From patchwork Fri Oct 10 02:50:20 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71991
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0E807CCD183
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:50:51 +0000 (UTC)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by mx.groups.io with SMTP id smtpd.web10.2336.1760064646340976669
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:46 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=BR7+rWCT;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-782a77b5ec7so1454796b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064645;
 x=1760669445; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wJTr5y8L9L0Gcjo6OKhcYkdb5TojQGZ69WksnVGQmE0=;
        b=BR7+rWCTqY9rxkWcwYoLYZ0no/Dwas6ENceDfBtP/yb64AQfV1mhdddYJkttXNM750
         Pmx3xJ65CFIP/m43G6+QImdPEAVMgFgmB/ZAErVDGLj1sEYZwDKmZ+r6jPZyDA5ZsTuF
         uGUd8k1jyYXVux0nWZed4KmdAFHN47oW1x2DBNjvKC5yfd6sIAi8BPuZKgkWuOAGPYb5
         YHS9r1FVmlGLygyA8aJWIzpQIb0bsLzED1fGbCdQ7FXklu8RT6HgKtMnW1p8munb+JK8
         8PSgaF+LiZmj/XoCGXVG5/e8njVqBNrGJSzFoj0PYL3xFMVgV+4JB49Vf7h8hevRR39O
         dy6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064646; x=1760669446;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wJTr5y8L9L0Gcjo6OKhcYkdb5TojQGZ69WksnVGQmE0=;
        b=cTdSTqtCQgcQM2eWAGi6Y+iXgZiItBMiYG43c3USBQGsCKFkmT2o3AH3234L5JCcmF
         lAT637RzKNF2joUED9BIusZzrE8HE4NMmyguA1Gq30G0XzsLR66fbwDJQBCEzM7nczyx
         qAjZiOLpvYJZBL81j/bpn9R3DlnC32glcz8/4yUFBflxfuTp/vBqgqANnT08ieuOEL3Y
         D7HaPMMm2DBbOjw02A8/whaxs1F8Rg2TtmZlMfEwwSSebNASAosEwhYL6WGonbgO4fVh
         CCiCXd2JUblEIidJNJq8r/b3GFO1g+tSfKVhXXDq2Dpn+2LzqHp3bHmCXoET/C9ZoBau
         0mlw==
X-Gm-Message-State: AOJu0YxgptRbdkST9hs7IQLQIX6xHH6LWBD7ebnDI4h9hm+OfbNyZKsj
	LTv5VhVrapNQPNDpsdBZVBQC0Ly+V4Ywr0iavFofKuhWY3IpElsnrCuNstWU0+4FmGJIuTiTVGB
	oK1BH
X-Gm-Gg: ASbGncsqhswfzKw/+kPvzvRxBC5cLAK4dn7f7CQcq810tnVSnjwRI82V0vUZBr849nr
	92pLcs7CGVPJ3isg1eI6y82buiQM60iCNSl/cG09OgjdXSpcNpbMtAdIDEyvDredJiV1aM5fOIK
	yXNZEwlr9gXmRwa+WRz5LHnfFMvYLTNxoxkWJ6IMRPmOooZg3sWZjcFXSHNxOuCMnVhGMEO6Z+5
	YY8FZyuJejZq5gea5B1fv6nkDmcQxzR6hor5Rap/EbaYLrIvev0401q3aonD4e3faYMAatYki9n
	7Vs8vxGK9rLSzipeEaCCLcXOuoJ54cx9/hNB1nRN4LrOlWX5mC4IOUsW7FLZRcIeHz6pZaTms2P
	VTBbss03D/JEgEKVUrCYBNGzkzElTMaKD
X-Google-Smtp-Source: 
 AGHT+IFhMw8z6sUeTAbqMth790vP9ei0uFy6iWDs7rYn7js+5pgg4vS9fOriuWg2FnlqLtOkRPK/nQ==
X-Received: by 2002:a05:6a00:3e08:b0:781:1f28:eadd with SMTP id
 d2e1a72fcca58-7938763716amr9767040b3a.20.1760064645550;
        Thu, 09 Oct 2025 19:50:45 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.44
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:45 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 01/18] busybox: patch CVE-2025-46394
Date: Thu,  9 Oct 2025 19:50:20 -0700
Message-ID: 
 <e348e10f35cc082ebfe22c890c5f64c4a06dcea3.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:50:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224645

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioning this CVE.
Additionally fix test broken by the CVE fix.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/busybox/CVE-2025-46394-01.patch   | 57 +++++++++++++++++++
 .../busybox/busybox/CVE-2025-46394-02.patch   | 32 +++++++++++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |  2 +
 3 files changed, 91 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch b/meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
new file mode 100644
index 0000000000..c95cba3c33
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
@@ -0,0 +1,57 @@
+From f5e1bf966b19ea1821f00a8c9ecd7774598689b4 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 24 Sep 2025 03:28:47 +0200
+Subject: [PATCH] archival/libarchive: sanitize filenames on output (prevent
+ control sequence attacks
+
+This fixes CVE-2025-46394 (terminal escape sequence injection)
+
+Original credit: Ian.Norton at entrust.com
+
+function                                             old     new   delta
+header_list                                            9      15      +6
+header_verbose_list                                  239     244      +5
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 11/0)               Total: 11 bytes
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+CVE: CVE-2025-46394
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=f5e1bf966b19ea1821f00a8c9ecd7774598689b4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ archival/libarchive/header_list.c         | 2 +-
+ archival/libarchive/header_verbose_list.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/archival/libarchive/header_list.c b/archival/libarchive/header_list.c
+index 0621aa406..9490b3635 100644
+--- a/archival/libarchive/header_list.c
++++ b/archival/libarchive/header_list.c
+@@ -8,5 +8,5 @@
+ void FAST_FUNC header_list(const file_header_t *file_header)
+ {
+ //TODO: cpio -vp DIR should output "DIR/NAME", not just "NAME" */
+-	puts(file_header->name);
++	puts(printable_string(file_header->name));
+ }
+diff --git a/archival/libarchive/header_verbose_list.c b/archival/libarchive/header_verbose_list.c
+index a575a08a0..e7a09430d 100644
+--- a/archival/libarchive/header_verbose_list.c
++++ b/archival/libarchive/header_verbose_list.c
+@@ -57,13 +57,13 @@ void FAST_FUNC header_verbose_list(const file_header_t *file_header)
+ 		ptm->tm_hour,
+ 		ptm->tm_min,
+ 		ptm->tm_sec,
+-		file_header->name);
++		printable_string(file_header->name));
+ 
+ #endif /* FEATURE_TAR_UNAME_GNAME */
+ 
+ 	/* NB: GNU tar shows "->" for symlinks and "link to" for hardlinks */
+ 	if (file_header->link_target) {
+-		printf(" -> %s", file_header->link_target);
++		printf(" -> %s", printable_string(file_header->link_target));
+ 	}
+ 	bb_putchar('\n');
+ }
diff --git a/meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch b/meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
new file mode 100644
index 0000000000..ec17b9285a
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
@@ -0,0 +1,32 @@
+From 7378db981d87b4a2264e14d60340a7fb5c67ae59 Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Fri, 3 Oct 2025 16:12:56 +0200
+Subject: [PATCH] testsuite/tar.tests: fix test after CVE-2025-46394
+
+tar now sanitizes output and this test needs to expect that.
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+CVE: CVE-2025-46394
+Upstream-Status: Submitted [https://lists.busybox.net/pipermail/busybox/2025-October/091743.html]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ testsuite/tar.tests | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/testsuite/tar.tests b/testsuite/tar.tests
+index 0f2e89112..48fc38114 100755
+--- a/testsuite/tar.tests
++++ b/testsuite/tar.tests
+@@ -325,9 +325,9 @@ unset LANG
+ rm -rf etc usr
+ ' "\
+ etc/ssl/certs/3b2716e5.0
+-etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
++etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??.pem
+ etc/ssl/certs/f80cc7f6.0
+-usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
++usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??.crt
+ 0
+ etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
+ etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb
index 069544cc8a..d3f259d45b 100644
--- a/meta/recipes-core/busybox/busybox_1.36.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.36.1.bb
@@ -59,6 +59,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \
            file://CVE-2022-48174.patch \
            file://CVE-2023-39810.patch \
+           file://CVE-2025-46394-01.patch \
+           file://CVE-2025-46394-02.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html

From patchwork Fri Oct 10 02:50:21 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71992
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0814ECCD184
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:50:51 +0000 (UTC)
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com
 [209.85.210.169])
 by mx.groups.io with SMTP id smtpd.web11.2316.1760064648114694558
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:48 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xj0qzeLJ;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f169.google.com with SMTP id
 d2e1a72fcca58-7810289cd4bso1590387b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064647;
 x=1760669447; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Ab9NZq/vJQznnW0hHY5b6/mlYHgyaWdqP+fMe1xqxws=;
        b=xj0qzeLJRfPXMNb2qZq0pXplAHqL0AcEQXCg1u1BLQAw9y3dVk/YFwj0gvFF8OZha4
         JN8yfzqQlRdTwBkaAR31zjms+GI3neWSdQO5Etcg7IBQq+NebTSiBEmsw+fbthperGqF
         AqZnWjQgTRnpeUW5zxHOF33upikw0u3OMDqByp8GfalOrC3sDf8tQSFVapCr3JevMNnK
         zr88qn5DFKOJfJzuAgbLXLlqPyJiY5y6WHlyrDt+sv0g0I2HaimaUGuW6N4e+bIJU9BG
         iSFj3GeqwqQFnYijCQAzJHrK09ZVf5yrtpnfLy3Upq9s4IulQMf3+Frr+7DmojYjRkmK
         MMEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064647; x=1760669447;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Ab9NZq/vJQznnW0hHY5b6/mlYHgyaWdqP+fMe1xqxws=;
        b=dvQk6afolwQPfg5aXQB0MAoPrNNUuTFWNTlMbvBRN0C+IL6WMdgJssymO1za0RLmHJ
         Qk5sF92WPj3bT+jI4yg2io9ulg9qehdgqH4M/Z2PFyLkihum+bjBbGki3kPf4fI8zkns
         lSqYdgpFgJ7XW4KqIq33MEDZizdbeSFYgWVW/X3wpZAGuBH8uq+ddN9Tx5y6nulLEBZj
         tqYsAXAN4mRU5AnIyATEbe5q/Dbltp8RF4S3egvHU4RyePquLhgysSomsHx3OJYONSnt
         Xsys6S5XCGg9Ltw2dNjQXYVoELOG2XeWGa3mlvmGM0tGX26Vwmym588T1nj57R7uTwZX
         eAiA==
X-Gm-Message-State: AOJu0YwJwqcA+z92N6LUuIL999EAfNANqfj9DOBgSQiodUwWxrvOQIAU
	qseT0+2+3zFFpM10zhi6sQ8+xGGXB0/DPmhtKfwGVcARluYN0uptoc1gkR/G6FXQ5zc/OBG/OUs
	nl/CJ
X-Gm-Gg: ASbGncu2JgNZlEs50m8/R6/3qQNozy5euUCT+NfF3FfFn4bddEx+jeWaqQdzBEmniU+
	/aOaqh/n6qZTFlJ4lo9VfwCijo6yP4HuBKgzoItsZ0djdvkM+5kZmLcKCjlcbaTFVDCCRSo2mKe
	ffVXvi2OeHszyWdUvnmkXl0ovwBgt5NuzavouM5rY40nY8xGsq+/Gg+HY22h97w1mSZUBCFA9WC
	+uhd/e/IEN7fwEProK78qleN6HzWe/AlNEkqYYo1iP0YG1tKLRbMCpYXBaevgFIXpNeyl24mKk+
	J9atNmo7rfJlEcDH3jSuQl3c5533VkgE1a4a08tDargzuIDoRoDVq14Y4aUCh245y4c9OsnI9rW
	5LSQrGHBUc+/wvYxdxKksj1yrybDBm6r7
X-Google-Smtp-Source: 
 AGHT+IFFoNnZseq91MMiAKL8GXvXcu/rbfO9u/jLhnFPYnjzwH95g4P6KACw4XZOJNpH5c3qG2bibw==
X-Received: by 2002:a05:6a00:4fd0:b0:783:7de9:d3ca with SMTP id
 d2e1a72fcca58-79387c1a74bmr12149242b3a.31.1760064647382;
        Thu, 09 Oct 2025 19:50:47 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.46
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:47 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/18] grub2: mark CVE-2024-2312 as not
 applicable
Date: Thu,  9 Oct 2025 19:50:21 -0700
Message-ID: 
 <d005eda88dad37f31bdc59e45e20b209f3771a26.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:50:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224646

From: Hitendra Prajapati <hprajapati@mvista.com>

This issue is specific to the peimage module that Ubuntu add, and is not
an upstream issue.

(From OE-Core rev: 8d2fe3f403e6435e1ffe122a6776381090752d8a)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-bsp/grub/grub2.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index fd671d88ad..edb87ef2ea 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -45,6 +45,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
 CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
+CVE_STATUS[CVE-2024-2312]  = "not-applicable-platform: Applies only to Ubuntu"
 
 DEPENDS = "flex-native bison-native gettext-native"
 

From patchwork Fri Oct 10 02:50:22 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71990
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1762BCCD18D
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:50:51 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web10.2337.1760064649998411954
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:50 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=raXdstf4;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-76e4fc419a9so1584705b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064649;
 x=1760669449; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=y+YUxQVu3s+mrZtqn41ktEG7tWWBj0erKt+psdJ69Vk=;
        b=raXdstf48AOtbaxE7I1NzrHlOAoZkDFI7wXRZJQZol2/rpZHLbvsOEKySbEu7N0daZ
         afpdUDOYLL8HA9c2xVyMyRKZM7mRjh8UV6PJrSP/mzAN6sys2qgDngGIxyuEwHMGjQbM
         mq0gl2QXiT0WAJqt0QzFbJUtG2yQ+IGr6YRbxlLKpnChEYxgx780HVzixf6DU+eoCeEB
         VdiLdr0EhORqhVctoqSxZIeYkXqJbgiDPpKuzZmfNQJEw1bqHYttdFyAiJY65QlN8btO
         g600eWj6z8TGtFebFdArNZ3J+vccQWBc/3B2QBmSVoyiHeDKOYBhhJi5s1TVjM+Yi7MM
         irZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064649; x=1760669449;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=y+YUxQVu3s+mrZtqn41ktEG7tWWBj0erKt+psdJ69Vk=;
        b=St/8gndQZTlBot06u54nABUiqOSf8SwpMdu039P6D30Bj2Y8Gm8mnFT52T19uGWKQ5
         tbEozWAi/XXETnFPz4xSqdS8gHwPSlQyiW7rw/mkjOGCKQzo8D6o9tp5dxTVydmSXhXE
         1NfKvBky1FCnWV6S+StgyXaAnqT4FwW52UbOI6kOAdgen9aasXj2z3EBTSlYRdJo7atW
         PcEVJ7fsZaaS5tHEI4UNWiFh8RefQHqR916I3WpvMdjBr8eJECpdlmhNwaxhnlqCLHWn
         tRTalS3Kbsno+j2OQ22k752XjVZH2O+b1VQncVLqKk9YnZxO3SFma6X2qoG/d2N81/os
         ykFQ==
X-Gm-Message-State: AOJu0YwAwr+ATZBY8odOM3BspM5Bw34/vzwjkcpV44pt1FJVHYNoZpjg
	h6/Kp3bAkB9p4EJz34xPuhQ6OUYQ5Altu09XT/QKNsA7nFN+0xoBcoyrswbST6p12l0D/t7O+h4
	13tU/
X-Gm-Gg: ASbGncuX+LCsDhDBggWaHrT207mbfwevE65RDiSFqpaId6gYXPSmJ4nVkD7s/u42udc
	yl5BYErSzqFwOyw7RxAZLoEnUEZmtvzQf5ek5jZdQLDtLKtn2CdwJdge/YeBAYmexyXSIa5G771
	9IqyIC9rE7UAxIWmU/MrK+ghl62ZlL15mMFr2CBAl50EX8+ens5+7vEHskrglZNbAA6F4M6tR+w
	410ngJj3kYk7YorwvqkLD6FakwSCqXHz9HcvUA31QrYva5KwZGxQO+x6o0ocJXCLpyW6pnM4ps6
	enF1PHDr/8PYdByCBddb0FmXBOCZwZeNgz5rses1OfuZUb7MJoLqhEoTLGMrMdlLow/7LbGFbpA
	BCSAkrovphYtgTBeUP8NLOQZqFJzgvuMr
X-Google-Smtp-Source: 
 AGHT+IHGWwVNaQiRTTlfnkC82rnz3onP6UHaRrBY3yY90Ddeo6/EkskXu+mO4kkorQ6VeoRl0klRHQ==
X-Received: by 2002:a05:6a00:2346:b0:77f:605f:20e1 with SMTP id
 d2e1a72fcca58-79387a28824mr10222489b3a.27.1760064649224;
        Thu, 09 Oct 2025 19:50:49 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.48
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:48 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 03/18] gstreamer1.0: ignore CVEs fixed in plugins
Date: Thu,  9 Oct 2025 19:50:22 -0700
Message-ID: 
 <c5a68886247d4417de4ecaa8460e25e84ab93b0d.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:50:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224647

From: Peter Marko <peter.marko@siemens.com>

All these CVEs were fixed in recent commits.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gstreamer/gstreamer1.0_1.22.12.bb           | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index 3f28459e2d..cfc66745e3 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -74,17 +74,26 @@ CVE_PRODUCT = "gstreamer"
 
 CVE_STATUS[CVE-2024-0444] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9"
 
+CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BAD"
+CVE_STATUS_PLUGINS_BAD = " \
+    CVE-2025-3887 \
+"
+CVE_STATUS_PLUGINS_BAD[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad"
+
 CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_BASE"
-CVE_STATUS_PLUGINS_BASE = "CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835"
-CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-base"
+CVE_STATUS_PLUGINS_BASE = " \
+    CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 \
+    CVE-2025-47806 CVE-2025-47807 CVE-2025-47808 \
+"
+CVE_STATUS_PLUGINS_BASE[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-base"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_PLUGINS_GOOD"
 CVE_STATUS_PLUGINS_GOOD = " \
     CVE-2024-47537 CVE-2024-47539 CVE-2024-47540 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 \
     CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 CVE-2024-47599 CVE-2024-47601 \
     CVE-2024-47602 CVE-2024-47603 CVE-2024-47613 CVE-2024-47774 CVE-2024-47775 CVE-2024-47776 \
-    CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 \
+    CVE-2024-47777 CVE-2024-47778 CVE-2024-47834 CVE-2025-47183 CVE-2025-47219 \
 "
-CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched ic gstreamer1.0-plugins-good"
+CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-good"
 
 PTEST_BUILD_HOST_FILES = ""

From patchwork Fri Oct 10 02:50:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71995
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F2B99CCD183
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:00 +0000 (UTC)
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
 by mx.groups.io with SMTP id smtpd.web11.2318.1760064651434698320
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:51 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=deMX8zb7;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-77f343231fcso1224004b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064651;
 x=1760669451; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0kT6vxYsa2PUl90wCvgwS55S9Cw887Yh5uFgHoSwiIg=;
        b=deMX8zb7Zr6/7OnQSm5PFvh9Un8pHA08UKzT6esUJJxeT+YL8xPcTXueS/Yhgn3ADS
         GwP8wef/o47hSVGHlq1PC8pkocraUC9FFyNxaavPLPkvO8tCeH8HDhz7FY3492SZFPTG
         j7ZNwGd0b9zEGfAsBidTU1vCQleqKxFfA+WcGoNoJ8/Yvwhq+r0uixbXIIBPiQr2eS2w
         P4+Fnfw5O0lS4FCawCsIs9DO3EkwYFW6RyEPEI5vMrRjNBFmQo9Nr8nmeHmIfmLV4Dsf
         w1FDy2WZE/etKkBSSzRuxm4YVLzYYT5R7MmsjjjekUv28jwNTWvR9X3uLFaLj1h8j/Ys
         NiGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064651; x=1760669451;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=0kT6vxYsa2PUl90wCvgwS55S9Cw887Yh5uFgHoSwiIg=;
        b=H2dWe0dBxrI6TZ2alx2oqYvShql3L3aS/1lgexNuvKWSs9Mu8+kCpS5QeLV0c5ptsl
         hQv+fzqMU9fMeQu65d4rh9rys6EgC/BeAnNN4fO/1/PF8Ly543El5drqdNNsRvaKNtlr
         Ek2FcjGGPTv2Wkd/D1OpxVc/AtcT7bpHepD7ximCvlMkzmgKpp+zTdIo4tNq2MtBmpX+
         Z2ByRgfQGi6HImzxLGjBtnZ3VdrsOksMjsnGKsHTCheIF0CsQo8SoWZWmU3kt44CxlvH
         3x9644Yi147oeG9iA2/9xVIjAqwgwmuPbCBhUMnWuNw7FihNxm0H8M7jnxhWldoHApcM
         C1+g==
X-Gm-Message-State: AOJu0YyP0bCNDFL6RvjecUChcUzpY7yO0q9PsSMqAPN08wLcDxOzAbRU
	gVCLswGSNXumK4F25xYfRYK7Sz2T2xvbACvAtHn8ByVoErJuhlKlFaCsq069a4tfJkxBKz6IUUE
	PvBS8
X-Gm-Gg: ASbGncuKC7rYrK2Avam35+SKeTmdmE+M67MUy/QIhKUIz+yusdNctv/wGfJBg39u9XN
	MShTOLSXVDRV9x1RBB5rbrQiKRn5+9DiQxMjzAJZ2ObihoW7wFBaUHYxBj4+xxmDhgb3hpe2WL4
	e4VmeRADdQuCab5MIwiMwnq0creW4SmT3R5amP8frQyhv5JESQQIfEkrhcueYVp/093ueszBDp4
	iIlrKskU8fzmFse0T+yWk++T4JX6HohMpVNlP555dSPdD05gJ5vSXeoM+nKM508C8VN8fQ1ZUhz
	CSYJLJpm2QX9Bsr/Ao3OEQUNWPuYwFYCXH6ZLnaM3OUPXAoloIy13N9c0JoCivuTtZy7HIQxc0o
	o38zqn7oWF9Nq3X+DXg2tiOekpVYH5Nmj2wZr0g==
X-Google-Smtp-Source: 
 AGHT+IHMh1mrhrt17ZesCZ0gHQBC19IJlj8CeNy35ZLtZYlKfPYjqrSvm8KgSfW7H1o0nPxGaui1sw==
X-Received: by 2002:a05:6a20:3d19:b0:32d:7f48:4aa7 with SMTP id
 adf61e73a8af0-32da850e806mr12384942637.60.1760064650673;
        Thu, 09 Oct 2025 19:50:50 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:50 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 04/18] gstreamer1.0: ignore CVE-2025-2759
Date: Thu,  9 Oct 2025 19:50:23 -0700
Message-ID: 
 <7937625a30f6046ba483a000497b15169659f5eb.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224648

From: Peter Marko <peter.marko@siemens.com>

Copy statement from [1] that it is problem of installers (non-Linux).
Also [2] linked in NVD says "Fixed in 1.25.1 Gstreamer Installer".
Since Yocto builds from sources into our own packages, ignore it.

[1] https://security-tracker.debian.org/tracker/CVE-2025-2759
[2] https://www.zerodayinitiative.com/advisories/ZDI-25-268/

(From OE-Core rev: 99ee1df6bde2ffd4fa2ddea44c0a9b94d9d77bae)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index cfc66745e3..5b0ba37977 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -96,4 +96,6 @@ CVE_STATUS_PLUGINS_GOOD = " \
 "
 CVE_STATUS_PLUGINS_GOOD[status] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-good"
 
+CVE_STATUS[CVE-2025-2759] = "not-applicable-platform: affects installation packages for non Linux OSes"
+
 PTEST_BUILD_HOST_FILES = ""

From patchwork Fri Oct 10 02:50:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71999
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F2BD3CCD18C
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:00 +0000 (UTC)
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by mx.groups.io with SMTP id smtpd.web10.2338.1760064652977534882
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:53 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=TJGNr1pP;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-793021f348fso1520717b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064652;
 x=1760669452; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=y90LQ2JHVFmB9zk6azx/OC0j4qEiUAhRSnfWxgYQtBk=;
        b=TJGNr1pPNeaErbcGV2bHd7xu//d0LpAEGlsTqfSphr6nXPJDPLlv8qwF93DOZT6MLz
         buzayiIJlvbFmz4CqA4nPjZwZTCZ4vHBSmZLhPmIjKhUfeSAAoI/Y9OaLdk16AKUP5aJ
         lA4vkQsDh3unIJfJ97SBcgXv3x3x9QjlJ+YXMoLISWLlnL/EnMQFcFcQd4x/4l77pX6x
         gRGVqqQOIH7cwfIz+5CaMEvJQw07Xjm0CJaTbldBUyIc/b4iv+Bq1Yz2Hzm1NP9D2u+X
         jTFaBmXtyt1vBUC7KS8YSp0i4UrVMWoZxG0EUNEsJdAbArinsVDYxc3b95mvVNiI/Ak/
         Y+3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064652; x=1760669452;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=y90LQ2JHVFmB9zk6azx/OC0j4qEiUAhRSnfWxgYQtBk=;
        b=ASM6azu7q400d1ntOGxzEGAMEXmFi4fGz9cxLOeqv+isWlpIetyPnq3ydwfvzh5Vpv
         nNcPyEDe1RwS3giUI9ffYD0qFsWdd7/iJuT7IabiNBZhlyV5V2ArmUctGGN3f6qysGpe
         67pSiElh2a+E9/dPpleOd7nk8Az1K4N3cKMBIHY5v60ErBHDDM0KpqzXWtlo5xPEnurZ
         6ZdbDb1MjKGGBqq/uyBKIDJcyIbYmKOkIoZOuqhOODzaykT6aTfs1IRlanBhOqEBYbeS
         a4za+w+PkUeGOaKoSj945jTx+EyU4raiIlm1zxh8rhnasqfMgCUwiWhCiEpMeBdmfoba
         lBcA==
X-Gm-Message-State: AOJu0Yz67xNkc9UnG89NLeY0R/MWqgirtiCV6yxvlfukA6Wsui+o8Gu8
	5S5qvoDq3Otyfv0TXZxq0TcKXGkLbnAy4n1Kx79CsQbXNOoXsV7uI48bBJCR3KqGUAZ/GeV1JoS
	SSihX
X-Gm-Gg: ASbGnctFfruaSEwYQXYctRD9tZh5ZyOoBT+1zHKMvp3oNwCgkede5W9JrIerPIitqSQ
	MyFwYA1mVFNTSqrRhteAwHe3N6e2GpiTzrLTbPt0mWg1xjWVngb4rdp2H8vUc1zbfC3P1JZd8TG
	wCKZLNKS48hytbLYs0BS7TALyA6oSfbmVOaBm9OJa4ZOAqM6TQhRAl2NkSALsa16QSizxl5zotm
	gAMxO3DMQDqwlzd+xUtkPuqUaZgv2w4lBtwpHYACepJp343G5w1W6ix9QtqZZS5ZJhM++KoLhwa
	mEl8ZmeuhnOb3o+BKiSOzoKtD0f97Xzw/4t1MxIDPijVPg6hqRNY8N/G5exPo+SjBx8GIP3LZIo
	q5r6YtLaflq2NNjknI8ikrNGy6i5TnUWP
X-Google-Smtp-Source: 
 AGHT+IGnl/FG6pBztWidAc/eWEm6J/IJ4j/GLMM2VFgfiH2Oc9f3v4EkRP/Rk7Qljr5zMmOlmRTWWw==
X-Received: by 2002:a05:6a00:a8f:b0:781:24ec:c8f4 with SMTP id
 d2e1a72fcca58-793857098bamr10407750b3a.3.1760064652111;
        Thu, 09 Oct 2025 19:50:52 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.51
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:51 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 05/18] ghostscript: patch CVE-2025-59798
Date: Thu,  9 Oct 2025 19:50:24 -0700
Message-ID: 
 <4a2f47d9541d7a13da7a9ce16bd5088870c45ec4.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224649

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59798.patch          | 134 ++++++++++++++++++
 .../ghostscript/ghostscript_10.05.1.bb        |   1 +
 2 files changed, 135 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
new file mode 100644
index 0000000000..9432126e85
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
@@ -0,0 +1,134 @@
+From 0cae41b23a9669e801211dd4cf97b6dadd6dbdd7 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Thu, 22 May 2025 12:25:41 +0100
+Subject: [PATCH] pdfwrite - avoid buffer overrun
+
+Bug #708539 "Buffer overflow in pdf_write_cmap"
+
+The proposed fix in the report solves the buffer overrun, but does not
+tackle a number of other problems.
+
+This commit checks the result of stream_puts() in
+pdf_write_cid_system_info_to_stream() and correctly signals an error to
+the caller if that fails.
+
+In pdf_write_cid_system_info we replace a (rather small!) fixed size
+buffer with a dynamically allocated one using the lengths of the strings
+which pdf_write_cid_system_info_to_stream() will write, and a small
+fixed overhead to deal with the keys and initial byte '/'.
+
+Because 'buf' is used in the stream 's', if it is too small to hold all
+the CIDSystemInfo then we would get an error which was simply discarded
+previously.
+
+We now should avoid the potential error by ensuring the buffer is large
+enough for all the information, and if we do get an error we no longer
+silently ignore it, which would write an invalid PDF file.
+
+CVE: CVE-2025-59798
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/0cae41b23a9669e801211dd4cf97b6dadd6dbdd7]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/vector/gdevpdtw.c | 52 ++++++++++++++++++++++++++++++---------
+ 1 file changed, 41 insertions(+), 11 deletions(-)
+
+diff --git a/devices/vector/gdevpdtw.c b/devices/vector/gdevpdtw.c
+index ced15c9b2..fe24dd73a 100644
+--- a/devices/vector/gdevpdtw.c
++++ b/devices/vector/gdevpdtw.c
+@@ -703,7 +703,8 @@ static int
+ pdf_write_cid_system_info_to_stream(gx_device_pdf *pdev, stream *s,
+                           const gs_cid_system_info_t *pcidsi, gs_id object_id)
+ {
+-    byte *Registry, *Ordering;
++    byte *Registry = NULL, *Ordering = NULL;
++    int code = 0;
+ 
+     Registry = gs_alloc_bytes(pdev->pdf_memory, pcidsi->Registry.size, "temporary buffer for Registry");
+     if (!Registry)
+@@ -734,14 +735,19 @@ pdf_write_cid_system_info_to_stream(gx_device_pdf *pdev, stream *s,
+         }
+         s_arcfour_process_buffer(&sarc4, Ordering, pcidsi->Ordering.size);
+     }
+-    stream_puts(s, "<<\n/Registry");
++    code = stream_puts(s, "<<\n/Registry");
++    if (code < 0)
++        goto error;
+     s_write_ps_string(s, Registry, pcidsi->Registry.size, PRINT_HEX_NOT_OK);
+-    stream_puts(s, "\n/Ordering");
++    code = stream_puts(s, "\n/Ordering");
++    if(code < 0)
++        goto error;
+     s_write_ps_string(s, Ordering, pcidsi->Ordering.size, PRINT_HEX_NOT_OK);
++error:
+     pprintd1(s, "\n/Supplement %d\n>>\n", pcidsi->Supplement);
+     gs_free_object(pdev->pdf_memory, Registry, "free temporary Registry buffer");
+     gs_free_object(pdev->pdf_memory, Ordering, "free temporary Ordering buffer");
+-    return 0;
++    return code;
+ }
+ 
+ int
+@@ -786,31 +792,55 @@ pdf_write_cmap(gx_device_pdf *pdev, const gs_cmap_t *pcmap,
+     *ppres = writer.pres;
+     writer.pres->where_used = 0; /* CMap isn't a PDF resource. */
+     if (!pcmap->ToUnicode) {
+-        byte buf[200];
++        byte *buf = NULL;
++        uint64_t buflen = 0;
+         cos_dict_t *pcd = (cos_dict_t *)writer.pres->object;
+         stream s;
+ 
++        /* We use 'buf' for the stream 's' below and that needs to have some extra
++         * space for the CIDSystemInfo. We also need an extra byte for the leading '/'
++         * 100 bytes is ample for the overhead.
++         */
++        buflen = pcmap->CIDSystemInfo->Registry.size + pcmap->CIDSystemInfo->Ordering.size + pcmap->CMapName.size + 100;
++        if (buflen > max_uint)
++            return_error(gs_error_limitcheck);
++
++        buf = gs_alloc_bytes(pdev->memory, buflen, "pdf_write_cmap");
++        if (buf == NULL)
++            return_error(gs_error_VMerror);
++
+         code = cos_dict_put_c_key_int(pcd, "/WMode", pcmap->WMode);
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         buf[0] = '/';
+         memcpy(buf + 1, pcmap->CMapName.data, pcmap->CMapName.size);
+         code = cos_dict_put_c_key_string(pcd, "/CMapName",
+                         buf, pcmap->CMapName.size + 1);
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         s_init(&s, pdev->memory);
+-        swrite_string(&s, buf, sizeof(buf));
++        swrite_string(&s, buf, buflen);
+         code = pdf_write_cid_system_info_to_stream(pdev, &s, pcmap->CIDSystemInfo, 0);
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         code = cos_dict_put_c_key_string(pcd, "/CIDSystemInfo",
+                         buf, stell(&s));
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
+         code = cos_dict_put_string_copy(pcd, "/Type", "/CMap");
+-        if (code < 0)
++        if (code < 0) {
++            gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+             return code;
++        }
++        gs_free_object(pdev->memory, buf, "pdf_write_cmap");
+     }
+     if (pcmap->CMapName.size == 0) {
+         /* Create an arbitrary name (for ToUnicode CMap). */
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index bd34058517..0ae939e780 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -25,6 +25,7 @@ def gs_verdir(v):
 SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \
            file://ghostscript-9.16-Werror-return-type.patch \
            file://avoid-host-contamination.patch \
+           file://CVE-2025-59798.patch \
            "
 
 SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"

From patchwork Fri Oct 10 02:50:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71997
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B87CCCD18D
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:01 +0000 (UTC)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com
 [209.85.210.182])
 by mx.groups.io with SMTP id smtpd.web10.2339.1760064654447561783
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Bsm7xvus;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f182.google.com with SMTP id
 d2e1a72fcca58-796f9a8a088so1350247b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064654;
 x=1760669454; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=gfuyQP74gZxg2wwQAOJAJWkVhjH7lWkKojcMnpIN8b0=;
        b=Bsm7xvush9YH/X6sFosLESQkUFizWHxnQT60f49dSynew5WiaymHOyt7ETczB1W78d
         jl/m1DHA8dU/p+PhyF/j4xLKSzNj1fQshodMtvfrMpyju1EUK3GWMPNENqL6ZOY2iuoJ
         /HKBD0WLrr4FujnsTM4Kr4/MQC8J2lcoWE2FqTAUAdvrNQGyzMxSTOyG4F5RO6DpA72B
         wt2uSBIPlPCej7zUsb6YDWHbEGTTwTHwTYaBaoNz+mTFU+UpK0xamrnijHK7d5QKBluN
         PgYrM5dRkvTnPAIYfS+eWHQusXLNdNsNfh1EpIdxKzjGT3aUbdOZFVsuTzgHwDmSSQnl
         VCKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064654; x=1760669454;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=gfuyQP74gZxg2wwQAOJAJWkVhjH7lWkKojcMnpIN8b0=;
        b=n7aRolcUKchO6TsB83k2eZtHGCXc84Wnpvxfdfpa4bcUv5zRvB501+HOszIZekH/4D
         z9foUZcCIk6wLvC2z7n6VJwx0dJVAzOvslsG0wrYUR1ZL1SyKwvXoM1eeuhsOZB5rJZP
         Qc98Nh8oRlJ3g/PEd22SwqUT7JnINKZrTs2zwcvodhF0kFZ8k9hzS2q1o1TEtGCU0C6n
         UrK50JdgQXGreppA0EdLNGhAZrDtdgdtBvrxucuOrlRvnWZRGL0krUDYari2Qj4qmAN8
         He/c4tP7IRNCqNG+pVPmWeAQo8bUgD2vwOD0vFvdRuLtYmTJ5nfJLYhpgsV1M1dq0lqc
         o0Zw==
X-Gm-Message-State: AOJu0YyyiRMbR/j50p1UQkD8LebsZDy++IzOeNU7BJ6S3ApbUwDJ886z
	DXNT1JuftawgntH8OVKiIc+Ig1aKTxn9pJb1B6NIeacJHG49CxqTqehV7gkd66jTgJg4yuNtVjJ
	Gv80Z
X-Gm-Gg: ASbGnctdkymMSSlSQYIbU8AEEV4WbtvQcZRdVKRAonzpYievRkhJ5wkCR1vHDeE8wZy
	+CpImZAVJQoqexCj/uRoQ4zu3+8gUu3CYwanozui5A5nqZQ/9PgL0OaRcdZPd7Mja7nUIetsgBx
	Eka/TCXEzFGPmSlWXMy3D6vFNxpWRVvbjCV8z2H5uci8Bc0IZqho0kle1n6JD/wVeUCBS0e2c1/
	EmdzVPhsaKWE1TFpEDT5QnEmzZn/WUv06pyYZj2qBJAQf2Gju9TK74677Z9Cv1lSz/4wAHmcUJD
	bTM+iwXVjKMVDnpoeXqzv9xNaBpP4YIJAedaadulWNfXJMKmMwmrn+cx1xnnsj36XMDhcKq0Gk5
	rjdQn2SZW2Rc7ecSr64auJ7KqsLOCUrNC
X-Google-Smtp-Source: 
 AGHT+IG/m4fjT3/hDXYPaBsAN/59xFcdmbYLZI7nfGbivXi79BbWlk0+ycej1f3eJOBDtX/ywGQlmg==
X-Received: by 2002:a05:6a00:cc9:b0:781:189:ae43 with SMTP id
 d2e1a72fcca58-79386e51126mr9801647b3a.20.1760064653643;
        Thu, 09 Oct 2025 19:50:53 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:53 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 06/18] ghostscript: patch CVE-2025-59799
Date: Thu,  9 Oct 2025 19:50:25 -0700
Message-ID: 
 <2f1d5b9ad1af6d2b28e9e7b46aadd879a67b8fc6.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224650

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59799.patch          | 41 +++++++++++++++++++
 .../ghostscript/ghostscript_10.05.1.bb        |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
new file mode 100644
index 0000000000..9401474c47
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
@@ -0,0 +1,41 @@
+From 6dab38fb211f15226c242ab7a83fa53e4b0ff781 Mon Sep 17 00:00:00 2001
+From: Piotr Kajda <petermasterperfect@gmail.com>
+Date: Thu, 8 May 2025 11:37:09 +0100
+Subject: [PATCH] pdfwrite - bounds check some strings
+
+Bug #708517
+
+This differs very slightly from the proposed patch in the bug report, I
+had a quick scout through the C file and found another similar case.
+
+Both fixed here.
+
+CVE: CVE-2025-59799
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/6dab38fb211f15226c242ab7a83fa53e4b0ff781]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/vector/gdevpdfm.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/devices/vector/gdevpdfm.c b/devices/vector/gdevpdfm.c
+index 5aa3644e2..4b1d7d89c 100644
+--- a/devices/vector/gdevpdfm.c
++++ b/devices/vector/gdevpdfm.c
+@@ -199,6 +199,8 @@ pdfmark_coerce_dest(gs_param_string *dstr, char dest[MAX_DEST_STRING])
+ {
+     const byte *data = dstr->data;
+     uint size = dstr->size;
++    if (size > MAX_DEST_STRING)
++        return_error(gs_error_limitcheck);
+     if (size == 0 || data[0] != '(')
+         return 0;
+     /****** HANDLE ESCAPES ******/
+@@ -859,6 +861,8 @@ pdfmark_put_ao_pairs(gx_device_pdf * pdev, cos_dict_t *pcd,
+             char buf[30];
+             int d0, d1;
+ 
++            if (Action[1].size > 29)
++                return_error(gs_error_rangecheck);
+             memcpy(buf, Action[1].data, Action[1].size);
+             buf[Action[1].size] = 0;
+             if (sscanf(buf, "%d %d R", &d0, &d1) == 2)
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index 0ae939e780..0f123d4899 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -26,6 +26,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://ghostscript-9.16-Werror-return-type.patch \
            file://avoid-host-contamination.patch \
            file://CVE-2025-59798.patch \
+           file://CVE-2025-59799.patch \
            "
 
 SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"

From patchwork Fri Oct 10 02:50:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71996
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 10CB1CCD18E
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:01 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web11.2321.1760064655680145375
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=pcj6NEpG;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-77f605f22easo1474119b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064655;
 x=1760669455; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=d21zjycU/xUT8v3gVMd0Abe+DbIDLVEAOUPDydRy++I=;
        b=pcj6NEpGRp1OGBvvKOn8XQzZEPR5+tecVXSvOUpoAFfBsonRZz+WeCJJ82XAkZ8HIA
         r+e3lUjW9E5a2kYQK4yKz/V+MoYHIX4uySOgAUdhyg+FRF3SFbv5vEvoz7kL0xWZ4dF5
         aoviA6bOpuKZv8vZBQY9eCv3dnpmzq4jBVHRVM+vcI2k5BiZZBSqeUe0mHbJ+/HKusNK
         8NdbxkFIeO6l62yKmP3Gt3rjvLd5BVvn9TZZbvH1N58gCjqo9wt/KJtiivWSNNDpxdMZ
         kxzUaxlpeoxYbv7gLKc0P6a28izbQZf6IPOBGK5ijEzp9M8MuShDFutbwh46Wl6Dqid7
         nMqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064655; x=1760669455;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=d21zjycU/xUT8v3gVMd0Abe+DbIDLVEAOUPDydRy++I=;
        b=BcnqwMXzwUh7GJKmlcRqvOMMCQ5P5G/v9VH3Dl+wkR2Ld8nGlJcDoYAZ+3TbHGdkyY
         k17ozGDSmEwBGREf62ECPl49IbOfzbAaeHCoeRv60dnyPpmrNIj8ee56C6HlL0f4nDM9
         0GAAKHegGfFgA8zFj/XX+nILsiWWYGW2G+VBvyIqZj8STbIjGsjow7FRNuSE8vdtNW2Q
         zZF7b32+oMOG45+WJx+et1tZfSLu+eeghhpbVvxA1ay8/hOMUVaSQYXoAN+mCs0ztE7Z
         UV08wUw4m2qZMEJcZ+G0IZPFh1v6p2Jq3lL6yg5cMWdRDtrPcXeUsYsy+BkwvRWjulzJ
         QswA==
X-Gm-Message-State: AOJu0YzirYQQ8trgnpnLaTeiFhBY2t0A8tRjW2GPih6BAlwBWoZdKyvy
	f5HgK7ncbAJ2oOkgKEj1Y8LG3aHFk1sFgxX+rzidrd7MDtimqts0EctYhxJYZvyZhGFb9PZYt3K
	yaVVw
X-Gm-Gg: ASbGncuqkSiR33DelFJyZlpyWwYAGE4NWL3JslALpNB/xVV4xqMUAbwgOQ1tJ6lWfSy
	QRC4FI2NX3yaEpjB8mWcin5MdPAJZagGfBnhpKa39Af/IHohGvF2BKiMmsEwistdJq5wOiW4L+J
	uRU/FReOobwPf4clnoEmsCXC3iXAEDGwngrHC/EmJpcyhON0J9JzaPcuXVq5ju5tJlsdBU1rttx
	wy33mnLCbhHRzWaoLR30pDf/pRazu7RX6u93FjYBWv7B8NdLa3RijaMiwcrq+KK90Kts8ZiWgMy
	V4+G3b5po6KmuyXY2dAE/blM6zLReUP7vZIyrUnGTv5/Aym3+KLBI9xiTr40o5bHNXwPMKuMjtL
	fPSbOGDRnoRDZ7VpdkND5PIpt8Wl/lsKlh9Wp0g==
X-Google-Smtp-Source: 
 AGHT+IE+92SxcmCsBfpnT42+MZE5IVaGOr0Ay6Z6BZ37VgadYixURafqdYQqLKYGtNSy4YDgB65NFg==
X-Received: by 2002:a05:6a20:938e:b0:309:99e3:c6f5 with SMTP id
 adf61e73a8af0-32da83e68a9mr13981192637.48.1760064654901;
        Thu, 09 Oct 2025 19:50:54 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.54
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:54 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 07/18] ghostscript: patch CVE-2025-59800
Date: Thu,  9 Oct 2025 19:50:26 -0700
Message-ID: 
 <a63bb2ccc8294c8a97f5957f1ca9f0a4880713ac.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224651

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59800.patch          | 36 +++++++++++++++++++
 .../ghostscript/ghostscript_10.05.1.bb        |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
new file mode 100644
index 0000000000..5d50865271
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
@@ -0,0 +1,36 @@
+From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Tue, 1 Jul 2025 10:31:17 +0100
+Subject: [PATCH] PDF OCR 8 bit device - avoid overflow
+
+Bug 708602 "Heap overflow in ocr_line8"
+
+Make sure the calculation of the required raster size does not overflow
+an int.
+
+CVE: CVE-2025-59800
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/gdevpdfocr.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index f27dc11db..6362f4104 100644
+--- a/devices/gdevpdfocr.c
++++ b/devices/gdevpdfocr.c
+@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row)
+ static int
+ ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp)
+ {
+-    int raster = (w+3)&~3;
++    int64_t raster = (w + 3) & ~3;
+ 
+-    dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page");
++    raster = raster * (int64_t)h;
++    if (raster < 0 || raster > max_size_t)
++        return gs_note_error(gs_error_VMerror);
++    dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page");
+     if (dev->ocr.data == NULL)
+         return_error(gs_error_VMerror);
+     dev->ocr.w = w;
diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
index 0f123d4899..a48ad671c7 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
            file://avoid-host-contamination.patch \
            file://CVE-2025-59798.patch \
            file://CVE-2025-59799.patch \
+           file://CVE-2025-59800.patch \
            "
 
 SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"

From patchwork Fri Oct 10 02:50:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72000
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 253A4CCD18F
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:01 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web11.2322.1760064657291739031
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:57 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=azs5J9VP;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.48,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-3352018e051so1986436a91.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064656;
 x=1760669456; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=eg4lXOOfLcb7WAaRoU5SViH49F69DTEcnftIEzYXmtg=;
        b=azs5J9VPvoqp1Uls+mygDTFd8N6VMIyQ6ysFFwmpLOFNh3IBBTss7rli3Qh3dwNb9D
         SbAKOR5VEEcrB8+LxwJfEoRsvgm7vASRYjbgZt/MgAW/Sj6DmxHOy/O+6dMdXRm3LhOU
         API+RmHCdLVrJL0FojxuHnVcV3nllkvebkHgK5L4veI96VVTSt6ENb+160z4HtLU7Qiv
         0e7pdrCHQqoSOZHmCaB+yIUx9L3N2UJ0qrXlyc7tJflJyTORKva7GRtrXXhIiQGGmc9A
         0oxi+5WJ064JSXmicACfdXLlgGsp/enUWZUQJYrU/gXFRhUtx4O9bDUxydNpMZX9g2Lk
         5E8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064656; x=1760669456;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=eg4lXOOfLcb7WAaRoU5SViH49F69DTEcnftIEzYXmtg=;
        b=hmG+jmuvur4z7sfj8k7Hd2M4nBknjJVyIJiJEDXyrER95tyCtLvyJO6eVq9HO4kJsV
         g8dKpysJGf9HfawhSRjX818uEFLG9mK/EZkVkpFL2ZZtOsOdTZ5dfp2jI88MAVoCfV0k
         vrCxtr1JUW6UWnWjRUrHHRu9Kf5uluyyd5x5dkM5HSeklhvyGGyjAQj2esM1xd3rYCK4
         X3b3UotIAGynS+als23UAIb0Ypv1JryqrzqciXuTKGgNV+MiTQsC1pNq9XSorSGHf6t5
         86IoSRdhPmUXs2gR79XXJvt418vGB8RVAZjGDnx0koB15YWfhZbmPK5hYefpg7cyRZmu
         ToQQ==
X-Gm-Message-State: AOJu0Yx4aOxKKZUu2jj3mHWiSAP6OkD58yJQPrSLoirxGRUosHvc9EPI
	AH4f3eeCcv/ZaMEFOl9uh2dbpELX0c+nF+kbkr9dhSAGqECX4Z8gudwTKbZbVyWJmn5MGKXynas
	TU/YF
X-Gm-Gg: ASbGncuP7nTB8T/pZoxnIDG2n+5YCxX1kELIk1+pdZAqzu+KjkBEtTJf3AKC3mAqNsJ
	lG++uInJy4Axbu/+H83pHFzqop4vrQr9nnm3zVtZcbxbrdgOrv6QfaU3mjQO7RCGHRGsE4LjCnI
	uzRAqT/CXmnMQMcR5tlsXOXBYocW4+uPjRmEJ4Bk+s1cIjcn5qIB9sMkX0lutvYV1NqFywjYoTw
	zRIrVtjLCcm3BbhvHkPnBo808viilayqgcP0RUz7d3uds8H/JhlvHLC68E0ExY9TvLgeaWXROsE
	B0P0lIzITCU1MBppPE6Mwu4msqH9bT5vuvYBevVqDu93wetwn9tbU/VELpARBCryQu80PcQka0H
	mFAT8ShynTRwlI/o2bvxgNkYbC1p5toNW
X-Google-Smtp-Source: 
 AGHT+IF5nJyZbV4enCbxRqjzskFhFZLXRi1DbBE7/vzNOj9mplEonbBaVVTATSlfUM7YY68a+1EgaQ==
X-Received: by 2002:a17:90b:3a91:b0:329:f535:6e48 with SMTP id
 98e67ed59e1d1-33b513a1f54mr13236993a91.36.1760064656397;
        Thu, 09 Oct 2025 19:50:56 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:56 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 08/18] expat: follow-up for CVE-2024-8176
Date: Thu,  9 Oct 2025 19:50:27 -0700
Message-ID: 
 <5bbb9ee52674f5aa6eed5d6cf3f515704092994d.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224652

From: Peter Marko <peter.marko@siemens.com>

Expat release 2.7.3 implemented a follow-up for this CVE.
References:
* https://github.com/libexpat/libexpat/blob/R_2_7_3/expat/Changes
* https://security-tracker.debian.org/tracker/CVE-2024-8176
* https://github.com/libexpat/libexpat/pull/1059

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../expat/expat/CVE-2024-8176-03.patch        |  35 ++++++
 .../expat/expat/CVE-2024-8176-04.patch        | 115 ++++++++++++++++++
 .../expat/expat/CVE-2024-8176-05.patch        |  78 ++++++++++++
 meta/recipes-core/expat/expat_2.6.4.bb        |   3 +
 4 files changed, 231 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-03.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
new file mode 100644
index 0000000000..c9990d5547
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
@@ -0,0 +1,35 @@
+From ba80428c2207259103b73871d447dee34755340c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@tum.de>
+Date: Tue, 23 Sep 2025 11:22:14 +0200
+Subject: [PATCH] lib: Fix detection of asynchronous tags in entities
+
+According to the XML standard, tags must be closed within the same
+element in which they are opened. Since the change of the entity
+processing method in version 2.7.0, violations of this rule have not
+been handled correctly for entities.
+
+This commit adds the required checks to detect any violations and
+restores the correct behaviour.
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/xmlparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index ce29ab6f..ba4e3c48 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -6087,6 +6087,10 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
+     // process its possible inner entities (which are added to the
+     // m_openInternalEntities during doProlog or doContent calls above)
+     entity->hasMore = XML_FALSE;
++    if (! entity->is_param
++        && (openEntity->startTagLevel != parser->m_tagLevel)) {
++      return XML_ERROR_ASYNC_ENTITY;
++    }
+     triggerReenter(parser);
+     return result;
+   } // End of entity processing, "if" block will return here
diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-04.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
new file mode 100644
index 0000000000..9623467698
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
@@ -0,0 +1,115 @@
+From 81a114f7eebcd41a6993337128cda337986a26f4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 15 Sep 2025 21:57:07 +0200
+Subject: [PATCH] tests: Cover XML_ERROR_ASYNC_ENTITY cases
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tests/misc_tests.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 87 insertions(+)
+
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 3346bce6..19f41df7 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -621,6 +621,91 @@ START_TEST(test_misc_expected_event_ptr_issue_980) {
+ }
+ END_TEST
+ 
++START_TEST(test_misc_sync_entity_tolerated) {
++  const char *const doc = "<!DOCTYPE t0 [\n"
++                          "   <!ENTITY a '<t1></t1>'>\n"
++                          "   <!ENTITY b '<t2>two</t2>'>\n"
++                          "   <!ENTITY c '<t3>three<t4>four</t4>three</t3>'>\n"
++                          "   <!ENTITY d '<t5>&b;</t5>'>\n"
++                          "]>\n"
++                          "<t0>&a;&b;&c;&d;</t0>\n";
++  XML_Parser parser = XML_ParserCreate(NULL);
++
++  assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                      /*isFinal=*/XML_TRUE)
++              == XML_STATUS_OK);
++
++  XML_ParserFree(parser);
++}
++END_TEST
++
++START_TEST(test_misc_async_entity_rejected) {
++  struct test_case {
++    const char *doc;
++    enum XML_Status expectedStatusNoGE;
++    enum XML_Error expectedErrorNoGE;
++  };
++  const struct test_case cases[] = {
++      // Opened by one entity, closed by another
++      {"<!DOCTYPE t0 [\n"
++       "   <!ENTITY open '<t1>'>\n"
++       "   <!ENTITY close '</t1>'>\n"
++       "]>\n"
++       "<t0>&open;&close;</t0>\n",
++       XML_STATUS_OK, XML_ERROR_NONE},
++      // Opened by tag, closed by entity (non-root case)
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY g0 ''>\n"
++       "  <!ENTITY g1 '&g0;</t1>'>\n"
++       "]>\n"
++       "<t0><t1>&g1;</t0>\n",
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++      // Opened by tag, closed by entity (root case)
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY g0 ''>\n"
++       "  <!ENTITY g1 '&g0;</t0>'>\n"
++       "]>\n"
++       "<t0>&g1;\n",
++       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS},
++      // Opened by entity, closed by tag <-- regression from 2.7.0
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY g0 ''>\n"
++       "  <!ENTITY g1 '<t1>&g0;'>\n"
++       "]>\n"
++       "<t0>&g1;</t1></t0>\n",
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++      // Opened by tag, closed by entity; then the other way around
++      {"<!DOCTYPE t0 [\n"
++       "  <!ENTITY open '<t1>'>\n"
++       "  <!ENTITY close '</t1>'>\n"
++       "]>\n"
++       "<t0><t1>&close;&open;</t1></t0>\n",
++       XML_STATUS_OK, XML_ERROR_NONE},
++  };
++
++  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
++    const struct test_case testCase = cases[i];
++    set_subtest("cases[%d]", (int)i);
++
++    const char *const doc = testCase.doc;
++#if XML_GE == 1
++    const enum XML_Status expectedStatus = XML_STATUS_ERROR;
++    const enum XML_Error expectedError = XML_ERROR_ASYNC_ENTITY;
++#else
++    const enum XML_Status expectedStatus = testCase.expectedStatusNoGE;
++    const enum XML_Error expectedError = testCase.expectedErrorNoGE;
++#endif
++
++    XML_Parser parser = XML_ParserCreate(NULL);
++    assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
++                                        /*isFinal=*/XML_TRUE)
++                == expectedStatus);
++    assert_true(XML_GetErrorCode(parser) == expectedError);
++    XML_ParserFree(parser);
++  }
++}
++END_TEST
++
+ void
+ make_miscellaneous_test_case(Suite *s) {
+   TCase *tc_misc = tcase_create("miscellaneous tests");
+@@ -649,4 +734,6 @@ make_miscellaneous_test_case(Suite *s) {
+   tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
+   tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content);
+   tcase_add_test(tc_misc, test_misc_expected_event_ptr_issue_980);
++  tcase_add_test(tc_misc, test_misc_sync_entity_tolerated);
++  tcase_add_test(tc_misc, test_misc_async_entity_rejected);
+ }
diff --git a/meta/recipes-core/expat/expat/CVE-2024-8176-05.patch b/meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
new file mode 100644
index 0000000000..063a590a11
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
@@ -0,0 +1,78 @@
+From a9aaf85cfc3025b7013b5adc4bef2ce32ecc7fb1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@tum.de>
+Date: Tue, 23 Sep 2025 12:12:50 +0200
+Subject: [PATCH] tests: Add line/column checks to async entity tests
+
+CVE: CVE-2024-8176
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tests/misc_tests.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 19f41df7..7a4d2455 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -644,6 +644,8 @@ START_TEST(test_misc_async_entity_rejected) {
+     const char *doc;
+     enum XML_Status expectedStatusNoGE;
+     enum XML_Error expectedErrorNoGE;
++    XML_Size expectedErrorLine;
++    XML_Size expectedErrorColumn;
+   };
+   const struct test_case cases[] = {
+       // Opened by one entity, closed by another
+@@ -652,35 +654,35 @@ START_TEST(test_misc_async_entity_rejected) {
+        "   <!ENTITY close '</t1>'>\n"
+        "]>\n"
+        "<t0>&open;&close;</t0>\n",
+-       XML_STATUS_OK, XML_ERROR_NONE},
++       XML_STATUS_OK, XML_ERROR_NONE, 5, 4},
+       // Opened by tag, closed by entity (non-root case)
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY g0 ''>\n"
+        "  <!ENTITY g1 '&g0;</t1>'>\n"
+        "]>\n"
+        "<t0><t1>&g1;</t0>\n",
+-       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 8},
+       // Opened by tag, closed by entity (root case)
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY g0 ''>\n"
+        "  <!ENTITY g1 '&g0;</t0>'>\n"
+        "]>\n"
+        "<t0>&g1;\n",
+-       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS},
++       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS, 5, 4},
+       // Opened by entity, closed by tag <-- regression from 2.7.0
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY g0 ''>\n"
+        "  <!ENTITY g1 '<t1>&g0;'>\n"
+        "]>\n"
+        "<t0>&g1;</t1></t0>\n",
+-       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
++       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 4},
+       // Opened by tag, closed by entity; then the other way around
+       {"<!DOCTYPE t0 [\n"
+        "  <!ENTITY open '<t1>'>\n"
+        "  <!ENTITY close '</t1>'>\n"
+        "]>\n"
+        "<t0><t1>&close;&open;</t1></t0>\n",
+-       XML_STATUS_OK, XML_ERROR_NONE},
++       XML_STATUS_OK, XML_ERROR_NONE, 5, 8},
+   };
+ 
+   for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+@@ -701,6 +703,11 @@ START_TEST(test_misc_async_entity_rejected) {
+                                         /*isFinal=*/XML_TRUE)
+                 == expectedStatus);
+     assert_true(XML_GetErrorCode(parser) == expectedError);
++#if XML_GE == 1
++    assert_true(XML_GetCurrentLineNumber(parser) == testCase.expectedErrorLine);
++    assert_true(XML_GetCurrentColumnNumber(parser)
++                == testCase.expectedErrorColumn);
++#endif
+     XML_ParserFree(parser);
+   }
+ }
diff --git a/meta/recipes-core/expat/expat_2.6.4.bb b/meta/recipes-core/expat/expat_2.6.4.bb
index ab0b1d54c1..816beaa8a3 100644
--- a/meta/recipes-core/expat/expat_2.6.4.bb
+++ b/meta/recipes-core/expat/expat_2.6.4.bb
@@ -13,6 +13,9 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2  \
            file://0001-tests-Cover-indirect-entity-recursion.patch;striplevel=2 \
            file://CVE-2024-8176-01.patch;striplevel=2 \
            file://CVE-2024-8176-02.patch;striplevel=2 \
+           file://CVE-2024-8176-03.patch \
+           file://CVE-2024-8176-04.patch \
+           file://CVE-2024-8176-05.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/"

From patchwork Fri Oct 10 02:50:28 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71994
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 048F0CCD184
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:01 +0000 (UTC)
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by mx.groups.io with SMTP id smtpd.web11.2324.1760064658492220693
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=hs/r16vi;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-78af743c232so1477512b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:50:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064658;
 x=1760669458; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xK3/u+8eBDddcCx0QLYIzSFXSD0z3aeBu4qBnC1iiaQ=;
        b=hs/r16vitD+EVKqEPxudhZ1ywYzgXc039LoMdtqasTIh7A0LHhGsuvJMy6/ULQHiRp
         DL3EQGBDgzTm9Im+JRPiG2HToOtN793vwTut8ReLy0tmjCvoMQRGApwwKfZhNem7WEgd
         dIBiwbz6Ho2y3uYEq2aU0vB6nYM7NgEredDeeb+ct/S4HhWjwjEsPFUchaI6NSFYJ+pj
         NtWwcdIWgIfs80mBSf4biu8Z2Y2yI0mN8vZorWMa8t+0mYuNmcjWORZsnIF2DvV7ZC44
         wEWPr/qjabJAvEyb9oHPXlgtOC1iP5lV9OFwo2P6khuPz4ZQmpBtw2bxq7SefOhFabNp
         eSSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064658; x=1760669458;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xK3/u+8eBDddcCx0QLYIzSFXSD0z3aeBu4qBnC1iiaQ=;
        b=WTbo0p6Ilu/6RsA9NvRpaeQcnuNJhPSKeO1usyKYs06f6wMr8+hKEvrbuo0j7LX0ak
         Z/Nr5+VfL8/1jKHBKy9o7kTbOc6a51fFk+xk893972PgqlWYAuWc4+aTWOqSKthc0PJM
         HuR2YQagwF/RcK68GHbxhAxoXgdObNgApIm9MUtStO6VyqPARZS3C7MmD+eWEPEzgPsR
         aI5+rQjHPiFTT+Bvk6lW6Y2+I8u1lF7ZR8ZPbcN+2SIzGoRRiBN9/JeHpXhw/xI4H/ub
         4C00rlid1OttsNHyE6l1AQ/efZWn/VLCbHmLnUZK9KNDbozfyCF1wctf0MQIzmr/LQtP
         q69w==
X-Gm-Message-State: AOJu0Yz7ivHXCwE6k4acCrL8PF1J4m7D8wLnjwXr7pShtmder8xjKpRz
	fmlVmPoJse9e0AacP3s7LKZoZ1LTVHqPpKPSwxVvNlkQWyrwX7kcBKjXRRwY4bG5D02ka7/Kif2
	yHGGp
X-Gm-Gg: ASbGnctZik5ySb64Tb++uc8iL4oLdFPMZ/vj37UIg0Hd10M5lezPtBUwX9UKKkWRsNn
	1TDvm3H9UNfv8oCoFxbtCfimd6gbMDNL4USwMh/JX6IRs/0vnucHVsqxsb1Kx8CNp6c9NwwWeu5
	J8eFX1i+EJOxhfFEvbVvvQKIGKQILmpwmdmSiHFAX2rUjENDci78VHB9ff2qgqBwoT70NjQ1o4B
	aoD1IP1RrUvAwqhIU3mTQlwakJmJCxcd6MudDaoRPkEl1MdTuAvn7pawC6QuVHawcsThWJP4836
	tkagUv1pLzf5gslbwS/to/DANJMrdVG0dyBEhIELbW5TIJnXNdJs5iwTGeD/meJ3kAg7LOkzYRo
	qAr7qTh/UEVgPe9jVUs+Vum1H/o/hz+LB
X-Google-Smtp-Source: 
 AGHT+IEZ7B+Kp1P8VytLWiSY07nIGcoMtYn2UZX1GU1FIsO/yA/68IOW3ZFA4BXnsxNIHW2CJIahcA==
X-Received: by 2002:a05:6a00:1706:b0:77f:50df:df31 with SMTP id
 d2e1a72fcca58-793870523b6mr9472584b3a.20.1760064657730;
        Thu, 09 Oct 2025 19:50:57 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.57
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:57 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 09/18] pulseaudio: ignore CVE-2024-11586
Date: Thu,  9 Oct 2025 19:50:28 -0700
Message-ID: 
 <4cdcb27238be40e815ce5a0b67ce419331079801.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224653

From: Ross Burton <ross.burton@arm.com>

As per the linked ticket, this issue is related to an Ubuntu-specific
patch that we don't have.

(From OE-Core rev: dc81fdc6bdf8ab39b7f2fd994d50256430c36558)

(From OE-Core rev: 72e63e44a0c6ad5a408c4dc59a24288c36463439)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/pulseaudio/pulseaudio.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
index a93ef8f338..26e9e08a63 100644
--- a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
+++ b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc
@@ -281,3 +281,5 @@ RDEPENDS:pulseaudio-server += "\
 RDEPENDS:pulseaudio-server += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', \
                                   bb.utils.contains('DISTRO_FEATURES', 'systemd', 'pulseaudio-module-systemd-login', 'pulseaudio-module-console-kit', d), \
                                   '', d)}"
+
+CVE_STATUS[CVE-2024-11586] = "not-applicable-platform: specific to Ubuntu 16.04"

From patchwork Fri Oct 10 02:50:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 71998
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 25BF7CCD192
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:01 +0000 (UTC)
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
 by mx.groups.io with SMTP id smtpd.web11.2326.1760064660044446407
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=PjAiM3yX;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.180,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-7930132f59aso2263415b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064659;
 x=1760669459; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LV8FfAJ9B6IaMw2hofgYDKMadVGYWBv5dzmcCrmapVk=;
        b=PjAiM3yXXPTE8zG8F1tfZWPgV2I+eFf/atalC/6kGn1bEqeMSk1+jP1fKtZE6gqkoH
         zWUNBF2VPgm6A9EZ2akG6xeXpXHtxLEsQjUlD9iuXS59Et2hWl69Kc9Ex8Qa1XDexapp
         T/NAF072GO/3QWtPZGl7hx9RmAhgcZKKlCuYvTanOgXK+157gX8Pl68GTOB/6r8znYBW
         qms1Ba0RfHhFFZJ6XiSNwexqnltqTj/yZEeTBYtmFaRO7V7PUJ2doxHQI5/ye3bt05vv
         eDtk+Xp49s1XauIBsVeHBOkTRfIGAOWw57wy8TIJvA7WJZFh2CAc0/BKukbcXLObpa9w
         ZF3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064659; x=1760669459;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LV8FfAJ9B6IaMw2hofgYDKMadVGYWBv5dzmcCrmapVk=;
        b=PmIEKGI7iz3Bo64YY+2R1qCxO8XWqode6g+95VEGsE8zQBODQf0GUkQjEfnI6A5bop
         kCZ3cSkzOL8gsZIXVA1U0sMYBn1LNztxBEGL9/kaWS+TezaDGmmvII9yycLzWK5snHDf
         Qhh2nrEYWe2m6J7zI/VII4bLkuyt/ECcR6hPVg9rMW6Gwow1QDE8/GoAbQaC62tSQhcm
         JBBp96pGCtRV7zF7evtnEsIKsU0yIgeYln7ijKXAZq/qB8Rn574A1NWUDMihanwMPC/V
         4P5ULUZt4nKpqL4mas9HJRaXEkPf/48UhejYFjANgXESRZyyrLm5lx3KrVXW3+lR3pWp
         Qo+w==
X-Gm-Message-State: AOJu0Yzq23OeiXcvbPUBd0AjQpZ0apXRg8XIPFHgen+HvS7SPZWS2lUq
	eFI53YDm0EOZXQSYILZVYzeainRrmb13m2F+u57kPeq5AUKVK6UKotldVV3t5WuLZfnKHoXy4VU
	ATHsx
X-Gm-Gg: ASbGncuPPZDz7nRXO3mwlX2VEosB3lUsNwHhfiT0k4exj1xMV1olfFg4gjXHTZEnygs
	t2AzRH1N+z58GeVCIa2S48h+yu3CluR/a8rqmY4nyXoaSQ5RVQTuvXRHJ5ShX4DOCYbHyJf9rHh
	2vVtZMekKEgRGeKMtgy2rja6UaSzINS6qJmlIfuikxlWfLr3Xxvk1EHVCxDJGtkS3MBFPHLpZlE
	XyLwkf4vDg4fzruEYh12EhqdV3GH8T5hQ9g23Ko/1sDgKebVilVLApLCPZVFVE8QI89CX9nQcpw
	zIW04NzQ9LnkpBrueEQHBbI6HRk53EaE+FFHtgbpZik7zCEoUDXJeNX4NWwFDa+zjkeFC1+U6wq
	a31kMTvzphUaRVDrUgoPjUXVZ/AiqQvgs
X-Google-Smtp-Source: 
 AGHT+IHxjxkuh1tYCZBG2hUPhQgi8FnfqE9yRWs8GB5wF9DlILlXEkvGQYyOo3sA+0qngVv5QP1SgQ==
X-Received: by 2002:a05:6a00:990:b0:781:b59c:b0ca with SMTP id
 d2e1a72fcca58-79385325547mr11095473b3a.3.1760064659332;
        Thu, 09 Oct 2025 19:50:59 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.50.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:50:58 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 10/18] tiff: ignore 5 CVEs
Date: Thu,  9 Oct 2025 19:50:29 -0700
Message-ID: 
 <faf1e12ae0f9de56402830460315e5be0d13f4a5.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224654

From: Peter Marko <peter.marko@siemens.com>

These CVEs are for tools which were removed in v4.6.0 via [1] and
re-introduced again in v4.7.0 via [2].

[1] https://gitlab.com/libtiff/libtiff/-/commit/eab89a627f0a65e9a1a47c4b30b4802c80b1ac45
[2] https://gitlab.com/libtiff/libtiff/-/commit/9ab54a858049bef020d578c71d82669531551c00

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 1d3d08ff9d..9957699fb2 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -28,6 +28,10 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
 CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"
 
+CVE_STATUS_GROUPS += "CVE_STATUS_REMOVED_TOOLS"
+CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851"
+CVE_STATUS_REMOVED_TOOLS[status] = "cpe-incorrect: tools affected by these CVEs are not present in this release"
+
 inherit autotools multilib_header
 
 CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"

From patchwork Fri Oct 10 02:50:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72004
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 253FACCD183
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:11 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web11.2329.1760064661760427901
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:01 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=dp/2gs3E;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-7811a02316bso1160212b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064661;
 x=1760669461; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=NVb10l57E/6IzZn8zpFywYt8vcqq3IIkAc76gXP9yuM=;
        b=dp/2gs3EogfV7JMWn7pwSw8uXFWwp4r5orHm94mFqu8DmgMmFsfEWY7ASdXBYUEXaD
         TJT4fhanTIhBS365klsi4mQ7D87wFUXJf06HM3XOs+xacPjFaXaPnRzmSGr90c667Tj2
         tzxuwF09FEakwcKaiql9RA6Fm3tyH38SyewGVvJXPQea1M6+9te6bPsvc3FMagfc+wD7
         R7p1y/jSDJETC0+rNHRwsBvc4L9+3Qo3pe3EL4S7AlX0+F4ZS4IQAd4P+4BG2Yu23JGj
         waEj6dPh2sNLvAobFCZQNPMGheFImCRrrkaG+Y4xhqtrL5Gyb3MhWKaa1FUmMS95xYA7
         nxMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064661; x=1760669461;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=NVb10l57E/6IzZn8zpFywYt8vcqq3IIkAc76gXP9yuM=;
        b=mtQgn2KaBa12eJRzdFaaafWCGwX1XNfZb0vJKipevz5JJ8Bzx/l0i5vlNnr5xquRxF
         8z22lzDakpKhEjPbgkG+iI69H6EnZwEmH8BxwVpGo9u2xENsUhP1MM93+UKP3p1XAK/t
         oTc04PIJSQTGHMn1idLuUuWc2HcfnKod+2YQWpXOxmVHQO/r10LinjIuTZWv6Vdiv6Ye
         VTL7mU9B/PHeDVcM4SaJJQAV2LGeX27g1vqOSI1pFjVcvx81ijtLLIXemcC17Z96yepG
         TH2WH8a/o7AjiCm+xql1eu7bNZ35M/PbsyuJa0GLfpK/eKLLsi9A3ANHPPbpX6pbgd4N
         d2nQ==
X-Gm-Message-State: AOJu0YxZEB4R2Tfn3l0AMAqqwn2gK4e0/l8x3qF5nVBK6maRR+me7qS6
	AENhvijLseXlnOTidwL6v5Hb0OTjqLm1kETGzG9saA0Sl45mhAY9hk0Bl5X+5/gtIfXNFfeW8Mt
	JznJ7
X-Gm-Gg: ASbGnctOSPmFaHFHzbSC1Os7EjnwV0TBVb0hXPoE6DvlruQFIAIdtiA2vcdDaa7D41w
	bUaIz+ph9Zz0vBxG2Sx8Xe7R22A/NkQtf18iolkdRAg4e1njm1ED4qqXGevM+wlTMBqJyFIccim
	i2dH5whbMhAlccwhsjQAGHlPaFluIGCp3RUBUq2i0VDZj073/S6cptaCueDXrc4nthHBrgnLlWA
	umkAog8gu9p1UTLfv3SADSxkOLtvCpiMr1tFRCBQ0lRlO5TAfALkS3SlI9ckF96AjJUB3iLY89S
	b4zMyZI3dausQAD0LRsxzuEM63ChIIgShrm9/iri/m1008DcmUCqlo8SOUOaOaKj01fWTzUGdfg
	kkzRnSBkB4MZSM9qFBexdyvKENm/tDgmJ
X-Google-Smtp-Source: 
 AGHT+IFcBAQ10czuC+wk2Dx3SAcRMTBZjbpR4xfyXzkZJl06QGqev/bRM0AisDqhhb3XcpVlLUS9MA==
X-Received: by 2002:a05:6a00:138c:b0:781:1ff0:21c5 with SMTP id
 d2e1a72fcca58-79385708f39mr10642062b3a.3.1760064660968;
        Thu, 09 Oct 2025 19:51:00 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:00 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 11/18] ffmpeg: ignore 8 CVEs fixed in 6.1.1 and
 6.1.3 releases
Date: Thu,  9 Oct 2025 19:50:30 -0700
Message-ID: 
 <8286570b3baf275ff48c45ca0864348a8d3faa01.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224655

From: Peter Marko <peter.marko@siemens.com>

Following are mentioned in commit upgrading the recipe to 6.1.3:
* CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31578 CVE-2024-31582

Following are fixed via mentioned commits already in 6.1.1:
* CVE-2023-50009: https://github.com/FFmpeg/FFmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba
* CVE-2023-50010: https://github.com/FFmpeg/FFmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1
* CVE-2024-31585: https://github.com/FFmpeg/FFmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
index dbd0a3f270..38c6d1f2b7 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
@@ -50,6 +50,10 @@ CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wr
 # Fixed: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
 CVE_STATUS[CVE-2025-1373]  = "fixed-version: Vulnerable code not present in any release"
 
+CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x"
+CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585"
+CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x"
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"

From patchwork Fri Oct 10 02:50:31 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72001
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2542DCCD18C
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:11 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web11.2331.1760064664037315084
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:04 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=P4Gdh3Vx;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-77f1f29a551so2189510b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064663;
 x=1760669463; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=NO73NEqThYryOCLXwO9TUEsy8kyBsvyn59ApjluQ9Tk=;
        b=P4Gdh3Vx7ufgDk11OysWzh/bXg31ztx+lpCltzv579Zod3nS8/Ez5CsmVU3n4QuiNb
         wEt0o4giECcjlSVidTgWa1MS7XLTmbfMsSrSZAfCM3T8w80HLlJWQRCTHU7KmJvVyGeR
         ssArCTPJUBnbKk5GdndTrQEdzi3DF3ntdqGv+EqyUn/P2MC63MZa5FPAkXLF0QyJI/KN
         0vOITb9685QzmijfZhkCh2WRJJIi5IZCMVsGSZm4m1hOsu9xdNLqaEYsywqvibWnH9nk
         Cv36tVHuMoS10dlyh9W/uiGBnISahLCXb2fTnpPXNjqJDlL3gSk4nWsRJg4JiBLHswvW
         QT0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064663; x=1760669463;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=NO73NEqThYryOCLXwO9TUEsy8kyBsvyn59ApjluQ9Tk=;
        b=r8o9zmM13fsdjRoBY2kZFlHAxHcInOS0GPJe9L2ATmX3Bfyz9VYqIdJmvaNFisU47Y
         bseym2A89DtmhHln9lcLP7F6mih7gcSMd0mwjF/aQ2j/TXKS2jOK8RYnkp0WDfnrimFC
         UebIwsQlyNj0nbLFglhe/JcmWADkqzCKMqFBz84WOvuUCVO9nER1FzlC1MCGNeiG6qfy
         Fm8RJsvqduryoaht/xLOLKumOK3I68vS/yX0SC91jUpUkriIOtxUSFOQZhHWNXk6jagK
         sWtdzHDIxtuPxRueN2N0MPVs3l+bLE6kZkm10+ICD452kJ+qnpCw/XVnZggwjzcPPDvG
         Kopg==
X-Gm-Message-State: AOJu0YwNksuu90bqPGbMj336Zf35BuFQzJEXhg+yt4+NTuul/x6Jz+eV
	g07aVUbI38TT+8kjIZqXLVOvzhlYAsh0zr0wBvfofKhwGhTdlDv0EsHr9HUif+1mMxmz1M9SyUH
	hgItU
X-Gm-Gg: ASbGnctbdGNlk170xrzoLKh/IU3DbpW9w+lLHmp55SS9uoJM2uTBO39lXWY938gZK6s
	VSXl7t2d6RpSQLDTXx76PHmq8nQafvXs/fqcMKEPdStiYmjZag39HUlcPgPZ9jhgMrRZPOQzife
	IJQsjTyGt/ccpXC/VTgqBdW7p14v7ClcphhfZgGDicAdlH72qOAg9SBtv4dcFAKl/VWR6MxP44L
	WgBtk6nft8aCgf8j4rCO/9U8H/FDrP3DRqTBxFUURTrQV0osLdOyXbbJ73rpACGAcXgJbAzz++W
	Kz/55padhbuPBSj4TJ/vDAHn/o9XUrQqGBIhdFz32G0eqHPSb4AOBPElIRpdovF7f3C7RG52Llv
	V5vusqQq+ZqgGmZ9taO6CT/laxsftqYxg
X-Google-Smtp-Source: 
 AGHT+IFbVpT6V1+G9js0ABZEP6ni4VByqL3WShxcho9rrG3COZ+LAKgo9l9Z+YXpw56pFRwBTMPKtg==
X-Received: by 2002:a05:6a00:a8f:b0:781:f1ee:a9cd with SMTP id
 d2e1a72fcca58-793858fb683mr12772534b3a.13.1760064663073;
        Thu, 09 Oct 2025 19:51:03 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:02 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 12/18] go: fix CVE-2025-47906
Date: Thu,  9 Oct 2025 19:50:31 -0700
Message-ID: 
 <ed6df1883225ec08e637a0d7a15a6a5da4665d8d.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224656

From: Archana Polampalli <archana.polampalli@windriver.com>

If the PATH environment variable contains paths which are executables
(rather than just directories), passing certain strings to LookPath
("", ".", and ".."), can result in the binaries listed in the PATH
 being unexpectedly returned.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.22.12.inc       |   1 +
 .../go/go/CVE-2025-47906.patch                | 183 ++++++++++++++++++
 2 files changed, 184 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch

diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index d0ce333117..a364e1aae8 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -20,6 +20,7 @@ SRC_URI += "\
     file://CVE-2025-4674.patch \
     file://CVE-2025-47907-pre.patch \
     file://CVE-2025-47907.patch \
+    file://CVE-2025-47906.patch \
 "
 SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
 
diff --git a/meta/recipes-devtools/go/go/CVE-2025-47906.patch b/meta/recipes-devtools/go/go/CVE-2025-47906.patch
new file mode 100644
index 0000000000..88895f496d
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-47906.patch
@@ -0,0 +1,183 @@
+From 8fa31a2d7d9e60c50a3a94080c097b6e65773f4b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= <olivier.mengue@gmail.com>
+Date: Mon, 30 Jun 2025 16:58:59 +0200
+Subject: [PATCH] [release-branch.go1.23] os/exec: fix incorrect expansion of
+ "", "." and ".." in LookPath Fix incorrect expansion of "" and "." when $PATH
+ contains an executable file or, on Windows, a parent directory of a %PATH%
+ element contains an file with the same name as the %PATH% element but with
+ one of the %PATHEXT% extension (ex: C:\utils\bin is in PATH, and
+ C:\utils\bin.exe exists).
+
+Fix incorrect expansion of ".." when $PATH contains an element which is
+an the concatenation of the path to an executable file (or on Windows
+a path that can be expanded to an executable by appending a %PATHEXT%
+extension), a path separator and a name.
+
+"", "." and ".." are now rejected early with ErrNotFound.
+
+Fixes CVE-2025-47906
+Fixes #74803
+
+Change-Id: Ie50cc0a660fce8fbdc952a7f2e05c36062dcb50e
+Reviewed-on: https://go-review.googlesource.com/c/go/+/685755
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Auto-Submit: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Reviewed-by: Damien Neil <dneil@google.com>
+(cherry picked from commit e0b07dc)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/691855
+Reviewed-by: Michael Knyszek <mknyszek@google.com>
+
+CVE: CVE-2025-47906
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/8fa31a2d7d9e60c50a3a94080c097b6e65773f4b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/os/exec/dot_test.go   | 56 +++++++++++++++++++++++++++++++++++++++
+ src/os/exec/exec.go       | 10 +++++++
+ src/os/exec/lp_plan9.go   |  4 +++
+ src/os/exec/lp_unix.go    |  4 +++
+ src/os/exec/lp_windows.go |  7 +++++
+ 5 files changed, 81 insertions(+)
+
+diff --git a/src/os/exec/dot_test.go b/src/os/exec/dot_test.go
+index ed4bad2..86e9cbb 100644
+--- a/src/os/exec/dot_test.go
++++ b/src/os/exec/dot_test.go
+@@ -178,4 +178,60 @@ func TestLookPath(t *testing.T) {
+			}
+		}
+	})
++
++	checker := func(test string) func(t *testing.T) {
++		return func(t *testing.T) {
++			t.Helper()
++			t.Logf("PATH=%s", os.Getenv("PATH"))
++			p, err := LookPath(test)
++			if err == nil {
++				t.Errorf("%q: error expected, got nil", test)
++			}
++			if p != "" {
++				t.Errorf("%q: path returned should be \"\". Got %q", test, p)
++			}
++		}
++	}
++
++	// Reference behavior for the next test
++	t.Run(pathVar+"=$OTHER2", func(t *testing.T) {
++		t.Run("empty", checker(""))
++		t.Run("dot", checker("."))
++		t.Run("dotdot1", checker("abc/.."))
++		t.Run("dotdot2", checker(".."))
++	})
++
++	// Test the behavior when PATH contains an executable file which is not a directory
++	t.Run(pathVar+"=exe", func(t *testing.T) {
++		// Inject an executable file (not a directory) in PATH.
++		// Use our own binary os.Args[0].
++		testenv.MustHaveExec(t)
++		exe, err := os.Executable()
++		if err != nil {
++			t.Fatal(err)
++		}
++
++		t.Setenv(pathVar, exe)
++		t.Run("empty", checker(""))
++		t.Run("dot", checker("."))
++		t.Run("dotdot1", checker("abc/.."))
++		t.Run("dotdot2", checker(".."))
++	})
++
++	// Test the behavior when PATH contains an executable file which is not a directory
++	t.Run(pathVar+"=exe/xx", func(t *testing.T) {
++		// Inject an executable file (not a directory) in PATH.
++		// Use our own binary os.Args[0].
++		testenv.MustHaveExec(t)
++		exe, err := os.Executable()
++		if err != nil {
++			t.Fatal(err)
++		}
++
++		t.Setenv(pathVar, filepath.Join(exe, "xx"))
++		t.Run("empty", checker(""))
++		t.Run("dot", checker("."))
++		t.Run("dotdot1", checker("abc/.."))
++		t.Run("dotdot2", checker(".."))
++	})
+ }
+diff --git a/src/os/exec/exec.go b/src/os/exec/exec.go
+index b8ef5a0..2c7f510 100644
+--- a/src/os/exec/exec.go
++++ b/src/os/exec/exec.go
+@@ -1310,3 +1310,13 @@ func addCriticalEnv(env []string) []string {
+ // Code should use errors.Is(err, ErrDot), not err == ErrDot,
+ // to test whether a returned error err is due to this condition.
+ var ErrDot = errors.New("cannot run executable found relative to current directory")
++
++// validateLookPath excludes paths that can't be valid
++// executable names. See issue #74466 and CVE-2025-47906.
++func validateLookPath(s string) error {
++	switch s {
++	case "", ".", "..":
++		return ErrNotFound
++	}
++	return nil
++}
+diff --git a/src/os/exec/lp_plan9.go b/src/os/exec/lp_plan9.go
+index dffdbac..39f3d33 100644
+--- a/src/os/exec/lp_plan9.go
++++ b/src/os/exec/lp_plan9.go
+@@ -36,6 +36,10 @@ func findExecutable(file string) error {
+ // As of Go 1.19, LookPath will instead return that path along with an error satisfying
+ // errors.Is(err, ErrDot). See the package documentation for more details.
+ func LookPath(file string) (string, error) {
++	if err := validateLookPath(file); err != nil {
++		return "", &Error{file, err}
++	}
++
+	// skip the path lookup for these prefixes
+	skip := []string{"/", "#", "./", "../"}
+
+diff --git a/src/os/exec/lp_unix.go b/src/os/exec/lp_unix.go
+index 3787132..2543525 100644
+--- a/src/os/exec/lp_unix.go
++++ b/src/os/exec/lp_unix.go
+@@ -54,6 +54,10 @@ func LookPath(file string) (string, error) {
+	// (only bypass the path if file begins with / or ./ or ../)
+	// but that would not match all the Unix shells.
+
++	if err := validateLookPath(file); err != nil {
++		return "", &Error{file, err}
++	}
++
+	if strings.Contains(file, "/") {
+		err := findExecutable(file)
+		if err == nil {
+diff --git a/src/os/exec/lp_windows.go b/src/os/exec/lp_windows.go
+index 698a97c..e0b74e3 100644
+--- a/src/os/exec/lp_windows.go
++++ b/src/os/exec/lp_windows.go
+@@ -68,6 +68,9 @@ func findExecutable(file string, exts []string) (string, error) {
+ // As of Go 1.19, LookPath will instead return that path along with an error satisfying
+ // errors.Is(err, ErrDot). See the package documentation for more details.
+ func LookPath(file string) (string, error) {
++	if err := validateLookPath(file); err != nil {
++		return "", &Error{file, err}
++	}
+	return lookPath(file, pathExt())
+ }
+
+@@ -81,6 +84,10 @@ func LookPath(file string) (string, error) {
+ // "C:\foo\example.com" would be returned as-is even if the
+ // program is actually "C:\foo\example.com.exe".
+ func lookExtensions(path, dir string) (string, error) {
++	if err := validateLookPath(path); err != nil {
++		return "", &Error{path, err}
++	}
++
+	if filepath.Base(path) == path {
+		path = "." + string(filepath.Separator) + path
+	}
+--
+2.40.0

From patchwork Fri Oct 10 02:50:32 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72002
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2F72CCCD184
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:11 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web11.2332.1760064665650451453
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:05 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=DG0EiZ2l;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-78f3bfe3f69so1543229b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064665;
 x=1760669465; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=gW8+NsxRBTC/pG7OPv6EWy8wnqQcgyHERIdrYbk5brE=;
        b=DG0EiZ2lJtv8bWC782knbBcgE9PKZcr6Ip3szF27Evk3ISLol9m2/IHqTjOTqRW3H4
         KeEjR/DO0kI6KpieDYmZmWwFtojErnqEusHhhoAEyf7Hj5rPES1fJ4Y28AL8eTs/SUC0
         8IQua7vgWbb2U+3Y9lx0YI7a2+rQiiJMKR2VrD+h6ntAI95UIJhk/DNzVgwVDKmdGMdX
         2PQ8t1mSSWUjwBn24S+W7v6z8Yu+YkdfSnHFSYYna7DFN/OCY2K9A2cJfRDdV+xfBF0c
         Z/A8oWmzrVr/6DnwSdLOI3ZWxPjAliQWs3qt7BtLwFbhDqerPPtKRdkyDhgMYuILvtNU
         KEKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064665; x=1760669465;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=gW8+NsxRBTC/pG7OPv6EWy8wnqQcgyHERIdrYbk5brE=;
        b=SpCOQ1QND8+wJlIACLlQz1lEEv524T1YnljnyMZ3q1znJN4/g10W5jOw1G2nR32S9p
         mdjooUkRAYI5lCbsVr60qfUe2BIGjojk714gbsdLPlbykwBopAY3efElhBahaBnxsPzS
         TCoYnAO4nHBwqzlFbsTfWTdBHTThuTax8OIMVab7HQte1Pix/B5u2ZSrcoJfuHsWgIU6
         PG/UTXgiENb1En6gDDTaFiRJnUGrkS7OoRYSu/mEtzTggu/p7RThpfkHniScq8REGRzV
         W53K0DjnLyoE4hZBK/jTJSM7uR9A5xJm9gHse0x0LgWEy7reXZyQ8xPYITUzxCGmV2dH
         hCLA==
X-Gm-Message-State: AOJu0Yx7AQPTGBy6CWOk3Yy9rlBycqDCvRSTP4a+aHuTf/Nr8jVvdgO2
	WhPit5nHjzi/KWQ37zzdJlviMl9EfWMcE5jLs83qAJIPzvXxaaddlKY7gAjQxMLzd7r2YlBS7g2
	bMIXG
X-Gm-Gg: ASbGnctqw6bLzNsEXwaaOYm1mLtrEp/qtCUFLx9g3jvzkCkMYauiFhiQfceYgDsAd13
	AwCdsmbRLAuM+uxZqLLnbyPZD07JdgB08p/hoH6CUoxxMkEu8BgqbHOtNTSCddDrCFhMTawYJv2
	VFtN/ALMNHTAvOvuFJpR2eZqy6aK0Qtwwwh7XaiwSrw3WHnZSZIfSeMUhiyuHoW1CiyKjHiyneP
	1SuVu3cvfZaD2dYCEEbv11LDuYAHFubBT1BUd7W66YNJnJwmc/cAvdiQkvgJewo0wS/A748QE66
	1q6gTGbgHBfQn2o/qFmOlvnRI6WewydnkLTUHwEbSjO/xE0BisG4tuR4VC0qZAm8eL/Bgg9C3Cx
	QMgKrOjfWdMdu5HyvkYbEKOil+pdNegCh
X-Google-Smtp-Source: 
 AGHT+IFvdzA9GcZDldtKncyYvhi1D3xm7FxekZRR+LDnF+4dsUnYZzhyzqGTzuYIdkWwVFMcnt43rg==
X-Received: by 2002:a05:6a00:1701:b0:781:1a9f:aeeb with SMTP id
 d2e1a72fcca58-7938570951amr10392031b3a.1.1760064664881;
        Thu, 09 Oct 2025 19:51:04 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.04
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:04 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 13/18] glibc: stable 2.39 branch updates
Date: Thu,  9 Oct 2025 19:50:32 -0700
Message-ID: 
 <95d0fb4db6d4599ed9e4bfea1850e66aa4466726.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224657

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

git log --oneline b027d5b145f1b2908f370bdb96dfe40180d0fcb6..765534258e7f2c33719e3a5bc13432552991513b

765534258e (HEAD, origin/release/2.39/master) nss: Group merge does not react to ERANGE during merge (bug 33361)
7ce7b4b2f4 Rename new tst-sem17 test to tst-sem18
a6ac06abeb Avoid uninitialized result in sem_open when file does not exist
ff6ce67220 elf: handle addition overflow in _dl_find_object_update_1 [BZ #32245]
fffc2df8a3 Optimize __libc_tsd_* thread variable access
83340b35cc i386: Add GLIBC_ABI_GNU_TLS version [BZ #33221]
5541edb1bd i386: Also add GLIBC_ABI_GNU2_TLS version [BZ #33129]
1f17635507 debug: Fix tst-longjmp_chk3 build failure on Hurd
3b6c8ea878 debug: Wire up tst-longjmp_chk3
89596f46e3 i386: Update ___tls_get_addr to preserve vector registers
4c2509882f elf: Preserve _rtld_global layout for the release branch
cf0e7d512d elf: Compile _dl_debug_state separately (bug 33224)
5cd1f4b1a1 elf: Restore support for _r_debug interpositions and copy relocations
97017da5ef elf: Introduce _dl_debug_change_state
5601ad79b7 elf: Introduce separate _r_debug_array variable
24c94ea84e elf: Test dlopen (NULL, RTLD_LAZY) from an ELF constructor
79d84b5da5 elf: Fix handling of symbol versions which hash to zero (bug 29190)
5f5c411132 elf: Second ld.so relocation only if libc.so has been loaded
4c9b1877fd elf: Reorder audit events in dlcose to match _dl_fini (bug 32066)
f407a14ff7 elf: Call la_objclose for proxy link maps in _dl_fini (bug 32065)
e27601b385 elf: Signal la_objopen for the proxy link map in dlmopen (bug 31985)
fef226255d elf: Add the endswith function to <endswith.h>
d21a217fa0 elf: Update DSO list, write audit log to elf/tst-audit23.out
4f145bb35d elf: Switch to main malloc after final ld.so self-relocation
65d86471ce elf: Introduce _dl_relocate_object_no_relro
5434cc2c41 elf: Do not define consider_profiling, consider_symbind as macros
b2d8c6cbe7 elf: rtld_multiple_ref is always true
2b89de7c91 Revert "elf: Run constructors on cyclic recursive dlopen (bug 31986)"
46e3ecad27 elf: Fix map_complete Systemtap probe in dl_open_worker
5f225025db elf: Signal RT_CONSISTENT after relocation processing in dlopen (bug 31986)
d6cc325fcf elf: Signal LA_ACT_CONSISTENT to auditors after RT_CONSISTENT switch
6917fde6f9 elf: Run constructors on cyclic recursive dlopen (bug 31986)
9fa7cc6a0b ldconfig: Move endswithn into a new header file
269e89bd8d x86-64: Add GLIBC_ABI_DT_X86_64_PLT [BZ #33212]
62ff85fd09 x86-64: Add GLIBC_ABI_GNU2_TLS version [BZ #33129]
f0e8d04eef libio: Test for fdopen memory leak without SEEK_END support (bug 31840)
42a8cb7560 Remove memory leak in fdopen (bug 31840)
d1c1f78e9e math: Remove no-mathvec flag
20d2d69a2f Use TLS initial-exec model for __libc_tsd_CTYPE_* thread variables [BZ #33234]
c11950503f ctype: Fallback initialization of TLS using relocations (bug 19341, bug 32483)
25c537c3b3 Use proper extern declaration for _nl_C_LC_CTYPE_{class,toupper,tolower}
fbdf9680cc Remove <libc-tsd.h>
fca5937510 ctype: Reformat Makefile.
49f0e73fa3 elf: Handle ld.so with LOAD segment gaps in _dl_find_object (bug 31943)
64488b4b31 elf: Extract rtld_setup_phdr function from dl_main
9833fcf7ce elf: Do not add a copy of _dl_find_object to libc.so
fbade65338 arm: Use _dl_find_object on __gnu_Unwind_Find_exidx (BZ 31405)
392e6cf1e8 AArch64: Improve codegen in SVE log1p
3a78a276a3 AArch64: Optimize inverse trig functions
b6ea8902a7 AArch64: Avoid memset ifunc in cpu-features.c [BZ #33112]

Testing Results:
            Before     After    Diff
PASS         5080      5096      +16
XPASS        4         4          0
FAIL         119       123       +4
XFAIL        16        16         0
UNSUPPORTED  154       154        0

Testcases changes

testcase-name                                                before           after

debug/tst-longjmp_chk3(new)                                    -               PASS
elf/check-dt-x86-64-plt(new)                                   -               PASS
elf/check-gnu2-tls(new)                                        -               PASS
lf/tst-dlmopen4-nonpic(new)                                    -               PASS
elf/tst-dlmopen4-pic(new)                                      -               PASS
elf/tst-dlopen-auditdup(new)                                   -               PASS
elf/tst-dlopen-constructor-null(new)                           -               PASS
elf/tst-link-map-contiguous-ldso(new)                          -               PASS
elf/tst-link-map-contiguous-libc(new)                          -               PASS
elf/tst-nolink-libc-1(new)                                     -               PASS
elf/tst-nolink-libc-2(new)                                     -               PASS
elf/tst-rtld-no-malloc(new)                                    -               PASS
elf/tst-rtld-no-malloc-audit(new)                              -               PASS
elf/tst-rtld-no-malloc-preload(new)                            -               PASS
elf/tst-tls23(new)                                             -               PASS
elf/tst-version-hash-zero(new)                                 -               PASS
libio/tst-fdopen-seek-failure(new)                             -               PASS
libio/tst-fdopen-seek-failure-mem(new)                         -               PASS
nptl/tst-sem18(new)                                            -               PASS
ctype/tst-ctype-tls-dlmopen(new)                               -               FAIL
ctype/tst-ctype-tls-dlopen-static(new)                         -               FAIL
stdio-common/tst-scanf-bz27650                                FAIL             PASS
malloc/tst-aligned-alloc-random-thread-cross-malloc-check     PASS             FAIL
malloc/tst-aligned-alloc-random-thread-malloc-check           PASS             FAIL
timezone/tst-tzset                                            PASS             FAIL
elf/ifuncmain8                                                PASS              -

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 89e532fd67..f63eb0ad56 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,7 +1,7 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "b027d5b145f1b2908f370bdb96dfe40180d0fcb6"
-SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
+SRCREV_glibc ?= "765534258e7f2c33719e3a5bc13432552991513b"
+SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
 

From patchwork Fri Oct 10 02:50:33 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72003
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2F770CCD18E
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:11 +0000 (UTC)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by mx.groups.io with SMTP id smtpd.web11.2333.1760064667024275988
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:07 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=MwCa+ntT;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-77f1f29a551so2189540b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064666;
 x=1760669466; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TufANuGo8VJH9dDQuI3N+KNK4NxmchWvFvC25C4PMjs=;
        b=MwCa+ntTW7S2j2xBRtSfZkIqWZu0mmcZa0GhMiZzlM6TUoup3ewdI+tj64U+NTxDMI
         qXXYCY0HItofpyR/PCtIAuGIIAgeb4ZSfFw2IavWyKK3Nmm5hoDyD5m95vvtow+Ni1LA
         8ltMNB8ILwxNqg5jShqv6vXAv7ulY2NLAeqMy5glTiyp14NV+y+iilTL5AExLYI18hiS
         uSk6iDE7UvUqdZNeWYSM3hxcXEs/HOIaUGICiiklLjv53KWiC8xebfxAGU2Atg2QmlB5
         ih6ELMnPW47mRBp7b14vxDbuSBpHNBY2sFPNuEMFjsODRhHwtDJdNxiHAvvWnaeUIVkM
         gJVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064666; x=1760669466;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=TufANuGo8VJH9dDQuI3N+KNK4NxmchWvFvC25C4PMjs=;
        b=BelJE4b1QcnP13gD7nuKtDepEGw4x4tR3e9MbUntdbqYn0c0/nskIMJm8VTPzP5Rnb
         mx1QcR7LnnaiSKODASf/HgMVHov0/yKb6Xa3VT4+MyTgvnip2AZ4qg+I49Z6viTIRU80
         eWHwTX0ifBpGhEnW9ZcIORWr5L/fzZwDx4Pab2IwrDEBRdI/fo8qcX3l9SY8Jyu4Qcqx
         awiSe2HYc72xg0dfc8qewQGIIkUrs2V1MALAubgqCXDOqfbmKEtMpkLFbuTs3oqqrsvs
         hlAVdruLHguSK2yXcBW4tK55v3UjhtGZuWKGTpe9N/bVKdR+IvW0rV4+aoKnwbC92Ohb
         OixA==
X-Gm-Message-State: AOJu0YxK9k+DVT5Kr3p2+BdIrHR1ehdsSvZfWJpq7a79hvYw3vbHgGau
	sn0NWvatGG4gou/TkrGTXt/gJJUbPbXWbUV8Rj76kkeegKkOaqfh/E0J/n2Bq5BbnW26vdtJTSG
	i/WvC
X-Gm-Gg: ASbGncs/iVHMUnSQCR5cDmHzSEGCFJW+79jWg8yuquYgoh7PYURId20OX5YJNgqoCpq
	Beayej/UM/sMCEA/pce2eQ0yerbzCK3M95Cjxxsox9ldgD7Pbb5pr/zqAIYhs5wgIRMVbf7H41Z
	71eNU7Sg0ow8iB8XRKTQoe3L5+An9ik/JPaA5yH9kM4kq7MbC7eAW/QojmL3yLVf34cSlRlnEbE
	7VBE4q2OdMyCI0AuI9bBNh0Zguh1G7mYlrJKdJcB9Xw09Psa4BPQmaou5Y500MX2xF+f7wkdgpR
	XxR/CXRgzAxur9b4TerxXj2Dj6PXBIxwqEekTriEpdeSXuS3iIXeEGEb5p2Af8y8wmmFGNpJnhx
	/3iqosY/bXPg8wCoWf/UmTD+DfeBFNxdy
X-Google-Smtp-Source: 
 AGHT+IH9c3ll5KrF2VSbOopNCBvxp18oDWZYw610Vv1lIJ8O44FqgLIqLbUjO8rFFKzGSr7IuP7zig==
X-Received: by 2002:a05:6a00:c8a:b0:77f:49da:166f with SMTP id
 d2e1a72fcca58-79387829873mr11392050b3a.25.1760064666243;
        Thu, 09 Oct 2025 19:51:06 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:05 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 14/18] scripts/install-buildtools: Update to
 5.0.12
Date: Thu,  9 Oct 2025 19:50:33 -0700
Message-ID: 
 <07a17bbae81954796710e2e80cc386268ac5fabe.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224658

From: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>

Update to the 5.0.12 release of the 5.0 series for buildtools

Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/install-buildtools | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 0dd23fe0e4..a449e45cff 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
 
 DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
 DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-5.0.11'
-DEFAULT_INSTALLER_VERSION = '5.0.11'
+DEFAULT_RELEASE = 'yocto-5.0.12'
+DEFAULT_INSTALLER_VERSION = '5.0.12'
 DEFAULT_BUILDDATE = '202110XX'
 
 # Python version sanity check

From patchwork Fri Oct 10 02:50:34 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72005
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3D5B2CCD18D
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:11 +0000 (UTC)
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web11.2334.1760064669936704926
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=jNyhy/I0;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-781010ff051so1154493b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064669;
 x=1760669469; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+e/kouH30tpe5R/yvn5KjR4YZ0BP6tBVWWPbggurhaI=;
        b=jNyhy/I0HSePGmr4nrToTebiE5gMs500Rh9FDMt649TifINzsdGPo+EIefAxneNFU5
         K7Z2DTJVvGJAn1jOQblir4FwXEDy+dSdf7r+hOAlMkUZwX/Pf5gh2+Dx0emAoSj7+OMe
         skqoD4MbKxRvS9l/1LCJFaBNFNzNOPjUVkWv4iC2hnW69AfeHVtQQyzeNRBIjqrgVeSh
         e4ryHMzIVPOVg8ZcO8RD4Xt7Kk+o8GYomGyYq8Qkb4FejEjS8e75XEO0Es7eoiOSYlpX
         L+UhfZ5+jJtHFcBCJyU8uqvlGS80jvTRVkGuCWuupJZDK9aITUSi4qxLiIAUgtn4Lhh/
         tK+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064669; x=1760669469;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+e/kouH30tpe5R/yvn5KjR4YZ0BP6tBVWWPbggurhaI=;
        b=ttcVIs+BNE5RjKvRMib8/ddxeeX+NqQVJaLos5452RW6JxT1JUAoRW7xHN+S302F/S
         d8fD1TYpprMRQULCZ8aq68n4YOcQrsuHva/85UEcRfh/AOrQOpeC/05k6jLVDkp9WjYw
         11Z97jqOK40RaAZ40m9/DBhronikqQeXy7cx6fzGKl5zzfkJ0h6UoWuh1nPReY/SKh74
         75GbbtB/WB4V/D6i61ycxge1YzDbNcVve1wybxzveCNvcD5YUGl83qjvF2EJrEVIcGoY
         yEqM3y6B00CY0iqn8qSyhdd+c7X+A4glY5yXfKr/yN80wpkwTmT/SBfTEdhQ5AqNfERD
         UlpA==
X-Gm-Message-State: AOJu0YwG+xHF9xmqKTs4xVyRSRWc06aGN8Y9Bmgy1rTasHjuOKt58v6h
	PcHcoxRnrlT8+awChx6ChFGkYKlPo62gP202X0ul//H/WiwkjBBFuawZG4NoBanBHbk1uNMnjUb
	oG9B/
X-Gm-Gg: ASbGncvIQL+o4jZTHrl3N68LbCamm1MP0X15uZ9NR8r0+gsdeY3/Nq6YKCtUcvlTVid
	fz5wp7sDQ/IBdBjr0vccmjT0i11+dGw6kjg7eaPj5fJdFR6/XIYZmo/qluM6WprPGEWD+kvtgg+
	AqDifBdCtumJxAjT9lVGrnaf1l0WVHGG6F8EJ0IkiDfMBw+NSabJMqXc49fOEQwYtBrF9dZuV+A
	A6LR+/u0egniW4EORfAMeFbuIPWo97XNFgB76XG5Pm53W5b1/kq7XEkTab6egicsMoZk88eLUvE
	3P6VxNvMhLhQxM9xObR+KEPAsSrjd2g/5UkVakmHcHWgvQ7/1F14Oly4mkEang19vFsOP2BMR8P
	9blaslo6M5S4TUgMgVv6+k0yHfGJ1DdOQ
X-Google-Smtp-Source: 
 AGHT+IE/tOsG/poMe9HcgV0x+GbHzHUt5NvWoFjdCvbkMfUKsr5tU9tL75q7Xi1qKszRGgmYSKUQDQ==
X-Received: by 2002:a05:6a00:14c5:b0:780:f758:4133 with SMTP id
 d2e1a72fcca58-793857038fdmr10229990b3a.10.1760064668760;
        Thu, 09 Oct 2025 19:51:08 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:08 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 15/18] openssl: upgrade 3.2.4 -> 3.2.6
Date: Thu,  9 Oct 2025 19:50:34 -0700
Message-ID: 
 <f8a7f941c9ac1dbcaeb8cddec2b1e7388c6eded0.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224659

From: Peter Marko <peter.marko@siemens.com>

3.2.6 has fixed 3.2.5 regression which broke python3 ptests so we can
upgrade now. We can also drop CVE-2025-27587 patch which was taken
instead of 3.2.5 upgrade under:
https://github.com/openssl/openssl/pull/28198

Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3017-and-openssl-3018-30-sep-2025

OpenSSL 3.2.6 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)

Release information:
https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-324-and-openssl-325-1-jul-2025

OpenSSL 3.2.5 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Miscellaneous minor bug fixes.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/openssl/CVE-2025-27587-1.patch    | 1918 -----------------
 .../openssl/openssl/CVE-2025-27587-2.patch    |  129 --
 .../{openssl_3.2.4.bb => openssl_3.2.6.bb}    |    4 +-
 3 files changed, 1 insertion(+), 2050 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
deleted file mode 100644
index eb3fc52dca..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
+++ /dev/null
@@ -1,1918 +0,0 @@
-From 14ac0f0e4e1f36793d09b41ffd5e482575289ab2 Mon Sep 17 00:00:00 2001
-From: Danny Tsen <dtsen@us.ibm.com>
-Date: Tue, 11 Feb 2025 13:48:01 -0500
-Subject: [PATCH] Fix Minerva timing side-channel signal for P-384 curve on PPC
-
-1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
-   for Montgomery multiplication.
-2. ecp_nistp384-ppc64.pl:
-   - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
-     minumum perl wrapper.
-   - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
-   - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
-3. ecp_nistp384.c:
-   - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.
-
-Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/26709)
-
-(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5)
-
-CVE: CVE-2025-27587
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/14ac0f0e4e1f36793d09b41ffd5e482575289ab2]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- crypto/bn/bn_ppc.c                  |    3 +
- crypto/ec/asm/ecp_nistp384-ppc64.pl | 1724 +++++++++++++++++++++++----
- crypto/ec/ecp_nistp384.c            |   28 +-
- 3 files changed, 1504 insertions(+), 251 deletions(-)
-
-diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
-index 1e9421bee2..29293bad55 100644
---- a/crypto/bn/bn_ppc.c
-+++ b/crypto/bn/bn_ppc.c
-@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-      */
- 
- #if defined(_ARCH_PPC64) && !defined(__ILP32__)
-+    /* Minerva side-channel fix danny */
-+# if defined(USE_FIXED_N6)
-     if (num == 6) {
-         if (OPENSSL_ppccap_P & PPC_MADD300)
-             return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
-         else
-             return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
-     }
-+# endif
- #endif
- 
-     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
-diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl
-index 28f4168e52..b663bddfc6 100755
---- a/crypto/ec/asm/ecp_nistp384-ppc64.pl
-+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
-@@ -7,13 +7,15 @@
- # https://www.openssl.org/source/license.html
- #
- # ====================================================================
--# Written by Rohan McLure <rmclure@linux.ibm.com> for the OpenSSL
--# project.
-+# Written by Danny Tsen <dtsen@us.ibm.com> # for the OpenSSL project.
-+#
-+# Copyright 2025- IBM Corp.
- # ====================================================================
- #
--# p384 lower-level primitives for PPC64 using vector instructions.
-+# p384 lower-level primitives for PPC64.
- #
- 
-+
- use strict;
- use warnings;
- 
-@@ -21,7 +23,7 @@ my $flavour = shift;
- my $output = "";
- while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
- if (!$output) {
--    $output = "-";
-+        $output = "-";
- }
- 
- my ($xlate, $dir);
-@@ -35,271 +37,1495 @@ open OUT,"| \"$^X\" $xlate $flavour $output";
- 
- my $code = "";
- 
--my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
--
--my $vzero = "v32";
--
--sub startproc($)
--{
--    my ($name) = @_;
--
--    $code.=<<___;
--    .globl ${name}
--    .align 5
--${name}:
--
--___
--}
--
--sub endproc($)
--{
--    my ($name) = @_;
--
--    $code.=<<___;
--    blr
--        .size ${name},.-${name}
--
--___
--}
--
--sub load_vrs($$)
--{
--    my ($pointer, $reg_list) = @_;
--
--    for (my $i = 0; $i <= 6; $i++) {
--        my $offset = $i * 8;
--        $code.=<<___;
--    lxsd        $reg_list->[$i],$offset($pointer)
--___
--    }
--
--    $code.=<<___;
--
--___
--}
--
--sub store_vrs($$)
--{
--    my ($pointer, $reg_list) = @_;
--
--    for (my $i = 0; $i <= 12; $i++) {
--        my $offset = $i * 16;
--        $code.=<<___;
--    stxv        $reg_list->[$i],$offset($pointer)
--___
--    }
--
--    $code.=<<___;
--
--___
--}
--
- $code.=<<___;
--.machine    "any"
-+.machine "any"
- .text
- 
--___
-+.globl  p384_felem_mul
-+.type   p384_felem_mul,\@function
-+.align	4
-+p384_felem_mul:
- 
--{
--    # mul/square common
--    my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
--    my ($zero, $one) = ("r8", "r9");
--    my $out = "v51";
-+	stdu	1, -176(1)
-+	mflr	0
-+	std	14, 56(1)
-+	std	15, 64(1)
-+	std	16, 72(1)
-+	std	17, 80(1)
-+	std	18, 88(1)
-+	std	19, 96(1)
-+	std	20, 104(1)
-+	std	21, 112(1)
-+	std	22, 120(1)
- 
--    {
--        #
--        # p384_felem_mul
--        #
-+	bl	_p384_felem_mul_core
- 
--        my ($in1p, $in2p) = ("r4", "r5");
--        my @in1 = map("v$_",(44..50));
--        my @in2 = map("v$_",(35..41));
-+	mtlr	0
-+	ld	14, 56(1)
-+	ld	15, 64(1)
-+	ld	16, 72(1)
-+	ld	17, 80(1)
-+	ld	18, 88(1)
-+	ld	19, 96(1)
-+	ld	20, 104(1)
-+	ld	21, 112(1)
-+	ld	22, 120(1)
-+	addi	1, 1, 176
-+	blr
-+.size   p384_felem_mul,.-p384_felem_mul
- 
--        startproc("p384_felem_mul");
-+.globl  p384_felem_square
-+.type   p384_felem_square,\@function
-+.align	4
-+p384_felem_square:
- 
--        $code.=<<___;
--    vspltisw    $vzero,0
-+	stdu	1, -176(1)
-+	mflr	0
-+	std	14, 56(1)
-+	std	15, 64(1)
-+	std	16, 72(1)
-+	std	17, 80(1)
- 
--___
-+	bl	_p384_felem_square_core
- 
--        load_vrs($in1p, \@in1);
--        load_vrs($in2p, \@in2);
--
--        $code.=<<___;
--    vmsumudm    $out,$in1[0],$in2[0],$vzero
--    stxv        $out,0($outp)
--
--    xxpermdi    $t1,$in1[0],$in1[1],0b00
--    xxpermdi    $t2,$in2[1],$in2[0],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,16($outp)
--
--    xxpermdi    $t2,$in2[2],$in2[1],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in1[2],$in2[0],$out
--    stxv        $out,32($outp)
--
--    xxpermdi    $t2,$in2[1],$in2[0],0b00
--    xxpermdi    $t3,$in1[2],$in1[3],0b00
--    xxpermdi    $t4,$in2[3],$in2[2],0b00
--    vmsumudm    $out,$t1,$t4,$vzero
--    vmsumudm    $out,$t3,$t2,$out
--    stxv        $out,48($outp)
--
--    xxpermdi    $t2,$in2[4],$in2[3],0b00
--    xxpermdi    $t4,$in2[2],$in2[1],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    vmsumudm    $out,$in1[4],$in2[0],$out
--    stxv        $out,64($outp)
--
--    xxpermdi    $t2,$in2[5],$in2[4],0b00
--    xxpermdi    $t4,$in2[3],$in2[2],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    xxpermdi    $t4,$in2[1],$in2[0],0b00
--    xxpermdi    $t1,$in1[4],$in1[5],0b00
--    vmsumudm    $out,$t1,$t4,$out
--    stxv        $out,80($outp)
--
--    xxpermdi    $t1,$in1[0],$in1[1],0b00
--    xxpermdi    $t2,$in2[6],$in2[5],0b00
--    xxpermdi    $t4,$in2[4],$in2[3],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    xxpermdi    $t2,$in2[2],$in2[1],0b00
--    xxpermdi    $t1,$in1[4],$in1[5],0b00
--    vmsumudm    $out,$t1,$t2,$out
--    vmsumudm    $out,$in1[6],$in2[0],$out
--    stxv        $out,96($outp)
--
--    xxpermdi    $t1,$in1[1],$in1[2],0b00
--    xxpermdi    $t2,$in2[6],$in2[5],0b00
--    xxpermdi    $t3,$in1[3],$in1[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    xxpermdi    $t3,$in2[2],$in2[1],0b00
--    xxpermdi    $t1,$in1[5],$in1[6],0b00
--    vmsumudm    $out,$t1,$t3,$out
--    stxv        $out,112($outp)
--
--    xxpermdi    $t1,$in1[2],$in1[3],0b00
--    xxpermdi    $t3,$in1[4],$in1[5],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$t3,$t4,$out
--    vmsumudm    $out,$in1[6],$in2[2],$out
--    stxv        $out,128($outp)
--
--    xxpermdi    $t1,$in1[3],$in1[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    xxpermdi    $t1,$in1[5],$in1[6],0b00
--    vmsumudm    $out,$t1,$t4,$out
--    stxv        $out,144($outp)
--
--    vmsumudm    $out,$t3,$t2,$vzero
--    vmsumudm    $out,$in1[6],$in2[4],$out
--    stxv        $out,160($outp)
--
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,176($outp)
--
--    vmsumudm    $out,$in1[6],$in2[6],$vzero
--    stxv        $out,192($outp)
--___
-+	mtlr	0
-+	ld	14, 56(1)
-+	ld	15, 64(1)
-+	ld	16, 72(1)
-+	ld	17, 80(1)
-+	addi	1, 1, 176
-+	blr
-+.size   p384_felem_square,.-p384_felem_square
- 
--        endproc("p384_felem_mul");
--    }
-+#
-+# Felem mul core function -
-+# r3, r4 and r5 need to pre-loaded.
-+#
-+.type   _p384_felem_mul_core,\@function
-+.align	4
-+_p384_felem_mul_core:
- 
--    {
--        #
--        # p384_felem_square
--        #
-+	ld	6,0(4)
-+	ld	14,0(5)
-+	ld	7,8(4)
-+	ld	15,8(5)
-+	ld	8,16(4)
-+	ld	16,16(5)
-+	ld	9,24(4)
-+	ld	17,24(5)
-+	ld	10,32(4)
-+	ld	18,32(5)
-+	ld	11,40(4)
-+	ld	19,40(5)
-+	ld	12,48(4)
-+	ld	20,48(5)
- 
--        my ($inp) = ("r4");
--        my @in = map("v$_",(44..50));
--        my @inx2 = map("v$_",(35..41));
-+	# out0
-+	mulld	21, 14, 6
-+	mulhdu	22, 14, 6
-+	std	21, 0(3)
-+	std	22, 8(3)
- 
--        startproc("p384_felem_square");
-+	vxor	0, 0, 0
- 
--        $code.=<<___;
--    vspltisw    $vzero,0
-+	# out1
-+	mtvsrdd	32+13, 14, 6
-+	mtvsrdd	32+14, 7, 15
-+	vmsumudm 1, 13, 14, 0
- 
--___
-+	# out2
-+	mtvsrdd	32+15, 15, 6
-+	mtvsrdd	32+16, 7, 16
-+	mtvsrdd	32+17, 0, 8
-+	mtvsrdd	32+18, 0, 14
-+	vmsumudm 19, 15, 16, 0
-+	vmsumudm 2, 17, 18, 19
- 
--        load_vrs($inp, \@in);
-+	# out3
-+	mtvsrdd	32+13, 16, 6
-+	mtvsrdd	32+14, 7, 17
-+	mtvsrdd	32+15, 14, 8
-+	mtvsrdd	32+16, 9, 15
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 3, 15, 16, 19
- 
--        $code.=<<___;
--    li        $zero,0
--    li        $one,1
--    mtvsrdd        $t1,$one,$zero
--___
-+	# out4
-+	mtvsrdd	32+13, 17, 6
-+	mtvsrdd	32+14, 7, 18
-+	mtvsrdd	32+15, 15, 8
-+	mtvsrdd	32+16, 9, 16
-+	mtvsrdd	32+17, 0, 10
-+	mtvsrdd	32+18, 0, 14
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 4, 15, 16, 19
-+	vmsumudm 4, 17, 18, 4
- 
--        for (my $i = 0; $i <= 6; $i++) {
--            $code.=<<___;
--    vsld        $inx2[$i],$in[$i],$t1
--___
--        }
--
--        $code.=<<___;
--    vmsumudm    $out,$in[0],$in[0],$vzero
--    stxv        $out,0($outp)
--
--    vmsumudm    $out,$in[0],$inx2[1],$vzero
--    stxv        $out,16($outp)
--
--    vmsumudm    $out,$in[0],$inx2[2],$vzero
--    vmsumudm    $out,$in[1],$in[1],$out
--    stxv        $out,32($outp)
--
--    xxpermdi    $t1,$in[0],$in[1],0b00
--    xxpermdi    $t2,$inx2[3],$inx2[2],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,48($outp)
--
--    xxpermdi    $t4,$inx2[4],$inx2[3],0b00
--    vmsumudm    $out,$t1,$t4,$vzero
--    vmsumudm    $out,$in[2],$in[2],$out
--    stxv        $out,64($outp)
--
--    xxpermdi    $t2,$inx2[5],$inx2[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in[2],$inx2[3],$out
--    stxv        $out,80($outp)
--
--    xxpermdi    $t2,$inx2[6],$inx2[5],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in[2],$inx2[4],$out
--    vmsumudm    $out,$in[3],$in[3],$out
--    stxv        $out,96($outp)
--
--    xxpermdi    $t3,$in[1],$in[2],0b00
--    vmsumudm    $out,$t3,$t2,$vzero
--    vmsumudm    $out,$in[3],$inx2[4],$out
--    stxv        $out,112($outp)
--
--    xxpermdi    $t1,$in[2],$in[3],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    vmsumudm    $out,$in[4],$in[4],$out
--    stxv        $out,128($outp)
--
--    xxpermdi    $t1,$in[3],$in[4],0b00
--    vmsumudm    $out,$t1,$t2,$vzero
--    stxv        $out,144($outp)
--
--    vmsumudm    $out,$in[4],$inx2[6],$vzero
--    vmsumudm    $out,$in[5],$in[5],$out
--    stxv        $out,160($outp)
--
--    vmsumudm    $out,$in[5],$inx2[6],$vzero
--    stxv        $out,176($outp)
--
--    vmsumudm    $out,$in[6],$in[6],$vzero
--    stxv        $out,192($outp)
--___
-+	# out5
-+	mtvsrdd	32+13, 18, 6
-+	mtvsrdd	32+14, 7, 19
-+	mtvsrdd	32+15, 16, 8
-+	mtvsrdd	32+16, 9, 17
-+	mtvsrdd	32+17, 14, 10
-+	mtvsrdd	32+18, 11, 15
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 5, 15, 16, 19
-+	vmsumudm 5, 17, 18, 5
-+
-+	stxv	32+1, 16(3)
-+	stxv	32+2, 32(3)
-+	stxv	32+3, 48(3)
-+	stxv	32+4, 64(3)
-+	stxv	32+5, 80(3)
-+
-+	# out6
-+	mtvsrdd	32+13, 19, 6
-+	mtvsrdd	32+14, 7, 20
-+	mtvsrdd	32+15, 17, 8
-+	mtvsrdd	32+16, 9, 18
-+	mtvsrdd	32+17, 15, 10
-+	mtvsrdd	32+18, 11, 16
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 6, 15, 16, 19
-+	mtvsrdd	32+13, 0, 12
-+	mtvsrdd	32+14, 0, 14
-+	vmsumudm 19, 17, 18, 6
-+	vmsumudm 6, 13, 14, 19
-+
-+	# out7
-+	mtvsrdd	32+13, 19, 7
-+	mtvsrdd	32+14, 8, 20
-+	mtvsrdd	32+15, 17, 9
-+	mtvsrdd	32+16, 10, 18
-+	mtvsrdd	32+17, 15, 11
-+	mtvsrdd	32+18, 12, 16
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 7, 15, 16, 19
-+	vmsumudm 7, 17, 18, 7
-+
-+	# out8
-+	mtvsrdd	32+13, 19, 8
-+	mtvsrdd	32+14, 9, 20
-+	mtvsrdd	32+15, 17, 10
-+	mtvsrdd	32+16, 11, 18
-+	mtvsrdd	32+17, 0, 12
-+	mtvsrdd	32+18, 0, 16
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 8, 15, 16, 19
-+	vmsumudm 8, 17, 18, 8
-+
-+	# out9
-+	mtvsrdd	32+13, 19, 9
-+	mtvsrdd	32+14, 10, 20
-+	mtvsrdd	32+15, 17, 11
-+	mtvsrdd	32+16, 12, 18
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 9, 15, 16, 19
-+
-+	# out10
-+	mtvsrdd	32+13, 19, 10
-+	mtvsrdd	32+14, 11, 20
-+	mtvsrdd	32+15, 0, 12
-+	mtvsrdd	32+16, 0, 18
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 10, 15, 16, 19
-+
-+	# out11
-+	mtvsrdd	32+17, 19, 11
-+	mtvsrdd	32+18, 12, 20
-+	vmsumudm 11, 17, 18, 0
-+
-+	stxv	32+6, 96(3)
-+	stxv	32+7, 112(3)
-+	stxv	32+8, 128(3)
-+	stxv	32+9, 144(3)
-+	stxv	32+10, 160(3)
-+	stxv	32+11, 176(3)
-+
-+	# out12
-+	mulld	21, 20, 12
-+	mulhdu	22, 20, 12	# out12
-+
-+	std	21, 192(3)
-+	std	22, 200(3)
-+
-+	blr
-+.size   _p384_felem_mul_core,.-_p384_felem_mul_core
-+
-+#
-+# Felem square core function -
-+# r3 and r4 need to pre-loaded.
-+#
-+.type   _p384_felem_square_core,\@function
-+.align	4
-+_p384_felem_square_core:
-+
-+	ld	6, 0(4)
-+	ld	7, 8(4)
-+	ld	8, 16(4)
-+	ld	9, 24(4)
-+	ld	10, 32(4)
-+	ld	11, 40(4)
-+	ld	12, 48(4)
-+
-+	vxor	0, 0, 0
-+
-+	# out0
-+	mulld	14, 6, 6
-+	mulhdu	15, 6, 6
-+	std	14, 0(3)
-+	std	15, 8(3)
-+
-+	# out1
-+	add	14, 6, 6
-+	mtvsrdd	32+13, 0, 14
-+	mtvsrdd	32+14, 0, 7
-+	vmsumudm 1, 13, 14, 0
-+
-+	# out2
-+	mtvsrdd	32+15, 7, 14
-+	mtvsrdd	32+16, 7, 8
-+	vmsumudm 2, 15, 16, 0
-+
-+	# out3
-+	add	15, 7, 7
-+	mtvsrdd	32+13, 8, 14
-+	mtvsrdd	32+14, 15, 9
-+	vmsumudm 3, 13, 14, 0
-+
-+	# out4
-+	mtvsrdd	32+13, 9, 14
-+	mtvsrdd	32+14, 15, 10
-+	mtvsrdd	32+15, 0, 8
-+	vmsumudm 4, 13, 14, 0
-+	vmsumudm 4, 15, 15, 4
-+
-+	# out5
-+	mtvsrdd	32+13, 10, 14
-+	mtvsrdd	32+14, 15, 11
-+	add	16, 8, 8
-+	mtvsrdd	32+15, 0, 16
-+	mtvsrdd	32+16, 0, 9
-+	vmsumudm 5, 13, 14, 0
-+	vmsumudm 5, 15, 16, 5
-+
-+	stxv	32+1, 16(3)
-+	stxv	32+2, 32(3)
-+	stxv	32+3, 48(3)
-+	stxv	32+4, 64(3)
-+
-+	# out6
-+	mtvsrdd	32+13, 11, 14
-+	mtvsrdd	32+14, 15, 12
-+	mtvsrdd	32+15, 9, 16
-+	mtvsrdd	32+16, 9, 10
-+	stxv	32+5, 80(3)
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 6, 15, 16, 19
-+
-+	# out7
-+	add	17, 9, 9
-+	mtvsrdd	32+13, 11, 15
-+	mtvsrdd	32+14, 16, 12
-+	mtvsrdd	32+15, 0, 17
-+	mtvsrdd	32+16, 0, 10
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 7, 15, 16, 19
-+
-+	# out8
-+	mtvsrdd	32+13, 11, 16
-+	mtvsrdd	32+14, 17, 12
-+	mtvsrdd	32+15, 0, 10
-+	vmsumudm 19, 13, 14, 0
-+	vmsumudm 8, 15, 15, 19
-+
-+	# out9
-+	add	14, 10, 10
-+	mtvsrdd	32+13, 11, 17
-+	mtvsrdd	32+14, 14, 12
-+	vmsumudm 9, 13, 14, 0
-+
-+	# out10
-+	mtvsrdd	32+13, 11, 14
-+	mtvsrdd	32+14, 11, 12
-+	vmsumudm 10, 13, 14, 0
-+
-+	stxv	32+6, 96(3)
-+	stxv	32+7, 112(3)
-+
-+	# out11
-+	#add	14, 11, 11
-+	#mtvsrdd	32+13, 0, 14
-+	#mtvsrdd	32+14, 0, 12
-+	#vmsumudm 11, 13, 14, 0
-+
-+	mulld	6, 12, 11
-+	mulhdu	7, 12, 11
-+	addc	8, 6, 6
-+	adde	9, 7, 7
-+
-+	stxv	32+8, 128(3)
-+	stxv	32+9, 144(3)
-+	stxv	32+10, 160(3)
-+	#stxv	32+11, 176(3)
-+
-+	# out12
-+	mulld	14, 12, 12
-+	mulhdu	15, 12, 12
-+
-+	std	8, 176(3)
-+	std	9, 184(3)
-+	std	14, 192(3)
-+	std	15, 200(3)
-+
-+	blr
-+.size   _p384_felem_square_core,.-_p384_felem_square_core
-+
-+#
-+# widefelem (128 bits) * 8
-+#
-+.macro F128_X_8 _off1 _off2
-+	ld	9,\\_off1(3)
-+	ld	8,\\_off2(3)
-+	srdi	10,9,61
-+	rldimi	10,8,3,0
-+	sldi	9,9,3
-+	std	9,\\_off1(3)
-+	std	10,\\_off2(3)
-+.endm
-+
-+.globl p384_felem128_mul_by_8
-+.type	p384_felem128_mul_by_8, \@function
-+.align 4
-+p384_felem128_mul_by_8:
-+
-+	F128_X_8 0, 8
-+
-+	F128_X_8 16, 24
-+
-+	F128_X_8 32, 40
-+
-+	F128_X_8 48, 56
-+
-+	F128_X_8 64, 72
-+
-+	F128_X_8 80, 88
-+
-+	F128_X_8 96, 104
-+
-+	F128_X_8 112, 120
-+
-+	F128_X_8 128, 136
-+
-+	F128_X_8 144, 152
-+
-+	F128_X_8 160, 168
-+
-+	F128_X_8 176, 184
-+
-+	F128_X_8 192, 200
-+
-+	blr
-+.size	p384_felem128_mul_by_8,.-p384_felem128_mul_by_8
-+
-+#
-+# widefelem (128 bits) * 2
-+#
-+.macro F128_X_2 _off1 _off2
-+	ld	9,\\_off1(3)
-+	ld	8,\\_off2(3)
-+	srdi	10,9,63
-+	rldimi	10,8,1,0
-+	sldi	9,9,1
-+	std	9,\\_off1(3)
-+	std	10,\\_off2(3)
-+.endm
-+
-+.globl p384_felem128_mul_by_2
-+.type	p384_felem128_mul_by_2, \@function
-+.align 4
-+p384_felem128_mul_by_2:
-+
-+	F128_X_2 0, 8
-+
-+	F128_X_2 16, 24
-+
-+	F128_X_2 32, 40
-+
-+	F128_X_2 48, 56
-+
-+	F128_X_2 64, 72
-+
-+	F128_X_2 80, 88
-+
-+	F128_X_2 96, 104
-+
-+	F128_X_2 112, 120
-+
-+	F128_X_2 128, 136
-+
-+	F128_X_2 144, 152
-+
-+	F128_X_2 160, 168
-+
-+	F128_X_2 176, 184
-+
-+	F128_X_2 192, 200
-+
-+	blr
-+.size	p384_felem128_mul_by_2,.-p384_felem128_mul_by_2
-+
-+.globl p384_felem_diff128
-+.type	p384_felem_diff128, \@function
-+.align 4
-+p384_felem_diff128:
-+
-+	addis   5, 2, .LConst_two127\@toc\@ha
-+	addi    5, 5, .LConst_two127\@toc\@l
-+
-+	ld	10, 0(3)
-+	ld	8, 8(3)
-+	li	9, 0
-+	addc	10, 10, 9
-+	li	7, -1
-+	rldicr	7, 7, 0, 0	# two127
-+	adde	8, 8, 7
-+	ld	11, 0(4)
-+	ld	12, 8(4)
-+	subfc	11, 11, 10
-+	subfe	12, 12, 8
-+	std	11, 0(3)	# out0
-+	std	12, 8(3)
-+
-+	# two127m71 = (r10, r9)
-+	ld	8, 16(3)
-+	ld	7, 24(3)
-+	ld	10, 24(5)	# two127m71
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 16(4)
-+	ld	12, 24(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 16(3)	# out1
-+	std	12, 24(3)
-+
-+	ld	8, 32(3)
-+	ld	7, 40(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 32(4)
-+	ld	12, 40(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 32(3)	# out2
-+	std	12, 40(3)
-+
-+	ld	8, 48(3)
-+	ld	7, 56(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 48(4)
-+	ld	12, 56(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 48(3)	# out3
-+	std	12, 56(3)
-+
-+	ld	8, 64(3)
-+	ld	7, 72(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 64(4)
-+	ld	12, 72(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 64(3)	# out4
-+	std	12, 72(3)
-+
-+	ld	8, 80(3)
-+	ld	7, 88(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 80(4)
-+	ld	12, 88(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 80(3)	# out5
-+	std	12, 88(3)
-+
-+	ld	8, 96(3)
-+	ld	7, 104(3)
-+	ld	6, 40(5)	# two127p111m79m71
-+	addc	8, 8, 9
-+	adde	7, 7, 6
-+	ld	11, 96(4)
-+	ld	12, 104(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 96(3)	# out6
-+	std	12, 104(3)
-+
-+	ld	8, 112(3)
-+	ld	7, 120(3)
-+	ld	6, 56(5)	# two127m119m71
-+	addc	8, 8, 9
-+	adde	7, 7, 6
-+	ld	11, 112(4)
-+	ld	12, 120(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 112(3)	# out7
-+	std	12, 120(3)
-+
-+	ld	8, 128(3)
-+	ld	7, 136(3)
-+	ld	6, 72(5)	# two127m95m71
-+	addc	8, 8, 9
-+	adde	7, 7, 6
-+	ld	11, 128(4)
-+	ld	12, 136(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 128(3)	# out8
-+	std	12, 136(3)
-+
-+	ld	8, 144(3)
-+	ld	7, 152(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 144(4)
-+	ld	12, 152(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 144(3)	# out9
-+	std	12, 152(3)
-+
-+	ld	8, 160(3)
-+	ld	7, 168(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 160(4)
-+	ld	12, 168(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 160(3)	# out10
-+	std	12, 168(3)
-+
-+	ld	8, 176(3)
-+	ld	7, 184(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 176(4)
-+	ld	12, 184(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 176(3)	# out11
-+	std	12, 184(3)
-+
-+	ld	8, 192(3)
-+	ld	7, 200(3)
-+	addc	8, 8, 9
-+	adde	7, 7, 10
-+	ld	11, 192(4)
-+	ld	12, 200(4)
-+	subfc	11, 11, 8
-+	subfe	12, 12, 7
-+	std	11, 192(3)	# out12
-+	std	12, 200(3)
-+
-+	blr
-+.size	p384_felem_diff128,.-p384_felem_diff128
-+
-+.data
-+.align 4
-+.LConst_two127:
-+#two127
-+.long 0x00000000, 0x00000000, 0x00000000, 0x80000000
-+#two127m71
-+.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff
-+#two127p111m79m71
-+.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff
-+#two127m119m71
-+.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff
-+#two127m95m71
-+.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff
-+
-+.text
-+
-+.globl p384_felem_diff_128_64
-+.type	p384_felem_diff_128_64, \@function
-+.align 4
-+p384_felem_diff_128_64:
-+	addis   5, 2, .LConst_128_two64\@toc\@ha
-+	addi    5, 5, .LConst_128_two64\@toc\@l
-+
-+	ld	9, 0(3)
-+	ld	10, 8(3)
-+	ld	8, 48(5)	# two64p48m16
-+	li	7, 0
-+	addc	9, 9, 8
-+	li	6, 1
-+	adde	10, 10, 6
-+	ld	11, 0(4)
-+	subfc	8, 11, 9
-+	subfe	12, 7, 10
-+	std	8, 0(3)		# out0
-+	std	12, 8(3)
-+
-+	ld	9, 16(3)
-+	ld	10, 24(3)
-+	ld	8, 0(5)		# two64m56m8
-+	addc	9, 9, 8
-+	addze	10, 10
-+	ld	11, 8(4)
-+	subfc	11, 11, 9
-+	subfe	12, 7, 10
-+	std	11, 16(3)	# out1
-+	std	12, 24(3)
-+
-+	ld	9, 32(3)
-+	ld	10, 40(3)
-+	ld	8, 16(5)	# two64m32m8
-+	addc	9, 9, 8
-+	addze	10, 10
-+	ld	11, 16(4)
-+	subfc	11, 11, 9
-+	subfe	12, 7, 10
-+	std	11, 32(3)	# out2
-+	std	12, 40(3)
-+
-+	ld	10, 48(3)
-+	ld	8, 56(3)
-+	#ld	9, 32(5)	# two64m8
-+	li	9, -256		# two64m8
-+	addc	10, 10, 9
-+	addze	8, 8
-+	ld	11, 24(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 8
-+	std	11, 48(3)	# out3
-+	std	12, 56(3)
-+
-+	ld	10, 64(3)
-+	ld	8, 72(3)
-+	addc	10, 10, 9
-+	addze	8, 8
-+	ld	11, 32(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 8
-+	std	11, 64(3)	# out4
-+	std	12, 72(3)
-+
-+	ld	10, 80(3)
-+	ld	8, 88(3)
-+	addc	10, 10, 9
-+	addze	8, 8
-+	ld	11, 40(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 8
-+	std	11, 80(3)	# out5
-+	std	12, 88(3)
-+
-+	ld	10, 96(3)
-+	ld	8, 104(3)
-+	addc	10, 10, 9
-+	addze	9, 8
-+	ld	11, 48(4)
-+	subfc	11, 11, 10
-+	subfe	12, 7, 9
-+	std	11, 96(3)	# out6
-+	std	12, 104(3)
-+
-+	blr
-+.size	p384_felem_diff_128_64,.-p384_felem_diff_128_64
-+
-+.data
-+.align 4
-+.LConst_128_two64:
-+#two64m56m8
-+.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000
-+#two64m32m8
-+.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000
-+#two64m8
-+.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000
-+#two64p48m16
-+.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000
-+
-+.LConst_two60:
-+#two60m52m4
-+.long 0xfffffff0, 0x0fefffff, 0x0, 0x0
-+#two60p44m12
-+.long 0xfffff000, 0x10000fff, 0x0, 0x0
-+#two60m28m4
-+.long 0xeffffff0, 0x0fffffff, 0x0, 0x0
-+#two60m4
-+.long 0xfffffff0, 0x0fffffff, 0x0, 0x0
-+
-+.text
-+#
-+# static void felem_diff64(felem out, const felem in)
-+#
-+.globl p384_felem_diff64
-+.type	p384_felem_diff64, \@function
-+.align 4
-+p384_felem_diff64:
-+	addis   5, 2, .LConst_two60\@toc\@ha
-+	addi    5, 5, .LConst_two60\@toc\@l
-+
-+	ld	9, 0(3)
-+	ld	8, 16(5)	# two60p44m12
-+	li	7, 0
-+	add	9, 9, 8
-+	ld	11, 0(4)
-+	subf	8, 11, 9
-+	std	8, 0(3)		# out0
-+
-+	ld	9, 8(3)
-+	ld	8, 0(5)		# two60m52m4
-+	add	9, 9, 8
-+	ld	11, 8(4)
-+	subf	11, 11, 9
-+	std	11, 8(3)	# out1
-+
-+	ld	9, 16(3)
-+	ld	8, 32(5)	# two60m28m4
-+	add	9, 9, 8
-+	ld	11, 16(4)
-+	subf	11, 11, 9
-+	std	11, 16(3)	# out2
-+
-+	ld	10, 24(3)
-+	ld	9, 48(5)	# two60m4
-+	add	10, 10, 9
-+	ld	12, 24(4)
-+	subf	12, 12, 10
-+	std	12, 24(3)	# out3
-+
-+	ld	10, 32(3)
-+	add	10, 10, 9
-+	ld	11, 32(4)
-+	subf	11, 11, 10
-+	std	11, 32(3)	# out4
-+
-+	ld	10, 40(3)
-+	add	10, 10, 9
-+	ld	12, 40(4)
-+	subf	12, 12, 10
-+	std	12, 40(3)	# out5
- 
--        endproc("p384_felem_square");
--    }
--}
-+	ld	10, 48(3)
-+	add	10, 10, 9
-+	ld	11, 48(4)
-+	subf	11, 11, 10
-+	std	11, 48(3)	# out6
-+
-+	blr
-+.size	p384_felem_diff64,.-p384_felem_diff64
-+
-+.text
-+#
-+# Shift 128 bits right <nbits>
-+#
-+.macro SHR o_h o_l in_h in_l nbits
-+	srdi	\\o_l, \\in_l, \\nbits		# shift lower right <nbits>
-+	rldimi	\\o_l, \\in_h, 64-\\nbits, 0	# insert <64-nbits> from hi
-+	srdi	\\o_h, \\in_h, \\nbits		# shift higher right <nbits>
-+.endm
-+
-+#
-+# static void felem_reduce(felem out, const widefelem in)
-+#
-+.global p384_felem_reduce
-+.type   p384_felem_reduce,\@function
-+.align 4
-+p384_felem_reduce:
-+
-+	stdu    1, -208(1)
-+	mflr	0
-+	std     14, 56(1)
-+	std     15, 64(1)
-+	std     16, 72(1)
-+	std     17, 80(1)
-+	std     18, 88(1)
-+	std     19, 96(1)
-+	std     20, 104(1)
-+	std     21, 112(1)
-+	std     22, 120(1)
-+	std     23, 128(1)
-+	std     24, 136(1)
-+	std     25, 144(1)
-+	std     26, 152(1)
-+	std     27, 160(1)
-+	std     28, 168(1)
-+	std     29, 176(1)
-+	std     30, 184(1)
-+	std     31, 192(1)
-+
-+	bl	_p384_felem_reduce_core
-+
-+	mtlr	0
-+	ld     14, 56(1)
-+	ld     15, 64(1)
-+	ld     16, 72(1)
-+	ld     17, 80(1)
-+	ld     18, 88(1)
-+	ld     19, 96(1)
-+	ld     20, 104(1)
-+	ld     21, 112(1)
-+	ld     22, 120(1)
-+	ld     23, 128(1)
-+	ld     24, 136(1)
-+	ld     25, 144(1)
-+	ld     26, 152(1)
-+	ld     27, 160(1)
-+	ld     28, 168(1)
-+	ld     29, 176(1)
-+	ld     30, 184(1)
-+	ld     31, 192(1)
-+	addi	1, 1, 208
-+	blr
-+.size   p384_felem_reduce,.-p384_felem_reduce
-+
-+#
-+# Felem reduction core function -
-+# r3 and r4 need to pre-loaded.
-+#
-+.type   _p384_felem_reduce_core,\@function
-+.align 4
-+_p384_felem_reduce_core:
-+	addis   12, 2, .LConst\@toc\@ha
-+	addi    12, 12, .LConst\@toc\@l
-+
-+	# load constat p
-+	ld	11, 8(12)	# hi - two124m68
-+
-+	# acc[6] = in[6] + two124m68;
-+	ld	26, 96(4)	# in[6].l
-+	ld	27, 96+8(4)	# in[6].h
-+	add	27, 27, 11
-+
-+	# acc[5] = in[5] + two124m68;
-+	ld	24, 80(4)	# in[5].l
-+	ld	25, 80+8(4)	# in[5].h
-+	add	25, 25, 11
-+
-+	# acc[4] = in[4] + two124m68;
-+	ld	22, 64(4)	# in[4].l
-+	ld	23, 64+8(4)	# in[4].h
-+	add	23, 23, 11
-+
-+	# acc[3] = in[3] + two124m68;
-+	ld	20, 48(4)	# in[3].l
-+	ld	21, 48+8(4)	# in[3].h
-+	add	21, 21, 11
-+
-+	ld	11, 48+8(12)	# hi - two124m92m68
-+
-+	# acc[2] = in[2] + two124m92m68;
-+	ld	18, 32(4)	# in[2].l
-+	ld	19, 32+8(4)	# in[2].h
-+	add	19, 19, 11
-+
-+	ld	11, 16+8(12)	# high - two124m116m68
-+
-+	# acc[1] = in[1] + two124m116m68;
-+	ld	16, 16(4)	# in[1].l
-+	ld	17, 16+8(4)	# in[1].h
-+	add	17, 17, 11
-+
-+	ld	11, 32+8(12)	# high - two124p108m76
-+
-+	# acc[0] = in[0] + two124p108m76;
-+	ld	14, 0(4)	# in[0].l
-+	ld	15, 0+8(4)	# in[0].h
-+	add	15, 15, 11
-+
-+	# compute mask
-+	li	7, -1
-+
-+	# Eliminate in[12]
-+
-+	# acc[8] += in[12] >> 32;
-+	ld	5, 192(4)	# in[12].l
-+	ld	6, 192+8(4)	# in[12].h
-+	SHR 9, 10, 6, 5, 32
-+	ld	30, 128(4)	# in[8].l
-+	ld	31, 136(4)	# in[8].h
-+	addc	30, 30, 10
-+	adde	31, 31, 9
-+
-+	# acc[7] += (in[12] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	ld	28, 112(4)	# in[7].l
-+	ld	29, 120(4)	# in[7].h
-+	addc	28, 28, 11
-+	addze	29, 29
-+
-+	# acc[7] += in[12] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	28, 28, 10
-+	adde	29, 29, 9
-+
-+	# acc[6] += (in[12] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	26, 26, 11
-+	addze	27, 27
-+
-+	# acc[6] -= in[12] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	26, 10, 26
-+	subfe	27, 9, 27
-+
-+	# acc[5] -= (in[12] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	24, 11, 24
-+	subfe	25, 9, 25
-+
-+	# acc[6] += in[12] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] += (in[12] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	24, 24, 11
-+	addze	25, 25
-+
-+	# Eliminate in[11]
-+
-+	# acc[7] += in[11] >> 32;
-+	ld	5, 176(4)	# in[11].l
-+	ld	6, 176+8(4)	# in[11].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	28, 28, 10
-+	adde	29, 29, 9
-+
-+	# acc[6] += (in[11] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	26, 26, 11
-+	addze	27, 27
-+
-+	# acc[6] += in[11] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] += (in[11] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	24, 24, 11
-+	addze	25, 25
-+
-+	# acc[5] -= in[11] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	24, 10, 24
-+	subfe	25, 9, 25
-+
-+	# acc[4] -= (in[11] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	22, 11, 22
-+	subfe	23, 9, 23
-+
-+	# acc[5] += in[11] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] += (in[11] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	22, 22, 11
-+	addze	23, 23
-+
-+	# Eliminate in[10]
-+
-+	# acc[6] += in[10] >> 32;
-+	ld	5, 160(4)	# in[10].l
-+	ld	6, 160+8(4)	# in[10].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] += (in[10] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	24, 24, 11
-+	addze	25, 25
-+
-+	# acc[5] += in[10] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] += (in[10] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	22, 22, 11
-+	addze	23, 23
-+
-+	# acc[4] -= in[10] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	22, 10, 22
-+	subfe	23, 9, 23
-+
-+	# acc[3] -= (in[10] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	20, 11, 20
-+	subfe	21, 9, 21
-+
-+	# acc[4] += in[10] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] += (in[10] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	20, 20, 11
-+	addze	21, 21
-+
-+	# Eliminate in[9]
-+
-+	# acc[5] += in[9] >> 32;
-+	ld	5, 144(4)	# in[9].l
-+	ld	6, 144+8(4)	# in[9].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] += (in[9] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	22, 22, 11
-+	addze	23, 23
-+
-+	# acc[4] += in[9] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] += (in[9] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	20, 20, 11
-+	addze	21, 21
-+
-+	# acc[3] -= in[9] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	20, 10, 20
-+	subfe	21, 9, 21
-+
-+	# acc[2] -= (in[9] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	18, 11, 18
-+	subfe	19, 9, 19
-+
-+	# acc[3] += in[9] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (in[9] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	18, 18, 11
-+	addze	19, 19
-+
-+	# Eliminate acc[8]
-+
-+	# acc[4] += acc[8] >> 32;
-+	mr	5, 30		# acc[8].l
-+	mr	6, 31		# acc[8].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] += (acc[8] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	20, 20, 11
-+	addze	21, 21
-+
-+	# acc[3] += acc[8] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (acc[8] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	18, 18, 11
-+	addze	19, 19
-+
-+	# acc[2] -= acc[8] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	18, 10, 18
-+	subfe	19, 9, 19
-+
-+	# acc[1] -= (acc[8] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	16, 11, 16
-+	subfe	17, 9, 17
-+
-+	#acc[2] += acc[8] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] += (acc[8] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	16, 16, 11
-+	addze	17, 17
-+
-+	# Eliminate acc[7]
-+
-+	# acc[3] += acc[7] >> 32;
-+	mr	5, 28		# acc[7].l
-+	mr	6, 29		# acc[7].h
-+	SHR 9, 10, 6, 5, 32
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (acc[7] & 0xffffffff) << 24;
-+	srdi	11, 7, 32	# 0xffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 24	# << 24
-+	addc	18, 18, 11
-+	addze	19, 19
-+
-+	# acc[2] += acc[7] >> 8;
-+	SHR 9, 10, 6, 5, 8
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] += (acc[7] & 0xff) << 48;
-+	andi.	11, 5, 0xff
-+	sldi	11, 11, 48
-+	addc	16, 16, 11
-+	addze	17, 17
-+
-+	# acc[1] -= acc[7] >> 16;
-+	SHR 9, 10, 6, 5, 16
-+	subfc	16, 10, 16
-+	subfe	17, 9, 17
-+
-+	# acc[0] -= (acc[7] & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	11, 11, 5
-+	sldi	11, 11, 40	# << 40
-+	li	9, 0
-+	subfc	14, 11, 14
-+	subfe	15, 9, 15
-+
-+	# acc[1] += acc[7] >> 48;
-+	SHR 9, 10, 6, 5, 48
-+	addc	16, 16, 10
-+	adde	17, 17, 9
-+
-+	# acc[0] += (acc[7] & 0xffffffffffff) << 8;
-+	srdi	11, 7, 16	# 0xffffffffffff
-+	and	11, 11, 5
-+	sldi	11, 11, 8	# << 8
-+	addc	14, 14, 11
-+	addze	15, 15
-+
-+	#
-+	# Carry 4 -> 5 -> 6
-+	#
-+	# acc[5] += acc[4] >> 56;
-+	# acc[4] &= 0x00ffffffffffffff;
-+	SHR 9, 10, 23, 22, 56
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+	srdi	11, 7, 8	# 0x00ffffffffffffff
-+	and	22, 22, 11
-+	li	23, 0
-+
-+	# acc[6] += acc[5] >> 56;
-+	# acc[5] &= 0x00ffffffffffffff;
-+	SHR 9, 10, 25, 24, 56
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+	and	24, 24, 11
-+	li	25, 0
-+
-+	# [3]: Eliminate high bits of acc[6] */
-+	# temp = acc[6] >> 48;
-+	# acc[6] &= 0x0000ffffffffffff;
-+	SHR 31, 30, 27, 26, 48	# temp = acc[6] >> 48
-+	srdi	11, 7, 16	# 0x0000ffffffffffff
-+	and	26, 26, 11
-+	li	27, 0
-+
-+	# temp < 2^80
-+	# acc[3] += temp >> 40;
-+	SHR 9, 10, 31, 30, 40
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] += (temp & 0xffffffffff) << 16;
-+	srdi	11, 7, 24	# 0xffffffffff
-+	and	10, 30, 11
-+	sldi	10, 10, 16
-+	addc	18, 18, 10
-+	addze	19, 19
-+
-+	# acc[2] += temp >> 16;
-+	SHR 9, 10, 31, 30, 16
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] += (temp & 0xffff) << 40;
-+	srdi	11, 7, 48	# 0xffff
-+	and	10, 30, 11
-+	sldi	10, 10, 40
-+	addc	16, 16, 10
-+	addze	17, 17
-+
-+	# acc[1] -= temp >> 24;
-+	SHR 9, 10, 31, 30, 24
-+	subfc	16, 10, 16
-+	subfe	17, 9, 17
-+
-+	# acc[0] -= (temp & 0xffffff) << 32;
-+	srdi	11, 7, 40	# 0xffffff
-+	and	10, 30, 11
-+	sldi	10, 10, 32
-+	li	9, 0
-+	subfc	14, 10, 14
-+	subfe	15, 9, 15
-+
-+	# acc[0] += temp;
-+	addc	14, 14, 30
-+	adde	15, 15, 31
-+
-+	# Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6
-+	#
-+	# acc[1] += acc[0] >> 56;   /* acc[1] < acc_old[1] + 2^72 */
-+	SHR 9, 10, 15, 14, 56
-+	addc	16, 16, 10
-+	adde	17, 17, 9
-+
-+	# acc[0] &= 0x00ffffffffffffff;
-+	srdi	11, 7, 8	# 0x00ffffffffffffff
-+	and	14, 14, 11
-+	li	15, 0
-+
-+	# acc[2] += acc[1] >> 56;   /* acc[2] < acc_old[2] + 2^72 + 2^16 */
-+	SHR 9, 10, 17, 16, 56
-+	addc	18, 18, 10
-+	adde	19, 19, 9
-+
-+	# acc[1] &= 0x00ffffffffffffff;
-+	and	16, 16, 11
-+	li	17, 0
-+
-+	# acc[3] += acc[2] >> 56;   /* acc[3] < acc_old[3] + 2^72 + 2^16 */
-+	SHR 9, 10, 19, 18, 56
-+	addc	20, 20, 10
-+	adde	21, 21, 9
-+
-+	# acc[2] &= 0x00ffffffffffffff;
-+	and	18, 18, 11
-+	li	19, 0
-+
-+	# acc[4] += acc[3] >> 56;
-+	SHR 9, 10, 21, 20, 56
-+	addc	22, 22, 10
-+	adde	23, 23, 9
-+
-+	# acc[3] &= 0x00ffffffffffffff;
-+	and	20, 20, 11
-+	li	21, 0
-+
-+	# acc[5] += acc[4] >> 56;
-+	SHR 9, 10, 23, 22, 56
-+	addc	24, 24, 10
-+	adde	25, 25, 9
-+
-+	# acc[4] &= 0x00ffffffffffffff;
-+	and	22, 22, 11
-+
-+	# acc[6] += acc[5] >> 56;
-+	SHR 9, 10, 25, 24, 56
-+	addc	26, 26, 10
-+	adde	27, 27, 9
-+
-+	# acc[5] &= 0x00ffffffffffffff;
-+	and	24, 24, 11
-+
-+	std	14, 0(3)
-+	std	16, 8(3)
-+	std	18, 16(3)
-+	std	20, 24(3)
-+	std	22, 32(3)
-+	std	24, 40(3)
-+	std	26, 48(3)
-+	blr
-+.size   _p384_felem_reduce_core,.-_p384_felem_reduce_core
-+
-+.data
-+.align 4
-+.LConst:
-+# two124m68:
-+.long 0x0, 0x0, 0xfffffff0, 0xfffffff
-+# two124m116m68:
-+.long 0x0, 0x0, 0xfffffff0, 0xfefffff
-+#two124p108m76:
-+.long 0x0, 0x0, 0xfffff000, 0x10000fff
-+#two124m92m68:
-+.long 0x0, 0x0, 0xeffffff0, 0xfffffff
-+
-+.text
-+
-+#
-+# void p384_felem_square_reduce(felem out, const felem in)
-+#
-+.global p384_felem_square_reduce
-+.type   p384_felem_square_reduce,\@function
-+.align 4
-+p384_felem_square_reduce:
-+	stdu    1, -512(1)
-+	mflr	0
-+	std     14, 56(1)
-+	std     15, 64(1)
-+	std     16, 72(1)
-+	std     17, 80(1)
-+	std     18, 88(1)
-+	std     19, 96(1)
-+	std     20, 104(1)
-+	std     21, 112(1)
-+	std     22, 120(1)
-+	std     23, 128(1)
-+	std     24, 136(1)
-+	std     25, 144(1)
-+	std     26, 152(1)
-+	std     27, 160(1)
-+	std     28, 168(1)
-+	std     29, 176(1)
-+	std     30, 184(1)
-+	std     31, 192(1)
-+
-+	std	3, 496(1)
-+	addi	3, 1, 208
-+	bl _p384_felem_square_core
-+
-+	mr	4, 3
-+	ld	3, 496(1)
-+	bl _p384_felem_reduce_core
-+
-+	ld     14, 56(1)
-+	ld     15, 64(1)
-+	ld     16, 72(1)
-+	ld     17, 80(1)
-+	ld     18, 88(1)
-+	ld     19, 96(1)
-+	ld     20, 104(1)
-+	ld     21, 112(1)
-+	ld     22, 120(1)
-+	ld     23, 128(1)
-+	ld     24, 136(1)
-+	ld     25, 144(1)
-+	ld     26, 152(1)
-+	ld     27, 160(1)
-+	ld     28, 168(1)
-+	ld     29, 176(1)
-+	ld     30, 184(1)
-+	ld     31, 192(1)
-+	addi	1, 1, 512
-+	mtlr	0
-+	blr
-+.size   p384_felem_square_reduce,.-p384_felem_square_reduce
-+
-+#
-+# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2)
-+#
-+.global p384_felem_mul_reduce
-+.type   p384_felem_mul_reduce,\@function
-+.align 5
-+p384_felem_mul_reduce:
-+	stdu    1, -512(1)
-+	mflr	0
-+	std     14, 56(1)
-+	std     15, 64(1)
-+	std     16, 72(1)
-+	std     17, 80(1)
-+	std     18, 88(1)
-+	std     19, 96(1)
-+	std     20, 104(1)
-+	std     21, 112(1)
-+	std     22, 120(1)
-+	std     23, 128(1)
-+	std     24, 136(1)
-+	std     25, 144(1)
-+	std     26, 152(1)
-+	std     27, 160(1)
-+	std     28, 168(1)
-+	std     29, 176(1)
-+	std     30, 184(1)
-+	std     31, 192(1)
-+
-+	std	3, 496(1)
-+	addi	3, 1, 208
-+	bl _p384_felem_mul_core
-+
-+	mr	4, 3
-+	ld	3, 496(1)
-+	bl _p384_felem_reduce_core
-+
-+	ld     14, 56(1)
-+	ld     15, 64(1)
-+	ld     16, 72(1)
-+	ld     17, 80(1)
-+	ld     18, 88(1)
-+	ld     19, 96(1)
-+	ld     20, 104(1)
-+	ld     21, 112(1)
-+	ld     22, 120(1)
-+	ld     23, 128(1)
-+	ld     24, 136(1)
-+	ld     25, 144(1)
-+	ld     26, 152(1)
-+	ld     27, 160(1)
-+	ld     28, 168(1)
-+	ld     29, 176(1)
-+	ld     30, 184(1)
-+	ld     31, 192(1)
-+	addi	1, 1, 512
-+	mtlr	0
-+	blr
-+.size   p384_felem_mul_reduce,.-p384_felem_mul_reduce
-+___
- 
- $code =~ s/\`([^\`]*)\`/eval $1/gem;
- print $code;
-diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
-index 3fd7a40020..e0b5786bc1 100644
---- a/crypto/ec/ecp_nistp384.c
-+++ b/crypto/ec/ecp_nistp384.c
-@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in)
-     out[6] = two60m4 - in[6];
- }
- 
-+#if defined(ECP_NISTP384_ASM)
-+void p384_felem_diff64(felem out, const felem in);
-+void p384_felem_diff128(widefelem out, const widefelem in);
-+void p384_felem_diff_128_64(widefelem out, const felem in);
-+
-+# define felem_diff64           p384_felem_diff64
-+# define felem_diff128          p384_felem_diff128
-+# define felem_diff_128_64      p384_felem_diff_128_64
-+
-+#else
- /*-
-  * felem_diff64 subtracts |in| from |out|
-  * On entry:
-@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in)
-     for (i = 0; i < 2*NLIMBS-1; i++)
-         out[i] -= in[i];
- }
-+#endif /* ECP_NISTP384_ASM */
- 
- static void felem_square_ref(widefelem out, const felem in)
- {
-@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2)
-  * [3]: Y = 2^48 (acc[6] >> 48)
-  * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d)
-  */
--static void felem_reduce(felem out, const widefelem in)
-+static void felem_reduce_ref(felem out, const widefelem in)
- {
-     /*
-      * In order to prevent underflow, we add a multiple of p before subtracting.
-@@ -682,8 +693,11 @@ static void (*felem_square_p)(widefelem out, const felem in) =
- static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
-     felem_mul_wrapper;
- 
-+static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
-+
- void p384_felem_square(widefelem out, const felem in);
- void p384_felem_mul(widefelem out, const felem in1, const felem in2);
-+void p384_felem_reduce(felem out, const widefelem in);
- 
- # if defined(_ARCH_PPC64)
- #  include "crypto/ppc_arch.h"
-@@ -695,6 +709,7 @@ static void felem_select(void)
-     if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
-         felem_square_p = p384_felem_square;
-         felem_mul_p = p384_felem_mul;
-+        felem_reduce_p = p384_felem_reduce;
- 
-         return;
-     }
-@@ -703,6 +718,7 @@ static void felem_select(void)
-     /* Default */
-     felem_square_p = felem_square_ref;
-     felem_mul_p = felem_mul_ref;
-+    felem_reduce_p = p384_felem_reduce;
- }
- 
- static void felem_square_wrapper(widefelem out, const felem in)
-@@ -719,10 +735,17 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
- 
- # define felem_square felem_square_p
- # define felem_mul felem_mul_p
-+# define felem_reduce felem_reduce_p
-+
-+void p384_felem_square_reduce(felem out, const felem in);
-+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-+
-+# define felem_square_reduce p384_felem_square_reduce
-+# define felem_mul_reduce p384_felem_mul_reduce
- #else
- # define felem_square felem_square_ref
- # define felem_mul felem_mul_ref
--#endif
-+# define felem_reduce felem_reduce_ref
- 
- static ossl_inline void felem_square_reduce(felem out, const felem in)
- {
-@@ -739,6 +762,7 @@ static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem
-     felem_mul(tmp, in1, in2);
-     felem_reduce(out, tmp);
- }
-+#endif
- 
- /*-
-  * felem_inv calculates |out| = |in|^{-1}
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
deleted file mode 100644
index 0659a9d6d9..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 6b1646e472c9e8c08bb14066ba2a7c3eed45f84a Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Thu, 17 Apr 2025 08:51:53 -0500
-Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets
-
-The change adding an asm implementation of p384_felem_reduce incorrectly
-uses the accelerated version on both targets that support the intrinsics
-*and* targets that don't, instead of falling back to the generics on older
-targets.  This results in crashes when trying to use P-384 on < Power9.
-
-Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
-Closes: #27350
-Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/27429)
-
-(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
-
-CVE: CVE-2025-27587
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/6b1646e472c9e8c08bb14066ba2a7c3eed45f84a]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++----------------
- 1 file changed, 33 insertions(+), 21 deletions(-)
-
-diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
-index e0b5786bc1..439b4d03a3 100644
---- a/crypto/ec/ecp_nistp384.c
-+++ b/crypto/ec/ecp_nistp384.c
-@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
-         out[i] = acc[i];
- }
- 
-+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
-+{
-+    widefelem tmp;
-+
-+    felem_square_ref(tmp, in);
-+    felem_reduce_ref(out, tmp);
-+}
-+
-+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
-+{
-+    widefelem tmp;
-+
-+    felem_mul_ref(tmp, in1, in2);
-+    felem_reduce_ref(out, tmp);
-+}
-+
- #if defined(ECP_NISTP384_ASM)
- static void felem_square_wrapper(widefelem out, const felem in);
- static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
-@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
- 
- static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
- 
-+static void (*felem_square_reduce_p)(felem out, const felem in) =
-+    felem_square_reduce_ref;
-+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
-+    felem_mul_reduce_ref;
-+
- void p384_felem_square(widefelem out, const felem in);
- void p384_felem_mul(widefelem out, const felem in1, const felem in2);
- void p384_felem_reduce(felem out, const widefelem in);
- 
-+void p384_felem_square_reduce(felem out, const felem in);
-+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-+
- # if defined(_ARCH_PPC64)
- #  include "crypto/ppc_arch.h"
- # endif
-@@ -710,6 +734,8 @@ static void felem_select(void)
-         felem_square_p = p384_felem_square;
-         felem_mul_p = p384_felem_mul;
-         felem_reduce_p = p384_felem_reduce;
-+        felem_square_reduce_p = p384_felem_square_reduce;
-+        felem_mul_reduce_p = p384_felem_mul_reduce;
- 
-         return;
-     }
-@@ -718,7 +744,9 @@ static void felem_select(void)
-     /* Default */
-     felem_square_p = felem_square_ref;
-     felem_mul_p = felem_mul_ref;
--    felem_reduce_p = p384_felem_reduce;
-+    felem_reduce_p = felem_reduce_ref;
-+    felem_square_reduce_p = felem_square_reduce_ref;
-+    felem_mul_reduce_p = felem_mul_reduce_ref;
- }
- 
- static void felem_square_wrapper(widefelem out, const felem in)
-@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
- # define felem_mul felem_mul_p
- # define felem_reduce felem_reduce_p
- 
--void p384_felem_square_reduce(felem out, const felem in);
--void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
--
--# define felem_square_reduce p384_felem_square_reduce
--# define felem_mul_reduce p384_felem_mul_reduce
-+# define felem_square_reduce felem_square_reduce_p
-+# define felem_mul_reduce felem_mul_reduce_p
- #else
- # define felem_square felem_square_ref
- # define felem_mul felem_mul_ref
- # define felem_reduce felem_reduce_ref
- 
--static ossl_inline void felem_square_reduce(felem out, const felem in)
--{
--    widefelem tmp;
--
--    felem_square(tmp, in);
--    felem_reduce(out, tmp);
--}
--
--static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
--{
--    widefelem tmp;
--
--    felem_mul(tmp, in1, in2);
--    felem_reduce(out, tmp);
--}
-+# define felem_square_reduce felem_square_reduce_ref
-+# define felem_mul_reduce felem_mul_reduce_ref
- #endif
- 
- /*-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.2.4.bb
rename to meta/recipes-connectivity/openssl/openssl_3.2.6.bb
index fd98b32007..4756f5aaa6 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb
@@ -13,15 +13,13 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
            file://0001-Added-handshake-history-reporting-when-test-fails.patch \
            file://CVE-2024-41996.patch \
-           file://CVE-2025-27587-1.patch \
-           file://CVE-2025-27587-2.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "b23ad7fd9f73e43ad1767e636040e88ba7c9e5775bfa5618436a0dd2c17c3716"
+SRC_URI[sha256sum] = "89681a9ddaa9ed7cf25ea8ef61338db805200bae47d00510490623547380c148"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

From patchwork Fri Oct 10 02:50:35 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72006
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 379E9CCD184
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:21 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web10.2348.1760064671335248290
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=E7uJbTGh;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-77f605f22easo1474199b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064670;
 x=1760669470; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Gb3qiW23ytEPxNJjRB5+xtaHjIT86yyqkGn260gGNOU=;
        b=E7uJbTGhQsIe9HAq1R/4nYZmFxomN2qzbFVon70gjGugBz4iBT721VhmPkNRdyAiWS
         YoPusd92yWywuOCLMei+7p1L/ZUWNGSJDacj0kBd26m2gKfUB0djxZ1MZSPBrYWIj/oC
         uh7a85DuPvZSfN0a4/2+gx8Kvk9L9//N1s0h2xS2zgAMg98a77c0bGPFbX0pmkjadDO2
         K2RJ8aYc+uu5ueHngKmKkekRySrLGzt9wElzoUAxYifHxg8eyOr4VwfzjTvpEkOm4CMj
         +XnLl9RJPH8NvIKb9im+m0XFfM6eI+1NctL0cRM1hjMXqtFlTgBeAi0IyQmlQm5ucuZ+
         4cFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064670; x=1760669470;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Gb3qiW23ytEPxNJjRB5+xtaHjIT86yyqkGn260gGNOU=;
        b=oBNZMSxkSXUd/7Qca5cy9LrTNFLliJlXl1QcLxfUk7jsh5kwvPoend4tOHMHvKfcQn
         heF34glLQ4lvwrfVnjYF2hJkH3SVbj0IbDnP6hoJ2pkvTs99ABn9ntZ9pRuwcpZYQyyO
         s7Cw7WtvR7pSBxd/9KtL+yCd+0OSavzIEjuTt8OQTV+L24T5cCwhq1v5+i9F72d9IFX0
         Je0ZfF0OaUbeu28aMFoKeVepdyknB7KMb4f+Pvv9jRjR+i1WuFo8F8CqastHAEhJuwJH
         sYpllf3D6JimgKPBHlZUsm4T2CL/Hkpf+CTDbIhlqROwxMZaGwFfdf8d5ZNFbJzzEuWY
         fEcg==
X-Gm-Message-State: AOJu0YwIcMpzA6TP4jxX3cYpxtLe9XipKDlyFAls5oY5lLleDSnQ49bL
	K4Q6c0Y+70rEudeJ2ck6vZkLdPVad7PuNpA9bJrXVsJhYACveqM9VD2Zf57JJHvgzxhZfLjghf3
	XlYXv
X-Gm-Gg: ASbGncszpzijxQcfuuP3dVlrxqw8SFl87srV1E0M4KaWTEd5b9d6gsap99QaYpRnD0t
	Kz6rzITmbgCuHHD4V/IzHJoHyiVAYyPoemXjidkfvYNu1e9pX8FnbsuMYU5YmVJV7JyCaIPUpHa
	EUP9STohbrT3v2wsRXe61S/ll7mFAsfPJOj/5coNGlehrF36vmUT15nFFVWFrn/Lnt2nky4zdWI
	XFRCn7Mjgh5MIoXcKwZcbcxzmSr4Mw0qw49buDRX7933MIcfvG17guugw+Bya5TUbBH/7OMNj9+
	LkoG/kHHyx88NTAWSQnsAmbvJMzshw/4rSUxwXbkPPYYcpDFvRIzDj2DoYAStChnr/58PXVtIAK
	/AhXAb4lOACySgKptjN8nf6A3w01nMTW1Jar2iA==
X-Google-Smtp-Source: 
 AGHT+IG9flEE2qwRURs6lRTaNhhTp4+xobPpKcw04s9jGxM1i4TixG0tQm6LfRwRI3k4gA5JfeGWwQ==
X-Received: by 2002:a05:6a20:914c:b0:243:a2fa:e526 with SMTP id
 adf61e73a8af0-32da81521cdmr13324431637.25.1760064670580;
        Thu, 09 Oct 2025 19:51:10 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.09
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:10 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 16/18] conf/bitbake.conf: use gnu mirror instead
 of main server
Date: Thu,  9 Oct 2025 19:50:35 -0700
Message-ID: 
 <6f936359ac954e35fee968af8206334d03cb32e4.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224660

From: Gyorgy Sarvari <skandigraun@gmail.com>

ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.

Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.

This information was sourced from https://www.gnu.org/prep/ftp.html .

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8c6f01d7467e018aa0ed27a87850d9e4434a47a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index acf4e2d153..e20b17fad6 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -703,7 +703,7 @@ DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool"
 GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles"
 GNOME_GIT = "git://gitlab.gnome.org/GNOME"
 GNOME_MIRROR = "https://download.gnome.org/sources/"
-GNU_MIRROR = "https://ftp.gnu.org/gnu"
+GNU_MIRROR = "https://ftpmirror.gnu.org/gnu"
 GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt"
 GPE_MIRROR = "http://gpe.linuxtogo.org/download/source"
 KERNELORG_MIRROR = "https://cdn.kernel.org/pub"

From patchwork Fri Oct 10 02:50:36 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72007
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37A21CCD18C
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:21 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web11.2335.1760064672760305320
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:12 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=hhuX3Lhd;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-781997d195aso1158210b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064672;
 x=1760669472; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uK+ETqNyh6W/dRg5YGs+c3GAjxJq+DLi8mAqhFXr47s=;
        b=hhuX3LhdLBtEteB6mwVoxgvVEs7MYWxmd1X428m5Wo7E0VNjlVUO0liLxcOPZ8sw5n
         86s5PxCvuuFKqd1RbWw/i93VkbHog2hPeoWTMKPbUNDGsFHlbGwNKAdBO0/gJeSPNRhO
         MGfGbOWVU+cO6S7mxDcQ1I96a7/3QbGTeYhsGX8bVKFFWPbVsnAMXX1GVOBuYPIwVe/f
         /jo424Q2TINHnuOubK47h0/TpoLVdtDl/T3h7QSgd5NWBiZjOei4WRpegQy36LUa6iL0
         LbZ/Uh2udbA2ItEVFfIyOCxtNMcnfqvPMST4CLp3v3BW6MZGj7n0q3XUQ48p1pR18zI7
         1w7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064672; x=1760669472;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=uK+ETqNyh6W/dRg5YGs+c3GAjxJq+DLi8mAqhFXr47s=;
        b=dHpkvU4OY4H+8+NGAzTaeWoEzcLUMCFrv9E5H9JCPDBjMY+HCaGYKisvNGOewSGbiD
         45VGZzjcjmyktcg6kC5Yq3tQGcvuAOoDM+mVyFXhTpwdP4v06L4WuSOPxrOvm+Mb9U4o
         okXX4gtlXMGZn02ONPZIPK5JcAAKrI8Jap+Tu61KJ46q2Oi6XQiLFnoe3MfLL687++qY
         2QChosy+RggDFs7VYXwqg6vR95R5RFMgd7hS9eG1R+yLAJmOWlmYI3jknxoUAl9Dv/pJ
         8VJ9MP2I38YGbYjfhSnom/SSDJV3/IOnoqs3KNQFNlv5n8Bmfm84BG6vMx5ahBRAgsv0
         Ix7A==
X-Gm-Message-State: AOJu0YwtehXr2YCyWp1TWy9/hWlY0ETJj2qIomIHsXfzT7Gfo1rT8NXu
	gz4jU+MgDahRJeewEV95rwvfN5l/Yweu/08euPuKcOrBk18aEo2NpeTJSrxN3v9O533NYPVnDeU
	89E+G
X-Gm-Gg: ASbGnct/wghYfJFp475l3S8NL4w4oWFHmCAgxKT0Zpd+X4YGL07kyOBLKzbnc1PEY4F
	I+5Pd7HXXSIKSwTbq7xH2EilKg987ruJJ5TZpWT8d33tCU8+/y7w4o5eeF9GM3VYjNjIdeklc1K
	6l9YwO8MRf0TT6xhKhGFGiK0nGDkLqyWM1yJpTE4qRTt6ILhrj5iKf9wIqoCSOpo27Rlxy7bC/m
	qbpwmDhSE1NtPY9CD9okEt5c32sXjBCeo+9gy1zLVkGv0z+FnM3Rwa5u9CZHix93AzWYZrG7QUS
	X6IxzKuOQXwCnz0XnmePL8oaCm+T6rONMz2zjnVO01tvVYNdMNIodgHkkcxPG89P0rcNgqAwGjo
	IXtwYNA+p2gHyHFyzM/4F1TWJdV+6VcNt
X-Google-Smtp-Source: 
 AGHT+IEPFDxJch+dhBQL0BB4cML4l+5nsGCGw0+oShb304lGo0wO+M3jyHsFz5Nn77/5w/ddR6hf/g==
X-Received: by 2002:a05:6a00:2444:b0:781:1cc0:d0ce with SMTP id
 d2e1a72fcca58-7938705204dmr11374119b3a.16.1760064671964;
        Thu, 09 Oct 2025 19:51:11 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.11
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:11 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 17/18] selftest/cases/meta_ide.py: use use gnu
 mirror instead of main server
Date: Thu,  9 Oct 2025 19:50:36 -0700
Message-ID: 
 <8cf1a828abe0f6b9dee96b4fc8076f407def33a3.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224661

ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.

Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.

This information was sourced from https://www.gnu.org/prep/ftp.html

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/meta_ide.py b/meta/lib/oeqa/selftest/cases/meta_ide.py
index 5a17ca52ea..086aac2655 100644
--- a/meta/lib/oeqa/selftest/cases/meta_ide.py
+++ b/meta/lib/oeqa/selftest/cases/meta_ide.py
@@ -44,7 +44,7 @@ class MetaIDE(OESelftestTestCase):
     def test_meta_ide_can_build_cpio_project(self):
         dl_dir = self.td.get('DL_DIR', None)
         self.project = SDKBuildProject(self.tmpdir_metaideQA + "/cpio/", self.environment_script_path,
-                        "https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz",
+                        "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.15.tar.gz",
                         self.tmpdir_metaideQA, self.td['DATETIME'], dl_dir=dl_dir)
         self.project.download_archive()
         self.assertEqual(self.project.run_configure('$CONFIGURE_FLAGS'), 0,

From patchwork Fri Oct 10 02:50:37 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 72008
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4492ECCD183
	for <webhook@archiver.kernel.org>; Fri, 10 Oct 2025 02:51:21 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web11.2337.1760064674269485170
 for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:14 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=VspNEoEA;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-782023ca359so1635291b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Thu, 09 Oct 2025 19:51:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1760064673;
 x=1760669473; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=bxDcayZQj6ds41uTN6slZiFIpIlfB2OI86YIgeOwFl0=;
        b=VspNEoEAXabzhefDnokB9eTnNnBK4Q2gdnR2akJOejIbvcveXYBu3olc6UrDxehxBP
         SGs0MC20W3Xh8F0YLj9xB97S26scuy/tSRkvhU56hFSzBJ63ycArjjBwSsEEOvqw2+xG
         /syFKxiMqsI9XfV93XUTq4SnfUrSfQGB+nIV29wCcQlWhXExBdqOzXHz+P1J5EpavMuL
         ViQfA505YUwqmdSpOOZjr83F0PGoUjkmSD+yCEipAl6YUMQ+Tk8DvczSvlGdGsF3geoF
         GWP8SI80L0Aa3uUcDRvXkgrzYyfnqWpx+TqS24ZVE6vE8WttTJ5tWCjnc+EFSJbrfCQr
         Mwpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760064673; x=1760669473;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=bxDcayZQj6ds41uTN6slZiFIpIlfB2OI86YIgeOwFl0=;
        b=gSK7Hb45k6EeAetxcVf7prPSfiqWkHPKPeehcSmiy+0SXKGDz/uaOwllh0QPFc6dgt
         a7pTLXsDWd5e/dviVSkDMMTmFhZMElcl22+iJ41/ihcKVhiVe2v07CzK4ssmX2n/wJRH
         6YwIBeRKIbP4W3kRM4Po8kv2lJUjBwChDvOjzAkZlCcAUB0t4l+AaEg18QkA1sKgqJzL
         4ZGwWIVMxrdUPqumnYGpqu4rrvnAcUarVElNzhus0CTdQWRpXD0RVRv/MjvF7HVgN2zM
         XtZEMUSuny8PVu+iyJvAam75GCikOy8LmqbmUzPuJEsSjhM2yERe6ytBK0t/+tziN0GP
         +bOg==
X-Gm-Message-State: AOJu0YwfFjGi7ugcNPxDPiRA24kWHhoWhh6rhzr3PXVob+ciJWu6wNDX
	aULuHL0+K+79xDR3v51Djd+iAAUtENIGvAuBazAlrKUc8Mbgl0NX/hZrb1vAyP6p0btxolxJGcT
	CryFC
X-Gm-Gg: ASbGncs3Lh+b+HK8hiY2rfLXRfQ05x8w//fynif41o8mQCJNJ9rHPYsJ0xgYdJ/J0wy
	N3AHRjhYUdB4lrsQdbTaiP11O5W9GzxbdZX8+d8Poa1aTA8wo0wlaVxqvg2FGECZs2zjVakqo1Q
	WNZO3Lqbo2oN+c6YaJaYYfAeeVUwikd3O9yAVS/DG5y3lx+QfPqqllJIMFv0GUKMg0d2HBLLsio
	yhhMpOSPZXQ3kEhBVVnFBE0NydMLTVllyIH0KjAtHfWyOBYw0RHT00orEH8CC/i6zg+k+xglr8h
	DbZz/TtY9bKti/7HZz+EqhNoicLkftYdMHa8Pay2LfCrb6fy0Yzf1eAduP85K5i4g6KWtyw1I93
	U9CKaLOdmXXcVY0uXlf7OZYyp8Ngcm2Nc
X-Google-Smtp-Source: 
 AGHT+IEArVFctqW5RSvySNDZFSml0/X6sdWug3JF557j81UkLLneuBrGY1vym3VUj/q6fcGxsWnfwg==
X-Received: by 2002:a05:6a00:4fd4:b0:78a:f784:e8cf with SMTP id
 d2e1a72fcca58-79387829619mr10586109b3a.27.1760064673449;
        Thu, 09 Oct 2025 19:51:13 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:abff:bce5:2cb1:3b46])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7992bb116basm1215764b3a.30.2025.10.09.19.51.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Oct 2025 19:51:13 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 18/18] oeqa/sdk/cases/buildcpio.py: use gnu
 mirror instead of main server
Date: Thu,  9 Oct 2025 19:50:37 -0700
Message-ID: 
 <99d549ed135626718fb1615d367eb7c59127b032.1760064493.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
References: <cover.1760064493.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 10 Oct 2025 02:51:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/224662

ftp.gnu.org is the main server of the GNU project, however download speed
can vary greatly based on one's location.

Using ftpmirror.gnu.org should redirect the request to the closest up-to-date mirror,
which should result sometimes in significantly faster download speed, depending
on one's location. This should also distribute the traffic more across the mirrors.

This information was sourced from https://www.gnu.org/prep/ftp.html

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/cases/buildcpio.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py
index ab8fc41876..4148463267 100644
--- a/meta/lib/oeqa/sdk/cases/buildcpio.py
+++ b/meta/lib/oeqa/sdk/cases/buildcpio.py
@@ -24,7 +24,7 @@ class BuildCpioTest(OESDKTestCase):
 
     def test_cpio(self):
         with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir:
-            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz")
+            tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.15.tar.gz")
 
             dirs = {}
             dirs["source"] = os.path.join(testdir, "cpio-2.15")