[OE-core][mickledore 00/24] Patch review

[OE-core][mickledore 00/24] Patch review

[Steve Sakoman]

Please review this set of changes for mickledore and have comments back by
end of day Tuesday, October 24

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6075

with the exception of the meta-arm test which fails due to the linux-yocto 6.1
version bumps in this series. A patch to meta-arm is pending the merge of these
version bumps.

The following changes since commit 266944eb216912b7b2a935360aa51cd79847a071:

  gdb: fix RDEPENDS for PACKAGECONFIG[tui] (2023-10-12 16:23:08 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/mickledore-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/mickledore-nut

Antoine Lubineau (1):
  cve-check: add CVSS vector string to CVE database and reports

Bruce Ashfield (4):
  linux-yocto/6.1: update to v6.1.55
  linux-yocto/6.1: update to v6.1.56
  linux-yocto/6.1: tiny: fix arm 32 boot
  linux-yocto/6.1: update to v6.1.57

Daniel Semkowicz (1):
  wic: bootimg-partition: Fix file name in debug message

Jan Garcia (1):
  insane.bbclass: Count raw bytes in shebang-size

Lee Chee Yang (3):
  cups: fix CVE-2023-4504
  qemu: ignore RHEL specific CVE-2023-2680
  python3-urllib3: 1.26.15 -> 1.26.17

Martijn de Gouw (1):
  busybox: Set PATH in syslog initscript

Martin Jansa (1):
  fontcache.bbclass: avoid native recipes depending on target fontconfig

Michael Opdenacker (2):
  shadow: fix patch Upstream-Status
  libevent: fix patch Upstream-Status

Peter Kjellerstedt (1):
  packages.bbclass: Correct the check for conflicts with renamed
    packages

Quentin Schulz (1):
  uboot-extlinux-config.bbclass: fix missed override syntax migration

Richard Purdie (3):
  oeqa/selftest: Fix broken symlink removal handling
  oeqa/utils/gitarchive: Handle broken commit counts in results repo
  oeqa/concurrencytest: Remove invalid buffering option

Ross Burton (2):
  libx11: upgrade to 1.8.7
  libxpm: upgrade to 3.5.17

Sean Nyekjaer (1):
  dmidecode: fixup for CVE-2023-30630

Siddharth Doshi (1):
  vim: Upgrade 9.0.2009 -> 9.0.2048

Steve Sakoman (1):
  cve-exclusion_6.1.inc: update for 6.1.57

 meta/classes-global/insane.bbclass            |   3 +-
 meta/classes-global/package.bbclass           |   8 +-
 meta/classes-recipe/fontcache.bbclass         |   1 +
 .../uboot-extlinux-config.bbclass             |   2 +-
 meta/classes/cve-check.bbclass                |   5 +-
 meta/lib/oeqa/core/utils/concurrencytest.py   |   4 +-
 meta/lib/oeqa/selftest/context.py             |   2 +-
 meta/lib/oeqa/utils/gitarchive.py             |  10 +-
 meta/recipes-core/busybox/files/syslog        |   2 +
 .../meta/cve-update-nvd2-native.bb            |  11 +-
 .../dmidecode/CVE-2023-30630_1a.patch         | 236 ++++++++++++++++++
 .../dmidecode/CVE-2023-30630_1b.patch         | 197 +++++++++++++++
 .../dmidecode/CVE-2023-30630_2.patch          |   8 +-
 .../dmidecode/CVE-2023-30630_3.patch          |  55 ++--
 .../dmidecode/CVE-2023-30630_4.patch          | 143 +++++------
 .../dmidecode/dmidecode_3.4.bb                |   3 +-
 ..._1.26.15.bb => python3-urllib3_1.26.17.bb} |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   4 +
 meta/recipes-extended/cups/cups.inc           |   1 +
 .../cups/cups/CVE-2023-4504.patch             |  42 ++++
 .../0001-Fix-can-not-print-full-login.patch   |   2 +-
 .../{libx11_1.8.6.bb => libx11_1.8.7.bb}      |   2 +-
 .../{libxpm_3.5.16.bb => libxpm_3.5.17.bb}    |   2 +-
 .../linux/cve-exclusion_6.1.inc               |  13 +-
 .../linux/linux-yocto-rt_6.1.bb               |   6 +-
 .../linux/linux-yocto-tiny_6.1.bb             |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.1.bb  |  28 +--
 ...ts-are-marked-failed-only-when-all-a.patch |   2 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 .../wic/plugins/source/bootimg-partition.py   |   2 +-
 30 files changed, 654 insertions(+), 152 deletions(-)
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
 rename meta/recipes-devtools/python/{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb} (86%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
 rename meta/recipes-graphics/xorg-lib/{libx11_1.8.6.bb => libx11_1.8.7.bb} (92%)
 rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.16.bb => libxpm_3.5.17.bb} (88%)

-- 
2.34.1

[OE-core][mickledore 01/24] cups: fix CVE-2023-4504

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/cups/cups.inc           |  1 +
 .../cups/cups/CVE-2023-4504.patch             | 42 +++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index c6a676b747..d09ceb203f 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -17,6 +17,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
            file://cups-volatiles.conf \
            file://CVE-2023-32324.patch \
            file://CVE-2023-34241.patch \
+           file://CVE-2023-4504.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 0000000000..e52e43a209
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,42 @@
+CVE: CVE-2023-4504
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Wed, 20 Sep 2023 14:45:17 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+---
+ cups/raster-interpret.c | 14 +++++++++++++-
+ 1 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
+index 6fcf731b5..b8655c8c6 100644
+--- a/cups/raster-interpret.c
++++ b/cups/raster-interpret.c
+@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - Stack */
+ 
+ 	    cur ++;
+ 
+-            if (*cur == 'b')
++	   /*
++	    * Return NULL if we reached NULL terminator, a lone backslash
++	    * is not a valid character in PostScript.
++	    */
++
++	    if (!*cur)
++	    {
++	      *ptr = NULL;
++
++	      return (NULL);
++	    }
++
++	    if (*cur == 'b')
+ 	      *valptr++ = '\b';
+ 	    else if (*cur == 'f')
+ 	      *valptr++ = '\f';
-- 
2.34.1

[OE-core][mickledore 02/24] dmidecode: fixup for CVE-2023-30630

[Steve Sakoman]

From: Sean Nyekjaer <sean@geanix.com>

The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags & FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

This is basically the same patch as in kirkstone:
ea069a94a2 dmidecode: fixup for CVE-2023-30630

Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../dmidecode/CVE-2023-30630_1a.patch         | 236 ++++++++++++++++++
 .../dmidecode/CVE-2023-30630_1b.patch         | 197 +++++++++++++++
 .../dmidecode/CVE-2023-30630_2.patch          |   8 +-
 .../dmidecode/CVE-2023-30630_3.patch          |  55 ++--
 .../dmidecode/CVE-2023-30630_4.patch          | 143 +++++------
 .../dmidecode/dmidecode_3.4.bb                |   3 +-
 6 files changed, 539 insertions(+), 103 deletions(-)
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
 create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
new file mode 100644
index 0000000000..bf93fbc13c
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch
@@ -0,0 +1,236 @@
+From ee6db10dd70b8fdc7a93cffd7cf5bc7a28f9d3d7 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Feb 2023 14:53:21 +0100
+Subject: [PATCH 1/5] dmidecode: Split table fetching from decoding
+
+Clean up function dmi_table so that it does only one thing:
+* dmi_table() is renamed to dmi_table_get(). It now retrieves the
+  DMI table, but does not process it any longer.
+* Decoding or dumping the table is now done in smbios3_decode(),
+  smbios_decode() and legacy_decode().
+No functional change.
+
+A side effect of this change is that writing the header and body of
+dump files is now done in a single location. This is required to
+further consolidate the writing of dump files.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=39b2dd7b6ab719b920e96ed832cfb4bdd664e808]
+
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ dmidecode.c | 86 ++++++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 62 insertions(+), 24 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index cd2b5c9..b082c03 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5247,8 +5247,9 @@ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+ 	}
+ }
+ 
+-static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+-		      u32 flags)
++/* Allocates a buffer for the table, must be freed by the caller */
++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver,
++			 const char *devmem, u32 flags)
+ {
+ 	u8 *buf;
+ 
+@@ -5267,7 +5268,7 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ 		{
+ 			if (num)
+ 				pr_info("%u structures occupying %u bytes.",
+-					num, len);
++					num, *len);
+ 			if (!(opt.flags & FLAG_FROM_DUMP))
+ 				pr_info("Table at 0x%08llX.",
+ 					(unsigned long long)base);
+@@ -5285,19 +5286,19 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ 		 * would be the result of the kernel truncating the table on
+ 		 * parse error.
+ 		 */
+-		size_t size = len;
++		size_t size = *len;
+ 		buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base,
+ 			&size, devmem);
+-		if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len)
++		if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len)
+ 		{
+ 			fprintf(stderr, "Wrong DMI structures length: %u bytes "
+ 				"announced, only %lu bytes available.\n",
+-				len, (unsigned long)size);
++				*len, (unsigned long)size);
+ 		}
+-		len = size;
++		*len = size;
+ 	}
+ 	else
+-		buf = mem_chunk(base, len, devmem);
++		buf = mem_chunk(base, *len, devmem);
+ 
+ 	if (buf == NULL)
+ 	{
+@@ -5307,15 +5308,9 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ 			fprintf(stderr,
+ 				"Try compiling dmidecode with -DUSE_MMAP.\n");
+ #endif
+-		return;
+ 	}
+ 
+-	if (opt.flags & FLAG_DUMP_BIN)
+-		dmi_table_dump(buf, len);
+-	else
+-		dmi_table_decode(buf, len, num, ver >> 8, flags);
+-
+-	free(buf);
++	return buf;
+ }
+ 
+ 
+@@ -5350,8 +5345,9 @@ static void overwrite_smbios3_address(u8 *buf)
+ 
+ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+-	u32 ver;
++	u32 ver, len;
+ 	u64 offset;
++	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
+ 	if (buf[0x06] > 0x20)
+@@ -5377,8 +5373,12 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 		return 0;
+ 	}
+ 
+-	dmi_table(((off_t)offset.h << 32) | offset.l,
+-		  DWORD(buf + 0x0C), 0, ver, devmem, flags | FLAG_STOP_AT_EOT);
++	/* Maximum length, may get trimmed */
++	len = DWORD(buf + 0x0C);
++	table = dmi_table_get(((off_t)offset.h << 32) | offset.l, &len, 0, ver,
++			      devmem, flags | FLAG_STOP_AT_EOT);
++	if (table == NULL)
++		return 1;
+ 
+ 	if (opt.flags & FLAG_DUMP_BIN)
+ 	{
+@@ -5387,18 +5387,28 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_smbios3_address(crafted);
+ 
++		dmi_table_dump(table, len);
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_comment("Writing %d bytes to %s.", crafted[0x06],
+ 				   opt.dumpfile);
+ 		write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+ 	}
++	else
++	{
++		dmi_table_decode(table, len, 0, ver >> 8,
++				 flags | FLAG_STOP_AT_EOT);
++	}
++
++	free(table);
+ 
+ 	return 1;
+ }
+ 
+ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+-	u16 ver;
++	u16 ver, num;
++	u32 len;
++	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
+ 	if (buf[0x05] > 0x20)
+@@ -5438,8 +5448,13 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ 		pr_info("SMBIOS %u.%u present.",
+ 			ver >> 8, ver & 0xFF);
+ 
+-	dmi_table(DWORD(buf + 0x18), WORD(buf + 0x16), WORD(buf + 0x1C),
+-		ver << 8, devmem, flags);
++	/* Maximum length, may get trimmed */
++	len = WORD(buf + 0x16);
++	num = WORD(buf + 0x1C);
++	table = dmi_table_get(DWORD(buf + 0x18), &len, num, ver << 8,
++			      devmem, flags);
++	if (table == NULL)
++		return 1;
+ 
+ 	if (opt.flags & FLAG_DUMP_BIN)
+ 	{
+@@ -5448,27 +5463,43 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_dmi_address(crafted + 0x10);
+ 
++		dmi_table_dump(table, len);
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_comment("Writing %d bytes to %s.", crafted[0x05],
+ 				   opt.dumpfile);
+ 		write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ 	}
++	else
++	{
++		dmi_table_decode(table, len, num, ver, flags);
++	}
++
++	free(table);
+ 
+ 	return 1;
+ }
+ 
+ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ {
++	u16 ver, num;
++	u32 len;
++	u8 *table;
++
+ 	if (!checksum(buf, 0x0F))
+ 		return 0;
+ 
++	ver = ((buf[0x0E] & 0xF0) << 4) + (buf[0x0E] & 0x0F);
+ 	if (!(opt.flags & FLAG_QUIET))
+ 		pr_info("Legacy DMI %u.%u present.",
+ 			buf[0x0E] >> 4, buf[0x0E] & 0x0F);
+ 
+-	dmi_table(DWORD(buf + 0x08), WORD(buf + 0x06), WORD(buf + 0x0C),
+-		((buf[0x0E] & 0xF0) << 12) + ((buf[0x0E] & 0x0F) << 8),
+-		devmem, flags);
++	/* Maximum length, may get trimmed */
++	len = WORD(buf + 0x06);
++	num = WORD(buf + 0x0C);
++	table = dmi_table_get(DWORD(buf + 0x08), &len, num, ver << 8,
++			      devmem, flags);
++	if (table == NULL)
++		return 1;
+ 
+ 	if (opt.flags & FLAG_DUMP_BIN)
+ 	{
+@@ -5477,11 +5508,18 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 16);
+ 		overwrite_dmi_address(crafted);
+ 
++		dmi_table_dump(table, len);
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_comment("Writing %d bytes to %s.", 0x0F,
+ 				   opt.dumpfile);
+ 		write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+ 	}
++	else
++	{
++		dmi_table_decode(table, len, num, ver, flags);
++	}
++
++	free(table);
+ 
+ 	return 1;
+ }
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
new file mode 100644
index 0000000000..e03bda05e4
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch
@@ -0,0 +1,197 @@
+From d362549bce92ac22860cda8cad4532c1a3fe6928 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Feb 2023 14:53:25 +0100
+Subject: [PATCH 2/5] dmidecode: Write the whole dump file at once
+
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
+
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c      | 40 -------------------------------
+ util.h      |  1 -
+ 3 files changed, 51 insertions(+), 59 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index b082c03..a80a140 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5130,11 +5130,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ 	}
+ }
+ 
+-static void dmi_table_dump(const u8 *buf, u32 len)
++static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
++			  u32 table_len)
+ {
++	FILE *f;
++
++	f = fopen(opt.dumpfile, "wb");
++	if (!f)
++	{
++		fprintf(stderr, "%s: ", opt.dumpfile);
++		perror("fopen");
++		return -1;
++	}
++
++	if (!(opt.flags & FLAG_QUIET))
++		pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
++	if (fwrite(ep, ep_len, 1, f) != 1)
++	{
++		fprintf(stderr, "%s: ", opt.dumpfile);
++		perror("fwrite");
++		goto err_close;
++	}
++
++	if (fseek(f, 32, SEEK_SET) != 0)
++	{
++		fprintf(stderr, "%s: ", opt.dumpfile);
++		perror("fseek");
++		goto err_close;
++	}
++
+ 	if (!(opt.flags & FLAG_QUIET))
+-		pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
+-	write_dump(32, len, buf, opt.dumpfile, 0);
++		pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
++	if (fwrite(table, table_len, 1, f) != 1)
++	{
++		fprintf(stderr, "%s: ", opt.dumpfile);
++		perror("fwrite");
++		goto err_close;
++	}
++
++	if (fclose(f))
++	{
++		fprintf(stderr, "%s: ", opt.dumpfile);
++		perror("fclose");
++		return -1;
++	}
++
++	return 0;
++
++err_close:
++	fclose(f);
++	return -1;
+ }
+ 
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5387,11 +5432,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_smbios3_address(crafted);
+ 
+-		dmi_table_dump(table, len);
+-		if (!(opt.flags & FLAG_QUIET))
+-			pr_comment("Writing %d bytes to %s.", crafted[0x06],
+-				   opt.dumpfile);
+-		write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
++		dmi_table_dump(crafted, crafted[0x06], table, len);
+ 	}
+ 	else
+ 	{
+@@ -5463,11 +5504,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 32);
+ 		overwrite_dmi_address(crafted + 0x10);
+ 
+-		dmi_table_dump(table, len);
+-		if (!(opt.flags & FLAG_QUIET))
+-			pr_comment("Writing %d bytes to %s.", crafted[0x05],
+-				   opt.dumpfile);
+-		write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
++		dmi_table_dump(crafted, crafted[0x05], table, len);
+ 	}
+ 	else
+ 	{
+@@ -5508,11 +5545,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ 		memcpy(crafted, buf, 16);
+ 		overwrite_dmi_address(crafted);
+ 
+-		dmi_table_dump(table, len);
+-		if (!(opt.flags & FLAG_QUIET))
+-			pr_comment("Writing %d bytes to %s.", 0x0F,
+-				   opt.dumpfile);
+-		write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
++		dmi_table_dump(crafted, 0x0F, table, len);
+ 	}
+ 	else
+ 	{
+diff --git a/util.c b/util.c
+index 04aaadd..1547096 100644
+--- a/util.c
++++ b/util.c
+@@ -259,46 +259,6 @@ out:
+ 	return p;
+ }
+ 
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
+-{
+-	FILE *f;
+-
+-	f = fopen(dumpfile, add ? "r+b" : "wb");
+-	if (!f)
+-	{
+-		fprintf(stderr, "%s: ", dumpfile);
+-		perror("fopen");
+-		return -1;
+-	}
+-
+-	if (fseek(f, base, SEEK_SET) != 0)
+-	{
+-		fprintf(stderr, "%s: ", dumpfile);
+-		perror("fseek");
+-		goto err_close;
+-	}
+-
+-	if (fwrite(data, len, 1, f) != 1)
+-	{
+-		fprintf(stderr, "%s: ", dumpfile);
+-		perror("fwrite");
+-		goto err_close;
+-	}
+-
+-	if (fclose(f))
+-	{
+-		fprintf(stderr, "%s: ", dumpfile);
+-		perror("fclose");
+-		return -1;
+-	}
+-
+-	return 0;
+-
+-err_close:
+-	fclose(f);
+-	return -1;
+-}
+-
+ /* Returns end - start + 1, assuming start < end */
+ u64 u64_range(u64 start, u64 end)
+ {
+diff --git a/util.h b/util.h
+index 3094cf8..ef24eb9 100644
+--- a/util.h
++++ b/util.h
+@@ -27,5 +27,4 @@
+ int checksum(const u8 *buf, size_t len);
+ void *read_file(off_t base, size_t *len, const char *filename);
+ void *mem_chunk(off_t base, size_t len, const char *devmem);
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
+ u64 u64_range(u64 start, u64 end);
+-- 
+2.41.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
index dcc87d2326..971c8c0126 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
@@ -29,18 +29,18 @@ index 5477309..98f9692 100644
 @@ -60,6 +60,7 @@
   *    https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
   */
-
+ 
 +#include <fcntl.h>
  #include <stdio.h>
  #include <string.h>
  #include <strings.h>
 @@ -5430,13 +5431,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
  static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
-			  u32 table_len)
+ 			  u32 table_len)
  {
 +	int fd;
-	FILE *f;
-
+ 	FILE *f;
+ 
 -	f = fopen(opt.dumpfile, "wb");
 +	fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
 +	if (fd == -1)
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
index 01d0d1f867..5a6994065e 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
@@ -27,26 +27,26 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
  1 file changed, 9 insertions(+), 2 deletions(-)
 
 diff --git a/dmidecode.c b/dmidecode.c
-index 98f9692..b4dbc9d 100644
+index d339577..1ecdf85 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
-@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
-		pr_comment("dmidecode %s", VERSION);
-
-	/* Read from dump if so instructed */
+@@ -6031,17 +6031,25 @@ int main(int argc, char * const argv[])
+ 		pr_comment("dmidecode %s", VERSION);
+ 
+ 	/* Read from dump if so instructed */
 +        size = 0x20;
-	if (opt.flags & FLAG_FROM_DUMP)
-	{
-		if (!(opt.flags & FLAG_QUIET))
-			pr_info("Reading SMBIOS/DMI data from file %s.",
-				opt.dumpfile);
+ 	if (opt.flags & FLAG_FROM_DUMP)
+ 	{
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			pr_info("Reading SMBIOS/DMI data from file %s.",
+ 				opt.dumpfile);
 -		if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
 +                if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
-		{
-			ret = 1;
-			goto exit_free;
-		}
-
+ 		{
+ 			ret = 1;
+ 			goto exit_free;
+ 		}
+ 
 +                /* Truncated entry point can't be processed */
 +                if (size < 0x20)
 +                {
@@ -54,16 +54,17 @@ index 98f9692..b4dbc9d 100644
 +                        goto done;
 +                }
 +
-		if (memcmp(buf, "_SM3_", 5) == 0)
-		{
-			if (smbios3_decode(buf, opt.dumpfile, 0))
-@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
-	 * contain one of several types of entry points, so read enough for
-	 * the largest one, then determine what type it contains.
-	 */
+ 		if (memcmp(buf, "_SM3_", 5) == 0)
+ 		{
+ 			if (smbios3_decode(buf, opt.dumpfile, 0))
+@@ -6065,7 +6073,6 @@ int main(int argc, char * const argv[])
+ 	 * contain one of several types of entry points, so read enough for
+ 	 * the largest one, then determine what type it contains.
+ 	 */
 -	size = 0x20;
-	if (!(opt.flags & FLAG_NO_SYSFS)
-	 && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
-	{
---
-2.40.0
+ 	if (!(opt.flags & FLAG_NO_SYSFS)
+ 	 && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
+ 	{
+-- 
+2.42.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
index 5fa72b4f9b..a3c5af2f1c 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
  1 file changed, 12 insertions(+), 12 deletions(-)
 
 diff --git a/dmidecode.c b/dmidecode.c
-index b4dbc9d..870d94e 100644
+index 1ecdf85..640c079 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
 @@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
-	buf[0x17] = 0;
+ 	buf[0x17] = 0;
  }
-
+ 
 -static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
 +static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
  {
-	u32 ver, len;
-	u64 offset;
-	u8 *table;
-
-	/* Don't let checksum run beyond the buffer */
+ 	u32 ver, len;
+ 	u64 offset;
+ 	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
 -	if (buf[0x06] > 0x20)
 +        if (buf[0x06] > buf_len)
-	{
-		fprintf(stderr,
-			"Entry point length too large (%u bytes, expected %u).\n",
-@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
-	return 1;
+ 	{
+ 		fprintf(stderr,
+ 			"Entry point length too large (%u bytes, expected %u).\n",
+@@ -5793,14 +5793,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ 	return 1;
  }
-
+ 
 -static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
 +static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
  {
-	u16 ver;
-	u32 len;
-         u8 *table;
-
-	/* Don't let checksum run beyond the buffer */
+ 	u16 ver, num;
+ 	u32 len;
+ 	u8 *table;
+ 
+ 	/* Don't let checksum run beyond the buffer */
 -	if (buf[0x05] > 0x20)
 +        if (buf[0x05] > buf_len)
-	{
-		fprintf(stderr,
-			"Entry point length too large (%u bytes, expected %u).\n",
-@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
-
-		if (memcmp(buf, "_SM3_", 5) == 0)
-		{
+ 	{
+ 		fprintf(stderr,
+ 			"Entry point length too large (%u bytes, expected %u).\n",
+@@ -6052,12 +6052,12 @@ int main(int argc, char * const argv[])
+ 
+ 		if (memcmp(buf, "_SM3_", 5) == 0)
+ 		{
 -			if (smbios3_decode(buf, opt.dumpfile, 0))
 +                        if (smbios3_decode(buf, size, opt.dumpfile, 0))
-				found++;
-		}
-		else if (memcmp(buf, "_SM_", 4) == 0)
-		{
+ 				found++;
+ 		}
+ 		else if (memcmp(buf, "_SM_", 4) == 0)
+ 		{
 -			if (smbios_decode(buf, opt.dumpfile, 0))
 +                        if (smbios_decode(buf, size, opt.dumpfile, 0))
-				found++;
-		}
-		else if (memcmp(buf, "_DMI_", 5) == 0)
-@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
-			pr_info("Getting SMBIOS data from sysfs.");
-		if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
-		{
+ 				found++;
+ 		}
+ 		else if (memcmp(buf, "_DMI_", 5) == 0)
+@@ -6080,12 +6080,12 @@ int main(int argc, char * const argv[])
+ 			pr_info("Getting SMBIOS data from sysfs.");
+ 		if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+ 		{
 -			if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
 +                        if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
-				found++;
-		}
-		else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
-		{
+ 				found++;
+ 		}
+ 		else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+ 		{
 -			if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
 +                        if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
-				found++;
-		}
-		else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
-@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
-
-	if (memcmp(buf, "_SM3_", 5) == 0)
-	{
+ 				found++;
+ 		}
+ 		else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+@@ -6122,12 +6122,12 @@ int main(int argc, char * const argv[])
+ 
+ 	if (memcmp(buf, "_SM3_", 5) == 0)
+ 	{
 -		if (smbios3_decode(buf, opt.devmem, 0))
 +                if (smbios3_decode(buf, 0x20, opt.devmem, 0))
-			found++;
-	}
-	else if (memcmp(buf, "_SM_", 4) == 0)
-	{
+ 			found++;
+ 	}
+ 	else if (memcmp(buf, "_SM_", 4) == 0)
+ 	{
 -		if (smbios_decode(buf, opt.devmem, 0))
 +                if (smbios_decode(buf, 0x20, opt.devmem, 0))
-			found++;
-	}
-	goto done;
-@@ -6114,7 +6114,7 @@ memory_scan:
-	{
-		if (memcmp(buf + fp, "_SM3_", 5) == 0)
-		{
+ 			found++;
+ 	}
+ 	goto done;
+@@ -6148,7 +6148,7 @@ int main(int argc, char * const argv[])
+ 	{
+ 		if (memcmp(buf + fp, "_SM3_", 5) == 0)
+ 		{
 -			if (smbios3_decode(buf + fp, opt.devmem, 0))
 +                        if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
-			{
-				found++;
-				goto done;
-@@ -6127,7 +6127,7 @@ memory_scan:
-	{
-		if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
-		{
+ 			{
+ 				found++;
+ 				goto done;
+@@ -6161,7 +6161,7 @@ int main(int argc, char * const argv[])
+ 	{
+ 		if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
+ 		{
 -			if (smbios_decode(buf + fp, opt.devmem, 0))
 +                        if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
-			{
-				found++;
-				goto done;
---
-2.35.5
+ 			{
+ 				found++;
+ 				goto done;
+-- 
+2.42.0
+
diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.4.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.4.bb
index 4d5255df64..cdc628a4ea 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode_3.4.bb
+++ b/meta/recipes-devtools/dmidecode/dmidecode_3.4.bb
@@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
            file://0001-Committing-changes-from-do_unpack_extra.patch \
-           file://CVE-2023-30630_1.patch \
+           file://CVE-2023-30630_1a.patch \
+           file://CVE-2023-30630_1b.patch \
            file://CVE-2023-30630_2.patch \
            file://CVE-2023-30630_3.patch \
            file://CVE-2023-30630_4.patch \
-- 
2.34.1

[OE-core][mickledore 03/24] qemu: ignore RHEL specific CVE-2023-2680

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 00decc57e5..a7f1099dd5 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -67,6 +67,10 @@ CVE_CHECK_IGNORE += "CVE-2018-18438"
 # this bug related to windows specific.
 CVE_CHECK_IGNORE += "CVE-2023-0664"
 
+# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387
+# RHEL specific issue
+CVE_CHECK_IGNORE += "CVE-2023-2680"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"
-- 
2.34.1

[OE-core][mickledore 04/24] cve-check: add CVSS vector string to CVE database and reports

[Steve Sakoman]

From: Antoine Lubineau <antoine.lubineau@easymile.com>

This allows building detailed vulnerability analysis tools without
relying on external resources.

Signed-off-by: Antoine Lubineau <antoine.lubineau@easymile.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 048ff0ad927f4d37cc5547ebeba9e0c221687ea6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass                   |  5 ++++-
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 11 ++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index bd9e7e7445..3846aee5ea 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -32,7 +32,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2-1.db"
 CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
 
 CVE_CHECK_LOG ?= "${T}/cve.log"
@@ -403,6 +403,7 @@ def get_cve_info(d, cves):
             cve_data[row[0]]["scorev3"] = row[3]
             cve_data[row[0]]["modified"] = row[4]
             cve_data[row[0]]["vector"] = row[5]
+            cve_data[row[0]]["vectorString"] = row[6]
         cursor.close()
     conn.close()
     return cve_data
@@ -459,6 +460,7 @@ def cve_write_data_text(d, patched, unpatched, ignored, cve_data):
         write_string += "CVSS v2 BASE SCORE: %s\n" % cve_data[cve]["scorev2"]
         write_string += "CVSS v3 BASE SCORE: %s\n" % cve_data[cve]["scorev3"]
         write_string += "VECTOR: %s\n" % cve_data[cve]["vector"]
+        write_string += "VECTORSTRING: %s\n" % cve_data[cve]["vectorString"]
         write_string += "MORE INFORMATION: %s%s\n\n" % (nvd_link, cve)
 
     if unpatched_cves and d.getVar("CVE_CHECK_SHOW_WARNINGS") == "1":
@@ -573,6 +575,7 @@ def cve_write_data_json(d, patched, unpatched, ignored, cve_data, cve_status):
             "scorev2" : cve_data[cve]["scorev2"],
             "scorev3" : cve_data[cve]["scorev3"],
             "vector" : cve_data[cve]["vector"],
+            "vectorString" : cve_data[cve]["vectorString"],
             "status" : status,
             "link": issue_link
         }
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 2f7dad7e82..d0321f1bb5 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -225,7 +225,7 @@ def initialize_db(conn):
         c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
 
         c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
-            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)")
 
         c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
             VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
@@ -299,6 +299,7 @@ def update_db(conn, elt):
     """
 
     accessVector = None
+    vectorString = None
     cveId = elt['cve']['id']
     if elt['cve']['vulnStatus'] ==  "Rejected":
         return
@@ -309,25 +310,29 @@ def update_db(conn, elt):
     date = elt['cve']['lastModified']
     try:
         accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
+        vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
         cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
     except KeyError:
         cvssv2 = 0.0
     cvssv3 = None
     try:
         accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
+        vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString']
         cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
     except KeyError:
         pass
     try:
         accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
+        vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString']
         cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
     except KeyError:
         pass
     accessVector = accessVector or "UNKNOWN"
+    vectorString = vectorString or "UNKNOWN"
     cvssv3 = cvssv3 or 0.0
 
-    conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
-                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
+    conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?)",
+                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
 
     try:
         for config in elt['cve']['configurations']:
-- 
2.34.1

[OE-core][mickledore 05/24] python3-urllib3: 1.26.15 -> 1.26.17

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

1.26.17 (2023-10-02)
Added the Cookie header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can
be set via Retry.remove_headers_on_redirect. (CVE-2023-43804)

1.26.16 (2023-05-23)
Fixed thread-safety issue where accessing a PoolManager with many
distinct origins would cause connection pools to be closed while
requests are in progress (#2954)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/python/{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb} (86%)

diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
similarity index 86%
rename from meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
rename to meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
index d2de7c4c02..57b166870a 100644
--- a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb
+++ b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c"
 
-SRC_URI[sha256sum] = "8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305"
+SRC_URI[sha256sum] = "24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"
 
 inherit pypi setuptools3
 
-- 
2.34.1

[OE-core][mickledore 06/24] libx11: upgrade to 1.8.7

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

This incorporates fixes for the following CVEs:

- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a1534bb34b680bfc5cb2f35b5fd5a0c2afed6368)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xorg-lib/{libx11_1.8.6.bb => libx11_1.8.7.bb}               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-lib/{libx11_1.8.6.bb => libx11_1.8.7.bb} (92%)

diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb b/meta/recipes-graphics/xorg-lib/libx11_1.8.7.bb
similarity index 92%
rename from meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
rename to meta/recipes-graphics/xorg-lib/libx11_1.8.7.bb
index 1cfa56b21e..5f14e62446 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.8.6.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.8.7.bb
@@ -24,7 +24,7 @@ XORG_PN = "libX11"
 
 SRC_URI += "file://disable_tests.patch"
 
-SRC_URI[sha256sum] = "59535b7cc6989ba806a022f7e8533b28c4397b9d86e9d07b6df0c0703fa25cc9"
+SRC_URI[sha256sum] = "05f267468e3c851ae2b5c830bcf74251a90f63f04dd7c709ca94dc155b7e99ee"
 
 inherit gettext
 
-- 
2.34.1

[OE-core][mickledore 07/24] libxpm: upgrade to 3.5.17

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

This release fixes the following CVEs:

- CVE-2023-43788
- CVE-2023-43789

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46dd8ce41756dbc2aa0f9001416f208cced1c8d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xorg-lib/{libxpm_3.5.16.bb => libxpm_3.5.17.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.16.bb => libxpm_3.5.17.bb} (88%)

diff --git a/meta/recipes-graphics/xorg-lib/libxpm_3.5.16.bb b/meta/recipes-graphics/xorg-lib/libxpm_3.5.17.bb
similarity index 88%
rename from meta/recipes-graphics/xorg-lib/libxpm_3.5.16.bb
rename to meta/recipes-graphics/xorg-lib/libxpm_3.5.17.bb
index c3d01f1bb3..8e15ecc0d4 100644
--- a/meta/recipes-graphics/xorg-lib/libxpm_3.5.16.bb
+++ b/meta/recipes-graphics/xorg-lib/libxpm_3.5.17.bb
@@ -22,6 +22,6 @@ PACKAGES =+ "sxpm cxpm"
 FILES:cxpm = "${bindir}/cxpm"
 FILES:sxpm = "${bindir}/sxpm"
 
-SRC_URI[sha256sum] = "e6bc5da7a69dbd9bcc67e87c93d4904fe2f5177a0711c56e71fa2f6eff649f51"
+SRC_URI[sha256sum] = "64b31f81019e7d388c822b0b28af8d51c4622b83f1f0cb6fa3fc95e271226e43"
 
 BBCLASSEXTEND = "native"
-- 
2.34.1

[OE-core][mickledore 08/24] linux-yocto/6.1: update to v6.1.55

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    d23900f974e0 Linux 6.1.55
    0db211ec0f1d interconnect: Teach lockdep about icc_bw_lock order
    b93aeb6352b0 net/sched: Retire rsvp classifier
    4c6bb9158179 drm/amdgpu: fix amdgpu_cs_p1_user_fence
    45ea58f9dbf8 Revert "memcg: drop kmem.limit_in_bytes"
    4422080e777e drm/amd/display: fix the white screen issue when >= 64GB DRAM
    97d4186c3503 ext4: fix rec_len verify error
    89365b624af5 scsi: pm8001: Setup IRQs on resume
    c2cb422dca0b scsi: megaraid_sas: Fix deadlock on firmware crashdump
    890e1e5dd8ba ata: libahci: clear pending interrupt status
    a3517ee1d4e6 ata: libata: disallow dev-initiated LPM transitions to unsupported states
    30057f4add41 i2c: aspeed: Reset the i2c controller when timeout occurs
    8b0f7d55b22e tracefs: Add missing lockdown check to tracefs_create_dir()
    dcf3caeee432 nfsd: fix change_info in NFSv4 RENAME replies
    978b86fbdb2a selinux: fix handling of empty opts in selinux_fs_context_submount()
    2617afde0c3d tracing: Have option files inc the trace array ref count
    6dc57c3a1d13 tracing: Have current_trace inc the trace array ref count
    a46bf337a20f tracing: Increase trace array ref count on enable and filter files
    0c2982b01501 tracing: Have event inject files inc the trace array ref count
    d65553fe5281 tracing: Have tracing_max_latency inc the trace array ref count
    1f89e6daf2b0 btrfs: check for BTRFS_FS_ERROR in pending ordered assert
    50e385d98b2a btrfs: release path before inode lookup during the ino lookup ioctl
    52932bbc6d4b btrfs: fix a compilation error if DEBUG is defined in btree_dirty_folio
    32247b9526bf btrfs: fix lockdep splat and potential deadlock after failure running delayed items
    d7b2abd87d1f dm: don't attempt to queue IO under RCU protection
    216eae7d7dea Revert "drm/amd: Disable S/G for APUs when 64GB or more host memory"
    98ea94f1627b md: Put the right device in md_seq_next
    f07c0bc27b0e nvme: avoid bogus CRTO values
    6a1d1365fafe io_uring/net: fix iter retargeting for selected buf
    e7dcf8339a0f ovl: fix incorrect fdput() on aio completion
    17854d92fa4a ovl: fix failed copyup of fileattr on a symlink
    6a84939cc7dd attr: block mode changes of symlinks
    3494a0066d8a Revert "SUNRPC: Fail faster on bad verifier"
    ba4f28a1d362 md/raid1: fix error: ISO C90 forbids mixed declarations
    2076b4b677c3 samples/hw_breakpoint: fix building without module unloading
    0dea06849924 x86/purgatory: Remove LTO flags
    2074cb608cb5 x86/boot/compressed: Reserve more memory for page tables
    038249ee7264 panic: Reenable preemption in WARN slowpath
    6069b9d8056d scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    1cd41d1669bc scsi: target: core: Fix target_cmd_counter leak
    dd8fce4e2da5 riscv: kexec: Align the kexeced kernel entry
    e9b8e266105a x86/ibt: Suppress spurious ENDBR
    03425393f41c selftests: tracing: Fix to unmount tracefs for recovering environment
    bc912eed8a1a scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
    cbf226355ee3 drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
    64561352c0f2 nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
    5ee5c928dbb6 nvmet: use bvec_set_page to initialize bvecs
    00cf1dc13c1f block: factor out a bvec_set_page helper
    2174731a17b0 btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
    31242daa108b btrfs: add a helper to read the superblock metadata_uuid
    44751b057c24 MIPS: Use "grep -E" instead of "egrep"
    8332311cd02a misc: fastrpc: Fix incorrect DMA mapping unmap request
    5a5641755ca8 misc: fastrpc: Prepare to dynamic dma-buf locking specification
    b4539ff7a48d dma-buf: Add unlocked variant of attachment-mapping functions
    6ca28642dd9a printk: Consolidate console deferred printing
    13ebf3ff08b0 printk: Keep non-panic-CPUs out of console lock
    ee42bfc791aa interconnect: Fix locking for runpm vs reclaim
    48aebbe801e7 kobject: Add sanity check for kset->kobj.ktype in kset_register()
    240571c49f76 media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
    91f400233edc usb: chipidea: add workaround for chipidea PEC bug
    8e3556f2f497 usb: ehci: add workaround for chipidea PORTSC.PEC bug
    48c135c30ad2 misc: open-dice: make OPEN_DICE depend on HAS_IOMEM
    a3c9315a8c78 serial: cpm_uart: Avoid suspicious locking
    4738bf8b2d36 scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
    6c440fec96af tools: iio: iio_generic_buffer: Fix some integer type and calculation
    826e9c91a203 usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
    bbc9c3652708 usb: cdns3: Put the cdns set active part outside the spin lock
    96a0bf5827e7 media: pci: cx23885: replace BUG with error return
    257092cb544c media: tuners: qt1010: replace BUG_ON with a regular error
    b2a019ec8b33 scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected
    dfcd3c010209 media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
    6ab7ea4e17d6 media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
    14b94154a723 media: anysee: fix null-ptr-deref in anysee_master_xfer
    abb6fd93e05e media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
    08dfcbd03b2b media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
    0143f282b15f media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
    8ba9d91c8f21 media: mdp3: Fix resource leaks in of_find_device_by_node
    b78796126f80 PCI: fu740: Set the number of MSI vectors
    9318c3ae155b PCI: vmd: Disable bridge window for domain reset
    96f27ff73220 powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
    ee378f45a70d ARM: 9317/1: kexec: Make smp stop calls asynchronous
    09066c19d945 PCI: dwc: Provide deinit callback for i.MX
    4de3a603010e jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
    2f7a36448f51 fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
    035bc86fbf2b ext2: fix datatype of block number in ext2_xattr_set2()
    4f7d853b4590 md: raid1: fix potential OOB in raid1_remove_disk()
    4e547968a6e4 bus: ti-sysc: Configure uart quirks for k3 SoC
    4c743c1dd2ee drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()
    edddbdb8122e drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
    a101b1bdd24a drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN314
    2c0f5b6972eb drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31
    506d2ee72af2 drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK
    2d027da82a96 ALSA: hda: intel-dsp-cfg: add LunarLake support
    cc4553c14fbb ASoC: Intel: sof_sdw: Update BT offload config for soundwire config
    d843bcc7adc9 ASoC: SOF: topology: simplify code to prevent static analysis warnings
    2ec715bf8816 drm/amd/display: Fix underflow issue on 175hz timing
    4630c27c5529 samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000'
    306c7903de14 arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size
    41ff904a7c46 arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size
    23f9d0c67199 arm64: dts: qcom: sm6350: correct ramoops pmsg-size
    03499a685773 arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size
    766cc11e854e drm/edid: Add quirk for OSVR HDK 2.0
    8178dac6ee2c drm/bridge: tc358762: Instruct DSI host to generate HSE packets
    d5feaef143b6 libbpf: Free btf_vmlinux when closing bpf_object
    b9a175e3b250 wifi: mac80211_hwsim: drop short frames
    7e1cda5cf07f wifi: mac80211: check for station first in client probe
    d7b0fe3487d2 wifi: cfg80211: ocb: don't leave if not joined
    676a42341013 wifi: cfg80211: reject auth/assoc to AP with our address
    28b07e30bc14 netfilter: ebtables: fix fortify warnings in size_entry_mwt()
    7ae7a1378a11 wifi: mac80211: check S1G action frame size
    1c27b73ffa90 alx: fix OOB-read compiler warning
    a13c1f6c324a mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
    b62e8838e988 tpm_tis: Resend command to recover from data transfer errors
    c2b226f223fb netlink: convert nlk->flags to atomic flags
    06e2b5ad72b6 Bluetooth: Fix hci_suspend_sync crash
    d3ad023a39f1 crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
    e5d94c98a72f net/ipv4: return the real errno instead of -EINVAL
    d5372a1f0cdf net: Use sockaddr_storage for getsockopt(SO_PEERNAME).
    ab0ae0af0a2d can: sun4i_can: Add support for the Allwinner D1
    4eb79abf910a can: sun4i_can: Add acceptance register quirk
    f04b40cb70a5 wifi: wil6210: fix fortify warnings
    5c8bbb79c7cb mt76: mt7921: don't assume adequate headroom for SDIO headers
    4f621fe1acac wifi: mwifiex: fix fortify warning
    2640a8e54f84 wifi: ath9k: fix printk specifier
    1800a27a3dba wifi: ath9k: fix fortify warnings
    5760a72b3060 ice: Don't tx before switchdev is fully configured
    ad58d7ebbf93 crypto: lrw,xts - Replace strlcpy with strscpy
    ac70101e5b94 devlink: remove reload failed checks in params get/set callbacks
    a0300edca5df selftests/nolibc: fix up kernel parameters support
    1ea7e4780727 ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
    dc1d81ee9312 hw_breakpoint: fix single-stepping when using bpf_overflow_handler
    d42d342d3132 perf/imx_ddr: speed up overflow frequency of cycle
    9d9b5cbc12f4 perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
    4cb0612cf260 ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
    9f10b4eb1b21 scftorture: Forgive memory-allocation failure if KASAN
    83ed0cdb6ae0 rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()
    3b1107abdc2c kernel/fork: beware of __put_task_struct() calling context
    e1f686930ee4 ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
    34bff6d85001 locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
    28062cd6eda0 btrfs: output extra debug info if we failed to find an inline backref
    726deae613bc autofs: fix memory leak of waitqueues in autofs_catatonic_mode
    a356197db198 Linux 6.1.54
    77b49370a261 drm/amd/display: Fix a bug when searching for insert_above_mpcc
    3ce9925584c6 MIPS: Only fiddle with CHECKFLAGS if `need-compiler'
    e5b28ce127a6 kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
    a47db2caae27 ixgbe: fix timestamp configuration code
    6f0d85d501ab tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
    63830afece93 tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
    489ced24c7ca tcp: Factorise sk_family-independent comparison in inet_bind2_bucket_match(_addr_any).
    82f9af464e01 ipv6: Remove in6addr_any alternatives.
    8b6556c4c4e3 ipv6: fix ip6_sock_set_addr_preferences() typo
    d5d315cf7687 net: macb: fix sleep inside spinlock
    7aa720c350c7 net: macb: Enable PTP unicast
    7f4116c6f984 net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
    f72497c521c9 platform/mellanox: NVSW_SN2201 should depend on ACPI
    9d392695f323 platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
    3f16330a4869 platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
    3a45dcfb4d3c platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
    30c8bbe1edba platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
    16989de75497 kcm: Fix memory leak in error path of kcm_sendmsg()
    2323397e5877 r8152: check budget for r8152_poll()
    44c8ffd482cc net: dsa: sja1105: block FDB accesses that are concurrent with a switch reset
    e74bd1b229cb net: dsa: sja1105: serialize sja1105_port_mcast_flood() with other FDB accesses
    d766cf9ddb97 net: dsa: sja1105: fix multicast forwarding working only for last added mdb entry
    538e7fe66c46 net: dsa: sja1105: propagate exact error code from sja1105_dynamic_config_poll_valid()
    9a3e7eca2b5b net: dsa: sja1105: hide all multicast addresses from "bridge fdb show"
    66e79c2f3a93 net:ethernet:adi:adin1110: Fix forwarding offload
    c281948cebcc net: ethernet: adi: adin1110: use eth_broadcast_addr() to assign broadcast address
    61866f7d814e hsr: Fix uninit-value access in fill_frame_info()
    ff5faed5f548 net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
    349638f7e5d3 net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
    9dbbc87d5b61 net: stmmac: fix handling of zero coalescing tx-usecs
    70c8d17007dc net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
    ef5d546b9d4f selftests: Keep symlinks, when possible
    cdd61a27fb0a kselftest/runner.sh: Propagate SIGTERM to runner child
    980f84454798 net: ipv4: fix one memleak in __inet_del_ifa()
    9acb294ebdfe kunit: Fix wild-memory-access bug in kunit_free_suite_set()
    cb30ff2adb10 drm/amdgpu: register a dirty framebuffer callback for fbcon
    b53fee19ec5e drm/amd/display: Remove wait while locked
    2d7a6fcb1f23 drm/amd/display: always switch off ODM before committing more streams
    c29bfda64b44 perf hists browser: Fix the number of entries for 'e' key
    f4618f131629 perf tools: Handle old data in PERF_RECORD_ATTR
    be69e8c8f5c2 perf test shell stat_bpf_counters: Fix test on Intel
    cb0940640d51 perf hists browser: Fix hierarchy mode header
    ec5409612255 MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS `modules_install' regression
    60b5ef4cf82c KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
    12645e623f28 KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
    5b2b0535fa7a KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
    6c1ecfea1daf KVM: nSVM: Check instead of asserting on nested TSC scaling support
    5c18ace750e4 KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
    ba82001e4118 KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
    3988692acc92 KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
    ff536a96687c drm/amd/display: prevent potential division by zero errors
    e1769b1dfcae drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma
    3388ca3a38a5 mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
    31d42146fa6f mtd: rawnand: brcmnand: Fix potential false time out warning
    7c6ba20a0b9a mtd: spi-nor: Correct flags for Winbond w25q128
    45fe4ad7f439 mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
    a7e118fcc8b4 mtd: rawnand: brcmnand: Fix crash during the panic_write
    8bf2d4ca521d drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
    09974a1352d3 btrfs: use the correct superblock to compare fsid in btrfs_validate_super
    b692f7d1576b btrfs: zoned: re-enable metadata over-commit for zoned mode
    08daa38ca212 btrfs: set page extent mapped after read_folio in relocate_one_page
    91f6a538d625 btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
    f933a1c43b68 btrfs: free qgroup rsv on io failure
    cdc3ba292df8 btrfs: fix start transaction qgroup rsv double free
    59c38f050d9b btrfs: zoned: do not zone finish data relocation block group
    ef819c2f8e8a fuse: nlookup missing decrement in fuse_direntplus_link
    6694be119f63 ata: pata_ftide010: Add missing MODULE_DESCRIPTION
    ae73b94ad771 ata: sata_gemini: Add missing MODULE_DESCRIPTION
    1605f2709017 ata: pata_falcon: fix IO base selection for Q40
    cdd0d707357c ata: ahci: Add Elkhart Lake AHCI controller
    e93bc372dbc0 hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation
    0649dc0af93a lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix()
    980b592c6087 f2fs: avoid false alarm of circular locking
    1c64dbe8fa35 f2fs: flush inode if atomic file is aborted
    1fb3f1bbfdb5 ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
    03393857a95b ext4: add correct group descriptors and reserved GDT blocks to system zone
    20108975ec51 jbd2: correct the end of the journal recovery scan range
    dbafe636db41 jbd2: check 'jh->b_transaction' before removing it from checkpoint
    c5f23305f8b1 jbd2: fix checkpoint cleanup performance regression
    6ea18981bb8a dmaengine: sh: rz-dmac: Fix destination and source data size setting
    de43bc17987d clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL
    f2953184bf19 ARC: atomics: Add compiler barrier to atomic operations...
    8eea0afbcc9d net/mlx5: Free IRQ rmap and notifier on kernel shutdown
    017a05805368 Multi-gen LRU: avoid race in inc_min_seq()
    69561478400c sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
    9cd5cf0bfeaf net: hns3: remove GSO partial feature bit
    136806771864 net: hns3: fix the port information display when sfp is absent
    9bd9afd55c52 net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue
    d76436e26943 net: hns3: fix debugfs concurrency issue between kfree buffer and read
    b5087697130a net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read()
    5c28780f4232 net: hns3: fix tx timeout issue
    7bb8d52b4271 netfilter: nfnetlink_osf: avoid OOB read
    d9ebfc0f2137 netfilter: nftables: exthdr: fix 4-byte stack OOB write
    6cf0d1d5a50b bpf: Assign bpf_tramp_run_ctx::saved_run_ctx before recursion check.
    04f92e67b35d bpf: Invoke __bpf_prog_exit_sleepable_recur() on recursion in kern_sys_bpf().
    a12f15d1f863 bpf: Remove prog->active check for bpf_lsm and bpf_iter
    5f09b79e99ad net: dsa: sja1105: complete tc-cbs offload support on SJA1110
    ec9f203ad7f3 net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
    483f0e3975df net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload
    54b59bc18d19 ip_tunnels: use DEV_STATS_INC()
    175f290dc937 idr: fix param name in idr_alloc_cyclic() doc
    147d8da33a2c s390/zcrypt: don't leak memory if dev_set_name() fails
    ccb048dae8ff igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
    74b98c61c9c6 igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
    30acc4f954a0 igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
    e2e2c839d827 octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler
    e30388b80d23 kcm: Destroy mutex in kcm_exit_net()
    a18349dc8d91 net: sched: sch_qfq: Fix UAF in qfq_dequeue()
    2100bbf55e56 af_unix: Fix data race around sk->sk_err.
    ce3aa88ceccd af_unix: Fix data-races around sk->sk_shutdown.
    2d8933ca863e af_unix: Fix data-race around unix_tot_inflight.
    b9cdbb38e030 af_unix: Fix data-races around user->unix_inflight.
    923877254f00 bpf, sockmap: Fix skb refcnt race after locking changes
    71fb38b222cf net: phy: micrel: Correct bit assignments for phy_device flags
    aa8fd3a63691 net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
    e752860bbc3c veth: Fixing transmit return status for dropped packets
    a47ad6d226dc gve: fix frag_list chaining
    24b1e835db34 igb: disable virtualization features on 82580
    7ddfe350e255 ipv6: ignore dst hint for multipath routes
    0b2ee66411fe ipv4: ignore dst hint for multipath routes
    b7d25ac3627a mptcp: annotate data-races around msk->rmem_fwd_alloc
    787c5829681b net: annotate data-races around sk->sk_forward_alloc
    f1175881ddd9 net: use sk_forward_alloc_get() in sk_get_meminfo()
    bd9bd085c681 drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
    2b7510bb92c1 drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn()
    f5738399ed96 drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page"
    6436973164ea xsk: Fix xsk_diag use-after-free error during socket cleanup
    d92c34348b37 net: fib: avoid warn splat in flow dissector
    9036b6342fcd net: read sk->sk_family once in sk_mc_loop()
    5aaa7ee23203 ipv4: annotate data-races around fi->fib_dead
    471f534971d9 sctp: annotate data-races around sk->sk_wmem_queued
    f39b49077abe net/sched: fq_pie: avoid stalls in fq_pie_timer()
    47f72ee50226 smb: propagate error code of extract_sharename()
    60e3318e3e90 cifs: use fs_context for automounts
    84d577923450 blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice()
    fd2420905c8e blk-throttle: use calculate_io/bytes_allowed() for throtl_trim_slice()
    8017a27cec32 drm/i915: mark requests for GuC virtual engines to avoid use-after-free
    0686336f7383 perf test stat_bpf_counters_cgrp: Enhance perf stat cgroup BPF counter test
    66b23e7b0822 perf test stat_bpf_counters_cgrp: Fix shellcheck issue about logical operators
    523f6268e865 pwm: lpc32xx: Remove handling of PWM channels
    fa5392873639 watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
    032cd8ce89a4 perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
    adeb9f392d07 perf vendor events: Drop STORES_PER_INST metric event for power10 platform
    6ade9094b477 perf vendor events: Drop some of the JSON/events for power10 platform
    b7cbcafb6d04 perf vendor events: Update the JSON/events descriptions for power10 platform
    6a43e0d62311 x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
    6522397e7502 perf annotate bpf: Don't enclose non-debug code with an assert()
    e62e740009cc Input: tca6416-keypad - fix interrupt enable disbalance
    a7345501a3bd Input: tca6416-keypad - always expect proper IRQ number in i2c client
    d7add2001991 backlight: gpio_backlight: Drop output GPIO direction check for initial power state
    9de7eb95bbe8 pwm: atmel-tcb: Fix resource freeing in error path and remove
    c42256a283d6 pwm: atmel-tcb: Harmonize resource allocation order
    b9734e8505bd pwm: atmel-tcb: Convert to platform remove callback returning void
    62dd514c34be perf trace: Really free the evsel->priv area
    e5dee8222d7c perf trace: Use zfree() to reduce chances of use after free
    eb17c3d0055b Input: iqs7222 - configure power mode before triggering ATI
    8ab594223950 kconfig: fix possible buffer overflow
    39c29d075352 mailbox: qcom-ipcc: fix incorrect num_chans counting
    36201d559b47 gfs2: low-memory forced flush fixes
    694e43f22c5b gfs2: Switch to wait_event in gfs2_logd
    c4807163e2d4 tpm_crb: Fix an error handling path in crb_acpi_add()
    46d3bc902b03 kbuild: do not run depmod for 'make modules_sign'
    390275d7a863 kbuild: rpm-pkg: define _arch conditionally
    31cf7853a940 net: deal with integer overflows in kmalloc_reserve()
    2b39866f0a38 net: factorize code in kmalloc_reserve()
    36974c3a5438 net: remove osize variable in __alloc_skb()
    5f7676fdaf42 net: add SKB_HEAD_ALIGN() helper
    8b4d0f3890c8 bus: mhi: host: Skip MHI reset if device is in RDDM
    fd9a8ad2cfa7 NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
    dac14a1dbe20 NFS: Fix a potential data corruption
    1bb9546c7aed clk: qcom: mss-sc7180: fix missing resume during probe
    017e60a215d8 clk: qcom: q6sstop-qcs404: fix missing resume during probe
    eab2ece5e4b5 clk: qcom: lpasscc-sc7280: fix missing resume during probe
    5310f712157a clk: qcom: dispcc-sm8450: fix runtime PM imbalance on probe errors
    f6250ecb7fbb soc: qcom: qmi_encdec: Restrict string length in decode
    c4e1204bd714 clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
    5b3b0f7f7363 clk: imx: pll14xx: align pdiv with reference manual
    871244f8efe8 clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
    311db21d4a1f dt-bindings: clock: xlnx,versal-clk: drop select:false
    54e5ff4af78b pinctrl: cherryview: fix address_space_handler() argument
    9c8fc05bd4d0 cifs: update desired access while requesting for directory lease
    db5d5673ab7e parisc: led: Reduce CPU overhead for disk & lan LED computation
    ff2c44f0118d parisc: led: Fix LAN receive and transmit LEDs
    421855d0d24d lib/test_meminit: allocate pages up to order MAX_ORDER
    84a212a72c84 mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
    21ef9e11205f memcg: drop kmem.limit_in_bytes
    0f7339056893 send channel sequence number in SMB3 requests after reconnects
    22ec50d7b524 arm64: dts: renesas: rzg2l: Fix txdv-skew-psec typos
    df2d596e7e9c clk: qcom: turingcc-qcs404: fix missing resume during probe
    b83ae66d8265 ASoC: tegra: Fix SFC conversion for few rates
    3c9881fd220a drm/ast: Fix DRAM init on AST2200
    c0341bddd6cc clk: qcom: camcc-sc7180: fix async resume during probe
    f83c1b13f815 fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
    a0b4a0666bea null_blk: fix poll request timeout handling
    f55797084931 scsi: qla2xxx: Fix firmware resource tracking
    3a9d4db2d2e0 scsi: qla2xxx: Error code did not return to upper layer
    c7355cbb9c1b scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
    974887e1d689 scsi: qla2xxx: Flush mailbox commands on chip reset
    98643561d853 scsi: qla2xxx: Remove unsupported ql2xenabledif option
    1f0e3814adc7 scsi: qla2xxx: Fix TMF leak through
    e6aabf0654cc scsi: qla2xxx: Fix session hang in gnl
    addaa136f10b scsi: qla2xxx: Turn off noisy message log
    01e3440ce021 scsi: qla2xxx: Fix erroneous link up failure
    ddb8fa05981c scsi: qla2xxx: Fix command flush during TMF
    6e44a7e2a0bc scsi: qla2xxx: fix inconsistent TMF timeout
    cd06c45b326e scsi: qla2xxx: Fix deletion race condition
    820010cfe5f8 scsi: qla2xxx: Limit TMF to 8 per function
    faf7e224b4fa scsi: qla2xxx: Adjust IOCB resource on qpair create
    98d3e7c5f757 drm/virtio: Conditionally allocate virtio_gpu_fence
    3e8b9b06de9d io_uring: Don't set affinity on a dying sqpoll thread
    9704cfcf1fa9 io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used
    605d055452e7 io_uring: break out of iowq iopoll on teardown
    b04f22b68643 io_uring/net: don't overflow multishot accept
    5afbf7fdb730 io_uring: revert "io_uring fix multishot accept ordering"
    fd459200ff81 io_uring: always lock in io_apoll_task_func
    f36791596176 Multi-gen LRU: fix per-zone reclaim
    a73d04c46052 mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
    7164d74aae1c net/ipv6: SKB symmetric hash should incorporate transport ports

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7efd25c9e6efa4adcc1646e36c2d6fe444f6e28)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/cve-exclusion_6.1.inc               | 13 +++++----
 .../linux/linux-yocto-rt_6.1.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.1.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.1.bb  | 28 +++++++++----------
 4 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 173bff2813..b6b9ca00d4 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-10-09 16:39:52.745283+00:00 for version 6.1.53
+# Generated at 2023-09-30 07:26:16.988526+00:00 for version 6.1.55
 
 python check_kernel_cve_status_version() {
-    this_version = "6.1.53"
+    this_version = "6.1.55"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -7297,7 +7297,8 @@ CVE_CHECK_IGNORE += "CVE-2023-42752"
 # cpe-stable-backport: Backported in 6.1.53
 CVE_CHECK_IGNORE += "CVE-2023-42753"
 
-# CVE-2023-42755 needs backporting (fixed from 6.1.55)
+# cpe-stable-backport: Backported in 6.1.55
+CVE_CHECK_IGNORE += "CVE-2023-42755"
 
 # fixed-version: Fixed from version 5.19rc1
 CVE_CHECK_IGNORE += "CVE-2023-4385"
@@ -7327,9 +7328,11 @@ CVE_CHECK_IGNORE += "CVE-2023-4611"
 # cpe-stable-backport: Backported in 6.1.53
 CVE_CHECK_IGNORE += "CVE-2023-4623"
 
-# CVE-2023-4881 needs backporting (fixed from 6.1.54)
+# cpe-stable-backport: Backported in 6.1.54
+CVE_CHECK_IGNORE += "CVE-2023-4881"
 
-# CVE-2023-4921 needs backporting (fixed from 6.1.54)
+# cpe-stable-backport: Backported in 6.1.54
+CVE_CHECK_IGNORE += "CVE-2023-4921"
 
 # CVE-2023-5158 has no known resolution
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index 9e94fc5255..a56addd4d5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "af2faa46d440ee11170ba8233eec0f818988f256"
-SRCREV_meta ?= "59e0fce122a66f7dcaf7a2a8294d81c4b78197dc"
+SRCREV_machine ?= "4b3040c1dc13aaac356ad4ef45a8926118c732d0"
+SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.1.53"
+LINUX_VERSION ?= "6.1.55"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index 04ae601e69..cb94d2d28e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.1.inc
 
-LINUX_VERSION ?= "6.1.53"
+LINUX_VERSION ?= "6.1.55"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_meta ?= "59e0fce122a66f7dcaf7a2a8294d81c4b78197dc"
+SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index 567e0154bd..ef451efea5 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -17,25 +17,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
 KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b11af7d1c8b4337347747977173c878e7672eb15"
-SRCREV_machine:qemuarm64 ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemuloongarch64 ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemumips ?= "81af09853cc4318fad59e780c830c9cc8ccdc898"
-SRCREV_machine:qemuppc ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemuriscv64 ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemuriscv32 ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemux86 ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemux86-64 ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_machine:qemumips64 ?= "6ec5ef2f6fa90a5823e131805845738453bc553a"
-SRCREV_machine ?= "51f0e0b74445fb47b6544b26667f9d58b2017695"
-SRCREV_meta ?= "59e0fce122a66f7dcaf7a2a8294d81c4b78197dc"
+SRCREV_machine:qemuarm ?= "cf771f6d6bc0344e048bdbf7d23d3aacbe3556d0"
+SRCREV_machine:qemuarm64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuloongarch64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemumips ?= "4be1dcc270e6ddeea513af01d91ea3b48ec82470"
+SRCREV_machine:qemuppc ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuriscv64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuriscv32 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemux86 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemux86-64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemumips64 ?= "aa0e978c979b84d620ad21132cfdbbf857be3878"
+SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "09045dae0d902f9f78901a26c7ff1714976a38f9"
+SRCREV_machine:class-devupstream ?= "d23900f974e0fb995b36ef47283a5aa74ca25f51"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.1/base"
 
@@ -43,7 +43,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.53"
+LINUX_VERSION ?= "6.1.55"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
2.34.1

[OE-core][mickledore 09/24] linux-yocto/6.1: update to v6.1.56

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    ecda77b46871 Linux 6.1.56
    8c515d4f2d66 ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
    a3c1da448353 mm, memcg: reconsider kmem.limit_in_bytes deprecation
    b8901b6c2e9b memcg: drop kmem.limit_in_bytes
    ee335e0094ad drm/meson: fix memory leak on ->hpd_notify callback
    b60028c81e46 drm/amdkfd: Use gpu_offset for user queue's wptr
    48a22f13fb1b fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
    69e61ee8ea8a power: supply: ab8500: Set typing and props
    c038ebffbb48 power: supply: rk817: Add missing module alias
    69dd84470b4d drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
    60d2e06ad6e3 ata: libata-sata: increase PMP SRST timeout to 10s
    886f387db1e6 ata: libata-core: Do not register PM operations for SAS ports
    5cfbe6da8354 ata: libata-core: Fix port and device removal
    0b7aaf2058ba ata: libata-core: Fix ata_port_request_pm() locking
    f555a508087a fs/smb/client: Reset password pointer to NULL
    1983fd78701a net: thunderbolt: Fix TCPv6 GSO checksum calculation
    4fb56e82d939 bpf: Fix BTF_ID symbol generation collision in tools/
    4f1e3e02777b bpf: Fix BTF_ID symbol generation collision
    b1041cab4726 bpf: Add override check to kprobe multi link attach
    09635bf4cdd4 media: uvcvideo: Fix OOB read
    d6a749e4cab2 btrfs: properly report 0 avail for very full file systems
    f3ad8874541d ring-buffer: Update "shortest_full" in polling
    6bacdb914a99 mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement
    a5569bb18752 mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
    9a4fe81a8644 mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
    68a63a077e02 arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y
    b29756aefe03 drm/tests: Fix incorrect argument in drm_test_mm_insert_range
    a90eafbf165f timers: Tag (hr)timer softirq as hotplug safe
    f32340c70eb9 Revert "SUNRPC dont update timeout value on connection reset"
    1e4c03d530d8 netfilter: nf_tables: fix kdoc warnings after gc rework
    49903f70d728 sched/rt: Fix live lock between select_fallback_rq() and RT push
    787256ec9b44 kernel/sched: Modify initial boot task idle setup
    afa2bbd682c7 ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG
    829ff08be566 i2c: i801: unregister tco_pdev in i801_probe() error path
    75c307d9f2fb io_uring/fs: remove sqe->rw_flags checking from LINKAT
    06fba8a8dea2 ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
    476fd029e700 ata: libata-scsi: link ata port and scsi device
    490f3b805ee3 LoongArch: numa: Fix high_memory calculation
    7bc8585aa071 LoongArch: Define relocation types for ABI v2.10
    f04ded9ae268 ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
    9af8bb2afea3 netfilter: nf_tables: disallow rule removal from chain binding
    980663f1d189 nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
    e14f68a48fd4 serial: 8250_port: Check IRQ data before use
    c61d0b87a702 Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
    37435ddfadc6 misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to probe
    5d6613ed2b7d mptcp: fix bogus receive window shrinkage with multiple subflows
    00c27bffdba6 KVM: x86/mmu: Do not filter address spaces in for_each_tdp_mmu_root_yield_safe()
    cd41db6cb285 KVM: x86/mmu: Open code leaf invalidation from mmu_notifier
    733d7a5451fc KVM: SVM: Fix TSC_AUX virtualization setup
    e86a3a622633 KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway
    6ce2f297a716 x86/srso: Add SRSO mitigation for Hygon processors
    811ba2ef0cb6 x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
    f90f4c562003 iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
    a09446ac0414 smack: Retrieve transmuting information in smack_inode_getsecurity()
    cbb16d0f4996 smack: Record transmuting in smk_transmuted
    4b8ef68e39d2 nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
    1d7bc76b5849 scsi: qla2xxx: Fix NULL pointer dereference in target mode
    1a51d35ba729 wifi: ath11k: Don't drop tx_status when peer cannot be found
    a60768c05b58 nvme-pci: do not set the NUMA node of device if it has none
    6b2165cae403 nvme-pci: factor out a nvme_pci_alloc_dev helper
    69bc295d0e0b nvme-pci: factor the iod mempool creation into a helper
    9ebee88a8911 perf build: Define YYNOMEM as YYNOABORT for bison < 3.81
    8e85af2c682e fbdev/sh7760fb: Depend on FB=y
    f105e893a8ed LoongArch: Set all reserved memblocks on Node#0 at initialization
    146ba159f5a6 tsnep: Fix NAPI polling with budget 0
    78ac1e7dec24 tsnep: Fix NAPI scheduling
    b09c1359e4f0 net: hsr: Add __packed to struct hsr_sup_tlv.
    97788f0757bd ncsi: Propagate carrier gain/loss events to the NCSI controller
    c93aa8cfaec4 powerpc/watchpoints: Annotate atomic context in more places
    3632e9fd82d0 powerpc/watchpoint: Disable pagefaults when getting user instruction
    16722418cbe3 powerpc/watchpoints: Disable preemption in thread_change_pc()
    ee8bbb2a31d3 ASoC: SOF: Intel: MTL: Reduce the DSP init timeout
    3608be186ae5 NFSv4.1: fix zero value filehandle in post open getattr
    e9f05ae6f636 media: vb2: frame_vector.c: replace WARN_ONCE with a comment
    28c369324922 ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
    1c88886587d3 memblock tests: fix warning ‘struct seq_file’ declared inside parameter list
    729757fe9718 memblock tests: fix warning: "__ALIGN_KERNEL" redefined
    53618d56bfe4 firmware: cirrus: cs_dsp: Only log list of algorithms in debug build
    110e6f575028 ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low
    cbc43ddd5ce2 ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width.
    019f01f81887 ALSA: hda: intel-sdw-acpi: Use u8 type for link index
    92f24f98d5ff bpf: Clarify error expectations from bpf_clone_redirect
    60446b5e7486 spi: intel-pci: Add support for Granite Rapids SPI serial flash
    12716449289e ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
    85ca138f922c spi: stm32: add a delay before SPI disable
    84592ec591be spi: nxp-fspi: reset the FLSHxCR1 registers
    d5ae9d9f0c41 ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
    2132ea3f9f5a smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP
    2259e1901b2d scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
    82f575a7e811 scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
    6e392ff88476 riscv: errata: fix T-Head dcache.cva encoding
    91b6845ef387 drm/amdgpu: Handle null atom context in VBIOS info ioctl
    ad3c37f90bae drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
    cca15a827907 drm/amdgpu/soc21: don't remap HDP registers for SR-IOV
    b9971393d4c9 drm/amd/display: Don't check registers, if using AUX BL control
    49bdfc83c74a thermal/of: add missing of_node_put()
    d6a68f163246 platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode
    d1f916c6eb0c platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig
    dfbcef80dda9 ata: sata_mv: Fix incorrect string length computation in mv_dump_mem()
    797d75bd575c net/smc: bugfix for smcr v2 server connect success statistic
    b08a4938229d ring-buffer: Do not attempt to read past "commit"
    baa1634bc936 selftests: fix dependency checker script
    45ad79c9cb50 btrfs: assert delayed node locked when removing delayed item
    11054f0b889f ring-buffer: Avoid softlockup in ring_buffer_resize()
    a687e817d814 selftests/ftrace: Correctly enable event in instance-event.tc
    5fb322df090e scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command
    81a6cdfcfd23 scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock
    843348f9e4aa scsi: qedf: Add synchronization between I/O completions and abort
    655e9d209c06 parisc: irq: Make irq_stack_union static to avoid sparse warning
    8a2c2630e18d parisc: drivers: Fix sparse warning
    60caeaf090d5 parisc: iosapic.c: Fix sparse warnings
    632e0fcf409b parisc: sba: Fix compile warning wrt list of SBA devices
    be90c9e29dd5 nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
    36b29974a7ad spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
    e15bb292b246 spi: sun6i: reduce DMA RX transfer width to single byte
    5685f8a6fae1 bpf: Annotate bpf_long_memcpy with data_race
    be8f49029eca dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
    89744b649144 ceph: drop messages from MDS when unmounting
    1375d9600c38 x86/reboot: VMCLEAR active VMCSes before emergency reboot
    85fafa7ef0ac i2c: npcm7xx: Fix callback completion ordering
    0d6c2f0942c3 gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
    e578a26084eb firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND
    099cfc6e5d1b arm64: dts: imx: Add imx8mm-prt8mm.dtb to build
    328efccc7847 soc: imx8m: Enable OCOTP clock for imx8mm before reading registers
    aab681bcb13a selftests/powerpc: Fix emit_tests to work with run_kselftest.sh
    763f029f8c0f selftests/powerpc: Pass make context to children
    b9dc3d6b761d selftests/powerpc: Use CLEAN macro to fix make warning
    fe6406238d5a power: supply: rk817: Fix node refcount leak
    1005010b732b xtensa: boot/lib: fix function prototypes
    6438653ad1f2 xtensa: umulsidi3: fix conditional expression
    45661247d117 xtensa: boot: don't add include-dirs
    fca1b09645e5 xtensa: iss/network: make functions static
    b4e666fa38fd xtensa: add default definition for XCHAL_HAVE_DIV32
    7cad56459964 firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
    33ed60d8b961 power: supply: ucs1002: fix error code in ucs1002_get_property()
    1ec48a9fac7d bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
    dd19672aaac4 ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
    fe1379c0f61d ARM: dts: Unify pinctrl-single pin group nodes for omap4
    16455bed4f86 ARM: dts: Unify pwm-omap-dmtimer node names
    4ccb05618b4d ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4
    fe4da07a7f1b ARM: dts: omap: correct indentation
    ea4efaf54685 clk: tegra: fix error return case for recalc_rate
    efad31b6c062 clk: sprd: Fix thm_parents incorrect configuration
    1ea6975aa68a power: supply: mt6370: Fix missing error code in mt6370_chg_toggle_cfo()
    64adb41644fc firmware: arm_scmi: Fixup perf power-cost/microwatt support
    a135c8813815 firmware: arm_scmi: Harden perf domain info access
    3a21635aed62 bus: ti-sysc: Fix missing AM35xx SoC matching
    771eb7c3f3fb bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset()
    e6389d61b720 drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet
    404b8bc41872 spi: spi-gxp: BUG: Correct spi write return value
    d3dc8acb60f8 MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
    c01b2e0ee22e vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
    cca10592ffd5 btrfs: reset destination buffer when read_extent_buffer() gets invalid range
    cdfcaa4e8043 drm/amdkfd: Insert missing TLB flush on GFX10 and later
    9becfff9f91e drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
    52c7b41ad6ee scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
    35c02a333d52 scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called
    3a8ac77a70cc wifi: ath11k: Cleanup mac80211 references on failure during tx_complete
    1cccd28aa591 wifi: ath11k: fix tx status reporting in encap offload mode
    dc1ab6577475 arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
    03b808058a88 s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL
    a84ac8995ac7 f2fs: get out of a repeat loop when getting a locked data page
    8b3b859bf8be f2fs: optimize iteration over sparse directories
    3134156e3421 ARM: dts: qcom: msm8974pro-castor: correct touchscreen syna,nosleep-mode
    064f57151dff ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names
    21e5e3c3f71c ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen
    05951f5c26b4 ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size
    226590fbd967 ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
    70a1df9e0b44 i2c: xiic: Correct return value check for xiic_reinit()
    fb9cfb28bdde i2c: mux: gpio: Add missing fwnode_handle_put()
    976c8c1c4073 i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
    50a096aab61f gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
    908b3b5e97d2 cifs: Fix UAF in cifs_demultiplex_thread()
    7e4f49cd2bd7 proc: nommu: fix empty /proc/<pid>/maps
    1d45e6d9951d proc: nommu: /proc/<pid>/maps: release mmap read lock
    c5c9ee388723 igc: Expose tx-usecs coalesce setting to user
    cae59ae73106 octeontx2-pf: Do xdp_do_flush() after redirects.
    98ebbdefe490 bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
    26f1829c8538 net: ena: Flush XDP packets on error.
    d64e738adc5c locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested()
    987a7f5311ba i915/pmu: Move execlist stats initialization to execlist specific setup
    ea5a61d58886 netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
    c4b0facd5c20 netfilter: nf_tables: disable toggling dormant table state more than once
    51fa66024a5e net: rds: Fix possible NULL-pointer dereference
    2f0acb0736ec team: fix null-ptr-deref when team device type is changed
    89f9f20b1cbd net: bridge: use DEV_STATS_INC()
    69d7eef31ee1 net: hns3: add 5ms delay before clear firmware reset irq source
    b1b85b3d767e net: hns3: fix fail to delete tc flower rules during reset issue
    d3f7af41de52 net: hns3: only enable unicast promisc when mac table full
    ed6a0b21b6ac net: hns3: fix GRE checksum offload issue
    430f18eed1c1 net: hns3: add cmdq check for vf periodic service task
    adbcec23c842 x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
    755195b2d2df x86/srso: Fix srso_show_state() side effect
    7f301aa243b9 platform/x86: intel_scu_ipc: Fail IPC send if still busy
    b34121a8fec1 platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command()
    962444595841 platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt()
    98a5a7f344fa platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
    8ef5cc6b4ef0 net: hsr: Properly parse HSRv1 supervisor frames.
    eef16bfdb212 x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
    73be49248a04 dccp: fix dccp_v4_err()/dccp_v6_err() again
    c2019f0a6816 powerpc/perf/hv-24x7: Update domain value check
    5734d22c9ea0 scsi: iscsi_tcp: restrict to TCP sockets
    2712545e535d ipv4: fix null-deref in ipv4_link_failure
    54228157fb57 igc: Fix infinite initialization loop with early XDP redirect
    40b5032c9951 ionic: fix 16bit math issue when PAGE_SIZE >= 64KB
    f2c6e5945da5 netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry()
    d98bad2998fd i40e: Fix VF VLAN offloading when port VLAN is configured
    0546cd573404 iavf: schedule a request immediately after add/delete vlan
    00bbedbd7c5a iavf: add iavf_schedule_aq_request() helper
    16fd3c37d1ca ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful
    211aac2ef6ff iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set
    65976385d49f octeon_ep: fix tx dma unmap len values in SG
    66823a9025bc ASoC: imx-audmix: Fix return error with devm_clk_get()
    ee79256b1615 ASoC: hdaudio.c: Add missing check for devm_kstrdup
    488ea2a3e266 net/core: Fix ETH_P_1588 flow dissector
    bf560c8a83ca selftests: tls: swap the TX and RX sockets in some tests
    f5a75b3d31d3 netfilter: conntrack: fix extension size table
    09424e88126e ALSA: hda/realtek: Splitting the UX3402 into two separate models
    1698854b03a5 ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode
    293e4920f715 ASoC: rt5640: Revert "Fix sleep in atomic context"
    e388671635ac bpf: Avoid deadlock when using queue and stack maps from NMI
    1e01b127685f netfilter: nf_tables: disallow element removal on anonymous sets
    7a7fd891022a ASoC: meson: spdifin: start hw on dai probe
    7e5d732e6902 netfilter: nf_tables: fix memleak when more than 255 elements expired
    be4fbbbcd2f2 netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
    973288e9d988 netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
    8c643a8e040d netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
    92b4b4bde940 netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
    9a8c544158f6 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
    a42ac74c9666 netfilter: nf_tables: defer gc run if previous batch is still pending
    620e594be334 netfilter: nf_tables: use correct lock to protect gc_list
    5d319f7a8143 netfilter: nf_tables: GC transaction race with abort path
    afa584c35065 netfilter: nf_tables: GC transaction race with netns dismantle
    41113aa5698a netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
    59ee68c437c5 netfilter: nf_tables: don't fail inserts if duplicate has expired
    0b9af4860a61 netfilter: nf_tables: remove busy mark and gc batch API
    4ead4f74b3a9 netfilter: nft_set_hash: mark set element as dead when deleting from packet path
    df650d6a4bf4 netfilter: nf_tables: adapt set backend to use GC transaction API
    ea3eb9f2192e netfilter: nf_tables: GC transaction API to avoid race with control plane
    59dab3bf0b8f netfilter: nf_tables: don't skip expired elements during walk
    6bb88a0344c0 ext4: do not let fstrim block system suspend
    b4d5db1c77fa ext4: move setting of trimmed bit into ext4_try_to_trim_range()
    1e3c25df7d40 ext4: replace the traditional ternary conditional operator with with max()/min()
    39c4a9522db0 btrfs: remove BUG() after failure to insert delayed dir index item
    0d1a761dec22 btrfs: improve error message after failure to add delayed dir index item
    dbf1a7198505 dm: fix a race condition in retrieve_deps
    df9950d37df1 netfs: Only call folio_start_fscache() one time for each folio
    2d9757480b43 media: via: Use correct dependency for camera sensor drivers
    ae68541d5285 media: v4l: Use correct dependency for camera sensor drivers
    a997d583571b NFSv4.1: fix pnfs MDS=DS session trunking
    f86a2c2ea085 NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server
    839e07de9a0a SUNRPC: Mark the cred for revalidation if the server rejects it
    13acbca81eee NFS/pNFS: Report EINVAL errors from connect() to the server
    edd1f0614510 NFS: More fixes for nfs_direct_write_reschedule_io()
    d4729af1c73c NFS: Use the correct commit info in nfs_join_page_group()
    1f49386d6779 NFS: More O_DIRECT accounting fixes for error paths
    4d98038e5bd9 NFS: Fix O_DIRECT locking issues
    f16fd0b11f0f NFS: Fix error handling for O_DIRECT write scheduling

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5d66067b39e7f9d442d44d8025fe20a0fa7efba7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb  |  4 ++--
 .../recipes-kernel/linux/linux-yocto-tiny_6.1.bb |  4 ++--
 meta/recipes-kernel/linux/linux-yocto_6.1.bb     | 16 ++++++++--------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index a56addd4d5..ab6dbdb52d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -15,12 +15,12 @@ python () {
 }
 
 SRCREV_machine ?= "4b3040c1dc13aaac356ad4ef45a8926118c732d0"
-SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
+SRCREV_meta ?= "3b4113ce39d722191d1eb0e159976d653de4d2b2"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.1.55"
+LINUX_VERSION ?= "6.1.56"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index cb94d2d28e..29459fabed 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.1.inc
 
-LINUX_VERSION ?= "6.1.55"
+LINUX_VERSION ?= "6.1.56"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
+SRCREV_meta ?= "3b4113ce39d722191d1eb0e159976d653de4d2b2"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index ef451efea5..21e22c887e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -19,16 +19,16 @@ KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
 
 SRCREV_machine:qemuarm ?= "cf771f6d6bc0344e048bdbf7d23d3aacbe3556d0"
 SRCREV_machine:qemuarm64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemuloongarch64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuloongarch64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
 SRCREV_machine:qemumips ?= "4be1dcc270e6ddeea513af01d91ea3b48ec82470"
 SRCREV_machine:qemuppc ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemuriscv64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemuriscv32 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemux86 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemux86-64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
+SRCREV_machine:qemuriscv64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
+SRCREV_machine:qemuriscv32 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
+SRCREV_machine:qemux86 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
+SRCREV_machine:qemux86-64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
 SRCREV_machine:qemumips64 ?= "aa0e978c979b84d620ad21132cfdbbf857be3878"
-SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_meta ?= "943c6fe5dac329c7e1c30d602788f409e692b3a8"
+SRCREV_machine ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
+SRCREV_meta ?= "3b4113ce39d722191d1eb0e159976d653de4d2b2"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
@@ -43,7 +43,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.55"
+LINUX_VERSION ?= "6.1.56"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
2.34.1

[OE-core][mickledore 10/24] linux-yocto/6.1: tiny: fix arm 32 boot

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Integrating the following commit(s) to linux-yocto/.:

    0816d0a6984 qemuarma15: add ARM_PATCH_PHYS_VIRT

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 732d1ee4bc824cb52fab4327601efdb1558b6d9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_6.1.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index ab6dbdb52d..bd782d1b09 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -15,7 +15,7 @@ python () {
 }
 
 SRCREV_machine ?= "4b3040c1dc13aaac356ad4ef45a8926118c732d0"
-SRCREV_meta ?= "3b4113ce39d722191d1eb0e159976d653de4d2b2"
+SRCREV_meta ?= "0816d0a6984e2abbbc5aef9db16391a97b7c9850"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index 29459fabed..11d87d23a7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_meta ?= "3b4113ce39d722191d1eb0e159976d653de4d2b2"
+SRCREV_meta ?= "0816d0a6984e2abbbc5aef9db16391a97b7c9850"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index 21e22c887e..03cecb2da1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -28,7 +28,7 @@ SRCREV_machine:qemux86 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
 SRCREV_machine:qemux86-64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
 SRCREV_machine:qemumips64 ?= "aa0e978c979b84d620ad21132cfdbbf857be3878"
 SRCREV_machine ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_meta ?= "3b4113ce39d722191d1eb0e159976d653de4d2b2"
+SRCREV_meta ?= "0816d0a6984e2abbbc5aef9db16391a97b7c9850"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
-- 
2.34.1

[OE-core][mickledore 11/24] linux-yocto/6.1: update to v6.1.57

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    082280fe94a0 Linux 6.1.57
    a4cc925e2e12 xen/events: replace evtchn_rwlock with RCU
    a4fcf8a242c6 ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh()
    6e4c40aa270b btrfs: file_remove_privs needs an exclusive lock in direct io write
    ff81d1c77d08 netlink: remove the flex array from struct nlmsghdr
    6cd57f5c7795 btrfs: fix fscrypt name leak after failure to join log transaction
    6d05a1a7a484 btrfs: fix an error handling path in btrfs_rename()
    5aaa45025f9f vrf: Fix lockdep splat in output path
    fd32f1eee6c0 ipv6: remove nexthop_fib6_nh_bh()
    edeccce85cbe parisc: Restore __ldcw_align for PA-RISC 2.0 processors
    8226ffc759ea ksmbd: fix uaf in smb20_oplock_break_ack
    a2ca5fd3dbcc ksmbd: fix race condition between session lookup and expire
    64301a935462 x86/sev: Use the GHCB protocol when available for SNP CPUID requests
    76b6a980e85f RDMA/mlx5: Fix NULL string error
    26eb1307c704 RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
    5cf38e638e5d RDMA/siw: Fix connection failure handling
    2b298f918158 RDMA/srp: Do not call scsi_done() from srp_abort()
    c54204d7960f RDMA/uverbs: Fix typo of sizeof argument
    233229fa577a RDMA/cma: Fix truncation compilation warning in make_cma_ports
    39f701870114 RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
    52b0bb7139c9 gpio: pxa: disable pinctrl calls for MMP_GPIO
    d09e467491b2 gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
    7e47a8419da6 IB/mlx4: Fix the size of a buffer in add_port_entries()
    315ae630502c of: dynamic: Fix potential memory leak in of_changeset_action()
    9c480fb41aa4 RDMA/core: Require admin capabilities to set system parameters
    f60287b2d240 dm zoned: free dmz->ddev array in dmz_put_zoned_devices
    485f0bac83a6 parisc: Fix crash with nr_cpus=1 option
    c9c110ce3754 smb: use kernel_connect() and kernel_bind()
    ec02b892237d intel_idle: add Emerald Rapids Xeon support
    cdcc04e844a2 HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
    07c6338acb15 HID: sony: remove duplicate NULL check before calling usb_free_urb()
    40d609b6ad90 netlink: annotate data-races around sk->sk_err
    0915de8c6083 netlink: Fix potential skb memleak in netlink_ack
    1a6e2da05f37 netlink: split up copies in the ack construction
    220f0f866d69 sctp: update hb timer immediately after users change hb_interval
    63cb52e75fd1 sctp: update transport state when processing a dupcook packet
    419b2c5766fa tcp: fix delayed ACKs for MSS boundary condition
    4acf07bafb58 tcp: fix quick-ack counting to count actual ACKs of new data
    143e72757a90 tipc: fix a potential deadlock on &tx->lock
    f2697457ab73 net: stmmac: dwmac-stm32: fix resume on STM32 MCU
    da7fa17bd9ac ipv4: Set offload_failed flag in fibmatch results
    56a6ea76dd9b netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
    7ff9a9857b8b netfilter: nf_tables: Deduplicate nft_register_obj audit logs
    e1bbe4afe1a3 selftests: netfilter: Extend nft_audit.sh
    82273f15e3db selftests: netfilter: Test nf_tables audit logging
    00d35e6b1672 netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
    6e1dbbf29031 ibmveth: Remove condition to recompute TCP header checksum.
    2428c557cd62 net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns()
    7562780e32b8 net: nfc: llcp: Add lock when modifying device list
    9ffc5018020f net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
    7f042041360e ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling
    a003d4994088 net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
    6a91ec7cfd0e ptp: ocp: Fix error handling in ptp_ocp_device_init
    f6a7182179c0 ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
    a8ed1b2e1674 neighbour: fix data-races around n->output
    2b76aad68b30 neighbour: switch to standard rcu, instead of rcu_bh
    0526933c1005 neighbour: annotate lockless accesses to n->nud_state
    8904d8848b31 bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
    f82aac816287 net: fix possible store tearing in neigh_periodic_work()
    8ef7f9acbe8e modpost: add missing else to the "of" check
    b8f97e47b6fb bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
    c024db960301 bpf, sockmap: Do not inc copied_seq when PEEK flag set
    46052a98854a bpf: tcp_read_skb needs to pop skb regardless of seq
    99fe9a120729 NFSv4: Fix a nfs4_state_manager() race
    23acd1784eb5 ima: rework CONFIG_IMA dependency block
    6c5d7f541693 scsi: target: core: Fix deadlock due to recursive locking
    f23c35f0686c ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
    937ec4434e0a regulator/core: regulator_register: set device->class earlier
    fbac416e25ef iommu/mediatek: Fix share pgtable for iova over 4GB
    183e0f9da6af perf/x86/amd: Do not WARN() on every IRQ
    2f4e16e39e4f wifi: mac80211: fix potential key use-after-free
    89192c6cbe0f regmap: rbtree: Fix wrong register marked as in-cache when creating new node
    e485a69d9b44 perf/x86/amd/core: Fix overflow reset on hotplug
    6150d4596861 wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
    b9eded289bea drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
    6bfc4c7043c8 Bluetooth: ISO: Fix handling of listen for unicast
    c201d944bc38 Bluetooth: Delete unused hci_req_prepare_suspend() declaration
    b46384a681a8 regulator: mt6358: split ops for buck and linear range LDO regulators
    a01576f58b19 regulator: mt6358: Use linear voltage helpers for single range regulators
    c6ac402567e4 regulator: mt6358: Drop *_SSHUB regulators
    163042a01544 bpf: Fix tr dereferencing
    c14c7214fc68 leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
    6b706286473d wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
    42970d32fe1e wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
    c797498e860e wifi: cfg80211: fix cqm_config access race
    3fcc6d7d5f40 wifi: cfg80211: add a work abstraction with special semantics
    2ae4585f740a wifi: cfg80211: move wowlan disable under locks
    fb195ff4183a wifi: cfg80211: hold wiphy lock in auto-disconnect
    6b3223449c95 wifi: iwlwifi: mvm: Fix a memory corruption issue
    78b5c62edeea wifi: iwlwifi: dbg_ini: fix structure packing
    6a5a8f0a9740 erofs: fix memory leak of LZMA global compressed deduplication
    91aeb418b917 ubi: Refuse attaching if mtd's erasesize is 0
    f237b17611fa HID: sony: Fix a potential memory leak in sony_probe()
    6e3ae2927b43 arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
    0a4ae2634801 arm64: Add Cortex-A520 CPU part definition
    d2894c4f473a drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
    c8bd3e12b329 drm/amd: Fix detection of _PR3 on the PCIe root port
    fc8d9630c80b net: prevent rewrite of msg_name in sock_sendmsg()
    34f9370ae444 net: replace calls to sock->ops->connect() with kernel_connect()
    2dfb5f324d79 PCI: qcom: Fix IPQ8074 enumeration
    ebf2d9a7822b md/raid5: release batch_last before waiting for another stripe_head
    c404d39e7749 wifi: mwifiex: Fix tlv_buf_left calculation
    794ae3a9f8fe Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
    626535077ba9 Bluetooth: hci_codec: Fix leaking content of local_codecs
    01afbfb39585 qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
    454bb54b8fe8 mptcp: userspace pm allow creating id 0 subflow
    4674e9626beb net: ethernet: mediatek: disable irq before schedule napi
    3a72decd6b49 vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
    c12ef025add7 iommu/vt-d: Avoid memory allocation in iommu_suspend()
    cdf18e75850f scsi: zfcp: Fix a double put in zfcp_port_enqueue()
    ef167cc1882f i40e: fix the wrong PTP frequency calculation
    a0829d9cf22e hwmon: (nzxt-smart2) add another USB ID
    6ddb9e6b9b6a hwmon: (nzxt-smart2) Add device id
    752ec2d93e75 block: fix use-after-free of q->q_usage_counter
    77d0e7e8e582 rbd: take header_rwsem in rbd_dev_refresh() only when updating
    698039a461a3 rbd: decouple parent info read-in from updating rbd_dev
    377d26174e1d rbd: decouple header read-in from updating rbd_dev->header
    33ecf5f5a876 rbd: move rbd_dev_refresh() definition
    ff09fa5f23aa iommu/arm-smmu-v3: Avoid constructing invalid range commands
    357ba59b9d3b iommu/arm-smmu-v3: Set TTL invalidation hint better
    71472872932b drm/amd/display: Adjust the MST resume flow
    b0fe37867455 arm64: cpufeature: Fix CLRBHB and BC detection
    b6912642746d net: release reference to inet6_dev pointer
    bad004c384b7 net: change accept_ra_min_rtr_lft to affect all RA lifetimes
    ec4162bb7018 net: add sysctl accept_ra_min_rtr_lft
    9d91134c165f arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
    dd8c8369305d Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
    ef54db5b5df7 btrfs: use struct fscrypt_str instead of struct qstr
    68ad364ec8dd btrfs: setup qstr from dentrys using fscrypt helper
    1cf474cd474b btrfs: use struct qstr instead of name and namelen pairs
    87efd87d3624 ring-buffer: Fix bytes info in per_cpu buffer stats
    62eed43e0390 ring-buffer: remove obsolete comment for free_buffer_page()
    836adaddc60c mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
    d1da921452b3 mm/page_alloc: leave IRQs enabled for per-cpu page allocations
    570786ac6f04 mm/page_alloc: always remove pages from temporary list
    939189aedfac mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified
    ce9f3441fc6a mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
    dc0a8466cd11 mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()
    6c2c728d299f mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
    6d6635749d4c mm/memory: add vm_normal_folio()
    89f2ace6d016 NFSv4: Fix a state manager thread deadlock regression
    80ba4fd1ac33 NFS: rename nfs_client_kset to nfs_kset
    15ff58702361 NFS: Cleanup unused rpc_clnt variable
    2f09a09d73cb ata: libata-scsi: Fix delayed scsi_rescan_device() execution
    f2b359e3a4f3 scsi: Do not attempt to rescan suspended devices
    5d3b0fcb3ca6 scsi: core: Improve type safety of scsi_rescan_device()
    deacabef6834 scsi: sd: Do not issue commands to suspended disks on shutdown
    8de6d8449ae9 scsi: sd: Differentiate system and runtime start/stop management
    dc3354c961ba ata,scsi: do not issue START STOP UNIT on resume
    078651647064 mptcp: process pending subflow error on close
    fc8917b79069 mptcp: move __mptcp_error_report in protocol.c
    c1432ece79e6 mptcp: annotate lockless accesses to sk->sk_err
    09b6fdf7a12e mptcp: fix dangling connection hang-up
    7544918e48e6 mptcp: rename timer related helper to less confusing names
    bbdfef76096d ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
    5f9d73761553 ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
    1031f68108ea spi: zynqmp-gqspi: fix clock imbalance on probe failure

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5e4241c9d5fee655f08e5e5ed82aa7bf24e2701a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_6.1.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.1.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.1.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
index bd782d1b09..edb7995c7d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "4b3040c1dc13aaac356ad4ef45a8926118c732d0"
-SRCREV_meta ?= "0816d0a6984e2abbbc5aef9db16391a97b7c9850"
+SRCREV_machine ?= "a3ae026c0673c043e1fd3374e488a78b29249534"
+SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.1.56"
+LINUX_VERSION ?= "6.1.57"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
index 11d87d23a7..67c2781fd4 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.1.inc
 
-LINUX_VERSION ?= "6.1.56"
+LINUX_VERSION ?= "6.1.57"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_meta ?= "0816d0a6984e2abbbc5aef9db16391a97b7c9850"
+SRCREV_machine ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
index 03cecb2da1..ef4de9ffcf 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb
@@ -17,25 +17,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.1/standard/base"
 KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "cf771f6d6bc0344e048bdbf7d23d3aacbe3556d0"
-SRCREV_machine:qemuarm64 ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemuloongarch64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_machine:qemumips ?= "4be1dcc270e6ddeea513af01d91ea3b48ec82470"
-SRCREV_machine:qemuppc ?= "644e73fa089ade30c0db7bd54be960be92546ba2"
-SRCREV_machine:qemuriscv64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_machine:qemuriscv32 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_machine:qemux86 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_machine:qemux86-64 ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_machine:qemumips64 ?= "aa0e978c979b84d620ad21132cfdbbf857be3878"
-SRCREV_machine ?= "f21f9d92e463bcfa7e64887f14676225144ed8d1"
-SRCREV_meta ?= "0816d0a6984e2abbbc5aef9db16391a97b7c9850"
+SRCREV_machine:qemuarm ?= "0ef61a389975a4019142c5f1e6608e6cc0a0df29"
+SRCREV_machine:qemuarm64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemuloongarch64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemumips ?= "d15ee28355bed16d59dd7d56259d2132e5c1c4ad"
+SRCREV_machine:qemuppc ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemuriscv64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemuriscv32 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemux86 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemux86-64 ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_machine:qemumips64 ?= "e740b68e38e55ca342ab3b70fa2f965c5a86758b"
+SRCREV_machine ?= "8a449d3428e673be0bdb504dadb666b4ad7208e3"
+SRCREV_meta ?= "8aa5efbc5e5361efc8b11c5aec9b967085613a0b"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "d23900f974e0fb995b36ef47283a5aa74ca25f51"
+SRCREV_machine:class-devupstream ?= "082280fe94a09462c727fb6e7b0c982efb36dede"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.1/base"
 
@@ -43,7 +43,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.1.56"
+LINUX_VERSION ?= "6.1.57"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
-- 
2.34.1

[OE-core][mickledore 12/24] cve-exclusion_6.1.inc: update for 6.1.57

[Steve Sakoman]

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index b6b9ca00d4..d172261886 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-30 07:26:16.988526+00:00 for version 6.1.55
+# Generated at 2023-10-18 21:33:08.698393+00:00 for version 6.1.57
 
 python check_kernel_cve_status_version() {
-    this_version = "6.1.55"
+    this_version = "6.1.57"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
-- 
2.34.1

[OE-core][mickledore 13/24] vim: Upgrade 9.0.2009 -> 9.0.2048

[Steve Sakoman]

From: Siddharth Doshi <sdoshi@mvista.com>

This includes CVE fix for CVE-2023-5535.

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5e06866692..58025828f2 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".2009"
-SRCREV = "54844857fd6933fa4f6678e47610c4b9c9f7a091"
+PV .= ".2048"
+SRCREV = "982ef16059bd163a77271107020defde0740bbd6"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
-- 
2.34.1

[OE-core][mickledore 14/24] uboot-extlinux-config.bbclass: fix missed override syntax migration

[Steve Sakoman]

From: Quentin Schulz <quentin.schulz@theobroma-systems.com>

uboot-extlinux-config allows to specify multiple "labels" (entries in a
menu, à-la grub) and each of them have their own values for some fields.
Each "base" variable, e.g. UBOOT_EXTLINUX_FDT can be overridden for each
label. This is done via the OVERRIDES mechanism based on the label name,
e.g. UBOOT_EXTLINUX_FDT:linux if linux is a label.

However, OVERRIDES doesn't contain the label globally because it's only
necessary in one task. Therefore, the OVERRIDES itself is modified
within the task. This means that the sigdata will not be told the
dependency on UBOOT_EXTLINUX_FDT:linux, because it cannot know about it.

For this reason, we need to explicitly specify which variables this task
depends on via vardeps varflag for the task.

This was done in the past, but we missed updating it during the override
syntax migration so the cache wouldn't get invalidated if someone
modifies UBOOT_EXTLINUX_FDT:linux from a configuration file or a
bbappend for example.

Let's fix this by migrating it to the new syntax.

Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4dd9d873508128adbbf5ff6cf0a3df3d2ffbcf6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/uboot-extlinux-config.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes-recipe/uboot-extlinux-config.bbclass b/meta/classes-recipe/uboot-extlinux-config.bbclass
index 653e583663..2f5c665f97 100644
--- a/meta/classes-recipe/uboot-extlinux-config.bbclass
+++ b/meta/classes-recipe/uboot-extlinux-config.bbclass
@@ -152,7 +152,7 @@ python do_create_extlinux_config() {
         bb.fatal('Unable to open %s' % (cfile))
 }
 UBOOT_EXTLINUX_VARS = "CONSOLE MENU_DESCRIPTION ROOT KERNEL_IMAGE FDTDIR FDT KERNEL_ARGS INITRD"
-do_create_extlinux_config[vardeps] += "${@' '.join(['UBOOT_EXTLINUX_%s_%s' % (v, l) for v in d.getVar('UBOOT_EXTLINUX_VARS').split() for l in d.getVar('UBOOT_EXTLINUX_LABELS').split()])}"
+do_create_extlinux_config[vardeps] += "${@' '.join(['UBOOT_EXTLINUX_%s:%s' % (v, l) for v in d.getVar('UBOOT_EXTLINUX_VARS').split() for l in d.getVar('UBOOT_EXTLINUX_LABELS').split()])}"
 do_create_extlinux_config[vardepsexclude] += "OVERRIDES"
 
 addtask create_extlinux_config before do_install do_deploy after do_compile
-- 
2.34.1

[OE-core][mickledore 15/24] shadow: fix patch Upstream-Status

[Steve Sakoman]

From: Michael Opdenacker <michael.opdenacker@bootlin.com>

Replace "Accepted" by "Backport" as specified on
https://docs.yoctoproject.org/migration-guides/migration-3.2.html#miscellaneous-changes

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 945f1106de1fc1b08921e05aa0f871092c2c116d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../shadow/files/0001-Fix-can-not-print-full-login.patch        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
index 37ba5f3dc2..89f9c05c8d 100644
--- a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
+++ b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch
@@ -7,7 +7,7 @@ Date:   Tue Dec 27 17:40:17 2022 +0530
     Login timed out message prints only first few bytes when write is immediately followed by exit.
     Calling exit from new handler provides enough time to display full message.
 
-Upstream-Status: Accepted [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c]
 
 diff --git a/src/login.c b/src/login.c
 index 116e2cb3..c55f4de0 100644
-- 
2.34.1

[OE-core][mickledore 16/24] libevent: fix patch Upstream-Status

[Steve Sakoman]

From: Michael Opdenacker <michael.opdenacker@bootlin.com>

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8c987afb2054f24d9bf86305774c186a6e015a8f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...test-retriable-tests-are-marked-failed-only-when-all-a.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch b/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
index ea17e876ea..26b707ad31 100644
--- a/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
+++ b/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
@@ -6,7 +6,7 @@ Subject: [PATCH] test: retriable tests are marked failed only when all
 
 Fixes: #1193
 
-Upstream-Status: Accepted
+Upstream-Status: Backport [https://github.com/libevent/libevent/commit/3daebf308a01b4b2d3fb867be3d6631f7b5a2dbb]
 
 Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
 ---
-- 
2.34.1

[OE-core][mickledore 17/24] fontcache.bbclass: avoid native recipes depending on target fontconfig

[Steve Sakoman]

From: Martin Jansa <martin.jansa@gmail.com>

* this caused liberation-font-native to depend on TUNE_PKGARCH target fontconfig
  because ${MLPREFIX}fontconfig-utils is added to RDEPENDS in anonymous python

* the dependency tree for liberation-font-native got much shorter
  (just quilt-native and liberation-font-native itself):
   2 after/pn-buildlist
  78 before/pn-buildlist

* fixes graphviz-native signature issue as well as detected with sstate-diff-machines.sh

  $ bitbake-diffsigs \
    sstate-after/mako/x86_64-linux/graphviz-native/8.1.0.do_populate_sysroot.sigdata.184d4fd355f1e7a2d7d929ef4b5f62b94e2071df9dd674b2067ec21bfc7bcc1b \
    sstate-after/qemux86-64/x86_64-linux/graphviz-native/8.1.0.do_populate_sysroot.sigdata.35da674d2dbc275bac02869dfce4165466315023910bdef65a6026e2cb942a46
  Hash for task dependency liberation-fonts-native:do_populate_sysroot changed from 310d3da04ad9abf8ee99997e53d1ffa71c2b7d9d60fb0e8de85171a9ab6a77d3 to 048420ad1410c2b8d95498fc3c11681207335a2c722836f1f3e683cc449814da

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 998d4da9d89aea77dc0f2cbac60ea64258331756)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/fontcache.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes-recipe/fontcache.bbclass b/meta/classes-recipe/fontcache.bbclass
index 0d496b72dd..6f4978369d 100644
--- a/meta/classes-recipe/fontcache.bbclass
+++ b/meta/classes-recipe/fontcache.bbclass
@@ -13,6 +13,7 @@ PACKAGE_WRITE_DEPS += "qemu-native"
 inherit qemu
 
 FONT_PACKAGES ??= "${PN}"
+FONT_PACKAGES:class-native = ""
 FONT_EXTRA_RDEPENDS ?= "${MLPREFIX}fontconfig-utils"
 FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig"
 FONTCONFIG_CACHE_PARAMS ?= "-v"
-- 
2.34.1

[OE-core][mickledore 18/24] insane.bbclass: Count raw bytes in shebang-size

[Steve Sakoman]

From: Jan Garcia <j@n-garcia.com>

Operating systems limit the shebang to a maximum number of bytes.
This patch makes the shebang-size check count raw bytes instead of UTF-8 characters.

Signed-off-by: Jan Garcia <j@n-garcia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d4ac66c5cdaf971fb717cc5c5bf9aa51a787d412)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-global/insane.bbclass | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/classes-global/insane.bbclass b/meta/classes-global/insane.bbclass
index ee34d5208d..e3a7d05ec3 100644
--- a/meta/classes-global/insane.bbclass
+++ b/meta/classes-global/insane.bbclass
@@ -94,9 +94,8 @@ def package_qa_check_shebang_size(path, name, d, elf, messages):
         return
 
     if stanza.startswith(b'#!'):
-        #Shebang not found
         try:
-            stanza = stanza.decode("utf-8")
+            stanza.decode("utf-8")
         except UnicodeDecodeError:
             #If it is not a text file, it is not a script
             return
-- 
2.34.1

[OE-core][mickledore 19/24] oeqa/selftest: Fix broken symlink removal handling

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The test above this removal correctly looks at symlinks however to
remove a symlink we should call unlink(), not remove(). This avoids
some build failures/tracebacks.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dbdb6e73b0f52bc5f9429aca47802d51edbbc834)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/context.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/context.py b/meta/lib/oeqa/selftest/context.py
index 39325f4b72..3fb357f8eb 100644
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -427,7 +427,7 @@ class OESelftestTestContextExecutor(OETestContextExecutor):
             output_link = os.path.join(os.path.dirname(args.output_log),
                     "%s-results.log" % self.name)
             if os.path.lexists(output_link):
-                os.remove(output_link)
+                os.unlink(output_link)
             os.symlink(args.output_log, output_link)
 
         return rc
-- 
2.34.1

[OE-core][mickledore 20/24] oeqa/utils/gitarchive: Handle broken commit counts in results repo

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The test results repository contains tags like:

master/64501-g65c94ca3196e5ef3344a469fea8e30444f2e967a/0
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/3
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/2
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/1
master/1-g65c94ca3196e5ef3344a469fea8e30444f2e967a/0

where the commit count is correct in one case and not in the others. This causes
assertion errors in the current code.

Add in some code to work around these historical issues where the commit counts are low.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d51fc5c8c469730885af7bbde7122032de411d89)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/utils/gitarchive.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/utils/gitarchive.py b/meta/lib/oeqa/utils/gitarchive.py
index 73beafecb5..6046f183d5 100644
--- a/meta/lib/oeqa/utils/gitarchive.py
+++ b/meta/lib/oeqa/utils/gitarchive.py
@@ -221,7 +221,15 @@ def get_test_revs(log, repo, tag_name, **kwargs):
         if not commit in revs:
             revs[commit] = TestedRev(commit, commit_num, [tag])
         else:
-            assert commit_num == revs[commit].commit_number, "Commit numbers do not match"
+            if commit_num != revs[commit].commit_number:
+                # Historically we have incorrect commit counts of '1' in the repo so fix these up
+                if int(revs[commit].commit_number) < 5:
+                    tags = revs[commit].tags
+                    revs[commit] = TestedRev(commit, commit_num, [tags])
+                elif int(commit_num) < 5:
+                    pass
+                else:
+                    sys.exit("Commit numbers for commit %s don't match (%s vs %s)" % (commit, commit_num, revs[commit].commit_number))
             revs[commit].tags.append(tag)
 
     # Return in sorted table
-- 
2.34.1

[OE-core][mickledore 21/24] wic: bootimg-partition: Fix file name in debug message

[Steve Sakoman]

From: Daniel Semkowicz <dse@thaumatec.com>

Debug message about using custom configuration file includes file name
with incorrect extension. Correct file name to "extlinux.conf".

Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd63e1520454b2d53a48b72eaae126059af9809b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/wic/plugins/source/bootimg-partition.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/wic/plugins/source/bootimg-partition.py b/scripts/lib/wic/plugins/source/bootimg-partition.py
index 8956162205..58f6da72c3 100644
--- a/scripts/lib/wic/plugins/source/bootimg-partition.py
+++ b/scripts/lib/wic/plugins/source/bootimg-partition.py
@@ -112,7 +112,7 @@ class BootimgPartitionPlugin(SourcePlugin):
                 # Use a custom configuration for extlinux.conf
                 extlinux_conf = custom_cfg
                 logger.debug("Using custom configuration file "
-                             "%s for extlinux.cfg", configfile)
+                             "%s for extlinux.conf", configfile)
             else:
                 raise WicError("configfile is specified but failed to "
                                "get it from %s." % configfile)
-- 
2.34.1

[OE-core][mickledore 22/24] oeqa/concurrencytest: Remove invalid buffering option

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Fix warnings from oe-selftest -j:

/usr/lib/python3.10/os.py:1030: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
  return io.open(fd, mode, buffering, encoding, *args, **kwargs)

Remove the option since it clearly doesn't do much.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b872ee72942951fd464c4c6cb9eadcb9b4749c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/core/utils/concurrencytest.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/core/utils/concurrencytest.py b/meta/lib/oeqa/core/utils/concurrencytest.py
index 4f77589b00..3ac5a6dd7c 100644
--- a/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -263,7 +263,7 @@ def fork_for_tests(concurrency_num, suite):
             ourpid = os.getpid()
             try:
                 newbuilddir = None
-                stream = os.fdopen(c2pwrite, 'wb', 1)
+                stream = os.fdopen(c2pwrite, 'wb')
                 os.close(c2pread)
 
                 (builddir, newbuilddir) = suite.setupfunc("-st-" + str(ourpid), selftestdir, process_suite)
@@ -308,7 +308,7 @@ def fork_for_tests(concurrency_num, suite):
             os._exit(0)
         else:
             os.close(c2pwrite)
-            stream = os.fdopen(c2pread, 'rb', 1)
+            stream = os.fdopen(c2pread, 'rb')
             # Collect stdout/stderr into an io buffer
             output = io.BytesIO()
             testserver = ProtocolTestCase(stream, passthrough=output)
-- 
2.34.1

[OE-core][mickledore 23/24] packages.bbclass: Correct the check for conflicts with renamed packages

[Steve Sakoman]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

The original solution replaced all overrides with the package name that
was being checked. This can have unforseen consequences where some
variable involved in defining the value for the PKG:<package> variable
may rely on some override which is not set as expected. It also meant
that any PKG variable set using an override would not be caught, e.g.,
PKG:${PN}:${MACHINE} = "${PN}-dev" (made up example that would always
fail with the old code).

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit de62d538dbfe6caf123ff366643f893077175583)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-global/package.bbclass | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/meta/classes-global/package.bbclass b/meta/classes-global/package.bbclass
index e8055a9cdc..08eb56dc3d 100644
--- a/meta/classes-global/package.bbclass
+++ b/meta/classes-global/package.bbclass
@@ -499,11 +499,9 @@ python do_package () {
     # Check for conflict between renamed packages and existing ones
     # for each package in PACKAGES, check if it will be renamed to an existing one
     for p in packages:
-        localdata = bb.data.createCopy(d)
-        localdata.setVar('OVERRIDES', p)
-        rename = localdata.getVar('PKG')
-        if (rename != None) and rename in packages:
-            bb.fatal('package "%s" is renamed to "%s" using PKG:%s, but package name already exists'%(p,rename,p))
+        rename = d.getVar('PKG:%s' % p)
+        if rename and rename in packages:
+            bb.fatal('package "%s" is renamed to "%s" using PKG:%s, but package name already exists' % (p, rename, p))
 
     ###########################################################################
     # Optimisations
-- 
2.34.1

[OE-core][mickledore 24/24] busybox: Set PATH in syslog initscript

[Steve Sakoman]

From: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>

This script is not always called with /sbin and /usr/sbin in the PATH
already, for example when called via ssh. Explicitly set PATH to make
sure it includes /sbin and /usr/sbin since that's where start-stop-daemon
is located.

Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fa53f898eaba15dff030f9eadf86e5bca7d954fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/busybox/files/syslog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/busybox/files/syslog b/meta/recipes-core/busybox/files/syslog
index 2208613e8c..a4fea30ab7 100644
--- a/meta/recipes-core/busybox/files/syslog
+++ b/meta/recipes-core/busybox/files/syslog
@@ -10,6 +10,8 @@
 
 set -e
 
+PATH="/bin:/usr/bin:/sbin:/usr/sbin"
+
 if [ -f /etc/syslog-startup.conf ]; then
 	. /etc/syslog-startup.conf
 	LOG_LOCAL=0
-- 
2.34.1

[OE-core][mickledore 00/24] Patch review

[Steve Sakoman]

Please review this set of changes for mickledore and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5474

except for the meta-virtualization test, which failed due to the busybox
bug fix version update in this patch series.  A version update to a bbappend
recipe will be required and the maintainer has been notified.

The following changes since commit a24b257189e83ce4cd073acb3e31591d31dfa5b1:

  uninative: Upgrade to 4.0 to include latest gcc 13.1.1 (2023-06-08 16:22:12 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/mickledore-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/mickledore-nut

Alexander Kanavin (4):
  maintaines.inc: unassign Richard Weinberger from erofs-utils entry
  maintainers.inc: unassign Andreas Müller from itstool entry
  maintainers.inc: unassign Pascal Bach from cmake entry
  maintainers.inc: correct unassigned entries

Andrej Valek (1):
  busybox: 1.36.0 -> 1.36.1

Chen Qi (1):
  cmake.bbclass: do not search host paths for find_program()

Frieder Schrempf (1):
  psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox

Ian Ray (1):
  systemd-systemctl: support instance expansion in WantedBy

Kai Kang (1):
  pm-utils: fix multilib conflictions

Khem Raj (2):
  systemd: Drop a backport
  perf: Make built-in libtraceevent plugins cohabit with external
    libtraceevent

Marc Ferland (1):
  connman: fix warning by specifying runstatedir at configure time

Markus Volk (1):
  ell: upgrade 0.56 -> 0.57

Martin Jansa (6):
  libx11: remove unused patch and FILESEXTRAPATHS
  qemu: remove unused qemu-7.0.0-glibc-2.36.patch
  minicom: remove unused patch files
  inetutils: remove unused patch files
  libgloss: remove unused patch file
  kmod: remove unused ptest.patch

Mingli Yu (1):
  curl: fix CVE-2023-28319 through CVE-2023-28322

Natasha Bailey (1):
  tiff: backport a fix for CVE-2023-2731

Richard Purdie (1):
  selftest/license: Exclude from world

Tim Orling (1):
  openssl: upgrade 3.1.0 -> 3.1.1

Trevor Gamblin (1):
  bind: upgrade 9.18.13 -> 9.18.14

 .../license/incompatible-license-alias.bb     |   2 +
 .../license/incompatible-license.bb           |   2 +
 .../license/incompatible-licenses.bb          |   2 +
 .../license/incompatible-nonspdx-license.bb   |   2 +
 meta/classes-recipe/cmake.bbclass             |   1 -
 meta/conf/distro/include/maintainers.inc      |  16 +-
 meta/recipes-bsp/pm-utils/pm-utils_1.4.1.bb   |   5 +-
 ...1-avoid-start-failure-with-bind-user.patch |   0
 ...d-V-and-start-log-hide-build-options.patch |   0
 ...ching-for-json-headers-searches-sysr.patch |   0
 .../bind/{bind-9.18.13 => bind-9.18.14}/bind9 |   0
 .../{bind-9.18.13 => bind-9.18.14}/conf.patch |   0
 .../generate-rndc-key.sh                      |   0
 ...t.d-add-support-for-read-only-rootfs.patch |   0
 .../make-etc-initd-bind-stop-work.patch       |   0
 .../named.service                             |   0
 .../bind/{bind_9.18.13.bb => bind_9.18.14.bb} |   2 +-
 meta/recipes-connectivity/connman/connman.inc |   1 +
 ...-multiple-definitions-of-errcatch-an.patch |  58 ---
 .../inetutils/fix-buffer-fortify-tfpt.patch   |  25 -
 ...1-Configure-do-not-tweak-mips-cflags.patch |  19 +-
 .../openssl/openssl/CVE-2023-0464.patch       | 226 ---------
 .../{openssl_3.1.0.bb => openssl_3.1.1.bb}    |   3 +-
 ...ab_1.36.0.bb => busybox-inittab_1.36.1.bb} |   0
 .../{busybox_1.36.0.bb => busybox_1.36.1.bb}  |   2 +-
 .../ell/{ell_0.56.bb => ell_0.57.bb}          |   2 +-
 .../libgloss/fix_makefile_include_arm_h.patch |  30 --
 .../systemd/systemd-systemctl/systemctl       |   9 +-
 .../0007-Add-sys-stat.h-for-S_IFDIR.patch     |  29 --
 meta/recipes-core/systemd/systemd_253.1.bb    |   1 -
 .../qemu/qemu/qemu-7.0.0-glibc-2.36.patch     |  46 --
 ...erfluous-global-variable-definitions.patch |  35 --
 ...erfluous-global-variable-definitions.patch |  37 --
 ...erfluous-global-variable-definitions.patch |  42 --
 meta/recipes-extended/psmisc/psmisc.inc       |   2 +
 ...ak-in-XRegisterIMInstantiateCallback.patch |  57 ---
 .../recipes-graphics/xorg-lib/libx11_1.8.4.bb |   6 +-
 meta/recipes-kernel/kmod/kmod/ptest.patch     |  25 -
 meta/recipes-kernel/perf/perf.bb              |   6 +-
 .../libtiff/files/CVE-2023-2731.patch         |  39 ++
 meta/recipes-multimedia/libtiff/tiff_4.5.0.bb |   4 +-
 .../curl/curl/CVE-2023-28319.patch            |  38 ++
 .../curl/curl/CVE-2023-28320.patch            |  88 ++++
 .../curl/curl/CVE-2023-28321.patch            | 111 +++++
 .../curl/curl/CVE-2023-28322.patch            | 441 ++++++++++++++++++
 meta/recipes-support/curl/curl_8.0.1.bb       |   4 +
 46 files changed, 771 insertions(+), 647 deletions(-)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/0001-avoid-start-failure-with-bind-user.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/bind9 (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/conf.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/generate-rndc-key.sh (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/init.d-add-support-for-read-only-rootfs.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/make-etc-initd-bind-stop-work.patch (100%)
 rename meta/recipes-connectivity/bind/{bind-9.18.13 => bind-9.18.14}/named.service (100%)
 rename meta/recipes-connectivity/bind/{bind_9.18.13.bb => bind_9.18.14.bb} (97%)
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
 delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.1.0.bb => openssl_3.1.1.bb} (98%)
 rename meta/recipes-core/busybox/{busybox-inittab_1.36.0.bb => busybox-inittab_1.36.1.bb} (100%)
 rename meta/recipes-core/busybox/{busybox_1.36.0.bb => busybox_1.36.1.bb} (96%)
 rename meta/recipes-core/ell/{ell_0.56.bb => ell_0.57.bb} (89%)
 delete mode 100644 meta/recipes-core/newlib/libgloss/fix_makefile_include_arm_h.patch
 delete mode 100644 meta/recipes-core/systemd/systemd/0007-Add-sys-stat.h-for-S_IFDIR.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/qemu-7.0.0-glibc-2.36.patch
 delete mode 100644 meta/recipes-extended/minicom/minicom/0001-Drop-superfluous-global-variable-definitions.patch
 delete mode 100644 meta/recipes-extended/minicom/minicom/0002-Drop-superfluous-global-variable-definitions.patch
 delete mode 100644 meta/recipes-extended/minicom/minicom/0003-Drop-superfluous-global-variable-definitions.patch
 delete mode 100644 meta/recipes-graphics/xorg-lib/libx11/0001-fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
 delete mode 100644 meta/recipes-kernel/kmod/kmod/ptest.patch
 create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28319.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28321.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28322.patch

-- 
2.34.1