From patchwork Thu Dec 12 14:07:47 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53985
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46AF9E77183
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:11 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web11.20311.1734012486915693924
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:06 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Y+oZQsTg;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-21670dce0a7so7181915ad.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012486;
 x=1734617286; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lCShGml12r/vyCIX+EJole9G3fqfJvOaatxMOZOPngk=;
        b=Y+oZQsTgsOxjOSRYyH3LLGgtrzKRqh/vNlpzY1Vuc97agYEgoN84v/hYFTheGZgp9T
         i7wx2dPVet4kHg2MncMsjY8PfKLELY/wsQjvSUVcU7n2F+oja8+j60JLA+tIefcMt5gY
         5QRlZG7IIaS3+GDI8aTjUWkDxeXd1gG2zGzUwATQNJruuBiUuwbXAGSlJT/jCPmthT+L
         awqanBU2fVOSrld0f1qUUntxLq15YP3hu9/R8Eb1n6R1IKbG6+U3xQWgJi+r45KBl/F/
         fvLoVFspq+6wUHXp23jP2MN+u20AQx+hgfc8nlIZVZcQiHvDonLbZ+xryDs1OkxtIEXu
         9zeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012486; x=1734617286;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lCShGml12r/vyCIX+EJole9G3fqfJvOaatxMOZOPngk=;
        b=F0rJm1ncTB+YnQsHKT5KHJ5Ml8lAb/SUZnSf6tl+B7TVtEyyjD8A3sXcKDmHv4tfjC
         5bi2hZYRPwOxNznp7XN+nn3hdOwIM8CSbbjX8rH+ZaD0XrNiEe8Z2ysK4BFZWm9FqeTq
         Dx5q7onAeNB8bn0DncRyKKtx7rjV3/UHgpdq++JTeBeq/QMpFEBRTthMBxLBOxWXrJAO
         YuNpP38FiPtTAo6hEvRqY92cAoKJN03Es12wLzWScpth8sQ7F5ChJPwUnFjg5U4C/zsk
         65qtOIoyuHHeq+Nr2NUD4Qy3ZA81o4EyzGDd6hjNM/v01hI7zYdkAopZjpFWgnXMWvRg
         k99A==
X-Gm-Message-State: AOJu0YwJZMnYBz3rqhH8FEngSsf7oMwiqLGEPs0zuWvFFSr9RLsJLvfR
	IU/SYe3MRJI4rzhDdnGgzFtZyaDBAVaecTed3Bl2ostNz6TzPh58jhLzgZChsT5l999kuEQlZvZ
	G
X-Gm-Gg: ASbGncuqPghdpLq4l0UL4V0daMiTCFo5Uw7qWQssf4VrjnRd5QqLkY6oNTMPQvifEXf
	zBitBdBatZXQ/HUtYjT4SO9ivwZPHca2Yps9dFAIO533dkWiFQ/JwAyZ0aDhv+SzQiPzeVBGtaj
	/hdH5kHhcFTLEYO7OjgvNFNjU9L6b5IvxtOO28eT8Z3WD0J2e+QgzLw0+Xa1HgK30NwHhefR2fk
	gq2Pcp7lWIuSm7pe6dMpDZXZhlN6EQbsDQhv5wZegs1Ig==
X-Google-Smtp-Source: 
 AGHT+IGD2dhxVtdwKKma7sTfUUYTqyfnD2xX+VFQbdhxF934hqM4Hwl0yikJ72Wp1MwESJw3CxnvPQ==
X-Received: by 2002:a17:903:41cf:b0:215:b9a7:526d with SMTP id
 d9443c01a7336-2177854ac96mr124965195ad.32.1734012486132;
        Thu, 12 Dec 2024 06:08:06 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:05 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 01/12] builder: set CVE_PRODUCT
Date: Thu, 12 Dec 2024 06:07:47 -0800
Message-Id: 
 <18773170492fc01ce7123ba0fac88e58750a3b93.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208635

From: Peter Marko <peter.marko@siemens.com>

Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.

Instead, set product to yocto to filter them.

(From OE-Core rev: fd4ec5a5318b36af0a9a0a097a5b1f1de44a8edf)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/builder/builder_0.1.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 7719b783c2..39abaf31ce 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,4 +29,5 @@ do_install () {
 	chown  builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
 }
 
-CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
+# do not report CVEs for other builder apps
+CVE_PRODUCT = "yoctoproject:builder"

From patchwork Thu Dec 12 14:07:48 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53984
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 507F9E77182
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:11 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.20314.1734012488463102058
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:08 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=dgV8es1X;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-216401de828so5835425ad.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012488;
 x=1734617288; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zkeZu1pnsopA7AvMUF6NVOe8rzGv7UbpLRnkQtqCWFg=;
        b=dgV8es1XqkeY+aAb09WpZqaCQz1wy9BtRzhHFCGjMCL53ef8oWpMt7IweiJZ3cz7Jd
         5xFuN8w1O3MuNxYSdb4fvNwYtbn1P0XYSUpjgLJb5sEpikw8llI7Qn1gtd7390HpGq2D
         vToANdij3YV48CfVEKTlNpkMpx+1gCLJ05bzVOAc/b0fJt9aLEiHDKDnA69BC0Jry3PH
         oTZ+Sse5nvtzrNcRqwWJuZzaTJbNtP2fwYuXtNPz4sI9vbhPDwyUPSs9Dau86EJmEtLL
         E3d1JH7oTP4QeAD/xbc+hFCUU+V0nv7x69W6paLOILQTyKiRJ2B2WO+chZzMo6Nsoqfz
         lALg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012488; x=1734617288;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=zkeZu1pnsopA7AvMUF6NVOe8rzGv7UbpLRnkQtqCWFg=;
        b=kA285fAo/rn97T/EqiiOcL6Dht7CJxnbIjS8Dhuco1i0hicLIxT5JgkCve/bABad+z
         F56wrr/OgIBnld7TzEMrnhBilu5lojTVE0oXQHcDs5G6awA9eizsIVeD0iEPWUP2B6Ys
         UJ94wmjIyQ7WZ1CwwWaLhSr9LAWNKYG+F7LEBKKciXgRgwP/C9CpLXc2RfoQbeaBH7gH
         iCFxG7V3XDLcIkb9KaaoECTB3RauOzZzyDmvkHIMqwBYzCQzCUkpYXU0r52NHsUv+gcY
         /8IetcZN+ierQzjZzR9LXEk7szA4HFjEhrYo+vKG1o5NC0Yh2d2lFyk9QMW9idTixDoS
         J+fg==
X-Gm-Message-State: AOJu0YxwuxP/CruWqgIYfV5LLVemQCj/HpeOAOi5Iv6ROGJ1wOLuPCY7
	gcgHQ/E3S84GGg+WGNZxN1xr7LQrDj7cuNyMRThmW9kcI/NVSVbopbOLRMoW4VVOwVH3iz0nT0z
	B
X-Gm-Gg: ASbGncsiw7CK1RrSYRbpDhLkh8UE2GHxU9i6qM8TWCVLVwIIJAHmWS0QirMt/Ytytko
	rd1Ovk5pAuiSOOTwc3AmgeotIBORWWgDDJlMkWP2JVigeu1e2n+58AM7rKOW7tPdp1H5/Qi62L5
	W/BHYjAUKEazik4X8W3E3SOdasnPLF23avQjtVuwBtcyJxlKn05zOoNfHTI3IzSA6xO42YIIHJ5
	wyoaZWQB3xLmUnl7PCS+nCOuLSO1OYTXoDOpxLPAV+paw==
X-Google-Smtp-Source: 
 AGHT+IHhatBU7eAomKCGvldi9LQwYNbZ9lwSIcH89sBwzIxWZz2jidbJVWDWOyaQWKPsmZXiwaUeUA==
X-Received: by 2002:a17:903:987:b0:216:311e:b1ce with SMTP id
 d9443c01a7336-21778509e8fmr126678015ad.32.1734012487632;
        Thu, 12 Dec 2024 06:08:07 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:07 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 02/12] qemu: patch CVE-2024-6505
Date: Thu, 12 Dec 2024 06:07:48 -0800
Message-Id: 
 <ded62bdb5ce9da62aaaa53ac20203bd87a7b1197.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208636

From: Peter Marko <peter.marko@siemens.com>

Backport patch [3] as linked from [1] via [2].

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-6505
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2295760
[3] https://gitlab.com/qemu-project/qemu/-/commit/f1595ceb

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2024-6505.patch             | 40 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 2786eedd42..73e1861b00 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -35,6 +35,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
+           file://CVE-2024-6505.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch
new file mode 100644
index 0000000000..67382a2a8e
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch
@@ -0,0 +1,40 @@
+From f1595ceb9aad36a6c1da95bcb77ab9509b38822d Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Mon, 1 Jul 2024 20:58:04 +0900
+Subject: [PATCH] virtio-net: Ensure queue index fits with RSS
+
+Ensure the queue index points to a valid queue when software RSS
+enabled. The new calculation matches with the behavior of Linux's TAP
+device with the RSS eBPF program.
+
+Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
+Reported-by: Zhibin Hu <huzhibin5@huawei.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+CVE: CVE-2024-6505
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/f1595ceb9aad36a6c1da95bcb77ab9509b38822d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ hw/net/virtio-net.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 8f30972708..5635620a31 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1949,7 +1949,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
+     if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
+         int index = virtio_net_process_rss(nc, buf, size);
+         if (index >= 0) {
+-            NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
++            NetClientState *nc2 =
++                qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
+             return virtio_net_receive_rcu(nc2, buf, size, true);
+         }
+     }
+-- 
+2.30.2
+

From patchwork Thu Dec 12 14:07:49 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53983
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4243DE77180
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:11 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web10.20314.1734012490486915898
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:10 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=XacubqLk;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.45,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-2ee50ffcf14so1524889a91.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012490;
 x=1734617290; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=rYIpv+KSh1Honqji24K0LJuAzhFMX6i97a4Wtx352y8=;
        b=XacubqLkIKGDadQumy/p+NwL7SFOibnO9OwtYgqDLxuyOziSYljUfxdklWUlHbDWcj
         cuirfxpFSvvTQSkg/GLfj9lZ1tjH4MjfnOg4EIkMcwNp023uta3veJZov/+BoCbaF4A0
         fnAzk5jk67cF6kjsEhHDzjS3/ovGvDRez/C1sAS7twdxqiFFaPU1gwUpb4odEcT6i82Z
         aLRaYEOM6b5shw1bQa/dEfTz0ag4jOJ8NUq+gC5ZmD1jUESrWfm2G/4rbOeL9M/3jYwO
         LB1VJfwAg5tU+PTZC23LauYk+j+EoYnIDxsh1QrSdYXT1p6jVdC6oGo/ipkKBPT1aDkt
         mMDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012490; x=1734617290;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=rYIpv+KSh1Honqji24K0LJuAzhFMX6i97a4Wtx352y8=;
        b=qXB6RMbO/SUZFC/QutDkAZ9Fw+Of8wvC6KrY8/ku/yEBM3dErsGReruNy1aXpggLnG
         Y3zNUPNoP/HgxPpVNh1/MUl/pwkNCTMbQT3wx7W6dYjG1RG7H0NGf61XwJ2jx7IWDurJ
         OvT5NJH8O09c7Rr7rvSFuVXxglVi6AdNrXBWiz2xZ9WxMdn35Hmkj6eYLztDFAGttaZM
         5zJ0vllWvk8/b8QjcBB0oYhJwQNbZRNtaT0MYTp6wveXD5HYdEoGSC2sUwHEdksRmOkr
         Qo2yIcUQl+VU16/4DPl0eLrAiuiKUckkkD+0mMfh49osqq1Y2k0ji8OTyJszjajdlgjE
         c1SA==
X-Gm-Message-State: AOJu0YxRaZ/ee0RlfsaZ/FwdalSjQuAq7lEb40htlyyOUp7fj0dScgV+
	ywz9wgbqwSPfTWxzVMwB9Ba+8y3p+IqOpGPp8jxhh1D0fqaaUCYGlR8g2YEkGEsS3X1KKgg4hPF
	2
X-Gm-Gg: ASbGncvwQeBAPkFYHWbVR+M/LUbj33B+dUhoOmFM5/SHTEP1WPfiMXLJAe71Iz6wA6h
	9AWCc51Y2qqnKlMWI8zjYb2DYjJJTcqcsILYfqPgpMSwG25PYjgP1GrgYDTHhFYgG8xXloAkxJE
	w5/XVCfZ91Uxpe3kh5Yq90MMRRBFAwXm73OxB4XcfWrg6cdT7UUSi/3vYg/x56YX82QOVUx8JN4
	DVxQ0E8y8RSpTHS3M+c62UDvY42ppozncZ3CDqj47pqwQ==
X-Google-Smtp-Source: 
 AGHT+IF5AF4V43tGW7jGVZdFW92KZTLiE6+Ov7Y2b0pz8BI47jBgwoi1hM8lFLoW2BSFcOMjSBvmEA==
X-Received: by 2002:a17:90b:1810:b0:2ef:ad48:7175 with SMTP id
 98e67ed59e1d1-2f13ac98c80mr4946767a91.15.1734012489125;
        Thu, 12 Dec 2024 06:08:09 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.08
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:08 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 03/12] libarchive: fix CVE-2024-48957 &
 CVE-2024-48958
Date: Thu, 12 Dec 2024 06:07:49 -0800
Message-Id: 
 <4f6a2eea1476bc7be1d55b6b6051c4b65d4d97fa.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208637

From: Hitendra Prajapati <hprajapati@mvista.com>

Backport fixes for:

* CVE-2024-48957 - Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
* CVE-2024-48958 - Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7

(From OE-Core rev: 8b520c3cea136591128f6601718c23334afd7a55)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libarchive/CVE-2024-48957.patch           | 36 +++++++++++++++++
 .../libarchive/CVE-2024-48958.patch           | 40 +++++++++++++++++++
 .../libarchive/libarchive_3.7.4.bb            |  5 ++-
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
new file mode 100644
index 0000000000..98877cf72c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
@@ -0,0 +1,36 @@
+From 3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b Mon Sep 17 00:00:00 2001
+From: Wei-Cheng Pan <legnaleurc@gmail.com>
+Date: Mon, 29 Apr 2024 06:53:19 +0900
+Subject: [PATCH] fix: OOB in rar audio filter (#2149)
+
+This patch ensures that `src` won't move ahead of `dst`, so `src` will
+not OOB. Similar situation like in a1cb648.
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b]
+CVE: CVE-2024-48957
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libarchive/archive_read_support_format_rar.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 79669a8..95a91dc 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3714,6 +3714,13 @@ execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
+     memset(&state, 0, sizeof(state));
+     for (j = i; j < length; j += numchannels)
+     {
++      /*
++       * The src block should not overlap with the dst block.
++       * If so it would be better to consider this archive is broken.
++       */
++      if (src >= dst)
++        return 0;
++
+       int8_t delta = (int8_t)*src++;
+       uint8_t predbyte, byte;
+       int prederror;
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
new file mode 100644
index 0000000000..de266e9d95
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
@@ -0,0 +1,40 @@
+From a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 Mon Sep 17 00:00:00 2001
+From: Wei-Cheng Pan <legnaleurc@gmail.com>
+Date: Mon, 29 Apr 2024 06:50:22 +0900
+Subject: [PATCH] fix: OOB in rar delta filter (#2148)
+
+Ensure that `src` won't move ahead of `dst`, so `src` will not OOB.
+Since `dst` won't move in this function, and we are only increasing `src`
+position, this check should be enough. It should be safe to early return
+because this function does not allocate resources.
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7]
+CVE: CVE-2024-48958
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libarchive/archive_read_support_format_rar.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 95a91dc..4fc6626 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3612,7 +3612,15 @@ execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
+   {
+     uint8_t lastbyte = 0;
+     for (idx = i; idx < length; idx += numchannels)
++    {
++      /*
++       * The src block should not overlap with the dst block.
++       * If so it would be better to consider this archive is broken.
++       */
++      if (src >= dst)
++        return 0;
+       lastbyte = dst[idx] = lastbyte - *src++;
++    }
+   }
+ 
+   filter->filteredblockaddress = length;
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
index da85764116..6e406611f9 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.4.bb
@@ -30,7 +30,10 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
 EXTRA_OECONF += "--enable-largefile --without-iconv"
 
 SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
-SRC_URI += "file://configurehack.patch"
+SRC_URI += "file://configurehack.patch \
+            file://CVE-2024-48957.patch \
+            file://CVE-2024-48958.patch \
+	"
 UPSTREAM_CHECK_URI = "http://libarchive.org/"
 
 SRC_URI[sha256sum] = "7875d49596286055b52439ed42f044bd8ad426aa4cc5aabd96bfe7abb971d5e8"

From patchwork Thu Dec 12 14:07:50 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53992
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5F72DE77183
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web10.20315.1734012492360032395
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:12 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UMmq+1Hw;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-2163bd70069so6627635ad.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012492;
 x=1734617292; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=kHD3W5JA1Y6SYFY2i+QC4KvqHxfnm5edSjkDPasITeE=;
        b=UMmq+1HwXDbsnnIfLj1QL079ehWdwIwGIF0YBXkcfCvaIAv7I5p3okmGCDQWQwl9FO
         8ewFqWSlb1m1ZmxUWv6nXJriOlgAmTtBdurnM9LlZWzAXI8iNvWj1mFX81RNTQBWeART
         lbqq4DDd9fnlu0HEO1W6yKaibMsjtWwikvKtlyQmcjo0J+XZ7XjHiU85U4oYHrNOM7nk
         M4xw3X9eaRVOM+ZfinPdtSlusZj4IG3YWpbyWs2R05Q/JRh94RkccveixIhsc1irEjdf
         3MQirrfUsS3BCm2d7k4UqITkAUIRKbhojbX+toKoFOBLAE1Qw8kFwTwDYvLR0/gxNHaG
         4MHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012492; x=1734617292;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=kHD3W5JA1Y6SYFY2i+QC4KvqHxfnm5edSjkDPasITeE=;
        b=RyPvRrm/m8LmnGUPekzoD6SFCzkTYM5npdfNqwy2IXBD5i1X22pwpDEPXSx0PdUo87
         rFSDV/SkbogerZX6E/2HbdQwGJ9KlHSo4gcPj3NfWHgncHVy4fmX7GcYWZ8NhWo+Ku+1
         QDLsyzfM+vWBlCHtYHvwPdJQnHucuW4G8LJX0f3fPy4AvFTNEAxPRavxW2dEV6awlHzX
         OT4gA5q4OO2Y+jk1Ez2K48Nc43o+Hs5RjnSqvfPuZrY+wjUhjntjHY9hbMHiYBY+8BK1
         TaIu9/feDZCjq0LZAjniS0Pdam8b0lw0B2sZnSQEpGCJmQRYK0vFGcOzrN5RrBnb/VKq
         nsuA==
X-Gm-Message-State: AOJu0YwRvcDzkfkTKZFc0KwwdWVMGb4VqmJUTj6BvRamzOBeXGXLiH8z
	sPOScE2W009KkKGGD4OpBAX5LzBg6D49IIijDldY+EiGIQbVVl422B8F3aMITkR11mH9NdR2gxJ
	1
X-Gm-Gg: ASbGncupQEbbmtcWwBlJYOpEGZFy1DpzdAUY0MWg4ITIIs8JVHUziQ5n38C6+CR0+H2
	CdtGn6RjIufaUHkdq9Nv4JBeIisdgxMre7whXGpFMEi2VJpQRKM8F8VCll58Jk3LsYqSo9Jp0TM
	9/lrhKC4V+lAe3AkoFbW8aZOp5U0Q9M/lPkXNYDKF/iOCwcuu2voDitRSqBV4EtDwjFSNWenHw5
	hEaMHsqISbQWjki9BMLoO8IS02oX60/r1/ePAyiYgtgVw==
X-Google-Smtp-Source: 
 AGHT+IFxrRqp1GHyd0oT9Om8NPNpTd6MKOAduiUFuuNOpZQllN3Ct473XJd42XA5/a4LNXAiroDZGQ==
X-Received: by 2002:a17:902:e746:b0:215:b01a:627f with SMTP id
 d9443c01a7336-2177851f6f6mr103917695ad.4.1734012491292;
        Thu, 12 Dec 2024 06:08:11 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:10 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 04/12] libsndfile1: backport the fix for
 CVE-2024-50612
Date: Thu, 12 Dec 2024 06:07:50 -0800
Message-Id: 
 <4d76d2f2affb95f25f1882f33305b1489a392f65.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208638

From: Ross Burton <ross.burton@arm.com>

Backport the fix from upstream.

(From OE-Core rev: 2fc6b711a6a7252ddf13587927c06333f5a38d71)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsndfile1/CVE-2024-50612.patch          | 409 ++++++++++++++++++
 .../libsndfile/libsndfile1_1.2.2.bb           |   1 +
 2 files changed, 410 insertions(+)
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
new file mode 100644
index 0000000000..368dd5446b
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
@@ -0,0 +1,409 @@
+From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001
+From: Arthur Taylor <art@ified.ca>
+Date: Fri, 15 Nov 2024 19:46:53 -0800
+Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035
+
+CVE: CVE-2024-50612
+Upstream-Status: Backport [4755f5bd7854611d92ad0f1295587b439f9950ba]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/ogg.c        |  12 ++--
+ src/ogg_opus.c   |  17 +++--
+ src/ogg_vorbis.c | 170 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 114 insertions(+), 85 deletions(-)
+
+diff --git a/src/ogg.c b/src/ogg.c
+index 529941af8..e2d679d41 100644
+--- a/src/ogg.c
++++ b/src/ogg.c
+@@ -211,12 +211,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata)
+ 
+ int
+ ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+-{	int bytes ;
++{	int n ;
+ 
+-	bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+-	bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
++	n = psf_fwrite (page->header, 1, page->header_len, psf) ;
++	if (n == page->header_len)
++		n += psf_fwrite (page->body, 1, page->body_len, psf) ;
+ 
+-	return bytes == page->header_len + page->body_len ;
++	if (n != page->body_len + page->header_len)
++		return -1 ;
++
++	return n ;
+ } /* ogg_write_page */
+ 
+ sf_count_t
+diff --git a/src/ogg_opus.c b/src/ogg_opus.c
+index 511653ecc..e01224b99 100644
+--- a/src/ogg_opus.c
++++ b/src/ogg_opus.c
+@@ -827,15 +827,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 
+ 	/* The first page MUST only contain the header, so flush it out now */
+ 	ogg_stream_packetin (&odata->ostream, &op) ;
+-	for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+-	{	if (! (nn = ogg_write_page (psf, &odata->opage)))
++	while (ogg_stream_flush (&odata->ostream, &odata->opage))
++	{	nn = ogg_write_page (psf, &odata->opage) ;
++		if (nn < 0)
+ 		{	psf_log_printf (psf, "Opus : Failed to write header!\n") ;
+ 			if (psf->error)
+ 				return psf->error ;
+ 			return SFE_INTERNAL ;
+ 			} ;
+ 		psf->dataoffset += nn ;
+-		}
++		} ;
+ 
+ 	/*
+ 	** Metadata Tags (manditory)
+@@ -850,15 +851,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 	vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ;
+ 	op.packetno = 2 ;
+ 	ogg_stream_packetin (&odata->ostream, &op) ;
+-	for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
+-	{	if (! (nn = ogg_write_page (psf, &odata->opage)))
++	while (ogg_stream_flush (&odata->ostream, &odata->opage))
++	{	nn = ogg_write_page (psf, &odata->opage) ;
++		if (nn < 0)
+ 		{	psf_log_printf (psf, "Opus : Failed to write comments!\n") ;
+ 			if (psf->error)
+ 				return psf->error ;
+ 			return SFE_INTERNAL ;
+ 			} ;
+ 		psf->dataoffset += nn ;
+-		}
++		} ;
+ 
+ 	return 0 ;
+ } /* ogg_opus_write_header */
+@@ -1132,7 +1134,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus)
+ 		if (nbytes > 0)
+ 		{	oopus->u.encode.last_segments -= ogg_page_segments (&odata->opage) ;
+ 			oopus->pg_pos = oopus->pkt_pos ;
+-			ogg_write_page (psf, &odata->opage) ;
++			if (ogg_write_page (psf, &odata->opage) < 0)
++				return -1 ;
+ 			}
+ 		else
+ 			break ;
+diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c
+index add123966..fae252ca0 100644
+--- a/src/ogg_vorbis.c
++++ b/src/ogg_vorbis.c
+@@ -82,28 +82,6 @@
+ /* How many seconds in the future to not bother bisection searching for. */
+ #define VORBIS_SEEK_THRESHOLD 2
+ 
+-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+-
+-static int	vorbis_read_header (SF_PRIVATE *psf) ;
+-static int	vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+-static int	vorbis_close (SF_PRIVATE *psf) ;
+-static int	vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+-static int	vorbis_byterate (SF_PRIVATE *psf) ;
+-static int	vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
+-static int	vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static int	vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
+-static sf_count_t	vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+-static sf_count_t	vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+-static sf_count_t	vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+-static int	vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
+-
+ typedef struct
+ {	int id ;
+ 	const char *name ;
+@@ -145,6 +123,45 @@ typedef struct
+ 	sf_count_t last_page ;
+ } VORBIS_PRIVATE ;
+ 
++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
++
++static int	vorbis_read_header (SF_PRIVATE *psf) ;
++static int	vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
++static int	vorbis_close (SF_PRIVATE *psf) ;
++static int	vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
++static int	vorbis_byterate (SF_PRIVATE *psf) ;
++static int	vorbis_calculate_granulepos (SF_PRIVATE *psf, uint64_t *gp_out) ;
++static int	vorbis_skip (SF_PRIVATE *psf, uint64_t target_gp) ;
++static int	vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp) ;
++static sf_count_t	vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
++static sf_count_t	vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
++static sf_count_t	vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
++static int	vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
++static int	vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
++static void	vorbis_log_error (SF_PRIVATE *psf, int error) ;
++
++
++static void
++vorbis_log_error(SF_PRIVATE *psf, int error) {
++	switch (error)
++	{	case 0: return;
++		case OV_EIMPL:		psf->error = SFE_UNIMPLEMENTED ; break ;
++		case OV_ENOTVORBIS:	psf->error = SFE_MALFORMED_FILE ; break ;
++		case OV_EBADHEADER:	psf->error = SFE_MALFORMED_FILE ; break ;
++		case OV_EVERSION:	psf->error = SFE_UNSUPPORTED_ENCODING ; break ;
++		case OV_EFAULT:
++		case OV_EINVAL:
++		default: psf->error = SFE_INTERNAL ;
++		} ;
++} ;
++
+ static int
+ vorbis_read_header (SF_PRIVATE *psf)
+ {	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+@@ -380,7 +397,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 	{	ogg_packet header ;
+ 		ogg_packet header_comm ;
+ 		ogg_packet header_code ;
+-		int result ;
+ 
+ 		vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
+ 		ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
+@@ -390,9 +406,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
+ 		/* This ensures the actual
+ 		 * audio data will start on a new page, as per spec
+ 		 */
+-		while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
+-		{	ogg_write_page (psf, &odata->opage) ;
+-			} ;
++		while (ogg_stream_flush (&odata->ostream, &odata->opage))
++			if (ogg_write_page (psf, &odata->opage) < 0)
++				return -1 ;
+ 	}
+ 
+ 	return 0 ;
+@@ -402,6 +418,7 @@ static int
+ vorbis_close (SF_PRIVATE *psf)
+ {	OGG_PRIVATE* odata = psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = psf->codec_data ;
++	int ret = 0 ;
+ 
+ 	if (odata == NULL || vdata == NULL)
+ 		return 0 ;
+@@ -412,34 +429,14 @@ vorbis_close (SF_PRIVATE *psf)
+ 	if (psf->file.mode == SFM_WRITE)
+ 	{
+ 		if (psf->write_current <= 0)
+-			vorbis_write_header (psf, 0) ;
+-
+-		vorbis_analysis_wrote (&vdata->vdsp, 0) ;
+-		while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
+-		{
++			ret = vorbis_write_header (psf, 0) ;
+ 
+-		/* analysis, assume we want to use bitrate management */
+-			vorbis_analysis (&vdata->vblock, NULL) ;
+-			vorbis_bitrate_addblock (&vdata->vblock) ;
+-
+-			while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
+-			{	/* weld the packet into the bitstream */
+-				ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
+-
+-				/* write out pages (if any) */
+-				while (!odata->eos)
+-				{	int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+-					if (result == 0) break ;
+-					ogg_write_page (psf, &odata->opage) ;
+-
+-		/* this could be set above, but for illustrative purposes, I do
+-		   it here (to show that vorbis does know where the stream ends) */
+-
+-					if (ogg_page_eos (&odata->opage)) odata->eos = 1 ;
+-				}
+-			}
+-		}
+-	}
++		if (ret == 0)
++		{	/* A write of zero samples tells Vorbis the stream is done and to
++			   flush. */
++			ret = vorbis_write_samples (psf, odata, vdata, 0) ;
++			} ;
++		} ;
+ 
+ 	/* ogg_page and ogg_packet structs always point to storage in
+ 	   libvorbis.  They are never freed or manipulated directly */
+@@ -449,7 +446,7 @@ vorbis_close (SF_PRIVATE *psf)
+ 	vorbis_comment_clear (&vdata->vcomment) ;
+ 	vorbis_info_clear (&vdata->vinfo) ;
+ 
+-	return 0 ;
++	return ret ;
+ } /* vorbis_close */
+ 
+ int
+@@ -688,33 +685,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens)
+ /*==============================================================================
+ */
+ 
+-static void
++static int
+ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames)
+-{
+-	vorbis_analysis_wrote (&vdata->vdsp, in_frames) ;
++{	int ret ;
++
++	if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0)
++		return ret ;
+ 
+ 	/*
+ 	**	Vorbis does some data preanalysis, then divvies up blocks for
+ 	**	more involved (potentially parallel) processing. Get a single
+ 	**	block for encoding now.
+ 	*/
+-	while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
++	while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1)
+ 	{
+ 		/* analysis, assume we want to use bitrate management */
+-		vorbis_analysis (&vdata->vblock, NULL) ;
+-		vorbis_bitrate_addblock (&vdata->vblock) ;
++		if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0)
++			return ret ;
++		if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0)
++			return ret ;
+ 
+-		while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
++		while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1)
+ 		{
+ 			/* weld the packet into the bitstream */
+-			ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
++			if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0)
++				return ret ;
+ 
+ 			/* write out pages (if any) */
+ 			while (!odata->eos)
+-			{	int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+-				if (result == 0)
++			{	ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
++				if (ret == 0)
+ 					break ;
+-				ogg_write_page (psf, &odata->opage) ;
++
++				if (ogg_write_page (psf, &odata->opage) < 0)
++					return -1 ;
+ 
+ 				/*	This could be set above, but for illustrative purposes, I do
+ 				**	it here (to show that vorbis does know where the stream ends) */
+@@ -722,16 +726,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata
+ 					odata->eos = 1 ;
+ 				} ;
+ 			} ;
++		if (ret != 0)
++			return ret ;
+ 		} ;
++	if (ret != 0)
++		return ret ;
+ 
+ 	vdata->gp += in_frames ;
++
++	return 0 ;
+ } /* vorbis_write_data */
+ 
+ 
+ static sf_count_t
+ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ {
+-	int i, m, j = 0 ;
++	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -740,14 +750,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_s */
+ 
+ static sf_count_t
+ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+-{	int i, m, j = 0 ;
++{	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -756,14 +769,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_i */
+ 
+ static sf_count_t
+ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+-{	int i, m, j = 0 ;
++{	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -772,14 +788,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = ptr [j++] ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_f */
+ 
+ static sf_count_t
+ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+-{	int i, m, j = 0 ;
++{	int i, m, j = 0, ret ;
+ 	OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
+ 	VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
+ 	int in_frames = lens / psf->sf.channels ;
+@@ -788,7 +807,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
+ 		for (m = 0 ; m < psf->sf.channels ; m++)
+ 			buffer [m][i] = (float) ptr [j++] ;
+ 
+-	vorbis_write_samples (psf, odata, vdata, in_frames) ;
++	if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
++	{	vorbis_log_error (psf, ret) ;
++		return 0 ;
++		} ;
+ 
+ 	return lens ;
+ } /* vorbis_write_d */
+@@ -884,7 +906,7 @@ vorbis_seek_trysearch (SF_PRIVATE *psf, uint64_t target_gp)
+ 		return 0 ;
+ 
+ 	/*	Search for a position a half large-block before our target. As Vorbis is
+-	**	lapped, every sample position come from two blocks, the "left" half of
++	**	lapped, every sample position comes from two blocks, the "left" half of
+ 	**	one block and the "right" half of the previous block.  The granule
+ 	**	position of an Ogg page of a Vorbis stream is the sample offset of the
+ 	**	last finished sample in the stream that can be decoded from a page.  A
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
index a9ee7c3575..2a1b96d5e7 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb
@@ -10,6 +10,7 @@ LICENSE = "LGPL-2.1-only"
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \
            file://noopus.patch \
            file://cve-2022-33065.patch \
+           file://CVE-2024-50612.patch \
           "
 GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/"
 

From patchwork Thu Dec 12 14:07:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53986
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 52397E7717F
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web11.20315.1734012493427049553
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:13 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=AKtZxWZ3;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-2166f1e589cso6824335ad.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012493;
 x=1734617293; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=daUEo/BCDDyuQEokHe9a0vehL004fuj+4bkCskERF20=;
        b=AKtZxWZ3klDUue3oDKdjFIBjp3XAIqmd5hjcdm3QFKRDssmb3HpwzDrWCOY22Pm9ZO
         IYrSyAS+JHf7dL+3y/ez0p8WLb1ygNvbVaOiAm/MpVjPPUwM8VXSZcxD//36l6shgwgv
         sjM40O1HmTShFIFbcF5xaxIRSygyXa6wFFYGIK9Tq3keMDGfUrhtOVplX2154Od9+VGR
         B+7J7gHfF/+knhzt1pbPGXTVslnh41EwD+9Lx1PdRzLpDwjqASrQtq5NSuBB4sr77t73
         b9XPi63mZAqrknoxFN32GyHr0UvJkeE2EDie7T1732kqjeGYqljLrvM+5e3fHsmvPYIV
         ZF2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012493; x=1734617293;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=daUEo/BCDDyuQEokHe9a0vehL004fuj+4bkCskERF20=;
        b=E2bTqxaXnClZpbkdpdiKN3DkjhoS4HvOifTm+feHsL9VsuzNPWLoyj1nHOJCqwOupz
         PiTycYWs0v90T6Q7zQYbE+tJZOKuFiQZhcuMOtbyQw+WRooB2Dp0LRuP0vGzDKkd+7oO
         os5/1x2OD9wKHi1RSZ04LSaOzKjjzk3/whY+LYwWs1NHlz2BmAqxiCZTNTCGkvQ+u5xD
         s+GMK/9sPbvs2BH1lF31MilijvmZUkSI7flpnZg4KYvUoXTtij1GH0bbVQp4pDwkfX0A
         jIu/UlY9BKxTY6BP/qL/Of3mAYWotTSEr+mDiDsnJPsK7H3cEdraym8Z9FqpJRfVUqlQ
         HfTA==
X-Gm-Message-State: AOJu0Yy+0WlfRDPbue8ZU71c6D/ldzx1rnIPM/IFFd7PKSjiIVrmpK9E
	e2OoPLwqa1fD78F7foiI3HLiruQv+NiO4trbdYkLWp3lPHwgNr5XP/XtXwKSHj/G7BIS3vjLebB
	l
X-Gm-Gg: ASbGncvn957p77aVQXT+lDsKjSMShLyq5srr0sOdvOTqXxxp6qN+zMVdBivj6AZwvVZ
	GOXjuj5j+1cjyyZTc1H0VALOafc/lPI22P0JZa2avdREI92ABA1coOJFIIQjJWg6wIT6EsAD0Gy
	CclcKbuC+XxJGsxC3YwLopCJOWanykOLHJt5ciVeycR2/1JCUryP7jgR3H93C6O8qh0dxdvzTVV
	j60ASg4x/AOQV517Nq7qQQHniqsPRqPDUD5yezpLAYvFA==
X-Google-Smtp-Source: 
 AGHT+IEBWD/mHm7wYSCX0lUdNkKAeBYQFIuWVeyBAgEOXW8wUjjOQ3dt1tN4K61Eq5F0RFrvyFUFEg==
X-Received: by 2002:a17:902:cf11:b0:216:4cc0:aa4e with SMTP id
 d9443c01a7336-21778998ca6mr111491955ad.47.1734012492590;
        Thu, 12 Dec 2024 06:08:12 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:12 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 05/12] rust: ignore CVE-2024-43402
Date: Thu, 12 Dec 2024 06:07:51 -0800
Message-Id: 
 <10abc451f37be9d7d6b9482dbd5666a2bf8e9736.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208639

From: Peter Marko <peter.marko@siemens.com>

This CVE was created because fix for CVE-2024-24576 was incomplete.
Ignore the new CVE in the same way as the old one.

See https://nvd.nist.gov/vuln/detail/CVE-2024-43402

(From OE-Core rev: 6ed9968bf3e35aca316227ee23294c683f77055d)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/rust/rust-source.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index becaf2b8ac..929a4a9b0c 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -18,3 +18,4 @@ UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-metho
 UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"
 
 CVE_STATUS[CVE-2024-24576] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2024-43402] = "not-applicable-platform: Issue only applies on Windows"

From patchwork Thu Dec 12 14:07:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53987
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5EC9CE77182
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web10.20316.1734012494992999921
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:15 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=1LDLJG8o;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-2161eb95317so5890325ad.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012494;
 x=1734617294; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=IJVFHEd4xzi/CI7AMOICg0Ix+TO5iZO5fyR74rOx/N0=;
        b=1LDLJG8oyiDO2Tam10herpNNm7RcnKhruP35StB7hdL9DPFDaa2uJHgmxjmF5J2CqR
         ITS1XCKKYUDdnuk7CDmCHY/gEuKYzFILJ942d4mYAcDejD5PxPeprmtGE1q3RehmqQKZ
         lGo9Zo5mHSPshkc7HNiEIqMhnmC2/EOEmVkk3Kvzqf4tWJNjnjCwEQHwX78p/MGkIiqi
         SCa+viIoM5BIRCeQ+yx6W1v0MtJSSz7MgOjG6z+1VbtAWThkrxyzcLsmdHN9jfr4h7g5
         LCi/xX0gl5uUp8RzNLWZkruX2KCU2IShG9vAfH6+G6mdgy2DYfDuPY6I8WCvYV41BUZO
         FHsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012494; x=1734617294;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=IJVFHEd4xzi/CI7AMOICg0Ix+TO5iZO5fyR74rOx/N0=;
        b=S77dkuuGu6baHVd5K/X8GYp2dpdWrZWhyE2Jh4j5EBsWbxeYw/dnxoSsLfpxJBLSD/
         KJReINl/sDMLS0WAsZhFjXm0lKBsyhOSA5/kqI3qjEqksMrUvvcOfqMyYmFxDJPsHveB
         GXLNdB4Ul3Cdix1NDwt9Ms3XkR1m7MO5mCvig6iTK/lYBf8Y4g6GrlysBToi3sw0nw9J
         ixvPJxH05s1++3qr5fXP5786Qxd7Y93cDFyHuifwrSyNVH88tQfHXZrA+tqrayrKnI2d
         jk1Et/+RMctDkcMwq9rmOAGPVUgCAmCW/axX2tsLiuVpXf/hhu8yTiLAx1z0lDLQOGea
         BpXw==
X-Gm-Message-State: AOJu0YyS+0XqH8+o8UNFFJ0SKnmAonz+obealC6CXDTkTuT+Z9qDJg2P
	x+kNUG83G3S+nzfWsOOofd9jVILPhK9hIODIjbqXiz2s2yHDOSslNuZvDdX4exxsIg8iLaSea9E
	M
X-Gm-Gg: ASbGncuBnRlDhwTt1AQA5oEUZ+rwY6wlqr9RYo7AJBIJDN6qC4SWugKJbEeO9h2VhgM
	rQHwoNCT58aDMF4grOvYNUVHsTKEnuG917tF6d7O3cdUj2f0PGe5KxFryyvdjFFEd3Quwt77w6I
	Zz0T9ol8rUADr91/xOtDpcw5m2JFjot168A//D08y6lvDdu64tZ9fQpkN4QvgyCadjL5NHAqowL
	qmGWrPwpOmQCBO4qRrswyrVfghXVnZ5wMd6n0otPtCXUw==
X-Google-Smtp-Source: 
 AGHT+IH6NgnuaFOni1bWiiXmznhCMvVnIltCo/2IoLvdkZVgl2e6jezcUAwxYmK2I2VtYOSbSHrXcA==
X-Received: by 2002:a17:903:1c2:b0:216:1ad2:1d5 with SMTP id
 d9443c01a7336-21778549cf8mr102363845ad.41.1734012494095;
        Thu, 12 Dec 2024 06:08:14 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:13 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 06/12] curl: patch CVE-2024-9681
Date: Thu, 12 Dec 2024 06:07:52 -0800
Message-Id: 
 <c8282f5f79a38be0672c68c9e8f11bc072b77b56.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208640

From: Peter Marko <peter.marko@siemens.com>

Picked commit [1] per solution described in [2].

[1] https://github.com/curl/curl/commit/a94973805df96269bf
[2] https://curl.se/docs/CVE-2024-9681.html

(From OE-Core rev: 19663c559b72a0d14ddd0792be325284a6e16edc)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2024-9681.patch             | 85 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.9.1.bb       |  1 +
 2 files changed, 86 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-9681.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2024-9681.patch b/meta/recipes-support/curl/curl/CVE-2024-9681.patch
new file mode 100644
index 0000000000..56a631d834
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2024-9681.patch
@@ -0,0 +1,85 @@
+From a94973805df96269bf3f3bf0a20ccb9887313316 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 9 Oct 2024 10:04:35 +0200
+Subject: [PATCH] hsts: improve subdomain handling
+
+- on load, only replace existing HSTS entries if there is a full host
+  match
+
+- on matching, prefer a full host match and secondary the longest tail
+  subdomain match
+
+Closes #15210
+
+CVE: CVE-2024-9681
+Upstream-Status: Backport [https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/hsts.c          | 14 ++++++++++----
+ tests/data/test1660 |  2 +-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/lib/hsts.c b/lib/hsts.c
+index d5e883f51ef0f7..12052ce53c1c5a 100644
+--- a/lib/hsts.c
++++ b/lib/hsts.c
+@@ -249,12 +249,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
+ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+                            bool subdomain)
+ {
++  struct stsentry *bestsub = NULL;
+   if(h) {
+     char buffer[MAX_HSTS_HOSTLEN + 1];
+     time_t now = time(NULL);
+     size_t hlen = strlen(hostname);
+     struct Curl_llist_element *e;
+     struct Curl_llist_element *n;
++    size_t blen = 0;
+ 
+     if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
+       return NULL;
+@@ -279,15 +281,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+         if(ntail < hlen) {
+           size_t offs = hlen - ntail;
+           if((hostname[offs-1] == '.') &&
+-             strncasecompare(&hostname[offs], sts->host, ntail))
+-            return sts;
++             strncasecompare(&hostname[offs], sts->host, ntail) &&
++             (ntail > blen)) {
++            /* save the tail match with the longest tail */
++            bestsub = sts;
++            blen = ntail;
++          }
+         }
+       }
+       if(strcasecompare(hostname, sts->host))
+         return sts;
+     }
+   }
+-  return NULL; /* no match */
++  return bestsub;
+ }
+ 
+ /*
+@@ -439,7 +445,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
+     e = Curl_hsts(h, p, subdomain);
+     if(!e)
+       result = hsts_create(h, p, subdomain, expires);
+-    else {
++    else if(strcasecompare(p, e->host)) {
+       /* the same hostname, use the largest expire time */
+       if(expires > e->expires)
+         e->expires = expires;
+diff --git a/tests/data/test1660 b/tests/data/test1660
+index f86126d19cf269..4b6f9615c9d517 100644
+--- a/tests/data/test1660
++++ b/tests/data/test1660
+@@ -52,7 +52,7 @@ this.example [this.example]: 1548400797
+ Input 12: error 43
+ Input 13: error 43
+ Input 14: error 43
+-3.example.com [example.com]: 1569905261 includeSubDomains
++3.example.com [3.example.com]: 1569905261 includeSubDomains
+ 3.example.com [example.com]: 1569905261 includeSubDomains
+ foo.example.com [example.com]: 1569905261 includeSubDomains
+ 'foo.xample.com' is not HSTS
diff --git a/meta/recipes-support/curl/curl_8.9.1.bb b/meta/recipes-support/curl/curl_8.9.1.bb
index 745224929b..174608b561 100644
--- a/meta/recipes-support/curl/curl_8.9.1.bb
+++ b/meta/recipes-support/curl/curl_8.9.1.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     file://disable-tests \
     file://no-test-timeout.patch \
     file://0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch \
+    file://CVE-2024-9681.patch \
 "
 SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5"
 

From patchwork Thu Dec 12 14:07:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53990
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6E07FE77184
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
 by mx.groups.io with SMTP id smtpd.web11.20321.1734012496295309045
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xcz4zERq;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f170.google.com with SMTP id
 d9443c01a7336-21670dce0a7so7184225ad.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012495;
 x=1734617295; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=b+dWA0VGtJ+bTUd4/EYARwlLXfkyK/9axz8bOVs1QhE=;
        b=xcz4zERqM2TzKT/5d5/Pn3fVnIOtHYaA4b8ycNaEEH+YF1KDY7dL4LsoMGy1g6F53L
         MpWB62ZtTjT/XVjDtvbBAx2mwnl9ObDjSakPlIRb3ubmGhrk1XxUZrkYB7y8WRXcwd5C
         xAEsNX6o1rOSf1k5jeJ6JPJVk6P5uVeb6EB2IbXSw6yx7r7hpC6E5Gyw15BpU8UhV5Xw
         TMHN0xmhezUktXVhEIASyFFoM5U76YcErhA4WbjNSr0zVymoLmo0wqa8ZHV5cLla2dG3
         kdYhuShv/LFzIgZLqqEo4LcHkuQfXnp2HKG+tNnuQ7Kg/vW8UFERv8uGlbyiG1m+bsIQ
         xzCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012495; x=1734617295;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=b+dWA0VGtJ+bTUd4/EYARwlLXfkyK/9axz8bOVs1QhE=;
        b=QIPWL4kR570i4R37z6yu/sspKYijgZIeMit39tu4RhFK7v8luLZvAlJEJ8HzpfM0xP
         pFpOkVgPYzkr0dD7C5vReYY30BRPJ9sLxwEdh79DgtuDZwQPc7KwaCgYDU5gyIr2XYr7
         uNZMeRNfAb1Y9AfESXh18Bh+QDN2WcrmrbZKTywTaxb+1wkTzrxjjLOn1xxcpa7OoYJ5
         L3VzRF6MzwFY+uOcY5CBH5a1UWwWIHuKAcI4EFJaM4HDAuWO1TcfGtxY60dM6XPb3V/e
         /WYuRUKY46HlxAVFCu2wGMrUqoLZp+DtQ20Cti5NYA7qrNl81WwUizh934dKArJ//oWU
         fk/w==
X-Gm-Message-State: AOJu0YyHmNsiv6gfhWEO3duSgp4T0zUinokU7TgfhhN1zhJE1+w2xDeq
	Eksq56FhJ+fKw+yopYG4VO9ysNnGZieg1Pq5AkDHjNVsBQv6AXysq7X/7RnvUco1MlDMrx600ya
	f
X-Gm-Gg: ASbGnctfiRe9UX+E2Ltn+965CvTIHQDMb9JgiPKekxAXtusmE72RPQltMIUHJq15wq8
	bHAjHMC7F4f/sbxSenKEIA9/6gD43Xah6BCtqnwF87hLgF671Ue0hqTsxGmBzXQRVPbXPj6LKAH
	DGpbPzsaN07eo7K5q9NmpE6SpJJajwQHpUVWN2finQFrqOQ+ODrb2o4LbF+NvZz4pJw6CwgJp7x
	PYpVUZKuN6nYI2dfiikUlDJURdeQDDas2WNfV/A1FJJGA==
X-Google-Smtp-Source: 
 AGHT+IHz8UE3zW/2gP3VLMIhlrmHvOTDcJ1el775Yk1sl/gSzOLOThjApgYQaBNJ0jXGotniNJcKkw==
X-Received: by 2002:a17:902:d4c8:b0:215:a412:4f12 with SMTP id
 d9443c01a7336-2177854ad0dmr110699385ad.33.1734012495529;
        Thu, 12 Dec 2024 06:08:15 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.15
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:15 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 07/12] ghostscript: upgrade 10.03.1 -> 10.04.0
Date: Thu, 12 Dec 2024 06:07:53 -0800
Message-Id: 
 <067e769ada6c8cd5783c6d32f24cea9f0e4ed666.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208641

From: Hitendra Prajapati <hprajapati@mvista.com>

avoid-host-contamination.patch
refreshed for 10.04.0

Changelog:
===========
- addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- add protection for device selection from PostScript input.
- efforts in code hygiene and maintainability continue.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
- add the capability to build with the Tesseract OCR engine.

(From OE-Core rev: a0c802e9b1d8400589aede20e52f40d10a344314)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/ghostscript/avoid-host-contamination.patch  | 6 +++---
 .../{ghostscript_10.03.1.bb => ghostscript_10.04.0.bb}      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-extended/ghostscript/{ghostscript_10.03.1.bb => ghostscript_10.04.0.bb} (97%)

diff --git a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
index 67f14bd368..0546fdf8f0 100644
--- a/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/avoid-host-contamination.patch
@@ -1,4 +1,4 @@
-From b36713c8f1ba0e5755b78845a433354a63663b1a Mon Sep 17 00:00:00 2001
+From 095bb1db8b2e68cac40e985f347a7039573e1e80 Mon Sep 17 00:00:00 2001
 From: Kai Kang <kai.kang@windriver.com>
 Date: Thu, 29 Mar 2018 16:02:05 +0800
 Subject: [PATCH] avoid host contamination
@@ -15,10 +15,10 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/devices/devs.mak b/devices/devs.mak
-index 186f704..88ab8c9 100644
+index a5dbc7a..27b55f2 100644
 --- a/devices/devs.mak
 +++ b/devices/devs.mak
-@@ -397,7 +397,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
+@@ -403,7 +403,7 @@ $(DEVOBJ)gdevxalt.$(OBJ) : $(DEVSRC)gdevxalt.c $(GDEVX) $(math__h) $(memory__h)\
  ### NON PORTABLE, ONLY UNIX WITH GCC SUPPORT
  
  $(DEVOBJ)X11.so : $(x11alt_) $(x11_) $(DEVS_MAK) $(MAKEDIRS)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb
similarity index 97%
rename from meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb
rename to meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb
index 0504f5244f..546d734333 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.03.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb
@@ -27,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://avoid-host-contamination.patch \
            "
 
-SRC_URI[sha256sum] = "31cd01682ad23a801cc3bbc222a55f07c4ea3e068bdfb447792d54db21a2e8ad"
+SRC_URI[sha256sum] = "c764dfbb7b13fc71a7a05c634e014f9bb1fb83b899fe39efc0b6c3522a9998b1"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3"

From patchwork Thu Dec 12 14:07:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53989
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6E0DFE77185
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web10.20318.1734012497568889419
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:17 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bMV36A+I;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-2164b1f05caso5883205ad.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012497;
 x=1734617297; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=bMNG5EWO5ieMYCnp41tx/NWntbhUk1bE1N5UaXPWLaY=;
        b=bMV36A+IZ8ijyPR+mUm+9wzBA+OifqYsSCOAOP0TRTXTtszhctl8NLJq1EjyizpyQm
         jHIRAQrlSkwifgE3YslcgbymLBjGqFw/I4yEi1iUNQ762kqREuif4MRNMVp02HAotXwQ
         JATAhqoIEa0znK4jErqpzhtTxN4EI9nVknjwGWZ1yBAMAspj+jY09dDyzV5Wj9lJe67s
         /i2Svq+IlllhZL0DxdwP59J9oZNJVRNZentT1Mvh116LuLiEauCXWuGppADaARJbvX9p
         vTCY1cjehY4nYRkxlXFXNT6hcvWF4MYcK1uZQLrlqd8n3UfdlpZGVQPdP7xloAndifCs
         k/hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012497; x=1734617297;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=bMNG5EWO5ieMYCnp41tx/NWntbhUk1bE1N5UaXPWLaY=;
        b=Z1I6nLPeAZbSt6Qi2kPVlvNb2JPb/jW9Bfb+wx++fulzxkykf4+ncASjuF/hj8/fZF
         lTVC2wB3t6ofQGrQRhQr0ULDXUdjwZgKiIH5D7mD0bfkNFP0PlSaeRnz+uNcDzFPcmG7
         a0l47RFxvFA/tLA+8/njVzoBHSyEm9yduUk9OsGA9XZ/FEkyup+3kHDUL6RHHtvLwc4S
         w3rTBQwryoTJId3f2xwAe67oKl3GDy6x6ANQyZ5kRE2aR8u+pMywV5vCq8XXQ/3a5uBu
         DAFv2nM/gdjrm9vBue/bnvjKTurXH6ZMqXWYrbYR6AdDxzqZ8wOTXxPuWO6n0acw9+A8
         dK+g==
X-Gm-Message-State: AOJu0YwyvsybmOk9P1aJyOLfrw8jKY+n3M1o/QGK1wS5lBTN5P1jnuYe
	uTfr9VxDD4i3f+7/UZ8tBetjTjh4eXxdv1T1WgLEQ8pzTP1t5cGr8hxyV4mahb/8EltRwY3G4fo
	A
X-Gm-Gg: ASbGncuhdnSx7/xsYZPAQb2x5R2tp7MvzRkK97A7glYC+otDaaXuUDh8vF8CKK1E9Jt
	ohO1utQi4f9w67ZYUQ/1MglpQHkGrA4SWIitIpaKs1iViL21Ai7h4NCRlSZJyLfmJcw/gu63WR7
	u1GdfDOMAeC7Y2KBkW1/r/bZb/KxmZrmURRI3frP2cV2p0c4Epe1hmmqFB8bHRfuK8h5K1fVADJ
	8CetYysmzY4ngyIL3eqEADfrH01fZ62ReQvtgFZxoxcOg==
X-Google-Smtp-Source: 
 AGHT+IFFEodoajYs8igA2jYn1QqJTbsekddMT11RH6MTTtH9Ss7NFXL488kNsWdiDtXPmP6l/MdTeQ==
X-Received: by 2002:a17:902:e5cf:b0:216:2c3b:61ba with SMTP id
 d9443c01a7336-21778516510mr112659445ad.56.1734012496861;
        Thu, 12 Dec 2024 06:08:16 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:16 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 08/12] systemd: drop intltool-native from DEPENDS
Date: Thu, 12 Dec 2024 06:07:54 -0800
Message-Id: 
 <5c6254279c8b7faf76809024ebbc02856030179e.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208642

From: Guðni Már Gilbert <gudni.m.g@gmail.com>

intltool was dropped as a dependency in v236
See commit for reference:
https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/systemd/systemd_256.5.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd_256.5.bb b/meta/recipes-core/systemd/systemd_256.5.bb
index af810c0fcd..ca164657bc 100644
--- a/meta/recipes-core/systemd/systemd_256.5.bb
+++ b/meta/recipes-core/systemd/systemd_256.5.bb
@@ -4,7 +4,7 @@ PROVIDES = "udev"
 
 PE = "1"
 
-DEPENDS = "intltool-native gperf-native libcap util-linux python3-jinja2-native"
+DEPENDS = "gperf-native libcap util-linux python3-jinja2-native"
 
 SECTION = "base/shell"
 

From patchwork Thu Dec 12 14:07:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53988
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 60B14C3DA4A
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
 [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web11.20324.1734012499162582125
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:19 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=F/TVaqRt;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f169.google.com with SMTP id
 d9443c01a7336-2166022c5caso5504975ad.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012498;
 x=1734617298; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4f9ptlUFoRe1QiRPepnyuOy7m19kqWz5mm8Go+5u3KI=;
        b=F/TVaqRt7pkQfAPi9Nf3fawUmSWuxoUmW2FB9cCua2aBm8RnTI7qYQfLfydyD0pFtC
         SuQgYndV13ByELVMhrr80IBWpD3n4ucKE7bTDnUefETeKz92IGGWfVkwqtGloOJ2Cb+q
         /Ugj6aZ8VeLW2uF7/uizCRu4xFjsEQ6pMCr9S+4UofZAVdfasnFMhMW0igJLHTEfz3GR
         CPXy+FlR6Xmpgw/hbO58DA4RchD4J8CWjqilzc64/8Km+/5e0i+HupCe58UMaYS5+6hY
         eHp/t36/TbqyBAuKRpfbwT4BydGetNiLj90NKdHbkXyCozmsUw0UDN3jrxnnCTzc4drc
         7tDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012498; x=1734617298;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4f9ptlUFoRe1QiRPepnyuOy7m19kqWz5mm8Go+5u3KI=;
        b=h9gC1bWLqyGliD5k9S57Znt4XYmrCsDSOnb3rjiNGK71jxzWl7ECqPDzv28OX0VIGy
         P5Z8PBGE5fkMOVl5/+8PXeHOYbX2QNNEEmxOqioLd8lVsEXjc2/xdGllUrkn8M2rntuh
         bZvZ6V95wn0hsnrJTKng2xJwviCy6lKRDUTU/eR70bUmz7YO/08vopz41BVX8jJZm2K4
         RKVDsLMdE73ZBSEGUhJoh2k2wcDozZjtoYDConCwOqCirasQBSM7Qs4T7VodOS+X2gpm
         vII0rMRWqCEu+x7lvEY/lOME/ggtW+zRP50I112MFm5jjs3dfDqlrhQKCzupL4wKUJH5
         20MA==
X-Gm-Message-State: AOJu0YyHtnDjY6ci+yuYgw09zyT/NSHg0c/bQg3ocSLGDcOZHMiu5JSy
	o8L8RnzwXucoNAbT/5t+VtBcKjGuk0fEobPfs0leXYBxFnjJMXrR4iK2shaqUZYATSQ2CVPxOVH
	7
X-Gm-Gg: ASbGncsrqwCXl4CRsseCPSCccVcG2b39FEk7FPv+mFBr1fyzPKH0RdXm4QqTJtR5uJo
	hFUukiOAZ3Cn89WNG7iZF5BJH/ykQeFhXbZga75ZT/W/fvtJgkpe9KJyGRNq4gSqOwPHEQKoPPV
	8Ld9y/k8PFcBsFoOQ2qMPDBoP21Jcq74TbnFxUVxRqls2x0NwgsdYFsc0j76FieMNbHfRUmqg0D
	1u8pIKtADI8ffbRx1iNEnxABlqUOKHHR4bum9cmJkayfA==
X-Google-Smtp-Source: 
 AGHT+IGhbZkhdm/jpX4BLRheaKj/cVwwdbmCcE1N8itl/fPJnj/2fm4m20HfXDKvYQjVFv+VGDZSEg==
X-Received: by 2002:a17:902:c40c:b0:216:682f:175 with SMTP id
 d9443c01a7336-2178aee86d4mr63690745ad.49.1734012498199;
        Thu, 12 Dec 2024 06:08:18 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.17
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:17 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 09/12] systemd-boot: drop intltool-native from
 DEPENDS
Date: Thu, 12 Dec 2024 06:07:55 -0800
Message-Id: 
 <0df327ea64ec6a9e99c8f96e1dab52d3db3711b3.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208643

From: Guðni Már Gilbert <gudni.m.g@gmail.com>

intltool was dropped as a dependency in v236
See commit for reference:
https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/systemd/systemd-boot_256.5.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd-boot_256.5.bb b/meta/recipes-core/systemd/systemd-boot_256.5.bb
index 9a6d8e9d6e..1fbe4ef884 100644
--- a/meta/recipes-core/systemd/systemd-boot_256.5.bb
+++ b/meta/recipes-core/systemd/systemd-boot_256.5.bb
@@ -3,7 +3,7 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/systemd:"
 
 require conf/image-uefi.conf
 
-DEPENDS = "intltool-native libcap util-linux gperf-native python3-jinja2-native python3-pyelftools-native"
+DEPENDS = "libcap util-linux gperf-native python3-jinja2-native python3-pyelftools-native"
 
 inherit meson pkgconfig gettext
 inherit deploy

From patchwork Thu Dec 12 14:07:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53991
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7FDFAE77180
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:21 +0000 (UTC)
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
 by mx.groups.io with SMTP id smtpd.web10.20319.1734012500381027931
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:20 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UExNbF05;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-2166360285dso6068755ad.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012500;
 x=1734617300; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=tprHYvX0NzUskLhhhlsLZj/WbmYATlioevug1wQ24co=;
        b=UExNbF051qyFD0lA2sY25PqedIw5SPwTtv4Xn8QORdZ3KowPbG8pQdWbgTgtyAibS6
         LSZ1EFIH62hLE+pLYey+DvrRhx83t9SDte3xFjttrxzI9PkAkh5uVbmfdDLcRrNCijqk
         7mF7B8AP/F58D8mkBjzP7EHmrjM0FvMRFG3bSkY2oa6+nD/A7juwi3EQXvwxVxZObRQc
         TPPcK0s9n5wBPndFm6QyKUfDjum23C/CWIecnPA7CZQeI1Q5C2aU4jPZTVglE9ft+SQi
         oXvTJsOZBpt1Q8kkreiDXrrraGxbGlBn4F6yoUjjGvbqxcGGgVO7SUg8NziI/+rgqCQH
         0ZBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012500; x=1734617300;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tprHYvX0NzUskLhhhlsLZj/WbmYATlioevug1wQ24co=;
        b=byAZGAn/iVy9Us9b37dyOR7XKJon9mHFgbQMHpQAoTDvf6l2q0ayXes1EkEKJoIA6i
         2APo7zDJkGmSLU1G52PhIO30Idt20NyMjJccIGvCAAZ7BiozooU6fblJfM8662C8aliK
         8jP/qm7dtGE344REbWZnlISIn35cqbXnb9m+/mGpf25p8nz2E1bKnLZ/KXqrTndPwtAf
         IXh/zVKpeT4loQ5Of6wGaljY9GFeLuttp7awwGrxCzBKDRLXLnNB7Nf2Z/b0bCOEFIDB
         y5nM/mB3XwTIz3SbAWVbK6S811fATJ94CsFwV8dpIfwK8WVzgtrB+uXx8zxdZ1OgG+M9
         oKkg==
X-Gm-Message-State: AOJu0YwnC+MVOCnsjAWMC6+1MZoD83OG3OQeGTLK+HOqcluPIMn1HJn/
	tmf1ZvkfvCVHjUkY+QiN8DGXZTtWazIZyIJHWNLNDbUDqnMftpGPOzBNxAZNrAh3/2N6zIMhLd0
	i
X-Gm-Gg: ASbGncukKqaYgyz3QutzUB3ooouDUTXZi0//87iprGRLzt9Dmg4BfDAxEjt4dlqFl+J
	wwWyAkLpWNl62EQcP1+n8H9/Nq3lP2FF77GXOV50sTrzBEMRWY/CbAi/ZsFUamecdYKyU4h4v+B
	XAk2CDv5lCgeLzRr/tlOMdHD+xC8kHsBs0UlvSCj6IzymzDNNYGDG4bXEhSTmYEPYqJFzx1Zjcp
	FvH7hIWjdJinU3NW9M3F/nw1ITNyykR1zvMOLhDJF1AsQ==
X-Google-Smtp-Source: 
 AGHT+IEd4g+ipZLV6T/jw8XlK2u55tTIwne9nQIQffJlC84+Ww/xCUlB+f7nNAkPZ/I4R8ooc9nvLg==
X-Received: by 2002:a17:902:f54b:b0:211:f6e4:d68f with SMTP id
 d9443c01a7336-2178ae50922mr61022995ad.6.1734012499663;
        Thu, 12 Dec 2024 06:08:19 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.19
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:19 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 10/12] python3-poetry-core: drop python3-six from
 RDEPENDS
Date: Thu, 12 Dec 2024 06:07:56 -0800
Message-Id: 
 <01a938f176c1eb2f753c2df50ef966cc175a2d18.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208644

From: Guðni Már Gilbert <gudni.m.g@gmail.com>

Looking at the history, python3-six was removed as a dependency
in the poetry.lock file in v1.5.2

Even before v1.5.2 and until now (v1.9.1) there is no code in
the package which imports the six module. So it can be safely
dropped from the recipe.

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb b/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb
index a073f8b069..d280721d38 100644
--- a/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb
+++ b/meta/recipes-devtools/python/python3-poetry-core_1.9.0.bb
@@ -35,7 +35,6 @@ RDEPENDS:${PN}:append:class-target = "\
 
 RDEPENDS:${PN} += "\
     python3-pip \
-    python3-six \
 "
 
 BBCLASSEXTEND = "native nativesdk"

From patchwork Thu Dec 12 14:07:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53994
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 812DDE7717F
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:31 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web11.20328.1734012501772228654
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:21 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=kX9VJmuS;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-216395e151bso4230745ad.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012501;
 x=1734617301; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=f8g+qFqJ8ysErahvVsAiiBcARiIhnBGjFlZKfLUbdeA=;
        b=kX9VJmuSEtF8iIM1qHKeQr28QSEWPJRLNFoWSr0bbSiKaS5iRO4F1dLV9AM2pLDdYh
         TE/9rX3SrU31j0nAcKRATKJzU48GcmTb/sTyYEcmFO6puZBfsRCsznx0HgQL3WjcVBE0
         qnNnFDDmJHuIlVl3PelqFJPnGlfDfXacipz23756/WE4qfs541MYKEYZq43GKsjo9gjR
         zz2AIdwsGfC61T6I8jeULA1mgH08HhLOIYoO6WHZWpSaXswgDVhPR+jHgbXQsM95oW/H
         thYsDHdZ1IsKwNPsCF6biQcyop53vXg5wvKIzmpL6pXJh0qujGbXBmg1OYcE+oAo9Det
         fBTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012501; x=1734617301;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=f8g+qFqJ8ysErahvVsAiiBcARiIhnBGjFlZKfLUbdeA=;
        b=DcAu3Y2igP9CIm6pADY4QJr0fjczZBfL+lWzGtHkAlOEqW0OaRVbQoPArf/PnNBj3j
         Ge7EL3I4h319/mE/GWa5cjA3MHvoPhRUUZuQZFpZCRoS5j3ltOT3eNT5vGAMFVOjxV+O
         +fWQ5j7NK3UKSvgZPvBWdsZmX3P0I+4WL0eriyckhMdnIcPlUNN6qorRlzDcJ9+UV+JG
         IdSSU1TXhOIclfon0pE+IMGC019xIikOD96DvW9SJikr9uENA4XzfRONaVyUTyv15mQK
         XPw37tTxa2s5ykw+Q7jGYLyB55hoZ19rMOHSnwbMNgV9JxfKzOcV51tSWDk4TgPTJV2t
         pgiA==
X-Gm-Message-State: AOJu0YzDb9MPAs+rex92kO73I2oS0V0yvVTwjg98MGfMVlu3yd3tXprR
	ARLTCdDyn23lkkeoDz87bCZsQATh/Fzmnv399uxeDzomLU5DfiInjAmV3ee7K+G7DKAAEhMB6rB
	J
X-Gm-Gg: ASbGncsS87f6rmrZUZxTVJlvXawsBz8novK6FW3e/BEXwBIOm1VhyrLggwufUf/tGHO
	9pnuRjC0hqXKPYGgpWTzawshHTaC1hSzHCzD+sJ93qMZMUsGsOL22yL2qLI/OsC04Wlt2fO7012
	NBSOx7ncgIt9A1pZ6/VEfXKFnL5Gfc/yr2ZvMsbSM5rnMyRZASx2NkR0LTqIYjygCdsNqNkYQfP
	yYP9ldMJ/9Z2QT8sKy++uYzucw6aFV+zCrnH44OL/VjJA==
X-Google-Smtp-Source: 
 AGHT+IE62NGOYnP+6IMK3WECmWEgdRRvfICzKJZ7yW5VU5P85rsz3RR/YYxs6fDCZoCeu9raGhIC4w==
X-Received: by 2002:a17:902:db02:b0:215:58be:334e with SMTP id
 d9443c01a7336-2178c8384ccmr58484075ad.10.1734012500999;
        Thu, 12 Dec 2024 06:08:20 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.20
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:20 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 11/12] dnf: drop python3-iniparse from DEPENDS and
 RDEPENDS
Date: Thu, 12 Dec 2024 06:07:57 -0800
Message-Id: 
 <82b1c8fb497f74bbc67cc6763116fa96267acc4a.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208645

From: Guðni Már Gilbert <gudni.m.g@gmail.com>

python3-iniparse dependency was dropped 2019, see the
following commit as reference:
https://github.com/rpm-software-management/dnf/pull/1329/commits/d7d0e0e2f9d8c7d021c794821ad0b56a39ebc01f

When looking at the Git history, this happened around tag 4.2.1

Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/dnf/dnf_4.21.1.bb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/dnf/dnf_4.21.1.bb b/meta/recipes-devtools/dnf/dnf_4.21.1.bb
index 09bdbd88a8..d5e2a688d4 100644
--- a/meta/recipes-devtools/dnf/dnf_4.21.1.bb
+++ b/meta/recipes-devtools/dnf/dnf_4.21.1.bb
@@ -27,7 +27,7 @@ S = "${WORKDIR}/git"
 
 inherit cmake gettext bash-completion setuptools3-base systemd
 
-DEPENDS += "libdnf librepo libcomps python3-iniparse"
+DEPENDS += "libdnf librepo libcomps"
 
 # manpages generation requires http://www.sphinx-doc.org/
 EXTRA_OECMAKE = " -DWITH_MAN=0 -DPYTHON_INSTALL_DIR=${PYTHON_SITEPACKAGES_DIR} -DPYTHON_DESIRED=3"
@@ -49,7 +49,6 @@ RDEPENDS:${PN} += " \
   python3-sqlite3 \
   python3-compression \
   python3-rpm \
-  python3-iniparse \
   python3-json \
   python3-curses \
   python3-misc \

From patchwork Thu Dec 12 14:07:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 53993
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 81310E77180
	for <webhook@archiver.kernel.org>; Thu, 12 Dec 2024 14:08:31 +0000 (UTC)
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
 by mx.groups.io with SMTP id smtpd.web11.20329.1734012503068382846
 for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:23 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xQucXZ1U;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-216395e151bso4230955ad.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 12 Dec 2024 06:08:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734012502;
 x=1734617302; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=k1hCrYzJ1AwsF0W9svoDC85jbS+5NC6ui2C9GcQjZLc=;
        b=xQucXZ1UrFJdIFFGvqSiTdBdYML2xK3vHeh9lORKuZJcDaL1DjjT3MNC6FQcse9FUX
         Xhsa/Ld5rzXXi7OIA26chiMdWXEresbcIx2besp8yIYIOWLzW2izMlLoN/IZWQ4FywZe
         Uf8TX58Ua0pK4EzJGr863pnhoNqHlUe1rIfgm+8xGieCwIJrkJNMm+z6dRcKxXBiXtns
         Cje15uwRlJzblqNNYtAy9joCRzPOlhJyo/PX3qe7Up3u9Wn8ScxBQ4BvkCKzdcM9iOrZ
         frinyaY16najuvPxq+3hUdKJAS3TOitbtFItG2sp0aRg+4odlPp9wAdFFsZ6OA8zsdjv
         9//A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734012502; x=1734617302;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=k1hCrYzJ1AwsF0W9svoDC85jbS+5NC6ui2C9GcQjZLc=;
        b=WL2/AgsjyNEcZHRKvh0Gki5sJxJUDWYjSk33BAEuRWt8dXrQflt6HSz0x9dvurefNa
         KvFqoFZKvm5Wkx6VnawOWLMT11OZJ021n79BadVP3Sdm3fTG5oHg01oCl5wZa0tm+aez
         SgH/1D+a/Q0NpCJsKsAeEcqikuH8i2nh7YypuLtVYY6hMv+D97H3UtPeUbzslirR+4/J
         b2qKQ/YJo+aFGNssHTlGLamQug2sgSmX9adiFiOSqlJp4AIA7W03VJG4e5GA9z/Tn3xz
         DmyecjSMNnXuIRMdn43jXHZoOzRswdfl0Df7WugkmGrLYGfPchLCdyk4Z38VMysIjIsr
         7cGQ==
X-Gm-Message-State: AOJu0YxU1mrcB1A47gk+ypY/s22HwKsFK2We6/hftBjR8+IcJbuVit+p
	nmFEE49A5cJ8FEFWUXGPvwyboOsrtaqP47S3mov1kzIJDTKyitTAXoGc7viwBdKcIeuCvhYXewZ
	o
X-Gm-Gg: ASbGnct6l+lwbxTATprD62edmB+4Xu7CFnAJSOMsNibm5FJqzUMF79lOpxrRR9trBQE
	s0WDDRTV5F8xQAwYA8t2NsEnKvPafQoUHXGuRt6g7NHZTLBuhX9pMkPOkKsbU9wZMP9UtoxgNO3
	99YL4HErR9dKklheZPwV/78K5A10pebkLbuiKdzg85DCoLwtxAQyasi8HaQ7d9p7muEWGFmYyYH
	MsbZcn3qrzI4RC6JW9BD9/9f9SDhwabwPa6i2UuanV+yg==
X-Google-Smtp-Source: 
 AGHT+IHioq8C3UqXgdsoJSetQfBpYrjoyfKA75suO3fhLmRdItbfTofFjGy+dwR9YSt5UfXoTA4fLQ==
X-Received: by 2002:a17:902:ec8c:b0:215:a034:3bae with SMTP id
 d9443c01a7336-2178c874391mr51442045ad.18.1734012502362;
        Thu, 12 Dec 2024 06:08:22 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-21630fee27bsm88847705ad.269.2024.12.12.06.08.21
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 12 Dec 2024 06:08:22 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][styhead 12/12] shadow: use update-alternatives to handle
 su.1 and nologin.8
Date: Thu, 12 Dec 2024 06:07:58 -0800
Message-Id: 
 <a12be809144cbca43576d15c0f0f1781eeaf5a27.1734012352.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734012352.git.steve@sakoman.com>
References: <cover.1734012352.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 12 Dec 2024 14:08:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208646

From: Sid-Ali <sidali.teir@cysec.com>

This patch fixes the following error at do_rootfs:

  update-alternatives: Error: not linking
  /PATH/TO/rootfs/usr/share/man/man1/su.1
  to /usr/share/man/man1/su.1.util-linux since
  /PATH/TO/rootfs/usr/share/man/man1/su.1
  exists and is not a link

  update-alternatives: Error: not linking
  /PATH/TO/rootfs/usr/share/man/man8/nologin.8
  to /usr/share/man/man8/nologin.8.util-linux since
  /PATH/TO/rootfs/usr/share/man/man8/nologin.8
  exists and is not a link

The problem can be reproduced by adding the following lines to local.conf
and then building an image:

  EXTRA_IMAGE_FEATURES:append = " doc-pkgs"
  IMAGE_INSTALL:append = " shadow util-linux"

su.1 and nologin.8 are handled by update-alternatives in util-linux recipe, so
do it in shadow recipe too.

Signed-off-by: Sid-Ali Teir <sidali.teir@cysec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 198c4582c6391ac87c49e09882189235c44b60e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/shadow/shadow.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 171d6e27c3..6ba5a9c7f1 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -200,10 +200,12 @@ ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw"
 ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr"
 ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
 
-ALTERNATIVE:${PN}-doc = "chfn.1 chsh.1 groups.1"
+ALTERNATIVE:${PN}-doc = "chfn.1 chsh.1 groups.1 su.1 nologin.8"
 ALTERNATIVE_LINK_NAME[chfn.1] = "${mandir}/man1/chfn.1"
 ALTERNATIVE_LINK_NAME[chsh.1] = "${mandir}/man1/chsh.1"
 ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
+ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
+ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
 
 ALTERNATIVE:${PN}-base = "newgrp groups login su"
 ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"