From patchwork Tue Sep 23 14:38:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3325CAC5A7 for ; Tue, 23 Sep 2025 14:39:03 +0000 (UTC) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web11.18537.1758638340511323892 for ; Tue, 23 Sep 2025 07:39:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=t5CAkhhw; spf=softfail (domain: sakoman.com, ip: 209.85.215.170, mailfrom: steve@sakoman.com) Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-b5515eaefceso4273181a12.2 for ; Tue, 23 Sep 2025 07:39:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638340; x=1759243140; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DzLNJYYNFz5HEfRk8MuC3Gu4/mXLt44g6PAbsq6BJuQ=; b=t5CAkhhw7y5bfprzz6uFe556p36c7SDSqswceU2aqm0K+Xs3SFhGlKelfdYg6SvVlR wZbD1KMR+LFssSR0aSbzMduyGob/DOJ48CxViVQ0xoNpPxBTfIRlmtwdnnC2KrQmWFF+ rGlkro0I7wAOctPGUklHac5sJXnNDREUv5fOjTVXykNwT6AhoaKAefDh4r0pMEA3CYBj sHjt1rIcnwp9lUfyl36sM7dhNBn3Oxr5ifrCZEfB+zdfp7y43ZdbzfriwILeCvgz9RGg rsXx5Ec74Ff6FIM20vkCoYLZ4KmvO4UK5UXoN+wyXe5jF+HKaiYqOEQKiI7eKINrqRp8 bEmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638340; x=1759243140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DzLNJYYNFz5HEfRk8MuC3Gu4/mXLt44g6PAbsq6BJuQ=; b=KcbfMUHwHKLhsoPKRLcTbnyGagVeDD5FZlCOYTv8eJKDuwAP6mnDOigYJP9vf5H1kM IwhEH/207c6SDIgBbwtPlCY8fm15jgAAnJ4DjEooZRlMfOdVnTzreK4XqYADFiOKfd5u X2uUvuYkc0raLgfTUGUKbn33Pd7Zb2OfLcsHaGJrjPKArUlzITUuacBr8BfnCIJy9ZyD WjU0A59I008KFpd1IOnJJjW4dbU1vhFqy2CE5jLLwv4jQ5naOegp4cvbN9AZ7pmnYl8v gI0wz8I+byOBZKm4rEIMbhpCrywgqw+AdwjN8AP2/jXCXIzTD42LgRNTUQ3T4K39Y2EF bceA== X-Gm-Message-State: AOJu0YxLdRgg1wK2frZrsbCzvMVLNrvmEBtp820JdfsBMtRC3mXy5oqA oZ8XPEGqC6qAk6PdWm4cDMpnR8jzmaovjqD9ZaVaUPUthFYY1l8Yj1dgj84UK3JEAU3iIW4Isg1 htqyS9pI= X-Gm-Gg: ASbGncs2j/9FM/gxrXOVTk7stDS6ry9F37FZcaQ3EV4UpchcOBtL+Ar4a0Xd2XW12Yi Z3DT1KG6STgV488F+7rpnMLiHSry3OASPXkXORscknhKqHv++E4RQg9xmhRRBBFKkn03GNZMPTk U7UT5bNYegmsJRwYTdZUBR+K+wzpNSG7xZeuF08Gcs1U0TVIL+G0EnPD7NirLCxApPA5TeP2lW4 PA8XAezs8SRq3GPp0gS9/+2RjhlLluojdHfGyTK50Guh2/EauK6s5yW3VTA4TbFJG+5glNyBvVg n448CVnfQTNmbRCUw/3qHXfXal+jKb9xv+/86SanOcdI5npO97rnjqCPnomgzIBbRTslt1wBdsp ZyvktpEafyq4C X-Google-Smtp-Source: AGHT+IE0U+bLBR0guIbWjfgBCXThz5l3RuZIt5+T53B8fBbnbTuQla9DN+6bF4pzzcfBLcheMnGezg== X-Received: by 2002:a17:90b:5446:b0:32e:358d:666f with SMTP id 98e67ed59e1d1-332a9544cbbmr3592078a91.10.1758638339532; Tue, 23 Sep 2025 07:38:59 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.38.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:38:59 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 1/7] grub2: fix CVE-2024-56738 Date: Tue, 23 Sep 2025 07:38:36 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223884 From: Ross Burton Backport an algorithmic change to grub_crypto_memcmp() so that it completes in constant time and thus isn't susceptible to side-channel attacks. (From OE-Core rev: 30a1cc225a2bd5d044bf608d863a67df3f9c03be) Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- .../grub/files/CVE-2024-56738.patch | 74 +++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2024-56738.patch b/meta/recipes-bsp/grub/files/CVE-2024-56738.patch new file mode 100644 index 0000000000..f6a3641eb1 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2024-56738.patch @@ -0,0 +1,74 @@ +From 4cef2fc7308b2132317ad166939994f098b41561 Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Tue, 9 Sep 2025 14:23:14 +0100 +Subject: [PATCH] CVE-2024-56738 + +Backport an algorithmic change to grub_crypto_memcmp() so that it completes in +constant time and thus isn't susceptible to side-channel attacks. + +This is a partial backport of grub 0739d24cd +("libgcrypt: Adjust import script, definitions and API users for libgcrypt 1.11") + +CVE: CVE-2024-56738 +Upstream-Status: Backport [0739d24cd] +Signed-off-by: Ross Burton +--- + grub-core/lib/crypto.c | 23 ++++++++++++++++------- + include/grub/crypto.h | 2 +- + 2 files changed, 17 insertions(+), 8 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 396f76410..19db7870a 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -433,19 +433,28 @@ grub_crypto_gcry_error (gcry_err_code_t in) + return GRUB_ACCESS_DENIED; + } + ++/* ++ * Compare byte arrays of length LEN, return 1 if it's not same, ++ * 0, otherwise. ++ */ + int +-grub_crypto_memcmp (const void *a, const void *b, grub_size_t n) ++grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len) + { +- register grub_size_t counter = 0; +- const grub_uint8_t *pa, *pb; ++ const grub_uint8_t *a = b1; ++ const grub_uint8_t *b = b2; ++ int ab, ba; ++ grub_size_t i; + +- for (pa = a, pb = b; n; pa++, pb++, n--) ++ /* Constant-time compare. */ ++ for (i = 0, ab = 0, ba = 0; i < len; i++) + { +- if (*pa != *pb) +- counter++; ++ /* If a[i] != b[i], either ab or ba will be negative. */ ++ ab |= a[i] - b[i]; ++ ba |= b[i] - a[i]; + } + +- return !!counter; ++ /* 'ab | ba' is negative when buffers are not equal, extract sign bit. */ ++ return ((unsigned int)(ab | ba) >> (sizeof(unsigned int) * 8 - 1)) & 1; + } + + #ifndef GRUB_UTIL +diff --git a/include/grub/crypto.h b/include/grub/crypto.h +index 31c87c302..20ad4c5f7 100644 +--- a/include/grub/crypto.h ++++ b/include/grub/crypto.h +@@ -393,7 +393,7 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md, + grub_uint8_t *DK, grub_size_t dkLen); + + int +-grub_crypto_memcmp (const void *a, const void *b, grub_size_t n); ++grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len); + + int + grub_password_get (char buf[], unsigned buf_size); +-- +2.43.0 diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 1fe39a59d2..db053b27b0 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -36,6 +36,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2024-45778_CVE-2024-45779.patch \ file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \ file://CVE-2025-0678_CVE-2025-1125.patch \ + file://CVE-2024-56738.patch \ " SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91" From patchwork Tue Sep 23 14:38:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70797 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD097CAC5AE for ; Tue, 23 Sep 2025 14:39:03 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.18539.1758638342668827471 for ; Tue, 23 Sep 2025 07:39:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iKODLL/r; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-77f2c7ba550so2397598b3a.1 for ; Tue, 23 Sep 2025 07:39:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638342; x=1759243142; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QWj7RRgPU5QpDt6xxJ8NpKGEMWyu16awBiDRfwPLDuI=; b=iKODLL/r0zVjvjAB+8zRulkZh0p9OZggMbhrwQN0bFZTJXFEZIN24vC8ONcpphwgoY EeyetjMeLKN32OwS6YiZ1eL8m5fznF6PSCGoRbtiu2WpS9jyks+TXLqDbQvrZiRaenuD MEnCy81C+eBZu3JujzoRBvhllPUCEYmpTXVXyavydqO233mXdrRovnNKGwaB/nqmoQ70 2cScOKQSTRpfVWc2bjOvRst2cw54uQI/29rFOy4X46X+wzOboBpP922xPZ9pNumij2PK FhRWL9ua7/9nqPNSrwTjjmh7vwdagBJVcdepNXaJKWkm9IWn9ufayjvs3Uz1a8kADC0V vrzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638342; x=1759243142; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QWj7RRgPU5QpDt6xxJ8NpKGEMWyu16awBiDRfwPLDuI=; b=XUprLCyRPtj73Y90E5JnxqA+Sc32vfLtOnv1wwuAnexKaBb87rbrNKenUMftVuUpmx ZN25SuWEhKVNmOv6AFCVz9QxaKyNnJypedJ2aC2J+OQQukDhwaRqYtmhRHZxl8ojzaia haddA5i+43q4GeXVIkEJTxR/Z+GHbDVzNBN06hZQHF6ZgWxYCPPoFcOsXeochLqrks1e 5bhWYduRNttvzqFX+ijZJ985zoQmRMu1H2uRvRNF/MXp6pMyGt1L+c8rxf22RTMEMGav bE8NtXduvXLYtc6Aq8vAMRqzg4G/k6Txq1dc9y3KxB1EGXHwq3s1qTtpRz2wZEZvlSfi /Sgg== X-Gm-Message-State: AOJu0YxMV2lwj8FmssqhEDJqaTOfK7S9EouolhlZsz3fYu/SzKzZwmRN HYFa9cPAwBF/180O0uTAfp+JxZq8gZ9BSoShkZWTQYmMpeUxRxsAi0WVi7e1ll5332u+wwQ8r02 MwfUVGQM= X-Gm-Gg: ASbGnct72eSoIG2tZEl23OnUBie7vdS4lDd5+PYHaJ17b3wAl5g8WdwyNO5QzPyh2gG 34yVh2SPBLR8kTI5tepLmzdlhLfKiic7tWm/Rz2WG+8TbGkgwooVmGUKFo41eNbaMOPBGk6J71v oCqa2SG0PMLPuUMO8MLuf2K2Xe/B9gzZHgeYMaZ1S1T1LopEpkyCpu3sX4Y544zBbigMQ2+FNQW 3h9tgK6oiZ2e5vd/D6FWq36ti51HmVNGNMFM22jQtngJDlxn/9eEObSDDqM6dP2EC2G2wRsIfgH YuSV2t3J2R6kxlvY2xPwz4oo1bYZgLyRGCwCpkHoiaJtEKS63sg7p2Tj9lN/FMnj/7B94AOUlHJ 6UEPjyaZlZEf0 X-Google-Smtp-Source: AGHT+IHQdck8Ad5pZufoLVKPlEB/3yrtbQ9sWnT8S5oIgRH04eYqTUgjIMEFjXLG9i4dSXr0URZQOQ== X-Received: by 2002:a05:6a20:4307:b0:262:9451:c648 with SMTP id adf61e73a8af0-2cff72003c0mr4546447637.37.1758638341633; Tue, 23 Sep 2025 07:39:01 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.39.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:39:01 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 2/7] ffmpeg: upgrade 7.1.1 -> 7.1.2 Date: Tue, 23 Sep 2025 07:38:37 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223885 From: Archana Polampalli Fixes CVE-2025-7700 Changelog: https://github.com/FFmpeg/FFmpeg/blob/n7.1.2/Changelog Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../ffmpeg/{ffmpeg_7.1.1.bb => ffmpeg_7.1.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-multimedia/ffmpeg/{ffmpeg_7.1.1.bb => ffmpeg_7.1.2.bb} (99%) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_7.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_7.1.2.bb similarity index 99% rename from meta/recipes-multimedia/ffmpeg/ffmpeg_7.1.1.bb rename to meta/recipes-multimedia/ffmpeg/ffmpeg_7.1.2.bb index d5252bfbdd..1c49bb1fc3 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_7.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_7.1.2.bb @@ -26,7 +26,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2025-22921.patch \ " -SRC_URI[sha256sum] = "733984395e0dbbe5c046abda2dc49a5544e7e0e1e2366bba849222ae9e3a03b1" +SRC_URI[sha256sum] = "089bc60fb59d6aecc5d994ff530fd0dcb3ee39aa55867849a2bbc4e555f9c304" # https://nvd.nist.gov/vuln/detail/CVE-2023-39018 # https://github.com/bramp/ffmpeg-cli-wrapper/issues/291 From patchwork Tue Sep 23 14:38:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6533CAC5A7 for ; Tue, 23 Sep 2025 14:39:13 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.18685.1758638344658283241 for ; Tue, 23 Sep 2025 07:39:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ztN7sbAA; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-76e2ea933b7so5206091b3a.1 for ; Tue, 23 Sep 2025 07:39:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638344; x=1759243144; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IvrAZbzpmtLOdE4VQBqU87RFqqW2is242u52Cu674og=; b=ztN7sbAAVr/QvLF9ySJt3S1adP6asTa34VHOFcPfijXrO4Yw5ST/KJo/yQaAV+cWSL tJ4Bn8iSjzzrXxZcI12uIGkul8Hq60ULxMc2YRN2ALo1UBaLpPCa3CyxHxcUzizIVNDv WPwykCCQ9DTL9qYFfCPxuqOvC57dsOvdDoJWuVJ/B0B9ClASom7e8V5WDcogEALlpeXz CldFEG9Q3LpJFKrdbSzyzep0r4JxTt7huIm7BkCKxEqlSJWtO7+EvxYTudXrJ7Aw6n5+ Ttz6uXXXKH89Q8/ct8n7/hxYaeRBhe0LdFXLAL+hlBV6M7nxL5XYmK5J6Ssoq1A43DMQ NS1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638344; x=1759243144; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IvrAZbzpmtLOdE4VQBqU87RFqqW2is242u52Cu674og=; b=t0JB/yhVx9RLLbNRPsN3nBXQdEcz7M8TNn9CtMBGwprhacoQDQBft3nw6KAFnlNkvw jMi3uaEWs2HyduHwv2fqyGNzNSVvOiVKvlgMp3eiiZiDFWwmVxjJgxUAkxma11Wedpod IddTM5h1BYcHL8MpoKrD8i1OfHm8Pq1ai6Wux/9a3Twwlfnks29f4VSZMLS0SVDD0Fca LM17qcjvyRA6KK8LZgxi6r4Yjf9h41MgZbdVaHmCeS+NY7HhrcCcmV6sBbPFjxv2NOI/ /8A8VKjpnP1QAbPzFZPVhYGwSZNFYnRGMZeRItVPX4GLzLd6yUdxnIk/sPOc+W/O76j1 G2kQ== X-Gm-Message-State: AOJu0Yyt8wqAWOMyhaYGtDpbTowrsUxpQdDrAXpvvCPSpXpSfyAf3ceE SoNT0tbc+ho7+/riPAbRq5rLofljjIPzbMtio6n0LbMuE7+7C8MNIfCai2SXnqaKfmECNKkb8MD tvL8/BPA= X-Gm-Gg: ASbGnctB6ruNPCAsIiY4r+PxUnjHq2KIfaQHznXkXUqfAwTYFBLUU56CyUF46sSSGIp nC2gjC77Z3Mgd30rlXj00YrAcUSnmbXZicrFMhQe6U+SKlymkNDtyD0zcxBQYoMNFewmBoR58eX fTt/z6h9aQ7jsPqFWautY8m9T/W+0vwZ5ZJwEpzFBH3ItJyd9++piHd9m6VErhRm58wLX4HlZ7H YJ85sGs/0M+F9GbN5bycdk34h0uL/6+Gufa4V18FvOrRsdO1FUD3VESIHF9MBjrlT+MyGpOuG4f cGsAr6UXMwj8ObPnxVv0ugJAeexh03wGsexNJ9vfxLIbtnEqRGNcMot+Wa0fnBHWDNtnz/+wq8m HG48NknZ8qoy1 X-Google-Smtp-Source: AGHT+IGFZUxUIFZJxNekQqMDBNEjdpfJTGfa7QWx1fidVX1qZ/ih1nSU4a1StNRs62JfQ28LSrr2Yg== X-Received: by 2002:a05:6a21:3291:b0:2c4:5793:3419 with SMTP id adf61e73a8af0-2d1237cd4f6mr3679703637.27.1758638343538; Tue, 23 Sep 2025 07:39:03 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.39.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:39:03 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 3/7] linux-yocto/6.12: update to v6.12.47 Date: Tue, 23 Sep 2025 07:38:38 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223886 From: Bruce Ashfield Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: no ids found, dumping: f6cf124428f51 Linux 6.12.47 766424cef1e6b x86/vmscape: Add old Intel CPUs to affected list 8d675611b96a6 x86/vmscape: Warn when STIBP is disabled with SMT 28504e31029b1 x86/bugs: Move cpu_bugs_smt_update() down 459274c77b37a x86/vmscape: Enable the mitigation d7ddc93392e4a x86/vmscape: Add conditional IBPB mitigation 7c62c442b6eb9 x86/vmscape: Enumerate VMSCAPE bug 4c6fbb4dba3fc Documentation/hw-vuln: Add VMSCAPE documentation d497f0738df95 Linux 6.12.46 cf3c7fd1c466b dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() fd0333fe3cb17 md/raid1: fix data lost for writemostly rdev 8352fdfc04db3 riscv, bpf: use lw when reading int cpu in bpf_get_smp_processor_id 1a1e84c284169 riscv, bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG fecd903917861 riscv: use lw when reading int cpu in asm_per_cpu 8d164de928aa3 riscv: use lw when reading int cpu in new_vmalloc_check 489be48ea1059 riscv: Only allow LTO with CMODEL_MEDANY fce8d4599b8c7 ACPI: RISC-V: Fix FFH_CPPC_CSR error handling 514600ed8d85b md: prevent incorrect update of resync/recovery offset 1affb649e221d tools: gpio: remove the include directory on make clean e9998d65bca2c drm/amd/amdgpu: Fix missing error return on kzalloc failure 203719d82999b perf bpf-utils: Harden get_bpf_prog_info_linear 150101bbe24ab perf bpf-utils: Constify bpil_array_desc 25eac390c4af3 perf bpf-event: Fix use-after-free in synthesis beec8f807ecc2 drm/bridge: ti-sn65dsi86: fix REFCLK setting d0f379279cd84 spi: spi-fsl-lpspi: Clear status register after disabling the module 15d3ab4858797 spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort 8d981d2230e90 spi: spi-fsl-lpspi: Set correct chip-select polarity bit ed635ec0b5458 spi: spi-fsl-lpspi: Fix transmissions when using CONT a5760d3fb6e35 scsi: sr: Reinstate rotational media flag 0073c41d4b99f block: add a queue_limits_commit_update_frozen helper 2ec315207ccb8 hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM 212e17721839d platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID ee1df9ba388bd platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk 289b58f8ff319 pcmcia: Add error handling for add_interval() in do_validate_mem() 278842aca27e4 pcmcia: omap: Add missing check for platform_get_resource 2a7cf13dd6740 Revert "drm/amdgpu: Avoid extra evict-restore process." c5e6e56f2ce37 ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY ebdf11cf294aa ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model 17cab7b45f4db rust: support Rust >= 1.91.0 target spec 585a593ad5e8b dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() 523aefb90b593 thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold 1ee0e14814b88 mm: fix accounting of memmap pages a7f7d4223ff05 kunit: kasan_test: disable fortify string checker on kasan_strings() test 607b2bf5708fe nouveau: fix disabling the nonstall irq due to storm code dda6ec365ab04 mm/slub: avoid accessing metadata when pointer is invalid in object_err() 9cd3206f0126d mm, slab: cleanup slab_bug() parameters d06b739f41dcc mm: slub: call WARN() when detecting a slab corruption 20a54a8db4dd8 mm: slub: Print the broken data before restoring them 60196f92bbc79 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb 59599bce44af3 net: fix NULL pointer dereference in l3mdev_l3_rcv fa4abd439f275 wifi: ath11k: update channel list in worker when wait flag is set 26618c039b78a wifi: ath11k: update channel list in reg notifier instead reg worker eddca44ddf810 ext4: avoid journaling sb update on error if journal is destroying c868e9306ea6f ext4: define ext4_journal_destroy wrapper 2c46c14fd386a md/raid1,raid10: strip REQ_NOWAIT from member bios ed6aac13dd9d6 md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT 73506e581c0b1 md/raid1,raid10: don't ignore IO flags 3fbe3f4c57fda net: dsa: b53: do not enable EEE on bcm63xx b765b9ee4e5a8 net: dsa: b53/bcm_sf2: implement .support_eee() method cda6c5c095e19 net: dsa: provide implementation of .support_eee() f7976772b16a7 net: dsa: add hook to determine whether EEE is supported 6482c3dccbfb8 fs/fhandle.c: fix a race in call of has_locked_children() b9290581d2ecf microchip: lan865x: Fix LAN8651 autoloading fe03df84e19ef microchip: lan865x: Fix module autoloading bb8fd694ba6b4 net: pcs: rzn1-miic: Correct MODCTRL register offset b370f7b1f470a e1000e: fix heap overflow in e1000_set_eeprom 1f797f062b5cf cifs: prevent NULL pointer dereference in UTF16 conversion 20080709457bc batman-adv: fix OOB read/write in network-coding decode 367cb5ffd8a8a scsi: lpfc: Fix buffer free/clear order in deferred receive path cc5911dc2f989 platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list 274668efe1a26 drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG 608a015c65cc9 drm/amdgpu: drop hw access in non-DC audio fini 3573291c7901a net: ethernet: oa_tc6: Handle failure of spi_setup 089fd41902ee6 wifi: mt76: mt7925: fix the wrong bss cleanup for SAP eefa2ad9009b2 wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() a001c2f6a40c1 wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete 06616410a3e5e wifi: mwifiex: Initialize the chan_stats array to zero 2fae927c25bbf soc: qcom: mdt_loader: Deal with zero e_shentsize c2daa6eb47407 of_numa: fix uninitialized memory nodes causing kernel panic 3eebe856d09b6 proc: fix missing pde_set_flags() for net proc files f4a917e6cd6c7 ocfs2: prevent release journal inode after journal shutdown 28ef61701e298 kasan: fix GCC mem-intrinsic prefix with sw tags b3ec50cc5eb5c sched: Fix sched_numa_find_nth_cpu() if mask offline 243b705a90ed8 mm: slub: avoid wake up kswapd in set_track_prepare cd0236550cf80 mm: fix possible deadlock in kmemleak 4f7537772011f mm: move page table sync declarations to linux/pgtable.h b051f70701896 mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE b7f4051dd3388 x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() 094ba14a471cc io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU fafa7450075f4 pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() 650c14abe3031 arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE d2b18756dbbba ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() 54c49eca38dbd accel/ivpu: Prevent recovery work from being queued during device removal 47c72af327270 ALSA: usb-audio: Add mute TLV for playback volumes on some devices 594a8a74e02b1 phy: mscc: Stop taking ts_lock for tx_queue and use its own lock 3ed0d6a7b3220 selftest: net: Fix weird setsockopt() in bind_bhash.c. 631fc8ab5beb9 ppp: fix memory leak in pad_compress_skb d0ecda6fdd840 net: xilinx: axienet: Add error handling for RX metadata pointer retrieval 4a5633b22fc72 net: atm: fix memory leak in atm_register_sysfs when device_register fail 89064cf534bea ax25: properly unshare skbs in ax25_kiss_rcv() 5ad5be90414dc mctp: return -ENOPROTOOPT for unknown getsockopt options b3bab397a377e net/smc: Remove validation of reserved bits in CLC Decline message 8b3e9f5567433 ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() ae9459f2acb35 net: thunder_bgx: decrement cleanup index before use 2a12c6d58de0a net: thunder_bgx: add a missing of_node_put 31229145e6ba5 wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() 92bedee7168d4 wifi: libertas: cap SSID len in lbs_associate() cedbbba8a8e82 wifi: cw1200: cap SSID length in cw1200_do_join() e211e3f4199ac vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects 317122c53d5f2 vxlan: Rename FDB Tx lookup function 02bebe7d0483d vxlan: Add RCU read-side critical sections in the Tx path 9238419f6de35 vxlan: Avoid unnecessary updates to FDB 'used' time 300b4e8ff890a vxlan: Refresh FDB 'updated' time upon 'NTF_USE' c1ce8ee5d7c6a net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE 6fa0469be9cf5 net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() da1178c6e9bb4 net: vxlan: use kfree_skb_reason() in vxlan_xmit() e89198454fb62 net: vxlan: make vxlan_set_mac() return drop reasons 4ff4f3104da65 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object 5cf22915f2c37 net: vxlan: make vxlan_snoop() return drop reasons b186fb3bb3cd0 net: vxlan: add skb drop reasons to vxlan_rcv() 74872113f895d net: tunnel: add pskb_inet_may_pull_reason() helper 14f0d3c704b92 net: skb: add pskb_network_may_pull_reason() helper f8b4b6f7c2bbf net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets 46d33c878fc0b net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 609a8ffff5a0d wifi: ath11k: fix group data packet drops during rekey 682105ab63826 ixgbe: fix incorrect map used in eee linkmode 66e7cdbda74ee i40e: Fix potential invalid access when MAC list is empty 70d3dad7d5ad0 i40e: remove read access to debugfs files b862a132b43ec idpf: set mac type when adding and removing MAC filters 2cde98a02da95 ice: fix NULL access of tx->in_use in ice_ll_ts_intr 18cdfd7f699b9 net: mctp: mctp_fraq_queue should take ownership of passed skb eb929910bd4b4 net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() 0925c3c0c6d05 macsec: read MACSEC_SA_ATTR_PN with nla_get_uint 7db8aa3fc4ed0 net: macb: Fix tx_ptr_lock locking f3d761e527c55 icmp: fix icmp_ndo_send address translation for reply direction dd70cd6a44f5c bnxt_en: fix incorrect page count in RX aggr ring log 29b58eedbc5ac selftests: drv-net: csum: fix interface name for remote host 349f7dbe3b5ab mISDN: Fix memory leak in dsp_hwec_enable() 63480696b872a xirc2ps_cs: fix register access when enabling FullDuplex a22ec2ee824be net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y e7a903c429e5c netfilter: nft_flowtable.sh: re-run with random mtu sizes 306b0991413b4 Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() 1503756fffe76 Bluetooth: vhci: Prevent use-after-free by removing debugfs files early c2e32ac3f107e wifi: iwlwifi: uefi: check DSM item validity 7614b00f16e53 netfilter: conntrack: helper: Replace -EEXIST by -EBUSY c47ca77fee907 netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm e4d5a5fc61fdc wifi: mt76: fix linked list corruption 2aef3667e6b0f wifi: mt76: free pending offchannel tx frames on wcid cleanup 1fb26fd3f6015 wifi: mt76: prevent non-offchannel mgmt tx during scan/roc d9f2fb6a2ac83 wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() 3e789f8475f6c wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work 5b7ae04969f82 wifi: cfg80211: fix use-after-free in cmp_bss() 863443b02837d mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up b32990fb5738f mmc: sdhci-of-arasan: Support for emmc hardware reset 1ec1b0d5e2758 LoongArch: vDSO: Remove -nostdlib complier flag 0a97a654a26a7 LoongArch: vDSO: Remove --hash-style=sysv ed6a4c0ca7c53 net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition 9c111e6e31e88 net: usb: qmi_wwan: fix Telit Cinterion FE990A name 67ffb6a337b1d net: usb: qmi_wwan: fix Telit Cinterion FN990A name d3b504146c111 HID: core: Harden s32ton() against conversion to 0 bits d6cfa97a4d6f3 HID: stop exporting hid_snto32() 7a7ba33110698 HID: simplify snto32() a905edfec7447 arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC 12fa00b401c0e arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM b9e9092995aae arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off 606ae71e158d3 tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" 02a90ca443676 arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro 3f3d54180accf tee: fix memory leak in tee_dyn_shm_alloc_helper 963fca19fe34c tee: fix NULL pointer dereference in tee_shm_put e63052921f1b2 fs: writeback: fix use-after-free in __mark_inode_dirty() 6839108b660b4 btrfs: zoned: skip ZONE FINISH of conventional zones 70a6e89b338bb Bluetooth: hci_sync: Avoid adding default advertising on startup e04e08c2c3878 cpupower: Fix a bug where the -t option of the set subcommand was not working. 5817d249d3cc0 drm/amd/display: Don't warn when missing DCE encoder caps d619c55d7455e cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN 8e504a5ad6d98 LoongArch: Save LBT before FPU in setup_sigcontext() 8446ff5a8377c btrfs: avoid load/store tearing races when checking if an inode was logged 3d9c5e1512422 btrfs: fix race between setting last_dir_index_offset and inode logging 37c491006e539 btrfs: fix race between logging inode and checking if it was logged before 41688d1fc5d16 bpf: Fix oob access in cgroup local storage f1f241ee13403 bpf: Move cgroup iterator helpers to bpf.h f13441c171d56 bpf: Move bpf map owner out of common struct 963e79f6bdac5 bpf: Add cookie object to bpf maps b0c51e95f54e5 Linux 6.12.45 9a7141d4808dc thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands 739229eb4d5cd thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data d1f4b09d9bb99 thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const 79f6a6460ef30 Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" 7259d9d6f0ae7 PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up 72fdedb69cad9 PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS 1d9c73561c581 net: rose: fix a typo in rose_clear_routes() 56f376507b1a0 drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode 31ce7c089b50c drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv c5e42567724ee drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 2de53596eeb20 drm/nouveau/disp: Always accept linear modifier c8277d229c784 drm/xe/vm: Clear the scratch_pt pointer on error dcdf36f1b6788 xfs: do not propagate ENODATA disk errors into xattr code 806fdb4422128 smb3 client: fix return code mapping of remap_file_range 6c1f8cef93dbd net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions 4735f5991f514 fs/smb: Fix inconsistent refcnt update 23d7325151d43 dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted c50747a963c49 blk-zoned: Fix a lockdep complaint about recursive locking 07b367f7ebb14 Revert "drm/amdgpu: fix incorrect vm flags to map bo" 98520a9a3d69a HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() 82e721413565d HID: wacom: Add a new Art Pen 2 64eb2737fa351 HID: logitech: Add ids for G PRO 2 LIGHTSPEED 14dfac42f5334 HID: quirks: add support for Legion Go dual dinput modes 3055309821dd3 HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() c0d77e3441a92 HID: asus: fix UAF via HID_CLAIMED_INPUT validation 44bce62994fa2 x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON 43be33b8a2f2b x86/microcode/AMD: Handle the case of no BIOS microcode c76bf8359188a RISC-V: KVM: fix stack overrun when loading vlenb 67a05679621b7 KVM: x86: use array_index_nospec with indices that come from guest 7b6b76e3f0790 net: macb: Disable clocks once c2925cd620707 efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare 7aab65c62a8a8 fbnic: Move phylink resume out of service_task and into open/close d2d08fc3577f1 l2tp: do not use sock_hold() in pppol2tp_session_get_sock() 1bbc0c02aea1f sctp: initialize more fields in sctp_v6_from_sk() d7563b456ed44 net: rose: include node references in rose_neigh refcount 0085b250fcc79 net: rose: convert 'use' field to refcount_t 8e88504a28743 net: rose: split remove and free operations in rose_remove_neigh() e98884092a53c net: hv_netvsc: fix loss of early receive events from host during channel open. 22b6f45719672 hv_netvsc: Link queues to NAPIs 6037d6f243c18 net: stmmac: Set CIC bit only for TX queues with COE 62c8b75da2d70 net: stmmac: xgmac: Correct supported speed modes 160a7e072a0ce net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts fe67f30b41f13 net/mlx5e: Set local Xoff after FW update 628df4d5d8e09 net/mlx5e: Update and set Xon/Xoff upon port speed set 1f5f18acd8dd8 net/mlx5e: Update and set Xon/Xoff upon MTU set bde946b2a06d3 net/mlx5: Nack sync reset when SFs are present 0c87dba9ccd38 net/mlx5: Fix lockdep assertion on sync reset unload event 00a098e960454 net/mlx5: Reload auxiliary drivers on fw_activate 17209bada19e9 bnxt_en: Fix stats context reservation logic 35e129b060444 bnxt_en: Adjust TX rings if reservation is less than requested d00e98977ef51 bnxt_en: Fix memory corruption when FW resources change during ifdown 3d6a89fecf41d phy: mscc: Fix when PTP clock is register and unregister 2c697970da492 drm/xe: Don't trigger rebind on initial dma-buf validation 83f94a04074e2 drm/xe/xe_sync: avoid race during ufence signaling 77ff27ff0e452 efi: stmm: Fix incorrect buffer allocation method ee8c2f7d8f653 net: dlink: fix multicast stats being counted incorrectly c1cd3cede22e2 dt-bindings: display/msm: qcom,mdp5: drop lut clock 32c8031015d2f ice: fix incorrect counter for buffer allocation failures e8b97c7cda142 ice: use fixed adapter index for E825C embedded devices 5ff0860d1f618 ice: don't leave device non-functional if Tx scheduler config fails 43f72994e4dda drm/nouveau: remove unused memory target test 0d70a166dec65 drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr 33f9e6dc66b32 atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). 2651657f57e77 Bluetooth: hci_sync: fix set_local_name race condition 7c3df1b8a3a9f Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced d1f4364d84059 Bluetooth: hci_event: Mark connection as closed during suspend disconnect aacecaee1b454 Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success ff0d3bad32108 net: macb: fix unregister_netdev call order in macb_remove() 8ac194ad5254b HID: input: report battery status changes immediately e2cf56faa25f1 HID: input: rename hidinput_set_battery_charge_status() eb7eafbfd1a27 powerpc/kvm: Fix ifdef to remove build warning 7d5cc22efa44e drm/mediatek: Add error handling for old state CRTC in atomic_disable 469a026cac4a2 drm/msm: update the high bitfield of certain DSI registers bc0aff1e703fd drm/msm/kms: move snapshot init earlier in KMS init 46efab01648a0 of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() 7536b29903344 drm/msm: Defer fd_install in SUBMIT ioctl 81ff76c1b0882 net: ipv4: fix regression in local-broadcast routes cbc00a76a5ff9 vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() f5da8116cd52e ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list cc2ec79a6cb14 erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC cd79a25f451e9 ASoC: codecs: tx-macro: correct tx_macro_component_drv name c9991af5e0992 smb: client: fix race with concurrent opens in rename(2) c2c9d0ae69714 smb: client: fix race with concurrent opens in unlink(2) ba884ba29cc94 scsi: core: sysfs: Correct sysfs attributes access rights 7bab8fb51d3b1 vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER 2e6e208825bf9 perf symbol-minimal: Fix ehdr reading in filename__read_build_id ced94e137e6cd ftrace: Fix potential warning in trace_printk_seq during ftrace_dump 0d3471ab7186c of: dynamic: Fix use after free in of_changeset_add_prop_helper() 76c872066d75f mips: lantiq: xway: sysctrl: rename the etop node 41534a4790620 mips: dts: lantiq: danube: add missing burst length property f945cb27fea12 pinctrl: STMFX: add missing HAS_IOMEM dependency 9362d520b2b44 of: dynamic: Fix memleak when of_pci_add_properties() failed 2a2deb9f8df70 trace/fgraph: Fix the warning caused by missing unregister notifier f471b3e24d1ec rtla: Check pkg-config install 9903b4afd70f3 tools/latency-collector: Check pkg-config install Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 0d67510cdd9b55af82797eb6f624513868fd7dd5) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_6.12.bb | 6 ++-- .../linux/linux-yocto-tiny_6.12.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb index aba255dfa3..e04450bf99 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "2f3bb461fad19a35096f049d947cc639f517e22b" -SRCREV_meta ?= "b14d2173319779e94720b45b7be544da8a5f4026" +SRCREV_machine ?= "b463156a724cd3f095e1dadd87bf3c1c8115c9ff" +SRCREV_meta ?= "fb30a9a1d027d938de70890be92c22b33e0194b1" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.12.44" +LINUX_VERSION ?= "6.12.47" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb index 75d4116c3c..03582980bd 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.12.inc -LINUX_VERSION ?= "6.12.44" +LINUX_VERSION ?= "6.12.47" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_meta ?= "b14d2173319779e94720b45b7be544da8a5f4026" +SRCREV_machine ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_meta ?= "fb30a9a1d027d938de70890be92c22b33e0194b1" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb index 2e4e5ea7eb..87c2e9375e 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base" KBRANCH:qemuloongarch64 ?= "v6.12/standard/base" KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "62c2bce13752b28ac71dae8ea8d9364e55443b60" -SRCREV_machine:qemuarm64 ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemuloongarch64 ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemumips ?= "2a0916216246246cacbe4cccab8ec82bf5632df4" -SRCREV_machine:qemuppc ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemuriscv64 ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemuriscv32 ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemux86 ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemux86-64 ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_machine:qemumips64 ?= "8d94c777a9e942a599e10384f6747b3404368264" -SRCREV_machine ?= "cb57c5e0ea50dc87ee76514c4237291a365c2cd9" -SRCREV_meta ?= "b14d2173319779e94720b45b7be544da8a5f4026" +SRCREV_machine:qemuarm ?= "ace248eb90be5ddc94caea17db41d7190fc87817" +SRCREV_machine:qemuarm64 ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemuloongarch64 ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemumips ?= "a766160558c9434368462f9fada2ac0871017cbd" +SRCREV_machine:qemuppc ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemuriscv64 ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemuriscv32 ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemux86 ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemux86-64 ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_machine:qemumips64 ?= "ea35e13b7cd3d7cea1c2e8c17f8144209496a8b7" +SRCREV_machine ?= "8161e9a0fe4611484f3f055a7c633759a513bd84" +SRCREV_meta ?= "fb30a9a1d027d938de70890be92c22b33e0194b1" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "11a24528d080a6ac23f07d6031da9e271728d62d" +SRCREV_machine:class-devupstream ?= "f6cf124428f51e3ef07a8e54c743873face9d2b2" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.12/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.12.44" +LINUX_VERSION ?= "6.12.47" PV = "${LINUX_VERSION}+git" From patchwork Tue Sep 23 14:38:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70800 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAE8BCAC5AC for ; Tue, 23 Sep 2025 14:39:13 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.18686.1758638346451448863 for ; Tue, 23 Sep 2025 07:39:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=X/DmfIoJ; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-76e4fc419a9so5709449b3a.0 for ; Tue, 23 Sep 2025 07:39:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638346; x=1759243146; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f5KnF5Ul7wYUQT2zmVBt9sNT1VB9mUXcjrYviF1PQOw=; b=X/DmfIoJr9wI6cxWSWwQkTl6ix5UPinE8ikmtHPvXYLpOHhWX7WMG4RsTHX286Bap6 GqcgDCEAgbcyAOMEJ5mxCioXcxfN5HhC2kDTKceRcBVDibBzY9VVvGF8XcJkO3NmQqFC 8NrCn2rGcv8Xs8RD5puq6fR2odzEyGfmEB2VUC4Lbe4OJsndr9rVgA6OLDs6U+6DUbHq iE3VL9yyzk0XsodqDBfspc9Upfr+aIvoAo0aq2dvoSW8qjK/Io2XzCyT/BocHDkfQ9DW c87Xr7ssrrIKwlr3IEhF6rx/V/lFgygZrjTs1WEIhaMKvaKB1qEkQuBRJAYoRVUaFs0V QnSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638346; x=1759243146; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f5KnF5Ul7wYUQT2zmVBt9sNT1VB9mUXcjrYviF1PQOw=; b=B/IrylK5gDmxuJhfO8pdXSHgCu2alxCIVJUK2Y1yzYegiFnOo+0ZFcytsskIJz0xwl XTv3izHsz+4uEtlFKw3QQxdDEJN5LfQOJirYKtJl3hFO86LWDnwvLklaJnwdyJ/ws7fP dQSmWL26mI5YIZvafSdgJe7cJA36AfwWGXtDOKXSWPC0ruX30z1ok3QwDklamWhM7zJS zpjYFGma/xBJEgBQw0xkQTwf5v3ab6+PkUk+nAPTmb8yGQ0AzpDGs45uLWqviUxC+fNB /ZJPMAHrYrAE6a2kudzhYm+ptWNPbCC4ogHWtRyjWczwW3SnDYQVAxLj8S0Uhjf4e6cz QMVg== X-Gm-Message-State: AOJu0Yw/eX5fgZe77o22EONqWMpaB1h1vl82epBih9Xd3lEeJNqZF1+D 5VUN49WHi7F0KeYKOgcGko997nC9ZMKOTwWqdhV4AmNcpfSVwNjxh5Cy/4aFgMREhXUmzVO53Sa ECqmQ6bw= X-Gm-Gg: ASbGncsM2SVigh0cphuI08u3uKhJYn3O6P6jxoZQyyVsmxrxssf6K7XB/X/fYNW6qUH wudbOT4+zRreLf0cMDevP9eXVcGyaSCcLftPypD0qN1uFPxmWk0ZJSoOoNqrTZGVajCmZCHUhhd SeIjifoXVr9zPPVME0k74DlQSytOg3bRYc1geg+HRWGGGSjz35pQSZr3rZ0ND+PXh+2klqivJd0 cst5FYfEbChRGfQrhbBS7Noapgvjs516gvou7Rs0+ZTeCRDbJCEmlxKVtoFtwkq/DJAMORGPKzp cbwufy8tmypvUVVDsu+99xyuCTV8xvQbjoP7V9GYvGDYfWEccOA92/2SAG23Aa57TpyPIoc41Hk giJ0TnREc056H0YZgPVsnktM= X-Google-Smtp-Source: AGHT+IHD9zaG0RHklmJIn12LJzJkMbrwHtQrf9CE2XiiTQtTqQulGOSzJsVHAksdgdmgP17k14lOJQ== X-Received: by 2002:a05:6a20:728d:b0:279:90c2:f890 with SMTP id adf61e73a8af0-2cff2ec6983mr3879592637.59.1758638345235; Tue, 23 Sep 2025 07:39:05 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.39.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:39:04 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 4/7] linux-yocto/6.12: update CVE exclusions (6.12.47) Date: Tue, 23 Sep 2025 07:38:39 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223887 From: Bruce Ashfield Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2025-10421 - 0 updated CVEs: Date: Mon, 15 Sep 2025 02:20:02 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 46d3b3c35dd493016a752e07af854a92e38f52ae) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 396 +++++++++++++++++- 1 file changed, 377 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index b5a43986a9..f504ce64d3 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,12 +1,12 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-09-03 20:06:37.780942+00:00 for kernel version 6.12.44 -# From linux_kernel_cves cve_2025-09-03_1900Z-6-ga45e93ffde5 +# Generated at 2025-09-15 02:51:11.905579+00:00 for kernel version 6.12.47 +# From linux_kernel_cves cve_2025-09-15_0200Z python check_kernel_cve_status_version() { - this_version = "6.12.44" + this_version = "6.12.47" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -5849,8 +5849,6 @@ CVE_STATUS[CVE-2023-53135] = "fixed-version: Fixed from version 6.3" CVE_STATUS[CVE-2023-53136] = "fixed-version: Fixed from version 6.3" -CVE_STATUS[CVE-2023-53137] = "fixed-version: Fixed from version 6.3" - CVE_STATUS[CVE-2023-53138] = "fixed-version: Fixed from version 6.3" CVE_STATUS[CVE-2023-53139] = "fixed-version: Fixed from version 6.3" @@ -12933,7 +12931,7 @@ CVE_STATUS[CVE-2025-22101] = "cpe-stable-backport: Backported in 6.12.36" CVE_STATUS[CVE-2025-22102] = "cpe-stable-backport: Backported in 6.12.30" -# CVE-2025-22103 needs backporting (fixed from 6.15) +CVE_STATUS[CVE-2025-22103] = "cpe-stable-backport: Backported in 6.12.46" # CVE-2025-22104 needs backporting (fixed from 6.15) @@ -12953,7 +12951,7 @@ CVE_STATUS[CVE-2025-22110] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-22112] = "cpe-stable-backport: Backported in 6.12.35" -# CVE-2025-22113 needs backporting (fixed from 6.15) +CVE_STATUS[CVE-2025-22113] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-22114] = "fixed-version: only affects 6.14 onwards" @@ -12975,9 +12973,9 @@ CVE_STATUS[CVE-2025-22122] = "cpe-stable-backport: Backported in 6.12.33" CVE_STATUS[CVE-2025-22123] = "cpe-stable-backport: Backported in 6.12.33" -# CVE-2025-22124 needs backporting (fixed from 6.15) +CVE_STATUS[CVE-2025-22124] = "cpe-stable-backport: Backported in 6.12.46" -# CVE-2025-22125 needs backporting (fixed from 6.15) +CVE_STATUS[CVE-2025-22125] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.12.25" @@ -12993,7 +12991,7 @@ CVE_STATUS[CVE-2025-22128] = "cpe-stable-backport: Backported in 6.12.35" # CVE-2025-23132 needs backporting (fixed from 6.15) -# CVE-2025-23133 needs backporting (fixed from 6.15) +CVE_STATUS[CVE-2025-23133] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-23134] = "cpe-stable-backport: Backported in 6.12.23" @@ -14095,7 +14093,7 @@ CVE_STATUS[CVE-2025-38270] = "cpe-stable-backport: Backported in 6.12.34" CVE_STATUS[CVE-2025-38271] = "fixed-version: only affects 6.15 onwards" -# CVE-2025-38272 needs backporting (fixed from 6.16) +CVE_STATUS[CVE-2025-38272] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-38273] = "cpe-stable-backport: Backported in 6.12.34" @@ -14163,7 +14161,7 @@ CVE_STATUS[CVE-2025-38304] = "cpe-stable-backport: Backported in 6.12.34" CVE_STATUS[CVE-2025-38305] = "cpe-stable-backport: Backported in 6.12.34" -# CVE-2025-38306 needs backporting (fixed from 6.16) +CVE_STATUS[CVE-2025-38306] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-38307] = "cpe-stable-backport: Backported in 6.12.34" @@ -14457,7 +14455,7 @@ CVE_STATUS[CVE-2025-38451] = "cpe-stable-backport: Backported in 6.12.39" CVE_STATUS[CVE-2025-38452] = "cpe-stable-backport: Backported in 6.12.39" -# CVE-2025-38453 needs backporting (fixed from 6.16) +CVE_STATUS[CVE-2025-38453] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-38454] = "cpe-stable-backport: Backported in 6.12.39" @@ -14555,7 +14553,7 @@ CVE_STATUS[CVE-2025-38500] = "cpe-stable-backport: Backported in 6.12.41" CVE_STATUS[CVE-2025-38501] = "cpe-stable-backport: Backported in 6.12.42" -# CVE-2025-38502 needs backporting (fixed from 6.17rc1) +CVE_STATUS[CVE-2025-38502] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-38503] = "cpe-stable-backport: Backported in 6.12.39" @@ -14663,7 +14661,7 @@ CVE_STATUS[CVE-2025-38554] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2025-38555] = "cpe-stable-backport: Backported in 6.12.42" -# CVE-2025-38556 needs backporting (fixed from 6.17rc1) +CVE_STATUS[CVE-2025-38556] = "cpe-stable-backport: Backported in 6.12.46" CVE_STATUS[CVE-2025-38557] = "cpe-stable-backport: Backported in 6.12.42" @@ -14757,8 +14755,6 @@ CVE_STATUS[CVE-2025-38601] = "cpe-stable-backport: Backported in 6.12.42" CVE_STATUS[CVE-2025-38602] = "cpe-stable-backport: Backported in 6.12.42" -CVE_STATUS[CVE-2025-38603] = "fixed-version: only affects 6.16 onwards" - CVE_STATUS[CVE-2025-38604] = "cpe-stable-backport: Backported in 6.12.42" # CVE-2025-38605 needs backporting (fixed from 6.17rc1) @@ -14773,8 +14769,6 @@ CVE_STATUS[CVE-2025-38609] = "cpe-stable-backport: Backported in 6.12.42" CVE_STATUS[CVE-2025-38610] = "cpe-stable-backport: Backported in 6.12.42" -CVE_STATUS[CVE-2025-38611] = "cpe-stable-backport: Backported in 6.12.42" - CVE_STATUS[CVE-2025-38612] = "cpe-stable-backport: Backported in 6.12.42" CVE_STATUS[CVE-2025-38613] = "fixed-version: only affects 6.13 onwards" @@ -14909,16 +14903,378 @@ CVE_STATUS[CVE-2025-38677] = "cpe-stable-backport: Backported in 6.12.44" # CVE-2025-38678 needs backporting (fixed from 6.17rc2) +CVE_STATUS[CVE-2025-38679] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38680] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38681] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38682] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38683] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38684] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38685] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38686] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38687] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38688] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38689] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38690] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38691] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38692] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38693] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38694] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38695] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38696] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38697] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38698] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38699] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38700] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38701] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38702] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38703] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38704] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38705] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38706] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38707] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38708] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38709] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38710] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38711] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38712] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38713] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38714] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38715] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38716] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38717] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38718] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38719] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-38720] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-38721] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38722] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38723] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38724] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38725] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38726] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38727] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38728] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38729] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38730] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38731] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38732] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38733] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38734] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38735] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38736] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38737] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39673] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39674] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39675] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39676] = "cpe-stable-backport: Backported in 6.12.44" + +# CVE-2025-39677 needs backporting (fixed from 6.17rc3) + +# CVE-2025-39678 needs backporting (fixed from 6.17rc3) + +CVE_STATUS[CVE-2025-39679] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39680] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-39681] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39682] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39683] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39684] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39685] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39686] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39687] = "cpe-stable-backport: Backported in 6.12.44" + CVE_STATUS[CVE-2025-39688] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2025-39689] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39690] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39691] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39692] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39693] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39694] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39695] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39696] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39697] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39698] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39699] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-39700] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39701] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39702] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39703] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39704] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-39705] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39706] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39707] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39708] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-39709] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39710] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39711] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39712] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39713] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39714] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39715] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39716] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39717] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-39718] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39719] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39720] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39721] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39722] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39723] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39724] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39725] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-39726] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-39727] = "cpe-stable-backport: Backported in 6.12.42" + CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2025-39729] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39730] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-39731] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-39732] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-39733] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-39734] = "cpe-stable-backport: Backported in 6.12.42" + CVE_STATUS[CVE-2025-39735] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2025-39736] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39737] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39738] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39739] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39740] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39741] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39742] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39743] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39744] = "cpe-stable-backport: Backported in 6.12.43" + +# CVE-2025-39745 needs backporting (fixed from 6.17rc1) + +CVE_STATUS[CVE-2025-39746] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39747] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39748] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39749] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39750] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39751] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39752] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39753] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39754] = "cpe-stable-backport: Backported in 6.12.43" + CVE_STATUS[CVE-2025-39755] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-39756] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39757] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39758] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39759] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39760] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39761] = "cpe-stable-backport: Backported in 6.12.43" + +# CVE-2025-39762 needs backporting (fixed from 6.17rc1) + +CVE_STATUS[CVE-2025-39763] = "cpe-stable-backport: Backported in 6.12.43" + +# CVE-2025-39764 needs backporting (fixed from 6.17rc2) + +CVE_STATUS[CVE-2025-39765] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39766] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39767] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39768] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39769] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-39770] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39771] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39772] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39773] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39774] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-39775] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-39776] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39777] = "fixed-version: only affects 6.16 onwards" + CVE_STATUS[CVE-2025-39778] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2025-39779] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39780] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39781] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39782] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39783] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39784] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-39785] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-39786] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-39787] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39788] = "cpe-stable-backport: Backported in 6.12.44" + +# CVE-2025-39789 needs backporting (fixed from 6.17rc1) + +CVE_STATUS[CVE-2025-39790] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39791] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-39792] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39793] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-39794] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39795] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39796] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-39797] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39798] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-39799] = "fixed-version: only affects 6.17rc1 onwards" + CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-39989] = "cpe-stable-backport: Backported in 6.12.23" @@ -14927,6 +15283,8 @@ CVE_STATUS[CVE-2025-39989] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-40114] = "cpe-stable-backport: Backported in 6.12.23" +# CVE-2025-40300 has no known resolution + # CVE-2025-40325 needs backporting (fixed from 6.15) # CVE-2025-40364 has no known resolution From patchwork Tue Sep 23 14:38:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70802 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2E62CAC5AE for ; Tue, 23 Sep 2025 14:39:13 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web11.18546.1758638347579141690 for ; Tue, 23 Sep 2025 07:39:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Wrt4z/4q; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-b4755f37c3eso5262785a12.3 for ; Tue, 23 Sep 2025 07:39:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638347; x=1759243147; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vYgBk41CcVM3yG65ICYzVBjKHduHbC/DN7LdcJWYLNU=; b=Wrt4z/4qjHPXq9RHBWiO/vQAaA1yWc2f7ryXqDUVczWd7CKokkKy4TXccXzKsQ+w3k i/ZDJkQviARG0L9X68PjEPxpUw0oOqUyw3BeHKr/T1eMvUL+2Cx37nzEBTF+t0eg/NRi qWU6N9AsoZ8gX8IFUu3pKDXPiSk03xf9z36GiDjnUwe/dZCoCdaUblJ1mpW8O7AsFh5G WCnLR4haMlIzozjlRsXnH2ymvGQkF+1v2M5071lJCYIlruCan43Tac7hhwKxTg8+xmir WlktYqZ5isWLAqrNxn+ox2nmTSwY/PgKrHjwZpRpwT81TB36bsxvZXto3O+cesSiVUBG QtVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638347; x=1759243147; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vYgBk41CcVM3yG65ICYzVBjKHduHbC/DN7LdcJWYLNU=; b=eFUidsyGS3tR06+eYH0F5PmaP0c6C1T7gwdP7bGQqvG/IHjGnYgVZdYrClEEv/0lA+ 9W/y9e2CyCVJ/mml3FCIxS9Xu4vfNoQheU8ZZBjAWCf+zF0qWmeJ16grd+ZCVnq/riOn nwEOgCJMYzLIbY6GhiEP6pEkcZusZ8+ZdISuHUKv1iphFEKWjIuAr0Z5/Tn92WhZE3Fi yJATTgEn+BZwJnzIz9C4GPHqjMep+e3tPRj//54w3SDvz1IqpytXhILOf35cxB8DYrre 38AG1r37IBVASp129QlqIUqlP7soXZkLHFOGziAf1rtoNIki08+JDOtKLcfi98g3v/iE W6EQ== X-Gm-Message-State: AOJu0YyFNnjbvz1lczs0ijRvaWdwBR6VFHsdvY/8wQ18ZdXVo0dQy8FA LrkYrZPPC3Jt2Ejb3MBHIpcANIXTy27HKhfdDg1KCQvm1O1gaq97rZ/m/WyMWWZtBeMej9ba8HZ dY5LkggY= X-Gm-Gg: ASbGncvpRTBX+x8ETI/YYfBZ2Vd4mNNKkofT7B2dOyrysmEHdEiFL7BB1xKNEVhfqxs 4g8w1z7ShHuyv07q6Am2hVEGRKshJ2MNf3psBDKoGxDu/HgY05xzUaecNQtV/rCku2pnq+HKJQg QBEZxBJClhRRiJGE6U+5aDSogo+RfTffjB39pNtUWSlXJFV7hg1Dw4q4woNBBJjBDGmx5WjfJ2q dUQPSve3+IwUV3l5OkpQgNLSzwR+KFKW2vAJuMT7Dp2wpwpdHL+9WMe89cZxDHVFjnuSCbmbU9N Jqglmm6QDxTuiDHTJbqINhcPnME9NsCj18RG+VoTMIJbMe4f8j7I58Tl7HKq18H1dezDH3OogOh TAp9b4gcmC3XsDvRy1F2Yixs= X-Google-Smtp-Source: AGHT+IFDYwP/XAPmsw6Jpoj15CoJgtCu0Ea4AQLRHfzMguMd37mhvSmUjLQCEfgd+VkDFCyxkvAq4g== X-Received: by 2002:a17:90b:4cc6:b0:32e:43ae:e7e9 with SMTP id 98e67ed59e1d1-332a95b851cmr4040810a91.17.1758638346675; Tue, 23 Sep 2025 07:39:06 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.39.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:39:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 5/7] sanity.conf: Update minimum bitbake version to 2.12.1 Date: Tue, 23 Sep 2025 07:38:40 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223888 From: Martin Jansa Needed for multiprocessing module in bb used in the next commit. It was added to bitbake in 62be9113d98fccb347c6aa0a10d5c4ee2857f8b6 which was backported to 2.12 branch and tagged as 2.12.1 Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- meta/conf/sanity.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/sanity.conf b/meta/conf/sanity.conf index 6d3911ff94..5d2bedf011 100644 --- a/meta/conf/sanity.conf +++ b/meta/conf/sanity.conf @@ -3,7 +3,7 @@ # See sanity.bbclass # # Expert users can confirm their sanity with "touch conf/sanity.conf" -BB_MIN_VERSION = "2.12.0" +BB_MIN_VERSION = "2.12.1" SANITY_ABIFILE = "${TMPDIR}/abi_version" From patchwork Tue Sep 23 14:38:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C71ABCAC5B3 for ; Tue, 23 Sep 2025 14:39:13 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web11.18548.1758638349157878719 for ; Tue, 23 Sep 2025 07:39:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uXsHQGgl; spf=softfail (domain: sakoman.com, ip: 209.85.216.41, mailfrom: steve@sakoman.com) Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-330b4739538so3680638a91.3 for ; Tue, 23 Sep 2025 07:39:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638348; x=1759243148; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tHeti5SlDca7yna/7HgTC9HKruVzWUcNbz1GbutRaUI=; b=uXsHQGglFEvZjFFo6FA/6e8ET/VaBrui3uLRG9KzSfJz8wIx3LGA/AJ59E28wY5Bsa Af1eEbNojm2hT8DBiJBIJ82FW95EP0sIyxO7ve6lTUrRR7rlxHRIPrfI1Qppz203iuWH FRh4m7pdX07pCQ5PEzuFkvuh+WI0uWQVIAKcljtGZkcF29QAXlZsXw7A7ImLMhInDPDF 0Yb42F7RVnr5Rh7OV4rszv2h0vldOEhp6hk64NJc8LDCr7ADZko/WeIn+Y6WFV+SdzfS pq2XvbOxPPetEiK1Jnan615bgRL3KQ2z0wxEBT4fbBQiRlXL61jX+KdUXoD0MBWwMmYy 0aIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638348; x=1759243148; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tHeti5SlDca7yna/7HgTC9HKruVzWUcNbz1GbutRaUI=; b=IzPMTyqLSFwaj89SAC1u+U+u0I8jCfcDDsh+m7Ukhbz/PrMHPKiQSetmwgI0q+jaTn MqXco3iE/vDcaKkZGF3FsO5EakhSnqP8C0TiwVh7QOZXOYYNaB61PAiQ0O0NFMegPHa7 8W+LVOThzW4EPxKXVOMAY915hIB2Phk2CAY8nZqz2NiZvGlL/J/KXlMMwrmIIFT9pUkO /m7OHpOY+tu43H3YnUioaGajyFxl2y9OoFNx8Co+/X26h3LAr5hTzRYK6JL3pzXx5ww/ 8CIggw2XFfX6thumWxBf228JFrnZ9+IHc0LJiHCSDAnqdVA/9Cm7W4jJqtxwhW+5woIS Ia9Q== X-Gm-Message-State: AOJu0YyuzEkhmFrtELcpJf3/adr92ufqxkYxGa1Kz+EVxEXMNYj/HChQ fdbNr9sMt3eRM5RH3OCd6GBRDFE0hQmTRGdo24MqrJxsihebIO8v+Cl3Lx7UEJj77jPnxllop3I X7OJMyxs= X-Gm-Gg: ASbGncs1dsGJrDoR4L6WCfNEnXESR7IGeybB+U9meVPwh0G94CTBIgdlP7+TEGVQtJU 54u4a5gX0tcUW/pDHM/Jn2iK9wURLaFSAgqppPW7l+4cd+5Mtm44D5Chd1pFVPiVfI6UY4pOJNo 1gQh2kdHUFbDxwMwc7iYfCK5ocAmODF6f48FHU9CzuSixJDtN6+YEZ2DmCjY3M1HRBixoVVn82w oEP30Ky1T1/sx460lWEMf2KDVopEpssz29IPBrPP84rWqNsUh/vq6NvG7uKaHxwKRfQBJT4QwHI kYJKura15vCHQZjDMF7RZn0f9RlSVFgBGHkF8K2dA8HrL3wK8ql2b4U1vs0VGRePxiGotffryIN urM8s3xdXNaOf X-Google-Smtp-Source: AGHT+IEhjP7S2Uwthxn2FeqQjYiMxACHdIDr7HB7cXVEi0oaJAmTnSSEJzlTliaIQcA7Bxz2QsgwcQ== X-Received: by 2002:a17:90b:3ccd:b0:32e:36f4:6fdc with SMTP id 98e67ed59e1d1-332a95146ecmr3550911a91.4.1758638348179; Tue, 23 Sep 2025 07:39:08 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.39.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:39:07 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 6/7] lib/oe/utils: use multiprocessing from bb Date: Tue, 23 Sep 2025 07:38:41 -0700 Message-ID: <8721554e02b4da4bb1aeb334921bc66a9eb80c91.1758638188.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223889 From: Martin Jansa Fixes build with python-3.14 It was added to bitbake in 62be9113d98fccb347c6aa0a10d5c4ee2857f8b6 and oe-core now requires latest bitbake already, so we can use this. [YOCTO #15858] Signed-off-by: Martin Jansa Reviewed-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- meta/lib/oe/utils.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/lib/oe/utils.py b/meta/lib/oe/utils.py index d272dd2b8d..2137b05df0 100644 --- a/meta/lib/oe/utils.py +++ b/meta/lib/oe/utils.py @@ -5,10 +5,11 @@ # import subprocess -import multiprocessing import traceback import errno +from bb import multiprocessing + def read_file(filename): try: f = open( filename, "r" ) From patchwork Tue Sep 23 14:38:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 70804 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D00D3CAC5B1 for ; Tue, 23 Sep 2025 14:39:13 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web11.18550.1758638350697467912 for ; Tue, 23 Sep 2025 07:39:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Ycr+mAY1; spf=softfail (domain: sakoman.com, ip: 209.85.215.173, mailfrom: steve@sakoman.com) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-b5515eaefceso4273422a12.2 for ; Tue, 23 Sep 2025 07:39:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1758638350; x=1759243150; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Dxyy8MYbl8JhhewFulhSxQ3AHTSEIq8dFcsaGCNmkLo=; b=Ycr+mAY1LALixKpLyg0w/LEUb82oMj9nW1MK6KyaXrFOnsYNS8Q6BBsdkd/Bi3IFz/ npkO+69NzF9mG/8gMpETdI0tFBeLq1tlLi9rwQdoINqHq2Ofc+3OrL7kDGaUT1bVNdoA FwMC2Io6j7E7MoK+dmzMPUGw0oiejWjmF7DWKrlooapvfg3LwAJmih2muKl+8wzm/4vQ C/Ft/vc2UzrpAmiNdHMvUV7B7kgGrbY/WWAOw/An9No+lGlCIU/5qtEKpeeJqqJ9hMg7 1Z6m66FQfhH+ivnAJ4C7Eoll04xDjuDwW5TqgfCd4t7KILD7LscWYFRLuY9vwPrJAUUI LOcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758638350; x=1759243150; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dxyy8MYbl8JhhewFulhSxQ3AHTSEIq8dFcsaGCNmkLo=; b=fR70h2GeUO//nRYxloqRZvvDOGizwejStLRhwricne+/HINnJjMd1HkS5rQN1Vp8l+ wWnjLdosKL2B2yGQ2uSyCuOtSd4LqnljSn7Z+4lfvCQH79ZNaaNnQFTTjHdiP27G9sNf d+eg+g6PR04w14t0had261TUk+ySBCMVDBMuqKtZo7pIhv5ktRfPFCU+0TukWj0cINg4 dSOYNSONay4bdthl9dSbA3o9XFuUYQiwQmYhkCUkFl89RUHwDYLBw6qGRzML7a5c0aBP oRsXGjHWCB1euGUEHho9Ui5F5nxlOQC9cyGBjy8YQck8lQ9EDO0hQ23IKZFQee1qPIYC PUSg== X-Gm-Message-State: AOJu0Yzj+t8TqJwXQEI0x+pIR4RywKkRmomsKNxgwmPLzZR8siQNrU5y Tfqrxzxnyxfj7MDg0WvcjhB50bs9Vqsc6ZSdtdNFp16pTPgtYcc1G4LZILj06VG6UccZBSFov6X xwfdFxsM= X-Gm-Gg: ASbGncvVZgbVmy03WR0wZiaVUTfjvBLloa2ZmRZXzIE/0IL15CM1xoDth9lTQTIRJPC fVTs3R01eInuzm3QmX6LE4kokGFZhpK+aFIArDGL3dlGKDfzFtVwyx7gCyIXdV8hXe+YAKQGl+G q73TK4EyuZL5LMNjxypJxoORKe8H1zN8xxIdT1YLcmudkZ1gb3M1u9vgMTgPEnTCT/RSk8WyU+G FzXhDM3GYzhrKqLrOrPW6lW1g2Wqyk3sgEQUZnyN6X1yEaWN2uM9oqnykJtx10KaT7UYSPRISQE lCgDe0LiOEatvlRKoa5DQi0m6UhfkSLCoSipPdwKVaq88qLLgvySg8YIUZXj3+VdBDPpcPWcxng 6ewHk1Dzklv4Z X-Google-Smtp-Source: AGHT+IGRV4Jh9/EJgjsGRzpFHGVVT0bVZYC1qbTihGtcqoyKSVvfoBAp4pomV+cC14cxuZNY8HrUvQ== X-Received: by 2002:a17:90b:28cb:b0:332:84c1:31de with SMTP id 98e67ed59e1d1-332a96fdd2amr3065585a91.25.1758638349844; Tue, 23 Sep 2025 07:39:09 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3f58:7e15:309f:29c]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b55100df86bsm13428368a12.23.2025.09.23.07.39.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Sep 2025 07:39:09 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 7/7] python3-setuptools: restore build_scripts.executable support Date: Tue, 23 Sep 2025 07:38:42 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Sep 2025 14:39:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223890 From: Yi Zhao We encountered an issue when running python scripts provided by python3-fail2ban. The shebang '#!/usr/bin/env python3' was replaced by '#!python', which caused these scripts to fail to run. For example: $ head -n 1 /usr/bin/fail2ban-testcases #!python $ /usr/bin/fail2ban-testcases -sh: /usr/bin/fail2ban-testcases: cannot execute: required file not found This issue was introduced by commit[1] in python3-setuptools 75.3.2. See the upstream issue report[2] for more information. Backport patches from [3] to fix this issue. [1] https://github.com/pypa/setuptools/commit/c71266345c64fd662b5f95bbbc6e4536172f496d [2] https://github.com/pypa/setuptools/issues/4934 [3] https://github.com/pypa/distutils/pull/358 Signed-off-by: Yi Zhao Signed-off-by: Steve Sakoman --- ...l-request-pypa-distutils-332-from-py.patch | 63 +++++++++++++++++++ ...or-special-executable-under-a-Python.patch | 59 +++++++++++++++++ .../python/python3-setuptools_76.0.0.bb | 2 + 3 files changed, 124 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Revert-Merge-pull-request-pypa-distutils-332-from-py.patch create mode 100644 meta/recipes-devtools/python/python3-setuptools/0002-Remove-support-for-special-executable-under-a-Python.patch diff --git a/meta/recipes-devtools/python/python3-setuptools/0001-Revert-Merge-pull-request-pypa-distutils-332-from-py.patch b/meta/recipes-devtools/python/python3-setuptools/0001-Revert-Merge-pull-request-pypa-distutils-332-from-py.patch new file mode 100644 index 0000000000..e3329246b9 --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/0001-Revert-Merge-pull-request-pypa-distutils-332-from-py.patch @@ -0,0 +1,63 @@ +From a8d07038ec4813a743bdc0313556c9b0fd65ba88 Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Fri, 2 May 2025 20:01:23 -0400 +Subject: [PATCH] Revert "Merge pull request pypa/distutils#332 from + pypa/debt/unify-shebang" + +This reverts commit 5589d7527044a75ff681ceb4e1e97641578a0c87, reversing +changes made to 250c300096abbf4147be62a428bd25a98abc487e. + +Closes pypa/setuptools#4934 + +Upstream-Status: Backport +[https://github.com/pypa/setuptools/commit/3f94782c5ede0689cfc216693ddb9a79087d6c91] + +Signed-off-by: Yi Zhao +--- + setuptools/_distutils/command/build_scripts.py | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/setuptools/_distutils/command/build_scripts.py b/setuptools/_distutils/command/build_scripts.py +index 127c51d..3f7aae0 100644 +--- a/setuptools/_distutils/command/build_scripts.py ++++ b/setuptools/_distutils/command/build_scripts.py +@@ -5,6 +5,7 @@ Implements the Distutils 'build_scripts' command.""" + import os + import re + import tokenize ++from distutils import sysconfig + from distutils._log import log + from stat import ST_MODE + from typing import ClassVar +@@ -75,7 +76,7 @@ class build_scripts(Command): + + return outfiles, updated_files + +- def _copy_script(self, script, outfiles, updated_files): ++ def _copy_script(self, script, outfiles, updated_files): # noqa: C901 + shebang_match = None + script = convert_path(script) + outfile = os.path.join(self.build_dir, os.path.basename(script)) +@@ -105,8 +106,18 @@ class build_scripts(Command): + if shebang_match: + log.info("copying and adjusting %s -> %s", script, self.build_dir) + if not self.dry_run: ++ if not sysconfig.python_build: ++ executable = self.executable ++ else: ++ executable = os.path.join( ++ sysconfig.get_config_var("BINDIR"), ++ "python{}{}".format( ++ sysconfig.get_config_var("VERSION"), ++ sysconfig.get_config_var("EXE"), ++ ), ++ ) + post_interp = shebang_match.group(1) or '' +- shebang = f"#!python{post_interp}\n" ++ shebang = "#!" + executable + post_interp + "\n" + self._validate_shebang(shebang, f.encoding) + with open(outfile, "w", encoding=f.encoding) as outf: + outf.write(shebang) +-- +2.34.1 + diff --git a/meta/recipes-devtools/python/python3-setuptools/0002-Remove-support-for-special-executable-under-a-Python.patch b/meta/recipes-devtools/python/python3-setuptools/0002-Remove-support-for-special-executable-under-a-Python.patch new file mode 100644 index 0000000000..ea3fd22331 --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/0002-Remove-support-for-special-executable-under-a-Python.patch @@ -0,0 +1,59 @@ +From 3b2944f3d9f83129500571f9e44fb0779bf0987b Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Fri, 2 May 2025 20:07:13 -0400 +Subject: [PATCH] Remove support for special executable under a Python build. + +As far as I can tell, no one has complained about loss of this functionality. + +Upstream-Status: Backport +[https://github.com/pypa/setuptools/commit/575445c672d78fcce22df1e459b7baf0304a38b9] + +Signed-off-by: Yi Zhao +--- + setuptools/_distutils/command/build_scripts.py | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +diff --git a/setuptools/_distutils/command/build_scripts.py b/setuptools/_distutils/command/build_scripts.py +index 3f7aae0..b86ee6e 100644 +--- a/setuptools/_distutils/command/build_scripts.py ++++ b/setuptools/_distutils/command/build_scripts.py +@@ -5,7 +5,6 @@ Implements the Distutils 'build_scripts' command.""" + import os + import re + import tokenize +-from distutils import sysconfig + from distutils._log import log + from stat import ST_MODE + from typing import ClassVar +@@ -76,7 +75,7 @@ class build_scripts(Command): + + return outfiles, updated_files + +- def _copy_script(self, script, outfiles, updated_files): # noqa: C901 ++ def _copy_script(self, script, outfiles, updated_files): + shebang_match = None + script = convert_path(script) + outfile = os.path.join(self.build_dir, os.path.basename(script)) +@@ -106,18 +105,8 @@ class build_scripts(Command): + if shebang_match: + log.info("copying and adjusting %s -> %s", script, self.build_dir) + if not self.dry_run: +- if not sysconfig.python_build: +- executable = self.executable +- else: +- executable = os.path.join( +- sysconfig.get_config_var("BINDIR"), +- "python{}{}".format( +- sysconfig.get_config_var("VERSION"), +- sysconfig.get_config_var("EXE"), +- ), +- ) + post_interp = shebang_match.group(1) or '' +- shebang = "#!" + executable + post_interp + "\n" ++ shebang = "#!" + self.executable + post_interp + "\n" + self._validate_shebang(shebang, f.encoding) + with open(outfile, "w", encoding=f.encoding) as outf: + outf.write(shebang) +-- +2.34.1 + diff --git a/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb b/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb index 91d8fdd73b..9f330ec54e 100644 --- a/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb +++ b/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb @@ -14,6 +14,8 @@ SRC_URI += " \ file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \ file://CVE-2025-47273-pre1.patch \ file://CVE-2025-47273.patch \ + file://0001-Revert-Merge-pull-request-pypa-distutils-332-from-py.patch \ + file://0002-Remove-support-for-special-executable-under-a-Python.patch \ " SRC_URI[sha256sum] = "43b4ee60e10b0d0ee98ad11918e114c70701bc6051662a9a675a0496c1a158f4"