devtool: modify: Catch git submodule error for go code

One of the git submodule commands failed for source extracted for
recipes using go.bbclass.  The root cause is probably the path set up
by go_do_unpack which makes S and gitroot not match.

This patch does not fix the root problem, but at least it is no worse
than before the git submodule support.

The extracted source will still have two .git folders, one in S
created by devtool and one in the go path which will contain the tru
git history.

[ YOCTO #15483 ]

Signed-off-by: Anton Almqvist <antonal@axis.com>
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe242408af40dd1f6e47d9b2b232bdc76756c80a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

procps: fix build with new glibc but old kernel headers

If you're building procps with a newer glibc (with pidfd_open()) but
older kernel headers (say 4.x, before __NR_pidfd_open) then procps will
fail to build because of a typo in configure.ac.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

mesa: upgrade 24.0.3 -> 24.0.5

Changelog:
 https://docs.mesa3d.org/relnotes/24.0.5.html

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5933d099c339596f62e1237d4e738dbe9f386b10)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

taglib: upgrade 2.0 -> 2.0.1

Changelog:
===========
* Fix aborting when _GLIBCXX_ASSERTIONS are enabled.
* Fall back to utf8cpp header detection in the case that its CMake
  configuration is removed.
* Improve compatibility with the SWIG interface compiler.
* Build system fixes for testing without bindings, Emscripten and Illumos.
* C bindings: Fix setting UTF-8 encoded property values.
* Windows: Fix opening long paths.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d3438bd2698dff19722123d7b2b5674ba40107eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

lttng-ust: upgrade 2.13.7 -> 2.13.8

Changelog:
============
* Add close_range wrapper to liblttng-ust-fd.so
* ust-tracepoint-event: Add static check of sequences length type
* lttng-ust(3): Fix wrong len_type for sequence
* Fix: libc wrapper: use initial-exec for malloc_nesting TLS

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3dd02f741a151bcc1fe46e7fd6d585ca92c86c60)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

cronie: upgrade 1.7.1 -> 1.7.2

Changelog:
============
*Revert setting the return path to <>. It is not RFC compliant.
*Inherit MAILFROM from the crond process environment.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e93d7ba7ea3718e396510b12726a232edaecf976)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

binutils: Fix aarch64 disassembly abort

Code backported from binutils development tree.

  aarch64: Remove asserts from operand qualifier decoders [PR31595]

  Given that the disassembler should never abort when decoding
  (potentially random) data, assertion statements in the
  `get_*reg_qualifier_from_value' function family prove problematic.

  ...

Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00f3d8495a1d8fe44336b53c5a9d9a5f8a8d5664)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libgloss: Do not apply non-existent patch

When newlib and libgloss were updated to 4.3.0, SRC_URI was updated to
append a fix-rs6000-cflags.patch file when building on PowerPC, but this
file was not added to the repo.

Remove appending the missing patch.

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64561d8b81233a19df5f51d26dfbcd15835bec1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

classes: image_types: quote variable assignment needed by dash

The change in commit 39fc503036
("classes: image_types: apply EXTRA_IMAGECMD:squashfs* in oe_mksquashfs()")
assigns $@ to a local variable without quoting it. While this works with
bash, it fails with dash. Here, only the first token of $@ is assigned
to the variable, and the reamining tokens are passed as arguments to the
"local" keyword.

Fix it by adding the missing quotes.

Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 14ca134f9f72d518c9180156a8efac19f8bb3ab0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

run-postinsts.service: Removed --no-reload to fix reload warning when users execute systemctl in the first boot.

This warning is because after systemd has been upgraded to 255, reloading units operation is needed even when "enable/disable" units by systemctl.

(From OE-Core rev: 28a7064403f2433ef3cb4d52b03dd73437f2d665)

Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

git: upgrade 2.44.0 -> 2.44.1

Addresses the security issues - CVE-2024-32002, CVE-2024-32004,
CVE-2024-32020,CVE-2024-32021 and CVE-2024-32465

Changelog:
==========
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.1.txt

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 767f9515013790c9a6b945fae9de03c9e5b89b80)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

gcc : upgrade to v13.3

gcc stable version upgraded from v13.2 to v13.3

Dropped CVE-2023-4039.patch, CVE-2024-0151.patch and 0026-aarch64-Fix-loose-ldpstp-check-PR111411.patch
because its been taken to gcc-13.3 with below commits 71a2aa2127283f450c623d3604dbcabe0e14a8d4, 5550214b58e95320b54e42ef0e37c6479e04b27b
and 4bb1ae3c13ce4fb72129229de66f5ffbcd45fe4c respectively.

For changes in v13.3 see: https://gcc.gnu.org/onlinedocs/gcc-13.3.0/gcc/

Below is the bug fix list for v13.3
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&list_id=429106&resolution=FIXED&target_milestone=13.3

There are a total 173 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID      Product         Comp       Assignee▲       Summary
114408  gcc           analyzer     dmalcolm       ICE when invoking strcmp multiple times with -fsanitize=undefined -O1 -fanalyzer -flto
109251  gcc           analyzer     dmalcolm       -Wanalyzer-deref-before-check false positives seen in Linux kernel due to check in macros
114473  gcc           analyzer     dmalcolm       ICE: in deref_rvalue, at analyzer/region-model.cc:2780 with -fanalyzer -fanalyzer-call-summaries
100988  gcc           fortran      anlauf         Missed optimization: RESTRICT missing for optional arguments
112764  gcc           fortran      anlauf         Associating entity does not have target attribute if selector has pointer attribute in associate block
114001  gcc           fortran     anlauf          is_contiguous considers unlimited polymorphic dummy always as contiguous
112787  gcc           target       avieira        Codegen regression of large GCC vector extensions when enabling SVE
114160  gcc           target       cmuellner      ICE on RISCV (-mcpu=thead-c906) when building glibc in dwarf2out_frame_debug_cfa_offset
110882  gcc           analyzer     dmalcolm       ICE with -fanalyzer on zero-sized array
111289  gcc           analyzer     dmalcolm       Unwarranted -Wanalyzer-va-arg-type-mismatch warning
112790  gcc           analyzer     dmalcolm       Wanalyzer-deref-before-check false positives seen in Linux kernel due to inlining
112792  gcc           analyzer     dmalcolm       Wanalyzer-out-of-bounds false positives seen on Linux kernel with certain unions
114316  gcc           libstdc+     fdumont        assert failure with _GLIBCXX_DEBUG and empty range of singular iterators passed to std:: algorithm
108121  gcc           modula2      gaius          Failing tests on x86_64-linux-gnu
110754  gcc           middle-e     jakub          assume create spurious load for volatile variable
105456  gcc           libfortr     jvdelisle      Child I/O does not propage iostat
114747  gcc           target       kito           Wrong SEW set for mixed-size intrinsics
104831  gcc           target       patrick        RISCV libatomic LR.aq/SC.rl pair insufficient for SEQ_CST
108174  gcc           target       pinskia        ICE: tree check: expected function_type or method_type, have ggc_freed in aarch64_resolve_overloaded_memtag, at config/aarch64/aarch64-builtins.cc:3349
114314  gcc           driver       pinskia        ICE: in common_handle_option, at opts.cc:3356 with -fno-multiflags
99493   gcc            c++         ppalka         Address of template parameter object is not a valid template argument
99631   gcc            c++         ppalka         decltype of non-type template-parameter shouldn't be const
104634  gcc            c++         ppalka         Explicit template instantiation does not work when there are multiple partial template specialization using concepts
110809  gcc            c++         ppalka         ICE: in unify, at cp/pt.cc:25226 with floating-point NTTPs
110927  gcc            c++         ppalka         GCC fails to parse dependent type in concept through partial specialization
111493  gcc            c++         ppalka         multidimensional subscript operator inside requires is broken
113242  gcc            c++         ppalka         g++ rejects-valid template argument of class type containing an lvalue reference
113529  gcc            c++         ppalka         Incorrect result of requires-expression in case of function call ambiguity and `operator<=>`
108046  gcc          libstdc+      redi           The dot in the floating-point alternative form has wrong position
110708  gcc          libstdc+      redi           std::format("{:%EEC %OOd}", std::chrono::system_clock::now()) should be rejected        2023-07-28
110719  gcc          libstdc+      redi           Should chrono formatters always use std::time_put for locale's representation?
110860  gcc          libstdc+      redi           std::format("{:f}",2e304) invokes undefined behaviour
110862  gcc          libstdc+      redi           format out of bounds read on format string "{0:{0}"
110917  gcc          libstdc+      redi           std::format_to(int*, ...) fails to compile because of _S_make_span
110944  gcc          libstdc+      redi           std::variant & optional GDB representation is too verbose
110968  gcc          libstdc+      redi           format out of bounds read on format("{:05L}",-1.f)
110970  gcc          libstdc+      redi           clang / c++23 missing 'typename' prior to dependent type name
110990  gcc          libstdc+      redi           `format_to_n` returns wrong value
111511  gcc          libstdc+      redi           Incorrect ADL in std::to_array in GCC 11/12/13
111826  gcc          libstdc+      redi           __cpp_lib_format should be 202110, not 202106
111948  gcc          libstdc+      redi           subrange modifies a const size object
112607  gcc          libstdc+      redi           _Normalize does not consider char_type for the basic_string_view case
112832  gcc          libstdc+      redi           Broken non-SFINAE-friendly `set_debug_format()` for `const char *` formatter
113500  gcc          libstdc+      redi           Using std::format with float or double based std::chrono::time_point causes error: no match for 'operator<<'
13512   gcc          libstdc+      redi           Incorrect results for std::format("{:#.3g}", flt)
114103  gcc          libstdc+      redi           FAIL: 29_atomics/atomic/lock_free_aliases.cc -std=gnu++20 (test for excess errors)
114152  gcc          libstdc+      redi           Wrong exception specifiers for LFTSv3 scope guard destructors
114863  gcc          libstdc+      redi           std::format applying grouping to nan's and inf's
115063  gcc          libstdc+      redi           compilation error: std::basic_stracktrace::max_size()
105523  gcc           target       saaadhu        Wrong warning array subscript [0] is outside array bounds
93370   gcc           target       unassigned     Aarch64 accepts but ignores target("+sm4") unless ARMv8.2-A is enabled
93762   gcc          fortran       unassigned     Truncation of deferred-length string when passing as optional
100285  gcc          libstdc+      unassigned     experimental/net/socket/socket_base.cc fails on arm-eabi (r12-137)
106037  gcc           ada          unassigned     internal error with Aggregate aspect on array type
110127  gcc           c++          unassigned     -fimplicit-constexpr leads to extremely slow and memory intensive compilation
110133  gcc          libstdc+      unassigned     System error message should ideally use strerror_r over strerror
110974  gcc          libstdc+      unassigned     format out of bounds read on invalid format string "{:{}."
111102  gcc          libstdc+      unassigned     illegal pointer arithmetic invoked by std::format("L{:65536}",1)
112480  gcc          libstdc+      unassigned     optional<T>::reset emits inefficient code when T is trivially-destructible
113294  gcc          libstdc+      unassigned     constexpr error from accessing inactive union member in basic_string after move assignment
113815  gcc            ada         unassigned     error: there is no applicable operator "*" for a string type
113824  gcc          target        unassigned     AVR: ATA5795 in wrong multilib set      2024-02-08
113850  gcc          libgcc        unassigned     condition variables timed wait does a lot of spurious wakeups on Win32 threading implementation
113927  gcc          target        unassigned     Sets up a stack-frame even for trivial code
114136  gcc         middle-e       unassigned     wrong code for c23 fully anonymous arg lists on arm
97245   gcc         fortran        anlauf         ASSOCIATED intrinsic does not recognize a pointer variable the second time it is used
101135  gcc         fortran        anlauf         Load of null pointer when passing absent assumed-shape array argument for an optional dummy argument
110825  gcc         fortran        anlauf         TYPE(*) dummy argument to generate an unused hidden argument
110826  gcc         fortran        anlauf         Fortran array of derived type with a pointer to function with dimensional arguments fails
113799  gcc         fortran        anlauf         gfc_replace_expr: double free detected ?
114012  gcc         fortran        anlauf         overloaded unary operator called twice
113601  gcc         target         gjl            avr: Wrong SRAM start for ATmega3208 and ATmega3209
107201  gcc         target         unassigned     -nodevicelib not working for devices -mmcu=avr...
114024  gcc        fortran         unassigned     ICE allocate statement with source=cmp%re and z an array
53372   gcc        target          unassigned     Section attribute ignored with address space
112952  gcc        target          unassigned     avr: attribute address not working with -fdata-sections -fno-common
114752  gcc        target          unassigned     AVR: internal compiler error. Unknown mode: const_double:DF
114794  gcc        target          unassigned     Speed up udivmodqi4

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

openssl: Upgrade 3.2.1 -> 3.2.2

CVE's Fixed by upgrade:
CVE-2024-4741: Fixed potential use after free after SSL_free_buffers() is called
CVE-2024-4603: Fixed an issue where checking excessively long DSA keys or parameters may be very slow
CVE-2024-2511: Fixed unbounded memory growth with session handling in TLSv1.3

Bugs Fixed by upgrade:
#23560: Fixed bug where SSL_export_keying_material() could not be used with QUIC connections

Removed backports of CVE-2024-2511, CVE-2024-4603 and bti.patch as they
are already fixed.

Detailed Information:
https://github.com/openssl/openssl/blob/openssl-3.2/CHANGES.md#changes-between-321-and-322-4-jun-2024

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

gdk-pixbuf: upgrade 2.42.11 -> 2.42.12

- Fix a build failure (Christian Heusel)
- Fix occasional build failures (Benjamin Gilbert)
- ani: Reject files with multiple INA or IART chunks (Benjamin Gilbert)
- ani: Reject files with multiple anih chunks (Benjamin Gilbert, CVE-2022-48622)
- ani: validate chunk size (Benjamin Gilbert)
- Translation updates

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c5b202b0aef56ecf7982887c54b4ecbc4bbe73ae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

gdk-pixbuf: upgrade 2.42.10 -> 2.42.11

0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch
fatal-loader.patch
refreshed for 2.42.11

Changelog:
===========
- Disable fringe loaders by default
- Introspection fixes
- Translation updates

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 243a6fce44882ff16c5dfcb518cafd8ee8f7ae24)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

util-linux: Fix CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid
tty permissions, allows escape sequences to be sent to other
users' terminals through argv. (Specifically, escape sequences
received from stdin are blocked, but escape sequences received
from argv are not blocked.) There may be plausible scenarios
where this leads to account takeover.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-28085

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

git: set --with-gitconfig=/etc/gitconfig for -native builds

Commit 6c2ae2346db0 (kern-tools: depend on git-replacement-native)
broke our kernel builds. For saving space and time, we have a DL_DIR
shared between multiple users/buildbots, not all of which run with the
same uid (and with appropriate sticky bits set so that files
downloaded by one user become owned by a common group and are readable
by others). This works fine also for git sources because the docker
images we use all have a /etc/gitconfig with

  [safe]
    directory = *

But with the mentioned commit, the host's git is no longer used for
do_unpack (nor for do_fetch if re-building and sysroot has already
been populated by a previous build), causing spurious "fatal: detected
dubious ownership..." failures.

Currently, the path where the git-native binary searches for system
gitconfig is the sysroot from it was built, which obviously doesn't
contain a /etc/gitconfig. As for the nativesdk variant, respect the
host's /etc/gitconfig if present.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 572f511f7ff02fb559ac42d2d5dbd09fec478d97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ipk: Fix clean up of extracted IPK payload

It turns out that the IPK payload tarball was actually cleaned up in the
concrete package manager implementation (most likely because at some
point Debian and IPK packages used different compression algorithms).

Globbing removes this ambiguity so move the removal of the payload into
the common extract method.

Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e2b02a54f482159e21902eeb997b21e00e9588e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

lib/package_manager/ipk: Do not hardcode payload compression algorithm

The chosen payload compression algorithm can be changed by overriding
`OPKGBUILDCMD`. Ensure that package extraction deals with this by
globbing for "data.tar.*" to select the actual payload tarball.

Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2ad05635a6da403b4fadcc126fe7734067c12c73)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

update-rc.d: add +git to PV

This hash is ahead of the tag, so adapt PV accordingly.

(From OE-Core rev: c94e46019a7d443ccc4763ba16d87e7e97abe977)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

gstreamer1.0-plugins-good: Include qttools-native during the build with qt5 PACKAGECONFIG

The qttools provide 'lrelease' tool, which is checked by recent
versions of meson build system. Unless the qttools are available
in sysroot, meson will fail to detect qt5 installation at build
time and the gstreamer build will fail. Fix this by including
the qttools-native.

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae2ca4af54695003638da38f8548aa8573d18201)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

oeqa/selftest/devtool: add test for updating local files into another layer

We don't have a test to check if we can correctly devtool update-recipe/finish
into another layer. So update the existing test_devtool_update_recipe_local_files
to also check the updates into another layer.

(From OE-Core rev: bd44c895d36e246a25c7a6e40bf9f4089dc7a297)

Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jeff Harris <jefftharris@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

devtool: standard: update-recipe/finish: fix update localfile in another layer

When trying to use devtool update-recipe/finish on another layer, with modified
local file we have the following error:

  Traceback (most recent call last):
    File "<..>/poky/scripts/devtool", line 350, in <module>
      ret = main()
            ^^^^^^
    File "<..>/poky/scripts/devtool", line 337, in main
      ret = args.func(args, config, basepath, workspace)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<..>/poky/scripts/lib/devtool/standard.py", line 1968, in update_recipe
      updated, _, _ = _update_recipe(args.recipename, workspace, rd, args.mode, args.append, args.wildcard_version, args.no_remove, args.initial_rev, dry_run_outdir=dry_run_outdir, no_overrides=args.no_overrides, force_patch_refresh=args.force_patch_refresh)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<..>/poky/scripts/lib/devtool/standard.py", line 1930, in _update_recipe
      updated, appendf, removed = _update_recipe_patch(recipename, workspace, srctree, crd, appendlayerdir, wildcard_version, no_remove, no_report_remove, initial_rev, dry_run_outdir, force_patch_refresh)
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "<..>/poky/scripts/lib/devtool/standard.py", line 1747, in _update_recipe_patch
      patchdir = param.get('patchdir', ".")
                 ^^^^^^^^^
  AttributeError: 'str' object has no attribute 'get'

This was introduced when adding support for git submodules.
No selftest case exists to catch this, so a selftest will be
added in another commit.

(From OE-Core rev: de7ca9f800e15e10271502da7e51e3ae08e0c85b)

Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jeff Harris <jefftharris@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libarchive: upgrade 3.7.2 -> 3.7.4

Changlog:
========
   rar: Fix OOB in rar e8 filter
   zip: Fix out of boundary access
   7zip: Limit amount of properties
   bsdtar: Fix error handling around strtol() usages
   passphrase: Improve newline handling on Windows
   passphrase: Never allow empty passwords
   rar: Fix "File CRC Error" when extracting specific rar4 archives
   xar: Avoid infinite link loop
   zip: Update AppleDouble support for directories
   zstd: Implement core detection
   PCRE2 support
   add trailing letter b to bsdtar(1) substitute pattern
   add support for long options "--group" and "--owner" to tar(1)
   Fix possible vulnerability in tar error reporting introduced in f27c173
   ISO9660: preserve the natural order of links
   rar5: fix decoding unicode filenames on Windows
   rar5: fix infinite loop if during rar5 decompression the last block produced no data
   xz filter: fix incorrect eof at the end of an lzip member
   zip: fix end-of-data marker processing when decompressing zip archives
   multiple bsdunzip(1) fixes
   filetime truncation fix on Windows

Adjusted configurehack.patch to align with upgraded version.

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ptest-runner: Bump to 2.4.4 (95f528c)

Changes in 2.4.4:
95f528c utils.c: run_ptests improve error handling on ptests iteration
c48e5fc utils.c: run-ptests improve pseudo-terminal handling

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

llvm: Switch to using release tarballs

From: Khem Raj <raj.khem@gmail.com>

git checkouts are in excess of 3G, which is not
ideal for everyone to download/clone, instead switch to
fetching release tarball which is ~126M as of 18.1.5 release

(From OE-Core rev: 800e6576e4f3af10846af13c2f217f986c1afdb4)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

llvm: Upgrade to 18.1.5

From: Khem Raj <raj.khem@gmail.com>

Brings

617a15a9eac9 [clang codegen] Fix MS ABI detection of user-provided constructors. (#90151)
20b9ed64ea07 [RISCV][ISel] Fix types in tryFoldSelectIntoOp (#90659)
ece9d35f1a70 [GlobalISel] Fix store merging incorrectly classifying an unknown index expr as 0. (#90375)
a7b8b890600a [X86] Enable EVEX512 when host CPU has AVX512 (#90479)
4da5b1417493 [GlobalISel] Don't form anyextending atomic loads.
a96b04442c9f [AArch64] Remove invalid uabdl patterns. (#89272)
aea091b70eda [clang][CoverageMapping] do not emit a gap region when either end doesn't have valid source locations (#89564)
58648f334d62 [X86][EVEX512] Check hasEVEX512 for canExtendTo512DQ (#90390)
6350acdb134d [CGP] Drop poison-generating flags after hoisting (#90382)
f341c76b9461 [Clang] Handle structs with inner structs and no fields (#89126)
abf6b13085fb [IRCE] Skip icmp ptr in InductiveRangeCheck::parseRangeCheckICmp (#89967)
ee5bb0c95667 Fix Objective-C++ Sret of non-trivial data types on Windows ARM64 (#88671)
6dbaa89433f7 [clang-format] Fix a regression in ContinuationIndenter (#88414)
51ff7f38b633 [clang-format] Fix a regression in annotating TrailingReturnArrow (#86624)
b544217fb31f [AMDGPU] Fix setting nontemporal in memory legalizer (#83815)
78b99c73ee4b [DAGCombiner] Fix miscompile bug in combineShiftOfShiftedLogic (#89616)
1aa91720cc4f [DAGCombiner] Pre-commit test case for miscompile bug in combineShiftOfShiftedLogic
35fea1032741 release/18.x: [clang-format] Correctly annotate braces in macros (#87953)
b9b73814ad8a [libcxx] [modules] Add _LIBCPP_USING_IF_EXISTS on aligned_alloc (#89827)
c0b48372d82a release/18.x: [clang-format] Revert breaking stream operators to previous default (#89016)
3b4ba7277bd7 [analyzer] Fix performance of getTaintedSymbolsImpl() (#89606)
7699b341b763 release/18.x: [clang-format] Fix a regression in annotating BK_BracedInit (#87450)
fb865928c8e0 [GlobalISel] Fix fewerElementsVectorPhi to insert after G_PHIs (#87927)
111ae4509c96 [X86] Fix miscompile in combineShiftRightArithmetic
76cbd417af50 [X86] Pre-commit tests (NFC)
e7c816b3cd3e [InstCombine] Fix unexpected overwriting in foldSelectWithSRem (#89539)
3685a599c866 ReleaseNote: Mention SpecialCaseList change (#89141)
a981a4f7653c [X86] Always use 64-bit relocations in no-PIC large code model (#89101)
4ddac856c55f [analyzer] Fix a security.cert.env.InvalidPtr crash
c6d63d4fc555 Bump version to 18.1.5 (#89291)

(From OE-Core rev: 02df2fc6241ac8fb0e78f2fdff97a04e5c561d54)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

llvm: Upgrade to 18.1.4

From: Khem Raj <raj.khem@gmail.com>

Brings following fixes

* e6c3289804a6 [CMake][Release] Disable PGO (#88465) (#89000)
* 028e425f86cc [MIPS] Fix the opcode of max.fmt and mina.fmt (#85609)
* e3c832b37b0a Fix override keyword being print to the left side
* 1deeee3f5da4 Revert "[Mips] Fix missing sign extension in expansion of sub-word atomic max (#77072)"
* 995539ce05ba [LLD] [COFF] Don't add pseudo relocs for dangling references (#88487)
* db67e6fb9ad1 [libc++] Fix -Wgnu-include-next in stddef.h (#88214)
* 647fbc710840 [SelectionDAG] Prevent combination on inconsistent type in `combineCarryDiamond` (#84888)
* eaae766a20fd [RISCV] Support rv{32, 64}e in the compiler builtins (#88252)
* c24b41d71f2e github-upload-release.py: Fix bug preventing release creation (#84571)
* c837970dd7e9 [Codegen][X86] Fix /HOTPATCH with clang-cl and inline asm (#87639)
* d0ddcce21d91 [InstSimplify] Make sure the simplified value doesn't generate poison in threadBinOpOverSelect (#87075)
* 4056cc29dfd3 Prepend all library intrinsics with `#` when building for Arm64EC (#87542)
* 6e071cf30599 [SLP]Fix a crash if the argument of call was affected by minbitwidth analysis.
* d89da2ac8839 [libcxx] coerce formatter precision to int (#87738)
* b6ebea7972cd [SPARC] Implement L and H inline asm argument modifiers (#87259)
* bffecba7ce4c [libc++] Simplify the implementation of <stddef.h> (#86843)
* 9899a2d76c8f [lit][ci] Publish lit wheels (#88072)
* 3ceccbdb1995 [clang-format] Correctly annotate braces of empty ctors/dtors (#82097)
* 429d62872525 [Headers] Don't declare unreachable() from stddef.h in C++ (#86748)
* feba8727f805 [ConstantRange] Fix off by 1 bugs in UIToFP and SIToFP handling. (#86041)
* e4259b583c92 [Float2Int] Pre-commit test for SIToFP/UIToFP ConstantRange bug. NFC
* daca56d8e162 Bump version to 18.1.4 (#87715)

(From OE-Core rev: adc2651a8e902af24fee6ff30a72f4b7c63bef6f)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

xserver-xorg: upgrade 21.1.11 -> 21.1.12

This release contains security fixes for

* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31082
* CVE-2024-31083

Changelog:
===========
101caa1b0 (tag: xorg-server-21.1.12) xserver 21.1.12
117315640 render: fix refcounting of glyphs during ProcRenderAddGlyphs
0e34d8ebc Xquartz: ProcAppleDRICreatePixmap needs to use unswapped length to send reply
cea92ca78 Xi: ProcXIPassiveGrabDevice needs to use unswapped length to send reply
8a7cd0e3e Xi: ProcXIGetSelectedEvents needs to use unswapped length to send reply
5ca3a9513 Xext: SProcSyncCreateFence needs to swap drawable id too
5d7272f05 Allow disabling byte-swapped clients
8a46a463f Initialize Mode->name in xf86CVTMode()
f653d9a0a hw/xfree86: fix NULL pointer refrence to mode name
8b75ec34d dix: Fix use after free in input device shutdown

https://lists.x.org/archives/xorg-announce/2024-April/003497.html

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 12dfa6889a1c322d0e20fd9b7638dcb861e032f2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

gcc: Fix for CVE-2024-0151

Fix for insufficient argument checking in Secure state Entry functions
in software using Cortex-M Security Extensions (CMSE), that has been
compiled using toolchains that implement 'Arm v8-M Security Extensions
Requirements on Development Tools' prior to version 1.4, allows an
attacker to pass values to Secure state that are out of range for types
smaller than 32-bits. Out of range values might lead to incorrect
operations in secure state.

Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ghostscript: fix CVE-2024-29510

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ghostscript: fix CVE-2024-33871

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ghostscript: fix CVE-2024-33869

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ghostscript: fix CVE-2024-33870

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libusb1: Set CVE_PRODUCT

From: Ricardo Simoes <ricardo.simoes@pt.bosch.com>

This commit sets the CVE_PRODUCT variable to "libusb" to match the
product name used in the NIST CPE database [1].

[1]: https://nvd.nist.gov/products/cpe/search

Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ncurses: Fix CVE-2023-45918

From: Soumya Sambu <soumya.sambu@windriver.com>

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918

(From OE-Core rev: 6573995adf4cfd48b036f8463b39f3864fcfd85b)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ttyrun: define CVE_PRODUCT

Single executable ttyrun is taken ouf of s390-tools repository
containing ton of other helper tools.
CVEs are not assigned to executables, but to whole components.
Historically there also already exists one CVE for s390-tools.

Most of the CVEs will not be for ttyrun, but this is the way
how to get notified even if most we get will have to be ignored.

(From oe-core rev: df28547387c2c122aef3e5326b216ec3f4d3caa7)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

oeqa/selftest/debuginfod: use localpkgfeed to speed server startup

Sometimes the debuginfod selftest fails due to a timeout, because it
spends too long scanning a huge deploy directory that due to what tests
were ran previously can contain 30K packages.

The test only needs a subset of the feed, so use the new localpkgfeed
class to construct a minimal feed before running the test.

[ YOCTO #14937 ]

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 855376f518b28248ccd82ef5b2e89e6a8c970542)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

selftest/classes: add localpkgfeed class

This class can be used to construct a subset of a deployed package feed
for use in tests which iterate the deploy directory, and as such a huge
feed of 30K+ packages can result in very slow tests.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c5486d6ad32457f09c104d5dd31314bd570912d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

lib/oe/package-manager: allow including self in create_packages_dir

This function is typically used to construct a limited feed for image
creation, but there are other cases when you might want a limited feed
and include the current recipe's packages in it.

To ensure that existing behaviour is preserved, add a boolean to control
this behaviour and default it to False.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aada7fda2b118152d82b1ab295d92b8251afe4ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

recipetool: Handle several go-import tags in go resolver

When dynamically resolving go modules, the HTML page may contain several
go-import meta tags. We must handle all and pick the correct one based
on the module name. An example for such a behaviour is
gonum.org/v1/gonum:

<meta name="go-import" content="gonum.org/v1/exp git https://github.com/gonum/exp">
<meta name="go-import" content="gonum.org/v1/gonum git https://github.com/gonum/gonum">
<meta name="go-import" content="gonum.org/v1/hdf5 git https://github.com/gonum/hdf5">
<meta name="go-import" content="gonum.org/v1/netlib git https://github.com/gonum/netlib">
<meta name="go-import" content="gonum.org/v1/plot git https://github.com/gonum/plot">
<meta name="go-import" content="gonum.org/v1/tools git https://github.com/gonum/tools">

Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9c36a61e29359067165bddc7f2accdf2c4c8a761)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

recipetool: Handle unclean response in go resolver

It appears that some go modules repond with a 404 error when trying to
resolve them dynamically. The response body may still contain the
go-import meta tag. An example for such behaviour is gonum.org/v1/gonum.

Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8f2e14ab6562a9a68819a960c66a258ea9dbe246)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

bash: Fix file-substitution error-handling bug

This is part of a patch that's been upstream for a while but hasn't yet
been released.  The bug is causing some downstream difficulties, so a
local patch to tide us over until the next release makes things a bit
easier.

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit bf384d6618780dea2df24adac88ba4364cb65b9b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

patchtest: test_metadata: fix invalid escape sequences

Clear up the following warnings seen during patchtest runs:

|/workspace/yocto/poky/meta/lib/patchtest/tests/test_metadata.py:21: SyntaxWarning: invalid escape sequence '\+'
|  add_mark = pyparsing.Regex('\+ ')
|/workspace/yocto/poky/meta/lib/patchtest/tests/test_metadata.py:26: SyntaxWarning: invalid escape sequence '\:'
|  git_regex = pyparsing.Regex('^git\:\/\/.*')

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2d64317835a768898aac592b24fcbdfaf6c8357a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libcgroup_3.1.0: fix build on non-systemd systems

backport upstream commit 592dcdcf243576bd2517d3da9bc18990de08e37e
to fix packaging when building with --enable-systemd=no

Signed-off-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

classes: image_types: apply EXTRA_IMAGECMD:squashfs* in oe_mksquashfs()

Since commit c991f9d6031 ("image_types: Set SOURCE_DATE_EPOCH for squashfs"),
I assume, the EXTRA_IMAGECMD:squashfs* variable(s) has been ignored.
This is due to the override magic, which isn't applied to functions
called by IMAGE_CMD:<type>, but only to the IMAGE_CMD:<type> itself.

Other image types (e.g. ext*) works around this by passing the
EXTRA_IMAGECMD variable as an argument to the called function.

To do the same for oe_mksquashfs(), the number of mandatory arguments is
fixed to one (with a little logic to handle the zstd filename). This
allows passing ${EXTRA_IMAGECMD} as an argument to oe_mksquashfs(),
which makes the variable functional again.

Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

Revert "goarch: disable dynamic linking globally"

This reverts commit 827c60b79e7fcafd14e68870f6b69dcc48ac9c39.

Fixed with the drop of the linkmode

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8f46f60a703defc3e74adad382320c129cef0b06)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

go: Drop the linkmode completely

This will make possible to restore the default dynamic linking globally
which is what we had before the 1.20.X release.

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6ad90fc2fc49c4199a59dfb1c1d81a7ba184a522)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

uboot-sign: fix loop in do_uboot_assemble_fitimage

When using multiple u-boot configurations in UBOOT_CONFIG, the helper
function uboot_assemble_fitimage_helper() was not called with all
combinations of type & binary, due to a copy-n-paste indexing error.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2d338548a4b745a71eaf6c29231adc93c4165778)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

webkitgtk: 2.44.0 -> 2.44.1

Update webkitgtk from 2.44.0 to the first bug fix release in the stable
2.44 series 2.44.1.

* remove backported patch

What's new in the WebKitGTK 2.44.1 release?
===========================================

  - Fix handling of lifetime of web view child dialogs in GTK4.
  - Do not schedule layer flushes when drawing area size is empty.
  - Fix videos with alpha when using the DMA-BUF sink.
  - Fix the build with USE_GBM=OFF.
  - Fix the build in 32bit platforms
  - Fix several crashes and rendering issues.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c129c47cf9fa119005ea6e3946ebdee0da1db7e0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

llvm: upgrade 18.1.2 -> 18.1.3

0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch
refreshed for 18.1.3

Changelog:
============
-DFixes tsan failures for glibc's LoongArch and certain RISC-V ports when
 fstat is used.
-transform.structured.convert_to_loops now properly deletes its target op.
-Fix a llvm.usub.with.overflow.i128 wrong code generation regression that
 was introduced with LLVM 18.1.0.
-MemorySanitizer on Linux can now run even when maximum-entropy address-space
 layout randomization is configured globally
-Fixed a Clang 18.x regression which increased binary size and stack usage with
 -ftrivial-auto-var-init.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d2159f92ddbb6b999c1d14ac62647b4a35360377)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

glibc: correct license

The license per [1] is LGPL-2.1-or-later and
[2] converted last LGPL-2.1-only references.

License-Update: corrected from LGPL-2.1-only to LGPL-2.1-or-later based on [1] and [2]

[1] https://www.gnu.org/software/libc/
[2] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=273a835fe7c685cc54266bb8b502787bad5e9bae

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b7ad15a59d048ca7561a03cb0fc8e2c24680ce5c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

glibc: Update to latest on stable 2.39 branch

Adresses CVEs: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602

Changes:
273a835fe7 time: Allow later version licensing.
acc56074b0 nscd: Use time_t for return type of addgetnetgrentX
836d43b989 login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
9831f98c26 login: Check default sizes of structs utmp, utmpx, lastlog
fd658f026f elf: Also compile dl-misc.os with $(rtld-early-cflags)
a9a8d3eebb CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
c99f886de5 CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
5a508e0b50 CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
1263d583d2 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
2f8f157eb0 x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676]
e701c7d761 i386: ulp update for SSE2 --disable-multi-arch configurations
e828914cf9 nptl: Fix tst-cancel30 on kernels without ppoll_time64 support

Since glibc introduced file sysdeps/arm/bits/wordsize.h
our multilib patch needed to be updated.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

glibc: Update to latest on stable 2.39 branch

Adresses CVE-2024-2961

Remove backported patch included in hash update.

Changes:
31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
04df8652eb Apply the Makefile sorting fix
edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
9d92452c70 AArch64: Check kernel version for SVE ifuncs
395a89f61e aarch64: fix check for SVE support in assembler
b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
6484a92698 x86: Do not prefer ERMS for memset on Zen3+
aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
aded2fc004 elf: Enable TLS descriptor tests on aarch64
a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
983f34a125 LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
aad45c8ac3 powerpc: Placeholder and infrastructure/build support to add Power11 related changes.
ee7f4c54e1 powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
71fcdba577 linux: Use rseq area unconditionally in sched_getcpu (bug 31479)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8b0124782510389bdc376fab645a0920b3fb94c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

glib-2.0: Upgrade 2.78.5 -> 2.78.6

Handle regression of CVE-2024-34397 fix.

News (https://gitlab.gnome.org/GNOME/glib/-/commit/d40f72e98e4734ba826ba9a278814530720ba760):

Overview of changes in GLib 2.78.6, 2024-05-08
==============================================
* Fix a regression with IBus caused by the fix for CVE-2024-34397 (#3353,
  work by Simon McVittie)
* Bugs fixed:
  - #3353 Fixing CVE-2024-34397 caused regressions for ibus (Simon McVittie)
  - !4056 Backport !4053 “gdbusconnection: Allow name owners to have the syntax
    of a well-known name” to glib-2-78

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

glib-2.0: Upgrade 2.78.4 -> 2.78.5

Handle CVE-2024-34397

Remove backported patch included in this release.

News (https://gitlab.gnome.org/GNOME/glib/-/commit/d18807b5ffc6dedc2db5225b044063f65720bf56):
Overview of changes in GLib 2.78.5, 2024-05-07
==============================================
* Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are
  vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by
  Alicia Boya García)
* Bugs fixed:
  - #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree()
    due to filename with bad encoding (Ondrej Holy)
  - #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are
    vulnerable to unicast spoofing (Simon McVittie)
  - !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL
  - !3960 gcontenttype: Make filename valid utf-8 string before processing
  - !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender
    doesn't match” to glib-2-78
  - !4043 CI: Ignore MSYS2 CI failures for this older stable-branch
* Translation updates:
  - English (United Kingdom) (Andi Chandler)
  - Georgian (Ekaterine Papava)
  - Portuguese (Brazil) (Juliano de Souza Camargo)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

openssl: patch CVE-2024-4603

Advisory: https://github.com/advisories/GHSA-85xr-ghj6-6m46

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ncurses: Fix CVE-2023-50495

Backport a patch [1] to fix CVE-2023-50495.

[1] http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit bdf7b7460a4816e3d447264730a2814209667fb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

build-appliance-image: Update to scarthgap head revision

Signed-off-by: Steve Sakoman <steve@sakoman.com>

python3: skip test_concurrent_futures/test_shutdown

These tests are causing hangs on the Autobuilder, so disable them for
now.

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

build-appliance-image: Update to scarthgap head revision

Signed-off-by: Steve Sakoman <steve@sakoman.com>

systemd: sed ROOT_HOME only if sysusers PACKAGECONFIG is set

Fixes a bug introducted in ebafe46379 systemd: upgrade to 255.1.

Besides updating systemd, that commit also made other changes. One of them
being when to perform the replacement in order to fix ROOT_HOME.

Previously, that happened on a configure prefunc and on
${S}/sysusers.d/basic.conf.in.
Now it happens in install and on image/usr/lib/sysusers.d/basic.conf.

However, that file is not present if sysusers is not in PACKAGECONFIG,
since that file in that case is not installed hence resulting in:
sed: can't read <redactedpath>/image/usr/lib/sysusers.d/basic.conf: No such file or directory

Previously, in the case of sysusers not being in PACKAGECONFIG, that was a
"silent error" since the replacement was done but the file was not really
used since the file was not installed.

Signed-off-by: Christian Bräuner Sørensen <yocto@bsorensen.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

scripts/oe-setup-build: write a build environment initialization one-liner into the build directory

With this, users no longer have to know where oe-init-build-env is relative to the
build directory; that information is contained in the one liner and then
it's possible to simply use that:

. /path/to/build/init-build-env

This will particularly help with initializing builds in unpacked
build bundles, as users won't have to know where oe-init-build-env
is in the bundle directory tree - similar to esdk initialization.

(From OE-Core rev: 1cabdf287c2739accdab3a766df060f1bc802b63)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

sstate.bbclass: Add _SSTATE_EXCLUDEDEPS_SYSROOT to vardepsexclude

When using tinfoil to control the build, multiple commands (serially) could
trigger an error such as:

  When reparsing ....bb:do_package, the basehash value changed from ... to .... The metadata is not deterministic and this needs to be fixed.
  ERROR: The following commands may help:
  ERROR: $ bitbake esw-conf -cdo_package -Snone
  ERROR: Then:
  ERROR: $ bitbake esw-conf -cdo_package -Sprintdiff

However following these commands it was not able to be reproduced.  Forcing
bitbake to dump the signatures and then running bitbake-diffsigs showed
that the value of _SSTATE_EXCLUDEDEPS_SYSROOT was being set in one run, but
was blank is a different version.

Upon inspecting the code in sstate.bbclass, one usage (without the _) is
already excludes, the leading _ version is used as a cache, only if set but
is not actually required to be defined.  So ignoring the value should work
properly.

Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4ec704ed6a1cfaf0a6c20f2038e7192e361ef590)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

mpg123: upgrade 1.32.5 -> 1.32.6

Changelog:
- build: Detect forced 64 bit offsets on a dual-mode system that used
  to default to 32 bits and drop ambiguous suffix-less symbols in that
  case.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5e76967536191ac42fdd0c016e92a273dc4908e2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

lttng-tools: upgrade 2.13.11 -> 2.13.13

0001-tests-do-not-strip-a-helper-library.patch
refreshed for 2.13.13

Changelog:
===========
* Fix: consumerd: leak of tracing buffers on relayd connectivity issue
* Fix: consumerd: wrong timer mentioned in error logging
* Fix: consumerd: type confusion in lttng_consumer_send_error
* Fix: baddr-statedump: use $(LIBTOOL) --mode=execute
* Fix: relayd: live client not notified of inactive streams
* Fix: relayd: live: dispose of zombie viewer metadata stream
* tests: Fix typo in tests/regression/kernel/test_ns_contexts
* Fix: sessiond: freeze on channel creation on restart
* common: move utils_create_lock_file to its own file
* tests: tools/clear/test_ust wait for specific test app pid
* Fix: sessiond: crash when sending data_pending to an active session
* Tests: fix: list_triggers_cli: kallsyms contains prefixed symbols
* License: common: error_query: fix typo in SPDX specifier

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5d35200e089f0695cfb19b65dd9b56006aa3d4fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libx11: upgrade 1.8.7 -> 1.8.9

Changelog:
===========
-xlibi18n: restore parse_line1 for WIN32 builds
-Fix _XkbReadGetDeviceInfoReply for nButtons == dev->buttons
-_XimProtoIMFree:no need to check arg for Xfree()
-_XimEncodeString:no need to check arg for Xfree()
-Fix XCreateIC() memory leak (Part 2)
-_XimLocalDestroyIC:fix possible mem leak
-_XimLocalCreateIC: get rid of bzero
-_XimLocalCreateIC: minor cleanup
-_XimLocalCreateIC:no need to check arg for Xfree()
-_XimLocalDestroyIC: no need to check arg for Xfree()
-fix table width

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bd8fab6937cddf3b6818e8e333b78813f0524116)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libdnf: upgrade 0.73.0 -> 0.73.1

Changelog:
=========
-Fix https://issues.redhat.com/browse/RHEL-27657
-subject-py: Fix memory leak

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f16b16e1b6c60f0a1c9bc8d5492195fc66f33a19)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

ell: upgrade 0.63 -> 0.64

Changelog:
==========
-Fix issue with casting in C++ environment.
-Fix issue with ASCII string upper and lower helpers.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a28405da8dad7e6222d7badaa3eda175e3df32c9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

babeltrace2: upgrade 2.0.5 -> 2.0.6

Changelog:
===========
* bt2: disable some warnings for 'native_bt.c'
* bt2: compile 'native_bt.c' with '-Wno-undef'
* Fix: src.ctf.lttng-live: expect NEW_STREAM/METADATA for inactive streams
* Fix: 'babeltrace2 convert': don't consider the '--plugin-path' opt.
* include/babeltrace2/plugin/plugin-dev.h: "define" -> "definition
* Fix: doc: escape double quote in bt_p alias
* Fix: bt2: pass _TraceClassConst to destruction listeners
* fix: 'load_module()' deprecated in Python 3.12
* tests: retry os.rename on PermissionError failure in lttng_live_server.py
* doc: fix uptream -> upstream typos
* fix: test_message_iterator.py hangs on Python 3.12
* plugin-dev: mark symbols meant to be public with __attribute__((visibility("default")))
* Silence -Wunused-but-set-variable error with clang
* Fix: Windows DLL path lookup with Python >= 3.8
* doc/man: make default values of boolean init. params. clearer
* RFC: docs: fix: Match stated automake requirement
* fix: make flake8 6.x happy
* fix: running black on python 3.11
* bt_query_executor_create_with_method_data(): fix docs note
* Fix: ctf-writer: null dereference in bt_ctf_trace_common_add_stream_class
* Update working version to Babeltrace v2.0.6

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a5f05da60ca888456900f9fb0a52ef07db754c06)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

mesa: upgrade 24.0.2 -> 24.0.3

Mesa 24.0.3 is a bug fix release which fixes bugs found since the 24.0.2 release.

New features
None

Bug fixes
v3d: Line rendering broken when smoothing is enabled
DR crashes with mesa 24 and rusticl (radeonsi)
RADV: GPU crash when setting ‘RADV_DEBUG=allbos’
[intel] mesa ftbfs with time_t64
[radv] Crash when VkGraphicsPipelineCreateInfo::flags = ~0u
Gen4 assertion `force_writemask_all’ failed.
[radv] Holographic projection texture glitch in Rage 2
[build failure] [armhf] - error: #error “_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64”
RustiCL: Callbacks are not called upon errors
MTL: regressions in vulkancts due to BO CCS allocations
zink: spec@ext_external_objects@vk-image-overwrite fail

0001-Revert-meson-do-not-pull-in-clc-for-clover.patch
refreshed for 24.0.3

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 43240c8b2c5507fe6147ba04ec98528602c694e1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libxml2: upgrade 2.12.5 -> 2.12.6

Changelog:
===========
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0bc673b0de08e02ff01ec9ad3daf0bb41662da40)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

bind: upgrade 9.18.24 -> 9.18.25

Changelog:
============
-Create the pruning task in the dns_cache_flush(), so
 the cache pruning still works after the flush.
-Improve the TTL-based cleaning by removing the expired
 headers from the heap, so they don't block the next
 cleaning round and clean more than a single item for
 each new addition to the RBTDB.
-Revert change 6319 and decrease lock contention during
 RBTDB tree pruning by not cleaning up nodes recursively
 within a single prune_tree() call.
-Address use after free in expire_lru_headers.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17cecd0d9d0d734d408701d861692ca5987f4ad9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

pango: upgrade 1.52.0 -> 1.52.1

Changelog:
 Fix hexbox drawing

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a296e6c3afb412ee9740fc28963f35dd16e52d9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libxcursor: upgrade 1.2.1 -> 1.2.2

Changelog:
===========
-Remove superfluous and unguarded config.h include
-XcursorXcFileLoad: plug memory leak in error paths
-Add comment about keeping libxcb-cursor copy of code in sync
-If O_CLOEXEC is defined, add "e" to fopen modes
-configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
-gitlab CI: stop requiring Signed-off-by in commits

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b56224f31ac4df426418ffe9fa48f4d2dea3f148)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

libsdl2: upgrade 2.30.0 -> 2.30.1

Changelog:
===========
-Fixed a regression causing SDL_WaitEvent() to return spurious failures
-Fixed X11 cursors on the latest release of GNOME
-Wayland windows automatically have OpenGL enabled again
-Fixed memory corruption when converting signed 16-bit audio to float
-Fixed audio artifacts when converting signed 8-bit audio to float
-Fixed the clip rectangle not being updated when the viewport changes in the SDL renderer
-Convert mouse wheel coordinates to the rendering view in the SDL renderer
-Fixed a crash handling controllers on macOS
-Fixed a crash setting a window fullscreen with Emscripten
-Fixed the keyboard automatically popping up when resuming an application on Android

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a17c05585a0da0166087ae0cd3cd4331a1fb2615)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

gcr: upgrade 4.2.0 -> 4.2.1

Changelog:
===========
- gcr-ssh-agent: set 'SSH_AUTH_SOCK'
- gcr-ssh-agent: port avoid deadlock fix
- Updated translations

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b98e250d8c04040df1333506b72575d368e6bdc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

rootfs-postcommands.bbclass: Only set DROPBEAR_RSAKEY_DIR once

If DROPBEAR_RSAKEY_DIR has already been set before, e.g. by overwriting
the file dropbear.default, the line will still be appended a second time.

DROPBEAR_RSAKEY_DIR="/path/to/dropbear"
DROPBEAR_EXTRA_ARGS="-B"
DROPBEAR_RSAKEY_DIR=/var/lib/dropbear

Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

rpm: update 4.19.1 -> 4.19.1.1

Summary of changes from RPM 4.19.1
Fixes
Packaging: Don’t warn about missing user/group on skipped files [Regression] (#2814)
Packaging: Make user/group lookup caching thread-safe [Regression] (#2843)
Lua interface: Fix regression in Lua scriptlet runaway child detection [Regression] (#2818)
Build: CMakeLists.txt: restore readline support as an explicit option [Regression] (#2852)
Build: Fix unconditional uses of Linux-specific extensions [Regression] (#2812)
Build: Add missing include for check_symbol_exists (#2831)
Build: Don’t use _nl_msg_cat_cntr if it’s not available (#2856)

Drop patches:
files/0002-docs-CMakeLists.txt-do-not-install-non-existent-docs.patch
(upstream resolved the issue)

files/0001-CMakeLists.txt-restore-readline-support-as-an-explic.patch
files/0001-Fix-unconditional-dependency-on-non-POSIX-GLOB_ONLYD.patch
(backports)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d233e33a5ca12f95878c3ee9e34d9d9c61e49f68)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

icu: update 74-1 -> 74-2

ICU 74.2 updates to CLDR 44.1 locale data. These are maintenance releases for ICU 74
and CLDR 44, with limited sets of bug fixes and no API or structural changes.

The CLDR bug fix relevant for ICU is for some formatting patterns that erroneously
had two adjacent space characters. These are coalesced into one. (CLDR-17233)
Important: DateFormat.getInstanceForSkeleton() and the DateTimePatternGenerator
sometimes used the wrong patterns because they failed to use/inherit certain data
(ICU-22575 — CLDR 44 had removed some redundant data that ICU relied on)
For details, please see https://icu.unicode.org/download/74.

Note that upstream has re-spun the release tarball (the initial tarball had a broken symlink
for LICENSE file), so there can be yocto premirror checksum mismatches:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6671/steps/13/logs/stdio

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 344f7500e6df31d7c06331aedbac0df4983da958)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

build-appliance-image: Update to scarthgap head revision

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

curl: Backport patch to fix buildtools issues

bitbake-selftest was failing on a github url on hosts using buildtools.
The issue was tracked down to the curl upgrade 8.6.0 -> 8.7.1. Whilst there
is a fix in upstream git to workaround the issue in this version, backport
the fix from curl upstream to ensure there are no other related issues to
the bug.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

build-appliance-image: Update to scarthgap head revision

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

buildtools-tarball: Add python3-pip

Many of the common use cases for buildtools need pip to allow python to be
extended. Add it.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

build-appliance-image: Update to master head revision

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

openssl: openssl: patch CVE-2024-2511

Patch: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
News: https://github.com/openssl/openssl/commit/b7acb6731a96b073d6150465bd090e2052a595c2

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

abi_version/sstate: Switch to a new version for the upcoming release

In testing websocket hashequivalence, corrupted sstate was injected into the
autobuilder extensively. With the new release/LTS, being able to clearly
differentiate between old and new sstate is probably desireable anyway
so bump the appropriate versions.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

openssh: add fido2 support

OpenSSH supports FIDO security keys in both the client
and server.  Add an option to support them in oe.
This change requires a new recipe that I've submitted to
meta-openembedded that has not merged yet.

Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

python3: upgrade 3.12.2 -> 3.12.3

Remove the following patch:

0001-gh-115133-Fix-tests-for-XMLPullParser-with-Expat-2.6.patch

Which a different fix was submitted for in:

c4fa79b924 [3.12] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (GH-115288)
See: https://github.com/python/cpython/pull/115288
(related to CVE-2023-52425)

Changelog: https://docs.python.org/3/whatsnew/changelog.html#python-3-12-3-final

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

buildtools-tarball: Add python3-setuptools

After the dependency on setuptools was dropped from python3-testtools, this
exposed eSDK dependencies in devtool and recipetool on python3-setuptools. Add
this to buildtools to fix build failures after the testtools fixes.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

python3-testtools: Fix build problems from incorrect build backend

testtools uses the hatchling backend so:
  * merge the inc back into the recipe
  * drop setuptools
  * use the hatchling backend
  * add the needed vcs dependency
  * drop the now unneeded python3-pbr dependency

This means the submodules are included in packaging, fixing build failures
and the verison in the wheel is no longer 0.0.0

Prior to this fix, testtools in buildtools tarball was completely
broken.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

kbd: update license

GPL-3 is used for keymaps-pine

LGPL2 is used in all C source files under src/libkfont/
which generate binaries included in main kbd package.
This is seen in their SPDX headers.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

kbd: remove non-free Agafari fonts

Its license makes it impossible to distribute kbd in any commercial products.
Backport commit which removes it.

[RP/Khem Raj: Switched binary diff to just delete the files in do_configure]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

kbd: split gpl-3 keymap to separate package

Pine keymap was added with GPL-3 license.
https://github.com/legionus/kbd/commit/1589e9e1019756b5287b41dddcd7285271c5990e

Split this GPL-3 keymap and install it via recommendation
so it is easy to remove it by excluding recommendations.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

systemd: make predictable name mac policy opt-out

Even the patch says it's inappropriate for upstream,
and it's also inappropriate for some downstream projects, too.
So make it possible to opt-out on it by replacing
the patch by sed and depend on distro feature pni-names.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

buildtools-tarball: Add python3-websockets

For the newer hash equivlance servers we need websockets. Add it
to buildtools tarball.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

python3-websockets: Import from meta-python

For the newer hash equivlance servers we need websockets. Import it
from meta-oe so we can easily include it in buildtools tarball.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

python3-referencing: drop ${PYTHON_PN}

python 2 is gone and we don't need the abstraction now, drop the
remaining usage of this variable.

Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

python3-jsonschema-specifications: drop ${PYTHON_PN}

python 2 is gone and we don't need the abstraction now, drop the
remaining usage of this variable.

Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake.conf: remove comment about oldincludedir

oldincludedir was removed by 506c91cbc6a604a84e37e53ccff430436369802e

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>