From patchwork Tue May  9 22:32:27 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23757
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9DECAC7EE26
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:32:55 +0000 (UTC)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by mx.groups.io with SMTP id smtpd.web10.3051.1683671570184988800
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:50 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=5GYP2ISB;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f176.google.com with SMTP id
 d2e1a72fcca58-6439bbc93b6so4334064b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671569;
 x=1686263569;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TciNgDxDqxwrKCzygVRi6uG3xwpr3U1O7Y5NvpuFoE0=;
        b=5GYP2ISBsqh8pmKg7s35sVPtf6qeVmXmAJs3rrGkRQprA/GKwg3Y128YtN06FCUWDU
         VYuQ5TBcLpW9bkLGeNLAai5kh+Na/wHeR8ISYrK6hAgowaBxb9wkwRbAFERV80dpwryN
         9UKTegwNFNQIv7yI1Sna6YV9/6kNYVpNTgTpmIsqMH/zKbLQC5BcmzVoumryY3k9425y
         LXQFOWawdugAuUzhYq6x0CSIbEY6FG0uf5ljGkyUaHD/Ds9uFdgQ1DVtpLdIMuM3C6pb
         UHE3ixRnNGNCyKlN17D4qIcYYUyfjZOzNFxCVySYtdZFFs3Tk/2bqAjIf4coodpmywtD
         m7GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671569; x=1686263569;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=TciNgDxDqxwrKCzygVRi6uG3xwpr3U1O7Y5NvpuFoE0=;
        b=JCHJJacNo8sZLD7ugofBwgauiFs65E3x28A8RkMgiEfS9xklMmlbHr8xODI9miKqUl
         d78hnlKSY15J9foFtkZ7XgdAnEoWrrOEwEz5NRzud+boB9oHzLaeLW/UmueUPDbW99zN
         O8SK/N507UeoySOPhVNFs2T3BKQsdAof6G5oEoKpWEMD39Mtc82v/QK9q1EfUIyDJxoD
         6pc38dJH8adVWvmL0GP/Bd2KtMDBbs+a1ZaNVAFb9Ez5jqWoMXMidVHOUrUplYEaoerx
         YyfMQuU8psAjvDJR6yxWNfyUk5Ep1RMcVfx8y3/xX5b+nfUD7QkRwW13AJHIgz5TNvvt
         kphQ==
X-Gm-Message-State: AC+VfDwAZlp+6pKvW0dcUELCcPs03S6jMYu/ob9sG4PH3RTNryi+A/fj
	Thb8C/poV/fzcT6wPttTlHSBL+HNqJNjavOeBlY=
X-Google-Smtp-Source: 
 ACHHUZ7xVD4748KUCDl6xyn5RcesuCEMP5kxYhxPLqbJmcxpwzlHaM5taN01D1USyAGHyB5Mm6q6uw==
X-Received: by 2002:a05:6a20:1455:b0:f2:7dd:2753 with SMTP id
 a21-20020a056a20145500b000f207dd2753mr21042375pzi.33.1683671568912;
        Tue, 09 May 2023 15:32:48 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.48
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:48 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 01/15] git: fix CVE-2023-29007
Date: Tue,  9 May 2023 12:32:27 -1000
Message-Id: 
 <1b55343b6346437b80b8a8180ae1bc9f480d92ef.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:32:55 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181086

From: Archana Polampalli <archana.polampalli@windriver.com>

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted
`.gitmodules` file with submodule URLs that are longer than 1024 characters can used
to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug
can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when
attempting to remove the configuration section associated with that submodule. When the
attacker injects configuration values which specify executables to run (such as
`core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,
2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running
`git submodule deinit` on untrusted repositories or without prior inspection of any
submodule sections in `$GIT_DIR/config`.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29007

Upstream patches:
https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../git/git/CVE-2023-29007.patch              | 162 ++++++++++++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |   1 +
 2 files changed, 163 insertions(+)
 create mode 100644 meta/recipes-devtools/git/git/CVE-2023-29007.patch

diff --git a/meta/recipes-devtools/git/git/CVE-2023-29007.patch b/meta/recipes-devtools/git/git/CVE-2023-29007.patch
new file mode 100644
index 0000000000..472f4022b2
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2023-29007.patch
@@ -0,0 +1,162 @@
+From 057c07a7b1fae22fdeef26c243f4cfbe3afc90ce Mon Sep 17 00:00:00 2001
+From: Taylor Blau <me@ttaylorr.com>
+Date: Fri, 14 Apr 2023 11:46:59 -0400
+Subject: [PATCH] Merge branch 'tb/config-copy-or-rename-in-file-injection'
+
+Avoids issues with renaming or deleting sections with long lines, where
+configuration values may be interpreted as sections, leading to
+configuration injection. Addresses CVE-2023-29007.
+
+* tb/config-copy-or-rename-in-file-injection:
+  config.c: disallow overly-long lines in `copy_or_rename_section_in_file()`
+  config.c: avoid integer truncation in `copy_or_rename_section_in_file()`
+  config: avoid fixed-sized buffer when renaming/deleting a section
+  t1300: demonstrate failure when renaming sections with long lines
+
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+
+Upstream-Status: Backport
+CVE: CVE-2023-29007
+
+Reference to upstream patch:
+https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ config.c          | 36 +++++++++++++++++++++++++-----------
+ t/t1300-config.sh | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+), 11 deletions(-)
+
+diff --git a/config.c b/config.c
+index 2bffa8d..6a01938 100644
+--- a/config.c
++++ b/config.c
+@@ -3192,9 +3192,10 @@ void git_config_set_multivar(const char *key, const char *value,
+					flags);
+ }
+
+-static int section_name_match (const char *buf, const char *name)
++static size_t section_name_match (const char *buf, const char *name)
+ {
+-	int i = 0, j = 0, dot = 0;
++	size_t i = 0, j = 0;
++	int dot = 0;
+	if (buf[i] != '[')
+		return 0;
+	for (i = 1; buf[i] && buf[i] != ']'; i++) {
+@@ -3247,6 +3248,8 @@ static int section_name_is_ok(const char *name)
+	return 1;
+ }
+
++#define GIT_CONFIG_MAX_LINE_LEN (512 * 1024)
++
+ /* if new_name == NULL, the section is removed instead */
+ static int git_config_copy_or_rename_section_in_file(const char *config_filename,
+				      const char *old_name,
+@@ -3256,11 +3259,12 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+	char *filename_buf = NULL;
+	struct lock_file lock = LOCK_INIT;
+	int out_fd;
+-	char buf[1024];
++	struct strbuf buf = STRBUF_INIT;
+	FILE *config_file = NULL;
+	struct stat st;
+	struct strbuf copystr = STRBUF_INIT;
+	struct config_store_data store;
++	uint32_t line_nr = 0;
+
+	memset(&store, 0, sizeof(store));
+
+@@ -3297,16 +3301,25 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+		goto out;
+	}
+
+-	while (fgets(buf, sizeof(buf), config_file)) {
+-		unsigned i;
+-		int length;
++	while (!strbuf_getwholeline(&buf, config_file, '\n')) {
++		size_t i, length;
+		int is_section = 0;
+-		char *output = buf;
+-		for (i = 0; buf[i] && isspace(buf[i]); i++)
++		char *output = buf.buf;
++
++		line_nr++;
++
++		if (buf.len >= GIT_CONFIG_MAX_LINE_LEN) {
++			ret = error(_("refusing to work with overly long line "
++				      "in '%s' on line %"PRIuMAX),
++				    config_filename, (uintmax_t)line_nr);
++			goto out;
++		}
++
++		for (i = 0; buf.buf[i] && isspace(buf.buf[i]); i++)
+			; /* do nothing */
+-		if (buf[i] == '[') {
++		if (buf.buf[i] == '[') {
+			/* it's a section */
+-			int offset;
++			size_t offset;
+			is_section = 1;
+
+			/*
+@@ -3323,7 +3336,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+				strbuf_reset(&copystr);
+			}
+
+-			offset = section_name_match(&buf[i], old_name);
++			offset = section_name_match(&buf.buf[i], old_name);
+			if (offset > 0) {
+				ret++;
+				if (new_name == NULL) {
+@@ -3398,6 +3411,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ out_no_rollback:
+	free(filename_buf);
+	config_store_data_clear(&store);
++	strbuf_release(&buf);
+	return ret;
+ }
+
+diff --git a/t/t1300-config.sh b/t/t1300-config.sh
+index 78359f1..b07feb1 100755
+--- a/t/t1300-config.sh
++++ b/t/t1300-config.sh
+@@ -617,6 +617,36 @@ test_expect_success 'renaming to bogus section is rejected' '
+	test_must_fail git config --rename-section branch.zwei "bogus name"
+ '
+
++test_expect_success 'renaming a section with a long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %1024s [a] e = f\\n" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	git config -f y --rename-section a xyz &&
++	test_must_fail git config -f y b.e
++'
++
++test_expect_success 'renaming an embedded section with a long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %1024s [a] [foo] e = f\\n" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	git config -f y --rename-section a xyz &&
++	test_must_fail git config -f y foo.e
++'
++
++test_expect_success 'renaming a section with an overly-long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %525000s e" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	test_must_fail git config -f y --rename-section a xyz 2>err &&
++	test_i18ngrep "refusing to work with overly long line in .y. on line 2" err
++'
++
+ cat >> .git/config << EOF
+   [branch "zwei"] a = 1 [branch "vier"]
+ EOF
+--
+2.40.0
diff --git a/meta/recipes-devtools/git/git_2.35.7.bb b/meta/recipes-devtools/git/git_2.35.7.bb
index faf0b67051..199ac950fa 100644
--- a/meta/recipes-devtools/git/git_2.35.7.bb
+++ b/meta/recipes-devtools/git/git_2.35.7.bb
@@ -10,6 +10,7 @@ PROVIDES:append:class-native = " git-replacement-native"
 SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
            file://fixsort.patch \
            file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \
+           file://CVE-2023-29007.patch \
            "
 
 S = "${WORKDIR}/git-${PV}"

From patchwork Tue May  9 22:32:28 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23756
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 84802C7EE22
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:32:55 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web10.3052.1683671571784448099
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:51 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=wfm1YuDf;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-64115eef620so45958644b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671571;
 x=1686263571;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=dFdYxJsMgKXX+s4jmDU2zt/Davmm/8AoNeWL1scGzAg=;
        b=wfm1YuDfnA355OPtdq+ykJjxfQxExviJHHwyf/kS7dhSQyK+iLKL2P9BnTVzTZpDJx
         4VtAH0wsdLsdi2lVMy4dOQiwl6Vtdltt6l+JNYiRSLEcrNPMJLYgpF3HG9EeOZUxVTgb
         5QCuSCVns5IVHZCXI3WmaG3VY7MgY3x3veAJSSqdD/36yhY9jXcbyr2ts8/xT9rbqLVJ
         R9CqwX1hZRwSx79vEXwQ9MZmpnV8EVTjs0B8kRrbJQu0L/vd8LO3EDYzOQsBi7DOjWPD
         5GCQforDPzlz6byBvwJRXKpKoJMsh/U9wwJ5Jr8DhTTDifJP5FV/pu1NLV2o7x0SHUEd
         X6Pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671571; x=1686263571;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=dFdYxJsMgKXX+s4jmDU2zt/Davmm/8AoNeWL1scGzAg=;
        b=g2VBllhVsaoUQf0r62NtCLPMsqjx8kjMi21op1k11JzcrqV7nFGsgtAEkpP5YGQDFR
         lMayXIHEjVswRr2li47Pz+50zva5rMBWTloBD/DhY8pOFWqttp4TS9Z81sAtjwsCTb8W
         Dw1mXYpPaw/0qZNdergaCGC8yhksM1QMocosUqPBJ/IgcF8vDL+9s2MUA+lK8YzQOK9z
         hl4maZn1bL5KgsAtRI81qh2/fOMskzlEgue56IoqC8X72OG0Mt2aKbZrUUsUDMJnHsZJ
         aS1ETtGsIyeYbcxS1H6XYmpuJeUZSsSokJAAo14SbFcKZF3fD0SHHYfdV07BiyshaoJZ
         fzuw==
X-Gm-Message-State: AC+VfDw1yC4r3Iw8XxinrcKV1u989FOnus+VlkzyaH5JITiIie5dfNeN
	fQZYcdOaCoUKA0UHouvxQHKI7w9n06FpetPOGYc=
X-Google-Smtp-Source: 
 ACHHUZ4kQFgcyQLwBW0t4WOTkkJkTs7soP8pwFDJriHa8fQJefw7Qf98hwlxFcdU/JlgiAPK5X79jQ==
X-Received: by 2002:a05:6a00:2ea9:b0:63b:8963:d952 with SMTP id
 fd41-20020a056a002ea900b0063b8963d952mr18036001pfb.17.1683671570674;
        Tue, 09 May 2023 15:32:50 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.49
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:50 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 02/15] git: fix CVE-2023-25652
Date: Tue,  9 May 2023 12:32:28 -1000
Message-Id: 
 <335ad8a6d795cd94b872370e44a033ce3fbf4890.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:32:55 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181087

From: Archana Polampalli <archana.polampalli@windriver.com>

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652

Upstream patches:
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../git/git/CVE-2023-25652.patch              | 94 +++++++++++++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |  1 +
 2 files changed, 95 insertions(+)
 create mode 100644 meta/recipes-devtools/git/git/CVE-2023-25652.patch

diff --git a/meta/recipes-devtools/git/git/CVE-2023-25652.patch b/meta/recipes-devtools/git/git/CVE-2023-25652.patch
new file mode 100644
index 0000000000..825701eaff
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2023-25652.patch
@@ -0,0 +1,94 @@
+From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
+Date: Thu Mar 9 16:02:54 2023 +0100
+Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it
+ exists
+
+   The `git apply --reject` is expected to write out `.rej` files in case
+   one or more hunks fail to apply cleanly. Historically, the command
+   overwrites any existing `.rej` files. The idea being that
+   apply/reject/edit cycles are relatively common, and the generated `.rej`
+   files are not considered precious.
+
+    But the command does not overwrite existing `.rej` symbolic links, and
+    instead follows them. This is unsafe because the same patch could
+    potentially create such a symbolic link and point at arbitrary paths
+    outside the current worktree, and `git apply` would write the contents
+    of the `.rej` file into that location.
+
+    Therefore, let's make sure that any existing `.rej` file or symbolic
+    link is removed before writing it.
+
+    Reported-by: RyotaK <ryotak.mail@gmail.com>
+    Helped-by: Taylor Blau <me@ttaylorr.com>
+    Helped-by: Junio C Hamano <gitster@pobox.com>
+    Helped-by: Linus Torvalds <torvalds@linuxfoundation.org>
+    Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+CVE: CVE-2023-25652
+Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ apply.c                  | 14 ++++++++++++--
+ t/t4115-apply-symlink.sh | 15 +++++++++++++++
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/apply.c b/apply.c
+index fc6f484..47f2686 100644
+--- a/apply.c
++++ b/apply.c
+@@ -4584,7 +4584,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+	FILE *rej;
+	char namebuf[PATH_MAX];
+	struct fragment *frag;
+-	int cnt = 0;
++	int fd, cnt = 0;
+	struct strbuf sb = STRBUF_INIT;
+
+	for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) {
+@@ -4624,7 +4624,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+	memcpy(namebuf, patch->new_name, cnt);
+	memcpy(namebuf + cnt, ".rej", 5);
+
+-	rej = fopen(namebuf, "w");
++	fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++	if (fd < 0) {
++		if (errno != EEXIST)
++			return error_errno(_("cannot open %s"), namebuf);
++		if (unlink(namebuf))
++			return error_errno(_("cannot unlink '%s'"), namebuf);
++		fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++		if (fd < 0)
++			return error_errno(_("cannot open %s"), namebuf);
++	}
++	rej = fdopen(fd, "w");
+	if (!rej)
+		return error_errno(_("cannot open %s"), namebuf);
+
+diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh
+index 65ac7df..e95e6d4 100755
+--- a/t/t4115-apply-symlink.sh
++++ b/t/t4115-apply-symlink.sh
+@@ -126,4 +126,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' '
+	test_path_is_file .git/delete-me
+ '
+
++test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' '
++	test_when_finished "git reset --hard && git clean -dfx" &&
++
++	test_commit file &&
++	echo modified >file.t &&
++	git diff -- file.t >patch &&
++	echo modified-again >file.t &&
++
++	ln -s foo file.t.rej &&
++	test_must_fail git apply patch --reject 2>err &&
++	test_i18ngrep "Rejected hunk" err &&
++	test_path_is_missing foo &&
++	test_path_is_file file.t.rej
++'
++
+ test_done
+--
+2.40.0
diff --git a/meta/recipes-devtools/git/git_2.35.7.bb b/meta/recipes-devtools/git/git_2.35.7.bb
index 199ac950fa..99d3d70683 100644
--- a/meta/recipes-devtools/git/git_2.35.7.bb
+++ b/meta/recipes-devtools/git/git_2.35.7.bb
@@ -11,6 +11,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
            file://fixsort.patch \
            file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \
            file://CVE-2023-29007.patch \
+           file://CVE-2023-25652.patch \
            "
 
 S = "${WORKDIR}/git-${PV}"

From patchwork Tue May  9 22:32:29 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23758
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 92C75C77B75
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:32:55 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web10.3054.1683671573412115255
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:53 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=Hp/o4PRq;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-643a1656b79so4266533b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671572;
 x=1686263572;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=feHjBeToHJfaALxNwU2araMQ339rVDEdUH8gcvaSILk=;
        b=Hp/o4PRqg+PE7ztLGfuZP5HkXSAKkfJam9tiD2MDKz9lc9vsBL9RIEfwGqTOQhgXw7
         VEvH0j3MDUFMnF6chaUUhrJRqwF0/Xfq6nL/+cdoeSS1rLbRCZjmysL0hMAodeDiyBDg
         H7wZVZ5C/Yk3Z8QiCac2BzwWg6xiusMzeWC1vmIrc25UMUs8KvJaNqb1jPDL9QRL9XOK
         nCpnkfxCE/mj9M7D0RHiUZ3o6Pu5AFHlzbZVup/Ibhr7sOWX5SbOWUzO1uf+X//fmQLO
         6M9bqVOBtD5pFpUu5q1SyJARHUiFfUg9C8bPPK+f5G+6sOuo8lpkTyvexQHziN3O5qG4
         kywA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671572; x=1686263572;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=feHjBeToHJfaALxNwU2araMQ339rVDEdUH8gcvaSILk=;
        b=Zv1JFGsIAbrYzO9/KS8oSSM1AKjTcrNn6YzhZOGenb+uYwz0EtR/PI9py/WDxkRfBM
         26TRWeTYQetxf4CjGaFzPYpnq32pmzjdFKMK02bypnZ7efJl6Iihz60W/OK3yvEqz/2i
         C49FRiOLpdyY+qblon6S/nOxeXDGK6S2KGAtFGBxeSx3CPemAVgr+f0zq80DMxFh8Vgd
         PK8RgOSf3jSCMUFyp7ZzFZBurUGujmcFXmWZ90uztrr+XpmB5/9T5jYtCQ1h3y6rR7gj
         ThFxMyvS6QwlNkctEXQw4n9frNemvWXxt7MALJb9KKUe1tzjPn9EafTdmrRVCPU2MSB+
         aD9g==
X-Gm-Message-State: AC+VfDyI3R1vvB6Zt7fwrQIdICN/E8BLyfxanAVoGgkvYeuxHVkK/OU7
	I9yIcJ7eDCMS/4G5hW0WDXZRfhhNLFYV/RvCcYM=
X-Google-Smtp-Source: 
 ACHHUZ4+q406hBGemIJgOtoUKJgqsbYX4RWcuFMGiTkb2+EiOC/HuO06nq2QFHqypKiAMWZNlQfSyg==
X-Received: by 2002:a05:6a00:150b:b0:645:c730:f826 with SMTP id
 q11-20020a056a00150b00b00645c730f826mr13471772pfu.24.1683671572383;
        Tue, 09 May 2023 15:32:52 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.51
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:52 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 03/15] libxml2: patch CVE-2023-28484 and
 CVE-2023-29469
Date: Tue,  9 May 2023 12:32:29 -1000
Message-Id: 
 <7d03d5dbc98aa701869c73c1c55a5868c70c5287.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:32:55 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181088

From: Peter Marko <peter.marko@siemens.com>

Backports from:
* https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68
* https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libxml/libxml2/CVE-2023-28484.patch       | 79 +++++++++++++++++++
 .../libxml/libxml2/CVE-2023-29469.patch       | 42 ++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |  2 +
 3 files changed, 123 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
new file mode 100644
index 0000000000..907f2c4d47
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
@@ -0,0 +1,79 @@
+From e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:46:35 +0200
+Subject: [PATCH] [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
+
+Fix a null pointer dereference when parsing (invalid) XML schemas.
+
+Thanks to Robby Simpson for the report!
+
+Fixes #491.
+
+CVE: CVE-2023-28484
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ result/schemas/issue491_0_0.err |  1 +
+ test/schemas/issue491_0.xml     |  1 +
+ test/schemas/issue491_0.xsd     | 18 ++++++++++++++++++
+ xmlschemas.c                    |  2 +-
+ 4 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 result/schemas/issue491_0_0.err
+ create mode 100644 test/schemas/issue491_0.xml
+ create mode 100644 test/schemas/issue491_0.xsd
+
+diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
+new file mode 100644
+index 00000000..9b2bb969
+--- /dev/null
++++ b/result/schemas/issue491_0_0.err
+@@ -0,0 +1 @@
++./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
+diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
+new file mode 100644
+index 00000000..e2b2fc2e
+--- /dev/null
++++ b/test/schemas/issue491_0.xml
+@@ -0,0 +1 @@
++<Child xmlns="http://www.test.com">5</Child>
+diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
+new file mode 100644
+index 00000000..81702649
+--- /dev/null
++++ b/test/schemas/issue491_0.xsd
+@@ -0,0 +1,18 @@
++<?xml version='1.0' encoding='UTF-8'?>
++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified">
++  <xs:complexType name="BaseType">
++    <xs:simpleContent>
++      <xs:extension base="xs:int" />
++    </xs:simpleContent>
++  </xs:complexType>
++  <xs:complexType name="ChildType">
++    <xs:complexContent>
++      <xs:extension base="BaseType">
++        <xs:sequence>
++          <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/>
++        </xs:sequence>
++      </xs:extension>
++    </xs:complexContent>
++  </xs:complexType>
++  <xs:element name="Child" type="ChildType" />
++</xs:schema>
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 6a353858..a4eaf591 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -18632,7 +18632,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
+ 			"allowed to appear inside other model groups",
+ 			NULL, NULL);
+ 
+-		} else if (! dummySequence) {
++		} else if ((!dummySequence) && (baseType->subtypes != NULL)) {
+ 		    xmlSchemaTreeItemPtr effectiveContent =
+ 			(xmlSchemaTreeItemPtr) type->subtypes;
+ 		    /*
+-- 
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
new file mode 100644
index 0000000000..f60d160c49
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
@@ -0,0 +1,42 @@
+From 547edbf1cbdccd46b2e8ff322a456eaa5931c5df Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Apr 2023 11:49:27 +0200
+Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
+ deterministic
+
+When hashing empty strings which aren't null-terminated,
+xmlDictComputeFastKey could produce inconsistent results. This could
+lead to various logic or memory errors, including double frees.
+
+For consistency the seed is also taken into account, but this shouldn't
+have an impact on security.
+
+Found by OSS-Fuzz.
+
+Fixes #510.
+
+CVE: CVE-2023-29469
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ dict.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dict.c b/dict.c
+index 86c3f6d7..d7fd1a06 100644
+--- a/dict.c
++++ b/dict.c
+@@ -433,7 +433,8 @@ static unsigned long
+ xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
+     unsigned long value = seed;
+ 
+-    if (name == NULL) return(0);
++    if ((name == NULL) || (namelen <= 0))
++        return(value);
+     value += *name;
+     value <<= 5;
+     if (namelen > 10) {
+-- 
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index e15f8eb13f..9241b279e4 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -25,6 +25,8 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
            file://0001-Port-gentest.py-to-Python-3.patch \
            file://CVE-2022-40303.patch \
            file://CVE-2022-40304.patch \
+           file://CVE-2023-28484.patch \
+           file://CVE-2023-29469.patch \
            "
 
 SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"

From patchwork Tue May  9 22:32:30 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23763
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 73FCEC7EE2A
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:05 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web11.2946.1683671575995507975
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:56 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=UkTlOg8t;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-64389a44895so5293820b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671575;
 x=1686263575;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=CT0dkpWNucJG1rzG/XtUWCABcWDDZjw0CJ+BQ8d3bU0=;
        b=UkTlOg8t/I7Kna8z0NCRJMwFjtg9fXVuzJ7ShCN7Bz6/u5Ow5de52gaSp1h4nq3ttf
         IVcqjWx/vCbmJPpoPROZ52iyNvrZTRTLBbjyJG7axuIznwqOnOuJtMHtEG5v0cfAEfmf
         ElU8J+S8UKsEbEbU7xcy+PDSgIMRBrTVUmU/BfZ+lsk9gBIu4J9Wj1s6q1sHFjW12Z8w
         c65zxN6K/2sXrzuCz267SX/SJMmlQRckTjoiV0I2gMAn9iHng091RAw21vM9lkpTwJo1
         2D5C/7E6Q7rbJKmyVvSo8LzP7AYby6KCVYY0VVGCJWq3srYIFCCn/6FwbDQL1b8jNjv2
         kxjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671575; x=1686263575;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CT0dkpWNucJG1rzG/XtUWCABcWDDZjw0CJ+BQ8d3bU0=;
        b=SMef3Re8kq0fOIXlATPnOLH7ICDoAvs2UXtvO4GsOxGIvZaLAFW0dkoKVxC7gZXU+/
         +FL8x53mWKF69jDk5D1gR5hNYlKqVIQ+Z71ODO7d6O4W/LdCxWDx0y6TXajay0LrFCvG
         1Zyhxoh498+6czgyMkEfz6HQ6WcYEZYQ5uuzmXzjs3spvbwnS+RBDZY7QtewHxFVOwZQ
         7z/hNip4PBLcD/NbvXNPCcBup7ZTcXDQ/LGFxkZRVAlVWX9+E09wzhEHkv8kj3V4uJvo
         SNpC9y2BHA1ADQBTXsRdTMKvWDQZ6Icd5fpGAy0OHVeyF5XpbEk/dst/FKDx3dWAt2IA
         n3VA==
X-Gm-Message-State: AC+VfDz+6vegYUVBMcFbSvamrWdUdjWXpFB6H+wHmB77cSyA4W6NKTWy
	3RTUMIuKA3WNr9UgozmEgi2omP1ZrAGwAJ3kMF4=
X-Google-Smtp-Source: 
 ACHHUZ6L8vZh1k8TbK2c5tolLfK1WG509SZk/pwBRl0fC5i8GZq+LAzvNLWKBoLpf4afP2dPuxnTrw==
X-Received: by 2002:a05:6a00:1a0e:b0:642:fbed:2819 with SMTP id
 g14-20020a056a001a0e00b00642fbed2819mr19396398pfv.22.1683671574471;
        Tue, 09 May 2023 15:32:54 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:54 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 04/15] linux-yocto: Exclude 121 CVEs already
 fixed upstream
Date: Tue,  9 May 2023 12:32:30 -1000
Message-Id: 
 <5703fcbbede8ec438e36505d406e1f873b13a476.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181089

From: Yoann Congal <yoann.congal@smile.fr>

Exclude CVEs that are fixed in both current linux-yocto version
v5.10.175 and v5.15.108.

To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].

[1]: https://salsa.debian.org/kernel-team/kernel-sec/-/commit/86d5040aee9275f9555458fcaf9cb43710dff398

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/cve-exclusion.inc | 875 ++++++++++++++++++++
 meta/recipes-kernel/linux/linux-yocto.inc   |   3 +
 2 files changed, 878 insertions(+)
 create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc

diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc
new file mode 100644
index 0000000000..7fd362881a
--- /dev/null
+++ b/meta/recipes-kernel/linux/cve-exclusion.inc
@@ -0,0 +1,875 @@
+# Kernel CVE exclusion file
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
+# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
+# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
+# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
+CVE_CHECK_IGNORE += "CVE-2021-3759"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4135
+# Patched in kernel since v5.16 481221775d53d6215a6e5e9ce1cce6d2b4ab9a46
+# Backported in version v5.4.168 699e794c12a3cd79045ff135bc87a53b97024e43
+# Backported in version v5.10.88 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8
+# Backported in version v5.15.11 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0
+CVE_CHECK_IGNORE += "CVE-2021-4135"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2021-4155
+# Patched in kernel since v5.16 983d8e60f50806f90534cc5373d0ce867e5aaf79
+# Backported in version v5.4.171 102af6edfd3a372db6e229177762a91f552e5f5e
+# Backported in version v5.10.91 16d8568378f9ee2d1e69216d39961aa72710209f
+# Backported in version v5.15.14 b0e72ba9e520b95346e68800afff0db65e766ca8
+CVE_CHECK_IGNORE += "CVE-2021-4155"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0168
+# Patched in kernel since v5.18 b92e358757b91c2827af112cae9af513f26a3f34
+# Backported in version v5.10.110 9963ccea6087268e1275b992dca5d0dd4b938765
+# Backported in version v5.15.33 f143f8334fb9eb2f6c7c15b9da1472d9c965fd84
+CVE_CHECK_IGNORE += "CVE-2022-0168"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-0171
+# Patched in kernel since v5.18 683412ccf61294d727ead4a73d97397396e69a6b
+# Backported in version v5.10.146 a60babeb60ff276963d4756c7fd2e7bf242bb777
+# Backported in version v5.15.70 39b0235284c7aa33a64e07b825add7a2c108094a
+CVE_CHECK_IGNORE += "CVE-2022-0171"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1016
+# Patched in kernel since v5.18 4c905f6740a365464e91467aa50916555b28213d
+# Backported in version v5.4.188 06f0ff82c70241a766a811ae1acf07d6e2734dcb
+# Backported in version v5.10.109 2c74374c2e88c7b7992bf808d9f9391f7452f9d9
+# Backported in version v5.15.32 fafb904156fbb8f1dd34970cd5223e00b47c33be
+CVE_CHECK_IGNORE += "CVE-2022-1016"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
+# Patched in kernel since v6.1 61a1d87a324ad5e3ed27c6699dfc93218fcf3201
+# Backported in version v5.10.150 483831ad0440f62c10d1707c97ce824bd82d98ae
+# Backported in version v5.15.75 dd366295d1eca557e7a9000407ec3952f691d27b
+# Backported in version v5.19.17 edb71f055684f9023fd97e2f85c6f31380d163c1
+CVE_CHECK_IGNORE += "CVE-2022-1184"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1198
+# Patched in kernel since v5.17 efe4186e6a1b54bf38b9e05450d43b0da1fd7739
+# Backported in version v5.4.189 28c8fd84bea13cbf238d7b19d392de2fcc31331c
+# Backported in version v5.10.110 f67a1400788f550d201c71aeaf56706afe57f0da
+# Backported in version v5.15.33 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1
+CVE_CHECK_IGNORE += "CVE-2022-1198"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1199
+# Patched in kernel since v5.17 71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac
+# Backported in version v5.4.185 0a64aea5fe023cf1e4973676b11f49038b1f045b
+# Backported in version v5.10.106 e2201ef32f933944ee02e59205adb566bafcdf91
+# Backported in version v5.15.29 46ad629e58ce3a88c924ff3c5a7e9129b0df5659
+CVE_CHECK_IGNORE += "CVE-2022-1199"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
+# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23
+# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
+# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
+# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
+CVE_CHECK_IGNORE += "CVE-2022-1462"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1734
+# Patched in kernel since v5.18 d270453a0d9ec10bb8a802a142fb1b3601a83098
+# Backported in version v5.4.193 33d3e76fc7a7037f402246c824d750542e2eb37f
+# Backported in version v5.10.115 1961c5a688edb53fe3bc25cbda57f47adf12563c
+# Backported in version v5.15.39 b8f2b836e7d0a553b886654e8b3925a85862d2eb
+CVE_CHECK_IGNORE += "CVE-2022-1734"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1852
+# Patched in kernel since v5.19 fee060cd52d69c114b62d1a2948ea9648b5131f9
+# Backported in version v5.10.120 3d8fc6e28f321d753ab727e3c3e740daf36a8fa3
+# Backported in version v5.15.45 531d1070d864c78283b7597449e60ddc53319d88
+CVE_CHECK_IGNORE += "CVE-2022-1852"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1882
+# Patched in kernel since v5.19 353f7988dd8413c47718f7ca79c030b6fb62cfe5
+# Backported in version v5.10.134 0adf21eec59040b31af113e626efd85eb153c728
+# Backported in version v5.15.58 ba3a8af8a21a81cfd0c8c689a81261caba934f97
+CVE_CHECK_IGNORE += "CVE-2022-1882"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-1998
+# Patched in kernel since v5.17 ee12595147ac1fbfb5bcb23837e26dd58d94b15d
+# Backported in version v5.10.97 7b4741644cf718c422187e74fb07661ef1d68e85
+# Backported in version v5.15.20 60765e43e40fbf7a1df828116172440510fcc3e4
+CVE_CHECK_IGNORE += "CVE-2022-1998"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2078
+# Patched in kernel since v5.19 fecf31ee395b0295f2d7260aa29946b7605f7c85
+# Backported in version v5.10.120 c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048
+# Backported in version v5.15.45 89ef50fe03a55feccf5681c237673a2f98161161
+CVE_CHECK_IGNORE += "CVE-2022-2078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
+# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
+# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b
+# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
+# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
+# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
+CVE_CHECK_IGNORE += "CVE-2022-2196"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2318
+# Patched in kernel since v5.19 9cc02ede696272c5271a401e4f27c262359bc2f6
+# Backported in version v5.4.204 bb91556d2af066f8ca2e7fd8e334d652e731ee29
+# Backported in version v5.10.129 8f74cb27c2b4872fd14bf046201fa7b36a46885e
+# Backported in version v5.15.53 659d39545260100628d8a30020d09fb6bf63b915
+CVE_CHECK_IGNORE += "CVE-2022-2318"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2380
+# Patched in kernel since v5.18 bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8
+# Backported in version v5.4.189 478154be3a8c21ff106310bb1037b1fc9d81dc62
+# Backported in version v5.10.110 72af8810922eb143ed4f116db246789ead2d8543
+# Backported in version v5.15.33 46cdbff26c88fd75dccbf28df1d07cbe18007eac
+CVE_CHECK_IGNORE += "CVE-2022-2380"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2503
+# Patched in kernel since v5.19 4caae58406f8ceb741603eee460d79bacca9b1b5
+# Backported in version v5.4.197 fd2f7e9984850a0162bfb6948b98ffac9fb5fa58
+# Backported in version v5.10.120 8df42bcd364cc3b41105215d841792aea787b133
+# Backported in version v5.15.45 69712b170237ec5979f168149cd31e851a465853
+CVE_CHECK_IGNORE += "CVE-2022-2503"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
+# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
+# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
+# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
+# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
+CVE_CHECK_IGNORE += "CVE-2022-26365"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
+# Patched in kernel since v6.0 e8d5dfd1d8747b56077d02664a8838c71ced948e
+# Backported in version v5.4.215 d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2
+# Backported in version v5.10.146 9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d
+# Backported in version v5.15.71 dc33ffbc361e2579a8f31b8724ef85d4117440e4
+# Backported in version v5.19.12 510ea9eae5ee45f4e443023556532bda99387351
+CVE_CHECK_IGNORE += "CVE-2022-2663"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2873
+# Patched in kernel since v6.2 39244cc754829bf707dccd12e2ce37510f5b1f8d
+# Backported in version v5.4.229 cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
+# Backported in version v5.10.163 9ac541a0898e8ec187a3fa7024b9701cffae6bf2
+# Backported in version v5.15.86 96c12fd0ec74641295e1c3c34dea3dce1b6c3422
+# Backported in version v6.1.2 233348a04becf133283f0076e20b317302de21d9
+CVE_CHECK_IGNORE += "CVE-2022-2873"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2905
+# Patched in kernel since v6.0 a657182a5c5150cdfacb6640aad1d2712571a409
+# Backported in version v5.10.140 e8979807178434db8ceaa84dfcd44363e71e50bb
+# Backported in version v5.15.64 4f672112f8665102a5842c170be1713f8ff95919
+# Backported in version v5.19.6 a36df92c7ff7ecde2fb362241d0ab024dddd0597
+CVE_CHECK_IGNORE += "CVE-2022-2905"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-2959
+# Patched in kernel since v5.19 189b0ddc245139af81198d1a3637cac74f96e13a
+# Backported in version v5.10.120 8fbd54ab06c955d247c1a91d5d980cddc868f1e7
+# Backported in version v5.15.45 cf2fbc56c478a34a68ff1fa6ad08460054dfd499
+CVE_CHECK_IGNORE += "CVE-2022-2959"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3028
+# Patched in kernel since v6.0 ba953a9d89a00c078b85f4b190bc1dde66fe16b5
+# Backported in version v5.4.212 8ee27a4f0f1ad36d430221842767880df6494147
+# Backported in version v5.10.140 c5c4d4c9806dadac7bc82f9c29ef4e1b78894775
+# Backported in version v5.15.64 103bd319c0fc90f1cb013c3a508615e6df8af823
+# Backported in version v5.19.6 6901885656c029c976498290b52f67f2c251e6a0
+CVE_CHECK_IGNORE += "CVE-2022-3028"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3078
+# Patched in kernel since v5.18 e6a21a14106d9718aa4f8e115b1e474888eeba44
+# Backported in version v5.10.110 663e7a72871f89f7a10cc8d7b2f17f27c64e071d
+# Backported in version v5.15.33 9dd2fd7a1f84c947561af29424c5ddcecfcf2cbe
+CVE_CHECK_IGNORE += "CVE-2022-3078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3104
+# Patched in kernel since v5.19 4a9800c81d2f34afb66b4b42e0330ae8298019a2
+# Backported in version v5.10.122 56ac04f35fc5dc8b5b67a1fa2f7204282aa887d5
+# Backported in version v5.15.47 1aeeca2b8397e3805c16a4ff26bf3cc8485f9853
+CVE_CHECK_IGNORE += "CVE-2022-3104"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3105
+# Patched in kernel since v5.16 7694a7de22c53a312ea98960fcafc6ec62046531
+# Backported in version v5.4.171 7646a340b25bb68cfb6d2e087a608802346d0f7b
+# Backported in version v5.10.91 16e5cad6eca1e506c38c39dc256298643fa1852a
+# Backported in version v5.15.14 0ea8bb0811ba0ec22903cbb48ff2cd872382e8d4
+CVE_CHECK_IGNORE += "CVE-2022-3105"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3106
+# Patched in kernel since v5.16 407ecd1bd726f240123f704620d46e285ff30dd9
+# Backported in version v5.10.88 734a3f3106053ee41cecae2a995b3d4d0c246764
+# Backported in version v5.15.11 9a77c02d1d2147a76bd187af1bf5a34242662d12
+CVE_CHECK_IGNORE += "CVE-2022-3106"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3107
+# Patched in kernel since v5.17 886e44c9298a6b428ae046e2fa092ca52e822e6a
+# Backported in version v5.4.187 b01e2df5fbf68719dfb8e766c1ca6089234144c2
+# Backported in version v5.10.108 9b763ceda6f8963cc99df5772540c54ba46ba37c
+# Backported in version v5.15.31 ab0ab176183191cffc69fe9dd8ac6c8db23f60d3
+CVE_CHECK_IGNORE += "CVE-2022-3107"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3111
+# Patched in kernel since v5.18 6dee930f6f6776d1e5a7edf542c6863b47d9f078
+# Backported in version v5.4.189 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa
+# Backported in version v5.10.110 48d23ef90116c8c702bfa4cad93744e4e5588d7d
+# Backported in version v5.15.33 4124966fbd95eeecca26d52433f393e2b9649a33
+CVE_CHECK_IGNORE += "CVE-2022-3111"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3112
+# Patched in kernel since v5.18 c8c80c996182239ff9b05eda4db50184cf3b2e99
+# Backported in version v5.10.110 032b141a91a82a5f0107ce664a35b201e60c5ce1
+# Backported in version v5.15.33 b0b890dd8df3b9a2fe726826980b1cffe17b9679
+CVE_CHECK_IGNORE += "CVE-2022-3112"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3113
+# Patched in kernel since v5.18 e25a89f743b18c029bfbe5e1663ae0c7190912b0
+# Backported in version v5.10.110 bc2573abc691a269b54a6c14a2660f26d88876a5
+# Backported in version v5.15.33 0022dc8cafa5fcd156da8ae7bfc9ca99497bdffc
+CVE_CHECK_IGNORE += "CVE-2022-3113"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3115
+# Patched in kernel since v5.19 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33
+# Backported in version v5.4.198 fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f
+# Backported in version v5.10.121 b4c7dd0037e6aeecad9b947b30f0d9eaeda11762
+# Backported in version v5.15.46 4cb37f715f601cee5b026c6f9091a466266b5ba5
+CVE_CHECK_IGNORE += "CVE-2022-3115"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3202
+# Patched in kernel since v5.18 a53046291020ec41e09181396c1e829287b48d47
+# Backported in version v5.4.189 e19c3149a80e4fc8df298d6546640e01601f3758
+# Backported in version v5.10.111 b9c5ac0a15f24d63b20f899072fa6dd8c93af136
+# Backported in version v5.15.34 d925b7e78b62805fcc5440d1521181c82b6f03cb
+CVE_CHECK_IGNORE += "CVE-2022-3202"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32250
+# Patched in kernel since v5.19 520778042ccca019f3ffa136dd0ca565c486cedd
+# Backported in version v5.4.198 f36736fbd48491a8d85cd22f4740d542c5a1546e
+# Backported in version v5.10.120 ea62d169b6e731e0b54abda1d692406f6bc6a696
+# Backported in version v5.15.45 f692bcffd1f2ce5488d24fbcb8eab5f351abf79d
+CVE_CHECK_IGNORE += "CVE-2022-32250"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32296
+# Patched in kernel since v5.18 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
+# Backported in version v5.4.201 c26e1addf15763ae404f4bbf131719a724e768ab
+# Backported in version v5.10.125 9429b75bc271b6f29e50dbb0ee0751800ff87dd9
+# Backported in version v5.15.41 952a238d779eea4ecb2f8deb5004c8f56be79bc9
+CVE_CHECK_IGNORE += "CVE-2022-32296"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-32981
+# Patched in kernel since v5.19 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9
+# Backported in version v5.4.198 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b
+# Backported in version v5.10.122 3be74fc0afbeadc2aff8dc69f3bf9716fbe66486
+# Backported in version v5.15.47 2a0165d278973e30f2282c15c52d91788749d2d4
+CVE_CHECK_IGNORE += "CVE-2022-32981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3303
+# Patched in kernel since v6.0 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d
+# Backported in version v5.4.215 4051324a6dafd7053c74c475e80b3ba10ae672b0
+# Backported in version v5.10.148 fce793a056c604b41a298317cf704dae255f1b36
+# Backported in version v5.15.68 8015ef9e8a0ee5cecfd0cb6805834d007ab26f86
+# Backported in version v5.19.9 723ac5ab2891b6c10dd6cc78ef5456af593490eb
+CVE_CHECK_IGNORE += "CVE-2022-3303"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
+# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010
+# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
+# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
+# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
+CVE_CHECK_IGNORE += "CVE-2022-33740"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
+# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e
+# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
+# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
+# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
+CVE_CHECK_IGNORE += "CVE-2022-33741"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
+# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9
+# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
+# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
+# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
+CVE_CHECK_IGNORE += "CVE-2022-33742"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33743
+# Patched in kernel since v5.19 f63c2c2032c2e3caad9add3b82cc6e91c376fd26
+# Backported in version v5.10.129 547b7c640df545a344358ede93e491a89194cdfa
+# Backported in version v5.15.53 1052fc2b7391a43b25168ae69ad658fff5170f04
+CVE_CHECK_IGNORE += "CVE-2022-33743"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33744
+# Patched in kernel since v5.19 b75cd218274e01d026dc5240e86fdeb44bbed0c8
+# Backported in version v5.4.204 5c03cad51b84fb26ccea7fd99130d8ec47949cfc
+# Backported in version v5.10.129 43c8d33ce353091f15312cb6de3531517d7bba90
+# Backported in version v5.15.53 9f83c8f6ab14bbf4311b70bf1b7290d131059101
+CVE_CHECK_IGNORE += "CVE-2022-33744"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-33981
+# Patched in kernel since v5.18 233087ca063686964a53c829d547c7571e3f67bf
+# Backported in version v5.4.192 7dea5913000c6a2974a00d9af8e7ffb54e47eac1
+# Backported in version v5.10.114 54c028cfc49624bfc27a571b94edecc79bbaaab4
+# Backported in version v5.15.37 e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3
+CVE_CHECK_IGNORE += "CVE-2022-33981"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
+# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
+# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977
+# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
+# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
+# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
+CVE_CHECK_IGNORE += "CVE-2022-3424"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
+# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883
+# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
+# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
+# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
+CVE_CHECK_IGNORE += "CVE-2022-3435"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-34918
+# Patched in kernel since v5.19 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
+# Backported in version v5.10.130 0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf
+# Backported in version v5.15.54 c1784d2075138992b00c17ab4ffc6d855171fe6d
+CVE_CHECK_IGNORE += "CVE-2022-34918"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3521
+# Patched in kernel since v6.1 ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
+# Backported in version v5.4.225 ad39d09190a545d0f05ae0a82900eee96c5facea
+# Backported in version v5.10.156 7deb7a9d33e4941c5ff190108146d3a56bf69e9d
+# Backported in version v5.15.80 27d706b0d394a907ff8c4f83ffef9d3e5817fa84
+CVE_CHECK_IGNORE += "CVE-2022-3521"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3545
+# Patched in kernel since v6.0 02e1a114fdb71e59ee6770294166c30d437bf86a
+# Backported in version v5.4.228 3c837460f920a63165961d2b88b425703f59affb
+# Backported in version v5.10.160 eb6313c12955c58c3d3d40f086c22e44ca1c9a1b
+# Backported in version v5.15.84 9d933af8fef33c32799b9f2d3ff6bf58a63d7f24
+CVE_CHECK_IGNORE += "CVE-2022-3545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
+# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
+# Backported in version v5.4.224 4cd094fd5d872862ca278e15b9b51b07e915ef3f
+# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
+# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
+CVE_CHECK_IGNORE += "CVE-2022-3564"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3586
+# Patched in kernel since v6.0 9efd23297cca530bb35e1848665805d3fcdd7889
+# Backported in version v5.4.213 279c7668e354fa151d5fd2e8c42b5153a1de3135
+# Backported in version v5.10.143 2ee85ac1b29dbd2ebd2d8e5ac1dd5793235d516b
+# Backported in version v5.15.68 1a889da60afc017050e1f517b3b976b462846668
+# Backported in version v5.19.9 8f796f36f5ba839c11eb4685150ebeed496c546f
+CVE_CHECK_IGNORE += "CVE-2022-3586"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3594
+# Patched in kernel since v6.1 93e2be344a7db169b7119de21ac1bf253b8c6907
+# Backported in version v5.4.220 61fd56b0a1a3e923aced4455071177778dd59e88
+# Backported in version v5.10.150 484400d433ca1903a87268c55f019e932297538a
+# Backported in version v5.15.75 b3179865cf7e892b26eedab3d6c54b4747c774a2
+# Backported in version v5.19.17 2e896abccf99fef76691d8e1019bd44105a12e1f
+CVE_CHECK_IGNORE += "CVE-2022-3594"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36123
+# Patched in kernel since v5.19 38fa5479b41376dc9d7f57e71c83514285a25ca0
+# Backported in version v5.4.207 a3c7c1a726a4c6b63b85e8c183f207543fd75e1b
+# Backported in version v5.10.132 136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87
+# Backported in version v5.15.56 26bb7afc027ce6ac8ab6747babec674d55689ff0
+CVE_CHECK_IGNORE += "CVE-2022-36123"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
+# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856
+# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c
+# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
+# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
+# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
+CVE_CHECK_IGNORE += "CVE-2022-3621"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
+# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f
+# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c
+# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
+# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
+# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
+CVE_CHECK_IGNORE += "CVE-2022-3623"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
+# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d
+# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d
+# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
+# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
+# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
+CVE_CHECK_IGNORE += "CVE-2022-3629"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
+# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6
+# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93
+# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
+# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
+# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
+CVE_CHECK_IGNORE += "CVE-2022-3633"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
+# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b
+# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253
+# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
+# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
+# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
+CVE_CHECK_IGNORE += "CVE-2022-3635"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
+# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306
+# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393
+# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
+# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
+# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
+CVE_CHECK_IGNORE += "CVE-2022-3646"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
+# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09
+# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926
+# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
+# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
+# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
+CVE_CHECK_IGNORE += "CVE-2022-3649"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36879
+# Patched in kernel since v5.19 f85daf0e725358be78dfd208dea5fd665d8cb901
+# Backported in version v5.4.208 f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20
+# Backported in version v5.10.134 47b696dd654450cdec3103a833e5bf29c4b83bfa
+# Backported in version v5.15.58 c8e32bca0676ac663266a3b16562cb017300adcd
+CVE_CHECK_IGNORE += "CVE-2022-36879"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-36946
+# Patched in kernel since v5.19 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
+# Backported in version v5.4.209 52be29e8b6455788a4d0f501bd87aa679ca3ba3c
+# Backported in version v5.10.135 440dccd80f627e0e11ceb0429e4cdab61857d17e
+# Backported in version v5.15.59 91c11008aab0282957b8b8ccb0707d90e74cc3b9
+CVE_CHECK_IGNORE += "CVE-2022-36946"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-3707
+# Patched in kernel since v6.2 4a61648af68f5ba4884f0e3b494ee1cabc4b6620
+# Backported in version v5.4.233 787ef0db014085df8691e5aeb58ab0bb081e5ff0
+# Backported in version v5.10.170 3d743415c6fb092167df6c23e9c7e9f6df7db625
+# Backported in version v5.15.96 0d3d5099a50badadad6837edda00e42149b2f657
+# Backported in version v6.1.5 1022519da69d99d455c58ca181a6c499c562c70e
+CVE_CHECK_IGNORE += "CVE-2022-3707"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39188
+# Patched in kernel since v5.19 b67fbebd4cf980aecbcc750e1462128bffe8ae15
+# Backported in version v5.4.212 c9c5501e815132530d741ec9fdd22657f91656bc
+# Backported in version v5.10.141 895428ee124ad70b9763259308354877b725c31d
+# Backported in version v5.15.65 3ffb97fce282df03723995f5eed6a559d008078e
+CVE_CHECK_IGNORE += "CVE-2022-39188"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39190
+# Patched in kernel since v6.0 e02f0d3970404bfea385b6edb86f2d936db0ea2b
+# Backported in version v5.10.140 c08a104a8bce832f6e7a4e8d9ac091777b9982ea
+# Backported in version v5.15.64 51f192ae71c3431aa69a988449ee2fd288e57648
+# Backported in version v5.19.6 fdca693fcf26c11596e7aa1e540af2b4a5288c76
+CVE_CHECK_IGNORE += "CVE-2022-39190"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-39842
+# Patched in kernel since v5.19 a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
+# Backported in version v5.4.215 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9
+# Backported in version v5.10.145 06e194e1130c98f82d46beb40cdbc88a0d4fd6de
+# Backported in version v5.15.70 ab5140c6ddd7473509e12f468948de91138b124e
+CVE_CHECK_IGNORE += "CVE-2022-39842"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40307
+# Patched in kernel since v6.0 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95
+# Backported in version v5.4.213 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997
+# Backported in version v5.10.143 918d9c4a4bdf5205f2fb3f64dddfb56c9a1d01d6
+# Backported in version v5.15.68 dd291e070be0eca8807476b022bda00c891d9066
+# Backported in version v5.19.9 d46815a8f26ca6db2336106a148265239f73b0af
+CVE_CHECK_IGNORE += "CVE-2022-40307"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40768
+# Patched in kernel since v6.1 6022f210461fef67e6e676fd8544ca02d1bcfa7a
+# Backported in version v5.4.218 20a5bde605979af270f94b9151f753ec2caf8b05
+# Backported in version v5.10.148 36b33c63515a93246487691046d18dd37a9f589b
+# Backported in version v5.15.74 76efb4897bc38b2f16176bae27ae801037ebf49a
+# Backported in version v5.19.16 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86
+CVE_CHECK_IGNORE += "CVE-2022-40768"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4095
+# Patched in kernel since v6.0 e230a4455ac3e9b112f0367d1b8e255e141afae0
+# Backported in version v5.4.213 d0aac7146e96bf39e79c65087d21dfa02ef8db38
+# Backported in version v5.10.142 19e3f69d19801940abc2ac37c169882769ed9770
+# Backported in version v5.15.66 dc02aaf950015850e7589696521c7fca767cea77
+# Backported in version v5.19.8 b1727def850904e4b8ba384043775672841663a1
+CVE_CHECK_IGNORE += "CVE-2022-4095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41218
+# Patched in kernel since v6.2 fd3d91ab1c6ab0628fe642dd570b56302c30a792
+# Backported in version v5.4.229 a29d6213098816ed4574824b6adae94fb1c0457d
+# Backported in version v5.10.163 3df07728abde249e2d3f47cf22f134cb4d4f5fb1
+# Backported in version v5.15.87 8b45a3b19a2e909e830d09a90a7e1ec8601927d9
+# Backported in version v6.1.4 530ca64b44625f7d39eb1d5efb6f9ff21da991e2
+CVE_CHECK_IGNORE += "CVE-2022-41218"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4139
+# Patched in kernel since v6.1 04aa64375f48a5d430b5550d9271f8428883e550
+# Backported in version v5.4.226 3659e33c1e4f8cfc62c6c15aca5d797010c277a4
+# Backported in version v5.10.157 86f0082fb9470904b15546726417f28077088fee
+# Backported in version v5.15.81 ee2d04f23bbb16208045c3de545c6127aaa1ed0e
+CVE_CHECK_IGNORE += "CVE-2022-4139"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41849
+# Patched in kernel since v6.1 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c
+# Backported in version v5.4.220 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c
+# Backported in version v5.10.150 e50472949604f385e09ce3fa4e74dce9f44fb19b
+# Backported in version v5.15.75 2b0897e33682a332167b7d355eec28693b62119e
+# Backported in version v5.19.17 02c871d44090c851b07770176f88c6f5564808a1
+CVE_CHECK_IGNORE += "CVE-2022-41849"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41850
+# Patched in kernel since v6.1 cacdb14b1c8d3804a3a7d31773bc7569837b71a4
+# Backported in version v5.4.220 e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd
+# Backported in version v5.10.150 dbcca76435a606a352c794956e6df62eedd3a353
+# Backported in version v5.15.75 c61786dc727d1850336d12c85a032c9a36ae396d
+# Backported in version v5.19.17 2d38886ae0365463cdba3db669170eef1e3d55c0
+CVE_CHECK_IGNORE += "CVE-2022-41850"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-41858
+# Patched in kernel since v5.18 ec4eb8a86ade4d22633e1da2a7d85a846b7d1798
+# Backported in version v5.4.190 d05cd68ed8460cb158cc62c41ffe39fe0ca16169
+# Backported in version v5.10.112 ca24c5e8f0ac3d43ec0cff29e1c861be73aff165
+# Backported in version v5.15.35 efb020924a71391fc12e6f204eaf25694cc116a1
+CVE_CHECK_IGNORE += "CVE-2022-41858"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42328
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_IGNORE += "CVE-2022-42328"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42329
+# Patched in kernel since v6.1 74e7e1efdad45580cc3839f2a155174cf158f9b5
+# Backported in version v5.4.227 50e1ab7e638f1009d953658af8f6b2d7813a7883
+# Backported in version v5.10.159 83632fc41449c480f2d0193683ec202caaa186c9
+# Backported in version v5.15.83 5d0fa6fc8899fe842329c0109f8ddd01144b1ed8
+CVE_CHECK_IGNORE += "CVE-2022-42329"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42703
+# Patched in kernel since v6.0 2555283eb40df89945557273121e9393ef9b542b
+# Backported in version v5.4.212 2fe3eee48899a890310177d54537d5b8e255eb31
+# Backported in version v5.10.141 98f401d36396134c0c86e9e3bd00b6b6b028b521
+# Backported in version v5.15.65 c18a209b56e37b2a60414f714bd70b084ef25835
+# Backported in version v5.19.7 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c
+CVE_CHECK_IGNORE += "CVE-2022-42703"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42721
+# Patched in kernel since v6.1 bcca852027e5878aec911a347407ecc88d6fff7f
+# Backported in version v5.4.218 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc
+# Backported in version v5.10.148 b0e5c5deb7880be5b8a459d584e13e1f9879d307
+# Backported in version v5.15.74 0a8ee682e4f992eccce226b012bba600bb2251e2
+# Backported in version v5.19.16 1d73c990e9bafc2754b1ced71345f73f5beb1781
+CVE_CHECK_IGNORE += "CVE-2022-42721"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42722
+# Patched in kernel since v6.1 b2d03cabe2b2e150ff5a381731ea0355459be09f
+# Backported in version v5.10.148 58c0306d0bcd5f541714bea8765d23111c9af68a
+# Backported in version v5.15.74 93a3a32554079432b49cf87f326607b2a2fab4f2
+# Backported in version v5.19.16 fa63b5f6f8853ace755d9a23fb75817d5ba20df5
+CVE_CHECK_IGNORE += "CVE-2022-42722"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
+# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
+# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
+# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
+CVE_CHECK_IGNORE += "CVE-2022-42895"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
+# Patched in kernel since v6.2 d18dcfe9860e842f394e37ba01ca9440ab2178f4
+# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae
+# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
+# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
+# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
+CVE_CHECK_IGNORE += "CVE-2022-4382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-4662
+# Patched in kernel since v6.0 9c6d778800b921bde3bff3cff5003d1650f942d1
+# Backported in version v5.4.213 df1875084898b15cbc42f712e93d7f113ae6271b
+# Backported in version v5.10.142 abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8
+# Backported in version v5.15.66 c548b99e1c37db6f7df86ecfe9a1f895d6c5966e
+# Backported in version v5.19.8 d5eb850b3e8836197a38475840725260b9783e94
+CVE_CHECK_IGNORE += "CVE-2022-4662"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47518
+# Patched in kernel since v6.1 0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0
+# Backported in version v5.10.157 3eb6b89a4e9f9e44c3170d70d8d16c3c8dc8c800
+# Backported in version v5.15.81 7aed1dd5d221dabe3fe258f13ecf5fc7df393cbb
+CVE_CHECK_IGNORE += "CVE-2022-47518"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47519
+# Patched in kernel since v6.1 051ae669e4505abbe05165bebf6be7922de11f41
+# Backported in version v5.10.157 905f886eae4b065656a575e8a02544045cbaadcf
+# Backported in version v5.15.81 143232cb5a4c96d69a7d90b643568665463c6191
+CVE_CHECK_IGNORE += "CVE-2022-47519"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47520
+# Patched in kernel since v6.1 cd21d99e595ec1d8721e1058dcdd4f1f7de1d793
+# Backported in version v5.10.157 7c6535fb4d67ea37c98a1d1d24ca33dd5ec42693
+# Backported in version v5.15.81 cd9c4869710bb6e38cfae4478c23e64e91438442
+CVE_CHECK_IGNORE += "CVE-2022-47520"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2022-47929
+# Patched in kernel since v6.2 96398560f26aa07e8f2969d73c8197e6a6d10407
+# Backported in version v5.4.229 9b83ec63d0de7b1f379daa1571e128bc7b9570f8
+# Backported in version v5.10.163 9f7bc28a6b8afc2274e25650511555e93f45470f
+# Backported in version v5.15.88 04941c1d5bb59d64165e09813de2947bdf6f4f28
+# Backported in version v6.1.6 e8988e878af693ac13b0fa80ba2e72d22d68f2dd
+CVE_CHECK_IGNORE += "CVE-2022-47929"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
+# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
+# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
+# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
+# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
+CVE_CHECK_IGNORE += "CVE-2023-0179"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
+# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17
+# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d
+# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
+# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
+# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
+CVE_CHECK_IGNORE += "CVE-2023-0394"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d
+# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+CVE_CHECK_IGNORE += "CVE-2023-0461"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0590
+# Patched in kernel since v6.1 ebda44da44f6f309d302522b049f43d6f829f7aa
+# Backported in version v5.10.152 7aa3d623c11b9ab60f86b7833666e5d55bac4be9
+# Backported in version v5.15.76 ce1234573d183db1ebcab524668ca2d85543bf80
+CVE_CHECK_IGNORE += "CVE-2023-0590"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Patched in kernel since v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version v5.4.231 89e7fe3999e057c91f157b6ba663264f4cdfcb55
+# Backported in version v5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version v5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version v6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_CHECK_IGNORE += "CVE-2023-1073"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel since v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version v5.4.231 a7585028ac0a5836f39139c11594d79ede97d975
+# Backported in version v5.10.166 6ef652f35dcfaa1ab2b2cf6c1694718595148eee
+# Backported in version v5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version v6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_CHECK_IGNORE += "CVE-2023-1074"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel since v6.3 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version v5.4.235 084cd75643b61fb924f70cba98a71dea14942938
+# Backported in version v5.10.173 80a1751730b302d8ab63a084b2fa52c820ad0273
+# Backported in version v5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version v6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+# Backported in version v6.2.3 1099004ae1664703ec573fc4c61ffb24144bcb63
+CVE_CHECK_IGNORE += "CVE-2023-1077"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel since v6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version v5.4.232 ba38eacade35dd2316d77b37494e6e0c01bab595
+# Backported in version v5.10.168 c53f34ec3fbf3e9f67574118a6bb35ae1146f7ca
+# Backported in version v5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version v6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_CHECK_IGNORE += "CVE-2023-1078"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_CHECK_IGNORE += "CVE-2023-1079"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1095
+# Patched in kernel since v6.0 580077855a40741cf511766129702d97ff02f4d9
+# Backported in version v5.4.211 a452bc3deb23bf93f8a13d3e24611b7ef39645dc
+# Backported in version v5.10.137 80977126bc20309f7f7bae6d8621356b393e8b41
+# Backported in version v5.15.61 8a2df34b5bf652566f2889d9fa321f3b398547ef
+# Backported in version v5.19.2 109539c9ba8497aad2948af4f09077f6a65059fe
+CVE_CHECK_IGNORE += "CVE-2023-1095"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
+# Patched in kernel since v6.3 29b0589a865b6f66d141d79b2dd1373e4e50fe17
+# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c
+# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c
+# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
+# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
+# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
+CVE_CHECK_IGNORE += "CVE-2023-1118"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1249
+# Patched in kernel since v5.18 390031c942116d4733310f0684beb8db19885fe6
+# Backported in version v5.10.110 558564db44755dfb3e48b0d64de327d20981e950
+# Backported in version v5.15.33 39fd0cc079c98dafcf355997ada7b5e67f0bb10a
+CVE_CHECK_IGNORE += "CVE-2023-1249"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1252
+# Patched in kernel since v5.16 9a254403760041528bc8f69fe2f5e1ef86950991
+# Backported in version v5.10.80 4fd9f0509a1452b45e89c668e2bab854cb05cd25
+# Backported in version v5.15.3 2f372e38f5724301056e005353c8beecc3f8d257
+CVE_CHECK_IGNORE += "CVE-2023-1252"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
+# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2
+# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
+# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
+# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
+CVE_CHECK_IGNORE += "CVE-2023-1281"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1382
+# Patched in kernel since v6.1 a7b42969d63f47320853a802efd879fbdc4e010e
+# Backported in version v5.4.226 59f9aad22fd743572bdafa37d3e1dd5dc5658e26
+# Backported in version v5.10.157 4058e3b74ab3eabe0835cee9a0c6deda79e8a295
+# Backported in version v5.15.81 33fb115a76ae6683e34f76f7e07f6f0734b2525f
+CVE_CHECK_IGNORE += "CVE-2023-1382"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_CHECK_IGNORE += "CVE-2023-1513"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+CVE_CHECK_IGNORE += "CVE-2023-1829"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1838
+# Patched in kernel since v5.18 fb4554c2232e44d595920f4d5c66cf8f7d13f9bc
+# Backported in version v5.4.196 3a12b2c413b20c17832ec51cb836a0b713b916ac
+# Backported in version v5.10.118 ec0d801d1a44d9259377142c6218885ecd685e41
+# Backported in version v5.15.42 42d8a6dc45fc6619b8def1a70b7bd0800bcc4574
+CVE_CHECK_IGNORE += "CVE-2023-1838"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1998
+# Patched in kernel since v6.3 6921ed9049bc7457f66c1596c5b78aec0dae4a9d
+# Backported in version v5.4.235 34c1b60e7a80404056c03936dd9c2438da2789d4
+# Backported in version v5.10.173 abfed855f05863d292de2d0ebab4656791bab9c8
+# Backported in version v5.15.99 e7f1ddebd9f5b12de40bc37db9243957678f1448
+# Backported in version v6.1.16 08d87c87d6461d16827c9b88d84c48c26b6c994a
+# Backported in version v6.2.3 ead3c8e54d28fa1d5454b1f8a21b96b4a969b1cb
+CVE_CHECK_IGNORE += "CVE-2023-1998"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2006
+# Patched in kernel since v6.1 3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5
+# Backported in version v5.10.157 3535c632e6d16c98f76e615da8dc0cb2750c66cc
+# Backported in version v5.15.81 38fe0988bd516f35c614ea9a5ff86c0d29f90c9a
+CVE_CHECK_IGNORE += "CVE-2023-2006"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2008
+# Patched in kernel since v5.19 05b252cccb2e5c3f56119d25de684b4f810ba40a
+# Backported in version v5.4.202 c7bdaad9cbfe17c83e4f56c7bb7a2d87d944f0fb
+# Backported in version v5.10.127 20119c1e0fff89542ff3272ace87e04cf6ee6bea
+# Backported in version v5.15.51 5b45535865d62633e3816ee30eb8d3213038dc17
+CVE_CHECK_IGNORE += "CVE-2023-2008"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2162
+# Patched in kernel since v6.2 f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3
+# Backported in version v5.4.232 d4d765f4761f9e3a2d62992f825aeee593bcb6b9
+# Backported in version v5.10.168 9758ffe1c07b86aefd7ca8e40d9a461293427ca0
+# Backported in version v5.15.93 0aaabdb900c7415caa2006ef580322f7eac5f6b6
+# Backported in version v6.1.11 61e43ebfd243bcbad11be26bd921723027b77441
+CVE_CHECK_IGNORE += "CVE-2023-2162"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2166
+# Patched in kernel since v6.1 0acc442309a0a1b01bcdaa135e56e6398a49439c
+# Backported in version v5.4.227 3982652957e8d79ac32efcb725450580650a8644
+# Backported in version v5.10.159 c42221efb1159d6a3c89e96685ee38acdce86b6f
+# Backported in version v5.15.83 c142cba37de29f740a3852f01f59876af8ae462a
+CVE_CHECK_IGNORE += "CVE-2023-2166"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-2177
+# Patched in kernel since v5.19 181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d
+# Backported in version v5.4.209 8d6dab81ee3d0309c09987ff76164a25486c43e0
+# Backported in version v5.10.135 6f3505588d66b27220f07d0cab18da380fae2e2d
+# Backported in version v5.15.59 e796e1fe20ecaf6da419ef6a5841ba181bba7a0c
+CVE_CHECK_IGNORE += "CVE-2023-2177"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-22999
+# Patched in kernel since v5.17 b52fe2dbb3e655eb1483000adfab68a219549e13
+# Backported in version v5.10.94 94177fcecc35e9e9d3aecaa5813556c6b5aed7b6
+# Backported in version v5.15.17 5157828d3975768b53a51cdf569203b953184022
+CVE_CHECK_IGNORE += "CVE-2023-22999"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23002
+# Patched in kernel since v5.17 6845667146a28c09b5dfc401c1ad112374087944
+# Backported in version v5.10.94 4579954bf4cc0bdfc4a42c88b16fe596f1e7f82d
+# Backported in version v5.15.17 9186e6ba52af11ba7b5f432aa2321f36e00ad721
+CVE_CHECK_IGNORE += "CVE-2023-23002"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23004
+# Patched in kernel since v5.19 15342f930ebebcfe36f2415049736a77d7d2e045
+# Backported in version v5.10.173 a5bbea50d622b8f49ab8ee3b0eb283107febcf1a
+# Backported in version v5.15.100 1c7988d5c79f72287177bb774cde15fde69f3c97
+CVE_CHECK_IGNORE += "CVE-2023-23004"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23454
+# Patched in kernel since v6.2 caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
+# Backported in version v5.4.229 6b17b84634f932f4787f04578f5d030874b9ff32
+# Backported in version v5.10.163 b2c917e510e5ddbc7896329c87d20036c8b82952
+# Backported in version v5.15.87 04dc4003e5df33fb38d3dd85568b763910c479d4
+# Backported in version v6.1.5 dc46e39b727fddc5aacc0272ef83ee872d51be16
+CVE_CHECK_IGNORE += "CVE-2023-23454"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23455
+# Patched in kernel since v6.2 a2965c7be0522eaa18808684b7b82b248515511b
+# Backported in version v5.4.229 63e469cb54a87df53edcfd85bb5bcdd84327ae4a
+# Backported in version v5.10.163 5f65f48516bfeebaab1ccc52c8fad698ddf21282
+# Backported in version v5.15.87 f02327a4877a06cbc8277e22d4834cb189565187
+# Backported in version v6.1.5 85655c63877aeafdc23226510ea268a9fa0af807
+CVE_CHECK_IGNORE += "CVE-2023-23455"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23559
+# Patched in kernel since v6.2 b870e73a56c4cccbec33224233eaf295839f228c
+# Backported in version v5.4.231 9042a9a3f29c942387e6d6036551d90c9ae6ce4f
+# Backported in version v5.10.166 802fd7623e9ed19ee809b503e93fccc1e3f37bd6
+# Backported in version v5.15.91 8cbf932c5c40b0c20597fa623c308d5bde0848b5
+# Backported in version v6.1.9 7794efa358bca8b8a2a80070c6e088a74945f018
+CVE_CHECK_IGNORE += "CVE-2023-23559"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-25012
+# Patched in kernel since v6.3 76ca8da989c7d97a7f76c75d475fe95a584439d7
+# Backported in version v5.4.235 25e14bf0c894f9003247e3475372f33d9be1e424
+# Backported in version v5.10.173 fddde36316da8acb45a3cca2e5fda102f5215877
+# Backported in version v5.15.99 0fd9998052926ed24cfb30ab1a294cfeda4d0a8f
+# Backported in version v6.1.16 f2bf592ebd5077661e00aa11e12e054c4c8f6dd0
+# Backported in version v6.2.3 90289e71514e9533a9c44d694e2b492be9ed2b77
+CVE_CHECK_IGNORE += "CVE-2023-25012"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-26545
+# Patched in kernel since v6.2 fda6c89fe3d9aca073495a664e1d5aea28cd4377
+# Backported in version v5.4.232 df099e65564aa47478eb1cacf81ba69024fb5c69
+# Backported in version v5.10.169 7ff0fdba82298d1f456c685e24930da89703c0fb
+# Backported in version v5.15.95 59a74da8da75bdfb464cbdb399e87ba4f7500e96
+# Backported in version v6.1.13 c376227845eef8f2e62e2c29c3cf2140d35dd8e8
+CVE_CHECK_IGNORE += "CVE-2023-26545"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28327
+# Patched in kernel since v6.1 b3abe42e94900bdd045c472f9c9be620ba5ce553
+# Backported in version v5.4.227 c66d78aee55dab72c92020ebfbebc464d4f5dd2a
+# Backported in version v5.10.159 575a6266f63dbb3b8eb1da03671451f0d81b8034
+# Backported in version v5.15.83 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91
+CVE_CHECK_IGNORE += "CVE-2023-28327"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-28328
+# Patched in kernel since v6.2 0ed554fd769a19ea8464bb83e9ac201002ef74ad
+# Backported in version v5.4.229 8b256d23361c51aa4b7fdb71176c1ca50966fb39
+# Backported in version v5.10.163 559891d430e3f3a178040c4371ed419edbfa7d65
+# Backported in version v5.15.86 210fcf64be4db82c0e190e74b5111e4eef661a7a
+# Backported in version v6.1.2 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70
+CVE_CHECK_IGNORE += "CVE-2023-28328"
diff --git a/meta/recipes-kernel/linux/linux-yocto.inc b/meta/recipes-kernel/linux/linux-yocto.inc
index 1f8289b6b6..4943d5ab57 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -69,3 +69,6 @@ do_devshell:prepend() {
     d.setVarFlag("PKG_CONFIG_SYSROOT_DIR", "unexport", "1")
     d.appendVar("OE_TERMINAL_EXPORTS", " PKG_CONFIG_DIR PKG_CONFIG_PATH PKG_CONFIG_LIBDIR PKG_CONFIG_SYSROOT_DIR")
 }
+
+# CVE exclusion
+include recipes-kernel/linux/cve-exclusion.inc

From patchwork Tue May  9 22:32:31 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23761
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 85263C7EE2D
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:05 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web11.2947.1683671577194549818
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:57 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=reGIUHi3;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-6439b410679so4106996b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671576;
 x=1686263576;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=27k/LZZYqkl8m/hRlYIg/LJxULAULUffuyxJAPQQxI4=;
        b=reGIUHi3tcttwzpx5iIshKzkkEI2V1r0yF5yNLTS0b6aLtfFxHMP7dBzVJ7C7LoOds
         rmIivKsZSCyACVhJdv7fJgj2cLHAMnn8FhQvvMmW0KUg77a6Se9XAo+1kaXyfPClZ7p8
         6YEriDthBRSFTOohkHo5kyqv+g2NqDNN2fNrqZOTFTYjppmgoxB0Bmgdhhgt8iHGOXs7
         vhLnu6mC6tf8Dl3wX7A/ngjbj0Ro0zX6GMbrNDs1oAm48lIicaG/Npvqpjhya9o3r3jZ
         Ym2+RDleXDNNZ9Ui6M97RtpFCd9xyGSjI+rDG9/jvI+c3dvzbMFlq1wVM4xpqxaWRA08
         LZCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671576; x=1686263576;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=27k/LZZYqkl8m/hRlYIg/LJxULAULUffuyxJAPQQxI4=;
        b=gHgZ09lep1jiiAL70+BjJj/O4fHljRl1St1kNZJbHXHNoge3hueaTg+gOqhvZp+tzD
         55iGMe6Lc3PSfovqXGZaEwCbFXJIXMBSuH7SS12ewZ5hysvRvrnVEthzMlohFeSE1eTf
         tZkzgEK414U9vMEUo1Y0XsGOYcJw5WsbInwkB1PvgWGyNV4kcSgcIf+SJCPcjzNcLk0L
         RgBZbbT7R4ImUm64S44nowNvWxgrreuwU49z5E8Dr7IdS+SiephIcfysmMX37lJSG0U3
         Fp8hbkRzf+FibLKDAvarC9+XSqbUb17y8EoxVhoLqFs69LVljNTkIJ6K8fSZcEnIn+7F
         zx0Q==
X-Gm-Message-State: AC+VfDzLeyS5FBLBKQtk4d9ZBMN8/UYFfqidCXdgVB/JuK8Y3Fal+BhX
	kzneVVCAkY4vVk2X7SYEPZe4XKsoEtof2vY3GoA=
X-Google-Smtp-Source: 
 ACHHUZ7Idl5q4A0LrVoIREAGI9fLXu4Z0LLCNhxK89PiiuadW+VLz1Qwllg9eJ9fKRiDcX0K0Z7E0Q==
X-Received: by 2002:a05:6a00:23d6:b0:643:53b6:d845 with SMTP id
 g22-20020a056a0023d600b0064353b6d845mr18880872pfc.13.1683671576282;
        Tue, 09 May 2023 15:32:56 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:55 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 05/15] wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
Date: Tue,  9 May 2023 12:32:31 -1000
Message-Id: 
 <f068a9448cc4fc57188d55b35abe2de056b10298.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181090

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
==========
- Reverted a change introduced in 1.14.1 which introduced crashes both
  with WebKitGTK and WPE running under Wayland in some configurations.
- Fix a crash caused by wrong assertion, which was typically triggered in
  debug builds when using the NVidia drivers.
- Fix WebKit no longer repainting after provisional navigation with
  PSON enabled.
- Fix graphics buffer leaks by always freeing them in buffer destroy
  listener callbacks.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit aa37e18a51714af3281b4127dceb40b38aa8ac3c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{wpebackend-fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-sato/webkit/{wpebackend-fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} (90%)

diff --git a/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb b/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb
similarity index 90%
rename from meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
rename to meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb
index 708201043b..b3d7b229c8 100644
--- a/meta/recipes-sato/webkit/wpebackend-fdo_1.14.0.bb
+++ b/meta/recipes-sato/webkit/wpebackend-fdo_1.14.2.bb
@@ -13,7 +13,7 @@ inherit meson features_check pkgconfig
 REQUIRED_DISTRO_FEATURES = "opengl"
 
 SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "e75b0cb2c7145448416e8696013d8883f675c66c11ed750e06865efec5809155"
+SRC_URI[sha256sum] = "93c9766ae9864eeaeaee2b0a74f22cbca08df42c1a1bdb55b086f2528e380d38"
 
 # Especially helps compiling with clang which enable this as error when
 # using c++11

From patchwork Tue May  9 22:32:32 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23760
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6B190C77B75
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:05 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web11.2950.1683671578909593471
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=sfOjn8xg;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-6439df6c268so3876228b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:32:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671578;
 x=1686263578;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/1ZSGF+TdctZbW4oWez2GpPEb+2prDmloFcE6VHk9gM=;
        b=sfOjn8xgBMYzIEgaCSEtKnCk7P7fEkhB3v13EPPdNhDjydkUsCS5NGj0SA5ukoic/O
         zDz9VbQeVggjaz3vKJCgR9YkgaNbi/irNnLZ5TbRPtTd0eeuIV35dbqDwdj2KIx8uKfx
         q0PNAdOjnJxnVCALnz6Xzt+c/H63OU8jpfBKZ7giaNr2C32XT/KEc+qzyxTrg/QvCOKU
         IVb5gpEeE6gIUZA+WULX6nqnkLEfXuTsB8ZY7h1y8QGPMdj0Vept2b+cVAlB1kxyTmE2
         PLeMBth1EiWcJdFxhh3YtP9Qi6/L8HncgnOaYOvYiR4zPoV1AIi+H+RLUjx/MHwZbkvW
         no2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671578; x=1686263578;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/1ZSGF+TdctZbW4oWez2GpPEb+2prDmloFcE6VHk9gM=;
        b=BJByCDLOFaTFw/3ySec4T8SroBHM21VSCBtLrTaDbCvQIyiISZ0WMy2pF3kC8qKofm
         uatwyYPSAnaU6l7lLPECgLMb3+ZF89G/vx0JendbvziHlfdSr/d9TBt9FZ56bP2i8rQ+
         cdS/Fwa9MUq1fGHg6jy0NNGzOoMyhJnCfpXRiZjW01FzPq6iv48wOBIH12WhzgvBtdh4
         YgR29n0dbSgv/1jhMnyCQ+vcryU0nWHqotw2uyZUf+1VDL3KBs7fwgnkkgusJywUPxJm
         ytoFCO6DcRtr1EbgXMAuuLLIE2mwU8Gq3q22T6p481hE+AJ+E8fXwKy5hKjZLqQFuAOj
         m8HQ==
X-Gm-Message-State: AC+VfDyoUt6TSRmiD0tZgrhf7N6Xo+L+alf7XyK1W9DL/P6JWdbS4LaS
	FJ6ZSPFyQ44fJMiTfxY6/SE+q9SvyvpGCFQmyDs=
X-Google-Smtp-Source: 
 ACHHUZ44L62XMs59SWViqwaSWQIFyRiZL2Bj401YgPaWxxlT+nyJSQgBewssGfSZFtU4MMlDChAYMw==
X-Received: by 2002:a05:6a00:b8a:b0:646:663a:9d60 with SMTP id
 g10-20020a056a000b8a00b00646663a9d60mr10016791pfj.10.1683671577976;
        Tue, 09 May 2023 15:32:57 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.57
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:57 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/15] Revert "xserver-xorg: backport fix for
 CVE-2023-1393"
Date: Tue,  9 May 2023 12:32:32 -1000
Message-Id: 
 <8f20a985ba622e7be16b86516910e9eef5a6ee3e.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181091

This reverts commit dc2c777cab0230fc54e078d20d872aaa9287a8b9.

Fixed in subsequent version bump

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...posite-Fix-use-after-free-of-the-COW.patch | 46 -------------------
 .../xorg-xserver/xserver-xorg_21.1.7.bb       |  3 +-
 2 files changed, 1 insertion(+), 48 deletions(-)
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
deleted file mode 100644
index fc426daba5..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001
-From: Olivier Fourdan <ofourdan@redhat.com>
-Date: Mon, 13 Mar 2023 11:08:47 +0100
-Subject: [PATCH] composite: Fix use-after-free of the COW
-
-ZDI-CAN-19866/CVE-2023-1393
-
-If a client explicitly destroys the compositor overlay window (aka COW),
-we would leave a dangling pointer to that window in the CompScreen
-structure, which will trigger a use-after-free later.
-
-Make sure to clear the CompScreen pointer to the COW when the latter gets
-destroyed explicitly by the client.
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
-Reviewed-by: Adam Jackson <ajax@redhat.com>
-
-CVE: CVE-2023-1393
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- composite/compwindow.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/composite/compwindow.c b/composite/compwindow.c
-index 4e2494b86..b30da589e 100644
---- a/composite/compwindow.c
-+++ b/composite/compwindow.c
-@@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin)
-     ret = (*pScreen->DestroyWindow) (pWin);
-     cs->DestroyWindow = pScreen->DestroyWindow;
-     pScreen->DestroyWindow = compDestroyWindow;
-+
-+    /* Did we just destroy the overlay window? */
-+    if (pWin == cs->pOverlayWin)
-+        cs->pOverlayWin = NULL;
-+
- /*    compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/
-     return ret;
- }
--- 
-2.34.1
-
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
index f0771cc86e..212c7d39c2 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
@@ -1,8 +1,7 @@
 require xserver-xorg.inc
 
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
-            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
-            file://0001-composite-Fix-use-after-free-of-the-COW.patch \
+           file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            "
 SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
 

From patchwork Tue May  9 22:32:33 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23764
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7929BC7EE2E
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:05 +0000 (UTC)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com
 [209.85.210.182])
 by mx.groups.io with SMTP id smtpd.web10.3063.1683671580387701849
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=08tPjq68;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f182.google.com with SMTP id
 d2e1a72fcca58-6436e004954so6692160b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671579;
 x=1686263579;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=e6oBSvu7Y6dr8ZZiAmepkdKB1jGJkgDtClc7uyLRjsc=;
        b=08tPjq68+7j5HEaQLp2QZ0yt2A/haSsyPMJdebLhANWbMFk+D4w/Cjkc+aLeNIj5a7
         5tvpF/EIV2Zp814WvmyN8yimtjPp+p+APWO9NAeelgfFL2QSUZuT2y4gG9Lha/Ys53YH
         kcc6FL3rhXBMAVd+8sVW7lPTy4VggfxDIg9PqyNU63q46FxiNhm0efr2krXBod9RaGo+
         CDd6NzinlZfc4ot9PJPjxVScPL/nFun9jPIjvQd6q0CPdJLzv4Hc9gNhGUqHss9Bc9kM
         HcI/tQCQDoFmoWtLotTJly+ZRxqyU7nTEx/pk5d1mqlq8u0e1viAd9XHnRWCX/9pxaKA
         onMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671579; x=1686263579;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=e6oBSvu7Y6dr8ZZiAmepkdKB1jGJkgDtClc7uyLRjsc=;
        b=HZLE6ts3hVv+k4bCCsoi2Yn2X3dw6sGbnaY3c+XzlMITOHDElUI1TSLpGbOCxQL8eF
         jUJW1Nng4oSiKgSrC/IrGBcYzAwUGOLdnCo3Jv17j4dHvivG8DOA7Wa515+y3X0ij1rA
         qjbITo4aSaXRE7npk3vkd+hpN8pNgcqu3TzaUoPnJDZ9+YZ3TIbApW4nTGS6xIWc/yzx
         +Vee0xVHuvk7khKTidLl1Zj8GAeehT5hZ89rMjA15/rvCUbYFUHjBnsoxSTdKbt2iMqI
         QA5+Ano05Fgb8y3YSSWx8fHRSzWS/nJ31N20rkHyfoDXS6E+LFojWfUr8Jdx39bbyfjq
         uSSw==
X-Gm-Message-State: AC+VfDxibbnpHO9ZcTbYr84C26rv20IGGP8Yjo95AOwVuy5lKfFYbsA7
	DAHT3xhnyPFmsw7JWpiZj7Tr4D+PQ1lk07WzBkI=
X-Google-Smtp-Source: 
 ACHHUZ6K6Dihs4H4935ZEgOsgHQUmgnB30P1HWtWilFWQqxEucvPFwA9DSaSyp3KxTDLLsk+hOq++Q==
X-Received: by 2002:a05:6a00:238d:b0:643:afd0:aaef with SMTP id
 f13-20020a056a00238d00b00643afd0aaefmr17733527pfc.18.1683671579518;
        Tue, 09 May 2023 15:32:59 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.32.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:32:59 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/15] xserver-xorg: upgrade 21.1.7 -> 21.1.8
Date: Tue,  9 May 2023 12:32:33 -1000
Message-Id: 
 <dc32d85983044baa7e535dc5e5fcf043dd922593.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181092

From: Wang Mingyu <wangmy@fujitsu.com>

This release contains the fix for CVE-2023-1393 in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-March/003374.html

Benno Schulenberg (1):
       xkbUtils: use existing symbol names instead of deleted deprecated ones

Olivier Fourdan (2):
       composite: Fix use-after-free of the COW
       xserver 21.1.8

git tag: xorg-server-21.1.8

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7b08dff8f46bcaa05f7fbffbe27d524579af4faf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{xserver-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb}          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} (92%)

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
rename to meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 212c7d39c2..19db7ea434 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.7.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -3,7 +3,7 @@ require xserver-xorg.inc
 SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.patch \
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            "
-SRC_URI[sha256sum] = "d9c60b2dd0ec52326ca6ab20db0e490b1ff4f566f59ca742d6532e92795877bb"
+SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
 
 # These extensions are now integrated into the server, so declare the migration
 # path for in-place upgrades.

From patchwork Tue May  9 22:32:34 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23762
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 790DDC7EE26
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:05 +0000 (UTC)
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web11.2953.1683671582331890821
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:02 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=E08H9FM9;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-643b7b8f8ceso2903979b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671581;
 x=1686263581;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=cgcht4CpFvfu7FODQrU1jrTVV4C7ulIuQRYW+bPRAZE=;
        b=E08H9FM9jBL9mgcdMAMw7pGieUu582ue1wSY8N1VVhxlb5cXFEneb0KTZC5weHXYJH
         +haCc1bED7wlvxAwwPL/ln40F1wrWTq9oJc+Hy9ei/oRwGE8dhXcjcVxsSReHl5rrhlN
         j42Ev2CnE6rG01vucKNXnrSCT1vcjgBvOyZutTTGgRxA2YFPQeF5bwXxa27fhua4xwYc
         VyJf0gSo3iNZD6sRo4smwEO1V0ubR+9xkORKUk0Ba5W8E+0JPyrEcOoXUyCa3Zkew/Pf
         +m46mDMDftB5wJABELSzQu8FI6DTCZhE2aYfa3EpwldYml/fnk4l0K0EeWklX2xOf3rD
         lPxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671581; x=1686263581;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=cgcht4CpFvfu7FODQrU1jrTVV4C7ulIuQRYW+bPRAZE=;
        b=IS4QuO8jb7sHLuh2R9VnNDlxduAToO/pJm4YrQDUIk5mDpv2tMs2Ece2FfsdjmbcQF
         vgL6FdSKO0wNtBrjejaJOpchsT9r8QsDOdlkOU8nlIXV8E5rDnpmp7rHZVlEUnPjjn+Y
         up++RflIcOeP0OMv2u/KcwAdQ+YuikDHf45JjzILAt2X6a3N7R5uZN1VonZLICfLHXMG
         xlkQ+ri25RusSoPMS5XwPYTBPOFHc5ZpW2wyUJl5ObbEhRhkCS/J8ZFJMH0MPEpUEK8s
         Y4ncDXOiMqetA0sY6909o2xniYbbpDA6nDutqhD7XKM8KicufqnjgHkzpJ7JNwp68gvq
         3agA==
X-Gm-Message-State: AC+VfDwE1nDD6bJjQtOrh3c3SV/NIyJA4LpNN+QoN7d/nnll+JcL79T0
	/5TOlK/3xZxtpL5YOyjkx3udrcazg3uqB5GB+B4=
X-Google-Smtp-Source: 
 ACHHUZ5G/EEmBrZpSARGGEyceGNRlXqIMGboyKAmsInZkgvGHhOTP24D3esrnBuIeTnE5O1RLVigEw==
X-Received: by 2002:a05:6a00:a19:b0:625:efa4:4c01 with SMTP id
 p25-20020a056a000a1900b00625efa44c01mr20098525pfh.3.1683671581403;
        Tue, 09 May 2023 15:33:01 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:00 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/15] linux-firmware: upgrade 20230210 ->
 20230404
Date: Tue,  9 May 2023 12:32:34 -1000
Message-Id: 
 <27b0b1c349467617285db3a09b77c03558e5adbb.1683671423.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181093

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

The LICENCE.qat_firmware license file was updated to reflect Intel
licensing (it removed a term regarding patent licenses).

License-Update: additional files

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit fd43b59ab32e2115fcda7ad63d3a5ccc2683c7d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...inux-firmware_20230210.bb => linux-firmware_20230404.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230210.bb => linux-firmware_20230404.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
index bf5d4f54e6..7412c022ba 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
@@ -108,7 +108,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
                     file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
                     file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
-                    file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+                    file://LICENCE.qat_firmware;md5=72de83dfd9b87be7685ed099a39fbea4 \
                     file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
                     file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
                     file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
@@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "aadb3cccbde1e53fc244a409e9bd5a22"
+WHENCE_CHKSUM  = "0782deea054d4b1b7f10c92c3a245da4"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a"
+SRC_URI[sha256sum] = "c3f9ad2bb5311cce2490f37a8052f836703d6936aabd840246b6576f1f71f607"
 
 inherit allarch
 

From patchwork Tue May  9 22:32:35 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23759
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 661E7C7EE22
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:05 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web11.2955.1683671584013447630
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:04 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=cEkVhxg6;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-643a1fed360so3532385b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671583;
 x=1686263583;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fHzcO+y0BaNavzmLbKnrgabe/cFUeg/wQXoqzFoURw0=;
        b=cEkVhxg6/dFTPqH6cUTuMSdYYChWmjjpEofsuVnIiEa1Dhq/SVeD7Vpza5T30Nh1UB
         viHhL4lO7ay2qtuXkXlpww+q8Zs3vt9D5tFuBBwHY1sF3drgz6p6a1xqyw3AunzID3LB
         WOSqWOoI1iTeHzEMGnHdu7nY+++rzEDoyFYOobbFmMpzXsiO6Lvvln/6A0BK7UsXtFOS
         0604DURwOipbzS7VipKSrdo7ojqeZiD1iVR+gVkT5o8vFZspuVbZ+XaAC2hYj8tt32Vo
         8Xgh+wpHPL88u5FeXxYImucYc/MW9zcBf4WYAK+UzR8A7ITULQEEFWooeoKAgpMuFtva
         GofA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671583; x=1686263583;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=fHzcO+y0BaNavzmLbKnrgabe/cFUeg/wQXoqzFoURw0=;
        b=jS/e7YulC5M2/P5PGgDexji8FRjZDHm6iakittQU1GJlwJdyGZ9jRFamT+YK5U+2Bl
         FBcwKZkElbPQ9B3Nw4cEJqcjMbcmJfeAW+kjWBlcP6wwGsMDSmMSbz0QNkbv4yiRT14K
         PVXkbKKIHbFlVDIN4xFUCmS4RT7BlrLqf57TvnGlDybKSwQwD2h9xa6bFAuOLZzSOwGs
         pIz8f0vrgqeSoSXeGcT3+oFGQ8YiUJjYmU+mmaf1Y1FNpUuSBC2wKA+ZtqBeR/jMjI8X
         rw06FpzYwvuPhYkPZ0VutmOBNW9SQWSmFYdGOxP9C9cL5SGbsdUIOTgNjylFi5nyNsy1
         2vKw==
X-Gm-Message-State: AC+VfDyjNDaFpoGnEejkVRCRshXKIa6oPqCJ8eGbGMSQOqCufNiOmoi2
	e9o3MYvoxXozFjOqK0j846qWXYvZozJ7QKz1gAY=
X-Google-Smtp-Source: 
 ACHHUZ4TtXMhaqyOASsEL7eiDEBP0fZnqI2e6bvmiezdCM1g4XOr922zqAeHtn3r4iQNkdGe1rgmSg==
X-Received: by 2002:a05:6a00:88f:b0:644:ad29:fd37 with SMTP id
 q15-20020a056a00088f00b00644ad29fd37mr13910056pfj.28.1683671583102;
        Tue, 09 May 2023 15:33:03 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:02 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/15] kernel-devsrc: depend on python3-core
 instead of python3
Date: Tue,  9 May 2023 12:32:35 -1000
Message-Id: 
 <a2301aa1808d631f8f00cbc1c5790ab4e734dc0a.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:05 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181094

From: "bkylerussell@gmail.com" <bkylerussell@gmail.com>

Avoids pulling in potential GPLv3 packages through python3-misc catch-all.

python3-core is the intended minimal RDEPENDS for packages requiring python3
support.  Other python3 module dependencies should be listed explicitly.

Signed-off-by: Kyle Russell <bkylerussell@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 231f93becad619f6afa383f9b1132f1d4b02fa64)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/kernel-devsrc.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb
index f8f717199c..ed9746f837 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -334,7 +334,7 @@ do_install[lockfiles] = "${TMPDIR}/kernel-scripts.lock"
 FILES:${PN} = "${KERNEL_BUILD_ROOT} ${KERNEL_SRC_PATH}"
 FILES:${PN}-dbg += "${KERNEL_BUILD_ROOT}*/build/scripts/*/.debug/*"
 
-RDEPENDS:${PN} = "bc python3 flex bison ${TCLIBC}-utils"
+RDEPENDS:${PN} = "bc python3-core flex bison ${TCLIBC}-utils"
 # 4.15+ needs these next two RDEPENDS
 RDEPENDS:${PN} += "openssl-dev util-linux"
 # and x86 needs a bit more for 4.15+

From patchwork Tue May  9 22:32:36 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23765
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6AFF6C7EE22
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:15 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.3065.1683671586011021361
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:06 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=AJDC+1kc;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-64388cf3263so4640804b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671585;
 x=1686263585;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=s65F+LboJa4sXKRO6sEJaVT/uD3DbHb0RT5SttWk96w=;
        b=AJDC+1kcOkjDn+LA+Mp0V7hp+z6w18zRuYpbNSC9tdjCJ8J6o6+by53A31ebKOQFg0
         +uWadaBKz/Gqd4OOlMz5MGpoXidwVFkpmrs+friChqZGmP3dbUVezJ5Xjyzo8ZZ8xp3x
         /OQ4E9cxKsj7qLk1vuc8O3WquZp5IZmhqblG2hMfxxKQQobVKAM1x1QXyzleoD4+BsJI
         iIhunkI4oNaPo80/egclCZcarup8oa0NR+0r0iSoGcHvrhxLhoSrb/ogt4l8qbPbfZrW
         IbJDRBAbKjnTY9NBzy2Vd/vKvLpP7e5UbFzibeHZYkzLbThScoKxMbIDb8igVvvdLr9c
         0Qmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671585; x=1686263585;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=s65F+LboJa4sXKRO6sEJaVT/uD3DbHb0RT5SttWk96w=;
        b=YfdMsUojMu8p9jxBuou/+kJ3AiJIieQMD6AMOhuVOEHM4nvLaY6jvnJPAck1RN/dRX
         Wg73YWUehUrTkh6XfeehOMdZ1UPwg5idydKG7gyuJQQ9G10SpmfOtrTLkG3pf57o9f4r
         cTcUt+aSc9Opua81fwBggclrfr4NeHaiNdh8c3C6tZCYjTqXJAKCPlR+YtzuvPkhFJIK
         Ya3Rt9unEDJOVC/hA3P8QGQpTjc1Ax81/vVLGvyYvQlN92ZhTBK/Pn/IzoOjsdjv93Qk
         qEyGsW2Y373ixT5Y5HFe6FSnVdyMzF4sgTimdTC0AcpyZ9Rbvq7UN5vabkqwR0BBUl//
         RgmA==
X-Gm-Message-State: AC+VfDyP9XLKfolpfBM2XdMASqoC82VvlD9FAK9QZRr+uOEmykW0aQOR
	CdA8mkNNcDfqdgy7PnywMWFMWuS9+acCVVGldPQ=
X-Google-Smtp-Source: 
 ACHHUZ6wNZBUwIBSxWeaieLnZw9MXbNBMxpcv+0angOWuJ9aSya3aUxAEy5tPi+nTJKPMmX8ohh2Tg==
X-Received: by 2002:a05:6a00:2d12:b0:624:2e60:f21e with SMTP id
 fa18-20020a056a002d1200b006242e60f21emr22396524pfb.29.1683671584854;
        Tue, 09 May 2023 15:33:04 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.04
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:04 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 10/15] libarchive: Enable acls,
 xattr for native as well as target
Date: Tue,  9 May 2023 12:32:36 -1000
Message-Id: 
 <9a74dc61bbe19a3f1d71905a13199f4364f53dcf.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:15 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181095

From: Piotr Łobacz <p.lobacz@welotec.com>

Libarchive is being used by OPKG package manager as default
API for extracting tar files. This fix allows us to extract
ipks packages with preserved ACLs and xattrs.

Partially addresses [YOCTO #15091]

[RP: Merge into main PACKAGECONFIG and tweak commit message]
Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 913aad1ac013368aef8f6af332588ef24bba46bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/libarchive/libarchive_3.6.2.bb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index acc84de9da..ffcc103112 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -7,11 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665"
 
 DEPENDS = "e2fsprogs-native"
 
-PACKAGECONFIG ?= "zlib bz2 xz lzo zstd"
-
-PACKAGECONFIG:append:class-target = "\
-	${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \
-"
+PACKAGECONFIG ?= "zlib bz2 xz lzo zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}"
 
 DEPENDS_BZIP2 = "bzip2-replacement-native"
 DEPENDS_BZIP2:class-target = "bzip2"

From patchwork Tue May  9 22:32:37 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23769
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8583BC7EE2A
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:15 +0000 (UTC)
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com
 [209.85.210.169])
 by mx.groups.io with SMTP id smtpd.web10.3066.1683671587502639687
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:07 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=FwGNyse1;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f169.google.com with SMTP id
 d2e1a72fcca58-6434e65d808so6847742b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671586;
 x=1686263586;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=r4ZrsBk3JJXX4uqlBW4mkV3D2xmWVc9dGk1tbApSB1k=;
        b=FwGNyse1fIxEHwmRNPGsPDl7EeAZOzI/3OIqrKYgEPHzn6xak7TAKiHwszxXFlEFE8
         poJZV92I++4SkhJyMz30ikYFAhJxCNRK2xxcDHAC9/SBTwXlKFn5izIpOmhHkQyxUd0j
         FlfDMMquqvHmqZqeN696sQqfk02dL8+YGyBCv0th/vLkdsSMwKNPDB1YpaIYI5wCliRo
         iIuWdo3Y8tzhvtzbxwK3RWTan295kseUWyaDCvcRcF89Y1wOp80xPGRY6mpDfBr1ckKw
         OSTvpmXPAaioFfKXBMzSzplSYJyQXocBx5gWe1EVR+qSTSadWWYD/RmtzbA6k8Vk6KUi
         wfAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671586; x=1686263586;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=r4ZrsBk3JJXX4uqlBW4mkV3D2xmWVc9dGk1tbApSB1k=;
        b=KWiLfBalj90qMuK5UjzR1lzCwp6PrgfH2sIoPgxSN6m32B+OBqZ6nhHTUlW09OfjIY
         322MemaAHMwUxhAffUkflGqzIo90/Q3wUJua8wzqRS/X+t2GxRjvINc19LUWoYND3Lf4
         A/1lTkLVfVgJ1BDhzb1cTB6Uv24R7gj7aVtjplBedlwXKaZtD2eOY1f9thX6mqpq9nof
         qq2bE4y4RxcHIy5IOIsP3HPY+i3zhUyE/QZVlIaafd3Hv2Qk7H9aYaI1OsUnS5Rj4+dB
         dJ+L0MPF5u/qpPQWYz1/yQfjPbmSHwZT4d96z6VS/tjqJBp7YpmGqF3XvY6zXcV1xRCt
         P4Zg==
X-Gm-Message-State: AC+VfDy9CIEPeF0XkFSpVP5V+tFXdM9FyDc5Xv7ocnnC8jPscMeCrDaK
	9sGCjMlKgJhQnkTzvwhqucpHdw+82dsXBJ0VmnY=
X-Google-Smtp-Source: 
 ACHHUZ7WXna2z0WiYiZE8yo8B7LIJGL3hakKkUxmHTezWbIq9t3r5oO/v8yyLiPXEvX4QPG+ujepJA==
X-Received: by 2002:a05:6a00:1406:b0:62a:c1fa:b253 with SMTP id
 l6-20020a056a00140600b0062ac1fab253mr19342017pfu.31.1683671586580;
        Tue, 09 May 2023 15:33:06 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:06 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 11/15] populate_sdk_ext.bbclass: set
 METADATA_REVISION with an DISTRO override
Date: Tue,  9 May 2023 12:32:37 -1000
Message-Id: 
 <adfc2ab998f27cb809235a137e9605e8788f58e8.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:15 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181096

From: Martin Jansa <Martin.Jansa@gmail.com>

* otherwise it ends '<unknown>' inside esdk, because of parsing order:
  # $METADATA_REVISION [3 operations]
  #   set /OE/build/test-D/conf/local.conf:43
  #     "f2da54ef432eac89b0f18eaad68e602b6990b5de"
  #   immediate /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:9
  #     "${@oe.buildcfg.detect_revision(d)}"
  #   set /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:10
  #     [vardepvalue] "${METADATA_REVISION}"
  # pre-expansion value:
  #   "<unknown>"
  METADATA_REVISION="<unknown>"

* This causes base-files.do_install and following tasks to have different
  signatures between esdk and the build directory where this esdk was created:

  bitbake-diffsigs {test-D,poky/build-uninative-disabled}/tmp/stamps/qemux86_64-poky-linux/base-files/*do_install*sigdata*
  NOTE: Starting bitbake server...
  basehash changed from 5b6981cf58bfd57d416b0e31611b73a26baae635dd1ac31c08d46f95064c3ffc to dbdce042da4d7813d632b6d1cc87a16f728ad20e55fecbc392830e6acf72babd
  Variable METADATA_REVISION value changed from '<unknown>' to 'f2da54ef432eac89b0f18eaad68e602b6990b5de'

  and an warning from "python3 /OE/build/test-D/ext-sdk-prepare.py" when eSDK is being prepared for use:
  WARNING: The base-files:do_install sig is computed to be 83b9c9a6ef1145baac5a1e0d08814b9156af239c58fc42df95c25a9cd8a7f201,
    but the sig is locked to 3dc22233059075978e5503691e98e79e7cc60db94259dfcd886bca2291c0add7 in SIGGEN_LOCKEDSIGS_t-qemux86-64

[RP: Add commit about why we need the override for future reference]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 675ea7281c17f77bf5dea17cfd4d9da0928382a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/populate_sdk_ext.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index a673af7e7b..ca1b7753cb 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -363,7 +363,8 @@ python copy_buildsystem () {
             f.write('BUILDCFG_HEADER = ""\n\n')
 
             # Write METADATA_REVISION
-            f.write('METADATA_REVISION = "%s"\n\n' % d.getVar('METADATA_REVISION'))
+            # Needs distro override so it can override the value set in the bbclass code (later than local.conf)
+            f.write('METADATA_REVISION:%s = "%s"\n\n' % (d.getVar('DISTRO'), d.getVar('METADATA_REVISION')))
 
             f.write('# Provide a flag to indicate we are in the EXT_SDK Context\n')
             f.write('WITHIN_EXT_SDK = "1"\n\n')

From patchwork Tue May  9 22:32:38 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23770
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 71FE7C77B75
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:15 +0000 (UTC)
Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com
 [209.85.210.182])
 by mx.groups.io with SMTP id smtpd.web10.3063.1683671580387701849
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:09 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=H+hTSgYQ;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f182.google.com with SMTP id
 d2e1a72fcca58-6436e004954so6692285b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671588;
 x=1686263588;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Z7pGfHkyzIwQnok8P5aOFE8KQ39q4JJ2Ndh+/VDqX+Y=;
        b=H+hTSgYQ5NdUFwJj6IZnrsiezXx8bvOcSOT/f9MDpxU1rrzlUWoz80/lZ037bkKuwG
         VdWbk2r/zN5jzNo0/6a2+/7bDfxlau59rVni5Bhoy9x7KIF7JX0CpQEzXpbQJ1gVZ8zB
         BJ50ZzTUmoGay/UdPcywMOCQVJFnuEpmxjx611pK8i74L++F673muGhL3pgmWrbC3vHY
         A9UNjynBYl41XXrcXYRNCcIHXAcYXbVPzlFAqjzHMZtSVdmzlj7RBG9H+tCkPQ5ttBXY
         tvTsaRv9lUTVHky52feDZjxLufDpcjUfbxlTwVjlH+j3UuJ8lwxMpmHrLsHlUHcPCOBd
         TMwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671588; x=1686263588;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Z7pGfHkyzIwQnok8P5aOFE8KQ39q4JJ2Ndh+/VDqX+Y=;
        b=U4jM3Jc805GIZS/FrustlDzGABjORWorf21tTdTL/dQnwPSQBigUojs6dKCH4I9nrP
         HaiwTZP2jrCioD4MGska2wpxO0F+z53M2sQp2Ykgblptlx9RcM8Ap8lnfemU7zFdSM2w
         zQI7G2azbnk6W7wD8Y22We+DuBimg7ZZiNf9twh1IYSfA7oB4Iu4okqFGtaGZ/n8bfXg
         nDR7aDk4ES8lOAuL+QfP6bUpKEbTUSXavYXSsGEtX8IBdLWfwNQCli3e3nUHhtNlSlpd
         4cOY8ncHuknf6ilu4FFE8jCouaVjLcVe8c1fiAPREKQiGt2wl+kT+j9FELCf2B3/yOqE
         JOsA==
X-Gm-Message-State: AC+VfDxln1NGJxXnaCNwIqvMENfJxt9S5bllLPKoiNVXtE4uIJKa7gFD
	aBo0y3tzKJQXUcmOSAA/fMiVN2tGfyCquJigaYI=
X-Google-Smtp-Source: 
 ACHHUZ4/w9DSxwXl0J7V/xzX6RdPiA5OvS+fyGGlEfrUDbojV/msQPfy03Ahax+Tthp0cVqU1A7UDQ==
X-Received: by 2002:a05:6a00:14c8:b0:63d:2d8c:7fd5 with SMTP id
 w8-20020a056a0014c800b0063d2d8c7fd5mr21198122pfu.12.1683671588193;
        Tue, 09 May 2023 15:33:08 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.07
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:07 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 12/15] libpam: Fix the xtests/tst-pam_motd[1|3]
 failures
Date: Tue,  9 May 2023 12:32:38 -1000
Message-Id: 
 <1b3bf8233c30ef2e559102210e0bfd3fac958f17.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:15 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181097

From: Zhixiong Chi <zhixiong.chi@windriver.com>

Reproducer:
1.Enable the ptest of libpam and build the image.
2.Boot the rootfs with nfs, then run the following tests as root:
 cd /usr/share/Linux-PAM/xtests
 /usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd1
 /usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd3

After applying this patch, the ptest doesn't be failed.

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 549e54ad6a175359b0a57987ccdab8989df9d3a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...rely-on-all-filesystems-providing-a-.patch | 108 ++++++++++++++++++
 meta/recipes-extended/pam/libpam_1.5.2.bb     |   1 +
 2 files changed, 109 insertions(+)
 create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch

diff --git a/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
new file mode 100644
index 0000000000..94dcb04f0a
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
@@ -0,0 +1,108 @@
+From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
+From: Per Jessen <per@jessen.ch>
+Date: Fri, 22 Apr 2022 18:15:36 +0200
+Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
+
+When using scandir() to look for MOTD files to display, we wrongly
+relied on all filesystems providing a filetype.  This is a fix to divert
+to lstat() when we have no filetype.  To maintain MT safety, it isn't
+possible to use lstat() in the scandir() filter function, so all of the
+filtering has been moved to an additional loop after scanning all the
+motd dirs.
+Also, remove superfluous alphasort from scandir(), we are doing
+a qsort() later.
+
+Resolves: https://github.com/linux-pam/linux-pam/issues/455
+
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
+
+Signed-off-by: Per Jessen <per@jessen.ch>
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++-------
+ 1 file changed, 40 insertions(+), 9 deletions(-)
+
+diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
+index 6ac8cba2..5ca486e4 100644
+--- a/modules/pam_motd/pam_motd.c
++++ b/modules/pam_motd/pam_motd.c
+@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
+     }
+ }
+ 
+-static int filter_dirents(const struct dirent *d)
+-{
+-    return (d->d_type == DT_REG || d->d_type == DT_LNK);
+-}
+-
+ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ 	char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
+ {
+@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ 
+     for (i = 0; i < num_motd_dirs; i++) {
+ 	int rv;
+-	rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
+-		filter_dirents, alphasort);
++	rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
+ 	if (rv < 0) {
+ 	    if (errno != ENOENT || report_missing) {
+ 		pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
+@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+     if (dirscans_size_total == 0)
+         goto out;
+ 
++    /* filter out unwanted names, directories, and complement data with lstat() */
++    for (i = 0; i < num_motd_dirs; i++) {
++	struct dirent **d = dirscans[i];
++	for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
++	    int rc;
++	    char *fullpath;
++	    struct stat s;
++
++	    switch(d[j]->d_type) {    /* the filetype determines how to proceed */
++	    case DT_REG:              /* regular files and     */
++	    case DT_LNK:              /* symlinks              */
++		continue;             /* are good.             */
++	    case DT_UNKNOWN:   /* for file systems that do not provide */
++			       /* a filetype, we use lstat()           */
++		if (join_dir_strings(&fullpath, motd_dir_path_split[i],
++				     d[j]->d_name) <= 0)
++		    break;
++		rc = lstat(fullpath, &s);
++		_pam_drop(fullpath);  /* free the memory alloc'ed by join_dir_strings */
++		if (rc != 0)          /* if the lstat() somehow failed */
++		    break;
++
++		if (S_ISREG(s.st_mode) ||          /* regular files and  */
++		    S_ISLNK(s.st_mode)) continue;  /* symlinks are good  */
++		break;
++	    case DT_DIR:          /* We don't want directories     */
++	    default:              /* nor anything else             */
++		break;
++	    }
++	    _pam_drop(d[j]);  /* free memory                   */
++	    d[j] = NULL;      /* indicate this one was dropped */
++	    dirscans_size_total--;
++	}
++    }
++
+     /* Allocate space for all file names found in the directories, including duplicates. */
+     if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
+ 	pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
+@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ 	unsigned int j;
+ 
+ 	for (j = 0; j < dirscans_sizes[i]; j++) {
+-	    dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
+-	    i_dirnames++;
++	    if (NULL != dirscans[i][j]) {
++	        dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
++	        i_dirnames++;
++	    }
+ 	}
+     }
+ 
+-- 
+2.39.0
+
diff --git a/meta/recipes-extended/pam/libpam_1.5.2.bb b/meta/recipes-extended/pam/libpam_1.5.2.bb
index dabd3256c8..0799102f8e 100644
--- a/meta/recipes-extended/pam/libpam_1.5.2.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.2.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux
            file://run-ptest \
            file://pam-volatiles.conf \
            file://CVE-2022-28321-0002.patch \
+           file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \
            "
 
 SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"

From patchwork Tue May  9 22:32:39 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23767
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 79A01C7EE2D
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:15 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.3065.1683671586011021361
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=YlA+Oyeg;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-64388cf3263so4640851b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671590;
 x=1686263590;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=QFO4vt0yutBSa/nNqk6LbdgHLTYKn2rU8CRS7nOFWBk=;
        b=YlA+Oyeg9xgs2we0D2HSAkd2WeHyJD2O8nI0qwk5tjwN3mksdmCLjk5etRpD8bQAne
         D4VS0vxIOdwWzlcNQ0x9kJ9z17a1y4jC3DSqruG7BeLgFKxK1Fh/G/7yCCm5k/EBSAxg
         VVt5jKqchL4cSB5C/BgaChsCAjWGwT78Yuvw7Nwb2LLqIVweJAWf7rsvk/MD/LJ/6bwW
         eXJNaLp3gB9tLDtq9ShdcdguRjl6O3EHuCsd4+vOnzkRxWmm4tqbdo6h74PUgr4peOAX
         HpFbMPkWdo3jW86nif8y80WNUN7xogk6B8JGjyewKE07SdpU4CaFZ8Ni2jvZSsqiDuUS
         Zc3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671590; x=1686263590;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=QFO4vt0yutBSa/nNqk6LbdgHLTYKn2rU8CRS7nOFWBk=;
        b=OBXdIFXjX4snbx3HxU5z1201gtFY/BqEmKfpoqPNA9ipjiAVo450OsFB0FnwknWFT0
         At/O49eV4bzd3phtSzmvJZ2cqYe8j/oarjfOOq4RosaBLr4cX2EKXEZtYRMuZMD++hg0
         +EDaRWJ23LRGHlpsflrd5XYot0oahRQpUnv8kD9FBMBZwNusU4CopvC/dpNepvixqvoH
         FZg21SySYoPo99Px+e7sowA8AZMMOFVHhLjAHSAz7sqg0eayn2yPZCcZTXN3c52LtgIp
         0AjdioDAZ4V1Epd8PXojlpd7a3DKz/Y0YEK+ZlwAWdMU/SG5deIzNC1boYCw3lcxS2Mj
         yUEg==
X-Gm-Message-State: AC+VfDykxpuZ/PbiwKTL6mRtDKgqd2rY4W5BNRYQRppU1gMs0oPhjyn/
	vUakLwb6E9/D7d/RBIDYkOByDM6JGVTg43Gv/dY=
X-Google-Smtp-Source: 
 ACHHUZ4ihCCd2XToKvYwpjMC4Pcean/yISEBFSxLItyTjTHEes2WRM7n63PxGj4/xi4EZonGkF1SmQ==
X-Received: by 2002:a05:6a00:138c:b0:646:1f13:7fce with SMTP id
 t12-20020a056a00138c00b006461f137fcemr11984607pfg.2.1683671589885;
        Tue, 09 May 2023 15:33:09 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.09
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:09 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 13/15] oeqa/utils/metadata.py: Fix running
 oe-selftest running with no distro set
Date: Tue,  9 May 2023 12:32:39 -1000
Message-Id: 
 <6e63c48ec31ebf640ea26d0328f4618bd13e625f.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:15 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181098

From: Thomas Roos <throos@amazon.de>

This will use default values when no distribution is set.

[YOCTO #15086]

Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 888fe63b46efceeff08dbe8c4f66fec33d06cb7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/utils/metadata.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/lib/oeqa/utils/metadata.py b/meta/lib/oeqa/utils/metadata.py
index 8013aa684d..15ec190c4a 100644
--- a/meta/lib/oeqa/utils/metadata.py
+++ b/meta/lib/oeqa/utils/metadata.py
@@ -27,9 +27,9 @@ def metadata_from_bb():
     data_dict = get_bb_vars()
 
     # Distro information
-    info_dict['distro'] = {'id': data_dict['DISTRO'],
-                           'version_id': data_dict['DISTRO_VERSION'],
-                           'pretty_name': '%s %s' % (data_dict['DISTRO'], data_dict['DISTRO_VERSION'])}
+    info_dict['distro'] = {'id': data_dict.get('DISTRO', 'NODISTRO'),
+                                'version_id': data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'),
+                                'pretty_name': '%s %s' % (data_dict.get('DISTRO', 'NODISTRO'), data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'))}
 
     # Host distro information
     os_release = get_os_release()

From patchwork Tue May  9 22:32:40 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23768
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7994AC7EE26
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:15 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.3065.1683671586011021361
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:12 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=hBSwX8GM;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-64388cf3263so4640869b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671592;
 x=1686263592;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ewtxxnmbR+qVZVL4M8EvboFYNjbpouXBsqSl39cviDI=;
        b=hBSwX8GMQFaU8v7M7Urs1NM8OxKT3kyxe7fkdl7C3azMqAawocuYiUA9iodqPfhUSS
         TdUmKlr4edjuvP7Q5OBb9GkqboyDxJdY0F5H5KA71+8zuqBFkm2oHjBM2A8wfUoj2USv
         P38ryN2dVQ1il53Pgnx3FVd8iX1+9WztQEA+45WD0BRmajwPkULyK6gmejIfvES4bXJY
         3v95jw9RBycS4JekkTykf8kCQiJeLostcLxKEvcPifzCMetZQ6mSLeN/AIm/pB6DRSKI
         u2LVtW+qzApSDy1oq9i2Or/Lm1u3qOKKBk+loMf2VJwI5QsYcqmIegjLXTaDPk6QpYCA
         Ykrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671592; x=1686263592;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ewtxxnmbR+qVZVL4M8EvboFYNjbpouXBsqSl39cviDI=;
        b=MsBoYjpnGXzZZ1MRmwxRXNn5PYh7iCdec3O40ORIamS+DyFzFzUL0eGsutGqP5PLSc
         oy0o8bA0b1qZREpWbljnp7Y7+6xpmE6l9kPjUPdxPaApiF76IQ0NBfvlZVtTKQj6ojpA
         f+t63oL5/aD2WPksGuCSUosxiLIVHFaC2z1lKJfpmvBzFWDpTUnH4yNFsdoIAZ3GCyWL
         X9/pnmTuAKpb2ttCPemgGmB/47XDTs2c0W6HXaAfgNgX7uW2hGgbH9XPmfgODZhRxVM1
         iweCR+REWRCCgflYctjQ3fuleDpvllVwM0EUBCd44hGlMtwqNxed5oR55flb43RdSfMI
         DPEQ==
X-Gm-Message-State: AC+VfDx1NtiMNu+TrDSDeuBMtDIjA1c8h4FQVNgMKEaZpBW3SE/Z1CiW
	YKgiNmpswDdzcxXNJK+Z5Xi2xzeloxOUTtK3MlY=
X-Google-Smtp-Source: 
 ACHHUZ4WXKhec/7g1i/QxZJU4x46rIywpzIWz2Ztguf0BAAV6a6QH04zPsTwWbJEpaYJMzk0PMQHEw==
X-Received: by 2002:a05:6a20:8e07:b0:101:8f00:595f with SMTP id
 y7-20020a056a208e0700b001018f00595fmr2737028pzj.44.1683671591722;
        Tue, 09 May 2023 15:33:11 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:11 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 14/15] kernel: improve initramfs bundle
 processing time
Date: Tue,  9 May 2023 12:32:40 -1000
Message-Id: 
 <f75e7bbe7cd463c3e8c95b19678fcc2a925dc7b8.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:15 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181099

From: Bruce Ashfield <bruce.ashfield@gmail.com>

This is a partial fix for bugzilla 15059 [https://bugzilla.yoctoproject.org/show_bug.cgi?id=15059]

It has been noted by several people that when an initramfs is bundled:

  - a lot of the kernel is rebuilt
  - it takes a really long time

When looking at the logs, the second kernel compilation (that performs
the bundle) is not using the parallel make settings, and builds with
-j1.

We are already explicitly passing PARALLEL_MAKE when building kernel
modules, and by extending that explicit use to the main kernel
compilation, we ensure that we always get a parallel build.

Build times chnaged from more than 30 minutes for the bundle, to
3 minutes in local testing.

The question of whether or not too much is rebuilding during the
bundle step is still an open question, but with this tweak, at least
the build time is back in the realm of acceptable.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 88fd394ecf0f2174b792075d409d87046896426b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index b315737fd2..d45fa25c32 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -377,7 +377,7 @@ kernel_do_compile() {
 		use_alternate_initrd=CONFIG_INITRAMFS_SOURCE=${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio
 	fi
 	for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do
-		oe_runmake ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd
+		oe_runmake ${PARALLEL_MAKE} ${typeformake} ${KERNEL_EXTRA_ARGS} $use_alternate_initrd
 	done
 }
 

From patchwork Tue May  9 22:32:41 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 23766
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6B023C7EE23
	for <webhook@archiver.kernel.org>; Tue,  9 May 2023 22:33:15 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web10.3069.1683671594268274779
 for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:14 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired"
 header.i=@sakoman-com.20221208.gappssmtp.com header.s=20221208
 header.b=ZjQuz05R;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-643ac91c51fso3713340b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 09 May 2023 15:33:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20221208.gappssmtp.com; s=20221208; t=1683671593;
 x=1686263593;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ejfJhB5UAiMkmWtC3VZ7peMDb6dCdHWxMK3LojUTNAM=;
        b=ZjQuz05RZDOfFyickzWFc2Hot2kolP+qrzHmQYi7S9h/1Zr3X8aJ6Ts3Kq1B972iFM
         d33wm0NdPq9sUSfAZXDxoEu+Tyk7zbgd7t17Yi/3jCqzMNWyGTYdC1xmaDj8xxDdb/++
         CX/sQobN6s38atJ10mGNm438dkk1CL4esLO4pD7Tv9BFAV3cX+4EiJtndTox2PVurwJv
         XGBfYlcDQvr4xHX2bCerKI8OmojItwc6emaT4onQfjnalZRgCDZxPLXF9FaaCrMwqO1n
         lSVcJkMXQVnitFxVGqRreQIPDYjIQ2F2ENNDkduIlGllZfRPj4URGIKFcS0qZvaStawN
         N/hw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683671593; x=1686263593;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ejfJhB5UAiMkmWtC3VZ7peMDb6dCdHWxMK3LojUTNAM=;
        b=Cc0AfSuLFSwFoqSyCrMFFRqQMkheCU2aEzcBRVlv1me+hV163IGtX3tVNpyQsMcTzw
         puS2OZ2BJXV7QDonbAV2gE15P+1G2XG558e/cC1nFnl36CpAHDN6o5HSMYlCs6+ynp2w
         nWvx59vvU5pnUTJUqRQvVX9Bu8IKWgq2YPCQkQo1NZzebR8y4M1K7HY+FR2yC5v6lPJK
         KkaryDK6IktaAMVcCkUMGXJc5xkwHcadCbabsFJiYcls8xPJvgl4ymw0v4IwTCQLrFT+
         jBF2M8SSk/G7kfl4IAwdKyfeaF/Zk3n5I1B7raP6Y/NMbcfOvpDEuvRjeowShZyeDuU+
         WW9A==
X-Gm-Message-State: AC+VfDye9R5JuRFvrbOmHGmq/21q9n23U2PrJFyD5JWjbNSEOCcf2LXk
	j0/O7jRTZEZR+mNupY+hM78Cq5ed0ReqYRNNG44=
X-Google-Smtp-Source: 
 ACHHUZ5IvHz2U6vbYrepzP+N2up+jYYVAwPhsZHhlfpEPuyZ0NtYTbVaG/m8u68IsoeivpJnDIeGyg==
X-Received: by 2002:a05:6a00:17a5:b0:63b:1708:10aa with SMTP id
 s37-20020a056a0017a500b0063b170810aamr23060125pfg.34.1683671593383;
        Tue, 09 May 2023 15:33:13 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net.
 [72.234.106.30])
        by smtp.gmail.com with ESMTPSA id
 u17-20020aa78491000000b0063d2dae6247sm2263125pfn.77.2023.05.09.15.33.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 May 2023 15:33:13 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 15/15] update-alternatives.bbclass: fix old
 override syntax
Date: Tue,  9 May 2023 12:32:41 -1000
Message-Id: 
 <5697ec9ebd8a94f9ec3d370fcfead332dcbe5afc.1683671424.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1683671423.git.steve@sakoman.com>
References: <cover.1683671423.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 09 May 2023 22:33:15 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/181100

From: Peter Bergin <peter.bergin@windriver.com>

Function 'gen_updatealternativesvardeps' still used old override
syntax when fetching variable flags. Update to use ':' instead to match
recipe meta data. This was found by review and no real issue encountered
but it is a bug that affects variable dependencies and can affect rebuilds
as task hashes might not be accurate.

Signed-off-by: Peter Bergin <peter.bergin@windriver.com>
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5691f554b2cd50f256a8cbb1d96781e9eb6b930e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/update-alternatives.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/update-alternatives.bbclass b/meta/classes/update-alternatives.bbclass
index 7581a70439..2804299fc4 100644
--- a/meta/classes/update-alternatives.bbclass
+++ b/meta/classes/update-alternatives.bbclass
@@ -80,10 +80,10 @@ def gen_updatealternativesvardeps(d):
 
     for p in pkgs:
         for v in vars:
-            for flag in sorted((d.getVarFlags("%s_%s" % (v,p)) or {}).keys()):
+            for flag in sorted((d.getVarFlags("%s:%s" % (v,p)) or {}).keys()):
                 if flag == "doc" or flag == "vardeps" or flag == "vardepsexp":
                     continue
-                d.appendVar('%s_VARDEPS_%s' % (v,p), ' %s:%s' % (flag, d.getVarFlag('%s_%s' % (v,p), flag, False)))
+                d.appendVar('%s_VARDEPS_%s' % (v,p), ' %s:%s' % (flag, d.getVarFlag('%s:%s' % (v,p), flag, False)))
 
 def ua_extend_depends(d):
     if not 'virtual/update-alternatives' in d.getVar('PROVIDES'):