From patchwork Tue Feb 24 14:31:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81740 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB2A4F357B8 for ; Tue, 24 Feb 2026 14:32:51 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21456.1771943567319936311 for ; Tue, 24 Feb 2026 06:32:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=EZQ9hn0C; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-48371119eacso66106175e9.2 for ; Tue, 24 Feb 2026 06:32:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943565; x=1772548365; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4Z4wMYnoc/zzgxcXLmOuz0WObSB3eRD8a0L8fHUwCN0=; b=EZQ9hn0CTxOo6fbVs0ABIznuwiDkKn3fJLpB4cTE0uBpHVfxX9LvIdDO2/++MRRHy0 FvHN6RCj6BSMbv9vy4MM62fsqg8hfJflPfLQdFsIBBefxC3Zai5B0Sj1ipO4u6Myidgi 7pg8AiVHuJ7Nto1KOXN7hJWnq+zXUl2LoCyHk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943565; x=1772548365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=4Z4wMYnoc/zzgxcXLmOuz0WObSB3eRD8a0L8fHUwCN0=; b=fQWxz5Co8EsH2JVRJwFHmKTXWiByRMV9Y+3R8n9HvBZlJwDcnutUrWgRVJaDpmdRqX +YOEX+cw4NPMG50nmvk2o2iqBJfTA6+1PsoWKSogVXviF/iGRqa6LHmraDaTlUE72VfS B8UKrvku6BNCgpXqqlbMdxJXMlWnr2TnRSeRGpuRLDN8TtiGtXIUdQhJB2EVXtyOnGYo DNYLlOs2oibLXWv8FD9jtzzLVSJV1hFMUYgI4gW1xSZKMadyfB7f+Vd4oknTi/tbWNeX mlIGsO6PkFMQzUTmpah/2hibZxpMKsZVpQ0KqqYxRgjGqGxJsXLeSX32JxyJjZG6kRon iROg== X-Gm-Message-State: AOJu0YwCDhjo0PZvAPcINv8CKR1mwUQufdYM3su29iTq7RsAEkbFd8og ID2h+tel+R23WA+EGxzDsIovy1YFYxfKTDlQaFTCMnoR3XUsTKGQZa5nOl5SNZ9HT6QhmncmCtL IU9ia X-Gm-Gg: AZuq6aJ+bnvSdppzen5nV+n5gFdTwExjru8KXuuJGeTHSRXUSkIScm6/VBBMsXP0qei Ic156vNRLsYzdKOTcCH0ecgpxzjqbezWQ6yuMiYnS9xP8Lh592mWJjBEfnneYjqMxHM9wT/sIa8 A9JaR/EawJtRrA23Xv6BB4g6NYYOMwgoXUbZrnI3P+rhUpzi8I6U1wcRZCC3+WyhQRGwSnoIDvF M5xlAM0RsnEyctnZ0Lh81g2AwSlYI5OSAqN3oES0at4yySLrhJXrQpbA8mhuReXruAcKP/WAUkS IfqEAR4Dkn58jSx8qhGq3zIpYWO0Q+2bnRXIS5JvwffDqscUzazWTBDp59GsoPb+RIZkBM5EKvH 0NDO1fDMFhtX19QNVpY1Cz8OnSsfekFnCOiXh79KUbWgJEZIQt9dIiu0xH65hp8Sx04oieLs1ww yNo4sNAdgOvRAT7ZJ6XlB+bG/8szD8kA2JSBDYEBX0/Wr0RQDH0j4yx4lb6qsvd3Oces70cyWHH qJS17DcHcvuYLBEoVNPiZxot8A8j8sQ0w== X-Received: by 2002:a05:600c:1e1d:b0:480:f27c:6335 with SMTP id 5b1f17b1804b1-483a9637a55mr223265755e9.25.1771943565330; Tue, 24 Feb 2026 06:32:45 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:45 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/44] pseudo: Update to include a fix for systems with kernel <5.6 Date: Tue, 24 Feb 2026 15:31:29 +0100 Message-ID: <933971c6628fa3fe85c7fb45d4b0c87d98750ce1.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:32:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231806 From: Yoann Congal $ git log --oneline --no-decorate 9ab513512d8b5180a430ae4fa738cb531154cdef..43cbd8fb4914328094ccdb4bb827d74b1bac2046 43cbd8f ports/linux: define __NR_openat2 if missing Signed-off-by: Yoann Congal Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit e9a35f32b983de724d2c2e436c017b49d5b70469) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index bee6fcb1497..0f063f18812 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "9ab513512d8b5180a430ae4fa738cb531154cdef" +SRCREV = "43cbd8fb4914328094ccdb4bb827d74b1bac2046" S = "${WORKDIR}/git" PV = "1.9.3+git" From patchwork Tue Feb 24 14:31:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81742 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A702DF357B8 for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21651.1771943567870690484 for ; Tue, 24 Feb 2026 06:32:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=uNbJ1RF3; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-483703e4b08so44747765e9.1 for ; Tue, 24 Feb 2026 06:32:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943566; x=1772548366; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=U133zRJ3XrcmRgjdkXvGYIekbJqUWfgc35CMVU0Mi9k=; b=uNbJ1RF3ITJZmTh88c5/nXNYb6/Kr4eMiYPivtgaoxOMlP0NIn6LS/SzwHAmEgwUg8 k53pRqptcUmNd9y8PPHpomDnA/fauFy/0yWKK8NuDyML0YGmdE+LWaDDXMGWrxvIf6d1 o1I48AJ74VftPCraaXJ0vM3LfyHlcJsW/aobI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943566; x=1772548366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=U133zRJ3XrcmRgjdkXvGYIekbJqUWfgc35CMVU0Mi9k=; b=to+MC1UwrpbbN2U9Vna4BS85NpVCvlJWpqE09YiSpuNx7iWBZ1Hya08VefGDtJauu6 QkwbBdlbYi+p7O9PGf9p2vVqag27VnLq73dphzlB54u0oozH0K8fy+JlTAlsKRcEatpp NhQwCdjFG04VbONur2hHew6Fw5oQMEFR0rcvF7lEiKsVpGVX6FIa4eKiWX5tHlJ8lMoz sHUr3VFjJuDOal/G7jyD5eQ62pDgEziaNNSvnzhi2lmWwXRJmkmRvxgWFWzABsHlkzE+ 53bT8oKpTCCWKfoy9bVMY+ykOWbRedyvFn6E1WcoskVi+rrCki3oi9e5GCvzfYI0DKiD Lbzg== X-Gm-Message-State: AOJu0YweDzHEFlTXq+AFURQkhkrPEu6L1Hzurfbi8ACGkFG/10ck8qxz g5SJQn/w+a0fLBBJcFMjK2bdJ+9r3qELYPFajN1Cr4XBoaaAf/n7+iGUnGtMSJsxIY5qYtJEwT5 obzu8 X-Gm-Gg: AZuq6aLkYd94RI4rmdnCXAX1KSfUI1QnsTQFl25XZtLU5B50AQIcdV/z4BOLItE7vQt ltXG6bL3czHufrRTUcoNNz690sSQUBGfEDQ/Tq358nR268YJ8nciyhp3ObIEXVI+K2wU7PFOv0m OQT+Cp9TEbmWbqDf+Nrvb8nKXVskYn8hh9UQY+eMF0XnOmKjNNLAR3faHmJA2+la0lGaRIw/Og4 poRaeCN1XYzkxg9UlVBendycateetLuMWIVX8wzWrtv8WvonA1dK9fme4oPn9Y+fTO0qzl5xfFR b7fNrBukAtikVwxDvdhprx+ArE2AH0BG+SOyPWZ5UwIJh25n4tiVXzlkxgUOWH7viW/JTysKNIm urBKIcKUww1hO/VAdRnzu5/CKK0nHrSwoQ/WXkbNtmbMNXmwmgXrQNKIUtvdVVvCZHQkNNkpCnR 3ZcTcUtVdIYiTy+lJvKcvqwFfpyQVMkvwQ9tYAJy4YX9CoEB04jKN3HYnCjX485pmdCZbTmYloj 3sWs+NgVYx/l8rq1ZfQnEZgY5FklPuLhg== X-Received: by 2002:a05:600c:c172:b0:47e:e59c:67c5 with SMTP id 5b1f17b1804b1-483bd73cee3mr3195925e9.8.1771943565985; Tue, 24 Feb 2026 06:32:45 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:45 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/44] avahi: patch CVE-2025-68276 Date: Tue, 24 Feb 2026 15:31:30 +0100 Message-ID: <4fe5beba30f22636697522ab11c3218931df81d5.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231807 From: Ankur Tyagi Backport the patch[1] from the PR[2] mentioned in the nvd[3]. [1] https://github.com/avahi/avahi/commit/2d48e42d44a183f26a4d12d1f5d41abb9b7c6355 [2] https://github.com/avahi/avahi/pull/806 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-68276 Dropped CI changes from the original PR during backport. Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68276.patch | 65 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 7930bd3037b..bb20fd17ccd 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -37,6 +37,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2023-38473.patch \ file://CVE-2024-52616.patch \ file://CVE-2024-52615.patch \ + file://CVE-2025-68276.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch new file mode 100644 index 00000000000..75169419f10 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch @@ -0,0 +1,65 @@ +From 8ec85459d8e6e59cc14457e16fb7ba171901f90e Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Wed, 17 Dec 2025 08:11:23 +0000 +Subject: [PATCH] core: refuse to create wide-area record browsers when + wide-area is off + +It fixes a bug where it was possible for unprivileged local users to +crash avahi-daemon (with wide-area disabled) by creating record browsers +with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus (either by calling +the RecordBrowserNew method directly or by creating hostname/address/service +resolvers/browsers that create those browsers internally themselves). + +``` +$ gdbus call --system --dest org.freedesktop.Avahi --object-path / --method org.freedesktop.Avahi.Server.ResolveHostName -- -1 -1 yo.local -1 1 +Error: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying +``` +``` +dbus-protocol.c: interface=org.freedesktop.Avahi.Server, path=/, member=ResolveHostName +avahi-daemon: wide-area.c:725: avahi_wide_area_scan_cache: Assertion `e' failed. +==307948== +==307948== Process terminating with default action of signal 6 (SIGABRT) +==307948== at 0x4B3630C: __pthread_kill_implementation (pthread_kill.c:44) +==307948== by 0x4ADF921: raise (raise.c:26) +==307948== by 0x4AC74AB: abort (abort.c:77) +==307948== by 0x4AC741F: __assert_fail_base.cold (assert.c:118) +==307948== by 0x48D8B85: avahi_wide_area_scan_cache (wide-area.c:725) +==307948== by 0x48C8953: lookup_scan_cache (browse.c:351) +==307948== by 0x48C8B1B: lookup_go (browse.c:386) +==307948== by 0x48C9148: defer_callback (browse.c:516) +==307948== by 0x48AEA0E: expiration_event (timeeventq.c:94) +==307948== by 0x489D3AE: timeout_callback (simple-watch.c:447) +==307948== by 0x489D787: avahi_simple_poll_dispatch (simple-watch.c:563) +==307948== by 0x489D91E: avahi_simple_poll_iterate (simple-watch.c:605) +==307948== +``` + +wide-area has been disabled by default since +9c4214146738146e454f098264690e8e884c39bd (v0.9-rc2). + +https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc + +CVE: CVE-2025-68276 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/2d48e42d44a183f26a4d12d1f5d41abb9b7c6355] +(cherry picked from commit 2d48e42d44a183f26a4d12d1f5d41abb9b7c6355) +Signed-off-by: Ankur Tyagi +--- + avahi-core/browse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index e8a915e..59d53cb 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -541,6 +541,11 @@ AvahiSRecordBrowser *avahi_s_record_browser_prepare( + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, AVAHI_FLAGS_VALID(flags, AVAHI_LOOKUP_USE_WIDE_AREA|AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); + AVAHI_CHECK_VALIDITY_RETURN_NULL(server, !(flags & AVAHI_LOOKUP_USE_WIDE_AREA) || !(flags & AVAHI_LOOKUP_USE_MULTICAST), AVAHI_ERR_INVALID_FLAGS); + ++ if ((flags & AVAHI_LOOKUP_USE_WIDE_AREA) && !server->wide_area_lookup_engine) { ++ avahi_server_set_errno(server, AVAHI_ERR_NOT_SUPPORTED); ++ return NULL; ++ } ++ + if (!(b = avahi_new(AvahiSRecordBrowser, 1))) { + avahi_server_set_errno(server, AVAHI_ERR_NO_MEMORY); + return NULL; From patchwork Tue Feb 24 14:31:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81744 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8115F357C2 for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21653.1771943568756189479 for ; Tue, 24 Feb 2026 06:32:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SiiHvbfB; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4837584120eso39308855e9.1 for ; Tue, 24 Feb 2026 06:32:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943567; x=1772548367; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HfoMCTDbOGTRkzfkAF+74yefCDXlElQt7AVu8ytUDIk=; b=SiiHvbfBWfHba5w/lOGUgaGWLTc4h4ZGs7t7Gzd/Zfdx54vYzrb0ou+2yfg4KVV7hK 6VLLfY2McZN6r4PF8J6gFE45GgBb7/psYgs7rbatXKTUrSl+pAqq88w0b2CYcZ/0GG66 a3bqn/ZS0PJMpx5Cp3mzAEBml0xxTFtetdJXo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943567; x=1772548367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HfoMCTDbOGTRkzfkAF+74yefCDXlElQt7AVu8ytUDIk=; b=TmRiwIPe30YbwBSCysBhxGW7wez23f0rqbqtk0uCzmanzJ5g59WUsSupWZbtk5Z3rE lw+GE3oHnQguVg7ur8YEyfKmwIUGv26Z0KxPTuM3x7Ap4Iyjab82ESOllMzi2xti3R/3 17uNkRKC9fHRKxKjX5620px31Lg1eSMXZCd7T0uPhbwVHUtNndH6/iWGDmyoAML3+6sE ZaLn7C7EsoIcoJlX9sRCnySD7aO+wiS3Bk9C85+GxhFEu2oHhD1f+k3io/tf1GhdX1RU getZk4bF5IdYUUDLGFZOFQisxaWcGBwrARawUaR7VWNCzH0zhVDpZlXmNWcsnNTBTV7C ml6w== X-Gm-Message-State: AOJu0YwDqvs8FD/IBt3AY2oxtnBn2swKhGvourBvJEYyzfSjo1vln03a WcEw4mbOTSNMghLD304fj29AU6OdR9Q3RQu6Wo2ims2qJoad9RpdWZN/Sq0y99lV9s0xM7xcb8l Hy8fU X-Gm-Gg: AZuq6aIB/2f3xf8ZMSosA3c8mIWGWr56yASCoVBZzAMWbRsYBEysapElaKvcNnDeRlo YbD7ytbHr6DPtbRI6tJnnDK8R6XQhhRi8D7NIdLZfPJ/pc9l56QBJYvweuPLZwX8lnYnG75ndt8 CLmQfQVBGtrV0/nkR7TQ7a1P9Rpj+hRh+KsyBhO2N82Nn9QjwMi3epiLF2PMMcDRZINbAs/gXqY KcW9S10ZZEfQZxnCmwOkGSq0r08xreDLXYZdc7R9k2V6FV0Ryqfc9rlw/YdjFSTuQWIDwZAb6uL jSTDN91XYoIUvDknSXO9qZ6VntnuaFjZChY4DhCUsTHRTznGLqUl735KEgq2cR/tnl7h9MXgONQ nDy8Iu7hgGiXOTgTxDdj68aV4WMPGFJMI6JVRuA+9wshc3CHZVhDEGm831c8v5keZfBTxERqrh3 qcP92ZFoZa80UBDEReB8FSJlXRWLVFhyMZ0kgcEowMZytTMSwQtYKL8zr24r7WC4k8dNIuBHVw8 ROv9yfrcD5lzO7zVEvdh+EDjC9cTN9zVQ== X-Received: by 2002:a05:600c:4e12:b0:483:1403:c47f with SMTP id 5b1f17b1804b1-483a95bd8bemr183776625e9.6.1771943566963; Tue, 24 Feb 2026 06:32:46 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:46 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/44] avahi: patch CVE-2025-68468 Date: Tue, 24 Feb 2026 15:31:31 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231808 From: Amaury Couderc Signed-off-by: Amaury Couderc Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 9f2ed8adc37a42b561b3c4853cf8106fba39889e) Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68468.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index bb20fd17ccd..34d95f48cd6 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -38,6 +38,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2024-52616.patch \ file://CVE-2024-52615.patch \ file://CVE-2025-68276.patch \ + file://CVE-2025-68468.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch new file mode 100644 index 00000000000..3635cc8d53e --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch @@ -0,0 +1,32 @@ +From 483f83828cfda965fac914ff1b39c63c256372b2 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by removing incorrect assertion + +Closes https://github.com/avahi/avahi/issues/683 + +CVE: CVE-2025-68468 + +Upstream-Status: Backport +[https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a] + +Signed-off-by: Amaury Couderc +--- + avahi-core/browse.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 86e4432..79595fe 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -295,7 +295,6 @@ static void lookup_multicast_callback( + lookup_drop_cname(l, interface, protocol, 0, r); + else { + /* It's a normal record, so let's call the user callback */ +- assert(avahi_key_equal(b->key, l->key)); + + b->callback(b, interface, protocol, event, r, flags, b->userdata); + } +-- +2.43.0 + From patchwork Tue Feb 24 14:31:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81754 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40C3EF357D7 for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21654.1771943569822928531 for ; Tue, 24 Feb 2026 06:32:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=RqhOrSfv; spf=pass (domain: smile.fr, ip: 209.85.221.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-4376de3f128so3991637f8f.0 for ; Tue, 24 Feb 2026 06:32:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943568; x=1772548368; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LvXyzR8ZoZphN7Ad2lafQL2FqKXvGpEv0ACJ6Q+V0nE=; b=RqhOrSfvOYED+bNN6zM2FShPL/Gby09VOKwkn+8cme2c2so9euHsZIZVax+nsz/SdB wT9MlblrochQj8b6npMtVgkZ6fY05u+EnIP2XhFi/dC/8ihjeRM00BTux/3+Alz9dfKd 3Q/B4Qd1M1on+Zd4DeIjCfmKBRFOF77tOffIk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943568; x=1772548368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=LvXyzR8ZoZphN7Ad2lafQL2FqKXvGpEv0ACJ6Q+V0nE=; b=UQrphX3Z2oGm+ZvY6R88Gs3xKvnI26GXBSj191Yg204iU7R7a2M1XJE1J9FmRcM8V8 pvq2pNHDpYjWusiZnNExv2JV5C16A8QzWvjCqo9JQEjVrl82VVjYDBPrE/kqcQZ+weKy AV/COObnj5FlGeTojJblL2DgKn54LAnJ86ma9sJdmwVFXKXkSauly8WMQB0WNro8lh54 NifmZ5YVxK0tYn2qvWRDoYtZpspGKm3pyxarcrSKaCIAMhC/ORnnK3Hlz/pA0wLrF4rg 4IwWxaeICQtiDYghfQg00z+5zbEYs2KaSnoyLDgxjhxY7AxRZQRYvNG4Y691SZZjR2pn NlRQ== X-Gm-Message-State: AOJu0YybT0G/JiLLgwD5VtOSqh2xXcK1qBcO/kCmddQ0JR1DrJrlN4oB tEOVlOeQkMWFPWEPTzFj9eUtyCtYi7ef86CYtp0Rhp20m7lfqEnhYEgsI0tCfwZ84jThH9riGX5 j+ouY X-Gm-Gg: AZuq6aJWu/ndx5XUFmlViM8DNs6ptdkQ/C+z3JSeFwq/vewMl9EqlLsjyIFpIyYvTVT jUzgBKPwOoR8zl/Rn+z1ZyEkRUQb3KGhMYQc0MlmPILOLEOg/FIb/LX1FjkPohgCt8UF9VTkwt0 /OiCktqceEVm0RW2JQiYMFX0vUIxhX/Eg73vQ1K3Mrquw3FZ9T8dUOc5wzlUfSZrV6NM2ZxJBFg mAfc/Ew5PB560t1Wgf13UFViYCIKDlqGp3yztA7Jd42eRun3KwzJv3e9ZzZk1M1W2JR6SyZ2Vss MKwljWGC8bnNgISwN4H7NXaCsoSAvCFsmxA/S7RWcYqZJvgTnWhsFo9XINx8Hwua67KAIjEf0M0 Nw4tuam0x6aS0HZuXmPlIYWN04bHjUEEj/ZOaVJFUEoHXoLSiiB9SZjXn2XpgQhwDG6yh2b9fmb sITesYRbmFKFEO8PY6tjj6k64mzIFdYRCrFGnG00y5kEnhT1/UGNe3+a6+Xu2iJ1texAH7NrfsR 2+3JMD+xzSlgzfMFulhCTvlFTfdF8ZiHQ== X-Received: by 2002:a05:600c:8595:b0:483:badb:618b with SMTP id 5b1f17b1804b1-483badb63c6mr25043665e9.24.1771943567795; Tue, 24 Feb 2026 06:32:47 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:47 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/44] avahi: patch CVE-2025-68471 Date: Tue, 24 Feb 2026 15:31:32 +0100 Message-ID: <174268f9ea710b1da980b45bc88cfe58de1cf26d.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231809 From: Amaury Couderc Signed-off-by: Amaury Couderc Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 5ec4156330c765bc52dbce28dbba6def9868d30f) Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2025-68471.patch | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 34d95f48cd6..d349831f16f 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -39,6 +39,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2024-52615.patch \ file://CVE-2025-68276.patch \ file://CVE-2025-68468.patch \ + file://CVE-2025-68471.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch new file mode 100644 index 00000000000..210565cdd61 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch @@ -0,0 +1,36 @@ +From 4e84c1d6eb2f54d1643bd7ce62817c722ca36d25 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix DoS bug by changing assert to return + +Closes https://github.com/avahi/avahi/issues/678 + +CVE: CVE-2025-68471 + +Upstream-Status: Backport +[https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1] + +Signed-off-by: Amaury Couderc +--- + avahi-core/browse.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e57..86e4432 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -320,7 +320,10 @@ static int lookup_start(AvahiSRBLookup *l) { + assert(l); + + assert(!(l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) != !(l->flags & AVAHI_LOOKUP_USE_MULTICAST)); +- assert(!l->wide_area && !l->multicast); ++ if (l->wide_area || l->multicast) { ++ /* Avoid starting a duplicate lookup */ ++ return 0; ++ } + + if (l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) { + +-- +2.43.0 + From patchwork Tue Feb 24 14:31:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81755 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46C7EF357D9 for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21655.1771943570782894105 for ; Tue, 24 Feb 2026 06:32:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=u6inrMd0; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-483703e4b08so44748205e9.1 for ; Tue, 24 Feb 2026 06:32:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943569; x=1772548369; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rWPhwtxc+ViaisY0GzXI3i+uR9gvB7N8Aq4mEe6b93M=; b=u6inrMd0On1VEkWq9Vh+pJvdUSh2Um/PVd8yQN8xNctG6hwl+z1xdyBBRXy/+38tFf jZAFqWcK5dXdZqX0hI9ax7rWXF0QwqcveXpoLyU8tGDJ8ksE1JelNjHixN/QxgQVh0oi CxWdwTfw4qhW/O/a0X6IeYdprPUCL5puYv77o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943569; x=1772548369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rWPhwtxc+ViaisY0GzXI3i+uR9gvB7N8Aq4mEe6b93M=; b=BcXjJPao5VvZdXf+jvGX5PwC37qRUIfnc6sQvOH2H9RrEq1JRoAnelhhmpaHv4GGSF BnvNH8K8YHuEEZdkMJmO9Qt4UFpgxp/99gBeq6h9sO1dJp7ilauuvTe4RWjcf+g95qsd LdwbQynjQDrgfYge+v3hDOET+wgGrgGP0ZgHE6lyMHZdzaY2r6BuFCbvDcLxFLx4PG4H CwB0pe5UWaAeW+C7FbRACr2cPrFUQ4zbxrVcSwbuWSclweQjDV14VnO02ixEQg4uo0cG Ephhnh1IVastoosTk7RsLc0V4BlMBXeAk7gXGnNFHXOlRO9aGeendlIQTmtla9lXlmtd fB5g== X-Gm-Message-State: AOJu0YwskmMOs9Fa2zFaKomq8M397RwNW1F8hApb127ThqXGlTCCnPvL /fMGoEYekpRqL1gFWLlTba2W+MlvXYnpibGZc23GNnFT2YZkfb14fnQqe47QXh8Emdlllx8ApNg tQ3RH X-Gm-Gg: AZuq6aIeDuYdXr8uZHyU56A7Vh0XXOCf5GdNJmRzqdjLKKLhJnSI9uF8MAs9AkboZpV cS9pEDQmJY9GE+EBpcvBAtYSy8koAYIyfFzQtVKe9YEkeas+Vh3nIEnZBkBAF+U0DRQfhNkOmI1 yNtfh2EGlUEnxhFWziYCTaWxQX0uKPA6dYgZAP2D6Vw2r6HXzqulg/eRZ+rLtG0pjkctLGM+sug 6srBq/YYrRJf0y+FO7NtohQYS/1ZloyiqwgUeFtUUxrUGEUCEGI9oo0ExKy2bEuvrzhMoRF4V27 +wdTDImG+FyHgfGN72iQPT3Enfycvd5sTP28GYTgbYZtz+nI6I0K0N7ZYa2uisLtC781X7KKFFG GZCulXzUdzLU9j9/bJm14moJSpH/5v//l6xCtqNn9WVIfjr1iWvH1rn522mRpAhS0hfP8C7qVYV 3v1Qc1yWEPH2RDBfj5FJmsvkHElvJlnsBb62npvgdGTNx0aHHTwI8ovX5z1BxVaslT73o+eZ68j LG3t/iPmOTlOxl1/XrJqt1G+JunfPuILA== X-Received: by 2002:a05:600c:3e10:b0:46e:59bd:f7e2 with SMTP id 5b1f17b1804b1-483bd7429a1mr2844095e9.11.1771943568772; Tue, 24 Feb 2026 06:32:48 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:48 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/44] avahi: patch CVE-2026-24401 Date: Tue, 24 Feb 2026 15:31:33 +0100 Message-ID: <7c6693ed8f1e96ab4ca4ea46e25768057c339caa.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231810 From: Ankur Tyagi Details https://nvd.nist.gov/vuln/detail/CVE-2026-24401 Signed-off-by: Ankur Tyagi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 183d0ee54f1c194e245a7bbf243c19b3c2acf4f5) Signed-off-by: Yoann Congal --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2026-24401.patch | 74 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index d349831f16f..fce2d7cd563 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -40,6 +40,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2025-68276.patch \ file://CVE-2025-68468.patch \ file://CVE-2025-68471.patch \ + file://CVE-2026-24401.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch b/meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch new file mode 100644 index 00000000000..1a442966fc9 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch @@ -0,0 +1,74 @@ +From 5eea2640324928c15936b7a2bcbf8ea0de7b08f7 Mon Sep 17 00:00:00 2001 +From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> +Date: Sun, 2 Mar 2025 18:06:24 +0100 +Subject: [PATCH] core: fix uncontrolled recursion bug using a simple loop + detection algorithm + +Closes https://github.com/avahi/avahi/issues/501 + +CVE: CVE-2026-24401 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524] +(cherry picked from commit 78eab31128479f06e30beb8c1cbf99dd921e2524) +Signed-off-by: Ankur Tyagi +--- + avahi-core/browse.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index f461083..975b3e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -401,6 +401,40 @@ static int lookup_go(AvahiSRBLookup *l) { + return n; + } + ++static int lookup_exists_in_path(AvahiSRBLookup* lookup, AvahiSRBLookup* from, AvahiSRBLookup* to) { ++ AvahiRList* rl; ++ if (from == to) ++ return 0; ++ for (rl = from->cname_lookups; rl; rl = rl->rlist_next) { ++ int r = lookup_exists_in_path(lookup, rl->data, to); ++ if (r == 1) { ++ /* loop detected, propagate result */ ++ return r; ++ } else if (r == 0) { ++ /* is loop detected? */ ++ return lookup == from; ++ } else { ++ /* `to` not found, continue */ ++ continue; ++ } ++ } ++ /* no path found */ ++ return -1; ++} ++ ++static int cname_would_create_loop(AvahiSRBLookup* l, AvahiSRBLookup* n) { ++ int ret; ++ if (l == n) ++ /* Loop to self */ ++ return 1; ++ ++ ret = lookup_exists_in_path(n, l->record_browser->root_lookup, l); ++ ++ /* Path to n always exists */ ++ assert(ret != -1); ++ return ret; ++} ++ + static void lookup_handle_cname(AvahiSRBLookup *l, AvahiIfIndex interface, AvahiProtocol protocol, AvahiLookupFlags flags, AvahiRecord *r) { + AvahiKey *k; + AvahiSRBLookup *n; +@@ -420,6 +454,12 @@ static void lookup_handle_cname(AvahiSRBLookup *l, AvahiIfIndex interface, Avahi + return; + } + ++ if (cname_would_create_loop(l, n)) { ++ /* CNAME loops are not allowed */ ++ lookup_unref(n); ++ return; ++ } ++ + l->cname_lookups = avahi_rlist_prepend(l->cname_lookups, lookup_ref(n)); + + lookup_go(n); From patchwork Tue Feb 24 14:31:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D2D6F357D5 for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21657.1771943571423573556 for ; Tue, 24 Feb 2026 06:32:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MsVSfLHf; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4836f4cbe0bso42485485e9.3 for ; Tue, 24 Feb 2026 06:32:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943569; x=1772548369; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jnakIam39fN98ejkf3nRMJu4lFWV15o/CUDBzk6775k=; b=MsVSfLHf7SA0NwrHAlVRNxFdhcXLodEKdmxVYaORWdfy3rS25j4wUaImYe/u40iSDY pj/3+t3BOwBIZBPs3F9ygk0Yx0p+xtZZ+pZRMFaFWSSEm0qMyUOb6y5J3OstdtAPlvF3 h8dJvVcnkvSSH41glOjwJoRGsr1tuKyTylpfk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943569; x=1772548369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jnakIam39fN98ejkf3nRMJu4lFWV15o/CUDBzk6775k=; b=ODf3X2aOeWfMrmK+vRWtgW397rF1Oaj+tb1mrMNX+MRpvzy2bEkglGa8oztQW2qLhL mFTIPFBOlkaMgS25/7zTxJW5oWP+rcclirOgV9dmIIusnAeOJg5EqNFb5FA93YHBHTz9 gpp4l32SnD+yT2mnfebPAAVGmEReXKfwEPrn9ONShhnL5sNE6hhId29J+9wxmLHrcMIH e8gjUi24rjvPftA1W2dS7B6xObzAm0mfuc3QFAFmLuVYSIULxkcjMx+8WQ1J9HWHCOKr nogQMV0qgGgkCpsSCFmPx8oMvIcynV6QPz0jwi9lEjxWBLk0UXUg40DKCXPBkpnJ9MHI 7TGQ== X-Gm-Message-State: AOJu0YxGtG1VXs3dVSQWh7qJ+DLmqEe6frZxteYJkJZqV3LMQVCVsUPQ LroMzolhCw7yTJnR49eOkFt41u5QAFyY0DXmSu7yZi2x6OA0rE+0QMnkJ3prRR3oeYuMYwBDlo/ ahxA4 X-Gm-Gg: AZuq6aJ4M52cw4vG4SrPOnNYKRNLmiYHCS/Y+EwKTqsO4kE3+JXA56zD6uwKXaX7ZZu Wd/PoMAFgjP7/49jUL3uRDO1Y24oP4I39QqsiJBVryGFoM8tImpGCDkpM8ontR3J6Twsx5JfgLy 1pKoyG6FJj49g7rNKP5lc2wKGTlmq7El09yFP4Qa9pQSS4PvrGmtC0YA7zeKfCMz0fMj2lANIeq lcYgWu4HtEVCG05j+Q0hYkU/0MGz2d8pWk4ZMi3bX7w45C5EE2KaPmQKMwM9fzSn4NxXfL52/4U CRVgpTiznhtE5k9sHBMMXpN7pIDtTcn7uh1NzDMU2b4Ezr6FAVwqd1UZytadQeL1PdqDnkOgeVD xZ0yRpDR0Q1MtQ/p79Fs+8jlVdHYUKoELYZX9JwBuemlaLc8HNizmiLjy1dch8kMew9ia6JtpZw PTboxoty1vlFKWa7KfIlH4aL/epjHRzhHyCc66XKRNQAPckxT5lu1hpyxrtzyGdQFg7dkgPFqcz fsP8qiKrJr5UsJBiS/UyGkA2zqPmL/sPA== X-Received: by 2002:a05:600c:4589:b0:45d:d97c:236c with SMTP id 5b1f17b1804b1-483a95deea7mr215564145e9.21.1771943569435; Tue, 24 Feb 2026 06:32:49 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:49 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/44] libsndfile1: patch CVE-2025-56226 Date: Tue, 24 Feb 2026 15:31:34 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231811 From: Peter Marko Pick patches from both PRs linked in issue mentioned in NVD report. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 327546cc0f0bdffcbb4be690ee0b9b469db64842) Signed-off-by: Yoann Congal --- .../libsndfile1/CVE-2025-56226-01.patch | 36 ++++++++++++++++ .../libsndfile1/CVE-2025-56226-02.patch | 43 +++++++++++++++++++ .../libsndfile/libsndfile1_1.2.2.bb | 2 + 3 files changed, 81 insertions(+) create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch new file mode 100644 index 00000000000..e6e2bc12dd9 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch @@ -0,0 +1,36 @@ +From d9a35ea0d5c64c19dd635ae578e0028df8f66d6a Mon Sep 17 00:00:00 2001 +From: Sisyphus-wang <43361974+Sisyphus-wang@users.noreply.github.com> +Date: Fri, 11 Jul 2025 15:14:48 +0800 +Subject: [PATCH] Update mpeg_l3_encode.c + +fix memoryLeak bug + +CVE: CVE-2025-56226 +Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/d9a35ea0d5c64c19dd635ae578e0028df8f66d6a] +Signed-off-by: Peter Marko +--- + src/mpeg_l3_encode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/mpeg_l3_encode.c b/src/mpeg_l3_encode.c +index 97324f79..04b1d501 100644 +--- a/src/mpeg_l3_encode.c ++++ b/src/mpeg_l3_encode.c +@@ -87,7 +87,8 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, int info_tag) + if (! (pmpeg->lamef = lame_init ())) + return SFE_MALLOC_FAILED ; + +- pmpeg->compression = -1.0 ; /* Unset */ ++ psf->codec_close = mpeg_l3_encoder_close ; /* Set psf->codec_close early*/ ++ pmpeg->compression = -1.0 ; /* Unset */ + + lame_set_in_samplerate (pmpeg->lamef, psf->sf.samplerate) ; + lame_set_num_channels (pmpeg->lamef, psf->sf.channels) ; +@@ -115,7 +116,6 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, int info_tag) + } + + psf->sf.seekable = 0 ; +- psf->codec_close = mpeg_l3_encoder_close ; + psf->byterate = mpeg_l3_encoder_byterate ; + psf->datalength = 0 ; + diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch new file mode 100644 index 00000000000..077200be6b1 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch @@ -0,0 +1,43 @@ +From 68f6c16fe1407eff4cdde158566694c3ed666c2f Mon Sep 17 00:00:00 2001 +From: Sisyphus-wang <43361974+Sisyphus-wang@users.noreply.github.com> +Date: Fri, 11 Jul 2025 15:26:24 +0800 +Subject: [PATCH] Update sndfile-convert.c + +fix memoryLeak in sndfile-conver.c + +CVE: CVE-2025-56226 +Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/68f6c16fe1407eff4cdde158566694c3ed666c2f] +Signed-off-by: Peter Marko +--- + programs/sndfile-convert.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c +index 95f59d3c..a9f0cfac 100644 +--- a/programs/sndfile-convert.c ++++ b/programs/sndfile-convert.c +@@ -301,6 +301,7 @@ main (int argc, char * argv []) + + if ((sfinfo.format = sfe_file_type_of_ext (outfilename, sfinfo.format)) == 0) + { printf ("Error : Not able to determine output file type for %s.\n", outfilename) ; ++ sf_close (infile) ; + return 1 ; + } ; + +@@ -344,6 +345,7 @@ main (int argc, char * argv []) + /* Open the output file. */ + if ((outfile = sf_open (outfilename, SFM_WRITE, &sfinfo)) == NULL) + { printf ("Not able to open output file %s : %s\n", outfilename, sf_strerror (NULL)) ; ++ sf_close (infile) ; + return 1 ; + } ; + +@@ -360,6 +362,8 @@ main (int argc, char * argv []) + || (infileminor == SF_FORMAT_MPEG_LAYER_III) || (outfileminor == SF_FORMAT_MPEG_LAYER_III)) + { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0) + { printf ("Error : Not able to decode input file %s.\n", infilename) ; ++ sf_close (infile) ; ++ sf_close (outfile) ; + return 1 ; + } ; + } diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb index 2a1b96d5e79..4cf42375739 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.2.2.bb @@ -11,6 +11,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/libsndfile-${PV}.tar.xz \ file://noopus.patch \ file://cve-2022-33065.patch \ file://CVE-2024-50612.patch \ + file://CVE-2025-56226-01.patch \ + file://CVE-2025-56226-02.patch \ " GITHUB_BASE_URI = "https://github.com/libsndfile/libsndfile/releases/" From patchwork Tue Feb 24 14:31:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81747 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 089FCF357CB for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21658.1771943571906065990 for ; Tue, 24 Feb 2026 06:32:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=s/dRorDf; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-48379a42f76so43225315e9.0 for ; Tue, 24 Feb 2026 06:32:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943570; x=1772548370; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0zqNHUZzv/Kol/MGaN7B3wIWpuJ6Ad/vvMW3D5pIvuM=; b=s/dRorDfgnpJAs94Giq4Df/9nyxgQsb5npA3YFCOgo5phFjlpDhA5GVsoy46GVunWQ WG/z7EyxK/mkkmvesb05DV4LxCv0tZhRHv+Bi8Rw4Nsn2/VvEB9+hakswcnLM53cuYSS wgilnN2d0ojgRJjcihWg6hmBu9AJV8i3dy+6w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943570; x=1772548370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=0zqNHUZzv/Kol/MGaN7B3wIWpuJ6Ad/vvMW3D5pIvuM=; b=wtcOh7Pwa439DyyVXFYq4cU9ShSN664fGTjMrqJTL6Sw4+KUioSBVTyLe/mrcGpwg3 kptYldT3MtAj7bZChLeBW+x88bAvDo+R5PUvQdQEdWBT6ueuUqBDu4SgMowee5B7S9Eq n997vZe6O/pZqmPpf9KtUMflQGkwzf5j05CXaAE+js+eON3yStb+mje8K8XGFWjlME1+ ByJLizqLg1jMlrl4QFpYmgRsS0+1dZbUxMEtLNg9vlU7I4s1pj3/yPmrmvI0U5pssGY+ Qst9Xi2HxAHsmD+UX/UJEhlfEPiA+T5kSOip5Xmqr2gfCAn0jzrMMLJp7MhZxOeZwuLg 59tg== X-Gm-Message-State: AOJu0YwGbBf6F68xpDIQGiGte0sUXJVsLhoAVGyqtD+g7ruJO4bOwbrN MqescXoWWzfNySsylEp/+vmo8+IArupF4CfQSArf5L7AEYY8FzRP2YMtpvH26F/89c2s4KVh9ml 9hZdg X-Gm-Gg: AZuq6aIfT2GHZznTu79tYK/JcVXQrmQTwbvNc3qUlhHNVhnX8i0jrEtkgGxNUcrRVOy dpRvS44EiPcjIoHFyIdEwmYHqkcuVjkhrFCF7sCPEzNxcMvHiZd7NYaEuw4yMurK0FVm/zApmaR jbwd7rgxFtGX2cS+5FZtmifg6IzlOmCl60J3VGfHJqYmwQWd3RI1pUS5kJ4kllgMe14684oWeZN yz4o4vVodr2TpDu3BmWBMTgrNoth4SbYbgIAaEcOQIE86nB5ePGUM/vdfuwHzbnt2Rnx5LRBJUm /fr3Ol318PIlNcrGE9bMFGNHN4DDfMqXWiqFpNd9bekAjFKOtmWLzfyE3fov1wmTAVMl85UhYDi KRMy3eI32CozT9yEVQkn3vf3TCKthRDX9M8Wct2KPbZ6bK35gKmjhL+o8vVe3dFCvG1HsxtMgr4 VagNJDA3ybcfct/0k3+s0Mt5xgfF0vGqDvOA2KI+UvlxW7QKGgWzVL3gJbSPzZYjNzvbjw/SsBS 3OxjgBIyInQ0PfVWkniQQGaR+ilLnR3dw== X-Received: by 2002:a05:600c:5287:b0:47e:e807:a05a with SMTP id 5b1f17b1804b1-483a963c238mr201243525e9.33.1771943570067; Tue, 24 Feb 2026 06:32:50 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:49 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/44] mobile-broadband-provider-info: upgrade 20240407 -> 20251101 Date: Tue, 24 Feb 2026 15:31:35 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231812 From: Ankur Tyagi Changelog: https://gitlab.gnome.org/GNOME/mobile-broadband-provider-info/-/blob/20251101/NEWS?ref_type=tags Signed-off-by: Ankur Tyagi [YC: commit 99e2dea3d4328f2aaa6e6e29f5bf4aa38b64b274 upstream] Signed-off-by: Yoann Congal --- .../mobile-broadband-provider-info_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb index 06ded459344..9e7dd9da76b 100644 --- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb +++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb @@ -5,8 +5,8 @@ SECTION = "network" LICENSE = "PD" LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04" -SRCREV = "55ba955d53305df96123534488fd160ea882b4dd" -PV = "20240407" +SRCREV = "18cb97517d9c831e1d2ec057e62d04fd3665e10f" +PV = "20251101" PE = "1" SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main" From patchwork Tue Feb 24 14:31:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 206AEF357D3 for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21659.1771943572620810171 for ; Tue, 24 Feb 2026 06:32:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Kzrc4CU/; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4806ce0f97bso45230535e9.0 for ; Tue, 24 Feb 2026 06:32:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943571; x=1772548371; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nD85uW4QA/K4yBI0wVXq+Z3n+vWHzDWr4C8pDdYf/HI=; b=Kzrc4CU/KccR4LwoZg2hh+MIDCGQrIIAy+8HVEom4r2XWEyQEiWsCWIY9lZ2zbF4Wi +SdprqnzZkYBV8nMmiZQ9e32LOH3jeFqpL2SZLWH2lTEqSFoimgApeCOYYVcMvKwG1Lq KEpEqHRRYYYZA4+VIqt/GAG5foUi3lOOGbgDY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943571; x=1772548371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nD85uW4QA/K4yBI0wVXq+Z3n+vWHzDWr4C8pDdYf/HI=; b=WiB5CLhSeojHnLfOjeNOk54Z3zH6T+AxP9Gf2eX8FF2FZqqbWOQ8etUhpWeijrnM6w WomoP3mgXnuGeUvsGxtoZweFU3KJvsmGnZvvLY8+JgRtW47NJ/ynralL11e7xL8dEPU/ lRfOHra5VGCG/GvP+F3KII+34b2Qj+G8KciJNuwX69fibVZnXA3UdYuzVxU5X3hvv4JA rVW8iVlOYmVylOLMAh2ibQY1Yxc9TUnHWM4tneUHek6WD/S9jPDyepBJpQ4VyyHvPZug cBZFW0UJnF8nglaLqjzcOPBhIulE+6yGXox+0khWZe7B5JlZ3g0JjgJ/pFUCbDkOGP4i M5Lw== X-Gm-Message-State: AOJu0YzGJnecqUYFo9XE2JZqCg4QMmffvVs5UDnGSJ0Iyqa6Hfy18NSY HQcvgBnsocC8c6Cf12QWQ/iRVdlEzkb22xn3WZw/jGun0l6wKv8Edghi32aG+XQ9EqqM7M+zJCS U60Nj X-Gm-Gg: AZuq6aJxPPfOb/skxLZDJTMaq9FFDDPOTS0myL4cQimvVU9kppxkVNZ4ROPv01rOANK UrPMZmDUJJUpacYRJshiJnMA6IRHF5N/rWlzJwqBzcvIixPXtpkyyKE7G0i7DM2P5ifxHahwImK kv7x4nHSjG7DRh7mZHUOSNN36YU+NR16HAaIn+XYQskkqSABJtpbaSeCOCrmgNsFx2NJ0ZWBQ+x PNfX6JwPftjpMOJLjrIGAUYe13SbCye6RixmXtsSRh3/hJiEvjwTWDO6bQL7wB+aLL47E6OFQ9d Jk7dKV+aHPf/e7yYWJbOgLzD36hS5dfZZZPDJ216TAmC5iKRHp52paV5feGHgR+VUHZQo0U23KV lSJ1Oq9gtq76F2wbEoPMm0MHB61i5ba2AJsy21B+GlvK344DfAJ7VkzC7kXAvz4YpC83e2v6FiS OiRg8YB0d8NwfX60lDgaw4S55BbjoTqd9p9SonCAKy160gmC+fydiMWm8o43hfldln6YTt0c6ez rYk1AoDY2DGENO0OqUNeiiKDB6r0zabkQ== X-Received: by 2002:a05:600d:644a:10b0:483:b505:9db7 with SMTP id 5b1f17b1804b1-483b5059e22mr62756495e9.32.1771943570575; Tue, 24 Feb 2026 06:32:50 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:50 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/44] vim: ignore CVE-2025-66476 Date: Tue, 24 Feb 2026 15:31:36 +0100 Message-ID: <41cd026976fcb38dadd79ec3e8815243827e111c.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231813 From: Ankur Tyagi Details https://nvd.nist.gov/vuln/detail/CVE-2025-66476 Signed-off-by: Ankur Tyagi Signed-off-by: Yoann Congal --- meta/recipes-support/vim/vim_9.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/vim/vim_9.1.bb b/meta/recipes-support/vim/vim_9.1.bb index fee9f055e9a..c492342ffb7 100644 --- a/meta/recipes-support/vim/vim_9.1.bb +++ b/meta/recipes-support/vim/vim_9.1.bb @@ -21,3 +21,5 @@ ALTERNATIVE_LINK_NAME[xxd] = "${bindir}/xxd" # in many places for _FORTIFY_SOURCE=2. Security flags become part of CC. # lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=1',d)}" + +CVE_STATUS[CVE-2025-66476] = "not-applicable-platform: Issue only applies on Windows" From patchwork Tue Feb 24 14:31:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15FD3F357D1 for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21459.1771943573264811618 for ; Tue, 24 Feb 2026 06:32:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=WJU17YrB; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-483abed83b6so22420905e9.0 for ; Tue, 24 Feb 2026 06:32:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943571; x=1772548371; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/6tN4kYe7+qgnRPYnCb9OtHaD7V4/CuCjon2x3fHfKo=; b=WJU17YrB8TwpldBCeu70X+uwur9YrlP5CHp51mXYpsTJlkfS8IoSoBt0NH9HSO3iCz 8N6nVk71QKvMRGEqXrkbcXPJWjN/I6SKMM8MlJDa64xcrlXqehcbdr4v5uGi29INFKkC V94xYLWU+gIPsYsOTj+SK2KgveYlijVn4dnTQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943571; x=1772548371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/6tN4kYe7+qgnRPYnCb9OtHaD7V4/CuCjon2x3fHfKo=; b=YwZnFe7JRU/hZy11OqQQdpdNWJLT+AReKtc0xcTot5LC1AkkUQEwGgk67lO94T0xEC 1wP4HMUQJSOrXJT/M4D25doZSfazxh7YlkAWvrLxrfi2Im4NGmBlS+n2puZlKtT+9Ajg b18+iWc/JVGIFrXbPNrXLgkx6e2OpX81ESBcD+oIYZvgwXKKYZ5RkSUbmIBdj2lhfqEB CWsJ4jP4OZeixVb7W5dyqZpAoNWpTlpeN3LdxA6oCS8ONnDdpEAs6gzLUKID0CmHSi2M LUTZN6ggtKy8DUzVknjTax68uTR+MTAOW9ydGgokfu+nCrd8DjU0mbinnBcOSkm42dh1 Y7RQ== X-Gm-Message-State: AOJu0Yy6xas1rnu1BRiujgxb2C2B5snGakK/9enweUY97eHoJL49BlLz qH21u2HoH7CEyHDiu78SmRy8Sz1pfQ/urMyr0/SIXigZ8kw+mNAelnk+GRnYWMUhS/0olgQJSXY u6VV/ X-Gm-Gg: AZuq6aK8IRUJuieizvvXfkvutzehtGZEFrMp6PC8NQURn7rU1uH5DP1HVlVPWs+pQui zh211DnGRH7jMoUjLUHt2KhO0gNYD/SZ8N92STmo4b2Cm6Smt5VYsq8k5meCHTvOZq95uJ7GlUG sBC/Wx7VHKj5nAp2oZKYgmPStFcTE/3uVC+jC3FV7cwHAxv0pGSbD4FkHT1t5hbBEtJQBA69t3M LycgB/HjrYd35CbK+bPKX8NjGzIU21NYSaj9wjBLUpVKoVrFzlwPAQcnKJl7799Xj8PoVitr/R+ mY1ZVCp/r7EgCFSHvcNqtQfBeIsU0KiKZua5UrCVwuVmb0+fhNfcbNTOukpJ7t4ok1MxlFO800g s/Y8++eJtzhNAX5XzJKn9GHjLy8N2cr+I7CllhEWJNkrDyVWpGp4lNSlC6DqcqxcdVowY3pyTxx NNz0dCtARxoOiVL9SzatBzX1akGna+vA9NoVvUVqQIBD+qIpa6hWWvucY4h9Li5XhJ0GZfP6T1O EdPUOjiBcf0hqkK9b9WBz0u0ITYk23TlQ== X-Received: by 2002:a05:600c:3e10:b0:480:5951:fc1e with SMTP id 5b1f17b1804b1-483a95bd836mr218789825e9.11.1771943571276; Tue, 24 Feb 2026 06:32:51 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:50 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/44] wic/engine: fix copying directories into wic image with ext* partition Date: Tue, 24 Feb 2026 15:31:37 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231814 From: Dragomir, Daniel wic uses debugfs to write on ext* partitions, but debugfs can only write to the current working directory and it cannot copy complete directory trees. Running 'wic ls' on a copied directory show this: -l: Ext2 inode is not a directory Fix this by creating a command list for debugfs (-f parameter) when recursive parsing the host directory in order to create a similar directory structure (mkdir) and copy files (write) on each level into the destination directory from the wic's ext* partition. Signed-off-by: Daniel Dragomir Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 1ed38aff5f810d064c87aff9cbd310906833b6ba) Signed-off-by: Yoann Congal --- scripts/lib/wic/engine.py | 63 ++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 14 deletions(-) diff --git a/scripts/lib/wic/engine.py b/scripts/lib/wic/engine.py index ce7e6c5d752..565a0db38a6 100644 --- a/scripts/lib/wic/engine.py +++ b/scripts/lib/wic/engine.py @@ -327,29 +327,64 @@ class Disk: path)) def copy(self, src, dest): - """Copy partition image into wic image.""" - pnum = dest.part if isinstance(src, str) else src.part + """Copy files or directories to/from the vfat or ext* partition.""" + pnum = dest.part if isinstance(src, str) else src.part + partimg = self._get_part_image(pnum) if self.partitions[pnum].fstype.startswith('ext'): - if isinstance(src, str): - cmd = "printf 'cd {}\nwrite {} {}\n' | {} -w {}".\ - format(os.path.dirname(dest.path), src, os.path.basename(src), - self.debugfs, self._get_part_image(pnum)) - else: # copy from wic - # run both dump and rdump to support both files and directory + if isinstance(src, str): # host to image case + if os.path.isdir(src): + base = os.path.abspath(src) + base_parent = os.path.dirname(base) + cmds = [] + made = set() + + for root, dirs, files in os.walk(base): + for fname in files: + host_file = os.path.join(root, fname) + rel = os.path.relpath(host_file, base_parent) + dest_file = os.path.join(dest.path, rel) + dest_dir = os.path.dirname(dest_file) + + # create dir structure (mkdir -p) + parts = dest_dir.strip('/').split('/') + cur = '' + for p in parts: + cur = cur + '/' + p + if cur not in made: + cmds.append(f'mkdir "{cur}"') + made.add(cur) + + cmds.append(f'write "{host_file}" "{dest_file}"') + + # write script to a temp file + with tempfile.NamedTemporaryFile(mode='w', delete=False, + prefix='wic-debugfs-') as tf: + for line in cmds: + tf.write(line + '\n') + scriptname = tf.name + + cmd = f"{self.debugfs} -w -f {scriptname} {partimg}" + + else: # single file + cmd = "printf 'cd {}\nwrite {} {}\n' | {} -w {}".\ + format(os.path.dirname(dest.path), src, + os.path.basename(src), self.debugfs, partimg) + + else: # image to host case cmd = "printf 'cd {}\ndump /{} {}\nrdump /{} {}\n' | {} {}".\ format(os.path.dirname(src.path), src.path, - dest, src.path, dest, self.debugfs, - self._get_part_image(pnum)) + dest, src.path, dest, self.debugfs, partimg) + else: # fat if isinstance(src, str): cmd = "{} -i {} -snop {} ::{}".format(self.mcopy, - self._get_part_image(pnum), - src, dest.path) + partimg, + src, dest.path) else: cmd = "{} -i {} -snop ::{} {}".format(self.mcopy, - self._get_part_image(pnum), - src.path, dest) + partimg, + src.path, dest) exec_cmd(cmd, as_shell=True) self._put_part_image(pnum) From patchwork Tue Feb 24 14:31:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08BF5F357CF for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21460.1771943574223745688 for ; Tue, 24 Feb 2026 06:32:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=sOjSMcB+; spf=pass (domain: smile.fr, ip: 209.85.221.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-4398913af88so496345f8f.2 for ; Tue, 24 Feb 2026 06:32:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943572; x=1772548372; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SCYUtnILXn/BjKtUAcVexQJ2McOdC26vwXUO7aOpb0Y=; b=sOjSMcB+XCukxtXzum8TZOAfA+Y89vDBddlnrRKSF27wxAcnTz7dbVxa9AQRxAvr3L E9TGK20Ij+oBT3gBwUjrRgFwBS9F19xv87cFsRMDdRYk8DpIeeJbBTi6GgUsk85FX9/s 8ttI3aMBWcmOB0czVMn7bD2ReHgv2uW0apjNA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943572; x=1772548372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SCYUtnILXn/BjKtUAcVexQJ2McOdC26vwXUO7aOpb0Y=; b=kwGiM+g1Dux1ryFqPRYA5OwOjvpVBaDD73NI2jHUzUM05TQ9ZS2JTScQxBlFaAeVmw an5l6X7A/QDdxfH6Fy8u/rvqjfo0Ahb69aXtN0fFUEyr297bpGBAQfbyjJf/QO3+V6oS pfV8es35DNHTDt4dkvRjtqrrcdY8tosRPAl5ALcO2FIMW8UDsbRlEKzrQWI/IcuNyp37 Jbs25qEEFeGD6UmJ325LyaOltAgwY3Rl/L0Zp4xN61o0bFg4pDQ/fiQPeadtcIrplvx4 hU2r2LLHDgIluPLhLrykeqrcCzdzMHip6e2RjMXA2kBjvHseKBMjEGssM64XNJVBmcEU tKwA== X-Gm-Message-State: AOJu0Yxj+MbWNhBjZFrlRYIS5CV7GVuLPsD0NRIjZnNuE5Iqn5Op8b8z V+sXeRNIaphI4xcBRkgMWXq/1/6QPfll7dJRcc//1bm/rmcnJrJt6HRhaFIe3UNso38Obq7DPvB WHb2u X-Gm-Gg: AZuq6aJv883a9mAAUC+NU/MPZ+M9/+hs7qtDPSWC+RUPwxp51AOlWCKH26Za0iioMaX v/1GZDFMyqKfk535Ij4xwdAWwPBZg5V18heITuG8QKS2ZeTluBBMPVf1GXz1W+d66auNlIc7Lf1 nOEqQkab9yjTvnPwJLws6zMmYWO2jY8KjZs9UJ1iEE1isbNDX+RW6XoXnVx44LgOfmnkqamxpGr +qyZ+qlOSt+8EeX+laOVYpx/WHiYpqhuVPoJ5+75Cub51s4Q3KtHEKl3WCStomKKzpGRWeJMCKm j5C4w5eIDugmRZ4ri2YD9qKmN3B9YpJ6G8F0R+v3GwKjgdmZngPwq1+gUuumlnnRB+rrU8U1kg1 jotG9GEnJ7iedbRp+3TJ2mJ4Qe0ve6aGAF8s+HcX58CbaZY0L1Br4Uaol/cNSga4QRaa8kPKSDn S0PiNV0TgN+biUjVp4lcsni5wqO/53J+wdH7CVI0j9CRNvzJzoWDCVWN4HnqN6D7bzjhk947RqK hEFT76RknR5xoQ2lBiac2qiJBqJDj92VQ== X-Received: by 2002:a05:600d:8446:20b0:480:4b5d:9ec with SMTP id 5b1f17b1804b1-483a960eeccmr149791705e9.33.1771943572279; Tue, 24 Feb 2026 06:32:52 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:51 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/44] oeqa/selftest/wic: test recursive dir copy on ext partitions Date: Tue, 24 Feb 2026 15:31:38 +0100 Message-ID: <009da1fda0f4c04c87deced4a5f667bc39b9e26c.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231815 From: Dragomir, Daniel Extend the wic selftests to cover recursive directory copying into ext partitions. Previously, copying a directory into an ext partition could appear to succeed, but attempting to access the directory contents would fail with: -l: Ext2 inode is not a directory This was fixed in commit 4fc3b42774 ("wic/engine: fix copying directories into wic image with ext* partition"). This test now verifies that directories copied with "wic cp" into an ext4 partition: - are created with correct inode types - can be listed recursively with "wic ls" - preserve files and subdirectories - can be copied back out of the image without data loss A simple directory structure is used in this test: wic-test-cp-ext-dir/ ├── topfile.txt └── subdir/ └── subfile.txt Signed-off-by: Daniel Dragomir Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 6de3d2602f4f4a8192d6a6040e89e814187dcf93) Signed-off-by: Yoann Congal --- meta/lib/oeqa/selftest/cases/wic.py | 65 +++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/meta/lib/oeqa/selftest/cases/wic.py b/meta/lib/oeqa/selftest/cases/wic.py index b616759209a..1ba180ff0ec 100644 --- a/meta/lib/oeqa/selftest/cases/wic.py +++ b/meta/lib/oeqa/selftest/cases/wic.py @@ -12,6 +12,7 @@ import os import sys import unittest import hashlib +import filecmp from glob import glob from shutil import rmtree, copy @@ -1662,6 +1663,70 @@ class ModifyTests(WicTestCase): runCmd("wic cp %s:2/etc/fstab %s -n %s" % (images[0], testfile.name, sysroot)) self.assertTrue(os.stat(testfile.name).st_size > 0, msg="Filesize not as expected %s" % os.stat(testfile.name).st_size) + # prepare directory structure + testdir = os.path.join(self.resultdir, "wic-test-cp-ext-dir") + testsubdir = os.path.join(testdir, "subdir") + os.makedirs(testsubdir) + + # add a file in the top-level of the directory + src_file = os.path.join(testdir, "topfile.txt") + with open(src_file, "w") as f: + f.write("top-level\n") + + # add file in the subdir + src_subfile = os.path.join(testsubdir, "subfile.txt") + with open(src_subfile, "w") as f: + f.write("sub-level\n") + + # copy directory to the partition root + runCmd("wic cp %s %s:2/ -n %s" % (testdir, images[0], sysroot)) + basedir = os.path.basename(testdir) + + # check if directory is there at partition root + result = runCmd("wic ls %s:2/ -n %s" % (images[0], sysroot)) + root_entries = set(line.split()[-1] for line in result.output.split('\n') if line) + self.assertIn(basedir, root_entries, msg="Expected directory not present at root: %s" % root_entries) + + # list INSIDE the copied directory + result = runCmd("wic ls %s:2/%s/ -n %s" % (images[0], basedir, sysroot)) + self.assertEqual(0, result.status, + msg="wic ls inside copied directory failed. Output:\n%s" % result.output) + self.assertNotIn("Ext2 inode is not a directory", result.output, + msg="Regression detected (inode not a directory). Output:\n%s" % result.output) + + inside_entries = set(line.split()[-1] for line in result.output.split('\n') if line) + self.assertTrue(set(["subdir", "topfile.txt"]).issubset(inside_entries), + msg="Expected entries missing inside dir: %s" % inside_entries) + + # list inside the subdir + result = runCmd("wic ls %s:2/%s/subdir/ -n %s" % (images[0], basedir, sysroot)) + self.assertEqual(0, result.status, + msg="wic ls inside copied subdir failed. Output:\n%s" % result.output) + self.assertNotIn("Ext2 inode is not a directory", result.output, + msg="Regression detected (inode not a directory). Output:\n%s" % result.output) + + sub_entries = set(line.split()[-1] for line in result.output.split('\n') if line) + self.assertIn("subfile.txt", sub_entries, msg="Expected file missing in subdir: %s" % sub_entries) + + # copy directory from the partition and compare with original + outparent = os.path.join(self.resultdir, "wic-test-cp-ext-out") + os.makedirs(outparent) + runCmd("wic cp %s:2/%s %s -n %s" % (images[0], basedir, outparent, sysroot)) + + copied_dir = os.path.join(outparent, basedir) + self.assertTrue(os.path.isdir(copied_dir), msg="Copied-back directory not created: %s" % copied_dir) + + copied_file = os.path.join(copied_dir, "topfile.txt") + copied_subfile = os.path.join(copied_dir, "subdir", "subfile.txt") + + self.assertTrue(os.path.isfile(copied_file), msg="Missing copied-back file: %s" % copied_file) + self.assertTrue(os.path.isfile(copied_subfile), msg="Missing copied-back subfile: %s" % copied_subfile) + + self.assertTrue(filecmp.cmp(src_file, copied_file, shallow=False), + msg="topfile.txt differs after round-trip copy") + self.assertTrue(filecmp.cmp(src_subfile, copied_subfile, shallow=False), + msg="subfile.txt differs after round-trip copy") + def test_wic_rm_ext(self): """Test removing files from the ext partition.""" From patchwork Tue Feb 24 14:31:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81746 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE2D3F357C9 for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21461.1771943575475460150 for ; Tue, 24 Feb 2026 06:32:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=n7bY9+Vs; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-483abed83b6so22421395e9.0 for ; Tue, 24 Feb 2026 06:32:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943573; x=1772548373; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=c5WPyVRAEZxSX2vjiIqtjVk+e0kVCjiBMgK43EVyFsg=; b=n7bY9+VslGPM3s3SVEa+8TnuXoTJgeUvdtRoyMbZv3ApoL/8JjlHkjOD5Z1vmjGUwN sEa9xuu36g9d4z6ws6q5V05wROLHjPRLVFGHA3u73otAzJrYnM/BB/mukriVq/r/u+59 TigJlzcvwyZUKcJP6/ce+THGub03nAwNGjmYY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943573; x=1772548373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=c5WPyVRAEZxSX2vjiIqtjVk+e0kVCjiBMgK43EVyFsg=; b=UXl6wkx+MmUWZKAA5tv/i4XDnEGfCCCHrpxoluLJOElmRFUfmVUgxidQTs5kLmvYVS I5o0WB+LgIH+qFMbOsg3n9ILVTPrbCXcCRby4MUQAwqyDnOmyOd0WpRyzMa3dFouh73d nhPX9kupt8L4KrJ5PP1v7cQZJjd+aS+XkyJc/DlQWghr/pUtlumahU1wUINV9Vrs2YCr L35Ztv8wZL+xGcXUoNsBfMM24fOZKTxX4lSC3oD8ZJKelmyXtHQ5hb/2HfEURZwKyrVJ jcdb17x2XjyCC9toviKo4itApEDTO96omvWGOLmh+kcNmh6r7ithqYCtiATopBpipxnI fjOQ== X-Gm-Message-State: AOJu0YxclQJUC+3B1mpD3VmZjchnakrSxB+X/1ND7N2LTL1FpLmbzjpW k7JNvFga8x8hD3kzVJM3qoErn8LggCVBczUmi9h04nO8zHIyk7xIB7Hn1yoTG1u6yMg1aLImlBX FSFK1 X-Gm-Gg: AZuq6aKP+DB0+MNLgbaol2ODjRfRLJwR5szb1Pmv/CZGgu4XV3TqsI5Ebw3EVMwiyhp fyCMY7X3v89JcW2Ij5BKCT73Q7/mgXQ+pjMGKRxxsgzdhZpMSkVQqLEEwdE8hA5OdX1KZzbFnZ9 W+vfPbYb0BP0z1ypBwWVvvk1o/x8jUhKS1nJ9xOY/cy3BO4Xl9YSD4Mbnh0HAmrWS3Zp1er6cId 8e53rmN15TvWECfHfso0o5xV1EGK0YEy8RhR0tYqXeMqUz/zIRX+t/kcp6v8smJ/sIfGEVs0SiR sEBupihRJvRGpeLww3cCbdh5MxeFJHdJF8/b1CD7ky+6NtiDwW6SLSa4Ay+G0HieNzOmbgmO6Wx +AlKq7Pts5S8dFw5mKnhWqu59qOW/dhfeKl7wslCaMfg3EPZrdYsR6xzbFNAjy52YB3xZLmj2DZ RIkYxEP4JCLee7f0m8OZmy24w99hN0TphmVjYlqVu+DptQ3wGzesr434+KyYTBNkY80R+/vML2M u0VaX23QedCc+/tGJ5ek8XlTM1pJzEdDRnb6g8KOqeP X-Received: by 2002:a05:600d:644d:20b0:47e:e7e5:ff32 with SMTP id 5b1f17b1804b1-483a9605b19mr144194665e9.34.1771943573286; Tue, 24 Feb 2026 06:32:53 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:52 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/44] linux-yocto/6.6: update to v6.6.112 Date: Tue, 24 Feb 2026 15:31:39 +0100 Message-ID: <1a79dd97b4176f07b7ac44f9d7b7b112e241c5a3.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231816 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 0bbbd97a442d Linux 6.6.112 acad20578817 usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call 5c25a2a403b3 arm64: dts: qcom: qcm2290: Disable USB SS bus instances in park mode 540aaab034b5 usb: typec: tipd: Clear interrupts first 724a9db84188 net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock 78e87b8a3cf8 bus: fsl-mc: Check return value of platform_get_resource() 1a2ea887a5cd pinctrl: check the return value of pinmux_ops::get_function_name() 66821fdb723d remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() 81cec07d3031 sunrpc: fix null pointer dereference on zero-length checksum fd8a23ecbc60 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak bbd8f90c3bf4 Input: atmel_mxt_ts - allow reset GPIO to sleep d7513b47082c misc: fastrpc: Skip reference for DMA handles 3ad42dc66445 misc: fastrpc: fix possible map leak in fastrpc_put_args 6e0d6cc39f41 misc: fastrpc: Fix fastrpc_map_lookup operation b808a3590c28 nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() 964598e6f70a mm: hugetlb: avoid soft lockup when mprotect to large memory area c6effaab2427 ext4: fix checks for orphan inodes c6b15a82a56c ksmbd: fix error code overwriting in smb2_get_info_filesystem() 7eca645917bc LoongArch: Automatically disable kaslr if boot from kexec_file 846cafc4725c dm: fix NULL pointer dereference in __dm_suspend() ed6877417298 dm: fix queue start/stop imbalance under suspend/load/resume races 2647603d42d9 mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() 6c21c4a425d3 mfd: rz-mtu3: Fix MTU5 NFCR register offset 0ba68bea1e35 net: nfc: nci: Add parameter validation for packet data a70dcfa8d0a0 fs: udf: fix OOB read in lengthAllocDescs handling 28d0e8af8c0a ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down e04aa0b00107 ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() 2af39ab5e6dc uio_hv_generic: Let userspace take care of interrupt mask c28b0ca029ed Squashfs: fix uninit-value in squashfs_get_parent 3bce44b34404 bpf: Reject negative offsets for ALU ops 78dc7362662f vhost: vringh: Modify the return value check aa57822ade41 Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" ba905a567105 smb: client: fix crypto buffers in non-linear memory 3311f0d15bb3 net/mlx5: fw reset, add reset timeout work 3df251a65b4e net/mlx5: pagealloc: Fix reclaim race during command interface teardown dda27f370cde net/mlx5: Stop polling for command response if interface goes down ea87151df398 net: dlink: handle copy_thresh allocation failure 5e627ae572b2 net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable 07a92ab8b479 nfp: fix RSS hash key size when RSS is not supported 75287554a92e mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands 53683b4d3740 drivers/base/node: fix double free in register_one_node() 7e76fe9dfadb ocfs2: fix double free in user_cluster_connect() f4238064379a hwrng: ks-sa - fix division by zero in ks_sa_rng_init 96ca6913042e KEYS: X.509: Fix Basic Constraints CA flag parsing 2ef583b45fe7 Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements 8fd355f54a62 Bluetooth: ISO: don't leak skb in ISO_CONT RX 5319145a07d8 Bluetooth: ISO: Fix possible UAF on iso_conn_free 868196cc8ba8 Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO 781226e11d5b vhost: vringh: Fix copy_to_iter return value check 6394bade9daa net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast 7c853408ee24 RDMA/siw: Always report immediate post SQ errors 48edf187fdd4 usb: vhci-hcd: Prevent suspending virtually attached devices 6459dba4f350 scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() 8cbe2a21d857 ipvs: Defer ip_vs_ftp unregister during netns cleanup 0901fa02ccf7 NFSv4.1: fix backchannel max_resp_sz verification check 9768536f8260 coresight: trbe: Return NULL pointer for allocation failures e926dfde8ad1 coresight: etm4x: Support atclk 4960e17a3543 coresight-etm4x: Conditionally access register TRCEXTINSELR db1261fe50ff remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice f321de0b3847 PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() f22d898e080a wifi: rtw89: avoid circular locking dependency in ser_state_run() 85288bcf7ffe RDMA/rxe: Fix race in do_task() when draining 1750f1ec143e crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs f0e6e7b43511 vfio/pds: replace bitmap_free with vfree e7979228b3bd sparc: fix accurate exception reporting in copy_{from,to}_user for M7 9cbb5ebf409e sparc: fix accurate exception reporting in copy_to_user for Niagara 4 8cdeb5e482d3 sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara dc766c4830a7 sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III 674ff598148a sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC 77fe706ff086 wifi: mac80211: fix Rx packet handling when pubsta information is not available 15bd3f0d0e99 wifi: ath10k: avoid unnecessary wait for service ready message 12ff1858301e Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram 8410e7d65b16 IB/sa: Fix sa_local_svc_timeout_ms read race 925ff361460b RDMA/core: Resolve MAC of next-hop device without ARP support eb976d02c889 Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" e0a9a737c9a2 f2fs: fix zero-sized extent for precache extents 8eb6dacd5c23 scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() 111b64b98874 scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() 19a09c909372 scsi: qla2xxx: edif: Fix incorrect sign of error code 8012e298b968 ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message 7d9b97e61350 f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() 83a8e4efea02 f2fs: fix to truncate first page in error path of f2fs_truncate() 045375172dd4 f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() ec4a608bca40 wifi: mt76: fix potential memory leak in mt76_wmac_probe() dac556dd2d44 RDMA/cm: Rate limit destroy CM ID timeout error message 4a594f5c64bf drivers/base/node: handle error properly in register_one_node() d12f4499585a watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog 54f4da8629cf ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable a2e10d05f5c3 netfilter: ipset: Remove unused htable_bits in macro ahash_region 9170730674cf iio: consumers: Fix offset handling in iio_convert_raw_to_processed() 289cbdb27afb iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() 978aac54e93e fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist a86c8b9d03f7 fs: ntfs3: Fix integer overflow in run_unpack() 528807934790 drm/msm/dpu: fix incorrect type for ret f197894de2f4 ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping 29a41bf64226 ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping d75a561ba1ea ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping cf71834a0cfc pps: fix warning in pps_register_cdev when register device fail b859d612303a misc: genwqe: Fix incorrect cmd field being reported in error c36785f9de03 tty: n_gsm: Don't block input queue by waiting MSC 0924d8563043 usb: gadget: configfs: Correctly set use_os_string at bind f0c98b011e01 usb: phy: twl6030: Fix incorrect type for ret a7d262359018 drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() 18897db75121 tcp: fix __tcp_close() to only send RST when required 8120c4638416 PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation 1fc4717f5190 wifi: mwifiex: send world regulatory domain to driver 531a50b2db6d drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) 5e64cc74159c drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) 4e27e18f64a2 drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) 1320d1e834c1 drm/amd/pm: Adjust si_upload_smc_data register programming (v3) dd3d6befe7db drm/amd/pm: Fix si_upload_smc_data (v3) 2f68f6f7cec4 drm/amd/pm: Disable ULV even if unsupported (v3) d0e0b2c9a2b7 drm/amdgpu: Power up UVD 3 for FW validation (v2) 553af70d3d68 coresight: Only register perf symlink for sinks with alloc_buffer 91e487452d5a inet: ping: check sock_net() in ping_get_port() and ping_lookup() 3a7802716da2 crypto: hisilicon/qm - check whether the input function and PF are on the same device c9035e9ba528 crypto: hisilicon - re-enable address prefetch after device resuming 94b09b0ac0b8 crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations 30a4e81edb15 media: st-delta: avoid excessive stack usage 6e41267d52ec ALSA: lx_core: use int type to store negative error codes ca61e32fcf27 RDMA/mlx5: Fix vport loopback forcing for MPV device f891dce0d397 media: rj54n1cb0c: Fix memleak in rj54n1_probe() f97f08b9351d scsi: myrs: Fix dma_alloc_coherent() error check e62251954a12 scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod c1a15609eade hwrng: nomadik - add ARM_AMBA dependency c5d08ff97cdb crypto: keembay - Add missing check after sg_nents_for_len() 9c5cfe544a63 drm/amd/display: Remove redundant semicolons ef3600c6fec3 serial: max310x: Add error checking in probe() ac4d189aaa93 usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls b0439e3762ac usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup 8de227e62a53 phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 20f744fea1b1 media: zoran: Remove zoran_fh structure d2e29c36eb5f drm/bridge: it6505: select REGMAP_I2C 32270c3a65bd f2fs: fix condition in __allow_reserved_blocks() 08eb6043c9e5 drm/radeon/r600_cs: clean up of dead code in r600_cs 9c704b291d5d drm/panel: novatek-nt35560: Fix invalid return value 08cb3dc9d2b4 bpf: Enforce expected_attach_type for tailcall compatibility 44045b107a4e i2c: designware: Add disabling clocks when probe fails 6d621778e378 i2c: designware: Fix clock issue when PM is disabled 59d467bd07ee i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD a4b5eac932ca thermal/drivers/qcom/lmh: Add missing IRQ includes d2e0755412bf thermal/drivers/qcom: Make LMH select QCOM_SCM c07e759b3f53 hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems c38998ed0e88 once: fix race by moving DO_ONCE to separate section 2158121117c9 tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers 748bbe2c1673 smp: Fix up and expand the smp_call_function_many() kerneldoc cdeafacb4f9f bpf: Explicitly check accesses to bpf_sock_addr ec9a5b4f0eee selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported 5477b0045056 i3c: master: svc: Recycle unused IBI slot 20ff7004c9a0 i3c: master: svc: Use manual response for IBI events 060ecc81240e nvmet-fc: move lsop put work to nvmet_fc_ls_req_op 8963484b7e15 ACPICA: Fix largest possible resource descriptor index c3202fce0cea pwm: tiehrpwm: Fix corner case in clock divisor calculation 6926fc62b777 arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible 8063e535a5a2 arm64: dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value 7e538e84ca7d arm64: dts: mediatek: mt6331: Fix pmic, regulators, rtc, keys node names 2af05a03b1d2 cpuidle: qcom-spm: fix device and OF node leaks at probe aa30d3077298 firmware: firmware: meson-sm: fix compile-test default 4f9e6ff6319d nbd: restrict sockets to TCP and UDP 37e5190d4bfe arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie0 341a1b62a024 null_blk: Fix the description of the cache_size module argument 70d4e6996a5d pinctrl: renesas: Use int type to store negative error codes 82b71f330cd0 power: supply: cw2015: Fix a alignment coding style issue 80eab6a9df7e PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() 585499f17d1d ARM: dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property 396ee23da443 ARM: dts: ti: omap: omap3-devkit8000-lcd: Fix ti,keep-vref-on property to use correct boolean syntax in DTS dcc72335190c ARM: dts: ti: omap: am335x-baltos: Fix ti,en-ck32k-xtal property in DTS to use correct boolean syntax 96adc664ff27 PM: sleep: core: Clear power.must_resume in noirq suspend error path fa2a1c33e081 block: use int to store blk_stack_limits() return value 12ef6fe2b4ea selftests/nolibc: fix EXPECT_NZ macro aac29a895144 regulator: scmi: Use int type to store negative error codes 5ce4e7a5fe46 arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map e9d02b09ded8 ARM: at91: pm: fix MCKx restore routine 06c4826b1d90 blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx 299cd1f5fdaa pinctrl: meson-gxl: add missing i2c_d pinmux 3433843693e0 soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS 5b8ac5689739 ACPI: processor: idle: Fix memory leak when register cpuidle device failed 24a67e7dfd03 cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() 64db56dc1fe5 leds: flash: leds-qcom-flash: Update torch current clamp setting ca782b2a61d6 ARM: dts: renesas: porter: Fix CAN pin group 5c6246bc147d libbpf: Fix reuse of DEVMAP ab8b2403103f bpf: Remove migrate_disable in kprobe_multi_link_prog_run 7db2f54be7d5 bpf/selftests: Fix test_tcpnotify_user c99c6c593ee2 regmap: Remove superfluous check for !config in __regmap_init() 0401de6d1665 arm64: dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 db82a94b0c10 x86/vdso: Fix output operand size of RDPID 8100b6c0f908 EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller a993be82c512 smb: server: fix IRD/ORD negotiation with the client 379cae2cb982 perf: arm_spe: Prevent overflow in PERF_IDX2OFF() 35e5f3759010 coresight: trbe: Prevent overflow in PERF_IDX2OFF() 239c49a99d63 gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote 69e2a7c30750 selftests: arm64: Check fread return value in exec_target 00f1726e6412 seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast 9d8b6c9f18e5 init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD a312ec6d768a filelock: add FL_RECLAIM to show_fl_flags() macro Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 1179c03a003..d9281a8dc3a 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "30009325411827c48a376212ef00a5637f67b914" -SRCREV_meta ?= "50530c858c90f124629dadce78f696b590747ea5" +SRCREV_machine ?= "6b56dc2c001e49e222099ea81df6a528daaa6494" +SRCREV_meta ?= "e9d2569bbf078a9a440eb2a266d4908a8e981efb" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.111" +LINUX_VERSION ?= "6.6.112" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index eb906bad17b..2d4614380a6 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.111" +LINUX_VERSION ?= "6.6.112" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "529f5ce5c38c39bc1fe4022f499ee718bff0cb8b" -SRCREV_meta ?= "50530c858c90f124629dadce78f696b590747ea5" +SRCREV_machine ?= "024ea2ec19c7ce3b85127ee406b77d1cb5c7d1ba" +SRCREV_meta ?= "e9d2569bbf078a9a440eb2a266d4908a8e981efb" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 070342f5b73..aec9465d521 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "f864fe79b2b8052e10bbe3ae443941ccefa5a951" -SRCREV_machine:qemuarm64 ?= "cdd229fbaaa25d5d9eb055477af8c2b82238763b" -SRCREV_machine:qemuloongarch64 ?= "2a17dc587afe4e133deef4d8c9ec98724aee785b" -SRCREV_machine:qemumips ?= "2f5bef5596eeb6ac65023cfeb1a6402efcdc965f" -SRCREV_machine:qemuppc ?= "be45c09ed7f4b5a09f95cd90484ef083c8552344" -SRCREV_machine:qemuriscv64 ?= "2a17dc587afe4e133deef4d8c9ec98724aee785b" -SRCREV_machine:qemuriscv32 ?= "2a17dc587afe4e133deef4d8c9ec98724aee785b" -SRCREV_machine:qemux86 ?= "2a17dc587afe4e133deef4d8c9ec98724aee785b" -SRCREV_machine:qemux86-64 ?= "2a17dc587afe4e133deef4d8c9ec98724aee785b" -SRCREV_machine:qemumips64 ?= "130d3c48ab3b914907b88ff240463b4e5718d526" -SRCREV_machine ?= "2a17dc587afe4e133deef4d8c9ec98724aee785b" -SRCREV_meta ?= "50530c858c90f124629dadce78f696b590747ea5" +SRCREV_machine:qemuarm ?= "8bb9f27f007491367c5462bc6621b2b54de3a698" +SRCREV_machine:qemuarm64 ?= "f3ce184609214572523760978e39e0cb8c9bcd2e" +SRCREV_machine:qemuloongarch64 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" +SRCREV_machine:qemumips ?= "176f3129fdbd03984202e6e7be1513fb5cf034c8" +SRCREV_machine:qemuppc ?= "056373204046e1264be8c6dbdc7d6fe5cc8fcd44" +SRCREV_machine:qemuriscv64 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" +SRCREV_machine:qemuriscv32 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" +SRCREV_machine:qemux86 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" +SRCREV_machine:qemux86-64 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" +SRCREV_machine:qemumips64 ?= "9a4d37ff6055f4ba90ed7dae2521a7aa88a59469" +SRCREV_machine ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" +SRCREV_meta ?= "e9d2569bbf078a9a440eb2a266d4908a8e981efb" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "655054d2c3c184875f95646abd828b5dfc027d5e" +SRCREV_machine:class-devupstream ?= "0bbbd97a442d5e0136cc2ee921a4b76542d618ce" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.111" +LINUX_VERSION ?= "6.6.112" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81752 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFEACF357C6 for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21663.1771943576393185255 for ; Tue, 24 Feb 2026 06:32:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=OUGVJ+0R; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-48334ee0aeaso42220305e9.1 for ; Tue, 24 Feb 2026 06:32:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943574; x=1772548374; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YOAGL/uMb27J7fAvZSsMvbjaONDOlPokP0jcGOnP2hg=; b=OUGVJ+0RLaaeqp1dTk3BR3HyEo6VZ3Xk0O3UV46a6ZilGB5/c9dho1TSDSPPLg5w1z iJhI+awbop5ip1liZ+x3nkNwrgodgHIDIVG+NBGRz/dowy9yO7CSc9wEg8A7V4q6lIJb 20Bc6nsNECAXdSd2Am8VkexosX8qSTFXKKjjk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943574; x=1772548374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YOAGL/uMb27J7fAvZSsMvbjaONDOlPokP0jcGOnP2hg=; b=bOGTnn7bGEm2Zt7w47Ml7u39F+68r4GgleLyTM6xtDU8kjdjIaLbyC4ND8hiRfYqoR RjqnA7GnITi/FqlyFsKq4yI1KRyVDZVWUakrRb+vJSdQ1Urs8bFjMW5iPoN3/ReNH/FA FDJo4kboWqIuvfZk01QNyxzeM6U83QXESqpggZdKEe7D0dwFaof49Jb+ft3NErJOxZLi LKb+ZBcKenh53fnqx98ADe3p6lG/xbkaWhLDzAnuCv2aZdXvA9OTqE5UKFvTqi4hmMGC rqCDpfp+1Aowc+P/mzXLHp1OTjp3F4FUshl5Rb4mwKUUzfMY8OBCNCICC1uponim1s5L IHGg== X-Gm-Message-State: AOJu0YxCjy1LlwxisKrPmY6YcoafaPK7GHkDzlEfjKAJZzEb8k6ZTYAR LrfPJql7/5BUAEMJCZIVMYtLKqTeVkUwlV6tNcHu+KodlNEse/CKC/UlI3k6tv/MZtBdqTxQ4La 47bcU X-Gm-Gg: AZuq6aI2eQ7fftbmoNstOXAHpK9zck4fPD/w7SNeNHAKt5Cic0UqfoCWLmacEIvc1JT k42GwZG/Qhjv/56UJMfsRj15Zgg2ZRDSY0Ayj5tiDziw6thwo8xgaMC936sidQPk1Z1GPPWGF55 FW0t7oeSCcwrbdeJdWOS0YMer5dkUACG+siE36RFr82RMPbxQINJFGCN8VeKMBT37gj56bi8Wpe PvinnWRMjEOspa7gkQ0+IBbRi6AowOgFNlD3x1WfyljZmNaRPH6CDW2ZKUWsg6ofQknia+zRfxm CMR99JowyVrgR1lnToG7JLUL8Wntaf6L5pcxCopHfM1m2EQhe90JcvlcSAAsDe3Bdr4ED5ts62q ao/z4a/+rc6YKLvr1n8d8KRdHZwHWfGiTr7YIKJikDOyT/HWu2Oae0Y7rRwi0t56wSeruRMiniN k/V6zcMTpG0YIgy2FfH3Y93OySoToTWgUGx51KnWxnNo8OYH9ALZB/JKIkHh6vMlv6iht/o0YB+ S4PlL0zxXcpKbWrr5YWplfNkMRAMefeVP28V+VDZ+am X-Received: by 2002:a05:600c:a00d:b0:480:690e:f14a with SMTP id 5b1f17b1804b1-483a95bf2f3mr220740375e9.14.1771943574103; Tue, 24 Feb 2026 06:32:54 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:53 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/44] linux-yocto/6.6: update to v6.6.114 Date: Tue, 24 Feb 2026 15:31:40 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231817 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 4a243110dc88 Linux 6.6.114 d060f49771b5 PCI: tegra194: Reset BARs when running in PCIe endpoint mode ed518734a3c1 PCI: j721e: Fix programming sequence of "strap" settings d763fffd4284 PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists 92b82e232b8d mm/ksm: fix flag-dropping behavior in ksm_madvise 499089376206 ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL 65dc89d5cf40 PCI/sysfs: Ensure devices are powered for config reads (part 2) 9c1c7edfea46 nfsd: decouple the xprtsec policy check from check_nfsd_access() 2e0aab9ddaf1 ixgbevf: fix mailbox API compatibility by negotiating supported features 8aebc9367911 ixgbevf: fix getting link speed data for E610 devices 52ffb51de64f ixgbevf: Add support for Intel(R) E610 device 6d4597351818 PCI: Add PCI_VDEVICE_SUB helper macro 247d1fff85e0 phy: cadence: cdns-dphy: Update calibration wait time for startup state machine 01829af7656b ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() cebfbf40056a vfs: Don't leak disconnected dentries on umount f7353208c91a NFSD: Define a proc_layoutcommit for the FlexFiles layout type f846eacde280 fs: quota: create dedicated workqueue for quota_release_work d7d942c9a182 quota: remove unneeded return value of register_quota_format 6c79b23f1c52 padata: Reset next CPU when reorder sequence wraps around 5fb3328e927c xfs: use deferred intent items for reaping crosslinked blocks a4970f5087e2 iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended 353c69c7898e iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure 0af89c7e640a phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling 3594108460db phy: cdns-dphy: Store hs_clk_rate and return it 11d10382a4df iio: imu: inv_icm42600: Simplify pm_runtime setup cbdd55050b78 PM: runtime: Add new devm functions 2c3f01bb6ee4 xfs: fix log CRC mismatches between i386 and other architectures 4245f6c66a3c xfs: rename the old_crc variable in xlog_recover_process c896618807a2 NFSD: Fix last write offset handling in layoutcommit 4138321e9d41 NFSD: Minor cleanup in layoutcommit processing daa0ff1780c9 NFSD: Rework encoding and decoding of nfsd4_deviceid 30a6a61c5828 nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() a0caf1de97e1 block: fix race between set_blocksize and read paths 8fdd0ad43977 arm64: errata: Apply workarounds for Neoverse-V3AE d9d3e9ff1e2a arm64: cputype: Add Neoverse-V3AE definitions 4f5ab4a9c6ab hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() b1ec27375dea selftests: arg_parsing: Ensure data is flushed to disk before reading. a0ed8ae58a83 HID: multitouch: fix name of Stylus input devices ef45e08141f8 HID: hid-input: only ignore 0 battery events for digitizers 576312eb4363 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card d776af255d19 selftests/bpf: make arg_parsing.c more robust to crashes 48b1d42286bf accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() af7e3989e241 ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings 66c29d9fc1dc sched/fair: Fix pelt lost idle time detection 3359a93f45c3 sched/balancing: Rename newidle_balance() => sched_balance_newidle() 8942165d0c3f drm/rockchip: vop2: use correct destination rectangle height check 025db46dbcf8 drm/amd/powerplay: Fix CIK shutdown temperature 7a4482d59fcb drm/i915/guc: Skip communication warning on reset in progress b82efea81a15 ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit 1746416e885c ASoC: nau8821: Generalize helper to clear IRQ status ce1aa07aea2b ASoC: nau8821: Cancel jdet_work before handling jack ejection 9e32cb91bfb3 ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec 001f1fb0e4e3 drm/bridge: lt9211: Drop check for last nibble of version register 706ed11aa9e8 riscv: kprobes: Fix probe address validation 06da9b0f87da nvme-multipath: Skip nr_active increments in RETRY disposition a22c03011dac net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset db00e3bdf69a net: usb: lan78xx: Add error handling to lan78xx_init_mac_address 9c470a536556 tls: don't rely on tx_work during send() c61d4368197d tls: wait for pending async decryptions if tls_strp_msg_hold fails b9e21d676def tls: always set record_type in tls_process_cmsg f6c40bf4078d tls: wait for async encrypt in case of error during latter iterations of sendmsg f61dfccc5a3e net: tls: wait for async completion on last message 071377a13834 tls: trim encrypted message to match the plaintext on short splice 3dd3aa80e5af tg3: prevent use of uninitialized remote_adv and local_adv variables 2bd8352df493 tcp: fix tcp_tso_should_defer() vs large RTT 939a7d837167 amd-xgbe: Avoid spurious link down messages during interface toggle 48294a67863c net/ip6_tunnel: Prevent perpetual tunnel growth 932f7cd27905 r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H deb6ab171fd1 doc: fix seg6_flowlabel path 3f4a318dec64 net: dlink: handle dma_map_single() failure properly e3fdc2b2c61e can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() 627a7ebd8954 dax: skip read lock assertion for read-only filesystems d280c138e66b HID: multitouch: fix sticky fingers 5f65c8ad8c72 usb: gadget: f_rndis: Refactor bind path to use __free() 1cde4516295a usb: gadget: f_ncm: Refactor bind path to use __free() e348d18fb012 usb: gadget: f_acm: Refactor bind path to use __free() 070f341d86cf usb: gadget: f_ecm: Refactor bind path to use __free() 70a766743173 usb: gadget: Introduce free_usb_request helper 167ac21abb82 usb: gadget: Store endpoint pointer in usb_request 50c721be2cff media: nxp: imx8-isi: m2m: Fix streaming cleanup on release 211728b9b282 media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() 7a27f07948ef drm/exynos: exynos7_drm_decon: remove ctx->suspended cbbe08268a13 drm/exynos: exynos7_drm_decon: properly clear channels during bind 98c15dc95009 drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions fbc8589975ef drm/msm/a6xx: Fix PDC sleep sequence 8e245d3a2ab8 drm/msm/adreno: De-spaghettify the use of memory barriers eb0d280c2751 eventpoll: Replace rwlock with spinlock f72553935a53 epoll: Remove ep_scan_ready_list() in comments dfacd00818ce Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 e19e401b059a cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay 59a6e61863e2 drm/amd: Check whether secure display TA loaded successfully db4bdb550ce1 drm/amdgpu: use atomic functions with memory barriers for vm fault info 57239762aa90 drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies 15c73964da9d cifs: parse_dfs_referrals: prevent oob on malformed input 00e7da6ca640 can: gs_usb: increase max interface to U8_MAX be19fcf0baed can: gs_usb: gs_make_candev(): populate net_device->dev_port 289498da343b btrfs: do not assert we found block group item when creating free space tree ebbf0d45be41 btrfs: fix incorrect readahead expansion length 7c068bcc12d2 btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running cb6039b68efa ext4: detect invalid INLINE_DATA + EXTENTS flag combination 6e85cc404a7e ext4: wait for ongoing I/O to complete before freeing blocks 870e14104978 jbd2: ensure that all ongoing I/O complete before freeing blocks f13ef730370b f2fs: fix wrong block mapping for multi-devices 67a664eebf11 r8152: add error handling in rtl8152_driver_init d7dd034c1492 smb: client: Fix refcount leak for cifs_sb_tlink f231f248323d Linux 6.6.113 99c704e44cab perf test stat: Avoid hybrid assumption when virtualized 163f15370c55 writeback: Avoid excessively long inode switching times 7594dae6cc95 writeback: Avoid softlockup when switching many inodes ab0d0138803c cramfs: Verify inode mode when loading from disk 5a7602d64e1c fs: Add 'initramfs_options' to set initramfs mount options 09d227c59d97 pid: Add a judgment for ns null in pid_nr_ns d47cdfddeb49 minixfs: Verify inode mode when loading from disk 030a01fbcc42 irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume 6d09bbbca3e5 irqchip/sifive-plic: Make use of __assign_bit() 63c44fa29ef2 mptcp: pm: in-kernel: usable client side with C-flag 06d82c3a1f7f selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled ef8a0b37f11d s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG 1527222f3549 s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL 2c768a9d1c17 s390/bpf: Describe the frame using a struct instead of constants 10358217e30c s390/bpf: Centralize frame offset calculations 9b378246e7ef s390/bpf: Change seen_reg to a mask 63d2008affae ACPI: property: Do not pass NULL handles to acpi_attach_data() af0ff085cd56 ACPI: property: Add code comments explaining what is going on 156819a04732 ACPI: property: Disregard references in data-only subnode lists 1ed161347ad9 ACPI: battery: Add synchronization between interface updates 8f03b1bf2bcd ACPI: battery: Check for error code from devm_mutex_init() call e6c83bbb0119 ACPI: battery: initialize mutexes through devm_ APIs 346975d62660 ACPI: battery: allocate driver data through devm_ APIs b8c7d40b4cb3 arm64: mte: Do not flag the zero page as PG_mte_tagged 7f4f031e66ad arm64: kprobes: call set_memory_rox() for kprobe page ca603d157694 ipmi: Fix handling of messages with provided receive message pointer 348121b29594 ipmi: Rework user message limit handling aafae78e6d79 KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 d0d9fa88d7ab rseq: Protect event mask against membarrier IPI 1810b6084aea btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() 0c5ce6b6ccc2 PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release 93b8a612db29 PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() 0fa2185104df misc: fastrpc: Save actual DMA size in fastrpc_map structure 78e5fa79ed7c misc: fastrpc: Add missing dev_err newlines bc718d0bd87e ksmbd: add max ip connections parameter cd3efb93677c KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid ad25061d1d73 mm/ksm: fix incorrect KSM counter handling in mm_struct during fork 1a301228c0a8 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference 8d2a77ccefee mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag 3cb4b35687a9 mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type d7b038045ea0 mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value 7bd4e5367d09 media: mc: Clear minor number before put device 8c7aad767518 Squashfs: reject negative file sizes in squashfs_read_inode() f5a1b04e5df2 Squashfs: add additional inode sanity checking edb6425f5935 lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older abdfc4704e0b ext4: free orphan info with kvfree f775f821de46 ACPICA: Allow to skip Global Lock initialization 720a66fdaa6c ext4: validate ea_ino and size in check_xattrs 79ea7f3e11ef ext4: guard against EA inode refcount underflow in xattr update 9e642ab8e5b2 ext4: fix an off-by-one issue during moving extents d1e681c0bb03 ext4: correctly handle queries for metadata mappings 871b6894a3fa ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() 304fc34ff6fc ext4: verify orphan file size is not too big e7e0e3eae0c1 nfsd: nfserr_jukebox in nlm_fopen should lead to a retry 925ed83efbe7 NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() 677ebfe5d00f mm/damon/vaddr: do not repeat pte_offset_map_lock() until success bb5ef60ee84f mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 81a6d6011acb mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations 69336589df5d wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 d0ca2f9fbb96 wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again 3454c79780dd selftests: mptcp: join: validate C-flag + def limit 1264edbed45e x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) c5bceeb4c569 x86/umip: Check that the instruction opcode is at least two bytes d7760884ee3f spi: cadence-quadspi: Flush posted register writes before DAC access 8bf417e1d36c spi: cadence-quadspi: Flush posted register writes before INDAC access eef57e03d5c1 PCI: tegra194: Handle errors in BPMP response 315001252acd PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() a1a7a80dbe08 PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock f5770bba83d1 PCI: rcar-host: Drop PMSR spinlock 608ab627d966 PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit 61aeab7178aa PCI/AER: Support errors introduced by PCIe r6.0 741b78395083 PCI/AER: Fix missing uevent on recovery when a reset is requested a3a52f85a211 PCI/ERR: Fix uevent on failure to recover 36039348bca7 PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV bd27ddb68a42 PCI/sysfs: Ensure devices are powered for config reads 7a9dee3e4c9d PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock a5f1934fea37 rseq/selftests: Use weak symbol reference, not definition, to link with glibc 9f16da9b549a rtc: interface: Fix long-standing race when setting alarm 31a81d9ad81b rtc: interface: Ensure alarm irq is enabled when UIE is enabled 5dd821744377 memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe 587b819fbcbf mmc: core: SPI mode remove cmd7 6a5b401c745f mtd: rawnand: fsmc: Default to autodetect buswidth 151bd8885947 xtensa: simdisk: add input size check in proc_write_simdisk 3572290dfa7c sparc: fix error handling in scan_one_device() 612d10ce8490 sparc64: fix hugetlb for sun4u ed3044b9c810 sctp: Fix MAC comparison to be constant-time 04181645643d scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() ebf2b91a09fd sched/deadline: Fix race in push_dl_task() f4aab940ae9e Revert "ipmi: fix msg stack when IPMI is disconnected" dc3a1c6237e7 pwm: berlin: Fix wrong register in suspend/resume 9f88a6fd9748 powerpc/pseries/msi: Fix potential underflow and leak issue 83319fa81e60 powerpc/powernv/pci: Fix underflow and leak issue 4307297a5fe4 power: supply: max77976_charger: fix constant current reporting fc6ce639b9a7 pinctrl: samsung: Drop unused S3C24xx driver data 4bfba41d80d3 nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk 62fcb12c1f80 parisc: Remove spurious if statement from raw_copy_from_user() eb67aaf2c2f3 parisc: don't reference obsolete termio struct for TC* constants dd21dc8d7451 openat2: don't trigger automounts with RESOLVE_NO_XDEV ff770d10cfeb of: unittest: Fix device reference count leak in of_unittest_pci_node_verify babe2b53fa7d lib/genalloc: fix device leak in of_gen_pool_get() db2fcc8189bf KEYS: trusted_tpm1: Compare HMAC values in constant time 132f827e7bac kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths 8d982bdd5dfd iommu/vt-d: PRS isn't usable if PDS isn't supported ff416637ef07 iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume dad6e796b10f init: handle bootloader identifier in kernel parameters 759329336a77 iio: xilinx-ams: Unmask interrupts after updating alarms 26242971663d iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK 54e7b86d1ab0 iio: frequency: adf4350: Fix prescaler usage. 3f88f4e8f178 iio: dac: ad5421: use int type to store negative error codes a832682cf6c9 iio: dac: ad5360: use int type to store negative error codes f7fed2af0ad8 fs/ntfs3: Fix a resource leak bug in wnd_extend() feac989493ca fbdev: Fix logic error in "offb" name match 41b17a237e1e crypto: rockchip - Fix dma_unmap_sg() nents value 4b3770692262 crypto: atmel - Fix dma_unmap_sg() direction 11bb6f3cc21b crypto: aspeed - Fix dma_unmap_sg() direction 69a18ff6c60e cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() 2e9ae62b1ca3 copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) ed9cf7c460e8 bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() 108c50494c2b bus: mhi: ep: Fix chained transfer handling in read path 0276c8582488 btrfs: avoid potential out-of-bounds in btrfs_encode_fh() f74a135c5617 blk-crypto: fix missing blktrace bio split events fd7b6b31475e drm/nouveau: fix bad ret code in nouveau_bo_move_prep 07c0125e21a6 drm/rcar-du: dsi: Fix 1/2/3 lane support b4ba1c81de30 media: lirc: Fix error handling in lirc_register() ec02275a6317 media: venus: firmware: Use correct reset sequence for IRIS2 f9d61ee68937 media: pci: ivtv: Add missing check after DMA map 4c656fd59e9e media: mc: Fix MUST_CONNECT handling for pads with no links d429c3bb06fa media: i2c: mt9v111: fix incorrect type for ret c0ad66984750 media: cx18: Add missing check after DMA map dbcbac8c47cb firmware: meson_sm: fix device leak at probe 135eacbb111f xen/events: Update virq_to_irq on migration 612ef6056855 xen/events: Return -EEXIST for bound VIRQs 536a7e676fbe xen/manage: Fix suspend error path 9ac86c75148f xen/events: Cleanup find_virq() return codes 76165e048c1b dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required 4d74d17ab18e ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init 61683c2e7019 arm64: dts: ti: k3-am62a-main: Fix main padcfg length d9560998550d arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees ac7ce5c869f8 arm64: dts: qcom: msm8939: Add missing MDSS reset 0a5e8961cd0f arm64: dts: qcom: msm8916: Add missing MDSS reset 9cfc586847fa ACPI: debug: fix signedness issues in read/write helpers debf3c347330 ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT 1ae9cdd6b479 ACPI: property: Fix buffer properties extraction for subnodes b6e9645be9eb bpf: Avoid RCU context warning when unpinning htab with internal structs c14f73ecc365 gpio: wcd934x: mark the GPIO controller as sleeping 380c23baf030 tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single 436cfdbc57d9 cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points a133e2699f8e smb: client: fix missing timestamp updates after utime(2) f37e7860dc5e crypto: essiv - Check ssize for decryption and in-place encryption 46362cdd9df6 bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() 0028e0134c64 netfilter: nft_objref: validate objref and objrefmap expressions df0ffc4b51e9 netfilter: nf_tables: drop unused 3rd argument from validate callback ops 71fe3c3381de drm/amd/display: Properly disable scaling on DCE6 914b1f47fb6a drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 9973e4ee0e93 drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs 0e69ecbbd562 drm/amdgpu: Add additional DCE6 SCL registers b6bfe44b6dbb bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} d3f97bef535e mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes c6cdac3cb34f mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call 8078f8570e86 tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() 5e51bb7ffca1 perf python: split Clang options when invoking Popen 44f838a60551 tools build: Align warning options with perf 988519923e33 net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe 422c1c173c39 tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). c21f45cfa4a9 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() 77e402b0af5e drm/vmwgfx: Fix copy-paste typo in validation 867bda5d95d3 drm/vmwgfx: Fix Use-after-free in validation 299cfb5a7dea drm/vmwgfx: Fix a null-ptr access in the cursor snooper 2646a49e6286 net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() e9aff0d0b173 LoongArch: Init acpi_gbl_use_global_lock to false d243aaafddea LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init() 2d02309c2f05 ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size 3c90f583d679 scsi: mvsas: Fix use-after-free bugs in mvs_work_queue 949545ef80f7 cpufreq: tegra186: Set target frequency for all cpus in policy d497fef5b957 clk: tegra: do not overallocate memory for bpmp clocks 58f9a3f0acf9 clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver 586211feb242 clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() 5c2213b9aa44 clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() 9ea18c668db0 clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m fbfd0ae59013 perf evsel: Ensure the fallback message is always written to 4a1f44e54664 perf tools: Add fallback for exclude_guest f6b458071302 perf test: Add a test for default perf stat command 4163822f8c03 perf test: Don't leak workload gopipe in PERF_RECORD_* 1501f779e794 perf session: Fix handling when buffer exceeds 2 GiB 398657434c61 perf arm_spe: Correct memory level for remote access 6f6ab20a6a3d perf arm-spe: Rename the common data source encoding ec2cc8ed15fd perf arm_spe: Correct setting remote access 3966ea7d5405 rtc: optee: fix memory leak on driver removal 0decf468c71e rtc: x1205: Fix Xicor X1205 vendor prefix 41eac6ed9e2a perf util: Fix compression checks returning -1 as bool 64419ecff19f clk: at91: peripheral: fix return value afa0b258e073 libperf event: Ensure tracing data is multiple of 8 sized 52571a05bcd2 perf evsel: Avoid container_of on a NULL leader fdd428149a88 asm-generic/io.h: Skip trace helpers if rwmmio events are disabled ed30811fbed4 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() 8ea08bcab31d iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE cc1216f33ad4 clocksource/drivers/clps711x: Fix resource leaks in error paths 9f13f727bed6 fscontext: do not consume log entries when returning -EMSGSIZE bc7372c05a07 fs: always return zero on success from replace_fd() Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index d9281a8dc3a..07e8de39887 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6b56dc2c001e49e222099ea81df6a528daaa6494" -SRCREV_meta ?= "e9d2569bbf078a9a440eb2a266d4908a8e981efb" +SRCREV_machine ?= "546594fb2b71368579abbe46685b5b998ed67203" +SRCREV_meta ?= "e5fb502182a6a12aff7bf98c4395ce4286f5d995" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.112" +LINUX_VERSION ?= "6.6.114" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 2d4614380a6..48919e38537 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.112" +LINUX_VERSION ?= "6.6.114" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "024ea2ec19c7ce3b85127ee406b77d1cb5c7d1ba" -SRCREV_meta ?= "e9d2569bbf078a9a440eb2a266d4908a8e981efb" +SRCREV_machine ?= "eee9d9792cc377b1e2818beb1a8db7851ce67ede" +SRCREV_meta ?= "e5fb502182a6a12aff7bf98c4395ce4286f5d995" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index aec9465d521..c15edb3fd08 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "8bb9f27f007491367c5462bc6621b2b54de3a698" -SRCREV_machine:qemuarm64 ?= "f3ce184609214572523760978e39e0cb8c9bcd2e" -SRCREV_machine:qemuloongarch64 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" -SRCREV_machine:qemumips ?= "176f3129fdbd03984202e6e7be1513fb5cf034c8" -SRCREV_machine:qemuppc ?= "056373204046e1264be8c6dbdc7d6fe5cc8fcd44" -SRCREV_machine:qemuriscv64 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" -SRCREV_machine:qemuriscv32 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" -SRCREV_machine:qemux86 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" -SRCREV_machine:qemux86-64 ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" -SRCREV_machine:qemumips64 ?= "9a4d37ff6055f4ba90ed7dae2521a7aa88a59469" -SRCREV_machine ?= "a9ade4af8d792deb5591876c33e227cb8ed66c44" -SRCREV_meta ?= "e9d2569bbf078a9a440eb2a266d4908a8e981efb" +SRCREV_machine:qemuarm ?= "a4b8e87e13f9d7756b84d17c4b2a35afec9f972c" +SRCREV_machine:qemuarm64 ?= "1e4d2d3e208273fe270b6b0686a901d5913c3942" +SRCREV_machine:qemuloongarch64 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" +SRCREV_machine:qemumips ?= "b6f40464a993b4c8d974cf38792c030ccbfe4ead" +SRCREV_machine:qemuppc ?= "ff43ddf51676e66fb1df65e4d23a3b8d32210677" +SRCREV_machine:qemuriscv64 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" +SRCREV_machine:qemuriscv32 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" +SRCREV_machine:qemux86 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" +SRCREV_machine:qemux86-64 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" +SRCREV_machine:qemumips64 ?= "3d0a848a03fb800c937eb14669b8f51d8fe70998" +SRCREV_machine ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" +SRCREV_meta ?= "e5fb502182a6a12aff7bf98c4395ce4286f5d995" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "0bbbd97a442d5e0136cc2ee921a4b76542d618ce" +SRCREV_machine:class-devupstream ?= "4a243110dc884d8e1fe69eecbc2daef10d8e75d7" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.112" +LINUX_VERSION ?= "6.6.114" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D62F0F357C5 for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21462.1771943577255852189 for ; Tue, 24 Feb 2026 06:32:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ocGUEgRf; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-48370174e18so30483275e9.2 for ; Tue, 24 Feb 2026 06:32:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943575; x=1772548375; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RZQMV4S7BaxmS4XpDn4ZtXPK4InW7Peew4c1PqkC0/M=; b=ocGUEgRfVIovDvtxBxlZWwYKkhWNEGQAvUSIz9NxM5T4q52yl10ieIFotyYvywAHQ3 RdgBtAAbvxoUwgIRXPF4UmMMgSIqGEBB11LZSBWF+jtHywAYlVpDf0Qssu+CP/9QZIa9 msmsx4oq4FO7dUpZpYhakC5lkeL/qGcco8xxg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943575; x=1772548375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=RZQMV4S7BaxmS4XpDn4ZtXPK4InW7Peew4c1PqkC0/M=; b=chfuDiiLIL7HYoeE9hZl/EgyQuQ2Fb/EaSboNnMnhJOPSzhNqVRvKuYsewJ2vPbjNj +1XmkC+Ha6AuVk4Aoxfq7HY+v7czo26ItqKNpPtGSNcN7q7TF/qSh0BAGiRWzLNsk27Z bp68xzenxFR46B45yKTslbQ2aoQS8pW7RA0dleKHhXK8abVJ5pTbAEayPGl9tax+Sixs zxx2To7CSQfXuTg2c0JBO/KD8/eKYKc97XieQc8pq0JuVrcHDVqhBhxXdJfq5KAN/aY5 1rzPRiGZyD8m5hV7gY2M2LvXf2z/VPA9SzAT/qkMzIFMy1yn+CDkY63yIFkZ5Pt3SJdv iH+w== X-Gm-Message-State: AOJu0YxbzeuFCecGPSOXn/wnrG1IYjxizGzbIUrv9njcC9DwyVy43eWa K+DBSD7XPtI7idHTOF9wu5b9Q0Hy42WpRZrOIElT2b/gfjkrqeP1ufhl6ktRIsFo6aMc4nYEvAd JLgLM X-Gm-Gg: AZuq6aL9yb6tkkf+EG/E2WdVa62BAOR743tImqiDvYSrTqDTmEGmt7GPJrdLCZpuhg4 MfA7Ay13iKtDV/NlMazBVHRjcZ6ojl6VJM2c7stOxLrFno14JyLSdkZMGgUfVtmF6C6RhbATaEI SKuhxvoazqoBkiZpL/vbtoFefYqpB5ZszPgUzEtb5bolD08zkeGGEtLfjbnBzzY/+/UC+PyoUfJ iuhbOsIVhoiHG+4nvhT6TCf15tE0kRy+FsdQBOJU+XBajjcvmd8shI3OfhQ8n9qDLGt4gUnajN7 6rv0GTFwZXN9m3jjEeGGyP6mE0DLViLhzuwROqB8a3KWqMXy6y8TB35Jy2Io+VJsZaPWTPzm1Ms UBwXnd0PHOIUluwWK2Pt1TvNi5MccXEBj6mNLj+EJgqGc57q0SY+oiiN1K9voSe8xZGKv3dhq8k zWvv8qfb4cYvH+O53OXUUsZswFyWy2JnMxmh/mnFUyaRQvKn1w2d6qrzuyAYm2oZcn7n+TfSjyD bU0HzkG/GJ99WUHdB/jth5Wkw5LwEY7Kg== X-Received: by 2002:a05:600c:6296:b0:47a:81b7:9a20 with SMTP id 5b1f17b1804b1-483a95c6774mr221688945e9.9.1771943575046; Tue, 24 Feb 2026 06:32:55 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:54 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/44] linux-yocto/6.6: update to v6.6.116 Date: Tue, 24 Feb 2026 15:31:41 +0100 Message-ID: <15ea8cb001324830f5a89740e0ac2342e97031f4.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231818 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 0a805b6ea8cda Linux 6.6.116 63dde0eec59b4 gpio: idio-16: Define fixed direction of the GPIO lines 92a15817f0fbd gpio: regmap: add the .fixed_direction_output configuration parameter 38f50558b50cf gpio: regmap: Allow to allocate regmap-irq device ddd31f5a5ff39 bits: introduce fixed-type GENMASK_U*() 739aa67ef147b bits: add comments and newlines to #if, #else and #endif directives 0e660d8224d07 xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event 3aa367e6aae7a xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. dae8555062cf0 xhci: dbc: Improve performance by removing delay in transfer event polling. 6f126ef0117c9 xhci: dbc: Allow users to modify DbC poll interval via sysfs 1c5cec6625a3f xhci: dbc: poll at different rate depending on data transfer activity afdf4f5108513 serial: sc16is7xx: remove useless enable of enhanced features 74c8eafd42b48 serial: sc16is7xx: refactor EFR lock 7db1a5451bcb9 serial: sc16is7xx: reorder code to remove prototype declarations 2f7592e0bdfc6 serial: sc16is7xx: remove unused to_sc16is7xx_port macro 39a7305e2abad selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported f87c246d7c1ef selftests: mptcp: disable add_addr retrans in endpoint_tests 1f1632dd97dae mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR 4784326cb26a4 arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c 797f15c2b15e9 btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() 93bcd360c503e btrfs: use level argument in log tree walk callback replay_one_buffer() ef64d81fb7ddd btrfs: always drop log root tree reference in btrfs_replay_log() 3b838f39f4be8 btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() fb6ceb6cde7bc btrfs: zoned: refine extent allocator hint selection 8fabf4d56fd8f btrfs: zoned: return error from btrfs_zone_finish_endio() 625aecafb1bd2 EDAC/mc_sysfs: Increase legacy channel support to 16 0956cdef60de8 x86/bugs: Fix reporting of LFENCE retpoline 077823b06f1cc x86/bugs: Report correct retbleed mitigation status 5c63fb0b382f9 perf: Skip user unwind if the task is a kernel thread 89fbfc799e1d5 perf: Have get_perf_callchain() return NULL if crosstask and user are set 34b5aba8511a1 perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL a61ed1fb165b0 audit: record fanotify event regardless of presence of rules 6ffa9d6618718 net/sched: sch_qfq: Fix null-deref in agg_dequeue e5bbb12db2c75 Linux 6.6.115 2dc125f5da134 ksmbd: transport_ipc: validate payload size before reading handle 2ae71c3770c39 gpio: ljca: Initialize num before accessing item in ljca_gpio_config bfd17b6138df0 fuse: fix livelock in synchronous file put from fuseblk workers c7ec75f3cbf73 fuse: allocate ff->release_args only if release is needed c34b09cbd6fc0 s390/cio: Update purge function to unregister the unused subchannels 41fe20cfbcd43 x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID bc1c6b803e14e fs/notify: call exportfs_encode_fid with s_umount df75bfc287029 xfs: always warn about deprecated mount options b89e20a365442 devcoredump: Fix circular locking dependency with devcd->mutex. 7c691e10ca958 serial: 8250_mtk: Enable baud clock and manage in runtime PM a8527907f28d7 serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 f354f7510ff0e serial: 8250_dw: handle reset control deassert error 928a9c9b97ea2 dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp 91b2d5fcde526 tcpm: switch check for role_sw device with fw_node 6fb8fbc0aa542 most: usb: hdm_probe: Fix calling put_device() before device initialization 72427dc6f8752 most: usb: Fix use-after-free in hdm_disconnect 9a297a68c3ba4 misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup a068cbe71c1cb mei: me: add wildcat lake P DID d4854eff25efb comedi: fix divide-by-zero in comedi_buf_munge() c055480e04561 binder: remove "invalid inc weak" check 3a25640814ff8 x86/microcode: Fix Entrysign revision check for Zen1/Naples 03d7e8c749428 xhci: dbc: enable back DbC in resume if it was enabled before suspend 2c217d0e86885 usb: raw-gadget: do not limit transfer length cbf278c90c64a usb/core/quirks: Add Huawei ME906S to wakeup quirk 102b9b8942e11 USB: serial: option: add Telit FN920C04 ECM compositions da06de8f1656f USB: serial: option: add Quectel RG255C 7070c31465f1c USB: serial: option: add UNISOC UIS7720 6d63703bec0c1 sched: Remove never used code in mm_cid_get() 770b33a1a8e46 io_uring: correct __must_hold annotation in io_install_fixed_file 5ba12858b664f gpio: ljca: Fix duplicated IRQ mapping 7efa69e0688b5 gpio: update Intel LJCA USB GPIO driver d11f2156a93e3 hwmon: (sht3x) Fix error handling dc1ac7c1a355b RISC-V: Don't print details of CPUs disabled in DT 00b58d2c25d10 RISC-V: Define pgprot_dmacoherent() for non-coherent devices c7849e8cb22a9 firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode d719ce9f286c4 firmware: arm_scmi: Account for failed debug initialization e42ec4eccebe2 spi: spi-nxp-fspi: add extra delay after dll locked 18d1c06b72d56 selftests: mptcp: join: mark implicit tests as skipped if not supported c8aa3fd5b4a03 selftests: mptcp: join: mark 'flush re-add' as skipped if not supported 5e46e4dc829e1 net: ravb: Ensure memory write completes before ringing TX doorbell d064092c3fc34 net: ravb: Enforce descriptor type ordering 36838ece81545 net: usb: rtl8150: Fix frame padding 9f2db04c21cff net: stmmac: dwmac-rk: Fix disabling set_clock_selection 42ed0784d11ad vsock: fix lock inversion in vsock_assign_transport() aa6a21409dd62 ocfs2: clear extent cache after moving/defragmenting extents c7ae6b99c982d MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering fa41d6f4b1382 cifs: Fix TCP_Server_Info::credits to be signed 356c7fdf684cd can: netlink: can_changelink(): allow disabling of automatic restart a9da00c9cee99 ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 29d96bcc14952 Revert "cpuidle: menu: Avoid discarding useful information" a0c16f20d23cf gpio: 104-idio-16: Define maximum valid register address offset 67adc5500ad7c gpio: pci-idio-16: Define maximum valid register address offset 3373f263bb647 arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() 941096f618c50 dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC 15b80f63269d3 net: bonding: fix possible peer notify event loss or dup issue cb9055ba30306 sctp: avoid NULL dereference when chunk data buffer is missing 4f32f754343a8 arm64, mm: avoid always making PTE dirty in pte_mkwrite() 8b051d7f530e8 net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ 72328f25755ee net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ 9d7bc56c550eb net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead b411759b9c1a9 selftests: net: fix server bind failure in sctp_vrf.sh bbcbbb9d68626 selftests/net: convert sctp_vrf.sh to run it in unique namespace dd2a7aba7f8d8 can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() 05e2c6ef4a9da dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path 050732ace1dbd net: enetc: correct the value of ENETC_RXB_TRUESIZE 2781ca82ce8ca net: enetc: fix the deadlock of enetc_mdio_lock 74c94df40ede9 net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). 6993a51388bdc rtnetlink: Allow deleting FDB entries in user namespace 362f4c52efd05 net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() 550e311e1b16f Unbreak 'make tools/*' for user-space targets 6aef39551e60a smb: server: let smb_direct_flush_send_list() invalidate a remote key first 6ef6ac49fdf1d drivers/perf: hisi: Relax the event ID check in the framework 99bdd0580d7f2 powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure 6aee82d0bfeee m68k: bitops: Fix find_*_bit() signatures 5f43ab41ddab1 lkdtm: fortify: Fix potential NULL dereference on kmalloc failure 24cac083a76b9 hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() cfafefcb0e1fc hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() 8c18c84ecbfa3 dlm: check for defined force value in dlm_lockspace_release 2bb8bc99b1a7a hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() 4f40a2b3969da hfs: validate record offset in hfsplus_bmap_alloc a5bfb13b4f406 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() 714e70f603bee hfs: make proper initalization of struct hfs_find_data 7870fbdce00ef hfs: clear offset and space out of valid records in b-tree node b1ec9faef7e36 nios2: ensure that memblock.current_limit is set when setting pfn limits 813d3d18cfe47 exec: Fix incorrect type for ret Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 07e8de39887..55ab56e2887 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "546594fb2b71368579abbe46685b5b998ed67203" -SRCREV_meta ?= "e5fb502182a6a12aff7bf98c4395ce4286f5d995" +SRCREV_machine ?= "a40e6c13f556fd1b07f6a9e21137b47964d897af" +SRCREV_meta ?= "9f0c7a1604548bd736f348d3fae281f2d726d6a8" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.114" +LINUX_VERSION ?= "6.6.116" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 48919e38537..1456d964114 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.114" +LINUX_VERSION ?= "6.6.116" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "eee9d9792cc377b1e2818beb1a8db7851ce67ede" -SRCREV_meta ?= "e5fb502182a6a12aff7bf98c4395ce4286f5d995" +SRCREV_machine ?= "daacc64fc40b3e47e2d4164ceb1b51a05af73844" +SRCREV_meta ?= "9f0c7a1604548bd736f348d3fae281f2d726d6a8" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index c15edb3fd08..be92663eb1b 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "a4b8e87e13f9d7756b84d17c4b2a35afec9f972c" -SRCREV_machine:qemuarm64 ?= "1e4d2d3e208273fe270b6b0686a901d5913c3942" -SRCREV_machine:qemuloongarch64 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" -SRCREV_machine:qemumips ?= "b6f40464a993b4c8d974cf38792c030ccbfe4ead" -SRCREV_machine:qemuppc ?= "ff43ddf51676e66fb1df65e4d23a3b8d32210677" -SRCREV_machine:qemuriscv64 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" -SRCREV_machine:qemuriscv32 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" -SRCREV_machine:qemux86 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" -SRCREV_machine:qemux86-64 ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" -SRCREV_machine:qemumips64 ?= "3d0a848a03fb800c937eb14669b8f51d8fe70998" -SRCREV_machine ?= "0913b7f4e606a1c2adaf202e654a20f66dd6c5d0" -SRCREV_meta ?= "e5fb502182a6a12aff7bf98c4395ce4286f5d995" +SRCREV_machine:qemuarm ?= "ca0cf34ac378d033a31bd92282d92d3e6f1f6c5a" +SRCREV_machine:qemuarm64 ?= "698c863fb39998ee9f2f590ff9626ca34cf3a9d1" +SRCREV_machine:qemuloongarch64 ?= "f9b3617edd37432584510131383ee97a6eb889b5" +SRCREV_machine:qemumips ?= "fbdfcd56de6c092d0c62e0529231bb41663a7e02" +SRCREV_machine:qemuppc ?= "7560c9897677e1722452733c7b34e651bcaee399" +SRCREV_machine:qemuriscv64 ?= "f9b3617edd37432584510131383ee97a6eb889b5" +SRCREV_machine:qemuriscv32 ?= "f9b3617edd37432584510131383ee97a6eb889b5" +SRCREV_machine:qemux86 ?= "f9b3617edd37432584510131383ee97a6eb889b5" +SRCREV_machine:qemux86-64 ?= "f9b3617edd37432584510131383ee97a6eb889b5" +SRCREV_machine:qemumips64 ?= "5f40729e5eb8c999e2d6f7dc592c2869a36f0169" +SRCREV_machine ?= "f9b3617edd37432584510131383ee97a6eb889b5" +SRCREV_meta ?= "9f0c7a1604548bd736f348d3fae281f2d726d6a8" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "4a243110dc884d8e1fe69eecbc2daef10d8e75d7" +SRCREV_machine:class-devupstream ?= "0a805b6ea8cda0caa268b396a2e5117f3772d849" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.114" +LINUX_VERSION ?= "6.6.116" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81750 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC691F357BF for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21465.1771943578564184354 for ; Tue, 24 Feb 2026 06:32:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=bTNwuXER; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-483abed83b6so22422215e9.0 for ; Tue, 24 Feb 2026 06:32:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943577; x=1772548377; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=v2ac3b7aABHGqXcAqYRpcaW6g4AWoafcNFo1OWEHLe0=; b=bTNwuXER1AJiom7oTDz5q7596IBCbdFqRvDq/Jw98rwoCApdycx0UcC1/X/hmr+bMF DGJEfZd2z19Q6sv6OBVg6RJ5Z19gBwspMga2ONdf7PjtK7Y1V/c7xCJfIXFQ/9oDc7X5 1wYwR2ES5WN03PuibASTsYjczVRKNSi5rnp2o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943577; x=1772548377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=v2ac3b7aABHGqXcAqYRpcaW6g4AWoafcNFo1OWEHLe0=; b=tEhZ6/ocdfPiQyDtBHmXwA/cEc11NgydUHrmQ3URT2LR1djvPhUDotfa+p0swdWe9q vN2jIECXYvPpbX8kTV6lWvXcbC0GqkjnAaBxk7DaDpsWcXymJ/uMN0Sz/2k5ivgJCX9m pCFcj2xVEgQBRNMbXLJVsROsOCQdFlU8k2LMNIwJe4qTAYJ8uYdaxnctjrtqeSwHd5uE tsC87EsOqAmDyp0tDjvpLhlLpJnmeUWrFeWPhrdkACdGifwU+wtQ/QutQnDvsOB694q9 Jnzvb4yRdp3BKjdAH1Ig9j2RNKTbVPYuRJ31foCJng5KYoSafOqZU8zId19fYX4XF0Y5 4vhQ== X-Gm-Message-State: AOJu0YxG+B7GQLHPB5yOsQ0dTpDH3s+8gAwxpKkIoUcAXtPdNe3o3YK+ qQk50KNrLUJTIYoxKQ838AEBYqb741x3ieZfYsIB+asNIXaRX+FFn8wUvpAarW+72klccmxJrph uQAoz X-Gm-Gg: AZuq6aItInURPHJajJADjE7x7gU3J0nQO1UTPjefNqXrVE3ge4D6ActAYQBHeeP/kcU uzcg1jrc9/BP1zkmZUrhI/3Jf6NnJmRtZRGIt3zm4HU71wher04fABit/nMJqYm3gf5RBn8NdV6 4CQScqmANnZhPXFm+942TAhjjBe9HeGewWLHVC6EfJ5jLXR7+kSVgD2H1T7dKlPpYLTUsjGgv4G bKPoZVkXlq0RDg2XWquyda1nOcC+9XdtzVfn3G+msT+hzCFSEYqWP/B2A5tD2Ol0v4sds1BMOBv Vq3EZyw2JgDHWs3WGkzBetaQl+8Prj2DsPYjKIQ5X1wjM7qqeCbPVK3mctv68WcnbTGNsZJflRC 4EbapdW4XxsxWsOoUr8o4Mpddlv4cPjhtbovRt6hWPMT4q39EluNXHFAuFYAV8S4XYOwL+f+jVe m1zNDJA5kJgnCAtx0NvTkUMH2IHUfUVMZFWXykdxJxE45Kj/yjAo/AhTRfZTo7oNSYpVB7WZijR truI8exbnkCuNd9PEP7PQMsqRM8ojvdNw== X-Received: by 2002:a05:600c:3e05:b0:477:7f4a:44b4 with SMTP id 5b1f17b1804b1-483a95b3df6mr194345565e9.1.1771943575877; Tue, 24 Feb 2026 06:32:55 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:55 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/44] linux-yocto/6.6: update to v6.6.118 Date: Tue, 24 Feb 2026 15:31:42 +0100 Message-ID: <20de0b6e9dd2371e3d2302ee0912a0263fbf6a72.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231821 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 4791134e4aeb Linux 6.6.118 c602cc344b4b mptcp: fix a race in mptcp_pm_del_add_timer() 19de79aaea33 mm/mempool: fix poisoning order>0 pages with HIGHMEM 0d40c4ef4b4b mm/mempool: replace kmap_atomic() with kmap_local_page() f38b91f7aded HID: amd_sfh: Stop sensor before starting 4948db9c9ca8 selftests: mptcp: join: endpoints: longer transfer 378e6136b8c0 pmdomain: imx: Fix reference count leak in imx_gpc_remove a5958b1bcf4a pmdomain: imx-gpc: Convert to platform remove callback returning void ad120c08b89a pmdomain: arm: scmi: Fix genpd leak on provider registration failure 7ea2ea68df08 ftrace: Fix BPF fexit with livepatch f01f9c348d76 crash: fix crashkernel resource shrink b3d24038eb77 wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() 29150018bf19 maple_tree: fix tracepoint string pointers bf07df375d20 uio_hv_generic: Set event for all channels on the device fc3139d9f4c1 KVM: arm64: Check the untrusted offset in FF-A memory share 64332afa9f76 smb: client: fix incomplete backport in cfids_invalidation_worker() 6917e894f86f tracing/tools: Fix incorrcet short option in usage text for --threads 952637c5b9be net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error 1ee10e90e160 ALSA: usb-audio: fix uac2 clock source at terminal parser 5d604d40cd32 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic e822e902f8e6 s390/mm: Fix __ptep_rdp() inline assembly 4e9efe0d56e7 f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi d0141cf6ab1f kconfig/nconf: Initialize the default locale at startup be46fa4de9da kconfig/mconf: Initialize the default locale at startup 6ae0613ea6f5 net: tls: Cancel RX async resync request on rcd_delta overflow 1bc765f0f75a selftests: net: use BASH for bareudp testing 3ab328a0258f x86/microcode/AMD: Limit Entrysign signature checking to known generations 5d778778b40b scsi: core: Fix a regression triggered by scsi_host_busy() 1f8e4d6c1d20 cifs: fix typo in enable_gcm_256 module parameter d89ae707cfe6 bcma: don't register devices disabled in OF 5998da5a8208 vsock: Ignore signal/timeout on connect() if already established 7627864dc312 cifs: fix memory leak in smb3_fs_context_parse_param error path 496d1383e441 LoongArch: Use UAPI types in ptrace UAPI header 69e043bce09c net/mlx5: Clean up only new IRQ glue on request_irq() failure 715d9cda646a devlink: rate: Unset parent pointer in devl_rate_nodes_destroy 6d9f0036d21e pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() 3b90bd8aaeb2 pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc f0923011c126 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() 57752d523a3f kernel.h: Move ARRAY_SIZE() to a separate header 9bbb4afff974 platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos 3b177b2ded56 s390/ctcm: Fix double-kfree e2a897ad5f53 nvme-multipath: fix lockdep WARN due to partition scan work 0b903f33c31c net: openvswitch: remove never-working support for setting nsh fields f8c496e20b7a net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() 385fd7ec3214 net: dsa: hellcreek: fix missing error handling in LED registration 2e78580e6e7d drm/tegra: Add call to put_pid() ddb483ce2136 mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() 9026f31a520d pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() a620b091c4df xfrm: Prevent locally generated packets from direct output in tunnel mode a2b61573e6a3 xfrm: Determine inner GSO type from packet inner protocol b3b27876f3be drm/amd/display: Move sleep into each retry for retrieve_link_cap() e688c20f088e drm/amd/display: Increase DPCD read retries 06a79f1bffe7 drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled 8b57f8127086 drm/tegra: dc: Fix reference leak in tegra_dc_couple() 642561238c98 mptcp: do not fallback when OoO is present 8a5d1ceef950 mptcp: decouple mptcp fastclose from tcp close 28e4d5fd731e mptcp: avoid unneeded subflow-level drops d019cbb455ee mptcp: fix premature close in case of fallback 3d513efe18a9 mptcp: fix ack generation for fallback msk 8f9ba1a99a89 mptcp: fix race condition in mptcp_schedule_work() fe694895d3b7 LoongArch: Don't panic if no valid cache info for PCI 6aa22377ef27 dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups 5ea58bb47c50 MIPS: Malta: Fix !EVA SOC-it PCI MMIO a6ef60898dda scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() b343cee5df7e scsi: sg: Do not sleep in atomic context 33f64600a120 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() 5fe335a80548 nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() 7d1977b4ae5c nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot d344ea1baf19 Input: pegasus-notetaker - fix potential out-of-bounds access ca9a08de9b29 Input: imx_sc_key - fix memory corruption on unload 8a2d2a536c76 Input: goodix - add support for ACPI ID GDIX1003 9cf59f4724a9 Input: cros_ec_keyb - fix an invalid memory access 7419d8064dab Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" 00c56d55332c net: dsa: microchip: lan937x: Fix RGMII delay tuning ce0a3699244a be2net: pass wrb_params in case of OS2BMC 5968bcf785c6 ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() 2a494b9e6364 smb: client: introduce close_cached_dir_locked() b8113c1ca469 ata: libata-scsi: Fix system suspend for a security locked drive 037cc5058964 mptcp: Fix proto fallback detection with BPF 2ecd37dae7a6 mptcp: Disallow MPTCP subflows from sockmap e65f1a2807c5 exfat: check return value of sb_min_blocksize in exfat_read_boot_sector 583990e7dcea shmem: fix tmpfs reconfiguration (remount) when noswap is set 457376c6fbf0 mtdchar: fix integer overflow in read/write ioctls b146e0b085d9 mtd: rawnand: cadence: fix DMA device NULL pointer dereference 49365455a63c HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 6665fbd7730b timers: Fix NULL function pointer race in timer_shutdown_sync() 1e89a1be4fe9 Linux 6.6.117 0fdb596476c0 memcg: fix data-race KCSAN bug in rstats 541e85e1c9c9 ACPI: HMAT: Remove register of memory node for generic target 41ea28dc3c0c mm: memcg: optimize parent iteration in memcg_rstat_updated() 6b97ad92d932 mm/memory-tier: fix abstract distance calculation overflow 206a8665f9cc memory tiers: use default_dram_perf_ref_source in log message e2f7c76758be cachestat: do not flush stats in recency check 1f45e5c84684 net: netpoll: ensure skb_pool list is always initialized 03695541b334 isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() 42d486d35a41 mm/secretmem: fix use-after-free race in fault handler 46185cdfc9ed mm/truncate: unmap large folio on split failure 7e239675ae51 mm/memory: do not populate page table entries beyond i_size fe601b70eac6 filemap: cap PTE range to be created to allowed zero fill in folio_map_range() e5dffca89b4a mm: memcg: restore subtree stats flushing 68849411ce9e mm: workingset: move the stats flush into workingset_test_recent() 1b201161f34b mm: memcg: make stats flushing threshold per-memcg b68fc4f792bb mm: memcg: move vmstats structs definition above flushing code 68e727bdb68b mm: memcg: change flush_next_time to flush_last_time b283ba3ddc9f mm: memcg: add per-memcg zswap writeback stat 2c3568736912 mm: memcg: add THP swap out info for anonymous reclaim 57692c303132 scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL aca6f63e803e scsi: ufs: core: Add a quirk to suppress link_startup_again 753ca4b5beff scsi: ufs: core: Add a quirk for handling broken LSDBS field in controller capabilities register d1f293ee8dc3 scsi: ufs: core: Add UFSHCD_QUIRK_KEYS_IN_PRDT aba8384b2311 scsi: ufs: core: Add fill_crypto_prdt variant op f108b6a34856 scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE bd77a15c3a8d scsi: ufs: core: fold ufshcd_clear_keyslot() into its caller 7e3bfaaf0208 scsi: ufs: core: Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE 960dab23f6d4 net: stmmac: Fix accessing freed irq affinity_hint ef49378864bb f2fs: fix to avoid overflow while left shift operation c645693180a9 net: netpoll: fix incorrect refcount handling causing incorrect cleanup a3a476cb65a4 net: netpoll: flush skb pool during cleanup dc67d67a995e net: netpoll: Individualize the skb pool e9ab9dec36bb netpoll: remove netpoll_srcu 94b01ef5186c mm, percpu: do not consider sleepable allocations atomic 4c8a4f1d34ec iommufd: Don't overflow during division for dirty tracking 066ee13f05fb btrfs: ensure no dirty metadata is written back for an fs with errors df1ad5de2197 drm/mediatek: Disable AFBC support on Mediatek DRM driver a299478ac16f Revert "perf dso: Add missed dso__put to dso__load_kcore" ee59d88353e8 selftests: mptcp: connect: trunc: read all recv data 8b644440d16a selftests: mptcp: join: rm: set backup flag b78aae82ea75 selftests: mptcp: connect: fix fallback note due to OoO 4e833774cdc2 pmdomain: samsung: plug potential memleak during probe 22330f5f0052 btrfs: do not update last_log_commit when logging inode due to a new name 4020f18436ea btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() 4a351adbbd72 EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection d58afbd05627 EDAC/altera: Handle OCRAM ECC enable after warm reset ca9f11fe0926 LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY 2612f0e0b8dc selftests/user_events: fix type cast for write_index packed member in perf_test 21bedc6eeb51 x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev 70f73dde0ad7 spi: Try to get ACPI GPIO IRQ earlier ca2bd7a717d5 smb: client: fix cifs_pick_channel when channel needs reconnect bfdcd67e0fcb crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value 868fc62811d3 cifs: client: fix memory leak in smb3_fs_context_parse_param ece3b981bb66 ALSA: usb-audio: Fix potential overflow of PCM transfer buffer 082b6b511432 mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 159244b55095 mm/mm_init: fix hash table order logging in alloc_large_system_hash() 67272c11f379 fs/proc: fix uaf in proc_readdir_de() ad4a84daf6f8 wifi: mac80211: reject address change while connecting c3cbf016a697 selftests/tracing: Run sample events to clear page cache events 041ab9ca6e80 ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe c6201eb32371 LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY f4b4146c1cf0 LoongArch: Use correct accessor to read FWPC/MWPC 4c49fe089661 dma-mapping: benchmark: Restore padding to ensure uABI remained consistent b30421bc31c0 strparser: Fix signed/unsigned mismatch bug 5746b2a0f5eb ksmbd: close accepted socket when per-IP limit rejects connection 142b2990e64f gcov: add support for GCC 15 29fbb3ad4018 NFSD: free copynotify stateid in nfs4_free_ol_stateid() e18c368d8611 KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated 79f851a65c47 HID: uclogic: Fix potential memory leak in error path 9e8863f3fe34 ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY 57473eec8080 HID: hid-ntrig: Prevent memory leak in ntrig_report_version() 6546dd0c6ad2 ARM: dts: imx51-zii-rdu1: Fix audmux node names adee209bb898 arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 3f358a66a045 netfilter: nf_tables: reject duplicate device on updates dd3a38574f93 mtd: onenand: Pass correct pointer to IRQ handler 7ce9bb0b95fc Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' c157fa22c400 lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN d8d79cf8c2b7 espintcp: fix skb leaks 2e93bf719462 net: dsa: improve shutdown sequence ed8a77fee461 net: allow small head cache usage with large MAX_SKB_FRAGS values 52b44d8c6534 net: fix NULL pointer dereference in l3mdev_l3_rcv e91ecc2e30b4 irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops 64b12dca2b0a bpf: account for current allocated stack depth in widen_imprecise_scalars() baa61dcaa50b bpf: Add bpf_prog_run_data_pointers() 872c04306b02 acpi/hmat: Fix lockdep warning for hmem_register_resource() 6015ad3b210e base/node / ACPI: Enumerate node access class for 'struct access_coordinate' 356d4d79dc18 acpi: numa: Add setting of generic port system locality attributes e507071185fb acpi: Break out nesting for hmat_parse_locality() 1fec7730896f acpi: numa: Add genport target allocation to the HMAT parsing d0e2cbe79e5d acpi: numa: Create enum for memory_target access coordinates indexing 994c51070c95 base/node / acpi: Change 'node_hmem_attrs' to 'access_coordinates' 519af3fa0263 acpi, hmat: calculate abstract distance with HMAT 7e9fa5cdcc4f acpi, hmat: refactor hmat_register_target_initiators() 9c8ffc4f91a8 memory tiering: add abstract distance calculation algorithms management 57f607c11296 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd c2d65ce1d035 NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() 0ad6db4438ef NFS: sysfs: fix leak when nfs_client kobject add fails b6137b4906f4 pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS 45ea5a60adbc NFS: enable nconnect for RDMA 275369632f6a pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() b5de1eb5bc20 ASoC: tas2781: fix getting the wrong device number b5df9e06eed3 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE aaaa8531896f ASoC: codecs: va-macro: fix resource leak in probe error path 7fd65a5f9701 ASoC: cs4271: Fix regulator leak on probe failure 34294379ea4e regulator: fixed: fix GPIO descriptor leak on register failure 83475ce43fa7 acpi,srat: Fix incorrect device handle check for Generic Initiator 25d6e7663932 cifs: Fix uncached read into ITER_KVEC iterator 581c65fd0b0e cifs: stop writeback extension when change of size is detected ad141380d768 Bluetooth: L2CAP: export l2cap_chan_hold for modules 335266ea359e ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs 4470b8bb9a8e ACPI: CPPC: Perform fast check switch only for online CPUs a851ebcdc2e2 ACPI: CPPC: Check _CPC validity for only the online CPUs f6a7808cadde hsr: Fix supervision frame sending on HSRv0 873f985f3bdf virtio-net: fix incorrect flags recording in big mode 14aba9bd583e net_sched: limit try_bulk_dequeue_skb() batches aa9f57c077f2 net/mlx5e: Fix potentially misleading debug message df953d41a579 net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps 29f62b3d4466 net/mlx5e: Fix maxrate wraparound in threshold between units a676a296af65 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak 31e4aa93e2e5 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak a6d1bb631af9 net_sched: act_connmark: use RCU in tcf_connmark_dump() 4cd8d755c7d4 af_unix: Initialise scc_index in unix_add_edge(). f01f007c9cc9 wifi: mac80211: skip rate verification for not captured PSDUs 2a5c3396f6d9 net: mdio: fix resource leak in mdiobus_register_device() c92dbf85627b tipc: Fix use-after-free in tipc_mon_reinit_self(). e9800b8b77f2 net/handshake: Fix memory leak in tls_handshake_accept() e5afb55625ac net/smc: fix mismatch between CLC header and proposal ed71f801249d sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto a5059df18988 Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions 2a9ff4086c26 Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion c24ac6cfe4f9 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path 1c28c1e1522c Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF 2927ff643607 Bluetooth: MGMT: cancel mesh send timer when hdev removed 65c74343da8e net: fec: correct rx_bytes statistic for the case SHIFT16 is set d6f93bba3d7d selftests: net: local_termination: Wait for interfaces to come up 8085b6cdb0e0 wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() 4fbfef04d957 ASoC: max98090/91: fixed max98091 ALSA widget powering up/down e671f9bb9780 smb/server: fix possible refcount leak in smb2_sess_setup() 63d8706a2c09 smb/server: fix possible memory leak in smb2_read() 113de3341728 HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel a74a8be2652b NFS: check if suid/sgid was cleared after a write as needed dad9857bbe64 HID: quirks: avoid Cooler Master MM712 dongle wakeup bug df712250acdd NFS4: Fix state renewals missing after boot 1243e396148a drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices 21dbe5fa22df drm/amd/pm: Disable MCLK switching on SI at high pixel clocks fdf2ea31ce40 riscv: acpi: avoid errors caused by probing DT devices when ACPI is used 7a635df5ef26 RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors ea5b1db5569c compiler_types: Move unused static inline functions warning to W=2 36bc0502c2de drm/amd: Fix suspend failure with secure display TA e5a4b227bc6e iommufd: Make vfio_compat's unmap succeed if the range is already empty d6ab7ef52aaf smb: client: fix refcount leak in smb2_set_path_attr c63dc33e3794 drm/i915: Fix conversion between clock ticks and nanoseconds 3dec22bde207 drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD c6fc325d8434 selftests: netdevsim: set test timeout to 10 minutes 885827bc1518 riscv: stacktrace: fix backtracing through exceptions 8fa7f51d3725 drm/amd/display: Fix black screen with HDMI outputs f10a6f51984b drm/amdgpu: Fix function header names in amdgpu_connectors.c d96aa80f5f2e extcon: adc-jack: Cleanup wakeup source only if it was enabled 3335f9054365 scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers 62b013354dcf lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC 946dec89c417 virtio-net: fix received length check in big packets cb52d9c86d70 smb: client: fix potential UAF in smb2_close_cached_fid() 018179e955a8 smb: client: validate change notify buffer before copy 24bef9ca5830 x86/microcode/AMD: Add more known models to entry sign checking 193b2c5e5443 rtc: rx8025: fix incorrect register reference 5f7350ff2b17 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() 70150b9443dd drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb 8bcadabc3c12 drm/amd/display: Enable mst when it's detected but yet to be initialized e70d2e1f876a tracing: Fix memory leaks in create_field_var() 1b29b6898ed8 net: bridge: fix MST static key usage 3b60ce334c1c net: bridge: fix use-after-free due to MST port state bypass 5a5d2f772775 lan966x: Fix sleeping in atomic context 8cb474cd65bf net: dsa: microchip: Fix reserved multicast address table programming 8bf679ebbecd net/mlx5e: SHAMPO, Fix skb size check for 64K pages 96d20e36c6df net/mlx5e: Fix return value in case of module EEPROM read error 9b37f576d2c0 net/mlx5e: Use extack in get module eeprom by page callback c729f0049561 wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup 7ee2eb85755d bnxt_en: Fix a possible memory leak in bnxt_ptp_init dd03780c29f8 net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup 2ad229bc61ba sctp: Hold sock lock while iterating over address list c9119f243d9c sctp: Prevent TOCTOU out-of-bounds write 48d161b3c815 sctp: Hold RCU read lock while iterating over address list 1ac40030b4e9 net: dsa: b53: stop reading ARL entries if search is done 32e43d361bac net: dsa: b53: fix enabling ip multicast c95c731efee0 net: dsa: b53: fix resetting speed and pause on forced link ddf9fc39548e net: vlan: sync VLAN features with lower device d8a729fd4427 selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh f680e2eb8c21 netdevsim: add Makefile for selftests efad140b6284 selftests/net: use destination options instead of hop-by-hop 28f2d15e27af selftests/net: fix GRO coalesce test and add ext header coalesce tests deff55caa564 selftests/net: fix out-of-order delivery of FIN in gro:tcp test cb5a4c715521 net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx f44b8bbb1b7e Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() 779f83a91d4f Bluetooth: hci_event: validate skb length for unknown CC opcode 59b9ed956c7d riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro f34ba22989da riscv: stacktrace: Disable KASAN checks for non-current tasks 19682d62547c riscv: Improve exception and system call latency d4187ec26410 net: libwx: fix device bus LAN ID 6d7567cc0bc0 Revert "wifi: ath10k: avoid unnecessary wait for service ready message" 994ec06b7ba1 media: uvcvideo: Use heuristic to find stream entity 85866cbd5edb ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again ad71f31b62a4 ceph: refactor wake_up_bit() pattern of calling 34353a0cd39b ceph: add checking of wait_for_completion_killable() return value 068e002bc0b6 ASoC: meson: aiu-encoder-i2s: fix bit clock polarity 32df8c333071 kbuild: uapi: Strip comments before size type check 05a378912231 rtc: pcf2127: fix watchdog interrupt mask on pcf2131 86df8ade88d2 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds 81e829f699ee tools: lib: thermal: use pkg-config to locate libnl3 fe6d58972d3d tools: lib: thermal: don't preserve owner in install fa7d0c8b2350 tools bitmap: Add missing asm-generic/bitsperlong.h include a1a09685874e ACPI: property: Return present device nodes only on fwnode interface 6a1e5fa2d1fd scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS ece711f11c0d 9p: sysfs_init: don't hardcode error to ENOMEM 4f3926f060d7 cpufreq: tegra186: Initialize all cores to max frequencies cdd2b67dec44 9p: fix /sys/fs/9p/caches overwriting itself 0ab9ef66a89e NTB: epf: Allow arbitrary BAR mapping 751734d4cc7f clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled 824b92e6d24a clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register 7235f9969d9e clk: at91: clk-master: Add check for divide by 3 544f8254c1fb ARM: at91: pm: save and restore ACR during PLL disable/enable 9f9110995873 rtc: pcf2127: clear minute/second interrupt 30e5bbcb98a9 clk: sunxi-ng: sun6i-rtc: Add A523 specifics 3c5e016d2328 um: Fix help message for ssl-non-raw c34d6dd9ab35 fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink da98803bccaf btrfs: mark dirty extent range for out of bound prealloc extents 352056b6b669 RDMA/hns: Fix wrong WQE data when QP wraps around d4837e720ff0 RDMA/hns: Fix the modification of max_send_sge bc8c9b8f6387 RDMA/irdma: Set irdma_cq cq_num field during CQ create d559ddd687ed RDMA/irdma: Remove unused struct irdma_cq fields cd7e3bb8e200 RDMA/irdma: Fix SD index calculation 57d352e198de ACPICA: Update dsmethod.c to get rid of unused variable warning f1d84a3d6521 char: misc: restrict the dynamic range to exclude reserved minors d2993a7e98eb ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr c3e4a6de0d1f smb: client: transport: avoid reconnects triggered by pending task work a024cf4d9f84 ksmbd: use sock_create_kern interface to create kernel socket e81e6d6d99b1 ftrace: Fix softlockup in ftrace_module_enable e09a096104fc orangefs: fix xattr related buffer overflow... df7517553995 page_pool: Clamp pool size to max 16K pages 2648c810a25f 6pack: drop redundant locking and refcounting e1806387c7f9 exfat: limit log print for IO error 3a18f8ae062e ALSA: usb-audio: add mono main switch to Presonus S1824c 799cd62cbcc3 Bluetooth: bcsp: receive data only if registered 03371c021818 Bluetooth: SCO: Fix UAF on sco_conn_free c9d6e46c2fe8 Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames 7eab99ffe36e net: macb: avoid dealing with endianness in macb_set_hwaddr() deb3d014d98c net/mlx5e: Don't query FEC statistics when FEC is disabled 2bccb8072b28 ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 91a5cec5b9d6 ASoC: stm32: sai: manage context in set_sysclk callback 93f8d67ef8b5 amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw d932fb292f83 ext4: increase IO priority of fastcommit 199ab7b43c5e fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock 7ec8ac9f73d4 accel/habanalabs: support mapping cb with vmalloc-backed coherent memory f6108a8164c4 accel/habanalabs/gaudi2: read preboot status after recovering from dirty state a7d72a80e24a accel/habanalabs: return ENOMEM if less than requested pages were pinned 193e269df045 scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate 88d6a9ea0688 accel/habanalabs/gaudi2: fix BMON disable configuration e30995ccd9b8 scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() 31116de5ee11 net: bridge: Install FDB for bridge MAC on VLAN 0 eacfd08b26a0 nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing e30618333212 NFSv4.1: fix mount hang after CREATE_SESSION failure 4e2f5f7e07f9 NFSv4: handle ERR_GRACE on delegation recalls 1b65fb8723ed drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream 7f097986b342 wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 a5cb7c982210 remoteproc: qcom: q6v5: Avoid handling handover twice 221952c07b58 PCI/PM: Skip resuming to D0 if device is disconnected b679c74e5598 vfio: return -ENOTTY for unsupported device feature 5561974e62e0 sparc64: fix prototypes of reads[bwl]() d170582b4bd4 sparc/module: Add R_SPARC_UA64 relocation handling 1810b2fd7375 PCI: cadence: Check for the existence of cdns_pcie::ops before using it 0b02dc2b4e78 r8169: set EEE speed down ratio to 1 4e21e047a25c net: intel: fm10k: Fix parameter idx set but not used c9e7bb702b80 wifi: ath10k: Fix connection after GTK rekeying df0a0f229f73 iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() 4cacebe3dca9 net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X 855cd3a0c4d5 net: phy: clear link parameters on admin link down c5fa9fed6272 ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() 2a9575a37218 jfs: fix uninitialized waitqueue in transaction manager ce054a366c54 jfs: Verify inode mode when loading from disk ec2b3f83b4c8 ipv6: np->rxpmtu race annotation 765f8816d395 f2fs: fix infinite loop in __insert_extent_tree() 97e01c389402 usb: xhci: plat: Facilitate using autosuspend for xhci plat devices 8b21ba5da050 usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs 2611313d3bf4 allow finish_no_open(file, ERR_PTR(-E...)) 3c0725aceb14 scsi: lpfc: Define size of debugfs entry for xri rebalancing 1169f4f03fb1 scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup a0eb7e8f8266 scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET 88ac95b17a03 scsi: ufs: core: Disable timestamp functionality if not supported 58b8f44a64ed selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency 0df3da8888fa drm/amdgpu: reject gang submissions under SRIOV a7efc2b0359c HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 0d0be8117eda ethernet: Extend device_get_mac_address() to use NVMEM 7613c06ffa89 page_pool: always add GFP_NOWARN for ATOMIC allocations fe3f8b671618 drm/amd/display: Disable VRR on DCE 6 ced20843717e drm/amd/display: Fix DVI-D/HDMI adapters eeb8ea76c912 drm/amd: Avoid evicting resources at S5 19618f480cda drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl a8a9f053e1d4 ALSA: serial-generic: remove shared static buffer 59efb432c318 wifi: mt76: mt7996: Temporarily disable EPCS bf0b265fcb95 wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device 81f9b19af302 net/cls_cgroup: Fix task_get_classid() during qdisc run 160b03e57e62 crypto: caam - double the entropy delay interval for retry 01be9fad74e4 PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() 27598de36043 crypto: sun8i-ce - remove channel timeout field a3d9de6ac510 watchdog: s3c2410_wdt: Fix max_timeout being calculated larger 705c5a2f5517 HID: asus: add Z13 folio to generic group for multitouch to work c018a87942bf udp_tunnel: use netdev_warn() instead of netdev_WARN() ee957d6c0886 selftests: Replace sleep with slowwait 518319c98097 eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP c85be890e057 selftests: Disable dad for ipv6 in fcnal-test.sh 2ddd6bf6b671 x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT 1a6ffaeddf76 netfilter: nf_reject: don't reply to icmp error messages b94b57fd7eb9 selftests: traceroute: Use require_command() 5df7e8bc4d23 media: redrat3: use int type to store negative error codes d15b3e4107b4 selftests: net: replace sleeps in fcnal-test with waits f5781438ba04 net: sh_eth: Disable WoL if system can not suspend cedcc490241b phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 f0cc4b6c443a phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet cf6781d97c69 phy: cadence: cdns-dphy: Enable lower resolutions in dphy 9406ec01a077 wifi: mac80211: Fix HE capabilities element check 17249b2a6527 ntfs3: pretend $Extend records as regular files b96d08ce3f72 scsi: ufs: host: mediatek: Disable auto-hibern8 during power mode changes 30220dda83f8 net: phy: marvell: Fix 88e1510 downshift counter errata 5122665ca5f3 scsi: ufs: host: mediatek: Enhance recovery on hibernation exit failure 8fefca6a12e6 scsi: ufs: host: mediatek: Enhance recovery on resume failure 5bde774bbfbf media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer f32fe18efc95 media: ov08x40: Fix the horizontal flip control 81015dd217a4 char: Use list_del_init() in misc_deregister() to reinitialize list pointer d89343fce39a drm/msm: make sure to not queue up recovery more than once ea37884097a0 usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget 38c179c52d22 usb: gadget: f_hid: Fix zero length packet transfer 3c66bc0acc08 drm/amdgpu: add support for cyan skillfish gpu_info 65240044398e drm/amdgpu: don't enable SMU on cyan skillfish b17fe7f5a2de drm/amd: add more cyan skillfish PCI ids aa98b4c1f84c iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs 44a764aec64b iommu/amd: Skip enabling command/event buffers for kdump a5c425011c31 smsc911x: add second read of EEPROM mac when possible corruption seen 170bd191fa6c net: call cond_resched() less often in __release_sock() 194a056bdc6f ALSA: usb-audio: apply quirk for MOONDROP Quark2 56384ec84c15 media: verisilicon: Explicitly disable selection api ioctls for decoders 98dfcb4c287b media: adv7180: Only validate format in querystd 20e3fe278b2f media: adv7180: Do not write format to device in set_fmt f195ac1e3542 media: adv7180: Add missing lock in suspend callback 7ad7e582de8e net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms 7816b60922c8 ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled 2412c6aa42fc drm/amdgpu: Allow kfd CRIU with no buffer objects 0d629175a7ee drm/msm/dsi/phy_7nm: Fix missing initial VCO rate b093c81df23f drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL 196a75590f40 dmaengine: dw-edma: Set status for callback_result 269d69a50f21 dmaengine: mv_xor: match alloc_wc and free_wc bb434f67b46b dmaengine: sh: setup_xref error handling a3eebe03da5f ptp: Limit time setting of PTP clocks ffdcbb30d3cd scsi: pm8001: Use int instead of u32 to store error codes c1751c5fdddf crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() 49d9ac3af3a1 mips: lantiq: danube: rename stp node on EASY50712 reference board e20d0efe03ea mips: lantiq: xway: sysctrl: rename stp clock 98654c8434c6 mips: lantiq: danube: add missing device_type in pci node ae51686278ce mips: lantiq: danube: add model to EASY50712 dts 6c7de5a8957f mips: lantiq: danube: add missing properties to cpu node f589021c3347 drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) 1a91de0fdbdf media: fix uninitialized symbol warnings 3e283f38792e drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption 1de2e48b1f33 drm/amdkfd: fix vram allocation failure for a special case a7953bf98522 fuse: zero initialize inode private data bb9b505f02e2 net: phy: fixed_phy: let fixed_phy_unregister free the phy_device 4aa5acd88fb4 remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper 742f354124aa extcon: adc-jack: Fix wakeup source leaks on device unbind 22c24c7c5e81 scsi: pm80xx: Fix race condition caused by static variables bbfe60eba369 scsi: mpi3mr: Fix controller init failure on fault during queue creation df64a4d69d3d rds: Fix endianness annotation for RDS_MPATH_HASH dcaec33d8deb ALSA: usb-audio: Add validation of UAC2/UAC3 effect units 31014c39d6d7 PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call 9b8dfaea5cea net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. 63fbe0e64132 net: stmmac: Correctly handle Rx checksum offload errors c1d2b289b9fc net: When removing nexthops, don't call synchronize_net if it is not necessary 7d4ad49ba0c1 char: misc: Does not request module for miscdevice with dynamic minor 4a61f3eb8913 char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor 9001552e105f usb: gadget: f_ncm: Fix MAC assignment NCM ethernet 9e2c2d3e7209 iio: adc: imx93_adc: load calibrated values even calibration failed 8bbda8e00cde iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register fdd587be5936 drm/amdkfd: Handle lack of READ permissions in SVM mapping 2b5128caee83 drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts 8231e8011846 media: imon: make send_packet() more robust f28dde240160 net: ipv6: fix field-spanning memcpy warning in AH output b34fc4fe9a85 scsi: ufs: host: mediatek: Fix invalid access in vccqx handling 2d5551640dde scsi: ufs: host: mediatek: Change reset sequence for improved stability 83a26fa18d47 scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change 137dea7d7d00 scsi: ufs: host: mediatek: Fix auto-hibern8 timer configuration 68245d8fe2fa bridge: Redirect to backup port when port is administratively down 86e4faf48539 s390/pci: Use pci_uevent_ers() in PCI recovery 8a54de9609d8 powerpc/eeh: Use result of error_detected() in uevent 74e9ec803b6d thunderbolt: Use is_pciehp instead of is_hotplug_bridge 7d87c41061e8 ice: Don't use %pK through printk or tracepoints bbfcf5db8c08 net: stmmac: Check stmmac_hw_setup() in stmmac_resume() 7a500e923127 x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall 79a27f405d02 media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR 07f3f65682a9 drm/tidss: Set crtc modesetting parameters with adjusted mode 1f950a449a4d drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST be9fc98a4198 drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value 105ed683b400 drm/tidss: Use the crtc_* timings when programming the HW 3f964091abb0 media: amphion: Delete v4l2_fh synchronously in .release() 48bb7f8ab984 media: pci: ivtv: Don't create fake v4l2_fh b567d1c40c70 drm/amdkfd: return -ENOTTY for unsupported IOCTLs 153353da60d0 wifi: rtw88: sdio: use indirect IO for device registers before power-on da9d28d79342 selftests/net: Ensure assert() triggers in psock_tpacket.c 517abdc57cfb selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 d7f4354d3de9 PCI: Disable MSI on RDC PCI to PCIe bridges ce054c331334 drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() cb02acebd3d0 drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff a0a44b1e0873 drm/amd/pm: Use cached metrics data on arcturus d4b2c3a3bc01 drm/amd/pm: Use cached metrics data on aldebaran f17f0100f702 drm/amd/display: update dpp/disp clock from smu clock table 8c05069ce157 drm/amd/display: add more cyan skillfish devices 2728e38ac27e drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration acb3c23080ca drm/amd/display: ensure committing streams is seamless f6bea0255090 mfd: da9063: Split chip variant reading in two bus transactions 830c39871f16 mfd: madera: Work around false-positive -Wininitialized warning d9e793728021 mfd: stmpe-i2c: Add missing MODULE_LICENSE 784f62e68a6c mfd: stmpe: Remove IRQ domain upon removal 5ebb9bc9a662 tools/power x86_energy_perf_policy: Prefer driver HWP limits 941ac2bcb1ac tools/power x86_energy_perf_policy: Enhance HWP enable 91d267901aab tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage 5b69364cbef1 tools/cpupower: Fix incorrect size in cpuidle_state_disable() efa623350136 hwmon: (dell-smm) Add support for Dell OptiPlex 7040 52d4d91db6f8 hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex 1721c2938d00 uprobe: Do not emulate/sstep original instruction when ip is changed 1a8ca4b9b3e3 nvme: Use non zero KATO for persistent discovery connections 9c55db583707 bpf: Clear pfmemalloc flag when freeing all fragments d8d03481351e riscv: bpf: Fix uninitialized symbol 'retval_off' e1729523759c blk-cgroup: fix possible deadlock while configuring policy 8613bed1f283 clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel f3c6ae35a7e8 spi: rpc-if: Add resume support for RZ/G3E 4aced32596ea futex: Don't leak robust_list pointer on exec race b8961542d2ae cpuidle: Fail cpuidle device registration if there is one already 4b78d57b7dd3 bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 c77fcb6cc6f0 power: supply: qcom_battmgr: handle charging state change notifications 877d4689e546 pmdomain: apple: Add "apple,t8103-pmgr-pwrstate" 5aeb8550e8c3 tools/cpupower: fix error return value in cpupower_write_sysfs() 7d0e0563256f video: backlight: lp855x_bl: Set correct EPROM start for LP8556 edf3b828871d bpf: Do not limit bpf_cgroup_from_id to current's namespace 25f4bf1f7979 nvme-fc: use lock accessing port_state and rport state 601ed47b2363 nvmet-fc: avoid scheduling association deletion twice 5ca9367da5be tee: allow a driver to allocate a tee_device without a pool 12296895e962 ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() 8c1c0ac31949 mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card 46fc8ad19ce9 ARM: tegra: transformer-20: fix audio-codec interrupt 0c9a3917a61e ARM: tegra: transformer-20: add missing magnetometer interrupt ca7c230fff41 soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups c7117d25e3db arm64: zynqmp: Revert usb node drive strength and slew rate for zcu106 e60b141dfc93 irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller 552659030ab8 hwmon: sy7636a: add alias 8161d9b78915 power: supply: sbs-charger: Support multiple devices 0babd39ceb5d pinctrl: keembay: release allocated memory in detach path 4f8d061ac497 hwmon: (sbtsi_temp) AMD CPU extended temperature range support 5617c8165cf5 hwmon: (k10temp) Add device ID for Strix Halo 44729682b694 hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models 3c4c5184631a power: supply: qcom_battmgr: add OOI chemistry dcba7b98dcb7 ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] 338f490a04c6 ACPI: PRM: Skip handlers with NULL handler_address or NULL VA 3e121479021d irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment fea338c7e46f selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh 233317cc29dd arc: Fix __fls() const-foldability via __builtin_clzl() 8d6791c480f2 cpufreq/longhaul: handle NULL policy in longhaul_exit 854241f8e4ff selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 d45325fc6a73 irqchip/sifive-plic: Respect mask state when setting affinity 0f7149ac7691 memstick: Add timeout to prevent indefinite waiting 4cfc3b63ea09 mmc: host: renesas_sdhi: Fix the actual clock fa7c118e0b83 pinctrl: single: fix bias pull up/down handling in pin_config_set 667789d3e29f bpf: Don't use %pK through printk 8c8f8f7f84e8 spi: loopback-test: Don't use %pK through printk 3f274df8526e soc: qcom: smem: Fix endian-unaware access of num_entries 2a0db48dd8c2 soc: aspeed: socinfo: Add AST27xx silicon IDs fc1141a530df usb: gadget: f_fs: Fix epfile null pointer access after ep enable. b63c061be622 s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump b61ed8005bd3 drm/sysfb: Do not dereference NULL pointer in plane reset b5493968ac7a drm/sched: Fix race in drm_sched_entity_select_rq() 7088465f1081 s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP a2ae01c674e1 sched/fair: Use all little CPUs for CPU-bound workloads 4ced68c43a15 sched/pelt: Avoid underestimation of task utilization fe04654ecb65 net: phy: dp83867: Disable EEE support as not implemented a60be7339353 cpuidle: governors: menu: Select polling state in some more cases 58c347aa881d cpuidle: governors: menu: Rearrange main loop in menu_select() 6e43d5f0e593 s390/pci: Restore IRQ unconditionally for the zPCI device 49888b3b457b mptcp: fix MSG_PEEK stream corruption a5a896f8315d drm/mediatek: Fix device use-after-free on unbind 2664bfd8969d regmap: slimbus: fix bus_context pointer in regmap init calls 482b568e8680 block: make REQ_OP_ZONE_OPEN a write operation 37089e2258d6 block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL 02a16148f842 drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland e69d5d11ed0c drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji 224932faac5c drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() ca5dc7ef4c1a sfc: fix potential memory leak in efx_mae_process_mport() 25191342d576 net: hns3: return error code when function fails 1cd109318d69 drm/etnaviv: fix flush sequence logic 83312609ff32 Bluetooth: hci_core: Fix tracking of periodic advertisement e3ba2b1f7d1a Bluetooth: ISO: Fix another instance of dst_type handling 48d31ac5af5f Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 504554dbcbb4 Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset 932c0a4f77ac Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once 9a579d6a3951 usbnet: Prevents free active kevent 5d8f28a8b50e libbpf: Fix powerpc's stack register definition in bpf_tracing.h 2e97da83839f ASoC: fsl_sai: fix bit order for DSD format 06d711b4d620 ASoC: Intel: avs: Unprepare a stream when XRUN occurs 0dd6474ced33 crypto: aspeed - fix double free caused by devm 8e8bcd7b2925 crypto: aspeed-acry - Convert to platform remove callback returning void 42f848f8e5ea bpf: Do not audit capability check in do_jit() 5b81a79bada2 scsi: ufs: core: Initialize value of an attribute returned by uic cmd 645114110354 bpf: Sync pending IRQ work before freeing ring buffer c898547ed64e ALSA: usb-audio: fix control pipe direction 431da7f85430 drm/msm/a6xx: Fix GMU firmware parser ad5852941409 wifi: ath12k: free skb during idr cleanup callback 0ec88db40ce0 wifi: ath11k: Add missing platform IDs for quirk table b8850b4370fa wifi: ath10k: Fix memory leak on unsupported WMI command 1811c610653c x86/fpu: Ensure XFD state on signal delivery 939c4e33005e smb: client: fix potential cfid UAF in smb2_query_info_compound 6dbd3d9573e1 ASoC: qdsp6: q6asm: do not sleep while atomic aa826b05c68f mptcp: restore window probe f7e5fc50791b mptcp: drop bogus optimization in __mptcp_check_push() 4a28d1898392 fbdev: valkyriefb: Fix reference count leak in valkyriefb_init e097cdbac72e fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS 64e3175d1c8a wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode e059b0560040 Bluetooth: rfcomm: fix modem control handling 9ba1a7802ca9 fbdev: bitblit: bound-check glyph index in bit_putcs* e992faffa846 ACPI: button: Call input_free_device() on failing input device registration 4e85246ec0d0 ACPI: video: Fix use-after-free in acpi_video_switch_brightness() 3fe5494db5fe fbdev: atyfb: Check if pll_ops->init_pll failed 468f78276a37 fbcon: Set fb_display[i]->mode to NULL when the mode is released 814a55f44d8a net: usb: asix_devices: Check return value of usbnet_get_endpoints 03524ccff698 NFSD: Fix crash in nfsd4_read_release() Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 55ab56e2887..728248ddd22 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "a40e6c13f556fd1b07f6a9e21137b47964d897af" -SRCREV_meta ?= "9f0c7a1604548bd736f348d3fae281f2d726d6a8" +SRCREV_machine ?= "7996419eca2192a1b3bc01cb208f6dcb865b7a9f" +SRCREV_meta ?= "3adceb388e86d1b704d8153af1d734877529085d" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.116" +LINUX_VERSION ?= "6.6.118" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 1456d964114..597514b6ded 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.116" +LINUX_VERSION ?= "6.6.118" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "daacc64fc40b3e47e2d4164ceb1b51a05af73844" -SRCREV_meta ?= "9f0c7a1604548bd736f348d3fae281f2d726d6a8" +SRCREV_machine ?= "67f8fd8eb1517d2e7bf208eaaac4c9ef154e033b" +SRCREV_meta ?= "3adceb388e86d1b704d8153af1d734877529085d" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index be92663eb1b..164d7a29006 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "ca0cf34ac378d033a31bd92282d92d3e6f1f6c5a" -SRCREV_machine:qemuarm64 ?= "698c863fb39998ee9f2f590ff9626ca34cf3a9d1" -SRCREV_machine:qemuloongarch64 ?= "f9b3617edd37432584510131383ee97a6eb889b5" -SRCREV_machine:qemumips ?= "fbdfcd56de6c092d0c62e0529231bb41663a7e02" -SRCREV_machine:qemuppc ?= "7560c9897677e1722452733c7b34e651bcaee399" -SRCREV_machine:qemuriscv64 ?= "f9b3617edd37432584510131383ee97a6eb889b5" -SRCREV_machine:qemuriscv32 ?= "f9b3617edd37432584510131383ee97a6eb889b5" -SRCREV_machine:qemux86 ?= "f9b3617edd37432584510131383ee97a6eb889b5" -SRCREV_machine:qemux86-64 ?= "f9b3617edd37432584510131383ee97a6eb889b5" -SRCREV_machine:qemumips64 ?= "5f40729e5eb8c999e2d6f7dc592c2869a36f0169" -SRCREV_machine ?= "f9b3617edd37432584510131383ee97a6eb889b5" -SRCREV_meta ?= "9f0c7a1604548bd736f348d3fae281f2d726d6a8" +SRCREV_machine:qemuarm ?= "87089959e10eff2029fb1599fb91e139f7795aa6" +SRCREV_machine:qemuarm64 ?= "a0c244da87b0489c12507623d182990045ba9e5b" +SRCREV_machine:qemuloongarch64 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" +SRCREV_machine:qemumips ?= "72eca83031d5c13e691b19473f82c74d127bcec5" +SRCREV_machine:qemuppc ?= "326405ca4807b73ae60685781b5595ca8bc73a2d" +SRCREV_machine:qemuriscv64 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" +SRCREV_machine:qemuriscv32 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" +SRCREV_machine:qemux86 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" +SRCREV_machine:qemux86-64 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" +SRCREV_machine:qemumips64 ?= "d23ab2b90ba9b7f29a117c054998fb967fe001ad" +SRCREV_machine ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" +SRCREV_meta ?= "3adceb388e86d1b704d8153af1d734877529085d" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "0a805b6ea8cda0caa268b396a2e5117f3772d849" +SRCREV_machine:class-devupstream ?= "4791134e4aebe300af2b409dc550610ef69fae3e" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.116" +LINUX_VERSION ?= "6.6.118" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81743 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4781F357BC for ; Tue, 24 Feb 2026 14:33:01 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21467.1771943579086056493 for ; Tue, 24 Feb 2026 06:32:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=itYKDF9G; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4836d4c26d3so48817655e9.2 for ; Tue, 24 Feb 2026 06:32:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943577; x=1772548377; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hIruJN8enHJKS/m0y/gAC6OnCdwMbZDmfchYJrldnaA=; b=itYKDF9GkE1kVO4Ur3lLBr777oPz3Onz4MYqUL/GgXXIUyK/P2dRvsspC2wQiSPl2L UxluelvMaC2mlaHyhGxGfjwJF07AmtwNu7IJB3VSD9DDfFSTtc/D5Sx3PBXG7AbkGcGB ATL+p+BUxpkkOEpuZqDgBRTWK3/R3jGByi6G8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943577; x=1772548377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hIruJN8enHJKS/m0y/gAC6OnCdwMbZDmfchYJrldnaA=; b=rycCDJWJ4EBerP4m/j+A0T7tWFEAAnQwCHU7R9AYihYA8u7EKBhvKsnot18VaXv5YL gd9SuFy8Gy3L/uLp19dBRGCw/RXGkHnQvqSerx8BdM5OWsdvnZz6SJlZ7JnBsmlp5mze EKXmZ1XHJfRyLNcZR1/VXk/4g54nq22M3VvNfRKZzN//lOpC6kziXJQ+wfm4RsXXvWai MmoGVhmVdZZCz32oY6nFAeON2mcjztZ2XDW6JtZBv+L/K9VEadWbE0dZCNY4glDnzLU7 pAi0BRULX+HNbVf2iiehZtbmNsvlAAym57kAlCYU+fdLGQaJUvLJIq0sFZDihotBhmx0 5FIw== X-Gm-Message-State: AOJu0Ywg0LRIpGmf6hQEHvWkmeR25Au7DoeQx0EwAx19QhXNBbESUV1f 3p5d8rnYkB5LTI0G3micpzvm4Sq2BCobLsGf5kAf2nGHzrDK2ZN4iIp4evuR9y30QmXFDjj6xq7 8CbiC X-Gm-Gg: AZuq6aKqWHybM1fVVAA0GM15ipZ9M/zwI8qFneP+MdxVd+ju6i95NggO6vA1xbZRB74 Z5jdxXhpSI8vjXCDGanvZkEwiOH9sNyPjiK33Y+RWbdW1f0SJ0pJhUxYUuncoMm+/S3KuNda0pa VAY+1elpO18fKEQVy7WJA7FwXjQOsPtH5ZhO6uyBPZCE0NCXJDm53ONwYH0L4idNXNPHLHM0aUZ M7uyqX0GtsDlUgJpzeukSjBGPsynD0iQbprTMgYcJ/yimrcsMN3GrmLPPL7LKDbXtCikbM+9sPi r7qD2EWWCE4yIkc237izJ2lIRlt0m21+jn8Uy9t1z+dQXyriRjnxvl9rCikiUwdD+jSp5TXx2jI ecVShSVUF90A34RmMZXXwdU+5GvJP6RxSnKG0EjOl/Czo8nOP/RfI5TcE7fLzUghQKVSAFMuudV ZSspuDVzyIV+miQc6y1MkZPBw7tW5b53fLTTKNpLxQtwnigCSa0PNTdMLaInVV5KwcGXEHSid9M Hycv1Borxh1Fxb/kQNWO5gygawdzAX+Ag== X-Received: by 2002:a05:600c:3f14:b0:483:6fe1:c057 with SMTP id 5b1f17b1804b1-483a95e1f15mr196407525e9.21.1771943576987; Tue, 24 Feb 2026 06:32:56 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:56 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/44] linux-yocto/6.6: update to v6.6.119 Date: Tue, 24 Feb 2026 15:31:43 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231822 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 5fa4793a2d2d Linux 6.6.119 810189546cb6 HID: core: Harden s32ton() against conversion to 0 bits e7e8e9b1a1b1 net: dsa: microchip: Free previously initialized ports on init failures 3b5a6115d6ea net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() 70ad6455139e ksmbd: fix use-after-free in session logoff 3a13454fd098 mptcp: fix duplicate reset on fastclose b77075c08d7e selftests: mptcp: join: properly kill background tasks f12f4c657617 staging: rtl8712: Remove driver using deprecated API wext 2b9719ccad38 net: macb: fix unregister_netdev call order in macb_remove() a395121fe29e iio: adc: rtq6056: Correct the sign bit index 094f10f3f290 can: rcar_canfd: Fix CAN-FD mode as default eecd163fa6da usb: typec: ucsi: psy: Set max current to zero when disconnected f02a412c0a18 usb: gadget: udc: fix use-after-free in usb_gadget_state_work 92234ee7fc23 usb: udc: Add trace event for usb_gadget_set_state 0722d804f7ad nfsd: Replace clamp_t in nfsd4_get_drc_mem() 5106da73b016 bonding: check xdp prog when set bond mode 694a354ddf98 bonding: return detailed error when loading native XDP fails becc488a4d86 libceph: replace BUG_ON with bounds check for map->max_osd ccbccfba25e9 libceph: prevent potential out-of-bounds writes in handle_auth_session_key() 183ad6e3b651 libceph: fix potential use-after-free in have_mon_and_osd_map() 1c6fb1cc5035 net: dsa: microchip: ptp: Fix checks on irq_find_mapping() 1759edf0e688 net: dsa: microchip: common: Fix checks on irq_find_mapping() 9d1a65cbe3ec drm/amd/display: Check NULL before accessing 748ed1b6a2ca drm: sti: fix device leaks at component probe 28a385af4a94 USB: serial: option: add support for Rolling RW101R-GL 17cab1f3aefb USB: serial: ftdi_sio: add support for u-blox EVK-M101 b75d20301703 xhci: dbgtty: fix device unregister da7a52bcee3f xhci: dbgtty: Fix data corruption when transmitting data form DbC to host afc0e34f161c usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths 5428c75e92e4 usb: dwc3: pci: Sort out the Intel device IDs 9dab9859b10e usb: dwc3: pci: add support for the Intel Nova Lake -S e3a55221f4de usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer 04a8a6393f3f usb: storage: sddr55: Reject out-of-bound new_pba f5b6b214db12 USB: storage: Remove subclass and protocol overrides from Novatek quirk cb1401b5bcc2 usb: storage: Fix memory leak in USB bulk transport 9d86bc8b188a usb: renesas_usbhs: Fix synchronous external abort on unbind 41434488ca71 usb: gadget: f_eem: Fix memory leak in eem_unwrap 730c13a9701c usb: cdns3: Fix double resource release in cdns3_pci_probe 993bfdc38428 most: usb: fix double free on late probe failure 41ae1203c5ab serial: amba-pl011: prefer dma_mapping_error() over explicit address checking ce318ec9864b mptcp: clear scheduled subflows on retransmit 71796c91ee8e firmware: stratix10-svc: fix bug in saving controller data 87b3d0105192 slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves c4ba90485bfd thunderbolt: Add support for Intel Wildcat Lake f62ffdfb431b smb: client: fix memory leak in cifs_construct_tcon() 4c257170c81d drivers/usb/dwc3: fix PCI parent check f8d1f166289f dm-verity: fix unreliable memory allocation 5a3f3e39b187 ceph: fix crash in process_v2_sparse_read() for encrypted directories 61089dd37ccd can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling c952664fd54f can: sja1000: fix max irq loop handling 9917ba597cf9 atm/fore200e: Fix possible data race in fore200e_open() 5b88725e5ea1 ARM: dts: nxp: imx6ul: correct SAI3 interrupt line b4abe6826926 ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 231ac951faba MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow 135713cd0751 MIPS: mm: Prevent a TLB shutdown on initial uniquification ad70338c1b87 iio: adc: ad7280a: fix ad7280_store_balance_timer() a9fa254af33a iio: accel: fix ADXL355 startup race condition cdd4a9e98004 iio: accel: bmc150: Fix irq assumption regression a8f6a8256a68 iio:common:ssp_sensors: Fix an error handling path ssp_probe() 936e082a7c07 iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields d59a7824444e Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" c538dae04a4c spi: bcm63xx: fix premature CS deassertion on RX-only transactions 01511983d7b8 spi: nxp-fspi: Propagate fwnode in ACPI case as well 5fc6f8175b8b spi: nxp-fspi: Support per spi-mem operation frequency switches a25cc746f7d0 spi: spi-mem: Add a new controller capability f1ea0e8b4a15 spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency 94b3c7558748 spi: spi-mem: Allow specifying the byte order in Octal DTR mode 99aff13bcc13 spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors dbb60bd12950 spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA f29b58e974c7 mailbox: pcc: don't zero error register ea621f472cfe mailbox: pcc: Refactor error handling in irq handler into separate function 5550f9021895 mailbox: mailbox-test: Fix debugfs_create_dir error checking 826785925627 usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors cad94b17e276 iio: st_lsm6dsx: Fixed calibrated timestamp calculation 21f867e3da98 net: fec: do not register PPS event for PEROUT 2648b8b51992 net: fec: do not allow enabling PPS and PEROUT simultaneously b332c433489e net: fec: do not update PEROUT if it is enabled 2d8f6acf5623 net: fec: cancel perout_timer when PEROUT is disabled 3be37c3c96b1 net: atlantic: fix fragment overflow handling in RX path 90daa70a4d62 net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic d25c17507e80 net: dsa: sja1105: simplify static configuration reload 0be4d79f8a1b drm/amdgpu: fix cyan_skillfish2 gpu info fw handling 7fd789d6ea49 net: sxgbe: fix potential NULL dereference in sxgbe_rx() aa20dcff033c net/mlx5e: Fix validation logic in rate limiting 58c411509141 net: lan966x: Fix the initialization of taprio 30a1d3db72bc net: aquantia: Add missing descriptor cache invalidation on ATL2 3e7442c58021 platform/x86: intel: punit_ipc: fix memory corruption ff45dd52bd18 net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY fd6a1261d05d Bluetooth: SMP: Fix not generating mackey and ltk when repairing fe68510fc99b Bluetooth: hci_sock: Prevent race in socket write iter and sock bind 4ffac725154c can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data 3433680b7596 can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header 1a588c40a422 can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs e9dd83a75a72 can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 728248ddd22..8ab76cb2f3b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "7996419eca2192a1b3bc01cb208f6dcb865b7a9f" -SRCREV_meta ?= "3adceb388e86d1b704d8153af1d734877529085d" +SRCREV_machine ?= "d4ff700595af4b924c51677c033f4a7b555d84d9" +SRCREV_meta ?= "f0da0340213d3d31ce967c0e74f61d560140abba" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.118" +LINUX_VERSION ?= "6.6.119" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 597514b6ded..9ee071546f4 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.118" +LINUX_VERSION ?= "6.6.119" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "67f8fd8eb1517d2e7bf208eaaac4c9ef154e033b" -SRCREV_meta ?= "3adceb388e86d1b704d8153af1d734877529085d" +SRCREV_machine ?= "b8e89962b199d788f48813ee31cf5d91f02ba625" +SRCREV_meta ?= "f0da0340213d3d31ce967c0e74f61d560140abba" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 164d7a29006..20a6e116396 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "87089959e10eff2029fb1599fb91e139f7795aa6" -SRCREV_machine:qemuarm64 ?= "a0c244da87b0489c12507623d182990045ba9e5b" -SRCREV_machine:qemuloongarch64 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" -SRCREV_machine:qemumips ?= "72eca83031d5c13e691b19473f82c74d127bcec5" -SRCREV_machine:qemuppc ?= "326405ca4807b73ae60685781b5595ca8bc73a2d" -SRCREV_machine:qemuriscv64 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" -SRCREV_machine:qemuriscv32 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" -SRCREV_machine:qemux86 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" -SRCREV_machine:qemux86-64 ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" -SRCREV_machine:qemumips64 ?= "d23ab2b90ba9b7f29a117c054998fb967fe001ad" -SRCREV_machine ?= "5e24848d4268396bf9c200a52e13dbb22a23ca5f" -SRCREV_meta ?= "3adceb388e86d1b704d8153af1d734877529085d" +SRCREV_machine:qemuarm ?= "8b1ffa583db6c7b547d6e02b553d158760bef848" +SRCREV_machine:qemuarm64 ?= "0b48d78b3a581b68506007e3a67168369ac40ef3" +SRCREV_machine:qemuloongarch64 ?= "509f595358e435ee6db263ff182397c78e74a09d" +SRCREV_machine:qemumips ?= "fb588d19e0a30c8cbb4e1727ffa66c871cd93e51" +SRCREV_machine:qemuppc ?= "deb0adb74e5b744b66105fdef7d56faaecd6e8d6" +SRCREV_machine:qemuriscv64 ?= "509f595358e435ee6db263ff182397c78e74a09d" +SRCREV_machine:qemuriscv32 ?= "509f595358e435ee6db263ff182397c78e74a09d" +SRCREV_machine:qemux86 ?= "509f595358e435ee6db263ff182397c78e74a09d" +SRCREV_machine:qemux86-64 ?= "509f595358e435ee6db263ff182397c78e74a09d" +SRCREV_machine:qemumips64 ?= "d87f14c4af036fdb7418e1ced1aa7c168966f6d7" +SRCREV_machine ?= "509f595358e435ee6db263ff182397c78e74a09d" +SRCREV_meta ?= "f0da0340213d3d31ce967c0e74f61d560140abba" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "4791134e4aebe300af2b409dc550610ef69fae3e" +SRCREV_machine:class-devupstream ?= "5fa4793a2d2d70ad08b85387b41020f1fcc2d19e" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.118" +LINUX_VERSION ?= "6.6.119" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53CAAF357DB for ; Tue, 24 Feb 2026 14:33:02 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21670.1771943581181171530 for ; Tue, 24 Feb 2026 06:33:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=CjHVbriV; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-482f454be5bso60291795e9.0 for ; Tue, 24 Feb 2026 06:33:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943579; x=1772548379; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=58QHR5N1Go7Q9dogIt6YQIFOaWz9U52V6FLpSpHcrx4=; b=CjHVbriVSYXuxbvAjiJ9pe8EfOLFxWSia/gjOSBbQi1MasBSLA1MZZ/aNPz08jmfFw d1Toe/XaXDSPrQBPALcjV0VJNIfnnC7H6oFF2Iu6Rlh/4v9HE7ktFj4XW5R+zv/yStph X87sx/YSk+sk0inmLpSrdggErv59xjiaQ0Tc0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943579; x=1772548379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=58QHR5N1Go7Q9dogIt6YQIFOaWz9U52V6FLpSpHcrx4=; b=Hz+XUnPyi39IcQDkslFbC7JKYHVu0ZA+b/M7Siw007Y0MZSGxCRoAx+Fdy2okCzM9I vpmydEtwoBIlx3MXcxwDz0PzLPTn6AjRPv30KdHGvEJnZDhSQ/ER26+hrCE0XD6CJKpC tpkJqa3OFk2onrjEEagSJfX6OX/e+9cBCAOh7aahJC4Lr5RQ6AjUroEBCuRP4zQI4fPl DUetlJ7x/GAfTXou7PAHcwUzD/LFxhAsWjXlmRsWZJeZlN8kjUwDpl5FFIPN1rvqRSOW HKShc2SVd+DKJ1VEp6hTAvvXE1Qh4m0gD6VLphzlakci3uKaHS7wT8xXRZXjYfGUggfq lv6w== X-Gm-Message-State: AOJu0YxmWfVXWoQS+U/7io1QoDZ3zXK+3lmKCqdj4yWMzuLDJuHw1h6z r0NwR8tOQtCnliMDop5tSSW5wTSlWYtUa4oxs02jv1LrbwdvT5pwrka2VEXjPPdGF0YNqdPbacX evcQo X-Gm-Gg: AZuq6aJG8zYCw8oBuY3Ts6I+YUVdu9oIzpYIr6VisfieVcieXP9PFh8EWWIl/mBOJ8G DchbbqHaJHynXjbCkhZSHng3sPkCDrqsylSbNM9Bk5l7GaxiofWDxJJfPz47EWP2FCGd2QiSDSh yY/iG855Pvz7fFPAZJOtgu7Dr/0b/dMIcTcYBkxJOHRDT865JxxRdUwk+pxGpF0onK+0vLKVFE9 tKTkqLCYKcDpURVqFNtAaQRHQ96mgZ5HvCdQnpFH6tcQ7D8lDBm5RVzTZ1vrDPCUo/HSISZ9Vvk xYhB14K7hBZYfXpuQlm8SGp58N6scwMOMMohTinmXG9PR5m6pJtsqu+zQsoZWSUnWMRkTpzFOhl yzEf5Ao8Gk7Ho5NHwXLUyUjpdI1vfLaDo2vsi5ZawUqhOzLbwsGNPMgdrPzzhaPKYspMV3MCLxX Tzwu5TAOSW4IaROtVj9Zl5mOeBYChj1crWQFmcT/+8jx7Aiur+H8HBPkOpu3li/FSfFQBpl5UyK if1J7bTS568sqhL3kLDElCjb/3YC1qrUslMw9t/UK0C X-Received: by 2002:a05:600c:4c04:b0:47e:e452:ec12 with SMTP id 5b1f17b1804b1-483bd76c506mr1475385e9.15.1771943578410; Tue, 24 Feb 2026 06:32:58 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:57 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 16/44] linux-yocto/6.6: update to v6.6.120 Date: Tue, 24 Feb 2026 15:31:44 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231823 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: c596736dadab Linux 6.6.120 0eb7d3da258b ext4: fix error message when rejecting the default hash 52c4538a92da ext4: filesystems without casefold feature cannot be mounted with siphash bb4511b55fd3 Revert "iommu/amd: Skip enabling command/event buffers for kdump" 0e8ac70521e6 firmware: arm_scmi: Fix unused notifier-block in unregister 21e82354cdd7 tty: fix tty_port_tty_*hangup() kernel-doc 25466e5b4bb1 blk-mq: setup queue ->tag_set before initializing hctx d292db57e915 pwm: stm32: Always program polarity b92ec4a84872 net: stmmac: make sure that ptp_rate is not 0 before configuring EST f6dcbd2bbea5 virtio_console: fix order of fields cols and rows 8d8a670c1c28 mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() 8bf34bd12231 mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() c45dcf86c75e mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() d41809aa8e24 mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() e471ed55f3d6 mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() 8b6d3b7c12bd mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() 520e8b12f0a4 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() 945e0575dcfc mm/damon/tests/core-kunit: handle memory failure from damon_test_target() 3fc04a106f87 mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() 7110f671d86a mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() 8feb7885b769 mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() c6e1f6e91e9c mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() 5988035dd57a mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() 1c5a0de26879 mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() c62c5296fdb8 RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests 32ca3557d968 RDMA/rxe: Remove the direct link to net_device f3652768a89c net: Allow to use SMP threads for backlog NAPI. 03765d5c1808 net: Remove conditional threaded-NAPI wakeup based on task state. 51445190c10a sched/fair: Proportional newidle balance 5b7949a95c39 sched/fair: Small cleanup to update_newidle_cost() 38d080768c85 sched/fair: Small cleanup to sched_balance_newidle() 17d3103325e8 RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem 339bcd3d051c mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() b75608e7547d mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() 65a02ffb5223 KVM: SVM: Fix redundant updates of LBR MSR intercepts 35c53e4eae0f KVM: nSVM: Fix and simplify LBR virtualization handling with nested e6ff197547a9 KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() 991d961055d0 KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() 2c1ea6214827 media: mediatek: vcodec: Use spinlock for context list protection lock cc12debd518b media: amphion: Remove vpu_vb_is_codecconfig e42ccf472feb media: amphion: Make some vpu_v4l2 functions static 93f537ffaece media: amphion: Add a frame flush mode for decoder 37304368a2a9 KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit 2f3139eaae99 powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages 47dee8b41fd7 mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() 3339e058b80d mm/balloon_compaction: we cannot have isolated pages in the balloon list 98a5af4a8eae media: verisilicon: Fix CPU stalls on G2 bus error 5acc3c7d3c4c media: verisilicon: g2: Use common helpers to compute chroma and mv offsets 381a387ececd media: verisilicon: Store chroma and motion vectors offset f7b8851c541e f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() be4c3a3c6c23 f2fs: use global inline_xattr_slab instead of per-sb slab cache 34c817843cb3 f2fs: fix to propagate error from f2fs_enable_checkpoint() bcd0086ee5a2 f2fs: fix to avoid updating compression context during writeback b54cdce20f86 f2fs: drop inode from the donation list when the last file is closed 1a00afcdaefc f2fs: keep POSIX_FADV_NOREUSE ranges 64ed96a21f0f f2fs: remove unused GC_FAILURE_PIN ec3656a8cb42 genirq/irq_sim: Initialize work context pointers properly 72295ae05d13 mm: fix arithmetic for max_prop_frac when setting max_ratio bcf2450f46cd mm: fix arithmetic for bdi min_ratio 4584486cfcca net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() 4914c0a16654 page_pool: Fix use-after-free in page_pool_recycle_in_ring b86dc510308d xfrm: state: fix out-of-bounds read during lookup 3c591353956f ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() 36acfec981d8 ext4: introduce ITAIL helper 48098bb42a9f powerpc/64s/radix/kfence: map __kfence_pool at page granularity 668350eba983 LoongArch: Refactor register restoration in ftrace_common_return 6940c1d0c84a drm/amd/display: Fix null pointer deref in dcn20_resource.c d767ce15045d net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. dbf427663ce2 usb: xhci: Apply the link chain quirk on NEC isoc endpoints bbda96e97a00 usb: xhci: move link chain bit quirk checks into one helper function. bf4127db6cb7 xhci: dbgtty: fix device unregister: fixup dff9dd015331 tty: introduce and use tty_port_tty_vhangup() helper 21e52dc77629 drm/tilcdc: Fix removal actions in case of failed probe 5bc791132f62 drm/tilcdc: request and mapp iomem with devres 205aa0c83cd4 drm/mediatek: Fix probe resource leaks fef6d1474ab3 drm/mediatek: Fix probe memory leak 11dba925f5fe drm/amdgpu: Forward VMID reservation errors 5c7c7135468f mptcp: ensure context reset on disconnect() a902343f1331 net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration b2e7973d83a8 pmdomain: imx: Fix reference count leak in imx_gpc_probe() 4544cfa16834 pmdomain: Use device_get_match_data() d7ba1b448f2a mm: consider non-anon swap cache folios in folio_expected_ref_count() 7e0fcf9d71c2 mm: simplify folio_expected_ref_count() 6e5bff40bb38 wifi: mac80211: Discard Beacon frames to non-broadcast address 46b9fd1433d2 lockd: fix vfs_test_lock() calls c9bf31522828 mptcp: fallback earlier on simult connection 38a053796019 PCI: brcmstb: Fix disabling L0s capability cf74785c00b8 fuse: fix readahead reclaim deadlock 7ba826aae1d4 svcrdma: bound check rq_pages index in inline path 8ca34c5cedec ARM: dts: microchip: sama7g5: fix uart fifo size to 32 2ce95f8656b6 gpiolib: acpi: Add quirk for Dell Precision 7780 2e14206551bc NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap 8bd6dff8b801 f2fs: fix to avoid potential deadlock c375c4b3997e f2fs: use f2fs_err_ratelimited() to avoid redundant logs 5ceea587c4e2 mptcp: pm: ignore unknown endpoint flags d1d03d9184a6 scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error b0d2a7ccd17c usb: ohci-nxp: fix device leak on probe failure 2a16f46eef6d usb: ohci-nxp: Use helper function devm_clk_get_enabled() c08838ce6b50 mm/ksm: fix exec/fork inheritance support for prctl 93e4a783d34c wifi: mt76: Fix DTS power-limits on little endian systems bb2805532f76 btrfs: don't rewrite ret from inode_permission 0baa9f64bf79 gfs2: fix freeze error handling 35521feb614d jbd2: fix the inconsistency between checksum and data in memory for journal sb 902ca2356f1e ext4: fix string copying in parse_apply_sb_mount_options() 7a35a505d76a ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() 931c86fc7989 ALSA: wavefront: Clear substream pointers on close 4425583a691a ALSA: wavefront: Use guard() for spin locks 02b63f3bc292 ALSA: wavefront: Fix integer overflow in sample size validation 596b04a1638e ALSA: wavefront: Use standard print API eee39f83246a mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). d88481653d74 tpm: Cap the number of PCR banks dbd0829d2458 blk-mq: add helper for checking if one CPU is mapped to specified hctx 9202337a2d90 usb: gadget: lpc32xx_udc: fix clock imbalance in error path 23525fc0ea62 drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb 0336188cc85d drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer 678d1c86566d drm/msm/dpu: Add missing NULL pointer check for pingpong interface 56f07bc0a0ff drm/mgag200: Fix big-endian support 3d004f7341d4 drm/ttm: Avoid NULL pointer deref for evicted BOs 3144af03d517 drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() ed51ddd5d449 drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() f6916363112c drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers e05d53454b55 drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma 9a8837f9a3e3 net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() 6b93c8ab6f6c net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write 907e8a8f506d net: usb: sr9700: fix incorrect command used to write single register cff353b7d1c7 nfsd: Drop the client reference in client_states_open() fd43edf357a3 LoongArch: BPF: Sign extend kfunc call arguments 446c851e338b LoongArch: BPF: Zero-extend bpf_tail_call() index ad6ea65f154b fjes: Add missing iounmap in fjes_hw_init() 2c4c0c09f964 e1000: fix OOB in e1000_tbi_should_accept() c0acdee51323 RDMA/cm: Fix leaking the multicast GID table reference 9d85524789c2 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly a94bd2d93f7e samples/ftrace: Adjust LoongArch register restore order in direct calls b8f12a3ecf03 tools/mm/page_owner_sort: fix timestamp comparison for stable sorting 45b44c3a5e62 x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo 3e3c0dc025f0 idr: fix idr_alloc() returning an ID out of range c9acbaec693b kasan: refactor pcpu kasan vmalloc unpoison e53bfe453059 compiler_types.h: add "auto" as a macro for "__auto_type" b9b5f45cc1b7 LoongArch: Use unsigned long for _end and _text f0b9e0bdc8bc LoongArch: Use __pmd()/__pte() for swap entry conversions 582c1dcc5bb5 LoongArch: Fix build errors for CONFIG_RANDSTRUCT 155d6a8f5d5f LoongArch: Correct the calculation logic of thread_count 4632c8b0966d LoongArch: Add new PCI ID for pci_fixup_vgadev() 80617b75fd70 media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() 53e256b5c360 media: i2c: adv7842: Remove redundant cancel_delayed_work in probe a8e6cf7fa2be media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe 4b139f88c2ab media: amphion: Cancel message work before releasing the VPU core 52604951b90c media: vpif_display: fix section mismatch 08c6c6f2a570 media: vpif_capture: fix section mismatch 1ad7c8174109 media: videobuf2: Fix device reference leak in vb2_dc_alloc error path 99293be855c3 media: verisilicon: Protect G2 HEVC decoder against invalid DPB index b93abb4385b8 media: TDA1997x: Remove redundant cancel_delayed_work in probe 1b5602078557 media: samsung: exynos4-is: fix potential ABBA deadlock on init 4d8da22db935 media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled 3a294b90cd1a media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() 4972ad7eec91 media: cec: Fix debugfs leak on bus_register() failure 6b5dd195993b fbdev: tcx.c fix mem_map to correct smem_start offset cce58e4cc535 fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing 243b674b2b52 fbdev: gbefb: fix to use physical address instead of dma address 2b0b703a3483 dm-bufio: align write boundary on physical block size 34f6abd6e4c4 dm-ebs: Mark full buffer dirty even on partial write 4654800c51be firmware: stratix10-svc: Add mutex in stratix10 memory management a73881ae085d media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() 318d470f64ba powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION 40feb7bcde49 parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() d3842cbf13b7 parisc: entry.S: fix space adjustment on interruption for 64-bit userspace 13cf5cd4d535 media: rc: st_rc: Fix reset control resource leak 52bae1ff6805 mfd: max77620: Fix potential IRQ chip conflict when probing two devices 1b630d8f2c27 mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup fbf57f5e453d clk: samsung: exynos-clkout: Assign .num before accessing .hws ae80fb3d4e8c leds: leds-lp50xx: Enable chip before any communication cc468490d143 leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs a406e6c74bd9 leds: leds-lp50xx: Allow LED 0 to be added to module bank b13a3dbfa196 powerpc/64s/slb: Fix SLB multihit issue during SLB preload db9c8e8d3cd6 powerpc, mm: Fix mprotect on book3s 32-bit 14b08c85cb88 arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator a1d55aa866db PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths 9024cb893f17 HID: logitech-dj: Remove duplicate error logging 240cd7f2812c iommu: disable SVA when CONFIG_X86 is set 3627e0e773f1 iommu/tegra: fix device leak on probe_device() 0314de9c844d iommu/sun50i: fix device leak on of_xlate() 7b1df346f6c5 iommu/qcom: fix device leak on of_xlate() 21a0e8bdee72 iommu/omap: fix device leaks on probe_device() 173ff5fc9a15 iommu/mediatek: fix device leak on of_xlate() 83f3010de73c iommu/mediatek-v1: fix device leaks on probe() e7bcedf59b28 iommu/mediatek-v1: fix device leak on probe_device() 83a8e18f30a6 iommu/ipmmu-vmsa: fix device leak on of_xlate() e83739232b9f iommu/exynos: fix device leak on of_xlate() aa749c2daf02 iommu/apple-dart: fix device leak on of_xlate() b3e9fa847b2d iommu/amd: Fix pci_segment memleak in alloc_pci_segment() 17ec295d3981 ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. c4a8098b2985 ASoC: qcom: q6adm: the the copp device only during last instance 54b1b731d235 ASoC: qcom: q6asm-dai: perform correct state check before closing ed120b75aef2 ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr 4054a3597d04 ASoC: stm32: sai: fix OF node leak on probe 8a6826a43d8d ASoC: stm32: sai: fix clk prepare imbalance on probe failure 637d027bb75c ASoC: stm32: sai: fix device leak on probe 49c2ef075dbe ntfs: Do not overwrite uptodate pages 6c32d5bb9f8f selftests/ftrace: traceonoff_triggers: strip off names 21077a775094 blk-mq: skip CPU offline notify on unmapped hctx 0fbd2d4a1e2c blk-mq: don't schedule block kworker on isolated CPUs 1d0026c1e4bc RDMA/bnxt_re: fix dma_free_coherent() pointer 0ca967c599fd RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation 5012b4c81223 ksmbd: Fix memory leak in get_file_all_info() 77645e82b739 RDMA/bnxt_re: Fix to use correct page size for PDE table 639e07bbfa17 RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send 689eb90b703b RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() 78d9259378aa RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() c67499757bcf RDMA/efa: Remove possible negative shift fc23d05f0b3f RDMA/irdma: avoid invalid read in irdma_net_event 9f6185a32496 net: rose: fix invalid array index in rose_kill_by_device() 5979338c8301 ipv4: Fix reference count leak when using error routes with nexthop objects c53aa6a5086f ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() 4d0ceb7677e1 net: stmmac: fix the crash issue for zero copy XDP_TX action b23a2e155894 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" cf7ae870560b platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing 25be7178446c net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct 38722e69ee64 net: usb: asix: validate PHY address before use 0e85ce7a3755 net: dsa: b53: skip multicast entries for fdb_dump() 328dc0b12fb8 firewire: nosy: Fix dma_free_coherent() size 535ce34a5bdb genalloc.h: fix htmldocs warning ef277ae121b3 smc91x: fix broken irq-context in PREEMPT_RT 2ac08f3dcd0c selftests: net: fix "buffer overflow detected" for tap.c 4bd4ea3eb326 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure e5ee9d93229b amd-xgbe: reset retries and mode on RX adapt failures 6bfb62b6010a team: fix check for port enabled in team_queue_override_port_prio_changed() 859bf9688bfb platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic ec24f3b4a831 platform/x86: msi-laptop: add missing sysfs_remove_group() 1717357007db ip6_gre: make ip6gre_header() robust 0fc642f011cb net: openvswitch: Avoid needlessly taking the RTNL on vport destroy 248dadfee95a net: mdio: aspeed: add dummy read to avoid read-after-write issue c0ecb3e4451f Bluetooth: btusb: revert use of devm_kzalloc in btusb 0279978adec6 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt 18de0e41d69d iavf: fix off-by-one issues in iavf_config_rss_reg() f38cca04a23f i40e: fix scheduling in set_rx_mode e27036473d39 wifi: mac80211: do not use old MBSSID elements 8e628bebb109 wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() 34e9dd0a1281 wifi: rtw88: limit indirect IO under powered off for RTL8822CS 5c04217d06a1 iommu/mediatek: fix use-after-free on probe deferral e19578444587 ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 84716eb9dc31 hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU f94800fbc26c hwmon: (w83791d) Convert macros to functions to avoid TOCTOU 3769c56a1f0d hwmon: (max16065) Use local variable to avoid TOCTOU 237a3095bcd6 i2c: amd-mp2: fix reference leak in MP2 PCI device ad296c4e19c7 platform/x86: intel: chtwc_int33fe: don't dereference swnode args c6210714347f rpmsg: glink: fix rpmsg device leak 3ccb504e8045 soc: amlogic: canvas: fix device leak on lookup c8ddc5f321d1 soc: qcom: ocmem: fix device leak on lookup 98bf1dece54c tracing: Fix fixed array of synthetic event b3b689729cbc amba: tegra-ahb: Fix device leak on SMMU enable 206c012bcbd1 crypto: caam - Add check for kcalloc() in test_len() 84238876e3b3 crypto: af_alg - zero initialize memory allocated via sock_kmalloc d3c094e07853 selftests: openvswitch: Fix escape chars in regexp. 4cd6081860a5 drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() 0126560370ed io_uring/poll: correctly handle io_poll_add() return value on update ec5aadc4fa49 gpio: regmap: Fix memleak in error path in gpio_regmap_register() 8c4e5a643de3 s390/ipl: Clear SBP flag when bootprog is set 7359e1d39c78 btrfs: don't log conflicting inode if it's a dir moved in the current transaction d790ef0c4819 powerpc/kexec: Enable SMT before waking offline CPUs 7452d53f2933 SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf 21a64218450e svcrdma: return 0 on success from svc_rdma_copy_inline_range 354834eb7867 nfsd: Mark variable __maybe_unused to avoid W=1 build break cd8cf2be3717 net/handshake: restore destructor on submit failure e0643d46759d fsnotify: do not generate ACCESS/MODIFY events on child for special files 19d4c57ae91b r8169: fix RTL8117 Wake-on-Lan in DASH mode a143c3677662 PM: runtime: Do not clear needs_force_resume with enabled runtime PM 65b1971147ec tracing: Do not register unsupported perf events 079f1c3f5619 xfs: fix a memory leak in xfs_buf_item_init() 97bf1f137364 KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits d6d257ce44af KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) d44197b5281d KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN 2d1d833b4025 KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation 99c709294ac8 KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN aab88dcc4fb4 KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE 7b54ccef865e KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer 73f77550086f KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() 8ff24d46a4b2 KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 e927ab132b87 libceph: make decode_pool() more resilient against corrupted osdmaps e09fd2eb6d4c parisc: Do not reprogram affinitiy on ASP chip 062774439d44 scs: fix a wrong parameter in __scs_magic 393b8f9bedc7 platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver e30a69bf891e KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) 96f1b074c98c ocfs2: fix kernel BUG in ocfs2_find_victim_chain fb9bd6d8d314 media: vidtv: initialize local pointers upon transfer of memory ownership 1e90812c0220 tools/testing/nvdimm: Use per-DIMM device handle a4c67d96f92e f2fs: fix return value of f2fs_recover_fsync_data() 4ce9eecb7466 f2fs: fix age extent cache insertion skip on counter overflow 3d65e27e57aa f2fs: invalidate dentry cache on failed whiteout creation efe3371001f5 f2fs: fix to avoid updating zero-sized extent in extent cache c3031cf2b61f f2fs: ensure node page reads complete before f2fs_put_super() finishes 0260ad551b08 scsi: target: Reset t_task_cdb pointer in error case 71074ea29886 NFSD: use correct reservation type in nfsd4_scsi_fence_client e354793a7ab9 scsi: aic94xx: fix use-after-free in device removal path e9e601b7df58 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" 6741f90220dc cpufreq: nforce2: fix reference count leak in nforce2 dffe25224f51 cpuidle: governors: teo: Drop misguided target residency check ed023a179150 intel_th: Fix error handling in intel_th_output_open d285517429a7 char: applicom: fix NULL pointer dereference in ac_ioctl 96e001d20405 usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() 679e15fb53f9 usb: dwc3: keep susphy enabled during exit to avoid controller faults fa8747590b0e usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe 75c5d9bce072 usb: phy: isp1301: fix non-OF device reference imbalance 319f7a85b3c4 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal 848132371006 USB: lpc32xx_udc: Fix error handling in probe 4824123c9f87 phy: broadcom: bcm63xx-usbh: fix section mismatches f4cacf8827ba media: pvrusb2: Fix incorrect variable used in trace message 4a54d8fcb093 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() 22847606976c usb: usb-storage: Maintain minimal modifications to the bcdDevice range. 252892d5a6a2 mptcp: avoid deadlock on fallback while reinjecting 17b470ee53dd mptcp: schedule rtx timer only after pushing data fa4a445f832b media: v4l2-mem2mem: Fix outdated documentation 94a16a3a1001 jbd2: use a weaker annotation in journal handling 815327958ec4 jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key 79a0e4d3fbef ext4: align max orphan file size with e2fsprogs limit dc06c9dc5e1d ext4: fix incorrect group number assertion in mb_check_buddy 36bf0f765333 ext4: clear i_state_flags when alloc inode b5d942922182 ext4: xattr: fix null pointer deref in ext4_raw_inode() 2c0acd1a1e94 ktest.pl: Fix uninitialized var in config-bisect.pl 5fd1a6c631b2 fs/ntfs3: fix mount failure for sparse runs in run_unpack() 7ad2c3ae0795 kallsyms: Fix wrong "big" kernel symbol type read from procfs 037cf435316e floppy: fix for PAGE_SIZE != 4KB 59e7ee37d5f8 block: rate-limit capacity change info log 075e7d288ca3 s390/dasd: Fix gendisk parent after copy pair swap 4f4515f02497 lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit fe2ce8f925b0 mmc: sdhci-msm: Avoid early clock doubling during HS400 transition 18b99fa603d0 io_uring: fix filename leak in __io_openat_prep() 19166de97372 KEYS: trusted: Fix a memory leak in tpm2_load_cmd bc390b273720 cifs: Fix memory and information leak in smb3_reconfigure() 23a89dda39f4 vhost/vsock: improve RCU read sections around vhost_vsock_get() cebfc2ba2e6f block: rnbd-clt: Fix signedness bug in init_dev() 8d8cd3d315db platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks e3ef3e4888de nvme-fc: don't hold rport lock when putting ctrl 62641daa93cb i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware 92544ae44c44 libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map 1abf4ddeda5c serial: sprd: Return -EPROBE_DEFER when uart clock is not ready 72ab74fce63b usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. 4373a81f6b0a usb: xhci: limit run_graceperiod for only usb 3.0 devices 1803fe66c9f2 iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains 914605b0de81 usb: typec: ucsi: Handle incorrect num_connectors capability de6dd14643e5 usbip: Fix locking bug in RT-enabled kernels 44c8dccb09a2 exfat: fix remount failure in different process environments b1cad002d69a reset: fix BIT macro reference d2c7c90aca7b via_wdt: fix critical boot hang due to unnamed resource allocation b39fa021839b fuse: Invalidate the page cache after FOPEN_DIRECT_IO write 6c6a81d86a3c fuse: Always flush the page cache before FOPEN_DIRECT_IO write 69f05f3e5390 scsi: qla2xxx: Use reinit_completion on mbx_intr_comp 0ec5059916f5 scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive 61c409780367 scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled b5020721e953 powerpc/addnote: Fix overflow on 32-bit builds 71f543a56177 clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 cad4dfddaf69 ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx a6f1ced333a6 firmware: imx: scu-irq: Init workqueue before request mbox channel aafed85dbff7 ipmi: Fix __scan_channels() failing to rescan channels 42985fb28312 ipmi: Fix the race between __scan_channels() and deliver_response() 2f21a7cbaaa9 ALSA: usb-mixer: us16x08: validate meter packet indices ba2d15635e59 ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path 930acded6bbf ALSA: vxpocket: Fix resource leak in vxpocket_probe error path 8f289fa12926 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() 97575fb2b714 dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml d9bd2d0985b2 mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig 3dd6d0138482 spi: fsl-cpm: Check length parity before switching to 16 bit mode a287987af354 ACPI: CPPC: Fix missing PCC check for guaranteed_perf ef0f9059a647 ACPI: PCC: Fix race condition by removing static qualifier 20dbeaed2459 can: gs_usb: gs_can_open(): fix error handling 3f3c1c05c6ff Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table bf95ec558058 Input: ti_am335x_tsc - fix off-by-one error in wire_order validation 2bee957f6155 HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen a28a375a5439 ksmbd: fix buffer validation by including null terminator size in EA length e54fb2a47725 ksmbd: Fix refcount leak when invalid session is found on session lookup da29cd197246 ksmbd: skip lock-range check on equal size to avoid size==0 underflow 378a5d288598 block: rnbd-clt: Fix leaked ID in init_dev() d9479998c19a spi: cadence-quadspi: Fix clock disable on probe failure path a0fee4e618f1 x86/xen: Fix sparse warning in enlighten_pv.c 79ee93cb007e x86/xen: Move Xen upcall handler 86fcc629fdc0 drm/panel: sony-td4353-jdi: Enable prepare_prev_first fd8bb8fa7bc9 MIPS: Fix a reference leak bug in ip22_check_gio() 11dddaed6978 hwmon: (tmp401) fix overflow caused by default conversion rate value fa37adcf1d56 hwmon: (ibmpex) fix use-after-free in high/low store b7b4f3bf118f net: hns3: add VLAN id validation before using 3708637cb0d4 net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx 1956d47a03eb net: hns3: using the num_tqps in the vf driver to apply for resources 049538a3aa98 net: enetc: do not transmit redirected XDP frames when the link is down 011ae80c49d9 net/handshake: duplicate handshake cancellations leak socket 7646e5d8188b net/mlx5: Serialize firmware reset with devlink 873cb8bb91ba net/mlx5: Skip HotPlug check on sync reset using hot reset de0560f2c33c net/mlx5: fw_tracer, Handle escaped percent properly 8ac688c0e430 net/mlx5: fw_tracer, Validate format string parameters 0b0e4639a827 net/mlx5: Drain firmware reset in shutdown callback 24d3f86df879 net/mlx5: fw reset, clear reset requested on drain_fw_reset ca9983bc3a11 ethtool: Avoid overflowing userspace buffer on stats query 4cc829d61f10 iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED a9c87779df20 netfilter: nf_tables: remove redundant chain validation on register store 1816619b2fe8 netfilter: nf_tables: allow loads only when register is initialized fb1347c5c016 netfilter: nf_tables: pass context structure to nft_parse_register_load 8bc10b03e705 nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() 2f125ebe47d6 net/sched: ets: Remove drr class from the active list if it changes to strict f818cd472565 caif: fix integer underflow in cffrml_receive() 4729ff0581fb ipvs: fix ipv4 null-ptr-deref in route error path 325eb61bb307 netfilter: nf_conncount: fix leaked ct in error paths 3e778855fbce broadcom: b44: prevent uninitialized value usage 10ffc558246f net: openvswitch: fix middle attribute validation in push_nsh() action 5f2831fc593c mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats 4a3c569005f4 mlxsw: spectrum_router: Fix neighbour use-after-free 5a182635fef3 mlxsw: spectrum_router: Fix possible neighbour reference count leak 17aefe815462 ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() 9987cda315c0 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change 156a0f6341dc netrom: Fix memory leak in nr_sendmsg() 0e26e3ef8e5c net: fec: ERR007885 Workaround for XDP TX path ab794ec9f374 gfs2: Fix use of bio_chain 96a60775dbb1 Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE 6d9a87ecf31f Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV 5adad9727a81 ksmbd: vfs: fix race on m_flags in vfs_cache d64977495e44 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency c4d7795fa55e smb/server: fix return value of smb2_ioctl() 11860cf9cc87 gfs2: fix remote evict for read-only filesystems 58d3e00853e4 btrfs: scrub: always update btrfs_scrub_progress::last_physical 935284aaf233 wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet 857e7a2d5a94 hfsplus: fix volume corruption issue for generic/073 05ec9af3cc43 hfsplus: Verify inode mode when loading from disk b9d1c6bb5f19 hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create 6348bea92f4f hfsplus: fix volume corruption issue for generic/070 44a38eb4f787 ntfs: set dummy blocksize to read boot_block when mounting fb9e2f99ac10 kbuild: Use objtree for module signing key path f5c2a7cb2f00 fs/ntfs3: Support timestamps prior to epoch fefb29d64e7b livepatch: Match old_sympos 0 and 1 in klp_find_func() e71e8079adfe cpuidle: menu: Use residency threshold in polling state override decisions ae7ead58d949 cpufreq: s5pv210: fix refcount leak 9ba782fbe66a cpufreq: dt-platdev: Add JH7110S SOC to the allowlist ce2bdfc4af3f ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only 1bc34293dfbd ACPICA: Avoid walking the Namespace if start_node is NULL 30917f8d4383 x86/ptrace: Always inline trivial accessors 6c074ccf7705 sched/fair: Revert max_newidle_lb_cost bump 91e448e69aca sched/deadline: only set free_cpus for online runqueues 6e41d9ec8d7c perf/x86/amd: Check event before enable to avoid GPF 011e356fe41e iomap: account for unaligned end offsets when truncating read range 82b60ffbb532 iomap: adjust read range correctly for non-block-aligned positions c0c0951b9cd4 btrfs: fix memory leak of fs_devices in degraded seed device path f64105c91557 bpf, arm64: Do not audit capability check in do_jit() beeed972ab48 btrfs: fix a potential path leak in print_data_reloc_error() 54ac15426326 btrfs: do not skip logging new dentries when logging a new name e5daff089b92 ipv6: add exception routes to GC list in rt6_insert_exception 90f7d995b861 ipv6: avoid possible NULL deref in modify_prefix_route() dea3ed2c16f9 ALSA: dice: fix buffer overflow in detect_stream_formats() dbf2d472323d usb: phy: Initialize struct usb_phy list_head 4ef659d1f2e1 usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt 7c0b3edb6c77 net: lan743x: Allocate rings outside ZONE_DMA 95eb965ce0a6 LoongArch: Add machine_kexec_mask_interrupts() implementation 8d9d121e3799 ocfs2: fix memory leak in ocfs2_merge_rec_left() c21c606ad398 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() 94a4c58d7195 efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs f5a28c4ee058 efi/cper: Adjust infopfx size to accept an extra space b930724424b7 efi/cper: Add a new helper function to print bitmasks 99bc41d7d796 dm log-writes: Add missing set_freezable() for freezable kthread 448092910421 dm-raid: fix possible NULL dereference with undefined raid type ca8764c0ea1f block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock fd7e7353a5ba ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() 6d4f17782ce4 ALSA: firewire-motu: add bounds check in put_user loop for DSP events 2e09c882a66e rtc: gamecube: Check the return value of ioremap() 5ef0faed120a ALSA: uapi: Fix typo in asound.h comment 74f2a6b2cff8 dma/pool: eliminate alloc_pages warning in atomic_pool_expand ddd32ec66bc4 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events 1e59c7587bb0 nvme-auth: use kvfree() for memory allocated with kvcalloc() 27d20907debf block: fix comment for op_is_zone_mgmt() to include RESET_ALL 94f146df56fb blk-mq: Abort suspend when wakeup events are pending 5e3230f9f644 ASoC: ak5558: Disable regulator when error happens 8465515b8689 ASoC: ak4458: Disable regulator when error happens 5fd617128b57 ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() 1edf1b4467d3 platform/x86: asus-wmi: use brightness_set_blocking() for kbd led 4543d9ccd99e fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() a98719b6af3e NFS: Fix inheritance of the block sizes when automounting 52cfde819a96 Expand the type of nfs_fattr->valid dce10c59211e NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags e04647b63cfd Revert "nfs: ignore SB_RDONLY when mounting nfs" 350e69eb93ef Revert "nfs: clear SB_RDONLY before getting superblock" b2ed74f8ccd2 Revert "nfs: ignore SB_RDONLY when remounting nfs" f718f9ea6094 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid b8045ad0d53a NFS: Initialise verifiers for visible dentries in nfs_atomic_open() 991609c4a7b1 NFS: Initialise verifiers for visible dentries in readdir and lookup 29e8d9b274c9 fs/nls: Fix utf16 to utf8 conversion 796318ae388f NFS: Avoid changing nlink when file removes and attribute updates race f1fe47f592d3 9p: fix cache/debug options printing in v9fs_show_options a888905f2874 fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() ae836bfac958 pinctrl: single: Fix incorrect type for error return variable de0711dbfb5c pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling 7438b1d70bf2 perf tools: Fix split kallsyms DSO counting d01f0e072dad net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop 84a7efd23b78 clk: keystone: fix compile testing fe78b35d19ae md/raid5: fix IO hang when array is broken with IO inflight 61f371ade3b6 remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs d31af068650c mtd: lpddr_cmds: fix signed shifts in lpddr_cmds c44e376a533e selftests: bonding: add delay before each xvlan_over_bond connectivity check 4035ea8f02fd selftests: bonding: add ipvlan over bond testing 194788280708 selftests: bonding: Add more missing config options 12364ab3a790 selftests: bonding: add missing build configs d29034c70f15 mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors 660936cb5155 net: stmmac: fix rx limit check in stmmac_rx_zc() 8286c02fe910 netfilter: nft_connlimit: update the count if add was skipped da9f247fb5ef netfilter: nf_conncount: rework API to use sk_buff directly 11b01b8ef1b1 netfilter: flowtable: check for maximum number of encapsulations in bridge vlan c327ca1b2de5 Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" 14f860fb0873 resource: introduce is_type_match() helper and use it 7c5527d18857 resource: replace open coded resource_intersection() 9bf08dab7041 resource: Reuse for_each_resource() macro 09811a83b214 regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex 6338e278de4a ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend 7236e72a91ee ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend 3ff05c6af301 ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend 83a9770432f5 ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend 886c8f5af8a9 ASoC: Intel: catpt: Fix error path in hw_params() 84b3ea5ba85c vdpa/pds: use %pe for ERR_PTR() in event handler registration c1947cecdd5c virtio: fix virtqueue_set_affinity() docs 1c7d1ef95abf virtio: fix whitespace in virtio_config_ops 83dc689e138b virtio: fix typo in virtio_device_ready() comment 22b11e8f0b8f virtio_vdpa: fix misleading return in void function 55b273382c52 ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation 0adc8de19be0 ext4: remove unused return value of __mb_check_buddy db5deba07f53 ublk: prevent invalid access with DEBUG 0a0a51092c1c ublk: complete command synchronously on error 84ea891dc897 ublk: make sure io cmd handled in submitter task context c242024efd1b ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 1968f2ab4188 hwmon: sy7636a: Fix regulator_enable resource leak on error path e84690a05e47 drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() 6dca0f3f61ab ASoC: fsl_xcvr: clear the channel status control memory aaf2a6097116 RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY 715fdb3b3054 RDMA/irdma: Add support to re-register a memory region 8c7b21f37494 RDMA/irdma: Fix data race in irdma_free_pble 444de2316b09 RDMA/irdma: Fix data race in irdma_sc_ccq_arm 599632e08859 iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal 136ff909dfb9 backlight: lp855x: Fix lp855x.h kernel-doc warnings 30cbe4b64274 backlight: led-bl: Add devlink to supplier LEDs 26fa6991683f wifi: ieee80211: correct FILS status codes e3676761efb2 iomap: always run error completions in user context 4ae9ff07bc2b iomap: factor out a iomap_dio_done helper 7e50ce619ec6 drm/nouveau: restrict the flush page to a 32-bit address 96c56c5ff4e4 PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition 5928832a90c1 btrfs: fix leaf leak in an error path in btrfs_del_items() 3cfa3d4b155a staging: fbtft: core: fix potential memory leak in fbtft_probe_common() d6ce96e10e4d firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc 1c3c234af940 mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() ccc585db618c RDMA/bnxt_re: Fix the inline size for GenP7 devices e3e1c7416be8 RISC-V: KVM: Fix guest page fault within HLV* instructions 76ae0cc39673 crypto: ccree - Correctly handle return of sg_nents_for_len 6cd14414394b crypto: starfive - Correctly handle return of sg_nents_for_len 6a17f898a8bf selftests/bpf: Improve reliability of test_perf_branches_no_hw() e5343f28814d selftests/bpf: skip test_perf_branches_hw() on unsupported platforms 3915c76df201 usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE b6943283343b usb: dwc2: fix hang during suspend if set as peripheral bac021bf0733 usb: dwc2: fix hang during shutdown if set as peripheral 7e993b9d6d24 usb: dwc2: disable platform lowlevel hw resources during shutdown b90c743a0a32 usb: chaoskey: fix locking for O_NONBLOCK cca3e7df3c0f ima: Handle error code returned by ima_filter_rule_match() dc153401fb26 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() 06a5e91764ed cpuset: Treat cpusets in attaching as populated 49dc43b25d34 net: phy: adin1100: Fix software power-down ready condition 8d946fccf5b4 phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() c23e0dfb05f1 mfd: mt6358-irq: Fix missing irq_domain_remove() in error path eb09da83e409 mfd: mt6397-irq: Fix missing irq_domain_remove() in error path 19eda47ce3f1 wifi: mac80211: fix CMAC functions not handling errors 7fce2c2ce881 wifi: mac80211: remove RX_DROP_UNUSABLE 4bccd506a1f1 scsi: qla2xxx: Fix improper freeing of purex item 6b4cd95bd746 pwm: bcm2835: Make sure the channel is enabled after pwm_request() f153fc44c760 perf arm_spe: Fix memset subclass in operation 64378caea949 perf arm-spe: Extend branch operations cb2b0caa8ca9 ipv6: clear RA flags when adding a static route bd12abe294c7 net/ipv6: Remove expired routes with a separated list of routes. d258ebe7059a drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue 9068cfff4cab fs/ntfs3: Prevent memory leaks in add sub record ba125e8f8d11 fs/ntfs3: out1 also needs to put mi 800153219f04 powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format e95d7d5821f6 powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit bf2c990b0121 bpf: Fix invalid prog->stats access when update_effective_progs fails c8201d1353c5 bpf: Improve program stats run-time calculation bf8513dfa31e wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() 5ed033c54133 drm/msm/a2xx: stop over-complaining about the legacy firmware 9f7ab3fbadf3 NFSD/blocklayout: Fix minlength check in proc_layoutget 07a031029201 tracefs: fix a leak in eventfs_create_events_dir() 74f25cec6e26 watchdog: starfive: Fix resource leak in probe error path 0592410b31f1 watchdog: wdat_wdt: Fix ACPI table leak in probe function 97b876fa8832 bpf: Check skb->transport_header is set in bpf_skb_check_mtu 67d295d202e2 selftests/bpf: Fix failure paths in send_signal test edcb09848a32 bpf: Handle return value of ftrace_set_filter_ip in register_fentry bf8f8528b762 ps3disk: use memcpy_{from,to}_bvec index f5391a065c15 arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A 6b73166d3b4b arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A 3800c97efff2 PCI: keystone: Exit ks_pcie_probe() for invalid mode 994d6303ed0b bpf: Free special fields when update [lru_,]percpu_hash maps df38a4843ab5 leds: netxbig: Fix GPIO descriptor leak in error paths 796037ca2fab scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls 39c754efb3e1 ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() bcb94288d95c ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() 7c8a7d87af9d lib/vsprintf: Check pointer before dereferencing in time_and_date() 43e2c9203d0f clk: renesas: r9a06g032: Fix memory leak in error path bb5f23ae16be coresight: etm4x: Add context synchronization before enabling trace 289d9a2a98ba coresight: etm4x: Extract the trace unit controlling 60f664206be2 coresight: etm4x: Correct polling IDLE bit 2e5e0665a594 nbd: defer config unlock in nbd_genl_connect cbfcd8ee53c2 wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() 61abf8c3162d macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse d5720e4045af powerpc/32: Fix unpaired stwcx. on interrupt exit a68afb6d6540 cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs ef2bbc11b82b scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() 907bf69c6b6c ntfs3: init run lock for extend inode 86322d5110ae ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties d76abca88045 RDMA/rtrs: server: Fix error handling in get_or_create_srv 841ccb2df19b dt-bindings: PCI: amlogic: Fix the register name of the DBI region 6cbba9229348 staging: most: remove broken i2c driver bb0f288a2c4b staging: most: i2c: Drop explicit initialization of struct i2c_device_id::driver_data to 0 6d2390653d82 scsi: smartpqi: Fix device resources accessed after device removal 1867723a98c8 scsi: stex: Fix reboot_notifier leak in probe error path 1ba2ced2bbdf nbd: defer config put in recv_work e432944735ed regulator: core: disable supply if enabling main regulator fails 313ab3b06f77 perf/x86/intel: Correct large PEBS flag check 22b62f223c07 ext4: correct the checking of quota files before moving extents b5ed17a40909 mfd: da9055: Fix missing regmap_del_irq_chip() in error path e4d11160a77d efi/libstub: Fix page table access in 5-level to 4-level paging transition 6f16ed9c8401 x86/boot: Fix page table access in 5-level to 4-level paging transition 182b0cc9c6d5 ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible 4c1dd8da5386 ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible 2470624c4a21 ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels c934e40246da spi: tegra210-quad: Fix timeout handling 577d1ef18499 fs/9p: Don't open remote file with APPEND mode when writeback cache is used 3b8431f15cdd scsi: target: Do not write NUL characters into ASCII configfs output 4eee4a5b9b2e power: supply: apm_power: only unset own apm_get_power_status ea3bdf099e6e power: supply: wm831x: Check wm831x_set_bits() return value 0fcbaf9e99dc power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() 5e9308f3539b power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() 1f309df63785 power: supply: cw2015: Check devm_delayed_work_autocancel() return code 42c1d38de86e perf record: skip synthesize event when open evsel failed 4dc555120afc perf lock contention: Load kernel map before lookup 9dd3998165ea perf maps: Add maps__load_first() 23411ba96edc interconnect: debugfs: Fix incorrect error handling for NULL path 92087be48b6d arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller 7bfe9e5e31e3 interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS bbd054492101 i3c: master: svc: Prevent incomplete IBI transaction 82a09b9965ed i3c: fix refcount inconsistency in i3c_master_register 4fc6af9d9e6d i3c: master: Inherit DMA masks and parameters from parent device 5f133ebe6836 pinctrl: stm32: fix hwspinlock resource leak in probe function ea954e50d312 soc: qcom: smem: fix hwspinlock resource leak in probe error paths 6135d225cca7 tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set 2d3e5c1e76e9 x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() b2a39b1a3cde task_work: Fix NMI race condition 1d733fcbfe61 mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove 4e6526697dcb mtd: nand: relax ECC parameter validation check 9ce7cbd355ae Revert "mtd: rawnand: marvell: fix layouts" 4a493d02ff46 ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties eb8ac04f1036 ARM: dts: renesas: gose: Remove superfluous port property 58aca869babd RDMA/rxe: Fix null deref on srq->rq.queue after resize failure 8f2602a83f66 sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). 85ede044f43d phy: mscc: Fix PTP for VSC8574 and VSC8572 32d9c68af133 arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider a649992b7eb3 firmware: imx: scu-irq: fix OF node leak in abdbffb6a087 arm64: dts: ti: k3-am62p: Fix memory ranges for GPU bb04d3610f08 s390/ap: Don't leak debug feature files if AP instructions are not available 772ded5a84e0 s390/smp: Fix fallback CPU detection 4304bd7a334e wifi: ath11k: fix peer HE MCS assignment 9484379c88e1 crypto: hisilicon/qm - restore original qos values 5b8ac617c8da crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id 4a1535593fff clk: qcom: camcc-sm6350: Fix PLL config of PLL2 77197835a735 clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other 285dadbb3cb0 uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe 433e72bf0f4e PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 631786221875 arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 5db023188615 arm64: dts: imx8mp-venice-gw702x: remove off-board uart e2060f8513b5 arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl d553d5e13edb arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props cf5cd55287a1 iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member 23b2b6af8dc6 inet: Avoid ehash lookup race in inet_ehash_insert() ad12d25edbbe rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() dcb5e3cd96b7 ntfs3: Fix uninit buffer allocated by __getname() 8bf729b96303 ntfs3: fix uninit memory after failed mi_read in mi_format_new 3f8878c15753 crypto: authenc - Correctly pass EINPROGRESS back up to the caller 2629742ccd3a irqchip/qcom-irq-combiner: Fix section mismatch c696fb981d7d irqchip/imx-mu-msi: Fix section mismatch 1fbdca7341d9 irqchip/irq-brcmstb-l2: Fix section mismatch 7a57553d2123 irqchip/irq-bcm7120-l2: Fix section mismatch f00b32894c51 irqchip/irq-bcm7038-l1: Fix section mismatch b0515a899ad1 sched/fair: Forfeit vruntime on yield a8fdcac66666 objtool: Fix weak symbol detection fe6ff6e24ae8 objtool: Fix standalone --hacks=jump_label c5f56b7faa80 HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() c9a86c677b48 clk: renesas: cpg-mssr: Read back reset registers to assure values latched e8c730499293 clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register 224a0d7c8449 clk: renesas: Use str_on_off() helper d349d7dc3243 clk: renesas: rzg2l: Use %x format specifier to print CLK_ON_R() 3cf222e052ca clk: renesas: rzg2l: Remove critical area 73fcc27a9795 clk: renesas: rzg2l: Simplify the logic in rzg2l_mod_clock_endisable() 2ba9e39f1aed clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback 094b1827d2f7 USB: Fix descriptor count when handling invalid MBIM extended descriptor 9dc3c78d21e1 drm/vgem-fence: Fix potential deadlock on release 2f97ed8e88a3 drm/panel: visionox-rm69299: Don't clear all mode flags 6245cce711e2 gpu: host1x: Fix race in syncpt alloc/free f8fd5491100f smack: fix bug: unprivileged task can create labels c173ce97d3f0 staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing 34620eb602aa staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing 30c558447e90 staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser b975f91de5f8 comedi: check device's attached status in compat ioctls 049f14557450 comedi: multiq3: sanitize config options in multiq3_attach() 72b3627b0d3b comedi: c6xdigio: Fix invalid PNP driver unregistration 24cb00b9804c wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 2f5e6805246c samples: work around glibc redefining some of our defines wrong a32eddf2bb52 LoongArch: Mask all interrupts during kexec/kdump e9b3a97e852a HID: elecom: Add support for ELECOM M-XT3URBK (018F) e7915f55ab15 platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally 919a9f1422e3 platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list f42f958c4f42 platform/x86: huawei-wmi: add keys for HONOR models db78f96e150a HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list d046f04f223d platform/x86: acer-wmi: Ignore backlight event fc59674bb41f pinctrl: qcom: msm: Fix deadlock in pinmux configuration a505f0ba36ab nvme: fix admin request_queue lifetime 37786f27ee0e HID: hid-input: Extend Elan ignore battery quirk to USB a9f626396bfe bfs: Reconstruct file type when loading from disk 4943ed83f80e ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series 727197a77874 smb: fix invalid username check in smb3_fs_context_parse_param() 2b37f5b27f13 Bluetooth: btrtl: Avoid loading the config file on security chips d6c24a5e6cdc drm/vmwgfx: Use kref in vmw_bo_dirty 88edfeca040c spi: imx: keep dma request disabled before dma transfer setup 5f061d0ed906 spi: xilinx: increase number of retries before declaring stall 27b2a8f45ed1 ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() 3915997ad777 USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC cae7aa183ca4 USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC 5a8c2136dc5e serial: add support of CPCI cards 53a633786718 USB: serial: ftdi_sio: match on interface number for jtag 510db76553c9 USB: serial: option: move Telit 0x10c7 composition in the right place 63d6bf5b19bf USB: serial: option: add Telit Cinterion FE910C04 new compositions 85e8739c5ce7 USB: serial: option: add Foxconn T99W760 152289a51107 KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced 88d99ca5adbd comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() 144c48da33a0 ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() 39d2ef113416 locking/spinlock/debug: Fix data-race in do_raw_write_lock 708a620b471a ksmbd: ipc: fix use-after-free in ipc_msg_send_request 1687a055a555 ext4: refresh inline data size before write operations b4f8eabf6d99 jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted 46c73ff89d73 Documentation: process: Also mention Sasha Levin as stable tree maintainer 732fe5cbd6ad leds: spi-byte: Use devm_led_classdev_register_ext() 25f34fd52144 xfrm: flush all states in xfrm_state_fini 763e5c351206 xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added 88ed2012b8c7 Revert "xfrm: destroy xfrm_state synchronously on net exit path" d0e0d1097118 xfrm: delete x->tunnel as we delete x Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 8ab76cb2f3b..0018061822d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "d4ff700595af4b924c51677c033f4a7b555d84d9" -SRCREV_meta ?= "f0da0340213d3d31ce967c0e74f61d560140abba" +SRCREV_machine ?= "9f6b4d4c1c5963ea07d6fe904311cd53ad4c0258" +SRCREV_meta ?= "49d5ba17b4b5951f28957ba6891a14dd7b27ceee" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.119" +LINUX_VERSION ?= "6.6.120" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 9ee071546f4..f4165c9ef49 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.119" +LINUX_VERSION ?= "6.6.120" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "b8e89962b199d788f48813ee31cf5d91f02ba625" -SRCREV_meta ?= "f0da0340213d3d31ce967c0e74f61d560140abba" +SRCREV_machine ?= "9216b294019c150359dc667f9d3dbbde2c0a8a8a" +SRCREV_meta ?= "49d5ba17b4b5951f28957ba6891a14dd7b27ceee" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 20a6e116396..987c3218ec5 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "8b1ffa583db6c7b547d6e02b553d158760bef848" -SRCREV_machine:qemuarm64 ?= "0b48d78b3a581b68506007e3a67168369ac40ef3" -SRCREV_machine:qemuloongarch64 ?= "509f595358e435ee6db263ff182397c78e74a09d" -SRCREV_machine:qemumips ?= "fb588d19e0a30c8cbb4e1727ffa66c871cd93e51" -SRCREV_machine:qemuppc ?= "deb0adb74e5b744b66105fdef7d56faaecd6e8d6" -SRCREV_machine:qemuriscv64 ?= "509f595358e435ee6db263ff182397c78e74a09d" -SRCREV_machine:qemuriscv32 ?= "509f595358e435ee6db263ff182397c78e74a09d" -SRCREV_machine:qemux86 ?= "509f595358e435ee6db263ff182397c78e74a09d" -SRCREV_machine:qemux86-64 ?= "509f595358e435ee6db263ff182397c78e74a09d" -SRCREV_machine:qemumips64 ?= "d87f14c4af036fdb7418e1ced1aa7c168966f6d7" -SRCREV_machine ?= "509f595358e435ee6db263ff182397c78e74a09d" -SRCREV_meta ?= "f0da0340213d3d31ce967c0e74f61d560140abba" +SRCREV_machine:qemuarm ?= "bcbb707216e841d53386a3f1ccf9b09c62961791" +SRCREV_machine:qemuarm64 ?= "321d1a067132a921414fdfab332fb084d44096c2" +SRCREV_machine:qemuloongarch64 ?= "993fd928045661cd12c065d82461c47220c67cbc" +SRCREV_machine:qemumips ?= "669b6afdc64fdb78d06e1997fc077b31721460e0" +SRCREV_machine:qemuppc ?= "8c9e6ee3f14b711a63744f4fe3b1b7aaaee46a99" +SRCREV_machine:qemuriscv64 ?= "993fd928045661cd12c065d82461c47220c67cbc" +SRCREV_machine:qemuriscv32 ?= "993fd928045661cd12c065d82461c47220c67cbc" +SRCREV_machine:qemux86 ?= "993fd928045661cd12c065d82461c47220c67cbc" +SRCREV_machine:qemux86-64 ?= "993fd928045661cd12c065d82461c47220c67cbc" +SRCREV_machine:qemumips64 ?= "827304b327c277b699d94d8f861cde5f4b242b3f" +SRCREV_machine ?= "993fd928045661cd12c065d82461c47220c67cbc" +SRCREV_meta ?= "49d5ba17b4b5951f28957ba6891a14dd7b27ceee" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "5fa4793a2d2d70ad08b85387b41020f1fcc2d19e" +SRCREV_machine:class-devupstream ?= "c596736dadab2ffef4737fa8acbc1244557126ac" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.119" +LINUX_VERSION ?= "6.6.120" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81768 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52ABAF357C5 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21671.1771943581856338552 for ; Tue, 24 Feb 2026 06:33:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Y9V2c4cr; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4836f4cbe0bso42486965e9.3 for ; Tue, 24 Feb 2026 06:33:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943580; x=1772548380; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ao7LuEgEZrIH8Jl+aLUNcSubErJKPvwajSM/e1Xzhto=; b=Y9V2c4cr/0eBb1NFLMnxGjJkOE+GUGDLqdQTcSJhOYPNXHG/6XjNpHwSVTSv6zmvwn sJ4xW+GgWDQBSnxan1GYHdEHs55zc0Vw1wzrm8gK+/Uv8gLUpfQB8slQ2xRVWfYNBIWA hgUU6CBjbqmcnhj31CcSQYufFc4u8FVoLvjoE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943580; x=1772548380; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ao7LuEgEZrIH8Jl+aLUNcSubErJKPvwajSM/e1Xzhto=; b=b/cES8JikYsyIlXjDZaLgD8J4shFUYlaevecVut1xC8oXdnFTUyGNm24GEiza6vsbt p9loHw+pXwo6IRPHBAkJrHIXcjpAqwVfQFs24m4r4+ZKps3G+xH7JlCyLH3SXJ/LZjDg 9Pr5BxwvONNFL5QS9QB709O04aWzisprsbJo/wL34qcrEZquinz11wWxKmb/oKOq+Ex8 6twLTf9yWhTGz0JFk+CHRdIp2jMtM+ci2ALLx6QMkkzOmDaz4yQ1+VK8NKsrW9jRRqQ/ qpYByxIwbkgZhDTXz41NfuB8t+ihp7nhOQbw7dXabUz4hdjWxCooS5WCW7WUlPhxCSRN XxfQ== X-Gm-Message-State: AOJu0YwAYLwuID9C+a9CMvWSNHGdEGr2u2r4ErMWXEA71lgd2YXMv9T3 o2p2dIGr9zb1OAZqBOIMApiFCxqtv3y8dE7y4YPD796mpHQMSV9Jr1LD+VEe55B7Hdolzy744ix G7WhL X-Gm-Gg: AZuq6aLMngmaMo6pemvS7/zcoZWqIrPpw9Ld/8UzcC6ijjSv8uuH8WEpfFP3hlb5E+v WPBGlBkwe/Xy04/vJb+318MI8QpD8iY0U++En3lD/ynMFgOSsBYXeyloG9GcyBOVytc6dxo8EnT d8MjOxERiQW8Vw2uJGnqIw5NsxSNrEYEde/WAxfuHF+on7dUiIcZWhD/dyX/KJZHLcWOXB+aWzW Yghu6lIJTpMXPxpKFtM4PH/WAQyPQWv18v/7qsV+Bif2I7iT1ecGOmzhJpuWCGzEVOt61yqzFvN rVSGn4PzLAcFxfIBe060BuOxBkwvGWDL0SvjjUn3C7e14jLOUIRMDNOhRmeQNr8zrqe9OINmiXn ix0C6rDwmEEz/QQpjl1TFoXjkPMBdmdLzWcABPOghe4GwybjDAfNtcSEOKqRZyyRYJ3LieiSb7D gf6wFHdXatcIDUgz6PItMuyHHnzuYSNa4iG/2T8VULPS4BTsxhjVXmIClnsf1F1MxIYaw6MJSXN 6AgQHthFirURmoTiR2ZzabcKHL2EMcVKA== X-Received: by 2002:a05:600c:3b96:b0:47e:e076:c7a5 with SMTP id 5b1f17b1804b1-483a95b7aedmr251939605e9.11.1771943579457; Tue, 24 Feb 2026 06:32:59 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:32:59 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 17/44] linux-yocto/6.6: update to v6.6.123 Date: Tue, 24 Feb 2026 15:31:45 +0100 Message-ID: <4d1aea57d818ce892be5e2bc8cb4d6090ecbc339.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231824 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: c56aaf1a85ae9 Linux 6.6.123 7e0d31c47b8a9 bpf/selftests: test_select_reuseport_kern: Remove unused header 5a530c8ead06e Revert "net: Remove conditional threaded-NAPI wakeup based on task state." 507692c056363 Revert "net: Allow to use SMP threads for backlog NAPI." dd4c7800a905d drm/amd/display: use udelay rather than fsleep 572777a258c04 ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() 1891abe832cbf ksmbd: fix recursive locking in RPC handle list access b6978c565ce33 xsk: Fix race condition in AF_XDP generic RX path c74e2dbb53168 drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove a3f75ee1a436e drm/amdkfd: Don't use sw fault filter if retry cam enabled 21bad75012f76 pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins 38a0f2215aee4 mptcp: avoid dup SUB_CLOSED events after disconnect 73408fa92742b writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 d84a4836dc246 perf: sched: Fix perf crash with new is_user_task() helper e57bda247f29c drm/msm/a6xx: fix bogus hwcg register updates e228ad913b0d2 pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver daf8a4eb70ff4 ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check db24153fc77a8 net/sched: act_ife: convert comma to semicolon 1d14f86e813f6 btrfs: prevent use-after-free on page private data in btrfs_subpage_clear_uptodate() 9d0ed508a9e2a drm/radeon: delete radeon_fence_process in is_signaled, no deadlock e26235840fd96 team: Move team device type change at the end of team_port_add 27ca8004ba93a wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode fb2b9a1e85bdd wifi: mac80211: move TDLS work to wiphy work 6b615a8fb3af0 ksmbd: Fix race condition in RPC handle list access d1bda2ab0cf95 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV 4d1e9a4a450aa ksmbd: smbd: fix dma_unmap_sg() nents 143980bd2be75 mei: trace: treat reg parameter as string ce820dd4e6e2d arm64/fpsimd: signal: Fix restoration of SVE context 40b73f0519d3c arm64/fpsimd: signal: Consistently read FPSIMD context 15110f9cdc877 arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state e527e695fdfc1 mm/kfence: randomize the freelist on initialization 38c32baf6d2c7 gpio: rockchip: Stop calling pinctrl for set_direction e618b52a1589a drm/amdgpu/gfx11: fix wptr reset in KGQ init c61c93218956c drm/amdgpu/gfx10: fix wptr reset in KGQ init cbf4d79e5c619 drm/amdgpu/soc21: fix xclk for APUs 9a15d3fdc22d4 drm/imx/tve: fix probe device leak cdaf07ec0b698 scripts: generate_rust_analyzer: Add compiler_builtins -> core dep 884b2590ffcc7 flex_proportions: make fprop_new_period() hardirq safe 4bed436cdef70 selftests: mptcp: join: fix local endp not being tracked ba58cd70a4223 selftests: mptcp: check subflow errors in close events 8b5061c3400a7 selftests: mptcp: check no dup close events after error d761d42be060b mptcp: only reset subflow errors when propagated 510a16f1c5c16 efivarfs: fix error propagation in efivar_entry_get() a9c96f113a5f3 scsi: qla2xxx: edif: Fix dma_free_coherent() size 122751f43f930 gpio: pca953x: mask interrupts in irq shutdown c2fc0aae3cf42 ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO 441d129ba899e scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() 28a1e5e97c899 ASoC: fsl: imx-card: Do not force slot width to sample width 018e9e9cae7b3 rust: kbuild: give `--config-path` to `rustfmt` in `.rsi` target 929e568a83da5 riscv: compat: fix COMPAT_UTS_MACHINE definition 8519c9231ce23 pinctrl: meson: mark the GPIO controller as sleeping be1cebabb3cd2 dma/pool: distinguish between missing and exhausted atomic pools 0368794dc28a1 gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler 2f45c46661911 ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion ac3a2ea06f3c8 scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() 0d434670eb0bb net/mlx5e: Skip ESN replay window setup for IPsec crypto offload e43fdee29a96f net: bridge: fix static key check 546eba0b10989 nfc: nci: Fix race between rfkill and nci_unregister_device(). 970526dde3686 net/mlx5e: Account for netdev stats in ndo_get_stats64 e014f11f741be net/mlx5e: Report rx_discards_phy via rx_dropped 62e1d8920f692 net/mlx5e: TC, delete flows only for existing peers fd30aa82df73b ice: stop counting UDP csum mismatch as rx_errors f8d002626d434 nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). d448bf96889f1 rocker: fix memory leak in rocker_world_port_post_fini() 2a0522f564acd net: wwan: t7xx: fix potential skb->frags overflow in RX path 96595848c6fd6 ipv6: use the right ifindex when replying to icmpv6 from localhost 509b526d64290 net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() 8c0be3277e7ae bonding: annotate data-races around slave->last_rx 5058d3f8f1720 octeon_ep: Fix memory leak in octep_device_setup() 724c9d346a3ac net: bcmasp: fix early exit leak with fixed phy 923379f1d7e3a can: gs_usb: gs_usb_receive_bulk_callback(): fix error message dc5d1eb935be0 net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() 186d147cf7689 Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work 2cf6f68313dcc Linux 6.6.122 96aa13ff68ef5 net: phy: fix phy_uses_state_machine() 043aa41c43f8c net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY b5a933535cc34 net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() 1e2848bda819a x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 8db5de0cf02fc wifi: ath11k: fix RCU stall while reaping monitor destination ring 8d2979b9bb1be drm/amdgpu: csa unmap use uninterruptible lock 7d52c592cf53f fs/ntfs3: Initialize allocated memory before use 1067361a1cc6a ksmbd: fix use-after-free in ksmbd_session_rpc_open 17fbad93879e8 usbnet: Fix using smp_processor_id() in preemptible code warnings 8120e420013d9 NFSD: fix race between nfsd registration and exports_proc d89f3037d54d3 nvme: fix PCIe subsystem reset controller state transition 7dfb39b0186dd nvme-pci: do not directly handle subsys reset fallout ca88419cf0623 nvme-fc: rename free_ctrl callback to match name pattern f83824b023c75 ASoC: codecs: wsa883x: fix unnecessary initialisation 0ded4420b54e9 ASoC: codecs: wsa881x: fix unnecessary initialisation ea2474ea2eef4 ASoC: codecs: wsa881x: Drop unused version readout ebae26dd15140 phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() 479fab9aeade1 phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path d6705bcc5fe7c mm: kmsan: fix poisoning of high-order non-compound pages 4a04ff9cd816e mm/page_alloc: prevent pcp corruption with SMP=n 93464499df42b dmaengine: stm32: dmamux: fix OF node leak on route allocation failure 1a179ac01ff39 dmaengine: stm32: dmamux: fix device leak on route allocation 041863dd410bd iio: adc: exynos_adc: fix OF populate on driver rebind 91a756d22f048 ALSA: scarlett2: Fix buffer overflow in config retrieval 6b20590c43538 arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s fb3c1f24f3b7e mm/rmap: fix two comments related to huge_pmd_unshare() 522e580524106 iio: core: add separate lockdep class for info_exist_lock 31c3c9f3b1b9b iio: core: add missing mutex_destroy in iio_dev_release() 5596ce564a8c3 mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure e9711bd0e6481 mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure adec5e1f9c99f can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak 4d3c2a1d4c7c3 bridge: mcast: Fix use-after-free during router port configuration 8670b53b8ee91 bpf: Do not let BPF test infra emit invalid GSO types to stack 1da48da947d0c selftests/bpf: Check for timeout in perf_link test 526394af4e8ad migrate: correct lock ordering for hugetlb file folios 59ff56992bba2 can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak 179f6f0cf5ae4 can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak 7c308f7530bff can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak e9410fdd4d5f7 can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak 1b32339156035 irqchip/gic-v3-its: Avoid truncating memory addresses dd40d94ffd7c8 perf/x86/intel: Do not enable BTS for guests cad7003d951e8 pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu 6384f7851838f platform/x86: hp-bioscfg: Fix automatic module loading bd8955337e376 netrom: fix double-free in nr_route_frame() 43f233eb6e7b9 uacce: ensure safe queue release with state management 4c042bc71474d uacce: implement mremap in uacce_vm_ops to return -EPERM 9ab05cdcac354 uacce: fix isolate sysfs check condition d9031575a2f8a uacce: fix cdev handling in the cleanup path bf7785434b5d0 intel_th: fix device leak on output open() 98ecbfb2598c9 tracing: Fix crash on synthetic stacktrace field usage 2ddc09f6a0a22 slimbus: core: fix device reference leak on report present dd58835fba5d6 slimbus: core: fix runtime PM imbalance on report present d2846f8a89fd6 octeontx2: Fix otx2_dma_map_page() error return code 8557bdd9af8dd arm64: Set __nocfi on swsusp_arch_resume() 19b2c3f3ca1b4 arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA 7761d7801f40e wifi: rsi: Fix memory corruption due to not set vif driver data size 5d0ab96350e06 wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() 36e0bc5e8b282 wifi: ath12k: fix dma_free_coherent() pointer 1928851334ecf wifi: ath10k: fix dma_free_coherent() pointer f2677d6e2bbc5 mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode bcb72b6a39e90 mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function 7bff0156d13f0 ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() a8c42d11b0526 ALSA: ctxfi: Fix potential OOB access in audio mixer handling cbe409f68380a iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl c2d6e00829cbf iio: chemical: scd4x: fix reported channel endianness 9795fe80976f8 iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver 8271e1860c7cd iio: adc: ad9467: fix ad9434 vref mask 9e77ef924fe31 iio: accel: iis328dq: fix gain values c0ebc3d8ad6b5 of: platform: Use default match table for /firmware f4c270975fe1d of: fix reference count leak in of_alias_scan() 2757f7748ce2d leds: led-class: Only Add LED to leds_list when it is fully ready 93dfcc59b2bf3 x86: make page fault handling disable interrupts properly 03710cebfc0bc net/sched: act_ife: avoid possible NULL deref d9d5f222558b4 vsock/virtio: cap TX credit to local buffer size 17c9b158bc4d7 vsock/test: fix seqpacket message bounds test 02f9af192b98d vsock/virtio: fix potential underflow in virtio_transport_get_credit() c70e99dd37163 net: openvswitch: fix data race in ovs_vport_get_upcall_stats 77c6aa2c388e9 octeontx2-af: Fix error handling 4ad32b1e0ca42 net: dsa: fix off-by-one in maximum bridge ID determination 0efee0b992f28 bonding: provide a net pointer to __skb_flow_dissect() a142ae1c56131 selftests: net: amt: wait longer for connection before sending packets e206fb415db36 be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list baafbbc23d421 drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) 2c1fc0547a870 drm/amd/pm: Don't clear SI SMC table when setting power limit c378cdae46369 usbnet: limit max_mtu based on device's hard_mtu fad8f4ff7928f ipv6: annotate data-race in ndisc_router_discovery() fc8ba17fd3337 mISDN: annotate data-race around dev->work bfb030a377e05 net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue 3a1601756a905 net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M 42e16254f1d3e be2net: fix data race in be_get_new_eqd a111d1fb91ae3 net: hns3: fix data race in hns3_fetch_stats f1f9cfd2f46a7 netdevsim: fix a race issue related to the operation on bpf_bound_progs list 7f523dd499b72 ALSA: usb: Increase volume range that triggers a warning 408bfa8d70f79 scsi: qla2xxx: Sanitize payload size to prevent member overflow 9fdc6f28d5e81 scsi: core: Wake up the error handler when final completions race against each other 0df7ecb393db7 riscv: clocksource: Fix stimecmp update hazard on RV32 1b47e6d3bc026 kconfig: fix static linking of nconf 24f31be6ad705 regmap: Fix race condition in hwspinlock irqsave routine 417cdfd9b9f98 spi: spi-sprd-adi: Fix double free in probe error path 1a27bd3c6949f spi: sprd-adi: switch to use spi_alloc_host() 74634f4a64897 spi: sprd: adi: Use devm_register_restart_handler() aa79a5a959c7c interconnect: debugfs: initialize src_node and dst_node to empty strings ce8d8a3368128 iio: adc: ad7280a: handle spi_setup() errors in probe() 7673167fac932 iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection 85eb83694a91c io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop eb5ff1025c921 platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro 29917c80aa96a platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names 6484f43740cc9 comedi: Fix getting range information for subdevices 16 to 255 bf843b0624d89 x86/kfence: avoid writing L1TF-vulnerable PTEs 8adc31a561a55 arm64: dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro 929229fdd116a arm64: dts: rockchip: remove dangerous max-link-speed from helios64 f86264ec0e2b1 scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() 156284ab2f641 scsi: storvsc: Process unsupported MODE_SENSE_10 21937a189daa8 Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA dcecb4269dd4b Input: i8042 - add quirks for MECHREVO Wujie 15X Pro 93cbf6d80da2a Revert "nfc/nci: Add the inconsistency check between the input data length and count" 9367b4709b528 w1: fix redundant counter decrement in w1_attach_slave_device() 6a5820ecfa5a7 w1: therm: Fix off-by-one buffer overflow in alarms_store aaff8f3a35c9d comedi: dmm32at: serialize use of paged registers dce0865a5828a serial: 8250_pci: Fix broken RS485 for F81504/508/512 b0a9609283a5c crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec 93b8635974fb0 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag 0686bedfed341 net/sched: Enforce that teql can only be used as root qdisc fcf8cd4654790 octeontx2: cn10k: fix RX flowid TCAM mask handling 04ba6de6eff61 ipvlan: Make the addrs_lock be per port 68e92085427c8 l2tp: avoid one data-race in l2tp_tunnel_del_work() 0bb986d83922c veth: fix data race in veth_get_ethtool_stats 1cc98b8887cab fou: Don't allow 0 for FOU_ATTR_IPPROTO. 4170ec351e456 tools: ynl: Specify --no-line-number in ynl-regen.sh. f87b9b7a618c8 gue: Fix skb memleak with inner IP protocol 0. 8a8a5a43fef4e amd-xgbe: avoid misleading per-packet error log e7e81abbcc562 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT ce4352057fc5a can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error 4b37dc63957cb selftests: net: fib-onlink-tests: Convert to use namespaces by default 8ba4cf99c61cd selftests/net: convert fib-onlink-tests.sh to run it in unique namespace 80c881e53a4fa bonding: limit BOND_MODE_8023AD to Ethernet devices b66dfde203fb4 net: usb: dm9601: remove broken SR9700 support b36bbac746ee6 igc: fix race condition in TX timestamp read for register 0 9a151fd0bd7d9 ice: Avoid detrimental cleanup for bond during interface stop a6a0dd00178ea ice: initialize ring_stats->syncp e635e5b7eac83 ata: libata: Print features also for ATAPI devices 02fc7c01a35d3 ata: libata: Call ata_dev_config_lpm() for ATAPI devices 1c6714932c3df ata: libata-core: Introduce ata_dev_config_lpm() 557b62028c077 ata: libata: Add cpr_log to ata_dev_print_features() early return e2d46e0b76cab pmdomain: qcom: rpmhpd: Add MXC to SC8280XP f0070413c6580 dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO 230c9ed464eda dt-bindings: power: qcom-rpmpd: split RPMh domains definitions 564752b42d137 dt-bindings: power: qcom,rpmpd: add Turbo L5 corner 64a0b97df8366 dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains 658e1879ebe68 dt-bindings: power: rpmpd: Update part number to X1E80100 ce649f43c4936 dt-bindings: power: qcom,rpmpd: document the SM8650 RPMh Power Domains 25ebc01125e60 dt-bindings: power: rpmpd: Add MSM8917, MSM8937 and QM215 f33305f0925be dt-bindings: power: qcom,rpmpd: Add SM7150 ce5ee09c0aeea btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE 774089dc718f5 Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() fe11f976dd0ad hyperv-tlfs: Change prefix of generic HV_REGISTER_* MSRs to HV_MSR_* 11536f3371f4a arm64: dts: qcom: sc8280xp: Add missing VDD_MXC links 8d9f22c570ba3 testptp: Add option to open PHC in readonly mode 4f3c8c7f4e1bd selftest/ptp: update ptp selftest to exercise the gettimex options 59ac47a0275fc ptp: add testptp mask test 4fbfc6bca4e37 ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. ba3a97c832725 posix-clock: Store file pointer in struct posix_clock_context ea2d9bfd422e9 Fix memory leak in posix_clock_open() 221e4d1e29bb4 posix-clock: introduce posix_clock_context concept 2c590e4b3d4cc io_uring: move local task_work in exit cancel loop 99da896614d17 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type 696ebf74738b9 dmaengine: ti: k3-udma: fix device leak on udma lookup 6fdf168f57e33 dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation 8df7c3e6d1e5e dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation 4e45ae701b816 dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() 6bf4ef078fd11 dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() 9fba97baa520c dmaengine: lpc18xx-dmamux: fix device leak on route allocation c81ea0222eaaa dmaengine: idxd: fix device leaks on compat bind and unbind db7c79c1bbfb1 dmaengine: dw: dmamux: fix OF node leak on route allocation failure c80ca7bdff158 dmaengine: bcm-sba-raid: fix device leak on probe 987c71671367f dmaengine: at_hdmac: fix device leak on of_dma_xlate() 2838cb6133ac2 dmaengine: apple-admac: Add "apple,t8103-admac" compatible 1f70af89b0893 drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() bc0b17bdba383 drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel cb4c9fc5e79a7 drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare 3dc1a40180264 drm/amdkfd: fix a memory leak in device_queue_manager_init() a4218ac0bb8e7 drm/amd: Clean up kfd node on surprise disconnect d9a82256a4c7e drm/amd/display: Bump the HDMI clock to 340MHz 1d8f4d24fc1b3 LoongArch: Fix PMU counter allocation for mixed-type event groups 43964644348f6 mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure 6ef36b329bbe2 mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free b73f2834e1bc6 x86/resctrl: Fix memory bandwidth counter width for Hygon a78dca14fb2b0 x86/resctrl: Add missing resctrl initialization for Hygon 71c5bc6720b60 tcpm: allow looking for role_sw device in the main node bfefcc78a8ec5 EDAC/i3200: Fix a resource leak in i3200_probe1() dc2365df328a9 EDAC/x38: Fix a resource leak in x38_probe1() ac92563601513 hrtimer: Fix softirq base check in update_needs_ipi() 0b06cde92f2f9 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref ed61badfc2bc8 nvme-pci: disable secondary temp for Wodposit WPBSNM8 3f6a36c9dc73d USB: serial: ftdi_sio: add support for PICAXE AXE027 cable f890044ad2959 USB: serial: option: add Telit LE910 MBIM composition 384084a094c74 USB: OHCI/UHCI: Add soft dependencies on ehci_platform 93f21786487cd usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor 928e7d022d167 usb: dwc3: Check for USB4 IP_NAME ee82bc9f1df97 phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 9e0d336e71c47 phy: rockchip: inno-usb2: fix disconnection in gadget mode 16a6a73087fb4 phy: freescale: imx8m-pcie: assert phy reset during power on 942381794fc31 phy: rockchip: inno-usb2: fix communication disruption in gadget mode 9716e427489f6 x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers 809a437e27a3b net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts 58d236065ba65 can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. f905bcfa971ed can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak 1a3286edf4d48 null_blk: fix kmemleak by releasing references to fault configfs items 2de6d3348937f ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer 8fab42516eb3c scsi: core: Fix error handler encryption support 60e450eec5d63 drm/amd/display: Check dce_hwseq before dereferencing it d64557b61c1dd HID: usbhid: paper over wrong bNumDescriptor field d66d8ad31057d i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA 88a9483f093bb dmaengine: omap-dma: fix dma_pool resource leak in error paths 2a7ddafac3820 phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again) 76b870fdaad82 phy: stm32-usphyc: Fix off by one in probe() beba460a29915 phy: qcom-qusb2: Fix NULL pointer dereference on early suspend 8151ecaaf08e3 phy: drop probe registration printks 7070ed66aba3b phy: phy-snps-eusb2: refactor constructs names 0b347b180ad5e phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it 0fd2001907fea dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing 59cb421b0902f dmaengine: tegra-adma: Fix use-after-free df8a131a41ff6 dmaengine: xilinx: xdma: Fix regmap max_register 7602a67114cd5 mm, kfence: describe @slab parameter in __kfence_obj_info() f332d75388ea5 textsearch: describe @list member in ts_ops search 805f1c634817a ASoC: tlv320adcx140: fix word length 659939d08e5f7 ASoC: tlv320adcx140: fix null pointer 0a234660dc70c net/sched: sch_qfq: do not free existing class in qfq_change_class() a3f895d4494a8 selftests: drv-net: fix RPS mask handling for high CPU numbers 9356b69d03d0f ipv6: Fix use-after-free in inet6_addr_del(). 82c9039c8ebb7 net: hv_netvsc: reject RSS hash key programming without RX indirection table 58208907c4044 btrfs: fix memory leaks in create_space_info() error paths 0bd151ce4200c btrfs: introduce btrfs_space_info sub-group 42c8d48bf3abe btrfs: factor out check_removing_space_info() from btrfs_free_block_groups() 34d5cd41418af btrfs: factor out init_space_info() from create_space_info() 1fe74715ccb4e btrfs: store fs_info in space_info 6126877f90fe7 net/mlx5e: Restore destroying state bit after profile cleanup 147b9a2fc7a35 vsock/test: add a final full barrier after run all tests 06fe0801396a3 ipv4: ip_gre: make ipgre_header() robust 15f6faf36e162 macvlan: fix possible UAF in macvlan_forward_source() 0ba0a79500fcf net: update netdev_lock_{type,name} 2f03dafea0a80 ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() 98151bb13af1e net: bridge: annotate data-races around fdb->{updated,used} 9f1ac4c98add7 net: bridge: Set BR_FDB_ADDED_BY_USER early in fdb_add_entry f2dc6ab3a14c2 btrfs: send: check for inline extents in range_is_hole_in_parent() fdecd3b6aac10 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec 50f80e82e7966 nvmet-tcp: remove boilerplate code 611e839d2d552 can: etas_es58x: allow partial RX URB allocation to succeed 869862056e100 pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() 55787a73fbb61 xfrm: Fix inner mode lookup in tunnel mode GSO segmentation 6eb597cb4e37f ASoC: codecs: wsa884x: fix codec initialisation ca72af7608d68 Revert "gfs2: Fix use of bio_chain" 30f9b41b03903 efi/cper: Fix cper_bits_to_str buffer handling and return value 73069e1134029 firmware: imx: scu-irq: Set mu_resource_id before get handle cbb31f77b879f Linux 6.6.121 0b1ac9743f3d9 riscv: Replace function-like macro by static inline function d03ee41854866 gpio: pca953x: fix wrong error probe return value 5192f17d1127a bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path 83eef6f904a84 scsi: sg: Fix occasional bogus elapsed time that exceeds timeout 06f90c7dce191 ASoC: fsl_sai: Add missing registers to cache default 2c4404d6e4edb ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 be3923930a71b ALSA: usb-audio: Update for native DSD support quirks 78d87b72cebe2 can: j1939: make j1939_session_activate() fail if device is no longer registered f73d92997388b drm/amd/display: Fix DP no audio issue 53de1e6cde8f9 netfilter: nf_tables: avoid chain re-validation if possible c04b3a832c062 powercap: fix sscanf() error return value handling e07dea55aa134 powercap: fix race condition in register_control_type() 98676ee71fd4e bpf: Fix reference count leak in bpf_prog_test_run_xdp() 7c81ad5e580bd bpf, test_run: Subtract size of xdp_frame from allowed metadata size d08b4193cd55a bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN 875d7cb4fe156 bpf: Make variables in bpf_prog_test_run_xdp less confusing a60c827903b45 bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K 77c956152a3a7 riscv: uprobes: Add missing fence.i after building the XOL buffer 5c7c4131beade x86/microcode/AMD: Select which microcode patch to load 90c4cb136e398 NFSD: Remove NFSERR_EAGAIN 249d45ca97381 nfs_common: factor out nfs_errtbl and nfs_stat_to_errno 93a2e7eaf876d NFS: trace: show TIMEDOUT instead of 0x6e 21f8bc5179bed ALSA: ac97: fix a double free in snd_ac97_controller_register() 3b7c1a3805a51 ALSA: ac97bus: Use guard() for mutex locks a19df91b5b93b LoongArch: Add more instruction opcodes and emit_* helpers 029935507d0af arp: do not assume dev_hard_header() does not change skb->head 0d254b0a15f29 net: enetc: fix build warning when PAGE_SIZE is greater than 128K 93f18eaa19037 net: usb: pegasus: fix memory leak in update_eth_regs_async() 11bf9134613f6 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset 9be826178831c HID: quirks: work around VID/PID conflict for appledisplay 88bea149db205 net: fix memory leak in skb_segment_list for GRO packets 970a1ac90325f bnxt_en: Fix potential data corruption with HW GRO/LRO dc6f73f73ce88 net: wwan: iosm: Fix memory leak in ipc_mux_deinit() 81e7205b82a7f net/mlx5e: Don't print error message due to invalid module 0ab968d9c56bd netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates 582a5e922a965 net: sock: fix hardened usercopy panic in sock_recv_errqueue 874794fb4f3db inet: ping: Fix icmp out counting 2985712dc76df net: mscc: ocelot: Fix crash when adding interface under a lag 4c8facf028ec7 bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress 94e070cd50790 net: marvell: prestera: fix NULL dereference on devlink_alloc() failure 3cd717359e56f netfilter: nf_conncount: update last_gc only when GC has been performed c6cfd76700551 netfilter: nf_tables: fix memory leak in nf_tables_newrule() 76f4218bdadde gpio: pca953x: handle short interrupt pulses on PCAL devices 4d7652d1a3525 gpio: pca953x: Add support for level-triggered interrupts 26f64b3ee5172 gpio: pca953x: Utilise temporary variable for struct device 2a968d1fd7bd6 gpio: pca953x: Utilise dev_err_probe() where it makes sense 62ecdf65b8ab0 netfilter: nft_synproxy: avoid possible data-race on update operation 51ea246778e57 arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM b6600d9d893f6 ARM: dts: imx6q-ba16: fix RTC interrupt level 837fe3df68601 arm64: dts: add off-on-delay-us for usdhc2 regulator c6f7b3cf44856 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" cf73e6020b3d7 scsi: ufs: core: Fix EH failure after W-LUN resume error ac01c92333497 scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset afd993bababfe smb/client: fix NT_STATUS_NO_DATA_DETECTED value bbbc1a48f121a smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value ca9b4aaa7e63b smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value f18975f2cd41c NFS: Fix up the automount fs_context to use the correct cred f719a300eaa05 NFSv4: ensure the open stateid seqid doesn't go backwards af4fc583fd900 dm-snapshot: fix 'scheduling while atomic' on real-time kernels fc220dae3cf89 alpha: don't reference obsolete termio struct for TC* constants be3bc3d84a2a5 ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels 78faf283336dc csky: fix csky_cmpxchg_fixup not working 13159c7125636 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). 381261f24f4e4 NFSD: NFSv4 file creation neglects setting ACL 4c06b7cb87e5b nfsd: set security label during create operations d761a185f8950 nfsd: Fix NFSv3 atomicity bugs in nfsd_setattr() ab2b5755269cf nfsd: convert to new timestamp accessors 1310640f9ae92 net: Add locking to protect skb->dev access in ip_output 9c2f8a9b68024 ksm: use range-walk function to jump over holes in scan_get_next_rmap_item 4ebc711b738d1 libceph: make calc_target() set t->paused, not just clear it 90a60fe61908a libceph: reset sparse-read state in osd_fault() e097cd858196b libceph: return the handler error from mon_handle_auth_done() 8081faaf089db libceph: make free_choose_arg_map() resilient to partial allocation d3613770e2677 libceph: replace overzealous BUG_ON in osdmap_apply_incremental() ef208ea331ef6 libceph: prevent potential out-of-bounds reads in handle_auth_done() d21ec867d84c9 wifi: avoid kernel-infoleak from struct iw_point 16e107d586208 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping 7291ef23491f9 gpio: rockchip: mark the GPIO controller as sleeping e23882b11f8d3 drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] 526bd4bfa1206 drm/pl111: Fix error handling in pl111_amba_probe 1c5a3175aecf8 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag 8a1b8778b7868 counter: 104-quad-8: Fix incorrect return value in IRQ handler 84875a1d92243 lib/crypto: aes: Fix missing MMU protection for AES S-box e1e8d4973c1a7 mei: me: add nova lake point S DID a63998cd6687c btrfs: always detect conflicting inodes when logging inode refs 28b2a80560969 net: 3com: 3c59x: fix possible null dereference in vortex_probe1() 8f5211fc891d0 atm: Fix dma_free_coherent() size 06600719d0f7a nfsd: provide locking for v4_end_grace e15e59b5aa624 NFSD: Fix permission check for read access to executable-only files Signed-off-by: Bruce Ashfield Signed-off-by: Yoann Congal --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 0018061822d..3ad8bd54fa6 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "9f6b4d4c1c5963ea07d6fe904311cd53ad4c0258" -SRCREV_meta ?= "49d5ba17b4b5951f28957ba6891a14dd7b27ceee" +SRCREV_machine ?= "5a49ab75e554557c1d3665b22233c4de9a2c2a75" +SRCREV_meta ?= "17375dce1754d0783fb3fb9e684691951f9ff357" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.120" +LINUX_VERSION ?= "6.6.123" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index f4165c9ef49..50c8e69d5c0 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.120" +LINUX_VERSION ?= "6.6.123" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "9216b294019c150359dc667f9d3dbbde2c0a8a8a" -SRCREV_meta ?= "49d5ba17b4b5951f28957ba6891a14dd7b27ceee" +SRCREV_machine ?= "18a3ba79eed015d2cbd1f5af2c1417d12b369698" +SRCREV_meta ?= "17375dce1754d0783fb3fb9e684691951f9ff357" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 987c3218ec5..3f8b40e305b 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "bcbb707216e841d53386a3f1ccf9b09c62961791" -SRCREV_machine:qemuarm64 ?= "321d1a067132a921414fdfab332fb084d44096c2" -SRCREV_machine:qemuloongarch64 ?= "993fd928045661cd12c065d82461c47220c67cbc" -SRCREV_machine:qemumips ?= "669b6afdc64fdb78d06e1997fc077b31721460e0" -SRCREV_machine:qemuppc ?= "8c9e6ee3f14b711a63744f4fe3b1b7aaaee46a99" -SRCREV_machine:qemuriscv64 ?= "993fd928045661cd12c065d82461c47220c67cbc" -SRCREV_machine:qemuriscv32 ?= "993fd928045661cd12c065d82461c47220c67cbc" -SRCREV_machine:qemux86 ?= "993fd928045661cd12c065d82461c47220c67cbc" -SRCREV_machine:qemux86-64 ?= "993fd928045661cd12c065d82461c47220c67cbc" -SRCREV_machine:qemumips64 ?= "827304b327c277b699d94d8f861cde5f4b242b3f" -SRCREV_machine ?= "993fd928045661cd12c065d82461c47220c67cbc" -SRCREV_meta ?= "49d5ba17b4b5951f28957ba6891a14dd7b27ceee" +SRCREV_machine:qemuarm ?= "b562777a433f835ae245e08c27df6b47e3ae2505" +SRCREV_machine:qemuarm64 ?= "2df2455c7199cb8db4ea0118f908f952ff73eb97" +SRCREV_machine:qemuloongarch64 ?= "af240d7d57ebf66e87bc2dff34855e630a97ead1" +SRCREV_machine:qemumips ?= "6b9c16676cd4c8494ca7cdff355cb1cfe4d8fb3a" +SRCREV_machine:qemuppc ?= "bf3f6c731ea41e519389b24104458870475dce20" +SRCREV_machine:qemuriscv64 ?= "af240d7d57ebf66e87bc2dff34855e630a97ead1" +SRCREV_machine:qemuriscv32 ?= "af240d7d57ebf66e87bc2dff34855e630a97ead1" +SRCREV_machine:qemux86 ?= "af240d7d57ebf66e87bc2dff34855e630a97ead1" +SRCREV_machine:qemux86-64 ?= "af240d7d57ebf66e87bc2dff34855e630a97ead1" +SRCREV_machine:qemumips64 ?= "9fb8ff244fe5c5d6aa08457cfb9bbe4a3ef47366" +SRCREV_machine ?= "af240d7d57ebf66e87bc2dff34855e630a97ead1" +SRCREV_meta ?= "17375dce1754d0783fb3fb9e684691951f9ff357" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "c596736dadab2ffef4737fa8acbc1244557126ac" +SRCREV_machine:class-devupstream ?= "c56aaf1a85ae918dd521fb2869028cf533d2755a" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.120" +LINUX_VERSION ?= "6.6.123" PV = "${LINUX_VERSION}+git" From patchwork Tue Feb 24 14:31:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81761 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63A91F357CB for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21471.1771943582912773153 for ; Tue, 24 Feb 2026 06:33:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=aNr+3gR5; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48069a48629so57415945e9.0 for ; Tue, 24 Feb 2026 06:33:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943581; x=1772548381; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/TfIeYbwDYwq2jt5K0tEtbShIgKRu8f7OGmcyjLDVwM=; b=aNr+3gR5A5oSykGeCDVjt9phaMVlBSHbN2jEnOIlTuoOk5/x8eHNn2SdP/Rtvun6r2 N9QpvAG8sMvymZQneK6T7kyMhDNe5BuaPgATGyrpIHazm1pDbBTrL0KSB47VLcjMwxVi mkOpRoAKepXjnJxJTnxHXUq7qLV6kvKM841qo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943581; x=1772548381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/TfIeYbwDYwq2jt5K0tEtbShIgKRu8f7OGmcyjLDVwM=; b=OvBeHR9Qd5IEI5rkzCAvh3WFqO85RVwHXU+QzywYuFMurs+MrSKgp7ATNAh/kkvfgt +d91RG1qGN7ZPcYdLY2MI64mX5SmyV+MkZdASBIHRAXKIy73PoriSAhSuzJRKqQpVxrp Kv+STcch0yxKhPKs+HxYEAhXujf9Q/oaKp9U4avudC023LF9T1z+rc+2rvU09uHYpYhd PmQhwVY/oUTxselKPTfXKi7+SQBkYCpmAczP9WsP1S1kEL8YY+t6XNqWH5AqZ2crFB2/ AaIuapvMMFwrdm3aU1UhIULDxIwRhnUkkIvKOgzz4kurg8GdKFH4iu8UeQ8ah9P38G8i 8M2Q== X-Gm-Message-State: AOJu0Yxq5DtXhwf341w0MccWPhrRVXHjLrCS98MRsy3kPdzecTTQod6h Zp4XMQAKQouRtQ+Hqwg0RsFowVt46YHJ4cu4Y8Zyz5614TL50Ccik7LVkxxMBTPJnOuRSQPlRAW yZi6c X-Gm-Gg: AZuq6aKM3ZiGPATq5JVisfiQnsaQnR5ozCghsjhMlwHx86c27BrdHH71Sbl9UZJ8BAR jLL2eEGeJW1hB7FQFOqDEAd89n024fv8dYvBEIxcotiFKoZwuFmmM5j4bs3ce6w2pGDjWjJzalI SkLoStiMR30AJ12tdX73epSUDIQL9z1TNpVyP9Ou/LFKcWzn9ZzTQdNr7QnyglN6eZRPeTJuQah yaIL82hY4B81yf45Z7JFIal7LocGyUKG5ERC1Z6dbubps/xcLRqT/MDHNhdJ99JWw8vivk5QBuq 51P4mGtU7nnA6U8tZ04BqMamA3iuKSzD5OG/A/cHgJcrrWWh0gXoL/P5sdPMHn6ij9+pmKOgzjS 3r907Go59NSPgmUSwNzGwr7kd+zvXmieZAvlVz8RlTnvJyuYqrITQtEB6IF800GO83T0JXCrMbx mG1D767YGrDRXVNNbHsy15VTJVrjxBzaD1HTRkfaozZVYqv2tKe4Adp1q+Y5R7yRgvsIy11d4Tg GHnJMrt6b4vRpsFCQC7bz5tUO5PPTTBTQ== X-Received: by 2002:a05:600c:1e28:b0:477:5af7:6fa with SMTP id 5b1f17b1804b1-483a95fe96bmr181369315e9.32.1771943580877; Tue, 24 Feb 2026 06:33:00 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.32.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:00 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 18/44] weston: fix a touch-calibrator issue Date: Tue, 24 Feb 2026 15:31:46 +0100 Message-ID: <8628c7199caf78c6a8da4b23132d60e86939da49.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231825 From: Ming Liu touch-calibrator of weston 13.0.1 does not work, backport the fix from upstream: https://gitlab.freedesktop.org/wayland/weston/-/commit/a5c5702112a9ccbf6abbbaac6078982f5f84bb2e this issue only impact weston 13.0.1, has been fixed in 14.0.1. Signed-off-by: Ming Liu Signed-off-by: Yoann Congal --- ...ator-Regularise-surface-view-mapping.patch | 78 +++++++++++++++++++ .../recipes-graphics/wayland/weston_13.0.1.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta/recipes-graphics/wayland/weston/0001-touch-calibrator-Regularise-surface-view-mapping.patch diff --git a/meta/recipes-graphics/wayland/weston/0001-touch-calibrator-Regularise-surface-view-mapping.patch b/meta/recipes-graphics/wayland/weston/0001-touch-calibrator-Regularise-surface-view-mapping.patch new file mode 100644 index 00000000000..36e74fbfdef --- /dev/null +++ b/meta/recipes-graphics/wayland/weston/0001-touch-calibrator-Regularise-surface-view-mapping.patch @@ -0,0 +1,78 @@ +From a5c5702112a9ccbf6abbbaac6078982f5f84bb2e Mon Sep 17 00:00:00 2001 +From: Daniel Stone +Date: Thu, 23 Nov 2023 16:44:10 +0000 +Subject: [PATCH] touch-calibrator: Regularise surface/view mapping + +Upstream-Status: Backport [https://gitlab.freedesktop.org/wayland/weston/-/commit/a5c5702112a9ccbf6abbbaac6078982f5f84bb2e] + +Manually mark the surface as mapped exactly once - in the committed +handler where we have our content, and assert that it's correct when we +want to use the surface by instantiating a view. + +The view handling can be made much more simple by simply using the new +view helpers. + +Signed-off-by: Daniel Stone +Signed-off-by: Ming Liu +--- + libweston/touch-calibration.c | 22 ++++++++++++---------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +diff --git a/libweston/touch-calibration.c b/libweston/touch-calibration.c +index 45689ddd..f4c9366a 100644 +--- a/libweston/touch-calibration.c ++++ b/libweston/touch-calibration.c +@@ -189,6 +189,7 @@ map_calibrator(struct weston_touch_calibrator *calibrator) + assert(calibrator->output); + assert(calibrator->surface); + assert(calibrator->surface->resource); ++ assert(weston_surface_is_mapped(calibrator->surface)); + + calibrator->view = weston_view_create(calibrator->surface); + if (!calibrator->view) { +@@ -196,17 +197,9 @@ map_calibrator(struct weston_touch_calibrator *calibrator) + return; + } + +- weston_layer_entry_insert(&c->calibrator_layer.view_list, +- &calibrator->view->layer_link); +- + weston_view_set_position(calibrator->view, calibrator->output->pos); +- calibrator->view->output = calibrator->surface->output; +- calibrator->view->is_mapped = true; +- +- calibrator->surface->output = calibrator->output; +- weston_surface_map(calibrator->surface); +- +- weston_output_schedule_repaint(calibrator->output); ++ weston_view_move_to_layer(calibrator->view, ++ &c->calibrator_layer.view_list); + + device->ops->get_calibration(device, &device->saved_calibration); + device->ops->set_calibration(device, &identity); +@@ -260,6 +253,13 @@ touch_calibrator_surface_committed(struct wl_listener *listener, void *data) + wl_list_remove(&calibrator->surface_commit_listener.link); + wl_list_init(&calibrator->surface_commit_listener.link); + ++ if (!weston_surface_has_content(surface)) { ++ wl_resource_post_error(calibrator->resource, ++ WESTON_TOUCH_CALIBRATOR_ERROR_BAD_SIZE, ++ "calibrator surface size has no content"); ++ return; ++ } ++ + if (surface->width != calibrator->output->width || + surface->height != calibrator->output->height) { + wl_resource_post_error(calibrator->resource, +@@ -268,6 +268,8 @@ touch_calibrator_surface_committed(struct wl_listener *listener, void *data) + return; + } + ++ weston_surface_map(surface); ++ + weston_compositor_set_touch_mode_calib(calibrator->compositor); + /* results in call to touch_calibrator_mode_changed() */ + } +-- +2.43.0 + diff --git a/meta/recipes-graphics/wayland/weston_13.0.1.bb b/meta/recipes-graphics/wayland/weston_13.0.1.bb index d8f0279b657..d2e0383287f 100644 --- a/meta/recipes-graphics/wayland/weston_13.0.1.bb +++ b/meta/recipes-graphics/wayland/weston_13.0.1.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d79ee9e66bb0f95d3386a7acae780b70 \ SRC_URI = "https://gitlab.freedesktop.org/wayland/weston/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \ file://0001-libweston-tools-Include-libgen.h-for-basename-signat.patch \ file://0001-vnc-Allow-neatvnc-in-version-0.8.0.patch \ + file://0001-touch-calibrator-Regularise-surface-view-mapping.patch \ file://weston.png \ file://weston.desktop \ file://xwayland.weston-start \ From patchwork Tue Feb 24 14:31:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81764 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2F1DE9B27F for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21673.1771943583798013058 for ; Tue, 24 Feb 2026 06:33:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=GMSNYhTW; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-4806f3fc50bso63362575e9.0 for ; Tue, 24 Feb 2026 06:33:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943582; x=1772548382; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xNsoU2ML92EGChbdALC9tukHlov5WUNc41WJ0IQ/rx8=; b=GMSNYhTWVUwssL+KGNwV+ZuHbArMVyJTqKkLchQlbo4QPSSKJg0++On10AUOAZRvzj FOU88WB0jdOPTDb0mTO7/ogqe2LuNpVQPUGUQS0+uRNK+GbBRXT/Hr/qzxzaxyoMdtIY Yfjn7fQ1QEsPug+EDHBsSp53I8hVz2dZdzOHU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943582; x=1772548382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=xNsoU2ML92EGChbdALC9tukHlov5WUNc41WJ0IQ/rx8=; b=gvmv1CE83HKseTbW7FFyog4Y18KxEeptl2TdicuUKh3RHNG2rHplwSHwyToxd819ol gC5tgzm99qODvEyv3npAbqYbju4DOWHv5CQ8PXFCufnhIjj9DJtCuPjSIpC4Fk4vziuy 2stwR39efep22MT6nMdznluSg00UhcWGIR3pGxe/d5HnzH2P1wF0abxL5ZAZtoSi216A 66Wsx01QQ4JxlIbwu560OE/s8xUbBjrbF3HIKwk8JpYoMQVbDPOCCT7nMUGfy3Zhuq9l 9gYm5cBwKP5EpCPV6V1hWPeDj9SEmyqm5HHH9WSThrreTF67xT2MN2CmnKY6Bb/tm2mT nBgg== X-Gm-Message-State: AOJu0YyMlJYDG5UUgcn9GmnSpdJsEBIFPJ2ElLOkaKWkZ6qqLMghxpfe ra6l46j3w9in/wSUbse5Kcnn/UFyNOX7zOGGDcTZ2ll1AITWDoZlNlvuGEC7OdUCtjrdK6FUvFf XXtql X-Gm-Gg: AZuq6aKjFpzRR2lpjcDJmrJ4e+ELT3C/F3QiQPvvGe/rggchAoa8FUUDDsuweQ+Pf4q EKHVtl2QA2y2HqszjuZuMmSGoBocsC0p2v3qD3l8yv8YnaA6NnZHugPNNDze0S2nlEIu1D5zMHq FmxvhVqn9x38IXiz3M+aXSym/F60T2ElUWUdPrjahNmoaCDVlueIVmyVzeVLoIEhMyUc0CCcnhz JoanDHOMucRrgmaeRVNsBmYIr37c1tIaZCiokm+APTvONEh/Kwaeg2f1pteyA7U5x5tnA7ukhqW JX502bRguB6WLVIJjGl7DyGUyAYILzu/Gy2iutCYgiAKUrxYR9vGICgARb7u++RHB6kh27OUsVm KcTVd2V/7eTCS/hBx+mcFkwoUm+wblNZPIRJFQzF67NMfWbFsPWafxhuBpc5rl0OevHCTxnjS0j eKAKIL0jRD0Q8jD9Mi16uIvmsx80rFPNbYouHn8LrLSUP9CFu5zlBk6ysBo5ydsk7f5qr2GECAw gW6tOMPqRAfyoDl29UlN0tQXyzyxWaHcA== X-Received: by 2002:a05:600c:3b10:b0:483:43da:6c87 with SMTP id 5b1f17b1804b1-483a963d603mr185657315e9.33.1771943581929; Tue, 24 Feb 2026 06:33:01 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:01 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 19/44] libevent: merge inherit statements Date: Tue, 24 Feb 2026 15:31:47 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231826 From: Pratik Farkase Merge the separate inherit statements into a single one for improved readability and consistency with OE style. No functional change intended. Signed-off-by: Pratik Farkase Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 99792ab6ba188a7623804e587edf8de23690ad3f) Signed-off-by: Yoann Congal --- meta/recipes-support/libevent/libevent_2.1.12.bb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/meta/recipes-support/libevent/libevent_2.1.12.bb b/meta/recipes-support/libevent/libevent_2.1.12.bb index 25388fb4d7f..58502edc32c 100644 --- a/meta/recipes-support/libevent/libevent_2.1.12.bb +++ b/meta/recipes-support/libevent/libevent_2.1.12.bb @@ -28,13 +28,11 @@ S = "${WORKDIR}/${BPN}-${PV}-stable" PACKAGECONFIG ??= "" PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl" -inherit autotools github-releases +inherit autotools github-releases ptest multilib_header # Needed for Debian packaging LEAD_SONAME = "libevent-2.1.so" -inherit ptest multilib_header - DEPENDS = "zlib" PACKAGES_DYNAMIC = "^${PN}-.*$" From patchwork Tue Feb 24 14:31:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81766 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D827BEF06E0 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21675.1771943585053941517 for ; Tue, 24 Feb 2026 06:33:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=O6r4Vz9H; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4834826e5a0so69579305e9.2 for ; Tue, 24 Feb 2026 06:33:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943583; x=1772548383; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EsIndrrT5oMuxQjGJLDTrNlNSbjY+chXUd4Xncsv6ro=; b=O6r4Vz9HHQ36XQ38x0ydn+2G0ubEcpAq9E8cDIzKgywAqEr66DIHuvwv+rTf6qkzNw 1mEAtHoEMdGw0TvyQY15tvZsv3j8I0aE8HwLnzkOjmbDQkrRemXSdXX2a/rlmFrji93i a+HzS1vwwLIn211O3V1VQalc/KQaTFS/2nfRY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943583; x=1772548383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=EsIndrrT5oMuxQjGJLDTrNlNSbjY+chXUd4Xncsv6ro=; b=RTkHUG+JYeNv7G/bruQ3Kik4KO20bnuHEN64oQB1J5DlAHSdied+KOqBy0fMeJkhHl 6SrAybZr6g6Hktw4Z6lZK6ezeoiHl8AF8I+ThkbDS75dhsuQ9AV7P8mYvH0MHgRAX3Z0 OurU3+YeupxY0fxGzFR69BR3wehdlAQlogxR8uN4SQ1rujp/qRPlRi9mSh7n0MeAoLbC sHaa4+CaVOm+8lvwDYyz00JzscDCQSy1dKZtrqry6/l5KmSTla8CpsShs4TR/rXf4Aih tDHqO1I/lkVTJ+7t/vjLJEXkFtfP5albTOzzgCvrixBonGo9MLjpqN9UxtSv4YarVlYt TtFQ== X-Gm-Message-State: AOJu0Yzyi4czVqdBHct+rEv8c5GuxOVPle3hgYdiW0KZ0DaXoO8oEbh0 H3QYQoXEQ4EXq843vbWX3k0PlGd5sosEZtHOeraoNNuAi64QznOJRkGEDcA8IrKGEEZONH1BEJ3 jbOhL X-Gm-Gg: AZuq6aJ9kSz9J/kwTVIAagMADXQeAmm63bFCU/jHasko8UD8DnKqm4B9x5os2bCdtqb ofDb8Ggz4L8YwHKGb+BBbVJhQGmD+uxkbH5XrwdJ29yu27BTOHY2VHGjAd7Gs30pnbZLVV4eNNP +SClWzhWNCPkxZypkRJ0N4hZnHRWg+u1+dGrB+eshQy4NNhpbX9ORZh9ynUONGT9S7uDZmK7WDm TmJUKaiLpPCW+H5yJWJnNinvyLjTKO+Lj7wTaPc9/4fOrfajmCxfmCStLbzDhuq9zQtgN4WfC2H tMStjEigDRJ+fNfXfyLjwEWKE5D5qXXAwUSrQ5SttJFZcqmLvVIrSRr48ujuLWBTr62SdcExR19 +BA7v6msblYyegTYhY9Ya4DXmC+Xok5s5fpNY1FZkB0AGQEl/wSXvk4D9emOiieyFr1DxpcAWxo az80Ubd8G2vabGfF+K6K2SRObXvEx/mu7wsMuV760UBUEMqebNHs70lojVNPR6n3NJKf7K9dg+W hOvIBQQu8l16/+vmWCSCMlPvNzRNxip9A== X-Received: by 2002:a05:600c:6291:b0:477:8985:4036 with SMTP id 5b1f17b1804b1-483a95b5a7dmr205584025e9.1.1771943582881; Tue, 24 Feb 2026 06:33:02 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:02 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 20/44] go 1.22.12: Fix CVE-2025-61730 Date: Tue, 24 Feb 2026 15:31:48 +0100 Message-ID: <4d4f6d196afcfa3bfde0f8ea161e73b82395ab11.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231827 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-61730 Type: Security Fix CVE: CVE-2025-61730 Score: 4.2 Patch: https://github.com/golang/go/commit/ad2cd043db66 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-61730.patch | 460 ++++++++++++++++++ 2 files changed, 461 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61730.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index ca5016c2f56..e9a1803252e 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -31,6 +31,7 @@ SRC_URI += "\ file://CVE-2025-61724.patch \ file://CVE-2025-61727.patch \ file://CVE-2025-61729.patch \ + file://CVE-2025-61730.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-61730.patch b/meta/recipes-devtools/go/go/CVE-2025-61730.patch new file mode 100644 index 00000000000..b7234e6bf23 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-61730.patch @@ -0,0 +1,460 @@ +From 2cfa797798cc982973d194eca3be19fb1f092556 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 24 Nov 2025 14:03:10 -0800 +Subject: [PATCH] [release-branch.go1.24] crypto/tls: reject trailing messages + after client/server hello + +For TLS 1.3, after procesesing the server/client hello, if there isn't a +CCS message, reject the trailing messages which were appended to the +hello messages. This prevents an on-path attacker from injecting +plaintext messages into the handshake. + +Additionally, check that we don't have any buffered messages before we +switch the read traffic secret regardless, since any buffered messages +would have been under an old key which is no longer appropriate. + +We also invert the ordering of setting the read/write secrets so that if +we fail when changing the read secret we send the alert using the +correct write secret. + +Updates #76443 +Fixes #76854 +Fixes CVE-2025-61730 + +CVE: CVE-2025-61730 +Upstream-Status: Backport [https://github.com/golang/go/commit/ad2cd043db66] + +Backport Changes: +- In version 1.24, the doHelloRetryRequest function defined in handshake_server_tls13.go + returns keyshare and error, but in version 1.22 it only returns error. The backport + was adjusted accordingly and These changes were introduced by commit + https://github.com/golang/go/commit/d0edd9acc80a in version 1.24. +- In file src/crypto/tls/handshake_server_tls13.go, Replaced the function call + hs.handshakeSecret.ClientHandshakeTrafficSecret(hs.transcript) with + hs.suite.deriveSecret(hs.handshakeSecret, clientHandshakeTrafficLabel, hs.transcript). + This change is not present in version v1.22 and it was introduced by commit + https://github.com/golang/go/commit/743746a3a52d in version 1.24. + +Change-Id: If6ba8ad16f48d5cd5db5574824062ad4244a5b52 +Reviewed-on: https://go-review.googlesource.com/c/go/+/724120 +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Michael Knyszek +Reviewed-by: Daniel McCarney +Reviewed-by: Coia Prant +(cherry picked from commit 5046bdf8a612b35a2c1a9e168054c1d5c65e7dd7) +Reviewed-on: https://go-review.googlesource.com/c/go/+/731961 +Reviewed-by: Damien Neil +(cherry picked from commit ad2cd043db66cd36e1f55359638729d2c8ff3d99) +Signed-off-by: Deepak Rathore +--- + src/crypto/tls/conn.go | 39 ++++++- + src/crypto/tls/handshake_client_tls13.go | 22 ++-- + src/crypto/tls/handshake_server_tls13.go | 39 ++++--- + src/crypto/tls/handshake_test.go | 140 +++++++++++++++++++++++ + src/crypto/tls/quic.go | 11 +- + 5 files changed, 219 insertions(+), 32 deletions(-) + +diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go +index 0e4669866e..08609ce17b 100644 +--- a/src/crypto/tls/conn.go ++++ b/src/crypto/tls/conn.go +@@ -225,6 +225,9 @@ func (hc *halfConn) changeCipherSpec() error { + return nil + } + ++// setTrafficSecret sets the traffic secret for the given encryption level. setTrafficSecret ++// should not be called directly, but rather through the Conn setWriteTrafficSecret and ++// setReadTrafficSecret wrapper methods. + func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) { + hc.trafficSecret = secret + hc.level = level +@@ -1321,9 +1324,6 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error { + return c.in.setErrorLocked(c.sendAlert(alertInternalError)) + } + +- newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret) +- c.in.setTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret) +- + if keyUpdate.updateRequested { + c.out.Lock() + defer c.out.Unlock() +@@ -1341,7 +1341,12 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error { + } + + newSecret := cipherSuite.nextTrafficSecret(c.out.trafficSecret) +- c.out.setTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret) ++ c.setWriteTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret) ++ } ++ ++ newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret) ++ if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret); err != nil { ++ return err + } + + return nil +@@ -1572,7 +1577,9 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) { + // Provide the 1-RTT read secret now that the handshake is complete. + // The QUIC layer MUST NOT decrypt 1-RTT packets prior to completing + // the handshake (RFC 9001, Section 5.7). +- c.quicSetReadSecret(QUICEncryptionLevelApplication, c.cipherSuite, c.in.trafficSecret) ++ if err := c.quicSetReadSecret(QUICEncryptionLevelApplication, c.cipherSuite, c.in.trafficSecret); err != nil { ++ return err ++ } + } else { + var a alert + c.out.Lock() +@@ -1664,3 +1671,25 @@ func (c *Conn) VerifyHostname(host string) error { + } + return c.peerCertificates[0].VerifyHostname(host) + } ++ ++// setReadTrafficSecret sets the read traffic secret for the given encryption level. If ++// being called at the same time as setWriteTrafficSecret, the caller must ensure the call ++// to setWriteTrafficSecret happens first so any alerts are sent at the write level. ++func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) error { ++ // Ensure that there are no buffered handshake messages before changing the ++ // read keys, since that can cause messages to be parsed that were encrypted ++ // using old keys which are no longer appropriate. ++ if c.hand.Len() != 0 { ++ c.sendAlert(alertUnexpectedMessage) ++ return errors.New("tls: handshake buffer not empty before setting read traffic secret") ++ } ++ c.in.setTrafficSecret(suite, level, secret) ++ return nil ++} ++ ++// setWriteTrafficSecret sets the write traffic secret for the given encryption level. If ++// being called at the same time as setReadTrafficSecret, the caller must ensure the call ++// to setWriteTrafficSecret happens first so any alerts are sent at the write level. ++func (c *Conn) setWriteTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) { ++ c.out.setTrafficSecret(suite, level, secret) ++} +diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go +index 2f59f6888c..68ff92beda 100644 +--- a/src/crypto/tls/handshake_client_tls13.go ++++ b/src/crypto/tls/handshake_client_tls13.go +@@ -393,17 +393,18 @@ func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error { + + clientSecret := hs.suite.deriveSecret(handshakeSecret, + clientHandshakeTrafficLabel, hs.transcript) +- c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret) ++ c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret) + serverSecret := hs.suite.deriveSecret(handshakeSecret, + serverHandshakeTrafficLabel, hs.transcript) +- c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret) ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret); err != nil { ++ return err ++ } + + if c.quic != nil { +- if c.hand.Len() != 0 { +- c.sendAlert(alertUnexpectedMessage) +- } + c.quicSetWriteSecret(QUICEncryptionLevelHandshake, hs.suite.id, clientSecret) +- c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, serverSecret) ++ if err := c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, serverSecret); err != nil { ++ return err ++ } + } + + err = c.config.writeKeyLog(keyLogLabelClientHandshake, hs.hello.random, clientSecret) +@@ -606,7 +607,9 @@ func (hs *clientHandshakeStateTLS13) readServerFinished() error { + clientApplicationTrafficLabel, hs.transcript) + serverSecret := hs.suite.deriveSecret(hs.masterSecret, + serverApplicationTrafficLabel, hs.transcript) +- c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret) ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret); err != nil { ++ return err ++ } + + err = c.config.writeKeyLog(keyLogLabelClientTraffic, hs.hello.random, hs.trafficSecret) + if err != nil { +@@ -702,7 +705,7 @@ func (hs *clientHandshakeStateTLS13) sendClientFinished() error { + return err + } + +- c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret) ++ c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret) + + if !c.config.SessionTicketsDisabled && c.config.ClientSessionCache != nil { + c.resumptionSecret = hs.suite.deriveSecret(hs.masterSecret, +@@ -710,9 +713,6 @@ func (hs *clientHandshakeStateTLS13) sendClientFinished() error { + } + + if c.quic != nil { +- if c.hand.Len() != 0 { +- c.sendAlert(alertUnexpectedMessage) +- } + c.quicSetWriteSecret(QUICEncryptionLevelApplication, hs.suite.id, hs.trafficSecret) + } + +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index 21d798de37..5aa69e9640 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -380,7 +380,9 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { + return err + } + earlyTrafficSecret := hs.suite.deriveSecret(hs.earlySecret, clientEarlyTrafficLabel, transcript) +- c.quicSetReadSecret(QUICEncryptionLevelEarly, hs.suite.id, earlyTrafficSecret) ++ if err := c.quicSetReadSecret(QUICEncryptionLevelEarly, hs.suite.id, earlyTrafficSecret); err != nil { ++ return err ++ } + } + + c.didResume = true +@@ -477,6 +479,14 @@ func (hs *serverHandshakeStateTLS13) sendDummyChangeCipherSpec() error { + func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) error { + c := hs.c + ++ // Make sure the client didn't send extra handshake messages alongside ++ // their initial client_hello. If they sent two client_hello messages, ++ // we will consume the second before they respond to the server_hello. ++ if c.hand.Len() != 0 { ++ c.sendAlert(alertUnexpectedMessage) ++ return errors.New("tls: handshake buffer not empty before HelloRetryRequest") ++ } ++ + // The first ClientHello gets double-hashed into the transcript upon a + // HelloRetryRequest. See RFC 8446, Section 4.4.1. + if err := transcriptMsg(hs.clientHello, hs.transcript); err != nil { +@@ -615,19 +625,20 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { + hs.handshakeSecret = hs.suite.extract(hs.sharedKey, + hs.suite.deriveSecret(earlySecret, "derived", nil)) + +- clientSecret := hs.suite.deriveSecret(hs.handshakeSecret, +- clientHandshakeTrafficLabel, hs.transcript) +- c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret) + serverSecret := hs.suite.deriveSecret(hs.handshakeSecret, + serverHandshakeTrafficLabel, hs.transcript) +- c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret) ++ c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret) ++ clientSecret := hs.suite.deriveSecret(hs.handshakeSecret, ++ clientHandshakeTrafficLabel, hs.transcript) ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret); err != nil { ++ return err ++ } + + if c.quic != nil { +- if c.hand.Len() != 0 { +- c.sendAlert(alertUnexpectedMessage) +- } + c.quicSetWriteSecret(QUICEncryptionLevelHandshake, hs.suite.id, serverSecret) +- c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, clientSecret) ++ if err := c.quicSetReadSecret(QUICEncryptionLevelHandshake, hs.suite.id, clientSecret); err != nil { ++ return err ++ } + } + + err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.clientHello.random, clientSecret) +@@ -751,13 +762,9 @@ func (hs *serverHandshakeStateTLS13) sendServerFinished() error { + clientApplicationTrafficLabel, hs.transcript) + serverSecret := hs.suite.deriveSecret(hs.masterSecret, + serverApplicationTrafficLabel, hs.transcript) +- c.out.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret) ++ c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret) + + if c.quic != nil { +- if c.hand.Len() != 0 { +- // TODO: Handle this in setTrafficSecret? +- c.sendAlert(alertUnexpectedMessage) +- } + c.quicSetWriteSecret(QUICEncryptionLevelApplication, hs.suite.id, serverSecret) + } + +@@ -992,7 +999,9 @@ func (hs *serverHandshakeStateTLS13) readClientFinished() error { + return errors.New("tls: invalid client finished hash") + } + +- c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret) ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret); err != nil { ++ return err ++ } + + return nil + } +diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go +index 27ab19ef31..4991a0e69b 100644 +--- a/src/crypto/tls/handshake_test.go ++++ b/src/crypto/tls/handshake_test.go +@@ -6,6 +6,7 @@ package tls + + import ( + "bufio" ++ "context" + "crypto/ed25519" + "crypto/x509" + "encoding/hex" +@@ -533,3 +534,142 @@ var clientEd25519KeyPEM = testingKey(` + -----BEGIN TESTING KEY----- + MC4CAQAwBQYDK2VwBCIEINifzf07d9qx3d44e0FSbV4mC/xQxT644RRbpgNpin7I + -----END TESTING KEY-----`) ++ ++func TestServerHelloTrailingMessage(t *testing.T) { ++ // In TLS 1.3 the change cipher spec message is optional. If a CCS message ++ // is not sent, after reading the ServerHello, the read traffic secret is ++ // set, and all following messages must be encrypted. If the server sends ++ // additional unencrypted messages in a record with the ServerHello, the ++ // client must either fail or ignore the additional messages. ++ ++ c, s := localPipe(t) ++ go func() { ++ ctx := context.Background() ++ srv := Server(s, testConfig) ++ clientHello, _, err := srv.readClientHello(ctx) ++ if err != nil { ++ testFatal(t, err) ++ } ++ ++ hs := serverHandshakeStateTLS13{ ++ c: srv, ++ ctx: ctx, ++ clientHello: clientHello, ++ } ++ if err := hs.processClientHello(); err != nil { ++ testFatal(t, err) ++ } ++ if err := transcriptMsg(hs.clientHello, hs.transcript); err != nil { ++ testFatal(t, err) ++ } ++ ++ record, err := concatHandshakeMessages(hs.hello, &encryptedExtensionsMsg{alpnProtocol: "h2"}) ++ if err != nil { ++ testFatal(t, err) ++ } ++ ++ if _, err := s.Write(record); err != nil { ++ testFatal(t, err) ++ } ++ srv.Close() ++ }() ++ ++ cli := Client(c, testConfig) ++ expectedErr := "tls: handshake buffer not empty before setting read traffic secret" ++ if err := cli.Handshake(); err == nil { ++ t.Fatal("expected error from incomplete handshake, got nil") ++ } else if err.Error() != expectedErr { ++ t.Fatalf("expected error %q, got %q", expectedErr, err.Error()) ++ } ++} ++ ++func TestClientHelloTrailingMessage(t *testing.T) { ++ // Same as TestServerHelloTrailingMessage but for the client side. ++ ++ c, s := localPipe(t) ++ go func() { ++ cli := Client(c, testConfig) ++ ++ hello, _, _, err := cli.makeClientHello() ++ if err != nil { ++ testFatal(t, err) ++ } ++ ++ record, err := concatHandshakeMessages(hello, &certificateMsgTLS13{}) ++ if err != nil { ++ testFatal(t, err) ++ } ++ ++ if _, err := c.Write(record); err != nil { ++ testFatal(t, err) ++ } ++ cli.Close() ++ }() ++ ++ srv := Server(s, testConfig) ++ expectedErr := "tls: handshake buffer not empty before setting read traffic secret" ++ if err := srv.Handshake(); err == nil { ++ t.Fatal("expected error from incomplete handshake, got nil") ++ } else if err.Error() != expectedErr { ++ t.Fatalf("expected error %q, got %q", expectedErr, err.Error()) ++ } ++} ++ ++func TestDoubleClientHelloHRR(t *testing.T) { ++ // If a client sends two ClientHello messages in a single record, and the ++ // server sends a HRR after reading the first ClientHello, the server must ++ // either fail or ignore the trailing ClientHello. ++ ++ c, s := localPipe(t) ++ ++ go func() { ++ cli := Client(c, testConfig) ++ ++ hello, _, _, err := cli.makeClientHello() ++ if err != nil { ++ testFatal(t, err) ++ } ++ hello.keyShares = nil ++ ++ record, err := concatHandshakeMessages(hello, hello) ++ if err != nil { ++ testFatal(t, err) ++ } ++ ++ if _, err := c.Write(record); err != nil { ++ testFatal(t, err) ++ } ++ cli.Close() ++ }() ++ ++ srv := Server(s, testConfig) ++ expectedErr := "tls: handshake buffer not empty before HelloRetryRequest" ++ if err := srv.Handshake(); err == nil { ++ t.Fatal("expected error from incomplete handshake, got nil") ++ } else if err.Error() != expectedErr { ++ t.Fatalf("expected error %q, got %q", expectedErr, err.Error()) ++ } ++} ++ ++// concatHandshakeMessages marshals and concatenates the given handshake ++// messages into a single record. ++func concatHandshakeMessages(msgs ...handshakeMessage) ([]byte, error) { ++ var marshalled []byte ++ for _, msg := range msgs { ++ data, err := msg.marshal() ++ if err != nil { ++ return nil, err ++ } ++ marshalled = append(marshalled, data...) ++ } ++ m := len(marshalled) ++ outBuf := make([]byte, recordHeaderLen) ++ outBuf[0] = byte(recordTypeHandshake) ++ vers := VersionTLS12 ++ outBuf[1] = byte(vers >> 8) ++ outBuf[2] = byte(vers) ++ outBuf[3] = byte(m >> 8) ++ outBuf[4] = byte(m) ++ outBuf = append(outBuf, marshalled...) ++ return outBuf, nil ++} +diff --git a/src/crypto/tls/quic.go b/src/crypto/tls/quic.go +index 3518169bf7..aa14f1dadb 100644 +--- a/src/crypto/tls/quic.go ++++ b/src/crypto/tls/quic.go +@@ -323,13 +323,22 @@ func (c *Conn) quicReadHandshakeBytes(n int) error { + return nil + } + +-func (c *Conn) quicSetReadSecret(level QUICEncryptionLevel, suite uint16, secret []byte) { ++func (c *Conn) quicSetReadSecret(level QUICEncryptionLevel, suite uint16, secret []byte) error { ++ // Ensure that there are no buffered handshake messages before changing the ++ // read keys, since that can cause messages to be parsed that were encrypted ++ // using old keys which are no longer appropriate. ++ // TODO(roland): we should merge this check with the similar one in setReadTrafficSecret. ++ if c.hand.Len() != 0 { ++ c.sendAlert(alertUnexpectedMessage) ++ return errors.New("tls: handshake buffer not empty before setting read traffic secret") ++ } + c.quic.events = append(c.quic.events, QUICEvent{ + Kind: QUICSetReadSecret, + Level: level, + Suite: suite, + Data: secret, + }) ++ return nil + } + + func (c *Conn) quicSetWriteSecret(level QUICEncryptionLevel, suite uint16, secret []byte) { +-- +2.35.6 From patchwork Tue Feb 24 14:31:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81762 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9208E9B27E for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21676.1771943585693108773 for ; Tue, 24 Feb 2026 06:33:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Q5Ntbk+w; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4838c15e3cbso49027915e9.3 for ; Tue, 24 Feb 2026 06:33:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943584; x=1772548384; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ctX/uba/w5V5bd43EGyKRU3UancUJEyNTbums186E0k=; b=Q5Ntbk+wkPE96aUSa150nWqmAjLDOcG0hlY1Z1Vlj23QXaQn7tuAcUy/MHd4UKpaNB c/e84gPGUb5cyyarF7vyx5h88A7ulkHOgmb2jawkG3K85hWzGkGmxzVFxNeX6/XhJi58 efT5Z32CnBEVm66zKKaKpKOmDBjCba7cf1EpE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943584; x=1772548384; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ctX/uba/w5V5bd43EGyKRU3UancUJEyNTbums186E0k=; b=M0432RPQ2pGNlLxOUm+ZPFzWm48edD55WeacMDq/3AFKeAE/VBj8ZhsVIq1HlMpovY lNitMDxG1PxPvlQj72SB49PfiZn+3kLC1q0YTZawzPWpvRDfZLJQ4Dg80cPBJ4W5Iezk hZ6T1P09qkJTKFb5a7INYJVBcMz38yZNEknHvS+zvcqNaIU5Tm6C2HTiigK8kNFy+0vU T3+osE74AI8iq4lN0KgR1Iqsyy/6jiza7HpjBZ4p0AMG/YQ0pD8fiLDXTvhg0o9PCM0o AQSIWTzsynR/LduMZAgvhVPboy4USIxuwJl3qhVS/xTpIA3ICBvb+/25t86I0bkAXywq xxqw== X-Gm-Message-State: AOJu0YxpKjU2qqGxkISQ3ZxT1kWW8uvdAT3FdLIkgwgIGKXBhPh2e0Wl Iz6B6s9hUapQj04yRp4LmLu3gen2Hdkrig4VdomQ+o7S7GMUUamMdUj+s3olf07CW7rQkOy0iEZ ftMoB X-Gm-Gg: AZuq6aLpnXBs0x4irwxNJQM2PprXYKa3ilplxuQzGaR35amEHv1d546z0tgHWcN01DA fgeZrNghRLO6RNa0QKqPP9+RzrfNw+My4EdLwIeLbxKY8R3Wlj6ABW3lRQJpcajLNfGe9pVHf++ xncXCyNgtYMmz2IId8R/SexKlvA4uit8cLo/a/XUbw7htfqWwjag2J/tUX5SY0Eq+YvzkABKPkd WhBQnub6wqJYvrNbp4rj0yrw5drvHkL+ambvWY5SipzdlRMmbPJ1kiir+Lyks+pIBbD5gmt5Y+J +3ERcr3fSDi0ds+hqQ3SSHhXAi58QqPTPYJ6Oa/ARFFATxES55yaZJj8MVi5MqPTVPPampXnzZy ZCyRvVGcPGa+XoqV535HUNv52BObJdLEJh/LGXREJJW8/wSTftnseLIajpIhKkF5+w7naR8hlH8 eCI6oB+/4/ua0ulECAmzGVuDydT9UWvz3Y8xwkFEV+dOzKZEGgRlcouJqamu0yVAWNJh/S0LyBe QQ0bHwLC8SQSS1BvN6eLhX3/J73fQsP34+JhV84cur2 X-Received: by 2002:a05:600c:a49:b0:483:7631:befa with SMTP id 5b1f17b1804b1-483a95eb5e6mr235801755e9.5.1771943583676; Tue, 24 Feb 2026 06:33:03 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:03 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 21/44] go 1.22.12: Fix CVE-2025-61726 Date: Tue, 24 Feb 2026 15:31:49 +0100 Message-ID: <7949d623c3129bc81c13c0f1dd438cd69eeb48c7.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231828 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Type: Security Fix CVE: CVE-2025-61726 Score: 7.5 Patch: https://github.com/golang/go/commit/85c794ddce26 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-61726.patch | 196 ++++++++++++++++++ 2 files changed, 197 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61726.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index e9a1803252e..46f6ef5d8fe 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -32,6 +32,7 @@ SRC_URI += "\ file://CVE-2025-61727.patch \ file://CVE-2025-61729.patch \ file://CVE-2025-61730.patch \ + file://CVE-2025-61726.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-61726.patch b/meta/recipes-devtools/go/go/CVE-2025-61726.patch new file mode 100644 index 00000000000..ab053ff55c9 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-61726.patch @@ -0,0 +1,196 @@ +From 85050ca6146f3edb50ded0a352ab9edbd635effc Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Mon, 3 Nov 2025 14:28:47 -0800 +Subject: [PATCH] [release-branch.go1.24] net/url: add urlmaxqueryparams + GODEBUG to limit the number of query parameters + +net/url does not currently limit the number of query parameters parsed by +url.ParseQuery or URL.Query. + +When parsing a application/x-www-form-urlencoded form, +net/http.Request.ParseForm will parse up to 10 MB of query parameters. +An input consisting of a large number of small, unique parameters can +cause excessive memory consumption. + +We now limit the number of query parameters parsed to 10000 by default. +The limit can be adjusted by setting GODEBUG=urlmaxqueryparams=. +Setting urlmaxqueryparams to 0 disables the limit. + +Thanks to jub0bs for reporting this issue. + +Fixes #77101 +Fixes CVE-2025-61726 + +CVE: CVE-2025-61726 +Upstream-Status: Backport [https://github.com/golang/go/commit/85c794ddce26] + +Change-Id: Iee3374c7ee2d8586dbf158536d3ade424203ff66 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3020 +Reviewed-by: Nicholas Husin +Reviewed-by: Neal Patel +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3326 +Reviewed-by: Roland Shoemaker +Reviewed-on: https://go-review.googlesource.com/c/go/+/736702 +Auto-Submit: Michael Pratt +Reviewed-by: Junyang Shao +TryBot-Bypass: Michael Pratt +(cherry picked from commit 85c794ddce26a092b0ea68d0fca79028b5069d5a) +Signed-off-by: Deepak Rathore +--- + doc/godebug.md | 7 +++++ + src/internal/godebugs/table.go | 1 + + src/net/url/url.go | 24 +++++++++++++++++ + src/net/url/url_test.go | 48 ++++++++++++++++++++++++++++++++++ + src/runtime/metrics/doc.go | 5 ++++ + 5 files changed, 85 insertions(+) + +diff --git a/doc/godebug.md b/doc/godebug.md +index ae4f0576b4..635597ea42 100644 +--- a/doc/godebug.md ++++ b/doc/godebug.md +@@ -126,6 +126,13 @@ for example, + see the [runtime documentation](/pkg/runtime#hdr-Environment_Variables) + and the [go command documentation](/cmd/go#hdr-Build_and_test_caching). + ++Go 1.26 added a new `urlmaxqueryparams` setting that controls the maximum number ++of query parameters that net/url will accept when parsing a URL-encoded query string. ++If the number of parameters exceeds the number set in `urlmaxqueryparams`, ++parsing will fail early. The default value is `urlmaxqueryparams=10000`. ++Setting `urlmaxqueryparams=0`bles the limit. To avoid denial of service attacks, ++this setting and default was backported to Go 1.25.4 and Go 1.24.10. ++ + Go 1.23.11 disabled build information stamping when multiple VCS are detected due + to concerns around VCS injection attacks. This behavior can be renabled with the + setting `allowmultiplevcs=1`. +diff --git a/src/internal/godebugs/table.go b/src/internal/godebugs/table.go +index 33dcd81fc3..4ae043053c 100644 +--- a/src/internal/godebugs/table.go ++++ b/src/internal/godebugs/table.go +@@ -52,6 +52,7 @@ var All = []Info{ + {Name: "tlsrsakex", Package: "crypto/tls", Changed: 22, Old: "1"}, + {Name: "tlsunsafeekm", Package: "crypto/tls", Changed: 22, Old: "1"}, + {Name: "x509sha1", Package: "crypto/x509"}, ++ {Name: "urlmaxqueryparams", Package: "net/url", Changed: 24, Old: "0"}, + {Name: "x509usefallbackroots", Package: "crypto/x509"}, + {Name: "x509usepolicies", Package: "crypto/x509"}, + {Name: "zipinsecurepath", Package: "archive/zip"}, +diff --git a/src/net/url/url.go b/src/net/url/url.go +index d2ae03232f..5219e3c130 100644 +--- a/src/net/url/url.go ++++ b/src/net/url/url.go +@@ -13,6 +13,7 @@ package url + import ( + "errors" + "fmt" ++ "internal/godebug" + "net/netip" + "path" + "sort" +@@ -958,7 +959,30 @@ func ParseQuery(query string) (Values, error) { + return m, err + } + ++var urlmaxqueryparams = godebug.New("urlmaxqueryparams") ++ ++const defaultMaxParams = 10000 ++ ++func urlParamsWithinMax(params int) bool { ++ withinDefaultMax := params <= defaultMaxParams ++ if urlmaxqueryparams.Value() == "" { ++ return withinDefaultMax ++ } ++ customMax, err := strconv.Atoi(urlmaxqueryparams.Value()) ++ if err != nil { ++ return withinDefaultMax ++ } ++ withinCustomMax := customMax == 0 || params < customMax ++ if withinDefaultMax != withinCustomMax { ++ urlmaxqueryparams.IncNonDefault() ++ } ++ return withinCustomMax ++} ++ + func parseQuery(m Values, query string) (err error) { ++ if !urlParamsWithinMax(strings.Count(query, "&") + 1) { ++ return errors.New("number of URL query parameters exceeded limit") ++ } + for query != "" { + var key string + key, query, _ = strings.Cut(query, "&") +diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go +index fef236e40a..b2f8bd95fc 100644 +--- a/src/net/url/url_test.go ++++ b/src/net/url/url_test.go +@@ -1488,6 +1488,54 @@ func TestParseQuery(t *testing.T) { + } + } + ++func TestParseQueryLimits(t *testing.T) { ++ for _, test := range []struct { ++ params int ++ godebug string ++ wantErr bool ++ }{{ ++ params: 10, ++ wantErr: false, ++ }, { ++ params: defaultMaxParams, ++ wantErr: false, ++ }, { ++ params: defaultMaxParams + 1, ++ wantErr: true, ++ }, { ++ params: 10, ++ godebug: "urlmaxqueryparams=9", ++ wantErr: true, ++ }, { ++ params: defaultMaxParams + 1, ++ godebug: "urlmaxqueryparams=0", ++ wantErr: false, ++ }} { ++ t.Setenv("GODEBUG", test.godebug) ++ want := Values{} ++ var b strings.Builder ++ for i := range test.params { ++ if i > 0 { ++ b.WriteString("&") ++ } ++ p := fmt.Sprintf("p%v", i) ++ b.WriteString(p) ++ want[p] = []string{""} ++ } ++ query := b.String() ++ got, err := ParseQuery(query) ++ if gotErr, wantErr := err != nil, test.wantErr; gotErr != wantErr { ++ t.Errorf("GODEBUG=%v ParseQuery(%v params) = %v, want error: %v", test.godebug, test.params, err, wantErr) ++ } ++ if err != nil { ++ continue ++ } ++ if got, want := len(got), test.params; got != want { ++ t.Errorf("GODEBUG=%v ParseQuery(%v params): got %v params, want %v", test.godebug, test.params, got, want) ++ } ++ } ++} ++ + type RequestURITest struct { + url *URL + out string +diff --git a/src/runtime/metrics/doc.go b/src/runtime/metrics/doc.go +index 517ec0e0a4..335f7873b3 100644 +--- a/src/runtime/metrics/doc.go ++++ b/src/runtime/metrics/doc.go +@@ -328,6 +328,11 @@ Below is the full list of supported metrics, ordered lexicographically. + The number of non-default behaviors executed by the crypto/tls + package due to a non-default GODEBUG=tlsunsafeekm=... setting. + ++ /godebug/non-default-behavior/urlmaxqueryparams:events ++ The number of non-default behaviors executed by the net/url ++ package due to a non-default GODEBUG=urlmaxqueryparams=... ++ setting. ++ + /godebug/non-default-behavior/x509sha1:events + The number of non-default behaviors executed by the crypto/x509 + package due to a non-default GODEBUG=x509sha1=... setting. +-- +2.35.6 From patchwork Tue Feb 24 14:31:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81760 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1B93E9B278 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21678.1771943586404924577 for ; Tue, 24 Feb 2026 06:33:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ZlqGuzB9; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-48336a6e932so34614195e9.3 for ; Tue, 24 Feb 2026 06:33:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943585; x=1772548385; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qEkrta58ZDPklME4aTKMeM0YG4/gSFyWo25EuNI7t4Q=; b=ZlqGuzB9FDakMEifyeiMgMo8QTWz+cI8bGMGgIUYqT5hhrrfTfMv8EKs+7PhzzikQj IH4eDvOL9ECSUa79idBmAThu2gqpwlq372I5I/0ZMbTV7rtTvL+I5VY6mh6cM5VnLVam h/uYCnF8cr28Q1VE7PIm13Cm2JiF1pSm2zZbo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943585; x=1772548385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qEkrta58ZDPklME4aTKMeM0YG4/gSFyWo25EuNI7t4Q=; b=OZQLEIcY4kPFNyUS1nWKPQAH4mL45c3rDQsB0usYHQvkuAE0mDVpVzRmq0DbqdwvAQ LZO723RoYRR6RRrOX0C9TyB1Hg4IpwZOWP8gyijq3ZdQm7oUQxcC9sXeFd+SprURHipj TerN15VWts4+UVlAAzYefs3DdAplkm1/WzXDrZq9BUBykYMv/O9K4KtdDgqy6godLHL+ gsKANXUxfouhXbWK6SPsaF9RVFLTGiCD9sSajrDsMVoQVDdcCIOFgmP2GUPAAW+hl9mv 8TA2oqWcGm1YECy/2zAsi3u/U5fcOhdsmkMswC2IQnCjXT23cFGx7d8an0/Box3YqX/D /j/A== X-Gm-Message-State: AOJu0Yz6EbmImjUwlfLlLIhLQiQAQKtTD6hinlCKHLgkg3n+JyHA9WFv HIhlkUUGWZaS2oM67fJjC8Wt3ECewa6811oJCo1Xbws5HeYZEJOiiFf6Z63uPpxPZf4Czml2/Wg L/rEk X-Gm-Gg: AZuq6aLhccWP2YdrU2RKyaiwkQsnidP/jMI0nzJRdOQEX3JVpEBpfx2lh2zF2yV7wxF 4Q2l75H4wTkBvkjRaVYg5EAR7Ukwf9YbodkT2aPzVj4aReaDysF9gl6O0UbFU0IXRLKEtGfTxn3 836ySYRBIS45esUpLq/wbVsJSOKucRO+CcAZpprXIYK8Fi6KBa+o5q6+0BocxiBpx267E0KQfuc tFb3swli8FuF1/RTZc4VGgmkYkIb7Q0ZCB9ljaocg6UESWURAwjdSWVzpo5eIU9YSmp07Gq1dQ2 g5JXydcI1HQKCymh05lG7zFer8BpuTTLz1UnyxQ5UaujMcLx1kexaf9xwcmQuayFF42eHxE73oQ 12psNCCkppn9Mc6ixaIGcr7P1Mfnwh4Bx9ITEvRJkYUXiC8IYpzm+J2Ty1VG80BlgRsWdhg7p33 rHfPYfxoYSFxfX9nhv0tpdjcTq3dDcy5EnpSOF320iw4eSZWnlJWJzOpl5Jvd9+LL9+jQqeZ0uF RC/UZSawJsYnOlwFUW+ejUtt2oSy0xblQ== X-Received: by 2002:a05:600c:8183:b0:47d:3ffa:5f03 with SMTP id 5b1f17b1804b1-483a962e09fmr183915015e9.21.1771943584351; Tue, 24 Feb 2026 06:33:04 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:04 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 22/44] go 1.22.12: Fix CVE-2025-61728 Date: Tue, 24 Feb 2026 15:31:50 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231829 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-61728 Type: Security Fix CVE: CVE-2025-61728 Score: 6.5 Patch: https://github.com/golang/go/commit/3235ef3db85c Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-61728.patch | 171 ++++++++++++++++++ 2 files changed, 172 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61728.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index 46f6ef5d8fe..04e380c821e 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -33,6 +33,7 @@ SRC_URI += "\ file://CVE-2025-61729.patch \ file://CVE-2025-61730.patch \ file://CVE-2025-61726.patch \ + file://CVE-2025-61728.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-61728.patch b/meta/recipes-devtools/go/go/CVE-2025-61728.patch new file mode 100644 index 00000000000..99266ed7a8c --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-61728.patch @@ -0,0 +1,171 @@ +From 727c39f7e6c9dc9d4a40d67f39f68ae8867a2abd Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Tue, 4 Nov 2025 17:00:33 -0800 +Subject: [PATCH] [release-branch.go1.24] archive/zip: reduce CPU usage in + index construction +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Constructing the zip index (which is done once when first opening +a file in an archive) can consume large amounts of CPU when +processing deeply-nested directory paths. + +Switch to a less inefficient algorithm. + +Thanks to Jakub Ciolek for reporting this issue. + + goos: darwin + goarch: arm64 + pkg: archive/zip + cpu: Apple M4 Pro + │ /tmp/bench.0 │ /tmp/bench.1 │ + │ sec/op │ sec/op vs base │ + ReaderOneDeepDir-14 25983.62m ± 2% 46.01m ± 2% -99.82% (p=0.000 n=8) + ReaderManyDeepDirs-14 16.221 ± 1% 2.763 ± 6% -82.96% (p=0.000 n=8) + ReaderManyShallowFiles-14 130.3m ± 1% 128.8m ± 2% -1.20% (p=0.003 n=8) + geomean 3.801 253.9m -93.32% + +Fixes #77102 +Fixes CVE-2025-61728 + +CVE: CVE-2025-61728 +Upstream-Status: Backport [https://github.com/golang/go/commit/3235ef3db85c] + +Change-Id: I2c9c864be01b2a2769eb67fbab1b250aeb8f6c42 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3060 +Reviewed-by: Nicholas Husin +Reviewed-by: Neal Patel +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3328 +Reviewed-by: Damien Neil +Reviewed-on: https://go-review.googlesource.com/c/go/+/736703 +TryBot-Bypass: Michael Pratt +Auto-Submit: Michael Pratt +Reviewed-by: Junyang Shao +(cherry picked from commit 3235ef3db85c2d7e797b976822a7addaf6d5ca2a) +Signed-off-by: Deepak Rathore +--- + src/archive/zip/reader.go | 11 ++++- + src/archive/zip/reader_test.go | 81 ++++++++++++++++++++++++++++++++++ + 2 files changed, 91 insertions(+), 1 deletion(-) + +diff --git a/src/archive/zip/reader.go b/src/archive/zip/reader.go +index 60b34b76ee..8a79f5d140 100644 +--- a/src/archive/zip/reader.go ++++ b/src/archive/zip/reader.go +@@ -830,7 +830,16 @@ func (r *Reader) initFileList() { + continue + } + +- for dir := path.Dir(name); dir != "."; dir = path.Dir(dir) { ++ dir := name ++ for { ++ if idx := strings.LastIndex(dir, "/"); idx < 0 { ++ break ++ } else { ++ dir = dir[:idx] ++ } ++ if dirs[dir] { ++ break ++ } + dirs[dir] = true + } + +diff --git a/src/archive/zip/reader_test.go b/src/archive/zip/reader_test.go +index 9a77c1aa62..278714bf49 100644 +--- a/src/archive/zip/reader_test.go ++++ b/src/archive/zip/reader_test.go +@@ -8,6 +8,7 @@ import ( + "bytes" + "encoding/binary" + "encoding/hex" ++ "fmt" + "internal/obscuretestdata" + "io" + "io/fs" +@@ -1834,3 +1835,83 @@ func TestBaseOffsetPlusOverflow(t *testing.T) { + // as the section reader offset & size were < 0. + NewReader(bytes.NewReader(data), int64(len(data))+1875) + } ++ ++func BenchmarkReaderOneDeepDir(b *testing.B) { ++ var buf bytes.Buffer ++ zw := NewWriter(&buf) ++ ++ for i := range 4000 { ++ name := strings.Repeat("a/", i) + "data" ++ zw.CreateHeader(&FileHeader{ ++ Name: name, ++ Method: Store, ++ }) ++ } ++ ++ if err := zw.Close(); err != nil { ++ b.Fatal(err) ++ } ++ data := buf.Bytes() ++ ++ for b.Loop() { ++ zr, err := NewReader(bytes.NewReader(data), int64(len(data))) ++ if err != nil { ++ b.Fatal(err) ++ } ++ zr.Open("does-not-exist") ++ } ++} ++ ++func BenchmarkReaderManyDeepDirs(b *testing.B) { ++ var buf bytes.Buffer ++ zw := NewWriter(&buf) ++ ++ for i := range 2850 { ++ name := fmt.Sprintf("%x", i) ++ name = strings.Repeat("/"+name, i+1)[1:] ++ ++ zw.CreateHeader(&FileHeader{ ++ Name: name, ++ Method: Store, ++ }) ++ } ++ ++ if err := zw.Close(); err != nil { ++ b.Fatal(err) ++ } ++ data := buf.Bytes() ++ ++ for b.Loop() { ++ zr, err := NewReader(bytes.NewReader(data), int64(len(data))) ++ if err != nil { ++ b.Fatal(err) ++ } ++ zr.Open("does-not-exist") ++ } ++} ++ ++func BenchmarkReaderManyShallowFiles(b *testing.B) { ++ var buf bytes.Buffer ++ zw := NewWriter(&buf) ++ ++ for i := range 310000 { ++ name := fmt.Sprintf("%v", i) ++ zw.CreateHeader(&FileHeader{ ++ Name: name, ++ Method: Store, ++ }) ++ } ++ ++ if err := zw.Close(); err != nil { ++ b.Fatal(err) ++ } ++ data := buf.Bytes() ++ ++ for b.Loop() { ++ zr, err := NewReader(bytes.NewReader(data), int64(len(data))) ++ if err != nil { ++ b.Fatal(err) ++ } ++ zr.Open("does-not-exist") ++ } ++} +-- +2.35.6 From patchwork Tue Feb 24 14:31:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81759 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB18BE9B27B for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21475.1771943587097550386 for ; Tue, 24 Feb 2026 06:33:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=mgI06dzg; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-483abed83b6so22424385e9.0 for ; Tue, 24 Feb 2026 06:33:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943585; x=1772548385; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Qbc8+HSFCTLphLzH933222PqsIizqSct2BRkmBDeux4=; b=mgI06dzgMyQLQWVM+ChSVO21aOu8Aacrrb8BYyoRaRxZUrQJjlaQMu4P/WztOirVtO pa/vdYYwPbK7+AwKjhwBtyxMJnKI8nu4FwrHPOlnu8iZZYt0+na3IYArGXbkNr2C5fAM F8ZinqjRBXBUxHap7cAcFdy68+G1125CC1H/o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943585; x=1772548385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Qbc8+HSFCTLphLzH933222PqsIizqSct2BRkmBDeux4=; b=F4lsLohT57zlqgsJMTw6l8LDzA34dZXPHXs9BD5MqMXY3pikmmWYqqAhSLjm1LIkG3 kQJ4C7TPLZW20GYRBB8pNhqybj+9U/PqsjKIcIhYmpI0cYW6d8g7sAc7I2YvhziOqfHS L5hjHbsROXb9tMYhLeIlgPBhvjT7vMuBDKNfI3Rq5UopMMOdlnLP2rNZJAnZOtHSdtd3 6fQrfd0/cgqoxnBcmy5gb4cdQMldUGyKOOU1Qy2HseDLo/Es5jojTzPntcFQmgR7pn1O f98vDQRsJV1inlzziZ1rdb8BKOot3H0xWtB7yKjOG+iXPN02J0DcjD2ShXjfgLw0LtBq WVmg== X-Gm-Message-State: AOJu0YwFjZYByN7K95VRIF6Ev3Mspp623JbLnPavLjeVqrsUE0o221IV ISwfGNdaq8J8XM1ugr7M3h8VMCO1+V+89ay1+fdRwGC4ss/4vPW2cOBtbVS1IAsIBOE/sYGth7V uVaas X-Gm-Gg: AZuq6aJfaE8RdtXUezYaaqUZQclXr081EYGtTVC+vTai+FePbFBUDqZd6nkzojFzJ2G 6dHsMLEip92BxG5PeubY+E/ePSf9c+3+ONl1+w5B0be5yBTPk1yF1I08Y8YysvyxV1lATVg+N3p FELIE73j7KNY0U/kCfP5w+Y+Dqnl9Npvae/j5v2JOkAKZ40dIxcsXP9O9XTfbBJKChaxQbxVatJ FgHuWUMhhMywBXYEUVS3MbgPAQVpIejZY/o2hWIx9DDgsSftSMWi2nTEQ1GOzLBeKKHg1RHvIpl 69zFVENkrLzDxGif0Mu9J8hiuGSgp80ED7c10RR43SH2iKMO1qV3m2TDqaBcFpa50gTECBoAFIY PCqeb9yNL3Pwyoqok8jNiuCulQ96yA9HJl3gAK4aoc8aQgoTwdSjZqT+lb0ylL0VYejI5GmJ4GA tAvIpVDHPeNsUoCy4mRKtI4i8hMFiPv6PuE8EG8wrk+58aPIUHuh07P7moK5lELe3C/Demqn2xd ndiOklMNLMu+tzOLU/zcpE+MWNioXy7pA== X-Received: by 2002:a05:600c:1d0e:b0:483:78c7:e1c1 with SMTP id 5b1f17b1804b1-483a95bd940mr210251585e9.12.1771943584969; Tue, 24 Feb 2026 06:33:04 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:04 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 23/44] go 1.22.12: Fix CVE-2025-61731 Date: Tue, 24 Feb 2026 15:31:51 +0100 Message-ID: <73ae906130c039f6d7de467821104fec9309d95f.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231830 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-61731 Type: Security Fix CVE: CVE-2025-61731 Score: 7.8 Patch: https://github.com/golang/go/commit/00b7309387a1 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-61731.patch | 70 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61731.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index 04e380c821e..82019f25dd7 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -34,6 +34,7 @@ SRC_URI += "\ file://CVE-2025-61730.patch \ file://CVE-2025-61726.patch \ file://CVE-2025-61728.patch \ + file://CVE-2025-61731.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-61731.patch b/meta/recipes-devtools/go/go/CVE-2025-61731.patch new file mode 100644 index 00000000000..a4589daade9 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-61731.patch @@ -0,0 +1,70 @@ +From ab266ccbc19789c52dcb1dc6e8e71d2f4fd545ff Mon Sep 17 00:00:00 2001 +From: Neal Patel +Date: Thu, 4 Dec 2025 12:30:39 -0500 +Subject: [PATCH] [release-branch.go1.24] cmd/go/internal/work: sanitize flags + before invoking 'pkg-config' + +The addition of CgoPkgConfig allowed execution with flags not +matching the safelist. In order to prevent potential arbitrary +code execution at build time, ensure that flags are validated +prior to invoking the 'pkg-config' binary. + +Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. +for reporting this issue. + +Fixes CVE-2025-61731 +Fixes #77100 + +CVE: CVE-2025-61731 +Upstream-Status: Backport [https://github.com/golang/go/commit/00b7309387a1] + +Change-Id: Ic51b41f1f7e697ab98c9c32c6fae35f217f7f364 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3240 +Reviewed-by: Nicholas Husin +Reviewed-by: Damien Neil +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3344 +Reviewed-by: Neal Patel +Reviewed-on: https://go-review.googlesource.com/c/go/+/736701 +Auto-Submit: Michael Pratt +TryBot-Bypass: Michael Pratt +Reviewed-by: Junyang Shao +(cherry picked from commit 00b7309387a171bcba37382e7ed96b473df04917) +Signed-off-by: Deepak Rathore +--- + src/cmd/go/internal/work/exec.go | 8 ++++++++ + src/cmd/go/internal/work/security.go | 1 + + 2 files changed, 9 insertions(+) + +diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go +index c8f297cbe9..815942a703 100644 +--- a/src/cmd/go/internal/work/exec.go ++++ b/src/cmd/go/internal/work/exec.go +@@ -1684,6 +1684,14 @@ func (b *Builder) getPkgConfigFlags(a *Action) (cflags, ldflags []string, err er + return nil, nil, fmt.Errorf("invalid pkg-config package name: %s", pkg) + } + } ++ ++ // Running 'pkg-config' can cause execution of ++ // arbitrary code using flags that are not in ++ // the safelist. ++ if err := checkCompilerFlags("CFLAGS", "pkg-config --cflags", pcflags); err != nil { ++ return nil, nil, err ++ } ++ + var out []byte + out, err = sh.runOut(p.Dir, nil, b.PkgconfigCmd(), "--cflags", pcflags, "--", pkgs) + if err != nil { +diff --git a/src/cmd/go/internal/work/security.go b/src/cmd/go/internal/work/security.go +index 568eecd325..79724ed04a 100644 +--- a/src/cmd/go/internal/work/security.go ++++ b/src/cmd/go/internal/work/security.go +@@ -122,6 +122,7 @@ var validCompilerFlags = []*lazyregexp.Regexp{ + re(`-pedantic(-errors)?`), + re(`-pipe`), + re(`-pthread`), ++ re(`--static`), + re(`-?-std=([^@\-].*)`), + re(`-?-stdlib=([^@\-].*)`), + re(`--sysroot=([^@\-].*)`), +-- +2.35.6 From patchwork Tue Feb 24 14:31:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81769 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88A00F357DF for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21679.1771943588453145166 for ; Tue, 24 Feb 2026 06:33:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=kF8Ll9kz; spf=pass (domain: smile.fr, ip: 209.85.221.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-4362197d174so3579310f8f.3 for ; Tue, 24 Feb 2026 06:33:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943587; x=1772548387; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kWtHwzmtvB1+AxR8gnPCaQsHincClg2l4KEuwzqiId4=; b=kF8Ll9kzOLduAtbAI2NHwoskDIV4l81AihRYUEMxfFKFpZgHOmGfZYYVaY+lx3W+fQ IUXDHwqvqRtEX0+0cNySqiKXkUPQogSN2wyF4JF3hrXuw1Ao0dYfMhnchb5MqaKEek5F PNEItjHE4vA1PNtyhEXzks+4Xky5QAG4hoyQM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943587; x=1772548387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=kWtHwzmtvB1+AxR8gnPCaQsHincClg2l4KEuwzqiId4=; b=CYcWl8YQFsF1tStkuoqvYgUDb/70p4ELhW4tipHIbgTU2sI06rYIxNwWYactiSQ0qS 6llbKayoDiZTtZ+6XjU06UIzoLEjka3uEbibyZQDis+yPd0FXWvHCnocPDag2DeNcTMr JaKeRjIM0mDM7/kRTzzPeAFk/gIoBD0jHNXg/328aAkK/l7Pui55g8SYHVZf7MHPr1Fa MjlXtPWAqA6ILuoQ14Ep5UW1Ul0d/DuT12Jkq3kazrNdkNcEtg9VriUOUywJ2HijX1M2 bR4/EqMNeii3AVgp7WddtJbo1D0pSc/b2/wI2rWZ6meibwk3knsYHdKtKSzSZs+c2vXQ iBgw== X-Gm-Message-State: AOJu0YwFaV+8Ec4uHHlsb38fqYCXP2kT1LduhxJjgzIGgvYyF06iAMBy d27/KvMcpHVNu45uuJEHSTaj5RhhZiptNuOi97lhlkJYsIUhRp6aRAzf7Rmd11gIRCNIHRvHk8y yBTF1 X-Gm-Gg: AZuq6aICjqRAG3Wyox6cEPY0L92ITz41BZBRQTOEZsYbThEIFigJXtPzB1IQOxjlBEq skaSg6FsL5/e1tAVsg4St7Vlxk53nsFPMHSBJdNVeTJdNw+sA+rDRqQC7qlQNZTuz8cHd46AqEn yR50L1tn3aKMrX2udUuLLDi3OeUkHHeyJm1TrXkTZyUB7nL7JsfO7pN/I3T2jSNyc9L0XU4fyEA KrKvlLl98m8KoFZ7Yv1XREOxdN7z5g1abCbkmPhyJru/IHwjiHnI027TGfjNNqUURUdomf1wBeF lnJ+mpYIiEKFkPPl8H8as7L43qcoIIrip6flxy5F+EhYDIAB42GkD3jm5cYyKVwpXcQ9+mQ16/J btEPYz4lm3EP1SRUfM4RI03Yiao99hZE6/lg2ZUCRhnl4+iHzACxptHhSyzWflUXVMq8V7MPvpU Tlnfhh7xqxbWuBc1wBHKrzxbTamXoG8krZ506azLqjqZXS+/EahignHZTE0fcfn7bptXYaPcvwG NvDOCCN4lepmgOxGO3pDBLfQ1b+xsgFNQ== X-Received: by 2002:a05:600c:6206:b0:46f:d682:3c3d with SMTP id 5b1f17b1804b1-483a95b71b5mr227455325e9.13.1771943585716; Tue, 24 Feb 2026 06:33:05 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:05 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 24/44] go 1.22.12: Fix CVE-2025-68119 Date: Tue, 24 Feb 2026 15:31:52 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231832 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-68119 Type: Security Fix CVE: CVE-2025-68119 Score: 7.0 Patch: [1] https://github.com/golang/go/commit/62452bed4801 [2] https://github.com/golang/go/commit/73fe85f0ea1b Note: - First commit [1] is a dependent patch which is required additionally in original fix [2] to define ENV variable changes in src/cmd/go/internal/vcs/vcs.go file. Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 2 + .../go/go/CVE-2025-68119-dependent.patch | 175 ++++ .../go/go/CVE-2025-68119.patch | 828 ++++++++++++++++++ 3 files changed, 1005 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68119-dependent.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68119.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index 82019f25dd7..ca0f05f7c86 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -35,6 +35,8 @@ SRC_URI += "\ file://CVE-2025-61726.patch \ file://CVE-2025-61728.patch \ file://CVE-2025-61731.patch \ + file://CVE-2025-68119-dependent.patch \ + file://CVE-2025-68119.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-68119-dependent.patch b/meta/recipes-devtools/go/go/CVE-2025-68119-dependent.patch new file mode 100644 index 00000000000..5875d129ccc --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-68119-dependent.patch @@ -0,0 +1,175 @@ +From 121b6cb231b5d904c03739495fcda69152d83f88 Mon Sep 17 00:00:00 2001 +From: Matt Harbison +Date: Sat, 3 Aug 2024 00:06:30 +0000 +Subject: [PATCH] cmd/go: fix the accuracy of Mercurial vcs.* stamped data + +There were a few Mercurial command line uses that could cause the wrong +data to be used: + +* The log command needs '-r.' to specify the currently checked out commit +* HGPLAIN is needed to disable optional output on commands +* '-S' is needed to for the 'status' command to recurse into any subrepos + +The most likely issue to be seen here was the use of '-l1' instead of +'-r.', which prints the most recent commit instead of the current checkout. +Since tagging in Mercurial creates a new commit, this basically means the +data was wrong for every tagged build. + +This also adds an hgrc config file to the test, with config options to +keep the time and author values fixed. It's what's used in the Mercurial +test harness to keep the commit hashes stable, and allows the tests here to +also match the time and the revision ID, to prevent regressing. + +Fixes #63532 + +CVE: CVE-2025-68119 +Upstream-Status: Backport [https://github.com/golang/go/commit/62452bed4801] + +Change-Id: I5b9971ce87c83431ec77e4a002bdc33fcf393856 +GitHub-Last-Rev: 62c9db0a28fee5881d0fe49f7bbb6e1653c7ff60 +GitHub-Pull-Request: golang/go#63557 +Reviewed-on: https://go-review.googlesource.com/c/go/+/535377 +Reviewed-by: Bryan Mills +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Sam Thanawalla +Auto-Submit: Sam Thanawalla +Reviewed-by: Michael Matloob +(cherry picked from commit 62452bed480108623910feace4a5cea5448e6822) +Signed-off-by: Deepak Rathore +--- + src/cmd/go/internal/vcs/vcs.go | 13 +++++-- + .../testdata/script/version_buildvcs_hg.txt | 39 ++++++++++++++++--- + 2 files changed, 43 insertions(+), 9 deletions(-) + +diff --git a/src/cmd/go/internal/vcs/vcs.go b/src/cmd/go/internal/vcs/vcs.go +index 89d9f0e94e..60f76d77cf 100644 +--- a/src/cmd/go/internal/vcs/vcs.go ++++ b/src/cmd/go/internal/vcs/vcs.go +@@ -37,6 +37,7 @@ import ( + type Cmd struct { + Name string + Cmd string // name of binary to invoke command ++ Env []string // any environment values to set/override + RootNames []rootName // filename and mode indicating the root of a checkout directory + + CreateCmd []string // commands to download a fresh copy of a repository +@@ -154,6 +155,10 @@ func vcsByCmd(cmd string) *Cmd { + var vcsHg = &Cmd{ + Name: "Mercurial", + Cmd: "hg", ++ ++ // HGPLAIN=1 turns off additional output that a user may have enabled via ++ // config options or certain extensions. ++ Env: []string{"HGPLAIN=1"}, + RootNames: []rootName{ + {filename: ".hg", isDir: true}, + }, +@@ -189,12 +194,11 @@ func hgRemoteRepo(vcsHg *Cmd, rootDir string) (remoteRepo string, err error) { + + func hgStatus(vcsHg *Cmd, rootDir string) (Status, error) { + // Output changeset ID and seconds since epoch. +- out, err := vcsHg.runOutputVerboseOnly(rootDir, `log -l1 -T {node}:{date|hgdate}`) ++ out, err := vcsHg.runOutputVerboseOnly(rootDir, `log -r. -T {node}:{date|hgdate}`) + if err != nil { + return Status{}, err + } + +- // Successful execution without output indicates an empty repo (no commits). + var rev string + var commitTime time.Time + if len(out) > 0 { +@@ -209,7 +213,7 @@ func hgStatus(vcsHg *Cmd, rootDir string) (Status, error) { + } + + // Also look for untracked files. +- out, err = vcsHg.runOutputVerboseOnly(rootDir, "status") ++ out, err = vcsHg.runOutputVerboseOnly(rootDir, "status -S") + if err != nil { + return Status{}, err + } +@@ -689,6 +693,9 @@ func (v *Cmd) run1(dir string, cmdline string, keyval []string, verbose bool) ([ + + cmd := exec.Command(v.Cmd, args...) + cmd.Dir = dir ++ if v.Env != nil { ++ cmd.Env = append(cmd.Environ(), v.Env...) ++ } + if cfg.BuildX { + fmt.Fprintf(os.Stderr, "cd %s\n", dir) + fmt.Fprintf(os.Stderr, "%s %s\n", v.Cmd, strings.Join(args, " ")) +diff --git a/src/cmd/go/testdata/script/version_buildvcs_hg.txt b/src/cmd/go/testdata/script/version_buildvcs_hg.txt +index fbbd886102..13904fae12 100644 +--- a/src/cmd/go/testdata/script/version_buildvcs_hg.txt ++++ b/src/cmd/go/testdata/script/version_buildvcs_hg.txt +@@ -6,6 +6,8 @@ + [short] skip + env GOBIN=$WORK/gopath/bin + env oldpath=$PATH ++env TZ=GMT ++env HGRCPATH=$WORK/hgrc + cd repo/a + + # If there's no local repository, there's no VCS info. +@@ -29,24 +31,43 @@ cd .. + env PATH=$oldpath + rm .hg + +-# If there is an empty repository in a parent directory, only "uncommitted" is tagged. ++# An empty repository or one explicitly updated to null uses the null cset ID, ++# and the time is hard set to 1/1/70, regardless of the current time. + exec hg init + cd a + go install + go version -m $GOBIN/a$GOEXE +-! stdout vcs.revision +-! stdout vcs.time ++stdout '^\tbuild\tvcs.revision=0000000000000000000000000000000000000000$' ++stdout '^\tbuild\tvcs.time=1970-01-01T00:00:00Z$' + stdout '^\tbuild\tvcs.modified=true$' + cd .. + + # Revision and commit time are tagged for repositories with commits. + exec hg add a README +-exec hg commit -m 'initial commit' ++exec hg commit -m 'initial commit' --user test-user --date '2024-07-31T01:21:27+00:00' + cd a + go install + go version -m $GOBIN/a$GOEXE +-stdout '^\tbuild\tvcs.revision=' +-stdout '^\tbuild\tvcs.time=' ++stdout '^\tbuild\tvcs.revision=71eaed52daeaafea83cb604f75b0a0336ef2c345$' ++stdout '^\tbuild\tvcs.time=2024-07-31T01:21:27Z$' ++stdout '^\tbuild\tvcs.modified=false$' ++rm $GOBIN/a$GOEXE ++ ++# Add an extra commit and then back off of it to show that the hash is ++# from the checked out revision, not the tip revision. ++cp ../../outside/empty.txt . ++exec hg ci -Am 'another commit' --user test-user --date '2024-08-01T19:24:38+00:00' ++exec hg update --clean -r '.^' ++ ++# Modified state is not thrown off by extra status output ++exec hg bisect -v -g . ++exec hg bisect -v -b '.^^' ++exec hg status ++stdout '^.+' ++go install ++go version -m $GOBIN/a$GOEXE ++stdout '^\tbuild\tvcs.revision=71eaed52daeaafea83cb604f75b0a0336ef2c345$' ++stdout '^\tbuild\tvcs.time=2024-07-31T01:21:27Z$' + stdout '^\tbuild\tvcs.modified=false$' + rm $GOBIN/a$GOEXE + +@@ -88,4 +109,10 @@ go 1.18 + package main + + func main() {} ++-- $WORK/hgrc -- ++[ui] ++# tweakdefaults is an opt-in that may print extra output in commands like ++# status. That can be disabled by setting HGPLAIN=1. ++tweakdefaults = 1 ++ + -- outside/empty.txt -- +-- +2.35.6 diff --git a/meta/recipes-devtools/go/go/CVE-2025-68119.patch b/meta/recipes-devtools/go/go/CVE-2025-68119.patch new file mode 100644 index 00000000000..d3f17244536 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-68119.patch @@ -0,0 +1,828 @@ +From 204e2fdacfbdb72a0b85fb526c8599128e430e94 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Wed, 10 Dec 2025 08:13:07 -0500 +Subject: [PATCH] [release-branch.go1.24] cmd/go: update VCS commands to use + safer flag/argument syntax + +In various situations, the toolchain invokes VCS commands. Some of these +commands take arbitrary input, either provided by users or fetched from +external sources. To prevent potential command injection vulnerabilities +or misinterpretation of arguments as flags, this change updates the VCS +commands to use various techniques to separate flags from positional +arguments, and to directly associate flags with their values. + +Additionally, we update the environment variable for Mercurial to use +`HGPLAIN=+strictflags`, which is the more explicit way to disable user +configurations (intended or otherwise) that might interfere with command +execution. + +We also now disallow version strings from being prefixed with '-' or +'/', as doing so opens us up to making the same mistake again in the +future. As far as we know there are currently ~0 public modules affected +by this. + +While I was working on cmd/go/internal/vcs, I also noticed that a +significant portion of the commands being implemented were dead code. +In order to reduce the maintenance burden and surface area for potential +issues, I removed the dead code for unused commands. + +We should probably follow up with a more structured change to make it +harder to accidentally re-introduce these issues in the future, but for +now this addresses the issue at hand. + +Thanks to splitline (@splitline) from DEVCORE Research Team for +reporting this issue. + +Fixes CVE-2025-68119 +Updates #77099 +Fixes #77103 + +CVE: CVE-2025-68119 +Upstream-Status: Backport [https://github.com/golang/go/commit/73fe85f0ea1b] + +Backport Changes: +- In file src/cmd/go/internal/modfetch/codehost/git.go, Replaced the + function call runGIT with RUN. This changes is not present in current + version v1.22.12 and this changes were introduced in version v1.24 by + this commit https://github.com/golang/go/commit/8aa2eed8fb90 + +Change-Id: I9d9f4ee05b95be49fe14edf71a1b8e6c0784378e +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3260 +Reviewed-by: Damien Neil +Reviewed-by: Nicholas Husin +Reviewed-on: https://go-review.googlesource.com/c/go/+/736710 +Auto-Submit: Michael Pratt +Reviewed-by: Junyang Shao +LUCI-TryBot-Result: Go LUCI +(cherry picked from commit 94a1296a457387d1fd6eca1a9bcd44e89bdd9d55) +Reviewed-on: https://go-review.googlesource.com/c/go/+/739421 +Auto-Submit: Dmitri Shuralyov +(cherry picked from commit 73fe85f0ea1bf2cec8e9a89bf5645de06ecaa0a6) +Signed-off-by: Deepak Rathore +--- + src/cmd/go/internal/modcmd/edit.go | 10 +- + src/cmd/go/internal/modfetch/codehost/git.go | 20 +- + src/cmd/go/internal/modfetch/codehost/vcs.go | 20 +- + src/cmd/go/internal/modget/query.go | 5 +- + src/cmd/go/internal/modload/build.go | 12 +- + src/cmd/go/internal/modload/list.go | 30 +- + src/cmd/go/internal/toolchain/select.go | 7 +- + src/cmd/go/internal/vcs/vcs.go | 331 +------------------ + src/cmd/go/internal/workcmd/edit.go | 5 +- + 9 files changed, 96 insertions(+), 344 deletions(-) + +diff --git a/src/cmd/go/internal/modcmd/edit.go b/src/cmd/go/internal/modcmd/edit.go +index db131b0881..330603fe32 100644 +--- a/src/cmd/go/internal/modcmd/edit.go ++++ b/src/cmd/go/internal/modcmd/edit.go +@@ -284,7 +284,10 @@ func runEdit(ctx context.Context, cmd *base.Command, args []string) { + + // parsePathVersion parses -flag=arg expecting arg to be path@version. + func parsePathVersion(flag, arg string) (path, version string) { +- before, after, found := strings.Cut(arg, "@") ++ before, after, found, err := modload.ParsePathVersion(arg) ++ if err != nil { ++ base.Fatalf("go: -%s=%s: %v", flag, arg, err) ++ } + if !found { + base.Fatalf("go: -%s=%s: need path@version", flag, arg) + } +@@ -318,7 +321,10 @@ func parsePathVersionOptional(adj, arg string, allowDirPath bool) (path, version + if allowDirPath && modfile.IsDirectoryPath(arg) { + return arg, "", nil + } +- before, after, found := strings.Cut(arg, "@") ++ before, after, found, err := modload.ParsePathVersion(arg) ++ if err != nil { ++ return "", "", err ++ } + if !found { + path = arg + } else { +diff --git a/src/cmd/go/internal/modfetch/codehost/git.go b/src/cmd/go/internal/modfetch/codehost/git.go +index 9996be7af7..45727ae3fb 100644 +--- a/src/cmd/go/internal/modfetch/codehost/git.go ++++ b/src/cmd/go/internal/modfetch/codehost/git.go +@@ -246,7 +246,7 @@ func (r *gitRepo) loadRefs(ctx context.Context) (map[string]string, error) { + r.refsErr = err + return + } +- out, gitErr := Run(ctx, r.dir, "git", "ls-remote", "-q", r.remote) ++ out, gitErr := Run(ctx, r.dir, "git", "ls-remote", "-q","--end-of-options", r.remote) + release() + + if gitErr != nil { +@@ -509,7 +509,7 @@ func (r *gitRepo) stat(ctx context.Context, rev string) (info *RevInfo, err erro + if fromTag && !slices.Contains(info.Tags, tag) { + // The local repo includes the commit hash we want, but it is missing + // the corresponding tag. Add that tag and try again. +- _, err := Run(ctx, r.dir, "git", "tag", tag, hash) ++ _, err := Run(ctx, r.dir, "git", "tag","--end-of-options", tag, hash) + if err != nil { + return nil, err + } +@@ -554,7 +554,7 @@ func (r *gitRepo) stat(ctx context.Context, rev string) (info *RevInfo, err erro + // an apparent Git bug introduced in Git 2.21 (commit 61c771), + // which causes the handler for protocol version 1 to sometimes miss + // tags that point to the requested commit (see https://go.dev/issue/56881). +- _, err = Run(ctx, r.dir, "git", "-c", "protocol.version=2", "fetch", "-f", "--depth=1", r.remote, refspec) ++ _, err = Run(ctx, r.dir, "git", "-c", "protocol.version=2", "fetch", "-f", "--depth=1","--end-of-options", r.remote, refspec) + release() + + if err == nil { +@@ -597,12 +597,12 @@ func (r *gitRepo) fetchRefsLocked(ctx context.Context) error { + } + defer release() + +- if _, err := Run(ctx, r.dir, "git", "fetch", "-f", r.remote, "refs/heads/*:refs/heads/*", "refs/tags/*:refs/tags/*"); err != nil { ++ if _, err := Run(ctx, r.dir, "git", "fetch", "-f","--end-of-options", r.remote, "refs/heads/*:refs/heads/*", "refs/tags/*:refs/tags/*"); err != nil { + return err + } + + if _, err := os.Stat(filepath.Join(r.dir, "shallow")); err == nil { +- if _, err := Run(ctx, r.dir, "git", "fetch", "--unshallow", "-f", r.remote); err != nil { ++ if _, err := Run(ctx, r.dir, "git", "fetch", "--unshallow", "-f", "--end-of-options",r.remote); err != nil { + return err + } + } +@@ -615,7 +615,7 @@ func (r *gitRepo) fetchRefsLocked(ctx context.Context) error { + // statLocal returns a new RevInfo describing rev in the local git repository. + // It uses version as info.Version. + func (r *gitRepo) statLocal(ctx context.Context, version, rev string) (*RevInfo, error) { +- out, err := Run(ctx, r.dir, "git", "-c", "log.showsignature=false", "log", "--no-decorate", "-n1", "--format=format:%H %ct %D", rev, "--") ++ out, err := Run(ctx, r.dir, "git", "-c", "log.showsignature=false", "log", "--no-decorate", "-n1", "--format=format:%H %ct %D","--end-of-options", rev, "--") + if err != nil { + // Return info with Origin.RepoSum if possible to allow caching of negative lookup. + var info *RevInfo +@@ -705,7 +705,7 @@ func (r *gitRepo) ReadFile(ctx context.Context, rev, file string, maxSize int64) + if err != nil { + return nil, err + } +- out, err := Run(ctx, r.dir, "git", "cat-file", "blob", info.Name+":"+file) ++ out, err := Run(ctx, r.dir, "git", "cat-file","--end-of-options", "blob", info.Name+":"+file) + if err != nil { + return nil, fs.ErrNotExist + } +@@ -723,7 +723,7 @@ func (r *gitRepo) RecentTag(ctx context.Context, rev, prefix string, allowed fun + // result is definitive. + describe := func() (definitive bool) { + var out []byte +- out, err = Run(ctx, r.dir, "git", "for-each-ref", "--format", "%(refname)", "refs/tags", "--merged", rev) ++ out, err = Run(ctx, r.dir, "git", "for-each-ref", "--format=%(refname)", "--merged="+rev) + if err != nil { + return true + } +@@ -865,7 +865,7 @@ func (r *gitRepo) ReadZip(ctx context.Context, rev, subdir string, maxSize int64 + // TODO: Use maxSize or drop it. + args := []string{} + if subdir != "" { +- args = append(args, "--", subdir) ++ args = append(args, subdir) + } + info, err := r.Stat(ctx, rev) // download rev into local git repo + if err != nil { +@@ -887,7 +887,7 @@ func (r *gitRepo) ReadZip(ctx context.Context, rev, subdir string, maxSize int64 + // text file line endings. Setting -c core.autocrlf=input means only + // translate files on the way into the repo, not on the way out (archive). + // The -c core.eol=lf should be unnecessary but set it anyway. +- archive, err := Run(ctx, r.dir, "git", "-c", "core.autocrlf=input", "-c", "core.eol=lf", "archive", "--format=zip", "--prefix=prefix/", info.Name, args) ++ archive, err := Run(ctx, r.dir, "git", "-c", "core.autocrlf=input", "-c", "core.eol=lf", "archive", "--format=zip", "--prefix=prefix/", "--end-of-options", info.Name, args) + if err != nil { + if bytes.Contains(err.(*RunError).Stderr, []byte("did not match any files")) { + return nil, fs.ErrNotExist +diff --git a/src/cmd/go/internal/modfetch/codehost/vcs.go b/src/cmd/go/internal/modfetch/codehost/vcs.go +index 5bd100556b..425f61269f 100644 +--- a/src/cmd/go/internal/modfetch/codehost/vcs.go ++++ b/src/cmd/go/internal/modfetch/codehost/vcs.go +@@ -162,20 +162,20 @@ var vcsCmds = map[string]*vcsCmd{ + branchRE: re(`(?m)^[^\n]+$`), + badLocalRevRE: re(`(?m)^(tip)$`), + statLocal: func(rev, remote string) []string { +- return []string{"hg", "log", "-l1", "-r", rev, "--template", "{node} {date|hgdate} {tags}"} ++ return []string{"hg", "log", "-l1", fmt.Sprintf("--rev=%s", rev), "--template", "{node} {date|hgdate} {tags}"} + }, + parseStat: hgParseStat, + fetch: []string{"hg", "pull", "-f"}, + latest: "tip", + readFile: func(rev, file, remote string) []string { +- return []string{"hg", "cat", "-r", rev, file} ++ return []string{"hg", "cat", fmt.Sprintf("--rev=%s", rev), "--", file} + }, + readZip: func(rev, subdir, remote, target string) []string { + pattern := []string{} + if subdir != "" { +- pattern = []string{"-I", subdir + "/**"} ++ pattern = []string{fmt.Sprintf("--include=%s", subdir+"/**")} + } +- return str.StringList("hg", "archive", "-t", "zip", "--no-decode", "-r", rev, "--prefix=prefix/", pattern, "--", target) ++ return str.StringList("hg", "archive", "-t", "zip", "--no-decode", fmt.Sprintf("--rev=%s", rev), "--prefix=prefix/", pattern, "--", target) + }, + }, + +@@ -215,19 +215,19 @@ var vcsCmds = map[string]*vcsCmd{ + tagRE: re(`(?m)^\S+`), + badLocalRevRE: re(`^revno:-`), + statLocal: func(rev, remote string) []string { +- return []string{"bzr", "log", "-l1", "--long", "--show-ids", "-r", rev} ++ return []string{"bzr", "log", "-l1", "--long", "--show-ids", fmt.Sprintf("--revision=%s", rev)} + }, + parseStat: bzrParseStat, + latest: "revno:-1", + readFile: func(rev, file, remote string) []string { +- return []string{"bzr", "cat", "-r", rev, file} ++ return []string{"bzr", "cat", fmt.Sprintf("--revision=%s", rev), "--", file} + }, + readZip: func(rev, subdir, remote, target string) []string { + extra := []string{} + if subdir != "" { + extra = []string{"./" + subdir} + } +- return str.StringList("bzr", "export", "--format=zip", "-r", rev, "--root=prefix/", "--", target, extra) ++ return str.StringList("bzr", "export", "--format=zip", fmt.Sprintf("--revision=%s", rev), "--root=prefix/", "--", target, extra) + }, + }, + +@@ -242,17 +242,17 @@ var vcsCmds = map[string]*vcsCmd{ + }, + tagRE: re(`XXXTODO`), + statLocal: func(rev, remote string) []string { +- return []string{"fossil", "info", "-R", ".fossil", rev} ++ return []string{"fossil", "info", "-R", ".fossil", "--", rev} + }, + parseStat: fossilParseStat, + latest: "trunk", + readFile: func(rev, file, remote string) []string { +- return []string{"fossil", "cat", "-R", ".fossil", "-r", rev, file} ++ return []string{"fossil", "cat", "-R", ".fossil", fmt.Sprintf("-r=%s", rev), "--", file} + }, + readZip: func(rev, subdir, remote, target string) []string { + extra := []string{} + if subdir != "" && !strings.ContainsAny(subdir, "*?[],") { +- extra = []string{"--include", subdir} ++ extra = []string{fmt.Sprintf("--include=%s", subdir)} + } + // Note that vcsRepo.ReadZip below rewrites this command + // to run in a different directory, to work around a fossil bug. +diff --git a/src/cmd/go/internal/modget/query.go b/src/cmd/go/internal/modget/query.go +index 498ba6c2ff..0d33a52677 100644 +--- a/src/cmd/go/internal/modget/query.go ++++ b/src/cmd/go/internal/modget/query.go +@@ -139,7 +139,10 @@ func errSet(err error) pathSet { return pathSet{err: err} } + // newQuery returns a new query parsed from the raw argument, + // which must be either path or path@version. + func newQuery(raw string) (*query, error) { +- pattern, rawVers, found := strings.Cut(raw, "@") ++ pattern, rawVers, found, err := modload.ParsePathVersion(raw) ++ if err != nil { ++ return nil, err ++ } + if found && (strings.Contains(rawVers, "@") || rawVers == "") { + return nil, fmt.Errorf("invalid module version syntax %q", raw) + } +diff --git a/src/cmd/go/internal/modload/build.go b/src/cmd/go/internal/modload/build.go +index 5cf1487c3e..08acf3aa2b 100644 +--- a/src/cmd/go/internal/modload/build.go ++++ b/src/cmd/go/internal/modload/build.go +@@ -12,7 +12,6 @@ import ( + "io/fs" + "os" + "path/filepath" +- "strings" + + "cmd/go/internal/base" + "cmd/go/internal/cfg" +@@ -88,7 +87,16 @@ func ModuleInfo(ctx context.Context, path string) *modinfo.ModulePublic { + return nil + } + +- if path, vers, found := strings.Cut(path, "@"); found { ++ path, vers, found, err := ParsePathVersion(path) ++ if err != nil { ++ return &modinfo.ModulePublic{ ++ Path: path, ++ Error: &modinfo.ModuleError{ ++ Err: err.Error(), ++ }, ++ } ++ } ++ if found { + m := module.Version{Path: path, Version: vers} + return moduleInfo(ctx, nil, m, 0, nil) + } +diff --git a/src/cmd/go/internal/modload/list.go b/src/cmd/go/internal/modload/list.go +index ef93c25121..e9efb1918e 100644 +--- a/src/cmd/go/internal/modload/list.go ++++ b/src/cmd/go/internal/modload/list.go +@@ -149,7 +149,11 @@ func listModules(ctx context.Context, rs *Requirements, args []string, mode List + } + continue + } +- if path, vers, found := strings.Cut(arg, "@"); found { ++ path, vers, found, err := ParsePathVersion(arg) ++ if err != nil { ++ base.Fatalf("go: %v", err) ++ } ++ if found { + if vers == "upgrade" || vers == "patch" { + if _, ok := rs.rootSelected(path); !ok || rs.pruning == unpruned { + needFullGraph = true +@@ -175,7 +179,11 @@ func listModules(ctx context.Context, rs *Requirements, args []string, mode List + + matchedModule := map[module.Version]bool{} + for _, arg := range args { +- if path, vers, found := strings.Cut(arg, "@"); found { ++ path, vers, found, err := ParsePathVersion(arg) ++ if err != nil { ++ base.Fatalf("go: %v", err) ++ } ++ if found { + var current string + if mg == nil { + current, _ = rs.rootSelected(path) +@@ -308,3 +316,21 @@ func modinfoError(path, vers string, err error) *modinfo.ModuleError { + + return &modinfo.ModuleError{Err: err.Error()} + } ++ ++// ParsePathVersion parses arg expecting arg to be path@version. If there is no ++// '@' in arg, found is false, vers is "", and path is arg. This mirrors the ++// typical usage of strings.Cut. ParsePathVersion is meant to be a general ++// replacement for strings.Cut in module version parsing. If the version is ++// invalid, an error is returned. The version is considered invalid if it is ++// prefixed with '-' or '/', which can cause security problems when constructing ++// commands to execute that use the version. ++func ParsePathVersion(arg string) (path, vers string, found bool, err error) { ++ path, vers, found = strings.Cut(arg, "@") ++ if !found { ++ return arg, "", false, nil ++ } ++ if len(vers) > 0 && (vers[0] == '-' || vers[0] == '/') { ++ return "", "", false, fmt.Errorf("invalid module version %q", vers) ++ } ++ return path, vers, true, nil ++} +diff --git a/src/cmd/go/internal/toolchain/select.go b/src/cmd/go/internal/toolchain/select.go +index 14a8d3c21d..838ebae6a7 100644 +--- a/src/cmd/go/internal/toolchain/select.go ++++ b/src/cmd/go/internal/toolchain/select.go +@@ -614,7 +614,10 @@ func goInstallVersion() bool { + if !strings.Contains(pkgArg, "@") || build.IsLocalImport(pkgArg) || filepath.IsAbs(pkgArg) { + return false + } +- path, version, _ := strings.Cut(pkgArg, "@") ++ path, version, _, err := modload.ParsePathVersion(pkgArg) ++ if err != nil { ++ base.Fatalf("go: %v", err) ++ } + if path == "" || version == "" || gover.IsToolchain(path) { + return false + } +@@ -650,7 +653,7 @@ func goInstallVersion() bool { + allowed = nil + } + noneSelected := func(path string) (version string) { return "none" } +- _, err := modload.QueryPackages(ctx, path, version, noneSelected, allowed) ++ _, err = modload.QueryPackages(ctx, path, version, noneSelected, allowed) + if errors.Is(err, gover.ErrTooNew) { + // Run early switch, same one go install or go run would eventually do, + // if it understood all the command-line flags. +diff --git a/src/cmd/go/internal/vcs/vcs.go b/src/cmd/go/internal/vcs/vcs.go +index 60f76d77cf..55bf25ff62 100644 +--- a/src/cmd/go/internal/vcs/vcs.go ++++ b/src/cmd/go/internal/vcs/vcs.go +@@ -17,7 +17,6 @@ import ( + "os" + "os/exec" + "path/filepath" +- "regexp" + "strconv" + "strings" + "sync" +@@ -40,20 +39,10 @@ type Cmd struct { + Env []string // any environment values to set/override + RootNames []rootName // filename and mode indicating the root of a checkout directory + +- CreateCmd []string // commands to download a fresh copy of a repository +- DownloadCmd []string // commands to download updates into an existing repository +- +- TagCmd []tagCmd // commands to list tags +- TagLookupCmd []tagCmd // commands to lookup tags before running tagSyncCmd +- TagSyncCmd []string // commands to sync to specific tag +- TagSyncDefault []string // commands to sync to default tag +- + Scheme []string + PingCmd string + +- RemoteRepo func(v *Cmd, rootDir string) (remoteRepo string, err error) +- ResolveRepo func(v *Cmd, rootDir, remoteRepo string) (realRepo string, err error) +- Status func(v *Cmd, rootDir string) (Status, error) ++ Status func(v *Cmd, rootDir string) (Status, error) + } + + // Status is the current state of a local repository. +@@ -156,40 +145,16 @@ var vcsHg = &Cmd{ + Name: "Mercurial", + Cmd: "hg", + +- // HGPLAIN=1 turns off additional output that a user may have enabled via +- // config options or certain extensions. +- Env: []string{"HGPLAIN=1"}, ++ // HGPLAIN=+strictflags turns off additional output that a user may have ++ // enabled via config options or certain extensions. ++ Env: []string{"HGPLAIN=+strictflags"}, + RootNames: []rootName{ + {filename: ".hg", isDir: true}, + }, + +- CreateCmd: []string{"clone -U -- {repo} {dir}"}, +- DownloadCmd: []string{"pull"}, +- +- // We allow both tag and branch names as 'tags' +- // for selecting a version. This lets people have +- // a go.release.r60 branch and a go1 branch +- // and make changes in both, without constantly +- // editing .hgtags. +- TagCmd: []tagCmd{ +- {"tags", `^(\S+)`}, +- {"branches", `^(\S+)`}, +- }, +- TagSyncCmd: []string{"update -r {tag}"}, +- TagSyncDefault: []string{"update default"}, +- +- Scheme: []string{"https", "http", "ssh"}, +- PingCmd: "identify -- {scheme}://{repo}", +- RemoteRepo: hgRemoteRepo, +- Status: hgStatus, +-} +- +-func hgRemoteRepo(vcsHg *Cmd, rootDir string) (remoteRepo string, err error) { +- out, err := vcsHg.runOutput(rootDir, "paths default") +- if err != nil { +- return "", err +- } +- return strings.TrimSpace(string(out)), nil ++ Scheme: []string{"https", "http", "ssh"}, ++ PingCmd: "identify -- {scheme}://{repo}", ++ Status: hgStatus, + } + + func hgStatus(vcsHg *Cmd, rootDir string) (Status, error) { +@@ -252,25 +217,6 @@ var vcsGit = &Cmd{ + {filename: ".git", isDir: true}, + }, + +- CreateCmd: []string{"clone -- {repo} {dir}", "-go-internal-cd {dir} submodule update --init --recursive"}, +- DownloadCmd: []string{"pull --ff-only", "submodule update --init --recursive"}, +- +- TagCmd: []tagCmd{ +- // tags/xxx matches a git tag named xxx +- // origin/xxx matches a git branch named xxx on the default remote repository +- {"show-ref", `(?:tags|origin)/(\S+)$`}, +- }, +- TagLookupCmd: []tagCmd{ +- {"show-ref tags/{tag} origin/{tag}", `((?:tags|origin)/\S+)$`}, +- }, +- TagSyncCmd: []string{"checkout {tag}", "submodule update --init --recursive"}, +- // both createCmd and downloadCmd update the working dir. +- // No need to do more here. We used to 'checkout master' +- // but that doesn't work if the default branch is not named master. +- // DO NOT add 'checkout master' here. +- // See golang.org/issue/9032. +- TagSyncDefault: []string{"submodule update --init --recursive"}, +- + Scheme: []string{"git", "https", "http", "git+ssh", "ssh"}, + + // Leave out the '--' separator in the ls-remote command: git 2.7.4 does not +@@ -279,54 +225,7 @@ var vcsGit = &Cmd{ + // See golang.org/issue/33836. + PingCmd: "ls-remote {scheme}://{repo}", + +- RemoteRepo: gitRemoteRepo, +- Status: gitStatus, +-} +- +-// scpSyntaxRe matches the SCP-like addresses used by Git to access +-// repositories by SSH. +-var scpSyntaxRe = lazyregexp.New(`^(\w+)@([\w.-]+):(.*)$`) +- +-func gitRemoteRepo(vcsGit *Cmd, rootDir string) (remoteRepo string, err error) { +- const cmd = "config remote.origin.url" +- outb, err := vcsGit.run1(rootDir, cmd, nil, false) +- if err != nil { +- // if it doesn't output any message, it means the config argument is correct, +- // but the config value itself doesn't exist +- if outb != nil && len(outb) == 0 { +- return "", errors.New("remote origin not found") +- } +- return "", err +- } +- out := strings.TrimSpace(string(outb)) +- +- var repoURL *urlpkg.URL +- if m := scpSyntaxRe.FindStringSubmatch(out); m != nil { +- // Match SCP-like syntax and convert it to a URL. +- // Eg, "git@github.com:user/repo" becomes +- // "ssh://git@github.com/user/repo". +- repoURL = &urlpkg.URL{ +- Scheme: "ssh", +- User: urlpkg.User(m[1]), +- Host: m[2], +- Path: m[3], +- } +- } else { +- repoURL, err = urlpkg.Parse(out) +- if err != nil { +- return "", err +- } +- } +- +- // Iterate over insecure schemes too, because this function simply +- // reports the state of the repo. If we can't see insecure schemes then +- // we can't report the actual repo URL. +- for _, s := range vcsGit.Scheme { +- if repoURL.Scheme == s { +- return repoURL.String(), nil +- } +- } +- return "", errors.New("unable to parse output of git " + cmd) ++ Status: gitStatus, + } + + func gitStatus(vcsGit *Cmd, rootDir string) (Status, error) { +@@ -366,62 +265,9 @@ var vcsBzr = &Cmd{ + {filename: ".bzr", isDir: true}, + }, + +- CreateCmd: []string{"branch -- {repo} {dir}"}, +- +- // Without --overwrite bzr will not pull tags that changed. +- // Replace by --overwrite-tags after http://pad.lv/681792 goes in. +- DownloadCmd: []string{"pull --overwrite"}, +- +- TagCmd: []tagCmd{{"tags", `^(\S+)`}}, +- TagSyncCmd: []string{"update -r {tag}"}, +- TagSyncDefault: []string{"update -r revno:-1"}, +- +- Scheme: []string{"https", "http", "bzr", "bzr+ssh"}, +- PingCmd: "info -- {scheme}://{repo}", +- RemoteRepo: bzrRemoteRepo, +- ResolveRepo: bzrResolveRepo, +- Status: bzrStatus, +-} +- +-func bzrRemoteRepo(vcsBzr *Cmd, rootDir string) (remoteRepo string, err error) { +- outb, err := vcsBzr.runOutput(rootDir, "config parent_location") +- if err != nil { +- return "", err +- } +- return strings.TrimSpace(string(outb)), nil +-} +- +-func bzrResolveRepo(vcsBzr *Cmd, rootDir, remoteRepo string) (realRepo string, err error) { +- outb, err := vcsBzr.runOutput(rootDir, "info "+remoteRepo) +- if err != nil { +- return "", err +- } +- out := string(outb) +- +- // Expect: +- // ... +- // (branch root|repository branch): +- // ... +- +- found := false +- for _, prefix := range []string{"\n branch root: ", "\n repository branch: "} { +- i := strings.Index(out, prefix) +- if i >= 0 { +- out = out[i+len(prefix):] +- found = true +- break +- } +- } +- if !found { +- return "", fmt.Errorf("unable to parse output of bzr info") +- } +- +- i := strings.Index(out, "\n") +- if i < 0 { +- return "", fmt.Errorf("unable to parse output of bzr info") +- } +- out = out[:i] +- return strings.TrimSpace(out), nil ++ Scheme: []string{"https", "http", "bzr", "bzr+ssh"}, ++ PingCmd: "info -- {scheme}://{repo}", ++ Status: bzrStatus, + } + + func bzrStatus(vcsBzr *Cmd, rootDir string) (Status, error) { +@@ -489,45 +335,11 @@ var vcsSvn = &Cmd{ + {filename: ".svn", isDir: true}, + }, + +- CreateCmd: []string{"checkout -- {repo} {dir}"}, +- DownloadCmd: []string{"update"}, +- + // There is no tag command in subversion. + // The branch information is all in the path names. + +- Scheme: []string{"https", "http", "svn", "svn+ssh"}, +- PingCmd: "info -- {scheme}://{repo}", +- RemoteRepo: svnRemoteRepo, +-} +- +-func svnRemoteRepo(vcsSvn *Cmd, rootDir string) (remoteRepo string, err error) { +- outb, err := vcsSvn.runOutput(rootDir, "info") +- if err != nil { +- return "", err +- } +- out := string(outb) +- +- // Expect: +- // +- // ... +- // URL: +- // ... +- // +- // Note that we're not using the Repository Root line, +- // because svn allows checking out subtrees. +- // The URL will be the URL of the subtree (what we used with 'svn co') +- // while the Repository Root may be a much higher parent. +- i := strings.Index(out, "\nURL: ") +- if i < 0 { +- return "", fmt.Errorf("unable to parse output of svn info") +- } +- out = out[i+len("\nURL: "):] +- i = strings.Index(out, "\n") +- if i < 0 { +- return "", fmt.Errorf("unable to parse output of svn info") +- } +- out = out[:i] +- return strings.TrimSpace(out), nil ++ Scheme: []string{"https", "http", "svn", "svn+ssh"}, ++ PingCmd: "info -- {scheme}://{repo}", + } + + // fossilRepoName is the name go get associates with a fossil repository. In the +@@ -543,24 +355,8 @@ var vcsFossil = &Cmd{ + {filename: "_FOSSIL_", isDir: false}, + }, + +- CreateCmd: []string{"-go-internal-mkdir {dir} clone -- {repo} " + filepath.Join("{dir}", fossilRepoName), "-go-internal-cd {dir} open .fossil"}, +- DownloadCmd: []string{"up"}, +- +- TagCmd: []tagCmd{{"tag ls", `(.*)`}}, +- TagSyncCmd: []string{"up tag:{tag}"}, +- TagSyncDefault: []string{"up trunk"}, +- +- Scheme: []string{"https", "http"}, +- RemoteRepo: fossilRemoteRepo, +- Status: fossilStatus, +-} +- +-func fossilRemoteRepo(vcsFossil *Cmd, rootDir string) (remoteRepo string, err error) { +- out, err := vcsFossil.runOutput(rootDir, "remote-url") +- if err != nil { +- return "", err +- } +- return strings.TrimSpace(string(out)), nil ++ Scheme: []string{"https", "http"}, ++ Status: fossilStatus, + } + + var errFossilInfo = errors.New("unable to parse output of fossil info") +@@ -661,7 +457,7 @@ func (v *Cmd) run1(dir string, cmdline string, keyval []string, verbose bool) ([ + args[i] = expand(m, arg) + } + +- if len(args) >= 2 && args[0] == "-go-internal-mkdir" { ++ if len(args) >= 2 && args[0] == "--go-internal-mkdir" { + var err error + if filepath.IsAbs(args[1]) { + err = os.Mkdir(args[1], fs.ModePerm) +@@ -674,7 +470,7 @@ func (v *Cmd) run1(dir string, cmdline string, keyval []string, verbose bool) ([ + args = args[2:] + } + +- if len(args) >= 2 && args[0] == "-go-internal-cd" { ++ if len(args) >= 2 && args[0] == "--go-internal-cd" { + if filepath.IsAbs(args[1]) { + dir = args[1] + } else { +@@ -735,99 +531,6 @@ func (v *Cmd) Ping(scheme, repo string) error { + return v.runVerboseOnly(dir, v.PingCmd, "scheme", scheme, "repo", repo) + } + +-// Create creates a new copy of repo in dir. +-// The parent of dir must exist; dir must not. +-func (v *Cmd) Create(dir, repo string) error { +- release, err := base.AcquireNet() +- if err != nil { +- return err +- } +- defer release() +- +- for _, cmd := range v.CreateCmd { +- if err := v.run(filepath.Dir(dir), cmd, "dir", dir, "repo", repo); err != nil { +- return err +- } +- } +- return nil +-} +- +-// Download downloads any new changes for the repo in dir. +-func (v *Cmd) Download(dir string) error { +- release, err := base.AcquireNet() +- if err != nil { +- return err +- } +- defer release() +- +- for _, cmd := range v.DownloadCmd { +- if err := v.run(dir, cmd); err != nil { +- return err +- } +- } +- return nil +-} +- +-// Tags returns the list of available tags for the repo in dir. +-func (v *Cmd) Tags(dir string) ([]string, error) { +- var tags []string +- for _, tc := range v.TagCmd { +- out, err := v.runOutput(dir, tc.cmd) +- if err != nil { +- return nil, err +- } +- re := regexp.MustCompile(`(?m-s)` + tc.pattern) +- for _, m := range re.FindAllStringSubmatch(string(out), -1) { +- tags = append(tags, m[1]) +- } +- } +- return tags, nil +-} +- +-// TagSync syncs the repo in dir to the named tag, +-// which either is a tag returned by tags or is v.tagDefault. +-func (v *Cmd) TagSync(dir, tag string) error { +- if v.TagSyncCmd == nil { +- return nil +- } +- if tag != "" { +- for _, tc := range v.TagLookupCmd { +- out, err := v.runOutput(dir, tc.cmd, "tag", tag) +- if err != nil { +- return err +- } +- re := regexp.MustCompile(`(?m-s)` + tc.pattern) +- m := re.FindStringSubmatch(string(out)) +- if len(m) > 1 { +- tag = m[1] +- break +- } +- } +- } +- +- release, err := base.AcquireNet() +- if err != nil { +- return err +- } +- defer release() +- +- if tag == "" && v.TagSyncDefault != nil { +- for _, cmd := range v.TagSyncDefault { +- if err := v.run(dir, cmd); err != nil { +- return err +- } +- } +- return nil +- } +- +- for _, cmd := range v.TagSyncCmd { +- if err := v.run(dir, cmd, "tag", tag); err != nil { +- return err +- } +- } +- return nil +-} +- + // A vcsPath describes how to convert an import path into a + // version control system and repository name. + type vcsPath struct { +diff --git a/src/cmd/go/internal/workcmd/edit.go b/src/cmd/go/internal/workcmd/edit.go +index 8d975b0b3d..c1252cc95e 100644 +--- a/src/cmd/go/internal/workcmd/edit.go ++++ b/src/cmd/go/internal/workcmd/edit.go +@@ -242,7 +242,10 @@ func allowedVersionArg(arg string) bool { + // parsePathVersionOptional parses path[@version], using adj to + // describe any errors. + func parsePathVersionOptional(adj, arg string, allowDirPath bool) (path, version string, err error) { +- before, after, found := strings.Cut(arg, "@") ++ before, after, found, err := modload.ParsePathVersion(arg) ++ if err != nil { ++ return "", "", err ++ } + if !found { + path = arg + } else { +-- +2.35.6 From patchwork Tue Feb 24 14:31:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90950E9B272 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21680.1771943588615655332 for ; Tue, 24 Feb 2026 06:33:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=dyL6qF+u; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-48374014a77so58238455e9.3 for ; Tue, 24 Feb 2026 06:33:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943587; x=1772548387; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KjSTZ+RzM9UkK4kEVwG8vXCZNTuaXAq78ldW9tDOr/0=; b=dyL6qF+uGqytGNuZW7bx9Stb8hU/hnf0m3iENZcRSe2JzcCn3GRGs4SvxZWhusJE+y pEoraAIWGdfjaXpLbnJocFH2jKwZbAdHwF5NTO2o2tj120d0PeC1KL+HfgLg4yw7mAAB kNxHruSOGhJe2qc4CLW3inF8j6U69JWZcI3MY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943587; x=1772548387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KjSTZ+RzM9UkK4kEVwG8vXCZNTuaXAq78ldW9tDOr/0=; b=qZ79wJ1Cz/ajGlulRGsb6lDU6cGiLPUCdKbFbzRXo8jouc/76uQTdeD33BzBKHNQNh ATUbbnDhlm+UbIxET0xuDT6ypunS32PkvASVHxRZiwQrfsK71mAzOlWYHBXMTgIq59w+ QinFsgA0kEfOsbp3vUC2Y/kEJbG2+KYh1HleAf/LofQTqcPQ2FShDJoJhX2jawoWFsES CSoPayqfUDwIw6TiPyT0wkwKli5ovFEl0z3z1fKoJcIWgwRx7ojYlLudP0nPxbyfF1l9 VL9zCljHXUmSktWA+yK//zkcy3FSKMTV23uCA3eGBHiUUT4mK2Kavpw4FQ9DyPrbDCu8 DwRA== X-Gm-Message-State: AOJu0YyyPMGxd/5Y8LdUCK5aBffikvuVK/yg0s+Yn0UwSgiLl1ETuoVM Yh4lLCVs4sPHj2nPLFt4m02ZPA9pSflopoQvJ4gjeD8lubYiRfdIGmg416VsA1Qn2goBhrVA90A yl2vv X-Gm-Gg: AZuq6aKR8EO+LQCLMDe23/W9oWhweujYmuEnudR5it+Z3xSZMMxBw80+TEE9JVxhfnI G9d6EXIqCNLe7u7xzJ88bpbyHmXAQQuXwQPWVdAogomJ9RLfgGdCIyWfkTbIu+va+EwdCb1wcxN w2HTTPnxjlLS2+D6YaBZcGbDqvj50Yx2GkPQyoLnGsh1kUn4M9Z1qoIUqsi2Y1Yt9ke0KiqIIkI r0V7Ii+oynZssMUQNMJlFPs54PVynXbf34Ry8V1GnOLim98x9WQ9Hztv+ycvaznRsFrb0VmcmjQ MYHVx8ZcLTi3NjxzCyhggj+vUJ/auH2hNV7xs1XVnKY1p2WqPToBmTmM0e1PvjSB3x6cehn5d/5 zbD9Iu/sH6+E+o111lBDJLl9MSMevgadh0X9hicO4c9Cqo+I28yW81X+RCYa3tTfbjtkm4pBeyo JJ4gSyH7AVd2BWg8jrZhjvTcX9flkUcCEHZXKCNF5yElrC+goreFSHwMKi5pTCaR00k7lzL925x aOKh6wTDPpsA2krVtPtOxL/mmIySKYhnw== X-Received: by 2002:a05:600c:37cc:b0:47e:e20e:bbbe with SMTP id 5b1f17b1804b1-483a95e9b65mr210908405e9.25.1771943586486; Tue, 24 Feb 2026 06:33:06 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:06 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 25/44] go 1.22.12: Fix CVE-2025-61732 Date: Tue, 24 Feb 2026 15:31:53 +0100 Message-ID: <5a04a727bf2eaf4791b8c77a11eb7741ec252c28.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231831 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-61732 Type: Security Fix CVE: CVE-2025-61732 Score: 8.6 Patch: https://github.com/golang/go/commit/14d0bb39c1c4 Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-61732.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61732.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index ca0f05f7c86..cc4f98a8fe6 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -37,6 +37,7 @@ SRC_URI += "\ file://CVE-2025-61731.patch \ file://CVE-2025-68119-dependent.patch \ file://CVE-2025-68119.patch \ + file://CVE-2025-61732.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-61732.patch b/meta/recipes-devtools/go/go/CVE-2025-61732.patch new file mode 100644 index 00000000000..523660def28 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-61732.patch @@ -0,0 +1,53 @@ +From fe8c665f1608126e7b644ab07bb0698ad1c0b4b6 Mon Sep 17 00:00:00 2001 +From: Neal Patel +Date: Tue, 6 Jan 2026 16:09:19 -0500 +Subject: [PATCH] [release-branch.go1.24] cmd/go: remove user-content from doc + strings in cgo ASTs. + +Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. for reporting this issue. + +Updates #76697 +Fixes #77128 +Fixes CVE-2025-61732 + +CVE: CVE-2025-61732 +Upstream-Status: Backport [https://github.com/golang/go/commit/14d0bb39c1c4] + +Change-Id: Ie2a96b79a813e362cbf8e6cb0e3c2d0c022bcb29 +Reviewed-on: https://go-review.googlesource.com/c/go/+/740001 +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Dmitri Shuralyov +Reviewed-by: Roland Shoemaker +(cherry picked from commit 14d0bb39c1c4093bd02740d14b1a2ca720ced97c) +Signed-off-by: Deepak Rathore +--- + src/cmd/cgo/ast.go | 11 +++-------- + 1 file changed, 3 insertions(+), 8 deletions(-) + +diff --git a/src/cmd/cgo/ast.go b/src/cmd/cgo/ast.go +index 3cbbeafdca..eb373bdefa 100644 +--- a/src/cmd/cgo/ast.go ++++ b/src/cmd/cgo/ast.go +@@ -301,17 +301,12 @@ func (f *File) saveExport(x interface{}, context astContext) { + error_(c.Pos(), "export comment has wrong name %q, want %q", name, n.Name.Name) + } + +- doc := "" +- for _, c1 := range n.Doc.List { +- if c1 != c { +- doc += c1.Text + "\n" +- } +- } +- + f.ExpFunc = append(f.ExpFunc, &ExpFunc{ + Func: n, + ExpName: name, +- Doc: doc, ++ // Caution: Do not set the Doc field on purpose ++ // to ensure that there are no unintended artifacts ++ // in the binary. See https://go.dev/issue/76697. + }) + break + } +-- +2.35.6 From patchwork Tue Feb 24 14:31:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80121F357DE for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21682.1771943589889662027 for ; Tue, 24 Feb 2026 06:33:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=U1UzbJkJ; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-483abed83b6so22424865e9.0 for ; Tue, 24 Feb 2026 06:33:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943588; x=1772548388; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/ruZmv6TsVJn1j50/TMd0PUKBsIsu/kdSbYu5NgPABY=; b=U1UzbJkJqhhW0Kh3TX4et6cRWWbAOW3cLbB+1DKK543DkdZd3Jy/1uzwgugm431/5f yd9w/An9d7WH6m7y9w8QYsfigYpaetbsSq9zlcka8/J//7pp0uiyjN9lj1hBfs3NOvcW 9TlqZC6/1pqax+n6AWnrXMeoVGGlGheB5NQSE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943588; x=1772548388; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/ruZmv6TsVJn1j50/TMd0PUKBsIsu/kdSbYu5NgPABY=; b=mf10vFx+v3BoYeOgdko0RSUkdSd2KGPiSfNbDN9mMJjlLirfq7m21L+lR0Ks3RTJm1 SQYTEf977tpjQo3RosfNdKL8vSeRP24p1nCo/Mp3kjaGM7vL3yH0lHvdyS96Wmsi9d6m J4C1Th23y3mD6hIAAMbDm1LbsdmDAXg8hMkO2SzF0nv3LcM71k2t33pajWzAgmgvyg6W WJXrie8F2OOBMPvAaEnbk9vOemeMACds4UUhHan2CDZnJ6rVXwK+Pmf2kCjPEV4bMwXB TSDopdRVW+Yj/4Oz5/KI7QbFLMeWYnG111ehJz9ShwhQcdQwBgcq0z0Qu7MNsSTEBRwM rRQg== X-Gm-Message-State: AOJu0YwZ5XeThewZk0kNdd6YZ5oc4sAlws+gjQc+15FtVT/HTY1Ysgiw AZ0qVcuER+VS/LqwTbedw6upPo5nqnxRxJdJC1cTf2bCKdofyacmx/skT8bm9aBS1OOYwZ8mqAz +4Xi3 X-Gm-Gg: AZuq6aLt4V2965hvnXGsWl2MW/oQ8l5GJwBktLOUL4x4Sz4oIvylsXlyFdbzHHnqIvF RPl8g4VuFa3HecS4JwE9vZXQbzdorZrk4gmZHvE0k73E1xAtxmYBaTmkrF6GbbvwYP9u7UoTjwc uGw5oAKyVEMfKoYN2rjMQFJU1ZvoDitsdioG4m/aCCfZV6oJUc/LfL+1RZJZV6+ANzSJxciZXaW Zb6wb7Ze41wx0+dmWzyeNZWZ4yci83gOWwp+f5awVMq9jlhZCy9TrCDReSTqUFvQ5qgp39FcsRx Ss1U3d462xwpypVBicmNIjNQGZTIv3HYP+r36/y2JSCmngKW2xqA8vrQFIsuWQjCrMitEzsSnwk /7YYJbQeTQkMdGPSLZa90/hYUl/rrk4jsiKMMZB7ktRZVw78BjNRnMHPy57x9jUfF3BVDq6Yp9k lzueqiuMPIGRFiGdK737Hdxy+IeheoSgQavGXS5IBKLD1XA7UFzJYiDvLUeO20ZoLB/f0oENCay 9OD8w8aDzNf3SO4qXXrp7pCW82uhxOXFA== X-Received: by 2002:a05:600c:8b82:b0:483:8062:b2f with SMTP id 5b1f17b1804b1-483a95b3e0dmr196141155e9.6.1771943587723; Tue, 24 Feb 2026 06:33:07 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:07 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 26/44] go 1.22.12: Fix CVE-2025-68121 Date: Tue, 24 Feb 2026 15:31:54 +0100 Message-ID: <9aaf56e80382bb608bc645e6227990c3d57d1e0b.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231833 From: Deepak Rathore Upstream Repository: https://github.com/golang/go.git Bug details: https://nvd.nist.gov/vuln/detail/CVE-2025-68121 Type: Security Fix CVE: CVE-2025-68121 Score: 4.8 Patch: - https://github.com/golang/go/commit/5f07b226f9aa - https://github.com/golang/go/commit/cb75daf3b291 - https://github.com/golang/go/commit/6a501314718b Signed-off-by: Deepak Rathore Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/go-1.22.12.inc | 3 + .../go/go/CVE-2025-68121_p1.patch | 253 ++++++++++++ .../go/go/CVE-2025-68121_p2.patch | 385 ++++++++++++++++++ .../go/go/CVE-2025-68121_p3.patch | 82 ++++ 4 files changed, 723 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p1.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p2.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p3.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index cc4f98a8fe6..3fa421e223e 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -38,6 +38,9 @@ SRC_URI += "\ file://CVE-2025-68119-dependent.patch \ file://CVE-2025-68119.patch \ file://CVE-2025-61732.patch \ + file://CVE-2025-68121_p1.patch \ + file://CVE-2025-68121_p2.patch \ + file://CVE-2025-68121_p3.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-68121_p1.patch b/meta/recipes-devtools/go/go/CVE-2025-68121_p1.patch new file mode 100644 index 00000000000..811bb17ee8f --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-68121_p1.patch @@ -0,0 +1,253 @@ +From 529caf01aff2314585688c0f92f009d0ad0914be Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 26 Jan 2026 10:55:32 -0800 +Subject: [PATCH 1/2] [release-branch.go1.24] crypto/tls: add verifiedChains + expiration checking during resumption + +When resuming a session, check that the verifiedChains contain at least +one chain that is still valid at the time of resumption. If not, trigger +a new handshake. + +Updates #77113 +Updates #77355 +Updates CVE-2025-68121 + +CVE: CVE-2025-68121 +Upstream-Status: Backport [https://github.com/golang/go/commit/5f07b226f9aa] + +Change-Id: I14f585c43da17802513cbdd5b10c552d7a38b34e +Reviewed-on: https://go-review.googlesource.com/c/go/+/739321 +Reviewed-by: Coia Prant +Reviewed-by: Filippo Valsorda +Auto-Submit: Roland Shoemaker +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Dmitri Shuralyov +Reviewed-on: https://go-review.googlesource.com/c/go/+/740061 +Reviewed-by: Nicholas Husin +Reviewed-by: Nicholas Husin +Auto-Submit: Dmitri Shuralyov +Reviewed-by: Damien Neil +(cherry picked from commit 5f07b226f9aa185aca4b88a9ae58456d7800fc06) +Signed-off-by: Deepak Rathore +--- + src/crypto/tls/common.go | 13 +++ + src/crypto/tls/handshake_client.go | 10 +- + src/crypto/tls/handshake_server.go | 2 +- + src/crypto/tls/handshake_server_test.go | 122 +++++++++++++++++++++++ + src/crypto/tls/handshake_server_tls13.go | 2 +- + 5 files changed, 144 insertions(+), 5 deletions(-) + +diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go +index 849e8b0a20..738c7e100b 100644 +--- a/src/crypto/tls/common.go ++++ b/src/crypto/tls/common.go +@@ -1555,3 +1555,16 @@ func (e *CertificateVerificationError) Error() string { + func (e *CertificateVerificationError) Unwrap() error { + return e.Err + } ++ ++// anyUnexpiredChain reports if at least one of verifiedChains is still ++// unexpired. If verifiedChains is empty, it returns false. ++func anyUnexpiredChain(verifiedChains [][]*x509.Certificate, now time.Time) bool { ++ for _, chain := range verifiedChains { ++ if len(chain) != 0 && !slices.ContainsFunc(chain, func(cert *x509.Certificate) bool { ++ return now.Before(cert.NotBefore) || now.After(cert.NotAfter) // cert is expired ++ }) { ++ return true ++ } ++ } ++ return false ++} +diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go +index 08a2d47974..c2ff9e1959 100644 +--- a/src/crypto/tls/handshake_client.go ++++ b/src/crypto/tls/handshake_client.go +@@ -322,9 +322,6 @@ func (c *Conn) loadSession(hello *clientHelloMsg) ( + return nil, nil, nil, nil + } + +- // Check that the cached server certificate is not expired, and that it's +- // valid for the ServerName. This should be ensured by the cache key, but +- // protect the application from a faulty ClientSessionCache implementation. + if c.config.time().After(session.peerCertificates[0].NotAfter) { + // Expired certificate, delete the entry. + c.config.ClientSessionCache.Put(cacheKey, nil) +@@ -336,6 +333,13 @@ func (c *Conn) loadSession(hello *clientHelloMsg) ( + return nil, nil, nil, nil + } + if err := session.peerCertificates[0].VerifyHostname(c.config.ServerName); err != nil { ++ // This should be ensured by the cache key, but protect the ++ // application from a faulty ClientSessionCache implementation. ++ return nil, nil, nil, nil ++ } ++ if !anyUnexpiredChain(session.verifiedChains, c.config.time()) { ++ // No valid chains, delete the entry. ++ c.config.ClientSessionCache.Put(cacheKey, nil) + return nil, nil, nil, nil + } + } +diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go +index 17b6891783..608b2535f1 100644 +--- a/src/crypto/tls/handshake_server.go ++++ b/src/crypto/tls/handshake_server.go +@@ -483,7 +483,7 @@ func (hs *serverHandshakeState) checkForResumption() error { + return nil + } + if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven && +- len(sessionState.verifiedChains) == 0 { ++ !anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) { + return nil + } + +diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go +index 0f10a3e7a6..9eff106ecf 100644 +--- a/src/crypto/tls/handshake_server_test.go ++++ b/src/crypto/tls/handshake_server_test.go +@@ -12,6 +12,7 @@ import ( + "crypto/elliptic" + "crypto/rand" + "crypto/x509" ++ "crypto/x509/pkix" + "encoding/pem" + "errors" + "fmt" +@@ -2049,3 +2050,124 @@ func TestHandshakeContextHierarchy(t *testing.T) { + t.Errorf("Unexpected client error: %v", err) + } + } ++ ++func TestHandshakeChainExpiryResumption(t *testing.T) { ++ t.Run("TLS1.2", func(t *testing.T) { ++ testHandshakeChainExpiryResumption(t, VersionTLS12) ++ }) ++ t.Run("TLS1.3", func(t *testing.T) { ++ testHandshakeChainExpiryResumption(t, VersionTLS13) ++ }) ++} ++ ++func testHandshakeChainExpiryResumption(t *testing.T, version uint16) { ++ now := time.Now() ++ ++ createChain := func(leafNotAfter, rootNotAfter time.Time) (leafDER, expiredLeafDER []byte, root *x509.Certificate) { ++ tmpl := &x509.Certificate{ ++ Subject: pkix.Name{CommonName: "root"}, ++ NotBefore: rootNotAfter.Add(-time.Hour * 24), ++ NotAfter: rootNotAfter, ++ IsCA: true, ++ BasicConstraintsValid: true, ++ } ++ rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ root, err = x509.ParseCertificate(rootDER) ++ if err != nil { ++ t.Fatalf("ParseCertificate: %v", err) ++ } ++ ++ tmpl = &x509.Certificate{ ++ Subject: pkix.Name{}, ++ DNSNames: []string{"expired-resume.example.com"}, ++ NotBefore: leafNotAfter.Add(-time.Hour * 24), ++ NotAfter: leafNotAfter, ++ KeyUsage: x509.KeyUsageDigitalSignature, ++ } ++ leafCertDER, err := x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ tmpl.NotBefore, tmpl.NotAfter = leafNotAfter.Add(-time.Hour*24*365), leafNotAfter.Add(-time.Hour*24*364) ++ expiredLeafDERCertDER, err := x509.CreateCertificate(rand.Reader, tmpl, root, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ ++ return leafCertDER, expiredLeafDERCertDER, root ++ } ++ testExpiration := func(name string, leafNotAfter, rootNotAfter time.Time) { ++ t.Run(name, func(t *testing.T) { ++ initialLeafDER, expiredLeafDER, initialRoot := createChain(leafNotAfter, rootNotAfter) ++ ++ serverConfig := testConfig.Clone() ++ serverConfig.MaxVersion = version ++ serverConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{initialLeafDER, expiredLeafDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ serverConfig.ClientCAs = x509.NewCertPool() ++ serverConfig.ClientCAs.AddCert(initialRoot) ++ serverConfig.ClientAuth = RequireAndVerifyClientCert ++ serverConfig.Time = func() time.Time { ++ return now ++ } ++ serverConfig.InsecureSkipVerify = false ++ serverConfig.ServerName = "expired-resume.example.com" ++ ++ clientConfig := testConfig.Clone() ++ clientConfig.MaxVersion = version ++ clientConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{initialLeafDER, expiredLeafDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ clientConfig.RootCAs = x509.NewCertPool() ++ clientConfig.RootCAs.AddCert(initialRoot) ++ clientConfig.ServerName = "expired-resume.example.com" ++ clientConfig.ClientSessionCache = NewLRUClientSessionCache(32) ++ clientConfig.InsecureSkipVerify = false ++ clientConfig.ServerName = "expired-resume.example.com" ++ clientConfig.Time = func() time.Time { ++ return now ++ } ++ ++ testResume := func(t *testing.T, sc, cc *Config, expectResume bool) { ++ t.Helper() ++ ss, cs, err := testHandshake(t, cc, sc) ++ if err != nil { ++ t.Fatalf("handshake: %v", err) ++ } ++ if cs.DidResume != expectResume { ++ t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume) ++ } ++ if ss.DidResume != expectResume { ++ t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume) ++ } ++ } ++ ++ testResume(t, serverConfig, clientConfig, false) ++ testResume(t, serverConfig, clientConfig, true) ++ ++ expiredNow := time.Unix(0, min(leafNotAfter.UnixNano(), rootNotAfter.UnixNano())).Add(time.Minute) ++ ++ freshLeafDER, expiredLeafDER, freshRoot := createChain(expiredNow.Add(time.Hour), expiredNow.Add(time.Hour)) ++ clientConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{freshLeafDER, expiredLeafDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ serverConfig.Time = func() time.Time { ++ return expiredNow ++ } ++ serverConfig.ClientCAs = x509.NewCertPool() ++ serverConfig.ClientCAs.AddCert(freshRoot) ++ ++ testResume(t, serverConfig, clientConfig, false) ++ }) ++ } ++ ++ testExpiration("LeafExpiresBeforeRoot", now.Add(2*time.Hour), now.Add(3*time.Hour)) ++ testExpiration("LeafExpiresAfterRoot", now.Add(2*time.Hour), now.Add(time.Hour)) ++} +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index 5aa69e9640..a48a296721 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -346,7 +346,7 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { + continue + } + if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven && +- len(sessionState.verifiedChains) == 0 { ++ !anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) { + continue + } + +-- +2.35.6 diff --git a/meta/recipes-devtools/go/go/CVE-2025-68121_p2.patch b/meta/recipes-devtools/go/go/CVE-2025-68121_p2.patch new file mode 100644 index 00000000000..8e8cd450194 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-68121_p2.patch @@ -0,0 +1,385 @@ +From c22ca724688b18d51b4bbf97ec42914a7b2642c5 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 26 Jan 2026 11:18:45 -0800 +Subject: [PATCH] [release-branch.go1.24] crypto/tls: check verifiedChains + roots when resuming sessions + +When resuming TLS sessions, on the server and client verify that the +chains stored in the session state (verifiedChains) are still acceptable +with regards to the Config by checking for the inclusion of the root in +either ClientCAs (server) or RootCAs (client). This prevents resuming +a session with a certificate chain that would be rejected during a full +handshake due to an untrusted root. + +Updates #77113 +Updates #77355 +Updates CVE-2025-68121 + +CVE: CVE-2025-68121 +Upstream-Status: Backport [https://github.com/golang/go/commit/cb75daf3b291] + +Backport Changes: +- In src/crypto/tls/common.go, the upstream fix introduces the use of + slices.ContainsFunc(). To align with that change, the slices library + needs to be imported in our local common.go file as well. Since this + package is not available in our current Go version (v1.22), we are + adding it manually to resolve the compilation issue. +- The slices library was originally introduced in Go v1.23 as part of + the this commit:https://github.com/golang/go/commit/0b57881571a7 + +Change-Id: I11fe00909ef1961c24ecf80bf5b97f7b1121d359 +Reviewed-on: https://go-review.googlesource.com/c/go/+/737700 +Auto-Submit: Roland Shoemaker +Reviewed-by: Dmitri Shuralyov +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Coia Prant +Reviewed-by: Filippo Valsorda +Reviewed-on: https://go-review.googlesource.com/c/go/+/740062 +Reviewed-by: Damien Neil +Reviewed-by: Nicholas Husin +Reviewed-by: Nicholas Husin +Auto-Submit: Dmitri Shuralyov +(cherry picked from commit cb75daf3b29129620fa4a35ee2d3903e908aeb1c) +Signed-off-by: Deepak Rathore +--- + src/crypto/tls/common.go | 26 ++- + src/crypto/tls/handshake_client.go | 7 +- + src/crypto/tls/handshake_server.go | 7 +- + src/crypto/tls/handshake_server_test.go | 214 +++++++++++++++++++++++ + src/crypto/tls/handshake_server_tls13.go | 8 +- + 5 files changed, 254 insertions(+), 8 deletions(-) + +diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go +index 738c7e100b..299d6f32cb 100644 +--- a/src/crypto/tls/common.go ++++ b/src/crypto/tls/common.go +@@ -21,6 +21,7 @@ import ( + "internal/godebug" + "io" + "net" ++ "slices" + "strings" + "sync" + "time" +@@ -1556,13 +1557,28 @@ func (e *CertificateVerificationError) Unwrap() error { + return e.Err + } + +-// anyUnexpiredChain reports if at least one of verifiedChains is still +-// unexpired. If verifiedChains is empty, it returns false. +-func anyUnexpiredChain(verifiedChains [][]*x509.Certificate, now time.Time) bool { ++// anyValidVerifiedChain reports if at least one of the chains in verifiedChains ++// is valid, as indicated by none of the certificates being expired and the root ++// being in opts.Roots (or in the system root pool if opts.Roots is nil). If ++// verifiedChains is empty, it returns false. ++func anyValidVerifiedChain(verifiedChains [][]*x509.Certificate, opts x509.VerifyOptions) bool { + for _, chain := range verifiedChains { +- if len(chain) != 0 && !slices.ContainsFunc(chain, func(cert *x509.Certificate) bool { +- return now.Before(cert.NotBefore) || now.After(cert.NotAfter) // cert is expired ++ if len(chain) == 0 { ++ continue ++ } ++ if slices.ContainsFunc(chain, func(cert *x509.Certificate) bool { ++ return opts.CurrentTime.Before(cert.NotBefore) || opts.CurrentTime.After(cert.NotAfter) + }) { ++ continue ++ } ++ // Since we already validated the chain, we only care that it is ++ // rooted in a CA in CAs, or in the system pool. On platforms where ++ // we control chain validation (e.g. not Windows or macOS) this is a ++ // simple lookup in the CertPool internal hash map. On other ++ // platforms, this may be more expensive, depending on how they ++ // implement verification of just root certificates. ++ root := chain[len(chain)-1] ++ if _, err := root.Verify(opts); err == nil { + return true + } + } +diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go +index c2ff9e1959..c8746b1023 100644 +--- a/src/crypto/tls/handshake_client.go ++++ b/src/crypto/tls/handshake_client.go +@@ -337,7 +337,12 @@ func (c *Conn) loadSession(hello *clientHelloMsg) ( + // application from a faulty ClientSessionCache implementation. + return nil, nil, nil, nil + } +- if !anyUnexpiredChain(session.verifiedChains, c.config.time()) { ++ opts := x509.VerifyOptions{ ++ CurrentTime: c.config.time(), ++ Roots: c.config.RootCAs, ++ KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, ++ } ++ if !anyValidVerifiedChain(session.verifiedChains, opts) { + // No valid chains, delete the entry. + c.config.ClientSessionCache.Put(cacheKey, nil) + return nil, nil, nil, nil +diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go +index 608b2535f1..4e3f5e19fb 100644 +--- a/src/crypto/tls/handshake_server.go ++++ b/src/crypto/tls/handshake_server.go +@@ -482,8 +482,13 @@ func (hs *serverHandshakeState) checkForResumption() error { + if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) { + return nil + } ++ opts := x509.VerifyOptions{ ++ CurrentTime: c.config.time(), ++ Roots: c.config.ClientCAs, ++ KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, ++ } + if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven && +- !anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) { ++ !anyValidVerifiedChain(sessionState.verifiedChains, opts) { + return nil + } + +diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go +index 9eff106ecf..c44ad51804 100644 +--- a/src/crypto/tls/handshake_server_test.go ++++ b/src/crypto/tls/handshake_server_test.go +@@ -2171,3 +2171,217 @@ func testHandshakeChainExpiryResumption(t *testing.T, version uint16) { + testExpiration("LeafExpiresBeforeRoot", now.Add(2*time.Hour), now.Add(3*time.Hour)) + testExpiration("LeafExpiresAfterRoot", now.Add(2*time.Hour), now.Add(time.Hour)) + } ++ ++func TestHandshakeGetConfigForClientDifferentClientCAs(t *testing.T) { ++ t.Run("TLS1.2", func(t *testing.T) { ++ testHandshakeGetConfigForClientDifferentClientCAs(t, VersionTLS12) ++ }) ++ t.Run("TLS1.3", func(t *testing.T) { ++ testHandshakeGetConfigForClientDifferentClientCAs(t, VersionTLS13) ++ }) ++} ++ ++func testHandshakeGetConfigForClientDifferentClientCAs(t *testing.T, version uint16) { ++ now := time.Now() ++ tmpl := &x509.Certificate{ ++ Subject: pkix.Name{CommonName: "root"}, ++ NotBefore: now.Add(-time.Hour * 24), ++ NotAfter: now.Add(time.Hour * 24), ++ IsCA: true, ++ BasicConstraintsValid: true, ++ } ++ rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ rootA, err := x509.ParseCertificate(rootDER) ++ if err != nil { ++ t.Fatalf("ParseCertificate: %v", err) ++ } ++ rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ rootB, err := x509.ParseCertificate(rootDER) ++ if err != nil { ++ t.Fatalf("ParseCertificate: %v", err) ++ } ++ ++ tmpl = &x509.Certificate{ ++ Subject: pkix.Name{}, ++ DNSNames: []string{"example.com"}, ++ NotBefore: now.Add(-time.Hour * 24), ++ NotAfter: now.Add(time.Hour * 24), ++ KeyUsage: x509.KeyUsageDigitalSignature, ++ } ++ certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ ++ serverConfig := testConfig.Clone() ++ serverConfig.MaxVersion = version ++ serverConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{certDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ serverConfig.Time = func() time.Time { ++ return now ++ } ++ serverConfig.ClientCAs = x509.NewCertPool() ++ serverConfig.ClientCAs.AddCert(rootA) ++ serverConfig.ClientAuth = RequireAndVerifyClientCert ++ switchConfig := false ++ serverConfig.GetConfigForClient = func(clientHello *ClientHelloInfo) (*Config, error) { ++ if !switchConfig { ++ return nil, nil ++ } ++ cfg := serverConfig.Clone() ++ cfg.ClientCAs = x509.NewCertPool() ++ cfg.ClientCAs.AddCert(rootB) ++ return cfg, nil ++ } ++ serverConfig.InsecureSkipVerify = false ++ serverConfig.ServerName = "example.com" ++ ++ clientConfig := testConfig.Clone() ++ clientConfig.MaxVersion = version ++ clientConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{certDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ clientConfig.ClientSessionCache = NewLRUClientSessionCache(32) ++ clientConfig.RootCAs = x509.NewCertPool() ++ clientConfig.RootCAs.AddCert(rootA) ++ clientConfig.Time = func() time.Time { ++ return now ++ } ++ clientConfig.InsecureSkipVerify = false ++ clientConfig.ServerName = "example.com" ++ ++ testResume := func(t *testing.T, sc, cc *Config, expectResume bool) { ++ t.Helper() ++ ss, cs, err := testHandshake(t, cc, sc) ++ if err != nil { ++ t.Fatalf("handshake: %v", err) ++ } ++ if cs.DidResume != expectResume { ++ t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume) ++ } ++ if ss.DidResume != expectResume { ++ t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume) ++ } ++ } ++ ++ testResume(t, serverConfig, clientConfig, false) ++ testResume(t, serverConfig, clientConfig, true) ++ ++ // Cause GetConfigForClient to return a config cloned from the base config, ++ // but with a different ClientCAs pool. This should cause resumption to fail. ++ switchConfig = true ++ ++ testResume(t, serverConfig, clientConfig, false) ++ testResume(t, serverConfig, clientConfig, true) ++} ++ ++func TestHandshakeChangeRootCAsResumption(t *testing.T) { ++ t.Run("TLS1.2", func(t *testing.T) { ++ testHandshakeChangeRootCAsResumption(t, VersionTLS12) ++ }) ++ t.Run("TLS1.3", func(t *testing.T) { ++ testHandshakeChangeRootCAsResumption(t, VersionTLS13) ++ }) ++} ++ ++func testHandshakeChangeRootCAsResumption(t *testing.T, version uint16) { ++ now := time.Now() ++ tmpl := &x509.Certificate{ ++ Subject: pkix.Name{CommonName: "root"}, ++ NotBefore: now.Add(-time.Hour * 24), ++ NotAfter: now.Add(time.Hour * 24), ++ IsCA: true, ++ BasicConstraintsValid: true, ++ } ++ rootDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ rootA, err := x509.ParseCertificate(rootDER) ++ if err != nil { ++ t.Fatalf("ParseCertificate: %v", err) ++ } ++ rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ rootB, err := x509.ParseCertificate(rootDER) ++ if err != nil { ++ t.Fatalf("ParseCertificate: %v", err) ++ } ++ ++ tmpl = &x509.Certificate{ ++ Subject: pkix.Name{}, ++ DNSNames: []string{"example.com"}, ++ NotBefore: now.Add(-time.Hour * 24), ++ NotAfter: now.Add(time.Hour * 24), ++ KeyUsage: x509.KeyUsageDigitalSignature, ++ } ++ certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) ++ if err != nil { ++ t.Fatalf("CreateCertificate: %v", err) ++ } ++ ++ serverConfig := testConfig.Clone() ++ serverConfig.MaxVersion = version ++ serverConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{certDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ serverConfig.Time = func() time.Time { ++ return now ++ } ++ serverConfig.ClientCAs = x509.NewCertPool() ++ serverConfig.ClientCAs.AddCert(rootA) ++ serverConfig.ClientAuth = RequireAndVerifyClientCert ++ serverConfig.InsecureSkipVerify = false ++ serverConfig.ServerName = "example.com" ++ ++ clientConfig := testConfig.Clone() ++ clientConfig.MaxVersion = version ++ clientConfig.Certificates = []Certificate{{ ++ Certificate: [][]byte{certDER}, ++ PrivateKey: testECDSAPrivateKey, ++ }} ++ clientConfig.ClientSessionCache = NewLRUClientSessionCache(32) ++ clientConfig.RootCAs = x509.NewCertPool() ++ clientConfig.RootCAs.AddCert(rootA) ++ clientConfig.Time = func() time.Time { ++ return now ++ } ++ clientConfig.InsecureSkipVerify = false ++ clientConfig.ServerName = "example.com" ++ ++ testResume := func(t *testing.T, sc, cc *Config, expectResume bool) { ++ t.Helper() ++ ss, cs, err := testHandshake(t, cc, sc) ++ if err != nil { ++ t.Fatalf("handshake: %v", err) ++ } ++ if cs.DidResume != expectResume { ++ t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume) ++ } ++ if ss.DidResume != expectResume { ++ t.Fatalf("DidResume = %v; want %v", cs.DidResume, expectResume) ++ } ++ } ++ ++ testResume(t, serverConfig, clientConfig, false) ++ testResume(t, serverConfig, clientConfig, true) ++ ++ clientConfig = clientConfig.Clone() ++ clientConfig.RootCAs = x509.NewCertPool() ++ clientConfig.RootCAs.AddCert(rootB) ++ ++ testResume(t, serverConfig, clientConfig, false) ++ testResume(t, serverConfig, clientConfig, true) ++} +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index a48a296721..1ecee3a867 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -11,6 +11,7 @@ import ( + "crypto/hmac" + "crypto/rsa" + "encoding/binary" ++ "crypto/x509" + "errors" + "hash" + "io" +@@ -345,8 +346,13 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { + if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) { + continue + } ++ opts := x509.VerifyOptions{ ++ CurrentTime: c.config.time(), ++ Roots: c.config.ClientCAs, ++ KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, ++ } + if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven && +- !anyUnexpiredChain(sessionState.verifiedChains, c.config.time()) { ++ !anyValidVerifiedChain(sessionState.verifiedChains, opts) { + continue + } + +-- +2.35.6 diff --git a/meta/recipes-devtools/go/go/CVE-2025-68121_p3.patch b/meta/recipes-devtools/go/go/CVE-2025-68121_p3.patch new file mode 100644 index 00000000000..40266f9f9eb --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-68121_p3.patch @@ -0,0 +1,82 @@ +From f38ac662b21e333b77951848a7e0549e4f69799e Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Thu, 29 Jan 2026 11:32:25 +0100 +Subject: [PATCH] [release-branch.go1.24] crypto/tls: document resumption + behavior across Configs + +Updates #77113 +Updates #77217 +Updates CVE-2025-68121 + +CVE: CVE-2025-68121 +Upstream-Status: Backport [https://github.com/golang/go/commit/6a501314718b] + +Change-Id: Ia47904a9ed001275aad0243a6a0ce57e6a6a6964 +Reviewed-on: https://go-review.googlesource.com/c/go/+/740240 +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Roland Shoemaker +Reviewed-by: Michael Pratt +Auto-Submit: Filippo Valsorda +(cherry picked from commit 1c9abbdc8e9032cd613bd147c78b166ebacc8a2e) +Reviewed-on: https://go-review.googlesource.com/c/go/+/741180 +Auto-Submit: Michael Pratt +(cherry picked from commit 6a501314718b6d69bad1723b3065ca6067b560ea) +Signed-off-by: Deepak Rathore +--- + src/crypto/tls/common.go | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go +index 299d6f32cb..348bdf0866 100644 +--- a/src/crypto/tls/common.go ++++ b/src/crypto/tls/common.go +@@ -595,10 +595,13 @@ type Config struct { + // If GetConfigForClient is nil, the Config passed to Server() will be + // used for all connections. + // +- // If SessionTicketKey was explicitly set on the returned Config, or if +- // SetSessionTicketKeys was called on the returned Config, those keys will ++ // If SessionTicketKey is explicitly set on the returned Config, or if ++ // SetSessionTicketKeys is called on the returned Config, those keys will + // be used. Otherwise, the original Config keys will be used (and possibly +- // rotated if they are automatically managed). ++ // rotated if they are automatically managed). WARNING: this allows session ++ // resumtion of connections originally established with the parent (or a ++ // sibling) Config, which may bypass the [Config.VerifyPeerCertificate] ++ // value of the returned Config. + GetConfigForClient func(*ClientHelloInfo) (*Config, error) + + // VerifyPeerCertificate, if not nil, is called after normal +@@ -616,8 +619,10 @@ type Config struct { + // rawCerts may be empty on the server if ClientAuth is RequestClientCert or + // VerifyClientCertIfGiven. + // +- // This callback is not invoked on resumed connections, as certificates are +- // not re-verified on resumption. ++ // This callback is not invoked on resumed connections. WARNING: this ++ // includes connections resumed across Configs returned by [Config.Clone] or ++ // [Config.GetConfigForClient] and their parents. If that is not intended, ++ // use [Config.VerifyConnection] instead, or set [Config.SessionTicketsDisabled]. + // + // verifiedChains and its contents should not be modified. + VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error +@@ -825,8 +830,15 @@ func (c *Config) ticketKeyFromBytes(b [32]byte) (key ticketKey) { + // ticket, and the lifetime we set for all tickets we send. + const maxSessionTicketLifetime = 7 * 24 * time.Hour + +-// Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a [Config] that is +-// being used concurrently by a TLS client or server. ++// Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a ++// [Config] that is being used concurrently by a TLS client or server. ++// ++// The returned Config can share session ticket keys with the original Config, ++// which means connections could be resumed across the two Configs. WARNING: ++// [Config.VerifyPeerCertificate] does not get called on resumed connections, ++// including connections that were originally established on the parent Config. ++// If that is not intended, use [Config.VerifyConnection] instead, or set ++// [Config.SessionTicketsDisabled]. + func (c *Config) Clone() *Config { + if c == nil { + return nil +-- +2.35.6 From patchwork Tue Feb 24 14:31:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81758 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CE46F357D3 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21683.1771943590316227809 for ; Tue, 24 Feb 2026 06:33:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=slm3YEqv; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4806bf39419so49255935e9.1 for ; Tue, 24 Feb 2026 06:33:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943588; x=1772548388; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8Fg55gEiTJ/sGs2zhR5CQ7Kx0qC0plXmW94Cv3oC1aU=; b=slm3YEqvTVz4800ry0tGu4aHdgTohpv4PUelwi3B3Oqhmd7oW907UTffYa/JqG0gtD S/BXFSyZepzo8uiPlwBhX4XKyAa+10Gn1g9l22d8tF+YyiAWeq8hVPtQw2SIuNHaICYf 1bMUYI0zUfmaNl0e0t34wUu/1HXS+1eAfP/Pk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943588; x=1772548388; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8Fg55gEiTJ/sGs2zhR5CQ7Kx0qC0plXmW94Cv3oC1aU=; b=SSBtVY7QKNwqMY5RYToSyCx8Y2rCfdbvAUGhGIbpfsS5bId/4dlBK62F4j5OrswHT6 RTiZAM+2jYi5FiPMkcjpU1WE9ab1IU4+BOvPd+g7orBhjfgESsoswReUT2CG5W1IElqo jCBchGfAQ6eg99K86KN1ZXzOwENjscO0UFtUX7Vf1Scz+qSQdW2dTyMkp0RFsXkx1W3s oYgdY3N9ZnH4aQ/Qc7vJQ7Ts9+vBwX0/L1TVeg7lZ+yunXtyFymFEY1p4BKkaVNK0YK+ GsuxMmNsDbDyyaoth/YX8XdVwvWRghOXTvloZ/HKAlFcrlak2JoZhPkPysFPbP1UZaSp 7U9Q== X-Gm-Message-State: AOJu0YzLD3AHLisbCRkMOmJ2KG3f3SePU098Z91T/0Q1zRJatTXFjpdF hQ+WBMeWmE7puj2i9KC/S13sFdmSs8WbgTr+u9NKmlGXTyv4FWPCEaOVumfTiz0ZAfhGgF1Mx3g 8xVD+ X-Gm-Gg: AZuq6aKNYWbEVugTEiTfR0XtfZLS55lj4U1houf57x3hmIRuSNn4oAf6rfhoqKpiF8i 81loMoV4bYXXojgwd6HFLsIaIcwgO0Mo2+cnESYCE//3kkuUaaIyZg4KNVoZFzAKzrk5iS+Dkpa 4f164IMzhoJ091dXTNBLPB+Sdac00Bhkm5GouWx1og9CwWO5JbT/Dha68eFAXMtQvg7K903vLoh bqKPCyeKoeVA7yYufFw1oTxDnHKXhDBAwtKcVxVbDqdk0fWFfA//Gs9K1kqE/JJ+N1LmaHKky46 +sNubvG99b+/UIxGRwg5ljT21EwPy9NUVSQz5t/hL42HR4rl+TxSOiOeeD6XfcrZTYbQuGBaLuU Ej7x8yLCSH9GfFyTdKPZbKZGTImaSmBFAN1WCc1atis3iIbP2gwwgflsKmrjhM/muV14ihoNtWf OaITfeCwsyj6p2kFnoD1RGqflCZjK8+p+jxVEyHeWLQV1Rk9HKLckLgrUaP5ITlCkqxL/PIgOMQ d48ShVTR7BpCLmM2AyBsUROiQrRdTFWsw== X-Received: by 2002:a05:600c:530d:b0:483:78e7:ce15 with SMTP id 5b1f17b1804b1-483bd76b9e1mr2128505e9.13.1771943588405; Tue, 24 Feb 2026 06:33:08 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:07 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 27/44] bind: Upgrade 9.18.41 -> 9.18.44 Date: Tue, 24 Feb 2026 15:31:55 +0100 Message-ID: <9a57aa1e4fc56a3f4a703e82ba28bbe208a48927.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231834 From: Vijay Anusuri This upgrade fixes CVE-2025-13878 Changelog ========== https://downloads.isc.org/isc/bind9/9.18.44/doc/arm/html/notes.html Signed-off-by: Vijay Anusuri Signed-off-by: Yoann Congal --- .../bind/{bind_9.18.41.bb => bind_9.18.44.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.18.41.bb => bind_9.18.44.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind_9.18.41.bb b/meta/recipes-connectivity/bind/bind_9.18.44.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.41.bb rename to meta/recipes-connectivity/bind/bind_9.18.44.bb index a83ec29bb47..d424edcb4e2 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.41.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.44.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "6ddc1d981511c4da0b203b0513af131e5d15e5f1c261145736fe1f35dd1fe79d" +SRC_URI[sha256sum] = "81f5035a25c576af1a93f0061cf70bde6d00a0c7bd1274abf73f5b5389a6f82d" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 From patchwork Tue Feb 24 14:31:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81757 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67817F357D1 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21684.1771943590901108702 for ; Tue, 24 Feb 2026 06:33:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=nBbEgKd7; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-483770e0b25so50472275e9.0 for ; Tue, 24 Feb 2026 06:33:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943589; x=1772548389; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ObfVx3yNX68SgTyXkEUqKEGGNcxres/i24gdjqf7bNg=; b=nBbEgKd7vE6jlq3pmYTohgzvui1/dREqnu2oUryMJm7PjTIfrgw9mYOa8yNjkHtf4W Qf82bIQzZKQpEPhUaBmvzOJFxw529bbovh0ixTrvLVFpE3/TN2Ra91lVgcBeb3pZ2I+Y Rp48FlTW7qwNWMG1atEQiFKmFT9nHRJs+x3Qg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943589; x=1772548389; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ObfVx3yNX68SgTyXkEUqKEGGNcxres/i24gdjqf7bNg=; b=X+fe5seIBx0XMzDJSj/zq/iBwQ6zXGHZ5bilJBO1IJpCPAY8kdQ2xA58V/zJ5UpjVk fziK7CtwPhVzq++eOMrzMv2yXvTMU8DZszC5xT5mkFq8cqxOVcafO8Wt6UFMSJtxW7ym CoTAu3I5MFK7GPLBxg/aRSF2FDmsJuPogbnLgAbegA5G9dYBWKFj0JxhobFqz85ibf3f NRrdye8aCxsCN70wgaBJUqA7/q10g13WD1J9unPy2XQXNNBl2Qq6omdBBOkDrtdG6WCA jSxKaXbMXt3ECaochY94OdNYXMxRAd2e5IKFcVbgQ359cuMClUO/S7ddHpxyFkNXPyb1 d1PQ== X-Gm-Message-State: AOJu0Yx9R0bfC4AAJiKm33fpvmgTfPVDZbXkVEQttMvKN45GvquG90Lq qtvVuF9LHZa27inKtl9JES1r1TJ6tCbuN/Af/bnewD4qEIcpmc+HAeV2hIcWtbsl0CwG4xx/a/J ZcwvfT3U= X-Gm-Gg: AZuq6aImPB5NYdM4aj03O7FSQYNvHzBELj/PKJ8GGrE6fjE9XboOgRye/5aCjjpRzsW Gxz6FTH3x2mUusk/471HdIGPH9nKF0jK1oGO+YXFDgV1aZ1VdoMnqEgX1Pd0FROeVqe64h3xex4 9AKC4tlx4HiXm437dFYmykaVhCTHp0mCumaqTLnS8jjwo+meRvGM1HG1UFwKu0UYhB1GFua7Tf0 dJnah80jgHY9ebSPG22bvIC0QEI4wcJzsL5AEemrW3fxV+7Qx3cAGMUontFoFatYb462dNbDv/0 dsag34dSbiikQbncXCHLFhMQBvZwxlK+4Y5wSEfj1BH2cqxy2+f/1HX5MjGYTzWDwFQIHFbLGUu lgIpTDZFkitFFMJ6HPbChzlFCh1UH9eOZUW/1aTxeTbxVKQCCJspT6sxXS7KKEUShV08S9MoaIL S9g9CpsNWoHnTcIYtppyW8BfuDtY95EacBnWzV94AnAd+T2bVdYwZkMMFfUeuCacuIdm9IIitNR Jdts2WcDB8R//COVLtyubQmL8Rw6NNSDg== X-Received: by 2002:a05:600c:3148:b0:483:456a:5146 with SMTP id 5b1f17b1804b1-483a96379e7mr205774325e9.25.1771943588974; Tue, 24 Feb 2026 06:33:08 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:08 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 28/44] spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX Date: Tue, 24 Feb 2026 15:31:56 +0100 Message-ID: <4be220ef9af2a533d1b7ecebd63c8b1922ea5188.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231835 From: Benjamin Robin (Schneider Electric) Currently when generating an SBOM, all packages have the 'doc' feature indicated as disabled. This is in fact *not* a feature that was declared in the recipe, but instead the documentation of the PACKAGECONFIG variable. But to be safe, if somehow a feature is named 'doc' and enabled, do not exclude it when exporting PACKAGECONFIG features to SPDX. Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 933394adcb0d2db66ef7e0656a464241e58ec2e7) Signed-off-by: Yoann Congal --- meta/lib/oe/spdx30_tasks.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index a3d848ceb1f..a8970dcca0f 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -811,12 +811,14 @@ def create_spdx(d): if d.getVar("SPDX_INCLUDE_PACKAGECONFIG", True) != "0": packageconfig = (d.getVar("PACKAGECONFIG") or "").split() - all_features = (d.getVarFlags("PACKAGECONFIG") or {}).keys() + all_features = set((d.getVarFlags("PACKAGECONFIG") or {}).keys()) + blacklisted_features = {"doc"} if all_features: enabled = set(packageconfig) - all_features_set = set(all_features) - disabled = all_features_set - enabled + disabled = all_features - enabled + all_features -= disabled & blacklisted_features + disabled -= blacklisted_features for feature in sorted(all_features): status = "enabled" if feature in enabled else "disabled" From patchwork Tue Feb 24 14:31:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81756 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52334F357C2 for ; Tue, 24 Feb 2026 14:33:12 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21685.1771943591419116270 for ; Tue, 24 Feb 2026 06:33:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=dyUY+/1f; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4834826e5a0so69580865e9.2 for ; Tue, 24 Feb 2026 06:33:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943589; x=1772548389; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mvCN7cs8APyUxlH9nkWDKXo/sLqGHirXZEGQisX2PXA=; b=dyUY+/1fE+AbkYT/wdSY7dB4cfi50hBzyKk2zKtvk3CYc9dYpOXEDbGH+CVdT7n8qW Jv70KIqvsLTTr9e+ooelzvdQOxHbFOTV5DuS79ZVEGbSSqTugHIdUL3Uw/GzKqp1HWPb RDkahoZG24aOI8sWqISrcPFu35ys57ie7ohwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943590; x=1772548390; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mvCN7cs8APyUxlH9nkWDKXo/sLqGHirXZEGQisX2PXA=; b=BEDhUODVns6V4H1av3NeptaqeHGQIoLaJ/8EakqXKlCtjU779jPXjwl1OEKMbUa//d rlsbpfHaqcj8koRAOUoWJY9bcsIxWwGa8pT5esAQwFQGUqsJAM5bAtlf7nDIb88PdZUQ 2V4J0s0IhAintGOB/BjoYLhtogskRMxRTkFMz0DE//OFExPmJD+fb+2gafPYh61d2xJ8 mxWhBHI1qBOT+Rbt6S7FZhp6DmGUGaqdjuqfGTrWMie/Os93OEAH3GVlLbLoopHO62to uW7H3fm3sqFFAWR5kGS8xoDPclhn0azKu9xbefX3yTzIorDWQSWtoeju+HKaBO52tPH1 aBSQ== X-Gm-Message-State: AOJu0YxpdvIatjiZM5zpHbGSg8ahbvuSlMxErGd9RnyYqj5iGdmEr6Iq OY588Wjj4Pp11DcRgct5azPqC68OA3JPsFguZwAPCIfzhmq6O+U4PFQEZoNjhbhCSVMQz1eYzH0 rSZGh X-Gm-Gg: AZuq6aKbIvhX4xP5a/6IXdvrLJtid451SvpIuETKwwX3XlPevm0Itl5K9fsIce2GlD9 SM93RYOloSENtbxwHNHDyVBDa9/hufDmFYPH3iM5vweGDWUuGzYIiM4kJOi/2oA62wlEXFTZChd U9yPdyxvqFcux9GJmkPaqT/f78h+OuHEiMy7+KtsAij7qaZ9/UHGBGm7vMRVeOi/kuAtpfUOzHS FZZVO532AGdaFDVEx/i5xdTG69beifMjfZn6/nK3RCnPus94aqAknONQIAHV44WhDMa/OFa0aFJ yjiehxydzYmIvFDS5vl1677/+VE+YJfTJS0p2Xr4xCNAblSH3yHLnmys7JzvhkBN7pyvla/dD/X coy+Rg1IU/mpuBkS7/ZtyYzEkNjAaaYScy/a7Q7JwhgeKohPArZdFA6QTvWTEZmRwG8CpAH0qDw 9LEaoN3F790ciLBSyAb2LLgXA7wvsnNXu/CPJP6J//6MK2J4daDDQpUcWiJ/UhiLCsp4nJKJg9/ J7pZhaBQIg/QlpkYraYQ21g+O7wLfoE0w== X-Received: by 2002:a05:600c:6206:b0:465:a51d:d4 with SMTP id 5b1f17b1804b1-483a95b6debmr196087775e9.6.1771943589546; Tue, 24 Feb 2026 06:33:09 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:09 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 29/44] go-vendor: Fix absolute paths issue Date: Tue, 24 Feb 2026 15:31:57 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231836 From: Richard Purdie When building with the class, avoid errors like: "sstate found an absolute path symlink /xxx/vendor pointing at /xxx/import/vendor. Please replace this with a relative link." Use relative symlinks instead. Signed-off-by: Richard Purdie Signed-off-by: Thomas Vandenabeele (cherry picked from commit fc4f589cc7a8e5feba7940ccb244a74bd5f96371) Signed-off-by: Yoann Congal --- meta/classes/go-vendor.bbclass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/classes/go-vendor.bbclass b/meta/classes/go-vendor.bbclass index 1bbb99ac794..e58cfaf0e14 100644 --- a/meta/classes/go-vendor.bbclass +++ b/meta/classes/go-vendor.bbclass @@ -70,7 +70,7 @@ python do_go_vendor() { if os.path.exists(vendor_dir): # Nothing to do except re-establish link to actual vendor folder if not os.path.exists(linkname): - os.symlink(vendor_dir, linkname) + oe.path.relsymlink(vendor_dir, linkname) return bb.utils.mkdirhier(vendor_dir) @@ -202,10 +202,10 @@ python do_go_vendor() { symlink_target = os.path.join(source_dir, *['src', go_import, replaced_path]) symlink_name = os.path.join(vendor_dir, vendored_name) bb.debug(1, "vendored name %s, symlink name %s" % (vendored_name, symlink_name)) - os.symlink(symlink_target, symlink_name) + oe.path.relsymlink(symlink_target, symlink_name) # Create a symlink to the actual directory - os.symlink(vendor_dir, linkname) + oe.path.relsymlink(vendor_dir, linkname) } addtask go_vendor before do_patch after do_unpack From patchwork Tue Feb 24 14:31:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81770 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4920F357C5 for ; Tue, 24 Feb 2026 14:33:22 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21687.1771943592514320116 for ; Tue, 24 Feb 2026 06:33:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=O5KKhYRI; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-48375f10628so36363495e9.1 for ; Tue, 24 Feb 2026 06:33:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943591; x=1772548391; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Qqel6sAlmu6KUUVJwAC3aNfAHi1TsGIXY1XdgCHWSBQ=; b=O5KKhYRICHCyig+vLgqL2HQ6NKw5dcVn3fK1nbGyGmqw/lXWkKDFVeBC3melgEUACz m33aZZywOoiawcRBlO9oWJpxyVvy74ZbXy6UpSTCDUvMS1jZ6T7dcKl4dEuKQ4FBQBER QKiUfjWZwc9ynhT8e4oBXa613tkeGZTAkRgzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943591; x=1772548391; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Qqel6sAlmu6KUUVJwAC3aNfAHi1TsGIXY1XdgCHWSBQ=; b=R84ED5C1riGeq8PU6pxyyIPc4h9L6MEnNuCwYjA6FfVOrpzb2ioHnEY/tLrvE6G4Ug lLcDaiqcggJt7TPraJEl9LHOldq7x+4ohwX93zXqLTcBfvOzHP3IRnzcnrEBfp0UBXSa OIY4QSUDsbBXqQ/x+FIstaugHdgCZQayOossJ7DZ6BTXxIRVsoHZVv/ob+Xx31Ukc9Cw y+neEwNYfXurDRjsAaVOlwFU8pYA9fU/pQZnDj97KxWqnNYk+KjTCjeUhPM2ZivpMdE3 xLCjM7zT9+Yj4YiVoYRDrlhOcCr9/ce4UwmM5DNPkdy7nUM+HuEZk1NTYIqGb7TEljqK wqqg== X-Gm-Message-State: AOJu0YwwPPZCPjxHWFyzrRw1d3EGW2/HlBim444gP+zE/QT/yj5JjmhW Of3IFwcpyZpKCH6kFYPvYMSG9jkkiwPSKxf8JxluYx+j+ypJ1y/itS2LplZjdCi+ABfsoSRG3Dv g4Qi/ X-Gm-Gg: AZuq6aKvM//SDFrLfROalXWQDsTjBWkOk5vPqipZyVI7rKnXM3U4Jx5vKswLO4u4low sWbISRqnaQhwGpyXunjw35MfrdnVSXWrQc6nFYsiwfcPbQrPfKYWoBkFK4juyRiOCxXUn49J6gG tKSJ3pN177vqWTNA/bJQ4bLC5HccljYCt90Og+c07p9fSm0h8ZRfWgJlfhMPBxae1SpNQCQid+4 I5zxYO/XxkQJfKL9iqxFT8F8AGONvIyMWyQsbNVhfunpxI96AtAgJxKgkt66ayXKwEiRUPdEtVS uIXjR2ETbE/kHeQzV0mn3mUM/AQsaMZTs2SI2RyW9W1W6x82PZ/c5PpSF3hJ6VpontnTxJiG1a+ nq+yMGoSmJwDwPRzvMOHRh1PcCXJX3dxG92iDADRN749T2ZfHUiMXzHOpdmaNYOfC3xGfh5vgwu T0lcu4l2jTA7NNq89QShHZqxYELXRyP4lLntLvN+wxaRE+0UhDrm3RacCYYAh6/WHcm+L2AaR8r C9f1RFFs1+7Z6UloTn28ei7mKGDuUBF8JC77q4On3Vp X-Received: by 2002:a05:600c:3111:b0:483:612d:7a9a with SMTP id 5b1f17b1804b1-483a95622f5mr215154135e9.0.1771943590527; Tue, 24 Feb 2026 06:33:10 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:09 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 30/44] libpng: patch CVE-2026-25646 Date: Tue, 24 Feb 2026 15:31:58 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231837 From: Peter Marko Backport patch mentioned in NVD CVE report. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libpng/files/CVE-2026-25646.patch | 61 +++++++++++++++++++ .../libpng/libpng_1.6.42.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch diff --git a/meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch b/meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch new file mode 100644 index 00000000000..5fbf5eb0f75 --- /dev/null +++ b/meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch @@ -0,0 +1,61 @@ +From 01d03b8453eb30ade759cd45c707e5a1c7277d88 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Fri, 6 Feb 2026 19:11:54 +0200 +Subject: [PATCH] Fix a heap buffer overflow in `png_set_quantize` + +The color distance hash table stored the current palette indices, but +the color-pruning loop assumed the original indices. When colors were +eliminated and indices changed, the stored indices became stale. This +caused the loop bound `max_d` to grow past the 769-element hash array. + +The fix consists in storing the original indices via `palette_to_index` +to match the pruning loop's expectations. + +Reported-by: Joshua Inscoe +Co-authored-by: Joshua Inscoe +Signed-off-by: Cosmin Truta + +CVE: CVE-2026-25646 +Upstream-Status: Backport [https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88] +Signed-off-by: Peter Marko +--- + AUTHORS | 1 + + pngrtran.c | 6 +++--- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/AUTHORS b/AUTHORS +index b9c0fffcf..4094f4a57 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -15,6 +15,7 @@ Authors, for copyright and licensing purposes. + * Guy Eric Schalnat + * James Yu + * John Bowler ++ * Joshua Inscoe + * Kevin Bracey + * Magnus Holmgren + * Mandar Sahastrabuddhe +diff --git a/pngrtran.c b/pngrtran.c +index fe8f9d32c..1fce9af12 100644 +--- a/pngrtran.c ++++ b/pngrtran.c +@@ -1,7 +1,7 @@ + + /* pngrtran.c - transforms the data in a row for PNG readers + * +- * Copyright (c) 2018-2024 Cosmin Truta ++ * Copyright (c) 2018-2026 Cosmin Truta + * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson + * Copyright (c) 1996-1997 Andreas Dilger + * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. +@@ -647,8 +647,8 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, + break; + + t->next = hash[d]; +- t->left = (png_byte)i; +- t->right = (png_byte)j; ++ t->left = png_ptr->palette_to_index[i]; ++ t->right = png_ptr->palette_to_index[j]; + hash[d] = t; + } + } diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb index 0e375a0ce84..7471315fddc 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.42.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.42.bb @@ -23,6 +23,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/${PV}/${BP}.tar.xz file://CVE-2025-66293-02.patch \ file://CVE-2026-22695.patch \ file://CVE-2026-22801.patch \ + file://CVE-2026-25646.patch \ " SRC_URI[sha256sum] = "c919dbc11f4c03b05aba3f8884d8eb7adfe3572ad228af972bb60057bdb48450" From patchwork Tue Feb 24 14:31:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81773 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E15FDF357D5 for ; Tue, 24 Feb 2026 14:33:22 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21688.1771943593202420144 for ; Tue, 24 Feb 2026 06:33:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Rj1/UNje; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4837907f535so50166905e9.3 for ; Tue, 24 Feb 2026 06:33:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943591; x=1772548391; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jqhnSY3MLjisje7z/DW3OoTCFPkSZL+Si/7KSWZ4WMI=; b=Rj1/UNjefVeaIKBbg1nUvge/9baRzZX5FE+yEyHHuyTLpF8rj+H2wY6vFNRbNNRErG L2mcuyeoAXitFPhR7/+s5Uv+E2K+LLiQOBT1JZTNcHhyPpc0UJMBZ5JoynRMkRCkEI+i Ffv1dv6fezOKMnhPkP3XB6Bi11r3DtSVK9xBg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943591; x=1772548391; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jqhnSY3MLjisje7z/DW3OoTCFPkSZL+Si/7KSWZ4WMI=; b=NNK2Yhr3YYAIURths1BCAKoY7iKnOQ29TJK2QEPifizf8n7ATfaEOnNdcsQJ1Ph3Qg Qo+hqHpoQRKBc5O3ZdqsTNbqzL/LVkjTWcO82z0bat2ztIT34Sw2qiOGatmqIPPXLfEK +YGVJdAT/vJZ9X5HS7T72W3R8vt32w8GI7BB33KhBnjtndpiDiZ6nlfDg+57KViBmbnb sj8YSqRpZVZ4bUB0cMWute5Pl+++ONsjUAA1BKXs+cRtd8fp/mXlJUjk2yy+inNf81yK mHt75iNvrEcWjTpL4kvxQAJNaaQeeISFP6cIqrqYX7bHqquTP/gYFPZhJjroPuH/3jDL DJCw== X-Gm-Message-State: AOJu0Yx7unsrTBBo9V8PuyCzXJxri7Wn0zXGxlPO+qjLgtKMu/oBgv5g qJQSZzHpIG8QyJofPaaV4tW9tN0R4pkIxKfBhc9WhmDC6lR0T1CKkGeHA8Jyogh9MF7akdQwaN+ 06hrP4Mo= X-Gm-Gg: AZuq6aLzkTzCMSR1ktNIlqZO/BHI/KkQz8y86FvBNbU6zoO/yO4aOkoTuWTsrDpjUg+ 3rPz2c/KpcJ6Z6P5tANOJS+Y7CMaCo37yMbBsahduyxCDP89BEXbynbNdoe1QFfyT/6STUR2wnN /CSqDFXTWPXwLLWAfT8mw4H7QeE5HHqVU8Ss8YsAUkSoac1+2Bn3bCQwqyR2fLbfKUGnqSH6yu/ XyazhJAaOhM1fsNx3azM04OnQSKjq6DZhiY11wn8nhI4z2qeaXE8lYJlAPvkGT/8CBkTL2dmd1I bwRUjM5SJzwMK6mY66RHlf6yTGGHu40z4u0E/JhsQ3Jomw4KTDdzm3TbNII2fZsMPeMTRCLTuhQ XaCMPq1h0BTGDBOXaEb6V4dDJlqlUe2caxg8JWVScMti8C8KRK+3vl7U6MzXLbiclnToR+Clbx5 zPkPq7sbOreyQgjCCkgC0ViNkPpfhmwQ4Vj3+HEFfom9RQ6uc9NIQpg/c/jSC/4+D8/fhCqPdQw LQNXgNa3HgzIbmd3I09O2s7Ck3PE6BTMnfgueZXf1VM X-Received: by 2002:a05:600c:608f:b0:477:7ae0:cd6e with SMTP id 5b1f17b1804b1-483a95bd7e8mr201405395e9.5.1771943591151; Tue, 24 Feb 2026 06:33:11 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:10 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 31/44] classes/buildhistory: Do not sign buildhistory commits Date: Tue, 24 Feb 2026 15:31:59 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231838 From: Fabio Berton This change adds the --no-gpg-sign option to prevent buildhistory commits from failing due to GPG signing issues. Depending on the setup, buildhistory may fail to create a commit if the user has the commit.gpgsign option enabled. For example, if the user creates a signing key that requires a password, the commit won't be created and will fail with the following error: / |error: Enter passphrase: Load key "/home//.ssh/id_ed25519": |incorrect passphrase supplied to decrypt private key? |fatal: failed to write commit object \ The bitbake command won't fail, but buildhistory won't have a commit. Also, the commit may silently fail when building inside a container due to missing packages or issues with accessing the GPG agent. This is similar to [1], and signing the buildhistory commit should be avoided to prevent such issues. 1 - https://git.openembedded.org/openembedded-core/commit/?id=7595a0a63a933af9dd9d1e458dc34a4ba80d9eae Signed-off-by: Fabio Berton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit a5e18714aee52db898aaf9d222fb5a4168bde96e) Signed-off-by: Yoann Congal --- meta/classes/buildhistory.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index 0b1bd518fef..954edfe46ac 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -841,7 +841,7 @@ result: $result metadata revisions: END cat ${BUILDHISTORY_DIR}/metadata-revs >> $commitmsgfile - git commit $commitopts -F $commitmsgfile --author "${BUILDHISTORY_COMMIT_AUTHOR}" > /dev/null + git commit --no-gpg-sign $commitopts -F $commitmsgfile --author "${BUILDHISTORY_COMMIT_AUTHOR}" > /dev/null rm $commitmsgfile } From patchwork Tue Feb 24 14:32:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4DBEFF3C989 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21477.1771943593784356537 for ; Tue, 24 Feb 2026 06:33:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=1HQd75lA; spf=pass (domain: smile.fr, ip: 209.85.128.67, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f67.google.com with SMTP id 5b1f17b1804b1-4837584120eso39312455e9.1 for ; Tue, 24 Feb 2026 06:33:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943592; x=1772548392; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Czrsdx8cR+HwVRCm9by13O04s+ym64dYYpxtUrr2ze8=; b=1HQd75lALYTG2ETTECNYuBkjjtJ1bPk0N0l5XHNl7Una2/pGD5kgVhh54gc8RTMfFv Ary9icxXb0tehpQ97CFDX2EiVkfy0iFVUgLuc/oPqXB16PRa15txtIVM2E5gB3DxOgE7 NgASR7eREfLSEn7YMAnJS73Q+itAZfxSL/M7k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943592; x=1772548392; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Czrsdx8cR+HwVRCm9by13O04s+ym64dYYpxtUrr2ze8=; b=HRNWYzUl17sgL5kodeF6SGDAaUculpl1vlr3yHPH8H/pjX9rsrn0NnATFPrErlscMP w+d09/LirqV85ZQDqpcOdjw07qndNJRTpBz0pGl4Thp703dtX2TXhV5pB/kjFpqcUWwn 6KQkgcR9KtoLYbBJPaORLyVhyOrU5rMbNyVeid7Eqmd0UzxO1wDkuprkyATIc0ggExJ8 oZIDQ2NX+cMa5G9ohT3No2BdLQwmnwGoZeihxB7+F5V2B6DoOqAM0Ko4/LVKIto2wBWm JyJLDOXROuRqdYz/9zhzZ0OYcE5Rci3ykLSbHm9dGXzqi4efI1LqqKS5hzx9Bxh5tC8e kAIQ== X-Gm-Message-State: AOJu0YyaKfDp2YeFmLPpW+z+pLzMIDnSEXNybfWGBm5+MOYkTsVLbTK0 oyj/fEl1hTiCxbDBITc54+y6iuuQ+ULAY64kXgWPT4QN9Y2TsoLVULQ0g9wl7PGZ0CGwgzRNhmS U9IPYSko= X-Gm-Gg: AZuq6aJ5oo3aEwydmAOTS4O1ljNWywnhiWEW1rvMvcR4b6P0KEmxVZBgD0TZNSpTc5D TNC7SwSj7vI6EOZBs2XFHOlb6jbtdBFEG11Eka8tkes4h0l6848OKl3lh2myskdtAkzBw+4pxx6 a5+EUBCJcan4TKZVopicW9LYZzuTfGNrhZsuDSZvTNbBs5nuIkumFCySvsjjrK7Na4jm6JhDSCb 2jqi9nU6lK3okaz1UBBDhJj55pPR6JHRyhhja6laqqUKIX3ELyPBehqeNZLXffHdawuUdR6nmeg 3uBEdDNmfNTee+AIo/WvpeQwb4aXvu01UVMwO2iRHZp9hAkr+jRF9ZvbjmePEYo9wkZ0iJ1Sdn/ Fw/mM3Xxhpj+IvDGf/MkMv/R6WS405gSKF4n3YaOYuC+hNlodnD/Uup/P1vibHe2py7vFkbhC17 thXup/QriPfSPzsLZ0CgApgrqdoacVFoASGyf0nmkZvNqr8vIKaLLCLDVLjPQRSphhpB8P1Uh92 d6+rvb9FDJbjZsVh0lSp51/jfiYPXJ6CA== X-Received: by 2002:a05:600c:858b:b0:483:badb:618f with SMTP id 5b1f17b1804b1-483badb639amr24827645e9.25.1771943591864; Tue, 24 Feb 2026 06:33:11 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:11 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 32/44] openssl: fix CVE-2025-15468 Date: Tue, 24 Feb 2026 15:32:00 +0100 Message-ID: <0a747181eaa1767e7cf00858118a7305cc028197.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231839 From: Hitendra Prajapati To fix this issue, Add a NULL guard before dereferencing SSL_CIPHER. Backport patch from NVD report: https://nvd.nist.gov/vuln/detail/CVE-2025-15468 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../openssl/openssl/CVE-2025-15468.patch | 39 +++++++++++++++++++ .../openssl/openssl_3.2.6.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch new file mode 100644 index 00000000000..dcd862bedf6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch @@ -0,0 +1,39 @@ +From 1f08e54bad32843044fe8a675948d65e3b4ece65 Mon Sep 17 00:00:00 2001 +From: Daniel Kubec +Date: Fri, 9 Jan 2026 14:33:24 +0100 +Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before + dereferencing SSL_CIPHER +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes CVE-2025-15468 + +Reviewed-by: Saša Nedvědický +Reviewed-by: Tomas Mraz +MergeDate: Mon Jan 26 19:36:04 2026 +(cherry picked from commit 293b55de0c434a99d0e744d0521170ca280606a9) + +CVE: CVE-2025-15468 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65] +Signed-off-by: Hitendra Prajapati +--- + ssl/quic/quic_impl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c +index 98b6a0a..4abde64 100644 +--- a/ssl/quic/quic_impl.c ++++ b/ssl/quic/quic_impl.c +@@ -3646,6 +3646,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) + { + const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); + ++ if (ciph == NULL) ++ return NULL; + if ((ciph->algorithm2 & SSL_QUIC) == 0) + return NULL; + +-- +2.50.1 + diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb index 4756f5aaa65..572a12aae8d 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb @@ -13,6 +13,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ file://CVE-2024-41996.patch \ + file://CVE-2025-15468.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Tue Feb 24 14:32:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D8E9F3C986 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21691.1771943594221448611 for ; Tue, 24 Feb 2026 06:33:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=TxuG0Jz2; spf=pass (domain: smile.fr, ip: 209.85.221.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-4359a302794so4199187f8f.1 for ; Tue, 24 Feb 2026 06:33:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943592; x=1772548392; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FOT1f3fzl6+Qu6cba1Ww2bYj2JqYRUiN29/qSLYTER8=; b=TxuG0Jz22MMghb2ismMLnSFLfFrJeFbdvcp5p21ZbUaSxvmfMzaq8p3u7lnWGm0sg1 amUmJI3RYKa4nvDV9DmHKoQMmAqUtxGChVkRTL9MfABnSmcvbkn32aeFI42VdTUjxWU0 SUra5lPlP67voKHBZwwpWBFoiKeB9Z6jfpVCw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943592; x=1772548392; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=FOT1f3fzl6+Qu6cba1Ww2bYj2JqYRUiN29/qSLYTER8=; b=Z2O2mkaRZnlwBm8Npto8a6hZJW+HjNl/wKb0OMCUtfUALHMLX7iwWg81wCL2Ir1KxQ 7tCXk+PtApmpenUBNfB3fY9Ebx33FqGlEuyYjMv0M5thrvjNX+RXNLk4fSgGAOmVssmN nL/IvPWDA4e3dXJDl2gffortaS8BpmygkbNMpyYZ8Z5nrhy4Hpp2HshjEztZHTbNO7AH Sp3Zpnsg4LqnUqSrm5ynAJ+Wsjz5nmuEshe2v7fyrp4IeEBzcanE3kzd445ncNbxZdyA f4yJk4FZGPdf93HmJPPtPGHTb2NiuAuI9L9uhD0Y1iR1u/vmY0uUJbsSg/sleGTWENZa VF5A== X-Gm-Message-State: AOJu0Yw69ggSCAsiL8vVyU/n2xVYMSyN9XgZS0P/KyL1+XnHnEn5uhbP vPgibvPalZFVioiaTsNorPR9aDzDksrxr2ii7FJwVnbuG9X+2U0nB7V0OTNqWJ47C2m2kGHBCj8 4yX/a X-Gm-Gg: AZuq6aJuPi4LzYC9XH7RNd0RW7G9B9SeVNSwVHnwN6NjaijldLqrbEgxPEsLV6hpKmD KrIdwe4WzsfSGaOK4Onudo9KxWOkou8GqfDCdKDygRUJO/uMtbgERRzN50xTu5VrEh/VnQWdXza QGNJv2LB5H+nxe8CXqAZRiDSEspK/6fqDoANSQ5T3TwtngJp3WUbeQu0XWA6Na+BYheLKCjiTR9 r//WW/9Zs/CAuPeW4GDvbKmocgbIWzpPQy4ux2hdFPVAVZ6N/PhGheuyke120uPpW7X7MOXXEze XBbSZs20Z4dmqcrtZjC7+lz23fGFnOIojT5Zs+v8AWrQVF+Z9NOOfAy1WzdkNqk1U2Wlx+K1QnK oF9FgjBtqlIoXTouEsY1o82vmXQJRD134RxSgKip5NJoQ1L3U4ckssJF1C2lwX1a4+CDGZKYPmg k7DWAY3u1U+yBcewbO/mdfS7RcRJNKXKfbciK8RR7cdRPJVXdxNP/kjxezipws1MZxD3Yn4xW3j MOwmZfSLDiuq/Z7L8v08Q61J6qR3YBsQg== X-Received: by 2002:a05:600c:8b2a:b0:47e:e78a:c834 with SMTP id 5b1f17b1804b1-483a96148a7mr187920455e9.34.1771943592372; Tue, 24 Feb 2026 06:33:12 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:12 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 33/44] openssl: fix CVE-2025-69419 Date: Tue, 24 Feb 2026 15:32:01 +0100 Message-ID: <24621a87d5856cc511eebdbe26cc19158d3b0d2e.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231840 From: Hitendra Prajapati Backport patch from NVD report: https://nvd.nist.gov/vuln/detail/CVE-2025-69419 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../openssl/openssl/CVE-2025-69419.patch | 61 +++++++++++++++++++ .../openssl/openssl_3.2.6.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch new file mode 100644 index 00000000000..dcfdba82acb --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch @@ -0,0 +1,61 @@ +From 41be0f216404f14457bbf3b9cc488dba60b49296 Mon Sep 17 00:00:00 2001 +From: Norbert Pocs +Date: Thu, 11 Dec 2025 12:49:00 +0100 +Subject: [PATCH] Check return code of UTF8_putc + +Signed-off-by: Norbert Pocs + +Reviewed-by: Nikola Pajkovsky +Reviewed-by: Viktor Dukhovni +(Merged from https://github.com/openssl/openssl/pull/29376) + +CVE: CVE-2025-69419 +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296] +Signed-off-by: Hitendra Prajapati +--- + crypto/asn1/a_strex.c | 6 ++++-- + crypto/pkcs12/p12_utl.c | 11 +++++++++-- + 2 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c +index f64e352..7d76700 100644 +--- a/crypto/asn1/a_strex.c ++++ b/crypto/asn1/a_strex.c +@@ -204,8 +204,10 @@ static int do_buf(unsigned char *buf, int buflen, + orflags = CHARTYPE_LAST_ESC_2253; + if (type & BUF_TYPE_CONVUTF8) { + unsigned char utfbuf[6]; +- int utflen; +- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ ++ if (utflen < 0) ++ return -1; /* error happened with UTF8 */ + for (i = 0; i < utflen; i++) { + /* + * We don't need to worry about setting orflags correctly +diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c +index a96623f..b109dab 100644 +--- a/crypto/pkcs12/p12_utl.c ++++ b/crypto/pkcs12/p12_utl.c +@@ -206,8 +206,15 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) + /* re-run the loop emitting UTF-8 string */ + for (asclen = 0, i = 0; i < unilen; ) { + j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); +- if (j == 4) i += 4; +- else i += 2; ++ /* when UTF8_putc fails */ ++ if (j < 0) { ++ OPENSSL_free(asctmp); ++ return NULL; ++ } ++ if (j == 4) ++ i += 4; ++ else ++ i += 2; + asclen += j; + } + +-- +2.50.1 + diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb index 572a12aae8d..074ab121316 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.6.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.6.bb @@ -14,6 +14,7 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op file://0001-Added-handshake-history-reporting-when-test-fails.patch \ file://CVE-2024-41996.patch \ file://CVE-2025-15468.patch \ + file://CVE-2025-69419.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Tue Feb 24 14:32:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81780 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37066EF06E0 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21692.1771943595187393702 for ; Tue, 24 Feb 2026 06:33:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SG+YlxPv; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4806cc07ce7so53775395e9.1 for ; Tue, 24 Feb 2026 06:33:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943593; x=1772548393; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=o7lBUKvpzKUWbIgi4UGfAVKNokrvGyoXbA+EI1eario=; b=SG+YlxPvVpg1+aW+UJuy3trKFxOKzeloHN5tpLU4U6rWJKA2VcAtZBsuRDJOwv8652 EFLsTXCb3StZMUwsdJSARK8YJODIzZvuJ7ZR3dE5t30sKGT+yE3EF1m7NaNGm88P6JDT beuQ/npKL+Lo8+3fMQPyze5uq7xXDPSueSPwc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943593; x=1772548393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=o7lBUKvpzKUWbIgi4UGfAVKNokrvGyoXbA+EI1eario=; b=lKyB0HOkE6CnrFrq5ntuYaFwm7bJo/zXmEi1EvfZFUMX7uDu1mxXLWY1PdhWvB7b3W VmuGzYEUr/oCIbitAeKxWs+F8fwG1wfd5WyG4viPAI1DfqPay6B0QR52u0UlhXzzRjcd IDztYsNRLb/sjpFYxazzRKHa4laVGTsoIzlsk1WFVSXdGbDhFBPHxHNbCZMXHd8Gm+lA KAmKutC9a7b0FGYT03aO25XrSytkM1zA1LT9DdssmSb1cQrFfFbRHrmUl3621iUgQ7Nq 7IlQ822nPyiqUMaEh/Y3vM75dPNLwpbpkuLJk3gvzKGDOl4L8h688BbfXnMima8ymx2Y P+6g== X-Gm-Message-State: AOJu0YxKng8l+meH08l7hA404hkpTFgHtjIcvFG2Y6SJwrQhisXgvaaE kGUbyv3FgQH4YnmAcY2M4n/YWHiCwxCNWLSemcmNFxbmhrAshP1dV+OGzafhbSlR2RRf9qk/vIc AAq9o X-Gm-Gg: AZuq6aIpaBFWszAC04w7h9thMnemTEv97dnyvLm8C/wNGPEUntWsPevbwuYy0qv8kLC etP0xFUVm7SEZ5SepEniysx9+wN2cNYoizOdGPpYBm4udofO5wjtPrJuezfD7Z9GeYnWA+SLGB5 a7q7WeDiBXaooUweNrltgfetIxw0ylyK6Cir7NhL1ggyzka3k6IVv41hWHrQOxKM9IJGpJKj4Xs 9+Ic77SD7OzKDI6lh58nXCmCJlwJ5XuOQhX5MFIZZmmy9rN0xeNvEPJa1FBtGOC0LM5KTvJ1fyB 9V5pXNyBSwn/hpYFLMLdsM7CyE50heC8IL98UBiq1JaUhjep6RegXDOZG6vl42mYQMjkuK/lNL+ UYI2vuXRHGJKxjrDhhmP4thVbPcjblvBYk4IoJR5Qo1N4HaFlJ8n6cXWaFxfmtkkBLhAsOVZk/A HKLj0MO5cmZUCDG5tm/+DLF28mXsvOSSb0E7y5z8rnuzlLHH7UcKCaqawo1h3oaK1bk6jZSay5k IIteRKax/OQ40jHxzY8Yi+NuSgNBWpK6w== X-Received: by 2002:a05:600c:548e:b0:47a:935f:61a0 with SMTP id 5b1f17b1804b1-483a95643b3mr217033185e9.0.1771943593221; Tue, 24 Feb 2026 06:33:13 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:12 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 34/44] scripts/install-buildtools: Update to 5.0.15 Date: Tue, 24 Feb 2026 15:32:02 +0100 Message-ID: <3257a0c0f84a21f31d7d2cfc43d838fe35305855.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231841 From: Aleksandar Nikolic Update to the 5.0.15 release of the 5.0 series for buildtools Signed-off-by: Aleksandar Nikolic Signed-off-by: Yoann Congal --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index f1c3084245a..c874494f4ab 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-5.0.14' -DEFAULT_INSTALLER_VERSION = '5.0.14' +DEFAULT_RELEASE = 'yocto-5.0.15' +DEFAULT_INSTALLER_VERSION = '5.0.15' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check From patchwork Tue Feb 24 14:32:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81776 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14EB6F357DA for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21694.1771943595840889927 for ; Tue, 24 Feb 2026 06:33:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=y8buO5Fw; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4836f363d0dso47690245e9.3 for ; Tue, 24 Feb 2026 06:33:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943594; x=1772548394; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7BhoUsFliQYrCLzo2FhEnZnZ6m+T605BKF0nfQOd32Q=; b=y8buO5Fwohj/6UbuyWy9w9O2F1XufA9dvCvCyMp4mlMA8BnX7YESQ7rFxdAZo8YbMs 59ZjjPYohC2tSfpeVmf2GcAwVNxrQ2HGXZ2Xubk8menKxFX5fKnbKVEYf/LB21YqlcQy a2btkTpetumsbcdwF8CA+BoKs8VeRwzBoAkVE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943594; x=1772548394; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7BhoUsFliQYrCLzo2FhEnZnZ6m+T605BKF0nfQOd32Q=; b=Pd59Z3ySDj3dqpTJ5G8njbAJZlDtzjPrlRrhLLo5+1jvQTvipmNb2TyrTZMVjNrHsA GqQ5++mFA1cZgkDNR8tNUu2VZ3Vn/HWLY23ezoxfTvKAoGdA1DkVK+TqfUPR+rNwQ/Pi ADyL85h1aL2VbPiwKuxn2/aYPqGgANqJfKhuX3VWsNuuDPqbrdducKPh6TImbFyvqpQW B32c29/MhYH6NXAAS4smXYdIuJ4zbF9wr1m+V97lvSOiXJvNqBJ6B2gbmbGKmMOrgt4M Dnui93PZCb5zB4WLc12n14QhUimDODO/Xg/68SGllAhkYkLnJzlqTKcffGxp8RvZkiFV Xvlw== X-Gm-Message-State: AOJu0Yyo+/OnHRYR6IegzjBeriACE7qD6bbRL4FCCLyH0q4niHrZyZ7M WhBlz64FeNpTIvJTGbtt5hj9YjqK3yTzTXNGaT1N9wexqSh421LoygTKRRS6T9oy6fCYCmwCVOr waCQ7 X-Gm-Gg: AZuq6aKm0MtAiU9WNO6fJ+5w1NVorlBIjB3ITLXJqFB8G0xl1JjXbNoFN23IP6ailh6 XxvTLW9v43Obgr/W3tIz5rWIymGAFvagps8Xa6ISbAAc54IV1ILodkUutMifhrS+q4tP7diVUdB kzR2VZgHEtuoZoB4pIiUQaCCXE5G5jW8t+EFrph7tEDQII5tOXdwHG6oglsouW0kAw/isy1VEo0 uLkZYCBexu52W0uWaxEpa8IO5ggXmkBsq72sEgtXxX9Ra6P/SJyBmKVIotyTjM6vF0hmi1O1MSB KkRi+Vv4z+k77tj0TfDLMOmsP7WmbEkpfcPQEX1IeSrEymQ0YXGoWJUWh2EaHNwBE3xuh3bsbsy BQ37j7d7VYF72Ek8CKX1SIJyY23mg3Y8pe9tSR8K9uX5Mc7hrXMYn6gIswUYcKAorqHDfyfCDYI OjheQzgR+eS/P8Xxax+vWpb2lg3pM5jpk7LhrTgXgrwEwC38O8qg6c6MYitVP5ueutJtBTR7mAt 7RFSUFb7JmRkEUmlosXWb5aHjWfgP9CrQ== X-Received: by 2002:a05:600c:3516:b0:483:7783:5373 with SMTP id 5b1f17b1804b1-483a963588bmr189718395e9.23.1771943593839; Tue, 24 Feb 2026 06:33:13 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:13 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 35/44] wic/engine: error on old host debugfs for standalone directory copy Date: Tue, 24 Feb 2026 15:32:03 +0100 Message-ID: <45b7d8a8211775000647cfc3ed698e5ad015ab11.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231842 From: Daniel Dragomir When wic is used in standalone mode, it relies on host tools such as debugfs. For directory host->image copies into ext* partitions, wic uses scripted debugfs "-f" input with multiple mkdir/write commands. Older host debugfs versions (< 1.46.5) may behave unreliably in this mode and can silently miss files. This does not affect builds using debugfs from OE where the version is known to be sufficiently new. Add a debugfs version check and emit an error when an older host debugfs is detected. The error is shown once per run and halts execution. Signed-off-by: Daniel Dragomir Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit cb536737bee95d5a5072b501bda9554705e8cd13) [YC: removed patch changelog] Signed-off-by: Yoann Congal --- scripts/lib/wic/engine.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/scripts/lib/wic/engine.py b/scripts/lib/wic/engine.py index 565a0db38a6..8ca8ed0dbd4 100644 --- a/scripts/lib/wic/engine.py +++ b/scripts/lib/wic/engine.py @@ -220,6 +220,34 @@ def wic_list(args, scripts_path): return False +_DEBUGFS_VERSION = None + +def debugfs_version_check(debugfs_path, min_ver=(1, 46, 5)): + global _DEBUGFS_VERSION + + if _DEBUGFS_VERSION is None: + out = "" + for flag in ("-V", "-v"): + try: + out = exec_cmd(f"{debugfs_path} {flag}") + break + except Exception: + continue + + import re + m = re.search(r"(\d+)\.(\d+)\.(\d+)", out or "") + _DEBUGFS_VERSION = tuple(map(int, m.groups())) if m else None + + ver = _DEBUGFS_VERSION + + if ver is not None and ver < min_ver: + raise WicError( + "Sorry, debugfs 1.46.5 or later is required for this script. " + "Older versions of debugfs can make directory copies into ext* partitions " + "via scripted debugfs (-f) unreliable or broken. Detected version: %s" + % (".".join(map(str, ver)) if ver else "unknown") + ) + class Disk: def __init__(self, imagepath, native_sysroot, fstypes=('fat', 'ext')): @@ -334,6 +362,7 @@ class Disk: if self.partitions[pnum].fstype.startswith('ext'): if isinstance(src, str): # host to image case if os.path.isdir(src): + debugfs_version_check(self.debugfs) base = os.path.abspath(src) base_parent = os.path.dirname(base) cmds = [] From patchwork Tue Feb 24 14:32:04 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81778 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B312EEC2B5 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21480.1771943596560569081 for ; Tue, 24 Feb 2026 06:33:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=hwlCeBfI; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4836f363d0dso47690415e9.3 for ; Tue, 24 Feb 2026 06:33:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943595; x=1772548395; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vlK97Mfm8timj7cMf5ZVtrIpM3yTjoYhmPrAiNAdDM8=; b=hwlCeBfIyDR+G3k1GY/eH6ikdUD9ZoUXIynqV/CV2KReJA/b81QGzT9sdpXiAIkcE1 9Ucd8Ko/FkeUXH3hsycZK4YYheg4oUwRRquuQMf+KA6iJkiWkj9U3uzkulOD3Q8YdBfh tcDDJ6YB7PHqYmThXkVFuxO5SlEKR97tDZk7E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943595; x=1772548395; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vlK97Mfm8timj7cMf5ZVtrIpM3yTjoYhmPrAiNAdDM8=; b=cdwgC7MRwbU9b94u0rOZIyx7s2z5vo7w9d5BvZilMT60Czhz7/yXUNFBrA4WxLs1wa vUFY/kdVRvKCN+OfLImT8h1GC1As65nf6yl+higSgahacFPUvK9yrjtBX5ssuJHWmwXF FTabisO8450pPl6Lu1sdJItj379IOQI+IjGy+34IUGqR8btJv4md3T2MxZiPhE1aWxeu seK5nzMuijVz6XMpnBLD2qOHyTjnqCo8tOUxpVbUxrHDQtZ/fxbiigK1CboPtIlNJXgp FlJct26u3O6yZguaxzIVBVB7y+CwY0rFPzfzaQqSQbuNlrAAChEBeqzOC/wN4osqJ23t harQ== X-Gm-Message-State: AOJu0Yz1zqlZp1bIZ3ojqpK42etQBSmOgaHQtdwcqmDr/kS/T0Hes+7v 299gorYsBrO1zggvz72zmVi0qCTg+M80/5Xtv6yN2VGnw9hGjK0SXVfTyWUSxPwzkmbIq09WQc+ 0yzm4 X-Gm-Gg: AZuq6aLvLDhEqdODG7gs+tZF1bc88uFLFOUaHXEnlWXjb6DSQGjPsTlwdstRnTz5M2z P4NxGW8O/T4Xrxz3zzNMaBWcNPfg+JmZMUgWwIVbYbOc9WwLY0T/pQvmbSi0/Fqm/Frvp2gM2n1 d3dw8YSE/aXl31Lfjxyr1h/7dgELta0hpkob2ZTabTuqKxumqWDaFQidUMJwUQAkbrrhNl368b0 vtEYbkY1PfEpNniI9v2L5wB2nS4mK8WNhI9YlC8InGmg7DsF06R52pEKktGtrt0pQOPaBkw7VEI pik4eHVosh9BxswVlZoczANWEwJm1coutXpiaTo5ujIz9sTESmaGgGaONDM5hR0bkFX9AxbwNBY BeKVe27/4euUEZGtgk7YOogy6EOydUzNM2zADMfv+TROWVeI56+kKFxLXzV1litGbZU3ra91tMi AZXrLn7Rp4YwTqz4oLUQRmNDOx/6Gf+9Dlh6Ok/hlkBXNIVUAS1jrbG4mY0/djm6/y9nsIcK2VC QEaMuo6eppocjY2T+VTkdpkbNguFs+OdA== X-Received: by 2002:a05:600c:4f94:b0:47e:e20e:bbb0 with SMTP id 5b1f17b1804b1-483a95eb33cmr201486925e9.6.1771943594493; Tue, 24 Feb 2026 06:33:14 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:14 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 36/44] glib-2.0: patch CVE-2026-1484 Date: Tue, 24 Feb 2026 15:32:04 +0100 Message-ID: <909a3d7952103826baf7f93926474f2a8b981576.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231843 From: Peter Marko Pick patches from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3870 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-1484-01.patch | 48 +++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2026-1484-02.patch | 45 +++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 2 + 3 files changed, 95 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch new file mode 100644 index 00000000000..c5c2f657ccf --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch @@ -0,0 +1,48 @@ +From 5ba0ed9ab2c28294713bdc56a8744ff0a446b59c Mon Sep 17 00:00:00 2001 +From: Marco Trevisan +Date: Fri, 23 Jan 2026 18:48:30 +0100 +Subject: [PATCH] gbase64: Use gsize to prevent potential overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Both g_base64_encode_step() and g_base64_encode_close() return gsize +values, but these are summed to an int value. + +If the sum of these returned values is bigger than MAXINT, we overflow +while doing the null byte write. + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-168 +Closes: #3870 + + +(cherry picked from commit 6845f7776982849a2be1d8c9b0495e389092bff2) + +Co-authored-by: Marco Trevisan (Treviño) + +CVE: CVE-2026-1484 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/5ba0ed9ab2c28294713bdc56a8744ff0a446b59c] +Signed-off-by: Peter Marko +--- + glib/gbase64.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/glib/gbase64.c b/glib/gbase64.c +index 2ea4a4ef4..214b48911 100644 +--- a/glib/gbase64.c ++++ b/glib/gbase64.c +@@ -264,8 +264,9 @@ g_base64_encode (const guchar *data, + gsize len) + { + gchar *out; +- gint state = 0, outlen; ++ gint state = 0; + gint save = 0; ++ gsize outlen; + + g_return_val_if_fail (data != NULL || len == 0, NULL); + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch new file mode 100644 index 00000000000..a9cf855c6b9 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch @@ -0,0 +1,45 @@ +From 25429bd0b22222d6986d000d62b44eebf490837d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 20:09:44 +0100 +Subject: [PATCH] gbase64: Ensure that the out value is within allocated size + +We do not want to deference or write to it + +Related to: #3870 + +CVE: CVE-2026-1484 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/25429bd0b22222d6986d000d62b44eebf490837d] +Signed-off-by: Peter Marko +--- + glib/gbase64.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/glib/gbase64.c b/glib/gbase64.c +index 214b48911..0141b3b07 100644 +--- a/glib/gbase64.c ++++ b/glib/gbase64.c +@@ -267,6 +267,7 @@ g_base64_encode (const guchar *data, + gint state = 0; + gint save = 0; + gsize outlen; ++ gsize allocsize; + + g_return_val_if_fail (data != NULL || len == 0, NULL); + +@@ -274,10 +275,15 @@ g_base64_encode (const guchar *data, + +1 is needed for trailing \0, also check for unlikely integer overflow */ + g_return_val_if_fail (len < ((G_MAXSIZE - 1) / 4 - 1) * 3, NULL); + +- out = g_malloc ((len / 3 + 1) * 4 + 1); ++ allocsize = (len / 3 + 1) * 4 + 1; ++ out = g_malloc (allocsize); + + outlen = g_base64_encode_step (data, len, FALSE, out, &state, &save); ++ g_assert (outlen <= allocsize); ++ + outlen += g_base64_encode_close (FALSE, out + outlen, &state, &save); ++ g_assert (outlen <= allocsize); ++ + out[outlen] = '\0'; + + return (gchar *) out; diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index 97618d1d40b..43a28273e9d 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -40,6 +40,8 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2025-14087-03.patch \ file://CVE-2025-14512.patch \ file://CVE-2026-0988.patch \ + file://CVE-2026-1484-01.patch \ + file://CVE-2026-1484-02.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ From patchwork Tue Feb 24 14:32:05 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81774 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 217C1E9B278 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21695.1771943597071435435 for ; Tue, 24 Feb 2026 06:33:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=dotbOU9M; spf=pass (domain: smile.fr, ip: 209.85.221.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-43767807cf3so4199209f8f.1 for ; Tue, 24 Feb 2026 06:33:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943595; x=1772548395; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Jw4+YpJ6X15vdTAYtW/WM4upQ9/TDm6wheY5NRMGNag=; b=dotbOU9MYMOQg0YNR1VBshwQLslWh9c9NAWTdPFpJejiuXM1lhCDXEjqjwDLhCkNBz 3EnqvNlEc5hmgFh9nfWy767Ah9NAKNMWEmQshn9YW24IKTKt+9uKLi+G4qNE94+fP5KC aNO8fuJvCzRD5Bacp7F57hm/8G4xDAK1DW84g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943595; x=1772548395; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Jw4+YpJ6X15vdTAYtW/WM4upQ9/TDm6wheY5NRMGNag=; b=RU5QEDjlquUevEwO8qb1bjVa8G/MUxE16o4ZUIt/MI4Nzbf/8DHtuFztCUbbO3rebP PUKLzYBUxuA7AA10roG0h1j3EA+tnJggfHuSu3z3fVxT5wsJMuYMjq4T0XclVElyYoUf PgWcBXvoZ8jXiZsU+nIMg88CgcMzaU2OVYwUk2vADcWw8+0RBxxdUFI6jWQeEshBWLI0 MKO8O4VvijbXXS6ngzf7iB6EyaSMcfrRhSsmTRhTYfPoyVR1NJ2eHxKXlHhNnRJZRuav VMgudLGeo4eV1LI8lSInt/tgujoOBatjd3u3kcbhpxcf/rinewDHMedDqfn79cGF9Fug G+dw== X-Gm-Message-State: AOJu0YwOge1K9MppzO/g7StWNvQLPiRukO3bTaVa5W3ijIP+pOUooHJF sWzg0nA0zoyTZ5BjCfIrwYK82Ig8fDJBfcdMcvN4JGU/KU9s6TrtdrqMbRd7p3ZRfw9Bfe3gzMD smD0S X-Gm-Gg: AZuq6aKKx9VPwRqraCU/0ZfK1zyWDsmPGVswP44c45AzdUJh1Vfw0TsxBZsNL1yUkaF T7jASESkCx2vU6nHZDBVctb7VXqlQKKC6CwiUL5a6OcdEuIHG458L+LppT0nbUTKfG+plXdASQC rd7nTzCZLUxWpcbERH9rrwYyUOwDM6AuclEfEKm2VPi/Y4quG7R4JXZclBZ5tQX14Y2LI6hI3vY gqB4Yxxm4T4RHZpfhZU2w8K1qi3bbXvsCNNRn7dcYX7MO9+ZYhBkeH8vWmPTkxIga8dMvIx7V40 9tcJkiv5IoOPlD7PVrnF+Gttadtbr0Rtlwvd+1pQ/wo+CGSTvgm5LpgDXsxXolaAHpIP57qf4FD RnwfGawrESpo9GUjR0SStcAQqFTnR4Id+GqjXZNgJGSLxqk2kur6SqKpX6bwa7TSW6TPW/HxQnS HovWDFt9fdepjn4glzxsm2uF6f96DKKnJN4Cl3hvQijoZdj9lHxGr88ygqIW00PyPdEyXG/rYVb PFQiN0G4NookoRneajnla+ga9Ezz+FP0uBfne7lWmgK X-Received: by 2002:a05:600c:450c:b0:483:7783:537b with SMTP id 5b1f17b1804b1-483a96365camr203852665e9.24.1771943595209; Tue, 24 Feb 2026 06:33:15 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:14 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 37/44] glib-2.0: patch CVE-2026-1485 Date: Tue, 24 Feb 2026 15:32:05 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231844 From: Peter Marko Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3871 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch new file mode 100644 index 00000000000..73c29db9990 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch @@ -0,0 +1,44 @@ +From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001 +From: Marco Trevisan +Date: Fri, 23 Jan 2026 19:05:44 +0100 +Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer + than MAXINT +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case the header size is longer than MAXINT we may read and write to +invalid locations + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-169 +Closes: #3871 + + +(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45) + +Co-authored-by: Marco Trevisan (Treviño) + +CVE: CVE-2026-1485 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ee5acb2cefc643450509374da2600cd3bf49a109] +Signed-off-by: Peter Marko +--- + gio/gcontenttype.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c +index 230cea182..11323973a 100644 +--- a/gio/gcontenttype.c ++++ b/gio/gcontenttype.c +@@ -1021,7 +1021,7 @@ tree_match_free (TreeMatch *match) + static TreeMatch * + parse_header (gchar *line) + { +- gint len; ++ size_t len; + gchar *s; + TreeMatch *match; + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index 43a28273e9d..fefa3ad7d6e 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -42,6 +42,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2026-0988.patch \ file://CVE-2026-1484-01.patch \ file://CVE-2026-1484-02.patch \ + file://CVE-2026-1485.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ From patchwork Tue Feb 24 14:32:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81782 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4311BF3C985 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21483.1771943597860874444 for ; Tue, 24 Feb 2026 06:33:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=WZXZoOjJ; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4836f363ad2so61255275e9.1 for ; Tue, 24 Feb 2026 06:33:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943596; x=1772548396; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=b8RVZPhrBp6x51+x9aeI8YajEc3hAfqPomgRo4lUGdc=; b=WZXZoOjJPsEAf2QepUGNN3VkknLSrBMBtwy7x8e4+MH6EmfEbLisX7A8vTuYKsVARb hGoD7k4aznGu4TPRqDvSEwI9lDnmp9XpEjdObcceAkjwKI1uyk7rmP7yygC555HafIal AdLq8pGpqEycCuKjgCeLYI9+jHWseaTFXodiM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943596; x=1772548396; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=b8RVZPhrBp6x51+x9aeI8YajEc3hAfqPomgRo4lUGdc=; b=xUkHTUEYJt/7ZpTYCBMqmSSwYmgkWqJEmFMHeeOLKQ/QdQVvgbYjPLoEUIZG+sZ1kF mBN9FBwe6uyE009GmriCOCZ4gq7WOtVEOQpULs126l7k0Zb7chyecFUbXPCDDegZydOG gRo/PouoGWKbRXQEPripcVzNG05fE1mwaOJkLVE4cPjSux6XcrqEPCSGvTR+GRLQICHv nMeLOKi7+0CR8YScmoSbncAKgVeU93Yl+crtjUgB5nGNXGm/EOY8PCMFwdf3/CgaN6xd F/fofAOo7ZU4RcZexvlzTDZwz/SO8B9L5dmFpLJdhItIR3uglSZq4OuuNY1nbRkXEg77 i43A== X-Gm-Message-State: AOJu0YxGOGyEjg5EaFrQH7y37uB/H2jiCBAtLaQ0F9Y2VRbNHxZGJg3E IYsskk/EV08bp6MZQwck0OI6O23aYBA6XejveD074Wn6C8G+HpiiG3IGVQ26WhAHfjJt+40I+nL DCCx7 X-Gm-Gg: AZuq6aKrl5xaHBcrEy9qWFtsR69qllumHR4TZtcO2sBKdbrFJoRnwaI0CuSFXmw6XEV CCnRMMt8Fo6q6YaJgjHTtINpFHAh7iEhDPsKa0xX0hvRNhH8t7zK21k7iOiThe9tc4bw0kygpOD 6/X9jR2qDsY9y6d6gVnV5KOOR+lzTXD3n0zv5oJnP1tgqT4UDCTVp0BZulV5OCFcJdunY7dK2N0 8+4vNV3DdnCI24t9AQqHJNStAMt6Drj/5h+v4zzJHiJKg4Vny+ih6kYklmbhwKerIzoMc41s01a hsB6wkyiwEdpomjA+DIWY8ASOBihGIHk7sYaiEKIix2z8XgHsw9vLTVG9+ckNc+1VDU7sAEBSJV dX05Cw5F2ViGRyN86XbpOigDOvC4Xth6o+5ZOq2nQMOE1gBwhjvoT33td7HA8p7/NXmqUgct3+Z qfC5zrE+gQZCmayvLHvI1UrEioKQ3TBRY1RiSoN7tbbik9lwZw8S9pvBT0ZJIsAUeEJNYf+sc2N /Lxozg4iHywKmMNmoWmG5sdcPqej7+dVT0qsWrN6ckA X-Received: by 2002:a05:600c:1e1d:b0:480:6999:27ec with SMTP id 5b1f17b1804b1-483a95bebcdmr231539175e9.13.1771943595723; Tue, 24 Feb 2026 06:33:15 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:15 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 38/44] glib-2.0: patch CVE-2026-1489 Date: Tue, 24 Feb 2026 15:32:06 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231845 From: Peter Marko Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3872 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2026-1489-01.patch | 42 +++ .../glib-2.0/glib-2.0/CVE-2026-1489-02.patch | 30 ++ .../glib-2.0/glib-2.0/CVE-2026-1489-03.patch | 290 ++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2026-1489-04.patch | 68 ++++ meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 4 + 5 files changed, 434 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch new file mode 100644 index 00000000000..8f72bf972e8 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch @@ -0,0 +1,42 @@ +From 662aa569efa65eaa4672ab0671eb8533a354cd89 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 22:00:17 +0100 +Subject: [PATCH] guniprop: Use size_t for output_marks length + +The input string length may overflow, and this would lead to wrong +behavior and invalid writes. + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-171 +Closes: #3872 + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/662aa569efa65eaa4672ab0671eb8533a354cd89] +Signed-off-by: Peter Marko +--- + glib/guniprop.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/glib/guniprop.c b/glib/guniprop.c +index fe0033fd6..1a0cc6408 100644 +--- a/glib/guniprop.c ++++ b/glib/guniprop.c +@@ -772,13 +772,13 @@ get_locale_type (void) + return LOCALE_NORMAL; + } + +-static gint ++static size_t + output_marks (const char **p_inout, + char *out_buffer, + gboolean remove_dot) + { + const char *p = *p_inout; +- gint len = 0; ++ size_t len = 0; + + while (*p) + { diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch new file mode 100644 index 00000000000..4d3db5bf4eb --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch @@ -0,0 +1,30 @@ +From 58356619525a1d565df8cc348e9784716f020f2f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 22:01:49 +0100 +Subject: [PATCH] guniprop: Do not convert size_t to gint + +We were correctly using size_t in output_special_case() since commit +362f92b69, but then we converted the value back to int + +Related to: #3872 + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/58356619525a1d565df8cc348e9784716f020f2f] +Signed-off-by: Peter Marko +--- + glib/guniprop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/guniprop.c b/glib/guniprop.c +index 1a0cc6408..fe50a287c 100644 +--- a/glib/guniprop.c ++++ b/glib/guniprop.c +@@ -798,7 +798,7 @@ output_marks (const char **p_inout, + return len; + } + +-static gint ++static size_t + output_special_case (gchar *out_buffer, + int offset, + int type, diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch new file mode 100644 index 00000000000..9ff9a37fcba --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch @@ -0,0 +1,290 @@ +From 170dc8c4068db4c4cbf63c7d27192e230436da21 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Jan 2026 22:04:22 +0100 +Subject: [PATCH] guniprop: Ensure we do not overflow size in + g_utf8_{strdown,gstrup}() + +While this is technically not a security issue, when repeatedly adding +to a size_t value, we can overflow and start from 0. + +Now, while being unlikely, technically an utf8 lower or upper string can +have a longer size than the input value, and if the output string is +bigger than G_MAXSIZE we'd end up cutting it silently. + +Let's instead assert each time we increase the output length + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/170dc8c4068db4c4cbf63c7d27192e230436da21] +Signed-off-by: Peter Marko +--- + glib/guniprop.c | 109 +++++++++++++++++++++++++++++++----------------- + 1 file changed, 70 insertions(+), 39 deletions(-) + +diff --git a/glib/guniprop.c b/glib/guniprop.c +index fe50a287c..86020b6e0 100644 +--- a/glib/guniprop.c ++++ b/glib/guniprop.c +@@ -772,14 +772,36 @@ get_locale_type (void) + return LOCALE_NORMAL; + } + +-static size_t +-output_marks (const char **p_inout, +- char *out_buffer, +- gboolean remove_dot) ++G_ALWAYS_INLINE static inline void ++increase_size (size_t *sizeptr, size_t add) ++{ ++ g_assert (G_MAXSIZE - *(sizeptr) >= add); ++ *(sizeptr) += add; ++} ++ ++G_ALWAYS_INLINE static inline void ++append_utf8_char_to_buffer (gunichar c, ++ char *out_buffer, ++ size_t *in_out_len) ++{ ++ gint utf8_len; ++ char *buffer; ++ ++ buffer = out_buffer ? out_buffer + *(in_out_len) : NULL; ++ utf8_len = g_unichar_to_utf8 (c, buffer); ++ ++ g_assert (utf8_len >= 0); ++ increase_size (in_out_len, utf8_len); ++} ++ ++static void ++append_mark (const char **p_inout, ++ char *out_buffer, ++ size_t *in_out_len, ++ gboolean remove_dot) + { + const char *p = *p_inout; +- size_t len = 0; +- ++ + while (*p) + { + gunichar c = g_utf8_get_char (p); +@@ -787,7 +809,7 @@ output_marks (const char **p_inout, + if (ISMARK (TYPE (c))) + { + if (!remove_dot || c != 0x307 /* COMBINING DOT ABOVE */) +- len += g_unichar_to_utf8 (c, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (c, out_buffer, in_out_len); + p = g_utf8_next_char (p); + } + else +@@ -795,14 +817,14 @@ output_marks (const char **p_inout, + } + + *p_inout = p; +- return len; + } + +-static size_t +-output_special_case (gchar *out_buffer, +- int offset, +- int type, +- int which) ++static void ++append_special_case (char *out_buffer, ++ size_t *in_out_len, ++ int offset, ++ int type, ++ int which) + { + const gchar *p = special_case_table + offset; + gint len; +@@ -814,10 +836,12 @@ output_special_case (gchar *out_buffer, + p += strlen (p) + 1; + + len = strlen (p); +- if (out_buffer) +- memcpy (out_buffer, p, len); ++ g_assert (len < G_MAXSIZE - *in_out_len); + +- return len; ++ if (out_buffer) ++ memcpy (out_buffer + *in_out_len, p, len); ++ ++ increase_size (in_out_len, len); + } + + static gsize +@@ -858,11 +882,13 @@ real_toupper (const gchar *str, + decomp_len = g_unichar_fully_decompose (c, FALSE, decomp, G_N_ELEMENTS (decomp)); + for (i=0; i < decomp_len; i++) + { ++ + if (decomp[i] != 0x307 /* COMBINING DOT ABOVE */) +- len += g_unichar_to_utf8 (g_unichar_toupper (decomp[i]), out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (g_unichar_toupper (decomp[i]), ++ out_buffer, &len); + } +- +- len += output_marks (&p, out_buffer ? out_buffer + len : NULL, TRUE); ++ ++ append_mark (&p, out_buffer, &len, TRUE); + + continue; + } +@@ -875,17 +901,17 @@ real_toupper (const gchar *str, + if (locale_type == LOCALE_TURKIC && c == 'i') + { + /* i => LATIN CAPITAL LETTER I WITH DOT ABOVE */ +- len += g_unichar_to_utf8 (0x130, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x130, out_buffer, &len); + } + else if (c == 0x0345) /* COMBINING GREEK YPOGEGRAMMENI */ + { + /* Nasty, need to move it after other combining marks .. this would go away if + * we normalized first. + */ +- len += output_marks (&p, out_buffer ? out_buffer + len : NULL, FALSE); ++ append_mark (&p, out_buffer, &len, TRUE); + + /* And output as GREEK CAPITAL LETTER IOTA */ +- len += g_unichar_to_utf8 (0x399, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x399, out_buffer, &len); + } + else if (IS (t, + OR (G_UNICODE_LOWERCASE_LETTER, +@@ -896,8 +922,8 @@ real_toupper (const gchar *str, + + if (val >= 0x1000000) + { +- len += output_special_case (out_buffer ? out_buffer + len : NULL, val - 0x1000000, t, +- t == G_UNICODE_LOWERCASE_LETTER ? 0 : 1); ++ append_special_case (out_buffer, &len, val - 0x1000000, t, ++ t == G_UNICODE_LOWERCASE_LETTER ? 0 : 1); + } + else + { +@@ -917,7 +943,7 @@ real_toupper (const gchar *str, + /* Some lowercase letters, e.g., U+000AA, FEMININE ORDINAL INDICATOR, + * do not have an uppercase equivalent, in which case val will be + * zero. */ +- len += g_unichar_to_utf8 (val ? val : c, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (val ? val : c, out_buffer, &len); + } + } + else +@@ -927,7 +953,7 @@ real_toupper (const gchar *str, + if (out_buffer) + memcpy (out_buffer + len, last, char_len); + +- len += char_len; ++ increase_size (&len, char_len); + } + + } +@@ -965,6 +991,8 @@ g_utf8_strup (const gchar *str, + * We use a two pass approach to keep memory management simple + */ + result_len = real_toupper (str, len, NULL, locale_type); ++ g_assert (result_len < G_MAXSIZE); ++ + result = g_malloc (result_len + 1); + real_toupper (str, len, result, locale_type); + result[result_len] = '\0'; +@@ -1022,14 +1050,15 @@ real_tolower (const gchar *str, + { + /* I + COMBINING DOT ABOVE => i (U+0069) + * LATIN CAPITAL LETTER I WITH DOT ABOVE => i (U+0069) */ +- len += g_unichar_to_utf8 (0x0069, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0069, out_buffer, &len); ++ + if (combining_dot) + p = g_utf8_next_char (p); + } + else + { + /* I => LATIN SMALL LETTER DOTLESS I */ +- len += g_unichar_to_utf8 (0x131, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x131, out_buffer, &len); + } + } + /* Introduce an explicit dot above when lowercasing capital I's and J's +@@ -1037,19 +1066,19 @@ real_tolower (const gchar *str, + else if (locale_type == LOCALE_LITHUANIAN && + (c == 0x00cc || c == 0x00cd || c == 0x0128)) + { +- len += g_unichar_to_utf8 (0x0069, out_buffer ? out_buffer + len : NULL); +- len += g_unichar_to_utf8 (0x0307, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0069, out_buffer, &len); ++ append_utf8_char_to_buffer (0x0307, out_buffer, &len); + + switch (c) + { + case 0x00cc: +- len += g_unichar_to_utf8 (0x0300, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0300, out_buffer, &len); + break; + case 0x00cd: +- len += g_unichar_to_utf8 (0x0301, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0301, out_buffer, &len); + break; + case 0x0128: +- len += g_unichar_to_utf8 (0x0303, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (0x0303, out_buffer, &len); + break; + } + } +@@ -1058,8 +1087,8 @@ real_tolower (const gchar *str, + c == 'J' || c == G_UNICHAR_FULLWIDTH_J || c == 0x012e) && + has_more_above (p)) + { +- len += g_unichar_to_utf8 (g_unichar_tolower (c), out_buffer ? out_buffer + len : NULL); +- len += g_unichar_to_utf8 (0x0307, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (g_unichar_tolower (c), out_buffer, &len); ++ append_utf8_char_to_buffer (0x0307, out_buffer, &len); + } + else if (c == 0x03A3) /* GREEK CAPITAL LETTER SIGMA */ + { +@@ -1082,7 +1111,7 @@ real_tolower (const gchar *str, + else + val = 0x3c2; /* GREEK SMALL FINAL SIGMA */ + +- len += g_unichar_to_utf8 (val, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (val, out_buffer, &len); + } + else if (IS (t, + OR (G_UNICODE_UPPERCASE_LETTER, +@@ -1093,7 +1122,7 @@ real_tolower (const gchar *str, + + if (val >= 0x1000000) + { +- len += output_special_case (out_buffer ? out_buffer + len : NULL, val - 0x1000000, t, 0); ++ append_special_case (out_buffer, &len, val - 0x1000000, t, 0); + } + else + { +@@ -1112,7 +1141,7 @@ real_tolower (const gchar *str, + + /* Not all uppercase letters are guaranteed to have a lowercase + * equivalent. If this is the case, val will be zero. */ +- len += g_unichar_to_utf8 (val ? val : c, out_buffer ? out_buffer + len : NULL); ++ append_utf8_char_to_buffer (val ? val : c, out_buffer, &len); + } + } + else +@@ -1122,7 +1151,7 @@ real_tolower (const gchar *str, + if (out_buffer) + memcpy (out_buffer + len, last, char_len); + +- len += char_len; ++ increase_size (&len, char_len); + } + + } +@@ -1159,6 +1188,8 @@ g_utf8_strdown (const gchar *str, + * We use a two pass approach to keep memory management simple + */ + result_len = real_tolower (str, len, NULL, locale_type); ++ g_assert (result_len < G_MAXSIZE); ++ + result = g_malloc (result_len + 1); + real_tolower (str, len, result, locale_type); + result[result_len] = '\0'; diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch new file mode 100644 index 00000000000..15322efacd5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch @@ -0,0 +1,68 @@ +From b96966058f4291db8970ced70ee22103e63679e5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Fri, 23 Jan 2026 17:39:34 +0100 +Subject: [PATCH] glib/tests/unicode: Add test debug information when parsing + input files + +On case of failures makes it easier to understand on what line of the +source file we're at, as it might not be clear for non-ascii chars + +CVE: CVE-2026-1489 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/b96966058f4291db8970ced70ee22103e63679e5] +Signed-off-by: Peter Marko +--- + glib/tests/unicode.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/glib/tests/unicode.c b/glib/tests/unicode.c +index 90b5a98b8..44d1083dd 100644 +--- a/glib/tests/unicode.c ++++ b/glib/tests/unicode.c +@@ -600,6 +600,7 @@ test_casemap_and_casefold (void) + const char *locale; + const char *test; + const char *expected; ++ size_t line = 0; + char *convert; + char *current_locale = setlocale (LC_CTYPE, NULL); + char *old_lc_all, *old_lc_messages, *old_lang; +@@ -620,6 +621,7 @@ test_casemap_and_casefold (void) + + while (fgets (buffer, sizeof (buffer), infile)) + { ++ line++; + if (buffer[0] == '#') + continue; + +@@ -662,6 +664,9 @@ test_casemap_and_casefold (void) + + convert = g_utf8_strup (test, -1); + expected = strings[4][0] ? strings[4] : test; ++ g_test_message ("Converting '%s' => '%s' (line %" G_GSIZE_FORMAT ")", ++ test, expected, line); ++ + g_assert_cmpstr (convert, ==, expected); + g_free (convert); + +@@ -681,9 +686,11 @@ test_casemap_and_casefold (void) + + infile = fopen (filename, "r"); + g_assert (infile != NULL); ++ line = 0; + + while (fgets (buffer, sizeof (buffer), infile)) + { ++ line++; + if (buffer[0] == '#') + continue; + +@@ -693,6 +700,9 @@ test_casemap_and_casefold (void) + test = strings[0]; + + convert = g_utf8_casefold (test, -1); ++ g_test_message ("Converting '%s' => '%s' (line %" G_GSIZE_FORMAT ")", ++ test, strings[1], line); ++ + g_assert_cmpstr (convert, ==, strings[1]); + g_free (convert); + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index fefa3ad7d6e..b8212c9d12b 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -43,6 +43,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2026-1484-01.patch \ file://CVE-2026-1484-02.patch \ file://CVE-2026-1485.patch \ + file://CVE-2026-1489-01.patch \ + file://CVE-2026-1489-02.patch \ + file://CVE-2026-1489-03.patch \ + file://CVE-2026-1489-04.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ From patchwork Tue Feb 24 14:32:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42B80F3C984 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21484.1771943598183199884 for ; Tue, 24 Feb 2026 06:33:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=2YcjICJc; spf=pass (domain: smile.fr, ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-436309f1ad7so4316903f8f.3 for ; Tue, 24 Feb 2026 06:33:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943596; x=1772548396; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dHGHlw1sh7P9elEmAfTQjZGJqbsw1sGkoEPsVSAJUk0=; b=2YcjICJcFtFIXZ094n6shKqFKsaIiLCEgaLKWClYWrhWeyZIAkXKvXzTI2sETiuW54 3XpsxFeCRXOCMHA7iv6Tmctcjb7oPDeQV1jw2BlqxaFW8Wbc6SffAuZqh2S2kClpQ+dG X3dLUt1f0SEKHLNIWHsr7TKXFT5m+6k3FIoh4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943596; x=1772548396; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dHGHlw1sh7P9elEmAfTQjZGJqbsw1sGkoEPsVSAJUk0=; b=NCjY2g+sw+rimAY+CqbV0B6XCH0p7s2gTbU5tvK+/MLm2YSEswLNHW1PfZVrOYgV6A j9VidTrF5USnJSL04uHmVnM2DmVgpYaoOivCVvmUqTSVopIA4Ljrz1qzs7kn7Cb09G5K WikV8ifqcMKiQmid8jBBbsBfPKV3rrevhptN6p9UREurKos5wP6ZQOTciZbUBZod1e03 EoSllv6jWx17/bokh4i7j5yJFDcXD/ANf54nTUcuiy6S5ILucYku1yKCdqyO+li2BVXj d6O85vt91VIHyeW7S083OBgNEk6yaiFK8ZYzmECgSY2ydlPdtKf5eDB6upJzzjA5r/Bz gjEQ== X-Gm-Message-State: AOJu0YzrzvE+PNsYIU80HlvV8gC2+XPqyXOWP8LUIf8AEtcs60pwlAZs flomgxOJGQcCLkthMUD/ngrSVSz4lrSUl62LGJUVZApviCi0EdhmHE/zt7sfb1LTjcVRYxJdcrJ NtwRR X-Gm-Gg: AZuq6aJKJiHmZWaTra5kP5sE8jF+tzFMUgTFkHjJ0STRH4InQouv0AkncHERm8/nM0I Iw90EndkeVoDllt9nuly0134UU3i8FGB14nH3DFY/gqZprPqg1TmMy/VW2movjwakI30So91sku qpVg4A8UPit7hP9casYOFr3DgaKjyVdYKVzm0zHZhcZWswHWqpoAjFSBR6o6HQahWaDU3fbUtsF l7JvmgGhzuTjoKoX9g3AwX8TzIKDpTM3ehCfXs+BWCG0Pg6ifHuXQPrMm3CKDHuUMGeg1KP01d5 6ZYEtEm76UvQeoDMPq6v7WD3mCUOyhLEFvYZWbf/YXAfCCnV7VR75qf3w+VSm849+Eebq7lu7r1 3LjeQZzsQE0j4M/RA1nZZ99z+8m503YtZ9fpIGI+0itjZJiDuvnBGaTXot8cqjNFs3JZI3IfhRz T9lRx+9LLudG9Wj/LWTISYVWORygK4z6AyjeHTtuBONBRug8M9NfdO7Dujk3Uf7tqHP9xIGdBwe 2kB1PILHZoqMjfKkGEGcbr04DaZG+h29Q== X-Received: by 2002:a05:600c:45ce:b0:483:7813:90d8 with SMTP id 5b1f17b1804b1-483a95bd80fmr214603415e9.1.1771943596328; Tue, 24 Feb 2026 06:33:16 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:16 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 39/44] ffmpeg: ignore CVE-2025-1594 Date: Tue, 24 Feb 2026 15:32:07 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231846 From: Peter Marko This CVE was patched via c9a15206bae7f1e85dc3b8812eabb936a7e6d383 Patch was dropped during update to 6.1.4, however NVD DB does not have this information so it re-appeared in CVE reports. Set its status accordingly. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb index c1536015d98..03ec637ddfa 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb @@ -48,7 +48,7 @@ CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wr CVE_STATUS[CVE-2025-1373] = "fixed-version: Vulnerable code not present in any release" CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x" -CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585" +CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 CVE-2025-1594" CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x" CVE_STATUS[CVE-2025-25469] = "cpe-incorrect: Current version (6.1.4) is not impacted." From patchwork Tue Feb 24 14:32:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40D75F3C982 for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21485.1771943599163283247 for ; Tue, 24 Feb 2026 06:33:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=n+j+cEFz; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4833115090dso54144185e9.3 for ; Tue, 24 Feb 2026 06:33:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943597; x=1772548397; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=U764lGr+nq68pRGB4D7NsqY/Nn41O+kPENtJ72Jk68s=; b=n+j+cEFzwPdwC2K/AVXsNhy3ukX+f1B2lJT4Us8e51s4kmhs55N6D3VdLxbLl/zTeV FmgHj/yIC+Mzk65QBLAqeiH8Bkw4T/956JiUI1t5qYol4b35RdDOr200h/yiHjfF1tm9 BCtPK9e9ayEzsjySO4G73JEfXzaXFXJ6FKWV8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943597; x=1772548397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=U764lGr+nq68pRGB4D7NsqY/Nn41O+kPENtJ72Jk68s=; b=Jo3AwLde59bxKWy2J2dxOrfHVt1sMDgt+Wy38zyHAtZFTUe9Igr8JabFk6LJwy7Lw5 DQA3Fbxiy3oaLdFxiLlI7x7gLbJ3SBcJx32Dl4EFZdBRl2QRx53ffwWYGAKVaz+Rlj2n JmVwRLCDPbFWMjw8HVbOcgK9UDKEwDW0DxUuj7jj8lsPjakAOieuxjhUV8Wns7/VaJUe 1L3mBgLCYtXYikEWIuAiYkXxtuWbOrH6sh4hpyFtQXQaxHfA9rUOx3ITeihVq6DvAQlH /yNfFD3P9G8u/2NQ5iqx4EOGIXR2CoeGlf9DD+XP3M/xlM3mTS2ur9RqFwpSI1G+lqN7 uEEQ== X-Gm-Message-State: AOJu0YxpZ9IrtDSI7JQM0y2zvddHWBEt/zpKU5+0no0zBhMgI6KyIxj1 FVjQOhaQ5ZIdzYXqc2mJ9yS+Svic61l4RpQq/9SmmsM07QBeplpUZJ0Z7jrf1IRONH/f7e98W4C kEUY5 X-Gm-Gg: AZuq6aLYr31axsQhPhsSfFPtT7IUAjIcIxZAu0MuhWPg+vjH22TLmbfMLvH7uU4Qqk9 48VpYPar1fdWVkwO0HYBGtkM/+6MYRQCkw6GoH7QHtj6jVyuoNXo8mevDsCX9LrARr1xyl3ArQ0 hBKq8N2I7fChNrYPHHgvOokFx2kGNxIrAAH5fwghUS7Ti8N7DfWM6Dq7Q5zUEWm3k1y1mOX8m8x iu4/C7lMlqEHsMFZ3r5zsxA9sbkk5rLiua9T0jFOIFZIobUbhvKcMGW89ALPkMNMuT6QZQCnhcM tt80dInffRvseDzf5mVm55uPfRA7XDzz6iXpX/YreSUGzF+6kx/RIqSNXIY4H+GLn8PiQTdse0H 0y3lnrTAj8TeZ7pGUi1yZmL+Io7is3IVINfG1on1G1myttdrHv0XqdpARBgldZ9IKrlVXLkbwL/ WLINok0HzM2dvYoo3vcGrpAk24+1MvEhM0jCHYuQhB3go+C0Auz0vX2MFI2bad8xXo8yCFFVEJQ 1/lIoA0OsTQsaf9eIKBKVGhp6zEte9/2Q== X-Received: by 2002:a05:600c:a11:b0:483:361b:deff with SMTP id 5b1f17b1804b1-483a95c9e16mr218782765e9.14.1771943597154; Tue, 24 Feb 2026 06:33:17 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:16 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 40/44] libtheora: mark CVE-2024-56431 as not vulnerable yet Date: Tue, 24 Feb 2026 15:32:08 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231847 From: Peter Marko CVE patch [1] aplies only on main branch which is base for 1.2.x. Branch 1.1 has a different initial commit and does not contain vulnerable code where the CVE patch applies. Also Debian [2] marked 1.1 as not vulnerable. [1] https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b [2] https://security-tracker.debian.org/tracker/CVE-2024-56431 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb index 5e94bc29751..2cbc6696eb2 100644 --- a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb +++ b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb @@ -21,3 +21,5 @@ CVE_PRODUCT = "theora" inherit autotools pkgconfig EXTRA_OECONF = "--disable-examples" + +CVE_STATUS[CVE-2024-56431] = "fixed-version:branch 1.1 is not affected, vulnerable code is not present yet" From patchwork Tue Feb 24 14:32:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81772 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED840F357D9 for ; Tue, 24 Feb 2026 14:33:22 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21697.1771943599836504482 for ; Tue, 24 Feb 2026 06:33:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=I1YXZ4hk; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-48336a6e932so34615935e9.3 for ; Tue, 24 Feb 2026 06:33:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943598; x=1772548398; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Get/K8Ad/0gkC/fRTNSZS+7nqdVV69GPFf9GFLam5Bo=; b=I1YXZ4hkcnXleu7NrZkbrGKr6T5STB6Qj8h6zVxC5Dfr68vcn5rQG9Nk7xcCzy/L2u SWAUX4pWYj8ylh0k7YW7kjvXW29/Qj/+5VjeWkfGO/kSH9RHME+1//Oc7t1w/eJI9Br7 dgsM2jJ4yoCH4vI7iUuc7JBVKh1EstGqeYN7k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943598; x=1772548398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Get/K8Ad/0gkC/fRTNSZS+7nqdVV69GPFf9GFLam5Bo=; b=dQAn7Gruoz/87Pp8kUdk1uu39TLWPGrStDavcydeTJVjJ6hTdgg6H1wFwuMiuIENBW dGszlEr2i3iyzz/XG0w8fcsheUhpDxJRS9zH+vmO9J6fwy4iQF9QXKFTQ9QMPEN/75IY n2xja6dgSNZFiddAUFKTMzlZQRSQPYXZ7/d5kD9/4p8R/Cmlgp8T6q7Yamh+q301l6PJ 0QZXL8HjDs6kWnX7ChN5tChBzqTrWEvfewjfgl1Rz4OrV2G8AYY2HoGi4equoAe0oITo lvPzpaiLs0pFsTJhpV3MbW9JBmoj9D8mOFRGajMDJ2ON3T66n+j6WThPri+WL9RYl1Zx v7kA== X-Gm-Message-State: AOJu0Yze4GFx1Rz8ZPATo9YOvTPHK3Zh/K0K8wIXs8wFroVcwyRB7MrN Drp+PGG/ZsYvFxwcZ9VCoU+zMJ1ezE1QsdLvkTfv4Z53PVNTNcPUk9h4JKICcHAXk4HwrQVqHGe GJ9+o X-Gm-Gg: AZuq6aJ0ujAqdVddsudS5CyY0Y7Q5Wxc0l4d4JP7KJqBdJbaD0Z5iNq1rCGZjDmnVNH 0l0QnPl1P3gEsbDpHv6c0A1xxisDycploLXF8t7Ns/MV0QZhqzKRxEKtiC1J0nu/fYSkVj0oFa0 AkA8aQoaUzEeAiCWc8EQPIY+mA0jn85hGIlFt91NlMuRfGcQWBXRKx8i8yVUnIsqQtmbuX9v/cV EIiGZaAMdEbGaigWWE9A6JRAsyVG4iMbX53hrAloqVJu6wOELKzBhOH2FbipalpKpEttd1+vDQG CGTm/1uS9aqtvXiFpbsslcn8xkfNF52LgLlhw1uOWBJSwKyWHmEGAKTb1GyXhzhEYUawLr3EXjM T747NprHZykNg8igk6sqIkaHqBJPlkp85ZbN8PsW1baCtGt79amIlb/Adx8sDXrCTGbjiQN5hyI xon3zaoWXdUpsUmkVbbD5HfYIRYCqJ1F2EKBdBVYQ4FGX2we53taeXaK/jtLxeK0NFfBN8JPh8c l/pYZVmKAxzp5aAoCK4t5w9IhqcjX6dEg== X-Received: by 2002:a05:600c:468b:b0:477:58af:a91d with SMTP id 5b1f17b1804b1-483a95eb55bmr237582865e9.5.1771943597926; Tue, 24 Feb 2026 06:33:17 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:17 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 41/44] ffmpeg: set status of CVE-2025-25468 Date: Tue, 24 Feb 2026 15:32:09 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231848 From: Peter Marko This vulnerability was introduced in v8.0. This can be seen by blaming fix [1] (linked from NVD report [3]) is showing that the return without freeing memory was introduced in [2]. [1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd [2] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d38fc25519cf12a9212dadcba1258fc176ffbade [3] https://nvd.nist.gov/vuln/detail/CVE-2025-25468 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb index 03ec637ddfa..eb64b5c8d59 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb @@ -51,6 +51,7 @@ CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x" CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 CVE-2025-1594" CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x" +CVE_STATUS[CVE-2025-25468] = "cpe-incorrect:vulnerability was introduced in v8.0" CVE_STATUS[CVE-2025-25469] = "cpe-incorrect: Current version (6.1.4) is not impacted." # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 From patchwork Tue Feb 24 14:32:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01FD5F357DB for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.21698.1771943601048916874 for ; Tue, 24 Feb 2026 06:33:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=MzajdqoD; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-48329eb96a7so32908195e9.3 for ; Tue, 24 Feb 2026 06:33:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943599; x=1772548399; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mw7Q7wTok2fxCDO/GicX8METeWMvxRfJserDvvCTGcU=; b=MzajdqoDf3xHYXDFVQ9ywpt5q8vacShSf+m4tXZqaOQ4i8AjL7EgNIKpyaV/npXbFf pe/ABNj5bx61+fH4Rrgw7PeyiXTkE/yQyUM6g1TnlXxB0/GLfHNJT8ppHhN7jkEJyZpy K46gC0HQGglwmZGvKHy9DsAC/jrkBCb7y/pb4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943599; x=1772548399; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mw7Q7wTok2fxCDO/GicX8METeWMvxRfJserDvvCTGcU=; b=XNLcC5n9KxLc+mk5D+5i99kpbPpYxO+cn8FLTWYRc6RTxlfsM0g40Mb0GnHw8M1j5Q bTYx6OJHblu5EXzTvNNXfEiW5vSEvhhe4l2UlSeh1ETCCia0Yya9hAIAhISJmaMbaLoe Nwr8PAs/rgnzU67weIWvom9mYHHbhn4SJT5vd0fR1RbhiA4juCAZSp0js6mVtCpSWg+Q XOFMQHOrsmgKHHxXQpmzyZwFNoKrodSU0TU4l6FiKgMLNOsZh4UjrICeDiXPG3iqEbji bXWyJ3Km7vOPptwNADJn3YtkDfnqhqDe1WlFes12Ojm2qPjEwMU1AqqlDaGSlVr1CWH9 87rg== X-Gm-Message-State: AOJu0Yxj6gl9tfgxZASInPTwXBQlP2QSNYDnHaCjY49FbN/Bt/s5Z3Mw gAyk0OkDjwHhCIDBlzFWh+wm3D3dOUToBTSTmKFzf0Kjo1xmm0TpltGUxP03jvMBPdaoSKmvJvf hjNBb X-Gm-Gg: AZuq6aLnKtT22/eiExv9GJT0LUjXym/RHSvQpurA996HYI4UVEiWPCCJLPlBAe/9A9m 5ULu9QE3OiA+pRgK3svJ23n6i32dPpfgrWalyzzC4lhdIu8nMAYogN/g//2lIk8OoTu2CpnU5R+ VcCyAGwwueYblSwISiCXWvA/Ks4iMecX2TfIuds7e0OfoK8vYmoc0xtl6ko3LSnuKnymQPpAR06 esHMTR68sd6pOAtueTIwUvwqhQUCwmh33bXPhihvYdg1g7V/PXnU0IRmmttQMU/fvT+qrz3iE6n vnsKm04FmZaDMfo2ZZgxgZEvNmrohwdxAWbECk46L9igAM15KYVhM4DcVYBlUz6SjixyQ7gLdBi Pxx/bTQSu1BWU6eToqXAEenqlAAndr+4EPlzMCYg0awktRzj7xym6DXlovE7iXeuEeHpcGfFmwv RBh+TO5xF2AclZr0+zzgYeO/0RTAWb/YixfgCDUwyuyyGK05wfAFJGUPVyKvDQPzW26up4bHwm1 R3BqczsmqwdeGfxiKUoKJ+2v33G/913gvqJ2ubwWKUh X-Received: by 2002:a05:600c:c8a:b0:47e:e78a:c833 with SMTP id 5b1f17b1804b1-483a95f8c27mr172629235e9.32.1771943599065; Tue, 24 Feb 2026 06:33:19 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:18 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 42/44] gnupg: patch CVE-2025-68973 Date: Tue, 24 Feb 2026 15:32:10 +0100 Message-ID: <9d69fb50f73a916a569d855a034a67553af58cfc.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231849 From: Peter Marko Pick patch from 2.4 branch per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-68973 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../gnupg/gnupg/CVE-2025-68973.patch | 108 ++++++++++++++++++ meta/recipes-support/gnupg/gnupg_2.4.8.bb | 1 + 2 files changed, 109 insertions(+) create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch new file mode 100644 index 00000000000..4eaf7cdb386 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch @@ -0,0 +1,108 @@ +From 4ecc5122f20e10c17172ed72f4fa46c784b5fb48 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 23 Oct 2025 11:36:04 +0200 +Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser. + +* g10/armor.c (armor_filter): Fix faulty double increment. + +* common/iobuf.c (underflow_target): Assert that the filter +implementations behave well. +-- + +This fixes a bug in a code path which can only be reached with special +crafted input data and would then error out at an upper layer due to +corrupt input (every second byte in the buffer is unitialized +garbage). No fuzzing has yet hit this case and we don't have a test +case for this code path. However memory corruption can never be +tolerated as it always has the protential for remode code execution. + +Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a +Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073 +which fixed +Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f +Backported-from-master: 115d138ba599328005c5321c0ef9f00355838ca9 + +The bug was introduced on 1999-01-07 by me: +* armor.c: Rewrote large parts. +which I fixed on 1999-03-02 but missed to fix the other case: +* armor.c (armor_filter): Fixed armor bypassing. + +Below is base64+gzipped test data which can be used with valgrind to +show access to uninitalized memory in write(2) in the unpatched code. + +--8<---------------cut here---------------start------------->8--- +H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze +a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA== +--8<---------------cut here---------------end--------------->8--- + +CVE: CVE-2025-68973 +Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48] +Signed-off-by: Peter Marko +--- + common/iobuf.c | 8 +++++++- + g10/armor.c | 4 ++-- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/common/iobuf.c b/common/iobuf.c +index 748e6935d..2497713c1 100644 +--- a/common/iobuf.c ++++ b/common/iobuf.c +@@ -2043,6 +2043,8 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) + rc = 0; + else + { ++ size_t tmplen; ++ + /* If no buffered data and drain buffer has been setup, and drain + * buffer is largish, read data directly to drain buffer. */ + if (a->d.len == 0 +@@ -2055,8 +2057,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) + log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n", + a->no, a->subno, (ulong)len); + +- rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, ++ tmplen = len; /* Used to check for bugs in the filter. */ ++ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, + a->e_d.buf, &len); ++ log_assert (len <= tmplen); + a->e_d.used = len; + len = 0; + } +@@ -2066,8 +2070,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) + log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n", + a->no, a->subno, (ulong)len); + ++ tmplen = len; /* Used to check for bugs in the filter. */ + rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, + &a->d.buf[a->d.len], &len); ++ log_assert (len <= tmplen); + } + } + a->d.len += len; +diff --git a/g10/armor.c b/g10/armor.c +index 81af15339..f8cfa86db 100644 +--- a/g10/armor.c ++++ b/g10/armor.c +@@ -1302,8 +1302,8 @@ armor_filter( void *opaque, int control, + n = 0; + if( afx->buffer_len ) { + /* Copy the data from AFX->BUFFER to BUF. */ +- for(; n < size && afx->buffer_pos < afx->buffer_len; n++ ) +- buf[n++] = afx->buffer[afx->buffer_pos++]; ++ for(; n < size && afx->buffer_pos < afx->buffer_len;) ++ buf[n++] = afx->buffer[afx->buffer_pos++]; + if( afx->buffer_pos >= afx->buffer_len ) + afx->buffer_len = 0; + } diff --git a/meta/recipes-support/gnupg/gnupg_2.4.8.bb b/meta/recipes-support/gnupg/gnupg_2.4.8.bb index a6e777abf89..2d27f4454e5 100644 --- a/meta/recipes-support/gnupg/gnupg_2.4.8.bb +++ b/meta/recipes-support/gnupg/gnupg_2.4.8.bb @@ -18,6 +18,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ + file://CVE-2025-68973.patch \ " SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" From patchwork Tue Feb 24 14:32:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81771 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB26CF357B8 for ; Tue, 24 Feb 2026 14:33:22 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21487.1771943601866072309 for ; Tue, 24 Feb 2026 06:33:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=XC0tnyLj; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4837907f535so50168725e9.3 for ; Tue, 24 Feb 2026 06:33:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943600; x=1772548400; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XuoiX2DC7+p05Y4RUMSS4+Te5CXtP57UOip/sal+s3g=; b=XC0tnyLjiluCm0Q9nhBNdOtH642FDxXelrhJ5O1jLdTiTfwTxsLLxv8KAl9ih5bZr4 qA128rzhxE44LscMwze4lRvkLbWz/JIzeaq2xQBpCvX8u/NWvRMMshomswd32lh0ZA3M w6Alk5n0oG0qhBq1pIa0MHznaf5oHKGiehUec= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943600; x=1772548400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=XuoiX2DC7+p05Y4RUMSS4+Te5CXtP57UOip/sal+s3g=; b=hyB209obv+zJJISmRQ5199a7yuQVn17tZD37EQGoqKciBTnZ0763MZJAkGgyD1hO0u tym5SqKwDpEEpQpd8vovzpOU6JgMymX35GGeQGFMS2n7EVYDwHxjonHaf/tCD+OAT6lm hyxuD2INkq7TM5IgkcLEW3wxqwdmg8l+8L32WjaLXrkyPLGENg8OQ+gL+M+77f/sWTBN 6xNdg9ysEYnk9WqmhmPK2Qqq0E2IZM0XbQ5VsIWVJMY9JA74b8ZdqaBID4fZIiaotGoQ 7MZCUlNfPpImys8neF7fw8R5V7KCuDJ2lOhOKoEEwTxEIrOVoHrslnOKJIB7GglXpARd 7Zyg== X-Gm-Message-State: AOJu0YwpOlzY4HSokG2b8jo3x+cwBVTVOoWb9cowN6btLdMkuyXANro5 HSLCLz8JrdSKcTh7h+QYS8pvvi+NeKnNiB4KrJ+b8jGRtGtii6RZYl000GLsy5c5LRusL6ITxVV lUI3/ X-Gm-Gg: AZuq6aL9sdrOH+9kMndDgGVAcbyVL+Q1uqIWs51UHu6fyMVmHkHhEsGBTPHkx8cJeKv sRgMkcjSal2wAx3Wg9iqkxZ52qJkmTiocA6Avv1y0TPAjIIZDbhKAVouE/XnXwAXJKs/P1LCgOL EOM0EZjmxNN6rNRhJuBEcjCqXdwXRnEgoinSeiH8SZW+S+eRLU4MWf/s/++/L1EgmbdLUmaBvUm ELRbMU0bVCv+ORMp1TZtXQrDWZa9dD7UZUvwK4q1wjPP7D4WQNZjJEoJr7srwoF+jNrAUyvvjcu JG6KfYwDB5Oz9qfQUEBwgBVF8VinbFZ9I9IfjCffR1cvU63VDBGE6lIo5rKcZ2V6bFeRWpukfgh pnnaPUwICSrwC1BkhfCBeeX4D9VCkDqjuP8pELgNZ2N0N8w6jpBZRZUa/sXPStk5K4rZTBU8syQ u1ms+Vq7RVg++2vlNA6q5uJKMU5HS8FYgNipeOHTwg6SJ4UCNLQgJz3id3a27BmLI0P4hszM37e XnBjPXt65p7n7p3JaZ7pAo5Q10E1eWy3+RQjSj/j5Hn X-Received: by 2002:a05:600c:314e:b0:482:f12f:f35e with SMTP id 5b1f17b1804b1-483a95c710bmr201955965e9.12.1771943599678; Tue, 24 Feb 2026 06:33:19 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:19 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 43/44] alsa-lib: patch CVE-2026-25068 Date: Tue, 24 Feb 2026 15:32:11 +0100 Message-ID: <3f04c0186017e4d410498674372517016ffd1bc8.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231850 From: Peter Marko Pick patch mentioned in NVD report. It also includes CVE ID in commit message. Use older SNDERR funtion as new one is not yet available. This was copied from Debian patch. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../alsa/alsa-lib/CVE-2026-25068.patch | 34 +++++++++++++++++++ .../alsa/alsa-lib_1.2.11.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch new file mode 100644 index 00000000000..5ecefc5aae0 --- /dev/null +++ b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch @@ -0,0 +1,34 @@ +From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001 +From: Jaroslav Kysela +Date: Thu, 29 Jan 2026 16:51:09 +0100 +Subject: [PATCH] topology: decoder - add boundary check for channel mixer + count + +Malicious binary topology file may cause heap corruption. + +CVE: CVE-2026-25068 + +Signed-off-by: Jaroslav Kysela + +Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40] +Signed-off-by: Peter Marko +--- + src/topology/ctl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/topology/ctl.c b/src/topology/ctl.c +index a0c24518..322c461c 100644 +--- a/src/topology/ctl.c ++++ b/src/topology/ctl.c +@@ -1247,6 +1247,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg, + if (mc->num_channels > 0) { + map = tplg_calloc(heap, sizeof(*map)); + map->num_channels = mc->num_channels; ++ if (map->num_channels > SND_TPLG_MAX_CHAN || ++ map->num_channels > SND_SOC_TPLG_MAX_CHAN) { ++ SNDERR("mixer: unexpected channel count %d", map->num_channels); ++ return -EINVAL; ++ } + for (i = 0; i < map->num_channels; i++) { + map->channel[i].reg = mc->channel[i].reg; + map->channel[i].shift = mc->channel[i].shift; diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb b/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb index c212b17aa3e..e86239ff871 100644 --- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb +++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \ SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \ file://0001-topology-correct-version-script-path.patch \ + file://CVE-2026-25068.patch \ " SRC_URI[sha256sum] = "9f3f2f69b995f9ad37359072fbc69a3a88bfba081fc83e9be30e14662795bb4d" From patchwork Tue Feb 24 14:32:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 81777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B26EE9B27F for ; Tue, 24 Feb 2026 14:33:23 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.21488.1771943602085494238 for ; Tue, 24 Feb 2026 06:33:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fuiami+y; spf=pass (domain: smile.fr, ip: 209.85.128.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-48375f10628so36364995e9.1 for ; Tue, 24 Feb 2026 06:33:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1771943600; x=1772548400; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zILtqDEitUOXxwvTCLGuPp/y4njQ3UjRfcMnnjzpOUY=; b=fuiami+ypUcocG/koOqNExCFskkWqcPskKeCaqSgGc8sXsq2ssIG3WlbWM444C10pW il4C5M72SDqoMXN87v+aSFVreYKrDeUpV5fahX+25lNH6/rEhNO9eMsJpqXlvjORO3Cg BLClD/jWWfWJLcUYo4kO5nHjZ8kF1HwRAR9TA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771943600; x=1772548400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zILtqDEitUOXxwvTCLGuPp/y4njQ3UjRfcMnnjzpOUY=; b=G4rZf0NTEs37JiEBUCbDKmywxF4GTPS/CECjSXz8eYCe7a2choXiC+7JvCZF/9HzfU /XPNSsCARqG+EC9naa53UaSYDXq+TAsAT3UAaBOROJbgtfniqJYed9AO9W13LHONs1ua b90wWoMqdPk4JUugki+XIR/yeCNA7SaATupMsY/CWzxtyYBLszM8Wm6+X4P8ZH2t2SN1 AEkgO/7DsngJAaKINEotOwwMWA8bhInZi3cmdYEf1mRP1tjeZm47hqMBl6G9j7rJh/I8 kDMBPKqb5C3S7n73cEoiibli0ALutfRvX9E9ovDzQGq/TTnr4uQGCY99RcdiaPvK8T9k 40bQ== X-Gm-Message-State: AOJu0Yzl14nj3y/tPsztWXg4F8VGI27vXCuVXN0rpO4PX1cl0UjB9yMQ PLCNPMXlxBjIHbl5VkQ+d2bsQB5qRxihCP4vT5EpuAp6T6cORtcPDBbBONl4zucX/hQu6xkNccg XYsbM X-Gm-Gg: AZuq6aLSkY4VK7SHRMKh7xXr+SqvYlVYVji7y/tO0VVJsX8A+nhuhsMG/jFCVl5MKch vzg7W4qbcIkqiMET6339ljOVcX2CJaEH5ZWWgg80rLlasTnD6kEnZ7JV8Uod7AS/vcmWMeUjBRI WR9b5jNlymZ8D9Va0RL/3KmuntzY/22eyT1vYdcxu54Z5+LYZoUfIewqNIiJa9tRzVRhIPfxRfi TM4uBnElCq0W0ndwf9wTzIOcuZiW93kjpI/Ez28LXkmBsoD/0FRRj9Y2neCYdeR8rFyNdTekvJS 8RmGcoIe0DDkTV58Ku5AAtJ6iJzSGKryfbOPNemwV5ehwN7GBgjKUp5gX37vyCkPohQvrYiIWvU kG6aMiBHfGjuXcszYIm0TIz0Jjv2K2aUGToVsZdOPiJ5bw0x8oAfUnUrrr+vVKhLYKU4FL8NK72 MNucxlx9L4xxwZP1sEXKxTjGfmnAzSdTXnY+dWhbpncdwYwuYS5S+BTTkk8dMdyvFKm9VMZCwtD +TLFF0O8jHoq6kYi4ZHxoEYNufN54I+zg== X-Received: by 2002:a05:600c:a00d:b0:482:df17:bbbc with SMTP id 5b1f17b1804b1-483a95e2535mr203078465e9.20.1771943600283; Tue, 24 Feb 2026 06:33:20 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483b88f950esm19819895e9.15.2026.02.24.06.33.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Feb 2026 06:33:19 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 44/44] u-boot: move CVE patches out of the common .inc file Date: Tue, 24 Feb 2026 15:32:12 +0100 Message-ID: <94a2960e1ae3923599affb6b227ef3f1870f5633.1771943404.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Feb 2026 14:33:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231851 From: Yoann Congal An external layer might use the u-boot*.inc files but have a different base version for which the CVE patches don't apply. Move the CVE patches in the leaf recipe. See related patch in kirkstone: [kirkstone][PATCH] u-boot: move CVE patch out of u-boot-common.inc https://lists.openembedded.org/g/openembedded-core/topic/117385432 Signed-off-by: Yoann Congal --- meta/recipes-bsp/u-boot/u-boot-common.inc | 12 +----------- meta/recipes-bsp/u-boot/u-boot_2024.01.bb | 10 ++++++++++ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc index da34e3d3e80..1f17bd7d0af 100644 --- a/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -14,17 +14,7 @@ PE = "1" # repo during parse SRCREV = "866ca972d6c3cabeaf6dbac431e8e08bb30b3c8e" -SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \ - file://CVE-2024-57254.patch \ - file://CVE-2024-57255.patch \ - file://CVE-2024-57256.patch \ - file://CVE-2024-57257.patch \ - file://CVE-2024-57258-1.patch \ - file://CVE-2024-57258-2.patch \ - file://CVE-2024-57258-3.patch \ - file://CVE-2024-57259.patch \ - file://CVE-2024-42040.patch \ -" +SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master" S = "${WORKDIR}/git" B = "${WORKDIR}/build" diff --git a/meta/recipes-bsp/u-boot/u-boot_2024.01.bb b/meta/recipes-bsp/u-boot/u-boot_2024.01.bb index b15bcaa818f..e412f503f10 100644 --- a/meta/recipes-bsp/u-boot/u-boot_2024.01.bb +++ b/meta/recipes-bsp/u-boot/u-boot_2024.01.bb @@ -3,3 +3,13 @@ require u-boot.inc DEPENDS += "bc-native dtc-native python3-pyelftools-native" +SRC_URI += "file://CVE-2024-57254.patch \ + file://CVE-2024-57255.patch \ + file://CVE-2024-57256.patch \ + file://CVE-2024-57257.patch \ + file://CVE-2024-57258-1.patch \ + file://CVE-2024-57258-2.patch \ + file://CVE-2024-57258-3.patch \ + file://CVE-2024-57259.patch \ + file://CVE-2024-42040.patch \ +"