[OE-core][kirkstone 00/14] Patch review

[OE-core][kirkstone 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 8.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5835

The following changes since commit 8ceaeff90023e51c7e874464f026b30d24035bda:
 
  python3-git: upgrade 3.1.27 -> 3.1.32 (2023-08-27 04:03:37 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Abe Kohandel (1):
  libdnf: resolve cstdint inclusion for newer gcc versions

Adrian Freihofer (1):
  json-c: fix CVE-2021-32292

Archana Polampalli (1):
  nasm: fix CVE-2020-21528

Changqing Li (1):
  sysklogd: fix integration with systemd-journald

Chee Yang Lee (3):
  libssh2: fix CVE-2020-22218
  file: fix CVE-2022-48554
  python3: upgrade to 3.10.13

Hitendra Prajapati (2):
  tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618
  libtiff: fix CVE-2023-26966 Buffer Overflow

Kai Kang (1):
  webkitgtk: fix CVE-2023-23529

Martin Jansa (1):
  efivar: backport 5 patches to fix build with gold

Meenali Gupta (1):
  busybox: fix CVE-2022-48174

Soumya Sambu (1):
  ncurses: fix CVE-2023-29491

Vijay Anusuri (1):
  inetutils: Backport fix for CVE-2023-40303

 ...ve-deprecated-add-needed-linker-flag.patch |  45 ++
 ...002-Add-T-workaround-for-GNU-ld-2.36.patch |  33 ++
 ...LL-C-to-force-English-output-from-ld.patch |  33 ++
 ...on-and-remove-not-needed-workarounds.patch |  45 ++
 ...mp-efi_well_known_-variable-handling.patch | 262 ++++++++++
 meta/recipes-bsp/efivar/efivar_38.bb          |   9 +-
 ...tpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 280 +++++++++++
 ...03-Indent-changes-in-previous-commit.patch | 254 ++++++++++
 .../inetutils/inetutils_2.2.bb                |   2 +
 .../busybox/busybox/CVE-2022-48174.patch      |  80 +++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   1 +
 .../ncurses/files/CVE-2023-29491.patch        | 464 ++++++++++++++++++
 .../ncurses/ncurses_6.3+20220423.bb           |   1 +
 .../file/file/CVE-2022-48554.patch            |  35 ++
 meta/recipes-devtools/file/file_5.41.bb       |   4 +-
 .../json-c/json-c/CVE-2021-32292.patch        |  30 ++
 meta/recipes-devtools/json-c/json-c_0.15.bb   |   1 +
 ...58-Don-t-assume-inclusion-of-cstdint.patch |  56 +++
 ...onNumber.hpp-add-missing-cstdint-inc.patch |  33 ++
 ...ite3-Sqlite3.hpp-add-missing-cstdint.patch |  36 ++
 meta/recipes-devtools/libdnf/libdnf_0.66.0.bb |   3 +
 .../nasm/nasm/CVE-2020-21528.patch            |  47 ++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb    |   1 +
 ...{python3_3.10.12.bb => python3_3.10.13.bb} |   2 +-
 ...KillMode-process-is-not-recommended-.patch |  33 ++
 ...-messages-lost-when-running-in-syste.patch |  75 +++
 .../sysklogd/sysklogd_2.3.0.bb                |   2 +
 .../libtiff/tiff/CVE-2023-26966.patch         |  35 ++
 .../libtiff/tiff/CVE-2023-2908.patch          |  33 ++
 .../libtiff/tiff/CVE-2023-3316.patch          |  59 +++
 .../libtiff/tiff/CVE-2023-3618-1.patch        |  34 ++
 .../libtiff/tiff/CVE-2023-3618-2.patch        |  47 ++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   5 +
 .../webkit/webkitgtk/CVE-2023-23529.patch     |  65 +++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |   1 +
 .../libssh2/libssh2/CVE-2020-22218.patch      |  34 ++
 .../recipes-support/libssh2/libssh2_1.10.0.bb |   1 +
 37 files changed, 2175 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch
 create mode 100644 meta/recipes-devtools/file/file/CVE-2022-48554.patch
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
 create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch
 rename meta/recipes-devtools/python/{python3_3.10.12.bb => python3_3.10.13.bb} (99%)
 create mode 100644 meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
 create mode 100644 meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch

-- 
2.34.1

[OE-core][kirkstone 01/14] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618

[Steve Sakoman]

From: Hitendra Prajapati <hprajapati@mvista.com>

Backport fixes for:
* CVE-2023-2908 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
* CVE-2023-3316 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536
* CVE-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/tiff/CVE-2023-2908.patch          | 33 +++++++++++
 .../libtiff/tiff/CVE-2023-3316.patch          | 59 +++++++++++++++++++
 .../libtiff/tiff/CVE-2023-3618-1.patch        | 34 +++++++++++
 .../libtiff/tiff/CVE-2023-3618-2.patch        | 47 +++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  4 ++
 5 files changed, 177 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
new file mode 100644
index 0000000000..cf94fd23d8
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-2908.patch
@@ -0,0 +1,33 @@
+From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
+From: xiaoxiaoafeifei <lliangliang2007@163.com>
+Date: Fri, 21 Apr 2023 13:01:34 +0000
+Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
+ applying zero offset to null pointer
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
+CVE: CVE-2023-2908
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 349dfe4..1402c8e 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -145,10 +145,10 @@ static uint16_t
+ countInkNamesString(TIFF *tif, uint32_t slen, const char *s)
+ {
+ 	uint16_t i = 0;
+-	const char *ep = s + slen;
+-	const char *cp = s;
+ 
+ 	if (slen > 0) {
++		const char *ep = s + slen;
++	        const char *cp = s;
+ 		do {
+ 			for (; cp < ep && *cp != '\0'; cp++) {}
+ 			if (cp >= ep)
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
new file mode 100644
index 0000000000..1aa4ba45ac
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3316.patch
@@ -0,0 +1,59 @@
+From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 3 Feb 2023 17:38:55 +0100
+Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
+
+Closes #515
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536]
+CVE: CVE-2023-3316
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_close.c | 11 +++++++----
+ tools/tiffcrop.c    |  5 ++++-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
+index 674518a..0fe7af4 100644
+--- a/libtiff/tif_close.c
++++ b/libtiff/tif_close.c
+@@ -118,13 +118,16 @@ TIFFCleanup(TIFF* tif)
+  */
+ 
+ void
+-TIFFClose(TIFF* tif)
++TIFFClose(TIFF *tif)
+ {
+-	TIFFCloseProc closeproc = tif->tif_closeproc;
+-	thandle_t fd = tif->tif_clientdata;
++    if (tif != NULL)
++    {
++        TIFFCloseProc closeproc = tif->tif_closeproc;
++        thandle_t fd = tif->tif_clientdata;
+ 
+ 	TIFFCleanup(tif);
+-	(void) (*closeproc)(fd);
++        (void)(*closeproc)(fd);
++    }
+ }
+ 
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index ce77c74..cd49660 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2548,7 +2548,10 @@ main(int argc, char* argv[])
+       }
+     }
+ 
+-  TIFFClose(out);
++    if (out != NULL)
++    {
++        TIFFClose(out);
++    }
+ 
+   return (0);
+   } /* end main */
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
new file mode 100644
index 0000000000..8f55d2b496
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
@@ -0,0 +1,34 @@
+From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 7 Mar 2023 15:02:08 +0800
+Subject: [PATCH] Fix memory leak in tiffcrop.c
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
+CVE: CVE-2023-3618
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index cd49660..0d02f56 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7839,8 +7839,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ 
+   read_buff = *read_buff_ptr;
+ 
++  /* Memory is freed before crop_buff_ptr is overwritten */
++    if (*crop_buff_ptr != NULL)
++    {
++	_TIFFfree(*crop_buff_ptr);
++    }
++
+   /* process full image, no crop buffer needed */
+-  crop_buff = read_buff;
+   *crop_buff_ptr = read_buff;
+   crop->combined_width = image->width;
+   crop->combined_length = image->length;
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch
new file mode 100644
index 0000000000..4179145722
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch
@@ -0,0 +1,47 @@
+From b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 5 May 2023 19:43:46 +0200
+Subject: [PATCH] Consider error return of writeSelections(). Fixes #553
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8]
+CVE: CVE-2023-3618
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 0d02f56..8cbeb68 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2459,9 +2459,15 @@ main(int argc, char* argv[])
+         {  /* Whole image or sections not based on output page size */
+         if (crop.selections > 0)
+           {
+-	  writeSelections(in, &out, &crop, &image, &dump, seg_buffs,
+-                          mp, argv[argc - 1], &next_page, total_pages);
+-          }
++             if (writeSelections(in, &out, &crop, &image, &dump,
++                                 seg_buffs, mp, argv[argc - 1],
++                                 &next_page, total_pages))
++              {
++                TIFFError("main",
++                          "Unable to write new image selections");
++                exit(EXIT_FAILURE);
++              }
++	  }
+ 	else  /* One file all images and sections */
+           {
+ 	  if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1],
+@@ -7842,7 +7848,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+   /* Memory is freed before crop_buff_ptr is overwritten */
+     if (*crop_buff_ptr != NULL)
+     {
+-	_TIFFfree(*crop_buff_ptr);
++       _TIFFfree(*crop_buff_ptr);
+     }
+ 
+   /* process full image, no crop buffer needed */
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 4796dfde24..8e69621afb 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -38,6 +38,10 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-25433.patch \
            file://CVE-2023-25434-CVE-2023-25435.patch \
            file://CVE-2023-26965.patch \
+           file://CVE-2023-2908.patch \
+           file://CVE-2023-3316.patch \
+           file://CVE-2023-3618-1.patch \
+           file://CVE-2023-3618-2.patch \
            "
 
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
-- 
2.34.1

[OE-core][kirkstone 02/14] inetutils: Backport fix for CVE-2023-40303

[Steve Sakoman]

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-commit: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
& https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...tpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 280 ++++++++++++++++++
 ...03-Indent-changes-in-previous-commit.patch | 254 ++++++++++++++++
 .../inetutils/inetutils_2.2.bb                |   2 +
 3 files changed, 536 insertions(+)
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch

diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
new file mode 100644
index 0000000000..7f5baf3637
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch
@@ -0,0 +1,280 @@
+From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001
+From: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Date: Fri, 30 Jun 2023 19:02:45 +0200
+Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check
+ set*id() return values
+
+Several setuid(), setgid(), seteuid() and setguid() return values
+were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially
+leading to potential security issues.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
+Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ ftpd/ftpd.c  | 10 +++++++---
+ src/rcp.c    | 39 +++++++++++++++++++++++++++++++++------
+ src/rlogin.c | 11 +++++++++--
+ src/rsh.c    | 25 +++++++++++++++++++++----
+ src/rshd.c   | 20 +++++++++++++++++---
+ src/uucpd.c  | 15 +++++++++++++--
+ 6 files changed, 100 insertions(+), 20 deletions(-)
+
+diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
+index 92b2cca5..28dd523f 100644
+--- a/ftpd/ftpd.c
++++ b/ftpd/ftpd.c
+@@ -862,7 +862,9 @@ end_login (struct credentials *pcred)
+   char *remotehost = pcred->remotehost;
+   int atype = pcred->auth_type;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
++
+   if (pcred->logged_in)
+     {
+       logwtmp_keep_open (ttyline, "", "");
+@@ -1151,7 +1153,8 @@ getdatasock (const char *mode)
+ 
+   if (data >= 0)
+     return fdopen (data, mode);
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
+   s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0);
+   if (s < 0)
+     goto bad;
+@@ -1978,7 +1981,8 @@ passive (int epsv, int af)
+   else	/* !AF_INET6 */
+     ((struct sockaddr_in *) &pasv_addr)->sin_port = 0;
+ 
+-  seteuid ((uid_t) 0);
++  if (seteuid ((uid_t) 0) == -1)
++    _exit (EXIT_FAILURE);
+   if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0)
+     {
+       if (seteuid ((uid_t) cred.uid))
+diff --git a/src/rcp.c b/src/rcp.c
+index 75adb253..cdcf8500 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -345,14 +345,23 @@ main (int argc, char *argv[])
+   if (from_option)
+     {				/* Follow "protocol", send data. */
+       response ();
+-      setuid (userid);
++
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       source (argc, argv);
+       exit (errs);
+     }
+ 
+   if (to_option)
+     {				/* Receive data. */
+-      setuid (userid);
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       sink (argc, argv);
+       exit (errs);
+     }
+@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[])
+ 	      if (response () < 0)
+ 		exit (EXIT_FAILURE);
+ 	      free (bp);
+-	      setuid (userid);
++
++	      if (setuid (userid) == -1)
++              {
++                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++              }
+ 	    }
+ 	  source (1, argv + i);
+ 	  close (rem);
+@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[])
+ 	  ++errs;
+ 	  continue;
+ 	}
+-      seteuid (userid);
++
++      if (seteuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++      }
++
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+       (void) getpeername (rem, (struct sockaddr *) &ss, &sslen);
+@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[])
+ #endif
+       vect[0] = target;
+       sink (1, vect);
+-      seteuid (effuid);
++
++      if (seteuid (effuid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++      }
++
+       close (rem);
+       rem = -1;
+ #ifdef SHISHI
+@@ -1441,7 +1464,11 @@ susystem (char *s, int userid)
+       return (127);
+ 
+     case 0:
+-      setuid (userid);
++      if (setuid (userid) == -1)
++      {
++        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++      }
++
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+     }
+diff --git a/src/rlogin.c b/src/rlogin.c
+index aa6426fb..c543de0c 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -647,8 +647,15 @@ try_connect:
+   /* Now change to the real user ID.  We have to be set-user-ID root
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+-  seteuid (uid);
+-  setuid (uid);
++  if (seteuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++  }
++
++  if (setuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++  }
+ 
+   doit (&osmask);	/* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 2d622ca4..6f60667d 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -276,8 +276,17 @@ main (int argc, char **argv)
+     {
+       if (asrsh)
+ 	*argv = (char *) "rlogin";
+-      seteuid (getuid ());
+-      setuid (getuid ());
++
++      if (seteuid (getuid ()) == -1)
++      {
++        error (EXIT_FAILURE, errno, "seteuid() failed");
++      }
++
++      if (setuid (getuid ()) == -1)
++      {
++        error (EXIT_FAILURE, errno, "setuid() failed");
++      }
++
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+     }
+@@ -541,8 +550,16 @@ try_connect:
+ 	error (0, errno, "setsockopt DEBUG (ignored)");
+     }
+ 
+-  seteuid (uid);
+-  setuid (uid);
++  if (seteuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, errno, "seteuid() failed");
++  }
++
++  if (setuid (uid) == -1)
++  {
++    error (EXIT_FAILURE, errno, "setuid() failed");
++  }
++
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+   sigaddset (&sigs, SIGINT);
+diff --git a/src/rshd.c b/src/rshd.c
+index d1c0d0cd..707790e7 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     pwd->pw_shell = PATH_BSHELL;
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+-  setegid ((gid_t) pwd->pw_gid);
+-  setgid ((gid_t) pwd->pw_gid);
++  if (setegid ((gid_t) pwd->pw_gid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setegid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
++
++  if (setgid ((gid_t) pwd->pw_gid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setgid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
++
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);	/* BSD groups */
+ #endif
+@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+     }
+ #endif /* WITH_PAM */
+ 
+-  setuid ((uid_t) pwd->pw_uid);
++  if (setuid ((uid_t) pwd->pw_uid) == -1)
++  {
++    rshd_error ("Cannot drop privileges (setuid() failed)\n");
++    exit (EXIT_FAILURE);
++  }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 107589e1..29cfce35 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen)
+   snprintf (Username, sizeof (Username), "USER=%s", user);
+   snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user);
+   dologin (pw, sap, salen);
+-  setgid (pw->pw_gid);
++
++  if (setgid (pw->pw_gid) == -1)
++  {
++    fprintf (stderr, "setgid() failed");
++    return;
++  }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen)
+       fprintf (stderr, "Login incorrect.");
+       return;
+     }
+-  setuid (pw->pw_uid);
++
++  if (setuid (pw->pw_uid) == -1)
++  {
++    fprintf (stderr, "setuid() failed");
++    return;
++  }
++
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
+ }
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
new file mode 100644
index 0000000000..4bc354d256
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch
@@ -0,0 +1,254 @@
+From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Mon, 31 Jul 2023 13:59:05 +0200
+Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit.
+
+CVE: CVE-2023-40303
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/rcp.c    | 42 ++++++++++++++++++++++++------------------
+ src/rlogin.c | 12 ++++++------
+ src/rsh.c    | 24 ++++++++++++------------
+ src/rshd.c   | 24 ++++++++++++------------
+ src/uucpd.c  | 16 ++++++++--------
+ 5 files changed, 62 insertions(+), 56 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index cdcf8500..652f22e6 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -347,9 +347,10 @@ main (int argc, char *argv[])
+       response ();
+ 
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
++	{
++	  error (EXIT_FAILURE, 0,
++		 "Could not drop privileges (setuid() failed)");
++	}
+ 
+       source (argc, argv);
+       exit (errs);
+@@ -358,9 +359,10 @@ main (int argc, char *argv[])
+   if (to_option)
+     {				/* Receive data. */
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
++	{
++	  error (EXIT_FAILURE, 0,
++		 "Could not drop privileges (setuid() failed)");
++	}
+ 
+       sink (argc, argv);
+       exit (errs);
+@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[])
+ 	      free (bp);
+ 
+ 	      if (setuid (userid) == -1)
+-              {
+-                error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-              }
++		{
++		  error (EXIT_FAILURE, 0,
++			 "Could not drop privileges (setuid() failed)");
++		}
+ 	    }
+ 	  source (1, argv + i);
+ 	  close (rem);
+@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[])
+ 	}
+ 
+       if (seteuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-      }
++	{
++	  error (EXIT_FAILURE, 0,
++		 "Could not drop privileges (seteuid() failed)");
++	}
+ 
+ #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT
+       sslen = sizeof (ss);
+@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[])
+       sink (1, vect);
+ 
+       if (seteuid (effuid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-      }
++	{
++	  error (EXIT_FAILURE, 0,
++		 "Could not drop privileges (seteuid() failed)");
++	}
+ 
+       close (rem);
+       rem = -1;
+@@ -1465,9 +1470,10 @@ susystem (char *s, int userid)
+ 
+     case 0:
+       if (setuid (userid) == -1)
+-      {
+-        error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-      }
++	{
++	  error (EXIT_FAILURE, 0,
++		 "Could not drop privileges (setuid() failed)");
++	}
+ 
+       execl (PATH_BSHELL, "sh", "-c", s, NULL);
+       _exit (127);
+diff --git a/src/rlogin.c b/src/rlogin.c
+index c543de0c..4360202f 100644
+--- a/src/rlogin.c
++++ b/src/rlogin.c
+@@ -648,14 +648,14 @@ try_connect:
+      to get the privileged port that rcmd () uses.  We now want, however,
+      to run as the real user who invoked us.  */
+   if (seteuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
+-  }
++    {
++      error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)");
++    }
+ 
+   if (setuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
+-  }
++    {
++      error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)");
++    }
+ 
+   doit (&osmask);	/* The old mask will activate SIGURG and SIGUSR1!  */
+ 
+diff --git a/src/rsh.c b/src/rsh.c
+index 6f60667d..179b47cd 100644
+--- a/src/rsh.c
++++ b/src/rsh.c
+@@ -278,14 +278,14 @@ main (int argc, char **argv)
+ 	*argv = (char *) "rlogin";
+ 
+       if (seteuid (getuid ()) == -1)
+-      {
+-        error (EXIT_FAILURE, errno, "seteuid() failed");
+-      }
++	{
++	  error (EXIT_FAILURE, errno, "seteuid() failed");
++	}
+ 
+       if (setuid (getuid ()) == -1)
+-      {
+-        error (EXIT_FAILURE, errno, "setuid() failed");
+-      }
++	{
++	  error (EXIT_FAILURE, errno, "setuid() failed");
++	}
+ 
+       execv (PATH_RLOGIN, argv);
+       error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN);
+@@ -551,14 +551,14 @@ try_connect:
+     }
+ 
+   if (seteuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, errno, "seteuid() failed");
+-  }
++    {
++      error (EXIT_FAILURE, errno, "seteuid() failed");
++    }
+ 
+   if (setuid (uid) == -1)
+-  {
+-    error (EXIT_FAILURE, errno, "setuid() failed");
+-  }
++    {
++      error (EXIT_FAILURE, errno, "setuid() failed");
++    }
+ 
+ #ifdef HAVE_SIGACTION
+   sigemptyset (&sigs);
+diff --git a/src/rshd.c b/src/rshd.c
+index 707790e7..3a153a18 100644
+--- a/src/rshd.c
++++ b/src/rshd.c
+@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ 
+   /* Set the gid, then uid to become the user specified by "locuser" */
+   if (setegid ((gid_t) pwd->pw_gid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setegid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
++    {
++      rshd_error ("Cannot drop privileges (setegid() failed)\n");
++      exit (EXIT_FAILURE);
++    }
+ 
+   if (setgid ((gid_t) pwd->pw_gid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setgid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
++    {
++      rshd_error ("Cannot drop privileges (setgid() failed)\n");
++      exit (EXIT_FAILURE);
++    }
+ 
+ #ifdef HAVE_INITGROUPS
+   initgroups (pwd->pw_name, pwd->pw_gid);	/* BSD groups */
+@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
+ #endif /* WITH_PAM */
+ 
+   if (setuid ((uid_t) pwd->pw_uid) == -1)
+-  {
+-    rshd_error ("Cannot drop privileges (setuid() failed)\n");
+-    exit (EXIT_FAILURE);
+-  }
++    {
++      rshd_error ("Cannot drop privileges (setuid() failed)\n");
++      exit (EXIT_FAILURE);
++    }
+ 
+   /* We'll execute the client's command in the home directory
+    * of locuser. Note, that the chdir must be executed after
+diff --git a/src/uucpd.c b/src/uucpd.c
+index 29cfce35..fde7b9c9 100644
+--- a/src/uucpd.c
++++ b/src/uucpd.c
+@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+   dologin (pw, sap, salen);
+ 
+   if (setgid (pw->pw_gid) == -1)
+-  {
+-    fprintf (stderr, "setgid() failed");
+-    return;
+-  }
++    {
++      fprintf (stderr, "setgid() failed");
++      return;
++    }
+ #ifdef HAVE_INITGROUPS
+   initgroups (pw->pw_name, pw->pw_gid);
+ #endif
+@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen)
+     }
+ 
+   if (setuid (pw->pw_uid) == -1)
+-  {
+-    fprintf (stderr, "setuid() failed");
+-    return;
+-  }
++    {
++      fprintf (stderr, "setuid() failed");
++      return;
++    }
+ 
+   execl (uucico_location, "uucico", NULL);
+   perror ("uucico server: execl");
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
index d8062e2b21..6f9173dbc1 100644
--- a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
@@ -22,6 +22,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
            file://inetutils-1.9-PATH_PROCNET_DEV.patch \
            file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
            file://CVE-2022-39028.patch \
+           file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \
+           file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \
 "
 
 inherit autotools gettext update-alternatives texinfo
-- 
2.34.1

[OE-core][kirkstone 03/14] libtiff: fix CVE-2023-26966 Buffer Overflow

[Steve Sakoman]

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libtiff/tiff/CVE-2023-26966.patch         | 35 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
new file mode 100644
index 0000000000..85764304f9
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
@@ -0,0 +1,35 @@
+From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Thu, 16 Feb 2023 12:03:16 +0100
+Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
+
+Closes #530
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9]
+CVE: CVE-2023-26966
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_luv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index 13765ea..40b2719 100644
+--- a/libtiff/tif_luv.c
++++ b/libtiff/tif_luv.c
+@@ -908,6 +908,13 @@ uv_encode(double u, double v, int em)	/* encode (u',v') coordinates */
+ {
+ 	register int	vi, ui;
+ 
++	/* check for NaN */
++	if (u != u || v != v)
++	{
++		u = U_NEU;
++		v = V_NEU;
++        }
++
+ 	if (v < UV_VSTART)
+ 		return oog_encode(u, v);
+ 	vi = tiff_itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
+-- 
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 8e69621afb..61d8142e41 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -42,6 +42,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2023-3316.patch \
            file://CVE-2023-3618-1.patch \
            file://CVE-2023-3618-2.patch \
+           file://CVE-2023-26966.patch \
            "
 
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
-- 
2.34.1

[OE-core][kirkstone 04/14] json-c: fix CVE-2021-32292

[Steve Sakoman]

From: Adrian Freihofer <adrian.freihofer@gmail.com>

This is a read past end of buffer issue in the json_parse test app,
which can happened with malformed json data. It's not an issue with the
library itself. For what ever reason this CVE has a base score of 9.8.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-32292

Upstream issue:
https://github.com/json-c/json-c/issues/654

The CVE is fixed with version 0.16 (which is already in all active
branches of poky).

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../json-c/json-c/CVE-2021-32292.patch        | 30 +++++++++++++++++++
 meta/recipes-devtools/json-c/json-c_0.15.bb   |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch

diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
new file mode 100644
index 0000000000..28da522115
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
@@ -0,0 +1,30 @@
+From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
+From: Marc <34656315+MarcT512@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+
+Fixes: CVE-2021-32292
+Issue: https://github.com/json-c/json-c/issues/654
+
+Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
+CVE: CVE-2021-32292
+
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622..72b31a8 100644
+--- a/apps/json_parse.c
++++ b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
+ 			int parse_end = json_tokener_get_parse_end(tok);
+ 			if (obj == NULL && jerr != json_tokener_continue)
+ 			{
+-				char *aterr = &buf[start_pos + parse_end];
++				char *aterr = (start_pos + parse_end < sizeof(buf)) ?
++					&buf[start_pos + parse_end] : "";
+ 				fflush(stdout);
+ 				int fail_offset = total_read - ret + start_pos + parse_end;
+ 				fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb
index 7cbed55b3b..4da30bc50c 100644
--- a/meta/recipes-devtools/json-c/json-c_0.15.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.15.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 SRC_URI = " \
     https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
     file://run-ptest \
+    file://CVE-2021-32292.patch \
 "
 
 SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"
-- 
2.34.1

[OE-core][kirkstone 05/14] ncurses: fix CVE-2023-29491

[Steve Sakoman]

From: Soumya Sambu <soumya.sambu@windriver.com>

Backport patch to fix CVE-2023-29491.

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ncurses/files/CVE-2023-29491.patch        | 464 ++++++++++++++++++
 .../ncurses/ncurses_6.3+20220423.bb           |   1 +
 2 files changed, 465 insertions(+)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-29491.patch

diff --git a/meta/recipes-core/ncurses/files/CVE-2023-29491.patch b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch
new file mode 100644
index 0000000000..0116959bbf
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch
@@ -0,0 +1,464 @@
+From eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 Mon Sep 17 00:00:00 2001
+From: Thomas E. Dickey <dickey@invisible-island.net>
+Date: Sun, 9 Apr 2023 05:38:25 +0530
+Subject: [PATCH] Fix CVE-2023-29491
+
+CVE: CVE-2023-29491
+
+Upstream-Status: Backport [http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ ncurses/tinfo/lib_tgoto.c  |  10 +++-
+ ncurses/tinfo/lib_tparm.c  | 116 ++++++++++++++++++++++++++++++++-----
+ ncurses/tinfo/read_entry.c |   3 +
+ progs/tic.c                |   6 ++
+ progs/tparm_type.c         |   9 +++
+ progs/tparm_type.h         |   2 +
+ progs/tput.c               |  61 ++++++++++++++++---
+ 7 files changed, 185 insertions(+), 22 deletions(-)
+
+diff --git a/ncurses/tinfo/lib_tgoto.c b/ncurses/tinfo/lib_tgoto.c
+index 9cf5e100..c50ed4df 100644
+--- a/ncurses/tinfo/lib_tgoto.c
++++ b/ncurses/tinfo/lib_tgoto.c
+@@ -207,6 +207,14 @@ tgoto(const char *string, int x, int y)
+ 	result = tgoto_internal(string, x, y);
+     else
+ #endif
+-	result = TIPARM_2(string, y, x);
++    if ((result = TIPARM_2(string, y, x)) == NULL) {
++	/*
++	 * Because termcap did not provide a more general solution such as
++	 * tparm(), it was necessary to handle single-parameter capabilities
++	 * using tgoto().  The internal _nc_tiparm() function returns a NULL
++	 * for that case; retry for the single-parameter case.
++	 */
++	result = TIPARM_1(string, y);
++    }
+     returnPtr(result);
+ }
+diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c
+index d9bdfd8f..a10a3877 100644
+--- a/ncurses/tinfo/lib_tparm.c
++++ b/ncurses/tinfo/lib_tparm.c
+@@ -1086,6 +1086,64 @@ tparam_internal(TPARM_STATE *tps, const char *string, TPARM_DATA *data)
+     return (TPS(out_buff));
+ }
+ 
++#ifdef CUR
++/*
++ * Only a few standard capabilities accept string parameters.  The others that
++ * are parameterized accept only numeric parameters.
++ */
++static bool
++check_string_caps(TPARM_DATA *data, const char *string)
++{
++    bool result = FALSE;
++
++#define CHECK_CAP(name) (VALID_STRING(name) && !strcmp(name, string))
++
++    /*
++     * Disallow string parameters unless we can check them against a terminal
++     * description.
++     */
++    if (cur_term != NULL) {
++	int want_type = 0;
++
++	if (CHECK_CAP(pkey_key))
++	    want_type = 2;	/* function key #1, type string #2 */
++	else if (CHECK_CAP(pkey_local))
++	    want_type = 2;	/* function key #1, execute string #2 */
++	else if (CHECK_CAP(pkey_xmit))
++	    want_type = 2;	/* function key #1, transmit string #2 */
++	else if (CHECK_CAP(plab_norm))
++	    want_type = 2;	/* label #1, show string #2 */
++	else if (CHECK_CAP(pkey_plab))
++	    want_type = 6;	/* function key #1, type string #2, show string #3 */
++#if NCURSES_XNAMES
++	else {
++	    char *check;
++
++	    check = tigetstr("Cs");
++	    if (CHECK_CAP(check))
++		want_type = 1;	/* style #1 */
++
++	    check = tigetstr("Ms");
++	    if (CHECK_CAP(check))
++		want_type = 3;	/* storage unit #1, content #2 */
++	}
++#endif
++
++	if (want_type == data->tparm_type) {
++	    result = TRUE;
++	} else {
++	    T(("unexpected string-parameter"));
++	}
++    }
++    return result;
++}
++
++#define ValidCap() (myData.tparm_type == 0 || \
++		    check_string_caps(&myData, string))
++#else
++#define ValidCap() 1
++#endif
++
+ #if NCURSES_TPARM_VARARGS
+ 
+ NCURSES_EXPORT(char *)
+@@ -1100,7 +1158,7 @@ tparm(const char *string, ...)
+     tps->tname = "tparm";
+ #endif /* TRACE */
+ 
+-    if (tparm_setup(cur_term, string, &myData) == OK) {
++    if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) {
+ 	va_list ap;
+ 
+ 	va_start(ap, string);
+@@ -1135,7 +1193,7 @@ tparm(const char *string,
+     tps->tname = "tparm";
+ #endif /* TRACE */
+ 
+-    if (tparm_setup(cur_term, string, &myData) == OK) {
++    if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) {
+ 
+ 	myData.param[0] = a1;
+ 	myData.param[1] = a2;
+@@ -1166,7 +1224,7 @@ tiparm(const char *string, ...)
+     tps->tname = "tiparm";
+ #endif /* TRACE */
+ 
+-    if (tparm_setup(cur_term, string, &myData) == OK) {
++    if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) {
+ 	va_list ap;
+ 
+ 	va_start(ap, string);
+@@ -1179,7 +1237,25 @@ tiparm(const char *string, ...)
+ }
+ 
+ /*
+- * The internal-use flavor ensures that the parameters are numbers, not strings
++ * The internal-use flavor ensures that parameters are numbers, not strings.
++ * In addition to ensuring that they are numbers, it ensures that the parameter
++ * count is consistent with intended usage.
++ *
++ * Unlike the general-purpose tparm/tiparm, these internal calls are fairly
++ * well defined:
++ *
++ * expected == 0 - not applicable
++ * expected == 1 - set color, or vertical/horizontal addressing
++ * expected == 2 - cursor addressing
++ * expected == 4 - initialize color or color pair
++ * expected == 9 - set attributes
++ *
++ * Only for the last case (set attributes) should a parameter be optional.
++ * Also, a capability which calls for more parameters than expected should be
++ * ignored.
++ *
++ * Return a null if the parameter-checks fail.  Otherwise, return a pointer to
++ * the formatted capability string.
+  */
+ NCURSES_EXPORT(char *)
+ _nc_tiparm(int expected, const char *string, ...)
+@@ -1189,22 +1265,36 @@ _nc_tiparm(int expected, const char *string, ...)
+     char *result = NULL;
+ 
+     _nc_tparm_err = 0;
++    T((T_CALLED("_nc_tiparm(%d, %s, ...)"), expected, _nc_visbuf(string)));
+ #ifdef TRACE
+     tps->tname = "_nc_tiparm";
+ #endif /* TRACE */
+ 
+-    if (tparm_setup(cur_term, string, &myData) == OK
+-	&& myData.num_actual <= expected
+-	&& myData.tparm_type == 0) {
+-	va_list ap;
++    if (tparm_setup(cur_term, string, &myData) == OK && ValidCap()) {
++	if (myData.num_actual == 0) {
++	    T(("missing parameter%s, expected %s%d",
++	       expected > 1 ? "s" : "",
++	       expected == 9 ? "up to " : "",
++	       expected));
++	} else if (myData.num_actual > expected) {
++	    T(("too many parameters, have %d, expected %d",
++	       myData.num_actual,
++	       expected));
++	} else if (expected != 9 && myData.num_actual != expected) {
++	    T(("expected %d parameters, have %d",
++	       myData.num_actual,
++	       expected));
++	} else {
++	    va_list ap;
+ 
+-	va_start(ap, string);
+-	tparm_copy_valist(&myData, FALSE, ap);
+-	va_end(ap);
++	    va_start(ap, string);
++	    tparm_copy_valist(&myData, FALSE, ap);
++	    va_end(ap);
+ 
+-	result = tparam_internal(tps, string, &myData);
++	    result = tparam_internal(tps, string, &myData);
++	}
+     }
+-    return result;
++    returnPtr(result);
+ }
+ 
+ /*
+diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
+index 66e3d31e..8ccb1570 100644
+--- a/ncurses/tinfo/read_entry.c
++++ b/ncurses/tinfo/read_entry.c
+@@ -321,6 +321,9 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ 	|| bool_count < 0
+ 	|| num_count < 0
+ 	|| str_count < 0
++	|| bool_count > BOOLCOUNT
++	|| num_count > NUMCOUNT
++	|| str_count > STRCOUNT
+ 	|| str_size < 0) {
+ 	returnDB(TGETENT_NO);
+     }
+diff --git a/progs/tic.c b/progs/tic.c
+index 152010d2..92d551c8 100644
+--- a/progs/tic.c
++++ b/progs/tic.c
+@@ -2255,9 +2255,15 @@ check_1_infotocap(const char *name, NCURSES_CONST char *value, int count)
+ 
+     _nc_reset_tparm(NULL);
+     switch (actual) {
++    case Str:
++	result = TPARM_1(value, strings[1]);
++	break;
+     case Num_Str:
+ 	result = TPARM_2(value, numbers[1], strings[2]);
+ 	break;
++    case Str_Str:
++	result = TPARM_2(value, strings[1], strings[2]);
++	break;
+     case Num_Str_Str:
+ 	result = TPARM_3(value, numbers[1], strings[2], strings[3]);
+ 	break;
+diff --git a/progs/tparm_type.c b/progs/tparm_type.c
+index 3da4a077..644aa62a 100644
+--- a/progs/tparm_type.c
++++ b/progs/tparm_type.c
+@@ -47,6 +47,7 @@ tparm_type(const char *name)
+     	{code, {longname} }, \
+ 	{code, {ti} }, \
+ 	{code, {tc} }
++#define XD(code, onlyname) TD(code, onlyname, onlyname, onlyname)
+     TParams result = Numbers;
+     /* *INDENT-OFF* */
+     static const struct {
+@@ -58,6 +59,10 @@ tparm_type(const char *name)
+ 	TD(Num_Str,	"pkey_xmit",	"pfx",		"px"),
+ 	TD(Num_Str,	"plab_norm",	"pln",		"pn"),
+ 	TD(Num_Str_Str, "pkey_plab",	"pfxl",		"xl"),
++#if NCURSES_XNAMES
++	XD(Str,		"Cs"),
++	XD(Str_Str,	"Ms"),
++#endif
+     };
+     /* *INDENT-ON* */
+ 
+@@ -80,12 +85,16 @@ guess_tparm_type(int nparam, char **p_is_s)
+     case 1:
+ 	if (!p_is_s[0])
+ 	    result = Numbers;
++	if (p_is_s[0])
++	    result = Str;
+ 	break;
+     case 2:
+ 	if (!p_is_s[0] && !p_is_s[1])
+ 	    result = Numbers;
+ 	if (!p_is_s[0] && p_is_s[1])
+ 	    result = Num_Str;
++	if (p_is_s[0] && p_is_s[1])
++	    result = Str_Str;
+ 	break;
+     case 3:
+ 	if (!p_is_s[0] && !p_is_s[1] && !p_is_s[2])
+diff --git a/progs/tparm_type.h b/progs/tparm_type.h
+index 7c102a30..af5bcf0f 100644
+--- a/progs/tparm_type.h
++++ b/progs/tparm_type.h
+@@ -45,8 +45,10 @@
+ typedef enum {
+     Other = -1
+     ,Numbers = 0
++    ,Str
+     ,Num_Str
+     ,Num_Str_Str
++    ,Str_Str
+ } TParams;
+ 
+ extern TParams tparm_type(const char *name);
+diff --git a/progs/tput.c b/progs/tput.c
+index 4cd0c5ba..41508b72 100644
+--- a/progs/tput.c
++++ b/progs/tput.c
+@@ -1,5 +1,5 @@
+ /****************************************************************************
+- * Copyright 2018-2021,2022 Thomas E. Dickey                                *
++ * Copyright 2018-2022,2023 Thomas E. Dickey                                *
+  * Copyright 1998-2016,2017 Free Software Foundation, Inc.                  *
+  *                                                                          *
+  * Permission is hereby granted, free of charge, to any person obtaining a  *
+@@ -47,12 +47,15 @@
+ #include <transform.h>
+ #include <tty_settings.h>
+ 
+-MODULE_ID("$Id: tput.c,v 1.99 2022/02/26 23:19:31 tom Exp $")
++MODULE_ID("$Id: tput.c,v 1.102 2023/04/08 16:26:36 tom Exp $")
+ 
+ #define PUTS(s)		fputs(s, stdout)
+ 
+ const char *_nc_progname = "tput";
+ 
++static bool opt_v = FALSE;	/* quiet, do not show warnings */
++static bool opt_x = FALSE;	/* clear scrollback if possible */
++
+ static bool is_init = FALSE;
+ static bool is_reset = FALSE;
+ static bool is_clear = FALSE;
+@@ -81,6 +84,7 @@ usage(const char *optstring)
+ 	KEEP("  -S <<       read commands from standard input")
+ 	KEEP("  -T TERM     use this instead of $TERM")
+ 	KEEP("  -V          print curses-version")
++	KEEP("  -v          verbose, show warnings")
+ 	KEEP("  -x          do not try to clear scrollback")
+ 	KEEP("")
+ 	KEEP("Commands:")
+@@ -148,7 +152,7 @@ exit_code(int token, int value)
+  * Returns nonzero on error.
+  */
+ static int
+-tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used)
++tput_cmd(int fd, TTY * settings, int argc, char **argv, int *used)
+ {
+     NCURSES_CONST char *name;
+     char *s;
+@@ -231,7 +235,9 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used)
+     } else if (VALID_STRING(s)) {
+ 	if (argc > 1) {
+ 	    int k;
++	    int narg;
+ 	    int analyzed;
++	    int provided;
+ 	    int popcount;
+ 	    long numbers[1 + NUM_PARM];
+ 	    char *strings[1 + NUM_PARM];
+@@ -271,14 +277,45 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used)
+ 
+ 	    popcount = 0;
+ 	    _nc_reset_tparm(NULL);
++	    /*
++	     * Count the number of numeric parameters which are provided.
++	     */
++	    provided = 0;
++	    for (narg = 1; narg < argc; ++narg) {
++		char *ending = NULL;
++		long check = strtol(argv[narg], &ending, 10);
++		if (check < 0 || ending == argv[narg] || *ending != '\0')
++		    break;
++		provided = narg;
++	    }
+ 	    switch (paramType) {
++	    case Str:
++		s = TPARM_1(s, strings[1]);
++		analyzed = 1;
++		if (provided == 0 && argc >= 1)
++		    provided++;
++		break;
++	    case Str_Str:
++		s = TPARM_2(s, strings[1], strings[2]);
++		analyzed = 2;
++		if (provided == 0 && argc >= 1)
++		    provided++;
++		if (provided == 1 && argc >= 2)
++		    provided++;
++		break;
+ 	    case Num_Str:
+ 		s = TPARM_2(s, numbers[1], strings[2]);
+ 		analyzed = 2;
++		if (provided == 1 && argc >= 2)
++		    provided++;
+ 		break;
+ 	    case Num_Str_Str:
+ 		s = TPARM_3(s, numbers[1], strings[2], strings[3]);
+ 		analyzed = 3;
++		if (provided == 1 && argc >= 2)
++		    provided++;
++		if (provided == 2 && argc >= 3)
++		    provided++;
+ 		break;
+ 	    case Numbers:
+ 		analyzed = _nc_tparm_analyze(NULL, s, p_is_s, &popcount);
+@@ -316,7 +353,13 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used)
+ 	    if (analyzed < popcount) {
+ 		analyzed = popcount;
+ 	    }
+-	    *used += analyzed;
++	    if (opt_v && (analyzed != provided)) {
++		fprintf(stderr, "%s: %s parameters for \"%s\"\n",
++			_nc_progname,
++			(analyzed < provided ? "extra" : "missing"),
++			argv[0]);
++	    }
++	    *used += provided;
+ 	}
+ 
+ 	/* use putp() in order to perform padding */
+@@ -339,7 +382,6 @@ main(int argc, char **argv)
+     int used;
+     TTY old_settings;
+     TTY tty_settings;
+-    bool opt_x = FALSE;		/* clear scrollback if possible */
+     bool is_alias;
+     bool need_tty;
+ 
+@@ -348,7 +390,7 @@ main(int argc, char **argv)
+ 
+     term = getenv("TERM");
+ 
+-    while ((c = getopt(argc, argv, is_alias ? "T:Vx" : "ST:Vx")) != -1) {
++    while ((c = getopt(argc, argv, is_alias ? "T:Vvx" : "ST:Vvx")) != -1) {
+ 	switch (c) {
+ 	case 'S':
+ 	    cmdline = FALSE;
+@@ -361,6 +403,9 @@ main(int argc, char **argv)
+ 	case 'V':
+ 	    puts(curses_version());
+ 	    ExitProgram(EXIT_SUCCESS);
++	case 'v':		/* verbose */
++	    opt_v = TRUE;
++	    break;
+ 	case 'x':		/* do not try to clear scrollback */
+ 	    opt_x = TRUE;
+ 	    break;
+@@ -404,7 +449,7 @@ main(int argc, char **argv)
+ 	    usage(NULL);
+ 	while (argc > 0) {
+ 	    tty_settings = old_settings;
+-	    code = tput_cmd(fd, &tty_settings, opt_x, argc, argv, &used);
++	    code = tput_cmd(fd, &tty_settings, argc, argv, &used);
+ 	    if (code != 0)
+ 		break;
+ 	    argc -= used;
+@@ -439,7 +484,7 @@ main(int argc, char **argv)
+ 	while (argnum > 0) {
+ 	    int code;
+ 	    tty_settings = old_settings;
+-	    code = tput_cmd(fd, &tty_settings, opt_x, argnum, argnow, &used);
++	    code = tput_cmd(fd, &tty_settings, argnum, argnow, &used);
+ 	    if (code != 0) {
+ 		if (result == 0)
+ 		    result = ErrSystem(0);	/* will return value >4 */
+-- 
+2.40.0
+
diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index f67a3f5bf4..a34a7bdfdc 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
            file://0002-configure-reproducible.patch \
            file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+           file://CVE-2023-29491.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
-- 
2.34.1

[OE-core][kirkstone 06/14] busybox: fix CVE-2022-48174

[Steve Sakoman]

From: Meenali Gupta <meenali.gupta@windriver.com>

There is a stack overflow vulnerability in ash.c:6030 in busybox
vbefore 1.35. In the environment of Internet of Vehicles, this
vulnerability can be executed from command to arbitrary code execution.

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/busybox/CVE-2022-48174.patch      | 80 +++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-48174.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
new file mode 100644
index 0000000000..dd0ea19f02
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
@@ -0,0 +1,80 @@
+From cf5d0889262e1b04ec2aa4caff2f5da2d602c665 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 12 Jun 2023 17:48:47 +0200
+Subject: [PATCH] busybox: shell: avoid segfault on ${0::0/0~09J}. Closes 15216
+function old new delta evaluate_string 1011 1053 +42
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209]
+CVE: CVE-2022-48174
+
+Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
+---
+ shell/math.c | 39 +++++++++++++++++++++++++++++++++++----
+ 1 file changed, 35 insertions(+), 4 deletions(-)
+
+diff --git a/shell/math.c b/shell/math.c
+index 76d22c9..727c294 100644
+--- a/shell/math.c
++++ b/shell/math.c
+@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr)
+ # endif
+ #endif
+
++//TODO: much better estimation than expr_len/2? Such as:
++//static unsigned estimate_nums_and_names(const char *expr)
++//{
++//	unsigned count = 0;
++//	while (*(expr = skip_whitespace(expr)) != '\0') {
++//		const char *p;
++//		if (isdigit(*expr)) {
++//			while (isdigit(*++expr))
++//				continue;
++//			count++;
++//			continue;
++//		}
++//		p = endofname(expr);
++//		if (p != expr) {
++//			expr = p;
++//			count++;
++//			continue;
++//		}
++//	}
++//	return count;
++//}
++
+ static arith_t
+ evaluate_string(arith_state_t *math_state, const char *expr)
+ {
+@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr)
+	const char *errmsg;
+	const char *start_expr = expr = skip_whitespace(expr);
+	unsigned expr_len = strlen(expr) + 2;
+-	/* Stack of integers */
+-	/* The proof that there can be no more than strlen(startbuf)/2+1
+-	 * integers in any given correct or incorrect expression
+-	 * is left as an exercise to the reader. */
++	/* Stack of integers/names */
++	/* There can be no more than strlen(startbuf)/2+1
++	 * integers/names in any given correct or incorrect expression.
++	 * (modulo "09v09v09v09v09v" case,
++	 * but we have code to detect that early)
++	 */
+	var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0]));
+	var_or_num_t *numstackptr = numstack;
+	/* Stack of operator tokens */
+@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr)
+			numstackptr->var = NULL;
+			errno = 0;
+			numstackptr->val = strto_arith_t(expr, (char**) &expr);
++			/* A number can't be followed by another number, or a variable name.
++			 * We'd catch this later anyway, but this would require numstack[]
++			 * to be twice as deep to handle strings where _every_ char is
++			 * a new number or name. Example: 09v09v09v09v09v09v09v09v09v
++			 */
++			if (isalnum(*expr) || *expr == '_')
++				goto err;
+ //bb_error_msg("val:%lld", numstackptr->val);
+			if (errno)
+				numstackptr->val = 0; /* bash compat */
+--
+2.40.0
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index e9ca6fdb1a..07a5137d2a 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -51,6 +51,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
            file://CVE-2022-30065.patch \
            file://0001-devmem-add-128-bit-width.patch \
+	   file://CVE-2022-48174.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 
-- 
2.34.1

[OE-core][kirkstone 07/14] webkitgtk: fix CVE-2023-23529

[Steve Sakoman]

From: Kai Kang <kai.kang@windriver.com>

Backport and rebase patch to fix CVE-2023-23529.

CVE: CVE-2023-23529

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../webkit/webkitgtk/CVE-2023-23529.patch     | 65 +++++++++++++++++++
 meta/recipes-sato/webkit/webkitgtk_2.36.8.bb  |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch

diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch
new file mode 100644
index 0000000000..f2e9808ab4
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23529.patch
@@ -0,0 +1,65 @@
+CVE: CVE-2023-23529
+Upstream-Status: Backport [https://github.com/WebKit/WebKit/commit/6cc943c]
+
+With the help from webkit maillist, backport and rebase patch to fix
+CVE-2023-23529.
+
+https://lists.webkit.org/pipermail/webkit-gtk/2023-August/003931.html
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 6cc943c3323a1a1368934c812e5e8ec08f54dcd4 Mon Sep 17 00:00:00 2001
+From: Yusuke Suzuki <ysuzuki@apple.com>
+Date: Fri, 17 Feb 2023 10:39:19 -0800
+Subject: [PATCH] Cherry-pick 259548.63@safari-7615-branch (1b2eb138ef92).
+ rdar://105598149
+
+    [JSC] ToThis object folding should check if AbstractValue is always an object
+    https://bugs.webkit.org/show_bug.cgi?id=251944
+    rdar://105175786
+
+    Reviewed by Geoffrey Garen and Mark Lam.
+
+    ToThis can become Identity for strict mode if it is just primitive values or its object does not have toThis function overriding.
+    This is correct, but folding ToThis to Undefined etc. (not Identity) needs to check that an input only contains objects.
+    This patch adds appropriate checks to prevent from converting ToThis(GlobalObject | Int32) to Undefined for example.
+
+    * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
+    (JSC::DFG::isToThisAnIdentity):
+
+    Canonical link: https://commits.webkit.org/259548.63@safari-7615-branch
+
+Canonical link: https://commits.webkit.org/260455@main
+---
+ .../JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h   | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+index 928328ffab826..82481455e651d 100644
+--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
++++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+@@ -209,7 +209,8 @@ inline ToThisResult isToThisAnIdentity(VM& vm, ECMAMode ecmaMode, AbstractValue&
+         }
+     }
+ 
+-    if ((ecmaMode.isStrict() || (valueForNode.m_type && !(valueForNode.m_type & ~SpecObject))) && valueForNode.m_structure.isFinite()) {
++    bool onlyObjects = valueForNode.m_type && !(valueForNode.m_type & ~SpecObject);
++    if ((ecmaMode.isStrict() || onlyObjects) && valueForNode.m_structure.isFinite()) {
+         bool allStructuresAreJSScope = !valueForNode.m_structure.isClear();
+         bool overridesToThis = false;
+         valueForNode.m_structure.forEach([&](RegisteredStructure structure) {
+@@ -226,9 +227,13 @@ inline ToThisResult isToThisAnIdentity(VM& vm, ECMAMode ecmaMode, AbstractValue&
+             // If all the structures are JSScope's ones, we know the details of JSScope::toThis() operation.
+             allStructuresAreJSScope &= structure->classInfo()->methodTable.toThis == JSScope::info()->methodTable.toThis;
+         });
++
++        // This is correct for strict mode even if this can have non objects, since the right semantics is Identity.
+         if (!overridesToThis)
+             return ToThisResult::Identity;
+-        if (allStructuresAreJSScope) {
++
++        // But this folding is available only if input is always an object.
++        if (onlyObjects && allStructuresAreJSScope) {
+             if (ecmaMode.isStrict())
+                 return ToThisResult::Undefined;
+             return ToThisResult::GlobalThis;
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
index edd64b7b11..20f475bebd 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb
@@ -21,6 +21,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \
            file://CVE-2022-46699.patch \
            file://CVE-2022-42867.patch \
            file://CVE-2022-46700.patch \
+           file://CVE-2023-23529.patch \
            "
 SRC_URI[sha256sum] = "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437"
 
-- 
2.34.1

[OE-core][kirkstone 08/14] libssh2: fix CVE-2020-22218

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libssh2/libssh2/CVE-2020-22218.patch      | 34 +++++++++++++++++++
 .../recipes-support/libssh2/libssh2_1.10.0.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch

diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
new file mode 100644
index 0000000000..066233fcae
--- /dev/null
+++ b/meta/recipes-support/libssh2/libssh2/CVE-2020-22218.patch
@@ -0,0 +1,34 @@
+CVE:  CVE-2020-22218
+Upstream-Status: Backport [ https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+
+From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001
+From: lutianxiong <lutianxiong@huawei.com>
+Date: Fri, 29 May 2020 01:25:40 +0800
+Subject: [PATCH] transport.c: fix use-of-uninitialized-value (#476)
+
+file:transport.c
+
+notes:
+return error if malloc(0)
+
+credit:
+lutianxiong
+---
+ src/transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index 96fca6b8cc..adf96c2437 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+             /* Get a packet handle put data into. We get one to
+                hold all data, including padding and MAC. */
+             p->payload = LIBSSH2_ALLOC(session, total_num);
+-            if(!p->payload) {
++            if(total_num == 0 || !p->payload) {
+                 return LIBSSH2_ERROR_ALLOC;
+             }
+             p->total_num = total_num;
diff --git a/meta/recipes-support/libssh2/libssh2_1.10.0.bb b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
index d5513373b0..8483a292c2 100644
--- a/meta/recipes-support/libssh2/libssh2_1.10.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
 SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
            file://fix-ssh2-test.patch \
            file://run-ptest \
+           file://CVE-2020-22218.patch \
            "
 
 SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
-- 
2.34.1

[OE-core][kirkstone 09/14] file: fix CVE-2022-48554

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

ignore changes to FILE_RCSID part.

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../file/file/CVE-2022-48554.patch            | 35 +++++++++++++++++++
 meta/recipes-devtools/file/file_5.41.bb       |  4 ++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/file/file/CVE-2022-48554.patch

diff --git a/meta/recipes-devtools/file/file/CVE-2022-48554.patch b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
new file mode 100644
index 0000000000..c285bd2c23
--- /dev/null
+++ b/meta/recipes-devtools/file/file/CVE-2022-48554.patch
@@ -0,0 +1,35 @@
+CVE:  CVE-2022-48554
+Upstream-Status: Backport [ https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 14 Feb 2022 16:26:10 +0000
+Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
+ will try to scan the source string to find out how much space is needed the
+ source string might not be NUL terminated.
+
+---
+ src/funcs.c | 11 +++++++----
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/funcs.c b/src/funcs.c
+index 89e1da597..dcfd352d2 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 christos Exp $")
+ protected char *
+ file_copystr(char *buf, size_t blen, size_t width, const char *str)
+ {
+-	if (++width > blen)
+-		width = blen;
+-	strlcpy(buf, str, width);
++	if (blen == 0)
++		return buf;
++	if (width >= blen)
++		width = blen - 1;
++	memcpy(buf, str, width);
++	buf[width] = '\0';
+ 	return buf;
+ }
+ 
diff --git a/meta/recipes-devtools/file/file_5.41.bb b/meta/recipes-devtools/file/file_5.41.bb
index 653887e97a..6fd4f2c746 100644
--- a/meta/recipes-devtools/file/file_5.41.bb
+++ b/meta/recipes-devtools/file/file_5.41.bb
@@ -11,7 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
 DEPENDS = "file-replacement-native"
 DEPENDS:class-native = "bzip2-replacement-native"
 
-SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https \
+           file://CVE-2022-48554.patch \
+"
 
 SRCREV = "504206e53a89fd6eed71aeaf878aa3512418eab1"
 S = "${WORKDIR}/git"
-- 
2.34.1

[OE-core][kirkstone 10/14] nasm: fix CVE-2020-21528

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

A Segmentation Fault issue discovered in in ieee_segment function in outieee.c
in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service
via crafted assembly file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-21528

Upstream patches:
https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../nasm/nasm/CVE-2020-21528.patch            | 47 +++++++++++++++++++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb    |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch

diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch b/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch
new file mode 100644
index 0000000000..2303744540
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/CVE-2020-21528.patch
@@ -0,0 +1,47 @@
+From 93c774d482694643cafbc82578ac8b729fb5bc8b Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov <gorcunov@gmail.com>
+Date: Wed, 4 Nov 2020 13:08:06 +0300
+Subject: [PATCH] BR3392637: output/outieee: Fix nil dereference
+
+The handling been broken in commit 98578071.
+
+Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b]
+
+CVE: CVE-2020-21528
+
+Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ output/outieee.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/output/outieee.c b/output/outieee.c
+index bff2f085..b3ccc5f6 100644
+--- a/output/outieee.c
++++ b/output/outieee.c
+@@ -795,6 +795,23 @@ static int32_t ieee_segment(char *name, int *bits)
+             define_label(name, seg->index + 1, 0L, false);
+         ieee_seg_needs_update = NULL;
+
++        /*
++         * In commit 98578071b9d71ecaa2344dd9c185237c1765041e
++         * we reworked labels significantly which in turn lead
++         * to the case where seg->name = NULL here and we get
++         * nil dereference in next segments definitions.
++         *
++         * Lets placate this case with explicit name setting
++         * if labels engine didn't set it yet.
++         *
++         * FIXME: Need to revisit this moment if such fix doesn't
++         * break anything but since IEEE 695 format is veeery
++         * old I don't expect there are many users left. In worst
++         * case this should only lead to a memory leak.
++         */
++        if (!seg->name)
++            seg->name = nasm_strdup(name);
++
+         if (seg->use32)
+             *bits = 32;
+         else
+--
+2.40.0
diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
index bcb7e071d6..aba061f56f 100644
--- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -10,6 +10,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
            file://0002-Add-debug-prefix-map-option.patch \
            file://CVE-2022-44370.patch \
            file://CVE-2022-46457.patch \
+           file://CVE-2020-21528.patch \
            "
 
 SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"
-- 
2.34.1

[OE-core][kirkstone 11/14] python3: upgrade to 3.10.13

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

Release date: 2023-08-24

Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted data. Security issue reported as
CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into
account when determining their target, so it will no longer reject some
valid tarballs with LinkOutsideDestinationError.

Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL
1.1.1v, 3.0.10, and 3.1.2.

C API
gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../python/{python3_3.10.12.bb => python3_3.10.13.bb}           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3_3.10.12.bb => python3_3.10.13.bb} (99%)

diff --git a/meta/recipes-devtools/python/python3_3.10.12.bb b/meta/recipes-devtools/python/python3_3.10.13.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.10.12.bb
rename to meta/recipes-devtools/python/python3_3.10.13.bb
index 74f1defc95..ba53a09ef5 100644
--- a/meta/recipes-devtools/python/python3_3.10.12.bb
+++ b/meta/recipes-devtools/python/python3_3.10.13.bb
@@ -43,7 +43,7 @@ SRC_URI:append:class-native = " \
            file://12-distutils-prefix-is-inside-staging-area.patch \
            file://0001-Don-t-search-system-for-headers-libraries.patch \
            "
-SRC_URI[sha256sum] = "afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8"
+SRC_URI[sha256sum] = "5c88848668640d3e152b35b4536ef1c23b2ca4bd2c957ef1ecbb053f571dd3f6"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.34.1

[OE-core][kirkstone 12/14] efivar: backport 5 patches to fix build with gold

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* LDFLAGS += "-fuse-ld=bfd" in the recipe doesn't work and
  it still fails to build with ld-is-gold in DISTRO_FEATURES

  removal of this line sent to master in:
  https://lists.openembedded.org/g/openembedded-core/message/185167

* the most important ones are the 1st which removes --add-needed
  and the last which removes src/include/workarounds.mk completely
  while 2-4 patches just update src/include/workarounds.mk for the
  last one to apply cleanly

* alternatively we can bump SRCREV to latest 38 as master did in:
  https://git.openembedded.org/openembedded-core/commit/?id=4df808c616f847d90203582fd950a49bb8360dd0
  which brings 23 commits, but instead of adding 5 more patches
  allows to remove 5

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ve-deprecated-add-needed-linker-flag.patch |  45 +++
 ...002-Add-T-workaround-for-GNU-ld-2.36.patch |  33 +++
 ...LL-C-to-force-English-output-from-ld.patch |  33 +++
 ...on-and-remove-not-needed-workarounds.patch |  45 +++
 ...mp-efi_well_known_-variable-handling.patch | 262 ++++++++++++++++++
 meta/recipes-bsp/efivar/efivar_38.bb          |   9 +-
 6 files changed, 423 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch
 create mode 100644 meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch

diff --git a/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch b/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
new file mode 100644
index 0000000000..fb6d2e8580
--- /dev/null
+++ b/meta/recipes-bsp/efivar/efivar/0001-Remove-deprecated-add-needed-linker-flag.patch
@@ -0,0 +1,45 @@
+From b23aba1469de8bb7a115751f9cd294ad3aaa6680 Mon Sep 17 00:00:00 2001
+From: Ali Abdel-Qader <abdelqaderali@protonmail.com>
+Date: Tue, 31 May 2022 11:53:32 -0400
+Subject: [PATCH] Remove deprecated --add-needed linker flag
+
+Resolves #204
+Signed-off-by: Ali Abdel-Qader <abdelqaderali@protonmail.com>
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+Upstream-Status: Backport [https://github.com/rhboot/efivar/pull/218/commits/b23aba1469de8bb7a115751f9cd294ad3aaa6680]
+
+ src/include/defaults.mk | 2 --
+ src/include/gcc.specs   | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/include/defaults.mk b/src/include/defaults.mk
+index b8cc590..42bd3d6 100644
+--- a/src/include/defaults.mk
++++ b/src/include/defaults.mk
+@@ -51,7 +51,6 @@ LDFLAGS ?=
+ override _CCLDFLAGS := $(CCLDFLAGS)
+ override _LDFLAGS := $(LDFLAGS)
+ override LDFLAGS = $(CFLAGS) -L. $(_LDFLAGS) $(_CCLDFLAGS) \
+-		   -Wl,--add-needed \
+ 		   -Wl,--build-id \
+ 		   -Wl,--no-allow-shlib-undefined \
+ 		   -Wl,--no-undefined-version \
+@@ -98,7 +97,6 @@ override _HOST_LDFLAGS := $(HOST_LDFLAGS)
+ override _HOST_CCLDFLAGS := $(HOST_CCLDFLAGS)
+ override HOST_LDFLAGS = $(HOST_CFLAGS) -L. \
+ 			$(_HOST_LDFLAGS) $(_HOST_CCLDFLAGS) \
+-			-Wl,--add-needed \
+ 			-Wl,--build-id \
+ 			-Wl,--no-allow-shlib-undefined \
+ 			-Wl,-z,now \
+diff --git a/src/include/gcc.specs b/src/include/gcc.specs
+index ef28e2b..d85e865 100644
+--- a/src/include/gcc.specs
++++ b/src/include/gcc.specs
+@@ -5,4 +5,4 @@
+ + %{!shared:%{!static:%{!r:-pie}}} %{static:-Wl,-no-fatal-warnings -Wl,-static -static -Wl,-z,relro,-z,now} -grecord-gcc-switches
+ 
+ *link:
+-+ %{!static:--fatal-warnings} --no-undefined-version --no-allow-shlib-undefined --add-needed -z now --build-id %{!static:%{!shared:-pie}} %{shared:-z relro} %{static:%<pie}
+++ %{!static:--fatal-warnings} --no-undefined-version --no-allow-shlib-undefined -z now --build-id %{!static:%{!shared:-pie}} %{shared:-z relro} %{static:%<pie}
diff --git a/meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch b/meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch
new file mode 100644
index 0000000000..a175673922
--- /dev/null
+++ b/meta/recipes-bsp/efivar/efivar/0002-Add-T-workaround-for-GNU-ld-2.36.patch
@@ -0,0 +1,33 @@
+From 8469d6f72ee2450753f044080b018f9ad7ff62dc Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Mon, 17 Jan 2022 12:34:55 -0500
+Subject: [PATCH] Add -T workaround for GNU ld 2.36
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+Resolves: #195
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/197a0874ea4010061b98b4b55eff65b33b1cd741]
+
+ src/include/workarounds.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk
+index 3118834..143e790 100644
+--- a/src/include/workarounds.mk
++++ b/src/include/workarounds.mk
+@@ -4,12 +4,12 @@
+ 
+ LD_FLAVOR := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g')
+ LD_VERSION := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //')
+-# I haven't tested 2.36 here; 2.35 is definitely broken and 2.37 seems to work
++# 2.35 is definitely broken and 2.36 seems to work
+ LD_DASH_T := $(shell \
+ 	if [ "x${LD_FLAVOR}" = xLLD ] ; then \
+ 		echo '-T' ; \
+ 	elif [ "x${LD_FLAVOR}" = xGNU ] ; then \
+-		if echo "${LD_VERSION}" | grep -q -E '^2\.3[789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \
++		if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \
+ 			echo '-T' ; \
+ 		else \
+ 			echo "" ; \
diff --git a/meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch b/meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch
new file mode 100644
index 0000000000..e53c31a673
--- /dev/null
+++ b/meta/recipes-bsp/efivar/efivar/0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch
@@ -0,0 +1,33 @@
+From 8ea2cf0ab6182f29ecd8568cdc674b2736f6ffba Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 24 Jun 2022 17:00:33 -0400
+Subject: [PATCH] Set LC_ALL=C to force English output from ld
+
+If the user has a different locale set, ld --version may not contain the
+string "GNU ld".
+
+For example, in Italian, ld --version outputs "ld di GNU".
+
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/01de7438520868650bfaa1ef3e2bfaf00cacbcc6]
+
+ src/include/workarounds.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk
+index 143e790..b72fbaf 100644
+--- a/src/include/workarounds.mk
++++ b/src/include/workarounds.mk
+@@ -2,8 +2,8 @@
+ #
+ # workarounds.mk - workarounds for weird stuff behavior
+ 
+-LD_FLAVOR := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g')
+-LD_VERSION := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //')
++LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g')
++LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //')
+ # 2.35 is definitely broken and 2.36 seems to work
+ LD_DASH_T := $(shell \
+ 	if [ "x${LD_FLAVOR}" = xLLD ] ; then \
diff --git a/meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch b/meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch
new file mode 100644
index 0000000000..f1a545140a
--- /dev/null
+++ b/meta/recipes-bsp/efivar/efivar/0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch
@@ -0,0 +1,45 @@
+From 09b9ddc51cb83ce547872a82271d1af4d11325da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20Pawe=C5=82=20Gajc?= <tpgxyz@gmail.com>
+Date: Wed, 29 Jun 2022 21:44:29 +0200
+Subject: [PATCH] LLD: fix detection and remove not needed workarounds
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Tomasz Paweł Gajc <tpgxyz@gmail.com>
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/1f247260c9b4bd6fcda30f3e4cc358852aeb9e4d]
+
+ src/include/workarounds.mk | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk
+index b72fbaf..57394ed 100644
+--- a/src/include/workarounds.mk
++++ b/src/include/workarounds.mk
+@@ -2,12 +2,12 @@
+ #
+ # workarounds.mk - workarounds for weird stuff behavior
+ 
+-LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g')
+-LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //')
++LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/ .*//g')
++LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/.* //')
+ # 2.35 is definitely broken and 2.36 seems to work
+ LD_DASH_T := $(shell \
+ 	if [ "x${LD_FLAVOR}" = xLLD ] ; then \
+-		echo '-T' ; \
++		echo "" ; \
+ 	elif [ "x${LD_FLAVOR}" = xGNU ] ; then \
+ 		if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \
+ 			echo '-T' ; \
+@@ -15,7 +15,7 @@ LD_DASH_T := $(shell \
+ 			echo "" ; \
+ 		fi ; \
+ 	else \
+-		echo "Your linker is not supported" ; \
++		echo "Your linker ${LD_FLAVOR} version ${LD_VERSION} is not supported" ; \
+ 		exit 1 ; \
+ 	fi)
+ 
diff --git a/meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch b/meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch
new file mode 100644
index 0000000000..758a151138
--- /dev/null
+++ b/meta/recipes-bsp/efivar/efivar/0005-Revamp-efi_well_known_-variable-handling.patch
@@ -0,0 +1,262 @@
+From 8c20b2242925616dfccc97b9be29f36afcf8034d Mon Sep 17 00:00:00 2001
+From: Nicholas Vinson <nvinson234@gmail.com>
+Date: Mon, 10 Oct 2022 14:22:36 -0400
+Subject: [PATCH] Revamp efi_well_known_* variable handling
+
+The current implementation attempts to use the linker to create aliases
+for efi_well_known_guids and efi_well_known_names. It also tries to use
+the linker to generate the variables efi_well_known_guids_end and
+efi_well_known_names_end.
+
+When building with clang, the generated linker result results in a
+broken libefivar.so that causes programs to segfault when linked against
+it.  This change does away with linker script hacker and instead
+introduces pointers to store the locations of efi_well_known_guids_end
+and efi_well_known_names_end.
+
+Additionally, efi_well_known_guids and efi_well_known_names are now
+created as pointers that point to the beginning of their respective
+arrays.
+
+Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
+Fixes: #234
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+Upstream-Status: Backport [https://github.com/rhboot/efivar/commit/cfd686de51494d3e34be896a91835657ccab37d4]
+
+ src/Makefile               |  7 ++--
+ src/include/rules.mk       |  5 +--
+ src/include/workarounds.mk | 24 -------------
+ src/makeguids.c            | 72 +++++++++++++-------------------------
+ 4 files changed, 27 insertions(+), 81 deletions(-)
+ delete mode 100644 src/include/workarounds.mk
+
+diff --git a/src/Makefile b/src/Makefile
+index b10051b..c69caf4 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -4,7 +4,6 @@ include $(TOPDIR)/src/include/deprecated.mk
+ include $(TOPDIR)/src/include/version.mk
+ include $(TOPDIR)/src/include/rules.mk
+ include $(TOPDIR)/src/include/defaults.mk
+-include $(TOPDIR)/src/include/workarounds.mk
+ 
+ LIBTARGETS=libefivar.so libefiboot.so libefisec.so
+ STATICLIBTARGETS=libefivar.a libefiboot.a libefisec.a
+@@ -30,7 +29,7 @@ EFISECDB_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(EFISECDB_SOURCES)))
+ GENERATED_SOURCES = include/efivar/efivar-guids.h guid-symbols.c
+ MAKEGUIDS_SOURCES = makeguids.c util-makeguids.c
+ MAKEGUIDS_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(MAKEGUIDS_SOURCES)))
+-MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES) guids.lds
++MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES)
+ 
+ util-makeguids.c :
+ 	cp util.c util-makeguids.c
+@@ -84,7 +83,7 @@ $(MAKEGUIDS_OUTPUT) : guids.txt
+ 	if [ "$${missing}" != "no" ]; then \
+ 		exit 1 ; \
+ 	fi
+-	./makeguids $(LD_DASH_T) guids.txt guid-symbols.c include/efivar/efivar-guids.h guids.lds
++	./makeguids guids.txt guid-symbols.c include/efivar/efivar-guids.h
+ 
+ prep : makeguids $(GENERATED_SOURCES)
+ 
+@@ -96,7 +95,6 @@ libefivar.a : $(patsubst %.o,%.static.o,$(LIBEFIVAR_OBJECTS))
+ libefivar.so : $(LIBEFIVAR_OBJECTS)
+ libefivar.so : | $(GENERATED_SOURCES) libefivar.map
+ libefivar.so : LIBS=dl
+-libefivar.so : LDSCRIPTS=guids.lds
+ libefivar.so : MAP=libefivar.map
+ 
+ efivar : $(EFIVAR_OBJECTS) | libefivar.so
+@@ -137,7 +135,6 @@ deps : $(ALL_SOURCES)
+ clean : 
+ 	@rm -rfv *~ *.o *.a *.E *.so *.so.* *.pc *.bin .*.d *.map \
+ 		makeguids guid-symbols.c include/efivar/efivar-guids.h \
+-		guids.lds \
+ 		$(TARGETS) $(STATICTARGETS)
+ 	@# remove the deps files we used to create, as well.
+ 	@rm -rfv .*.P .*.h.P *.S.P include/efivar/.*.h.P
+diff --git a/src/include/rules.mk b/src/include/rules.mk
+index f309f86..8d0b68a 100644
+--- a/src/include/rules.mk
++++ b/src/include/rules.mk
+@@ -3,7 +3,6 @@ default : all
+ .PHONY: default all clean install test
+ 
+ include $(TOPDIR)/src/include/version.mk
+-include $(TOPDIR)/src/include/workarounds.mk
+ 
+ comma:= ,
+ empty:=
+@@ -36,9 +35,7 @@ family = $(foreach FAMILY_SUFFIX,$(FAMILY_SUFFIXES),$($(1)_$(FAMILY_SUFFIX)))
+ 	$(CCLD) $(CCLDFLAGS) $(CPPFLAGS) -o $@ $(sort $^) $(LDLIBS)
+ 
+ %.so :
+-	$(CCLD) $(CCLDFLAGS) $(CPPFLAGS) $(SOFLAGS) \
+-		$(foreach LDS,$(LDSCRIPTS),$(LD_DASH_T) $(LDS)) \
+-		-o $@ $^ $(LDLIBS)
++	$(CCLD) $(CCLDFLAGS) $(CPPFLAGS) $(SOFLAGS) -o $@ $^ $(LDLIBS)
+ 	ln -vfs $@ $@.1
+ 
+ %.abixml : %.so
+diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk
+deleted file mode 100644
+index 57394ed..0000000
+--- a/src/include/workarounds.mk
++++ /dev/null
+@@ -1,24 +0,0 @@
+-# SPDX-License-Identifier: SPDX-License-Identifier: LGPL-2.1-or-later
+-#
+-# workarounds.mk - workarounds for weird stuff behavior
+-
+-LD_FLAVOR := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/ .*//g')
+-LD_VERSION := $(shell LC_ALL=C $(LD) --version | grep -E '^((.* )?LLD|GNU ld)'|sed 's/.* LLD/LLD/;s/.* //')
+-# 2.35 is definitely broken and 2.36 seems to work
+-LD_DASH_T := $(shell \
+-	if [ "x${LD_FLAVOR}" = xLLD ] ; then \
+-		echo "" ; \
+-	elif [ "x${LD_FLAVOR}" = xGNU ] ; then \
+-		if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \
+-			echo '-T' ; \
+-		else \
+-			echo "" ; \
+-		fi ; \
+-	else \
+-		echo "Your linker ${LD_FLAVOR} version ${LD_VERSION} is not supported" ; \
+-		exit 1 ; \
+-	fi)
+-
+-export LD_DASH_T
+-
+-# vim:ft=make
+diff --git a/src/makeguids.c b/src/makeguids.c
+index e4ff411..b9e9312 100644
+--- a/src/makeguids.c
++++ b/src/makeguids.c
+@@ -107,51 +107,46 @@ write_guidnames(FILE *out, const char *listname,
+ 			gn->symbol, gn->name, gn->description);
+ 	}
+ 	fprintf(out, "};\n");
++        fprintf(out, "const struct efivar_guidname\n"
++			"\t__attribute__((__visibility__ (\"default\")))\n"
++			"\t* const %s = %s_;\n", listname, listname);
++        fprintf(out, "const struct efivar_guidname\n"
++			"\t__attribute__((__visibility__ (\"default\")))\n"
++                        "\t* const %s_end = %s_\n\t+ %zd;\n",
++                        listname, listname, n - 1);
+ }
+ 
+ int
+ main(int argc, char *argv[])
+ {
+ 	int rc;
+-	int argstart = 0;
+-	FILE *symout, *header, *ldsout;
+-	int dash_t = 0;
++	FILE *symout, *header;
+ 
+-	if (argc < 5) {
++	if (argc < 4) {
+ 		errx(1, "Not enough arguments.\n");
+-	} else if (argc > 5 && !strcmp(argv[1],"-T")) {
+-		argstart = 1;
+-		dash_t = 1;
+-	} else if (argc > 5) {
++	} else if (argc > 4) {
+ 		errx(1, "Too many arguments.\n");
+ 	}
+ 
+-	symout = fopen(argv[argstart + 2], "w");
++	symout = fopen(argv[2], "w");
+ 	if (symout == NULL)
+-		err(1, "could not open \"%s\"", argv[argstart + 2]);
+-	rc = chmod(argv[argstart + 2], 0644);
++		err(1, "could not open \"%s\"", argv[2]);
++	rc = chmod(argv[2], 0644);
+ 	if (rc < 0)
+-		warn("chmod(%s, 0644)", argv[argstart + 2]);
++		warn("chmod(%s, 0644)", argv[2]);
+ 
+-	header = fopen(argv[argstart + 3], "w");
++	header = fopen(argv[3], "w");
+ 	if (header == NULL)
+-		err(1, "could not open \"%s\"", argv[argstart + 3]);
+-	rc = chmod(argv[argstart + 3], 0644);
+-	if (rc < 0)
+-		warn("chmod(%s, 0644)", argv[argstart + 3]);
+-
+-	ldsout = fopen(argv[argstart + 4], "w");
+-	if (ldsout == NULL)
+-		err(1, "could not open \"%s\"", argv[argstart + 4]);
+-	rc = chmod(argv[argstart + 4], 0644);
++		err(1, "could not open \"%s\"", argv[3]);
++	rc = chmod(argv[3], 0644);
+ 	if (rc < 0)
+-		warn("chmod(%s, 0644)", argv[argstart + 4]);
++		warn("chmod(%s, 0644)", argv[3]);
+ 
+ 	struct guidname_index *guidnames = NULL;
+ 
+-	rc = read_guids_at(AT_FDCWD, argv[argstart + 1], &guidnames);
++	rc = read_guids_at(AT_FDCWD, argv[1], &guidnames);
+ 	if (rc < 0)
+-		err(1, "could not read \"%s\"", argv[argstart + 1]);
++		err(1, "could not read \"%s\"", argv[1]);
+ 
+ 	struct efivar_guidname *outbuf;
+ 
+@@ -239,12 +234,11 @@ struct efivar_guidname {\n\
+ 	fprintf(header,
+ 		"extern const struct efivar_guidname\n"
+ 			"\t__attribute__((__visibility__ (\"default\")))\n"
+-			"\tefi_well_known_guids[%d];\n",
+-		i);
++			"\t* const efi_well_known_guids;\n");
+ 	fprintf(header,
+ 		"extern const struct efivar_guidname\n"
+ 			"\t__attribute__((__visibility__ (\"default\")))\n"
+-			"\tefi_well_known_guids_end;\n");
++			"\t* const efi_well_known_guids_end;\n");
+ 	fprintf(header,
+ 		"extern const uint64_t\n"
+ 			"\t__attribute__((__visibility__ (\"default\")))\n"
+@@ -252,12 +246,11 @@ struct efivar_guidname {\n\
+ 	fprintf(header,
+ 		"extern const struct efivar_guidname\n"
+ 			"\t__attribute__((__visibility__ (\"default\")))\n"
+-			"\tefi_well_known_names[%d];\n",
+-		i);
++			"\t* const efi_well_known_names;\n");
+ 	fprintf(header,
+ 		"extern const struct efivar_guidname\n"
+ 			"\t__attribute__((__visibility__ (\"default\")))\n"
+-			"\tefi_well_known_names_end;\n");
++			"\t* const efi_well_known_names_end;\n");
+ 	fprintf(header,
+ 		"extern const uint64_t\n"
+ 			"\t__attribute__((__visibility__ (\"default\")))\n"
+@@ -302,23 +295,6 @@ struct efivar_guidname {\n\
+ 
+ 	fclose(symout);
+ 
+-	fprintf(ldsout,
+-		"SECTIONS\n"
+-		"{\n"
+-		"  .data :\n"
+-		"  {\n"
+-		"    efi_well_known_guids = efi_well_known_guids_;\n"
+-		"    efi_well_known_guids_end = efi_well_known_guids_ + %zd;\n"
+-		"    efi_well_known_names = efi_well_known_names_;\n"
+-		"    efi_well_known_names_end = efi_well_known_names_ + %zd;\n"
+-		"  }\n"
+-		"}%s;\n",
+-		(line - 1) * sizeof(struct efivar_guidname),
+-		(line - 1) * sizeof(struct efivar_guidname),
+-		dash_t ? " INSERT AFTER .data" : "");
+-
+-	fclose(ldsout);
+-
+ 	free(guidnames->strtab);
+ 	free(guidnames);
+ 
diff --git a/meta/recipes-bsp/efivar/efivar_38.bb b/meta/recipes-bsp/efivar/efivar_38.bb
index 42625fa041..dc84b3732f 100644
--- a/meta/recipes-bsp/efivar/efivar_38.bb
+++ b/meta/recipes-bsp/efivar/efivar_38.bb
@@ -12,6 +12,11 @@ SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=main;protocol=https \
            file://0001-src-Makefile-build-util.c-separately-for-makeguids.patch \
            file://efisecdb-fix-build-with-musl-libc.patch \
            file://0001-Fix-invalid-free-in-main.patch \
+           file://0001-Remove-deprecated-add-needed-linker-flag.patch \
+           file://0002-Add-T-workaround-for-GNU-ld-2.36.patch \
+           file://0003-Set-LC_ALL-C-to-force-English-output-from-ld.patch \
+           file://0004-LLD-fix-detection-and-remove-not-needed-workarounds.patch \
+           file://0005-Revamp-efi_well_known_-variable-handling.patch \
            "
 SRCREV = "1753149d4176ebfb2b135ac0aaf79340bf0e7a93"
 
@@ -21,10 +26,6 @@ inherit pkgconfig
 
 export CCLD_FOR_BUILD = "${BUILD_CCLD}"
 
-# Upstream uses --add-needed in gcc.specs which gold doesn't support, so
-# enforce BFD.
-LDFLAGS += "-fuse-ld=bfd"
-
 do_compile() {
     oe_runmake ERRORS= HOST_CFLAGS="${BUILD_CFLAGS}" HOST_LDFLAGS="${BUILD_LDFLAGS}"
 }
-- 
2.34.1

[OE-core][kirkstone 13/14] libdnf: resolve cstdint inclusion for newer gcc versions

[Steve Sakoman]

From: Abe Kohandel <abe.kohandel@gmail.com>

Depending on the host gcc version, libdnf fails to compile due to
missing cstdint inclusions. These issue have already been addressed
upstream, add the patches to resolve this for older versions of the
library.

These commits are taken directly from the libdnf project at
https://github.com/rpm-software-management/libdnf

Signed-off-by: Abe Kohandel <abe.kohandel@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...58-Don-t-assume-inclusion-of-cstdint.patch | 56 +++++++++++++++++++
 ...onNumber.hpp-add-missing-cstdint-inc.patch | 33 +++++++++++
 ...ite3-Sqlite3.hpp-add-missing-cstdint.patch | 36 ++++++++++++
 meta/recipes-devtools/libdnf/libdnf_0.66.0.bb |  3 +
 4 files changed, 128 insertions(+)
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch

diff --git a/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch b/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
new file mode 100644
index 0000000000..277fd9fbf6
--- /dev/null
+++ b/meta/recipes-devtools/libdnf/libdnf/0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch
@@ -0,0 +1,56 @@
+From 779ea105564b6d717300af2fcb02a399737a536f Mon Sep 17 00:00:00 2001
+From: ctxnop <ctxnop@gmail.com>
+Date: Mon, 15 May 2023 19:30:16 +0200
+Subject: [PATCH] Fix #1558: Don't assume inclusion of cstdint
+
+With last versions of gcc, some headers don't include cstdint anymore,
+but some sources assume that it is.
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/libdnf/commit/779ea105564b6d717300af2fcb02a399737a536f]
+Signed-off-by: ctxnop <ctxnop@gmail.com>
+---
+ libdnf/conf/ConfigMain.hpp    | 1 +
+ libdnf/conf/ConfigRepo.hpp    | 1 +
+ libdnf/conf/OptionSeconds.hpp | 2 ++
+ 3 files changed, 4 insertions(+)
+
+diff --git a/libdnf/conf/ConfigMain.hpp b/libdnf/conf/ConfigMain.hpp
+index 19395c71..59f65c48 100644
+--- a/libdnf/conf/ConfigMain.hpp
++++ b/libdnf/conf/ConfigMain.hpp
+@@ -32,6 +32,7 @@
+ #include "OptionString.hpp"
+ #include "OptionStringList.hpp"
+ 
++#include <cstdint>
+ #include <memory>
+ 
+ namespace libdnf {
+diff --git a/libdnf/conf/ConfigRepo.hpp b/libdnf/conf/ConfigRepo.hpp
+index 2b198441..84cafbad 100644
+--- a/libdnf/conf/ConfigRepo.hpp
++++ b/libdnf/conf/ConfigRepo.hpp
+@@ -26,6 +26,7 @@
+ #include "ConfigMain.hpp"
+ #include "OptionChild.hpp"
+ 
++#include <cstdint>
+ #include <memory>
+ 
+ namespace libdnf {
+diff --git a/libdnf/conf/OptionSeconds.hpp b/libdnf/conf/OptionSeconds.hpp
+index dc714b23..a80a973f 100644
+--- a/libdnf/conf/OptionSeconds.hpp
++++ b/libdnf/conf/OptionSeconds.hpp
+@@ -25,6 +25,8 @@
+ 
+ #include "OptionNumber.hpp"
+ 
++#include <cstdint>
++
+ namespace libdnf {
+ 
+ /**
+-- 
+2.42.0
+
diff --git a/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
new file mode 100644
index 0000000000..abb9504e6e
--- /dev/null
+++ b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch
@@ -0,0 +1,33 @@
+From f8af6399c4f6a65a35d33ecc191bb14094dc9e18 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Fri, 27 May 2022 22:13:48 +0100
+Subject: [PATCH] libdnf/conf/OptionNumber.hpp: add missing <cstdint> include
+
+Without the change libdnf build fails on this week's gcc-13 snapshot as:
+
+    In file included from /build/libdnf/libdnf/conf/ConfigMain.hpp:29,
+                     from /build/libdnf/libdnf/conf/ConfigMain.cpp:21:
+    /build/libdnf/libdnf/conf/OptionNumber.hpp:94:41: error: 'int32_t' is not a member of 'std'; did you mean 'int32_t'?
+       94 | extern template class OptionNumber<std::int32_t>;
+          |                                         ^~~~~~~
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/libdnf/commit/f8af6399c4f6a65a35d33ecc191bb14094dc9e18]
+---
+ libdnf/conf/OptionNumber.hpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libdnf/conf/OptionNumber.hpp b/libdnf/conf/OptionNumber.hpp
+index f7a7b3d6..a3a4dea6 100644
+--- a/libdnf/conf/OptionNumber.hpp
++++ b/libdnf/conf/OptionNumber.hpp
+@@ -25,6 +25,7 @@
+ 
+ #include "Option.hpp"
+ 
++#include <cstdint>
+ #include <functional>
+ 
+ namespace libdnf {
+-- 
+2.42.0
+
diff --git a/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
new file mode 100644
index 0000000000..adde48ee46
--- /dev/null
+++ b/meta/recipes-devtools/libdnf/libdnf/0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch
@@ -0,0 +1,36 @@
+From 24b5d7f154cac9e322dd3459f6d0a5016abbbb57 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Fri, 27 May 2022 22:12:07 +0100
+Subject: [PATCH] libdnf/utils/sqlite3/Sqlite3.hpp: add missing <cstdint>
+ include
+
+Without the change libdnf build fails on this week's gcc-13 snapshot as:
+
+    In file included from /build/libdnf/libdnf/sack/../transaction/Swdb.hpp:38,
+                     from /build/libdnf/libdnf/sack/query.hpp:32,
+                     from /build/libdnf/libdnf/dnf-sack-private.hpp:31,
+                     from /build/libdnf/libdnf/hy-iutil.cpp:60:
+    /build/libdnf/libdnf/sack/../transaction/../utils/sqlite3/Sqlite3.hpp:100:33: error: 'std::int64_t' has not been declared
+      100 |         void bind(int pos, std::int64_t val)
+          |                                 ^~~~~~~
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/libdnf/commit/24b5d7f154cac9e322dd3459f6d0a5016abbbb57]
+---
+ libdnf/utils/sqlite3/Sqlite3.hpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libdnf/utils/sqlite3/Sqlite3.hpp b/libdnf/utils/sqlite3/Sqlite3.hpp
+index 3a7da23c..0403bb33 100644
+--- a/libdnf/utils/sqlite3/Sqlite3.hpp
++++ b/libdnf/utils/sqlite3/Sqlite3.hpp
+@@ -27,6 +27,7 @@
+ 
+ #include <sqlite3.h>
+ 
++#include <cstdint>
+ #include <map>
+ #include <memory>
+ #include <stdexcept>
+-- 
+2.42.0
+
diff --git a/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb b/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb
index 2558f96851..bd06937ed8 100644
--- a/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb
+++ b/meta/recipes-devtools/libdnf/libdnf_0.66.0.bb
@@ -11,6 +11,9 @@ SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;p
            file://enable_test_data_dir_set.patch \
            file://0001-drop-FindPythonInstDir.cmake.patch \
            file://0001-libdnf-dnf-context.cpp-do-not-try-to-access-BDB-data.patch \
+           file://0001-Fix-1558-Don-t-assume-inclusion-of-cstdint.patch \
+           file://0001-libdnf-utils-sqlite3-Sqlite3.hpp-add-missing-cstdint.patch \
+           file://0001-libdnf-conf-OptionNumber.hpp-add-missing-cstdint-inc.patch \
            "
 
 SRCREV = "add5d5418b140a86d08667dd2b14793093984875"
-- 
2.34.1

[OE-core][kirkstone 14/14] sysklogd: fix integration with systemd-journald

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Fix an issue with early log messages being lost when running in systemd.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...KillMode-process-is-not-recommended-.patch | 33 ++++++++
 ...-messages-lost-when-running-in-syste.patch | 75 +++++++++++++++++++
 .../sysklogd/sysklogd_2.3.0.bb                |  2 +
 3 files changed, 110 insertions(+)
 create mode 100644 meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
 create mode 100644 meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch

diff --git a/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
new file mode 100644
index 0000000000..6c7e7cea44
--- /dev/null
+++ b/meta/recipes-extended/sysklogd/files/0001-syslogd.service-KillMode-process-is-not-recommended-.patch
@@ -0,0 +1,33 @@
+From b732dd0001c66f3ff1e0aef919c84ca9f0f81252 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <troglobit@gmail.com>
+Date: Sat, 22 Apr 2023 07:40:24 +0200
+Subject: [PATCH 1/2] syslogd.service: KillMode=process is not recommended,
+ drop
+
+The default 'control-group' ensures all processes started by sysklogd
+are stopped when the service is stopped, this is what we want.
+
+Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+
+Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/c82c004de7e25e770039cba5d6a34c30dd548533]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ syslogd.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/syslogd.service.in b/syslogd.service.in
+index 91e080a..d614c5f 100644
+--- a/syslogd.service.in
++++ b/syslogd.service.in
+@@ -9,7 +9,6 @@ EnvironmentFile=-@SYSCONFDIR@/default/syslogd
+ ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS
+ StandardOutput=null
+ Restart=on-failure
+-KillMode=process
+ 
+ [Install]
+ WantedBy=multi-user.target
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch
new file mode 100644
index 0000000000..78ae57eeeb
--- /dev/null
+++ b/meta/recipes-extended/sysklogd/files/0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch
@@ -0,0 +1,75 @@
+From ba8156eab79784ef816958327e701923890e98f7 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <troglobit@gmail.com>
+Date: Sat, 22 Apr 2023 08:27:57 +0200
+Subject: [PATCH 2/2] Fix #62: early log messages lost when running in systemd
+
+This is a follow-up to d7576c7 which initially added support for running
+in systemd based systems.  Since the unit file sources the syslog.socket
+we have /run/systemd/journal/syslog open already on descriptor 3.  All
+we need to do is verify that's the mode syslogd runs in.
+
+Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+
+Upstream-Status: Backport [https://github.com/troglobit/sysklogd/commit/7ec64e5f9c1bc284792d028647fb36ef3e64dff7]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/syslogd.c      | 21 +++++++++++++++------
+ syslogd.service.in |  2 +-
+ 2 files changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/src/syslogd.c b/src/syslogd.c
+index fa4303f..e96ca9a 100644
+--- a/src/syslogd.c
++++ b/src/syslogd.c
+@@ -162,6 +162,7 @@ void        untty(void);
+ static void parsemsg(const char *from, char *msg);
+ static int  opensys(const char *file);
+ static void printsys(char *msg);
++static void unix_cb(int sd, void *arg);
+ static void logmsg(struct buf_msg *buffer);
+ static void fprintlog_first(struct filed *f, struct buf_msg *buffer);
+ static void fprintlog_successive(struct filed *f, int flags);
+@@ -436,12 +437,20 @@ int main(int argc, char *argv[])
+ 				.pe_serv = "syslog",
+ 			});
+ 
+-	/* Default to _PATH_LOG for the UNIX domain socket */
+-	if (!pflag)
+-		addpeer(&(struct peer) {
+-				.pe_name = _PATH_LOG,
+-				.pe_mode = 0666,
+-			});
++	/* Figure out where to read system log messages from */
++	if (!pflag) {
++		/* Do we run under systemd-journald (Requires=syslog.socket)? */
++		if (fcntl(3, F_GETFD) != -1) {
++			if (socket_register(3, NULL, unix_cb, NULL) == -1)
++				err(1, "failed registering syslog.socket (3)");
++		} else {
++			/* Default to _PATH_LOG for the UNIX domain socket */
++			addpeer(&(struct peer) {
++					.pe_name = _PATH_LOG,
++					.pe_mode = 0666,
++				});
++		}
++	}
+ 
+ 	if (!Foreground && !Debug) {
+ 		ppid = waitdaemon(30);
+diff --git a/syslogd.service.in b/syslogd.service.in
+index d614c5f..bc82af9 100644
+--- a/syslogd.service.in
++++ b/syslogd.service.in
+@@ -6,7 +6,7 @@ Requires=syslog.socket
+ 
+ [Service]
+ EnvironmentFile=-@SYSCONFDIR@/default/syslogd
+-ExecStart=@SBINDIR@/syslogd -F -p /run/systemd/journal/syslog $SYSLOGD_OPTS
++ExecStart=@SBINDIR@/syslogd -F $SYSLOGD_OPTS
+ StandardOutput=null
+ Restart=on-failure
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb b/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb
index 7043f3d391..0dc5ef93e2 100644
--- a/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb
+++ b/meta/recipes-extended/sysklogd/sysklogd_2.3.0.bb
@@ -12,6 +12,8 @@ inherit update-rc.d update-alternatives systemd autotools
 
 SRC_URI = "git://github.com/troglobit/sysklogd.git;branch=master;protocol=https \
            file://sysklogd \
+           file://0001-syslogd.service-KillMode-process-is-not-recommended-.patch \
+           file://0002-Fix-62-early-log-messages-lost-when-running-in-syste.patch \
            "
 
 SRCREV = "03c2c9c68d5d02675326527774e7e9cba3490ba0"
-- 
2.34.1