subtree updates

poky: cce6db2a59..76cec94fad:
  Alex Kiernan (1):
        rust: Upgrade 1.68.2 -> 1.69.0

  Alexander Kanavin (10):
        selftest/distrodata: clean up exception lists in recipe maintainers test
        dhcpcd: use git instead of tarballs
        perl: patch out build paths from native binaries
        binutils: backport a patch to address failures when time64.inc is in use
        time64.inc: add glibc-testsuite to 'special cases'
        bitbake.conf: set minimum required target kernel to 5.15
        time64.inc: add a comment about how to simulate Y2038 in qemu
        oeqa/sdk/assimp: run only when zlib is in the SDK
        insane.bbclass: simplify exceptions for 32 bit time API check
        vulkan: add a comment explaining upstream version policy

  Andrey Zhizhikin (1):
        cryptodev: upgrade to 1.13

  Armin Kuster (2):
        maintainers.inc: remove myself from assignment
        os-release: Add CPE_NAME

  Changhyeok Bae (1):
        iproute2: upgrade 6.2.0 -> 6.3.0

  Enrico Jörns (1):
        package_manager/ipk: fix config path generation in _create_custom_config()

  Frederic Martinsons (3):
        ptest-cargo.bbclass: create class
        python3-bcrypt: enable build of unit tests
        zvariant: add ptest feature for zvariant test suite

  Jamin Lin (2):
        kernel-fitimage: support 64 bits address
        uboot-sign: support 64bits address

  Joe Slater (1):
        ghostscript: fix CVE-2023-28879

  Johannes Schrimpf (1):
        python3targetconfig.bbclass: Extend PYTHONPATH instead of overwriting

  Khem Raj (8):
        musl: Update to latest master
        gpgme: Reset ac_cv_sys_file_offset_bits on musl
        mpg123: Reset ac_cv_sys_file_offset_bits on musl
        quilt: Fix merge.test race condition
        systemd: Fix timesyncd runtime assertions with 64bit time_t
        qtwebkitgtk: Backport a build fix for GCC 13
        cmake: Upgrade to 3.26.3
        piglit: Fix c++11-narrowing warnings in tests

  Lee Chee Yang (1):
        release-notes-4.2: remove/merge duplicates entries

  Markus Volk (2):
        gtk4: update 4.10.0 -> 4.10.3
        gcr: update 4.0.0 -> 4.1.0

  Martin Jansa (2):
        populate_sdk_ext.bbclass: redirect stderr to stdout so that both end in LOGFILE
        image_types_wic: Remove incorrect MLPREFIX to already prefixed virtual/

  Martin Siegumfeldt (1):
        systemd-systemctl: fix instance template WantedBy symlink construction

  Michael Halstead (1):
        docs: add support for mickledore (4.2) release

  Michael Opdenacker (3):
        dev-manual: init-manager.rst: add summary
        ref-manual: system-requirements.rst: fix AlmaLinux variable name
        ref-manual: variables.rst: don't mention the INIT_MANAGER "none" option

  Ming Liu (1):
        weston: add xwayland to DEPENDS for PACKAGECONFIG xwayland

  Otavio Salvador (2):
        glide: remove as 'go mod' has become standard
        mesa: 23.0.2 -> 23.0.3

  Patrick Williams (1):
        perl-version: remove PERL* assignments

  Paul Gortmaker (1):
        scripts: fix buildstats diff/summary hard bound to host python3

  Peter Bergin (1):
        update-alternatives.bbclass: fix old override syntax

  Peter Kjellerstedt (1):
        license.bbclass: Include LICENSE in the output when it fails to parse

  Petr Kubizňák (1):
        devicetree.bbclass: Allow selection of dts files to build

  Qiu Tingting (1):
        lz4: Add ptest support

  Randolph Sapp (1):
        kernel-devicetree: allow specification of dtb directory

  Ranjitsinh Rathod (1):
        libbsd: Add correct license for all packages

  Richard Purdie (13):
        bitbake: cooker: Log config and parse cache status changes
        binutils: Drop crosssdk suffix from virtual provides to improve dependency handling
        gcc/go: Drop crosssdk suffix from virtual provides to improve dependency handling
        oeqa/runtime/ptest: Make returning no test results a failure
        python3-psutil: Drop nativesdk class extension due to breakage
        maintainers.inc: Move apt/dpkg to unassigned
        patchelf: Upgrade 0.17.2 -> 0.18.0
        maintainers.inc: Fix email address typo
        qemu: Add fix for powerpc instruction fallback issue
        qemu: Upgrade 7.2.0 -> 8.0.0
        maintainers.inc: Move repo to unassigned
        recipes: Default to https git protocol where possible
        bitbake: tests/fetch: Default to https git protocol where possible

  Ross Burton (13):
        python3-pytest: add missing tomllib RDEPENDS
        libinput: upgrade to 1.23.0
        gtk+3: upgrade 3.24.36 -> 3.24.37
        piglit: upgrade to latest revision
        dmidecode: upgrade to 3.5
        connman: backport fix for CVE-2023-28488
        vulkan-samples: update to latest SHA
        glslang: upgrade to 1.3.243
        vulkan-headers: upgrade to 1.3.243
        vulkan-loader: upgrade to 1.3.243
        vulkan-tools: upgrade to 1.3.243
        spirv-headers: remove description
        spirv-tools: remove redundant python3native inherit

  Sergei Zhmylev (1):
        wic: add support for proper kernel name to bootimg-pcbios

  Sudip Mukherjee (5):
        apt: Upgrade to v2.6.0
        libxt: Upgrade to v1.3.0
        libxfixes: Upgrade to v6.0.1
        xwininfo: upgrade to v1.1.6
        xinput: upgrade to v1.6.4

  Tim Orling (1):
        libmodule-build-perl: upgrade 0.4232 -> 0.4234

  Upgrade Helper (1):
        waffle: upgrade 1.7.0 -> 1.7.2

  Virendra Thakur (1):
        qemu: Whitelist CVE-2023-0664

  hen Qi (1):
        unfs3: fix symlink time setting issue

meta-openembedded: c5f330bc9a..f3cdc9d7ee:
  Andrew Geissler (3):
        etcd: add recipe
        etcd: use v2.1.2 xhash to fix build issue
        etcd: remove gobin requirement for build

  Bergin, Peter (1):
        freediameter: fix typo and old overide syntax

  Bhargav Das (2):
        tslib: Add native & nativestdk package support
        pointercal: Add native & nativestdk package support

  Gianfranco Costamagna (1):
        dlt-daemon: upgrade 2.18.8 -> 2.18.9 (commit: 9a2312d3512a27620d41b9a325338b6e7b3d42de)

  Khem Raj (24):
        unixODBC: Update SRC_URI to use updated location of tarball
        ttf-arphic-uming: Update to 0.2.20080216-2
        thrift: Upgrade to 0.18.1
        unicode-ucd: Update license URI to reflect renamed license
        libtimezonemap: Point to a working SRC_URI
        libx86: Point to working SRC_URI
        ctapi-common: Point to working SRC_URI locations
        netkit-ftp: Update to debian patch 34
        nicstat: Use SOURCEFORGE_MIRROR in SRC_URI
        rp-pppoe: Point SRC_URI to valid location
        ttf-mplus: Point to valid download location for SRC_URI
        geary: Use sysroot prefix with pkg-config in meson
        srecord: Upgrade to 1.65.0
        ttf-lklug: Point SRC_URI to a working location
        radiusclient-ng: Point SRC_URI to archive.ubuntu.com
        httpfs2: Do not use S during compile/install tasks
        p910nd: Switch to using github for SRC_URI
        mosh: Point SRC_URI to https://mosh.org/
        xdotool: Upgrade to 3.20211022.1 release
        faenza-icon-theme: Switch to a valid download  location for SRC_URI
        debootstrap: Update SRC_URI to point to valid URL
        debootstrap: Use DEBIAN_MIRROR for SRC_URI
        ttf-gentium: Switch to debian archive mirror for SRC_URI
        nfacct: Update SRC_URI to point to valid URL

  Petr Gotthard (1):
        gensio: fix QA issue: non -staticdev package with .a libraries

meta-arm: c60d7865dd..0b5724266a:
  Rui Miguel Silva (1):
        arm-bsp/u-boot: corstone1000: remove debug messages and fix env
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I89bb649b388963a4e16080db6caa8ae1ac2cb3c2

3 files changed, 62 insertions, 1 deletions

diff --git a/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
index 78138d1543..4e3a06f240 100644
--- a/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
+++ b/poky/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
@@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e
 "
 
 SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \
-           git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \
+           git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master;protocol=https \
            file://configure.ac;subdir=${BP} \
            file://Makefile.am;subdir=${BP} \
            file://run-ptest \
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
new file mode 100644
index 0000000000..604b927521
--- /dev/null
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript/cve-2023-28879.patch
@@ -0,0 +1,60 @@
+From 37ed5022cecd584de868933b5b60da2e995b3179 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <ken.sharp@artifex.com>
+Date: Fri, 24 Mar 2023 13:19:57 +0000
+Subject: [PATCH] Graphics library - prevent buffer overrun in (T)BCP encoding
+
+Bug #706494 "Buffer Overflow in s_xBCPE_process"
+
+As described in detail in the bug report, if the write buffer is filled
+to one byte less than full, and we then try to write an escaped
+character, we overrun the buffer because we don't check before
+writing two bytes to it.
+
+This just checks if we have two bytes before starting to write an
+escaped character and exits if we don't (replacing the consumed byte
+of the input).
+
+Up for further discussion; why do we even permit a BCP encoding filter
+anyway ? I think we should remove this, at least when SAFER is true.
+---
+CVE: CVE-2023-28879
+
+Upstream-Status: Backport [see text]
+
+git://git.ghostscript.com/ghostpdl
+cherry-pick
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com.
+
+---
+ base/sbcp.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/base/sbcp.c b/base/sbcp.c
+index 979ae0992..47fc233ec 100644
+--- a/base/sbcp.c
++++ b/base/sbcp.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2001-2021 Artifex Software, Inc.
++/* Copyright (C) 2001-2023 Artifex Software, Inc.
+    All Rights Reserved.
+ 
+    This software is provided AS-IS with no warranty, either express or
+@@ -50,6 +50,14 @@ s_xBCPE_process(stream_state * st, stream_cursor_read * pr,
+         byte ch = *++p;
+ 
+         if (ch <= 31 && escaped[ch]) {
++            /* Make sure we have space to store two characters in the write buffer,
++             * if we don't then exit without consuming the input character, we'll process
++             * that on the next time round.
++             */
++            if (pw->limit - q < 2) {
++                p--;
++                break;
++            }
+             if (p == rlimit) {
+                 p--;
+                 break;
+-- 
+2.25.1
+
diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
index 56a93632e2..86ecdbe24a 100644
--- a/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
+++ b/poky/meta/recipes-extended/ghostscript/ghostscript_10.0.0.bb
@@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://avoid-host-contamination.patch \
                 file://mkdir-p.patch \
                 file://cross-compile.patch \
+                file://cve-2023-28879.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \