kirkstone: subtree updateskirkstone

meta-raspberrypi: 2a06e4e84b..43683cb14b:
  Florin Sarbu (1):
        udev-rules-rpi: Use 99-com.rules directly from upstream

meta-openembedded: df452d9d98..f95484417e:
  Arsalan H. Awan (1):
        meta-networking/licenses/netperf: remove unused license

  Bhargav Das (2):
        tslib: Add native & nativestdk package support
        pointercal: Add native & nativestdk package support

  Changqing Li (1):
        redis: fix do_patch fuzz warning

  Chee Yang Lee (3):
        tinyproxy: fix CVE-2022-40468
        capnproto: upgrade to 0.9.2
        freerdp: fix CVE-2022-39316/39318/39319

  Gianluigi Spagnuolo (1):
        libbpf: add native and nativesdk BBCLASSEXTEND

  Jasper Orschulko (1):
        python3-gcovr: Add missing runtime dependency

  Jonas Gorski (3):
        frr: Security fix CVE-2022-36440 / CVE-2022-40302
        frr: Security fix CVE-2022-40318
        frr: Security fix CVE-2022-43681

  Khem Raj (1):
        nodejs: Fix build with gcc13

  Martin Jansa (1):
        abseil-cpp: backport a fix for build with gcc-13

  Narpat Mali (3):
        python3-werkzeug: fix for CVE-2023-25577
        python3-django: upgrade 4.0.2 -> 4.2.1
        python3-m2crypto: fix for CVE-2020-25657

  Natasha Bailey (1):
        libyang: backport a fix for CVE-2023-26916

  Valeria Petrov (1):
        apache2: upgrade 2.4.56 -> 2.4.57

  Xiangyu Chen (3):
        pahole: fix native package build error
        Revert "pahole: fix native package build error"
        libbpf: installing uapi headers for native package

poky: 4cc0e9438b..43b94d2b84:
  Alexander Kanavin (1):
        dhcpcd: use git instead of tarballs

  Archana Polampalli (4):
        nasm: fix CVE-2022-44370
        git: fix CVE-2023-29007
        git: fix CVE-2023-25652
        git: ignore CVE-2023-25815

  Arturo Buzarra (1):
        run-postinsts: Set dependency for ldconfig to avoid boot issues

  Bhabu Bindu (4):
        curl: Fix CVE-2023-28319
        curl: Fix CVE-2023-28320
        curl: Fix CVE-2023-28321
        curl: Fix CVE-2023-28322

  Bruce Ashfield (9):
        linux-yocto/5.15: update to v5.15.106
        linux-yocto/5.15: update to v5.15.107
        linux-yocto/5.15: update to v5.15.108
        kernel: improve initramfs bundle processing time
        linux-yocto/5.10: update to v5.10.176
        linux-yocto/5.10: update to v5.10.177
        linux-yocto/5.10: update to v5.10.178
        linux-yocto/5.10: update to v5.10.179
        linux-yocto/5.10: update to v5.10.180

  C. Andy Martin (1):
        systemd-networkd: backport fix for rm unmanaged wifi

  Christoph Lauer (1):
        populate_sdk_base: add zip options

  Daniel Ammann (1):
        overview-manual: concepts.rst: Fix a typo

  Deepthi Hemraj (5):
        glibc: stable 2.35 branch updates.
        binutils : Fix CVE-2023-25584
        binutils : Fix CVE-2023-25585
        binutils : Fix CVE-2023-1972
        binutils : Fix CVE-2023-25588

  Dmitry Baryshkov (1):
        linux-firmware: upgrade 20230210 -> 20230404

  Eero Aaltonen (1):
        avahi: fix D-Bus introspection

  Enrico Jörns (1):
        package_manager/ipk: fix config path generation in _create_custom_config()

  Hitendra Prajapati (2):
        connman: fix CVE-2023-28488 DoS in client.c
        sysstat: Fix CVE-2023-33204

  Jan Luebbe (1):
        p11-kit: add native to BBCLASSEXTEND

  Joe Slater (1):
        ghostscript: fix CVE-2023-29979

  Kai Kang (1):
        webkitgtk: fix CVE-2022-32888 & CVE-2022-32923

  Khem Raj (2):
        gcc-runtime: Use static dummy libstdc++
        quilt: Fix merge.test race condition

  Lee Chee Yang (1):
        migration-guides: add release notes for 4.0.10

  Marek Vasut (1):
        cpio: Fix wrong CRC with ASCII CRC for large files

  Martin Jansa (3):
        populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
        llvm: backport a fix for build with gcc-13
        kernel-devicetree: make shell scripts posix compliant

  Martin Siegumfeldt (1):
        systemd-systemctl: fix instance template WantedBy symlink construction

  Michael Halstead (2):
        uninative: Upgrade to 3.10 to support gcc 13
        uninative: Upgrade to 4.0 to include latest gcc 13.1.1

  Michael Opdenacker (2):
        conf.py: add macro for Mitre CVE links
        migration-guides: use new cve_mitre macro

  Ming Liu (1):
        weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland

  Mingli Yu (1):
        ruby: Fix CVE-2023-28755

  Narpat Mali (3):
        ffmpeg: fix for CVE-2022-48434
        python3-cryptography: fix for CVE-2023-23931
        python3-requests: fix for CVE-2023-32681

  Omkar Patil (1):
        curl: Correction for CVE-2023-27536

  Pablo Saavedra (1):
        gstreamer1.0: upgrade 1.20.5 -> 1.20.6

  Pascal Bach (1):
        cmake: add CMAKE_SYSROOT to generated toolchain file

  Peter Bergin (1):
        update-alternatives.bbclass: fix old override syntax

  Peter Kjellerstedt (1):
        license.bbclass: Include LICENSE in the output when it fails to parse

  Peter Marko (2):
        libxml2: patch CVE-2023-28484 and CVE-2023-29469
        openssl: Upgrade 3.0.8 -> 3.0.9

  Piotr Łobacz (1):
        libarchive: Enable acls, xattr for native as well as target

  Quentin Schulz (1):
        Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"

  Randolph Sapp (4):
        wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
        kernel-devicetree: allow specification of dtb directory
        package: enable recursion on file globs
        kernel-devicetree: recursively search for dtbs

  Ranjitsinh Rathod (1):
        libbsd: Add correct license for all packages

  Richard Purdie (3):
        maintainers.inc: Fix email address typo
        maintainers.inc: Move repo to unassigned
        selftest/reproducible: Allow native/cross reuse in test

  Riyaz Khan (1):
        openssh: Remove BSD-4-clause contents completely from codebase

  Ross Burton (1):
        xserver-xorg: backport fix for CVE-2023-1393

  Sakib Sajal (1):
        go: fix CVE-2023-24540

  Shubham Kulkarni (1):
        go: Security fix for CVE-2023-24538

  Soumya (1):
        perl: fix CVE-2023-31484

  Steve Sakoman (3):
        Revert "xserver-xorg: backport fix for CVE-2023-1393"
        poky.conf: bump version for 4.0.10
        build-appliance-image: Update to kirkstone head revision

  Thomas Roos (1):
        oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set

  Tom Hochstein (2):
        piglit: Add PACKAGECONFIG for glx and opencl
        piglit: Add missing glslang dependencies

  Upgrade Helper (1):
        waffle: upgrade 1.7.0 -> 1.7.2

  Virendra Thakur (1):
        qemu: Whitelist CVE-2023-0664

  Vivek Kumbhar (3):
        freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
        go: fix CVE-2023-24534 denial of service from excessive memory allocation
        go: fix CVE-2023-24539 html/template improper sanitization of CSS values

  Wang Mingyu (2):
        wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
        xserver-xorg: upgrade 21.1.7 -> 21.1.8

  Yoann Congal (1):
        linux-yocto: Exclude 121 CVEs already fixed upstream

  Yogita Urade (2):
        xorg-lib-common: Add variable to set tarball type
        libxpm: upgrade 3.5.13 -> 3.5.15

  Zhixiong Chi (1):
        libpam: Fix the xtests/tst-pam_motd[1|3] failures

  Zoltan Boszormenyi (1):
        piglit: Fix build time dependency

  bkylerussell@gmail.com (1):
        kernel-devsrc: depend on python3-core instead of python3

  leimaohui (1):
        nghttp2: Deleted the entries for -client and -server, and removed a dependency on them from the main package.

meta-security: cc20e2af2a..d398cc6ea6:
  Armin Kuster (1):
        apparmor: fix ownership issues

  Josh Harley (1):
        Add EROFS support to dm-verity-img class

  Maciej Borzęcki (1):
        dm-verity-img.bbclass: add squashfs images

  Peter Marko (1):
        tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I683201033cfd1b1135738f49b0faf6df2e6348b6

3 files changed, 260 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch b/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch
new file mode 100644
index 0000000000..825701eaff
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/git/CVE-2023-25652.patch
@@ -0,0 +1,94 @@
+From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
+Date: Thu Mar 9 16:02:54 2023 +0100
+Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it
+ exists
+
+   The `git apply --reject` is expected to write out `.rej` files in case
+   one or more hunks fail to apply cleanly. Historically, the command
+   overwrites any existing `.rej` files. The idea being that
+   apply/reject/edit cycles are relatively common, and the generated `.rej`
+   files are not considered precious.
+
+    But the command does not overwrite existing `.rej` symbolic links, and
+    instead follows them. This is unsafe because the same patch could
+    potentially create such a symbolic link and point at arbitrary paths
+    outside the current worktree, and `git apply` would write the contents
+    of the `.rej` file into that location.
+
+    Therefore, let's make sure that any existing `.rej` file or symbolic
+    link is removed before writing it.
+
+    Reported-by: RyotaK <ryotak.mail@gmail.com>
+    Helped-by: Taylor Blau <me@ttaylorr.com>
+    Helped-by: Junio C Hamano <gitster@pobox.com>
+    Helped-by: Linus Torvalds <torvalds@linuxfoundation.org>
+    Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+CVE: CVE-2023-25652
+Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ apply.c                  | 14 ++++++++++++--
+ t/t4115-apply-symlink.sh | 15 +++++++++++++++
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/apply.c b/apply.c
+index fc6f484..47f2686 100644
+--- a/apply.c
++++ b/apply.c
+@@ -4584,7 +4584,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+	FILE *rej;
+	char namebuf[PATH_MAX];
+	struct fragment *frag;
+-	int cnt = 0;
++	int fd, cnt = 0;
+	struct strbuf sb = STRBUF_INIT;
+
+	for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) {
+@@ -4624,7 +4624,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+	memcpy(namebuf, patch->new_name, cnt);
+	memcpy(namebuf + cnt, ".rej", 5);
+
+-	rej = fopen(namebuf, "w");
++	fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++	if (fd < 0) {
++		if (errno != EEXIST)
++			return error_errno(_("cannot open %s"), namebuf);
++		if (unlink(namebuf))
++			return error_errno(_("cannot unlink '%s'"), namebuf);
++		fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++		if (fd < 0)
++			return error_errno(_("cannot open %s"), namebuf);
++	}
++	rej = fdopen(fd, "w");
+	if (!rej)
+		return error_errno(_("cannot open %s"), namebuf);
+
+diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh
+index 65ac7df..e95e6d4 100755
+--- a/t/t4115-apply-symlink.sh
++++ b/t/t4115-apply-symlink.sh
+@@ -126,4 +126,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' '
+	test_path_is_file .git/delete-me
+ '
+
++test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' '
++	test_when_finished "git reset --hard && git clean -dfx" &&
++
++	test_commit file &&
++	echo modified >file.t &&
++	git diff -- file.t >patch &&
++	echo modified-again >file.t &&
++
++	ln -s foo file.t.rej &&
++	test_must_fail git apply patch --reject 2>err &&
++	test_i18ngrep "Rejected hunk" err &&
++	test_path_is_missing foo &&
++	test_path_is_file file.t.rej
++'
++
+ test_done
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch b/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch
new file mode 100644
index 0000000000..472f4022b2
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/git/CVE-2023-29007.patch
@@ -0,0 +1,162 @@
+From 057c07a7b1fae22fdeef26c243f4cfbe3afc90ce Mon Sep 17 00:00:00 2001
+From: Taylor Blau <me@ttaylorr.com>
+Date: Fri, 14 Apr 2023 11:46:59 -0400
+Subject: [PATCH] Merge branch 'tb/config-copy-or-rename-in-file-injection'
+
+Avoids issues with renaming or deleting sections with long lines, where
+configuration values may be interpreted as sections, leading to
+configuration injection. Addresses CVE-2023-29007.
+
+* tb/config-copy-or-rename-in-file-injection:
+  config.c: disallow overly-long lines in `copy_or_rename_section_in_file()`
+  config.c: avoid integer truncation in `copy_or_rename_section_in_file()`
+  config: avoid fixed-sized buffer when renaming/deleting a section
+  t1300: demonstrate failure when renaming sections with long lines
+
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+
+Upstream-Status: Backport
+CVE: CVE-2023-29007
+
+Reference to upstream patch:
+https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ config.c          | 36 +++++++++++++++++++++++++-----------
+ t/t1300-config.sh | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+), 11 deletions(-)
+
+diff --git a/config.c b/config.c
+index 2bffa8d..6a01938 100644
+--- a/config.c
++++ b/config.c
+@@ -3192,9 +3192,10 @@ void git_config_set_multivar(const char *key, const char *value,
+					flags);
+ }
+
+-static int section_name_match (const char *buf, const char *name)
++static size_t section_name_match (const char *buf, const char *name)
+ {
+-	int i = 0, j = 0, dot = 0;
++	size_t i = 0, j = 0;
++	int dot = 0;
+	if (buf[i] != '[')
+		return 0;
+	for (i = 1; buf[i] && buf[i] != ']'; i++) {
+@@ -3247,6 +3248,8 @@ static int section_name_is_ok(const char *name)
+	return 1;
+ }
+
++#define GIT_CONFIG_MAX_LINE_LEN (512 * 1024)
++
+ /* if new_name == NULL, the section is removed instead */
+ static int git_config_copy_or_rename_section_in_file(const char *config_filename,
+				      const char *old_name,
+@@ -3256,11 +3259,12 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+	char *filename_buf = NULL;
+	struct lock_file lock = LOCK_INIT;
+	int out_fd;
+-	char buf[1024];
++	struct strbuf buf = STRBUF_INIT;
+	FILE *config_file = NULL;
+	struct stat st;
+	struct strbuf copystr = STRBUF_INIT;
+	struct config_store_data store;
++	uint32_t line_nr = 0;
+
+	memset(&store, 0, sizeof(store));
+
+@@ -3297,16 +3301,25 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+		goto out;
+	}
+
+-	while (fgets(buf, sizeof(buf), config_file)) {
+-		unsigned i;
+-		int length;
++	while (!strbuf_getwholeline(&buf, config_file, '\n')) {
++		size_t i, length;
+		int is_section = 0;
+-		char *output = buf;
+-		for (i = 0; buf[i] && isspace(buf[i]); i++)
++		char *output = buf.buf;
++
++		line_nr++;
++
++		if (buf.len >= GIT_CONFIG_MAX_LINE_LEN) {
++			ret = error(_("refusing to work with overly long line "
++				      "in '%s' on line %"PRIuMAX),
++				    config_filename, (uintmax_t)line_nr);
++			goto out;
++		}
++
++		for (i = 0; buf.buf[i] && isspace(buf.buf[i]); i++)
+			; /* do nothing */
+-		if (buf[i] == '[') {
++		if (buf.buf[i] == '[') {
+			/* it's a section */
+-			int offset;
++			size_t offset;
+			is_section = 1;
+
+			/*
+@@ -3323,7 +3336,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+				strbuf_reset(&copystr);
+			}
+
+-			offset = section_name_match(&buf[i], old_name);
++			offset = section_name_match(&buf.buf[i], old_name);
+			if (offset > 0) {
+				ret++;
+				if (new_name == NULL) {
+@@ -3398,6 +3411,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ out_no_rollback:
+	free(filename_buf);
+	config_store_data_clear(&store);
++	strbuf_release(&buf);
+	return ret;
+ }
+
+diff --git a/t/t1300-config.sh b/t/t1300-config.sh
+index 78359f1..b07feb1 100755
+--- a/t/t1300-config.sh
++++ b/t/t1300-config.sh
+@@ -617,6 +617,36 @@ test_expect_success 'renaming to bogus section is rejected' '
+	test_must_fail git config --rename-section branch.zwei "bogus name"
+ '
+
++test_expect_success 'renaming a section with a long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %1024s [a] e = f\\n" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	git config -f y --rename-section a xyz &&
++	test_must_fail git config -f y b.e
++'
++
++test_expect_success 'renaming an embedded section with a long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %1024s [a] [foo] e = f\\n" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	git config -f y --rename-section a xyz &&
++	test_must_fail git config -f y foo.e
++'
++
++test_expect_success 'renaming a section with an overly-long line' '
++	{
++		printf "[b]\\n" &&
++		printf "  c = d %525000s e" " " &&
++		printf "[a] g = h\\n"
++	} >y &&
++	test_must_fail git config -f y --rename-section a xyz 2>err &&
++	test_i18ngrep "refusing to work with overly long line in .y. on line 2" err
++'
++
+ cat >> .git/config << EOF
+   [branch "zwei"] a = 1 [branch "vier"]
+ EOF
+--
+2.40.0
diff --git a/poky/meta/recipes-devtools/git/git_2.35.7.bb b/poky/meta/recipes-devtools/git/git_2.35.7.bb
index faf0b67051..9e7b0a8cff 100644
--- a/poky/meta/recipes-devtools/git/git_2.35.7.bb
+++ b/poky/meta/recipes-devtools/git/git_2.35.7.bb
@@ -10,6 +10,8 @@ PROVIDES:append:class-native = " git-replacement-native"
 SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
            file://fixsort.patch \
            file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \
+           file://CVE-2023-29007.patch \
+           file://CVE-2023-25652.patch \
            "
 
 S = "${WORKDIR}/git-${PV}"
@@ -35,6 +37,8 @@ CVE_CHECK_IGNORE += "CVE-2022-24975"
 CVE_CHECK_IGNORE += "CVE-2022-41953"
 # specific to Git for Windows
 CVE_CHECK_IGNORE += "CVE-2023-22743"
+# This is specific to Git-for-Windows
+CVE_CHECK_IGNORE += "CVE-2023-25815"
 
 PACKAGECONFIG ??= "expat curl"
 PACKAGECONFIG[cvsserver] = ""