From patchwork Mon Oct  7 01:54:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49995
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D9F8FCFB446
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:19 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web11.43997.1728266112363634206
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:12 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bwwvTbKr;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.54,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-2e18856feb4so3306320a91.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266111;
 x=1728870911; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XUQ8sKNcr6J51EFWhugj2oz3Pfp1r7WuR2oYFbwpgY8=;
        b=bwwvTbKrmtRDX58pUydclvPbIWLOKIwO20vt5gIyrP8bPIVBi2Hg8QsinT27XXel6N
         Dz7/Ol+DDWq0bkO9MSsXNjL737UdjQY6Di9l3r7hR4CmmqqfMK4Bh1VbAH7bFK4s+ta0
         6088bX5Oe9yw7PT+tygYkItrou9XCmTJuR7vvJwfbgofjTEmeaB5vLhdZ29NHOlEWsDR
         lEf3MIp2IBNTHpABBHCffjjTZKN2hrssv562KDbqywM++pSpnGw0qBHb/IEmgAIeZARC
         DM/jITjyR7s5heQ/awWX2ICI2dEG3vUv4r0f64RQDhTqoAR17Vn2DWTa0kgfmuBPMTTQ
         hbMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266111; x=1728870911;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=XUQ8sKNcr6J51EFWhugj2oz3Pfp1r7WuR2oYFbwpgY8=;
        b=uPgyuJjLzHpvSQjqJ3fsqQQVaHMa708xXbjlamIjgoEE5dtoqN6s2irMJHFtgzBc57
         Ovl0eOFZPp7Z/kMDJxKRWn4Ma2i086q/FaJ9MMK9fkhDjMtXf5QR32DoWcHz8P6KW6cZ
         btd8mfD4aqdj9Q4j7liea+Bceh8Em5LdaLJXrrNPd5osNw3aH7n4kN8tYlJ5c8fcw6bw
         VkwSov2d0zDqV6bSfr/gyRs6z0tHFuQyuFw0LmRpSrQf9UCF/urv9EHwCbIV0m5odfi+
         4m2hQJIHpAcAG6DvyfW02GftqpryIEGiquREeAB/Wati3Ez5XLQ9gRXSmQ9eMq+/nAYS
         ycFA==
X-Gm-Message-State: AOJu0YwZPWP7TVVJKysq2CqRKYwz0VBWfqt8rCDOkRDYnLfjF/ICmg/4
	OA6fZ8BLdZpuvOmV4LioKvoQct6bzonUPz8RSmp/I3yhYrHwwnlOvEaD9Kt8QnbEz5zY4SyZqEh
	qCuk=
X-Google-Smtp-Source: 
 AGHT+IH7pXMmBgBzJyybdMUmxfQwP5HCXmT4+zY/+rHkDltqBFT9gzU3hfuEe7rUp2FmYo112krGQw==
X-Received: by 2002:a17:90a:ff14:b0:2e0:875a:f72d with SMTP id
 98e67ed59e1d1-2e1e5dc6231mr12038816a91.0.1728266111594;
        Sun, 06 Oct 2024 18:55:11 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.11
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:11 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 01/10] gnupg: Document CVE-2022-3219 and mark
 wontfix
Date: Sun,  6 Oct 2024 18:54:54 -0700
Message-Id: 
 <1bce8a63edd93070bdd8e8a518a6d359e3fbf0ba.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:19 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205249

From: Khem Raj <raj.khem@gmail.com>

(From OE-Core rev: f10f9c3a8d2c17d5a6c3f0b00749e5b34a66e090)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/gnupg/gnupg_2.4.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/gnupg/gnupg_2.4.4.bb b/meta/recipes-support/gnupg/gnupg_2.4.4.bb
index fff7d8c6da..ec75960235 100644
--- a/meta/recipes-support/gnupg/gnupg_2.4.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.4.4.bb
@@ -88,3 +88,4 @@ BBCLASSEXTEND = "native nativesdk"
 
 lcl_maybe_fortify:mipsarch = ""
 
+CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"

From patchwork Mon Oct  7 01:54:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49993
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C54CCCFB442
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:19 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web10.44006.1728266113735720576
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=hRLwcdcJ;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-2e082bf1c7fso2682986a91.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266113;
 x=1728870913; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1S7Hk/kCVnEm7iRGew4ev6PzgQTcKQmVHNuGd7xwMeI=;
        b=hRLwcdcJ7PgCjMNiWN0HbRM5xA6IX46t4H5YpeEtSDVeW2o0q6olxKKrjmQkvRhxbm
         V72+jf59s65NRaGDf6zzMnQSFofWCT3H0YTtSpRxdh1pgaK+InRdyBm7XpnMfKwBCLim
         0ptWSpavI/jyQyVxyR/E16wdkj3HFwhkt/0SuDf82p6lRbmb2KVJHc9jebXTS+p73zkS
         Rq6CQcFHIlDjWLpnnZAbZGPrNjLlPYdq2mXfw6yBczi+n34MsrkSde2pavOSJwhNo76c
         TVld6bX426f70EpRzcKPosvqzkdnMcjJ/C6sLl0eYOypp5xvRxKYZap6R1Bym0yojtOi
         +dEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266113; x=1728870913;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1S7Hk/kCVnEm7iRGew4ev6PzgQTcKQmVHNuGd7xwMeI=;
        b=JuNUXuzskrgBfVkEjTJY79tQUu6fiZIpJl9O7fGJXN7Zc0SyBOWzjpoSj2/d31UgfY
         UpNTepXlPdm2V+x6ARAnmJ0KIfpBOauEma7iCmTj87dHpfYh1alUQSa1/L9g9yr75CU1
         Khr7Gv5qquIYN2y1mER7CecTQbtJDjud/JKqWl6MSgY9eikS1KosDErWle3UCEgpz2qa
         vC99DsRnlpuUOkCGQtzUOCltkIdyyab88AwuMHPBBsOgTpA3qHhGRyX3etNYXLNoXfOx
         TxL5WVe+Cp18gSCY6CapYRHGwkGvZm59/sLspj78pC/UXnxldkJ2hGxDoHENwMrzOraM
         rZUw==
X-Gm-Message-State: AOJu0YwSLPY+zoKD3IqrTu/oOps01Ffvg26mDDb+zn8jrJ3S+HFanwoD
	IO3stf9l13ch0BRctavTW0Gad7pT3qssoiouFWlaV/oIVn/5Qm8bpH6bnX/vZ0g7y2N6X7yIc7h
	nmO8=
X-Google-Smtp-Source: 
 AGHT+IEMPp+8o9FXtm7IoJYvM4E5UkwHn7iMorREWjbe9skl9M9l8Gw1qLMIeqcdjPpbz2Wuzn3lCg==
X-Received: by 2002:a17:90a:458b:b0:2d3:d09a:630e with SMTP id
 98e67ed59e1d1-2e1e6212e23mr13343924a91.1.1728266112944;
        Sun, 06 Oct 2024 18:55:12 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:12 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/10] openssh: Mark CVE-2023-51767 as wont-fix
Date: Sun,  6 Oct 2024 18:54:55 -0700
Message-Id: 
 <9376c14f367477a8d02df1331908e3df3bd009b6.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:19 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205250

From: Khem Raj <raj.khem@gmail.com>

(From OE-Core rev: 1b4bada6c003ef743df09283e45953e6d9ea4c5a)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index 3c507cf911..a8ba67e360 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -40,6 +40,7 @@ CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to Op
 Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
 
 CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
+CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."
 
 PAM_SRC_URI = "file://sshd"
 

From patchwork Mon Oct  7 01:54:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49992
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C54EECFB445
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:19 +0000 (UTC)
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com
 [209.85.215.181])
 by mx.groups.io with SMTP id smtpd.web10.44007.1728266115055948334
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:15 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=GS20/rqN;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f181.google.com with SMTP id
 41be03b00d2f7-7db1f13b14aso3116306a12.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266114;
 x=1728870914; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=peFkGyDUGdPjBermcx2yrs9wpBwY6dn9H7pvrZItDr0=;
        b=GS20/rqNgW0MDihjOW/v8QWNDcy5FidGaT6bqLLN4d/+oulEcGrytG5H9zIR7khLmp
         conp6bUbaieuMqfnj3cPYxdezpuTFL1ZgZze3QM2G0nzaSkPdBpjjvAz8dxsRxdHjnR/
         btgeL6hGzdH2JJyxRqe/ITqxns8TN12bYwWDNG2xIjNLU0n5uVIBJdpefGifcI1/sYqd
         5oIReLuLx00kyBMOnqnnieOibPj/o/gXDKSSGJD3RtsSFQivzix2sMuuqUPLwOapu90x
         YDC9fT/UAlIwVaQ0IzMJTgmZyHOIyR7j1pN8OO1OBuwj0D+KrA4G5ErfmnViiVB0N5z5
         Ki6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266114; x=1728870914;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=peFkGyDUGdPjBermcx2yrs9wpBwY6dn9H7pvrZItDr0=;
        b=lT6ZyEEt5RpgG3KCbjGlPAyILMus6M1ZOck6Bb5tdlaspOr/U+ioS3Lz4p77FS8Dtt
         Ph0Yb7FMjnXBdjsNdwuxdHnUdQZOphu8iJrvLhesW1M99V+gw8ZOc0T29mmleYWEzOIb
         TCOxHAgrPjtU9AMZN7THLvojkdyv7VTy8QP+/YcBP1llSJZnW+g1vfvN7R6HFWoHqw/G
         75cN5LrJdCLjN6jEXm/FYdUTNt9Uk8Kmn6Dl5bLoqGdNFaYPxOiCU1RrY7JGUTqGQ/+N
         fl7Z0mdJAh0z9G9lKFhiDCY+l7zznOcV9XYD4GO12I1CfYIzcc9EC+Aqp6pHOhKbTsMu
         OMWg==
X-Gm-Message-State: AOJu0YyFzXzasIAkrbvPFByOnXrjyxAVZv3cnYALzokiZqTsvfIZskYy
	TIp4l+x8OU8TXW/lxaONXI7VmVNa6r4gXFbkFLX4hyfR+oqS1cwpU6UswvxYQRulpPLMIJrkn3N
	vhxY=
X-Google-Smtp-Source: 
 AGHT+IH56SN84migTcv9pF9BwlQnZRAhjB5VrL6XyAv5YYMHLESa11zXHZff7RiCq3xUNr8BAtsWBA==
X-Received: by 2002:a17:90a:e593:b0:2c8:6bfa:bbf1 with SMTP id
 98e67ed59e1d1-2e1e626bbd4mr13540952a91.23.1728266114288;
        Sun, 06 Oct 2024 18:55:14 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:14 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 03/10] wpa-supplicant: Ignore CVE-2024-5290
Date: Sun,  6 Oct 2024 18:54:56 -0700
Message-Id: 
 <33548479f66164f486efdb6aeba2de7da2b5b0c9.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:19 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205251

From: Peter Marko <peter.marko@siemens.com>

NVD CVE report [1] links Ubuntu bug [2] which has a very good
description/discussion about this issue.
It applies only to distros patching wpa-supplicant to allow non-root
users (e.g. via netdev group) to load modules.
This is not the case of Yocto.

Quote:
So upstream isn't vulnerable as they only expose the dbus interface to
root. Downstreams like Ubuntu and Chromium added a patch that grants
access to the netdev group. The patch is the problem, not the upstream
code IMHO.

There is also a commit [3] associated with this CVE, however that only
provides build-time configuration to limit paths which can be accessed
but it acts only as a mitigation for distros which allow non-root users
to load crafted modules.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-5290
[2] https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
[3] https://w1.fi/cgit/hostap/commit/?id=c84388ee4c66bcd310db57489eac4a75fc600747

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 22028ce957..01dc72b385 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -32,6 +32,8 @@ PACKAGECONFIG[openssl] = ",,openssl"
 
 CVE_PRODUCT = "wpa_supplicant"
 
+CVE_STATUS[CVE-2024-5290] = "not-applicable-platform: this only affects Ubuntu and other platforms patching wpa-supplicant"
+
 EXTRA_OEMAKE = "'LIBDIR=${libdir}' 'INCDIR=${includedir}' 'BINDIR=${sbindir}'"
 
 do_configure () {

From patchwork Mon Oct  7 01:54:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49991
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B6130CFB440
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:19 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web11.43998.1728266117005447141
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=RwJdbOS+;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-2e192a2fe6cso2882154a91.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266116;
 x=1728870916; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QaV2qeCwLKR4I021RYVBIhSQeFbk9Ajx/A7W83msIu4=;
        b=RwJdbOS+bYrDcw76JaKc59pzWCUCrmp8ZnzzqzRhJapXsirB2iJQaX9RZyu3mscrgQ
         uXxwX/vaim7N/MjXqIk3KmtCSW+dah6xQRRZtzWHiw92NlDAL+i5FE7XmWg9vEoinKln
         geGxThBIcZ1kIcjPzmfi52PAFLRezA9SSWBHfuZQ0Hk5RRZskz6QXix8Iy15VHL/nJ5V
         e3X/QV7f4hRKwgk6CrhKXElFud+PpaDICZ/SfFEgmRmGYZ9cWFtLQDzHsyEDo6YPzti+
         lflqXNrp7zCsGO3Y/9VMT9mV2USNZRSaNVxilhT581IzNQzoeP2p8lLAdS3xoiHlT04w
         g5dQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266116; x=1728870916;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QaV2qeCwLKR4I021RYVBIhSQeFbk9Ajx/A7W83msIu4=;
        b=WdUfEIpbGZE1uedam3gDcPm+CwSyW1fqCP6scETq8NTvJjR99O4bTHe1XH1k/VT2nN
         Kz8loRoc9N5wiYgCKOmVhyGcjNu4leVds2D4+8LBezUlPeIsKVqoRBmJPIrrqLdKw+tc
         U2nN9N5gU9xqV9I9c9v81+rwGfGL7A7f55ez0Fo/qasicUPcpTod9AWYa5CU7vOEhEo9
         CTi8I9UxSpn47JqqsuuYsmri/q/MKYd35KL8Q0Qe9/a+UB5WIyUM6HQ0T+hZbN65Ufp7
         subhTiHrXg2EJPF3GvPsOixJj892SayAXyHZHT5Ya5CcNabPWnFy1Aa0UzAHwtPJWMjI
         QePA==
X-Gm-Message-State: AOJu0YydSt0rbJeYQeU+cVGKSQYO6Z8ehwzTaQt0rHQays7+z+1ifyl6
	50gibQxVWP0g+mMh2HLPoNys/8wS03AsnfmSn9ky9YCQVGwraZpyazDYuHnXWfJnBSHIE50yWx3
	h6oI=
X-Google-Smtp-Source: 
 AGHT+IH84hlSU9U2w1an51YxKx8TeaUKUgi5Cl50XTYFolUpqnCl1Dpntp5O/TmXnfccbDmXK+c73w==
X-Received: by 2002:a17:90a:b015:b0:2e0:6cd4:973a with SMTP id
 98e67ed59e1d1-2e1e6211a0emr14937106a91.5.1728266115980;
        Sun, 06 Oct 2024 18:55:15 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.15
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:15 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 04/10] wpa-supplicant: Patch CVE-2024-3596
Date: Sun,  6 Oct 2024 18:54:57 -0700
Message-Id: 
 <2352c8a1282b7b11a542eb7a821625580c8395fa.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:19 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205252

From: Peter Marko <peter.marko@siemens.com>

Picked patches according to
http://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt

First patch is style commit picked to have a clean cherry-pick of all
mentioned commits without any conflict.
Patch CVE-2024-3596_07.patch has hostapd code removed as it is not
present in wpa-supplicant download tarball.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../wpa-supplicant/CVE-2024-3596_00.patch     |  82 +++++++++
 .../wpa-supplicant/CVE-2024-3596_01.patch     | 165 ++++++++++++++++++
 .../wpa-supplicant/CVE-2024-3596_02.patch     |  62 +++++++
 .../wpa-supplicant/CVE-2024-3596_03.patch     |  37 ++++
 .../wpa-supplicant/CVE-2024-3596_04.patch     |  52 ++++++
 .../wpa-supplicant/CVE-2024-3596_05.patch     |  51 ++++++
 .../wpa-supplicant/CVE-2024-3596_06.patch     |  46 +++++
 .../wpa-supplicant/CVE-2024-3596_07.patch     |  67 +++++++
 .../wpa-supplicant/CVE-2024-3596_08.patch     |  47 +++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   9 +
 10 files changed, 618 insertions(+)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
new file mode 100644
index 0000000000..7a8197d2b4
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch
@@ -0,0 +1,82 @@
+From 945acf3ef06a6c312927da4fa055693dbac432d1 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 2 Apr 2022 16:28:12 +0300
+Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup - no string
+ constant splitting
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac432d1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_11_auth.c | 27 +++++++++++++++------------
+ 1 file changed, 15 insertions(+), 12 deletions(-)
+
+diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
+index 783ee6dea..47cc625be 100644
+--- a/src/ap/ieee802_11_auth.c
++++ b/src/ap/ieee802_11_auth.c
+@@ -267,16 +267,16 @@ int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
+ 		os_get_reltime(&query->timestamp);
+ 		os_memcpy(query->addr, addr, ETH_ALEN);
+ 		if (hostapd_radius_acl_query(hapd, addr, query)) {
+-			wpa_printf(MSG_DEBUG, "Failed to send Access-Request "
+-				   "for ACL query.");
++			wpa_printf(MSG_DEBUG,
++				   "Failed to send Access-Request for ACL query.");
+ 			hostapd_acl_query_free(query);
+ 			return HOSTAPD_ACL_REJECT;
+ 		}
+ 
+ 		query->auth_msg = os_memdup(msg, len);
+ 		if (query->auth_msg == NULL) {
+-			wpa_printf(MSG_ERROR, "Failed to allocate memory for "
+-				   "auth frame.");
++			wpa_printf(MSG_ERROR,
++				   "Failed to allocate memory for auth frame.");
+ 			hostapd_acl_query_free(query);
+ 			return HOSTAPD_ACL_REJECT;
+ 		}
+@@ -467,19 +467,21 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+ 	if (query == NULL)
+ 		return RADIUS_RX_UNKNOWN;
+ 
+-	wpa_printf(MSG_DEBUG, "Found matching Access-Request for RADIUS "
+-		   "message (id=%d)", query->radius_id);
++	wpa_printf(MSG_DEBUG,
++		   "Found matching Access-Request for RADIUS message (id=%d)",
++		   query->radius_id);
+ 
+ 	if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
+-		wpa_printf(MSG_INFO, "Incoming RADIUS packet did not have "
+-			   "correct authenticator - dropped\n");
++		wpa_printf(MSG_INFO,
++			   "Incoming RADIUS packet did not have correct authenticator - dropped");
+ 		return RADIUS_RX_INVALID_AUTHENTICATOR;
+ 	}
+ 
+ 	if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+ 	    hdr->code != RADIUS_CODE_ACCESS_REJECT) {
+-		wpa_printf(MSG_DEBUG, "Unknown RADIUS message code %d to ACL "
+-			   "query", hdr->code);
++		wpa_printf(MSG_DEBUG,
++			   "Unknown RADIUS message code %d to ACL query",
++			   hdr->code);
+ 		return RADIUS_RX_UNKNOWN;
+ 	}
+ 
+@@ -506,8 +508,9 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+ 			    msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL,
+ 			    &info->acct_interim_interval) == 0 &&
+ 		    info->acct_interim_interval < 60) {
+-			wpa_printf(MSG_DEBUG, "Ignored too small "
+-				   "Acct-Interim-Interval %d for STA " MACSTR,
++			wpa_printf(MSG_DEBUG,
++				   "Ignored too small Acct-Interim-Interval %d for STA "
++				   MACSTR,
+ 				   info->acct_interim_interval,
+ 				   MAC2STR(query->addr));
+ 			info->acct_interim_interval = 0;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
new file mode 100644
index 0000000000..dab2eedd6a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_01.patch
@@ -0,0 +1,165 @@
+From adac846bd0e258a0aa50750bbd2b411fa0085c46 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:11:44 +0200
+Subject: [PATCH 2/9] RADIUS: Allow Message-Authenticator attribute as the
+ first attribute
+
+If a Message-Authenticator attribute was already added to a RADIUS
+message, use that attribute instead of adding a new one when finishing
+message building. This allows the Message-Authenticator attribute to be
+placed as the first attribute in the message.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=adac846bd0e258a0aa50750bbd2b411fa0085c46]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius.c | 85 ++++++++++++++++++++++++++++-----------------
+ src/radius/radius.h |  1 +
+ 2 files changed, 54 insertions(+), 32 deletions(-)
+
+diff --git a/src/radius/radius.c b/src/radius/radius.c
+index be16e27b9..2d2e00b5c 100644
+--- a/src/radius/radius.c
++++ b/src/radius/radius.c
+@@ -364,25 +364,54 @@ void radius_msg_dump(struct radius_msg *msg)
+ }
+ 
+ 
++u8 * radius_msg_add_msg_auth(struct radius_msg *msg)
++{
++	u8 auth[MD5_MAC_LEN];
++	struct radius_attr_hdr *attr;
++
++	os_memset(auth, 0, MD5_MAC_LEN);
++	attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
++				   auth, MD5_MAC_LEN);
++	if (!attr) {
++		wpa_printf(MSG_ERROR,
++			   "WARNING: Could not add Message-Authenticator");
++		return NULL;
++	}
++
++	return (u8 *) (attr + 1);
++}
++
++
++static u8 * radius_msg_auth_pos(struct radius_msg *msg)
++{
++	u8 *pos;
++	size_t alen;
++
++	if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
++				    &pos, &alen, NULL) == 0 &&
++	    alen == MD5_MAC_LEN) {
++		/* Use already added Message-Authenticator attribute */
++		return pos;
++	}
++
++	/* Add a Message-Authenticator attribute */
++	return radius_msg_add_msg_auth(msg);
++}
++
++
+ int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
+ 		      size_t secret_len)
+ {
+ 	if (secret) {
+-		u8 auth[MD5_MAC_LEN];
+-		struct radius_attr_hdr *attr;
++		u8 *pos;
+ 
+-		os_memset(auth, 0, MD5_MAC_LEN);
+-		attr = radius_msg_add_attr(msg,
+-					   RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+-					   auth, MD5_MAC_LEN);
+-		if (attr == NULL) {
+-			wpa_printf(MSG_WARNING, "RADIUS: Could not add "
+-				   "Message-Authenticator");
++		pos = radius_msg_auth_pos(msg);
++		if (!pos)
+ 			return -1;
+-		}
+ 		msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+-		hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+-			 wpabuf_len(msg->buf), (u8 *) (attr + 1));
++		if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
++			     wpabuf_len(msg->buf), pos) < 0)
++			return -1;
+ 	} else
+ 		msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+ 
+@@ -398,23 +427,19 @@ int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
+ int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
+ 			  size_t secret_len, const u8 *req_authenticator)
+ {
+-	u8 auth[MD5_MAC_LEN];
+-	struct radius_attr_hdr *attr;
+ 	const u8 *addr[4];
+ 	size_t len[4];
++	u8 *pos;
+ 
+-	os_memset(auth, 0, MD5_MAC_LEN);
+-	attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+-				   auth, MD5_MAC_LEN);
+-	if (attr == NULL) {
+-		wpa_printf(MSG_ERROR, "WARNING: Could not add Message-Authenticator");
++	pos = radius_msg_auth_pos(msg);
++	if (!pos)
+ 		return -1;
+-	}
+ 	msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+ 	os_memcpy(msg->hdr->authenticator, req_authenticator,
+ 		  sizeof(msg->hdr->authenticator));
+-	hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+-		 wpabuf_len(msg->buf), (u8 *) (attr + 1));
++	if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
++		     wpabuf_len(msg->buf), pos) < 0)
++		return -1;
+ 
+ 	/* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
+ 	addr[0] = (u8 *) msg->hdr;
+@@ -442,21 +467,17 @@ int radius_msg_finish_das_resp(struct radius_msg *msg, const u8 *secret,
+ {
+ 	const u8 *addr[2];
+ 	size_t len[2];
+-	u8 auth[MD5_MAC_LEN];
+-	struct radius_attr_hdr *attr;
++	u8 *pos;
+ 
+-	os_memset(auth, 0, MD5_MAC_LEN);
+-	attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+-				   auth, MD5_MAC_LEN);
+-	if (attr == NULL) {
+-		wpa_printf(MSG_WARNING, "Could not add Message-Authenticator");
++	pos = radius_msg_auth_pos(msg);
++	if (!pos)
+ 		return -1;
+-	}
+ 
+ 	msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
+ 	os_memcpy(msg->hdr->authenticator, req_hdr->authenticator, 16);
+-	hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+-		 wpabuf_len(msg->buf), (u8 *) (attr + 1));
++	if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
++		     wpabuf_len(msg->buf), pos) < 0)
++		return -1;
+ 
+ 	/* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
+ 	addr[0] = wpabuf_head_u8(msg->buf);
+diff --git a/src/radius/radius.h b/src/radius/radius.h
+index fb8148180..6b9dfbca2 100644
+--- a/src/radius/radius.h
++++ b/src/radius/radius.h
+@@ -240,6 +240,7 @@ struct wpabuf * radius_msg_get_buf(struct radius_msg *msg);
+ struct radius_msg * radius_msg_new(u8 code, u8 identifier);
+ void radius_msg_free(struct radius_msg *msg);
+ void radius_msg_dump(struct radius_msg *msg);
++u8 * radius_msg_add_msg_auth(struct radius_msg *msg);
+ int radius_msg_finish(struct radius_msg *msg, const u8 *secret,
+ 		      size_t secret_len);
+ int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret,
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
new file mode 100644
index 0000000000..02e35bd6de
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_02.patch
@@ -0,0 +1,62 @@
+From 54abb0d3cf35894e7d86e3f7555e95b106306803 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:13:32 +0200
+Subject: [PATCH 3/9] RADIUS server: Place Message-Authenticator attribute as
+ the first one
+
+Move the Message-Authenticator attribute to be the first attribute in
+the RADIUS messages. This mitigates certain MD5 attacks against
+RADIUS/UDP.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=54abb0d3cf35894e7d86e3f7555e95b106306803]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius_server.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
+index e02c21540..fa3691548 100644
+--- a/src/radius/radius_server.c
++++ b/src/radius/radius_server.c
+@@ -920,6 +920,11 @@ radius_server_encapsulate_eap(struct radius_server_data *data,
+ 		return NULL;
+ 	}
+ 
++	if (!radius_msg_add_msg_auth(msg)) {
++		radius_msg_free(msg);
++		return NULL;
++	}
++
+ 	sess_id = htonl(sess->sess_id);
+ 	if (code == RADIUS_CODE_ACCESS_CHALLENGE &&
+ 	    !radius_msg_add_attr(msg, RADIUS_ATTR_STATE,
+@@ -1204,6 +1209,11 @@ radius_server_macacl(struct radius_server_data *data,
+ 		return NULL;
+ 	}
+ 
++	if (!radius_msg_add_msg_auth(msg)) {
++		radius_msg_free(msg);
++		return NULL;
++	}
++
+ 	if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
+ 		RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
+ 		radius_msg_free(msg);
+@@ -1253,6 +1263,11 @@ static int radius_server_reject(struct radius_server_data *data,
+ 		return -1;
+ 	}
+ 
++	if (!radius_msg_add_msg_auth(msg)) {
++		radius_msg_free(msg);
++		return -1;
++	}
++
+ 	os_memset(&eapfail, 0, sizeof(eapfail));
+ 	eapfail.code = EAP_CODE_FAILURE;
+ 	eapfail.identifier = 0;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
new file mode 100644
index 0000000000..c4aa40c811
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_03.patch
@@ -0,0 +1,37 @@
+From 689a248260c9708e6c92cd8635382725a29e34ca Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:16:12 +0200
+Subject: [PATCH 4/9] eapol_test: Move Message-Authenticator attribute to be
+ the first one
+
+Even if this is not strictly speaking necessary for mitigating certain
+RADIUS protocol attacks, be consistent with the RADIUS server behavior
+and move the Message-Authenticator attribute to be the first attribute
+in the message from RADIUS client.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=689a248260c9708e6c92cd8635382725a29e34ca]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ wpa_supplicant/eapol_test.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
+index e256ac50e..57082e4b8 100644
+--- a/wpa_supplicant/eapol_test.c
++++ b/wpa_supplicant/eapol_test.c
+@@ -194,6 +194,9 @@ static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
+ 		return;
+ 	}
+ 
++	if (!radius_msg_add_msg_auth(msg))
++		goto fail;
++
+ 	radius_msg_make_authenticator(msg);
+ 
+ 	hdr = (const struct eap_hdr *) eap;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
new file mode 100644
index 0000000000..ce499ce8b6
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_04.patch
@@ -0,0 +1,52 @@
+From 37fe8e48ab44d44fe3cf5dd8f52cb0a10be0cd17 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:22:43 +0200
+Subject: [PATCH 5/9] hostapd: Move Message-Authenticator attribute to be the
+ first one in req
+
+Even if this is not strictly speaking necessary for mitigating certain
+RADIUS protocol attacks, be consistent with the RADIUS server behavior
+and move the Message-Authenticator attribute to be the first attribute
+in the message from RADIUS client in hostapd.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=37fe8e48ab44d44fe3cf5dd8f52cb0a10be0cd17]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_11_auth.c | 3 +++
+ src/ap/ieee802_1x.c      | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
+index 47cc625be..2a950cf7f 100644
+--- a/src/ap/ieee802_11_auth.c
++++ b/src/ap/ieee802_11_auth.c
+@@ -119,6 +119,9 @@ static int hostapd_radius_acl_query(struct hostapd_data *hapd, const u8 *addr,
+ 		goto fail;
+ 	}
+ 
++	if (!radius_msg_add_msg_auth(msg))
++		goto fail;
++
+ 	os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, MAC2STR(addr));
+ 	if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, (u8 *) buf,
+ 				 os_strlen(buf))) {
+diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
+index 753c88335..89e3dd30e 100644
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -702,6 +702,9 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
+ 		goto fail;
+ 	}
+ 
++	if (!radius_msg_add_msg_auth(msg))
++		goto fail;
++
+ 	if (sm->identity &&
+ 	    !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
+ 				 sm->identity, sm->identity_len)) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
new file mode 100644
index 0000000000..44113afd4a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_05.patch
@@ -0,0 +1,51 @@
+From f54157077f799d84ce26bed6ad6b01c4a16e31cf Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:26:58 +0200
+Subject: [PATCH 6/9] RADIUS DAS: Move Message-Authenticator attribute to be
+ the first one
+
+Even if this might not be strictly speaking necessary for mitigating
+certain RADIUS protocol attacks, be consistent with the RADIUS server
+behavior and move the Message-Authenticator attribute to be the first
+attribute in the RADIUS DAS responses from hostapd.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=f54157077f799d84ce26bed6ad6b01c4a16e31cf]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius_das.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/radius/radius_das.c b/src/radius/radius_das.c
+index aaa3fc267..8d7c9b4c4 100644
+--- a/src/radius/radius_das.c
++++ b/src/radius/radius_das.c
+@@ -177,6 +177,11 @@ fail:
+ 	if (reply == NULL)
+ 		return NULL;
+ 
++	if (!radius_msg_add_msg_auth(reply)) {
++		radius_msg_free(reply);
++		return NULL;
++	}
++
+ 	if (error) {
+ 		if (!radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE,
+ 					       error)) {
+@@ -368,6 +373,11 @@ fail:
+ 	if (!reply)
+ 		return NULL;
+ 
++	if (!radius_msg_add_msg_auth(reply)) {
++		radius_msg_free(reply);
++		return NULL;
++	}
++
+ 	if (error &&
+ 	    !radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE, error)) {
+ 		radius_msg_free(reply);
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
new file mode 100644
index 0000000000..9a284b5261
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_06.patch
@@ -0,0 +1,46 @@
+From 934b0c3a45ce0726560ccefbd992a9d385c36385 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 16 Mar 2024 11:31:37 +0200
+Subject: [PATCH 7/9] Require Message-Authenticator in Access-Reject even
+ without EAP-Message
+
+Do not allow the exception for missing Message-Authenticator in
+Access-Reject without EAP-Message. While such exception is allowed in
+RADIUS definition, there is no strong reason to maintain this since
+Access-Reject is supposed to include EAP-Message and even if it doesn't,
+discarding Access-Reject will result in the connection not completing.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=934b0c3a45ce0726560ccefbd992a9d385c36385]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_1x.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
+index 89e3dd30e..6e7b75128 100644
+--- a/src/ap/ieee802_1x.c
++++ b/src/ap/ieee802_1x.c
+@@ -1939,16 +1939,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
+ 	}
+ 	sta = sm->sta;
+ 
+-	/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
+-	 * present when packet contains an EAP-Message attribute */
+-	if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
+-	    radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
+-				0) < 0 &&
+-	    radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
+-		wpa_printf(MSG_DEBUG,
+-			   "Allowing RADIUS Access-Reject without Message-Authenticator since it does not include EAP-Message");
+-	} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
+-				     req, 1)) {
++	if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 1)) {
+ 		wpa_printf(MSG_INFO,
+ 			   "Incoming RADIUS packet did not have correct Message-Authenticator - dropped");
+ 		return RADIUS_RX_INVALID_AUTHENTICATOR;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
new file mode 100644
index 0000000000..177c6f81e6
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_07.patch
@@ -0,0 +1,67 @@
+From 58097123ec5ea6f8276b38cb9b07669ec368a6c1 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 17 Mar 2024 10:42:56 +0200
+Subject: [PATCH 8/9] RADIUS: Require Message-Authenticator attribute in MAC
+ ACL cases
+
+hostapd required Message-Authenticator attribute to be included in EAP
+authentication cases, but that requirement was not in place for MAC ACL
+cases. Start requiring Message-Authenticator attribute for MAC ACL by
+default. Unlike the EAP case, this can still be disabled with
+radius_require_message_authenticator=1 to maintain compatibility with
+some RADIUS servers when used in a network where the connection to such
+a server is secure.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=58097123ec5ea6f8276b38cb9b07669ec368a6c1]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ap_config.c       |  1 +
+ src/ap/ap_config.h       |  1 +
+ src/ap/ieee802_11_auth.c |  4 +++-
+ 5 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
+index 86b6e097c..cf497a180 100644
+--- a/src/ap/ap_config.c
++++ b/src/ap/ap_config.c
+@@ -120,6 +120,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
+ #endif /* CONFIG_IEEE80211R_AP */
+ 
+ 	bss->radius_das_time_window = 300;
++	bss->radius_require_message_authenticator = 1;
+ 
+ 	bss->anti_clogging_threshold = 5;
+ 	bss->sae_sync = 5;
+diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
+index 49cd3168a..22ad617f4 100644
+--- a/src/ap/ap_config.h
++++ b/src/ap/ap_config.h
+@@ -302,6 +302,7 @@ struct hostapd_bss_config {
+ 	struct hostapd_ip_addr own_ip_addr;
+ 	char *nas_identifier;
+ 	struct hostapd_radius_servers *radius;
++	int radius_require_message_authenticator;
+ 	int acct_interim_interval;
+ 	int radius_request_cui;
+ 	struct hostapd_radius_attr *radius_auth_req_attr;
+diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
+index 2a950cf7f..dab9bcde3 100644
+--- a/src/ap/ieee802_11_auth.c
++++ b/src/ap/ieee802_11_auth.c
+@@ -474,7 +474,9 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
+ 		   "Found matching Access-Request for RADIUS message (id=%d)",
+ 		   query->radius_id);
+ 
+-	if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) {
++	if (radius_msg_verify(
++		    msg, shared_secret, shared_secret_len, req,
++		    hapd->conf->radius_require_message_authenticator)) {
+ 		wpa_printf(MSG_INFO,
+ 			   "Incoming RADIUS packet did not have correct authenticator - dropped");
+ 		return RADIUS_RX_INVALID_AUTHENTICATOR;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
new file mode 100644
index 0000000000..e23d1e0047
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-3596_08.patch
@@ -0,0 +1,47 @@
+From f302d9f9646704cce745734af21d540baa0da65f Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 17 Mar 2024 10:47:58 +0200
+Subject: [PATCH 9/9] RADIUS: Check Message-Authenticator if it is present even
+ if not required
+
+Always check the Message-Authenticator attribute in a received RADIUS
+message if it is present. Previously, this would have been skipped if
+the attribute was not required to be present.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=f302d9f9646704cce745734af21d540baa0da65f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/radius/radius.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/radius/radius.c b/src/radius/radius.c
+index 2d2e00b5c..a0e3ce399 100644
+--- a/src/radius/radius.c
++++ b/src/radius/radius.c
+@@ -879,6 +879,20 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
+ 		return 1;
+ 	}
+ 
++	if (!auth) {
++		u8 *pos;
++		size_t alen;
++
++		if (radius_msg_get_attr_ptr(msg,
++					    RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
++					    &pos, &alen, NULL) == 0) {
++			/* Check the Message-Authenticator attribute since it
++			 * was included even if we are configured to not
++			 * require it. */
++			auth = 1;
++		}
++	}
++
+ 	if (auth &&
+ 	    radius_msg_verify_msg_auth(msg, secret, secret_len,
+ 				       sent_msg->hdr->authenticator)) {
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 01dc72b385..56c01ede54 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -19,6 +19,15 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \
            file://0001-Install-wpa_passphrase-when-not-disabled.patch \
            file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \
+           file://CVE-2024-3596_00.patch \
+           file://CVE-2024-3596_01.patch \
+           file://CVE-2024-3596_02.patch \
+           file://CVE-2024-3596_03.patch \
+           file://CVE-2024-3596_04.patch \
+           file://CVE-2024-3596_05.patch \
+           file://CVE-2024-3596_06.patch \
+           file://CVE-2024-3596_07.patch \
+           file://CVE-2024-3596_08.patch \
            "
 SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
 

From patchwork Mon Oct  7 01:54:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49994
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B41CDCFB424
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:19 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web11.43999.1728266118401287638
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:18 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=jXjK7z90;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-2e06acff261so2684363a91.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266117;
 x=1728870917; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ZaIN2rrl8cioMY0bFPMre+0q1boxaCOHWB9Zgq8LqnM=;
        b=jXjK7z90VjTWH7YoLY0+LqRZl14LmkQ0BgeV4OQENpnKl45yTnbGVgiqPceO4A9uNB
         irnFyg/m7ZOcDKU7GekssJu9hmJ/QVNwtjA9vDfH8pcnqkkHlH1IuOGwKOjPRQVq0m8S
         7/itTWVleMIwcup0EPheeoMvn18DFsmhHBP0eaHNKRAsOSYo+2Nl5crm6dpv8NSo2MJ4
         CZwWeMMfaTXsXFrP3D1EhM7Xwpy+duW2FTzadFJeC8+x8r/OKIAeVUwCQ5Adzy/YiRHR
         XBHR2R1bXzmyLPN1LE6kBGhoKEQ7K+iEI/o6aqoLBWABm/9X4J2etUSXrI7i44F0VuFN
         vq/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266117; x=1728870917;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ZaIN2rrl8cioMY0bFPMre+0q1boxaCOHWB9Zgq8LqnM=;
        b=PqPVshrIeOkDqfs1svvXYIOZDOTb68sjsBO4SUuKxeFuo7Ah9nOTyf2JspmpOdomLj
         Ck70kg2COXB2ochoMY4IzAZ+1YzT1NdVyXf9mS387OAvTSHhBVjPAZFtZK1p4Nzh20eH
         HL5xmYSTek37mfhHxhhOmFZOFwQW+kfaS3xgusjwwJ3pIopOwW/mV5Q+dMhpqBurZm35
         tiFkiJW/equXB92bq1cRhRDfMFhLA3RcZP9ZnHQC5+fDl6cSbt2DC1IqbeH6emBvjAPN
         4dA8HazdRmxJO1G3gqnZzULg1MeWw4b2eMnzvCzZHC1Q1yHNNXCQIKXQW0gR/EuPLOuu
         YzMQ==
X-Gm-Message-State: AOJu0Yx63NaQHSHVTt9Id5v5zJPog/LMxA3+oPeTS5zXTS0I7HE2lbqr
	/P6qV6TCpzerlxizsDEQEoWvbEWK7XeyTUS/lvJQseAFUMy9iM477W/sZnBRux3tNJAHcVyO3iK
	jz3w=
X-Google-Smtp-Source: 
 AGHT+IGy1wSFH6vjQkAuN4GQftTt7qX19CbroX38opjxpyXmuWKUuMf/u+8hs3awVgCcKsmuvrGyBA==
X-Received: by 2002:a17:90a:7c03:b0:2e1:9431:af51 with SMTP id
 98e67ed59e1d1-2e1e63bda11mr11870045a91.38.1728266117473;
        Sun, 06 Oct 2024 18:55:17 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:17 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 05/10] wpa-supplicant: Patch security advisory
 2024-2
Date: Sun,  6 Oct 2024 18:54:58 -0700
Message-Id: 
 <44f1d5f08c6dfbd03d2997fc6fa8f257339589fa.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:19 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205253

From: Peter Marko <peter.marko@siemens.com>

Pick patches according to
http://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
SAE H2E and incomplete downgrade protection for group negotiation

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...valid-Rejected-Groups-element-length.patch | 52 +++++++++++++++++++
 ...valid-Rejected-Groups-element-length.patch | 50 ++++++++++++++++++
 ...id-Rejected-Groups-element-in-the-pa.patch | 38 ++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |  3 ++
 4 files changed, 143 insertions(+)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
new file mode 100644
index 0000000000..5780f27f8b
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
@@ -0,0 +1,52 @@
+From 364c2da8741f0979dae497551e70b94c0e6c8636 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 7 Jul 2024 11:46:49 +0300
+Subject: [PATCH 1/3] SAE: Check for invalid Rejected Groups element length
+ explicitly
+
+Instead of practically ignoring an odd octet at the end of the element,
+check for such invalid case explicitly. This is needed to avoid a
+potential group downgrade attack.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2024-3596
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=364c2da8741f0979dae497551e70b94c0e6c8636]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/ap/ieee802_11.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index db4104928..1a62e30cc 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1258,7 +1258,7 @@ static int check_sae_rejected_groups(struct hostapd_data *hapd,
+ 				     struct sae_data *sae)
+ {
+ 	const struct wpabuf *groups;
+-	size_t i, count;
++	size_t i, count, len;
+ 	const u8 *pos;
+ 
+ 	if (!sae->tmp)
+@@ -1268,7 +1268,15 @@ static int check_sae_rejected_groups(struct hostapd_data *hapd,
+ 		return 0;
+ 
+ 	pos = wpabuf_head(groups);
+-	count = wpabuf_len(groups) / 2;
++	len = wpabuf_len(groups);
++	if (len & 1) {
++		wpa_printf(MSG_DEBUG,
++			   "SAE: Invalid length of the Rejected Groups element payload: %zu",
++			   len);
++		return 1;
++	}
++
++	count = len / 2;
+ 	for (i = 0; i < count; i++) {
+ 		int enabled;
+ 		u16 group;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
new file mode 100644
index 0000000000..3e96ae9e2e
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch
@@ -0,0 +1,50 @@
+From 593a7c2f8c93edd6b552f2d42e28164464b4e6ff Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Tue, 9 Jul 2024 23:33:38 +0300
+Subject: [PATCH 2/3] SAE: Check for invalid Rejected Groups element length
+ explicitly on STA
+
+Instead of practically ignoring an odd octet at the end of the element,
+check for such invalid case explicitly. This is needed to avoid a
+potential group downgrade attack.
+
+Fixes: 444d76f74f65 ("SAE: Check that peer's rejected groups are not enabled")
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=593a7c2f8c93edd6b552f2d42e28164464b4e6ff]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ wpa_supplicant/sme.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
+index 7f43216c6..c7289f6a8 100644
+--- a/wpa_supplicant/sme.c
++++ b/wpa_supplicant/sme.c
+@@ -1222,14 +1222,21 @@ static int sme_sae_is_group_enabled(struct wpa_supplicant *wpa_s, int group)
+ static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
+ 					 const struct wpabuf *groups)
+ {
+-	size_t i, count;
++	size_t i, count, len;
+ 	const u8 *pos;
+ 
+ 	if (!groups)
+ 		return 0;
+ 
+ 	pos = wpabuf_head(groups);
+-	count = wpabuf_len(groups) / 2;
++	len = wpabuf_len(groups);
++	if (len & 1) {
++		wpa_printf(MSG_DEBUG,
++			   "SAE: Invalid length of the Rejected Groups element payload: %zu",
++			   len);
++		return 1;
++	}
++	count = len / 2;
+ 	for (i = 0; i < count; i++) {
+ 		int enabled;
+ 		u16 group;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
new file mode 100644
index 0000000000..5e9e8bc01d
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch
@@ -0,0 +1,38 @@
+From 9716bf1160beb677e965d9e6475d6c9e162e8374 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Tue, 9 Jul 2024 23:34:34 +0300
+Subject: [PATCH 3/3] SAE: Reject invalid Rejected Groups element in the parser
+
+There is no need to depend on all uses (i.e., both hostapd and
+wpa_supplicant) to verify that the length of the Rejected Groups field
+in the Rejected Groups element is valid (i.e., a multiple of two octets)
+since the common parser can reject the message when detecting this.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=9716bf1160beb677e965d9e6475d6c9e162e8374]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/common/sae.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/common/sae.c b/src/common/sae.c
+index c0f154e91..620bdf753 100644
+--- a/src/common/sae.c
++++ b/src/common/sae.c
+@@ -2076,6 +2076,12 @@ static int sae_parse_rejected_groups(struct sae_data *sae,
+ 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
+ 	epos++; /* skip ext ID */
+ 	len--;
++	if (len & 1) {
++		wpa_printf(MSG_DEBUG,
++			   "SAE: Invalid length of the Rejected Groups element payload: %u",
++			   len);
++		return WLAN_STATUS_UNSPECIFIED_FAILURE;
++	}
+ 
+ 	wpabuf_free(sae->tmp->peer_rejected_groups);
+ 	sae->tmp->peer_rejected_groups = wpabuf_alloc(len);
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 56c01ede54..c1a4383b47 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -28,6 +28,9 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://CVE-2024-3596_06.patch \
            file://CVE-2024-3596_07.patch \
            file://CVE-2024-3596_08.patch \
+           file://0001-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \
+           file://0002-SAE-Check-for-invalid-Rejected-Groups-element-length.patch \
+           file://0003-SAE-Reject-invalid-Rejected-Groups-element-in-the-pa.patch \
            "
 SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
 

From patchwork Mon Oct  7 01:54:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49996
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CB34CCFB442
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:29 +0000 (UTC)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com
 [209.85.216.42])
 by mx.groups.io with SMTP id smtpd.web11.44001.1728266119745681279
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:19 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Q50NI7S1;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.42,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f42.google.com with SMTP id
 98e67ed59e1d1-2e1c91fe739so2764247a91.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266119;
 x=1728870919; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=dDUY1r94ec2SUYqpRJy69B7+8xmD9DGRd8NGAUWXfFk=;
        b=Q50NI7S1HqUvLdau8WqsmyW3X4zJbw/bqsk1Mier5sHEZbNau3iqa3FvSRYPKZmpF1
         /Z/u8TCrGWAajgl+GSdHYLjsCBES+thu4ZdecAVDBMHrYMNskFrTYiK5/Q9rg1yjT6mt
         iZ1bsL2Y5qnQTiErjP7tTxIlJMV+orKwtpcXzq49v1bHkLX+uUKHR3+YVacGS+6nunN2
         XC7hU1oeEY32lgVZ7+7lKhFI73HGjeyw2qINdP6rOgrRP8tBhJycEjQSIbERMwnmdYt5
         TC5tptK/FheyotKeXm3pT+/JBhp80NnIJnCtDwcHhVJnpl6Z2dV1keJFFpDFIz4xO9Ui
         lYpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266119; x=1728870919;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=dDUY1r94ec2SUYqpRJy69B7+8xmD9DGRd8NGAUWXfFk=;
        b=MpRBsB9jEmmW9sDji+BEdjWpZEUnQiqD/usCgJmASZLF2z9tKmVhYcuhrm4eK3T7/A
         /CwZn6IbHyOt8/fN+ZxYFHUb7J0+wd6psF7yXiHBnzpzof43HvWL7I80mq/DScdYq8RY
         zwrM9k+GqYr9g/cAAbYtir6R1VjQOI51tdmm5oUs8OXZZSkiQx8XSC9RDBBgn2LsOu2t
         S2YPYyryz0bkL9JlLK1AMB78/fPYMAwxYjr7kArZYn3w1bTWgTszC8wi/T48OJ6PaH73
         PWYssirkzF4eJazO0AeW8+/pCkpg9adp+aN0GWNwgchBog56fRMZ5j/S+EItoi4jkrWX
         sPfg==
X-Gm-Message-State: AOJu0YxsGSLQjV/XdOyyE2rCGxvGa6ZTLERZ47JjKklJRsd5Z5DYFhw2
	TZoM36UCP7/ujdwfOaFlxbbHZIUOmCa+uqoC3jeiX0lBKkkCibEQNYk+/Mt3j87zoGKfDnHbvGF
	FJc0=
X-Google-Smtp-Source: 
 AGHT+IFrj96KegXXj6sevYdXGcG55AEYNpdo8mawfpnzw87AlFBJ6imFttyq/rKKVf/ETHUYZWOBiw==
X-Received: by 2002:a17:90a:fd87:b0:2e0:80c5:bdea with SMTP id
 98e67ed59e1d1-2e1e621e7d8mr11324189a91.11.1728266118983;
        Sun, 06 Oct 2024 18:55:18 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.18
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:18 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 06/10] glibc: stable 2.39 branch updates.
Date: Sun,  6 Oct 2024 18:54:59 -0700
Message-Id: 
 <d652964e2bd860473b2d39f57b92e51d646672bf.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:29 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205254

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

Below commits on glibc-2.39 stable branch are updated.
84f6bfce2c libio: Attempt wide backup free only for non-legacy code
4e382ce01c debug: Fix read error handling in pcprofiledump
7f5027995f elf: Fix tst-dlopen-tlsreinit1.out test dependency
27a0c6b490 elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)
e3d5d2d350 elf: Clarify and invert second argument of _dl_allocate_tls_init
28c4f32f71 elf: Support recursive use of dynamic TLS in interposed malloc
5ff30b2f75 nptl: Use <support/check.h> facilities in tst-setuid3
cae418638e posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64
a500b48bd2 ungetc: Fix backup buffer leak on program exit [BZ #27821]
70939528c6 ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
f0c308ab23 Make tst-ungetc use libsupport
3c5f493d87 stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
98de2f2bae support: Add FAIL test failure helper
e73fd06b7f string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)
37c2aa4eaa Define __libc_initial for the static libc
49953727d1 x86: Fix bug in strchrnul-evex512 [BZ #32078]
81631a0dd1 Adjust check-local-headers test for libaudit 4.0
9fbbe86f7c x32/cet: Support shadow stack during startup for Linux 6.10
eeff407b19 x86-64: Remove sysdeps/x86_64/x32/dl-machine.h
1ab7faf86d support: Add options list terminator to the test driver
6eebc92cb2 manual/stdio: Further clarify putc, putwc, getc, and getwc
afc15c2044 Fix name space violation in fortify wrappers (bug 32052)
5a5eb72d8e resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
7f5ccdd8af Add mremap tests
a8c230c881 mremap: Update manual entry
9f349d02c6 linux: Update the mremap C implementation [BZ #31968]
127ef30c46 Enhanced test coverage for strncmp, wcsncmp
3b25c7fa87 Enhance test coverage for strnlen, wcsnlen
4bdcc1963b manual: make setrlimit() description less ambiguous
b71a51189d manual/stdio: Clarify putc and putwc
946006d37c malloc: add multi-threaded tests for aligned_alloc/calloc/malloc
f11b7178a1 malloc: avoid global locks in tst-aligned_alloc-lib.c
51db012c94 resolv: Track single-request fallback via _res._flags (bug 31476)
8c9fbc6651 resolv: Do not wait for non-existing second DNS response after error (bug 30081)
fc1dc39984 resolv: Allow short error responses to match any query (bug 31890)
cb19cef087 elf: Fix localplt.awk for DT_RELR-enabled builds (BZ 31978)
f6a75fddf4 Fix usage of _STACK_GROWS_DOWN and _STACK_GROWS_UP defines [BZ 31989]

Results before updates as below:

No. of passes                     4581
No. of expected passes            2
No. of expected failures          16
No. of unexpected failures        214
No. of unsupported tests          45

Results after updates as below:

No. of passes                     4605
No. of expected passes            2
No. of expected failures          16
No. of unexpected failures        212
No. of unsupported tests          46

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 955b22bc38..dc162b2946 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "e8f521709731ce3ae8d6f1eca30135d5c0606f02"
+SRCREV_glibc ?= "84f6bfce2c37e32b9888321fc3131ffbbe6deeba"
 SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"

From patchwork Mon Oct  7 01:55:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 50000
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DA404CFB445
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:29 +0000 (UTC)
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web10.44008.1728266121463238125
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:21 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=IzexEIi6;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.47,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f47.google.com with SMTP id
 98e67ed59e1d1-2e07d85e956so3193747a91.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266121;
 x=1728870921; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=eB7eL2cVa75tBUxq0HyOdG+bw01VTu04OlLqsI1QHPo=;
        b=IzexEIi6FqJFuzkOseAckVe6iZ0ssfEfrLRBSEoMvJ2yP2529yw2qurHNf/rqE54NP
         15OIzahbX6aJgY/9+fINLhdNHwjU+Qq+uol9h5i+I7rBLVrvPlr4tW8Dfv7Anlr4kz1N
         YawcNoKBxVX7roCcDGuz0ma4yWa3ePpGUQe3RptHcDEpbjCc9UIfTIGCJZBqDWo4rUfC
         wh1wvVhYy68WXV5nmx6IwkEFOpd1abe0kpaf7IpHjmKA7SYpsE642uVJfDYFv3TuiF5W
         1q+qT+O2gaSIHHnl3/pnHjP5lJD9zpC6Wi34eE89CURULaWRb/sHfhJwEx+qmyfImFmV
         B2zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266121; x=1728870921;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=eB7eL2cVa75tBUxq0HyOdG+bw01VTu04OlLqsI1QHPo=;
        b=mrQm/PFwMQa8DzekFcrFTNXn465DcEfd/vOM7XUCjAK2k7zI36J67xFAXCyIlGLpd+
         zYBq6bZ2WoRdyyi6DGuu7yFbW9yK9h6OYG7f1ctE9UEii+KT9GeRKvrVZODNM2jiF5/R
         UePjXa0WzOVYzMQd4C+lxaJRPjT3xY/RlDyZFLZzWYhxTU1ig+SdGoOCgMrsGdcs9vGP
         PdYWtRtZmYyiXsnUC52WubbeOpn2OHG1PDZjkRzvLYiel3LaiiAF1WvZJa8KcAhXX+fH
         qWdP7Ovd4A6MH2pX4DaKja1vAWgVgT6aSVnlNTFQ/S13LB85IROx5so1sDclAynqyVc3
         ZmDw==
X-Gm-Message-State: AOJu0YzgUpGWReY2dxJ3km8rB7q5alP2E/9wniQvDcLcx84Q1tC6qnGC
	f7iozVHOE4ydQhlaKDDU+YiAY/48uFE28BGslxVtGIVPOvc8L/6YM/xqhynMvqRkc/Hmzfpkjol
	cbOM=
X-Google-Smtp-Source: 
 AGHT+IHrteRRIJ68GuvVsHbkb8ZybEp42+yzkDELoYgH9fH/gWTy16rBzBwzPYUkLoae+oahWckUpQ==
X-Received: by 2002:a17:90b:3890:b0:2e1:e280:3d59 with SMTP id
 98e67ed59e1d1-2e1e639f23amr12157847a91.33.1728266120564;
        Sun, 06 Oct 2024 18:55:20 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.19
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:20 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 07/10] webkitgtk: upgrade 2.44.1 -> 2.44.3
Date: Sun,  6 Oct 2024 18:55:00 -0700
Message-Id: 
 <9a05f72805fa4c8ac408024bc8cd51892ad4a37c.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:29 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205255

From: Hitendra Prajapati <hprajapati@mvista.com>

Remove below patches which already fix in this upgraded version.

0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
0002-More-dynamicDowncast-adoption-in-platform-code.patch

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...able-to-control-macro-__PAS_ALWAYS_I.patch |  6 +-
 ...spection.cmake-prefix-variables-obta.patch |  2 +-
 ...fic-declarations-in-FELighting.h-unn.patch | 44 -------------
 ...icDowncast-adoption-in-platform-code.patch | 65 -------------------
 ...d5e22213fdaca2a29ec3400c927d710a37a8.patch |  2 +-
 .../webkit/webkitgtk/no-musttail-arm.patch    |  6 +-
 .../webkit/webkitgtk/reproducibility.patch    |  2 +-
 .../webkit/webkitgtk/t6-not-declared.patch    | 12 ++--
 ...ebkitgtk_2.44.1.bb => webkitgtk_2.44.3.bb} |  6 +-
 9 files changed, 16 insertions(+), 129 deletions(-)
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.44.1.bb => webkitgtk_2.44.3.bb} (96%)

diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch b/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch
index a819e22127..a19008a41f 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch
@@ -1,4 +1,4 @@
-From 575b848a3b3c14280679db80d0d518922c83d62a Mon Sep 17 00:00:00 2001
+From 99a21305ae683a216e9299e5dbdd763190a8cfe3 Mon Sep 17 00:00:00 2001
 From: Kai Kang <kai.kang@windriver.com>
 Date: Fri, 11 Aug 2023 14:20:48 +0800
 Subject: [PATCH] Add a variable to control macro
@@ -57,10 +57,10 @@ index 5d5fb38c..a554f700 100644
  #else
  #define __PAS_ALWAYS_INLINE_BUT_NOT_INLINE
 diff --git a/Source/cmake/WebKitCompilerFlags.cmake b/Source/cmake/WebKitCompilerFlags.cmake
-index 9b2fecf9..7cdc2b6a 100644
+index 0732785e..4879ec40 100644
 --- a/Source/cmake/WebKitCompilerFlags.cmake
 +++ b/Source/cmake/WebKitCompilerFlags.cmake
-@@ -453,3 +453,10 @@ endif ()
+@@ -452,3 +452,10 @@ endif ()
  
  # FIXME: Enable pre-compiled headers for all ports <https://webkit.org/b/139438>
  set(CMAKE_DISABLE_PRECOMPILE_HEADERS ON)
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
index 8e29ce17ed..dda20a7b25 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch
@@ -1,4 +1,4 @@
-From 6348f91c29e2350ad3fec5264aa57dd4994d4583 Mon Sep 17 00:00:00 2001
+From d1f6a1b6a1298f6ef2f1677e9996aa60a002134a Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Tue, 27 Oct 2015 16:02:19 +0200
 Subject: [PATCH] FindGObjectIntrospection.cmake: prefix variables obtained
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
deleted file mode 100644
index 6ffe0a9454..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From dbd1a59b239b3902e717fdeb063883dbb0b06ee9 Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Sun, 26 May 2024 14:24:35 -0700
-Subject: [PATCH 1/2] Remove ARM-specific declarations in FELighting.h unneeded
- after 272873@main
-
-Unreviewed build fix.
-
-* Source/WebCore/platform/graphics/filters/FELighting.h: Remove unneeded
-  declarations for the getPowerCoefficients() and platformApplyNeon()
-  functions, which are now defined elsewhere; and were causing a build
-  failure due to usage of the protected LightingData type.
-
-Canonical link: https://commits.webkit.org/279334@main
-
-Backport this patch for fixing following compile error:
-webkitgtk-2.44.1/Source/WebCore/platform/graphics/filters/FELighting.h:73:41: error: 'LightingData' does not name a type 
-   73 |     inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
-
-Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/36d1b5d7c0ef9a733ee8055b1f35b1d24435d538]
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- Source/WebCore/platform/graphics/filters/FELighting.h | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h
-index 4efab920..dcd80b6f 100644
---- a/Source/WebCore/platform/graphics/filters/FELighting.h
-+++ b/Source/WebCore/platform/graphics/filters/FELighting.h
-@@ -68,11 +68,6 @@ protected:
- 
-     std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
- 
--#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
--    static int getPowerCoefficients(float exponent);
--    inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
--#endif
--
-     Color m_lightingColor;
-     float m_surfaceScale;
-     float m_diffuseConstant;
--- 
-2.25.1
-
diff --git a/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch b/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
deleted file mode 100644
index a0c7b6bd57..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/0002-More-dynamicDowncast-adoption-in-platform-code.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 88fa4b49a10ecfb74c36c678c1e2b76136357153 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Fri, 12 Jul 2024 10:16:05 +0800
-Subject: [PATCH 2/2] More dynamicDowncast<> adoption in platform code
-
-Backport part of commit [90d13e7 More dynamicDowncast<> adoption in
-platform code] to fix following compile error for ARM_NEON:
-webkitgtk-2.44.1/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp:545:37: error: 'LS_POINT' was not declared in this scope; did you mean 'WebCore::LightType::LS_POINT'?
-  545 |     if (data.lightSource->type() == LS_POINT) {
-      |                                     ^~~~~~~~
-      |                                     WebCore::LightType::LS_POINT
-
-Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/90d13e77ab2192b7efa8e763eeb8b08dbbb6d5c3]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- .../filters/FELightingNeonParallelApplier.cpp | 22 +++++++++----------
- 1 file changed, 10 insertions(+), 12 deletions(-)
-
-diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-index 04d855fa..dccc003d 100644
---- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-+++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-@@ -542,19 +542,17 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da
-     floatArguments.colorBlue = color.blue;
-     floatArguments.padding4 = 0;
- 
--    if (data.lightSource->type() == LS_POINT) {
-+    if (auto* pointLightSource = dynamicDowncast<PointLightSource>(*data.lightSource)) {
-         neonData.flags |= FLAG_POINT_LIGHT;
--        auto& pointLightSource = downcast<PointLightSource>(*data.lightSource);
--        floatArguments.lightX = pointLightSource.position().x();
--        floatArguments.lightY = pointLightSource.position().y();
--        floatArguments.lightZ = pointLightSource.position().z();
-+        floatArguments.lightX = pointLightSource->position().x();
-+        floatArguments.lightY = pointLightSource->position().y();
-+        floatArguments.lightZ = pointLightSource->position().z();
-         floatArguments.padding2 = 0;
--    } else if (data.lightSource->type() == LS_SPOT) {
-+    } else if (auto* spotLightSource = dynamicDowncast<SpotLightSource>(*data.lightSource)) {
-         neonData.flags |= FLAG_SPOT_LIGHT;
--        auto& spotLightSource = downcast<SpotLightSource>(*data.lightSource);
--        floatArguments.lightX = spotLightSource.position().x();
--        floatArguments.lightY = spotLightSource.position().y();
--        floatArguments.lightZ = spotLightSource.position().z();
-+        floatArguments.lightX = spotLightSource->position().x();
-+        floatArguments.lightY = spotLightSource->position().y();
-+        floatArguments.lightZ = spotLightSource->position().z();
-         floatArguments.padding2 = 0;
- 
-         floatArguments.directionX = paintingData.directionVector.x();
-@@ -565,8 +563,8 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da
-         floatArguments.coneCutOffLimit = paintingData.coneCutOffLimit;
-         floatArguments.coneFullLight = paintingData.coneFullLight;
-         floatArguments.coneCutOffRange = paintingData.coneCutOffLimit - paintingData.coneFullLight;
--        neonData.coneExponent = getPowerCoefficients(spotLightSource.specularExponent());
--        if (spotLightSource.specularExponent() == 1)
-+        neonData.coneExponent = getPowerCoefficients(spotLightSource->specularExponent());
-+        if (spotLightSource->specularExponent() == 1)
-             neonData.flags |= FLAG_CONE_EXPONENT_IS_1;
-     } else {
-         ASSERT(data.lightSource->type() == LS_DISTANT);
--- 
-2.25.1
-
diff --git a/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch b/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
index 76bcb3df99..0d8976c502 100644
--- a/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
@@ -1,4 +1,4 @@
-From 1523e00a2a76e285262c8aa3721b5d99f3f2d612 Mon Sep 17 00:00:00 2001
+From 2ee948191de1c561b72ebf462605376cfb3ce7af Mon Sep 17 00:00:00 2001
 From: Thomas Devoogdt <thomas.devoogdt@barco.com>
 Date: Mon, 16 Jan 2023 17:03:30 +0100
 Subject: [PATCH] REGRESSION(257865@main): B3Validate.cpp: fix
diff --git a/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch b/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch
index 8ce37a01cc..793be48df2 100644
--- a/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/no-musttail-arm.patch
@@ -1,4 +1,4 @@
-From a9c874f7418cefbe78f7cd26505ae495cb59bbcf Mon Sep 17 00:00:00 2001
+From 31dca9601888f2a539dfb22693ffd62c22ee8912 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Fri, 12 Jan 2024 09:21:39 -0800
 Subject: [PATCH] clang/arm: Do not use MUST_TAIL_CALL
@@ -16,10 +16,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Source/WTF/wtf/Compiler.h b/Source/WTF/wtf/Compiler.h
-index 0ea5cb76..c5480dbc 100644
+index 449ca502..daac29d7 100644
 --- a/Source/WTF/wtf/Compiler.h
 +++ b/Source/WTF/wtf/Compiler.h
-@@ -284,7 +284,7 @@
+@@ -321,7 +321,7 @@
  /* MUST_TAIL_CALL */
  
  #if !defined(MUST_TAIL_CALL) && defined(__cplusplus) && defined(__has_cpp_attribute)
diff --git a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
index 93a431a0b1..d614a1ee4f 100644
--- a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
@@ -1,4 +1,4 @@
-From d096b945113ddecaf33062296e20b6d5a007cab3 Mon Sep 17 00:00:00 2001
+From cb5458b5d15aafa3543a47a33975609026d45d32 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Mon, 3 Jan 2022 14:18:34 +0000
 Subject: [PATCH] webkitgtk: Add reproducibility fix
diff --git a/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch b/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch
index d4720e4f28..064925dace 100644
--- a/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/t6-not-declared.patch
@@ -1,10 +1,9 @@
-From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
+From 36c092723ec6d4908039341c9d157db8ab1c0a59 Mon Sep 17 00:00:00 2001
 From: Michael Catanzaro <mcatanzaro@redhat.com>
 Date: Mon, 5 Feb 2024 11:00:49 -0600
-Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
- =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
- =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
- =?UTF-8?q?=3D268739?=
+Subject: [PATCH] =?UTF-8?q?LowLevelInterpreter.cpp:339:21:=20error:=20?=
+ =?UTF-8?q?=E2=80=98t6=E2=80=99=20was=20not=20declared=20in=20this=20scope?=
+ =?UTF-8?q?=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid=3D268739?=
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -22,7 +21,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 2 deletions(-)
 
 diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
-index 5064ead6cd2e7..9a2e2653b1219 100644
+index 75cecbbd..b1020ea4 100644
 --- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
 +++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
 @@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
@@ -34,4 +33,3 @@ index 5064ead6cd2e7..9a2e2653b1219 100644
  
      struct StackPointerScope {
          StackPointerScope(CLoopStack& stack)
-
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb b/meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
similarity index 96%
rename from meta/recipes-sato/webkit/webkitgtk_2.44.1.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
index c4a3c464c1..90fb7a1d42 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.44.1.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
@@ -16,10 +16,8 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://no-musttail-arm.patch \
            file://t6-not-declared.patch \
            file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \
-           file://0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch \
-           file://0002-More-dynamicDowncast-adoption-in-platform-code.patch \
            "
-SRC_URI[sha256sum] = "425b1459b0f04d0600c78d1abb5e7edfa3c060a420f8b231e9a6a2d5d29c5561"
+SRC_URI[sha256sum] = "dc82d042ecaca981a4852357c06e5235743319cf10a94cd36ad41b97883a0b54"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
 
@@ -95,7 +93,7 @@ EXTRA_OECMAKE = " \
 
 # Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the
 # debug symbols (4.3GB to 700M at time of writing)
-DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
+DEBUG_LEVELFLAG = "-g1"
 
 # Javascript JIT is not supported on ARC
 EXTRA_OECMAKE:append:arc = " -DENABLE_JIT=OFF "

From patchwork Mon Oct  7 01:55:01 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49999
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D52ABCFB444
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:29 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.44009.1728266123349472361
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:23 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=fsHFFCRB;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-20bc2970df5so28641225ad.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266122;
 x=1728870922; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Aa737yV08+zfv79b89idqmMZ9jyb89QV6sZWfz/H8XY=;
        b=fsHFFCRBSbjpt2lx2qIzjvhEbjmNd1fgKF5Gpl4uGQWv/YsWDl3igq13QWH5MrWw/Z
         twT/DFZGynYhSf2pTpZVAnb5XSplKVPY1c9nhtnTXgPZ2do7Kk2M8nUKV6faA870BaTx
         2cr9HvwoVQgfzhABLkYNdVeZu63h3smTnAypDeerSFpPMGwTSksyJMWrT7sp0JaTf6JR
         Dty1fXRlDGRePdWdJyvFauV2xdjL2TcubQhgltrAxL3l1uKN4ac8T3zUFb1BvZtMkH03
         WQYuEmLquiJC8i9MLTgcF94MfHXXYvM9vFvlaWiqJgO6ULQLPCMnIvW3tBYT42f0YjCL
         3+eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266122; x=1728870922;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Aa737yV08+zfv79b89idqmMZ9jyb89QV6sZWfz/H8XY=;
        b=dpC5tvRotxmfadmnbGnJczQ0kjCcR98lpB6DJcyFuooE77byUO0mwnuE1wlVQ+V+7q
         ShHFglZyyYeZ5tTShoZjZ/H1jS24KYzuX398aRgU1svhafl2TUKKAmdfnE8ZbrXvFAA5
         agacmx1HZ0UQ8a0WacoNjCJNn/78SDy1fQNOR1wxU3F8mFdsLCdZxEMCQe0oBTEhCM37
         T9ucc4eqbnCP3GmthjAlR15MHXHDgdwkEPMqFF6K32uqtlqQdmBRmJ52Lm5GJEeM3R0K
         r/PYKjmjKHK6SGT93l9ScP/6hhuq4fDS0b2ZvwzhEAR5HCSZaHSNvU9CpLkpmOV1SnC4
         axaA==
X-Gm-Message-State: AOJu0Yz05JAOY5ii7cyq21GSkO1EC2MxI5UcQuOy/awMrw/8SQ0BDHeY
	Fu3aNH1ctYSfFLvcGe2I6CHi1p1YkD4iAuxPNamK3Vg8//FXcdkyZT7FFR2MDx6FJ/Kuxa6gX4U
	LqEY=
X-Google-Smtp-Source: 
 AGHT+IEV+8LdhmfJV0vGsGNWx3/9iSvLXCO3gUeF9uypbj1ObO5srhwiFJSY5TYBOtW+wu2Ns3PFGg==
X-Received: by 2002:a17:90b:1047:b0:2c2:5f25:5490 with SMTP id
 98e67ed59e1d1-2e1e636c80emr11373238a91.34.1728266122306;
        Sun, 06 Oct 2024 18:55:22 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.21
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:22 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 08/10] cryptodev: upgrade 1.13 -> 1.14
Date: Sun,  6 Oct 2024 18:55:01 -0700
Message-Id: 
 <749f297f5d94fc97a5ade8f7cb0321d7286b2521.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:29 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205256

From: Wang Mingyu <wangmy@fujitsu.com>

0001-Disable-installing-header-file-provided-by-another-p.patch
0001-tests-Makefile-do-not-use-Werror.patch
removed since they're included in 1.14

Changelog:
===========
* Fix compilation issues after API changes in several Linux kernels
* Split install targets to help package maintainers

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Acked-by: Chirag Shilwant <c-shilwant@ti.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-linux_1.13.bb => cryptodev-linux_1.14.bb} |  0
 ...odule_1.13.bb => cryptodev-module_1.14.bb} |  3 ---
 ...-tests_1.13.bb => cryptodev-tests_1.14.bb} |  4 ---
 meta/recipes-kernel/cryptodev/cryptodev.inc   |  4 +--
 ...ng-header-file-provided-by-another-p.patch | 25 -------------------
 ...001-tests-Makefile-do-not-use-Werror.patch | 25 -------------------
 6 files changed, 2 insertions(+), 59 deletions(-)
 rename meta/recipes-kernel/cryptodev/{cryptodev-linux_1.13.bb => cryptodev-linux_1.14.bb} (100%)
 rename meta/recipes-kernel/cryptodev/{cryptodev-module_1.13.bb => cryptodev-module_1.14.bb} (74%)
 rename meta/recipes-kernel/cryptodev/{cryptodev-tests_1.13.bb => cryptodev-tests_1.14.bb} (74%)
 delete mode 100644 meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
 delete mode 100644 meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch

diff --git a/meta/recipes-kernel/cryptodev/cryptodev-linux_1.13.bb b/meta/recipes-kernel/cryptodev/cryptodev-linux_1.14.bb
similarity index 100%
rename from meta/recipes-kernel/cryptodev/cryptodev-linux_1.13.bb
rename to meta/recipes-kernel/cryptodev/cryptodev-linux_1.14.bb
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.13.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.14.bb
similarity index 74%
rename from meta/recipes-kernel/cryptodev/cryptodev-module_1.13.bb
rename to meta/recipes-kernel/cryptodev/cryptodev-module_1.14.bb
index 5192cf03ed..6fb75675bb 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.13.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.14.bb
@@ -7,9 +7,6 @@ inherit module
 # Header file provided by a separate package
 DEPENDS += "cryptodev-linux"
 
-SRC_URI += "file://0001-Disable-installing-header-file-provided-by-another-p.patch \
-           "
-
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
 
 RCONFLICTS:${PN} = "ocf-linux"
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-tests_1.13.bb b/meta/recipes-kernel/cryptodev/cryptodev-tests_1.14.bb
similarity index 74%
rename from meta/recipes-kernel/cryptodev/cryptodev-tests_1.13.bb
rename to meta/recipes-kernel/cryptodev/cryptodev-tests_1.14.bb
index 458ad8ecf2..f6a286e1b7 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-tests_1.13.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-tests_1.14.bb
@@ -4,10 +4,6 @@ SUMMARY = "A test suite for /dev/crypto device driver"
 
 DEPENDS += "openssl"
 
-SRC_URI += " \
-           file://0001-tests-Makefile-do-not-use-Werror.patch \
-           "
-
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_EXECPREFIXDIR}" PREFIX="${D}"'
 
 do_compile() {
diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc
index 64a9c2926b..8d0aad4a01 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev.inc
+++ b/meta/recipes-kernel/cryptodev/cryptodev.inc
@@ -10,8 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux;branch=master;protocol=https \
            "
-SRCREV = "bb8bc7cf60d2c0b097c8b3b0e807f805b577a53f"
-PV = "1.13+git${SRCPV}"
+SRCREV = "135cbff90af2ba97d88f1472be595ce78721972c"
+PV = "1.14"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch b/meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
deleted file mode 100644
index c7fdef4da4..0000000000
--- a/meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 66d85d3f26e21cf7c38b27de0dcc42376f5d853e Mon Sep 17 00:00:00 2001
-From: Denys Dmytriyenko <denys@ti.com>
-Date: Sun, 6 Apr 2014 19:51:39 -0400
-Subject: [PATCH] Disable installing header file provided by another package
-
-Signed-off-by: Denys Dmytriyenko <denys@ti.com>
-
-Upstream-Status: Inappropriate [ OE specific ]
-
----
- Makefile | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index d83aee6..c8d8ae5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -36,7 +36,6 @@ install: modules_install
- 
- modules_install:
- 	$(MAKE) $(KERNEL_MAKE_OPTS) modules_install
--	install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h
- 
- install_tests: tests
- 	$(MAKE) -C tests install DESTDIR=$(PREFIX)
diff --git a/meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch b/meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch
deleted file mode 100644
index 3285548a57..0000000000
--- a/meta/recipes-kernel/cryptodev/files/0001-tests-Makefile-do-not-use-Werror.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 47438e53e1156db0916c0f4683a24fe4d82152f2 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Fri, 10 Sep 2021 10:44:42 +0200
-Subject: [PATCH] tests/Makefile: do not use -Werror
-
-Otherwise, openssl 3 deprecation warnings become errors.
-Reported at https://github.com/cryptodev-linux/cryptodev-linux/issues/67
-
-Upstream-Status: Inappropriate [upstream needs to update the code]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
----
- tests/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/Makefile b/tests/Makefile
-index 2fb7a9a..e94f80e 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -1,4 +1,4 @@
--CFLAGS += -I.. $(CRYPTODEV_CFLAGS) -Wall -Werror
-+CFLAGS += -I.. $(CRYPTODEV_CFLAGS) -Wall
- 
- comp_progs := cipher_comp hash_comp hmac_comp
- 

From patchwork Mon Oct  7 01:55:02 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49998
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CB433CFB443
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:29 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web11.44004.1728266124573519516
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:24 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=mxNzPmYX;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-2e0a950e2f2so3253608a91.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266124;
 x=1728870924; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JRi4SFc6q2ESPrXh9cujzJd5e3qHsb6+OqH3541S1Vg=;
        b=mxNzPmYX4WDBund98vyTmQu1GTCMG4WWjXerEEGz2RLrERT7PhNek5CsJ6piQQ4WhK
         rsixb9+h/YZbuW/9iPr6DHN09HD4hHOwyjlYRGowEDEyMiq8IapFnUyVnMgR9dL2fLZY
         1lAJJrYL9v2VP9n1FBYH2XlipyIT/iHaAAbUBSnhUMcI8qslw6px4u03UX2TcJiJ2pHd
         05juGYT/tSnuUp1ljESA04i8L1kUZLg/9GRZNrkpcsNsobOLH2A6E2VbKi6bUpUFqb1V
         BV/aADaBPpZ+UqspIroGHwYPYdkB9ZClWI3O1LZ373FMulSJkhg/KYv8NYeL4vZLvPW/
         Z65Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266124; x=1728870924;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=JRi4SFc6q2ESPrXh9cujzJd5e3qHsb6+OqH3541S1Vg=;
        b=TmkzhSg3i+QZAW5nFXRkje3c4MsuQmusdLq3FlUmxeRAO1Qq+z9xR8ZtxMmRSdwi2N
         bX0mgIi1W3+s8NLXqrNt1o5YdFlOgW1EyjeJR9RB4qttZlO+sf6ZAd38uZLj2Q8IGhLE
         SDJSQTUcjM0sy/i3m4CWkw4thi2VSvGccqjnVruwSi1kNDpkNaEmWHw9a1YvyDzrpPdd
         BGWn9QIHhj28zTDUQf4Y/qXBpiXjRGk4YwTVirFqBRmGM5zpQ9mlH150y5jCq4gGZiNe
         mVRn6Us2AyQB4f0B8AQ17MINJm4JwINENfiXc8B3XbPosbEsa10fN7oZcpNPgGSG9ROn
         MDvg==
X-Gm-Message-State: AOJu0Yynw7/Fd5s0t7A0+8XjnVWiFbBtQdAscucSoWSn0C3qKBtU4QFt
	VER/By/PB03si2HOV7yfl/as4BnSaraivIuwkpSMJdcw6k4bHhuFGG1DQKCgAyMPQKBQZTs2oxR
	TqCk=
X-Google-Smtp-Source: 
 AGHT+IF1Nderqigr+HugB6KylXJvKRIZ1NLKNUrS6gnFxR7/1G9+ujVe1Rz0ZZ0kHY+dWM+mHLcIhw==
X-Received: by 2002:a17:90a:ad8e:b0:2e0:78a0:55c4 with SMTP id
 98e67ed59e1d1-2e1e622723bmr12746989a91.9.1728266123722;
        Sun, 06 Oct 2024 18:55:23 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.23
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:23 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 09/10] populate_sdk_base: inherit nopackages
Date: Sun,  6 Oct 2024 18:55:02 -0700
Message-Id: 
 <2462cceaeec362d85a469ec0668ed92a092e725c.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:29 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205257

From: Martin Jansa <martin.jansa@gmail.com>

Since this bbclass sets PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't
do anything anyway.

This fixes errors from buildhistory changes where packages-split would be empty.

e.g. meta-toolchain build now fails with:
| DEBUG: Executing shell function buildhistory_list_pkg_files
| find: ".../meta-toolchain/1.0/packages-split/*": No such file or directory
| WARNING: exit code 1 from a shell command.
| DEBUG: Python function buildhistory_emit_pkghistory finished

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Atharva Nandanwar <atharvanandanwar@outlook.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/populate_sdk_base.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/populate_sdk_base.bbclass b/meta/classes-recipe/populate_sdk_base.bbclass
index a103e7b738..5c738dbf2a 100644
--- a/meta/classes-recipe/populate_sdk_base.bbclass
+++ b/meta/classes-recipe/populate_sdk_base.bbclass
@@ -13,7 +13,7 @@ PACKAGES = ""
 # SDK processing context.  This class happens to be common to these usages.
 SPDX_MULTILIB_SSTATE_ARCHS = "${@all_multilib_tune_values(d, 'SSTATE_ARCHS')}"
 
-inherit image-postinst-intercepts image-artifact-names
+inherit image-postinst-intercepts image-artifact-names nopackages
 
 # Wildcards specifying complementary packages to install for every package that has been explicitly
 # installed into the rootfs

From patchwork Mon Oct  7 01:55:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 49997
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C5222CFB424
	for <webhook@archiver.kernel.org>; Mon,  7 Oct 2024 01:55:29 +0000 (UTC)
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com
 [209.85.216.52])
 by mx.groups.io with SMTP id smtpd.web10.44011.1728266126209000206
 for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=FthUrXwd;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.52,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f52.google.com with SMTP id
 98e67ed59e1d1-2e18293a5efso2641461a91.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 06 Oct 2024 18:55:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1728266125;
 x=1728870925; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/Izn8e2VuXK8B4h3j6ENh6uAuwG36KiNcl/Tf/0vVsg=;
        b=FthUrXwdhCBvU7EkzU5NO4FrBXLqCh3fgH5Q0UdoWESqkouH715+GhXzVEB+By1Swq
         j4urhFZHdEHEMDJE242K9U8hOQC98k6T5/kmC+GJYAkg/nYH+WTfwI5+4qI03E4ogKJR
         wQbijl1LSisv7PINnHkFRC/DSrLTeKqEYSKjxbzvX8OY1fsnBAfL38h/laFuLWgq+paQ
         ZjkMi57CqZEHrP5Wy3XsMBg1MUWxaj6T93VprfYgcJi+VUsR42nu5bFNKIgm7v1TAn/L
         /KVAAn8UxMjLgTbCUuv4FDQSB2mb+TFLsqIeRyiFjxjumWNlkXPYTPjXubLlq/rvSpno
         8pag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728266125; x=1728870925;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/Izn8e2VuXK8B4h3j6ENh6uAuwG36KiNcl/Tf/0vVsg=;
        b=jkTdak6B5CfCFLESTKFdbGFzja+QD7JcXe9DX/fl4nastB4+llMxieZQ/QmtCecHSy
         cniFnWXg0c7PvUnwDuS7J0/BQYlZ/+wBpp4RZua3In7YydnhPl+eX4tKLY2qLmrh18fw
         fAyUvNVfBqPILmtlrUz/vh70dQO8DtGQESTnT4QgoDf4yczfWPQorjeVfH2XYBK6KAvd
         7JqLi/+eUWqqQn8wVPHbUS//HaPfCTbPTGANOeAdXnMKP1lBQH5fkaFQ9JMO0BfBvGow
         NePn6M96o2/e2mcSbOKT8tZdLHsK4GKJTiJ8iw39GedOpMD4aIyYqcvNJ5X46/Lv/Ens
         9KUQ==
X-Gm-Message-State: AOJu0YzVHS2ierMIZMNwimlLQSI9K2bDixY97WA5WCS4y/uBDX122WyR
	WLCZKtmDoaPH08J0MYTVP9nXxgS5JNFr82TL43eOQuGCK3yPkcY6nF/4+upSK6GTNyx1eRsgHQL
	dNE4=
X-Google-Smtp-Source: 
 AGHT+IHWdaOOoq/XQsyLWvVbx1ewbAS3J4pKwrB7JOSt+asy1GjfaoIYm1vmzx3tQC35ZK4O2rSrHg==
X-Received: by 2002:a17:90b:17c7:b0:2e0:808f:ef9e with SMTP id
 98e67ed59e1d1-2e1e631ef86mr12267177a91.26.1728266125431;
        Sun, 06 Oct 2024 18:55:25 -0700 (PDT)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e20aebb70asm4074938a91.19.2024.10.06.18.55.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 06 Oct 2024 18:55:25 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 10/10] meta-world-pkgdata: Inherit nopackages
Date: Sun,  6 Oct 2024 18:55:03 -0700
Message-Id: 
 <5ea3ba00532265165e0d30f6d2eed568f5b5867f.1728266000.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1728266000.git.steve@sakoman.com>
References: <cover.1728266000.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 07 Oct 2024 01:55:29 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/205258

From: Martin Jansa <martin.jansa@gmail.com>

Since this is a recipe with PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't do anything anyway.

This fixes errors from buildhistory changes where packages-split would be empty.

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/meta-world-pkgdata.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/meta/meta-world-pkgdata.bb b/meta/recipes-core/meta/meta-world-pkgdata.bb
index 0438bf6138..954675f383 100644
--- a/meta/recipes-core/meta/meta-world-pkgdata.bb
+++ b/meta/recipes-core/meta/meta-world-pkgdata.bb
@@ -27,6 +27,7 @@ python do_collect_packagedata() {
     oe.copy_buildsystem.generate_locked_sigs(sigfile, d)
 }
 
+inherit nopackages
 deltask do_fetch
 deltask do_unpack
 deltask do_patch