subtree updates

poky: 27de52e402..d84c73d1ef:
  Alexander Kanavin (2):
        glib: upgrade 2.72.0 -> 2.72.1
        libxml2: update patch status

  Carlos Rafael Giani (2):
        gstreamer1.0-plugins-good: Fix libsoup dependency
        gstreamer1.0: Minor documentation addition

  Chen Qi (2):
        cases/buildepoxy.py: fix typo
        go.bbclass: disable the use of the default configuration file

  Davide Gardenal (1):
        create-spdx: delete virtual/kernel dependency to fix FreeRTOS build

  Dmitry Baryshkov (2):
        linux-firmware: correct license for ar3k firmware
        arch-armv8-2a.inc: fix a typo in TUNEVALID variable

  Henning Schild (1):
        wic: do not use PARTLABEL for msdos partition tables

  Khem Raj (7):
        seatd: Disable overflow warning as error on ppc64/musl
        musl: Fix build when usrmerge distro feature is enabled
        gcompat: Fix build when usrmerge distro feature is enabled
        libc-glibc: Use libxcrypt to provide virtual/crypt
        qemu.bbclass: Extend ppc/ppc64 extra options
        busybox: Use base_bindir instead of hardcoding /bin path
        util-linux: Create u-a symlink for findfs utility

  Naveen Saini (1):
        gstreamer1.0-plugins-bad: drop patch

  Nicolas Dechesne (1):
        sanity: skip make 4.2.1 warning for debian

  Paul Gortmaker (1):
        install/devshell: Introduce git intercept script due to fakeroot issues

  Peter Kjellerstedt (2):
        terminal.py: Restore error output from Terminal
        devshell.bbclass: Allow devshell & pydevshell to use the network

  Pgowda (1):
        glibc: ptest: Fix glibc-tests package issue

  Rahul Kumar (1):
        neard: Switch SRC_URI to git repo

  Richard Purdie (2):
        base: Drop git intercept
        staging: Ensure we filter out ourselves

  Ross Burton (5):
        e2fsprogs: fix CVE-2022-1304
        python3: ignore CVE-2015-20107
        cve_check: skip remote patches that haven't been fetched when searching for CVE tags
        subversion: upgrade to 1.14.2
        bitbake.conf: mark all directories as safe for git to read

  Russ Dill (2):
        package.bbclass: Prevent perform_packagecopy from removing /sysroot-only
        kernel-yocto.bbclass: Fixup do_kernel_configcheck usage of KMETA

  wangmy (1):
        apt: upgrade 2.4.4 -> 2.4.5

meta-openembedded: bb2b5b31a8..5357c7a40e:
  Carlos Rafael Giani (1):
        pipewire: Upgrade to version 0.3.50

  Khem Raj (23):
        crash: Fix build for mips target
        tcsh: Do not install symlinks into /bin with usrmerge
        arno-iptables-firewall: Do not use bitbake variable inside S
        fluentbit: Fix build with usrmerge distro feature
        tomoyo-tools: Define SBINDIR
        tomoyo-tools: Drop md5sum
        dietsplash: specify install rootdir
        linux-atm: Add knob to root prefix
        ufw: Fix build with usrmerge distro feature
        klibc: Recognise --dyld-prefix clang option
        mozjs: Use vendored icu on ppc/clang
        boinc-client: Do not overwrite same file when using usrmerge
        pam-ssh-agent-auth: Use specific versions of BSD licenses
        fwupd: Enable build with musl
        lirc: install systemd units only when using systemd distro feature
        fluentbit: Disable systemd support when systemd distro feature is disabled
        gtksourceview5: Allow wayland or x11
        gtkmm3: Allow wayland or x11 in distro features
        gparted: Allow wayland or x11 distro features
        lirc: Delete systemd unit files on non systemd distros
        atkmm: Allow build with wayland
        pangomm: Allow building with wayland
        boinc-client: Make script install not depend on host install paths

  Mingli Yu (2):
        crash: Upgrade to 8.0.0
        makedumpfile: Upgrade to 1.7.1

  Robert Yang (1):
        libldb: Fix installed-vs-shipped and rebuild error

  Willy Tu (1):
        absil-cpp: Update SRC_URI to to the latest google internal sync

  wangmy (11):
        evince: upgrade 42.1 -> 42.2
        gspell: upgrade 1.9.1 -> 1.10.0
        gtksourceview5: upgrade 5.4.0 -> 5.4.1
        libadwaita: upgrade 1.1.0 -> 1.1.1
        nautilus: upgrade 42.0 -> 42.1.1
        htpdate: upgrade 1.3.3 -> 1.3.4
        hexedit: upgrade 1.5 -> 1.6
        lsscsi: upgrade 0.31 -> 0.32
        libencode-perl: upgrade 3.16 -> 3.17
        libextutils-cppguess-perl: upgrade 0.23 -> 0.26
        libtest-harness-perl: upgrade 3.42 -> 3.44

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I5475712642467a1ecb4d9cf2c93510a40eb7bf24

6 files changed, 62 insertions, 74 deletions

diff --git a/poky/meta/recipes-devtools/apt/apt_2.4.4.bb b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
index 9faf1e7ea9..95c25e3036 100644
--- a/poky/meta/recipes-devtools/apt/apt_2.4.4.bb
+++ b/poky/meta/recipes-devtools/apt/apt_2.4.5.bb
@@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \
            file://0001-Revert-always-run-dpkg-configure-a-at-the-end-of-our.patch \
            "
 
-SRC_URI[sha256sum] = "d6d83d122ddd7cc83b2c2f839a55940c13ab93e5cf6024a010d6a6b4110dcf0e"
+SRC_URI[sha256sum] = "5552f175c3a3924f5cda0c079b821b30f68a2521959f2c30ab164d2ec7993ecf"
 LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 # the package is taken from snapshots.debian.org; that source is static and goes stale
diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch
new file mode 100644
index 0000000000..ffaecc622a
--- /dev/null
+++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/extents.patch
@@ -0,0 +1,56 @@
+CVE: CVE-2022-1304
+Upstream-Status: Submitted [https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 347084c9c1ad20f47dae16f5a3dcd8628d5fc7b0 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Thu, 21 Apr 2022 19:31:48 +0200
+Subject: [PATCH] e2fsprogs: add sanity check to extent manipulation
+
+It is possible to have a corrupted extent tree in such a way that a leaf
+node contains zero extents in it. Currently if that happens and we try
+to traverse the tree we can end up accessing wrong data, or possibly
+even uninitialized memory. Make sure we don't do that.
+
+Additionally make sure that we have a sane number of bytes passed to
+memmove() in ext2fs_extent_delete().
+
+Note that e2fsck is currently unable to spot and fix such corruption in
+pass1.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Reported-by: Nils Bars <nils_bars@t-online.de>
+Addressess: https://bugzilla.redhat.com/show_bug.cgi?id=2068113
+---
+ lib/ext2fs/extent.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
+index b324c7b0..1a206a16 100644
+--- a/lib/ext2fs/extent.c
++++ b/lib/ext2fs/extent.c
+@@ -495,6 +495,10 @@ retry:
+ 			ext2fs_le16_to_cpu(eh->eh_entries);
+ 		newpath->max_entries = ext2fs_le16_to_cpu(eh->eh_max);
+ 
++		/* Make sure there is at least one extent present */
++		if (newpath->left <= 0)
++			return EXT2_ET_EXTENT_NO_DOWN;
++
+ 		if (path->left > 0) {
+ 			ix++;
+ 			newpath->end_blk = ext2fs_le32_to_cpu(ix->ei_block);
+@@ -1630,6 +1634,10 @@ errcode_t ext2fs_extent_delete(ext2_extent_handle_t handle, int flags)
+ 
+ 	cp = path->curr;
+ 
++	/* Sanity check before memmove() */
++	if (path->left < 0)
++		return EXT2_ET_EXTENT_LEAF_BAD;
++
+ 	if (path->left) {
+ 		memmove(cp, cp + sizeof(struct ext3_extent_idx),
+ 			path->left * sizeof(struct ext3_extent_idx));
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
index 16c183eed3..ec48f419c7 100644
--- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
+++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
            file://run-ptest \
            file://ptest.patch \
            file://mkdir_p.patch \
+           file://extents.patch \
            "
 SRC_URI:append:class-native = " \
            file://e2fsprogs-fix-missing-check-for-permission-denied.patch \
diff --git a/poky/meta/recipes-devtools/python/python3_3.10.4.bb b/poky/meta/recipes-devtools/python/python3_3.10.4.bb
index 7eaafe34ad..d678d55083 100644
--- a/poky/meta/recipes-devtools/python/python3_3.10.4.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.10.4.bb
@@ -55,6 +55,9 @@ CVE_CHECK_IGNORE += "CVE-2007-4559"
 CVE_CHECK_IGNORE += "CVE-2019-18348"
 # These are specific to Microsoft Windows
 CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
+# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
+# The module will be removed in the future and flaws documented.
+CVE_CHECK_IGNORE += "CVE-2015-20107"
 
 PYTHON_MAJMIN = "3.10"
 
diff --git a/poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch b/poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch
deleted file mode 100644
index 8d2d635992..0000000000
--- a/poky/meta/recipes-devtools/subversion/subversion/disable_macos.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 9c350c037ca3489dbeece6ecc2d7e2e5dbb177e9 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 May 2019 15:21:46 +0800
-Subject: [PATCH] These tests don't work in cross compiling, just disable them
- for now, we don't build subversion on OS-X at this time.
-
-RP 1014/7/16
-
-Upstream-Status: Pending [needs a rewrite to support a cache value]
-
-Rebase to 1.12.0
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- build/ac-macros/macosx.m4 | 31 +------------------------------
- 1 file changed, 1 insertion(+), 30 deletions(-)
-
-diff --git a/build/ac-macros/macosx.m4 b/build/ac-macros/macosx.m4
-index 92fa58e..a568e1c 100644
---- a/build/ac-macros/macosx.m4
-+++ b/build/ac-macros/macosx.m4
-@@ -24,21 +24,7 @@ dnl Check for _dyld_image_name and _dyld_image_header availability
- AC_DEFUN(SVN_LIB_MACHO_ITERATE,
- [
-   AC_MSG_CHECKING([for Mach-O dynamic module iteration functions])
--  AC_RUN_IFELSE([AC_LANG_PROGRAM([[
--    #include <mach-o/dyld.h>
--    #include <mach-o/loader.h>
--  ]],[[
--    const struct mach_header *header = _dyld_get_image_header(0);
--    const char *name = _dyld_get_image_name(0);
--    if (name && header) return 0;
--    return 1;
--  ]])],[
--    AC_DEFINE([SVN_HAVE_MACHO_ITERATE], [1],
--              [Is Mach-O low-level _dyld API available?])
--    AC_MSG_RESULT([yes])
--  ],[
-     AC_MSG_RESULT([no])
--  ])
- ])
- 
- dnl SVN_LIB_MACOS_PLIST
-@@ -46,23 +32,8 @@ dnl Assign variables for Mac OS property list support
- AC_DEFUN(SVN_LIB_MACOS_PLIST,
- [
-   AC_MSG_CHECKING([for Mac OS property list utilities])
--
--  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
--    #include <AvailabilityMacros.h>
--    #if !defined(MAC_OS_X_VERSION_MAX_ALLOWED) \
--     || !defined(MAC_OS_X_VERSION_10_0) \
--     || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_0)
--    #error ProperyList API unavailable.
--    #endif
--  ]],[[]])],[
--    SVN_MACOS_PLIST_LIBS="-framework CoreFoundation"
--    AC_SUBST(SVN_MACOS_PLIST_LIBS)
--    AC_DEFINE([SVN_HAVE_MACOS_PLIST], [1],
--              [Is Mac OS property list API available?])
--    AC_MSG_RESULT([yes])
--  ],[
-+  AC_SUBST([SVN_MACOS_PLIST_LIBS], [""])
-     AC_MSG_RESULT([no])
--  ])
- ])
- 
- dnl SVN_LIB_MACOS_KEYCHAIN
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/subversion/subversion_1.14.1.bb b/poky/meta/recipes-devtools/subversion/subversion_1.14.2.bb
index 71183ac7ce..ba208d922f 100644
--- a/poky/meta/recipes-devtools/subversion/subversion_1.14.1.bb
+++ b/poky/meta/recipes-devtools/subversion/subversion_1.14.2.bb
@@ -9,11 +9,10 @@ DEPENDS = "apr-util serf sqlite3 file lz4"
 DEPENDS:append:class-native = " file-replacement-native"
 
 SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
-           file://disable_macos.patch \
            file://serfmacro.patch \
            "
 
-SRC_URI[sha256sum] = "2c5da93c255d2e5569fa91d92457fdb65396b0666fad4fd59b22e154d986e1a9"
+SRC_URI[sha256sum] = "c9130e8d0b75728a66f0e7038fc77052e671830d785b5616aad53b4810d3cc28"
 
 inherit autotools pkgconfig gettext python3native