From patchwork Tue May 17 18:23:46 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 8123
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72D88C433FE
	for <webhook@archiver.kernel.org>; Tue, 17 May 2022 18:24:37 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web12.1071.1652811869435823935
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 May 2022 11:24:29 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112
 header.b=Bj40iTcG;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id x143so1547375pfc.11
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 May 2022 11:24:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20210112.gappssmtp.com; s=20210112;
        h=from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=yZFLv3QIxLbFg6v1d3RuI2qnZo+JR2jNstcLaLh3WHo=;
        b=Bj40iTcGpNmQu9v1TD+BpFT4ygmEh+zR/emYNWG7Rl5XtatsxVcjquYw6o+D3dN5bT
         uB467AJDm0qb9EHitiBbfBRUX0+V7N01blT6UUZSMW16Uml2iQZeLQ+Gyppg29BTkEwL
         IP/a9RuPgtJdpptzGhUN7m4sWc7i5XHcm6rRLB3lUcgA9eNk3w19BhP2etJlXoVgfwKp
         pAi9J7JpKDmFIDYJ2bk+f6ukUOWvr10YiM/ITqqMYI1ca20GXc5wBkbiiDSeEmld6Irc
         875u1bG5/eoADDjLtJNYQmOOtmRLxrrmifYxxqIvnGwtIDaL7pKfGyAR/TbmBQBjOoBf
         hitQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=yZFLv3QIxLbFg6v1d3RuI2qnZo+JR2jNstcLaLh3WHo=;
        b=l7vwuGqk50K7vCiH6q4Eh6jUUQKZ3iengWvUQ2FumrM79i9ywz/zcEAM6dU9Fuka7W
         dO2zy/wlv09GQ9kO/FU+W2sU8yXsZ2Wdnl/06dtj1HOShx4H6YR52WEtjh1Obt58exDh
         wSzEkILmSy2SmPFXkAwuiV6o09aD5NVTW6BOtPgulT5G2MWMAoixRjGR86RsknQu4LqC
         PRK0IMhG8nHW0p1CjugUW/9MTIx5PDgZAqEdHgrnBrkA1gUWHRJtOwX+qisYgdjpd3/i
         RLVEfJKxKo3moSkM1IriZHJvD1jSi01Wm5MBS3HqZjQ4zERktrXWPPZHE1UYNqcKG05+
         VwLA==
X-Gm-Message-State: AOAM532Ghil8cxoQDTecKmXZ/Qh1o4vcfKAERk5wXfeQ99y/SUgDaO6k
	juwWklIBKINhJZokNejNk8r+OtvxGhiX1hbp
X-Google-Smtp-Source: 
 ABdhPJxu/W3rFWeH1cVU0i7D9qPATpbvEt9xE66GsB/VLF7i12GGs9uOZ8bV9nx6XUahI8DmskdM7g==
X-Received: by 2002:a05:6a00:170c:b0:510:865f:bf34 with SMTP id
 h12-20020a056a00170c00b00510865fbf34mr23942837pfc.60.1652811867970;
        Tue, 17 May 2022 11:24:27 -0700 (PDT)
Received: from hexa.router0800d9.com (dhcp-72-253-6-214.hawaiiantel.net.
 [72.253.6.214])
        by smtp.gmail.com with ESMTPSA id
 f9-20020a170902684900b0015e8d4eb1d1sm9408188pln.27.2022.05.17.11.24.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 May 2022 11:24:27 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/31] Patch review
Date: Tue, 17 May 2022 08:23:46 -1000
Message-Id: <cover.1652811454.git.steve@sakoman.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 May 2022 18:24:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/165745

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Once again I've been proactive in cherry-picking security/bug fix version bumps for
select packages.  And as last time I've edited the commit messages to include
either the release notes or a commit list to make it easier to review the upgrade.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3673

The following changes since commit cb8647c08959abb1d6b7c2b3a34b4b415f66d7ee:

  build-appliance-image: Update to kirkstone head revision (2022-05-15 08:59:03 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE

Alexander Kanavin (11):
  systemd: upgrade 250.4 -> 250.5
  mesa: upgrade 22.0.0 -> 22.0.2
  bind: upgrade 9.18.1 -> 9.18.2
  cronie: upgrade 1.6.0 -> 1.6.1
  epiphany: upgrade 42.0 -> 42.2
  ffmpeg: upgrade 5.0 -> 5.0.1
  fribidi: upgrade 1.0.11 -> 1.0.12
  libinput: upgrade 1.19.3 -> 1.19.4
  sqlite3: upgrade 3.38.2 -> 3.38.3
  webkitgtk: upgrade 2.36.0 -> 2.36.1
  xwayland: upgrade 22.1.0 -> 22.1.1

Aryaman Gupta (1):
  e2fsprogs: update upstream status

Claudius Heine (1):
  overlayfs: add docs about skipping QA check & service dependencies

Davide Gardenal (6):
  freetype: backport patch for CVE-2022-27404
  freetype: backport patch for CVE-2022-27405
  freetype: backport patch for CVE-2022-27406
  qemu: backport patch for CVE-2021-4206
  qemu: backport patch for CVE-2021-4207
  base-passwd: Disable shell for default users

Dmitry Baryshkov (2):
  linux-firmware: upgrade 20220411 -> 20220509
  image.bbclass: allow overriding dependency on virtual/kernel:do_deploy

Felix Moessbauer (1):
  wic/plugins/rootfs: Fix permissions when splitting rootfs folders
    across partitions

Jiaqing Zhao (3):
  libxml2: Upgrade 2.9.13 -> 2.9.14
  sed: Specify shell for "nobody" user in run-ptest
  strace: Don't run ptest as "nobody"

Khem Raj (1):
  systemd: Fix build regression with latest update

Konrad Weihmann (1):
  linux-firmware: replace mkdir by install

Richard Purdie (3):
  vim: Upgrade 8.2.4681 -> 8.2.4912
  cairo: Add missing GPLv3 license checksum entry
  sanity: Don't warn about make 4.2.1 for mint

 meta/classes/image.bbclass                    |   7 +-
 meta/classes/overlayfs.bbclass                |  18 +-
 meta/classes/pypi.bbclass                     |   2 +
 meta/classes/sanity.bbclass                   |   2 +-
 ...1-avoid-start-failure-with-bind-user.patch |   0
 ...d-V-and-start-log-hide-build-options.patch |   0
 ...ching-for-json-headers-searches-sysr.patch |   0
 .../bind/{bind-9.18.1 => bind-9.18.2}/bind9   |   0
 .../{bind-9.18.1 => bind-9.18.2}/conf.patch   |   0
 .../generate-rndc-key.sh                      |   0
 ...t.d-add-support-for-read-only-rootfs.patch |   0
 .../make-etc-initd-bind-stop-work.patch       |   0
 .../named.service                             |   0
 .../bind/{bind_9.18.1.bb => bind_9.18.2.bb}   |   2 +-
 .../base-passwd/disable-shell.patch           |  57 ++++
 .../base-passwd/base-passwd_3.5.29.bb         |   1 +
 .../CVE-2022-23308-fix-regression.patch       |  99 -------
 .../libxml2/libxml-m4-use-pkgconfig.patch     |  21 +-
 .../{libxml2_2.9.13.bb => libxml2_2.9.14.bb}  |   5 +-
 ...md-boot_250.4.bb => systemd-boot_250.5.bb} |   0
 meta/recipes-core/systemd/systemd.inc         |   2 +-
 .../0001-Adjust-for-musl-headers.patch        |  98 ++++++-
 ...ass-correct-parameters-to-getdents64.patch |  10 +-
 ...e-Use-sockaddr-pointer-type-for-bind.patch |  46 ++++
 .../0002-Add-sys-stat.h-for-S_IFDIR.patch     |   8 +-
 ...002-don-t-use-glibc-specific-qsort_r.patch |  20 +-
 ...dd-__compare_fn_t-and-comparison_fn_.patch |  10 +-
 ...k-parse_printf_format-implementation.patch |  20 +-
 ...missing.h-check-for-missing-strndupa.patch | 151 +++++++++--
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |  12 +-
 ...008-add-missing-FTW_-macros-for-musl.patch |  17 +-
 ..._register_atfork-for-non-glibc-build.patch |   6 +-
 ...10-Use-uintmax_t-for-handling-rlim_t.patch |  16 +-
 ...sable-tests-for-missing-typedefs-in-.patch |   4 +-
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |  18 +-
 ...patible-basename-for-non-glibc-syste.patch |   4 +-
 ...uffering-when-writing-to-oom_score_a.patch |   4 +-
 ...compliant-strerror_r-from-GNU-specif.patch |  10 +-
 ...S_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch |   4 +-
 ...ype.h-add-__compar_d_fn_t-definition.patch |   2 +-
 ...definition-of-prctl_mm_map-structure.patch |   2 +-
 .../systemd/0019-Handle-missing-LOCK_EX.patch |   4 +-
 ...ible-pointer-type-struct-sockaddr_un.patch |   6 +-
 .../0021-test-json.c-define-M_PIl.patch       |   4 +-
 ...-not-disable-buffer-in-writing-files.patch | 239 ++++++++++-------
 .../0025-Handle-__cpu_mask-usage.patch        |   4 +-
 .../systemd/0026-Handle-missing-gshadow.patch |  16 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |  11 +-
 ...eepConfiguration-when-running-on-net.patch | 253 ------------------
 .../{systemd_250.4.bb => systemd_250.5.bb}    |   2 +-
 .../e2fsprogs/e2fsprogs/extents.patch         |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   2 +
 .../qemu/qemu/CVE-2021-4206.patch             |  89 ++++++
 .../qemu/qemu/CVE-2021-4207.patch             |  43 +++
 meta/recipes-devtools/strace/strace/run-ptest |   6 +-
 .../{cronie_1.6.0.bb => cronie_1.6.1.bb}      |   2 +-
 meta/recipes-extended/sed/sed/run-ptest       |   2 +-
 .../{epiphany_42.0.bb => epiphany_42.2.bb}    |   2 +-
 meta/recipes-graphics/cairo/cairo_1.16.0.bb   |   5 +-
 .../freetype/freetype/CVE-2022-27404.patch    |  48 ++++
 .../freetype/freetype/CVE-2022-27405.patch    |  41 +++
 .../freetype/freetype/CVE-2022-27406.patch    |  32 +++
 .../freetype/freetype_2.11.1.bb               |   6 +-
 .../{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb}  |   0
 meta/recipes-graphics/mesa/mesa.inc           |   2 +-
 .../mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb}   |   0
 ...{libinput_1.19.3.bb => libinput_1.19.4.bb} |   2 +-
 ...{xwayland_22.1.0.bb => xwayland_22.1.1.bb} |   2 +-
 ...01-Makefile-replace-mkdir-by-install.patch |  84 ++++++
 ...20220411.bb => linux-firmware_20220509.bb} |   9 +-
 .../ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} |   2 +-
 .../webkitgtk/add_missing_include.patch       |  19 --
 ...ebkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} |   3 +-
 .../{fribidi_1.0.11.bb => fribidi_1.0.12.bb}  |   2 +-
 .../{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb}  |   2 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/lib/wic/plugins/source/rootfs.py      |   5 +-
 77 files changed, 1015 insertions(+), 618 deletions(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.1 => bind-9.18.2}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.1.bb => bind_9.18.2.bb} (98%)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
 rename meta/recipes-core/libxml/{libxml2_2.9.13.bb => libxml2_2.9.14.bb} (96%)
 rename meta/recipes-core/systemd/{systemd-boot_250.4.bb => systemd-boot_250.5.bb} (100%)
 create mode 100644 meta/recipes-core/systemd/systemd/0001-resolve-Use-sockaddr-pointer-type-for-bind.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/0029-network-enable-KeepConfiguration-when-running-on-net.patch
 rename meta/recipes-core/systemd/{systemd_250.4.bb => systemd_250.5.bb} (99%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4206.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-4207.patch
 rename meta/recipes-extended/cronie/{cronie_1.6.0.bb => cronie_1.6.1.bb} (97%)
 rename meta/recipes-gnome/epiphany/{epiphany_42.0.bb => epiphany_42.2.bb} (94%)
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27404.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27405.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2022-27406.patch
 rename meta/recipes-graphics/mesa/{mesa-gl_22.0.0.bb => mesa-gl_22.0.2.bb} (100%)
 rename meta/recipes-graphics/mesa/{mesa_22.0.0.bb => mesa_22.0.2.bb} (100%)
 rename meta/recipes-graphics/wayland/{libinput_1.19.3.bb => libinput_1.19.4.bb} (95%)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.0.bb => xwayland_22.1.1.bb} (95%)
 create mode 100644 meta/recipes-kernel/linux-firmware/files/0001-Makefile-replace-mkdir-by-install.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220411.bb => linux-firmware_20220509.bb} (99%)
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.bb => ffmpeg_5.0.1.bb} (98%)
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/add_missing_include.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.36.0.bb => webkitgtk_2.36.1.bb} (98%)
 rename meta/recipes-support/fribidi/{fribidi_1.0.11.bb => fribidi_1.0.12.bb} (90%)
 rename meta/recipes-support/sqlite/{sqlite3_3.38.2.bb => sqlite3_3.38.3.bb} (86%)