subtree updatesdunfell

poky: a631bfc3a3..733d919af4:
  Alex Kiernan (2):
        pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
        openssh: Move sshdgenkeys.service to sshd.socket

  Arturo Buzarra (1):
        run-postinsts: Set dependency for ldconfig to avoid boot issues

  Ashish Sharma (2):
        connman: Fix CVE-2023-28488 DoS in client.c
        golang: Fix CVE-2023-24539

  Bruce Ashfield (5):
        linux-yocto/5.4: update to v5.4.238
        linux-yocto/5.4: update to v5.4.240
        linux-yocto/5.4: update to v5.4.241
        linux-yocto/5.4: update to v5.4.242
        linux-yocto/5.4: update to v5.4.243

  Dmitry Baryshkov (1):
        linux-firmware: upgrade 20230210 -> 20230404

  Hitendra Prajapati (2):
        git: fix CVE-2023-29007
        git: fix CVE-2023-25652

  Khem Raj (1):
        perf: Depend on native setuptools3

  Marek Vasut (1):
        cpio: Fix wrong CRC with ASCII CRC for large files

  Martin Jansa (1):
        populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override

  Nikhil R (1):
        ffmpeg: Fix CVE-2022-48434

  Peter Marko (1):
        libxml2: patch CVE-2023-28484 and CVE-2023-29469

  Randolph Sapp (1):
        wic/bootimg-efi: if fixed-size is set then use that for mkdosfs

  Ranjitsinh Rathod (1):
        libbsd: Add correct license for all packages

  Shubham Kulkarni (1):
        go: Security fix for CVE-2023-24538

  Siddharth (1):
        curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled

  Steve Sakoman (1):
        selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky

  Thomas Roos (1):
        oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set

  Vijay Anusuri (3):
        ghostscript: Fix CVE-2023-28879
        xserver-xorg: Security fix CVE-2023-0494 and CVE-2023-1393
        go: Security fix CVE-2023-24540

  Vivek Kumbhar (1):
        freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c

  Yoann Congal (1):
        linux-yocto: Exclude 294 CVEs already fixed upstream

meta-openembedded: 7007d14c25..116bfe8d5e:
  Alex Yao (1):
        lcov: Fix Perl Path

  Hitendra Prajapati (1):
        multipath-tools: CVE-2022-41973 Symlink attack multipathd operates insecurely

  Hugo SIMELIERE (3):
        openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
        openvpn: upgrade 2.4.9 -> 2.4.12
        libmodbus: Fix CVE-2022-0367

  Jack Mitchell (2):
        nss: backport fix for native build failure due to implicit casting with gcc13
        nss: backport fix for native build failure due to dangling pointer with gcc13

  Narpat Mali (1):
        nodejs: make 14.18.1 available but not default

  Valeria Petrov (1):
        apache2: upgrade 2.4.56 -> 2.4.57

  Viktor Rosendahl (1):
        jsoncpp: Fix broken handling of escape characters

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I8260e0168ea1ddec7ee03555e4f5653155e0ab45

1 files changed, 136 insertions, 0 deletions

diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
new file mode 100644
index 0000000000..707073709a
--- /dev/null
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
@@ -0,0 +1,136 @@
+From d4b7b3c03ee2baf0166ce49dff17ec9beff684db Mon Sep 17 00:00:00 2001
+From: Anton Khirnov <anton@khirnov.net>
+Date: Fri, 2 Sep 2022 22:21:27 +0200
+Subject: [PATCH] lavc/pthread_frame: avoid leaving stale hwaccel state in
+ worker threads
+
+This state is not refcounted, so make sure it always has a well-defined
+owner.
+
+Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as
+this commit also solves that issue in a more general way.
+
+(cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11)
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+(cherry picked from commit 35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda)
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+(cherry picked from commit 3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba)
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+
+CVE: CVE-2022-48434
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db]
+Signed-off-by: Ranjitsinh Rathod ranjitsinh.rathod@kpit.com
+Comment: Hunk#6 refreshed to backport changes and other to remove patch-fuzz warnings
+---
+ libavcodec/pthread_frame.c | 46 +++++++++++++++++++++++++++++---------
+ 1 file changed, 35 insertions(+), 11 deletions(-)
+
+diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
+index 36ac0ac..bbc5ba6 100644
+--- a/libavcodec/pthread_frame.c
++++ b/libavcodec/pthread_frame.c
+@@ -135,6 +135,12 @@ typedef struct FrameThreadContext {
+                                     * Set for the first N packets, where N is the number of threads.
+                                     * While it is set, ff_thread_en/decode_frame won't return any results.
+                                     */
++
++    /* hwaccel state is temporarily stored here in order to transfer its ownership
++     * to the next decoding thread without the need for extra synchronization */
++    const AVHWAccel *stash_hwaccel;
++    void            *stash_hwaccel_context;
++    void            *stash_hwaccel_priv;
+ } FrameThreadContext;
+ 
+ #define THREAD_SAFE_CALLBACKS(avctx) \
+@@ -211,9 +217,17 @@ static attribute_align_arg void *frame_worker_thread(void *arg)
+             ff_thread_finish_setup(avctx);
+ 
+         if (p->hwaccel_serializing) {
++            /* wipe hwaccel state to avoid stale pointers lying around;
++             * the state was transferred to FrameThreadContext in
++             * ff_thread_finish_setup(), so nothing is leaked */
++            avctx->hwaccel                     = NULL;
++            avctx->hwaccel_context             = NULL;
++            avctx->internal->hwaccel_priv_data = NULL;
++
+             p->hwaccel_serializing = 0;
+             pthread_mutex_unlock(&p->parent->hwaccel_mutex);
+         }
++        av_assert0(!avctx->hwaccel);
+ 
+         if (p->async_serializing) {
+             p->async_serializing = 0;
+@@ -275,14 +289,10 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src,
+         dst->color_range = src->color_range;
+         dst->chroma_sample_location = src->chroma_sample_location;
+ 
+-        dst->hwaccel = src->hwaccel;
+-        dst->hwaccel_context = src->hwaccel_context;
+-
+         dst->channels       = src->channels;
+         dst->sample_rate    = src->sample_rate;
+         dst->sample_fmt     = src->sample_fmt;
+         dst->channel_layout = src->channel_layout;
+-        dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data;
+ 
+         if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx ||
+             (dst->hw_frames_ctx && dst->hw_frames_ctx->data != src->hw_frames_ctx->data)) {
+@@ -415,6 +425,12 @@ static int submit_packet(PerThreadContext *p, AVCodecContext *user_avctx,
+             pthread_mutex_unlock(&p->mutex);
+             return err;
+         }
++
++        /* transfer hwaccel state stashed from previous thread, if any */
++        av_assert0(!p->avctx->hwaccel);
++        FFSWAP(const AVHWAccel*, p->avctx->hwaccel,                     fctx->stash_hwaccel);
++        FFSWAP(void*,            p->avctx->hwaccel_context,             fctx->stash_hwaccel_context);
++        FFSWAP(void*,            p->avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv);
+     }
+ 
+     av_packet_unref(&p->avpkt);
+@@ -616,6 +632,14 @@ void ff_thread_finish_setup(AVCodecContext *avctx) {
+         async_lock(p->parent);
+     }
+ 
++    /* save hwaccel state for passing to the next thread;
++     * this is done here so that this worker thread can wipe its own hwaccel
++     * state after decoding, without requiring synchronization */
++    av_assert0(!p->parent->stash_hwaccel);
++    p->parent->stash_hwaccel         = avctx->hwaccel;
++    p->parent->stash_hwaccel_context = avctx->hwaccel_context;
++    p->parent->stash_hwaccel_priv    = avctx->internal->hwaccel_priv_data;
++
+     pthread_mutex_lock(&p->progress_mutex);
+     if(atomic_load(&p->state) == STATE_SETUP_FINISHED){
+         av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n");
+@@ -657,13 +681,6 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
+ 
+     park_frame_worker_threads(fctx, thread_count);
+ 
+-    if (fctx->prev_thread && fctx->prev_thread != fctx->threads)
+-        if (update_context_from_thread(fctx->threads->avctx, fctx->prev_thread->avctx, 0) < 0) {
+-            av_log(avctx, AV_LOG_ERROR, "Final thread update failed\n");
+-            fctx->prev_thread->avctx->internal->is_copy = fctx->threads->avctx->internal->is_copy;
+-            fctx->threads->avctx->internal->is_copy = 1;
+-        }
+-
+     for (i = 0; i < thread_count; i++) {
+         PerThreadContext *p = &fctx->threads[i];
+ 
+@@ -713,6 +730,13 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count)
+     pthread_mutex_destroy(&fctx->async_mutex);
+     pthread_cond_destroy(&fctx->async_cond);
+ 
++    /* if we have stashed hwaccel state, move it to the user-facing context,
++     * so it will be freed in avcodec_close() */
++    av_assert0(!avctx->hwaccel);
++    FFSWAP(const AVHWAccel*, avctx->hwaccel,                     fctx->stash_hwaccel);
++    FFSWAP(void*,            avctx->hwaccel_context,             fctx->stash_hwaccel_context);
++    FFSWAP(void*,            avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv);
++
+     av_freep(&avctx->internal->thread_ctx);
+ 
+     if (avctx->priv_data && avctx->codec && avctx->codec->priv_class)
+-- 
+2.25.1
+