From patchwork Wed Nov 29 23:04:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35396
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C4144C46CA0
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:18 +0000 (UTC)
Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com
 [209.85.215.169])
 by mx.groups.io with SMTP id smtpd.web11.57558.1701299112519228086
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:12 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=hasSMbKm;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f169.google.com with SMTP id
 41be03b00d2f7-5c60026e8dbso285525a12.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299111;
 x=1701903911; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4N/rc8clN7EkJkVnpbAnOKi0dibNc6+t8hSy1cOB/AQ=;
        b=hasSMbKmA5EmJpayzUA/ppqvssrSGP3Hg8F9colarg+vN9I0MUmyR+WQ1RzWc1VbL8
         WznH1tYWHBe519TVno1+TOILQvAWsakO3M9ZetfuGlM7Qq8ZZtJv7i0XzGgl43RTEwBQ
         6m1S5uPpBjFZ3lb71WtL+ueLPxeebQg21v9yA5T2cV7y1TSpO/5+TZOJvDf/2KX2fNjD
         Q/KA5IYYVQGreinf75r6Rr+w2RFEs6KzJiJZ05nx7sisDN7DNH343cStl463i5qxpjZI
         L5BDjViBhERu0C8YgttWRVBzcKeW76XNd7VI2JsAfC3MDg5Rus4JLEXYf6efZ2HEQ9k4
         g02A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299111; x=1701903911;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4N/rc8clN7EkJkVnpbAnOKi0dibNc6+t8hSy1cOB/AQ=;
        b=NZVJyvLOI0nGe7UoFJhEM+/vlRrQMpjPp9G+Kw2Fsb/EmxPAaWvVmu2zwpflDRrDEy
         M7v3O6iRghN6gTI6CROo7pnyQqXqS+IYZFUMEQsWNAx3jxiyLFgdm7dVyyu/z6+x3ijY
         CnvxYt3Vf/NbrlRQqk7v2GuLVRJf4xb4iJPus6X3u9rnQaztX3mY19GLBSRAcreIfwFj
         oKRqoqpcY0SgZk46ODcTWnbMOzjiN/a8S6kT2OEa7BiKBzfl4kOcdn2S08cgyfdP9ymf
         /UbbOPjWC5fV9LHEEqsPbo6FuEV5ST6Tt5xRd+m1L+qA4OC7TVu1D1Kd5Ng3Tc6NvNwM
         MF6g==
X-Gm-Message-State: AOJu0YwDQ5LghPOkvcMC977pKKWFxSgx3GRkbxorDq0vd4gwrqD2RD41
	zwA5+vgu4Lf/qtP3C7NWCW4QVUIYoF386dWvJ+Hz+A==
X-Google-Smtp-Source: 
 AGHT+IFwqyOxBipAOx7Wu6ERf977OTrao/KqvbKZh9KU83MGSmWl1jY0j19oI6bvbgAMwm2drWUpBw==
X-Received: by 2002:a05:6a21:788b:b0:18c:19e2:5735 with SMTP id
 bf11-20020a056a21788b00b0018c19e25735mr19960486pzc.54.1701299111103;
        Wed, 29 Nov 2023 15:05:11 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.10
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:10 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 1/8] gstreamer1.0-plugins-bad: fix CVE-2023-44429
Date: Wed, 29 Nov 2023 13:04:54 -1000
Message-Id: 
 <76b97dc17349419059de739b2342853219c2e4ec.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191465

From: Archana Polampalli <archana.polampalli@windriver.com>

AV1 codec parser buffer overflow

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2023-44429.patch                      | 38 +++++++++++++++++++
 .../gstreamer1.0-plugins-bad_1.20.7.bb        |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44429.patch

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44429.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44429.patch
new file mode 100644
index 0000000000..5070d6b865
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44429.patch
@@ -0,0 +1,38 @@
+From 1db83d3f745332cbda6adf954b2c53a10caa205e Mon Sep 17 00:00:00 2001
+From: Benjamin Gaignard <benjamin.gaignard@collabora.com>
+Date: Wed, 4 Oct 2023 11:14:38 +0200
+Subject: [PATCH] codecparsers: av1: Clip max tile rows and cols values
+
+Clip tile rows and cols to 64 as describe in AV1 specification.
+
+Fixes ZDI-CAN-22226 / CVE-2023-44429
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3015
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5634>
+
+CVE: CVE-2023-44429
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1db83d3f745332cbda6adf954b2c53a10caa205e]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gst-libs/gst/codecparsers/gstav1parser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gst-libs/gst/codecparsers/gstav1parser.c b/gst-libs/gst/codecparsers/gstav1parser.c
+index 7b9378c..68f8a76 100644
+--- a/gst-libs/gst/codecparsers/gstav1parser.c
++++ b/gst-libs/gst/codecparsers/gstav1parser.c
+@@ -2219,6 +2219,8 @@ gst_av1_parse_tile_info (GstAV1Parser * parser, GstBitReader * br,
+       ((parser->state.mi_cols + 31) >> 5) : ((parser->state.mi_cols + 15) >> 4);
+   sb_rows = seq_header->use_128x128_superblock ? ((parser->state.mi_rows +
+           31) >> 5) : ((parser->state.mi_rows + 15) >> 4);
++  sb_cols = MIN (GST_AV1_MAX_TILE_COLS, sb_cols);
++  sb_rows = MIN (GST_AV1_MAX_TILE_ROWS, sb_rows);
+   sb_shift = seq_header->use_128x128_superblock ? 5 : 4;
+   sb_size = sb_shift + 2;
+   max_tile_width_sb = GST_AV1_MAX_TILE_WIDTH >> sb_size;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
index fbaabda3f9..504cfce1fd 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
@@ -13,6 +13,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
            file://CVE-2023-40474.patch \
            file://CVE-2023-40475.patch \
            file://CVE-2023-40476.patch \
+           file://CVE-2023-44429.patch \
            "
 SRC_URI[sha256sum] = "87251beebfd1325e5118cc67774061f6e8971761ca65a9e5957919610080d195"
 

From patchwork Wed Nov 29 23:04:55 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35400
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CA3F4C10DC2
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:18 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.57559.1701299114390459474
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xNlNSqyY;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-1cfb30ce241so3502985ad.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299113;
 x=1701903913; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1IYAbRMelwo9pHy/8zeNrEkh6TCXESwuGNiQPf81ysk=;
        b=xNlNSqyYj2AuKZU4pvq20VhL701QDSnU7X5iBtqvovNNpfUqQlD7tj+Bz0Q1p90swG
         CvTEjk/cJwo7bBqlI8iX4+tRDn2cRxka942mwyWixSZEYXUuVVisErAhpdlbaSXWnqTJ
         rEgbYGE5yNCVJxnjjZ4wYcqJiB9hgrXv9AuEWm7bOBRhKEOcoaIp/sPcFrEvJZQxOB2Q
         JHNzVjBfwEbfcmluvCiv0nvjer8uBG8vqLpr8UGm9osQ9+HYJ+574qfXAkDPlq5UA7KX
         0yTWCbuk7ogH3PiaYz0tBvvvMg/Ae3b0gt3FpELoZgPXvQo8G4BUpbqxmSCw83IKesC0
         Y6Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299113; x=1701903913;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1IYAbRMelwo9pHy/8zeNrEkh6TCXESwuGNiQPf81ysk=;
        b=L+mv3sQ+e8wNwQbBgkhAdSAfbDJlaKwTbAk4ro3ktLfOOPokz3+ZtJ5nHVhFbxWYjq
         UhPPZIySy6COey3dt0U9tmp9SoAVAqsG+woJKOHpQvC+nNM1k/zXkw2UPxI4vSJbrX2j
         5lZXgSiR3B7FblxhnEIYFmH6ZZyi+7ojmAFSPkaltWcJfSjVssE+UJyHZS2NkPPKFaHh
         YWxS2X8AfDPa4xAhjSLPZDD5BLwcLt5+8tZkaIB2dVxDe9881gjnqzIhZkyusXl3y0l/
         eWqOBEIGRU0BvvNDl6HVluLVwnrRSK/4TXfpfnwiiNscp4E7LmdUkDH9Mi+o5fTfO3Ib
         k31w==
X-Gm-Message-State: AOJu0Yx3QJTnAJZ4UAgRCM8NRceLuas9+D7uk5W/oHtBsFCQAH/mo7DX
	nm4ZL0PRXqzLlwslVBgKME7STDUqEh3L7LpNjPOkbw==
X-Google-Smtp-Source: 
 AGHT+IEmpBQsCQHQOU85l+PottX4duLA4WzCbhkSgmiEfRPM5QiT4XGl27Ju12myvYCyi8kd9CuCaA==
X-Received: by 2002:a17:902:f80d:b0:1cf:b2a1:3a87 with SMTP id
 ix13-20020a170902f80d00b001cfb2a13a87mr17040103plb.56.1701299112955;
        Wed, 29 Nov 2023 15:05:12 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:12 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 2/8] openssl: fix CVE-2023-5678 Generating
 excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or
 parameters may be very slow
Date: Wed, 29 Nov 2023 13:04:55 -1000
Message-Id: 
 <6cd4c30a2811420159d72c2f0a9430f1f0294686.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191466

From: Vivek Kumbhar <vkumbhar@mvista.com>

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/openssl/CVE-2023-5678.patch       | 180 ++++++++++++++++++
 .../openssl/openssl_3.0.12.bb                 |   1 +
 2 files changed, 181 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
new file mode 100644
index 0000000000..796a4f8be9
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-5678.patch
@@ -0,0 +1,180 @@
+From db925ae2e65d0d925adef429afc37f75bd1c2017 Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Fri, 20 Oct 2023 09:18:19 +0200
+Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
+
+We already check for an excessively large P in DH_generate_key(), but not in
+DH_check_pub_key(), and none of them check for an excessively large Q.
+
+This change adds all the missing excessive size checks of P and Q.
+
+It's to be noted that behaviours surrounding excessively sized P and Q
+differ.  DH_check() raises an error on the excessively sized P, but only
+sets a flag for the excessively sized Q.  This behaviour is mimicked in
+DH_check_pub_key().
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/22518)
+
+(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
+
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017]
+CVE: CVE-2023-5678
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ crypto/dh/dh_check.c    | 12 ++++++++++++
+ crypto/dh/dh_err.c      |  3 ++-
+ crypto/dh/dh_key.c      | 12 ++++++++++++
+ crypto/err/openssl.txt  |  1 +
+ include/crypto/dherr.h  |  2 +-
+ include/openssl/dh.h    |  6 +++---
+ include/openssl/dherr.h |  3 ++-
+ 7 files changed, 33 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 7ba2bea..e20eb62 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+  */
+ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+ {
++    /* Don't do any checks at all with an excessively large modulus */
++    if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++        ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
++        *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
++        return 0;
++    }
++
++    if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
++        *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
++        return 1;
++    }
++
+     return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
+ }
+
+diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
+index 4152397..f76ac0d 100644
+--- a/crypto/dh/dh_err.c
++++ b/crypto/dh/dh_err.c
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the Apache License 2.0 (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+     "parameter encoding error"},
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
++    {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+     "unable to check generator"},
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index d84ea99..afc49f5 100644
+--- a/crypto/dh/dh_key.c
++++ b/crypto/dh/dh_key.c
+@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+         goto err;
+     }
+
++    if (dh->params.q != NULL
++        && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
++        ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
++        goto err;
++    }
++
+     if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
+         ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
+         return 0;
+@@ -267,6 +273,12 @@ static int generate_key(DH *dh)
+         return 0;
+     }
+
++    if (dh->params.q != NULL
++        && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
++        ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
++        return 0;
++    }
++
+     if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
+         ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
+         return 0;
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
+index e51504b..36de321 100644
+--- a/crypto/err/openssl.txt
++++ b/crypto/err/openssl.txt
+@@ -500,6 +500,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
+ DH_R_NO_PRIVATE_VALUE:100:no private value
+ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+ DH_R_PEER_KEY_ERROR:111:peer key error
++DH_R_Q_TOO_LARGE:130:q too large
+ DH_R_SHARED_INFO_ERROR:113:shared info error
+ DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+ DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
+diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
+index bb24d13..519327f 100644
+--- a/include/crypto/dherr.h
++++ b/include/crypto/dherr.h
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the Apache License 2.0 (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+diff --git a/include/openssl/dh.h b/include/openssl/dh.h
+index 6533260..50e0cf5 100644
+--- a/include/openssl/dh.h
++++ b/include/openssl/dh.h
+@@ -141,7 +141,7 @@ DECLARE_ASN1_ITEM(DHparams)
+ #   define DH_GENERATOR_3          3
+ #   define DH_GENERATOR_5          5
+
+-/* DH_check error codes */
++/* DH_check error codes, some of them shared with DH_check_pub_key */
+ /*
+  * NB: These values must align with the equivalently named macros in
+  * internal/ffc.h.
+@@ -151,10 +151,10 @@ DECLARE_ASN1_ITEM(DHparams)
+ #   define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+ #   define DH_NOT_SUITABLE_GENERATOR       0x08
+ #   define DH_CHECK_Q_NOT_PRIME            0x10
+-#   define DH_CHECK_INVALID_Q_VALUE        0x20
++#   define DH_CHECK_INVALID_Q_VALUE        0x20 /* +DH_check_pub_key */
+ #   define DH_CHECK_INVALID_J_VALUE        0x40
+ #   define DH_MODULUS_TOO_SMALL            0x80
+-#   define DH_MODULUS_TOO_LARGE            0x100
++#   define DH_MODULUS_TOO_LARGE            0x100 /* +DH_check_pub_key */
+
+ /* DH_check_pub_key error codes */
+ #   define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
+index 5d2a762..074a701 100644
+--- a/include/openssl/dherr.h
++++ b/include/openssl/dherr.h
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the Apache License 2.0 (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -50,6 +50,7 @@
+ #  define DH_R_NO_PRIVATE_VALUE                            100
+ #  define DH_R_PARAMETER_ENCODING_ERROR                    105
+ #  define DH_R_PEER_KEY_ERROR                              111
++#  define DH_R_Q_TOO_LARGE                                 130
+ #  define DH_R_SHARED_INFO_ERROR                           113
+ #  define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
+
+--
+2.40.1
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.12.bb b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
index d8c9b073a2..395cace2ec 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.12.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           file://CVE-2023-5678.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Wed Nov 29 23:04:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35398
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CF053C10DC1
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:18 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web11.57560.1701299116509854843
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=YBgt81nE;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-6cb66f23eddso309169b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299115;
 x=1701903915; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WXY/JlwvlfL6OdIZ8xIV7UNLHWXKsaCts5AakJGJXDM=;
        b=YBgt81nExvCQ3yhQ60sv2ZnmxwGV7gzq3ZTHfJh+mvogB16JfRAYBpyH+KLf8lbGOY
         /aHnyjr4rt87fK9WqOEHtv9viezgsAkMeT82FJaKiE/g7S+Ag1tMeGhdTfETb5bLpF2o
         wxr4hdUiusIOiCPIJe9eCjQXsCy8U9Ih93qfEFmEn/rzWV/NR0qXgj3s6NYYeHg9mTR8
         axsY04DRW1DV46EbuYkbh4uIMInDmdu5b+z7wWu9dsWu5nEYn/EL5LNx0b5mRch9ZXeP
         TF/i64tX89WjBL4y3JS5Zg1VTFAMSvmkJP3t6BnkRytZIFhDk9DHfdFrDGzBV2593hKz
         0zBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299115; x=1701903915;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=WXY/JlwvlfL6OdIZ8xIV7UNLHWXKsaCts5AakJGJXDM=;
        b=boYxpHhId5djao3wjnnRRbdn6in6FPrBYkoQkeDgRZZ6CPq5NgVb+K73aUZ4WQErQp
         8/DkTlSlazekNdR8flv8rz+gPnjugo4PJ2fGfD1MUW6IV75mhlNzAfCznZwamWHJhuNP
         kGB/iEsI5OZubk2nzexJpDf1gOMFjHCpTa6VOhd2cmR1P4wtrD9gCr1LcYbOfOjGEJfR
         +IsdmbAupBGPbn/6X2MXD7NIc7LM9tDEEp+s1DP1b7kWDzDbc0dC260/T30hQIHxZQoI
         Nr9wcZcNRbIZHEkw8pLFnxQg7cMl923Cr4eQ+ihXTJaMBJtKdY0CX5zLrnE92qDfQfOP
         d5Vg==
X-Gm-Message-State: AOJu0YwzT/Gc4we7TtadbVPZqVokb66qFEOwolBPZSH06omW46RHPGLZ
	THXvRAOBKfJpoARmJTnmj4tahLfaBSau+vIohEjcLA==
X-Google-Smtp-Source: 
 AGHT+IHX03ihzDOL3I3hA+RFYOMGm/F7g0uDB5I33CqQ7Op7HLGJaBur/0AASlowkXR6UW9KIh/qeA==
X-Received: by 2002:a05:6a21:3293:b0:18c:f9a7:6f75 with SMTP id
 yt19-20020a056a21329300b0018cf9a76f75mr6078143pzb.3.1701299115183;
        Wed, 29 Nov 2023 15:05:15 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.13
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:14 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 3/8] grub: fix CVE-2023-4693
Date: Wed, 29 Nov 2023 13:04:56 -1000
Message-Id: 
 <1bbbba098dba85ec1b875512d75f7eca9026e781.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191467

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2023-4693.patch            | 62 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
new file mode 100644
index 0000000000..1b6013d86d
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
@@ -0,0 +1,62 @@
+From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov <dfirblog@gmail.com>
+Date: Mon, 28 Aug 2023 16:32:33 +0300
+Subject: [PATCH] fs/ntfs: Fix an OOB read when reading data from the resident
+ $DATA attribute
+
+When reading a file containing resident data, i.e., the file data is stored in
+the $DATA attribute within the NTFS file record, not in external clusters,
+there are no checks that this resident data actually fits the corresponding
+file record segment.
+
+When parsing a specially-crafted file system image, the current NTFS code will
+read the file data from an arbitrary, attacker-chosen memory offset and of
+arbitrary, attacker-chosen length.
+
+This allows an attacker to display arbitrary chunks of memory, which could
+contain sensitive information like password hashes or even plain-text,
+obfuscated passwords from BS EFI variables.
+
+This fix implements a check to ensure that resident data is read from the
+corresponding file record segment only.
+
+Fixes: CVE-2023-4693
+
+Reported-by: Maxim Suhanov <dfirblog@gmail.com>
+Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
+CVE: CVE-2023-4693
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ grub-core/fs/ntfs.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index 7e43fd6..8f63c83 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
+     {
+       if (ofs + len > u32at (pa, 0x10))
+ 	return grub_error (GRUB_ERR_BAD_FS, "read out of range");
+-      grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
++
++      if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
++	return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
++
++      if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
++	return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
++
++      if (u16at (pa, 0x14) + u32at (pa, 0x10) >
++	  (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
++	return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
++
++      grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
+       return 0;
+     }
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index aaee8a1e03..e6c6cd98b4 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -39,6 +39,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://commands-boot-Add-API-to-pass-context-to-loader.patch \
            file://CVE-2022-28736-loader-efi-chainloader-Use-grub_loader_set_ex.patch \
 	   file://CVE-2023-4692.patch \
+           file://CVE-2023-4693.patch \
 "
 
 SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"

From patchwork Wed Nov 29 23:04:57 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35399
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D6BBAC46CA3
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:18 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web10.57640.1701299117934613369
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:18 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=oGjNacHV;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-1cfb3ee8bc7so3388025ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299117;
 x=1701903917; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=mKschNn/We33KA8i19Qd++hRUK+6p6AhyoeHfDKlSFY=;
        b=oGjNacHVI1/xUwyNpQOQOjMTCcENnj1Id3X45FXTrQanyM5r7Ui1e7+CLi82o1zyM+
         SSIE/6NabN9s22H92Rtfnywf14etLWiihu0SJedRSwwg9tWvAmpE3Aw87Z19HI9SaYrf
         KrpKY83aMKQY/WRVXkQ9fsgoy29WGnu5FcsmmNLYkdzpa0KWD6tKtA35ld4HDwqQlT0l
         dx5aO0IM4X1WAlcsdCc67C00Lp837J1w7rkzRsoiuq3HWPhTe9zlrX6MphF/WlAC17Xs
         pQMOszQcX2I1Mxn5tcSYDrv0MhisFa99yWaM3ANQW8Yqy/n4x8/ccXhrZ6voEzFOTDdX
         l2OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299117; x=1701903917;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=mKschNn/We33KA8i19Qd++hRUK+6p6AhyoeHfDKlSFY=;
        b=sy0VkxNsTVv6OxDSq7gDnMBj4u60hYUqsfU+vrzStUNJ6swb8hSknCqoJ59o7d7vhh
         WvWcgrPthbgpjYZw6jd+p9mtWLnHYMfQF8ssogWubV3GUEjiADYIr2Jftnrze2NBkUkA
         zXzR1uGsYWDEqulxuMx6JGL5d/2F+zTjD7YeP26gadiym0LdsbZNdIeh/AURFyUOCZ2L
         XNAUkXIjD6YZ+xKKXYTPG464TNUc4IOIwtym0a9wWxUDW7otMYf1HDCEmZ3Kkbq3aGAx
         qp+r0RBPUKJfTt6gCWAqByCPfmtEK85JSL0kTJMaO1hTctc3r/YxYYrTVF9UWrL6f9gJ
         JRKw==
X-Gm-Message-State: AOJu0YxmhrzwffyIk7D6JQ9/gsCu/BkKfEN+Wdd5+9x2Ohp2VIi/Re07
	i75Er4ZdvRZunbJv9bHpXSPI0YszRO8ypUXYNuRGsQ==
X-Google-Smtp-Source: 
 AGHT+IGuP/owgBEx2atJ+H1CUtuDHGn5mGki2Bh+kGjEB1Xsh/35ZG0ZDjfUy/I9EJLn+888XMIp1w==
X-Received: by 2002:a17:902:da86:b0:1cf:c901:5451 with SMTP id
 j6-20020a170902da8600b001cfc9015451mr14050059plx.14.1701299117082;
        Wed, 29 Nov 2023 15:05:17 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.16
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:16 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 4/8] vim: Improve locale handling
Date: Wed, 29 Nov 2023 13:04:57 -1000
Message-Id: 
 <b2e62fb4d52b019728a4920553fa24f4626b881a.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191468

From: Richard Purdie <richard.purdie@linuxfoundation.org>

When making checkouts from git, the timestamps can vary and occasionally two files
can end up with the same stamp. This triggers make to regenerate ru.cp1251.po from
ru.po for example. If it isn't regenerated, the output isn't quite the same leading
to reproducibility issues (CP1251 vs cp1251).

Since we added all locales to buildtools tarball now, we can drop the locale
restrictions too. We need to generate a native binary for the sjis conversion
tool so also tweak that.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 042c1a501b1dae5ddb31307b461be02c3591c589)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 58025828f2..38212a1fa6 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -40,22 +40,16 @@ do_configure () {
     cd src
     rm -f auto/*
     touch auto/config.mk
+    # git timestamps aren't reliable and we want to consistently regenerate these generated files
+    rm -f po/cs.cp1250.po po/ja.euc-jp.po po/ja.sjis.po po/ko.po po/pl.UTF-8.po po/pl.cp1250.po po/ru.cp1251.po po/sk.cp1250.po po/uk.cp1251.po po/zh_CN.po po/zh_CN.cp936.po po/zh_TW.po
     aclocal
     autoconf
     cd ..
     oe_runconf
     touch src/auto/configure
     touch src/auto/config.mk src/auto/config.h
-}
-
-do_compile() {
-    # We do not support fully / correctly the following locales.  Attempting
-    # to use these with msgfmt in order to update the ".desktop" files exposes
-    # this problem and leads to the compile failing.
-    for LOCALE in cs fr ko pl sk zh_CN zh_TW;do
-        echo -n > src/po/${LOCALE}.po
-    done
-    autotools_do_compile
+    # need a native tool, not a target one
+    ${BUILD_CC} src/po/sjiscorr.c -o src/po/sjiscorr
 }
 
 PACKAGECONFIG ??= "\

From patchwork Wed Nov 29 23:04:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35401
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D25BBC4167B
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:28 +0000 (UTC)
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
 by mx.groups.io with SMTP id smtpd.web11.57563.1701299120342655143
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:20 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=kI/mNG34;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f170.google.com with SMTP id
 d9443c01a7336-1cfb3ee8bc7so3388435ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299119;
 x=1701903919; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=mgNDBM9H6UEzcdtEeJAIsDjHjPbsl9yXoXQ1uoWPtfw=;
        b=kI/mNG34yozBg6OI1BfSBAByjg/NfIsfUE2WqEUzMMeFJEUP7vZbiktznPPnKc2xRC
         mFqxNuNnkUFFQ+MMw8bON4+1MuV1crOe6HWCLTUxWZ+r129zsfBaiKIhFL5VgWdQBWt7
         xUt4eqzzORA0X9ukoHeankkPSadVWTOMW8qRbsrv0dg+ORsKDlqNFvk49GiLTLMVzjpp
         m/KwMPoB3Wc0jbSZqJz2+6iuWn7vHlUJaz5TRLoMMIKcO4OT8q1n71L1VgKZoSyijhC5
         IDafMOEHrr69vue87lAF3wnmGnXFk4iVac9BwgsGhCNJ7/E1fSjkchthTHEX1NJSQp2T
         y5Kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299119; x=1701903919;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=mgNDBM9H6UEzcdtEeJAIsDjHjPbsl9yXoXQ1uoWPtfw=;
        b=u4erzdQ6BKZmuEhTSPQa9djQZ10U4+bJg8miWBpBTRyV8ESYXcoI4HvyV0ld8lMTfg
         JGruY49OPWxCEHR8KrfFf9jZwAI/O6E1Q84yiCGBWI95MTIVDr1SKBnJVq5NckH+A9kV
         kxCY2tDo5J/0OgydDYqSWUi/q/WqKSZedIk80IGBEQ1y3yClnyE90joQPlg9PxUzQfc6
         nR6HrkixZzaRNliwxYEOB9YazSrBNDyXDfyL9fy5t5c7iwWwthmX/fNm7y1qb+agTAM6
         cicdSTFASYQNL3oZsB1xtPj7gwzRs3kxCvEVbHEWxyhYDUa0+q0KgIhRG/7z4EBvFX51
         JrJQ==
X-Gm-Message-State: AOJu0YzzmxY70bbmPvqlrSNr2cUaB3/IS9uAOuMDc9r37rpa+mJWoemv
	vkrfGRIzlFrC8E4aUwfU9SlJSek9h3h+QG6CTnZVBg==
X-Google-Smtp-Source: 
 AGHT+IHQlEDal6XIZnDur6Vsc88ZeelrN1Yth5hmx+vjMOYdQVQuCFps7e97mMlu4UuhP9Isksboxg==
X-Received: by 2002:a17:903:451:b0:1cf:59b7:b035 with SMTP id
 iw17-20020a170903045100b001cf59b7b035mr18971026plb.21.1701299119008;
        Wed, 29 Nov 2023 15:05:19 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.18
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:18 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 5/8] vim: use upstream generated .po files
Date: Wed, 29 Nov 2023 13:04:58 -1000
Message-Id: 
 <3c1e35562c31b8fa94ea10d18ddfdb4267566bf3.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191469

A previous commit attempted to fix reproducibility errors by forcing
regeneration of .po files. Unfortunately this triggered a different
type of reproducibility issue.

Work around this by adjusting the timestamps of the troublesome .po
files so they are not regenerated and we use the shipped upstream
versions of the files.

The shipped version of ru.cp1251.po doesn't seem to have been created
with the vim tooling and specifies CP1251 instead of cp1251, fix that.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13d9551ba626f001c71bf908df16caf1d739cf13)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 38212a1fa6..888f8f0e5a 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -40,8 +40,10 @@ do_configure () {
     cd src
     rm -f auto/*
     touch auto/config.mk
-    # git timestamps aren't reliable and we want to consistently regenerate these generated files
-    rm -f po/cs.cp1250.po po/ja.euc-jp.po po/ja.sjis.po po/ko.po po/pl.UTF-8.po po/pl.cp1250.po po/ru.cp1251.po po/sk.cp1250.po po/uk.cp1251.po po/zh_CN.po po/zh_CN.cp936.po po/zh_TW.po
+    # git timestamps aren't reliable, so touch the shipped .po files so they aren't regenerated
+    touch -c po/cs.cp1250.po po/ja.euc-jp.po po/ja.sjis.po po/ko.po po/pl.UTF-8.po po/pl.cp1250.po po/ru.cp1251.po po/sk.cp1250.po po/uk.cp1251.po po/zh_CN.po po/zh_CN.cp936.po po/zh_TW.po
+    # ru.cp1251.po uses CP1251 rather than cp1251, fix that
+    sed -i -e s/CP1251/cp1251/ po/ru.cp1251.po
     aclocal
     autoconf
     cd ..

From patchwork Wed Nov 29 23:04:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35403
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DD3B3C10DC2
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:28 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web10.57644.1701299122166951003
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:22 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=lz5qRieB;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-1d01c45ffebso3508675ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299121;
 x=1701903921; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1JROZafmciNwQKae1JBXhlFOAeNUM5zktCgkzlpmItc=;
        b=lz5qRieBgTThRmB0oAVSxy+T7/cSsipAvUnx78ssvswMcLnTinzJf2j9zf1uU7vL24
         gqA51eYAuNsm53o5MGty1XLXmn4gDtz7RSplStbyPpOVCIdfNqEmFtxHwXeHLSv1ipSC
         +q+C0yFS1+B9wPBE06BXyabufV5wMDQUnM4/M2fIvKVzLofAu+NqI/CEz0QEDfx6rWoD
         IIANHtmbqapmVHWSfk1VSdqP+HF6cy90G8jH1R/j6B/JOLSJutOrAUbaQdfyiTC1sdEK
         An3tEuBWSpAGCShF0zN1sF7uzLM5dJEBioEPSqBjyAgbVpX6OnWYlUXC4CdcVJxp22vZ
         vAVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299121; x=1701903921;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1JROZafmciNwQKae1JBXhlFOAeNUM5zktCgkzlpmItc=;
        b=GUy1lQbKx/YnQqN22g+BBc5y7f+WcP5CYgHkNNdZv2uJF5GqSYtyOi2oiVlY2NxPoh
         vpQHEGSVhGo9KNQqeHlhQfUKdDclMrMt9udbVreq06zr8vbQriv9HTMWLXUSTEcuzvQX
         gabXZOaTvuw8hxSqo9o35FQJ3qy6jvgGT+o2Ud1s2C0YJaJ7IPxCPx/ms1BFw2REqK90
         0u5ECIP0evkYSh5Np+f0k3acsSkqEJM7OA9PFa61UStxWULJ9e/mNrC/IHcqzig5wkLe
         hbjfMX6t0XMDS5epKOyKb58f3DRuQ67gaTItg9wmxlYxNiJmMEn/FdKAyWkTBawJaoNv
         9ucw==
X-Gm-Message-State: AOJu0Yx7s9vSNBIZmJiBAgIGgZrHKz//22N+n6rEhsKwObojyNuLKKzS
	7R3nviMBPGYDj+qLdQWVY5nePqQw+Zixvxxb1y+MgA==
X-Google-Smtp-Source: 
 AGHT+IHtouORbIYNctNDoTpTIzhMg3IwiCs9UR9REgaxe9xmsYbq8UGpM/VpEp6Vfqy92yFbx+owWA==
X-Received: by 2002:a17:902:e54b:b0:1ce:6589:d1c0 with SMTP id
 n11-20020a170902e54b00b001ce6589d1c0mr25220862plf.46.1701299120920;
        Wed, 29 Nov 2023 15:05:20 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.19
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:20 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 6/8] vim: Upgrade 9.0.2048 -> 9.0.2068
Date: Wed, 29 Nov 2023 13:04:59 -1000
Message-Id: 
 <8c83a25494f99ebe63f59a267001e4a19d0a6b14.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191470

From: Archana Polampalli <archana.polampalli@windriver.com>

This includes CVE fix for CVE-2023-46246.
9198c1f2b (tag: v9.0.2068) patch 9.0.2068: [security] overflow in :history

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46246

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63bc72ccb63d2f8eb591d7cc481657a538f0fd42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 888f8f0e5a..a37310afd8 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".2048"
-SRCREV = "982ef16059bd163a77271107020defde0740bbd6"
+PV .= ".2068"
+SRCREV = "9198c1f2b1ddecde22af918541e0de2a32f0f45a"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"

From patchwork Wed Nov 29 23:05:00 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35402
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DDE3FC46CA0
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:28 +0000 (UTC)
Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com
 [209.85.210.170])
 by mx.groups.io with SMTP id smtpd.web11.57564.1701299124112465915
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:24 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=HD5dQ86l;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.170,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f170.google.com with SMTP id
 d2e1a72fcca58-6cdcd790f42so342642b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299123;
 x=1701903923; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=fpHFjmkyS2K1V5hhx7ewKap+ELp4nwJ1Iao9gHRAsP0=;
        b=HD5dQ86lwBE6UpTlj0yPSnjDVfMJQ813nRgt4B02Lj9VItQA6TB8lHork+KVm+Blck
         u9cOBzLB3o+k8SLJ4Qvo0B3QBWI6ECTFYClRP+8P9NsugNqVyEkjuOK2blOSyeh+gTBf
         eOl9vsPS4x13R8KrW5QGKuZPZtVhZMov4h3XUSRCnK5W1nsdZNvnnTgP+KfMU7/IMAj9
         4EX9H+bCFUzmF9K2ZDhPJrJ6NFiJYV/bl02uQtOH6NJ6LvWg3OLUIwfMOsKyM5pUC/Ol
         b3w7rfbLiW9QvGMsE41u7Pp9anxz5Fw/si3eh36+xUeCwai9v3pfASk0Qrp22dBmMIaV
         mCsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299123; x=1701903923;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=fpHFjmkyS2K1V5hhx7ewKap+ELp4nwJ1Iao9gHRAsP0=;
        b=a80mX+ivwiHoFqbbzVOSZCziMYY5pjay3Ldd+yxI/aTokm/b57/iPplw04w4WnWYWj
         tRTKrwaAYObWJrav+A660mGGDKJxw7S9wPKb29C44hZM4WuflKcX56yRwuhmuWTgPcmA
         tcA5my2P34xfkKAvT9+oMLYuJ4Dt//k6OgUDoQqoL8DNGJYk2R2DHHvDdwbTP5l+x6HS
         xSSGrKyQWTnum++tX1iunmm7OjuZHoGd+2+CmGLsdwy6D5Fdvnm2pGAyDGybmk+cMel9
         LWxAp287h+lpZoHuuIjN4Eoo94bO45KaCWRo4JHm+wXbpeH6Aa8wuGEA1IDBcDVxXX/4
         KRJA==
X-Gm-Message-State: AOJu0Yx/alThYizyuwgRwFJzKCumNK06vo6UosqFCazl2JpufJgsMCXc
	yvUpVccMbjy1OvpMSsADTiuTzk0TFLT4ZQFzEIBnIA==
X-Google-Smtp-Source: 
 AGHT+IFtrQhTBY5BP8/t7I8asPEt5kUgJTJAuNLEO+v6q5Vj0Ipfoey1L01+Ku9qHhnupjcaZ2gHJg==
X-Received: by 2002:a05:6a20:baa4:b0:18b:82cb:4092 with SMTP id
 fb36-20020a056a20baa400b0018b82cb4092mr16935384pzb.11.1701299122902;
        Wed, 29 Nov 2023 15:05:22 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.21
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:22 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 7/8] kernel-fitImage: Strip path component from
 dtb
Date: Wed, 29 Nov 2023 13:05:00 -1000
Message-Id: 
 <9a42349a176ca4d7a1bfab3425a0821dbcbd9368.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191471

From: Ninad Palsule <ninad@linux.ibm.com>

Machines that have added subdirectires to the KERNEL_DEVICETREE
recently, such as arm32 boards that were moved under subdirectories in
Linux 6.5, will have that subdirectory in the node name of the FIT. This
breaks existing systems that select a configuration in u-boot by it's
name.

Strip off the directory component from the device tree to preserve
compatibility.

(From OE-Core rev: 941ba1a132bafa9c9be855fb91fec96d8b06299f)

Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Ninad Palsule <ninad@linux.ibm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de> # backport to kirkstone
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-fitimage.bbclass | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 27e17db951..194d825b0e 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -542,6 +542,11 @@ fitimage_assemble() {
 				DTB_PATH="arch/${ARCH}/boot/$DTB"
 			fi
 
+			# Strip off the path component from the filename
+			if "${@'false' if oe.types.boolean(d.getVar('KERNEL_DTBVENDORED')) else 'true'}"; then
+				DTB=`basename $DTB`
+			fi
+
 			DTB=$(echo "$DTB" | tr '/' '_')
 
 			# Skip DTB if we've picked it up previously

From patchwork Wed Nov 29 23:05:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 35404
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E840AC10DC1
	for <webhook@archiver.kernel.org>; Wed, 29 Nov 2023 23:05:28 +0000 (UTC)
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
 by mx.groups.io with SMTP id smtpd.web10.57647.1701299126102952493
 for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:26 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=AUEcS8AA;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-1cf80a7be0aso3465575ad.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 29 Nov 2023 15:05:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1701299125;
 x=1701903925; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=a/umzPpFMv3ik3YrL7xum2IO2Ep4r8XYhwzpNxlpaiQ=;
        b=AUEcS8AAtFp3dOQ1vIqrvPXvU2pLapjgHPlXviDTAD//ijVAmFCZSPxx1ACGIVsmji
         bqFHRT8/GuwyUjB7CloeT1BGVhUYHnwNcjFkwOwoohWZCVg2i15YsjKcIWSM9UJnR9kh
         C6rlPuE1Q9PHJQuL6PUKtnbB02GvBEWTf96mjPF6Sm9zkGOfPlvFxW/SEfqMJpEWPx1E
         RbimY4X/mBVTyOPw8TpHbSLoNZO/PdqQ+kgvswPyBJ/vOCbkTmZkCfJkLxOWxwurTCmO
         D5049hTTQogpmMnlZIoiByrDGs6UQPwoM+VMccI/WabBqTrGn+AezhXRRx/48PxNROUo
         7X3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701299125; x=1701903925;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=a/umzPpFMv3ik3YrL7xum2IO2Ep4r8XYhwzpNxlpaiQ=;
        b=w4CB/cvfbu7i7yQhmpQ0gFVMy6Rmah2Xi9WLqrYmYTZs9OPdZ7hzSYt5s+AI63wUQw
         0UwiHtMXu9HEigQhzwiRuJYR1gzayJTQdT2govd0LK8cjBjv4CFauugANokmvTRMbagL
         AK5jIa+JRim7soyCqeRXYDn6A2pc3khA0r9vpRcYA4GYlzt8TPtt2I7NmlUjH2busEj2
         AwvaoGH9Y8sH+ZYpeneDmuMjoSQAHi+dwaJuVfQG66ec7j6MyV3t0wMyiVKCi9+8F2QQ
         p4bscy+mPHOPjXklZSelvv6hkMJBWGvJ99EgdNZmyieruW/ZRNh71nPBYjz3+dIUnmc9
         LU7g==
X-Gm-Message-State: AOJu0YzkhrS61zCjR0Q96ei6UQ75+xpxA6prP2j7pIoVJdgIodwlsmzj
	kWh8z4Nbm4XfmtEgp/8NTXBczyly8GtVQF9qJJslWg==
X-Google-Smtp-Source: 
 AGHT+IEQytTmtHOJCBUSaWrp3WKAT1KT9P+P8vOeyqwhowoLB7QYre6Ahd7HTiG3ud9bl10sbn1zTg==
X-Received: by 2002:a17:902:c38c:b0:1cf:d0fe:8e51 with SMTP id
 g12-20020a170902c38c00b001cfd0fe8e51mr12590819plg.29.1701299125215;
        Wed, 29 Nov 2023 15:05:25 -0800 (PST)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 u4-20020a17090341c400b001cfc9c926b7sm6918999ple.75.2023.11.29.15.05.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 15:05:24 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 8/8] systemtap_git: fix used uninitialized error
Date: Wed, 29 Nov 2023 13:05:01 -1000
Message-Id: 
 <11da43b58e19583a9bc16044309610cfb2e86469.1701299008.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1701299008.git.steve@sakoman.com>
References: <cover.1701299008.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Wed, 29 Nov 2023 23:05:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/191472

From: Li Wang <li.wang@windriver.com>

bpf-translate.cxx: error: 'this_column_size' may be used uninitialized in this function [-Werror=maybe-uninitialized]
bpf-translate.cxx: error: 'num' may be used uninitialized in this function [-Werror=maybe-uninitialized]

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...x-Prevent-Werror-maybe-uninitialized.patch | 53 +++++++++++++++++++
 .../recipes-kernel/systemtap/systemtap_git.bb |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch

diff --git a/meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch b/meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
new file mode 100644
index 0000000000..130eefab5d
--- /dev/null
+++ b/meta/recipes-kernel/systemtap/systemtap/0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch
@@ -0,0 +1,53 @@
+From df3425f51a512f65522522daf1f78c7fab0a63fd Mon Sep 17 00:00:00 2001
+From: Aaron Merey <amerey@redhat.com>
+Date: Fri, 25 Feb 2022 19:18:29 -0500
+Subject: [PATCH] bpf-translate.cxx: Prevent -Werror=maybe-uninitialized
+
+Two variables in bpf-translate.cxx can trigger -Werror=maybe-uninitialized.
+The code is designed so that uninitialized uses are not actually possible,
+but to convince gcc of this we move a throw statement and initialize one
+of the variables with a value.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=systemtap.git;a=commit;h=df3425f51a512f65522522daf1f78c7fab0a63fd]
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ bpf-translate.cxx | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/bpf-translate.cxx b/bpf-translate.cxx
+index 3f45c721f..1b63d6078 100644
+--- a/bpf-translate.cxx
++++ b/bpf-translate.cxx
+@@ -1203,7 +1203,7 @@ bpf_unparser::emit_asm_arg (const asm_stmt &stmt, const std::string &arg,
+     {
+       /* arg is a register number */
+       std::string reg = arg[0] == 'r' ? arg.substr(1) : arg;
+-      unsigned long num;
++      unsigned long num = ULONG_MAX;
+       bool parsed = false;
+       try {
+         num = stoul(reg, 0, 0);
+@@ -1941,8 +1941,6 @@ bpf_unparser::visit_foreach_loop(foreach_loop* s)
+   for (unsigned k = 0; k < arraydecl->index_types.size(); k++)
+     {
+       auto type = arraydecl->index_types[k];
+-      if (type != pe_long && type != pe_string)
+-        throw SEMANTIC_ERROR(_("unhandled foreach index type"), s->tok);
+       int this_column_size;
+       // PR23875: foreach should handle string keys
+       if (type == pe_long)
+@@ -1953,6 +1951,10 @@ bpf_unparser::visit_foreach_loop(foreach_loop* s)
+         {
+           this_column_size = BPF_MAXSTRINGLEN;
+         }
++      else
++        {
++          throw SEMANTIC_ERROR(_("unhandled foreach index type"), s->tok);
++        }
+       if (info.sort_column == k + 1) // record sort column
+         {
+           info.sort_column_size = this_column_size;
+-- 
+2.25.1
+
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb b/meta/recipes-kernel/systemtap/systemtap_git.bb
index ce86d5274d..c84fc27001 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -9,6 +9,7 @@ require systemtap_git.inc
 SRC_URI += "file://0001-improve-reproducibility-for-c-compiling.patch \
             file://0001-staprun-address-ncurses-6.3-failures.patch \
             file://0001-gcc12-c-compatibility-re-tweak-for-rhel6-use-functio.patch \
+            file://0001-bpf-translate.cxx-Prevent-Werror-maybe-uninitialized.patch \
            "
 
 DEPENDS = "elfutils"