* [OE-core][kirkstone 01/23] ofono: fix CVE-2023-4234
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 02/23] ofono: fix CVE-2023-4233 Steve Sakoman
` (21 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_submit_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_submit_report().
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2023-4234.patch | 39 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4234.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4234.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4234.patch
new file mode 100644
index 0000000000..9d7b56c1ae
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4234.patch
@@ -0,0 +1,39 @@
+From 8d74bc66146ea78620d140640a0a57af86fc8936 Mon Sep 17 00:00:00 2001
+From: Denis Grigorev <d.grigorev@omp.ru>
+Date: Thu, 21 Dec 2023 17:16:38 +0300
+Subject: [PATCH] smsutil: Check that submit report fits in memory
+
+This addresses CVE-2023-4234.
+
+CVE: CVE-2023-4234.
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8d74bc66146ea786]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 8e57a06..5a12708 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -938,10 +938,16 @@ static gboolean decode_submit_report(const unsigned char *pdu, int len,
+ return FALSE;
+
+ if (out->type == SMS_TYPE_SUBMIT_REPORT_ERROR) {
++ if (expected > (int) sizeof(out->submit_err_report.ud))
++ return FALSE;
++
+ out->submit_err_report.udl = udl;
+ memcpy(out->submit_err_report.ud,
+ pdu + offset, expected);
+ } else {
++ if (expected > (int) sizeof(out->submit_ack_report.ud))
++ return FALSE;
++
+ out->submit_ack_report.udl = udl;
+ memcpy(out->submit_ack_report.ud,
+ pdu + offset, expected);
+--
+2.40.0
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 23631747a7..8aab312ff8 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -12,6 +12,7 @@ SRC_URI = "\
file://ofono \
file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
+ file://CVE-2023-4234.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 02/23] ofono: fix CVE-2023-4233
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 01/23] ofono: fix CVE-2023-4234 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 03/23] gstreamer1.0-plugins-bad: fix CVE-2024-0444 Steve Sakoman
` (20 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the sms_decode_address_field() function during the SMS
PDU decoding. It is assumed that the attack scenario is accessible from a compromised
modem, a malicious base station, or just SMS.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ofono/ofono/CVE-2023-4233.patch | 32 +++++++++++++++++++
meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4233.patch
diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2023-4233.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4233.patch
new file mode 100644
index 0000000000..d047a0d87a
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/CVE-2023-4233.patch
@@ -0,0 +1,32 @@
+From 1a5fbefa59465bec80425add562bdb1d36ec8e23 Mon Sep 17 00:00:00 2001
+From: Denis Grigorev <d.grigorev@omp.ru>
+Date: Fri, 29 Dec 2023 13:30:04 +0300
+Subject: [PATCH] smsutil: Validate the length of the address field
+
+This addresses CVE-2023-4233.
+
+CVE: CVE-2023-4233
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=1a5fbefa59465bec]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 5a12708..8dd2126 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -626,6 +626,9 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
+
+ if (!next_octet(pdu, len, offset, &addr_len))
+ return FALSE;
++ /* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
++ if (addr_len > 20)
++ return FALSE;
+
+ if (sc && addr_len == 0) {
+ out->address[0] = '\0';
+--
+2.40.0
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
index 8aab312ff8..f4548b8a30 100644
--- a/meta/recipes-connectivity/ofono/ofono_1.34.bb
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -13,6 +13,7 @@ SRC_URI = "\
file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
file://CVE-2023-4234.patch \
+ file://CVE-2023-4233.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 03/23] gstreamer1.0-plugins-bad: fix CVE-2024-0444
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 01/23] ofono: fix CVE-2023-4234 Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 02/23] ofono: fix CVE-2023-4233 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 04/23] gstreamer1.0-plugins-bad: fix CVE-2023-44446 Steve Sakoman
` (19 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2024-0444.patch | 42 +++++++++++++++++++
.../gstreamer1.0-plugins-bad_1.20.7.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2024-0444.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2024-0444.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2024-0444.patch
new file mode 100644
index 0000000000..6265f4293e
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2024-0444.patch
@@ -0,0 +1,42 @@
+From 394d5066f8a7b728df02fe9084e955b2f7d7f6fe Mon Sep 17 00:00:00 2001
+From: Seungha Yang <seungha@centricular.com>
+Date: Wed, 10 Jan 2024 03:33:59 +0900
+Subject: [PATCH] av1parser: Fix potential stack overflow during tile list
+ parsing
+
+The tile_count_minus_1 must be less than or equal to 511 as specified
+in spec "6.11.1 General tile list OBU semantics"
+
+Fixes #3214 / CVE-2024-0444 / ZDI-CAN-22873
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5971>
+
+CVE: CVE-2024-0444
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gst-libs/gst/codecparsers/gstav1parser.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/gst-libs/gst/codecparsers/gstav1parser.c b/gst-libs/gst/codecparsers/gstav1parser.c
+index 68f8a76..bab404e 100644
+--- a/gst-libs/gst/codecparsers/gstav1parser.c
++++ b/gst-libs/gst/codecparsers/gstav1parser.c
+@@ -4352,6 +4352,13 @@ gst_av1_parser_parse_tile_list_obu (GstAV1Parser * parser,
+ tile_list->output_frame_width_in_tiles_minus_1 = AV1_READ_BITS (br, 8);
+ tile_list->output_frame_height_in_tiles_minus_1 = AV1_READ_BITS (br, 8);
+ tile_list->tile_count_minus_1 = AV1_READ_BITS (br, 16);
++ if (tile_list->tile_count_minus_1 + 1 > GST_AV1_MAX_TILE_COUNT) {
++ GST_WARNING ("Invalid tile_count_minus_1 %d",
++ tile_list->tile_count_minus_1);
++ retval = GST_AV1_PARSER_BITSTREAM_ERROR;
++ goto error;
++ }
++
+ for (tile = 0; tile <= tile_list->tile_count_minus_1; tile++) {
+ if (AV1_REMAINING_BITS (br) < 8 + 8 + 8 + 16) {
+ retval = GST_AV1_PARSER_NO_MORE_DATA;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
index 504cfce1fd..219ebe4fa7 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
@@ -14,6 +14,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://CVE-2023-40475.patch \
file://CVE-2023-40476.patch \
file://CVE-2023-44429.patch \
+ file://CVE-2024-0444.patch \
"
SRC_URI[sha256sum] = "87251beebfd1325e5118cc67774061f6e8971761ca65a9e5957919610080d195"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 04/23] gstreamer1.0-plugins-bad: fix CVE-2023-44446
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (2 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 03/23] gstreamer1.0-plugins-bad: fix CVE-2024-0444 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 05/23] ncurses: Fix CVE-2023-45918 Steve Sakoman
` (18 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2023-44446.patch | 329 ++++++++++++++++++
.../gstreamer1.0-plugins-bad_1.20.7.bb | 1 +
2 files changed, 330 insertions(+)
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44446.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44446.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44446.patch
new file mode 100644
index 0000000000..92fe82d36d
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44446.patch
@@ -0,0 +1,329 @@
+From 7dfaa57b6f9b55f17ffe824bd8988bb71ae11353 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Fri, 20 Oct 2023 00:09:57 +0300
+Subject: [PATCH] mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed
+ allocation
+
+Previously they were stored inline inside a GArray, but as references to
+the tracks were stored in various other places although the array could
+still be updated (and reallocated!), this could lead to dangling
+references in various places.
+
+Instead now store them in a GPtrArray in their own allocation so each
+track's memory position stays fixed.
+
+Fixes ZDI-CAN-22299
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3055
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5638>
+
+CVE: CVE-2023-44446
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7dfaa57b6f9b55f1]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gst/mxf/mxfdemux.c | 117 ++++++++++++++++++++-------------------------
+ gst/mxf/mxfdemux.h | 2 +-
+ 2 files changed, 52 insertions(+), 67 deletions(-)
+
+diff --git a/gst/mxf/mxfdemux.c b/gst/mxf/mxfdemux.c
+index b0ccc17..7eb990c 100644
+--- a/gst/mxf/mxfdemux.c
++++ b/gst/mxf/mxfdemux.c
+@@ -170,10 +170,25 @@ gst_mxf_demux_partition_free (GstMXFDemuxPartition * partition)
+ }
+
+ static void
+-gst_mxf_demux_reset_mxf_state (GstMXFDemux * demux)
++gst_mxf_demux_essence_track_free (GstMXFDemuxEssenceTrack * t)
+ {
+- guint i;
++ if (t->offsets)
++ g_array_free (t->offsets, TRUE);
++
++ g_free (t->mapping_data);
++
++ if (t->tags)
++ gst_tag_list_unref (t->tags);
++
++ if (t->caps)
++ gst_caps_unref (t->caps);
++
++ g_free (t);
++}
+
++static void
++gst_mxf_demux_reset_mxf_state (GstMXFDemux * demux)
++{
+ GST_DEBUG_OBJECT (demux, "Resetting MXF state");
+
+ g_list_foreach (demux->partitions, (GFunc) gst_mxf_demux_partition_free,
+@@ -183,22 +198,7 @@ gst_mxf_demux_reset_mxf_state (GstMXFDemux * demux)
+
+ demux->current_partition = NULL;
+
+- for (i = 0; i < demux->essence_tracks->len; i++) {
+- GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
+-
+- if (t->offsets)
+- g_array_free (t->offsets, TRUE);
+-
+- g_free (t->mapping_data);
+-
+- if (t->tags)
+- gst_tag_list_unref (t->tags);
+-
+- if (t->caps)
+- gst_caps_unref (t->caps);
+- }
+- g_array_set_size (demux->essence_tracks, 0);
++ g_ptr_array_set_size (demux->essence_tracks, 0);
+ }
+
+ static void
+@@ -216,7 +216,7 @@ gst_mxf_demux_reset_linked_metadata (GstMXFDemux * demux)
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *track =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ g_ptr_array_index (demux->essence_tracks, i);
+
+ track->source_package = NULL;
+ track->delta_id = -1;
+@@ -419,7 +419,7 @@ gst_mxf_demux_partition_postcheck (GstMXFDemux * demux,
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *cand =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ g_ptr_array_index (demux->essence_tracks, i);
+
+ if (cand->body_sid != partition->partition.body_sid)
+ continue;
+@@ -866,8 +866,7 @@ gst_mxf_demux_update_essence_tracks (GstMXFDemux * demux)
+
+ for (k = 0; k < demux->essence_tracks->len; k++) {
+ GstMXFDemuxEssenceTrack *tmp =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack,
+- k);
++ g_ptr_array_index (demux->essence_tracks, k);
+
+ if (tmp->track_number == track->parent.track_number &&
+ tmp->body_sid == edata->body_sid) {
+@@ -885,24 +884,24 @@ gst_mxf_demux_update_essence_tracks (GstMXFDemux * demux)
+ }
+
+ if (!etrack) {
+- GstMXFDemuxEssenceTrack tmp;
++ GstMXFDemuxEssenceTrack *tmp = g_new0 (GstMXFDemuxEssenceTrack, 1);
++
++ tmp->body_sid = edata->body_sid;
++ tmp->index_sid = edata->index_sid;
++ tmp->track_number = track->parent.track_number;
++ tmp->track_id = track->parent.track_id;
++ memcpy (&tmp->source_package_uid, &package->parent.package_uid, 32);
+
+- memset (&tmp, 0, sizeof (tmp));
+- tmp.body_sid = edata->body_sid;
+- tmp.index_sid = edata->index_sid;
+- tmp.track_number = track->parent.track_number;
+- tmp.track_id = track->parent.track_id;
+- memcpy (&tmp.source_package_uid, &package->parent.package_uid, 32);
+
+ if (demux->current_partition->partition.body_sid == edata->body_sid &&
+ demux->current_partition->partition.body_offset == 0)
+- tmp.position = 0;
++ tmp->position = 0;
+ else
+- tmp.position = -1;
++ tmp->position = -1;
+
+- g_array_append_val (demux->essence_tracks, tmp);
++ g_ptr_array_add (demux->essence_tracks, tmp);
+ etrack =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack,
++ g_ptr_array_index (demux->essence_tracks,
+ demux->essence_tracks->len - 1);
+ new = TRUE;
+ }
+@@ -1050,13 +1049,7 @@ gst_mxf_demux_update_essence_tracks (GstMXFDemux * demux)
+
+ next:
+ if (new) {
+- g_free (etrack->mapping_data);
+- if (etrack->tags)
+- gst_tag_list_unref (etrack->tags);
+- if (etrack->caps)
+- gst_caps_unref (etrack->caps);
+-
+- g_array_remove_index (demux->essence_tracks,
++ g_ptr_array_remove_index (demux->essence_tracks,
+ demux->essence_tracks->len - 1);
+ }
+ }
+@@ -1069,7 +1062,8 @@ gst_mxf_demux_update_essence_tracks (GstMXFDemux * demux)
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *etrack =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ g_ptr_array_index (demux->essence_tracks, i);
++
+
+ if (!etrack->source_package || !etrack->source_track || !etrack->caps) {
+ GST_ERROR_OBJECT (demux, "Failed to update essence track %u", i);
+@@ -1438,7 +1432,7 @@ gst_mxf_demux_update_tracks (GstMXFDemux * demux)
+
+ for (k = 0; k < demux->essence_tracks->len; k++) {
+ GstMXFDemuxEssenceTrack *tmp =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, k);
++ g_ptr_array_index (demux->essence_tracks, k);
+
+ if (tmp->source_package == source_package &&
+ tmp->source_track == source_track) {
+@@ -1927,8 +1921,7 @@ gst_mxf_demux_pad_set_component (GstMXFDemux * demux, GstMXFDemuxPad * pad,
+ pad->current_essence_track = NULL;
+
+ for (k = 0; k < demux->essence_tracks->len; k++) {
+- GstMXFDemuxEssenceTrack *tmp =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, k);
++ GstMXFDemuxEssenceTrack *tmp = g_ptr_array_index (demux->essence_tracks, k);
+
+ if (tmp->source_package == source_package &&
+ tmp->source_track == source_track) {
+@@ -2712,7 +2705,7 @@ gst_mxf_demux_handle_generic_container_essence_element (GstMXFDemux * demux,
+ if (!etrack) {
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *tmp =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ g_ptr_array_index (demux->essence_tracks, i);
+
+ if (tmp->body_sid == demux->current_partition->partition.body_sid &&
+ (tmp->track_number == track_number || tmp->track_number == 0)) {
+@@ -3933,8 +3926,7 @@ from_track_offset:
+ gst_mxf_demux_set_partition_for_offset (demux, demux->offset);
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+- GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ GstMXFDemuxEssenceTrack *t = g_ptr_array_index (demux->essence_tracks, i);
+
+ if (index_start_position != -1 && t == etrack)
+ t->position = index_start_position;
+@@ -3958,8 +3950,7 @@ from_track_offset:
+ /* Handle EOS */
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack,
+- i);
++ g_ptr_array_index (demux->essence_tracks, i);
+
+ if (t->position > 0)
+ t->duration = t->position;
+@@ -4197,8 +4188,7 @@ gst_mxf_demux_pull_and_handle_klv_packet (GstMXFDemux * demux)
+ guint i;
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *etrack =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack,
+- i);
++ g_ptr_array_index (demux->essence_tracks, i);
+
+ if (etrack->body_sid != partition->partition.body_sid)
+ continue;
+@@ -4669,9 +4659,8 @@ gst_mxf_demux_pad_to_track_and_position (GstMXFDemux * demux,
+ /* Get the corresponding essence track for the given source package and stream id */
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *track =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
+- GST_LOG_OBJECT (pad,
+- "Looking at essence track body_sid:%d index_sid:%d",
++ g_ptr_array_index (demux->essence_tracks, i);
++ GST_LOG_OBJECT (pad, "Looking at essence track body_sid:%d index_sid:%d",
+ track->body_sid, track->index_sid);
+ if (clip->source_track_id == 0 || (track->track_id == clip->source_track_id
+ && mxf_umid_is_equal (&clip->source_package_id,
+@@ -4920,8 +4909,7 @@ gst_mxf_demux_seek_push (GstMXFDemux * demux, GstEvent * event)
+ }
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+- GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ GstMXFDemuxEssenceTrack *t = g_ptr_array_index (demux->essence_tracks, i);
+ t->position = -1;
+ }
+
+@@ -5359,8 +5347,7 @@ gst_mxf_demux_seek_pull (GstMXFDemux * demux, GstEvent * event)
+ }
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+- GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ GstMXFDemuxEssenceTrack *t = g_ptr_array_index (demux->essence_tracks, i);
+ t->position = -1;
+ }
+
+@@ -5659,7 +5646,7 @@ gst_mxf_demux_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack, i);
++ g_ptr_array_index (demux->essence_tracks, i);
+
+ if (t->position > 0)
+ t->duration = t->position;
+@@ -5700,8 +5687,7 @@ gst_mxf_demux_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *etrack =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack,
+- i);
++ g_ptr_array_index (demux->essence_tracks, i);
+ etrack->position = -1;
+ }
+ ret = TRUE;
+@@ -5725,8 +5711,7 @@ gst_mxf_demux_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
+
+ for (i = 0; i < demux->essence_tracks->len; i++) {
+ GstMXFDemuxEssenceTrack *t =
+- &g_array_index (demux->essence_tracks, GstMXFDemuxEssenceTrack,
+- i);
++ g_ptr_array_index (demux->essence_tracks, i);
+ t->position = -1;
+ }
+ demux->current_partition = NULL;
+@@ -5999,7 +5984,7 @@ gst_mxf_demux_finalize (GObject * object)
+
+ g_ptr_array_free (demux->src, TRUE);
+ demux->src = NULL;
+- g_array_free (demux->essence_tracks, TRUE);
++ g_ptr_array_free (demux->essence_tracks, TRUE);
+ demux->essence_tracks = NULL;
+
+ g_hash_table_destroy (demux->metadata);
+@@ -6076,8 +6061,8 @@ gst_mxf_demux_init (GstMXFDemux * demux)
+ g_rw_lock_init (&demux->metadata_lock);
+
+ demux->src = g_ptr_array_new ();
+- demux->essence_tracks =
+- g_array_new (FALSE, FALSE, sizeof (GstMXFDemuxEssenceTrack));
++ demux->essence_tracks = g_ptr_array_new_with_free_func ((GDestroyNotify)
++ gst_mxf_demux_essence_track_free);
+
+ gst_segment_init (&demux->segment, GST_FORMAT_TIME);
+
+diff --git a/gst/mxf/mxfdemux.h b/gst/mxf/mxfdemux.h
+index d079a1d..1dc8a4e 100644
+--- a/gst/mxf/mxfdemux.h
++++ b/gst/mxf/mxfdemux.h
+@@ -266,7 +266,7 @@ struct _GstMXFDemux
+ GList *partitions;
+ GstMXFDemuxPartition *current_partition;
+
+- GArray *essence_tracks;
++ GPtrArray *essence_tracks;
+
+ GList *pending_index_table_segments;
+ GList *index_tables; /* one per BodySID / IndexSID */
+--
+2.40.0
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
index 219ebe4fa7..4151e54284 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
@@ -15,6 +15,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://CVE-2023-40476.patch \
file://CVE-2023-44429.patch \
file://CVE-2024-0444.patch \
+ file://CVE-2023-44446.patch \
"
SRC_URI[sha256sum] = "87251beebfd1325e5118cc67774061f6e8971761ca65a9e5957919610080d195"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 05/23] ncurses: Fix CVE-2023-45918
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (3 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 04/23] gstreamer1.0-plugins-bad: fix CVE-2023-44446 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 06/23] less: backport Debian patch for CVE-2024-32487 Steve Sakoman
` (17 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Soumya Sambu <soumya.sambu@windriver.com>
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ncurses/files/CVE-2023-45918.patch | 180 ++++++++++++++++++
.../ncurses/ncurses_6.3+20220423.bb | 1 +
2 files changed, 181 insertions(+)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-45918.patch
diff --git a/meta/recipes-core/ncurses/files/CVE-2023-45918.patch b/meta/recipes-core/ncurses/files/CVE-2023-45918.patch
new file mode 100644
index 0000000000..172b3f8859
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2023-45918.patch
@@ -0,0 +1,180 @@
+From bcf02d3242f1c7d57224a95f7903fcf4b5e7695d Mon Sep 17 00:00:00 2001
+From: Thomas E. Dickey <dickey@invisible-island.net>
+Date: Fri, 16 Jun 2023 02:54:29 +0530
+Subject: [PATCH] Fix CVE-2023-45918
+
+CVE: CVE-2023-45918
+
+Upstream-Status: Backport [https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=bcf02d3242f1c7d57224a95f7903fcf4b5e7695d]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ ncurses/tinfo/comp_error.c | 15 ++++++---
+ ncurses/tinfo/read_entry.c | 65 ++++++++++++++++++++++++++------------
+ 2 files changed, 56 insertions(+), 24 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c
+index 48f48784..ee518e28 100644
+--- a/ncurses/tinfo/comp_error.c
++++ b/ncurses/tinfo/comp_error.c
+@@ -60,8 +60,15 @@ _nc_get_source(void)
+ NCURSES_EXPORT(void)
+ _nc_set_source(const char *const name)
+ {
+- FreeIfNeeded(SourceName);
+- SourceName = strdup(name);
++ if (name == NULL) {
++ free(SourceName);
++ SourceName = NULL;
++ } else if (SourceName == NULL) {
++ SourceName = strdup(name);
++ } else if (strcmp(name, SourceName)) {
++ free(SourceName);
++ SourceName = strdup(name);
++ }
+ }
+
+ NCURSES_EXPORT(void)
+@@ -95,9 +102,9 @@ static NCURSES_INLINE void
+ where_is_problem(void)
+ {
+ fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?");
+- if (_nc_curr_line >= 0)
++ if (_nc_curr_line > 0)
+ fprintf(stderr, ", line %d", _nc_curr_line);
+- if (_nc_curr_col >= 0)
++ if (_nc_curr_col > 0)
+ fprintf(stderr, ", col %d", _nc_curr_col);
+ if (TermType != 0 && TermType[0] != '\0')
+ fprintf(stderr, ", terminal '%s'", TermType);
+diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
+index 8ccb1570..101bbe09 100644
+--- a/ncurses/tinfo/read_entry.c
++++ b/ncurses/tinfo/read_entry.c
+@@ -140,12 +140,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count)
+ }
+ #endif
+
+-static void
+-convert_strings(char *buf, char **Strings, int count, int size, char *table)
++static bool
++convert_strings(char *buf, char **Strings, int count, int size,
++ char *table, bool always)
+ {
+ int i;
+ char *p;
+- bool corrupt = FALSE;
++ bool success = TRUE;
+
+ for (i = 0; i < count; i++) {
+ if (IS_NEG1(buf + 2 * i)) {
+@@ -161,13 +162,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
+ _nc_visbuf(Strings[i])));
+ } else {
+- if (!corrupt) {
+- corrupt = TRUE;
+- TR(TRACE_DATABASE,
+- ("ignore out-of-range index %d to Strings[]", nn));
+- _nc_warning("corrupt data found in convert_strings");
+- }
+- Strings[i] = ABSENT_STRING;
++ TR(TRACE_DATABASE,
++ ("found out-of-range index %d to Strings[%d]", nn, i));
++ success = FALSE;
++ break;
+ }
+ }
+
+@@ -177,10 +175,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ if (*p == '\0')
+ break;
+ /* if there is no NUL, ignore the string */
+- if (p >= table + size)
++ if (p >= table + size) {
+ Strings[i] = ABSENT_STRING;
++ } else if (p == Strings[i] && always) {
++ TR(TRACE_DATABASE,
++ ("found empty but required Strings[%d]", i));
++ success = FALSE;
++ break;
++ }
++ } else if (always) { /* names are always needed */
++ TR(TRACE_DATABASE,
++ ("found invalid but required Strings[%d]", i));
++ success = FALSE;
++ break;
+ }
+ }
++ if (!success) {
++ _nc_warning("corrupt data found in convert_strings");
++ }
++ return success;
+ }
+
+ static int
+@@ -383,7 +396,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ if (Read(string_table, (unsigned) str_size) != str_size) {
+ returnDB(TGETENT_NO);
+ }
+- convert_strings(buf, ptr->Strings, str_count, str_size, string_table);
++ if (!convert_strings(buf, ptr->Strings, str_count, str_size,
++ string_table, FALSE)) {
++ returnDB(TGETENT_NO);
++ }
+ }
+ #if NCURSES_XNAMES
+
+@@ -484,8 +500,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ ("Before computing extended-string capabilities "
+ "str_count=%d, ext_str_count=%d",
+ str_count, ext_str_count));
+- convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+- ext_str_limit, ptr->ext_str_table);
++ if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count,
++ ext_str_limit, ptr->ext_str_table, FALSE)) {
++ returnDB(TGETENT_NO);
++ }
+ for (i = ext_str_count - 1; i >= 0; i--) {
+ TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s",
+ i, i + str_count,
+@@ -519,10 +537,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ TR(TRACE_DATABASE,
+ ("ext_NAMES starting @%d in extended_strings, first = %s",
+ base, _nc_visbuf(ptr->ext_str_table + base)));
+- convert_strings(buf + (2 * ext_str_count),
+- ptr->ext_Names,
+- (int) need,
+- ext_str_limit, ptr->ext_str_table + base);
++ if (!convert_strings(buf + (2 * ext_str_count),
++ ptr->ext_Names,
++ (int) need,
++ ext_str_limit, ptr->ext_str_table + base,
++ TRUE)) {
++ returnDB(TGETENT_NO);
++ }
+ }
+
+ TR(TRACE_DATABASE,
+@@ -575,13 +596,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr)
+ int limit;
+ char buffer[MAX_ENTRY_SIZE + 1];
+
+- if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp))
+- > 0) {
++ limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp);
++ if (limit > 0) {
++ const char *old_source = _nc_get_source();
+
+ TR(TRACE_DATABASE, ("read terminfo %s", filename));
++ if (old_source == NULL)
++ _nc_set_source(filename);
+ if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) {
+ _nc_free_termtype2(ptr);
+ }
++ _nc_set_source(old_source);
+ } else {
+ code = TGETENT_NO;
+ }
+--
+2.40.0
diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index da1e6d838d..1fa5e036e9 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -5,6 +5,7 @@ SRC_URI += "file://0001-tic-hang.patch \
file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
file://CVE-2023-29491.patch \
file://CVE-2023-50495.patch \
+ file://CVE-2023-45918.patch \
"
# commit id corresponds to the revision in package version
SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 06/23] less: backport Debian patch for CVE-2024-32487
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (4 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 05/23] ncurses: Fix CVE-2023-45918 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 07/23] python3: Upgrade 3.10.13 -> 3.10.14 Steve Sakoman
` (16 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
import patch from ubuntu to fix
CVE-2024-32487
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/less/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../less/less/CVE-2024-32487.patch | 69 +++++++++++++++++++
meta/recipes-extended/less/less_600.bb | 1 +
2 files changed, 70 insertions(+)
create mode 100644 meta/recipes-extended/less/less/CVE-2024-32487.patch
diff --git a/meta/recipes-extended/less/less/CVE-2024-32487.patch b/meta/recipes-extended/less/less/CVE-2024-32487.patch
new file mode 100644
index 0000000000..d5c8b9ce31
--- /dev/null
+++ b/meta/recipes-extended/less/less/CVE-2024-32487.patch
@@ -0,0 +1,69 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/less/tree/debian/patches/CVE-2024-32487.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33]
+CVE: CVE-2024-32487
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ filename.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+--- a/filename.c
++++ b/filename.c
+@@ -136,6 +136,15 @@ metachar(c)
+ }
+
+ /*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++ /* {{ Maybe the set of must_quote chars should be configurable? }} */
++ return (c == '\n');
++}
++
++/*
+ * Insert a backslash before each metacharacter in a string.
+ */
+ public char *
+@@ -168,6 +177,9 @@ shell_quote(s)
+ * doesn't support escape chars. Use quotes.
+ */
+ use_quotes = 1;
++ } else if (must_quote(*p))
++ {
++ len += 3; /* open quote + char + close quote */
+ } else
+ {
+ /*
+@@ -197,15 +209,22 @@ shell_quote(s)
+ {
+ while (*s != '\0')
+ {
+- if (metachar(*s))
++ if (!metachar(*s))
+ {
+- /*
+- * Add the escape char.
+- */
++ *p++ = *s++;
++ } else if (must_quote(*s))
++ {
++ /* Surround the char with quotes. */
++ *p++ = openquote;
++ *p++ = *s++;
++ *p++ = closequote;
++ } else
++ {
++ /* Insert an escape char before the char. */
+ strcpy(p, esc);
+ p += esclen;
++ *p++ = *s++;
+ }
+- *p++ = *s++;
+ }
+ *p = '\0';
+ }
diff --git a/meta/recipes-extended/less/less_600.bb b/meta/recipes-extended/less/less_600.bb
index f88127a9e3..01fed7c065 100644
--- a/meta/recipes-extended/less/less_600.bb
+++ b/meta/recipes-extended/less/less_600.bb
@@ -28,6 +28,7 @@ DEPENDS = "ncurses"
SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \
file://CVE-2022-46663.patch \
file://CVE-2022-48624.patch \
+ file://CVE-2024-32487.patch \
"
SRC_URI[sha256sum] = "6633d6aa2b3cc717afb2c205778c7c42c4620f63b1d682f3d12c98af0be74d20"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 07/23] python3: Upgrade 3.10.13 -> 3.10.14
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (5 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 06/23] less: backport Debian patch for CVE-2024-32487 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 08/23] linux-yocto/5.15: update to v5.15.151 Steve Sakoman
` (15 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Addresses CVEs:
* CVE-2023-52425 (bundled expat)
* CVE-2023-6597 (https://github.com/python/cpython/pull/112840)
News: https://github.com/python/cpython/blob/3.10/Misc/NEWS.d/3.10.14.rst
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/{python3_3.10.13.bb => python3_3.10.14.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/python/{python3_3.10.13.bb => python3_3.10.14.bb} (99%)
diff --git a/meta/recipes-devtools/python/python3_3.10.13.bb b/meta/recipes-devtools/python/python3_3.10.14.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.10.13.bb
rename to meta/recipes-devtools/python/python3_3.10.14.bb
index 76e37e42a1..31c458c09a 100644
--- a/meta/recipes-devtools/python/python3_3.10.13.bb
+++ b/meta/recipes-devtools/python/python3_3.10.14.bb
@@ -44,7 +44,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = "5c88848668640d3e152b35b4536ef1c23b2ca4bd2c957ef1ecbb053f571dd3f6"
+SRC_URI[sha256sum] = "9c50481faa8c2832329ba0fc8868d0a606a680fc4f60ec48d26ce8e076751fda"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 08/23] linux-yocto/5.15: update to v5.15.151
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (6 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 07/23] python3: Upgrade 3.10.13 -> 3.10.14 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 09/23] linux-yocto/5.15: update CVE exclusions (5.15.151) Steve Sakoman
` (14 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
574362648507 Linux 5.15.151
4a4eeb691253 mptcp: fix double-free on socket dismantle
cc5e34bc5b20 Revert "tls: rx: move counting TlsDecryptErrors for sync"
9d5932275b3b net: tls: fix async vs NIC crypto offload
68dbe92d677c bpf: Derive source IP addr via bpf_*_fib_lookup()
39b4ee40d204 bpf: Add table ID to bpf_fib_lookup BPF helper
75ca92271da5 bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
20f5aafe521c Revert "interconnect: Teach lockdep about icc_bw_lock order"
fe549d8e9763 Revert "interconnect: Fix locking for runpm vs reclaim"
ead68522455b gpio: fix resource unwinding order in error path
ea514ac5f1be gpiolib: Fix the error path order in gpiochip_add_data_with_key()
c21b5ad4e79d gpio: 74x164: Enable output pins after registers are reset
6c480d0f1318 af_unix: Drop oob_skb ref before purging queue in GC.
2f3ae0905a7e Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe"
22850c9950a4 fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
94965be37add cachefiles: fix memory leak in cachefiles_add_cache()
cc32ba2fdf3f mptcp: fix possible deadlock in subflow diag
af46c8a0d8db mptcp: push at DSS boundaries
5101e9f11a87 mptcp: add needs_id for netlink appending addr
4ba8702b23e3 mptcp: clean up harmless false expressions
f431a58cb933 selftests: mptcp: add missing kconfig for NF Filter in v6
5d7f2e7d213f selftests: mptcp: add missing kconfig for NF Filter
55366b9ae937 mptcp: rename timer related helper to less confusing names
833d068e776a mptcp: process pending subflow error on close
305078c2741f mptcp: move __mptcp_error_report in protocol.c
fbd16a1e4b14 x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
077952157636 pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
5f6e8930ca96 mmc: sdhci-xenon: fix PHY init clock stability
f4fae0a76ee2 mmc: sdhci-xenon: add timeout for PHY init complete
52af4f26c02f mmc: core: Fix eMMC initialization with 1-bit bus connection
4529c084a320 dmaengine: fsl-qdma: init irq after reg initialization
2dee8895a25e dmaengine: ptdma: use consistent DMA masks
106c1ac953a6 dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
ab2d68655d0f btrfs: dev-replace: properly validate device names
063715c33b4c wifi: nl80211: reject iftype change with mesh ID change
9376d059a705 gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
cbf67001d647 ALSA: firewire-lib: fix to check cycle continuity
7d930a4da179 tomoyo: fix UAF write bug in tomoyo_write_control()
5941a90c55d3 riscv: Sparse-Memory/vmemmap out-of-bounds fix
80b15346492b afs: Fix endless loop in directory parsing
20a4b5214f7b fbcon: always restore the old font data in fbcon_do_set_font()
5eac17127e85 ALSA: Drop leftover snd-rtctimer stuff from Makefile
e601ae81910c power: supply: bq27xxx-i2c: Do not free non existing IRQ
4b73473c050a efi/capsule-loader: fix incorrect allocation size
5bc8810b788a tls: decrement decrypt_pending if no async completion will be called
9ae48288fc8b tls: rx: use async as an in-out argument
bdb7fb29236a tls: rx: assume crypto always calls our callback
2ec59e165549 tls: rx: move counting TlsDecryptErrors for sync
b61dbb5ef449 tls: rx: don't track the async count
4fd23a600be9 tls: rx: factor out writing ContentType to cmsg
9876554897b3 tls: rx: wrap decryption arguments in a structure
d6c9c2a66c91 tls: rx: don't report text length from the bowels of decrypt
ffc8a2b82141 tls: rx: drop unnecessary arguments from tls_setup_from_iter()
1abd49fa1ffb tls: hw: rx: use return value of tls_device_decrypted() to carry status
432d40036f17 tls: rx: refactor decrypt_skb_update()
17d8bda2a6fd tls: rx: don't issue wake ups when data is decrypted
de0970d258ef tls: rx: don't store the decryption status in socket context
4c68bf84d162 tls: rx: don't store the record type in socket context
f1e71909373e igb: extend PTP timestamp adjustments to i211
a1227b27fccc rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
7c3f28599652 netfilter: bridge: confirm multicast packets before passing them up the stack
3e9cd8913635 netfilter: let reset rules clean out conntrack entries
c3a84f83d9e5 netfilter: make function op structures const
2cb39bea7085 netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook
84d3baab4b89 netfilter: nfnetlink_queue: silence bogus compiler warning
4225152bfb77 netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
af1a9a925e46 Bluetooth: Enforce validation on max value of connection interval
c3df637266df Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
4cd28dae8210 Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
da4569d450b1 Bluetooth: Avoid potential use-after-free in hci_error_reset
8e9955630117 stmmac: Clear variable when destroying workqueue
28bbdb4e1993 uapi: in6: replace temporary label with rfc9486
1e2cbdbdfa76 net: usb: dm9601: fix wrong return value in dm9601_mdio_read
9b1f5c003284 veth: try harder when allocating queue memory
914c73e7872d net: enable memcg accounting for veth queues
8d4d26f51ef0 lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected
8a54834c03c3 ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
f011c103e654 net: veth: clear GRO when clearing XDP even when down
bf3f0c4169be cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back
cbfd27689b5e tun: Fix xdp_rxq_info's queue_index when detaching
afec0c5cd2ed net: ip_tunnel: prevent perpetual headroom growth
c71ed29d15b1 netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
386bb2537e9b mtd: spinand: gigadevice: Fix the get ecc status issue
00b19ee0dcc1 netfilter: nf_tables: disallow timeout for anonymous sets
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 4 ++--
.../linux/linux-yocto-tiny_5.15.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 24 +++++++++----------
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 00c03411b1..ba093b7450 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "da32201bc41d994b0300c6b4738505f4875dc190"
+SRCREV_machine ?= "b4217af54500ea854ec4c6112747546fd17ffbd1"
SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.150"
+LINUX_VERSION ?= "5.15.151"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 2051d1c0a1..3a19e17d80 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.150"
+LINUX_VERSION ?= "5.15.151"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,7 +14,7 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "540fc92dd7359025bb09962431565b5a9627536b"
+SRCREV_machine ?= "3046b9945907c6b02e6d9aff62d287872dc6e775"
SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 101aceb3dc..f7db6becd1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,16 +14,16 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "f7ce03f6b5de6a323b165e8adbaa3caae8646c20"
-SRCREV_machine:qemuarm64 ?= "db39986a84e0bcfe5a488ab8dca114ed27e469ce"
-SRCREV_machine:qemumips ?= "695cf3a24eaedc1e40393947afc22f8dc8324b47"
-SRCREV_machine:qemuppc ?= "3dfb435f3fb9ec38c60d1eeeeebf63b6a88308d3"
-SRCREV_machine:qemuriscv64 ?= "7c82dac028864e8a608e70d3ac2dbc05b3cd1e14"
-SRCREV_machine:qemuriscv32 ?= "7c82dac028864e8a608e70d3ac2dbc05b3cd1e14"
-SRCREV_machine:qemux86 ?= "7c82dac028864e8a608e70d3ac2dbc05b3cd1e14"
-SRCREV_machine:qemux86-64 ?= "7c82dac028864e8a608e70d3ac2dbc05b3cd1e14"
-SRCREV_machine:qemumips64 ?= "2f830b0a13ad4dbe738960d9e7d255ac411064b4"
-SRCREV_machine ?= "7c82dac028864e8a608e70d3ac2dbc05b3cd1e14"
+SRCREV_machine:qemuarm ?= "4c3c9263f2df0559228f1edf79f1cfdbc17eb78e"
+SRCREV_machine:qemuarm64 ?= "4f4714e7a37c1803e55d3dfba63b0b3c79f3f13e"
+SRCREV_machine:qemumips ?= "8e9c4c18b99dc2a9607ab7aff55fbeb24e80a4fc"
+SRCREV_machine:qemuppc ?= "c21a9cc085e59393e0969fa8f4b29b7eb4d2f8d5"
+SRCREV_machine:qemuriscv64 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
+SRCREV_machine:qemuriscv32 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
+SRCREV_machine:qemux86 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
+SRCREV_machine:qemux86-64 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
+SRCREV_machine:qemumips64 ?= "fd55ed7972e2000134a014374c4c1d7ab4d9c6ff"
+SRCREV_machine ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
@@ -31,7 +31,7 @@ SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "80efc6265290d34b75921bf7294e0d9c5a8749dc"
+SRCREV_machine:class-devupstream ?= "57436264850706f50887bbb2148ee2cc797c9485"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.150"
+LINUX_VERSION ?= "5.15.151"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 09/23] linux-yocto/5.15: update CVE exclusions (5.15.151)
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (7 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 08/23] linux-yocto/5.15: update to v5.15.151 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 10/23] linux-yocto/5.15: update to v5.15.152 Steve Sakoman
` (13 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.luedtke@uwalumni.com
Subject: Update 25Feb24
Date: Sun, 25 Feb 2024 07:03:08 -0500
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/cve-exclusion_5.15.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 922d7f457f..32e066bda4 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-03-08 10:36:30.059302 for version 5.15.150
+# Generated at 2024-03-12 23:12:55.402667 for version 5.15.151
python check_kernel_cve_status_version() {
- this_version = "5.15.150"
+ this_version = "5.15.151"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 10/23] linux-yocto/5.15: update to v5.15.152
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (8 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 09/23] linux-yocto/5.15: update CVE exclusions (5.15.151) Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 11/23] linux-yocto/5.15: update CVE exclusions (5.15.152) Steve Sakoman
` (12 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
b95c01af2113 Linux 5.15.152
a1211bbf7814 serial: max310x: fix IO data corruption in batched operations
0ba485f90d97 serial: max310x: make accessing revision id interface-agnostic
31642219f27a regmap: Add bulk read/write callbacks into regmap_config
fbddd48f1456 regmap: allow to define reg_update_bits for no bus configuration
cad6da86ca98 ALSA: usb-audio: Sort quirk table entries
36dba3f4cd36 ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless
bfd36b1d1869 ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format()
a6f53df52b66 ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all
fd63fb84ed6d fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()
9b3834276bb6 proc: Use task_is_running() for wchan in /proc/$pid/stat
3c1b2776ef19 getrusage: use sig->stats_lock rather than lock_task_sighand()
ef2734e57cb9 getrusage: use __for_each_thread()
18c7394e46d8 getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
c5579e7280e6 getrusage: add the "signal_struct *sig" local variable
63e09c1f46d6 drm/amd/display: Increase frame-larger-than for all display_mode_vba files
f4442513e426 drm/amd/display: remove DML Makefile duplicate lines
b4bab46400a0 drm/amd/display: move calcs folder into DML
b00e4d44ac77 drm/amd/display: Re-arrange FPU code structure for dcn2x
b6d46f306b39 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
c4cfa93e5018 hv_netvsc: use netif_is_bond_master() instead of open code
760d0df3add5 selftests: mptcp: decrease BW in simult flows
9a9d00c23d17 drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
f57431896095 drm/amd/pm: do not expose the API used internally only in kv_dpm.c
0afbf40c0135 serial: max310x: prevent infinite while() loop in port startup
2fbf2c767b50 serial: max310x: use a separate regmap for each port
2161c5411d91 serial: max310x: use regmap methods for SPI batch operations
2aa7bcfdbb46 xhci: handle isoc Babble and Buffer Overrun events properly
56e9aeb2052c xhci: process isoc TD properly when there was a transaction error mid TD.
0d29b474fb90 selftests: mm: fix map_hugetlb failure on 64K page size systems
0b08eb637276 selftests/mm: switch to bash from sh
fdfc5fabe85a nfp: flower: add hardware offload check for post ct entry
245332d4e767 nfp: flower: add goto_chain_index for ct entry
666334fdf4c6 drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions
f354086d1bf7 ALSA: usb-audio: add quirk for RODE NT-USB+
80326ce1eb74 ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
f1a68c6a41c6 ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless
d16ae91186f3 ALSA: usb-audio: Add quirk for Tascam Model 12
7ce0a888d646 ALSA: usb-audio: Avoid superfluous endpoint setup
3191a00dbe04 ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params()
06b6de69cf16 ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params()
539493f147ff ALSA: usb-audio: Properly refcounting clock rate
56e28371faf4 ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2)
8ca3315bd876 ALSA: usb-audio: Clear fixed clock rate at closing EP
9830e7383f18 ALSA: usb-audio: Refcount multiple accesses on the single clock
0866afaff19d netrom: Fix data-races around sysctl_net_busy_read
c558e54f7712 netrom: Fix a data-race around sysctl_netrom_link_fails_count
f9c4d4246417 netrom: Fix a data-race around sysctl_netrom_routing_control
4eacb242e22e netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
489e05c614db netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
85f34d352f4b netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
33081e0f3489 netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
f84f7709486d netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
b8006cb0a34a netrom: Fix a data-race around sysctl_netrom_transport_timeout
775ed3549819 netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
b3f0bc3a315c netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
bbc21f134b89 netrom: Fix a data-race around sysctl_netrom_default_path_quality
101277e37d54 erofs: apply proper VMA alignment for memory mapped files on THP
b3c0f5538205 netfilter: nf_conntrack_h323: Add protection for bmp length out of range
bd9c90927a3c netfilter: nft_ct: fix l3num expectations with inet pseudo family
b562ebe21ed9 net/rds: fix WARNING in rds_conn_connect_if_down
f0363af9619c cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
cae330325795 net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
8d95465d9a42 net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
e46274df1100 net: sparx5: Fix use after free inside sparx5_del_mact_entry
e77e0b0f2a11 geneve: make sure to pull inner header in geneve_rx()
be3be07d237c tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
e72b4e5e16f6 i40e: disable NAPI right after disabling irqs when handling xsk_pool
533953fa90d1 ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
ea4e938d2ce4 net: lan78xx: fix runtime PM count underflow on link stop
5ae5060e17a3 mmc: mmci: stm32: fix DMA API overlapping mappings warning
287093040fc5 mmc: mmci: stm32: use a buffer for unaligned DMA requests
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index ba093b7450..b04b2cc0c4 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "b4217af54500ea854ec4c6112747546fd17ffbd1"
-SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
+SRCREV_machine ?= "79e97202861289d2981a843bbc582a779195a735"
+SRCREV_meta ?= "b2311094781ba22a890f766ca1a267f58ec7e51b"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.151"
+LINUX_VERSION ?= "5.15.152"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 3a19e17d80..f7b79b7395 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.151"
+LINUX_VERSION ?= "5.15.152"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "3046b9945907c6b02e6d9aff62d287872dc6e775"
-SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
+SRCREV_machine ?= "fdf03d698861bfa0f1403c1edda25343f675f3ee"
+SRCREV_meta ?= "b2311094781ba22a890f766ca1a267f58ec7e51b"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index f7db6becd1..1f89065b3b 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "4c3c9263f2df0559228f1edf79f1cfdbc17eb78e"
-SRCREV_machine:qemuarm64 ?= "4f4714e7a37c1803e55d3dfba63b0b3c79f3f13e"
-SRCREV_machine:qemumips ?= "8e9c4c18b99dc2a9607ab7aff55fbeb24e80a4fc"
-SRCREV_machine:qemuppc ?= "c21a9cc085e59393e0969fa8f4b29b7eb4d2f8d5"
-SRCREV_machine:qemuriscv64 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
-SRCREV_machine:qemuriscv32 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
-SRCREV_machine:qemux86 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
-SRCREV_machine:qemux86-64 ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
-SRCREV_machine:qemumips64 ?= "fd55ed7972e2000134a014374c4c1d7ab4d9c6ff"
-SRCREV_machine ?= "c38d1c100bbd13b4d4e72d8ac4b08a2d51ca6433"
-SRCREV_meta ?= "bef59dc5a78b4d101d1be23d4b36a73fd849241a"
+SRCREV_machine:qemuarm ?= "af0142e57319b881b5edb6a855b23b453859a66f"
+SRCREV_machine:qemuarm64 ?= "617055b77747babfeb22acd52962ec2c498e0589"
+SRCREV_machine:qemumips ?= "2a603975d4255ef5f59936905b3d42334a80f86f"
+SRCREV_machine:qemuppc ?= "b49c46381f7ff40b25fe9cdc4713007aff565cdb"
+SRCREV_machine:qemuriscv64 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
+SRCREV_machine:qemuriscv32 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
+SRCREV_machine:qemux86 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
+SRCREV_machine:qemux86-64 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
+SRCREV_machine:qemumips64 ?= "87b43be50f7fd159ca2451d8eb81caee2fc22e11"
+SRCREV_machine ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
+SRCREV_meta ?= "b2311094781ba22a890f766ca1a267f58ec7e51b"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "57436264850706f50887bbb2148ee2cc797c9485"
+SRCREV_machine:class-devupstream ?= "b95c01af211304429c11b8c8bdf791ab11f7f395"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.151"
+LINUX_VERSION ?= "5.15.152"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 11/23] linux-yocto/5.15: update CVE exclusions (5.15.152)
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (9 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 10/23] linux-yocto/5.15: update to v5.15.152 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 12/23] linux-yocto/5.15: update to v5.15.153 Steve Sakoman
` (11 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.luedtke@uwalumni.com
Subject: Update 25Feb24
Date: Sun, 25 Feb 2024 07:03:08 -0500
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/cve-exclusion_5.15.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 32e066bda4..f60ba5177a 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-03-12 23:12:55.402667 for version 5.15.151
+# Generated at 2024-03-19 17:41:49.053760 for version 5.15.152
python check_kernel_cve_status_version() {
- this_version = "5.15.151"
+ this_version = "5.15.152"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 12/23] linux-yocto/5.15: update to v5.15.153
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (10 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 11/23] linux-yocto/5.15: update CVE exclusions (5.15.152) Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 13/23] linux-yocto/5.15: update CVE exclusions (5.15.153) Steve Sakoman
` (10 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
9465fef4ae35 Linux 5.15.153
d180150ea714 remoteproc: stm32: fix incorrect optional pointers
85e26c4a74ff regmap: Add missing map->bus check
c10fed329c1c spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
839308cf7957 net: dsa: mt7530: fix handling of all link-local frames
cb302aa9948d net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
70424a8f4585 net: dsa: mt7530: fix handling of 802.1X PAE frames
c210fb3c45d7 net: dsa: mt7530: fix handling of LLDP frames
387daae8b092 bpf: report RCU QS in cpumap kthread
2f1d402dcc01 net: report RCU QS on threaded NAPI repolling
083657dc7cc7 rcu: add a helper to report consolidated flavor QS
640dbf688ba9 netfilter: nf_tables: do not compare internal table flags on updates
362508506bf5 netfilter: nft_set_pipapo: release elements in clone only from destroy path
772f18ded0e2 octeontx2-af: Use separate handlers for interrupts
8ffcd3ccdbda net/bnx2x: Prevent access to a freed page in page_pool
f1e560cdb132 net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
5deee0f7c292 hsr: Handle failures in module init
8c378cc522ae rds: introduce acquire/release ordering in acquire/release_in_xmit()
d691be84ab89 wireguard: receive: annotate data-race around receiving_counter.counter
2b2f8d166fcc vdpa/mlx5: Allow CVQ size changes
4d61084c5cfd net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
f85c87a80328 net: veth: do not manipulate GRO when using XDP
d35b62c224e7 packet: annotate data-races around ignore_outgoing
9fcadd125044 net: ethernet: mtk_eth_soc: fix PPE hanging issue
448cc8b5f743 net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
c5c0760adc26 net: mtk_eth_soc: move MAC_MCR setting to mac_finish()
a809bbfd0e50 hsr: Fix uninit-value access in hsr_get_node()
ccafa081bece soc: fsl: dpio: fix kcalloc() argument order
4b9d72498df0 s390/vtime: fix average steal time calculation
8fdc7b408a55 octeontx2-af: Use matching wake_up API variant in CGX command interface
aa5ab5ce3496 nouveau: reset the bo resource bus info after an eviction
deb5946255e0 io_uring: don't save/restore iowait state
1049fa4d02fd usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
463c429bdd56 staging: greybus: fix get_channel_from_mode() failure path
6c619223aa21 serial: 8250_exar: Don't remove GPIO device on suspend
f867ba8ea1f3 rtc: mt6397: select IRQ_DOMAIN instead of depending on it
04dd61330fe8 kconfig: fix infinite loop when expanding a macro at the end of file
3019ad4a0282 arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
c220378081ca tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
e6011abe0cc1 serial: max310x: fix syntax error in IRQ error message
19b21318377e tty: vt: fix 20 vs 0x20 typo in EScsiignore
ea34c1c1f317 remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef
dd68756ae351 remoteproc: stm32: Fix incorrect type in assignment for va
a48c24ccc6b9 remoteproc: stm32: use correct format strings on 64-bit
da0ad1bdc659 comedi: comedi_test: Prevent timers rescheduling during deletion
a6ffae61ad9e afs: Revert "afs: Hide silly-rename files from userspace"
fa3ac8b1a227 f2fs: compress: fix reserve_cblocks counting error when out of space
6ca2ea698d47 NFS: Fix an off by one in root_nfs_cat()
704dc0138718 watchdog: stm32_iwdg: initialize default timeout
446f55d0d4f0 NFSv4.2: fix listxattr maximum XDR buffer size
9d52865ff282 NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
6233dbe9ca1c net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
83edcda1d855 scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
16a5bed6d265 RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
ed3e66d86ec3 RDMA/device: Fix a race between mad_client and cm_client init
a27984f631e8 scsi: csiostor: Avoid function pointer casts
4a411fc3363f f2fs: compress: fix to check unreleased compressed cluster
7d420eaaa18e f2fs: compress: fix to cover normal cluster write with cp_rwsem
ed22aef701f4 f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
b2713af17ac9 f2fs: invalidate meta pages only for post_read required inode
6117d8b79f48 f2fs: fix to invalidate META_MAPPING before DIO write
5d553a56de27 f2fs: replace congestion_wait() calls with io_schedule_timeout()
bc7e7e7d647c f2fs: invalidate META_MAPPING before IPU/DIO write
4a543790fdc3 f2fs: multidevice: support direct IO
6413e78086ca RDMA/srpt: Do not register event handler until srpt device is fully setup
9af1658ba293 ALSA: usb-audio: Stop parsing channels bits when all channels are found.
e9fbee067379 ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
01511ac7be8e clk: zynq: Prevent null pointer dereference caused by kmalloc failure
0efb9ef6fb95 clk: Fix clk_core_get NULL dereference
d83d70b25d2d sparc32: Fix section mismatch in leon_pci_grpci
e4723c6b3e79 backlight: lp8788: Fully initialize backlight_properties during probe
73f547f2598a backlight: lm3639: Fully initialize backlight_properties during probe
d01286f9911c backlight: da9052: Fully initialize backlight_properties during probe
28e37f97b161 backlight: lm3630a: Don't set bl->props.brightness in get_brightness
a80fb03dda21 backlight: lm3630a: Initialize backlight_properties on init
f28b72162f05 leds: sgm3140: Add missing timer cleanup and flash gpio control
663dea03055d leds: aw2013: Unlock mutex before destroying it
d63abda6c8b3 powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
6a3d4afc5499 modules: wait do_free_init correctly
a91eef04a775 module: Add support for default value for module async_probe
6304ed16038d drm/msm/dpu: add division of drm_display_mode's hskew parameter
f4108b28dce0 powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
9beec711a172 drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
e5aaa9f8dbc5 media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
24e51d6eb578 media: ttpci: fix two memleaks in budget_av_attach
790fa2c04dfb media: go7007: fix a memleak in go7007_load_encoder
d20b64f156de media: dvb-frontends: avoid stack overflow warnings with clang
eb6e9dce979c media: pvrusb2: fix uaf in pvr2_context_set_notify
d8e83a625cee drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
815d1f1c6714 HID: amd_sfh: Update HPD sensor structure elements
8abf014e0c79 ASoC: meson: axg-tdm-interface: add frame rate constraint
844101226143 ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
e3adf12624bb mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
7178a272490d mtd: maps: physmap-core: fix flash size larger than 32-bit
3ae4bd815fd3 drm/tidss: Fix initial plane zpos values
9cc746346dc5 crypto: arm/sha - fix function cast warnings
010cf12f596a mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref
1d50e295784e mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
240c4f1159f7 drm/tegra: put drm_gem_object ref on error in tegra_fb_create
3f8445f1c746 clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
62d92b3507fe clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
118a7113db31 PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
754646012867 drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
4e37c5342236 clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
fe68cf273906 media: pvrusb2: fix pvr2_stream_callback casts
4f2a1657f9ab media: pvrusb2: remove redundant NULL check
8e19050ab9b9 media: go7007: add check of return value of go7007_read_addr()
b1d0eebaf87c media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
f27bcdae5730 media: sun8i-di: Fix chroma difference threshold
de09db4e5d10 media: sun8i-di: Fix power on/off sequences
4bdc1b352ec0 media: sun8i-di: Fix coefficient writes
a62b9f3d7bbf NTB: fix possible name leak in ntb_register_device()
87d306cdeb9e NTB: EPF: fix possible memory leak in pci_vntb_probe()
e2b6ef72b7ae PCI: endpoint: Support NTB transfer between RC and EP
caf5cf099016 powerpc: Force inlining of arch_vmap_p{u/m}d_supported()
4eb47ae93f4d ASoC: meson: t9015: fix function pointer type mismatch
a3fec4744621 ASoC: meson: aiu: fix function pointer type mismatch
a26425b7624d ASoC: meson: Use dev_err_probe() helper
3d1d02973414 perf stat: Avoid metric-only segv
3cae4f4153d3 ALSA: seq: fix function cast warnings
7378234eeeac drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
abb9bea45b43 perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
03e6d4e94843 crypto: xilinx - call finalize with bh disabled
ce6e3c04119b PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
0bdb56eae235 PCI/P2PDMA: Fix a sleeping issue in a RCU read section
56cad01c5463 quota: Fix rcu annotations of inode dquot pointers
1ca72a3de915 quota: Fix potential NULL pointer dereference
f2ddd8103f00 quota: simplify drop_dquot_ref()
f630ba2386c8 clk: qcom: reset: Ensure write completion on reset de/assertion
e5bb4f4324e9 clk: qcom: reset: Commonize the de/assert functions
e8c71db0d8f1 pinctrl: mediatek: Drop bogus slew rate register range for MT8192
0d3fe80b6d17 media: edia: dvbdev: fix a use-after-free
dc866b69cc51 media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
770a57922ce3 media: v4l2-tpg: fix some memleaks in tpg_alloc
e9d05d5d8411 media: em28xx: annotate unchecked call to media_device_register()
a03ed00787b0 clk: meson: Add missing clocks to axg_clk_regmaps
54985391dec2 perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample()
6ac7c7a3a9ab drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
440f05983741 drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
d54877c83528 HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
d9f8bbc6d7cf perf record: Fix possible incorrect free in record__switch_output()
87658f16082b PCI/DPC: Print all TLP Prefixes, not just the first
b8505a1aee8f media: tc358743: register v4l2 async device only after successful setup
4c309e06aa90 dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
746606d37d66 drm/lima: fix a memleak in lima_heap_alloc
1bb5fea94e62 drm/rockchip: lvds: do not print scary message when probing defer
f3afb5361819 drm/rockchip: lvds: do not overwrite error code
03b1072616a8 drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
5eaa1597e231 drm/ttm: add ttm_resource_fini v2
2fa491a1f4a8 drm: Don't treat 0 as -1 in drm_fixp2int_ceil
c780f00854af drm/rockchip: inno_hdmi: Fix video timing
13c121279941 drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe()
5c8dc26e31b8 drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()
7ec1d3cab93e drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()
527bf2adf012 drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+
bfd52f7df633 drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
1d2f14eb47ad drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
26827907c27e drm/tegra: dsi: Make use of the helper function dev_err_probe()
56ec754fd767 drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe
49ebcae0b9b8 drm/tegra: dpaux: Populate AUX bus
93128052bf83 drm/tegra: dsi: Add missing check for of_find_device_by_node
03ad5ad53e51 dm: call the resume method on internal suspend
85177297117c dm raid: fix false positive for requeue needed during reshape
0d387dc503f9 nfp: flower: handle acti_netdevs allocation failure
3538d11d2a06 net/x25: fix incorrect parameter validation in the x25_getsockopt() function
382df231ab3d net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
3a32dce1adcd udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
6482113f9c75 l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
3988110ecf68 ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function
71ce163f3e91 bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
07aa35a50fe6 bpf: net: Change sk_getsockopt() to take the sockptr_t argument
25e5c9b20e0a net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr
400298502354 tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
c09fc67777b8 OPP: debugfs: Fix warning around icc_get_name()
78a60f910353 net: phy: dp83822: Fix RGMII TX delay configuration
fedd8c7d29f4 net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
f82d65e8f7ff net: hns3: fix port duplex configure error in IMP reset
23ec1cec2429 net: hns3: fix kernel crash when 1588 is received on HIP08 devices
0e939a002c8a net: phy: fix phy_get_internal_delay accessing an empty array
5c03387021cf net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
65fb1d271cbc ipv6: fib6_rules: flush route cache when rule is changed
ca1f06e72dec bpf: Fix stackmap overflow check on 32-bit arches
3b08cfc65f07 bpf: Fix hashtab overflow check on 32-bit arches
c826502bed93 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
276873ae26c8 sr9800: Add check for usbnet_get_endpoints
2e845867b4e2 Bluetooth: hci_core: Fix possible buffer overflow
89c69e83ff0a Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
9609476b3a16 Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
88f846f352b8 Bluetooth: Remove superfluous call to hci_conn_check_pending()
4b5dc615f1cf igb: Fix missing time sync events
5cd7afd64b6e igb: move PEROUT and EXTTS isr logic to separate functions
d70f1c85113c iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
626b03daea32 PCI: Make pci_dev_is_disconnected() helper public for other drivers
4137f25b5351 wifi: rtw88: 8821c: Fix false alarm count
250a78863cdf mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
dd292e884c64 SUNRPC: fix some memleaks in gssx_dec_option_array
c7cff9780297 x86, relocs: Ignore relocations in .notes section
40876d07d292 ACPI: scan: Fix device check notification handling
10e607fbc91b ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
cc06efd8a6be ACPI: resource: Do IRQ override on Lunnen Ground laptops
b53985826190 ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
95531c0d3727 arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
941c6ee6f77d ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
ff54c712f046 ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
3ebcd8f11aa8 ARM: dts: imx6dl-yapp4: Move phy reset into switch node
ce92a8c7cf70 arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes
a022251c2f95 arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values
3c0cc753d798 ARM: dts: arm: realview: Fix development chip ROM compatible value
276f4abe4e5b net: ena: Remove ena_select_queue
90613c76f71c wifi: brcmsmac: avoid function pointer casts
b96bc1b25963 iommu/amd: Mark interrupt as managed
6a87552d0a81 bus: tegra-aconnect: Update dependency to ARCH_TEGRA
1cbaf4c793b0 ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
fe20e3d56bc9 wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
0454915c836b wireless: Remove redundant 'flush_workqueue()' calls
487eff913ea9 bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
fcd58c69a372 arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
e66285df73c0 arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs
657633a0b5f5 arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables
ecec357981ec arm64: dts: mt8183: kukui: Add Type C node
9d159d6637cc ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
a6a50788b46b s390/vdso: drop '-fPIC' from LDFLAGS
f94625ec5747 wifi: iwlwifi: mvm: don't set replay counters to 0xff
4745cba3703c pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
55908ea9812e pwm: sti: Implement .apply() callback
e888c4461e10 wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
d20d45631feb net: blackhole_dev: fix build warning for ethh set but not used
95ac8e3ef2a3 pwm: atmel-hlcdc: Fix clock imbalance related to suspend support
a1716999f8ae pwm: atmel-hlcdc: Use consistent variable naming
81f0b319f0d4 pwm: atmel-hlcdc: Convert to platform remove callback returning void
98b0d4693934 arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
128a7fb7e84b wifi: iwlwifi: fix EWRD table validity check
96aa40761673 wifi: iwlwifi: dbg-tlv: ensure NUL termination
3a5d424cffa2 wifi: iwlwifi: mvm: report beacon protection failures
f8ff4b4df71e wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
4287534cb520 arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board
d01012b6d6bc arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage
41af98f22083 arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD card
db25bbd2c294 arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board
f7e55ad75245 arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM
d7fcdcf4ec35 cpufreq: mediatek-hw: Don't error out if supply is not found
8a029ee1e392 af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
e0d29c4def15 bpftool: Silence build warning about calloc()
3b71a6981ef8 inet_diag: annotate data-races around inet_diag_table[]
00d40ab2c03f sock_diag: annotate data-races around sock_diag_handlers[family]
0f632a68804d cpufreq: mediatek-hw: Wait for CPU supplies before probing
2cb670b272dd cpufreq: Explicitly include correct DT includes
d951cf510fb0 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
f75e3536dbbc wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
df78377485ef wifi: wilc1000: fix multi-vif management when deleting a vif
ac512507ac89 wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
d80fc436751c wifi: wilc1000: fix RCU usage in connect path
11b564991b53 wifi: wilc1000: fix declarations ordering
bc4bc7464639 wifi: b43: Disable QoS for bcm4331
66ef38ad9754 wifi: b43: Stop correct queue in DMA worker when QoS is disabled
b05f6cd6c069 wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
04a2b6eff2ae wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
4c4e592266b6 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
b10ff1130fa4 sched/fair: Take the scheduling domain into account in select_idle_core()
3c1122aee91e timekeeping: Fix cross-timestamp interpolation for non-x86
aa74fd5ccb8b timekeeping: Fix cross-timestamp interpolation corner case decision
48c70f35f6a6 timekeeping: Fix cross-timestamp interpolation on counter wrap
7dd09fa80b07 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
53609f5c0592 rtc: test: Fix invalid format specifier.
3eafb6816dcb time: test: Fix incorrect format specifier
770332c1fd0a lib/cmdline: Fix an invalid format specifier in an assertion msg
01db522d003f md: Don't clear MD_CLOSING when the raid is about to stop
25d99f7baa13 fs/select: rework stack allocation hack for clang
98e60b538e66 nbd: null check for nla_nest_start
edbdb0d94143 s390/dasd: fix double module refcount decrement
bb126ed29f4e s390/dasd: Use dev_*() for device log messages
3404d535bdc2 s390/dasd: add autoquiesce feature
932600a295cc s390/dasd: add copy pair setup
2c42dab80a03 s390/dasd: add query PPRC function
815348211f30 s390/dasd: put block allocation in separate function
423b6bdf19bb do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
50982ce0f177 ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
2a239a9487f7 ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
648bd8ef211d ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
aa345a4d9b32 Input: gpio_keys_polled - suppress deferred probe error for gpio
4bd9d06bdff7 ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
91b4bfed82c4 firewire: core: use long bus reset on gap count error
8d1753973f59 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
9a1de3adf7d1 drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
c4e2f6081506 ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
d157b06c1030 scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
0c255fb9b1a6 dm-verity, dm-crypt: align "struct bvec_iter" correctly
f6cbb4843c61 block: sed-opal: handle empty atoms when parsing response
d7c5c0335a9a parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
59be50a37f37 net/iucv: fix the allocation size of iucv_path_table array
e8a67fe34b76 x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
e2d5cf0dcb9f x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
7e13a78e2ba4 riscv: dts: sifive: add missing #interrupt-cells to pmic
cf71090a5941 RDMA/mlx5: Relax DEVX access upon modify commands
60ba938a8bc8 RDMA/mlx5: Fix fortify source warning while accessing Eth segment
e524979a8a3b gen_compile_commands: fix invalid escape sequence warning
802eb0254fc1 HID: multitouch: Add required quirk for Synaptics 0xcddc device
581d99d2f688 MIPS: Clear Cause.BD in instruction_pointer_set
8082bccb7ac4 x86/xen: Add some null pointer checking to smp.c
333de5a9753e ASoC: rt5645: Make LattePanda board DMI match more precise
0d7cfe2ef5a7 selftests: tls: use exact comparison in recv_partial
37d98fb9c314 bpf: Defer the free of inner map when necessary
d8140159a214 rcu-tasks: Provide rcu_trace_implies_rcu_gp()
d909d381c315 io_uring: drop any code related to SCM_RIGHTS
9dd3863e3fcd io_uring/unix: drop usage of io_uring socket
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index b04b2cc0c4..5ad7febb20 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "79e97202861289d2981a843bbc582a779195a735"
-SRCREV_meta ?= "b2311094781ba22a890f766ca1a267f58ec7e51b"
+SRCREV_machine ?= "bf104e8f5db008e45d982ff2d96b136e619be9ee"
+SRCREV_meta ?= "0b6359f487c6f8dc0d6adb061dd5afe476cc71a2"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.152"
+LINUX_VERSION ?= "5.15.153"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index f7b79b7395..a55ad58eaa 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.152"
+LINUX_VERSION ?= "5.15.153"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "fdf03d698861bfa0f1403c1edda25343f675f3ee"
-SRCREV_meta ?= "b2311094781ba22a890f766ca1a267f58ec7e51b"
+SRCREV_machine ?= "4ef577ca14a247aa0c3283ad1fc3f5c9dcc80e63"
+SRCREV_meta ?= "0b6359f487c6f8dc0d6adb061dd5afe476cc71a2"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 1f89065b3b..8026be18a8 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "af0142e57319b881b5edb6a855b23b453859a66f"
-SRCREV_machine:qemuarm64 ?= "617055b77747babfeb22acd52962ec2c498e0589"
-SRCREV_machine:qemumips ?= "2a603975d4255ef5f59936905b3d42334a80f86f"
-SRCREV_machine:qemuppc ?= "b49c46381f7ff40b25fe9cdc4713007aff565cdb"
-SRCREV_machine:qemuriscv64 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
-SRCREV_machine:qemuriscv32 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
-SRCREV_machine:qemux86 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
-SRCREV_machine:qemux86-64 ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
-SRCREV_machine:qemumips64 ?= "87b43be50f7fd159ca2451d8eb81caee2fc22e11"
-SRCREV_machine ?= "1d307abeff1ecca864d5d978023a403b87e241cb"
-SRCREV_meta ?= "b2311094781ba22a890f766ca1a267f58ec7e51b"
+SRCREV_machine:qemuarm ?= "019dfee2a419e087baacbfca08d7bbb2bfd26ec5"
+SRCREV_machine:qemuarm64 ?= "17269f6b7e7ddf2178fb957f7e3f4c038de10f51"
+SRCREV_machine:qemumips ?= "a0b4f69bd55db8f36a749febbe952ed635677faf"
+SRCREV_machine:qemuppc ?= "9768dfa1dde96b13c14a40a7abb936217d8ac1ef"
+SRCREV_machine:qemuriscv64 ?= "163500b871852fd7eb5f148948583ca7bed338db"
+SRCREV_machine:qemuriscv32 ?= "163500b871852fd7eb5f148948583ca7bed338db"
+SRCREV_machine:qemux86 ?= "163500b871852fd7eb5f148948583ca7bed338db"
+SRCREV_machine:qemux86-64 ?= "163500b871852fd7eb5f148948583ca7bed338db"
+SRCREV_machine:qemumips64 ?= "5a278da2a79b5b84ce6bb6a6e19af7b1f30af0b2"
+SRCREV_machine ?= "163500b871852fd7eb5f148948583ca7bed338db"
+SRCREV_meta ?= "0b6359f487c6f8dc0d6adb061dd5afe476cc71a2"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "b95c01af211304429c11b8c8bdf791ab11f7f395"
+SRCREV_machine:class-devupstream ?= "9465fef4ae351749f7068da8c78af4ca27e61928"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.152"
+LINUX_VERSION ?= "5.15.153"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 13/23] linux-yocto/5.15: update CVE exclusions (5.15.153)
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (11 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 12/23] linux-yocto/5.15: update to v5.15.153 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 14/23] linux-yocto/5.15: update to v5.15.155 Steve Sakoman
` (9 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.luedtke@uwalumni.com
Subject: Update 25Feb24
Date: Sun, 25 Feb 2024 07:03:08 -0500
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/cve-exclusion_5.15.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index f60ba5177a..c163fe4938 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-03-19 17:41:49.053760 for version 5.15.152
+# Generated at 2024-03-28 13:46:59.505239 for version 5.15.153
python check_kernel_cve_status_version() {
- this_version = "5.15.152"
+ this_version = "5.15.153"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 14/23] linux-yocto/5.15: update to v5.15.155
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (12 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 13/23] linux-yocto/5.15: update CVE exclusions (5.15.153) Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 15/23] linux-yocto/5.15: update CVE exclusions (5.15.155) Steve Sakoman
` (8 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
fa3df276cd36 Linux 5.15.155
b54c4632946a Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"
1793e6b2dae0 VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
dd883e0138f1 Bluetooth: btintel: Fixe build regression
bb6b88270714 platform/x86: intel-vbtn: Update tablet mode switch at end of probe
dfb2ce952143 randomize_kstack: Improve entropy diffusion
7cfee26d1950 x86/mm/pat: fix VM_PAT handling in COW mappings
abfae420789a virtio: reenable config if freezing device failed
5d17986cbfd5 gcc-plugins/stackleak: Avoid .head.text section
7e0bd07ce965 gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
2d154a54c58f tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
6cbbe1ba76ee netfilter: nf_tables: discard table flag update with pending basechain deletion
eb769ff4e281 netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
37fc2cde9d19 netfilter: nf_tables: release batch on table validation from abort path
48d6bcfc3175 fbmon: prevent division by zero in fb_videomode_from_videomode()
e2ce8625c321 drivers/nvme: Add quirks for device 126f:2262
871e695c08a3 fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
3beea96d4fc8 ASoC: soc-core.c: Skip dummy codec when adding platforms
eb7e92dbdc78 usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
e0db818c0871 usb: typec: tcpci: add generic tcpci fallback compatible
b6b12f4577a1 tools: iio: replace seekdir() in iio_generic_buffer
1d5276914eb7 ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
39438227f888 ktest: force $buildonly = 1 for 'make_warnings_file' test type
72794acdd16b platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
18c51d97a242 Input: allocate keycode for Display refresh rate toggle
baf8a6d2cdd1 RDMA/cm: add timeout to cm_destroy_id wait
21e7d72d0cfc block: prevent division by zero in blk_rq_stat_sum()
be113e082b65 libperf evlist: Avoid out-of-bounds access
5dcded25c7e1 Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
504eb6b26ce8 SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
343586deb873 drm/amd/display: Fix nanosec stat overflow
ad207d1ca6d5 ext4: forbid commit inconsistent quota data when errors=remount-ro
19b7a1ff81b7 ext4: add a hint for block bitmap corrupt state in mb_groups
85f315792fac ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
09de9c3614ad media: sta2x11: fix irq handler cast
46e8711231b2 isofs: handle CDs with bad root inode but good Joliet root directory
7849e6f8410d scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
fd203d2c671b sysv: don't call sb_bread() with pointers_lock held
0b75d679e88f pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
f917c66b1135 Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
006936ecb4ed Bluetooth: btintel: Fix null ptr deref in btintel_read_version
b9117dc783c0 net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
2f6174fd4ccf btrfs: send: handle path ref underflow in header iterate_inode_ref()
a83c1f67a0f7 btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
d1ffa4ae2d59 btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
805a1cdde82f wifi: ath11k: decrease MHI channel buffer length to 8KB
0f22f30f79a8 net: pcs: xpcs: Return EINVAL in the internal methods
9a16a0d03305 tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
0ff96ec22a84 pstore/zone: Add a null pointer check to the psz_kmsg_read
35f6b46eeb03 ionic: set adminq irq affinity
ba30ee96e87a arm64: dts: rockchip: fix rk3399 hdmi ports node
ba580534db14 arm64: dts: rockchip: fix rk3328 hdmi ports node
64a7694c851c cpuidle: Avoid potential overflow in integer multiplication
f4e70f422b76 panic: Flush kernel log buffer at the end
130b0cd06487 VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
9ab8e24e81b9 wifi: ath9k: fix LNA selection in ath_ant_try_scan()
ff45899e732e net: dsa: fix panic when DSA master device unbinds on shutdown
cbac7de1d990 amdkfd: use calloc instead of kzalloc to avoid integer overflow
cdfd0a7f0139 Linux 5.15.154
8d8dc7ee5b98 x86: set SPECTRE_BHI_ON as default
a976b129dc86 KVM: x86: Add BHI_NO
c2b9e038896f x86/bhi: Mitigate KVM by default
f825494f2c6f x86/bhi: Add BHI mitigation knob
aa6247c9da25 x86/bhi: Enumerate Branch History Injection (BHI) bug
a9ca0e34a406 x86/bhi: Define SPEC_CTRL_BHI_DIS_S
bd53ec80f218 x86/bhi: Add support for clearing branch history at syscall entry
55516b355b0c x86/syscall: Don't force use of indirect calls for system calls
276fb9a658d0 x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
b9c5f7da76b1 nvme: fix miss command type check
d225b0ac96dc gro: fix ownership transfer
6564b014af92 mm/secretmem: fix GUP-fast succeeding on secretmem folios
a479b4de11dd mptcp: don't account accept() of non-MPC client as fallback to TCP
1f7e13d3e870 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
ff137c5c0dcf x86/bugs: Fix the SRSO mitigation on Zen3/4
dff6072124f6 riscv: process: Fix kernel gp leakage
fd9662109deb riscv: Fix spurious errors from __get/put_kernel_nofault
6135537e1e66 s390/entry: align system call table on 8 bytes
f860595512ff x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
3ee242410754 of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
03c356860b8b driver core: Introduce device_link_wait_removal()
5e32c0cc476d ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
de48795233cc fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
eaaaa49593e9 openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached
58e5349bb4ed HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running
f7a3090bfd3b nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
00f7576062a7 ata: sata_mv: Fix PCI device ID table declaration compilation warning
e0ad4c270670 scsi: mylex: Fix sysfs buffer lengths
117d7ef3190c ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
e9b71370cbc7 ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
562adaf79df4 ASoC: rt711-sdw: fix locking sequence
bcf894d7eebe ASoC: rt711-sdca: fix locking sequence
b53cf951389c ASoC: rt5682-sdw: fix locking sequence
9df33e57f5c9 net: ravb: Always process TX descriptor ring
fcc739d7f034 net: fec: Set mac_managed_pm during probe
498cc233c460 drivers: net: convert to boolean for the mac_managed_pm flag
0985fbfbcb8f net: usb: asix: suspend embedded PHY if external is used
342cb04dcf2a i40e: Enforce software interrupt during busy-poll exit
c9bcd6465538 i40e: Remove _t suffix from enum type names
2a0a64c9d1d5 i40e: Store the irq number in i40e_q_vector
bf7396ec564f Revert "usb: phy: generic: Get the vbus supply"
506a9ec5d3f1 scsi: qla2xxx: Update manufacturer detail
315c4527cdd8 scsi: qla2xxx: Update manufacturer details
951d2748a2a8 i40e: fix vf may be used uninitialized in this function warning
8db472e17dec i40e: fix i40e_count_filters() to count only active/new filters
f53bea1c7971 octeontx2-pf: check negative error code in otx2_open()
ec694ca1567e octeontx2-af: Fix issue with loading coalesced KPU profiles
73a328df2c4a udp: prevent local UDP tunnel packets from being GROed
7223f4ee4f31 udp: do not transition UDP GRO fraglist partial checksums to unnecessary
d49ae15a5767 udp: do not accept non-tunnel GSO skbs landing in a tunnel
63a10b530e22 mlxbf_gige: stop interface during shutdown
40a344b2ddc0 ipv6: Fix infinite recursion in fib6_dump_done().
61f5b43bc04e selftests: reuseaddr_conflict: add missing new line at the end of the output
ee0088101bee erspan: make sure erspan_base_hdr is present in skb->head
3f9a8b794fc9 selftests: net: gro fwd: update vxlan GRO test expectations
457c832a0c5d net: stmmac: fix rx queue priority assignment
a097fc199ab5 net/sched: act_skbmod: prevent kernel-infoleak
d1e73fb19a4c bpf, sockmap: Prevent lock inversion deadlock in map delete elem
465abe8a7af4 vboxsf: Avoid an spurious warning if load_nls_xxx() fails
440e948cf0ef netfilter: validate user input for expected length
2485bcfe05ee netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
f7e3c88cc2a9 netfilter: nf_tables: flush pending destroy work before exit_net release
8ba81dca416a netfilter: nf_tables: reject new basechain after table flag update
a9bd6bb6f02b KVM: x86: Mark target gfn of emulated atomic instruction as dirty
bd9a25a0228e KVM: x86: Bail to userspace if emulation of atomic user access faults
a7c6a643b25b thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
8d7132a67eeb mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
b279ddce1030 Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
a180ca336989 io_uring: ensure '0' is returned on file registration success
fe9df687e74a locking/rwsem: Disable preemption while trying for rwsem lock
d49fac38479b net/rds: fix possible cp null dereference
4143b9479caa xen-netfront: Add missing skb_mark_for_recycle
a8170af8b10e Bluetooth: Fix TOCTOU in HCI debugfs implementation
d6cfb0d7bb2d Bluetooth: hci_event: set the conn encrypted before conn establishes
96bd0de3915f arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
76299c3f11b4 x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
571d80f8a458 x86/cpufeatures: Add new word for scattered features
9956d0504f0b r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
b8438db83732 dm integrity: fix out-of-range warning
bef3bc962dcc Octeontx2-af: fix pause frame configuration in GMP mode
37dc1718dc0c bpf: Protect against int overflow for stack access size
a583117668dd mlxbf_gige: call request_irq() after NAPI initialized
85c410f65b36 ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
2e43d8eba6ed tcp: properly terminate timers for kernel sockets
744494dbb058 s390/qeth: handle deferred cc1
2fb283e2f3cc ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
28db0ae86cb9 wifi: iwlwifi: mvm: rfi: fix potential response leaks
254f1c252171 iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy
d60ff8e04b17 mlxbf_gige: stop PHY during open() error paths
ac68d9fa09e4 nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
5e1984aba37a USB: UAS: return ENODEV when submit urbs fail with device not attached
e38f1ea6cbc5 scsi: usb: Stop using the SCSI pointer
172800c69cd0 scsi: usb: Call scsi_done() directly
1b175bc579f4 USB: core: Fix deadlock in usb_deauthorize_interface()
ea8839e31942 scsi: lpfc: Correct size for wqe for memset()
0f608ce96520 PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
ff5305ec8c0e x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
34c0786ef6c7 scsi: qla2xxx: Delay I/O Abort on PCI error
d37f3b14da07 scsi: qla2xxx: Change debug message during driver unload
b03e626bd6d3 scsi: qla2xxx: Fix double free of fcport
a859f6a8f423 scsi: qla2xxx: Fix command flush on cable pull
0bd653100a8e scsi: qla2xxx: NVME|FCP prefer flag not being honored
a139d643c5d6 scsi: qla2xxx: Split FCE|EFT trace control
002caa257783 scsi: qla2xxx: Fix N2N stuck connection
786121320183 scsi: qla2xxx: Prevent command send on chip reset
f18f5fcdaa8c usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
ad165b37fd4f usb: typec: ucsi: Ack unsupported commands
df5cbb908f16 usb: udc: remove warning when queue disabled ep
7de1df3212d8 usb: dwc2: gadget: LPM flow fix
2cf845a770d6 usb: dwc2: gadget: Fix exiting from clock gating
32d3f2f108eb usb: dwc2: host: Fix ISOC flow in DDMA mode
555be0cc2a2f usb: dwc2: host: Fix hibernation flow
3b1a9f852b4c usb: dwc2: host: Fix remote wakeup from hibernation
489e8064ac00 USB: core: Add hub_get() and hub_put() routines
7094516d7b30 staging: vc04_services: fix information leak in create_component()
77a46fbfe6ae staging: vc04_services: changen strncpy() to strscpy_pad()
cea234bb214b scsi: core: Fix unremoved procfs host directory regression
8c9902216816 ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
8bf22f8d1d53 drm/amd/display: Preserve original aspect ratio in create stream
9e6bb089649a drm/amdgpu: Use drm_mode_copy()
a86e54a34513 usb: cdc-wdm: close race between read and workqueue
ac9b6b3e8d12 drm/i915/gt: Reset queue_priority_hint on parking
553d294db94b net: ll_temac: platform_get_resource replaced by wrong function
81b8645feca0 mmc: core: Avoid negative index with array access
0ecd5689767b mmc: core: Initialize mmc_blk_ioc_data
f2bbbeb8287f hexagon: vmlinux.lds.S: handle attributes section
818e531cfb1d exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
c8bddbd91bc8 wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
56e05d28c39b btrfs: zoned: use zone aware sb location for scrub
3f0cda401d6e init: open /initrd.image with O_LARGEFILE
c612edbc5ec6 mm/migrate: set swap entry values of THP tail pages properly.
e635f652696e serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
250219c6a556 vfio/fsl-mc: Block calling interrupt handler without trigger
cc5838f19d39 vfio/platform: Create persistent IRQ handlers
4cb0d7532126 vfio/pci: Create persistent INTx handler
26a6a1e0b4ec vfio: Introduce interface to flush virqfd inject workqueue
ec73e0797292 vfio/pci: Lock external INTx masking ops
b7a2f0955ffc vfio/pci: Disable auto-enable of exclusive INTx IRQ
c035ce9feb0c selftests: mptcp: diag: return KSFT_FAIL not test_cnt
dc394fe41d6b powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
9bc9c11c151a efivarfs: Request at most 512 bytes for variable names
36b5c35d43aa perf/core: Fix reentry problem in perf_output_read_group()
ccd9fe71b9ee nfsd: Fix a regression in nfsd_setattr()
e90402fb0697 nfsd: don't call locks_release_private() twice concurrently
8b4fa191deed nfsd: don't take fi_lock in nfsd_break_deleg_cb()
c6f8b3fcc627 nfsd: fix RELEASE_LOCKOWNER
32c2cb2c0d37 nfsd: drop the nfsd_put helper
c52fee7a1f98 nfsd: call nfsd_last_thread() before final nfsd_put()
2267b2e84593 lockd: introduce safe async lock op
6e5fed48d8b7 NFSD: fix possible oops when nfsd/pool_stats is closed.
394d3f294a9a Documentation: Add missing documentation for EXPORT_OP flags
56e5eeff6cfa nfsd: separate nfsd_last_thread() from nfsd_put()
dec6b8bcac73 nfsd: Simplify code around svc_exit_thread() call in nfsd()
05b452e8748b nfsd: Fix creation time serialization order
760a6f755d94 NFSD: Add an nfsd4_encode_nfstime4() helper
663ec8f5ffc4 lockd: drop inappropriate svc_get() from locked_get()
9b405c0f84d9 nfsd: fix double fget() bug in __write_ports_addfd()
645c1b4b139b nfsd: make a copy of struct iattr before calling notify_change
4e6e49829151 NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
786e3248d5ef nfsd: simplify the delayed disposal list code
a53d804930dc NFSD: Convert filecache to rhltable
b27ee0682437 nfsd: allow reaping files still under writeback
12f8f9fe1146 nfsd: update comment over __nfsd_file_cache_purge
ad9cf5b1d017 nfsd: don't take/put an extra reference when putting a file
b5a439e8b087 nfsd: add some comments to nfsd_file_do_acquire
83a019b049db nfsd: don't kill nfsd_files because of lease break error
55e429715edc nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
9fff2daca45a nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
bfa4a3996e73 nfsd: don't open-code clear_and_wake_up_bit
b11d8162c24a nfsd: call op_release, even when op_func returns an error
12eca509234a nfsd: don't replace page in rq_pages if it's a continuation of last page
8e469b994407 NFSD: Protect against filesystem freezing
17298e08006e NFSD: copy the whole verifier in nfsd_copy_write_verifier
4161b518e4a9 nfsd: don't fsync nfsd_files on last close
94e412c945e6 nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
a0df1c3326e7 NFSD: fix problems with cleanup on errors in nfsd4_copy
22a0dd206a32 nfsd: don't hand out delegation on setuid files being opened for write
80a15dc4a021 NFSD: fix leaked reference count of nfsd4_ssc_umount_item
b3169b6ffe03 nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
31d4aa4584cf nfsd: allow nfsd_file_get to sanely handle a NULL pointer
97522085eeec NFSD: enhance inter-server copy cleanup
005ef7285fb9 nfsd: don't destroy global nfs4_file table in per-net shutdown
0bc6d703109e nfsd: don't free files unconditionally in __nfsd_file_cache_purge
958294a3eb82 NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
354eade5f278 NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time
72906e8da982 NFSD: Use set_bit(RQ_DROPME)
d7cfba56fa75 Revert "SUNRPC: Use RMW bitops in single-threaded hot paths"
0b778361998d nfsd: fix handling of cached open files in nfsd4_open codepath
83a8aba1b725 nfsd: rework refcounting in filecache
43afef9fab65 NFSD: Avoid clashing function prototypes
1e9eac6a111c NFSD: Use only RQ_DROPME to signal the need to drop a reply
d8065d0f2121 NFSD: add CB_RECALL_ANY tracepoints
e18fc5fb2f00 NFSD: add delegation reaper to react to low memory condition
ed36015f7ef9 NFSD: add support for sending CB_RECALL_ANY
8766b38f54e9 NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
ce0b786b6ebf trace: Relocate event helper files
af7ee7ec1051 lockd: fix file selection in nlmsvc_cancel_blocked
eb0433d95c84 lockd: ensure we use the correct file descriptor when unlocking
281092cf3fc3 lockd: set missing fl_flags field when retrieving args
d561fe540e80 NFSD: Use struct_size() helper in alloc_session()
4e293f2d214c nfsd: return error if nfs4_setacl fails
2c1be5d65d76 NFSD: Add an nfsd_file_fsync tracepoint
8dafc6143041 nfsd: fix up the filecache laundrette scheduling
e8f25bd0e842 filelock: add a new locks_inode_context accessor function
dc468e079961 nfsd: reorganize filecache.c
6340d965599d nfsd: remove the pages_flushed statistic from filecache
99bf0850f399 NFSD: Fix licensing header in filecache.c
43cf59a34b34 NFSD: Use rhashtable for managing nfs4_file objects
323c83bde6d6 NFSD: Refactor find_file()
2b03fd9fe4bc NFSD: Clean up find_or_add_file()
d02c59ebe058 NFSD: Add a nfsd4_file_hash_remove() helper
0b4436381ee0 NFSD: Clean up nfsd4_init_file()
d78f7abe63fc NFSD: Update file_hashtbl() helpers
94f52a094c24 NFSD: Use const pointers as parameters to fh_ helpers
3d1af4319d25 NFSD: Trace delegation revocations
0cf54e35894c NFSD: Trace stateids returned via DELEGRETURN
cb966b357f01 NFSD: Clean up nfs4_preprocess_stateid_op() call sites
6baa3dfe404b NFSD: Flesh out a documenting comment for filecache.c
5fbeb6216e10 NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection
a08d9df51c52 NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately"
b34aa1a8c7a7 NFSD: Pass the target nfsd_file to nfsd_commit()
81c3ab9b95bf exportfs: use pr_debug for unreachable debug statements
10d55a17899a nfsd: allow disabling NFSv2 at compile time
4d1fa40d54ae nfsd: move nfserrno() to vfs.c
3b623a6a12b7 nfsd: ignore requests to disable unsupported versions
1c2f1a171bf0 NFSD: Finish converting the NFSv3 GETACL result encoder
98278765a215 NFSD: Remove redundant assignment to variable host_err
28798577f805 NFSD: Simplify READ_PLUS
19fbd8c2b53f nfsd: use locks_inode_context helper
b11f5d7bc0ea lockd: use locks_inode_context helper
071eb319ce4d NFSD: Fix reads with a non-zero offset that don't end on a page boundary
e4d787430855 NFSD: Fix trace_nfsd_fh_verify_err() crasher
3f439c7701d3 nfsd: put the export reference in nfsd4_verify_deleg_dentry
98d400fc2d09 nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
3ec2c9976c17 nfsd: fix net-namespace logic in __nfsd_file_cache_purge
f17c07f8ea77 nfsd: ensure we always call fh_verify_error tracepoint
15d01caf3587 NFSD: unregister shrinker when nfsd_init_net() fails
d1b0ceeac1dc nfsd: rework hashtable handling in nfsd_do_file_acquire
405ade5b561a nfsd: fix nfsd_file_unhash_and_dispose
dde8424b249c fanotify: Remove obsoleted fanotify_event_has_path()
a0ca9025c8be fsnotify: remove unused declaration
6029a4f7ad98 fs/notify: constify path
3af497e3f7cc nfsd: extra checks when freeing delegation stateids
e55378bce5f6 nfsd: make nfsd4_run_cb a bool return function
f6279fa0dc9d nfsd: fix comments about spinlock handling with delegations
ecb0eb07eeda nfsd: only fill out return pointer on success in nfsd4_lookup_stateid
4ad28d583e58 NFSD: Cap rsize_bop result based on send buffer size
4794c948de06 NFSD: Rename the fields in copy_stateid_t
0793ec49baaf nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops
815efd78cbe8 nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops
861a163d4973 nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops
25e0dd89d455 nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops
685d01c2b280 nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops
82fbfbe92d4b NFSD: Pack struct nfsd4_compoundres
cd8bcaeeae6f NFSD: Remove unused nfsd4_compoundargs::cachetype field
ba3bd2bf0c74 NFSD: Remove "inline" directives on op_rsize_bop helpers
d8d3a672e159 NFSD: Clean up nfs4svc_encode_compoundres()
fc47f8ddfc85 NFSD: Clean up WRITE arg decoders
b3f3b21ed289 NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks
cab5399262ec NFSD: Refactor common code out of dirlist helpers
07b68ff5c71c NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing
2005eba603e9 SUNRPC: Parametrize how much of argsize should be zeroed
9acc4812427e NFSD: add shrinker to reap courtesy clients on low memory condition
8c9e5ad10357 NFSD: keep track of the number of courtesy clients in the system
c65977020ba8 NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY
d1ee3403e098 NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY
50aa6a80d0a7 NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY
9863ece99e95 NFSD: Refactor nfsd_setattr()
8a3c48cd5346 NFSD: Add a mechanism to wait for a DELEGRETURN
bcd4c7511593 NFSD: Add tracepoints to report NFSv4 callback completions
3fe32c519bef NFSD: Trace NFSv4 COMPOUND tags
62980365d6e8 NFSD: Replace dprintk() call site in fh_verify()
5118eb6c2926 nfsd: remove nfsd4_prepare_cb_recall() declaration
4440588b936c nfsd: clean up mounted_on_fileid handling
5f6f6b2a3bb1 NFSD: drop fname and flen args from nfsd_create_locked()
37f3b9c39895 NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND
56ffc3ab884c nfsd: Propagate some error code returned by memdup_user()
371d2d25bf61 nfsd: Avoid some useless tests
211014047ec9 NFSD: remove redundant variable status
5b6441a5d371 NFSD enforce filehandle check for source file in COPY
285579928965 lockd: move from strlcpy with unused retval to strscpy
574ec47ac850 NFSD: move from strlcpy with unused retval to strscpy
460743da0e55 nfsd_splice_actor(): handle compound pages
c9cb32ad429c NFSD: fix regression with setting ACLs.
4b910dd7fe47 NFSD: discard fh_locked flag and fh_lock/fh_unlock
7538fc9cba84 NFSD: use (un)lock_inode instead of fh_(un)lock for file operations
e0335e7c4a51 NFSD: use explicit lock/unlock for directory ops
ebd1b016ad4d NFSD: reduce locking in nfsd_lookup()
ba4b518a23d3 NFSD: only call fh_unlock() once in nfsd_link()
ff01da71e484 NFSD: always drop directory lock in nfsd_unlink()
4655bcbce761 NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning.
d52acd23a327 NFSD: add posix ACLs to struct nfsd_attrs
a3f27177c21b NFSD: add security label to struct nfsd_attrs
8a26a1b5c887 NFSD: set attributes when creating symlinks
183514794814 NFSD: introduce struct nfsd_attrs
162f99ff7b95 NFSD: verify the opened dentry after setting a delegation
3a5ab224a838 NFSD: drop fh argument from alloc_init_deleg
b6494b36b80c NFSD: Move copy offload callback arguments into a separate structure
8918b50537e9 NFSD: Add nfsd4_send_cb_offload()
bb1eb9755892 NFSD: Remove kmalloc from nfsd4_do_async_copy()
9cecf4772e8c NFSD: Refactor nfsd4_do_copy()
a48454785bc9 NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2)
4952fe668917 NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2)
6cb00ba23083 NFSD: Replace boolean fields in struct nfsd4_copy
6ff95a5f72eb NFSD: Make nfs4_put_copy() static
9a99c7f5d98b NFSD: Reorder the fields in struct nfsd4_op
7d1e44fd0637 NFSD: Shrink size of struct nfsd4_copy
24286575c674 NFSD: Shrink size of struct nfsd4_copy_notify
00eb5bd3844c NFSD: nfserrno(-ENOMEM) is nfserr_jukebox
9032c8e3aecb NFSD: Fix strncpy() fortify warning
0dfb19289614 NFSD: Clean up nfsd4_encode_readlink()
fc7380a198f2 NFSD: Use xdr_pad_size()
2528f487c825 NFSD: Simplify starting_len
7bc543311784 NFSD: Optimize nfsd4_encode_readv()
a70976ec89c2 NFSD: Add an nfsd4_read::rd_eof field
2540b7042998 NFSD: Clean up SPLICE_OK in nfsd4_encode_read()
3e7adac61db2 NFSD: Optimize nfsd4_encode_fattr()
0d6c82286ddf NFSD: Optimize nfsd4_encode_operation()
b9e6a5610b5c nfsd: silence extraneous printk on nfsd.ko insertion
650417956a22 NFSD: limit the number of v4 clients to 1024 per 1GB of system memory
59d35878294b NFSD: keep track of the number of v4 clients in the system
0f202977cad1 NFSD: refactoring v4 specific code to a helper in nfs4state.c
a52bb607abd0 NFSD: Ensure nf_inode is never dereferenced
e3befca679a9 NFSD: NFSv4 CLOSE should release an nfsd_file immediately
9be6499171fb NFSD: Move nfsd_file_trace_alloc() tracepoint
06d9c87204b2 NFSD: Separate tracepoints for acquire and create
4b338b528c43 NFSD: Clean up unused code after rhashtable conversion
1bea66c08890 NFSD: Convert the filecache to use rhashtable
208bd42a1a16 NFSD: Set up an rhashtable for the filecache
0b3a69057db2 NFSD: Replace the "init once" mechanism
76e2424c0d29 NFSD: Remove nfsd_file::nf_hashval
ec30a456359c NFSD: nfsd_file_hash_remove can compute hashval
7e8d4a933468 NFSD: Refactor __nfsd_file_close_inode()
2aa9fd1db009 NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
d6a23d45e2ef NFSD: Remove lockdep assertion from unhash_and_release_locked()
e97c2d5a71cf NFSD: No longer record nf_hashval in the trace log
1db19c3574f2 NFSD: Never call nfsd_file_gc() in foreground paths
81e3c7702799 NFSD: Fix the filecache LRU shrinker
ffb1a10a4405 NFSD: Leave open files out of the filecache LRU
175f88a6d509 NFSD: Trace filecache LRU activity
eed6df31603e NFSD: WARN when freeing an item still linked via nf_lru
16cbc64f9ce4 NFSD: Hook up the filecache stat file
4ade29dd0944 NFSD: Zero counters when the filecache is re-initialized
a880dcef74da NFSD: Record number of flush calls
ae76efbdfef7 NFSD: Report the number of items evicted by the LRU walk
5ce93c611c13 NFSD: Refactor nfsd_file_lru_scan()
5b6f8b083676 NFSD: Refactor nfsd_file_gc()
c162c99a29f7 NFSD: Add nfsd_file_lru_dispose_list() helper
4420d19ed4e4 NFSD: Report average age of filecache items
c18563275fbc NFSD: Report count of freed filecache items
b2dc4d30b0d8 NFSD: Report count of calls to nfsd_file_acquire()
0369b53886ec NFSD: Report filecache LRU size
f1785afc8946 NFSD: Demote a WARN to a pr_warn()
f87230a7dbe4 nfsd: remove redundant assignment to variable len
cad76843c768 NFSD: Fix space and spelling mistake
dcbebc868503 NFSD: Instrument fh_verify()
6345e92a9d0c NLM: Defend against file_lock changes after vfs_test_lock()
3482739bd413 fsnotify: Fix comment typo
b65b2d418759 fanotify: introduce FAN_MARK_IGNORE
c1f1797a8316 fanotify: cleanups for fanotify_mark() input validations
4c3723c53549 fanotify: prepare for setting event flags in ignore mask
cbe3bf6fcdf1 fs: inotify: Fix typo in inotify comment
f3222a6b66ae NFSD: Decode NFSv4 birth time attribute
0a160dc54991 fanotify: refine the validation checks on non-dir inode mask
47a1d1a2c1d5 NFS: restore module put when manager exits.
261eabe19cb2 NFSD: Fix potential use-after-free in nfsd_file_put()
ba68ab7d14dc NFSD: nfsd_file_put() can sleep
f55b83a598db NFSD: Add documenting comment for nfsd4_release_lockowner()
0775c8784e4c NFSD: Modernize nfsd4_release_lockowner()
5e4ee807e35a nfsd: Fix null-ptr-deref in nfsd_fill_super()
bf3182054995 nfsd: Unregister the cld notifier when laundry_wq create failed
3a66ad7ea7b1 SUNRPC: Use RMW bitops in single-threaded hot paths
7af208c9ea06 NFSD: Trace filecache opens
73d9eb9e19c6 NFSD: Move documenting comment for nfsd4_process_open2()
7dfad7f7da07 NFSD: Fix whitespace
b54f6a079ab2 NFSD: Remove dprintk call sites from tail of nfsd4_open()
106331a12b0f NFSD: Instantiate a struct file when creating a regular NFSv4 file
ce2296da5dad NFSD: Clean up nfsd_open_verified()
dabf24069b12 NFSD: Remove do_nfsd_create()
62bac33a70e8 NFSD: Refactor NFSv4 OPEN(CREATE)
ab407e0bf8d5 NFSD: Refactor NFSv3 CREATE
3bd0ae962ba8 NFSD: Refactor nfsd_create_setattr()
cf655c890bb6 NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
55cb08630eb6 NFSD: Clean up nfsd3_proc_create()
2e0f8ee3c1ae NFSD: Show state of courtesy client in client info
6e56a5f75c55 NFSD: add support for lock conflict to courteous server
c3b2013544c8 fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict
a8040fed13ed fs/lock: add helper locks_owner_has_blockers to check for blockers
d9fc2f8267e7 NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd
492634cbfe3d NFSD: add support for share reservation conflict to courteous server
26540b8940a2 NFSD: add courteous server support for thread with only delegation
56bc7e3821e8 NFSD: Clean up nfsd_splice_actor()
f14aa4a04472 fanotify: fix incorrect fmode_t casts
40ca5d91b578 fsnotify: consistent behavior for parent not watching children
f0628430d25d fsnotify: introduce mark type iterator
a97561b460c7 fanotify: enable "evictable" inode marks
c47bab4394a7 fanotify: use fsnotify group lock helpers
7fcef3285ade fanotify: implement "evictable" inode marks
33e91fb5eee5 fanotify: factor out helper fanotify_mark_update_flags()
5054f130f81f fanotify: create helper fanotify_mark_user_flags()
4f145b67c075 fsnotify: allow adding an inode mark without pinning inode
3c9dc688678b dnotify: use fsnotify group lock helpers
50612cd6a783 nfsd: use fsnotify group lock helpers
35f3fad0e30a inotify: use fsnotify group lock helpers
e419965d9323 fsnotify: create helpers for group mark_mutex lock
cdf89b045b30 fsnotify: make allow_dups a property of the group
ac51c087abd2 fsnotify: pass flags argument to fsnotify_alloc_group()
d032dd5a823b inotify: move control flags from mask to mark flags
93d2afc7d27c fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock.
e19ec9acfbcb fanotify: do not allow setting dirent events in mask of non-dir
a98e5b3d958a nfsd: Clean up nfsd_file_put()
893fa2b80235 nfsd: Fix a write performance regression
091e4062ffd0 fsnotify: remove redundant parameter judgment
fd7de66b50b5 fsnotify: optimize FS_MODIFY events with no ignored masks
4bef66ca56d1 fsnotify: fix merge with parent's ignored mask
7dcd851cf863 nfsd: fix using the correct variable for sizeof()
bd0fee92b4e8 NFSD: Clean up _lm_ operation names
a028a32ab617 NFSD: Remove CONFIG_NFSD_V3
511360e1f526 NFSD: Move svc_serv_ops::svo_function into struct svc_serv
a5deac8754d6 NFSD: Remove svc_serv_ops::svo_module
7d94952cd5cf SUNRPC: Remove svc_shutdown_net()
c3fa9c2d3666 SUNRPC: Rename svc_close_xprt()
6c8231f0c289 SUNRPC: Rename svc_create_xprt()
4c9a56a70b4d SUNRPC: Remove svo_shutdown method
9d3cc211779a SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt()
466562c48101 SUNRPC: Remove the .svo_enqueue_xprt method
61a9ecdb77c6 NFSD: Remove NFSD_PROC_ARGS_* macros
b42c9b5d9c84 NFSD: Streamline the rare "found" case
69e08eb5bf00 NFSD: Skip extra computation for RC_NOCACHE case
863aed522ef0 orDate: Thu Sep 30 19:19:57 2021 -0400
5b3110364f50 nfsd: Add support for the birth time attribute
392c68189565 NFSD: Deprecate NFS_OFFSET_MAX
91ec401bcd67 fsnotify: invalidate dcache before IN_DELETE event
8d5d1b4956a1 NFSD: Move fill_pre_wcc() and fill_post_wcc()
6be1619d4b05 NFSD: Trace boot verifier resets
d83ffc800f12 NFSD: Rename boot verifier functions
1510c051967e NFSD: Clean up the nfsd_net::nfssvc_boot field
5b2cfc4bb751 NFSD: Write verifier might go backwards
14d5c7263d42 nfsd: Add a tracepoint for errors in nfsd4_clone_file_range()
399451927d0e NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id)
a330a794f428 NFSD: Clean up nfsd_vfs_write()
e7a3814a0029 nfsd: Retry once in nfsd_open on an -EOPENSTALE return
87e2bf374be2 nfsd: Add errno mapping for EREMOTEIO
92453b36fabc nfsd: map EBADF
1a197bcedf80 nfsd4: add refcount for nfsd4_blocked_lock
64ff32b8ad80 nfs: block notification on fs with its own ->lock
190a61768581 NFSD: De-duplicate nfsd4_decode_bitmap4()
30000dff921e nfsd: improve stateid access bitmask documentation
6f8664c6b50f NFSD: Combine XDR error tracepoints
3bc94fb44f10 NFSD: simplify per-net file cache management
fdf657bd7537 NFSD: Fix inconsistent indenting
19fbf344ba33 NFSD: Remove be32_to_cpu() from DRC hash function
018f6069471c NFS: switch the callback service back to non-pooled.
a11fe42af525 lockd: use svc_set_num_threads() for thread start and stop
f3f120852428 SUNRPC: always treat sv_nrpools==1 as "not pooled"
5c377f380120 SUNRPC: move the pool_map definitions (back) into svc.c
764ab3f970e6 lockd: rename lockd_create_svc() to lockd_get()
d38cc54be6f3 lockd: introduce lockd_put()
232cbc9b359d lockd: move svc_exit_thread() into the thread
3b068224105c lockd: move lockd_start_svc() call into lockd_create_svc()
ace565c3f246 lockd: simplify management of network status notifiers
d30ef2cf0656 lockd: introduce nlmsvc_serv
95364365f5b0 NFSD: simplify locking for network notifier.
c1ef7e9d72d4 SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()
b11ea2be63b8 NFSD: Make it possible to use svc_set_num_threads_sync
091b6f516c50 NFSD: narrow nfsd_mutex protection in nfsd thread
dedfae92f9d7 SUNRPC: use sv_lock to protect updates to sv_nrthreads.
e6f08647c559 nfsd: make nfsd_stats.th_cnt atomic_t
c78050962735 SUNRPC: stop using ->sv_nrthreads as a refcount
c6f2b5942783 SUNRPC/NFSD: clean up get/put functions.
d021ef89a7de SUNRPC: change svc_get() to return the svc.
4fdd01ce33b6 NFSD: handle errors better in write_ports_addfd()
2049935c523e exit: Rename module_put_and_exit to module_put_and_kthread_exit
dd6663096680 exit: Implement kthread_exit
de7e2adfc784 fanotify: wire up FAN_RENAME event
a187e777d74d fanotify: report old and/or new parent+name in FAN_RENAME event
4b5743bdc592 fanotify: record either old name new name or both for FAN_RENAME
9acb63f955ca fanotify: record old and new parent and name in FAN_RENAME event
6a8facc4bd3e fanotify: support secondary dir fh and name in fanotify_info
c8d3ee69ee5d fanotify: use helpers to parcel fanotify_info buffer
3eec21b66085 fanotify: use macros to get the offset to fanotify_info buffer
932090b8abf6 fsnotify: generate FS_RENAME event with rich information
8bd3d40ea3df fanotify: introduce group flag FAN_REPORT_TARGET_FID
395ff6dc9ba3 fsnotify: separate mark iterator type from object type enum
f7d76fa9a881 fsnotify: clarify object type argument
a20d087cdffc ext4: fix error code saved on super block during file system abort
e11c8a6e8c92 nfsd4: remove obselete comment
60f18f40ca88 NFSD:fix boolreturn.cocci warning
0ca26103e06f nfsd: update create verifier comment
bf0416e0284b SUNRPC: Change return value type of .pc_encode
bd117f87569b SUNRPC: Replace the "__be32 *p" parameter to .pc_encode
b24695861020 NFSD: Save location of NFSv4 COMPOUND status
eadf587a2a25 SUNRPC: Change return value type of .pc_decode
85658caa8bbf SUNRPC: Replace the "__be32 *p" parameter to .pc_decode
10150232dcdd NFSD: Initialize pointer ni with NULL and not plain integer 0
767727a7e02f NFSD: simplify struct nfsfh
ed0815c8b7ca NFSD: drop support for ancient filehandles
f829bb3a0682 NFSD: move filehandle format declarations out of "uapi".
af12deba5335 NFSD: Optimize DRC bucket pruning
61116d723ea2 NFS: Move NFS protocol display macros to global header
53af55ba9ea2 NFS: Move generic FS show macros to global header
f78ab849df2b SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field
20bbdbe31c0b NFS: Remove unnecessary TRACE_DEFINE_ENUM()s
45e16146c159 docs: Document the FAN_FS_ERROR event
b394c80e2c8d ext4: Send notifications on error
0e825bc84df7 fanotify: Allow users to request FAN_FS_ERROR events
c7c013dff4bd fanotify: Emit generic error info for error event
92eb45210b87 fanotify: Report fid info for file related file system errors
c8b6b09f3fb2 fanotify: WARN_ON against too large file handles
ebd89f7d0737 fanotify: Add helpers to decide whether to report FID/DFID
a83c3ed2e267 fanotify: Wrap object_fh inline space in a creator macro
7aafd61567a9 fanotify: Support merging of error events
c44d8071436c fanotify: Support enqueueing of error events
9258a9908b6d fanotify: Pre-allocate pool of error events
11280c7181b0 fanotify: Reserve UAPI bits for FAN_FS_ERROR
c0a6b12ecde7 fsnotify: Support FS_ERROR event type
965daffd0d15 fanotify: Require fid_mode for any non-fd event
1dad39ebf451 fanotify: Encode empty file handle when no inode is provided
5f34524dde58 fanotify: Allow file handle encoding for unhashed events
900fe4d70474 fanotify: Support null inode event in fanotify_dfid_inode
20bb62edd673 fsnotify: Pass group argument to free_event
84f904f03116 fsnotify: Protect fsnotify_handle_inode_event from no-inode events
4b6b5edcc701 fsnotify: Retrieve super block from the data field
8eb16abe8937 fsnotify: Add wrapper around fsnotify_add_event
e58d543a8cf2 fsnotify: Add helper to detect overflow_event
3e63bff7acdb inotify: Don't force FS_IN_IGNORED
dbeb08836b69 fanotify: Split fsid check from other fid mode checks
cce35a487832 fanotify: Fold event size calculation to its own function
8c7986c2bcc9 fsnotify: Don't insert unmergeable events in hashtable
18370157880b fsnotify: clarify contract for create event hooks
d92a8789fef6 fsnotify: pass dentry instead of inode data
7d5be4f79dac fsnotify: pass data_type to fsnotify_name()
764929accff3 x86/static_call: Add support for Jcc tail-calls
7339b1ce5ea6 x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions
f4ba357b0739 x86/alternatives: Introduce int3_emulate_jcc()
9b4eff016dea x86/asm: Differentiate between code and function alignment
ab8f581408c5 arch: Introduce CONFIG_FUNCTION_ALIGNMENT
2ae88e83f3b7 KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
2fb08b672eb7 x86/rfds: Mitigate Register File Data Sampling (RFDS)
4fa001418efd Documentation/hw-vuln: Add documentation for RFDS
a2b586df5546 x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
598fb2804482 KVM/VMX: Move VERW closer to VMentry for MDS mitigation
9fe80d3c1197 KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
913ae894c2b0 x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
d54de9f2a127 x86/entry_32: Add VERW just before userspace transition
eabab0a5f13e x86/entry_64: Add VERW just before userspace transition
f32b5db5fe35 x86/bugs: Add asm helpers for executing VERW
6b54d55bb3bc x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
0a6f0f8702ea KVM: arm64: Limit stage2_apply_range() batch size to largest block
b4926c95ad0f KVM: arm64: Work out supported block level at compile time
142a01435c1e tty: serial: imx: Fix broken RS485
9bd2f11ac9ef printk: Update @console_may_schedule in console_trylock_spinning()
2280bb8577aa iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
aa4cc17b3418 dma-iommu: add iommu_dma_opt_mapping_size()
f3e7d9471cc1 dma-mapping: add dma_opt_mapping_size()
685e8332deff swiotlb: Fix alignment checks when both allocation and DMA masks are present
cf716d5a0dd8 minmax: add umin(a, b) and umax(a, b)
f2ad3ce0b0b8 entry: Respect changes to system call number by trace_sys_enter()
2e2aadd6e175 clocksource/drivers/arm_global_timer: Fix maximum prescaler value
4949affd5288 ACPI: CPPC: Use access_width over bit_width for system memory accesses
ea592baf9e41 xen/events: close evtchn after mapping cleanup
b3914fee0955 i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
4b12ff5edd14 tee: optee: Fix kernel panic caused by incorrect error handling
a71cba07783a fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
0190d19d7651 vt: fix unicode buffer corruption when deleting characters
7dc4ed980968 mei: me: add arrow lake point H DID
e294f0eb3510 mei: me: add arrow lake point S DID
fed1f00e4834 tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
a44c6c61af48 usb: port: Don't try to peer unused USB ports based on location
92b051b87658 usb: gadget: ncm: Fix handling of zero block length packets
6c1f36d92c0a USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
f4ffa18d2eb0 ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
3e31af7c468b drm/i915: Check before removing mm notifier
898127d612a2 tracing: Use .flush() call to wake up readers
e126b508ed2e KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
461a4f333c5a xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
2fb9845251ce Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
9a92743d533e netfilter: nf_tables: reject constant set with timeout
7cdc1be24cc1 netfilter: nf_tables: disallow anonymous set with timeout flag
291cca35818b netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
f381224482ec cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
df7889f78cc0 net: ravb: Add R-Car Gen4 support
1e7d2f14a24f x86/pm: Work around false positive kmemleak report in msr_build_context()
116562e804ff dm snapshot: fix lockup in dm_exception_table_exit
76c1568ac842 drm/amd/display: Fix noise issue on HDMI AV mute
efb754344932 drm/amd/display: Return the correct HDCP error code
5d5f1a7f3b10 drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
d69abe190a5f ahci: asm1064: asm1166: don't limit reported ports
205c06684a18 ahci: asm1064: correct count of reported ports
4be453271a88 wireguard: netlink: access device through ctx instead of peer
710a177f3472 wireguard: netlink: check for dangling peer via is_dead instead of empty list
3ff793aa0742 net: hns3: tracing: fix hclgevf trace event strings
81b9ddd44d3a NFSD: Fix nfsd_clid_class use of __string_len() macro
2031b61be8b7 x86/CPU/AMD: Update the Zenbleed microcode revisions
d8ae3bf07ebc cpufreq: dt: always allocate zeroed cpumask
ca581d237f3b nilfs2: prevent kernel bug at submit_bh_wbc()
2e2619ff5d0d nilfs2: fix failure to detect DAT corruption in btree and direct mappings
5a1729bc070f memtest: use {READ,WRITE}_ONCE in memory scanning
e8d993bd36b6 drm/vc4: hdmi: do not return negative values from .get_modes()
9ae98fc9fe4a drm/imx/ipuv3: do not return negative values from .get_modes()
912c149a52c3 drm/exynos: do not return negative values from .get_modes()
f781f0d82cf7 drm/panel: do not return negative error codes from drm_panel_get_modes()
a55677878b93 s390/zcrypt: fix reference counting on zcrypt card objects
9a3ca8292ce9 soc: fsl: qbman: Use raw spinlock for cgr_lock
d378c937131a soc: fsl: qbman: Add CGR update function
e25ceea9bc79 soc: fsl: qbman: Add helper for sanity checking cgr ops
e6378314bb92 soc: fsl: qbman: Always disable interrupts when taking cgr_lock
de0dcfa62306 ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
73becffc5d08 ring-buffer: Fix full_waiters_pending in poll
5a24b3a28d0c ring-buffer: Fix resetting of shortest_full
d3229afd170b ring-buffer: Do not set shortest_full when full target is hit
66fdf3a7cf52 ring-buffer: Fix waking up ring buffer readers
34cd4d5de121 ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info
f73c3e259593 vfio/platform: Disable virqfds on cleanup
fc92804048f3 PCI: dwc: endpoint: Fix advertised resizable BAR size
5273c56f3fd4 kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
80d24b308b7e nfs: fix UAF in direct writes
a323e5e98f46 PCI/AER: Block runtime suspend when handling errors
967e74124f1e speakup: Fix 8bit characters from direct synth
eebe53270b4f usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
fd8e9ef13ac7 phy: tegra: xusb: Add API to retrieve the port number of phy
4960561a6c36 slimbus: core: Remove usage of the deprecated ida_simple_xx() API
cf51c32c00c5 nvmem: meson-efuse: fix function pointer type mismatch
239c669edb2b ext4: fix corruption during on-line resize
d778917dd033 hwmon: (amc6821) add of_match table
a6c13d23d9e0 landlock: Warn once if a Landlock action is requested while disabled
6203f20d668c drm/etnaviv: Restore some id values
05ecc53f9480 mmc: core: Fix switch on gp3 partition
2da5568ee222 mm: swap: fix race between free_swap_and_cache() and swapoff()
86a08ddff8bb swap: comments get_swap_device() with usage rule
d3d858650933 mac802154: fix llsec key resources release in mac802154_llsec_key_del
a3b6004bfc2f dm-raid: fix lockdep waring in "pers->hot_add_disk"
125de155011c PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
4e194de3a961 PCI/DPC: Quirk PIO log size for certain Intel Root Ports
ecbe3ca2ac9c PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
25f6c4c440b6 PCI: Work around Intel I210 ROM BAR overlap defect
7cc94dd36e48 PCI/PM: Drain runtime-idle callbacks before driver removal
95e86a8f1c9e PCI: Drop pci_device_remove() test of pci_dev->driver
fa3762b45ea9 btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
bbf72db11fe6 serial: Lock console when calling into driver before registration
63f8999cac33 printk/console: Split out code that enables default console
3f6a9daf0da4 usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
6eac5030fc97 fuse: don't unhash root
773783681d87 fuse: fix root lookup with nonzero generation
ede56884ccde mmc: tmio: avoid concurrent runs of mmc_request_done()
f3f867201bb8 PM: sleep: wakeirq: fix wake irq warning in system suspend
ad71f7bbd4c2 USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
c1db6b1613ed USB: serial: option: add MeiG Smart SLM320 product
f9bad5759668 USB: serial: cp210x: add ID for MGP Instruments PDS100
1342e40c0779 USB: serial: add device ID for VeriFone adapter
60e9148baf12 USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
c11808f4fb71 powerpc/fsl: Fix mfpmr build errors with newer binutils
4a49d24fdec0 usb: xhci: Add error handling in xhci_map_urb_for_dma
8f562f3b2517 clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
3aedcf3755c7 clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
9de184d4e557 clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
b4527ee3de36 clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
18f1f468dd79 PM: suspend: Set mem_sleep_current during kernel command line setup
0552d5727e80 parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
6a427a132e73 parisc: Fix csum_ipv6_magic on 64-bit systems
c38df21ec9a0 parisc: Fix csum_ipv6_magic on 32-bit systems
6817e1a1d650 parisc: Fix ip_fast_csum
a903a1e93f3b parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
60d6c5d40de9 mtd: rawnand: meson: fix scrambling mode value in command macro
6f203afea2dc ubi: correct the calculation of fastmap size
8ce982285414 ubi: Check for too small LEB size in VTBL code
f19b1023a375 ubifs: Set page uptodate in the correct place
b7fb63e807c6 fat: fix uninitialized field in nostale filehandles
d2a7a81088c6 bounds: support non-power-of-two CONFIG_NR_CPUS
218e2610b015 kasan/test: avoid gcc warning for intentional overflow
76645e0f5a2a kasan: test: add memcpy test that avoids out-of-bounds write
d05e6ba1b74a block: Clear zone limits for a non-zoned stacked queue
447753bdd69b ext4: correct best extent lstart adjustment logic
29d7089bed0d selftests/mqueue: Set timeout to 180 seconds
4ae5a97781ce crypto: qat - resolve race condition during AER recovery
b228e16a3ae1 crypto: qat - fix double free during reset
980cc81298c0 sparc: vDSO: fix return value of __setup handler
dc8c55b3ecbc sparc64: NMI watchdog: fix return value of __setup handler
83d3c5e30961 KVM: Always flush async #PF workqueue when vCPU is being destroyed
fec51819607f media: xc4000: Fix atomicity violation in xc4000_get_frequency
5e4b23e7a7b3 pci_iounmap(): Fix MMIO mapping leak
899e154f9546 drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
29a327c4544a arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
840e1b69081a smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
28b78c7b620e smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
8b47e69ac83e clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
0fa86b3b6a15 media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
8c36205123dc wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
2382f2e45c71 timers: Rename del_timer_sync() to timer_delete_sync()
2a873e61782f timers: Use del_timer_sync() even on UP
1c2f22864bcd timers: Update kernel-doc for various functions
85c3bdff671f KVM: x86: Use a switch statement and macros in __feature_translate()
01771ffad6f1 KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
e99e8685fde5 KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs
9ccce26837a8 x86/bugs: Use sysfs_emit()
4957fd741d61 x86/cpu: Support AMD Automatic IBRS
26445d9bb036 Documentation/hw-vuln: Update spectre doc
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 5ad7febb20..f6ff6ede18 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "bf104e8f5db008e45d982ff2d96b136e619be9ee"
-SRCREV_meta ?= "0b6359f487c6f8dc0d6adb061dd5afe476cc71a2"
+SRCREV_machine ?= "450d764329026c622d2fcc8e0841ee8c003deb48"
+SRCREV_meta ?= "9f60e205e8e28fdf90fbceb54c6ed2aec0b42ed3"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.153"
+LINUX_VERSION ?= "5.15.155"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index a55ad58eaa..6e59eb6ceb 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.153"
+LINUX_VERSION ?= "5.15.155"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "4ef577ca14a247aa0c3283ad1fc3f5c9dcc80e63"
-SRCREV_meta ?= "0b6359f487c6f8dc0d6adb061dd5afe476cc71a2"
+SRCREV_machine ?= "b662753bbd1caacf51d1cef578eceb1b58a753f0"
+SRCREV_meta ?= "9f60e205e8e28fdf90fbceb54c6ed2aec0b42ed3"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 8026be18a8..b6d7fbf7c1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "019dfee2a419e087baacbfca08d7bbb2bfd26ec5"
-SRCREV_machine:qemuarm64 ?= "17269f6b7e7ddf2178fb957f7e3f4c038de10f51"
-SRCREV_machine:qemumips ?= "a0b4f69bd55db8f36a749febbe952ed635677faf"
-SRCREV_machine:qemuppc ?= "9768dfa1dde96b13c14a40a7abb936217d8ac1ef"
-SRCREV_machine:qemuriscv64 ?= "163500b871852fd7eb5f148948583ca7bed338db"
-SRCREV_machine:qemuriscv32 ?= "163500b871852fd7eb5f148948583ca7bed338db"
-SRCREV_machine:qemux86 ?= "163500b871852fd7eb5f148948583ca7bed338db"
-SRCREV_machine:qemux86-64 ?= "163500b871852fd7eb5f148948583ca7bed338db"
-SRCREV_machine:qemumips64 ?= "5a278da2a79b5b84ce6bb6a6e19af7b1f30af0b2"
-SRCREV_machine ?= "163500b871852fd7eb5f148948583ca7bed338db"
-SRCREV_meta ?= "0b6359f487c6f8dc0d6adb061dd5afe476cc71a2"
+SRCREV_machine:qemuarm ?= "699ce07e7326d5a4143655ab8416bf7b8d641260"
+SRCREV_machine:qemuarm64 ?= "1f8f9d20707574ce56ab3ada6554c2a9cbce55fb"
+SRCREV_machine:qemumips ?= "5eeedd87a05a973e797357c61564c2e82cff7755"
+SRCREV_machine:qemuppc ?= "5f854a0765bf57db2289780152651d2b463fb41e"
+SRCREV_machine:qemuriscv64 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
+SRCREV_machine:qemuriscv32 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
+SRCREV_machine:qemux86 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
+SRCREV_machine:qemux86-64 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
+SRCREV_machine:qemumips64 ?= "9aa2c6f70ea08ee03c53ed3a96b91907db782dd8"
+SRCREV_machine ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
+SRCREV_meta ?= "9f60e205e8e28fdf90fbceb54c6ed2aec0b42ed3"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "9465fef4ae351749f7068da8c78af4ca27e61928"
+SRCREV_machine:class-devupstream ?= "fa3df276cd36c5dbbd9deb64129d0d0f14c35dc8"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.153"
+LINUX_VERSION ?= "5.15.155"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 15/23] linux-yocto/5.15: update CVE exclusions (5.15.155)
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (13 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 14/23] linux-yocto/5.15: update to v5.15.155 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 16/23] linux-yocto/5.15: update to v5.15.156 Steve Sakoman
` (7 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.luedtke@uwalumni.com
Subject: Update 8Apr24
Date: Tue, 9 Apr 2024 18:19:11 -0400
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/cve-exclusion_5.15.inc | 4508 ++++++++++++-----
1 file changed, 3178 insertions(+), 1330 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index c163fe4938..3cbbce59ac 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-03-28 13:46:59.505239 for version 5.15.153
+# Generated at 2024-04-15 16:35:38.699381 for version 5.15.155
python check_kernel_cve_status_version() {
- this_version = "5.15.153"
+ this_version = "5.15.155"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4298,6 +4298,12 @@ CVE_CHECK_IGNORE += "CVE-2019-25044"
# fixed-version: Fixed after version 5.1
CVE_CHECK_IGNORE += "CVE-2019-25045"
+# fixed-version: Fixed after version 5.0
+CVE_CHECK_IGNORE += "CVE-2019-25160"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2019-25162"
+
# fixed-version: Fixed after version 5.6rc1
CVE_CHECK_IGNORE += "CVE-2019-3016"
@@ -4985,6 +4991,45 @@ CVE_CHECK_IGNORE += "CVE-2020-36694"
# fixed-version: Fixed after version 5.9rc1
CVE_CHECK_IGNORE += "CVE-2020-36766"
+# fixed-version: Fixed after version 5.7rc1
+CVE_CHECK_IGNORE += "CVE-2020-36775"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36776"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36777"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36778"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36779"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36780"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36781"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36782"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36783"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36784"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36785"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36786"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2020-36787"
+
# fixed-version: Fixed after version 5.12rc1
CVE_CHECK_IGNORE += "CVE-2020-3702"
@@ -5696,2058 +5741,3861 @@ CVE_CHECK_IGNORE += "CVE-2021-45868"
# fixed-version: Fixed after version 5.13rc7
CVE_CHECK_IGNORE += "CVE-2021-46283"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-0001"
+# fixed-version: Fixed after version 5.12rc7
+CVE_CHECK_IGNORE += "CVE-2021-46904"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-0002"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46905"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-0168"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-46906"
-# cpe-stable-backport: Backported in 5.15.70
-CVE_CHECK_IGNORE += "CVE-2022-0171"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46908"
-# cpe-stable-backport: Backported in 5.15.16
-CVE_CHECK_IGNORE += "CVE-2022-0185"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46909"
-# cpe-stable-backport: Backported in 5.15.11
-CVE_CHECK_IGNORE += "CVE-2022-0264"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46910"
-# fixed-version: Fixed after version 5.14rc2
-CVE_CHECK_IGNORE += "CVE-2022-0286"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46911"
-# fixed-version: Fixed after version 5.15rc6
-CVE_CHECK_IGNORE += "CVE-2022-0322"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46912"
-# cpe-stable-backport: Backported in 5.15.18
-CVE_CHECK_IGNORE += "CVE-2022-0330"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46913"
-# cpe-stable-backport: Backported in 5.15.14
-CVE_CHECK_IGNORE += "CVE-2022-0382"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46914"
-# CVE-2022-0400 has no known resolution
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46915"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-0433"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46916"
-# cpe-stable-backport: Backported in 5.15.23
-CVE_CHECK_IGNORE += "CVE-2022-0435"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46917"
-# fixed-version: Fixed after version 5.15rc1
-CVE_CHECK_IGNORE += "CVE-2022-0480"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46918"
-# cpe-stable-backport: Backported in 5.15.23
-CVE_CHECK_IGNORE += "CVE-2022-0487"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46919"
-# cpe-stable-backport: Backported in 5.15.20
-CVE_CHECK_IGNORE += "CVE-2022-0492"
+# fixed-version: Fixed after version 5.12rc8
+CVE_CHECK_IGNORE += "CVE-2021-46920"
-# cpe-stable-backport: Backported in 5.15.27
-CVE_CHECK_IGNORE += "CVE-2022-0494"
+# fixed-version: Fixed after version 5.12
+CVE_CHECK_IGNORE += "CVE-2021-46921"
-# cpe-stable-backport: Backported in 5.15.37
-CVE_CHECK_IGNORE += "CVE-2022-0500"
+# fixed-version: Fixed after version 5.12
+CVE_CHECK_IGNORE += "CVE-2021-46922"
-# cpe-stable-backport: Backported in 5.15.23
-CVE_CHECK_IGNORE += "CVE-2022-0516"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46923"
-# cpe-stable-backport: Backported in 5.15.19
-CVE_CHECK_IGNORE += "CVE-2022-0617"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46924"
-# fixed-version: Fixed after version 5.15rc7
-CVE_CHECK_IGNORE += "CVE-2022-0644"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46925"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-0646"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46926"
-# cpe-stable-backport: Backported in 5.15.27
-CVE_CHECK_IGNORE += "CVE-2022-0742"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46927"
-# fixed-version: Fixed after version 5.8rc6
-CVE_CHECK_IGNORE += "CVE-2022-0812"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46928"
-# cpe-stable-backport: Backported in 5.15.25
-CVE_CHECK_IGNORE += "CVE-2022-0847"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46929"
-# fixed-version: Fixed after version 5.14rc1
-CVE_CHECK_IGNORE += "CVE-2022-0850"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46930"
-# fixed-version: only affects 5.17rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2022-0854"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46931"
-# cpe-stable-backport: Backported in 5.15.29
-CVE_CHECK_IGNORE += "CVE-2022-0995"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46932"
-# CVE-2022-0998 needs backporting (fixed from 5.17rc1)
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46933"
-# cpe-stable-backport: Backported in 5.15.29
-CVE_CHECK_IGNORE += "CVE-2022-1011"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46934"
-# cpe-stable-backport: Backported in 5.15.41
-CVE_CHECK_IGNORE += "CVE-2022-1012"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46935"
-# cpe-stable-backport: Backported in 5.15.32
-CVE_CHECK_IGNORE += "CVE-2022-1015"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46936"
-# cpe-stable-backport: Backported in 5.15.32
-CVE_CHECK_IGNORE += "CVE-2022-1016"
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2021-46937"
-# fixed-version: Fixed after version 5.14rc7
-CVE_CHECK_IGNORE += "CVE-2022-1043"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46938"
-# cpe-stable-backport: Backported in 5.15.32
-CVE_CHECK_IGNORE += "CVE-2022-1048"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46939"
-# cpe-stable-backport: Backported in 5.15.20
-CVE_CHECK_IGNORE += "CVE-2022-1055"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46940"
-# CVE-2022-1116 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46941"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-1158"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46942"
-# cpe-stable-backport: Backported in 5.15.46
-CVE_CHECK_IGNORE += "CVE-2022-1184"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46943"
-# cpe-stable-backport: Backported in 5.15.12
-CVE_CHECK_IGNORE += "CVE-2022-1195"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46944"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-1198"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46945"
-# cpe-stable-backport: Backported in 5.15.29
-CVE_CHECK_IGNORE += "CVE-2022-1199"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46947"
-# cpe-stable-backport: Backported in 5.15.35
-CVE_CHECK_IGNORE += "CVE-2022-1204"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46948"
-# fixed-version: only affects 5.17rc4 onwards
-CVE_CHECK_IGNORE += "CVE-2022-1205"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46949"
-# CVE-2022-1247 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46950"
-# cpe-stable-backport: Backported in 5.15.34
-CVE_CHECK_IGNORE += "CVE-2022-1263"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46951"
-# fixed-version: Fixed after version 5.15rc1
-CVE_CHECK_IGNORE += "CVE-2022-1280"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46952"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-1353"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46953"
-# fixed-version: Fixed after version 5.6rc2
-CVE_CHECK_IGNORE += "CVE-2022-1419"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46954"
-# cpe-stable-backport: Backported in 5.15.58
-CVE_CHECK_IGNORE += "CVE-2022-1462"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46955"
-# fixed-version: Fixed after version 5.15rc1
-CVE_CHECK_IGNORE += "CVE-2022-1508"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46956"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-1516"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46957"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-1651"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46958"
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2022-1652"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46959"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-1671"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46960"
-# fixed-version: Fixed after version 4.20rc1
-CVE_CHECK_IGNORE += "CVE-2022-1678"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46961"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-1679"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46962"
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2022-1729"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46963"
-# cpe-stable-backport: Backported in 5.15.39
-CVE_CHECK_IGNORE += "CVE-2022-1734"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46964"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2022-1786"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46965"
-# cpe-stable-backport: Backported in 5.15.44
-CVE_CHECK_IGNORE += "CVE-2022-1789"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46966"
-# cpe-stable-backport: Backported in 5.15.37
-CVE_CHECK_IGNORE += "CVE-2022-1836"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46967"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-1852"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46968"
-# fixed-version: only affects 5.17rc8 onwards
-CVE_CHECK_IGNORE += "CVE-2022-1882"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46969"
-# cpe-stable-backport: Backported in 5.15.40
-CVE_CHECK_IGNORE += "CVE-2022-1943"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46970"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-1966"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46971"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-1972"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46972"
-# cpe-stable-backport: Backported in 5.15.46
-CVE_CHECK_IGNORE += "CVE-2022-1973"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46973"
-# cpe-stable-backport: Backported in 5.15.39
-CVE_CHECK_IGNORE += "CVE-2022-1974"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46974"
-# cpe-stable-backport: Backported in 5.15.39
-CVE_CHECK_IGNORE += "CVE-2022-1975"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46976"
-# fixed-version: only affects 5.18rc2 onwards
-CVE_CHECK_IGNORE += "CVE-2022-1976"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46977"
-# cpe-stable-backport: Backported in 5.15.20
-CVE_CHECK_IGNORE += "CVE-2022-1998"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46978"
-# cpe-stable-backport: Backported in 5.15.25
-CVE_CHECK_IGNORE += "CVE-2022-20008"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46979"
-# cpe-stable-backport: Backported in 5.15.8
-CVE_CHECK_IGNORE += "CVE-2022-20132"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46980"
-# fixed-version: Fixed after version 5.15rc1
-CVE_CHECK_IGNORE += "CVE-2022-20141"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46981"
-# cpe-stable-backport: Backported in 5.15.3
-CVE_CHECK_IGNORE += "CVE-2022-20148"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46982"
-# fixed-version: Fixed after version 5.13rc1
-CVE_CHECK_IGNORE += "CVE-2022-20153"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46983"
-# cpe-stable-backport: Backported in 5.15.13
-CVE_CHECK_IGNORE += "CVE-2022-20154"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46984"
-# cpe-stable-backport: Backported in 5.15.31
-CVE_CHECK_IGNORE += "CVE-2022-20158"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46985"
-# fixed-version: Fixed after version 5.10rc1
-CVE_CHECK_IGNORE += "CVE-2022-20166"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46986"
-# cpe-stable-backport: Backported in 5.15.31
-CVE_CHECK_IGNORE += "CVE-2022-20368"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46987"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-20369"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46988"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2022-20409"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46989"
-# cpe-stable-backport: Backported in 5.15.66
-CVE_CHECK_IGNORE += "CVE-2022-20421"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-46990"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-20422"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46991"
-# fixed-version: only affects 5.17rc4 onwards
-CVE_CHECK_IGNORE += "CVE-2022-20423"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46992"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2022-20424"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46993"
-# fixed-version: Fixed after version 5.9rc4
-CVE_CHECK_IGNORE += "CVE-2022-20565"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46994"
-# cpe-stable-backport: Backported in 5.15.59
-CVE_CHECK_IGNORE += "CVE-2022-20566"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46995"
-# fixed-version: Fixed after version 4.16rc5
-CVE_CHECK_IGNORE += "CVE-2022-20567"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46996"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2022-20568"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46997"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-20572"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46998"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-2078"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-46999"
-# cpe-stable-backport: Backported in 5.15.48
-CVE_CHECK_IGNORE += "CVE-2022-21123"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47000"
-# cpe-stable-backport: Backported in 5.15.48
-CVE_CHECK_IGNORE += "CVE-2022-21125"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47001"
-# cpe-stable-backport: Backported in 5.15.48
-CVE_CHECK_IGNORE += "CVE-2022-21166"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47002"
-# fixed-version: Fixed after version 4.20
-CVE_CHECK_IGNORE += "CVE-2022-21385"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47003"
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2022-21499"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47004"
-# cpe-stable-backport: Backported in 5.15.58
-CVE_CHECK_IGNORE += "CVE-2022-21505"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47005"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-2153"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47006"
-# cpe-stable-backport: Backported in 5.15.96
-CVE_CHECK_IGNORE += "CVE-2022-2196"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47007"
-# CVE-2022-2209 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47008"
-# cpe-stable-backport: Backported in 5.15.18
-CVE_CHECK_IGNORE += "CVE-2022-22942"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-47009"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23036"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47010"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23037"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47011"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23038"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47012"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23039"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47013"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23040"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47014"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23041"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47015"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23042"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47016"
-# cpe-stable-backport: Backported in 5.15.72
-CVE_CHECK_IGNORE += "CVE-2022-2308"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47017"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-2318"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47018"
-# cpe-stable-backport: Backported in 5.15.37
-CVE_CHECK_IGNORE += "CVE-2022-23222"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47019"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2022-2327"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47020"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-2380"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47021"
-# cpe-stable-backport: Backported in 5.15.57
-CVE_CHECK_IGNORE += "CVE-2022-23816"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47022"
-# CVE-2022-23825 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47023"
-# cpe-stable-backport: Backported in 5.15.28
-CVE_CHECK_IGNORE += "CVE-2022-23960"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47024"
-# cpe-stable-backport: Backported in 5.15.19
-CVE_CHECK_IGNORE += "CVE-2022-24122"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47025"
-# cpe-stable-backport: Backported in 5.15.19
-CVE_CHECK_IGNORE += "CVE-2022-24448"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47026"
-# cpe-stable-backport: Backported in 5.15.27
-CVE_CHECK_IGNORE += "CVE-2022-24958"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47027"
-# cpe-stable-backport: Backported in 5.15.19
-CVE_CHECK_IGNORE += "CVE-2022-24959"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47028"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-2503"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47029"
-# cpe-stable-backport: Backported in 5.15.24
-CVE_CHECK_IGNORE += "CVE-2022-25258"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47030"
-# CVE-2022-25265 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47031"
-# cpe-stable-backport: Backported in 5.15.24
-CVE_CHECK_IGNORE += "CVE-2022-25375"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47032"
-# cpe-stable-backport: Backported in 5.15.26
-CVE_CHECK_IGNORE += "CVE-2022-25636"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47033"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-2585"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47034"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-2586"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47035"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-2588"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47036"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-2590"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47037"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-2602"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47038"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-26365"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47039"
-# cpe-stable-backport: Backported in 5.15.60
-CVE_CHECK_IGNORE += "CVE-2022-26373"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47040"
-# cpe-stable-backport: Backported in 5.15.36
-CVE_CHECK_IGNORE += "CVE-2022-2639"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47041"
-# cpe-stable-backport: Backported in 5.15.32
-CVE_CHECK_IGNORE += "CVE-2022-26490"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47042"
-# cpe-stable-backport: Backported in 5.15.68
-CVE_CHECK_IGNORE += "CVE-2022-2663"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47043"
-# CVE-2022-26878 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47044"
-# cpe-stable-backport: Backported in 5.15.26
-CVE_CHECK_IGNORE += "CVE-2022-26966"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47045"
-# cpe-stable-backport: Backported in 5.15.26
-CVE_CHECK_IGNORE += "CVE-2022-27223"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47046"
-# cpe-stable-backport: Backported in 5.15.29
-CVE_CHECK_IGNORE += "CVE-2022-27666"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47047"
-# cpe-stable-backport: Backported in 5.15.94
-CVE_CHECK_IGNORE += "CVE-2022-27672"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47048"
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-2785"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47049"
-# cpe-stable-backport: Backported in 5.15.25
-CVE_CHECK_IGNORE += "CVE-2022-27950"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47050"
-# cpe-stable-backport: Backported in 5.15.32
-CVE_CHECK_IGNORE += "CVE-2022-28356"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47051"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-28388"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47052"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-28389"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47053"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-28390"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47054"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-2873"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47055"
-# fixed-version: only affects 5.17rc3 onwards
-CVE_CHECK_IGNORE += "CVE-2022-28796"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47056"
-# cpe-stable-backport: Backported in 5.15.41
-CVE_CHECK_IGNORE += "CVE-2022-28893"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47057"
-# cpe-stable-backport: Backported in 5.15.64
-CVE_CHECK_IGNORE += "CVE-2022-2905"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47058"
-# cpe-stable-backport: Backported in 5.15.26
-CVE_CHECK_IGNORE += "CVE-2022-29156"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47059"
-# cpe-stable-backport: Backported in 5.15.19
-CVE_CHECK_IGNORE += "CVE-2022-2938"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47060"
-# cpe-stable-backport: Backported in 5.15.36
-CVE_CHECK_IGNORE += "CVE-2022-29581"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47061"
-# cpe-stable-backport: Backported in 5.15.34
-CVE_CHECK_IGNORE += "CVE-2022-29582"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47062"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-2959"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47063"
-# CVE-2022-2961 has no known resolution
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47064"
-# cpe-stable-backport: Backported in 5.15.24
-CVE_CHECK_IGNORE += "CVE-2022-2964"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47065"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-2977"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47066"
-# cpe-stable-backport: Backported in 5.15.73
-CVE_CHECK_IGNORE += "CVE-2022-2978"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47067"
-# cpe-stable-backport: Backported in 5.15.57
-CVE_CHECK_IGNORE += "CVE-2022-29900"
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2021-47068"
-# cpe-stable-backport: Backported in 5.15.57
-CVE_CHECK_IGNORE += "CVE-2022-29901"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47069"
-# fixed-version: Fixed after version 5.15rc1
-CVE_CHECK_IGNORE += "CVE-2022-2991"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47070"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-29968"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47071"
-# cpe-stable-backport: Backported in 5.15.64
-CVE_CHECK_IGNORE += "CVE-2022-3028"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47072"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-30594"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47073"
-# cpe-stable-backport: Backported in 5.15.70
-CVE_CHECK_IGNORE += "CVE-2022-3061"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47074"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-3077"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47075"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-3078"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47076"
-# fixed-version: only affects 6.0rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3103"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47077"
-# cpe-stable-backport: Backported in 5.15.47
-CVE_CHECK_IGNORE += "CVE-2022-3104"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47078"
-# cpe-stable-backport: Backported in 5.15.14
-CVE_CHECK_IGNORE += "CVE-2022-3105"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47079"
-# cpe-stable-backport: Backported in 5.15.11
-CVE_CHECK_IGNORE += "CVE-2022-3106"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47080"
-# cpe-stable-backport: Backported in 5.15.31
-CVE_CHECK_IGNORE += "CVE-2022-3107"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47081"
-# cpe-stable-backport: Backported in 5.15.27
-CVE_CHECK_IGNORE += "CVE-2022-3108"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47082"
-# cpe-stable-backport: Backported in 5.15.47
-CVE_CHECK_IGNORE += "CVE-2022-3110"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47083"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-3111"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47086"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-3112"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47087"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-3113"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47088"
-# CVE-2022-3114 needs backporting (fixed from 5.19rc1)
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47089"
-# cpe-stable-backport: Backported in 5.15.46
-CVE_CHECK_IGNORE += "CVE-2022-3115"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47090"
-# cpe-stable-backport: Backported in 5.15.80
-CVE_CHECK_IGNORE += "CVE-2022-3169"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47091"
-# fixed-version: only affects 6.0rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3170"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47092"
-# cpe-stable-backport: Backported in 5.15.65
-CVE_CHECK_IGNORE += "CVE-2022-3176"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47093"
-# cpe-stable-backport: Backported in 5.15.34
-CVE_CHECK_IGNORE += "CVE-2022-3202"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47094"
-# cpe-stable-backport: Backported in 5.15.45
-CVE_CHECK_IGNORE += "CVE-2022-32250"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47095"
-# cpe-stable-backport: Backported in 5.15.41
-CVE_CHECK_IGNORE += "CVE-2022-32296"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47096"
-# CVE-2022-3238 has no known resolution
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47097"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2022-3239"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47098"
-# cpe-stable-backport: Backported in 5.15.47
-CVE_CHECK_IGNORE += "CVE-2022-32981"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47099"
-# cpe-stable-backport: Backported in 5.15.68
-CVE_CHECK_IGNORE += "CVE-2022-3303"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47100"
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2022-3344"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47101"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-33740"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47102"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-33741"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47103"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-33742"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47104"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-33743"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47105"
-# cpe-stable-backport: Backported in 5.15.53
-CVE_CHECK_IGNORE += "CVE-2022-33744"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47106"
-# cpe-stable-backport: Backported in 5.15.37
-CVE_CHECK_IGNORE += "CVE-2022-33981"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47107"
-# cpe-stable-backport: Backported in 5.15.86
-CVE_CHECK_IGNORE += "CVE-2022-3424"
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2021-47108"
-# fixed-version: only affects 5.18rc2 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3435"
+# fixed-version: Fixed after version 5.13rc7
+CVE_CHECK_IGNORE += "CVE-2021-47109"
-# cpe-stable-backport: Backported in 5.15.47
-CVE_CHECK_IGNORE += "CVE-2022-34494"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-47110"
-# cpe-stable-backport: Backported in 5.15.47
-CVE_CHECK_IGNORE += "CVE-2022-34495"
+# fixed-version: Fixed after version 5.13rc6
+CVE_CHECK_IGNORE += "CVE-2021-47111"
-# cpe-stable-backport: Backported in 5.15.54
-CVE_CHECK_IGNORE += "CVE-2022-34918"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-47112"
-# cpe-stable-backport: Backported in 5.15.80
-CVE_CHECK_IGNORE += "CVE-2022-3521"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47113"
-# CVE-2022-3522 needs backporting (fixed from 6.1rc1)
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47114"
-# CVE-2022-3523 needs backporting (fixed from 6.1rc1)
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47116"
-# cpe-stable-backport: Backported in 5.15.77
-CVE_CHECK_IGNORE += "CVE-2022-3524"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47117"
-# cpe-stable-backport: Backported in 5.15.35
-CVE_CHECK_IGNORE += "CVE-2022-3526"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47118"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3531"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47119"
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3532"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47120"
-# CVE-2022-3533 has no known resolution
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47121"
-# cpe-stable-backport: Backported in 5.15.86
-CVE_CHECK_IGNORE += "CVE-2022-3534"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47122"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-3535"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-47123"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3541"
+# fixed-version: Fixed after version 5.13rc2
+CVE_CHECK_IGNORE += "CVE-2021-47124"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-3542"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47125"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-3543"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47126"
-# CVE-2022-3544 has no known resolution
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47127"
-# cpe-stable-backport: Backported in 5.15.84
-CVE_CHECK_IGNORE += "CVE-2022-3545"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47128"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-3564"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47129"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-3565"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47130"
-# CVE-2022-3566 needs backporting (fixed from 6.1rc1)
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47131"
-# CVE-2022-3567 needs backporting (fixed from 6.1rc1)
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47132"
-# cpe-stable-backport: Backported in 5.15.46
-CVE_CHECK_IGNORE += "CVE-2022-3577"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47133"
-# cpe-stable-backport: Backported in 5.15.68
-CVE_CHECK_IGNORE += "CVE-2022-3586"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47134"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-3594"
+# fixed-version: Fixed after version 5.13rc5
+CVE_CHECK_IGNORE += "CVE-2021-47135"
-# CVE-2022-3595 needs backporting (fixed from 6.1rc1)
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47136"
-# CVE-2022-3606 has no known resolution
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47137"
-# cpe-stable-backport: Backported in 5.15.56
-CVE_CHECK_IGNORE += "CVE-2022-36123"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47138"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-3619"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47139"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-3621"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47140"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-3623"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47141"
-# CVE-2022-3624 needs backporting (fixed from 6.0rc1)
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47142"
-# cpe-stable-backport: Backported in 5.15.63
-CVE_CHECK_IGNORE += "CVE-2022-3625"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47143"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-3628"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47144"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2022-36280"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47145"
-# cpe-stable-backport: Backported in 5.15.63
-CVE_CHECK_IGNORE += "CVE-2022-3629"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47146"
-# fixed-version: only affects 5.19rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3630"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47147"
-# cpe-stable-backport: Backported in 5.15.63
-CVE_CHECK_IGNORE += "CVE-2022-3633"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47148"
-# cpe-stable-backport: Backported in 5.15.63
-CVE_CHECK_IGNORE += "CVE-2022-3635"
+# fixed-version: Fixed after version 5.13rc3
+CVE_CHECK_IGNORE += "CVE-2021-47149"
-# CVE-2022-3636 needs backporting (fixed from 5.19rc1)
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47150"
-# fixed-version: only affects 5.19 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3640"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47151"
-# cpe-stable-backport: Backported in 5.15.129
-CVE_CHECK_IGNORE += "CVE-2022-36402"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47152"
-# CVE-2022-3642 has no known resolution
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47153"
-# cpe-stable-backport: Backported in 5.15.83
-CVE_CHECK_IGNORE += "CVE-2022-3643"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47158"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-3646"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47159"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-3649"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47160"
-# cpe-stable-backport: Backported in 5.15.58
-CVE_CHECK_IGNORE += "CVE-2022-36879"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47161"
-# cpe-stable-backport: Backported in 5.15.59
-CVE_CHECK_IGNORE += "CVE-2022-36946"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47162"
-# cpe-stable-backport: Backported in 5.15.96
-CVE_CHECK_IGNORE += "CVE-2022-3707"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47163"
-# CVE-2022-38096 has no known resolution
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47164"
-# CVE-2022-38457 needs backporting (fixed from 6.2rc4)
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47165"
-# CVE-2022-3903 needs backporting (fixed from 6.1rc2)
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47166"
-# fixed-version: only affects 5.18 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3910"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47167"
-# CVE-2022-39188 needs backporting (fixed from 5.19rc8)
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47168"
-# cpe-stable-backport: Backported in 5.15.60
-CVE_CHECK_IGNORE += "CVE-2022-39189"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47169"
-# cpe-stable-backport: Backported in 5.15.64
-CVE_CHECK_IGNORE += "CVE-2022-39190"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47170"
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-3977"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47171"
-# cpe-stable-backport: Backported in 5.15.70
-CVE_CHECK_IGNORE += "CVE-2022-39842"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47172"
-# CVE-2022-40133 needs backporting (fixed from 6.2rc4)
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47173"
-# cpe-stable-backport: Backported in 5.15.68
-CVE_CHECK_IGNORE += "CVE-2022-40307"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47174"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-40476"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47175"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-40768"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47176"
-# cpe-stable-backport: Backported in 5.15.66
-CVE_CHECK_IGNORE += "CVE-2022-4095"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47177"
-# cpe-stable-backport: Backported in 5.15.125
-CVE_CHECK_IGNORE += "CVE-2022-40982"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47178"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2022-41218"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47179"
-# fixed-version: Fixed after version 5.14rc1
-CVE_CHECK_IGNORE += "CVE-2022-41222"
+# fixed-version: Fixed after version 5.13rc4
+CVE_CHECK_IGNORE += "CVE-2021-47180"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-4127"
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-0001"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2022-4128"
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-0002"
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2022-4129"
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-0168"
-# fixed-version: only affects 5.17rc2 onwards
-CVE_CHECK_IGNORE += "CVE-2022-4139"
+# cpe-stable-backport: Backported in 5.15.70
+CVE_CHECK_IGNORE += "CVE-2022-0171"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-41674"
+# cpe-stable-backport: Backported in 5.15.16
+CVE_CHECK_IGNORE += "CVE-2022-0185"
-# CVE-2022-41848 has no known resolution
+# cpe-stable-backport: Backported in 5.15.11
+CVE_CHECK_IGNORE += "CVE-2022-0264"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-41849"
+# fixed-version: Fixed after version 5.14rc2
+CVE_CHECK_IGNORE += "CVE-2022-0286"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-41850"
+# fixed-version: Fixed after version 5.15rc6
+CVE_CHECK_IGNORE += "CVE-2022-0322"
-# cpe-stable-backport: Backported in 5.15.35
-CVE_CHECK_IGNORE += "CVE-2022-41858"
+# cpe-stable-backport: Backported in 5.15.18
+CVE_CHECK_IGNORE += "CVE-2022-0330"
-# fixed-version: only affects 5.16rc7 onwards
-CVE_CHECK_IGNORE += "CVE-2022-42328"
+# cpe-stable-backport: Backported in 5.15.14
+CVE_CHECK_IGNORE += "CVE-2022-0382"
-# fixed-version: only affects 5.16rc7 onwards
-CVE_CHECK_IGNORE += "CVE-2022-42329"
+# CVE-2022-0400 has no known resolution
-# cpe-stable-backport: Backported in 5.15.71
-CVE_CHECK_IGNORE += "CVE-2022-42432"
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-0433"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2022-4269"
+# cpe-stable-backport: Backported in 5.15.23
+CVE_CHECK_IGNORE += "CVE-2022-0435"
-# cpe-stable-backport: Backported in 5.15.65
-CVE_CHECK_IGNORE += "CVE-2022-42703"
+# fixed-version: Fixed after version 5.15rc1
+CVE_CHECK_IGNORE += "CVE-2022-0480"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-42719"
+# cpe-stable-backport: Backported in 5.15.23
+CVE_CHECK_IGNORE += "CVE-2022-0487"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-42720"
+# cpe-stable-backport: Backported in 5.15.20
+CVE_CHECK_IGNORE += "CVE-2022-0492"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-42721"
+# cpe-stable-backport: Backported in 5.15.27
+CVE_CHECK_IGNORE += "CVE-2022-0494"
-# cpe-stable-backport: Backported in 5.15.74
-CVE_CHECK_IGNORE += "CVE-2022-42722"
+# cpe-stable-backport: Backported in 5.15.37
+CVE_CHECK_IGNORE += "CVE-2022-0500"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-42895"
+# cpe-stable-backport: Backported in 5.15.23
+CVE_CHECK_IGNORE += "CVE-2022-0516"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2022-42896"
+# cpe-stable-backport: Backported in 5.15.19
+CVE_CHECK_IGNORE += "CVE-2022-0617"
-# cpe-stable-backport: Backported in 5.15.73
-CVE_CHECK_IGNORE += "CVE-2022-43750"
+# fixed-version: Fixed after version 5.15rc7
+CVE_CHECK_IGNORE += "CVE-2022-0644"
-# cpe-stable-backport: Backported in 5.15.82
-CVE_CHECK_IGNORE += "CVE-2022-4378"
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-0646"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2022-4379"
+# cpe-stable-backport: Backported in 5.15.27
+CVE_CHECK_IGNORE += "CVE-2022-0742"
-# cpe-stable-backport: Backported in 5.15.90
-CVE_CHECK_IGNORE += "CVE-2022-4382"
+# fixed-version: Fixed after version 5.8rc6
+CVE_CHECK_IGNORE += "CVE-2022-0812"
-# cpe-stable-backport: Backported in 5.15.75
-CVE_CHECK_IGNORE += "CVE-2022-43945"
+# cpe-stable-backport: Backported in 5.15.25
+CVE_CHECK_IGNORE += "CVE-2022-0847"
-# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
+# fixed-version: Fixed after version 5.14rc1
+CVE_CHECK_IGNORE += "CVE-2022-0850"
-# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
+# fixed-version: only affects 5.17rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2022-0854"
-# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
+# cpe-stable-backport: Backported in 5.15.29
+CVE_CHECK_IGNORE += "CVE-2022-0995"
-# CVE-2022-4543 has no known resolution
+# CVE-2022-0998 needs backporting (fixed from 5.17rc1)
-# cpe-stable-backport: Backported in 5.15.82
-CVE_CHECK_IGNORE += "CVE-2022-45869"
+# cpe-stable-backport: Backported in 5.15.29
+CVE_CHECK_IGNORE += "CVE-2022-1011"
-# CVE-2022-45884 has no known resolution
+# cpe-stable-backport: Backported in 5.15.41
+CVE_CHECK_IGNORE += "CVE-2022-1012"
-# CVE-2022-45885 has no known resolution
+# cpe-stable-backport: Backported in 5.15.32
+CVE_CHECK_IGNORE += "CVE-2022-1015"
-# cpe-stable-backport: Backported in 5.15.116
-CVE_CHECK_IGNORE += "CVE-2022-45886"
+# cpe-stable-backport: Backported in 5.15.32
+CVE_CHECK_IGNORE += "CVE-2022-1016"
-# cpe-stable-backport: Backported in 5.15.116
-CVE_CHECK_IGNORE += "CVE-2022-45887"
+# fixed-version: Fixed after version 5.14rc7
+CVE_CHECK_IGNORE += "CVE-2022-1043"
-# CVE-2022-45888 needs backporting (fixed from 6.2rc1)
+# cpe-stable-backport: Backported in 5.15.32
+CVE_CHECK_IGNORE += "CVE-2022-1048"
-# cpe-stable-backport: Backported in 5.15.116
-CVE_CHECK_IGNORE += "CVE-2022-45919"
+# cpe-stable-backport: Backported in 5.15.20
+CVE_CHECK_IGNORE += "CVE-2022-1055"
-# cpe-stable-backport: Backported in 5.15.85
-CVE_CHECK_IGNORE += "CVE-2022-45934"
+# CVE-2022-1116 has no known resolution
-# cpe-stable-backport: Backported in 5.15.66
-CVE_CHECK_IGNORE += "CVE-2022-4662"
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-1158"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2022-4696"
+# cpe-stable-backport: Backported in 5.15.46
+CVE_CHECK_IGNORE += "CVE-2022-1184"
# cpe-stable-backport: Backported in 5.15.12
-CVE_CHECK_IGNORE += "CVE-2022-4744"
+CVE_CHECK_IGNORE += "CVE-2022-1195"
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2022-47518"
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-1198"
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2022-47519"
+# cpe-stable-backport: Backported in 5.15.29
+CVE_CHECK_IGNORE += "CVE-2022-1199"
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2022-47520"
+# cpe-stable-backport: Backported in 5.15.35
+CVE_CHECK_IGNORE += "CVE-2022-1204"
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2022-47521"
+# fixed-version: only affects 5.17rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2022-1205"
-# cpe-stable-backport: Backported in 5.15.88
-CVE_CHECK_IGNORE += "CVE-2022-47929"
+# CVE-2022-1247 has no known resolution
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-47938"
+# cpe-stable-backport: Backported in 5.15.34
+CVE_CHECK_IGNORE += "CVE-2022-1263"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-47939"
+# fixed-version: Fixed after version 5.15rc1
+CVE_CHECK_IGNORE += "CVE-2022-1280"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2022-47940"
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-1353"
+
+# fixed-version: Fixed after version 5.6rc2
+CVE_CHECK_IGNORE += "CVE-2022-1419"
+
+# cpe-stable-backport: Backported in 5.15.58
+CVE_CHECK_IGNORE += "CVE-2022-1462"
+
+# fixed-version: Fixed after version 5.15rc1
+CVE_CHECK_IGNORE += "CVE-2022-1508"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-1516"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-1651"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2022-1652"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-1671"
+
+# fixed-version: Fixed after version 4.20rc1
+CVE_CHECK_IGNORE += "CVE-2022-1678"
# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2022-47941"
+CVE_CHECK_IGNORE += "CVE-2022-1679"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2022-1729"
+
+# cpe-stable-backport: Backported in 5.15.39
+CVE_CHECK_IGNORE += "CVE-2022-1734"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2022-1786"
+
+# cpe-stable-backport: Backported in 5.15.44
+CVE_CHECK_IGNORE += "CVE-2022-1789"
+
+# cpe-stable-backport: Backported in 5.15.37
+CVE_CHECK_IGNORE += "CVE-2022-1836"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-1852"
+
+# fixed-version: only affects 5.17rc8 onwards
+CVE_CHECK_IGNORE += "CVE-2022-1882"
+
+# cpe-stable-backport: Backported in 5.15.40
+CVE_CHECK_IGNORE += "CVE-2022-1943"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-1966"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-1972"
+
+# cpe-stable-backport: Backported in 5.15.46
+CVE_CHECK_IGNORE += "CVE-2022-1973"
+
+# cpe-stable-backport: Backported in 5.15.39
+CVE_CHECK_IGNORE += "CVE-2022-1974"
+
+# cpe-stable-backport: Backported in 5.15.39
+CVE_CHECK_IGNORE += "CVE-2022-1975"
+
+# fixed-version: only affects 5.18rc2 onwards
+CVE_CHECK_IGNORE += "CVE-2022-1976"
+
+# cpe-stable-backport: Backported in 5.15.20
+CVE_CHECK_IGNORE += "CVE-2022-1998"
+
+# cpe-stable-backport: Backported in 5.15.25
+CVE_CHECK_IGNORE += "CVE-2022-20008"
+
+# cpe-stable-backport: Backported in 5.15.8
+CVE_CHECK_IGNORE += "CVE-2022-20132"
+
+# fixed-version: Fixed after version 5.15rc1
+CVE_CHECK_IGNORE += "CVE-2022-20141"
+
+# cpe-stable-backport: Backported in 5.15.3
+CVE_CHECK_IGNORE += "CVE-2022-20148"
+
+# fixed-version: Fixed after version 5.13rc1
+CVE_CHECK_IGNORE += "CVE-2022-20153"
+
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2022-20154"
+
+# cpe-stable-backport: Backported in 5.15.31
+CVE_CHECK_IGNORE += "CVE-2022-20158"
+
+# fixed-version: Fixed after version 5.10rc1
+CVE_CHECK_IGNORE += "CVE-2022-20166"
+
+# cpe-stable-backport: Backported in 5.15.31
+CVE_CHECK_IGNORE += "CVE-2022-20368"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-20369"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2022-20409"
+
+# cpe-stable-backport: Backported in 5.15.66
+CVE_CHECK_IGNORE += "CVE-2022-20421"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-20422"
+
+# fixed-version: only affects 5.17rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2022-20423"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2022-20424"
+
+# fixed-version: Fixed after version 5.9rc4
+CVE_CHECK_IGNORE += "CVE-2022-20565"
+
+# cpe-stable-backport: Backported in 5.15.59
+CVE_CHECK_IGNORE += "CVE-2022-20566"
+
+# fixed-version: Fixed after version 4.16rc5
+CVE_CHECK_IGNORE += "CVE-2022-20567"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2022-20568"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-20572"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-2078"
+
+# cpe-stable-backport: Backported in 5.15.48
+CVE_CHECK_IGNORE += "CVE-2022-21123"
+
+# cpe-stable-backport: Backported in 5.15.48
+CVE_CHECK_IGNORE += "CVE-2022-21125"
+
+# cpe-stable-backport: Backported in 5.15.48
+CVE_CHECK_IGNORE += "CVE-2022-21166"
+
+# fixed-version: Fixed after version 4.20
+CVE_CHECK_IGNORE += "CVE-2022-21385"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2022-21499"
+
+# cpe-stable-backport: Backported in 5.15.58
+CVE_CHECK_IGNORE += "CVE-2022-21505"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-2153"
+
+# cpe-stable-backport: Backported in 5.15.96
+CVE_CHECK_IGNORE += "CVE-2022-2196"
+
+# CVE-2022-2209 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.18
+CVE_CHECK_IGNORE += "CVE-2022-22942"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23036"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23037"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23038"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23039"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23040"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23041"
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23042"
+
+# cpe-stable-backport: Backported in 5.15.72
+CVE_CHECK_IGNORE += "CVE-2022-2308"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-2318"
+
+# cpe-stable-backport: Backported in 5.15.37
+CVE_CHECK_IGNORE += "CVE-2022-23222"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2022-2327"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-2380"
+
+# cpe-stable-backport: Backported in 5.15.57
+CVE_CHECK_IGNORE += "CVE-2022-23816"
+
+# CVE-2022-23825 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.28
+CVE_CHECK_IGNORE += "CVE-2022-23960"
+
+# cpe-stable-backport: Backported in 5.15.19
+CVE_CHECK_IGNORE += "CVE-2022-24122"
+
+# cpe-stable-backport: Backported in 5.15.19
+CVE_CHECK_IGNORE += "CVE-2022-24448"
+
+# cpe-stable-backport: Backported in 5.15.27
+CVE_CHECK_IGNORE += "CVE-2022-24958"
+
+# cpe-stable-backport: Backported in 5.15.19
+CVE_CHECK_IGNORE += "CVE-2022-24959"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-2503"
+
+# cpe-stable-backport: Backported in 5.15.24
+CVE_CHECK_IGNORE += "CVE-2022-25258"
+
+# CVE-2022-25265 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.24
+CVE_CHECK_IGNORE += "CVE-2022-25375"
+
+# cpe-stable-backport: Backported in 5.15.26
+CVE_CHECK_IGNORE += "CVE-2022-25636"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-2585"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-2586"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-2588"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-2590"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-2602"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-26365"
+
+# cpe-stable-backport: Backported in 5.15.60
+CVE_CHECK_IGNORE += "CVE-2022-26373"
+
+# cpe-stable-backport: Backported in 5.15.36
+CVE_CHECK_IGNORE += "CVE-2022-2639"
+
+# cpe-stable-backport: Backported in 5.15.32
+CVE_CHECK_IGNORE += "CVE-2022-26490"
+
+# cpe-stable-backport: Backported in 5.15.68
+CVE_CHECK_IGNORE += "CVE-2022-2663"
+
+# CVE-2022-26878 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.26
+CVE_CHECK_IGNORE += "CVE-2022-26966"
+
+# cpe-stable-backport: Backported in 5.15.26
+CVE_CHECK_IGNORE += "CVE-2022-27223"
+
+# cpe-stable-backport: Backported in 5.15.29
+CVE_CHECK_IGNORE += "CVE-2022-27666"
+
+# cpe-stable-backport: Backported in 5.15.94
+CVE_CHECK_IGNORE += "CVE-2022-27672"
+
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-2785"
+
+# cpe-stable-backport: Backported in 5.15.25
+CVE_CHECK_IGNORE += "CVE-2022-27950"
+
+# cpe-stable-backport: Backported in 5.15.32
+CVE_CHECK_IGNORE += "CVE-2022-28356"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-28388"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-28389"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-28390"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-2873"
+
+# fixed-version: only affects 5.17rc3 onwards
+CVE_CHECK_IGNORE += "CVE-2022-28796"
+
+# cpe-stable-backport: Backported in 5.15.41
+CVE_CHECK_IGNORE += "CVE-2022-28893"
+
+# cpe-stable-backport: Backported in 5.15.64
+CVE_CHECK_IGNORE += "CVE-2022-2905"
+
+# cpe-stable-backport: Backported in 5.15.26
+CVE_CHECK_IGNORE += "CVE-2022-29156"
+
+# cpe-stable-backport: Backported in 5.15.19
+CVE_CHECK_IGNORE += "CVE-2022-2938"
+
+# cpe-stable-backport: Backported in 5.15.36
+CVE_CHECK_IGNORE += "CVE-2022-29581"
+
+# cpe-stable-backport: Backported in 5.15.34
+CVE_CHECK_IGNORE += "CVE-2022-29582"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-2959"
+
+# CVE-2022-2961 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.24
+CVE_CHECK_IGNORE += "CVE-2022-2964"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-2977"
+
+# cpe-stable-backport: Backported in 5.15.73
+CVE_CHECK_IGNORE += "CVE-2022-2978"
+
+# cpe-stable-backport: Backported in 5.15.57
+CVE_CHECK_IGNORE += "CVE-2022-29900"
+
+# cpe-stable-backport: Backported in 5.15.57
+CVE_CHECK_IGNORE += "CVE-2022-29901"
+
+# fixed-version: Fixed after version 5.15rc1
+CVE_CHECK_IGNORE += "CVE-2022-2991"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-29968"
+
+# cpe-stable-backport: Backported in 5.15.64
+CVE_CHECK_IGNORE += "CVE-2022-3028"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-30594"
+
+# cpe-stable-backport: Backported in 5.15.70
+CVE_CHECK_IGNORE += "CVE-2022-3061"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-3077"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-3078"
+
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3103"
+
+# cpe-stable-backport: Backported in 5.15.47
+CVE_CHECK_IGNORE += "CVE-2022-3104"
+
+# cpe-stable-backport: Backported in 5.15.14
+CVE_CHECK_IGNORE += "CVE-2022-3105"
+
+# cpe-stable-backport: Backported in 5.15.11
+CVE_CHECK_IGNORE += "CVE-2022-3106"
+
+# cpe-stable-backport: Backported in 5.15.31
+CVE_CHECK_IGNORE += "CVE-2022-3107"
+
+# cpe-stable-backport: Backported in 5.15.27
+CVE_CHECK_IGNORE += "CVE-2022-3108"
+
+# cpe-stable-backport: Backported in 5.15.47
+CVE_CHECK_IGNORE += "CVE-2022-3110"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-3111"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-3112"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-3113"
+
+# CVE-2022-3114 needs backporting (fixed from 5.19rc1)
+
+# cpe-stable-backport: Backported in 5.15.46
+CVE_CHECK_IGNORE += "CVE-2022-3115"
+
+# cpe-stable-backport: Backported in 5.15.80
+CVE_CHECK_IGNORE += "CVE-2022-3169"
+
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3170"
+
+# cpe-stable-backport: Backported in 5.15.65
+CVE_CHECK_IGNORE += "CVE-2022-3176"
+
+# cpe-stable-backport: Backported in 5.15.34
+CVE_CHECK_IGNORE += "CVE-2022-3202"
+
+# cpe-stable-backport: Backported in 5.15.45
+CVE_CHECK_IGNORE += "CVE-2022-32250"
+
+# cpe-stable-backport: Backported in 5.15.41
+CVE_CHECK_IGNORE += "CVE-2022-32296"
+
+# CVE-2022-3238 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2022-3239"
+
+# cpe-stable-backport: Backported in 5.15.47
+CVE_CHECK_IGNORE += "CVE-2022-32981"
+
+# cpe-stable-backport: Backported in 5.15.68
+CVE_CHECK_IGNORE += "CVE-2022-3303"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2022-3344"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-33740"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-33741"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-33742"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-33743"
+
+# cpe-stable-backport: Backported in 5.15.53
+CVE_CHECK_IGNORE += "CVE-2022-33744"
+
+# cpe-stable-backport: Backported in 5.15.37
+CVE_CHECK_IGNORE += "CVE-2022-33981"
+
+# cpe-stable-backport: Backported in 5.15.86
+CVE_CHECK_IGNORE += "CVE-2022-3424"
+
+# fixed-version: only affects 5.18rc2 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3435"
+
+# cpe-stable-backport: Backported in 5.15.47
+CVE_CHECK_IGNORE += "CVE-2022-34494"
+
+# cpe-stable-backport: Backported in 5.15.47
+CVE_CHECK_IGNORE += "CVE-2022-34495"
+
+# cpe-stable-backport: Backported in 5.15.54
+CVE_CHECK_IGNORE += "CVE-2022-34918"
+
+# cpe-stable-backport: Backported in 5.15.80
+CVE_CHECK_IGNORE += "CVE-2022-3521"
+
+# CVE-2022-3522 needs backporting (fixed from 6.1rc1)
+
+# CVE-2022-3523 needs backporting (fixed from 6.1rc1)
+
+# cpe-stable-backport: Backported in 5.15.77
+CVE_CHECK_IGNORE += "CVE-2022-3524"
+
+# cpe-stable-backport: Backported in 5.15.35
+CVE_CHECK_IGNORE += "CVE-2022-3526"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3531"
+
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3532"
+
+# CVE-2022-3533 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.86
+CVE_CHECK_IGNORE += "CVE-2022-3534"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-3535"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3541"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-3542"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-3543"
+
+# CVE-2022-3544 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.84
+CVE_CHECK_IGNORE += "CVE-2022-3545"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-3564"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-3565"
+
+# CVE-2022-3566 needs backporting (fixed from 6.1rc1)
+
+# CVE-2022-3567 needs backporting (fixed from 6.1rc1)
+
+# cpe-stable-backport: Backported in 5.15.46
+CVE_CHECK_IGNORE += "CVE-2022-3577"
+
+# cpe-stable-backport: Backported in 5.15.68
+CVE_CHECK_IGNORE += "CVE-2022-3586"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-3594"
+
+# CVE-2022-3595 needs backporting (fixed from 6.1rc1)
+
+# CVE-2022-3606 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.56
+CVE_CHECK_IGNORE += "CVE-2022-36123"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-3619"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-3621"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-3623"
+
+# CVE-2022-3624 needs backporting (fixed from 6.0rc1)
+
+# cpe-stable-backport: Backported in 5.15.63
+CVE_CHECK_IGNORE += "CVE-2022-3625"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-3628"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2022-36280"
+
+# cpe-stable-backport: Backported in 5.15.63
+CVE_CHECK_IGNORE += "CVE-2022-3629"
+
+# fixed-version: only affects 5.19rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3630"
+
+# cpe-stable-backport: Backported in 5.15.63
+CVE_CHECK_IGNORE += "CVE-2022-3633"
+
+# cpe-stable-backport: Backported in 5.15.63
+CVE_CHECK_IGNORE += "CVE-2022-3635"
+
+# CVE-2022-3636 needs backporting (fixed from 5.19rc1)
+
+# fixed-version: only affects 5.19 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3640"
+
+# cpe-stable-backport: Backported in 5.15.129
+CVE_CHECK_IGNORE += "CVE-2022-36402"
+
+# CVE-2022-3642 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.83
+CVE_CHECK_IGNORE += "CVE-2022-3643"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-3646"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-3649"
+
+# cpe-stable-backport: Backported in 5.15.58
+CVE_CHECK_IGNORE += "CVE-2022-36879"
+
+# cpe-stable-backport: Backported in 5.15.59
+CVE_CHECK_IGNORE += "CVE-2022-36946"
+
+# cpe-stable-backport: Backported in 5.15.96
+CVE_CHECK_IGNORE += "CVE-2022-3707"
+
+# CVE-2022-38096 has no known resolution
+
+# CVE-2022-38457 needs backporting (fixed from 6.2rc4)
+
+# CVE-2022-3903 needs backporting (fixed from 6.1rc2)
+
+# fixed-version: only affects 5.18 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3910"
+
+# CVE-2022-39188 needs backporting (fixed from 5.19rc8)
+
+# cpe-stable-backport: Backported in 5.15.60
+CVE_CHECK_IGNORE += "CVE-2022-39189"
+
+# cpe-stable-backport: Backported in 5.15.64
+CVE_CHECK_IGNORE += "CVE-2022-39190"
+
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-3977"
+
+# cpe-stable-backport: Backported in 5.15.70
+CVE_CHECK_IGNORE += "CVE-2022-39842"
+
+# CVE-2022-40133 needs backporting (fixed from 6.2rc4)
+
+# cpe-stable-backport: Backported in 5.15.68
+CVE_CHECK_IGNORE += "CVE-2022-40307"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-40476"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-40768"
+
+# cpe-stable-backport: Backported in 5.15.66
+CVE_CHECK_IGNORE += "CVE-2022-4095"
+
+# cpe-stable-backport: Backported in 5.15.125
+CVE_CHECK_IGNORE += "CVE-2022-40982"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2022-41218"
+
+# fixed-version: Fixed after version 5.14rc1
+CVE_CHECK_IGNORE += "CVE-2022-41222"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-4127"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2022-4128"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2022-4129"
+
+# fixed-version: only affects 5.17rc2 onwards
+CVE_CHECK_IGNORE += "CVE-2022-4139"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-41674"
+
+# CVE-2022-41848 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-41849"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-41850"
+
+# cpe-stable-backport: Backported in 5.15.35
+CVE_CHECK_IGNORE += "CVE-2022-41858"
+
+# fixed-version: only affects 5.16rc7 onwards
+CVE_CHECK_IGNORE += "CVE-2022-42328"
+
+# fixed-version: only affects 5.16rc7 onwards
+CVE_CHECK_IGNORE += "CVE-2022-42329"
+
+# cpe-stable-backport: Backported in 5.15.71
+CVE_CHECK_IGNORE += "CVE-2022-42432"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2022-4269"
+
+# cpe-stable-backport: Backported in 5.15.65
+CVE_CHECK_IGNORE += "CVE-2022-42703"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-42719"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-42720"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-42721"
+
+# cpe-stable-backport: Backported in 5.15.74
+CVE_CHECK_IGNORE += "CVE-2022-42722"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-42895"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2022-42896"
+
+# cpe-stable-backport: Backported in 5.15.73
+CVE_CHECK_IGNORE += "CVE-2022-43750"
+
+# cpe-stable-backport: Backported in 5.15.82
+CVE_CHECK_IGNORE += "CVE-2022-4378"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2022-4379"
+
+# cpe-stable-backport: Backported in 5.15.90
+CVE_CHECK_IGNORE += "CVE-2022-4382"
+
+# cpe-stable-backport: Backported in 5.15.75
+CVE_CHECK_IGNORE += "CVE-2022-43945"
+
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
+
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
+
+# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
+
+# CVE-2022-4543 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.82
+CVE_CHECK_IGNORE += "CVE-2022-45869"
+
+# CVE-2022-45884 has no known resolution
+
+# CVE-2022-45885 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.116
+CVE_CHECK_IGNORE += "CVE-2022-45886"
+
+# cpe-stable-backport: Backported in 5.15.116
+CVE_CHECK_IGNORE += "CVE-2022-45887"
+
+# CVE-2022-45888 needs backporting (fixed from 6.2rc1)
+
+# cpe-stable-backport: Backported in 5.15.116
+CVE_CHECK_IGNORE += "CVE-2022-45919"
+
+# cpe-stable-backport: Backported in 5.15.85
+CVE_CHECK_IGNORE += "CVE-2022-45934"
+
+# cpe-stable-backport: Backported in 5.15.66
+CVE_CHECK_IGNORE += "CVE-2022-4662"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2022-4696"
+
+# cpe-stable-backport: Backported in 5.15.12
+CVE_CHECK_IGNORE += "CVE-2022-4744"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2022-47518"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2022-47519"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2022-47520"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2022-47521"
+
+# cpe-stable-backport: Backported in 5.15.88
+CVE_CHECK_IGNORE += "CVE-2022-47929"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-47938"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-47939"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2022-47940"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2022-47941"
+
+# cpe-stable-backport: Backported in 5.15.62
+CVE_CHECK_IGNORE += "CVE-2022-47942"
+
+# cpe-stable-backport: Backported in 5.15.62
+CVE_CHECK_IGNORE += "CVE-2022-47943"
+
+# fixed-version: Fixed after version 5.12rc2
+CVE_CHECK_IGNORE += "CVE-2022-47946"
+
+# cpe-stable-backport: Backported in 5.15.90
+CVE_CHECK_IGNORE += "CVE-2022-4842"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2022-48423"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2022-48424"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2022-48425"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2022-48502"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2022-48619"
+
+# cpe-stable-backport: Backported in 5.15.23
+CVE_CHECK_IGNORE += "CVE-2022-48626"
+
+# cpe-stable-backport: Backported in 5.15.56
+CVE_CHECK_IGNORE += "CVE-2022-48627"
+
+# CVE-2022-48628 needs backporting (fixed from 6.6rc1)
+
+# cpe-stable-backport: Backported in 5.15.31
+CVE_CHECK_IGNORE += "CVE-2022-48629"
+
+# fixed-version: only affects 5.17 onwards
+CVE_CHECK_IGNORE += "CVE-2022-48630"
+
+# fixed-version: Fixed after version 5.0rc1
+CVE_CHECK_IGNORE += "CVE-2023-0030"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2023-0045"
+
+# cpe-stable-backport: Backported in 5.15.3
+CVE_CHECK_IGNORE += "CVE-2023-0047"
+
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-0122"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-0160"
+
+# cpe-stable-backport: Backported in 5.15.89
+CVE_CHECK_IGNORE += "CVE-2023-0179"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2023-0210"
+
+# fixed-version: Fixed after version 5.10rc1
+CVE_CHECK_IGNORE += "CVE-2023-0240"
+
+# cpe-stable-backport: Backported in 5.15.88
+CVE_CHECK_IGNORE += "CVE-2023-0266"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2023-0386"
+
+# cpe-stable-backport: Backported in 5.15.89
+CVE_CHECK_IGNORE += "CVE-2023-0394"
+
+# cpe-stable-backport: Backported in 5.15.90
+CVE_CHECK_IGNORE += "CVE-2023-0458"
+
+# cpe-stable-backport: Backported in 5.15.96
+CVE_CHECK_IGNORE += "CVE-2023-0459"
+
+# cpe-stable-backport: Backported in 5.15.88
+CVE_CHECK_IGNORE += "CVE-2023-0461"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-0468"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-0469"
+
+# cpe-stable-backport: Backported in 5.15.76
+CVE_CHECK_IGNORE += "CVE-2023-0590"
+
+# CVE-2023-0597 needs backporting (fixed from 6.2rc1)
+
+# cpe-stable-backport: Backported in 5.15.77
+CVE_CHECK_IGNORE += "CVE-2023-0615"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-1032"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2023-1073"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2023-1074"
+
+# CVE-2023-1075 needs backporting (fixed from 6.2rc7)
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-1076"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-1077"
+
+# cpe-stable-backport: Backported in 5.15.94
+CVE_CHECK_IGNORE += "CVE-2023-1078"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-1079"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2023-1095"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-1118"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2023-1192"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-1193"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-1194"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-1195"
+
+# cpe-stable-backport: Backported in 5.15.124
+CVE_CHECK_IGNORE += "CVE-2023-1206"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2023-1249"
+
+# cpe-stable-backport: Backported in 5.15.3
+CVE_CHECK_IGNORE += "CVE-2023-1252"
+
+# cpe-stable-backport: Backported in 5.15.95
+CVE_CHECK_IGNORE += "CVE-2023-1281"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2023-1295"
+
+# cpe-stable-backport: Backported in 5.15.110
+CVE_CHECK_IGNORE += "CVE-2023-1380"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2023-1382"
+
+# fixed-version: Fixed after version 5.11rc4
+CVE_CHECK_IGNORE += "CVE-2023-1390"
+
+# CVE-2023-1476 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.95
+CVE_CHECK_IGNORE += "CVE-2023-1513"
+
+# cpe-stable-backport: Backported in 5.15.25
+CVE_CHECK_IGNORE += "CVE-2023-1582"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-1583"
+
+# cpe-stable-backport: Backported in 5.15.106
+CVE_CHECK_IGNORE += "CVE-2023-1611"
+
+# cpe-stable-backport: Backported in 5.15.34
+CVE_CHECK_IGNORE += "CVE-2023-1637"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2023-1652"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-1670"
+
+# cpe-stable-backport: Backported in 5.15.100
+CVE_CHECK_IGNORE += "CVE-2023-1829"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2023-1838"
+
+# cpe-stable-backport: Backported in 5.15.104
+CVE_CHECK_IGNORE += "CVE-2023-1855"
+
+# cpe-stable-backport: Backported in 5.15.108
+CVE_CHECK_IGNORE += "CVE-2023-1859"
+
+# CVE-2023-1872 needs backporting (fixed from 5.18rc2)
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-1989"
+
+# cpe-stable-backport: Backported in 5.15.104
+CVE_CHECK_IGNORE += "CVE-2023-1990"
+
+# fixed-version: only affects 5.19rc7 onwards
+CVE_CHECK_IGNORE += "CVE-2023-1998"
+
+# cpe-stable-backport: Backported in 5.15.110
+CVE_CHECK_IGNORE += "CVE-2023-2002"
+
+# cpe-stable-backport: Backported in 5.15.81
+CVE_CHECK_IGNORE += "CVE-2023-2006"
+
+# CVE-2023-2007 needs backporting (fixed from 6.0rc1)
+
+# cpe-stable-backport: Backported in 5.15.51
+CVE_CHECK_IGNORE += "CVE-2023-2008"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2023-2019"
+
+# cpe-stable-backport: Backported in 5.15.125
+CVE_CHECK_IGNORE += "CVE-2023-20569"
+
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-20588"
+
+# cpe-stable-backport: Backported in 5.15.122
+CVE_CHECK_IGNORE += "CVE-2023-20593"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2023-20928"
+
+# CVE-2023-20937 has no known resolution
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-20938"
+
+# CVE-2023-20941 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.90
+CVE_CHECK_IGNORE += "CVE-2023-21102"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-21106"
+
+# cpe-stable-backport: Backported in 5.15.117
+CVE_CHECK_IGNORE += "CVE-2023-2124"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-21255"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-21264"
+
+# CVE-2023-21400 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.109
+CVE_CHECK_IGNORE += "CVE-2023-2156"
+
+# cpe-stable-backport: Backported in 5.15.93
+CVE_CHECK_IGNORE += "CVE-2023-2162"
+
+# cpe-stable-backport: Backported in 5.15.109
+CVE_CHECK_IGNORE += "CVE-2023-2163"
+
+# cpe-stable-backport: Backported in 5.15.83
+CVE_CHECK_IGNORE += "CVE-2023-2166"
+
+# CVE-2023-2176 needs backporting (fixed from 6.3rc1)
+
+# cpe-stable-backport: Backported in 5.15.59
+CVE_CHECK_IGNORE += "CVE-2023-2177"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-2194"
+
+# cpe-stable-backport: Backported in 5.15.104
+CVE_CHECK_IGNORE += "CVE-2023-2235"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-2236"
+
+# cpe-stable-backport: Backported in 5.15.109
+CVE_CHECK_IGNORE += "CVE-2023-2248"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-2269"
+
+# CVE-2023-22995 needs backporting (fixed from 5.17rc1)
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-22996"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-22997"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2023-22998"
+
+# cpe-stable-backport: Backported in 5.15.17
+CVE_CHECK_IGNORE += "CVE-2023-22999"
+
+# CVE-2023-23000 needs backporting (fixed from 5.17rc1)
+
+# cpe-stable-backport: Backported in 5.15.17
+CVE_CHECK_IGNORE += "CVE-2023-23001"
+
+# cpe-stable-backport: Backported in 5.15.17
+CVE_CHECK_IGNORE += "CVE-2023-23002"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-23003"
+
+# cpe-stable-backport: Backported in 5.15.100
+CVE_CHECK_IGNORE += "CVE-2023-23004"
+
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-23005"
+
+# cpe-stable-backport: Backported in 5.15.13
+CVE_CHECK_IGNORE += "CVE-2023-23006"
+
+# CVE-2023-23039 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2023-23454"
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2023-23455"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2023-23559"
+
+# fixed-version: Fixed after version 5.12rc1
+CVE_CHECK_IGNORE += "CVE-2023-23586"
+
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-2430"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-2483"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-25012"
+
+# cpe-stable-backport: Backported in 5.15.61
+CVE_CHECK_IGNORE += "CVE-2023-2513"
+
+# cpe-stable-backport: Backported in 5.15.144
+CVE_CHECK_IGNORE += "CVE-2023-25775"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-2598"
+
+# CVE-2023-26242 has no known resolution
+
+# CVE-2023-2640 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2023-26544"
+
+# cpe-stable-backport: Backported in 5.15.95
+CVE_CHECK_IGNORE += "CVE-2023-26545"
+
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-26605"
+
+# cpe-stable-backport: Backported in 5.15.86
+CVE_CHECK_IGNORE += "CVE-2023-26606"
+
+# cpe-stable-backport: Backported in 5.15.80
+CVE_CHECK_IGNORE += "CVE-2023-26607"
+
+# cpe-stable-backport: Backported in 5.15.83
+CVE_CHECK_IGNORE += "CVE-2023-28327"
+
+# cpe-stable-backport: Backported in 5.15.86
+CVE_CHECK_IGNORE += "CVE-2023-28328"
+
+# cpe-stable-backport: Backported in 5.15.33
+CVE_CHECK_IGNORE += "CVE-2023-28410"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-28464"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-28466"
+
+# cpe-stable-backport: Backported in 5.15.68
+CVE_CHECK_IGNORE += "CVE-2023-2860"
+
+# CVE-2023-28746 needs backporting (fixed from 6.9rc1)
+
+# fixed-version: Fixed after version 5.14rc1
+CVE_CHECK_IGNORE += "CVE-2023-28772"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-28866"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-2898"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-2985"
+
+# cpe-stable-backport: Backported in 5.15.77
+CVE_CHECK_IGNORE += "CVE-2023-3006"
+
+# Skipping CVE-2023-3022, no affected_versions
+
+# cpe-stable-backport: Backported in 5.15.104
+CVE_CHECK_IGNORE += "CVE-2023-30456"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-30772"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2023-3090"
+
+# fixed-version: Fixed after version 4.8rc7
+CVE_CHECK_IGNORE += "CVE-2023-3106"
+
+# Skipping CVE-2023-3108, no affected_versions
+
+# CVE-2023-31081 has no known resolution
+
+# CVE-2023-31082 has no known resolution
+
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-31084 needs backporting (fixed from 6.4rc3)
+
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-31085"
+
+# cpe-stable-backport: Backported in 5.15.63
+CVE_CHECK_IGNORE += "CVE-2023-3111"
+
+# cpe-stable-backport: Backported in 5.15.118
+CVE_CHECK_IGNORE += "CVE-2023-3117"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-31248"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2023-3141"
+
+# cpe-stable-backport: Backported in 5.15.109
+CVE_CHECK_IGNORE += "CVE-2023-31436"
+
+# cpe-stable-backport: Backported in 5.15.39
+CVE_CHECK_IGNORE += "CVE-2023-3159"
+
+# cpe-stable-backport: Backported in 5.15.93
+CVE_CHECK_IGNORE += "CVE-2023-3161"
+
+# cpe-stable-backport: Backported in 5.15.116
+CVE_CHECK_IGNORE += "CVE-2023-3212"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-3220"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-32233"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32247"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-32248"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32250"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32252"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32254"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32257"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-32258"
+
+# cpe-stable-backport: Backported in 5.15.93
+CVE_CHECK_IGNORE += "CVE-2023-32269"
+
+# CVE-2023-32629 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-3268"
+
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-3269"
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-3312"
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-3317"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-33203"
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-33250"
+
+# cpe-stable-backport: Backported in 5.15.105
+CVE_CHECK_IGNORE += "CVE-2023-33288"
+
+# cpe-stable-backport: Backported in 5.15.118
+CVE_CHECK_IGNORE += "CVE-2023-3338"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-3355"
+
+# cpe-stable-backport: Backported in 5.15.86
+CVE_CHECK_IGNORE += "CVE-2023-3357"
+
+# cpe-stable-backport: Backported in 5.15.91
+CVE_CHECK_IGNORE += "CVE-2023-3358"
+
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-3359"
+
+# CVE-2023-3389 needs backporting (fixed from 6.0rc1)
+
+# cpe-stable-backport: Backported in 5.15.118
+CVE_CHECK_IGNORE += "CVE-2023-3390"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-33951"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-33952"
+
+# CVE-2023-3397 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.117
+CVE_CHECK_IGNORE += "CVE-2023-34255"
+
+# cpe-stable-backport: Backported in 5.15.112
+CVE_CHECK_IGNORE += "CVE-2023-34256"
+
+# fixed-version: only affects 6.1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-34319"
+
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-34324"
+
+# CVE-2023-3439 needs backporting (fixed from 5.18rc5)
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-35001"
+
+# cpe-stable-backport: Backported in 5.15.93
+CVE_CHECK_IGNORE += "CVE-2023-3567"
+
+# CVE-2023-35693 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.116
+CVE_CHECK_IGNORE += "CVE-2023-35788"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-35823"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-35824"
+
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-35826"
+
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-35827"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-35828"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-35829"
+
+# cpe-stable-backport: Backported in 5.15.118
+CVE_CHECK_IGNORE += "CVE-2023-3609"
+
+# cpe-stable-backport: Backported in 5.15.119
+CVE_CHECK_IGNORE += "CVE-2023-3610"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-3611"
+
+# CVE-2023-3640 has no known resolution
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-37453"
+
+# CVE-2023-37454 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-3772"
+
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-3773"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-3776"
+
+# cpe-stable-backport: Backported in 5.15.123
+CVE_CHECK_IGNORE += "CVE-2023-3777"
+
+# cpe-stable-backport: Backported in 5.15.78
+CVE_CHECK_IGNORE += "CVE-2023-3812"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-38409"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2023-38426"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-38427"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2023-38428"
+
+# cpe-stable-backport: Backported in 5.15.113
+CVE_CHECK_IGNORE += "CVE-2023-38429"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-38430"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-38431"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-38432"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-3863"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-3865"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-3866"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-3867"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-39189"
+
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-39191"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-39192"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-39193"
+
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-39194"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-39197"
+
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-39198"
+
+# cpe-stable-backport: Backported in 5.15.123
+CVE_CHECK_IGNORE += "CVE-2023-4004"
+
+# CVE-2023-4010 has no known resolution
+
+# cpe-stable-backport: Backported in 5.15.124
+CVE_CHECK_IGNORE += "CVE-2023-4015"
+
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-40283"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-40791"
+
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-4128"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-4132"
+
+# CVE-2023-4133 needs backporting (fixed from 6.3)
+
+# CVE-2023-4134 needs backporting (fixed from 6.5rc1)
+
+# cpe-stable-backport: Backported in 5.15.124
+CVE_CHECK_IGNORE += "CVE-2023-4147"
+
+# CVE-2023-4155 needs backporting (fixed from 6.5rc6)
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4194"
+
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-4206"
+
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-4207"
+
+# cpe-stable-backport: Backported in 5.15.126
+CVE_CHECK_IGNORE += "CVE-2023-4208"
+
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-4244"
+
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-4273"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-42752"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-42753"
+
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-42754"
+
+# cpe-stable-backport: Backported in 5.15.133
+CVE_CHECK_IGNORE += "CVE-2023-42755"
+
+# fixed-version: only affects 6.4rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2023-42756"
+
+# cpe-stable-backport: Backported in 5.15.46
+CVE_CHECK_IGNORE += "CVE-2023-4385"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2023-4387"
+
+# cpe-stable-backport: Backported in 5.15.35
+CVE_CHECK_IGNORE += "CVE-2023-4389"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4394"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-44466"
+
+# cpe-stable-backport: Backported in 5.15.42
+CVE_CHECK_IGNORE += "CVE-2023-4459"
+
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-4563"
+
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-4569"
+
+# cpe-stable-backport: Backported in 5.15.100
+CVE_CHECK_IGNORE += "CVE-2023-45862"
+
+# cpe-stable-backport: Backported in 5.15.99
+CVE_CHECK_IGNORE += "CVE-2023-45863"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-45871"
+
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-45898"
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4610"
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4611"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-4623"
+
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-46343"
+
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-46813"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-46838"
+
+# cpe-stable-backport: Backported in 5.15.140
+CVE_CHECK_IGNORE += "CVE-2023-46862"
+
+# CVE-2023-47233 needs backporting (fixed from 6.9rc1)
+
+# fixed-version: Fixed after version 5.14rc1
+CVE_CHECK_IGNORE += "CVE-2023-4732"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-4881"
+
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-4921"
+
+# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
+
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-5090"
+
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-51042"
+
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-51043"
+
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-5158"
+
+# cpe-stable-backport: Backported in 5.15.146
+CVE_CHECK_IGNORE += "CVE-2023-51779"
+
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-5178"
+
+# cpe-stable-backport: Backported in 5.15.144
+CVE_CHECK_IGNORE += "CVE-2023-51780"
+
+# cpe-stable-backport: Backported in 5.15.144
+CVE_CHECK_IGNORE += "CVE-2023-51781"
+
+# cpe-stable-backport: Backported in 5.15.144
+CVE_CHECK_IGNORE += "CVE-2023-51782"
+
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-5197"
+
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2023-52340"
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52429"
+
+# fixed-version: only affects 6.5rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52433"
+
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2023-52434"
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52435"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52436"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52438"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52439"
+
+# fixed-version: only affects 5.17rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52440"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-52441"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-52442"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52443"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52444"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52445"
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52446"
+
+# cpe-stable-backport: Backported in 5.15.153
+CVE_CHECK_IGNORE += "CVE-2023-52447"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52448"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52449"
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52450"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52451"
+
+# CVE-2023-52452 needs backporting (fixed from 6.8rc1)
+
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52453"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52454"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52455"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52456"
+
+# fixed-version: only affects 6.1rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52457"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52458"
+
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52459"
+
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52460"
+
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52461"
+
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52462"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52463"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52464"
+
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52465"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52467"
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52468"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52469"
+
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52470"
+
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52471"
+
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52472"
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52473"
+
+# cpe-stable-backport: Backported in 5.15.111
+CVE_CHECK_IGNORE += "CVE-2023-52474"
+
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52475"
+
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-52476"
+
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52477"
+
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52478"
+
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52479"
+
+# cpe-stable-backport: Backported in 5.15.145
+CVE_CHECK_IGNORE += "CVE-2023-52480"
+
+# CVE-2023-52481 needs backporting (fixed from 6.6rc5)
+
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52482"
+
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-52483"
+
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52484"
+
+# CVE-2023-52485 needs backporting (fixed from 6.8rc1)
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52486"
+
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52487"
+
+# CVE-2023-52488 needs backporting (fixed from 6.8rc1)
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52489"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52490"
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52491"
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52492"
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52493"
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52494"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52495"
-# cpe-stable-backport: Backported in 5.15.62
-CVE_CHECK_IGNORE += "CVE-2022-47942"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2023-52497"
-# cpe-stable-backport: Backported in 5.15.62
-CVE_CHECK_IGNORE += "CVE-2022-47943"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52498"
-# fixed-version: Fixed after version 5.12rc2
-CVE_CHECK_IGNORE += "CVE-2022-47946"
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-52499"
-# cpe-stable-backport: Backported in 5.15.90
-CVE_CHECK_IGNORE += "CVE-2022-4842"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52500"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2022-48423"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52501"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2022-48424"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52502"
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2022-48425"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52503"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2022-48502"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52504"
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2022-48619"
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52505"
-# fixed-version: Fixed after version 5.0rc1
-CVE_CHECK_IGNORE += "CVE-2023-0030"
+# CVE-2023-52506 needs backporting (fixed from 6.6rc3)
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2023-0045"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52507"
-# cpe-stable-backport: Backported in 5.15.3
-CVE_CHECK_IGNORE += "CVE-2023-0047"
+# CVE-2023-52508 needs backporting (fixed from 6.6rc2)
-# fixed-version: only affects 6.0rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0122"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52509"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-0160"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52510"
-# cpe-stable-backport: Backported in 5.15.89
-CVE_CHECK_IGNORE += "CVE-2023-0179"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52511"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2023-0210"
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52512"
-# fixed-version: Fixed after version 5.10rc1
-CVE_CHECK_IGNORE += "CVE-2023-0240"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52513"
-# cpe-stable-backport: Backported in 5.15.88
-CVE_CHECK_IGNORE += "CVE-2023-0266"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52515"
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2023-0386"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52516"
-# cpe-stable-backport: Backported in 5.15.89
-CVE_CHECK_IGNORE += "CVE-2023-0394"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52517"
-# cpe-stable-backport: Backported in 5.15.90
-CVE_CHECK_IGNORE += "CVE-2023-0458"
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52518"
-# cpe-stable-backport: Backported in 5.15.96
-CVE_CHECK_IGNORE += "CVE-2023-0459"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52519"
-# cpe-stable-backport: Backported in 5.15.88
-CVE_CHECK_IGNORE += "CVE-2023-0461"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52520"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0468"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52522"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-0469"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52523"
-# cpe-stable-backport: Backported in 5.15.76
-CVE_CHECK_IGNORE += "CVE-2023-0590"
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52524"
-# CVE-2023-0597 needs backporting (fixed from 6.2rc1)
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52525"
-# cpe-stable-backport: Backported in 5.15.77
-CVE_CHECK_IGNORE += "CVE-2023-0615"
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52526"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-1032"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52527"
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2023-1073"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52528"
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2023-1074"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52529"
-# CVE-2023-1075 needs backporting (fixed from 6.2rc7)
+# CVE-2023-52530 needs backporting (fixed from 6.6rc5)
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-1076"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2023-52531"
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-1077"
+# CVE-2023-52532 needs backporting (fixed from 6.6rc5)
-# cpe-stable-backport: Backported in 5.15.94
-CVE_CHECK_IGNORE += "CVE-2023-1078"
+# cpe-stable-backport: Backported in 5.15.136
+CVE_CHECK_IGNORE += "CVE-2023-52559"
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-1079"
+# fixed-version: only affects 5.16rc5 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52560"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2023-1095"
+# CVE-2023-52561 needs backporting (fixed from 6.6rc1)
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-1118"
+# fixed-version: only affects 6.0rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52562"
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2023-1192"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52563"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-1193"
+# fixed-version: only affects 6.5rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52564"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-1194"
+# CVE-2023-52565 needs backporting (fixed from 6.6rc3)
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-1195"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52566"
-# cpe-stable-backport: Backported in 5.15.124
-CVE_CHECK_IGNORE += "CVE-2023-1206"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52567"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2023-1249"
+# CVE-2023-52568 needs backporting (fixed from 6.6rc4)
-# cpe-stable-backport: Backported in 5.15.3
-CVE_CHECK_IGNORE += "CVE-2023-1252"
+# CVE-2023-52569 needs backporting (fixed from 6.6rc2)
-# cpe-stable-backport: Backported in 5.15.95
-CVE_CHECK_IGNORE += "CVE-2023-1281"
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52570"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2023-1295"
+# CVE-2023-52571 needs backporting (fixed from 6.6rc4)
-# cpe-stable-backport: Backported in 5.15.110
-CVE_CHECK_IGNORE += "CVE-2023-1380"
+# CVE-2023-52572 needs backporting (fixed from 6.6rc3)
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2023-1382"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52573"
-# fixed-version: Fixed after version 5.11rc4
-CVE_CHECK_IGNORE += "CVE-2023-1390"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52574"
-# CVE-2023-1476 has no known resolution
+# fixed-version: only affects 6.5rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52575"
-# cpe-stable-backport: Backported in 5.15.95
-CVE_CHECK_IGNORE += "CVE-2023-1513"
+# CVE-2023-52576 needs backporting (fixed from 6.6rc3)
-# cpe-stable-backport: Backported in 5.15.25
-CVE_CHECK_IGNORE += "CVE-2023-1582"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52577"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-1583"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52578"
-# cpe-stable-backport: Backported in 5.15.106
-CVE_CHECK_IGNORE += "CVE-2023-1611"
+# cpe-stable-backport: Backported in 5.15.134
+CVE_CHECK_IGNORE += "CVE-2023-52580"
-# cpe-stable-backport: Backported in 5.15.34
-CVE_CHECK_IGNORE += "CVE-2023-1637"
+# fixed-version: only affects 6.5rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52581"
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2023-1652"
+# CVE-2023-52582 needs backporting (fixed from 6.6rc3)
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-1670"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52583"
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-1829"
+# CVE-2023-52584 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2023-1838"
+# CVE-2023-52585 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.104
-CVE_CHECK_IGNORE += "CVE-2023-1855"
+# CVE-2023-52586 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.108
-CVE_CHECK_IGNORE += "CVE-2023-1859"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52587"
-# CVE-2023-1872 needs backporting (fixed from 5.18rc2)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52588"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-1989"
+# CVE-2023-52589 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.104
-CVE_CHECK_IGNORE += "CVE-2023-1990"
+# CVE-2023-52590 needs backporting (fixed from 6.8rc1)
-# fixed-version: only affects 5.19rc7 onwards
-CVE_CHECK_IGNORE += "CVE-2023-1998"
+# CVE-2023-52591 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.110
-CVE_CHECK_IGNORE += "CVE-2023-2002"
+# CVE-2023-52593 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.81
-CVE_CHECK_IGNORE += "CVE-2023-2006"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52594"
-# CVE-2023-2007 needs backporting (fixed from 6.0rc1)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52595"
-# cpe-stable-backport: Backported in 5.15.51
-CVE_CHECK_IGNORE += "CVE-2023-2008"
+# CVE-2023-52596 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2023-2019"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52597"
-# cpe-stable-backport: Backported in 5.15.125
-CVE_CHECK_IGNORE += "CVE-2023-20569"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52598"
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-20588"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52599"
-# cpe-stable-backport: Backported in 5.15.122
-CVE_CHECK_IGNORE += "CVE-2023-20593"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52600"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2023-20928"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52601"
-# CVE-2023-20937 has no known resolution
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52602"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-20938"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52603"
-# CVE-2023-20941 has no known resolution
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52604"
-# cpe-stable-backport: Backported in 5.15.90
-CVE_CHECK_IGNORE += "CVE-2023-21102"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52606"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-21106"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52607"
-# cpe-stable-backport: Backported in 5.15.117
-CVE_CHECK_IGNORE += "CVE-2023-2124"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52608"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-21255"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52609"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-21264"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52610"
-# CVE-2023-21400 has no known resolution
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52611"
-# cpe-stable-backport: Backported in 5.15.109
-CVE_CHECK_IGNORE += "CVE-2023-2156"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-52612"
-# cpe-stable-backport: Backported in 5.15.93
-CVE_CHECK_IGNORE += "CVE-2023-2162"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52613"
-# cpe-stable-backport: Backported in 5.15.109
-CVE_CHECK_IGNORE += "CVE-2023-2163"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52614"
-# cpe-stable-backport: Backported in 5.15.83
-CVE_CHECK_IGNORE += "CVE-2023-2166"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52615"
-# CVE-2023-2176 needs backporting (fixed from 6.3rc1)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52616"
-# cpe-stable-backport: Backported in 5.15.59
-CVE_CHECK_IGNORE += "CVE-2023-2177"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52617"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-2194"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52618"
-# cpe-stable-backport: Backported in 5.15.104
-CVE_CHECK_IGNORE += "CVE-2023-2235"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52619"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-2236"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2023-52620"
-# cpe-stable-backport: Backported in 5.15.109
-CVE_CHECK_IGNORE += "CVE-2023-2248"
+# CVE-2023-52621 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-2269"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52622"
-# CVE-2023-22995 needs backporting (fixed from 5.17rc1)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52623"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-22996"
+# CVE-2023-52624 needs backporting (fixed from 6.8rc1)
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-22997"
+# CVE-2023-52625 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2023-22998"
+# fixed-version: only affects 6.7rc2 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52626"
-# cpe-stable-backport: Backported in 5.15.17
-CVE_CHECK_IGNORE += "CVE-2023-22999"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52627"
-# CVE-2023-23000 needs backporting (fixed from 5.17rc1)
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-52628"
-# cpe-stable-backport: Backported in 5.15.17
-CVE_CHECK_IGNORE += "CVE-2023-23001"
+# CVE-2023-52629 needs backporting (fixed from 6.6rc1)
-# cpe-stable-backport: Backported in 5.15.17
-CVE_CHECK_IGNORE += "CVE-2023-23002"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52630"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-23003"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52631"
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-23004"
+# CVE-2023-52632 needs backporting (fixed from 6.8rc1)
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-23005"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52633"
-# cpe-stable-backport: Backported in 5.15.13
-CVE_CHECK_IGNORE += "CVE-2023-23006"
+# CVE-2023-52634 needs backporting (fixed from 6.8rc1)
-# CVE-2023-23039 has no known resolution
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52635"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2023-23454"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-52636"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2023-23455"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52637"
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2023-23559"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2023-52638"
-# fixed-version: Fixed after version 5.12rc1
-CVE_CHECK_IGNORE += "CVE-2023-23586"
+# CVE-2023-52639 needs backporting (fixed from 6.8rc4)
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-2430"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2023-52640"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-2483"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2023-52641"
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-25012"
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-5345"
-# cpe-stable-backport: Backported in 5.15.61
-CVE_CHECK_IGNORE += "CVE-2023-2513"
+# fixed-version: only affects 6.2 onwards
+CVE_CHECK_IGNORE += "CVE-2023-5633"
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-25775"
+# cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-5717"
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-2598"
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-5972"
-# CVE-2023-26242 has no known resolution
+# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
-# CVE-2023-2640 has no known resolution
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2023-6040"
-# cpe-stable-backport: Backported in 5.15.87
-CVE_CHECK_IGNORE += "CVE-2023-26544"
+# fixed-version: only affects 6.6rc3 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6111"
-# cpe-stable-backport: Backported in 5.15.95
-CVE_CHECK_IGNORE += "CVE-2023-26545"
+# cpe-stable-backport: Backported in 5.15.141
+CVE_CHECK_IGNORE += "CVE-2023-6121"
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-26605"
+# cpe-stable-backport: Backported in 5.15.132
+CVE_CHECK_IGNORE += "CVE-2023-6176"
-# cpe-stable-backport: Backported in 5.15.86
-CVE_CHECK_IGNORE += "CVE-2023-26606"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6200"
-# cpe-stable-backport: Backported in 5.15.80
-CVE_CHECK_IGNORE += "CVE-2023-26607"
+# CVE-2023-6238 has no known resolution
-# cpe-stable-backport: Backported in 5.15.83
-CVE_CHECK_IGNORE += "CVE-2023-28327"
+# CVE-2023-6240 has no known resolution
-# cpe-stable-backport: Backported in 5.15.86
-CVE_CHECK_IGNORE += "CVE-2023-28328"
+# cpe-stable-backport: Backported in 5.15.153
+CVE_CHECK_IGNORE += "CVE-2023-6270"
-# cpe-stable-backport: Backported in 5.15.33
-CVE_CHECK_IGNORE += "CVE-2023-28410"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-6356"
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-28464"
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6531"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-28466"
+# CVE-2023-6535 has no known resolution
-# cpe-stable-backport: Backported in 5.15.68
-CVE_CHECK_IGNORE += "CVE-2023-2860"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-6536"
-# fixed-version: Fixed after version 5.14rc1
-CVE_CHECK_IGNORE += "CVE-2023-28772"
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-6546"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-28866"
+# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-2898"
+# cpe-stable-backport: Backported in 5.15.146
+CVE_CHECK_IGNORE += "CVE-2023-6606"
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-2985"
+# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
-# cpe-stable-backport: Backported in 5.15.77
-CVE_CHECK_IGNORE += "CVE-2023-3006"
+# cpe-stable-backport: Backported in 5.15.143
+CVE_CHECK_IGNORE += "CVE-2023-6622"
-# Skipping CVE-2023-3022, no affected_versions
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6679"
-# cpe-stable-backport: Backported in 5.15.104
-CVE_CHECK_IGNORE += "CVE-2023-30456"
+# cpe-stable-backport: Backported in 5.15.143
+CVE_CHECK_IGNORE += "CVE-2023-6817"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-30772"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-6915"
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2023-3090"
+# cpe-stable-backport: Backported in 5.15.143
+CVE_CHECK_IGNORE += "CVE-2023-6931"
-# fixed-version: Fixed after version 4.8rc7
-CVE_CHECK_IGNORE += "CVE-2023-3106"
+# cpe-stable-backport: Backported in 5.15.142
+CVE_CHECK_IGNORE += "CVE-2023-6932"
-# Skipping CVE-2023-3108, no affected_versions
+# cpe-stable-backport: Backported in 5.15.153
+CVE_CHECK_IGNORE += "CVE-2023-7042"
-# CVE-2023-31081 has no known resolution
+# cpe-stable-backport: Backported in 5.15.100
+CVE_CHECK_IGNORE += "CVE-2023-7192"
-# CVE-2023-31082 has no known resolution
+# fixed-version: only affects 6.5rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0193"
-# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-0340"
-# CVE-2023-31084 needs backporting (fixed from 6.4rc3)
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0443"
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2023-31085"
+# cpe-stable-backport: Backported in 5.15.64
+CVE_CHECK_IGNORE += "CVE-2024-0562"
-# cpe-stable-backport: Backported in 5.15.63
-CVE_CHECK_IGNORE += "CVE-2023-3111"
+# CVE-2024-0564 has no known resolution
-# cpe-stable-backport: Backported in 5.15.118
-CVE_CHECK_IGNORE += "CVE-2023-3117"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-0565"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-31248"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0582"
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2023-3141"
+# cpe-stable-backport: Backported in 5.15.142
+CVE_CHECK_IGNORE += "CVE-2024-0584"
-# cpe-stable-backport: Backported in 5.15.109
-CVE_CHECK_IGNORE += "CVE-2023-31436"
+# cpe-stable-backport: Backported in 5.15.140
+CVE_CHECK_IGNORE += "CVE-2024-0607"
-# cpe-stable-backport: Backported in 5.15.39
-CVE_CHECK_IGNORE += "CVE-2023-3159"
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2024-0639"
-# cpe-stable-backport: Backported in 5.15.93
-CVE_CHECK_IGNORE += "CVE-2023-3161"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2024-0641"
-# cpe-stable-backport: Backported in 5.15.116
-CVE_CHECK_IGNORE += "CVE-2023-3212"
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2024-0646"
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-3220"
+# cpe-stable-backport: Backported in 5.15.112
+CVE_CHECK_IGNORE += "CVE-2024-0775"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-32233"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-0841"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32247"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-1085"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-32248"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-1086"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32250"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-1151"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32252"
+# CVE-2024-1312 needs backporting (fixed from 6.5rc4)
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32254"
+# CVE-2024-21803 has no known resolution
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32257"
+# CVE-2024-2193 has no known resolution
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-32258"
+# cpe-stable-backport: Backported in 5.15.153
+CVE_CHECK_IGNORE += "CVE-2024-22099"
-# cpe-stable-backport: Backported in 5.15.93
-CVE_CHECK_IGNORE += "CVE-2023-32269"
+# CVE-2024-22386 has no known resolution
-# CVE-2023-32629 has no known resolution
+# cpe-stable-backport: Backported in 5.15.146
+CVE_CHECK_IGNORE += "CVE-2024-22705"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-3268"
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2024-23196"
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-3269"
+# CVE-2024-23307 needs backporting (fixed from 6.9rc1)
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-3312"
+# CVE-2024-23848 has no known resolution
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-3317"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-23849"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-33203"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-23850"
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-33250"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-23851"
-# cpe-stable-backport: Backported in 5.15.105
-CVE_CHECK_IGNORE += "CVE-2023-33288"
+# CVE-2024-24855 needs backporting (fixed from 6.5rc2)
-# cpe-stable-backport: Backported in 5.15.118
-CVE_CHECK_IGNORE += "CVE-2023-3338"
+# CVE-2024-24857 has no known resolution
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-3355"
+# CVE-2024-24858 has no known resolution
-# cpe-stable-backport: Backported in 5.15.86
-CVE_CHECK_IGNORE += "CVE-2023-3357"
+# CVE-2024-24859 has no known resolution
-# cpe-stable-backport: Backported in 5.15.91
-CVE_CHECK_IGNORE += "CVE-2023-3358"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-24860"
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-3359"
+# CVE-2024-24861 needs backporting (fixed from 6.9rc1)
-# CVE-2023-3389 needs backporting (fixed from 6.0rc1)
+# CVE-2024-24864 has no known resolution
-# cpe-stable-backport: Backported in 5.15.118
-CVE_CHECK_IGNORE += "CVE-2023-3390"
+# CVE-2024-25739 has no known resolution
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-33951"
+# CVE-2024-25740 has no known resolution
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-33952"
+# CVE-2024-25741 has no known resolution
-# CVE-2023-3397 has no known resolution
+# CVE-2024-25744 needs backporting (fixed from 6.7rc5)
-# cpe-stable-backport: Backported in 5.15.117
-CVE_CHECK_IGNORE += "CVE-2023-34255"
+# fixed-version: only affects 6.5rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26581"
-# cpe-stable-backport: Backported in 5.15.112
-CVE_CHECK_IGNORE += "CVE-2023-34256"
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26582"
-# fixed-version: only affects 6.1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-34319"
+# CVE-2024-26583 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2023-34324"
+# CVE-2024-26584 needs backporting (fixed from 6.8rc5)
-# CVE-2023-3439 needs backporting (fixed from 5.18rc5)
+# CVE-2024-26585 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-35001"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26586"
-# cpe-stable-backport: Backported in 5.15.93
-CVE_CHECK_IGNORE += "CVE-2023-3567"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26587"
-# CVE-2023-35693 has no known resolution
+# fixed-version: only affects 6.1rc3 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26588"
-# cpe-stable-backport: Backported in 5.15.116
-CVE_CHECK_IGNORE += "CVE-2023-35788"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26589"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-35823"
+# fixed-version: only affects 5.16rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26590"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-35824"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26591"
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-35826"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26592"
-# cpe-stable-backport: Backported in 5.15.136
-CVE_CHECK_IGNORE += "CVE-2023-35827"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26593"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-35828"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26594"
-# cpe-stable-backport: Backported in 5.15.111
-CVE_CHECK_IGNORE += "CVE-2023-35829"
+# CVE-2024-26595 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.118
-CVE_CHECK_IGNORE += "CVE-2023-3609"
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26596"
-# cpe-stable-backport: Backported in 5.15.119
-CVE_CHECK_IGNORE += "CVE-2023-3610"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26597"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-3611"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26598"
-# CVE-2023-3640 has no known resolution
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26599"
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-37453"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26600"
-# CVE-2023-37454 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26601"
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-3772"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26602"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-3773"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26603"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-3776"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26604"
-# cpe-stable-backport: Backported in 5.15.123
-CVE_CHECK_IGNORE += "CVE-2023-3777"
+# fixed-version: only affects 6.7 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26605"
-# cpe-stable-backport: Backported in 5.15.78
-CVE_CHECK_IGNORE += "CVE-2023-3812"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26606"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-38409"
+# CVE-2024-26607 needs backporting (fixed from 6.8rc2)
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2023-38426"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26608"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-38427"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26610"
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2023-38428"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26611"
-# cpe-stable-backport: Backported in 5.15.113
-CVE_CHECK_IGNORE += "CVE-2023-38429"
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26612"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-38430"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26614"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-38431"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26615"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-38432"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26616"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-3863"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26617"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-3865"
+# fixed-version: only affects 6.5rc7 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26618"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-3866"
+# fixed-version: only affects 6.7rc5 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26619"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-3867"
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26620"
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-39189"
+# fixed-version: only affects 6.7 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26621"
-# fixed-version: only affects 5.19rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-39191"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26622"
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-39192"
+# CVE-2024-26623 needs backporting (fixed from 6.8rc3)
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-39193"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26625"
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-39194"
+# fixed-version: only affects 6.8rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26626"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-39197"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26627"
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-39198"
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26629"
-# cpe-stable-backport: Backported in 5.15.123
-CVE_CHECK_IGNORE += "CVE-2023-4004"
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26630"
-# CVE-2023-4010 has no known resolution
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26631"
-# cpe-stable-backport: Backported in 5.15.124
-CVE_CHECK_IGNORE += "CVE-2023-4015"
+# fixed-version: only affects 5.17rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26632"
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-40283"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-26633"
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-40791"
+# fixed-version: only affects 6.6rc7 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26634"
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4128"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26635"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-4132"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26636"
-# CVE-2023-4133 needs backporting (fixed from 6.3)
+# fixed-version: only affects 6.7 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26637"
-# CVE-2023-4134 needs backporting (fixed from 6.5rc1)
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26638"
-# cpe-stable-backport: Backported in 5.15.124
-CVE_CHECK_IGNORE += "CVE-2023-4147"
+# fixed-version: only affects 6.8rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26639"
-# CVE-2023-4155 needs backporting (fixed from 6.5rc6)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26640"
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-4194"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26641"
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4206"
+# CVE-2024-26642 needs backporting (fixed from 6.8)
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4207"
+# fixed-version: only affects 6.5rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26643"
-# cpe-stable-backport: Backported in 5.15.126
-CVE_CHECK_IGNORE += "CVE-2023-4208"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26644"
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-4244"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26645"
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-4273"
+# CVE-2024-26646 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-42752"
+# CVE-2024-26647 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-42753"
+# CVE-2024-26648 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-42754"
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26649"
-# cpe-stable-backport: Backported in 5.15.133
-CVE_CHECK_IGNORE += "CVE-2023-42755"
+# CVE-2024-26650 needs backporting (fixed from 6.8rc2)
-# fixed-version: only affects 6.4rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2023-42756"
+# cpe-stable-backport: Backported in 5.15.153
+CVE_CHECK_IGNORE += "CVE-2024-26651"
-# cpe-stable-backport: Backported in 5.15.46
-CVE_CHECK_IGNORE += "CVE-2023-4385"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26652"
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2023-4387"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26653"
-# cpe-stable-backport: Backported in 5.15.35
-CVE_CHECK_IGNORE += "CVE-2023-4389"
+# CVE-2024-26654 needs backporting (fixed from 6.9rc2)
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-4394"
+# CVE-2024-26655 needs backporting (fixed from 6.9rc2)
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-44466"
+# CVE-2024-26656 needs backporting (fixed from 6.9rc1)
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2023-4459"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26657"
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-4563"
+# CVE-2024-26658 needs backporting (fixed from 6.8rc1)
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-4569"
+# cpe-stable-backport: Backported in 5.15.152
+CVE_CHECK_IGNORE += "CVE-2024-26659"
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-45862"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26660"
-# cpe-stable-backport: Backported in 5.15.99
-CVE_CHECK_IGNORE += "CVE-2023-45863"
+# CVE-2024-26661 needs backporting (fixed from 6.8rc4)
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-45871"
+# CVE-2024-26662 needs backporting (fixed from 6.8rc4)
-# fixed-version: only affects 6.5rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-45898"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26663"
-# fixed-version: only affects 6.4rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-4610"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26664"
-# fixed-version: only affects 6.4rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-4611"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26665"
-# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26666"
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-4623"
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26667"
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-46343"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26668"
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-46813"
+# CVE-2024-26669 needs backporting (fixed from 6.8rc2)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-46838"
+# fixed-version: only affects 6.6rc5 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26670"
-# cpe-stable-backport: Backported in 5.15.140
-CVE_CHECK_IGNORE += "CVE-2023-46862"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26671"
-# CVE-2023-47233 has no known resolution
+# CVE-2024-26672 needs backporting (fixed from 6.8rc1)
-# fixed-version: Fixed after version 5.14rc1
-CVE_CHECK_IGNORE += "CVE-2023-4732"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26673"
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-4881"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26674"
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-4921"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26675"
-# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26676"
-# fixed-version: only affects 6.0rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5090"
+# CVE-2024-26677 needs backporting (fixed from 6.8rc4)
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-51042"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26678"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2023-51043"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26679"
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2023-5158"
+# CVE-2024-26680 needs backporting (fixed from 6.8rc4)
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2023-51779"
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26681"
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-5178"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26682"
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-51780"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26683"
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-51781"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26684"
-# cpe-stable-backport: Backported in 5.15.144
-CVE_CHECK_IGNORE += "CVE-2023-51782"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26685"
-# cpe-stable-backport: Backported in 5.15.134
-CVE_CHECK_IGNORE += "CVE-2023-5197"
+# CVE-2024-26686 needs backporting (fixed from 6.8rc4)
-# cpe-stable-backport: Backported in 5.15.147
-CVE_CHECK_IGNORE += "CVE-2023-52340"
+# CVE-2024-26687 needs backporting (fixed from 6.8rc5)
+
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26688"
# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2023-52429"
+CVE_CHECK_IGNORE += "CVE-2024-26689"
-# fixed-version: only affects 6.5rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52433"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26690"
-# CVE-2023-52434 needs backporting (fixed from 6.7rc6)
+# CVE-2024-26691 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2023-52435"
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26692"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52436"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26693"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52438"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26694"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52439"
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26695"
-# fixed-version: only affects 5.17rc4 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52440"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26696"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-52441"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26697"
-# cpe-stable-backport: Backported in 5.15.145
-CVE_CHECK_IGNORE += "CVE-2023-52442"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26698"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52443"
+# CVE-2024-26699 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52444"
+# CVE-2024-26700 needs backporting (fixed from 6.8rc4)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52445"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26702"
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52446"
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26703"
-# CVE-2023-52447 needs backporting (fixed from 6.8rc1)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26704"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52448"
+# fixed-version: only affects 6.6rc2 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26705"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52449"
+# CVE-2024-26706 needs backporting (fixed from 6.8rc3)
+
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26707"
# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52450"
+CVE_CHECK_IGNORE += "CVE-2024-26708"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52451"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26709"
-# CVE-2023-52452 needs backporting (fixed from 6.8rc1)
+# fixed-version: only affects 6.8rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26710"
# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52453"
+CVE_CHECK_IGNORE += "CVE-2024-26711"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52454"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26712"
-# fixed-version: only affects 6.3rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52455"
+# CVE-2024-26713 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52456"
+# CVE-2024-26714 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52457"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26715"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52458"
+# fixed-version: only affects 6.5rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26716"
-# fixed-version: only affects 6.6rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52459"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26717"
-# fixed-version: only affects 6.7rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52460"
+# CVE-2024-26718 needs backporting (fixed from 6.8rc3)
-# fixed-version: only affects 6.7rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52461"
+# CVE-2024-26719 needs backporting (fixed from 6.8rc3)
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-52462"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26720"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52463"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26721"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-52464"
+# fixed-version: only affects 6.7rc5 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26722"
# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5345"
+CVE_CHECK_IGNORE += "CVE-2024-26723"
-# fixed-version: only affects 6.2 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5633"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26724"
-# cpe-stable-backport: Backported in 5.15.137
-CVE_CHECK_IGNORE += "CVE-2023-5717"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26725"
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-5972"
+# CVE-2024-26726 needs backporting (fixed from 6.8rc5)
-# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26727"
-# cpe-stable-backport: Backported in 5.15.147
-CVE_CHECK_IGNORE += "CVE-2023-6040"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26728"
-# fixed-version: only affects 6.6rc3 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6111"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26729"
-# cpe-stable-backport: Backported in 5.15.141
-CVE_CHECK_IGNORE += "CVE-2023-6121"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26730"
-# cpe-stable-backport: Backported in 5.15.132
-CVE_CHECK_IGNORE += "CVE-2023-6176"
+# fixed-version: only affects 6.4rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26731"
-# fixed-version: only affects 6.6rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6200"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26732"
-# CVE-2023-6238 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26733"
-# CVE-2023-6240 has no known resolution
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26734"
-# CVE-2023-6270 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26735"
-# CVE-2023-6356 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26736"
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6531"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26737"
-# CVE-2023-6535 has no known resolution
+# CVE-2024-26738 needs backporting (fixed from 6.8rc6)
-# CVE-2023-6536 has no known resolution
+# CVE-2024-26739 needs backporting (fixed from 6.8rc6)
-# cpe-stable-backport: Backported in 5.15.128
-CVE_CHECK_IGNORE += "CVE-2023-6546"
+# CVE-2024-26740 needs backporting (fixed from 6.8rc6)
-# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
+# fixed-version: only affects 6.1rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26741"
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2023-6606"
+# fixed-version: only affects 6.0rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26742"
-# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26743"
-# cpe-stable-backport: Backported in 5.15.143
-CVE_CHECK_IGNORE += "CVE-2023-6622"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26744"
-# fixed-version: only affects 6.7rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6679"
+# CVE-2024-26745 needs backporting (fixed from 6.8rc7)
-# cpe-stable-backport: Backported in 5.15.143
-CVE_CHECK_IGNORE += "CVE-2023-6817"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26746"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2023-6915"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26747"
-# cpe-stable-backport: Backported in 5.15.143
-CVE_CHECK_IGNORE += "CVE-2023-6931"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26748"
-# cpe-stable-backport: Backported in 5.15.142
-CVE_CHECK_IGNORE += "CVE-2023-6932"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26749"
-# CVE-2023-7042 has no known resolution
+# fixed-version: only affects 6.8rc5 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26750"
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-7192"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26751"
-# fixed-version: only affects 6.5rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0193"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26752"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-0340"
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26753"
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0443"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26754"
-# cpe-stable-backport: Backported in 5.15.64
-CVE_CHECK_IGNORE += "CVE-2024-0562"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26755"
-# CVE-2024-0564 has no known resolution
+# CVE-2024-26756 needs backporting (fixed from 6.8rc6)
-# CVE-2024-0565 needs backporting (fixed from 6.7rc6)
+# CVE-2024-26757 needs backporting (fixed from 6.8rc6)
-# fixed-version: only affects 6.4rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0582"
+# CVE-2024-26758 needs backporting (fixed from 6.8rc6)
-# cpe-stable-backport: Backported in 5.15.142
-CVE_CHECK_IGNORE += "CVE-2024-0584"
+# CVE-2024-26759 needs backporting (fixed from 6.8rc6)
-# cpe-stable-backport: Backported in 5.15.140
-CVE_CHECK_IGNORE += "CVE-2024-0607"
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26760"
-# cpe-stable-backport: Backported in 5.15.121
-CVE_CHECK_IGNORE += "CVE-2024-0639"
+# fixed-version: only affects 5.19rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26761"
-# cpe-stable-backport: Backported in 5.15.135
-CVE_CHECK_IGNORE += "CVE-2024-0641"
+# fixed-version: only affects 6.7rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26762"
-# cpe-stable-backport: Backported in 5.15.147
-CVE_CHECK_IGNORE += "CVE-2024-0646"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26763"
-# cpe-stable-backport: Backported in 5.15.112
-CVE_CHECK_IGNORE += "CVE-2024-0775"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26764"
-# CVE-2024-0841 has no known resolution
+# CVE-2024-26765 needs backporting (fixed from 6.8rc6)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-1085"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26766"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-1086"
+# CVE-2024-26767 needs backporting (fixed from 6.8rc5)
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-1151"
+# CVE-2024-26768 needs backporting (fixed from 6.8rc4)
-# CVE-2024-1312 needs backporting (fixed from 6.5rc4)
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26769"
-# CVE-2024-21803 has no known resolution
+# CVE-2024-26770 needs backporting (fixed from 6.8rc3)
-# CVE-2024-22099 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26771"
-# CVE-2024-22386 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26772"
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2024-22705"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26773"
-# CVE-2024-23196 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26774"
-# CVE-2024-23307 has no known resolution
+# CVE-2024-26775 needs backporting (fixed from 6.8rc2)
-# CVE-2024-23848 has no known resolution
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26776"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-23849"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26777"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-23850"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26778"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-23851"
+# cpe-stable-backport: Backported in 5.15.150
+CVE_CHECK_IGNORE += "CVE-2024-26779"
-# CVE-2024-24855 needs backporting (fixed from 6.5rc2)
+# fixed-version: only affects 6.8rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26780"
-# CVE-2024-24857 has no known resolution
+# fixed-version: only affects 6.8rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26781"
-# CVE-2024-24858 has no known resolution
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26782"
-# CVE-2024-24859 has no known resolution
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26783"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-24860"
+# CVE-2024-26784 needs backporting (fixed from 6.8rc7)
-# CVE-2024-24861 has no known resolution
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26785"
-# CVE-2024-24864 has no known resolution
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26786"
-# CVE-2024-25739 has no known resolution
+# cpe-stable-backport: Backported in 5.15.152
+CVE_CHECK_IGNORE += "CVE-2024-26787"
-# CVE-2024-25740 has no known resolution
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26788"
-# CVE-2024-25741 has no known resolution
+# CVE-2024-26789 needs backporting (fixed from 6.8rc7)
-# CVE-2024-25744 needs backporting (fixed from 6.7rc5)
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26790"
-# fixed-version: only affects 6.5rc4 onwards
-CVE_CHECK_IGNORE += "CVE-2024-26581"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26791"
-# fixed-version: only affects 6.0rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-26582"
+# fixed-version: only affects 6.8rc4 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26792"
-# CVE-2024-26583 needs backporting (fixed from 6.8rc5)
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26793"
-# CVE-2024-26584 needs backporting (fixed from 6.8rc5)
+# fixed-version: only affects 6.8rc6 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26794"
-# CVE-2024-26585 needs backporting (fixed from 6.8rc5)
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26795"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-26586"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26796"
-# CVE-2024-26587 needs backporting (fixed from 6.8rc1)
+# CVE-2024-26797 needs backporting (fixed from 6.8rc7)
-# CVE-2024-26588 needs backporting (fixed from 6.8rc1)
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26798"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-26589"
+# fixed-version: only affects 5.18rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26799"
-# fixed-version: only affects 5.16rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-26590"
+# fixed-version: only affects 6.8rc5 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26800"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-26591"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26801"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-26592"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26802"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-26593"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26803"
-# cpe-stable-backport: Backported in 5.15.149
-CVE_CHECK_IGNORE += "CVE-2024-26594"
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26804"
-# CVE-2024-26595 needs backporting (fixed from 6.8rc1)
+# cpe-stable-backport: Backported in 5.15.151
+CVE_CHECK_IGNORE += "CVE-2024-26805"
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-26596"
+# CVE-2024-26806 needs backporting (fixed from 6.8rc7)
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-26597"
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-26807"
-# cpe-stable-backport: Backported in 5.15.148
-CVE_CHECK_IGNORE += "CVE-2024-26598"
+# cpe-stable-backport: Backported in 5.15.149
+CVE_CHECK_IGNORE += "CVE-2024-26808"
-# fixed-version: only affects 5.17rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-26599"
+# cpe-stable-backport: Backported in 5.15.153
+CVE_CHECK_IGNORE += "CVE-2024-26809"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 16/23] linux-yocto/5.15: update to v5.15.156
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (14 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 15/23] linux-yocto/5.15: update CVE exclusions (5.15.155) Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 17/23] linux-yocto/5.15: update CVE exclusions (5.15.156) Steve Sakoman
` (6 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
b8086c3c1548 reiserfs: Avoid touching renamed directory if parent does not change
ea091017ef62 ipv6: Fix data races around sk->sk_prot.
ff8710da80ee ipv6: annotate some data-races around sk->sk_prot
e8c2eafaaa6a tcp: Fix data races around icsk->icsk_af_ops.
c52b9710c83d Linux 5.15.156
88168b947c34 drm/i915/cdclk: Fix CDCLK programming order when pipes are active
b2bf58581baa x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI
d315f5eba585 x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
ebba2270ab74 x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
e47d1cbde759 x86/bugs: Fix BHI handling of RRSBA
b4f2718f3d9b x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
c768db14db8e x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
145d9930a151 x86/bugs: Fix BHI documentation
2c761457ef18 x86/bugs: Fix return type of spectre_bhi_state()
c6fd0e4f0069 irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
69843741d64f x86/apic: Force native_apic_mem_read() to use the MOV instruction
c2981e32cf46 selftests: timers: Fix abs() warning in posix_timers test
70688450ddda x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n
e8f4a290abe9 perf/x86: Fix out of range data
acf9b01d344f vhost: Add smp_rmb() in vhost_vq_avail_empty()
d2dc6600d4e3 drm/client: Fully protect modes[] with dev->mode_config.mutex
773d38f42bbe btrfs: qgroup: correctly model root qgroup rsv in convert
23b57c556609 iommu/vt-d: Allocate local memory for page request queue
81f3ad644fbf tracing: hide unused ftrace_event_id_fops
fdfbf54d128a net: ena: Fix incorrect descriptor free behavior
ec25a9ce095a net: ena: Wrong missing IO completions check order
e667a05cbb39 net: ena: Fix potential sign extension issue
e76c2678228f af_unix: Fix garbage collector racing against connect()
37120fa8d92a af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
22641478d80f net: dsa: mt7530: trap link-local frames regardless of ST Port State
26515606ecb5 net: sparx5: fix wrong config being used when reconfiguring PCS
7aaee12b804c net/mlx5: Properly link new fs rules into the tree
97dab36e57c6 netfilter: complete validation of user input
4b19e9507c27 ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
6179cdbfe05d ipv4/route: avoid unused-but-set-variable warning
ed94af8d07d5 ipv6: fib: hide unused 'pn' variable
98b3e282623f octeontx2-af: Fix NIX SQ mode and BP config
b4bc99d04c68 af_unix: Clear stale u->oob_skb.
3c1ae6de74e3 geneve: fix header validation in geneve[6]_xmit_skb
f0a068de65d5 xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
a9dca26b745e u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates.
11e04135b087 net: openvswitch: fix unwanted error log on timeout policy probing
8c820f7c8e9b scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
5562dbfcf59b nouveau: fix function cast warning
8d278fc34cdd Revert "drm/qxl: simplify qxl_fence_wait"
42beda7db44f arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order
cc7b83f04b43 media: cec: core: remove length check of Timer Status
75193678cce9 Bluetooth: Fix memory leak in hci_req_sync_complete()
53e494b7bc43 ring-buffer: Only update pages_touched when a new page is touched
87b6af1a7683 batman-adv: Avoid infinite loop trying to resize local TT
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index f6ff6ede18..426266e9a5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "450d764329026c622d2fcc8e0841ee8c003deb48"
-SRCREV_meta ?= "9f60e205e8e28fdf90fbceb54c6ed2aec0b42ed3"
+SRCREV_machine ?= "82bab3e1d1637710832e9fe0a222d876b5f9e9e2"
+SRCREV_meta ?= "1427f4d13f99b5b3811ef5f4207b6ff43cf1771a"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.155"
+LINUX_VERSION ?= "5.15.156"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 6e59eb6ceb..1ea634f2e1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.155"
+LINUX_VERSION ?= "5.15.156"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "b662753bbd1caacf51d1cef578eceb1b58a753f0"
-SRCREV_meta ?= "9f60e205e8e28fdf90fbceb54c6ed2aec0b42ed3"
+SRCREV_machine ?= "a94a5a767e0b0014c4d1f4ac6587bd30af2b18d5"
+SRCREV_meta ?= "1427f4d13f99b5b3811ef5f4207b6ff43cf1771a"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index b6d7fbf7c1..0601353e1c 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "699ce07e7326d5a4143655ab8416bf7b8d641260"
-SRCREV_machine:qemuarm64 ?= "1f8f9d20707574ce56ab3ada6554c2a9cbce55fb"
-SRCREV_machine:qemumips ?= "5eeedd87a05a973e797357c61564c2e82cff7755"
-SRCREV_machine:qemuppc ?= "5f854a0765bf57db2289780152651d2b463fb41e"
-SRCREV_machine:qemuriscv64 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
-SRCREV_machine:qemuriscv32 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
-SRCREV_machine:qemux86 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
-SRCREV_machine:qemux86-64 ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
-SRCREV_machine:qemumips64 ?= "9aa2c6f70ea08ee03c53ed3a96b91907db782dd8"
-SRCREV_machine ?= "97a728f8e22ebd7ed35066e01060e97b4a89da05"
-SRCREV_meta ?= "9f60e205e8e28fdf90fbceb54c6ed2aec0b42ed3"
+SRCREV_machine:qemuarm ?= "7125a4b2f341b906fa6ad96d7b5caab2fe031b40"
+SRCREV_machine:qemuarm64 ?= "a71076982c5b7d5f38a7c00ab4fd6f4f907e267d"
+SRCREV_machine:qemumips ?= "0d5ad939681fe4971f4895b909554d755ba72d66"
+SRCREV_machine:qemuppc ?= "46ff907d522c13b8f6fab5a0da95f7a9807e2595"
+SRCREV_machine:qemuriscv64 ?= "70388803a5a55f986721232d0160381bb8097ba3"
+SRCREV_machine:qemuriscv32 ?= "70388803a5a55f986721232d0160381bb8097ba3"
+SRCREV_machine:qemux86 ?= "70388803a5a55f986721232d0160381bb8097ba3"
+SRCREV_machine:qemux86-64 ?= "70388803a5a55f986721232d0160381bb8097ba3"
+SRCREV_machine:qemumips64 ?= "a1357daf3592cb612b67058e401d5b05aebde45e"
+SRCREV_machine ?= "70388803a5a55f986721232d0160381bb8097ba3"
+SRCREV_meta ?= "1427f4d13f99b5b3811ef5f4207b6ff43cf1771a"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "fa3df276cd36c5dbbd9deb64129d0d0f14c35dc8"
+SRCREV_machine:class-devupstream ?= "c52b9710c83d3b8ab63bb217cc7c8b61e13f12cd"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.155"
+LINUX_VERSION ?= "5.15.156"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 17/23] linux-yocto/5.15: update CVE exclusions (5.15.156)
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (15 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 16/23] linux-yocto/5.15: update to v5.15.156 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 18/23] linux-yocto/5.15: update to v5.15.157 Steve Sakoman
` (5 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.luedtke@uwalumni.com
Subject: Update 8Apr24
Date: Tue, 9 Apr 2024 18:19:11 -0400
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/cve-exclusion_5.15.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 3cbbce59ac..78ff1365db 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-04-15 16:35:38.699381 for version 5.15.155
+# Generated at 2024-04-25 15:13:47.533247 for version 5.15.156
python check_kernel_cve_status_version() {
- this_version = "5.15.155"
+ this_version = "5.15.156"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 18/23] linux-yocto/5.15: update to v5.15.157
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (16 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 17/23] linux-yocto/5.15: update CVE exclusions (5.15.156) Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 19/23] linux-yocto/5.15: update CVE exclusions (5.15.157) Steve Sakoman
` (4 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/5.15 to the latest korg -stable release that comprises
the following commits:
b925f60c6ee7 Linux 5.15.157
d564809f27ea net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards
eb6535c6f7c2 net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530
63ba7a80d6e2 net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
84b7f50e631a net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP
bdbe483da21f nilfs2: fix OOB in nilfs_set_de_type
3ab056814cd8 nouveau: fix instmem race condition around ptr stores
49c9958cf0a2 drm/vmwgfx: Sort primary plane formats by order of preference
8b12fc7b0326 drm/amdgpu: validate the parameters of bo mapping operations more clearly
a2fd6dbc98be binder: check offset alignment in binder_get_object()
0dc727a4e054 init/main.c: Fix potential static_command_line memory overflow
813f5213f2c6 arm64: hibernate: Fix level3 translation fault in swsusp_save()
f5a55db79bf7 KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
7169354120d8 KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible
43f00210cb25 fs: sysfs: Fix reference leak in sysfs_break_active_protection()
0d130158db29 speakup: Avoid crash on very long word
d8a2225f7dfa mei: me: disable RPL-S on SPS and IGN firmwares
7f67c2020cb0 usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error
75ceeadfab1c usb: Disable USB3 LPM at shutdown
8aa5c28ac65c usb: dwc2: host: Fix dereference issue in DDMA completion flow.
7182175f565f Revert "usb: cdc-wdm: close race between read and workqueue"
def039849617 USB: serial: option: add Telit FN920C04 rmnet compositions
cd27cf1ec66d USB: serial: option: add Rolling RW101-GL and RW135-GL support
c48d624bbbad USB: serial: option: support Quectel EM060K sub-models
3338a967ca08 USB: serial: option: add Lonsung U8300/U9300 product
e94566d88701 USB: serial: option: add support for Fibocom FM650/FG650
6b5043463619 USB: serial: option: add Fibocom FM135-GL variants
7a3bbe41efa5 serial/pmac_zilog: Remove flawed mitigation for rx irq flood
b0b268eeb087 comedi: vmk80xx: fix incomplete endpoint checking
e39fae579d17 thunderbolt: Fix wake configurations after device unplug
62e0a5d4d4de thunderbolt: Avoid notify PM core about runtime PM resume
4291a6233ba8 x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
0be237b6b753 x86/bugs: Fix BHI retpoline check
a29ec0465dce clk: Get runtime PM before walking tree during disable_unused
db7c0ef4afea clk: Initialize struct clk_core kref earlier
bc6d766991e1 clk: Print an info line before disabling unused clocks
f3d89bc7dd65 clk: remove extra empty line
bdd70c8b02e7 clk: Mark 'all_lists' as const
3254a1f27952 clk: Remove prepare_lock hold assertion in __clk_release()
ce77f3beed02 drm/panel: visionox-rm69299: don't unregister DSI device
df0991da7db8 drm: nv04: Fix out of bounds access
3076b3c38a70 s390/cio: fix race condition during online processing
498f7b8037da s390/qdio: handle deferred cc1
45d70025006c RDMA/mlx5: Fix port number for counter query in multi-port configuration
8261489de3af RDMA/cm: Print the old state when cm_destroy_id gets timeout
2973b4a5eae7 RDMA/rxe: Fix the problem "mutex_destroy missing"
831157756e3c net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them
9495b7a412e3 net: dsa: mt7530: fix mirroring frames received on local port
a50dbeca28ac tun: limit printing rate when illegal packet received by tun dev
ae3f9e1221b3 af_unix: Don't peek OOB data without MSG_OOB.
1738dfe72c52 af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
e719b52d0c56 netfilter: flowtable: incorrect pppoe tuple
d06977b9a410 netfilter: flowtable: validate pppoe header
5345d78ae64d netfilter: nf_flow_table: count pending offload workqueue tasks
7a1679e2d9bf netfilter: nft_set_pipapo: do not free live element
dceb683ab87c netfilter: br_netfilter: skip conntrack input hook for promisc packets
379bf7257bc5 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
0b6de00206ad netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
fc1021337e59 Revert "lockd: introduce safe async lock op"
2a3073d58382 Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
2df2dd27066c kprobes: Fix possible use-after-free issue on kprobe registration
1253e34a548f bpf: Fix ringbuf memory type confusion when passing to helpers
cc9ac419351b bpf: Fix out of bounds access for ringbuf helpers
adc2d11b86ea bpf: Generally fix helper register offset check
0c261cbc29a6 bpf: Generalize check_ctx_reg for reuse with other types
1b661661642d bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support
621bbe924c68 selftests/ftrace: Limit length in subsystem-enable tests
edfaf679b7c3 SUNRPC: Fix rpcgss_context trace event acceptor field
2364d0278fe1 btrfs: record delayed inode root in transaction
747228929b32 ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
88b7f1143b15 ksmbd: validate payload size in ipc response
044b3d6c94c6 ksmbd: don't send oplock break if rename fails
b8086c3c1548 reiserfs: Avoid touching renamed directory if parent does not change
ea091017ef62 ipv6: Fix data races around sk->sk_prot.
ff8710da80ee ipv6: annotate some data-races around sk->sk_prot
e8c2eafaaa6a tcp: Fix data races around icsk->icsk_af_ops.
8d1bab770956 locking/rwsem: Disable preemption while trying for rwsem lock
7c82dac02886 block, loop: support partitions without scanning
45f504f301d4 bpftool: Fix pretty print dump for maps without BTF loaded
1f24338cb789 jbd2: Drop the merge conflicted hunk
e1d0e3c51bde tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
1abe841fe331 tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
6224acfc1d56 tpm: Add flag to use default cancellation policy
1cd19d48fb90 tpm: tis_i2c: Fix sanity check interrupt enable mask
a883da132fa8 tpm: Add tpm_tis_i2c backend for tpm_tis_core
a742ac8a1c51 tpm: Add tpm_tis_verify_crc to the tpm_tis_phy_ops protocol layer
ef495c5f45f2 tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
1f3be2e23aa6 gcc-plugins: Reorganize gimple includes for GCC 13
24615a3b932a ata: ahci: fix enum constants for gcc-13
5d6cb145541a net: stmmac: Enable mac_managed_pm phylink config
fd93aabb4287 tools/resolve_btfids: Use pkg-config to locate libelf
130f9da78406 tools/resolve_btfids: Build with host flags
00f2f1a782f9 tools/resolve_btfids: Support cross-building the kernel with clang
17776a4ba9c2 tools/resolve_btfids: Install libbpf headers when building
7c9808380d70 libbpf: Make libbpf_version.h non-auto-generated
37ae1ba791ac libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations
a2667e6d7314 drm/radeon: free iio for atombios when driver shutdown
f100c753aa1f powerpc: Fix reschedule bug in KUAP-unlocked user copy
da5513f30187 libbpf: Fix build warning on ref_ctr_off
4c5a089621a8 perf python: Account for multiple words in CC
1c5699ee85d4 fs: move S_ISGID stripping into the vfs_*() helpers
838f5d0701d8 fs: add mode_strip_sgid() helper
d97172683641 squashfs: provide backing_dev_info in order to disable read-ahead
ed037d7be40c irq_work: use kasan_record_aux_stack_noalloc() record callstack
1363bd7dbde3 ixgbevf: add disable link state
e5601ae2bd24 ixgbe: add improvement for MDD response functionality
caa57cd80575 ixgbe: add the ability for the PF to disable VF link state
16a77bfcc7df Check /dev/console using init_stat()
04574fd5579a tracing/arm: Have max stack tracer handle the case of return address after data
0e51e5717018 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
1e6b7da6ddba drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
493160901320 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
04224f725aa3 irqchip/gic-v3-its: Skip HP notifier when no ITS is registered
6f6c2996a81c irqchip/gic-v3-its: Postpone LPI pending table freeing and memreserve
1fa94473423f irqchip/gic-v3-its: Give the percpu rdist struct its own flags field
6013d1ae5feb cert host tools: Stop complaining about deprecated OpenSSL functions
efe20512212b init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
a40d2daf2795 pnmtologo: use relocatable file name
3b40d5b41155 of: configfs: remove unused variable overlay_lock
6c085baf1838 tools: use basename to identify file in gen-mach-types
2fca0fd71981 lib/build_OID_registry: fix reproducibility issues
0f586f4ee8ad vt/conmakehash: improve reproducibility
a75774679f28 OF: DT-Overlay configfs interface (v8)
d179c639b30b x86/boot: Wrap literal addresses in absolute_pointer()
856ec356cf91 ACPI: thermal: drop an always true check
7614af249993 xfs: Fix -Werror=dangling-pointer work-around for older GCC
41470215f97e xfs: Work around GCC 12 -Werror=dangling-pointer for xfs_attr_remote.o
44a445c1922d virtio-pci: Remove wrong address verification in vp_del_vqs()
77aa9e489eaf bpf: Disallow unprivileged bpf by default
ebfb1822e9f9 fs/aufs: fixup 5.15.36 fixups
4eba9348d3e2 Revert "Revert "fbdev: Hot-unplug firmware fb devices on forced removal""
5df6d1b00f95 jbd2: fix use-after-free of transaction_t race
2d83e8196487 jbd2: refactor wait logic for transaction updates into a common function
07a63f760793 netfilter: conntrack: avoid useless indirection during conntrack destruction
4e7122625996 Revert "fbdev: Hot-unplug firmware fb devices on forced removal"
7ba4cb36fd4f rcu: Avoid alloc_pages() when recording stack
f78574dee71e kasan: test: silence intentional read overflow warnings
d313cb89b6b1 kasan: arm64: fix pcpu_page_first_chunk crash with KASAN_VMALLOC
5e279d5647cc arm64: support page mapping percpu first chunk allocator
e5bf16752dca vmalloc: choose a better start address in vm_area_register_early()
660b3d21b46f kasan: test: bypass __alloc_size checks
00aa7573e53a kasan: test: add memcpy test that avoids out-of-bounds write
67becf0b1bd4 kasan: fix tag for large allocations when using CONFIG_SLAB
bedf1e033213 workqueue, kasan: avoid alloc_pages() when recording stack
7195b67ce69b kasan: generic: introduce kasan_record_aux_stack_noalloc()
bdff763f0e29 kasan: common: provide can_alloc in kasan_save_stack()
51423ebb36ad lib/stackdepot: introduce __stack_depot_save()
85373e66d847 lib/stackdepot: remove unused function argument
5b6cc9b251f3 lib/stackdepot: include gfp.h
c9f3902d8069 aufs: reduce overhead for "code present but disabled" use case.
b98d189df02c aufs: bugfix, umount passes NULL to ->parse_monolithic()
13b883cbbbd9 aufs standalone: cosmetic, missing copyright sentence
21f8b0d81898 aufs: 5.15.5-20220117 ---> 5.15.5-20220221
6199fd896645 aufs: tiny, headers after fs_context
8ddb40e31c29 aufs: fs_context 7/7, finally remount
69035f71c6fd aufs: fs_context 6/7, now mount
bc841b970697 aufs: fs_context 5/7, parse all other mount options
435188053da2 aufs: fs_context 4/7, parse xino options
9af1f1825cbd aufs: fs_context 3/7, parse the branch-management options
1c05eb767f8c aufs: fs_context 2/7, parse "br" mount option
a8488f603134 aufs: fs_context 1/7, skelton of the new shceme
8e32e0015564 aufs: pre fs_context, convert a static flag to a macro
f90cb4144aec aufs: pre fs_context, support the incomplete sb and sbinfo case
948762ef859c aufs: pre fs_context, convert the type of alloc_sbinfo()
77151a08776b aufs: 5.15.5-20211129 ---> 5.15.5-20220117
2539adbbbe1e aufs: 5.14-20211018 ---> 5.15.5-20211129
7d32b25193c4 aufs: for v5.15-rc1, sync_inode() is gone
66ec0c509225 aufs: for v5.15-rc1, new param 'rcu' for ->get_acl()
69709dc518cd aufs: for v5.15-rc1, no mand-lock anymore
ada8fe9543e5 aufs: 5.14-20210906 ---> 5.14-20211018
b77f7f3f394a Revert "aufs: adjust to v5.15 fs changes"
81bdce5b5876 tick/nohz: WARN_ON --> WARN_ON_ONCE to prevent console saturation
97c963889222 sched/isolation: really align nohz_full with rcu_nocbs
871f23ad3627 Revert "ARM: defconfig: Enable ax88796c driver for Exynos boards"
ffad0783dd5b ARM: config: multi v7: Regenerate defconifg
5c1e1a1ff2d3 ARM: config: multi v7: Add renamed symbols
badaf96564fe ARM: config: multi v7: Clean up enabled by default options
34996040fc9b ARM: config: multi v7: Drop unavailable options
7f685244afb3 powerpc/mm: Switch obsolete dssall to .long
20301aeb1a64 riscv: fix build with binutils 2.38
9df58d070506 powerpc/lib/sstep: fix 'ptesync' build error
720b61fc400b x86_64_defconfig: Fix warnings
02bf23d26bc4 arm64: defconfig: cleanup config options
05914e2c87e5 arm: defconfig: drop unused POWER_AVS option
ffb532fa19b9 aufs5: fix build against v5.15.3+
a4b3abf4d96d qemux86: add configuration symbol to select values
fee94ee09154 clear_warn_once: add a clear_warn_once= boot parameter
3d8762d900d9 clear_warn_once: bind a timer to written reset value
95faacac47e8 clear_warn_once: expand debugfs to include read support
de20c4240018 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
0e4aacead9c1 perf: x86-32: explicitly include <errno.h>
9ad92c11468e perf: mips64: Convert __u64 to unsigned long long
09e7efe3e68a perf: fix bench numa compilation
e79becc44fa6 perf: add SLANG_INC for slang.h
b1033b588681 perf: add sgidefs.h to for mips builds
cf9db484ac0b perf: change --root to --prefix for python install
7fd052c2c562 perf: add 'libperl not found' warning
27a437cdd469 perf: force include of <stdbool.h>
3b99d21bec2f fat: don't use obsolete random32 call in namei_vfat
a7e9293b506b FAT: Added FAT_NO_83NAME
6fd0e71d9e5c FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
c379b0d324ae FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
538be0fdb124 aufs: adjust to v5.15 fs changes
f45da75c8759 aufs5: core
047f57e07e01 aufs5: standalone
029fc15574c8 aufs5: mmap
610d0192ee94 aufs5: base
d4e428d0ec5f aufs5: kbuild
eb067eca251a yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
286af18d0875 yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
24d59a4e26a6 yaffs2: v5.12+ build fixups (not runtime tested)
22c73536d5d7 yaffs: include blkdev.h
506b7251bfb8 yaffs: fix misplaced variable declaration
a0e26ff364dc yaffs2: v5.6 build fixups
b10b1b2d169e yaffs2: fix memory leak when /proc/yaffs is read
ad9adccbb214 yaffs: add strict check when call yaffs_internal_read_super
2e3c3aec8279 yaffs: repair yaffs_get_mtd_device
d662538516a7 yaffs: Fix build failure by handling inode i_version with proper atomic API
70a6113ee2c7 yaffs2: fix memory leak in mount/umount
3378e4a9e404 yaffs: Avoid setting any ACL releated xattr
ec2284edddef Yaffs:check oob size before auto selecting Yaffs1
c2a49874051c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
e9a5105a3e73 yaffs2: adjust to proper location of MS_RDONLY
608807406f13 yaffs2: import git revision b4ce1bb (jan, 2020)
89e660ece42c initramfs: allow an optional wrapper script around initramfs generation
b179dbc9aa10 iwlwifi: select MAC80211_LEDS conditionally
3fd5ca3673d0 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
d1f6edbf0188 arm64/perf: Fix wrong cast that may cause wrong truncation
d202fb2caf33 defconfigs: drop obselete options
9a27e3b5f4e7 arm64/perf: fix backtrace for AAPCS with FP enabled
e20d8cf019b4 linux-yocto: Handle /bin/awk issues
b6d2a3dbbd3a uvesafb: provide option to specify timeout for task completion
adb40f1e6a1a uvesafb: print error message when task timeout occurs
f280a1ed0962 compiler.h: Undef before redefining __attribute_const__
4352732f268c vmware: include jiffies.h
7954a677968d Resolve jiffies wrapping about arp
5f28a1035d95 nfs: Allow default io size to be configured.
0d7260ad7106 check console device file on fs when booting
900a12e37e0a mount_root: clarify error messages for when no rootfs found
7b878cbea726 menuconfig,mconf-cfg: Allow specification of ncurses location
6604fc1763b3 modpost: mask trivial warnings
0d294adb09cb kbuild: exclude meta directory from distclean processing
a097cdd95a9e powerpc: serialize image targets
5db6ec39a0a3 arm: serialize build targets
cbabca27905e crtsavres: fixups for 5.4+
7fc7656ed403 powerpc/ptrace: Disable array-bounds warning with gcc8
a5faac5a19a2 powerpc: Disable attribute-alias warnings from gcc8
186c54665b67 powerpc: add crtsavres.o to archprepare for kbuild
d1ea862964ca powerpc: kexec fix for powerpc64
2ac35b89a0f9 powerpc: Add unwind information for SPE registers of E500 core
2e1c348a28bb mips: vdso: fix 'jalr $t9' crash in vdso code
ec57870b303a mips: Kconfig: add QEMUMIPS64 option
6a81b3c08107 4kc cache tlb hazard: tlbp cache coherency
74e3b2a21e54 malta uhci quirks: make allowance for slow 4k(e)c
22e65b63d3b4 arm/Makefile: Fix systemtap
b7f1ab59f19e vexpress: Pass LOADADDR to Makefile
ce2800c73bf7 arm: ARM EABI socketcall
019d142fd956 ARM: LPAE: Invalidate the TLB for module addresses during translation fault
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_5.15.bb | 6 ++---
.../linux/linux-yocto-tiny_5.15.bb | 6 ++---
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +++++++++----------
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 426266e9a5..91bf0350d5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "82bab3e1d1637710832e9fe0a222d876b5f9e9e2"
-SRCREV_meta ?= "1427f4d13f99b5b3811ef5f4207b6ff43cf1771a"
+SRCREV_machine ?= "f8d4297d452f7c832d90bfb992d90db2e30ffc23"
+SRCREV_meta ?= "21fd5becb1ed083a28e57af46709578f83dd2910"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.15.156"
+LINUX_VERSION ?= "5.15.157"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 1ea634f2e1..722523ced9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -5,7 +5,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.15.156"
+LINUX_VERSION ?= "5.15.157"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -14,8 +14,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "a94a5a767e0b0014c4d1f4ac6587bd30af2b18d5"
-SRCREV_meta ?= "1427f4d13f99b5b3811ef5f4207b6ff43cf1771a"
+SRCREV_machine ?= "7a8fce8cbd9a8a7d68a0c2537141c85d63f6eda3"
+SRCREV_meta ?= "21fd5becb1ed083a28e57af46709578f83dd2910"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 0601353e1c..6784703ce2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -14,24 +14,24 @@ KBRANCH:qemux86 ?= "v5.15/standard/base"
KBRANCH:qemux86-64 ?= "v5.15/standard/base"
KBRANCH:qemumips64 ?= "v5.15/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "7125a4b2f341b906fa6ad96d7b5caab2fe031b40"
-SRCREV_machine:qemuarm64 ?= "a71076982c5b7d5f38a7c00ab4fd6f4f907e267d"
-SRCREV_machine:qemumips ?= "0d5ad939681fe4971f4895b909554d755ba72d66"
-SRCREV_machine:qemuppc ?= "46ff907d522c13b8f6fab5a0da95f7a9807e2595"
-SRCREV_machine:qemuriscv64 ?= "70388803a5a55f986721232d0160381bb8097ba3"
-SRCREV_machine:qemuriscv32 ?= "70388803a5a55f986721232d0160381bb8097ba3"
-SRCREV_machine:qemux86 ?= "70388803a5a55f986721232d0160381bb8097ba3"
-SRCREV_machine:qemux86-64 ?= "70388803a5a55f986721232d0160381bb8097ba3"
-SRCREV_machine:qemumips64 ?= "a1357daf3592cb612b67058e401d5b05aebde45e"
-SRCREV_machine ?= "70388803a5a55f986721232d0160381bb8097ba3"
-SRCREV_meta ?= "1427f4d13f99b5b3811ef5f4207b6ff43cf1771a"
+SRCREV_machine:qemuarm ?= "b844615e2b799c40eac746cd24e009b620114230"
+SRCREV_machine:qemuarm64 ?= "aeb63de10514b28d35049f285ae9a371d6d5ccd2"
+SRCREV_machine:qemumips ?= "3740052e902e15416c22ce7f2544de7afe83a845"
+SRCREV_machine:qemuppc ?= "167c9e8d0e760cfb299408647efe46214fd06ac0"
+SRCREV_machine:qemuriscv64 ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
+SRCREV_machine:qemuriscv32 ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
+SRCREV_machine:qemux86 ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
+SRCREV_machine:qemux86-64 ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
+SRCREV_machine:qemumips64 ?= "d34e0789d8d5e0d7ab521889e80967edcac38dc6"
+SRCREV_machine ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
+SRCREV_meta ?= "21fd5becb1ed083a28e57af46709578f83dd2910"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "c52b9710c83d3b8ab63bb217cc7c8b61e13f12cd"
+SRCREV_machine:class-devupstream ?= "b925f60c6ee7ec871d2d48575d0fde3872129c20"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.15/base"
@@ -39,7 +39,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.15.156"
+LINUX_VERSION ?= "5.15.157"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 19/23] linux-yocto/5.15: update CVE exclusions (5.15.157)
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (17 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 18/23] linux-yocto/5.15: update to v5.15.157 Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 20/23] linux-yocto/5.15: cfg: remove obselete CONFIG_NFSD_V3 option Steve Sakoman
` (3 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/nluedtke/linux_kernel_cves
1/1 [
Author: Nicholas Luedtke
Email: nicholas.luedtke@uwalumni.com
Subject: Update 8Apr24
Date: Tue, 9 Apr 2024 18:19:11 -0400
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/cve-exclusion_5.15.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 78ff1365db..f5ccf2bc22 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-04-25 15:13:47.533247 for version 5.15.156
+# Generated at 2024-05-02 12:18:54.390781 for version 5.15.157
python check_kernel_cve_status_version() {
- this_version = "5.15.156"
+ this_version = "5.15.157"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 20/23] linux-yocto/5.15: cfg: remove obselete CONFIG_NFSD_V3 option
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (18 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 19/23] linux-yocto/5.15: update CVE exclusions (5.15.157) Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:04 ` [OE-core][kirkstone 21/23] kernel.bbclass: check, if directory exists before removing empty module directory Steve Sakoman
` (2 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: nfsd: drop CONFIG_NFSD_V3
Date: Tue, 2 Aug 2022 10:52:25 -0400
commit 5f9a62ff7d2808c7b56c0ec90f3b7eae5872afe6
Author: Chuck Lever <chuck.lever@oracle.com>
Date: Sun Feb 6 12:25:47 2022 -0500
NFSD: Remove CONFIG_NFSD_V3
Eventually support for NFSv2 in the Linux NFS server is to be
deprecated and then removed.
However, NFSv2 is the "always supported" version that is available
as soon as CONFIG_NFSD is set. Before NFSv2 support can be removed,
we need to choose a different "always supported" version.
This patch removes CONFIG_NFSD_V3 so that NFSv3 is always supported,
as NFSv2 is today. When NFSv2 support is removed, NFSv3 will become
the only "always supported" NFS version.
The defconfigs still need to be updated to remove CONFIG_NFSD_V3=y.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
index 91bf0350d5..349aa9854d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.15.bb
@@ -12,7 +12,7 @@ python () {
}
SRCREV_machine ?= "f8d4297d452f7c832d90bfb992d90db2e30ffc23"
-SRCREV_meta ?= "21fd5becb1ed083a28e57af46709578f83dd2910"
+SRCREV_meta ?= "7cdb56640a7854c921c292100445334745d5d534"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.15;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
index 722523ced9..054e17e871 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.15.bb
@@ -15,7 +15,7 @@ KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine ?= "7a8fce8cbd9a8a7d68a0c2537141c85d63f6eda3"
-SRCREV_meta ?= "21fd5becb1ed083a28e57af46709578f83dd2910"
+SRCREV_meta ?= "7cdb56640a7854c921c292100445334745d5d534"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.15.bb b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
index 6784703ce2..c066797436 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.15.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.15.bb
@@ -24,7 +24,7 @@ SRCREV_machine:qemux86 ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
SRCREV_machine:qemux86-64 ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
SRCREV_machine:qemumips64 ?= "d34e0789d8d5e0d7ab521889e80967edcac38dc6"
SRCREV_machine ?= "f0d16a142e32a7934da39a12bd983a00e629bb48"
-SRCREV_meta ?= "21fd5becb1ed083a28e57af46709578f83dd2910"
+SRCREV_meta ?= "7cdb56640a7854c921c292100445334745d5d534"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 21/23] kernel.bbclass: check, if directory exists before removing empty module directory
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (19 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 20/23] linux-yocto/5.15: cfg: remove obselete CONFIG_NFSD_V3 option Steve Sakoman
@ 2024-05-09 12:04 ` Steve Sakoman
2024-05-09 12:05 ` [OE-core][kirkstone 22/23] libarchive: fix multiple security vulnerabilities in pax writer Steve Sakoman
2024-05-09 12:05 ` [OE-core][kirkstone 23/23] ppp: Add RSA-MD in LICENSE Steve Sakoman
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
From: Heiko <heiko.thole@entwicklung.eq-3.de>
If the kernel folder does not exist, find will result in an error.
This can occur if the kernel has no modules but, for example, custom modules are created.
Add check before deleting.
Signed-off-by: Heiko Thole <heiko.thole@entwicklung.eq-3.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ef767d84d56b25498e45db83bb8f9d9caebeaf9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index dbd89057f3..988a489396 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -452,7 +452,7 @@ kernel_do_install() {
rm -f "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
rm -f "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/source"
# Remove empty module directories to prevent QA issues
- find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete
+ [ -d "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" ] && find "${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel" -type d -empty -delete
else
bbnote "no modules to install"
fi
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 22/23] libarchive: fix multiple security vulnerabilities in pax writer
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (20 preceding siblings ...)
2024-05-09 12:04 ` [OE-core][kirkstone 21/23] kernel.bbclass: check, if directory exists before removing empty module directory Steve Sakoman
@ 2024-05-09 12:05 ` Steve Sakoman
2024-05-09 12:05 ` [OE-core][kirkstone 23/23] ppp: Add RSA-MD in LICENSE Steve Sakoman
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:05 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
There was no CVE assigned but the commit message is clear.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ix-multiple-security-vulnerabilities.patch | 107 ++++++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 4 +-
2 files changed, 110 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-pax-writer-fix-multiple-security-vulnerabilities.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-pax-writer-fix-multiple-security-vulnerabilities.patch b/meta/recipes-extended/libarchive/libarchive/0001-pax-writer-fix-multiple-security-vulnerabilities.patch
new file mode 100644
index 0000000000..0fec6a9b8c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-pax-writer-fix-multiple-security-vulnerabilities.patch
@@ -0,0 +1,107 @@
+From 1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin@matuska.de>
+Date: Fri, 18 Aug 2023 00:28:39 +0200
+Subject: [PATCH] pax writer: fix multiple security vulnerabilities
+
+Security vulnerabilities:
+1. Heap overflow in url_encode() in archive_write_set_format_pax.c
+2. NULL dereference in archive_write_pax_header_xattrs()
+3. Another NULL dereference in archive_write_pax_header_xattrs()
+4. NULL dereference in archive_write_pax_header_xattr()
+
+The vulnerabilities can be triggered when writing pax archives
+with extended attributes (SCHILY or LIBARCHIVE) by feeding attribute
+names longer than INT_MAX or attribute names that fail to be encoded
+properly.
+
+Reported-by: Bahaa Naamneh of Crosspoint Labs
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_write_set_format_pax.c | 35 ++++++++++++++++-------
+ 1 file changed, 25 insertions(+), 10 deletions(-)
+
+diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
+index c9c15916..1eb9a9a4 100644
+--- a/libarchive/archive_write_set_format_pax.c
++++ b/libarchive/archive_write_set_format_pax.c
+@@ -367,10 +367,12 @@ archive_write_pax_header_xattr(struct pax *pax, const char *encoded_name,
+ struct archive_string s;
+ char *encoded_value;
+
++ if (encoded_name == NULL)
++ return;
++
+ if (pax->flags & WRITE_LIBARCHIVE_XATTR) {
+ encoded_value = base64_encode((const char *)value, value_len);
+-
+- if (encoded_name != NULL && encoded_value != NULL) {
++ if (encoded_value != NULL) {
+ archive_string_init(&s);
+ archive_strcpy(&s, "LIBARCHIVE.xattr.");
+ archive_strcat(&s, encoded_name);
+@@ -403,17 +405,22 @@ archive_write_pax_header_xattrs(struct archive_write *a,
+
+ archive_entry_xattr_next(entry, &name, &value, &size);
+ url_encoded_name = url_encode(name);
+- if (url_encoded_name != NULL) {
++ if (url_encoded_name == NULL)
++ goto malloc_error;
++ else {
+ /* Convert narrow-character to UTF-8. */
+ r = archive_strcpy_l(&(pax->l_url_encoded_name),
+ url_encoded_name, pax->sconv_utf8);
+ free(url_encoded_name); /* Done with this. */
+ if (r == 0)
+ encoded_name = pax->l_url_encoded_name.s;
+- else if (errno == ENOMEM) {
+- archive_set_error(&a->archive, ENOMEM,
+- "Can't allocate memory for Linkname");
+- return (ARCHIVE_FATAL);
++ else if (r == -1)
++ goto malloc_error;
++ else {
++ archive_set_error(&a->archive,
++ ARCHIVE_ERRNO_MISC,
++ "Error encoding pax extended attribute");
++ return (ARCHIVE_FAILED);
+ }
+ }
+
+@@ -422,6 +429,9 @@ archive_write_pax_header_xattrs(struct archive_write *a,
+
+ }
+ return (ARCHIVE_OK);
++malloc_error:
++ archive_set_error(&a->archive, ENOMEM, "Can't allocate memory");
++ return (ARCHIVE_FATAL);
+ }
+
+ static int
+@@ -1904,14 +1914,19 @@ url_encode(const char *in)
+ {
+ const char *s;
+ char *d;
+- int out_len = 0;
++ size_t out_len = 0;
+ char *out;
+
+ for (s = in; *s != '\0'; s++) {
+- if (*s < 33 || *s > 126 || *s == '%' || *s == '=')
++ if (*s < 33 || *s > 126 || *s == '%' || *s == '=') {
++ if (SIZE_MAX - out_len < 4)
++ return (NULL);
+ out_len += 3;
+- else
++ } else {
++ if (SIZE_MAX - out_len < 2)
++ return (NULL);
+ out_len++;
++ }
+ }
+
+ out = (char *)malloc(out_len + 1);
+--
+2.30.2
+
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 0219ffa720..7d328a0060 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -28,7 +28,9 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
EXTRA_OECONF += "--enable-largefile --without-iconv"
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
+ file://0001-pax-writer-fix-multiple-security-vulnerabilities.patch \
+"
UPSTREAM_CHECK_URI = "http://libarchive.org/"
SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread* [OE-core][kirkstone 23/23] ppp: Add RSA-MD in LICENSE
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (21 preceding siblings ...)
2024-05-09 12:05 ` [OE-core][kirkstone 22/23] libarchive: fix multiple security vulnerabilities in pax writer Steve Sakoman
@ 2024-05-09 12:05 ` Steve Sakoman
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:05 UTC (permalink / raw)
To: openembedded-core
From: Poonam Jadhav <ppjadhav456@gmail.com>
ppp package has "RSA Data Security" license text
in Message-Digest Algorithm source file md5.c and md4.c
Add RSA-MD in LICENSE field for ppp package
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/ppp/ppp_2.4.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
index 7e3ae43b58..b7f71b673d 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
@@ -5,7 +5,7 @@ SECTION = "console/network"
HOMEPAGE = "http://samba.org/ppp/"
BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
DEPENDS = "libpcap openssl virtual/crypt"
-LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD"
+LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD"
LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread