[OE-core][dunfell 00/11] Patch review

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2031

except for a known autobuilder intermittent issue on qemuppc which passed on
subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/63/builds/3261

The following changes since commit d044d9c0cb672c499059eb273e399ce4aee17e0d:

  image,populate_sdk_base: move 'func' flag setting for sdk command vars (2021-04-02 04:21:56 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (3):
  selftest/reproducible: enable world reproducibility test
  selftest/reproducible: add an exclusion list for items that are not
    yet reproducible
  selftest/reproducible: track unusued entries in the exclusion list

Guillaume Champagne (1):
  image-live.bbclass: optional depends when ROOTFS empty

Mike Crowe (1):
  curl: Patch CVE-2021-22876 & CVE-2021-22890

Peter Morrow (2):
  goarch: map target os to windows for mingw* TARGET_OS
  go_1.14: don't set -buildmode=pie when building for windows targets

Richard Purdie (3):
  selftest/reproducible: Sort the unused exclusion list
  diffoscope: Upgrade 136 -> 168
  diffoscope: Upgrade 168 -> 172

Steve Sakoman (1):
  selftest/reproducible: adjust exclusion list for dunfell

 meta/classes/go.bbclass                       |   8 +-
 meta/classes/goarch.bbclass                   |   2 +
 meta/classes/image-live.bbclass               |   2 +-
 meta/lib/oeqa/selftest/cases/reproducible.py  |  80 ++-
 meta/recipes-devtools/go/go_1.14.bb           |   8 +-
 .../curl/curl/CVE-2021-22876.patch            |  59 +++
 .../curl/curl/CVE-2021-22890.patch            | 464 ++++++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   2 +
 .../{diffoscope_136.bb => diffoscope_172.bb}  |  15 +-
 9 files changed, 620 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22876.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22890.patch
 rename meta/recipes-support/diffoscope/{diffoscope_136.bb => diffoscope_172.bb} (46%)

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3112

The following changes since commit da3bd5e0934b6462ae53225a58305235849b32d5:

  asciidoc: properly detect and compare Python versions >= 3.10 (2022-01-09 06:49:29 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Akash Hadke (1):
  glibc: Add fix for data races in pthread_create and TLS access

Alexander Kanavin (1):
  parselogs: add a couple systemd false positives

Anuj Mittal (1):
  xserver-xorg: update CVE_PRODUCT

Konrad Weihmann (1):
  cve-check: add lockfile to task

Mingli Yu (1):
  wic: use shutil.which

Ricardo Ribalda Delgado (1):
  wic: misc: Do not find for executables in ASSUME_PROVIDED

Richard Purdie (1):
  expat: Update HOMEPAGE to current url

Ross Burton (2):
  cve-update-db-native: use fetch task
  xserver-xorg: whitelist two CVEs

Steve Sakoman (2):
  valgrind: skip flakey ptest (gdbserver_tests/hginfo)
  oeqa/selftest/cases/tinfoil.py: increase timeout 60->120s
    test_wait_event

 meta/classes/cve-check.bbclass                |   3 +-
 meta/lib/oeqa/runtime/cases/parselogs.py      |   2 +
 meta/lib/oeqa/selftest/cases/tinfoil.py       |   4 +-
 meta/recipes-core/expat/expat_2.2.9.bb        |   2 +-
 ...ate-slotinfo-to-avoid-use-after-free.patch |  66 +++++
 ...hread_create-and-TLS-access-BZ-19329.patch | 191 ++++++++++++
 ...d-atomics-for-racy-accesses-BZ-19329.patch | 206 +++++++++++++
 .../0033-elf-Add-test-case-for-BZ-19329.patch | 144 +++++++++
 ...elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch | 180 ++++++++++++
 ...-lazy-relocation-of-tlsdesc-BZ-27137.patch |  56 ++++
 ...-lazy-relocation-of-tlsdesc-BZ-27137.patch | 124 ++++++++
 ...ock-between-pthread_create-and-ctors.patch | 276 ++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.31.bb         |   8 +
 .../recipes-core/meta/cve-update-db-native.bb |   9 +-
 .../valgrind/valgrind/remove-for-aarch64      |   1 +
 .../valgrind/valgrind/remove-for-all          |   1 +
 .../xorg-xserver/xserver-xorg.inc             |  10 +-
 scripts/lib/wic/engine.py                     |   6 +-
 scripts/lib/wic/misc.py                       |  16 +-
 scripts/wic                                   |   4 +-
 20 files changed, 1292 insertions(+), 17 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0033-elf-Add-test-case-for-BZ-19329.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch
 create mode 100644 meta/recipes-core/glibc/glibc/0037-Avoid-deadlock-between-pthread_create-and-ctors.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3141

The following changes since commit 01f256bc72fb45c80b6a6c77506bc4c375965a3a:

  glibc: Add fix for data races in pthread_create and TLS access (2022-01-12 04:37:31 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Bruce Ashfield (5):
  linux-yocto/5.4: update to v5.4.169
  linux-yocto/5.4: update to v5.4.170
  linux-yocto/5.4: update to v5.4.171
  linux-yocto/5.4: update to v5.4.172
  kernel: introduce python3-dtschema-wrapper

Kai Kang (1):
  speex: fix CVE-2020-23903

Marek Vasut (1):
  Revert "weston: Use systemd notify,"

Richard Purdie (1):
  lttng-tools: Add missing DEPENDS on bison-native

Steve Sakoman (3):
  expat fix CVE-2022-22822 through CVE-2022-22827
  expat: fix CVE-2021-45960
  expat: fix CVE-2021-46143

 meta/conf/distro/include/maintainers.inc      |   1 +
 .../expat/expat/CVE-2021-45960.patch          |  65 +++++
 .../expat/expat/CVE-2021-46143.patch          |  43 +++
 .../expat/expat/CVE-2022-22822-27.patch       | 257 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   3 +
 .../wayland/weston-init/weston-start          |  12 -
 .../wayland/weston-init/weston@.service       |   6 -
 .../weston/systemd-notify.weston-start        |   9 -
 .../wayland/weston/xwayland.weston-start      |   3 +-
 meta/recipes-graphics/wayland/weston_8.0.0.bb |   6 -
 .../python3-dtschema-wrapper/dt-doc-validate  |  20 ++
 .../dtc/python3-dtschema-wrapper/dt-mk-schema |  20 ++
 .../dtc/python3-dtschema-wrapper/dt-validate  |  20 ++
 .../dtc/python3-dtschema-wrapper_2021.10.bb   |  17 ++
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../lttng/lttng-tools_2.11.5.bb               |   2 +-
 .../speex/speex/CVE-2020-23903.patch          |  30 ++
 meta/recipes-multimedia/speex/speex_1.2.0.bb  |   4 +-
 20 files changed, 500 insertions(+), 54 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2021-45960.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2021-46143.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-22822-27.patch
 delete mode 100644 meta/recipes-graphics/wayland/weston/systemd-notify.weston-start
 create mode 100644 meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate
 create mode 100644 meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema
 create mode 100644 meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate
 create mode 100644 meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb
 create mode 100644 meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3537

with the exception of a known issue with meta-intel due to the zlib CVE fix, see:

https://lists.openembedded.org/g/openembedded-core/message/163793

The intent is to fix meta-intel after this patch set is merged to dunfell.

The following changes since commit aa762b7ca2417b80dd114a4ab263d69074912f82:

  tzdata: update to 2022a (2022-04-04 04:22:32 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexandre Belloni (1):
  pseudo: Fix handling of absolute links

Martin Jansa (1):
  license_image.bbclass: close package.manifest file

Peter Kjellerstedt (1):
  metadata_scm.bbclass: Use immediate expansion for the METADATA_*
    variables

Ralph Siemsen (3):
  gzip: fix CVE-2022-1271
  xz: fix CVE-2022-1271
  apt: add -fno-strict-aliasing to CXXFLAGS to fix SHA256 bug

Richard Purdie (4):
  vim: Upgrade 8.2.4524 -> 8.2.4681
  git: Ignore CVE-2022-24975
  pseudo: Add patch to workaround paths with crazy lengths
  libxshmfence: Correct LICENSE to HPND

Ross Burton (1):
  zlib: backport the fix for CVE-2018-25032

 .../recipeutils/recipeutils-test_1.2.bb       |   2 +-
 meta/classes/license_image.bbclass            |   4 +-
 meta/classes/metadata_scm.bbclass             |  10 +-
 .../zlib/zlib/CVE-2018-25032.patch            | 347 ++++++++++++++++++
 meta/recipes-core/zlib/zlib_1.2.11.bb         |   1 +
 meta/recipes-devtools/apt/apt.inc             |   4 +
 meta/recipes-devtools/git/git.inc             |   5 +
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   2 +-
 .../gzip/gzip-1.10/CVE-2022-1271.patch        |  45 +++
 meta/recipes-extended/gzip/gzip_1.10.bb       |   1 +
 .../xz/xz/CVE-2022-1271.patch                 |  96 +++++
 meta/recipes-extended/xz/xz_5.2.4.bb          |   4 +-
 .../xorg-lib/libxshmfence_1.3.bb              |   2 +-
 meta/recipes-support/vim/vim.inc              |   6 +-
 14 files changed, 515 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
 create mode 100644 meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2022-1271.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3738

The following changes since commit add860e1a69f848097bbc511137a62d5746e5019:

  oeqa/selftest/cve_check: add tests for recipe and image reports (2022-05-24 04:31:18 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Dan Tran (1):
  ncurses: Fix CVE-2022-29458

Ernst Sjöstrand (2):
  cve-check: Add helper for symlink handling
  cve-check: Only include installed packages for rootfs manifest

Ranjitsinh Rathod (3):
  ruby: Upgrade ruby to 2.7.6 for security fix
  ruby: Whitelist CVE-2021-28966 as this affects Windows OS only
  libsdl2: Add fix for CVE-2021-33657

Richard Purdie (2):
  vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs
  cve-check: Allow warnings to be disabled

Riyaz (1):
  libxml2: Fix CVE-2022-29824 for libxml2

Virendra Thakur (1):
  ffmpeg: Fix for CVE-2022-1475

leimaohui (1):
  cve-check.bbclass: Added do_populate_sdk[recrdeptask].

 meta/classes/cve-check.bbclass                | 109 ++++--
 .../libxml2/CVE-2022-29824-dependent.patch    |  53 +++
 .../libxml/libxml2/CVE-2022-29824.patch       | 348 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |   2 +
 .../ncurses/files/CVE-2022-29458.patch        | 135 +++++++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |   1 +
 .../ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb}     |   8 +-
 .../libsdl2/libsdl2/CVE-2021-33657.patch      |  38 ++
 .../libsdl2/libsdl2_2.0.12.bb                 |   1 +
 .../ffmpeg/ffmpeg/CVE-2022-1475.patch         |  36 ++
 .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb |   1 +
 meta/recipes-support/vim/vim.inc              |   4 +-
 12 files changed, 694 insertions(+), 42 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2022-29824.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2022-29458.patch
 rename meta/recipes-devtools/ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb} (90%)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4058

The following changes since commit 73d2b640ad665f6ff3c4fbe8f5da4ef0dbb175f2:

  libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections (2022-07-28 06:26:48 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alex Kiernan (1):
  openssh: Add openssh-sftp-server to openssh RDEPENDS

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.208
  linux-yocto/5.4: update to v5.4.209

Hitendra Prajapati (2):
  grub2: Fix several security issue of integer underflow
  gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow

Jose Quaresma (1):
  gstreamer1.0: use the correct meson option for the capabilities

Khem Raj (1):
  libmodule-build-perl: Use env utility to find perl interpreter

Martin Jansa (1):
  libxml2: Port gentest.py to Python-3

Richard Purdie (1):
  insane: Fix buildpaths test to work with special devices

Ross Burton (1):
  cve_check: skip remote patches that haven't been fetched when
    searching for CVE tags

Steve Sakoman (1):
  selftest: skip virgl test on fedora 36

 meta/classes/insane.bbclass                   |   6 +-
 meta/lib/oe/cve_check.py                      |   5 +-
 meta/lib/oeqa/selftest/cases/runtime_test.py  |   2 +
 .../grub/files/CVE-2022-28733.patch           |  60 ++
 .../grub/files/CVE-2022-28734.patch           |  67 ++
 .../grub/files/CVE-2022-28736.patch           | 275 ++++++
 meta/recipes-bsp/grub/grub2.inc               |   3 +
 .../openssh/openssh_8.2p1.bb                  |   2 +-
 .../0001-Port-gentest.py-to-Python-3.patch    | 813 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |  11 +
 .../perl/libmodule-build-perl_0.4231.bb       |   1 +
 .../gdk-pixbuf/CVE-2021-46829.patch           |  61 ++
 .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb           |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../gstreamer/gstreamer1.0_1.16.3.bb          |   2 +-
 17 files changed, 1321 insertions(+), 24 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-28733.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-28734.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-28736.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Sunday.

This is the final patch set for the 3.1.19 release.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4098

The following changes since commit ac6ea1a96645d2a4dd54660256603f0b191bb4d3:

  gstreamer1.0: use the correct meson option for the capabilities (2022-08-10 05:04:10 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  linux-firmware: update 20220610 -> 20220708

Dmitry Baryshkov (1):
  linux-firwmare: restore WHENCE_CHKSUM variable

Hitendra Prajapati (3):
  qemu: CVE-2020-27821 heap buffer overflow in msix_table_mmio_write
  gnutls: CVE-2022-2509 Double free during gnutls_pkcs7_verify
  zlib: CVE-2022-37434 a heap-based buffer over-read

Ming Liu (1):
  rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}

Pascal Bach (1):
  bin_package: install into base_prefix

Randy MacLeod (1):
  vim: update from 9.0.0063 to 9.0.0115

Richard Purdie (2):
  vim: Upgrade 9.0.0021 -> 9.0.0063
  kernel-arch: Fix buildpaths leaking into external module compiles

Shruthi Ravichandran (1):
  initscripts: run umountnfs as a KILL script

 meta/classes/bin_package.bbclass              |   3 +-
 meta/classes/kernel-arch.bbclass              |   2 +-
 meta/classes/rootfs-postcommands.bbclass      |   2 +-
 .../initscripts/initscripts_1.0.bb            |   2 +-
 .../zlib/zlib/CVE-2022-37434.patch            |  44 +++
 meta/recipes-core/zlib/zlib_1.2.11.bb         |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2020-27821.patch            |  73 +++++
 ...20220610.bb => linux-firmware_20220708.bb} |  14 +-
 .../gnutls/gnutls/CVE-2022-2509.patch         | 282 ++++++++++++++++++
 meta/recipes-support/gnutls/gnutls_3.6.14.bb  |   1 +
 meta/recipes-support/vim/files/racefix.patch  |  33 --
 meta/recipes-support/vim/vim.inc              |  10 +-
 13 files changed, 418 insertions(+), 50 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2022-37434.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220610.bb => linux-firmware_20220708.bb} (98%)
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch
 delete mode 100644 meta/recipes-support/vim/files/racefix.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4469

The following changes since commit babcb7cd3bbefe9c0ea28e960e4fd6cefbc03cae:

  bluez5: add dbus to RDEPENDS (2022-11-04 07:52:01 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alex Kiernan (1):
  openssl: upgrade 1.1.1q to 1.1.1s

Hitendra Prajapati (1):
  bluez: CVE-2022-3637 A DoS exists in monitor/jlink.c

Martin Jansa (1):
  externalsrc.bbclass: fix git repo detection

Peter Kjellerstedt (1):
  externalsrc.bbclass: Remove a trailing slash from ${B}

Ross Burton (1):
  sanity: check for GNU tar specifically

Sundeep KOKKONDA (2):
  binutils: stable 2.34 branch updates
  glibc : stable 2.31 branch updates.

Sunil Kumar (1):
  go: Security Fix for CVE-2022-2879

Vivek Kumbhar (2):
  curl: fix CVE-2022-32221 POST following PUT
  qemu: fix CVE-2021-3638 ati-vga: inconsistent check in ati_2d_blt()
    may lead to out-of-bounds write

ciarancourtney (1):
  wic: swap partitions are not added to fstab

 meta/classes/externalsrc.bbclass              |   6 +-
 meta/classes/sanity.bbclass                   |   8 ++
 meta/recipes-connectivity/bluez5/bluez5.inc   |   1 +
 .../bluez5/bluez5/CVE-2022-3637.patch         |  39 ++++++
 .../{openssl_1.1.1q.bb => openssl_1.1.1s.bb}  |   2 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../glibc/glibc/CVE-2021-33574_1.patch        |  26 ++--
 .../binutils/binutils-2.34.inc                |   2 +-
 .../binutils/binutils/CVE-2020-16593.patch    |   4 +-
 .../binutils/binutils/CVE-2021-3549.patch     |  80 ++++++-------
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-2879.patch            | 111 ++++++++++++++++++
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2021-3638.patch             |  80 +++++++++++++
 .../curl/curl/CVE-2022-32221.patch            |  29 +++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 scripts/lib/wic/plugins/imager/direct.py      |   2 +-
 17 files changed, 329 insertions(+), 66 deletions(-)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/CVE-2022-3637.patch
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1q.bb => openssl_1.1.1s.bb} (98%)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-2879.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3638.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32221.patch

-- 
2.25.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5324

The following changes since commit 1bc254e7969f3d5470bacf9ad9f065d38b7b7fde:

  run-postinsts: Set dependency for ldconfig to avoid boot issues (2023-05-11 07:47:14 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alex Kiernan (1):
  pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE

Dmitry Baryshkov (1):
  linux-firmware: upgrade 20230210 -> 20230404

Hitendra Prajapati (2):
  git: fix CVE-2023-29007
  git: fix CVE-2023-25652

Khem Raj (1):
  perf: Depend on native setuptools3

Marek Vasut (1):
  cpio: Fix wrong CRC with ASCII CRC for large files

Martin Jansa (1):
  populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO
    override

Randolph Sapp (1):
  wic/bootimg-efi: if fixed-size is set then use that for mkdosfs

Siddharth (1):
  curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled

Steve Sakoman (1):
  selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky

Thomas Roos (1):
  oeqa/utils/metadata.py: Fix running oe-selftest running with no distro
    set

 meta/classes/populate_sdk_ext.bbclass         |   3 +-
 meta/classes/pypi.bbclass                     |   2 +
 meta/lib/oeqa/selftest/cases/runtime_test.py  |   6 +
 meta/lib/oeqa/utils/metadata.py               |   6 +-
 .../git/files/CVE-2023-25652.patch            |  94 +++++++++++
 .../git/files/CVE-2023-29007.patch            | 159 ++++++++++++++++++
 meta/recipes-devtools/git/git.inc             |   2 +
 ...g-CRC-with-ASCII-CRC-for-large-files.patch |  39 +++++
 meta/recipes-extended/cpio/cpio_2.13.bb       |   1 +
 ...20230210.bb => linux-firmware_20230404.bb} |   6 +-
 meta/recipes-kernel/perf/perf.bb              |   2 +-
 .../curl/curl/CVE-2023-27534-pre1.patch       |  51 ++++++
 .../curl/curl/CVE-2023-27534.patch            | 122 ++------------
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 scripts/lib/wic/plugins/source/bootimg-efi.py |   7 +
 15 files changed, 387 insertions(+), 114 deletions(-)
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-25652.patch
 create mode 100644 meta/recipes-devtools/git/files/CVE-2023-29007.patch
 create mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230210.bb => linux-firmware_20230404.bb} (99%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch

-- 
2.34.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5422

The following changes since commit e4b98a42970574296e0da06842691b9fc1ffc9a1:

  selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky (2023-05-20 06:02:24 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alex Kiernan (1):
  openssh: Move sshdgenkeys.service to sshd.socket

Ashish Sharma (1):
  golang: Fix CVE-2023-24539

Bruce Ashfield (5):
  linux-yocto/5.4: update to v5.4.238
  linux-yocto/5.4: update to v5.4.240
  linux-yocto/5.4: update to v5.4.241
  linux-yocto/5.4: update to v5.4.242
  linux-yocto/5.4: update to v5.4.243

Nikhil R (1):
  ffmpeg: Fix CVE-2022-48434

Vijay Anusuri (3):
  ghostscript: Fix CVE-2023-28879
  xserver-xorg: Security fix CVE-2023-0494 and CVE-2023-1393
  go: Security fix CVE-2023-24540

 .../openssh/openssh/sshd.socket               |   1 +
 .../openssh/openssh/sshd@.service             |   2 -
 meta/recipes-devtools/go/go-1.14.inc          |   2 +
 .../go/go-1.14/CVE-2023-24539.patch           |  60 ++++++++
 .../go/go-1.14/CVE-2023-24540.patch           |  90 ++++++++++++
 .../ghostscript/CVE-2023-28879.patch          |  54 +++++++
 .../ghostscript/ghostscript_9.52.bb           |   1 +
 .../xserver-xorg/CVE-2023-0494.patch          |  38 +++++
 .../xserver-xorg/CVE-2023-1393.patch          |  46 ++++++
 .../xorg-xserver/xserver-xorg_1.20.14.bb      |   2 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +--
 .../ffmpeg/ffmpeg/CVE-2022-48434.patch        | 136 ++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb |   1 +
 15 files changed, 449 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24539.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24540.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-28879.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-0494.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-1393.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch

-- 
2.34.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Thursday, October 12.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6026

The following changes since commit 9a800a2e2c2b14eab8c1f83cb4ac3b94a70dd23c:

  glibc: Fix CVE-2023-4911 "Looney Tunables" (2023-10-05 13:10:56 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (1):
  xdg-utils: Fix CVE-2022-4055

Julian Haller (2):
  dbus: Backport fix for CVE-2023-34969
  dbus: Add missing CVE_PRODUCT

Marek Vasut (2):
  busybox: Backport CVE-2022-48174 fix
  cpio: Replace fix wrong CRC with ASCII CRC for large files with
    upstream backport

Shinu Chandran (1):
  libpcre2 : Follow up fix CVE-2022-1586

Shubham Kulkarni (1):
  go: Update fix for CVE-2023-24538 & CVE-2023-39318

Sourav Pramanik (1):
  openssl: Upgrade 1.1.1v -> 1.1.1w

Vijay Anusuri (3):
  cups: Backport fix for CVE-2023-32360 and CVE-2023-4504
  gawk: backport Debian patch to fix CVE-2023-4156
  ghostscript: Backport fix CVE-2023-43115

 .../{openssl_1.1.1v.bb => openssl_1.1.1w.bb}  |   2 +-
 .../busybox/busybox/CVE-2022-48174.patch      |  82 +++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   1 +
 meta/recipes-core/dbus/dbus.inc               |   3 +
 .../dbus/dbus/CVE-2023-34969.patch            |  96 +++
 meta/recipes-devtools/go/go-1.14.inc          |   5 +-
 .../go/go-1.14/CVE-2023-24538-1.patch         |   4 +-
 .../go/go-1.14/CVE-2023-24538-2.patch         | 447 ++++++++++++-
 .../go/go-1.14/CVE-2023-24538_3.patch         | 393 ++++++++++++
 .../go/go-1.14/CVE-2023-24538_4.patch         | 497 +++++++++++++++
 .../go/go-1.14/CVE-2023-24538_5.patch         | 585 ++++++++++++++++++
 ...3-24538-3.patch => CVE-2023-24538_6.patch} | 175 +++++-
 .../go/go-1.14/CVE-2023-39318.patch           |  38 +-
 ...g-CRC-with-ASCII-CRC-for-large-files.patch |  39 --
 ...-calculation-of-CRC-in-copy-out-mode.patch |  58 ++
 ...appending-to-archives-bigger-than-2G.patch | 312 ++++++++++
 meta/recipes-extended/cpio/cpio_2.13.bb       |   3 +-
 meta/recipes-extended/cups/cups.inc           |   2 +
 .../cups/cups/CVE-2023-32360.patch            |  31 +
 .../cups/cups/CVE-2023-4504.patch             |  40 ++
 .../gawk/gawk/CVE-2023-4156.patch             |  28 +
 meta/recipes-extended/gawk/gawk_5.0.1.bb      |   1 +
 .../ghostscript/CVE-2023-43115.patch          |  62 ++
 .../ghostscript/ghostscript_9.52.bb           |   1 +
 .../xdg-utils/xdg-utils/CVE-2022-4055.patch   | 165 +++++
 .../xdg-utils/xdg-utils_1.1.3.bb              |   1 +
 .../libpcre2/CVE-2022-1586-regression.patch   |  30 +
 .../recipes-support/libpcre/libpcre2_10.34.bb |   1 +
 28 files changed, 3041 insertions(+), 61 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1v.bb => openssl_1.1.1w.bb} (98%)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-48174.patch
 create mode 100644 meta/recipes-core/dbus/dbus/CVE-2023-34969.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538_3.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538_4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24538_5.patch
 rename meta/recipes-devtools/go/go-1.14/{CVE-2023-24538-3.patch => CVE-2023-24538_6.patch} (53%)
 delete mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
 create mode 100644 meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
 create mode 100644 meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-32360.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch
 create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch
 create mode 100644 meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch
 create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch

-- 
2.34.1

[OE-core][dunfell 00/11] Patch review

[Steve Sakoman]

Please review this set of changes for dunfell and have comments back by
end of day Friday, December 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6293

The following changes since commit 0764da7e3f1d71eb390e5eb8a9aa1323c24d1c19:

  vim: use upstream generated .po files (2023-11-28 12:31:43 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ashish Sharma (1):
  mdadm: Backport fix for CVE-2023-28938

Bruce Ashfield (3):
  linux-yocto/5.4: update to v5.4.258
  linux-yocto/5.4: update to v5.4.260
  linux-yocto/5.4: update to v5.4.262

Lee Chee Yang (2):
  epiphany: fix CVE-2022-29536
  qemu: ignore CVE-2021-20295 CVE-2023-2680

Steve Sakoman (1):
  cve-exclusion_5.4.inc: update for 5.4.262

Tim Orling (1):
  vim: upgrade 9.0.2068 -> 9.0.2130

Vivek Kumbhar (1):
  libsndfile: fix CVE-2022-33065 Signed integer overflow in src/mat4.c

poojitha adireddy (2):
  binutils 2.34: Fix CVE-2021-46174
  binutils: Mark CVE-2022-47696 as patched

 .../binutils/binutils-2.34.inc                |  1 +
 .../binutils/binutils/CVE-2021-46174.patch    | 35 ++++++++
 .../binutils/binutils/CVE-2023-25588.patch    |  3 +
 meta/recipes-devtools/qemu/qemu.inc           |  7 ++
 .../mdadm/files/CVE-2023-28938.patch          | 80 +++++++++++++++++++
 meta/recipes-extended/mdadm/mdadm_4.1.bb      |  1 +
 .../recipes-gnome/epiphany/epiphany_3.34.4.bb |  1 +
 .../epiphany/files/CVE-2022-29536.patch       | 46 +++++++++++
 .../linux/cve-exclusion_5.4.inc               | 79 ++++++++++++++----
 .../linux/linux-yocto-rt_5.4.bb               |  6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 ++---
 .../libsndfile1/CVE-2022-33065.patch          | 46 +++++++++++
 .../libsndfile/libsndfile1_1.0.28.bb          |  3 +-
 meta/recipes-support/vim/vim.inc              |  4 +-
 15 files changed, 306 insertions(+), 36 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2021-46174.patch
 create mode 100644 meta/recipes-extended/mdadm/files/CVE-2023-28938.patch
 create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch

-- 
2.34.1

[OE-core][dunfell 01/11] binutils 2.34: Fix CVE-2021-46174

[Steve Sakoman]

From: poojitha adireddy <pooadire@cisco.com>

Upstream Repository: https://sourceware.org/git/binutils-gdb.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46174
Type: Security Fix
CVE: CVE-2021-46174
Score: 7.5
Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97

Signed-off-by: poojitha adireddy <pooadire@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.34.inc                |  1 +
 .../binutils/binutils/CVE-2021-46174.patch    | 35 +++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2021-46174.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc
index a9a2bf332f..371e8e9fa4 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -54,5 +54,6 @@ SRC_URI = "\
      file://0001-CVE-2021-45078.patch \
      file://CVE-2022-38533.patch \
      file://CVE-2023-25588.patch \
+     file://CVE-2021-46174.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2021-46174.patch b/meta/recipes-devtools/binutils/binutils/CVE-2021-46174.patch
new file mode 100644
index 0000000000..2addf5139e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2021-46174.patch
@@ -0,0 +1,35 @@
+From 46322722ad40ac1a75672ae0f62f4969195f1368 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 20 Jan 2022 13:58:38 +1030
+Subject: [PATCH] PR28753, buffer overflow in read_section_stabs_debugging_info
+
+	PR 28753
+	* rddbg.c (read_section_stabs_debugging_info): Don't read past
+	end of section when concatentating stab strings.
+
+CVE: CVE-2021-46174
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97]
+
+(cherry picked from commit 085b299b71721e15f5c5c5344dc3e4e4536dadba)
+(cherry picked from commit cad4d6b91e97b6962807d33c04ed7e7797788438)
+Signed-off-by: poojitha adireddy <pooadire@cisco.com>
+---
+ binutils/rddbg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/binutils/rddbg.c b/binutils/rddbg.c
+index 72e934055b5..5e76d94a3c4 100644
+--- a/binutils/rddbg.c
++++ b/binutils/rddbg.c
+@@ -207,7 +207,7 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
+ 		     an attempt to read the byte before 'strings' would occur.  */
+ 		  while ((len = strlen (s)) > 0
+ 			 && s[len  - 1] == '\\'
+-			 && stab + 12 < stabs + stabsize)
++			 && stab + 16 <= stabs + stabsize)
+ 		    {
+ 		      char *p;
+ 
+-- 
+2.23.1
+
-- 
2.34.1

[OE-core][dunfell 02/11] binutils: Mark CVE-2022-47696 as patched

[Steve Sakoman]

From: poojitha adireddy <pooadire@cisco.com>

CVE-2022-47696 and CVE-2023-25588 are representing similar kind
of vulnerability.

Reference:
https://ubuntu.com/security/CVE-2022-47696
https://sourceware.org/bugzilla/show_bug.cgi?id=29677

Signed-off-by: poojitha adireddy <pooadire@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch b/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
index 065d8e47f0..aa5ce5f3ff 100644
--- a/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2023-25588.patch
@@ -13,7 +13,10 @@ anyway, so get rid of them.  Also, simplify and correct sanity checks.
 ---
 Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
 CVE: CVE-2023-25588
+CVE: CVE-2022-47696
+
 Signed-off-by: Ashish Sharma <asharma@mvista.com>
+Signed-off-by: poojitha adireddy <pooadire@cisco.com>
 
  bfd/mach-o.c | 72 ++++++++++++++++++++++------------------------------
  1 file changed, 31 insertions(+), 41 deletions(-)
-- 
2.34.1

[OE-core][dunfell 03/11] mdadm: Backport fix for CVE-2023-28938

[Steve Sakoman]

From: Ashish Sharma <asharma@mvista.com>

Upstream-Status: Backport from [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
CVE: CVE-2023-28938
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../mdadm/files/CVE-2023-28938.patch          | 80 +++++++++++++++++++
 meta/recipes-extended/mdadm/mdadm_4.1.bb      |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-extended/mdadm/files/CVE-2023-28938.patch

diff --git a/meta/recipes-extended/mdadm/files/CVE-2023-28938.patch b/meta/recipes-extended/mdadm/files/CVE-2023-28938.patch
new file mode 100644
index 0000000000..1e2990d79a
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/CVE-2023-28938.patch
@@ -0,0 +1,80 @@
+From 7d374a1869d3a84971d027a7f4233878c8f25a62 Mon Sep 17 00:00:00 2001
+From: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Date: Tue, 27 Jul 2021 10:25:18 +0200
+Subject: Fix memory leak after "mdadm --detail"
+
+Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com>
+Signed-off-by: Jes Sorensen <jsorensen@fb.com>
+---
+Upstream-Status: Backport from [https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
+CVE: CVE-2023-28938
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+ 
+ Detail.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/Detail.c b/Detail.c
+index ad56344f..d3af0ab5 100644
+--- a/Detail.c
++++ b/Detail.c
+@@ -66,11 +66,11 @@ int Detail(char *dev, struct context *c)
+ 	int spares = 0;
+ 	struct stat stb;
+ 	int failed = 0;
+-	struct supertype *st;
++	struct supertype *st = NULL;
+ 	char *subarray = NULL;
+ 	int max_disks = MD_SB_DISKS; /* just a default */
+ 	struct mdinfo *info = NULL;
+-	struct mdinfo *sra;
++	struct mdinfo *sra = NULL;
+ 	struct mdinfo *subdev;
+ 	char *member = NULL;
+ 	char *container = NULL;
+@@ -93,8 +93,7 @@ int Detail(char *dev, struct context *c)
+ 	if (!sra) {
+ 		if (md_get_array_info(fd, &array)) {
+ 			pr_err("%s does not appear to be an md device\n", dev);
+-			close(fd);
+-			return rv;
++			goto out;
+ 		}
+ 	}
+ 	external = (sra != NULL && sra->array.major_version == -1 &&
+@@ -108,16 +107,13 @@ int Detail(char *dev, struct context *c)
+ 			    sra->devs == NULL) {
+ 				pr_err("Array associated with md device %s does not exist.\n",
+ 				       dev);
+-				close(fd);
+-				sysfs_free(sra);
+-				return rv;
++				goto out;
+ 			}
+ 			array = sra->array;
+ 		} else {
+ 			pr_err("cannot get array detail for %s: %s\n",
+ 			       dev, strerror(errno));
+-			close(fd);
+-			return rv;
++			goto out;
+ 		}
+ 	}
+ 
+@@ -827,10 +823,12 @@ out:
+ 	close(fd);
+ 	free(subarray);
+ 	free(avail);
+-	for (d = 0; d < n_devices; d++)
+-		free(devices[d]);
++	if (devices)
++		for (d = 0; d < n_devices; d++)
++			free(devices[d]);
+ 	free(devices);
+ 	sysfs_free(sra);
++	free(st);
+ 	return rv;
+ }
+ 
+-- 
+cgit 
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.1.bb b/meta/recipes-extended/mdadm/mdadm_4.1.bb
index 5238a41df2..ca326fd1cb 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.1.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
            file://include_sysmacros.patch \
            file://0001-mdadm-skip-test-11spare-migration.patch \
            file://CVE-2023-28736.patch \
+           file://CVE-2023-28938.patch \
            "
 
 SRC_URI[md5sum] = "51bf3651bd73a06c413a2f964f299598"
-- 
2.34.1

[OE-core][dunfell 04/11] libsndfile: fix CVE-2022-33065 Signed integer overflow in src/mat4.c

[Steve Sakoman]

From: Vivek Kumbhar <vkumbhar@mvista.com>

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsndfile1/CVE-2022-33065.patch          | 46 +++++++++++++++++++
 .../libsndfile/libsndfile1_1.0.28.bb          |  3 +-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch
new file mode 100644
index 0000000000..e22b4e9389
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch
@@ -0,0 +1,46 @@
+From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001
+From: Alex Stewart <alex.stewart@ni.com>
+Date: Tue, 10 Oct 2023 16:10:34 -0400
+Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
+
+The clang sanitizer warns of a possible signed integer overflow when
+calculating the `dataend` value in `mat4_read_header()`.
+
+```
+src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
+src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
+```
+
+Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
+`dataend` before performing the calculation, to avoid the issue.
+
+CVE: CVE-2022-33065
+Fixes: https://github.com/libsndfile/libsndfile/issues/789
+Fixes: https://github.com/libsndfile/libsndfile/issues/833
+
+Signed-off-by: Alex Stewart <alex.stewart@ni.com>
+
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c]
+CVE: CVE-2022-33065
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/mat4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mat4.c b/src/mat4.c
+index 3c73680..e2f98b7 100644
+--- a/src/mat4.c
++++ b/src/mat4.c
+@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
+				psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
+		}
+	else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
+-		psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
++		psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
+
+	psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
+
+--
+2.40.1
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 2525af8fe0..32b678ce90 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -22,7 +22,8 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
            file://CVE-2019-3832.patch \
            file://CVE-2021-3246_1.patch \
            file://CVE-2021-3246_2.patch \
-          "
+           file://CVE-2022-33065.patch \
+           "
 
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
 SRC_URI[sha256sum] = "1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9"
-- 
2.34.1

[OE-core][dunfell 05/11] epiphany: fix CVE-2022-29536

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../recipes-gnome/epiphany/epiphany_3.34.4.bb |  1 +
 .../epiphany/files/CVE-2022-29536.patch       | 46 +++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch

diff --git a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
index e2afb29c12..f43bfd6a67 100644
--- a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
@@ -16,6 +16,7 @@ REQUIRED_DISTRO_FEATURES = "x11 opengl"
 
 SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@gnome_verdir("${PV}")}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive \
            file://0002-help-meson.build-disable-the-use-of-yelp.patch \
+           file://CVE-2022-29536.patch \
            "
 SRC_URI[archive.md5sum] = "a559f164bb7d6cbeceb348648076830b"
 SRC_URI[archive.sha256sum] = "60e190fc07ec7e33472e60c7e633e04004f7e277a0ffc5e9cd413706881e598d"
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
new file mode 100644
index 0000000000..7b8adeafcc
--- /dev/null
+++ b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
@@ -0,0 +1,46 @@
+VE: CVE-2022-29536
+Upstream-Status: Backport [ https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 15 Apr 2022 18:09:46 -0500
+Subject: [PATCH] Fix memory corruption in ephy_string_shorten()
+
+This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228.
+
+I got my browser stuck in a crash loop today while visiting a website
+with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
+condition in which ephy_string_shorten() is ever used. Turns out this
+commit is wrong: an ellipses is a multibyte character (three bytes in
+UTF-8) and so we're writing past the end of the buffer when calling
+strcat() here. Ooops.
+
+Shame it took nearly four years to notice and correct this.
+
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106>
+---
+ lib/ephy-string.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ephy-string.c b/lib/ephy-string.c
+index 35a148ab32..8e524d52ca 100644
+--- a/lib/ephy-string.c
++++ b/lib/ephy-string.c
+@@ -114,11 +114,10 @@ ephy_string_shorten (char  *str,
+   /* create string */
+   bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
+ 
+-  /* +1 for ellipsis, +1 for trailing NUL */
+-  new_str = g_new (gchar, bytes + 1 + 1);
++  new_str = g_new (gchar, bytes + strlen ("…") + 1);
+ 
+   strncpy (new_str, str, bytes);
+-  strcat (new_str, "…");
++  strncpy (new_str + bytes, "…", strlen ("…") + 1);
+ 
+   g_free (str);
+ 
+-- 
+GitLab
+
-- 
2.34.1

[OE-core][dunfell 06/11] qemu: ignore CVE-2021-20295 CVE-2023-2680

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

Ignore RHEL specific CVE-2021-20295 CVE-2023-2680.

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index a24915c35c..9dd90e8789 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -166,6 +166,13 @@ CVE_CHECK_WHITELIST += "CVE-2020-27661"
 # this bug related to windows specific.
 CVE_CHECK_WHITELIST += "CVE-2023-0664"
 
+# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387
+# RHEL specific issue
+CVE_CHECK_WHITELIST += "CVE-2023-2680"
+
+# Affected only `qemu-kvm` shipped with Red Hat Enterprise Linux 8.3 release.
+CVE_CHECK_WHITELIST += "CVE-2021-20295"
+
 COMPATIBLE_HOST_mipsarchn32 = "null"
 COMPATIBLE_HOST_mipsarchn64 = "null"
 
-- 
2.34.1

[OE-core][dunfell 07/11] vim: upgrade 9.0.2068 -> 9.0.2130

[Steve Sakoman]

From: Tim Orling <ticotimo@gmail.com>

https://github.com/vim/vim/compare/v9.0.2068...v9.0.2130

CVE: CVE-2023-48231
CVE: CVE-2023-48232
CVE: CVE-2023-48233
CVE: CVE-2023-48234
CVE: CVE-2023-48235
CVE: CVE-2023-48236
CVE: CVE-2023-48237

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5978d565a9e700485fc563dfe2e3c0045dd74b59)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 0662822202..e6735d5881 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".2068"
-SRCREV = "9198c1f2b1ddecde22af918541e0de2a32f0f45a"
+PV .= ".2130"
+SRCREV = "075ad7047457debfeef13442c01e74088b461092"
 
 # Do not consider .z in x.y.z, as that is updated with every commit
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
-- 
2.34.1

[OE-core][dunfell 08/11] linux-yocto/5.4: update to v5.4.258

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    02f78c59a0ed Linux 5.4.258
    f70c285cf02c xen/events: replace evtchn_rwlock with RCU
    e2614ab16a7e ima: rework CONFIG_IMA dependency block
    b5c3bc4b8104 NFS: Fix a race in __nfs_list_for_each_server()
    f0ea421fa2f7 parisc: Restore __ldcw_align for PA-RISC 2.0 processors
    14e5d94d5c86 RDMA/mlx5: Fix NULL string error
    6e26812e289b RDMA/siw: Fix connection failure handling
    8ab1fb16dce0 RDMA/uverbs: Fix typo of sizeof argument
    26d48f7090b8 RDMA/cma: Fix truncation compilation warning in make_cma_ports
    f102dd8a1795 gpio: pxa: disable pinctrl calls for MMP_GPIO
    e38aceeadb4b gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
    8584ee20a56c IB/mlx4: Fix the size of a buffer in add_port_entries()
    35b689ee4b57 RDMA/core: Require admin capabilities to set system parameters
    1047ca5bae20 cpupower: add Makefile dependencies for install targets
    3c2f536c3d32 sctp: update hb timer immediately after users change hb_interval
    caf0c61f14e7 sctp: update transport state when processing a dupcook packet
    14fc22c92937 tcp: fix delayed ACKs for MSS boundary condition
    2791d64e6607 tcp: fix quick-ack counting to count actual ACKs of new data
    7fbce1e46b41 net: stmmac: dwmac-stm32: fix resume on STM32 MCU
    f110aa377ddc netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
    191d87a19cf1 net: nfc: llcp: Add lock when modifying device list
    310f1c92f65a net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
    899205521005 net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
    1fc793d68d50 ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
    95eabb075a59 net: fix possible store tearing in neigh_periodic_work()
    10a301c83a3d modpost: add missing else to the "of" check
    5e1c1bf53e5f NFSv4: Fix a nfs4_state_manager() race
    f90821f66727 NFS: Add a helper nfs_client_for_each_server()
    e2d4fc53e9f7 NFS4: Trace state recovery operation
    c87f66c43c1b scsi: target: core: Fix deadlock due to recursive locking
    8a1fa738b491 ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
    442e50393a29 regmap: rbtree: Fix wrong register marked as in-cache when creating new node
    52008a5e22ac wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
    31b27776905a drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
    b8e260654a29 wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
    1b67be400a96 wifi: iwlwifi: dbg_ini: fix structure packing
    c6d358387632 ubi: Refuse attaching if mtd's erasesize is 0
    b4ec10b962f7 net: prevent rewrite of msg_name in sock_sendmsg()
    53b700b41a06 net: replace calls to sock->ops->connect() with kernel_connect()
    3c4bfa7a56c8 wifi: mwifiex: Fix tlv_buf_left calculation
    2e608cede0ae qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
    810248a12999 scsi: zfcp: Fix a double put in zfcp_port_enqueue()
    e60272ab021c Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3"
    6e37de4a1407 rbd: take header_rwsem in rbd_dev_refresh() only when updating
    bc2a3044015f rbd: decouple parent info read-in from updating rbd_dev
    2e0114edeb47 rbd: decouple header read-in from updating rbd_dev->header
    32a59639c551 rbd: move rbd_dev_refresh() definition
    ff10b1fad581 fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
    43e5dc1ee2ea ata: libata-sata: increase PMP SRST timeout to 10s
    ac1aebd4e3b8 ata: libata-core: Do not register PM operations for SAS ports
    9313aab5f649 ata: libata-core: Fix port and device removal
    9207666f166c ata: libata-core: Fix ata_port_request_pm() locking
    d9483f5aecf4 net: thunderbolt: Fix TCPv6 GSO checksum calculation
    47062af85961 btrfs: properly report 0 avail for very full file systems
    cf221a7880ea ring-buffer: Update "shortest_full" in polling
    ec7b2e7b365c i2c: i801: unregister tco_pdev in i801_probe() error path
    a4ecd8562c0e ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
    ec1df5d37d59 ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
    193b5a1c6c67 nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
    bf3c728e3692 serial: 8250_port: Check IRQ data before use
    76ffbd900b6a Smack:- Use overlay inode label in smack_inode_copy_up()
    957a9916db5b smack: Retrieve transmuting information in smack_inode_getsecurity()
    c9ce9bab2301 smack: Record transmuting in smk_transmuted
    d037d8964fb8 i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
    2d78e2d3e31f i40e: always propagate error value in i40e_set_vsi_promisc()
    8ed4b5d710b0 i40e: improve locking of mac_filter_hash
    30055e020ab2 watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
    c54a392fc79e watchdog: iTCO_wdt: No need to stop the timer in probe
    d68c61092c3d nvme-pci: do not set the NUMA node of device if it has none
    283f24df8303 fbdev/sh7760fb: Depend on FB=y
    ee1f5c63e919 ncsi: Propagate carrier gain/loss events to the NCSI controller
    b42eac146247 powerpc/watchpoints: Annotate atomic context in more places
    723904ce853e bpf: Clarify error expectations from bpf_clone_redirect
    db4afbc6c1a1 spi: nxp-fspi: reset the FLSHxCR1 registers
    3502dd803138 ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
    05264d6551e1 ring-buffer: Avoid softlockup in ring_buffer_resize()
    1d28224d49f3 selftests/ftrace: Correctly enable event in instance-event.tc
    ded3551163fc parisc: irq: Make irq_stack_union static to avoid sparse warning
    a721e5788aca parisc: drivers: Fix sparse warning
    2569e0ceff8a parisc: iosapic.c: Fix sparse warnings
    f1a0dd9243f0 parisc: sba: Fix compile warning wrt list of SBA devices
    6db9cdfdc3c5 gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
    4a62d23eba66 xtensa: boot/lib: fix function prototypes
    e11fa78a3722 xtensa: boot: don't add include-dirs
    5ed83a0a3953 xtensa: iss/network: make functions static
    b821e6a8b2f5 xtensa: add default definition for XCHAL_HAVE_DIV32
    49dc6fcd4b6a bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
    841733189b2e ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
    3468fa39d898 clk: tegra: fix error return case for recalc_rate
    6938a6cbe651 MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
    5b0d13e2d9f6 ata: libata: disallow dev-initiated LPM transitions to unsupported states
    617a89ff55e3 drm/amd/display: prevent potential division by zero errors
    07b63a3dcfef drm/amd/display: Fix LFC multiplier changing erratically
    11e3f781f6e3 drm/amd/display: Reinstate LFC optimization
    a4628a5b98e4 scsi: qla2xxx: Fix deletion race condition
    0a51c838c58f scsi: qla2xxx: Fix update_fcport for current_topology
    ecdf4c658b6e Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
    0926a2b7cb60 i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
    e09db461f258 gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
    02a233986c9e netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
    812da2a08dc5 net: rds: Fix possible NULL-pointer dereference
    c5f6478686bb team: fix null-ptr-deref when team device type is changed
    ad8d39c7b437 net: bridge: use DEV_STATS_INC()
    121a7c474ce0 net: hns3: add 5ms delay before clear firmware reset irq source
    a6f4d582e25d dccp: fix dccp_v4_err()/dccp_v6_err() again
    16b88d7a1436 powerpc/perf/hv-24x7: Update domain value check
    810fd23d9715 ipv4: fix null-deref in ipv4_link_failure
    8f228c326d68 i40e: Fix VF VLAN offloading when port VLAN is configured
    8b835db2793a i40e: Fix warning message and call stack during rmmod i40e driver
    9cbec71a5721 i40e: Remove scheduling while atomic possibility
    0988fc499f67 i40e: Fix for persistent lldp support
    09475d647670 ASoC: imx-audmix: Fix return error with devm_clk_get()
    ca1d4e3c4dba selftests: tls: swap the TX and RX sockets in some tests
    b9eb384fd4fd selftests/tls: Add {} to avoid static checker warning
    40e34ea01748 bpf: Avoid deadlock when using queue and stack maps from NMI
    eec981349b03 netfilter: nf_tables: disallow element removal on anonymous sets
    d2a6844be5bd ASoC: meson: spdifin: start hw on dai probe
    0c908e159588 ext4: do not let fstrim block system suspend
    4db34feaf297 ext4: move setting of trimmed bit into ext4_try_to_trim_range()
    767a50bef2aa ext4: replace the traditional ternary conditional operator with with max()/min()
    2fd502f53bf4 ext4: mark group as trimmed only if it was fully scanned
    635901bdbd7e ext4: change s_last_trim_minblks type to unsigned long
    2d874151584d ext4: scope ret locally in ext4_try_to_trim_range()
    c71cb46affe9 ext4: add new helper interface ext4_try_to_trim_range()
    b0dcbd4bb957 ext4: remove the 'group' parameter of ext4_trim_extent
    bf0660756510 ata: libahci: clear pending interrupt status
    e6807c873d87 tracing: Increase trace array ref count on enable and filter files
    7d3f6612e90b SUNRPC: Mark the cred for revalidation if the server rejects it
    321c75b01cc8 NFS/pNFS: Report EINVAL errors from connect() to the server

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 148712b6f3..db63b82289 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "85315779726690bf22e615a8f5e2ab9f3ea8e580"
-SRCREV_meta ?= "3f4db4c1957e98a3da50908339aaee426e58fd13"
+SRCREV_machine ?= "5889ebdd98c208dba446c554bb4b0fadba04dde7"
+SRCREV_meta ?= "0bc097b782b9f41b41b31074cdbd86b8e7393209"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.257"
+LINUX_VERSION ?= "5.4.258"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 89fda1c71b..d418011bb5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.257"
+LINUX_VERSION ?= "5.4.258"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "dd581fe8efd97479b60c1169c77d2e9e37fdbd42"
-SRCREV_machine ?= "739b4ff36fdf4203e60448f252dd4afcd8871046"
-SRCREV_meta ?= "3f4db4c1957e98a3da50908339aaee426e58fd13"
+SRCREV_machine_qemuarm ?= "192f2b5c9064965f7b4cb56f6b779616674121e3"
+SRCREV_machine ?= "6a6a13be0a1d89370e5af25c9b8150e88dbc9c5e"
+SRCREV_meta ?= "0bc097b782b9f41b41b31074cdbd86b8e7393209"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index e10e542663..751a5bd47f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -13,16 +13,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "af8795f548930f376f648b3c38c96ea9adeca302"
-SRCREV_machine_qemuarm64 ?= "08b2d42ab0000a6f12d816c0828632c162f5173a"
-SRCREV_machine_qemumips ?= "37c8da56986328d9030015e1a80beaa90babab30"
-SRCREV_machine_qemuppc ?= "3cd238f6056560888f7f717c569ca4a1fe16ccc9"
-SRCREV_machine_qemuriscv64 ?= "aee8802f6fec35ea9b393707cc2adb4d433d93c8"
-SRCREV_machine_qemux86 ?= "aee8802f6fec35ea9b393707cc2adb4d433d93c8"
-SRCREV_machine_qemux86-64 ?= "aee8802f6fec35ea9b393707cc2adb4d433d93c8"
-SRCREV_machine_qemumips64 ?= "44fbd145164885c2ba73a8ddcb09fd6f3ab0d59c"
-SRCREV_machine ?= "aee8802f6fec35ea9b393707cc2adb4d433d93c8"
-SRCREV_meta ?= "3f4db4c1957e98a3da50908339aaee426e58fd13"
+SRCREV_machine_qemuarm ?= "02d0d86cd3148f12cccb7af027fb41d41b03c726"
+SRCREV_machine_qemuarm64 ?= "5880452e43a9cf56108492a627b85196ea10190b"
+SRCREV_machine_qemumips ?= "9754f47861b4a29b4c4577ce14b7fb44c81c521e"
+SRCREV_machine_qemuppc ?= "3e5d9bf09fb23b0acefe73c644de0028dd51fe42"
+SRCREV_machine_qemuriscv64 ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
+SRCREV_machine_qemux86 ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
+SRCREV_machine_qemux86-64 ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
+SRCREV_machine_qemumips64 ?= "98065f598767e0f92ed86f880795603df7a3a9d2"
+SRCREV_machine ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
+SRCREV_meta ?= "0bc097b782b9f41b41b31074cdbd86b8e7393209"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -31,7 +31,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.257"
+LINUX_VERSION ?= "5.4.258"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][dunfell 09/11] linux-yocto/5.4: update to v5.4.260

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    87e8e7a7aa1f Linux 5.4.260
    8b0ecf2167a0 tty: 8250: Add support for Intashield IS-100
    6dd5561b2385 tty: 8250: Add support for Brainboxes UP cards
    03145e0ff8ab tty: 8250: Add support for additional Brainboxes UC cards
    5a6471372f9b tty: 8250: Remove UC-257 and UC-431
    72f236b57f1c usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
    792a91fcd20d PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
    4b865e0d78a0 Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver"
    4e53bab11f01 nvmet-tcp: Fix a possible UAF in queue intialization setup
    2c9415ec8ea9 nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites
    784ef618b2cc remove the sx8 block driver
    a31f8222a74c ata: ahci: fix enum constants for gcc-13
    cc1afa62e231 net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
    7e429d1f3994 platform/mellanox: mlxbf-tmfifo: Fix a warning message
    5f4f58eac361 platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
    88d1aa03eb16 scsi: mpt3sas: Fix in error path
    b1f62e3ef90c fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
    fb02de64791c ASoC: rt5650: fix the wrong result of key button
    b6c09ff5eada netfilter: nfnetlink_log: silence bogus compiler warning
    6c23b6d308af spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
    788b308340ef fbdev: atyfb: only use ioremap_uc() on i386 and ia64
    848b9c688865 Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
    a0bf183db438 dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
    39ae053abbad irqchip/stm32-exti: add missing DT IRQ flag translation
    fbcd05a0dbda Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
    cda248f16924 x86: Fix .brk attribute in linker script
    01e6885b75e2 rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
    cff56d7a9274 rpmsg: glink: Release driver_override
    3d1478598057 rpmsg: Fix calling device_lock() on non-initialized device
    e70898ae1a42 rpmsg: Fix kfree() of static memory on setting driver_override
    0df5d801359e rpmsg: Constify local variable in field store macro
    063444d66f90 driver: platform: Add helper for safer setting of driver_override
    83ecffd40c65 ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
    66cfd4cf6ac8 ext4: avoid overlapping preallocations due to overflow
    1e0a5dec2638 ext4: add two helper functions extent_logical_end() and pa_logical_end()
    c2102ac1033f x86/mm: Fix RESERVE_BRK() for older binutils
    ced79d864bfd x86/mm: Simplify RESERVE_BRK()
    5fc242c11804 nfsd: lock_rename() needs both directories to live on the same fs
    e9a988cd4c8b f2fs: fix to do sanity check on inode type during garbage collection
    750de03de7e1 smbdirect: missing rc checks while waiting for rdma events
    5776aeee2a60 kobject: Fix slab-out-of-bounds in fill_kobj_path()
    0a45e0e5dd8d arm64: fix a concurrency issue in emulation_proc_handler()
    6ba2ffe3cb1c drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
    9d29933f36e1 x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
    1ed21b207ece i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
    f48670c3b089 clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name
    511f3e9bbb0a perf/core: Fix potential NULL deref
    8de78231cba9 nvmem: imx: correct nregs for i.MX6UL
    0b2c3a8601cc nvmem: imx: correct nregs for i.MX6SLL
    6063678df7fa nvmem: imx: correct nregs for i.MX6ULL
    12337d3e8819 i2c: aspeed: Fix i2c bus hang in slave read
    e3d8ef87a9b1 i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
    5764f6e546a9 i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
    a3b9bcedd7ad i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
    07ec3d952a4a i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
    519ff2d9fecf iio: exynos-adc: request second interupt only when touchscreen mode is used
    2bf9fbd13635 gtp: fix fragmentation needed check with gso
    2ab1b7ad5046 gtp: uapi: fix GTPA_MAX
    54ba3b8267b0 tcp: fix wrong RTO timeout when received SACK reneging
    29cb3f81bc71 r8152: Cancel hw_phy_work if we have an error in probe
    6124d0b100bf r8152: Run the unload routine if we have errors during probe
    1d3cb4aa9388 r8152: Increase USB control msg timeout to 5000ms as per spec
    2f8da9511607 net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show()
    ec885679fa9a igc: Fix ambiguity in the ethtool advertising
    3b098edafefa neighbour: fix various data-races
    418ca6e63e06 igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
    00ef4a7de62c treewide: Spelling fix in comment
    e44e78ff44e5 r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
    b9ba50fc18d7 r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
    a27c6bfc5287 virtio-mmio: fix memory leak of vm_dev
    8d394fcb0398 virtio_balloon: Fix endless deflation and inflation on arm64
    be84e96426ed mcb-lpc: Reallocate memory region to avoid memory overlapping
    3235094d55de mcb: Return actual parsed size when reading chameleon table
    fbe17a8be10a selftests/ftrace: Add new test case which checks non unique symbol
    4d057ca86eaa mtd: rawnand: marvell: Ensure program page operations are successful
    86ea40e6ad22 Linux 5.4.259
    c01ac092d97c xfrm6: fix inet6_dev refcount underflow problem
    b849a38e187d Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
    4d161e18b1c4 Bluetooth: hci_sock: fix slab oob read in create_monitor_event
    a0f0e43128f3 phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
    d1618b922347 phy: mapphone-mdm6600: Fix runtime PM for remove
    4db06513a0ee phy: mapphone-mdm6600: Fix runtime disable on probe
    083ff5b50cf8 ASoC: pxa: fix a memory leak in probe()
    27a17a259005 gpio: vf610: set value before the direction to avoid a glitch
    664aad86e5e8 s390/pci: fix iommu bitmap allocation
    7252c8b98185 perf: Disallow mis-matched inherited group reads
    32279bbbd811 USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
    1ff2a7fa0cc0 USB: serial: option: add entry for Sierra EM9191 with new firmware
    eb8f5e40cbe6 USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
    b43a412aa1ef ACPI: irq: Fix incorrect return value in acpi_register_gsi()
    3189d2d58728 Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
    690eb3772f97 mmc: core: Capture correct oemid-bits for eMMC cards
    894b678d865b mmc: core: sdio: hold retuning if sdio in 1-bit mode
    37ae7c493a07 mtd: physmap-core: Restore map_rom fallback
    de28fa53318e mtd: spinand: micron: correct bitmask for ecc status
    bd68f5068401 mtd: rawnand: qcom: Unmap the right resource upon probe failure
    a787e07755b6 Bluetooth: hci_event: Fix using memcmp when comparing keys
    897d6aee8fb4 HID: multitouch: Add required quirk for Synaptics 0xcd7e device
    9cae05233b44 btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
    693ecef54334 drm: panel-orientation-quirks: Add quirk for One Mix 2S
    4030effab831 sky2: Make sure there is at least one frag_addr available
    340bb4b71661 regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()"
    d7604e819aa6 wifi: cfg80211: avoid leaking stack data into trace
    139234011fde wifi: mac80211: allow transmitting EAPOL frames with tainted key
    b48595f5b1c6 Bluetooth: hci_core: Fix build warnings
    16e36cde2738 Bluetooth: Avoid redundant authentication
    fa83d852e987 HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
    981dfec995a6 tracing: relax trace_event_eval_update() execution with cond_resched()
    b5d9f34f38ba ata: libata-eh: Fix compilation warning in ata_eh_link_report()
    392f597eadd7 gpio: timberdale: Fix potential deadlock on &tgpio->lock
    91ae08dc3033 overlayfs: set ctime when setting mtime and atime
    01a4e9bc63b7 i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
    97cb55f41e2a btrfs: initialize start_slot in btrfs_log_prealloc_extents
    a055d9d4dd78 btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
    d65dbb2aa4f3 ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
    611c991b9e5f ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
    b2d0649c8edf ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
    8c0982fc4b72 ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
    0818716a9012 ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
    c6f7b3358640 ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
    b1f5f4720f52 ACPI: resource: Add ASUS model S5402ZA to quirks
    fdcd669371da ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    cd202a9f88f1 ACPI: resources: Add DMI-based legacy IRQ override quirk
    26b2bc9bdcde ACPI: Drop acpi_dev_irqresource_disabled()
    583913b1a667 resource: Add irqresource_disabled()
    d6878d39b675 net: pktgen: Fix interface flags printing
    cee9ea14c8c7 netfilter: nft_set_rbtree: .deactivate fails if element has expired
    863acae0b83a neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
    f34916502d91 net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
    b1ad377bbaf7 i40e: prevent crash on probe if hw registers have invalid values
    c813d17660f8 net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
    47419f2aefb3 ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
    00a251ea4507 tun: prevent negative ifindex
    8710dbe09e46 tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
    1ae2c7d44e7e tcp: fix excessive TLP and RACK timeouts from HZ rounding
    eb1a33195a30 net: rfkill: gpio: prevent value glitch during probe
    cd44e14573c4 net: ipv6: fix return value check in esp_remove_trailer
    03b88b7d2a13 net: ipv4: fix return value check in esp_remove_trailer
    0cb7b894e47b xfrm: interface: use DEV_STATS_INC()
    bcacdf4debe5 xfrm: fix a data-race in xfrm_gen_index()
    639e979a7d15 qed: fix LL2 RX buffer allocation
    1cb76fec3ed6 netfilter: nft_payload: fix wrong mac header matching
    6b2875b52746 KVM: x86: Mask LVTPC when handling a PMI
    1d434d83136e regmap: fix NULL deref on lookup
    76050b0cc5a7 nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
    80ce32ab9bee ice: fix over-shifted variable
    ec8f0d0fe6a7 Bluetooth: avoid memcmp() out of bounds warning
    1a00e3544b28 Bluetooth: hci_event: Fix coding style
    84598a339bf9 Bluetooth: vhci: Fix race when opening vhci device
    1769ac55dbf3 Bluetooth: Fix a refcnt underflow problem for hci_conn
    97ce8eca07c9 Bluetooth: Reject connection with the device which has same BD_ADDR
    6ce347833612 Bluetooth: hci_event: Ignore NULL link key
    6ad3e9fd3632 usb: hub: Guard against accesses to uninitialized BOS descriptors
    57e83c2445cd Documentation: sysctl: align cells in second content column
    947cd2fba15e dev_forward_skb: do not scrub skb mark within the same name space
    65d34cfd4e34 ravb: Fix use-after-free issue in ravb_tx_timeout_work()
    de6e271338c1 powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
    85ae11da8504 powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
    077fdae908e2 dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
    6ea15d9f7ac2 x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
    e7ca00f35d8a usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
    1e4414c3870e usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    2a433d325563 pinctrl: avoid unsafe code pattern in find_pinctrl()
    d5b11bd89377 cgroup: Remove duplicates in cgroup v1 tasks file
    1e59ebed9cf3 Input: xpad - add PXN V900 support
    8664fa7fbbbf Input: psmouse - fix fast_reconnect function for PS/2 mode
    5aa514100aaf Input: powermate - fix use-after-free in powermate_config_complete
    3cdce751b026 ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
    92cd1635c685 libceph: use kernel_connect()
    5704225cdd87 mcb: remove is_added flag from mcb_device struct
    2bf6c93e17c4 iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
    84af249e48c5 iio: pressure: dps310: Adjust Timeout Settings
    00cd9d9c12f4 iio: pressure: bmp280: Fix NULL pointer exception
    f4c11b2ea0f9 usb: musb: Modify the "HWVers" register address
    fc1ecea726ec usb: musb: Get the musb_qh poniter after musb_giveback
    c0fb0419c1ad usb: dwc3: Soft reset phy on probe for host
    7efac5b4c209 net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
    57942b0763cf usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
    e39710084664 dmaengine: stm32-mdma: abort resume if no ongoing transfer
    3345799c4f2e workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
    95733ea130e3 nfc: nci: assert requested protocol is valid
    7adcf014bda1 net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
    22ca282ea00b ixgbe: fix crash with empty VF macvlan list
    0cc6c070d926 drm/vmwgfx: fix typo of sizeof argument
    80a3c0068471 xen-netback: use default TX queue size for vifs
    332587dc7fed mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
    85c2857ef900 ieee802154: ca8210: Fix a potential UAF in ca8210_probe
    daff72af3ff1 ravb: Fix up dma_free_coherent() call in ravb_remove()
    d3d2aecc1ffe drm/msm/dsi: skip the wait for video mode done if not applicable
    a0c24f802da7 drm: etvnaviv: fix bad backport leading to warning
    907a380eb3a1 net: prevent address rewrite in kernel_bind()
    061a18239ced quota: Fix slow quotaoff
    cd0e2bf7fb22 HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
    8e39b5fb834f pwm: hibvt: Explicitly set .polarity in .get_state()
    c4eff809d622 lib/test_meminit: fix off-by-one error in test_pages()
    ffdd8f56a46b RDMA/cxgb4: Check skb value for failure to allocate

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index db63b82289..92913d3ddb 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "5889ebdd98c208dba446c554bb4b0fadba04dde7"
-SRCREV_meta ?= "0bc097b782b9f41b41b31074cdbd86b8e7393209"
+SRCREV_machine ?= "e14c8b01bbec8630c1f30e037d6e0226851369cc"
+SRCREV_meta ?= "26bb76ebda0b545f3580f3c01e471f3357deb9d3"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.258"
+LINUX_VERSION ?= "5.4.260"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index d418011bb5..f193a5990f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.258"
+LINUX_VERSION ?= "5.4.260"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "192f2b5c9064965f7b4cb56f6b779616674121e3"
-SRCREV_machine ?= "6a6a13be0a1d89370e5af25c9b8150e88dbc9c5e"
-SRCREV_meta ?= "0bc097b782b9f41b41b31074cdbd86b8e7393209"
+SRCREV_machine_qemuarm ?= "7a685407c99004f8f3574c8528d6988f68477fdc"
+SRCREV_machine ?= "29ed7a00fd34f83e07e08d662009bb982f26d2af"
+SRCREV_meta ?= "26bb76ebda0b545f3580f3c01e471f3357deb9d3"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 751a5bd47f..4affa99404 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -13,16 +13,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "02d0d86cd3148f12cccb7af027fb41d41b03c726"
-SRCREV_machine_qemuarm64 ?= "5880452e43a9cf56108492a627b85196ea10190b"
-SRCREV_machine_qemumips ?= "9754f47861b4a29b4c4577ce14b7fb44c81c521e"
-SRCREV_machine_qemuppc ?= "3e5d9bf09fb23b0acefe73c644de0028dd51fe42"
-SRCREV_machine_qemuriscv64 ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
-SRCREV_machine_qemux86 ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
-SRCREV_machine_qemux86-64 ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
-SRCREV_machine_qemumips64 ?= "98065f598767e0f92ed86f880795603df7a3a9d2"
-SRCREV_machine ?= "d55e21e23f5d099d7c8ad58d5c2b6302c02ef9f0"
-SRCREV_meta ?= "0bc097b782b9f41b41b31074cdbd86b8e7393209"
+SRCREV_machine_qemuarm ?= "c414b2cca9023975041723ebeeae7a7a1a9169e4"
+SRCREV_machine_qemuarm64 ?= "102ea8999fae670974ae712724612b47aff915ff"
+SRCREV_machine_qemumips ?= "fe3aac3a3f5be178a8ba293c89eec0ffb845f3b6"
+SRCREV_machine_qemuppc ?= "93642912bcad365bbc9d55c6afc2253c3290063d"
+SRCREV_machine_qemuriscv64 ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
+SRCREV_machine_qemux86 ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
+SRCREV_machine_qemux86-64 ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
+SRCREV_machine_qemumips64 ?= "a9d34f8519781762993c7cc36464f632d96989c9"
+SRCREV_machine ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
+SRCREV_meta ?= "26bb76ebda0b545f3580f3c01e471f3357deb9d3"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -31,7 +31,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.258"
+LINUX_VERSION ?= "5.4.260"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][dunfell 10/11] linux-yocto/5.4: update to v5.4.262

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating  to the latest korg -stable release that comprises
the following commits:

    8e221b47173d Linux 5.4.262
    b053223b7cf4 netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4)
    c35df8b8c572 netfilter: nf_tables: disable toggling dormant table state more than once
    e10f661adc55 netfilter: nf_tables: fix table flag updates
    46c2947fcd71 netfilter: nftables: update table flags from the commit phase
    b09e6ccf0d12 netfilter: nf_tables: double hook unregistration in netns path
    b05a24cc453e netfilter: nf_tables: unregister flowtable hooks on netns exit
    a995a68e8a3b netfilter: nf_tables: fix memleak when more than 255 elements expired
    b95d7af657a8 netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
    61a7b3de20e2 netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
    03caf75da105 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
    021d734c7eaa netfilter: nf_tables: defer gc run if previous batch is still pending
    38ed6a5f836f netfilter: nf_tables: use correct lock to protect gc_list
    4b6346dc1edf netfilter: nf_tables: GC transaction race with abort path
    b76dcf466223 netfilter: nf_tables: GC transaction race with netns dismantle
    29ff9b8efb84 netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
    1398a0eee290 netfilter: nf_tables: remove busy mark and gc batch API
    85520a1f1d87 netfilter: nft_set_hash: mark set element as dead when deleting from packet path
    c357648929c8 netfilter: nf_tables: adapt set backend to use GC transaction API
    bbdb3b65aa91 netfilter: nf_tables: GC transaction API to avoid race with control plane
    1da4874d05da netfilter: nf_tables: don't skip expired elements during walk
    acaee227cf79 netfilter: nft_set_rbtree: fix overlap expiration walk
    899aa5638568 netfilter: nft_set_rbtree: fix null deref on element insertion
    181859bdfb97 netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
    3c7ec098e3b5 netfilter: nf_tables: drop map element references from preparation phase
    6b880f3b2c04 netfilter: nftables: rename set element data activation/deactivation functions
    e1eed9e0b5e8 netfilter: nf_tables: pass context to nft_set_destroy()
    961c4511c757 tracing: Have trace_event_file have ref counters
    7676a41d90c5 drm/amdgpu: fix error handling in amdgpu_bo_list_get()
    36383005f1db ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
    e95f74653dff ext4: correct the start block of counting reserved clusters
    1fbfdcc3d65e ext4: correct return value of ext4_convert_meta_bg
    dfdfd3f21830 ext4: correct offset of gdb backup in non meta_bg group to update_backups
    85c12e80c474 ext4: apply umask if ACL support is disabled
    d2aed8814f02 Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
    b9e5f633b35d nfsd: fix file memleak on client_opens_release
    339d7d40d3dc media: venus: hfi: add checks to handle capabilities from firmware
    cab97cdd409a media: venus: hfi: fix the check to handle session buffer requirement
    5d39d0c1f43f media: venus: hfi_parser: Add check to keep the number of codecs within range
    497b12d47cc6 media: sharp: fix sharp encoding
    92d8a0478fb3 media: lirc: drop trailing space from scancode transmit
    cac054d10324 i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
    b132e462363f net: dsa: lan9303: consequently nested-lock physical MDIO
    229738d71702 Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
    4074957ec6bb Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
    356a2ee5fc36 Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
    afe92b66a5d8 bluetooth: Add device 13d3:3571 to device tables
    dc073a2626d3 bluetooth: Add device 0bda:887b to device tables
    75d26f7f6118 Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
    323710a6b4c6 Bluetooth: btusb: add Realtek 8822CE to usb_device_id table
    981ee23b8d48 Bluetooth: btusb: Add flag to define wideband speech capability
    0fe69c99cc13 tty: serial: meson: fix hard LOCKUP on crtscts mode
    8f40bbf7dc01 serial: meson: Use platform_get_irq() to get the interrupt
    a1113f2c9b2c tty: serial: meson: retrieve port FIFO size from DT
    13391526d817 serial: meson: remove redundant initialization of variable id
    6245d0d70fe8 ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
    4ef452297de4 ALSA: info: Fix potential deadlock at disconnection
    c7df9523fed2 parisc/pgtable: Do not drop upper 5 address bits of physical address
    c32dfec86714 parisc: Prevent booting 64-bit kernels on PA1.x machines
    d570d139cb38 i3c: master: cdns: Fix reading status register
    ad6941b192ca mm/cma: use nth_page() in place of direct struct page manipulation
    36512866607e dmaengine: stm32-mdma: correct desc prep when channel running
    4a5c267d5700 mcb: fix error handling for different scenarios when parsing
    25eb381a736e i2c: core: Run atomic i2c xfer when !preemptible
    975b5ff33f9a kernel/reboot: emergency_restart: Set correct system_state
    421f9ccc75c5 quota: explicitly forbid quota files from being encrypted
    7d0c36cd2e65 jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
    665c2f186b8c btrfs: don't arbitrarily slow down delalloc if we're committing
    b5a8382cf829 PM: hibernate: Clean up sync_read handling in snapshot_write_next()
    2b3cfdaa8833 PM: hibernate: Use __get_safe_page() rather than touching the list
    612c17a90fce mmc: vub300: fix an error code
    398940412e8d clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    0b2b22b706ec parisc/pdc: Add width field to struct pdc_model
    012dba0ab814 PCI: keystone: Don't discard .probe() callback
    9988c9dc3c8b PCI: keystone: Don't discard .remove() callback
    a438322e0078 genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
    683c562c434d mmc: meson-gx: Remove setting of CMD_CFG_ERROR
    d894f9288cff ACPI: resource: Do IRQ override on TongFang GMxXGxx
    7b15bc9b753f PCI/sysfs: Protect driver's D3cold preference from user space
    78d3487b5b87 hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
    6b21ae025b82 audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
    c0d01f03aaac audit: don't take task_lock() in audit_exe_compare() code path
    4d0a828775f0 KVM: x86: Ignore MSR_AMD64_TW_CFG access
    5066faedd2f7 KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
    268d17ab637a x86/cpu/hygon: Fix the CPU topology evaluation for real
    acbc12b0b348 scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers
    bae690510316 bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
    6933bc9a5f77 randstruct: Fix gcc-plugin performance mode to stay in group
    c94d05ac6937 media: venus: hfi: add checks to perform sanity on queue pointers
    6d028ade9db7 cifs: spnego: add ';' in HOST_KEY_LEN
    26415e35f669 tools/power/turbostat: Fix a knl bug
    a49786297b83 macvlan: Don't propagate promisc change to lower dev in passthru
    04cb9ab8ebc5 net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors
    c740f4716a44 net/mlx5_core: Clean driver version and name
    e4bdbcce8e02 net/mlx5e: fix double free of encap_header
    5cc1f24f7333 net: stmmac: fix rx budget limit check
    c4b712d1a814 net: stmmac: Rework stmmac_rx()
    b2762d13dfae netfilter: nf_conntrack_bridge: initialize err to 0
    fd51e7541ff6 net: ethernet: cortina: Fix MTU max setting
    823bffdaac39 net: ethernet: cortina: Handle large frames
    f5055d7345d6 net: ethernet: cortina: Fix max RX frame define
    b4f0e605a508 bonding: stop the device in bond_setup_by_slave()
    7ea0a719e578 ptp: annotate data-race around q->head and q->tail
    89af55e0fa13 xen/events: fix delayed eoi list handling
    db957a2f5481 ppp: limit MRU to 64K
    f3b250d91993 tipc: Fix kernel-infoleak due to uninitialized TLV value
    77236275d4cd net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
    14c6cd41c851 tty: Fix uninit-value access in ppp_sync_receive()
    4d2d30f0792b ipvlan: add ipvlan_route_v6_outbound() helper
    ed53c1518811 NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
    fe449f8b9727 wifi: iwlwifi: Use FW rate for non-data frames
    eca19db60f99 pwm: Fix double shift bug
    d996530ba92c ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
    6d703922bc9e kgdb: Flush console before entering kgdb on panic
    eac3e4760aa1 drm/amd/display: Avoid NULL dereference of timing generator
    514565ff7fce media: cobalt: Use FIELD_GET() to extract Link Width
    2bb42a27a92f gfs2: ignore negated quota changes
    a251e20a2cbe media: vivid: avoid integer overflow
    8f83c85ee882 media: gspca: cpia1: shift-out-of-bounds in set_flicker
    a8f829886d47 i2c: sun6i-p2wi: Prevent potential division by zero
    80876a07ca3b usb: gadget: f_ncm: Always set current gadget in ncm_bind()
    460284dfb10b tty: vcc: Add check for kstrdup() in vcc_probe()
    35b9435123ef HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
    b549acf99982 scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
    33906b36b15d atm: iphase: Do PCI error checks on own line
    54f4dde8fa0c PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
    2527775616f3 ALSA: hda: Fix possible null-ptr-deref when assigning a stream
    953ed26a77c6 ARM: 9320/1: fix stack depot IRQ stack filter
    7467ca10a5ff jfs: fix array-index-out-of-bounds in diAlloc
    ecfb47f13b08 jfs: fix array-index-out-of-bounds in dbFindLeaf
    32bd8f1cbcf8 fs/jfs: Add validity check for db_maxag and db_agpref
    a81a56b4cbe3 fs/jfs: Add check for negative db_l2nbperpage
    e18d266fb3f1 RDMA/hfi1: Use FIELD_GET() to extract Link Width
    c9c133469730 crypto: pcrypt - Fix hungtask for PADATA_RESET
    ddd6e5266343 selftests/efivarfs: create-read: fix a resource leak
    437e0fa907ba drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
    d50a56749e5a drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
    c847379a5d00 drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
    1f24c286f4a4 drm/komeda: drop all currently held locks if deadlock happens
    5305ae0d4ad8 platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    3c4236f1b2a7 Bluetooth: Fix double free in hci_conn_cleanup
    3cf391e4174a wifi: ath10k: Don't touch the CE interrupt registers after power up
    252bde6b17b8 net: annotate data-races around sk->sk_dst_pending_confirm
    73909810ac27 net: annotate data-races around sk->sk_tx_queue_mapping
    bd653b07095a wifi: ath10k: fix clang-specific fortify warning
    32cc96dc5f4e wifi: ath9k: fix clang-specific fortify warnings
    efeae5f4972f wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    770da15be321 wifi: mac80211_hwsim: fix clang-specific fortify warning
    cfe13e1486d4 x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    91f7467ac96a clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    da667a3f8e23 clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    788c0b3442ea perf/core: Bail out early if the request AUX area is out of bound
    dcd85e3c9293 locking/ww_mutex/test: Fix potential workqueue corruption
    ef379773e2e7 Linux 5.4.261
    3542ef5c3748 btrfs: use u64 for buffer sizes in the tree search ioctls
    7868e6151a6d Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
    7be3aca8d73d fbdev: fsl-diu-fb: mark wr_reg_wa() static
    6c66d737b272 fbdev: imsttfb: fix a resource leak in probe
    b90c8dfd715f fbdev: imsttfb: Fix error path of imsttfb_probe()
    4a6a3f1b3840 spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
    157333513d14 drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
    21858a75dc78 netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
    ae99c5e16a83 netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs
    11380557c236 netfilter: xt_recent: fix (increase) ipv6 literal buffer length
    cce1d4668191 r8169: respect userspace disabling IFF_MULTICAST
    e820e23338d1 tg3: power down device only on SYSTEM_POWER_OFF
    f8065cde49b2 net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
    592f934b7a22 net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
    85513df59a3e Fix termination state for idr_for_each_entry_ul()
    56cddb5e657f net: r8169: Disable multicast filter for RTL8168H and RTL8107E
    e5a664ef4928 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
    3af0af2f98f3 dccp: Call security_inet_conn_request() after setting IPv4 addresses.
    afa49774d812 inet: shrink struct flowi_common
    2199260c42e6 tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
    cbdcdf42d15d llc: verify mac len before reading mac header
    50d122536661 Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
    e3677bfcbbcb pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
    6e9b5295892e pwm: sti: Reduce number of allocations and drop usage of chip_data
    19e45307f71f pwm: sti: Avoid conditional gotos
    c4d5179e42b4 regmap: prevent noinc writes from clobbering cache
    d62d868b30b8 media: dvb-usb-v2: af9035: fix missing unlock
    7843a9bfbe13 media: s3c-camif: Avoid inappropriate kfree()
    b35fdade92c5 media: bttv: fix use after free error due to btv->timeout timer
    0bc0e36fccc2 pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
    1502edd4a014 pcmcia: ds: fix refcount leak in pcmcia_device_add()
    58d6fb6a933c pcmcia: cs: fix possible hung task and memory leak pccardd()
    37212eede637 rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
    204beeb509d3 i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
    247ed618f534 powerpc/pseries: fix potential memory leak in init_cpu_associativity()
    cee681d4b22b powerpc/imc-pmu: Use the correct spinlock initializer.
    dc5804b47b66 powerpc/xive: Fix endian conversion size
    b6cffe8dd7cd modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
    90ab33735e2e f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
    9f20b06214dc dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
    688326e2cf9e USB: usbip: fix stub_dev hub disconnect
    b003b7a7d42e tools: iio: iio_generic_buffer ensure alignment
    7a64d15db7aa tools: iio: iio_generic_buffer: Fix some integer type and calculation
    db6d5b9ff6e8 tools: iio: privatize globals and functions in iio_generic_buffer.c file
    55b90e4c406a misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
    ed9b2ad3b9ca dmaengine: ti: edma: handle irq_of_parse_and_map() errors
    64c47749fc75 usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
    4050f13f71f2 tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
    ba46faaa49c5 leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
    abfd682fc5f0 ledtrig-cpu: Limit to 8 CPUs
    f6c3b7a4ce51 leds: pwm: Don't disable the PWM when the LED should be off
    cd6f50115fab leds: pwm: convert to atomic PWM API
    9686f771c096 leds: pwm: simplify if condition
    87b1ee831ddf mfd: dln2: Fix double put in dln2_probe
    b843d2cd134b ASoC: ams-delta.c: use component after check
    4634c9cc726d ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
    66888e6953f8 sh: bios: Revive earlyprintk support
    fdcbe9ce7bf3 RDMA/hfi1: Workaround truncation compilation error
    01698922f5d3 scsi: ufs: core: Leave space for '\0' in utf8 desc string
    3c61391a31a6 ext4: move 'ix' sanity check to corrent position
    454e6493bbda ARM: 9321/1: memset: cast the constant byte to unsigned char
    727203e6e7e7 hid: cp2112: Fix duplicate workqueue initialization
    48bb2931f24c HID: cp2112: Use irqchip template
    7b62cf90d0ea crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
    090e89c71620 crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
    40ba3fa21250 nd_btt: Make BTT lanes preemptible
    68655462f8be sched/rt: Provide migrate_disable/enable() inlines
    d14a373fe559 libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value
    f5d95a39683e hwrng: geode - fix accessing registers
    e4e4d4abb82b clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
    ce11e445d0ae firmware: ti_sci: Mark driver as non removable
    5d97cc0b491e firmware: ti_sci: Replace HTTP links with HTTPS ones
    cc1a1dcb411f soc: qcom: llcc: Handle a second device without data corruption
    813fdddde20f soc: qcom: Rename llcc-slice to llcc-qcom
    077010717b52 soc: qcom: llcc cleanup to get rid of sdm845 specific driver file
    3da50ee512e2 ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
    6b464d9414e3 arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
    64d990086065 drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
    ddc42881f170 drm/radeon: possible buffer overflow
    4a29f0f7a1b7 drm/rockchip: vop: Fix call to crtc reset helper
    824f0f4f93c6 drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
    eaf62ea6504f hwmon: (coretemp) Fix potentially truncated sysfs attribute name
    9fb0eed09e14 platform/x86: wmi: Fix opening of char device
    22117b77eecb platform/x86: wmi: remove unnecessary initializations
    1607ea8a8161 platform/x86: wmi: Fix probe failure when failing to register WMI devices
    d1461f0c9ca0 clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
    e8ae4b49dd9c clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
    cfa68e0ac5dc clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
    2705c5b97f50 clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
    fbe466f06d4e clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
    8ae911637b0b clk: npcm7xx: Fix incorrect kfree
    cbcf67b0bc5d clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
    3d38bc4bab88 clk: imx: Select MXC_CLK for CLK_IMX8QXP
    ae98b5ef991a clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
    15f335494bb3 clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents
    141ccc127230 clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
    dbf13624b2de regmap: debugfs: Fix a erroneous check after snprintf()
    af50165c1218 ipvlan: properly track tx_errors
    76304c749e05 net: add DEV_STATS_READ() helper
    4482b250c895 ipv6: avoid atomic fragment on GSO packets
    19d527337870 ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
    5105d46146f2 tcp: fix cookie_init_timestamp() overflows
    e4e819bdc8f3 tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp
    7ab8aa73002c chtls: fix tp->rcv_tstamp initialization
    75bbf6e93462 r8169: fix rare issue with broken rx after link-down on RTL8125
    282342bc47c6 r8169: use tp_to_dev instead of open code
    3091ab943dfc thermal: core: prevent potential string overflow
    35854733ae67 can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
    b53be254d30f can: dev: can_restart(): don't crash kernel if carrier is OK
    a29f012a27cf wifi: rtlwifi: fix EDCA limit set by BT coexistence
    bed72a332f02 tcp_metrics: do not create an entry from tcp_init_metrics()
    f3902c0e6f08 tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
    b78f2b7774a0 tcp_metrics: add missing barriers on delete
    af0fe2c2ff4d wifi: mt76: mt7603: rework/fix rx pse hang check
    a2e99dbdc127 wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    c9b929f7932b tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
    25eaef1d0d0e i40e: fix potential memory leaks in i40e_remove()
    09ce728c9e27 genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
    3718a48ef495 vfs: fix readahead(2) on block devices

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 92913d3ddb..396d218afd 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "e14c8b01bbec8630c1f30e037d6e0226851369cc"
-SRCREV_meta ?= "26bb76ebda0b545f3580f3c01e471f3357deb9d3"
+SRCREV_machine ?= "9ef07d0d41fa14bf7366dfe5ef657d9f24b35349"
+SRCREV_meta ?= "9f1a56eeea58f7d9b597f0ea33e43e35b8288762"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.260"
+LINUX_VERSION ?= "5.4.262"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index f193a5990f..1048af2f79 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.260"
+LINUX_VERSION ?= "5.4.262"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "7a685407c99004f8f3574c8528d6988f68477fdc"
-SRCREV_machine ?= "29ed7a00fd34f83e07e08d662009bb982f26d2af"
-SRCREV_meta ?= "26bb76ebda0b545f3580f3c01e471f3357deb9d3"
+SRCREV_machine_qemuarm ?= "73dbd7ea55670218b017d9719868e7d61d0b1011"
+SRCREV_machine ?= "0b41bdd8d544c72af97c34e9c464b7534fd18c7a"
+SRCREV_meta ?= "9f1a56eeea58f7d9b597f0ea33e43e35b8288762"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 4affa99404..e932394c90 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -13,16 +13,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "c414b2cca9023975041723ebeeae7a7a1a9169e4"
-SRCREV_machine_qemuarm64 ?= "102ea8999fae670974ae712724612b47aff915ff"
-SRCREV_machine_qemumips ?= "fe3aac3a3f5be178a8ba293c89eec0ffb845f3b6"
-SRCREV_machine_qemuppc ?= "93642912bcad365bbc9d55c6afc2253c3290063d"
-SRCREV_machine_qemuriscv64 ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
-SRCREV_machine_qemux86 ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
-SRCREV_machine_qemux86-64 ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
-SRCREV_machine_qemumips64 ?= "a9d34f8519781762993c7cc36464f632d96989c9"
-SRCREV_machine ?= "1de97ac6497bae665acc69e6b3b15bef57229d44"
-SRCREV_meta ?= "26bb76ebda0b545f3580f3c01e471f3357deb9d3"
+SRCREV_machine_qemuarm ?= "62367606f47fb5832c10c3d5ea370f9d162504a0"
+SRCREV_machine_qemuarm64 ?= "dbcb9a6b795e82a7869f213ce4a7d30779cc0b5c"
+SRCREV_machine_qemumips ?= "0386462f3785de758d8c333ddfa9b3a7ce26e048"
+SRCREV_machine_qemuppc ?= "4bc83a0d08c8ca1fba167dff9dc652055626837c"
+SRCREV_machine_qemuriscv64 ?= "4d141be8fd148e0ea68d8f957f527ad5f22015ab"
+SRCREV_machine_qemux86 ?= "4d141be8fd148e0ea68d8f957f527ad5f22015ab"
+SRCREV_machine_qemux86-64 ?= "4d141be8fd148e0ea68d8f957f527ad5f22015ab"
+SRCREV_machine_qemumips64 ?= "c60dba46dca65775a5d5bfe0e41b0eb5f55a3ba7"
+SRCREV_machine ?= "4d141be8fd148e0ea68d8f957f527ad5f22015ab"
+SRCREV_meta ?= "9f1a56eeea58f7d9b597f0ea33e43e35b8288762"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -31,7 +31,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.260"
+LINUX_VERSION ?= "5.4.262"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][dunfell 11/11] cve-exclusion_5.4.inc: update for 5.4.262

[Steve Sakoman]

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/cve-exclusion_5.4.inc               | 79 +++++++++++++++----
 1 file changed, 64 insertions(+), 15 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
index 4c17b701df..983424d427 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-10-24 06:03:05.289306 for version 5.4.257
+# Generated at 2023-12-05 04:45:42.561193 for version 5.4.262
 
 python check_kernel_cve_status_version() {
-    this_version = "5.4.257"
+    this_version = "5.4.262"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5638,7 +5638,8 @@ CVE_CHECK_WHITELIST += "CVE-2021-43976"
 # cpe-stable-backport: Backported in 5.4.170
 CVE_CHECK_WHITELIST += "CVE-2021-44733"
 
-# CVE-2021-44879 needs backporting (fixed from 5.17rc1)
+# cpe-stable-backport: Backported in 5.4.260
+CVE_CHECK_WHITELIST += "CVE-2021-44879"
 
 # cpe-stable-backport: Backported in 5.4.171
 CVE_CHECK_WHITELIST += "CVE-2021-45095"
@@ -6500,7 +6501,7 @@ CVE_CHECK_WHITELIST += "CVE-2022-43945"
 
 # CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44034 has no known resolution
+# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-4543 has no known resolution
 
@@ -6670,7 +6671,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-1118"
 # fixed-version: only affects 5.15rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-1192"
 
-# CVE-2023-1193 has no known resolution
+# fixed-version: only affects 5.15rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-1193"
 
 # fixed-version: only affects 5.15rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-1194"
@@ -6964,7 +6966,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-3106"
 
 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)
 
-# CVE-2023-31085 needs backporting (fixed from 5.4.258)
+# cpe-stable-backport: Backported in 5.4.258
+CVE_CHECK_WHITELIST += "CVE-2023-31085"
 
 # cpe-stable-backport: Backported in 5.4.247
 CVE_CHECK_WHITELIST += "CVE-2023-3111"
@@ -7079,7 +7082,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-34256"
 # fixed-version: only affects 6.1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-34319"
 
-# CVE-2023-34324 needs backporting (fixed from 5.4.258)
+# fixed-version: only affects 5.10rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-34324"
 
 # fixed-version: only affects 5.15rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-3439"
@@ -7104,7 +7108,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-35824"
 # fixed-version: only affects 5.18rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-35826"
 
-# CVE-2023-35827 has no known resolution
+# cpe-stable-backport: Backported in 5.4.259
+CVE_CHECK_WHITELIST += "CVE-2023-35827"
 
 # cpe-stable-backport: Backported in 5.4.243
 CVE_CHECK_WHITELIST += "CVE-2023-35828"
@@ -7182,7 +7187,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-3867"
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-39189"
 
-# CVE-2023-39191 needs backporting (fixed from 6.3rc1)
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-39191"
 
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-39192"
@@ -7193,6 +7199,11 @@ CVE_CHECK_WHITELIST += "CVE-2023-39193"
 # cpe-stable-backport: Backported in 5.4.255
 CVE_CHECK_WHITELIST += "CVE-2023-39194"
 
+# cpe-stable-backport: Backported in 5.4.251
+CVE_CHECK_WHITELIST += "CVE-2023-39197"
+
+# CVE-2023-39198 needs backporting (fixed from 6.5rc7)
+
 # fixed-version: only affects 5.6rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-4004"
 
@@ -7204,7 +7215,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-4015"
 # cpe-stable-backport: Backported in 5.4.253
 CVE_CHECK_WHITELIST += "CVE-2023-40283"
 
-# CVE-2023-40791 needs backporting (fixed from 6.5rc6)
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-40791"
 
 # cpe-stable-backport: Backported in 5.4.253
 CVE_CHECK_WHITELIST += "CVE-2023-4128"
@@ -7246,7 +7258,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-42752"
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-42753"
 
-# CVE-2023-42754 needs backporting (fixed from 5.4.258)
+# cpe-stable-backport: Backported in 5.4.258
+CVE_CHECK_WHITELIST += "CVE-2023-42754"
 
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-42755"
@@ -7281,14 +7294,16 @@ CVE_CHECK_WHITELIST += "CVE-2023-4569"
 # cpe-stable-backport: Backported in 5.4.235
 CVE_CHECK_WHITELIST += "CVE-2023-45862"
 
-# CVE-2023-45863 needs backporting (fixed from 6.3rc1)
+# cpe-stable-backport: Backported in 5.4.260
+CVE_CHECK_WHITELIST += "CVE-2023-45863"
 
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-45871"
 
-# CVE-2023-45898 needs backporting (fixed from 6.6rc1)
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-45898"
 
-# CVE-2023-4610 has no known resolution
+# CVE-2023-4610 needs backporting (fixed from 6.4)
 
 # fixed-version: only affects 6.4rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-4611"
@@ -7298,6 +7313,13 @@ CVE_CHECK_WHITELIST += "CVE-2023-4611"
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-4623"
 
+# fixed-version: only affects 5.10rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-46813"
+
+# CVE-2023-46862 needs backporting (fixed from 6.6)
+
+# CVE-2023-47233 has no known resolution
+
 # CVE-2023-4732 needs backporting (fixed from 5.14rc1)
 
 # CVE-2023-4881 needs backporting (fixed from 6.6rc1)
@@ -7305,7 +7327,14 @@ CVE_CHECK_WHITELIST += "CVE-2023-4623"
 # cpe-stable-backport: Backported in 5.4.257
 CVE_CHECK_WHITELIST += "CVE-2023-4921"
 
-# CVE-2023-5158 has no known resolution
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-5090"
+
+# fixed-version: only affects 5.13rc1 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-5158"
+
+# cpe-stable-backport: Backported in 5.4.260
+CVE_CHECK_WHITELIST += "CVE-2023-5178"
 
 # fixed-version: only affects 5.9rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-5197"
@@ -7313,3 +7342,23 @@ CVE_CHECK_WHITELIST += "CVE-2023-5197"
 # fixed-version: only affects 6.1rc1 onwards
 CVE_CHECK_WHITELIST += "CVE-2023-5345"
 
+# fixed-version: only affects 6.2 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-5633"
+
+# cpe-stable-backport: Backported in 5.4.259
+CVE_CHECK_WHITELIST += "CVE-2023-5717"
+
+# CVE-2023-5972 needs backporting (fixed from 6.6rc7)
+
+# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
+
+# fixed-version: only affects 6.6rc3 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-6111"
+
+# CVE-2023-6121 needs backporting (fixed from 6.7rc3)
+
+# fixed-version: only affects 5.7rc7 onwards
+CVE_CHECK_WHITELIST += "CVE-2023-6176"
+
+# CVE-2023-6238 has no known resolution
+
-- 
2.34.1