From patchwork Fri Nov 22 21:26:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53020
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A791E69197
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:26:58 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web10.35399.1732310808925753716
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:48 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=IKB76fQu;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-2126408cf31so19300805ad.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310808;
 x=1732915608; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jhySlt+IqygYTYOHawRvpCuuXOs4HjJpJFhGLM4ckNQ=;
        b=IKB76fQuOFVTCQxMui7ldQ0+5TMj+UQjXCqNp5HKCdRNFV4eE9Y2fM9Rqb4cs/O29j
         ZVg3eOUCMtxxfqCI826P9O8BCljVYa3o01eqBSmyB6owF0TaCrJxPaedcrFE3yrJQSqE
         zyIqZiy3W4bCV9vsszH3UcEZOdZs4HzlL8vyo1GHKU49yZ4iv78+3Vb55y1IcFpBkLd0
         alHFqv/gA3YCl2lShFSiTsQkbLFyTLxelbS/+gXTXDO4B9qu5MeKKhlCYo1vBpv905Lk
         DrJ5JoOfh08zQ/mT1bHLkN1168jjGOIFHzfrxaZ75twimCLokNNTtvoyrNomCHxMaiT8
         4lFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310808; x=1732915608;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jhySlt+IqygYTYOHawRvpCuuXOs4HjJpJFhGLM4ckNQ=;
        b=tbYlNdPoKt60R0pbnSb23WAmirED+f1s14SLBWqZr7FxabWQm5hjA/sGC1SW3VwNsb
         m59c0OAQrMhsYBRgSJfjdq919TCSYDXqZ3O/khIyIK1NoJ33rDu3vKW4VLFF2vEOy+lE
         QL2Bsadxjtr2v1HjsD39hdkWAUcMlBRKCo7Tw3Ozmh4kjXgkwbhWpUC6y1pEQYoSM089
         /Mn4wN4YX0WwdFKEMaj8WPGvMwVg/hD5mfLL6pwEVXnoSZ8b8dMcB+FXo+ye/GARZi4B
         L3N/jA83aRGptix0pz9cO+1UGgcRgPD6eYIbjtx/n9g/5pZFvinPMsz/h+Odc0Mnft6x
         4VnA==
X-Gm-Message-State: AOJu0Yyo0Oa7KqGNufg5cuGnKGavpIdn5bs2dyhD0qBkqmwUaGhZ4tCW
	XE2YNAFO37Gw/sZKpVeLZAyFZhFrGKumal/c0y/ehZj3wGbPIL2Wyhysr/GqMcmyl3c8TGg6OMs
	o
X-Gm-Gg: ASbGnctjnU7KLrBZlEo1lOCUa1lQFBDwQ6/K0t2hS3yqj85lX+mIyB6SfbtRP5MyJSI
	RPdDLZASnB9aVLhrBCjlVqI6V2lni9bpBkjxKMYmqYzhj95ojkUriB3opkFZeSmzh/cc4REW4HC
	8v3UAggor++soUNiKiKi0XUsHwGLBq/8yeUkJgTbolaLRmDaF62ZxmZj7Pwg8QVNS8hhjHyc6Fh
	hd4c0zIDF+2mW/THdXj7gsxQ1fYHXjEM6WvwME=
X-Google-Smtp-Source: 
 AGHT+IFGvEAqJPz3nI92SKYU373UlkGHgBnwZxnuu0zj8s5O3zQqDIv+O/VJaSH0K4eC337ove0bhA==
X-Received: by 2002:a17:902:e741:b0:212:e29:3b2f with SMTP id
 d9443c01a7336-2129f5e7405mr56932585ad.44.1732310807940;
        Fri, 22 Nov 2024 13:26:47 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.47
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:47 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 01/19] ghostscript: Backport fix for multiple
 CVE's
Date: Fri, 22 Nov 2024 13:26:20 -0800
Message-Id: 
 <21a81b592a33504d90f8c53842719cb1fcf96271.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:26:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207651

From: Vijay Anusuri <vanusuri@mvista.com>

import patch from ubuntu to fix
 CVE-2024-46951
 CVE-2024-46952
 CVE-2024-46953
 CVE-2024-46955
 CVE-2024-46956

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a
&
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2024-46951.patch          | 31 +++++++++
 .../ghostscript/CVE-2024-46952.patch          | 62 +++++++++++++++++
 .../ghostscript/CVE-2024-46953.patch          | 67 +++++++++++++++++++
 .../ghostscript/CVE-2024-46955.patch          | 60 +++++++++++++++++
 .../ghostscript/CVE-2024-46956.patch          | 30 +++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  5 ++
 6 files changed, 255 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
new file mode 100644
index 0000000000..b3481f03a4
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46951.patch
@@ -0,0 +1,31 @@
+From ada21374f0c90cc3acf7ce0e96302394560c7aee Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:16:39 +0100
+Subject: PS interpreter - check the type of the Pattern Implementation
+
+Bug #707991
+
+See bug report for details.
+
+CVE-2024-46951
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46951.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ada21374f0c90cc3acf7ce0e96302394560c7aee]
+CVE: CVE-2024-46951
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zcolor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/psi/zcolor.c
++++ b/psi/zcolor.c
+@@ -5054,6 +5054,9 @@ static int patterncomponent(i_ctx_t * i_
+             code = array_get(imemory, pImpl, 0, &pPatInst);
+             if (code < 0)
+                 return code;
++
++            if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
++                return_error(gs_error_typecheck);
+             cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
+             if (pattern_instance_uses_base_space(cc.pattern))
+                 *n = n_comps;
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
new file mode 100644
index 0000000000..8b495a6f99
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46952.patch
@@ -0,0 +1,62 @@
+From 1fb76aaddac34530242dfbb9579d9997dae41264 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Mon, 2 Sep 2024 15:14:01 +0100
+Subject: PDF interpreter - sanitise W array values in Xref streams
+
+Bug #708001 "Buffer overflow in PDF XRef stream"
+
+See bug report. I've chosen to fix this by checking the values in the
+W array; these can (currently at least) only have certain relatively
+small values.
+
+As a future proofing fix I've also updated field_size in
+pdf_xref_stream_entries() to be a 64-bit integer. This is far bigger
+than required, but matches the W array values and so prevents the
+mismatch which could lead to a buffer overrun.
+
+CVE-2024-46952
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46952.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264]
+CVE: CVE-2024-46952
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ pdf/pdf_xref.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+--- a/pdf/pdf_xref.c
++++ b/pdf/pdf_xref.c
+@@ -53,7 +53,7 @@ static int resize_xref(pdf_context *ctx,
+ static int read_xref_stream_entries(pdf_context *ctx, pdf_c_stream *s, uint64_t first, uint64_t last, uint64_t *W)
+ {
+     uint i, j;
+-    uint field_width = 0;
++    uint64_t field_width = 0;
+     uint32_t type = 0;
+     uint64_t objnum = 0, gen = 0;
+     byte *Buffer;
+@@ -292,6 +292,24 @@ static int pdfi_process_xref_stream(pdf_
+     }
+     pdfi_countdown(a);
+ 
++    /* W[0] is either:
++     * 0 (no type field) or a single byte with the type.
++     * W[1] is either:
++     * The object number of the next free object, the byte offset of this object in the file or the object5 number of the object stream where this object is stored.
++     * W[2] is either:
++     * The generation number to use if this object is used again, the generation number of the object or the index of this object within the object stream.
++     *
++     * Object and generation numbers are limited to unsigned 64-bit values, as are bytes offsets in the file, indexes of objects within the stream likewise (actually
++     * most of these are generally 32-bit max). So we can limit the field widths to 8 bytes, enough to hold a 64-bit number.
++     * Even if a later version of the spec makes these larger (which seems unlikely!) we still cna't cope with integers > 64-bits.
++     */
++    if (W[0] > 1 || W[1] > 8 || W[2] > 8) {
++        pdfi_close_file(ctx, XRefStrm);
++        pdfi_countdown(ctx->xref_table);
++        ctx->xref_table = NULL;
++        return code;
++    }
++
+     code = pdfi_dict_get_type(ctx, sdict, "Index", PDF_ARRAY, (pdf_obj **)&a);
+     if (code == gs_error_undefined) {
+         code = read_xref_stream_entries(ctx, XRefStrm, 0, size - 1, (uint64_t *)W);
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
new file mode 100644
index 0000000000..0e36838907
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46953.patch
@@ -0,0 +1,67 @@
+From 294a3755e33f453dd92e2a7c4cfceb087ac09d6a Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Mon, 27 May 2024 13:38:36 +0100
+Subject: Bug 707793: Check for overflow validating format string
+
+for the output file name
+
+CVE-2024-46953
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46953.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a]
+CVE: CVE-2024-46953
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ base/gsdevice.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+--- a/base/gsdevice.c
++++ b/base/gsdevice.c
+@@ -1069,7 +1069,7 @@ static int
+ gx_parse_output_format(gs_parsed_file_name_t *pfn, const char **pfmt)
+ {
+     bool have_format = false, field;
+-    int width[2], int_width = sizeof(int) * 3, w = 0;
++    uint width[2], int_width = sizeof(int) * 3, w = 0;
+     uint i;
+ 
+     /* Scan the file name for a format string, and validate it if present. */
+@@ -1098,6 +1098,8 @@ gx_parse_output_format(gs_parsed_file_na
+                         default: /* width (field = 0) and precision (field = 1) */
+                             if (strchr("0123456789", pfn->fname[i])) {
+                                 width[field] = width[field] * 10 + pfn->fname[i] - '0';
++                                if (width[field] > max_int)
++	                                return_error(gs_error_undefinedfilename);
+                                 continue;
+                             } else if (0 == field && '.' == pfn->fname[i]) {
+                                 field++;
+@@ -1126,8 +1128,10 @@ gx_parse_output_format(gs_parsed_file_na
+         /* Calculate a conservative maximum width. */
+         w = max(width[0], width[1]);
+         w = max(w, int_width) + 5;
++        if (w > max_int)
++            return_error(gs_error_undefinedfilename);
+     }
+-    return w;
++    return (int)w;
+ }
+ 
+ /*
+@@ -1180,10 +1184,15 @@ gx_parse_output_file_name(gs_parsed_file
+     if (!pfn->fname)
+         return 0;
+     code = gx_parse_output_format(pfn, pfmt);
+-    if (code < 0)
++    if (code < 0) {
+         return code;
+-    if (strlen(pfn->iodev->dname) + pfn->len + code >= gp_file_name_sizeof)
++    }
++
++    if (pfn->len >= gp_file_name_sizeof - strlen(pfn->iodev->dname) ||
++        code >= gp_file_name_sizeof - strlen(pfn->iodev->dname) - pfn->len) {
+         return_error(gs_error_undefinedfilename);
++    }
++
+     return 0;
+ }
+ 
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
new file mode 100644
index 0000000000..9186412a48
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46955.patch
@@ -0,0 +1,60 @@
+From ca1fc2aefe9796e321d0589afe7efb35063c8b2a Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:11:53 +0100
+Subject: PS interpreter - check Indexed colour space index
+
+Bug #707990 "Out of bounds read when reading color in "Indexed" color space"
+
+Check the 'index' is in the valid range (0 to hival) for the colour
+space.
+
+Also a couple of additional checks on the type of the 'proc' for
+Indexed, DeviceN and Separation spaces. Make sure these really are
+procs in case the user changed the colour space array.
+
+CVE-2024-46955
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46955.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ca1fc2aefe9796e321d0589afe7efb35063c8b2a]
+CVE: CVE-2024-46955
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zcolor.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/psi/zcolor.c
++++ b/psi/zcolor.c
+@@ -3628,6 +3628,7 @@ static int septransform(i_ctx_t *i_ctx_p
+         code = array_get(imemory, sepspace, 3, &proc);
+         if (code < 0)
+             return code;
++        check_proc(proc);
+         *esp = proc;
+         return o_push_estack;
+     }
+@@ -4449,6 +4450,7 @@ static int devicentransform(i_ctx_t *i_c
+         code = array_get(imemory, devicenspace, 3, &proc);
+         if (code < 0)
+             return code;
++        check_proc(proc);
+         *esp = proc;
+         return o_push_estack;
+     }
+@@ -4864,6 +4866,7 @@ static int indexedbasecolor(i_ctx_t * i_
+             code = array_get(imemory, space, 3, &proc);
+             if (code < 0)
+                 return code;
++            check_proc(proc);
+             *ep = proc;	/* lookup proc */
+             return o_push_estack;
+         } else {
+@@ -4877,6 +4880,9 @@ static int indexedbasecolor(i_ctx_t * i_
+             if (!r_has_type(op, t_integer))
+                 return_error (gs_error_typecheck);
+             index = op->value.intval;
++            /* Ensure it is in range. See bug #707990 */
++            if (index < 0 || index > pcs->params.indexed.hival)
++                return_error(gs_error_rangecheck);
+             /* And remove it from the stack. */
+             ref_stack_pop(&o_stack, 1);
+             op = osp;
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
new file mode 100644
index 0000000000..77cf8a7da0
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-46956.patch
@@ -0,0 +1,30 @@
+From ea69a1388245ad959d31c272b5ba66d40cebba2c Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Tue, 23 Jul 2024 11:48:39 +0100
+Subject: PostScript interpreter - fix buffer length check
+
+Bug 707895
+
+See bug report for details.
+
+CVE-2024-46956
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches/CVE-2024-46956.patch?h=ubuntu/jammy-security
+Upstream commit https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c]
+CVE: CVE-2024-46956
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ psi/zfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/psi/zfile.c
++++ b/psi/zfile.c
+@@ -440,7 +440,7 @@ file_continue(i_ctx_t *i_ctx_p)
+         if (code == ~(uint) 0) {    /* all done */
+             esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
+             return o_pop_estack;
+-        } else if (code > len) {      /* overran string */
++        } else if (code > len - devlen) {      /* overran string */
+             return_error(gs_error_rangecheck);
+         }
+         else if (iodev != iodev_default(imemory)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 9f368a291f..cd0a7de70e 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -57,6 +57,11 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2024-29508-1.patch \
                 file://CVE-2024-29508-2.patch \
                 file://CVE-2023-46361.patch \
+                file://CVE-2024-46951.patch \
+                file://CVE-2024-46952.patch \
+                file://CVE-2024-46953.patch \
+                file://CVE-2024-46955.patch \
+                file://CVE-2024-46956.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \

From patchwork Fri Nov 22 21:26:21 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53023
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7CB83E69199
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:26:58 +0000 (UTC)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com
 [209.85.210.182])
 by mx.groups.io with SMTP id smtpd.web11.35742.1732310810549919578
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:50 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=brYdrmoE;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f182.google.com with SMTP id
 d2e1a72fcca58-72483f6e2fbso2356296b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310810;
 x=1732915610; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1qcg5w89ndt7AYrRASP8KEQIvt/KOAzHUdzvSeJv2bc=;
        b=brYdrmoEEwj3iHVL/631PVrOTPm7ugP17fWAhwQeb1gBkp67IskpEv+DPkWBogWOU4
         skK9eTleKzCKVVehY0HrVUyuwkUmkZCK1G0W0oolUKnLHCAcpNZokHaOUzcQieN0BD6r
         C16Hvq72+hXCTZYMl87ZJcqSv5HjKwUqv+MeXZgnLv4dpQinZmE9fIxrTR69xGzXa0nh
         DJ5OAZ1XOvBlCEkhzBBUdWB03wmzslUdT9pBxH9CifJsAXUxc754o6kCVIB6iDLVLyYr
         4zIt0Dj+FjCn0lxgvGmcf5bFWZzjFlHHMEr5WZV8tsKkwvxxPX3dK8WTTYSq8GQW3x6X
         Q//g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310810; x=1732915610;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1qcg5w89ndt7AYrRASP8KEQIvt/KOAzHUdzvSeJv2bc=;
        b=CBkHhOe0qfsEf+rimp6ULlgTBS/FAi2xCcvmkmKtWcOzAPP8UjlN5Ue6BYmw63K+1d
         edmbLBV/BVNqQkf35TbbWLj8c9L7zDzKujLE57yM+Q+rHxdwoCdTkKs5gszbcP8VGooM
         4KX+8Bw/GHMTvvFGbbbDjV1WNwYCybeyp39SLA4cy5yVaHnkRBW/s76BBxUaEW51gbjZ
         Mh+8zFpK4C73KnSnSRGDg5yHyUMYpgikvHv3F5Oahqk+Bja+0TRZAHgjSPtmZq+Ouwgg
         h7ayweqKkc4+1x5JTxJ7oxXXICmEuWOtAPKSZgl+Jtj/I/WyaKCE2PHoqhnCTjgGRJsL
         fzZw==
X-Gm-Message-State: AOJu0Yz0IZu5RPQkjNBlpZYrblleLbKgSjdXoFRTWRUSckYV+x+B+ZJN
	ANUmE1ozYpFp4stwNA/2oVdeQ8mGoTblLF+urbLxaoCeSvwKUsErWivjEgMNkAUjXJecOmG1ejI
	U
X-Gm-Gg: ASbGncs4cKr0dUfNNcPirjeb9xCwepFacBmwNkkidp8+XIMq1F6wTUqE+vwHZidvyDT
	IaKlturRGiracXaHndyBCaI15FIY+tjpPhEKqgdDNR+ThG7K7w9d1QFHQMXzvVr4Tfcx7YAyhWM
	/1ei8DbIfDH2k3S7X9ZXNfGG2eu9La3vqZchUr4sFvm7yl5IHKd81n9epf5RHOMKN0uKqAWBU98
	dsqpkVXhN/P1V/tgcpZ92wAYr5sF+jqDIu9dAU=
X-Google-Smtp-Source: 
 AGHT+IFbOHxzyo6yT3Qzpy4BrQCrtfNAAmxyGDQxfWurQyuXy9ZXVWJMqUAWNevxXxsqJ4n7akHo1w==
X-Received: by 2002:a17:902:f54a:b0:20c:da98:d752 with SMTP id
 d9443c01a7336-2129f5d853dmr57216855ad.16.1732310809735;
        Fri, 22 Nov 2024 13:26:49 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.49
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:49 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/19] libsoup: Fix for CVE-2024-52530 and
 CVE-2024-52532
Date: Fri, 22 Nov 2024 13:26:21 -0800
Message-Id: 
 <5c96ff64b5c29e589d776d23dbbed64ad526a997.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:26:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207652

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup/CVE-2024-52530.patch      | 149 ++++++++++++++++++
 .../libsoup/libsoup/CVE-2024-52532-1.patch    |  36 +++++
 .../libsoup/libsoup/CVE-2024-52532-2.patch    |  42 +++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |   6 +-
 4 files changed, 232 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
new file mode 100644
index 0000000000..bd62a748eb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+CVE: CVE-2024-52530
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ 	 * ignorable trailing whitespace.
+ 	 */
+ 
++	/* No '\0's are allowed */
++	if (memchr (str, '\0', len))
++		return FALSE;
++
+ 	/* Skip over the Request-Line / Status-Line */
+ 	headers_start = memchr (str, '\n', len);
+ 	if (!headers_start)
+ 		return FALSE;
+-	/* No '\0's in the Request-Line / Status-Line */
+-	if (memchr (str, '\0', headers_start - str))
+-		return FALSE;
+ 
+ 	/* We work on a copy of the headers, which we can write '\0's
+ 	 * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ 	headers_copy[copy_len] = '\0';
+ 	value_end = headers_copy;
+ 
+-	/* There shouldn't be any '\0's in the headers already, but
+-	 * this is the web we're talking about.
+-	 */
+-	while ((p = memchr (headers_copy, '\0', copy_len))) {
+-		memmove (p, p + 1, copy_len - (p - headers_copy));
+-		copy_len--;
+-	}
+-
+ 	while (*(value_end + 1)) {
+ 		name = value_end + 1;
+ 		name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+ 	  }
+ 	},
+ 
+-	{ "NUL in header name", "760832",
+-	  "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+-	  SOUP_STATUS_OK,
+-	  "GET", "/", SOUP_HTTP_1_1,
+-	  { { "Host", "example.com" },
+-	    { NULL }
+-	  }
+-	},
+-
+-	{ "NUL in header value", "760832",
+-	  "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+-	  SOUP_STATUS_OK,
+-	  "GET", "/", SOUP_HTTP_1_1,
+-	  { { "Host", "examplecom" },
+-	    { NULL }
+-	  }
+-	},
+-
+ 	/************************/
+ 	/*** INVALID REQUESTS ***/
+ 	/************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+ 	  SOUP_STATUS_EXPECTATION_FAILED,
+ 	  NULL, NULL, -1,
+ 	  { { NULL } }
++	},
++
++	// https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++	{ "NUL in header name", NULL,
++	  "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++	  SOUP_STATUS_BAD_REQUEST,
++	  NULL, NULL, -1,
++	  { { NULL } }
++	},
++
++	{ "NUL in header value", NULL,
++	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
+ 	}
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+ 	    { NULL } }
+ 	},
+ 
+-	{ "NUL in header name", "760832",
+-	  "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+-	  SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-	  { { "Foo", "bar" },
+-	    { NULL }
+-	  }
+-	},
+-
+-	{ "NUL in header value", "760832",
+-	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+-	  SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-	  { { "Foo", "bar" },
+-	    { NULL }
+-	  }
+-	},
+-
+ 	/********************************/
+ 	/*** VALID CONTINUE RESPONSES ***/
+ 	/********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+ 	  { { NULL }
+ 	  }
+ 	},
++
++	// https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++	{ "NUL in header name", NULL,
++	  "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++	  -1, 0, NULL,
++	  { { NULL } }
++	},
++
++	{ "NUL in header value", "760832",
++	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++	  -1, 0, NULL,
++	  { { NULL } }
++	},
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
new file mode 100644
index 0000000000..8fdf50aed4
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+
+Fixes #391
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/websocket/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/websocket/soup-websocket-connection.c b/libsoup/websocket/soup-websocket-connection.c
+index a1a730473..a14481340 100644
+--- a/libsoup/websocket/soup-websocket-connection.c
++++ b/libsoup/websocket/soup-websocket-connection.c
+@@ -1199,9 +1199,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+ 		}
+ 
+ 		priv->incoming->len = len + count;
+-	} while (count > 0);
+ 
+-	process_incoming (self);
++		process_incoming (self);
++	} while (count > 0 && !priv->close_sent && !priv->io_closing);
+ 
+ 	if (end) {
+ 		if (!priv->close_sent || !priv->close_received) {
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
new file mode 100644
index 0000000000..e4e2d03d58
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 06c443bb5..6a48c1f9b 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+ 	GError *error = NULL;
+ 	InvalidEncodeLengthTest context = { test, NULL };
+ 	guint i;
++	guint error_id;
+ 
+-	g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++	error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ 	g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+ 	/* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+ 	WAIT_UNTIL (error != NULL || received != NULL);
+ 	g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+ 	g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+ 	g_assert_null (received);
+ 
+         g_thread_join (thread);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
index 59cc4a1d0a..919fef5107 100644
--- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb
@@ -11,7 +11,11 @@ DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
 
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
-SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
+SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
+           file://CVE-2024-52530.patch \
+           file://CVE-2024-52532-1.patch \
+           file://CVE-2024-52532-2.patch \
+          "
 SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8"
 
 PROVIDES = "libsoup-3.0"

From patchwork Fri Nov 22 21:26:22 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53024
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8F92EE6919D
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:26:58 +0000 (UTC)
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
 by mx.groups.io with SMTP id smtpd.web10.35400.1732310813417694785
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=LoWrWekm;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-2127d4140bbso25725295ad.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310813;
 x=1732915613; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ZTA4alSFwCYkav6k9/jPqqXoI8kNOjIZkYy2hH5epdM=;
        b=LoWrWekmMAFf4ge/TlaTTFogi/f+yCwLiptzYa+dlDYF+vfTGhJyjqvpUnqutAkuep
         ub2c1f5KoAMRraglql/usCit+sG4+Kg6u1dbw2oDuxTlWeVqJoIMTTwBj4rbYXJ2BWPZ
         ySErOo6VFFj8P/BqZqtPQ1XDodCfib430t6oHTRUzzp+65uAQh3sEhXn65uXHJo91Ipy
         RGymvS6IGaA60JhYUPcRk+Qp+1W6OB2rDpH4a9DEMe/S7GCL15n4aGu9SMgQKSJGG7hT
         SgyMeNWORbnj0UYrLdvYs9ipaOGEVLxvlq/l1vkZHhf8KDFlHfkJ8pWc/fSWAAffzNSc
         BiYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310813; x=1732915613;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ZTA4alSFwCYkav6k9/jPqqXoI8kNOjIZkYy2hH5epdM=;
        b=ugDG5oNGtC0aYTPmkKvhJ90X0RfghU3Kz6Bde1njQochUO2eI2OgUtPVkwBcPnwVl0
         BHh0DaihWeeiDQKBrLMWPCExLgpt+1CbOkuJp+UeSL5/3oIvJsHzHVX3LEY1XtFGFqBG
         VWHe21E81wCNVJElz/5b7fShgiRvkN2qA8bSvprYdHFZ1XBv7wAPoF+u1Kb1BhmcNSLm
         tfejKZaDPY+nG1QMOmSJQeZ7lQLTi+zNdvYq3wykuOfyOuB7eP33zyAbvPQuHN6a1J4z
         GMWw4UwOx74HPzVdxYCu0S0isspxBCYJbtlUKi68iVFzvoxUPiLirHSncx1Iw2zDgBNU
         QYBA==
X-Gm-Message-State: AOJu0YzL9CdUBTZxZcowOHIhOaABv7+WcdIk3rTUHgdmvqTn6h4DguHw
	FucBwzVwgRuQ/9wIF9nWkG29YNMLWV7f6JERSS14C7V6jdU2fvfPo13eIld3MWpxFhujoimyWym
	s
X-Gm-Gg: ASbGnctCdNln3vazL050ERx89jt/oiJw8QQtmihqfWgwbp7z7wEq+PKbFMX1InROxIS
	tDW3OJi9hOJjdccIltX/cCOe3ROMtbW/s81iC9aZaEUuAMEUW1LO/Gt9yxshnFpXYW9DciXx6yd
	BnCx35Gt/g77y3srr4aWgzeQ1rcluVSfWoao6Lj5TAbMkgp1AeWdch+h6tET0mjmxtvmkT+U0Ke
	jdHnRO+F+SaQ52q7G50OFExJq4/WzrSmi6wvBk=
X-Google-Smtp-Source: 
 AGHT+IHooj/9n0rWVFGzjKTd75kNsUDATByA1JGKY+316Ifiy0YHn8aeATv+dtesPRhLk8DbNSS2oA==
X-Received: by 2002:a17:903:32cd:b0:20b:3f70:2e05 with SMTP id
 d9443c01a7336-2129f288ba5mr63264625ad.41.1732310812548;
        Fri, 22 Nov 2024 13:26:52 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:51 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 03/19] libsoup-2.4: Backport fix for
 CVE-2024-52530 and CVE-2024-52532
Date: Fri, 22 Nov 2024 13:26:22 -0800
Message-Id: 
 <87b0badcb1d10eddae31ac7b282a4e44778d63af.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:26:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207653

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from
https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b
&
https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be
& https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsoup/libsoup-2.4/CVE-2024-52530.patch  | 149 ++++++++++++++++++
 .../libsoup-2.4/CVE-2024-52532-1.patch        |  36 +++++
 .../libsoup-2.4/CVE-2024-52532-2.patch        |  42 +++++
 .../libsoup/libsoup-2.4_2.74.2.bb             |   3 +
 4 files changed, 230 insertions(+)
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch

diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
new file mode 100644
index 0000000000..bd62a748eb
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52530.patch
@@ -0,0 +1,149 @@
+From 04df03bc092ac20607f3e150936624d4f536e68b Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <pgriffis@igalia.com>
+Date: Mon, 8 Jul 2024 12:33:15 -0500
+Subject: [PATCH] headers: Strictly don't allow NUL bytes
+
+In the past (2015) this was allowed for some problematic sites. However Chromium also does not allow NUL bytes in either header names or values these days. So this should no longer be a problem.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b]
+CVE: CVE-2024-52530
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-headers.c      | 15 +++------
+ tests/header-parsing-test.c | 62 +++++++++++++++++--------------------
+ 2 files changed, 32 insertions(+), 45 deletions(-)
+
+diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
+index a0cf351ac..f30ee467a 100644
+--- a/libsoup/soup-headers.c
++++ b/libsoup/soup-headers.c
+@@ -51,13 +51,14 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ 	 * ignorable trailing whitespace.
+ 	 */
+ 
++	/* No '\0's are allowed */
++	if (memchr (str, '\0', len))
++		return FALSE;
++
+ 	/* Skip over the Request-Line / Status-Line */
+ 	headers_start = memchr (str, '\n', len);
+ 	if (!headers_start)
+ 		return FALSE;
+-	/* No '\0's in the Request-Line / Status-Line */
+-	if (memchr (str, '\0', headers_start - str))
+-		return FALSE;
+ 
+ 	/* We work on a copy of the headers, which we can write '\0's
+ 	 * into, so that we don't have to individually g_strndup and
+@@ -69,14 +70,6 @@ soup_headers_parse (const char *str, int len, SoupMessageHeaders *dest)
+ 	headers_copy[copy_len] = '\0';
+ 	value_end = headers_copy;
+ 
+-	/* There shouldn't be any '\0's in the headers already, but
+-	 * this is the web we're talking about.
+-	 */
+-	while ((p = memchr (headers_copy, '\0', copy_len))) {
+-		memmove (p, p + 1, copy_len - (p - headers_copy));
+-		copy_len--;
+-	}
+-
+ 	while (*(value_end + 1)) {
+ 		name = value_end + 1;
+ 		name_end = strchr (name, ':');
+diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
+index edf8eebb3..715c2c6f2 100644
+--- a/tests/header-parsing-test.c
++++ b/tests/header-parsing-test.c
+@@ -358,24 +358,6 @@ static struct RequestTest {
+ 	  }
+ 	},
+ 
+-	{ "NUL in header name", "760832",
+-	  "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
+-	  SOUP_STATUS_OK,
+-	  "GET", "/", SOUP_HTTP_1_1,
+-	  { { "Host", "example.com" },
+-	    { NULL }
+-	  }
+-	},
+-
+-	{ "NUL in header value", "760832",
+-	  "GET / HTTP/1.1\r\nHost: example\x00" "com\r\n", 35,
+-	  SOUP_STATUS_OK,
+-	  "GET", "/", SOUP_HTTP_1_1,
+-	  { { "Host", "examplecom" },
+-	    { NULL }
+-	  }
+-	},
+-
+ 	/************************/
+ 	/*** INVALID REQUESTS ***/
+ 	/************************/
+@@ -448,6 +430,21 @@ static struct RequestTest {
+ 	  SOUP_STATUS_EXPECTATION_FAILED,
+ 	  NULL, NULL, -1,
+ 	  { { NULL } }
++	},
++
++	// https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++	{ "NUL in header name", NULL,
++	  "GET / HTTP/1.1\r\nHost\x00: example.com\r\n", 36,
++	  SOUP_STATUS_BAD_REQUEST,
++	  NULL, NULL, -1,
++	  { { NULL } }
++	},
++
++	{ "NUL in header value", NULL,
++	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++	  SOUP_STATUS_BAD_REQUEST,
++           NULL, NULL, -1,
++	  { { NULL } }
+ 	}
+ };
+ static const int num_reqtests = G_N_ELEMENTS (reqtests);
+@@ -620,22 +617,6 @@ static struct ResponseTest {
+ 	    { NULL } }
+ 	},
+ 
+-	{ "NUL in header name", "760832",
+-	  "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
+-	  SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-	  { { "Foo", "bar" },
+-	    { NULL }
+-	  }
+-	},
+-
+-	{ "NUL in header value", "760832",
+-	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
+-	  SOUP_HTTP_1_1, SOUP_STATUS_OK, "OK",
+-	  { { "Foo", "bar" },
+-	    { NULL }
+-	  }
+-	},
+-
+ 	/********************************/
+ 	/*** VALID CONTINUE RESPONSES ***/
+ 	/********************************/
+@@ -768,6 +749,19 @@ static struct ResponseTest {
+ 	  { { NULL }
+ 	  }
+ 	},
++
++	// https://gitlab.gnome.org/GNOME/libsoup/-/issues/377
++	{ "NUL in header name", NULL,
++	  "HTTP/1.1 200 OK\r\nF\x00oo: bar\r\n", 28,
++	  -1, 0, NULL,
++	  { { NULL } }
++	},
++
++	{ "NUL in header value", "760832",
++	  "HTTP/1.1 200 OK\r\nFoo: b\x00" "ar\r\n", 28,
++	  -1, 0, NULL,
++	  { { NULL } }
++	},
+ };
+ static const int num_resptests = G_N_ELEMENTS (resptests);
+ 
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
new file mode 100644
index 0000000000..68eb942762
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-1.patch
@@ -0,0 +1,36 @@
+From 6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 11 Sep 2024 11:52:11 +0200
+Subject: [PATCH] websocket: process the frame as soon as we read data
+
+Otherwise we can enter in a read loop because we were not
+validating the data until the all the data was read.
+
+Fixes #391
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libsoup/soup-websocket-connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsoup/soup-websocket-connection.c b/libsoup/soup-websocket-connection.c
+index a4095e1..9d5f4f8 100644
+--- a/libsoup/soup-websocket-connection.c
++++ b/libsoup/soup-websocket-connection.c
+@@ -1140,9 +1140,9 @@ soup_websocket_connection_read (SoupWebsocketConnection *self)
+ 		}
+ 
+ 		pv->incoming->len = len + count;
+-	} while (count > 0);
+ 
+-	process_incoming (self);
++		process_incoming (self);
++	} while (count > 0 && !pv->close_sent && !pv->io_closing);
+ 
+ 	if (end) {
+ 		if (!pv->close_sent || !pv->close_received) {
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
new file mode 100644
index 0000000000..e4e2d03d58
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-2.patch
@@ -0,0 +1,42 @@
+From 29b96fab2512666d7241e46c98cc45b60b795c0c Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro <qignacio@amazon.com>
+Date: Wed, 2 Oct 2024 11:17:19 +0200
+Subject: [PATCH] websocket-test: disconnect error copy after the test ends
+
+Otherwise the server will have already sent a few more wrong
+bytes and the client will continue getting errors to copy
+but the error is already != NULL and it will assert
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c]
+CVE: CVE-2024-52532
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tests/websocket-test.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tests/websocket-test.c b/tests/websocket-test.c
+index 06c443bb5..6a48c1f9b 100644
+--- a/tests/websocket-test.c
++++ b/tests/websocket-test.c
+@@ -1539,8 +1539,9 @@ test_receive_invalid_encode_length_64 (Test *test,
+ 	GError *error = NULL;
+ 	InvalidEncodeLengthTest context = { test, NULL };
+ 	guint i;
++	guint error_id;
+ 
+-	g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
++	error_id = g_signal_connect (test->client, "error", G_CALLBACK (on_error_copy), &error);
+ 	g_signal_connect (test->client, "message", G_CALLBACK (on_binary_message), &received);
+ 
+ 	/* We use 127(\x7f) as payload length with 65535 extended length */
+@@ -1553,6 +1554,7 @@ test_receive_invalid_encode_length_64 (Test *test,
+ 	WAIT_UNTIL (error != NULL || received != NULL);
+ 	g_assert_error (error, SOUP_WEBSOCKET_ERROR, SOUP_WEBSOCKET_CLOSE_PROTOCOL_ERROR);
+ 	g_clear_error (&error);
++        g_signal_handler_disconnect (test->client, error_id);
+ 	g_assert_null (received);
+ 
+         g_thread_join (thread);
+-- 
+GitLab
+
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
index be286e1849..b1962961ce 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.2.bb
@@ -13,6 +13,9 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://0001-meson.build-set-c_std-to-gnu99.patch \
+           file://CVE-2024-52530.patch \
+           file://CVE-2024-52532-1.patch \
+           file://CVE-2024-52532-2.patch \
           "
 SRC_URI[sha256sum] = "f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159"
 

From patchwork Fri Nov 22 21:26:23 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53022
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8F207E6919E
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:26:58 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web10.35401.1732310815157442494
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:55 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=BXnEO7lE;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-212884028a3so15887425ad.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310814;
 x=1732915614; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=iUIPeel9q6rTb9NBV0RW6duJ36y8MFQX6IU0vwuvl9E=;
        b=BXnEO7lEYO/sSxAUfgYE9nziKBElm2aUlTJ3uLQss6SkUmMv0JgroTYfj6PRKPr6c6
         FK9rcSVbQQzEwp/8ppP8OfD4lG2C3NkbyYZoLhf7qaoVsWsA+EH25zl2aQcsYe0nixnY
         WLaQSJmsngeyc5s1cnCFtxMZp3b0b19b1/6rJtCJECbQj40TeS2P0kU2QSI+NIoAgEgI
         POeflL7vQwlCVfQ4zIBxUUTeuhIg252m6+qCrcnkF09jOqvAH9FbWkSv+JoapWHrsLDG
         1iGkGXOMFVQC4OGhj9lkAxryCxyFlW87aHw1DpAUMYGS41AjhdlVZSr7TIsW+EBBXZQA
         RPOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310814; x=1732915614;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=iUIPeel9q6rTb9NBV0RW6duJ36y8MFQX6IU0vwuvl9E=;
        b=TdO+O2Ny+UFqmgRqqUilJDk4iVIPkI7qdJ7I0r2wy+Sqy7WlOSyq9bqUtdNkQG6O11
         tnhA8cM+CsmfvF+xD5ltpN+BTcy92j+qsh5PwKWjsnVnw0ECnduslIKnSQp6X5j1j2N2
         lRgXavY9b5HvhhmsVnFyOLOVnu+nR+N61vBBrrwl5NoPpJtO1TGBmMYegY8iKeSlFqY3
         XDZV02oiLsFcIfQaG1aL8zAyPf19hwyCMvN5YHLuGBGx6PTQ0TA+wu5v/7cKlNlwyMIV
         OenId2sLlxKPeyTNK6EYCdDOJZsgj55go2ldxMpuHSXZPz0Cjf9K2vaFrjokQrnkVnCd
         wW8w==
X-Gm-Message-State: AOJu0YwgxSYu6YeS9KoWugKkMCoGy6Ha+16vcAIzuaJo/fp4l4WZk1O3
	iEzKVP3OvXtmcmlXsnwpOYBbjRpaTebB42xqZt5KRlRSxX9bGD9m1FLOb6be1Xl6sVkXGDWYaEU
	p
X-Gm-Gg: ASbGncvICmEnt7sddjOaBB1TwfQYYXnFY8PeSRRX3aFmJocyvYcTRfshgo5T5MPfVI6
	r+5HvAyEMvAVwA6zGlmBxBtKWWLb3NGOlt91YqCsJN370muLAE0mnhrHBPiFoGzOoH8PbnsWb7V
	sAgVn/7LOkTZHcEiogYaIqOoGLXrYEGIz32E4IpD6QdfBqg7JZHHcafv71sYMRjSKcEVIUNZD+F
	qBK/klP5YcbrMdNALGd9xq9Sin0tanTXy6F4zE=
X-Google-Smtp-Source: 
 AGHT+IEq2Rtry3U1NC+InMkhfOjCqwi7n5T8dCiX/KlisKRBO1GR39vR7MOmUbfHRcZehEEdcEX3LQ==
X-Received: by 2002:a17:902:eccb:b0:20c:7196:a1e9 with SMTP id
 d9443c01a7336-2129fe38761mr65976225ad.13.1732310814401;
        Fri, 22 Nov 2024 13:26:54 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:54 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 04/19] glib-2.0: Backport fix for CVE-2024-52533
Date: Fri, 22 Nov 2024 13:26:23 -0800
Message-Id: 
 <c7ecdd6530e18efd651e2ea57565481f66f7b1cf.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:26:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207654

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29

Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../glib-2.0/glib-2.0/CVE-2024-52533.patch    | 49 +++++++++++++++++++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
new file mode 100644
index 0000000000..3a06a9d782
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
@@ -0,0 +1,49 @@
+From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+Fixes: #3461
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
+CVE: CVE-2024-52533
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb7..b3146d08fd 100644
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,
+-- 
+GitLab
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index 239099d568..8007de0613 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -50,6 +50,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://CVE-2024-34397_17.patch \
            file://CVE-2024-34397_18.patch \
            file://0001-gvariant-serialiser-Convert-endianness-of-offsets.patch \
+           file://CVE-2024-52533.patch \
            "
 SRC_URI:append:class-native = " file://relocate-modules.patch"
 

From patchwork Fri Nov 22 21:26:24 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53021
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7B946E69191
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:26:58 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web11.35747.1732310816845319644
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:56 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UgojEbO5;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-724d57a9f7cso1962443b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310816;
 x=1732915616; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SxN06KHGOwRadE8ymjj/19qMD9kz4dTiNEmkFP6hsAc=;
        b=UgojEbO5iGKEw58bNgbIs/h2MM/HXn9wrQX1RbcV1bOmgBdsMMx3aF6Gqhppy7dHZU
         EUKNF11SJXlL9yfEWB/Rz0AjEIUm3KaGiQfYKTPE0qQ/Jd2hQB7JXqFUKYeE/M03R3kr
         LKySrnFDAOMaTp4/KQKAzh2ngfYJVke17zTGAx7UB7sr95XcpprrPK8BdXpg8yxcQHPz
         23qJThSH1NHEm2nY1ibnkkV/EJMCj2JMYfMDEFN8R+/v8K2LMtRxK1yUPc9wbiiRvJNJ
         8lGTcRX7z9rmELtFvp2MnFMBZ7V9APQVYnYiaajZqnm3diq59TjecPft81+EwmbQQjA3
         Znrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310816; x=1732915616;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SxN06KHGOwRadE8ymjj/19qMD9kz4dTiNEmkFP6hsAc=;
        b=FhaKQVbkm4Cw1A8ZpmgnvyDR0dD5YClH8Y7Rz2g80dcIfYLQ7FDXVZCUqaaaBkBCHs
         tB0h07NqEs5BjHaPOyFAKdCMnBztHUuxJ9+kZ16STrU6tT2+XKoIYLzBVcLGjGo2ibKZ
         ujNpx5NzJTU1X1j5CPTKQlfLC617zftGy5ADg8fRRa9+1VXBd4lhWY8WoA2Brmuz31Si
         Lr0avr0wDfRDlNi8wjYnPHp06sJVZcTgoLQBzIIGl4JMib1Y0SvlpWicsv6UWvT7Bik/
         Qqg5B4uh3k9KoEPHfBH0t8hbxB94hVTsgLr4uvSQfsw7SuZ3pV+hji3TyHMqdlkVMzqr
         aS6w==
X-Gm-Message-State: AOJu0YwZnpAcwVEM0IiGivBR8vdmFj0R5n2CXz5CvnfV0U7vpKOU7D6p
	ZqjLBccDigy+VaQMwuDg1kFw8i6dWPlKo0qJMVGFgIF/2fAOezNXcbedHHplVcM5aiNjmthDIry
	F
X-Gm-Gg: ASbGncud4fGMqz01R5usNWnzH/rC7AB1RjjiaSgbMXvZNC13ep1Fibmm1FrCxG4gpy4
	KanpRSELVNnnN0i5VzCbhBOgXTOgrH3eknLzN66wNtRMYi9RPUgRpE5McWeJ8q/AhsqhU6D3jr6
	hz3JZyZnPQesyOpmXghhikdydheCf9goc6r1VVVsGArOwsvNgBIHZ8wWncNjF/X9BSuIUpoSTcZ
	cE7dv3rrfU+zk2lNvFw4EhIFwxWsJ1suCND7Co=
X-Google-Smtp-Source: 
 AGHT+IGJziNGJJ7ZUD2YudEYQncvI1hEx4+XngBkInD3scJiEZ4nizbWo7New1CRX5fm9Z7jqF7Ayg==
X-Received: by 2002:a17:902:f70c:b0:212:6a14:79b1 with SMTP id
 d9443c01a7336-2129f217d4dmr56659415ad.9.1732310816097;
        Fri, 22 Nov 2024 13:26:56 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:55 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 05/19] ffmpeg: fix CVE-2024-32230
Date: Fri, 22 Nov 2024 13:26:24 -0800
Message-Id: 
 <6eb7dc3eecbbe115f95864d587fb3d5557321973.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:26:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207655

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param
bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-32230.patch        | 35 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
new file mode 100644
index 0000000000..0617b9b123
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
@@ -0,0 +1,35 @@
+From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 8 Apr 2024 18:38:42 +0200
+Subject: [PATCH] avcodec/mpegvideo_enc: Fix 1 line and one column images
+
+Fixes: Ticket10952
+Fixes: poc21ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-32230
+
+Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/mpegvideo_enc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
+index 128d1a3..3bd84cd 100644
+--- a/libavcodec/mpegvideo_enc.c
++++ b/libavcodec/mpegvideo_enc.c
+@@ -1130,8 +1130,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg)
+                     int dst_stride = i ? s->uvlinesize : s->linesize;
+                     int h_shift = i ? h_chroma_shift : 0;
+                     int v_shift = i ? v_chroma_shift : 0;
+-                    int w = s->width  >> h_shift;
+-                    int h = s->height >> v_shift;
++                    int w = AV_CEIL_RSHIFT(s->width , h_shift);
++                    int h = AV_CEIL_RSHIFT(s->height, v_shift);
+                     uint8_t *src = pic_arg->data[i];
+                     uint8_t *dst = pic->f->data[i];
+                     int vpad = 16;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 1295d5cdf1..40963d1254 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
            file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
            file://CVE-2022-48434.patch \
+           file://CVE-2024-32230.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

From patchwork Fri Nov 22 21:26:25 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53019
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88041E6919C
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:26:58 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.35752.1732310818201243302
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:58 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ZLY6/fAh;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-2126408cf31so19301475ad.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310817;
 x=1732915617; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=GUUK830OGBaczR/Pe4RvaKHicf0s6+68ZIWwnIVNDQU=;
        b=ZLY6/fAhH4maeKCPjLeBwCUVuwIqpvYS+24ITtk75tcT8rNvhb+IjS6aVML7MRciP2
         4uaiqsKMw81lmdEzvgk4L3tY+66hdfMkecywl+o/WTQwmcAQbVRyNctkI2VyvcXZBbRw
         tIGlVjLmRcS3tIk53sL4sliBBnVEjOjGLuuzVgmAO1DmHh8dghwHskv1km31Qgg76DOU
         hC+lXt+XKlwgqPf/TOTDalsE/hhxlRis+sspdo5QQwBJZ7vqcuCUqfXywQGCYCbiy+ag
         ODSo8jchckF9nSWRZvHWIH5bMvIGh/sBB/zDArxCYTgP3gyMZPAe5lpz6HhrsAG0vKvY
         qhiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310817; x=1732915617;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=GUUK830OGBaczR/Pe4RvaKHicf0s6+68ZIWwnIVNDQU=;
        b=I9nvUn3ZqEubupMXwZIjfp9GutTE0s0m2IStRLZzbzaKvI+ecPuZukCnxV9Afv9FER
         DjLQ6ph2b/fcGGtWP9VoJ59Tknmp4wuWWPyRFKY75xWV/nbWOE2AicxbM2Yu0NtsAwkj
         HmydLU66tozNk85ogY81emeOMHsbK0Y/1n8jVLod+lR5DUJy4QAbftNwcBxX7KkD8+YA
         C+okiTFrKNPQ4aBatl6GVWs45IuSGjmTQBaWuO751Dbp2xNGoiF9n9yg9zD+K/Z8elY/
         n8Ndc4y/2BrSkhQrl7Xfj51KpjQvYYwGCgYCmgCbADa5xXcQrGw/GQLFhXn5nkROCOwG
         3zTQ==
X-Gm-Message-State: AOJu0Yy73+8OeAB5HNUJwG5I6ESz/oVsQo/S1IPVGHwGmWquUha5hw81
	vNmbB4jbuITPrweYX+XFEYj127jKa7cxn7l5Fp7kWjLBjpaxb7QCDHz6K8syrDGXp0VAt7RTb5Q
	4
X-Gm-Gg: ASbGncttPeaUIPgRvQ7MvMqv0VCS1idOo5vnAqyntTz4PB8Vqcl0emXQSMkFa+nTKbb
	PRqiRX1fh9GC7ZHKGy/S5NKQqlwl4QcNP7hjlRjBf1Y0GUWq6lpJLjzcL42xgYm2lHgY3XH4d/c
	/eCwGKReS0KsIR6qZo1S0lAMoyhwdEzpQRSWfXCDh1UzHG2Xv+i91FS+2t6mHolT9xVLGylJjp1
	GiSGb7m76e7DvEzNPWAGpmUh4nqqXhaiXjPNKk=
X-Google-Smtp-Source: 
 AGHT+IHajznQ8ik11z/C1/afIsyCn+7snNCnwjuwMk4IT3UOuiKufNO7pOG0oKGKCJcxC1yMy92Grw==
X-Received: by 2002:a17:902:f64d:b0:20c:968e:4dcd with SMTP id
 d9443c01a7336-2129f51d3demr54745715ad.7.1732310817411;
        Fri, 22 Nov 2024 13:26:57 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.56
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:57 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/19] ffmpeg: fix CVE-2023-51793
Date: Fri, 22 Nov 2024 13:26:25 -0800
Message-Id: 
 <be875832526636638a034680f837241c16e2b26d.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:26:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207656

From: Archana Polampalli <archana.polampalli@windriver.com>

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local
attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2023-51793.patch        | 67 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 68 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
new file mode 100644
index 0000000000..71eeb92422
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51793.patch
@@ -0,0 +1,67 @@
+From 0ecc1f0e48930723d7a467761b66850811c23e62 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Fri, 22 Dec 2023 12:31:35 +0100
+Subject: [PATCH 2/5] avfilter/vf_weave: Fix odd height handling
+
+Fixes: out of array access
+Fixes: tickets/10743/poc10ffmpeg
+
+Found-by: Zeng Yunxiang and Li Zeyuan
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-51793
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_weave.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libavfilter/vf_weave.c b/libavfilter/vf_weave.c
+index 2bd3994..de9f79c 100644
+--- a/libavfilter/vf_weave.c
++++ b/libavfilter/vf_weave.c
+@@ -30,6 +30,7 @@ typedef struct WeaveContext {
+     int double_weave;
+     int nb_planes;
+     int planeheight[4];
++    int outheight[4];
+     int linesize[4];
+
+     AVFrame *prev;
+@@ -79,6 +80,9 @@ static int config_props_output(AVFilterLink *outlink)
+     s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h);
+     s->planeheight[0] = s->planeheight[3] = inlink->h;
+
++    s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h);
++    s->outheight[0] = s->outheight[3] = 2*inlink->h;
++
+     s->nb_planes = av_pix_fmt_count_planes(inlink->format);
+
+     return 0;
+@@ -104,19 +108,20 @@ static int weave_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
+         const int height = s->planeheight[i];
+         const int start = (height * jobnr) / nb_jobs;
+         const int end = (height * (jobnr+1)) / nb_jobs;
++        const int compensation = 2*end > s->outheight[i];
+
+         av_image_copy_plane(out->data[i] + out->linesize[i] * field1 +
+                             out->linesize[i] * start * 2,
+                             out->linesize[i] * 2,
+                             in->data[i] + start * in->linesize[i],
+                             in->linesize[i],
+-                            s->linesize[i], end - start);
++                            s->linesize[i], end - start - compensation * field1);
+         av_image_copy_plane(out->data[i] + out->linesize[i] * field2 +
+                             out->linesize[i] * start * 2,
+                             out->linesize[i] * 2,
+                             s->prev->data[i] + start * s->prev->linesize[i],
+                             s->prev->linesize[i],
+-                            s->linesize[i], end - start);
++                            s->linesize[i], end - start - compensation * field2);
+     }
+
+     return 0;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 40963d1254..9a99951f91 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -30,6 +30,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
            file://CVE-2022-48434.patch \
            file://CVE-2024-32230.patch \
+           file://CVE-2023-51793.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

From patchwork Fri Nov 22 21:26:26 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53025
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 940F2E6919C
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:08 +0000 (UTC)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by mx.groups.io with SMTP id smtpd.web11.35753.1732310819638770498
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:59 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bJgz0fsn;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f178.google.com with SMTP id
 d9443c01a7336-21269c8df64so27634105ad.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:26:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310819;
 x=1732915619; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JLK5qQZL2bKjP0P+vsYYRsRkzPfgqRmd5mZ11I8jhDA=;
        b=bJgz0fsnxT9KkyTBrd2TsOV//v1RoR+SkTdDMDQHflw7TsCGBg5NNkq+HvrHTW4vzo
         3A2fBPc+BWSbEzzlWavuzlgrdQPKkNDMl7gQqR6ej91IIVVa3ej2sbiDF89shLOI2Cp2
         LRCsK+a6pXos/KhrbJ0Gn8C0pzrof7MODdY/MvavDW1I7GxW3gh8qPH08BW0RCCBHt3t
         IMhDhN7I6DGPTOO2QkLVqMceJocKQwXiEK6nQsKohiyskszn/rL5sfq6NvTB2I+cDhwW
         yUzg1wFc7a+b65XiwU4YRZ802qxNOsbrQT7YZS2uJU4bNh4XS1NCNcBXW1y6+gfGgpqr
         LMyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310819; x=1732915619;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=JLK5qQZL2bKjP0P+vsYYRsRkzPfgqRmd5mZ11I8jhDA=;
        b=JYIWSngiruwbl0vW73l+6fCHgWBJrFbCQl+5r8qgdJRYYx3n5tmk9bmpSq3gT1ZmWM
         vGM7n/Njda0CAOqFAi8HlDhv6DM1ZYopWCL4pZhMfZy3BVoTXnb6IYaGu2ENl8qi+aea
         MmWqVXq+C5uFvexGeKuetIbW0+3zsN1ynpgqeFA0eMTXDFIl9n5I6qGu1F6qhQ3xFfk9
         n3ATSpLdDh6Q138nn7ZfY+51bD5w+oXhAXMyh4UDUJxeOSlv89CNYefJwxAQ39ABPWV9
         juCcolIr2Q+yKvDLXHVYwOr8EuFvlejeR0GY9FcrmLs8Ih2iTRxDUZHfqVDHZO7LajIQ
         MolA==
X-Gm-Message-State: AOJu0Yy2btWlZZe5uLqX7j/pQ5bB/GOb7DGFRVTJ84SFqFTOOnzqtzpR
	bSHwks7zmKey1qFGhJ36hJ/0q8SayIpNllTqsbrsMHCoIyXU+1NcdEWK11TLxM1kZ+Xt7bkpGKT
	b
X-Gm-Gg: ASbGncuqhQXg6qwn2z8eSP1Vu6ZkFEOLKV0TKhSYVdCxGOr/ij40rAfzPPjo58zmYZV
	jgNbsZbueis/Ut2YDfWK37ZIGSooDOCko3xORQigX6kirhirUMql+/77w60xcY5AyHRATF9wGpH
	kF8D6+UOQd6gCRm0hC/1PJThvu1Gb4ffte31B+P/jYa54+gSlaZKGUzt9GCOhv6yLLfxkhIJFWT
	9ADmHudcvTUbrDoH38Znaim3s/4whqfFQ5dY+w=
X-Google-Smtp-Source: 
 AGHT+IFCxNVaHaBJhDppEPYpXHcgjmlo4u5T3rEq8BHRHInV05+TESBC4Vikac4+VsqH4xaq3H+VEg==
X-Received: by 2002:a17:902:e843:b0:212:4a39:aa20 with SMTP id
 d9443c01a7336-2129f67adf1mr57136465ad.3.1732310818824;
        Fri, 22 Nov 2024 13:26:58 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:58 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/19] ffmpeg: fix CVE-2023-50008
Date: Fri, 22 Nov 2024 13:26:26 -0800
Message-Id: 
 <433c84c528bb9920399abfe9e9461d26a929bc7a.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207657

From: Archana Polampalli <archana.polampalli@windriver.com>

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2023-50008.patch        | 29 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
new file mode 100644
index 0000000000..aff234dabd
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch
@@ -0,0 +1,29 @@
+From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 12:08:20 +0100
+Subject: [PATCH 3/5] avfilter/vf_colorcorrect: fix memory leaks
+
+CVE: CVE-2023-50008
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_colorcorrect.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/vf_colorcorrect.c b/libavfilter/vf_colorcorrect.c
+index ee97b62..ac2de2a 100644
+--- a/libavfilter/vf_colorcorrect.c
++++ b/libavfilter/vf_colorcorrect.c
+@@ -498,6 +498,8 @@ static av_cold void uninit(AVFilterContext *ctx)
+     ColorCorrectContext *s = ctx->priv;
+
+     av_freep(&s->analyzeret);
++    av_freep(&s->uhistogram);
++    av_freep(&s->vhistogram);
+ }
+
+ static const AVFilterPad colorcorrect_inputs[] = {
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 9a99951f91..ee7485a445 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2022-48434.patch \
            file://CVE-2024-32230.patch \
            file://CVE-2023-51793.patch \
+           file://CVE-2023-50008.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

From patchwork Fri Nov 22 21:26:27 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53026
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 94710E6919E
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:08 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web10.35407.1732310820935523024
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:00 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=VNnPZbr2;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-724d57a9f7cso1962485b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310820;
 x=1732915620; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YdbFLgcMW63uIqMW9M0uvs49pAc6eSTMO+jauY5mKmw=;
        b=VNnPZbr2MDtvr0yfJyP0Z4vBRQB+g5vUjyXKZDRNEmn0bxevQSfP0QaZXKybSiczYM
         THrh/QBYHWOhNeiMc8bh8jszoPBbnLbWc2+xRg9u2zaJn4Wb7bqyyJscsL+v7a/1HlDO
         kqWANz45xXH2sxEDXYSpPX9B75XQ3KnS9fPeybO1FWq3Ib6yK+RElRgLMzXuA5jJ38U+
         ai7zQ6VhLDT9giqykA2OE8zoNKdSsN7/EL/Q5HW6mBlna2LsUaFwQu8B+PLG3WS5CRDV
         FCVgdaXtJE5t6PjLPQGiQb2RyVsGAQ62x6qXdpoxJZDILCa2xmFMlGWNmvJikgK8BQBU
         gU5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310820; x=1732915620;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YdbFLgcMW63uIqMW9M0uvs49pAc6eSTMO+jauY5mKmw=;
        b=C8OyzqDqBa1orczyurkJvbiToSrbsSotQ6N+iWi8WGdlgq24o0otT7FlSfdeVWDsVp
         Jwxj3aSGoi1xOH55K+gzPChdNlcsS0UzE28fEO8c5JID+T0S7pWo4huJpRb95GYKfcrb
         0mJ+Raf5v+juHWdt+8L2i55DQmabW/EbOfEYT3xE0yNT8akdzUYl2k60Ed2N5WtQs+eP
         oyR7lpvEJdGPoZBvXZfyaUyJvqeDU7BsqiEVmOakfKZ6cTKUqV7BN/kGD3WbmwIP6SAm
         5KOKxyEwVhG16CTr8X4UBSSiVgZ/dMeyKr4FNNejma15oy/gUW9fsDkjxVbvlYB3fXM5
         YE7g==
X-Gm-Message-State: AOJu0Yzr5QEk+fHAOR9No9pTDHmG9BYoNCWaDACS8VSZi3H+vgpY5Ir0
	zgVJXxEmXsIGN1hqJg5rlttBJz+9d6JiLFnUfEmjtFoW3pSgU12oKfvZSJOqcJCeTcIifSlkRR9
	5
X-Gm-Gg: ASbGncthsAtzEcg6S+GgPyUgNShXsOyIu+Kz9mhpDBAS/xGR4z5GdgPuyAXiTyiU30I
	QO4n3sQ5goBvPsHUVzcf6JCr5YFqNiT/bH2q+oxR+8QCCSkmPUNyyvGOIu255X15E4piBrJjSuR
	Znrm0huQIBkk1Q5HLmUzO6PK0J7TomfEnrzixenafOlCorLsUVusSqH/aMDaDhQxSOs4f4+sRLD
	1yGJTWu4OhxCisAHp3W3g9WG+3p3k+tjDDm/cs=
X-Google-Smtp-Source: 
 AGHT+IGIwIuapSu2REx6W4QM4dW4YinzJGgEuqcR2zQs6C+gaCZMtbl9Tzr3fFxVA4UrqpCO6Z5NfA==
X-Received: by 2002:a17:902:e54c:b0:212:5b57:80e2 with SMTP id
 d9443c01a7336-2129f28ecb0mr58379225ad.48.1732310820172;
        Fri, 22 Nov 2024 13:27:00 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.26.59
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:26:59 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/19] ffmpeg: fix CVE-2024-31582
Date: Fri, 22 Nov 2024 13:26:27 -0800
Message-Id: 
 <d675ceadf5844524e9f77c2c9b76b9ca42e699fc.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207658

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability
in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability
allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-31582.patch        | 34 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
new file mode 100644
index 0000000000..99b46dc4ea
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
@@ -0,0 +1,34 @@
+From 99debe5f823f45a482e1dc08de35879aa9c74bd2 Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Fri, 29 Dec 2023 05:56:43 +0800
+Subject: [PATCH 4/5] avfilter/vf_codecview: fix heap buffer overflow
+
+And improve the performance by a little bit.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+
+CVE: CVE-2024-31582
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_codecview.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c
+index aac038e..816d633 100644
+--- a/libavfilter/vf_codecview.c
++++ b/libavfilter/vf_codecview.c
+@@ -215,9 +215,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, int
+         buf[sx + w - 1] = color;
+         buf += stride;
+     }
+-
+-    for (int x = sx; x < sx + w; x++)
+-        buf[x] = color;
+ }
+
+ static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index ee7485a445..4a743c6dd7 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2024-32230.patch \
            file://CVE-2023-51793.patch \
            file://CVE-2023-50008.patch \
+           file://CVE-2024-31582.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

From patchwork Fri Nov 22 21:26:28 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53027
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AE078E6ADC2
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:08 +0000 (UTC)
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
 by mx.groups.io with SMTP id smtpd.web11.35756.1732310822522332373
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:02 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=QoU7nAS4;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-724e14b90cfso814732b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310821;
 x=1732915621; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/f3Q97x8gT8TOdHNg37TpjmLIaBLBanCJwhaosC7mFc=;
        b=QoU7nAS4Gd784PT3rzFDB7SWa3DoFtuQXmD+UPLXYOLJK1XLgkx2A2DkqpbVcs/zp9
         GL38Guqb8DwnZTGr4E6YCPoiOgyscmZjlx3BUVlDctYT4AAXsrPoD5/c6id+PLdDw4Di
         1VxzCRL7nQKVKOBCIFACVuvBuagaVes6ZyzAUsNTVtEANGa/YBROwhXDkoItBQKBUMtY
         /b3vh0kYTU8jOXfZCpQzBbuCJsEHJX4c0mn74WM74qL0Y0/YvsHvEIBCW/eghiW5Tq4x
         huSYgwf+My1Iu1+wLpGfjS4mlNLmVRWfAmJHzSxaOcoWWAMiGxZJzs2bq5rAw10qKviv
         5Maw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310821; x=1732915621;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/f3Q97x8gT8TOdHNg37TpjmLIaBLBanCJwhaosC7mFc=;
        b=HPB3m0T03PEIbdnvJi9Hi1IX63KKDywe3AAYpCKxygCA4fg1nu5w6F9GEI8SOLacdM
         pV8XJMz0RcoL7CufstggFpzmBd3ZBnrZ7roqVy/Rk9qcyErSWI2zz5Lx0Fo6AYeJijyI
         vdzEvf864GfaXJcwG+VKGy3yjaFAW4xJ4SQPNx0/Z+h09sfk9OeGWisEzLyozMjQ2fjH
         5SuOZNAWwtpUlvffP4ih6Kcf1PkFMot3OE7qPAZO2Fmw2eWKwgCybo2YK8l34ECFeeQz
         jGAi6s7kXV+yP1WFM4jR9QAy88zRtRERpO7iLwizSTBAGbHTKCebQ54CMEzsHuz91Pne
         XFhw==
X-Gm-Message-State: AOJu0YzUYSiyzyP752Hpj8b7JPmkiCvtMC9P3MVePysz7nH8Yv/Tc799
	6oJjH8SBLe82uBSAzHnpUPQKTO+Cff+w4LXrzfBG3ak3c5vOlUzyqQ8WiB8J4jPQHopvYtretNn
	B
X-Gm-Gg: ASbGnctoNDQgMN1N28jrfB2b7bTK6SEeJ/2B2hWDqdWbvGJ3Pcr0fSaGhWSDdqjh8cA
	johrY7m8ghLmzYrwQUsAaBr3Fzhdre/URBPvZvaYKB6u34+G3ZCfk8eA8QceT+xmGexGH3GAUlS
	QqWH2j4PBcCg5OzInvVvKEPBkJCjTNQo2Tn3mfphR2c257dzzir/tC/lTb/prqFcEhjiMMzD5BT
	zLfxgXo+nM8oGckhA7nUaHNUlwR58JiwNrxyEw=
X-Google-Smtp-Source: 
 AGHT+IFaTVn2KA7kFUrQSZoLBUBbcAcJ0I3pn+LYWZH8L6hkawLOuLHzq4ycnfb1L2cTGBvED6r/dA==
X-Received: by 2002:a17:902:f64c:b0:212:6981:7587 with SMTP id
 d9443c01a7336-2129fd0fc42mr66330425ad.24.1732310821627;
        Fri, 22 Nov 2024 13:27:01 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:01 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/19] ffmpeg: fix CVE-2024-31578
Date: Fri, 22 Nov 2024 13:26:28 -0800
Message-Id: 
 <072a5454fa6610fd751433c518f9beb5496851a1.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207659

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via
the av_hwframe_ctx_init function.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-31578.patch        | 49 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
new file mode 100644
index 0000000000..e67f4777f7
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch
@@ -0,0 +1,49 @@
+From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Tue, 20 Feb 2024 20:08:55 +0800
+Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant
+
+Fix heap use after free when vulkan_frames_init failed.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+
+CVE: CVE-2024-31578
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavutil/hwcontext.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
+index 31c7840..2a4d9ed 100644
+--- a/libavutil/hwcontext.c
++++ b/libavutil/hwcontext.c
+@@ -362,7 +362,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+     if (ctx->internal->hw_type->frames_init) {
+         ret = ctx->internal->hw_type->frames_init(ctx);
+         if (ret < 0)
+-            goto fail;
++            return ret;
+     }
+
+     if (ctx->internal->pool_internal && !ctx->pool)
+@@ -372,14 +372,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+     if (ctx->initial_pool_size > 0) {
+         ret = hwframe_pool_prealloc(ref);
+         if (ret < 0)
+-            goto fail;
++            return ret;
+     }
+
+     return 0;
+-fail:
+-    if (ctx->internal->hw_type->frames_uninit)
+-        ctx->internal->hw_type->frames_uninit(ctx);
+-    return ret;
+ }
+
+ int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 4a743c6dd7..ae02310af8 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -33,6 +33,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2023-51793.patch \
            file://CVE-2023-50008.patch \
            file://CVE-2024-31582.patch \
+           file://CVE-2024-31578.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

From patchwork Fri Nov 22 21:26:29 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53028
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A4F15D75E5B
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:08 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web11.35758.1732310825030970169
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:05 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=gIPjcL4j;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-212874cd62cso18025895ad.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310824;
 x=1732915624; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=8xhdifjKpJM7/1EfysM3L+1uNi05F+v2FSkP9STdI2E=;
        b=gIPjcL4jmrCrDXUX8golQeaYyEveVwIxV92CMhawxhNJBlm/0Pe5J8OYhmGVDzqu1X
         fCBTV6gWjtoDJXG1vqYKNoRwZBeVFw+b67+Qa8wSLeUxW3AhI/QVCsedGcpkdIC7iFcT
         10AjHSfoxoeZTPn9aaGn19ZvpXkLmoxFJe0BC+dSeAZ7GwMCqHCyhjtBlxBaZtKtU3gY
         ut/WAmUjw2tzgWTX6h2atk4uDeG+nh5v7FeEY8o+BQd/zPbo+bBalG4jgnEhQ7z9VcUn
         BByHCVyt12J3LEU0CcS5WFsH9pSODAnFcq2j9QS9a1VgxotyvyNAkO8APfwaa9B1OkSr
         C37Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310824; x=1732915624;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=8xhdifjKpJM7/1EfysM3L+1uNi05F+v2FSkP9STdI2E=;
        b=XNFyoN4V50P+Z4I63oXzOX09p9+2GxES0HKpsvnV2WXm8NApZnt/EzE/pfqoCQY7bK
         7jH/bKBvxxgz9DR8DYcVtzlsM53i44hhF1brA7dVEYiYW9tXY1VK+o2BjQotrzHZwKjR
         5smdppGVwoamE2nUKnkGu4yZKzl0s14Y+MHHZJOc0qguvq+b2yplgDUQb8CbZChs2uoz
         VLV6tg9FGbVBVPgk1WMi2ZEC4lRh+zMFybPXftzzS5bmBChLskVmEywWdwgYzsU07qsL
         ZRKLhiiNIJ52RMeRGRrcyWscggb5CSXRDYJI/o20VmDHzYbOic5tvTgCOdXfnMEORUCI
         9rrg==
X-Gm-Message-State: AOJu0YyE4ktf+5IajsaBLcgjAoXwQS5xurrrPDGdxq7kunhbgM/PhdJm
	ekJdbjr0/0B5jhOrkw1jT6Dg7dVLGkge1JvWIoh0HtOZYSl4tBmQ9aM6O+lcriu3BwFQx72ZBuZ
	u
X-Gm-Gg: ASbGncuEbs0IE4Imo8VDFA6fA+InNKDSWmdtFHA8qtaffJ5Psuzn6M2qNKs13DsW5kN
	g/kNDNrsvM6bA+XQkHvDAW8MzGqqFz5xqYsDcq3IQipsN2hGCnCg403+t8Wp34d97CpVc8vfpY4
	BS2B3164e5nt/kMBcdORVgjN/7pUKZCwwEj2kQSFtdzSObZyicZmJMnk3Kkv2OSnVNVbjhiXZRc
	VrsMEcKVN+CLrbsidO/0PN8HWL4czkCwNumPnU=
X-Google-Smtp-Source: 
 AGHT+IGf2+lE+wMTYZCJaFbioCzVEl6YTdzBTxZ4oQnMNOmExa8Z9+6f0UGQdrofWHQCTvhSokqglw==
X-Received: by 2002:a17:902:c949:b0:20b:6624:70b2 with SMTP id
 d9443c01a7336-2129f5db7b8mr48662935ad.19.1732310822904;
        Fri, 22 Nov 2024 13:27:02 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:02 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 10/19] ffmpeg: fix CVE-2023-51794
Date: Fri, 22 Nov 2024 13:26:29 -0800
Message-Id: 
 <248dc3b20971fb95f0ceb2a34959f857c89ae008.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207661

From: Archana Polampalli <archana.polampalli@windriver.com>

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a
local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2023-51794.patch        | 35 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
new file mode 100644
index 0000000000..a33ae5ffe9
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-51794.patch
@@ -0,0 +1,35 @@
+From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 23 Dec 2023 04:03:01 +0100
+Subject: [PATCH] avfilter/af_stereowiden: Check length
+
+Fixes: out of array access
+Fixes: tickets/10746/poc13ffmpeg
+
+Found-by: Zeng Yunxiang
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2023-51794
+
+Upstream-Status: Backport [https://github.com/ffmpeg/FFmpeg/commit/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/af_stereowiden.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c
+index 7cce1a8..f1a5b10 100644
+--- a/libavfilter/af_stereowiden.c
++++ b/libavfilter/af_stereowiden.c
+@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink)
+
+     s->length = s->delay * inlink->sample_rate / 1000;
+     s->length *= 2;
++    if (s->length == 0)
++        return AVERROR(EINVAL);
+     s->buffer = av_calloc(s->length, sizeof(*s->buffer));
+     if (!s->buffer)
+         return AVERROR(ENOMEM);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index ae02310af8..80a4e5b96f 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -34,6 +34,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2023-50008.patch \
            file://CVE-2024-31582.patch \
            file://CVE-2024-31578.patch \
+           file://CVE-2023-51794.patch \
           "
 
 SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"

From patchwork Fri Nov 22 21:26:30 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53030
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B30F5E6ADC3
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:08 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web10.35411.1732310824857100379
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:04 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=kzxftMKx;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-21270d64faeso17261925ad.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310824;
 x=1732915624; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ncn9TxYFGAZMD/iCV3ZNcaYuq9YHmBSzS4e22wiX23s=;
        b=kzxftMKxRZogmAR3vhvrNzOWrR8b24uDYUj9zU2p/ISMoiRE5p1KtzeW/iVmHxcjsL
         ojwyhtDPc1uRoW/cIqGsaZxZDhg8ttLOFnoxpN+7UFuUh2obXPPPTRUNzqhAp5aeNnTd
         tiRViV5UE27xMQeFbMZmUM3qrEjuo+DD82c0Kp5cDVDVCGEBOciuwITa1BYXwF+B4plu
         VNPLUqixqxZIkElNsHwHoiTB2b+AzvaPwSlJ48z9Sv/i2WVwD/Zl951VL9jGsxzLS1YI
         P/emsw9F73tnNbK2DDOi9+JQ2HldBF09/qB07Mre2rQMabIV782Ecu40UO7sfSHBiInI
         5NlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310824; x=1732915624;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ncn9TxYFGAZMD/iCV3ZNcaYuq9YHmBSzS4e22wiX23s=;
        b=rFUoU52/RDuPKXT+w3/4tbKgelxFIvG6GBh4Q5XFyBgakeH1D26pZT2FGRj563ksJI
         q2SAz1W01qnJdglIFSEpDT0hNk1Ck/a2iriIPyPWD6neHyl5z0bHZttRaONyBHCz/Bde
         WIMxPcRCZNeAODCTPPqUb12Q/YDvBRhI3ky5/5NawPCvM4K0wuzkxAq081rwWEtCKgQP
         y8E5OykQm5hm549AlyEfPC6a9eH0AQye4NDxOq4nyBxRJzKEtVr/RBx0uAEKmH1Otj9c
         88cqUyu1fxvBcCKDedxBYQjZXFe5yEJiFGUZr7X4HpyxTw8IrzaoNWci8yZGJydxpCy6
         T/lg==
X-Gm-Message-State: AOJu0YwMTxmn22Rn9T5OYdiA8UU0fE2laHSmMmV4/YGPb708jB4XdbcU
	lM3y4Igl3lSGEUgnD6d/TwKM/hpt9AGU6uLZFAU34sdCXCvaFBJZbOZ+MRuUBRqibkphPoSX2vo
	Y
X-Gm-Gg: ASbGncsbJdAMHzs+/1jDeXENxis1uT0TnyVMJgs0A4gwR0rQE/CKuP3hac8lItqok2C
	RTPSHM7JXrHitnCHClVD6RlExvToyCtmRn+7IMLk+aPCedRkaW+/pfydFjQhXjlXk6i2VJuDlb9
	zyLKlpeTVW26o1SH/8nduGlJKqNzTEWZiPlmP3A6ZLsB3u2JTBZZ7Rg0zPMpK+Ip+L8s/E0csMG
	VeFqGtL212D66SQH3Cgwk/yHR+r5wt3tVQKmsg=
X-Google-Smtp-Source: 
 AGHT+IFXTGjx8rRB1o4/LMDujoxXVM355ZBoFnPdufxnkmmMyw4tIrrBSbVg1UNlo02e3zQt5nPdFA==
X-Received: by 2002:a17:902:c941:b0:20b:5231:cd61 with SMTP id
 d9443c01a7336-2129f69b854mr66034375ad.24.1732310824160;
        Fri, 22 Nov 2024 13:27:04 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.03
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:03 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 11/19] wireless-regdb: upgrade 2024.07.04 ->
 2024.10.07
Date: Fri, 22 Nov 2024 13:26:30 -0800
Message-Id: 
 <566fc928ddbbacb59fcd62448315afa3e4de7147.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207660

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f124bb09a798d94eca5e93387bc361b147ce53f9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ireless-regdb_2024.07.04.bb => wireless-regdb_2024.10.07.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.07.04.bb => wireless-regdb_2024.10.07.bb} (94%)

diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
index daf5e6dfcd..0e4100fba7 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.07.04.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "9832a14e1be24abff7be30dee3c9a1afb5fdfcf475a0d91aafef039f8d85f5eb"
+SRC_URI[sha256sum] = "f76f2bd79a653e9f9dd50548d99d03a4a4eb157da056dfd5892f403ec28fb3d5"
 
 inherit bin_package allarch
 

From patchwork Fri Nov 22 21:26:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53029
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A4940E6919F
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:08 +0000 (UTC)
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
 by mx.groups.io with SMTP id smtpd.web10.35415.1732310826313014158
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:06 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=rmyBPhEB;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-724d8422f37so1791780b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310825;
 x=1732915625; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PR7F7XTsh9EYwx+6XSEGfF16KAwGmVjEKrYXOk1ZuZw=;
        b=rmyBPhEB5Ed4DQJZ/RWg0xpV5IBxB7sP0oyiuVMCFAxeNyXixKR930zRWUHTMHRjdg
         nJ4sHfJeyB+4FkqP8demjNIfo6v8P3XzyUmNVNekRAj6DEE5cX50R6D2/kU9INbtt8aA
         OuBJy9IfZSpgX1iR6QLFiNpCSjKvPJEc44pOTUBA/luDDO51NSy52XhNglg16JT/VjuS
         NmhNRMjgZlC26reAdiL0S2F82FGTZozTELpLGe9tB1XXpa+bellXkRZsLN4Op2g85wd/
         STPPGLJ3Sp/up+GfQdtl7rklD3dIpQYCFbQ2o3ONlb/grmEMBfXuOz7bb3iIGO7iOAzV
         w/tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310825; x=1732915625;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PR7F7XTsh9EYwx+6XSEGfF16KAwGmVjEKrYXOk1ZuZw=;
        b=gRUgCW1kHzw954AEnpjxTjZOAw2zpc7JjQRGvm/wgoq/S990J3xX330gWUVGz0wrUV
         I3zPQ1Lll4PInr2ThE1nWBXBaFCrOYushkViDFkkNkRbF9Vt3XNJ8OyD8oSc8ohgqbjd
         tzj5Y2NfcEtZBUGNo/SilvlROSDvRQi1UgO47FW7WfCHXM6cAO05jBpM3t2f854gM6PZ
         eeX0XOTXmdye7Sc6duZfQDejKhqCcvOxo6nlJNPleZiR5wdRh71qxFInKnpY5zFfYwi1
         fg4T/UejNYVvCxs5a7RL+V3uMDlqjUY6zWb5JKgwto7vjsz48J+FZeAJeHxc/CFpjudO
         PDzQ==
X-Gm-Message-State: AOJu0YykULpcgFau0KyOJmqRtMTuwKppzXJEA0VofW+2YhdE39IJqdrm
	4icr/dYDRxg1JkV3ThIGa1KbNASNMAMsPbtXMSYdHBicag8IlxqEYtO8M1SHfVCAsFh/dcg2fCF
	M
X-Gm-Gg: ASbGncs7GayHoJbAy0XdCEF4zXS7E+fsvrva0qTYf6XyXyxqsdq+dNibjcxgcYPkcUg
	IypLZD23WVlrd0hvIzTsQE00PUQjy1YFGzVTYi6iYDSFFrJlaNlOI5qUXAM4ji/mj3b8/XeZU4W
	G5wUVDCwoBeks78YgtJtK0QYxnAfapiDP1e7j5FBurMJX8CclBerw5iZLMwLRb8EMJc5xoMe8Aq
	9kHB1Tdr4Vw99rxWfpKAzoC2s8u+ER62PbtlYo=
X-Google-Smtp-Source: 
 AGHT+IHqWWUzX8Y8KA2+PFXireCGpkKByfMf6SUiAc3aYfBA4baI6nlPbfYfI1TmgsDP9PnLXKsOcg==
X-Received: by 2002:a17:902:e84f:b0:212:2fde:1a1c with SMTP id
 d9443c01a7336-2129f82d755mr60600755ad.47.1732310825574;
        Fri, 22 Nov 2024 13:27:05 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:05 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 12/19] scripts/install-buildtools: Update to
 4.0.22
Date: Fri, 22 Nov 2024 13:26:31 -0800
Message-Id: 
 <ca09d02ae7628d7d003aaaaa7b600aa6d58d515c.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207662

From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>

Update to the 4.0.22 release of the 4.0 series for buildtools.

Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/install-buildtools | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 9054eb5f36..616330dfdc 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
 
 DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
 DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-4.0.21'
-DEFAULT_INSTALLER_VERSION = '4.0.21'
+DEFAULT_RELEASE = 'yocto-4.0.22'
+DEFAULT_INSTALLER_VERSION = '4.0.22'
 DEFAULT_BUILDDATE = '202110XX'
 
 # Python version sanity check

From patchwork Fri Nov 22 21:26:32 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53036
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B6056E6ADC3
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com
 [209.85.210.182])
 by mx.groups.io with SMTP id smtpd.web10.35417.1732310828986057280
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:09 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=o4xsp2Wl;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f182.google.com with SMTP id
 d2e1a72fcca58-71e625b00bcso2283619b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310828;
 x=1732915628; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4pUi+yGJsn6HBDWLWBMH5e1BWADCjiDdHeK54ygFq/Q=;
        b=o4xsp2WlETbKx1l/5ReSktmleb/byfIyr0yQ9e3WGxZ0JE/OYK7o+0wOkRv+g5VtjF
         cHqZkoRoa/2mF1gqHHDwvUT+sERUhFxnDcqTi2is31hOwq+pEHU1sb2iQodGfxq6EYZG
         28X5Gkf8wM+ZQME3aJwN2pOIdSOH/2zEF3UFEsJ/ukndDLyViK87Ge74e16Y/1R/kVxX
         AbXSrpkF4I9+u+jG8Kydxx+gd6mhQAlNHI4YmPkAbE7/LSQ3myYdDvWQkuiu+kao1Vfy
         RrCKm0GQ4PpfWN63DyDEhVtpiruv1SULi8+2zYO59UB+IUs+OvAXNRGrBiDyS1C0mHwZ
         LA5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310828; x=1732915628;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4pUi+yGJsn6HBDWLWBMH5e1BWADCjiDdHeK54ygFq/Q=;
        b=UsNmgAbfzYsDBPnAhqsekKj5S8XpjSlkNadO+nf7OCecaX10BXts3hulm7P0srS/BO
         AQ07ZCUyGPuU66/dTm0fetGyx4PGhIZbfnCVnqetPijoJ0AcC1Ck64PgfR74dCZlXHwg
         1C5fYAN5n313ukZBSIZUw8BWpGq7ZG3r3K28vJ8ShycfsRbwk71Rc1wv0hYXWE6INuxb
         Blhbwg9+VS3AmlQNsyygkVLuAcwpOornxr8ec+9EONcy+RQnnW0iEo1jgQtOwKTR8i6J
         PPYg/P2Rgk0o8v2076tfxuyEQI9/f/n90HiYJWPKjn5TzuEQfxySneJQuTGKXY0YLcD7
         q9Yw==
X-Gm-Message-State: AOJu0YyQux+Y/ZpD01DkrR1Dglrtn/ypJsLEpYyIae9TKExa98tdp3r2
	pskDvCLHKnvAQ90KMLHGnaGSlg9ZkQJg1J44u4Le+Zhc7XD8uI3P7oorhEf6ar7xXKoSs28KDwA
	Y
X-Gm-Gg: ASbGnct8x62jaoFcq1lgz+kHnR5jxNMkKVfrGM7j6683kd9PllvW1Abe4b3bXxecB2K
	xPMoWHR0oldT3NoyyqyG5QK49cpea64nw+4086GReK4IdapmnJmCqfkQa5PrRMq3luVv6E/nogi
	derkXUVej06RfbMPPYJYH0b82GVWZxHJk0B8KGCXcAGJA61waCmZvwDgWQiDvYT3WGs+lMPE61K
	xA4fAjUe1Tf5UxeaMUKOEQxq3ov46eaHAMZRmg=
X-Google-Smtp-Source: 
 AGHT+IE/U50NSCCMR40UJC9NwGBZgbNp6PO/DhvUfTzMcJV9K5ZKrKX6opwsiRDiJJxvpRiXL26kqw==
X-Received: by 2002:a17:903:22d1:b0:20c:bbac:2013 with SMTP id
 d9443c01a7336-2129f758564mr63345735ad.48.1732310828116;
        Fri, 22 Nov 2024 13:27:08 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:07 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 13/19] webkitgtk: Fix build on 32bit arm
Date: Fri, 22 Nov 2024 13:26:32 -0800
Message-Id: 
 <dbdaeb9ff6bf7ce8478f2d61f2f22f84918c26fe.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207663

From: Khem Raj <raj.khem@gmail.com>

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(From OE-Core rev: 9294ccb9530ce70b2513b2e112644ec5e9f8e701)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...44e17d258106617b0e6d783d073b188a2548.patch | 296 ++++++++++++++++++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   1 +
 2 files changed, 297 insertions(+)
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch

diff --git a/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
new file mode 100644
index 0000000000..32f92f7ff5
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
@@ -0,0 +1,296 @@
+From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro <aperez@igalia.com>
+Date: Thu, 2 Jun 2022 11:19:06 +0300
+Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast
+ path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182
+
+Reviewed by NOBODY (OOPS!).
+
+Move the NEON fast path for the SVG lighting filter effects into
+FELightingSoftwareApplier, and arrange to actually use them by
+forwarding calls to applyPlatformGeneric() into applyPlatformNeon().
+
+Some changes were needed to adapt platformApplyNeon() to the current
+state of filters after r286140. This was not detected because the code
+bitrotted due to it being guarded with CPU(ARM_TRADITIONAL), which does
+not get used much these days: CPU(ARM_THUMB2) is more common. It should
+be possible to use the NEON fast paths also in Thumb mode, but that is
+left for a follow-up fix.
+
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp:
+(WebCore::FELightingSoftwareApplier::platformApplyNeonWorker):
+(WebCore::FELightingSoftwareApplier::getPowerCoefficients):
+(WebCore::FELighting::platformApplyNeonWorker): Deleted.
+(WebCore::FELighting::getPowerCoefficients): Deleted.
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h:
+(WebCore::FELightingSoftwareApplier::applyPlatformNeon):
+(WebCore::FELighting::platformApplyNeon): Deleted.
+* Source/WebCore/platform/graphics/filters/DistantLightSource.h:
+* Source/WebCore/platform/graphics/filters/FELighting.h:
+* Source/WebCore/platform/graphics/filters/PointLightSource.h:
+* Source/WebCore/platform/graphics/filters/SpotLightSource.h:
+* Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h:
+---
+Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ .../cpu/arm/filters/FELightingNEON.cpp        |  4 +-
+ .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +++++++++----------
+ .../graphics/filters/DistantLightSource.h     |  4 ++
+ .../platform/graphics/filters/FELighting.h    |  7 ---
+ .../graphics/filters/PointLightSource.h       |  4 ++
+ .../graphics/filters/SpotLightSource.h        |  4 ++
+ .../software/FELightingSoftwareApplier.h      | 16 ++++++
+ 7 files changed, 57 insertions(+), 36 deletions(-)
+
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
++++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+@@ -49,7 +49,7 @@ short* feLightingConstantsForNeon()
+     return s_FELightingConstantsForNeon;
+ }
+ 
+-void FELighting::platformApplyNeonWorker(FELightingPaintingDataForNeon* parameters)
++void FELightingSoftwareApplier::platformApplyNeonWorker(FELightingPaintingDataForNeon* parameters)
+ {
+     neonDrawLighting(parameters);
+ }
+@@ -464,7 +464,7 @@ TOSTRING(neonDrawLighting) ":" NL
+     "b .lightStrengthCalculated" NL
+ ); // NOLINT
+ 
+-int FELighting::getPowerCoefficients(float exponent)
++int FELightingSoftwareApplier::getPowerCoefficients(float exponent)
+ {
+     // Calling a powf function from the assembly code would require to save
+     // and reload a lot of NEON registers. Since the base is in range [0..1]
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
++++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+@@ -24,14 +24,15 @@
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
+-#ifndef FELightingNEON_h
+-#define FELightingNEON_h
++#pragma once
+ 
+ #if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
+ 
+-#include "FELighting.h"
++#include "FELightingSoftwareApplier.h"
++#include "ImageBuffer.h"
+ #include "PointLightSource.h"
+ #include "SpotLightSource.h"
++#include <wtf/ObjectIdentifier.h>
+ #include <wtf/ParallelJobs.h>
+ 
+ namespace WebCore {
+@@ -93,14 +94,14 @@ extern "C" {
+ void neonDrawLighting(FELightingPaintingDataForNeon*);
+ }
+ 
+-inline void FELighting::platformApplyNeon(const LightingData& data, const LightSource::PaintingData& paintingData)
++inline void FELightingSoftwareApplier::applyPlatformNeon(const FELightingSoftwareApplier::LightingData& data, const LightSource::PaintingData& paintingData)
+ {
+-    alignas(16) FELightingFloatArgumentsForNeon floatArguments;
+-    FELightingPaintingDataForNeon neonData = {
++    WebCore::FELightingFloatArgumentsForNeon alignas(16) floatArguments;
++    WebCore::FELightingPaintingDataForNeon neonData = {
+         data.pixels->data(),
+         1,
+-        data.widthDecreasedByOne - 1,
+-        data.heightDecreasedByOne - 1,
++        data.width - 2,
++        data.height - 2,
+         0,
+         0,
+         0,
+@@ -111,23 +112,23 @@ inline void FELighting::platformApplyNeo
+     // Set light source arguments.
+     floatArguments.constOne = 1;
+ 
+-    auto color = m_lightingColor.toColorTypeLossy<SRGBA<uint8_t>>().resolved();
++    auto color = data.lightingColor.toColorTypeLossy<SRGBA<uint8_t>>().resolved();
+ 
+     floatArguments.colorRed = color.red;
+     floatArguments.colorGreen = color.green;
+     floatArguments.colorBlue = color.blue;
+     floatArguments.padding4 = 0;
+ 
+-    if (m_lightSource->type() == LS_POINT) {
++    if (data.lightSource->type() == LS_POINT) {
+         neonData.flags |= FLAG_POINT_LIGHT;
+-        PointLightSource& pointLightSource = static_cast<PointLightSource&>(m_lightSource.get());
++        const auto& pointLightSource = *static_cast<const PointLightSource*>(data.lightSource);
+         floatArguments.lightX = pointLightSource.position().x();
+         floatArguments.lightY = pointLightSource.position().y();
+         floatArguments.lightZ = pointLightSource.position().z();
+         floatArguments.padding2 = 0;
+-    } else if (m_lightSource->type() == LS_SPOT) {
++    } else if (data.lightSource->type() == LS_SPOT) {
+         neonData.flags |= FLAG_SPOT_LIGHT;
+-        SpotLightSource& spotLightSource = static_cast<SpotLightSource&>(m_lightSource.get());
++        const auto& spotLightSource = *static_cast<const SpotLightSource*>(data.lightSource);
+         floatArguments.lightX = spotLightSource.position().x();
+         floatArguments.lightY = spotLightSource.position().y();
+         floatArguments.lightZ = spotLightSource.position().z();
+@@ -145,7 +146,7 @@ inline void FELighting::platformApplyNeo
+         if (spotLightSource.specularExponent() == 1)
+             neonData.flags |= FLAG_CONE_EXPONENT_IS_1;
+     } else {
+-        ASSERT(m_lightSource->type() == LS_DISTANT);
++        ASSERT(data.lightSource->type() == LS_DISTANT);
+         floatArguments.lightX = paintingData.initialLightingData.lightVector.x();
+         floatArguments.lightY = paintingData.initialLightingData.lightVector.y();
+         floatArguments.lightZ = paintingData.initialLightingData.lightVector.z();
+@@ -155,38 +156,39 @@ inline void FELighting::platformApplyNeo
+     // Set lighting arguments.
+     floatArguments.surfaceScale = data.surfaceScale;
+     floatArguments.minusSurfaceScaleDividedByFour = -data.surfaceScale / 4;
+-    if (m_lightingType == FELighting::DiffuseLighting)
+-        floatArguments.diffuseConstant = m_diffuseConstant;
++    if (data.filterType == FilterEffect::Type::FEDiffuseLighting)
++        floatArguments.diffuseConstant = data.diffuseConstant;
+     else {
+         neonData.flags |= FLAG_SPECULAR_LIGHT;
+-        floatArguments.diffuseConstant = m_specularConstant;
+-        neonData.specularExponent = getPowerCoefficients(m_specularExponent);
+-        if (m_specularExponent == 1)
++        floatArguments.diffuseConstant = data.specularConstant;
++        neonData.specularExponent = getPowerCoefficients(data.specularExponent);
++        if (data.specularExponent == 1)
+             neonData.flags |= FLAG_SPECULAR_EXPONENT_IS_1;
+     }
+     if (floatArguments.diffuseConstant == 1)
+         neonData.flags |= FLAG_DIFFUSE_CONST_IS_1;
+ 
+-    int optimalThreadNumber = ((data.widthDecreasedByOne - 1) * (data.heightDecreasedByOne - 1)) / s_minimalRectDimension;
++    static constexpr int minimalRectDimension = 100 * 100; // Empirical data limit for parallel jobs
++    int optimalThreadNumber = ((data.width - 2) * (data.height - 2)) / minimalRectDimension;
+     if (optimalThreadNumber > 1) {
+         // Initialize parallel jobs
+-        ParallelJobs<FELightingPaintingDataForNeon> parallelJobs(&WebCore::FELighting::platformApplyNeonWorker, optimalThreadNumber);
++        ParallelJobs<FELightingPaintingDataForNeon> parallelJobs(&FELightingSoftwareApplier::platformApplyNeonWorker, optimalThreadNumber);
+ 
+         // Fill the parameter array
+         int job = parallelJobs.numberOfJobs();
+         if (job > 1) {
+             int yStart = 1;
+-            int yStep = (data.heightDecreasedByOne - 1) / job;
++            int yStep = (data.height - 2) / job;
+             for (--job; job >= 0; --job) {
+                 FELightingPaintingDataForNeon& params = parallelJobs.parameter(job);
+                 params = neonData;
+                 params.yStart = yStart;
+-                params.pixels += (yStart - 1) * (data.widthDecreasedByOne + 1) * 4;
++                params.pixels += (yStart - 1) * data.width * 4;
+                 if (job > 0) {
+                     params.absoluteHeight = yStep;
+                     yStart += yStep;
+                 } else
+-                    params.absoluteHeight = data.heightDecreasedByOne - yStart;
++                    params.absoluteHeight = (data.height - 1) - yStart;
+             }
+             parallelJobs.execute();
+             return;
+@@ -199,5 +201,3 @@ inline void FELighting::platformApplyNeo
+ } // namespace WebCore
+ 
+ #endif // CPU(ARM_NEON) && COMPILER(GCC_COMPATIBLE)
+-
+-#endif // FELightingNEON_h
+--- a/Source/WebCore/platform/graphics/filters/DistantLightSource.h
++++ b/Source/WebCore/platform/graphics/filters/DistantLightSource.h
+@@ -25,6 +25,10 @@
+ #include "LightSource.h"
+ #include <wtf/Ref.h>
+ 
++namespace WTF {
++class TextStream;
++} // namespace WTF
++
+ namespace WebCore {
+ 
+ class DistantLightSource : public LightSource {
+--- a/Source/WebCore/platform/graphics/filters/FELighting.h
++++ b/Source/WebCore/platform/graphics/filters/FELighting.h
+@@ -35,8 +35,6 @@
+ 
+ namespace WebCore {
+ 
+-struct FELightingPaintingDataForNeon;
+-
+ class FELighting : public FilterEffect {
+ public:
+     const Color& lightingColor() const { return m_lightingColor; }
+@@ -67,11 +65,6 @@ protected:
+ 
+     std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
+ 
+-#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
+-    static int getPowerCoefficients(float exponent);
+-    inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
+-#endif
+-
+     Color m_lightingColor;
+     float m_surfaceScale;
+     float m_diffuseConstant;
+--- a/Source/WebCore/platform/graphics/filters/PointLightSource.h
++++ b/Source/WebCore/platform/graphics/filters/PointLightSource.h
+@@ -26,6 +26,10 @@
+ #include "LightSource.h"
+ #include <wtf/Ref.h>
+ 
++namespace WTF {
++class TextStream;
++} // namespace WTF
++
+ namespace WebCore {
+ 
+ class PointLightSource : public LightSource {
+--- a/Source/WebCore/platform/graphics/filters/SpotLightSource.h
++++ b/Source/WebCore/platform/graphics/filters/SpotLightSource.h
+@@ -26,6 +26,10 @@
+ #include "LightSource.h"
+ #include <wtf/Ref.h>
+ 
++namespace WTF {
++class TextStream;
++} // namespace WTF
++
+ namespace WebCore {
+ 
+ class SpotLightSource : public LightSource {
+--- a/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
++++ b/Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h
+@@ -36,6 +36,7 @@
+ namespace WebCore {
+ 
+ class FELighting;
++struct FELightingPaintingDataForNeon;
+ 
+ class FELightingSoftwareApplier final : public FilterEffectConcreteApplier<FELighting> {
+     WTF_MAKE_FAST_ALLOCATED;
+@@ -132,8 +133,23 @@ private:
+ 
+     static void applyPlatformGenericPaint(const LightingData&, const LightSource::PaintingData&, int startY, int endY);
+     static void applyPlatformGenericWorker(ApplyParameters*);
++
++#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
++    static int getPowerCoefficients(float exponent);
++    static void platformApplyNeonWorker(FELightingPaintingDataForNeon*);
++    inline static void applyPlatformNeon(const LightingData&, const LightSource::PaintingData&);
++
++    inline static void applyPlatformGeneric(const LightingData& data, const LightSource::PaintingData& paintingData)
++    {
++        applyPlatformNeon(data, paintingData);
++    }
++#else
+     static void applyPlatformGeneric(const LightingData&, const LightSource::PaintingData&);
++#endif
++
+     static void applyPlatform(const LightingData&);
+ };
+ 
+ } // namespace WebCore
++
++#include "FELightingNEON.h"
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index a2d455ab92..16acb205b1 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
            file://CVE-2022-48503.patch \
            file://CVE-2023-32439.patch \
            file://CVE-2024-40779.patch \
+           file://0d3344e17d258106617b0e6d783d073b188a2548.patch \
            "
 SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
 

From patchwork Fri Nov 22 21:26:33 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53032
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B9703E6ADC2
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web11.35760.1732310830198468631
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:10 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=z7QrAnJ2;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-21288402a26so25432575ad.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310829;
 x=1732915629; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Vu+86QSwUlliW+Kzzzj5D2QPbNLJbsNODniIVdSTnfg=;
        b=z7QrAnJ2kuvia6W+voA0uI6w4UHGLDPng5UVpvlk2WGJX5mUEOCbS+i1AOYHFydH4v
         7XVEFMhw+GpI4mFuZnlLR0B7dnMsRFuIEJDKawTDy+654BiLTUCSySzH0sTTPA7HYbgp
         4YAa/E5YmszttYJq2rXm12ibbqxFGPb82R2wlV3zasPeh7DasTVGSkcEuzISGGsdy+CD
         oa8rAt7fkRlKp9jKoywtSvmuOVNYQQGz/xLUsRZKkcxQhjWFZ8MthC24JDbBeCtxfZWp
         pr8c08dsBi1cJkdH/RbKAJd+dkhUaMUxFRJobYG93XMNoAhyJoI3udHaO4WGtRhB8ysh
         XkcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310829; x=1732915629;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Vu+86QSwUlliW+Kzzzj5D2QPbNLJbsNODniIVdSTnfg=;
        b=CmHRaHOHm0bfAzkv8UsqWqcuh0s3FAcxb7csKFOfdvY9PxH2gV6Y9FPzsqvubvkD/W
         58J1HupXsdsVWKm0FJKNLZFpsKtCad0//CJCip4MeMdvP6h06+YZLsY/N3V1cIdxmh1Q
         lQJmP9i1dbaoL5bJM/saNYQzZPtlUrfm7+R90FndgTlWA7sb1tqsLSrvPF8Lqyt0iTbL
         x+795SkIvxxgd5nrUsBnEBNvysr6uFLPU0IYnmiWwBpL/fTAIbrKToEWTyqjRnOSSqGc
         pJkjy2PwUI/sWqqfaPgbheCWYbRVwLtZbbzyzpFwFD+OMMvty35ozHn5NDNr3ONHvtEa
         KbMQ==
X-Gm-Message-State: AOJu0YwwWtlmUd7cJgcg3LfEL7yuhPX8myA/TkVp29KhVrlh3Gr5OoHz
	RFZfZpIg2FMzdgypzky2Nb5o/aWJWjus5IbvKbh98xni5j8/VKtPdtswZoKKSy8A4RdfjoK5hL8
	Z
X-Gm-Gg: ASbGncuUUqsRFwSNZkZ6RsaxT9GedSx6n6wA/EfyG3BnTmNerug7XSrEj4BluhXWJsx
	jsFGx3E7O04S6SFEVbYJW8kwF8wnd6WiWu8dTBsOU730u/aLpwIMyYMiI8dyUy34ABXf1+ybgpI
	BpaPjlpWo8/n0M8eGls4JMDPXSpYDXZ9nr/iwn04g0jMSaqmFNTElQxd+0rIYvYQFNJaAe87l0q
	SA/PLMYLcBhK1UVzJbQin8gLQ0wDhCGtdpxYBg=
X-Google-Smtp-Source: 
 AGHT+IGq9GgCON9laam+havT5rQvgoWsElNDHIEPW4eUVBrWEHZq8RDUzkq0dpKJBeL4UZ5gzIYy8A==
X-Received: by 2002:a17:902:f78f:b0:212:4835:10a with SMTP id
 d9443c01a7336-2129f24ca1dmr64763325ad.34.1732310829483;
        Fri, 22 Nov 2024 13:27:09 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.09
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:09 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 14/19] webkitgtk: fix perl-native dependency
Date: Fri, 22 Nov 2024 13:26:33 -0800
Message-Id: 
 <76cb08195f90b36395d7ad09ab8f2654eda0d204.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207664

From: Ovidiu Panait <ovidiu.panait@windriver.com>

Currently, perl-native is missing from DEPENDS for webkitgtk even though
perlnative bbclass is inherited. This happens because the DEPENDS variable is
reassigned right after perlnative class is inherited:

inherit perlnative (DEPENDS += "perl-native")
...
DEPENDS = " \
            ..."

Adjust the DEPENDS line to use += in order to fix this.

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(From OE-Core rev: a207c8f42f809340e0794cd326cb5c45e32d7d56)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index 16acb205b1..a62d99b227 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -36,7 +36,7 @@ REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', '
 
 CVE_PRODUCT = "webkitgtk webkitgtk\+"
 
-DEPENDS = " \
+DEPENDS += " \
           ruby-native \
           gperf-native \
           cairo \

From patchwork Fri Nov 22 21:26:34 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53037
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D2B65E6ADCB
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by mx.groups.io with SMTP id smtpd.web11.35761.1732310831854128087
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:11 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=karDr9Mx;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f176.google.com with SMTP id
 d2e1a72fcca58-72467c35ddeso2776912b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310831;
 x=1732915631; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BnPhishKfvnqlQV51aDLwF4A2SLdVYRWstd0TnOPIGE=;
        b=karDr9MxlVExO2QeSLYVZkW5YX23oqKqv/Qu6JIN+sc+T7otdqDZtGMniHxJKTMxlA
         6y+FhHgOyKcRWNX8mAwHOvtKVrebAG1d6PSM416tWbhf9g1zVxj5nH1AGGTV+nKC1Erp
         hpe7hxBnuD5gInhIN5QkvXJ4Cu9vKxg2YxuUJGwmzv6k8c+BsYYOSioctxH5PUbUSbzF
         hU5Idhmm/8CPdPqr986MZgb4T+7uodwvlRdNuQHhzQMC0qnlS5cEkGYcX7MXKzvf8di+
         /ijdz2R/PX09HhIOpgNR62NHijr6NQZgeiyJdjXAKptFtSkW95nmi4ZR0t7aMwkeF8A8
         eqNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310831; x=1732915631;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=BnPhishKfvnqlQV51aDLwF4A2SLdVYRWstd0TnOPIGE=;
        b=A1NJZhDhDgsx1xM/I/G2EVuIbi4YaZR2Z6JTn/vlFExWhBjB2+L3GhWI4wyKMRbIpn
         d5zZreqonCqhLQuQVw+pQy12rZ8F8sns2+tzSBsPu4HRiGaMJUGqpUdMsMiaCQyAOxwt
         7rEp3FOOG2d1kqQwb5H0E4rgG/m77KoNWLU68j/Q1DF3ys91r59F7aq6Yzk1hUYd86AK
         K1orf3ELIsok2YNfFhQByqDe/A2ZQJVsxB+9sXrX6EQgfGt7i/YmPg0CrhN3Gr919Gv2
         mA3DVdRt4b4lGdpE5Mp+19E6bf4keE3ogHebgm/fKGLiTX8JZoKcNiVBbtQID4g5yWXv
         vzdw==
X-Gm-Message-State: AOJu0Yz5jcFsNdgE5nhhIrBdwgwYS429j0zEg10Fzxg05tdMJ3DqaHAy
	ITWTRx0E/sxN7prYX7ygsj7Ix29w32GLFn54KEHt8lnDNuwLTsGQDxJ1gDcOS4AUfQKMrL6nn//
	u
X-Gm-Gg: ASbGncvW+Q1uCi7eDU1iIlFcUmZ9YeVVR71YJmzp4Dv/z+mL7IJKhzfTWAaT7r13QNP
	t0OICmAWcgJU8IlSQmn4l3pSaBPyaLnlsRwRitVuzMqxJS8xsj2izodR06Wel5STu0TJj0RptTy
	yMrDcoekgPx4kTkednu6evnxNONd9WxfSHdorRBV+t8qg0u8IhyiQxQaPkRTckU1EJYsHVjFfrK
	j37SrRowjDfC57xHuZcGY+jurLIiycThPhYVhI=
X-Google-Smtp-Source: 
 AGHT+IFyeD8WJTKI1oxIa7A9KK7N8y80Im8i+4ErvVIVvbnuptblIchHwAlYWv2dc5fJE72QGScU8Q==
X-Received: by 2002:a17:902:f693:b0:20c:7661:dc9a with SMTP id
 d9443c01a7336-2129fe097e6mr66873505ad.3.1732310831047;
        Fri, 22 Nov 2024 13:27:11 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:10 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 15/19] lttng-modules: fix build error after
 kernel update to 5.15.171
Date: Fri, 22 Nov 2024 13:26:34 -0800
Message-Id: 
 <20010748cc532261d8477d03a740a2acb7f6df76.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207665

From: Liyin Zhang <liyin.zhang.cn@windriver.com>

This patch fixes the following build error after kernel rebase.
lttng-modules-2.13.14/src/probes/../../include/lttng/define_trace.h:87,
lttng-modules-2.13.14/src/probes/../../include/instrumentation/events/kmem.h:576,
lttng-modules-2.13.14/src/probes/lttng-probe-kmem.c:35:
../../include/lttng/tracepoint-event-impl.h:133:6: error: conflicting types for 'trace_mm_page_alloc_zone_locked'; have 'void(struct page *, unsigned int,  int)'
133 | void trace_##_name(_proto);
    |      ^~~~~~
../../include/instrumentation/events/kmem.h:444:1: note: in expansion of macro 'LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP'
444 | LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(kmem_mm_page, mm_page_alloc_zone_locked,
    | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kernel-source/include/trace/events/kmem.h:9,
from lttng-modules-2.13.14/src/probes/lttng-probe-kmem.c:24:
kernel-source/include/linux/tracepoint.h:244:28: note: previous definition of 'trace_mm_page_alloc_zone_locked' with type 'void(struct page *, unsigned int,  int,  int)'
244 |         static inline void trace_##name(proto)                          \
    |                            ^~~~~~
kernel-source/include/linux/tracepoint.h:416:9: note: in expansion of macro '__DECLARE_TRACE'
416 |         __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args),              \
    |         ^~~~~~~~~~~~~~~
kernel-source/include/linux/tracepoint.h:539:9: note: in expansion of macro 'DECLARE_TRACE'
539 |         DECLARE_TRACE(name, PARAMS(proto), PARAMS(args))
    |         ^~~~~~~~~~~~~
kernel-source/include/trace/events/kmem.h:259:1: note: in expansion of macro 'DEFINE_EVENT'
259 | DEFINE_EVENT(mm_page, mm_page_alloc_zone_locked,
    | ^~~~~~~~~~~~

Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...c-fix-tracepoint-mm_page_alloc_zone_.patch | 61 +++++++++++++++++++
 .../lttng/lttng-modules_2.13.14.bb            |  1 +
 2 files changed, 62 insertions(+)
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch

diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
new file mode 100644
index 0000000000..abcc519e81
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
@@ -0,0 +1,61 @@
+From 6479c4ae43e7a2096b97c800ece57defd0ba62b7 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Tue, 12 Nov 2024 11:19:23 -0500
+Subject: [PATCH] fix: mm/page_alloc: fix tracepoint
+ mm_page_alloc_zone_locked() (v5.15.171)
+
+See upstream backported commit:
+
+  commit 28e7a507196fefd119e7ca2286840f1a9aad5e8a
+  Author: Wonhyuk Yang <vvghjk1234@gmail.com>
+  Date:   Thu May 19 14:08:54 2022 -0700
+
+    mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
+
+    [ Upstream commit 10e0f7530205799e7e971aba699a7cb3a47456de ]
+
+    Currently, trace point mm_page_alloc_zone_locked() doesn't show correct
+    information.
+
+    First, when alloc_flag has ALLOC_HARDER/ALLOC_CMA, page can be allocated
+    from MIGRATE_HIGHATOMIC/MIGRATE_CMA.  Nevertheless, tracepoint use
+    requested migration type not MIGRATE_HIGHATOMIC and MIGRATE_CMA.
+
+    Second, after commit 44042b4498728 ("mm/page_alloc: allow high-order pages
+    to be stored on the per-cpu lists") percpu-list can store high order
+    pages.  But trace point determine whether it is a refiil of percpu-list by
+    comparing requested order and 0.
+
+    To handle these problems, make mm_page_alloc_zone_locked() only be called
+    by __rmqueue_smallest with correct migration type.  With a new argument
+    called percpu_refill, it can show roughly whether it is a refill of
+    percpu-list.
+
+    Link: https://lkml.kernel.org/r/20220512025307.57924-1-vvghjk1234@gmail.com
+
+Change-Id: Ib76feb79d95e9f93c84c3aa1b946e57ac2e2666a
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+
+Upstream-Status: Backport [https://git.lttng.org/?p=lttng-modules.git;a=commit;h=6479c4ae43e7a2096b97c800ece57defd0ba62b7]
+
+Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
+---
+ include/instrumentation/events/kmem.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/instrumentation/events/kmem.h b/include/instrumentation/events/kmem.h
+index 9a0f0bbf..96a5d9c2 100644
+--- a/include/instrumentation/events/kmem.h
++++ b/include/instrumentation/events/kmem.h
+@@ -381,6 +381,7 @@ LTTNG_TRACEPOINT_EVENT_MAP(mm_page_alloc, kmem_mm_page_alloc,
+ )
+ 
+ #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,19,0) || \
++	LTTNG_KERNEL_RANGE(5,15,171, 5,16,0) || \
+ 	LTTNG_RHEL_KERNEL_RANGE(5,14,0,163,0,0, 5,15,0,0,0,0))
+ 
+ LTTNG_TRACEPOINT_EVENT_CLASS(kmem_mm_page,
+-- 
+2.25.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb
index a3e29ab7b7..e8af0eca44 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.14.bb
@@ -11,6 +11,7 @@ include lttng-platforms.inc
 
 SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://0009-Rename-genhd-wrapper-to-blkdev.patch \
+           file://0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch \
            "
 
 # Use :append here so that the patch is applied also when using devupstream

From patchwork Fri Nov 22 21:26:35 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53035
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D23E3E6ADCD
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by mx.groups.io with SMTP id smtpd.web10.35421.1732310833147555073
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:13 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=TOomUUrJ;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f176.google.com with SMTP id
 d2e1a72fcca58-724e5fb3f9dso915304b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310832;
 x=1732915632; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zVDk3xEU2QpjSHmmbqDmI0W3f5YcaJaRWLgrUepxspg=;
        b=TOomUUrJPXnoiwjJQSLJeX4vLSgKGWV61edAATAxBlEX2IAEG3a3GJvLkIrpDkcFNb
         DCVgtLNtut7EWlXP8K1tYC5Sf9Jw9HmCaeIWK8tEVTFUnc25NTwu3IOd0GvyJ9FPert2
         Q2nTXA3vbtyrrDsci0sFF/2PQTeDy+n/NGXmfvf4FKt9nsSmT6R2RTrPVBhpb7jeSUp7
         Vs7JBohKLa3S/nzYnRyn/o3Zyg1q0tfy8Sg0qllSmsaO9yJPlsU6ulovGSH4nB+0KQXM
         9DpFrW/dORYRpXDLjDrpqM49LVoy/dW82UoUvrX13ub29q33mNRkkyV5mTbJNGTh4uhy
         45TQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310832; x=1732915632;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=zVDk3xEU2QpjSHmmbqDmI0W3f5YcaJaRWLgrUepxspg=;
        b=BSfYRwOYBs11wMbAOyQ1GYe1az9sO4WlBRp57X6t81F/l9JzANTV9h03HzByaedkDl
         9bmDP8pqZIFslht+yeEzwZwq5sVAO+MZHi2hWgcmyoRMgd3bE/Y2QVmTZ7tj4sjseuhN
         MEssO6v/xAKJHsAE0UnRXMjqViLfHtHFxsztTyRuzHoS7tfFAl3zSXSlW88NGtID+ZTH
         q2HuL2dr2/G96aqx6/o7Hgvb5j2S22A7m2UTFIgtVzzRpjjJLfFmBcY9rYRh7PMbnQny
         n+fM8/NBl3lPeypdOZTnhWZdtDj86LH/fy+WEF7rHB12131omukfM3P9FUj8XOtjUMrD
         ylcQ==
X-Gm-Message-State: AOJu0YyBDGoZ/kkDabWgYA1Qnx33sknk4RDM5gzmnbPwbdrhuCR+wWAP
	rucTHz2SNIq/iuls1FZOtJ8uYfWJZZQLRM6VRVpWIPvS0hTVx+cptOaVjQt+sQsC6vLjCGE0HqL
	/
X-Gm-Gg: ASbGncsM+f7dlJnyr6kcZDx1J9Ob6bu0dQZIvAVYOd1soEg0torijMj6jPYPbx1jjZH
	G/d80RPqh4vgipTxariYHabu9qeViJPA8vVknTIXBwdLGoz5h6ycFoF4K503dJ+1ay9bxmA57sF
	+CelGj7miLWqhVZL109X17rLyCmyh8vFxcOLfTczagJq4sujkak+BS8uQlyF/ZJCN52wXzWnCPC
	fwadn3OFB/8/+M7v2FJI2aTsXIuUfnQVvsEiks=
X-Google-Smtp-Source: 
 AGHT+IEIB/02dCXe2cgawRiYLViOSDnzBlWzdlvsygf/5kq9+98PFzpxf53AdKx2yw2MTTuoK9EJlA==
X-Received: by 2002:a17:902:ecc3:b0:212:6a4:9b0 with SMTP id
 d9443c01a7336-2129f288b89mr58028195ad.43.1732310832375;
        Fri, 22 Nov 2024 13:27:12 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.11
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:12 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 16/19] webkitgtk: reduce size of -dbg package
Date: Fri, 22 Nov 2024 13:26:35 -0800
Message-Id: 
 <287584ee1068e36c7e758aa1d69ef71382c9adaa.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207666

From: Ross Burton <ross.burton@arm.com>

Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols (4.3GB to 700M at time of writing):

  Level 1 produces minimal information, enough for making backtraces in
  parts of the program that you don't plan to debug. This includes
  descriptions of functions and external variables, and line number
  tables, but no information about local variables.

This makes the sstate objects a lot more manageable, and packaging
faster.  On my machine:

  PKG          TASK                 ABSDIFF  RELDIFF  WALLTIME1 -> WALLTIME2
  webkitgtk    do_compile           -613.8s   -21.7%    2823.3s -> 2209.5s
  webkitgtk    do_package           -143.4s   -53.6%     267.7s -> 124.3s
  webkitgtk    do_install            -93.7s   -60.1%     156.0s -> 62.3s
  webkitgtk    do_populate_sysroot   -51.6s   -86.4%      59.7s -> 8.1s

Cumulative walltime:
  -892.9s    -26.5%    56:06.3 (3366.3s) -> 41:13.4 (2473.4s)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8361411ea0d67a2620680e2e86045799e072c80a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index a62d99b227..4849ee50ff 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -100,6 +100,10 @@ EXTRA_OECMAKE = " \
                 -DENABLE_GAMEPAD=OFF \
 		"
 
+# Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the
+# debug symbols (4.3GB to 700M at time of writing)
+DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
+
 # Javascript JIT is not supported on ARC
 EXTRA_OECMAKE:append:arc = " -DENABLE_JIT=OFF "
 # By default 25-bit "medium" calls are used on ARC

From patchwork Fri Nov 22 21:26:36 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53033
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C4FD7E6ADCA
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web10.35423.1732310834532418872
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Gp68EWah;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-212776d6449so28610215ad.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310834;
 x=1732915634; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fueMqMCKDe85k+POB8l5aEAMzTjCgxArBwaFFgllnEk=;
        b=Gp68EWahgC8MgbAC+WEAsEvzqKAxj0SExZd4Y2LroVKHKEDJ4ZtNvMtwzUPdYXOe+E
         eoXZm6obRLy6Ke8Cfss+A1+pKA6SlxbU6SoEYHnYvBRkl2QlcVPP5ICvVqvV5NcO68Sc
         oEuYI0CMfQFFeHeblwiiLs06+I0FI6+u4ojfOu0rovvb6gTd5PZQ+AetvuQ4XygOfkAO
         x8PX9hq2Qn0TZt6ETYkkpuubzaXH99WW5BdMBI7bfi507pV3jHH7ahlxoo9FNchi4Yzg
         +oaHrpWa5qQv01EGXP6oV1JD306vNoTp1VfmNI8TueQoCSswY6uRW1dygUNnGDSTgWf0
         OpiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310834; x=1732915634;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=fueMqMCKDe85k+POB8l5aEAMzTjCgxArBwaFFgllnEk=;
        b=KUQ948tFBznpB2pODB6NLeA/jCk9MVT1MScD/Piry9OTV96CWCU+/tp7VPm9Dvcsma
         uDDXlpUL5i9zji//t39ESzwqmv9lUi5oYKkUAWs3Xfg7pzz/YPPxey9jAcmSj55W+6Eu
         zv0O4HB4o+xvBEbpB730Q6Iph2g7FXZuUxjz6J9tHbtrjeoGT3immSmNU1J45/FTpXIi
         pDZqTRD3m5Bh7TTdgxIT05Ht/rTn8n4gwJeKSncTIAcfrKoGvF8/13lfN/z2MMGJzwlD
         fQbmLuWw3Kt/MozQOTxeRkCXnxPSetPY+d9gjQy4cteN3zlf4phsPSz7u8sDV66MZZBd
         5hpg==
X-Gm-Message-State: AOJu0Yxj8iAIjxqNr/ROC289oKwegjvXnRShjLzAZr/dzyPOwLdbV2QV
	jWCA8iFHofCgbqNdcBeiOeHpput2uN6xlr4ToonxreubZxNyMpLHzJ4WinsqgWw1MyoN7C7f4hz
	+
X-Gm-Gg: ASbGncsFiB3KkVsgISs1ouVoqtE/Zo5FLZfGbdEZt23+L8eNtLaIupeA6FwJSspCh39
	sdCNJMkEhoV2lMDeB51eGylz2s7YCaTiE6O/q4MsgWErW3BgYrDPpAoS0Lw4eeMsfnPIFAODFVf
	wo6JGfGmcDulayiEOxB/UAKh6uwXoxab3VIixFyPCkLC9mfTEIB1Nf6Mpf6QP8302vWjDPvnjBp
	LoRZrPTaLn8oig+Vdr5ycCXyU4pi5BU3s3afvc=
X-Google-Smtp-Source: 
 AGHT+IGIzFRo4UhG2CDNDUD3IoS72bu0qKmhXGZIDGP04p5cqU8UGFlhG0HeNiA+OBM5Ka9RtdndmA==
X-Received: by 2002:a17:902:ebc4:b0:212:5120:f212 with SMTP id
 d9443c01a7336-2129f51d710mr63040585ad.5.1732310833855;
        Fri, 22 Nov 2024 13:27:13 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:13 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 17/19] llvm: reduce size of -dbg package
Date: Fri, 22 Nov 2024 13:26:36 -0800
Message-Id: 
 <13a2f43920c53f9f1bc5ec52eba9eb48da265ef6.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207667

Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols

  Level 1 produces minimal information, enough for making backtraces in
  parts of the program that you don't plan to debug. This includes
  descriptions of functions and external variables, and line number
  tables, but no information about local variables.

This makes the sstate objects a lot more manageable, and packaging
faster.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/llvm/llvm_git.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index 6c2e8a5570..8dcd124c71 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -94,6 +94,8 @@ EXTRA_OECMAKE:append:class-nativesdk = "\
                   -DLLVM_TABLEGEN=${STAGING_BINDIR_NATIVE}/llvm-tblgen${PV} \
                   -DLLVM_CONFIG_PATH=${STAGING_BINDIR_NATIVE}/llvm-config${PV} \
                  "
+# Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of the debug symbols
+DEBUG_FLAGS:append = "${@oe.utils.vartrue('DEBUG_BUILD', '', ' -g1', d)}"
 
 do_configure:prepend() {
 # Fix paths in llvm-config

From patchwork Fri Nov 22 21:26:37 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53034
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C4FA8E6ADC9
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.35424.1732310835945913217
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=gSM+oc6X;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-212583bd467so25665495ad.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310835;
 x=1732915635; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=FgcxJQInlSDlU1ZPZCnb+/0ZsXJwXQ21vyWhse9ncug=;
        b=gSM+oc6XpegSFoATNnRWO9Ar4VcPSDJLepuW8gpc5xl9aUnJgtUftETkJXaC1HOyDv
         Fot3zTvEUavpyLA/rrwiZC29HiJsM30/9Qi4j2LpcCTFfM65v5+lxDdjHgARiSTJBxtc
         a6dxXVVxsnWufF+LKYDKXO0JlBkPRAmIBBHgHnssrpNse1Ihx743ouTBpimgFqqFc2c9
         aKSvbNFGdoKxApLNavEugFy2yJP7Fw3uyfW6E2B6M6X+4QdcRmpBa7dnSdkzgOl7U7v7
         zph84JuPwQynCUE8zcXLT2Or0dY57tRmJwqS5fkgZswwQycxgbZdgNomiRoyJciOS7fu
         mwpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310835; x=1732915635;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=FgcxJQInlSDlU1ZPZCnb+/0ZsXJwXQ21vyWhse9ncug=;
        b=DhFbbrvC74XMODbAWhHufGKFX2kHKUSMDK1k8COrSvFrq3tCksgx4IptTJ+iXGT9gP
         YUHZY5Rh5CpeIsLTk5L7+Ihky6B5xgseoJoC+Q+ytiN4DFZfdn2tWFErfbC1qApAyLnd
         QtovUydeJCS0Lvco3dNCk+zzBjTQBUC1J4BXlGRUbdrVDdxBDB1N+7UVcJhjyngnMYLz
         2byJmStU9bLekB41e5izN4E1g0GnGtJ/mPn9KqPWSMI22d3mc+bhC9oUEajBzPegK9ED
         3Xr0hUjidGKPPsCDrWDQKgb2mUiBE+re0glb40lQEAY8re+JFqmqzjhUoo/ffSHC9r4+
         eZ+A==
X-Gm-Message-State: AOJu0Ywj9tBiIpGLfZztFyspESVo1K3DgHnSXYtuxcSjuopUo5gjno4k
	YC67LpPLPo7YDiNRNUpPfafEJ36uSHEBvFPM29fMNwan1Sd2V5tL77esIvbWsmxljjGUu33rE+S
	J
X-Gm-Gg: ASbGncvLfRBbVf5swZbdoj9SNKcxAHmXvZC3g+MzDSUHCZ9N/zYDVkeGLhZD8BCYdum
	Z0yCTf8Bu/lYsT4+ybKSTfNp77eyeb8Ab7aUIwpTPAl6VQBOdJj4sx14tgPXgGfqL5leBJcHMNq
	mvXnmkcblTvwlaPFOljCVb3nfQZtY+a0NHNrQ2r7VfxcdvOy8K3H7keh0Y6VDgUtcdJuA2KvmJh
	3HZ9Vv8uUQ+cwwrgjbMjVvGeAnqvR3kUQag6i8=
X-Google-Smtp-Source: 
 AGHT+IHpZHX89qGMwo6Ksx6FHEycgriqLrA5V54emxWgzKVjsNZPKFYWdfDQDUBw0bKjxsmJhitItg==
X-Received: by 2002:a17:902:f605:b0:212:536a:57b0 with SMTP id
 d9443c01a7336-2129fd7fc07mr56413985ad.54.1732310835284;
        Fri, 22 Nov 2024 13:27:15 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.14
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:15 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 18/19] toolchain-shar-extract.sh: exit when
 post-relocate-setup.sh fails
Date: Fri, 22 Nov 2024 13:26:37 -0800
Message-Id: 
 <7050f445081801555614b264e1932e55538a7127.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207668

From: Chen Qi <Qi.Chen@windriver.com>

When LD_LIBRARY_PATH is set, post-relocate-setup.sh will fail and
exit properly. But such failure is ignored and the SDK installation
will continue and tell user that things succeed. This is misleading.
So exit immediately if post-relocate-setup.sh fails.

Fixes [Yocto #15586]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8e2dcc1f71aa33cc6e56dfdebebbe7ef010c944)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/files/toolchain-shar-extract.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index 4386b985bb..ec5e4aa922 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -284,6 +284,10 @@ post_relocate="$target_sdk_dir/post-relocate-setup.sh"
 if [ -e "$post_relocate" ]; then
 	$SUDO_EXEC sed -e "s:@SDKPATH@:$target_sdk_dir:g" -i $post_relocate
 	$SUDO_EXEC /bin/sh $post_relocate "$target_sdk_dir" "@SDKPATH@"
+	if [ $? -ne 0 ]; then
+		echo "Executing $post_relocate failed"
+		exit 1
+	fi
 	$SUDO_EXEC rm -f $post_relocate
 fi
 

From patchwork Fri Nov 22 21:26:38 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53031
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B9C58E6ADC6
	for <webhook@archiver.kernel.org>; Fri, 22 Nov 2024 21:27:18 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.35425.1732310837418910236
 for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:17 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=v5jpaOnp;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-724f0f6300aso209854b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Fri, 22 Nov 2024 13:27:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1732310837;
 x=1732915637; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=r3kBA5DkGas62gUhUUtByt8cuvsHEqu2EMaLijKXcTc=;
        b=v5jpaOnpzSJZVT4olxrqQxv4baTf9KqxQ/hltGoscsssVRWUEYGo1jpGymCnTGfUFQ
         evYla/CIQOlRvMT8u18rq/HQQc0sCldCGA9A2u3Zy3/Sj0/bhTbt27HJUfbOOAL7Ymri
         +QFhrTPlAOcevYmCjA+MPy7l0qx53ySPyRLt7A+RoF0dgZp5VyZmZgCmgxq11ZyUp1iI
         XobHBQxcQyMRDoxaE8RWrF1v749NVXRDPtI2+8fKNmHmfcbK0cMvFaqW3FPIjolZ+Xcl
         q2HMnmP/iGNTLQivSBDkXO86zfi2inNjctvGOUwmFlydccor7ffxtJNYYIj5KNNjHUOT
         288w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732310837; x=1732915637;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=r3kBA5DkGas62gUhUUtByt8cuvsHEqu2EMaLijKXcTc=;
        b=BPjSKOv5ROeGB6JS3faJ/DRceVd3yultc63DFE5txFQuZdTm41+itqS3EPpawihlbJ
         fzjmOQgENOa1syX+/LoxPjIUj4+HEKSNyDOZK6jBIXj0VzknVMRItEsD71Nzmo+ckHbC
         Dej7U4O6a455XunQU3ZOmzZcRZXZdFJ+YqceVLFyMOXcUEIlCGhnPntECL/02dfcAQ5N
         VlVSMFtE9j33f8BP3T3AjmP3rdwpbK4drF7FRDxOARa147NT3ZQ8C9V4I46b3m6QNSU3
         OtKKjz/qDGCIBOCBv3cM+T4/55R6SNL3z+5vmmau3BgqjPnXDXjDO1pEr9GqJZwMN8fa
         YwUQ==
X-Gm-Message-State: AOJu0YwiFXy1+qr/sx0aR5gaURhS6/1EO2QwFuE8eu9N1Yf/hRCYglp2
	K4CJMbTEm+cmMUx/GG+PF0ow4vdVUpZvtHccfYC9t3iqEaLi+TAiWfoa5IjSfWYAGW7P/gyFcul
	Q
X-Gm-Gg: ASbGncuylOSHrOwN7AHhv02C5sgKc9uOK7BbPLzqX62LXJP8N3ECDfi9ly5BQ/7s13g
	QxJpVrgCDD3i0Rrm9qHQepm1ysWQydLmBVGgh1Fi1vqTBhgPRnqkWX2gRu0TvK8hPoHCyezrzy3
	wTqEfF6KuJtNw8SbBcsuJgxdZI4nzEHD4Oih98QwMDkHI6Y3/DyIM5U+CiHFwvy+iWGUr3aP8zk
	F3GBqdY0GiLD5ZaDuzowaYnGJWzDskmQTEtA30=
X-Google-Smtp-Source: 
 AGHT+IEwqtFWTRIAIrGrQu2uusKHkbz7H695JaaG5ujw0ENg2T724f3EpTSsEzD9wcWWpq6IPRDUxA==
X-Received: by 2002:a17:903:228d:b0:211:f335:aba with SMTP id
 d9443c01a7336-2129f5790edmr73162905ad.31.1732310836665;
        Fri, 22 Nov 2024 13:27:16 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2129dbfe6fasm20814095ad.160.2024.11.22.13.27.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Nov 2024 13:27:16 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 19/19] udev-extraconf: fix network.sh script did
 not configure hotplugged interfaces
Date: Fri, 22 Nov 2024 13:26:38 -0800
Message-Id: 
 <8c10f4a4dc12f65212576e6e568fa4369014aaa0.1732310669.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1732310669.git.steve@sakoman.com>
References: <cover.1732310669.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 22 Nov 2024 21:27:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/207669

From: Regis Dargent <regis.dargent@gmail.com>

Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.

Signed-off-by: Regis Dargent <regis.dargent@gmail.com>

Fixes [YOCTO 15616]

network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.

Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../udev/udev-extraconf/network.sh            | 32 -------------------
 1 file changed, 32 deletions(-)

diff --git a/meta/recipes-core/udev/udev-extraconf/network.sh b/meta/recipes-core/udev/udev-extraconf/network.sh
index 3ee92714af..ace38808cd 100644
--- a/meta/recipes-core/udev/udev-extraconf/network.sh
+++ b/meta/recipes-core/udev/udev-extraconf/network.sh
@@ -6,38 +6,6 @@ echo "$INTERFACE" | grep -q wifi && exit 0
 # udevd does clearenv(). Export shell PATH to children.
 export PATH
 
-# Check if /etc/init.d/network has been run yet to see if we are 
-# called by starting /etc/rcS.d/S03udev and not by hotplugging a device
-#
-# At this stage, network interfaces should not be brought up
-# automatically because:
-# a)	/etc/init.d/network has not been run yet (security issue)
-# b) 	/var has not been populated yet so /etc/resolv,conf points to 
-#	oblivion, making the network unusable
-#
-
-spoofp="`grep ^spoofprotect /etc/network/options`"
-if test -z "$spoofp"
-then
-	# This is the default from /etc/init.d/network
-	spoofp_val=yes
-else
-	spoofp_val=${spoofp#spoofprotect=}
-fi
-
-test "$spoofp_val" = yes && spoofp_val=1 || spoofp_val=0
-
-# I think it is safe to assume that "lo" will always be there ;)
-if test "`cat /proc/sys/net/ipv4/conf/lo/rp_filter`" != "$spoofp_val" -a -n "$spoofp_val"
-then
-	echo "$INTERFACE" >> /dev/udev_network_queue	
-	exit 0
-fi
-
-#
-# Code taken from pcmcia-cs:/etc/pcmcia/network
-#
-
 # if this interface has an entry in /etc/network/interfaces, let ifupdown
 # handle it
 if grep -q "iface \+$INTERFACE" /etc/network/interfaces; then