From patchwork Wed Jan 22 03:02:57 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55922
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6D0F7C0218D
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:37 +0000 (UTC)
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
 [209.85.214.172])
 by mx.groups.io with SMTP id smtpd.web10.34427.1737515010406886165
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:30 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=JWHacZXu;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f172.google.com with SMTP id
 d9443c01a7336-21619108a6bso109778765ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515010;
 x=1738119810; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UbVCHgsmjCFvelc7YSw6+1i6yBvoV4kSEUvC3kJWTSI=;
        b=JWHacZXuNqK/MXURW53dfiABxUFV/R++WCYB4B7iLfbi3/79MMdMkvldkuXTw6go+W
         quheOTzrXk/Df+CAt1Df/wRiFdz0qdT3RgNuJfJarlXPFO3IJDxenHye0FhkJLXloaJj
         tPPd4uNVKpkibDGi6K9cmnE8VgOABFchoPywmru7m+5xHp5Q6Oncv+VcSROED5EMg1k5
         bnVcnboMFmlQbn6zZ/aqShPKH9EYoz7Lone7LxxNzePFPr6etEFh8R2igBUjHHq8lo+G
         lISokO95L2MMKqe6JtXvE4r05xdn9Hk908Iz8PKxvSCu6DOSTI5Q4ejYxZKHKduc3mYN
         Cnnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515010; x=1738119810;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=UbVCHgsmjCFvelc7YSw6+1i6yBvoV4kSEUvC3kJWTSI=;
        b=eatO9vgWKOBFR1WBHVRBGJVEpfpx1eo8qK6LhexcNhmzKDxl6YzI1CGjMgJw/sJIlj
         DIqto/CSwbFJyp1ixPfZioKAR4GqTlmTHG86m4MxBc15FG/vsTQxTQH9YonYvXIR1LU0
         JWpactU/6aI9o2zN7UP+sPKSgMoP0gEhXqBJJCa7l201e5VEdF4pgZN6HVghgn+X7H6t
         tBQzVkE7Jv9FyAsVM37THcEZvEr8/nWQWnBSTOmP48mIRqCKhE/A9Hfh5XSn5d/XWLHu
         ObXQr2YFgSi1VyAijS+xaIqd1xq5W0q8dalZPID0P744aEDba9tzf90USUGTzI/0G0uU
         QHXw==
X-Gm-Message-State: AOJu0YzvJai/cxHrwVG6knDCCAnJlfyAb9XkUiHxXh9uC75+YdkqlCg1
	lu3uLJX28ZT1wqktZUaS8Ecjl9BH2VY1E5ilfXzVfVizwAlwWJg9p3IyuFbiIJVLSbT5ANM+udh
	0NMc=
X-Gm-Gg: ASbGncuqOpRMFOwOdL2gGhVkBuE5cw3AhLVuw/QCrPgZJKQoMLNiwCq8CMNSlgytOao
	RgmWsvZQXwC9pSI+QRClL/XTthAvrnfyYoJn1qZJ3hMWDGrF/uI4xZ8+oJobGUYABRZ0qNakfSi
	LEAZThGmtaJmp/ZaWx/gEx/8NCWD3yGucXA2f1/fiRgsQZHDjPmVPqPQO2GORsUMt814LkQ9l1V
	OwGBXmd1tYCpddPI2GrvZo9q7LOVOCLXouZJnLYujy7DMdtQzYh5rFA05c=
X-Google-Smtp-Source: 
 AGHT+IGGidVYGBUEZj4KD3v3yGML2KKCy1UBQDVLSDG8Z7OxkuS7C2MtmQa8HWvc7YzyfoZSgdD3UA==
X-Received: by 2002:a05:6a21:788f:b0:1d4:fc66:30e8 with SMTP id
 adf61e73a8af0-1eb21493cc1mr27021624637.10.1737515009191;
        Tue, 21 Jan 2025 19:03:29 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:28 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 01/14] wget: fix CVE-2024-10524
Date: Tue, 21 Jan 2025 19:02:57 -0800
Message-ID: 
 <425c3f55bd316a563597ff6ff95f8104848e2f10.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210115

From: Divya Chellam <divya.chellam@windriver.com>

Applications that use Wget to access a remote resource using
shorthand URLs and pass arbitrary user credentials in the URL
are vulnerable. In these cases attackers can enter crafted
credentials which will cause Wget to access an arbitrary host.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-10524

Upstream-patch:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../wget/wget/CVE-2024-10524.patch            | 197 ++++++++++++++++++
 meta/recipes-extended/wget/wget_1.21.4.bb     |   1 +
 2 files changed, 198 insertions(+)
 create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch

diff --git a/meta/recipes-extended/wget/wget/CVE-2024-10524.patch b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch
new file mode 100644
index 0000000000..21f990ee73
--- /dev/null
+++ b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch
@@ -0,0 +1,197 @@
+From c419542d956a2607bbce5df64b9d378a8588d778 Mon Sep 17 00:00:00 2001
+From: Tim Rühsen <tim.ruehsen@gmx.de>
+Date: Sun, 27 Oct 2024 19:53:14 +0100
+Subject: [PATCH] Fix CVE-2024-10524 (drop support for shorthand URLs)
+
+* doc/wget.texi: Add documentation for removed support for shorthand URLs.
+* src/html-url.c (src/html-url.c): Call maybe_prepend_scheme.
+* src/main.c (main): Likewise.
+* src/retr.c (getproxy): Likewise.
+* src/url.c: Rename definition of rewrite_shorthand_url to maybe_prepend_scheme,
+  add new function is_valid_port.
+* src/url.h: Rename declaration of rewrite_shorthand_url to maybe_prepend_scheme.
+
+Reported-by: Goni Golan <gonig@jfrog.com>
+
+CVE: CVE-2024-10524
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ doc/wget.texi  | 12 ++++-------
+ src/html-url.c |  2 +-
+ src/main.c     |  2 +-
+ src/retr.c     |  2 +-
+ src/url.c      | 57 ++++++++++++++++----------------------------------
+ src/url.h      |  2 +-
+ 6 files changed, 26 insertions(+), 51 deletions(-)
+
+diff --git a/doc/wget.texi b/doc/wget.texi
+index 3c24de2..503a03d 100644
+--- a/doc/wget.texi
++++ b/doc/wget.texi
+@@ -314,8 +314,8 @@ for text files.  Here is an example:
+ ftp://host/directory/file;type=a
+ @end example
+ 
+-Two alternative variants of @sc{url} specification are also supported,
+-because of historical (hysterical?) reasons and their widespreaded use.
++The two alternative variants of @sc{url} specifications are no longer
++supported because of security considerations:
+ 
+ @sc{ftp}-only syntax (supported by @code{NcFTP}):
+ @example
+@@ -327,12 +327,8 @@ host:/dir/file
+ host[:port]/dir/file
+ @end example
+ 
+-These two alternative forms are deprecated, and may cease being
+-supported in the future.
+-
+-If you do not understand the difference between these notations, or do
+-not know which one to use, just use the plain ordinary format you use
+-with your favorite browser, like @code{Lynx} or @code{Netscape}.
++These two alternative forms have been deprecated long time ago,
++and support is removed with version 1.22.0.
+ 
+ @c man begin OPTIONS
+ 
+diff --git a/src/html-url.c b/src/html-url.c
+index 896d6fc..3deea9c 100644
+--- a/src/html-url.c
++++ b/src/html-url.c
+@@ -931,7 +931,7 @@ get_urls_file (const char *file)
+           url_text = merged;
+         }
+ 
+-      new_url = rewrite_shorthand_url (url_text);
++      new_url = maybe_prepend_scheme (url_text);
+       if (new_url)
+         {
+           xfree (url_text);
+diff --git a/src/main.c b/src/main.c
+index d1c3c3e..f1d7792 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -2126,7 +2126,7 @@ only if outputting to a regular file.\n"));
+       struct iri *iri = iri_new ();
+       struct url *url_parsed;
+ 
+-      t = rewrite_shorthand_url (argv[optind]);
++      t = maybe_prepend_scheme (argv[optind]);
+       if (!t)
+         t = argv[optind];
+ 
+diff --git a/src/retr.c b/src/retr.c
+index 38c9fcf..a124046 100644
+--- a/src/retr.c
++++ b/src/retr.c
+@@ -1493,7 +1493,7 @@ getproxy (struct url *u)
+ 
+   /* Handle shorthands.  `rewritten_storage' is a kludge to allow
+      getproxy() to return static storage. */
+-  rewritten_url = rewrite_shorthand_url (proxy);
++  rewritten_url = maybe_prepend_scheme (proxy);
+   if (rewritten_url)
+     return rewritten_url;
+ 
+diff --git a/src/url.c b/src/url.c
+index 0acd3f3..6868825 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -594,60 +594,39 @@ parse_credentials (const char *beg, const char *end, char **user, char **passwd)
+   return true;
+ }
+ 
+-/* Used by main.c: detect URLs written using the "shorthand" URL forms
+-   originally popularized by Netscape and NcFTP.  HTTP shorthands look
+-   like this:
+-
+-   www.foo.com[:port]/dir/file   -> http://www.foo.com[:port]/dir/file
+-   www.foo.com[:port]            -> http://www.foo.com[:port]
+-
+-   FTP shorthands look like this:
+-
+-   foo.bar.com:dir/file          -> ftp://foo.bar.com/dir/file
+-   foo.bar.com:/absdir/file      -> ftp://foo.bar.com//absdir/file
++static bool is_valid_port(const char *p)
++{
++  unsigned port = (unsigned) atoi (p);
++  if (port == 0 || port > 65535)
++    return false;
+ 
+-   If the URL needs not or cannot be rewritten, return NULL.  */
++  int digits = strspn (p, "0123456789");
++  return digits && (p[digits] == '/' || p[digits] == '\0');
++}
+ 
++/* Prepend "http://" to url if scheme is missing, otherwise return NULL. */
+ char *
+-rewrite_shorthand_url (const char *url)
++maybe_prepend_scheme (const char *url)
+ {
+-  const char *p;
+-  char *ret;
+-
+   if (url_scheme (url) != SCHEME_INVALID)
+     return NULL;
+ 
+-  /* Look for a ':' or '/'.  The former signifies NcFTP syntax, the
+-     latter Netscape.  */
+-  p = strpbrk (url, ":/");
++  const char *p = strchr (url, ':');
+   if (p == url)
+     return NULL;
+ 
+   /* If we're looking at "://", it means the URL uses a scheme we
+      don't support, which may include "https" when compiled without
+-     SSL support.  Don't bogusly rewrite such URLs.  */
++     SSL support.  Don't bogusly prepend "http://" to such URLs.  */
+   if (p && p[0] == ':' && p[1] == '/' && p[2] == '/')
+     return NULL;
+ 
+-  if (p && *p == ':')
+-    {
+-      /* Colon indicates ftp, as in foo.bar.com:path.  Check for
+-         special case of http port number ("localhost:10000").  */
+-      int digits = strspn (p + 1, "0123456789");
+-      if (digits && (p[1 + digits] == '/' || p[1 + digits] == '\0'))
+-        goto http;
+-
+-      /* Turn "foo.bar.com:path" to "ftp://foo.bar.com/path". */
+-      if ((ret = aprintf ("ftp://%s", url)) != NULL)
+-        ret[6 + (p - url)] = '/';
+-    }
+-  else
+-    {
+-    http:
+-      /* Just prepend "http://" to URL. */
+-      ret = aprintf ("http://%s", url);
+-    }
+-  return ret;
++  if (p && p[0] == ':' && !is_valid_port (p + 1))
++    return NULL;
++
++
++  fprintf(stderr, "Prepended http:// to '%s'\n", url);
++  return aprintf ("http://%s", url);
+ }
+ 
+ static void split_path (const char *, char **, char **);
+diff --git a/src/url.h b/src/url.h
+index fb9da33..5f99b0a 100644
+--- a/src/url.h
++++ b/src/url.h
+@@ -128,7 +128,7 @@ char *uri_merge (const char *, const char *);
+ 
+ int mkalldirs (const char *);
+ 
+-char *rewrite_shorthand_url (const char *);
++char *maybe_prepend_scheme (const char *);
+ bool schemes_are_similar_p (enum url_scheme a, enum url_scheme b);
+ 
+ bool are_urls_equal (const char *u1, const char *u2);
+-- 
+2.40.0
+
diff --git a/meta/recipes-extended/wget/wget_1.21.4.bb b/meta/recipes-extended/wget/wget_1.21.4.bb
index bc65a8f7c8..b5f50f6c84 100644
--- a/meta/recipes-extended/wget/wget_1.21.4.bb
+++ b/meta/recipes-extended/wget/wget_1.21.4.bb
@@ -1,6 +1,7 @@
 SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
            file://0002-improve-reproducibility.patch \
            file://CVE-2024-38428.patch \
+           file://CVE-2024-10524.patch \
           "
 
 SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c"

From patchwork Wed Jan 22 03:02:58 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55921
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6E307C0218E
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:37 +0000 (UTC)
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com
 [209.85.216.50])
 by mx.groups.io with SMTP id smtpd.web11.34190.1737515012165601483
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=XgZoJeJn;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.50,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f50.google.com with SMTP id
 98e67ed59e1d1-2ee51f8c47dso8790785a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515011;
 x=1738119811; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6OdoIqQPJKC9x/s6uEtJ0AfAyjHKYUabBjv+nISApjQ=;
        b=XgZoJeJnNTDHbvpkOkcWj6H8ckgspKRgkxWeLoFz5VSQJ7UFndCTvfhT0mHBtTnqJY
         DglV++gNC62pTGrWam2ndQingLS+VoP3QDVwsSpNT7qjm9nYGm6UV8H6utItBzGX+w7r
         S/yEmkKuw3l0sAbHUH/IYN3qN+zvmqNZB8P+Hwu+R4S/xiKiaH6y0v9877J916hTdWGn
         K+lKLXBvlvZsmwp/vMllieKLgKOBf51wKymk7eNe0Nqj3fFF3tEsD+7LS0H8LjtYVyVm
         UzbD70R7hOaBdwU/fBHaa1Qkrw+pS6LkUDXKGfCHr1pCEMgY7eRSr2K3xgJ1ylqIdc22
         cZvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515011; x=1738119811;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6OdoIqQPJKC9x/s6uEtJ0AfAyjHKYUabBjv+nISApjQ=;
        b=KS2Vr5+KM2vnL37RA2eFTPgpxwIyx0tt5G0KEF3ZgLPppOpQKNXfXgROfx0NX5fZhN
         lHx+CiZrsC0iO5dmElbpqrr4AdiJe3dPezSmKpjs87xzsX2J8e7DpZ3w6vpxsyvKMQKw
         0YdMW1HNC8DB7otiyYEwKQeFTsLDBFBzgehrrfuX0Zw68zt/mRHmSKcnbYfcYxPntxs1
         G2Jwgtj2o3+C+PAHX7BbEEpBGPBbHmvkUVvaJh+CNnXLMNUBX8Fp7JC/p1AA/X6d6LGZ
         ENIaidF2w6/SXo3kDTst4TJTx3QGWTxHW700vK4yLl7B5o5lQCGcJcRLF0OnAkfK+Oxd
         niUw==
X-Gm-Message-State: AOJu0YxbXqCE1fSSisblBCH+SZKr8bjtJFETQPzvDbjSMgMgLvZhPeJr
	w+mTd2fmu5JNvW8TjI/h+IV2iuAbS1Y+qnXbdGusMWTkSQqBtzXtv33QzUEg6p5kqO3ZJHV8QM+
	kOl8=
X-Gm-Gg: ASbGnctdMyuxQ1Sd8IrsP1DqD9nbM1kczJd0rO23opygTc53gsshJ7cxZnTDTm7zVS/
	pGWPvW3nq/GhX1vlu8xWCXYG04BG0F7+cqc4yCr7oQUSpYifeTPX0y1Ptcz39MjbfdDorohKBJG
	UaFQyCjkuxVIMsOoA3KAbOkisdFxoCZ1oXtvl5PkeLJEzNik8KTg+05hxAKrn8FoL3vugUprc5Z
	dsNLlaZQqyrE9NE3WV8R7ZMLa0GBz+MaUoX8Xn1Y06OI+I33fgfPPpk7JA=
X-Google-Smtp-Source: 
 AGHT+IGIN+FULxOTXc3lkuy1U3jvI0CcONcB38pACXXuDNMBLaiyxOah3GP3gHAgNFLUPqjP9NkSnA==
X-Received: by 2002:a05:6a00:8084:b0:724:d758:f35 with SMTP id
 d2e1a72fcca58-72daf9bd157mr26859937b3a.2.1737515011297;
        Tue, 21 Jan 2025 19:03:31 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:30 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/14] ofono: Fix multiple CVEs
Date: Tue, 21 Jan 2025 19:02:58 -0800
Message-ID: 
 <d244d4d48615a7b08f1ab0231f074caa31790247.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210116

From: Hitendra Prajapati <hprajapati@mvista.com>

Backport fixes for:

* CVE-2024-7539 - Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc
* CVE-2024-7543 - Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=90e60ada012de42964214d8155260f5749d0dcc7
* CVE-2024-7544 - Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a240705a0d5d41eca6de4125ab2349ecde4c873a
* CVE-2024-7545 - Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=556e14548c38c2b96d85881542046ee7ed750bb5
* CVE-2024-7546 - Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=79ea6677669e50b0bb9c231765adb4f81c375f63
* CVE-2024-7547 - Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=305df050d02aea8532f7625d6642685aa530f9b0

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ofono/ofono/CVE-2024-7539.patch           | 88 +++++++++++++++++++
 .../ofono/ofono/CVE-2024-7543.patch           | 30 +++++++
 .../ofono/ofono/CVE-2024-7544.patch           | 30 +++++++
 .../ofono/ofono/CVE-2024-7545.patch           | 32 +++++++
 .../ofono/ofono/CVE-2024-7546.patch           | 30 +++++++
 .../ofono/ofono/CVE-2024-7547.patch           | 29 ++++++
 meta/recipes-connectivity/ofono/ofono_2.4.bb  |  6 ++
 7 files changed, 245 insertions(+)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
new file mode 100644
index 0000000000..7fcc620fd8
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
@@ -0,0 +1,88 @@
+From 389e2344f86319265fb72ae590b470716e038fdc Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Tue, 17 Dec 2024 11:31:29 +0200
+Subject: [PATCH] ussd: ensure ussd content fits in buffers
+
+Fixes: CVE-2024-7539
+
+CVE: CVE-2024-7539
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ drivers/atmodem/ussd.c      | 5 ++++-
+ drivers/huaweimodem/ussd.c  | 5 ++++-
+ drivers/speedupmodem/ussd.c | 5 ++++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/atmodem/ussd.c b/drivers/atmodem/ussd.c
+index aaf47b2..cee9bc5 100644
+--- a/drivers/atmodem/ussd.c
++++ b/drivers/atmodem/ussd.c
+@@ -107,7 +107,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 	const char *content;
+ 	int dcs;
+ 	enum sms_charset charset;
+-	unsigned char msg[160];
++	unsigned char msg[160] = {0};
+ 	const unsigned char *msg_ptr = NULL;
+ 	long msg_len;
+ 
+@@ -127,6 +127,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 	if (!g_at_result_iter_next_number(&iter, &dcs))
+ 		dcs = 0;
+ 
++	if (strlen(content) > sizeof(msg) * 2)
++		goto out;
++
+ 	if (!cbs_dcs_decode(dcs, NULL, NULL, &charset, NULL, NULL, NULL)) {
+ 		ofono_error("Unsupported USSD data coding scheme (%02x)", dcs);
+ 		status = 4; /* Not supported */
+diff --git a/drivers/huaweimodem/ussd.c b/drivers/huaweimodem/ussd.c
+index ffb9b2a..cfdb4ee 100644
+--- a/drivers/huaweimodem/ussd.c
++++ b/drivers/huaweimodem/ussd.c
+@@ -52,7 +52,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 	int status;
+ 	int dcs = 0;
+ 	const char *content;
+-	unsigned char msg[160];
++	unsigned char msg[160] = {0};
+ 	const unsigned char *msg_ptr = NULL;
+ 	long msg_len;
+ 
+@@ -69,6 +69,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 
+ 	g_at_result_iter_next_number(&iter, &dcs);
+ 
++	if (strlen(content) > sizeof(msg) * 2)
++		goto out;
++
+ 	msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
+ 
+ out:
+diff --git a/drivers/speedupmodem/ussd.c b/drivers/speedupmodem/ussd.c
+index 44da8ed..33441c6 100644
+--- a/drivers/speedupmodem/ussd.c
++++ b/drivers/speedupmodem/ussd.c
+@@ -51,7 +51,7 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 	int status;
+ 	int dcs = 0;
+ 	const char *content;
+-	unsigned char msg[160];
++	unsigned char msg[160] = {0};
+ 	const unsigned char *msg_ptr = NULL;
+ 	long msg_len;
+ 
+@@ -68,6 +68,9 @@ static void cusd_parse(GAtResult *result, struct ofono_ussd *ussd)
+ 
+ 	g_at_result_iter_next_number(&iter, &dcs);
+ 
++	if (strlen(content) > sizeof(msg) * 2)
++		goto out;
++
+ 	msg_ptr = decode_hex_own_buf(content, -1, &msg_len, 0, msg);
+ 
+ out:
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
new file mode 100644
index 0000000000..e48579e59a
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
@@ -0,0 +1,30 @@
+From 90e60ada012de42964214d8155260f5749d0dcc7 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:50 +0200
+Subject: [PATCH] stkutil: Fix CVE-2024-7543
+
+CVE: CVE-2024-7543
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=90e60ada012de42964214d8155260f5749d0dcc7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index 4f31af4..fdd11ad 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1876,6 +1876,10 @@ static bool parse_dataobj_mms_reference(struct comprehension_tlv_iter *iter,
+ 
+ 	data = comprehension_tlv_iter_get_data(iter);
+ 	mr->len = len;
++
++	if (len > sizeof(mr->ref))
++		return false;
++
+ 	memcpy(mr->ref, data, len);
+ 
+ 	return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch
new file mode 100644
index 0000000000..7984bc6487
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch
@@ -0,0 +1,30 @@
+From a240705a0d5d41eca6de4125ab2349ecde4c873a Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:49 +0200
+Subject: [PATCH] stkutil: Fix CVE-2024-7544
+
+CVE: CVE-2024-7544
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a240705a0d5d41eca6de4125ab2349ecde4c873a]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index fdd11ad..475caaa 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1898,6 +1898,10 @@ static bool parse_dataobj_mms_id(struct comprehension_tlv_iter *iter,
+ 
+ 	data = comprehension_tlv_iter_get_data(iter);
+ 	mi->len = len;
++
++	if (len > sizeof(mi->id))
++		return false;
++
+ 	memcpy(mi->id, data, len);
+ 
+ 	return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch
new file mode 100644
index 0000000000..a3bf13a81e
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch
@@ -0,0 +1,32 @@
+From 556e14548c38c2b96d85881542046ee7ed750bb5 Mon Sep 17 00:00:00 2001
+From: Sicelo A. Mhlongo <absicsz@gmail.com>
+Date: Wed, Dec 4 12:07:34 2024 +0200
+Subject: [PATCH] stkutil: ensure data fits in buffer
+
+Fixes CVE-2024-7545
+
+CVE: CVE-2024-7545
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=556e14548c38c2b96d85881542046ee7ed750bb5]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index 475caaa..e1fd75c 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1938,6 +1938,10 @@ static bool parse_dataobj_mms_content_id(
+ 
+ 	data = comprehension_tlv_iter_get_data(iter);
+ 	mci->len = len;
++
++	if (len > sizeof(mci->id))
++		return false;
++
+ 	memcpy(mci->id, data, len);
+ 
+ 	return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
new file mode 100644
index 0000000000..808458be2f
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
@@ -0,0 +1,30 @@
+From 79ea6677669e50b0bb9c231765adb4f81c375f63 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:52 +0200
+Subject: [PATCH] Fix CVE-2024-7546
+
+CVE: CVE-2024-7546
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=79ea6677669e50b0bb9c231765adb4f81c375f63]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/stkutil.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/stkutil.c b/src/stkutil.c
+index e1fd75c..88a715d 100644
+--- a/src/stkutil.c
++++ b/src/stkutil.c
+@@ -1783,6 +1783,10 @@ static bool parse_dataobj_frame_layout(struct comprehension_tlv_iter *iter,
+ 
+ 	fl->layout = data[0];
+ 	fl->len = len - 1;
++
++	if (fl->len > sizeof(fl->size))
++		return false;
++
+ 	memcpy(fl->size, data + 1, fl->len);
+ 
+ 	return true;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch
new file mode 100644
index 0000000000..d4feee7f7f
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch
@@ -0,0 +1,29 @@
+From 305df050d02aea8532f7625d6642685aa530f9b0 Mon Sep 17 00:00:00 2001
+From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
+Date: Tue, 3 Dec 2024 21:43:51 +0200
+Subject: [PATCH] Fix CVE-2024-7547
+
+CVE: CVE-2024-7547
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=305df050d02aea8532f7625d6642685aa530f9b0]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index def47e8..f79f59d 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1475,6 +1475,9 @@ static gboolean decode_command(const unsigned char *pdu, int len,
+ 	if ((len - offset) < out->command.cdl)
+ 		return FALSE;
+ 
++	if (out->command.cdl > sizeof(out->command.cd))
++		return FALSE;
++
+ 	memcpy(out->command.cd, pdu + offset, out->command.cdl);
+ 
+ 	return TRUE;
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index f8ade2b2f8..852c71948e 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -16,6 +16,12 @@ SRC_URI = "\
     file://CVE-2023-2794-0002.patch \
     file://CVE-2023-2794-0003.patch \
     file://CVE-2023-2794-0004.patch \
+    file://CVE-2024-7539.patch \
+    file://CVE-2024-7543.patch \
+    file://CVE-2024-7544.patch \
+    file://CVE-2024-7545.patch \
+    file://CVE-2024-7546.patch \
+    file://CVE-2024-7547.patch \
 "
 SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
 

From patchwork Wed Jan 22 03:02:59 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55917
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5C6BDC0218B
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:37 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web10.34428.1737515014020302211
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:34 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=I3tZs+El;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-216728b1836so109377525ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515013;
 x=1738119813; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=vVU6OlNosesVc8GeD9f3zhn/DAHu8nl6ef1H4kQOMaQ=;
        b=I3tZs+ElV/6s5RmSZMy3Zc1+PRFntzdDg+/R6ftsLjJRcaPScISlgw4F0Xl3WDAJgR
         GIpIzD0OwXDND5WX3qqeEJfkh3tPlDI+Sj3jQ8w2CJCWqpbFUJ6zhr5WucROpGhY5K3/
         KqquaMmkpV3h02umLKppztn0yKrRbDOCKlN5l8qWr2/OUo5F3sySjyUsModjjmnU4t1+
         ldb7GSVODrCQaaOrLHcHRa0D6gKrZktZqUFcg4nVgGQo43N4mQPkva4MUpsGjxU90FxW
         A9uawn6A6Ch1Z+mHP8X3GOeaqdJec3aAVWi7xb8GpSyEdpb7tglJn9TemYwXKtQBqioW
         +j/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515013; x=1738119813;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vVU6OlNosesVc8GeD9f3zhn/DAHu8nl6ef1H4kQOMaQ=;
        b=aRoweOlruKklFC2PkM4HRopCoaEGRcZ1Hn6HKVI9Gy1zLWNOuUQt6Y4WbZOkRg+STY
         0PkpS4T5G+l1EdH8gJZsMdRrse8OvzxfUj+AMFB7A0KtIRHbNAH4IpruoCTGcF5Ck2/0
         Rkc/qX43smZVeeoj+8ZAaZwzqjJpiTpSIX8Sw9G1m5DNurvB+u71wqA3kloqJYkOGOHX
         ALxVY3oZP9XC1c/QbECaqJ9LhZ5F7kRaxHTyMoGQTU60HllU5F0x73htjzM405cNjZZw
         Dg14BREEGogyF5ceWtwV3bjdyuuOLOsrQYBFNh0WcYl05lBBOYi0oqB97gWNDRtsS4Hq
         Em8A==
X-Gm-Message-State: AOJu0Yy76a0RONMRW5kKIR6szSBoPwB8Efps48sxVAoPIJi0ftVtuzYB
	16KiERU+zVMcNAmYaptl5gY4H4k+7uvK0XAWfaHrjKwcNLgfU9RNtcMS2jRyeFHLELXs5yzymTz
	ZXv4=
X-Gm-Gg: ASbGnctMQ2nb+IN0XCY0XDkybn/JP3lanZs0Von9LPJMZ/rAxwNYX7rOzjCvrbTQLrq
	gaMkg0JzgwT6q6x9acaV5axG7dn5s4PFcYB1G8NTuPeDuRsB1/XZ5xt/wIc6mBA9zIN+Jkodckt
	qOtR9cBWvbf3OPpFHRxUAvqchXKCpapGp4A4fjiBEhiBsBYXFUPXlCc3BM4QXgcOz07mghiXkYQ
	JOE48kl8TFYbctisSns0uceAjFn2Laxj+2JIhKRzOvH64GbqOEzLm5b5rM=
X-Google-Smtp-Source: 
 AGHT+IElPgG/m94dwuW+Ls2crkmlIVcBcepe8juuAk/niWF5pU1OhKgDlwRNKQ8A5oMDXENQwqaYSg==
X-Received: by 2002:a05:6a21:6d91:b0:1e0:cbd1:8046 with SMTP id
 adf61e73a8af0-1eb21174c17mr30397889637.0.1737515013184;
        Tue, 21 Jan 2025 19:03:33 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:32 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 03/14] avahi: fix CVE-2024-52616
Date: Tue, 21 Jan 2025 19:02:59 -0800
Message-ID: 
 <28de3f131b17dc4165df927060ee51f0de3ada90.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210117

From: Zhang Peng <peng.zhang1.cn@windriver.com>

CVE-2024-52616:
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs
randomly only once at startup, incrementing them sequentially after that. This
predictable behavior facilitates DNS spoofing attacks, allowing attackers to
guess transaction IDs.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52616]
[https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm]

Upstream patches:
[https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   1 +
 .../avahi/files/CVE-2024-52616.patch          | 104 ++++++++++++++++++
 2 files changed, 105 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch

diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 1f18d4491d..1163c17e20 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -35,6 +35,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \
            file://CVE-2023-38471-2.patch \
            file://CVE-2023-38472.patch \
            file://CVE-2023-38473.patch \
+           file://CVE-2024-52616.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
new file mode 100644
index 0000000000..a156f98728
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
@@ -0,0 +1,104 @@
+From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 11 Nov 2024 00:56:09 +0100
+Subject: [PATCH] Properly randomize query id of DNS packets
+
+CVE: CVE-2024-52616
+Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++--------
+ configure.ac           |  3 ++-
+ 2 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
+index 971f5e714..00a15056e 100644
+--- a/avahi-core/wide-area.c
++++ b/avahi-core/wide-area.c
+@@ -40,6 +40,13 @@
+ #include "addr-util.h"
+ #include "rr-util.h"
+ 
++#ifdef HAVE_SYS_RANDOM_H
++#include <sys/random.h>
++#endif
++#ifndef HAVE_GETRANDOM
++#  define getrandom(d, len, flags) (-1)
++#endif
++
+ #define CACHE_ENTRIES_MAX 500
+ 
+ typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry;
+@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine {
+     int fd_ipv4, fd_ipv6;
+     AvahiWatch *watch_ipv4, *watch_ipv6;
+ 
+-    uint16_t next_id;
+-
+     /* Cache */
+     AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
+     AvahiHashmap *cache_by_key;
+@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) {
+     avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0));
+ }
+ 
++static uint16_t get_random_uint16(void) {
++    uint16_t next_id;
++
++    if (getrandom(&next_id, sizeof(next_id), 0) == -1)
++        next_id = (uint16_t) rand();
++    return next_id;
++}
++
++static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) {
++    uint16_t next_id;
++
++    next_id = get_random_uint16();
++    while (find_lookup(e, next_id)) {
++        /* This ID is already used, get new. */
++        next_id = get_random_uint16();
++    }
++    return next_id;
++}
++
++
+ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+     AvahiWideAreaLookupEngine *e,
+     AvahiKey *key,
+@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+     /* If more than 65K wide area quries are issued simultaneously,
+      * this will break. This should be limited by some higher level */
+ 
+-    for (;; e->next_id++)
+-        if (!find_lookup(e, e->next_id))
+-            break; /* This ID is not yet used. */
+-
+-    l->id = e->next_id++;
++    l->id = avahi_wide_area_next_id(e);
+ 
+     /* We keep the packet around in case we need to repeat our query */
+     l->packet = avahi_dns_packet_new(0);
+@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
+         e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
+ 
+     e->n_dns_servers = e->current_dns_server = 0;
+-    e->next_id = (uint16_t) rand();
+ 
+     /* Initialize cache */
+     AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache);
+diff --git a/configure.ac b/configure.ac
+index a3211b80e..31bce3d76 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES
+ # whether libc's malloc does too. (Same for realloc.)
+ #AC_FUNC_MALLOC
+ #AC_FUNC_REALLOC
+-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname])
++AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom])
++AC_CHECK_HEADERS([sys/random.h])
+ 
+ AC_FUNC_CHOWN
+ AC_FUNC_STAT
+

From patchwork Wed Jan 22 03:03:00 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55918
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5F5B5C02182
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:37 +0000 (UTC)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com
 [209.85.216.42])
 by mx.groups.io with SMTP id smtpd.web11.34191.1737515015358302138
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:35 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=V/lAQUws;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.42,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f42.google.com with SMTP id
 98e67ed59e1d1-2eed82ca5b4so10991192a91.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515015;
 x=1738119815; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=2bS3EnvPtqdujFy/QmD8f38Tj/M2eblVWJ+Kw4kfxzE=;
        b=V/lAQUws7k/bDgtMjbw5CqMZplvURPA3ljsMFVsUHbOcYdfSdbHIYkMdUb312rX14c
         Fgurdt/ajHVJC8AnoXyrqvuNqF9uLeoIZy1b20f7jXnymqIfVrh6WaSE1Ed+sqjmwFjH
         H7JXwFoyjhSkSGurmSP6eLRg0aEchKEXg+73mkkcGiUJp+b1mAraSkyNEeE21O+lR9le
         80bcWtY/rg6xwNQPtOGOG86qO7GbuLIfVGZc5xAAAQO6wVUMcK+LcdKgVI/lnCSVGZ+M
         3n7LvkMcOb6Ln+F9mJd/yTHnj0Zx01CdhzDpo/cDKtAQGAJZPRSSATh2Lv2pHM4rna9/
         PdxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515015; x=1738119815;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=2bS3EnvPtqdujFy/QmD8f38Tj/M2eblVWJ+Kw4kfxzE=;
        b=u47U2VZ+VIdn7Ku0UOMysTfu96toxssoewoHrnR14oW9RlrDVW2R/NFMrQIbXF8yJx
         rUQOVTHfntCmktWHQF/uH3OXyBCpg0goGC8yCesUnPgii7nM2Pv4VhwbMxW7FSRxXspI
         BHox3Ng/HeZUczIqwAzedQ9uW3dXOfj3EzH8QV5wnzFq26iNMTqccymTDOIAEGIM6lTe
         RbAcMcE7UJdSr6Bpmwl6yxhdYNPIvpvtVTdqlhsatgI3mA84n6setZ91YDL9QdNi68XD
         YFZ4x9vlM0/gw+wXUtAppLayaDJo2f3+0ktHche72v7P+wDWqd3Lrn38ScEuYiLSGjIk
         Gcrw==
X-Gm-Message-State: AOJu0Yw0iXg4Xz/1RnS3PQ+dtdpB20CUfDMf9uMhb2joEH8BbNwKhtU6
	MJB6s3EvcnGP/NGl4MPPO+kUN6oC1zN7clIdK41y2vO1OwV41jJ5U0RmoK6WLxkLgPVK7hyrsvj
	pzgo=
X-Gm-Gg: ASbGncv1yZBK4vzXzivdql0sgnj8RPVui5iHN/lFuvXbQOqsM60zvwULwnStlt1Apwu
	5WbRudAupJQRyv7jtAyNUAqINXOJTHXY5TLTFT0B1oS9DFc10MgzM7TYocelsdzV6SrxYRFsSj7
	/4s7JQh/EDZOiF1hwBU6wVIsOKJwUQqjjRxT1etMQC9JQP6sBH4FXlT0ed3nkyCGi/I0sjxaytJ
	xYKUAetMIg0u2A/EdLM0711LFr90GzsMZLYH7wfsnOM8sN0TKODPqhkDgM=
X-Google-Smtp-Source: 
 AGHT+IHcTXNIdkP+8Vx4iiZfv+wvqQNpuWkBfJ1pniIUGEd3Q8tLkobUW1sS88PbCPnzIEdBoPHhKw==
X-Received: by 2002:a05:6a00:a95:b0:72d:8fa2:9998 with SMTP id
 d2e1a72fcca58-72dafa44feamr30439186b3a.14.1737515014673;
        Tue, 21 Jan 2025 19:03:34 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.34
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:34 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 04/14] socat: patch CVE-2024-54661
Date: Tue, 21 Jan 2025 19:03:00 -0800
Message-ID: 
 <efa7a5e5a8448ae52152ee8ebbf5c51d691a34d2.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210118

From: Peter Marko <peter.marko@siemens.com>

Picked upstream commit
https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f

Since this was the only commit in 1.8.0.2 it also contained release
changes which were dropped.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../socat/files/CVE-2024-54661.patch          | 113 ++++++++++++++++++
 .../socat/socat_1.8.0.0.bb                    |   1 +
 2 files changed, 114 insertions(+)
 create mode 100644 meta/recipes-connectivity/socat/files/CVE-2024-54661.patch

diff --git a/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
new file mode 100644
index 0000000000..3bf685ebd9
--- /dev/null
+++ b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
@@ -0,0 +1,113 @@
+From 4ee1f31cf80019c5907876576d6dfd49368d660f Mon Sep 17 00:00:00 2001
+From: Gerhard Rieger <gerhard@dest-unreach.org>
+Date: Fri, 6 Dec 2024 11:42:09 +0100
+Subject: [PATCH] Version 1.8.0.2 - CVE-2024-54661: Arbitrary file overwrite in
+ readline.sh
+
+CVE: CVE-2024-54661
+Upstream-Status: Backport [https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ readline.sh | 10 +++++++--
+ test.sh     | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 71 insertions(+), 2 deletions(-)
+
+diff --git a/readline.sh b/readline.sh
+index b6f8438..1045303 100755
+--- a/readline.sh
++++ b/readline.sh
+@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then
+ else
+     HISTOPT=
+ fi
+-mkdir -p /tmp/$USER || exit 1
+ #
+ #
+ 
+-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
++if test -w .; then
++    STDERR=./socat-readline.${1##*/}.log
++    rm -f $STDERR
++else
++    STDERR=/dev/null
++fi
++
++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
+ 
+diff --git a/test.sh b/test.sh
+index 46bebf8..5204ac7 100755
+--- a/test.sh
++++ b/test.sh
+@@ -19154,6 +19154,69 @@ esac
+ N=$((N+1))
+ 
+ 
++# Test the readline.sh file overwrite vulnerability
++NAME=READLINE_SH_OVERWRITE
++case "$TESTS" in
++*%$N%*|*%functions%*|*%bugs%*|*%readline%*|*%security%*|*%$NAME%*)
++TEST="$NAME: Test the readline.sh file overwrite vulnerability"
++# Create a symlink /tmp/$USER/stderr2 pointing to a temporary file,
++# run readline.sh
++# When the temporary file is kept the test succeeded
++if ! eval $NUMCOND; then :
++elif ! cond=$(checkconds \
++		  "" \
++		  "" \
++		  "readline.sh" \
++		  "" \
++		  "" \
++		  "" \
++		  "" ); then
++    $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N
++    numCANT=$((numCANT+1))
++    listCANT="$listCANT $N"
++    namesCANT="$namesCANT $NAME"
++else
++    tf="$td/test$N.file"
++    te="$td/test$N.stderr"
++    tdiff="$td/test$N.diff"
++    da="test$N $(date) $RANDOM"
++    echo "$da" >"$tf"
++    ln -sf "$tf" /tmp/$USER/stderr2
++    CMD0="readline.sh cat"
++    printf "test $F_n $TEST... " $N
++    $CMD0 </dev/null >/dev/null 2>"${te}0"
++    rc0=$?
++#    if [ "$rc0" -ne 0 ]; then
++#	$PRINTF "$CANT (rc0=$rc0)\n"
++#	echo "$CMD0"
++#	cat "${te}0" >&2
++#	numCANT=$((numCANT+1))
++#	listCANT="$listCANT $N"
++#	namesCANT="$namesCANT $NAME"
++#    elif ! echo "$da" |diff - "$tf" >$tdiff; then
++    if ! echo "$da" |diff - "$tf" >$tdiff; then
++	$PRINTF "$FAILED (diff)\n"
++	echo "$CMD0 &"
++	cat "${te}0" >&2
++	echo "// diff:" >&2
++	cat "$tdiff" >&2
++	numFAIL=$((numFAIL+1))
++	listFAIL="$listFAIL $N"
++	namesFAIL="$namesFAIL $NAME"
++    else
++	$PRINTF "$OK\n"
++	if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
++	if [ "$DEBUG" ];   then cat "${te}0" >&2; fi
++	if [ "$VERBOSE" ]; then echo "$CMD1"; fi
++	if [ "$DEBUG" ];   then cat "${te}1" >&2; fi
++	numOK=$((numOK+1))
++	listOK="$listOK $N"
++    fi
++fi # NUMCOND
++ ;;
++esac
++N=$((N+1))
++
+ # end of common tests
+ 
+ ##################################################################################
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
index 912605c95c..bb39730005 100644
--- a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
+++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
            file://0001-fix-compile-procan.c-failed.patch \
+           file://CVE-2024-54661.patch \
 "
 
 SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"

From patchwork Wed Jan 22 03:03:01 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55920
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 71BA1C02190
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:37 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web11.34193.1737515017216995664
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:37 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=IiZKzUpw;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-219f8263ae0so114037265ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515016;
 x=1738119816; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=5VjNJ0pOwi5xr5ImzUmoZ2K3PCaFepFf79j4TX/PnlU=;
        b=IiZKzUpwNctijXg+z7H6rt82jp6cyae7ryYuGO/73M4IGg/R9hlg7jKfg5geMGFX3u
         KEReHpFH7WlSLlc3E5PpAIRT/rK7nu13QSX4/eTKcIvUsZ7GIQRQEFIKFXe758eXaHEM
         C+jG6LJaHtUtZUj0ZqHgHh5Qh2VcEofILvtYc+d+uPjeKDtkoVev/i/CN8JIIKkgotZh
         tvcWUgYei9+KsGZTjQBDcwgc15ButheZZqQRQ8i74yrbWjDB1P42D/3cNmVib+eNi8dy
         JpLxRKh/c7BLJ75wW/nxWnz61NrQDNlmxMDcUsewXbWtudS/vi1Y4Su1wPxhLIM/VoPX
         4kyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515016; x=1738119816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5VjNJ0pOwi5xr5ImzUmoZ2K3PCaFepFf79j4TX/PnlU=;
        b=wGRoaVCj7E4qBAl0sYNpWjhYEyYiEZfljcriYgSZffYi0vrrVddZFBIJ43I5sJ4pty
         8D81W3Fc4ec61GUerXbr2+eypqnHSpmjM6nUzbXzQniT3n1BOacaP1x79PnsC9OIdiTe
         RCeLQeskqAG3Q7+qJ9qSU8cZLzVmP1mbNXcr3eR24Ipg5MZ29L8sOPQVIJOqtFdY+nv4
         zEPbBKmVCUwlul9EHOtRXlug3zA9y/tmFcpXC9C4gVpmE01QtvC/I1MWZEQRpAC8rRAj
         MeMAVBx833MN5HJxFkNbs6vEcaT5g/NgimwrmsWUHfD3PzRYAnOmzhHnniA6Dez85XX7
         YOFw==
X-Gm-Message-State: AOJu0YyweozyBvZtmnz1qlJdprjJ6M1ln4kWQMsHyYwjxOWD4JekaTF9
	4UPwecDS6ObhNKWCor/Vey13ydWQO9p6ingue+tNZRgtYcEFW5S3IS0kqGdPW1ySkIFK8UzxL5e
	u4T8=
X-Gm-Gg: ASbGncttPiSSwehDKcr/pkKZmczDI4bP7X5qvnz/of22PD4zrbRhNb27Fmvxh4ovlds
	+J0XXt5ZlYQQlIxCbehcFkQjNlI4iWHBm0yWkgbAUPx5+CudCrIgovCFNVZcYGWF5O/YpQF90MT
	gQ8Yg3NbfMMw20LkWd+bzEGdWO3azLr25DJdqj/MA8kz3ZU6ymeaMnJW9vTqmn+uCbCgxkcK7MK
	PqfgnF23hFUEyOr+DCaRwxWVtFDFIXP/PDKby9EGf9ghfHbrjzEpdlXCxs=
X-Google-Smtp-Source: 
 AGHT+IGnLjN+KRPhSsjPngJ39rgmZiEoh7zAg1kz1seR2LLHjSvhK71zqvsPqPNoQwHYCGdtt+LgEQ==
X-Received: by 2002:a05:6a00:928b:b0:72d:8d98:c257 with SMTP id
 d2e1a72fcca58-72daf930ff5mr24671416b3a.2.1737515016520;
        Tue, 21 Jan 2025 19:03:36 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.35
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:36 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 05/14] ofono: patch CVE-2024-7540, CVE-2024-7541,
 CVE-2024-7542
Date: Tue, 21 Jan 2025 19:03:01 -0800
Message-ID: 
 <6f55cecbff1e5be7dda7484b8b04f7ccfbdceb1b.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210119

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick commit
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...024-7540_CVE-2024-7541_CVE-2024-7542.patch | 52 +++++++++++++++++++
 meta/recipes-connectivity/ofono/ofono_2.4.bb  |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
new file mode 100644
index 0000000000..0b06e057e5
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
@@ -0,0 +1,52 @@
+From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Tue, 17 Dec 2024 11:31:28 +0200
+Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use
+
+Fixes: CVE-2024-7540
+Fixes: CVE-2024-7541
+Fixes: CVE-2024-7542
+
+CVE: CVE-2024-7540
+CVE: CVE-2024-7541
+CVE: CVE-2024-7542
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ drivers/atmodem/sms.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c
+index d994856b..0668c631 100644
+--- a/drivers/atmodem/sms.c
++++ b/drivers/atmodem/sms.c
+@@ -412,7 +412,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data)
+ 	struct sms_data *data = ofono_sms_get_data(sms);
+ 	GAtResultIter iter;
+ 	const char *hexpdu;
+-	unsigned char pdu[176];
++	unsigned char pdu[176] = {0};
+ 	long pdu_len;
+ 	int tpdu_len;
+ 
+@@ -479,7 +479,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data)
+ 	struct sms_data *data = ofono_sms_get_data(sms);
+ 	GAtResultIter iter;
+ 	const char *hexpdu;
+-	unsigned char pdu[176];
++	unsigned char pdu[176] = {0};
+ 	long pdu_len;
+ 	int tpdu_len;
+ 
+@@ -661,7 +661,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data)
+ 	struct sms_data *data = ofono_sms_get_data(sms);
+ 	GAtResultIter iter;
+ 	const char *hexpdu;
+-	unsigned char pdu[176];
++	unsigned char pdu[176] = {0};
+ 	long pdu_len;
+ 	int tpdu_len;
+ 	int index;
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index 852c71948e..097a0e0566 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "\
     file://CVE-2024-7545.patch \
     file://CVE-2024-7546.patch \
     file://CVE-2024-7547.patch \
+    file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
 "
 SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
 

From patchwork Wed Jan 22 03:03:02 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55928
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9A06BC0218F
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:47 +0000 (UTC)
Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com
 [209.85.216.51])
 by mx.groups.io with SMTP id smtpd.web10.34432.1737515018904832596
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:38 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ItZ24hSw;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.51,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f51.google.com with SMTP id
 98e67ed59e1d1-2f441904a42so11524580a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515018;
 x=1738119818; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=CFbN/mEV9Y5Mm/0BpnO6G7l8VJDfBKz0Q1H6wTjXqYs=;
        b=ItZ24hSwbK7MeKCUKplkVpQLon/PCy85mR2cYXeT7L69ros+8BU/7wscyiMRHruKRg
         n4FgYcsiUqYDgiD1RnlgZyQYTDeh8fO354NWADk5DFSKyJUHZQB7dReRsgo7bk6BZRcg
         KOWXlYpsnzcH+DopgFfOFtQq2QXk2iiQXXBISoEvGmmESI/lVsdjZyFmAOM5iwdr/a1q
         Am+gQixrYMkD1HkXeYVkL5fvoCW2x4jV68U6ByAouEgIAun3EsFoRtfvjOxO79KQtg8Z
         BYQavGc8yyRufhPzh1itqmxD21jbr3Z+uGkx7k+K18QOqieZFLIkQi2ClU7k1/eILY9E
         InpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515018; x=1738119818;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CFbN/mEV9Y5Mm/0BpnO6G7l8VJDfBKz0Q1H6wTjXqYs=;
        b=s1/45SosvkpMSb1SXitHzdQQ4EA94NdiYiQ7T8ShwE8b1rvDtIEDTeP21DeqEDdfbt
         gNmMMyBY0SWOTw61wHO12Gu/MwpRD4t+bh8VG7cZjRujNarERVrLUdcGUgOYK7IzAgpY
         fCbT7jWL7F4uFlGwnNJXe+dmBugab8z+juUJPoNAFCZQ4iQBD6fUNrJFPx5+ZKfHT8yk
         c6oM6Cwf9wTocPBt69CpmB4w8MvHfAFiX4KjhUdtpE0waUkHsCxDLo7S5xTwp1A4SKBb
         fTbG0B0Qzk3xb9FscG/nwUA5dwC2YPAoQXTY6Aw4BZJEHnk7SqCbInfwE7XjcrRpgLtv
         3XRw==
X-Gm-Message-State: AOJu0YyLpW9P/Euz4Hk448TOauoes9fPyubJZkgTeyv6nGkIUerXIoy+
	Pd00oGSYKZ3jljl0oC7MfK+uY2USo32Nc0oV7SBd2tHfld0aalF7AMjao/0sETUT3NRqfdfP4KR
	ZO1I=
X-Gm-Gg: ASbGncuBw7PpFvT6DRKKrRAYz1b1WSUjz4xWSgFCstjXWsbqItbSTDrBAbEBnEbLJR1
	8JyfPRoYJohBFXjZACkm350aK3/M1/AJF8u7ndfPEiVe9R/yM4r6+XFLeXZfKWZUdxoG6X0Zg9x
	+OlT/Nl3a85t8+PMyB+z4xGIgfplIbeRVF/1UChnA4H3jKkFlhUNIXs1Fg1hxgGHdHDM9RvOQ5O
	/ocheF4ZvxtK3237Wuq3qRzWvRupDzHdeX/RsJ0SB4yJlSjXFcLlUZjdAQ=
X-Google-Smtp-Source: 
 AGHT+IGIHDJfl5vF8Rvi7TEt01YJn4rJglheaR2uVSkVPMd8VH5Dobn7YXwvEc8YA++uakW1wVMAZw==
X-Received: by 2002:a05:6a00:4293:b0:727:3cd0:122f with SMTP id
 d2e1a72fcca58-72dafa04710mr26067837b3a.9.1737515018124;
        Tue, 21 Jan 2025 19:03:38 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.37
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:37 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 06/14] ofono: patch CVE-2023-4232
Date: Tue, 21 Jan 2025 19:03:02 -0800
Message-ID: 
 <476ef12ab91aada032ea0e6acc5a0044497ace25.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210120

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick commit
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ofono/ofono/CVE-2023-4232.patch           | 31 +++++++++++++++++++
 meta/recipes-connectivity/ofono/ofono_2.4.bb  |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
new file mode 100644
index 0000000000..516cbf779c
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
@@ -0,0 +1,31 @@
+From 2ff2da7ac374a790f8b2a0216bcb4e3126498225 Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:52 +0200
+Subject: [PATCH] smsutil: check status report fits in buffer
+
+Fixes CVE-2023-4232
+
+CVE: CVE-2023-4232
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=2ff2da7ac374a790f8b2a0216bcb4e3126498225]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index ac89f16c..a706e26f 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1088,6 +1088,9 @@ static gboolean decode_status_report(const unsigned char *pdu, int len,
+ 		if ((len - offset) < expected)
+ 			return FALSE;
+ 
++		if (expected > (int)sizeof(out->status_report.ud))
++			return FALSE;
++
+ 		memcpy(out->status_report.ud, pdu + offset, expected);
+ 	}
+ 
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index 097a0e0566..a6a4852a63 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "\
     file://CVE-2024-7546.patch \
     file://CVE-2024-7547.patch \
     file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
+    file://CVE-2023-4232.patch \
 "
 SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
 

From patchwork Wed Jan 22 03:03:03 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55923
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7108DC02182
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:47 +0000 (UTC)
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com
 [209.85.216.44])
 by mx.groups.io with SMTP id smtpd.web11.34195.1737515020629193500
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:40 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=DFUb8gpY;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.44,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f44.google.com with SMTP id
 98e67ed59e1d1-2f43da61ba9so8410016a91.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515020;
 x=1738119820; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6KgKdcH/wdD6aFcxZdHCuv0n1RGp8D6Z9Y3y7r+iNFo=;
        b=DFUb8gpYrhkKRZWSVBrVC3jYtE+SJ0yM/Ah9beO3MgmpAsFehRYmgYapNh38pMGWIA
         ynwQJPyfAFedbbFWjtB9YZaclkNoQtcCTlvsCgGV9A0xkLOi0+//1GzsHW/WqkihhYpf
         EsLiA9rBHqpAq7F8lpVj9S5JARA4q9EgeLKR2LLO6nI32/51qRDUIzym34Eu3g3YAx+e
         PoGgWYrqwqMftvGH4w3PT8ax+s3X4vWllTEjVCtsmIW99c5Q7yngz2LY1afecIz+61DY
         hFSOuOocy7nbPXB7gJyqEkcUN0VOlzNOFC3eB7zn/HGMN8R1cZ2+V70IYQOoctaLZnDJ
         8Dbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515020; x=1738119820;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6KgKdcH/wdD6aFcxZdHCuv0n1RGp8D6Z9Y3y7r+iNFo=;
        b=epj+QHT4ag+zrgQnJexqcD92pNlWSBoFD2dyBEf7jZWitx/fGZH8XEntWKUOTawRt/
         f4Ociw9+99NuLjPeTb5e1V47Y35fuPH32oUcG4eujmYDQh6I+PsxKLiMRURP9BSo6Zx3
         OelJMROFmHv2iumHr0wsXfGPafyzRHz7dymi52TjwM47drb5XA0YlebOHp5+JBowZLS2
         yNq5U5YQKSFKcKagi9qOIGWp6OK6op0c55WFInlvxQb/BBlGeyPkreS2GWunaM2QJEtV
         R4qdbYWAwPgm698uYHMnv5UUmgg8eBdZ9M455KUOERXjdOXGkMOPvw6O+k1td6rJ/L3/
         5yDQ==
X-Gm-Message-State: AOJu0YxPoPaPfaoujy9aHt2qA0oarPUUaN23DZYc6cqyHkArxZB77kUW
	aLQw2VB8pasRFrSIma/fJh6H+xBjCj7qnCVE/d13J8wWoRTfHy8rx4iF3JkafMGwffqw2XplTkX
	a4aw=
X-Gm-Gg: ASbGncuMLi65KkXpUryvgxhLRPm0YE6vcBnPKHndbjwo1ObhSTL1bA3Tzs51gZQboOq
	RiOMrpH7+8gQxr1HpRmHFeTtd8JGboNDHcZrNt/Uh6ldaWQsYSfhtdM0TzMuFI8Cv6oloMFzS7o
	QDMhFrTzdYCm0JMI0VrDvx0IMYMn7xV0TPnyJyqIhVH3ChecxIl/r74v+gn/ft2tdaVSJpyZo6Z
	5KR6OxxzErA8SoOvuKa/+jRkJQ66XeXEsIMFZEQVVW8KIbi7S26P0adSac=
X-Google-Smtp-Source: 
 AGHT+IEwgUd03bSpVTE+5I1TBbCFg3dghwWiDIJXhW/TGLX5zmTGvROq0TFcBlIxowH9e6JRxBmyrQ==
X-Received: by 2002:a05:6a00:4c94:b0:724:e75b:22d1 with SMTP id
 d2e1a72fcca58-72dafa800c4mr28352406b3a.16.1737515019877;
        Tue, 21 Jan 2025 19:03:39 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.39
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:39 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 07/14] ofono: patch CVE-2023-4235
Date: Tue, 21 Jan 2025 19:03:03 -0800
Message-ID: 
 <5adbece7dcbb547ea44207fa1a9ddc7d56766b1b.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210121

From: Peter Marko <peter.marko@siemens.com>

Cherry-pick commit
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=02aa0f9bad3d9e47a152fc045d0f51874d901d7e

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ofono/ofono/CVE-2023-4235.patch           | 38 +++++++++++++++++++
 meta/recipes-connectivity/ofono/ofono_2.4.bb  |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch

diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
new file mode 100644
index 0000000000..059f9bbfee
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
@@ -0,0 +1,38 @@
+From 02aa0f9bad3d9e47a152fc045d0f51874d901d7e Mon Sep 17 00:00:00 2001
+From: "Sicelo A. Mhlongo" <absicsz@gmail.com>
+Date: Wed, 4 Dec 2024 10:18:51 +0200
+Subject: [PATCH] smsutil: check deliver reports fit in buffer
+
+Fixes CVE-2023-4235
+
+CVE: CVE-2023-4235
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=02aa0f9bad3d9e47a152fc045d0f51874d901d7e]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/smsutil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 484bfd0b..ac89f16c 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -1240,10 +1240,16 @@ static gboolean decode_deliver_report(const unsigned char *pdu, int len,
+ 			return FALSE;
+ 
+ 		if (out->type == SMS_TYPE_DELIVER_REPORT_ERROR) {
++			if (expected > (int) sizeof(out->deliver_err_report.ud))
++				return FALSE;
++
+ 			out->deliver_err_report.udl = udl;
+ 			memcpy(out->deliver_err_report.ud,
+ 					pdu + offset, expected);
+ 		} else {
++			if (expected > (int) sizeof(out->deliver_ack_report.ud))
++				return FALSE;
++
+ 			out->deliver_ack_report.udl = udl;
+ 			memcpy(out->deliver_ack_report.ud,
+ 					pdu + offset, expected);
+-- 
+2.30.2
+
diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb
index a6a4852a63..5ae63e6ef6 100644
--- a/meta/recipes-connectivity/ofono/ofono_2.4.bb
+++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb
@@ -24,6 +24,7 @@ SRC_URI = "\
     file://CVE-2024-7547.patch \
     file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \
     file://CVE-2023-4232.patch \
+    file://CVE-2023-4235.patch \
 "
 SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d"
 

From patchwork Wed Jan 22 03:03:04 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55925
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8D7ADC0218E
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:47 +0000 (UTC)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by mx.groups.io with SMTP id smtpd.web11.34196.1737515022105981546
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:42 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=e7JV4r0o;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-21649a7bcdcso108011555ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515021;
 x=1738119821; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=edVDBTplyvZhND1Zffk5FaNM2n2nHRZzfvqSsvtCTUk=;
        b=e7JV4r0oEpakZ8rFMgspKf2m+bP5B4zDjeAZMuOOEwQfM6H6FKDP89QHGV58xEHjTh
         K+kkefA0lJVH6vPdEvFaHGdkunoNGeZg7fnfe1ert5dQDfOPWOwnQ47nBNuclCVnccoW
         TeALgW5PX9r5UHF3ngnXahveM53pg4dy+oKxN+Oeh4z+uPszt9pikcWAlpQjHqiZy6Hw
         +bo0wssTdhfTrL5zuXs+tvBRgtIfhHeXow5bIKD1uGY6pfw79/JR4eA4UkNW+FsmVKCR
         KZrOZHXIyQymwtYtpFL3QILGbisjAi/vz7dQXiFfS9cAWfXJFyf4//TNi0BcxaLubsOq
         MPlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515021; x=1738119821;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=edVDBTplyvZhND1Zffk5FaNM2n2nHRZzfvqSsvtCTUk=;
        b=DSGvp14cA6YdkTF3Qj4rq8z2Os5/vSaU1nHchKzSRLHI1c3mIHBFDbyPvbMb0cGDLe
         G1pHZAjogWuFBjaxfgIXNFs5YJjZU/JnH/CVaRw9I6LPRfZUQJlVUCQ8itIp7/qpvI4o
         L1DnRf19ZQ+DLAnXIK5uaA2Bhln9rjJK5yBtbCr4PXbWYc6T62p94H6psJ2x7H5AiJJJ
         swI2OqbQsvPuejPqPAJ7l19iXoDtsRM0XXjUHSKVsqcfyistYN0EFL0qi8e4elnpFURn
         HzHLf2vJpa/IN7/98p9ZfF5Y0/PhLScc8CnJNeigo1A3ToJrwPQbYrwm/PQYNjtm5NKZ
         tNhg==
X-Gm-Message-State: AOJu0YyfQnKplJZw0SBTj57c8YVXlWSn+OK6g4lRLJzaf4GP4UwlmFmr
	LYGNwoKzpkWZNYPDS4LaGIzHe9bXiquFdhgkB0uFWGGKo0DLA1cLBXcVqulOlqWaoxPkEyOohJk
	20+o=
X-Gm-Gg: ASbGncsGiqcT7JYFR5kQvPPsuAYvaFK5/S2mLkYNu4isNfBUOeTVRd/PThaJrZpCOZj
	U6i9ak1kSUMsBfOkShuBcpbdsqHFJmpopkMceE3bsgp3Uy1vUQKXAUUAR3xqcUuLvvfPaiOETy+
	TnSE6df+sdgAqO5guQTXJX7rAoz0k49I0xl9gfIywFMwL9x8Jtlv+CtN2jyg6k6T/rYQ9H7Nwkd
	WoP8s+/PWd2kmnNL4riRt76rD1LSpu+mFHxS+pP2WXiOM/xbzd8rebqI5k=
X-Google-Smtp-Source: 
 AGHT+IGrj6Rr9+hYLn3pmMUVvoOA3VKm0I0o8Xr3cQdAXOuqMnWiTKp7nD3M+sz8770P6ITUr8ehdg==
X-Received: by 2002:a05:6a20:394a:b0:1db:de38:294b with SMTP id
 adf61e73a8af0-1eb215fb30fmr32246160637.38.1737515021313;
        Tue, 21 Jan 2025 19:03:41 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.40
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:40 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 08/14] scripts/install-buildtools: Update to
 5.0.6
Date: Tue, 21 Jan 2025 19:03:04 -0800
Message-ID: 
 <6c0372a67b410b8f7ba9b43ffd17efd2f3b439aa.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210122

From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>

Update to the 5.0.6 release of the 5.0 series for buildtools.

Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/install-buildtools | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index ee6bfb89eb..972671d50f 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
 
 DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
 DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-5.0.5'
-DEFAULT_INSTALLER_VERSION = '5.0.5'
+DEFAULT_RELEASE = 'yocto-5.0.6'
+DEFAULT_INSTALLER_VERSION = '5.0.6'
 DEFAULT_BUILDDATE = '202110XX'
 
 # Python version sanity check

From patchwork Wed Jan 22 03:03:05 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55924
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72397C0218B
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:47 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web10.34434.1737515023658148619
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:43 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=2XhiEZlG;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.49,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-2ef87d24c2dso8422193a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515023;
 x=1738119823; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=S2fVzVr1dNuVnZD8giE1wYiu0rmJB/bbocXNFh7pQPs=;
        b=2XhiEZlGVZ5/XrwKeEdZPjQi+G8n0RS8U6qxIvaTKhlAFwggfYOEGe8rH8dM8cL3l0
         UIY5qHzfTowAzXq1WyQr5HEwTynMurNe+v70o7YBucHiS8buDZc9xr7jb3Vk1HWJL+5V
         iVbwl0rm1vZ2LO9PWkq3qp0UpENHeT/DMiJSW1PZHUjPAaXXxJLOS7IToQtgBieRu+IG
         GF/tLnglhLDV7rqq+rHGlJ/c+X/ZzdNLnQVuwHzyBMTH6REsgYwyAMol7u3emrjPXADP
         Wp02M+iuW/LG/Ps38yILLzkeHXklqWm14cl7NXoip3i0r2pD8exNcCifmZkkebA1g38d
         WSmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515023; x=1738119823;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=S2fVzVr1dNuVnZD8giE1wYiu0rmJB/bbocXNFh7pQPs=;
        b=QBaDQPz8E7Aya26sS7lBsvVEHrJ66F5DSRHzkdjQ5rU8ceM82702CXWKLw/Tv+LJ9r
         0RPI+947iJ/u7ABZhkuFtawB8FxMketSYN/gI6bijJoTcFVsWM/5siKeg7CH0gDCuxF+
         AhngQ0SQ0D5XJyR2zVPrnDz5detvZXj6j3umdhZ5tAEBXfgs0kg8BsdWEcDALG2FMvd4
         xlbVG92MA3Fd9vXFanHdX7baBXzRo1w7M59wpvveBmzBbe+6bg4WmpQrK8mjpRFkAuCD
         yegIvDkE6+UXQmUb7yQI3Yg7TNnEDa5luQM4p0Cq0lUjY7+tYCimk1S6yjSYrT4MjgNe
         NIDA==
X-Gm-Message-State: AOJu0Yw1fgMcrDBfVQ2DkP/PVJCP+4boD2vFQ3Wp4ViPfxvn/Voqam5K
	LtfiimENa5N0NOLGsQEl6OtO3KI222+AlrSU97vz2VV6Bj0dJjIttMudn1rfMqQ8ngMajZm6Zom
	6J6k=
X-Gm-Gg: ASbGncs25gSOxqwS0ytR1QbY4XZAlofbqTSOb9jE9zoAaqJZKapY/7VBXuuqkR5nwT6
	/IhAoqb1Z2QLrnbLudOfPVrMXY3iPOKEcuwAkiBtwv1qCyA9kviVCH8Yn3sOivOBpcLo4o2zta9
	sxVZDa39VylyKIMSTWeHefBm4kmjAmnKmJw2EItuEwWznUKUkaLBI9CErOpHZnAEZccf3ESW6PL
	RhezpL1mVO2otGgS9qLDPGTZvr2rJQXB+K5GwyA4+RLtj/GzmFQenM9byM=
X-Google-Smtp-Source: 
 AGHT+IE0DlFYgyMAK8wTo57mJRiVh+ZBpxlop+DMKIAdZhbR0Mh9/zJjp3tjW4iRr+pP0wJRgSZeeQ==
X-Received: by 2002:a05:6a00:84f:b0:725:df1a:288 with SMTP id
 d2e1a72fcca58-72dafaf8ab3mr33843302b3a.24.1737515022869;
        Tue, 21 Jan 2025 19:03:42 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.42
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:42 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 09/14] oeqa/ssh: allow to retrieve raw,
 unformatted ouput
Date: Tue, 21 Jan 2025 19:03:05 -0800
Message-ID: 
 <d09187db648053a763036a5209efd584b352cf31.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210123

From: Alexis Lothoré <alexis.lothore@bootlin.com>

The ssh target is currently well tailored to easily retrieve textual output
from a command run on a remote target. It could also be used to retrieve
raw data from a command run onto a remote target (for example, to feed this
data directly to another program), but it currently suffers two minor
issues preventing such use case:
- stderr is piped to stdout, so any error log will be mixed in the program
  output
- the final output is decoded as utf-8 and stripped

Allow to return the raw, unmodified output by adding an optional "raw"
parameter. Keep it to False by default to preserve the current behavior.
When enabled, do not return a string but the raw output as bytes.

(From OE-Core rev: 8d05dc6e2284b7ed7c32a8215b9c8bf6f7dabf00)

Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/core/target/ssh.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 09cdd14c75..d473469384 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -55,14 +55,14 @@ class OESSHTarget(OETarget):
     def stop(self, **kwargs):
         pass
 
-    def _run(self, command, timeout=None, ignore_status=True):
+    def _run(self, command, timeout=None, ignore_status=True, raw=False):
         """
             Runs command in target using SSHProcess.
         """
         self.logger.debug("[Running]$ %s" % " ".join(command))
 
         starttime = time.time()
-        status, output = SSHCall(command, self.logger, timeout)
+        status, output = SSHCall(command, self.logger, timeout, raw)
         self.logger.debug("[Command returned '%d' after %.2f seconds]"
                  "" % (status, time.time() - starttime))
 
@@ -72,7 +72,7 @@ class OESSHTarget(OETarget):
 
         return (status, output)
 
-    def run(self, command, timeout=None, ignore_status=True):
+    def run(self, command, timeout=None, ignore_status=True, raw=False):
         """
             Runs command in target.
 
@@ -91,7 +91,7 @@ class OESSHTarget(OETarget):
         else:
             processTimeout = self.timeout
 
-        status, output = self._run(sshCmd, processTimeout, ignore_status)
+        status, output = self._run(sshCmd, processTimeout, ignore_status, raw)
         self.logger.debug('Command: %s\nStatus: %d Output:  %s\n' % (command, status, output))
 
         return (status, output)
@@ -206,7 +206,7 @@ class OESSHTarget(OETarget):
                 remoteDir = os.path.join(remotePath, tmpDir.lstrip("/"))
                 self.deleteDir(remoteDir)
 
-def SSHCall(command, logger, timeout=None, **opts):
+def SSHCall(command, logger, timeout=None, raw=False, **opts):
 
     def run():
         nonlocal output
@@ -265,7 +265,7 @@ def SSHCall(command, logger, timeout=None, **opts):
         else:
             output_raw = process.communicate()[0]
 
-        output = output_raw.decode('utf-8', errors='ignore')
+        output = output_raw if raw else output_raw.decode('utf-8', errors='ignore')
         logger.debug('Data from SSH call:\n%s' % output.rstrip())
 
         # timout or not, make sure process exits and is not hanging
@@ -292,7 +292,7 @@ def SSHCall(command, logger, timeout=None, **opts):
 
     options = {
         "stdout": subprocess.PIPE,
-        "stderr": subprocess.STDOUT,
+        "stderr": subprocess.STDOUT if not raw else None,
         "stdin": None,
         "shell": False,
         "bufsize": -1,
@@ -320,4 +320,4 @@ def SSHCall(command, logger, timeout=None, **opts):
         logger.debug('Something went wrong, killing SSH process')
         raise
 
-    return (process.returncode, output.rstrip())
+    return (process.returncode, output if raw else output.rstrip())

From patchwork Wed Jan 22 03:03:06 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55927
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 78E88C0218D
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:47 +0000 (UTC)
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web11.34202.1737515025118801111
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:45 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=VLKkFwAC;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.47,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f47.google.com with SMTP id
 98e67ed59e1d1-2ee397a82f6so11509812a91.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515024;
 x=1738119824; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SiDnBiVxRjB3o9JiwCTABntZmPSPWqgS7vT+Ry00mOo=;
        b=VLKkFwACDkyekLqkDupvy/w3x8ksyCTemDxOwB6dDP9KSeO4CVL3rrM6DCW/ilghTu
         /WbqLdrzZ5EFbrp9cBAG7jxzV/u0q6i8/9JldRMNcT+2RvbJA5TF8QPhI6ZSTyleECqh
         KIp5BLU+Y5omC/GXCO2G5OfO1M+jw/KKbR2uZVsKOQmPeDHfgnklzQ9R2d+4HE/kt6Cd
         Lsp3iXsjsTuMovOQtzWPRkWICa4DLllvB2fknoVN0adRbw4th6rZmIGcQ2r2tlNnu9xQ
         cPe+cQYEuCEO2Blz3wTdKW7M0/DVl7jATVOvr/6FZu9g0CqLFi1W4hN53/zfrL4egmco
         nyvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515024; x=1738119824;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SiDnBiVxRjB3o9JiwCTABntZmPSPWqgS7vT+Ry00mOo=;
        b=TMptIp2rFpP0dxNm5zaM9JtcvoGZigGJ5VQOhcFFcc4NKmnYNNjvlt6fGu364Le4Ed
         34SmGW+QMoxYmfscRnzK9HbDggFfrH8IrrrtnTLitcmnJmVzb1FNmljfCY12U3jvXCtt
         SHGfuSqk/++aSY8q8o+zxrBK4JLyTx4PmyP+qkqUocv/Ag0C1a+DuuOGvyu/pZXXESWp
         nqM/Lij3dVyoy8Km6xw9rYdbUUEN1ssrosEc4gjIG2bRzq+RqHGBhyMgxNRBlRv/aj6x
         t+CebqCDNhLvD6fVqW18JFyvRtR5ReD6RhguwVreqv/kNO/gghCiRwmPtXX3xtw6hnYh
         C7+g==
X-Gm-Message-State: AOJu0YyNVC2fvUMwp7KYGRpN2MAGxm0fMk2pDhmMMR+b398LQWPJ0fdk
	0IiMA7Ttzk1VzIGl8G/fobUyWALR+VfJCuhP5ppMWD0Sfug8fMg+ZSNbzqjUJcQ9s4L72kL4Bbo
	oeYk=
X-Gm-Gg: ASbGnctgQfoYlN7MJHeMpGp2agWkZO2jOtxzn/w8cVMPWwN0ZCX15utTtQlzB1jJnfL
	GaFY84LkngMer1akQ9vd3M2Vuc68++NzQ5lmHDRB2qVIwP0lgchCS5pD2UbFuZJXTPiLpUIuXPh
	XIzuYs1S3Xsm71sffu/YyPfY+Xvxo9hUvB/KqZ+7Jva8k14RcJwpaFlDI9+qmvdHFIfxxUGXuiy
	yFgvwjtTtDcbWjjC0TLfD8gDREyHnU725SymhrepNE7l1JIDkf40vp6mYo=
X-Google-Smtp-Source: 
 AGHT+IFTrRfNZSpLLCfVl2X9hMZoAeqiGQL3aAB+tZ7I3D2L10SOAkrNuqKRoSZBeyJrTz+xESLkrQ==
X-Received: by 2002:a05:6a00:14d1:b0:725:9d70:6ace with SMTP id
 d2e1a72fcca58-72dafa0165cmr26745697b3a.6.1737515024385;
        Tue, 21 Jan 2025 19:03:44 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.43
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:43 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 10/14] Revert "bluez5: remove configuration files
 from install task"
Date: Tue, 21 Jan 2025 19:03:06 -0800
Message-ID: 
 <54a7014a801ddbda2a7dfe1ab560a154064ad47e.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210124

From: Catalin Popescu <catalin.popescu@leica-geosystems.com>

This reverts commit 49391fdcf71b32c5fd3c7b134c1d1c45cc1db388 which
introduced a bluetooth regression on systems with read-only rootfs.

When configuration files are missing, bluez tries to generate them which
fails on a read-only rootfs. As a result bluetooth service fails to
start and bluetooth is broken. Hence, configuration files need to be
installed in the rootfs in a way or another.

Bluez commit be0e79629 (build: ship all config files with --enable-datafiles,
2024-02-12) introduced configuration files installation in bluez version
5.73. However, scarthgap pulls in version 5.72, so it is responsible of the
installation of configuration files until bluez is upgraded. Scarthgap
commit 49391fdcf71b32c5fd3c7b134c1d1c45cc1db388 removed installation of
configuration files too early, hence the revert.

Signed-off-by: Catalin Popescu <catalin.popescu@leica-geosystems.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/bluez5/bluez5.inc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 9cbeb5e99f..39e1bf389c 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -87,6 +87,14 @@ do_install:append() {
 	install -d ${D}${INIT_D_DIR}
 	install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
 
+	install -d ${D}${sysconfdir}/bluetooth/
+	if [ -f ${S}/profiles/network/network.conf ]; then
+		install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+	fi
+	if [ -f ${S}/profiles/input/input.conf ]; then
+		install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+	fi
+
 	if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
 		sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
 	fi

From patchwork Wed Jan 22 03:03:07 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55926
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 82C40C0218C
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:47 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web11.34204.1737515026482355275
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:46 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=vZB1XZRm;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.49,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-2ef748105deso8270837a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515026;
 x=1738119826; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=OpWKPBi6pmyUDaX65Dm6J5RnSmneVvwK3QWPDaQPaaU=;
        b=vZB1XZRmLSx61v7ByevZb8mv2bu5QbOUxLDKolknnc7cjpE/lHVdpIFpYecNSIyDuh
         OzMKiazCqLEn1Fkr3H/1e/OxRvb2oXFD0IPptrjF2CrlwCKf7tbV+hi4ehhuzVTiOoFJ
         /P5HmehIOe2AE17gElIjfPJIoHLEN+BgyM3nuHSjqRjrVb0J/xZC9l+NvrMh9V52sKd3
         vnce512wmEe8ccq9KA5Um2nHiTJiiE1JmRhW1D8C24xY1kXTlnyWuhk2cCRv01rv05qM
         baN63Qbub4mwXPOYXhF90bi3uKgeI8ogEUIxBI3c65uJncYIqpED5EL812cqXfQmg2pi
         edcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515026; x=1738119826;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OpWKPBi6pmyUDaX65Dm6J5RnSmneVvwK3QWPDaQPaaU=;
        b=jv0FWfbT9DoTFOAntlr+OlQ4ZexGToLXnEpKvwo2sil0pBdlww4yIrgrOUE/Z2iaaA
         +qrLBeJWlRRdpG7w9H5j1AdCh9ynzf4/p4NQfKxwEKg1AhLi/rOwbeqTXtBiKd541Hw5
         2vymKwdOw3fNE5vOgNIzblo15srhhJTIQjt1xJgpyJJgZvMOp6A3Cjuyedquhamwz+8H
         drdgYxoc2UnWSV0XM6cRHEI+VcIBE+OMPSnYBHHPj+RHnQdBfovtJ6VVGXcGpMF4wpK5
         +mt/yT/HxJgjfdHufOfv7rRltB2rw8t2NmaHAaBJTOctI7McSHd2urgbu2QCsvtyo1uY
         yW3w==
X-Gm-Message-State: AOJu0Yxmn0+kU1b1Fun7fot/4W9qJRM7RC2xaZ2PRhg/E0/NgO1bWu6P
	CQTbgHps9/eis8PkQS6JODUVNmiNKuzU30rPEtYNDIPg1Gi3fcaw5icWgnzphhENFmPIhpH6wSO
	Com4=
X-Gm-Gg: ASbGncu4SFAh0861BOQ5HdhjjwZiDZzaoRK/FZzj+gB+TcbxBLOvZGw+bT3F+OwAHn0
	P8hyCQL2gZXAU+HlZQRUF7DlaF0ED6W5VP9+A4rZNlPlS4t+pAKybQx5Az3DXQqY6Zj5n9mLi7E
	AS1N+v6ScvWMgktzlGKGBn3XFzy6wQNwV6615k0tDweuSc5sVI5yIFeXyc8QOctMdXNR2ht7LX0
	IwNQwZMvSZ5QdUFYZGTC8Swc2qMf0Oj2xRk9zd7I01AY0LxQ6GPqi3kVms=
X-Google-Smtp-Source: 
 AGHT+IG3H0BW9wiphZKO7gOOjsiqSjgAqwVQ6JKcFNrdIsHXvfinHU9OZdx54qYjVFkRCFCYjoHb4g==
X-Received: by 2002:a05:6a00:2448:b0:725:322a:922c with SMTP id
 d2e1a72fcca58-72daf9abd78mr32326971b3a.3.1737515025668;
        Tue, 21 Jan 2025 19:03:45 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.45
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:45 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 11/14] classes/nativesdk: also override
 TUNE_PKGARCH
Date: Tue, 21 Jan 2025 19:03:07 -0800
Message-ID: 
 <812cf123af5821c300c630cda35be8faed73b9d5.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:47 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210125

From: Ross Burton <ross.burton@arm.com>

The nativesdk class overrides PACKAGE_ARCH and unsets TUNE_FEATURES, but
as recipes might want to look at TUNE_PKGARCH too (for example, when
setting QEMU_EXTRAOPTIONS) we should also override that variable.

Otherwise, a nativesdk recipe will have the TUNE_PKGARCH of the target,
which leads to errors (eg passing mips arguments to an arm qemu).

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 05322beb290e1db30bef49b4364f8a8e6e9f7408)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/nativesdk.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes-recipe/nativesdk.bbclass b/meta/classes-recipe/nativesdk.bbclass
index de6debda93..83ea901fa5 100644
--- a/meta/classes-recipe/nativesdk.bbclass
+++ b/meta/classes-recipe/nativesdk.bbclass
@@ -32,6 +32,7 @@ RECIPE_SYSROOT = "${WORKDIR}/recipe-sysroot"
 #
 PACKAGE_ARCH = "${SDK_ARCH}-${SDKPKGSUFFIX}"
 PACKAGE_ARCHS = "${SDK_PACKAGE_ARCHS}"
+TUNE_PKGARCH = "${SDK_ARCH}"
 
 #
 # We need chrpath >= 0.14 to ensure we can deal with 32 and 64 bit

From patchwork Wed Jan 22 03:03:08 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55931
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 91CD4C0218B
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:57 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web11.34206.1737515027967785353
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:48 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=KHqmCZeB;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-21a7ed0155cso102956655ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515027;
 x=1738119827; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Qete963qxQgXQ6kY8X9ydLKkLOA8TvcmlY+jgTHB0ig=;
        b=KHqmCZeBOcSTMBZe98GQmaOtcFWVGi/80b89+NL8aVA4+rMsvoHHyIVJzSduGVxvgZ
         oV2DLG0/ztC5pGxBP9tWbN3INFGlOybaccYWXnsrF6qbp9+slTJ6UM/BWb2m/WXwobSr
         XuT6Rvl93MSQ+wzUJSKfN6/8g7mBc1pyLjmHpF/4fzQuIx2e7jQVnLgooxAywbrK9hWQ
         S/Q6rfzkPRRYYvtP9UObGbbi5Tbkhf2j3jjoAN/aLhgqERprF9+9KsfjVOitAYcwmAZz
         8nq+QkdX3V67Af0sRtOekvD6RCHX7CCdS8DcidNAb5NhnU8DDIc2U8yw1itBMx/AsgYA
         KtMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515027; x=1738119827;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Qete963qxQgXQ6kY8X9ydLKkLOA8TvcmlY+jgTHB0ig=;
        b=ljUix34nSO24TiENj/YhXymM6sXn0mZCDcB6ZQzGZRqwU5oSPtWG2uQLGmgjgbBTHY
         ACb7mQAxe2BijbZUNGoM1JxjFY08psHiyBm05KEcp7Xv8+C1+v4Z4LIrDK7qSSZmU4sk
         Rny4k9Vf+bE473hJJHeRcclL4G6DJmswkyVWOPhufTKhccTj2H0xZEheluLB6TKhNU5D
         l3Gsxjnyjp8YtIfwZU8eKdRUYucTcYGu0/Dc9SgQ6OJvIPEbe8ZmBlQ3VB2pmbrIRo9y
         vjkWpC9FUBky4q4CcWkukjC2jnSEjIb5gAYKBpWfBYFeH1VovsrfVE+hrkNYEibGKUH7
         p+zw==
X-Gm-Message-State: AOJu0YyHpgNoDJDwNJHcXy31iJvyv9xGzHE9Vlw6kRda7cXStuGXSV6n
	9TQq8XHlusXzkyQTX8ddcqb+NCd67thHVP7CvQtx7Z8kTG0PDJeucln+Ds3UNmxoP/iSMA9758/
	GvPM=
X-Gm-Gg: ASbGncsEvp/vcJG3LGPpNdTz5uSAdklddF1hIJeTai7qG7wgl9MqWmaqziHNEke9jrf
	ygoOrglN0zQj1yhO7Htp92GV38ap+Sw7nKRKJ7MbEDRttNN7L+wJVT/B4HSpReFey2bpGB8m19H
	+tDvbUc5/QxJ4pCgzikYD+5fHuzIeD8Xosp2o1PQU1tQx8q/xNvvcPlyaKOsoIak19znpr+NIKD
	GPk2hRv7IMxRxG+6LeG+boPAHdQhxOn/Ykne6I09rbGJAY/r/OZhHUvt+I=
X-Google-Smtp-Source: 
 AGHT+IF+emkhGkMr9o2JOmzBX/zCfBGLS7uVQvgqtR0wfA1EFDNdxQVwVjMrPNVbE31a+d4u3sBNNg==
X-Received: by 2002:a05:6a21:6da1:b0:1e1:a0b6:9861 with SMTP id
 adf61e73a8af0-1eb214818cemr28447660637.12.1737515027214;
        Tue, 21 Jan 2025 19:03:47 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.46
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:46 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 12/14] classes/qemu: use tune to select
 QEMU_EXTRAOPTIONS, not package architecture
Date: Tue, 21 Jan 2025 19:03:08 -0800
Message-ID: 
 <972ca555ff3aa41d32980477850c92915b6395ed.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210126

From: Ross Burton <ross.burton@arm.com>

Using the package architecture to select the right qemu options to pass
to qemu-user is incorrect, and fails for recipes that set PACKAGE_ARCH
to MACHINE_ARCH (as the qemuppc workarounds suggest) because there are
not typically any options set for the machine name.

Solve this by using TUNE_PKGARCH instead: for the majority of recipes
this is the same value, but for machine-specific recipes it remains the
same instead of changing to the machine name.

This means we can remove the qemuppc workarounds, as they're obsolete.

Also update the gcc-testsuite recipe which uses the same pattern to use
TUNE_PKGARCH, and generalise the else codepath to avoid needing to
update the list of architectures.

[ YOCTO #15647 ]

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 414b754a6cbb9cc354b1180efd5c3329568a2537)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/qemu.bbclass            | 8 ++------
 meta/recipes-devtools/gcc/gcc-testsuite.inc | 4 ++--
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/meta/classes-recipe/qemu.bbclass b/meta/classes-recipe/qemu.bbclass
index dbb5ee0b66..8d7c82668b 100644
--- a/meta/classes-recipe/qemu.bbclass
+++ b/meta/classes-recipe/qemu.bbclass
@@ -60,8 +60,8 @@ def qemu_run_binary(data, rootfs_path, binary):
 # this dance). For others (e.g. arm) a -cpu option is not necessary, since the
 # qemu-arm default CPU supports all required architecture levels.
 
-QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')) or ""}"
-QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${PACKAGE_ARCH}"
+QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH')) or ""}"
+QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${TUNE_PKGARCH}"
 
 QEMU_EXTRAOPTIONS_ppce500v2 = " -cpu e500v2"
 QEMU_EXTRAOPTIONS_ppce500mc = " -cpu e500mc"
@@ -71,7 +71,3 @@ QEMU_EXTRAOPTIONS_ppce6500 = " -cpu e500mc"
 QEMU_EXTRAOPTIONS_ppc64e6500 = " -cpu e500mc"
 QEMU_EXTRAOPTIONS_ppc7400 = " -cpu 7400"
 QEMU_EXTRAOPTIONS_powerpc64le = " -cpu POWER9"
-# Some packages e.g. fwupd sets PACKAGE_ARCH = MACHINE_ARCH and uses meson which
-# needs right options to usermode qemu
-QEMU_EXTRAOPTIONS_qemuppc = " -cpu 7400"
-QEMU_EXTRAOPTIONS_qemuppc64 = " -cpu POWER9"
diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc
index f16d471478..eb9ddead08 100644
--- a/meta/recipes-devtools/gcc/gcc-testsuite.inc
+++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc
@@ -53,8 +53,8 @@ python check_prepare() {
         #   - valid for x86*, powerpc, arm, arm64
         if qemu_binary.endswith(("x86_64", "i386", "arm", "aarch64")):
             args += ["-cpu", "max"]
-        elif qemu_binary.endswith(("ppc", "mips", "mips64")):
-            extra = d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH'))
+        else:
+            extra = d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH'))
             if extra:
                 args += extra.split()
         # For mips64 we could set a maximal CPU (e.g. Loongson-3A4000) however they either have MSA

From patchwork Wed Jan 22 03:03:09 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55929
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 91CA3C02182
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:57 +0000 (UTC)
Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com
 [209.85.216.51])
 by mx.groups.io with SMTP id smtpd.web11.34208.1737515029382347007
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:49 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=F368meCa;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.51,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f51.google.com with SMTP id
 98e67ed59e1d1-2f13acbe29bso637376a91.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515029;
 x=1738119829; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fhVnxTtcuWxBw/xBQRQR9/9HrpUH+Lb97Fz4c7n27wA=;
        b=F368meCaKR01clQ2rYNDYr5tn+OSS9IgeTmVu7tYpikBo4rx5o3YTwHYiIN4LSgDwu
         Pn4RrH+EEIsMX/TfwUrAmV64wYyMBmzzrlzqVZI2Qj7KpRFX5DRf0GOBqpuUC8q29tn0
         gBvEVY9wjuZRC5PnurU+C4bTcQ5wwiz0ZOiVuW1b2B1+kVByuk/H/Q8JNsdgQOXb9wJb
         vWVOYH7qMQQ/OY3a2N7Thx/F3WizQnIwePxmx6aY6EMKKU1GWlavX8y6C8kI84Y/QKkM
         kcXMaXsYLgneSVI9fS9UKx84eVdYD83/y8YTg5UfToXCPkKqMRBhwTZ8qOtYr2omzsMS
         sTag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515029; x=1738119829;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=fhVnxTtcuWxBw/xBQRQR9/9HrpUH+Lb97Fz4c7n27wA=;
        b=jnqZwNMlwE0izZ3i1dKJziQuFfkum6afd8ywTz4+iruFnXH3dyeQDxNevCMPX0FNlx
         VTiGgq8Jzt4C+TtfVUxpRdZrNOr1Kjg8bM+46XSKY9zWXV/GpppmYojaf8p0GXZlpTvx
         w/k6WuMvJ+Xi7S/l8B6JencaS6egXWEEldO25y+GLuUNpT6eT4Blqx0qqZyYFWeSTKMG
         Q+eP59Ntkr227ryruJb0DS6lLdGBqSKR8+tkge3lIJh+xaiGxhLgB4kgCdgXjXld8GIM
         yWYkF9YTYEACqr37kaL4pPtWkQ2SisNkh+mbgcNKAxC6CsCxKcC2KO8Yp3bgylt2Zsn2
         73ow==
X-Gm-Message-State: AOJu0Yz2B5r84MHRiamgDeosRLhVUSw8OtKodpTMekil/M4oE/MhLDcp
	5Di6XgKqNMHO8CUuY9d8AA5KtWI31v3A2/i4aiLeZJyUexfy7BbDDvfwPKA+283AvKKonZBttgV
	yDsQ=
X-Gm-Gg: ASbGncsNesdbFnzOTWocPVknLbKAgufdOYL6qqYb/OpeRyHwnMvUL/TcOWxYz3IJStW
	i3cK6QQilXbNf5SWcOkZULXuceL6PRUv5oe6xwJ0wql2XOQasCgaPUkii2NYEAzBkZlMAwB/Ct0
	mRN67cNP0CIBcKE5RKao0HYIXAfSsZEe4bagNBROXy/VsLypBxtcXE4nouzMzAVWPT3H6wEZeUm
	6HwbjkMHwBFOirwfQym8aHjTZYAJJuDaTaqY4bXxtJys5RArjCtBe/Qm1s=
X-Google-Smtp-Source: 
 AGHT+IGjMAMSq4Py5OCiexTOH7doXZZi7AbXw7m4YZM/rCPFO91uqNIQ2w4PT4qNbLOQJl2YDlG3Zg==
X-Received: by 2002:a05:6a00:1d12:b0:728:15fd:dabb with SMTP id
 d2e1a72fcca58-72db1c5d820mr30682355b3a.8.1737515028629;
        Tue, 21 Jan 2025 19:03:48 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.48
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:48 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 13/14] pulseaudio: fix webrtc audio depdency
Date: Tue, 21 Jan 2025 19:03:09 -0800
Message-ID: 
 <e80c3ca36f08a259e13fd94f1c87a7f5bf485a8b.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210127

From: Esben Haabendal <esben@geanix.com>

Since pulseaudio v16.99.1, the library needed is webrtc-audio-processing-1.
This fixes

Run-time dependency webrtc-audio-processing-1 found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency webrtc-audio-processing-1

../pulseaudio-17.0/meson.build:730:15: ERROR: Automatic wrap-based subproject downloading is disabled

The library is available in meta-openembedded/meta-multimedia.

(cherry picked from commit 4661c49eb4f0ed89a3d027d9a003c40744baaf38)

Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/pulseaudio/pulseaudio.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
index ae16056d24..1ab3831519 100644
--- a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
+++ b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
@@ -121,7 +121,7 @@ PACKAGECONFIG[jack] = "-Djack=enabled,-Djack=disabled,jack"
 # able to use pulseaudio autospawn for root as well.
 PACKAGECONFIG[autospawn-for-root] = ",,,"
 PACKAGECONFIG[lirc] = "-Dlirc=enabled,-Dlirc=disabled,lirc"
-PACKAGECONFIG[webrtc] = "-Dwebrtc-aec=enabled,-Dwebrtc-aec=disabled,webrtc-audio-processing"
+PACKAGECONFIG[webrtc] = "-Dwebrtc-aec=enabled,-Dwebrtc-aec=disabled,webrtc-audio-processing-1"
 PACKAGECONFIG[ipv6] = "-Dipv6=true,-Dipv6=false,"
 PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,"
 

From patchwork Wed Jan 22 03:03:10 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 55930
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9531CC0218D
	for <webhook@archiver.kernel.org>; Wed, 22 Jan 2025 03:03:57 +0000 (UTC)
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com
 [209.85.214.180])
 by mx.groups.io with SMTP id smtpd.web10.34436.1737515030848104327
 for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:50 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=X7KOP/FG;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f180.google.com with SMTP id
 d9443c01a7336-21a7ed0155cso102957125ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 21 Jan 2025 19:03:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737515030;
 x=1738119830; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=FGIeZ/sV0dPjifRMXXSkyKSvOTDY+G6/otZoJ2/Mvpg=;
        b=X7KOP/FGwn6zdNM64kNAbUCGSusYquNVjFzw7QU3Kk03OxmBB6B/YcjG+DdSmtmpZB
         +t+CSn1Va1k3ppAPBzQZ+ku4sXq0XI73U0ijv1aUWDhMz3NndyTLC+XeaKD4Acl2LcmB
         +viPQVF8Z6vetVGrFcJDXXkR7lHqX6wQDE31Zaf8gYZQuHLPb7MaEHU9rWbqSEkOulWt
         VcGdB6npnHbx3SWfK2ZIN/M1Umx1f2UjyCe7vVmy/38uTvhg33M3Y9OCI9ho/bupOaLA
         wKoGmlCRusQ7TnrHy2Sjn01AeeMPvVf6bdI0LEdrTWu1zf8dkUUvISFLaznbqj8VhnLg
         SSkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737515030; x=1738119830;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=FGIeZ/sV0dPjifRMXXSkyKSvOTDY+G6/otZoJ2/Mvpg=;
        b=XaR1WQu7ID54xdPBFqLOyw9iQrsPBVBsvWMevgw0e1BGT26jBFDN2dYrypw0FJcfys
         m9oKRrBd6HCQofbPdIvKVLmorsBLk/EQICe1rfgjfwzWrPWBXRO1cYYlMw3V2NV0k74B
         zdI82Lvm8sxznEF3cMusaobm1yxe1FNhrKR9npXcsB0CckkGPukOBm6rJmUXwjsaQtqZ
         H2qjclrfZ9EdoyWD1c+lc8KlKK/KoFznSh3kqjKBTH2NsgopqFq7IZZ3GpNP1ItEbS74
         wRbtPTN6Mfw0Q7R3wjRGzuY10SKco8AaCquAp3OKxJCvYs/dZ9izzALdkvuKbY7m8+JF
         13Sw==
X-Gm-Message-State: AOJu0Yxe/5HlYF/EMjBRZnrFwy0D/wB4bLhd+Szkb47ZBLtIy5iMwgWm
	LOnsrZJYR02bn7r6DFmIEM8xZzDRL6e4dtMNsFwRytS+AkRWVLOQtwJZRuUL/n53IbHv7Dld+b3
	n+74=
X-Gm-Gg: ASbGncvC97ijQpyMq1FkRwwhGQgWC6Go+LBefDGQ1yGdFY3IPqHkP7yDHopSqq+cufV
	rkIkZH738poQLbf3s+CDXBgUCIlTRE21XW3A0AIfTRQ3QJ7iq3+eEWgXkND9WPNqzzVZKQBqdky
	JzpIXGrmPIMYDW5FZXsOOY1v2e70d2g0Cv4so2kimivjOefrCtNWWNZ/HLyuuoVUDz2/1z4S6fd
	no6K5K8//6XyEBM6NuA7OK2rayXFFBujwKHD0k5W6LCDBJsvwQxKtVEdPs=
X-Google-Smtp-Source: 
 AGHT+IGSCgFL+4W3h9hrrnEm7F21TowxskD+n7tmisC3XuITh6z5wyv8jrbNGWg76s6FAJJBnE53cA==
X-Received: by 2002:a05:6a00:21c8:b0:725:b4f7:378e with SMTP id
 d2e1a72fcca58-72daf7a762cmr29739079b3a.0.1737515030066;
        Tue, 21 Jan 2025 19:03:50 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72dab8112c1sm9800337b3a.37.2025.01.21.19.03.49
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Jan 2025 19:03:49 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 14/14] libgfortran: fix buildpath QA issue
Date: Tue, 21 Jan 2025 19:03:10 -0800
Message-ID: 
 <660e00469f9c99fe733cc8b37f67438a96ff2e97.1737514842.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1737514842.git.steve@sakoman.com>
References: <cover.1737514842.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 22 Jan 2025 03:03:57 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/210128

From: Chen Qi <Qi.Chen@windriver.com>

The '-fdebug-prefix-map' options are used to map source files locations,
otherwise, DW_AT_comp_dir will contain buildpath.

The '-gno-record-gcc-switches' option is used to fix the buildpath introduced
by '-fintrinsic-modules-path' option, which is automatically added by fortran.
Here's some output from 'readelf --debug-dump libgfortran.so.5.0.0' when this
option is not added:
"""
<0><1a37d3>: Abbrev Number: 4 (DW_TAG_compile_unit)
   <1a37d4>   DW_AT_producer    : (indirect string, offset: 0xd653): GNU Fortran2008 14.2.0 -m64
                -march=core2 -mtune=core2 -msse3
                -mfpmath=sse -mshstk -g -O2 -O2 -fstack-protector-strong -fimplicit-none
                -fno-repack-arrays -fno-underscoring -fcf-protection=full
                -fallow-leading-underscore -fbuilding-libgfortran -fPIC
                -fintrinsic-modules-path /ala-lpggp72/qichen/Yocto/builds/build-poky/tmp/work/
                core2-64-poky-linux/libgfortran/14.2.0/recipe-sysroot-native/usr/bin/x86_64-poky-linux
                /../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/14.2.0/finclude
                -fpre-include=../../../../recipe-sysroot/usr/include/finclude/math-vector-fortran.h
"""

See https://gcc.gnu.org/pipermail/fortran/2024-October/061204.html for more
detailed information.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/libgfortran.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/gcc/libgfortran.inc b/meta/recipes-devtools/gcc/libgfortran.inc
index c68645e392..2a08872c25 100644
--- a/meta/recipes-devtools/gcc/libgfortran.inc
+++ b/meta/recipes-devtools/gcc/libgfortran.inc
@@ -8,7 +8,7 @@ EXTRA_OECONF_PATHS = "\
 # An arm hard float target like raspberrypi4 won't build
 # as CFLAGS don't make it to the fortran compiler otherwise
 # (the configure script sets FC to $GFORTRAN unconditionally)
-export GFORTRAN = "${FC}"
+export GFORTRAN = "${FC} -fcanon-prefix-map -fdebug-prefix-map=${S}=${TARGET_DBGSRC_DIR} -fdebug-prefix-map=${B}=${TARGET_DBGSRC_DIR} -gno-record-gcc-switches"
 
 do_configure () {
 	for target in libbacktrace libgfortran