From patchwork Mon Mar 18 02:21:45 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41130
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 20A0AC54E72
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:13 +0000 (UTC)
Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com
 [209.85.215.182])
 by mx.groups.io with SMTP id smtpd.web10.34187.1710728527124842419
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:07 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=JMoUKFq9;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.182,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f182.google.com with SMTP id
 41be03b00d2f7-5dca1efad59so2376690a12.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728526;
 x=1711333326; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wzynBdyw6z26v0/iS4sGS/7xmWL7rEV96yDY4K+7IuA=;
        b=JMoUKFq9npkgwOiCxZ/4+xnuqYugcQXU+8sUIQ4E/OI64Vfy3sH/e2S0aSIWOAiq/L
         y55rj+IBx7C03FRrTfbsimWou6P/wpyBae+zFhxlZ/2uT25YkKzbOMvu1xAFs2PQXLo3
         hnDgcOrOhPHbd8ldQ26MgUeTmXTffY8NFIvKQYbln21B/4585iQWlBmBNoiX87+wtWjL
         9Z9NyEb95TOoHBX7DfqUeNESV9k56cq8X48SByT3TFh6uGyIQ073ljqxaracC7qXNZ3+
         nDkEuR16DLE3A4VItbfTIwmvw9Uy1Bl24kfFPfgqOVJnhprhMgLINxk2gl39tSTNGFCJ
         RKbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728526; x=1711333326;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wzynBdyw6z26v0/iS4sGS/7xmWL7rEV96yDY4K+7IuA=;
        b=BqqPr/SW4mpiANzt9BbRIGbrlxQ0QVJz4vHRWZ/WWKaxAyy3bPgpQFGnwCeDO8+TrX
         U9EUse/ksCjSCeyc1KL5ioaQ91fqQo0N97pMhIf6E4bgNF7EES02P/rCPHmE97q0+fLj
         4BwVDFtE8jzeNaZa9BACl8F24CWF65BvG0VZ5rnHfvalEOXuviSQqK5hlqiqtmeEzNvw
         g5Y8db5Adbsa95YalTQ4PPahcQWcszFsxthLQ7lFvNyIfGyg0lF3zOs4LOPfMZP2TE2+
         /XPykefcDgwnaS1vE2EA3haN6G5gn6klkuIH5Jlgn4+WzEnYpIJisOYAPJVQkCD8ATTI
         qsJg==
X-Gm-Message-State: AOJu0YzSNLZBRxPRED9btgDGdHsFN20TNTktSRO05IdcJNXYjzSj6VI3
	WCv936nWFCU88ggQaUB/aFO6P31VMWsJCoCx+3fsf1HZq44dNqbVfmHh5eKCldh0+wpIw8qUqPe
	4dfRBsA==
X-Google-Smtp-Source: 
 AGHT+IFYDfTBdWpRErJVVpoL7po4YrJ9/E0gFGJVa9krDEY8TUge56DF+phInJWXvPh28yHMpVtd0Q==
X-Received: by 2002:a05:6a20:d485:b0:1a1:87a9:5caa with SMTP id
 im5-20020a056a20d48500b001a187a95caamr11606475pzb.29.1710728526013;
        Sun, 17 Mar 2024 19:22:06 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.05
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:05 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 01/14] cve-check: Log if CVE_STATUS set but not
 reported for component
Date: Sun, 17 Mar 2024 16:21:45 -1000
Message-Id: 
 <c1b3c3856c2bdf2d9d6dfbaccfce549396a8630a.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197276

From: Simone Weiß <simone.p.weiss@posteo.com>

Log if the CVE_STATUS is set for a CVE, but the cve is not reported for a
component. This should hopefully help to clean up not needed CVE_STATUS
settings.

Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 013d531a84fa08b6ae8a47bdf3ba1fa8f18ba270)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 5191d04303..56ba8bceef 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -418,6 +418,9 @@ def check_cves(d, patched_cves):
             cves_status.append([product, False])
 
     conn.close()
+    diff_ignore = list(set(cve_ignore) - set(cves_ignored))
+    if diff_ignore:
+        oe.qa.handle_error("cve_status_not_in_db", "Found CVE (%s) with CVE_STATUS set that are not found in database for this component" % " ".join(diff_ignore), d)
 
     if not cves_in_recipe:
         bb.note("No CVE records for products in recipe %s" % (pn))

From patchwork Mon Mar 18 02:21:46 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41131
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 18B6DC54E71
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:13 +0000 (UTC)
Received: from mail-oi1-f171.google.com (mail-oi1-f171.google.com
 [209.85.167.171])
 by mx.groups.io with SMTP id smtpd.web11.34065.1710728530095333962
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:10 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=UV1d0NN6;
 spf=softfail (domain: sakoman.com, ip: 209.85.167.171,
 mailfrom: steve@sakoman.com)
Received: by mail-oi1-f171.google.com with SMTP id
 5614622812f47-3c1a1e1e539so3340545b6e.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728529;
 x=1711333329; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wKjzlhYoDKfqgh7zmaoOyL0VFCPr9gmpuJw/XRCYONg=;
        b=UV1d0NN6iYke+Ig6i1G9cd2P1tcKPE2ESoNtvDtD2GcyDQqXkk8Vwi6TBm382LmXQC
         FyeBO4xIGfEyOAnNnacpJEz+iz0RiTQRlhC86bQnQ1ppSawB/pfiICSUDBrK4swNL0O+
         tzmQxrJtTz2SgN8XwR6uy0f6fKuu1XKMlpBNDZQti3jb1E8e9S0ZQpv+OLn+f2RJW8PO
         U1P23DyjYTW10OifstL88tXu78S1QhhKBSQXcLc4J7UQDaaxy5Iuy++B/HwGDkWMzY9n
         OXzGon4XlHeokFoeZBHhB7QsULNVA1j8Bqmascy0Ykpm/BL+eC46RrjxUuYR3NpYeT8K
         fZhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728529; x=1711333329;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wKjzlhYoDKfqgh7zmaoOyL0VFCPr9gmpuJw/XRCYONg=;
        b=BduBz1kqaVR3gFHZ+hyCqb9m/LkqL/78ruiAWvosNKBUOLSWB/GZKbLzbvL4WjZTaw
         ubM+aMW6KcPXccddD58ZTqWsuD7Hu9OysIVgHVu5r7pxsDqQIUD7FbfENsCtNXl30lQY
         GpmL2h81qR9S/9LeQtdZRa3GBOjc+kRnLQ+5RFtcR+EKPHdebZQYj2z6N1Ifx/MchGNW
         LbKWjZWuBuG2MTLbcHc4XkX3RaJiKziqwcDFHDmQzL8vvghRUsvHi8XNnAGLAVnakBKh
         mjCD2OwGOmy+uhCaucKqYLQdip0SMGYib6ZN2je8qwjNnzooa4s0g81IJYyCwpeTHH7Q
         4uiA==
X-Gm-Message-State: AOJu0Ywyg+/CrB39wIbPxFGRlfaIGQZamp2NGr9JxhPmLNjhXkSeqcVB
	g55TGXtIjO3K91UtE9QUuo+hrotb7DcaKCi40WOtWvtvrDc/Gz7rfHFpp5hWRTONHLizozleXkb
	tqWafPw==
X-Google-Smtp-Source: 
 AGHT+IFA8smF0PllqRG4qOjNKsOKV1OxD3CVnvoi6u9BcM/S5W8Y9KwVAgNF50qvtI+EZomY3OyYsw==
X-Received: by 2002:a05:6808:301e:b0:3c2:57a7:868d with SMTP id
 ay30-20020a056808301e00b003c257a7868dmr13049720oib.18.1710728527594;
        Sun, 17 Mar 2024 19:22:07 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.06
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:07 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 02/14] wpa-supplicant: Fix CVE-2023-52160
Date: Sun, 17 Mar 2024 16:21:46 -1000
Message-Id: 
 <7d0e3f31d2193b2b13a9fe3f368a172f4eaa7c48.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197278

From: Claus Stovgaard <claus.stovgaard@gmail.com>

PEAP client: Update Phase 2 authentication requirements. Also see
https://www.top10vpn.com/research/wifi-vulnerabilities/

Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 57b6a329df897de69ae8b90706d9fe37e0ed6d35)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...te-Phase-2-authentication-requiremen.patch | 213 ++++++++++++++++++
 .../wpa-supplicant/wpa-supplicant_2.10.bb     |   1 +
 2 files changed, 214 insertions(+)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
new file mode 100644
index 0000000000..620560d3c7
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
@@ -0,0 +1,213 @@
+From f6f7cead3661ceeef54b21f7e799c0afc98537ec Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 8 Jul 2023 19:55:32 +0300
+Subject: [PATCH] PEAP client: Update Phase 2 authentication requirements
+
+The previous PEAP client behavior allowed the server to skip Phase 2
+authentication with the expectation that the server was authenticated
+during Phase 1 through TLS server certificate validation. Various PEAP
+specifications are not exactly clear on what the behavior on this front
+is supposed to be and as such, this ended up being more flexible than
+the TTLS/FAST/TEAP cases. However, this is not really ideal when
+unfortunately common misconfiguration of PEAP is used in deployed
+devices where the server trust root (ca_cert) is not configured or the
+user has an easy option for allowing this validation step to be skipped.
+
+Change the default PEAP client behavior to be to require Phase 2
+authentication to be successfully completed for cases where TLS session
+resumption is not used and the client certificate has not been
+configured. Those two exceptions are the main cases where a deployed
+authentication server might skip Phase 2 and as such, where a more
+strict default behavior could result in undesired interoperability
+issues. Requiring Phase 2 authentication will end up disabling TLS
+session resumption automatically to avoid interoperability issues.
+
+Allow Phase 2 authentication behavior to be configured with a new phase1
+configuration parameter option:
+'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
+tunnel) behavior for PEAP:
+ * 0 = do not require Phase 2 authentication
+ * 1 = require Phase 2 authentication when client certificate
+   (private_key/client_cert) is no used and TLS session resumption was
+   not used (default)
+ * 2 = require Phase 2 authentication in all cases
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+CVE: CVE-2023-52160
+Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c]
+
+Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
+
+---
+ src/eap_peer/eap_config.h          |  8 ++++++
+ src/eap_peer/eap_peap.c            | 40 +++++++++++++++++++++++++++---
+ src/eap_peer/eap_tls_common.c      |  6 +++++
+ src/eap_peer/eap_tls_common.h      |  5 ++++
+ wpa_supplicant/wpa_supplicant.conf |  7 ++++++
+ 5 files changed, 63 insertions(+), 3 deletions(-)
+
+diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
+index 3238f74..047eec2 100644
+--- a/src/eap_peer/eap_config.h
++++ b/src/eap_peer/eap_config.h
+@@ -469,6 +469,14 @@ struct eap_peer_config {
+ 	 * 1 = use cryptobinding if server supports it
+ 	 * 2 = require cryptobinding
+ 	 *
++	 * phase2_auth option can be used to control Phase 2 (i.e., within TLS
++	 * tunnel) behavior for PEAP:
++	 * 0 = do not require Phase 2 authentication
++	 * 1 = require Phase 2 authentication when client certificate
++	 *  (private_key/client_cert) is no used and TLS session resumption was
++	 *  not used (default)
++	 * 2 = require Phase 2 authentication in all cases
++	 *
+ 	 * EAP-WSC (WPS) uses following options: pin=Device_Password and
+ 	 * uuid=Device_UUID
+ 	 *
+diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
+index 12e30df..6080697 100644
+--- a/src/eap_peer/eap_peap.c
++++ b/src/eap_peer/eap_peap.c
+@@ -67,6 +67,7 @@ struct eap_peap_data {
+ 	u8 cmk[20];
+ 	int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP)
+ 		  * is enabled. */
++	enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth;
+ };
+ 
+ 
+@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data,
+ 		wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding");
+ 	}
+ 
++	if (os_strstr(phase1, "phase2_auth=0")) {
++		data->phase2_auth = NO_AUTH;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Do not require Phase 2 authentication");
++	} else if (os_strstr(phase1, "phase2_auth=1")) {
++		data->phase2_auth = FOR_INITIAL;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Require Phase 2 authentication for initial connection");
++	} else if (os_strstr(phase1, "phase2_auth=2")) {
++		data->phase2_auth = ALWAYS;
++		wpa_printf(MSG_DEBUG,
++			   "EAP-PEAP: Require Phase 2 authentication for all cases");
++	}
+ #ifdef EAP_TNC
+ 	if (os_strstr(phase1, "tnc=soh2")) {
+ 		data->soh = 2;
+@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm)
+ 	data->force_peap_version = -1;
+ 	data->peap_outer_success = 2;
+ 	data->crypto_binding = OPTIONAL_BINDING;
++	data->phase2_auth = FOR_INITIAL;
+ 
+ 	if (config && config->phase1)
+ 		eap_peap_parse_phase1(data, config->phase1);
+@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
+ }
+ 
+ 
++static bool peap_phase2_sufficient(struct eap_sm *sm,
++				   struct eap_peap_data *data)
++{
++	if ((data->phase2_auth == ALWAYS ||
++	     (data->phase2_auth == FOR_INITIAL &&
++	      !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) &&
++	      !data->ssl.client_cert_conf) ||
++	     data->phase2_eap_started) &&
++	    !data->phase2_eap_success)
++		return false;
++	return true;
++}
++
++
+ /**
+  * eap_tlv_process - Process a received EAP-TLV message and generate a response
+  * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
+@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data,
+ 					   " - force failed Phase 2");
+ 				resp_status = EAP_TLV_RESULT_FAILURE;
+ 				ret->decision = DECISION_FAIL;
++			} else if (!peap_phase2_sufficient(sm, data)) {
++				wpa_printf(MSG_INFO,
++					   "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed");
++				resp_status = EAP_TLV_RESULT_FAILURE;
++				ret->decision = DECISION_FAIL;
+ 			} else {
+ 				resp_status = EAP_TLV_RESULT_SUCCESS;
+ 				ret->decision = DECISION_UNCOND_SUCC;
+@@ -887,8 +921,7 @@ continue_req:
+ 			/* EAP-Success within TLS tunnel is used to indicate
+ 			 * shutdown of the TLS channel. The authentication has
+ 			 * been completed. */
+-			if (data->phase2_eap_started &&
+-			    !data->phase2_eap_success) {
++			if (!peap_phase2_sufficient(sm, data)) {
+ 				wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+ 					   "Success used to indicate success, "
+ 					   "but Phase 2 EAP was not yet "
+@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
+ static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv)
+ {
+ 	struct eap_peap_data *data = priv;
++
+ 	return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&
+-		data->phase2_success;
++		data->phase2_success && data->phase2_auth != ALWAYS;
+ }
+ 
+ 
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index c1837db..a53eeb1 100644
+--- a/src/eap_peer/eap_tls_common.c
++++ b/src/eap_peer/eap_tls_common.c
+@@ -239,6 +239,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
+ 
+ 	sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
+ 
++	if (!phase2)
++		data->client_cert_conf = params->client_cert ||
++			params->client_cert_blob ||
++			params->private_key ||
++			params->private_key_blob;
++
+ 	return 0;
+ }
+ 
+diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h
+index 9ac0012..3348634 100644
+--- a/src/eap_peer/eap_tls_common.h
++++ b/src/eap_peer/eap_tls_common.h
+@@ -79,6 +79,11 @@ struct eap_ssl_data {
+ 	 * tls_v13 - Whether TLS v1.3 or newer is used
+ 	 */
+ 	int tls_v13;
++
++	/**
++	 * client_cert_conf: Whether client certificate has been configured
++	 */
++	bool client_cert_conf;
+ };
+ 
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
+index 6619d6b..d63f73c 100644
+--- a/wpa_supplicant/wpa_supplicant.conf
++++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1321,6 +1321,13 @@ fast_reauth=1
+ #	 * 0 = do not use cryptobinding (default)
+ #	 * 1 = use cryptobinding if server supports it
+ #	 * 2 = require cryptobinding
++#	'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
++#	tunnel) behavior for PEAP:
++#	 * 0 = do not require Phase 2 authentication
++#	 * 1 = require Phase 2 authentication when client certificate
++#	   (private_key/client_cert) is no used and TLS session resumption was
++#	   not used (default)
++#	 * 2 = require Phase 2 authentication in all cases
+ #	EAP-WSC (WPS) uses following options: pin=<Device Password> or
+ #	pbc=1.
+ #
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 46604045da..22028ce957 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch \
            file://0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch \
            file://0001-Install-wpa_passphrase-when-not-disabled.patch \
+           file://0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch \
            "
 SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
 

From patchwork Mon Mar 18 02:21:47 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41128
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 13047C54E69
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:13 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web10.34189.1710728529807525407
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:09 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=EGU/hQ2V;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-6e6f6825102so2591365b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728529;
 x=1711333329; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VMQjMlGNjPPlSP3KcyC7DHFgBrPdGdLyxrQr74lvlvs=;
        b=EGU/hQ2VznNauBUh7SsekqPLXDxwRJ1a6JEHhcny1uPaIZYa9VtBxgvY79vYe3L7xN
         WFaI1CoiJ1IOsd6bLOpnwkR5pSUnr80Py1K+yPqnIzCbRh0Y/EetIvJn6sZugOE8avbS
         jQcqGYzO+3KddTUgp1g20SlD64eUFe3RxtGS7t0J7oCIHsVOdAb6+LDrYgOzL63deNwM
         OYj4kknZeSfhRu46HHeG885+9insI8E2kW+5uMNnh4iUtlafhKm50CLGSuyuBvdfz9Db
         rtRXxbXQA4JwcriXjovJjm1VM0XET1k5zFwD6j7ijEzj3hdxHXG9mTkW0RcjYynOGZlw
         pCJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728529; x=1711333329;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VMQjMlGNjPPlSP3KcyC7DHFgBrPdGdLyxrQr74lvlvs=;
        b=fddfspxd8oiFqgnfNlKAgx8qqaJnKIpll1NcIj10tRhWArGdGaBH5Pc/BWB3aew4dd
         V7gWpCaiVkWaW4PHbRaRQ+kvxQiF52uk8YHhMYew4MG/qqY5UDdtmziOKEFPMNi/9lBB
         wAGyfvLvcqlmJBafF4SdxNlw49uikDsJgxGR7SiUrF+ei67yz05XiuZxryoqPlJVoQOT
         XExmUToYmif2Bj00XQ15JHGaIav4EHE+iV22LEikwJVTZJs6Ex0zDprgmK+Ayz/37SiG
         2RMwTlTM/gUswoJJgPbELqQrToRpPEWRl73cSEl5RMGNRoN31hxTP4PuoL1lHQEyb40u
         SU7w==
X-Gm-Message-State: AOJu0YzJffktJbjkumWd1ZNwN6ehxE6TYfIMaTvSfnzZubS8iexL0c+W
	atehicNK7Si2ZazsO3f00eNUUCWH5l1MvqgwtgZxqtfLdD5TrAaU8SjdSMZsnaMZQkpk1NF5l0O
	v/9J1Tg==
X-Google-Smtp-Source: 
 AGHT+IGRyp27dlwiISvpIFfH/vHjfJ8ZslL3NzlmNaBIJgk708IvzsoZov4LkzsjMypjnAelQB1RyA==
X-Received: by 2002:a05:6a00:1790:b0:6e6:4dfe:4c7 with SMTP id
 s16-20020a056a00179000b006e64dfe04c7mr15869542pfg.6.1710728529083;
        Sun, 17 Mar 2024 19:22:09 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.08
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:08 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 03/14] cve-update-nvd2-native: Fix typo in comment
Date: Sun, 17 Mar 2024 16:21:47 -1000
Message-Id: 
 <0c2e186e1ed8a904945066672e8e2af8b2ea284c.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197277

From: Yoann Congal <yoann.congal@smile.fr>

attmepts -> attempts

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc18aaeda8e810f9082a0ceac08e5e4275bbd0f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index bfe48b27e7..f21c139aa5 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -26,7 +26,7 @@ NVDCVE_API_KEY ?= ""
 # Use a negative value to skip the update
 CVE_DB_UPDATE_INTERVAL ?= "86400"
 
-# Number of attmepts for each http query to nvd server before giving up
+# Number of attempts for each http query to nvd server before giving up
 CVE_DB_UPDATE_ATTEMPTS ?= "5"
 
 CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"

From patchwork Mon Mar 18 02:21:48 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41132
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 51B80C54E69
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-oi1-f179.google.com (mail-oi1-f179.google.com
 [209.85.167.179])
 by mx.groups.io with SMTP id smtpd.web10.34191.1710728531409118721
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=zgs+skFX;
 spf=softfail (domain: sakoman.com, ip: 209.85.167.179,
 mailfrom: steve@sakoman.com)
Received: by mail-oi1-f179.google.com with SMTP id
 5614622812f47-3c1a2f7e1d2so2518047b6e.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728530;
 x=1711333330; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=wi5BCHgmwyVh34ICv3uc3jmpyEeK2NcF79kUjPg2v+w=;
        b=zgs+skFX0qRvhmP+bwDvpUqBr7z2nWVVJlwLahBHE82ScdK/vHJVNlPIt4LM6kfC5G
         PBV9pooeCgjCnSQqHXBKwBEtesM4tvwrZcwUNbOC+t1tLCmxYissPSQFcU3JxvW0bDH5
         KjhP9YOD71xCwebzLPdwP/Fqa/Ydx1fhykTRQI/ICHrKrX2rtfEgh+ikO3MAfY6lm3pu
         bN7IIjCl8372ee7CXOeVUHjcU+33m3WXhW2RYp+BElOWMmy0qS1Axxl5ywq02eaxVqjM
         /lVcabfLBwDiEtRbqhvKmbvDARDbzOSyNMsxYQML5VTQZynk9QknON0JbeCs9CNwytaC
         WB3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728530; x=1711333330;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wi5BCHgmwyVh34ICv3uc3jmpyEeK2NcF79kUjPg2v+w=;
        b=CH1TEXRpHptONwMdwh/kiJzp/PO1LKZsJF0/0lJwfglFgU3OkLUs/xbgymsaa5LeJ6
         VVbVxKNkaxnRA3X9P83uubJ9pVKbtfJ2eXCIAAa2jb9jFazR2qcc+fKo/UcothdKFS5N
         aIQxGBR+9D9Y1n+QbdnbDJXw8toCb7tZSebXlpW+WzlIBTEqHMvRho/FZ7gWs46a5GiR
         EhIsoBkqXyvvEcYUvNlWU2SvHAy0tFpTsXCpss1iCMvulNlMQYcqf23ekcW5YCNV2IzQ
         b2tu0HVmvJXRkoQZU68XRuwqGacaFJTyyj1yRimkSOH60pTQq8JJ9k/+6rW8H9ks+ClR
         65PA==
X-Gm-Message-State: AOJu0Ywcp7MNF9Bvn65EXBRTKf+0VPvsBt5Ji6iF78dR6YWrkdTaBpiW
	QGK3ulfoNP749xyX7X2p9Hj0dRkmuq7E2Yj+ZY1mFHvqDYrWLNMiXT/LiDLirt/U/YVlZyBHNgG
	ISppVig==
X-Google-Smtp-Source: 
 AGHT+IEkOttDyMT3Rtk5CpSjMv8qzCAuiINbvl7j7b3bTvChqSugcaWNhdCVYVKZrRA3rpbYP3Q1VQ==
X-Received: by 2002:a05:6808:4c8e:b0:3c2:39c8:435f with SMTP id
 lt14-20020a0568084c8e00b003c239c8435fmr11424487oib.51.1710728530623;
        Sun, 17 Mar 2024 19:22:10 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.09
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:10 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 04/14] cve-update-nvd2-native: Add an age
 threshold for incremental update
Date: Sun, 17 Mar 2024 16:21:48 -1000
Message-Id: 
 <665c880ff8be1b18c2abe8fa878643dfa64b7d3d.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197279

From: Yoann Congal <yoann.congal@smile.fr>

Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
specify the maximum age of the database for doing an incremental update
For older databases, a full re-download is done.

With a value of "0", this forces a full-redownload.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74c1765111b6610348eae4b7e41d7045ce58ef86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../meta/cve-update-nvd2-native.bb            | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index f21c139aa5..d565887498 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -26,6 +26,12 @@ NVDCVE_API_KEY ?= ""
 # Use a negative value to skip the update
 CVE_DB_UPDATE_INTERVAL ?= "86400"
 
+# CVE database incremental update age threshold, in seconds. If the database is
+# older than this threshold, do a full re-download, else, do an incremental
+# update. By default: the maximum allowed value from NVD: 120 days (120*24*60*60)
+# Use 0 to force a full download.
+CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000"
+
 # Number of attempts for each http query to nvd server before giving up
 CVE_DB_UPDATE_ATTEMPTS ?= "5"
 
@@ -172,18 +178,24 @@ def update_db_file(db_tmp_file, d, database_time):
 
     req_args = {'startIndex' : 0}
 
-    # The maximum range for time is 120 days
-    # Force a complete update if our range is longer
-    if (database_time != 0):
+    incr_update_threshold = int(d.getVar("CVE_DB_INCR_UPDATE_AGE_THRES"))
+    if database_time != 0:
         database_date = datetime.datetime.fromtimestamp(database_time, tz=datetime.timezone.utc)
         today_date = datetime.datetime.now(tz=datetime.timezone.utc)
         delta = today_date - database_date
-        if delta.days < 120:
+        if incr_update_threshold == 0:
+            bb.note("CVE database: forced full update")
+        elif delta < datetime.timedelta(seconds=incr_update_threshold):
             bb.note("CVE database: performing partial update")
+            # The maximum range for time is 120 days
+            if delta > datetime.timedelta(days=120):
+                bb.error("CVE database: Trying to do an incremental update on a larger than supported range")
             req_args['lastModStartDate'] = database_date.isoformat()
             req_args['lastModEndDate'] = today_date.isoformat()
         else:
             bb.note("CVE database: file too old, forcing a full update")
+    else:
+        bb.note("CVE database: no preexisting database, do a full download")
 
     with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
 

From patchwork Mon Mar 18 02:21:49 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41138
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A42EBC54E73
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com
 [209.85.210.44])
 by mx.groups.io with SMTP id smtpd.web11.34066.1710728532998911171
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=x+agqXAD;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.44,
 mailfrom: steve@sakoman.com)
Received: by mail-ot1-f44.google.com with SMTP id
 46e09a7af769-6e67cf739d0so1497127a34.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728532;
 x=1711333332; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=L1W8P+YHa0tYHZaZ41j6AyaPdxoNKtvn8GCrnpX4pwI=;
        b=x+agqXADAAre2/83KmvRKyP2cbsK4TpWyMhZNXtEXB2Ytekusfk4UCyGQNFh8uQJLs
         21KaS6WJUgVL0d3HQd74/JlnAnqEb6x3DZNEBhX6BCJUuDn4o61kcXF2MDgMxALH2eqh
         8PsiFUbgOrefSJS2R/PgDVQEpZ7oGm4lq572GDdEnhSWgcsIf01tlMkWlFC6iG+uwH9f
         a10tP8uT4CzjOJxe2xlTotnOdWZBnDsveK8FxeS1cMJO32F9OQcw5MN7Wuwz5nDakFHZ
         hlGos0d5JTADpygsbb/TnojZ6TEITxanBGXe1f7lRO9LZA6bYMq3mOwXq4HFDXUAbSGc
         KMew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728532; x=1711333332;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=L1W8P+YHa0tYHZaZ41j6AyaPdxoNKtvn8GCrnpX4pwI=;
        b=CJd7EL+sI2C4Ep0Dsunwd3CAOtVufLgQsVelKPNyMgjr+NaaOarDe2GEP4MtVINapS
         qiCxJMUkZCXbaEfcHlmx8q4OtOp/Bfv0tsUpouPjZQGGhIzWWH1tKpp7yssyrU9DJ5d3
         Lm9GSZvidH7/4/ESnwXpkdNBC2IwQRITT0ZGLDFTeH9mX/d6Lg8dcfbt2foX/6kAJghS
         IlqZQCVCrvyhWS6GmZLX68IDXqo7t6wdt6CNL/xPrQ2nMt7dUMBwT1AXX0La07F7QupQ
         ey1tr0NAkS4MfeJ6Ck3bP2V9uzqSxR4jOTJ8qzOVfL6RGmWMLJuc8o5Oaap2E4bAmeJ1
         SDng==
X-Gm-Message-State: AOJu0YwUh9ebznuN+SgruYXAMW7Q8+e1VcXuOBI7YtqmDodHhP3LDYBr
	6NJNJhwLaC6hg4j/zexBIp2KmnMAKHMGr2+4qoa7AEoH9CXLTFtHlBZE9DMzHEi9kmQD0oiQisw
	kXbkdHQ==
X-Google-Smtp-Source: 
 AGHT+IGlu74e0vDvxPIFmYodqR/ihM/SQmOCY6hcbIIq/qILzRwGa+TjBKWc0bZAm6huMvMaOyTbIA==
X-Received: by 2002:a9d:6e08:0:b0:6e6:7d92:d5ab with SMTP id
 e8-20020a9d6e08000000b006e67d92d5abmr7492620otr.10.1710728532113;
        Sun, 17 Mar 2024 19:22:12 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.11
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:11 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 05/14] cve-update-nvd2-native: Remove duplicated
 CVE_CHECK_DB_FILE definition
Date: Sun, 17 Mar 2024 16:21:49 -1000
Message-Id: 
 <572ee5512a3d8941c6842af451ca6c9bb75773d3.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197280

From: Yoann Congal <yoann.congal@smile.fr>

CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is
always inherited in cve-update-nvd2-native (There is a check line 40).

Remove it to avoid confusion. Otherwise, this should not change
anything.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f3f223885c17b7007c310273fc7c80b90a4105)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index d565887498..8bdb4a4b46 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -37,8 +37,6 @@ CVE_DB_UPDATE_ATTEMPTS ?= "5"
 
 CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
 
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
-
 python () {
     if not bb.data.inherits_class("cve-check", d):
         raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")

From patchwork Mon Mar 18 02:21:50 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41137
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 97F27C54E74
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com
 [209.85.215.176])
 by mx.groups.io with SMTP id smtpd.web11.34069.1710728534205296717
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:14 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=N8IJw64R;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.176,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f176.google.com with SMTP id
 41be03b00d2f7-5e4b775e1d6so2684834a12.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728533;
 x=1711333333; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LlF0xfcbVjc7bRjNrITLnkCHjGuUYBEIgIIr5Akhp7A=;
        b=N8IJw64RZK+C5q9ceA5R0l9FdxgrD4+09hpzlB4xB4iIr1qM5WxqLUWPQfWtx/uVNM
         Tleo481nbkyoaT77u3BzLOd0ZaPUnr8aYKkeLkRXstbsB1lBu2ECrlqR1/GyXRZxnwOo
         E+IXBvsSbw/qvL5Pk1CNoXYuAD+LYEyzNXzSubILDynJZxZTLjffOHUrJ+aZdNEFFiuc
         JxMX57dpjn3eLmEGS2p3MAzxqqmR9lUzGzvLpl/1WNYLxLDrWVa2B19/ocFKvmocTpNP
         aczYG8swsKjpFDIjLeEe5fN2jqLa4t2s88ZrbyIdDdTYUa51UO44O4IqEM0FvpU/lb2z
         AaSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728533; x=1711333333;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LlF0xfcbVjc7bRjNrITLnkCHjGuUYBEIgIIr5Akhp7A=;
        b=HhusJTTQ3Z+wzDU+hN+Vd+Whz/hxcopt8O3NXJhGdp2CAsvpiLnJ9UUIb6nK+c/Hhs
         dJshDgt++v9wf3SBNsEyTPm4uBcmGnkIjVAij1HasoQUQQe40xYD1KD83cvh0wl4fAQv
         KxaObjZ7wJEzG1rJC5uFidLswaH275Au/v5q+TOUdKZtbGdW44l1F8fmpjIR1YL5W1kv
         98l85BD9U0+MkE2RIZDNCvmXusb4/eBIcraEVBDzTTm3xt5Ekgc3J2LO7K3/G8a9zDbq
         v4c8ccAIRLcmfnTqRP4AkXQO9K25s9P3YhcjzDqc4503TlQA77R5udROmUVYH4ycfMfA
         Zulg==
X-Gm-Message-State: AOJu0YyLg8kzVKcQCry2pDD+hI346DMAMpKIKa5rQ7nV+HlprP5FsmY9
	VcjwgDSQf4do6laz7m5zOGABT1Z0fU3SdgH8Pzxba8Vc+y8F+y/v12ffpwggO8ZrRw2fke3mYBp
	VhDUoyA==
X-Google-Smtp-Source: 
 AGHT+IFE7Ztox9ccKJFVexFg0m4BGt8qDmySbzMpNXFxAIvzpLmMUHVp3bfYBjoFcyB70AVjsL6BCQ==
X-Received: by 2002:a05:6a20:93a7:b0:1a3:56df:b10f with SMTP id
 x39-20020a056a2093a700b001a356dfb10fmr7392435pzh.12.1710728533538;
        Sun, 17 Mar 2024 19:22:13 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.12
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:13 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 06/14] cve-update-nvd2-native: nvd_request_next:
 Improve comment
Date: Sun, 17 Mar 2024 16:21:50 -1000
Message-Id: 
 <c8ae1765e81f9dd8e95a251cfda9e4d820bb5630.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197281

From: Yoann Congal <yoann.congal@smile.fr>

Add a URL to the doc of the API used in the function.
... and fix a small typo dabase -> database

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e0157b3b81333a24abd31dbb23a6abebca3e7ba7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 8bdb4a4b46..5bba2219d6 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -123,7 +123,8 @@ def nvd_request_wait(attempt, min_wait):
 
 def nvd_request_next(url, attempts, api_key, args, min_wait):
     """
-    Request next part of the NVD dabase
+    Request next part of the NVD database
+    NVD API documentation: https://nvd.nist.gov/developers/vulnerabilities
     """
 
     import urllib.request

From patchwork Mon Mar 18 02:21:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41135
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 97EEAC54E72
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-il1-f175.google.com (mail-il1-f175.google.com
 [209.85.166.175])
 by mx.groups.io with SMTP id smtpd.web11.34073.1710728536161891790
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:16 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=w1WIBsXI;
 spf=softfail (domain: sakoman.com, ip: 209.85.166.175,
 mailfrom: steve@sakoman.com)
Received: by mail-il1-f175.google.com with SMTP id
 e9e14a558f8ab-36695f8029aso11073165ab.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728535;
 x=1711333335; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=i0TF8jgX0f1qGrQ5D0psLmgvj1Fpi9/7gqfo1Recj/g=;
        b=w1WIBsXI4V3HxP6rT5wP+UzN6k7hDJI+8aaFZjPfb17eB/9bEzAuyNhL8KTLoknMG8
         Z1KJEm4GTMpUfFF0T0/+GkcYD0rFBqdyJtf2d+JN759NAlh3dU6yWPv9a04zREZwTHh4
         YZ1bBFTqLB4HCAyjPZ2Ve7NNfeInesXKLgcaGrARmSZKvEWPITWNLoJ+80xHWVgQ9lDz
         rQawLGjUM2Wniq6XawEA5rJATLuTum1y9t+6WXiVnmULFO5d3Ub9vSvAUjkELPrh5yry
         qxq3A6Cao9dVf5s8k4TJxDJHIuK7rwgOntbHk2YF2e3ShyWgU0w/jvw27uwf66cFUvpa
         4QBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728535; x=1711333335;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=i0TF8jgX0f1qGrQ5D0psLmgvj1Fpi9/7gqfo1Recj/g=;
        b=kqvTE0Rkw0AQ9c7odCuDNDSJh8PKqQ9+jnlmwAsNB2jG+/JuNNR1YnugLDeXg7hFWF
         VIUey5hf1P5rjROPUcmjHts+leLarRuCJ2s7dOjJpKVqD6KD0NRrTP0ScwCLxGg4N9gL
         OByuKDLBxA+e2nUgk0UDMj0n78iqCeQAmK2PPeEAH5grSB933tgjvwp5rsOvkPs8y005
         pPPfCJZLtIwkUcPHMEJxuEv0ZuP5etveXRHdpWHJpwV6bCy1QJG8iwve5x+E+TOw8s0Q
         B2xJRiqXK3oW0yShCmExy2yv/7KAixA3oRREwH8Kx1VSXXotmUAUfRS+5LtsbmS3+1ft
         JCLw==
X-Gm-Message-State: AOJu0Yw/9F/gjmTYOwshEFNvcPc9PKo0HRedB5KKzKemApVeuFiv2fnd
	1GMOvxuUcZ93kxpyG+oylOmhHSe4Th6GEoEmLQrcmnlSZtDWmKdyWPpYNwQ0ozLg+GP7fHjEVC8
	5nhRkUQ==
X-Google-Smtp-Source: 
 AGHT+IFQ0qBf/+QK/3fS/VLvbG1bV03fw3WiXs01PTw9jCVZMSdbFQm1B7gSGiwMVXQofvOr0Heh2A==
X-Received: by 2002:a92:d312:0:b0:366:5af3:3e34 with SMTP id
 x18-20020a92d312000000b003665af33e34mr11098970ila.17.1710728535069;
        Sun, 17 Mar 2024 19:22:15 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.14
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:14 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 07/14] cve-update-nvd2-native: Fix CVE
 configuration update
Date: Sun, 17 Mar 2024 16:21:51 -1000
Message-Id: 
 <67c4d9d27f06a07eac46c0f2cba8cfa1691b0737.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197282

From: Yoann Congal <yoann.congal@smile.fr>

When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 5bba2219d6..4b8d01fe84 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -357,6 +357,10 @@ def update_db(conn, elt):
                 [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
 
     try:
+        # Remove any pre-existing CVE configuration. Even for partial database
+        # update, those will be repopulated. This ensures that old
+        # configuration is not kept for an updated CVE.
+        conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close()
         for config in elt['cve']['configurations']:
             # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
             for node in config["nodes"]:

From patchwork Mon Mar 18 02:21:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41134
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 73409C54E71
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-oo1-f42.google.com (mail-oo1-f42.google.com
 [209.85.161.42])
 by mx.groups.io with SMTP id smtpd.web10.34193.1710728537398723145
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=ESdKApHt;
 spf=softfail (domain: sakoman.com, ip: 209.85.161.42,
 mailfrom: steve@sakoman.com)
Received: by mail-oo1-f42.google.com with SMTP id
 006d021491bc7-5a485724ddaso1558961eaf.1
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728536;
 x=1711333336; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=S2CTucwdYy3ZRzqJuspiXjYOPeHlZVQkgWBUaptdRxs=;
        b=ESdKApHtFYAqdiIGqxEd+Eha6BrOSVaOYJZEpLzLl5Y0dLC7xzbWM7Bn3HsWGnJSl9
         yYA64+Ge2t92gcxnb2HEW4pt9ny9r5XDIhzc5ZjG9RLKjjrpiTKastNS7OfStr9kMVoX
         MnZKZxlvVdTaB1dAikfpU6uiGW49CWO0xygUCeQYI4VrG8H8puW1OxIc3pqUZjXm4eJp
         RbJaLgvIN1/+BCDQ8vt2lpq/GhY8mm2w7Ag4wtYrfejlOK5bQTIJUO1+w2jRgXEvgjDu
         hH2ZBogTxArZDxVgeRhsnPvxzVUIg2F8EjPgs4/kmps3OHYT1enfZuH24Ol0NH+0td8n
         NBJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728536; x=1711333336;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=S2CTucwdYy3ZRzqJuspiXjYOPeHlZVQkgWBUaptdRxs=;
        b=B6cjCSNE35I9wnQ0K/nhqwggExFbZ8PdB0A4i9QySIjE4KBDwCBQhW3Ey/Yk+7LLGY
         rSakPqvWXBBfqfvx1d/NzbVQu8sXJ7V2iyHJtns94NDNK0svONI3o0yQBdkivrvSPmkc
         +zfn0OTbjR4Zno4EVIBztHuJv043kZEbO881OpryBaGItAPRsMwGyml9denMZ8aOvbhR
         RhvhqN1ADK3ArROJ/iFWwgw4pJKx448cGmLXJODdmKo/F4ZOr1IBQXjQLGycOmUtxvY4
         TPk3FWsNOf5zlKozEpRG4FFISjihmmvlUpkbvRrcVfliQBCQWdqG1F8+zZPvEiDAiokq
         srpQ==
X-Gm-Message-State: AOJu0Yxyuoxbm9sO8qsjZw1eIZoSO5lBe9QR5+QeeMS+7JXK0R2QI+0N
	Y7Z7nlYL272Vg3qYSjCvH0Y8h7g9cM3oPAGNqXvdFlPVAU8fuINilhfaDJ5ugaJMo4tnTJhv+wX
	neBeRDw==
X-Google-Smtp-Source: 
 AGHT+IHf7UUS2yAeLH9qnowT0GdS+Due/+JemYpT5EyhVXhJMscVsxywlaV1F/ENW2YtMrCZK5xkFQ==
X-Received: by 2002:a05:6358:720f:b0:178:f895:5978 with SMTP id
 h15-20020a056358720f00b00178f8955978mr13261781rwa.10.1710728536558;
        Sun, 17 Mar 2024 19:22:16 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.15
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:16 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 08/14] cve-update-nvd2-native: Remove rejected CVE
 from database
Date: Sun, 17 Mar 2024 16:21:52 -1000
Message-Id: 
 <5b17b563908206667a7d14f390bd9b2de897774c.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197283

From: Yoann Congal <yoann.congal@smile.fr>

When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 4b8d01fe84..1901641965 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -324,6 +324,10 @@ def update_db(conn, elt):
     vectorString = None
     cveId = elt['cve']['id']
     if elt['cve']['vulnStatus'] ==  "Rejected":
+        c = conn.cursor()
+        c.execute("delete from PRODUCTS where ID = ?;", [cveId])
+        c.execute("delete from NVD where ID = ?;", [cveId])
+        c.close()
         return
     cveDesc = ""
     for desc in elt['cve']['descriptions']:

From patchwork Mon Mar 18 02:21:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41136
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 64F74C54E60
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com
 [209.85.167.169])
 by mx.groups.io with SMTP id smtpd.web11.34075.1710728538941465235
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:19 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=SX4IdafK;
 spf=softfail (domain: sakoman.com, ip: 209.85.167.169,
 mailfrom: steve@sakoman.com)
Received: by mail-oi1-f169.google.com with SMTP id
 5614622812f47-3c386c46068so399023b6e.2
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728538;
 x=1711333338; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=KlBjlRBPGgLBrKrkpWm+r6oEBb6SJGY2G6gw6/ALEZY=;
        b=SX4IdafKmjeQ3HAYy2pFCKLcQzyzMM8BH+E5HH0HsZrABglA/cEEK1soG0apBibsho
         ZQijvcyJd9CvzpbrIyio6AgUzTMb0VUT5nE2YjNtgy/eR0Nd4SsRrSVgdA9L3PE8iNSF
         9c2sBQkmOEm8hpGiDPHNT3L5mFQ5mFWJbjKZxs1GXuNtVruIZ0ufe414jKzEjeoq1C5I
         6ozF6NbfxYwd4wPnQXAUAz7BIPYoG9QwITv25hH84dXmyW8zAUb6NoJTPaCdJ0JdzSaW
         FPvWG+dWenzY5+tl6aehrm3LI8yuw6/jsBUWjdbG0VDcdAJdLjdbGfZ18oxIlh2mhB/H
         demw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728538; x=1711333338;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=KlBjlRBPGgLBrKrkpWm+r6oEBb6SJGY2G6gw6/ALEZY=;
        b=Ka5sSl/jSiM1w0H+/I3cMVKHmYVW04WOMvu4YukFeX34JMii45IorDgt8RvfVb2xry
         SKEYA6DQ8IOvS2Nbx1Mtv2RlciVLpsA9Xab/PAaRLOaltaYFU8u5j80Ho7d0xsTfwyZ9
         arH8N+3TuxemqRYrEX+V3yJ67KLU8Yy5Sb92ALYBwtVVB1f0Yi4h2EzEbIhXmIh9y+U6
         aKZmDaqgMx9elpMw8nhhXixNOHYIU74yBge4pVmAv55Pg8u8gb5zdGwUW0P6JX2B2zlz
         J7xRFskF4R2spFOp+OP77GYpAW04ldQiFwgZvqqTxHuf7zrwQdwXdHfHSuUBUwTqLkts
         ypjA==
X-Gm-Message-State: AOJu0YwJezVRqc6lNmkCm7GsXSKb+XyIkZnwuGWK/CFq6o+PC01b/qi6
	bJEmBy5sLLE1vSTWMJRzJAyV2PjlUULjFGFBl0A47JjpKxfrjT3la2fhigDjWYjDCtyjxss7UWI
	W6ev9Gw==
X-Google-Smtp-Source: 
 AGHT+IGq90sxtkiiLXuvMjkZHeEcmiMXNS64EDwBlx1fsIjizykWn3sMAcCKyKr9GFJdZyEW+cHEBA==
X-Received: by 2002:a05:6808:1453:b0:3c2:523c:a2b5 with SMTP id
 x19-20020a056808145300b003c2523ca2b5mr13782736oiv.4.1710728538111;
        Sun, 17 Mar 2024 19:22:18 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.17
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:17 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 09/14] openssl: upgrade to 3.1.5
Date: Sun, 17 Mar 2024 16:21:53 -1000
Message-Id: 
 <aeac11fa743567e185179b27b4700bbf8fcf06e1.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197284

From: Lee Chee Yang <chee.yang.lee@intel.com>

Changes between 3.1.4 and 3.1.5 [30 Jan 2024]
 * A file in PKCS12 format can contain certificates and keys and may
come from
   an untrusted source. The PKCS12 specification allows certain fields
to be
   NULL, but OpenSSL did not correctly check for this case. A fix has
been
   applied to prevent a NULL pointer dereference that results in OpenSSL
   crashing. If an application processes PKCS12 files from an untrusted
source
   using the OpenSSL APIs then that application will be vulnerable to
this
   issue prior to this fix.

   OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
   PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),
PKCS12_unpack_authsafes()
   and PKCS12_newpass().

   We have also fixed a similar issue in SMIME_write_PKCS7(). However
since this
   function is related to writing data we do not consider it security
   significant.

   ([CVE-2024-0727])
https://www.openssl.org/news/cl31.txt

drop fix_random_labels.patch as fixed in
https://github.com/openssl/openssl/commit/99630a1b08fd6464d95052dee4a3500afeb95867

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/openssl/fix_random_labels.patch   | 22 -------------------
 .../{openssl_3.1.4.bb => openssl_3.1.5.bb}    |  4 ++--
 2 files changed, 2 insertions(+), 24 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.1.4.bb => openssl_3.1.5.bb} (98%)

diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
deleted file mode 100644
index 78dcd81685..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-The perl script adds random suffixes to the local function names to ensure
-it doesn't clash with other parts of openssl. Set the random number seed
-to something predictable so the assembler files are generated consistently
-and our own reproducible builds tests pass.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
-Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-===================================================================
---- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
-+++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
-@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable    = (16 * 6);
- # ;;; Helper functions
- # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- 
-+# Ensure the local labels are reproduicble
-+srand(10000);
-+
- # ; Generates "random" local labels
- sub random_string() {
-   my @chars  = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.1.4.bb
rename to meta/recipes-connectivity/openssl/openssl_3.1.5.bb
index 0fe4e76808..05bfeac45e 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
@@ -11,7 +11,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
-           file://fix_random_labels.patch \
            file://0001-Added-handshake-history-reporting-when-test-fails.patch \
            "
 
@@ -19,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
+SRC_URI[sha256sum] = "6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -187,6 +186,7 @@ PTEST_BUILD_HOST_PATTERN = "perl_version ="
 do_install_ptest () {
 	install -d ${D}${PTEST_PATH}/test
 	install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+	install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
 	install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
 
 	# Prune the build tree

From patchwork Mon Mar 18 02:21:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41133
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 51A99C54E68
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:21 +0000 (UTC)
Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com
 [209.85.161.51])
 by mx.groups.io with SMTP id smtpd.web11.34077.1710728540546556090
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:20 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=OFiMrLhO;
 spf=softfail (domain: sakoman.com, ip: 209.85.161.51,
 mailfrom: steve@sakoman.com)
Received: by mail-oo1-f51.google.com with SMTP id
 006d021491bc7-5a4859178f1so1278532eaf.0
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728540;
 x=1711333340; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VRWIAhmeDI6nyUEP/TCxZq1+gUOnJzmbtpHZ3n+PU9w=;
        b=OFiMrLhOKG6jYKnKEtPff1/3iihq+aiAubGyHuYNxT1dhiSDks9KJ9/xMClb/au98r
         5JNK3ma7qypLvD8Ht1NuBEl94EJLY1OYzCJknTkZzcxbznmEVsdWuZ5lcXckWwubtD7j
         GXFawJVYgvHEfrHM1SH0Ez/OKBT11Be3juD4FlRZ0hWBpwVGbq4g6qiTnjvPI2ZKWla9
         5jUxVul6B1VzfAqPgPWUNM73bqRBXdzXBD+hd6aADMFZeISfj3QA6zvm6Yj0iNuXRhNr
         YJAV0vQQJwKYpfWOyD+ErgTmQ9DXd/vs9Jy6Nx4EswmJ/twUeZLOG0BTWo3updS/AVNF
         6URg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728540; x=1711333340;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VRWIAhmeDI6nyUEP/TCxZq1+gUOnJzmbtpHZ3n+PU9w=;
        b=tufOBK+UuXTAlXE/1VsHOgQC7XX2WjHZxkqFiA23zW2NpFL2nMXu7AH0wLPfTo33EU
         A+NH7W8tAMX8p7C9RxqfwdnAJ109JGqoByd+cpAFJ+ADE2JnokVpYFg2l0jdP2eBD/GS
         Cdc6G1EYNCOq+yEBiUDcoX/dhkqWZMEiTUd6KEafZgdD3iNFFgfkdTRICrt1yGi5stQy
         xIZ7uLjJQFViIutlSKoC6McQIwaU7bMgMUMoWaz9/meNBYstRVhZ7/F/uXjpLsn5TwDa
         z1tFQ3L7r8qbrEJnFYAxCXuqx2qIKgH0I8eEh10/FI98YiQw3cflZNS92/7SW3aBeT5Y
         s4Ag==
X-Gm-Message-State: AOJu0Yxy9g3CNzG9ifs+BRS3Ki1iKjSIjFGD/UhsXWxvia8vptHL5721
	CRqIziDApM3A7pPsslhYhSn9/2xxhxH06qbAoGeDlQkKb1Bg+VP7FXv8hjkQ5375i86DRJZESqV
	4i+Ggxg==
X-Google-Smtp-Source: 
 AGHT+IElNOenvGwq++ctwd4M0fC0yR7QJ6kKzqBn1dvqT3fO6qZMDDRH6E3lneMQ2u/5TbOoasFxcg==
X-Received: by 2002:a05:6358:789:b0:17e:f370:5308 with SMTP id
 n9-20020a056358078900b0017ef3705308mr1434630rwj.29.1710728539755;
        Sun, 17 Mar 2024 19:22:19 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.18
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:19 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 10/14] wireless-regdb: Upgrade 2023.09.01 ->
 2024.01.23
Date: Sun, 17 Mar 2024 16:21:54 -1000
Message-Id: 
 <a9a799a6ab27947071f76211901d5bde160e5894.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197285

From: Alex Kiernan <alex.kiernan@gmail.com>

Upstream maintainer has changed to Chen-Yu Tsai <wens@kernel.org>:

https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/

Note that fb768d3b13ff ("wifi: cfg80211: Add my certificate") and
3c2a8ebe3fe6 ("wifi: cfg80211: fix certs build to not depend on file
order") are required if you are using kernel signature verification.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit abf169fbbf8bab13224adf4c8bfa2e26607f360c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...eless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.09.01.bb => wireless-regdb_2024.01.23.bb} (88%)

diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb
similarity index 88%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb
index c09600ecbe..8fde236ab4 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2023.09.01.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.01.23.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491"
+SRC_URI[sha256sum] = "c8a61c9acf76fa7eb4239e89f640dee3e87098d9f69b4d3518c9c60fc6d20c55"
 
 inherit bin_package allarch
 
@@ -13,7 +13,7 @@ do_install() {
     install -d -m0755 ${D}${nonarch_libdir}/crda
     install -d -m0755 ${D}${sysconfdir}/wireless-regdb/pubkeys
     install -m 0644 regulatory.bin ${D}${nonarch_libdir}/crda/regulatory.bin
-    install -m 0644 sforshee.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/sforshee.key.pub.pem
+    install -m 0644 wens.key.pub.pem ${D}${sysconfdir}/wireless-regdb/pubkeys/wens.key.pub.pem
 
     install -m 0644 -D regulatory.db ${D}${nonarch_base_libdir}/firmware/regulatory.db
     install -m 0644 regulatory.db.p7s ${D}${nonarch_base_libdir}/firmware/regulatory.db.p7s

From patchwork Mon Mar 18 02:21:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41140
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9E797C54E68
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:31 +0000 (UTC)
Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com
 [209.85.210.50])
 by mx.groups.io with SMTP id smtpd.web11.34079.1710728542155120811
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:22 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Bp91N3f7;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.50,
 mailfrom: steve@sakoman.com)
Received: by mail-ot1-f50.google.com with SMTP id
 46e09a7af769-6e67d42422aso1472079a34.0
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728541;
 x=1711333341; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=lTiUdAn5NBgO0iw2m4OC/pEPvCzQ0nD8xwk349lYvrA=;
        b=Bp91N3f7l779fWcIWsJ/i9UAuNllQpxlvJbOql6AlDfUYxMPUyWxDyKsGMDpWIZJ0i
         Davg6BjDs2Q3QXze6l6QL0qCD1KAbrHZiV7ZjRgRn3Nv2y/cNF8u+BqZmXKzTEKY5cfF
         8hIfVXONN+krYF1Tr3HModiPtzx4BZOhDNA1bNyz4hBrxozg4gutISV/lwOj+NSOM8bh
         FGa4gcLifvLxoWo8srtqkfzCtJZqXxiVUM1Mc75GigxhDzd1QeqC8fWzDpGx3w6u6puc
         oRpybgdqsTPgZIJ/SJPR8EVBNIyYaFGaPlEjzMC/4Mg/e1yksTmyA96aAye+PneZBu1A
         CY/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728541; x=1711333341;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=lTiUdAn5NBgO0iw2m4OC/pEPvCzQ0nD8xwk349lYvrA=;
        b=gZ8rcbESQ1YvypUTFTr8xJca1EjpnQOZwh3Xiy5PE2HPSdq+tXReraHotJGqti2Iak
         VwFt7kapniK5CsYoaINGdvG9R8r0Cweb3iF/TyArgL9id18ZpuB364ixEy3eoRnusMP1
         kqKLVT0GiHKxE4MEJRBpsfdWDHnyZI+rCg9DjiBXCWb9dXzw0bqfzyfx3ZkIvKLuGd6X
         PFSn5E/izop9SxVRgZhY5abN8p/kt3k5yDwmsmBqUduXSjLnGTmsmPgYeKfz7Ps+QVEL
         N/X8eCBmFBCNcV0n9TQhFDFOmcQielpY6CjSm2+GxupnPem2TuklkjG4wJutyiS7mKEb
         Mm4A==
X-Gm-Message-State: AOJu0YyPpWlejpwMCoSPGxaUZXI3XPugRcZh5GXIQmTm4wOPG1Awq5FP
	EZAJ+hj+uP2LV8D//CkLwq73+13E4HLibfp20yC/eMK3/ZtY8Ued7VIxcQ9Q3pE2PDATbh86odj
	ARagWBg==
X-Google-Smtp-Source: 
 AGHT+IEZKQWU8c82ibMVKfCzDXd2iVc7GvpJwhK/Azuh9N92Ip4ygkqCenjCOZ4Loz5FIdHi7zu+zw==
X-Received: by 2002:a05:6830:1608:b0:6e6:8521:b72a with SMTP id
 g8-20020a056830160800b006e68521b72amr4686749otr.17.1710728541283;
        Sun, 17 Mar 2024 19:22:21 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.20
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:20 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 11/14] linux-firmware: upgrade 20231211 ->
 20240220
Date: Sun, 17 Mar 2024 16:21:55 -1000
Message-Id: 
 <0d506b892d299eaf9aeefb614245108128ce480e.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197286

From: Alexander Kanavin <alex.kanavin@gmail.com>

License-Update: additional files

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit add81ef0299ea5260f9bdc59ffc8f5cc0e74276f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...inux-firmware_20231211.bb => linux-firmware_20240220.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb
index 0ed4d91f8a..490c0ab89f 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20231211.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20240220.bb
@@ -91,7 +91,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     file://LICENCE.cadence;md5=009f46816f6956cfb75ede13d3e1cee0 \
                     file://LICENCE.cavium;md5=c37aaffb1ebe5939b2580d073a95daea \
                     file://LICENCE.chelsio_firmware;md5=819aa8c3fa453f1b258ed8d168a9d903 \
-                    file://LICENSE.cirrus;md5=bb18d943382abf8e8232a9407bfdafe0 \
+                    file://LICENSE.cirrus;md5=662ea2c1a8888f7d79ed7f27c27472e1 \
                     file://LICENCE.cnm;md5=93b67e6bac7f8fec22b96b8ad0a1a9d0 \
                     file://LICENCE.cw1200;md5=f0f770864e7a8444a5c5aa9d12a3a7ed \
                     file://LICENCE.cypress;md5=48cd9436c763bf873961f9ed7b5c147b \
@@ -151,7 +151,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "3113c4ea08e5171555f3bf49eceb5b07"
+WHENCE_CHKSUM  = "a344e6c28970fc7daafa81c10247aeb6"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -237,7 +237,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "96af7e4b5eabd37869cdb3dcbb7ab36911106d39b76e799fa1caab16a9dbe8bb"
+SRC_URI[sha256sum] = "bf0f239dc0801e9d6bf5d5fb3e2f549575632cf4688f4348184199cb02c2bcd7"
 
 inherit allarch
 

From patchwork Mon Mar 18 02:21:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41141
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D353DC54E71
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:31 +0000 (UTC)
Received: from mail-ot1-f48.google.com (mail-ot1-f48.google.com
 [209.85.210.48])
 by mx.groups.io with SMTP id smtpd.web11.34081.1710728543475423017
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:23 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Fu9k6gtR;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.48,
 mailfrom: steve@sakoman.com)
Received: by mail-ot1-f48.google.com with SMTP id
 46e09a7af769-6e69543fc1eso189905a34.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728542;
 x=1711333342; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LCBtKohTZylOy9H7C1WiZoYja6Q8AeZEkWVkmtNQj9s=;
        b=Fu9k6gtRcFHQ7gO86XPiEpAxLci5txAyptNCfD+eBxeKEFshBFhYEEPYU41RerWyCI
         DlvTb+/6O1DrihtirFycCrhF/V0NUZlHx/w/uSqgpyMXbwZ8b8HfA1CrsqIw3xV6XnOK
         Z/qggdnuQDq9GekDkBQ8kYDKboVX/udAJgKtvoe+QoVNAMSvaReSekWW5+QoBhjaiptC
         qxgtXIE/zAxnNOBnU4e55d9o9XdY8Ak1t816afNnxF8xhKxm6IHTUJ5k/1IxyLOv33ew
         /LTwgu2zG8JGk1kah2CFxy31f0unn7V5wejLPqicc2YbgzRReLCwg46VaufzZvdIqw5i
         VtWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728542; x=1711333342;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LCBtKohTZylOy9H7C1WiZoYja6Q8AeZEkWVkmtNQj9s=;
        b=W3o8NCJ8bgXOedPuv0hJCDbrmzBH8F4BD929/TC/ojo2loHZBK1Q41+cZbWB9Y2l0n
         jooP4tVVtHPXbpQTc6hTzCOG7eZ6AZ7yQUe9NKFcQ6qlgFsTRas9ti7HgK9MWv8vosQI
         whagpGf82gS0o2GV6p8SBKRmYZ9+i3GSWoufX6o1RnYZ1lRmItY48R/o5tYTzj4Q4XYB
         yAjENF9LsfO7rd3ThIF2pQhtkgnf0lbkhvoquz4s3KAwtGY09mn8JLDRNQnRSk/VKEOf
         +9u98EzUB8cp5uDNl4/WoV4fa8NWznQpHu18dxqH8Mrgc/mej0DtYKZxy1Ov3M2cTbMP
         1pWQ==
X-Gm-Message-State: AOJu0YwrBM6O2IYUDTYHVs5dWgEc7xNDNDkz8Kh/gjZw3MT+8EMBn1TX
	MM0OJkDfqrrbEPN+ZO+i6YvEnbzXfZxZz+8JY+ODoPeFL4+Bb4yeO8/sesnFzzjzP2UVy9t28dI
	kbovgQA==
X-Google-Smtp-Source: 
 AGHT+IEdazHtNYpRGPVEJ21l/MzsMr3quk+DmBSfYZ9oaOFO4nAs+IwwxYbkFfn7MO7yJuPXJiIg9w==
X-Received: by 2002:a05:6830:6e8c:b0:6e6:978e:26d with SMTP id
 ed12-20020a0568306e8c00b006e6978e026dmr365829otb.9.1710728542735;
        Sun, 17 Mar 2024 19:22:22 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.22
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:22 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 12/14] tzdata : Upgrade to 2024a
Date: Sun, 17 Mar 2024 16:21:56 -1000
Message-Id: 
 <e0f18bb696dc7266befd2fd6c46062c9d6a7ab59.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197287

From: Priyal Doshi <pdoshi@mvista.com>

Signed-off-by: Priyal Doshi <pdoshi@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5abbd0abf992ce8d11f3ae31fb1d83d97f5319fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/timezone/timezone.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index 2774e5e730..4734adcc08 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
 LICENSE = "PD & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
 
-PV = "2023d"
+PV = "2024a"
 
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \
@@ -16,5 +16,5 @@ S = "${WORKDIR}/tz"
 
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzcode.sha256sum] = "e9a5f9e118886d2de92b62bb05510a28cc6c058d791c93bd6b84d3292c3c161e"
-SRC_URI[tzdata.sha256sum] = "dbca21970b0a8b8c0ceceec1d7b91fa903be0f6eca5ae732b5329672232a08f3"
+SRC_URI[tzcode.sha256sum] = "80072894adff5a458f1d143e16e4ca1d8b2a122c9c5399da482cb68cba6a1ff8"
+SRC_URI[tzdata.sha256sum] = "0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3"

From patchwork Mon Mar 18 02:21:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41142
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AAD5CC54E69
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:31 +0000 (UTC)
Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com
 [209.85.167.178])
 by mx.groups.io with SMTP id smtpd.web10.34195.1710728546014708549
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=B85t0Wks;
 spf=softfail (domain: sakoman.com, ip: 209.85.167.178,
 mailfrom: steve@sakoman.com)
Received: by mail-oi1-f178.google.com with SMTP id
 5614622812f47-3c37d50adecso1345583b6e.0
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728545;
 x=1711333345; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4FFBPXBeDZxmg9WIrfGltp9RsfYGigeAeqmBuMuSioo=;
        b=B85t0WksjnNu/kcnhLArhvhiWFQtdSuy/WYkQ+Qz9XpqrC77Bg1TIPLUB5b8ovVcsT
         p0rlwMw4K1QsYM/BT+nHnUSPCx+NIV8oXD/FuiOTnqNrjCSnSSXSjExLxMmcJWyY9tzF
         Xq8g5ZkFMBbg5i3m5a6htXEPTEHWBv3o+dEr9Pq3aAFqhAuQqudDQUqAioFgxorOyz4v
         wadpWf4awizMevxEACsAqaLLgQRF3ME4zsthLm3263eMSLdPrDHa5tw4Q2Fx54uQD0iP
         YdyCiyx+8mrQ4MkatBoR5TN18MRUiDJ82o6P6bbpUxdbB+UzR0flE4zGU85f+TbMdWi4
         W9bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728545; x=1711333345;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4FFBPXBeDZxmg9WIrfGltp9RsfYGigeAeqmBuMuSioo=;
        b=W2cgCInw7riJfZTc9MVStGnYFPOdtqdJ1CYTLe3NG1KhNKtheLOtPtYFgBY4M5H/WO
         HfAVLQOtFmQQ/Da/bki08VLxHDxK33bFiR7mhMquen3O7GWHus/uxqpSCVgoafgf2K+I
         pDrteZu/iO49iMyF+lhd8vy46NJhmjZiWKyMNcrIiMZ/6Zt0Glv6SS+fG9gsUaecUqrQ
         pXGwcF9b/UbNUP1jySuywun0TJ0tcKriCXiPSJhGiqMWyEjBDOG/Fsp4HsPh4Ij/qLqg
         Ss77eeSaFTYgfqiK0f8RBaEd+hS1GEReYfX5Zzh6BdFNAGB8nTZvTUB+YopzpRK96i2M
         rIzw==
X-Gm-Message-State: AOJu0YyEMtRmmpEzvGrBVuDtIQHfmcsagIv+iapNhvAPcr4BkspcOWsO
	mCP9UkZbXmpXHlrYV5R8FFeuKIGwffzxaVpppyqHvjnzRKi1PMshjOJs44t8DzTdUQxOVpI89B5
	99DguVw==
X-Google-Smtp-Source: 
 AGHT+IGOlZOgaeVLJMYNfVlys9Yr9zjaklsnhC9oN01QJcpbe4yOKp4uBzuNLBxTan6HWLVHDA1N8g==
X-Received: by 2002:a05:6808:399b:b0:3c3:7f24:4537 with SMTP id
 gq27-20020a056808399b00b003c37f244537mr8710002oib.42.1710728544869;
        Sun, 17 Mar 2024 19:22:24 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:24 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 13/14] yocto-uninative: Update to 4.4 for glibc
 2.39
Date: Sun, 17 Mar 2024 16:21:57 -1000
Message-Id: 
 <eebb03d9409df143c68262264a7d3991f6e94a9a.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197288

From: Michael Halstead <mhalstead@linuxfoundation.org>

Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 56fdd8b79e2f7ec30d2cdcfa0c399a6553efac1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/yocto-uninative.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index eaa3e9b31c..4ac66fd506 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,10 +6,10 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_MAXGLIBCVERSION = "2.38"
-UNINATIVE_VERSION = "4.3"
+UNINATIVE_MAXGLIBCVERSION = "2.39"
+UNINATIVE_VERSION = "4.4"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec"
-UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd"
-UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030"
+UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec"
+UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc"
+UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302"

From patchwork Mon Mar 18 02:21:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 41139
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 99172C54E60
	for <webhook@archiver.kernel.org>; Mon, 18 Mar 2024 02:22:31 +0000 (UTC)
Received: from mail-oo1-f48.google.com (mail-oo1-f48.google.com
 [209.85.161.48])
 by mx.groups.io with SMTP id smtpd.web10.34197.1710728547667437966
 for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:27 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=rE4nj5An;
 spf=softfail (domain: sakoman.com, ip: 209.85.161.48,
 mailfrom: steve@sakoman.com)
Received: by mail-oo1-f48.google.com with SMTP id
 006d021491bc7-5a49261093cso968532eaf.3
        for <openembedded-core@lists.openembedded.org>;
 Sun, 17 Mar 2024 19:22:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1710728547;
 x=1711333347; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Tuzdavcj1ZhlgS93ltOXTguORUin5LTNZOhR3VUf+o8=;
        b=rE4nj5An3V2YIV2Ed/r9CbJM/fwSi+vtU7sBV5LJlI+WaFNqLSdq//9Z5HGkw8tzLl
         QwNr8kaiVfO5D/YkSXtMRwWuChhsx7UOuETpseqLo8rzWVr9hKCReCochoV0kGlcuK7p
         6BPdKPoqjQCedCAcY5mz6RLzhHFCj/LwpQvLTUdeIe4+pYMsp6BNPXXFUVe2U83dPMUv
         GvH1/N7qnmf4EZ9WEuMahMmQvaospeANi17ZpJ2tNR9/Q9UBxF6fuW40CMAwh6Nhc7ds
         J+2UCaI54hcf/sqdl7wH9wtCcDYoF8QuQp2d19mRUB7q7RrrFUpVXAOkF79NGl7i+t/q
         HF8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710728547; x=1711333347;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Tuzdavcj1ZhlgS93ltOXTguORUin5LTNZOhR3VUf+o8=;
        b=oHK8hCWpai9c+G04C62dF2DQ/9KJnEHmCVYrhcVP5I6WbOzY6NybD3mucLFPcwQvoM
         npEAJgQM+0dmL4dJvzvUQLt9s3r9A6iCsOIOk6Li6hHFHFOBfyguMzdx9YkSQ2iiBU+m
         nffXpr7mNJGTGfb8P+6PKsF/S1SiCYQ+CGtrwTMXMXhN6SQjAEuJvZhWPNruq8FGjt7F
         FQByRn9doa4NDySUVKVYalbabql77Y8RqCR7yqf/DXJ0N2aC5XUHpFEocl5kLOFd5jIO
         IhTHw5030vDYKbU+4Lbw1voSt91CZXLsOtRlAz4al5zKoKopSZd05U31QKHpB446Yb5y
         5ZwQ==
X-Gm-Message-State: AOJu0YwyUKPmyORnoopjO03qLD5k74ejsD96gIICSgc/9cHBn9N03EQ4
	HSPyI8p0aBTJEx02skjplOSA/GT6HL7lo+F6kGSvttZIb89zr+TQ+qem8cHvHqnHH3HNtWiWJox
	E1janwA==
X-Google-Smtp-Source: 
 AGHT+IHLsyWslrswkQBodtHBswPOH00pYj4IB04mYg20W3gtWvetOpvOIf5ZwpfgraU4+Dt9HCa5cg==
X-Received: by 2002:a05:6358:56a5:b0:17b:5712:70f2 with SMTP id
 o37-20020a05635856a500b0017b571270f2mr12505437rwf.11.1710728546611;
        Sun, 17 Mar 2024 19:22:26 -0700 (PDT)
Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 25-20020a630f59000000b005dc2ca5b667sm5953953pgp.10.2024.03.17.19.22.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 17 Mar 2024 19:22:26 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 14/14] core-image-ptest: Increase disk size to
 1.5G for strace ptest image
Date: Sun, 17 Mar 2024 16:21:58 -1000
Message-Id: 
 <719a155b7f85d4ee623f78c3e85ba987f9142290.1710728384.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1710728384.git.steve@sakoman.com>
References: <cover.1710728384.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 18 Mar 2024 02:22:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/197289

From: Khem Raj <raj.khem@gmail.com>

Autobuilder sees and intermittent failure on strace tests and it occurs
quite often therefore bump the size of image as the space requirement is
more now with parallel execution enabled.

[YOCTO #15370]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 02d31355b20f8f3e7bd1b71c9412988eca9ec4b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/images/core-image-ptest.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/images/core-image-ptest.bb b/meta/recipes-core/images/core-image-ptest.bb
index b6f5c2fd60..f2d0ae94b8 100644
--- a/meta/recipes-core/images/core-image-ptest.bb
+++ b/meta/recipes-core/images/core-image-ptest.bb
@@ -21,7 +21,7 @@ BBCLASSEXTEND = "${@' '.join(['mcextend:'+x for x in d.getVar('PTESTS').split()]
 IMAGE_OVERHEAD_FACTOR = "1.0"
 IMAGE_ROOTFS_EXTRA_SPACE = "324288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-mdadm = "1524288"
-IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1024288"
+IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-strace = "1524288"
 IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-lttng-tools = "1524288"
 
 # tar-ptest in particular needs more space