From patchwork Tue Feb 24 14:23:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81701 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 712F6E9B26E for ; Tue, 24 Feb 2026 14:25:00 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21452.1771943096190039372 for ; Tue, 24 Feb 2026 06:24:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=pT6MIW8h; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4834826e5a0so69461115e9.2 for ; Tue, 24 Feb 2026 06:24:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943094; x=1772547894; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=N5uhNdz2R/BMnvPC/Njsx5S+BcAE0fT/iv8NbaMvmlM=; b=pT6MIW8hev1u95KBl+cVCZqioNecF7qnANHyw13A3XyUcwJ1vN9YTKRyWtUp7biijW WxCGOiYgxBxh0NN3KIFEPBMjekRJRbTgrc9uEP2KmMw6U7o5NV80TpHzf3I7dASsrgtA ivHTmVJYWfSClcDq/UzxShf2HdYD0LW7COFRs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943094; x=1772547894; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=N5uhNdz2R/BMnvPC/Njsx5S+BcAE0fT/iv8NbaMvmlM=; b=TPQ9pIcPx8BmhOtcndAP2XNewy/pIwj9hM6Z5bY70NyKKzk170pShskXV0WePRiAgr +Hjun2dFo+HKaZO8fOkO4eLR5rZb6crcxjEjnAypzfcmLyH4HaCIRqt/z4qZriDngC5Q zSg928jc9CMG4AmSTjzsBlepAIi0lk6moj7MiUcRXUzDinKcNGqG7JcUlErePBFVTkxw xsVwv38hd7alcLnyobCD/GbEoNphi+niErAUHVRT85/fi4VLL9ZdV1lGuMu2hH+XIe1b SnKT4IQJ50TYPGKRDT+Cliv34Q2PLKnRtK4pZk1sdKiaeBQvX+DVnpiyTud9QTen5/NE YJ9A== X-Gm-Message-State: AOJu0YxMpgTwVwUdziq6Dxjt7ZFuYnJcQ9lk2ULnGmzucAATInx6KaAv bMWptxSt5ZpkPpsmpVpfVn+kWo62sncjBw2WwCCHpyVKlxJH+ghjIP8m0G/G3im0zdDLrnjHR2I jvVEA X-Gm-Gg: AZuq6aIJZ6MNIGZrJlrq3wihfS5CQHkwDdTu4wkyXFCR+vLL/VHsgfcjhGtPGmX8Opi 0JwN3/sig/ShJc0y/133dsfI0Sm9jwWbkDGnciuNSc/W7gSZaIishSC2fYUf0MSx5pvObXfhqgz F1uhasa1uncIIJevFElpLzZ41yd1N7EglLByzommJiQn+5ds4XPHriI+nvCuJBsXHzAdJ+ouC5t 0ITDJPTpsmMmTf97Z+133ZrjDHydUUr/H7om0Unsu0y4uAaVIR65b3pdYQXUOhDz5Z1AiBHpJuT 8Lt1RTobhs9xIM23wpjfqh39tpDk26qzmOuzn0iyBUBZJO6FGH8cLoXsxWfJjlQP8wTl0PTckL5 +6AvnRkuzJmhwvVHFWZhE0G+8HzsnsDSiXEVzDzTiFYfmPnLu22ATFAkcOCbzOVzS0c/0HstdL6 R477ImWeXWWSQFVrJVUl+IGtZsKBe8NHwixdPVdocxTvqN/DNsAbDWz4jviendormLQksKabScl IiX0P7Mm59vYhChcZZGtnkygnz1LEmq6A== X-Received: by 2002:a05:600c:8b31:b0:45d:d8d6:7fcc with SMTP id 5b1f17b1804b1-483a95f5911mr211773065e9.27.1771943094312; Tue, 24 Feb 2026 06:24:54 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:54 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/38] zlib: ignore CVE-2026-22184 Date: Tue, 24 Feb 2026 15:23:53 +0100 Message-ID: <00eae842fe2989d5f72917e48ef748dfee93d57a.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231767 From: Peter Marko This is CVE for example tool contrib/untgz. This is not compiled in Yocto zlib recipe. This CVE has controversial CVSS3 score of 9.8. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-core/zlib/zlib_1.2.11.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index dc8f7c6c855..8dd0a90b523 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -58,3 +58,5 @@ BBCLASSEXTEND = "native nativesdk" # this CVE is for cloudflare zlib CVE_CHECK_IGNORE += "CVE-2023-6992" +# vulnerable file is not compiled +CVE_CHECK_IGNORE += "CVE-2026-22184" From patchwork Tue Feb 24 14:23:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 901D3E9B275 for ; Tue, 24 Feb 2026 14:25:00 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21454.1771943096929399950 for ; Tue, 24 Feb 2026 06:24:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=OsDxPkgJ; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-483abed83b6so22336095e9.0 for ; Tue, 24 Feb 2026 06:24:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943095; x=1772547895; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2QW1horoQlQsVVx9PW2ZQFt045kErxxOCLH1pyqtx70=; b=OsDxPkgJsdUDf2ZKaWoHYT+hTXf96j5nTXMRd8Y3N6jgTv1fJK6pwtyV2ncmoIOcYj 3c8TwvbnJkZxbQIddL+IH0lRi9HSFBM5nwGFxAmQmQGUioJEvnzep+KqoTdh8pXuV/So USTAauAB8y6JjEw7dkf9Mihohlvsq13W/ntts= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943095; x=1772547895; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2QW1horoQlQsVVx9PW2ZQFt045kErxxOCLH1pyqtx70=; b=t12Nu/vkank0CgGpNKmr319s2XkGEj7V4BpK6nvOBXhWBpS3e+/VaPJs1Z08NO69Z8 TXJYDjBJTQye3y7bDJQVlI+pNtSs6QpLeTcMaFDXV5vtdhnxspY+bVRegplBJ5xIpD2M qhKfhM7OjggPjVGjlVY3al2WG5rpxXnsdpTZl8wQ8wLRugX/uKatcyFS12DbODIHkM6O LZoNMB8sDSDf2crpj7HSExULRrdWraOmF3N/w/PZr9epPio8GCjFGnfNq5vqOLSLik0w NJoyTnEdJkET4VegcS2cMRy+EeHhumejs62RFsPIVspog4+O0mVyWxEyikPsUAbAldG0 AarA== X-Gm-Message-State: AOJu0YzUHWlO6jh+uYbCU3M4T4i5g0b+anm8I2oDYxULsHg8Pr5ejAt/ QRqrTZ2OFKCPo5zS1ldPktd+x05QrxwhwjvarpdG07XzOs8U70jfIlrBsnRD0k/qcMPjn2ohfF/ AEYOS X-Gm-Gg: AZuq6aIl4NKJunlUxX4tmAW9bKtE0zBfWVvK8TTG0mmo6UiVmqJBLKftU1cFrLCL/V/ Rtq4ibJxIvdoQV0+tJzy7PDCHr2HiA77H4m8hDasScQ3PrlROtRFHbFDvxd+TLjJU6cQgg/8Gu4 mDhGNm+hOc77eVm6Th1CqaKaI02s8VH8tIOvwNS/G0cTFrN6EDI9EXR9rcFlTmOeOaJqWPgy9cs Rr2YkRkRyIEv7CQLPqzHfHhU862jJiJ4xyAC8curYoqE5Apckk95LtSow9g7HpoUeyGdf2RRc7p ICv3gIznGj9nAS9Ik66Iy5YfeSr69SXfYZIZwHD0b767IDgqy/D4N9zeeRJkxFH3mx0educoSo0 AfsY0ENDkiH3U1dyhCLYpG6OTIRi8Ws8gZXiTApddSI9fHhURUaLzFBEX25FX5Cpq68DVHv1YmN uMKkm3T4rkdtrKG8kBaSrZ9S5adg6248yGupbDSqnOPjFpsxekyQ5V+bWU6JOB1BO9WJtlwYlxq bhKc7QoSPDC/bl4UlebsyirHQcQ3FzOqg== X-Received: by 2002:a05:600c:314a:b0:47e:e2eb:bc22 with SMTP id 5b1f17b1804b1-483a95b3e62mr222037135e9.5.1771943094825; Tue, 24 Feb 2026 06:24:54 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:54 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/38] python3: patch CVE-2025-13837 Date: Tue, 24 Feb 2026 15:23:54 +0100 Message-ID: <35018edf45326cb3b83e567e6673e1ec24f2c439.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231768 From: Peter Marko Pick patch from 3.12 branch per NVD report. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../python/python3/CVE-2025-13837.patch | 162 ++++++++++++++++++ .../python/python3_3.10.19.bb | 1 + 2 files changed, 163 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13837.patch b/meta/recipes-devtools/python/python3/CVE-2025-13837.patch new file mode 100644 index 00000000000..36bf75792bb --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2025-13837.patch @@ -0,0 +1,162 @@ +From 5a8b19677d818fb41ee55f310233772e15aa1a2b Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Mon, 22 Dec 2025 15:49:44 +0200 +Subject: [PATCH] [3.12] gh-119342: Fix a potential denial of service in + plistlib (GH-119343) (#142149) + +Reading a specially prepared small Plist file could cause OOM because file's +read(n) preallocates a bytes object for reading the specified amount of +data. Now plistlib reads large data by chunks, therefore the upper limit of +consumed memory is proportional to the size of the input file. +(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70) + +CVE: CVE-2025-13837 +Upstream-Status: Backport [https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b] +Signed-off-by: Peter Marko +--- + Lib/plistlib.py | 31 ++++++++++------ + Lib/test/test_plistlib.py | 37 +++++++++++++++++-- + ...-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst | 5 +++ + 3 files changed, 59 insertions(+), 14 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst + +diff --git a/Lib/plistlib.py b/Lib/plistlib.py +index 3292c30d5f..c5554ea1f7 100644 +--- a/Lib/plistlib.py ++++ b/Lib/plistlib.py +@@ -73,6 +73,9 @@ from xml.parsers.expat import ParserCreate + PlistFormat = enum.Enum('PlistFormat', 'FMT_XML FMT_BINARY', module=__name__) + globals().update(PlistFormat.__members__) + ++# Data larger than this will be read in chunks, to prevent extreme ++# overallocation. ++_MIN_READ_BUF_SIZE = 1 << 20 + + class UID: + def __init__(self, data): +@@ -499,12 +502,24 @@ class _BinaryPlistParser: + + return tokenL + ++ def _read(self, size): ++ cursize = min(size, _MIN_READ_BUF_SIZE) ++ data = self._fp.read(cursize) ++ while True: ++ if len(data) != cursize: ++ raise InvalidFileException ++ if cursize == size: ++ return data ++ delta = min(cursize, size - cursize) ++ data += self._fp.read(delta) ++ cursize += delta ++ + def _read_ints(self, n, size): +- data = self._fp.read(size * n) ++ data = self._read(size * n) + if size in _BINARY_FORMAT: + return struct.unpack(f'>{n}{_BINARY_FORMAT[size]}', data) + else: +- if not size or len(data) != size * n: ++ if not size: + raise InvalidFileException() + return tuple(int.from_bytes(data[i: i + size], 'big') + for i in range(0, size * n, size)) +@@ -561,22 +576,16 @@ class _BinaryPlistParser: + + elif tokenH == 0x40: # data + s = self._get_size(tokenL) +- result = self._fp.read(s) +- if len(result) != s: +- raise InvalidFileException() ++ result = self._read(s) + + elif tokenH == 0x50: # ascii string + s = self._get_size(tokenL) +- data = self._fp.read(s) +- if len(data) != s: +- raise InvalidFileException() ++ data = self._read(s) + result = data.decode('ascii') + + elif tokenH == 0x60: # unicode string + s = self._get_size(tokenL) * 2 +- data = self._fp.read(s) +- if len(data) != s: +- raise InvalidFileException() ++ data = self._read(s) + result = data.decode('utf-16be') + + elif tokenH == 0x80: # UID +diff --git a/Lib/test/test_plistlib.py b/Lib/test/test_plistlib.py +index fa46050658..229a5a242e 100644 +--- a/Lib/test/test_plistlib.py ++++ b/Lib/test/test_plistlib.py +@@ -838,8 +838,7 @@ class TestPlistlib(unittest.TestCase): + + class TestBinaryPlistlib(unittest.TestCase): + +- @staticmethod +- def decode(*objects, offset_size=1, ref_size=1): ++ def build(self, *objects, offset_size=1, ref_size=1): + data = [b'bplist00'] + offset = 8 + offsets = [] +@@ -851,7 +850,11 @@ class TestBinaryPlistlib(unittest.TestCase): + len(objects), 0, offset) + data.extend(offsets) + data.append(tail) +- return plistlib.loads(b''.join(data), fmt=plistlib.FMT_BINARY) ++ return b''.join(data) ++ ++ def decode(self, *objects, offset_size=1, ref_size=1): ++ data = self.build(*objects, offset_size=offset_size, ref_size=ref_size) ++ return plistlib.loads(data, fmt=plistlib.FMT_BINARY) + + def test_nonstandard_refs_size(self): + # Issue #21538: Refs and offsets are 24-bit integers +@@ -959,6 +962,34 @@ class TestBinaryPlistlib(unittest.TestCase): + with self.assertRaises(plistlib.InvalidFileException): + plistlib.loads(b'bplist00' + data, fmt=plistlib.FMT_BINARY) + ++ def test_truncated_large_data(self): ++ self.addCleanup(os_helper.unlink, os_helper.TESTFN) ++ def check(data): ++ with open(os_helper.TESTFN, 'wb') as f: ++ f.write(data) ++ # buffered file ++ with open(os_helper.TESTFN, 'rb') as f: ++ with self.assertRaises(plistlib.InvalidFileException): ++ plistlib.load(f, fmt=plistlib.FMT_BINARY) ++ # unbuffered file ++ with open(os_helper.TESTFN, 'rb', buffering=0) as f: ++ with self.assertRaises(plistlib.InvalidFileException): ++ plistlib.load(f, fmt=plistlib.FMT_BINARY) ++ for w in range(20, 64): ++ s = 1 << w ++ # data ++ check(self.build(b'\x4f\x13' + s.to_bytes(8, 'big'))) ++ # ascii string ++ check(self.build(b'\x5f\x13' + s.to_bytes(8, 'big'))) ++ # unicode string ++ check(self.build(b'\x6f\x13' + s.to_bytes(8, 'big'))) ++ # array ++ check(self.build(b'\xaf\x13' + s.to_bytes(8, 'big'))) ++ # dict ++ check(self.build(b'\xdf\x13' + s.to_bytes(8, 'big'))) ++ # number of objects ++ check(b'bplist00' + struct.pack('>6xBBQQQ', 1, 1, s, 0, 8)) ++ + + class TestKeyedArchive(unittest.TestCase): + def test_keyed_archive_data(self): +diff --git a/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst +new file mode 100644 +index 0000000000..04fd8faca4 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst +@@ -0,0 +1,5 @@ ++Fix a potential memory denial of service in the :mod:`plistlib` module. ++When reading a Plist file received from untrusted source, it could cause ++an arbitrary amount of memory to be allocated. ++This could have led to symptoms including a :exc:`MemoryError`, swapping, out ++of memory (OOM) killed processes or containers, or even system crashes. diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.19.bb index 5140445ad81..b87fc8d9ef2 100644 --- a/meta/recipes-devtools/python/python3_3.10.19.bb +++ b/meta/recipes-devtools/python/python3_3.10.19.bb @@ -39,6 +39,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \ file://CVE-2025-6075.patch \ file://CVE-2025-13836.patch \ + file://CVE-2025-13837.patch \ " SRC_URI:append:class-native = " \ From patchwork Tue Feb 24 14:23:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A582EE9B274 for ; Tue, 24 Feb 2026 14:25:00 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21455.1771943097616125471 for ; Tue, 24 Feb 2026 06:24:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=E58lt8/9; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-48069a48629so57322955e9.0 for ; Tue, 24 Feb 2026 06:24:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943096; x=1772547896; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aULEJNVx1UcLOv9QlsKVmE6bQ5h6cr0P69CH+0DQBbk=; b=E58lt8/9HRyyhXEURxt89ewUbyayKpMEdRy3lok22OWcsk/OkirchDJq2l27OvXemL Ms5kBFEr4bYBSNyYX/QUyfzsSqGpY8Vra/AGsZSep8sj+Mvm68oDti0RdEke74AJ/9Qe 3ER2DIv29UacHLPfdIYaD0RQBgbwsXkBwWxfE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943096; x=1772547896; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aULEJNVx1UcLOv9QlsKVmE6bQ5h6cr0P69CH+0DQBbk=; b=na6mQZV4EdubNqpWbf0Yt1dnDart7YemDGgnQvIIihSHiHa5ujIP/8IhM9EpKOB8fk nXsmv4mnE0zjI6zZ3X2Ej+tpWp0ADY4yhaPMzliXfB870ntvE4CNq0OZGykHyqk/qoit 2F0+e0nJF8yQoVjfsGAXYYAgONRgByhq5Vpq/mQMHIX4+MseZzqb6PFBNqoeyptWydGH ZHmWUuBGg5X+rU7LNkjpGjP1fTuan52SuH7g5F0iUDUNXqEqA3ii1wE5jNdrto5lLd9u CsfB1oYLn+wW0JzKICYrKrycIhISKQ3xouiBGd7VWeqccvzbpTavP+s0CX/eDp6cxAW+ ZOKQ== X-Gm-Message-State: AOJu0YzYSvFXkIM3UKk2yY46xM9Gcv0Iy1wZOmkCeW0rTxOyTxzZNst6 bH0omrwDokxqZ6gkOwanQh8sLJp+NoZ+6vdQTWz7R/JhtwsTM6xlrMs75WxyYtQawsVe3m/gpej bOym0 X-Gm-Gg: AZuq6aJU+wxxS6GB6L4E98VDuUUxzuoEqxJ7gv7SPlZWOEv72ScQbFAKisrSpo9eeSj wQuoxvnStwoLZLSzz8uuXs2moeIhiTb2CoQFiOhFQ0upee5wh4t90DDV6ctdaRf5oXCq4WzMJT3 u7VVPl+4wEMcaRe4yv9rxboEmOoTlg1e53+FeMZpdAyGTHPz9+zNQ1jTftl9gURe0pOp/F8hD2I laSUiyU6gKcgY586rOch3NVz+EOUdN816lPL6wn7SUBygkeP019pDMbBLLyx9NWLQ8/ARUtpOL8 gQYWW4WCQEeuuN/DRfQZ3/7dfsaEd1RezETobtf47J3N4hDjbI95KpVxjEKvxddzglsTDFPuvts VIkWdvIRuA6Yzfc6Ivgu31d4OhJJZR9tyj+RZFANQW30PBO7QLetl6D+npjKbrbcJtPMPVMklBV pr7F8vbXLfkxcaiQq5rONRyJw+6WxA7aZPyCL2z23Qef+AbGfPDEvVQV/ZorbcKyiSNBeZ4fTDE D3NHAkCDG9zRG1AxjlhCytr0fHM0cQZ6Q== X-Received: by 2002:a05:600c:6305:b0:483:8062:b43 with SMTP id 5b1f17b1804b1-483a95e1eb4mr196054565e9.19.1771943095551; Tue, 24 Feb 2026 06:24:55 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:55 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/38] python3: patch CVE-2025-12084 Date: Tue, 24 Feb 2026 15:23:55 +0100 Message-ID: <350b16181eb82b2ad21569afbb2effc33f66ae06.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231769 From: Peter Marko Pick patch for this CVE merged into 3.10 branch. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../python/python3/CVE-2025-12084.patch | 171 ++++++++++++++++++ .../python/python3_3.10.19.bb | 1 + 2 files changed, 172 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch diff --git a/meta/recipes-devtools/python/python3/CVE-2025-12084.patch b/meta/recipes-devtools/python/python3/CVE-2025-12084.patch new file mode 100644 index 00000000000..0c9bb435edf --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2025-12084.patch @@ -0,0 +1,171 @@ +From c97e87593063d84a2bd9fe7068b30eb44de23dc0 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Sun, 25 Jan 2026 18:10:49 +0100 +Subject: [PATCH] [3.10] gh-142145: Remove quadratic behavior in node ID cache + clearing (GH-142146) (#142213) + +* gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146) + +* Remove quadratic behavior in node ID cache clearing + +Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> + +* Add news fragment + +CVE: CVE-2025-12084 +Upstream-Status: Backport [https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0] +Signed-off-by: Peter Marko +--------- +(cherry picked from commit 08d8e18ad81cd45bc4a27d6da478b51ea49486e4) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> + +* [3.14] gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794) (#142818) + +gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794) +(cherry picked from commit 1cc7551b3f9f71efbc88d96dce90f82de98b2454) + +Co-authored-by: Petr Viktorin +Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> + +* gh-142145: relax the no-longer-quadratic test timing (GH-143030) + +* gh-142145: relax the no-longer-quadratic test timing + +* require cpu resource +(cherry picked from commit 8d2d7bb2e754f8649a68ce4116271a4932f76907) + +Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> + +* merge NEWS entries into one + +--------- + +Co-authored-by: Seth Michael Larson +Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com> +Co-authored-by: Petr Viktorin +Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> +Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> +Co-authored-by: Gregory P. Smith +--- + Lib/test/test_minidom.py | 33 ++++++++++++++++++- + Lib/xml/dom/minidom.py | 11 ++----- + ...-12-01-09-36-45.gh-issue-142145.tcAUhg.rst | 6 ++++ + 3 files changed, 41 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst + +diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py +index ef38c36210..c68bd990f7 100644 +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -2,6 +2,7 @@ + + import copy + import pickle ++import time + import io + from test import support + import unittest +@@ -9,7 +10,7 @@ import unittest + import pyexpat + import xml.dom.minidom + +-from xml.dom.minidom import parse, Attr, Node, Document, parseString ++from xml.dom.minidom import parse, Attr, Node, Document, Element, parseString + from xml.dom.minidom import getDOMImplementation + from xml.parsers.expat import ExpatError + +@@ -177,6 +178,36 @@ class MinidomTest(unittest.TestCase): + self.confirm(dom.documentElement.childNodes[-1].data == "Hello") + dom.unlink() + ++ @support.requires_resource('cpu') ++ def testAppendChildNoQuadraticComplexity(self): ++ impl = getDOMImplementation() ++ ++ newdoc = impl.createDocument(None, "some_tag", None) ++ top_element = newdoc.documentElement ++ children = [newdoc.createElement(f"child-{i}") for i in range(1, 2 ** 15 + 1)] ++ element = top_element ++ ++ start = time.monotonic() ++ for child in children: ++ element.appendChild(child) ++ element = child ++ end = time.monotonic() ++ ++ # This example used to take at least 30 seconds. ++ # Conservative assertion due to the wide variety of systems and ++ # build configs timing based tests wind up run under. ++ # A --with-address-sanitizer --with-pydebug build on a rpi5 still ++ # completes this loop in <0.5 seconds. ++ self.assertLess(end - start, 4) ++ ++ def testSetAttributeNodeWithoutOwnerDocument(self): ++ # regression test for gh-142754 ++ elem = Element("test") ++ attr = Attr("id") ++ attr.value = "test-id" ++ elem.setAttributeNode(attr) ++ self.assertEqual(elem.getAttribute("id"), "test-id") ++ + def testAppendChildFragment(self): + dom, orig, c1, c2, c3, frag = self._create_fragment_test_nodes() + dom.documentElement.appendChild(frag) +diff --git a/Lib/xml/dom/minidom.py b/Lib/xml/dom/minidom.py +index ef8a159833..cada981f39 100644 +--- a/Lib/xml/dom/minidom.py ++++ b/Lib/xml/dom/minidom.py +@@ -292,13 +292,6 @@ def _append_child(self, node): + childNodes.append(node) + node.parentNode = self + +-def _in_document(node): +- # return True iff node is part of a document tree +- while node is not None: +- if node.nodeType == Node.DOCUMENT_NODE: +- return True +- node = node.parentNode +- return False + + def _write_data(writer, data): + "Writes datachars to writer." +@@ -355,6 +348,7 @@ class Attr(Node): + def __init__(self, qName, namespaceURI=EMPTY_NAMESPACE, localName=None, + prefix=None): + self.ownerElement = None ++ self.ownerDocument = None + self._name = qName + self.namespaceURI = namespaceURI + self._prefix = prefix +@@ -680,6 +674,7 @@ class Element(Node): + + def __init__(self, tagName, namespaceURI=EMPTY_NAMESPACE, prefix=None, + localName=None): ++ self.ownerDocument = None + self.parentNode = None + self.tagName = self.nodeName = tagName + self.prefix = prefix +@@ -1539,7 +1534,7 @@ def _clear_id_cache(node): + if node.nodeType == Node.DOCUMENT_NODE: + node._id_cache.clear() + node._id_search_stack = None +- elif _in_document(node): ++ elif node.ownerDocument: + node.ownerDocument._id_cache.clear() + node.ownerDocument._id_search_stack= None + +diff --git a/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst +new file mode 100644 +index 0000000000..05c7df35d1 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst +@@ -0,0 +1,6 @@ ++Remove quadratic behavior in ``xml.minidom`` node ID cache clearing. In order ++to do this without breaking existing users, we also add the *ownerDocument* ++attribute to :mod:`xml.dom.minidom` elements and attributes created by directly ++instantiating the ``Element`` or ``Attr`` class. Note that this way of creating ++nodes is not supported; creator functions like ++:py:meth:`xml.dom.Document.documentElement` should be used instead. diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.19.bb index b87fc8d9ef2..fbb2f80886b 100644 --- a/meta/recipes-devtools/python/python3_3.10.19.bb +++ b/meta/recipes-devtools/python/python3_3.10.19.bb @@ -40,6 +40,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://CVE-2025-6075.patch \ file://CVE-2025-13836.patch \ file://CVE-2025-13837.patch \ + file://CVE-2025-12084.patch \ " SRC_URI:append:class-native = " \ From patchwork Tue Feb 24 14:23:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81703 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 814A3E9B270 for ; Tue, 24 Feb 2026 14:25:00 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21456.1771943098159467622 for ; Tue, 24 Feb 2026 06:24:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=e7V9M3Ud; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4838c15e3cbso48933405e9.3 for ; Tue, 24 Feb 2026 06:24:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943096; x=1772547896; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Bf64QealnwzKpf2UA1Wfvd2J2ybR82DT3fEOxtU+JAM=; b=e7V9M3UdAlf3GnD/CENDpECbS14mWR3nze9Lu72g86tPaNtzmpzo36Cuz3V9I7rJd6 ftrWMrBdrMmJ6nbOynZQxJi1TYUkKjnpx6aY3VuZt1Z56L67oXXH4BVFNv6wLrE2mIM2 fn06IH14sV9zpu4GNMg/gjjOLcUDMM6QMShW4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943096; x=1772547896; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Bf64QealnwzKpf2UA1Wfvd2J2ybR82DT3fEOxtU+JAM=; b=ioYnclmSNi2n7iRse4ikiVS7YlKUGGS4Kjz1d2QbvoX7maKn9isI5NJKXCdUA3o94v nL9GLqEDqdl1N97hQPsd17powBBPQBQY67bHGrkVsL3eQ8IUqMcZmTrVzwCiuxR9Sf7b pYA/8rrSZNUZSlRuu5NnJ6ihEMgvx9SC9VnPxDE065QjLW/8Lfi/mos5SpEKrq/65liU HtnQYqSFVpsn7SHJ+mLLYfS+gxKhYwurrLXpD3MCu30+JUj+NQY2DSMLsUd7rR60WbqB gc8TLN7XfBSjeJzq9UANjmZs9R2XEXRd3L46vous02ubEWEqCGJWg6CBfGb/XG39qO08 t1CQ== X-Gm-Message-State: AOJu0Yz7HkSryukpXuHuDpuPbx3E4iJDKZqwGHsc6Vc5VDaiVaJta2AS Vkcjjh1i1gfo7oUFe0iQKl/Fd58tns8VtmnXUOQHxbPST1fKipVhiW6SmJLlaUUth25rRWtSMVM I3jWG X-Gm-Gg: AZuq6aK6EycOJ2dzWBNpa5vWzZ4R4jG7I5XdVCQT8eluaPXJo3HzB1kBDmEk0wVt41J YbOMJm1VIavtuLfOCFt6zT3Wo09uJuGUhV1+Nndb37LJmTa5iRXO2DN0VLcuL+u8LVcuqn0O7iq i+AbLiJtfU5pkS7iHv/FSPIeQCcAR780JSvXJV/dIGNRwKcDAhLvDQaedDt0gX3ZQAen5r/yPFQ k5fKlNKfwyZIbZpszlVfU3kkGhKnJ0KlZMJAG/EOHz7xm5AR26KXtGUEuPNOaML9shf4pdjS4ak QOtPuY8OU5MBimV97mVQLt/te3g5nGZXx899RRDMoi+GS/hJg9xrdLQhe/qFSKIK3SClB0nvaYG gH/5AbSR9SnjVV5Iire0Jo72GBCmuer6JSr71aotLkaq4Zb0eB2v2l3dYHKgOr1XrXkNHUhVnea CeiaeS1IyUM9VkP5HIH6X4iutPEm4eisly4+MVzjPDRTVAINqTQSnHfeE0sIO/ZcjrXMhq6q5/4 rdktItLBUNSP1xMe6lf6BrGtZgXPAQlCg== X-Received: by 2002:a05:600c:820a:b0:483:709e:f22d with SMTP id 5b1f17b1804b1-483a96379c1mr213094515e9.27.1771943096250; Tue, 24 Feb 2026 06:24:56 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:55 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/38] libxml2: patch CVE-2026-0990 Date: Tue, 24 Feb 2026 15:23:56 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231770 From: Peter Marko Pick patch which closed [1]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libxml/libxml2/CVE-2026-0990.patch | 76 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 + 2 files changed, 77 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch new file mode 100644 index 00000000000..e0c1e3c7076 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch @@ -0,0 +1,76 @@ +From 1961208e958ca22f80a0b4e4c9d71cfa050aa982 Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Wed, 17 Dec 2025 15:24:08 +0100 +Subject: [PATCH] catalog: prevent inf recursion in xmlCatalogXMLResolveURI + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 + +CVE: CVE-2026-0989 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982] +Signed-off-by: Peter Marko +--- + catalog.c | 31 +++++++++++++++++++++++-------- + 1 file changed, 23 insertions(+), 8 deletions(-) + +diff --git a/catalog.c b/catalog.c +index 76c063a8..46b877e6 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -2099,12 +2099,21 @@ static xmlChar * + xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { + xmlChar *ret = NULL; + xmlChar *urnID = NULL; ++ xmlCatalogEntryPtr cur = NULL; + + if (catal == NULL) + return(NULL); + if (URI == NULL) + return(NULL); + ++ if (catal->depth > MAX_CATAL_DEPTH) { ++ xmlCatalogErr(catal, NULL, XML_CATALOG_RECURSION, ++ "Detected recursion in catalog %s\n", ++ catal->name, NULL, NULL); ++ return(NULL); ++ } ++ catal->depth++; ++ + if (!xmlStrncmp(URI, BAD_CAST XML_URN_PUBID, sizeof(XML_URN_PUBID) - 1)) { + urnID = xmlCatalogUnWrapURN(URI); + if (xmlDebugCatalogs) { +@@ -2118,21 +2127,27 @@ xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { + ret = xmlCatalogListXMLResolve(catal, urnID, NULL); + if (urnID != NULL) + xmlFree(urnID); ++ catal->depth--; + return(ret); + } +- while (catal != NULL) { +- if (catal->type == XML_CATA_CATALOG) { +- if (catal->children == NULL) { +- xmlFetchXMLCatalogFile(catal); ++ cur = catal; ++ while (cur != NULL) { ++ if (cur->type == XML_CATA_CATALOG) { ++ if (cur->children == NULL) { ++ xmlFetchXMLCatalogFile(cur); + } +- if (catal->children != NULL) { +- ret = xmlCatalogXMLResolveURI(catal->children, URI); +- if (ret != NULL) ++ if (cur->children != NULL) { ++ ret = xmlCatalogXMLResolveURI(cur->children, URI); ++ if (ret != NULL) { ++ catal->depth--; + return(ret); ++ } + } + } +- catal = catal->next; ++ cur = cur->next; + } ++ ++ catal->depth--; + return(ret); + } + diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 05a7dce95b4..a72aff6c83d 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -44,6 +44,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://CVE-2025-6170.patch \ file://CVE-2025-9714.patch \ file://CVE-2025-7425.patch \ + file://CVE-2026-0990.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" From patchwork Tue Feb 24 14:23:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80DEDE9B272 for ; Tue, 24 Feb 2026 14:25:00 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21267.1771943099133048308 for ; Tue, 24 Feb 2026 06:24:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=M0VE/0W2; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4838c15e3cbso48933525e9.3 for ; Tue, 24 Feb 2026 06:24:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943097; x=1772547897; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BPuWQzdZf6pBkj+hVHddUrYzpKTxu+qNAuxGmm6yU2I=; b=M0VE/0W2qKKpEGiFhcS2R+EzmqgOdK0kOPOKCeOCBf6Zy8mNbetaEDO7rH1xmHDlh5 FytoF35QfXPMDN5exoiUbSSPwhQDSDakNMwNNJ3QZhf7C/LrKM2dUFfh/gspzO9EZphE Z7VFqtuUyu4ywWjlUGb6vc+UVbKoW1VlJUHSI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943097; x=1772547897; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BPuWQzdZf6pBkj+hVHddUrYzpKTxu+qNAuxGmm6yU2I=; b=Q9JPsRGzpBfalLAcwMfk0eKU+2RXL7q7ClvgqfJ0uJsRZW/hjHzoJpLzvBuap4GT5u PdMi+0PDAa+itAWMeKXyet9GgYE9jlSO3NTQG95fGyTo/rJwBSaVKe2f/19sLAHAaoEQ fCiEXVhbT5knBm+jFsaYz5tLGOK/fEfEprEWw/8OfgA9ewEURMJn12lKAyLPaVcFIwta x6JHQT7dWF7WoGjTXITU8Vr4j7QgaTzwGSpO3QFVnfTOorkELS7cEungprISYm5GB64X 5QxPF3Fpq/r2YDbaox0BB9mCtp6HSQAHxaHNWeTlr+gdVCPMwEStN3wBukF/7lqorDLW Bx4w== X-Gm-Message-State: AOJu0Yxwfcej/MNTV6MR3iffY/QsyHhxEhRpWBp3yW1qEAayYGSZjTl4 VGFd2zxbJIJq47bxSXS9BaxUXGg8U13DIJkRIstkUW+X8fZ+RNpDyQJqHSowFxv9o3EkFnt8wSw yGTKl X-Gm-Gg: AZuq6aL5qSkxUAFEnnWmnokNe+pI8nD0rqZZHGffSycmrkErpGRdkwHiMWDO7HnyrGU D092JAfXJrk5Nj9tirr62GYwbSJUoWnFhS0N38Ym47xuquBIo1HWElPH3FyesW1kYYTQo7OJpFC EV9Bto033SXVhKAmxuSAiPsc41eP4aF1r1ZxDek2NF1khFEQ0KSxjJwQJ9gwQ6nyQrOW9htJ1S1 BWIWYMv8HwMgXKerUdN+Gce470HMZnmmSWtqA6MrmnV46HZNyL81EWsa91TctoPc5vz2FCbQW21 h7mVrQh4qHKb8WWAMslQY5tG7xMfKCfMeh2ggmC4T7lH2TStjAk48cS1WEhMym0Y+tMePjlAP6+ /0OtP4M1UiCpLbqytMzFzrDzwmuwYCq+zwURkqfDSHtWzPnto05LV2IDHPuRTRaYHeoC717k2gH 2CE2d4TWdd7k+du/HCk76JalIyV0Dcf4EONIQhmsVTf7n/X8ztmddIeh9BJtF76cDaemvpRsb+K SQAOeAB7svXj1HrssFEFH5W1eOfqrCWkw== X-Received: by 2002:a05:600c:1396:b0:477:6d96:b3c8 with SMTP id 5b1f17b1804b1-483adc6aaebmr156115305e9.23.1771943097193; Tue, 24 Feb 2026 06:24:57 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:56 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/38] libxml2: patch CVE-2026-0992 Date: Tue, 24 Feb 2026 15:23:57 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231771 From: Peter Marko Pick patch which closed [1]. Adapt for missing xmlCatalogPrintDebug per [2]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 [2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/728869809eb7eee1b1681d558b4b506a8019c151 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libxml/libxml2/CVE-2026-0992.patch | 49 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 + 2 files changed, 50 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch new file mode 100644 index 00000000000..d7c0b47b339 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch @@ -0,0 +1,49 @@ +From f75abfcaa419a740a3191e56c60400f3ff18988d Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Fri, 19 Dec 2025 11:02:18 +0100 +Subject: [PATCH] catalog: Ignore repeated nextCatalog entries + +This patch makes the catalog parsing to ignore repeated entries of +nextCatalog with the same value. + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 + +CVE: CVE-2026-0989 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d] +Signed-off-by: Peter Marko +--- + catalog.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/catalog.c b/catalog.c +index 46b877e6..fa6d77ca 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -1279,9 +1279,27 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer, + BAD_CAST "delegateURI", BAD_CAST "uriStartString", + BAD_CAST "catalog", prefer, cgroup); + } else if (xmlStrEqual(cur->name, BAD_CAST "nextCatalog")) { ++ xmlCatalogEntryPtr prev = parent->children; ++ + entry = xmlParseXMLCatalogOneNode(cur, XML_CATA_NEXT_CATALOG, + BAD_CAST "nextCatalog", NULL, + BAD_CAST "catalog", prefer, cgroup); ++ /* Avoid duplication of nextCatalog */ ++ while (prev != NULL) { ++ if ((prev->type == XML_CATA_NEXT_CATALOG) && ++ (xmlStrEqual (prev->URL, entry->URL)) && ++ (xmlStrEqual (prev->value, entry->value)) && ++ (prev->prefer == entry->prefer) && ++ (prev->group == entry->group)) { ++ if (xmlDebugCatalogs) ++ fprintf(stderr, ++ "Ignoring repeated nextCatalog %s\n", entry->URL); ++ xmlFreeCatalogEntry(entry, NULL); ++ entry = NULL; ++ break; ++ } ++ prev = prev->next; ++ } + } + if (entry != NULL) { + if (parent != NULL) { diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index a72aff6c83d..bf3099c1f42 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -45,6 +45,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://CVE-2025-9714.patch \ file://CVE-2025-7425.patch \ file://CVE-2026-0990.patch \ + file://CVE-2026-0992.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" From patchwork Tue Feb 24 14:23:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81710 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D889E9B274 for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21269.1771943100435410678 for ; Tue, 24 Feb 2026 06:25:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=qHpOeV7V; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4806ce0f97bso45147935e9.0 for ; Tue, 24 Feb 2026 06:25:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943099; x=1772547899; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=scwdX76KmJoUgEjsUPWaYTJyc79taAry713zGbUZxhw=; b=qHpOeV7V6mBPpXiJVZS3mPglk1kqUMy1tZQq5gpdgpH23tifGewC5vdVUzpFvOvFTj 7tj7KN1kR2Y+icSyyR+QZGGlsAkMZp3e9y2ZJ/VO3lY+eYl7VqWgO3R/oanC4qZAX2NJ ZDqsptwePCa+ecMU6h8AC8DEFXNokJXlx2eUQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943099; x=1772547899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=scwdX76KmJoUgEjsUPWaYTJyc79taAry713zGbUZxhw=; b=F98gf5BIFTKziD865jexFHswUp3U868OMpwk1pWgx1Ai4CqK2V9/Sshtooo8pfNl4g 60zOhF/oPOIq+/dU409wX4dsAvVwLJ+wNDvpi4SM4YyejZ30K8rj4JrqAcl+fYf3/RXi gRfD2byVsB3sHARJ/R0Vk3lXh2DhZ/EZMlw+B4rT2Z/a0ugQWPTPIb9/eJn5iKKFOxrp oSGYGGVTHBzTkPaNIlPfYrYWgSAeLKIKPsyjwCc4cnoC8IGrjgwtHMkdo9I32U/4dN5Y Wfik+SIw0kZrEYius34z/HU03kHPW5nbHv1excNYOJbXMlkDJ+3FRvWjIR6+8de5bXEh iofg== X-Gm-Message-State: AOJu0Yxc2+CdqtYCFITRG0QFaAsqlNqnNNoFqDWVKdm0QKPnsCoZkgiz BXJf4lotqbbUjyi1yK9vmWplMkhSIJOGmFfdpIILuWVPsNskVHoZovYtJSXcCqXebRLcUMsYyhk F8LnA X-Gm-Gg: AZuq6aJK1wXGXO2IzHC2rr22r/XtjQtfaARuypqcSleVZwEK9wjLqHrfpN/YMrRWys8 eln+VsJeo3zb1vJVoXaruhIJ6ye4sNPwIA6r34pQ5D1GjjTdYqJr2AAM9wTbxYNvsLZfQRFEXk4 koJYUx+JNYLRND4kabEuVX3xXHbCsYxEyNC5bHvgIGE/7r+uOhluvdHDFRAGbyGt1PUP2R+Af5+ q6owDnrovlLMiuN1hfIF6JeH5Pl6WuLbuo2V1dwNN6LMfpVQAvA5JuiXA76zRtcbaGqNVgVXowV ASWXqDaMSaJusFFG8Wj1L/VsmIlZLdOOsgtMaRjJiJ9C+UfcfRe+A/DHLQ3uTAZLh8MKSP6djed oGYDRS2PnapFDJJ45GmnLKi3yAOndVYORvAj2+h+mdfjWSR9KE4URT7Iwexsx3mdYYZfZl1VYLe PRRplyOENmQ5E/n5r+k9MGY0aW0XJGgTUOX6XYIfrnwy5EWvprctNkjvKqgNvqea9McHVgIiShN o24Z83JbuiQrUG2Y/tE85ztE/u3q/nlgv1TAiMiUcmw X-Received: by 2002:a05:600c:4f95:b0:483:8e43:6def with SMTP id 5b1f17b1804b1-483a95e5a97mr188760825e9.28.1771943098153; Tue, 24 Feb 2026 06:24:58 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:57 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/38] libxml2: add follow-up patch for CVE-2026-0992 Date: Tue, 24 Feb 2026 15:23:58 +0100 Message-ID: <4bf920205f1290e0894b5fce47e35ca5c1bd41aa.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231772 From: Peter Marko References: * https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- ...2026-0992.patch => CVE-2026-0992-01.patch} | 0 .../libxml/libxml2/CVE-2026-0992-02.patch | 325 ++++++++++++++++++ .../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++ meta/recipes-core/libxml/libxml2_2.9.14.bb | 4 +- 4 files changed, 361 insertions(+), 1 deletion(-) rename meta/recipes-core/libxml/libxml2/{CVE-2026-0992.patch => CVE-2026-0992-01.patch} (100%) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch similarity index 100% rename from meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch rename to meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch new file mode 100644 index 00000000000..50f72832d45 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch @@ -0,0 +1,325 @@ +From f8399e62a31095bf1ced01827c33f9b29494046f Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Fri, 19 Dec 2025 12:27:54 +0100 +Subject: [PATCH] testcatalog: Add new tests for catalog.c + +Adds a new test program to run specific tests related to catalog +parsing. + +This initial version includes a couple of tests, the first one to check +the infinite recursion detection related to: +https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018. + +The second one tests the nextCatalog element repeated parsing, related +to: +https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 +https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040 + +CVE: CVE-2026-0992 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f] +Signed-off-by: Peter Marko +--- + CMakeLists.txt | 2 + + Makefile.am | 8 ++- + catalog.c | 63 +++++++++++----- + include/libxml/catalog.h | 2 + + test/catalogs/catalog-recursive.xml | 3 + + test/catalogs/repeated-next-catalog.xml | 10 +++ + testcatalog.c | 96 +++++++++++++++++++++++++ + 7 files changed, 164 insertions(+), 20 deletions(-) + create mode 100644 test/catalogs/catalog-recursive.xml + create mode 100644 test/catalogs/repeated-next-catalog.xml + create mode 100644 testcatalog.c + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 163661f8..7d5702df 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -555,6 +555,7 @@ if(LIBXML2_WITH_TESTS) + testapi + testAutomata + testC14N ++ testcatalog + testchar + testdict + testHTML +@@ -579,6 +580,7 @@ if(LIBXML2_WITH_TESTS) + if(NOT WIN32) + add_test(NAME testapi COMMAND testapi) + endif() ++ add_test(NAME testcatalog COMMAND testcatalog) + add_test(NAME testchar COMMAND testchar) + add_test(NAME testdict COMMAND testdict) + add_test(NAME testrecurse COMMAND testrecurse WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +diff --git a/Makefile.am b/Makefile.am +index c51dfd8e..c794eac8 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -12,7 +12,7 @@ AM_CFLAGS = $(EXTRA_CFLAGS) $(THREAD_CFLAGS) $(Z_CFLAGS) $(LZMA_CFLAGS) + + check_PROGRAMS=testSchemas testRelax testSAX testHTML testXPath testURI \ + testThreads testC14N testAutomata testRegexp \ +- testReader testapi testModule runtest runsuite testchar \ ++ testReader testapi testModule runtest runsuite testcatalog testchar \ + testdict runxmlconf testrecurse testlimits + + bin_PROGRAMS = xmllint xmlcatalog +@@ -81,6 +81,11 @@ testlimits_LDFLAGS = + testlimits_DEPENDENCIES = $(DEPS) + testlimits_LDADD= $(BASE_THREAD_LIBS) $(RDL_LIBS) $(LDADDS) + ++testcatalog_SOURCES=testcatalog.c ++testcatalog_LDFLAGS = ++testcatalog_DEPENDENCIES = $(DEPS) ++testcatalog_LDADD= $(LDADDS) ++ + testchar_SOURCES=testchar.c + testchar_LDFLAGS = + testchar_DEPENDENCIES = $(DEPS) +@@ -213,6 +218,7 @@ runtests: + $(CHECKER) ./runtest$(EXEEXT) && \ + $(CHECKER) ./testrecurse$(EXEEXT) && \ + ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \ ++ $(CHECKER) ./testcatalog$(EXEEXT) \ + $(CHECKER) ./testchar$(EXEEXT) && \ + $(CHECKER) ./testdict$(EXEEXT) && \ + $(CHECKER) ./runxmlconf$(EXEEXT) +diff --git a/catalog.c b/catalog.c +index 401dbc14..eb889162 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -658,43 +658,54 @@ static void xmlDumpXMLCatalogNode(xmlCatalogEntryPtr catal, xmlNodePtr catalog, + } + } + +-static int +-xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) { +- int ret; +- xmlDocPtr doc; ++static xmlDocPtr ++xmlDumpXMLCatalogToDoc(xmlCatalogEntryPtr catal) { + xmlNsPtr ns; + xmlDtdPtr dtd; + xmlNodePtr catalog; +- xmlOutputBufferPtr buf; ++ xmlDocPtr doc = xmlNewDoc(NULL); ++ if (doc == NULL) { ++ return(NULL); ++ } + +- /* +- * Rebuild a catalog +- */ +- doc = xmlNewDoc(NULL); +- if (doc == NULL) +- return(-1); + dtd = xmlNewDtd(doc, BAD_CAST "catalog", +- BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN", +-BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"); ++ BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN", ++ BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"); + + xmlAddChild((xmlNodePtr) doc, (xmlNodePtr) dtd); + + ns = xmlNewNs(NULL, XML_CATALOGS_NAMESPACE, NULL); + if (ns == NULL) { +- xmlFreeDoc(doc); +- return(-1); ++ xmlFreeDoc(doc); ++ return(NULL); + } + catalog = xmlNewDocNode(doc, ns, BAD_CAST "catalog", NULL); + if (catalog == NULL) { +- xmlFreeNs(ns); +- xmlFreeDoc(doc); +- return(-1); ++ xmlFreeDoc(doc); ++ xmlFreeNs(ns); ++ return(NULL); + } + catalog->nsDef = ns; + xmlAddChild((xmlNodePtr) doc, catalog); +- + xmlDumpXMLCatalogNode(catal, catalog, doc, ns, NULL); + ++ return(doc); ++} ++ ++static int ++xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) { ++ int ret; ++ xmlDocPtr doc; ++ xmlOutputBufferPtr buf; ++ ++ /* ++ * Rebuild a catalog ++ */ ++ doc = xmlDumpXMLCatalogToDoc(catal); ++ if (doc == NULL) { ++ return(-1); ++ } ++ + /* + * reserialize it + */ +@@ -3430,6 +3441,20 @@ xmlCatalogDump(FILE *out) { + + xmlACatalogDump(xmlDefaultCatalog, out); + } ++ ++/** ++ * Dump all the global catalog content as a xmlDoc ++ * This function is just for testing/debugging purposes ++ * ++ * @returns The catalog as xmlDoc or NULL if failed, it must be freed by the caller. ++ */ ++xmlDocPtr ++xmlCatalogDumpDoc(void) { ++ if (!xmlCatalogInitialized) ++ xmlInitializeCatalog(); ++ ++ return xmlDumpXMLCatalogToDoc(xmlDefaultCatalog->xml); ++} + #endif /* LIBXML_OUTPUT_ENABLED */ + + /** +diff --git a/include/libxml/catalog.h b/include/libxml/catalog.h +index 88a7483c..e1bc5feb 100644 +--- a/include/libxml/catalog.h ++++ b/include/libxml/catalog.h +@@ -119,6 +119,8 @@ XMLPUBFUN void XMLCALL + #ifdef LIBXML_OUTPUT_ENABLED + XMLPUBFUN void XMLCALL + xmlCatalogDump (FILE *out); ++XMLPUBFUN xmlDocPtr ++ xmlCatalogDumpDoc (void); + #endif /* LIBXML_OUTPUT_ENABLED */ + XMLPUBFUN xmlChar * XMLCALL + xmlCatalogResolve (const xmlChar *pubID, +diff --git a/test/catalogs/catalog-recursive.xml b/test/catalogs/catalog-recursive.xml +new file mode 100644 +index 00000000..3b3d03f9 +--- /dev/null ++++ b/test/catalogs/catalog-recursive.xml +@@ -0,0 +1,3 @@ ++ ++ ++ +diff --git a/test/catalogs/repeated-next-catalog.xml b/test/catalogs/repeated-next-catalog.xml +new file mode 100644 +index 00000000..76d34c3c +--- /dev/null ++++ b/test/catalogs/repeated-next-catalog.xml +@@ -0,0 +1,10 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/testcatalog.c b/testcatalog.c +new file mode 100644 +index 00000000..86d33bd0 +--- /dev/null ++++ b/testcatalog.c +@@ -0,0 +1,96 @@ ++/* ++ * testcatalog.c: C program to run libxml2 catalog.c unit tests ++ * ++ * To compile on Unixes: ++ * cc -o testcatalog `xml2-config --cflags` testcatalog.c `xml2-config --libs` -lpthread ++ * ++ * See Copyright for the status of this software. ++ * ++ * Author: Daniel Garcia ++ */ ++ ++ ++#include "libxml.h" ++#include ++ ++#ifdef LIBXML_CATALOG_ENABLED ++#include ++ ++/* Test catalog resolve uri with recursive catalog */ ++static int ++testRecursiveDelegateUri(void) { ++ int ret = 0; ++ const char *cat = "test/catalogs/catalog-recursive.xml"; ++ const char *entity = "/foo.ent"; ++ xmlChar *resolved = NULL; ++ ++ xmlInitParser(); ++ xmlLoadCatalog(cat); ++ ++ /* This should trigger recursive error */ ++ resolved = xmlCatalogResolveURI(BAD_CAST entity); ++ if (resolved != NULL) { ++ fprintf(stderr, "CATALOG-FAILURE: Catalog %s entity should fail to resolve\n", entity); ++ ret = 1; ++ } ++ xmlCatalogCleanup(); ++ ++ return ret; ++} ++ ++/* Test parsing repeated NextCatalog */ ++static int ++testRepeatedNextCatalog(void) { ++ int ret = 0; ++ int i = 0; ++ const char *cat = "test/catalogs/repeated-next-catalog.xml"; ++ const char *entity = "/foo.ent"; ++ xmlDocPtr doc = NULL; ++ xmlNodePtr node = NULL; ++ ++ xmlInitParser(); ++ ++ xmlLoadCatalog(cat); ++ /* To force the complete recursive load */ ++ xmlCatalogResolveURI(BAD_CAST entity); ++ /** ++ * Ensure that the doc doesn't contain the same nextCatalog ++ */ ++ doc = xmlCatalogDumpDoc(); ++ xmlCatalogCleanup(); ++ ++ if (doc == NULL) { ++ fprintf(stderr, "CATALOG-FAILURE: Failed to dump the catalog\n"); ++ return 1; ++ } ++ ++ /* Just the root "catalog" node with a series of nextCatalog */ ++ node = xmlDocGetRootElement(doc); ++ node = node->children; ++ for (i=0; node != NULL; node=node->next, i++) {} ++ if (i > 1) { ++ fprintf(stderr, "CATALOG-FAILURE: Found %d nextCatalog entries and should be 1\n", i); ++ ret = 1; ++ } ++ ++ xmlFreeDoc(doc); ++ ++ return ret; ++} ++ ++int ++main(void) { ++ int err = 0; ++ ++ err |= testRecursiveDelegateUri(); ++ err |= testRepeatedNextCatalog(); ++ ++ return err; ++} ++#else ++/* No catalog, so everything okay */ ++int ++main(void) { ++ return 0; ++} ++#endif diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch new file mode 100644 index 00000000000..89f5fb1ac66 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch @@ -0,0 +1,33 @@ +From deed3b7873dff30b7f87f7f33154c9932a772522 Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Sun, 18 Jan 2026 19:47:11 +0100 +Subject: [PATCH] catalog: Do not check value for duplication nextCatalog + +The value field stores the path as it appears in the catalog definition, +the URL is built using xmlBuildURI that changes the relative paths to +absolute. + +This change fixes the issue of using relative path to the same catalog +in the same file. + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040 + +CVE: CVE-2026-0992 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522] +Signed-off-by: Peter Marko +--- + catalog.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/catalog.c b/catalog.c +index eb889162..ba9ee7ae 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -1299,7 +1299,6 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer, + while (prev != NULL) { + if ((prev->type == XML_CATA_NEXT_CATALOG) && + (xmlStrEqual (prev->URL, entry->URL)) && +- (xmlStrEqual (prev->value, entry->value)) && + (prev->prefer == entry->prefer) && + (prev->group == entry->group)) { + if (xmlDebugCatalogs) diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index bf3099c1f42..fa39116404b 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -45,7 +45,9 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt file://CVE-2025-9714.patch \ file://CVE-2025-7425.patch \ file://CVE-2026-0990.patch \ - file://CVE-2026-0992.patch \ + file://CVE-2026-0992-01.patch \ + file://CVE-2026-0992-02.patch \ + file://CVE-2026-0992-03.patch \ " SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee" From patchwork Tue Feb 24 14:23:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC924E9B27A for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21270.1771943100814129043 for ; Tue, 24 Feb 2026 06:25:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ijEaSwX4; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4833115090dso54046465e9.3 for ; Tue, 24 Feb 2026 06:25:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943099; x=1772547899; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DQ7deOGN/ASrNd6cWeuAduL4Jogn81WrVdjhJAt45LA=; b=ijEaSwX4GaoTdljzJzb9E2nQqh8At9ozSSEP0bB8Zq6scxDoaMxjf4iq4q+5mu1ynd da+bbGyLxHxop1tHkBVosotSPVKXaJBNdhSdv/RZH0GOiKorQxi1o7aKF1+VD0A45x5G qUfQwgyREbMEId+a6ck/RMVSsaYoSnqP53VC4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943099; x=1772547899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DQ7deOGN/ASrNd6cWeuAduL4Jogn81WrVdjhJAt45LA=; b=Vwgnu1q/ax9jqswrI/6rfnzQQQVyRvrLS6yfcW7gJ0eMfAocIeXkD3fNtZ8qgcyden opwagpJnNlX0HHBK+tLR1Ru6mdnYvIG4szir+OWcEK5LL8of8F+9hRDYjUWhXHdhneyj Za6XivQiIQDTQpyEqO4q1nWtr5oanhNiuVWb7Mba87x7UCsHar8Nq79lCuBpGBPeuGHK oZbMAaDTkMEHBjbCV2ojxAxuyP2VBLDW312OZgXHmJK/Ql2vL4FA7GHwtvXBW828a0CD 3JHWtd4R1vveEsgN9QnIcwxJW1CxXDJc71WOkH+qLhIFGUM4tPfNRYNEiYWuf5F2g0T7 ulQQ== X-Gm-Message-State: AOJu0YxleUASzOrjamT1Pn60/kZQIk2GoaAjkek7SQi7Rhm/3NrWbm9c htwOXQnH0F+1thUZNJlbnS3c1toibxYHULkwlYYuZ41inXPW1diAw9YFYGTkEJW6tYHIXOqHUIu wzSoZ X-Gm-Gg: AZuq6aKlJmHf4rUYttpC18gaYXs/Ef9JsQkZ/OmVwk+ENTqnFvGgFNRn/RekeA0ruqT GjTJgLqqm8Ge3XKX+z6Xc/Vy2cDC80pJP8v6Ly256FYvIIDLLQ/sG7mZ7dbC3+BrJ/iWwBfsePf 6CZ2DT8bR1jZNYP8JSPcpn81rY0MzJV4iJKClAwhDdRKeCmGgeGce/J5zcbkLGx1IbQJEMCTPC9 dKW/EreAX42y2Klqr0iSkQh2NWS4bPTtGO+Av+z73kFTmd3KjD2Rk6w6cnmBvKncM3V4Xp2XIEC GiaRlYPysLguYlFKJVDlPmNnlGrOd6dI6x9mBERVk1g7z/HRNAQ5Sc5e0Lfnntmcf8GJeDjMkMv xoUUdtIkkFsHHu5uheQtaMUfUrLw15xectUiz9WZZXtLFxgHn8uF1ZU0DXT7TJKv+yhJGLdupFL Tdhq/LXOLMSEY6gGZXKr//cwe1mqfcdBfTNyCCKtSOKVAtpDA93B/n0e5jo2RdsnOMDjP4Pt1GW ww7AA9m9hpyp0ls/altOWtRbcxnIKmYyCge6TSPMDcS X-Received: by 2002:a05:600c:1e1d:b0:483:456a:514b with SMTP id 5b1f17b1804b1-483a95befe5mr207449395e9.12.1771943098778; Tue, 24 Feb 2026 06:24:58 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:58 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/38] expat: patch CVE-2026-24515 Date: Tue, 24 Feb 2026 15:23:59 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231773 From: Peter Marko Pick fix commit from PR linked in NVD report. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../expat/expat/CVE-2026-24515.patch | 43 +++++++++++++++++++ meta/recipes-core/expat/expat_2.5.0.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515.patch diff --git a/meta/recipes-core/expat/expat/CVE-2026-24515.patch b/meta/recipes-core/expat/expat/CVE-2026-24515.patch new file mode 100644 index 00000000000..da11cf81cf1 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-24515.patch @@ -0,0 +1,43 @@ +From 86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Sun, 18 Jan 2026 17:53:37 +0100 +Subject: [PATCH] lib: Make XML_ExternalEntityParserCreate copy unknown + encoding handler user data + +Patch suggested by Artiphishell Inc. + +CVE: CVE-2026-24515 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9] +Signed-off-by: Peter Marko +--- + lib/xmlparse.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 593cd90d..18577ee3 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -1289,6 +1289,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context, + XML_ExternalEntityRefHandler oldExternalEntityRefHandler; + XML_SkippedEntityHandler oldSkippedEntityHandler; + XML_UnknownEncodingHandler oldUnknownEncodingHandler; ++ void *oldUnknownEncodingHandlerData; + XML_ElementDeclHandler oldElementDeclHandler; + XML_AttlistDeclHandler oldAttlistDeclHandler; + XML_EntityDeclHandler oldEntityDeclHandler; +@@ -1333,6 +1334,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context, + oldExternalEntityRefHandler = parser->m_externalEntityRefHandler; + oldSkippedEntityHandler = parser->m_skippedEntityHandler; + oldUnknownEncodingHandler = parser->m_unknownEncodingHandler; ++ oldUnknownEncodingHandlerData = parser->m_unknownEncodingHandlerData; + oldElementDeclHandler = parser->m_elementDeclHandler; + oldAttlistDeclHandler = parser->m_attlistDeclHandler; + oldEntityDeclHandler = parser->m_entityDeclHandler; +@@ -1391,6 +1393,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context, + parser->m_externalEntityRefHandler = oldExternalEntityRefHandler; + parser->m_skippedEntityHandler = oldSkippedEntityHandler; + parser->m_unknownEncodingHandler = oldUnknownEncodingHandler; ++ parser->m_unknownEncodingHandlerData = oldUnknownEncodingHandlerData; + parser->m_elementDeclHandler = oldElementDeclHandler; + parser->m_attlistDeclHandler = oldAttlistDeclHandler; + parser->m_entityDeclHandler = oldEntityDeclHandler; diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb index 33207ff0dab..ae661947c3a 100644 --- a/meta/recipes-core/expat/expat_2.5.0.bb +++ b/meta/recipes-core/expat/expat_2.5.0.bb @@ -30,6 +30,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA file://CVE-2024-45492.patch \ file://CVE-2024-50602-01.patch \ file://CVE-2024-50602-02.patch \ + file://CVE-2026-24515.patch \ " UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" From patchwork Tue Feb 24 14:24:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81716 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12DB9F357A0 for ; Tue, 24 Feb 2026 14:25:11 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21460.1771943101456830680 for ; Tue, 24 Feb 2026 06:25:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=a/yYUP+g; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4806bf39419so49183045e9.1 for ; Tue, 24 Feb 2026 06:25:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943099; x=1772547899; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=H+6GSdf8pS2pGu381hGK9CTGN+FL5DoljphyBV7lIY0=; b=a/yYUP+gDUZDSx5m4xgkg2aD3ECjeYVIHPCYA9Cw6yZ5WpIOb/qio/7OHPDkOQfZG+ nGmVR3UITfoebUBIM91HzH9O5Xz94WzSbP5/jap+vfC/MKvLSBdfdfjmMA30wFpfpQOZ enyCoaHe3rSxwW7221kjQmEq+p6CVFKAGJw0s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943099; x=1772547899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=H+6GSdf8pS2pGu381hGK9CTGN+FL5DoljphyBV7lIY0=; b=TBn9ICXawwsXNEjsDrx4/2jVrbMfFqduwx67IVn2Jv/BWWV95RvBjE1pbJn09XpvSf DJf+05bDQNTJf09kNkuieI7+TBY4AgGVi2f1G+P0K+Tc8MZ1k3zxLJeWp9FKeX/KkTzU ns0+TN6jEZaSDLIDQ0TRjrVDCY+G6V4nUtz7HlX86M/H1r5slSIVm5GycrrnsbN4YlL7 eTfSxz6p9jyAVSfVUHZyWSq1cwHWS1tlZ5VVHnHR0GaWA0plJu1C7sGfsRdpU8/0DVoN UZJhkozCw78jaTVKLDa27Y3fu33EpZuhH1C/W+CGCYC8v31/V4qgm+2r34Ua8YWToHsr Nc5Q== X-Gm-Message-State: AOJu0YyAnwyVA7tQjrkTBnEs9PGeWFgTj+PY6bjEm4IvN3YNGRHMJf1j eJOJMiVGZOCYkFq3fkeq0A4vzpnoVopKBFvQBN+M/YLLBW4xcbch6MU9fNOGN+/af9E8S7+Kgas Zf6C5 X-Gm-Gg: AZuq6aLWvML4/j+RzvY8rbcLfF0kXS5V/9lCeK394Xk39K0CT86X4C6kc+0tOW8fKJS v0npsKTbGx18+O9mAn0TlQ25Zij2pAGyGNV/RDFg/JRE0Nbub2CXXWiKvSWr6ug/KT2c6L673BZ KuYGWgnIbhWdCc4xcJ1MY343ZT9lHm/NF8XYDQNu+1q07vvir2u6fy118tPieDfNLjrBDssEgFK BgLi2RGNbukPAtCUKSHZjPPmbZPhyACzMMPeOB/TVaz+d4huhZ7MeThRZiG/ThGRsIQAPGpUXfr M1lduC6idA5kGF4DL+g5mda7ECoprdnO9vzh34OrNRvq77eKBditR9l8/u8qRG8Gx6ffUzO4IZB Wj7C+6muiPvJq5l72Be4ePlXPEDFShBaKMbOxhJHdTXq9+oGS3B1byP2YAqBDK9UOxkKV47YvN8 OffUtJCFHE+wZVQooWj0ygXGCyy4QR+3ncSt0AuFhm5+8KeJ5lKtQhibN+zChlywGK4JxIXOD9o rjzl6UXYKAl5RZbpCNYbtakQ07FCjOmwA== X-Received: by 2002:a05:600c:81c8:b0:47d:403a:277 with SMTP id 5b1f17b1804b1-483bd7253cbmr2509155e9.4.1771943099449; Tue, 24 Feb 2026 06:24:59 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:59 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/38] expat: patch CVE-2026-25210 Date: Tue, 24 Feb 2026 15:24:00 +0100 Message-ID: <075bfc938aefc369ed6bca177627cb1f8dd5dfca.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231774 From: Peter Marko Pick patches from [1]. [1] https://github.com/libexpat/libexpat/pull/1075 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../expat/expat/CVE-2026-25210-01.patch | 27 ++++++++++++++ .../expat/expat/CVE-2026-25210-02.patch | 37 +++++++++++++++++++ .../expat/expat/CVE-2026-25210-03.patch | 28 ++++++++++++++ meta/recipes-core/expat/expat_2.5.0.bb | 3 ++ 4 files changed, 95 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-01.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-02.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-03.patch diff --git a/meta/recipes-core/expat/expat/CVE-2026-25210-01.patch b/meta/recipes-core/expat/expat/CVE-2026-25210-01.patch new file mode 100644 index 00000000000..cdd5f13338c --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-25210-01.patch @@ -0,0 +1,27 @@ +From 7ddea353ad3795f7222441274d4d9a155b523cba Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez +Date: Thu, 2 Oct 2025 17:15:15 -0700 +Subject: [PATCH] lib: Make a doubling more readable + +Suggested-by: Sebastian Pipping + +CVE: CVE-2026-25210 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/7ddea353ad3795f7222441274d4d9a155b523cba] +Signed-off-by: Peter Marko +--- + lib/xmlparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 8cf29257..2f9adffc 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2977,7 +2977,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + tag->name.strLen = convLen; + break; + } +- bufSize = (int)(tag->bufEnd - tag->buf) << 1; ++ bufSize = (int)(tag->bufEnd - tag->buf) * 2; + { + char *temp = (char *)REALLOC(parser, tag->buf, bufSize); + if (temp == NULL) diff --git a/meta/recipes-core/expat/expat/CVE-2026-25210-02.patch b/meta/recipes-core/expat/expat/CVE-2026-25210-02.patch new file mode 100644 index 00000000000..d690a6e8fa7 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-25210-02.patch @@ -0,0 +1,37 @@ +From 8855346359a475c022ec8c28484a76c852f144d9 Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez +Date: Thu, 2 Oct 2025 17:15:15 -0700 +Subject: [PATCH] lib: Realign a size with the `REALLOC` type signature it is + passed into + +Note that this implicitly assumes `tag->bufEnd >= tag->buf`, which should +already be guaranteed true. + +CVE: CVE-2026-25210 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/8855346359a475c022ec8c28484a76c852f144d9] +Signed-off-by: Peter Marko +--- + lib/xmlparse.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index 2f9adffc..ee18a87f 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2966,7 +2966,6 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + const char *fromPtr = tag->rawName; + toPtr = (XML_Char *)tag->buf; + for (;;) { +- int bufSize; + int convLen; + const enum XML_Convert_Result convert_res + = XmlConvert(enc, &fromPtr, rawNameEnd, (ICHAR **)&toPtr, +@@ -2977,7 +2976,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + tag->name.strLen = convLen; + break; + } +- bufSize = (int)(tag->bufEnd - tag->buf) * 2; ++ const size_t bufSize = (size_t)(tag->bufEnd - tag->buf) * 2; + { + char *temp = (char *)REALLOC(parser, tag->buf, bufSize); + if (temp == NULL) diff --git a/meta/recipes-core/expat/expat/CVE-2026-25210-03.patch b/meta/recipes-core/expat/expat/CVE-2026-25210-03.patch new file mode 100644 index 00000000000..d8b38874286 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2026-25210-03.patch @@ -0,0 +1,28 @@ +From 9c2d990389e6abe2e44527eeaa8b39f16fe859c7 Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez +Date: Thu, 2 Oct 2025 17:15:15 -0700 +Subject: [PATCH] lib: Introduce an integer overflow check for tag buffer + reallocation + +Suggested-by: Sebastian Pipping + +CVE: CVE-2026-25210 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/9c2d990389e6abe2e44527eeaa8b39f16fe859c7] +Signed-off-by: Peter Marko +--- + lib/xmlparse.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index ee18a87f..d8c54c38 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2976,6 +2976,8 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc, + tag->name.strLen = convLen; + break; + } ++ if (SIZE_MAX / 2 < (size_t)(tag->bufEnd - tag->buf)) ++ return XML_ERROR_NO_MEMORY; + const size_t bufSize = (size_t)(tag->bufEnd - tag->buf) * 2; + { + char *temp = (char *)REALLOC(parser, tag->buf, bufSize); diff --git a/meta/recipes-core/expat/expat_2.5.0.bb b/meta/recipes-core/expat/expat_2.5.0.bb index ae661947c3a..c22dad2bbc1 100644 --- a/meta/recipes-core/expat/expat_2.5.0.bb +++ b/meta/recipes-core/expat/expat_2.5.0.bb @@ -31,6 +31,9 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA file://CVE-2024-50602-01.patch \ file://CVE-2024-50602-02.patch \ file://CVE-2026-24515.patch \ + file://CVE-2026-25210-01.patch \ + file://CVE-2026-25210-02.patch \ + file://CVE-2026-25210-03.patch \ " UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" From patchwork Tue Feb 24 14:24:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81719 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02B1AEF06E0 for ; Tue, 24 Feb 2026 14:25:11 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21462.1771943102415306684 for ; Tue, 24 Feb 2026 06:25:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=YFOPl88B; spf=pass (domain: smile.fr, ip: 209.85.221.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-4398913af88so488191f8f.2 for ; Tue, 24 Feb 2026 06:25:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943100; x=1772547900; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nkMxdUPO8ED9HXUFT5RIx5Zmg2QLtf5zr/W5k+W6Z0g=; b=YFOPl88B7GlNujt0XLeFfyPkygQiP9zwEGi3Miyol7R8qDVR8jcyRjs7Ryy2rN38r4 lk5/NzFok+xcUfHZEWswUgV2sxdjkYnqrrZ9hTHd9cSQXhW+RSdeEKrOiJPQKvEif+/k EAHZ8ZohapyGJOKTbyFYMc5C3WznVC/a9qGWA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943100; x=1772547900; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nkMxdUPO8ED9HXUFT5RIx5Zmg2QLtf5zr/W5k+W6Z0g=; b=cl8eA4QOEbC7sinTRg5sMvv7YunvC8mmRCDCOOkDiMrPKE0uIzhVUhXRwwEqgrcHgn dCIVCW81BB1MfLI/+BBrMSLZdPtNSkzsRQfIh2VayYApcBJezjzm9/3rcV2F2NoQ2W6k 4SNtEah36vsokXa+NaCTwd4eo5aMDyNjgRtVt8bodBsCw+FtXV42nBcXWtoxMt/+1oiH qqlaNRfAwICLAz3x+nRcRcQDaBww75q2UK7ZH70xXxiDD3ljQHrFClvkHvuPMdHkviyZ 4oqW/GyPShnoAHOVf9gDEFOoWY2Q5cq1w8mMmKkCCPC61Ng9h36UzlQ9dIrClLhEt4oR +UWw== X-Gm-Message-State: AOJu0YzSpvBMRoIgnYsXisyafBdoKqFlcUhl/iwl+x0dq4jykTFJXwsq YYvRnpo0OQHNwzyr9DhHyhrfZIDREg1Uy0x08o0Q7+QSyd2NQRB374TLWnvUvnnc/DScaCbYL41 1GWfi X-Gm-Gg: AZuq6aIX0T4wKCZiatA3Env0JJ8pYZ6u1deKiyHoUC6D4UKCdaF6ZKkzXZ/jLeIM5ji Lx3HCm4VogTxtS/QMmCtZAxy8jprzDSh7uWGmDJNPsdeyTbmWiPrdMrq84gK0gUV0TcGCp9pZPw Q0hmRvJBAnJgXPSeNC3WxPRVCBd7hEcxPnFmwK+Mii4UK21oY1CaZmv/LhWINjqjjFY8XpQgLvK NIY+bv4nqU41NMYJX3JOFnaR9JArK44u3Q7qXfw9eXlzIizryLHzrXU4Gmrt1NjrLgaYqRF0WpT lCXfuZHf8GpraAB1EhSmcxKEMeorwnXwCk9E2KcvI0pQiTLizWqK3QKr/hKGmeKYLg8PnSOKbrQ MZ8I0BZWqa7TKQQmoF2W4be3lXSrvo8whZgFEE/dsZIr67GzNa9+3nNJudFhY2xpReY5sG85xqi 5g9ZuHI2+96uqLwRDPvuDpaq+Dby+XfB+rfHGi31CSDPZmufWrJhY0v+mEauamLQdLgfwqnMfCX 94QckTeZRTZkPPD6UlpvZZ3wJn9zeNDMw== X-Received: by 2002:a05:600c:314e:b0:482:f12f:f35e with SMTP id 5b1f17b1804b1-483a95c710bmr201475195e9.12.1771943100076; Tue, 24 Feb 2026 06:25:00 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.24.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:24:59 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/38] openssl: upgrade 3.0.18 -> 3.0.19 Date: Tue, 24 Feb 2026 15:24:01 +0100 Message-ID: <5566ecc9e5900be651489b02ef2af0e11357c947.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231776 From: Vijay Anusuri This release incorporates the following bug fixes and mitigations: Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467) Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160) Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418) Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419) Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420) Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function. (CVE-2025-69421) Fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795) Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796) Changelog: https://github.com/openssl/openssl/blob/openssl-3.0.19/NEWS.md Refreshed CVE-2023-50781 patches for openssl-3.0.19 Reference: https://openssl-library.org/news/secadv/20260127.txt Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../openssl/openssl/CVE-2023-50781-1.patch | 46 ++++--- .../openssl/openssl/CVE-2023-50781-2.patch | 112 +++++++++--------- .../openssl/openssl/CVE-2023-50781-3.patch | 16 ++- .../{openssl_3.0.18.bb => openssl_3.0.19.bb} | 2 +- 4 files changed, 85 insertions(+), 91 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_3.0.18.bb => openssl_3.0.19.bb} (99%) diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch index 234fe7b8aaa..a00f67027d1 100644 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch @@ -1,7 +1,7 @@ -From 24734088e1034392de981151dfe57e3a379ada18 Mon Sep 17 00:00:00 2001 +From 295485f5c4b3120b272b81f92356f6d24871c02e Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Tue, 15 Mar 2022 13:58:08 +0100 -Subject: [PATCH 1/3] rsa: add implicit rejection in PKCS#1 v1.5 +Subject: [PATCH] rsa: add implicit rejection in PKCS#1 v1.5 The RSA decryption as implemented before required very careful handling of both the exit code returned by OpenSSL and the potentially returned @@ -43,6 +43,7 @@ Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13817) Signed-off-by: Jiaying Song + --- crypto/rsa/rsa_ossl.c | 95 +++++++- crypto/rsa/rsa_pk1.c | 252 ++++++++++++++++++++++ @@ -56,7 +57,7 @@ Signed-off-by: Jiaying Song 9 files changed, 393 insertions(+), 5 deletions(-) diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c -index 0fc642e777..330302ae55 100644 +index 6c32764..d658a3c 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -17,6 +17,9 @@ @@ -68,8 +69,8 @@ index 0fc642e777..330302ae55 100644 +#include static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -@@ -377,8 +380,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +@@ -373,8 +376,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, BIGNUM *f, *ret; int j, num = 0, r = -1; unsigned char *buf = NULL; @@ -83,7 +84,7 @@ index 0fc642e777..330302ae55 100644 /* * Used only if the blinding structure is shared. A non-NULL unblind * instructs rsa_blinding_convert() and rsa_blinding_invert() to store -@@ -408,6 +416,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +@@ -404,6 +412,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, goto err; } @@ -95,7 +96,7 @@ index 0fc642e777..330302ae55 100644 /* make data into a big number */ if (BN_bin2bn(from, (int)flen, f) == NULL) goto err; -@@ -472,13 +485,91 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +@@ -464,13 +477,91 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; @@ -188,17 +189,17 @@ index 0fc642e777..330302ae55 100644 break; case RSA_PKCS1_OAEP_PADDING: r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); -@@ -501,6 +592,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +@@ -493,6 +584,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, #endif - err: + err: + HMAC_CTX_free(hmac); + EVP_MD_free(md); BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c -index 51507fc030..5cd2b26879 100644 +index bebb43a..3fe12b2 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -21,10 +21,14 @@ @@ -214,7 +215,7 @@ index 51507fc030..5cd2b26879 100644 + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen) + const unsigned char *from, int flen) { @@ -273,6 +277,254 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, return constant_time_select_int(good, mlen, -1); @@ -472,7 +473,7 @@ index 51507fc030..5cd2b26879 100644 * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 * padding from a decrypted RSA message in a TLS signature. The result is stored diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in -index 2f6ef0021d..015265a74d 100644 +index 2f6ef00..015265a 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -273,6 +273,11 @@ signed or verified directly instead of using a B structure. If a @@ -488,7 +489,7 @@ index 2f6ef0021d..015265a74d 100644 For B if the digest type is set it is used to format the block data diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in -index 0a32fd965b..4c462abc8c 100644 +index 0a32fd9..4c462ab 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, @@ -504,7 +505,7 @@ index 0a32fd965b..4c462abc8c 100644 Hex dump the output data. diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod -index 3075eaafd6..e788f38809 100644 +index 3075eaa..e788f38 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -386,6 +386,13 @@ this behaviour should be tolerated then @@ -522,7 +523,7 @@ index 3075eaafd6..e788f38809 100644 EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod -index b6f9bad5f1..898535a7a2 100644 +index b6f9bad..898535a 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -51,6 +51,18 @@ return 1 for success and 0 or a negative value for failure. In particular a @@ -545,7 +546,7 @@ index b6f9bad5f1..898535a7a2 100644 Decrypt data using OAEP (for RSA keys): diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod -index 9f7025c497..36ae18563f 100644 +index 9f7025c..36ae185 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -121,8 +121,8 @@ L. @@ -570,7 +571,7 @@ index 9f7025c497..36ae18563f 100644 L, diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod -index 1d38073aea..bd3f835ac6 100644 +index 1d38073..bd3f835 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -52,8 +52,8 @@ Encrypting user data directly with RSA is insecure. @@ -599,20 +600,17 @@ index 1d38073aea..bd3f835ac6 100644 SSL, PKCS #1 v2.0 diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h -index 949873d0ee..f267e5d9d1 100644 +index 797dc1f..2f86e4c 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg); RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq); + OSSL_LIB_CTX *libctx, const char *propq); +int ossl_rsa_padding_check_PKCS1_type_2(OSSL_LIB_CTX *ctx, + unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, unsigned char *kdk); int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, - size_t tlen, - const unsigned char *from, --- -2.34.1 - + size_t tlen, + const unsigned char *from, diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch index b336d9e8505..13ea3c717ab 100644 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch @@ -1,7 +1,7 @@ -From e92f0cd3b03e5aca948b03df7e3d02e536700f68 Mon Sep 17 00:00:00 2001 +From 584936eb09cef64eb0755c0ccb2661e7ba1aea58 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Thu, 27 Oct 2022 19:16:58 +0200 -Subject: [PATCH 2/3] rsa: Add option to disable implicit rejection +Subject: [PATCH] rsa: Add option to disable implicit rejection CVE: CVE-2023-50781 @@ -14,6 +14,7 @@ Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13817) Signed-off-by: Jiaying Song + --- crypto/cms/cms_env.c | 7 +++++ crypto/evp/ctrl_params_translate.c | 6 +++++ @@ -28,10 +29,10 @@ Signed-off-by: Jiaying Song 10 files changed, 95 insertions(+), 8 deletions(-) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c -index 445a16fb77..49b0289114 100644 +index 2326253..96e3315 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c -@@ -581,6 +581,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, +@@ -576,6 +576,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (!ossl_cms_env_asn1_ctrl(ri, 1)) goto err; @@ -43,15 +44,15 @@ index 445a16fb77..49b0289114 100644 + EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0"); + if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) + ktri->encryptedKey->data, + ktri->encryptedKey->length) diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c -index 44d0895bcf..db7325439a 100644 +index 14306a0..b481776 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c -@@ -2269,6 +2269,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = { - EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, +@@ -2249,6 +2249,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = { + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, + OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, + { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL, @@ -60,13 +61,13 @@ index 44d0895bcf..db7325439a 100644 + NULL }, + { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, - OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, + OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c -index 330302ae55..4bdacd5ed9 100644 +index d658a3c..5a0b160 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c -@@ -395,6 +395,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +@@ -391,6 +391,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -79,7 +80,7 @@ index 330302ae55..4bdacd5ed9 100644 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) goto err; BN_CTX_start(ctx); -@@ -489,7 +495,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +@@ -481,7 +487,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, * derive the Key Derivation Key from private exponent and public * ciphertext */ @@ -88,7 +89,7 @@ index 330302ae55..4bdacd5ed9 100644 /* * because we use d as a handle to rsa->d we need to keep it local and * free before any further use of rsa->d -@@ -565,11 +571,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +@@ -557,11 +563,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, goto err; switch (padding) { @@ -105,7 +106,7 @@ index 330302ae55..4bdacd5ed9 100644 case RSA_PKCS1_OAEP_PADDING: r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c -index 0bf5ac098a..81b031f81b 100644 +index 85cdfb4..7f3d810 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -52,6 +52,8 @@ typedef struct { @@ -133,17 +134,17 @@ index 0bf5ac098a..81b031f81b 100644 if (sctx->oaep_label) { OPENSSL_free(dctx->oaep_label); dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); -@@ -347,6 +351,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, - const unsigned char *in, size_t inlen) +@@ -345,6 +349,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + const unsigned char *in, size_t inlen) { int ret; + int pad_mode; RSA_PKEY_CTX *rctx = ctx->data; /* * Discard const. Its marked as const because this may be a cached copy of -@@ -367,7 +372,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, - rctx->oaep_labellen, - rctx->md, rctx->mgf1md); +@@ -365,7 +370,12 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + rctx->oaep_labellen, + rctx->md, rctx->mgf1md); } else { - ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode); + if (rctx->pad_mode == RSA_PKCS1_PADDING && @@ -155,7 +156,7 @@ index 0bf5ac098a..81b031f81b 100644 } *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); ret = constant_time_select_int(constant_time_msb(ret), ret, 1); -@@ -591,6 +601,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +@@ -587,6 +597,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(unsigned char **)p2 = rctx->oaep_label; return rctx->oaep_labellen; @@ -171,7 +172,7 @@ index 0bf5ac098a..81b031f81b 100644 case EVP_PKEY_CTRL_PKCS7_SIGN: #ifndef OPENSSL_NO_CMS diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in -index 015265a74d..5e62551d34 100644 +index 015265a..5e62551 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -305,6 +305,16 @@ explicitly set in PSS mode then the signing digest is used. @@ -192,7 +193,7 @@ index 015265a74d..5e62551d34 100644 =head1 RSA-PSS ALGORITHM diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod -index e788f38809..3844aa2199 100644 +index e788f38..3844aa2 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -392,6 +392,8 @@ instead of padding errors in case padding checks fail. Applications that @@ -205,7 +206,7 @@ index e788f38809..3844aa2199 100644 =head2 DSA parameters diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod -index 0976a263a8..2a8426a6ed 100644 +index 0976a26..2a8426a 100644 --- a/doc/man7/provider-asym_cipher.pod +++ b/doc/man7/provider-asym_cipher.pod @@ -234,6 +234,15 @@ The TLS protocol version first requested by the client. @@ -225,50 +226,50 @@ index 0976a263a8..2a8426a6ed 100644 OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h -index 6bed5a8a67..5a350b537f 100644 +index 02bebc6..9586a6d 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -292,6 +292,7 @@ extern "C" { - #define OSSL_PKEY_PARAM_DIST_ID "distid" - #define OSSL_PKEY_PARAM_PUB_KEY "pub" - #define OSSL_PKEY_PARAM_PRIV_KEY "priv" -+#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" + #define OSSL_PKEY_PARAM_DIST_ID "distid" + #define OSSL_PKEY_PARAM_PUB_KEY "pub" + #define OSSL_PKEY_PARAM_PRIV_KEY "priv" ++#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" /* Diffie-Hellman/DSA Parameters */ - #define OSSL_PKEY_PARAM_FFC_P "p" + #define OSSL_PKEY_PARAM_FFC_P "p" @@ -467,6 +468,7 @@ extern "C" { - #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" - #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" - #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" -+#define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" + #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" + #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" + #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" ++#define OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION "implicit-rejection" /* * Encoder / decoder parameters diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h -index a55c9727c6..247f9014e3 100644 +index 36a780d..ceb05b2 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -183,6 +183,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); - # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + #define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) -+# define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) ++#define EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION (EVP_PKEY_ALG_CTRL + 14) + - # define RSA_PKCS1_PADDING 1 - # define RSA_NO_PADDING 3 - # define RSA_PKCS1_OAEP_PADDING 4 + #define RSA_PKCS1_PADDING 1 + #define RSA_NO_PADDING 3 + #define RSA_PKCS1_OAEP_PADDING 4 @@ -192,6 +194,9 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); - # define RSA_PKCS1_PSS_PADDING 6 - # define RSA_PKCS1_WITH_TLS_PADDING 7 + #define RSA_PKCS1_PSS_PADDING 6 + #define RSA_PKCS1_WITH_TLS_PADDING 7 +/* internal RSA_ only */ -+# define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 ++#define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 + - # define RSA_PKCS1_PADDING_SIZE 11 + #define RSA_PKCS1_PADDING_SIZE 11 - # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) + #define RSA_set_app_data(s, arg) RSA_set_ex_data(s, 0, arg) diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index c8921acd6e..11a91e62b1 100644 +index 799357f3..1e74150 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -75,6 +75,8 @@ typedef struct { @@ -288,7 +289,7 @@ index c8921acd6e..11a91e62b1 100644 switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { case RSA_FLAG_TYPE_RSA: -@@ -199,6 +202,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -203,6 +206,7 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -296,12 +297,12 @@ index c8921acd6e..11a91e62b1 100644 size_t len = RSA_size(prsactx->rsa); if (!ossl_prov_is_running()) -@@ -276,8 +280,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -280,8 +284,12 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, } OPENSSL_free(tbuf); } else { - ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, -- prsactx->pad_mode); +- prsactx->pad_mode); + if ((prsactx->implicit_rejection == 0) && + (prsactx->pad_mode == RSA_PKCS1_PADDING)) + pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; @@ -311,7 +312,7 @@ index c8921acd6e..11a91e62b1 100644 } *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); ret = constant_time_select_int(constant_time_msb(ret), 0, 1); -@@ -401,6 +409,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) +@@ -403,6 +411,10 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) return 0; @@ -322,8 +323,8 @@ index c8921acd6e..11a91e62b1 100644 return 1; } -@@ -412,6 +424,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { - NULL, 0), +@@ -414,6 +426,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + NULL, 0), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), + OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), @@ -353,6 +354,3 @@ index c8921acd6e..11a91e62b1 100644 OSSL_PARAM_END }; --- -2.34.1 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch index 0a1f63f30a0..324e41ed2fb 100644 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch @@ -1,7 +1,7 @@ -From ba78f7b0599ba5bfb5032dd2664465c5b13388e3 Mon Sep 17 00:00:00 2001 +From 156a6ca5791f9c642a77270a90d5dbd0a3a7a33d Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Tue, 22 Nov 2022 18:25:49 +0100 -Subject: [PATCH 3/3] smime/pkcs7: disable the Bleichenbacher workaround +Subject: [PATCH] smime/pkcs7: disable the Bleichenbacher workaround CVE: CVE-2023-50781 @@ -14,15 +14,16 @@ Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13817) Signed-off-by: Jiaying Song + --- crypto/pkcs7/pk7_doit.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c -index e9de097da1..6d3124da87 100644 +index a38e8a3..d751f5e 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c -@@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, +@@ -168,6 +168,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, if (EVP_PKEY_decrypt_init(pctx) <= 0) goto err; @@ -34,8 +35,5 @@ index e9de097da1..6d3124da87 100644 + EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0"); + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) - goto err; --- -2.34.1 - + ri->enc_key->data, ri->enc_key->length) + <= 0) diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.18.bb b/meta/recipes-connectivity/openssl/openssl_3.0.19.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.0.18.bb rename to meta/recipes-connectivity/openssl/openssl_3.0.19.bb index a8dd3383271..293b450cd05 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.18.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.19.bb @@ -25,7 +25,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b" +SRC_URI[sha256sum] = "fa5a4143b8aae18be53ef2f3caf29a2e0747430b8bc74d32d88335b94ab63072" inherit lib_package multilib_header multilib_script ptest perlnative MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" From patchwork Tue Feb 24 14:24:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81717 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A3A2F357A3 for ; Tue, 24 Feb 2026 14:25:11 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21272.1771943102543802912 for ; Tue, 24 Feb 2026 06:25:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=jRh32x7Y; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48375f10628so36298015e9.1 for ; Tue, 24 Feb 2026 06:25:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943101; x=1772547901; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EDnOobl23b82oGIE9jMVW6CWPSc/cnk2AVzEFkIKDYM=; b=jRh32x7YwEugrwLzllvs9idZALoRvnVTqL0VPjTpa5xlZGCimADv+Gn1D0qHpoo7Hv 7UpfDcDq79n77ZcWWnV7tMLDkU23H9OODXwqt5pWdwoilSZQUGyJ2uCLb14MAdq2w2RZ H5jE6BTflmIBbJmF3yRor0w8W5YnMJjb9jwCo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943101; x=1772547901; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=EDnOobl23b82oGIE9jMVW6CWPSc/cnk2AVzEFkIKDYM=; b=P9UtGbtq/vdB0wLoVYS30T6SveomXaHaEiX08OyNEKhiLUO06rKRCDw/q4ZuCPvr0W m3B9MnPjPDYqcVfkJ4W6B5qGSjBta7s6UEv70rvUVk6PXyfxkfWHoXfwioLu4itWOFrN r5Z0QNfMYr3j3EkahSTlDsQOqD19pJrKSwj+v59Dq6Gt8YvRCu8uzzBnNmBt2TLEHDPJ nk1jU/2TWsCBSgV3s+bkn52ZB75FlxU9gKKnZE6zhn3q05fsHuhPDLRyABSx7RAzWkFe WVYMUe1klOhbDm3s3KcZRGdI+SYQuA/9Qvhx8faBlOEsBF9TpYeYOTjWyLq7OSkQQLxv P0Dw== X-Gm-Message-State: AOJu0YzPr+cN6M7WdgjDfo+IwtLb6/IjtT+UxePnCWKXvpIfsYgnm80E uG4trE9vkxoKhMnG4/IAxP5ia9E/JtaJ+ZNNhVnp4xAH5WbbSCLo1hcDWNwe61488IxgP1c3rbb TSB7G X-Gm-Gg: AZuq6aLCMeHnAQa+Q3nUc55WwR8rRDamkdzC/tlLzmZEZy2BBaCYiWCCJWtS5UaDtCC dBhTFZFTu9em174Tr83T8Juz3G6Wr9lPn9iNfBMdh4uDCbU7ugbqI3VpbSidY219v1z4spsYGkW QGwB4pZqoJmgiri8Si406WS+St5M06s8zQ7cuOgv19z/ey9AeY4fTOG5dB/MwfD6RwPotULPUTb OTiFkccSLuY4/G8Qpix8Fxdj8quKwIf6x3PaTwkx9eKCcquwLTF395UKkqHZTexIaI6Cm4IWzm4 qM2/zMrbukhP25vQf6HlEFPN0iiVyspoA86amB9mYX/4Kw0ak1HKgKqTyWJp5GFAAq6RT/gsoIg jCSrz68SE04fraSh4ANkR1bjv0CUgbrONZ4QHWLMNXEpGqrHmN9dXJlUnCN3J424Nb0At/UNfwD kDGOyh+/nFvxA2G1oJII1elIicZGQpT3xhmTgBFZ3ARctPXGIqJTZ9y7SG/iqUY2vVOgTIGP6aa 2w3m0xp5w9RzUyQrLd6ewFQmjptBcrxjw== X-Received: by 2002:a05:600c:3b0a:b0:480:4ae2:def1 with SMTP id 5b1f17b1804b1-483a95be7c9mr245387585e9.13.1771943100585; Tue, 24 Feb 2026 06:25:00 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:00 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/38] inetutils: patch CVE-2026-24061 Date: Tue, 24 Feb 2026 15:24:02 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:11 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231775 From: Peter Marko Pick patches per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2026-24061 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../inetutils/CVE-2026-24061-01.patch | 38 +++++++++ .../inetutils/CVE-2026-24061-02.patch | 82 +++++++++++++++++++ .../inetutils/inetutils_2.2.bb | 2 + 3 files changed, 122 insertions(+) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch new file mode 100644 index 00000000000..0af666cb1a9 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch @@ -0,0 +1,38 @@ +From fd702c02497b2f398e739e3119bed0b23dd7aa7b Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 20 Jan 2026 01:10:36 -0800 +Subject: [PATCH] Fix injection bug with bogus user names + +Problem reported by Kyu Neushwaistein. +* telnetd/utility.c (_var_short_name): +Ignore user names that start with '-' or contain shell metacharacters. + +Signed-off-by: Simon Josefsson + +CVE: CVE-2026-24061 +Upstream-Status: Backport [https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b] +Signed-off-by: Peter Marko +--- + telnetd/utility.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index b486226e..c02cd0e6 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -1737,7 +1737,14 @@ _var_short_name (struct line_expander *exp) + return user_name ? xstrdup (user_name) : NULL; + + case 'U': +- return getenv ("USER") ? xstrdup (getenv ("USER")) : xstrdup (""); ++ { ++ /* Ignore user names starting with '-' or containing shell ++ metachars, as they can cause trouble. */ ++ char const *u = getenv ("USER"); ++ return xstrdup ((u && *u != '-' ++ && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) ++ ? u : ""); ++ } + + default: + exp->state = EXP_STATE_ERROR; diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch new file mode 100644 index 00000000000..5a012eb2958 --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch @@ -0,0 +1,82 @@ +From ccba9f748aa8d50a38d7748e2e60362edd6a32cc Mon Sep 17 00:00:00 2001 +From: Simon Josefsson +Date: Tue, 20 Jan 2026 14:02:39 +0100 +Subject: [PATCH] telnetd: Sanitize all variable expansions + +* telnetd/utility.c (sanitize): New function. +(_var_short_name): Use it for all variables. + +CVE: CVE-2026-24061 +Upstream-Status: Backport [https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc] +Signed-off-by: Peter Marko +--- + telnetd/utility.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index c02cd0e6..b21ad961 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -1688,6 +1688,17 @@ static void _expand_cond (struct line_expander *exp); + static void _skip_block (struct line_expander *exp); + static void _expand_block (struct line_expander *exp); + ++static char * ++sanitize (const char *u) ++{ ++ /* Ignore values starting with '-' or containing shell metachars, as ++ they can cause trouble. */ ++ if (u && *u != '-' && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) ++ return u; ++ else ++ return ""; ++} ++ + /* Expand a variable referenced by its short one-symbol name. + Input: exp->cp points to the variable name. + FIXME: not implemented */ +@@ -1714,13 +1725,13 @@ _var_short_name (struct line_expander *exp) + return xstrdup (timebuf); + + case 'h': +- return xstrdup (remote_hostname); ++ return xstrdup (sanitize (remote_hostname)); + + case 'l': +- return xstrdup (local_hostname); ++ return xstrdup (sanitize (local_hostname)); + + case 'L': +- return xstrdup (line); ++ return xstrdup (sanitize (line)); + + case 't': + q = strchr (line + 1, '/'); +@@ -1728,23 +1739,16 @@ _var_short_name (struct line_expander *exp) + q++; + else + q = line; +- return xstrdup (q); ++ return xstrdup (sanitize (q)); + + case 'T': +- return terminaltype ? xstrdup (terminaltype) : NULL; ++ return terminaltype ? xstrdup (sanitize (terminaltype)) : NULL; + + case 'u': +- return user_name ? xstrdup (user_name) : NULL; ++ return user_name ? xstrdup (sanitize (user_name)) : NULL; + + case 'U': +- { +- /* Ignore user names starting with '-' or containing shell +- metachars, as they can cause trouble. */ +- char const *u = getenv ("USER"); +- return xstrdup ((u && *u != '-' +- && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) +- ? u : ""); +- } ++ return xstrdup (sanitize (getenv ("USER"))); + + default: + exp->state = EXP_STATE_ERROR; diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb index 6f9173dbc11..9f4e1a82e1b 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb @@ -24,6 +24,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://CVE-2022-39028.patch \ file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \ file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \ + file://CVE-2026-24061-01.patch \ + file://CVE-2026-24061-02.patch \ " inherit autotools gettext update-alternatives texinfo From patchwork Tue Feb 24 14:24:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81712 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D60F5EEC2B5 for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21273.1771943103408992704 for ; Tue, 24 Feb 2026 06:25:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Lqll265T; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-482f454be5bso60196825e9.0 for ; Tue, 24 Feb 2026 06:25:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943101; x=1772547901; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jMQtRkSTZOWMnX+ZBWDCiU6Gvfi8nGLHuhNS87jjVL0=; b=Lqll265T3/02Q6uyvZJWkh4+v/i7hEojPCk7eEDy8bUEKnz26dsNIEx4RAeA+25/+e T5jU463vAESzZF4WgjDfn5XAWC/eIkEyKx4DP+eZN7rBCHk4rWrG2nxW6ctWaTAAB/Qv gBaEYDtkJX/hu52vfLmtT4G8znFLXb9sjJcr8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943101; x=1772547901; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jMQtRkSTZOWMnX+ZBWDCiU6Gvfi8nGLHuhNS87jjVL0=; b=LB42vbemRfRlTrnEw8FGDSBXk9HkT6mIyZ5eacvV4/fYfwi6oV36xweAj1m/6Na85O VtHRQ1kDVp8qbLqLTrm+9/1ZiDiNpcCEoTY4gGW46RPRbhsK/QBh4hZPgqDYmayHldeB xWYm/XyUDsgGbpJ5NSv+22rOvfwQj7lBRg3JiDzK88Ger7m07v35dQt1C1F8TqMlnWCT vkjpYxP0KeRXGIW0vBadyxIEjQPOgxKRYoNF75NL7jcGAzesyRDQCMC4yBtAEbqHswHF IWhlD8Udis1dwpNG07rq8v4ZIVCNGfrmiew8pFMXByP0vUe1e8m+sq4KbkRWpJcIVLXt hO5A== X-Gm-Message-State: AOJu0YzUmXxjB3pITh7wpBnejbyKHJC/i/EVFX+9ZAQ+qFFZi+MoNq0u v+sxEjPLM0kvbgD05xjRgSEKx74ncLFuDI7exhnvWVmmHp4FEUXgMtGBr2aMVZx+603T5HvMrrj qd66v X-Gm-Gg: AZuq6aLc8yDSqSuK/16TmM2zgSwQkmR5MkQW/v2lPYcM0OSUTlU4Br7CLRYEtttPn/I obIj3hkYY2Bz6mgSe4XZqBp2y3uKKv5nptDu1w5oAR4RBdsSBUlDenzohYxXrW7irJo6EeIkRgr 0ziXgEz+CDOA8mvmkiqgzgymGfsLLvH2u2qCFUd2rfhb1oBN0Iy+3o4/uH7QckbTszYDoCOEKS+ e7xvfQwZUpzvtHXbgO4+E5z8XPakJzLIUYDZDwFJwOpo9FJOO3UTK8SDajTjO1wD/BwK2A3dEgM r7zhv3FmkQ9/JeCEWtJwp/W8wBYSgBbMmYetIy+ArquxC6JR1ae+TdUF4lhbVsU3Prp1Rob7zOI adcEPz/aVgSjwkFlooQSu9JQ+wOl08dnbnwv+GWCGdtEjOk37yU5R20gEpAAv0Z/6X0biVkkWrS x3ydj09mTI8qNk/NSh1jNt/iA6f4+0jg01jdKbM99YIhm4IrVTklmC2GAXp5yN5c0o0Bo4T7sgO Si1qJnapwyQD3hT7gEou70OZDFp1OFK1h43Wpe0BpLB X-Received: by 2002:a05:600c:314a:b0:479:1348:c63e with SMTP id 5b1f17b1804b1-483bd7429acmr2505725e9.9.1771943101533; Tue, 24 Feb 2026 06:25:01 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:00 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/38] scripts/install-buildtools: Update to 4.0.32 Date: Tue, 24 Feb 2026 15:24:03 +0100 Message-ID: <80338fa36501670fe2c63086ed11f5ece6a851d1.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231777 From: Aleksandar Nikolic Update to the 4.0.32 release of the 4.0 series for buildtools Signed-off-by: Aleksandar Nikolic Signed-off-by: Yoann Congal --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 2c9f3f25c65..c105dfe4623 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-4.0.31' -DEFAULT_INSTALLER_VERSION = '4.0.31' +DEFAULT_RELEASE = 'yocto-4.0.32' +DEFAULT_INSTALLER_VERSION = '4.0.32' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check From patchwork Tue Feb 24 14:24:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81718 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6D2AEF5862 for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21465.1771943104731465016 for ; Tue, 24 Feb 2026 06:25:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=yr1bTlN2; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48371119eacso65977595e9.2 for ; Tue, 24 Feb 2026 06:25:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943103; x=1772547903; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vzMVeM3tshEgZ6mC/VlEdmP14by7YR/wr60zT8/oAKc=; b=yr1bTlN2L4PYWQbBKDGswNOJ7XxTfS7Jmpoht4XWp7HjJWlSyEbntwY441NXTmouLH A9+hLH1g5hheqZlZt/1DjFWkHVX1BfPXAjEpupkZmWeM1yJwTWMBCY1tuZUMjJIc9Bb8 aOeF4/qMtMRARYOxjuGt2Xp6Nfp7cirbt4ZrQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943103; x=1772547903; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vzMVeM3tshEgZ6mC/VlEdmP14by7YR/wr60zT8/oAKc=; b=N6WqK1Om8C+sJW4oHvZbByiYAW98Dazu09OpuwZpoI+7/JnHhikpx8MxDdlBlurlPr 1VSzA0ev90nXaGy9rrhs+FDeDxrHKY/5HhR27ii+o8QT0QSPwuoHTnJaVxLvCh1jZkWh kWP2aeEJsYbjNz+KM3KMlOVMjaN4hnrswCYVaNq9cS+8j+RSQpz7XBnfsMzzHwHqTk7Q l5NkEkoTyNVdaMeipES3yAzt8w7gfVb2R1v1GMm2YXwa/6CR0mNgaudPSQjmsg/B7RUr 5ZImdLNxBMJCoW0UMZfHvapszb6ghAYNoObAyIjNuSxTX8jJPmsdPKcWTowvXT2I2rCp bO4A== X-Gm-Message-State: AOJu0Yw8/8bnTTiqpil/PZHweSldRYPq74jTerAUSs6fOqHGGSLD1uK/ I56GG1zMWtOM9gwg4m6F1p1khDN0ELCOXfP2xQOzAOPGye6XyDTcHCdhUYepTSB4uRnFSXxnb0J Vws+O X-Gm-Gg: AZuq6aLJQW3QwEU3UJ/FTLDIxjRTIk+DGlnmf9wuAF7h6xBs4NiByzEDrKBado10tlr Q3Hag9v3ARxwlU8nV484umFL3YLeMWQP22VV+4xZoB1909J5gI66swxHkNSw293xiPjGkydvIKK CeVJ45Vl9jJPpF5DBB127IAaV8VGWdNm+z/NjaNpFF4qXlC1S6zf953iXgaYppUKE+Mqpp3kuLY yDsXkW0dAteJM93bTNezWkI/BigQRKZGQk807Us0y5b4T0aqsVTnYCmbgYwr9ZCgU6WZ1bXhi5V 4crOCJILZRtg0KwdL/HDKFluJu7qA9WKbtVv55sH7BRvvR1PdUPvikOtfR34zvFVfB+qif32S7V 9hMoNi0JxGXX1d64QflPY6Zrn3B3td6oFITvCGnN4/m9vwIFLk6uJ33kRGkIu6S/Us78F+Vj7N5 +muyqFdzht+/mpVCAtnjE6YsjPinxxCmFMFvowbqzoRi4TkU6EDE/im5gN5kuEzZWArqv5TmlOT tVf1E1j53rwmRkxM9rRxyoJk8ib7U0qTw== X-Received: by 2002:a05:600d:6450:10b0:477:af8d:203a with SMTP id 5b1f17b1804b1-483adc6d068mr120850315e9.27.1771943102498; Tue, 24 Feb 2026 06:25:02 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:01 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/38] linux-yocto/5.15: update to v5.15.195 Date: Tue, 24 Feb 2026 15:24:04 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231778 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: ac56c046adf41 Linux 5.15.195 636e7d6bdf205 selftests: mptcp: join: validate C-flag + def limit 4b9b376856a95 mptcp: pm: in-kernel: usable client side with C-flag 946771c2a2b11 mm/slab: make __free(kfree) accept error pointers 81d0664bed91a media: pci: ivtv: Add check for DMA map result 71285c029dcc4 xen/events: Update virq_to_irq on migration 9c1df18612fbb media: pci: ivtv: Add missing check after DMA map 66c8a83bf1de2 media: pci/ivtv: switch from 'pci_' to 'dma_' API 55a954a54ffc8 arm64: mte: Do not flag the zero page as PG_mte_tagged 26ea9b6a93a54 media: cx18: Add missing check after DMA map cb044864188cc media: switch from 'pci_' to 'dma_' API 9339cf38762ce writeback: Avoid excessively long inode switching times 6483eabc195dc writeback: Avoid softlockup when switching many inodes 9b902f370b93e cramfs: Verify inode mode when loading from disk 5c64e8be2a7ef fs: Add 'initramfs_options' to set initramfs mount options c3b654021931d pid: Add a judgment for ns null in pid_nr_ns 1d144b4cdde08 minixfs: Verify inode mode when loading from disk 3fb4c19233a0e minmax.h: remove some #defines that are only expanded once 092036da9b6d5 minmax.h: simplify the variants of clamp() 64394017d091a minmax.h: move all the clamp() definitions after the min/max() ones 4942fcc84a1ee minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() 5011c410f9670 minmax.h: reduce the #define expansion of min(), max() and clamp() b7ae5d8baa5ca minmax.h: update some comments 2524736951b23 minmax.h: add whitespace around operators and after commas 82b39b1090b0e minmax: fix up min3() and max3() too b1094b4b54b0f minmax: improve macro expansion and type checking 3854a23090858 minmax: simplify min()/max()/clamp() implementation 89f6bf22d039a minmax: don't use max() in situations that want a C constant expression e035ca130ff7f minmax: make generic MIN() and MAX() macros available everywhere 4b5dda7f8b02a minmax: simplify and clarify min_t()/max_t() implementation 3d1169785a9c1 minmax: add a few more MIN_T/MAX_T users e73a9333cdaee minmax: avoid overly complicated constant expressions in VM code 9ed1e4221cb67 minmax: fix indentation of __cmp_once() and __clamp_once() d16b73f6c5939 minmax: deduplicate __unconst_integer_typeof() e3774f3281ed1 minmax: Introduce {min,max}_array() 9c88de0e0c1e5 arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees d238fee82dd83 btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() f2bd5493ef501 fscontext: do not consume log entries when returning -EMSGSIZE f550466949e82 locking: Introduce __cleanup() based infrastructure a0e54bd8d7ea7 dm: fix NULL pointer dereference in __dm_suspend() 95dd33361061f tracing: Fix race condition in kprobe initialization causing NULL pointer dereference 41acc922c7811 ksmbd: fix error code overwriting in smb2_get_info_filesystem() 71a0ba7fdaf8d net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock 32097a08ab5de mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag 21d79eac5f953 mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type 715f4914fdd3e mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value 5d327391f9faf media: mc: Clear minor number before put device fbfc745db628d Squashfs: reject negative file sizes in squashfs_read_inode() 2ec88c3d9f8fe Squashfs: add additional inode sanity checking 49f3a867d948c ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() 44cee8ef325c0 ASoC: codecs: wcd934x: Simplify with dev_err_probe e0ce3ed1048a4 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O 6836714a08756 lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older a4e7273a45e85 ext4: free orphan info with kvfree 505e69f76ac49 ext4: guard against EA inode refcount underflow in xattr update b975b3607605f ext4: correctly handle queries for metadata mappings 32702f1ce389f ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() 95a21611b14ae ext4: verify orphan file size is not too big 550e0bccec100 nfsd: nfserr_jukebox in nlm_fopen should lead to a retry 8c5b1200596ce NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() 735457683e235 mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations fff24a9c116d2 x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) 46a986888a149 x86/umip: Check that the instruction opcode is at least two bytes eaa16de419692 spi: cadence-quadspi: Flush posted register writes before DAC access 5a6c760bc332f spi: cadence-quadspi: Flush posted register writes before INDAC access f104a67b28053 PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() 870457e7b7229 PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit 5533169bb2539 PCI/AER: Support errors introduced by PCIe r6.0 09adece72b8c8 PCI/AER: Fix missing uevent on recovery when a reset is requested 1f06b4864177b PCI/ERR: Fix uevent on failure to recover a645ca21de09e PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV 690f307a81954 PCI/sysfs: Ensure devices are powered for config reads b167bfa432e3c rseq/selftests: Use weak symbol reference, not definition, to link with glibc aaaa92ab55f13 rtc: interface: Fix long-standing race when setting alarm fa1bdbefe1f46 rtc: interface: Ensure alarm irq is enabled when UIE is enabled c19b29291f21c memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe e5caecea44a7a mmc: core: SPI mode remove cmd7 e614975f9b5df mtd: rawnand: fsmc: Default to autodetect buswidth 971009a25fb8b sparc: fix error handling in scan_one_device() 365282fc60155 sparc64: fix hugetlb for sun4u 1cd60e0d0fb8f sctp: Fix MAC comparison to be constant-time d906e61d4d81b scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() 9ee5eb3d09217 pwm: berlin: Fix wrong register in suspend/resume 40c86afc81b51 powerpc/pseries/msi: Fix potential underflow and leak issue 7bb05500a3ad3 powerpc/powernv/pci: Fix underflow and leak issue aa18f55365e93 nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk 6195d15fe4888 parisc: don't reference obsolete termio struct for TC* constants ef84ddf89dab4 openat2: don't trigger automounts with RESOLVE_NO_XDEV c2b88b66bc359 lib/genalloc: fix device leak in of_gen_pool_get() 4ce6902cc67d7 KEYS: trusted_tpm1: Compare HMAC values in constant time e94c99c026179 iommu/vt-d: PRS isn't usable if PDS isn't supported d202d1ac609bc iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume 3ed42a6686f4f init: handle bootloader identifier in kernel parameters 06d81ce319242 iio: frequency: adf4350: Fix prescaler usage. 0016356ebd6a3 iio: dac: ad5421: use int type to store negative error codes c71fd8dcb7ae6 iio: dac: ad5360: use int type to store negative error codes 8df273ef0f5ad fs/ntfs3: Fix a resource leak bug in wnd_extend() 459d819648fe6 crypto: atmel - Fix dma_unmap_sg() direction ad4e8f9bdbef1 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() 83b594504d64f copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) 816bb8b4e5c46 bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() d3a9a8e1275eb btrfs: avoid potential out-of-bounds in btrfs_encode_fh() 184b0aab791a5 drm/nouveau: fix bad ret code in nouveau_bo_move_prep a812fc67d8855 media: i2c: mt9v111: fix incorrect type for ret e57d98c02ec84 firmware: meson_sm: fix device leak at probe 0c2ac5a03a209 xen/manage: Fix suspend error path 6f8e37bff9119 xen/events: Cleanup find_virq() return codes 846f911295b2a ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init 267801317911b arm64: dts: qcom: msm8916: Add missing MDSS reset 3a0f197dd8e5f ACPI: debug: fix signedness issues in read/write helpers 85580cbac5d4b ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT e28616ca3d67e bpf: Avoid RCU context warning when unpinning htab with internal structs 28112b3d86b15 gpio: wcd934x: mark the GPIO controller as sleeping 512aa949666ef gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells 33e49de5dc09b tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single df58651968f82 crypto: essiv - Check ssize for decryption and in-place encryption 4331a0ba2d15c bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() fa391f17a819f drm/amd/display: Properly disable scaling on DCE6 cc857ceb2b3b4 drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 736153f3c4933 drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs 32ee65934d6b7 drm/amdgpu: Add additional DCE6 SCL registers 057764172fcc6 bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} b2986d63303d3 mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes e3602ddfcc2f9 mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call 325425b0d066f tools build: Align warning options with perf b1d073728ef60 net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe eb85ad5f23268 tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). dbceedc0213e7 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() 4c918f9d1cccc drm/vmwgfx: Fix Use-after-free in validation fb5df8006adde drm/vmwgfx: Copy DRM hash-table code into driver 4139b1e435e3f s390/cio: unregister the subchannel while purging 2dbf27f672c03 net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() 6ba7e73cafd15 scsi: mvsas: Fix use-after-free bugs in mvs_work_queue c1f8a7e6efe58 scsi: mvsas: Use sas_task_find_rq() for tagging 77798c6e94fd2 scsi: mvsas: Delete mvs_tag_init() 43c3e8ce2f5f0 scsi: libsas: Add sas_task_find_rq() 9ecd496233772 cpufreq: tegra186: Set target frequency for all cpus in policy bb78ef6dc7470 clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver 7d9eee92ed67a clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() b7e5c59f3b097 perf test: Don't leak workload gopipe in PERF_RECORD_* 24e296d087f7d perf session: Fix handling when buffer exceeds 2 GiB 3e97394445a0f rtc: x1205: Fix Xicor X1205 vendor prefix 8dac32c17b01c perf util: Fix compression checks returning -1 as bool 250cd976bbda0 clk: at91: peripheral: fix return value fcb3b7c30486d libperf event: Ensure tracing data is multiple of 8 sized 1450bbb0ccd7f perf evsel: Avoid container_of on a NULL leader 2977f02ee25a1 iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE 86e23d78ec177 clocksource/drivers/clps711x: Fix resource leaks in error paths ed43bf13a6ac8 fs: always return zero on success from replace_fd() 70322caf9f193 usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call 8a4dd74fe413d bus: fsl-mc: Check return value of platform_get_resource() d77ef2f621cd1 pinctrl: check the return value of pinmux_ops::get_function_name() e63aade22a33e Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak 9eed157e5e27f Input: atmel_mxt_ts - allow reset GPIO to sleep 972cbba5cd384 nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() 547e123e9d342 mm: hugetlb: avoid soft lockup when mprotect to large memory area 26b1bfbd84172 ext4: fix checks for orphan inodes 3901ae3c75a11 mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() 8fcc7315a10a8 net: nfc: nci: Add parameter validation for packet data 1d1847812a1a5 fs: udf: fix OOB read in lengthAllocDescs handling a44f61f878f32 uio_hv_generic: Let userspace take care of interrupt mask 61d38b5ce2782 Squashfs: fix uninit-value in squashfs_get_parent 21c58835634df Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" 5aa9b88560281 net: dlink: handle copy_thresh allocation failure 7973555560eb0 net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable 3fa52104e4797 nfp: fix RSS hash key size when RSS is not supported 0eddc0e5aebcc drivers/base/node: fix double free in register_one_node() 827c8efa0d1af ocfs2: fix double free in user_cluster_connect() d76b099011fa0 hwrng: ks-sa - fix division by zero in ks_sa_rng_init eb682b765533d Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO 54f8ef1a970a8 net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast 5c06bc0b44ed8 RDMA/siw: Always report immediate post SQ errors 8f67d2506f0ca usb: vhci-hcd: Prevent suspending virtually attached devices a89253eb4e648 scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() 1d79471414d7b ipvs: Defer ip_vs_ftp unregister during netns cleanup eb5da8e9db25a NFSv4.1: fix backchannel max_resp_sz verification check cef047e0a55cb coresight: trbe: Return NULL pointer for allocation failures 0e9ec3bab4622 remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice 58ce0b1bc2711 sparc: fix accurate exception reporting in copy_{from,to}_user for M7 b43c208c40179 sparc: fix accurate exception reporting in copy_to_user for Niagara 4 37547d8e6eba8 sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara 1857cdca12c4a sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III 59424dc0d0e04 sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC 4acb786042da4 wifi: ath10k: avoid unnecessary wait for service ready message c6d3da43b8540 Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram c15829a1fb0b0 IB/sa: Fix sa_local_svc_timeout_ms read race d77fb0bdce411 RDMA/core: Resolve MAC of next-hop device without ARP support 77edaeb4dde29 Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" 523d184a495be scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() ce75dfd1748e7 scsi: qla2xxx: edif: Fix incorrect sign of error code 54ded576045ef ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message 248776651cef4 wifi: mt76: fix potential memory leak in mt76_wmac_probe() 795c8dbc82827 RDMA/cm: Rate limit destroy CM ID timeout error message 1bdb3bc5bfd33 drivers/base/node: handle error properly in register_one_node() eeeaa4b5a5f52 watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog 6a9c2fcf6de54 netfilter: ipset: Remove unused htable_bits in macro ahash_region 581ba44117ed7 iio: consumers: Fix offset handling in iio_convert_raw_to_processed() f6b36cfd25cba fs: ntfs3: Fix integer overflow in run_unpack() 95e29db33b5f7 ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping dea9c8c9028c9 ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping fbd79072f1cab ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping 125527db41805 pps: fix warning in pps_register_cdev when register device fail f77e91b4283b5 misc: genwqe: Fix incorrect cmd field being reported in error c2024c8abd742 usb: gadget: configfs: Correctly set use_os_string at bind fe9fdc066c8cf usb: phy: twl6030: Fix incorrect type for ret 650368aacbc78 drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() 82448110ee625 tcp: fix __tcp_close() to only send RST when required 14ebe743b9647 PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation 94aa9bf2ddfcb wifi: mwifiex: send world regulatory domain to driver 8b3589d7a763a drm/amdgpu: Power up UVD 3 for FW validation (v2) e00d07d780b3d ALSA: lx_core: use int type to store negative error codes 39d0e7fd73efb media: rj54n1cb0c: Fix memleak in rj54n1_probe() 916c7891b59b9 scsi: myrs: Fix dma_alloc_coherent() error check eef5ef400893f scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod e0e0ce06f3571 usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup 2cd9c97ad5529 drm/radeon/r600_cs: clean up of dead code in r600_cs 666da97c49c2d i2c: designware: Add disabling clocks when probe fails 90fb83f7863b6 i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD 31660d4d93057 thermal/drivers/qcom/lmh: Add missing IRQ includes 32240232b2a3b thermal/drivers/qcom: Make LMH select QCOM_SCM ae7b1443f4746 tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers 0b515a2839980 smp: Fix up and expand the smp_call_function_many() kerneldoc 6d8b1a21fd5c3 bpf: Explicitly check accesses to bpf_sock_addr e822f368f758a selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported 7ac8f7a186451 i3c: master: svc: Recycle unused IBI slot 11269c08013f4 nvmet-fc: move lsop put work to nvmet_fc_ls_req_op ebf97395b0a0b pwm: tiehrpwm: Fix corner case in clock divisor calculation cc2b2a8c18a96 arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible 3c8ceb2d4dbdb firmware: firmware: meson-sm: fix compile-test default 5cfaadc902249 pinctrl: renesas: Use int type to store negative error codes 45052d922054c PM: sleep: core: Clear power.must_resume in noirq suspend error path 22863772e94fd block: use int to store blk_stack_limits() return value a04120b2d187b regulator: scmi: Use int type to store negative error codes 2927ef93169a0 ARM: at91: pm: fix MCKx restore routine 4b97e99b87a77 blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx 29db98243205b pinctrl: meson-gxl: add missing i2c_d pinmux 8b063076fa7e1 soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS 1955c776a6077 ACPI: processor: idle: Fix memory leak when register cpuidle device failed ce780f740cf44 cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() 3a502b0eefcfc libbpf: Fix reuse of DEVMAP c6552fac71990 regmap: Remove superfluous check for !config in __regmap_init() 64f14b1ab6f39 x86/vdso: Fix output operand size of RDPID 5d01f2b815682 perf: arm_spe: Prevent overflow in PERF_IDX2OFF() 90ea4c0484ebb coresight: trbe: Prevent overflow in PERF_IDX2OFF() 0ddd59d58b597 selftests: arm64: Check fread return value in exec_target cf038b6bb9ed5 filelock: add FL_RECLAIM to show_fl_flags() macro c1db864270eb7 net/9p: fix double req put in p9_fd_cancelled 3fe58fa612052 minmax: add in_range() macro bd903c25b652c crypto: rng - Ensure set_ent is always present 46263a0b687a0 platform/x86: int3472: Check for adev == NULL 823671bb8b05d driver core/PM: Set power.no_callbacks along with power.no_pm 53dab62cda6e7 staging: axis-fifo: flush RX FIFO on read errors 82e0bb28a060c staging: axis-fifo: fix maximum TX packet length check e18cfcb828ed2 serial: stm32: allow selecting console when the driver is module 48685b39f2fed hid: fix I2C read buffer overflow in raw_event() for mcp2221 c094712e40488 perf subcmd: avoid crash in exclude_cmds when excludes is empty 0eb762f420b25 dm-integrity: limit MAX_TAG_SIZE to 255 8ed134c2520d7 wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 6c7c5b465a7b8 USB: serial: option: add SIMCom 8230C compositions 663faf1179db9 media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe 3f876cd47ed8b media: tuner: xc5000: Fix use-after-free in xc5000_release 3fdeb807b93d0 media: tunner: xc5000: Refactor firmware load c3ad8c30b6b10 udp: Fix memory accounting leak. 20fc1431bcdf4 KVM: arm64: Fix softirq masking in FPSIMD register saving sequence 71c52b073922d media: rc: fix races with imon_disconnect() 120e221b4bbe9 media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove ddc79fba132b8 scsi: target: target_core_configfs: Add length check to avoid buffer overflow 9407809b44dc6 iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index a79d3b1511d..7d55e175146 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "259f7f9d0bd0df2c3e497395568a655c5745b5ac" -SRCREV_meta ?= "578937826ffad97749eba3a5d1b21b37b5cd7bdc" +SRCREV_machine ?= "f54e8af7284d39e9129452ac12c6a78511333335" +SRCREV_meta ?= "1bfe6bf1a07dbce00c9a7b4ab051014a26a799a8" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.194" +LINUX_VERSION ?= "5.15.195" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index e2e56ec010f..896b512dac1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.194" +LINUX_VERSION ?= "5.15.195" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "57960f78280a75ea48270a3984ac01bd06078b88" -SRCREV_meta ?= "578937826ffad97749eba3a5d1b21b37b5cd7bdc" +SRCREV_machine ?= "9ce0ec0c426ae703dbce0bbc4d56b919bea21e10" +SRCREV_meta ?= "1bfe6bf1a07dbce00c9a7b4ab051014a26a799a8" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index bbdf94746d3..b2adfd3544d 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "7b19f872b07703f73c494baa81cd7e984db01336" -SRCREV_machine:qemuarm64 ?= "431a37a229ce5be7b6ba116dc7bd282be4a745fa" -SRCREV_machine:qemumips ?= "9404d4015b457e7324d5675d3e14f46d84cd8c40" -SRCREV_machine:qemuppc ?= "bfd132d4b358cdb5260fccc71eb1e5a09daae033" -SRCREV_machine:qemuriscv64 ?= "5df8e23ccadd62ab9945320b6b4327b082870c61" -SRCREV_machine:qemuriscv32 ?= "5df8e23ccadd62ab9945320b6b4327b082870c61" -SRCREV_machine:qemux86 ?= "5df8e23ccadd62ab9945320b6b4327b082870c61" -SRCREV_machine:qemux86-64 ?= "5df8e23ccadd62ab9945320b6b4327b082870c61" -SRCREV_machine:qemumips64 ?= "ed52c5eccf0cc2b0da2dd7d13d012c50db78a62a" -SRCREV_machine ?= "5df8e23ccadd62ab9945320b6b4327b082870c61" -SRCREV_meta ?= "578937826ffad97749eba3a5d1b21b37b5cd7bdc" +SRCREV_machine:qemuarm ?= "5200e910cb4a700023e548693aacdd166b008f8b" +SRCREV_machine:qemuarm64 ?= "2a69501b11075d6c4e6cab2e05fc04f61a8991cd" +SRCREV_machine:qemumips ?= "6e318293304f232aa650d41bbc6ae7ad40c03fa5" +SRCREV_machine:qemuppc ?= "c861e5a8012080cc03be9725dd996e0d68f4e93b" +SRCREV_machine:qemuriscv64 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" +SRCREV_machine:qemuriscv32 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" +SRCREV_machine:qemux86 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" +SRCREV_machine:qemux86-64 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" +SRCREV_machine:qemumips64 ?= "d3a7bcb9d74f245de665994e3c9d8a35e42351de" +SRCREV_machine ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" +SRCREV_meta ?= "1bfe6bf1a07dbce00c9a7b4ab051014a26a799a8" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "29e53a5b1c4f144301ee36a907e8b03d7733f0b0" +SRCREV_machine:class-devupstream ?= "ac56c046adf41fdb64ddda46fd66090f21dc381a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.194" +LINUX_VERSION ?= "5.15.195" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Feb 24 14:24:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81714 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6E90E9B27F for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21466.1771943105334406826 for ; Tue, 24 Feb 2026 06:25:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ZymFSuoa; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-48371119eacso65977715e9.2 for ; Tue, 24 Feb 2026 06:25:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943103; x=1772547903; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KUOFDAR74OyXXhiQKlg6pVRpmDGda3NemRrwL9VL2Ww=; b=ZymFSuoaz0RXQLz5pimF0bflf98oo3rN+C/7WflU6sdrcOc1KQuRKfdlyTWE23NWYs BhKCNwH8zJWbcbBjRVXabLkimMTbXq28Y5xm90XwmejaZPpUEUmmexPP/nnHd2Ssj0ak 2rtvfe7p+l+i5jkFzwle3a9+xFA34uLdGq/Bg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943103; x=1772547903; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KUOFDAR74OyXXhiQKlg6pVRpmDGda3NemRrwL9VL2Ww=; b=NB7OJe9wPFkG6ORCb/IHdu82G0SqfbFfWcoJDc5b5N0pkc00hdCO5AumQv8lMOZf64 NJ6o0IShcvj+e48aP7M9CXXAGDv99rJYqRKmKWGP2rJdFXBpFio4Ji8ntCYBMnn/gYRc mwYZcz8uXt6lJIAh31WD1W6V+2kCmdlWiZ3STsL5DIn5qsdZbWyriaFcEY2fCdoexRt/ Rn69oEAZne1YXzTBInKtFsBx5slGgptPxIVCLIUi3f13R1MXS7Hn4LhPN2Oy0IaJYVLF 4qriH0HM6pg9mWVIztMOEV198j+ELLMmJvQHwGX+mGWVkDiKb62QzSQ+7u1phl3HR6Vf OrXg== X-Gm-Message-State: AOJu0YzNd5sLogfzI2pKud4ZlMaccUrRi/7saR+jRfRWVomKc5Yea6Ex 2ecxdC1tyx74SAIYm4FG17grwNBEi+Rmu75YXfi0jWo+lUidC0DU2dC3ZqfoIeDTO7FLOS0P2Mg I056R X-Gm-Gg: AZuq6aKkm7A3guoUw7bcwT9N4Uvc5Uwtj38zfhALbx7n1CNpxJ6Xlyt2H7ca4E5jiOC f6lZE5HmjrIFgUeg2fIdvJ+BDRJPoJuqN2C1Yf3iePC9NEA1uOdXWWpv4FDmbay/pYn5MtMjvZm L6AviJQJMztb0a6moDaN9ofvshJ4c2d3CAng7BCZTvJ/1cvPXnlV75bqE3fBiTOKAzSk2SvRo2Q xGf3SOtD/DqEBH3uqtLnQUAF8W/YBuVfAoOXqFkD9Z1xslaJEBiZa0Xr3jw+1cP6acZRfjQQp/L zMv0U7BIKb+2N58Kp3kdi4WjT3DAhW93e5t3KvySF0cEj9cCyHLg4q5RL6o18IvG9ltmfOPh/nM GTrkw2dyUK6B3Ve1GmGJkcBf0ToM6YOPqwcC9fqqaglGCBMv63T8Ma34l4/lNJEguA6Bj19kCuR D9rWUqVh9vlbj1W3Kh22+M8Vfmg0SSQC7sDkOBFBNKqeI6FsGu0PU+INjpT/wdQSuawnv/8rRIi sRnIKgnGmG3T+8xF0so18+NfjC/LE2Yrw== X-Received: by 2002:a05:600c:1d29:b0:477:5b0a:e616 with SMTP id 5b1f17b1804b1-483a95eb521mr227378665e9.5.1771943103191; Tue, 24 Feb 2026 06:25:03 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:02 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/38] linux-yocto/5.15: update to v5.15.196 Date: Tue, 24 Feb 2026 15:24:05 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231779 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: cc5ec87693063 Linux 5.15.196 59c78e8fddc1f PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() 83a563fab563f net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg c5d116862dd3e usb: gadget: f_acm: Refactor bind path to use __free() 185193a4714aa usb: gadget: f_ncm: Refactor bind path to use __free() d44e82f46cd0e usb: gadget: Introduce free_usb_request helper 97fc7aa654e30 usb: gadget: Store endpoint pointer in usb_request 02fbea0864fd4 arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() 9b82da54a0305 xfs: always warn about deprecated mount options b57a3760d12bd devcoredump: Fix circular locking dependency with devcd->mutex. 11300f645870a PCI: tegra194: Reset BARs when running in PCIe endpoint mode 61d6249ea441b PCI: rcar-host: Drop PMSR spinlock 9e14fb714ebf5 PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() 97ab6a90c72d9 PCI: tegra194: Handle errors in BPMP response 13981b0555ab4 f2fs: fix wrong block mapping for multi-devices ba88a53d7f5df NFSD: Define a proc_layoutcommit for the FlexFiles layout type 8004d4b8cbf1b vfs: Don't leak disconnected dentries on umount 0157c469edac2 drm/amdgpu: use atomic functions with memory barriers for vm fault info c6fa15fa94016 PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock 0e143e87264db wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again ddcfc52965c19 PCI: j721e: Fix programming sequence of "strap" settings 2ddb51e228192 PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists cfd1aa3e2b71f fuse: fix livelock in synchronous file put from fuseblk workers a39f70d63f437 fuse: allocate ff->release_args only if release is needed 6012804a77860 padata: Reset next CPU when reorder sequence wraps around 38d702a06487c iio: imu: inv_icm42600: Simplify pm_runtime setup be16df3c3c5dd PM: runtime: Add new devm functions 0f9f51390c866 iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended f35ab1ba853ab iio: imu: inv_icm42600: use = { } instead of memset() 8e69c8f3ae1c5 NFSD: Fix last write offset handling in layoutcommit 0570c78e6c707 NFSD: Minor cleanup in layoutcommit processing 68d615f4b00ab NFSD: Rework encoding and decoding of nfsd4_deviceid 2dc2bc27578c3 xfs: fix log CRC mismatches between i386 and other architectures 71f9402044636 xfs: rename the old_crc variable in xlog_recover_process 6e7f06895db6e s390/cio: Update purge function to unregister the unused subchannels dc9f91f849860 arm64: errata: Apply workarounds for Neoverse-V3AE a6ef05314d5a8 arm64: cputype: Add Neoverse-V3AE definitions 1bff561ebe700 serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 ad2be44882716 most: usb: hdm_probe: Fix calling put_device() before device initialization 578eb18cd111a most: usb: Fix use-after-free in hdm_disconnect cee4ab233f895 mei: me: add wildcat lake P DID 2670932f24657 comedi: fix divide-by-zero in comedi_buf_munge() 97a71d277e759 binder: remove "invalid inc weak" check 55c7290b1a2af xhci: dbc: enable back DbC in resume if it was enabled before suspend 6d0edbdb0bf72 usb: raw-gadget: do not limit transfer length f9bfb3fc7ffa3 usb/core/quirks: Add Huawei ME906S to wakeup quirk 1a5afa2b586ee USB: serial: option: add Telit FN920C04 ECM compositions 443bc87ec125a USB: serial: option: add Quectel RG255C 57bb21f4e7b1d USB: serial: option: add UNISOC UIS7720 2c651b835b9f6 net: ravb: Ensure memory write completes before ringing TX doorbell a63ab2c3c48a2 net: usb: rtl8150: Fix frame padding 09bba278ccde2 vsock: fix lock inversion in vsock_assign_transport() 93b1ab422f196 ocfs2: clear extent cache after moving/defragmenting extents f2ef52fbdc5f0 MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering 5666bcc3c00f7 Revert "cpuidle: menu: Avoid discarding useful information" f49962e51a428 net: bonding: fix possible peer notify event loss or dup issue 03e80a4b04ef1 sctp: avoid NULL dereference when chunk data buffer is missing 8a2375b0e9b89 arm64, mm: avoid always making PTE dirty in pte_mkwrite() c42dbdcde7220 dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path 00daafde87d2e net: enetc: correct the value of ENETC_RXB_TRUESIZE e7a8c57671a1f rtnetlink: Allow deleting FDB entries in user namespace bde6afe89ac15 net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del 7cd416cc0220c net: add ndo_fdb_del_bulk 31017cda9928e net: rtnetlink: add bulk delete support flag a36130f7921c9 net: netlink: add NLM_F_BULK delete request modifier 40ffa6a8c1907 net: rtnetlink: use BIT for flag values fc69b00561e49 net: rtnetlink: add helper to extract msg type's kind a6c202c341624 m68k: bitops: Fix find_*_bit() signatures 1701af4d10b4f hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() 2a112cdd66f5a hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() 450ac1c490f8d dlm: check for defined force value in dlm_lockspace_release 9df3c241fbf69 hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() 418e48cab99c5 hfs: validate record offset in hfsplus_bmap_alloc c135b8dca6552 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() 725522af093ff hfs: make proper initalization of struct hfs_find_data b92904866b9f3 hfs: clear offset and space out of valid records in b-tree node 25f09699edd36 nios2: ensure that memblock.current_limit is set when setting pfn limits 45ec13d6ce557 exec: Fix incorrect type for ret 3324e5e3ac97a Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" ae9ad3b673252 PCI/sysfs: Ensure devices are powered for config reads (part 2) 7ab44236b32ed hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() 736159f7b296d ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card 3c77e994e4ecd ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings fdccb3adc59d7 sched/fair: Fix pelt lost idle time detection 15fda76f7a57a sched/balancing: Rename newidle_balance() => sched_balance_newidle() 343e991e2596a drm/amd/powerplay: Fix CIK shutdown temperature d38aec7cd3502 riscv: kprobes: Fix probe address validation 6a90c8381c333 net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset 50b2fb48a4733 net: usb: lan78xx: Add error handling to lan78xx_init_mac_address a6b33d9edf260 net: usb: use eth_hw_addr_set() instead of ether_addr_copy() bab04baafc1c5 tls: don't rely on tx_work during send() 09b1c01df5d46 tls: always set record_type in tls_process_cmsg 669d389ed231b tls: wait for async encrypt in case of error during latter iterations of sendmsg 2cb75c87428e0 net: tls: wait for async completion on last message 4de9057aebb15 splice, net: Add a splice_eof op to file-ops and socket-ops 01abf7b445062 tg3: prevent use of uninitialized remote_adv and local_adv variables c43fe40e67d69 tcp: fix tcp_tso_should_defer() vs large RTT 14c9047ad5165 amd-xgbe: Avoid spurious link down messages during interface toggle 402b6985e872b net/ip6_tunnel: Prevent perpetual tunnel growth 1095322a7e014 r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H 5b9c949c66846 doc: fix seg6_flowlabel path 06477bbe26e04 net: dlink: handle dma_map_single() failure properly 97760193e892b can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() aca91cae0c917 dax: skip read lock assertion for read-only filesystems 77711d850bed7 HID: multitouch: fix sticky fingers a510364e8cac0 cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay 9699fd9e13df2 crypto: rockchip - Fix dma_unmap_sg() nents value df808a1f1550b drm/exynos: exynos7_drm_decon: remove ctx->suspended d6a3c53eebd1f drm/exynos: exynos7_drm_decon: properly clear channels during bind 0e212fdcea59c drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions 4b354a29166a3 blk-crypto: fix missing blktrace bio split events 5918d914a3a67 media: lirc: Fix error handling in lirc_register() ddb9a92a999b6 media: rc: Directly use ida_free() 723e7084497ef media: s5p-mfc: remove an unused/uninitialized variable 78f6eaf14fe3d btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running 2e9e10657b041 ext4: detect invalid INLINE_DATA + EXTENTS flag combination 14476553253b2 jbd2: ensure that all ongoing I/O complete before freeing blocks 34033f75d0ccb r8152: add error handling in rtl8152_driver_init Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 7d55e175146..a315593e7cc 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "f54e8af7284d39e9129452ac12c6a78511333335" -SRCREV_meta ?= "1bfe6bf1a07dbce00c9a7b4ab051014a26a799a8" +SRCREV_machine ?= "ec706ff09f989e8c03cdc0e1ec5cafd7cf3ee8a2" +SRCREV_meta ?= "0279325ca207a9cdfa8a956632154831453a85c1" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.195" +LINUX_VERSION ?= "5.15.196" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 896b512dac1..66da58322ed 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.195" +LINUX_VERSION ?= "5.15.196" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "9ce0ec0c426ae703dbce0bbc4d56b919bea21e10" -SRCREV_meta ?= "1bfe6bf1a07dbce00c9a7b4ab051014a26a799a8" +SRCREV_machine ?= "6aa88785aa94fe7253e4dcda162c35c8eaa9f500" +SRCREV_meta ?= "0279325ca207a9cdfa8a956632154831453a85c1" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index b2adfd3544d..5b6213a9d7d 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "5200e910cb4a700023e548693aacdd166b008f8b" -SRCREV_machine:qemuarm64 ?= "2a69501b11075d6c4e6cab2e05fc04f61a8991cd" -SRCREV_machine:qemumips ?= "6e318293304f232aa650d41bbc6ae7ad40c03fa5" -SRCREV_machine:qemuppc ?= "c861e5a8012080cc03be9725dd996e0d68f4e93b" -SRCREV_machine:qemuriscv64 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" -SRCREV_machine:qemuriscv32 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" -SRCREV_machine:qemux86 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" -SRCREV_machine:qemux86-64 ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" -SRCREV_machine:qemumips64 ?= "d3a7bcb9d74f245de665994e3c9d8a35e42351de" -SRCREV_machine ?= "8f21ac8bce967e4ae9afbe4c66f8fbc11982c59e" -SRCREV_meta ?= "1bfe6bf1a07dbce00c9a7b4ab051014a26a799a8" +SRCREV_machine:qemuarm ?= "6938c8f38582bac21da19fde0f2b27beb6b15ba8" +SRCREV_machine:qemuarm64 ?= "5650eb3e0a12ce52f0c2b9d5469ec169ab8239e7" +SRCREV_machine:qemumips ?= "1b8f74e960fcd90cf09ff65426d88fe5ec4affae" +SRCREV_machine:qemuppc ?= "29d4d06006e7def2e86d3c8c99d0a8550cae5a84" +SRCREV_machine:qemuriscv64 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" +SRCREV_machine:qemuriscv32 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" +SRCREV_machine:qemux86 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" +SRCREV_machine:qemux86-64 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" +SRCREV_machine:qemumips64 ?= "20aaafeb01a044c6e1f2480e119e575461e3fa23" +SRCREV_machine ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" +SRCREV_meta ?= "0279325ca207a9cdfa8a956632154831453a85c1" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "ac56c046adf41fdb64ddda46fd66090f21dc381a" +SRCREV_machine:class-devupstream ?= "cc5ec87693063acebb60f587e8a019ba9b94ae0e" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.195" +LINUX_VERSION ?= "5.15.196" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Feb 24 14:24:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81713 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C786DE9B27C for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21467.1771943107239310996 for ; Tue, 24 Feb 2026 06:25:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=yB0GHx5k; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-483a233819aso54379835e9.3 for ; Tue, 24 Feb 2026 06:25:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943105; x=1772547905; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ak+A1/ROy/KYPFo2qSHr7Q/RzxSni6vuUvH9N/kMMjs=; b=yB0GHx5kBBHhAVrXedAVthgTmJmjlKwC57maMfa28E8eWisE+dyJeGts0q5IsNl++b 33LfSUi72tJNSlc4YxL4dImd6/A10IJwaV5f3Q1CiMvzd/8G6KdQDw3hbKdFyDGaJuE3 P/wRZxVCSZyxnCAJlnOV6msVL/CjytuNuR/NI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943105; x=1772547905; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Ak+A1/ROy/KYPFo2qSHr7Q/RzxSni6vuUvH9N/kMMjs=; b=gG4XfJCCGP7wnZcm2r9MwNbNyFTr6+kal+DcNh3oyCWJPwY1WXMMLXffWXmehExz9O cMOWWvMQL7k2V/Y2IsxAFxNiNlW3sNYNw09twmwN1Mc1UVWG0aHh3KHkSf/fg7NlgSXO +YMyiIMbriqkKYUWzofMsCkmeLzBnl6MYMo3YNIW9xTYasDFr6vMX/raOnKbDEmVwmTl NSPAO5b2xkvnXcp2bMCbXE1rKaGhPtFFn1Db2mtrKoSsp/fHOJZDe0LWvm2UW59FG0/A OVLcyYBZYRfpv9zIcO/yYjh7oDznjdWcyDboPW04CrDSz9RgVKzsY4Sil5gksoLO+VWs OVyg== X-Gm-Message-State: AOJu0YwppZsWjmgGnGi5jjhYEtO6p7TqDDGEAiZFaPSvG9SNxM8VpIvE oUuYKzyl232MUJGpHFzFx2C5QYs3GdOOKEGGKeHoV6q5lTfrFgzJjauwWHR3NPg5QbIC0joB/+k MEONn X-Gm-Gg: AZuq6aLCmBZykHRPjxI7EZB4+6+I3+65XyBVNHBCjL45ym6h/6P+qBEg27tUWmp0trD L4D3WFx4AHA4Z8mPmIzNaZ9lOK1Oy0NDrP8VfZGimUQP429T6LSLwazZB9oKXofzCQZMoM7W6as /hKPKWw59r8tTFnJh6Rao3FBprbKSFu1wb82DI9iJMmneNpN6bBKZmVL9ucZStkJF/8yQ8j0v35 dxQCuA/07bKDWSIQy085xAeZsmG2FltTziZd7/t4mhKsNCDAiAOuEjRf2VNJLgI2nnwp4PNSIql sSseEcgsYO/CGzr3Q6h1UmCkOaKLZQA4TQeJBfe80fJd+yf/kvtU7MCD+rie1PFzdmIG9ez93qz 6+nhZJyLTvg/CEIkF2ZXHQPRJGIp4i12lMBzXAZ43AqdvMqKaSQD4sqbfkCgAJ5JcfOPT7ZayHS lpwjlt2r1bPXkjRbRKbM+w0GjIknI2BeRnZBkCaEaYtwJs/yEFZL3V/bpQ9JL6PvNDaaVvMUpbR cmSxY9HWvRkJDTSsJwHzZ7O6m8H/CUh3g== X-Received: by 2002:a05:600c:1e1d:b0:480:f27c:6335 with SMTP id 5b1f17b1804b1-483a9637a55mr222793135e9.25.1771943104459; Tue, 24 Feb 2026 06:25:04 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:03 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/38] linux-yocto/5.15: update to v5.15.197 Date: Tue, 24 Feb 2026 15:24:06 +0100 Message-ID: <13be25a6029bcf93682703fbd1b41f48e58f2c9a.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231780 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: 68efe5a6c16a Linux 5.15.197 3b7841a78357 libbpf: Fix invalid return address register in s390 46d78c07ce40 libbpf, riscv: Use a0 for RC register 9e11d30ab096 libbpf: Fix riscv register names aadc10434cd1 selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in loop3 a5d954802bda scsi: pm80xx: Set phy->enable_completion only when we f7b814a132c5 Bluetooth: Add more enc key size check 4df96f1f47a4 usb: typec: ucsi: psy: Set max current to zero when disconnected cd5e86e34c66 usb: renesas_usbhs: Fix synchronous external abort on unbind bd6a1b29fa31 usb: renesas_usbhs: Convert to platform remove callback returning void d146e96fef87 smb: client: fix memory leak in cifs_construct_tcon() 7ee8f015eb47 mptcp: Fix proto fallback detection with BPF dad1e44ed940 mptcp: avoid unneeded subflow-level drops 5bd1d0ca17f0 selftests: mptcp: join: rm: set backup flag 85cc2f990287 staging: rtl8712: Remove driver using deprecated API wext f22c55a20a2d libceph: prevent potential out-of-bounds writes in handle_auth_session_key() 05ec43e9a9de libceph: fix potential use-after-free in have_mon_and_osd_map() 09092269cb76 drm/amd/display: Check NULL before accessing c9a315a56da2 drm: sti: fix device leaks at component probe 6176101b519f USB: serial: option: add support for Rolling RW101R-GL 6738408111c2 USB: serial: ftdi_sio: add support for u-blox EVK-M101 593d93b871dc xhci: dbgtty: Fix data corruption when transmitting data form DbC to host 67192e8cb7f9 usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths 66ac05e7b0d6 usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer 26e9b5da3231 usb: storage: sddr55: Reject out-of-bound new_pba 4aa7426f5326 USB: storage: Remove subclass and protocol overrides from Novatek quirk 4ba515dfff7e usb: storage: Fix memory leak in USB bulk transport 5a1628283cd9 usb: gadget: f_eem: Fix memory leak in eem_unwrap 7fb4b54bbf07 usb: cdns3: Fix double resource release in cdns3_pci_probe a4c4118c2af2 most: usb: fix double free on late probe failure 1f9ba65b019f serial: amba-pl011: prefer dma_mapping_error() over explicit address checking 354fb03002da firmware: stratix10-svc: fix bug in saving controller data 113f10c86d7d slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves db0835dfac45 thunderbolt: Add support for Intel Wildcat Lake 5a0dcabc8a14 drivers/usb/dwc3: fix PCI parent check ed69c3db499c dm-verity: fix unreliable memory allocation 6fdcd310f92a can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling e36369dfa2e7 can: sja1000: fix max irq loop handling bd1415efbab5 atm/fore200e: Fix possible data race in fore200e_open() 19f3ace94943 MIPS: mm: Prevent a TLB shutdown on initial uniquification aad9d048a321 iio: accel: bmc150: Fix irq assumption regression 17a38b85226c iio:common:ssp_sensors: Fix an error handling path ssp_probe() 57f759d399e7 iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields 5b9790d2009e Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" 891775b1b4ed spi: bcm63xx: fix premature CS deassertion on RX-only transactions f231314b64c5 mailbox: mailbox-test: Fix debugfs_create_dir error checking b0c4d5135b04 net: atlantic: fix fragment overflow handling in RX path 05c51c116e0b net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic 0bd2b12b3ca9 net: dsa: sja1105: simplify static configuration reload 1989e6ecee91 net: dsa: sja1105: Convert to mdiobus_c45_read 18ef3ad1bb57 net: sxgbe: fix potential NULL dereference in sxgbe_rx() 3c11ac20b5fd net/mlx5e: Fix validation logic in rate limiting 58a8e250d5b6 net: aquantia: Add missing descriptor cache invalidation on ATL2 15d560cdf5b3 platform/x86: intel: punit_ipc: fix memory corruption 4475bac8224c Bluetooth: SMP: Fix not generating mackey and ltk when repairing 69c7825df64e can: kvaser_usb: leaf: Fix potential infinite loop in command parsers 0e2d3a8d9fff Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" 91db2663893a Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" 0b6a100efd9b mptcp: do not fallback when OoO is present e2d1ad207174 mptcp: fix a race in mptcp_pm_del_add_timer() 2cc425276ccb mptcp: fix premature close in case of fallback 4c3d91386d18 mptcp: fix ack generation for fallback msk fab9232b3f27 dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups 444c875c347c ata: libata-scsi: Fix system suspend for a security locked drive 015b71996269 Input: pegasus-notetaker - fix potential out-of-bounds access 7bf70ce0a08e Input: remove third argument of usb_maxpacket() 78acf73dfc30 usb: deprecate the third argument of usb_maxpacket() c22cedbc18dd mptcp: Disallow MPTCP subflows from sockmap 4a4f32f3185a selftests: mptcp: connect: fix fallback note due to OoO f3737fc3b8d9 pmdomain: samsung: plug potential memleak during probe 582f48d22eb5 pmdomain: arm: scmi: Fix genpd leak on provider registration failure 1d3f3d4c1faf pmdomain: imx: Fix reference count leak in imx_gpc_remove 890472d6fbf0 net: netpoll: fix incorrect refcount handling causing incorrect cleanup e9af27d1880a mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 e24a45da635b net: qede: Initialize qede_ll_ops with designated initializer c993fd02ba47 btrfs: fix crash on racing fsync and size-extending write into prealloc bff4d06c38a7 btrfs: add helper to truncate inode items when logging inode 707d49dd441a Makefile.compiler: replace cc-ifversion with compiler-specific macros 4c019e93f0e5 uio_hv_generic: Set event for all channels on the device 80fe72069168 tracing/tools: Fix incorrcet short option in usage text for --threads 3afeb909c3e2 net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error 75ccdb4afe41 ALSA: usb-audio: fix uac2 clock source at terminal parser bb1c19636aed mm/secretmem: fix use-after-free race in fault handler 2ef178413183 mm/mm_init: fix hash table order logging in alloc_large_system_hash() dcf80cb1bf88 kconfig/nconf: Initialize the default locale at startup 87297ab1e783 kconfig/mconf: Initialize the default locale at startup 699c6cc0f18e net: tls: Cancel RX async resync request on rcd_delta overflow fbbcd769c800 selftests: net: use BASH for bareudp testing 804b5b8e3545 scsi: core: Fix a regression triggered by scsi_host_busy() 674329151458 vsock: Ignore signal/timeout on connect() if already established ecbb12caf399 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() 597bbbe023d9 kernel.h: Move ARRAY_SIZE() to a separate header ca4452aa69ab platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos 7616e2eee679 s390/ctcm: Fix double-kfree f95bef5ba0b8 net: openvswitch: remove never-working support for setting nsh fields 20d7e6bce8e2 net: dsa: hellcreek: fix missing error handling in LED registration ba8d3df04c00 mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() 5fb232c76334 drm/tegra: dc: Fix reference leak in tegra_dc_couple() 99908e2d6012 mptcp: fix race condition in mptcp_schedule_work() 7536472a4575 MIPS: Malta: Fix !EVA SOC-it PCI MMIO f449a1edd7a1 scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() 109afbd88ecc scsi: sg: Do not sleep in atomic context 60ba31330faf nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() 4ce5218b1012 Input: imx_sc_key - fix memory corruption on unload 729d21c82c1b Input: cros_ec_keyb - fix an invalid memory access 630360c6724e be2net: pass wrb_params in case of OS2BMC f2e52a9d10d8 exfat: check return value of sb_min_blocksize in exfat_read_boot_sector 9c58c64ec412 mtd: rawnand: cadence: fix DMA device NULL pointer dereference de9dc8cbeea0 HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 652b24f07bae net/sched: act_connmark: handle errno on tcf_idr_check_alloc b70c24827e11 isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() bf51f26c5bcc EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection 76eb3ac2f01a EDAC/altera: Handle OCRAM ECC enable after warm reset 4b63d3858a1e spi: Try to get ACPI GPIO IRQ earlier 8af069dc2fbf ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check 217d47255a2e ALSA: usb-audio: Fix potential overflow of PCM transfer buffer 4cba73c4c892 fs/proc: fix uaf in proc_readdir_de() 298f1e0694ab ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe 5fb4722507b7 strparser: Fix signed/unsigned mismatch bug 3b9447e68777 gcov: add support for GCC 15 b114996a095d NFSD: free copynotify stateid in nfs4_free_ol_stateid() d0ee0b42a9c0 HID: hid-ntrig: Prevent memory leak in ntrig_report_version() 4681960bc0f4 netfilter: nf_tables: reject duplicate device on updates cbbe9170ca2a mtd: onenand: Pass correct pointer to IRQ handler 20067f737dc0 lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN b69f19244c2b mm/ksm: fix flag-dropping behavior in ksm_madvise 1a6ed803c4b1 mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR c4cdd143c359 bpf: Add bpf_prog_run_data_pointers() 9f282104627b ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd 6ec3bfe0ad73 NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() 709e5c088f9c drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE bfa4f33f0a43 ASoC: cs4271: Fix regulator leak on probe failure ee29c2319ee8 regulator: fixed: fix GPIO descriptor leak on register failure 5c1fd2b81e13 acpi,srat: Fix incorrect device handle check for Generic Initiator 9d1d7858fc5b Bluetooth: L2CAP: export l2cap_chan_hold for modules 8b1551cacb66 hsr: Fix supervision frame sending on HSRv0 f8706e15710f net_sched: limit try_bulk_dequeue_skb() batches 5af7ec404e85 net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps 727f158d9a8a net/mlx5e: Fix maxrate wraparound in threshold between units 37f0680887c5 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak 218b67c8c824 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak def0860b2caf net_sched: act_connmark: use RCU in tcf_connmark_dump() 0d14e8ba20cf net/sched: act_connmark: transition to percpu stats and rcu b99642817f60 net: sched: act_connmark: get rid of tcf_connmark_walker and tcf_connmark_search 6a45a97e0099 net: sched: act: move global static variable net_id to tc_action_ops 659e94c35a3f wifi: mac80211: skip rate verification for not captured PSDUs 1040834078ac net: mdio: fix resource leak in mdiobus_register_device() 51b8f0ab888f tipc: Fix use-after-free in tipc_mon_reinit_self(). 8a695769c1e8 net/smc: fix mismatch between CLC header and proposal abb086b9a95d sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto 17ef29586b76 Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions 2f2b940e7fa3 Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion d566e9a2bfc8 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path 7a6d1e740220 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF d11c10bce6f4 net: fec: correct rx_bytes statistic for the case SHIFT16 is set dd60d0ba60f8 ASoC: max98090/91: fixed max98091 ALSA widget powering up/down 652585576866 NFS: check if suid/sgid was cleared after a write as needed 9727b5dc98c3 HID: quirks: avoid Cooler Master MM712 dongle wakeup bug d2560884113c NFS4: Fix state renewals missing after boot e5d5b4228e05 RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors be5a8537b2b9 compiler_types: Move unused static inline functions warning to W=2 e988634d7aae drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD 7d316c3c9e53 selftests: netdevsim: set test timeout to 10 minutes 3694a618609b extcon: adc-jack: Cleanup wakeup source only if it was enabled d3eaf1052cd8 lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC 3a9f46f5d467 rtc: rx8025: fix incorrect register reference 38771ab159d9 tracing: Fix memory leaks in create_field_var() a304aa581895 bnxt_en: Fix a possible memory leak in bnxt_ptp_init 25979f34feec bnxt_en: PTP: Refactor PTP initialization functions 4e6b9004f01d net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup 82b5ddac0843 sctp: Hold sock lock while iterating over address list 72e3fea68eac sctp: Prevent TOCTOU out-of-bounds write ad5ddc33af9f sctp: Hold RCU read lock while iterating over address list 6618c36f6d86 net: dsa: b53: stop reading ARL entries if search is done ae52ba1ad2ed net: dsa: b53: fix enabling ip multicast cd8c2419b50b net: dsa: b53: fix resetting speed and pause on forced link 48df5cc7fd7c net: vlan: sync VLAN features with lower device 82acad39d05c selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh f3903664c883 netdevsim: add Makefile for selftests c2ce8d37e49e selftests/net: use destination options instead of hop-by-hop 32c3e1cbc2e6 selftests/net: fix GRO coalesce test and add ext header coalesce tests e4603c1c4fd1 selftests/net: fix out-of-order delivery of FIN in gro:tcp test a8d549eb5aca net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx f8d974a0e8c2 riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro 53c7a2110285 Revert "wifi: ath10k: avoid unnecessary wait for service ready message" b345e06f2d35 ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again 676ee2061f72 ceph: add checking of wait_for_completion_killable() return value 8bff07a8fc0a ASoC: meson: aiu-encoder-i2s: fix bit clock polarity 1943b69e87b0 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds 6da480c32392 ACPI: property: Return present device nodes only on fwnode interface a66596cf5643 9p: sysfs_init: don't hardcode error to ENOMEM 879f6a7e75c3 cpufreq: tegra186: Initialize all cores to max frequencies 435b42a10995 9p: fix /sys/fs/9p/caches overwriting itself 66f257db400a clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled c50651c205f6 clk: at91: clk-master: Add check for divide by 3 e7322da6c50f ARM: at91: pm: save and restore ACR during PLL disable/enable a02f2dbdd77a rtc: pcf2127: clear minute/second interrupt cebc9f5ee3e3 um: Fix help message for ssl-non-raw 64ef62fb1c4a fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink f7af3813ccff btrfs: mark dirty extent range for out of bound prealloc extents 8a139fe903f3 RDMA/hns: Fix wrong WQE data when QP wraps around 63bb04cda173 RDMA/irdma: Set irdma_cq cq_num field during CQ create e8805e90ff0c RDMA/irdma: Remove unused struct irdma_cq fields 2380d634959a RDMA/irdma: Fix SD index calculation cc9ab6e1a375 ACPICA: Update dsmethod.c to get rid of unused variable warning 15afebb95974 orangefs: fix xattr related buffer overflow... c12ebeacfbae page_pool: Clamp pool size to max 16K pages 2acf073edeb7 exfat: limit log print for IO error c70926971b36 ALSA: usb-audio: add mono main switch to Presonus S1824c b65ca9708bfb Bluetooth: bcsp: receive data only if registered d2850f037c2a Bluetooth: SCO: Fix UAF on sco_conn_free d4d90a419b55 net: macb: avoid dealing with endianness in macb_set_hwaddr() bb7d0d13c6e1 fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock b2eef65a3be2 scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() fa4daf7d11e4 nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing a8a97e0d0b60 NFSv4.1: fix mount hang after CREATE_SESSION failure 679fd67bac26 NFSv4: handle ERR_GRACE on delegation recalls ca806ebc497b remoteproc: qcom: q6v5: Avoid handling handover twice e50066336660 sparc/module: Add R_SPARC_UA64 relocation handling eb3d29ca0820 PCI: cadence: Check for the existence of cdns_pcie::ops before using it c3f99fd7ed17 r8169: set EEE speed down ratio to 1 826ad86e1270 net: intel: fm10k: Fix parameter idx set but not used eb0c150d0279 wifi: ath10k: Fix connection after GTK rekeying 0f7f34292071 iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() f878bfd2c14c net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X a2aa97cde985 jfs: fix uninitialized waitqueue in transaction manager 46c76cfa17d1 jfs: Verify inode mode when loading from disk 14b6f0b3cfe2 ipv6: np->rxpmtu race annotation 318aeeb3f8fe usb: xhci: plat: Facilitate using autosuspend for xhci plat devices 7a219cbbc9e8 usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs 311df10cca0e allow finish_no_open(file, ERR_PTR(-E...)) ffae0417168e scsi: lpfc: Define size of debugfs entry for xri rebalancing 57225d17cd8d scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup 430e3ca0a53d scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET 41cd00665c99 selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency 0ec2cd5c5879 page_pool: always add GFP_NOWARN for ATOMIC allocations a58098c6b91c drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl fd62e1a94cff net/cls_cgroup: Fix task_get_classid() during qdisc run 45e4e4a8772f udp_tunnel: use netdev_warn() instead of netdev_WARN() d276a6c3bb74 selftests: Replace sleep with slowwait fbf410aafc85 eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP ff4cd9564dc3 selftests: Disable dad for ipv6 in fcnal-test.sh b16a010338bf x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT 56c832864e5e netfilter: nf_reject: don't reply to icmp error messages 0858b8e38884 selftests: traceroute: Use require_command() 9d2e3da0a0e8 media: redrat3: use int type to store negative error codes ffb663e41dde net: sh_eth: Disable WoL if system can not suspend eab8d5e5e1d0 phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 04f057e4c156 phy: cadence: cdns-dphy: Enable lower resolutions in dphy 63eb6730ce06 ntfs3: pretend $Extend records as regular files 8a8d07553583 net: phy: marvell: Fix 88e1510 downshift counter errata 0f30019f5a58 drm/msm: make sure to not queue up recovery more than once 0cf9a50af91f usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget 2dc7bcc0b112 usb: gadget: f_hid: Fix zero length packet transfer bb8f9de71c9b iommu/amd: Skip enabling command/event buffers for kdump 66bcd6c577d8 net: call cond_resched() less often in __release_sock() 07ae8cc64557 net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms fdfd91ac1f44 ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled 1452d49956d9 drm/msm/dsi/phy_7nm: Fix missing initial VCO rate b4a4bf4b4452 drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL bda8e00b354a dmaengine: dw-edma: Set status for callback_result 35e42324c21f dmaengine: mv_xor: match alloc_wc and free_wc e12a50e3621f dmaengine: sh: setup_xref error handling 774e8d44ac88 ptp: Limit time setting of PTP clocks 48c1d49c64d0 scsi: pm8001: Use int instead of u32 to store error codes 7ce10ef9a9b6 mips: lantiq: xway: sysctrl: rename stp clock e1f79a12bd62 mips: lantiq: danube: add missing device_type in pci node a39c88bedb0f mips: lantiq: danube: add missing properties to cpu node 69f04cdd1a50 media: fix uninitialized symbol warnings b751b7f87acb drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption 92071a422131 extcon: adc-jack: Fix wakeup source leaks on device unbind 62443e7d827a scsi: pm80xx: Fix race condition caused by static variables 866d93632daa scsi: mpi3mr: Fix controller init failure on fault during queue creation 9650cd59f4e1 rds: Fix endianness annotation for RDS_MPATH_HASH fb4f59e66952 ALSA: usb-audio: Add validation of UAC2/UAC3 effect units 30cc10a05b22 PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call 38edfa2a5a7a net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. f80a71a29f2d net: When removing nexthops, don't call synchronize_net if it is not necessary d2ee1c7fc9c2 char: misc: Does not request module for miscdevice with dynamic minor e14d3af189de usb: gadget: f_ncm: Fix MAC assignment NCM ethernet f979f913b99c iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register ad22eebd7177 drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts 26f6a1dd5d81 media: imon: make send_packet() more robust 0bf756ae1e69 net: ipv6: fix field-spanning memcpy warning in AH output 15def75e75a7 bridge: Redirect to backup port when port is administratively down a65cbffb0e81 powerpc/eeh: Use result of error_detected() in uevent e269b500b23f thunderbolt: Use is_pciehp instead of is_hotplug_bridge 157b7b41a5d2 net: stmmac: Check stmmac_hw_setup() in stmmac_resume() d178723da249 x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall 5ba991865cee drm/tidss: Set crtc modesetting parameters with adjusted mode 603c103f9e30 drm/tidss: Use the crtc_* timings when programming the HW 965813f1afaf media: pci: ivtv: Don't create fake v4l2_fh 556da2856798 drm/amdkfd: return -ENOTTY for unsupported IOCTLs e04e3165bc8b selftests/net: Ensure assert() triggers in psock_tpacket.c 634d43ee1d23 selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 be80a71699b4 PCI: Disable MSI on RDC PCI to PCIe bridges 31caf9efba7e drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() 19096bddf873 drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff b9d1d32766d3 drm/amd/pm: Use cached metrics data on arcturus 89af20042ea5 drm/amd/pm: Use cached metrics data on aldebaran 446631df0714 mfd: da9063: Split chip variant reading in two bus transactions adde0c657c90 mfd: madera: Work around false-positive -Wininitialized warning d7bc1931a256 mfd: stmpe-i2c: Add missing MODULE_LICENSE 72f7a31793bb mfd: stmpe: Remove IRQ domain upon removal fa0d842eea8c tools/power x86_energy_perf_policy: Prefer driver HWP limits 1c0eb3211e17 tools/power x86_energy_perf_policy: Enhance HWP enable 87de7b4213c1 tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage 2ba32bd019cf tools/cpupower: Fix incorrect size in cpuidle_state_disable() 481e609c7854 hwmon: (dell-smm) Add support for Dell OptiPlex 7040 2617ae62f086 uprobe: Do not emulate/sstep original instruction when ip is changed cf3e51d388e1 clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel 39805c732891 cpuidle: Fail cpuidle device registration if there is one already 7f6993bd3224 tools/cpupower: fix error return value in cpupower_write_sysfs() 6e9e9558da65 video: backlight: lp855x_bl: Set correct EPROM start for LP8556 e8cde03de867 nvme-fc: use lock accessing port_state and rport state 2f4852db87e2 nvmet-fc: avoid scheduling association deletion twice 75a98126757e tee: allow a driver to allocate a tee_device without a pool 5a7e2d5d1b68 ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() 13257496a496 mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card e3f7173df91b power: supply: sbs-charger: Support multiple devices a59c9c1370db hwmon: (sbtsi_temp) AMD CPU extended temperature range support 9545f5ef8258 ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] 799f75a894a6 ACPI: PRM: Skip handlers with NULL handler_address or NULL VA 2ca16b41e88b irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment 1ba13dde6a45 arc: Fix __fls() const-foldability via __builtin_clzl() 55cf586b9556 cpufreq/longhaul: handle NULL policy in longhaul_exit 916f62bf6964 selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 76ab1edadf69 ACPI: video: force native for Lenovo 82K8 edc0b38f26fc memstick: Add timeout to prevent indefinite waiting 9e18372fcf17 mmc: host: renesas_sdhi: Fix the actual clock fd031d98081e pinctrl: single: fix bias pull up/down handling in pin_config_set 13ce905f0777 bpf: Don't use %pK through printk 49be75e00d21 soc: ti: pruss: don't use %pK through printk ed7b7fbf2d5f spi: loopback-test: Don't use %pK through printk d06bbd6f5cd8 soc: qcom: smem: Fix endian-unaware access of num_entries 9a0d4017a138 soc: aspeed: socinfo: Add AST27xx silicon IDs 04dde9a7cb73 block: make REQ_OP_ZONE_OPEN a write operation 6abeff03cb79 drm/sysfb: Do not dereference NULL pointer in plane reset afd6e9fe377f drm/sched: Fix race in drm_sched_entity_select_rq() 9ec40fba7357 usb: gadget: f_fs: Fix epfile null pointer access after ep enable. e6f1413b1cfb Revert "docs/process/howto: Replace C89 with C11" 518eadd15f7e arch: back to -std=gnu89 in < v5.18 f28b14d235a8 x86/boot: Compile boot code with -std=gnu11 too 8050bbc2a2b9 xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event fe9092c42877 xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. 79d7094ecd75 xhci: dbc: Improve performance by removing delay in transfer event polling. 2f5c3743466f xhci: dbc: Allow users to modify DbC poll interval via sysfs d596d39e16e3 xhci: dbc: poll at different rate depending on data transfer activity 902f900b46e9 xhci: dbc: Provide sysfs option to configure dbc descriptors 42ccfa662c2e x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID 12a895faa0c9 net: phy: dp83867: Disable EEE support as not implemented 56612e80a80b can: gs_usb: increase max interface to U8_MAX 941285def6f6 net: ravb: Enforce descriptor type ordering 6664de2a13b5 ravb: Exclude gPTP feature support for RZ/G2L 381eb91874a6 dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp bfb5e825c206 serial: 8250_dw: handle reset control deassert error 3299a39f9a09 serial: 8250_dw: Use devm_add_action_or_reset() d979639f099c regmap: slimbus: fix bus_context pointer in regmap init calls c5279b8c91c9 block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL c674a191ada3 drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland f64e5bdde3be drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji ca8cc1ae1425 drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() e5e712518b29 net: hns3: return error code when function fails 8814f060d364 drm/etnaviv: fix flush sequence logic 43005002b60e usbnet: Prevents free active kevent 18652ab01a20 libbpf: Fix powerpc's stack register definition in bpf_tracing.h e5996b15ab1d libbpf: Normalize PT_REGS_xxx() macro definitions 82a674170040 riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h 9450d2fe01d0 bpf: Do not audit capability check in do_jit() de2ce6b14bc3 bpf: Sync pending IRQ work before freeing ring buffer 29b6987bdea3 ALSA: usb-audio: fix control pipe direction ea48293df43b drm/msm/a6xx: Fix GMU firmware parser 488f3206325e wifi: ath10k: Fix memory leak on unsupported WMI command 641e47ea2831 ASoC: qdsp6: q6asm: do not sleep while atomic cca3958c5565 mptcp: restore window probe 90d835caf3eb fbdev: valkyriefb: Fix reference count leak in valkyriefb_init 9c78e8179a14 fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS 55f60a72a178 wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode db5c9a162d2f fbdev: bitblit: bound-check glyph index in bit_putcs* bc78a4f51d54 ACPI: video: Fix use-after-free in acpi_video_switch_brightness() 4b05bd1d75d3 fbdev: atyfb: Check if pll_ops->init_pll failed c7bf258321a1 net: usb: asix_devices: Check return value of usbnet_get_endpoints 375fdd8993ce NFSD: Fix crash in nfsd4_read_release() 5fa8b4382c01 btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() 5a6f9727ae78 btrfs: always drop log root tree reference in btrfs_replay_log() f5c926c9e7fe btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() a740e71c2344 x86/bugs: Fix reporting of LFENCE retpoline 1bed56f089f0 net/sched: sch_qfq: Fix null-deref in agg_dequeue Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index a315593e7cc..4baf0bd9833 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "ec706ff09f989e8c03cdc0e1ec5cafd7cf3ee8a2" -SRCREV_meta ?= "0279325ca207a9cdfa8a956632154831453a85c1" +SRCREV_machine ?= "9f3853efc84c7065918f3cb90be1464f61bd0871" +SRCREV_meta ?= "65baed3263fc04a3bdd461278cca80891b80cc9a" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.196" +LINUX_VERSION ?= "5.15.197" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 66da58322ed..a8ba1470443 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.196" +LINUX_VERSION ?= "5.15.197" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "6aa88785aa94fe7253e4dcda162c35c8eaa9f500" -SRCREV_meta ?= "0279325ca207a9cdfa8a956632154831453a85c1" +SRCREV_machine ?= "6a3023cca521bd2e295fc1482e5b0c88c08ab2e4" +SRCREV_meta ?= "65baed3263fc04a3bdd461278cca80891b80cc9a" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 5b6213a9d7d..26765a216e5 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "6938c8f38582bac21da19fde0f2b27beb6b15ba8" -SRCREV_machine:qemuarm64 ?= "5650eb3e0a12ce52f0c2b9d5469ec169ab8239e7" -SRCREV_machine:qemumips ?= "1b8f74e960fcd90cf09ff65426d88fe5ec4affae" -SRCREV_machine:qemuppc ?= "29d4d06006e7def2e86d3c8c99d0a8550cae5a84" -SRCREV_machine:qemuriscv64 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" -SRCREV_machine:qemuriscv32 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" -SRCREV_machine:qemux86 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" -SRCREV_machine:qemux86-64 ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" -SRCREV_machine:qemumips64 ?= "20aaafeb01a044c6e1f2480e119e575461e3fa23" -SRCREV_machine ?= "3f1742244637534d7f0c70ca2ad471307917ce3f" -SRCREV_meta ?= "0279325ca207a9cdfa8a956632154831453a85c1" +SRCREV_machine:qemuarm ?= "2d635a3e35b83998b2f84bbd2e932eaafdf61826" +SRCREV_machine:qemuarm64 ?= "bb65897d11ebca68c2017bf0bed4e26599e05ddb" +SRCREV_machine:qemumips ?= "8192334823c116e4e56368fbf6ca67cdb0c945d0" +SRCREV_machine:qemuppc ?= "ec35a9c80e2a5006d01a073f9787c784fdf0a04f" +SRCREV_machine:qemuriscv64 ?= "c04373a83e017e615d8333767c8955732c6c975b" +SRCREV_machine:qemuriscv32 ?= "c04373a83e017e615d8333767c8955732c6c975b" +SRCREV_machine:qemux86 ?= "c04373a83e017e615d8333767c8955732c6c975b" +SRCREV_machine:qemux86-64 ?= "c04373a83e017e615d8333767c8955732c6c975b" +SRCREV_machine:qemumips64 ?= "5a3b47b8a7c60c97447170242b5c2e70db803b2f" +SRCREV_machine ?= "c04373a83e017e615d8333767c8955732c6c975b" +SRCREV_meta ?= "65baed3263fc04a3bdd461278cca80891b80cc9a" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "cc5ec87693063acebb60f587e8a019ba9b94ae0e" +SRCREV_machine:class-devupstream ?= "68efe5a6c16a05391e3d96025b41e9bf573f968c" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.196" +LINUX_VERSION ?= "5.15.197" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Feb 24 14:24:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81715 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C04D4E9B27E for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21275.1771943108103392179 for ; Tue, 24 Feb 2026 06:25:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=319MUNgj; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4806ce0f97bso45149085e9.0 for ; Tue, 24 Feb 2026 06:25:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943106; x=1772547906; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RpY1UVF8F0Xc3ggPXJit+remyJscKbKv6eiH7/cLy6Q=; b=319MUNgjhf7Qh6JXlV2YWFR30zQV/2HHUiDgMPL3/J10GiADGGKlprvRVvjuRgCNT3 /qLbv6NGMh12kvGH749F3nnmsPvFIxQIw/QUo53sfP9EAkRY1eHEGItcOdIbFzjVdUiU MWJ5E3kkHr9NQ1ieX+IMG536cVRMhj53HavqA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943106; x=1772547906; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=RpY1UVF8F0Xc3ggPXJit+remyJscKbKv6eiH7/cLy6Q=; b=QnwoQ8x/3KQ/spTeWZrUK7dOB8oF+BPOU0Ec+bRUUQNJjHP0Dfn1fDQ92BNBDX51tX pz2/cWTwUJMktt9Z9/e+XSK2GL3Sl2Q9tkFHbcOAT7rHl+BYEpNc15jl5wpclMu+q9cF aabxKXzrGxNJ/MRBKF5SWZQvo7cqCiR5IQPafGsB7mN+fmgPgClrKYnZk7XnF1AvdTvP VWKOawsGMyrN9uKHREq5oZPuHtftpkYjbp+Wh0r5R9sNTCWutPWIfYJbldg4N/RBoxB9 pkuoyDUAgPkZM71MXroJ7LSNqsvBqlSKeOuDz+ToyWyiKBcw3DARFR3tfbd6UqzY83EY aPTQ== X-Gm-Message-State: AOJu0YzrLQgKm8UA/JhzTFYvoIOCaWtg9wLQAZBPfDmYyD/bfz7ob9IK KWmkWDnKqouid2CHMl9Q6n1QbaOMUY7JqiPBKjoAS0dJYR6eCQU2bbeVsq9o9arsYTN+OKO22O2 9pnQv X-Gm-Gg: AZuq6aInfzwsvEgB6do37v2rvelgu/oiujcQk4Or5oLKI9cZUEsxU1o0LEpwurwM0iX VCd+Jj/pHC6XKOshPf7jOPpRcK/9KEs9hKxpjHx6FOyDjYXtpGOskixm493vaLlfOYgylsMsQAY qPclTXRHF4Yfzgu+CBWM1URsyzPrXbIVvATHWbHcL6CyYNocBxavViVIstRClLLT9TpT+mRpF2O CGtC1n5ZC7seK2yshAvsm1R1BL2Ynpc3aCFCY49+WqUgHHpMQgyyOCSQvIzru5/KGUtRWLDLNhh fNW9YbH2R2sTcZwWQFP1UGEVw8nX1LvSDV/2T1oa7AdBITAXE9h+8rJcbD4Fl+L/RUHtnGVf0ua vyHeV/rgOkuXK0ExoFOd2rh4bsX6+Tpq3OP8eE6mnYijIEz9SJRoV/oFgzNm7pcRfAdM70miTcb ScvR2CUAZ6N9XBjnZzVqn4kx5j9utoxAbRkdaMfOflRCxYcXud0fw0Ua6Pm/MQdi04PEmJvq9xx 7zM0mshNkZ82vV3Z70P/ZSdJOpmdjXcJA== X-Received: by 2002:a05:600c:3b96:b0:47e:e076:c7a5 with SMTP id 5b1f17b1804b1-483a95b7aedmr251411385e9.11.1771943105510; Tue, 24 Feb 2026 06:25:05 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:05 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/38] linux-yocto/5.15: update to v5.15.198 Date: Tue, 24 Feb 2026 15:24:07 +0100 Message-ID: <2881571b27532d34dafd0c43d847b8e38a1ed568.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231781 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: 9eec9a14ee10 Linux 5.15.198 72d750886b21 NFS: add barriers when testing for NFS_FSDATA_BLOCKED 7981cff2bee1 NFS: unlink/rmdir shouldn't call d_delete() twice on ENOENT 220a5ee395e0 efi/cper: Fix cper_bits_to_str buffer handling and return value b82594248af1 firmware: imx: scu-irq: Set mu_resource_id before get handle bbd35608330d scsi: sg: Fix occasional bogus elapsed time that exceeds timeout 5517e2497d11 ASoC: fsl_sai: Add missing registers to cache default c3a4316e3c74 can: j1939: make j1939_session_activate() fail if device is no longer registered c618c4ccb79b powercap: fix sscanf() error return value handling 7b78832aa94f powercap: fix race condition in register_control_type() 047ea38d41d9 blk-throttle: Set BIO_THROTTLED when bio has been throttled 7f7080c51410 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping 3dc4b3bb4e0a pinctrl: qcom: lpass-lpi: Remove duplicate assignment of of_gpio_n_cells ef668c9a2261 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag e8bfa2401d4c nfsd: provide locking for v4_end_grace 061158d27c46 NFSD: Remove NFSERR_EAGAIN 530476199947 nfs_common: factor out nfs_errtbl and nfs_stat_to_errno eb204a6d8bad NFS: trace: show TIMEDOUT instead of 0x6e 393525dee5c3 arp: do not assume dev_hard_header() does not change skb->head 2caa31d02c73 net: enetc: fix build warning when PAGE_SIZE is greater than 128K a40af9a2904a net: usb: pegasus: fix memory leak in update_eth_regs_async() 0809c4bc06c9 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset 303987beb595 HID: quirks: work around VID/PID conflict for appledisplay b4bfc8d26b96 bnxt_en: Fix potential data corruption with HW GRO/LRO 4248fb36df8d eth: bnxt: move and rename reset helpers 0e9a7c61978e net/mlx5e: Don't print error message due to invalid module ac1fd8362346 netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates c655d2167bf0 net: sock: fix hardened usercopy panic in sock_recv_errqueue bee569f5fcf7 inet: ping: Fix icmp out counting 8767f238b0e6 net: mscc: ocelot: Fix crash when adding interface under a lag bf1ffe5e95bd bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress 8a4333b2818f net: marvell: prestera: fix NULL dereference on devlink_alloc() failure c4cde57c8aff netfilter: nf_conncount: update last_gc only when GC has been performed 92d17b97479c netfilter: nf_tables: fix memory leak in nf_tables_newrule() d65b19f34c2a netfilter: nft_synproxy: avoid possible data-race on update operation ddd097698d8b ARM: dts: imx6q-ba16: fix RTC interrupt level e91cffed1c58 arm64: dts: add off-on-delay-us for usdhc2 regulator 274dfe3b1801 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" ebabaddab72c scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset 5ef4392495a8 NFS: Fix up the automount fs_context to use the correct cred f269abad66bd NFSv4: ensure the open stateid seqid doesn't go backwards d4d09d18059a alpha: don't reference obsolete termio struct for TC* constants 8c97b0183923 ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels df9967c3b757 csky: fix csky_cmpxchg_fixup not working b374e9ecc92a ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() 6c94fd068ba2 ext4: introduce ITAIL helper 5d0dc83cb9a6 libceph: make calc_target() set t->paused, not just clear it 77229551f2cf libceph: return the handler error from mon_handle_auth_done() 851241d3f78a libceph: make free_choose_arg_map() resilient to partial allocation 4b106fbb1c7b libceph: replace overzealous BUG_ON in osdmap_apply_incremental() 194cfe2af4d2 libceph: prevent potential out-of-bounds reads in handle_auth_done() a3827e310b5a wifi: avoid kernel-infoleak from struct iw_point 6a0cceb1a8b9 drm/pl111: Fix error handling in pl111_amba_probe 250e1f9f911d lib/crypto: aes: Fix missing MMU protection for AES S-box e57137354d85 mei: me: add nova lake point S DID 6cff14b831db net: 3com: 3c59x: fix possible null dereference in vortex_probe1() 02b79361cf97 atm: Fix dma_free_coherent() size 7f696f15c18b usb: gadget: lpc32xx_udc: fix clock imbalance in error path c3ba0557ab2e net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() f3cc921c237c Revert "iommu/amd: Skip enabling command/event buffers for kdump" 0b956f79b2f8 firmware: arm_scmi: Fix unused notifier-block in unregister 3079bf04d35f ext4: fix error message when rejecting the default hash bfac7e3ff587 ext4: factor out ext4_hash_info_init() 86b81d4eab1c ext4: filesystems without casefold feature cannot be mounted with siphash e1b826e10ff9 pwm: stm32: Always program polarity 69e4c711d3f5 x86: remove __range_not_ok() dd6d10e00cf4 selftests: net: test_vxlan_under_vrf: fix HV connectivity test 20d3eb00ab81 ipv4: Fix uninit-value access in __ip_make_skb() 40e5444a3ac3 ipv6: Fix potential uninit-value access in __ip6_make_skb() ef2fe0c6353b KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning eeeaba737919 HID: core: Harden s32ton() against conversion to 0 bits 5f35099fa3d5 KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS d69f28ef7cda page_pool: Fix use-after-free in page_pool_recycle_in_ring aec6a1be0be1 drm/i915/selftests: fix subtraction overflow bug 0f55ac683b27 mmc: core: use sysfs_emit() instead of sprintf() f51e471cb157 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. 32ffca069d20 drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() 0a59a3895f80 wifi: mac80211: Discard Beacon frames to non-broadcast address 7daa50a2157e ASoC: stm32: sai: fix OF node leak on probe ecd91855dd4f lockd: fix vfs_test_lock() calls 86d91420bbe3 powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages 325fd00621d5 mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() ed920d0feafb mm/balloon_compaction: we cannot have isolated pages in the balloon list f16e78225eda mm/balloon_compaction: make balloon page compaction callbacks static 1e3a5fec4917 ASoC: stm32: sai: fix clk prepare imbalance on probe failure a93887d284a6 ASoC: stm32: sai: Use the devm_clk_get_optional() helper 39e5b2de0207 ASoC: stm: Use dev_err_probe() helper 6009167915d5 r8169: fix RTL8117 Wake-on-Lan in DASH mode 4c0278938c36 iommu/qcom: fix device leak on of_xlate() 2e9a95d60f1d powerpc/64s/slb: Fix SLB multihit issue during SLB preload 374f9984edc8 PCI: brcmstb: Fix disabling L0s capability bf03a56d6af9 powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION 4141049144b3 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled 3ccce30e5919 media: samsung: exynos4-is: fix potential ABBA deadlock on init 75f91534f9ac NFSD: NFSv4 file creation neglects setting ACL 2e6f384b4e6c media: verisilicon: Protect G2 HEVC decoder against invalid DPB index b425cd5bc54e media: vpif_capture: fix section mismatch 61d19d81485d media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() 4dedb6a11243 SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf 610ef5893628 KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN 543bf004e4ea crypto: af_alg - zero initialize memory allocated via sock_kmalloc a22316f5e9a2 svcrdma: bound check rq_pages index in inline path c80b58581fad ARM: dts: microchip: sama7g5: fix uart fifo size to 32 cbbf3f1bb9f8 fuse: fix readahead reclaim deadlock a6c208695220 usb: ohci-nxp: fix device leak on probe failure 0928573aeccb usb: ohci-nxp: Use helper function devm_clk_get_enabled() 50ee04e0ae62 mptcp: pm: ignore unknown endpoint flags 2cf9e72ec9a4 usb: dwc3: keep susphy enabled during exit to avoid controller faults 72c58a82e6fb f2fs: fix to avoid updating zero-sized extent in extent cache 671910d2e5b8 f2fs: fix to propagate error from f2fs_enable_checkpoint() 474cc3ed3743 f2fs: use global inline_xattr_slab instead of per-sb slab cache f30ea4a9e793 f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() 0e8bddb3e081 xfs: fix a memory leak in xfs_buf_item_init() 06cad7ba5c7b KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit fa2dd45ce8ae NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap d2f5d8cf1ead ALSA: wavefront: Fix integer overflow in sample size validation 73d7bfacc5ca ALSA: wavefront: Use standard print API 151c632b9162 ALSA: wavefront: Clear substream pointers on close 214a854d0d99 wifi: mt76: Fix DTS power-limits on little endian systems 8a589c56b0d6 btrfs: don't rewrite ret from inode_permission 275c686f1e3c tpm: Cap the number of PCR banks ed7441ffe3fd jbd2: fix the inconsistency between checksum and data in memory for journal sb ee199d259349 xhci: dbgtty: fix device unregister 4b4315ab4a14 xhci: dbgtty: use IDR to support several dbc instances. eee16f3ff08e usb: gadget: udc: fix use-after-free in usb_gadget_state_work 8b586de6f03c usb: xhci: Apply the link chain quirk on NEC isoc endpoints d16a2857ad17 usb: xhci: move link chain bit quirk checks into one helper function. 86aae7053d2d drm/vmwgfx: Fix a null-ptr access in the cursor snooper cfb82ea9cccc virtio_console: fix order of fields cols and rows 6161d0d62351 kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules 94b45fddc261 mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() 554b17dc14d0 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() 77ec39ad0ceb mm/damon/tests/core-kunit: handle memory failure from damon_test_target() 233409d46dc5 mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() 3f7668f4ffd5 mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() db10496b2797 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() df458acf79c6 mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() c6895612b1e4 mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() 5629064f92f0 RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem 483b541b7ee3 mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() 5ff02cf6c74d mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() 87caa0d35aab drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb 47a85604a761 drm/ttm: Avoid NULL pointer deref for evicted BOs d376aea5f101 drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers e02a1c33f10a net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write 66d3d821a27f net: usb: sr9700: fix incorrect command used to write single register 02a02eb93cec nfsd: Drop the client reference in client_states_open() 96e9b4b4eebe fjes: Add missing iounmap in fjes_hw_init() 278b7cfe0d4d e1000: fix OOB in e1000_tbi_should_accept() abf38398724e RDMA/cm: Fix leaking the multicast GID table reference bfe10318fc23 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly adca36b7312f idr: fix idr_alloc() returning an ID out of range ec9fd10b4803 media: i2c: adv7842: Remove redundant cancel_delayed_work in probe d80c606877e3 media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe 3de6afefd37e media: TDA1997x: Remove redundant cancel_delayed_work in probe faf38cced019 media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() 718fd69207b6 media: cec: Fix debugfs leak on bus_register() failure c3548c44c3c2 fbdev: tcx.c fix mem_map to correct smem_start offset 37fa1e7e4884 fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing 51fd9c20a530 fbdev: gbefb: fix to use physical address instead of dma address c9d6fc7d60c6 dm-ebs: Mark full buffer dirty even on partial write f913b9a2ccd6 media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() 6a483e56c1ad parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() 0a476ed7bc87 parisc: entry.S: fix space adjustment on interruption for 64-bit userspace 76bbb99a030f media: rc: st_rc: Fix reset control resource leak f69506115f61 mfd: max77620: Fix potential IRQ chip conflict when probing two devices ef97d93d0775 mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup a357f04e6c47 leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs e24cad510abc leds: leds-lp50xx: Allow LED 0 to be added to module bank c9f0eac5745d PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths f0ae659c9652 HID: logitech-dj: Remove duplicate error logging 3f50e9dbfe9d iommu/tegra: fix device leak on probe_device() 157b01742a68 iommu/sun50i: fix device leak on of_xlate() fa4e003b8fcf iommu/omap: fix device leaks on probe_device() 6705d63820c6 iommu/mediatek: fix device leak on of_xlate() e6b0e3882ab0 iommu/mediatek-v1: fix device leak on probe_device() cadf7c83302f iommu/ipmmu-vmsa: fix device leak on of_xlate() f62661f577b3 iommu/exynos: fix device leak on of_xlate() ac0c50cc85ed iommu/apple-dart: fix device leak on of_xlate() fdb64bba6a46 ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. d543ddcecc93 ASoC: qcom: q6adm: the the copp device only during last instance 47587d958185 ASoC: qcom: q6asm-dai: perform correct state check before closing 938117827bca ASoC: stm32: sai: fix device leak on probe d739270d09e0 selftests/ftrace: traceonoff_triggers: strip off names 1f29db2cfb01 RDMA/bnxt_re: fix dma_free_coherent() pointer 2d34cffaf8c9 RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation 19682d51e1b6 RDMA/bnxt_re: Fix to use correct page size for PDE table b299f01e464d RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send 8165f064641c RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() af9a938b087d RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() c8002b3a098a RDMA/efa: Remove possible negative shift db93ae6fa66f RDMA/irdma: avoid invalid read in irdma_net_event ed2639414d43 net: rose: fix invalid array index in rose_kill_by_device() 33ff5c207c87 ipv4: Fix reference count leak when using error routes with nexthop objects 6b7522424529 ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() 4cc4cfe4d23c octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" 6b3a6cb3493f net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct fc96018f09f8 net: usb: asix: validate PHY address before use b3c214ac512e net: dsa: b53: skip multicast entries for fdb_dump() d55b060b6c56 firewire: nosy: Fix dma_free_coherent() size 1fc0c943e445 genalloc.h: fix htmldocs warning 1c4cb705e733 smc91x: fix broken irq-context in PREEMPT_RT 2f966186b995 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure f820e438b8ec team: fix check for port enabled in team_queue_override_port_prio_changed() 6f935c0f549f platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic 1c423f0fcb08 platform/x86: msi-laptop: add missing sysfs_remove_group() 41a1a3140aff ip6_gre: make ip6gre_header() robust 052e5db5be45 net: openvswitch: Avoid needlessly taking the RTNL on vport destroy 214802e4caaa net: mdio: aspeed: add dummy read to avoid read-after-write issue 6ff75a5132df net: mdio: aspeed: move reg accessing part into separate functions fff9206b0907 Bluetooth: btusb: revert use of devm_kzalloc in btusb baf0e2d1e03d crypto: seqiv - Do not use req->iv after crypto_aead_encrypt 5bb18bfd505c iavf: fix off-by-one issues in iavf_config_rss_reg() cfddf4af22a3 i40e: validate ring_len parameter against hardware-specific values 0daf39ee1e4e i40e: Refactor argument of i40e_detect_recover_hung() 3fec9e1bad69 i40e: Refactor argument of several client notification functions 4f28b415a483 i40e: fix scheduling in set_rx_mode f7455c5f9218 hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU bf5b03227f2e hwmon: (w83791d) Convert macros to functions to avoid TOCTOU 5082cdce4344 hwmon: (max16065) Use local variable to avoid TOCTOU ac45b270ea28 i2c: amd-mp2: fix reference leak in MP2 PCI device 24fd02c3a479 rpmsg: glink: fix rpmsg device leak dd86de8f8573 soc: amlogic: canvas: fix device leak on lookup 5527dde9ff12 soc: qcom: ocmem: fix device leak on lookup 53693b3268c2 amba: tegra-ahb: Fix device leak on SMMU enable 5ba8ba12920c drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() 2420ef01b2e8 io_uring: fix filename leak in __io_openat_prep() 685889472f29 svcrdma: return 0 on success from svc_rdma_copy_inline_range 8564deae5375 nfsd: Mark variable __maybe_unused to avoid W=1 build break 859bdf438f01 fsnotify: do not generate ACCESS/MODIFY events on child for special files 323e203a944b PM: runtime: Do not clear needs_force_resume with enabled runtime PM 6d15f08e6d8d tracing: Do not register unsupported perf events fd4c14c7b772 KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits d8c44d566187 KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) 30c71d9b4d76 KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation d2da0df7bbc4 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer 6ae727f72be0 KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() fa0c3fbc4bb5 KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 145d140abda8 libceph: make decode_pool() more resilient against corrupted osdmaps 7a146f34e5be parisc: Do not reprogram affinitiy on ASP chip cfdf6250b63b scs: fix a wrong parameter in __scs_magic e1da6e399df9 platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver d0fd1f732ea8 ocfs2: fix kernel BUG in ocfs2_find_victim_chain 12ab6ebb3778 media: vidtv: initialize local pointers upon transfer of memory ownership 04e5abccf5a3 tools/testing/nvdimm: Use per-DIMM device handle 0de4977a1eea f2fs: fix return value of f2fs_recover_fsync_data() 3d95ed8cf980 f2fs: invalidate dentry cache on failed whiteout creation 45fd86b44410 scsi: target: Reset t_task_cdb pointer in error case fc3ab9b2cce5 NFSD: use correct reservation type in nfsd4_scsi_fence_client 278455a82245 scsi: aic94xx: fix use-after-free in device removal path 50b097d92c99 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" 47e7c7496f5a cpufreq: nforce2: fix reference count leak in nforce2 4f3e0af0d9a8 intel_th: Fix error handling in intel_th_output_open d1b045228002 char: applicom: fix NULL pointer dereference in ac_ioctl 677f382acab1 usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() 439c8d0425bb usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe 43e58abad6c0 usb: phy: isp1301: fix non-OF device reference imbalance 0c2b0e747010 USB: lpc32xx_udc: Fix error handling in probe 76b52ed875d5 phy: broadcom: bcm63xx-usbh: fix section mismatches 424dd7ef4109 media: pvrusb2: Fix incorrect variable used in trace message c2305b4c5fc1 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() d14c800ec300 usb: usb-storage: Maintain minimal modifications to the bcdDevice range. 0ea5763a6ced media: v4l2-mem2mem: Fix outdated documentation 048f29c90275 jbd2: use a weaker annotation in journal handling a973d037229b ext4: align max orphan file size with e2fsprogs limit 2930d9cb9cd3 ext4: fix incorrect group number assertion in mb_check_buddy 331d6f52201b ext4: clear i_state_flags when alloc inode 3d8d22e75f7e ext4: xattr: fix null pointer deref in ext4_raw_inode() ea4e2ad6f612 ktest.pl: Fix uninitialized var in config-bisect.pl 1c0e2617b51c fs/ntfs3: fix mount failure for sparse runs in run_unpack() 7f24094db7af floppy: fix for PAGE_SIZE != 4KB 2f945c9892b0 block: rate-limit capacity change info log 3c35608d6577 lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit d685237855bf mmc: sdhci-msm: Avoid early clock doubling during HS400 transition 3fd7df4636d8 KEYS: trusted: Fix a memory leak in tpm2_load_cmd 8a69b95bc8c4 vhost/vsock: improve RCU read sections around vhost_vsock_get() 94476ed97e38 platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks 4099d8f057f2 nvme-fc: don't hold rport lock when putting ctrl 8cb8a84f7af3 serial: sprd: Return -EPROBE_DEFER when uart clock is not ready db963adebdf5 usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. 6ddc1cf758b2 usb: xhci: limit run_graceperiod for only usb 3.0 devices 58941bbb0050 usb: typec: ucsi: Handle incorrect num_connectors capability f3f0303b5330 usbip: Fix locking bug in RT-enabled kernels c4034574f87a exfat: fix remount failure in different process environments c7b986adc9e9 via_wdt: fix critical boot hang due to unnamed resource allocation 36fe06f5a292 scsi: qla2xxx: Use reinit_completion on mbx_intr_comp 8416236b992f scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive 80e898a3c614 scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled 46778b34e021 powerpc/addnote: Fix overflow on 32-bit builds c49300043e7b clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 a5622f46f4fc ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx 92f285834099 firmware: imx: scu-irq: Init workqueue before request mbox channel 22292508e1c9 ipmi: Fix __scan_channels() failing to rescan channels 5c7d972756d4 ipmi: Fix the race between __scan_channels() and deliver_response() 2168866396bd ALSA: usb-mixer: us16x08: validate meter packet indices 19b626d36aed ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path 9f490d2f5dc9 ALSA: vxpocket: Fix resource leak in vxpocket_probe error path c851e43b88b4 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() 2b4aa7f24820 mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig 9c34a4a2ead0 spi: fsl-cpm: Check length parity before switching to 16 bit mode b5e70e7fa904 ACPI: CPPC: Fix missing PCC check for guaranteed_perf d16cc7a2b3ed Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table 136abe173a3c Input: ti_am335x_tsc - fix off-by-one error in wire_order validation ac6b3033d1e5 HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen 42c91dfa772c net: hns3: add VLAN id validation before using c9bbeca124e9 net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx de631a0f9872 net: hns3: Align type of some variables with their print type bcefdb288eed net: hns3: using the num_tqps in the vf driver to apply for resources 42406760b28c net/mlx5: fw_tracer, Handle escaped percent properly 768d559f466c net/mlx5: fw_tracer, Validate format string parameters a59e9812aca1 net/mlx5: fw_tracer, Add support for unrecognized string f9dc0f45d2cd ethtool: Avoid overflowing userspace buffer on stats query 72d1c4a07780 net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers c8666be7c338 net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats 78f0d7353bdf ethtool: use phydev variable 7bf3910b82f6 nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() 02783a37cb1c net/sched: ets: Remove drr class from the active list if it changes to strict c54091eec6fe caif: fix integer underflow in cffrml_receive() 312d7cd88882 ipvs: fix ipv4 null-ptr-deref in route error path e1ac8dce3a89 netfilter: nf_conncount: fix leaked ct in error paths a94493dd78b4 broadcom: b44: prevent uninitialized value usage 3bc2efff20a3 net: openvswitch: fix middle attribute validation in push_nsh() action 6e367c361a52 mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats 9e0a0d9eeb0d mlxsw: spectrum_router: Fix neighbour use-after-free 194cd36ec05d ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() c7f6e7cc14df net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change 09efbf54eeae netrom: Fix memory leak in nr_sendmsg() e0f859d5035a Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE ca91db4f8979 btrfs: scrub: always update btrfs_scrub_progress::last_physical eb6a4e7e3d04 hfsplus: fix volume corruption issue for generic/073 d92333c7a358 hfsplus: Verify inode mode when loading from disk 39e149d58ef4 hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create 1432a4819917 hfsplus: fix volume corruption issue for generic/070 f6ca2faa3f3e fs/ntfs3: Support timestamps prior to epoch 3d4e15ef5ccb livepatch: Match old_sympos 0 and 1 in klp_find_func() a0f5ffc01af5 cpufreq: s5pv210: fix refcount leak 08ba2b9983ad ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only ecb296286c87 ACPICA: Avoid walking the Namespace if start_node is NULL 0144d18dd96d x86/ptrace: Always inline trivial accessors 9019e399684e sched/deadline: only set free_cpus for online runqueues fe293b7b0759 btrfs: fix memory leak of fs_devices in degraded seed device path b3f937e8912d bpf, arm64: Do not audit capability check in do_jit() 2ed5e0ca5d9a spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers 36cb73c557d1 spi: tegra210-quad: Fix validate combined sequence fcf4ad3208e9 coresight: etm4x: Correct polling IDLE bit 754512b096b9 netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around 460fd9a9e820 NFS: Fix missing unlock in nfs_unlink() 434b84ecb8ff ASoC: fsl_xcvr: get channel status data when PHY is not exists 3cf854cec0eb ALSA: dice: fix buffer overflow in detect_stream_formats() ce205e480799 usb: phy: Initialize struct usb_phy list_head b3c4465f2519 usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt 8877bbb620a9 ocfs2: fix memory leak in ocfs2_merge_rec_left() c5a352071f83 efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs ec7b34401123 efi/cper: Adjust infopfx size to accept an extra space 095ebf8277b5 efi/cper: Add a new helper function to print bitmasks de9f85fdf7eb dm log-writes: Add missing set_freezable() for freezable kthread 8d656002fa38 dm-raid: fix possible NULL dereference with undefined raid type a9bfe4eb0103 ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() ceb5dff91c86 ALSA: uapi: Fix typo in asound.h comment 7f031777be02 dma/pool: eliminate alloc_pages warning in atomic_pool_expand d8b52fa40fc8 block: fix comment for op_is_zone_mgmt() to include RESET_ALL 8fe7de5d1c7f blk-mq: Abort suspend when wakeup events are pending f123e1fad3a8 ASoC: ak5558: Disable regulator when error happens 8cb3ed1b5669 ASoC: ak4458: Disable regulator when error happens 5a38a44815e0 ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() 97044043d531 platform/x86: asus-wmi: use brightness_set_blocking() for kbd led 680f72890147 fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() ba1495aefd22 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags 1b44528bf4a1 fs_context: drop the unused lsm_flags member ce578fbf8e83 Revert "nfs: ignore SB_RDONLY when mounting nfs" 8e921550cc85 Revert "nfs: clear SB_RDONLY before getting superblock" dca481c17f81 Revert "nfs: ignore SB_RDONLY when remounting nfs" b6e4e3a08c03 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid 3dc5156ad61a NFS: Initialise verifiers for visible dentries in nfs_atomic_open() e77419cbb547 NFS: Fix the verifier for case sensitive filesystem in nfs_atomic_open() 19bac87dd821 NFSv4: Add some support for case insensitive filesystems 3e367777b69c fs/nls: Fix utf16 to utf8 conversion 2093051b4698 NFS: Avoid changing nlink when file removes and attribute updates race 777564417810 NFS: don't unhash dentry during unlink/rename 186072b7a23c NFS: Label the dentry with a verifier in nfs_rmdir() and nfs_unlink() 5f1bc99ea831 fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() 007408ab8449 pinctrl: single: Fix incorrect type for error return variable 184146300f78 pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling 8609287a2646 perf tools: Fix split kallsyms DSO counting 38abf6e931b1 net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop 140e6cd7b092 remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs 0d39bd3ef77a mtd: lpddr_cmds: fix signed shifts in lpddr_cmds 1d6155900a69 net: stmmac: fix rx limit check in stmmac_rx_zc() 53bc0ac47f4f netfilter: nft_connlimit: update the count if add was skipped b160895d6bc9 netfilter: nf_conncount: rework API to use sk_buff directly be69850b461e netfilter: nf_conncount: reduce unnecessary GC aea811b4cf6c netfilter: flowtable: check for maximum number of encapsulations in bridge vlan 9d041a7ba13f regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex 4a79a1d496b9 ASoC: Intel: catpt: Fix error path in hw_params() c6035886b9d8 virtio: fix virtqueue_set_affinity() docs 9410895c0e5f virtio_vdpa: fix misleading return in void function a9f01f0776f0 vdpa: Sync calls set/get config/status with cf_mutex 447092100c7e vdpa: Introduce query of device config layout 3ca8c7a6f9a0 vdpa: Introduce and use vdpa device get, set config helpers eed1541ff09d ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation c082093313c0 ext4: remove unused return value of __mb_check_buddy 99e011a78210 ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 1e8124068c93 drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() 212825c1c8cb ASoC: fsl_xcvr: clear the channel status control memory 650127b100b1 ASoC: fsl_xcvr: Add support for i.MX93 platform c464a9e42def ASoC: fsl_xcvr: Add Counter registers 9cfb946f51ce RDMA/irdma: Fix data race in irdma_free_pble 04050bf1a767 RDMA/irdma: Fix data race in irdma_sc_ccq_arm 5c494997d09e iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal 342b2c26e5ac backlight: lp855x: Fix lp855x.h kernel-doc warnings cd01a24b3e52 backlight: led-bl: Add devlink to supplier LEDs d0deba37ac85 backlight: led_bl: Take led_access lock when required 53072791efe8 wifi: ieee80211: correct FILS status codes 67d15b5ea082 PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition 7547755997b3 staging: fbtft: core: fix potential memory leak in fbtft_probe_common() d6c91fc73269 mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() f57925f0c498 crypto: ccree - Correctly handle return of sg_nents_for_len 76fc288ce114 selftests/bpf: Improve reliability of test_perf_branches_no_hw() 1d2e267f4331 selftests/bpf: skip test_perf_branches_hw() on unsupported platforms 90bb940f1c2f usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE 7b1766b525da usb: dwc2: fix hang during suspend if set as peripheral 316a067b2769 usb: dwc2: fix hang during shutdown if set as peripheral 16514b403f0a usb: dwc2: disable platform lowlevel hw resources during shutdown 5c94f6e84aec usb: chaoskey: fix locking for O_NONBLOCK f2f4627b74c1 ima: Handle error code returned by ima_filter_rule_match() 6a96bd0d9430 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() 81f087859c97 mfd: mt6358-irq: Fix missing irq_domain_remove() in error path 68715d885bb6 mfd: mt6397-irq: Fix missing irq_domain_remove() in error path d705f1c35080 pwm: bcm2835: Make sure the channel is enabled after pwm_request() 9a76b3b33e52 drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue e1c7bb405edc fs/ntfs3: Prevent memory leaks in add sub record e910114bdbd8 fs/ntfs3: out1 also needs to put mi 925e825f0c8e fs/ntfs3: Make ni_ins_new_attr return error 83177ae96486 fs/ntfs3: Add new argument is_mft to ntfs_mark_rec_free d29f1ea12adf fs/ntfs3: Remove unused mi_mark_free e0a6dcbb8ce5 powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format 89caaeee8dd9 wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() 01f1e3015a77 NFSD/blocklayout: Fix minlength check in proc_layoutget dbeddfaaa3c0 watchdog: wdat_wdt: Fix ACPI table leak in probe function dbe2bb24ac4c watchdog: wdat_wdt: Stop watchdog when uninstalling module f93b75779dc0 selftests/bpf: Fix failure paths in send_signal test cf31d9fc454f ps3disk: use memcpy_{from,to}_bvec index 4174c6409e51 PCI: keystone: Exit ks_pcie_probe() for invalid mode b6fa2843b30f leds: netxbig: Fix GPIO descriptor leak in error paths 6682d122e88e scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls b9f141eb4182 ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() 08b93c1c12c6 ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() 3e764e8a055b lib/vsprintf: Check pointer before dereferencing in time_and_date() a6189b555ccc clk: renesas: r9a06g032: Fix memory leak in error path 8368be8a5072 coresight: etm4x: Add context synchronization before enabling trace 368466234b54 coresight: etm4x: Extract the trace unit controlling d4b7290c1b5f coresight-etm4x: add isb() before reading the TRCSTATR 35d756da2d7e coresight: etm4x: Use Trace Filtering controls dynamically 53511743c5a8 coresight: etm4x: Save restore TRFCR_EL1 cd93db1b1b44 nbd: defer config unlock in nbd_genl_connect 40e6a1ebe430 wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() 14c209835e47 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse 3061b299fced powerpc/32: Fix unpaired stwcx. on interrupt exit 79c8a77b1782 ntfs3: init run lock for extend inode 9794c1a99a3a RDMA/rtrs: server: Fix error handling in get_or_create_srv 5e9a106883c6 dt-bindings: PCI: amlogic: Fix the register name of the DBI region 558222badffe dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema f0988e776c64 scsi: stex: Fix reboot_notifier leak in probe error path d3ba31267591 nbd: defer config put in recv_work 6b4b2d939537 nbd: partition nbd_read_stat() into nbd_read_reply() and nbd_handle_reply() 41ecdc2097b1 nbd: clean up return value checking of sock_xmit() 85db50d9662b regulator: core: disable supply if enabling main regulator fails c0763fe31cfe perf/x86/intel: Correct large PEBS flag check de33b4593b81 ext4: correct the checking of quota files before moving extents 8de56b96de2d ext4: minor defrag code improvements c23ea1f28855 mfd: da9055: Fix missing regmap_del_irq_chip() in error path 88db8bb7ed1b spi: tegra210-quad: Fix timeout handling f603efe72a28 spi: tegra210-quad: modify chip select (CS) deactivation c6d33b46ce13 spi: tegra210-quad: combined sequence mode f64a36c44896 spi: tegra210-quad: add new chips to compatible 036d15dbee1a spi: tegra210-quad: use device_reset method 5a26b3e8b811 scsi: target: Do not write NUL characters into ASCII configfs output 43428053153f power: supply: apm_power: only unset own apm_get_power_status 7158890e3692 power: supply: wm831x: Check wm831x_set_bits() return value bf5e04401a10 i3c: master: svc: Prevent incomplete IBI transaction 763d194b13be i3c: fix refcount inconsistency in i3c_master_register fe067c65f760 pinctrl: stm32: fix hwspinlock resource leak in probe function 9ff4cea267ef x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() 898581813aaf x86: kmsan: don't instrument stack walking functions 49c6b5e1e7fa kmsan: introduce __no_sanitize_memory and __no_kmsan_checks bd4bcf2d97a8 compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer 4af48d5cb642 sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). 59a797709dcb phy: mscc: Fix PTP for VSC8574 and VSC8572 3c149ffe83d5 firmware: imx: scu-irq: fix OF node leak in 9c5c10b32f48 s390/ap: Don't leak debug feature files if AP instructions are not available fc09726c9213 s390/smp: Fix fallback CPU detection 0049c460c57c crypto: hisilicon/qm - restore original qos values c13c6e9de91d crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id 5c56bbed31e4 uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe d27289e628bf arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl 15c09dad9a82 iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member 5fbae4ee1d2a iio: imu: st_lsm6dsx: discard samples during filters settling time 830c8336db60 iio: imu: st_lsm6dsx: introduce st_lsm6dsx_device_set_enable routine 0314de967578 inet: Avoid ehash lookup race in inet_ehash_insert() 1600b14e3c41 rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() 90e23db1a859 ntfs3: Fix uninit buffer allocated by __getname() afb144bc8e92 ntfs3: fix uninit memory after failed mi_read in mi_format_new 7bf22893398e irqchip/qcom-irq-combiner: Fix section mismatch 50fde089fb8a USB: Fix descriptor count when handling invalid MBIM extended descriptor 489b2158aec9 drm/vgem-fence: Fix potential deadlock on release ea0fd5535b0b drm/panel: visionox-rm69299: Don't clear all mode flags ca9388fba50d gpu: host1x: Fix race in syncpt alloc/free 6b1e45e13546 smack: fix bug: unprivileged task can create labels c03cb1116289 staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing 4445adedae77 staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing 7141915bf0c4 comedi: check device's attached status in compat ioctls 4cde9a7e025c comedi: multiq3: sanitize config options in multiq3_attach() f7fa1f4670c3 comedi: c6xdigio: Fix invalid PNP driver unregistration 606f57e57267 HID: elecom: Add support for ELECOM M-XT3URBK (018F) 2aa1485eff98 platform/x86: huawei-wmi: add keys for HONOR models 090003de3f6c platform/x86: acer-wmi: Ignore backlight event d8dcf8e8852b pinctrl: qcom: msm: Fix deadlock in pinmux configuration aeccd6743ee4 bfs: Reconstruct file type when loading from disk 93536b1d8478 spi: imx: keep dma request disabled before dma transfer setup 9106a929628f spi: xilinx: increase number of retries before declaring stall e86288cb0a8c USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC 5882a3fe61d3 USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC c032ddd06fe1 serial: add support of CPCI cards 999138bc35b8 USB: serial: ftdi_sio: match on interface number for jtag 141ed16ab9b7 USB: serial: option: move Telit 0x10c7 composition in the right place 2d5855509140 USB: serial: option: add Telit Cinterion FE910C04 new compositions 97c9ba42d178 USB: serial: option: add Foxconn T99W760 b2a5b172dc05 comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() 61e03dc3794e ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() c228cb699a07 locking/spinlock/debug: Fix data-race in do_raw_write_lock 43bf001f0fe4 ext4: refresh inline data size before write operations ed62fd8c15d4 jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted 5821b648480a Documentation: process: Also mention Sasha Levin as stable tree maintainer d76c2063db44 leds: spi-byte: Use devm_led_classdev_register_ext() fdcf33b9738c leds: Replace all non-returning strlcpy with strscpy 799e37e49cb6 drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR a647db560793 dpaa2-mac: bail if the dpmacs fwnode is not found e1d414c5719a xfrm: flush all states in xfrm_state_fini 1dad653643f2 xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added 9f2d85ead8ff Revert "xfrm: destroy xfrm_state synchronously on net exit path" 4b2c17d0f9be xfrm: delete x->tunnel as we delete x Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 6 ++--- .../linux/linux-yocto-tiny_5.15.bb | 6 ++--- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index 4baf0bd9833..ebe610c64b1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "9f3853efc84c7065918f3cb90be1464f61bd0871" -SRCREV_meta ?= "65baed3263fc04a3bdd461278cca80891b80cc9a" +SRCREV_machine ?= "2afe5ce992e8048f0728eafea9efed380ec08d46" +SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.197" +LINUX_VERSION ?= "5.15.198" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index a8ba1470443..1a3a110c670 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.197" +LINUX_VERSION ?= "5.15.198" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "6a3023cca521bd2e295fc1482e5b0c88c08ab2e4" -SRCREV_meta ?= "65baed3263fc04a3bdd461278cca80891b80cc9a" +SRCREV_machine ?= "30a5abb43773a288fe85ed754f1d4518ca8f28bb" +SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index 26765a216e5..f33ef22d83f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "2d635a3e35b83998b2f84bbd2e932eaafdf61826" -SRCREV_machine:qemuarm64 ?= "bb65897d11ebca68c2017bf0bed4e26599e05ddb" -SRCREV_machine:qemumips ?= "8192334823c116e4e56368fbf6ca67cdb0c945d0" -SRCREV_machine:qemuppc ?= "ec35a9c80e2a5006d01a073f9787c784fdf0a04f" -SRCREV_machine:qemuriscv64 ?= "c04373a83e017e615d8333767c8955732c6c975b" -SRCREV_machine:qemuriscv32 ?= "c04373a83e017e615d8333767c8955732c6c975b" -SRCREV_machine:qemux86 ?= "c04373a83e017e615d8333767c8955732c6c975b" -SRCREV_machine:qemux86-64 ?= "c04373a83e017e615d8333767c8955732c6c975b" -SRCREV_machine:qemumips64 ?= "5a3b47b8a7c60c97447170242b5c2e70db803b2f" -SRCREV_machine ?= "c04373a83e017e615d8333767c8955732c6c975b" -SRCREV_meta ?= "65baed3263fc04a3bdd461278cca80891b80cc9a" +SRCREV_machine:qemuarm ?= "3cce45b328f3485e7de2bedee542ef6898e050be" +SRCREV_machine:qemuarm64 ?= "2b2737663d7c08b6df6ae791d46caae904710ce0" +SRCREV_machine:qemumips ?= "7ae75ed1e71b6038140416ed1c0791373b0ed5e9" +SRCREV_machine:qemuppc ?= "490def1150cbd931cf4ae1214c6400c47bf7bde6" +SRCREV_machine:qemuriscv64 ?= "9121f41155a13f494c537589064abf738cb00c76" +SRCREV_machine:qemuriscv32 ?= "9121f41155a13f494c537589064abf738cb00c76" +SRCREV_machine:qemux86 ?= "9121f41155a13f494c537589064abf738cb00c76" +SRCREV_machine:qemux86-64 ?= "9121f41155a13f494c537589064abf738cb00c76" +SRCREV_machine:qemumips64 ?= "7e46020155a56cdcedf78dcaa4c90fc97393c09c" +SRCREV_machine ?= "9121f41155a13f494c537589064abf738cb00c76" +SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "68efe5a6c16a05391e3d96025b41e9bf573f968c" +SRCREV_machine:class-devupstream ?= "9eec9a14ee10820a0c00dd3e02ac1e0ab27ad142" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.197" +LINUX_VERSION ?= "5.15.198" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Feb 24 14:24:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81711 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B082BE9B27B for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21276.1771943108695492276 for ; Tue, 24 Feb 2026 06:25:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=2EWxRzDj; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4836f4cbe0bso42411595e9.3 for ; Tue, 24 Feb 2026 06:25:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943107; x=1772547907; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=r+8pdtSwYRzANczJJ7KAHwXZLgy75TMwWCQJgSHYwWk=; b=2EWxRzDjvHXlhxAxMbERrMwiY7OV5tTEnwtOb2Ya1wmUarz+K9NXY+uuD4UVWHH7S8 ql4e29G4sPVYuM0iq7gpGF199WCf62sFDGOf4cBNLslYrUWwnqo5xDoFKZ+BgL8TZniz qjdCzvXmMjStA81LUuxp4g7nXrjFvwG1BmZHk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943107; x=1772547907; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=r+8pdtSwYRzANczJJ7KAHwXZLgy75TMwWCQJgSHYwWk=; b=DuZa1E6ymbafOLERs6qBBXIskF0Za6e/jAxVnokv+I7PSjuPX1nObe1CPOTviZrFXK mUCtnycjqHwLIbjZbuDBcKC52KpW84vRKkiajryoIAFAjvaaC5q5tOBj5pln/mdiYCJM OI9rcQicyxBHbf/dMwVCP/lkPQLGcFJqaIQRpouZNyIjTytNt01P1/Uh5EXLliFRn9ra xUI6IOuzJwrZyg5voUlq7aZb759OXune23laF2hzIG2RsUF24bVdIH6jPQPE9sc8f7zl xXAvawGPHoKS+VyuKI3gi1OKP/I4eMFp475iJANjhTxjgvlFl68TIyP+UVlW77qjo3zi 8cOg== X-Gm-Message-State: AOJu0Yx4mymU45Uxcyxp3VtfwZV2LgIlR4OMe05U8ImQ6Unxrh6JoqVW SKyJEzgqZMvWPT/Ma7Xeldn3B0K6tBLxTe+LsSaj+Sc9bgcimH/co2/+qEvr1+f4PjHmvsOU66B 4PRMm X-Gm-Gg: AZuq6aL1jIqBWrYxpKjvYtDr2QApsg9J4l9VQN4Aw3zrJdNjMJWv2urH+gZzvnsB4hu NlAFqWnsG+ZLilZS4eivADYy2CetOllsDiuJjUO6SVMVeOttaJ+sGLi3N3A8NjhZIhGNKmnc+Hd mBA6Jaf2GFjrylPu7yDlCe8O5Y3Dj4p7hBe2CdkG8dY+yt8rYscZuGDv6B+Oj1VS+T99VjLzyUT kvODhTOZ8XD8Acf/Nk7u31fyNHSq5n2/vKcQPuEU0qNGCsu9MCNMRgPocjdFVyapk3rY/1ggHBz xET7oD6e+qK3BV3mj+FeGIbcvrS7HQuOT/dfQUgjVMKxIpsDyzHByDM/QW6N/MBmXinXfv0UAgN Wpi7Nl5d28tZztdRt48kF+fMRpuz8UtIJhJDm7Oym8CpotUrX07jCcqxGt3p5qcZ182YZoov4Wz bjlXYnIQyT/L7GEmFOMiAW92HcbTJE3Qgwnyo21nQo4WAFuNUG7pWo7m0Y1V933SZPLJfJXHm59 ELBBjai9aWPG9MADi3ABE3FDSgaQFPWiarA4w8fcn08 X-Received: by 2002:a05:600c:6291:b0:47a:7fdd:2906 with SMTP id 5b1f17b1804b1-483a95b7157mr216101035e9.12.1771943106356; Tue, 24 Feb 2026 06:25:06 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:06 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/38] linux-yocto/5.15: update to v5.15.199 Date: Tue, 24 Feb 2026 15:24:08 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231782 From: Bruce Ashfield Updating linux-yocto/5.15 to the latest korg -stable release that comprises the following commits: 7b232985052fc Linux 5.15.199 7e6040853f5b5 wifi: cfg80211: init wiphy_work before allocating rfkill fails c6d143fc945f7 wifi: cfg80211: fully move wiphy work to unbound workqueue 8930a3e1568cf wifi: cfg80211: cancel wiphy_work before freeing wiphy d81ebee178731 wifi: cfg80211: fix wiphy delayed work queueing 4737cc74b2fd8 wifi: cfg80211: use system_unbound_wq for wiphy work c8b15b0d2eec3 team: Move team device type change at the end of team_port_add 9b32d72687cfb pinctrl: meson: mark the GPIO controller as sleeping 2ccfb37ef544f mptcp: avoid dup SUB_CLOSED events after disconnect e69e435ec6e68 writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 52755c5680ce3 drm/imx/tve: fix probe device leak 28f5cbcce5d9d pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver 46933b9bc76f4 net/sched: act_ife: convert comma to semicolon ffac9893ce8d0 btrfs: prevent use-after-free on page private data in btrfs_subpage_clear_uptodate() e11e8a29b304c drm/amdkfd: fix a memory leak in device_queue_manager_init() dc934d9667399 can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak 186df821de0f3 genirq/irq_sim: Initialize work context pointers properly 00d52b2fa6083 HID: uclogic: Add NULL check in uclogic_input_configured() 51f49e3927ad5 HID: uclogic: Correct devm device reference for hidinput input_dev name c3a2e803b24eb wifi: mac80211: move TDLS work to wiphy work 9ac16e7b0b828 wifi: mac80211: use wiphy work for sdata->work ddb1bfbf4ab5c wifi: cfg80211: add a work abstraction with special semantics e1fa25a91091b Bluetooth: Fix hci_suspend_sync crash b15c9a21950e1 net: stmmac: make sure that ptp_rate is not 0 before configuring EST 65d04291adf7c usbnet: Fix using smp_processor_id() in preemptible code warnings 49b57b98fa601 NFSD: fix race between nfsd registration and exports_proc 98fc9c2cc45cf ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} 05db2b850a2b8 espintcp: fix skb leaks 0561aa6033dd1 blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() bdf38063fd15f fs/ntfs3: Initialize allocated memory before use 446beed646b2e ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency c4079a34c0ade drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED 10644e8839544 ksm: use range-walk function to jump over holes in scan_get_next_rmap_item f87f4de092c7a mm/pagewalk: add walk_page_range_vma() f569f5b8bfd51 ksmbd: smbd: fix dma_unmap_sg() nents 2c34622d9c724 mei: trace: treat reg parameter as string d5e80d1f97ae5 ALSA: scarlett2: Fix buffer overflow in config retrieval 95ab26bc462d7 nvme: fix PCIe subsystem reset controller state transition 886d98fa48580 nvme-pci: do not directly handle subsys reset fallout 25c6804cbde4b nvme-fc: rename free_ctrl callback to match name pattern 937309b52ca26 xfs: set max_agbno to allow sparse alloc of last full inode chunk 6393da54dcb34 dmaengine: stm32: dmamux: fix device leak on route allocation 7ff0a6402741e dmaengine: stm32: dmamux: fix OF node leak on route allocation failure 060b08d72a38b w1: therm: Fix off-by-one buffer overflow in alarms_store fb6fcdc03fce4 w1: w1_therm: use swap() to make code cleaner 7b94e4650020e arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s 427b0fb30ddec scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() 600894c7a2363 iio: adc: exynos_adc: fix OF populate on driver rebind f6b672daaca1c of: platform: Use default match table for /firmware 16c806d04be13 comedi: Fix getting range information for subdevices 16 to 255 2b1bef126bbb8 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). 10d1b3cf657d5 net: Add locking to protect skb->dev access in ip_output aade7df55e12e mptcp: only reset subflow errors when propagated 461f1832a6d1c scsi: qla2xxx: edif: Fix dma_free_coherent() size f8cd47294b4bf scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() df13548c0a94f ASoC: fsl: imx-card: Do not force slot width to sample width a4181b228db3b dma/pool: distinguish between missing and exhausted atomic pools 1dd15630fc633 gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler 65ba13a5b3d05 scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() 478873f7324f7 net: bridge: fix static key check eaa5da5130ded nfc: nci: Fix race between rfkill and nci_unregister_device(). 1d8ae83e1c61b net/mlx5e: Account for netdev stats in ndo_get_stats64 138dbe22d8854 net/mlx5e: Report rx_discards_phy via rx_dropped ba253d322e536 net/mlx5e: Expose rx_oversize_pkts_buffer counter b3f0dab4f9682 net/mlx5: Add HW definitions of vport debug counters 5b47b402f5833 ice: stop counting UDP csum mismatch as rx_errors 65e976e1f474a nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). b11e6f926480a rocker: fix memory leak in rocker_world_port_post_fini() 9fe793a779ce8 ipv6: use the right ifindex when replying to icmpv6 from localhost 94ae00a809c07 net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() 2b65e3ae33818 net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() ccc683f597ceb Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work feae34c992eb7 bpf: Reject narrower access to pointer ctx fields e0ffb64a2d72c bpf: Do not let BPF test infra emit invalid GSO types to stack ad97b9a55246e migrate: correct lock ordering for hugetlb file folios ef6e608e5ee71 can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak b5a1ccdc63b71 can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak 40a3334ffda47 can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak f48eabd15194b can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak e2f9c751f73a2 irqchip/gic-v3-its: Avoid truncating memory addresses ede8ce83c2184 perf/x86/intel: Do not enable BTS for guests 6e0110ea90313 netrom: fix double-free in nr_route_frame() 8b57bf1d3b1db uacce: ensure safe queue release with state management ebfa85658a39b uacce: implement mremap in uacce_vm_ops to return -EPERM 1bc3e51367c42 uacce: fix cdev handling in the cleanup path 64015cbf06e8b intel_th: fix device leak on output open() 948615429c9f2 slimbus: core: fix device reference leak on report present 00cf6f7478c9f slimbus: core: fix runtime PM imbalance on report present 6c77ce4da447a octeontx2: Fix otx2_dma_map_page() error return code 361df59ad0130 arm64: Set __nocfi on swsusp_arch_resume() 0d7c9e793e351 wifi: rsi: Fix memory corruption due to not set vif driver data size de34a80e0d6ec wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() fc8da65f9fe1b wifi: ath10k: fix dma_free_coherent() pointer c1c758ecd68bf mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function 56fb6efd5d04c ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() afca7ff5d5d4d ALSA: ctxfi: Fix potential OOB access in audio mixer handling 029efb5adffb1 iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl fdc8c835c637a iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver 92a2745aa0f66 iio: adc: ad9467: fix ad9434 vref mask fb396ee1bc53a of: fix reference count leak in of_alias_scan() d117fdcb21b05 leds: led-class: Only Add LED to leds_list when it is fully ready f775881f99fa7 x86: make page fault handling disable interrupts properly dd9442aedbeae net/sched: act_ife: avoid possible NULL deref 669bd7a54e626 octeontx2-af: Fix error handling 3be945abdd228 bonding: provide a net pointer to __skb_flow_dissect() 92c6dc181a18e be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list 9d02de4b2fd6d drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) 078c6eef1db5f drm/amd/pm: Don't clear SI SMC table when setting power limit b339601c238af usbnet: limit max_mtu based on device's hard_mtu 4630897eb1a03 ipv6: annotate data-race in ndisc_router_discovery() 13f3b3b870688 mISDN: annotate data-race around dev->work bd495244dec6e net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue 7d203254f04ff net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M 435c3bd709642 ALSA: usb: Increase volume range that triggers a warning 766e243ae8c8b regmap: Fix race condition in hwspinlock irqsave routine e18ce45f5c809 iio: adc: ad7280a: handle spi_setup() errors in probe() bea5c8df16866 staging:iio:adc:ad7280a: Register define cleanup. 7023a74cdb01d x86/kfence: avoid writing L1TF-vulnerable PTEs 4daf82511496a scsi: storvsc: Process unsupported MODE_SENSE_10 e85531cefe175 Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA d303e5d338672 Input: i8042 - add quirks for MECHREVO Wujie 15X Pro 7b673faac4784 Revert "nfc/nci: Add the inconsistency check between the input data length and count" c49b1646cc50f w1: fix redundant counter decrement in w1_attach_slave_device() 2081f7ba69c7b comedi: dmm32at: serialize use of paged registers fee86edf5803f crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec b8c24cf5268fb net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag ae810e6a8ac4f net/sched: Enforce that teql can only be used as root qdisc 70feb16e3fbfb ipvlan: Make the addrs_lock be per port 36c40a80109f1 l2tp: avoid one data-race in l2tp_tunnel_del_work() 611ef4bd9c73d fou: Don't allow 0 for FOU_ATTR_IPPROTO. 8568171dec862 net: fou: use policy and operation tables generated from the spec 9e470606c4448 net: fou: rename the source for linking cef28f55a515b netlink: add a proto specification for FOU 380a82d36e37d gue: Fix skb memleak with inner IP protocol 0. 8f4e8887d43d4 amd-xgbe: avoid misleading per-packet error log 784428ab1889e sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT 72925dbb0c8c7 bonding: limit BOND_MODE_8023AD to Ethernet devices e85cf62f75505 net: usb: dm9601: remove broken SR9700 support bef3a83a9a67c testptp: Add option to open PHC in readonly mode 6b32d042aa825 selftest/ptp: update ptp selftest to exercise the gettimex options 8510559c0fa1e ptp: add testptp mask test 3d4f2eda35897 selftests/ptp: Add -X option for testing PTP_SYS_OFFSET_PRECISE 3d58f0709a292 selftests/ptp: Add -x option for testing PTP_SYS_OFFSET_EXTENDED 3cc43c9b568a5 testptp: Add support for testing ptp_clock_info .adjphase callback f33c4d3f4b3f3 testptp: add option to shift clock by nanoseconds 7d9aa9032d0a9 ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. 9c46bf50b676f posix-clock: Store file pointer in struct posix_clock_context 62a5adf57b56e Fix memory leak in posix_clock_open() a006fc4485159 posix-clock: introduce posix_clock_context concept dc84036c173cf btrfs: fix deadlock in wait_current_trans() due to ignored transaction type 41aac90212612 dmaengine: ti: k3-udma: fix device leak on udma lookup c933aa74d9f8d dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation 1d8478b31a3da dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation 68ed0d88d1a70 dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() 4532f18e4ab36 dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() 499ddae78c4ba dmaengine: lpc18xx-dmamux: fix device leak on route allocation b7bd948f89271 dmaengine: idxd: fix device leaks on compat bind and unbind 4730f12a192d7 dmaengine: bcm-sba-raid: fix device leak on probe 4c67b4f45c854 dmaengine: at_hdmac: fix device leak on of_dma_xlate() e8758f114a922 drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() bb309377eece5 drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel c775abb6cd82a drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare eda99622e6f39 mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free c85c550eff812 x86/resctrl: Fix memory bandwidth counter width for Hygon fa226f722e2fe x86/resctrl: Add missing resctrl initialization for Hygon d35365d8f8888 EDAC/i3200: Fix a resource leak in i3200_probe1() 123a6bbe87cc1 EDAC/x38: Fix a resource leak in x38_probe1() 6cf35964a8150 hrtimer: Fix softirq base check in update_needs_ipi() 6241cd1d0acc2 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref e306c64bd2c56 nvme-pci: disable secondary temp for Wodposit WPBSNM8 2e8ea7257c5fd USB: serial: ftdi_sio: add support for PICAXE AXE027 cable 7e4c68838c605 USB: serial: option: add Telit LE910 MBIM composition 23defd20f98f3 USB: OHCI/UHCI: Add soft dependencies on ehci_platform 14739a3543c8d usb: dwc3: Check for USB4 IP_NAME 742ff37b51270 phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 e7e87af627449 phy: rockchip: inno-usb2: fix communication disruption in gadget mode 53b1ed2f400ee phy: rockchip: inno-usb2: fix disconnection in gadget mode b6923f0ffb981 x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers adabf01c19561 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts aab3a76c03b7c ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer 7d76380e98bfa HID: usbhid: paper over wrong bNumDescriptor field 2b29f38f4f966 dmaengine: omap-dma: fix dma_pool resource leak in error paths 23a52bffe415f phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) fb9d513cdf161 phy: stm32-usphyc: Fix off by one in probe() d8f1e61238799 dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing 76992310f8077 dmaengine: tegra-adma: Fix use-after-free b36b4c0dd281b mm, kfence: describe @slab parameter in __kfence_obj_info() ea46adfe5cc03 textsearch: describe @list member in ts_ops search 209f350326c8d ASoC: tlv320adcx140: fix word length cff6cd703f41d net/sched: sch_qfq: do not free existing class in qfq_change_class() 0badf6ffd2c39 selftests: drv-net: fix RPS mask handling for high CPU numbers bf1dfd389b6ae net/mlx5e: Restore destroying state bit after profile cleanup 014ba8f2953c0 vsock/test: add a final full barrier after run all tests 8d5b6b2d79c1c ipv4: ip_gre: make ipgre_header() robust 484919832e2db macvlan: fix possible UAF in macvlan_forward_source() 45126b1249757 net: update netdev_lock_{type,name} 64c71d60a21a9 ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() 76abc83a9d255 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec 4fcde4590de2d nvmet-tcp: remove boilerplate code 97250eb05e4b6 can: etas_es58x: allow partial RX URB allocation to succeed 27c90d8ed81e7 pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_5.15.bb | 4 ++-- .../linux/linux-yocto-tiny_5.15.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb index ebe610c64b1..e23c8bf88ab 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "2afe5ce992e8048f0728eafea9efed380ec08d46" +SRCREV_machine ?= "27c8048897d9d7ff1ed6d2643cbc024eb13ae342" SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.15.198" +LINUX_VERSION ?= "5.15.199" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb index 1a3a110c670..21233285b57 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb @@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.15.198" +LINUX_VERSION ?= "5.15.199" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "30a5abb43773a288fe85ed754f1d4518ca8f28bb" +SRCREV_machine ?= "7b20eb2129d25bb2a1cb963d30c2f3adb1e144b3" SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb index f33ef22d83f..861af0041af 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb @@ -14,16 +14,16 @@ KBRANCH:qemux86 ?= "v5.15/standard/base" KBRANCH:qemux86-64 ?= "v5.15/standard/base" KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "3cce45b328f3485e7de2bedee542ef6898e050be" -SRCREV_machine:qemuarm64 ?= "2b2737663d7c08b6df6ae791d46caae904710ce0" -SRCREV_machine:qemumips ?= "7ae75ed1e71b6038140416ed1c0791373b0ed5e9" -SRCREV_machine:qemuppc ?= "490def1150cbd931cf4ae1214c6400c47bf7bde6" -SRCREV_machine:qemuriscv64 ?= "9121f41155a13f494c537589064abf738cb00c76" -SRCREV_machine:qemuriscv32 ?= "9121f41155a13f494c537589064abf738cb00c76" -SRCREV_machine:qemux86 ?= "9121f41155a13f494c537589064abf738cb00c76" -SRCREV_machine:qemux86-64 ?= "9121f41155a13f494c537589064abf738cb00c76" -SRCREV_machine:qemumips64 ?= "7e46020155a56cdcedf78dcaa4c90fc97393c09c" -SRCREV_machine ?= "9121f41155a13f494c537589064abf738cb00c76" +SRCREV_machine:qemuarm ?= "0ea8d4a7d24642475c1d1e0d8be44976600eb630" +SRCREV_machine:qemuarm64 ?= "33aae9ebda82736fc0246e4d2bd7967bb7ef492a" +SRCREV_machine:qemumips ?= "0d159686c17443503bc7b59f25b5129c8543193d" +SRCREV_machine:qemuppc ?= "c8e213f83bae4792c1042bdcedd46fa60963c69b" +SRCREV_machine:qemuriscv64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" +SRCREV_machine:qemuriscv32 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" +SRCREV_machine:qemux86 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" +SRCREV_machine:qemux86-64 ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" +SRCREV_machine:qemumips64 ?= "58c96e47bbd784e078e265426b9276bad2bb7e22" +SRCREV_machine ?= "e7bbf58a0f6828ffb92109eb423eb3d1327f091a" SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll @@ -31,7 +31,7 @@ SRCREV_meta ?= "78eca082b68ad521c3bb9a1f9f0325e044045f18" # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "9eec9a14ee10820a0c00dd3e02ac1e0ab27ad142" +SRCREV_machine:class-devupstream ?= "7b232985052fcf6a78bf0f965aa4241c0678c2ba" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v5.15/base" @@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.15.198" +LINUX_VERSION ?= "5.15.199" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Tue Feb 24 14:24:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81709 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5092E9B278 for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21469.1771943109130321897 for ; Tue, 24 Feb 2026 06:25:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=x6+5aqUQ; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4806bf39419so49184435e9.1 for ; Tue, 24 Feb 2026 06:25:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943107; x=1772547907; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bncme+xMiQsTjI7rDVrV9onaw8UEEZ2iIF+6QWC2HMs=; b=x6+5aqUQrnjPza2WCkbLuxe2shrV0j/69BBc8cG4N0zhApZCWHAZ1X3iY05/JqHMM9 D+fG8YveIYb3k+/lirtThhDsiozcyF7g3lfJlWACasiy9tQ30f1L715cdcC8fxlKhgpM iEj9bYDAvTS3L+JbySEqP+8L14XwMCuJqEOPU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943107; x=1772547907; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=bncme+xMiQsTjI7rDVrV9onaw8UEEZ2iIF+6QWC2HMs=; b=mWXXwGJXazzPShFNWpDOqu3Iu/G3JWsPnJZgglSQTQiYgODIfvP5Di87jKM2W2rt02 RBlOVbryTIHqFCJg2RWyrMsTAQYop5Fr+Re8F2JOfT/0bLhMGnLPVYVTVsuAvZn++5KJ TTlZTvblQkSDp9SxU6PsHrydG7TrXJZsPp8Gf6y3ShAkk80qqIlCNffBH4ctpDav2piS cjiBbNZCtu/eN211/fX50Pd2Y17sb+YsjDqsb1iNG3Cx9HtKze6Kj/akOGeOTrUu0IOD +DOEQEtShPoIyh0nMXmrY4NAzml0sdYNOoY4dsQ3VPleFlbX8s15LkHIT8sF54qlXiH+ KSLw== X-Gm-Message-State: AOJu0Ywnl8gxT7F/EUqVxIHBRGR96+PjfRaz3ibg3M+ONZOOg4iyDeE4 6o/Mc3Bdw5mf+rsBq1kteY81DX7t4wWSt7NDrF6r3HbTuOkGQZoBWB1P4b8j9CS8CimN0eXbP+T +U4Wf X-Gm-Gg: AZuq6aJy6qefeIgsTOWPULLE7S27VEryTRQsUqkyDyrhuGpKyHLW3qwlCubAcbn6+Vn pT2CuebegeUqExIBoqAlF3IGIg/yTz0HNapz5N4krp49Xg+ggt+ADguDcfH6Fv0eT5pM5jNYQJZ udED/5ct0YEZ+0W2MRxLPF7WTtc11QYgcKPABTVTEWpljgdF457rQIo+Cx03ATxFESC2O1gyUim kpJdk5FtsdHCrOWs9hn+lE4BXnLngIQS11iqGJfCJsMFYqwWQd8dBzNxdXsCDRUQxNstp/wy3Uq qq39GIVqq9MkDFiSt5hCO7IICMjGSjz7+VxSUlSnCcZVDn4CJPo/9g6fzDQj9dcR38n90VVwFUR wH9cwDvbJy5tjOG9zEnmzRwBnyPRVImEMoYfxY9Kj/ZxP03niRa/Y2RqCMoLezHS5L4jrmYeOjm Ev3EGuRaus/GcYIqN+PkTwFClqE0zYziA32k6qeLO1BFF+2uKK+4+FJlhIQGxZbRnFTt3IJp32P w+APvgkxv1lyHn/kIT7L5PPd1u9u95zlQ== X-Received: by 2002:a05:600c:34d4:b0:477:a53c:8ca1 with SMTP id 5b1f17b1804b1-483bd76baccmr1997715e9.14.1771943107242; Tue, 24 Feb 2026 06:25:07 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:06 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 17/38] bind: Upgrade 9.18.41 -> 9.18.44 Date: Tue, 24 Feb 2026 15:24:09 +0100 Message-ID: <37381c8b8138a76d9c71296c38a67597ad5dfc76.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231783 From: Vijay Anusuri This upgrade fixes CVE-2025-13878 Changelog ========== https://downloads.isc.org/isc/bind9/9.18.44/doc/arm/html/notes.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../bind/{bind_9.18.41.bb => bind_9.18.44.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.18.41.bb => bind_9.18.44.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind_9.18.41.bb b/meta/recipes-connectivity/bind/bind_9.18.44.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.41.bb rename to meta/recipes-connectivity/bind/bind_9.18.44.bb index 0e557163d5f..64dbdf890a2 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.41.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.44.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "6ddc1d981511c4da0b203b0513af131e5d15e5f1c261145736fe1f35dd1fe79d" +SRC_URI[sha256sum] = "81f5035a25c576af1a93f0061cf70bde6d00a0c7bd1274abf73f5b5389a6f82d" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Tue Feb 24 14:24:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97D24E9B272 for ; Tue, 24 Feb 2026 14:25:10 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21277.1771943110110657629 for ; Tue, 24 Feb 2026 06:25:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=AbaId6uH; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-48371bb515eso69453555e9.1 for ; Tue, 24 Feb 2026 06:25:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943108; x=1772547908; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9OMzyLcuYyE25bOhbW3KVsZv3JzqWCLTgZJb4XncVo8=; b=AbaId6uHCHDzL9eMZFmbTC/nNbVJZL3YI7n9uVLaAX9gXEcE0CpuK0EPawsfaF3sVE tiWuxWhOgpnMtez+flZdG701ROXFskQKVfNMl8RME8is6fOaoD61S59G5KyveFaw7EGf obmlgsCBPu/t5GbKnBF/CZRHZp0RboBFix3kc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943108; x=1772547908; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=9OMzyLcuYyE25bOhbW3KVsZv3JzqWCLTgZJb4XncVo8=; b=C6U71GsClKrJ5NA6kuFiIvry3+pN/vsIXhJjU8LKrp2XSR60ro+z0/YNaJGnLq5Frz GvqkZ28lcxeezuLa4wDMjNTK9qfm2ycfIObWTD0Ok3ZoZv/ZZEJUT2GvMxU/runDjjjm sgj6lEJYjyZvcPT0w/HKxoTZzo7Pr2eJioFy4BQcTDuAK4Dm3SdNm6YRZ/qJUP67VGMv 8RKOyGpMt3eFla+8+kXebeIWt8grVBPRIjgsbIROXYg9j74kxdBQK5dzqPoTZkQwLjo+ a2kKdvTwyJjPolEctSCOrYzALvzOk3aoAAXZsideGSRQTAxOhRcb3BrtitZuwa33s7ft ZiaA== X-Gm-Message-State: AOJu0YyAqhQSKc7lgK6MPFb14E2OuMwWIuxjPc0ILwblTQXAvKzRhfM8 HrVV43L+dbZJy1XxYLlJLusPdzpXCdGkw0Y3oLtLKeonPTdZmPs3kVQLfpfWnUoS0RGGbMp5g6+ 7IYt8 X-Gm-Gg: AZuq6aLIa3cFIXWV1M+vDRx5PebPTWBS4dhTsMfj01w1lpw8Ugb4kkn8ub1qiWi0Q6V 0QSA7begleaOlJqe1Arcs0vjPQCX5tvC9Ln986i7OuxiKZvpM68sKQ5Bo7QXUy07sJJLx8c6rbe RLQBfN/YRlhXv/NSVls6GVUIri/9LKsy5WbG2w/AoRzTSj9rGdlnECTyhhynGlB1Txy/HZEeBli ysqe4YcklERAVcX4ZumXNuME4Eimh0dqo9uPL1W/x0CVR9MW68SoTUuLU3FLZ2SX2Nqn8Xz2PoX +rMeGEeYkQGC5zmnobrdtmvf74iXgPABJuqGQARVHGLLTVpRinoFkTrnpYicLapFb+2ow+gcsxi e3DsgtXc1tISDAFNedJgO4EpOQoNYbF0mh8eosXSdpocUJV01ZiPg10v5AUFzRoViXYRyvRUMuF y6XHf5MUq67baRNszI/1YUK8+KXT+5QJ8/d/B9GsY0CNRdJBInvIYhMertyIvUbDi1jeDg7eW63 qhrURFowe6VF/90PgLvTduyAtj3RvmMBA== X-Received: by 2002:a05:600d:640f:20b0:483:9139:4c1d with SMTP id 5b1f17b1804b1-483a9607e3cmr175514625e9.14.1771943107798; Tue, 24 Feb 2026 06:25:07 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:07 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 18/38] libpng: patch CVE-2026-22695 Date: Tue, 24 Feb 2026 15:24:10 +0100 Message-ID: <488b2c249576e9a933ab5dfb1badad3a8a56491e.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231784 From: Peter Marko Pick commit per [1]. This CVE is regression of fix for CVE-2025-65018. [1] https://security-tracker.debian.org/tracker/CVE-2026-22695 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libpng/files/CVE-2026-22695.patch | 77 +++++++++++++++++++ .../libpng/libpng_1.6.39.bb | 1 + 2 files changed, 78 insertions(+) create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch diff --git a/meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch b/meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch new file mode 100644 index 00000000000..673411eb341 --- /dev/null +++ b/meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch @@ -0,0 +1,77 @@ +From e4f7ad4ea2a471776c81dda4846b7691925d9786 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Fri, 9 Jan 2026 20:51:53 +0200 +Subject: [PATCH] Fix a heap buffer over-read in `png_image_read_direct_scaled` + +Fix a regression from commit 218612ddd6b17944e21eda56caf8b4bf7779d1ea. + +The function `png_image_read_direct_scaled`, introduced by the fix for +CVE-2025-65018, copies transformed row data from an intermediate buffer +(`local_row`) to the user's output buffer. The copy incorrectly used +`row_bytes` (the caller's stride) as the size parameter to memcpy, even +though `local_row` is only `png_get_rowbytes()` bytes long. + +This causes a heap buffer over-read when: + +1. The caller provides a padded stride (e.g., for memory alignment): + memcpy reads past the end of `local_row` by `stride - row_width` + bytes. + +2. The caller provides a negative stride (for bottom-up layouts): + casting ptrdiff_t to size_t produces ~2^64, causing memcpy to + attempt reading exabytes, resulting in an immediate crash. + +The fix consists in using the size of the row buffer for the copy and +using the stride for pointer advancement only. + +Reported-by: Petr Simecek +Analyzed-by: Stanislav Fort +Analyzed-by: Pavel Kohout +Co-authored-by: Petr Simecek +Signed-off-by: Cosmin Truta + +CVE: CVE-2026-22695 +Upstream-Status: Backport [https://github.com/pnggroup/libpng/commit/e4f7ad4ea2a471776c81dda4846b7691925d9786] +Signed-off-by: Peter Marko +--- + AUTHORS | 1 + + pngread.c | 4 +++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/AUTHORS b/AUTHORS +index 26b7bb50f..b9c0fffcf 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -22,6 +22,7 @@ Authors, for copyright and licensing purposes. + * Mike Klein + * Pascal Massimino + * Paul Schmidt ++ * Petr Simecek + * Qiang Zhou + * Sam Bushell + * Samuel Williams +diff --git a/pngread.c b/pngread.c +index e3426292b..9d86b01dc 100644 +--- a/pngread.c ++++ b/pngread.c +@@ -3268,9 +3268,11 @@ png_image_read_direct_scaled(png_voidp argument) + argument); + png_imagep image = display->image; + png_structrp png_ptr = image->opaque->png_ptr; ++ png_inforp info_ptr = image->opaque->info_ptr; + png_bytep local_row = png_voidcast(png_bytep, display->local_row); + png_bytep first_row = png_voidcast(png_bytep, display->first_row); + ptrdiff_t row_bytes = display->row_bytes; ++ size_t copy_bytes = png_get_rowbytes(png_ptr, info_ptr); + int passes; + + /* Handle interlacing. */ +@@ -3300,7 +3302,7 @@ png_image_read_direct_scaled(png_voidp argument) + png_read_row(png_ptr, local_row, NULL); + + /* Copy from local_row to user buffer. */ +- memcpy(output_row, local_row, (size_t)row_bytes); ++ memcpy(output_row, local_row, copy_bytes); + output_row += row_bytes; + } + } diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb index 70685b68e7b..9ca68d9b8bc 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb @@ -22,6 +22,7 @@ SRC_URI = "\ file://CVE-2025-65018-02.patch \ file://CVE-2025-66293-01.patch \ file://CVE-2025-66293-02.patch \ + file://CVE-2026-22695.patch \ " SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" From patchwork Tue Feb 24 14:24:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81721 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18BAFF357A5 for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21471.1771943110956718747 for ; Tue, 24 Feb 2026 06:25:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=nSGCFEts; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-483487335c2so50950915e9.2 for ; Tue, 24 Feb 2026 06:25:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943109; x=1772547909; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Jbcsx3BADZMTu9SZChhWfEw/deZsTNOtCYBnzlS4wAI=; b=nSGCFEtsmJsGaNpffNtgI3PTfT0imIjvdqTJPYPuzgBcYnqsC5LRydLW93N+zqa32f 8o3uUr0NoV8h9r9pjRtdt8a1T/4i2MgNnB0+ntSONSGOV5LaqkJf81ZttqPAaZwqFQpf eOG0yi65mNsVCFe8cnIt5kP3AzbBRbl4S9F0g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943109; x=1772547909; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Jbcsx3BADZMTu9SZChhWfEw/deZsTNOtCYBnzlS4wAI=; b=pNDD/mOcZ3+lUOxLl8sRyXGGTpFxJTUHthmdRoSj5905T9tiODbclZKQdMBJpYCjue ZjJx9t6E/55latxt6akTfDzJV/7o9CVMJcbRpbZW/Q9CQrT+Ic5XkAn/dgniENSng8oD LxaVvG6zNxlMaOxT1SRFUnGjVSGhsYJZQZfhwHFfbbHmCr434/Lyt8KexPau4TA4AleD /ejiyPT85ys7qqjuh6KeX6cJkOqpzUl6d0yqowfPijvz/59FdpzG0FZ4R0HDTNHP61fh /BGVU6nUvYZhh/Tl2Ngq/gLHcdDIggkWfSDYUppknH/sDqP6VhzDq7o6segiLBg0GiUU LL/w== X-Gm-Message-State: AOJu0YwnqpddqKm7u5ICcVkdKI327HwxIZuMWtEnt3K+gp+qB+s2MlGz h+bvte0tg+eYLF4GBfdB/7vLeSXLmAQMP/lghC6ITdqpBRDi3DRNo+lCy+gdPWXG80OJgRXP3WT Bss+0 X-Gm-Gg: AZuq6aJmt8HP4M9MMyA4trwgwd//WWVGf2Vkv1GSpdPlTy1PU+2QHB5wPiRo9LW6h9j XLRW7CxBTYmSURuw8lNbqtaZ99R/k05Tm4CcXiKBzOwMJEFH2Umwqiq42xmRzsdyuuxZZvGIW3m fKih50VSY8iHKx9dJi3gZLljJsTcbVXPovlmZvkXSGBfZn4tsGtqqHA4drdnwezbDRCRezsNFd2 baYypV89HfI/SgX5TmT1AabFrAsWl5JEoRKmkrwXrnwjSyRFswuoN6RVnp9p2AbgONo82vdy/cu jbcBOXGD/JLEjxA4mPjhneNl1uR4VQIYVZqHY/FznUcHLpne7RHuxUuopfHqEq19Mibq9l0lo9u T59H9lAdWcbbrXoiYBN01s73I0BwYhcckNaCcb49Mv6xWvwIJ5tyRswYpv0RF+wc5UVxaw+3cxG lToJo/vOGX82IszBdKMxvuAEnBrkmvXyFc0Y1XscGxvIoIdJ6u1AbYLyXQ2jpPYd7Yd5M5Dgweh Uoj6n+y52ZGzF0ilTNCm7iePYe7HpZg1g== X-Received: by 2002:a05:600c:3b17:b0:46e:32dd:1b1a with SMTP id 5b1f17b1804b1-483a95b15b6mr218659805e9.7.1771943108729; Tue, 24 Feb 2026 06:25:08 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:08 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 19/38] libpng: patch CVE-2026-22801 Date: Tue, 24 Feb 2026 15:24:11 +0100 Message-ID: <1f634bbd046a2443bd7e6d5c2fc0b0210012c8fe.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231785 From: Peter Marko Pick comit per [1]. [1] https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libpng/files/CVE-2026-22801.patch | 164 ++++++++++++++++++ .../libpng/libpng_1.6.39.bb | 1 + 2 files changed, 165 insertions(+) create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch diff --git a/meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch b/meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch new file mode 100644 index 00000000000..544134e1342 --- /dev/null +++ b/meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch @@ -0,0 +1,164 @@ +From cf155de014fc6c5cb199dd681dd5c8fb70429072 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Sat, 10 Jan 2026 15:20:18 +0200 +Subject: [PATCH] fix: Remove incorrect truncation casts from + `png_write_image_*` + +The type of the row stride (`display->row_bytes`) is ptrdiff_t. Casting +to png_uint_16 before division will truncate large strides, causing +incorrect pointer arithmetic for images exceeding 65535 bytes per row. +For bottom-up images (negative stride), the truncation also corrupts +the sign, advancing the row pointer forward instead of backward. + +Remove the erroneous casts and let the compiler handle the pointer +arithmetic correctly. Also replace `sizeof (png_uint_16)` with 2. + +Add regression test via `pngstest --stride-extra N` where N > 32767 +triggers the affected code paths. + +A NOTE ABOUT HISTORY: +The original code in libpng 1.5.6 (2011) had no such casts. They were +introduced in libpng 1.6.26 (2016), likely to silence compiler warnings +on 16-bit systems where the cast would be a no-op. On 32/64-bit systems +the cast truncates the strides above 65535 and corrupts the negative +strides. + +CVE: CVE-2026-22801 +Upstream-Status: Backport [https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072] +Signed-off-by: Peter Marko +--- + CMakeLists.txt | 7 +++++++ + contrib/libtests/pngstest.c | 29 ++++++++++++++++++++++++++++- + pngwrite.c | 10 +++++----- + tests/pngstest-large-stride | 8 ++++++++ + 4 files changed, 48 insertions(+), 6 deletions(-) + create mode 100755 tests/pngstest-large-stride + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index a8cd82402..a595ed91d 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -804,6 +804,13 @@ if(PNG_TESTS AND PNG_SHARED) + endforeach() + endforeach() + ++ # Regression test: ++ # Use stride_extra > 32767 to trigger row_bytes > 65535 for linear images. ++ png_add_test(NAME pngstest-large-stride ++ COMMAND pngstest ++ OPTIONS --stride-extra 33000 --tmpfile "large-stride-" --log ++ FILES "${CMAKE_CURRENT_SOURCE_DIR}/contrib/testpngs/rgb-alpha-16-linear.png") ++ + add_executable(pngunknown ${pngunknown_sources}) + target_link_libraries(pngunknown png) + +diff --git a/contrib/libtests/pngstest.c b/contrib/libtests/pngstest.c +index ff4c2b24a..2f29afee2 100644 +--- a/contrib/libtests/pngstest.c ++++ b/contrib/libtests/pngstest.c +@@ -1,7 +1,7 @@ + + /* pngstest.c + * +- * Copyright (c) 2021 Cosmin Truta ++ * Copyright (c) 2021-2026 Cosmin Truta + * Copyright (c) 2013-2017 John Cunningham Bowler + * + * This code is released under the libpng license. +@@ -3571,6 +3571,33 @@ main(int argc, char **argv) + opts |= NO_RESEED; + else if (strcmp(arg, "--fault-gbg-warning") == 0) + opts |= GBG_ERROR; ++ else if (strcmp(arg, "--stride-extra") == 0) ++ { ++ if (c+1 < argc) ++ { ++ char *ep; ++ unsigned long val = strtoul(argv[++c], &ep, 0); ++ ++ if (ep > argv[c] && *ep == 0 && val <= 65535) ++ stride_extra = (int)val; ++ ++ else ++ { ++ fflush(stdout); ++ fprintf(stderr, "%s: bad argument for --stride-extra: %s\n", ++ argv[0], argv[c]); ++ exit(99); ++ } ++ } ++ ++ else ++ { ++ fflush(stdout); ++ fprintf(stderr, "%s: missing argument for --stride-extra\n", ++ argv[0]); ++ exit(99); ++ } ++ } + else if (strcmp(arg, "--tmpfile") == 0) + { + if (c+1 < argc) +diff --git a/pngwrite.c b/pngwrite.c +index 08066bcc4..a95b846c8 100644 +--- a/pngwrite.c ++++ b/pngwrite.c +@@ -1,7 +1,7 @@ + + /* pngwrite.c - general routines to write a PNG file + * +- * Copyright (c) 2018-2022 Cosmin Truta ++ * Copyright (c) 2018-2026 Cosmin Truta + * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson + * Copyright (c) 1996-1997 Andreas Dilger + * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +@@ -1632,7 +1632,7 @@ png_write_image_16bit(png_voidp argument) + } + + png_write_row(png_ptr, png_voidcast(png_const_bytep, display->local_row)); +- input_row += (png_uint_16)display->row_bytes/(sizeof (png_uint_16)); ++ input_row += display->row_bytes / 2; + } + + return 1; +@@ -1758,7 +1758,7 @@ png_write_image_8bit(png_voidp argument) + + png_write_row(png_ptr, png_voidcast(png_const_bytep, + display->local_row)); +- input_row += (png_uint_16)display->row_bytes/(sizeof (png_uint_16)); ++ input_row += display->row_bytes / 2; + } /* while y */ + } + +@@ -1783,7 +1783,7 @@ png_write_image_8bit(png_voidp argument) + } + + png_write_row(png_ptr, output_row); +- input_row += (png_uint_16)display->row_bytes/(sizeof (png_uint_16)); ++ input_row += display->row_bytes / 2; + } + } + +@@ -2102,7 +2102,7 @@ png_image_write_main(png_voidp argument) + ptrdiff_t row_bytes = display->row_stride; + + if (linear != 0) +- row_bytes *= (sizeof (png_uint_16)); ++ row_bytes *= 2; + + if (row_bytes < 0) + row += (image->height-1) * (-row_bytes); +diff --git a/tests/pngstest-large-stride b/tests/pngstest-large-stride +new file mode 100755 +index 000000000..7958c5b42 +--- /dev/null ++++ b/tests/pngstest-large-stride +@@ -0,0 +1,8 @@ ++#!/bin/sh ++ ++# Regression test: ++# Use stride_extra > 32767 to trigger row_bytes > 65535 for linear images. ++exec ./pngstest \ ++ --stride-extra 33000 \ ++ --tmpfile "large-stride-" \ ++ --log "${srcdir}/contrib/testpngs/rgb-alpha-16-linear.png" diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb index 9ca68d9b8bc..c4347a67151 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb @@ -23,6 +23,7 @@ SRC_URI = "\ file://CVE-2025-66293-01.patch \ file://CVE-2025-66293-02.patch \ file://CVE-2026-22695.patch \ + file://CVE-2026-22801.patch \ " SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" From patchwork Tue Feb 24 14:24:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81722 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26108F357A6 for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21472.1771943111350901878 for ; Tue, 24 Feb 2026 06:25:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=lZjv4yxe; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4836d4c26d3so48732305e9.2 for ; Tue, 24 Feb 2026 06:25:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943109; x=1772547909; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DdkfgSPRhmbqk5kjMxiAs6AFTvDi3d87PSS2mM9cjSU=; b=lZjv4yxesi7hhUIwFb9akoG4pU/P1ZBSseARVBxtr+6BMgWylqHy8FEcKf4bjpgc9b U0ciPYsSeiuo2+tbHjt6lWazp5ek+VwHkBaVaj87GJf9/z6PalcMhHf/0UJAYsBzidTg t8qNAbfk3cU1Kl5Cx5zp/p+baj84ub6iwE5Lk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943109; x=1772547909; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DdkfgSPRhmbqk5kjMxiAs6AFTvDi3d87PSS2mM9cjSU=; b=d2aHOsWrKNKyR4xKurcAz1g3Wg0rLWh/fsaTWsHyGJkJloKFzG21dRPHD4JFY77NBv FYrIBqwBYOFvKBM3jcDJHKfJtM5emnfhsFMUu6vxHqiAuZr4cnNxQTpD6CIuVprv1oHc NGm3sS5GQFHscYCSF9Rawvt5JZXVDcVn7gP/g/+/SmRis1+Mm2e8J9n27uHjOoXBBd9u hFxczF/yL9ZZEtTwD1YnB7StG2+oslZjiQoQuORhcwroIy6MhAnhkSaVMC/zShJdS8Ql Qbnygln+rGY9fXd6TjHoT57lRVXcXWHmNzK9uRM0hua+ao/IKKrKD1Q3dDt4CjdoAydw eM7Q== X-Gm-Message-State: AOJu0Yxgz4+2G7dsDR5UY/9OcV0mX8qHd6cN2EsMPkc3MnNllHiM3XMv 54W2DLqkKWJFJium5O/vzIu2RRIORbQB9HM3LPvNkFLHm18jHXfjbeXpakqArOwdjzAO4JldG8Z TChtw X-Gm-Gg: AZuq6aKviELqVsTAXFOKMySAfwAgTrSw66NgbI9MeIJZM3At6soGOD15y9TldC3Usjg DbvK5SnHejknapsvZ6wRw+zMdbjES5efK6B99qDSk4DRZ09WGUGvI+4NdDXhsNA6bPMSb8kjdXA xezyausa53vk+tip6I4/sSgkWfhn8PfNx8TDXH0eTYspORAJSzbR+3g2IwPD2NaFR5knTkEFN7b DEzj7ng1glYglcaTGFO7YZW35hD2RKWF+F31OeOFkBQ5G+tNoB5xd4MrTkEycyr+PX7zdGbiBTz 8JOPyKax3+C/VymsUxb9VjO6pXSDgZ9sHfY+xoekDRLtbZdwsSS85iq/bgd4pnLRRj+Rxfgd3CA mWwhLvHaGOkdlZQylcAFW4ulY/ekc8Fvym841T+rSF6ovQJ1TWvIquD7K2YJoEiXTaPkfMpBxsF lxCTWOxljsPg0WhFLnDgXMzfkrPOt0rrXwJrj42BslEtHvOH5hF+m7vc94N97xYBHbwNtOOfj/a TkWQkFIvVO4u+30EeWs2D65h+nRSY5wUUBMp9haEa// X-Received: by 2002:a05:600c:620c:b0:483:43d8:8d68 with SMTP id 5b1f17b1804b1-483a95f8988mr199166825e9.28.1771943109406; Tue, 24 Feb 2026 06:25:09 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:09 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 20/38] libpng: patch CVE-2026-25646 Date: Tue, 24 Feb 2026 15:24:12 +0100 Message-ID: <35acc045b44a1cda6bfadcb14d33d94094b854c9.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231786 From: Peter Marko Backport patch mentioned in NVD CVE report. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libpng/files/CVE-2026-25646.patch | 61 +++++++++++++++++++ .../libpng/libpng_1.6.39.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch diff --git a/meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch b/meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch new file mode 100644 index 00000000000..e97c5078b04 --- /dev/null +++ b/meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch @@ -0,0 +1,61 @@ +From 01d03b8453eb30ade759cd45c707e5a1c7277d88 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Fri, 6 Feb 2026 19:11:54 +0200 +Subject: [PATCH] Fix a heap buffer overflow in `png_set_quantize` + +The color distance hash table stored the current palette indices, but +the color-pruning loop assumed the original indices. When colors were +eliminated and indices changed, the stored indices became stale. This +caused the loop bound `max_d` to grow past the 769-element hash array. + +The fix consists in storing the original indices via `palette_to_index` +to match the pruning loop's expectations. + +Reported-by: Joshua Inscoe +Co-authored-by: Joshua Inscoe +Signed-off-by: Cosmin Truta + +CVE: CVE-2026-25646 +Upstream-Status: Backport [https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88] +Signed-off-by: Peter Marko +--- + AUTHORS | 1 + + pngrtran.c | 6 +++--- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/AUTHORS b/AUTHORS +index b9c0fffcf..4094f4a57 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -14,6 +14,7 @@ Authors, for copyright and licensing purposes. + * Guy Eric Schalnat + * James Yu + * John Bowler ++ * Joshua Inscoe + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe +diff --git a/pngrtran.c b/pngrtran.c +index fe8f9d32c..1fce9af12 100644 +--- a/pngrtran.c ++++ b/pngrtran.c +@@ -1,7 +1,7 @@ + + /* pngrtran.c - transforms the data in a row for PNG readers + * +- * Copyright (c) 2018-2019 Cosmin Truta ++ * Copyright (c) 2018-2026 Cosmin Truta + * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson + * Copyright (c) 1996-1997 Andreas Dilger + * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +@@ -647,8 +647,8 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, + break; + + t->next = hash[d]; +- t->left = (png_byte)i; +- t->right = (png_byte)j; ++ t->left = png_ptr->palette_to_index[i]; ++ t->right = png_ptr->palette_to_index[j]; + hash[d] = t; + } + } diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb index c4347a67151..448594e0d77 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.39.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.39.bb @@ -24,6 +24,7 @@ SRC_URI = "\ file://CVE-2025-66293-02.patch \ file://CVE-2026-22695.patch \ file://CVE-2026-22801.patch \ + file://CVE-2026-25646.patch \ " SRC_URI[sha256sum] = "1f4696ce70b4ee5f85f1e1623dc1229b210029fa4b7aee573df3e2ba7b036937" From patchwork Tue Feb 24 14:24:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81728 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56670F357B2 for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21279.1771943111990683179 for ; Tue, 24 Feb 2026 06:25:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=NWp/a0CL; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4837584120eso39253935e9.1 for ; Tue, 24 Feb 2026 06:25:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943110; x=1772547910; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0vMr9kFBxyDJ/4Xa9As0mKVdRQMMPLg2dqm43fVtePc=; b=NWp/a0CLkdcqfRxn7ptwDx9Tat/h3uBX/BVmJhHlPW7SEbTX0u9GPXN3KQuq3LMYFU FTgZ7GJbynJzM1dztIjswC6zEFyd+MqeM0csoUe7S/+DpvaDGUV+F4HuxuG7iPqW5zB4 ZrEUiYWSLkI+PrU793LQ5/2gAmXNG7+F2k/f4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943110; x=1772547910; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=0vMr9kFBxyDJ/4Xa9As0mKVdRQMMPLg2dqm43fVtePc=; b=i2KqYf96lvsDafFgKav3qkskGiYm64tQPDHht3Mj+JSSRx7qc74/otm1E0QiwBBUY9 O8NjY22IAOkQ3xQzmMjn6+BBVea3oIa5sf8L2NDTvzi9V2oghhvPOVsDQ7399yLc3Bzg AcuZGgXGnH4OwpN3R/r5mtaH0bpQGtYkI7KX/ATEVF2WVNbX+lCra9EHtBodnAWSUZOx tzIEqQ50pFy9hllKHkMGLU9yDyfzNAZ/lneIYbKfWsBelO4dXPMWBqOHt4Qjargjfw2X xPiBrz8B8TV3h6y7O274+Jn5JTtbSTTtvG4B/Zv9teNNagIeXM+HnDWo3ZCsG+/ILFIW kArg== X-Gm-Message-State: AOJu0YxM075yKUWmd8a7bN9vl/d6DSyvkjbmXLHGHeSDsADbHP01vtgf KIZRqqOLr/Uxln+At692RjlbJuUOPkanmruBr43slQaK2OT71sj1LPnlkV4cXvcSZx+QuM479As eRCIyurw= X-Gm-Gg: AZuq6aKVJwbNBaIZM5a+q2emKnecdHjfWvjV30LGd1412mVT9TLEAx4x7/IpuXLnTYl 79YvG+USEL/bd2hyv1/spZvkOql0+P936c98ubg4Dj+4cMSdbFIwt4U7d043RpCBRPWqwyZCv3s BlaPv82id0bgTq2GOSvFI1OoJjQ6PGmlZFiEihEOtCUycTR4ytfz+fAZtBJ5diXXlljp2IdFSXp L7Xo4Ac+p1t6Aq6+m7L2Gb8W3rkq/HBLLQBKcRkMeEKI23t5zkt9BmmzoYYZ7TN5hwzQTP9vidG wFT+tYSxZ4CrpPc+PI7TAOLapJIXnU/qW4DSCPV5Ag9K1G9FefTksHAISigDVa4xhpjRqBYzpMH VJCtBdp60sUaNYgNA6+8N1YQuHW9uKYagYi4PMfdzdgphYABZi0IAt6rO7mhMfnuLvgzEfW3nKo pQYzJoPCTMaOSw2cJUhYLHLIayVhTM2EVDuoPNMjVRMvVKxqOsTjj+x4BQ2X9e2ssfXUV6Dxgsd KQ0p3D7/FHTtawz1Yzm+UC82DpNofPN9iEfCcAqFLan X-Received: by 2002:a05:600c:3b27:b0:483:702f:4641 with SMTP id 5b1f17b1804b1-483a95bd842mr193873795e9.3.1771943109996; Tue, 24 Feb 2026 06:25:09 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:09 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 21/38] classes/buildhistory: Do not sign buildhistory commits Date: Tue, 24 Feb 2026 15:24:13 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231787 From: Fabio Berton This change adds the --no-gpg-sign option to prevent buildhistory commits from failing due to GPG signing issues. Depending on the setup, buildhistory may fail to create a commit if the user has the commit.gpgsign option enabled. For example, if the user creates a signing key that requires a password, the commit won't be created and will fail with the following error: / |error: Enter passphrase: Load key "/home//.ssh/id_ed25519": |incorrect passphrase supplied to decrypt private key? |fatal: failed to write commit object \ The bitbake command won't fail, but buildhistory won't have a commit. Also, the commit may silently fail when building inside a container due to missing packages or issues with accessing the GPG agent. This is similar to [1], and signing the buildhistory commit should be avoided to prevent such issues. 1 - https://git.openembedded.org/openembedded-core/commit/?id=7595a0a63a933af9dd9d1e458dc34a4ba80d9eae Signed-off-by: Fabio Berton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit a5e18714aee52db898aaf9d222fb5a4168bde96e) Signed-off-by: Yoann Congal --- meta/classes/buildhistory.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index 83993f5752c..52f886dff68 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -859,7 +859,7 @@ result: $result metadata revisions: END cat ${BUILDHISTORY_DIR}/metadata-revs >> $commitmsgfile - git commit $commitopts -F $commitmsgfile --author "${BUILDHISTORY_COMMIT_AUTHOR}" > /dev/null + git commit --no-gpg-sign $commitopts -F $commitmsgfile --author "${BUILDHISTORY_COMMIT_AUTHOR}" > /dev/null rm $commitmsgfile } From patchwork Tue Feb 24 14:24:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81726 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B83EF357B3 for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21474.1771943114171275075 for ; Tue, 24 Feb 2026 06:25:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=mNI8KWC8; spf=pass (domain: smile.fr, ip: 209.85.128.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-48375f10628so36299445e9.1 for ; Tue, 24 Feb 2026 06:25:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943112; x=1772547912; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zAJow1dDUervvLrITnJadptjHAhPPt9rRR6zq6vSw5M=; b=mNI8KWC8g+hAK7Jq+fhItmT2AHKXpal5V3u19XCCVTRMeY59J7fOq5edaEPbMacn00 cWXkbWNt7B5RNqEcM/AYSou7tnfH2gw6F7/U6DcQ9Wntzhk23CxltV0ognttssRGpqBQ cFsRvimJaz5Aml8QX3xMiOMI13Shu8JQ5BfKM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943112; x=1772547912; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zAJow1dDUervvLrITnJadptjHAhPPt9rRR6zq6vSw5M=; b=s3BHw3feVxKTWAZvF1L1j0KlyU2inZN7BVOGOVYZI37b7/48nuIuxK+NcIn1/7R5/z /72OKnpOSvr2T/3qjDQ7CMk7HP2uV+ZdREy5bST49sfk6P0kuPZ8fWUzZXy9gFuDWTvY sWDQ8XixWHkz0kKMtmA30xupPOgM6E7nEhxPvr9/SOrKfvB5nsQbBUN3UudWwlJ0RIKJ utizvIR96OyD4zfRpFIe8chztQOyaU02HD6gDaHMmgEcF7yjwKXa2CtAk44yu3K6+6sE dIb2XN21AUyDzgw56m1tJQqcFmPA7+H+ddm5tNw1W0g+IbpKBUk01TBy0WjwAwVDDSTs xGPw== X-Gm-Message-State: AOJu0YwFzFDWLtdLKCbjnbFV84oOjV7MNXdboIA2CLXHDQqwiOVpvutL nbeQStDr3RaO43GHFBuohFbgdJODouU2je5EQ5jHOXdKgYaEwkftqjY5na4auTsTb+2bJcMwSz0 G2X07 X-Gm-Gg: AZuq6aLDy+6givxp7RVTV8gKMx1g/WSA9SrrtbErNjPQFwDyFPXIYMt4eIkpuhxIRPl WO1J1RFDvUCIcEbLSpaVq6dEEqraxzlYRB/UrnBipw2o9mZAdfRQM+rQpdOMSnwSdDXpXnZrulA c9KdHbPButKmUc74NrhvIxoC78NjEQ6QUiJpxTOYrDxK6CB9UYaSJuJgQOwNJCyesWW2UnavfXB ivQ7qGPBBuFn/48kzgi7aZoxQ1cVkvND4RwMytRnw2T4EDuoOia4k6zb6EOG+sUqQ3iUhmRTIF+ LpEcYpr5h1lzncEUVm3HyGjimljzpoeGblCIdh1g7447uHKh46YVfdaLE3BLtdSkyVHs5q8cfDq v/qgkJ6c8zJ8Zp07TGx6vdXyifz2zDBN7i0o9Pe7vLpYNJKrhQp6FF1DeRbB/t02YbXQNVOYg2a L/kWwsoDO8ZY51ASUCumg/7rAE3IkREE1Gupojx7kGvdtZk/5TP+2axe0ysp5nbGwawLgetHXGa HWb7WWy3uzhdrDxib6/LdSjFJcW60l9KIqn7/aej02/ X-Received: by 2002:a05:600c:3e10:b0:480:5951:fc1e with SMTP id 5b1f17b1804b1-483a95bd836mr218382725e9.11.1771943112253; Tue, 24 Feb 2026 06:25:12 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:11 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 22/38] glib-2.0: patch CVE-2026-0988 Date: Tue, 24 Feb 2026 15:24:14 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231788 From: Peter Marko Pick relevant commit from [2] linked from [1]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3851 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4944 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-0988.patch | 58 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch new file mode 100644 index 00000000000..1cdc3735edf --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch @@ -0,0 +1,58 @@ +From c5766cff61ffce0b8e787eae09908ac348338e5f Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 18 Dec 2025 23:12:18 +0000 +Subject: [PATCH] gbufferedinputstream: Fix a potential integer overflow in + peek() + +If the caller provides `offset` and `count` arguments which overflow, +their sum will overflow and could lead to `memcpy()` reading out more +memory than expected. + +Spotted by Codean Labs. + +Signed-off-by: Philip Withnall + +Fixes: #3851 + +CVE: CVE-2026-0988 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f] +Signed-off-by: Peter Marko +--- + gio/gbufferedinputstream.c | 2 +- + gio/tests/buffered-input-stream.c | 10 ++++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/gio/gbufferedinputstream.c b/gio/gbufferedinputstream.c +index 9e6bacc62..56d656be0 100644 +--- a/gio/gbufferedinputstream.c ++++ b/gio/gbufferedinputstream.c +@@ -588,7 +588,7 @@ g_buffered_input_stream_peek (GBufferedInputStream *stream, + + available = g_buffered_input_stream_get_available (stream); + +- if (offset > available) ++ if (offset > available || offset > G_MAXSIZE - count) + return 0; + + end = MIN (offset + count, available); +diff --git a/gio/tests/buffered-input-stream.c b/gio/tests/buffered-input-stream.c +index a1af4eeff..2b2a0d9aa 100644 +--- a/gio/tests/buffered-input-stream.c ++++ b/gio/tests/buffered-input-stream.c +@@ -58,6 +58,16 @@ test_peek (void) + g_assert_cmpint (npeek, ==, 0); + g_free (buffer); + ++ buffer = g_new0 (char, 64); ++ npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 8, 0); ++ g_assert_cmpint (npeek, ==, 0); ++ g_free (buffer); ++ ++ buffer = g_new0 (char, 64); ++ npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 5, G_MAXSIZE); ++ g_assert_cmpint (npeek, ==, 0); ++ g_free (buffer); ++ + g_object_unref (in); + g_object_unref (base); + } diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 50701be3d03..7c0ed01f555 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -70,6 +70,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2025-14087-02.patch \ file://CVE-2025-14087-03.patch \ file://CVE-2025-14512.patch \ + file://CVE-2026-0988.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Feb 24 14:24:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81725 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44F6AF357AF for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21476.1771943116854267502 for ; Tue, 24 Feb 2026 06:25:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=XWYOeUCA; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4806cc07ce7so53678205e9.1 for ; Tue, 24 Feb 2026 06:25:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943115; x=1772547915; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+LK4YuR1X7K1U+JseODSQlpNvr6MbXqmhjNg5M5mdxY=; b=XWYOeUCALIZvHX9TBtSc5gdnCj7YTM8TEeJCLLfbNAU+qqWEvPtqXqOCGRaBG2Npor uBOPZiRk3LeTGM1MgpfUsZc9hm8GJvwlccNA5TBJpcRLWCscsvIOesJt2TfU/7LIiX+s L17P6bhY24s5qe1JF5oQijqxglCUlFIDGVGD8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943115; x=1772547915; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=+LK4YuR1X7K1U+JseODSQlpNvr6MbXqmhjNg5M5mdxY=; b=kiDl8XAUN/r5CVQwlTdAgtax3sT9ySh121R49OpV0/gvkTiChltIXaj3UGRXxYpuWN WwFxMLBtPKVWetk2nU/LrZ401NySGVF4izk5xPhn+QzK2Gu+JpOpVgVQWW6XwV6Hhjwv lcTZH6T2OMk1SvAclQicQMdh8S1Kr+bRd3E2PkM/ek8HQ/p2zGQUioC3/MTGN2f6lDUz QNCKFSCi+AOTOgXMPnu+8jlTylSpV9bfe6rrhLjQy0ZCXkR6/R4yMzSbbv+xLl7wC9ss +HKb6f//Jrhjuon8PEA9Sp/kIBoEZFlRGMjtdco9l7EjUwtuPSs/4uUDxH8Q7Q0UG83h bHsQ== X-Gm-Message-State: AOJu0YyDZaja1tPEf+6ybefou88YILLHa0EqxxCYMBdLdbqK/smbvkN8 van64PxzbS18CDp4Tp8dQvbUtA55xTyKwecMU0fzf3nbj1h+G2wioO8OEyn3QMreSiL7VTd+Fxd Wyad0 X-Gm-Gg: AZuq6aKP2qJMMMoTeCAI7NTiqqkqcMLaPJkzt6/p2AY0LFf5mKy5URQZhMqjbr7o5Tp auxAvGwP8uh3fuRKq+UcUAwaJZow7/rlE9DAqhGpnnrZBEGf/DTLtWBlpXORliJCqWaK0ytPiPf uJsvnt7NttppovBXtZDMWXMvivgHqqiFMuy7JJhJRSqmP3DxEfT9v5XpxWdyeLwIdGEi1NgWKqz xr8drZYPp2GkIPCxcmCL5axQ6nMEYSxVpSM4RgPSXO+bpIx4TJY/JnWnsAUVeXDm/Yqwmqwpgbn DVeReb5XP4ML2BuGZOP7QjNlApQ1lGwTVHzgBOrentFnkyNzvVq0h6okze++g3kRsAP0j0JBg08 ibxWP31+WLx39JNLxSRYuCHfkMgNQIEPs79YanD9uzhMgMfdPupTPr+L7rp36qVJPCmqMw/9tg3 YVO3KMvLTrSE7Yb4iS2C0rE8Rimk7waqZ+Q8KjgXPTlL0ocPoJxpSWeAL5RnmDqD/gZpUH8sAVF jB8OtagZF+t/sohiwMPoL8DIxENxV1OQA== X-Received: by 2002:a05:600c:468d:b0:480:7162:fa48 with SMTP id 5b1f17b1804b1-483a95c8f2dmr224587985e9.13.1771943114888; Tue, 24 Feb 2026 06:25:14 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:14 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 23/38] glib-2.0: patch CVE-2026-1484 Date: Tue, 24 Feb 2026 15:24:15 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231789 From: Peter Marko Pick patches from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3870 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-1484-01.patch | 48 +++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2026-1484-02.patch | 45 +++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 2 + 3 files changed, 95 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch new file mode 100644 index 00000000000..e3a232aa9f5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch @@ -0,0 +1,48 @@ +From 5ba0ed9ab2c28294713bdc56a8744ff0a446b59c Mon Sep 17 00:00:00 2001 +From: Marco Trevisan +Date: Fri, 23 Jan 2026 18:48:30 +0100 +Subject: [PATCH] gbase64: Use gsize to prevent potential overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Both g_base64_encode_step() and g_base64_encode_close() return gsize +values, but these are summed to an int value. + +If the sum of these returned values is bigger than MAXINT, we overflow +while doing the null byte write. + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-168 +Closes: #3870 + + +(cherry picked from commit 6845f7776982849a2be1d8c9b0495e389092bff2) + +Co-authored-by: Marco Trevisan (Treviño) + +CVE: CVE-2026-1484 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/5ba0ed9ab2c28294713bdc56a8744ff0a446b59c] +Signed-off-by: Peter Marko +--- + glib/gbase64.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/glib/gbase64.c b/glib/gbase64.c +index 2ea4a4ef4..214b48911 100644 +--- a/glib/gbase64.c ++++ b/glib/gbase64.c +@@ -262,8 +262,9 @@ g_base64_encode (const guchar *data, + gsize len) + { + gchar *out; +- gint state = 0, outlen; ++ gint state = 0; + gint save = 0; ++ gsize outlen; + + g_return_val_if_fail (data != NULL || len == 0, NULL); + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch new file mode 100644 index 00000000000..d0956e62f8c --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch @@ -0,0 +1,45 @@ +From 25429bd0b22222d6986d000d62b44eebf490837d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 20:09:44 +0100 +Subject: [PATCH] gbase64: Ensure that the out value is within allocated size + +We do not want to deference or write to it + +Related to: #3870 + +CVE: CVE-2026-1484 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/25429bd0b22222d6986d000d62b44eebf490837d] +Signed-off-by: Peter Marko +--- + glib/gbase64.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/glib/gbase64.c b/glib/gbase64.c +index 214b48911..0141b3b07 100644 +--- a/glib/gbase64.c ++++ b/glib/gbase64.c +@@ -265,6 +265,7 @@ g_base64_encode (const guchar *data, + gint state = 0; + gint save = 0; + gsize outlen; ++ gsize allocsize; + + g_return_val_if_fail (data != NULL || len == 0, NULL); + +@@ -272,10 +273,15 @@ g_base64_encode (const guchar *data, + +1 is needed for trailing \0, also check for unlikely integer overflow */ + g_return_val_if_fail (len < ((G_MAXSIZE - 1) / 4 - 1) * 3, NULL); + +- out = g_malloc ((len / 3 + 1) * 4 + 1); ++ allocsize = (len / 3 + 1) * 4 + 1; ++ out = g_malloc (allocsize); + + outlen = g_base64_encode_step (data, len, FALSE, out, &state, &save); ++ g_assert (outlen <= allocsize); ++ + outlen += g_base64_encode_close (FALSE, out + outlen, &state, &save); ++ g_assert (outlen <= allocsize); ++ + out[outlen] = '\0'; + + return (gchar *) out; diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 7c0ed01f555..c6816f93fa8 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -71,6 +71,8 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2025-14087-03.patch \ file://CVE-2025-14512.patch \ file://CVE-2026-0988.patch \ + file://CVE-2026-1484-01.patch \ + file://CVE-2026-1484-02.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Feb 24 14:24:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81724 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 346F4F357AD for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21477.1771943117768316437 for ; Tue, 24 Feb 2026 06:25:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=1EVEzU32; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-483703e4b08so44686815e9.1 for ; Tue, 24 Feb 2026 06:25:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943116; x=1772547916; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EySQV0SV92rnl4sS3Q+7qO2fh6yTTNAysP4EDsWdMds=; b=1EVEzU329iwG4dCkA/IuCLLSH2YsF4Ft6oVNE59SN+gaUKJe3i61mJDQ4myTpsUXEx JKHAcxjMomLALDYJysRnHxAul34q6gVh45Ql//mTcjhANMY2Ud+l4CTCBQbYN/TwamBu ORNvEpRuNCIIEVNg2IFOdX/fwa+v0jSO0iNaE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943116; x=1772547916; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=EySQV0SV92rnl4sS3Q+7qO2fh6yTTNAysP4EDsWdMds=; b=uRSWqm2ipys/oHIa/GvamcN9LnzF6tyvLG01ZHKj87SkHsWsLmY/zNidPQNGIdK5oH c5oBPVCSCVYUXkZpny2rXum9mBUJcpk5iTebtcXWnUx/qocgtDOw3uUauSoYP9P8d6OE n8b6SaSAg5v5bCRMPPcZK6tc145jNjHmCprENM25eGVJ58quSpYDDPv/m6pswkAZcy2N Zdb33OV3yfVZHW+4GvSOk04iiyqCjeD48pNq8CKpYkPHiLpmadFmNijr3/U93FqFRB9Q QZHOc6BnbIPkb7vhTGedsgik06DQy6aYfBN37E4c6SEi8sxuq37hdJc0G1Np6APrVMv0 s60g== X-Gm-Message-State: AOJu0Yx5PY0xohMuZOnw875aOAjWjwyie7BU6u6aKx+2nVw36DF3hgze RJN3hFk4uXx2ivLgf7X3tW/Xg94x6VnwYVD2R+NF2ihcVaSzMZryIXelTh3yqgGu+1/CSucDG69 xZH/g X-Gm-Gg: AZuq6aKThoOZrn9Y1umjslKPJjtYEOzOid7IQdk8Rpdez8uTtei8O0q2kx77S+HJ3ct QkWf4FGmQZJJ+ydccAAIZsxLzXZTTP8+X1+DBO63ohVx+RxqZXyOJVN+gITWJfGW6ioX7O+1eTs 7XnP9Vm/rUzftIkNYprigO/aOqP1q6Z4Sx03ZfHrb9s8GHGcUaWTR3jZatAZJlSoPfvLyIwfN/R 5Fm6EDL6C1HDxs8k6asJqXxeUJEMAxLlYncVimi6TGkPXKDw+ffCk4gAYZjJQvLAbu7a/BCa2ix qJOSlIEnHW4uVZRwEWyk6y5+OZgTvpX8DFBQMLuTCDA8t2agxUvizUx9q2Vpiwv60PWCP3MYLiX O8TMW6CxKlXHQDO/Nww3BxOba1xK3rZ9lCqLwZyDVl8kOaYziMjl216ob6O8pNr712wLg6bnMW9 GTJZ6cShKLc79p8n865cSZ8nmlX0ZkgVFgYItAqRR1wLEFEl4gwL/uGPdH5Nv6Wsjm3/96Z4M9p auWi5Fp5a+rZkFMeU15p4LsKVDE/uvCTjn9URJ0/UAe X-Received: by 2002:a05:600c:530d:b0:483:78e7:ce15 with SMTP id 5b1f17b1804b1-483bd76b9e1mr1745365e9.13.1771943115872; Tue, 24 Feb 2026 06:25:15 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:15 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 24/38] glib-2.0: patch CVE-2026-1485 Date: Tue, 24 Feb 2026 15:24:16 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231790 From: Peter Marko Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3871 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch new file mode 100644 index 00000000000..6768a1d00c4 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch @@ -0,0 +1,44 @@ +From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001 +From: Marco Trevisan +Date: Fri, 23 Jan 2026 19:05:44 +0100 +Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer + than MAXINT +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case the header size is longer than MAXINT we may read and write to +invalid locations + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-169 +Closes: #3871 + + +(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45) + +Co-authored-by: Marco Trevisan (Treviño) + +CVE: CVE-2026-1485 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ee5acb2cefc643450509374da2600cd3bf49a109] +Signed-off-by: Peter Marko +--- + gio/gcontenttype.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c +index 230cea182..11323973a 100644 +--- a/gio/gcontenttype.c ++++ b/gio/gcontenttype.c +@@ -1013,7 +1013,7 @@ tree_match_free (TreeMatch *match) + static TreeMatch * + parse_header (gchar *line) + { +- gint len; ++ size_t len; + gchar *s; + TreeMatch *match; + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index c6816f93fa8..37a5fd34a96 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -73,6 +73,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2026-0988.patch \ file://CVE-2026-1484-01.patch \ file://CVE-2026-1484-02.patch \ + file://CVE-2026-1485.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Feb 24 14:24:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81727 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DDF3F357AC for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21479.1771943119170883017 for ; Tue, 24 Feb 2026 06:25:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=HlY6YSyy; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4837907f535so50078265e9.3 for ; Tue, 24 Feb 2026 06:25:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943117; x=1772547917; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yi8JyS0+5KvsERwSG6+7QgQXR+4BKawwoAZyKRdaTyE=; b=HlY6YSyydPsSjJYKwSQm1H8bv6sn7J9vJgT9nSnxB8Mk/Pv1GymE1fcPNOTWdn/41b qo7YotdsFPfWoyoKLVEwona3iSCUWdC6N9kvxrOcXfJR52NHoTwfKPbKlv79/gw4g6Yy 1ThQzkzo6up793Bp4/XwTmnHG0k1ACfO6qr20= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943117; x=1772547917; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=yi8JyS0+5KvsERwSG6+7QgQXR+4BKawwoAZyKRdaTyE=; b=eX9QWAMEklsLI1fe+Z4K1JUImKWHXTrfq0A6Kcn9x89FrAsRdGrmf0pE/XQW8VXI2z no6loyXfKhl05vzw64cJbpc7KgyK/hFxRD0qTJi0GTee7IedCynaNfu4rus52qhWz6A/ GW05Vb2TGfYB8DsLHM0szhCkIQwG3CC23oMH5N+OagfkpAAZVb/JZa7w/Iyz8oCHoN/3 Ei1DtODVHe1Sr/RSDNCm7ooq2wpJOFx/5CoQKILMNlYg1Evji7NzyqH2g1AFNYUuJaxC HkGXkrhZIH+QM0vEIZttNCDQF9yvjx4WeF6iiLOJwGYJJe3GTEXzAmg3EtOYsIWpu6kx ZbXw== X-Gm-Message-State: AOJu0Yye7TYt3PJnL6NCEaj1vGs0TA3cd5fEVzzOu/xjg+baLELU3jBX KQr5f7wyAh9JyWrqvqbR0APXxbyskuLKDTzqHusSbl9y4lQPUbIDSAsLgPngJ2I37HR5VYfmzCO /0ZOJ X-Gm-Gg: AZuq6aIy9CUcxsSjTC2ZpGWWLDuu0hRX68C3OU7e5WfMS3JZ8wKJi9lzGNpCoISHdpX Xb4g03oPdGN9+Td+g2Xf9yRQvG2uM2+PJj02WvJDXLa5tY4e0yLNfSvCcF+DgcE/9WLL1SpuuUG JP+dvukTSqSMNJpbu8ixmHpVh1ogZDd9LZAXtT4+QX4WsTlt+ID/1T91F3pAO+o/WvkjlbsZysq oi+tj5SEiIoH8kDx/waIXrke70pokE22eODGwpRwgi2rGR6Qu/mXeYNEZeAMrdo2JGCqKsilmRz iU+2JPVzlwEiETJuyBTcPJot9JdQQgV8MV10vInPFEkzbAyRTDI1HnSBiL0gRlymK3HSDJ5JASv MuVqdAiDcLzWw9aOB+KVSg82Jy1dnfUxa/HwHFZqqm5sG2z+8tngNGo8d/RKKBse3zTqKrTTqIG UF66vtnD8qKJJl9Tn6J9uSEJ2Qs3j9etiPUU5m7mOjVv5C0X05z8uzKBItp748nLUQQemjva1xx pqcpE3p5CU3b1pWGRJ0rK6rtm9w7Eh/bg== X-Received: by 2002:a05:600c:848e:b0:47e:e71a:e13a with SMTP id 5b1f17b1804b1-483a960a0f8mr178719515e9.32.1771943116811; Tue, 24 Feb 2026 06:25:16 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:16 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 25/38] glib-2.0: patch CVE-2026-1489 Date: Tue, 24 Feb 2026 15:24:17 +0100 Message-ID: <678efba93e863ea29cb9e3ab95d31bc25fd2e55a.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231791 From: Peter Marko Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3872 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-1489-01.patch | 42 +++ .../glib-2.0/glib-2.0/CVE-2026-1489-02.patch | 30 ++ .../glib-2.0/glib-2.0/CVE-2026-1489-03.patch | 290 ++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2026-1489-04.patch | 68 ++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 4 + 5 files changed, 434 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch new file mode 100644 index 00000000000..612bb8bec52 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch @@ -0,0 +1,42 @@ +From 662aa569efa65eaa4672ab0671eb8533a354cd89 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 22:00:17 +0100 +Subject: [PATCH] guniprop: Use size_t for output_marks length + +The input string length may overflow, and this would lead to wrong +behavior and invalid writes. + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-171 +Closes: #3872 + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/662aa569efa65eaa4672ab0671eb8533a354cd89] +Signed-off-by: Peter Marko +--- + glib/guniprop.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/glib/guniprop.c b/glib/guniprop.c +index fe0033fd6..1a0cc6408 100644 +--- a/glib/guniprop.c ++++ b/glib/guniprop.c +@@ -753,13 +753,13 @@ get_locale_type (void) + return LOCALE_NORMAL; + } + +-static gint ++static size_t + output_marks (const char **p_inout, + char *out_buffer, + gboolean remove_dot) + { + const char *p = *p_inout; +- gint len = 0; ++ size_t len = 0; + + while (*p) + { diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch new file mode 100644 index 00000000000..7587a9e09e1 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch @@ -0,0 +1,30 @@ +From 58356619525a1d565df8cc348e9784716f020f2f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 22:01:49 +0100 +Subject: [PATCH] guniprop: Do not convert size_t to gint + +We were correctly using size_t in output_special_case() since commit +362f92b69, but then we converted the value back to int + +Related to: #3872 + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/58356619525a1d565df8cc348e9784716f020f2f] +Signed-off-by: Peter Marko +--- + glib/guniprop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/guniprop.c b/glib/guniprop.c +index 1a0cc6408..fe50a287c 100644 +--- a/glib/guniprop.c ++++ b/glib/guniprop.c +@@ -779,7 +779,7 @@ output_marks (const char **p_inout, + return len; + } + +-static gint ++static size_t + output_special_case (gchar *out_buffer, + int offset, + int type, diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch new file mode 100644 index 00000000000..1755254ff7d --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch @@ -0,0 +1,290 @@ +From 170dc8c4068db4c4cbf63c7d27192e230436da21 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 22:04:22 +0100 +Subject: [PATCH] guniprop: Ensure we do not overflow size in + g_utf8_{strdown,gstrup}() + +While this is technically not a security issue, when repeatedly adding +to a size_t value, we can overflow and start from 0. + +Now, while being unlikely, technically an utf8 lower or upper string can +have a longer size than the input value, and if the output string is +bigger than G_MAXSIZE we'd end up cutting it silently. + +Let's instead assert each time we increase the output length + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/170dc8c4068db4c4cbf63c7d27192e230436da21] +Signed-off-by: Peter Marko +--- + glib/guniprop.c | 109 +++++++++++++++++++++++++++++++----------------- + 1 file changed, 70 insertions(+), 39 deletions(-) + +diff --git a/glib/guniprop.c b/glib/guniprop.c +index fe50a287c..86020b6e0 100644 +--- a/glib/guniprop.c ++++ b/glib/guniprop.c +@@ -753,14 +753,36 @@ get_locale_type (void) + return LOCALE_NORMAL; + } + +-static size_t +-output_marks (const char **p_inout, +- char *out_buffer, +- gboolean remove_dot) ++static inline void ++increase_size (size_t *sizeptr, size_t add) ++{ ++ g_assert (G_MAXSIZE - *(sizeptr) >= add); ++ *(sizeptr) += add; ++} ++ ++static inline void ++append_utf8_char_to_buffer (gunichar c, ++ char *out_buffer, ++ size_t *in_out_len) ++{ ++ gint utf8_len; ++ char *buffer; ++ ++ buffer = out_buffer ? out_buffer + *(in_out_len) : NULL; ++ utf8_len = g_unichar_to_utf8 (c, buffer); ++ ++ g_assert (utf8_len >= 0); ++ increase_size (in_out_len, utf8_len); ++} ++ ++static void ++append_mark (const char **p_inout, ++ char *out_buffer, ++ size_t *in_out_len, ++ gboolean remove_dot) + { + const char *p = *p_inout; +- size_t len = 0; +- ++ + while (*p) + { + gunichar c = g_utf8_get_char (p); +@@ -768,7 +790,7 @@ output_marks (const char **p_inout, + if (ISMARK (TYPE (c))) + { + if (!remove_dot || c != 0x307 /* COMBINING DOT ABOVE */) +- len += g_unichar_to_utf8 (c, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (c, out_buffer, in_out_len); + p = g_utf8_next_char (p); + } + else +@@ -776,14 +798,14 @@ output_marks (const char **p_inout, + } + + *p_inout = p; +- return len; + } + +-static size_t +-output_special_case (gchar *out_buffer, +- int offset, +- int type, +- int which) ++static void ++append_special_case (char *out_buffer, ++ size_t *in_out_len, ++ int offset, ++ int type, ++ int which) + { + const gchar *p = special_case_table + offset; + gint len; +@@ -795,10 +817,12 @@ output_special_case (gchar *out_buffer, + p += strlen (p) + 1; + + len = strlen (p); +- if (out_buffer) +- memcpy (out_buffer, p, len); ++ g_assert (len < G_MAXSIZE - *in_out_len); + +- return len; ++ if (out_buffer) ++ memcpy (out_buffer + *in_out_len, p, len); ++ ++ increase_size (in_out_len, len); + } + + static gsize +@@ -839,11 +863,13 @@ real_toupper (const gchar *str, + decomp_len = g_unichar_fully_decompose (c, FALSE, decomp, G_N_ELEMENTS (decomp)); + for (i=0; i < decomp_len; i++) + { ++ + if (decomp[i] != 0x307 /* COMBINING DOT ABOVE */) +- len += g_unichar_to_utf8 (g_unichar_toupper (decomp[i]), out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (g_unichar_toupper (decomp[i]), ++ out_buffer, &len); + } +- +- len += output_marks (&p, out_buffer ? out_buffer + len : NULL, TRUE); ++ ++ append_mark (&p, out_buffer, &len, TRUE); + + continue; + } +@@ -856,17 +882,17 @@ real_toupper (const gchar *str, + if (locale_type == LOCALE_TURKIC && c == 'i') + { + /* i => LATIN CAPITAL LETTER I WITH DOT ABOVE */ +- len += g_unichar_to_utf8 (0x130, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x130, out_buffer, &len); + } + else if (c == 0x0345) /* COMBINING GREEK YPOGEGRAMMENI */ + { + /* Nasty, need to move it after other combining marks .. this would go away if + * we normalized first. + */ +- len += output_marks (&p, out_buffer ? out_buffer + len : NULL, FALSE); ++ append_mark (&p, out_buffer, &len, TRUE); + + /* And output as GREEK CAPITAL LETTER IOTA */ +- len += g_unichar_to_utf8 (0x399, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x399, out_buffer, &len); + } + else if (IS (t, + OR (G_UNICODE_LOWERCASE_LETTER, +@@ -877,8 +903,8 @@ real_toupper (const gchar *str, + + if (val >= 0x1000000) + { +- len += output_special_case (out_buffer ? out_buffer + len : NULL, val - 0x1000000, t, +- t == G_UNICODE_LOWERCASE_LETTER ? 0 : 1); ++ append_special_case (out_buffer, &len, val - 0x1000000, t, ++ t == G_UNICODE_LOWERCASE_LETTER ? 0 : 1); + } + else + { +@@ -898,7 +924,7 @@ real_toupper (const gchar *str, + /* Some lowercase letters, e.g., U+000AA, FEMININE ORDINAL INDICATOR, + * do not have an uppercase equivalent, in which case val will be + * zero. */ +- len += g_unichar_to_utf8 (val ? val : c, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (val ? val : c, out_buffer, &len); + } + } + else +@@ -908,7 +934,7 @@ real_toupper (const gchar *str, + if (out_buffer) + memcpy (out_buffer + len, last, char_len); + +- len += char_len; ++ increase_size (&len, char_len); + } + + } +@@ -946,6 +972,8 @@ g_utf8_strup (const gchar *str, + * We use a two pass approach to keep memory management simple + */ + result_len = real_toupper (str, len, NULL, locale_type); ++ g_assert (result_len < G_MAXSIZE); ++ + result = g_malloc (result_len + 1); + real_toupper (str, len, result, locale_type); + result[result_len] = '\0'; +@@ -1003,14 +1031,15 @@ real_tolower (const gchar *str, + { + /* I + COMBINING DOT ABOVE => i (U+0069) + * LATIN CAPITAL LETTER I WITH DOT ABOVE => i (U+0069) */ +- len += g_unichar_to_utf8 (0x0069, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0069, out_buffer, &len); ++ + if (combining_dot) + p = g_utf8_next_char (p); + } + else + { + /* I => LATIN SMALL LETTER DOTLESS I */ +- len += g_unichar_to_utf8 (0x131, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x131, out_buffer, &len); + } + } + /* Introduce an explicit dot above when lowercasing capital I's and J's +@@ -1018,19 +1047,19 @@ real_tolower (const gchar *str, + else if (locale_type == LOCALE_LITHUANIAN && + (c == 0x00cc || c == 0x00cd || c == 0x0128)) + { +- len += g_unichar_to_utf8 (0x0069, out_buffer ? out_buffer + len : NULL); +- len += g_unichar_to_utf8 (0x0307, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0069, out_buffer, &len); ++ append_utf8_char_to_buffer (0x0307, out_buffer, &len); + + switch (c) + { + case 0x00cc: +- len += g_unichar_to_utf8 (0x0300, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0300, out_buffer, &len); + break; + case 0x00cd: +- len += g_unichar_to_utf8 (0x0301, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0301, out_buffer, &len); + break; + case 0x0128: +- len += g_unichar_to_utf8 (0x0303, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0303, out_buffer, &len); + break; + } + } +@@ -1039,8 +1068,8 @@ real_tolower (const gchar *str, + c == 'J' || c == G_UNICHAR_FULLWIDTH_J || c == 0x012e) && + has_more_above (p)) + { +- len += g_unichar_to_utf8 (g_unichar_tolower (c), out_buffer ? out_buffer + len : NULL); +- len += g_unichar_to_utf8 (0x0307, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (g_unichar_tolower (c), out_buffer, &len); ++ append_utf8_char_to_buffer (0x0307, out_buffer, &len); + } + else if (c == 0x03A3) /* GREEK CAPITAL LETTER SIGMA */ + { +@@ -1063,7 +1092,7 @@ real_tolower (const gchar *str, + else + val = 0x3c2; /* GREEK SMALL FINAL SIGMA */ + +- len += g_unichar_to_utf8 (val, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (val, out_buffer, &len); + } + else if (IS (t, + OR (G_UNICODE_UPPERCASE_LETTER, +@@ -1074,7 +1103,7 @@ real_tolower (const gchar *str, + + if (val >= 0x1000000) + { +- len += output_special_case (out_buffer ? out_buffer + len : NULL, val - 0x1000000, t, 0); ++ append_special_case (out_buffer, &len, val - 0x1000000, t, 0); + } + else + { +@@ -1093,7 +1122,7 @@ real_tolower (const gchar *str, + + /* Not all uppercase letters are guaranteed to have a lowercase + * equivalent. If this is the case, val will be zero. */ +- len += g_unichar_to_utf8 (val ? val : c, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (val ? val : c, out_buffer, &len); + } + } + else +@@ -1103,7 +1132,7 @@ real_tolower (const gchar *str, + if (out_buffer) + memcpy (out_buffer + len, last, char_len); + +- len += char_len; ++ increase_size (&len, char_len); + } + + } +@@ -1140,6 +1169,8 @@ g_utf8_strdown (const gchar *str, + * We use a two pass approach to keep memory management simple + */ + result_len = real_tolower (str, len, NULL, locale_type); ++ g_assert (result_len < G_MAXSIZE); ++ + result = g_malloc (result_len + 1); + real_tolower (str, len, result, locale_type); + result[result_len] = '\0'; diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch new file mode 100644 index 00000000000..779d36ccda4 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch @@ -0,0 +1,68 @@ +From b96966058f4291db8970ced70ee22103e63679e5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Fri, 23 Jan 2026 17:39:34 +0100 +Subject: [PATCH] glib/tests/unicode: Add test debug information when parsing + input files + +On case of failures makes it easier to understand on what line of the +source file we're at, as it might not be clear for non-ascii chars + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/b96966058f4291db8970ced70ee22103e63679e5] +Signed-off-by: Peter Marko +--- + glib/tests/unicode.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/glib/tests/unicode.c b/glib/tests/unicode.c +index 90b5a98b8..44d1083dd 100644 +--- a/glib/tests/unicode.c ++++ b/glib/tests/unicode.c +@@ -546,6 +546,7 @@ test_casemap_and_casefold (void) + const char *locale; + const char *test; + const char *expected; ++ size_t line = 0; + char *convert; + char *current_locale = setlocale (LC_CTYPE, NULL); + +@@ -555,6 +556,7 @@ test_casemap_and_casefold (void) + + while (fgets (buffer, sizeof (buffer), infile)) + { ++ line++; + if (buffer[0] == '#') + continue; + +@@ -588,6 +590,9 @@ test_casemap_and_casefold (void) + + convert = g_utf8_strup (test, -1); + expected = strings[4][0] ? strings[4] : test; ++ g_test_message ("Converting '%s' => '%s' (line %" G_GSIZE_FORMAT ")", ++ test, expected, line); ++ + g_assert_cmpstr (convert, ==, expected); + g_free (convert); + +@@ -607,9 +612,11 @@ test_casemap_and_casefold (void) + + infile = fopen (filename, "r"); + g_assert (infile != NULL); ++ line = 0; + + while (fgets (buffer, sizeof (buffer), infile)) + { ++ line++; + if (buffer[0] == '#') + continue; + +@@ -619,6 +626,9 @@ test_casemap_and_casefold (void) + test = strings[0]; + + convert = g_utf8_casefold (test, -1); ++ g_test_message ("Converting '%s' => '%s' (line %" G_GSIZE_FORMAT ")", ++ test, strings[1], line); ++ + g_assert_cmpstr (convert, ==, strings[1]); + g_free (convert); + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 37a5fd34a96..8d349af1d5d 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -74,6 +74,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2026-1484-01.patch \ file://CVE-2026-1484-02.patch \ file://CVE-2026-1485.patch \ + file://CVE-2026-1489-01.patch \ + file://CVE-2026-1489-02.patch \ + file://CVE-2026-1489-03.patch \ + file://CVE-2026-1489-04.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Feb 24 14:24:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81723 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FD8AF357A7 for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21481.1771943119734044013 for ; Tue, 24 Feb 2026 06:25:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=qffWlR7Z; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48329eb96a7so32847155e9.3 for ; Tue, 24 Feb 2026 06:25:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943118; x=1772547918; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VmkTOqDcE93eIMy+M/P6J1uqPcdwrP28jeKbFUrG5VE=; b=qffWlR7ZkEdQvpdjTtZ7BvyvteO7rZX/nSXvX3H4oVMsECNS0Lynz77fgX+ahp9EyD pQXSljW6VNaz7CZzxreL8FJKryOuhBAmQlbRuxNWixX3HDSMl74Ml/bzc0DuXI7Xm5MK 5O/TCQmMgrdUyIAEDgze4aP2hRGF6wpLj6Dx4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943118; x=1772547918; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VmkTOqDcE93eIMy+M/P6J1uqPcdwrP28jeKbFUrG5VE=; b=lenMRNgMSbVCjAPrpRdGs2iqTP2uHZTfRcF+30lj5fnx5IZed9Ksc2csJWiPRp6GeX 6YtQMdohFx2b6PltRYOG8yhbmXP43lZUgWqqhDy15DbZhR8qH4oeggP1AUpfL99vNlBn 4m70/HTiXT6bNP3YN0BVD3ycRWrsaALlJRENZMmkT8U820D7V8n9yI2MhdEy/78cXXl1 SLGECXjc3uBQjSB/9N9lnhOx8apBQ5voD2b3WOV43RdwCBqCF8DgSgnRMaWbbbevq+IU ICApJZhOwB9jVK2ALvbBU7ujAhRBbxVTKef3Wk1WI2NjuIMyEBtLbtxxVzxpEpBvyj8n UChA== X-Gm-Message-State: AOJu0YyRIfTDetmFjIEWewHKdqWLUU9DbElrKv4GgVLwz3z4Ip5MEmp6 n8HDhvBmz4HE7p6DU9u81MOnKXRlngFq2v9+vyoIne5AF5JWTL11NEk6rT9knGDt+XKAl7+5aVe n1p42 X-Gm-Gg: AZuq6aLRhYY5GKN6VeIilJG2TyW9dk5P8BK/yktZy4LQ4Oy0Ry/hX1PHJwBpgQqnZNX bEsc2ac4QNKsH5UI5ccLKoVxUR+aB1W55cq11udk5N586qLNJUsS4366OkYbE9YkP41V4dkpE2s LoLl864BZibQtWVo9RzFCrsn3T1PTSzA71EE7/kgvxIjnPfueHNTXN0r/jQJgrjD4Ru+zA2VD05 Rw+0zSnKkkKFKqb5XRPW9WGyIsOgnemvk4UPBuThoeyhUxCgPLVTY2AnoJa8WOraT4IDvHl3s5J vKAmlpC6rVbxIfx1le+4bq77xJM5DRyz/5aBesRA0CUjECpdGI2uQbp04/V0NJ95fVwRrEPxjiH 5okGVJKRRlnpSrc8fJeiFtEtQX99LnK2iSquaWxkD/IjTJ5ssq1XSNId/F5AuBCwhVk8gsQiBHu PC11J3TRkg2KrYLgoGgfhsjm2u3Q7JXz2+UNcTA+WxLHA/CjtWOBtstiBROLs7wG2kM6xDNz+XB x/43CuwNqS5jsQtKhCkYasCxNCD5jNvQw== X-Received: by 2002:a05:600c:1c22:b0:483:79ad:f3b9 with SMTP id 5b1f17b1804b1-483a95eada4mr217333215e9.28.1771943117719; Tue, 24 Feb 2026 06:25:17 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:17 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 26/38] ffmpeg: set status of CVE-2025-25468 and CVE-2025-25469 Date: Tue, 24 Feb 2026 15:24:18 +0100 Message-ID: <5d0642f48adb0235f98f91636132785f7fd71917.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231792 From: Peter Marko These CVEs have the same fix commit per NVD report [3]. Blaming the fix [1] is showing that the return without freeing memory was introduced in [2]. [1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd [2] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d38fc25519cf12a9212dadcba1258fc176ffbade [3] https://nvd.nist.gov/vuln/detail/CVE-2025-25468 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb index d64b97e7877..4793035eb72 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb @@ -105,6 +105,11 @@ CVE_CHECK_IGNORE += "CVE-2022-3341" # bugfix: https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3 CVE_CHECK_IGNORE += "CVE-2023-6603" +# These vulnerabilities were introduced in v8.0 +# introduced: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d38fc25519cf12a9212dadcba1258fc176ffbade +# bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd +CVE_CHECK_IGNORE += "CVE-2025-25468 CVE-2025-25469" + # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 ARM_INSTRUCTION_SET:armv4 = "arm" ARM_INSTRUCTION_SET:armv5 = "arm" From patchwork Tue Feb 24 14:24:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81720 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12A8FF357A3 for ; Tue, 24 Feb 2026 14:25:21 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21281.1771943120234756495 for ; Tue, 24 Feb 2026 06:25:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=PdNCazWg; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-48372efa020so44678515e9.2 for ; Tue, 24 Feb 2026 06:25:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943118; x=1772547918; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1dJdZpC+KRVDh/rR8uzotdyweT24CuoI7toTAKoG7KQ=; b=PdNCazWgTBkNBt4KX9wHdkqRDY91Ho1CPnIRoiyMUvmbXmJNlX4jVQOXkBSWiiW+2a 2PHlGKjuBugMa3umkPj66bPOQIaIsHKGOmlbiZbzCeJNiggb0K73OCCHSVVWnCf9VhmH UmpveQqIObtqfSECYiHO0PzA6TYU5cWC5HN2Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943118; x=1772547918; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1dJdZpC+KRVDh/rR8uzotdyweT24CuoI7toTAKoG7KQ=; b=aeOKlq5RdxvnS2hAujOhMinhu3kC7jCqAISjv+LxdQbijUTWml4TOhhS5u68QhDnmi rsfxRrQ5rxN3BpPy/pLaw7PXC6YhO+9SBLOKtNjRHKEU/J1PHKE2mXITpvsrPwm5NXpt 7mp9NihmP3+wYcr8KyJWnh50m+9iVd8nFG3eAz4XfjLdwKZenlWNfx7038n737mYNgSh iOYQlnhxf1uMybM7ss4S3J6a8EpsUlUx+MG9gUPgBmHHMBuWveASChFwrdWIYskqu7rK u2vF9X3sTadvSrxuIXKVzpsTjS4IfOLfxVyhJ6THAMNR8YlpluRnGDulpEpi75C4UxJQ HDWg== X-Gm-Message-State: AOJu0YyQ3LPzr5i/Ej4ej5RHnE2t97vDejHsD3kcWWk7dlL3l8UZp4NZ 3LTw8XNkdX3tVqpcUI6OKQrnwm+W5GhlaX+wMyhJipgG1spT+GJtWRHNuUAi0NwIQDrUY1PdGur PTEDp X-Gm-Gg: AZuq6aKA3zu2Pmaul2mB6NvgNoIKd2dPEri2rveunmjuM9DynwRRjkxFkWjuAMoa+E6 6i6tarZ2Sc7lW9BaJekrSQ9ccSsinZRe0vb8a2h4rWBR4OUPT95/5ctobeg5n0no6cnSTxMKHys K1iKbHgphXTcHCSYx5kMdL5z+Z3jIPIFD6UZGLI1HxtewOFxELC8/fmq6wEppKl7wm2V1S/TJzj 6qrtXA1cmIdtQcbH2m9eUTn3eRtn3ZqyhMnmBkNMepoRENf2bJAlWmu34nxRmWSZpnNJnKq4752 8lDiM8zkveumuzukV/ZBEth5fZY/Pv3bzypQxOfnAXED+PphbxGcTBPKTBT3i0UExU8RMLDwTpy WtXdWO4aqTwOJZtwDSHO3fv26U0zsht16I3f60oLxWOYeWZ4C6TeriAtEWImn+M0aomcCXnEmCn b/nkYDHO7wZidaoiH7GxqPFvFORrmysQXgeZIaOfDxmmsrW1Gcu832F3DSudVsMUQaFbWC7I6CG NxQkyZQlsac22rnRdjmvs9c34jv9F4spw== X-Received: by 2002:a05:600c:1f93:b0:480:1c2f:b003 with SMTP id 5b1f17b1804b1-483a962cf2bmr225336965e9.20.1771943118376; Tue, 24 Feb 2026 06:25:18 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:18 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 27/38] vim: ignore CVE-2025-66476 Date: Tue, 24 Feb 2026 15:24:19 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231793 From: Peter Marko Details https://nvd.nist.gov/vuln/detail/CVE-2025-66476 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-support/vim/vim_9.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/vim/vim_9.1.bb b/meta/recipes-support/vim/vim_9.1.bb index f358e61132b..e536d4ce4bd 100644 --- a/meta/recipes-support/vim/vim_9.1.bb +++ b/meta/recipes-support/vim/vim_9.1.bb @@ -17,3 +17,6 @@ ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd" # in many places for _FORTIFY_SOURCE=2. Security flags become part of CC. # lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}" + +# not-applicable-platform: Issue only applies on Windows +CVE_CHECK_IGNORE += "CVE-2025-66476" From patchwork Tue Feb 24 14:24:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81730 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A886F357AC for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21282.1771943121478788874 for ; Tue, 24 Feb 2026 06:25:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=gAfIVdhI; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4837584120eso39255235e9.1 for ; Tue, 24 Feb 2026 06:25:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943120; x=1772547920; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=P0F4beV0MqDp4QtEa2/H04octKSM+igY9bIqN5EVh6Q=; b=gAfIVdhIJbsziF7h5YbfMZEq+urkw6NZhhSJobXhZnbadmo0zbNK1r89sRYVH/FaZK g2dEEAx0lgYo7+HdjnV2tIqYo9dA8oPd3weDaDxYILXdjNF2obFOb7dwvsN7Wj+JWXlX Tt2mmvKuD2f7MVdyxdYMskciWkH2lPWRaFTL0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943120; x=1772547920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=P0F4beV0MqDp4QtEa2/H04octKSM+igY9bIqN5EVh6Q=; b=TitTlibFs4i4HAQf7gLZSPANMLa0xJwihuFIk8LN5hFMoaHpmxicsgfE0ZIyrkgVb6 7V4ASdC9odFvRqncH7CJdUL16R1QOO22BecoJNgjEgWvdTHSpivyNFX9IT45ZtXX8TNN F4fxDuZAnXKIYjmNEC086XdmZNiGKZff0rW935G6ThnFIEPBq4b27Sbj/NZcpBg16y/T tX8kRj7i0yER5m6Bbt4DaaPwBjuHLXSs6fgmErwkc4bKgir8W6nL08mgQpB1hu1/CySq f34mSWxEuDMNqIpsF6fwt0knEt0xMlz+N9RQwAqgmWRFyQoDouT8HIRePJIXrvQoZUzH 7rPw== X-Gm-Message-State: AOJu0Yz7as5t1+W+cnDd7md0w8jJ9Bz7Pe7U38qQ6GA8/QNU/46kZ16E MgLxobrO+QtKDPs8e6U6tFKpE1cKVUs8XdAkQvccPhwXC7M1TjYLPtSvLQQzb8BjGX9ImaQuLJf KWiT0 X-Gm-Gg: AZuq6aKqUykJqFJGV5aGA7Z1GEcE+4Ie/xoUzZvABEz8wZorIQkKfg5EdCs4fMxNkk9 SMCid3VDJOJiss+lV9v7q87wXBxt+lP9o5vg8klc0AYjFhtGhmV9ry1U44ijOZ8ENHypKuHXDr5 cd9y4WFMTJ3sGk0NRFrxNgEbcG6odJkeWOWshrrUbHx2gZ0HT/WhbtvXZ9o0mnUx7tgAXfSZ2tt h13AwJlaqRXlM7HEgIWkvacUZ0TsYSzY+rrdkh16Ct0e60cchn68Yio/nT70c50XvCTIco/zHG6 4OWZH3sN4H6XHm2RdGnMWozEyru2C/V1jFCRwo6SA/An+Iak4hrVBO1S9cJ4BqW9WRMOz6TdBeY wo6XyMl+65N5UnATnEutvEuWRlKKVWJpwjfTQg81b49324efYXaVoGEDbkTy4wPzvLWmceRVjMv 9B8rubq6qkm7ZjMKF45qZAWhLSEon/X15SRzTe0fIHPmcBVKrH53EpiyDEQ/GTlCoNJUH5d8e9p j2g7bNHYRFLGZgV8sjiGo3Irv6tECxaYg== X-Received: by 2002:a05:600c:34c5:b0:47a:8cce:2940 with SMTP id 5b1f17b1804b1-483a95c729cmr228299515e9.14.1771943119537; Tue, 24 Feb 2026 06:25:19 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:19 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 28/38] avahi: patch CVE-2025-68276 Date: Tue, 24 Feb 2026 15:24:20 +0100 Message-ID: <27cbfcafe5c5db9aeb7c06042174d5989b978417.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231794 From: Ankur Tyagi Backport the patch[1] from the PR[2] mentioned in the nvd[3]. [1] https://github.com/avahi/avahi/commit/2d48e42d44a183f26a4d12d1f5d41abb9b7c6355 [2] https://github.com/avahi/avahi/pull/806 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-68276 Dropped CI changes from the original PR during backport. Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68276.patch | 65 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 20b2791ef32..b38fedb38bf 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -37,6 +37,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://CVE-2023-38473.patch \ file://CVE-2024-52616.patch \ file://CVE-2024-52615.patch \ + file://CVE-2025-68276.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch new file mode 100644 index 00000000000..75169419f10 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch @@ -0,0 +1,65 @@ +From 8ec85459d8e6e59cc14457e16fb7ba171901f90e Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Wed, 17 Dec 2025 08:11:23 +0000 +Subject: [PATCH] core: refuse to create wide-area record browsers when + wide-area is off + +It fixes a bug where it was possible for unprivileged local users to +crash avahi-daemon (with wide-area disabled) by creating record browsers +with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus (either by calling +the RecordBrowserNew method directly or by creating hostname/address/service +resolvers/browsers that create those browsers internally themselves). + +``` +$ gdbus call --system --dest org.freedesktop.Avahi --object-path / --method org.freedesktop.Avahi.Server.ResolveHostName -- -1 -1 yo.local -1 1 +Error: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying +``` +``` +dbus-protocol.c: interface=org.freedesktop.Avahi.Server, path=/, member=ResolveHostName +avahi-daemon: wide-area.c:725: avahi_wide_area_scan_cache: Assertion `e' failed. +==307948== +==307948== Process terminating with default action of signal 6 (SIGABRT) +==307948== at 0x4B3630C: __pthread_kill_implementation (pthread_kill.c:44) +==307948== by 0x4ADF921: raise (raise.c:26) +==307948== by 0x4AC74AB: abort (abort.c:77) +==307948== by 0x4AC741F: __assert_fail_base.cold (assert.c:118) +==307948== by 0x48D8B85: avahi_wide_area_scan_cache (wide-area.c:725) +==307948== by 0x48C8953: lookup_scan_cache (browse.c:351) +==307948== by 0x48C8B1B: lookup_go (browse.c:386) +==307948== by 0x48C9148: defer_callback (browse.c:516) +==307948== by 0x48AEA0E: expiration_event (timeeventq.c:94) +==307948== by 0x489D3AE: timeout_callback (simple-watch.c:447) +==307948== by 0x489D787: avahi_simple_poll_dispatch (simple-watch.c:563) +==307948== by 0x489D91E: avahi_simple_poll_iterate (simple-watch.c:605) +==307948== +``` + +wide-area has been disabled by default since +9c4214146738146e454f098264690e8e884c39bd (v0.9-rc2). + +https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc + +CVE: CVE-2025-68276 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/2d48e42d44a183f26a4d12d1f5d41abb9b7c6355] +(cherry picked from commit 2d48e42d44a183f26a4d12d1f5d41abb9b7c6355) +Signed-off-by: Ankur Tyagi +--- + avahi-core/browse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index e8a915e..59d53cb 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -541,6 +541,11 @@ AvahiSRecordBrowser *avahi_s_record_browser_prepare( + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !(flags & AVAHI_LOOKUP_USE_WIDE_AREA) || !(flags & AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); + ++ if ((flags & AVAHI_LOOKUP_USE_WIDE_AREA) && !server->wide_area_lookup_engine) { ++ avahi_server_set_errno(server, AVAHI_ERR_NOT_SUPPORTED); ++ return NULL; ++ } ++ + if (!(b = avahi_new(AvahiSRecordBrowser, 1))) { + avahi_server_set_errno(server, AVAHI_ERR_NO_MEMORY); + return NULL; From patchwork Tue Feb 24 14:24:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81733 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68B02F357B2 for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21283.1771943123767322432 for ; Tue, 24 Feb 2026 06:25:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=b+xvEb+o; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-48371bb515eso69455875e9.1 for ; Tue, 24 Feb 2026 06:25:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943122; x=1772547922; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1FTws9af5/5j1Bc7pIa3fMT1LlLMZjlthEOZ/voOGFc=; b=b+xvEb+oXeQ2kbHnaY5+F0RWJD2UOwFd4L4yAdbEP9T1V6jubVkAKwBkCYhG5e0Pgn Z3mcnhJLihFLND9U3cLGN8jrnwA95kh57sIL0qSpLxr9x63P3uxHgjb10OxE+OUs/ngN J/DUKng0Qk2fbH5WupohU8H8bD2KZTuCB0QGc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943122; x=1772547922; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1FTws9af5/5j1Bc7pIa3fMT1LlLMZjlthEOZ/voOGFc=; b=p4XJwCGt4DEY9071FM/FsUX18cVT1rzYou/vS4IyMi/vRN+54ymuBgPcouoaX2fi7l 961Z6H3/436q/SjX9hmOTNMNq3+W5/dEj6ZaQ8+3ktm5QGH2kfXvH7uUJlc/QZUF/vej A5Q0Ts6EIeqnhht5eDnFvOvGDXMczXHuup/UZIbUOfVsLveAtdh8efxueoHI5NbK7bN8 gUmyk+E7czNxFIi214r8p9tMssQw5ukungNnTFqIAAj9RF50tdafYOm3sxHUkR2ewA9x RHHUY55OeM99tg5zu/AyE4zqGVJQucc4kzVVIUUxu1Jk0xXsMIfG7gdIiFwieQygeH/8 M8lA== X-Gm-Message-State: AOJu0Yw5+tlx4YerzLyhwqSDeQ9yqGfI/b6K0/0qODUIfL7goJfA91aH HSR5FprnE8Wax5zWFhuhXhU5M9uS/7MZxYWI1msQZYsN1P8HCXuKrne9NnOEmnJD1Bl3zzPJb+W dTe8m X-Gm-Gg: AZuq6aLASPEqXu4xA1IbB/RPtF7vHXh2E9ckED6gon5NCM1fUWvSxmhJhp18hgVRLW6 3FGuPq7Gwe7WKZLi9K0F26rsWjgJ2A5w9099iWH0pyjGU8YsUtColnp/ta6t4G8bS4Ly22ItKEi 4ScdYg2EQDoDt0Y64b8yfn3jM0WF4a5YuiL0zAz9TG+QuXHjFh360FwjhuuA7CP/Wdh4CK7t9OR nLVdVK3j562YFafKKDM46Pa0tdbrcR8prLd609WGHYeOxSwYewkzVWDqchm99XFUmSOb9ajl66h mobHUJaS+P5+1AqClZzTEji18HPgv2SgNHGfRR4y640qJbt62ktSeLcjRbHWhoQJvUayd6eGUYF oK0aiF5ENcvwsAo1km+2atb7uq4QR2mmjjg3oLuRK/HFBEXq5A6C7/OiRhxxvCgAgI3gQtU/Cs8 l8nkQ6p1cm96nw8Am+SC57CN8i9cke8OpJKdvjqO36V5ho1je673d2q4ZRxMG9ztkBD9hqQdDDw S0CefyfxmuiJgOKHSlsOVB1qZ5z8s2JhNHgazYouxtl X-Received: by 2002:a05:600c:6207:b0:47d:18b0:bb9a with SMTP id 5b1f17b1804b1-483a963d61emr190599495e9.33.1771943121390; Tue, 24 Feb 2026 06:25:21 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:21 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 29/38] avahi: patch CVE-2025-68468 Date: Tue, 24 Feb 2026 15:24:21 +0100 Message-ID: <6d268cc7c8e89a8230b707fa9afd77d15c4b2808.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231795 From: Amaury Couderc Signed-off-by: Amaury Couderc Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 9f2ed8adc37a42b561b3c4853cf8106fba39889e) Signed-off-by: Yoann Congal Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68468.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index b38fedb38bf..3faebcba832 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -38,6 +38,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://CVE-2024-52616.patch \ file://CVE-2024-52615.patch \ file://CVE-2025-68276.patch \ + file://CVE-2025-68468.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch new file mode 100644 index 00000000000..3635cc8d53e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch @@ -0,0 +1,32 @@ +From 483f83828cfda965fac914ff1b39c63c256372b2 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by removing incorrect assertion + +Closes https://github.com/avahi/avahi/issues/683 + +CVE: CVE-2025-68468 + +Upstream-Status: Backport +[https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a] + +Signed-off-by: Amaury Couderc +--- + avahi-core/browse.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 86e4432..79595fe 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -295,7 +295,6 @@ static void lookup_multicast_callback( + lookup_drop_cname(l, interface, protocol, 0, r); + else { + /* It's a normal record, so let's call the user callback */ +- assert(avahi_key_equal(b->key, l->key)); + + b->callback(b, interface, protocol, event, r, flags, b->userdata); + } +-- +2.43.0 + From patchwork Tue Feb 24 14:24:22 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81736 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9279FF357BB for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21484.1771943124122936546 for ; Tue, 24 Feb 2026 06:25:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=PVOTIFmj; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-48371119eacso65983005e9.2 for ; Tue, 24 Feb 2026 06:25:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943122; x=1772547922; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fJiU2EKlPioah+zpad3pxqYZvZkJQV0Iv6VkBsipY1Q=; b=PVOTIFmj8iuH9F7ViMOdbzxACCG+syNvHuQhYZlFgwr+BclSa8Cgbt70Dg/ccR780m kWmrDLMmJ1ecGq7PfhGwuUGzec6r8zANiXtZlPqtv0+DDLg2yoEsB7i5Fhv0kJMDy2qg 88XKMCad+aiFwXzdURNWbLH/SPnjoP6/Rs2wI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943122; x=1772547922; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fJiU2EKlPioah+zpad3pxqYZvZkJQV0Iv6VkBsipY1Q=; b=jN7cDGzrORvNrqPREC4Xq0KIP+L9vl8AYvPeAjn89tigT8nEHNmTbgRs/BNvONWkDw LWrv4RENdxnZDkdI/rsQpqDYJMDSVZv9WkiFc5p38ckzlo6espQyAUoVbrtb3pznz/X5 zeurujp6zvs98n01JQFL7pJFE24S3W4zzG5ZPJXMJXS3/WS6ZqztHH2Qr2qvS4HG5FA+ VPQ48fTdTvk8GzEfLnvf4UJ9ToyPEhNV++e/mqSlbVejLUVmgzd6JfSSnF4K8ln1Vhch okx1hXImd26In0fxWDae12RMwmM2DvTT+RLarrLPgxFRcAAbyrWbwLBwQRjV/NAy0Zh1 g3Mw== X-Gm-Message-State: AOJu0YzcLCcN4rl9ZaKUyP6wZQV2OZ181MsfWhcSta0ESyTf8dEQjxoU IcgkACNCXi2oofsHDc1HHnzy/A9C/K92tBd4wm76au3g+pjRCqlwjFqYdWBJCDPrYwCM4rPUyze odLiC X-Gm-Gg: AZuq6aKNrfvMUdkO2cIbCyNFKmAX4sc+KYh2yuCaX1soqfCEejsABg4TrEiHHjo/jI6 Nm7vON/rB+ZwgEKiTYrOBGF0yEX68vcsbx/8zmKd51QmugEcW4HyPwAMqYARNNMN0m5JzT0ooX2 Y2L+bVor+LkcE7BWgRtTLNUdcMiCpdEoQsx5t6aD+vP4JiLrDYalzs+kFG30f3Z3GWWrIZavNMd oZwFZ8i9ykbtPD6vFHS4Syx14cTj2+7d7zQkPOQ6wU5WGDVA+rZayRvjB5XFvBnZ66hKtnefeNz YplUdwn++CPJDXgIFKblSWTTFlrW0F0xiSXxtj+vLNFZKh1XNwNAeW0sciVCp1MCbN84llgZGMb YJ0tmIMrIy5OZzgAEQj5pT5rNG450A8lZ+GwX7T6VAPwwJOaGNF8Zgcn0k0dHREPQBhiT41VVsx 5vSewYSsx9H+BXcozTOyQfUrn6FMgqxQHG30Cg1iqFEjGln8fI0DB+nCzjWxc8KsnW4Ymh6q8aH QQ48RGIT/ove2SLQEyxBDK6s2R6ah/FOeUVM6rYe+1g X-Received: by 2002:a05:600c:8109:b0:483:8e43:6dce with SMTP id 5b1f17b1804b1-483a963a003mr192529495e9.29.1771943122114; Tue, 24 Feb 2026 06:25:22 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:21 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 30/38] avahi: patch CVE-2025-68471 Date: Tue, 24 Feb 2026 15:24:22 +0100 Message-ID: <68227c85ecde97d52f0533c22a14595da73bef97.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231796 From: Amaury Couderc Signed-off-by: Amaury Couderc Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 5ec4156330c765bc52dbce28dbba6def9868d30f) Signed-off-by: Yoann Congal Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68471.patch | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 3faebcba832..c1d919783c1 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -39,6 +39,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://CVE-2024-52615.patch \ file://CVE-2025-68276.patch \ file://CVE-2025-68468.patch \ + file://CVE-2025-68471.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch new file mode 100644 index 00000000000..210565cdd61 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch @@ -0,0 +1,36 @@ +From 4e84c1d6eb2f54d1643bd7ce62817c722ca36d25 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by changing assert to return + +Closes https://github.com/avahi/avahi/issues/678 + +CVE: CVE-2025-68471 + +Upstream-Status: Backport +[https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1] + +Signed-off-by: Amaury Couderc +--- + avahi-core/browse.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e57..86e4432 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -320,7 +320,10 @@ static int lookup_start(AvahiSRBLookup *l) { + assert(l); + + assert(!(l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) != !(l->flags & AVAHI_LOOKUP_USE_MULTICAST)); +- assert(!l->wide_area && !l->multicast); ++ if (l->wide_area || l->multicast) { ++ /* Avoid starting a duplicate lookup */ ++ return 0; ++ } + + if (l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) { + +-- +2.43.0 + From patchwork Tue Feb 24 14:24:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81735 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 922B1F357BA for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21284.1771943125350332845 for ; Tue, 24 Feb 2026 06:25:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=VjFrpGlK; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-48372efa020so44679195e9.2 for ; Tue, 24 Feb 2026 06:25:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943123; x=1772547923; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HlvglJ+AcWVRDUAHQeW2sRe0tTDXmoTvdPLaUdSRD+Y=; b=VjFrpGlKBFFk4ANNylIbbVU/xNAa519sDAqxFeL8u2qanOQlu04nhTt3bVJFTrKnQ5 XhG6s3bvvOToYdyrZyC8ck/kA6psjjEVLGozbuAw5hRa3zP/wIhytWA6GvV+YmzU142B /CDHok9BwMGYJvEJ+iHGvQ0fjfamLtPP227mg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943123; x=1772547923; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HlvglJ+AcWVRDUAHQeW2sRe0tTDXmoTvdPLaUdSRD+Y=; b=JzV7IIls5GpDkS9sWmtEWr0V1F0v8UCDFz+gwhMg0QZ60+zx//gHP8GE/53wdQYYn7 XTJ+O8yip1awthow+InuCH7G73vLbRG385ZZJpsSJby4ExFlaHQ9TgCM9jckW+fmCcax tkQRVjpfWMviccPX3cKfFUCknak5IzaqytukeUosyqMOwMsNpmW2gXHtSZiitsk4t2kh 5D6e9WvM4BvOSfz0wS0ZAtxyXlJzIoOrhqJKfr2cr5605snM+dW0AdtMy2E1ndCwlO7R 8EEb6EN8LnE+2Gc4/I/YsGLHgPEyDMfWm9+YK02KbHLE0BW/PwShsgjkH3Hz+xuR86Qa xNPQ== X-Gm-Message-State: AOJu0YzqELKCgKjyCjUR9nrEy8kZ1rsxqT+GWNzSShz05v13kHHPP7i9 AINKkg8Y5Z/H9Aetr+Ie8eh3RQL+8sqezq76PDhBZNC8EAIq1ydG8WX9U407MmGAoo+rXvZslfd VedJj X-Gm-Gg: AZuq6aL28azicOHZDka/idRSA36B/eNY88aKPfAqjWysGvvQBvq6MZoBC1GD+o+pJzS WxK8LmQTX6RbB2oxgsZmgDHxkYnbzATdp0YvqDawXkbHxk/9dWrNqZaoDkAitKuTMaJ9WHY94Ez VJjqJBnUHRHBsCWo5cERXGIzu3C7GmM6ggQ/UAf/GwEIUEd44P4LilRFwqkivUJS+3VPDEpdrTj kI9jA5zjgNkmQQ/z+do1+Q9kCG6Rnn5qsKGxtTSMGgOkxQFEs5aKQrWDIy7hKRNgG0JEVwUMUrh QVJeMTnjCx/sg1xXwItyNgyAFmKTpJ/rmRCU9wnD0EaOjrfsnVaPniDNtZ9Lky6YeBSO9Ns2o7P Ynp//ljBBliwi8BGSiSirp3hGhxyBfKE8h9mWpRkL+mVbSeVkt26L/emZ58JMxbJMj9cm5P5ntz 6RIWDwhSJShb0cj4oUdp7BK+RJjDh7tsiyK8UAPU2zl629QRulO0i7w1BnhJ9m1ct/hlAmF+F0d lAAguVzM6NHrMJHVC5uHf30Ghvw69TuNw== X-Received: by 2002:a05:600c:4454:b0:483:80b0:b245 with SMTP id 5b1f17b1804b1-483a95f89c2mr228666655e9.9.1771943123100; Tue, 24 Feb 2026 06:25:23 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:22 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 31/38] avahi: patch CVE-2026-24401 Date: Tue, 24 Feb 2026 15:24:23 +0100 Message-ID: <92206f94ee2a4cd281492e890aa6395c3111b93f.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231797 From: Ankur Tyagi Details https://nvd.nist.gov/vuln/detail/CVE-2026-24401 Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 183d0ee54f1c194e245a7bbf243c19b3c2acf4f5) Signed-off-by: Yoann Congal Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2026-24401.patch | 74 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index c1d919783c1..9ef771e5a2d 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -40,6 +40,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://CVE-2025-68276.patch \ file://CVE-2025-68468.patch \ file://CVE-2025-68471.patch \ + file://CVE-2026-24401.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch b/meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch new file mode 100644 index 00000000000..1a442966fc9 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch @@ -0,0 +1,74 @@ +From 5eea2640324928c15936b7a2bcbf8ea0de7b08f7 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix uncontrolled recursion bug using a simple loop + detection algorithm + +Closes https://github.com/avahi/avahi/issues/501 + +CVE: CVE-2026-24401 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524] +(cherry picked from commit 78eab31128479f06e30beb8c1cbf99dd921e2524) +Signed-off-by: Ankur Tyagi +--- + avahi-core/browse.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index f461083..975b3e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -401,6 +401,40 @@ static int lookup_go(AvahiSRBLookup *l) { + return n; + } + ++static int lookup_exists_in_path(AvahiSRBLookup* lookup, AvahiSRBLookup* from, AvahiSRBLookup* to) { ++ AvahiRList* rl; ++ if (from == to) ++ return 0; ++ for (rl = from->cname_lookups; rl; rl = rl->rlist_next) { ++ int r = lookup_exists_in_path(lookup, rl->data, to); ++ if (r == 1) { ++ /* loop detected, propagate result */ ++ return r; ++ } else if (r == 0) { ++ /* is loop detected? */ ++ return lookup == from; ++ } else { ++ /* `to` not found, continue */ ++ continue; ++ } ++ } ++ /* no path found */ ++ return -1; ++} ++ ++static int cname_would_create_loop(AvahiSRBLookup* l, AvahiSRBLookup* n) { ++ int ret; ++ if (l == n) ++ /* Loop to self */ ++ return 1; ++ ++ ret = lookup_exists_in_path(n, l->record_browser->root_lookup, l); ++ ++ /* Path to n always exists */ ++ assert(ret != -1); ++ return ret; ++} ++ + static void lookup_handle_cname(AvahiSRBLookup *l, AvahiIfIndex interface, AvahiProtocol protocol, AvahiLookupFlags flags, AvahiRecord *r) { + AvahiKey *k; + AvahiSRBLookup *n; +@@ -420,6 +454,12 @@ static void lookup_handle_cname(AvahiSRBLookup *l, AvahiIfIndex interface, Avahi + return; + } + ++ if (cname_would_create_loop(l, n)) { ++ /* CNAME loops are not allowed */ ++ lookup_unref(n); ++ return; ++ } ++ + l->cname_lookups = avahi_rlist_prepend(l->cname_lookups, lookup_ref(n)); + + lookup_go(n); From patchwork Tue Feb 24 14:24:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81732 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DBC9F357AD for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21486.1771943125672048107 for ; Tue, 24 Feb 2026 06:25:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=mAR8LEnC; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-483770e0b25so50386655e9.0 for ; Tue, 24 Feb 2026 06:25:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943124; x=1772547924; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RooQNprvAcFKUWFWf0cHF8LTVpsakvZLn1FckxqmMOc=; b=mAR8LEnCQK5B/DcKqLVVBu0u6wI7MJ6M4W8CIv3779vz/7MnpkhEwS4frVHlT2nzFm ypNUJ/KS+Ky+fZKEudq3fCC9V2l/8bLEJVJHZ1j9VtQAdlPvEz8LKm66+Tm59w5SHM1b th48NGLCgd+Wqb83CmgjMlPddX1EKE7QrTcu4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943124; x=1772547924; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=RooQNprvAcFKUWFWf0cHF8LTVpsakvZLn1FckxqmMOc=; b=WwfTJNgR/huKwnVXh+ESpI/8tuU7fcineUasjkZ1c3DMMo6E3iPBmKBcmlfC+2Buh7 lAkw18SOCD4xrkvY1amYqIiRAIC4/svDzew0/tcRxMZq/uNldLJfLsRanOfEr6HRrOIz 9nMgVvqdNgZoYY6YP+CO3JHiYdVpQ+FbDbRCOBdbi6njD7PhrjqBa7lgArEcWOvZf6c8 RiVcfKljs6vJ5JD7zz/hFJLnw5R6wijJQ9YYvPJdsrsFRB699Z+BsyJX8PA0Brow386g pOEkaFERBwAgRXem98bBGF7VoS9ridromKKvMJVoPJFJMN5gcCrKroUAAx8uvZFWsCZ1 a0Rg== X-Gm-Message-State: AOJu0Yxu1Z32VfTJleDlrz3chNt5+Lkmmo4YeXbf37AZRUJeCyuNNMrh bCDZNcEusZhza1aM89+5jtce0a6aE1AuBs/y6QtOWPM2PCIb6DjCEc2TuNIk0TiJFbwjpYaXuvC fPQFX X-Gm-Gg: AZuq6aLYJdbQkn3PvjRFQn4tUM5g71yDNOlMkO6i0xSbW9g6IP/i013L+2psa8FJD7t I4h2B7S9MPdYZZYt0uSkDvFjyoY7DOgDe9w8mhdzP1vxfYksV5R0r5YUKPPmBZpMMWSayHye5np 6OVByy58EaqWZ2BZwk3HXYmMaEMUAkYUiPBQzKo1tdAMvBiNXbEJBYjetjjjeb8OUonHLYt61ii UWTsakyr9neFap8Q8/Dj+noti/6czXrFTSw0XunL1YybtmCtMQR7LPKqcWIBZbU8Y087lioo9oE /PGaPjMECtTbYsEJqlLLtjgrBDw76msyLvXCy4YEccAd91AXvi/OcDrkN4MHk+LXtk4wIN9BId9 xv7MveZyKyfpRqyU+ali2gHP6T1LiYtnXlEyB/zLRd1GCrnA7bOxCWNMhxZ6dbLnPu3akbPZ9eP 6nPSJF2VE563PBLDvQQH7yy6ELPdlRLLwyyvW00hR8tCQG0+Qjd1nFA1oF2KDnrYkFqOYtVInfr Xfu4xqC9KdSJhXMdveRX2+j4s+f+2K+uw== X-Received: by 2002:a05:600d:6409:20b0:483:78c5:d743 with SMTP id 5b1f17b1804b1-483a9637a19mr141635005e9.28.1771943123852; Tue, 24 Feb 2026 06:25:23 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:23 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 32/38] pseudo: Update to 1.9.3 release Date: Tue, 24 Feb 2026 15:24:24 +0100 Message-ID: <1cf8669ee78a77d0e10b975ce8459ae7a767a8a1.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231798 From: Richard Purdie Pulls in the following changes: Makefile.in: Bump version to 1.9.3 configure: Minor code quality changes pseudo: code quality scan - resolved various potential issues makewrappers: improve error handling and robustness Update COPYRIGHT files ports/linux/pseudo_wrappers.c: Call the wrappers where possible ports/linux/pseudo_wrappers.c: Workaround compile error on Debian 11 ports/linux/pseudo_wrappers.c: Reorder the syscall operations ports/unix/guts/realpath.c: Fix indents pseudo_util.c: Skip realpath like expansion for /proc on Linux test/test-proc-pipe.sh: Add test case for proc pipes ports/unix/guts/realpath.c: realpath fails if the resolved path doesn't exist Signed-off-by: Richard Purdie Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit 524f4bbb11f9c7e0126e8bd46af217b452d48f5e) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index dae4f4bc84a..8130fb21356 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "125b020dd2bc46baa37a80784704e382732357b4" +SRCREV = "750362cc7b9fa58dffccd95d919b435c6d8ac614" S = "${WORKDIR}/git" -PV = "1.9.2+git" +PV = "1.9.3+git" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Tue Feb 24 14:24:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81731 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7899CF357B6 for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21285.1771943126638786634 for ; Tue, 24 Feb 2026 06:25:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=RzjfJxVX; spf=pass (domain: smile.fr, ip: 209.85.128.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4833115090dso54050965e9.3 for ; Tue, 24 Feb 2026 06:25:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943125; x=1772547925; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lUhA1opxw67efXt7LC/cOkfghiEqnRR8miTuO4VNwj0=; b=RzjfJxVXn5Uj8vdHTz/un/AG0Q48a1WrAEYCebJgmof4EC0vhU4FyoK7vOmoCcPQMg Scaj+WzijfIAVyq4/4nBXDofwz35YxRi9L5z4OVm4Yar3RNLA+ouUWeFPdmlbxe3MTCn hlTqIthNYC3noXku3jNovLYQWK9a6bnOJ8xtU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943125; x=1772547925; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=lUhA1opxw67efXt7LC/cOkfghiEqnRR8miTuO4VNwj0=; b=C73DlJ/MpLR7EwK0+e91mWtcSfdCqkXdJhS8wpD8M/XZrLtB8XuyM0Gsn/GolZ3Rwm e/N1sn28gOVpCSX6JoiIqsXQL2uUKLU8L7JYZHyZyHLA0+UyNX2857Rt9964iV/axHhR xlvEaNWX0itBIugo+pdeLITZQKxTesf4FlhIFuhnbFLKJxWtJpXl6WyiWL8uGmHB0cvY 2nwe0/HrcYJCgphnWuFzi8NIQ+Q/GMwcYiPg12omSIw6xOPS+P+3Kyc5k0IRFa5rbqtp +vYmPv0C++2TR01Q/3UuWV5kCCxpnjCnylN4FEpPgd9E4JY5QI+l8elDxYAsuZ+vy7aW xW+w== X-Gm-Message-State: AOJu0Yxha+MOa/siMDD5BxlXitq6mvmBl/LhMvFNAqAPfi51ULwwlHT2 9wmTxNOjZmiV1nKvlD72RkPtk9E4N6rNBiLBThE/t1npM8JCzr0V2cp+FJfgDy7E8uDrLl4JUmR xpJ3U X-Gm-Gg: AZuq6aKPKFC1ez8uq1OWA+BFu+FFeulcB6zRdTGlFqj5UIcdyetTn9Xb5OtFIlnwu/k mCcq2LGnBthCCApd007nTRxP06Tq48Qd5e7QaVKd49fOjKEC1eF3ux1wvi2J2fIzHPI83Dz87JO c1xq4NyWGaJJZ9g7WcuKUGF4nyYqjm+jZx7LfG01ncCpg/v+RW/zQ6gh6PQdp2V1UhISVtXWc6S b8Qag2pc4SCcShEbJHiV+vZ1pA2uBxbVUxWxFqYgF8iAwQrAL48uPjpN8aQg6uD30drgJ9FZw0k mEqkoSaPDLumvz3nkCjFnp1b+rjFOBS5e5FTh03LeMr0w3kftOWOhcBABOlnaUb0pzjkjpt0WU1 uRIrkki4mj/1BCctaHpUBaANcavpgpQgOOYodOMuFRWgYEVUkI829VxjxWl0RhU6csYm2+frlaM lAmouFWMUyenhVWB3CrWX78VmZ8iBP6jixDpOtv30FCbaFP6ZS9rqyhuIXBiPcuYSaRA+PK2JKg JfPnVzFMlGt2u1t9gvJ72iMxxuxbsYEZhKX4p82utJX X-Received: by 2002:a05:600c:c8a:b0:483:7783:5363 with SMTP id 5b1f17b1804b1-483a95f58b1mr178035365e9.26.1771943124764; Tue, 24 Feb 2026 06:25:24 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:24 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 33/38] pseudo: Update to include an openat2 fix Date: Tue, 24 Feb 2026 15:24:25 +0100 Message-ID: <44898fefdd98e1f515ae1ddb42aea63d37540451.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231799 From: Richard Purdie We're seeing occasional autobuilder failures with tar issues related to openat2. It appears there are definitions missing on debian 11 and opensuse 15.5 systems which mean the openat2 syscall intercept isn't compiled in. This then triggers on systems using the openat2 syscall, such as alma9 where it is used in a tar CVE fix. This updates to include the fix from upstream pseudo (along with a compile warning fix). This was tested by taking sstate for pseudo-native from a debian 11 system and using it in a build of "bitbake nativesdk-git -c install" on a alma9 system where that task failed. After this fix, it completes. Signed-off-by: Richard Purdie (cherry picked from commit 2c20c05b324e5d6564c8554381019170839509bb) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 8130fb21356..db3951f23c1 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "750362cc7b9fa58dffccd95d919b435c6d8ac614" +SRCREV = "9ab513512d8b5180a430ae4fa738cb531154cdef" S = "${WORKDIR}/git" PV = "1.9.3+git" From patchwork Tue Feb 24 14:24:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81734 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68C06F357B3 for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21286.1771943128596613933 for ; Tue, 24 Feb 2026 06:25:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ihgIutKK; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48373a4bca3so34026165e9.0 for ; Tue, 24 Feb 2026 06:25:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943127; x=1772547927; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hMwBm/IGIERSvYhp2x+2vkpj9avsSRowL63W0h/tqYU=; b=ihgIutKK5r/M7SNaJbW7V/JuLsQKrJrkdE2+VWhDc1g9pP8O/QJQ9tUjXvGOzoFcCi mnpISHabJ/38TzhyJcLEMGK8aE9nGFdftt5Bzmf+lb9nUEzvbfl/7dDEjLn00US5IYuu q6IbnqyMmm1e2kQ5fIhq/HTtOKWw9Sa8IS68c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943127; x=1772547927; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hMwBm/IGIERSvYhp2x+2vkpj9avsSRowL63W0h/tqYU=; b=AUaBxcanQwqNoTW8Sp09Z/b5YlM/V3bFpeTsIChB0VocTOSuy12xZKF8hRlCDX4esV AXsbdy7DzYSetm7rRgiaVZBREfDMYCxnCAI373mQhl2rIHJPI1xQ+bpxz+wUoD/w93fs OOmx/mQ7UnvjU7I4SbLPi6nMti0PnETtygf/IuA8vfy0g5RNswJDji1ogr2fO2G8YXAm ExRbH1I0K1HXsHHg/pVLG4bnX7wqV8vLTUbHpeszJXwfw+sSRY3T9MwQbeQRpnv5OmLh 9V9KjBBqN1AqnC8Tyw1ZBiSw01jgoNWMmE6/akA7Tw8iAoOEU03McltL/ZWYCj/rx9OM xFPg== X-Gm-Message-State: AOJu0Yym/NlazPeFTGeJSBgLvt2eRrVkjm1CI29egqddm51XOdTbSjHr x10evglzpWnzes/BDv6Hs2B43qfdU1MmZrb2GSx5w2YtKOP9VdU16Nfw56kF9QiRsl0qcFpXweU 7MOn6 X-Gm-Gg: AZuq6aKmZHDYQ0gDHXvY92kkJswTf+IS3lHoBIx0iI9t4qInbPX0XasSujbSR8wCClD nUocYheyej62RmFQx7wItywLhlTrWfpLw6ALWvvk4SzjpX2vg3zKwz5jg7BaOnqRM72YR282Ij/ /SBYFdtrGxuCyUoKcgGTnX8e50QERaEvpp5eM/UhW6DO1n5rU3mmzerAiEga29IpbbE1pZ0MOPi aaVKKdIiO10/xj6JzV1aWf9q7Gv7WzScHZWy+bYtMYPtOeGpPtZNbTwVJPKky86nb2HsM4yI/l7 114gKXBQAF8Mi7X+977Mclm4zLyq57YnfR0lF7anp7K3Ek8KxkBZxTBbW3mRkdcMNMkIhoPfRan vyM9brS+uAHpc1REUsRHZwHEdCJoonOQrYol1BkXUiUeqHGirUH7q6mEnfKJIpWIxTgsUBC5cnP Vau5HOrrnLsSf5AGZ/TG4mtsO/kp3SamLOnRwzy7DIgLmEdzDBZx44LZtGQUyQas9536mjxYp1f Zb2uyZG4Y0/B99En1kItq5ilF9cn1JMaA== X-Received: by 2002:a05:600d:8446:20b0:480:4b5d:9ec with SMTP id 5b1f17b1804b1-483a960eeccmr149438225e9.33.1771943126768; Tue, 24 Feb 2026 06:25:26 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:26 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 34/38] pseudo: Update to include a fix for systems with kernel <5.6 Date: Tue, 24 Feb 2026 15:24:26 +0100 Message-ID: <959aa2bd41e292a294beb0395cdab01d9c1b07f3.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231800 From: Yoann Congal $ git log --oneline --no-decorate 9ab513512d8b5180a430ae4fa738cb531154cdef..43cbd8fb4914328094ccdb4bb827d74b1bac2046 43cbd8f ports/linux: define __NR_openat2 if missing Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit e9a35f32b983de724d2c2e436c017b49d5b70469) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index db3951f23c1..6ebe4f457ed 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "9ab513512d8b5180a430ae4fa738cb531154cdef" +SRCREV = "43cbd8fb4914328094ccdb4bb827d74b1bac2046" S = "${WORKDIR}/git" PV = "1.9.3+git" From patchwork Tue Feb 24 14:24:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81729 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5ACBFF357A6 for ; Tue, 24 Feb 2026 14:25:31 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21490.1771943130477287340 for ; Tue, 24 Feb 2026 06:25:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=M2V30oHO; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4806f3fc50bso63271345e9.0 for ; Tue, 24 Feb 2026 06:25:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943129; x=1772547929; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nyy7T70tEVv80aBtX/y0AZneg/375iLG4y1LtwrgLM4=; b=M2V30oHOcBHUFZKnaoVpfhUo8wUJVaFiHDqQOw2IghBxzgs8eRDX3PMmcfET7ZkOUN pGp+IiVF9defzU9C8JJT2P2aOpRXvCIDnY6q42fuBwtcZG1ENyrDCkzR40lxcy/hSiWh QgjZFqgQIUc07e9Ik5YJ+eGdaTkrgJW3FehyY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943129; x=1772547929; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nyy7T70tEVv80aBtX/y0AZneg/375iLG4y1LtwrgLM4=; b=VofHs/W7LLVtpL6kc/buivrq1NvHvlUeT8/k+QBOEOf6RD54jvq1Oc8Gv+8LQ+MuBE B/dxYxD1ewOQKPtpXmTRCk5NdICYHOBZIekO/2O2WLro1T0Lv7r7xp34UZEYc5Utz4Em zFxa6bluSt8cLtOUJov0+am/wZEqCV9tdyAL6msOHeUxp5t+jKAtF//STQKdI2Eceuxk UlftIQmt9xLk/KL1eXq4srQLBlRgbc/oRMqr/Kw2U7/nTcr21XkwL8y6A+KEZOFMcjLk E/sHd6sNuyU3TymS2USLb+PWMfBVIVHcU/65qvxYRz2uQ4szpVRBtXDFaPUTMS+nTmJC WIjQ== X-Gm-Message-State: AOJu0YyNEuMvrykslCWEVXsySIGkscOeKggvZSGjktYu1SKmvMn6dBG2 SvH5eGuIQIyVhwPwlSaaE5yhSrRtHWneRqeQH01s22d6XZUqnAnZeYzZ9fo4rdsbMQnnDNJzE5H 0z5y0 X-Gm-Gg: AZuq6aIQpwR5rGQqlb9wI4Skc+UF2IfcGF3o+57rS6ildL3SHJNd9DR4MrYJ5cCN0Xa 42Dsrykxk9WkAqrecY5qzqGdk8ZNdPjp7jAzAwU5fdZudBCccOtq6qppzWsySmep720G5LmS9yi J71rsYNGHRnTJFYHS9Hk1WZPeKDQvMu46Ne5cNVmARSr49q56eD2lq2L5tjnTKtzrOrWpYVxRkq lrl5cTY2cILBqKRdbVxPAoAKXoi4FYGir8Xq+C6WTg6RGO7wh5GYbugkMu9QQpHX/6rKZrIXUY6 6wu009rSl85jGgwW2hnJfUzvsoBm5u7yFBIFj/GxKM4lSULsJ1+IFt/Vwcc17+bhQeSulkqZdwy WdSmBnhgR5VUZTTxlpfhsIAAHl6Nc0FEDkkVLPzvya5swVdfJUSxobVQ+seFPDMkZD+bnFQKYeN cV+VBNl/t6xrxpWIZ11tyrduXsFSmx4/xxCPx709/dGUoXq3MrpfaOx9OrnJNWvN45NWpLgP2ZB Srofh9DN/W9cuJ8Geh+CMY4BMSmRU4EHg== X-Received: by 2002:a05:600c:8717:b0:483:612d:7a5c with SMTP id 5b1f17b1804b1-483a96375e3mr199885975e9.25.1771943128497; Tue, 24 Feb 2026 06:25:28 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:28 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 35/38] harfbuzz: ignore CVE-2026-22693 Date: Tue, 24 Feb 2026 15:24:27 +0100 Message-ID: <2a4ccb4257b8f8a1e66e4307f331f26877fbc003.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231801 From: Peter Marko Patch [1] linked in NVD report fixes issue in cache code introduced only in v6.0.0 (as can be seen in tags containind that commit). [1] https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae [2] https://github.com/harfbuzz/harfbuzz/commit/7a004a7ac27da776b623c0892ebced3d12213c39 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb b/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb index f7dc61ebd56..f4e90799228 100644 --- a/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb +++ b/meta/recipes-graphics/harfbuzz/harfbuzz_4.0.1.bb @@ -50,3 +50,6 @@ FILES:${PN}-icu-dev = "${libdir}/libharfbuzz-icu.la \ FILES:${PN}-subset = "${libdir}/libharfbuzz-subset.so.*" BBCLASSEXTEND = "native nativesdk" + +# fixed-version: vulnerability was introduced in v6.0.0 +CVE_CHECK_IGNORE += "CVE-2026-22693" From patchwork Tue Feb 24 14:24:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81738 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99463F357AD for ; Tue, 24 Feb 2026 14:25:41 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21288.1771943132167020663 for ; Tue, 24 Feb 2026 06:25:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=dNIUDWw1; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-48371bb515eso69457295e9.1 for ; Tue, 24 Feb 2026 06:25:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943130; x=1772547930; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XoMoFuCSp60tLjWqM4zcfgX+UJI9l5EwCkIxr9IJvSE=; b=dNIUDWw1VAI3PER0KwS0FUc3HjmSnP5u+YNxt1KVEJekWSnsgoHWbwltGcTvWAGA5P rfhX6X2rivCSmZkQx5QVUGDY8o+g9qwsoxoi7fesDpd6DXk8AKeMK97Zd405U5YV/yKy mTVwZcPGbK4Hru9+pEvjkQhLHcDTt0VXGBcw4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943130; x=1772547930; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=XoMoFuCSp60tLjWqM4zcfgX+UJI9l5EwCkIxr9IJvSE=; b=eqiGaVUlu2gybJosOwI3WrcOsUxJx5GHSpj0aLrKBGO2Kakh6ujOdPyFtj/cRx8TXG pY9dgIIZRdTrf91V9c+p7Bq9gUC75/aT7CtANxMv4HzBxICitSgwO2IOnr0nd+AB6bBB BgU8fF4waq0Dlq29fOkbNdOebXgoC5fN5J8AVT7RR2lewtD4nors2RRw7QbqlXaM1uYC 0ktqNo4F7NScfeUj/OcP81NZFdXYPSUoeOw4eIqQ5AhCLtIVPpoM4XRShkfcUbg7h43C XRPbM39gpGdmlb1hcXtgW+hyBlQVMnAVX/rzQAMr5zEDEmy2CSETz34qacNwNFLZ0EOB zU8w== X-Gm-Message-State: AOJu0YzFvOTC6/JjX88iml0pjP/pIpc0kms9TpFCbZTekURjkdVsbnhq R0VsTlBCPtRaO4hjcWyZ/k97PFxMIPNJNUlJtR/bk/Z9yvfQQZgfJ4eK0bCnaFZ/dRk82ejWbDz R6LL9 X-Gm-Gg: AZuq6aKizsi1+0p2adzJJyy32OrDZbhVdyClNWisBsKus0ak4I+fgr59orEPMj/1tts zlOzG6ATLGg+ULyXSdu5MPFzU4P1jUTMhDvS+6aGVhsTwiKqaxEyRqe9dNAqZF2PqGcmtf1XKi9 tPbmXqjMii3L2rOuoZxz13SZxkAqPoO5ktLBulVjB5FqWktYkYet2P00/BuJ48vkL60yjRPzYuh LE37xkgMIn1dVzrTlTuECVnSPXUz0W/f0oeugKuyjQpLmPlRX6cPTOdu1fdni4/wSFqx4JdUKJO XI1j0EsN6tJddD2zXicdWKD8vIu/QcXjfMaSMjTXm2teeJYeQ2pIq5L6ITmEhrb5oNTXBvfxkzf 0LWlVpDt8Amv9yVf4H/+sBn4qQDBOoIc0zMG4WdUpU0f4RWezf/OrAAr3hI0kAg30Onxxb/ad98 t99nZBZKBIG/0eIK88sk6Xu9d6Qto5rAjdxdnOkHQSTRp0Z4yyFZB1wxt2Uin2SX//K/fhX+g7b LO1Y1ml2De8uGhQeRQoxdv2wTBb3BKDahrZBjGFnBOq X-Received: by 2002:a05:600c:64ce:b0:483:498f:7953 with SMTP id 5b1f17b1804b1-483a9637a6cmr188467705e9.28.1771943130231; Tue, 24 Feb 2026 06:25:30 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:29 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 36/38] glibc: stable 2.35 branch updates Date: Tue, 24 Feb 2026 15:24:28 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231802 From: Peter Marko git log --oneline 4e50046821f05ada5f14c76803845125ddb3ed7d..bb59339d02faebac534a87eea50c83c948f35b77 bb59339d02 (HEAD -> release/2.35/master, origin/release/2.35/master) posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814) 66f0cb057c resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915) 499d1ccafc memalign: reinstate alignment overflow check (CVE-2026-0861) 9e1a305028 nptl: Optimize trylock for high cache contention workloads (BZ #33704) a94467ce05 ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091) Testing Results: Before After Diff PASS 4774 4770 -4 XPASS 6 6 0 FAIL 149 154 +5 XFAIL 16 16 0 UNSUPPORTED 246 246 0 Changes in failed testcases: testcase-name before after malloc/tst-malloc-fork-deadlock-malloc-hugetlb2 FAIL PASS posix/tst-wait4 FAIL PASS malloc/tst-malloc-too-large PASS FAIL malloc/tst-malloc-too-large-malloc-check PASS FAIL malloc/tst-malloc-too-large-malloc-hugetlb1 PASS FAIL malloc/tst-malloc-too-large-malloc-hugetlb2 PASS FAIL malloc/tst-malloc-too-large-mcheck PASS FAIL malloc/tst-mallocfork2 PASS FAIL malloc/tst-mallocfork3 PASS FAIL Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.35.bb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index b9f5e8fb8fb..06edbeb47f8 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "4e50046821f05ada5f14c76803845125ddb3ed7d" +SRCREV_glibc ?= "bb59339d02faebac534a87eea50c83c948f35b77" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index 1b5830699fd..97ba50bec4a 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -27,7 +27,8 @@ CVE_CHECK_IGNORE += "CVE-2023-4527" CVE_CHECK_IGNORE += " \ CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 \ CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 \ - CVE-2025-0395 CVE-2025-4802 CVE-2025-8058 \ + CVE-2025-0395 CVE-2025-4802 CVE-2025-8058 CVE-2025-15281 \ + CVE-2026-0861 CVE-2026-0915 \ " DEPENDS += "gperf-native bison-native" From patchwork Tue Feb 24 14:24:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81739 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FD5AF357B3 for ; Tue, 24 Feb 2026 14:25:41 +0000 (UTC) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21494.1771943138899149442 for ; Tue, 24 Feb 2026 06:25:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fQ+Le7eM; spf=pass (domain: smile.fr, ip: 209.85.221.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-4398d9a12c6so17524f8f.2 for ; Tue, 24 Feb 2026 06:25:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943137; x=1772547937; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VNz43UGFsp7zhe/JIBR+0gImg0v1WTfM8pun2AuvZ2c=; b=fQ+Le7eMZvvWG+bBlD5CCd/ft9VjMlkGl8A+5L2Ac5uRH0QPESUKSlCvrcPMIGNlrh R+wb39VpmMBUHOmd/dNio7gmWEV4DQhLQe5vNbX3BpnVkfErBjPmmCeL5mMehJ/Qj8yN 0w4oXj3fo99Sj7Flca8WkqjQ7NXRBVzJlzMDs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943137; x=1772547937; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=VNz43UGFsp7zhe/JIBR+0gImg0v1WTfM8pun2AuvZ2c=; b=a6QwkelMnu/hqXcWUy3w0FHCoPn9oTR7sTRpZlaR4TuezN5Sto1gNg+Tkrg/Vj62Ny jrAYFny58n/LjqS6jQXN7psgHwQuvsIc8wf2I9O4I6BI3hZMT/9coJEyeev9DjMjgmAl 4ZXk43O0GpkpebzcilhHJ5yr6UTCoxEuDbxYPFrvcoBdvvWZVMHTH+jxgL/SeIEa03ca 5+cLdZwhXXPDISZhwx1nAdwia/BUrzsHRcnHm0MHEPZrdBChZpclulaykvOhRjew5ZKZ 8oCFIUhJaYPTurBIRUYoBMhg+tg5uNi2lUcE7S4qkKcq3LmtnerIVMst4j+6ppLK9IfK pUDQ== X-Gm-Message-State: AOJu0YxpOxT4hlsQA1TEPXiNtej/2q8DvaFT1nq5dQmrms4PK+u1+K6l SqjmYFYVM2gA7bB6x43r8nIkwK1556nC6wbYa1t0l5kMmQ2x/nL7J2yetmp2OI3ZS2+nw56XjAG MvOTZ X-Gm-Gg: AZuq6aK5+0Ce4Z/eubXJoYtf9zoQo2AOj2pYi1cl3+5/FHRijh+lGD0IGyX3tHQk/fi Fqx6MMmPAJMVvt3CQQSl/O0vCnaWA3gEwBMB5rmjsO9sWRy7quPQlPx97eBK5qhQDb1/ZHfMsX+ 9LgN2PHPpNd6PFPSybGOmDspLhQABU1ctRNs6ZaLAdwK/36BT0glkn/2OMOI9NnwMiKrVC9KBsT zrC4UrKjHaw0il9yiCvKlG6VdWqgrbeFKnxq4tjQBLO9jibkrJeNObGRn4JHA2Qf8ofFortQ7EZ jyuapNMot+ra4h6Qkf9LkKt0z4GnoZ/JG82O+9PfSX6TN+DiPaILhIamaWH6UPVMRJ/7D6KCySq 6zNsjcNv3WFxv068liYZ7++1ULMz7QdflVOxuo+ZJMLP4kbcVhbHLtQVTv5+sHhT4Nrt1scKCM7 xFPkYNYz1XEGdfLYA7GC8uox0WI9MueyLCuG0vSTzlrkjBJyx9CGEI9W1a9Lqlr3FX+qGERJDUx HbxatdhJpoQiXoM7YP9NLivaygkE/LQYw== X-Received: by 2002:a05:600c:46c9:b0:483:a21:774c with SMTP id 5b1f17b1804b1-483a95eab7cmr214129555e9.25.1771943136989; Tue, 24 Feb 2026 06:25:36 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:36 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 37/38] libtasn1: Fix CVE-2025-13151 Date: Tue, 24 Feb 2026 15:24:29 +0100 Message-ID: <70b4b85f62125e179ab55e2f659b5505fd77011b.1771942869.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231803 From: Hugo SIMELIERE Upstream-Status: Backport from https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8 Signed-off-by: Bruno VERNAY Signed-off-by: Hugo SIMELIERE [YC: pick the merged commit from the MR linked from the NVD report] Signed-off-by: Yoann Congal --- .../gnutls/libtasn1/CVE-2025-13151.patch | 30 +++++++++++++++++++ .../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch new file mode 100644 index 00000000000..5047d679840 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch @@ -0,0 +1,30 @@ +From ff7aa7ef2b9ba41df8f2d1e71b05bf2c2ad868dd Mon Sep 17 00:00:00 2001 +From: Vijay Sarvepalli +Date: Mon, 22 Dec 2025 12:24:27 -0500 +Subject: [PATCH] Fix for CVE-2025-13151 Buffer overflow + +Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8] +CVE: CVE-2025-13151 + +Signed-off-by: Simon Josefsson +Signed-off-by: Hugo SIMELIERE +--- + lib/decoding.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index 1e0fcb3..abcb49f 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -1983,7 +1983,7 @@ int + asn1_expand_octet_string (asn1_node_const definitions, asn1_node *element, + const char *octetName, const char *objectName) + { +- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; ++ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE]; + int retCode = ASN1_SUCCESS, result; + int len, len2, len3; + asn1_node_const p2; +-- +2.47.1 + diff --git a/meta/recipes-support/gnutls/libtasn1_4.20.0.bb b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb index 8127ba5b1db..bfc011a2f17 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.20.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://dont-depend-on-help2man.patch \ + file://CVE-2025-13151.patch \ " DEPENDS = "bison-native" From patchwork Tue Feb 24 14:24:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81737 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99355F357AC for ; Tue, 24 Feb 2026 14:25:41 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21291.1771943140377080884 for ; Tue, 24 Feb 2026 06:25:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=rF/SWwVH; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-48373a4bca3so34027625e9.0 for ; Tue, 24 Feb 2026 06:25:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943138; x=1772547938; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8lkoJ1SXV6Z7/IMOb5m6l9Q0RbWcMvO40Yk710t7IkE=; b=rF/SWwVHv4wi+XBz1SJfMGiU2X91g7Wt5PhVr5vuF6FeZLbb82BzS0s99Oxa7g4EHS 8I/cEOmNe9TS0D0ovGwvrKXOqGcP9ifpLGmk/HCTwgLYqL7T5VTKsxSPrvaLHsPa4Jjc vJCWVPHMxg99Y4fqsF+XED/lf+Mo83Lsgs3uA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943138; x=1772547938; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8lkoJ1SXV6Z7/IMOb5m6l9Q0RbWcMvO40Yk710t7IkE=; b=aVyCs8IKuKmV+FWh69uMQiaMXP7gXWsY5zX+RhS7CY90MHC9TC6zoDPukh9LPiuT2R 6LqQmVP9Wua6ZP0m5kFB6jIyJTTkF+nXc2FTVhZhnuSLaEd6t4JPUXMZaZrtZPzXJ6Ne iQomLJCaPcuFBqhqCiHfWk8da/NbyzRhoge7o27q25mGNr5BdV2fY+zgnbCC8wR1aYmk m9apPULDWoUzmcKEBZeJkR9L2t9kCHCGShnxAL+Pih88OO/RYeIGlHjZxHYvmMEK5KRl XsO/eHiWx9wl+/N80v8IkLA1fphpYuMLXoze0Z9Czx3PU4KwpSt2ZxwLuyT1+pJ5Oy3S hc7Q== X-Gm-Message-State: AOJu0YyM0bi/EGOvDZdfNHYeRcd5sU5WMUCWJ4fBQvaF+zkXYmZpJlZ+ /O+BnAnUnkmPQhTjOhPW0BG/ogKRlCPtNnjjt85MKCSjiLxS2mH7HI65/4cylLxpO9LOisAVIgn nlmBr X-Gm-Gg: AZuq6aJ0Nrcx1WsgAZfg9qr/rGetDMO6DcmfFq+EHBZZwMq6KpXz0ffT891mF7rgLqx W9nssezFpIiNnTVhBfzJp9nlRvWSM1lLli4Q/h/mgHxjnKzkD6t/B6SSqzoIcWyNtP6x8rTz3TF SJee7TJScEaSNQZt2+XVansyYpEXDxH78dw+CpiB3wKKwpLj+4fdXjfsT9tYPOwvphHK2FG8IDw trIa+RaHw2e3Vg6IdypPpIVrhdRCg6Ldck16OsNs/W6oJlepMovfxdtgccj5Hq9JJQKWOJcYAcE PH5+vYHQOqyK0kcAamk28R4V7p8xOFCNuXbIm4pMRQSnFY7WKRvPQoBITUnsDS8ZD2jdQOwkE6p Rggbf7hdbkfQbCjKKGHlOedb3HWBXbeyiyO365ayJyyimXNi0VcdtJ/xdIduOdOiktF4A2jlbU1 c0KivOGGY7PLHEUIJeV9L9Ajf4MltBTWtiMYQVhmCUdOIOYncE6bjbyE8J/K8jMDrUFwH+9PQho matDYL15AFbasAM4zuRadypyK31nT84Lw== X-Received: by 2002:a05:600c:1d1c:b0:45c:4470:271c with SMTP id 5b1f17b1804b1-483a95eb45emr223636955e9.18.1771943138333; Tue, 24 Feb 2026 06:25:38 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483bd7507adsm2047455e9.9.2026.02.24.06.25.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:25:38 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 38/38] u-boot: move CVE patch out of u-boot-common.inc Date: Tue, 24 Feb 2026 15:24:30 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:25:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231804 From: Scott Murray Commit f5b980ad added CVE-2024-42040.patch to the base U-Boot SRC_URI in u-boot-common.inc as opposed to adding it in the u-boot recipe where all the other patch additions are. This breaks at least one downstream BSP that reuses u-boot-common.inc (meta-sifive), so move that patch addition to the recipe file with all the others. Signed-off-by: Scott Murray Signed-off-by: Yoann Congal --- meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +--- meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc index 7a634206426..d366f103982 100644 --- a/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -14,9 +14,7 @@ PE = "1" # repo during parse SRCREV = "d637294e264adfeb29f390dfc393106fd4d41b17" -SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \ - file://CVE-2024-42040.patch \ -" +SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master" S = "${WORKDIR}/git" B = "${WORKDIR}/build" diff --git a/meta/recipes-bsp/u-boot/u-boot_2022.01.bb b/meta/recipes-bsp/u-boot/u-boot_2022.01.bb index 0ff2477c394..f0ea3ef9e07 100644 --- a/meta/recipes-bsp/u-boot/u-boot_2022.01.bb +++ b/meta/recipes-bsp/u-boot/u-boot_2022.01.bb @@ -11,6 +11,7 @@ SRC_URI += " file://0001-riscv32-Use-double-float-ABI-for-rv32.patch \ file://CVE-2022-30790.patch \ file://CVE-2022-2347_1.patch \ file://CVE-2022-2347_2.patch \ + file://CVE-2024-42040.patch \ file://CVE-2024-57254.patch \ file://CVE-2024-57255.patch \ file://CVE-2024-57256.patch \