[honister][PATCH 00/11] Patch review

[honister][PATCH 00/11] Patch review

[Anuj Mittal]

Next changes for honister. Please review.

No problems seen while testing on autobuilder.

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3544

Thanks,

Anuj

The following changes since commit 75e47b96d8cf82ec4a7fa3225c7fbb5b6ab62b02:

  webkitgtk: update to 2.32.4 (2022-04-07 14:40:14 +0800)

are available in the Git repository at:

  git://push.openembedded.org/openembedded-core-contrib anujm/honister

Alexandre Belloni (1):
  pseudo: Fix handling of absolute links

Bruce Ashfield (1):
  linux-yocto/5.10: update to v5.10.109

Joe Slater (1):
  unzip: fix CVE-2021-4217

Martin Jansa (1):
  license_image.bbclass: close package.manifest file

Ralph Siemsen (1):
  xz: fix CVE-2022-1271

Richard Purdie (6):
  scripts/runqemu: Fix memory limits for qemux86-64
  vim: Upgrade 8.2.4524 -> 8.2.4681
  uninative: Upgrade to 3.6 with gcc 12 support
  tiff: Add marker for CVE-2022-1056 being fixed
  externalsrc/devtool: Fix to work with fixed export funcition flags
    handling
  libxshmfence: Correct LICENSE to HPND

 .../recipeutils/recipeutils-test_1.2.bb       |  2 +-
 meta/classes/externalsrc.bbclass              | 19 ++--
 meta/classes/license_image.bbclass            |  4 +-
 meta/conf/distro/include/yocto-uninative.inc  |  8 +-
 meta/recipes-devtools/pseudo/pseudo_git.bb    |  2 +-
 .../unzip/unzip/CVE-2021-4217.patch           | 67 +++++++++++++
 meta/recipes-extended/unzip/unzip_6.0.bb      |  1 +
 .../xz/xz/CVE-2022-1271.patch                 | 96 +++++++++++++++++++
 meta/recipes-extended/xz/xz_5.2.5.bb          |  4 +-
 .../xorg-lib/libxshmfence_1.3.bb              |  2 +-
 .../linux/linux-yocto-rt_5.10.bb              |  6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |  8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 ++---
 ...ue-380-and-382-heap-buffer-overflow-.patch |  1 +
 meta/recipes-support/vim/vim.inc              |  6 +-
 scripts/runqemu                               |  2 +-
 16 files changed, 210 insertions(+), 42 deletions(-)
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2022-1271.patch

-- 
2.35.1

[honister][PATCH 01/11] scripts/runqemu: Fix memory limits for qemux86-64

[Anuj Mittal]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

When setting memory to 4GB, qemu is only running with 2GB for x86_64.
Avoid this by removing the mem= option to the kernel and letting the
qemu configuration handle it for x86 in a similar way to mips.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2fd53417eba354c31c058c4bb066bb882e098add)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 scripts/runqemu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/runqemu b/scripts/runqemu
index 66e035c9af..1663fd829d 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -805,7 +805,7 @@ class BaseConfig(object):
         self.set('QB_MEM', qb_mem)
 
         mach = self.get('MACHINE')
-        if not mach.startswith('qemumips'):
+        if not mach.startswith(('qemumips', 'qemux86')):
             self.kernel_cmdline_script += ' mem=%s' % self.get('QB_MEM').replace('-m','').strip() + 'M'
 
         self.qemu_opt_script += ' %s' % self.get('QB_MEM')
-- 
2.35.1

[honister][PATCH 02/11] unzip: fix CVE-2021-4217

[Anuj Mittal]

From: Joe Slater <joe.slater@windriver.com>

Avoid a null pointer dereference.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 36db85b9b127e5a9f5d3d6e428168cf597ab95f3)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../unzip/unzip/CVE-2021-4217.patch           | 67 +++++++++++++++++++
 meta/recipes-extended/unzip/unzip_6.0.bb      |  1 +
 2 files changed, 68 insertions(+)
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch

diff --git a/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
new file mode 100644
index 0000000000..6ba2b879a3
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -0,0 +1,67 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars <nils.bars@t-online.de>
+Date: Mon, 17 Jan 2022 16:53:16 +0000
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+---
+ fileio.c  | 5 ++++-
+ process.c | 6 +++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-) 
+---
+
+Patch from:
+https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+Regenerated to apply without offsets.
+
+CVE: CVE-2021-4217
+
+Upstream-Status: Pending [infozip upstream inactive]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/fileio.c b/fileio.c
+index 14460f3..1dc319e 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option)   /* return PK-type error code */
+             seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+                       (G.inptr-G.inbuf) + length);
+         } else {
+-            if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++            unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
++            if (bytes_read == 0)
+                 return PK_EOF;
++            if (bytes_read != length)
++                return PK_ERR;
+             /* Looks like here is where extra fields are read */
+             if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+             {
+diff --git a/process.c b/process.c
+index 5f8f6c6..de843a5 100644
+--- a/process.c
++++ b/process.c
+@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+           G.unipath_checksum = makelong(offset + ef_buf);
+           offset += 4;
+ 
++          if (!G.filename_full) {
++            /* Check if we have a unicode extra section but no filename set */
++            return PK_ERR;
++          }
++
+           /*
+            * Compute 32-bit crc
+            */
+-
+           chksum = crc32(chksum, (uch *)(G.filename_full),
+                          strlen(G.filename_full));
+ 
+-- 
+2.32.0
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 0bc6abcd4b..d074db37b4 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -27,6 +27,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
 	file://CVE-2019-13232_p2.patch \
 	file://CVE-2019-13232_p3.patch \
 	file://unzip_optimization.patch \
+        file://CVE-2021-4217.patch \
 "
 UPSTREAM_VERSION_UNKNOWN = "1"
 
-- 
2.35.1

[honister][PATCH 03/11] vim: Upgrade 8.2.4524 -> 8.2.4681

[Anuj Mittal]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

License change is a date in the license file only.

This includes a fix for CVE-2022-0943.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69bc2f37d6ca7fa4823237b45dd698b8debca0a9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-support/vim/vim.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index a05e91fe20..933ecfd9af 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -11,7 +11,7 @@ RSUGGESTS:${PN} = "diffutils"
 
 LICENSE = "vim"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \
-                    file://runtime/doc/uganda.txt;md5=a3f193c20c6faff93c69185d5d070535"
+                    file://runtime/doc/uganda.txt;md5=daf48235bb824c77fe8ae88d5f575f74"
 
 SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://disable_acl_header_check.patch \
@@ -21,8 +21,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://racefix.patch \
            "
 
-PV .= ".4524"
-SRCREV = "d8f8629b1bf566e1dada7515e9b146c69e5d9757"
+PV .= ".4681"
+SRCREV = "15f74fab653a784548d5d966644926b47ba2cfa7"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
-- 
2.35.1

[honister][PATCH 04/11] linux-yocto/5.10: update to v5.10.109

[Anuj Mittal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.10 to the latest korg -stable release that comprises
the following commits:

    d9c5818a0bc0 Linux 5.10.109
    163960a7de13 llc: only change llc->dev when bind() succeeds
    2b5a6d771450 nds32: fix access_ok() checks in get/put_user
    c064268eb8ed wcn36xx: Differentiate wcn3660 from wcn3620
    95193d12f10a tpm: use try_get_ops() in tpm-space.c
    5d3ff9542a40 mac80211: fix potential double free on mesh join
    fcc9797d0d13 rcu: Don't deboost before reporting expedited quiescent state
    87f7ed7c3659 Revert "ath: add support for special 0x0 regulatory domain"
    c971e6a1c8fa crypto: qat - disable registration of algorithms
    9f4e64611ebe ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
    0b2ffba2de50 ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
    2724b72b225d ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
    2c74374c2e88 netfilter: nf_tables: initialize registers in nft_do_chain()
    eb1ba8d1c3e2 drivers: net: xgene: Fix regression in CRC stripping
    a2368d10b7fb ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
    6936d2ecf822 ALSA: cmipci: Restore aux vol on suspend/resume
    cbd27127af5f ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
    0ae81ef3ea0e ALSA: pcm: Add stream lock during PCM reset ioctl operations
    b560d670c87d ALSA: pcm: Fix races among concurrent prealloc proc writes
    a38440f00697 ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    8527c8f052fb ALSA: pcm: Fix races among concurrent read/write and buffer changes
    0f6947f5f520 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    014c81dfb319 ALSA: hda/realtek: Add quirk for ASUS GA402
    05256f3fd6c9 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    ca8247b4dfb8 ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
    26fe8f31033b ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
    80eab86a86d2 ALSA: usb-audio: add mapping for new Corsair Virtuoso SE
    5ce74ff70593 ALSA: oss: Fix PCM OSS buffer allocation overflow
    db03abd0dae0 ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
    571df3393f52 llc: fix netdevice reference leaks in llc_ui_bind()
    56dc187b35d5 staging: fbtft: fb_st7789v: reset display before initialization
    351493858ebc tpm: Fix error handling in async work
    ea21245cdcab cgroup-v1: Correct privileges check in release_agent writes
    824a950c3f11 cgroup: Use open-time cgroup namespace for process migration perm checks
    f28364fe384f cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
    9eeaa2d7d58a exfat: avoid incorrectly releasing for root inode
    ae8ec5eabb1a net: ipv6: fix skb_over_panic in __ip6_append_data
    25c23fe40e6e nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
    9940314ebfc6 Linux 5.10.108
    37119edab8f4 Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
    9248694dac20 esp: Fix possible buffer overflow in ESP transformation
    96340cdd5526 smsc95xx: Ignore -ENODEV errors when device is unplugged
    e27b51af5449 net: usb: Correct reset handling of smsc95xx
    b54daeafc1b0 net: usb: Correct PHY handling of smsc95xx
    204d38dc6a81 perf symbols: Fix symbol size calculation condition
    f0d43d22d241 Input: aiptek - properly check endpoint type
    98e7a654a5be scsi: mpt3sas: Page fault in reply q processing
    10a805334a11 usb: usbtmc: Fix bug in pipe direction for control transfers
    00bdd9bf1ac6 usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
    28bc0267399f usb: gadget: rndis: prevent integer overflow in rndis_set_response()
    2c010c61e614 arm64: fix clang warning about TRAMP_VALIAS
    277b7f63948b net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload
    2550afba2a30 net: bcmgenet: skip invalid partial checksums
    bf5b7aae86d3 bnx2x: fix built-in kernel driver load failure
    c07fdba12fb0 net: phy: mscc: Add MODULE_FIRMWARE macros
    ba50073cf4af net: dsa: Add missing of_node_put() in dsa_port_parse_of
    a630ad5e8b2d net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
    336b6be6ad09 drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
    9d45aec02f7b drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check()
    9b763ceda6f8 hv_netvsc: Add check for kvmalloc_array
    09a7264fb0d0 atm: eni: Add check for dma_map_single
    70b7b3c055fd net/packet: fix slab-out-of-bounds access in packet_recvmsg()
    169add82d201 net: phy: marvell: Fix invalid comparison in the resume and suspend functions
    01fac1ca8ab9 esp6: fix check on ipv6_skip_exthdr's return value
    d9fe590970c4 vsock: each transport cycles only on its own sockets
    ac7dd60946c0 efi: fix return value of __setup handlers
    fa3aa103e79c mm: swap: get rid of livelock in swapin readahead
    df3301dc60a3 ocfs2: fix crash when initialize filecheck kobj fails
    0f9b7b8df175 crypto: qcom-rng - ensure buffer for generate is completely filled

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit db6a636319ffd2b12c54b6ec1b3fdd670f9b6704)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../linux/linux-yocto-rt_5.10.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.10.bb            |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index a8b6aa203d..9b125a92ef 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "7f96d3fd60eea0ab38afdf07b3fc7c8c9f501802"
-SRCREV_meta ?= "24ab54209a8822aad92afe2c51ea5b95f5175394"
+SRCREV_machine ?= "40a6731993d406d6c9fed43cb20c6a4f178ff2cc"
+SRCREV_meta ?= "1ae63728667964edf845b4f85bb6c06a55b81793"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.10.107"
+LINUX_VERSION ?= "5.10.109"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index 758260c3d8..98ac869e79 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.10.107"
+LINUX_VERSION ?= "5.10.109"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine:qemuarm ?= "d47f1b40f2f77d0c810defd853c69eb39cb84bf5"
-SRCREV_machine ?= "1ae0844c6a36151066744e43fd30db3a946bc21d"
-SRCREV_meta ?= "24ab54209a8822aad92afe2c51ea5b95f5175394"
+SRCREV_machine:qemuarm ?= "9524d0ca0feeeb4cb698e3c984f4391ccb4b8e19"
+SRCREV_machine ?= "bccf3a5f14511fb8ce6a9dd990216508d2c2ec6e"
+SRCREV_meta ?= "1ae63728667964edf845b4f85bb6c06a55b81793"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index 9c1bd26b36..74fd0ad21c 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86  ?= "v5.10/standard/base"
 KBRANCH:qemux86-64 ?= "v5.10/standard/base"
 KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "2ef8231651bb6a4c79b307f59a794b92238546ec"
-SRCREV_machine:qemuarm64 ?= "00684b441f15d202c5849eed164a9b3b94a5c1e8"
-SRCREV_machine:qemumips ?= "661a4f517906253e074fe301d68ff1e6b6968e9f"
-SRCREV_machine:qemuppc ?= "bff933cb7a11019c64e6034c48ab79453f75b99e"
-SRCREV_machine:qemuriscv64 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
-SRCREV_machine:qemuriscv32 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
-SRCREV_machine:qemux86 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
-SRCREV_machine:qemux86-64 ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
-SRCREV_machine:qemumips64 ?= "7a89b456542ff1fa0ab71fa4a2ae6f04281f3a2d"
-SRCREV_machine ?= "763c0dbc0458ebcb1d06afe2f324925f0f61bd27"
-SRCREV_meta ?= "24ab54209a8822aad92afe2c51ea5b95f5175394"
+SRCREV_machine:qemuarm ?= "dfeff112cafaf3a04da6cd60301d297406e1b77f"
+SRCREV_machine:qemuarm64 ?= "3641e4234255c71c33cb2d9422f54c17b70c8941"
+SRCREV_machine:qemumips ?= "7eead19134a43cf9ccc0fa9d75c45be2a7743f13"
+SRCREV_machine:qemuppc ?= "6e1d66b2a871be0450722a50fc087ff8ccbcddd7"
+SRCREV_machine:qemuriscv64 ?= "d2f7a595bf0b752275d503046494b668549cb151"
+SRCREV_machine:qemuriscv32 ?= "d2f7a595bf0b752275d503046494b668549cb151"
+SRCREV_machine:qemux86 ?= "d2f7a595bf0b752275d503046494b668549cb151"
+SRCREV_machine:qemux86-64 ?= "d2f7a595bf0b752275d503046494b668549cb151"
+SRCREV_machine:qemumips64 ?= "279f142932679a8ba212ebae4b9db851636a1fab"
+SRCREV_machine ?= "d2f7a595bf0b752275d503046494b668549cb151"
+SRCREV_meta ?= "1ae63728667964edf845b4f85bb6c06a55b81793"
 
 # remap qemuarm to qemuarma15 for the 5.8 kernel
 # KMACHINE:qemuarm ?= "qemuarma15"
@@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.107"
+LINUX_VERSION ?= "5.10.109"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.35.1

[honister][PATCH 05/11] pseudo: Fix handling of absolute links

[Anuj Mittal]

From: Alexandre Belloni <alexandre.belloni@bootlin.com>

Update to a version of pseudo which has a fix for absolute links,
evaluating them from the chroot path.

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33147b89bc3c9e9bdd53a942a5551d8a1d06130c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index d20136aef9..e7ef6a730c 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "df1d1321fb093283485c387e3c933d2d264e509c"
+SRCREV = "2b4b88eb513335b0ece55fe51854693d9b20de35"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.35.1

[honister][PATCH 06/11] xz: fix CVE-2022-1271

[Anuj Mittal]

From: Ralph Siemsen <ralph.siemsen@linaro.org>

Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.

Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch]
CVE: CVE-2022-1271

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 97bf86ccde4417daec8ef3945071a50a09134bc6)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../xz/xz/CVE-2022-1271.patch                 | 96 +++++++++++++++++++
 meta/recipes-extended/xz/xz_5.2.5.bb          |  4 +-
 2 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2022-1271.patch

diff --git a/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/meta/recipes-extended/xz/xz/CVE-2022-1271.patch
new file mode 100644
index 0000000000..e43e73cf12
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2022-1271.patch
@@ -0,0 +1,96 @@
+From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Tue, 29 Mar 2022 19:19:12 +0300
+Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
+
+Malicious filenames can make xzgrep to write to arbitrary files
+or (with a GNU sed extension) lead to arbitrary code execution.
+
+xzgrep from XZ Utils versions up to and including 5.2.5 are
+affected. 5.3.1alpha and 5.3.2alpha are affected as well.
+This patch works for all of them.
+
+This bug was inherited from gzip's zgrep. gzip 1.12 includes
+a fix for zgrep.
+
+The issue with the old sed script is that with multiple newlines,
+the N-command will read the second line of input, then the
+s-commands will be skipped because it's not the end of the
+file yet, then a new sed cycle starts and the pattern space
+is printed and emptied. So only the last line or two get escaped.
+
+One way to fix this would be to read all lines into the pattern
+space first. However, the included fix is even simpler: All lines
+except the last line get a backslash appended at the end. To ensure
+that shell command substitution doesn't eat a possible trailing
+newline, a colon is appended to the filename before escaping.
+The colon is later used to separate the filename from the grep
+output so it is fine to add it here instead of a few lines later.
+
+The old code also wasn't POSIX compliant as it used \n in the
+replacement section of the s-command. Using \<newline> is the
+POSIX compatible method.
+
+LC_ALL=C was added to the two critical sed commands. POSIX sed
+manual recommends it when using sed to manipulate pathnames
+because in other locales invalid multibyte sequences might
+cause issues with some sed implementations. In case of GNU sed,
+these particular sed scripts wouldn't have such problems but some
+other scripts could have, see:
+
+    info '(sed)Locale Considerations'
+
+This vulnerability was discovered by:
+cleemy desu wayo working with Trend Micro Zero Day Initiative
+
+Thanks to Jim Meyering and Paul Eggert discussing the different
+ways to fix this and for coordinating the patch release schedule
+with gzip.
+
+Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch]
+CVE: CVE-2022-1271
+
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+---
+ src/scripts/xzgrep.in | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
+index 9db5c3a..f64dddb 100644
+--- a/src/scripts/xzgrep.in
++++ b/src/scripts/xzgrep.in
+@@ -179,22 +179,26 @@ for i; do
+          { test $# -eq 1 || test $no_filename -eq 1; }; then
+       eval "$grep"
+     else
++      # Append a colon so that the last character will never be a newline
++      # which would otherwise get lost in shell command substitution.
++      i="$i:"
++
++      # Escape & \ | and newlines only if such characters are present
++      # (speed optimization).
+       case $i in
+       (*'
+ '* | *'&'* | *'\'* | *'|'*)
+-        i=$(printf '%s\n' "$i" |
+-            sed '
+-              $!N
+-              $s/[&\|]/\\&/g
+-              $s/\n/\\n/g
+-            ');;
++        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
+       esac
+-      sed_script="s|^|$i:|"
++
++      # $i already ends with a colon so don't add it here.
++      sed_script="s|^|$i|"
+ 
+       # Fail if grep or sed fails.
+       r=$(
+         exec 4>&1
+-        (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
++        (eval "$grep" 4>&-; echo $? >&4) 3>&- |
++            LC_ALL=C sed "$sed_script" >&3 4>&-
+       ) || r=2
+       exit $r
+     fi >&3 5>&-
diff --git a/meta/recipes-extended/xz/xz_5.2.5.bb b/meta/recipes-extended/xz/xz_5.2.5.bb
index 8021ebd9bc..200af0e672 100644
--- a/meta/recipes-extended/xz/xz_5.2.5.bb
+++ b/meta/recipes-extended/xz/xz_5.2.5.bb
@@ -23,7 +23,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \
                     file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \
                     "
 
-SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz"
+SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \
+           file://CVE-2022-1271.patch \
+           "
 SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717"
 SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10"
 UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar"
-- 
2.35.1

[honister][PATCH 07/11] uninative: Upgrade to 3.6 with gcc 12 support

[Anuj Mittal]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

There are reports of issues with the new libstdc++ from gcc 12. This upgrades
to a gcc 12 version of uninative to allow builds on those systems. Gcc 12 isn't
finalised so we may need to add a new version of this if/as appropriate when it
is.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e3da4da7e5da5bb9e1d360e2be2fdd5132e69320)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/conf/distro/include/yocto-uninative.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index bfe05ce1eb..411fe45a24 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -7,9 +7,9 @@
 #
 
 UNINATIVE_MAXGLIBCVERSION = "2.35"
-UNINATIVE_VERSION = "3.5"
+UNINATIVE_VERSION = "3.6"
 
 UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
-UNINATIVE_CHECKSUM[aarch64] ?= "6de0771bd21e0fcb5e80388e5b561a8023b24083bcbf46e056a089982aff75d7"
-UNINATIVE_CHECKSUM[i686] ?= "8c8745becbfa1c341bae839c7eab56ddf17ce36c303bcd73d3b2f2f788b631c2"
-UNINATIVE_CHECKSUM[x86_64] ?= "e8047a5748e6f266165da141eb6d08b23674f30e477b0e5505b6403d50fbc4b2"
+UNINATIVE_CHECKSUM[aarch64] ?= "d64831cf2792c8e470c2e42230660e1a8e5de56a579cdd59978791f663c2f3ed"
+UNINATIVE_CHECKSUM[i686] ?= "2f0ee9b66b1bb2c85e2b592fb3c9c7f5d77399fa638d74961330cdb8de34ca3b"
+UNINATIVE_CHECKSUM[x86_64] ?= "9bfc4c970495b3716b2f9e52c4df9f968c02463a9a95000f6657fbc3fde1f098"
-- 
2.35.1

[honister][PATCH 08/11] tiff: Add marker for CVE-2022-1056 being fixed

[Anuj Mittal]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

As far as I can tell, the patches being applied also fix CVE-2022-1056 so
mark as such.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...02-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
index d31e9650d1..812ffb232d 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
@@ -1,4 +1,5 @@
 CVE: CVE-2022-0891
+CVE: CVE-2022-1056
 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 
-- 
2.35.1

[honister][PATCH 09/11] externalsrc/devtool: Fix to work with fixed export funcition flags handling

[Anuj Mittal]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

If we fix bitbake to correctly handle the cleandirs and fakeroot flags
for tasks handled by EXPORT_FUNCTIONS, we break devtool since it only
considers these for top level functions. Add in extra code to intercept
the cleandirs flags for commonly used sub functions too.

[YOCTO #8621]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67fad829f37ed0a8e20c599d2b65635158591d06)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/classes/externalsrc.bbclass | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/meta/classes/externalsrc.bbclass b/meta/classes/externalsrc.bbclass
index ad93b2d2ab..435635f42b 100644
--- a/meta/classes/externalsrc.bbclass
+++ b/meta/classes/externalsrc.bbclass
@@ -90,15 +90,16 @@ python () {
                 # Since configure will likely touch ${S}, ensure only we lock so one task has access at a time
                 d.appendVarFlag(task, "lockfiles", " ${S}/singletask.lock")
 
-            # We do not want our source to be wiped out, ever (kernel.bbclass does this for do_clean)
-            cleandirs = oe.recipeutils.split_var_value(d.getVarFlag(task, 'cleandirs', False) or '')
-            setvalue = False
-            for cleandir in cleandirs[:]:
-                if oe.path.is_path_parent(externalsrc, d.expand(cleandir)):
-                    cleandirs.remove(cleandir)
-                    setvalue = True
-            if setvalue:
-                d.setVarFlag(task, 'cleandirs', ' '.join(cleandirs))
+            for funcname in [task, "base_" + task, "kernel_" + task]:
+                # We do not want our source to be wiped out, ever (kernel.bbclass does this for do_clean)
+                cleandirs = oe.recipeutils.split_var_value(d.getVarFlag(funcname, 'cleandirs', False) or '')
+                setvalue = False
+                for cleandir in cleandirs[:]:
+                    if oe.path.is_path_parent(externalsrc, d.expand(cleandir)):
+                        cleandirs.remove(cleandir)
+                        setvalue = True
+                if setvalue:
+                    d.setVarFlag(funcname, 'cleandirs', ' '.join(cleandirs))
 
         fetch_tasks = ['do_fetch', 'do_unpack']
         # If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one
-- 
2.35.1

[honister][PATCH 10/11] libxshmfence: Correct LICENSE to HPND

[Anuj Mittal]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The license in this code is listed as MIT and whilst it is compatible with and
usable as MIT, it actually looks like HPND. Clarify the license field accordingly.

(From OE-Core master rev: 922b645f443c33060a8990d32e6b7b62ea5497c3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb | 2 +-
 meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb b/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
index 062d6a7a05..ad9f475d15 100644
--- a/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
+++ b/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
@@ -2,7 +2,7 @@ SUMMARY = "Test recipe for recipeutils.patch_recipe()"
 
 require recipeutils-test.inc
 
-LICENSE = "Proprietary"
+LICENSE = "HPND"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/somefile;md5=d41d8cd98f00b204e9800998ecf8427e"
 DEPENDS += "zlib"
 
diff --git a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
index d153c7a603..b0b6cb6b56 100644
--- a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
+++ b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
@@ -6,7 +6,7 @@ using file descriptor passing."
 
 require xorg-lib-common.inc
 
-LICENSE = "MIT-style"
+LICENSE = "HPND"
 LIC_FILES_CHKSUM = "file://COPYING;md5=47e508ca280fde97906eacb77892c3ac"
 
 DEPENDS += "virtual/libx11"
-- 
2.35.1

[honister][PATCH 11/11] license_image.bbclass: close package.manifest file

[Anuj Mittal]

From: Martin Jansa <Martin.Jansa@gmail.com>

* fixes:
  NOTE: Executing write_package_manifest ...
  DEBUG: Executing python function write_package_manifest
  /OE/build/oe-core/openembedded-core/meta/classes/license_image.bbclass:23: ResourceWarning: unclosed file <_io.TextIOWrapper name='/OE/build/oe-core/tmp-glibc/deploy/licenses/core-image-minimal-qemux86-64/package.manifest' mode='w+' encoding='UTF-8'>
    'w+').write(output)
  ResourceWarning: Enable tracemalloc to get the object allocation traceback
  DEBUG: Python function write_package_manifest finished

[YOCTO #14772]

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b3114d5d438b7a63a276b4e825b62f3b1ebceed6)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/classes/license_image.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/license_image.bbclass b/meta/classes/license_image.bbclass
index 5490d121f1..150e8174f1 100644
--- a/meta/classes/license_image.bbclass
+++ b/meta/classes/license_image.bbclass
@@ -19,8 +19,8 @@ python write_package_manifest() {
 
     pkgs = image_list_installed_packages(d)
     output = format_pkg_list(pkgs)
-    open(os.path.join(license_image_dir, 'package.manifest'),
-        'w+').write(output)
+    with open(os.path.join(license_image_dir, 'package.manifest'), "w+") as package_manifest:
+        package_manifest.write(output)
 }
 
 python license_create_manifest() {
-- 
2.35.1