* [OE-core][whinlatter 00/18] Patch review
@ 2025-12-21 21:36 Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 01/18] binutils: Fix CVE-2025-11494 Steve Sakoman
` (17 more replies)
0 siblings, 18 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for whinlatter and have comments back by
end of day Tuesday December 23
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2893
Note: there was a failure in the Send QA Email task, but this is an known
issue that also is present on the master branch
The following changes since commit 8519978592483bb096ed5192fff7af6c887b799e:
build-appliance-image: Update to whinlatter head revisions (2025-11-26 13:33:50 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-nut
Bruce Ashfield (8):
linux-yocto/6.12: update to v6.12.57
linux-yocto/6.12: update CVE exclusions (6.12.57)
linux-yocto/6.12: update to v6.12.58
linux-yocto/6.12: update CVE exclusions (6.12.58)
linux-yocto/6.12: update to v6.12.59
linux-yocto/6.12: update CVE exclusions (6.12.59)
linux-yocto/6.12: update to v6.12.60
linux-yocto/6.12: update CVE exclusions (6.12.60)
Chen Qi (1):
xserver-nodm-init: avoid race condition related to udev
Deepesh Varatharajan (1):
binutils: Fix CVE-2025-11494
Jayasurya Maganuru (2):
create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK
installation
populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked
sigs
Martin Jansa (1):
cross.bbclass: Propagate dependencies to outhash
Moritz Haase (1):
curl: Use host CA bundle by default for native(sdk) builds
Paul Barker (1):
cve-update: Avoid NFS caching issues
Peter Marko (1):
go: upgrade 1.25.4 -> 1.25.5
Stefano Tondo (1):
spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation
Vijay Anusuri (1):
libssh2: fix regression in KEX method validation (GH-1553)
.../create-spdx-image-3.0.bbclass | 2 +-
meta/classes-recipe/cross.bbclass | 36 ++
meta/classes-recipe/populate_sdk_ext.bbclass | 9 +
meta/lib/oe/spdx30_tasks.py | 4 +-
meta/lib/oeqa/selftest/cases/spdx.py | 85 +++-
.../recipes-core/meta/cve-update-db-native.bb | 9 +-
.../meta/cve-update-nvd2-native.bb | 9 +-
.../binutils/binutils-2.45.inc | 1 +
.../binutils/0018-CVE-2025-11494.patch | 43 ++
.../go/{go-1.25.4.inc => go-1.25.5.inc} | 2 +-
...e_1.25.4.bb => go-binary-native_1.25.5.bb} | 6 +-
..._1.25.4.bb => go-cross-canadian_1.25.5.bb} | 0
...{go-cross_1.25.4.bb => go-cross_1.25.5.bb} | 0
...osssdk_1.25.4.bb => go-crosssdk_1.25.5.bb} | 0
...runtime_1.25.4.bb => go-runtime_1.25.5.bb} | 0
.../go/{go_1.25.4.bb => go_1.25.5.bb} | 0
.../xserver-nodm-init/xserver-nodm.service.in | 2 +
.../linux/cve-exclusion_6.12.inc | 412 +++++++++++++++++-
.../linux/linux-yocto-rt_6.12.bb | 6 +-
.../linux/linux-yocto-tiny_6.12.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +-
meta/recipes-support/curl/curl_8.17.0.bb | 11 +-
...rror-if-user-KEX-methods-are-invalid.patch | 73 ++++
.../recipes-support/libssh2/libssh2_1.11.1.bb | 1 +
24 files changed, 682 insertions(+), 63 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0018-CVE-2025-11494.patch
rename meta/recipes-devtools/go/{go-1.25.4.inc => go-1.25.5.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.4.bb => go-binary-native_1.25.5.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.4.bb => go-cross-canadian_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.4.bb => go-cross_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.4.bb => go-crosssdk_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.4.bb => go-runtime_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.4.bb => go_1.25.5.bb} (100%)
create mode 100644 meta/recipes-support/libssh2/libssh2/0001-Return-error-if-user-KEX-methods-are-invalid.patch
--
2.43.0
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 01/18] binutils: Fix CVE-2025-11494
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
@ 2025-12-21 21:36 ` Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 02/18] linux-yocto/6.12: update to v6.12.57 Steve Sakoman
` (16 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep
_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output
.eh_frame section is non-empty.
Backport a patch from upstream to fix CVE-2025-11494
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a]
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../binutils/binutils-2.45.inc | 1 +
.../binutils/0018-CVE-2025-11494.patch | 43 +++++++++++++++++++
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/0018-CVE-2025-11494.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 288475ac39..58964a6cfb 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -43,4 +43,5 @@ SRC_URI = "\
file://CVE-2025-11412.patch \
file://CVE-2025-11413.patch \
file://CVE-2025-11495.patch \
+ file://0018-CVE-2025-11494.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-11494.patch b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-11494.patch
new file mode 100644
index 0000000000..dc4b413658
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-11494.patch
@@ -0,0 +1,43 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 30 Sep 2025 08:13:56 +0800
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a]
+CVE: CVE-2025-11494
+
+Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep
+_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output
+.eh_frame section is non-empty.
+
+ PR ld/33499
+ * elfxx-x86.c (_bfd_x86_elf_late_size_sections): Keep
+ _GLOBAL_OFFSET_TABLE_ if there is dynamic section and the
+ output .eh_frame section is non-empty.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
+index c054f7cd..ddc15945 100644
+--- a/bfd/elfxx-x86.c
++++ b/bfd/elfxx-x86.c
+@@ -2447,6 +2447,8 @@ _bfd_x86_elf_late_size_sections (bfd *output_bfd,
+
+ if (htab->elf.sgotplt)
+ {
++ asection *eh_frame;
++
+ /* Don't allocate .got.plt section if there are no GOT nor PLT
+ entries and there is no reference to _GLOBAL_OFFSET_TABLE_. */
+ if ((htab->elf.hgot == NULL
+@@ -2459,7 +2461,11 @@ _bfd_x86_elf_late_size_sections (bfd *output_bfd,
+ && (htab->elf.iplt == NULL
+ || htab->elf.iplt->size == 0)
+ && (htab->elf.igotplt == NULL
+- || htab->elf.igotplt->size == 0))
++ || htab->elf.igotplt->size == 0)
++ && (!htab->elf.dynamic_sections_created
++ || (eh_frame = bfd_get_section_by_name (output_bfd,
++ ".eh_frame")) == NULL
++ || eh_frame->rawsize == 0))
+ {
+ htab->elf.sgotplt->size = 0;
+ /* Solaris requires to keep _GLOBAL_OFFSET_TABLE_ even if it
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 02/18] linux-yocto/6.12: update to v6.12.57
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 01/18] binutils: Fix CVE-2025-11494 Steve Sakoman
@ 2025-12-21 21:36 ` Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 03/18] linux-yocto/6.12: update CVE exclusions (6.12.57) Steve Sakoman
` (15 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
8a243ecde1f64 Linux 6.12.57
800101f6ab9d3 btrfs: tree-checker: fix bounds check in check_inode_extref()
f21623b844673 sfc: fix NULL dereferences in ef100_process_design_param()
29b65a3171a49 udmabuf: fix a buf size overflow issue during udmabuf creation
57100b87c7781 wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
68ec78beb4a3f iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
1e9ad8e56693d gpio: idio-16: Define fixed direction of the GPIO lines
0537e524feca9 gpio: regmap: add the .fixed_direction_output configuration parameter
512c19320c42e gpio: regmap: Allow to allocate regmap-irq device
41e98f2789b33 bits: introduce fixed-type GENMASK_U*()
17143f5b09671 bits: add comments and newlines to #if, #else and #endif directives
6f3af8055ee7a bonding: check xdp prog when set bond mode
da82ac2a03eeb bonding: return detailed error when loading native XDP fails
4a63523d3541e wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
2dda0930fb79b f2fs: fix to avoid panic once fallocation fails for pinfile
bdb0e04154145 mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
dbd0aa9456b15 selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported
e762ddf34f062 selftests: mptcp: disable add_addr retrans in endpoint_tests
0e0bdcea10540 docs: kdoc: handle the obsolescensce of docutils.ErrorString()
cc89ac0ca5230 arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c
8297de569e56e sched_ext: Make qmap dump operation non-destructive
4270dc1e8d338 btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot()
7db72c34ef54d btrfs: tree-checker: add inode extref checks
32054a9216beb btrfs: abort transaction if we fail to update inode in log replay dir fixup
90542dc854a28 btrfs: use level argument in log tree walk callback replay_one_buffer()
403eb8a1ba869 btrfs: always drop log root tree reference in btrfs_replay_log()
500784abb5468 btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io()
cfc90c12a91af btrfs: zoned: refine extent allocator hint selection
69a9df08eb208 btrfs: zoned: return error from btrfs_zone_finish_endio()
630378d35b74d btrfs: abort transaction in the process_one_buffer() log tree walk callback
3b0bcce1a2d3f btrfs: abort transaction on specific error places when walking log tree
cf9459ce31c3d cpuset: Use new excpus for nocpu error check when enabling root partition
e72270986a9c8 EDAC/mc_sysfs: Increase legacy channel support to 16
537427cb38a28 x86/bugs: Fix reporting of LFENCE retpoline
65dc4615edda8 x86/bugs: Report correct retbleed mitigation status
1c0462f28bb77 seccomp: passthrough uprobe systemcall without filtering
d6c55b581ca72 perf: Skip user unwind if the task is a kernel thread
8d33b133b89c4 perf: Have get_perf_callchain() return NULL if crosstask and user are set
8d79f96e477c4 perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL
2aef7015d0138 perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK
9bdd94885320b audit: record fanotify event regardless of presence of rules
6ff8e74c8f8a6 net/sched: sch_qfq: Fix null-deref in agg_dequeue
4408a3d67ea73 Linux 6.12.56
898d527ed94c1 ksmbd: transport_ipc: validate payload size before reading handle
1dae549ef5dd6 xfs: always warn about deprecated mount options
5ff5765a1fc52 arm64: mte: Do not warn if the page is already tagged in copy_highpage()
1a1b13ef21cb1 devcoredump: Fix circular locking dependency with devcd->mutex.
5036d26337412 serial: sc16is7xx: remove useless enable of enhanced features
7cbf5ed24a26d serial: 8250_mtk: Enable baud clock and manage in runtime PM
0bd9be06de6e7 serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018
d50a92393c6f1 serial: 8250_dw: handle reset control deassert error
34669730146dc dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
e6210ff79396f tcpm: switch check for role_sw device with fw_node
7d851f746067b most: usb: hdm_probe: Fix calling put_device() before device initialization
f93a84ffb884d most: usb: Fix use-after-free in hdm_disconnect
e17b13387827a misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
fe408f5759cd6 objtool/rust: add one more `noreturn` Rust function
396cb58007ad4 mei: me: add wildcat lake P DID
a4bb5d1bc2f23 comedi: fix divide-by-zero in comedi_buf_munge()
352745fe3b2b7 binder: remove "invalid inc weak" check
e1e9175a3c6c5 x86/microcode: Fix Entrysign revision check for Zen1/Naples
533b917e065fb xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event
248468f4ea9c9 xhci: dbc: enable back DbC in resume if it was enabled before suspend
a8d81c9599f6e usb: raw-gadget: do not limit transfer length
d1446a98ca5f7 usb/core/quirks: Add Huawei ME906S to wakeup quirk
f805ddd2e09ea USB: serial: option: add Telit FN920C04 ECM compositions
cad1c70d84c8e USB: serial: option: add Quectel RG255C
50ee25061c47c USB: serial: option: add UNISOC UIS7720
782977c0d8ba4 platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
ca44ae51b99c0 Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP
c0325d68926b0 io_uring/sqpoll: be smarter on when to update the stime usage
f8a1a583ebf1f io_uring/sqpoll: switch away from getrusage() for CPU accounting
ea285d5700a21 sched: Remove never used code in mm_cid_get()
5a7b5d85d0dd0 io_uring: correct __must_hold annotation in io_install_fixed_file
f999680473c98 gpio: ljca: Fix duplicated IRQ mapping
07f5d021d764e drm/panic: Fix qr_code, ensure vmargin is positive
9630c168a9dc3 drm/panic: Fix drawing the logo on a small narrow screen
924335412db89 nbd: override creds to kernel when calling sock_{send,recv}msg()
ea3cca61b7533 hwmon: (sht3x) Fix error handling
3c5b3dc301ee7 riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id()
17cb88c82e450 RISC-V: Don't print details of CPUs disabled in DT
0e0e4f32207c2 RISC-V: Define pgprot_dmacoherent() for non-coherent devices
efe6dced35120 drm/panthor: Fix kernel panic on partial unmap of a GPU VA region
4e9a2d592d91b spi: airoha: fix reading/writing of flashes with more than one plane per lun
8063828625359 spi: airoha: switch back to non-dma mode in the case of error
ad00df9ee321e spi: airoha: do not keep {tx,rx} dma buffer always mapped
182221d35c142 spi: airoha: add support of dual/quad wires spi modes to exec_op() handler
f5dc5baa5b04c spi: airoha: return an error for continuous mode dirmap creation cases
74f0c573d3d41 firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode
e088efcd97cb7 firmware: arm_scmi: Account for failed debug initialization
dac7eba5f69f7 arm64: dts: broadcom: bcm2712: Define VGIC interrupt
1a45d3083d7c8 arm64: dts: broadcom: bcm2712: Add default GIC address cells
5d06d159227be spi: spi-nxp-fspi: add extra delay after dll locked
f28092be4e12b drm/amd/display: increase max link count and fix link->enc NULL pointer access
6fc0a7c99e973 mm: prevent poison consumption when splitting THP
136b10ed3ee30 selftests: mptcp: join: mark implicit tests as skipped if not supported
cb1dd8f65bec9 selftests: mptcp: join: mark 'flush re-add' as skipped if not supported
629ea2fef2f73 net: ravb: Ensure memory write completes before ringing TX doorbell
ec2153de08145 net: ravb: Enforce descriptor type ordering
5537ed78a51c2 net: usb: rtl8150: Fix frame padding
427f24b9f6779 net: stmmac: dwmac-rk: Fix disabling set_clock_selection
251caee792a21 vsock: fix lock inversion in vsock_assign_transport()
bb69928ed578f ocfs2: clear extent cache after moving/defragmenting extents
42f3df4960d93 MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering
c199595db5dba cifs: Fix TCP_Server_Info::credits to be signed
86bc2c660b0ac can: netlink: can_changelink(): allow disabling of automatic restart
5932988d8a9eb ACPICA: Work around bogus -Wstringop-overread warning since GCC 11
f3886f075c1fe slab: Fix obj_ext mistakenly considered NULL due to race condition
c7af5300d7846 slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts
19f4e86b2cd37 Revert "cpuidle: menu: Avoid discarding useful information"
26a0fa0d5eceb xfs: fix locking in xchk_nlinks_collect_dir
06eb8738a3e25 gpio: 104-idio-16: Define maximum valid register address offset
4c71f1c293cfb gpio: pci-idio-16: Define maximum valid register address offset
b1c2b4e6ffd30 btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots()
4537930312448 arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
85d65fb07160b dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC
3ce82b19a6ef1 net: bonding: fix possible peer notify event loss or dup issue
3f307a9f7a7a2 fs/notify: call exportfs_encode_fid with s_umount
7e212cebc863c net/mlx5: Fix IPsec cleanup over MPV device
da1ef8e9eb5d4 net: phy: micrel: always set shared->phydev for LAN8814
7a832b0f99be1 sctp: avoid NULL dereference when chunk data buffer is missing
d72f6e2672185 ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop
cb974263ba15b arm64, mm: avoid always making PTE dirty in pte_mkwrite()
e61fb4b6254b1 net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions
5b6fc95c4a161 net/smc: fix general protection fault in __smc_diag_dump
cb9edd583e239 net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ
0049fd6388150 net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ
ae71c16c96a6e net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead
4688adccd4cfb selftests: net: fix server bind failure in sctp_vrf.sh
1a6ede2017b6f can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb()
ab1b49d023408 can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb()
1ffccf3592a8e can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb()
781a20d54b5d1 dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
9039fae7f45fc net: enetc: correct the value of ENETC_RXB_TRUESIZE
1f92f5bd057a4 net: enetc: fix the deadlock of enetc_mdio_lock
ada21254a9db9 rtnetlink: Allow deleting FDB entries in user namespace
1f28de3df0ecf net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size()
5dacb83302ce8 PM: EM: Fix late boot with holes in CPU topology
4051c28c78ed7 PM: EM: Move CPU capacity check to em_adjust_new_capacity()
f6c85e8097127 PM: EM: Slightly reduce em_check_capacity_update() overhead
deeede236b48c PM: EM: Drop unused parameter from em_adjust_new_capacity()
73a722a4f181a Unbreak 'make tools/*' for user-space targets
a135fc271df53 smb: server: let smb_direct_flush_send_list() invalidate a remote key first
2770e2079995c s390/mm: Use __GFP_ACCOUNT for user page table allocations
b625a08356543 drivers/perf: hisi: Relax the event ID check in the framework
9bc631f9520e8 powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure
27cfc3bbcbdba m68k: bitops: Fix find_*_bit() signatures
279bde3bbb0ac gfs2: Fix unlikely race in gdlm_put_lock
ec2830217b1ab arm64: sysreg: Correct sign definitions for EIESB and DoubleLock
52cd925d5da07 lkdtm: fortify: Fix potential NULL dereference on kmalloc failure
3b529ec89bd94 PCI: Test for bit underflow in pcie_set_readrq()
0254a0d73667d hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super()
3b447fd401824 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
e23c071acb638 dlm: check for defined force value in dlm_lockspace_release
295527bfdefd5 hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
17ed51cfce6c6 hfs: validate record offset in hfsplus_bmap_alloc
99202d94909d3 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
46e13d36ee699 hfs: make proper initalization of struct hfs_find_data
2d5eb500edf43 hfs: clear offset and space out of valid records in b-tree node
90f5f715550e0 nios2: ensure that memblock.current_limit is set when setting pfn limits
6b0a292577935 exec: Fix incorrect type for ret
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd9e7d064555e1daf6d06aba82b1722e9cebc80f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.12.bb | 6 ++--
.../linux/linux-yocto-tiny_6.12.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index cccd9b28e9..b778a7aac5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "014bc4e5637527525b6f97f58a09f2207c140293"
-SRCREV_meta ?= "3f0dcb29edf14029f130bc493a939b67ea27852e"
+SRCREV_machine ?= "af2d3ab81402c14f81072715d771097a0dfcb427"
+SRCREV_meta ?= "2987fc4250f2ad7f6e2df663bba0742638fbae51"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.12.55"
+LINUX_VERSION ?= "6.12.57"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index d3be33cf38..a1636f536d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.12.inc
-LINUX_VERSION ?= "6.12.55"
+LINUX_VERSION ?= "6.12.57"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_meta ?= "3f0dcb29edf14029f130bc493a939b67ea27852e"
+SRCREV_machine ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_meta ?= "2987fc4250f2ad7f6e2df663bba0742638fbae51"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index fa6a0ba936..fa761a3ee1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.12/standard/base"
KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "e646fbdc560660a283cb67b585c37ae73610c31b"
-SRCREV_machine:qemuarm64 ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemuloongarch64 ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemumips ?= "b1b7883585a3e1adce260c566b8986b5c8d5a12e"
-SRCREV_machine:qemuppc ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemuriscv64 ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemuriscv32 ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemux86 ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemux86-64 ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_machine:qemumips64 ?= "74368748436dddfe2b5cef23fe9f4c149709cc97"
-SRCREV_machine ?= "c77f4d163458157a4c88d9cd9e175543a5d20140"
-SRCREV_meta ?= "3f0dcb29edf14029f130bc493a939b67ea27852e"
+SRCREV_machine:qemuarm ?= "8d546b19fe6f217785674b80de068bdbe0bf32fc"
+SRCREV_machine:qemuarm64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemuloongarch64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemumips ?= "fc2ecbb2ff9ad036cbe11762e51c458150f56aea"
+SRCREV_machine:qemuppc ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemuriscv64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemuriscv32 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemux86 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemux86-64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_machine:qemumips64 ?= "bde855d69b528925fb0f6b44c87105def1c69ea4"
+SRCREV_machine ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
+SRCREV_meta ?= "2987fc4250f2ad7f6e2df663bba0742638fbae51"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "fcd03f7736b1fa2b2181a7306d14008aa36b66ed"
+SRCREV_machine:class-devupstream ?= "4fc43debf5047d2469bdef3b25c02121afa7ef3d"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.12/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.55"
+LINUX_VERSION ?= "6.12.57"
PV = "${LINUX_VERSION}+git"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 03/18] linux-yocto/6.12: update CVE exclusions (6.12.57)
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 01/18] binutils: Fix CVE-2025-11494 Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 02/18] linux-yocto/6.12: update to v6.12.57 Steve Sakoman
@ 2025-12-21 21:36 ` Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 04/18] linux-yocto/6.12: update to v6.12.58 Steve Sakoman
` (14 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/CVEProject/cvelistV5
1/1 [
Author: cvelistV5 Github Action
Email: github_action@example.com
Subject: 4 changes (1 new | 3 updated): - 1 new CVEs: CVE-2025-8558 - 3 updated CVEs: CVE-2014-5406, CVE-2023-7312, CVE-2025-50363
Date: Mon, 3 Nov 2025 18:44:24 +0000
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c7a27b24747dbdbd6d1dde99486ecc7e79fb34f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/cve-exclusion_6.12.inc | 194 ++++++++++++++++--
1 file changed, 180 insertions(+), 14 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 1e596c11b7..b35fb07d31 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-10-28 03:21:45.408892+00:00 for kernel version 6.12.55
-# From linux_kernel_cves cve_2025-10-28_0200Z-1-g573c9628fcf
+# Generated at 2025-11-03 18:50:12.770797+00:00 for kernel version 6.12.57
+# From linux_kernel_cves cve_2025-11-03_1800Z-3-g832f00439f0
python check_kernel_cve_status_version() {
- this_version = "6.12.55"
+ this_version = "6.12.57"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -6806,8 +6806,6 @@ CVE_STATUS[CVE-2023-53291] = "fixed-version: Fixed from version 6.5"
CVE_STATUS[CVE-2023-53292] = "fixed-version: Fixed from version 6.5"
-CVE_STATUS[CVE-2023-53293] = "fixed-version: Fixed from version 6.4"
-
CVE_STATUS[CVE-2023-53294] = "fixed-version: Fixed from version 6.4"
CVE_STATUS[CVE-2023-53295] = "fixed-version: Fixed from version 6.3"
@@ -7676,6 +7674,8 @@ CVE_STATUS[CVE-2023-53732] = "fixed-version: Fixed from version 6.4"
CVE_STATUS[CVE-2023-53733] = "fixed-version: Fixed from version 6.5"
+CVE_STATUS[CVE-2023-7324] = "fixed-version: Fixed from version 6.3"
+
CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
@@ -13644,7 +13644,7 @@ CVE_STATUS[CVE-2024-57993] = "cpe-stable-backport: Backported in 6.12.13"
CVE_STATUS[CVE-2024-57994] = "cpe-stable-backport: Backported in 6.12.13"
-# CVE-2024-57995 needs backporting (fixed from 6.14)
+CVE_STATUS[CVE-2024-57995] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2024-57996] = "cpe-stable-backport: Backported in 6.12.13"
@@ -14206,7 +14206,7 @@ CVE_STATUS[CVE-2025-21831] = "cpe-stable-backport: Backported in 6.12.14"
CVE_STATUS[CVE-2025-21832] = "cpe-stable-backport: Backported in 6.12.14"
-# CVE-2025-21833 needs backporting (fixed from 6.14)
+CVE_STATUS[CVE-2025-21833] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2025-21834] = "cpe-stable-backport: Backported in 6.12.14"
@@ -14746,7 +14746,7 @@ CVE_STATUS[CVE-2025-22103] = "cpe-stable-backport: Backported in 6.12.46"
# CVE-2025-22104 needs backporting (fixed from 6.15)
-# CVE-2025-22105 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22105] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2025-22106] = "cpe-stable-backport: Backported in 6.12.49"
@@ -14796,7 +14796,7 @@ CVE_STATUS[CVE-2025-22128] = "cpe-stable-backport: Backported in 6.12.35"
# CVE-2025-23129 needs backporting (fixed from 6.15)
-# CVE-2025-23130 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-23130] = "cpe-stable-backport: Backported in 6.12.57"
# CVE-2025-23131 needs backporting (fixed from 6.15)
@@ -14986,7 +14986,7 @@ CVE_STATUS[CVE-2025-37801] = "cpe-stable-backport: Backported in 6.12.26"
CVE_STATUS[CVE-2025-37802] = "cpe-stable-backport: Backported in 6.12.26"
-# CVE-2025-37803 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-37803] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2025-37805] = "cpe-stable-backport: Backported in 6.12.26"
@@ -15094,7 +15094,7 @@ CVE_STATUS[CVE-2025-37858] = "cpe-stable-backport: Backported in 6.12.24"
CVE_STATUS[CVE-2025-37859] = "cpe-stable-backport: Backported in 6.12.24"
-# CVE-2025-37860 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-37860] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2025-37861] = "cpe-stable-backport: Backported in 6.12.24"
@@ -16640,7 +16640,7 @@ CVE_STATUS[CVE-2025-38641] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2025-38642] = "fixed-version: only affects 6.13 onwards"
-# CVE-2025-38643 needs backporting (fixed from 6.17)
+CVE_STATUS[CVE-2025-38643] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2025-38644] = "cpe-stable-backport: Backported in 6.12.42"
@@ -16840,7 +16840,7 @@ CVE_STATUS[CVE-2025-39676] = "cpe-stable-backport: Backported in 6.12.44"
# CVE-2025-39677 needs backporting (fixed from 6.17)
-# CVE-2025-39678 needs backporting (fixed from 6.17)
+CVE_STATUS[CVE-2025-39678] = "cpe-stable-backport: Backported in 6.12.56"
CVE_STATUS[CVE-2025-39679] = "cpe-stable-backport: Backported in 6.12.44"
@@ -17504,7 +17504,7 @@ CVE_STATUS[CVE-2025-40012] = "cpe-stable-backport: Backported in 6.12.50"
CVE_STATUS[CVE-2025-40013] = "cpe-stable-backport: Backported in 6.12.51"
-# CVE-2025-40014 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-40014] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2025-40015] = "fixed-version: only affects 6.15 onwards"
@@ -17526,6 +17526,172 @@ CVE_STATUS[CVE-2025-40023] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2025-40024] = "cpe-stable-backport: Backported in 6.12.50"
+# CVE-2025-40025 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40026] = "cpe-stable-backport: Backported in 6.12.52"
+
+CVE_STATUS[CVE-2025-40027] = "cpe-stable-backport: Backported in 6.12.52"
+
+CVE_STATUS[CVE-2025-40028] = "cpe-stable-backport: Backported in 6.12.52"
+
+CVE_STATUS[CVE-2025-40029] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40030] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40031] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40032] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40033] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40034] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40035] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40036] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40037] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40038] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40039] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40040] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40041] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40042] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40043] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40044] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40045] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40046] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-40047] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40048] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40049] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40050] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40051] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40052] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40053] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40054 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40055] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40056] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40057] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40058] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40059] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40060] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40061] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40062] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40063] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2025-40064 needs backporting (fixed from 6.18rc1)
+
+# CVE-2025-40065 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40066] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-40067] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40068] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40069] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40070] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40071] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40072] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40073] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2025-40074 needs backporting (fixed from 6.18rc1)
+
+# CVE-2025-40075 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40076] = "fixed-version: only affects 6.17 onwards"
+
+# CVE-2025-40077 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40078] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40079] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40080] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40081] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40082] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40083] = "cpe-stable-backport: Backported in 6.12.57"
+
+CVE_STATUS[CVE-2025-40084] = "cpe-stable-backport: Backported in 6.12.56"
+
+CVE_STATUS[CVE-2025-40085] = "cpe-stable-backport: Backported in 6.12.55"
+
+# CVE-2025-40086 needs backporting (fixed from 6.18rc2)
+
+CVE_STATUS[CVE-2025-40087] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40088] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40089] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-40090] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40091] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40092] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40093] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40094] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40095] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40096] = "cpe-stable-backport: Backported in 6.12.55"
+
+# CVE-2025-40097 needs backporting (fixed from 6.18rc2)
+
+# CVE-2025-40098 needs backporting (fixed from 6.18rc2)
+
+CVE_STATUS[CVE-2025-40099] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40100] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40101] = "cpe-stable-backport: Backported in 6.12.55"
+
+# CVE-2025-40102 needs backporting (fixed from 6.18rc2)
+
+CVE_STATUS[CVE-2025-40103] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40104] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40105] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40106] = "cpe-stable-backport: Backported in 6.12.56"
+
+CVE_STATUS[CVE-2025-40107] = "cpe-stable-backport: Backported in 6.12.52"
+
CVE_STATUS[CVE-2025-40114] = "cpe-stable-backport: Backported in 6.12.23"
CVE_STATUS[CVE-2025-40300] = "cpe-stable-backport: Backported in 6.12.47"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 04/18] linux-yocto/6.12: update to v6.12.58
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-12-21 21:36 ` [OE-core][whinlatter 03/18] linux-yocto/6.12: update CVE exclusions (6.12.57) Steve Sakoman
@ 2025-12-21 21:36 ` Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 05/18] linux-yocto/6.12: update CVE exclusions (6.12.58) Steve Sakoman
` (13 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
7475d784169c7 Linux 6.12.58
b12a603d2213c drm/amd/display: Fix black screen with HDMI outputs
f4fccd55e81d3 drm/amdgpu: Fix function header names in amdgpu_connectors.c
451cd07a8f9d4 drm/amdgpu: Fix unintended error log in VCN5_0_0
3f916a93fc598 ACPI: SPCR: Check for table version when using precise baudrate
a2dae25eb803e extcon: adc-jack: Cleanup wakeup source only if it was enabled
86e7baf0ce165 drm/amd/display: update color on atomic commit time
1a9dcdabc8117 scsi: ufs: core: Add a quirk to suppress link_startup_again
2d80fad2356ee scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL
57a6a406f381c scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
c664eb1166039 lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
82fe78065450d virtio-net: fix received length check in big packets
d990c7f180aa7 drm/amd/display: Fix NULL deref in debugfs odm_combine_segments
6519650838614 drm/amdgpu/smu: Handle S0ix for vangogh
065bd62412271 smb: client: fix potential UAF in smb2_close_cached_fid()
3d82cb8465718 smb: client: validate change notify buffer before copy
a557649f0038e x86/microcode/AMD: Add more known models to entry sign checking
97f01babb4593 rtc: rx8025: fix incorrect register reference
9ac1f44723f26 parisc: Avoid crash due to unaligned access in unwinder
de7f2c67ceb19 iommufd: Don't overflow during division for dirty tracking
4b7d4aa5399b5 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
0d63031ee4a57 drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
aa4be25f41f34 drm/amd/display: Enable mst when it's detected but yet to be initialized
dc387c6def4dd tracing: Fix memory leaks in create_field_var()
29d4429a993f1 net: bridge: fix MST static key usage
bf3843183bc31 net: bridge: fix use-after-free due to MST port state bypass
c8ab03aa5bd9f lan966x: Fix sleeping in atomic context
1884402c63349 net: dsa: microchip: Fix reserved multicast address table programming
6639a9c2fa6e5 net: wan: framer: pef2256: Switch to devm_mfd_add_devices()
fbc60375ff59b net/mlx5e: SHAMPO, Fix skb size check for 64K pages
f04217a292573 net: ti: icssg-prueth: Fix fdb hash size configuration
6fc3fdc5ab190 net/mlx5e: Fix return value in case of module EEPROM read error
e8fa86b0bd968 wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup
c43fe48a30ce2 bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem()
48c3e656362f1 bnxt_en: Refactor bnxt_free_ctx_mem()
2b8503ddeb3be bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type
2c8ca35f5a202 bnxt_en: Fix a possible memory leak in bnxt_ptp_init
ae811175cea35 net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
8ed6059c2c4b6 net: ionic: map SKB after pseudo-header checksum prep
75d8062e9056a net: ionic: add dma_wmb() before ringing TX doorbell
a10496048cc57 sctp: Hold sock lock while iterating over address list
2fe08fcaacb7e sctp: Prevent TOCTOU out-of-bounds write
97a2bb90a6b64 sctp: Hold RCU read lock while iterating over address list
a366a1544e511 net: dsa: b53: stop reading ARL entries if search is done
7236a4840b4be net: dsa: b53: fix enabling ip multicast
734a04aa66477 net: dsa: b53: fix bcm63xx RGMII port link adjustment
5a8d24ef5272f net: dsa: b53: fix resetting speed and pause on forced link
70180a6031056 gpiolib: fix invalid pointer access in debugfs
5a0aca55e84d9 gpio: swnode: don't use the swnode's name as the key for GPIO lookup
a4a701a816006 net: vlan: sync VLAN features with lower device
c62376b938e69 selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh
91e2fe103be15 selftests/net: use destination options instead of hop-by-hop
3293a08538ffb selftests/net: fix out-of-order delivery of FIN in gro:tcp test
02c492301a603 net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx
fc4bb4ed4387d net: dsa: tag_brcm: legacy: reorganize functions
0545cc1a4a020 Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2()
cf2c2acec1cf4 Bluetooth: hci_event: validate skb length for unknown CC opcode
c849e6941fec2 riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro
27379fcc15a10 riscv: stacktrace: Disable KASAN checks for non-current tasks
f0b3ecdbb5bbe net: libwx: fix device bus LAN ID
b42dbef4f2083 ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up
77d4afd6c78b5 Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
0eaa0a3dfe218 drm/mediatek: Disable AFBC support on Mediatek DRM driver
a6a493b985bff media: videobuf2: forbid remove_bufs when legacy fileio is active
d3ecc18281d3d media: uvcvideo: Use heuristic to find stream entity
e2b3859067bf0 btrfs: ensure no dirty metadata is written back for an fs with errors
228573280db98 ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
9d4583a57fcc7 x86: uaccess: don't use runtime-const rewriting in modules
822166b6b764c x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro
141a3e658b6bc x86: use cmov for user address masking
07640d34a781b ceph: fix multifs mds auth caps issue
61f1263954269 ceph: refactor wake_up_bit() pattern of calling
08beed92552f3 ceph: fix potential race condition in ceph_ioctl_lazyio()
80e2b741af98a ceph: add checking of wait_for_completion_killable() return value
e2105ba1c262d drm/amdkfd: Fix mmap write lock not release
cda427c933b47 ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
12cdc37381728 kbuild: uapi: Strip comments before size type check
328ddff9ab058 net: wwan: t7xx: add support for HP DRMR-H01
7a31a7abdb104 rtc: pcf2127: fix watchdog interrupt mask on pcf2131
15ba9acafb051 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
9285548962479 tools: lib: thermal: use pkg-config to locate libnl3
f36678ddde84c tools: lib: thermal: don't preserve owner in install
df5af85e15820 tools bitmap: Add missing asm-generic/bitsperlong.h include
8effcd6db7a29 LoongArch: Handle new atomic instructions for probes
76e6561d7b1b4 ACPI: property: Return present device nodes only on fwnode interface
de7488fd00dca scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
425be0fd8c220 9p: sysfs_init: don't hardcode error to ENOMEM
0e0d3046270e0 cpufreq: tegra186: Initialize all cores to max frequencies
659233c179e0e 9p: fix /sys/fs/9p/caches overwriting itself
1c1fcba64ee5d NTB: epf: Allow arbitrary BAR mapping
a1f310511c922 clk: clocking-wizard: Fix output clock register offset for Versal platforms
6bd92bdc43664 clk: scmi: Add duty cycle ops only when duty cycle is supported
51771264b874f clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
2e1461034aef9 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN
b2cf49f469caf clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register
0fbbc9973997b clk: at91: clk-master: Add check for divide by 3
7af4f219766d5 clk: at91: sam9x7: Add peripheral clock id for pmecc
15e6440f2ab18 ARM: at91: pm: save and restore ACR during PLL disable/enable
bc56647527762 rtc: pcf2127: clear minute/second interrupt
8de8329100447 clk: sunxi-ng: sun6i-rtc: Add A523 specifics
d8c4a6d84bfdc um: Fix help message for ssl-non-raw
4e7a3e00c1a77 fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink
9a7a5d50ee2e0 clk: qcom: gcc-ipq6018: rework nss_port5 clock to multiple conf
6125acdf9aceb btrfs: mark dirty extent range for out of bound prealloc extents
3412d0e973e8f btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation
fa5867c496528 RDMA/hns: Fix wrong WQE data when QP wraps around
65ddffb2c718c RDMA/hns: Fix the modification of max_send_sge
2f8953e1b1398 RDMA/hns: Fix recv CQ and QP cache affinity
6562b4233795b RDMA/irdma: Set irdma_cq cq_num field during CQ create
ec3efa0d83970 RDMA/irdma: Remove unused struct irdma_cq fields
a99cfe5cf60a6 RDMA/irdma: Fix SD index calculation
b7c21dec60f9d ACPICA: Update dsmethod.c to get rid of unused variable warning
6e223d5dc81d2 drm/amd/display: Add fallback path for YCBCR422
c5f456784a847 char: misc: restrict the dynamic range to exclude reserved minors
ab03634f6c18d usb: xhci-pci: Fix USB2-only root hub registration
edd824eb45e4f ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
ecda324c28049 smb: client: transport: avoid reconnects triggered by pending task work
c55305efbc1a6 ksmbd: use sock_create_kern interface to create kernel socket
40c8ee40e48a2 ftrace: Fix softlockup in ftrace_module_enable
9127d1e90c90e orangefs: fix xattr related buffer overflow...
10de826c551cb page_pool: Clamp pool size to max 16K pages
2896476cb4b19 6pack: drop redundant locking and refcounting
6bc58b4c53795 exfat: validate cluster allocation bits of the allocation bitmap
a76aba65e823f exfat: limit log print for IO error
ac79f9b6c6324 net: stmmac: est: Drop frames causing HLBS error
acf2159ffef40 ALSA: usb-audio: add mono main switch to Presonus S1824c
b420a4c7f915f Bluetooth: bcsp: receive data only if registered
da4e3cfba2563 Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922
ed10dddc7df2d Bluetooth: SCO: Fix UAF on sco_conn_free
2ad85a751fa1b Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
0d2fad775194f net: macb: avoid dealing with endianness in macb_set_hwaddr()
c691d6a238e1f net/mlx5e: Don't query FEC statistics when FEC is disabled
47ed17f2cbea2 vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices
0dae3d96ca011 ACPI: scan: Update honor list for RPMI System MSI
fbf767ea54d86 ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007
4d7fc991d2769 ASoC: stm32: sai: manage context in set_sysclk callback
bc9e789053abe amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
1c553d19ff283 ext4: increase IO priority of fastcommit
238f7a7356c33 fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
d1dfe21a332d3 accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
71b40ff8d3031 accel/habanalabs/gaudi2: read preboot status after recovering from dirty state
c53ac86de8e85 accel/habanalabs: return ENOMEM if less than requested pages were pinned
21aecbbff7502 scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
a71cf0a1100c0 accel/habanalabs/gaudi2: fix BMON disable configuration
ac7872404a26f scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
50952c6c3c30c net: bridge: Install FDB for bridge MAC on VLAN 0
40be5b9080114 nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
0fc9604a42ee8 NFSv4.1: fix mount hang after CREATE_SESSION failure
4904f473c4553 NFSv4: handle ERR_GRACE on delegation recalls
204ac63a8fecf drm/amd/display: change dc stream color settings only in atomic commit
c424fce27e5cd drm/amd/display: Fix for test crash due to power gating
0b9cb68d1aa2b drm/amd/display: Init dispclk from bootup clock for DCN314
5949255c589b8 drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream
634e0468c31ec net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463
07d862c7de3d6 wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
8ce228a03c855 remoteproc: qcom: q6v5: Avoid handling handover twice
a4a6e1c87880e selftests: forwarding: Reorder (ar)ping arguments to obey POSIX getopt
9200cc08d44c6 PCI/PM: Skip resuming to D0 if device is disconnected
93b6099076f71 crypto: hisilicon/qm - clear all VF configurations in the hardware
e551fa258ec9a crypto: hisilicon/qm - invalidate queues in use
76ff15eacef6a vfio: return -ENOTTY for unsupported device feature
59ef42bb3cf67 sparc64: fix prototypes of reads[bwl]()
4bfc756fef80b sparc/module: Add R_SPARC_UA64 relocation handling
953eb3796ef06 PCI: cadence: Check for the existence of cdns_pcie::ops before using it
d32bc92bf53ea r8169: set EEE speed down ratio to 1
496188098d888 net: intel: fm10k: Fix parameter idx set but not used
522734fc807c6 wifi: mac80211: Track NAN interface start/stop
8db790c2491e8 wifi: ath10k: Fix connection after GTK rekeying
3a5394b3b0b82 iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot()
0d06aa3007904 bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state
202d502593f5a net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X
80d3bf09168e3 net: phy: clear link parameters on admin link down
75b7565439223 ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup()
35f3fb86bb015 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
cbf2f527ae4ca jfs: fix uninitialized waitqueue in transaction manager
1795277a4e98d jfs: Verify inode mode when loading from disk
50610139823b5 IB/ipoib: Ignore L3 master device
8ced3cb73ccd2 RDMA/irdma: Update Kconfig
8bb73ab12d939 ipv6: np->rxpmtu race annotation
e792e710e1fbd usb: xhci-pci: add support for hosts with zero USB3 ports
72f1984246e6a wifi: rtw89: renew a completion for each H2C command waiting C2H event
336da4414300b wifi: rtw89: obtain RX path from ppdu status IE00
c0b9951bb2668 f2fs: fix infinite loop in __insert_extent_tree()
2cde2edef9ceb usb: xhci: plat: Facilitate using autosuspend for xhci plat devices
8b2b310be1fe9 usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
39f3ac9cc5cce allow finish_no_open(file, ERR_PTR(-E...))
4ae7e2d72da64 scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology
fdf019f2a342b scsi: lpfc: Define size of debugfs entry for xri rebalancing
78273bfb21d9e scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup
dd475ead4bf7e scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET
90b02095726f2 scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted
234cb3ca07c34 scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail
c6e1e2135d004 scsi: ufs: core: Disable timestamp functionality if not supported
961af1c22e558 selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency
f893ccd30b3f5 drm/amdgpu: reject gang submissions under SRIOV
91630b700fabd drm/xe/guc: Return an error code if the GuC load fails
262e830ce16b0 HID: i2c-hid: Resolve touchpad issues on Dell systems during S4
689ca6be7ee50 ethernet: Extend device_get_mac_address() to use NVMEM
3671a07759520 page_pool: always add GFP_NOWARN for ATOMIC allocations
0fccd5180fdf7 drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START
15abc54efdcc6 drm/amd/display: Disable VRR on DCE 6
cc9387df03f80 drm/amd/display: Fix DVI-D/HDMI adapters
305cd0ca0efa2 drm/amd: Avoid evicting resources at S5
bf3b34614f5e9 drm/amd/display: fix dml ms order of operations
acf23b42132cc drm/amd/display: Set up pixel encoding for YCBCR422
c5b9a12c71f17 drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
da91687f01f46 wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error
bfb9d871844b4 ALSA: serial-generic: remove shared static buffer
a534dd44b70e8 wifi: mt76: mt76_eeprom_override to int
aa5ed215cfe87 wifi: mt76: mt7996: Temporarily disable EPCS
efe2ef24feab0 wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
06a2fc1d1ef0d net/cls_cgroup: Fix task_get_classid() during qdisc run
082dbb39af036 crypto: caam - double the entropy delay interval for retry
dcfd2557325ac crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti()
c65a83bcc90fb PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify()
1b3b8b67773e9 crypto: sun8i-ce - remove channel timeout field
09d0da8d29a2f watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
77a3e9b0b3cd9 HID: asus: add Z13 folio to generic group for multitouch to work
51b3033088f04 udp_tunnel: use netdev_warn() instead of netdev_WARN()
bcd4e9fc4f181 net: devmem: expose tcp_recvmsg_locked errors
b5a02be42517d selftests: Replace sleep with slowwait
1c25b38929e7d eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP
ce0145574d748 selftests: Disable dad for ipv6 in fcnal-test.sh
32718b63671ec x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT
7f56d81d1c3d8 netfilter: nf_reject: don't reply to icmp error messages
483886e1f7760 openrisc: Add R_OR1K_32_PCREL relocation type module support
317d3bbc22220 selftests: traceroute: Return correct value on failure
51d35366f9175 selftests: traceroute: Use require_command()
1ca27d3174864 media: redrat3: use int type to store negative error codes
f4a427973f925 selftests: net: replace sleeps in fcnal-test with waits
e2d440f2c1d1d net: sh_eth: Disable WoL if system can not suspend
32f3d1e812f3e drm/msm/registers: Generate _HI/LO builders for reg64
66bb2a020d594 phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
1539159cf2089 phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet
3e9223eeb143a Fix access to video_is_primary_device() when compiled without CONFIG_VIDEO
88f1caa0cdd8f phy: cadence: cdns-dphy: Enable lower resolutions in dphy
5de410dfb4d90 wifi: mac80211: Fix HE capabilities element check
37f65e68ba985 ntfs3: pretend $Extend records as regular files
9c899984def99 scsi: ufs: host: mediatek: Disable auto-hibern8 during power mode changes
10ad4de87f32c scsi: ufs: host: mediatek: Correct system PM flow
70b956be58696 net: phy: marvell: Fix 88e1510 downshift counter errata
7783805fb864a scsi: ufs: host: mediatek: Enhance recovery on hibernation exit failure
0a762d32f1387 scsi: ufs: host: mediatek: Fix unbalanced IRQ enable issue
074ecd24d0418 scsi: ufs: host: mediatek: Enhance recovery on resume failure
a8482a6d412c9 selftests: mptcp: join: allow more time to send ADD_ADDR
0d8ea98ebb08e f2fs: fix wrong layout information on 16KB page
e53f250bd1977 media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
1e792110823e9 media: ov08x40: Fix the horizontal flip control
f157d1cb2cdc5 wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list
e741dabcc52b9 PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs
e9f66c989de49 char: Use list_del_init() in misc_deregister() to reinitialize list pointer
20d15d76605fd drm/msm: make sure to not queue up recovery more than once
f0db721d8f319 tty/vt: Add missing return value for VT_RESIZE in vt_ioctl()
9c52f01429c37 usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget
fd6820af0ac9c usb: gadget: f_hid: Fix zero length packet transfer
e014ff9ec18dd net: dsa: felix: support phy-mode = "10g-qxgmii"
b3cc2a33b3c79 drm/amd/display: Fix pbn_div Calculation Error
e4481e73e4ccf drm/amdgpu: add support for cyan skillfish gpu_info
1f3eb6d464b01 drm/amdgpu: don't enable SMU on cyan skillfish
1a15bde54e194 drm/amd: add more cyan skillfish PCI ids
512f9a6c1531e iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs
1eefe9a9ceb63 crypto: ccp: Skip SEV and SNP INIT for kdump boot
3344716ddee01 iommu/amd: Skip enabling command/event buffers for kdump
8cd230920bdf2 smsc911x: add second read of EEPROM mac when possible corruption seen
562bcdc0d776f net: call cond_resched() less often in __release_sock()
8831d3a5d896e drm/xe/guc: Set upper limit of H2G retries over CTB
598e9fc58aa97 PCI: imx6: Enable the Vaux supply if available
73cd60aaba743 ALSA: usb-audio: apply quirk for MOONDROP Quark2
c9df78e84e85c wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands
f013e6aadd6d8 media: verisilicon: Explicitly disable selection api ioctls for decoders
f6405d5ea261f media: adv7180: Only validate format in querystd
115a068cd28cc media: adv7180: Do not write format to device in set_fmt
5f9e09f28609b media: adv7180: Add missing lock in suspend callback
e01a42c5a1855 net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
1da1cfa9c2b55 drm: panel-backlight-quirks: Make EDID match optional
885c69a343101 drm/panthor: check bo offset alignment in vm bind
483303d94c2d4 ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
356f6a277f05f selftests: drv-net: rss_ctx: make the test pass with few queues
4a988c672b668 drm/xe/guc: Increase GuC crash dump buffer size
6238fab18c1c6 drm/amdgpu: Allow kfd CRIU with no buffer objects
ddd8742737669 drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
e8b63d342d434 drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
2c55ec15062e1 dmaengine: dw-edma: Set status for callback_result
4cd966067226e dmaengine: mv_xor: match alloc_wc and free_wc
0f0d31760811d dmaengine: sh: setup_xref error handling
3b66c3689fde9 ptp: Limit time setting of PTP clocks
65d52148298b5 scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend
5838b11e66801 scsi: pm8001: Use int instead of u32 to store error codes
2ced7045c9319 crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof()
bc2b881a0896c tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
047c08808c22d microchip: lan865x: add ndo_eth_ioctl handler to enable PHY ioctl support
296357dcdc4b5 inet_diag: annotate data-races in inet_diag_bc_sk()
62d07edc3408a mips: lantiq: danube: rename stp node on EASY50712 reference board
b3b2bcb198cc3 mips: lantiq: xway: sysctrl: rename stp clock
00f2c5bb59b10 mips: lantiq: danube: add missing device_type in pci node
e91be5cb71eec mips: lantiq: danube: add model to EASY50712 dts
77439a0d125e2 mips: lantiq: danube: add missing properties to cpu node
e14605b6035e9 drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
fd1052e860b43 drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest
353c6373d8d9f drm/amd/display: incorrect conditions for failing dto calculations
cc84d7a6ba012 drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting
e5fd6965f6b55 ASoC: SOF: ipc4-pcm: Add fixup for channels
bc7bb1a0dd257 media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS
d17dc9b16a1a6 media: fix uninitialized symbol warnings
20b979de3fdc2 selftests: drv-net: rss_ctx: fix the queue count check
2f95f8cbc5df6 platform/x86/intel-uncore-freq: Fix warning in partitioned system
79670b12a4161 drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
3cc92e9bffa7c drm/amd/display: Support HW cursor 180 rot for any number of pipe splits
01ffa1ba69d9b drm/amdkfd: fix vram allocation failure for a special case
d367caca4a64a drm/amdgpu: Correct the counts of nr_banks and nr_errors
deee089a226f8 fuse: zero initialize inode private data
c57da33f6316e net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
67a9a278c96f4 remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper
8c30f5534b097 extcon: adc-jack: Fix wakeup source leaks on device unbind
ad1c6577a0d3c scsi: pm80xx: Fix race condition caused by static variables
d4375909d89e0 scsi: mpi3mr: Fix controller init failure on fault during queue creation
f3355d810570d scsi: mpi3mr: Fix I/O failures during controller reset
a0559eb8dcc6a net: ipv4: allow directed broadcast routes to use dst hint
212187161ecec rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table
0db2260ecd3cd media: ipu6: isys: Set embedded data type correctly for metadata formats
93fbacaf4875e net: wangxun: limit tx_max_coalesced_frames_irq
c0aac13ce3789 rds: Fix endianness annotation for RDS_MPATH_HASH
b2caf82bcdfe4 idpf: do not linearize big TSO packets
9b966c72b6a7a ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
5a1e6d4dd11a7 tty: serial: Modify the use of dev_err_probe()
97c9394124a0b bnxt_en: Add Hyper-V VF ID
ccb8a899530f1 PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
6b9525596a83c f2fs: fix to detect potential corrupted nid in free_nid_list
0f5cb5b089b05 net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV.
719fcdf29051f net: stmmac: Correctly handle Rx checksum offload errors
2263e086abefb net: When removing nexthops, don't call synchronize_net if it is not necessary
6f3dcc809071d char: misc: Does not request module for miscdevice with dynamic minor
72cd71ec60e89 char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor
b40c7c348f6a6 dm error: mark as DM_TARGET_PASSES_INTEGRITY
958234997dd51 wifi: rtw89: fix BSSID comparison for non-transmitted BSSID
ca18975c4de2e wifi: rtw89: wow: remove notify during WoWLAN net-detect
858e1b984408c usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
5a46feb45873c iio: adc: imx93_adc: load calibrated values even calibration failed
71cb5d38a7398 iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register
b8698db53a1b4 drm/amdkfd: Handle lack of READ permissions in SVM mapping
47281febebe33 drm/amdgpu: fix nullptr err of vm_handle_moved
ac5a106c6da6e drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
fecad28960498 HID: pidff: PERMISSIVE_CONTROL quirk autodetection
17107ba4050e1 HID: pidff: Use direction fix only for conditional effects
475e9d306c1c1 drm/panthor: Serialize GPU cache flush operations
0213e4175abbb media: imon: make send_packet() more robust
c14cf41094136 net: ipv6: fix field-spanning memcpy warning in AH output
22dd4394da5a2 scsi: ufs: host: mediatek: Fix invalid access in vccqx handling
f394022d753e7 scsi: ufs: host: mediatek: Change reset sequence for improved stability
514a0a4c4945e scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change
3cedc28d28695 scsi: ufs: host: mediatek: Fix PWM mode switch issue
9aa36bba59533 scsi: ufs: host: mediatek: Fix auto-hibern8 timer configuration
d7e41e51c4d0e bridge: Redirect to backup port when port is administratively down
a77f4ee149db7 s390/pci: Use pci_uevent_ers() in PCI recovery
62b249b132fc1 powerpc/eeh: Use result of error_detected() in uevent
460e0dc9af2d7 tty: serial: ip22zilog: Use platform device for probing
c3b015d15c820 thunderbolt: Use is_pciehp instead of is_hotplug_bridge
747930be915ef ice: Don't use %pK through printk or tracepoints
740bfb80ac594 net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
1b2d4eea3f54c x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
fea2f9e487d7d PCI/ERR: Update device error_state already after reset
e12465e5b70c5 media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR
6f6a157df378e drm/tidss: Set crtc modesetting parameters with adjusted mode
e6f4716011fd2 drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
6827f61b02f4d drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value
754cb9cc89f63 drm/tidss: Use the crtc_* timings when programming the HW
41edf187dd246 media: amphion: Delete v4l2_fh synchronously in .release()
c9d4cf333f3d7 media: pci: ivtv: Don't create fake v4l2_fh
0b240c76defc9 drm/amdkfd: return -ENOTTY for unsupported IOCTLs
bc1ca06998c1c wifi: rtw88: sdio: use indirect IO for device registers before power-on
8ebef59d02945 wifi: rtw89: print just once for unknown C2H events
b0faf30921d55 selftests/net: Ensure assert() triggers in psock_tpacket.c
5f58cae7ccf94 selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8
59f223bace9fe PCI: Disable MSI on RDC PCI to PCIe bridges
1ffd2a2cdbbbb drm/amd/display: Wait until OTG enable state is cleared
fc17bb647d416 drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off
3db7394212d02 ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks
630debf099bac drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
86ddaac6f06fc drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
8a379fd23e802 drm/amd/pm: Use cached metrics data on arcturus
b024916b365de drm/amd/pm: Use cached metrics data on aldebaran
7abc99984f8b2 drm/amd/display: update dpp/disp clock from smu clock table
1b18a6fd7dd92 drm/amd/display: add more cyan skillfish devices
51ece8d2a98ad drm/amdgpu: Skip poison aca bank from UE channel
eb553214dc9d5 drm/amd/amdgpu: Release xcp drm memory after unplug
55fadcd04ed2e drm/amdgpu: Avoid rma causes GPU duplicate reset
99428bd6123d5 drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.
efffbbbe80bce drm/xe/guc: Add more GuC load error status codes
ec77576783514 drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
021fe59351fb2 drm/amd/display: Move setup_stream_attribute
a72b486d41352 drm/amdgpu: Check vcn sram load return value
9cb03fb9ec46e drm/amdgpu: add range check for RAS bad page address
77e69d00a457f drm/amd/display: ensure committing streams is seamless
069dc0232ae4a drm/amd/display: fix condition for setting timing_adjust_pending
42e7440ac65c1 mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs
67e8a4d053233 mfd: core: Increment of_node's refcount before linking it to the platform device
933fc45da2777 mfd: da9063: Split chip variant reading in two bus transactions
3735ee5c21e0f mfd: madera: Work around false-positive -Wininitialized warning
38f73c37cf1ee mfd: stmpe-i2c: Add missing MODULE_LICENSE
6dc754d517b47 mfd: stmpe: Remove IRQ domain upon removal
634eaa0614ad1 tools/power x86_energy_perf_policy: Prefer driver HWP limits
ece6d9d5125e7 tools/power x86_energy_perf_policy: Enhance HWP enable
4535b7ec16b4b tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
1dee521b9412f selftests/bpf: Fix flaky bpf_cookie selftest
02e73f9f56148 tools/cpupower: Fix incorrect size in cpuidle_state_disable()
e913f379acfaa hwmon: (dell-smm) Remove Dell Precision 490 custom config data
527fbd192c020 hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
945d73ef5c9f3 uprobe: Do not emulate/sstep original instruction when ip is changed
a8576f1e80d99 nvme: Use non zero KATO for persistent discovery connections
a7ced9d338c7b bpf: Clear pfmemalloc flag when freeing all fragments
e628b0524b378 riscv: bpf: Fix uninitialized symbol 'retval_off'
56ac639d6fa6f blk-cgroup: fix possible deadlock while configuring policy
8cc561dd9d02f clocksource/drivers/timer-rtl-otto: Do not interfere with interrupts
d0e217b33d42b clocksource/drivers/timer-rtl-otto: Work around dying timers
355c1a72cb39a clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel
c9172cced19bf ACPI: SPCR: Support Precise Baud Rate field
f25411c9d87bd spi: rpc-if: Add resume support for RZ/G3E
7163513c1c702 selftests/bpf: Fix selftest verifier_arena_large failure
3b4222494489f futex: Don't leak robust_list pointer on exec race
c876a729a4cd1 cpuidle: Fail cpuidle device registration if there is one already
7e7d5bfbbec0e bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21
13276961ae688 power: supply: qcom_battmgr: handle charging state change notifications
a4914df87fdda pmdomain: apple: Add "apple,t8103-pmgr-pwrstate"
eff9be1646922 tools/cpupower: fix error return value in cpupower_write_sysfs()
ffd87e786745b video: backlight: lp855x_bl: Set correct EPROM start for LP8556
16c0240a4b30e i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C
dea5e008d5c72 bpf: Do not limit bpf_cgroup_from_id to current's namespace
9950af4303942 nvme-fc: use lock accessing port_state and rport state
04d17540ef51e nvmet-fc: avoid scheduling association deletion twice
819c619cc4ec6 tee: allow a driver to allocate a tee_device without a pool
fd39594a00012 ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method()
b89e25efa2bd1 pwm: pca9685: Use bulk write to atomicially update registers
03d4d9a1d818d mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
ebac995a8aedd firmware: qcom: tzmem: disable sc7180 platform
168b8941261d8 ARM: tegra: transformer-20: fix audio-codec interrupt
5c95e96e94181 ARM: tegra: transformer-20: add missing magnetometer interrupt
27517baf234ec ARM: tegra: p880: set correct touchscreen clipping
472452e76d9c0 soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups
10bda7ac2ac52 arm64: zynqmp: Revert usb node drive strength and slew rate for zcu106
ea6534d41f6d2 arm64: zynqmp: Disable coresight by default
ff023ab94f332 cpufreq: ondemand: Update the efficient idle check for Intel extended Families
f420b7cb807f1 irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller
aa06016d5b31c hwmon: sy7636a: add alias
94a612b6b7397 power: supply: sbs-charger: Support multiple devices
e237d61d10ce5 pinctrl: keembay: release allocated memory in detach path
c79a51eaf6769 hwmon: (sbtsi_temp) AMD CPU extended temperature range support
db2056038deca hwmon: (lenovo-ec-sensors) Update P8 supprt
f9c64e110da1b hwmon: (k10temp) Add device ID for Strix Halo
2bd194738ca92 hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models
ce7c0d7be1f15 power: supply: qcom_battmgr: add OOI chemistry
bbe77f5bb5c7f thermal: intel: selftests: workload_hint: Mask unsupported types
91507503663d8 thermal: gov_step_wise: Allow cooling level to be reduced earlier
0725fc68fc671 ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
6bb7489f38d9e ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU
c1e1a5653b684 ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
cd63490ff4ed5 irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
c9a1c43f762ce selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh
e8e0637b85a12 arc: Fix __fls() const-foldability via __builtin_clzl()
64adabb6d9d51 cpufreq/longhaul: handle NULL policy in longhaul_exit
e832948915e2a selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2
4aeae7cc71563 libbpf: Fix USDT SIB argument handling causing unrecognized register error
e38c07cc59c9c ACPI: video: force native for Lenovo 82K8
c0cc3080aae07 ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object
aaafd17d3f4be io_uring/zctx: check chained notif contexts
a3c875e9aeb4d irqchip/sifive-plic: Respect mask state when setting affinity
a4af74391b549 firewire: ohci: move self_id_complete tracepoint after validating register
0f20be8733d1e bpf: Use tnums for JEQ/JNE is_branch_taken logic
6dc536165ba5f cpufreq: ti: Add support for AM62D2
09daf72a64b73 memstick: Add timeout to prevent indefinite waiting
37aa3afbf8c6f mmc: host: renesas_sdhi: Fix the actual clock
9673c58764ed4 pinctrl: single: fix bias pull up/down handling in pin_config_set
943797cbe89b1 bpf: Don't use %pK through printk
b51878b5edb9d soc: ti: pruss: don't use %pK through printk
1c2c60c9bb6ae spi: loopback-test: Don't use %pK through printk
1bc4a402c0184 soc: qcom: smem: Fix endian-unaware access of num_entries
27568eeee66d9 firmware: qcom: scm: preserve assign_mem() error return value
afc13decf32b6 soc: aspeed: socinfo: Add AST27xx silicon IDs
5e23918e43522 s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP
3591d56ea9bfd s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump
6be3d7f731dcf drm/sched: Fix race in drm_sched_entity_select_rq()
f78da4cad3b11 drm/sched: Re-group and rename the entity run-queue lock
431b4e8c7bfdc drm/sched: Optimise drm_sched_entity_push_job
d62b808d5c68a usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
e980de2ff109d x86/CPU/AMD: Add RDSEED fix for Zen5
958999dbd18ec mfd: kempld: Switch back to earlier ->init() behavior
acbbd683b3ea6 cpuidle: governors: menu: Select polling state in some more cases
e3853abbba506 cpuidle: governors: menu: Rearrange main loop in menu_select()
46fcee9f99ef4 sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU
094932903f6d1 ACPI: fan: Use platform device for devres-related actions
d2e07b95e0a1b ACPI: fan: Add fan speed reporting for fans with only _FST
ab574f883307c drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc
3daad56d20db3 drm/amd: Check that VPE has reached DPM0 in idle handler
aeb1cf1e8db36 drm/ast: Clear preserved bits from register output value
0142fe895986a drm/mediatek: Fix device use-after-free on unbind
23c3745dba57a drm/nouveau: Fix race in nouveau_sched_fini()
3ec3d47e3a03d drm/sched: avoid killing parent entity on child SIGKILL
6bdef5648a60e drm/sysfb: Do not dereference NULL pointer in plane reset
c8788295ce527 drm/xe: Do not wake device during a GT reset
7eb7ee2bbd866 s390/mm: Fix memory leak in add_marker() when kvrealloc() fails
a16e92f8d7dc7 regmap: slimbus: fix bus_context pointer in regmap init calls
1b61a1da3d810 perf/x86/intel: Fix KASAN global-out-of-bounds warning
f9caae663343b block: make REQ_OP_ZONE_OPEN a write operation
1e84391707b5b block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
a53c8e15153a3 ACPI: fan: Use ACPI handle when retrieving _FST
ba58efa890cc8 drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
6f18f14eb3edf drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
3545f3cb517c1 drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
2fa41445d8c98 drm/radeon: Remove calls to drm_put_dev()
f7482516002a1 drm/radeon: Do not kfree() devres managed rdev
3e8b6796df1e3 ASoC: fsl_sai: Fix sync error in consumer mode
8fe39c8387d84 dpll: spec: add missing module-name and clock-id to pin-get reply
97b34c9765cbb sfc: fix potential memory leak in efx_mae_process_mport()
95f1e4ecf7df1 net: hns3: return error code when function fails
6294e03caef26 tools: ynl: fix string attribute length to include null terminator
8fe83fad4bb66 drm/etnaviv: fix flush sequence logic
20897a8fa66c1 Bluetooth: hci_core: Fix tracking of periodic advertisement
b10f8ff2231c3 Bluetooth: ISO: Fix another instance of dst_type handling
3a9dfe641913b Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
cd7a128032973 Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset
fd25c5bb96b31 Bluetooth: ISO: Fix BIS connection dst_type handling
825ce373fd709 Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave
ae76cf6c2c842 Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
2ce1de32e0544 usbnet: Prevents free active kevent
10e2d2d16ab48 libbpf: Fix powerpc's stack register definition in bpf_tracing.h
9c52bf5819c4a ASoC: fsl_sai: fix bit order for DSD format
ca6d2b7aca778 ASoC: Intel: avs: Disable periods-elapsed work when closing PCM
25a4d105a9bd0 ASoC: Intel: avs: Unprepare a stream when XRUN occurs
29d0504077044 crypto: aspeed - fix double free caused by devm
8df22e4bb6d88 bpf: Do not audit capability check in do_jit()
0efcafd48d252 bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth
40f5c9fc66894 bpf: Find eligible subprogs for private stack support
55a01a4777a01 scsi: ufs: core: Initialize value of an attribute returned by uic cmd
10ca3b2eec384 bpf: Sync pending IRQ work before freeing ring buffer
22aa7d1631e8a kunit: test_dev_action: Correctly cast 'priv' pointer to long*
5596a90c8952b wifi: mac80211: fix key tailroom accounting leak
23b8682f05ec5 wifi: mac80211: don't mark keys for inactive links as uploaded
c06a402459b15 ASoC: cs-amp-lib-test: Fix missing include of kunit/test-bug.h
c903a5848d814 ALSA: usb-audio: fix control pipe direction
411b8b9c9cf81 drm/msm/a6xx: Fix GMU firmware parser
e3373f10c6a6c wifi: ath11k: avoid bit operation on key flags
50f50dd024b4d wifi: ath11k: add support for MU EDCA
2a6cd5951ba8e wifi: ath12k: free skb during idr cleanup callback
775e37df2acc3 wifi: ath11k: Add missing platform IDs for quirk table
c4840991ee4cc wifi: ath10k: Fix memory leak on unsupported WMI command
5b2619b488f1d x86/fpu: Ensure XFD state on signal delivery
327f89c21601e smb: client: fix potential cfid UAF in smb2_query_info_compound
d13fe1d330aa5 s390/pci: Restore IRQ unconditionally for the zPCI device
ae68e814f213c ASoC: qdsp6: q6asm: do not sleep while atomic
0c4f121c0e87e mptcp: restore window probe
0aee3dd83edec mptcp: drop bogus optimization in __mptcp_check_push()
3ea7b3a6971c1 fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
a22bcb7f104aa fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
a6eed58249e7d wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode
2fc5484456630 Bluetooth: rfcomm: fix modem control handling
901f44227072b fbdev: bitblit: bound-check glyph index in bit_putcs*
e16d5c139ad96 virtio-net: drop the multi-buffer XDP packet in zerocopy
6fb16571a6d5c ACPI: button: Call input_free_device() on failing input device registration
de5fc93275a4a ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
9280286e048e0 fbdev: atyfb: Check if pll_ops->init_pll failed
c079d42f70109 fbcon: Set fb_display[i]->mode to NULL when the mode is released
67051ecfce050 net: usb: asix_devices: Check return value of usbnet_get_endpoints
a4948875ed059 NFSD: Fix crash in nfsd4_read_release()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7463821cf0ae63cf87ccf3773be0dfb986345647)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.12.bb | 6 ++--
.../linux/linux-yocto-tiny_6.12.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index b778a7aac5..f5eb0a3180 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "af2d3ab81402c14f81072715d771097a0dfcb427"
-SRCREV_meta ?= "2987fc4250f2ad7f6e2df663bba0742638fbae51"
+SRCREV_machine ?= "33873de18361d5ae1da9d8673270f490e177da19"
+SRCREV_meta ?= "7a8d96185b9be165feb974fe6297b518f83b3b9c"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.12.57"
+LINUX_VERSION ?= "6.12.58"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index a1636f536d..4bcf13c826 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.12.inc
-LINUX_VERSION ?= "6.12.57"
+LINUX_VERSION ?= "6.12.58"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_meta ?= "2987fc4250f2ad7f6e2df663bba0742638fbae51"
+SRCREV_machine ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_meta ?= "7a8d96185b9be165feb974fe6297b518f83b3b9c"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index fa761a3ee1..c59046b090 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.12/standard/base"
KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "8d546b19fe6f217785674b80de068bdbe0bf32fc"
-SRCREV_machine:qemuarm64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemuloongarch64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemumips ?= "fc2ecbb2ff9ad036cbe11762e51c458150f56aea"
-SRCREV_machine:qemuppc ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemuriscv64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemuriscv32 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemux86 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemux86-64 ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_machine:qemumips64 ?= "bde855d69b528925fb0f6b44c87105def1c69ea4"
-SRCREV_machine ?= "95efd6fa4403e21402aeb96b4b54be01e076016e"
-SRCREV_meta ?= "2987fc4250f2ad7f6e2df663bba0742638fbae51"
+SRCREV_machine:qemuarm ?= "3f9921848760dfc9fd6c0a4d148e5b9d0bec64ea"
+SRCREV_machine:qemuarm64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemuloongarch64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemumips ?= "c09059f5ac654152a9cd92016df30d0c2e9eb58b"
+SRCREV_machine:qemuppc ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemuriscv64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemuriscv32 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemux86 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemux86-64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_machine:qemumips64 ?= "1c91b074e875fab932bde7698d0103c5840f2e8f"
+SRCREV_machine ?= "081aa259b8f0252bfc7999b289b79bf129893498"
+SRCREV_meta ?= "7a8d96185b9be165feb974fe6297b518f83b3b9c"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "4fc43debf5047d2469bdef3b25c02121afa7ef3d"
+SRCREV_machine:class-devupstream ?= "7475d784169c7df48b0c55525fb862e06674d63c"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.12/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.57"
+LINUX_VERSION ?= "6.12.58"
PV = "${LINUX_VERSION}+git"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 05/18] linux-yocto/6.12: update CVE exclusions (6.12.58)
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-12-21 21:36 ` [OE-core][whinlatter 04/18] linux-yocto/6.12: update to v6.12.58 Steve Sakoman
@ 2025-12-21 21:36 ` Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 06/18] linux-yocto/6.12: update to v6.12.59 Steve Sakoman
` (12 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/CVEProject/cvelistV5
1/1 [
Author: cvelistV5 Github Action
Email: github_action@example.com
Subject: 4 changes (0 new | 4 updated): - 0 new CVEs: - 4 updated CVEs: CVE-2025-60674, CVE-2025-60676, CVE-2025-7195, CVE-2025-8870
Date: Fri, 14 Nov 2025 16:39:11 +0000
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4cdc1636ff992d052287cc6e3fc22470695ba420)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/cve-exclusion_6.12.inc | 204 +++++++++++++++++-
1 file changed, 201 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index b35fb07d31..b66f36a202 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-11-03 18:50:12.770797+00:00 for kernel version 6.12.57
-# From linux_kernel_cves cve_2025-11-03_1800Z-3-g832f00439f0
+# Generated at 2025-11-14 16:49:37.841595+00:00 for kernel version 6.12.58
+# From linux_kernel_cves cve_2025-11-14_1600Z-2-g7d42ca6d8de
python check_kernel_cve_status_version() {
- this_version = "6.12.57"
+ this_version = "6.12.58"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -17692,8 +17692,206 @@ CVE_STATUS[CVE-2025-40106] = "cpe-stable-backport: Backported in 6.12.56"
CVE_STATUS[CVE-2025-40107] = "cpe-stable-backport: Backported in 6.12.52"
+CVE_STATUS[CVE-2025-40108] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40109] = "cpe-stable-backport: Backported in 6.12.52"
+
+CVE_STATUS[CVE-2025-40110] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40111] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40112] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40113 needs backporting (fixed from 6.18rc1)
+
CVE_STATUS[CVE-2025-40114] = "cpe-stable-backport: Backported in 6.12.23"
+CVE_STATUS[CVE-2025-40115] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40116] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40117] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40118] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40119] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40120] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40121] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40122] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40123] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40124] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40125] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40126] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40127] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40129] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40130 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40131] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40132] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40133] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40134] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40135 needs backporting (fixed from 6.18rc1)
+
+# CVE-2025-40136 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40137] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40138] = "fixed-version: only affects 6.17 onwards"
+
+# CVE-2025-40139 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40140] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40141] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40142] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40143] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40144] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40145] = "fixed-version: only affects 6.15 onwards"
+
+# CVE-2025-40146 needs backporting (fixed from 6.18rc1)
+
+# CVE-2025-40147 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40148] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2025-40149 needs backporting (fixed from 6.18rc1)
+
+# CVE-2025-40150 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40151] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40152] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-40153] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40154] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40155] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40156] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40157] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40158 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40159] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40160] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40161] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40162] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40163] = "fixed-version: only affects 6.17 onwards"
+
+# CVE-2025-40164 needs backporting (fixed from 6.18rc2)
+
+CVE_STATUS[CVE-2025-40165] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40166] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40167] = "cpe-stable-backport: Backported in 6.12.55"
+
+# CVE-2025-40168 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40169] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40170 needs backporting (fixed from 6.18rc1)
+
+CVE_STATUS[CVE-2025-40171] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40172] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40173] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40174] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-40175] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40176] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40177] = "cpe-stable-backport: Backported in 6.12.55"
+
+CVE_STATUS[CVE-2025-40178] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40179] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40180] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40181] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40182] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40183] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40184] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40185] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40186] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40187] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40188] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40189] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-40190] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40191] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40192] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40193] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40194] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40195] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40196] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40197] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40198] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40199] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40200] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40201] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40202] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40203] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40204] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40205] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40206] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40207] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40208] = "fixed-version: only affects 6.15 onwards"
+
CVE_STATUS[CVE-2025-40300] = "cpe-stable-backport: Backported in 6.12.47"
# CVE-2025-40325 needs backporting (fixed from 6.15)
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 06/18] linux-yocto/6.12: update to v6.12.59
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (4 preceding siblings ...)
2025-12-21 21:36 ` [OE-core][whinlatter 05/18] linux-yocto/6.12: update CVE exclusions (6.12.58) Steve Sakoman
@ 2025-12-21 21:36 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 07/18] linux-yocto/6.12: update CVE exclusions (6.12.59) Steve Sakoman
` (11 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:36 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
d5dc97879a97 Linux 6.12.59
5c19daa93d9a Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
01c7a6e25b9d proc: proc_maps_open allow proc_mem_open to return NULL
2dbb5e9d489c net: netpoll: ensure skb_pool list is always initialized
c45a1db3bec6 net: phy: micrel: Fix lan8814_config_init
6dce43433e06 isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
90253acae248 mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order
6393d21c6af6 mm/huge_memory: do not change split_huge_page*() target order silently
52f2d5cf33de mm/secretmem: fix use-after-free race in fault handler
a6226fa652ae mm/truncate: unmap large folio on split failure
c4476fac0c6c mm/memory: do not populate page table entries beyond i_size
df92165dd0f5 uio_hv_generic: Set event for all channels on the device
5a127a4553c4 rust: kbuild: workaround `rustdoc` doctests modifier bug
3b987ebe6c4b rust: kbuild: treat `build_error` and `rustdoc` as kernel objects
61f5665d84ee io_uring/napi: fix io_napi_entry RCU accesses
218a8504e62f ALSA: hda: Fix missing pointer check in hda_component_manager_init function
3010739f5343 KVM: VMX: Fix check for valid GVA on an EPT violation
6db2b0eb3251 KVM: VMX: Split out guts of EPT violation to common/exposed function
c79a6d9da292 net: netpoll: fix incorrect refcount handling causing incorrect cleanup
f3c824361452 net: netpoll: flush skb pool during cleanup
1652fbe44802 net: netpoll: Individualize the skb pool
a8ac2bd0f98e KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying
08adc31ec7ad KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file
4559d96554dc KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn()
34c93e96c3a3 mm, percpu: do not consider sleepable allocations atomic
c0a9c2c1b7b9 wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work
d4caee32a9f8 wifi: cfg80211: add an hrtimer based delayed work item
0206a9341e65 mptcp: fix MSG_PEEK stream corruption
ab9d10109ad0 selftests: mptcp: join: properly kill background tasks
6d44dd3a0ae4 selftests: mptcp: join: userspace: longer transfer
da4f2e33d320 selftests: mptcp: connect: trunc: read all recv data
ce01b8f0055e selftests: mptcp: join: endpoints: longer transfer
c584a9ecae9b selftests: mptcp: join: rm: set backup flag
37f92c400e5a selftests: mptcp: connect: fix fallback note due to OoO
3e473aeca3c2 pmdomain: samsung: plug potential memleak during probe
47d412d48b76 pmdomain: imx: Fix reference count leak in imx_gpc_remove
921b090841ae pmdomain: arm: scmi: Fix genpd leak on provider registration failure
d9db9abf6667 drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces
325aa0716539 drm/amdkfd: relax checks for over allocation of save area
12726095e209 btrfs: release root after error in data_reloc_print_warning_inode()
1ab78aabdc45 btrfs: do not update last_log_commit when logging inode due to a new name
ee492508f736 btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe()
92f06abe64bd btrfs: zoned: fix conventional zone capacity calculation
862b0e639367 PM: hibernate: Use atomic64_t for compressed_size variable
8dd351c412d0 PM: hibernate: Emit an error when image writing fails
df0f4b13dfbf EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
0f64b37f194b EDAC/altera: Handle OCRAM ECC enable after warm reset
8e5aa33ef580 LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY
ad8360d5f783 ftrace: Fix BPF fexit with livepatch
a7907979a7a7 selftests/user_events: fix type cast for write_index packed member in perf_test
850c7f0537cc x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
80db91cbb730 spi: Try to get ACPI GPIO IRQ earlier
21b7af43f19a smb: client: fix cifs_pick_channel when channel needs reconnect
16e33851c30e crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value
f89c5e7077f6 crash: fix crashkernel resource shrink
fc6acd4cddf7 codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext
48c17341577e cifs: client: fix memory leak in smb3_fs_context_parse_param
98e9d5e33bda ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
8662995aaaf7 mmc: dw_mmc-rockchip: Fix wrong internal phase calculate
793245afc695 mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
dd853cf1da2e mm/shmem: fix THP allocation and fallback loop
361e53efad83 mm/mm_init: fix hash table order logging in alloc_large_system_hash()
623bb26127fb fs/proc: fix uaf in proc_readdir_de()
6455948c8aab wifi: mac80211: reject address change while connecting
6a9657ec69a1 selftests/tracing: Run sample events to clear page cache events
36049e81dc7f nilfs2: avoid having an active sc_timer before freeing sci
b84f083f50ec ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
0c5579294cc7 LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY
5476ceb41c2e LoongArch: Use correct accessor to read FWPC/MWPC
35ca3d544579 dma-mapping: benchmark: Restore padding to ensure uABI remained consistent
381a60545b99 strparser: Fix signed/unsigned mismatch bug
74f78421c925 ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
4587a7826be1 ksmbd: close accepted socket when per-IP limit rejects connection
592b3b203a3e gcov: add support for GCC 15
d7be15a634aa NFSD: free copynotify stateid in nfs4_free_ol_stateid()
3bc33097d4e3 nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes
b6bc86ce3944 nfsd: fix refcount leak in nfsd_set_fh_dentry()
08c8d23e2ed1 KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
4d9b0ea62972 LoongArch: KVM: Add delay until timer interrupt injected
70c130b1cfa5 LoongArch: KVM: Restore guest PMU if it is enabled
031e00249e9e net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
27f853e7ac30 HID: uclogic: Fix potential memory leak in error path
4fe3b912f500 HID: playstation: Fix memory leak in dualshock4_get_calibration_data()
81c79853828e ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY
68859a92f9a3 HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
77711ee769cb ARM: dts: imx51-zii-rdu1: Fix audmux node names
20b72f3f4dc5 arm64: dts: rockchip: Make RK3588 GPU OPP table naming less generic
e8d944bc7e97 arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1
cf23d531a9d4 netfilter: nf_tables: reject duplicate device on updates
49344aac0355 Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications"
13d1c96d3a9f sched_ext: Fix unsafe locking in the scx_dump_state()
ba306daa7fa8 fs/namespace: correctly handle errors returned by grab_requested_mnt_ns
cf327202d98f virtio-fs: fix incorrect check for fsvq->kobj
f0bb381b0774 mtd: onenand: Pass correct pointer to IRQ handler
6700c8918b66 hostfs: Fix only passing host root in boot stage with new mount
0e75a098b0a3 f2fs: fix to avoid overflow while left shift operation
d71b98f253b0 Bluetooth: MGMT: Fix possible UAFs
098927a13fd9 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
54f8f38a8e9f lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
04b1fd794553 ext4: introduce ITAIL helper
883902e4a87a proc: fix the issue of proc_mem_open returning NULL
80dc5a2ce5b7 wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
484829bc04b9 irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops
9944c7938cd5 bpf: account for current allocated stack depth in widen_imprecise_scalars()
6392e5f4b1a3 bpf: Add bpf_prog_run_data_pointers()
0b4f78e27c48 acpi/hmat: Fix lockdep warning for hmem_register_resource()
cbdbfc756f29 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
b2e4cda71ed0 NFS: Fix LTP test failures when timestamps are delegated
35517f62a084 NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
b058e49fd69c NFS: sysfs: fix leak when nfs_client kobject add fails
bd4064f18d4f NFSv2/v3: Fix error handling in nfs_atomic_open_v23()
7da2c13e733c simplify nfs_atomic_open_v23()
8961b12d5aa2 pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
b8031e779ae3 pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
f2fcc305b4dc ASoC: tas2781: fix getting the wrong device number
5aea2cde03d4 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
16608e53c17b ASoC: codecs: va-macro: fix resource leak in probe error path
1fd2470b7661 ASoC: cs4271: Fix regulator leak on probe failure
2c27dd5b1ae5 regulator: fixed: fix GPIO descriptor leak on register failure
35638c69efd5 acpi,srat: Fix incorrect device handle check for Generic Initiator
540471df3d13 Bluetooth: L2CAP: export l2cap_chan_hold for modules
527739d51b4a ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
49a1b7d2f0ca ACPI: CPPC: Perform fast check switch only for online CPUs
944b13dade4b ACPI: CPPC: Check _CPC validity for only the online CPUs
b8026a5028bb ACPI: CPPC: Detect preferred core availability on online CPUs
57622b6b1a6b hsr: Fix supervision frame sending on HSRv0
6e48bc7c26c1 virtio-net: fix incorrect flags recording in big mode
4d8b5fe1a401 net_sched: limit try_bulk_dequeue_skb() batches
2250a4b79fdf net/mlx5e: Fix potentially misleading debug message
ef70624bde33 net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
e099bde2683f net/mlx5e: Fix maxrate wraparound in threshold between units
d1dbbbe83964 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
51cb05d4fd63 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
878c855efa37 net_sched: act_connmark: use RCU in tcf_connmark_dump()
db81ad20fd8a af_unix: Initialise scc_index in unix_add_edge().
acd24d509227 wifi: mac80211: skip rate verification for not captured PSDUs
3c5451eef231 net: mdio: fix resource leak in mdiobus_register_device()
f0104977fed2 tipc: Fix use-after-free in tipc_mon_reinit_self().
b9f8712eb8b8 net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism
49742edce0e3 net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout
9d9bafbf99da net/handshake: Fix memory leak in tls_handshake_accept()
35a306bb5327 net/smc: fix mismatch between CLC header and proposal
1cfa4eac275c sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
f9b96218f2ca Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
13ca43480f38 Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
11cd7e068381 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
95b9b98c93b1 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
7b6b6c077cad Bluetooth: MGMT: cancel mesh send timer when hdev removed
a5728422b8c9 NFSD: Skip close replay processing if XDR encoding fails
22511faf140a rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags
347bf638d39f net: phy: micrel: lan8814 fix reset of the QSGMII interface
d14c094447f7 net: phy: micrel: Replace hardcoded pages with defines
50ce635ec8c6 net: phy: micrel: Introduce lanphy_modify_page_reg
45e2bc24b593 net: fec: correct rx_bytes statistic for the case SHIFT16 is set
a9619d259f59 selftests: net: local_termination: Wait for interfaces to come up
4d0e0bb1908a erofs: avoid infinite loop due to incomplete zstd-compressed data
53cf801b8555 wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
c18a066071c7 ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
c381dd20b0b2 HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL
dcc51dfe6ff2 smb/server: fix possible refcount leak in smb2_sess_setup()
f13055877318 smb/server: fix possible memory leak in smb2_read()
6c627bcc1896 exfat: fix improper check of dentry.stream.valid_size
fe19b58b3540 HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel
25fbc3c27f65 NFS: check if suid/sgid was cleared after a write as needed
b219d400f4a2 HID: nintendo: Wait longer for initial probe
251d0e6256ac HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
dfd7e631a708 NFS4: Apply delay_retrans to async operations
ba6fdd9b4da0 NFS4: Fix state renewals missing after boot
43aa61c18a3a drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
39a1c8c860e3 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
d033e8cf4e8f drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
eaf12bffd7f7 drm/amdgpu: remove two invalid BUG_ON()s
d2d95c0ea62d riscv: acpi: avoid errors caused by probing DT devices when ACPI is used
3537f1a373f3 RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors
b38ec49edfcb riscv: Build loader.bin exclusively for Canaan K210
39ddffc6c023 compiler_types: Move unused static inline functions warning to W=2
df512b40e360 arm64: kprobes: check the return value of set_memory_rox()
008d3b0f09ac drm/xe: Do clean shutdown also when using flr
006a41c9351b drm/xe: Move declarations under conditional branch
35959ab7d16b drm/xe/guc: Synchronize Dead CT worker with unbind
8c364a3a768f drm/amd: Fix suspend failure with secure display TA
df21a2be8a47 iommufd: Make vfio_compat's unmap succeed if the range is already empty
fbb9ccd5748b smb: client: fix refcount leak in smb2_set_path_attr
d453865e6e1a drm/i915: Fix conversion between clock ticks and nanoseconds
4e73066e3323 drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
2de67c9e6209 drm/mediatek: Add pm_runtime support for GCE power control
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39ca7f3a6908fd474b558efd8bec549257a45fee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.12.bb | 6 ++--
.../linux/linux-yocto-tiny_6.12.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index f5eb0a3180..e225ee0679 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "33873de18361d5ae1da9d8673270f490e177da19"
-SRCREV_meta ?= "7a8d96185b9be165feb974fe6297b518f83b3b9c"
+SRCREV_machine ?= "ef33526a988ac2426ddcae4ebb216917bbe1f6b2"
+SRCREV_meta ?= "92390f2029a3ea4caa05ba35d94a4cceaa9c63bc"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.12.58"
+LINUX_VERSION ?= "6.12.59"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index 4bcf13c826..da82fc3794 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.12.inc
-LINUX_VERSION ?= "6.12.58"
+LINUX_VERSION ?= "6.12.59"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_meta ?= "7a8d96185b9be165feb974fe6297b518f83b3b9c"
+SRCREV_machine ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_meta ?= "92390f2029a3ea4caa05ba35d94a4cceaa9c63bc"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index c59046b090..4e567ae5a2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.12/standard/base"
KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "3f9921848760dfc9fd6c0a4d148e5b9d0bec64ea"
-SRCREV_machine:qemuarm64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemuloongarch64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemumips ?= "c09059f5ac654152a9cd92016df30d0c2e9eb58b"
-SRCREV_machine:qemuppc ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemuriscv64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemuriscv32 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemux86 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemux86-64 ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_machine:qemumips64 ?= "1c91b074e875fab932bde7698d0103c5840f2e8f"
-SRCREV_machine ?= "081aa259b8f0252bfc7999b289b79bf129893498"
-SRCREV_meta ?= "7a8d96185b9be165feb974fe6297b518f83b3b9c"
+SRCREV_machine:qemuarm ?= "c2ab1a0f5d463f20b29128d22944625f68223cb9"
+SRCREV_machine:qemuarm64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemuloongarch64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemumips ?= "df0fdc232411ea220c1abcc74e6373d4b900772c"
+SRCREV_machine:qemuppc ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemuriscv64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemuriscv32 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemux86 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemux86-64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_machine:qemumips64 ?= "c509db83e2524daf994eeb5f0dd8f6c844241d58"
+SRCREV_machine ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
+SRCREV_meta ?= "92390f2029a3ea4caa05ba35d94a4cceaa9c63bc"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "7475d784169c7df48b0c55525fb862e06674d63c"
+SRCREV_machine:class-devupstream ?= "d5dc97879a97b328a89ec092271faa3db9f2bff3"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.12/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.58"
+LINUX_VERSION ?= "6.12.59"
PV = "${LINUX_VERSION}+git"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 07/18] linux-yocto/6.12: update CVE exclusions (6.12.59)
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (5 preceding siblings ...)
2025-12-21 21:36 ` [OE-core][whinlatter 06/18] linux-yocto/6.12: update to v6.12.59 Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 08/18] linux-yocto/6.12: update to v6.12.60 Steve Sakoman
` (10 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/CVEProject/cvelistV5
1/1 [
Author: cvelistV5 Github Action
Email: github_action@example.com
Subject: 9 changes (1 new | 8 updated): - 1 new CVEs: CVE-2025-7007 - 8 updated CVEs: CVE-2025-34147, CVE-2025-34148, CVE-2025-34149, CVE-2025-34150, CVE-2025-34151, CVE-2025-34152, CVE-2025-35028, CVE-2025-7195
Date: Mon, 1 Dec 2025 16:36:50 +0000
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8b9015df191ba8cba766341b8773d611a43b3ff8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/cve-exclusion_6.12.inc | 76 ++++++++++---------
1 file changed, 42 insertions(+), 34 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index b66f36a202..583ce7aa40 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-11-14 16:49:37.841595+00:00 for kernel version 6.12.58
-# From linux_kernel_cves cve_2025-11-14_1600Z-2-g7d42ca6d8de
+# Generated at 2025-12-01 16:43:28.801277+00:00 for kernel version 6.12.59
+# From linux_kernel_cves cve_2025-12-01_1600Z-2-g8d7b13eec97
python check_kernel_cve_status_version() {
- this_version = "6.12.58"
+ this_version = "6.12.59"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -14750,7 +14750,7 @@ CVE_STATUS[CVE-2025-22105] = "cpe-stable-backport: Backported in 6.12.57"
CVE_STATUS[CVE-2025-22106] = "cpe-stable-backport: Backported in 6.12.49"
-# CVE-2025-22107 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22107] = "cpe-stable-backport: Backported in 6.12.59"
# CVE-2025-22108 needs backporting (fixed from 6.15)
@@ -14778,7 +14778,7 @@ CVE_STATUS[CVE-2025-22119] = "cpe-stable-backport: Backported in 6.12.35"
CVE_STATUS[CVE-2025-22120] = "cpe-stable-backport: Backported in 6.12.26"
-# CVE-2025-22121 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22121] = "cpe-stable-backport: Backported in 6.12.59"
CVE_STATUS[CVE-2025-22122] = "cpe-stable-backport: Backported in 6.12.33"
@@ -14794,7 +14794,7 @@ CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.12.25"
CVE_STATUS[CVE-2025-22128] = "cpe-stable-backport: Backported in 6.12.35"
-# CVE-2025-23129 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-23129] = "cpe-stable-backport: Backported in 6.12.59"
CVE_STATUS[CVE-2025-23130] = "cpe-stable-backport: Backported in 6.12.57"
@@ -16710,7 +16710,7 @@ CVE_STATUS[CVE-2025-38676] = "cpe-stable-backport: Backported in 6.12.44"
CVE_STATUS[CVE-2025-38677] = "cpe-stable-backport: Backported in 6.12.44"
-# CVE-2025-38678 needs backporting (fixed from 6.17)
+CVE_STATUS[CVE-2025-38678] = "cpe-stable-backport: Backported in 6.12.59"
CVE_STATUS[CVE-2025-38679] = "cpe-stable-backport: Backported in 6.12.43"
@@ -17438,7 +17438,7 @@ CVE_STATUS[CVE-2025-39979] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2025-39980] = "cpe-stable-backport: Backported in 6.12.50"
-# CVE-2025-39981 needs backporting (fixed from 6.17)
+CVE_STATUS[CVE-2025-39981] = "cpe-stable-backport: Backported in 6.12.59"
CVE_STATUS[CVE-2025-39982] = "cpe-stable-backport: Backported in 6.12.50"
@@ -17526,7 +17526,7 @@ CVE_STATUS[CVE-2025-40023] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2025-40024] = "cpe-stable-backport: Backported in 6.12.50"
-# CVE-2025-40025 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40025 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40026] = "cpe-stable-backport: Backported in 6.12.52"
@@ -17584,7 +17584,7 @@ CVE_STATUS[CVE-2025-40052] = "cpe-stable-backport: Backported in 6.12.53"
CVE_STATUS[CVE-2025-40053] = "cpe-stable-backport: Backported in 6.12.53"
-# CVE-2025-40054 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40054 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40055] = "cpe-stable-backport: Backported in 6.12.53"
@@ -17604,9 +17604,9 @@ CVE_STATUS[CVE-2025-40062] = "cpe-stable-backport: Backported in 6.12.53"
CVE_STATUS[CVE-2025-40063] = "fixed-version: only affects 6.16 onwards"
-# CVE-2025-40064 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40064 needs backporting (fixed from 6.18)
-# CVE-2025-40065 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40065 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40066] = "fixed-version: only affects 6.15 onwards"
@@ -17624,13 +17624,13 @@ CVE_STATUS[CVE-2025-40072] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2025-40073] = "fixed-version: only affects 6.16 onwards"
-# CVE-2025-40074 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40074 needs backporting (fixed from 6.18)
-# CVE-2025-40075 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40075 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40076] = "fixed-version: only affects 6.17 onwards"
-# CVE-2025-40077 needs backporting (fixed from 6.18rc1)
+CVE_STATUS[CVE-2025-40077] = "cpe-stable-backport: Backported in 6.12.59"
CVE_STATUS[CVE-2025-40078] = "cpe-stable-backport: Backported in 6.12.53"
@@ -17648,7 +17648,7 @@ CVE_STATUS[CVE-2025-40084] = "cpe-stable-backport: Backported in 6.12.56"
CVE_STATUS[CVE-2025-40085] = "cpe-stable-backport: Backported in 6.12.55"
-# CVE-2025-40086 needs backporting (fixed from 6.18rc2)
+# CVE-2025-40086 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40087] = "cpe-stable-backport: Backported in 6.12.55"
@@ -17670,9 +17670,9 @@ CVE_STATUS[CVE-2025-40095] = "cpe-stable-backport: Backported in 6.12.55"
CVE_STATUS[CVE-2025-40096] = "cpe-stable-backport: Backported in 6.12.55"
-# CVE-2025-40097 needs backporting (fixed from 6.18rc2)
+CVE_STATUS[CVE-2025-40097] = "cpe-stable-backport: Backported in 6.12.59"
-# CVE-2025-40098 needs backporting (fixed from 6.18rc2)
+# CVE-2025-40098 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40099] = "cpe-stable-backport: Backported in 6.12.55"
@@ -17680,7 +17680,7 @@ CVE_STATUS[CVE-2025-40100] = "cpe-stable-backport: Backported in 6.12.55"
CVE_STATUS[CVE-2025-40101] = "cpe-stable-backport: Backported in 6.12.55"
-# CVE-2025-40102 needs backporting (fixed from 6.18rc2)
+# CVE-2025-40102 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40103] = "cpe-stable-backport: Backported in 6.12.55"
@@ -17702,7 +17702,7 @@ CVE_STATUS[CVE-2025-40111] = "cpe-stable-backport: Backported in 6.12.54"
CVE_STATUS[CVE-2025-40112] = "cpe-stable-backport: Backported in 6.12.53"
-# CVE-2025-40113 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40113 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40114] = "cpe-stable-backport: Backported in 6.12.23"
@@ -17734,7 +17734,7 @@ CVE_STATUS[CVE-2025-40127] = "cpe-stable-backport: Backported in 6.12.53"
CVE_STATUS[CVE-2025-40129] = "cpe-stable-backport: Backported in 6.12.53"
-# CVE-2025-40130 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40130 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40131] = "fixed-version: only affects 6.16 onwards"
@@ -17744,15 +17744,15 @@ CVE_STATUS[CVE-2025-40133] = "cpe-stable-backport: Backported in 6.12.55"
CVE_STATUS[CVE-2025-40134] = "cpe-stable-backport: Backported in 6.12.53"
-# CVE-2025-40135 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40135 needs backporting (fixed from 6.18)
-# CVE-2025-40136 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40136 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40137] = "cpe-stable-backport: Backported in 6.12.53"
CVE_STATUS[CVE-2025-40138] = "fixed-version: only affects 6.17 onwards"
-# CVE-2025-40139 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40139 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40140] = "cpe-stable-backport: Backported in 6.12.53"
@@ -17762,19 +17762,17 @@ CVE_STATUS[CVE-2025-40142] = "cpe-stable-backport: Backported in 6.12.53"
CVE_STATUS[CVE-2025-40143] = "fixed-version: only affects 6.17 onwards"
-CVE_STATUS[CVE-2025-40144] = "cpe-stable-backport: Backported in 6.12.53"
-
CVE_STATUS[CVE-2025-40145] = "fixed-version: only affects 6.15 onwards"
-# CVE-2025-40146 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40146 needs backporting (fixed from 6.18)
-# CVE-2025-40147 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40147 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40148] = "fixed-version: only affects 6.16 onwards"
-# CVE-2025-40149 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40149 needs backporting (fixed from 6.18)
-# CVE-2025-40150 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40150 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40151] = "fixed-version: only affects 6.17 onwards"
@@ -17790,7 +17788,7 @@ CVE_STATUS[CVE-2025-40156] = "cpe-stable-backport: Backported in 6.12.53"
CVE_STATUS[CVE-2025-40157] = "cpe-stable-backport: Backported in 6.12.53"
-# CVE-2025-40158 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40158 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40159] = "cpe-stable-backport: Backported in 6.12.54"
@@ -17802,7 +17800,7 @@ CVE_STATUS[CVE-2025-40162] = "cpe-stable-backport: Backported in 6.12.55"
CVE_STATUS[CVE-2025-40163] = "fixed-version: only affects 6.17 onwards"
-# CVE-2025-40164 needs backporting (fixed from 6.18rc2)
+# CVE-2025-40164 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40165] = "cpe-stable-backport: Backported in 6.12.55"
@@ -17810,11 +17808,11 @@ CVE_STATUS[CVE-2025-40166] = "cpe-stable-backport: Backported in 6.12.55"
CVE_STATUS[CVE-2025-40167] = "cpe-stable-backport: Backported in 6.12.55"
-# CVE-2025-40168 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40168 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40169] = "cpe-stable-backport: Backported in 6.12.53"
-# CVE-2025-40170 needs backporting (fixed from 6.18rc1)
+# CVE-2025-40170 needs backporting (fixed from 6.18)
CVE_STATUS[CVE-2025-40171] = "cpe-stable-backport: Backported in 6.12.53"
@@ -17892,6 +17890,16 @@ CVE_STATUS[CVE-2025-40207] = "cpe-stable-backport: Backported in 6.12.54"
CVE_STATUS[CVE-2025-40208] = "fixed-version: only affects 6.15 onwards"
+CVE_STATUS[CVE-2025-40209] = "cpe-stable-backport: Backported in 6.12.58"
+
+# CVE-2025-40210 needs backporting (fixed from 6.18)
+
+CVE_STATUS[CVE-2025-40211] = "cpe-stable-backport: Backported in 6.12.58"
+
+CVE_STATUS[CVE-2025-40212] = "cpe-stable-backport: Backported in 6.12.59"
+
+CVE_STATUS[CVE-2025-40213] = "fixed-version: only affects 6.17 onwards"
+
CVE_STATUS[CVE-2025-40300] = "cpe-stable-backport: Backported in 6.12.47"
# CVE-2025-40325 needs backporting (fixed from 6.15)
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 08/18] linux-yocto/6.12: update to v6.12.60
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (6 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 07/18] linux-yocto/6.12: update CVE exclusions (6.12.59) Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 09/18] linux-yocto/6.12: update CVE exclusions (6.12.60) Steve Sakoman
` (9 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:
318a47068f7b Linux 6.12.60
81fdac68539a Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup"
53ca559992e6 drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched
25dcf6299dc9 drm/amd/display: Insert dccg log for easy debug
b1515304a523 drm/amd/display: disable DPP RCG before DPP CLK enable
467904aabbfd drm/amd/display: avoid reset DTBCLK at clock init
7c2d68e09158 xfs: fix out of bounds memory read error in symlink repair
12335f6ce2d5 xfs: Replace strncpy with memcpy
6d3275d4ca62 mptcp: fix a race in mptcp_pm_del_add_timer()
3e5271f22404 drm/i915/dp_mst: Disable Panel Replay
4ade59d68a0a maple_tree: fix tracepoint string pointers
c95e5af4b65a tty/vt: fix up incorrect backport to stable releases
1ebfea90f9f0 smb: client: fix incomplete backport in cfids_invalidation_worker()
a45d6359eefb drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
2e628227bc25 tracing/tools: Fix incorrcet short option in usage text for --threads
fbb53727ca78 net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error
05695cec60e8 ALSA: usb-audio: fix uac2 clock source at terminal parser
b514ad872a4e s390/mm: Fix __ptep_rdp() inline assembly
23ba534d73c6 drm/xe: Prevent BIT() overflow when handling invalid prefetch region
ac9cc4db5435 Revert "RDMA/irdma: Update Kconfig"
2678ceed5898 KVM: arm64: Make all 32bit ID registers fully writable
fdf0dc82eb60 ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
f16b97babd4a kconfig/nconf: Initialize the default locale at startup
9e3a38292926 kconfig/mconf: Initialize the default locale at startup
c944a850eb65 net: tls: Cancel RX async resync request on rcd_delta overflow
1f0f07fd8f41 blk-crypto: use BLK_STS_INVAL for alignment errors
74bf749662a2 net: tls: Change async resync helpers argument
e8d7fa04c386 selftests: net: use BASH for bareudp testing
09c4f1a378d9 x86/microcode/AMD: Limit Entrysign signature checking to known generations
47c8b35a1f1d scsi: core: Fix a regression triggered by scsi_host_busy()
cfc16a0fb0d7 cifs: fix typo in enable_gcm_256 module parameter
62df4bd32011 bcma: don't register devices disabled in OF
f1c170cae285 vsock: Ignore signal/timeout on connect() if already established
48d692902708 cifs: fix memory leak in smb3_fs_context_parse_param error path
55d879d1f8db LoongArch: Use UAPI types in ptrace UAPI header
2b7b4efca068 af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic().
232bd2cf504c af_unix: Cache state->msg in unix_stream_read_generic().
6ebd02cf2dde net/mlx5: Clean up only new IRQ glue on request_irq() failure
c70df6c17d38 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
39697862fc4b pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc()
583ac7f65791 pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
f5eb91f876eb ice: fix PTP cleanup on driver removal in error path
a0e1c9bc1c9f idpf: fix possible vport_config NULL pointer deref in remove
917a9d02182a net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()
d1fd9ca65a8e platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos
01a726aaa8c4 selftests: net: lib: Do not overwrite error messages
b9dbfb1b5699 s390/ctcm: Fix double-kfree
ef4ab2a8abe5 nvme-multipath: fix lockdep WARN due to partition scan work
b91ef042e21a tools: riscv: Fixed misalignment of CSR related definitions
9c61d8fe1350 net: openvswitch: remove never-working support for setting nsh fields
336ffac44f99 net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get()
470a2416b6fc net: dsa: hellcreek: fix missing error handling in LED registration
cbf2cbdb0733 drm/tegra: Add call to put_pid()
59e9e1d5a360 mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()
03f159df3ef8 platform/x86: msi-wmi-platform: Fix typo in WMI GUID
243e2419cfc3 platform/x86: msi-wmi-platform: Only load on MSI devices
36f91eeffd03 pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe()
f15a3d791040 xfrm: Prevent locally generated packets from direct output in tunnel mode
18a9f216d6a5 xfrm: Determine inner GSO type from packet inner protocol
cff5ad585a42 pinctrl: realtek: Select REGMAP_MMIO for RTD driver
e7b4e6e18964 xfrm: set err and extack on failure to create pcpu SA
ba670eba9918 xfrm: drop SA reference in xfrm_state_update if dir doesn't match
a077ec70561b drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5
ded77c120916 drm/amd/display: Fix pbn to kbps Conversion
a45450c36e3a drm/amd/display: Move sleep into each retry for retrieve_link_cap()
cd145ed8c56f drm/amd/display: Increase DPCD read retries
806f54a75988 drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
349238d296fc drm/amd: Skip power ungate during suspend for VPE
73bc12d6a547 drm/radeon: delete radeon_fence_process in is_signaled, no deadlock
871fba63bec0 drm/tegra: dc: Fix reference leak in tegra_dc_couple()
aab400cf8e35 mptcp: do not fallback when OoO is present
5f1a923461eb mptcp: decouple mptcp fastclose from tcp close
2a01665f772d mptcp: avoid unneeded subflow-level drops
482577bfc4ac selftests: mptcp: join: userspace: longer timeout
88a2d0541242 selftests: mptcp: join: endpoints: longer timeout
80f27a97aca6 mptcp: fix premature close in case of fallback
f6fb2cbc91a8 mptcp: fix duplicate reset on fastclose
ae43625bccb7 mptcp: fix ack generation for fallback msk
ac28dfddedf6 mptcp: fix race condition in mptcp_schedule_work()
eeaa628bc6b1 LoongArch: Don't panic if no valid cache info for PCI
cd1a68eebb46 dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
d096d3c1babe MIPS: Malta: Fix !EVA SOC-it PCI MMIO
72e883107926 scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
b2c0340cfa25 scsi: sg: Do not sleep in atomic context
48ae433c6cc6 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
17c3a66d7ea2 nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl()
6492add9a3a1 nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
6a13b56537e7 mm/mempool: fix poisoning order>0 pages with HIGHMEM
9ab67eff6d65 Input: pegasus-notetaker - fix potential out-of-bounds access
56881294915a Input: imx_sc_key - fix memory corruption on unload
47420474a1d9 Input: goodix - add support for ACPI ID GDIX1003
6d8106868515 Input: cros_ec_keyb - fix an invalid memory access
11c030f61ada Revert "drm/tegra: dsi: Clear enable register if powered by bootloader"
4d61cc2bc4fe net: dsa: microchip: lan937x: Fix RGMII delay tuning
1ecd86ec6efd be2net: pass wrb_params in case of OS2BMC
f7fc52c1b008 ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
7b39fa2c3be0 smb: client: introduce close_cached_dir_locked()
10354dcab6fd ata: libata-scsi: Fix system suspend for a security locked drive
9b1980b6f23f mptcp: Fix proto fallback detection with BPF
8800f7640b26 mptcp: Disallow MPTCP subflows from sockmap
93c8a03a107f exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
94acf4082be9 shmem: fix tmpfs reconfiguration (remount) when noswap is set
8480f8678bd4 isofs: check the return value of sb_min_blocksize() in isofs_fill_super
eb9361484814 mtdchar: fix integer overflow in read/write ioctls
0c635241a62f mtd: rawnand: cadence: fix DMA device NULL pointer dereference
6de1997439cc arm64: dts: rockchip: disable HS400 on RK3588 Tiger
d35cf935cabc arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1
ecb7305676da arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5
3e6d93e2aebe arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2
45bdb0312cb0 HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
3979d2a52514 HID: amd_sfh: Stop sensor before starting
176725f48483 timers: Fix NULL function pointer race in timer_shutdown_sync()
bc1909ef3878 KVM: arm64: Check the untrusted offset in FF-A memory share
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fb613ed33550ff9163f18970fcbd4476e938d464)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../linux/linux-yocto-rt_6.12.bb | 6 ++--
.../linux/linux-yocto-tiny_6.12.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index e225ee0679..c4cef55c86 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "ef33526a988ac2426ddcae4ebb216917bbe1f6b2"
-SRCREV_meta ?= "92390f2029a3ea4caa05ba35d94a4cceaa9c63bc"
+SRCREV_machine ?= "b23e01aff4eb21167db80c8d178ffeaf174be51c"
+SRCREV_meta ?= "204830448d850850867fa4ca7ee0dab04fdb7011"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.12.59"
+LINUX_VERSION ?= "6.12.60"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index da82fc3794..2818a9fd40 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.12.inc
-LINUX_VERSION ?= "6.12.59"
+LINUX_VERSION ?= "6.12.60"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_meta ?= "92390f2029a3ea4caa05ba35d94a4cceaa9c63bc"
+SRCREV_machine ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_meta ?= "204830448d850850867fa4ca7ee0dab04fdb7011"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index 4e567ae5a2..4a82ea08a2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.12/standard/base"
KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "c2ab1a0f5d463f20b29128d22944625f68223cb9"
-SRCREV_machine:qemuarm64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemuloongarch64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemumips ?= "df0fdc232411ea220c1abcc74e6373d4b900772c"
-SRCREV_machine:qemuppc ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemuriscv64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemuriscv32 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemux86 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemux86-64 ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_machine:qemumips64 ?= "c509db83e2524daf994eeb5f0dd8f6c844241d58"
-SRCREV_machine ?= "c8ff35e93d5339f8cd8db44b51119568379d0030"
-SRCREV_meta ?= "92390f2029a3ea4caa05ba35d94a4cceaa9c63bc"
+SRCREV_machine:qemuarm ?= "0435f9a900bbfb3daa3a28123d517c6437831628"
+SRCREV_machine:qemuarm64 ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemuloongarch64 ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemumips ?= "07d29856173d5d2cec0a67801492a95a00e03491"
+SRCREV_machine:qemuppc ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemuriscv64 ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemuriscv32 ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemux86 ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemux86-64 ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_machine:qemumips64 ?= "f21d4ebef1ebdfd38a182e87c7bdaad6fe79ba3c"
+SRCREV_machine ?= "cd2fe60ac1c07ad28e3c84e4325c3f8163ce3719"
+SRCREV_meta ?= "204830448d850850867fa4ca7ee0dab04fdb7011"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "d5dc97879a97b328a89ec092271faa3db9f2bff3"
+SRCREV_machine:class-devupstream ?= "318a47068f7b88de838518897500d7509e3fe205"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.12/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.59"
+LINUX_VERSION ?= "6.12.60"
PV = "${LINUX_VERSION}+git"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 09/18] linux-yocto/6.12: update CVE exclusions (6.12.60)
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (7 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 08/18] linux-yocto/6.12: update to v6.12.60 Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 10/18] go: upgrade 1.25.4 -> 1.25.5 Steve Sakoman
` (8 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/CVEProject/cvelistV5
1/1 [
Author: cvelistV5 Github Action
Email: github_action@example.com
Subject: 1 changes (0 new | 1 updated): - 0 new CVEs: - 1 updated CVEs: CVE-2025-7195
Date: Tue, 2 Dec 2025 23:31:01 +0000
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6d867758190322d1d2bb91d4bdfc40d68847ec4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/linux/cve-exclusion_6.12.inc | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 583ce7aa40..5ca6f53fde 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-12-01 16:43:28.801277+00:00 for kernel version 6.12.59
-# From linux_kernel_cves cve_2025-12-01_1600Z-2-g8d7b13eec97
+# Generated at 2025-12-02 23:35:41.082808+00:00 for kernel version 6.12.60
+# From linux_kernel_cves cve_2025-12-02_2300Z-2-g67370d1b4b8
python check_kernel_cve_status_version() {
- this_version = "6.12.59"
+ this_version = "6.12.60"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4028,8 +4028,6 @@ CVE_STATUS[CVE-2022-49907] = "fixed-version: Fixed from version 6.1"
CVE_STATUS[CVE-2022-49908] = "fixed-version: Fixed from version 6.1"
-CVE_STATUS[CVE-2022-49909] = "fixed-version: Fixed from version 6.1"
-
CVE_STATUS[CVE-2022-49910] = "fixed-version: Fixed from version 6.1"
CVE_STATUS[CVE-2022-49911] = "fixed-version: Fixed from version 6.1"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 10/18] go: upgrade 1.25.4 -> 1.25.5
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (8 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 09/18] linux-yocto/6.12: update CVE exclusions (6.12.60) Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 11/18] libssh2: fix regression in KEX method validation (GH-1553) Steve Sakoman
` (7 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Upgrade to latest 1.25.x release [1]:
$ git --no-pager log --oneline go1.25.4..go1.25.5
fefb02adf4 (tag: go1.25.5) [release-branch.go1.25] go1.25.5
f7bce4bd6f [release-branch.go1.25] crypto/x509: prevent HostnameError.Error() from consuming excessive resource
287017aceb [release-branch.go1.25] crypto/x509: excluded subdomain constraints preclude wildcard SANs
e1ce1bfa7f [release-branch.go1.25] mime: parse media types that contain braces
433c01e94e [release-branch.go1.25] internal/syscall/windows: fix ReOpenFile sentinel error value
Fixes CVE-2025-61729 and CVE-2025-61727.
Release information: [2]
[1] https://github.com/golang/go/compare/go1.25.4...go1.25.5
[2] https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91c007b0f5fff728cc7803a56a4df8438f20bdea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/{go-1.25.4.inc => go-1.25.5.inc} | 2 +-
...o-binary-native_1.25.4.bb => go-binary-native_1.25.5.bb} | 6 +++---
...cross-canadian_1.25.4.bb => go-cross-canadian_1.25.5.bb} | 0
.../go/{go-cross_1.25.4.bb => go-cross_1.25.5.bb} | 0
.../go/{go-crosssdk_1.25.4.bb => go-crosssdk_1.25.5.bb} | 0
.../go/{go-runtime_1.25.4.bb => go-runtime_1.25.5.bb} | 0
meta/recipes-devtools/go/{go_1.25.4.bb => go_1.25.5.bb} | 0
7 files changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/go/{go-1.25.4.inc => go-1.25.5.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.4.bb => go-binary-native_1.25.5.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.4.bb => go-cross-canadian_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.4.bb => go-cross_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.4.bb => go-crosssdk_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.4.bb => go-runtime_1.25.5.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.4.bb => go_1.25.5.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.25.4.inc b/meta/recipes-devtools/go/go-1.25.5.inc
similarity index 91%
rename from meta/recipes-devtools/go/go-1.25.4.inc
rename to meta/recipes-devtools/go/go-1.25.5.inc
index f88d7feef1..47d5c3912c 100644
--- a/meta/recipes-devtools/go/go-1.25.4.inc
+++ b/meta/recipes-devtools/go/go-1.25.5.inc
@@ -18,4 +18,4 @@ SRC_URI += "\
file://0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch \
file://0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch \
"
-SRC_URI[main.sha256sum] = "160043b7f17b6d60b50369436917fda8d5034640ba39ae2431c6b95a889cc98c"
+SRC_URI[main.sha256sum] = "22a5fd0a91efcd28a1b0537106b9959b2804b61f59c3758b51e8e5429c1a954f"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.25.4.bb b/meta/recipes-devtools/go/go-binary-native_1.25.5.bb
similarity index 79%
rename from meta/recipes-devtools/go/go-binary-native_1.25.4.bb
rename to meta/recipes-devtools/go/go-binary-native_1.25.5.bb
index 921005c21b..5ecbca6d17 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.25.4.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.25.5.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
# Checksums available at https://go.dev/dl/
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec"
-SRC_URI[go_linux_arm64.sha256sum] = "a68e86d4b72c2c2fecf7dfed667680b6c2a071221bbdb6913cf83ce3f80d9ff0"
-SRC_URI[go_linux_ppc64le.sha256sum] = "38c8ac8463537c99fbc1ef368f243b626144446c09db71b1d20634a4237c966d"
+SRC_URI[go_linux_amd64.sha256sum] = "9e9b755d63b36acf30c12a9a3fc379243714c1c6d3dd72861da637f336ebb35b"
+SRC_URI[go_linux_arm64.sha256sum] = "b00b694903d126c588c378e72d3545549935d3982635ba3f7a964c9fa23fe3b9"
+SRC_URI[go_linux_ppc64le.sha256sum] = "f0904b647b5b8561efc5d48bb59a34f2b7996afab83ccd41c93b1aeb2c0067e4"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.25.4.bb b/meta/recipes-devtools/go/go-cross-canadian_1.25.5.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.25.4.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.25.5.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.25.4.bb b/meta/recipes-devtools/go/go-cross_1.25.5.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.25.4.bb
rename to meta/recipes-devtools/go/go-cross_1.25.5.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.25.4.bb b/meta/recipes-devtools/go/go-crosssdk_1.25.5.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.25.4.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.25.5.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.25.4.bb b/meta/recipes-devtools/go/go-runtime_1.25.5.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.25.4.bb
rename to meta/recipes-devtools/go/go-runtime_1.25.5.bb
diff --git a/meta/recipes-devtools/go/go_1.25.4.bb b/meta/recipes-devtools/go/go_1.25.5.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.25.4.bb
rename to meta/recipes-devtools/go/go_1.25.5.bb
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 11/18] libssh2: fix regression in KEX method validation (GH-1553)
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (9 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 10/18] go: upgrade 1.25.4 -> 1.25.5 Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 12/18] spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation Steve Sakoman
` (6 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Resolves: https://github.com/libssh2/libssh2/issues/1553
Regression caused by
https://github.com/libssh2/libssh2/commit/00e2a07e824db8798d94809156e9fb4e70a42f89
Backport fix
https://github.com/libssh2/libssh2/commit/4beed7245889ba149cc372f845d5969ce5103a5d
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7a7e83123e985c1c27036503203fa7d839964271)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...rror-if-user-KEX-methods-are-invalid.patch | 73 +++++++++++++++++++
.../recipes-support/libssh2/libssh2_1.11.1.bb | 1 +
2 files changed, 74 insertions(+)
create mode 100644 meta/recipes-support/libssh2/libssh2/0001-Return-error-if-user-KEX-methods-are-invalid.patch
diff --git a/meta/recipes-support/libssh2/libssh2/0001-Return-error-if-user-KEX-methods-are-invalid.patch b/meta/recipes-support/libssh2/libssh2/0001-Return-error-if-user-KEX-methods-are-invalid.patch
new file mode 100644
index 0000000000..9e7bb9a905
--- /dev/null
+++ b/meta/recipes-support/libssh2/libssh2/0001-Return-error-if-user-KEX-methods-are-invalid.patch
@@ -0,0 +1,73 @@
+From 4beed7245889ba149cc372f845d5969ce5103a5d Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Fri, 28 Feb 2025 09:32:30 -0800
+Subject: [PATCH] Return error if user KEX methods are invalid #1553 (#1554)
+
+Notes:
+Fixes #1553. Restores error case if user passes in invalid KEX method value to libssh2_session_method_pref.
+
+Credit:
+Amy Lin
+
+Upstream-Status: Backport [https://github.com/libssh2/libssh2/commit/4beed7245889ba149cc372f845d5969ce5103a5d]
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/kex.c | 33 +++++++++++++++++++++------------
+ 1 file changed, 21 insertions(+), 12 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index ebee54f987..bafda0e611 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -4196,23 +4196,11 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+ char *tmpprefs = NULL;
+ size_t prefs_len = strlen(prefs);
+ const LIBSSH2_COMMON_METHOD **mlist;
+- const char *kex_extensions = "ext-info-c,kex-strict-c-v00@openssh.com,";
+- size_t kex_extensions_len = strlen(kex_extensions);
+
+ switch(method_type) {
+ case LIBSSH2_METHOD_KEX:
+ prefvar = &session->kex_prefs;
+ mlist = (const LIBSSH2_COMMON_METHOD **)libssh2_kex_methods;
+- tmpprefs = LIBSSH2_ALLOC(session, kex_extensions_len + prefs_len + 1);
+- if(!tmpprefs) {
+- return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+- "Error allocated space for kex method"
+- " preferences");
+- }
+- memcpy(tmpprefs, kex_extensions, kex_extensions_len);
+- memcpy(tmpprefs + kex_extensions_len, prefs, prefs_len + 1);
+- prefs = tmpprefs;
+- prefs_len = strlen(prefs);
+ break;
+
+ case LIBSSH2_METHOD_HOSTKEY:
+@@ -4314,6 +4302,27 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
+ "supported");
+ }
+
++ /* add method kex extension to the start of the user list */
++ if(method_type == LIBSSH2_METHOD_KEX) {
++ const char *kex_extensions =
++ "ext-info-c,kex-strict-c-v00@openssh.com,";
++ size_t kex_extensions_len = strlen(kex_extensions);
++ size_t tmp_len = kex_extensions_len + strlen(newprefs);
++ tmpprefs = LIBSSH2_ALLOC(session, tmp_len + 1);
++ if(!tmpprefs) {
++ return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
++ "Error allocated space for kex method"
++ " preferences");
++ }
++
++ memcpy(tmpprefs, kex_extensions, kex_extensions_len);
++ memcpy(tmpprefs + kex_extensions_len, newprefs, strlen(newprefs));
++ tmpprefs[tmp_len] = '\0';
++
++ LIBSSH2_FREE(session, newprefs);
++ newprefs = tmpprefs;
++ }
++
+ if(*prefvar) {
+ LIBSSH2_FREE(session, *prefvar);
+ }
diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
index 6d2580072b..11d7448687 100644
--- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2fbf8f834408079bf1fcbadb9814b1bc"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://run-ptest \
+ file://0001-Return-error-if-user-KEX-methods-are-invalid.patch \
"
SRC_URI[sha256sum] = "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 12/18] spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (10 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 11/18] libssh2: fix regression in KEX method validation (GH-1553) Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 13/18] cross.bbclass: Propagate dependencies to outhash Steve Sakoman
` (5 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Stefano Tondo <stefano.tondo.ext@siemens.com>
Fix incorrect function call when processing SPDX_CUSTOM_ANNOTATION_VARS.
The code was calling new_annotation() as a standalone function, but it
should be called as a method on the build_objset object.
Error:
new_annotation(d, build_objset, build, ...)
Corrected to:
build_objset.new_annotation(d, build_objset, build, ...)
This bug would cause a NameError at runtime if SPDX_CUSTOM_ANNOTATION_VARS
was set to a non-empty value, preventing SPDX document generation.
The fix aligns with how new_annotation() is called elsewhere in the
codebase and matches the SBOMObjset class method signature.
Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 52ab3b640c6bb7ece34cb4ea6026fd6375f17af4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oe/spdx30_tasks.py | 4 +-
meta/lib/oeqa/selftest/cases/spdx.py | 85 +++++++++++++++++++++++++---
2 files changed, 79 insertions(+), 10 deletions(-)
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index f2f133005d..4d11b3c289 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -498,9 +498,7 @@ def create_spdx(d):
build_objset.set_is_native(is_native)
for var in (d.getVar("SPDX_CUSTOM_ANNOTATION_VARS") or "").split():
- new_annotation(
- d,
- build_objset,
+ build_objset.new_annotation(
build,
"%s=%s" % (var, d.getVar(var)),
oe.spdx30.AnnotationType.other,
diff --git a/meta/lib/oeqa/selftest/cases/spdx.py b/meta/lib/oeqa/selftest/cases/spdx.py
index 8cd4e83ca2..f548dd4be7 100644
--- a/meta/lib/oeqa/selftest/cases/spdx.py
+++ b/meta/lib/oeqa/selftest/cases/spdx.py
@@ -34,7 +34,7 @@ class SPDX22Check(OESelftestTestCase):
arch_dir = get_bb_var("PACKAGE_ARCH", target_name)
spdx_version = get_bb_var("SPDX_VERSION")
# qemux86-64 creates the directory qemux86_64
- #arch_dir = arch_var.replace("-", "_")
+ # arch_dir = arch_var.replace("-", "_")
full_file_path = os.path.join(
deploy_dir, "spdx", spdx_version, arch_dir, high_level_dir, spdx_file
@@ -89,15 +89,12 @@ class SPDX3CheckBase(object):
return objset
def check_recipe_spdx(self, target_name, spdx_path, *, task=None, extraconf=""):
- config = (
- textwrap.dedent(
- f"""\
+ config = textwrap.dedent(
+ f"""\
INHERIT:remove = "create-spdx"
INHERIT += "{self.SPDX_CLASS}"
"""
- )
- + textwrap.dedent(extraconf)
- )
+ ) + textwrap.dedent(extraconf)
self.write_config(config)
@@ -286,3 +283,77 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
break
else:
self.assertTrue(False, "Unable to find imported Host SpdxID")
+
+ def test_custom_annotation_vars(self):
+ """
+ Test that SPDX_CUSTOM_ANNOTATION_VARS properly creates annotations
+ without runtime errors. This is a regression test for the bug where
+ new_annotation() was called as a standalone function instead of as
+ a method on build_objset, causing a NameError.
+
+ The test verifies:
+ 1. The build completes successfully (no NameError)
+ 2. Each configured annotation variable appears exactly once
+ 3. The annotation values match the configured variables
+
+ We check for exact equality (not >=) to prevent regressions where
+ one annotation might appear multiple times while another is missing.
+ """
+ ANNOTATION_VAR1 = "TestAnnotation1"
+ ANNOTATION_VAR2 = "TestAnnotation2"
+
+ # This will fail with NameError if new_annotation() is called incorrectly
+ objset = self.check_recipe_spdx(
+ "base-files",
+ "{DEPLOY_DIR_SPDX}/{MACHINE_ARCH}/recipes/recipe-base-files.spdx.json",
+ extraconf=textwrap.dedent(
+ f"""\
+ ANNOTATION1 = "{ANNOTATION_VAR1}"
+ ANNOTATION2 = "{ANNOTATION_VAR2}"
+ SPDX_CUSTOM_ANNOTATION_VARS = "ANNOTATION1 ANNOTATION2"
+ """
+ ),
+ )
+
+ # If we got here, the build succeeded (no NameError)
+ # Now verify the annotations were actually created
+
+ # Find the build element
+ build = None
+ for o in objset.foreach_type(oe.spdx30.build_Build):
+ build = o
+ break
+
+ self.assertIsNotNone(build, "Unable to find Build element")
+
+ # Find annotation objects that reference our build
+ found_annotations = []
+ for obj in objset.objects: # <-- Remove parentheses
+ if isinstance(obj, oe.spdx30.Annotation):
+ if hasattr(obj, "subject") and build._id == obj.subject._id:
+ found_annotations.append(obj)
+
+ # Check each annotation separately to ensure exactly one occurrence of each
+ annotation1_count = 0
+ annotation2_count = 0
+
+ for annotation in found_annotations:
+ if hasattr(annotation, "statement"):
+ if f"ANNOTATION1={ANNOTATION_VAR1}" in annotation.statement:
+ annotation1_count += 1
+ self.logger.info(f"Found ANNOTATION1: {annotation.statement}")
+ if f"ANNOTATION2={ANNOTATION_VAR2}" in annotation.statement:
+ annotation2_count += 1
+ self.logger.info(f"Found ANNOTATION2: {annotation.statement}")
+
+ # Each annotation should appear exactly once
+ self.assertEqual(
+ annotation1_count,
+ 1,
+ f"Expected exactly 1 occurrence of ANNOTATION1, found {annotation1_count}",
+ )
+ self.assertEqual(
+ annotation2_count,
+ 1,
+ f"Expected exactly 1 occurrence of ANNOTATION2, found {annotation2_count}",
+ )
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 13/18] cross.bbclass: Propagate dependencies to outhash
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (11 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 12/18] spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 14/18] curl: Use host CA bundle by default for native(sdk) builds Steve Sakoman
` (4 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
Similar to what native and staging is doing since:
https://git.openembedded.org/openembedded-core/commit/meta/classes/native.bbclass?id=d6c7b9f4f0e61fa6546d3644e27abe3e96f597e2
https://git.openembedded.org/openembedded-core/commit/meta/classes/staging.bbclass?id=1cf62882bbac543960e4815d117ffce0e53bda07
Cross task outputs can call native dependencies and even when cross
recipe output doesn't change it might produce different results when
the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH}
contains symlink to clang binary from clang-native, but when clang-native
outhash is changed, clang-cross-${TARGET_ARCH} will still be considered
equivalent and target recipes aren't rebuilt with new clang binary, see
work around in https://github.com/kraj/meta-clang/pull/1140 to make target
recipes to depend directly not only on clang-cross-${TARGET_ARCH} but
clang-native as well.
I have added a small testcase in meta-selftest which demostrates this issue.
Not included in this change, but will send it if useful.
openembedded-core $ ls -1 meta-selftest/recipes-devtools/hashequiv-test/
print-datetime-link-cross.bb
print-datetime-link-native.bb
print-datetime-native.bb
print-datetime-usecross.bb
print-datetime-usenative.bb
print-datetime-native provides script which prints defined PRINT_DATETIME variable.
print-datetime-link-native and print-datetime-link-cross both provide a symlink to
the script from print-datetime-native.
print-datetime-usenative and print-datetime-usecross are target recipes using the
native and cross versions of print-datetime-link-* recipe.
# clean build all is rebuilt:
$ bitbake -k print-datetime-usenative print-datetime-usecross
WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_05
WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_05
WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_05
WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_05
WARNING: print-datetime-usecross-1.0-r0 do_install: print-datetime-usecross current DATETIME from print-datetime-link is 2025-11-13_20_05
# keep sstate-cache and hashserv.db:
# print-datetime-usenative is correctly rebuilt, because print-datetime-link-native has different hash (because print-datetime-native hash changed)
# print-datetime-usecross wasn't rebuilt, because print-datetime-link-cross-x86_64 doesn't include the changed hash of print-datetime-native
$ bitbake -k print-datetime-usenative print-datetime-usecross
WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_07
WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_07
WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_07
WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_07
It's because print-datetime-link-cross-x86_64 depsig doesn't include print-datetime-native signature:
$ cat tmp/work/x86_64-linux/print-datetime-link-cross-x86_64/1.0/temp/depsig.do_populate_sysroot
OEOuthashBasic
18
SSTATE_PKGSPEC=sstate:print-datetime-link-cross-x86_64:x86_64-oe-linux:1.0:r0:x86_64:14:
task=populate_sysroot
drwx .
drwx ./recipe-sysroot-native
drwx ./recipe-sysroot-native/sysroot-providers
-rw- 32 19fbeb373f781c2504453c1ca04dab018a7bc8388c87f4bbc59589df31523d07 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-cross-x86_64
drwx ./recipe-sysroot-native/usr
drwx ./recipe-sysroot-native/usr/bin
drwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux
lrwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux/print-datetime-link -> ../print-datetime
While print-datetime-link-native doesn't have this issue, because print-datetime-native signature is there:
$ cat tmp/work/x86_64-linux/print-datetime-link-native/1.0/temp/depsig.do_populate_sysroot
OEOuthashBasic
18
print-datetime-native: 60f2734a63d708489570ca719413b4662f8368abc9f4760a279a0a5481e4a17b
quilt-native: 65d78a7a5b5cbbf0969798efe558ca28e7ef058f4232fcff266912d16f67a8b8
SSTATE_PKGSPEC=sstate:print-datetime-link-native:x86_64-linux:1.0:r0:x86_64:14:
task=populate_sysroot
drwx .
drwx ./recipe-sysroot-native
drwx ./recipe-sysroot-native/sysroot-providers
-rw- 26 3d5458be834b2d0e4c65466b9b877d6028ae2210a56399284a23144818666f10 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-native
drwx ./recipe-sysroot-native/usr
drwx ./recipe-sysroot-native/usr/bin
lrwx ./recipe-sysroot-native/usr/bin/print-datetime-link -> print-datetime
With the cross.bbclass fix the link-cross recipe has a checksum from native recipe as well:
$ cat tmp/work/x86_64-linux/print-datetime-link-cross-x86_64/1.0/temp/depsig.do_populate_sysroot
OEOuthashBasic
18
print-datetime-native: 9ceb6c27342eae6b8da86c84685af38fb8927ccc19979aae75b8b1e444b11c5c
quilt-native: 65d78a7a5b5cbbf0969798efe558ca28e7ef058f4232fcff266912d16f67a8b8
SSTATE_PKGSPEC=sstate:print-datetime-link-cross-x86_64:x86_64-oe-linux:1.0:r0:x86_64:14:
task=populate_sysroot
drwx .
drwx ./recipe-sysroot-native
drwx ./recipe-sysroot-native/sysroot-providers
-rw- 32 19fbeb373f781c2504453c1ca04dab018a7bc8388c87f4bbc59589df31523d07 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-cross-x86_64
drwx ./recipe-sysroot-native/usr
drwx ./recipe-sysroot-native/usr/bin
drwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux
lrwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux/print-datetime-link -> ../print-datetime
And print-datetime-usecross is correctly rebuilt whenever print-datetime-native output is different.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 267b651e875d9381a23ffd5757d426714c029409)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/cross.bbclass | 36 +++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/meta/classes-recipe/cross.bbclass b/meta/classes-recipe/cross.bbclass
index 9abf166e50..c3eeade67b 100644
--- a/meta/classes-recipe/cross.bbclass
+++ b/meta/classes-recipe/cross.bbclass
@@ -101,3 +101,39 @@ addtask addto_recipe_sysroot after do_populate_sysroot
do_addto_recipe_sysroot[deptask] = "do_populate_sysroot"
PATH:prepend = "${COREBASE}/scripts/cross-intercept:"
+
+#
+# Cross task outputs can call native dependencies and even when cross
+# recipe output doesn't change it might produce different results when
+# the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH}
+# contains symlink to clang binary from clang-native, but when clang-native
+# outhash is changed, clang-cross-${TARGET_ARCH} will still be considered
+# equivalent and target recipes aren't rebuilt with new clang binary, see
+# work around in https://github.com/kraj/meta-clang/pull/1140 to make target
+# recipes to depend directly not only on clang-cross-${TARGET_ARCH} but
+# clang-native as well.
+#
+# This can cause poor interactions with hash equivalence, since this recipes
+# output-changing dependency is "hidden" and downstream task only see that this
+# recipe has the same outhash and therefore is equivalent. This can result in
+# different output in different cases.
+#
+# To resolve this, unhide the output-changing dependency by adding its unihash
+# to this tasks outhash calculation. Unfortunately, don't know specifically
+# know which dependencies are output-changing, so we have to add all of them.
+#
+python cross_add_do_populate_sysroot_deps () {
+ current_task = "do_" + d.getVar("BB_CURRENTTASK")
+ if current_task != "do_populate_sysroot":
+ return
+
+ taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+ pn = d.getVar("PN")
+ deps = {
+ dep[0]:dep[6] for dep in taskdepdata.values() if
+ dep[1] == current_task and dep[0] != pn
+ }
+
+ d.setVar("HASHEQUIV_EXTRA_SIGDATA", "\n".join("%s: %s" % (k, deps[k]) for k in sorted(deps.keys())))
+}
+SSTATECREATEFUNCS += "cross_add_do_populate_sysroot_deps"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 14/18] curl: Use host CA bundle by default for native(sdk) builds
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (12 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 13/18] cross.bbclass: Propagate dependencies to outhash Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 15/18] xserver-nodm-init: avoid race condition related to udev Steve Sakoman
` (3 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Moritz Haase <Moritz.Haase@bmw.de>
Fixes YOCTO #16077
Commit 4909a46e broke HTTPS downloads in opkg in the SDK, they now fail with:
> SSL certificate problem: self-signed certificate in certificate chain
The root cause is a difference in the handling of related env vars between
curl-cli and libcurl. The CLI will honour CURL_CA_BUNDLE and SSL_CERT_DIR|FILE
(see [0]). Those are set in the SDK via env setup scripts like [1], so curl
continued to work. The library however does not handle those env vars. Thus,
unless the program utilizing libcurl has implemented a similar mechanism itself
and configures libcurl accordingly via the API (like for example Git in [2] and
[3]), there will be no default CA bundle configured to verify certificates
against.
Opkg only supports setting the CA bundle path via config options 'ssl_ca_file'
and 'ssl_ca_path'. Upstreaming and then backporting a patch to add env var
support is not a feasible short-time fix for the issue at hand. Instead it's
better to ship libcurl in the SDK with a sensible built-in default - which also
helps any other libcurl users.
This patch is based on a proposal by Peter.Marko@siemens.com in the related
mailing list discussion at [4].
[0]: https://github.com/curl/curl/blob/400fffa90f30c7a2dc762fa33009d24851bd2016/src/tool_operate.c#L2056-L2084
[1]: https://git.openembedded.org/openembedded-core/tree/meta/recipes-support/curl/curl/environment.d-curl.sh?id=3a15ca2a784539098e95a3a06dec7c39f23db985
[2]: https://github.com/git/git/blob/6ab38b7e9cc7adafc304f3204616a4debd49c6e9/http.c#L1389
[3]: https://github.com/git/git/blob/6ab38b7e9cc7adafc304f3204616a4debd49c6e9/http.c#L1108-L1109
[4]: https://lists.openembedded.org/g/openembedded-core/topic/115993530#msg226751
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
CC: matthias.schiffer@ew.tq-group.com
CC: Peter.Marko@siemens.com
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f819f57aa1960af36ac0448106d1dce7f38c050)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/curl/curl_8.17.0.bb | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index 32585070eb..352f407d28 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -75,16 +75,21 @@ PACKAGECONFIG[websockets] = "--enable-websockets,--disable-websockets"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd"
+# Use host certificates for non-target builds. As libcurl doesn't honor any of the env vars (like
+# for example CURL_CA_PATH) that curl-cli does, we need to explicitly set '--with-ca-bundle'
+# accordingly, so that there is a working, built-in default even for those tools that use libcurl,
+# but don't have custom env var handling implemented (like opkg).
+CURL_CA_BUNDLE_BASE_DIR ?= "/etc"
+CURL_CA_BUNDLE_BASE_DIR:class-target = "${sysconfdir}"
+
EXTRA_OECONF = " \
--disable-libcurl-option \
--without-libpsl \
--enable-optimize \
+ --with-ca-bundle=${CURL_CA_BUNDLE_BASE_DIR}/ssl/certs/ca-certificates.crt \
${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \
WATT_ROOT=${STAGING_DIR_TARGET}${prefix} \
"
-EXTRA_OECONF:append:class-target = " \
- --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
-"
fix_absolute_paths () {
# cleanup buildpaths from curl-config
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 15/18] xserver-nodm-init: avoid race condition related to udev
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (13 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 14/18] curl: Use host CA bundle by default for native(sdk) builds Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 16/18] cve-update: Avoid NFS caching issues Steve Sakoman
` (2 subsequent siblings)
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
With systemd upgraded to 258+, there's a race condition error found
on qemuarm:
failed to find screen to remove
This error is likely to be introduced by the following systemd commit:
https://github.com/systemd/systemd/commit/0ba9d06963ecb848e71951ed5e9f6f6f03b80b06
However, I think the commit cannot be reverted, not only because
there are a bunch of changes based on this one, but also because
the change look like a reasonable one.
Before xserver is able to handle such issue inside its codes, this service
need wait for udev to settle things before it starts. This can avoid the
above race condition error.
Fixes [YOCTO #16045]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 213dd5a0b786047cd4de0f51b4b49c9b8b628709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../x11-common/xserver-nodm-init/xserver-nodm.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm.service.in b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm.service.in
index 87dc4f8fcd..43aaa84c0f 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm.service.in
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm.service.in
@@ -1,5 +1,7 @@
[Unit]
Description=Xserver startup without a display manager
+After=systemd-udev-settle.service
+Wants=systemd-udev-settle.service
[Service]
EnvironmentFile=/etc/default/xserver-nodm
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 16/18] cve-update: Avoid NFS caching issues
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (14 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 15/18] xserver-nodm-init: avoid race condition related to udev Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 17/18] create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK installation Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs Steve Sakoman
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Paul Barker <paul@pbarker.dev>
When moving the updated CVE database file to the downloads directory,
ensure that it has a different inode number to the previous version of
this file.
We have seen "sqlite3.DatabaseError: database disk image is malformed"
exceptions on our autobuilder when trying to read the CVE database in
do_cve_check tasks. The context here is that the downloads directory
(where the updated database file is copied to) is shared between workers
as an NFS mount. Different autobuilder workers were seeing different
checksums for the database file, which indicates that a mix of both new
and stale data was being read. Forcing each new version of the database
file to have a different inode number will prevent stale data from being
read from local caches.
This should fix [YOCTO #16086].
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f63622bbec1cfaca6d0b3e05e11466e4c10fa86e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 9 +++++++--
meta/recipes-core/meta/cve-update-nvd2-native.bb | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 3a6dc95580..01f942dcdb 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -78,8 +78,13 @@ python do_fetch() {
shutil.copy2(db_file, db_tmp_file)
if update_db_file(db_tmp_file, d):
- # Update downloaded correctly, can swap files
- shutil.move(db_tmp_file, db_file)
+ # Update downloaded correctly, we can swap files. To avoid potential
+ # NFS caching issues, ensure that the destination file has a new inode
+ # number. We do this in two steps as the downloads directory may be on
+ # a different filesystem to tmpdir we're working in.
+ new_file = "%s.new" % (db_file)
+ shutil.move(db_tmp_file, new_file)
+ os.rename(new_file, db_file)
else:
# Update failed, do not modify the database
bb.warn("CVE database update failed")
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index abcbcffcc6..8c8148dd92 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -93,8 +93,13 @@ python do_fetch() {
shutil.copy2(db_file, db_tmp_file)
if update_db_file(db_tmp_file, d, database_time):
- # Update downloaded correctly, can swap files
- shutil.move(db_tmp_file, db_file)
+ # Update downloaded correctly, we can swap files. To avoid potential
+ # NFS caching issues, ensure that the destination file has a new inode
+ # number. We do this in two steps as the downloads directory may be on
+ # a different filesystem to tmpdir we're working in.
+ new_file = "%s.new" % (db_file)
+ shutil.move(db_tmp_file, new_file)
+ os.rename(new_file, db_file)
else:
# Update failed, do not modify the database
bb.warn("CVE database update failed")
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 17/18] create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK installation
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (15 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 16/18] cve-update: Avoid NFS caching issues Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs Steve Sakoman
17 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
Fixes [YOCTO #15853]
Image SPDX/SBOM tasks were running after do_sdk_depends, causing their
signatures to be excluded from locked-sigs.inc. As a result, the eSDK installer
attempted to re-run these tasks, leading to unexpected task execution errors.
Run do_create_image_sbom_spdx before do_sdk_depends to ensure all image
SPDX/SBOM tasks are completed and captured in the locked signatures.
Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
Suggested-by: Joshua Watt <jpewhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 11c5653f16d4fbb751b2a4ad4e477bbe779d6e72)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/create-spdx-image-3.0.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/create-spdx-image-3.0.bbclass b/meta/classes-recipe/create-spdx-image-3.0.bbclass
index 636ab14eb0..f070b7e697 100644
--- a/meta/classes-recipe/create-spdx-image-3.0.bbclass
+++ b/meta/classes-recipe/create-spdx-image-3.0.bbclass
@@ -69,7 +69,7 @@ python do_create_image_sbom_spdx() {
import oe.spdx30_tasks
oe.spdx30_tasks.create_image_sbom_spdx(d)
}
-addtask do_create_image_sbom_spdx after do_create_rootfs_spdx do_create_image_spdx before do_build
+addtask do_create_image_sbom_spdx after do_create_rootfs_spdx do_create_image_spdx before do_build do_sdk_depends
SSTATETASKS += "do_create_image_sbom_spdx"
SSTATE_SKIP_CREATION:task-create-image-sbom = "1"
do_create_image_sbom_spdx[sstate-inputdirs] = "${SPDXIMAGEDEPLOYDIR}"
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
` (16 preceding siblings ...)
2025-12-21 21:37 ` [OE-core][whinlatter 17/18] create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK installation Steve Sakoman
@ 2025-12-21 21:37 ` Steve Sakoman
2026-01-06 21:30 ` Randy MacLeod
17 siblings, 1 reply; 22+ messages in thread
From: Steve Sakoman @ 2025-12-21 21:37 UTC (permalink / raw)
To: openembedded-core
From: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
Fixes [YOCTO #15853]
The filtering in populate_sdk_ext.bbclass was removing all image targets from
the locked signatures, including the main SDK images (SDK_TARGETS). As a
result, their tasks including the image SPDX/SBOM tasks were not added to
locked-sigs.inc.
Without these entries, the eSDK lacked the necessary sstate, and the installer
attempted to run the missing tasks during installation, leading to unexpected
task execution errors.
This patch keeps SDK_TARGETS (and their multilib variants) in the locked
signatures so their SPDX/SBOM tasks are included. With those tasks in the
sstate cache, the eSDK installs cleanly without needing to re-run anything.
Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 920c5de570ec575a9eaccb105461394d9fa0f1db)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes-recipe/populate_sdk_ext.bbclass | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass
index 2859320ddf..2838ca1a03 100644
--- a/meta/classes-recipe/populate_sdk_ext.bbclass
+++ b/meta/classes-recipe/populate_sdk_ext.bbclass
@@ -460,6 +460,15 @@ def prepare_locked_cache(d, baseoutpath, derivative, conf_initpath):
# Filter the locked signatures file to just the sstate tasks we are interested in
excluded_targets = get_sdk_install_targets(d, images_only=True)
+ sdk_targets = d.getVar('SDK_TARGETS')
+ ext_sdk_target_set = set(multilib_pkg_extend(d, sdk_targets).split())
+ excluded_set = set(excluded_targets.split())
+
+ # Ensure SDK_TARGETS and their image SPDX/SBOM tasks are included in the locked signatures,
+ # as they are required during eSDK installation.
+ filtered_excluded_set = excluded_set - ext_sdk_target_set
+ excluded_targets = ' '.join(filtered_excluded_set)
+
sigfile = d.getVar('WORKDIR') + '/locked-sigs.inc'
lockedsigs_pruned = baseoutpath + '/conf/locked-sigs.inc'
#nativesdk-only sigfile to merge into locked-sigs.inc
--
2.43.0
^ permalink raw reply related [flat|nested] 22+ messages in thread
* Re: [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs
2025-12-21 21:37 ` [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs Steve Sakoman
@ 2026-01-06 21:30 ` Randy MacLeod
2026-01-06 22:37 ` Steve Sakoman
0 siblings, 1 reply; 22+ messages in thread
From: Randy MacLeod @ 2026-01-06 21:30 UTC (permalink / raw)
To: steve, openembedded-core, Yoann Congal, Jayasurya, Maganuru
Cc: paul, Joshua Watt
[-- Attachment #1: Type: text/plain, Size: 3928 bytes --]
On 2025-12-21 4:37 p.m., Steve Sakoman via lists.openembedded.org wrote:
> From: Jayasurya Maganuru<Maganuru.Jayasurya@windriver.com>
>
> Fixes [YOCTO #15853]
Steve, Yoann, and others,
This commit as well as 17/18 made it into whinlatter before master.
Was that intentional ?
❯ git log --oneline origin/whinlatter ^master
meta/classes-recipe/populate_sdk_ext.bbclass
9964fa3da2 (origin/whinlatter) populate_sdk_ext: keep SDK_TARGETS so
SPDX/SBOM tasks remain in locked sigs
❯ git log --oneline origin/whinlatter ^master
9964fa3da2 (origin/whinlatter) populate_sdk_ext: keep SDK_TARGETS so
SPDX/SBOM tasks remain in locked sigs
3f57280caa create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for
eSDK installation
7f02b3f811 cve-update: Avoid NFS caching issues
The patches has been sitting in master-next for a while since people
have some concerns about them, IIRC.
What do we do now, revert ?
Apologies for missing the review deadline.
Maybe next year, there should be a longer merge freeze around Xmas time
so that there's sufficient review.
../Randy
> The filtering in populate_sdk_ext.bbclass was removing all image targets from
> the locked signatures, including the main SDK images (SDK_TARGETS). As a
> result, their tasks including the image SPDX/SBOM tasks were not added to
> locked-sigs.inc.
>
> Without these entries, the eSDK lacked the necessary sstate, and the installer
> attempted to run the missing tasks during installation, leading to unexpected
> task execution errors.
>
> This patch keeps SDK_TARGETS (and their multilib variants) in the locked
> signatures so their SPDX/SBOM tasks are included. With those tasks in the
> sstate cache, the eSDK installs cleanly without needing to re-run anything.
>
> Signed-off-by: Jayasurya Maganuru<Maganuru.Jayasurya@windriver.com>
> Signed-off-by: Mathieu Dubois-Briand<mathieu.dubois-briand@bootlin.com>
> Signed-off-by: Richard Purdie<richard.purdie@linuxfoundation.org>
> (cherry picked from commit 920c5de570ec575a9eaccb105461394d9fa0f1db)
> Signed-off-by: Steve Sakoman<steve@sakoman.com>
> ---
> meta/classes-recipe/populate_sdk_ext.bbclass | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass
> index 2859320ddf..2838ca1a03 100644
> --- a/meta/classes-recipe/populate_sdk_ext.bbclass
> +++ b/meta/classes-recipe/populate_sdk_ext.bbclass
> @@ -460,6 +460,15 @@ def prepare_locked_cache(d, baseoutpath, derivative, conf_initpath):
>
> # Filter the locked signatures file to just the sstate tasks we are interested in
> excluded_targets = get_sdk_install_targets(d, images_only=True)
> + sdk_targets = d.getVar('SDK_TARGETS')
> + ext_sdk_target_set = set(multilib_pkg_extend(d, sdk_targets).split())
> + excluded_set = set(excluded_targets.split())
> +
> + # Ensure SDK_TARGETS and their image SPDX/SBOM tasks are included in the locked signatures,
> + # as they are required during eSDK installation.
> + filtered_excluded_set = excluded_set - ext_sdk_target_set
> + excluded_targets = ' '.join(filtered_excluded_set)
> +
> sigfile = d.getVar('WORKDIR') + '/locked-sigs.inc'
> lockedsigs_pruned = baseoutpath + '/conf/locked-sigs.inc'
> #nativesdk-only sigfile to merge into locked-sigs.inc
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#228276):https://lists.openembedded.org/g/openembedded-core/message/228276
> Mute This Topic:https://lists.openembedded.org/mt/116893601/3616765
> Group Owner:openembedded-core+owner@lists.openembedded.org
> Unsubscribe:https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
# Randy MacLeod
# Wind River Linux
[-- Attachment #2: Type: text/html, Size: 5855 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs
2026-01-06 21:30 ` Randy MacLeod
@ 2026-01-06 22:37 ` Steve Sakoman
2026-01-06 23:01 ` Yoann Congal
0 siblings, 1 reply; 22+ messages in thread
From: Steve Sakoman @ 2026-01-06 22:37 UTC (permalink / raw)
To: randy.macleod
Cc: openembedded-core, Yoann Congal, Jayasurya, Maganuru, paul,
Joshua Watt
Sigh, this was my mistake.
I saw they were in master-next and moved them into whinlatter-nut for
testing and then forgot to check to see if they merged before I sent
them out for review.
We should revert them before the whinlatter release build.
Time to retire, I'm making mistakes :-(
Steve
On Tue, Jan 6, 2026 at 1:30 PM Randy MacLeod via
lists.openembedded.org
<randy.macleod=windriver.com@lists.openembedded.org> wrote:
>
> On 2025-12-21 4:37 p.m., Steve Sakoman via lists.openembedded.org wrote:
>
> From: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
>
> Fixes [YOCTO #15853]
>
> Steve, Yoann, and others,
>
> This commit as well as 17/18 made it into whinlatter before master.
> Was that intentional ?
>
> ❯ git log --oneline origin/whinlatter ^master meta/classes-recipe/populate_sdk_ext.bbclass
> 9964fa3da2 (origin/whinlatter) populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs
>
> ❯ git log --oneline origin/whinlatter ^master
> 9964fa3da2 (origin/whinlatter) populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs
> 3f57280caa create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK installation
> 7f02b3f811 cve-update: Avoid NFS caching issues
>
> The patches has been sitting in master-next for a while since people
> have some concerns about them, IIRC.
>
> What do we do now, revert ?
>
>
> Apologies for missing the review deadline.
> Maybe next year, there should be a longer merge freeze around Xmas time
> so that there's sufficient review.
>
> ../Randy
>
>
>
> The filtering in populate_sdk_ext.bbclass was removing all image targets from
> the locked signatures, including the main SDK images (SDK_TARGETS). As a
> result, their tasks including the image SPDX/SBOM tasks were not added to
> locked-sigs.inc.
>
> Without these entries, the eSDK lacked the necessary sstate, and the installer
> attempted to run the missing tasks during installation, leading to unexpected
> task execution errors.
>
> This patch keeps SDK_TARGETS (and their multilib variants) in the locked
> signatures so their SPDX/SBOM tasks are included. With those tasks in the
> sstate cache, the eSDK installs cleanly without needing to re-run anything.
>
> Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 920c5de570ec575a9eaccb105461394d9fa0f1db)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/classes-recipe/populate_sdk_ext.bbclass | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass b/meta/classes-recipe/populate_sdk_ext.bbclass
> index 2859320ddf..2838ca1a03 100644
> --- a/meta/classes-recipe/populate_sdk_ext.bbclass
> +++ b/meta/classes-recipe/populate_sdk_ext.bbclass
> @@ -460,6 +460,15 @@ def prepare_locked_cache(d, baseoutpath, derivative, conf_initpath):
>
> # Filter the locked signatures file to just the sstate tasks we are interested in
> excluded_targets = get_sdk_install_targets(d, images_only=True)
> + sdk_targets = d.getVar('SDK_TARGETS')
> + ext_sdk_target_set = set(multilib_pkg_extend(d, sdk_targets).split())
> + excluded_set = set(excluded_targets.split())
> +
> + # Ensure SDK_TARGETS and their image SPDX/SBOM tasks are included in the locked signatures,
> + # as they are required during eSDK installation.
> + filtered_excluded_set = excluded_set - ext_sdk_target_set
> + excluded_targets = ' '.join(filtered_excluded_set)
> +
> sigfile = d.getVar('WORKDIR') + '/locked-sigs.inc'
> lockedsigs_pruned = baseoutpath + '/conf/locked-sigs.inc'
> #nativesdk-only sigfile to merge into locked-sigs.inc
>
>
>
>
> --
> # Randy MacLeod
> # Wind River Linux
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#228933): https://lists.openembedded.org/g/openembedded-core/message/228933
> Mute This Topic: https://lists.openembedded.org/mt/116893601/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs
2026-01-06 22:37 ` Steve Sakoman
@ 2026-01-06 23:01 ` Yoann Congal
0 siblings, 0 replies; 22+ messages in thread
From: Yoann Congal @ 2026-01-06 23:01 UTC (permalink / raw)
To: Steve Sakoman
Cc: randy.macleod, openembedded-core, Jayasurya, Maganuru, paul,
Joshua Watt
[-- Attachment #1: Type: text/plain, Size: 4994 bytes --]
Le mar. 6 janv. 2026 à 23:37, Steve Sakoman <steve@sakoman.com> a écrit :
> Sigh, this was my mistake.
>
> I saw they were in master-next and moved them into whinlatter-nut for
> testing and then forgot to check to see if they merged before I sent
> them out for review.
>
> We should revert them before the whinlatter release build.
>
I'll handle this. There will be one last patch review series before
the 5.3.1 release build.
I will add the reverts to the list.
> Time to retire, I'm making mistakes :-(
>
That's fine, we got this :)
> Steve
>
> On Tue, Jan 6, 2026 at 1:30 PM Randy MacLeod via
> lists.openembedded.org
> <randy.macleod=windriver.com@lists.openembedded.org> wrote:
> >
> > On 2025-12-21 4:37 p.m., Steve Sakoman via lists.openembedded.org wrote:
> >
> > From: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
> >
> > Fixes [YOCTO #15853]
> >
> > Steve, Yoann, and others,
> >
> > This commit as well as 17/18 made it into whinlatter before master.
>
Nice catch, Randy!
> > Was that intentional ?
> >
> > ❯ git log --oneline origin/whinlatter ^master
> meta/classes-recipe/populate_sdk_ext.bbclass
> > 9964fa3da2 (origin/whinlatter) populate_sdk_ext: keep SDK_TARGETS so
> SPDX/SBOM tasks remain in locked sigs
> >
> > ❯ git log --oneline origin/whinlatter ^master
> > 9964fa3da2 (origin/whinlatter) populate_sdk_ext: keep SDK_TARGETS so
> SPDX/SBOM tasks remain in locked sigs
> > 3f57280caa create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for
> eSDK installation
> > 7f02b3f811 cve-update: Avoid NFS caching issues
> >
> > The patches has been sitting in master-next for a while since people
> > have some concerns about them, IIRC.
> >
> > What do we do now, revert ?
> >
> >
> > Apologies for missing the review deadline.
> > Maybe next year, there should be a longer merge freeze around Xmas time
> > so that there's sufficient review.
> >
> > ../Randy
> >
> >
> >
> > The filtering in populate_sdk_ext.bbclass was removing all image targets
> from
> > the locked signatures, including the main SDK images (SDK_TARGETS). As a
> > result, their tasks including the image SPDX/SBOM tasks were not added to
> > locked-sigs.inc.
> >
> > Without these entries, the eSDK lacked the necessary sstate, and the
> installer
> > attempted to run the missing tasks during installation, leading to
> unexpected
> > task execution errors.
> >
> > This patch keeps SDK_TARGETS (and their multilib variants) in the locked
> > signatures so their SPDX/SBOM tasks are included. With those tasks in the
> > sstate cache, the eSDK installs cleanly without needing to re-run
> anything.
> >
> > Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
> > Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > (cherry picked from commit 920c5de570ec575a9eaccb105461394d9fa0f1db)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> > meta/classes-recipe/populate_sdk_ext.bbclass | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/meta/classes-recipe/populate_sdk_ext.bbclass
> b/meta/classes-recipe/populate_sdk_ext.bbclass
> > index 2859320ddf..2838ca1a03 100644
> > --- a/meta/classes-recipe/populate_sdk_ext.bbclass
> > +++ b/meta/classes-recipe/populate_sdk_ext.bbclass
> > @@ -460,6 +460,15 @@ def prepare_locked_cache(d, baseoutpath,
> derivative, conf_initpath):
> >
> > # Filter the locked signatures file to just the sstate tasks we are
> interested in
> > excluded_targets = get_sdk_install_targets(d, images_only=True)
> > + sdk_targets = d.getVar('SDK_TARGETS')
> > + ext_sdk_target_set = set(multilib_pkg_extend(d,
> sdk_targets).split())
> > + excluded_set = set(excluded_targets.split())
> > +
> > + # Ensure SDK_TARGETS and their image SPDX/SBOM tasks are included
> in the locked signatures,
> > + # as they are required during eSDK installation.
> > + filtered_excluded_set = excluded_set - ext_sdk_target_set
> > + excluded_targets = ' '.join(filtered_excluded_set)
> > +
> > sigfile = d.getVar('WORKDIR') + '/locked-sigs.inc'
> > lockedsigs_pruned = baseoutpath + '/conf/locked-sigs.inc'
> > #nativesdk-only sigfile to merge into locked-sigs.inc
> >
> >
> >
> >
> > --
> > # Randy MacLeod
> > # Wind River Linux
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#228933):
> https://lists.openembedded.org/g/openembedded-core/message/228933
> > Mute This Topic: https://lists.openembedded.org/mt/116893601/3620601
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> steve@sakoman.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
--
Yoann Congal
Smile ECS
[-- Attachment #2: Type: text/html, Size: 7598 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2026-01-06 23:01 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-21 21:36 [OE-core][whinlatter 00/18] Patch review Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 01/18] binutils: Fix CVE-2025-11494 Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 02/18] linux-yocto/6.12: update to v6.12.57 Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 03/18] linux-yocto/6.12: update CVE exclusions (6.12.57) Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 04/18] linux-yocto/6.12: update to v6.12.58 Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 05/18] linux-yocto/6.12: update CVE exclusions (6.12.58) Steve Sakoman
2025-12-21 21:36 ` [OE-core][whinlatter 06/18] linux-yocto/6.12: update to v6.12.59 Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 07/18] linux-yocto/6.12: update CVE exclusions (6.12.59) Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 08/18] linux-yocto/6.12: update to v6.12.60 Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 09/18] linux-yocto/6.12: update CVE exclusions (6.12.60) Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 10/18] go: upgrade 1.25.4 -> 1.25.5 Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 11/18] libssh2: fix regression in KEX method validation (GH-1553) Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 12/18] spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 13/18] cross.bbclass: Propagate dependencies to outhash Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 14/18] curl: Use host CA bundle by default for native(sdk) builds Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 15/18] xserver-nodm-init: avoid race condition related to udev Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 16/18] cve-update: Avoid NFS caching issues Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 17/18] create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK installation Steve Sakoman
2025-12-21 21:37 ` [OE-core][whinlatter 18/18] populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked sigs Steve Sakoman
2026-01-06 21:30 ` Randy MacLeod
2026-01-06 22:37 ` Steve Sakoman
2026-01-06 23:01 ` Yoann Congal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox