kirkstone: subtree updateskirkstone

meta-raspberrypi: 2a06e4e84b..43683cb14b:
  Florin Sarbu (1):
        udev-rules-rpi: Use 99-com.rules directly from upstream

meta-openembedded: df452d9d98..f95484417e:
  Arsalan H. Awan (1):
        meta-networking/licenses/netperf: remove unused license

  Bhargav Das (2):
        tslib: Add native & nativestdk package support
        pointercal: Add native & nativestdk package support

  Changqing Li (1):
        redis: fix do_patch fuzz warning

  Chee Yang Lee (3):
        tinyproxy: fix CVE-2022-40468
        capnproto: upgrade to 0.9.2
        freerdp: fix CVE-2022-39316/39318/39319

  Gianluigi Spagnuolo (1):
        libbpf: add native and nativesdk BBCLASSEXTEND

  Jasper Orschulko (1):
        python3-gcovr: Add missing runtime dependency

  Jonas Gorski (3):
        frr: Security fix CVE-2022-36440 / CVE-2022-40302
        frr: Security fix CVE-2022-40318
        frr: Security fix CVE-2022-43681

  Khem Raj (1):
        nodejs: Fix build with gcc13

  Martin Jansa (1):
        abseil-cpp: backport a fix for build with gcc-13

  Narpat Mali (3):
        python3-werkzeug: fix for CVE-2023-25577
        python3-django: upgrade 4.0.2 -> 4.2.1
        python3-m2crypto: fix for CVE-2020-25657

  Natasha Bailey (1):
        libyang: backport a fix for CVE-2023-26916

  Valeria Petrov (1):
        apache2: upgrade 2.4.56 -> 2.4.57

  Xiangyu Chen (3):
        pahole: fix native package build error
        Revert "pahole: fix native package build error"
        libbpf: installing uapi headers for native package

poky: 4cc0e9438b..43b94d2b84:
  Alexander Kanavin (1):
        dhcpcd: use git instead of tarballs

  Archana Polampalli (4):
        nasm: fix CVE-2022-44370
        git: fix CVE-2023-29007
        git: fix CVE-2023-25652
        git: ignore CVE-2023-25815

  Arturo Buzarra (1):
        run-postinsts: Set dependency for ldconfig to avoid boot issues

  Bhabu Bindu (4):
        curl: Fix CVE-2023-28319
        curl: Fix CVE-2023-28320
        curl: Fix CVE-2023-28321
        curl: Fix CVE-2023-28322

  Bruce Ashfield (9):
        linux-yocto/5.15: update to v5.15.106
        linux-yocto/5.15: update to v5.15.107
        linux-yocto/5.15: update to v5.15.108
        kernel: improve initramfs bundle processing time
        linux-yocto/5.10: update to v5.10.176
        linux-yocto/5.10: update to v5.10.177
        linux-yocto/5.10: update to v5.10.178
        linux-yocto/5.10: update to v5.10.179
        linux-yocto/5.10: update to v5.10.180

  C. Andy Martin (1):
        systemd-networkd: backport fix for rm unmanaged wifi

  Christoph Lauer (1):
        populate_sdk_base: add zip options

  Daniel Ammann (1):
        overview-manual: concepts.rst: Fix a typo

  Deepthi Hemraj (5):
        glibc: stable 2.35 branch updates.
        binutils : Fix CVE-2023-25584
        binutils : Fix CVE-2023-25585
        binutils : Fix CVE-2023-1972
        binutils : Fix CVE-2023-25588

  Dmitry Baryshkov (1):
        linux-firmware: upgrade 20230210 -> 20230404

  Eero Aaltonen (1):
        avahi: fix D-Bus introspection

  Enrico Jörns (1):
        package_manager/ipk: fix config path generation in _create_custom_config()

  Hitendra Prajapati (2):
        connman: fix CVE-2023-28488 DoS in client.c
        sysstat: Fix CVE-2023-33204

  Jan Luebbe (1):
        p11-kit: add native to BBCLASSEXTEND

  Joe Slater (1):
        ghostscript: fix CVE-2023-29979

  Kai Kang (1):
        webkitgtk: fix CVE-2022-32888 & CVE-2022-32923

  Khem Raj (2):
        gcc-runtime: Use static dummy libstdc++
        quilt: Fix merge.test race condition

  Lee Chee Yang (1):
        migration-guides: add release notes for 4.0.10

  Marek Vasut (1):
        cpio: Fix wrong CRC with ASCII CRC for large files

  Martin Jansa (3):
        populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
        llvm: backport a fix for build with gcc-13
        kernel-devicetree: make shell scripts posix compliant

  Martin Siegumfeldt (1):
        systemd-systemctl: fix instance template WantedBy symlink construction

  Michael Halstead (2):
        uninative: Upgrade to 3.10 to support gcc 13
        uninative: Upgrade to 4.0 to include latest gcc 13.1.1

  Michael Opdenacker (2):
        conf.py: add macro for Mitre CVE links
        migration-guides: use new cve_mitre macro

  Ming Liu (1):
        weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland

  Mingli Yu (1):
        ruby: Fix CVE-2023-28755

  Narpat Mali (3):
        ffmpeg: fix for CVE-2022-48434
        python3-cryptography: fix for CVE-2023-23931
        python3-requests: fix for CVE-2023-32681

  Omkar Patil (1):
        curl: Correction for CVE-2023-27536

  Pablo Saavedra (1):
        gstreamer1.0: upgrade 1.20.5 -> 1.20.6

  Pascal Bach (1):
        cmake: add CMAKE_SYSROOT to generated toolchain file

  Peter Bergin (1):
        update-alternatives.bbclass: fix old override syntax

  Peter Kjellerstedt (1):
        license.bbclass: Include LICENSE in the output when it fails to parse

  Peter Marko (2):
        libxml2: patch CVE-2023-28484 and CVE-2023-29469
        openssl: Upgrade 3.0.8 -> 3.0.9

  Piotr Łobacz (1):
        libarchive: Enable acls, xattr for native as well as target

  Quentin Schulz (1):
        Revert "docs: conf.py: fix cve extlinks caption for sphinx <4.0"

  Randolph Sapp (4):
        wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
        kernel-devicetree: allow specification of dtb directory
        package: enable recursion on file globs
        kernel-devicetree: recursively search for dtbs

  Ranjitsinh Rathod (1):
        libbsd: Add correct license for all packages

  Richard Purdie (3):
        maintainers.inc: Fix email address typo
        maintainers.inc: Move repo to unassigned
        selftest/reproducible: Allow native/cross reuse in test

  Riyaz Khan (1):
        openssh: Remove BSD-4-clause contents completely from codebase

  Ross Burton (1):
        xserver-xorg: backport fix for CVE-2023-1393

  Sakib Sajal (1):
        go: fix CVE-2023-24540

  Shubham Kulkarni (1):
        go: Security fix for CVE-2023-24538

  Soumya (1):
        perl: fix CVE-2023-31484

  Steve Sakoman (3):
        Revert "xserver-xorg: backport fix for CVE-2023-1393"
        poky.conf: bump version for 4.0.10
        build-appliance-image: Update to kirkstone head revision

  Thomas Roos (1):
        oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set

  Tom Hochstein (2):
        piglit: Add PACKAGECONFIG for glx and opencl
        piglit: Add missing glslang dependencies

  Upgrade Helper (1):
        waffle: upgrade 1.7.0 -> 1.7.2

  Virendra Thakur (1):
        qemu: Whitelist CVE-2023-0664

  Vivek Kumbhar (3):
        freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c
        go: fix CVE-2023-24534 denial of service from excessive memory allocation
        go: fix CVE-2023-24539 html/template improper sanitization of CSS values

  Wang Mingyu (2):
        wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
        xserver-xorg: upgrade 21.1.7 -> 21.1.8

  Yoann Congal (1):
        linux-yocto: Exclude 121 CVEs already fixed upstream

  Yogita Urade (2):
        xorg-lib-common: Add variable to set tarball type
        libxpm: upgrade 3.5.13 -> 3.5.15

  Zhixiong Chi (1):
        libpam: Fix the xtests/tst-pam_motd[1|3] failures

  Zoltan Boszormenyi (1):
        piglit: Fix build time dependency

  bkylerussell@gmail.com (1):
        kernel-devsrc: depend on python3-core instead of python3

  leimaohui (1):
        nghttp2: Deleted the entries for -client and -server, and removed a dependency on them from the main package.

meta-security: cc20e2af2a..d398cc6ea6:
  Armin Kuster (1):
        apparmor: fix ownership issues

  Josh Harley (1):
        Add EROFS support to dm-verity-img class

  Maciej Borzęcki (1):
        dm-verity-img.bbclass: add squashfs images

  Peter Marko (1):
        tpm2-tss: upgrade to 3.2.2 to fix CVE-2023-22745

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I683201033cfd1b1135738f49b0faf6df2e6348b6

1 files changed, 208 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
new file mode 100644
index 0000000000..502486befc
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
@@ -0,0 +1,208 @@
+From 07cc3b8711a8efbb5885f56dd90d854049ad2f7d Mon Sep 17 00:00:00 2001
+From: Roland Shoemaker <bracewell@google.com>
+Date: Mon, 20 Mar 2023 11:01:13 -0700
+Subject: [PATCH] html/template: disallow actions in JS template literals
+
+ECMAScript 6 introduced template literals[0][1] which are delimited with
+backticks. These need to be escaped in a similar fashion to the
+delimiters for other string literals. Additionally template literals can
+contain special syntax for string interpolation.
+
+There is no clear way to allow safe insertion of actions within JS
+template literals, as handling (JS) string interpolation inside of these
+literals is rather complex. As such we've chosen to simply disallow
+template actions within these template literals.
+
+A new error code is added for this parsing failure case, errJsTmplLit,
+but it is unexported as it is not backwards compatible with other minor
+release versions to introduce an API change in a minor release. We will
+export this code in the next major release.
+
+The previous behavior (with the cavet that backticks are now escaped
+properly) can be re-enabled with GODEBUG=jstmpllitinterp=1.
+
+This change subsumes CL471455.
+
+Thanks to Sohom Datta, Manipal Institute of Technology, for reporting
+this issue.
+
+Fixes CVE-2023-24538
+For #59234
+Fixes #59271
+
+[0] https://tc39.es/ecma262/multipage/ecmascript-language-expressions.html#sec-template-literals
+[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals
+
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802457
+Reviewed-by: Damien Neil <dneil@google.com>
+Run-TryBot: Damien Neil <dneil@google.com>
+Reviewed-by: Julie Qiu <julieqiu@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802612
+Run-TryBot: Roland Shoemaker <bracewell@google.com>
+Change-Id: Ic7f10595615f2b2740d9c85ad7ef40dc0e78c04c
+Reviewed-on: https://go-review.googlesource.com/c/go/+/481987
+Auto-Submit: Michael Knyszek <mknyszek@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Michael Knyszek <mknyszek@google.com>
+Reviewed-by: Matthew Dempsky <mdempsky@google.com>
+
+Upstream-Status: Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
+CVE: CVE-2023-24538
+Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
+---
+ src/html/template/context.go      |  2 ++
+ src/html/template/error.go        | 13 +++++++++++++
+ src/html/template/escape.go       | 11 +++++++++++
+ src/html/template/js.go           |  2 ++
+ src/html/template/jsctx_string.go |  9 +++++++++
+ src/html/template/transition.go   |  7 ++++++-
+ 6 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/src/html/template/context.go b/src/html/template/context.go
+index f7d4849..0b65313 100644
+--- a/src/html/template/context.go
++++ b/src/html/template/context.go
+@@ -116,6 +116,8 @@ const (
+	stateJSDqStr
+	// stateJSSqStr occurs inside a JavaScript single quoted string.
+	stateJSSqStr
++	// stateJSBqStr occurs inside a JavaScript back quoted string.
++	stateJSBqStr
+	// stateJSRegexp occurs inside a JavaScript regexp literal.
+	stateJSRegexp
+	// stateJSBlockCmt occurs inside a JavaScript /* block comment */.
+diff --git a/src/html/template/error.go b/src/html/template/error.go
+index 0e52706..fd26b64 100644
+--- a/src/html/template/error.go
++++ b/src/html/template/error.go
+@@ -211,6 +211,19 @@ const (
+	//   pipeline occurs in an unquoted attribute value context, "html" is
+	//   disallowed. Avoid using "html" and "urlquery" entirely in new templates.
+	ErrPredefinedEscaper
++
++	// errJSTmplLit: "... appears in a JS template literal"
++	// Example:
++	//     <script>var tmpl = `{{.Interp}`</script>
++	// Discussion:
++	//   Package html/template does not support actions inside of JS template
++	//   literals.
++	//
++	// TODO(rolandshoemaker): we cannot add this as an exported error in a minor
++	// release, since it is backwards incompatible with the other minor
++	// releases. As such we need to leave it unexported, and then we'll add it
++	// in the next major release.
++	errJSTmplLit
+ )
+
+ func (e *Error) Error() string {
+diff --git a/src/html/template/escape.go b/src/html/template/escape.go
+index 8739735..ca078f4 100644
+--- a/src/html/template/escape.go
++++ b/src/html/template/escape.go
+@@ -8,6 +8,7 @@ import (
+	"bytes"
+	"fmt"
+	"html"
++	"internal/godebug"
+	"io"
+	"text/template"
+	"text/template/parse"
+@@ -205,6 +206,16 @@ func (e *escaper) escapeAction(c context, n *parse.ActionNode) context {
+		c.jsCtx = jsCtxDivOp
+	case stateJSDqStr, stateJSSqStr:
+		s = append(s, "_html_template_jsstrescaper")
++	case stateJSBqStr:
++		debugAllowActionJSTmpl := godebug.Get("jstmpllitinterp")
++		if debugAllowActionJSTmpl == "1" {
++			s = append(s, "_html_template_jsstrescaper")
++		} else {
++			return context{
++				state: stateError,
++				err:   errorf(errJSTmplLit, n, n.Line, "%s appears in a JS template literal", n),
++			}
++		}
+	case stateJSRegexp:
+		s = append(s, "_html_template_jsregexpescaper")
+	case stateCSS:
+diff --git a/src/html/template/js.go b/src/html/template/js.go
+index ea9c183..b888eaf 100644
+--- a/src/html/template/js.go
++++ b/src/html/template/js.go
+@@ -308,6 +308,7 @@ var jsStrReplacementTable = []string{
+	// Encode HTML specials as hex so the output can be embedded
+	// in HTML attributes without further encoding.
+	'"':  `\u0022`,
++	'`':  `\u0060`,
+	'&':  `\u0026`,
+	'\'': `\u0027`,
+	'+':  `\u002b`,
+@@ -331,6 +332,7 @@ var jsStrNormReplacementTable = []string{
+	'"':  `\u0022`,
+	'&':  `\u0026`,
+	'\'': `\u0027`,
++	'`':  `\u0060`,
+	'+':  `\u002b`,
+	'/':  `\/`,
+	'<':  `\u003c`,
+diff --git a/src/html/template/jsctx_string.go b/src/html/template/jsctx_string.go
+index dd1d87e..2394893 100644
+--- a/src/html/template/jsctx_string.go
++++ b/src/html/template/jsctx_string.go
+@@ -4,6 +4,15 @@ package template
+
+ import "strconv"
+
++func _() {
++	// An "invalid array index" compiler error signifies that the constant values have changed.
++	// Re-run the stringer command to generate them again.
++	var x [1]struct{}
++	_ = x[jsCtxRegexp-0]
++	_ = x[jsCtxDivOp-1]
++	_ = x[jsCtxUnknown-2]
++}
++
+ const _jsCtx_name = "jsCtxRegexpjsCtxDivOpjsCtxUnknown"
+
+ var _jsCtx_index = [...]uint8{0, 11, 21, 33}
+diff --git a/src/html/template/transition.go b/src/html/template/transition.go
+index 06df679..92eb351 100644
+--- a/src/html/template/transition.go
++++ b/src/html/template/transition.go
+@@ -27,6 +27,7 @@ var transitionFunc = [...]func(context, []byte) (context, int){
+	stateJS:          tJS,
+	stateJSDqStr:     tJSDelimited,
+	stateJSSqStr:     tJSDelimited,
++	stateJSBqStr:     tJSDelimited,
+	stateJSRegexp:    tJSDelimited,
+	stateJSBlockCmt:  tBlockCmt,
+	stateJSLineCmt:   tLineCmt,
+@@ -262,7 +263,7 @@ func tURL(c context, s []byte) (context, int) {
+
+ // tJS is the context transition function for the JS state.
+ func tJS(c context, s []byte) (context, int) {
+-	i := bytes.IndexAny(s, `"'/`)
++	i := bytes.IndexAny(s, "\"`'/")
+	if i == -1 {
+		// Entire input is non string, comment, regexp tokens.
+		c.jsCtx = nextJSCtx(s, c.jsCtx)
+@@ -274,6 +275,8 @@ func tJS(c context, s []byte) (context, int) {
+		c.state, c.jsCtx = stateJSDqStr, jsCtxRegexp
+	case '\'':
+		c.state, c.jsCtx = stateJSSqStr, jsCtxRegexp
++	case '`':
++		c.state, c.jsCtx = stateJSBqStr, jsCtxRegexp
+	case '/':
+		switch {
+		case i+1 < len(s) && s[i+1] == '/':
+@@ -303,6 +306,8 @@ func tJSDelimited(c context, s []byte) (context, int) {
+	switch c.state {
+	case stateJSSqStr:
+		specials = `\'`
++	case stateJSBqStr:
++		specials = "`\\"
+	case stateJSRegexp:
+		specials = `\/[]`
+	}
+--
+2.7.4