[OE-core][kirkstone 0/9] Patch review

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Unfortunately this series of linux-yocto version bumps has caused a
number of issues with adding and resizing partitions.  The problem was
introduced in 5.15.132 and has not been fixed in any of the subsequent
version bumps.

Bruce and have decided to revert this series until we have an acceptable fix.

Please have any comments back by end of day Monday, March 11.

The following changes since commit e5aae8a371717215a7d78459788ad67dfaefe37e:

  golang: Fix CVE-2023-45289 & CVE-2023-45290 (2024-03-07 04:18:33 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Steve Sakoman (9):
  Revert "linux-yocto/5.15: update CVE exclusions"
  Revert "linux-yocto/5.15: update to v5.15.148"
  Revert "linux-yocto/5.15: update CVE exclusions"
  Revert "linux-yocto/5.15: update to v5.15.147"
  Revert "linux-yocto/5.15: update CVE exclusions"
  Revert "linux-yocto/5.15: update to v5.15.146"
  Revert "linux-yocto/5.15: update to v5.15.145"
  Revert "linux-yocto/5.15: update to v5.15.142"
  Revert "linux-yocto/5.15: update to v5.15.141"

 .../linux/cve-exclusion_5.15.inc              | 372 ++----------------
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 4 files changed, 57 insertions(+), 353 deletions(-)

-- 
2.34.1

[OE-core][kirkstone 1/9] Revert "linux-yocto/5.15: update CVE exclusions"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit b71eeab71911ab49a8e8b8d78560fdbd66f883e7.
---
 .../linux/cve-exclusion_5.15.inc              | 91 ++-----------------
 1 file changed, 6 insertions(+), 85 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index d33f2b3c7f..0d54b414d9 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-02-06 21:02:11.546853 for version 5.15.148
+# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147
 
 python check_kernel_cve_status_version() {
-    this_version = "5.15.148"
+    this_version = "5.15.147"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5299,12 +5299,6 @@ CVE_CHECK_IGNORE += "CVE-2021-3348"
 # fixed-version: Fixed after version 5.13rc7
 CVE_CHECK_IGNORE += "CVE-2021-33624"
 
-# fixed-version: Fixed after version 5.4rc1
-CVE_CHECK_IGNORE += "CVE-2021-33630"
-
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2021-33631"
-
 # cpe-stable-backport: Backported in 5.15.54
 CVE_CHECK_IGNORE += "CVE-2021-33655"
 
@@ -6401,8 +6395,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3635"
 # fixed-version: only affects 5.19 onwards
 CVE_CHECK_IGNORE += "CVE-2022-3640"
 
-# cpe-stable-backport: Backported in 5.15.129
-CVE_CHECK_IGNORE += "CVE-2022-36402"
+# CVE-2022-36402 has no known resolution
 
 # CVE-2022-3642 has no known resolution
 
@@ -7375,15 +7368,9 @@ CVE_CHECK_IGNORE += "CVE-2023-4611"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-4623"
 
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-46343"
-
 # cpe-stable-backport: Backported in 5.15.137
 CVE_CHECK_IGNORE += "CVE-2023-46813"
 
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-46838"
-
 # cpe-stable-backport: Backported in 5.15.140
 CVE_CHECK_IGNORE += "CVE-2023-46862"
 
@@ -7398,17 +7385,11 @@ CVE_CHECK_IGNORE += "CVE-2023-4881"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-4921"
 
-# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
+# CVE-2023-50431 has no known resolution
 
 # fixed-version: only affects 6.0rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5090"
 
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-51042"
-
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-51043"
-
 # cpe-stable-backport: Backported in 5.15.135
 CVE_CHECK_IGNORE += "CVE-2023-5158"
 
@@ -7430,9 +7411,6 @@ CVE_CHECK_IGNORE += "CVE-2023-51782"
 # cpe-stable-backport: Backported in 5.15.134
 CVE_CHECK_IGNORE += "CVE-2023-5197"
 
-# cpe-stable-backport: Backported in 5.15.147
-CVE_CHECK_IGNORE += "CVE-2023-52340"
-
 # fixed-version: only affects 6.1rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5345"
 
@@ -7447,8 +7425,7 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
 
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
 
-# cpe-stable-backport: Backported in 5.15.147
-CVE_CHECK_IGNORE += "CVE-2023-6040"
+# CVE-2023-6040 needs backporting (fixed from 5.18rc1)
 
 # fixed-version: only affects 6.6rc3 onwards
 CVE_CHECK_IGNORE += "CVE-2023-6111"
@@ -7459,9 +7436,6 @@ CVE_CHECK_IGNORE += "CVE-2023-6121"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-6176"
 
-# fixed-version: only affects 6.6rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6200"
-
 # CVE-2023-6238 has no known resolution
 
 # CVE-2023-6270 has no known resolution
@@ -7494,9 +7468,6 @@ CVE_CHECK_IGNORE += "CVE-2023-6679"
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6817"
 
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-6915"
-
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6931"
 
@@ -7516,55 +7487,5 @@ CVE_CHECK_IGNORE += "CVE-2024-0193"
 # fixed-version: only affects 6.2rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2024-0443"
 
-# cpe-stable-backport: Backported in 5.15.64
-CVE_CHECK_IGNORE += "CVE-2024-0562"
-
-# CVE-2024-0564 has no known resolution
-
-# CVE-2024-0565 needs backporting (fixed from 6.7rc6)
-
-# fixed-version: only affects 6.4rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0582"
-
-# cpe-stable-backport: Backported in 5.15.142
-CVE_CHECK_IGNORE += "CVE-2024-0584"
-
-# cpe-stable-backport: Backported in 5.15.140
-CVE_CHECK_IGNORE += "CVE-2024-0607"
-
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2024-0639"
-
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2024-0641"
-
-# cpe-stable-backport: Backported in 5.15.147
-CVE_CHECK_IGNORE += "CVE-2024-0646"
-
-# cpe-stable-backport: Backported in 5.15.112
-CVE_CHECK_IGNORE += "CVE-2024-0775"
-
-# CVE-2024-0841 has no known resolution
-
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-1085"
-
-# CVE-2024-1086 needs backporting (fixed from 6.8rc2)
-
-# CVE-2024-21803 has no known resolution
-
-# CVE-2024-22099 has no known resolution
-
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2024-22705"
-
-# CVE-2024-23307 has no known resolution
-
-# CVE-2024-23848 has no known resolution
-
-# CVE-2024-23849 has no known resolution
-
-# CVE-2024-23850 has no known resolution
-
-# CVE-2024-23851 has no known resolution
+# Skipping dd=CVE-2023-1476, no affected_versions
 
-- 
2.34.1

[OE-core][kirkstone 2/9] Revert "linux-yocto/5.15: update to v5.15.148"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit f1326d008a2a37b3860f25eb082efabdeba7cc32.
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 4578a1d819..e64f21b2f0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "198d85bb67700ac968a286cf7f89f008bb6eff39"
-SRCREV_meta ?= "c07c75a1e9438e70a80615cac0f48eb91d8f34ea"
+SRCREV_machine ?= "7168cfa2ce6492db31163393808806b6f48af5e8"
+SRCREV_meta ?= "487de687c6a4553f11d67b83d01f16f79449ee49"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.148"
+LINUX_VERSION ?= "5.15.147"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 267ebb11c4..38bea23264 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.148"
+LINUX_VERSION ?= "5.15.147"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "0780801e81912c4bbd53b4fc01dad6df556739b6"
-SRCREV_meta ?= "c07c75a1e9438e70a80615cac0f48eb91d8f34ea"
+SRCREV_machine ?= "641e2136a155ce3179c84b9365a5998c1354fdd0"
+SRCREV_meta ?= "487de687c6a4553f11d67b83d01f16f79449ee49"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 9a7c96b453..1acd7b62cd 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "c0150afdb5ca785c04acec22c7f42f42b044ca43"
-SRCREV_machine:qemuarm64 ?= "201f4f28b183815dbabda398e9ee90a2e628ad94"
-SRCREV_machine:qemumips ?= "1d82f42872b46d7f129bbe631931a09590d9d6bf"
-SRCREV_machine:qemuppc ?= "e985732d9de961b364b9bbf03ef3eba41adf8e37"
-SRCREV_machine:qemuriscv64 ?= "9bc0938c9f31f2f63b8e9d7b8f43671927858068"
-SRCREV_machine:qemuriscv32 ?= "9bc0938c9f31f2f63b8e9d7b8f43671927858068"
-SRCREV_machine:qemux86 ?= "9bc0938c9f31f2f63b8e9d7b8f43671927858068"
-SRCREV_machine:qemux86-64 ?= "9bc0938c9f31f2f63b8e9d7b8f43671927858068"
-SRCREV_machine:qemumips64 ?= "c87c9b74f382aba2886320ca29dd32544e53f15b"
-SRCREV_machine ?= "9bc0938c9f31f2f63b8e9d7b8f43671927858068"
-SRCREV_meta ?= "c07c75a1e9438e70a80615cac0f48eb91d8f34ea"
+SRCREV_machine:qemuarm ?= "82f8a25a3894c10d1cf26914b8e51726351ba11e"
+SRCREV_machine:qemuarm64 ?= "cf955e443d881e296b83940143fd30ea83fcf222"
+SRCREV_machine:qemumips ?= "1c3babd3b42768e24c797edfc3f67906aca6d072"
+SRCREV_machine:qemuppc ?= "b08998787bece69376578b049cab073d8b80e872"
+SRCREV_machine:qemuriscv64 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
+SRCREV_machine:qemuriscv32 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
+SRCREV_machine:qemux86 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
+SRCREV_machine:qemux86-64 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
+SRCREV_machine:qemumips64 ?= "4ff2c0496c0160a96185a080ec9678c63b68bd47"
+SRCREV_machine ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
+SRCREV_meta ?= "487de687c6a4553f11d67b83d01f16f79449ee49"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "6139f2a02fe0ac7a08389b4eb786e0c659039ddd"
+SRCREV_machine:class-devupstream ?= "26c690eff0a56293e0b6911a38e406c211b35547"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.148"
+LINUX_VERSION ?= "5.15.147"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 3/9] Revert "linux-yocto/5.15: update CVE exclusions"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit c7c86d97f6a0e1d09eaca999ecec13656655f299.
---
 .../linux/cve-exclusion_5.15.inc              | 44 +++----------------
 1 file changed, 7 insertions(+), 37 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 0d54b414d9..84d0becb8d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147
+# Generated at 2024-01-11 21:16:55.956074 for version 5.15.146
 
 python check_kernel_cve_status_version() {
-    this_version = "5.15.147"
+    this_version = "5.15.146"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -6626,9 +6626,6 @@ CVE_CHECK_IGNORE += "CVE-2022-48425"
 # cpe-stable-backport: Backported in 5.15.121
 CVE_CHECK_IGNORE += "CVE-2022-48502"
 
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2022-48619"
-
 # fixed-version: Fixed after version 5.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-0030"
 
@@ -6750,8 +6747,6 @@ CVE_CHECK_IGNORE += "CVE-2023-1382"
 # fixed-version: Fixed after version 5.11rc4
 CVE_CHECK_IGNORE += "CVE-2023-1390"
 
-# CVE-2023-1476 has no known resolution
-
 # cpe-stable-backport: Backported in 5.15.95
 CVE_CHECK_IGNORE += "CVE-2023-1513"
 
@@ -6926,8 +6921,7 @@ CVE_CHECK_IGNORE += "CVE-2023-23559"
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2023-23586"
 
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-2430"
+# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
 
 # cpe-stable-backport: Backported in 5.15.105
 CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -7357,8 +7351,7 @@ CVE_CHECK_IGNORE += "CVE-2023-45871"
 # fixed-version: only affects 6.5rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-45898"
 
-# fixed-version: only affects 6.4rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-4610"
+# CVE-2023-4610 needs backporting (fixed from 6.4)
 
 # fixed-version: only affects 6.4rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4611"
@@ -7393,8 +7386,7 @@ CVE_CHECK_IGNORE += "CVE-2023-5090"
 # cpe-stable-backport: Backported in 5.15.135
 CVE_CHECK_IGNORE += "CVE-2023-5158"
 
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2023-51779"
+# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
 
 # cpe-stable-backport: Backported in 5.15.137
 CVE_CHECK_IGNORE += "CVE-2023-5178"
@@ -7425,8 +7417,6 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
 
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
 
-# CVE-2023-6040 needs backporting (fixed from 5.18rc1)
-
 # fixed-version: only affects 6.6rc3 onwards
 CVE_CHECK_IGNORE += "CVE-2023-6111"
 
@@ -7438,13 +7428,8 @@ CVE_CHECK_IGNORE += "CVE-2023-6176"
 
 # CVE-2023-6238 has no known resolution
 
-# CVE-2023-6270 has no known resolution
-
 # CVE-2023-6356 has no known resolution
 
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6531"
-
 # CVE-2023-6535 has no known resolution
 
 # CVE-2023-6536 has no known resolution
@@ -7454,16 +7439,14 @@ CVE_CHECK_IGNORE += "CVE-2023-6546"
 
 # CVE-2023-6560 needs backporting (fixed from 6.7rc4)
 
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2023-6606"
+# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
 
 # CVE-2023-6610 needs backporting (fixed from 6.7rc7)
 
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6622"
 
-# fixed-version: only affects 6.7rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6679"
+# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
 
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6817"
@@ -7476,16 +7459,3 @@ CVE_CHECK_IGNORE += "CVE-2023-6932"
 
 # CVE-2023-7042 has no known resolution
 
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-7192"
-
-# fixed-version: only affects 6.5rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0193"
-
-# CVE-2024-0340 needs backporting (fixed from 6.4rc6)
-
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0443"
-
-# Skipping dd=CVE-2023-1476, no affected_versions
-
-- 
2.34.1

[OE-core][kirkstone 4/9] Revert "linux-yocto/5.15: update to v5.15.147"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit f4f1964a7a2922f3253484852b76602af5f31a89.
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index e64f21b2f0..1e61698222 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "7168cfa2ce6492db31163393808806b6f48af5e8"
-SRCREV_meta ?= "487de687c6a4553f11d67b83d01f16f79449ee49"
+SRCREV_machine ?= "daa620f017a02ae381f1e54be7ceb8a2f3e3caee"
+SRCREV_meta ?= "be429ba6790683eae6d1c34d527af29890988c25"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.147"
+LINUX_VERSION ?= "5.15.146"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 38bea23264..c7c4e09bd9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.147"
+LINUX_VERSION ?= "5.15.146"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "641e2136a155ce3179c84b9365a5998c1354fdd0"
-SRCREV_meta ?= "487de687c6a4553f11d67b83d01f16f79449ee49"
+SRCREV_machine ?= "aade2fc343af128889d6c6f1071ec1a8e9a548a8"
+SRCREV_meta ?= "be429ba6790683eae6d1c34d527af29890988c25"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 1acd7b62cd..ef8c18b1b2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,17 +14,17 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "82f8a25a3894c10d1cf26914b8e51726351ba11e"
-SRCREV_machine:qemuarm64 ?= "cf955e443d881e296b83940143fd30ea83fcf222"
-SRCREV_machine:qemumips ?= "1c3babd3b42768e24c797edfc3f67906aca6d072"
-SRCREV_machine:qemuppc ?= "b08998787bece69376578b049cab073d8b80e872"
-SRCREV_machine:qemuriscv64 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
-SRCREV_machine:qemuriscv32 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
-SRCREV_machine:qemux86 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
-SRCREV_machine:qemux86-64 ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
-SRCREV_machine:qemumips64 ?= "4ff2c0496c0160a96185a080ec9678c63b68bd47"
-SRCREV_machine ?= "5822f13dba3b1f460536d873aea707f4b25840cf"
-SRCREV_meta ?= "487de687c6a4553f11d67b83d01f16f79449ee49"
+SRCREV_machine:qemuarm ?= "f59d00a628c3ddb39052284a4a7bd54f9ee12999"
+SRCREV_machine:qemuarm64 ?= "8b10556d4fd67dec1a16252ef0d3058dfe31dff5"
+SRCREV_machine:qemumips ?= "b0c8aefa7811fd3b7cebb25c1565f73523c7b2ac"
+SRCREV_machine:qemuppc ?= "0ebd785a8436934e3f3e6dea6506de7f7ed9947e"
+SRCREV_machine:qemuriscv64 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
+SRCREV_machine:qemuriscv32 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
+SRCREV_machine:qemux86 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
+SRCREV_machine:qemux86-64 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
+SRCREV_machine:qemumips64 ?= "187d249255a797c470b0680f28e18a17a05c3bb4"
+SRCREV_machine ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
+SRCREV_meta ?= "be429ba6790683eae6d1c34d527af29890988c25"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.147"
+LINUX_VERSION ?= "5.15.146"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 5/9] Revert "linux-yocto/5.15: update CVE exclusions"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit 22b1db5362e18ee6c2a90049facc72c3554542dd.
---
 .../linux/cve-exclusion_5.15.inc              | 259 +++---------------
 1 file changed, 36 insertions(+), 223 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 84d0becb8d..7822040782 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-11 21:16:55.956074 for version 5.15.146
+# Generated at 2023-09-23 10:40:51.641475 for version 5.15.124
 
 python check_kernel_cve_status_version() {
-    this_version = "5.15.146"
+    this_version = "5.15.124"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4839,8 +4839,7 @@ CVE_CHECK_IGNORE += "CVE-2020-27194"
 # fixed-version: Fixed after version 5.6rc4
 CVE_CHECK_IGNORE += "CVE-2020-2732"
 
-# fixed-version: Fixed after version 5.6rc5
-CVE_CHECK_IGNORE += "CVE-2020-27418"
+# CVE-2020-27418 has no known resolution
 
 # fixed-version: Fixed after version 5.10rc1
 CVE_CHECK_IGNORE += "CVE-2020-27673"
@@ -4982,9 +4981,6 @@ CVE_CHECK_IGNORE += "CVE-2020-36691"
 # fixed-version: Fixed after version 5.10
 CVE_CHECK_IGNORE += "CVE-2020-36694"
 
-# fixed-version: Fixed after version 5.9rc1
-CVE_CHECK_IGNORE += "CVE-2020-36766"
-
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2020-3702"
 
@@ -6454,8 +6450,7 @@ CVE_CHECK_IGNORE += "CVE-2022-40768"
 # cpe-stable-backport: Backported in 5.15.66
 CVE_CHECK_IGNORE += "CVE-2022-4095"
 
-# cpe-stable-backport: Backported in 5.15.125
-CVE_CHECK_IGNORE += "CVE-2022-40982"
+# CVE-2022-40982 needs backporting (fixed from 5.15.125)
 
 # cpe-stable-backport: Backported in 5.15.87
 CVE_CHECK_IGNORE += "CVE-2022-41218"
@@ -6541,7 +6536,7 @@ CVE_CHECK_IGNORE += "CVE-2022-43945"
 
 # CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
+# CVE-2022-44034 has no known resolution
 
 # CVE-2022-4543 has no known resolution
 
@@ -6596,8 +6591,7 @@ CVE_CHECK_IGNORE += "CVE-2022-47938"
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2022-47939"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2022-47940"
+# CVE-2022-47940 needs backporting (fixed from 5.19rc1)
 
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2022-47941"
@@ -6714,11 +6708,9 @@ CVE_CHECK_IGNORE += "CVE-2023-1118"
 # cpe-stable-backport: Backported in 5.15.113
 CVE_CHECK_IGNORE += "CVE-2023-1192"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-1193"
+# CVE-2023-1193 has no known resolution
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-1194"
+# CVE-2023-1194 has no known resolution
 
 # fixed-version: only affects 5.16rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-1195"
@@ -6805,11 +6797,9 @@ CVE_CHECK_IGNORE += "CVE-2023-2008"
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2023-2019"
 
-# cpe-stable-backport: Backported in 5.15.125
-CVE_CHECK_IGNORE += "CVE-2023-20569"
+# CVE-2023-20569 needs backporting (fixed from 5.15.125)
 
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-20588"
+# CVE-2023-20588 needs backporting (fixed from 5.15.126)
 
 # cpe-stable-backport: Backported in 5.15.122
 CVE_CHECK_IGNORE += "CVE-2023-20593"
@@ -6932,8 +6922,7 @@ CVE_CHECK_IGNORE += "CVE-2023-25012"
 # cpe-stable-backport: Backported in 5.15.61
 CVE_CHECK_IGNORE += "CVE-2023-2513"
 
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-25775"
+# CVE-2023-25775 needs backporting (fixed from 6.6rc1)
 
 # fixed-version: only affects 6.3rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-2598"
@@ -7014,8 +7003,7 @@ CVE_CHECK_IGNORE += "CVE-2023-3106"
 
 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)
 
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2023-31085"
+# CVE-2023-31085 has no known resolution
 
 # cpe-stable-backport: Backported in 5.15.63
 CVE_CHECK_IGNORE += "CVE-2023-3111"
@@ -7047,26 +7035,20 @@ CVE_CHECK_IGNORE += "CVE-2023-3220"
 # cpe-stable-backport: Backported in 5.15.111
 CVE_CHECK_IGNORE += "CVE-2023-32233"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32247"
+# CVE-2023-32247 needs backporting (fixed from 6.4rc1)
 
 # cpe-stable-backport: Backported in 5.15.111
 CVE_CHECK_IGNORE += "CVE-2023-32248"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32250"
+# CVE-2023-32250 needs backporting (fixed from 6.4rc1)
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32252"
+# CVE-2023-32252 needs backporting (fixed from 6.4rc1)
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32254"
+# CVE-2023-32254 needs backporting (fixed from 6.4rc1)
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32257"
+# CVE-2023-32257 needs backporting (fixed from 6.4rc1)
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32258"
+# CVE-2023-32258 needs backporting (fixed from 6.4rc1)
 
 # cpe-stable-backport: Backported in 5.15.93
 CVE_CHECK_IGNORE += "CVE-2023-32269"
@@ -7131,9 +7113,6 @@ CVE_CHECK_IGNORE += "CVE-2023-34256"
 # fixed-version: only affects 6.1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-34319"
 
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2023-34324"
-
 # CVE-2023-3439 needs backporting (fixed from 5.18rc5)
 
 # cpe-stable-backport: Backported in 5.15.121
@@ -7156,8 +7135,7 @@ CVE_CHECK_IGNORE += "CVE-2023-35824"
 # fixed-version: only affects 5.18rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-35826"
 
-# cpe-stable-backport: Backported in 5.15.136
-CVE_CHECK_IGNORE += "CVE-2023-35827"
+# CVE-2023-35827 has no known resolution
 
 # cpe-stable-backport: Backported in 5.15.111
 CVE_CHECK_IGNORE += "CVE-2023-35828"
@@ -7181,8 +7159,7 @@ CVE_CHECK_IGNORE += "CVE-2023-37453"
 
 # CVE-2023-37454 has no known resolution
 
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-3772"
+# CVE-2023-3772 needs backporting (fixed from 5.15.128)
 
 # fixed-version: only affects 5.17rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-3773"
@@ -7202,8 +7179,7 @@ CVE_CHECK_IGNORE += "CVE-2023-38409"
 # cpe-stable-backport: Backported in 5.15.113
 CVE_CHECK_IGNORE += "CVE-2023-38426"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-38427"
+# CVE-2023-38427 needs backporting (fixed from 6.4rc6)
 
 # cpe-stable-backport: Backported in 5.15.113
 CVE_CHECK_IGNORE += "CVE-2023-38428"
@@ -7211,11 +7187,9 @@ CVE_CHECK_IGNORE += "CVE-2023-38428"
 # cpe-stable-backport: Backported in 5.15.113
 CVE_CHECK_IGNORE += "CVE-2023-38429"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-38430"
+# CVE-2023-38430 needs backporting (fixed from 6.4rc6)
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-38431"
+# CVE-2023-38431 needs backporting (fixed from 6.4rc6)
 
 # cpe-stable-backport: Backported in 5.15.121
 CVE_CHECK_IGNORE += "CVE-2023-38432"
@@ -7229,29 +7203,7 @@ CVE_CHECK_IGNORE += "CVE-2023-3865"
 # cpe-stable-backport: Backported in 5.15.121
 CVE_CHECK_IGNORE += "CVE-2023-3866"
 
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-3867"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-39189"
-
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-39191"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-39192"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-39193"
-
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-39194"
-
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-39197"
-
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-39198"
+# CVE-2023-3867 needs backporting (fixed from 6.5rc1)
 
 # cpe-stable-backport: Backported in 5.15.123
 CVE_CHECK_IGNORE += "CVE-2023-4004"
@@ -7261,14 +7213,9 @@ CVE_CHECK_IGNORE += "CVE-2023-4004"
 # cpe-stable-backport: Backported in 5.15.124
 CVE_CHECK_IGNORE += "CVE-2023-4015"
 
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-40283"
+# CVE-2023-40283 needs backporting (fixed from 5.15.126)
 
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-40791"
-
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4128"
+# CVE-2023-4128 needs backporting (fixed from 5.15.126)
 
 # cpe-stable-backport: Backported in 5.15.121
 CVE_CHECK_IGNORE += "CVE-2023-4132"
@@ -7285,35 +7232,15 @@ CVE_CHECK_IGNORE += "CVE-2023-4147"
 # fixed-version: only affects 6.3rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4194"
 
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4206"
-
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4207"
-
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4208"
+# CVE-2023-4206 needs backporting (fixed from 5.15.126)
 
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-4244"
+# CVE-2023-4207 needs backporting (fixed from 5.15.126)
 
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-4273"
+# CVE-2023-4208 needs backporting (fixed from 5.15.126)
 
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-42752"
+# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
 
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-42753"
-
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-42754"
-
-# cpe-stable-backport: Backported in 5.15.133
-CVE_CHECK_IGNORE += "CVE-2023-42755"
-
-# fixed-version: only affects 6.4rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2023-42756"
+# CVE-2023-4273 needs backporting (fixed from 5.15.128)
 
 # cpe-stable-backport: Backported in 5.15.46
 CVE_CHECK_IGNORE += "CVE-2023-4385"
@@ -7327,135 +7254,21 @@ CVE_CHECK_IGNORE += "CVE-2023-4389"
 # fixed-version: only affects 5.16rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4394"
 
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-44466"
-
 # cpe-stable-backport: Backported in 5.15.42
 CVE_CHECK_IGNORE += "CVE-2023-4459"
 
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-4563"
+# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
 
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-4569"
-
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-45862"
-
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-45863"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-45871"
-
-# fixed-version: only affects 6.5rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-45898"
-
-# CVE-2023-4610 needs backporting (fixed from 6.4)
+# CVE-2023-4569 needs backporting (fixed from 5.15.128)
 
 # fixed-version: only affects 6.4rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4611"
 
 # CVE-2023-4622 needs backporting (fixed from 6.5rc1)
 
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-4623"
-
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-46813"
-
-# cpe-stable-backport: Backported in 5.15.140
-CVE_CHECK_IGNORE += "CVE-2023-46862"
-
-# CVE-2023-47233 has no known resolution
-
-# fixed-version: Fixed after version 5.14rc1
-CVE_CHECK_IGNORE += "CVE-2023-4732"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-4881"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-4921"
-
-# CVE-2023-50431 has no known resolution
-
-# fixed-version: only affects 6.0rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5090"
-
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2023-5158"
-
-# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
-
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-5178"
-
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-51780"
-
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-51781"
-
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-51782"
-
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-5197"
-
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5345"
-
-# fixed-version: only affects 6.2 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5633"
-
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-5717"
-
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5972"
-
-# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
-
-# fixed-version: only affects 6.6rc3 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6111"
-
-# cpe-stable-backport: Backported in 5.15.141
-CVE_CHECK_IGNORE += "CVE-2023-6121"
-
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-6176"
-
-# CVE-2023-6238 has no known resolution
-
-# CVE-2023-6356 has no known resolution
-
-# CVE-2023-6535 has no known resolution
-
-# CVE-2023-6536 has no known resolution
-
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-6546"
-
-# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
-
-# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
-
-# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
-
-# cpe-stable-backport: Backported in 5.15.143
-CVE_CHECK_IGNORE += "CVE-2023-6622"
-
-# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
-
-# cpe-stable-backport: Backported in 5.15.143
-CVE_CHECK_IGNORE += "CVE-2023-6817"
-
-# cpe-stable-backport: Backported in 5.15.143
-CVE_CHECK_IGNORE += "CVE-2023-6931"
+# CVE-2023-4623 needs backporting (fixed from 6.6rc1)
 
-# cpe-stable-backport: Backported in 5.15.142
-CVE_CHECK_IGNORE += "CVE-2023-6932"
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
 
-# CVE-2023-7042 has no known resolution
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
 
-- 
2.34.1

[OE-core][kirkstone 6/9] Revert "linux-yocto/5.15: update to v5.15.146"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit ee4695138e36155c8e0b173f7952372693c0589a.
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 1e61698222..4f02e5acfa 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "daa620f017a02ae381f1e54be7ceb8a2f3e3caee"
-SRCREV_meta ?= "be429ba6790683eae6d1c34d527af29890988c25"
+SRCREV_machine ?= "cf2f74df4ffdee7034979616bc37c5717b0d6070"
+SRCREV_meta ?= "d3ba5beca1136447584b7af10546fff974c36cc1"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.146"
+LINUX_VERSION ?= "5.15.145"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index c7c4e09bd9..037c33f434 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.146"
+LINUX_VERSION ?= "5.15.145"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "aade2fc343af128889d6c6f1071ec1a8e9a548a8"
-SRCREV_meta ?= "be429ba6790683eae6d1c34d527af29890988c25"
+SRCREV_machine ?= "3b30ca7fb1716cd0f7bbf16c1253d8a4bbdeb421"
+SRCREV_meta ?= "d3ba5beca1136447584b7af10546fff974c36cc1"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index ef8c18b1b2..0cb559b162 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "f59d00a628c3ddb39052284a4a7bd54f9ee12999"
-SRCREV_machine:qemuarm64 ?= "8b10556d4fd67dec1a16252ef0d3058dfe31dff5"
-SRCREV_machine:qemumips ?= "b0c8aefa7811fd3b7cebb25c1565f73523c7b2ac"
-SRCREV_machine:qemuppc ?= "0ebd785a8436934e3f3e6dea6506de7f7ed9947e"
-SRCREV_machine:qemuriscv64 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
-SRCREV_machine:qemuriscv32 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
-SRCREV_machine:qemux86 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
-SRCREV_machine:qemux86-64 ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
-SRCREV_machine:qemumips64 ?= "187d249255a797c470b0680f28e18a17a05c3bb4"
-SRCREV_machine ?= "ea4d6bb2c229f41b49dc8a8a9cdcd6d7e55dc46f"
-SRCREV_meta ?= "be429ba6790683eae6d1c34d527af29890988c25"
+SRCREV_machine:qemuarm ?= "5b261b61614c090b787fdadb865c5db3ee0171f4"
+SRCREV_machine:qemuarm64 ?= "fdaf870c63fc887b40138cca652ae961c9556a95"
+SRCREV_machine:qemumips ?= "8a07b5a788879035d1eea4df0780a40d131cf5d9"
+SRCREV_machine:qemuppc ?= "fffda6901d92bf63f7876cb6d912492030995588"
+SRCREV_machine:qemuriscv64 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
+SRCREV_machine:qemuriscv32 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
+SRCREV_machine:qemux86 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
+SRCREV_machine:qemux86-64 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
+SRCREV_machine:qemumips64 ?= "510f5a0a3daaf9f970b610a427f77c52289a2777"
+SRCREV_machine ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
+SRCREV_meta ?= "d3ba5beca1136447584b7af10546fff974c36cc1"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "26c690eff0a56293e0b6911a38e406c211b35547"
+SRCREV_machine:class-devupstream ?= "d93fa2c78854d25ed4b67ac87f1c3c264d8b27fb"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.146"
+LINUX_VERSION ?= "5.15.145"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 7/9] Revert "linux-yocto/5.15: update to v5.15.145"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit 03794866c1333113c909ef88dc232bcc47a7c459.
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 4f02e5acfa..37fb729e0d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "cf2f74df4ffdee7034979616bc37c5717b0d6070"
-SRCREV_meta ?= "d3ba5beca1136447584b7af10546fff974c36cc1"
+SRCREV_machine ?= "205938506aafa86698f2753a59d2c9f13d080fbb"
+SRCREV_meta ?= "9a1e0301f56cda16a9fabd03745dba445f068349"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.145"
+LINUX_VERSION ?= "5.15.142"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 037c33f434..f502030c9d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.145"
+LINUX_VERSION ?= "5.15.142"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "3b30ca7fb1716cd0f7bbf16c1253d8a4bbdeb421"
-SRCREV_meta ?= "d3ba5beca1136447584b7af10546fff974c36cc1"
+SRCREV_machine ?= "53b8058476d634a0103dff993e24d15b1fd087c7"
+SRCREV_meta ?= "9a1e0301f56cda16a9fabd03745dba445f068349"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 0cb559b162..1021065bf7 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "5b261b61614c090b787fdadb865c5db3ee0171f4"
-SRCREV_machine:qemuarm64 ?= "fdaf870c63fc887b40138cca652ae961c9556a95"
-SRCREV_machine:qemumips ?= "8a07b5a788879035d1eea4df0780a40d131cf5d9"
-SRCREV_machine:qemuppc ?= "fffda6901d92bf63f7876cb6d912492030995588"
-SRCREV_machine:qemuriscv64 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
-SRCREV_machine:qemuriscv32 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
-SRCREV_machine:qemux86 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
-SRCREV_machine:qemux86-64 ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
-SRCREV_machine:qemumips64 ?= "510f5a0a3daaf9f970b610a427f77c52289a2777"
-SRCREV_machine ?= "dd7a3940edb28ce99789430818b521c38dec4c6f"
-SRCREV_meta ?= "d3ba5beca1136447584b7af10546fff974c36cc1"
+SRCREV_machine:qemuarm ?= "325679bc1a595ca81783f7652e13ce7f2be58620"
+SRCREV_machine:qemuarm64 ?= "338f086bcd841a5b0239ddb66c34ca23ff5af2f5"
+SRCREV_machine:qemumips ?= "af26192f4dd0fc7396faedd4653034ae02d5ed6d"
+SRCREV_machine:qemuppc ?= "be567407d4d9009407c4e7a511e7227fcb36b0b7"
+SRCREV_machine:qemuriscv64 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
+SRCREV_machine:qemuriscv32 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
+SRCREV_machine:qemux86 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
+SRCREV_machine:qemux86-64 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
+SRCREV_machine:qemumips64 ?= "3a2ff5c2f2e6e0c0653da1192081681e2a50b592"
+SRCREV_machine ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
+SRCREV_meta ?= "9a1e0301f56cda16a9fabd03745dba445f068349"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "d93fa2c78854d25ed4b67ac87f1c3c264d8b27fb"
+SRCREV_machine:class-devupstream ?= "8a1d809b05454b2e08fb3d801787917975fdb037"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.145"
+LINUX_VERSION ?= "5.15.142"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 8/9] Revert "linux-yocto/5.15: update to v5.15.142"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit 4deed206f92fc207d18cdb4c8bc35ce1bf0fb0f6.
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 37fb729e0d..f7286759a9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "205938506aafa86698f2753a59d2c9f13d080fbb"
-SRCREV_meta ?= "9a1e0301f56cda16a9fabd03745dba445f068349"
+SRCREV_machine ?= "423b5d5cb3f45a272285fa4157d1964086fabc2e"
+SRCREV_meta ?= "92bd0a656f0f9db955fb53c52be71cce9296bdb2"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.142"
+LINUX_VERSION ?= "5.15.141"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index f502030c9d..7461087299 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.142"
+LINUX_VERSION ?= "5.15.141"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "53b8058476d634a0103dff993e24d15b1fd087c7"
-SRCREV_meta ?= "9a1e0301f56cda16a9fabd03745dba445f068349"
+SRCREV_machine ?= "ddf2eeeb31d1edaa5a80e9aabc8b2674ae95f865"
+SRCREV_meta ?= "92bd0a656f0f9db955fb53c52be71cce9296bdb2"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 1021065bf7..c7b07dee62 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "325679bc1a595ca81783f7652e13ce7f2be58620"
-SRCREV_machine:qemuarm64 ?= "338f086bcd841a5b0239ddb66c34ca23ff5af2f5"
-SRCREV_machine:qemumips ?= "af26192f4dd0fc7396faedd4653034ae02d5ed6d"
-SRCREV_machine:qemuppc ?= "be567407d4d9009407c4e7a511e7227fcb36b0b7"
-SRCREV_machine:qemuriscv64 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
-SRCREV_machine:qemuriscv32 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
-SRCREV_machine:qemux86 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
-SRCREV_machine:qemux86-64 ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
-SRCREV_machine:qemumips64 ?= "3a2ff5c2f2e6e0c0653da1192081681e2a50b592"
-SRCREV_machine ?= "97015a8737f3f284f9a9c4967bf12c8b26efcdcc"
-SRCREV_meta ?= "9a1e0301f56cda16a9fabd03745dba445f068349"
+SRCREV_machine:qemuarm ?= "0bd882ff2a47566033965928ab468491f7e1ffd6"
+SRCREV_machine:qemuarm64 ?= "d353330a9ba30300be32f1d732723ae3678da684"
+SRCREV_machine:qemumips ?= "7f8fbffda634dc22a70f69ff2b762a1f3ff9c842"
+SRCREV_machine:qemuppc ?= "fb2191ca96824c7451fbca4eef129660d25711af"
+SRCREV_machine:qemuriscv64 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
+SRCREV_machine:qemuriscv32 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
+SRCREV_machine:qemux86 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
+SRCREV_machine:qemux86-64 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
+SRCREV_machine:qemumips64 ?= "35895af6b529915f9c09a720592554feaca9a2c7"
+SRCREV_machine ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
+SRCREV_meta ?= "92bd0a656f0f9db955fb53c52be71cce9296bdb2"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "8a1d809b05454b2e08fb3d801787917975fdb037"
+SRCREV_machine:class-devupstream ?= "9b91d36ba301db86bbf9e783169f7f6abf2585d8"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.142"
+LINUX_VERSION ?= "5.15.141"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 9/9] Revert "linux-yocto/5.15: update to v5.15.141"

[Steve Sakoman]

This series is causing issues with adding and resizing partitions.

This reverts commit 5832eebee3c150a30bd489699ca693240d11beda.
---
 .../linux/linux-yocto-rt_5.15.bb              |  6 ++---
 .../linux/linux-yocto-tiny_5.15.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index f7286759a9..6ac3118f81 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "423b5d5cb3f45a272285fa4157d1964086fabc2e"
-SRCREV_meta ?= "92bd0a656f0f9db955fb53c52be71cce9296bdb2"
+SRCREV_machine ?= "0ac91942af8fec31671ffe62e9518aaf15f110b3"
+SRCREV_meta ?= "f484a7f175b4f3c4f7d2b553cde232bd41f757d8"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.15.141"
+LINUX_VERSION ?= "5.15.124"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 7461087299..9c06ddf200 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.15.141"
+LINUX_VERSION ?= "5.15.124"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "ddf2eeeb31d1edaa5a80e9aabc8b2674ae95f865"
-SRCREV_meta ?= "92bd0a656f0f9db955fb53c52be71cce9296bdb2"
+SRCREV_machine ?= "cdb289c798fe1fc9f259a08c32e2dd9516ccb7a4"
+SRCREV_meta ?= "f484a7f175b4f3c4f7d2b553cde232bd41f757d8"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index c7b07dee62..439479022b 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86  ?= "v5.15/standard/base"
 KBRANCH:qemux86-64 ?= "v5.15/standard/base"
 KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "0bd882ff2a47566033965928ab468491f7e1ffd6"
-SRCREV_machine:qemuarm64 ?= "d353330a9ba30300be32f1d732723ae3678da684"
-SRCREV_machine:qemumips ?= "7f8fbffda634dc22a70f69ff2b762a1f3ff9c842"
-SRCREV_machine:qemuppc ?= "fb2191ca96824c7451fbca4eef129660d25711af"
-SRCREV_machine:qemuriscv64 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
-SRCREV_machine:qemuriscv32 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
-SRCREV_machine:qemux86 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
-SRCREV_machine:qemux86-64 ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
-SRCREV_machine:qemumips64 ?= "35895af6b529915f9c09a720592554feaca9a2c7"
-SRCREV_machine ?= "54a3472506956ed41289ae423ca9b7ad4cbb3ab5"
-SRCREV_meta ?= "92bd0a656f0f9db955fb53c52be71cce9296bdb2"
+SRCREV_machine:qemuarm ?= "676a22c65ec0f8bb5dc7e13d130f6e3764959d75"
+SRCREV_machine:qemuarm64 ?= "f0e7afd5948f71be062cd9194b56cd03de94b7cb"
+SRCREV_machine:qemumips ?= "0f1ceb9008f182cd7f21420bbec6f21a67da8397"
+SRCREV_machine:qemuppc ?= "4ec9fc13283ce01627ef8c32617a1eb71e127c62"
+SRCREV_machine:qemuriscv64 ?= "1c09be01f4b87f60ea64136459167d73502a118f"
+SRCREV_machine:qemuriscv32 ?= "1c09be01f4b87f60ea64136459167d73502a118f"
+SRCREV_machine:qemux86 ?= "1c09be01f4b87f60ea64136459167d73502a118f"
+SRCREV_machine:qemux86-64 ?= "1c09be01f4b87f60ea64136459167d73502a118f"
+SRCREV_machine:qemumips64 ?= "fad09cc6acf2175aa6b5979ef48cd5f05afc3da0"
+SRCREV_machine ?= "1c09be01f4b87f60ea64136459167d73502a118f"
+SRCREV_meta ?= "f484a7f175b4f3c4f7d2b553cde232bd41f757d8"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "9b91d36ba301db86bbf9e783169f7f6abf2585d8"
+SRCREV_machine:class-devupstream ?= "38d4ca22a5288c4bae7e6d62a1728b0718d51866"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v5.15/base"
 
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.141"
+LINUX_VERSION ?= "5.15.124"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, November 27

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2776

The following changes since commit ff72b41a3f0bf1820405b8782f0d125cd10e3406:

  oe-build-perf-report: relax metadata matching rules (2025-11-19 08:28:19 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Divya Chellam (3):
  ruby: fix CVE-2024-35176
  ruby: fix CVE-2024-39908
  ruby: fix CVE-2024-41123

Gyorgy Sarvari (1):
  flac: patch seeking bug

Peter Marko (3):
  libarchive: patch 3.8.3 security issue 1
  libarchive: patch 3.8.3 security issue 2
  libarchive: patch CVE-2025-60753

Praveen Kumar (1):
  python3: fix CVE-2025-6075

Vijay Anusuri (1):
  python3-idna: Fix CVE-2024-3651

 .../python/python3-idna/CVE-2024-3651.patch   | 2484 +++++++++++++++++
 .../python/python3-idna_3.3.bb                |    2 +
 .../python/python3/CVE-2025-6075.patch        |  364 +++
 .../python/python3_3.10.19.bb                 |    1 +
 .../ruby/ruby/CVE-2024-35176.patch            |  112 +
 .../ruby/ruby/CVE-2024-39908-0001.patch       |   46 +
 .../ruby/ruby/CVE-2024-39908-0002.patch       |  130 +
 .../ruby/ruby/CVE-2024-39908-0003.patch       |   46 +
 .../ruby/ruby/CVE-2024-39908-0004.patch       |   76 +
 .../ruby/ruby/CVE-2024-39908-0005.patch       |   87 +
 .../ruby/ruby/CVE-2024-39908-0006.patch       |   44 +
 .../ruby/ruby/CVE-2024-39908-0007.patch       |   44 +
 .../ruby/ruby/CVE-2024-39908-0008.patch       |   44 +
 .../ruby/ruby/CVE-2024-39908-0009.patch       |   36 +
 .../ruby/ruby/CVE-2024-39908-0010.patch       |   53 +
 .../ruby/ruby/CVE-2024-39908-0011.patch       |   35 +
 .../ruby/ruby/CVE-2024-39908-0012.patch       |   36 +
 .../ruby/ruby/CVE-2024-41123-0001.patch       |   44 +
 .../ruby/ruby/CVE-2024-41123-0002.patch       |   37 +
 .../ruby/ruby/CVE-2024-41123-0003.patch       |   55 +
 .../ruby/ruby/CVE-2024-41123-0004.patch       |  163 ++
 .../ruby/ruby/CVE-2024-41123-0005.patch       |  111 +
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   18 +
 ...ax-path-length-metadata-writing-2243.patch |   30 +
 ...request-2696-from-al3xtjames-mkstemp.patch |   28 +
 ...st-2749-from-KlaraSystems-des-tempdi.patch |  183 ++
 ...st-2753-from-KlaraSystems-des-temp-f.patch |  190 ++
 ...-request-2768-from-Commandoss-master.patch |   28 +
 .../libarchive/CVE-2025-60753.patch           |   76 +
 .../libarchive/libarchive_3.6.2.bb            |    6 +
 .../flac/files/0001-Fix-seeking-bug.patch     |   34 +
 meta/recipes-multimedia/flac/flac_1.3.4.bb    |    3 +-
 32 files changed, 4645 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/python/python3-idna/CVE-2024-3651.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-35176.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Fix-max-path-length-metadata-writing-2243.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
 create mode 100644 meta/recipes-multimedia/flac/files/0001-Fix-seeking-bug.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Friday, September 5

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2309

The following changes since commit 36cf6bb39df081b27306d27b20155995b73e1a01:

  Revert "sqlite3: patch CVE-2025-7458" (2025-09-01 08:18:45 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Deepak Rathore (1):
  default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue

Kyungjik Min (1):
  pulseaudio: Add audio group explicitly

Mingli Yu (1):
  vim: not adjust script pathnames for native scripts either

Peter Marko (2):
  vim: upgrade 9.1.1198 -> 9.1.1652
  sudo: remove devtool FIXME comment

Praveen Kumar (1):
  git: fix CVE-2025-48384

Yogita Urade (3):
  tiff: fix CVE-2024-13978
  tiff: fix CVE-2025-8534
  tiff: fix CVE-2025-8851

 meta-selftest/files/static-group              |  1 +
 .../distro/include/default-distrovars.inc     |  2 +-
 meta/lib/oeqa/sdk/buildtools-cases/https.py   |  4 +-
 .../git/git/CVE-2025-48384.patch              | 85 +++++++++++++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |  1 +
 meta/recipes-extended/sudo/sudo_1.9.17p1.bb   | 52 ------------
 .../libtiff/tiff/CVE-2024-13978.patch         | 47 ++++++++++
 .../libtiff/tiff/CVE-2025-8534.patch          | 60 +++++++++++++
 .../libtiff/tiff/CVE-2025-8851.patch          | 71 ++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  3 +
 .../pulseaudio/pulseaudio.inc                 |  2 +-
 ...src-Makefile-improve-reproducibility.patch | 10 +--
 .../vim/files/disable_acl_header_check.patch  | 12 +--
 .../vim/files/no-path-adjust.patch            | 35 +++++---
 meta/recipes-support/vim/vim.inc              |  7 +-
 15 files changed, 308 insertions(+), 84 deletions(-)
 create mode 100644 meta/recipes-devtools/git/git/CVE-2025-48384.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8851.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 28

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2267

The following changes since commit e401a16d8e26d25cec95fcea98d6530036cffca1:

  libubootenv: backport patch to fix unknown type name 'size_t' (2025-08-19 10:14:55 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Hitendra Prajapati (1):
  gstreamer1.0-plugins-base: fix CVE-2025-47807

Jiaying Song (1):
  openssl: fix CVE-2023-50781

Peter Marko (4):
  qemu: ignore CVE-2024-7730
  glib-2.0: patch CVE-2025-7039
  dpkg: patch CVE-2025-6297
  libarchive: patch regression of patch for CVE-2025-5918

Vijay Anusuri (3):
  xserver-xorg: Fix for CVE-2025-49178
  xserver-xorg: Fix for CVE-2025-49179
  xserver-xorg: Fix for CVE-2025-49180

 .../openssl/openssl/CVE-2023-50781-1.patch    | 618 ++++++++++++++++++
 .../openssl/openssl/CVE-2023-50781-2.patch    | 358 ++++++++++
 .../openssl/openssl/CVE-2023-50781-3.patch    |  41 ++
 .../openssl/openssl/CVE-2023-50781-4.patch    | 441 +++++++++++++
 .../openssl/openssl/CVE-2023-50781-5.patch    | 284 ++++++++
 .../openssl/openssl/CVE-2023-50781-6.patch    |  57 ++
 .../openssl/openssl_3.0.17.bb                 |   8 +-
 .../glib-2.0/glib-2.0/CVE-2025-7039-01.patch  |  40 ++
 .../glib-2.0/glib-2.0/CVE-2025-7039-02.patch  |  43 ++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |   2 +
 .../dpkg/dpkg/CVE-2025-6297.patch             | 125 ++++
 meta/recipes-devtools/dpkg/dpkg_1.21.4.bb     |   1 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +
 ...2025-5918.patch => CVE-2025-5918-01.patch} |   0
 .../libarchive/CVE-2025-5918-02.patch         |  51 ++
 .../libarchive/libarchive_3.6.2.bb            |   3 +-
 .../xserver-xorg/CVE-2025-49178.patch         |  49 ++
 .../xserver-xorg/CVE-2025-49179.patch         |  67 ++
 .../xserver-xorg/CVE-2025-49180-1.patch       |  44 ++
 .../xserver-xorg/CVE-2025-49180-2.patch       |  52 ++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   4 +
 .../CVE-2025-47807.patch                      |  49 ++
 .../gstreamer1.0-plugins-base_1.20.7.bb       |   1 +
 23 files changed, 2339 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-1.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-2.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-3.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-4.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-5.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-50781-6.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039-02.patch
 create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch
 rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-5918.patch => CVE-2025-5918-01.patch} (100%)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49178.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49179.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49180-2.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, August 21

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2236

The following changes since commit 3d1c037a7cb7858a4e3c33a94f5d343a81aac5f7:

  go-helloworld: fix license (2025-08-12 09:57:24 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Dan McGregor (1):
  systemd: Fix manpage build after CVE-2025-4598

Hitendra Prajapati (3):
  gstreamer1.0-plugins-base: fix CVE-2025-47806 & CVE-2025-47808
  gstreamer1.0-plugins-good: fix CVE-2025-47183 & CVE-2025-47219
  git: fix CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835

Peter Marko (1):
  glib-2.0: ignore CVE-2025-4056

Vijay Anusuri (3):
  xserver-xorg: Fix for CVE-2025-49175
  xserver-xorg: Fix for CVE-2025-49176
  xserver-xorg: Fix for CVE-2025-49177

Youngseok Jeong (1):
  libubootenv: backport patch to fix unknown type name 'size_t'

 ...-Include-cstddef-in-the-header-for-C.patch |   27 +
 meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb  |    6 +-
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |    3 +
 .../systemd/systemd/CVE-2025-4598-0003.patch  |    7 +-
 ...-27613-CVE-2025-46334-CVE-2025-46835.patch | 2500 +++++++++++++++++
 meta/recipes-devtools/git/git_2.35.7.bb       |    1 +
 .../xserver-xorg/CVE-2025-49175.patch         |   91 +
 .../xserver-xorg/CVE-2025-49176-1.patch       |   92 +
 .../xserver-xorg/CVE-2025-49176-2.patch       |   37 +
 .../xserver-xorg/CVE-2025-49177.patch         |   54 +
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |    4 +
 .../CVE-2025-47806.patch                      |   50 +
 .../CVE-2025-47808.patch                      |   36 +
 .../gstreamer1.0-plugins-base_1.20.7.bb       |    2 +
 .../CVE-2025-47183-001.patch                  |  151 +
 .../CVE-2025-47183-002.patch                  |   80 +
 .../CVE-2025-47219.patch                      |   40 +
 .../gstreamer1.0-plugins-good_1.20.7.bb       |    3 +
 18 files changed, 3179 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-bsp/u-boot/files/0001-Include-cstddef-in-the-header-for-C.patch
 create mode 100644 meta/recipes-devtools/git/git/CVE-2025-27614-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49175.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49176-2.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-49177.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, July 8

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1949

The following changes since commit 75e54301c5076eb0454aee33c870adf078f563fd:

  build-appliance-image: Update to kirkstone head revision (2025-06-27 08:10:04 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (6):
  xwayland: fix CVE-2025-49175
  xwayland: fix CVE-2025-49176
  xwayland: fix CVE-2025-49177
  xwayland: fix CVE-2025-49178
  xwayland: fix CVE-2025-49178
  xwayland: fix CVE-2025-49180

Chen Qi (1):
  systemd: backport patches to fix CVE-2025-4598

Colin Pinnell McAllister (1):
  libarchive: Fix CVE-2025-5914

Yogita Urade (1):
  python3-urllib3: fix CVE-2025-50181

 .../systemd/systemd/CVE-2025-4598-0001.patch  |  92 ++++++++
 .../systemd/systemd/CVE-2025-4598-0002.patch  | 106 +++++++++
 .../systemd/systemd/CVE-2025-4598-0003.patch  | 144 ++++++++++++
 .../systemd/systemd/CVE-2025-4598-0004.patch  |  36 +++
 meta/recipes-core/systemd/systemd_250.14.bb   |   4 +
 .../python3-urllib3/CVE-2025-50181.patch      | 214 ++++++++++++++++++
 .../python/python3-urllib3_1.26.18.bb         |   4 +
 .../libarchive/libarchive/CVE-2025-5914.patch |  46 ++++
 .../libarchive/libarchive_3.6.2.bb            |   1 +
 .../xwayland/xwayland/CVE-2025-49175.patch    |  92 ++++++++
 .../xwayland/CVE-2025-49176-0001.patch        |  93 ++++++++
 .../xwayland/CVE-2025-49176-0002.patch        |  38 ++++
 .../xwayland/xwayland/CVE-2025-49177.patch    |  55 +++++
 .../xwayland/xwayland/CVE-2025-49178.patch    |  50 ++++
 .../xwayland/xwayland/CVE-2025-49179.patch    |  69 ++++++
 .../xwayland/xwayland/CVE-2025-49180.patch    |  45 ++++
 .../xwayland/xwayland_22.1.8.bb               |   7 +
 17 files changed, 1096 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0001.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0002.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0003.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2025-4598-0004.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49175.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49176-0002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49177.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49178.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49179.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2025-49180.patch

-- 
2.43.0

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 19

Passed a-full on autobuilder:

https://valkyrie.yoctoproject.org/#/builders/29/builds/663

The following changes since commit b132b817f5931b290e5348dd4a17fbfdc5c6e2c4:

  dbus: disable assertions and enable only modular tests (2024-12-10 05:38:29 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Kiernan (1):
  base-passwd: Add the sgx group

Alexandre Belloni (1):
  base-passwd: fix patchreview warning

Ernst Persson (1):
  package.bbclass: Use shlex instead of deprecated pipes

Jiaying Song (1):
  subversion: fix CVE-2024-46901

Louis Rannou (1):
  base-passwd: add the wheel group

Peter Kjellerstedt (3):
  base-passwd: Regenerate the patches
  base-passwd: Update to 3.5.52
  base-passwd: Update the status for two patches

Yogita Urade (1):
  xserver-xorg: fix CVE-2024-9632

 meta/classes/package.bbclass                  |   4 +-
 .../0001-Add-a-shutdown-group.patch           |  26 +++
 .../0001-base-passwd-Add-the-sgx-group.patch  |  30 ++++
 ...nstead-of-bin-bash-for-the-root-user.patch |  23 +++
 ...t-since-we-do-not-have-an-etc-shadow.patch |  21 +++
 ...put-group-for-the-dev-input-devices.patch} |  17 +-
 .../{kvm.patch => 0005-Add-kvm-group.patch}   |   2 +-
 ...ble-to-build-without-debconf-support.patch | 129 ++++++++++++++
 ...-to-disable-the-generation-of-the-do.patch |  46 +++++
 .../base-passwd/0008-Add-wheel-group.patch    |  20 +++
 .../base-passwd/add_shutdown.patch            |  19 ---
 .../base-passwd/disable-docs.patch            |  24 ---
 .../base-passwd/disable-shell.patch           |  57 -------
 .../base-passwd/base-passwd/nobash.patch      |  15 --
 .../base-passwd/base-passwd/noshadow.patch    |  14 --
 ...passwd_3.5.29.bb => base-passwd_3.5.52.bb} |  30 ++--
 .../subversion/CVE-2024-46901.patch           | 161 ++++++++++++++++++
 .../subversion/subversion_1.14.2.bb           |   3 +-
 .../xserver-xorg/CVE-2024-9632.patch          |  58 +++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |   1 +
 20 files changed, 547 insertions(+), 153 deletions(-)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
 rename meta/recipes-core/base-passwd/base-passwd/{input.patch => 0004-Add-an-input-group-for-the-dev-input-devices.patch} (42%)
 rename meta/recipes-core/base-passwd/base-passwd/{kvm.patch => 0005-Add-kvm-group.patch} (88%)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/nobash.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/noshadow.patch
 rename meta/recipes-core/base-passwd/{base-passwd_3.5.29.bb => base-passwd_3.5.52.bb} (79%)
 create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and hjave comments back by
end of day Tuesday, June 25

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7065

The following changes since commit ab2649ef6c83f0ae7cac554a72e6bea4dcda0e99:

  build-appliance-image: Update to kirkstone head revision (2024-06-01 19:12:27 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Changqing Li (1):
  man-pages: remove conflict pages

Deepthi Hemraj (1):
  glibc: stable 2.35 branch updates

Khem Raj (1):
  gobject-introspection: Do not hardcode objdump name

Peter Marko (1):
  glib-2.0: patch CVE-2024-34397

Siddharth (1):
  openssl: Upgrade 3.0.13 -> 3.0.14

Siddharth Doshi (1):
  libxml2: Security fix for CVE-2024-34459

Thomas Perrot (1):
  man-pages: add an alternative link name for crypt_r.3

Yogita Urade (2):
  acpica: fix CVE-2024-24856
  ruby: fix CVE-2024-27280

 .../openssl/openssl/CVE-2024-2511.patch       | 122 ---
 .../openssl/openssl/CVE-2024-4603.patch       | 180 ----
 .../{openssl_3.0.13.bb => openssl_3.0.14.bb}  |   4 +-
 .../glib-2.0/glib-2.0/CVE-2024-34397_01.patch | 129 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_02.patch |  62 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_03.patch | 985 ++++++++++++++++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_04.patch | 253 +++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_05.patch |  88 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_06.patch | 263 +++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_07.patch |  45 +
 .../glib-2.0/glib-2.0/CVE-2024-34397_08.patch | 168 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_09.patch |  81 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_10.patch | 108 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_11.patch | 133 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_12.patch | 173 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_13.patch | 513 +++++++++
 .../glib-2.0/glib-2.0/CVE-2024-34397_14.patch |  75 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_15.patch |  47 +
 .../glib-2.0/glib-2.0/CVE-2024-34397_16.patch |  62 ++
 .../glib-2.0/glib-2.0/CVE-2024-34397_17.patch | 121 +++
 .../glib-2.0/glib-2.0/CVE-2024-34397_18.patch |  50 +
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  18 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../libxml/libxml2/CVE-2024-34459.patch       |  30 +
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   1 +
 .../ruby/ruby/CVE-2024-27280.patch            |  87 ++
 meta/recipes-devtools/ruby/ruby_3.1.3.bb      |   1 +
 .../acpica/acpica/CVE-2024-24856.patch        |  33 +
 .../acpica/acpica_20211217.bb                 |   4 +-
 .../man-pages/man-pages_5.13.bb               |  12 +-
 .../gobject-introspection_1.72.0.bb           |   2 +-
 31 files changed, 3536 insertions(+), 316 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-2511.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch
 rename meta/recipes-connectivity/openssl/{openssl_3.0.13.bb => openssl_3.0.14.bb} (98%)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_02.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_03.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_04.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_05.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_06.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_07.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_08.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_09.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_10.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_11.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_12.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_13.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_14.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_15.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_16.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_17.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-34397_18.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2024-34459.patch
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27280.patch
 create mode 100644 meta/recipes-extended/acpica/acpica/CVE-2024-24856.patch

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6758

The following changes since commit 1b5405955c7c2579ed1f52522e2e177d0281fa33:

  glibc: Fix subscript typos for get_nscd_addresses (2024-03-19 03:33:32 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Claus Stovgaard (1):
  gcc: Backport sanitizer fix for 32-bit ALSR

Colin McAllister (1):
  common-licenses: Backport missing license

Lee Chee Yang (2):
  xwayland: fix CVE-2023-6816 CVE-2024-0408/0409
  tiff: fix CVE-2023-52356 CVE-2023-6277

Meenali Gupta (1):
  expat: fix CVE-2023-52425

Tan Wen Yan (1):
  python3-urllib3: update to v1.26.18

Vijay Anusuri (2):
  curl: backport Debian patch for CVE-2024-2398
  qemu: Fix for CVE-2023-6683

aszh07 (1):
  nghttp2: fix CVE-2023-44487

 .../LGPL-3.0-with-zeromq-exception            | 181 ++++
 .../expat/expat/CVE-2023-52425-0001.patch     |  40 +
 .../expat/expat/CVE-2023-52425-0002.patch     |  87 ++
 .../expat/expat/CVE-2023-52425-0003.patch     | 222 +++++
 .../expat/expat/CVE-2023-52425-0004.patch     |  42 +
 .../expat/expat/CVE-2023-52425-0005.patch     |  69 ++
 .../expat/expat/CVE-2023-52425-0006.patch     |  67 ++
 .../expat/expat/CVE-2023-52425-0007.patch     | 159 +++
 .../expat/expat/CVE-2023-52425-0008.patch     |  95 ++
 .../expat/expat/CVE-2023-52425-0009.patch     |  52 +
 .../expat/expat/CVE-2023-52425-0010.patch     | 111 +++
 .../expat/expat/CVE-2023-52425-0011.patch     |  89 ++
 .../expat/expat/CVE-2023-52425-0012.patch     |  87 ++
 meta/recipes-core/expat/expat_2.5.0.bb        |  12 +
 meta/recipes-devtools/gcc/gcc-11.4.inc        |   1 +
 .../gcc/gcc/0031-gcc-sanitizers-fix.patch     |  63 ++
 ..._1.26.17.bb => python3-urllib3_1.26.18.bb} |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2023-6683.patch             |  92 ++
 .../xwayland/xwayland/CVE-2023-6816.patch     |  57 ++
 .../xwayland/xwayland/CVE-2024-0408.patch     |  65 ++
 .../xwayland/xwayland/CVE-2024-0409.patch     |  47 +
 .../xwayland/xwayland_22.1.8.bb               |   3 +
 .../libtiff/tiff/CVE-2023-52356.patch         |  54 +
 .../libtiff/tiff/CVE-2023-6277-1.patch        | 178 ++++
 .../libtiff/tiff/CVE-2023-6277-2.patch        | 151 +++
 .../libtiff/tiff/CVE-2023-6277-3.patch        |  46 +
 .../libtiff/tiff/CVE-2023-6277-4.patch        |  93 ++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   5 +
 .../curl/curl/CVE-2024-2398.patch             |  89 ++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 .../nghttp2/nghttp2/CVE-2023-44487.patch      | 927 ++++++++++++++++++
 .../recipes-support/nghttp2/nghttp2_1.47.0.bb |   1 +
 33 files changed, 3188 insertions(+), 1 deletion(-)
 create mode 100644 meta/files/common-licenses/LGPL-3.0-with-zeromq-exception
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0001.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0002.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0003.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0004.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0005.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0006.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0007.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0008.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0009.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0010.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0011.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52425-0012.patch
 create mode 100644 meta/recipes-devtools/gcc/gcc/0031-gcc-sanitizers-fix.patch
 rename meta/recipes-devtools/python/{python3-urllib3_1.26.17.bb => python3-urllib3_1.26.18.bb} (86%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6816.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0408.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2024-0409.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-1.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-3.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-2398.patch
 create mode 100644 meta/recipes-support/nghttp2/nghttp2/CVE-2023-44487.patch

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5492

The following changes since commit 0e17a5a4f0e3301bf78f77bb5ca4aaf3e4dbc7af:

  Revert "ipk: Decode byte data to string in manifest handling" (2023-06-17 05:18:44 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Archana Polampalli (1):
  nasm: fix CVE-2022-46457

Bruce Ashfield (1):
  kernel: don't force PAHOLE=false

Chen Qi (1):
  staging.bbclass: do not add extend_recipe_sysroot to prefuncs of
    prepare_recipe_sysroot

Lorenzo Arena (1):
  conf: add nice level to the hash config ignred variables

Martin Jansa (1):
  go.bbclass: don't use test to check output from ls

Pavel Zhukov (1):
  lib/terminal.py: Add urxvt terminal

Ranjitsinh Rathod (1):
  kmscube: Correct DEPENDS to avoid overwrite

Thomas Roos (1):
  oeqa/selftest/cases/devtool.py: skip all tests require folder a git
    repo

Wang Mingyu (1):
  iso-codes: upgrade 4.13.0 -> 4.15.0

 meta/classes/go.bbclass                       |  2 +-
 meta/classes/kernel.bbclass                   |  2 +-
 meta/classes/staging.bbclass                  |  2 +-
 meta/conf/bitbake.conf                        |  2 +-
 meta/lib/oe/terminal.py                       |  4 ++
 meta/lib/oeqa/selftest/cases/devtool.py       |  8 +++
 .../nasm/nasm/CVE-2022-46457.patch            | 50 +++++++++++++++++++
 meta/recipes-devtools/nasm/nasm_2.15.05.bb    |  1 +
 meta/recipes-graphics/kmscube/kmscube_git.bb  |  3 +-
 ...so-codes_4.13.0.bb => iso-codes_4.15.0.bb} |  2 +-
 10 files changed, 69 insertions(+), 7 deletions(-)
 create mode 100644 meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
 rename meta/recipes-support/iso-codes/{iso-codes_4.13.0.bb => iso-codes_4.15.0.bb} (94%)

-- 
2.34.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Thursday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4800

The following changes since commit 4760fac939a6204e3cb7dcd3699cd9a2508f9dee:

  devtool: process local files only for the main branch (2023-01-12 04:56:26 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Bhabu Bindu (1):
  qemu: Fix CVE-2022-4144

Daniel Gomez (1):
  gtk-icon-cache: Fix GTKIC_CMD if-else condition

KARN JYE LAU (1):
  freetype:update mirror site.

Martin Jansa (1):
  ffmpeg: refresh patches to apply cleanly

Narpat Mali (3):
  python3-setuptools: fix for CVE-2022-40897
  python3-wheel: fix for CVE-2022-40898
  python3-git: fix for CVE-2022-24439

Yash Shinde (1):
  glibc: stable 2.35 branch updates.

Yogita Urade (1):
  libksba: fix CVE-2022-47629

 meta/classes/gtk-icon-cache.bbclass           |   2 +-
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 ...-git-CVE-2022-24439-fix-from-PR-1518.patch |  97 ++++
 ...-git-CVE-2022-24439-fix-from-PR-1521.patch | 488 ++++++++++++++++++
 .../python/python3-git_3.1.27.bb              |   4 +
 ...-of-whitespace-to-search-backtrack.-.patch |  31 ++
 .../python/python3-setuptools_59.5.0.bb       |   1 +
 ...tential-DoS-attack-via-WHEEL_INFO_RE.patch |  32 ++
 .../python/python3-wheel_0.37.1.bb            |   4 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-4144.patch             |  99 ++++
 .../freetype/freetype_2.11.1.bb               |   2 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |  19 +-
 ...c-stop-accessing-out-of-bounds-frame.patch |   7 +-
 ...-vp3-Add-missing-check-for-av_malloc.patch |  12 +-
 ...overflow-in-the-CRL-signature-parser.patch |  72 +++
 meta/recipes-support/libksba/libksba_1.6.2.bb |   3 +-
 17 files changed, 848 insertions(+), 28 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1518.patch
 create mode 100644 meta/recipes-devtools/python/python3-git/0001-python3-git-CVE-2022-24439-fix-from-PR-1521.patch
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/0001-Limit-the-amount-of-whitespace-to-search-backtrack.-.patch
 create mode 100644 meta/recipes-devtools/python/python3-wheel/0001-Fixed-potential-DoS-attack-via-WHEEL_INFO_RE.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
 create mode 100644 meta/recipes-support/libksba/libksba/0001-Fix-an-integer-overflow-in-the-CRL-signature-parser.patch

-- 
2.25.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of patchesd for kirkstone and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4468

The following changes since commit 0c0723757fbba9a4b88c0f98477a18d1e220da2e:

  mirrors.bbclass: use shallow tarball for binutils-native (2022-11-06 06:00:05 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (2):
  lttng-modules: upgrade 2.13.4 -> 2.13.5
  quilt: backport a patch to address grep 3.8 failures

Hitendra Prajapati (1):
  QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext
    leads to CPU exhaustion

Michael Opdenacker (1):
  create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED

Narpat Mali (1):
  python3-mako: backport fix for CVE-2022-40023

Ross Burton (3):
  pixman: backport fix for CVE-2022-44638
  sanity: check for GNU tar specifically
  qemu: add io_uring PACKAGECONFIG

ciarancourtney (1):
  wic: swap partitions are not added to fstab

 meta/classes/create-spdx.bbclass              |   2 -
 meta/classes/sanity.bbclass                   |   8 +
 .../python/python3-mako/CVE-2022-40023.patch  | 119 +++++++++++++++
 .../python/python3-mako_1.1.6.bb              |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   3 +-
 .../qemu/qemu/CVE-2022-3165.patch             |  61 ++++++++
 meta/recipes-devtools/quilt/quilt.inc         |   1 +
 .../quilt/quilt/fix-grep-3.8.patch            | 144 ++++++++++++++++++
 .../xorg-lib/pixman/CVE-2022-44638.patch      |  33 ++++
 .../xorg-lib/pixman_0.40.0.bb                 |   1 +
 .../lttng-modules/0001-fix-compaction.patch   |  68 ---------
 ...c-fix-tracepoint-mm_page_alloc_zone_.patch | 106 -------------
 ...oduce-kfree_skb_reason-v5.15.58.v5.1.patch |  53 -------
 ...ags-parameter-from-aops-write_begin-.patch |  76 ---------
 ...Fix-type-of-cpu-in-trace-event-v5.19.patch | 124 ---------------
 ...ules_2.13.4.bb => lttng-modules_2.13.5.bb} |   7 +-
 scripts/lib/wic/plugins/imager/direct.py      |   2 +-
 17 files changed, 373 insertions(+), 437 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-mako/CVE-2022-40023.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-3165.patch
 create mode 100644 meta/recipes-devtools/quilt/quilt/fix-grep-3.8.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/pixman/CVE-2022-44638.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-compaction.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-mm-page_alloc-fix-tracepoint-mm_page_alloc_zone_.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-net-skb-introduce-kfree_skb_reason-v5.15.58.v5.1.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0002-fix-fs-Remove-flags-parameter-from-aops-write_begin-.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/0003-fix-workqueue-Fix-type-of-cpu-in-trace-event-v5.19.patch
 rename meta/recipes-kernel/lttng/{lttng-modules_2.13.4.bb => lttng-modules_2.13.5.bb} (78%)

-- 
2.25.1

[OE-core][kirkstone 0/9] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by end
of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3692

The following changes since commit ec9e9497730f0a9c8ad3d696c8cdcec06267aacf:

  base-passwd: Disable shell for default users (2022-05-16 13:59:44 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (1):
  mmc-utils: upgrade to latest revision

Claudius Heine (1):
  classes: rootfs-postcommands: add skip option to overlayfs_qa_check

Marta Rybczynska (1):
  cve-check: Fix report generation

Richard Purdie (2):
  staging: Fix rare sysroot corruption issue
  selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES

Robert Joslyn (1):
  curl: Backport CVE fixes

Samuli Piippo (1):
  binutils: Bump to latest 2.38 release branch

Steve Sakoman (1):
  python3: fix reproducibility issue with python3-core

wangmy (1):
  librepo: upgrade 1.14.2 -> 1.14.3

 meta/classes/cve-check.bbclass                |  18 +-
 meta/classes/rootfs-postcommands.bbclass      |  10 +-
 meta/classes/staging.bbclass                  |  24 +
 meta/lib/oeqa/selftest/cases/imagefeatures.py |   2 +-
 meta/lib/oeqa/selftest/cases/overlayfs.py     |  36 +-
 .../binutils/binutils-2.38.inc                |   2 +-
 .../{librepo_1.14.2.bb => librepo_1.14.3.bb}  |   2 +-
 meta/recipes-devtools/mmc/mmc-utils_git.bb    |   2 +-
 .../recipes-devtools/python/python3_3.10.4.bb |   5 +
 .../curl/curl/CVE-2022-22576.patch            | 145 ++++++
 .../curl/curl/CVE-2022-27774-1.patch          |  45 ++
 .../curl/curl/CVE-2022-27774-2.patch          |  80 +++
 .../curl/curl/CVE-2022-27774-3.patch          |  83 ++++
 .../curl/curl/CVE-2022-27774-4.patch          |  35 ++
 .../curl/curl/CVE-2022-27775.patch            |  37 ++
 .../curl/curl/CVE-2022-27776.patch            | 115 +++++
 .../curl/curl/CVE-2022-27779.patch            |  42 ++
 .../curl/curl/CVE-2022-27780.patch            |  33 ++
 .../curl/curl/CVE-2022-27781.patch            |  43 ++
 .../curl/curl/CVE-2022-27782-1.patch          | 458 ++++++++++++++++++
 .../curl/curl/CVE-2022-27782-2.patch          |  71 +++
 .../curl/curl/CVE-2022-30115.patch            |  82 ++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  16 +-
 23 files changed, 1362 insertions(+), 24 deletions(-)
 rename meta/recipes-devtools/librepo/{librepo_1.14.2.bb => librepo_1.14.3.bb} (94%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-22576.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27774-4.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27775.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27776.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27779.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27780.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27781.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-27782-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-30115.patch

-- 
2.25.1