From patchwork Wed Nov  2 02:41:51 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14653
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26ABFC43217
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:32 +0000 (UTC)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web12.1981.1667356946855244179
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=C/NkT/DR;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.46,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f46.google.com with SMTP id
 b1-20020a17090a7ac100b00213fde52d49so675238pjl.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jihRIC1z4Hx0o28MW3oMtBHap3QCXmMEMlSiSSAtO2Y=;
        b=C/NkT/DR+MU2fZrk9SmbJQvecRSftIx6o1GKB6VqHhuhEaLkRIDteVzg3kbJxO+NZ7
         IMUNG6/NBfMcHV7xn9DqJupfQ4pXPJmd7dJ54w8fJmKvQt8uSLpJyQohKs7s6KglSyPV
         Ht5F7j4oCt6VdHyv21hPhqlxGpwtm3vXNZ/WJX2O2SNvGutp6EexyqB+2+ikDc29HjH1
         tgo6f3CTn2BcwKGxI33dkqVasFTRC7h01naFcZRpkZKGQjJ+LsiAPOkQxJxZcvbCXcIE
         RLwoKSWgrHmS5VidtGzIGR2y9CnOe/GLN452+dPAyCyh+wolZ13+4CXZZyMjuHmZVyeN
         pKjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jihRIC1z4Hx0o28MW3oMtBHap3QCXmMEMlSiSSAtO2Y=;
        b=bOcVapBuceYOeqbNFoNKQx0JjguEz4/cJ+aoHnXKuEg9D6TaobdGBO1saFEgk7xKuR
         7PCeSDwN9Z4gJdel7WV422RFr0cI4QhE4hBLXm30reJ1/me0BpJThJZqG2P3TFCgah3u
         KMVRJK1zekY/437i1I1qPVbQ207PBnSLDTqK8TpYFL1E/L5SljgySWMe9YSmDPUpmosq
         Ggo50EcdqAgyXl11L2gc6gZE8Gtw5LE+4Vd12PUGnb00rgKDFPvwGsloJDaeHjaNX1Ib
         WVoDuAltyepqCjKarmE9QxrvyFn62G7QYh3EhDQngU1Aul0b2hibO5sTVg4BeGsOdHKZ
         bvSg==
X-Gm-Message-State: ACrzQf1m8KFWnMuwK+Ac4y3LUjWS4JwAmj5gxgZ1SvAoNNNh79LWRFQW
	Dzc2o67kPBbf97N5AcjjV8Bfp2qPgc3uDQQ7
X-Google-Smtp-Source: 
 AMsMyM5FwKy2+g3w7NmBhgDJY1Zb6ZZQk86erMqe4pzow9pa4ixXnN7oP6TgIFhWFbzNhaUOKliAJQ==
X-Received: by 2002:a17:903:32d1:b0:187:143f:4c5b with SMTP id
 i17-20020a17090332d100b00187143f4c5bmr17568663plr.54.1667356945849;
        Tue, 01 Nov 2022 19:42:25 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:25 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 01/20] openssl: CVE-2022-3358 Using a Custom
 Cipher with NID_undef may lead to NULL encryption
Date: Tue,  1 Nov 2022 16:41:51 -1000
Message-Id: 
 <c28dc71f17133f6e4470fc0c1a552c743869b3ad.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:32 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172541

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
Description:
	CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
Affects "openssl < 3.0.6"

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/openssl/CVE-2022-3358.patch       | 55 +++++++++++++++++++
 .../openssl/openssl_3.0.5.bb                  |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
new file mode 100644
index 0000000000..18b2a5a6b2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
@@ -0,0 +1,55 @@
+From 56e1d693f0ec5550a8e3dd52d30e57a02f0287af Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 19 Oct 2022 11:08:23 +0530
+Subject: [PATCH] CVE-2022-3358
+
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
+CVE : CVE-2022-3358
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ crypto/evp/digest.c  | 4 +++-
+ crypto/evp/evp_enc.c | 6 ++++--
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index de9a1dc..e6e03ea 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -225,7 +225,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
+             || tmpimpl != NULL
+ #endif
+             || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
+-            || type->origin == EVP_ORIG_METH) {
++            || (type != NULL && type->origin == EVP_ORIG_METH)
++            || (type == NULL && ctx->digest != NULL
++                             && ctx->digest->origin == EVP_ORIG_METH)) {
+         if (ctx->digest == ctx->fetched_digest)
+             ctx->digest = NULL;
+         EVP_MD_free(ctx->fetched_digest);
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index 19a07de..5df08bd 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -131,7 +131,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
+ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
+             || tmpimpl != NULL
+ #endif
+-            || impl != NULL) {
++            || impl != NULL
++            || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
++            || (cipher == NULL && ctx->cipher != NULL
++                               && ctx->cipher->origin == EVP_ORIG_METH)) {
+         if (ctx->cipher == ctx->fetched_cipher)
+             ctx->cipher = NULL;
+         EVP_CIPHER_free(ctx->fetched_cipher);
+@@ -147,7 +150,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
+         ctx->cipher_data = NULL;
+     }
+ 
+-
+     /* Start of non-legacy code below */
+ 
+     /* Ensure a context left lying around from last time is cleared */
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
index 04aff04fab..175692436d 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           file://CVE-2022-3358.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Wed Nov  2 02:41:52 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14655
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 27781C4167B
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:32 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web09.1955.1667356949082934658
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:29 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=E54IQzfd;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.49,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f49.google.com with SMTP id l6so14990431pjj.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xZEHOQFbsB0dfJokELpO+ERnsDScGGknmyXG0417CDg=;
        b=E54IQzfdP/g9Tq1c03itQhnuKYXmYXnlK9mdTJ8ai6/XK8bB/nev96SdV2xh96TTvN
         thZdprftnoBjqBduQaY5F1HK9kCk185B7Yy1uUc6KaER0Qwd98XJBZhsM2O1tjCKDz+F
         MgTeBs/zy6Fs8HbqeRnN/j5Q9P8+/N6NqPgZ02JjCIJvRdQJw+F4efvkisH9DSYXvXqN
         nEFDFPwdwiaSwFfmLRrGmxatORM/9dIpLnWPC8IrNfrnGMdFOcWf/iqV2qk8AUT3kF7w
         yJ8oT1xQ6wvPUYyFv1Yz+qbVWbgkSObihh2lMl8MNh+g/GvEhHY5Uo93oxF+dKhaZJ6Z
         yBuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xZEHOQFbsB0dfJokELpO+ERnsDScGGknmyXG0417CDg=;
        b=WMuOVgQLiYdpmX1tmiG047h/3SFrYZyAaCiqvV4ZgafQq0puKB8Z5wstpODxn53Dcm
         l3p+OS5pzUXsghDP1P6qOJnGKP6disv9oxucec7dbe33XNMjMtaTXKN++QAbYy2wNOxG
         o9c57fXPPRu4P9FlCU7Gf2LDx5Wg4g66w+6tHNL4BMeufS2lnODMOWsbj8qVI4Eh5mBI
         8ofRKWMadBcZDlqQTjjdaZS298XLtR8WrMPpNPTl67EVvQjnpDY4vyqgvAq5ZI89SQry
         G3Po5sy6kGGnXrpqnirZjUS6wkwbmnjCQnkmcuCGMcQ01ZvzkHuZX5X3kvO8B7+BiOeV
         GvZQ==
X-Gm-Message-State: ACrzQf34YJ1ksLlnzX/1/ygo5zvc3iscv8bx2eYgMKA7t71NCuh9tiF5
	1VI0MSoFIQmBDjjS2Wh4yg2fHWAk67Yay/3P
X-Google-Smtp-Source: 
 AMsMyM43spwX1rHKpqHTagHPiID49k8C5hyN8vfItmmC3kCBFZzysWYwIWY3PLJCyvRko40Orv86xA==
X-Received: by 2002:a17:902:b117:b0:186:a1fd:c3df with SMTP id
 q23-20020a170902b11700b00186a1fdc3dfmr22191457plr.23.1667356948081;
        Tue, 01 Nov 2022 19:42:28 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:27 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 02/20] libx11: apply the fix for CVE-2022-3554
Date: Tue,  1 Nov 2022 16:41:52 -1000
Message-Id: 
 <3a65a787d1b53f57cd0eedbf7a70ce6dcde0d148.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:32 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172542

From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5d30f124274d2822d72b56f84eb8c8ae64e31e0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ak-in-XRegisterIMInstantiateCallback.patch | 57 +++++++++++++++++++
 .../recipes-graphics/xorg-lib/libx11_1.8.1.bb |  1 +
 2 files changed, 58 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch b/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
new file mode 100644
index 0000000000..722116c07e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2022-3554
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Tue, 4 Oct 2022 18:26:17 -0400
+Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback
+
+Analysis:
+
+    _XimRegisterIMInstantiateCallback() opens an XIM and closes it using
+    the internal function pointers, but the internal close function does
+    not free the pointer to the XIM (this would be done in XCloseIM()).
+
+Report/patch:
+
+    Date: Mon, 03 Oct 2022 18:47:32 +0800
+    From: Po Lu <luangruo@yahoo.com>
+    To: xorg-devel@lists.x.org
+    Subject: Re: Yet another leak in Xlib
+
+    For reference, here's how I'm calling XRegisterIMInstantiateCallback:
+
+    XSetLocaleModifiers ("");
+    XRegisterIMInstantiateCallback (compositor.display,
+                                    XrmGetDatabase (compositor.display),
+                                    (char *) compositor.resource_name,
+                                    (char *) compositor.app_name,
+                                    IMInstantiateCallback, NULL);
+
+    and XMODIFIERS is:
+
+        @im=ibus
+
+Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
+---
+ modules/im/ximcp/imInsClbk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
+index 95b379cb..c10e347f 100644
+--- a/modules/im/ximcp/imInsClbk.c
++++ b/modules/im/ximcp/imInsClbk.c
+@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback(
+     if( xim ) {
+ 	lock = True;
+ 	xim->methods->close( (XIM)xim );
++	/* XIMs must be freed manually after being opened; close just
++	   does the protocol to deinitialize the IM.  */
++	XFree( xim );
+ 	lock = False;
+ 	icb->call = True;
+ 	callback( display, client_data, NULL );
+-- 
+2.34.1
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb b/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
index 1dcc3abee9..9ff196c897 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.8.1.bb
@@ -15,6 +15,7 @@ PE = "1"
 SRC_URI = "${XORG_MIRROR}/individual/lib/${XORG_PN}-${PV}.tar.xz"
 
 SRC_URI += "file://disable_tests.patch \
+            file://0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch \
            "
 SRC_URI[sha256sum] = "1bc41aa1bbe01401f330d76dfa19f386b79c51881c7bbfee9eb4e27f22f2d9f7"
 

From patchwork Wed Nov  2 02:41:53 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14652
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 11314C43219
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:32 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web12.1982.1667356951013526101
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:31 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=XthZB3IF;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id v17so12279973plo.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=o0UDy3Qx4cQMDwsNHBkiy1iG/F1wbL28JbmwAb/5frI=;
        b=XthZB3IF3tajSmJfDiQzGj6N2Lxx/A1j333t3Xd9H67fPCnfWRJJ5Pih4Cotm2DKQu
         nlba/X+qUspDuwCpvaU9weGwnWim5tj3PrCFFjkzhLV9uHfytdFcsdzktDF2tTJr3pyQ
         23dn0fjpFugnxC0Veh8b7uRaCdZbiE+/SjwNc1ZyWAdhy3kdxg6Ha/dg3yrBmy6YPxsT
         cZhD5ThCRxrt4iNXwUjkCmJlgYXDmHhEfEv8Wk2aJ2d7huU6URFcAemx00mobI8tfrLO
         fzzMkbHeg6927oVKmW4uiaX8C8RUwdH7I4Wq6N8XEZNmkS5Kn7G0PoHEJYUsO2pUGpqQ
         mZqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=o0UDy3Qx4cQMDwsNHBkiy1iG/F1wbL28JbmwAb/5frI=;
        b=xyQsRvggQNiPSHNHQzzXPSyXoWvEDce9K1bDAlZyV524TAIy2wVUW63Ia8BS49t6jo
         7Bpz0dvNU2N+DoClCZvWL29Pv6Q5UVKTH4aG/QDk3Q7lEIfvNxvqcesEfFVjxz2Zw5Dy
         4udSj9znupw2k9Gz9x8UJHMoQmbWvNgYbFdOG2lZbSZlQ8buGRRORmV3/2rgpGYBvAu8
         tDDu8DNgVzRNvFV2pVo1NI5qqEVHEFz6QW2PF0EfrRX/ZQQ62YQKSVfvHf6hFRLleLHZ
         ihVt2kZM5cYoQlq2R8o7Aylc54FpUlN0Xm3X/gP/KY5t4+kWk6vmtoll2w/RJ7XwdClX
         14zQ==
X-Gm-Message-State: ACrzQf0nVM0QEslVSzlEpikUNjyQbO8kC+JjS5WV1k75ga1LeZSzBoCy
	T4JjINmy2s0Bs219eAQ4oWBoU6S3LxVpg6uu
X-Google-Smtp-Source: 
 AMsMyM5sePcvwS9TuvE6F4j9MXu2msWwBXIQ+35qjMT4+tAtwpE/Wc+9hCwzXe2p3ND73tg2g5hKOw==
X-Received: by 2002:a17:902:ce88:b0:186:b345:97c0 with SMTP id
 f8-20020a170902ce8800b00186b34597c0mr22965147plg.13.1667356950069;
        Tue, 01 Nov 2022 19:42:30 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:29 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 03/20] xserver-xorg: ignore CVE-2022-3553 as it is
 XQuartz-specific
Date: Tue,  1 Nov 2022 16:41:53 -1000
Message-Id: 
 <2017ed15cc5b29319fe1b769c1fcfc5c2f799fd8.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:32 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172543

From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 769576f36aac9652525beec5c7e8a4d26632b844)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index 057a1ba6ad..dd741270a7 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -28,6 +28,8 @@ CVE_CHECK_IGNORE += "CVE-2011-4613"
 # impossible or difficult to exploit. There is currently no upstream patch
 # available for this flaw.
 CVE_CHECK_IGNORE += "CVE-2020-25697"
+# This is specific to XQuartz, which is the macOS X server port
+CVE_CHECK_IGNORE += "CVE-2022-3553"
 
 S = "${WORKDIR}/${XORG_PN}-${PV}"
 

From patchwork Wed Nov  2 02:41:54 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14659
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E8CFCC433FE
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:41 +0000 (UTC)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by mx.groups.io with SMTP id smtpd.web10.1930.1667356952965183414
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:33 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=qpR/PJyn;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f176.google.com with SMTP id k22so15213059pfd.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ROdS+nBgcJ04okS1NXGqbedWyrzPoBcLMkEuFrqq7mw=;
        b=qpR/PJynzHXwpJuXt4GdXpF1TgcWoAkIch3vBhQeMh+j3MPd+SXDtJ4/H3JU2h8rfD
         GdIlVYpbkejZa8ENtm9EWAM+GyTl9GffHFh/q4hGyiStOifF7hK3ZMx/oKm8160jmPmN
         sdOoBwVy201u+2qn59i5ziL5BFW2q8gYyUxQ7rG18uToX2WfzEbi3J9aJ0R7t7XcB03K
         tyPoXd5rPFX1cyPvpcMWT0fVm557XTT9E6OUoOIvxUXXklXHar0F18WXS7wW6YYNCfhb
         ty0UHtWyPwpV3GGrzWns03eI0GnLBVVpSmsgV3ZtoMNVNJ/wHiB3nB956pfap4Ft4EKi
         5kiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ROdS+nBgcJ04okS1NXGqbedWyrzPoBcLMkEuFrqq7mw=;
        b=OIh+bxp5a4CjRhUeYLSv4InTjfC4ULEN4NuopXXXIzTuHiWPchD58KevLQg6DxH4VP
         9/bqybNSNasSL+nt0jUB0WnW6QudvqNAahbtjkZ25fhLqdMc5iZBEANiOgEOsDz+wjA0
         gR6PqpnnZx2ZSTy+OZlVHSPS3we8Do9n1Q2zSm1F9/JTlDJ0qGUKZHbY4XXYpIXPgzqf
         OvifliBvbR+z+RSZQs/FyJaozzkPcAQqtIWh/R63oLmz0vaF1fXAf/idyKb+6mBxZJtn
         mdORQ2Wx87YiOnvTxAqyFB1r91HtyyX2UsBp8i2iEAgbmJBlm01xLMm1RnP0j2n0B3or
         JswQ==
X-Gm-Message-State: ACrzQf1kgv+V3dLTr2/C7l5Gpd+fJhpP6/SJ17KtWV11N1mAJ2fTMZ3E
	wtKmg3JikS+nBMx8sorjS2hGZXuhzi+2oLvO
X-Google-Smtp-Source: 
 AMsMyM78dftZDFXGoe5MzPlW2WHNLvaz+VzpZFx8oZW21j10epLt08LilBeKhc3iD34fr1WAd9pHtQ==
X-Received: by 2002:a63:cf0d:0:b0:46e:96b9:2760 with SMTP id
 j13-20020a63cf0d000000b0046e96b92760mr19630950pgg.328.1667356951883;
        Tue, 01 Nov 2022 19:42:31 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:31 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 04/20] xserver-xorg: backport fixes for
 CVE-2022-3550 and CVE-2022-3551
Date: Tue,  1 Nov 2022 16:41:54 -1000
Message-Id: 
 <9163db79ec90ff4b8ecd189f5fb6e44e27b9e53b.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172544

From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e32401d8bf44afcca88af7e4c5948d2c28e1813f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...possible-memleaks-in-XkbGetKbdByName.patch | 63 +++++++++++++++++++
 ...ntedString-against-request-length-at.patch | 38 +++++++++++
 .../xorg-xserver/xserver-xorg_21.1.4.bb       |  2 +
 3 files changed, 103 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
new file mode 100644
index 0000000000..0e61ec5953
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
@@ -0,0 +1,63 @@
+CVE: CVE-2022-3551
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 13 Jul 2022 11:23:09 +1000
+Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
+
+GetComponentByName returns an allocated string, so let's free that if we
+fail somewhere.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 4692895db..b79a269e3 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
+     xkb = dev->key->xkbInfo->desc;
+     status = Success;
+     str = (unsigned char *) &stuff[1];
+-    if (GetComponentSpec(&str, TRUE, &status))  /* keymap, unsupported */
+-        return BadMatch;
++    {
++        char *keymap = GetComponentSpec(&str, TRUE, &status);  /* keymap, unsupported */
++        if (keymap) {
++            free(keymap);
++            return BadMatch;
++        }
++    }
+     names.keycodes = GetComponentSpec(&str, TRUE, &status);
+     names.types = GetComponentSpec(&str, TRUE, &status);
+     names.compat = GetComponentSpec(&str, TRUE, &status);
+     names.symbols = GetComponentSpec(&str, TRUE, &status);
+     names.geometry = GetComponentSpec(&str, TRUE, &status);
+-    if (status != Success)
++    if (status == Success) {
++        len = str - ((unsigned char *) stuff);
++        if ((XkbPaddedSize(len) / 4) != stuff->length)
++            status = BadLength;
++    }
++
++    if (status != Success) {
++        free(names.keycodes);
++        free(names.types);
++        free(names.compat);
++        free(names.symbols);
++        free(names.geometry);
+         return status;
+-    len = str - ((unsigned char *) stuff);
+-    if ((XkbPaddedSize(len) / 4) != stuff->length)
+-        return BadLength;
++    }
+ 
+     CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
+     CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
+-- 
+2.34.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
new file mode 100644
index 0000000000..6f862e82f9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-xkb-proof-GetCountedString-against-request-length-at.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2022-3550
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 11beef0b7f1ed290348e45618e5fa0d2bffcb72e Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 5 Jul 2022 12:06:20 +1000
+Subject: [PATCH] xkb: proof GetCountedString against request length attacks
+
+GetCountedString did a check for the whole string to be within the
+request buffer but not for the initial 2 bytes that contain the length
+field. A swapped client could send a malformed request to trigger a
+swaps() on those bytes, writing into random memory.
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ xkb/xkb.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index f42f59ef3..1841cff26 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5137,6 +5137,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
+     CARD16 len;
+ 
+     wire = *wire_inout;
++
++    if (client->req_len <
++        bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
++        return BadValue;
++
+     len = *(CARD16 *) wire;
+     if (client->swapped) {
+         swaps(&len);
+-- 
+2.34.1
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
index b9cbc9989e..aba09afec3 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.4.bb
@@ -2,6 +2,8 @@ require xserver-xorg.inc
 
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
+           file://0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch \
+           file://0001-xkb-proof-GetCountedString-against-request-length-at.patch \
            "
 SRC_URI[sha256sum] = "5cc4be8ee47edb58d4a90e603a59d56b40291ad38371b0bd2471fc3cbee1c587"
 

From patchwork Wed Nov  2 02:41:55 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14660
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 059DFC4321E
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:42 +0000 (UTC)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web12.1981.1667356946855244179
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:35 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=oMoSqcx+;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.46,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f46.google.com with SMTP id
 b1-20020a17090a7ac100b00213fde52d49so675436pjl.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=EtoppmPfwbQnWdiDBvgKZDYfIPo4k4EZUZONPpFJrxI=;
        b=oMoSqcx+updqjM4ibGc+jGqlJT8e5l6Ds4yWb+6e8IxKpSasFKc0TE1DqphYhdqj2E
         wL/h5a2nwRq6ALu9zmqCfEcy15ONO0HGoaTtXf580wy1pFI6pnXttd5pMjbMvikZ80TF
         7gLsfSYGb/7FiAqYn3fT0XW6mlyM9r0Dv9lzbSlptpg1Ymvlmesa1f+OwvXR90wvEpRW
         PkwxD40nDfZvPTTvUXNsFHJMYHk8ir3o2qLSEC4Wj9bce9RLtcqlbq3cIzhK8lTwtvWL
         vpj0xXBLGVKB7XpGuLA2ApNUGOOA/JtKc75uJbGghjZyOEDL8Fat0EZpoUoxY3CTMyxU
         2q5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=EtoppmPfwbQnWdiDBvgKZDYfIPo4k4EZUZONPpFJrxI=;
        b=i5807IfuF0uZiaARP+B0AHqK1eeRN9KDgxrvokjKcwzfGBNS8WHpXd2870ZP+3Z/da
         iHe5xGXHFcZ/+yyI3oJ3P9I3DnScuYpxzUGA5PE7lU72kdv6Np0gv4eMGz2l9OSeKmO4
         CwLaF0Vst84pcLx73leYhkZ1VwnH1rNEYCq47s8dGhfWWAy0k0NAXuuN7OUFiq1WZcOz
         Bq8MKHI7b5eOpr7p77GaftrNvkxtaB8zpf5hRyxoiKOCu4gmOFN9FlxmhCLrGvFCWwUV
         wwOybLzxBwklQceQwMCRNwEHp+9+jSeI4LU4U77Y33V1YCZRQb4FI+cTZBNoTNveWRER
         DRbA==
X-Gm-Message-State: ACrzQf30MCHqLrpcXoC+HbD1qe7gaKOxx4mg2vSxGyFZQqgnAcU4wme1
	MbOgJdxhX14M0dWg3Vc4CdYG1gwayaXMGckf
X-Google-Smtp-Source: 
 AMsMyM56EmxloMD/iCDSRE1Nnszq/Mbto13b9UPP9WBaZ+7hcNmpa7Y6QqQ2kJda/De8upWR8Y1qPw==
X-Received: by 2002:a17:902:8ec8:b0:186:9c32:79c8 with SMTP id
 x8-20020a1709028ec800b001869c3279c8mr22882820plo.105.1667356954195;
        Tue, 01 Nov 2022 19:42:34 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:33 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 05/20] tiff: fix a number of CVEs
Date: Tue,  1 Nov 2022 16:41:55 -1000
Message-Id: 
 <bfd6d135a555e854e30d45ea36b0cbd612e322df.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:42 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172545

From: Ross Burton <ross.burton@arm.com>

Backport fixes from upstream for the following CVEs:
- CVE-2022-3599
- CVE-2022-3597
- CVE-2022-3626
- CVE-2022-3627
- CVE-2022-3570
- CVE-2022-3598

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 722bbb88777cc3c7d1c8273f1279fc18ba33e87c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 266 +++++++
 ...fcrop-S-option-Make-decision-simpler.patch |  36 +
 ...-incompatibility-of-Z-X-Y-z-options-.patch |  59 ++
 ...ines-require-a-larger-buffer-fixes-2.patch | 653 ++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.4.0.bb |   5 +-
 5 files changed, 1018 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch

diff --git a/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
new file mode 100644
index 0000000000..ce72c86120
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
@@ -0,0 +1,266 @@
+CVE: CVE-2022-3599
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From f00484b9519df933723deb38fff943dc291a793d Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Tue, 30 Aug 2022 16:56:48 +0200
+Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related
+ TIFFTAG_NUMBEROFINKS value
+
+In order to solve the buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value, a revised handling of those tags within LibTiff is proposed:
+
+Behaviour for writing:
+    `NumberOfInks`  MUST fit to the number of inks in the `InkNames` string.
+    `NumberOfInks` is automatically set when `InkNames` is set.
+    If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
+    If `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
+
+Behaviour for reading:
+    When reading `InkNames` from a TIFF file, the `NumberOfInks` will be set automatically to the number of inks in `InkNames` string.
+    If `NumberOfInks` is different to the number of inks within `InkNames` string, that will be corrected and a warning is issued.
+    If  `NumberOfInks` is not equal to samplesperpixel only a warning will be issued.
+
+This allows the safe use of the NumberOfInks value to read out the InkNames without buffer overflow
+
+This MR will close the following issues:  #149, #150, #152, #168 (to be checked), #250, #269, #398 and #456.
+
+It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue.
+---
+ libtiff/tif_dir.c      | 119 ++++++++++++++++++++++++-----------------
+ libtiff/tif_dir.h      |   2 +
+ libtiff/tif_dirinfo.c  |   2 +-
+ libtiff/tif_dirwrite.c |   5 ++
+ libtiff/tif_print.c    |   4 ++
+ 5 files changed, 82 insertions(+), 50 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 793e8a79..816f7756 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -136,32 +136,30 @@ setExtraSamples(TIFF* tif, va_list ap, uint32_t* v)
+ }
+ 
+ /*
+- * Confirm we have "samplesperpixel" ink names separated by \0.  Returns 
++ * Count ink names separated by \0.  Returns
+  * zero if the ink names are not as expected.
+  */
+-static uint32_t
+-checkInkNamesString(TIFF* tif, uint32_t slen, const char* s)
++static uint16_t
++countInkNamesString(TIFF *tif, uint32_t slen, const char *s)
+ {
+-	TIFFDirectory* td = &tif->tif_dir;
+-	uint16_t i = td->td_samplesperpixel;
++	uint16_t i = 0;
++	const char *ep = s + slen;
++	const char *cp = s;
+ 
+ 	if (slen > 0) {
+-		const char* ep = s+slen;
+-		const char* cp = s;
+-		for (; i > 0; i--) {
++		do {
+ 			for (; cp < ep && *cp != '\0'; cp++) {}
+ 			if (cp >= ep)
+ 				goto bad;
+ 			cp++;				/* skip \0 */
+-		}
+-		return ((uint32_t)(cp - s));
++			i++;
++		} while (cp < ep);
++		return (i);
+ 	}
+ bad:
+ 	TIFFErrorExt(tif->tif_clientdata, "TIFFSetField",
+-	    "%s: Invalid InkNames value; expecting %"PRIu16" names, found %"PRIu16,
+-	    tif->tif_name,
+-	    td->td_samplesperpixel,
+-	    (uint16_t)(td->td_samplesperpixel-i));
++		"%s: Invalid InkNames value; no NUL at given buffer end location %"PRIu32", after %"PRIu16" ink",
++		tif->tif_name, slen, i);
+ 	return (0);
+ }
+ 
+@@ -478,13 +476,61 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
+ 		_TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6);
+ 		break;
+ 	case TIFFTAG_INKNAMES:
+-		v = (uint16_t) va_arg(ap, uint16_vap);
+-		s = va_arg(ap, char*);
+-		v = checkInkNamesString(tif, v, s);
+-		status = v > 0;
+-		if( v > 0 ) {
+-			_TIFFsetNString(&td->td_inknames, s, v);
+-			td->td_inknameslen = v;
++		{
++			v = (uint16_t) va_arg(ap, uint16_vap);
++			s = va_arg(ap, char*);
++			uint16_t ninksinstring;
++			ninksinstring = countInkNamesString(tif, v, s);
++			status = ninksinstring > 0;
++			if(ninksinstring > 0 ) {
++				_TIFFsetNString(&td->td_inknames, s, v);
++				td->td_inknameslen = v;
++				/* Set NumberOfInks to the value ninksinstring */
++				if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS))
++				{
++					if (td->td_numberofinks != ninksinstring) {
++						TIFFErrorExt(tif->tif_clientdata, module,
++							"Warning %s; Tag %s:\n  Value %"PRIu16" of NumberOfInks is different from the number of inks %"PRIu16".\n  -> NumberOfInks value adapted to %"PRIu16"",
++							tif->tif_name, fip->field_name, td->td_numberofinks, ninksinstring, ninksinstring);
++						td->td_numberofinks = ninksinstring;
++					}
++				} else {
++					td->td_numberofinks = ninksinstring;
++					TIFFSetFieldBit(tif, FIELD_NUMBEROFINKS);
++				}
++				if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL))
++				{
++					if (td->td_numberofinks != td->td_samplesperpixel) {
++						TIFFErrorExt(tif->tif_clientdata, module,
++							"Warning %s; Tag %s:\n  Value %"PRIu16" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"",
++							tif->tif_name, fip->field_name, td->td_numberofinks, td->td_samplesperpixel);
++					}
++				}
++			}
++		}
++		break;
++	case TIFFTAG_NUMBEROFINKS:
++		v = (uint16_t)va_arg(ap, uint16_vap);
++		/* If InkNames already set also NumberOfInks is set accordingly and should be equal */
++		if (TIFFFieldSet(tif, FIELD_INKNAMES))
++		{
++			if (v != td->td_numberofinks) {
++				TIFFErrorExt(tif->tif_clientdata, module,
++					"Error %s; Tag %s:\n  It is not possible to set the value %"PRIu32" for NumberOfInks\n  which is different from the number of inks in the InkNames tag (%"PRIu16")",
++					tif->tif_name, fip->field_name, v, td->td_numberofinks);
++				/* Do not set / overwrite number of inks already set by InkNames case accordingly. */
++				status = 0;
++			}
++		} else {
++			td->td_numberofinks = (uint16_t)v;
++			if (TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL))
++			{
++				if (td->td_numberofinks != td->td_samplesperpixel) {
++					TIFFErrorExt(tif->tif_clientdata, module,
++						"Warning %s; Tag %s:\n  Value %"PRIu32" of NumberOfInks is different from the SamplesPerPixel value %"PRIu16"",
++						tif->tif_name, fip->field_name, v, td->td_samplesperpixel);
++				}
++			}
+ 		}
+ 		break;
+ 	case TIFFTAG_PERSAMPLE:
+@@ -986,34 +1032,6 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
+ 	if (fip->field_bit == FIELD_CUSTOM) {
+ 		standard_tag = 0;
+ 	}
+-	
+-        if( standard_tag == TIFFTAG_NUMBEROFINKS )
+-        {
+-            int i;
+-            for (i = 0; i < td->td_customValueCount; i++) {
+-                uint16_t val;
+-                TIFFTagValue *tv = td->td_customValues + i;
+-                if (tv->info->field_tag != standard_tag)
+-                    continue;
+-                if( tv->value == NULL )
+-                    return 0;
+-                val = *(uint16_t *)tv->value;
+-                /* Truncate to SamplesPerPixel, since the */
+-                /* setting code for INKNAMES assume that there are SamplesPerPixel */
+-                /* inknames. */
+-                /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
+-                if( val > td->td_samplesperpixel )
+-                {
+-                    TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
+-                                   "Truncating NumberOfInks from %u to %"PRIu16,
+-                                   val, td->td_samplesperpixel);
+-                    val = td->td_samplesperpixel;
+-                }
+-                *va_arg(ap, uint16_t*) = val;
+-                return 1;
+-            }
+-            return 0;
+-        }
+ 
+ 	switch (standard_tag) {
+ 		case TIFFTAG_SUBFILETYPE:
+@@ -1195,6 +1213,9 @@ _TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
+ 		case TIFFTAG_INKNAMES:
+ 			*va_arg(ap, const char**) = td->td_inknames;
+ 			break;
++		case TIFFTAG_NUMBEROFINKS:
++			*va_arg(ap, uint16_t *) = td->td_numberofinks;
++			break;
+ 		default:
+ 			{
+ 				int i;
+diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
+index 09065648..0c251c9e 100644
+--- a/libtiff/tif_dir.h
++++ b/libtiff/tif_dir.h
+@@ -117,6 +117,7 @@ typedef struct {
+ 	/* CMYK parameters */
+ 	int     td_inknameslen;
+ 	char*   td_inknames;
++	uint16_t td_numberofinks;                 /* number of inks in InkNames string */
+ 
+ 	int     td_customValueCount;
+         TIFFTagValue *td_customValues;
+@@ -174,6 +175,7 @@ typedef struct {
+ #define FIELD_TRANSFERFUNCTION         44
+ #define FIELD_INKNAMES                 46
+ #define FIELD_SUBIFD                   49
++#define FIELD_NUMBEROFINKS             50
+ /*      FIELD_CUSTOM (see tiffio.h)    65 */
+ /* end of support for well-known tags; codec-private tags follow */
+ #define FIELD_CODEC                    66  /* base of codec-private tags */
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 3371cb5c..3b4bcd33 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -114,7 +114,7 @@ tiffFields[] = {
+ 	{ TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", (TIFFFieldArray*) &tiffFieldArray },
+ 	{ TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL },
+ 	{ TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL },
+-	{ TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "NumberOfInks", NULL },
++	{ TIFFTAG_NUMBEROFINKS, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_NUMBEROFINKS, 1, 0, "NumberOfInks", NULL },
+ 	{ TIFFTAG_DOTRANGE, 2, 2, TIFF_SHORT, 0, TIFF_SETGET_UINT16_PAIR, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DotRange", NULL },
+ 	{ TIFFTAG_TARGETPRINTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "TargetPrinter", NULL },
+ 	{ TIFFTAG_EXTRASAMPLES, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_C16_UINT16, TIFF_SETGET_UNDEFINED, FIELD_EXTRASAMPLES, 0, 1, "ExtraSamples", NULL },
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 6c86fdca..062e4610 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -626,6 +626,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64_t* pdiroff)
+ 				if (!TIFFWriteDirectoryTagAscii(tif,&ndir,dir,TIFFTAG_INKNAMES,tif->tif_dir.td_inknameslen,tif->tif_dir.td_inknames))
+ 					goto bad;
+ 			}
++			if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS))
++			{
++				if (!TIFFWriteDirectoryTagShort(tif, &ndir, dir, TIFFTAG_NUMBEROFINKS, tif->tif_dir.td_numberofinks))
++					goto bad;
++			}
+ 			if (TIFFFieldSet(tif,FIELD_SUBIFD))
+ 			{
+ 				if (!TIFFWriteDirectoryTagSubifd(tif,&ndir,dir))
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 16ce5780..a91b9e7b 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -397,6 +397,10 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ 		}
+                 fputs("\n", fd);
+ 	}
++	if (TIFFFieldSet(tif, FIELD_NUMBEROFINKS)) {
++		fprintf(fd, "  NumberOfInks: %d\n",
++			td->td_numberofinks);
++	}
+ 	if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) {
+ 		fprintf(fd, "  Thresholding: ");
+ 		switch (td->td_threshholding) {
+-- 
+2.34.1
+
diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch b/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
new file mode 100644
index 0000000000..02642ecfbc
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-S-option-Make-decision-simpler.patch
@@ -0,0 +1,36 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 20 Aug 2022 23:35:26 +0200
+Subject: [PATCH] tiffcrop -S option: Make decision simpler.
+
+---
+ tools/tiffcrop.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c3b758ec..8fd856dc 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2133,11 +2133,11 @@ void  process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+     }
+     /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
+     char XY, Z, R, S;
+-    XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
+-    Z = (crop_data->crop_mode & CROP_ZONES);
+-    R = (crop_data->crop_mode & CROP_REGIONS);
+-    S = (page->mode & PAGE_MODE_ROWSCOLS);
+-    if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
++    XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0;
++    Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
++    R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
++    S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
++    if (XY + Z + R + S > 1) {
+         TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
+         exit(EXIT_FAILURE);
+     }
+-- 
+2.34.1
+
diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch b/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
new file mode 100644
index 0000000000..3e33f4adea
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4746f16253b784287bc8a5003990c1c3b9a03a62 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Thu, 25 Aug 2022 16:11:41 +0200
+Subject: [PATCH] tiffcrop: disable incompatibility of -Z, -X, -Y, -z options
+ with any PAGE_MODE_x option (fixes #411 and #413)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+tiffcrop does not support –Z, -z, -X and –Y options together with any other PAGE_MODE_x options like  -H, -V, -P, -J, -K or –S.
+
+Code analysis:
+
+With the options –Z, -z, the crop.selections are set to a value > 0. Within main(), this triggers the call of processCropSelections(), which copies the sections from the read_buff into seg_buffs[].
+In the following code in main(), the only supported step, where that seg_buffs are further handled are within an if-clause with  if (page.mode == PAGE_MODE_NONE) .
+
+Execution of the else-clause often leads to buffer-overflows.
+
+Therefore, the above option combination is not supported and will be disabled to prevent those buffer-overflows.
+
+The MR solves issues #411 and #413.
+---
+ doc/tools/tiffcrop.rst |  8 ++++++++
+ tools/tiffcrop.c       | 32 +++++++++++++++++++++++++-------
+ 2 files changed, 33 insertions(+), 7 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 8fd856dc..41a2ea36 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2138,9 +2143,20 @@ void  process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+     R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
+     S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
+     if (XY + Z + R + S > 1) {
+-        TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
++        TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit");
+         exit(EXIT_FAILURE);
+     }
++
++    /* Check for not allowed combination:
++     * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
++     * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
++.    */
++    if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) {
++        TIFFError("tiffcrop input error",
++            "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit");
++        exit(EXIT_FAILURE);
++    }
++
+   }  /* end process_command_opts */
+ 
+ /* Start a new output file if one has not been previously opened or
+-- 
+2.34.1
+
diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch b/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
new file mode 100644
index 0000000000..e44b9bc57c
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
@@ -0,0 +1,653 @@
+CVE: CVE-2022-3570 CVE-2022-3598
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From afd7086090dafd3949afd172822cbcec4ed17d56 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Thu, 13 Oct 2022 14:33:27 +0000
+Subject: [PATCH] tiffcrop subroutines require a larger buffer (fixes #271,
+ #381, #386, #388, #389, #435)
+
+---
+ tools/tiffcrop.c | 209 ++++++++++++++++++++++++++---------------------
+ 1 file changed, 118 insertions(+), 91 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 41a2ea36..deab5feb 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -212,6 +212,10 @@ static   char tiffcrop_rev_date[] = "26-08-2022";
+ 
+ #define TIFF_DIR_MAX  65534
+ 
++/* Some conversion subroutines require image buffers, which are at least 3 bytes
++ * larger than the necessary size for the image itself. */
++#define NUM_BUFF_OVERSIZE_BYTES   3
++
+ /* Offsets into buffer for margins and fixed width and length segments */
+ struct offset {
+   uint32_t  tmargin;
+@@ -233,7 +237,7 @@ struct offset {
+  */
+ 
+ struct  buffinfo {
+-  uint32_t size;           /* size of this buffer */
++  size_t size;           /* size of this buffer */
+   unsigned char *buffer; /* address of the allocated buffer */
+ };
+ 
+@@ -810,8 +814,8 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf,
+   uint32_t dst_rowsize, shift_width;
+   uint32_t bytes_per_sample, bytes_per_pixel;
+   uint32_t trailing_bits, prev_trailing_bits;
+-  uint32_t tile_rowsize  = TIFFTileRowSize(in);
+-  uint32_t src_offset, dst_offset;
++  tmsize_t tile_rowsize  = TIFFTileRowSize(in);
++  tmsize_t src_offset, dst_offset;
+   uint32_t row_offset, col_offset;
+   uint8_t *bufp = (uint8_t*) buf;
+   unsigned char *src = NULL;
+@@ -861,7 +865,7 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8_t* buf,
+       TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
+       exit(EXIT_FAILURE);
+   }
+-  tilebuf = limitMalloc(tile_buffsize + 3);
++  tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+   if (tilebuf == 0)
+     return 0;
+   tilebuf[tile_buffsize] = 0;
+@@ -1024,7 +1028,7 @@ static int  readSeparateTilesIntoBuffer (TIFF* in, uint8_t *obuf,
+   for (sample = 0; (sample < spp) && (sample < MAX_SAMPLES); sample++)
+     {
+     srcbuffs[sample] = NULL;
+-    tbuff = (unsigned char *)limitMalloc(tilesize + 8);
++    tbuff = (unsigned char *)limitMalloc(tilesize + NUM_BUFF_OVERSIZE_BYTES);
+     if (!tbuff)
+       {
+       TIFFError ("readSeparateTilesIntoBuffer", 
+@@ -1217,7 +1221,8 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+   }
+   rowstripsize = rowsperstrip * bytes_per_sample * (width + 1); 
+ 
+-  obuf = limitMalloc (rowstripsize);
++  /* Add 3 padding bytes for extractContigSamples32bits */
++  obuf = limitMalloc (rowstripsize + NUM_BUFF_OVERSIZE_BYTES);
+   if (obuf == NULL)
+     return 1;
+   
+@@ -1229,7 +1234,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+ 
+       stripsize = TIFFVStripSize(out, nrows);
+       src = buf + (row * rowsize);
+-      memset (obuf, '\0', rowstripsize);
++      memset (obuf, '\0',rowstripsize + NUM_BUFF_OVERSIZE_BYTES);
+       if (extractContigSamplesToBuffer(obuf, src, nrows, width, s, spp, bps, dump))
+         {
+         _TIFFfree(obuf);
+@@ -1237,10 +1242,15 @@ writeBufferToSeparateStrips (TIFF* out, uint8_t* buf,
+ 	}
+       if ((dump->outfile != NULL) && (dump->level == 1))
+         {
+-        dump_info(dump->outfile, dump->format,"", 
++          if (scanlinesize > 0x0ffffffffULL) {
++              dump_info(dump->infile, dump->format, "loadImage",
++                  "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.",
++                  scanlinesize);
++          }
++          dump_info(dump->outfile, dump->format,"",
+                   "Sample %2d, Strip: %2d, bytes: %4d, Row %4d, bytes: %4d, Input offset: %6d", 
+-                  s + 1, strip + 1, stripsize, row + 1, scanlinesize, src - buf);
+-        dump_buffer(dump->outfile, dump->format, nrows, scanlinesize, row, obuf);
++                  s + 1, strip + 1, stripsize, row + 1, (uint32_t)scanlinesize, src - buf);
++        dump_buffer(dump->outfile, dump->format, nrows, (uint32_t)scanlinesize, row, obuf);
+ 	}
+ 
+       if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0)
+@@ -1267,7 +1277,7 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng
+   uint32_t tl, tw;
+   uint32_t row, col, nrow, ncol;
+   uint32_t src_rowsize, col_offset;
+-  uint32_t tile_rowsize  = TIFFTileRowSize(out);
++  tmsize_t tile_rowsize  = TIFFTileRowSize(out);
+   uint8_t* bufp = (uint8_t*) buf;
+   tsize_t tile_buffsize = 0;
+   tsize_t tilesize = TIFFTileSize(out);
+@@ -1310,9 +1320,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8_t* buf, uint32_t imageleng
+   }
+   src_rowsize = ((imagewidth * spp * bps) + 7U) / 8;
+ 
+-  tilebuf = limitMalloc(tile_buffsize);
++  /* Add 3 padding bytes for extractContigSamples32bits */
++  tilebuf = limitMalloc(tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+   if (tilebuf == 0)
+     return 1;
++  memset(tilebuf, 0, tile_buffsize + NUM_BUFF_OVERSIZE_BYTES);
+   for (row = 0; row < imagelength; row += tl)
+     {
+     nrow = (row + tl > imagelength) ? imagelength - row : tl;
+@@ -1358,7 +1370,8 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele
+                                        uint32_t imagewidth, tsample_t spp,
+                                        struct dump_opts * dump)
+   {
+-  tdata_t obuf = limitMalloc(TIFFTileSize(out));
++  /* Add 3 padding bytes for extractContigSamples32bits */
++  tdata_t obuf = limitMalloc(TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES);
+   uint32_t tl, tw;
+   uint32_t row, col, nrow, ncol;
+   uint32_t src_rowsize, col_offset;
+@@ -1368,6 +1381,7 @@ static int writeBufferToSeparateTiles (TIFF* out, uint8_t* buf, uint32_t imagele
+ 
+   if (obuf == NULL)
+     return 1;
++  memset(obuf, 0, TIFFTileSize(out) + NUM_BUFF_OVERSIZE_BYTES);
+ 
+   if( !TIFFGetField(out, TIFFTAG_TILELENGTH, &tl) ||
+       !TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw) ||
+@@ -1793,14 +1807,14 @@ void  process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
+                       
+                     *opt_offset = '\0';
+                     /* convert option to lowercase */
+-                    end = strlen (opt_ptr);
++                    end = (unsigned int)strlen (opt_ptr);
+                     for (i = 0; i < end; i++)
+                       *(opt_ptr + i) = tolower((int) *(opt_ptr + i));
+                     /* Look for dump format specification */
+                     if (strncmp(opt_ptr, "for", 3) == 0)
+                       {
+ 		      /* convert value to lowercase */
+-                      end = strlen (opt_offset + 1);
++                      end = (unsigned int)strlen (opt_offset + 1);
+                       for (i = 1; i <= end; i++)
+                         *(opt_offset + i) = tolower((int) *(opt_offset + i));
+                       /* check dump format value */
+@@ -2273,6 +2287,8 @@ main(int argc, char* argv[])
+   size_t length;
+   char   temp_filename[PATH_MAX + 16]; /* Extra space keeps the compiler from complaining */
+ 
++  assert(NUM_BUFF_OVERSIZE_BYTES >= 3);
++
+   little_endian = *((unsigned char *)&little_endian) & '1';
+ 
+   initImageData(&image);
+@@ -3227,13 +3243,13 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+       /* If we have a full buffer's worth, write it out */
+       if (ready_bits >= 32)
+         {
+-        bytebuff1 = (buff2 >> 56);
++        bytebuff1 = (uint8_t)(buff2 >> 56);
+         *dst++ = bytebuff1;
+-        bytebuff2 = (buff2 >> 48);
++        bytebuff2 = (uint8_t)(buff2 >> 48);
+         *dst++ = bytebuff2;
+-        bytebuff3 = (buff2 >> 40);
++        bytebuff3 = (uint8_t)(buff2 >> 40);
+         *dst++ = bytebuff3;
+-        bytebuff4 = (buff2 >> 32);
++        bytebuff4 = (uint8_t)(buff2 >> 32);
+         *dst++ = bytebuff4;
+         ready_bits -= 32;
+                     
+@@ -3642,13 +3658,13 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
+         }
+       else  /* If we have a full buffer's worth, write it out */
+         {
+-        bytebuff1 = (buff2 >> 56);
++        bytebuff1 = (uint8_t)(buff2 >> 56);
+         *dst++ = bytebuff1;
+-        bytebuff2 = (buff2 >> 48);
++        bytebuff2 = (uint8_t)(buff2 >> 48);
+         *dst++ = bytebuff2;
+-        bytebuff3 = (buff2 >> 40);
++        bytebuff3 = (uint8_t)(buff2 >> 40);
+         *dst++ = bytebuff3;
+-        bytebuff4 = (buff2 >> 32);
++        bytebuff4 = (uint8_t)(buff2 >> 32);
+         *dst++ = bytebuff4;
+         ready_bits -= 32;
+                     
+@@ -3825,10 +3841,10 @@ extractContigSamplesToTileBuffer(uint8_t *out, uint8_t *in, uint32_t rows, uint3
+ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf)
+ {
+         uint8_t* bufp = buf;
+-        int32_t  bytes_read = 0;
++        tmsize_t  bytes_read = 0;
+         uint32_t strip, nstrips   = TIFFNumberOfStrips(in);
+-        uint32_t stripsize = TIFFStripSize(in);
+-        uint32_t rows = 0;
++        tmsize_t stripsize = TIFFStripSize(in);
++        tmsize_t rows = 0;
+         uint32_t rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
+         tsize_t scanline_size = TIFFScanlineSize(in);
+ 
+@@ -3841,11 +3857,11 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8_t* buf)
+                 bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1);
+                 rows = bytes_read / scanline_size;
+                 if ((strip < (nstrips - 1)) && (bytes_read != (int32_t)stripsize))
+-                        TIFFError("", "Strip %"PRIu32": read %"PRId32" bytes, strip size %"PRIu32,
++                        TIFFError("", "Strip %"PRIu32": read %"PRId64" bytes, strip size %"PRIu64,
+                                   strip + 1, bytes_read, stripsize);
+ 
+                 if (bytes_read < 0 && !ignore) {
+-                        TIFFError("", "Error reading strip %"PRIu32" after %"PRIu32" rows",
++                        TIFFError("", "Error reading strip %"PRIu32" after %"PRIu64" rows",
+                                   strip, rows);
+                         return 0;
+                 }
+@@ -4310,13 +4326,13 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ 	/* If we have a full buffer's worth, write it out */
+ 	if (ready_bits >= 32)
+ 	  {
+-	  bytebuff1 = (buff2 >> 56);
++	  bytebuff1 = (uint8_t)(buff2 >> 56);
+ 	  *dst++ = bytebuff1;
+-	  bytebuff2 = (buff2 >> 48);
++	  bytebuff2 = (uint8_t)(buff2 >> 48);
+ 	  *dst++ = bytebuff2;
+-	  bytebuff3 = (buff2 >> 40);
++	  bytebuff3 = (uint8_t)(buff2 >> 40);
+ 	  *dst++ = bytebuff3;
+-	  bytebuff4 = (buff2 >> 32);
++	  bytebuff4 = (uint8_t)(buff2 >> 32);
+ 	  *dst++ = bytebuff4;
+ 	  ready_bits -= 32;
+                     
+@@ -4359,10 +4375,10 @@ combineSeparateSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ 	         "Row %3d, Col %3d, Src byte offset %3d  bit offset %2d  Dst offset %3d",
+ 		 row + 1, col + 1, src_byte, src_bit, dst - out);
+ 
+-      dump_long (dumpfile, format, "Match bits ", matchbits);
++      dump_wide (dumpfile, format, "Match bits ", matchbits);
+       dump_data (dumpfile, format, "Src   bits ", src, 4);
+-      dump_long (dumpfile, format, "Buff1 bits ", buff1);
+-      dump_long (dumpfile, format, "Buff2 bits ", buff2);
++      dump_wide (dumpfile, format, "Buff1 bits ", buff1);
++      dump_wide (dumpfile, format, "Buff2 bits ", buff2);
+       dump_byte (dumpfile, format, "Write bits1", bytebuff1);
+       dump_byte (dumpfile, format, "Write bits2", bytebuff2);
+       dump_info (dumpfile, format, "", "Ready bits:  %2d", ready_bits); 
+@@ -4835,13 +4851,13 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ 	/* If we have a full buffer's worth, write it out */
+ 	if (ready_bits >= 32)
+ 	  {
+-	  bytebuff1 = (buff2 >> 56);
++	  bytebuff1 = (uint8_t)(buff2 >> 56);
+ 	  *dst++ = bytebuff1;
+-	  bytebuff2 = (buff2 >> 48);
++	  bytebuff2 = (uint8_t)(buff2 >> 48);
+ 	  *dst++ = bytebuff2;
+-	  bytebuff3 = (buff2 >> 40);
++	  bytebuff3 = (uint8_t)(buff2 >> 40);
+ 	  *dst++ = bytebuff3;
+-	  bytebuff4 = (buff2 >> 32);
++	  bytebuff4 = (uint8_t)(buff2 >> 32);
+ 	  *dst++ = bytebuff4;
+ 	  ready_bits -= 32;
+                     
+@@ -4884,10 +4900,10 @@ combineSeparateTileSamples32bits (uint8_t *in[], uint8_t *out, uint32_t cols,
+ 	         "Row %3d, Col %3d, Src byte offset %3d  bit offset %2d  Dst offset %3d",
+ 		 row + 1, col + 1, src_byte, src_bit, dst - out);
+ 
+-      dump_long (dumpfile, format, "Match bits ", matchbits);
++      dump_wide (dumpfile, format, "Match bits ", matchbits);
+       dump_data (dumpfile, format, "Src   bits ", src, 4);
+-      dump_long (dumpfile, format, "Buff1 bits ", buff1);
+-      dump_long (dumpfile, format, "Buff2 bits ", buff2);
++      dump_wide (dumpfile, format, "Buff1 bits ", buff1);
++      dump_wide (dumpfile, format, "Buff2 bits ", buff2);
+       dump_byte (dumpfile, format, "Write bits1", bytebuff1);
+       dump_byte (dumpfile, format, "Write bits2", bytebuff2);
+       dump_info (dumpfile, format, "", "Ready bits:  %2d", ready_bits); 
+@@ -4910,7 +4926,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+   {
+   int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
+   uint32_t j;
+-  int32_t  bytes_read = 0;
++  tmsize_t  bytes_read = 0;
+   uint16_t bps = 0, planar;
+   uint32_t nstrips;
+   uint32_t strips_per_sample;
+@@ -4976,7 +4992,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+   for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
+     {
+     srcbuffs[s] = NULL;
+-    buff = limitMalloc(stripsize + 3);
++    buff = limitMalloc(stripsize + NUM_BUFF_OVERSIZE_BYTES);
+     if (!buff)
+       {
+       TIFFError ("readSeparateStripsIntoBuffer", 
+@@ -4999,7 +5015,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8_t *obuf, uint32_t lengt
+       buff = srcbuffs[s];
+       strip = (s * strips_per_sample) + j; 
+       bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize);
+-      rows_this_strip = bytes_read / src_rowsize;
++      rows_this_strip = (uint32_t)(bytes_read / src_rowsize);
+       if (bytes_read < 0 && !ignore)
+         {
+         TIFFError(TIFFFileName(in),
+@@ -6062,13 +6078,14 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+   uint16_t   input_compression = 0, input_photometric = 0;
+   uint16_t   subsampling_horiz, subsampling_vert;
+   uint32_t   width = 0, length = 0;
+-  uint32_t   stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0;
++  tmsize_t   stsize = 0, tlsize = 0, buffsize = 0;
++  tmsize_t   scanlinesize = 0;
+   uint32_t   tw = 0, tl = 0;       /* Tile width and length */
+-  uint32_t   tile_rowsize = 0;
++  tmsize_t   tile_rowsize = 0;
+   unsigned char *read_buff = NULL;
+   unsigned char *new_buff  = NULL;
+   int      readunit = 0;
+-  static   uint32_t  prev_readsize = 0;
++  static   tmsize_t  prev_readsize = 0;
+ 
+   TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
+   TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp);
+@@ -6325,6 +6342,8 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+     /* The buffsize_check and the possible adaptation of buffsize 
+      * has to account also for padding of each line to a byte boundary. 
+      * This is assumed by mirrorImage() and rotateImage().
++     * Furthermore, functions like extractContigSamplesShifted32bits()
++     * need a buffer, which is at least 3 bytes larger than the actual image.
+      * Otherwise buffer-overflow might occur there.
+      */
+     buffsize_check = length * (uint32_t)(((width * spp * bps) + 7) / 8);
+@@ -6376,7 +6395,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+         TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+         return (-1);
+     }
+-    read_buff = (unsigned char *)limitMalloc(buffsize+3);
++    read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+   }
+   else
+     {
+@@ -6387,11 +6406,11 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+           TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+           return (-1);
+       }
+-      new_buff = _TIFFrealloc(read_buff, buffsize+3);
++      new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
+       if (!new_buff)
+         {
+ 	free (read_buff);
+-        read_buff = (unsigned char *)limitMalloc(buffsize+3);
++        read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+         }
+       else
+         read_buff = new_buff;
+@@ -6464,8 +6483,13 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+     dump_info  (dump->infile, dump->format, "", 
+                 "Bits per sample %"PRIu16", Samples per pixel %"PRIu16, bps, spp);
+ 
++    if (scanlinesize > 0x0ffffffffULL) {
++        dump_info(dump->infile, dump->format, "loadImage",
++            "Attention: scanlinesize %"PRIu64" is larger than UINT32_MAX.\nFollowing dump might be wrong.",
++            scanlinesize);
++    }
+     for (i = 0; i < length; i++)
+-      dump_buffer(dump->infile, dump->format, 1, scanlinesize, 
++      dump_buffer(dump->infile, dump->format, 1, (uint32_t)scanlinesize, 
+                   i, read_buff + (i * scanlinesize));
+     }
+   return (0);
+@@ -7485,13 +7509,13 @@ writeSingleSection(TIFF *in, TIFF *out, struct image_data *image,
+      if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) {
+        TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks);
+        if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) {
+-	 int inknameslen = strlen(inknames) + 1;
++	 int inknameslen = (int)strlen(inknames) + 1;
+ 	 const char* cp = inknames;
+ 	 while (ninks > 1) {
+ 	   cp = strchr(cp, '\0');
+ 	   if (cp) {
+ 	     cp++;
+-	     inknameslen += (strlen(cp) + 1);
++	     inknameslen += ((int)strlen(cp) + 1);
+ 	   }
+ 	   ninks--;
+          }
+@@ -7554,23 +7578,23 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ 
+   if (!sect_buff)
+     {
+-    sect_buff = (unsigned char *)limitMalloc(sectsize);
++    sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES);
+     if (!sect_buff)
+     {
+         TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+         return (-1);
+     }
+-    _TIFFmemset(sect_buff, 0, sectsize);
++    _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+     }
+   else
+     {
+     if (prev_sectsize < sectsize)
+       {
+-      new_buff = _TIFFrealloc(sect_buff, sectsize);
++      new_buff = _TIFFrealloc(sect_buff, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+       if (!new_buff)
+         {
+           _TIFFfree (sect_buff);
+-        sect_buff = (unsigned char *)limitMalloc(sectsize);
++        sect_buff = (unsigned char *)limitMalloc(sectsize + NUM_BUFF_OVERSIZE_BYTES);
+         }
+       else
+         sect_buff = new_buff;
+@@ -7580,7 +7604,7 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+           TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+           return (-1);
+       }
+-      _TIFFmemset(sect_buff, 0, sectsize);
++      _TIFFmemset(sect_buff, 0, sectsize + NUM_BUFF_OVERSIZE_BYTES);
+       }
+     }
+ 
+@@ -7611,17 +7635,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+     cropsize = crop->bufftotal;
+     crop_buff = seg_buffs[0].buffer; 
+     if (!crop_buff)
+-      crop_buff = (unsigned char *)limitMalloc(cropsize);
++      crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+     else
+       {
+       prev_cropsize = seg_buffs[0].size;
+       if (prev_cropsize < cropsize)
+         {
+-        next_buff = _TIFFrealloc(crop_buff, cropsize);
++        next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+         if (! next_buff)
+           {
+           _TIFFfree (crop_buff);
+-          crop_buff = (unsigned char *)limitMalloc(cropsize);
++          crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+           }
+         else
+           crop_buff = next_buff;
+@@ -7634,7 +7658,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+       return (-1);
+       }
+  
+-    _TIFFmemset(crop_buff, 0, cropsize);
++    _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+     seg_buffs[0].buffer = crop_buff;
+     seg_buffs[0].size = cropsize;
+ 
+@@ -7714,17 +7738,17 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+         cropsize = crop->bufftotal;
+       crop_buff = seg_buffs[i].buffer; 
+       if (!crop_buff)
+-        crop_buff = (unsigned char *)limitMalloc(cropsize);
++        crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+       else
+         {
+         prev_cropsize = seg_buffs[0].size;
+         if (prev_cropsize < cropsize)
+           {
+-          next_buff = _TIFFrealloc(crop_buff, cropsize);
++          next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+           if (! next_buff)
+             {
+             _TIFFfree (crop_buff);
+-            crop_buff = (unsigned char *)limitMalloc(cropsize);
++            crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+             }
+           else
+             crop_buff = next_buff;
+@@ -7737,7 +7761,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+         return (-1);
+         }
+  
+-      _TIFFmemset(crop_buff, 0, cropsize);
++      _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+       seg_buffs[i].buffer = crop_buff;
+       seg_buffs[i].size = cropsize;
+ 
+@@ -7853,24 +7877,24 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+   crop_buff = *crop_buff_ptr;
+   if (!crop_buff)
+     {
+-    crop_buff = (unsigned char *)limitMalloc(cropsize);
++    crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+     if (!crop_buff)
+     {
+         TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+         return (-1);
+     }
+-    _TIFFmemset(crop_buff, 0, cropsize);
++    _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+     prev_cropsize = cropsize;
+     }
+   else
+     {
+     if (prev_cropsize < cropsize)
+       {
+-      new_buff = _TIFFrealloc(crop_buff, cropsize);
++      new_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+       if (!new_buff)
+         {
+ 	free (crop_buff);
+-        crop_buff = (unsigned char *)limitMalloc(cropsize);
++        crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+         }
+       else
+         crop_buff = new_buff;
+@@ -7879,7 +7903,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+           TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+           return (-1);
+       }
+-      _TIFFmemset(crop_buff, 0, cropsize);
++      _TIFFmemset(crop_buff, 0, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+       }
+     }
+ 
+@@ -8177,13 +8201,13 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image,
+      if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) {
+        TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks);
+        if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) {
+-	 int inknameslen = strlen(inknames) + 1;
++	 int inknameslen = (int)strlen(inknames) + 1;
+ 	 const char* cp = inknames;
+ 	 while (ninks > 1) {
+ 	   cp = strchr(cp, '\0');
+ 	   if (cp) {
+ 	     cp++;
+-	     inknameslen += (strlen(cp) + 1);
++	     inknameslen += ((int)strlen(cp) + 1);
+ 	   }
+ 	   ninks--;
+          }
+@@ -8568,13 +8592,13 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+         }
+       else /* If we have a full buffer's worth, write it out */
+         {
+-        bytebuff1 = (buff2 >> 56);
++        bytebuff1 = (uint8_t)(buff2 >> 56);
+         *dst++ = bytebuff1;
+-        bytebuff2 = (buff2 >> 48);
++        bytebuff2 = (uint8_t)(buff2 >> 48);
+         *dst++ = bytebuff2;
+-        bytebuff3 = (buff2 >> 40);
++        bytebuff3 = (uint8_t)(buff2 >> 40);
+         *dst++ = bytebuff3;
+-        bytebuff4 = (buff2 >> 32);
++        bytebuff4 = (uint8_t)(buff2 >> 32);
+         *dst++ = bytebuff4;
+         ready_bits -= 32;
+                     
+@@ -8643,12 +8667,13 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+               return (-1);
+     }
+ 
+-  if (!(rbuff = (unsigned char *)limitMalloc(buffsize)))
++  /* Add 3 padding bytes for extractContigSamplesShifted32bits */
++  if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES)))
+     {
+-    TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize);
++    TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES);
+     return (-1);
+     }
+-  _TIFFmemset(rbuff, '\0', buffsize);
++  _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ 
+   ibuff = *ibuff_ptr;
+   switch (rotation)
+@@ -9176,13 +9201,13 @@ reverseSamples32bits (uint16_t spp, uint16_t bps, uint32_t width,
+         }
+       else /* If we have a full buffer's worth, write it out */
+         {
+-        bytebuff1 = (buff2 >> 56);
++        bytebuff1 = (uint8_t)(buff2 >> 56);
+         *dst++ = bytebuff1;
+-        bytebuff2 = (buff2 >> 48);
++        bytebuff2 = (uint8_t)(buff2 >> 48);
+         *dst++ = bytebuff2;
+-        bytebuff3 = (buff2 >> 40);
++        bytebuff3 = (uint8_t)(buff2 >> 40);
+         *dst++ = bytebuff3;
+-        bytebuff4 = (buff2 >> 32);
++        bytebuff4 = (uint8_t)(buff2 >> 32);
+         *dst++ = bytebuff4;
+         ready_bits -= 32;
+                     
+@@ -9273,12 +9298,13 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+     {
+     case MIRROR_BOTH:
+     case MIRROR_VERT: 
+-             line_buff = (unsigned char *)limitMalloc(rowsize);
++             line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES);
+              if (line_buff == NULL)
+                {
+-	       TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize);
++	       TIFFError ("mirrorImage", "Unable to allocate mirror line buffer of %1u bytes", rowsize + NUM_BUFF_OVERSIZE_BYTES);
+                return (-1);
+                }
++             _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+ 
+              dst = ibuff + (rowsize * (length - 1));
+              for (row = 0; row < length / 2; row++)
+@@ -9310,11 +9336,12 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+ 		}
+ 	      else
+                 { /* non 8 bit per sample  data */
+-                if (!(line_buff = (unsigned char *)limitMalloc(rowsize + 1)))
++                if (!(line_buff = (unsigned char *)limitMalloc(rowsize + NUM_BUFF_OVERSIZE_BYTES)))
+                   {
+                   TIFFError("mirrorImage", "Unable to allocate mirror line buffer");
+                   return (-1);
+                   }
++                _TIFFmemset(line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+                 bytes_per_sample = (bps + 7) / 8;
+                 bytes_per_pixel  = ((bps * spp) + 7) / 8;
+                 if (bytes_per_pixel < (bytes_per_sample + 1))
+@@ -9326,7 +9353,7 @@ mirrorImage(uint16_t spp, uint16_t bps, uint16_t mirror, uint32_t width, uint32_
+                   {
+ 		  row_offset = row * rowsize;
+                   src = ibuff + row_offset;
+-                  _TIFFmemset (line_buff, '\0', rowsize);
++                  _TIFFmemset (line_buff, '\0', rowsize + NUM_BUFF_OVERSIZE_BYTES);
+                   switch (shift_width)
+                     {
+                     case 1: if (reverseSamples16bits(spp, bps, width, src, line_buff))
+-- 
+2.34.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
index caf6f60479..29cb4111d6 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
@@ -12,6 +12,10 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
            file://CVE-2022-34526.patch \
            file://CVE-2022-2953.patch \
+           file://0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch \
+           file://0001-tiffcrop-S-option-Make-decision-simpler.patch \
+           file://0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch \
+           file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
            "
 
 SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed"
@@ -25,7 +29,6 @@ CVE_CHECK_IGNORE += "CVE-2015-7313"
 # These issues only affect libtiff post-4.3.0 but before 4.4.0,
 # caused by 3079627e and fixed by b4e79bfa.
 CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
-
 # Issue is in jbig which we don't enable
 CVE_CHECK_IGNORE += "CVE-2022-1210"
 

From patchwork Wed Nov  2 02:41:56 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14658
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 030D7C43219
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:42 +0000 (UTC)
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com
 [209.85.210.169])
 by mx.groups.io with SMTP id smtpd.web12.1984.1667356957406808644
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:37 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=PrY7e9e2;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f169.google.com with SMTP id d10so15190072pfh.6
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+puAHiis3abTN2Th8OEgTCfAsX4/wwR/5xxIW3+7YFQ=;
        b=PrY7e9e2JdDTXSbkiN0ToNcZO5iytvjd0xBD05GMRzsHCDganxzXl0B5DwareOeSL6
         yYt78HyuECmaIdQT0OFtbBNbYepgIhZ6dsbKj5twyu0JvE9p94OQQ8GJh7y4YXBsY38F
         i6c241FXgpX+olZnmfKDH/c+N5I9WFN5hMCHxqaszO7Smv6SGMMRq4lL9/8Z4r+LONOO
         ZSbVOYk7emopizmQEZS9Yy4G4aCKzq2dZRrH2Nj0lI+nNqJsu/LpGGT/312xHzowQo8D
         x67nD3eDnUd7ueSB7Jb7H9enbw5nqCNniJueD5TSmeSefFy0S7tw/X09Ku6Bfl5fnmC2
         Q7qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+puAHiis3abTN2Th8OEgTCfAsX4/wwR/5xxIW3+7YFQ=;
        b=v6fvX31rjgZ9rDYl7K/Ah9mm5S+ws7cr1gm6f69bo7yYtaLzV7HDpKELxURNQGah0Q
         +e9M3MJ121x0se7JSwPiGAE3rhm2dz7iWqbc5ygAWfskL8yLx1wrRiQeiH9AhG+Uw6/a
         HwYm8neDYkbWWSnhoLrXJB6l0w4tH7k9v9xmztnVDvjNhpO5mtrOwjAAUe6uatlkIAPe
         WJ4rj/GIfn/h84vGjAKvZ9wemX8rAecJ5EFSh6ExlfItLr14++WowfQRWHKyqxuZHVjx
         0GN9jqtWppsddope1qEjY8xFmRWfPUsIKl0tnE7ksP86SP5jt0wL6WPjQYhTmy5aLjMk
         I7uA==
X-Gm-Message-State: ACrzQf1rlPVQ09TqYepZ2Y5gJYEqEmhNTU6jbWls9OZVp8Id6rwWFVEP
	LIk1wimyqKFcpdZpVqLmGKJqjJYKZsVqMh2g
X-Google-Smtp-Source: 
 AMsMyM59VbID9Zv/A3J9yfVjxis9BXxH5GlgRlnKkM4LpT7Fe5vvbjXg7f2I3Sf5nSvKCmO1mUTW7w==
X-Received: by 2002:a63:6cc2:0:b0:46f:cec6:c9b2 with SMTP id
 h185-20020a636cc2000000b0046fcec6c9b2mr10291367pgc.167.1667356956410;
        Tue, 01 Nov 2022 19:42:36 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.35
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:36 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 06/20] tiff: fix a typo for CVE-2022-2953.patch
Date: Tue,  1 Nov 2022 16:41:56 -1000
Message-Id: 
 <3ef84008bf729f74f1244e8b57451cdeb3a9e262.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:42 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172546

From: "Qiu, Zheng" <Zheng.Qiu@windriver.com>

The CVE number in the patch is a typo. CVE-2022-2053 is not related to
libtiff. So fix it.

Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9f76ef859b0b4edb83ac098816b625f52c78173)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
index 98020ff92f..e673945fa3 100644
--- a/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
@@ -1,4 +1,4 @@
-CVE: CVE-2022-2053
+CVE: CVE-2022-2953
 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 

From patchwork Wed Nov  2 02:41:57 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14657
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5C5EC43217
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:41 +0000 (UTC)
Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com
 [209.85.215.171])
 by mx.groups.io with SMTP id smtpd.web10.1934.1667356959357194953
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:39 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=z8iLupH6;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f171.google.com with SMTP id r18so15034508pgr.12
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=M3tjcAl2eBdfXbmE22HnsrTowibB69AzjXBlWem/l3g=;
        b=z8iLupH6PpJCN64/ioDyN5Rfza3ERiLgul8xE84VdAK4JfkyugSL4+0xD9CN19+O1w
         JYe7jjE2/Dj4BM1AVc6q530Aex2w+h68AH5m1Gr6LCPFCrg9kLlpRzItW8n9VtFLqwAm
         lbo+H+nEBWpkY/jf4fXT/R0PFXJaaMTytnrecj0bv6hUUqZEzO7S8lP6ITI6LG+Nmy/J
         Cbg9qkwzpslnK0ywXVel4yHxoUT+2rR0a51UQKDh74m8Klper24zavl8EFZhlrzji2hp
         OnjTt8Y6hrLEf3NalsLRyOVm6gS4wMVXurWEmq0EmGqkUkl/uFGCQAWD5l353RaVLgdW
         Zo2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=M3tjcAl2eBdfXbmE22HnsrTowibB69AzjXBlWem/l3g=;
        b=toaI3RLQDJ1+72tZ+O+bdXHDtlqwgYHbGnVp3chKnm7Lyiqj6Z+wvK1kxbtLFJpWW2
         5i5YUZDJ6XyyIYrwbsyv+zZ9lseZj0zUJ9ZLQZgGtHNR/QoLje/lpsrkEk4M/afqIwY2
         A3o4kg8CsInJnJOWfgpugfO6lHAHxmKVAGsnm/DllU76NzCqZLzcwmrsk9OoFZPN5/fB
         ZrBHZGz7R4nWfRBWOQ2/Z7TlAes6uPcp2gI1V9rFQcXdMN1X9zk5ct+2LiTpBcbwV4uD
         mp/HeuAv4aySkQbFJ1IeP6+nKLE6vwjI5Ys+iBGA23tbhfwfxo3S4Fdizvo1FweQQ3Dv
         iZKQ==
X-Gm-Message-State: ACrzQf1PCIEwyURSMenNL5viLT1N+zVnnucWYh8+BTDkPwIn7bsJdRVN
	SppuDD0tsKIwxZQIANUwgBjjkLyheZ+6CjI0
X-Google-Smtp-Source: 
 AMsMyM5hbMcWg5gxbn1bPN5XyYzcp06+kxqQ5Ft0z62uGlgfqo1Jyqi7YpgMItIwWDzUKaVo1tV39w==
X-Received: by 2002:a63:7909:0:b0:458:1ba6:ec80 with SMTP id
 u9-20020a637909000000b004581ba6ec80mr19910858pgc.414.1667356958372;
        Tue, 01 Nov 2022 19:42:38 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.37
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:38 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 07/20] qemu: backport the fix for CVE-2022-3165
Date: Tue,  1 Nov 2022 16:41:57 -1000
Message-Id: 
 <d63c5b210b50a2c332a5c309298ec13b510cc7c8.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172547

From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d820389728b0f5e085954b4f995da2b2014acedf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2022-3165.patch             | 59 +++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 612abd240a..3908aa0c7c 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -29,6 +29,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch \
            file://0001-net-tulip-Restrict-DMA-engine-to-memories.patch \
            file://arm-cpreg-fix.patch \
+           file://CVE-2022-3165.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch b/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
new file mode 100644
index 0000000000..3b4a6694c2
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
@@ -0,0 +1,59 @@
+CVE: CVE-2022-3165
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From d307040b18bfcb1393b910f1bae753d5c12a4dc7 Mon Sep 17 00:00:00 2001
+From: Mauro Matteo Cascella <mcascell@redhat.com>
+Date: Sun, 25 Sep 2022 22:45:11 +0200
+Subject: [PATCH] ui/vnc-clipboard: fix integer underflow in
+ vnc_client_cut_text_ext
+
+Extended ClientCutText messages start with a 4-byte header. If len < 4,
+an integer underflow occurs in vnc_client_cut_text_ext. The result is
+used to decompress data in a while loop in inflate_buffer, leading to
+CPU consumption and denial of service. Prevent this by checking dlen in
+protocol_client_msg.
+
+Fixes: CVE-2022-3165
+Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support")
+Reported-by: TangPeng <tangpeng@qianxin.com>
+Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Message-Id: <20220925204511.1103214-1-mcascell@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ ui/vnc.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/ui/vnc.c b/ui/vnc.c
+index 6a05d06147..acb3629cd8 100644
+--- a/ui/vnc.c
++++ b/ui/vnc.c
+@@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+         if (len == 1) {
+             return 8;
+         }
++        uint32_t dlen = abs(read_s32(data, 4));
+         if (len == 8) {
+-            uint32_t dlen = abs(read_s32(data, 4));
+             if (dlen > (1 << 20)) {
+                 error_report("vnc: client_cut_text msg payload has %u bytes"
+                              " which exceeds our limit of 1MB.", dlen);
+@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+         }
+ 
+         if (read_s32(data, 4) < 0) {
+-            vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
+-                                    read_u32(data, 8), data + 12);
++            if (dlen < 4) {
++                error_report("vnc: malformed payload (header less than 4 bytes)"
++                             " in extended clipboard pseudo-encoding.");
++                vnc_client_error(vs);
++                break;
++            }
++            vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
+             break;
+         }
+         vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
+-- 
+GitLab
+

From patchwork Wed Nov  2 02:41:58 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14656
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5C30C4332F
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:41 +0000 (UTC)
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47])
 by mx.groups.io with SMTP id smtpd.web11.1937.1667356961201249011
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:41 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=ja0/BLRc;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.47,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f47.google.com with SMTP id
 r61-20020a17090a43c300b00212f4e9cccdso807951pjg.5
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=THWR40gPksit7VnOxfsZmX1tbnos+titt5ueJZ8IjHc=;
        b=ja0/BLRcccj/ZlnvNV1+ykYm0kygOYcmmtMpZrYwQ6Emb8aGHxGdhloeAG2w/RoPBo
         kiwOyQ7RCiRMeYZhqZ1rm0NBSQA/FkPyaaKm57PH2N+2o4Z5xcujFa2Wzp6vHSGC3XOW
         azqWrFgl3pgL/8iKnpuY4QtN5UdFDgWURCtKBdypQpSyJ6kikjBBHk6W5lEOsOn0Ds0n
         y9Oif9UvFvEAPvwaLUYIsJ0JGI2D8//rHIK4/+MTb927B9taOpxsPN/AA2+k/5DaDrrj
         EJamQsWBjbeuV6fKRKHZWDpBI+HEeqqP5lOKYe7wHYVRJ1YLXBkc4S83LzMN+xihYp/I
         2oUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=THWR40gPksit7VnOxfsZmX1tbnos+titt5ueJZ8IjHc=;
        b=T58PHV2AVbnvFqx9fNEDbjZM5VpsZp/SogkRRKDLrYXTEhb+HINBm6aItdsmfRJrYb
         U8ayja+bvBg7PTU+2sv6fWQjSCcmdUYnoQLJUn+ehXiEgtG1WPosjeFPwaa4vehalCAE
         7VyUHNnAGW9pMWT2wvQQeVgLvjO314h277ge65hKz3/JrMwSqLThQbGDITVosIa7cTTi
         DeBhe3TUOIALaBtw6tsgRVTUse7EryMoaUP7p5ddNgx6CEA/vvJOBiBbCDWwNE5WPdQz
         0lwT+M4Pgj9UJQ/duRQo0sN/Zd+t8fHrlVjodSwoTfLg5nF8qzTJSGB3WhCPGSGXA23B
         Z7Iw==
X-Gm-Message-State: ACrzQf3bgGCJSWgLA3avbkqAJfzpzttgOrGQyJpk96DWYJh/AZz+HaKF
	aPGp3qqplArVvQnHD5KbBvxAEIdH0h1JkOw1
X-Google-Smtp-Source: 
 AMsMyM7FrVywztSY+ZIS2N8/K9u9gVsNEeht0C35WPjMLmCi1nPxOjlNYhQXm5KAj2QBqXTvT5vAKw==
X-Received: by 2002:a17:902:a383:b0:187:34f6:439d with SMTP id
 x3-20020a170902a38300b0018734f6439dmr7360777pla.35.1667356960256;
        Tue, 01 Nov 2022 19:42:40 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.39
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:39 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 08/20] meson: make wrapper options sub-command
 specific
Date: Tue,  1 Nov 2022 16:41:58 -1000
Message-Id: 
 <4475250ee0d83cc90322f2fcd9ec8df7c05b6903.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172548

From: Liam Beguin <liambeguin@gmail.com>

The meson-wrapper adds setup options to facilitate cross-compilation.
The current options are exclusive to the setup sub-command and might
cause issues with other sub-commands.

Update the wrapper to make options sub-command specific.

Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7bcda141f2019862b4fb5d8dec7956cd8344b420)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../meson/meson/meson-wrapper                 | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-devtools/meson/meson/meson-wrapper b/meta/recipes-devtools/meson/meson/meson-wrapper
index c62007f507..fca64a5692 100755
--- a/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -5,7 +5,7 @@ if [ -z "$OECORE_NATIVE_SYSROOT" ]; then
 fi
 
 if [ -z "$SSL_CERT_DIR" ]; then
-    export SSL_CERT_DIR="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/"
+    export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/etc/ssl/certs/"
 fi
 
 # If these are set to a cross-compile path, meson will get confused and try to
@@ -13,7 +13,20 @@ fi
 # config is already in meson.cross.
 unset CC CXX CPP LD AR NM STRIP
 
+for arg in "$@"; do
+    case "$arg" in
+    -*) continue ;;
+    *) SUBCMD="$arg"; break ;;
+    esac
+done
+
+if [ "$SUBCMD" = "setup" ] || [ -d "$SUBCMD" ]; then
+    MESON_SUB_OPTS=" \
+        --cross-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/${TARGET_PREFIX}meson.cross" \
+        --native-file="$OECORE_NATIVE_SYSROOT/usr/share/meson/meson.native" \
+        "
+fi
+
 exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
-     --cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \
-     --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \
-     "$@"
+    "$@" \
+    $MESON_SUB_OPTS

From patchwork Wed Nov  2 02:41:59 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14662
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E4599C433FE
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:51 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web10.1935.1667356963204736946
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=qGuplRaN;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id l2so15280618pld.13
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1YCTkz77jmxscDl9bQmf/2qSgTO2PD4gWd6UmHpX9Bo=;
        b=qGuplRaNEPPVGhfHbUsuB8h+drb1yse0wDoyL85ZqVgNV5C/p+k8M5uqWL/XTemIZ1
         iUDYGpS1f4zUSaPgzUyZh53uaotizQGL7fdKWN5vcNSOtYN98UX0jL5rHHZ3NhFX1/0h
         8U9HNooEhGG4kNrp6q/t+SNhihZCtDHjLqwYYWAbRgc1Ghx7Yi8K0N+Wu+J/kW6YkD0j
         Av3XIm35qOht2gnsRWFOH4wa+a9Xa3khGwfE/USEkaPIsnEO0jQUmxchLaudq38z77ve
         7qqcfXT7sMpt95Vnqa0n7xF8Et/QwgIzuAeZEwb45vfePCpIqzhT/4cvw0UELOXC1yVM
         qGew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1YCTkz77jmxscDl9bQmf/2qSgTO2PD4gWd6UmHpX9Bo=;
        b=W5o18L4Nae7c4Bfdc3ZbWYIDr2ghc+EGtTKjSN9AJ3v3Bk/T7cb8YIYiB/wiGE0DKA
         TEc6XDbcLFZp/0ebY07/r57DOwYtRXykZgZv8qLIhNa9mt5KnENWCEcb/e+hRsGIUUgQ
         O983iXzdtqe3+sDTjRdhsyJWcbrzMasxl7FiddbIusF7IUeCyF9fSdD2i4vYLrlFh86l
         fLQgID3owxXlzyWs3j5tRGgEjN9Pn+kXeEJKNosKqF99FP5E4fmOLsMC+qLqabuzp8rD
         siWQMQ+F7YoC02nTJO/xt6dEFqplqs3Z9ndLskjVrEvILAhTnPz/DdOggJCQ/wYetGzq
         4O0A==
X-Gm-Message-State: ACrzQf11eM/GzA9cfSOIB41HRneTacwYQgzAvDiCfMFpv3rm0UQoeLtu
	QuOJwTmXWn5uUS0iQa7VAn0iD0EpERvB9B1j
X-Google-Smtp-Source: 
 AMsMyM6Jm2U6PsSi9NVaDKoo4p1YRVMtQltQrXXKGbWKy0eNN/4jGVyY/QreLRI1Se/yOAj/k8zdoA==
X-Received: by 2002:a17:90b:378a:b0:213:803d:3389 with SMTP id
 mz10-20020a17090b378a00b00213803d3389mr31701962pjb.115.1667356962180;
        Tue, 01 Nov 2022 19:42:42 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.41
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:41 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 09/20] meson: upgrade 0.63.2 -> 0.63.3
Date: Tue,  1 Nov 2022 16:41:59 -1000
Message-Id: 
 <fe33134efbe109b9f3bffa1b05fd6fed8860129c.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172549

From: wangmy <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 3c87597dcde7676858f76c1066cd87195ecc8aef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../recipes-devtools/meson/{meson_0.63.2.bb => meson_0.63.3.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/meson/{meson_0.63.2.bb => meson_0.63.3.bb} (98%)

diff --git a/meta/recipes-devtools/meson/meson_0.63.2.bb b/meta/recipes-devtools/meson/meson_0.63.3.bb
similarity index 98%
rename from meta/recipes-devtools/meson/meson_0.63.2.bb
rename to meta/recipes-devtools/meson/meson_0.63.3.bb
index 890faacec9..9267077422 100644
--- a/meta/recipes-devtools/meson/meson_0.63.2.bb
+++ b/meta/recipes-devtools/meson/meson_0.63.3.bb
@@ -18,7 +18,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/meson-${PV}.tar.gz \
            file://0001-is_debianlike-always-return-False.patch \
            file://0001-Check-for-clang-before-guessing-gcc-or-lcc.patch \
            "
-SRC_URI[sha256sum] = "16222f17ef76be0542c91c07994f9676ae879f46fc21c0c786a21ef2cb518bbf"
+SRC_URI[sha256sum] = "519c0932e1a8b208741f0fdce90aa5c0b528dd297cf337009bf63539846ac056"
 
 inherit python_setuptools_build_meta github-releases
 

From patchwork Wed Nov  2 02:42:00 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14663
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EE60CC4167D
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:51 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web08.2026.1667356965085316886
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:45 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=tMHj43iV;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.48,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f48.google.com with SMTP id o7so11760705pjj.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YbVhGprp3khcAl8xOfjZy6Nq/4dGS+7fASFCF1ggR0Y=;
        b=tMHj43iVyVfgh5EHHzjqe8Z3iXxn78KCLhPzAE4HVfzxNYSdyQi4Sm+d8FKJNwCV/7
         FnxGb/AuzUylYdC+d0ayy5Wv8wnWI0fWlgUuUIzZbKBfVmwkf9nJyZyy2vVYf60Vgmni
         YCSlvglMXXJJzb21+FEmEpCJY6n/OXufepm63oVVYlG/p5TWbeuuk5Ae34WE7DZwhWyO
         6DounOtC8eLHuMtv+xEjDyH1i6CdMr/jQiecJGkO5OFv4gCzvK5rgZsWlO6dD3XMh2so
         W36cK+xWJEZ643v1WVFb+gW4Hpyzyj+fvtXCKwwUnrnk1cWVlQFIlO7Nw5hMcO1kVVoN
         cLIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YbVhGprp3khcAl8xOfjZy6Nq/4dGS+7fASFCF1ggR0Y=;
        b=PZnFL8HfUgGZTIkKp487Dw/XNqaeI08xzU93UWjSGaYEaFK3uBLVB6sA2/3QePIMtG
         R7ZhxpU/phAVGgyXUJUR1BtZ9ajB61jTJSl2Usy+7iDhoi/ClzzN2GizMhhc6mAI7ees
         9vctlhyk7kOuo9HulVX/Std60V7kDiZFTO6Z0uSrk9RLfIcJ07a8mSZTvQVuXI1JIQvX
         Hh49tah4409SA+IFTzafQ5lIcaWJxjlAW/r3jgJSXTYRMsO/35LDFXItbGbH0tUVq+CZ
         Ky0W0LoqoXO4hMjwdEINvHodgPJNUPxGBOZqbQ/NXk+JN2xSZjIpP0xYkEmAxgpM+bc+
         b6MQ==
X-Gm-Message-State: ACrzQf2XsaQ8CBjU/coXWGAjlIFCIUDcwikW+s5mmj17Mx1SzZ8k+B+o
	Ml4hcJJR0IBkqAF4JJQIbfNjzVnxy2oSQGPN
X-Google-Smtp-Source: 
 AMsMyM4kqaxTJ3s4Ut9T23FAG1yaG4Egfhx/h28QBjAi8CJ6DXz1eYeQDVI8iOQbe+h0Lans5wUXFA==
X-Received: by 2002:a17:90b:384a:b0:213:2907:a528 with SMTP id
 nl10-20020a17090b384a00b002132907a528mr22863445pjb.183.1667356964198;
        Tue, 01 Nov 2022 19:42:44 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.43
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:43 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 10/20] vim: Upgrade 9.0.0598 -> 9.0.0614
Date: Tue,  1 Nov 2022 16:42:00 -1000
Message-Id: 
 <9067e3a24bc5558af6a41f2c5e6f16c37116e3ed.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172550

From: Teoh Jay Shen <jay.shen.teoh@intel.com>

Include fixes for CVE-2022-3352.

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 8aa707f80ae1cfe89d5e20ec1f1632a65149aed4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index cbc370100b..0710f6afbf 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".0598"
-SRCREV = "8279af514ca7e5fd3c31cf13b0864163d1a0bfeb"
+PV .= ".0614"
+SRCREV = "ef976323e770315b5fca544efb6b2faa25674d15"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"

From patchwork Wed Nov  2 02:42:01 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14661
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EE353C4321E
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:51 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web12.1988.1667356966975856675
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:47 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=bkWtj+tG;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id k7so5579916pll.6
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=nfodmCDe27U4k8DxfaT3MqazMJY+VdkQNoVywdmeQvM=;
        b=bkWtj+tGa4sf0QMsV5Gv7t/jwq5h6GfYag3OEdy9snHDImSPRIac/WkdcFbVFeIxuJ
         CjsvhXztHiYRDDpnRDjmWlB3RbJxofNl/yo/9CNm7rLwIYTBojaLW1DuToC/guUiWqRG
         +gqrPl+x1AS63coE90nB6ePOAm3rz679YficFYrgK5gwtXRRLJp5u+vK0tEFuY4o/UeW
         W26W0ULvjHOM/kwotVq56JIP2pMBndUuOdeIsvaQC2NRSDzabKCq+PoRRyd5528kd7mk
         D2bZqBQzkJUAHw2Yb8DApTWOY3BvySq+W0fqrkdW1bZcdsozn7e5l3CUz5k4D0nIpvgN
         aEog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=nfodmCDe27U4k8DxfaT3MqazMJY+VdkQNoVywdmeQvM=;
        b=4CLyNELMnW9F/VuXoinvK4suYCIx/O9tLOE94Fl3FNPwcGLuBXsCLDlniGiwZzG1YI
         ZIaynBVu7p+koZT2WkyKNywvI/iFgHeRYvL5UvpWP5SMj2MyvP1j6B6qeLHTcy4tdpcG
         bgaeiYH5/9wta1CVhaa+74TwVHekkgYXKDxI/v6ww39QPviD0f4+OILYff4bEOQtAbin
         bxQX0JeEUsnpN+6Lqffylgh82Mi4EVKm5ZVlFhDlOuKHJl07ZJoqMd064NimoX/t66qn
         ax+Adhk4y5A3hmUpl40uWxHiXHvwCtcOzI9naKWqRlyz2FV9nhAydoAIDvIgqHVfB/kW
         kq8A==
X-Gm-Message-State: ACrzQf1SxiF68VsGoXhkbc/mKtRhwNJLlnYVTtiTaBF0fYp3V41PiOq4
	oiVElbk1P08sed1T/m+wNXf4MBwpibIY3FVD
X-Google-Smtp-Source: 
 AMsMyM7XCjpQYRDQPYUZHXr+081nrUNbOyGP9JVtctvCibSnxnOLAebquOeV8yC0OmJkEzilMTQbkg==
X-Received: by 2002:a17:902:ec8e:b0:187:1c64:7c32 with SMTP id
 x14-20020a170902ec8e00b001871c647c32mr14869972plg.24.1667356966077;
        Tue, 01 Nov 2022 19:42:46 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.45
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:45 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 11/20] pango: upgrade 1.50.9 -> 1.50.10
Date: Tue,  1 Nov 2022 16:42:01 -1000
Message-Id: 
 <78dc0bf6384349c23a54f59d89988ad242125581.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172551

From: Ross Burton <ross.burton@arm.com>

Overview of changes in 1.50.10, 16-09-2022
=========================================
- Avoid some unnecessary strdups
- Fix line height computations with a non-trivial CTM

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 884ce27b9cee231e093fe53192d04133c437404e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../pango/{pango_1.50.9.bb => pango_1.50.10.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/pango/{pango_1.50.9.bb => pango_1.50.10.bb} (94%)

diff --git a/meta/recipes-graphics/pango/pango_1.50.9.bb b/meta/recipes-graphics/pango/pango_1.50.10.bb
similarity index 94%
rename from meta/recipes-graphics/pango/pango_1.50.9.bb
rename to meta/recipes-graphics/pango/pango_1.50.10.bb
index 03e2ca6721..95209889a8 100644
--- a/meta/recipes-graphics/pango/pango_1.50.9.bb
+++ b/meta/recipes-graphics/pango/pango_1.50.10.bb
@@ -24,7 +24,7 @@ SRC_URI += "file://run-ptest \
             file://0001-Skip-running-test-layout-test.patch \
 "
 
-SRC_URI[archive.sha256sum] = "1b636aabf905130d806372136f5e137b6a27f26d47defd9240bf444f6a4fe610"
+SRC_URI[archive.sha256sum] = "7e5d2f1e40854d24a9a2c4d093bafe75dcdbeccdf1de43e4437332eabed64966"
 
 DEPENDS = "glib-2.0 glib-2.0-native fontconfig freetype virtual/libiconv cairo harfbuzz fribidi"
 

From patchwork Wed Nov  2 02:42:02 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14664
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E460AC43219
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:51 +0000 (UTC)
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
 by mx.groups.io with SMTP id smtpd.web12.1989.1667356969097259721
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:49 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=TG7g3hMt;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f171.google.com with SMTP id g24so15305409plq.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=AxZLV9VSvYu9p6eXvRzdb0gBwUixM4Wi1T2Q35/vgEY=;
        b=TG7g3hMt+UCRCBD5qj3XDygdmOKB2h4GWbm8gyaoGRbPtX5z27d/5e2WeEE20PzJ5y
         9GGzJhIoerCkgszJ3MrvF5jnesNX5GPoq0VpAdXl56AZNskNgWvbp9tM7O1WwIFNTCcb
         1OwWUxtUE6akqB0x83jDA30HMB8G1r7YH10r54iOThTutAa53jPjypLJBfwxV4OCVeoq
         vKrBX6mAKMHpKz7MxAKsflTLm0FT3g6Yrp3NzDg6s+rtzBtlyUjCbmS+nKpn1osjCXGc
         INNbSrytOP/T3DoZ9/V/JcUS681PWGTF26HEgEUgNMv7QQVXEgOjOJ3aIHHGNg/CoNXf
         OiBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=AxZLV9VSvYu9p6eXvRzdb0gBwUixM4Wi1T2Q35/vgEY=;
        b=vqBDYAWUMtTffRR6FeOYxAuxtjG7qC6KptI5eBFGW18MaSl1wEsAI4U4DOXJlhc1DV
         gMEDVXu4biq7+qoQ2evOK23dOute8VRlfrCGEq0p5eS2Jpokmm0v4gLkX7NrNRt+U6py
         4SYCs1nIWlVZcTH56fxp7OHllY2KLzpQVOS+Cydvr5zK9gOKXbaxoIwZTyahTbJP8/zX
         VM1jNvnVsh156XjuX9mCnFGD74qGnY8A7WQCoAFu8QNUKDh7Jl6+oZszOYnCP0LpiUMC
         GQJ/tplvtCa2XVSPqpje/c/f/4Kw0xZvV5oYGfcTGabLzG1q5grLb4D7xqhrYY8vRI6w
         GEHg==
X-Gm-Message-State: ACrzQf32ciH7Xiys+su2XK7Um0AW71IfICDyP6N1P66BIXBGF3nl5l1P
	T40tZBUGNavMWAYvIGfHuXjrzMujhzU7oZjs
X-Google-Smtp-Source: 
 AMsMyM5lA0eo39jYi9n41PanPTJCH10owZTzsBOd0Se35355YVVTvM/pRIBIFP583A6RImPK3CKrbw==
X-Received: by 2002:a17:902:a611:b0:186:9ba2:148b with SMTP id
 u17-20020a170902a61100b001869ba2148bmr22509316plq.164.1667356968051;
        Tue, 01 Nov 2022 19:42:48 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.47
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:47 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 12/20] mtools: upgrade 4.0.40 -> 4.0.41
Date: Tue,  1 Nov 2022 16:42:02 -1000
Message-Id: 
 <9ac0de44f11123876a92f7d7819d5ff2c20475b7.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172552

From: wangmy <wangmy@fujitsu.com>

disable-hardcoded-configs.patch
refreshed for new version

Changelo:
=========
- Made it possible again to have FAT32 filesystems with less
  than 0xfff5 clusters
- Make FAT32 entries 0 and 1 match what windows 10 does
- Misc source code and configure script cleanup

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b19127f0cd0e10c7180c138284b38c97fa9db7af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../mtools/mtools/disable-hardcoded-configs.patch           | 6 +++---
 .../mtools/{mtools_4.0.40.bb => mtools_4.0.41.bb}           | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/mtools/{mtools_4.0.40.bb => mtools_4.0.41.bb} (93%)

diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
index 8f46174a5b..2d42fa531a 100644
--- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
+++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
@@ -1,4 +1,4 @@
-From 3a05dc2c0acff1713dd44cef5e9f328f0706eb3e Mon Sep 17 00:00:00 2001
+From c496cad7b7a84e599f521f289648373df9fad80f Mon Sep 17 00:00:00 2001
 From: Ed Bartosh <ed.bartosh@linux.intel.com>
 Date: Tue, 13 Jun 2017 14:55:52 +0300
 Subject: [PATCH] Disabled reading host configs.
@@ -12,10 +12,10 @@ Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
  1 file changed, 8 deletions(-)
 
 diff --git a/config.c b/config.c
-index 630f99d..07dbf53 100644
+index 8c5fa83..346048b 100644
 --- a/config.c
 +++ b/config.c
-@@ -834,14 +834,6 @@ void read_config(void)
+@@ -843,14 +843,6 @@ void read_config(void)
  	memcpy(devices, const_devices,
  	       nr_const_devices*sizeof(struct device));
  
diff --git a/meta/recipes-devtools/mtools/mtools_4.0.40.bb b/meta/recipes-devtools/mtools/mtools_4.0.41.bb
similarity index 93%
rename from meta/recipes-devtools/mtools/mtools_4.0.40.bb
rename to meta/recipes-devtools/mtools/mtools_4.0.41.bb
index 200c7c7681..29e7427a10 100644
--- a/meta/recipes-devtools/mtools/mtools_4.0.40.bb
+++ b/meta/recipes-devtools/mtools/mtools_4.0.41.bb
@@ -24,7 +24,7 @@ RRECOMMENDS:${PN}:libc-glibc = "\
 	glibc-gconv-ibm866 \
 	glibc-gconv-ibm869 \
 	"
-SRC_URI[sha256sum] = "a22fca42354011dd2293a7f51f228b46ebbd802e7740b0975912afecb79d5df4"
+SRC_URI[sha256sum] = "2542152264fb3eff7ed70662abf4f4eef8133bc37d0b7a686c240df2b5f80a13"
 
 SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \
            file://mtools-makeinfo.patch \

From patchwork Wed Nov  2 02:42:03 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14665
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5FD4C43217
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:42:51 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web10.1935.1667356963204736946
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:50 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=ysDoh4mS;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id l2so15280842pld.13
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lf13shiaQrIvm8Ni270Z+NpDcH7sahBD0yOJlbVK5eQ=;
        b=ysDoh4mSOcJ7R5HuhdevmvaCGNIrTLbr70Kml+zIPVMeUFyf07bv5LqGgUvTBacuYi
         jBTY1eom50RDL3XUwDKc8zkKeqoJS24ackBBB6i5eWDhDjfB9ElSI6HtGaKf7C5IwxYg
         nde5ZFy/4kbER7a4/91SQk86iRcMLeHfEW4CgcIuCxuIBrgDC5NG0bHXIk2sbhOIBvGJ
         wC+ffZE7Ph1AoSHlkDPArBvVWKzag7Sf/kxX7/spb4ojByyjDpMsIn3JDIvTmPdmUcZL
         X94XrKvzCu2H2j9GWi2JK7HXc/laJcRn2bLIfOUbZOv07e+h/GHci577qTRa2bk0s9WX
         +MvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lf13shiaQrIvm8Ni270Z+NpDcH7sahBD0yOJlbVK5eQ=;
        b=nP4ypd3s+TFBaEXGdFCCs9gYsl0tOtklbn0jpsJKSgG+rtdpFyP+H1p2fss0+tc6qm
         eWPmsb/qT+7L0VwI42A+8Mnim5qtQtPqYOMAlWUevRFmH5LlhZluzCdyn1c8UONZGZX/
         EEvA++3oPjOtaOaLskh5peF7jqDCtj7Sjtqlb6UFklwtdSr3rHDv3gNRz2wdU4lbrwNx
         oOYjAKbEFWRPokZbh0IqVPUDqtzm/3hDjrz41LLS+cwZIgbAzYOuUWsGJQqTVyZE+rfW
         Ej7OYdDhHnWtZAKbONaKfuleEkuMmWjGrbPRpSi1J8Wb+OYm8d7DkdI33vu4L+FMMsgz
         Bk0A==
X-Gm-Message-State: ACrzQf2d8JxvjfUU9CFfZ7hXlW1EdTZ6RemoJFilJBYVfwbxFaDlAeIa
	CiOkG2gKeYCd+cPi5NQPgYdtWljHWDWn1DRg
X-Google-Smtp-Source: 
 AMsMyM7K3npWB69HadUkELtq1RlpeSG8zapXIgvyUi8Jti20nrblyaHLu4FJm2ySHxtUkoWW/qLOwg==
X-Received: by 2002:a17:903:245:b0:178:e0ba:e507 with SMTP id
 j5-20020a170903024500b00178e0bae507mr23333100plh.115.1667356970013;
        Tue, 01 Nov 2022 19:42:50 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.49
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:49 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 13/20] ifupdown: upgrade 0.8.37 -> 0.8.39
Date: Tue,  1 Nov 2022 16:42:03 -1000
Message-Id: 
 <342fb3183fd1910b76c2bed242bf8b2ea179d217.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:42:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172553

From: wangmy <wangmy@fujitsu.com>

ifupdown (0.8.38)
  * Remove dependency on lsb-base (Closes: #1020604)
  * Remove pump support (no longer in Debian archive)
  * Fix error message when turning down VLAN interfaces. Thanks to Aleksandr
    Muravjov (Closes: #1007889)
  * Ship Ubuntu's integration scripts for systemd-resolved. Thanks to Luca
    Boccassi (Closes: #1016798)
  * Add rfkill support. Thanks to Sebastian Reichel <email address hidden>
    (Closes: #645559)

ifupdown (0.8.39)
  * Add execution permission on resolved scripts. Thanks to Vincent Lefèvre
    (Closes: #1021259)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f0462e3336c7134aeeb2684692732c187971b330)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ifupdown/{ifupdown_0.8.37.bb => ifupdown_0.8.39.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/ifupdown/{ifupdown_0.8.37.bb => ifupdown_0.8.39.bb} (97%)

diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
similarity index 97%
rename from meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
rename to meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
index 57d4152a39..7096bc94d7 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.37.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.39.bb
@@ -16,7 +16,7 @@ SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=mast
            file://0001-ifupdown-skip-wrong-test-case.patch \
            ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \
            "
-SRCREV = "2b4138f36ce3ba37186aa01b502273e0c39ab518"
+SRCREV = "be91dd267b4a8db502a6bbf5758563f7048b8078"
 
 S = "${WORKDIR}/git"
 

From patchwork Wed Nov  2 02:42:04 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14667
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EB285C43217
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:01 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web12.1982.1667356951013526101
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:52 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=TQ/G/9AK;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f182.google.com with SMTP id v17so12280586plo.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PldM+O25GLhwbwunL7t6Hzh5tblSi6nTeCn47LQrhfU=;
        b=TQ/G/9AKbOk27LKIr+2xAcRzMLywh3dnh6T1urFqVM9T6owRC2/uQZ1k6fmo3OO96G
         JzRaY+liR27sw7m7qG4Xb23EAOxWnn0M2929RsuO0DapuyAevnc6EuhTUYY3ow72JvYT
         Hii2obada/mJlHPYBonoGkXHAD9G+x91Xx8pteu7DYH3U9mnmZl+CALWd4zD46P/VLzj
         SQqdzPF27ac6yhd7NYDeW3YUXo8+AEUIaAQe1al95kIRXXOZ37oY3op415+rRxFdRcF3
         Bl5U4KuB1swnCcBbcHGN2l5NDyIiT6sK4MFyP++bdCSp4JVv02vG9jWR1S2UmHGKy3Kl
         QykQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PldM+O25GLhwbwunL7t6Hzh5tblSi6nTeCn47LQrhfU=;
        b=EV1vaevNcFlCkjCovz8Bo91ecMJHvitVCZkNKuDhMsnov+GGY9yQLW8CrN1o7jupMJ
         suxqeYpJoQquXnwtbkKqYWmMSxUarcANFDNbVcecoeVgl9KW3gNsLeNtCePwb0anTvti
         p28xig6sRmEpBPrAO8Q7cwvTjnXNVNzkFslJU+Fm6Kds0+x1YElqsqOoc0CEUaCRWC36
         iYM3uNIS10AA215hzKl1cgnM92Po48DoYvv6ixT6zLmwCHPChKyNG+NXedeH9JRn781Y
         mSHJX8NXfyH8zCejI2Yy8I2x3trnbo04TPJaIGyjb8MoOsVFUsmMlQkTTvEkpoZudqJK
         kC9w==
X-Gm-Message-State: ACrzQf06+79vsRaZepS5l71K4iJrT3/fVeg9hW77AM/SU3PN83wOd028
	CZ1iflrQOjyeC+XOSHcbx4dOGrS1ZOtuGLE3
X-Google-Smtp-Source: 
 AMsMyM7LG3q9fNaWGNDrxM9ZWuT31OcKyBBDKGSPA/tzMDQEVsZeUIiQz/6JnI5jyb63W4BKW/Rp8Q==
X-Received: by 2002:a17:903:289:b0:186:a8a8:e99a with SMTP id
 j9-20020a170903028900b00186a8a8e99amr22151117plr.104.1667356972068;
        Tue, 01 Nov 2022 19:42:52 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.51
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:51 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 14/20] mesa: only apply patch to fix ALWAYS_INLINE
 for native
Date: Tue,  1 Nov 2022 16:42:04 -1000
Message-Id: 
 <f6fb2da56ef1f35b536ebf62a03e10bba59d8276.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172554

From: Kai Kang <kai.kang@windriver.com>

0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch is not
needed by target mesa any more. But it still fails to compile
mesa-native without this patch when DEBUG_BUILD is enabled on Ubuntu
18.04 with gcc 7.5.0:

| ../mesa-22.1.6/src/compiler/nir/nir_inline_helpers.h: In function ‘nir_opt_move_block’:
| ../mesa-22.1.6/src/compiler/nir/nir_opt_move.c:55:1: error: inlining failed in call to
    always_inline ‘src_is_ssa’: indirect function call with a yet undetermined callee
|  src_is_ssa(nir_src *src, void *state)
|  ^~~~~~~~~~

So only apply it for mesa-native.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c6a6d0c2680799683d58968c2558a224f27caaa2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-graphics/mesa/mesa.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc
index 8a74e0a80a..c94e439363 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -19,9 +19,11 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
            file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
            file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \
            file://0001-util-format-Check-for-NEON-before-using-it.patch \
-           file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch \
            "
 
+# required by mesa-native on Ubuntu 18.04 with gcc 7.5 when DEBUG_BUILD enabled
+SRC_URI:append:class-native = " file://0001-nir-nir_opt_move-fix-ALWAYS_INLINE-compiler-error.patch"
+
 SRC_URI[sha256sum] = "b1f9c8fd08f2cae3adf83355bef4d2398e8025f44947332880f2d0066bdafa8c"
 
 UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"

From patchwork Wed Nov  2 02:42:05 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14668
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F20EFC43219
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:01 +0000 (UTC)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com
 [209.85.216.42])
 by mx.groups.io with SMTP id smtpd.web08.2027.1667356974736462343
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:54 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=V7Ljszel;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.42,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f42.google.com with SMTP id gw22so2027419pjb.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Yl66SfF/cusOOkVDLRMtzjsJYtFh0mbZVVr2mJE2QZo=;
        b=V7LjszeliW0m3183d8w7vVBdXOq+atO6k1W1N7gOVZ0tikunMScZQVdwi53i17oKtx
         U9QZ70MarO7/9feaGXIbWkSyBPYF0/bgo93ZkA3DiDezOh6iKVCt8dxhl/1ou6A7PEzO
         Z4UH6T0d0mZ1g7jubODVZ5e+BvO+cR+Rva3ClfB+jNjqfc4WZsUrJ3d3JGV2vJl9+aN9
         qpczaCicpH0WpCllxLwdWHvNztWGPQGgLf3EOBOKtNiyqa+4EsSRHk6HgV0MJH5BCKpu
         lG2cJoYZpn5nhMgjtagYvF3Cudo4Yexmqry6Z9YzFcngzaUWWgZCZ0paMO0lZCsQcaeq
         pyig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Yl66SfF/cusOOkVDLRMtzjsJYtFh0mbZVVr2mJE2QZo=;
        b=VecjBMapUcaFF0XJaHGcdgrdEqUoK4dUYzsNCij1p0U2ttfLOPTQknONkiZ7tmjwB8
         iYWO2tLLYRR9VBNvQxZa5HBo9lLROtTG/3rvOPGKmxR9FK8p4D3Gdhx+YQiVmBImcbzJ
         brLGtJxPMq3x2Ln/OymvPNJ8kjp5/xzIMrwYYgbCuwqDSBRTVNvl5yiHIA266PHIpUkR
         kN/+/EKkttuzPIn1AxWQTt74OyQBc+Dg+pQfHwxakskLvbPrlPj4Gsv/WiaLGHthE1lV
         LWZMjlcBoY7BwejM+ebS60MDAM2Uwq5MC51EIi6vD3cedYVyxduNQHTUlF42VviJG4Bv
         sNlw==
X-Gm-Message-State: ACrzQf0Y1/lYyri9qobIe8rrjzkJh7oLlz7bDGx8rYGQYXm0rDhJ4Zkd
	R6s1bs0HWpqHKEdwuBr/CJcauVNuLZS5EWqh
X-Google-Smtp-Source: 
 AMsMyM46G2kBI3ksObxId8M5JfeZeYOYVib9AX9WbwEyfCNlSpyJ9VRRVF9UvX6Xy1yzGzVY09ZNeg==
X-Received: by 2002:a17:90a:728d:b0:213:dfd6:3e5f with SMTP id
 e13-20020a17090a728d00b00213dfd63e5fmr14362283pjg.146.1667356973887;
        Tue, 01 Nov 2022 19:42:53 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.52
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:53 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 15/20] buildtools-tarball: export certificates to
 python and curl
Date: Tue,  1 Nov 2022 16:42:05 -1000
Message-Id: 
 <facafa0f76af9cbf80f862497b66c18b3fbfa60b.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172555

From: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>

The custom path of the ca-certificates.crt within the buildtools-tarball requires more
environment variables to be exported. Namely REQUESTS_CA_BUNDLE for the python requests library
and CURL_CA_BUNDLE for curl.

Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5c249db9de8ad8cfe0996ff4fee4c575a5ff1e34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/buildtools-tarball.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index 6b59e4934d..de399173ba 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -72,6 +72,8 @@ create_sdk_files:append () {
 	if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
 		echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
 		echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+		echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+		echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
 	fi
 
 	toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}

From patchwork Wed Nov  2 02:42:06 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14669
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EB534C4321E
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:01 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.1938.1667356976762702019
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:56 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=tEC6/SeH;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id y203so1055039pfb.4
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YAVsOcaLD1JJEF4SQtdHT41TlloAWbrFQ36Q2wzO7zE=;
        b=tEC6/SeH8mBo3qf+KaPh3BKdi7vncZxor/x6YZjRKe29VnrImpOF85P+capWwQnsex
         WVAy4BmN/KvGkdQ/wRuLxFkZDw83s/uZ1+Xgf+QXnkY4m0M/kr9au5aEhEswTMf8FULh
         j1lsaS2y/JbN4xdThzXsDiufGxel6Ig+4gCkKqzSA4ThyWXHZSeSZ6s46zIvr9AVHux1
         H5tXc3Ky7LBp0rRCoW1WDdEPz+VHzvW1XG+zTbYgSgaTEbsBSop8uLDiXLLuxQjFjgIU
         BbYA35wxd39Q09M+Zvlmfz7jMjDhXnir4izY4Bg6iNi//X3aK9lwSivNN9POUNoS73R7
         VaWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YAVsOcaLD1JJEF4SQtdHT41TlloAWbrFQ36Q2wzO7zE=;
        b=Ut0WQRz68BuUr1qViswzfdP/LF5Qmd9K4xIYBKYwaRiQAK4q2ePtYiKO2thY1zerLO
         2+jhA5QdwW+azpwf9ZTsBLaBa8UyBuNwGTPykVH+gIlgyPSe2ixpyE2ng41NSBXvRDUm
         F69/NsgXc5kL56klVZ+ZKeG5hfNsvx5ueBA90FYbvg8kadg0Bl4Y7vtYktmDZztW/wmH
         2e9f6eAruJS+fQqR8/5bYoZsOP4YoSkVVNBNxSRmr80sRibgTafWXd21rvLhE8ZnJhqb
         siYrkoKV0HgJeTiN8sbff5txDRGk9pEuIMBFxW77OuNBsCO0DqjMaI3pU1CmEmPthcWp
         y5gw==
X-Gm-Message-State: ACrzQf20GAPGoyjc/StM35KWSVpBE6WkzEDv+ahQThomDJLV/b8YRlID
	uFWU+P+eY/lPQx8ToqBTFiro/oelYXTok5kk
X-Google-Smtp-Source: 
 AMsMyM7rv9C7WPvp03PR+VPVOyJ4WoqYkWPZZc9mBgwn91cYD1wMSZa6ShKBqdFrrw2FrOaIBLIdPg==
X-Received: by 2002:a05:6a00:4508:b0:56d:8afe:b7c1 with SMTP id
 cw8-20020a056a00450800b0056d8afeb7c1mr11763921pfb.29.1667356975825;
        Tue, 01 Nov 2022 19:42:55 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.54
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:55 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 16/20] qemu-native: Add PACKAGECONFIG option for
 jack
Date: Tue,  1 Nov 2022 16:42:06 -1000
Message-Id: 
 <7c8f23aa594175f2169df0d62051bf42d491a1bb.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172556

From: Jeremy Puhlman <jpuhlman@mvista.com>

With libjack-devel or jack-audio-connection-kit-devel, qemu-native
detects the library/header and tries to build with it. Since its
missing from the sysroot, it fails to build.

 -O2 -fPIE -D_REENTRANT -Wno-undef -MD -MQ libcommon.fa.p/audio_jackaudio.c.o
-MF libcommon.fa.p/audio_jackaudio.c.o.d -o libcommon.fa.p/audio_jackaudio.c.o
-c ../qemu-6.2.0/audio/jackaudio.c
| ../qemu-6.2.0/audio/jackaudio.c:34:10: fatal error: jack/jack.h: No such file
or directory
|    34 | #include <jack/jack.h>
|       |          ^~~~~~~~~~~~~
| compilation terminated.

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 27260be388f7f9f324ff405e7d8e254925b4ae90)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 3908aa0c7c..55aced9f9a 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -199,6 +199,7 @@ PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma"
 PACKAGECONFIG[vde] = "--enable-vde,--disable-vde"
 PACKAGECONFIG[slirp] = "--enable-slirp=internal,--disable-slirp"
 PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi"
+PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack,"
 
 INSANE_SKIP:${PN} = "arch"
 

From patchwork Wed Nov  2 02:42:07 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14666
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E54A4C433FE
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:01 +0000 (UTC)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by mx.groups.io with SMTP id smtpd.web09.1962.1667356978809709232
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=fXTYwxD+;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f176.google.com with SMTP id y13so15190589pfp.7
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:42:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=g0Tp5J7jLn1xY+/g437xXHA2BsXvB8wll9TLtvE0VcU=;
        b=fXTYwxD+VGDGM5vBIuDW+G2qUr4k8uLqwk705GrHVBDZTnbNUAqUtgiyfvd4ix2bPe
         yl6jRcxqnApDrLMtAp+flv9LUFi+TjoeHiq2SEUT2p31JLFNt53IswxebYo8e19L4PFM
         Av20DXu81qlrTmuMc1xFiE61XgRXx4bXhWOBnbCZMSYgoRiKiGlUMoHLGKlMI7nA0THq
         IOy7FCDpYmAPK00UdXkfPnWRUuAylDHaU35oB231ujlNN369kCJlNkifSpxiSF1YJac0
         8ybEKwBbErUSfz1HQBdOmaWOSk3/BgNo0lLGYI3QMTNvlYkSZwXpyMi32h6XEKzRQBfz
         QqXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=g0Tp5J7jLn1xY+/g437xXHA2BsXvB8wll9TLtvE0VcU=;
        b=HeM0sBZqrF6i7UDYBx+z1b20MT4WeJRVqQ1NOKAyqKYwr6rFJ9iBV/yEnnDYL9WR8H
         jgETjnuDIRMm70HMrIRw0piys/HtHsREL1JuMbpQfQz87MjLzUKtfsqrXDSv3hY4PIro
         VvyJKzy7XS0n6VN6nRTMTTQJSmmzK9BQoQMUF5ynlr9RHLWwmJqFJ1N5linCIgc8Jx1P
         qnCee/caQa5T+qyJ+eMXX4eyKn4NdTLND+29VFe8ie2Gla+NZKO1rmLig59KQSav9Xxv
         LpcSXI5P8GlkvDgjkvNtWXDN8QFiB82HPVGuptdkDrKG9HQ1F6JcWaNbJUfW4Y92Ryjz
         mPzg==
X-Gm-Message-State: ACrzQf2MVlPz4siJ81CAGJdnK6Y2+E9KkUGY3eaQIBMfaZaa06U5uDIe
	HB3B501eNKT2Kb+mgcmMdcbMtEIC5pr074K4
X-Google-Smtp-Source: 
 AMsMyM7iupN9A3T6k6bKtHfUzjPOfdyl7bfDTk5oRs/P7etnDPTGQKx+/WxWEg5fbJkXbZ5wNIScHw==
X-Received: by 2002:a05:6a00:16c1:b0:563:177f:99ee with SMTP id
 l1-20020a056a0016c100b00563177f99eemr23060405pfc.7.1667356977783;
        Tue, 01 Nov 2022 19:42:57 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.56
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:57 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 17/20] runqemu: Do not perturb script environment
Date: Tue,  1 Nov 2022 16:42:07 -1000
Message-Id: 
 <91c2449d4e873b2cec8777d71e218a12f899669d.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172557

From: Joshua Watt <JPEWhacker@gmail.com>

Instead of changing the script environment to affect the child
processes, make a copy of the environment with modifications and pass
that to subprocess.

Specifically, when dri rendering is enabled, LD_PRELOAD was being passed
to all processes created by the script which resulted in other commands
(e.g. stty) exiting with a failure like:

 /bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE

Making a copy of the environment fixes this because the LD_PRELOAD is
now only passed to qemu itself.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2232599d330bd5f2a9e206b490196569ad855de8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/runqemu | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/scripts/runqemu b/scripts/runqemu
index 983f7514c7..5daf492bac 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -210,6 +210,7 @@ class BaseConfig(object):
         self.mac_tap = "52:54:00:12:34:"
         self.mac_slirp = "52:54:00:12:35:"
         # pid of the actual qemu process
+        self.qemu_environ = os.environ.copy()
         self.qemupid = None
         # avoid cleanup twice
         self.cleaned = False
@@ -449,18 +450,19 @@ class BaseConfig(object):
         # As runqemu can be run within bitbake (when using testimage, for example),
         # we need to ensure that we run host pkg-config, and that it does not
         # get mis-directed to native build paths set by bitbake.
+        env = os.environ.copy()
         try:
-            del os.environ['PKG_CONFIG_PATH']
-            del os.environ['PKG_CONFIG_DIR']
-            del os.environ['PKG_CONFIG_LIBDIR']
-            del os.environ['PKG_CONFIG_SYSROOT_DIR']
+            del env['PKG_CONFIG_PATH']
+            del env['PKG_CONFIG_DIR']
+            del env['PKG_CONFIG_LIBDIR']
+            del env['PKG_CONFIG_SYSROOT_DIR']
         except KeyError:
             pass
         try:
-            dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True)
+            dripath = subprocess.check_output("PATH=/bin:/usr/bin:$PATH pkg-config --variable=dridriverdir dri", shell=True, env=env)
         except subprocess.CalledProcessError as e:
             raise RunQemuError("Could not determine the path to dri drivers on the host via pkg-config.\nPlease install Mesa development files (particularly, dri.pc) on the host machine.")
-        os.environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip()
+        self.qemu_environ['LIBGL_DRIVERS_PATH'] = dripath.decode('utf-8').strip()
 
         # This preloads uninative libc pieces and therefore ensures that RPATH/RUNPATH
         # in host mesa drivers doesn't trick uninative into loading host libc.
@@ -468,7 +470,7 @@ class BaseConfig(object):
         uninative_path = os.path.dirname(self.get("UNINATIVE_LOADER"))
         if os.path.exists(uninative_path):
             preload_paths = [os.path.join(uninative_path, i) for i in preload_items]
-            os.environ['LD_PRELOAD'] = " ".join(preload_paths)
+            self.qemu_environ['LD_PRELOAD'] = " ".join(preload_paths)
 
     def check_args(self):
         for debug in ("-d", "--debug"):
@@ -482,8 +484,8 @@ class BaseConfig(object):
                 sys.argv.remove(quiet)
 
         if 'gl' not in sys.argv[1:] and 'gl-es' not in sys.argv[1:]:
-            os.environ['SDL_RENDER_DRIVER'] = 'software'
-            os.environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false'
+            self.qemu_environ['SDL_RENDER_DRIVER'] = 'software'
+            self.qemu_environ['SDL_FRAMEBUFFER_ACCELERATION'] = 'false'
 
         unknown_arg = ""
         for arg in sys.argv[1:]:
@@ -1369,7 +1371,7 @@ class BaseConfig(object):
         # need our font setup and show-cusor below so we need to see what qemu --help says
         # is supported so we can pass our correct config in.
         if not self.nographic and not self.sdl and not self.gtk and not self.publicvnc and not self.egl_headless == True:
-            output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True)
+            output = subprocess.check_output([self.qemu_bin, "--help"], universal_newlines=True, env=self.qemu_environ)
             if "-display gtk" in output:
                 self.gtk = True
             elif "-display sdl" in output:
@@ -1393,7 +1395,7 @@ class BaseConfig(object):
                 if self.sdl == True:
                     self.qemu_opt += 'sdl,'
                 elif self.gtk == True:
-                    os.environ['FONTCONFIG_PATH'] = '/etc/fonts'
+                    self.qemu_environ['FONTCONFIG_PATH'] = '/etc/fonts'
                     self.qemu_opt += 'gtk,'
 
                 if self.gl == True:
@@ -1514,7 +1516,7 @@ class BaseConfig(object):
         if len(self.portlocks):
             for descriptor in self.portlocks.values():
                 pass_fds.append(descriptor.fileno())
-        process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds)
+        process = subprocess.Popen(cmds, stderr=subprocess.PIPE, pass_fds=pass_fds, env=self.qemu_environ)
         self.qemupid = process.pid
         retcode = process.wait()
         if retcode:

From patchwork Wed Nov  2 02:42:08 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14670
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E148EC4332F
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:01 +0000 (UTC)
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
 by mx.groups.io with SMTP id smtpd.web12.1988.1667356966975856675
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:43:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=3jGDjkUD;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f177.google.com with SMTP id k7so5580309pll.6
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:43:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Jd+pjbbiwQKgwvAQ5ausJeMub/6SaieGgjJLpPomlsk=;
        b=3jGDjkUD566VHvsC8iur5Eyxy3s8x1X+Y0/cdYlJybbYsFShmFNAsMBNWyJeImxJGU
         kSggmZLzd6LywXFkTuSRxTx8EhpoMQxKPAyiFgu2hHICd1DM/a4R6zI/tMGSMMSGFC7m
         BSyw1dkQnNWUpWIV/bgGfzFp7c7hjz6RiM+2PXzBhejF4bFUvGwQKlvAF0B0uafMZ2h/
         u+f9OgUG5RiwqTRLtE+IWvEKj8TTbmRotsVq05ph5d7FtP9gHyAcMWvWG1nEmq4Kznl/
         z9Neb045684+2Iv5xypoTxyc26qDx5cDuIJkN72AX4mcrPYlYcaP5c8Eg02ciZUfU8wA
         er4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Jd+pjbbiwQKgwvAQ5ausJeMub/6SaieGgjJLpPomlsk=;
        b=KcPd8BHbwNg7/YRW7b23ml7wmKlmGtGiPFyGExYE7QZd109F2PP0fHUFSfJIzhT+9x
         5WazT2ils0RRRLeq5pa9z1+MLdaZsiLodA9FVn9t9HAPPx62extccLJkXD75PD4lG21M
         KT6T4jwAWj5cZMzdRPh8lyKGrDp2V5+k/xUpXE4qHvSUmWoOE5aXFQa3rdd8TvvCyPtj
         hWlSpAr786MYY28RAKIoGx9DWQeNBhV5gCVoxbH2q8BAhFXWJ24JxUMq9/4nrSGugVVf
         Dg2W0dUWgoeYfOBehIZPlG9GYRm1eibNuQtDc6lpC95DsDCejeBvTtLADEldTqQpi2VO
         2Y8Q==
X-Gm-Message-State: ACrzQf2SDsqtwhrYU0A7KgvGWz90N2Q4hlM1h3hRXaOwW5WTBOyrZsc0
	XgWeUOLIjzVSvTnffsWw7vb61BKlTtbASNYc
X-Google-Smtp-Source: 
 AMsMyM6vUJee/5Lfc77ueM1Zg18e5eXuPp7E2hLexnU8XFJnOLefMy3FPtECDXh5UaNPjXjK3Xu6ZQ==
X-Received: by 2002:a17:90b:3901:b0:213:dfd5:a75f with SMTP id
 ob1-20020a17090b390100b00213dfd5a75fmr14292598pjb.233.1667356979633;
        Tue, 01 Nov 2022 19:42:59 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.42.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:42:59 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 18/20] runqemu: Fix gl-es argument from causing
 other arguments to be ignored
Date: Tue,  1 Nov 2022 16:42:08 -1000
Message-Id: 
 <dd1dcfada1fa46ecb8227c2852769b35026875d3.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172558

From: Joshua Watt <JPEWhacker@gmail.com>

The code to parse arguments was inadvertently skipping all arguments in
the elif block after gl-es if it was specified on the command line.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 718bb8d56f6a24c86e67830a7d13af54df2ebb4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/runqemu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/runqemu b/scripts/runqemu
index 5daf492bac..a6ea578564 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -499,7 +499,7 @@ class BaseConfig(object):
                 self.gtk = True
             elif arg == 'gl':
                 self.gl = True
-            elif 'gl-es' in sys.argv[1:]:
+            elif arg == 'gl-es':
                 self.gl_es = True
             elif arg == 'egl-headless':
                 self.egl_headless = True

From patchwork Wed Nov  2 02:42:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14672
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E546CC4332F
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:11 +0000 (UTC)
Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com
 [209.85.216.53])
 by mx.groups.io with SMTP id smtpd.web12.1993.1667356982409454199
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:43:02 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=7+uOC8tT;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.53,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f53.google.com with SMTP id
 m6-20020a17090a5a4600b00212f8dffec9so704064pji.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:43:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Kfwl+NSaZIz5m+rEfPPe28iX+t4OJg/KaIyVJuxOiis=;
        b=7+uOC8tT0ztbEp9EMXSgCHfxEUtNjl9B/cFzT03tWu6Qm5Pbhcak3OUoxv+w4gXZq2
         /X19HdH0jQVcg/a8ST2zOij8HxDuzL7OGZ1OzEqCxwDR1gb3c4xA0rADNA9wx6O53bwp
         QWkP4Bd2ROulFPn5fLcfB/WqtvZXnNhubyoQGi34qHozjgQ0wUqqe3+spKCQSv3MPn6b
         KCVkqnnRu/cm2xYcLb7F/DoRroWOyuwAtndzhwi/BDMpo3y85A2wnIKm+JXlvSaogvOD
         IfULDLgEJLgBl2/lQ7Zr2NsFZd2RSjjQ4Xl6YONHmzKag0GflWG9jellrd/1u8pD8a2W
         CjkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Kfwl+NSaZIz5m+rEfPPe28iX+t4OJg/KaIyVJuxOiis=;
        b=WJlsXccEmps1J3oddCxBAKwcnSveuDXnrJ4Sx7AH2U0kVddVsYnQxgFkeViK20/tee
         iW1zc5guF+4Z3HtxbDToA6EEbmf9DOT9hBB7R/V+EKD8It0f2gQrVIIGnBF9p8rgCwUs
         F302IT73Dx/iK3Qk+iXCAjCYpfoV3RbMMW5W6nRHsPmTEAjXOf6HWP+uiqvfywDJ/069
         myTXOnsaNywxKiyJlNXBSr4xU0N+LmfTFI6GN6Kz0tFR4a+6KjEH2uCa2Qf+VOWkH2ia
         ean0WWUegF0yud/G8Q32+DcmlgCTpluXZMD2UzKzwPDmrchHwL8IfPSXcBSzk4ZFU2Tj
         3EZQ==
X-Gm-Message-State: ACrzQf37P4YC7+ibJyLvN/8y6ydRBnfWOdMlfVfJ715hutLn9yDAcwqb
	10ePdjLgKkXMldSWTSFfiXgdLOk05lSVewt4
X-Google-Smtp-Source: 
 AMsMyM6J0pigVcpidtcg7Iwr/eVTP4vdCh6Xd0ZLGpT33RCkvWxgQTghj+nZvg3OCSiQCbgtz2dDvQ==
X-Received: by 2002:a17:90b:4a4a:b0:213:43bc:91b3 with SMTP id
 lb10-20020a17090b4a4a00b0021343bc91b3mr40604667pjb.151.1667356981410;
        Tue, 01 Nov 2022 19:43:01 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.43.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:43:01 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 19/20] overlayfs: Allow not used mount points
Date: Tue,  1 Nov 2022 16:42:09 -1000
Message-Id: 
 <c7c6b273656a3e2b8b959004b996e56d4086ce5e.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172559

From: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>

When machine configuration defines a mount point, which is not used in
any recipe, allow to fall through and only report a note in the logs.
This can be expected behavior, when a mount point is defined for several
machines, but not used in all of them

Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit a9c604b5e0d943b5b5f7c8bdd5be730c2abcf866)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/overlayfs.bbclass | 6 +++++-
 meta/lib/oe/overlayfs.py              | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/meta/classes-recipe/overlayfs.bbclass b/meta/classes-recipe/overlayfs.bbclass
index bdc6dd9d57..53d65d7531 100644
--- a/meta/classes-recipe/overlayfs.bbclass
+++ b/meta/classes-recipe/overlayfs.bbclass
@@ -102,7 +102,11 @@ python do_create_overlayfs_units() {
     overlayMountPoints = d.getVarFlags("OVERLAYFS_MOUNT_POINT")
     for mountPoint in overlayMountPoints:
         bb.debug(1, "Process variable flag %s" % mountPoint)
-        for lower in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+        lowerList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+        if not lowerList:
+            bb.note("No mount points defined for %s flag, skipping" % (mountPoint))
+            continue
+        for lower in lowerList.split():
             bb.debug(1, "Prepare mount unit for %s with data mount point %s" %
                      (lower, d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint)))
             prepareUnits(d.getVarFlag('OVERLAYFS_MOUNT_POINT', mountPoint), lower)
diff --git a/meta/lib/oe/overlayfs.py b/meta/lib/oe/overlayfs.py
index 8d7a047125..8b88900f71 100644
--- a/meta/lib/oe/overlayfs.py
+++ b/meta/lib/oe/overlayfs.py
@@ -40,7 +40,11 @@ def unitFileList(d):
             bb.fatal("Missing required mount point for OVERLAYFS_MOUNT_POINT[%s] in your MACHINE configuration" % mountPoint)
 
     for mountPoint in overlayMountPoints:
-        for path in d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint).split():
+        mountPointList = d.getVarFlag('OVERLAYFS_WRITABLE_PATHS', mountPoint)
+        if not mountPointList:
+            bb.debug(1, "No mount points defined for %s flag, don't add to file list", mountPoint)
+            continue
+        for path in mountPointList.split():
             fileList.append(mountUnitName(path))
             fileList.append(helperUnitName(path))
 

From patchwork Wed Nov  2 02:42:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 14671
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5444C433FE
	for <webhook@archiver.kernel.org>; Wed,  2 Nov 2022 02:43:11 +0000 (UTC)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web11.1945.1667356984310796107
 for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:43:04 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=6lRqdEph;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.46,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f46.google.com with SMTP id
 z5-20020a17090a8b8500b00210a3a2364fso2670532pjn.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 01 Nov 2022 19:43:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=9OxOzJe6DDwf+1/vHLVOzCmOVeAgwND7ERxnfOq0hkQ=;
        b=6lRqdEph07bfkSIf8GV25/YNm3EXgTwvG/AsDtCNqZ0m7SkhvrZL1zXznOljzuGw01
         SGtFtFf2b5e+/k4UVcj69IPtegr6Nfjn5nwdU6yiU/Xu9gaI/CrACGKj/zC9dHYKCmh4
         fkeh7PhL2fiTxr2VM445CyQBweuR4qxLFJ95Vdd6xrP/Ytg6lF3dcuevGardyz3JvQHy
         GBbGR+VCHIy4M8AMCwd10JqwIdQHhdOdyacEaN0EYbcgEoeOJY12u2gijzecaXrGDPix
         J6tZB+6czi6nzSCzhG6DV8+89zW9udTy4VCwJQP2EJ0iI+Bztp9bZxVHZ6I2pF4CWE+q
         ZJqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=9OxOzJe6DDwf+1/vHLVOzCmOVeAgwND7ERxnfOq0hkQ=;
        b=Ka+EPqAhACvNf2CW6fEmFyKLRWhD60y0P0Ajlo/1q9CpBR34+qV9Dt1/jBACChdk1B
         OZXDdDEkildCaprXJd4x9NJfzIb/uiBWXcwmmJKL0i0JM07PdrK5chxs1nv38dmoAFs3
         H2f4rtETYj4tk1Yyb8Ovn7mXXZB9ii+rZNfzdn013dn3sTRh7/hI0SB1dhN/d61sqRHQ
         Gj7EIARgjBPL5RchIL8UBZ3YX/a0ZWEhiAox2Br4jo6HJdpk1gslZx5NeGZWC4tj4Pm9
         zzitJ2NlWYqRB/hudnEtIKzCn1nWdGThspY2UgURecsKKHNY5B1lOg8uMLCgFxeaITIz
         QfDQ==
X-Gm-Message-State: ACrzQf2okEDvms64h1kb9d4vQ62WzC0I7lr7U7b9k8rHlVmNs7FAHRXJ
	lu5z9MRLDVQy4nLLFCRypFagH8sEWu7GWDHB
X-Google-Smtp-Source: 
 AMsMyM7eibJTVkVjYxhjJsNlGJVmOgW0WVoDMNWXpuiiee33j1vr5WVv53SVkBX4Roz/zUJGFbh3jQ==
X-Received: by 2002:a17:90a:c56:b0:213:d200:e958 with SMTP id
 u22-20020a17090a0c5600b00213d200e958mr16662392pje.6.1667356983379;
        Tue, 01 Nov 2022 19:43:03 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 d18-20020a170902e15200b00186da904da0sm1462846pla.154.2022.11.01.19.43.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Nov 2022 19:43:03 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][langdale 20/20] gnutls: upgrade 3.7.7 -> 3.7.8
Date: Tue,  1 Nov 2022 16:42:10 -1000
Message-Id: 
 <a583ac20cc82ede59e1a4e30708cf5434b49ce37.1667356805.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1667356805.git.steve@sakoman.com>
References: <cover.1667356805.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 02 Nov 2022 02:43:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/172560

From: wangmy <wangmy@fujitsu.com>

Changelog:
=========
** libgnutls: In FIPS140 mode, RSA signature verification is an approved
   operation if the key has modulus with known sizes (1024, 1280,
   1536, and 1792 bits), in addition to any modulus sizes larger than
   2048 bits, according to SP800-131A rev2.

** libgnutls: gnutls_session_channel_binding performs additional checks when
   GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
   "tls-exporter" channel binding is only usable when the handshake is
   bound to a unique master secret (i.e., either TLS 1.3 or extended
   master secret extension is negotiated). Otherwise the function now
   returns error.

** libgnutls: usage of the following functions, which are designed to
   loosen restrictions imposed by allowlisting mode of configuration,
   has been additionally restricted. Invoking them is now only allowed
   if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 858886aa07d0c2c2ef2489996cc8eca5fbe931fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../recipes-support/gnutls/{gnutls_3.7.7.bb => gnutls_3.7.8.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/gnutls/{gnutls_3.7.7.bb => gnutls_3.7.8.bb} (97%)

diff --git a/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/meta/recipes-support/gnutls/gnutls_3.7.8.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.7.7.bb
rename to meta/recipes-support/gnutls/gnutls_3.7.8.bb
index c7d782e4eb..8f979a5b99 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.7.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.8.bb
@@ -24,7 +24,7 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
            "
 
-SRC_URI[sha256sum] = "be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106"
+SRC_URI[sha256sum] = "c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc