[OE-core][scarthgap 00/14] Patch review

[OE-core][scarthgap 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, September 6

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7306

The following changes since commit 553f31396a5d966ab827f1c4b807ef46649080d0:

  linux-firmware: add a package for ath12k firmware (2024-08-28 05:15:47 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  apr: drop
    0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch

Benjamin Szőke (1):
  mc: fix source URL

Dmitry Baryshkov (1):
  xserver-xorg: fix CVE-2023-5574 status

Jon Mason (2):
  oeqa/runtime/ssh: increase the number of attempts
  openssh: add backported header file include

Siddharth Doshi (1):
  wpa-supplicant: Upgrade 2.10 -> 2.11

Soumya Sambu (3):
  python3-setuptools: Fix CVE-2024-6345
  python3: Fix CVE-2024-7592
  python3: Fix CVE-2024-8088

Vijay Anusuri (1):
  apr: upgrade 1.7.4 -> 1.7.5

Wang Mingyu (4):
  cups: upgrade 2.4.9 -> 2.4.10
  libadwaita: upgrade 1.5.1 -> 1.5.2
  libdnf: upgrade 0.73.1 -> 0.73.2
  wireless-regdb: upgrade 2024.05.08 -> 2024.07.04

 meta/lib/oeqa/runtime/cases/ssh.py            |   2 +-
 ...sing-header-for-systemd-notification.patch |  27 ++
 .../openssh/openssh_9.6p1.bb                  |   1 +
 ...all-wpa_passphrase-when-not-disabled.patch |  33 --
 ...te-Phase-2-authentication-requiremen.patch | 213 ------------
 ...options-for-libwpa_client.so-and-wpa.patch |  73 ----
 ...oval-of-wpa_passphrase-on-make-clean.patch |  26 --
 ...plicant_2.10.bb => wpa-supplicant_2.11.bb} |  10 +-
 .../{libdnf_0.73.1.bb => libdnf_0.73.2.bb}    |   2 +-
 .../python3-setuptools/CVE-2024-6345.patch    | 312 ++++++++++++++++++
 .../python/python3-setuptools_69.1.1.bb       |   4 +-
 .../python/python3/CVE-2024-7592.patch        | 143 ++++++++
 .../python/python3/CVE-2024-8088.patch        | 128 +++++++
 .../recipes-devtools/python/python3_3.12.4.bb |   2 +
 .../cups/0001-use-echo-only-in-init.patch     |  11 +-
 ...-don-t-try-to-run-generated-binaries.patch |  16 +-
 ...-fix-multilib-install-file-conflicts.patch |  12 +-
 .../cups/{cups_2.4.9.bb => cups_2.4.10.bb}    |   2 +-
 meta/recipes-extended/mc/mc_4.8.31.bb         |   2 +-
 ...ibadwaita_1.5.1.bb => libadwaita_1.5.2.bb} |   2 +-
 .../xorg-xserver/xserver-xorg.inc             |   2 +-
 ....05.08.bb => wireless-regdb_2024.07.04.bb} |   2 +-
 ...-runtime-test-for-mmap-that-can-map-.patch |   2 +-
 ...libapr-against-phtread-to-make-gold-.patch |  50 ---
 .../apr/{apr_1.7.4.bb => apr_1.7.5.bb}        |   3 +-
 25 files changed, 642 insertions(+), 438 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-Fix-missing-header-for-systemd-notification.patch
 delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Install-wpa_passphrase-when-not-disabled.patch
 delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch
 delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch
 delete mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch
 rename meta/recipes-connectivity/wpa-supplicant/{wpa-supplicant_2.10.bb => wpa-supplicant_2.11.bb} (90%)
 rename meta/recipes-devtools/libdnf/{libdnf_0.73.1.bb => libdnf_0.73.2.bb} (97%)
 create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2024-6345.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
 rename meta/recipes-extended/cups/{cups_2.4.9.bb => cups_2.4.10.bb} (51%)
 rename meta/recipes-gnome/libadwaita/{libadwaita_1.5.1.bb => libadwaita_1.5.2.bb} (88%)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.05.08.bb => wireless-regdb_2024.07.04.bb} (94%)
 delete mode 100644 meta/recipes-support/apr/apr/0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch
 rename meta/recipes-support/apr/{apr_1.7.4.bb => apr_1.7.5.bb} (96%)

-- 
2.34.1

[OE-core][scarthgap 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, January 23

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/856

The following changes since commit 92eea72a25e553c698bee9e3f551a5880bd4631c:

  systemd: enable create-log-dirs (2025-01-13 06:16:07 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.6

Alexis Lothoré (1):
  oeqa/ssh: allow to retrieve raw, unformatted ouput

Catalin Popescu (1):
  Revert "bluez5: remove configuration files from install task"

Chen Qi (1):
  libgfortran: fix buildpath QA issue

Divya Chellam (1):
  wget: fix CVE-2024-10524

Esben Haabendal (1):
  pulseaudio: fix webrtc audio depdency

Hitendra Prajapati (1):
  ofono: Fix multiple CVEs

Peter Marko (4):
  socat: patch CVE-2024-54661
  ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542
  ofono: patch CVE-2023-4232
  ofono: patch CVE-2023-4235

Ross Burton (2):
  classes/nativesdk: also override TUNE_PKGARCH
  classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package
    architecture

Zhang Peng (1):
  avahi: fix CVE-2024-52616

 meta/classes-recipe/nativesdk.bbclass         |   1 +
 meta/classes-recipe/qemu.bbclass              |   8 +-
 meta/lib/oeqa/core/target/ssh.py              |  16 +-
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   1 +
 .../avahi/files/CVE-2024-52616.patch          | 104 +++++++++
 meta/recipes-connectivity/bluez5/bluez5.inc   |   8 +
 .../ofono/ofono/CVE-2023-4232.patch           |  31 +++
 .../ofono/ofono/CVE-2023-4235.patch           |  38 ++++
 .../ofono/ofono/CVE-2024-7539.patch           |  88 ++++++++
 ...024-7540_CVE-2024-7541_CVE-2024-7542.patch |  52 +++++
 .../ofono/ofono/CVE-2024-7543.patch           |  30 +++
 .../ofono/ofono/CVE-2024-7544.patch           |  30 +++
 .../ofono/ofono/CVE-2024-7545.patch           |  32 +++
 .../ofono/ofono/CVE-2024-7546.patch           |  30 +++
 .../ofono/ofono/CVE-2024-7547.patch           |  29 +++
 meta/recipes-connectivity/ofono/ofono_2.4.bb  |   9 +
 .../socat/files/CVE-2024-54661.patch          | 113 ++++++++++
 .../socat/socat_1.8.0.0.bb                    |   1 +
 meta/recipes-devtools/gcc/gcc-testsuite.inc   |   4 +-
 meta/recipes-devtools/gcc/libgfortran.inc     |   2 +-
 .../wget/wget/CVE-2024-10524.patch            | 197 ++++++++++++++++++
 meta/recipes-extended/wget/wget_1.21.4.bb     |   1 +
 .../pulseaudio/pulseaudio.inc                 |   2 +-
 scripts/install-buildtools                    |   4 +-
 24 files changed, 811 insertions(+), 20 deletions(-)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4232.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4235.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7539.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7544.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7545.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7546.patch
 create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7547.patch
 create mode 100644 meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
 create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch

-- 
2.43.0

[OE-core][scarthgap 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, February 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/997

The following changes since commit 72156282059aa5a013a386eb95f89dc38726326e:

  selftest/rust: correctly form the PATH environment variable (2025-02-07 06:29:37 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Archana Polampalli (8):
  ffmpeg: fix CVE-2024-35365
  ffmpeg: fix CVE-2024-36613
  ffmpeg: fix CVE-2024-36616
  ffmpeg: fix CVE-2024-36617
  ffmpeg: fix CVE-2024-36618
  ffmpeg: fix CVE-2024-36619
  ffmpeg: fix CVE-2024-35369
  gstreamer1.0-rtsp-server: fix CVE-2024-44331

Bruce Ashfield (1):
  linux-yocto/6.6: update to v6.6.75

Khem Raj (1):
  qemu: Do not define sched_attr with glibc >= 2.41

Marek Vasut (1):
  base-files: Drop /bin/sh dependency

Peter Marko (3):
  python3: upgrade 3.12.8 -> 3.12.9
  go: upgrade 1.22.11 -> 1.22.12
  cmake: apply parallel build settings to ptest tasks

 meta/classes-recipe/cmake.bbclass             |  2 +
 .../base-files/base-files_3.0.14.bb           | 23 -------
 .../go/{go-1.22.11.inc => go-1.22.12.inc}     |  2 +-
 ...1.22.11.bb => go-binary-native_1.22.12.bb} |  6 +-
 ....22.11.bb => go-cross-canadian_1.22.12.bb} |  0
 ...o-cross_1.22.11.bb => go-cross_1.22.12.bb} |  0
 ...ssdk_1.22.11.bb => go-crosssdk_1.22.12.bb} |  0
 ...ntime_1.22.11.bb => go-runtime_1.22.12.bb} |  0
 .../go/{go_1.22.11.bb => go_1.22.12.bb}       |  0
 ...shebang-overflow-on-python-config.py.patch |  2 +-
 ...sts-due-to-load-variability-on-YP-AB.patch |  4 +-
 ...001-ctypes-correct-gcc-check-in-test.patch | 53 ++++++++++++++++
 ...asename-to-replace-CC-for-checking-c.patch | 10 +--
 ...t_readline-skip-limited-history-test.patch |  4 +-
 ...up.py-do-not-add-a-curses-include-pa.patch |  2 +-
 .../python/python3/makerace.patch             |  2 +-
 .../{python3_3.12.8.bb => python3_3.12.9.bb}  |  3 +-
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 ...ed_attr-Do-not-define-for-glibc-2.41.patch | 47 ++++++++++++++
 .../linux/linux-yocto-rt_6.6.bb               |  6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |  6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 ++++-----
 .../ffmpeg/ffmpeg/CVE-2024-35365.patch        | 62 +++++++++++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-35369.patch        | 37 +++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-36613.patch        | 37 +++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-36616.patch        | 35 +++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-36617.patch        | 36 +++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-36618.patch        | 36 +++++++++++
 .../ffmpeg/ffmpeg/CVE-2024-36619.patch        | 36 +++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  7 +++
 .../CVE-2024-44331.patch                      | 44 +++++++++++++
 .../gstreamer1.0-rtsp-server_1.22.12.bb       |  4 +-
 32 files changed, 474 insertions(+), 61 deletions(-)
 rename meta/recipes-devtools/go/{go-1.22.11.inc => go-1.22.12.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.11.bb => go-binary-native_1.22.12.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.11.bb => go-cross-canadian_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.11.bb => go-cross_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.11.bb => go-crosssdk_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.11.bb => go-runtime_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.11.bb => go_1.22.12.bb} (100%)
 create mode 100644 meta/recipes-devtools/python/python3/0001-ctypes-correct-gcc-check-in-test.patch
 rename meta/recipes-devtools/python/{python3_3.12.8.bb => python3_3.12.9.bb} (99%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36619.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch

-- 
2.43.0

[OE-core][scarthgap 01/14] ffmpeg: fix CVE-2024-35365

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c
component of FFmpeg, specifically within the new_stream_audio function.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-35365.patch        | 62 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
new file mode 100644
index 0000000000..2b5646e07c
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
@@ -0,0 +1,62 @@
+From ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5 Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Mon, 25 Mar 2024 16:54:25 +0100
+Subject: [PATCH] fftools/ffmpeg_mux_init: Fix double-free on error
+
+MATCH_PER_STREAM_OPT iterates over all options of a given
+OptionDef and tests whether they apply to the current stream;
+if so, they are set to ost->apad, otherwise, the code errors
+out. If no error happens, ost->apad is av_strdup'ed in order
+to take ownership of this pointer.
+
+But this means that setting it originally was premature,
+as it leads to double-frees when an error happens lateron.
+This can simply be reproduced with
+ffmpeg -filter_complex anullsrc  -apad bar -apad:n baz -f null -
+This is a regression since 83ace80bfd80fcdba2c65fa1d554923ea931d5bd.
+
+Fix this by using a temporary variable instead of directly
+setting ost->apad. Also only strdup the string if it actually
+is != NULL.
+
+Reviewed-by: Marth64 <marth64@proxyid.net>
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+CVE: CVE-2024-35365
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ fftools/ffmpeg_mux_init.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
+index 63a25a3..685c064 100644
+--- a/fftools/ffmpeg_mux_init.c
++++ b/fftools/ffmpeg_mux_init.c
+@@ -845,6 +845,7 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
+         int channels = 0;
+         char *layout = NULL;
+         char *sample_fmt = NULL;
++        const char *apad = NULL;
+
+         MATCH_PER_STREAM_OPT(audio_channels, i, channels, oc, st);
+         if (channels) {
+@@ -882,8 +883,12 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
+
+         MATCH_PER_STREAM_OPT(audio_sample_rate, i, audio_enc->sample_rate, oc, st);
+
+-        MATCH_PER_STREAM_OPT(apad, str, ost->apad, oc, st);
+-        ost->apad = av_strdup(ost->apad);
++        MATCH_PER_STREAM_OPT(apad, str, apad, oc, st);
++        if (apad) {
++            ost->apad = av_strdup(apad);
++            if (!ost->apad)
++                return AVERROR(ENOMEM);
++        }
+
+ #if FFMPEG_OPT_MAP_CHANNEL
+         /* check for channel mapping for this audio stream */
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index c3cfc87669..fb3f954904 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -40,6 +40,7 @@ SRC_URI = " \
     file://CVE-2024-35366.patch \
     file://CVE-2024-35367.patch \
     file://CVE-2024-35368.patch \
+    file://CVE-2024-35365.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 02/14] ffmpeg: fix CVE-2024-36613

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library
allowing for an integer overflow, potentially resulting in a denial-of-service
(DoS) condition or other undefined behavior.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-36613.patch        | 37 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch
new file mode 100644
index 0000000000..0061b7ad98
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch
@@ -0,0 +1,37 @@
+From 50d8e4f27398fd5778485a827d7a2817921f8540 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 30 Sep 2023 00:51:29 +0200
+Subject: [PATCH] avformat/dxa: Adjust order of operations around block align
+
+Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
+Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 50d8e4f27398fd5778485a827d7a2817921f8540)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-36613
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/dxa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/dxa.c b/libavformat/dxa.c
+index 474b852..b4d9d00 100644
+--- a/libavformat/dxa.c
++++ b/libavformat/dxa.c
+@@ -122,7 +122,7 @@ static int dxa_read_header(AVFormatContext *s)
+         if(ast->codecpar->block_align) {
+             if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
+                 return AVERROR_INVALIDDATA;
+-            c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align;
++            c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align;
+         }
+         c->bytes_left = fsize;
+         c->wavpos = avio_tell(pb);
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index fb3f954904..5e22fd4080 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -41,6 +41,7 @@ SRC_URI = " \
     file://CVE-2024-35367.patch \
     file://CVE-2024-35368.patch \
     file://CVE-2024-35365.patch \
+    file://CVE-2024-36613.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 03/14] ffmpeg: fix CVE-2024-36616

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1
allows attackers to cause a denial of service in the application via a crafted VQA file.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-36616.patch        | 35 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch
new file mode 100644
index 0000000000..3f02c45b33
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch
@@ -0,0 +1,35 @@
+From 86f73277bf014e2ce36dd2594f1e0fb8b3bd6661 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Tue, 26 Mar 2024 01:00:13 +0100
+Subject: [PATCH] avformat/westwood_vqa: Fix 2g packets
+
+Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
+Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-36616
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/westwood_vqa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/westwood_vqa.c b/libavformat/westwood_vqa.c
+index 03b2d9e..024f5d3 100644
+--- a/libavformat/westwood_vqa.c
++++ b/libavformat/westwood_vqa.c
+@@ -262,7 +262,7 @@ static int wsvqa_read_packet(AVFormatContext *s,
+                     break;
+                 case SND2_TAG:
+                     /* 2 samples/byte, 1 or 2 samples per frame depending on stereo */
+-                    pkt->duration = (chunk_size * 2) / wsvqa->channels;
++                    pkt->duration = (chunk_size * 2LL) / wsvqa->channels;
+                     break;
+                 }
+                 break;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 5e22fd4080..3a18580e51 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -42,6 +42,7 @@ SRC_URI = " \
     file://CVE-2024-35368.patch \
     file://CVE-2024-35365.patch \
     file://CVE-2024-36613.patch \
+    file://CVE-2024-36616.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 04/14] ffmpeg: fix CVE-2024-36617

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-36617.patch        | 36 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch
new file mode 100644
index 0000000000..5d751213e3
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch
@@ -0,0 +1,36 @@
+From d973fcbcc2f944752ff10e6a76b0b2d9329937a7 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 30 Sep 2023 00:38:17 +0200
+Subject: [PATCH] avformat/cafdec: dont seek beyond 64bit
+
+Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
+Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
+Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-36617
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/cafdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
+index f5ba0f4..e92e327 100644
+--- a/libavformat/cafdec.c
++++ b/libavformat/cafdec.c
+@@ -271,7 +271,7 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)
+         }
+     }
+
+-    if (avio_tell(pb) - ccount > size) {
++    if (avio_tell(pb) - ccount > size || size > INT64_MAX - ccount) {
+         av_log(s, AV_LOG_ERROR, "error reading packet table\n");
+         return AVERROR_INVALIDDATA;
+     }
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 3a18580e51..3ef2d9099d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -43,6 +43,7 @@ SRC_URI = " \
     file://CVE-2024-35365.patch \
     file://CVE-2024-36613.patch \
     file://CVE-2024-36616.patch \
+    file://CVE-2024-36617.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 05/14] ffmpeg: fix CVE-2024-36618

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library
which allows for an integer overflow, potentially resulting in a denial-of-service
(DoS) condition.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-36618.patch        | 36 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
new file mode 100644
index 0000000000..5caca2da7c
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
@@ -0,0 +1,36 @@
+From 7a089ed8e049e3bfcb22de1250b86f2106060857 Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Tue, 12 Mar 2024 23:23:17 +0100
+Subject: [PATCH] avformat/avidec: Fix integer overflow iff ULONG_MAX <
+ INT64_MAX
+
+Affects many FATE-tests, see
+https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
+
+Reviewed-by: James Almer <jamrial@gmail.com>
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+CVE: CVE-2024-36618
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/avidec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/avidec.c b/libavformat/avidec.c
+index 00bd7a9..bc95466 100644
+--- a/libavformat/avidec.c
++++ b/libavformat/avidec.c
+@@ -1696,7 +1696,7 @@ static int check_stream_max_drift(AVFormatContext *s)
+     int *idx = av_calloc(s->nb_streams, sizeof(*idx));
+     if (!idx)
+         return AVERROR(ENOMEM);
+-    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) {
++    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) {
+         int64_t max_dts = INT64_MIN / 2;
+         int64_t min_dts = INT64_MAX / 2;
+         int64_t max_buffer = 0;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 3ef2d9099d..37416ef01a 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -44,6 +44,7 @@ SRC_URI = " \
     file://CVE-2024-36613.patch \
     file://CVE-2024-36616.patch \
     file://CVE-2024-36617.patch \
+    file://CVE-2024-36618.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 06/14] ffmpeg: fix CVE-2024-36619

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec
library which allows for an integer overflow when handling certain block types,
leading to a denial-of-service (DoS) condition.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-36619.patch        | 36 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36619.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36619.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36619.patch
new file mode 100644
index 0000000000..63d08eabcc
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36619.patch
@@ -0,0 +1,36 @@
+From 28c7094b25b689185155a6833caf2747b94774a4 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 4 Apr 2024 00:15:27 +0200
+Subject: [PATCH] avcodec/wavarc: fix signed integer overflow in block type
+ 6/19
+
+Fixes: signed integer overflow: -2088796289 + -91276551 cannot be represented in type 'int'
+Fixes: 67772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6533568953122816
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2024-36619
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/wavarc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
+index 09ed4d4..51d91a4 100644
+--- a/libavcodec/wavarc.c
++++ b/libavcodec/wavarc.c
+@@ -648,7 +648,7 @@ static int decode_5elp(AVCodecContext *avctx,
+                 for (int o = 0; o < order; o++)
+                     sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1];
+
+-                samples[n + 70] += ac_out[n] + (sum >> 4);
++                samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4);
+             }
+
+             for (int n = 0; n < 70; n++)
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 37416ef01a..dff78ccc53 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -45,6 +45,7 @@ SRC_URI = " \
     file://CVE-2024-36616.patch \
     file://CVE-2024-36617.patch \
     file://CVE-2024-36618.patch \
+    file://CVE-2024-36619.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 07/14] ffmpeg: fix CVE-2024-35369

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module,
a potential security vulnerability exists due to insufficient validation
of certain parameters when parsing Speex codec extradata. This vulnerability
could lead to integer overflow conditions, potentially resulting in undefined
behavior or crashes during the decoding process.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-35369.patch        | 37 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
new file mode 100644
index 0000000000..72dc8d14a7
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
@@ -0,0 +1,37 @@
+From 0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Sat, 17 Feb 2024 09:45:57 -0300
+Subject: [PATCH] avcodec/speexdec: further check for sane frame_size values
+
+Prevent potential integer overflows.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+
+CVE: CVE-2024-35369
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/speexdec.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
+index 23b8605..a034009 100644
+--- a/libavcodec/speexdec.c
++++ b/libavcodec/speexdec.c
+@@ -1420,9 +1420,10 @@ static int parse_speex_extradata(AVCodecContext *avctx,
+         return AVERROR_INVALIDDATA;
+     s->bitrate = bytestream_get_le32(&buf);
+     s->frame_size = bytestream_get_le32(&buf);
+-    if (s->frame_size < NB_FRAME_SIZE << s->mode)
++    if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0) ||
++        s->frame_size >     INT32_MAX >> (s->mode > 0))
+         return AVERROR_INVALIDDATA;
+-    s->frame_size *= 1 + (s->mode > 0);
++    s->frame_size <<= (s->mode > 0);
+     s->vbr = bytestream_get_le32(&buf);
+     s->frames_per_packet = bytestream_get_le32(&buf);
+     if (s->frames_per_packet <= 0 ||
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index dff78ccc53..91ee6c6b0d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -46,6 +46,7 @@ SRC_URI = " \
     file://CVE-2024-36617.patch \
     file://CVE-2024-36618.patch \
     file://CVE-2024-36619.patch \
+    file://CVE-2024-35369.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
-- 
2.43.0

[OE-core][scarthgap 08/14] gstreamer1.0-rtsp-server: fix CVE-2024-44331

[Steve Sakoman]

From: Archana Polampalli <archana.polampalli@windriver.com>

Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c
allows remote attackers to cause a denial of service via a series of specially crafted
hexstream requests.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2024-44331.patch                      | 44 +++++++++++++++++++
 .../gstreamer1.0-rtsp-server_1.22.12.bb       |  4 +-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
new file mode 100644
index 0000000000..eea58d3538
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server/CVE-2024-44331.patch
@@ -0,0 +1,44 @@
+From aa3e97d67c05d4648ea58c7ff7675e24a81ca72b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 24 Oct 2024 20:12:55 +0300
+Subject: [PATCH] rtsp-server: Remove pointless assertions that can happen if
+ client provides invalid rates
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3731
+Fixes CVE-2024-44331
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7739>
+
+CVE: CVE-2024-44331
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa3e97d67c05d4648ea58c7ff7675e24a81ca72b]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gst/rtsp-server/rtsp-media.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/gst/rtsp-server/rtsp-media.c b/gst/rtsp-server/rtsp-media.c
+index 8c62b0d..cbdc9f9 100644
+--- a/gst/rtsp-server/rtsp-media.c
++++ b/gst/rtsp-server/rtsp-media.c
+@@ -2755,15 +2755,13 @@ gst_rtsp_media_get_rates (GstRTSPMedia * media, gdouble * rate,
+           first_stream = FALSE;
+         } else {
+           if (save_rate != *rate || save_applied_rate != *applied_rate) {
+-            /* diffrent rate or applied_rate, weird */
+-            g_assert (FALSE);
++            /* different rate or applied_rate, weird */
+             result = FALSE;
+             break;
+           }
+         }
+       } else {
+-        /* complete stream withot rate and applied_rate, weird */
+-        g_assert (FALSE);
++        /* complete stream without rate and applied_rate, weird */
+         result = FALSE;
+         break;
+       }
+--
+2.40.0
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
index c89c22f334..3cd21e7181 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.22.12.bb
@@ -8,7 +8,9 @@ DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base"
 
 PNREAL = "gst-rtsp-server"
 
-SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
+           file://CVE-2024-44331.patch \
+          "
 
 SRC_URI[sha256sum] = "bf6c7871e7cf3528e4ec87ddc2f2949691cd269f98e536482ae744c1405cf451"
 
-- 
2.43.0

[OE-core][scarthgap 09/14] python3: upgrade 3.12.8 -> 3.12.9

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Release notes:
https://docs.python.org/release/3.12.9/whatsnew/changelog.html#python-3-12-9

Solves CVE-2025-0938, CVE-2024-12254 and 3 other vulnerabilities without
CVE number assigment.

Add a patch to fix failure of a new test.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...shebang-overflow-on-python-config.py.patch |  2 +-
 ...sts-due-to-load-variability-on-YP-AB.patch |  4 +-
 ...001-ctypes-correct-gcc-check-in-test.patch | 53 +++++++++++++++++++
 ...asename-to-replace-CC-for-checking-c.patch | 10 ++--
 ...t_readline-skip-limited-history-test.patch |  4 +-
 ...up.py-do-not-add-a-curses-include-pa.patch |  2 +-
 .../python/python3/makerace.patch             |  2 +-
 .../{python3_3.12.8.bb => python3_3.12.9.bb}  |  3 +-
 8 files changed, 67 insertions(+), 13 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3/0001-ctypes-correct-gcc-check-in-test.patch
 rename meta/recipes-devtools/python/{python3_3.12.8.bb => python3_3.12.9.bb} (99%)

diff --git a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
index 3311a90bda..6e4930b9ec 100644
--- a/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
+++ b/meta/recipes-devtools/python/python3/0001-Avoid-shebang-overflow-on-python-config.py.patch
@@ -19,7 +19,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
 index 2d235d2..1ac2263 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2354,6 +2354,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
+@@ -2355,6 +2355,8 @@ python-config: $(srcdir)/Misc/python-config.in Misc/python-config.sh
  	@ # Substitution happens here, as the completely-expanded BINDIR
  	@ # is not available in configure
  	sed -e "s,@EXENAME@,$(EXENAME)," < $(srcdir)/Misc/python-config.in >python-config.py
diff --git a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
index 6779dd515a..ec3bb9cbbd 100644
--- a/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
+++ b/meta/recipes-devtools/python/python3/0001-Skip-failing-tests-due-to-load-variability-on-YP-AB.patch
@@ -54,7 +54,7 @@ diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
 index 9463add..4e0f39d 100644
 --- a/Lib/test/test_time.py
 +++ b/Lib/test/test_time.py
-@@ -527,6 +527,7 @@ class TimeTestCase(unittest.TestCase):
+@@ -536,6 +536,7 @@ class TimeTestCase(unittest.TestCase):
      @unittest.skipIf(
          support.is_wasi, "process_time not available on WASI"
      )
@@ -62,7 +62,7 @@ index 9463add..4e0f39d 100644
      def test_process_time(self):
          # process_time() should not include time spend during a sleep
          start = time.process_time()
-@@ -540,6 +541,7 @@ class TimeTestCase(unittest.TestCase):
+@@ -549,6 +550,7 @@ class TimeTestCase(unittest.TestCase):
          self.assertTrue(info.monotonic)
          self.assertFalse(info.adjustable)
  
diff --git a/meta/recipes-devtools/python/python3/0001-ctypes-correct-gcc-check-in-test.patch b/meta/recipes-devtools/python/python3/0001-ctypes-correct-gcc-check-in-test.patch
new file mode 100644
index 0000000000..3dd762e519
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-ctypes-correct-gcc-check-in-test.patch
@@ -0,0 +1,53 @@
+From 2e2a0c8593a38f2020cc2baeeaa7972eb86773f9 Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Sat, 8 Feb 2025 23:57:17 +0100
+Subject: [PATCH] ctypes: correct gcc check in test
+
+In case gcc is not available, it will throw exception and test fails.
+So chatch the exception to skip the test correctly.
+
+======================================================================
+ERROR: test_null_dlsym (test.test_ctypes.test_dlerror.TestNullDlsym.test_null_dlsym)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+  File "/usr/lib/python3.12/test/test_ctypes/test_dlerror.py", line 61, in test_null_dlsym
+    retcode = subprocess.call(["gcc", "--version"],
+              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.12/subprocess.py", line 391, in call
+    with Popen(*popenargs, **kwargs) as p:
+         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/usr/lib/python3.12/subprocess.py", line 1028, in __init__
+    self._execute_child(args, executable, preexec_fn, close_fds,
+  File "/usr/lib/python3.12/subprocess.py", line 1963, in _execute_child
+    raise child_exception_type(errno_num, err_msg, err_filename)
+FileNotFoundError: [Errno 2] No such file or directory: 'gcc'
+
+Upstream-Status: Submitted [https://github.com/python/cpython/pull/129872]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ Lib/test/test_ctypes/test_dlerror.py | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/Lib/test/test_ctypes/test_dlerror.py b/Lib/test/test_ctypes/test_dlerror.py
+index 6bf492399cb..56eb7622b4d 100644
+--- a/Lib/test/test_ctypes/test_dlerror.py
++++ b/Lib/test/test_ctypes/test_dlerror.py
+@@ -58,11 +58,14 @@ def test_null_dlsym(self):
+         import subprocess
+         import tempfile
+ 
+-        retcode = subprocess.call(["gcc", "--version"],
+-                                  stdout=subprocess.DEVNULL,
+-                                  stderr=subprocess.DEVNULL)
+-        if retcode != 0:
++        try:
++            retcode = subprocess.call(["gcc", "--version"],
++                                      stdout=subprocess.DEVNULL,
++                                      stderr=subprocess.DEVNULL)
++        except:
+             self.skipTest("gcc is missing")
++        if retcode != 0:
++            self.skipTest("gcc is not working")
+ 
+         pipe_r, pipe_w = os.pipe()
+         self.addCleanup(os.close, pipe_r)
diff --git a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
index c9ef409018..5a1f9ffccf 100644
--- a/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
+++ b/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
@@ -73,7 +73,7 @@ index 9270b5f..955daad 100644
    *clang*)
      # Any changes made here should be reflected in the GCC+Darwin case below
      PGO_PROF_GEN_FLAG="-fprofile-instr-generate"
-@@ -2158,7 +2159,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
+@@ -2179,7 +2180,7 @@ AC_MSG_RESULT([$BOLT_APPLY_FLAGS])
  # compiler and platform.  BASECFLAGS tweaks need to be made even if the
  # user set OPT.
  
@@ -82,7 +82,7 @@ index 9270b5f..955daad 100644
      *clang*)
          cc_is_clang=1
          ;;
-@@ -2430,7 +2431,7 @@ yes)
+@@ -2451,7 +2452,7 @@ yes)
  
      # ICC doesn't recognize the option, but only emits a warning
      ## XXX does it emit an unused result warning and can it be disabled?
@@ -91,7 +91,7 @@ index 9270b5f..955daad 100644
              [*icc*], [ac_cv_disable_unused_result_warning=no]
              [PY_CHECK_CC_WARNING([disable], [unused-result])])
      AS_VAR_IF([ac_cv_disable_unused_result_warning], [yes],
-@@ -2676,7 +2677,7 @@ yes)
+@@ -2697,7 +2698,7 @@ yes)
      ;;
  esac
  
@@ -100,7 +100,7 @@ index 9270b5f..955daad 100644
  *mpicc*)
      CFLAGS_NODIST="$CFLAGS_NODIST"
      ;;
-@@ -3511,7 +3512,7 @@ then
+@@ -3532,7 +3533,7 @@ then
  		then
  			LINKFORSHARED="-Wl,--export-dynamic"
  		fi;;
@@ -109,7 +109,7 @@ index 9270b5f..955daad 100644
  		  *gcc*)
  		    if $CC -Xlinker --help 2>&1 | grep export-dynamic >/dev/null
  		    then
-@@ -6832,7 +6833,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
+@@ -6853,7 +6854,7 @@ if test "$ac_cv_gcc_asm_for_x87" = yes; then
      # Some versions of gcc miscompile inline asm:
      # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46491
      # http://gcc.gnu.org/ml/gcc/2010-11/msg00366.html
diff --git a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
index 3568d92bda..f9dc0ddcda 100644
--- a/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
+++ b/meta/recipes-devtools/python/python3/0001-test_readline-skip-limited-history-test.patch
@@ -20,7 +20,7 @@ diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py
 index fab124a..291dd48 100644
 --- a/Lib/test/test_readline.py
 +++ b/Lib/test/test_readline.py
-@@ -133,6 +133,7 @@ class TestHistoryManipulation (unittest.TestCase):
+@@ -141,6 +141,7 @@ class TestHistoryManipulation (unittest.TestCase):
          self.assertEqual(readline.get_history_item(1), "entrée 1")
          self.assertEqual(readline.get_history_item(2), "entrée 22")
  
@@ -28,7 +28,7 @@ index fab124a..291dd48 100644
      def test_write_read_limited_history(self):
          previous_length = readline.get_history_length()
          self.addCleanup(readline.set_history_length, previous_length)
-@@ -371,6 +372,7 @@ readline.write_history_file(history_file)
+@@ -379,6 +380,7 @@ readline.write_history_file(history_file)
          self.assertIn(b"done", output)
  
  
diff --git a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
index f5e500b146..e917c8bdf0 100644
--- a/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
+++ b/meta/recipes-devtools/python/python3/0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch
@@ -18,7 +18,7 @@ diff --git a/configure.ac b/configure.ac
 index 6e465a4..13c4835 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -6537,12 +6537,6 @@ AS_VAR_IF([have_panel], [no], [
+@@ -6558,12 +6558,6 @@ AS_VAR_IF([have_panel], [no], [
    AC_MSG_RESULT([$have_panel (CFLAGS: $PANEL_CFLAGS, LIBS: $PANEL_LIBS)])
  ])
  
diff --git a/meta/recipes-devtools/python/python3/makerace.patch b/meta/recipes-devtools/python/python3/makerace.patch
index f420404f34..862b648685 100644
--- a/meta/recipes-devtools/python/python3/makerace.patch
+++ b/meta/recipes-devtools/python/python3/makerace.patch
@@ -20,7 +20,7 @@ diff --git a/Makefile.pre.in b/Makefile.pre.in
 index dce36a5..2d235d2 100644
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -2265,7 +2265,7 @@ COMPILEALL_OPTS=-j0
+@@ -2266,7 +2266,7 @@ COMPILEALL_OPTS=-j0
  TEST_MODULES=@TEST_MODULES@
  
  .PHONY: libinstall
diff --git a/meta/recipes-devtools/python/python3_3.12.8.bb b/meta/recipes-devtools/python/python3_3.12.9.bb
similarity index 99%
rename from meta/recipes-devtools/python/python3_3.12.8.bb
rename to meta/recipes-devtools/python/python3_3.12.9.bb
index 94e0f24f89..8e03ff5f2b 100644
--- a/meta/recipes-devtools/python/python3_3.12.8.bb
+++ b/meta/recipes-devtools/python/python3_3.12.9.bb
@@ -34,13 +34,14 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 	   file://0001-test_deadlock-skip-problematic-test.patch \
 	   file://0001-test_active_children-skip-problematic-test.patch \
            file://0001-test_readline-skip-limited-history-test.patch \
+           file://0001-ctypes-correct-gcc-check-in-test.patch \
            "
 
 SRC_URI:append:class-native = " \
            file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
            "
 
-SRC_URI[sha256sum] = "c909157bb25ec114e5869124cc2a9c4a4d4c1e957ca4ff553f1edc692101154e"
+SRC_URI[sha256sum] = "7220835d9f90b37c006e9842a8dff4580aaca4318674f947302b8d28f3f81112"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
-- 
2.43.0

[OE-core][scarthgap 10/14] linux-yocto/6.6: update to v6.6.75

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    d51b7d37f14e Linux 6.6.75
    431fb709db43 drm/v3d: Assign job pointer to NULL before signaling the fence
    35b144b393db Input: xpad - add support for wooting two he (arm)
    7c477b26d39e Input: xpad - add support for Nacon Evol-X Xbox One Controller
    c009f1865582 Input: xpad - improve name of 8BitDo controller 2dc8:3106
    723aa536831c Input: xpad - add QH Electronics VID/PID
    7ea7e327a199 Input: xpad - add unofficial Xbox 360 wireless receiver clone
    dc8c9c171ef3 Input: atkbd - map F23 key to support default copilot shortcut
    80327feb234c Input: xpad - add support for Nacon Pro Compact
    cca07b29f7af ALSA: usb-audio: Add delay quirk for USB Audio Device
    3d8f4dc8c78f Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null"
    6377838560c0 USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    088bde862f8d scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    e0500e4373cd ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
    6e35f560daeb ext4: fix access to uninitialised lock in fc replay path
    c981c32c38af vfio/platform: check the bounds of read/write syscalls
    7d6405c13b0d cachestat: fix page cache statistics permission checking
    854d0d361e45 Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    a99bacb35c14 block: fix integer overflow in BLKSECDISCARD
    f4168299e553 net: sched: fix ets qdisc OOB Indexing
    5ddcc9e92d54 smb: client: handle lack of EA support in smb2_query_path_info()
    850e696f3627 libfs: Use d_children list to iterate simple_offset directories
    0f03dd06e5d1 libfs: Replace simple_offset end-of-directory detection
    6b1de53b1a0a Revert "libfs: Add simple_offset_empty()"
    a01bb1c5cac9 libfs: Return ENOSPC when the directory offset range is exhausted
    2b6da3fa94cd shmem: Fix shmem_rename2()
    753828d6775e libfs: Add simple_offset_rename() API
    3e716f31ff8b libfs: Fix simple_offset_rename_exchange()
    307f68e49dda libfs: Add simple_offset_empty()
    fc90bbcc08da libfs: Define a minimum directory offset
    3bd97ebf7e4f libfs: Re-arrange locking in offset_iterate_dir()
    4dd57d1f0e98 gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    7998e7efd1d5 RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
    52da02521ede ipv6: Fix soft lockups in fib6_select_path under high next hop churn
    cd9f7bf6cad8 cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value
    2364dc21ba5a ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf()
    509a928e815e ASoC: samsung: Add missing depends on I2C
    85af156e158c hwmon: (drivetemp) Set scsi command timeout to 10s
    2148a41dc8ff irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    b25bf1d7f5ff of/unittest: Add test that of_address_to_resource() fails on non-translatable address
    758abba3dd41 drm/amd/display: Use HW lock mgr for PSR1
    44c485f0fcb2 scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    06bfc95f817b seccomp: Stub for !CONFIG_SECCOMP
    ed0d02b7e147 ASoC: samsung: Add missing selects for MFD_WM8994
    bb60f107c96b ASoC: wm8994: Add depends on MFD core
    0372f43ab704 Linux 6.6.74
    3f51f8c9d289 net: fix data-races around sk->sk_forward_alloc
    7d082fb20aa2 x86/xen: fix SLS mitigation in xen_hypercall_iret()
    80d39b50bdc0 nfsd: add list_head nf_gc to struct nfsd_file
    0b7b07cb5990 Revert "drm/amdgpu: rework resume handling for display (v2)"
    f47c834a9131 fs: relax assertions on failure to encode file handles
    f0c0ac84de17 ovl: support encoding fid from inode with no alias
    955a355e179f ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
    ec3e32de2d8a ocfs2: fix deadlock in ocfs2_get_system_file_inode
    1364a29b71c7 block: fix uaf for flush rq while iterating tags
    08ac5fdb9c6d drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
    c39d275efbe9 iio: imu: inv_icm42600: fix spi burst write not supported
    bcb9678b1c4f Revert "PCI: Use preserve_config in place of pci_flags"
    0cc84b6636be drm/amdgpu: always sync the GFX pipe on ctx switch
    65622de7c440 drm/i915/fb: Relax clear color alignment to 64 bytes
    a5cbbea145b4 hrtimers: Handle CPU state correctly on hotplug
    6c84ff2e788f irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
    61c684dbfeb0 irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
    61ecbceae2ee irqchip: Plug a OF node reference leak in platform_irqchip_probe()
    926ad31b76b8 pmdomain: imx8mp-blk-ctrl: add missing loop break condition
    b0111650ee59 gpio: xilinx: Convert gpio_lock to raw spinlock
    a5a2ee8144c3 fs/proc: fix softlockup in __read_vmcore (part 2)
    09528bb1a412 filemap: avoid truncating 64-bit offset to 32 bits
    c5418187b977 nouveau/fence: handle cross device fences properly
    bc9c49341f97 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
    8a15c81063b9 vsock: reset socket state when de-assigning the transport
    dd93823fdd0e vsock/virtio: cancel close work in the destructor
    d88b249e14bd vsock/virtio: discard packets if the transport changes
    58e586c30d0b vsock/bpf: return early if transport is not assigned
    a3a3c1aa5126 net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
    75deec40a774 selftests: mptcp: avoid spurious errors on disconnect
    d09d17c104a9 mptcp: fix spurious wake-up on under memory pressure
    890507bc19b9 mptcp: be sure to send ack when mptcp-level window re-opens
    5cfe4b1d0cfb i2c: atr: Fix client detach
    571d3f6045cd zram: fix potential UAF of zram table
    4c8b783c9d16 ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
    ee37f3a538fc x86/asm: Make serialize() always_inline
    002b2efb1130 nvmet: propagate npwg topology
    8c9c1a2b48bb RDMA/bnxt_re: Fix to export port num to ib_query_qp
    bd6a4b4aed75 poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll()
    91371922704c iomap: avoid avoid truncating 64-bit offset to 32 bits
    4aaa1003a3f4 ACPI: resource: acpi_dev_irq_override(): Check DMI match last
    8cc32fc86e47 selftests: tc-testing: reduce rshift value
    8df41b7fb46d scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers
    933689000dff cachefiles: Parse the "secctx" immediately
    3f81514078fc kheaders: Ignore silly-rename files
    62861a5d4dd6 fs: fix missing declaration of init_files
    c598398815ee hfs: Sanity check the root record
    2e41e98c4e79 mac802154: check local interfaces before deleting sdata list
    1ea680703385 smb: client: fix double free of TCP_Server_Info::hostname
    6152c2c612a7 i2c: rcar: fix NACK handling when being a target
    573f036ba219 i2c: mux: demux-pinctrl: check initial mux selection, too
    f3311576789e Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
    b9b63c9cc1e0 hwmon: (tmp513) Fix division of negative numbers
    3c8fe0931d9b soc: ti: pruss: Fix pruss APIs
    63195bae1cbf drm/v3d: Ensure job pointer is set to NULL after job completion
    5faf45beb701 drm/vmwgfx: Add new keep_resv BO param
    ff5b9e9be645 net/mlx5e: Always start IPsec sequence number from 1
    cdb3f2b62e2d net/mlx5e: Rely on reqid in IPsec tunnel mode
    87c4417a9021 net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
    473bc285378f net/mlx5: Clear port select structure when fail to create
    ba8fdf7cff09 net/mlx5: Fix RDMA TX steering prio
    8a0097db0544 net: fec: handle page_pool_dev_alloc_pages error
    e8438cb84d0b net: xilinx: axienet: Fix IRQ coalescing packet count overflow
    325f2762fac7 nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
    bb11f992f5a4 gtp: Destroy device along with udp socket's netns dismantle.
    d756c8ac3029 gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
    3d1c0c5500f5 gtp: use exit_batch_rtnl() method
    1e222169f718 net: add exit_batch_rtnl() method
    7cde21f52042 pktgen: Avoid out-of-bounds access in get_imix_entries
    ea966b669878 openvswitch: fix lockup on tx to unregistering netdev with carrier
    b02e70be498b bpf: Fix bpf_sk_select_reuseport() memory leak
    c5af09473110 net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
    3b4299ff7a25 Linux 6.6.73
    1795ca657119 Revert "ovl: do not encode lower fh with upper sb_writers held"
    d1c53de4463b Revert "ovl: pass realinode to ovl_encode_real_fh() instead of realdentry"
    950b604384fd Revert "ovl: support encoding fid from inode with no alias"
    c2e420511612 Linux 6.6.72
    ac7f5641e988 drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported
    08a2117e83e5 riscv: Fix text patching when IPI are used
    56b274473d6e mm: hugetlb: independent PMD page table shared count
    ec500230d39a mm/hugetlb: enforce that PMD PT sharing has split PMD PT locks
    5cfaddaa4bdb fs/Kconfig: make hugetlbfs a menuconfig
    1abe0a34aea6 pgtable: fix s390 ptdesc field comments
    1fd2a57dcb4d workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker
    6dc676743a7a workqueue: Update lock debugging code
    2717b5e55a9f workqueue: Add rcu lock check at the end of work item execution
    66e533f0b250 pmdomain: imx: gpcv2: fix an OF node reference leak in imx_gpcv2_probe()
    b1e6351c16b4 pmdomain: imx: gpcv2: Simplify with scoped for each OF child loop
    b613a038fdd7 arm64: dts: rockchip: add hevc power domain clock to rk3328
    be3eed59ac01 block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
    53e25b10a28e hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
    a4b01371512e ARM: dts: imxrt1050: Fix clocks for mmc
    8efff2aa2d95 io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
    03753bfacbc6 riscv: kprobes: Fix incorrect address calculation
    6a96af5f309d iio: adc: ad7124: Disable all channels at probe time
    91dd568e3ff9 iio: inkern: call iio_device_put() only on mapped devices
    09e067e3c83e iio: adc: at91: call input_free_device() on allocated iio_dev
    f110a6d71bd8 iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
    2df664d7b4f2 iio: gyro: fxas21002c: Fix missing data update in trigger handler
    455df95eb8f2 iio: adc: ti-ads8688: fix information leak in triggered buffer
    5a95fbbecec7 iio: adc: rockchip_saradc: fix information leak in triggered buffer
    cde312e257b5 iio: imu: kmx61: fix information leak in triggered buffer
    a15ea87d4337 iio: light: vcnl4035: fix information leak in triggered buffer
    74058395b2c6 iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
    fefb88a4da96 iio: pressure: zpa2326: fix information leak in triggered buffer
    ea57f0bbe225 usb: gadget: configfs: Ignore trailing LF for user strings to cdev
    ea6a14987424 usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
    88cdfe9f15d5 usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm()
    c1e7ced99da9 usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    dcd4de31bd01 usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()
    43c204b22dd8 usb: gadget: midi2: Reverse-select at the right place
    953dea074bc5 usb: fix reference leak in usb_new_device()
    730016e0b963 USB: core: Disable LPM only for non-suspended ports
    77af0434807b USB: usblp: return error when setting unsupported protocol
    7c3f7c3caa35 usb: dwc3-am62: Disable autosuspend during remove
    0a3a87221418 x86/fpu: Ensure shadow stack is active before "getting" registers
    0c50f00cc299 usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
    0231ecfb1f7a tty: serial: 8250: Fix another runtime PM usage counter underflow
    12f950a6a1c1 misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config
    25692750c025 misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling
    b02cf1d27e46 topology: Keep the cpumask unchanged when printing cpumap
    c995c81b2a30 usb: dwc3: gadget: fix writing NYET threshold
    05da04bbf3b9 USB: serial: cp210x: add Phoenix Contact UPS Device
    138655dd9ebe usb-storage: Add max sectors quirk for Nokia 208
    e5c87f33b514 staging: iio: ad9832: Correct phase range check
    4c04529c77d5 staging: iio: ad9834: Correct phase range check
    8166f38c8099 USB: serial: option: add Neoway N723-EA support
    2dcb6368adf5 USB: serial: option: add MeiG Smart SRM815
    12caa73a28f0 dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)
    8dddc12d0324 f2fs: fix null-ptr-deref in f2fs_submit_page_bio()
    e3ed5a14aac7 io_uring/timeout: fix multishot updates
    3ce08bab0105 drm/amd/display: increase MAX_SURFACES to the value supported by hw
    fa6bc7263061 drm/amdkfd: fixed page fault when enable MES shader debugger
    55ee64816bd5 ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
    b239a3867d58 ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    f48f060a4b36 riscv: Fix sleeping in invalid context in die()
    5fe671caedc2 smb: client: sync the root session and superblock context passwords before automounting
    d2512434f4cf thermal: of: fix OF node leak in of_thermal_zone_find()
    ae9ab63a268b drm/amd/display: Add check for granularity in dml ceil/floor helpers
    59d28c133e71 ksmbd: Implement new SMB3 POSIX type
    284a221f8fa5 sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
    55627918febd sctp: sysctl: udp_port: avoid using current->nsproxy
    7ec30c54f339 sctp: sysctl: auth_enable: avoid using current->nsproxy
    dc9d0e3cfd16 sctp: sysctl: rto_min/max: avoid using current->nsproxy
    ad673e514b27 sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
    c0e394fd6b88 mptcp: sysctl: sched: avoid using current->nsproxy
    a57ce97c1978 dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    086136ad70c5 scsi: ufs: qcom: Power off the PHY if it was already powered on in ufs_qcom_power_up_sequence()
    6b305e98de0d dm thin: make get_first_thin use rcu-safe list first function
    a4a7ac3d2660 riscv: mm: Fix the out of bound issue of vmemmap address
    387f5b8ad3ff cpuidle: riscv-sbi: fix device node release in early exit of for_each_possible_cpu
    65b31b9d992c ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
    5cc621085e2b platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it
    7673030efe0f afs: Fix the maximum cell name length
    271ae0edbfc9 ksmbd: fix a missing return value check bug
    5b195e6f8bde drm/mediatek: Add return value check when reading DPCD
    5352901f0bf1 drm/mediatek: Fix mode valid issue for dp
    9db527726634 drm/mediatek: Fix YCbCr422 color format issue for DP
    acefaa6993eb drm/mediatek: stop selecting foreign drivers
    7083b93e9755 drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err
    229cc1028437 net/mlx5: Fix variable not being completed when function returns
    235419f0956e net: stmmac: dwmac-tegra: Read iommu stream id from device tree
    27202e2e8721 sched: sch_cake: add bounds checks to host bulk flow fairness counts
    d5807dd1328b netfilter: conntrack: clamp maximum hashtable size to INT_MAX
    1e3f5638c96b netfilter: nf_tables: imbalance in flowtable binding
    281855205a7c iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
    e026530e20e7 x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node()
    85e4923bcbcd memblock tests: fix implicit declaration of function 'numa_valid_node'
    b0b415f1a29d riscv: Fix early ftrace nop patching
    52a6d4f16e5b tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
    b455f050709a Bluetooth: btnxpuart: Fix driver sending truncated data
    327bd191bb44 Bluetooth: MGMT: Fix Add Device to responding before completing
    9ba06f078f33 Bluetooth: hci_sync: Fix not setting Random Address when required
    eff2cd6f53a5 eth: gve: use appropriate helper to set xdp_features
    ba9f7c16ec87 ipvlan: Fix use-after-free in ipvlan_get_iflink().
    7397fa36d676 tls: Fix tls_sw_sendmsg error handling
    a78e04e0236b igc: return early when failing to read EECD register
    30254c85b814 igc: field get conversion
    0677b13dd9b0 ice: fix incorrect PHY settings for 100 GB/s
    9d3884f303b0 cxgb4: Avoid removal of uninserted tid
    70163207b57b bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    b7e540c52137 pds_core: limit loop over fw name list
    24b85a8b0310 btrfs: avoid NULL pointer dereference if no valid extent tree
    a8fbf80c4ff5 net: libwx: fix firmware mailbox abnormal return
    e54beb9aed2a net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
    91f89fe177a4 tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    b2c9204e21b5 tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    41d2e3be0f28 net: 802: LLC+SNAP OID:PID lookup on start of skb data
    45ae076dac49 ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    6c37547a6eeb selftests/alsa: Fix circular dependency involving global-timer
    3d736856e245 ASoC: mediatek: disable buffer pre-allocation
    6754f5473dab ASoC: rt722: add delay time to wait for the calibration procedure
    14f030a807dd erofs: fix PSI memstall accounting
    1bf7e414cac3 erofs: handle overlapped pclusters out of crafted images properly
    a1a541fbfa7e ovl: support encoding fid from inode with no alias
    a3f8a2b13a27 ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
    26423e18cd6f ovl: do not encode lower fh with upper sb_writers held
    1e92afe80197 exfat: fix the infinite loop in __exfat_free_cluster()
    dc1d7afceb98 exfat: fix the infinite loop in exfat_readdir()
    71f4123cf2c7 dm array: fix cursor index when skipping across block boundaries
    14f0e64c2f11 dm array: fix unreleased btree blocks on closing a faulty array cursor
    6002bec5354f dm array: fix releasing a faulty array block twice in dm_array_cursor_end
    a71e465f69be jbd2: flush filesystem device before updating tail sequence
    6b32ff20d16a jbd2: increase IO priority for writing revoke records
    fdebee5c5c2b memblock: use numa_valid_node() helper to check for invalid node ID
    4ddb7f966f3d memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
    843e64492a7e Linux 6.6.71
    a6923798e471 x86/hyperv: Fix hv tsc page based sched_clock for hibernation
    b34e805539da Revert "x86, crash: wrap crash dumping code into crash related ifdefs"
    c8bc44c5f961 Revert "x86/hyperv: Fix hv tsc page based sched_clock for hibernation"
    1acb10106df3 Linux 6.6.70
    9722973ad038 scsi: hisi_sas: Remove redundant checks for automatic debugfs dump
    3de1b50f055d RDMA/bnxt_re: Fix max SGEs for the Work Request
    f61e663d78ff mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
    27c843e76447 mptcp: fix recvbuffer adjust on sleeping rcvmsg
    53fe947f67c9 mptcp: fix TCP options overflow.
    1ff2302e8aea mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
    86d946f3f999 mm/kmemleak: fix sleeping function called from invalid context at print message
    424abdec35ec mm/readahead: fix large folio support in async readahead
    cbe9eb2c39d0 gve: guard XDP xmit NDO on existence of xdp queues
    771d66f2bd8c gve: guard XSK operations on the existence of queues
    9b071576f891 fs/proc/task_mmu: fix pagemap flags with PMD THP entries on 32bit
    1f49aaf55652 drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
    79fcfc900abe dt-bindings: display: adi,adv7533: Drop single lane support
    7b977f8c26b6 drm: adv7511: Drop dsi single lane support
    271f031f4c31 net/sctp: Prevent autoclose integer overflow in sctp_association_init()
    b32c3b748d29 sky2: Add device ID 11ab:4373 for Marvell 88E8075
    8c6fd5803b98 pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
    b92667f75574 RDMA/uverbs: Prevent integer overflow issue
    c9818b61d0a8 scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
    edc8ece96c11 kcov: mark in_softirq_really() as __always_inline
    2e3d203b1ade ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
    d2392b79d8af ALSA: seq: oss: Fix races at processing SysEx messages
    7d1f59defa9e ALSA hda/realtek: Add quirk for Framework F111:000C
    396964d45ca5 ALSA: seq: Check UMP support for midi_version change
    199f04528737 Revert "bpf: support non-r10 register spill/fill to/from stack in precision tracking"
    bc6962f2dbaf modpost: fix the missed iteration for the max bit in do_input()
    f93e9ae0ba5e modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
    36e1b6890f22 RDMA/bnxt_re: Fix the max WQE size for static WQE support
    c3b5a7d6a13b seq_buf: Make DECLARE_SEQ_BUF() usable
    f2b94ee08ec6 ARC: build: Try to guess GCC variant of cross compiler
    d8f3f7d30f65 irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
    bef333418368 Bluetooth: hci_core: Fix sleeping function called from invalid context
    d8ecb248c199 net: usb: qmi_wwan: add Telit FE910C04 compositions
    c6b1d01e7a9c smb: client: destroy cfid_put_wq on module exit
    1d7ee876b8b9 ksmbd: set ATTR_CTIME flags when setting mtime
    2f75da8294bf ksmbd: retry iterate_dir in smb2_query_dir
    f53b37313ab6 bpf: fix potential error return
    73a30cb3e980 sound: usb: format: don't warn that raw DSD is unsupported
    325370be0676 sound: usb: enable DSD output for ddHiFi TC44C
    7523dd63ab22 ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
    0d5e2d476000 ALSA: hda/ca0132: Use standard HD-audio quirk matching helpers
    35916b2f9650 btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
    d0fafe701c6a drm/amdkfd: Correct the migration DMA map direction
    037ea0f28f9a wifi: mac80211: wake the queues in case of failure in resume
    86772872f9f5 wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
    d6b130fabfe1 net: ti: icssg-prueth: Fix clearing of IEP_CMP_CFG registers during iep_init
    17e8fa894345 ila: serialize calls to nf_register_net_hooks()
    a693b87692b4 af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
    7aa78d0d8546 af_packet: fix vlan_get_tci() vs MSG_PEEK
    23f2e7a13fa4 net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
    ad91a2dacbf8 net: restrict SO_REUSEPORT to inet sockets
    95ccf006bbc8 net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
    9eea3703c882 net: sfc: Correct key_len for efx_tc_ct_zone_ht_params
    b238f61cc394 RDMA/rtrs: Ensure 'ib_sge list' is accessible
    0cd3bde081cd net: wwan: t7xx: Fix FSM command timeout issue
    313474b10897 net: mv643xx_eth: fix an OF node reference leak
    d5ea3a4d02d8 eth: bcmsysport: fix call balance of priv->clk handling routines
    930f2f96734e ALSA: usb-audio: US16x08: Initialize array before use
    0c896816aa19 net: llc: reset skb->transport_header
    4f49349c1963 netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    c9b344ada5fd drm/i915/dg1: Fix power gate sequence.
    3e45dd1622a2 net/mlx5e: Skip restore TC rules for vport rep without loaded flag
    e66a99b9177b net/mlx5e: macsec: Maintain TX SA from encoding_sa
    43e589ab372f net/mlx5: DR, select MSIX vector 0 for completion queue creation
    f647d72245aa netrom: check buffer length before accessing it
    36eff8669b74 net: Fix netns for ip_tunnel_init_flow()
    7e9aa1a065dc ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit()
    3b1a7fb74ab1 ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit()
    ae0710c5cc74 ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()
    77b1e00fe97e ip_tunnel: annotate data-races around t->parms.link
    2af69905180b net: fix memory leak in tcp_conn_request()
    c6870f86bde6 net: stmmac: restructure the error path of stmmac_probe_config_dt()
    6d01d9f66ae1 net: stmmac: don't create a MDIO bus if unnecessary
    48f63e4e64a5 RDMA/hns: Fix missing flush CQE for DWQE
    be4293e108e2 RDMA/hns: Fix warning storm caused by invalid input in IO path
    2746888be48c RDMA/hns: Fix mapping error of zero-hop WQE buffer
    2049fb6c8bd7 RDMA/hns: Remove unused parameters and variables
    363f502cbfc0 RDMA/hns: Refactor mtr find
    ca2a2cad4efb net: dsa: microchip: Fix LAN937X set_ageing_time function
    7583dd5928b6 net: dsa: microchip: Fix KSZ9477 set_ageing_time function
    fa7f96589f17 drm/bridge: adv7511_audio: Update Audio InfoFrame properly
    f28fa7625536 RDMA/bnxt_re: Fix the locking while accessing the QP table
    cd1547b49b2c RDMA/bnxt_re: Fix MSN table size for variable wqe mode
    2e719d89b9fa RDMA/bnxt_re: Add send queue size check for variable wqe
    3ae9ee7ff3b2 RDMA/bnxt_re: Disable use of reserved wqes
    bb46a484a0c6 RDMA/bnxt_re: Add support for Variable WQE in Genp7 adapters
    9fcfe972758b RDMA/bnxt_re: Fix max_qp_wrs reported
    38b49312da2d RDMA/bnxt_re: Fix reporting hw_ver in query_device
    14f66ac898c9 RDMA/bnxt_re: Add check for path mtu in modify_qp
    183a96174cab RDMA/bnxt_re: Fix the check for 9060 condition
    347654387bb1 nvme-pci: 512 byte aligned dma pool segment quirk
    a0ceed736c88 RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters
    a5092b138e1c RDMA/bnxt_re: Avoid initializing the software queue for user queues
    25e6e9da6926 RDMA/mlx5: Enforce same type port association for multiport RoCE
    5d1d7522cf82 RDMA/bnxt_re: Remove always true dattr validity check
    c91ae7c12d6f RDMA/bnxt_re: Allow MSN table capability check
    f452f397f9a6 tracing: Check "%s" dereference via the field and not the TP_printk format
    55841e8820b9 tracing: Fix trace_check_vprintf() when tp_printk is used
    680c07fabc2b tracing: Handle old buffer mappings for event strings and functions
    6920e362bc08 seq_buf: Introduce DECLARE_SEQ_BUF and seq_buf_str()
    cd27bbe89810 powerpc: Remove initialisation of readpos
    c46547b4686e tracing: Move readpos from seq_buf to trace_seq
    1ec141d8f51b net: mctp: handle skb cleanup on sock_queue failures
    c47ed91156da ceph: give up on paths longer than PATH_MAX
    a64e5295ebc4 tracing: Have process_string() also allow arrays
    de2a10e19226 mmc: sdhci-msm: fix crypto key eviction
    6228f13f1996 btrfs: fix use-after-free in btrfs_encoded_read_endio()
    c1dbd28a0795 selinux: ignore unknown extended permissions
    c2a7fc514637 f2fs: fix to wait dio completion
    23ea763880d6 platform/x86: mlx-platform: call pci_dev_put() to balance the refcount
    d4eb5b3c115d ALSA: ump: Shut up truncated string warning
    8b2e38f2a9b7 usb: xhci: Avoid queuing redundant Stop Endpoint commands
    8a2273e5c1be usb: typec: ucsi: glink: fix off-by-one in connector_status
    a47f0b03149a scsi: hisi_sas: Fix a deadlock issue related to automatic dump
    8c5ad189e90f cleanup: Remove address space of returned pointer
    55779f26eab9 crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes
    9457d783fb94 Bluetooth: btusb: mediatek: add callback function in btusb_disconnect
    3aab20eb1989 Bluetooth: btusb: add callback function in btusb suspend/resume
    9a466b8693b9 btrfs: fix use-after-free when COWing tree bock and tracing is enabled
    0d2cc60b44d0 btrfs: rename and export __btrfs_cow_block()
    151447859d6f x86/fred: Clear WFE in missing-ENDBRANCH #CPs
    9c268be377e7 x86/ptrace: Add FRED additional information to the pt_regs structure
    498bdedca58a x86/ptrace: Cleanup the definition of the pt_regs structure
    48417c3426cf ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A
    4252d023bae7 ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11
    f5a20424084f scsi: mpi3mr: Start controller indexing from 0
    d424303d8d18 scsi: mpi3mr: Use ida to manage mrioc ID
    8d891c866cf7 ALSA: ump: Update legacy substream names upon FB info update
    9617001adfc9 ALSA: ump: Indicate the inactive group in legacy substream names
    cf29cbf61cf2 ALSA: ump: Don't open legacy substream for an inactive group
    b5e175e18a39 ALSA: ump: Use guard() for locking
    b41d73055284 udf: Verify inode link counts before performing rename
    17b312c5d869 udf_rename(): only access the child content on cross-directory rename
    d33523b0beb5 watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler
    e145b77fb5c1 watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset
    7ea100fb50bb watchdog: rzg2l_wdt: Remove reset de-assert from probe
    b222816f9c43 of: address: Preserve the flags portion on 1:1 dma-ranges mapping
    443f803b332b of: address: Store number of bus flag cells rather than bool
    7a40a884f597 of: address: Remove duplicated functions
    6681113633dc x86/hyperv: Fix hv tsc page based sched_clock for hibernation
    e5b1574a8ca2 x86, crash: wrap crash dumping code into crash related ifdefs
    5422f4321640 thunderbolt: Don't display nvm_version unless upgrade supported
    5a23e3e9e245 thunderbolt: Add support for Intel Panther Lake-M/P
    888c554d3dfd thunderbolt: Add support for Intel Lunar Lake
    6cd8e621a689 xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
    f1ece345ad2c usb: xhci: Limit Stop Endpoint retries
    61329b25dc1d xhci: retry Stop Endpoint on buggy NEC controllers
    43e3aa2f44d6 net: renesas: rswitch: fix possible early skb release
    3dd65ffa2df6 softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
    d6616dcd8721 net/mlx5: unique names for per device caches
    ddcc7d71be31 Revert "nvme: make keep-alive synchronous operation"
    801acf741c87 nvme: use helper nvme_ctrl_state in nvme_keep_alive_finish function
    2c276bef8273 usb: typec: ucsi: glink: be more precise on orientation-aware ports
    7723988b0127 usb: typec: ucsi: glink: set orientation aware if supported
    01059e0b5cc0 usb: typec: ucsi: add update_connector callback
    fd662c37a108 usb: typec: ucsi: glink: move GPIO reading into connector_status callback
    8dd7fc5e409b usb: typec: ucsi: add callback for connector status updates
    c47940e84398 iio: adc: ad7192: properly check spi_get_device_match_data()
    843b5d1602d6 iio: adc: ad7192: Convert from of specific to fwnode property handling
    f7d548a62f08 usb: chipidea: udc: limit usb request length to max 16KB
    7a2020e83b6a usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
    c39df6d3af2d usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag
    c2556801583c fs/ntfs3: Fix warning in ni_fiemap
    48ebb93f933d fs/ntfs3: Implement fallocate for compressed files
    171c40531b04 remoteproc: qcom: pas: enable SAR2130P audio DSP support
    b506a0c41411 remoteproc: qcom: pas: Add support for SA8775p ADSP, CDSP and GPDSP
    25804f9b492b remoteproc: qcom: pas: Add sc7180 adsp
    3c9d3157f3cc mailbox: pcc: Check before sending MCTP PCC response ACK
    d8c0f38208a4 ACPI: PCC: Add PCC shared memory region command and status bitfields
    4460b5236818 i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros
    dcc02c9ebfe8 mailbox: pcc: Support shared interrupt for multiple subspaces
    605018764e21 mailbox: pcc: Add support for platform notification handling
    82461d89c849 clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
    deff81f56dff clk: qcom: clk-alpha-pll: Add support for zonda ole pll configure
    7c8c50c9855a scsi: hisi_sas: Create all dump files during debugfs initialization
    044928679823 scsi: hisi_sas: Allocate DFX memory during dump trigger
    91e035e98fa1 scsi: hisi_sas: Directly call register snapshot instead of using workqueue
    4f4fe3db92bb Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
    f8a67ffb96c9 Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925
    1e7b1a8e7b6e Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925
    e612c16ed0b7 Bluetooth: Add support ITTIM PE50-M75C
    ca4e69826d67 Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
    6e6a3479986a i2c: i801: Add support for Intel Panther Lake
    f38ca98b0721 i2c: i801: Add support for Intel Arrow Lake-H
    b35de9e01fc7 wifi: ath10k: avoid NULL pointer error during sdio remove
    358c36eae58d wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights
    3ed6b2daa4e9 wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
    dc6094108573 wifi: mac80211: Add non-atomic station iterator
    4eceef729c84 wifi: ath12k: Optimize the mac80211 hw data access
    3d94c4b21966 wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
    24b5898a8c73 wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
    ed01e57a8169 media: uvcvideo: Force UVC version to 1.0a for 0408:4033
    9471b8f80526 media: uvcvideo: Force UVC version to 1.0a for 0408:4035
    8fa6f680b5aa cleanup: Adjust scoped_guard() macros to avoid potential warning
    873df38bdf42 cleanup: Add conditional guard support
    4b6beff3c073 crypto: ecdsa - Avoid signed integer overflow on signature decoding
    ec6488917941 crypto: ecdsa - Use ecc_digits_from_bytes to convert signature
    1afc7acbedb8 crypto: ecdsa - Rename keylen to bufsize where necessary
    e7fcd5d696c4 crypto: ecdsa - Convert byte arrays with key coordinates to digits
    93011887013d ext4: partial zero eof block on unaligned inode size extension
    fa42d5f1327f ext4: convert to new timestamp accessors
    1864d4712c4b memblock: allow zero threshold in validate_numa_converage()
    6fdc770506eb NUMA: optimize detection of memory with no node id assigned by firmware
    3adf89f17dbd sched: Initialize idle tasks only once
    106740e978c7 usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic
    39619c65ab4b smb: client: fix use-after-free of signing key
    d7cb986425ce smb: client: stop flooding dmesg in smb2_calc_signature()
    5f36890d650c fs/smb/client: implement chmod() for SMB3 POSIX Extensions
    d64429042fef smb/client: rename cifs_ace to smb_ace
    298e73ac323a smb/client: rename cifs_acl to smb_acl
    46c22d37f691 smb/client: rename cifs_sid to smb_sid
    386660bd303e smb/client: rename cifs_ntsd to smb_ntsd
    8322a66f9369 x86/mm: Carve out INVLPG inline asm for use by others
    bffaf4cb2810 docs: media: update location of the media patches
    e8b8c1ecbd2c drm/amd/display: Fix incorrect DSC recompute trigger
    3f9f631f9b91 drm/amd/display: Fix DSC-re-computing
    18abb2787b53 x86/syscall: Mark exit[_group] syscall handlers __noreturn
    2879d995e569 pnmtologo: sync with 6.6
    43ea1c5e6eb3 lib/build_OID_registry: take -stable reproducibility changes
    35046aea43c8 bpftool: Fix undefined bpf macro for unix socket
    9a558d4b8621 tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids
    42b2eec2e503 bpftool: Query only cgroup-related attach types
    f71bb11887ba cpu/amd: inhibit SMP check for qemux86
    c31365597a17 powerpc/uaccess: Fix build errors seen with GCC 13/14
    64ebf485c56b usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
    7c76aad68f6d kselftest: Add a ksft_perror() helper
    06644f0d7193 drm/tilcdc: Set preferred depth
    ff7ae7b32324 crypto: jitter - add RCT/APT support for different OSRs
    50cd24ddb6f0 arm64: defconfig: remove CONFIG_IPQ_APSS_5018
    58e5c91d6701 x86/alternatives: Disable interrupts and sync when optimizing NOPs in place
    c878fd2d4c79 x86/alternatives: Sync core before enabling interrupts
    c2d64b9f52b6 qemux86: add configuration symbol to select values
    630c33229e6d sched/isolation: really align nohz_full with rcu_nocbs
    0e5e0f68e2e6 clear_warn_once: add a clear_warn_once= boot parameter
    46934791b902 clear_warn_once: bind a timer to written reset value
    cdee9e38ff32 clear_warn_once: expand debugfs to include read support
    82b562b81841 tools: Remove some options from CLANG_CROSS_FLAGS
    36dc380b776b libbpf: Fix build warning on ref_ctr_off
    9e3e1fe20982 perf: perf can not parser the backtrace of app in the 32bit system and 64bit kernel.
    e497a4a5da65 perf: x86-32: explicitly include <errno.h>
    7b57ddd89565 perf: mips64: Convert __u64 to unsigned long long
    1cfc19423dc7 perf: fix bench numa compilation
    98bc2815fade perf: add SLANG_INC for slang.h
    17209a70b9b3 perf: add sgidefs.h to for mips builds
    9cd4258d910a perf: change --root to --prefix for python install
    8110a4f26628 perf: add 'libperl not found' warning
    bc89d5e08f77 perf: force include of <stdbool.h>
    4f6c760cc876 fat: Replace prandom_u32() with get_random_u32()
    bc53117b12b2 fat: don't use obsolete random32 call in namei_vfat
    30b2236ab378 FAT: Added FAT_NO_83NAME
    cef98d22b4ed FAT: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option
    0bbd7daba9e1 FAT: Add CONFIG_VFAT_FS_NO_DUALNAMES option
    5883fc340084 aufs6: adapt to v6.6 i_op->ctime changes
    c4342d979bf2 aufs6: fix magic.mk include path
    35266bc2dc81 aufs6: adapt to v6.6
    8edede4e98be aufs6: core
    712248233ebe aufs6: standalone
    3b71a8a848d8 aufs6: mmap
    3e2924871f37 aufs6: base
    7f4907a93101 aufs6: kbuild
    d2f7b03e4aa7 yaffs2: update VFS ctime operations to 6.6+
    bcd6cfcd1aa0 yaffs2: v6.5 fixups
    cc615704b5f5 yaffs2: Fix miscalculation of devname buffer length
    8ef2e22dcf91 yaffs2: convert user_namespace to mnt_idmap
    c9c749f9f7d3 yaffs2: replace bdevname call with sprintf
    395b01cdc39d yaffs2: convert read_page -> readfolio
    d98b07e43ba6 yaffs: replace IS_ERR with IS_ERR_OR_NULL to check both ERR and NULL
    613c6d50fdbe yaffs: fix -Wstringop-overread compile warning in yaffs_fix_null_name
    622c4648936f yaffs2: v5.12+ build fixups (not runtime tested)
    7562133d4090 yaffs: include blkdev.h
    dbd44252cd59 yaffs: fix misplaced variable declaration
    c223a10b1ac0 yaffs2: v5.6 build fixups
    90f6007cfbf4 yaffs2: fix memory leak when /proc/yaffs is read
    37ee169c5ea1 yaffs: add strict check when call yaffs_internal_read_super
    b6e007b8abb6 yaffs: repair yaffs_get_mtd_device
    fb98f65a466a yaffs: Fix build failure by handling inode i_version with proper atomic API
    51e0aac75ea2 yaffs2: fix memory leak in mount/umount
    2b74a0cae7b0 yaffs: Avoid setting any ACL releated xattr
    ff4130a9c376 Yaffs:check oob size before auto selecting Yaffs1
    ba95b409c67c fs: yaffs2: replace CURRENT_TIME by other appropriate apis
    8fa35eba9056 yaffs2: adjust to proper location of MS_RDONLY
    1eb5deaad8c4 yaffs2: import git revision b4ce1bb (jan, 2020)
    4dce67c1e8c8 initramfs: allow an optional wrapper script around initramfs generation
    2f603d83fcc4 pnmtologo: use relocatable file name
    664a6a0a484b tools: use basename to identify file in gen-mach-types
    9de64bc0c185 lib/build_OID_registry: fix reproducibility issues
    ae9b80797295 vt/conmakehash: improve reproducibility
    a972323151bd iwlwifi: select MAC80211_LEDS conditionally
    15d2adcc0198 net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
    5556a6c04b19 arm64/perf: Fix wrong cast that may cause wrong truncation
    5552dc768ffc defconfigs: drop obselete options
    00fe4152df31 arm64/perf: fix backtrace for AAPCS with FP enabled
    3888d0652edf linux-yocto: Handle /bin/awk issues
    3d55d299f23a uvesafb: provide option to specify timeout for task completion
    23c068c080be uvesafb: print error message when task timeout occurs
    edbfc939266e compiler.h: Undef before redefining __attribute_const__
    c99ae7e2a19a vmware: include jiffies.h
    572d84d928c8 Resolve jiffies wrapping about arp
    fdcd47cac843 nfs: Allow default io size to be configured.
    927d48801098 check console device file on fs when booting
    57cc27f821dd mount_root: clarify error messages for when no rootfs found
    1b53d82a8152 mconf: fix output of cflags and libraries
    1811da09f42c menuconfig,mconf-cfg: Allow specification of ncurses location
    83c2e0c6eb1f modpost: mask trivial warnings
    6de673039484 kbuild: exclude meta directory from distclean processing
    6decd32815f5 powerpc: serialize image targets
    f6b683b38318 arm: serialize build targets
    e798b09ebf57 mtd_blkdevs: add mtd_table_mutex lock back to blktrans_{open, release} to avoid race condition
    dc8a1e5a88f8 x86_64_defconfig: Fix warnings
    68491e5f72b6 powerpc/ptrace: Disable array-bounds warning with gcc8
    d71ebfce3004 powerpc: Disable attribute-alias warnings from gcc8
    62f50884b8b1 powerpc: kexec fix for powerpc64
    da6871c62c37 powerpc: Add unwind information for SPE registers of E500 core
    f161c880c11d mips: make current_cpu_data preempt safe
    5e94a8247ce7 mips: vdso: fix 'jalr $t9' crash in vdso code
    19e36714b1c7 mips: Kconfig: add QEMUMIPS64 option
    e2e537db3cbd 4kc cache tlb hazard: tlbp cache coherency
    aee9870611e5 malta uhci quirks: make allowance for slow 4k(e)c
    881948cd1517 drm/fb-helper: move zeroing code to drm_fb_helper_fill_var
    98ec1963fcb7 arm64: defconfig: cleanup config options
    f1727c537ba8 vexpress: Pass LOADADDR to Makefile
    4474c32dc24a arm: ARM EABI socketcall
    75e31a2b70fd ARM: LPAE: Invalidate the TLB for module addresses during translation fault

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 67123136b0..f17fd6f76f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "3a66d8b7000a5efea50ccd9c2c8d0955dcf40c72"
-SRCREV_meta ?= "dff911ce87fe7b9944c6058907f079ddb0f3e840"
+SRCREV_machine ?= "8c0c411701e8feb7e56ec2edf5ae205b187e5457"
+SRCREV_meta ?= "2b3144e07219eb82a8a95913330a31c3c19f75e7"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.69"
+LINUX_VERSION ?= "6.6.75"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index e48dae1160..bfbf680202 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.69"
+LINUX_VERSION ?= "6.6.75"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_meta ?= "dff911ce87fe7b9944c6058907f079ddb0f3e840"
+SRCREV_machine ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_meta ?= "2b3144e07219eb82a8a95913330a31c3c19f75e7"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 05bf773c1f..f0d477faf4 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b9db0f967e89de853fa737c164907c4ee111a489"
-SRCREV_machine:qemuarm64 ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemuloongarch64 ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemumips ?= "6cdf7de2dc6c90e973201f52871a3301ec822226"
-SRCREV_machine:qemuppc ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemuriscv64 ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemuriscv32 ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemux86 ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemux86-64 ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_machine:qemumips64 ?= "c8da027284e8c7ece7e04dcdd1cf49850fea911d"
-SRCREV_machine ?= "c556adf7d54204d713252722b27f5bfe25cd8620"
-SRCREV_meta ?= "dff911ce87fe7b9944c6058907f079ddb0f3e840"
+SRCREV_machine:qemuarm ?= "8a51a53128a5ec74564e37a6eb8a6f50430b1554"
+SRCREV_machine:qemuarm64 ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemuloongarch64 ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemumips ?= "2f0b854a37fa128c15cfae9a0d758c21b9c30b7d"
+SRCREV_machine:qemuppc ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemuriscv64 ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemuriscv32 ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemux86 ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemux86-64 ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_machine:qemumips64 ?= "f9f65cef2c04456589b1cd7a4e054b8aa331c5da"
+SRCREV_machine ?= "0a9cf91f3319931bc037a658ab1ceb86d966ac9b"
+SRCREV_meta ?= "2b3144e07219eb82a8a95913330a31c3c19f75e7"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "a30cd70ab75aa6b7ee880b6ec2ecc492faf205b2"
+SRCREV_machine:class-devupstream ?= "d51b7d37f14e76db7a1a13046ed87198c0407fcb"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.69"
+LINUX_VERSION ?= "6.6.75"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.43.0

[OE-core][scarthgap 11/14] go: upgrade 1.22.11 -> 1.22.12

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

Upgrade to latest 1.22.x release [1]:

$ git --no-pager log --oneline go1.22.11..go1.22.12
5817e65094 (tag: go1.22.12) [release-branch.go1.22] go1.22.12
0cc45e7ca6 [release-branch.go1.22] crypto/internal/fips140/nistec: make p256NegCond constant time on ppc64le
c3c6a50095 [release-branch.go1.22] cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch
e0a01acd04 [release-branch.go1.22] cmd/compile: fix write barrier coalescing

Fixes CVE-2025-22866

[1] https://github.com/golang/go/compare/go1.22.11...go1.22.12

(From OE-Core rev: 423ad5a67768738dac454b1e2aa27746f74511c5)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/{go-1.22.11.inc => go-1.22.12.inc} | 2 +-
 ...binary-native_1.22.11.bb => go-binary-native_1.22.12.bb} | 6 +++---
 ...oss-canadian_1.22.11.bb => go-cross-canadian_1.22.12.bb} | 0
 .../go/{go-cross_1.22.11.bb => go-cross_1.22.12.bb}         | 0
 .../go/{go-crosssdk_1.22.11.bb => go-crosssdk_1.22.12.bb}   | 0
 .../go/{go-runtime_1.22.11.bb => go-runtime_1.22.12.bb}     | 0
 meta/recipes-devtools/go/{go_1.22.11.bb => go_1.22.12.bb}   | 0
 7 files changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-devtools/go/{go-1.22.11.inc => go-1.22.12.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.22.11.bb => go-binary-native_1.22.12.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.22.11.bb => go-cross-canadian_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.22.11.bb => go-cross_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.22.11.bb => go-crosssdk_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.22.11.bb => go-runtime_1.22.12.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.22.11.bb => go_1.22.12.bb} (100%)

diff --git a/meta/recipes-devtools/go/go-1.22.11.inc b/meta/recipes-devtools/go/go-1.22.12.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.22.11.inc
rename to meta/recipes-devtools/go/go-1.22.12.inc
index 21222bea4e..05aa3a95b6 100644
--- a/meta/recipes-devtools/go/go-1.22.11.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
     file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
 "
-SRC_URI[main.sha256sum] = "a60c23dec95d10a2576265ce580f57869d5ac2471c4f4aca805addc9ea0fc9fe"
+SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.11.bb b/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
similarity index 78%
rename from meta/recipes-devtools/go/go-binary-native_1.22.11.bb
rename to meta/recipes-devtools/go/go-binary-native_1.22.12.bb
index a526cc88bc..747737ff94 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.11.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
 
 # Checksums available at https://go.dev/dl/
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991"
-SRC_URI[go_linux_arm64.sha256sum] = "9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031"
-SRC_URI[go_linux_ppc64le.sha256sum] = "963a0ec973640b23ee8bb7a462cc415276fd8436111a03df8c34eb3b1ae29f12"
+SRC_URI[go_linux_amd64.sha256sum] = "4fa4f869b0f7fc6bb1eb2660e74657fbf04cdd290b5aef905585c86051b34d43"
+SRC_URI[go_linux_arm64.sha256sum] = "fd017e647ec28525e86ae8203236e0653242722a7436929b1f775744e26278e7"
+SRC_URI[go_linux_ppc64le.sha256sum] = "9573d30003b0796717a99d9e2e96c48fddd4fc0f29d840f212c503b03d7de112"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.22.11.bb b/meta/recipes-devtools/go/go-cross-canadian_1.22.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.22.11.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.22.11.bb b/meta/recipes-devtools/go/go-cross_1.22.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.22.11.bb
rename to meta/recipes-devtools/go/go-cross_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.22.11.bb b/meta/recipes-devtools/go/go-crosssdk_1.22.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.22.11.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.22.11.bb b/meta/recipes-devtools/go/go-runtime_1.22.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.22.11.bb
rename to meta/recipes-devtools/go/go-runtime_1.22.12.bb
diff --git a/meta/recipes-devtools/go/go_1.22.11.bb b/meta/recipes-devtools/go/go_1.22.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.22.11.bb
rename to meta/recipes-devtools/go/go_1.22.12.bb
-- 
2.43.0

[OE-core][scarthgap 12/14] cmake: apply parallel build settings to ptest tasks

[Steve Sakoman]

From: Peter Marko <peter.marko@siemens.com>

ptest compile and install tasks do not have parallel build settings for
cmake. On powerful build machines this can cause overload situations
and oomkills.
Observed when building qtgrpc with ptest generally enabled in distro.

Having this in ptest class is suboptimal, but creating ptest-cmake class
just for these two variables is probably overkill.

(From OE-Core rev: 3c311fbf0c2090268e9b83123d762b05b61b4074)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-recipe/cmake.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes-recipe/cmake.bbclass b/meta/classes-recipe/cmake.bbclass
index 3d3781ef33..e8aca0db8b 100644
--- a/meta/classes-recipe/cmake.bbclass
+++ b/meta/classes-recipe/cmake.bbclass
@@ -67,6 +67,8 @@ EXTRA_OECMAKE:append = " ${PACKAGECONFIG_CONFARGS}"
 export CMAKE_BUILD_PARALLEL_LEVEL
 CMAKE_BUILD_PARALLEL_LEVEL:task-compile = "${@oe.utils.parallel_make(d, False)}"
 CMAKE_BUILD_PARALLEL_LEVEL:task-install = "${@oe.utils.parallel_make(d, True)}"
+CMAKE_BUILD_PARALLEL_LEVEL:task-compile-ptest-base = "${@oe.utils.parallel_make(d, False)}"
+CMAKE_BUILD_PARALLEL_LEVEL:task-install-ptest-base = "${@oe.utils.parallel_make(d, True)}"
 
 OECMAKE_TARGET_COMPILE ?= "all"
 OECMAKE_TARGET_INSTALL ?= "install"
-- 
2.43.0

[OE-core][scarthgap 13/14] qemu: Do not define sched_attr with glibc >= 2.41

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

* backporting, because it's also needed also for qemu-native builds
  on hosts with glibc >= 2.41

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 ...ed_attr-Do-not-define-for-glibc-2.41.patch | 47 +++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 4dc6c104c7..c3401533cf 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -38,6 +38,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0003-linux-user-Add-strace-for-shmat.patch \
            file://0004-linux-user-Rewrite-target_shmat.patch \
            file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
+           file://0001-sched_attr-Do-not-define-for-glibc-2.41.patch \
            file://qemu-guest-agent.init \
            file://qemu-guest-agent.udev \
            "
diff --git a/meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch b/meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch
new file mode 100644
index 0000000000..edb3e304c9
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-sched_attr-Do-not-define-for-glibc-2.41.patch
@@ -0,0 +1,47 @@
+From ddb27569449c941014fa44b1b542de0831d993a0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 10 Oct 2024 22:40:32 -0700
+Subject: [PATCH v2] sched_attr: Do not define for glibc >= 2.41
+
+glibc 2.41+ has added [1] definitions for sched_setattr and sched_getattr functions
+and struct sched_attr. Therefore, it needs to be checked for here as well before
+defining sched_attr
+
+Define sched_attr conditionally on SCHED_ATTR_SIZE_VER0
+
+Fixes builds with glibc/trunk
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=21571ca0d70302909cf72707b2a7736cf12190a0;hp=298bc488fdc047da37482f4003023cb9adef78f8
+
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/qemu-devel/patch/20241011193140.1047648-1-raj.khem@gmail.com/]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Cc: Laurent Vivier <laurent@vivier.eu>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+---
+v2: Use SCHED_ATTR_SIZE_VER0 instead of glibc version check
+
+ linux-user/syscall.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 1354e75694..caecbb765d 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -359,7 +359,8 @@ _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
+ #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
+ _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
+           unsigned long *, user_mask_ptr);
+-/* sched_attr is not defined in glibc */
++/* sched_attr is not defined in glibc < 2.41 */
++#ifndef SCHED_ATTR_SIZE_VER0
+ struct sched_attr {
+     uint32_t size;
+     uint32_t sched_policy;
+@@ -372,6 +373,7 @@ struct sched_attr {
+     uint32_t sched_util_min;
+     uint32_t sched_util_max;
+ };
++#endif
+ #define __NR_sys_sched_getattr __NR_sched_getattr
+ _syscall4(int, sys_sched_getattr, pid_t, pid, struct sched_attr *, attr,
+           unsigned int, size, unsigned int, flags);
-- 
2.43.0

[OE-core][scarthgap 14/14] base-files: Drop /bin/sh dependency

[Steve Sakoman]

From: Marek Vasut <marex@denx.de>

Remove /bin/sh from bash RPROVIDES as this has a side-effect which
confuses rpm package manager when also busybox provides /bin/sh and
base-files depend on /bin/sh . The problem is broken down below.

First, bash depends on base-files and bash pkg_postinst must run
after base-files was installed, because it requires /etc/shells
provided by base-files to be in place.

Second, base-files depends on /bin/sh, which is provided by either
bash or busybox in this case. This is the actual problem here, if
bash is selected as /bin/sh provider, then there is cyclic dependency
between bash and base-files, and that confuses dnf which may install
the packages in the wrong order, bash first and base-files second .

To make this worse, if busybox is also /bin/sh provider, it can and
does happen that some systems pick busybox as the /bin/sh provider,
while others pick bash as the /bin/sh provider, and that cyclic
dependency does not always appear.

Attempt to break this dependency, remove pre-inst script from the
base-files recipe, which removes its dependency on /bin/sh and
allows it to be installed very early, and always before bash.

(From OE-Core rev: e71b64a9b22c7db316e92e78a4bce8b9f994a4ae)

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../base-files/base-files_3.0.14.bb           | 23 -------------------
 1 file changed, 23 deletions(-)

diff --git a/meta/recipes-core/base-files/base-files_3.0.14.bb b/meta/recipes-core/base-files/base-files_3.0.14.bb
index 9fab53ce63..5d13b6249d 100644
--- a/meta/recipes-core/base-files/base-files_3.0.14.bb
+++ b/meta/recipes-core/base-files/base-files_3.0.14.bb
@@ -70,29 +70,6 @@ hostname = "${MACHINE}"
 
 BASEFILESISSUEINSTALL ?= "do_install_basefilesissue"
 
-# In previous versions of base-files, /run was a softlink to /var/run and the
-# directory was located in /var/volatlie/run.  Also, /var/lock was a softlink
-# to /var/volatile/lock which is where the real directory was located.  Now,
-# /run and /run/lock are the real directories.  If we are upgrading, we may
-# need to remove the symbolic links first before we create the directories.
-# Otherwise the directory creation will fail and we will have circular symbolic
-# links.
-# 
-pkg_preinst:${PN} () {
-    #!/bin/sh -e
-    if [ x"$D" = "x" ]; then
-        if [ -h "/var/lock" ]; then
-            # Remove the symbolic link
-            rm -f /var/lock
-        fi
-
-        if [ -h "/run" ]; then
-            # Remove the symbolic link
-            rm -f /run
-        fi
-    fi     
-}
-
 do_install () {
 	for d in ${dirs555}; do
 		install -m 0555 -d ${D}$d
-- 
2.43.0

Patchtest results for [OE-core][scarthgap 09/14] python3: upgrade 3.12.8 -> 3.12.9

[patchtest]

[-- Attachment #1: Type: text/plain, Size: 2979 bytes --]

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/scarthgap-09-14-python3-upgrade-3.12.8---3.12.9.patch

FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format)

PASS: pretest src uri left files (test_metadata.TestMetadata.pretest_src_uri_left_files)
PASS: test CVE check ignore (test_metadata.TestMetadata.test_cve_check_ignore)
PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence)
PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test lic files chksum modified not mentioned (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test src uri left files (test_metadata.TestMetadata.test_src_uri_left_files)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)

SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

[OE-core][scarthgap 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, April 25

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1437

The following changes since commit 04038ecd1edd6592b826665a2b787387bb7074fa:

  build-appliance-image: Update to scarthgap head revision (2025-04-19 14:43:09 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Ashish Sharma (1):
  binutils: patch CVE-2025-1182

Guðni Már Gilbert (2):
  systemd: upgrade 255.17 -> 255.18
  bluez5: add missing tools to noinst-tools package

Igor Opaniuk (1):
  wic: bootimg-efi: Support + symbol in filenames

Peter Marko (2):
  sqlite3: patch CVE-2025-3277
  sqlite3: patch CVE-2025-29088

Soumya Sambu (1):
  python3-jinja2: upgrade 3.1.4 -> 3.1.6

Vijay Anusuri (5):
  libsoup: Fix CVE-2025-32910
  libsoup: Fix CVE-2025-32909
  libsoup: Fix CVE-2025-32911 & CVE-2025-32913
  libsoup: Fix CVE-2025-32912
  libsoup: Fix CVE-2025-32906

Yogita Urade (2):
  curl: fix CVE-2024-11053
  curl: fix CVE-2025-0167

 .../bluez5/bluez5_5.72.bb                     |   8 +-
 ...55.17.bb => systemd-boot-native_255.18.bb} |   0
 ...-boot_255.17.bb => systemd-boot_255.18.bb} |   0
 meta/recipes-core/systemd/systemd.inc         |   2 +-
 ...1-missing_type.h-add-comparison_fn_t.patch |   2 +-
 ...k-parse_printf_format-implementation.patch |   4 +-
 ...tall-dependency-links-at-install-tim.patch |   2 +-
 ...missing.h-check-for-missing-strndupa.patch |   6 +-
 ...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch |   4 +-
 ...005-add-missing-FTW_-macros-for-musl.patch |   2 +-
 ...06-Use-uintmax_t-for-handling-rlim_t.patch |   2 +-
 ...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch |   2 +-
 ...patible-basename-for-non-glibc-syste.patch |   2 +-
 ...implment-systemd-sysv-install-for-OE.patch |   2 +-
 ...uffering-when-writing-to-oom_score_a.patch |   4 +-
 ...compliant-strerror_r-from-GNU-specif.patch |   2 +-
 ...definition-of-prctl_mm_map-structure.patch |   2 +-
 ...-not-disable-buffer-in-writing-files.patch |   2 +-
 .../0013-Handle-__cpu_mask-usage.patch        |   2 +-
 .../systemd/0014-Handle-missing-gshadow.patch |   8 +-
 ...l.h-Define-MIPS-ABI-defines-for-musl.patch |   2 +-
 ...ass-correct-parameters-to-getdents64.patch |   4 +-
 .../0017-Adjust-for-musl-headers.patch        |   2 +-
 ...trerror-is-assumed-to-be-GNU-specifi.patch |   2 +-
 ...util-Make-STRERROR-portable-for-musl.patch |   2 +-
 ...ake-malloc_trim-conditional-on-glibc.patch |   2 +-
 ...hared-Do-not-use-malloc_info-on-musl.patch |   2 +-
 ...22-avoid-missing-LOCK_EX-declaration.patch |   2 +-
 .../{systemd_255.17.bb => systemd_255.18.bb}  |   0
 .../binutils/binutils-2.42.inc                |   1 +
 .../binutils/binutils/CVE-2025-1182.patch     |  33 +
 ...inja2_3.1.4.bb => python3-jinja2_3.1.6.bb} |   5 +-
 .../curl/curl/CVE-2024-11053-0001.patch       | 353 +++++++++
 .../curl/curl/CVE-2024-11053-0002.patch       | 728 ++++++++++++++++++
 .../curl/curl/CVE-2024-11053-0003.patch       | 130 ++++
 .../curl/curl/CVE-2025-0167.patch             | 178 +++++
 meta/recipes-support/curl/curl_8.7.1.bb       |   4 +
 .../libsoup-3.4.4/CVE-2025-32906-1.patch      |  61 ++
 .../libsoup-3.4.4/CVE-2025-32906-2.patch      |  83 ++
 .../libsoup-3.4.4/CVE-2025-32909.patch        |  36 +
 .../libsoup-3.4.4/CVE-2025-32910-1.patch      |  98 +++
 .../libsoup-3.4.4/CVE-2025-32910-2.patch      | 149 ++++
 .../libsoup-3.4.4/CVE-2025-32910-3.patch      |  27 +
 .../CVE-2025-32911_CVE-2025-32913-1.patch     |  72 ++
 .../CVE-2025-32911_CVE-2025-32913-2.patch     |  44 ++
 .../libsoup-3.4.4/CVE-2025-32912-1.patch      |  41 +
 .../libsoup-3.4.4/CVE-2025-32912-2.patch      |  30 +
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |  10 +
 .../sqlite/sqlite3/CVE-2025-29088.patch       | 179 +++++
 .../sqlite/sqlite3/CVE-2025-3277.patch        |  28 +
 meta/recipes-support/sqlite/sqlite3_3.45.3.bb |   5 +-
 scripts/lib/wic/plugins/source/bootimg-efi.py |   2 +-
 52 files changed, 2335 insertions(+), 38 deletions(-)
 rename meta/recipes-core/systemd/{systemd-boot-native_255.17.bb => systemd-boot-native_255.18.bb} (100%)
 rename meta/recipes-core/systemd/{systemd-boot_255.17.bb => systemd-boot_255.18.bb} (100%)
 rename meta/recipes-core/systemd/{systemd_255.17.bb => systemd_255.18.bb} (100%)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
 rename meta/recipes-devtools/python/{python3-jinja2_3.1.4.bb => python3-jinja2_3.1.6.bb} (81%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-11053-0001.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-11053-0002.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-11053-0003.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-0167.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32906-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32909.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32910-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32911_CVE-2025-32913-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32912-2.patch
 create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-29088.patch
 create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch

-- 
2.43.0

[OE-core][scarthgap 00/14] Patch review

[Steve Sakoman]

Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, June 4

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1695

The following changes since commit 56431a98ac661eaa42803e83a9ede6eae0b72b67:

  u-boot: ensure keys are generated before assembling U-Boot FIT image (2025-05-27 09:47:09 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Ashish Sharma (1):
  screen: patch CVE-2025-46805

Bruce Ashfield (8):
  linux-yocto/6.6: update to v6.6.85
  linux-yocto/6.6: fix beaglebone ethernet
  linux-yocto/6.6: update to v6.6.86
  linux-yocto/6.6: update to v6.6.87
  linux-yocto/6.6: update to v6.6.88
  linux-yocto/6.6: update to v6.6.89
  linux-yocto/6.6: update to v6.6.91
  linux-yocto/6.6: update to v6.6.92

Hitendra Prajapati (2):
  libsoup-3.4.4: Fix CVE-2025-4969
  libsoup-2.4: Fix CVE-2025-4969

NeilBrown (1):
  nfs-utils: don't use signals to shut down nfs server.

Richard Purdie (1):
  sstatetests: Switch to new CDN

Wang Mingyu (1):
  ghostscript: upgrade 10.05.0 -> 10.05.1

 meta/lib/oeqa/selftest/cases/sstatetests.py   |   2 +-
 .../nfs-utils/nfs-utils/nfsserver             |  28 +----
 ...ript_10.05.0.bb => ghostscript_10.05.1.bb} |   2 +-
 .../screen/screen/CVE-2025-46805.patch        | 101 ++++++++++++++++++
 meta/recipes-extended/screen/screen_4.9.1.bb  |   1 +
 .../linux/linux-yocto-rt_6.6.bb               |   6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  |  28 ++---
 .../libsoup/libsoup-2.4/CVE-2025-4969.patch   |  76 +++++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |   1 +
 .../libsoup/libsoup-3.4.4/CVE-2025-4969.patch |  76 +++++++++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   1 +
 12 files changed, 282 insertions(+), 46 deletions(-)
 rename meta/recipes-extended/ghostscript/{ghostscript_10.05.0.bb => ghostscript_10.05.1.bb} (97%)
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46805.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4969.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-4969.patch

-- 
2.43.0