

From: Jan Kircher Fixed an error when Bash's unbound variable protection is enabled (set -u) and variable "LD_LIBRARY_PATH" does not exist. Signed-off-by: Jan Kircher Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][kirkstone 28/32] libseccomp: fix typo in DESCRIPTION

From: Chen Qi Fix typo in DESCRIPTION: and -> an. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 349e63045298054f9454025d793c67284fce750b) Signed-off-by: Steve Sakoman --- meta/recipes-support/libseccomp/libseccomp_2.5.3.bb

[OE-core][kirkstone 27/32] dhcpcd: backport two patches to fix runtime error

From: Chen Qi In case of nodistro, dhcpcd gives us 'Bad system call' error and exits. This is because there are syscalls that should be allowed but not in privsep. Backport two patches to fix this issue. Signed-off-by: Chen Qi Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie

[OE-core][kirkstone 26/32] harfbuzz: remove bindir only if it exists

From: Petr Kubizňák In some scenarios (e.g. when "glib" removed from PACKAGECONFIG), "${D}${bindir}" might not exist which caused `rmdir` to fail. Signed-off-by: Petr Kubizňák Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][kirkstone 25/32] tiff: Add packageconfig knob for webp

From: Khem Raj tiff-native otherwise falsely detects webp if its installed on build host. This ensures deterministic behavior regardless of host. Signed-off-by: Khem Raj Signed-off-by: Richard Purdie (cherry picked from commit 718c44f282310b2ca85877fed706460ccc1eebea) Signed-off-by: Steve

[OE-core][kirkstone 24/32] kernel-fitimage: Allow user to select dtb when multiple dtb exists

From: Sandeep Gundlupet Raju Allow user to select the default DTB for FIT image when multiple dtb's exists. >From machine.conf or local.conf user can specify the default dtb for FIT image as shown below. FIT_CONF_DEFAULT_DTB = "board-default.dtb" Also fallback to avaialable dtb when

[OE-core][kirkstone 23/32] kernel-fitimage: Adjust order of dtb/dtbo files

From: Sandeep Gundlupet Raju The dtb files must be before the dtbo files, otherwise the overlays may not be applied correctly. >From Bruce Ashfield: We can split between dtbs and dtbos, they just need to be sorted for reproducibility reasons. Of course, this was only working by luck

[OE-core][kirkstone 22/32] busybox: rm temporary files if do_compile was interrupted

From: Antonin Godard To avoid working with undeterministic config files, remove all the temporary files to start from scratch. Signed-off-by: Richard Purdie (cherry picked from commit 74cd440c4e3df0ed3b81cf5c60a3f92e0dd3fe6c) Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 21/32] busybox: always start do_compile with orig config files

From: Antonin Godard When compiling busybox a second time (e.g. with `compile -f`), busybox can use an altered autoconf.h file for compiling, which can ultimately produces different and unwanted binaries. This can produce errors like this one: ERROR: busybox-1.35.0-r0 do_package: Error

[OE-core][kirkstone 20/32] classes: image: Set empty weak default IMAGE_LINGUAS

From: Alex Kiernan This is already set in default-distrovars.inc and so this assignment will almost never succeed. Rather than leaving it to confuse, set an empty weak default. Signed-off-by: Alex Kiernan Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from

[OE-core][kirkstone 19/32] gcc: Refactor linker patches and fix linker on arm with usrmerge

From: Pavel Zhukov Backport fix from master to allow gcc to use proper linker path for musl [Yocto #14977]. Fixes: | qemu-arm: Could not open '/lib/ld-musl-armhf.so.1': No such file or directory Signed-off-by: Pavel Zhukov Signed-off-by: Steve Sakoman ---

[OE-core][kirkstone 18/32] vim: upgrade 9.0.0947 -> 9.0.1211

From: Randy MacLeod Includes fixes for: https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 Signed-off-by: Randy MacLeod Signed-off-by: Luca

[OE-core][kirkstone 16/32] linux-yocto/5.15: update to v5.15.84

From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: d68f50bfb00f Linux 5.15.84 972707bae3d7 net: fec: properly guard irq coalesce setup 289721fe0993 ASoC: ops: Correct bounds check for second channel on SX controls

[OE-core][kirkstone 17/32] linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit b457e6976e9e64a737517f9d9142ab290cdce214)

[OE-core][kirkstone 15/32] linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: da5513f30187 libbpf: Fix build warning on ref_ctr_off Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit eb75d561256c794baf6c89c1975967343145da87) Signed-off-by: Steve

[OE-core][kirkstone 14/32] linux-yocto/5.15: fix perf build with clang

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: 4c5a089621a8 perf python: Account for multiple words in CC Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 1cf78a856beb42a2d68e6c49bfdbc33fea68ebb5) Signed-off-by: Steve

[OE-core][kirkstone 13/32] linux-yocto/5.15: ltp and squashfs fixes

From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/5.15: 1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers 838f5d0701d8 fs: add mode_strip_sgid() helper d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead

[OE-core][kirkstone 11/32] xwayland: upgrade 22.1.5 -> 22.1.7

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c37ec8b2d91605d6eb5228f0a447fb83f111edc3) Signed-off-by: Steve Sakoman --- .../xwayland/{xwayland_22.1.5.bb => xwayland_22.1.7.bb} | 2

[OE-core][kirkstone 12/32] xserver-xorg: upgrade 21.1.4 -> 21.1.6

From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 009e8d6a292690a0c355d12be2368a9677c701f5) Signed-off-by: Steve Sakoman --- ...possible-memleaks-in-XkbGetKbdByName.patch | 63

[OE-core][kirkstone 10/32] linux-firmware: upgrade 20221109 -> 20221214

From: Alexander Kanavin License-Update: additional files Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 15f3a9f6c4406ddc00f7dc0ca7e1beafe9c71a9f) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20221109.bb =>

[OE-core][kirkstone 08/32] Revert "libksba: fix CVE-2022-47629"

Prepare for stable version bump which includes this fix This reverts commit e4cb0bf273ea556db91699594046a47514c8583c. --- ...overflow-in-the-CRL-signature-parser.patch | 72 --- meta/recipes-support/libksba/libksba_1.6.2.bb | 3 +- 2 files changed, 1 insertion(+), 74

[OE-core][kirkstone 09/32] libksba: update 1.6.2 -> 1.6.3

From: Alexander Kanavin Noteworthy changes in version 1.6.3 (2022-12-06) Fix another integer overflow in the CRL parser. [T6284,CVE-2022-47629] Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit

[OE-core][kirkstone 04/32] cve-update-db-native: show IP on failure

From: Ross Burton We get random SSL failures when fetching the CVE database, and it's notable that the NVD server is behind a DNS round-robin or geographically diverse servers. On a hunch that there is one misconfigured server, dump the IP that we connected to. Signed-off-by: Ross Burton

[OE-core][kirkstone 07/32] lttng-modules: update 2.13.7 -> 2.13.8

From: He Zhe Signed-off-by: He Zhe Signed-off-by: Steve Sakoman --- .../lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-kernel/lttng/{lttng-modules_2.13.7.bb => lttng-modules_2.13.8.bb} (94%) diff --git

[OE-core][kirkstone 06/32] cairo: fix CVE patches assigned wrong CVE number

From: Quentin Schulz CVE-2019-6461 and CVE-2019-6462 are fixed, but the reporting is incorrect as the patch for CVE-2019-6461 is actually for CVE-2019-6462 and vice-versa. This swaps both files and edit the CVE field to report the correct identifier. Cc: Quentin Schulz Signed-off-by: Quentin

[OE-core][kirkstone 05/32] cve-check: write the cve manifest to IMGDEPLOYDIR

From: Jermain Horsman When building an image cve_check_write_rootfs_manifest() would sometimes fail with a FileNotFoundError when writing the manifest.cve due to the parent directory (DEPLOY_DIR_IMAGE) not (yet) existing. The image task will provide the manifest in the deploy directory

[OE-core][kirkstone 03/32] cve-update-db-native: avoid incomplete updates

From: Marta Rybczynska The database update has been done on the original file. In case of network connection issues, temporary outage of the NVD server or a similar situation, the function could exit with incomplete data in the database. This patch solves the issue by performing the update on a

[OE-core][kirkstone 02/32] ffmpeg: fix for CVE-2022-3341

From: Narpat Mali avformat/nutdec: Add check for avformat_new_stream Check for failure of avformat_new_stream() and propagate the error code. Signed-off-by: Narpat Mali Signed-off-by: Steve Sakoman --- ...ec-Add-check-for-avformat_new_stream.patch | 67 +++

[OE-core][kirkstone 01/32] go: fix CVE-2022-41717 Excessive memory use in got server

From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2022-41717.patch

[OE-core][kirkstone 00/32] Patch review

Please review this set of patches for kirkstone and have comments back by end of day Tuesday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4815 The following changes since commit 34de16fd86775c0f2ede1670fec90217e4d11776: gtk-icon-cache: Fix

Re: [OE-core] [PATCH 1/3] insane: Improve patch warning/error handling

On Sun, 2023-01-22 at 12:46 +, Peter Kjellerstedt wrote: > > -Original Message- > > From: openembedded-core@lists.openembedded.org > c...@lists.openembedded.org> On Behalf Of Richard Purdie > > Sent: den 21 januari 2023 00:01 > > To: Alexander Kanavin ; Bruce Ashfield > > > > Cc:

[OE-core] OE-core CVE metrics for langdale on Sun 22 Jan 2023 03:30:01 AM HST

Branch: langdale New this week: 3 CVEs CVE-2020-10735 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native

[OE-core] OE-core CVE metrics for kirkstone on Sun 22 Jan 2023 03:00:01 AM HST

Branch: kirkstone New this week: 2 CVEs CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * Removed

Re: [OE-core] [PATCH 1/3] insane: Improve patch warning/error handling

> -Original Message- > From: openembedded-core@lists.openembedded.org c...@lists.openembedded.org> On Behalf Of Richard Purdie > Sent: den 21 januari 2023 00:01 > To: Alexander Kanavin ; Bruce Ashfield > > Cc: Ross Burton ; OE-core c...@lists.openembedded.org> > Subject: Re: [OE-core]

[OE-core] OE-core CVE metrics for dunfell on Sun 22 Jan 2023 02:30:01 AM HST

Branch: dunfell New this week: 2 CVEs CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2023-0288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0288 * Removed

[OE-core] OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST

Branch: master New this week: 0 CVEs Removed this week: 3 CVEs CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 * CVE-2023-0051 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0051 * CVE-2023-0054 (CVSS3: 7.8