* [OE-core][scarthgap v2 01/41] pseudo: Update to version 1.9.8
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 02/41] openssh: fix CVE-2026-35386 Yoann Congal
` (39 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Mark Hatle <mark.hatle@kernel.crashing.org>
Changelog:
Makefile.in: Bump to 1.9.8
pseudo_client.h: Fix typo in the comment
client: permissions drop setuid and setgid
tests: Add setuid permission check
pseudo_client.h: Add +s to PSEUDO_DB_MODE for mkdir
tests: Add test that returned stat is correct
pseudo_client.h: Make it clear both macros must be updated together
Makefile.in: Add pseudo_client.h as a dependency
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fa302de94c7da77a49ca0701580467ebaa8eda18)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 1ca1ebd6bf2..3d7dd62448f 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "5b7c4b59e7e198aab54b35ea194aeb6d99794f96"
+SRCREV = "823895ba708c63f6ae4dcbfc266210f26c02c698"
S = "${WORKDIR}/git"
-PV = "1.9.7"
+PV = "1.9.8"
# largefile and 64bit time_t support adds these macros via compiler flags globally
# remove them for pseudo since pseudo intercepts some of the functions which will be
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 02/41] openssh: fix CVE-2026-35386
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 01/41] pseudo: Update to version 1.9.8 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 03/41] tiff: fix CVE-2026-4775 Yoann Congal
` (38 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
CVE-2026-35386 is already fixed by the existing CVE-2025-61984 backport.
Rename CVE-2025-61984.patch to CVE-2025-61984_CVE-2026-35386.patch and
add the second CVE tag to document that one patch covers both CVEs.
https://nvd.nist.gov/vuln/detail/CVE-2026-35386
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...CVE-2025-61984.patch => CVE-2025-61984_CVE-2026-35386.patch} | 2 +-
meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/openssh/openssh/{CVE-2025-61984.patch => CVE-2025-61984_CVE-2026-35386.patch} (99%)
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-61984.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-61984_CVE-2026-35386.patch
similarity index 99%
rename from meta/recipes-connectivity/openssh/openssh/CVE-2025-61984.patch
rename to meta/recipes-connectivity/openssh/openssh/CVE-2025-61984_CVE-2026-35386.patch
index f705410b240..7fcb02d613e 100644
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2025-61984.patch
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-61984_CVE-2026-35386.patch
@@ -32,7 +32,7 @@ Slightly modified since variable expansion of user names was
first released in 10.0, commit bd30cf784d6e8"
Upstream-Status: Backport [Upstream commit https://github.com/openssh/openssh-portable/commit/35d5917652106aede47621bb3f64044604164043]
-CVE: CVE-2025-61984
+CVE: CVE-2025-61984 CVE-2026-35386
Signed-off-by: David Nyström <david.nystrom@est.tech>
---
ssh.c | 26 +++++++++++++++++++++++---
diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index a1b5d4a5535..ea158b56b41 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -33,7 +33,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2025-26465.patch \
file://CVE-2025-32728.patch \
file://CVE-2025-61985.patch \
- file://CVE-2025-61984.patch \
+ file://CVE-2025-61984_CVE-2026-35386.patch \
file://CVE-2026-35385.patch \
file://CVE-2026-35387.patch \
file://CVE-2026-35388.patch \
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 03/41] tiff: fix CVE-2026-4775
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 01/41] pseudo: Update to version 1.9.8 Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 02/41] openssh: fix CVE-2026-35386 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 04/41] go: fix CVE-2025-58183 Yoann Congal
` (37 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Naman Jain <nmjain23@gmail.com>
Fix CVE-2026-4775
Reference: https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c
Signed-off-by: Naman Jain <namanj1@kpit.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libtiff/tiff/CVE-2026-4775.patch | 59 +++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 1 +
2 files changed, 60 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
new file mode 100644
index 00000000000..ed5f0714a61
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
@@ -0,0 +1,59 @@
+From 782a11d6b5b61c6dc21e714950a4af5bf89f023c Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 22 Feb 2026 23:32:47 +0100
+Subject: [PATCH] TIFFReadRGBAImage(): prevent integer overflow and later heap
+ overflow on images with huge width in YCbCr tile decoding functions
+
+Fixes https://gitlab.com/libtiff/libtiff/-/issues/787
+
+CVE: CVE-2026-4775
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c]
+
+Signed-off-by: Naman Jain <namanj1@kpit.com>
+---
+ libtiff/tif_getimage.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index 4543dddae..fa82d0910 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -2224,7 +2224,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr44tile)
+ uint32_t *cp1 = cp + w + toskew;
+ uint32_t *cp2 = cp1 + w + toskew;
+ uint32_t *cp3 = cp2 + w + toskew;
+- int32_t incr = 3 * w + 4 * toskew;
++ const tmsize_t incr = 3 * (tmsize_t)w + 4 * (tmsize_t)toskew;
+
+ (void)y;
+ /* adjust fromskew */
+@@ -2364,7 +2364,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr44tile)
+ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
+ {
+ uint32_t *cp1 = cp + w + toskew;
+- int32_t incr = 2 * toskew + w;
++ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+
+ (void)y;
+ fromskew = (fromskew / 4) * (4 * 2 + 2);
+@@ -2522,7 +2522,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr41tile)
+ DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
+ {
+ uint32_t *cp2;
+- int32_t incr = 2 * toskew + w;
++ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ (void)y;
+ fromskew = (fromskew / 2) * (2 * 2 + 2);
+ cp2 = cp + w + toskew;
+@@ -2625,7 +2625,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
+ DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
+ {
+ uint32_t *cp2;
+- int32_t incr = 2 * toskew + w;
++ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ (void)y;
+ fromskew = (fromskew / 1) * (1 * 2 + 2);
+ cp2 = cp + w + toskew;
+--
+GitLab
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 07540692fcf..fca846589fd 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-52356.patch \
file://CVE-2024-7006.patch \
file://CVE-2025-9900.patch \
+ file://CVE-2026-4775.patch \
"
SRC_URI[sha256sum] = "88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 04/41] go: fix CVE-2025-58183
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (2 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 03/41] tiff: fix CVE-2026-4775 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 05/41] go: fix CVE-2026-25679 Yoann Congal
` (36 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This patch applies the upstream fix [1], as referenced in [2],
to address unbounded memory consumption when reading GNU tar pax
1.0 sparse file regions in archive/tar.
[1] https://github.com/golang/go/commit/613e746327381d820759ebea6ce722720b343556
[2] https://security-tracker.debian.org/tracker/CVE-2025-58183
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-58183
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
.../go/go/CVE-2025-58183.patch | 107 ++++++++++++++++++
2 files changed, 108 insertions(+)
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58183.patch
diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index 7016acd0616..f6feb1d0b5f 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -58,6 +58,7 @@ SRC_URI += "\
file://CVE-2026-42501.patch \
file://CVE-2026-42504.patch \
file://CVE-2026-42507.patch \
+ file://CVE-2025-58183.patch \
"
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go/CVE-2025-58183.patch b/meta/recipes-devtools/go/go/CVE-2025-58183.patch
new file mode 100644
index 00000000000..51a4f02ddcd
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2025-58183.patch
@@ -0,0 +1,107 @@
+From c25bf45db0b232e8ad9d2bc53e61678ebc5efe90 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Thu, 11 Sep 2025 13:32:10 -0700
+Subject: [PATCH] [release-branch.go1.24] archive/tar: set a limit on the
+ size of GNU sparse file 1.0 regions
+
+Sparse files in tar archives contain only the non-zero components
+of the file. There are several different encodings for sparse
+files. When reading GNU tar pax 1.0 sparse files, archive/tar did
+not set a limit on the size of the sparse region data. A malicious
+archive containing a large number of sparse blocks could cause
+archive/tar to read an unbounded amount of data from the archive
+into memory.
+
+Since a malicious input can be highly compressable, a small
+compressed input could cause very large allocations.
+
+Cap the size of the sparse block data to the same limit used
+for PAX headers (1 MiB).
+
+Thanks to Harshit Gupta (Mr HAX) (https://www.linkedin.com/in/iam-harshit-gupta/)
+for reporting this issue.
+
+Fixes CVE-2025-58183
+For #75677
+Fixes #75710
+
+CVE: CVE-2025-58183
+Upstream-Status: Backport [https://github.com/golang/go/commit/613e746327381d820759ebea6ce722720b343556]
+
+Backport Changes:
+- The upstream fix includes a testdata tarball as a git binary diff.
+ However, quilt cannot apply git binary diffs and fails with the error:
+ "File src/archive/tar/testdata/gnu-sparse-many-zeros.tar.bz2:
+ git binary diffs are not supported."
+- As a result, the unnecessary bzip2 test file
+ src/archive/tar/testdata/gnu-sparse-many-zeros.tar.bz2
+ has been removed.
+- Furthermore, in src/archive/tar/reader_test.go, within the TestReader()
+ function, the test vector entry for testdata/gnu-sparse-many-zeros.tar.bz2
+ has been removed.
+
+Change-Id: I70b907b584a7b8676df8a149a1db728ae681a770
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2800
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Nicholas Husin <husin@google.com>
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2967
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/709843
+Reviewed-by: Carlos Amedee <carlos@golang.org>
+TryBot-Bypass: Michael Pratt <mpratt@google.com>
+Auto-Submit: Michael Pratt <mpratt@google.com>
+(cherry picked from commit 613e746327381d820759ebea6ce722720b343556)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ src/archive/tar/common.go | 1 +
+ src/archive/tar/reader.go | 9 +++++++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/archive/tar/common.go b/src/archive/tar/common.go
+index 4910908f81e..ec1b8668547 100644
+--- a/src/archive/tar/common.go
++++ b/src/archive/tar/common.go
+@@ -38,6 +38,7 @@ var (
+ errMissData = errors.New("archive/tar: sparse file references non-existent data")
+ errUnrefData = errors.New("archive/tar: sparse file contains unreferenced data")
+ errWriteHole = errors.New("archive/tar: write non-NUL byte in sparse hole")
++ errSparseTooLong = errors.New("archive/tar: sparse map too long")
+ )
+
+ type headerError []string
+diff --git a/src/archive/tar/reader.go b/src/archive/tar/reader.go
+index 0811779adda..71d0b20b76d 100644
+--- a/src/archive/tar/reader.go
++++ b/src/archive/tar/reader.go
+@@ -531,12 +531,17 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
+ cntNewline int64
+ buf bytes.Buffer
+ blk block
++ totalSize int
+ )
+
+ // feedTokens copies data in blocks from r into buf until there are
+ // at least cnt newlines in buf. It will not read more blocks than needed.
+ feedTokens := func(n int64) error {
+ for cntNewline < n {
++ totalSize += len(blk)
++ if totalSize > maxSpecialFileSize {
++ return errSparseTooLong
++ }
+ if _, err := mustReadFull(r, blk[:]); err != nil {
+ return err
+ }
+@@ -569,8 +574,8 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
+ }
+
+ // Parse for all member entries.
+- // numEntries is trusted after this since a potential attacker must have
+- // committed resources proportional to what this library used.
++ // numEntries is trusted after this since feedTokens limits the number of
++ // tokens based on maxSpecialFileSize.
+ if err := feedTokens(2 * numEntries); err != nil {
+ return nil, err
+ }
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 05/41] go: fix CVE-2026-25679
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (3 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 04/41] go: fix CVE-2025-58183 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 06/41] go: fix CVE-2026-32288 Yoann Congal
` (35 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This patch applies the upstream fix [1], as referenced in [2],
to address insufficient validation in `url.Parse`.
Debian marks older Go branches as not affected because the vulnerable
parseHost surface was introduced by the earlier CVE-2025-47912 fix.
This Scarthgap recipe already carries CVE-2025-47912.patch, so the
fix is applicable to the patched Go 1.22.12 source used here.
[1] https://github.com/golang/go/commit/d8174a9500d53784594b198f6195d1fae8dfe803
[2] https://security-tracker.debian.org/tracker/CVE-2026-25679
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-25679
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
.../go/go/CVE-2026-25679.patch | 74 +++++++++++++++++++
2 files changed, 75 insertions(+)
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-25679.patch
diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index f6feb1d0b5f..7d4274b4eb4 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -59,6 +59,7 @@ SRC_URI += "\
file://CVE-2026-42504.patch \
file://CVE-2026-42507.patch \
file://CVE-2025-58183.patch \
+ file://CVE-2026-25679.patch \
"
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go/CVE-2026-25679.patch b/meta/recipes-devtools/go/go/CVE-2026-25679.patch
new file mode 100644
index 00000000000..13800564f00
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2026-25679.patch
@@ -0,0 +1,74 @@
+From c8f96fce4d34123a920558a1a3f5c0ddf2bf678e Mon Sep 17 00:00:00 2001
+From: Ian Alexander <jitsu@google.com>
+Date: Wed, 28 Jan 2026 15:29:52 -0500
+Subject: [PATCH] [release-branch.go1.25] net/url: reject IPv6 literal not
+ at start of host
+
+This change rejects IPv6 literals that do not appear at the start of the
+host subcomponent of a URL.
+
+For example:
+ http://example.com[::1] -> rejects
+ http://[::1] -> accepts
+
+Thanks to Masaki Hara (https://github.com/qnighy) of Wantedly.
+
+Updates #77578
+Fixes #77969
+Fixes CVE-2026-25679
+
+CVE: CVE-2026-25679
+Upstream-Status: Backport [https://github.com/golang/go/commit/d8174a9500d53784594b198f6195d1fae8dfe803]
+
+Change-Id: I7109031880758f7c1eb4eca513323328feace33c
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3400
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3642
+Reviewed-on: https://go-review.googlesource.com/c/go/+/752100
+Reviewed-by: Cherry Mui <cherryyz@google.com>
+Auto-Submit: Gopher Robot <gobot@golang.org>
+TryBot-Bypass: Gopher Robot <gobot@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+(cherry picked from commit d8174a9500d53784594b198f6195d1fae8dfe803)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ src/net/url/url.go | 4 +++-
+ src/net/url/url_test.go | 6 ++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/net/url/url.go b/src/net/url/url.go
+index 5219e3c130b..ab59c63adfa 100644
+--- a/src/net/url/url.go
++++ b/src/net/url/url.go
+@@ -623,7 +623,9 @@ func parseAuthority(authority string) (user *Userinfo, host string, err error) {
+ // parseHost parses host as an authority without user
+ // information. That is, as host[:port].
+ func parseHost(host string) (string, error) {
+- if openBracketIdx := strings.LastIndex(host, "["); openBracketIdx != -1 {
++ if openBracketIdx := strings.LastIndex(host, "["); openBracketIdx > 0 {
++ return "", errors.New("invalid IP-literal")
++ } else if openBracketIdx == 0 {
+ // Parse an IP-Literal in RFC 3986 and RFC 6874.
+ // E.g., "[fe80::1]", "[fe80::1%25en0]", "[fe80::1]:80".
+ closeBracketIdx := strings.LastIndex(host, "]")
+diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go
+index b2f8bd95fcf..8ffbf075cb8 100644
+--- a/src/net/url/url_test.go
++++ b/src/net/url/url_test.go
+@@ -1722,6 +1722,12 @@ func TestParseErrors(t *testing.T) {
+ {"http://[fe80::1", true}, // missing closing bracket
+ {"http://fe80::1]/", true}, // missing opening bracket
+ {"http://[test.com]/", true}, // domain name in brackets
++ {"http://example.com[::1]", true}, // IPv6 literal doesn't start with '['
++ {"http://example.com[::1", true},
++ {"http://[::1", true},
++ {"http://.[::1]", true},
++ {"http:// [::1]", true},
++ {"hxxp://mathepqo[.]serveftp(.)com:9059", true},
+ }
+ for _, tt := range tests {
+ u, err := Parse(tt.in)
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 06/41] go: fix CVE-2026-32288
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (4 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 05/41] go: fix CVE-2026-25679 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 07/41] binutils: Fix CVE-2025-69644 Yoann Congal
` (34 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This patch applies the upstream fix [1], as referenced in [2],
to address unbounded sparse map handling in `archive/tar`.
[1] https://github.com/golang/go/commit/82b0cdb7411ea2cf02d3a45e6983cc7c8c009d9e
[2] https://security-tracker.debian.org/tracker/CVE-2026-32288
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-32288
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
.../go/go/CVE-2026-32288.patch | 162 ++++++++++++++++++
2 files changed, 163 insertions(+)
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32288.patch
diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index 7d4274b4eb4..f85104d6f15 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -60,6 +60,7 @@ SRC_URI += "\
file://CVE-2026-42507.patch \
file://CVE-2025-58183.patch \
file://CVE-2026-25679.patch \
+ file://CVE-2026-32288.patch \
"
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
diff --git a/meta/recipes-devtools/go/go/CVE-2026-32288.patch b/meta/recipes-devtools/go/go/CVE-2026-32288.patch
new file mode 100644
index 00000000000..a80029ede0a
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2026-32288.patch
@@ -0,0 +1,162 @@
+From 12bbeb57c20d32519c3f891b428c6f7765db8f55 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Mon, 23 Mar 2026 13:12:44 -0700
+Subject: [PATCH] [release-branch.go1.25] archive/tar: limit the number of
+ old GNU sparse format entries
+
+We did not set a limit on the maximum size of sparse maps in
+the old GNU sparse format. Set a limit based on the cumulative
+size of the extension blocks used to encode the map (consistent
+with how we limit the sparse map size for other formats).
+
+Add an additional limit to the total number of sparse file entries,
+regardless of encoding, to all sparse formats.
+
+Thanks to Colin Walters (walters@verbum.org),
+Uuganbayar Lkhamsuren (https://github.com/uug4na),
+and Jakub Ciolek for reporting this issue.
+
+Fixes #78301
+Fixes CVE-2026-32288
+
+CVE: CVE-2026-32288
+Upstream-Status: Backport [https://github.com/golang/go/commit/82b0cdb7411ea2cf02d3a45e6983cc7c8c009d9e]
+
+Change-Id: I84877345d7b41cc60c58771860ba70e16a6a6964
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3901
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4003
+Reviewed-by: Nicholas Husin <husin@google.com>
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/763554
+TryBot-Bypass: Gopher Robot <gobot@golang.org>
+Auto-Submit: Gopher Robot <gobot@golang.org>
+Reviewed-by: Junyang Shao <shaojunyang@google.com>
+Reviewed-by: David Chase <drchase@google.com>
+(cherry picked from commit 82b0cdb7411ea2cf02d3a45e6983cc7c8c009d9e)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ src/archive/tar/format.go | 6 ++++++
+ src/archive/tar/reader.go | 28 ++++++++++++++++++++++++----
+ src/archive/tar/reader_test.go | 11 +++++++++++
+ 3 files changed, 41 insertions(+), 4 deletions(-)
+
+diff --git a/src/archive/tar/format.go b/src/archive/tar/format.go
+index 9954b4d9f55..32e58a9d9b4 100644
+--- a/src/archive/tar/format.go
++++ b/src/archive/tar/format.go
+@@ -147,6 +147,12 @@ const (
+ // Max length of a special file (PAX header, GNU long name or link).
+ // This matches the limit used by libarchive.
+ maxSpecialFileSize = 1 << 20
++
++ // Maximum number of sparse file entries.
++ // We should never actually hit this limit
++ // (every sparse encoding will first be limited by maxSpecialFileSize),
++ // but this adds an additional layer of defense.
++ maxSparseFileEntries = 1 << 20
+ )
+
+ // blockPadding computes the number of bytes needed to pad offset up to the
+diff --git a/src/archive/tar/reader.go b/src/archive/tar/reader.go
+index 71d0b20b76d..3bb8d62106c 100644
+--- a/src/archive/tar/reader.go
++++ b/src/archive/tar/reader.go
+@@ -490,7 +490,8 @@ func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, err
+ }
+ s := blk.toGNU().sparse()
+ spd := make(sparseDatas, 0, s.maxEntries())
+- for {
++ totalSize := len(s)
++ for totalSize < maxSpecialFileSize {
+ for i := 0; i < s.maxEntries(); i++ {
+ // This termination condition is identical to GNU and BSD tar.
+ if s.entry(i).offset()[0] == 0x00 {
+@@ -501,7 +502,11 @@ func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, err
+ if p.err != nil {
+ return nil, p.err
+ }
+- spd = append(spd, sparseEntry{Offset: offset, Length: length})
++ var err error
++ spd, err = appendSparseEntry(spd, sparseEntry{Offset: offset, Length: length})
++ if err != nil {
++ return nil, err
++ }
+ }
+
+ if s.isExtended()[0] > 0 {
+@@ -510,10 +515,12 @@ func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, err
+ return nil, err
+ }
+ s = blk.toSparse()
++ totalSize += len(s)
+ continue
+ }
+ return spd, nil // Done
+ }
++ return nil, errSparseTooLong
+ }
+
+ // readGNUSparseMap1x0 reads the sparse map as stored in GNU's PAX sparse format
+@@ -586,7 +593,10 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
+ if err1 != nil || err2 != nil {
+ return nil, ErrHeader
+ }
+- spd = append(spd, sparseEntry{Offset: offset, Length: length})
++ spd, err = appendSparseEntry(spd, sparseEntry{Offset: offset, Length: length})
++ if err != nil {
++ return nil, err
++ }
+ }
+ return spd, nil
+ }
+@@ -620,12 +630,22 @@ func readGNUSparseMap0x1(paxHdrs map[string]string) (sparseDatas, error) {
+ if err1 != nil || err2 != nil {
+ return nil, ErrHeader
+ }
+- spd = append(spd, sparseEntry{Offset: offset, Length: length})
++ spd, err = appendSparseEntry(spd, sparseEntry{Offset: offset, Length: length})
++ if err != nil {
++ return nil, err
++ }
+ sparseMap = sparseMap[2:]
+ }
+ return spd, nil
+ }
+
++func appendSparseEntry(spd sparseDatas, ent sparseEntry) (sparseDatas, error) {
++ if len(spd) >= maxSparseFileEntries {
++ return nil, errSparseTooLong
++ }
++ return append(spd, ent), nil
++}
++
+ // Read reads from the current file in the tar archive.
+ // It returns (0, io.EOF) when it reaches the end of that file,
+ // until [Next] is called to advance to the next file.
+diff --git a/src/archive/tar/reader_test.go b/src/archive/tar/reader_test.go
+index 7e0462c3f88..4a527766ba8 100644
+--- a/src/archive/tar/reader_test.go
++++ b/src/archive/tar/reader_test.go
+@@ -1126,6 +1126,17 @@ func TestReadOldGNUSparseMap(t *testing.T) {
+ input: makeInput(FormatGNU, "",
+ makeSparseStrings(sparseDatas{{10 << 30, 512}, {20 << 30, 512}})...),
+ wantMap: sparseDatas{{10 << 30, 512}, {20 << 30, 512}},
++ }, {
++ input: makeInput(FormatGNU, "",
++ makeSparseStrings(func() sparseDatas {
++ var datas sparseDatas
++ // This is more than enough entries to exceed our limit.
++ for i := range int64(1 << 20) {
++ datas = append(datas, sparseEntry{i * 2, (i * 2) + 1})
++ }
++ return datas
++ }())...),
++ wantErr: errSparseTooLong,
+ }}
+
+ for i, v := range vectors {
+--
+2.35.6
+
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 07/41] binutils: Fix CVE-2025-69644
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (5 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 06/41] go: fix CVE-2026-32288 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 08/41] python3: Fix CVE-2026-3644 and CVE-2026-0672 Yoann Congal
` (33 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
This patch updates the existing CVE-2025-69647 backport metadata for
CVE-2025-69644. NVD records for CVE-2025-69644 and CVE-2025-69647
reference the same upstream binutils fix commit [1], and the public
CVE advisories are referenced in [2] and [3].
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69644
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-69647
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/binutils/binutils-2.42.inc | 2 +-
...VE-2025-69647.patch => CVE-2025-69644-CVE-2025-69647.patch} | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/binutils/binutils/{CVE-2025-69647.patch => CVE-2025-69644-CVE-2025-69647.patch} (96%)
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 1a865c45f4f..7e83f72632f 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -72,7 +72,7 @@ SRC_URI = "\
file://0028-CVE-2025-11494.patch \
file://0029-CVE-2025-11839.patch \
file://0030-CVE-2025-11840.patch \
- file://CVE-2025-69647.patch \
+ file://CVE-2025-69644-CVE-2025-69647.patch \
file://CVE-2025-69648.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69644-CVE-2025-69647.patch
similarity index 96%
rename from meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch
rename to meta/recipes-devtools/binutils/binutils/CVE-2025-69644-CVE-2025-69647.patch
index 8e3c1c79e7d..c6b3cefed2b 100644
--- a/meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69644-CVE-2025-69647.patch
@@ -12,11 +12,12 @@ length too.
length too small to read header. Limit length to section
size. Limit offset count similarly.
-CVE: CVE-2025-69647
+CVE: CVE-2025-69644 CVE-2025-69647
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7]
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
---
binutils/dwarf.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 08/41] python3: Fix CVE-2026-3644 and CVE-2026-0672
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (6 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 07/41] binutils: Fix CVE-2025-69644 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 09/41] python3: Fix CVE-2026-4519 and CVE-2026-4786 Yoann Congal
` (32 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
Apply the upstream v3.13 fix [1], as referenced in [2], to address
CVE-2026-3644 by rejecting control characters in http.cookies.Morsel.update(),
the |= operator, and unpickling paths.
CVE-2026-3644 [2] revealed the CVE-2026-0672 fix was incomplete, as
Morsel.update(), |=, and unpickling could bypass input validation. The fix
also adds output validation to BaseCookie.js_output(), matching the
control-character safeguards already present in BaseCookie.output().
[1] https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd
[2] https://security-tracker.debian.org/tracker/CVE-2026-3644
References:
https://security-tracker.debian.org/tracker/CVE-2026-3644
https://security-tracker.debian.org/tracker/CVE-2026-0672
https://nvd.nist.gov/vuln/detail/CVE-2026-3644
https://nvd.nist.gov/vuln/detail/CVE-2026-0672
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python3/CVE-2026-3644_CVE-2026-0672.patch | 154 ++++++++++++++++++
.../python/python3_3.12.13.bb | 1 +
2 files changed, 155 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-3644_CVE-2026-0672.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2026-3644_CVE-2026-0672.patch b/meta/recipes-devtools/python/python3/CVE-2026-3644_CVE-2026-0672.patch
new file mode 100644
index 00000000000..42d8133a183
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-3644_CVE-2026-0672.patch
@@ -0,0 +1,154 @@
+From 6e291d2eba0b6820bc924e68f1db750328bf6c75 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 16 Mar 2026 15:05:13 +0100
+Subject: [PATCH] [3.13] gh-145599, CVE 2026-3644: Reject control
+ characters in `http.cookies.Morsel.update()` (GH-145600) (#146024)
+
+gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (GH-145600)
+
+Reject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.
+
+CVE: CVE-2026-3644 CVE-2026-0672
+Upstream-Status: Backport [https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd]
+
+Backport Changes:
+- This file is not present in the current version and is therefore omitted
+ Misc/NEWS.d/next/Security/2026-03-06-17-03-38.gh-issue-145599.kchwZV.rst
+
+(cherry picked from commit 57e88c1cf95e1481b94ae57abe1010469d47a6b4)
+
+Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
+Co-authored-by: Victor Stinner <vstinner@python.org>
+Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
+(cherry picked from commit d16ecc6c3626f0e2cc8f08c309c83934e8a979dd)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/http/cookies.py | 24 ++++++++++++++++++----
+ Lib/test/test_http_cookies.py | 38 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 58 insertions(+), 4 deletions(-)
+
+diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
+index d0a69cbe191..63d119ad46c 100644
+--- a/Lib/http/cookies.py
++++ b/Lib/http/cookies.py
+@@ -335,9 +335,16 @@ class Morsel(dict):
+ key = key.lower()
+ if key not in self._reserved:
+ raise CookieError("Invalid attribute %r" % (key,))
++ if _has_control_character(key, val):
++ raise CookieError("Control characters are not allowed in "
++ f"cookies {key!r} {val!r}")
+ data[key] = val
+ dict.update(self, data)
+
++ def __ior__(self, values):
++ self.update(values)
++ return self
++
+ def isReservedKey(self, K):
+ return K.lower() in self._reserved
+
+@@ -363,9 +370,15 @@ class Morsel(dict):
+ }
+
+ def __setstate__(self, state):
+- self._key = state['key']
+- self._value = state['value']
+- self._coded_value = state['coded_value']
++ key = state['key']
++ value = state['value']
++ coded_value = state['coded_value']
++ if _has_control_character(key, value, coded_value):
++ raise CookieError("Control characters are not allowed in cookies "
++ f"{key!r} {value!r} {coded_value!r}")
++ self._key = key
++ self._value = value
++ self._coded_value = coded_value
+
+ def output(self, attrs=None, header="Set-Cookie:"):
+ return "%s %s" % (header, self.OutputString(attrs))
+@@ -377,13 +390,16 @@ class Morsel(dict):
+
+ def js_output(self, attrs=None):
+ # Print javascript
++ output_string = self.OutputString(attrs)
++ if _has_control_character(output_string):
++ raise CookieError("Control characters are not allowed in cookies")
+ return """
+ <script type="text/javascript">
+ <!-- begin hiding
+ document.cookie = \"%s\";
+ // end hiding -->
+ </script>
+- """ % (self.OutputString(attrs).replace('"', r'\"'))
++ """ % (output_string.replace('"', r'\"'))
+
+ def OutputString(self, attrs=None):
+ # Build up our result
+diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
+index f196bcc48e3..2478a6c630f 100644
+--- a/Lib/test/test_http_cookies.py
++++ b/Lib/test/test_http_cookies.py
+@@ -573,6 +573,14 @@ class MorselTests(unittest.TestCase):
+ with self.assertRaises(cookies.CookieError):
+ morsel["path"] = c0
+
++ # .__setstate__()
++ with self.assertRaises(cookies.CookieError):
++ morsel.__setstate__({'key': c0, 'value': 'val', 'coded_value': 'coded'})
++ with self.assertRaises(cookies.CookieError):
++ morsel.__setstate__({'key': 'key', 'value': c0, 'coded_value': 'coded'})
++ with self.assertRaises(cookies.CookieError):
++ morsel.__setstate__({'key': 'key', 'value': 'val', 'coded_value': c0})
++
+ # .setdefault()
+ with self.assertRaises(cookies.CookieError):
+ morsel.setdefault("path", c0)
+@@ -587,6 +595,18 @@ class MorselTests(unittest.TestCase):
+ with self.assertRaises(cookies.CookieError):
+ morsel.set("path", "val", c0)
+
++ # .update()
++ with self.assertRaises(cookies.CookieError):
++ morsel.update({"path": c0})
++ with self.assertRaises(cookies.CookieError):
++ morsel.update({c0: "val"})
++
++ # .__ior__()
++ with self.assertRaises(cookies.CookieError):
++ morsel |= {"path": c0}
++ with self.assertRaises(cookies.CookieError):
++ morsel |= {c0: "val"}
++
+ def test_control_characters_output(self):
+ # Tests that even if the internals of Morsel are modified
+ # that a call to .output() has control character safeguards.
+@@ -607,6 +627,24 @@ class MorselTests(unittest.TestCase):
+ with self.assertRaises(cookies.CookieError):
+ cookie.output()
+
++ # Tests that .js_output() also has control character safeguards.
++ for c0 in support.control_characters_c0():
++ morsel = cookies.Morsel()
++ morsel.set("key", "value", "coded-value")
++ morsel._key = c0 # Override private variable.
++ cookie = cookies.SimpleCookie()
++ cookie["cookie"] = morsel
++ with self.assertRaises(cookies.CookieError):
++ cookie.js_output()
++
++ morsel = cookies.Morsel()
++ morsel.set("key", "value", "coded-value")
++ morsel._coded_value = c0 # Override private variable.
++ cookie = cookies.SimpleCookie()
++ cookie["cookie"] = morsel
++ with self.assertRaises(cookies.CookieError):
++ cookie.js_output()
++
+
+ def load_tests(loader, tests, pattern):
+ tests.addTest(doctest.DocTestSuite(cookies))
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index 4865178572c..c59d9fba80d 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-test_readline-skip-limited-history-test.patch \
file://CVE-2026-1502.patch \
file://CVE-2026-6100.patch \
+ file://CVE-2026-3644_CVE-2026-0672.patch \
"
SRC_URI:append:class-native = " \
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 09/41] python3: Fix CVE-2026-4519 and CVE-2026-4786
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (7 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 08/41] python3: Fix CVE-2026-3644 and CVE-2026-0672 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 10/41] python3: Fix CVE-2026-6019 Yoann Congal
` (31 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
Apply the upstream v3.12 fix [1], aligned with the original v3.11 fix [2],
and follow-up fix [3] to address CVE-2026-4519 by disallowing URLs with
leading dashes when invoking browser commands, as referenced in [5].
CVE-2026-4786 [6] revealed the CVE-2026-4519 fix was incomplete, as %action
in URLs could bypass dash-prefix checks. Apply follow-up fix [4], noted in
[5], to revalidate the URL after %action expansion.
[1] https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48
[2] https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03
[3] https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c
[4] https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
[5] https://security-tracker.debian.org/tracker/CVE-2026-4519
[6] https://security-tracker.debian.org/tracker/CVE-2026-4786
References:
https://nvd.nist.gov/vuln/detail/CVE-2026-4519
https://nvd.nist.gov/vuln/detail/CVE-2026-4786
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python3/CVE-2026-4519_CVE-2026-4786.patch | 66 ++++++++
.../python/python3/CVE-2026-4519_p1.patch | 107 ++++++++++++
.../python/python3/CVE-2026-4519_p2.patch | 159 ++++++++++++++++++
.../python/python3_3.12.13.bb | 3 +
4 files changed, 335 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4519_CVE-2026-4786.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4519_p1.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4519_p2.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2026-4519_CVE-2026-4786.patch b/meta/recipes-devtools/python/python3/CVE-2026-4519_CVE-2026-4786.patch
new file mode 100644
index 00000000000..6a4714f25ae
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-4519_CVE-2026-4786.patch
@@ -0,0 +1,66 @@
+From b9af29b9f2f880cdcdc49a1460743680f59dcb4e Mon Sep 17 00:00:00 2001
+From: Stan Ulbrych <stan@python.org>
+Date: Mon, 13 Apr 2026 22:41:51 +0100
+Subject: [PATCH] [3.11] gh-148169: Fix webbrowser `%action` substitution
+ bypass of dash-prefix check (GH-148170) (#148520)
+
+CVE: CVE-2026-4519 CVE-2026-4786
+Upstream-Status: Backport [https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769]
+
+Backport Changes:
+- This file is not present in the current version and is therefore omitted.
+ Misc/NEWS.d/next/Security/2026-03-31-09-15-51.gh-issue-148169.EZJzz2.rst
+
+(cherry picked from commit d22922c8a7958353689dc4763dd72da2dea03fff)
+(cherry picked from commit f4654824ae0850ac87227fb270f9057477946769)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/test/test_webbrowser.py | 8 ++++++++
+ Lib/webbrowser.py | 5 +++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/Lib/test/test_webbrowser.py b/Lib/test/test_webbrowser.py
+index c9bf525360d..1d21f133725 100644
+--- a/Lib/test/test_webbrowser.py
++++ b/Lib/test/test_webbrowser.py
+@@ -103,6 +103,14 @@ class ChromeCommandTest(CommandTestMixin, unittest.TestCase):
+ options=[],
+ arguments=[URL])
+
++ def test_reject_action_dash_prefixes(self):
++ browser = self.browser_class(name=CMD_NAME)
++ with self.assertRaises(ValueError):
++ browser.open('%action--incognito')
++ # new=1: action is "--new-window", so "%action" itself expands to
++ # a dash-prefixed flag even with no dash in the original URL.
++ with self.assertRaises(ValueError):
++ browser.open('%action', new=1)
+
+ class EdgeCommandTest(CommandTestMixin, unittest.TestCase):
+
+diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py
+index 000e89275b7..97c4eec9080 100755
+--- a/Lib/webbrowser.py
++++ b/Lib/webbrowser.py
+@@ -268,7 +268,6 @@ class UnixBrowser(BaseBrowser):
+
+ def open(self, url, new=0, autoraise=True):
+ sys.audit("webbrowser.open", url)
+- self._check_url(url)
+ if new == 0:
+ action = self.remote_action
+ elif new == 1:
+@@ -282,7 +281,9 @@ class UnixBrowser(BaseBrowser):
+ raise Error("Bad 'new' parameter to open(); " +
+ "expected 0, 1, or 2, got %s" % new)
+
+- args = [arg.replace("%s", url).replace("%action", action)
++ self._check_url(url.replace("%action", action))
++
++ args = [arg.replace("%action", action).replace("%s", url)
+ for arg in self.remote_args]
+ args = [arg for arg in args if arg]
+ success = self._invoke(args, True, autoraise, url)
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3/CVE-2026-4519_p1.patch b/meta/recipes-devtools/python/python3/CVE-2026-4519_p1.patch
new file mode 100644
index 00000000000..1514d2c5414
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-4519_p1.patch
@@ -0,0 +1,107 @@
+From 7df48dd3c6330611a04d85a5159c0ea424dc1e62 Mon Sep 17 00:00:00 2001
+From: Pinky <pinky00ch@gmail.com>
+Date: Wed, 25 Mar 2026 01:02:37 +0530
+Subject: [PATCH] [3.12] gh-143930: Reject leading dashes in webbrowser
+ URLs (GH-146360)
+
+CVE: CVE-2026-4519
+Upstream-Status: Backport [https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48]
+
+Backport Changes:
+- This file is not present in the current version and is therefore omitted
+ Misc/NEWS.d/next/Security/2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst
+
+(cherry picked from commit 82a24a4442312bdcfc4c799885e8b3e00990f02b)
+
+Co-authored-by: Seth Michael Larson <seth@python.org>
+(cherry picked from commit cbba6119391112aba9c5aebf7b94aea447922c48)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/test/test_webbrowser.py | 5 +++++
+ Lib/webbrowser.py | 12 ++++++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/Lib/test/test_webbrowser.py b/Lib/test/test_webbrowser.py
+index 2d695bc8831..60f094fd6a1 100644
+--- a/Lib/test/test_webbrowser.py
++++ b/Lib/test/test_webbrowser.py
+@@ -59,6 +59,11 @@ class GenericBrowserCommandTest(CommandTestMixin, unittest.TestCase):
+ options=[],
+ arguments=[URL])
+
++ def test_reject_dash_prefixes(self):
++ browser = self.browser_class(name=CMD_NAME)
++ with self.assertRaises(ValueError):
++ browser.open(f"--key=val {URL}")
++
+
+ class BackgroundBrowserCommandTest(CommandTestMixin, unittest.TestCase):
+
+diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py
+index 13b9e85f9e1..0bdb644d7db 100755
+--- a/Lib/webbrowser.py
++++ b/Lib/webbrowser.py
+@@ -158,6 +158,12 @@ class BaseBrowser(object):
+ def open_new_tab(self, url):
+ return self.open(url, 2)
+
++ @staticmethod
++ def _check_url(url):
++ """Ensures that the URL is safe to pass to subprocesses as a parameter"""
++ if url and url.lstrip().startswith("-"):
++ raise ValueError(f"Invalid URL: {url}")
++
+
+ class GenericBrowser(BaseBrowser):
+ """Class for all browsers started with a command
+@@ -175,6 +181,7 @@ class GenericBrowser(BaseBrowser):
+
+ def open(self, url, new=0, autoraise=True):
+ sys.audit("webbrowser.open", url)
++ self._check_url(url)
+ cmdline = [self.name] + [arg.replace("%s", url)
+ for arg in self.args]
+ try:
+@@ -195,6 +202,7 @@ class BackgroundBrowser(GenericBrowser):
+ cmdline = [self.name] + [arg.replace("%s", url)
+ for arg in self.args]
+ sys.audit("webbrowser.open", url)
++ self._check_url(url)
+ try:
+ if sys.platform[:3] == 'win':
+ p = subprocess.Popen(cmdline)
+@@ -260,6 +268,7 @@ class UnixBrowser(BaseBrowser):
+
+ def open(self, url, new=0, autoraise=True):
+ sys.audit("webbrowser.open", url)
++ self._check_url(url)
+ if new == 0:
+ action = self.remote_action
+ elif new == 1:
+@@ -350,6 +359,7 @@ class Konqueror(BaseBrowser):
+
+ def open(self, url, new=0, autoraise=True):
+ sys.audit("webbrowser.open", url)
++ self._check_url(url)
+ # XXX Currently I know no way to prevent KFM from opening a new win.
+ if new == 2:
+ action = "newTab"
+@@ -554,6 +564,7 @@ if sys.platform[:3] == "win":
+ class WindowsDefault(BaseBrowser):
+ def open(self, url, new=0, autoraise=True):
+ sys.audit("webbrowser.open", url)
++ self._check_url(url)
+ try:
+ os.startfile(url)
+ except OSError:
+@@ -638,6 +649,7 @@ if sys.platform == 'darwin':
+
+ def open(self, url, new=0, autoraise=True):
+ sys.audit("webbrowser.open", url)
++ self._check_url(url)
+ if self.name == 'default':
+ script = 'open location "%s"' % url.replace('"', '%22') # opens in default browser
+ else:
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3/CVE-2026-4519_p2.patch b/meta/recipes-devtools/python/python3/CVE-2026-4519_p2.patch
new file mode 100644
index 00000000000..7ee145e5e80
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-4519_p2.patch
@@ -0,0 +1,159 @@
+From 3ca64ff1722d2410a4e50e760de70f6279fa99fa Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Sat, 4 Apr 2026 00:53:49 +0200
+Subject: [PATCH] [3.11] gh-143930: Tweak the exception message and
+ increase test coverage (GH-146476) (GH-148045) (GH-148051) (GH-148052)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2026-4519
+Upstream-Status: Backport [https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c]
+
+Backport Changes:
+- This file is not present in the current version and is therefore omitted.
+ Misc/NEWS.d/next/Security/2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst
+- The file introduced in v3.12 by this commit;
+ https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48
+
+(cherry picked from commit cc023511238ad93ecc8796157c6f9139a2bb2932)
+(cherry picked from commit 89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4)
+(cherry picked from commit 3681d47a440865aead912a054d4599087b4270dd)
+
+Co-authored-by: Łukasz Langa <lukasz@langa.pl>
+(cherry picked from commit 96fc5048605863c7b6fd6289643feb0e97edd96c)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/test/test_webbrowser.py | 81 ++++++++++++++++++++++++++++++++++---
+ Lib/webbrowser.py | 2 +-
+ 2 files changed, 76 insertions(+), 7 deletions(-)
+
+diff --git a/Lib/test/test_webbrowser.py b/Lib/test/test_webbrowser.py
+index 60f094fd6a1..c9bf525360d 100644
+--- a/Lib/test/test_webbrowser.py
++++ b/Lib/test/test_webbrowser.py
+@@ -1,6 +1,7 @@
++import io
++import os
+ import webbrowser
+ import unittest
+-import os
+ import sys
+ import subprocess
+ from unittest import mock
+@@ -49,6 +50,14 @@ class CommandTestMixin:
+ popen_args.pop(popen_args.index(option))
+ self.assertEqual(popen_args, arguments)
+
++ def test_reject_dash_prefixes(self):
++ browser = self.browser_class(name=CMD_NAME)
++ with self.assertRaisesRegex(
++ ValueError,
++ r"^Invalid URL \(leading dash disallowed\): '--key=val http.*'$"
++ ):
++ browser.open(f"--key=val {URL}")
++
+
+ class GenericBrowserCommandTest(CommandTestMixin, unittest.TestCase):
+
+@@ -59,11 +68,6 @@ class GenericBrowserCommandTest(CommandTestMixin, unittest.TestCase):
+ options=[],
+ arguments=[URL])
+
+- def test_reject_dash_prefixes(self):
+- browser = self.browser_class(name=CMD_NAME)
+- with self.assertRaises(ValueError):
+- browser.open(f"--key=val {URL}")
+-
+
+ class BackgroundBrowserCommandTest(CommandTestMixin, unittest.TestCase):
+
+@@ -224,6 +228,71 @@ class ELinksCommandTest(CommandTestMixin, unittest.TestCase):
+ arguments=['openURL({},new-tab)'.format(URL)])
+
+
++class MockPopenPipe:
++ def __init__(self, cmd, mode):
++ self.cmd = cmd
++ self.mode = mode
++ self.pipe = io.StringIO()
++ self._closed = False
++
++ def write(self, buf):
++ self.pipe.write(buf)
++
++ def close(self):
++ self._closed = True
++ return None
++
++
++@unittest.skipUnless(sys.platform == "darwin", "macOS specific test")
++class MacOSXOSAScriptTest(unittest.TestCase):
++ def setUp(self):
++ # Ensure that 'BROWSER' is not set to 'open' or something else.
++ # See: https://github.com/python/cpython/issues/131254.
++ env = self.enterContext(os_helper.EnvironmentVarGuard())
++ env.unset("BROWSER")
++
++ support.patch(self, os, "popen", self.mock_popen)
++ self.browser = webbrowser.MacOSXOSAScript("default")
++
++ def mock_popen(self, cmd, mode):
++ self.popen_pipe = MockPopenPipe(cmd, mode)
++ return self.popen_pipe
++
++ def test_default(self):
++ browser = webbrowser.get()
++ assert isinstance(browser, webbrowser.MacOSXOSAScript)
++ self.assertEqual(browser.name, "default")
++
++ def test_default_open(self):
++ url = "https://python.org"
++ self.browser.open(url)
++ self.assertTrue(self.popen_pipe._closed)
++ self.assertEqual(self.popen_pipe.cmd, "osascript")
++ script = self.popen_pipe.pipe.getvalue()
++ self.assertEqual(script.strip(), f'open location "{url}"')
++
++ def test_url_quote(self):
++ self.browser.open('https://python.org/"quote"')
++ script = self.popen_pipe.pipe.getvalue()
++ self.assertEqual(
++ script.strip(), 'open location "https://python.org/%22quote%22"'
++ )
++
++ def test_explicit_browser(self):
++ browser = webbrowser.MacOSXOSAScript("safari")
++ browser.open("https://python.org")
++ script = self.popen_pipe.pipe.getvalue()
++ self.assertIn('tell application "safari"', script)
++ self.assertIn('open location "https://python.org"', script)
++
++ def test_reject_dash_prefixes(self):
++ with self.assertRaisesRegex(
++ ValueError,
++ r"^Invalid URL \(leading dash disallowed\): '--key=val http.*'$"
++ ):
++ self.browser.open(f"--key=val {URL}")
++
++
+ class BrowserRegistrationTest(unittest.TestCase):
+
+ def setUp(self):
+diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py
+index 0bdb644d7db..000e89275b7 100755
+--- a/Lib/webbrowser.py
++++ b/Lib/webbrowser.py
+@@ -162,7 +162,7 @@ class BaseBrowser(object):
+ def _check_url(url):
+ """Ensures that the URL is safe to pass to subprocesses as a parameter"""
+ if url and url.lstrip().startswith("-"):
+- raise ValueError(f"Invalid URL: {url}")
++ raise ValueError(f"Invalid URL (leading dash disallowed): {url!r}")
+
+
+ class GenericBrowser(BaseBrowser):
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index c59d9fba80d..ec9ea94824e 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -37,6 +37,9 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://CVE-2026-1502.patch \
file://CVE-2026-6100.patch \
file://CVE-2026-3644_CVE-2026-0672.patch \
+ file://CVE-2026-4519_p1.patch \
+ file://CVE-2026-4519_p2.patch \
+ file://CVE-2026-4519_CVE-2026-4786.patch \
"
SRC_URI:append:class-native = " \
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 10/41] python3: Fix CVE-2026-6019
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (8 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 09/41] python3: Fix CVE-2026-4519 and CVE-2026-4786 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 11/41] python3: Fix CVE-2025-13462 Yoann Congal
` (30 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This patch applies the upstream fix [1] and follow-up fix [2], as
referenced in [3] and [4], to address an http.cookies.Morsel.js_output()
flaw where inline JavaScript output escaped quotes but did not neutralize
the HTML parser-sensitive </script> sequence.
[1] https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c
[2] https://github.com/python/cpython/commit/e7d4c3ff421916986223690a8425d2383f6f3802
[3] https://github.com/python/cpython/issues/149144
[4] https://security-tracker.debian.org/tracker/CVE-2026-6019
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-6019
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python/python3/CVE-2026-6019_p1.patch | 133 ++++++++++++++++++
.../python/python3/CVE-2026-6019_p2.patch | 129 +++++++++++++++++
.../python/python3_3.12.13.bb | 2 +
3 files changed, 264 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6019_p1.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6019_p2.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2026-6019_p1.patch b/meta/recipes-devtools/python/python3/CVE-2026-6019_p1.patch
new file mode 100644
index 00000000000..78b01574c91
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-6019_p1.patch
@@ -0,0 +1,133 @@
+From be751c3f3a11d40c2133bee5fb6ab6931df31936 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Thu, 23 Apr 2026 15:05:17 +0200
+Subject: [PATCH] [3.13] gh-90309: Base64-encode cookie values embedded in
+ JS (GH-148888)
+
+CVE: CVE-2026-6019
+Upstream-Status: Backport [https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c]
+
+Backport Changes:
+- This file is not present in the current version and is therefore omitted.
+ Misc/NEWS.d/next/Security/2026-04-21-13-46-30.gh-issue-90309.srvj9q.rst
+
+(cherry picked from commit 76b3923d688c0efc580658476c5f525ec8735104)
+
+Co-authored-by: Seth Larson <seth@python.org>
+(cherry picked from commit 3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/http/cookies.py | 8 ++++++--
+ Lib/test/test_http_cookies.py | 29 ++++++++++++++++++-----------
+ 2 files changed, 24 insertions(+), 13 deletions(-)
+
+diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
+index 63d119ad46c..aebc2a163e4 100644
+--- a/Lib/http/cookies.py
++++ b/Lib/http/cookies.py
+@@ -389,17 +389,21 @@ class Morsel(dict):
+ return '<%s: %s>' % (self.__class__.__name__, self.OutputString())
+
+ def js_output(self, attrs=None):
++ import base64
+ # Print javascript
+ output_string = self.OutputString(attrs)
+ if _has_control_character(output_string):
+ raise CookieError("Control characters are not allowed in cookies")
++ # Base64-encode value to avoid template
++ # injection in cookie values.
++ output_encoded = base64.b64encode(output_string.encode('utf-8')).decode("ascii")
+ return """
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = \"%s\";
++ document.cookie = atob(\"%s\");
+ // end hiding -->
+ </script>
+- """ % (output_string.replace('"', r'\"'))
++ """ % (output_encoded,)
+
+ def OutputString(self, attrs=None):
+ # Build up our result
+diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
+index 2478a6c630f..6aa5df068f9 100644
+--- a/Lib/test/test_http_cookies.py
++++ b/Lib/test/test_http_cookies.py
+@@ -1,5 +1,5 @@
+ # Simple test suite for http/cookies.py
+-
++import base64
+ import copy
+ import unittest
+ import doctest
+@@ -152,17 +152,19 @@ class CookieTests(unittest.TestCase):
+
+ self.assertEqual(C.output(['path']),
+ 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
+- self.assertEqual(C.js_output(), r"""
++ cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE"; Path=/acme; Version=1').decode('ascii')
++ self.assertEqual(C.js_output(), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1";
++ document.cookie = atob("{cookie_encoded}");
+ // end hiding -->
+ </script>
+ """)
+- self.assertEqual(C.js_output(['path']), r"""
++ cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE"; Path=/acme').decode('ascii')
++ self.assertEqual(C.js_output(['path']), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme";
++ document.cookie = atob("{cookie_encoded}");
+ // end hiding -->
+ </script>
+ """)
+@@ -259,17 +261,19 @@ class CookieTests(unittest.TestCase):
+
+ self.assertEqual(C.output(['path']),
+ 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
+- self.assertEqual(C.js_output(), r"""
++ expected_encoded_cookie = base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1').decode('ascii')
++ self.assertEqual(C.js_output(), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1";
++ document.cookie = atob("{expected_encoded_cookie}");
+ // end hiding -->
+ </script>
+ """)
+- self.assertEqual(C.js_output(['path']), r"""
++ expected_encoded_cookie = base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme').decode('ascii')
++ self.assertEqual(C.js_output(['path']), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme";
++ document.cookie = atob("{expected_encoded_cookie}");
+ // end hiding -->
+ </script>
+ """)
+@@ -360,13 +364,16 @@ class MorselTests(unittest.TestCase):
+ self.assertEqual(
+ M.output(),
+ "Set-Cookie: %s=%s; Path=/foo" % (i, "%s_coded_val" % i))
++ expected_encoded_cookie = base64.b64encode(
++ ("%s=%s; Path=/foo" % (i, "%s_coded_val" % i)).encode("ascii")
++ ).decode('ascii')
+ expected_js_output = """
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = "%s=%s; Path=/foo";
++ document.cookie = atob("%s");
+ // end hiding -->
+ </script>
+- """ % (i, "%s_coded_val" % i)
++ """ % (expected_encoded_cookie,)
+ self.assertEqual(M.js_output(), expected_js_output)
+ for i in ["foo bar", "foo@bar"]:
+ # Try some illegal characters
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3/CVE-2026-6019_p2.patch b/meta/recipes-devtools/python/python3/CVE-2026-6019_p2.patch
new file mode 100644
index 00000000000..0646bd2133f
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-6019_p2.patch
@@ -0,0 +1,129 @@
+From de449bbc6ff4ce869c17fb551dacc69de25d73a9 Mon Sep 17 00:00:00 2001
+From: Stan Ulbrych <stan@python.org>
+Date: Mon, 8 Jun 2026 20:15:21 +0100
+Subject: [PATCH] [3.13] gh-149144: Use `decodeURIComponent()` for UTF-8
+ support in `js_output()` (GH-149157) (#150949)
+
+CVE: CVE-2026-6019
+Upstream-Status: Backport [https://github.com/python/cpython/commit/e7d4c3ff421916986223690a8425d2383f6f3802]
+
+Co-authored-by: Seth Larson <seth@python.org>
+(cherry picked from commit e7d4c3ff421916986223690a8425d2383f6f3802)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/http/cookies.py | 6 +++---
+ Lib/test/test_http_cookies.py | 27 ++++++++++++++-------------
+ 2 files changed, 17 insertions(+), 16 deletions(-)
+
+diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
+index aebc2a163e4..2cffa2a9ad6 100644
+--- a/Lib/http/cookies.py
++++ b/Lib/http/cookies.py
+@@ -389,18 +389,18 @@ class Morsel(dict):
+ return '<%s: %s>' % (self.__class__.__name__, self.OutputString())
+
+ def js_output(self, attrs=None):
+- import base64
++ import urllib.parse
+ # Print javascript
+ output_string = self.OutputString(attrs)
+ if _has_control_character(output_string):
+ raise CookieError("Control characters are not allowed in cookies")
+ # Base64-encode value to avoid template
+ # injection in cookie values.
+- output_encoded = base64.b64encode(output_string.encode('utf-8')).decode("ascii")
++ output_encoded = urllib.parse.quote(output_string, safe='', encoding='utf-8')
+ return """
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = atob(\"%s\");
++ document.cookie = decodeURIComponent(\"%s\");
+ // end hiding -->
+ </script>
+ """ % (output_encoded,)
+diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
+index 6aa5df068f9..b9cc59cd1db 100644
+--- a/Lib/test/test_http_cookies.py
++++ b/Lib/test/test_http_cookies.py
+@@ -1,10 +1,10 @@
+ # Simple test suite for http/cookies.py
+-import base64
+ import copy
+ import unittest
+ import doctest
+ from http import cookies
+ import pickle
++import urllib.parse
+ from test import support
+
+
+@@ -152,19 +152,19 @@ class CookieTests(unittest.TestCase):
+
+ self.assertEqual(C.output(['path']),
+ 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
+- cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE"; Path=/acme; Version=1').decode('ascii')
++ cookie_encoded = urllib.parse.quote('Customer="WILE_E_COYOTE"; Path=/acme; Version=1', safe='', encoding='utf-8')
+ self.assertEqual(C.js_output(), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = atob("{cookie_encoded}");
++ document.cookie = decodeURIComponent("{cookie_encoded}");
+ // end hiding -->
+ </script>
+ """)
+- cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE"; Path=/acme').decode('ascii')
++ cookie_encoded = urllib.parse.quote('Customer="WILE_E_COYOTE"; Path=/acme', safe='', encoding='utf-8')
+ self.assertEqual(C.js_output(['path']), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = atob("{cookie_encoded}");
++ document.cookie = decodeURIComponent("{cookie_encoded}");
+ // end hiding -->
+ </script>
+ """)
+@@ -261,19 +261,19 @@ class CookieTests(unittest.TestCase):
+
+ self.assertEqual(C.output(['path']),
+ 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
+- expected_encoded_cookie = base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1').decode('ascii')
++ expected_encoded_cookie = urllib.parse.quote('Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1', safe='', encoding='utf-8')
+ self.assertEqual(C.js_output(), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = atob("{expected_encoded_cookie}");
++ document.cookie = decodeURIComponent("{expected_encoded_cookie}");
+ // end hiding -->
+ </script>
+ """)
+- expected_encoded_cookie = base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme').decode('ascii')
++ expected_encoded_cookie = urllib.parse.quote('Customer=\"WILE_E_COYOTE\"; Path=/acme', safe='', encoding='utf-8')
+ self.assertEqual(C.js_output(['path']), fr"""
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = atob("{expected_encoded_cookie}");
++ document.cookie = decodeURIComponent("{expected_encoded_cookie}");
+ // end hiding -->
+ </script>
+ """)
+@@ -364,13 +364,14 @@ class MorselTests(unittest.TestCase):
+ self.assertEqual(
+ M.output(),
+ "Set-Cookie: %s=%s; Path=/foo" % (i, "%s_coded_val" % i))
+- expected_encoded_cookie = base64.b64encode(
+- ("%s=%s; Path=/foo" % (i, "%s_coded_val" % i)).encode("ascii")
+- ).decode('ascii')
++ expected_encoded_cookie = urllib.parse.quote(
++ "%s=%s; Path=/foo" % (i, "%s_coded_val" % i),
++ safe='', encoding='utf-8',
++ )
+ expected_js_output = """
+ <script type="text/javascript">
+ <!-- begin hiding
+- document.cookie = atob("%s");
++ document.cookie = decodeURIComponent("%s");
+ // end hiding -->
+ </script>
+ """ % (expected_encoded_cookie,)
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index ec9ea94824e..be080c6a362 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -40,6 +40,8 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://CVE-2026-4519_p1.patch \
file://CVE-2026-4519_p2.patch \
file://CVE-2026-4519_CVE-2026-4786.patch \
+ file://CVE-2026-6019_p1.patch \
+ file://CVE-2026-6019_p2.patch \
"
SRC_URI:append:class-native = " \
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 11/41] python3: Fix CVE-2025-13462
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (9 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 10/41] python3: Fix CVE-2026-6019 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 12/41] qemu: Fix CVE-2024-6519 Yoann Congal
` (29 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
Apply the upstream v3.12 fix [1], aligned with the original v3.13 fix [2],
to address incorrect tarfile handling where GNU long name follow-up headers
could be normalized as directories, as referenced in [3].
[1] https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084
[2] https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7
[3] https://security-tracker.debian.org/tracker/CVE-2025-13462
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-13462
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../python/python3/CVE-2025-13462.patch | 142 ++++++++++++++++++
.../python/python3_3.12.13.bb | 1 +
2 files changed, 143 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13462.patch
diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13462.patch b/meta/recipes-devtools/python/python3/CVE-2025-13462.patch
new file mode 100644
index 00000000000..36d492338ba
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2025-13462.patch
@@ -0,0 +1,142 @@
+From 14d7d2e8f51a17c23c98f13f33743253a0b7a18a Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 18 May 2026 19:43:51 +0200
+Subject: [PATCH] [3.12] gh-141707: Skip TarInfo DIRTYPE normalization during
+ GNU long name handling (#145817)
+
+gh-141707: Skip TarInfo DIRTYPE normalization during GNU long name handling
+
+CVE: CVE-2025-13462
+Upstream-Status: Backport [https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084]
+
+Backport Changes:
+- This file is not present in the current version and is therefore omitted
+ Misc/NEWS.d/next/Library/2025-11-18-06-35-53.gh-issue-141707.DBmQIy.rst
+
+(cherry picked from commit 42d754e34c06e57ad6b8e7f92f32af679912d8ab)
+
+Co-authored-by: Seth Michael Larson <seth@python.org>
+Co-authored-by: Eashwar Ranganathan <eashwar@eashwar.com>
+(cherry picked from commit d10950739a78f54d0718d88fb5a868374603c084)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ Lib/tarfile.py | 29 +++++++++++++++++++++++++----
+ Lib/test/test_tarfile.py | 19 +++++++++++++++++++
+ Misc/ACKS | 1 +
+ 3 files changed, 45 insertions(+), 4 deletions(-)
+
+diff --git a/Lib/tarfile.py b/Lib/tarfile.py
+index 99451aa765..70fdbe85b0 100755
+--- a/Lib/tarfile.py
++++ b/Lib/tarfile.py
+@@ -1246,6 +1246,20 @@ class TarInfo(object):
+ @classmethod
+ def frombuf(cls, buf, encoding, errors):
+ """Construct a TarInfo object from a 512 byte bytes object.
++
++ To support the old v7 tar format AREGTYPE headers are
++ transformed to DIRTYPE headers if their name ends in '/'.
++ """
++ return cls._frombuf(buf, encoding, errors)
++
++ @classmethod
++ def _frombuf(cls, buf, encoding, errors, *, dircheck=True):
++ """Construct a TarInfo object from a 512 byte bytes object.
++
++ If ``dircheck`` is set to ``True`` then ``AREGTYPE`` headers will
++ be normalized to ``DIRTYPE`` if the name ends in a trailing slash.
++ ``dircheck`` must be set to ``False`` if this function is called
++ on a follow-up header such as ``GNUTYPE_LONGNAME``.
+ """
+ if len(buf) == 0:
+ raise EmptyHeaderError("empty header")
+@@ -1276,7 +1290,7 @@ class TarInfo(object):
+
+ # Old V7 tar format represents a directory as a regular
+ # file with a trailing slash.
+- if obj.type == AREGTYPE and obj.name.endswith("/"):
++ if dircheck and obj.type == AREGTYPE and obj.name.endswith("/"):
+ obj.type = DIRTYPE
+
+ # The old GNU sparse format occupies some of the unused
+@@ -1311,8 +1325,15 @@ class TarInfo(object):
+ """Return the next TarInfo object from TarFile object
+ tarfile.
+ """
++ return cls._fromtarfile(tarfile)
++
++ @classmethod
++ def _fromtarfile(cls, tarfile, *, dircheck=True):
++ """
++ See dircheck documentation in _frombuf().
++ """
+ buf = tarfile.fileobj.read(BLOCKSIZE)
+- obj = cls.frombuf(buf, tarfile.encoding, tarfile.errors)
++ obj = cls._frombuf(buf, tarfile.encoding, tarfile.errors, dircheck=dircheck)
+ obj.offset = tarfile.fileobj.tell() - BLOCKSIZE
+ return obj._proc_member(tarfile)
+
+@@ -1370,7 +1391,7 @@ class TarInfo(object):
+
+ # Fetch the next header and process it.
+ try:
+- next = self.fromtarfile(tarfile)
++ next = self._fromtarfile(tarfile, dircheck=False)
+ except HeaderError as e:
+ raise SubsequentHeaderError(str(e)) from None
+
+@@ -1505,7 +1526,7 @@ class TarInfo(object):
+
+ # Fetch the next header.
+ try:
+- next = self.fromtarfile(tarfile)
++ next = self._fromtarfile(tarfile, dircheck=False)
+ except HeaderError as e:
+ raise SubsequentHeaderError(str(e)) from None
+
+diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
+index 759fa03ead..82637841ed 100644
+--- a/Lib/test/test_tarfile.py
++++ b/Lib/test/test_tarfile.py
+@@ -1134,6 +1134,25 @@ class LongnameTest:
+ self.assertIsNotNone(tar.getmember(longdir))
+ self.assertIsNotNone(tar.getmember(longdir.removesuffix('/')))
+
++ def test_longname_file_not_directory(self):
++ # Test reading a longname file and ensure it is not handled as a directory
++ # Issue #141707
++ buf = io.BytesIO()
++ with tarfile.open(mode='w', fileobj=buf, format=self.format) as tar:
++ ti = tarfile.TarInfo()
++ ti.type = tarfile.AREGTYPE
++ ti.name = ('a' * 99) + '/' + ('b' * 3)
++ tar.addfile(ti)
++
++ expected = {t.name: t.type for t in tar.getmembers()}
++
++ buf.seek(0)
++ with tarfile.open(mode='r', fileobj=buf) as tar:
++ actual = {t.name: t.type for t in tar.getmembers()}
++
++ self.assertEqual(expected, actual)
++
++
+ class GNUReadTest(LongnameTest, ReadTest, unittest.TestCase):
+
+ subdir = "gnu"
+diff --git a/Misc/ACKS b/Misc/ACKS
+index a6e63a991f..30d5f99ebb 100644
+--- a/Misc/ACKS
++++ b/Misc/ACKS
+@@ -1492,6 +1492,7 @@ Dhushyanth Ramasamy
+ Ashwin Ramaswami
+ Jeff Ramnani
+ Bayard Randel
++Eashwar Ranganathan
+ Varpu Rantala
+ Brodie Rao
+ Rémi Rampin
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index be080c6a362..3e28a3942bd 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -42,6 +42,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://CVE-2026-4519_CVE-2026-4786.patch \
file://CVE-2026-6019_p1.patch \
file://CVE-2026-6019_p2.patch \
+ file://CVE-2025-13462.patch \
"
SRC_URI:append:class-native = " \
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 12/41] qemu: Fix CVE-2024-6519
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (10 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 11/41] python3: Fix CVE-2025-13462 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 13/41] dpkg: Fix CVE-2026-2219 Yoann Congal
` (28 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Deepak Rathore <deeratho@cisco.com>
This patch applies the upstream v11.0.0-rc2 backport for
CVE-2024-6519. The upstream fix commit is referenced in [1],
and the public CVE advisory is referenced in [2]. The individual
backported commit link is recorded in the embedded patch header.
[1] https://gitlab.com/qemu-project/qemu/-/commit/4862d2c95104d9fd0430cc003c205094f8ada1f9
[2] https://security-tracker.debian.org/tracker/CVE-2024-6519
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2024-6519.patch | 51 +++++++++++++++++++
2 files changed, 52 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index b688c2bd125..ff8877e54b7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -47,6 +47,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0002-python-backport-avoid-creating-additional-event-loop.patch \
file://CVE-2025-11234-01.patch \
file://CVE-2025-11234-02.patch \
+ file://CVE-2024-6519.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch
new file mode 100644
index 00000000000..431afbbc60a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch
@@ -0,0 +1,51 @@
+From 86bc714d9d02a23ea6be878febdc327bbfc9ff50 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 27 Mar 2026 17:37:31 +0100
+Subject: [PATCH] lsi53c895a: keep a reference to the device while SCRIPTS
+ execute
+
+SCRIPTS execution can trigger PCI device unplug and consequently
+a use-after-free after the unplug returns. Avoid this by keeping
+the device alive.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3090
+
+CVE: CVE-2024-6519
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4862d2c95104d9fd0430cc003c205094f8ada1f9]
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 4862d2c95104d9fd0430cc003c205094f8ada1f9)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ hw/scsi/lsi53c895a.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index 4d0c5fcd9b7..37dd38d7a87 100644
+--- a/hw/scsi/lsi53c895a.c
++++ b/hw/scsi/lsi53c895a.c
+@@ -1158,6 +1158,7 @@ static void lsi_execute_script(LSIState *s)
+ s->waiting = LSI_NOWAIT;
+ }
+
++ object_ref(s);
+ reentrancy_level++;
+
+ s->istat1 |= LSI_ISTAT1_SRUN;
+@@ -1177,6 +1178,7 @@ again:
+ s->waiting = LSI_WAIT_SCRIPTS;
+ lsi_scripts_timer_start(s);
+ reentrancy_level--;
++ object_unref(s);
+ return;
+ }
+ insn = read_dword(s, s->dsp);
+@@ -1625,6 +1627,7 @@ again:
+ trace_lsi_execute_script_stop();
+
+ reentrancy_level--;
++ object_unref(s);
+ }
+
+ static uint8_t lsi_reg_readb(LSIState *s, int offset)
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 13/41] dpkg: Fix CVE-2026-2219
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (11 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 12/41] qemu: Fix CVE-2024-6519 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 14/41] libsolv: fix CVE-2026-9150 Yoann Congal
` (27 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Shubham Pushpkar <spushpka@cisco.com>
This patch applies the upstream fix as referenced in [2], using the
commit shown in [1].
[1] https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-2219
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../dpkg/dpkg/CVE-2026-2219.patch | 47 +++++++++++++++++++
meta/recipes-devtools/dpkg/dpkg_1.22.0.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2026-2219.patch
diff --git a/meta/recipes-devtools/dpkg/dpkg/CVE-2026-2219.patch b/meta/recipes-devtools/dpkg/dpkg/CVE-2026-2219.patch
new file mode 100644
index 00000000000..779ab924de6
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg/CVE-2026-2219.patch
@@ -0,0 +1,47 @@
+From 6610297a62c0780dd0e80b0e302ef64fdcc9d313 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@debian.org>
+Date: Sat, 7 Feb 2026 00:57:55 +0100
+Subject: [PATCH] libdpkg: Terminate zstd decompression when we have no more
+ data
+
+We should be checking whether the input buffer is zero-sized, and then
+mark the stream as finished. Otherwise the zstd implementation does not
+detect that as an end of stream situation and we get stuck in an
+infinite loop spinning the CPU. This means the decompression process
+in dpkg-deb does not terminate, so no EPIPE gets generated and the
+other processes that are part of the unpacking do not stop either.
+
+Reported-by: Yashashree Gund <yash_gund@live.com>
+Fixes: commit 2c2f7066bd8c3209762762fa6905fa567b08ca5a
+Fixes: CVE-2026-2219
+Closes: #1129722
+Stable-Candidate: 1.21.x 1.22.x
+
+CVE: CVE-2026-2219
+Upstream-Status: Backport [https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313]
+
+(cherry picked from commit 6610297a62c0780dd0e80b0e302ef64fdcc9d313)
+Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
+---
+ lib/dpkg/compress.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/dpkg/compress.c b/lib/dpkg/compress.c
+index adf26ea7..bf73affe 100644
+--- a/lib/dpkg/compress.c
++++ b/lib/dpkg/compress.c
+@@ -1070,6 +1070,11 @@ filter_unzstd_code(struct io_zstd *io, struct io_zstd_stream *s)
+ ZSTD_outBuffer buf_out = { s->next_out, s->avail_out, 0 };
+ size_t ret;
+
++ if (buf_in.size == 0) {
++ s->status = DPKG_STREAM_END;
++ return;
++ }
++
+ ret = ZSTD_decompressStream(s->ctx.d, &buf_out, &buf_in);
+ if (ZSTD_isError(ret))
+ filter_zstd_error(io, ret);
+--
+2.35.6
+
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.22.0.bb b/meta/recipes-devtools/dpkg/dpkg_1.22.0.bb
index 41f51235085..16162ca926f 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.22.0.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.22.0.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main
file://pager.patch \
file://0001-Add-support-for-riscv32-CPU.patch \
file://CVE-2025-6297.patch \
+ file://CVE-2026-2219.patch \
"
SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 14/41] libsolv: fix CVE-2026-9150
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (12 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 13/41] dpkg: Fix CVE-2026-2219 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 15/41] openssl: upgrade 3.5.6 -> 3.5.7 Yoann Congal
` (26 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Backport patch to fix CVE-2026-9150.
https://nvd.nist.gov/vuln/detail/CVE-2026-9150
Upstream fix:
https://github.com/openSUSE/libsolv/pull/616
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libsolv/libsolv/CVE-2026-9150.patch | 68 +++++++++++++++++++
.../libsolv/libsolv_0.7.28.bb | 1 +
2 files changed, 69 insertions(+)
create mode 100644 meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
diff --git a/meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch b/meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
new file mode 100644
index 00000000000..4903edb5998
--- /dev/null
+++ b/meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
@@ -0,0 +1,68 @@
+From bea261fd0924ecd5c7e5579f460133ec023c6def Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Wed, 22 Apr 2026 09:18:29 +0200
+Subject: [PATCH] Fix a buffer overflow when copying SHA-384/512 checksum from
+ a Debian repository
+
+When parsing Debian repository, control2solvable() copies a package
+checksum string from the repository into a stack-allocated "char
+checksum[32 * 2 + 1]" array.
+
+If the repository defined a SHA384 or SHA512 tag, a buffer overflow
+occured (as can be seen when compiling libsolv with CFLAGS='-O0 -g
+-fsanitize=address') because those tag values are longer:
+
+ $ cat /tmp/Packages
+ Package: p
+ Version: 1
+ Architecture: all
+ SHA512: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+ $ /tmp/b/tools/deb2solv -r /tmp/Packages
+ =================================================================
+ ==3695==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7b685ecf0071 at pc 0x7f6861683722 b
+ p 0x7fff37e3e7a0 sp 0x7fff37e3df60
+ WRITE of size 129 at 0x7b685ecf0071 thread T0
+ #0 0x7f6861683721 in strcpy.part.0 (/lib64/libasan.so.8+0x83721) (BuildId: 80bfc4ae44fdec6ef5fecfb01e2b57d28660991c)
+ #1 0x7f6861d7f34d in control2solvable /home/test/libsolv/ext/repo_deb.c:491
+ #2 0x7f6861d804ea in repo_add_debpackages /home/test/libsolv/ext/repo_deb.c:622
+ #3 0x000000400fd5 in main /home/test/libsolv/tools/deb2solv.c:134
+ #4 0x7f686123c680 in __libc_start_call_main (/lib64/libc.so.6+0x3680) (BuildId: c04494d63bca865bedf571a4075ef8867ccf9fa9)
+ #5 0x7f686123c797 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x3797) (BuildId: c04494d63bca865bedf571a4075ef8867ccf9fa9)
+ #6 0x000000400694 in _start (/tmp/b/tools/deb2solv+0x400694) (BuildId: a3350337819a51edd0c75293970d3458b5033bc9)
+
+ Address 0x7b685ecf0071 is located in stack of thread T0 at offset 113 in frame
+ #0 0x7f6861d7de2a in control2solvable /home/test/libsolv/ext/repo_deb.c:365
+
+ This frame has 1 object(s):
+ [48, 113) 'checksum' (line 371) <== Memory access at offset 113 overflows this variable
+
+This patch fixes it by enlarging the buffer to accomodate the longest
+supported digest string.
+
+This flaw was introduced with c8164bfecf2ba8bcf4c24329534d3104f19da73c
+commit ("[ABI BREAKAGE] add support for SHA224/384/512").
+
+Reported by Aisle Research.
+
+CVE: CVE-2026-9150
+Upstream-Status: Backport [https://github.com/openSUSE/libsolv/commit/c5b5db52aebde00bdeacecf4d0569c217ab3187d]
+
+Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+---
+ ext/repo_deb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/repo_deb.c b/ext/repo_deb.c
+index d400f959..25eaf8cb 100644
+--- a/ext/repo_deb.c
++++ b/ext/repo_deb.c
+@@ -368,7 +368,7 @@ control2solvable(Solvable *s, Repodata *data, char *control)
+ char *p, *q, *end, *tag;
+ int x, l;
+ int havesource = 0;
+- char checksum[32 * 2 + 1];
++ char checksum[64 * 2 + 1];
+ Id checksumtype = 0;
+ Id newtype;
+
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.28.bb b/meta/recipes-extended/libsolv/libsolv_0.7.28.bb
index 201059323aa..63534dce260 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.28.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.28.bb
@@ -10,6 +10,7 @@ DEPENDS = "expat zlib zstd"
SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \
file://0001-utils-Conside-musl-when-wrapping-qsort_r.patch \
+ file://CVE-2026-9150.patch \
"
SRCREV = "c8dbb3a77c86600ce09d4f80a504cf4e78a3c359"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 15/41] openssl: upgrade 3.5.6 -> 3.5.7
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (13 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 14/41] libsolv: fix CVE-2026-9150 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 16/41] libinput: fix for CVE-2026-50292 Yoann Congal
` (25 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Release information [1]:
OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed in this release is High.
This release incorporates the following bug fixes and mitigations:
* Fixed heap use-after-free in PKCS7_verify(). (CVE-2026-45447)
* Fixed CMS AuthEnvelopedData processing may accept forged messages. (CVE-2026-34182)
* Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler. (CVE-2026-34183)
* Fixed NULL pointer dereference in QUIC server initial packet handling. (CVE-2026-42764)
* Fixed AES-OCB IV ignored on EVP_Cipher() path. (CVE-2026-45445)
* Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. (CVE-2026-7383)
* Fixed out-of-bounds read in CMS password-based decryption. (CVE-2026-9076)
* Fixed heap buffer over-read in ASN.1 content parsing. (CVE-2026-34180)
* Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. (CVE-2026-34181)
* Fixed possible NULL dereference in password-dased CMS decryption. (CVE-2026-42766)
* Fixed NULL pointer dereference in CRMF EncryptedValue decryption. (CVE-2026-42767)
* Fixed multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt(). (CVE-2026-42768)
* Fixed trust anchor substitution via cert/issuer typo in CMP rootCaKeyUpdate. (CVE-2026-42769)
* Fixed FFC-DH peer validation uses attacker-supplied q. (CVE-2026-42770)
* Fixed incorrect tag processing for empty messages in AES-GCM-SIV and AES-SIV modes. (CVE-2026-45446)
Refreshed patches.
Installed new test files to pass ptests.
[1] https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-356-and-openssl-357-9-jun-2026
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 9365ac47f994a7d6be92b8c011c51ecf48e8ef87)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../openssl/0001-Configure-do-not-tweak-mips-cflags.patch | 2 +-
.../openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} (98%)
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
index cf5ff356ee7..cd8906df675 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -20,7 +20,7 @@ diff --git a/Configure b/Configure
index fff97bd..5ee54c1 100755
--- a/Configure
+++ b/Configure
-@@ -1552,16 +1552,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
+@@ -1557,16 +1557,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
push @{$config{shared_ldflag}}, "-mno-cygwin";
}
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb
similarity index 98%
rename from meta/recipes-connectivity/openssl/openssl_3.5.6.bb
rename to meta/recipes-connectivity/openssl/openssl_3.5.7.bb
index 3bf78eff5c2..0b8e8afec81 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-openssl.sh \
"
-SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736"
+SRC_URI[sha256sum] = "a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8"
inherit lib_package multilib_header multilib_script ptest perlnative manpages
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -215,7 +215,7 @@ do_install_ptest() {
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
cd ${S}
- find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
+ find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs test/smime-eml -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \;
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 16/41] libinput: fix for CVE-2026-50292
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (14 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 15/41] openssl: upgrade 3.5.6 -> 3.5.7 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 17/41] gdb: backport a patch to fix static_assert in recent GCC Yoann Congal
` (24 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1] & [2] also mentioned at Debian report in [3].
[1] https://gitlab.freedesktop.org/libinput/libinput/-/commit/fc2262e1c1847021239065e84f39f15492ef05cc
[2] https://gitlab.freedesktop.org/libinput/libinput/-/commit/b2bde9504d42a5976d76e1f27c640dc561fbd99b
[3] https://security-tracker.debian.org/tracker/CVE-2026-50292
More details :
1. https://nvd.nist.gov/vuln/detail/CVE-2026-50292
2. https://www.openwall.com/lists/oss-security/2026/06/04/5
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../wayland/libinput/CVE-2026-50292-01.patch | 109 ++++++++++++++++++
.../wayland/libinput/CVE-2026-50292-02.patch | 99 ++++++++++++++++
.../wayland/libinput_1.25.0.bb | 2 +
3 files changed, 210 insertions(+)
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2026-50292-01.patch
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2026-50292-02.patch
diff --git a/meta/recipes-graphics/wayland/libinput/CVE-2026-50292-01.patch b/meta/recipes-graphics/wayland/libinput/CVE-2026-50292-01.patch
new file mode 100644
index 00000000000..35b2734d7a5
--- /dev/null
+++ b/meta/recipes-graphics/wayland/libinput/CVE-2026-50292-01.patch
@@ -0,0 +1,109 @@
+From fc2262e1c1847021239065e84f39f15492ef05cc Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 1 Jun 2026 10:12:29 +1000
+Subject: [PATCH] util: sanitize control characters in str_sanitize()
+
+str_sanitize() only escaped '%' characters for format string safety.
+Device names from uinput devices can contain arbitrary bytes including
+ANSI escape sequences (ESC, 0x1b) and other control characters. When
+these strings are included in log messages and printed to a terminal,
+the escape sequences are interpreted by the terminal emulator. This
+could allow an attacker to manipulate terminal output (change colors,
+set window title, clear screen) when an administrator views libinput
+logs.
+
+Replace all control characters (0x00-0x1f and 0x7f) with '?' in
+addition to the existing '%' escaping. This prevents terminal escape
+sequence injection through device names in log output.
+
+Assisted-by: Claude:claude-opus-4-6
+(cherry picked from commit 71a2c5cae2a80a1e3bb29e3f3a07ccc3f3de5acb)
+
+Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1489>
+
+CVE: CVE-2026-50292
+Upstream-Status: Backport [https://gitlab.freedesktop.org/libinput/libinput/-/commit/fc2262e1c1847021239065e84f39f15492ef05cc]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/util-strings.h | 30 +++++++++++++++++++++++-------
+ test/test-utils.c | 10 ++++++++++
+ 2 files changed, 33 insertions(+), 7 deletions(-)
+
+diff --git a/src/util-strings.h b/src/util-strings.h
+index b0916815..3429ec9c 100644
+--- a/src/util-strings.h
++++ b/src/util-strings.h
+@@ -456,26 +456,42 @@ trunkname(const char *filename);
+
+ /**
+ * Return a copy of str with all % converted to %% to make the string
+- * acceptable as printf format.
++ * acceptable as printf format, and all non-NUL control characters
++ * (bytes 0x01-0x1f, 0x7f) replaced with '?' to prevent terminal
++ * escape sequence injection. NUL bytes are excluded implicitly
++ * because the string is null-terminated.
+ */
+ static inline char *
+ str_sanitize(const char *str)
+ {
+ if (!str)
+ return NULL;
++ size_t slen = strlen(str);
++ slen = min(slen, 512);
+
+- if (!strchr(str, '%'))
++ bool needs_sanitization = false;
++ for (size_t i = 0; i < slen; i++) {
++ unsigned char c = str[i];
++ if (c == '%' || c < 0x20 || c == 0x7f) {
++ needs_sanitization = true;
++ break;
++ }
++ }
++ if (!needs_sanitization)
+ return strdup(str);
+-
+- size_t slen = min(strlen(str), 512);
+ char *sanitized = zalloc(2 * slen + 1);
+ const char *src = str;
+ char *dst = sanitized;
+-
+ for (size_t i = 0; i < slen; i++) {
+- if (*src == '%')
++ unsigned char c = *src++;
++ if (c == '%') {
+ *dst++ = '%';
+- *dst++ = *src++;
++ *dst++ = '%';
++ } else if (c < 0x20 || c == 0x7f) {
++ *dst++ = '?';
++ } else {
++ *dst++ = c;
++ }
+ }
+ *dst = '\0';
+
+diff --git a/test/test-utils.c b/test/test-utils.c
+index fa307031..88aede23 100644
+--- a/test/test-utils.c
++++ b/test/test-utils.c
+@@ -1388,6 +1388,16 @@ START_TEST(strsanitize_test)
+ { "x %", "x %%" },
+ { "%sx", "%%sx" },
+ { "%s%s", "%%s%%s" },
++ { "\t", "?" },
++ { "\n", "?" },
++ { "\r", "?" },
++ { "\x1b[31m", "?[31m" },
++ { "foo\tbar", "foo?bar" },
++ { "foo\nbar", "foo?bar" },
++ { "\x01\x1f\x7f", "???" },
++ { "clean", "clean" },
++ { "a\x1b[0mb", "a?[0mb" },
++ { "%\n", "%%?" },
+ { NULL, NULL },
+ };
+
+--
+2.50.1
+
diff --git a/meta/recipes-graphics/wayland/libinput/CVE-2026-50292-02.patch b/meta/recipes-graphics/wayland/libinput/CVE-2026-50292-02.patch
new file mode 100644
index 00000000000..f78c9f90663
--- /dev/null
+++ b/meta/recipes-graphics/wayland/libinput/CVE-2026-50292-02.patch
@@ -0,0 +1,99 @@
+From b2bde9504d42a5976d76e1f27c640dc561fbd99b Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 1 Jun 2026 10:48:24 +1000
+Subject: [PATCH] libinput-device-group: sanitize phys before printing it
+
+Bug: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1296
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-50292
+
+A malicious uinput device could set the phys value (via UI_SET_PHYS)
+to contain a '\n'. When the value is printed as part of the device group
+the udev rules will interpret it as separate property.
+
+Depending on the property this can cause local privilege escalation.
+
+Closes #1296
+
+Found-by: Csome
+(cherry picked from commit 76f0d8a7f57e2868882864b4611281f12f704b55)
+
+Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1489>
+
+CVE: CVE-2026-50292
+Upstream-Status: Backport [https://gitlab.freedesktop.org/libinput/libinput/-/commit/b2bde9504d42a5976d76e1f27c640dc561fbd99b]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ udev/libinput-device-group.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/udev/libinput-device-group.c b/udev/libinput-device-group.c
+index 3da904e0..d0522685 100644
+--- a/udev/libinput-device-group.c
++++ b/udev/libinput-device-group.c
+@@ -109,7 +109,8 @@ wacom_handle_ekr(struct udev_device *device,
+
+ udev_list_entry_foreach(entry, udev_enumerate_get_list_entry(e)) {
+ struct udev_device *d;
+- const char *path, *phys;
++ char *phys = NULL;
++ const char *path;
+ const char *pidstr, *vidstr;
+ int pid, vid, dist;
+
+@@ -124,7 +125,7 @@ wacom_handle_ekr(struct udev_device *device,
+
+ vidstr = udev_device_get_property_value(d, "ID_VENDOR_ID");
+ pidstr = udev_device_get_property_value(d, "ID_MODEL_ID");
+- phys = udev_device_get_sysattr_value(d, "phys");
++ phys = str_sanitize(udev_device_get_sysattr_value(d, "phys"));
+
+ if (vidstr && pidstr && phys &&
+ safe_atoi_base(vidstr, &vid, 16) &&
+@@ -138,11 +139,13 @@ wacom_handle_ekr(struct udev_device *device,
+ best_dist = dist;
+
+ free(*phys_attr);
+- *phys_attr = safe_strdup(phys);
++ *phys_attr = phys;
++ phys = NULL;
+ }
+ }
+
+ udev_device_unref(d);
++ free(phys);
+ }
+
+ udev_enumerate_unref(e);
+@@ -154,8 +157,8 @@ int main(int argc, char **argv)
+ int rc = 1;
+ struct udev *udev = NULL;
+ struct udev_device *device = NULL;
+- const char *syspath,
+- *phys = NULL;
++ char *phys = NULL;
++ const char *syspath = NULL;
+ const char *product;
+ int bustype, vendor_id, product_id, version;
+ char group[1024];
+@@ -179,8 +182,7 @@ int main(int argc, char **argv)
+ * bit and use the remainder as device group identifier */
+ while (device != NULL) {
+ struct udev_device *parent;
+-
+- phys = udev_device_get_sysattr_value(device, "phys");
++ phys = str_sanitize(udev_device_get_sysattr_value(device, "phys"));
+ if (phys)
+ break;
+
+@@ -249,6 +251,8 @@ int main(int argc, char **argv)
+
+ printf("LIBINPUT_DEVICE_GROUP=%s\n", group);
+
++ free(phys);
++
+ rc = 0;
+ out:
+ if (device)
+--
+2.50.1
+
diff --git a/meta/recipes-graphics/wayland/libinput_1.25.0.bb b/meta/recipes-graphics/wayland/libinput_1.25.0.bb
index 894858e3617..1a33d16f3a6 100644
--- a/meta/recipes-graphics/wayland/libinput_1.25.0.bb
+++ b/meta/recipes-graphics/wayland/libinput_1.25.0.bb
@@ -14,6 +14,8 @@ DEPENDS = "libevdev udev mtdev"
SRC_URI = "git://gitlab.freedesktop.org/libinput/libinput.git;protocol=https;branch=main \
file://run-ptest \
+ file://CVE-2026-50292-01.patch \
+ file://CVE-2026-50292-02.patch \
"
SRCREV = "3fd38d89276b679ac3565efd7c2150fd047902cb"
S = "${WORKDIR}/git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 17/41] gdb: backport a patch to fix static_assert in recent GCC
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (15 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 16/41] libinput: fix for CVE-2026-50292 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 18/41] oeqa/core/runner: stub addDuration in OETestResult Yoann Congal
` (23 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
On Ubuntu 26.04, gcc 15.2 defaults to --std=gnu23 in which static_assert
is a keyword, and not a macro to define like with older GCC. This make
MIPS64 code in gdb fail to compile with:
| In file included from ../../gdb-14.2/opcodes/mips16-opc.c:25:
| ../../gdb-14.2/opcodes/mips16-opc.c: In function ‘decode_mips16_operand’:
| ../../gdb-14.2/opcodes/mips-formats.h:86:7: error: expected identifier or ‘(’ before ‘static_assert’
| 86 | static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
| | ^~~~~~~~~~~~~
| ../../gdb-14.2/opcodes/mips16-opc.c:52:15: note: in expansion of macro ‘MAPPED_REG’
| 52 | case '.': MAPPED_REG (0, 0, GP, reg_0_map);
| | ^~~~~~~~~~
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/gdb/gdb.inc | 1 +
...gnu23-compatibility-wrt-static_asser.patch | 75 +++++++++++++++++++
2 files changed, 76 insertions(+)
create mode 100644 meta/recipes-devtools/gdb/gdb/0001-opcodes-fix-std-gnu23-compatibility-wrt-static_asser.patch
diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc
index 81ac441462a..d806a66ac43 100644
--- a/meta/recipes-devtools/gdb/gdb.inc
+++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -13,5 +13,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
file://0006-resolve-restrict-keyword-conflict.patch \
file://0007-Fix-invalid-sigprocmask-call.patch \
file://0008-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
+ file://0001-opcodes-fix-std-gnu23-compatibility-wrt-static_asser.patch \
"
SRC_URI[sha256sum] = "2d4dd8061d8ded12b6c63f55e45344881e8226105f4d2a9b234040efa5ce7772"
diff --git a/meta/recipes-devtools/gdb/gdb/0001-opcodes-fix-std-gnu23-compatibility-wrt-static_asser.patch b/meta/recipes-devtools/gdb/gdb/0001-opcodes-fix-std-gnu23-compatibility-wrt-static_asser.patch
new file mode 100644
index 00000000000..d0d4aa5bd20
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0001-opcodes-fix-std-gnu23-compatibility-wrt-static_asser.patch
@@ -0,0 +1,75 @@
+From 2b8d72efbe1af100ea4dad4c976b2d3a1fbad676 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Sat, 16 Nov 2024 05:03:52 +0000
+Subject: [PATCH] opcodes: fix -std=gnu23 compatibility wrt static_assert
+
+
+static_assert is declared in C23 so we can't reuse that identifier:
+* Define our own static_assert conditionally;
+
+* Rename "static assert" hacks to _N as we do already in some places
+ to avoid a conflict.
+
+ChangeLog:
+ PR ld/32372
+
+ * i386-gen.c (static_assert): Define conditionally.
+ * mips-formats.h (MAPPED_INT): Rename identifier.
+ (MAPPED_REG): Rename identifier.
+ (OPTIONAL_MAPPED_REG): Rename identifier.
+ * s390-opc.c (static_assert): Define conditionally.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ebe62f3f0d27806b1bf69f301f5e188b4acd2b4]
+Backport:
+* No static_assert to patch in this version of s390-opc.c.
+Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
+---
+ opcodes/i386-gen.c | 2 ++
+ opcodes/mips-formats.h | 6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/opcodes/i386-gen.c b/opcodes/i386-gen.c
+index cfc5a7a6172..d5901b9667d 100644
+--- a/opcodes/i386-gen.c
++++ b/opcodes/i386-gen.c
+@@ -30,7 +30,9 @@
+
+ /* Build-time checks are preferrable over runtime ones. Use this construct
+ in preference where possible. */
++#ifndef static_assert
+ #define static_assert(e) ((void)sizeof (struct { int _:1 - 2 * !(e); }))
++#endif
+
+ static const char *program_name = NULL;
+ static int debug = 0;
+diff --git a/opcodes/mips-formats.h b/opcodes/mips-formats.h
+index ac73f060a3e..790e23f1783 100644
+--- a/opcodes/mips-formats.h
++++ b/opcodes/mips-formats.h
+@@ -49,7 +49,7 @@
+ #define MAPPED_INT(SIZE, LSB, MAP, PRINT_HEX) \
+ { \
+ typedef char ATTRIBUTE_UNUSED \
+- static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
++ static_assert_3[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
+ static const struct mips_mapped_int_operand op = { \
+ { OP_MAPPED_INT, SIZE, LSB }, MAP, PRINT_HEX \
+ }; \
+@@ -83,7 +83,7 @@
+ #define MAPPED_REG(SIZE, LSB, BANK, MAP) \
+ { \
+ typedef char ATTRIBUTE_UNUSED \
+- static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
++ static_assert_4[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
+ static const struct mips_reg_operand op = { \
+ { OP_REG, SIZE, LSB }, OP_REG_##BANK, MAP \
+ }; \
+@@ -93,7 +93,7 @@
+ #define OPTIONAL_MAPPED_REG(SIZE, LSB, BANK, MAP) \
+ { \
+ typedef char ATTRIBUTE_UNUSED \
+- static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
++ static_assert_5[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
+ static const struct mips_reg_operand op = { \
+ { OP_OPTIONAL_REG, SIZE, LSB }, OP_REG_##BANK, MAP \
+ }; \
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 18/41] oeqa/core/runner: stub addDuration in OETestResult
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (16 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 17/41] gdb: backport a patch to fix static_assert in recent GCC Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 19/41] classes/gtk-icon-cache: fix libdir passed to the postrm intercept Yoann Congal
` (22 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
We have a custom TestResult implementation, and Python 3.12 added a new
method addDuration() to the TestResult interface. This would be useful
to implement correctly, but for now stub it out to silence the warning
when running under Python 3.12:
/usr/lib64/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
warnings.warn("TestResult has no addDuration method",
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2d6fff81b34476b890f6943997615fbf8d3d133f)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/core/runner.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/lib/oeqa/core/runner.py b/meta/lib/oeqa/core/runner.py
index b683d9b80a7..0d2bc3a3ed0 100644
--- a/meta/lib/oeqa/core/runner.py
+++ b/meta/lib/oeqa/core/runner.py
@@ -78,6 +78,10 @@ class OETestResult(_TestResult):
self.shownmsg.append(test.id())
break
+ # Python 3.12 added this, stub it out for now
+ def addDuration(self, test, elapsed):
+ pass
+
def logSummary(self, component, context_msg=''):
elapsed_time = self.tc._run_end_time - self.tc._run_start_time
self.tc.logger.info("SUMMARY:")
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 19/41] classes/gtk-icon-cache: fix libdir passed to the postrm intercept
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (17 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 18/41] oeqa/core/runner: stub addDuration in OETestResult Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 20/41] python3: CVE-2026-3087 not applicable Yoann Congal
` (21 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Back in 2015[1] I fixed the libdir passed to the postinst intercept, but
I forgot to also update the postrm intercept. This should also be
libdir_native, not libdir.
[ YOCTO #13896 ]
[1] oe-core 0fe8400717 ("gtk-icon-cache: pass the native libdir to the intercept")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92dd67114be325e019c149bddaf5f874f6917094)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/classes-recipe/gtk-icon-cache.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes-recipe/gtk-icon-cache.bbclass b/meta/classes-recipe/gtk-icon-cache.bbclass
index 9ecb49916c2..2ff10c21181 100644
--- a/meta/classes-recipe/gtk-icon-cache.bbclass
+++ b/meta/classes-recipe/gtk-icon-cache.bbclass
@@ -46,7 +46,7 @@ gtk_icon_cache_postrm() {
if [ "x$D" != "x" ]; then
$INTERCEPT_DIR/postinst_intercept update_gtk_icon_cache ${PKG} \
mlprefix=${MLPREFIX} \
- libdir=${libdir}
+ libdir_native=${libdir_native}
else
for icondir in /usr/share/icons/* ; do
if [ -d $icondir ] ; then
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 20/41] python3: CVE-2026-3087 not applicable
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (18 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 19/41] classes/gtk-icon-cache: fix libdir passed to the postrm intercept Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 21/41] bzip2: set CVE_PRODUCT Yoann Congal
` (20 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
CVE link: https://nvd.nist.gov/vuln/detail/CVE-2026-3087
The CVE is only applicable to Windows OS
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/python/python3_3.12.13.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index 3e28a3942bd..bf0e1702d54 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -63,6 +63,7 @@ CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Win
# The module will be removed in the future and flaws documented.
CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way"
CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour"
+CVE_STATUS[CVE-2026-3087] = "not-applicable-platform: Issue only applies on Windows"
PYTHON_MAJMIN = "3.12"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 21/41] bzip2: set CVE_PRODUCT
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (19 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 20/41] python3: CVE-2026-3087 not applicable Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 22/41] apr-util: Add CVE_PRODUCT to support product name Yoann Congal
` (19 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Jonas Munsin <jonas.munsin@gehealthcare.com>
Add CVE_PRODUCT to bzip2
Signed-off-by: Jonas Munsin <jonas.munsin@gehealthcare.com>
Signed-off-by: Maxin John <maxin.john@gehealthcare.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bc889ea799cc82f7fa018baabca0b821c1209897)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/bzip2/bzip2_1.0.8.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
index 4e3a06f2408..f9224908685 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
@@ -66,5 +66,7 @@ FILES:libbz2 = "${libdir}/lib*${SOLIBS}"
RDEPENDS:${PN}-ptest += "make bash"
+CVE_PRODUCT = "bzip:bzip2"
+
PROVIDES:append:class-native = " bzip2-replacement-native"
BBCLASSEXTEND = "native nativesdk"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 22/41] apr-util: Add CVE_PRODUCT to support product name
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (20 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 21/41] bzip2: set CVE_PRODUCT Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 23/41] apr: " Yoann Congal
` (18 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Himanshu Jadon <hjadon@cisco.com>
apr-util is tracked in NVD under apache:apr-util, while a smaller set
of newer CVEs also appears under apache:portable_runtime_utility.
Set CVE_PRODUCT accordingly so cve-check can cover both the historical
and current NVD product identities used for APR-util.
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit 927b505c982ed7443aed348ca54b0073ac63d938)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-support/apr/apr-util_1.6.3.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-support/apr/apr-util_1.6.3.bb b/meta/recipes-support/apr/apr-util_1.6.3.bb
index 1371e262ddb..3a5f52d2501 100644
--- a/meta/recipes-support/apr/apr-util_1.6.3.bb
+++ b/meta/recipes-support/apr/apr-util_1.6.3.bb
@@ -95,3 +95,6 @@ do_install_ptest() {
cp -r ${B}/test/$i $t; \
done
}
+
+# Add CVE_PRODUCT to match the NVD CPE product name
+CVE_PRODUCT = "apache:apr-util apache:portable_runtime_utility"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 23/41] apr: Add CVE_PRODUCT to support product name
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (21 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 22/41] apr-util: Add CVE_PRODUCT to support product name Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 24/41] go-binary-native: set status for CVE-2026-39836 Yoann Congal
` (17 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Himanshu Jadon <hjadon@cisco.com>
apr is tracked in NVD under apache:portable_runtime rather than the
recipe name apr. Set CVE_PRODUCT accordingly so cve-check uses the
correct NVD product identity for APR.
No additional alias was found to be necessary for this recipe.
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
(cherry picked from commit bc3803e12d4938e2de514c39bd5d0f011f883ace)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-support/apr/apr_1.7.5.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-support/apr/apr_1.7.5.bb b/meta/recipes-support/apr/apr_1.7.5.bb
index 78796476e22..7a3445aa201 100644
--- a/meta/recipes-support/apr/apr_1.7.5.bb
+++ b/meta/recipes-support/apr/apr_1.7.5.bb
@@ -136,3 +136,6 @@ do_install_ptest() {
}
export CONFIG_SHELL="/bin/bash"
+
+# Add CVE_PRODUCT to match the NVD CPE product name
+CVE_PRODUCT = "apache:portable_runtime"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 24/41] go-binary-native: set status for CVE-2026-39836
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (22 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 23/41] apr: " Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 25/41] go: " Yoann Congal
` (16 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This issue affects Windows only. The net.Dial and net.LookupPort
functions can panic when given input containing a NUL byte.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-39836
https://security-tracker.debian.org/tracker/CVE-2026-39836
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/go-binary-native_1.22.12.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/go/go-binary-native_1.22.12.bb b/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
index 7688a090f40..dd84021cc9e 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.22.12.bb
@@ -19,6 +19,7 @@ UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
CVE_PRODUCT = "golang:go"
CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"
CVE_STATUS[CVE-2025-0913] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2026-39836] = "not-applicable-platform: Issue only applies on Windows"
S = "${WORKDIR}/go"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 25/41] go: set status for CVE-2026-39836
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (23 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 24/41] go-binary-native: set status for CVE-2026-39836 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 26/41] rust,libstd-rs: set status for CVE-2024-3566 Yoann Congal
` (15 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
This issue affects Windows only. The net.Dial and net.LookupPort
functions can panic when given input containing a NUL byte.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2026-39836
https://security-tracker.debian.org/tracker/CVE-2026-39836
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index f85104d6f15..c825ebd25a3 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -65,3 +65,4 @@ SRC_URI += "\
SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71"
CVE_STATUS[CVE-2025-0913] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2026-39836] = "not-applicable-platform: Issue only applies on Windows"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 26/41] rust,libstd-rs: set status for CVE-2024-3566
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (24 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 25/41] go: " Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 27/41] oeqa/runtime/parselogs: update pci BAR ignore for kernel 6.10 Yoann Congal
` (14 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Sudhir Dumbhare <sudumbha@cisco.com>
The vulnerability is Windows-specific and depends on command-line
handling through CreateProcess, which does not apply to Linux/Yocto
builds.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3566
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/rust/rust-source.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index 5b433ceae78..318c7f0e293 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -23,3 +23,4 @@ UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"
CVE_STATUS[CVE-2024-24576] = "not-applicable-platform: Issue only applies on Windows"
CVE_STATUS[CVE-2024-43402] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 27/41] oeqa/runtime/parselogs: update pci BAR ignore for kernel 6.10
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (25 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 26/41] rust,libstd-rs: set status for CVE-2024-3566 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 28/41] linux-yocto/6.6: update to v6.6.129 Yoann Congal
` (13 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
The format of the pci BAR warnings we get on qemu boots has
changed in 6.10+ via the following kernel commit:
commit dc4e6f21c3f844ebc1c52b6920b8ec5dfc73f4e8
Author: Puranjay Mohan <puranjay@kernel.org>
Date: Sat Nov 6 16:56:06 2021 +0530
PCI: Use resource names in PCI log messages
Use the pci_resource_name() to get the name of the resource and use it
while printing log messages.
[bhelgaas: rename to match struct resource * names, also use names in other BAR messages]
Link: https://lore.kernel.org/r/20211106112606.192563-3-puranjay12@gmail.com
Signed-off-by: Puranjay Mohan <puranjay12@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Since it doesn't appear that we can do regex's in parselogs
and the bar number is now in the middle of the message, we
go with a slightly wider format of the message to ignore.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0a7126604b6536868600d43aff000a426384995c)
[YC: In scarthgap, the breaking backported commit is in >=6.6.130:
fffdb0fece19 ("PCI: Use resource names in PCI log messages")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt b/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt
index b0c0fc9ddf4..143db40d63b 100644
--- a/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt
+++ b/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt
@@ -13,6 +13,14 @@ FBIOPUT_VSCREENINFO failed, double buffering disabled
# pci 0000:00:00.0: [Firmware Bug]: reg 0x20: invalid BAR (can't size)
# pci 0000:00:00.0: [Firmware Bug]: reg 0x24: invalid BAR (can't size)
invalid BAR (can't size)
+# 6.10+ the invalid BAR warnings are of this format:
+# pci 0000:00:00.0: [Firmware Bug]: BAR 0: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 1: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 2: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 3: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 4: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 5: invalid; can't size
+invalid; can't size
# These should be reviewed to see if they are still needed
wrong ELF class
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 28/41] linux-yocto/6.6: update to v6.6.129
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (26 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 27/41] oeqa/runtime/parselogs: update pci BAR ignore for kernel 6.10 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 29/41] linux-yocto/6.6: update to v6.6.130 Yoann Congal
` (12 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
4fc00fe35d46 Linux 6.6.129
acf7c8972775 Revert "x86/kexec: add a sanity check on previous kernel's ima kexec buffer"
682d8e2f892b Linux 6.6.128
0ac0e02183c5 arm64: Fix sampling the "stable" virtual counter in preemptible section
18845fb30921 drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
fe418ef21efd NTB: ntb_transport: Fix too small buffer for debugfs_name
1cdff5d564fe tracing: Wake up poll waiters for hist files when removing an event
e4e5026252b4 tracing: Fix checking of freed trace_event_file for hist files
ad058a4317db net: nfc: nci: Fix parameter validation for packet data
dc99b25ed4f7 arm64: Force the use of CNTVCT_EL0 in __delay()
ad3640895956 x86/kexec: Copy ACPI root pointer address from config table
9c735a7d98c9 net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()
1e300c33ef3c net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
6ccfcad1b582 ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
c854ab481ece cifs: some missing initializations on replay
6a3ce8c8ad80 fbcon: Remove struct fbcon_display.inverse
b6de6d481cc2 fbdev: ffb: fix corrupted video output on Sun FFB1
3ed019654234 fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
e8c5d5f6cd66 fbdev: vt8500lcdfb: fix missing dma_free_coherent()
a785c4e2a999 fbcon: check return value of con2fb_acquire_newinfo()
632d233cf2e6 ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
e075ec9b08f8 atm: fore200e: fix use-after-free in tasklets during device removal
9f8ad199844c net: intel: fix PCI device ID conflict between i40e and ipw2200
6eb571a37631 io_uring/filetable: clamp alloc_hint to the configured alloc range
0f4dcba31bf4 tracing: Fix to set write permission to per-cpu buffer_size_kb
ec4445ae9e58 net: macb: Fix tx/rx malfunction after phy link down and up
013ac469596a octeontx2-af: CGX: fix bitmap leaks
0f85a9655445 net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()
63afc078bba6 net: ethernet: marvell: skge: remove incorrect conflicting PCI ID
710657d3d31f LoongArch: Disable instrumentation for setup_ptwalker()
6868bd64dc90 LoongArch: Guard percpu handler under !CONFIG_PREEMPT_RT
a50371c6ad99 LoongArch: Prefer top-down allocation after arch_mem_init()
bb1a54f7f011 LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE
9efa154609cd ceph: supply snapshot context in ceph_zero_partial_object()
103e9d1d43e6 MIPS: rb532: Fix MMIO UART resource registration
953953abb66e cifs: Fix locking usage for tcon fields
cc3f83b6fb37 staging: rtl8723bs: fix null dereference in find_network
369d369ed08f parisc: kernel: replace kfree() with put_device() in create_tree_node()
a19b61fdb958 PCI: Fix pci_slot_trylock() error handling
65e794574069 net: cpsw_new: Fix unnecessary netdev unregistration in cpsw_probe() error path
4857c37c7ba9 drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
7a4fd19c567f tipc: fix RCU dereference race in tipc_aead_users_dec()
8e875cf8851b mtd: rawnand: pl353: Fix software ECC support
f5da4c24aa6d usb: dwc2: fix resume failure if dr_mode is host
76c1123ffccf usb: dwc3: gadget: Move vbus draw to workqueue context
aa8d68d97c7f scsi: ufs: core: Flush exception handling work when RPM level is zero
d3e837e11ee9 perf/arm-cmn: Reject unsupported hardware configurations
9bd98d088f47 remoteproc: imx_rproc: Fix invalid loaded resource table detection
d99a08c2b4d5 btrfs: continue trimming remaining devices on failure
41a09925ec68 arm64: Fix non-atomic __READ_ONCE() with CONFIG_LTO=y
1047ca2d8169 PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
639265296fe6 Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV"
cfccd3b8c51b kexec: derive purgatory entry from symbol
bb273b68c171 ocfs2: fix reflink preserve cleanup issue
649c2e853608 rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
81c44a4bc168 mm/highmem: fix __kmap_to_page() build error
1eabfd2c437b iio: gyro: itg3200: Fix unchecked return value in read_raw
9d0ca11258e7 powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()
442f5db91317 tools: Fix bitfield dependency failure
e4709950acd4 dm mpath: make pg_init_delay_msecs settable
542dd6da35eb bus: fsl-mc: fix an error handling in fsl_mc_device_add()
65f5a17b6d56 usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
22e460b6333a x86/kexec: add a sanity check on previous kernel's ima kexec buffer
57c4fd0f4b02 nvmem: Drop OF node reference on nvmem_add_one_cell() failure
13c1f31f777c nfsd: fix return error code for nfsd_map_name_to_[ug]id
d92b8fac294b md/bitmap: fix GPF in write_page caused by resize race
142b1bba3299 PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions
708e20c66b27 KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
a6f660d62bc1 xfs: fix remote xattr valuelblk check
38613c01f69e xfs: fix freemap adjustments when adding xattrs to leaf blocks
ffaf5c99d0f8 xfs: delete attr leaf freemap entries when empty
e2e7c275f557 mfd: core: Add locking around 'mfd_of_node_list'
01aed2f1d7cb iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode
a5b1ddbe31f4 media: verisilicon: AV1: Fix tile info buffer size
8be53110395e xfs: mark data structures corrupt on EIO and ENODATA
297bb8b1db60 selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs
aa5f25d55cda mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations
8dcff1979381 drm: of: drm_of_panel_bridge_remove(): fix device_node leak
52920a853381 media: venus: vdec: restrict EOS addr quirk to IRIS2 only
225f2221b422 media: venus: vdec: fix error state assignment for zero bytesused
272d44fa7bce arm64: dts: rockchip: Do not enable hdmi_sound node on Pinebook Pro
ed36f6ae0039 dm-unstripe: fix mapping bug when there are multiple targets in a table
fb49f209995f dm-integrity: fix recalculation in bitmap mode
de7934627cc4 s390/pci: Handle futile config accesses of disabled devices directly
1c7c87cf18da clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc()
0f0809bfe4fa media: i2c: ov01a10: Fix digital gain range
85cc6574f21b clk: clk-apple-nco: Add "apple,t8103-nco" compatible
3880e331b0b3 KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
e113339cc7d2 soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
d451bf970a0c soc: ti: k3-socinfo: Fix regmap leak on probe failure
7daf279c674d dm: clear cloned request bio pointer when last clone bio completes
2d10a3dad8d6 dm-integrity: fix a typo in the code for write/discard race
d03a29cb36d6 media: i2c: ov5647: use our own mutex for the ctrl lock
089625cccd7e media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
c146483bad46 media: i2c: ov5647: Sensor should report RAW color space
e5f4aad2627d media: i2c: ov5647: Correct minimum VBLANK value
1f413dac763a media: i2c: ov5647: Correct pixel array offset
cabd025182cf media: i2c: ov5647: Initialize subdev before controls
c9af1818387f media: ccs: Avoid possible division by zero
0c074e80921f media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()
8de39720e7a3 media: i2c: ov01a10: Fix test-pattern disabling
a14a3cef8017 media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls
567a03fe8d08 media: i2c: ov01a10: Fix analogue gain range
e2f6d78dc3a8 media: i2c: ov01a10: Fix reported pixel-rate value
bb2b049f75f1 media: i2c: ov01a10: Fix the horizontal flip control
ccb92def042a media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
9cb9eca33d20 media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
046c5db6bbba media: cx25821: Add missing unmap in snd_cx25821_hw_params()
544215cc37d0 media: cx23885: Add missing unmap in snd_cx23885_hw_params()
10ab64f8efc2 media: cx88: Add missing unmap in snd_cx88_hw_params()
27c508f61963 media: radio-keene: fix memory leak in error path
dd8508820246 media: verisilicon: AV1: Set IDR flag for intra_only frame type
8305902ac038 arm64: dts: apple: t8112-j473: Keep the HDMI port powered on
b74bf7d0d01f HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
3f1b21cc67a1 HID: prodikeys: Check presence of pm->input_ep82
243e1165eb03 HID: magicmouse: Do not crash on missing msc->input
449004434e1f HID: hid-pl: handle probe errors
cad7442ff23b arm64: Disable branch profiling for all arm64 code
deb8f6dfd31d KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding
275e15fd1cf7 ARM: omap2: Fix reference count leaks in omap_control_init()
b44eb959159f media: verisilicon: AV1: Fix tx mode bit setting
8ad7e6ea46a9 media: verisilicon: AV1: Fix enable cdef computation
564fd3a63efc media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
12cafc15d246 media: mtk-mdp: Fix error handling in probe function
637510cb5bed media: mediatek: encoder: Fix uninitialized scalar variable issue
031f2adc1499 dm-verity: correctly handle dm_bufio_client_create() failure
a9ddc035050a fpga: dfl: use subsys_initcall to allow built-in drivers to be added
d6f5aed42760 ASoC: SOF: ipc4-control: Keep the payload size up to date
e1dd7092fa8f ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data
59fe643f21b9 ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
3a5a4b066329 ASoC: SOF: ipc4-control: If there is no data do not send bytes update
955e2d6e5e0a clk: renesas: rzg2l: Select correct div round macro
a4be3b90ba9d clk: renesas: rzg2l: Fix intin variable size
90c8353f4718 rpmsg: core: fix race in driver_override_show() and use core helper
7ef82863d422 netfilter: nf_conntrack_h323: fix OOB read in decode_choice()
b690635d4719 dpaa2-switch: validate num_ifs to prevent out-of-bounds write
9ac6aebef4b4 net: consume xmit errors of GSO frames
175881094756 net/mlx5: Fix missing devlink lock in SRIOV enable error path
54fb0577ebe7 net/mlx5: DR, Fix circular locking dependency in dump
b324327ff6f4 RDMA/umem: Fix double dma_buf_unpin in failure path
35854ed5c40b net: usb: pegasus: enable basic endpoint checking
df001db47708 RDMA/efa: Fix typo in efa_alloc_mr()
337d7b4112a4 net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets
52d469319ced RDMA/core: Fix stale RoCE GIDs during netdev events at registration
0b7d596da5de tipc: fix duplicate publication key in tipc_service_insert_publ()
481ea39b342c Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
efcdb4da480c Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ
1a138921ce56 Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
1d93a369b5aa Bluetooth: hci_qca: Cleanup on all setup failures
7247f340f824 Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
2983b39f8c0d Remove WARN_ALL_UNSEEDED_RANDOM kernel config option
1f40fde29349 wifi: cfg80211: wext: fix IGTK key ID off-by-one
322437972f0a net: ethernet: xscale: Check for PTP support properly
854f5997df49 net: ixp4xx_eth: convert to ndo_hwtstamp_get() and ndo_hwtstamp_set()
19f359963ae8 net: usb: lan78xx: scan all MDIO addresses on LAN7801
ef9b10a02050 net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode
166801e49a5b xfrm: always flush state and policy upon NETDEV_UNREGISTER event
56d5c0557e53 ipmi: ipmb: initialise event handler read bytes
f13e4fe961a7 xfrm: skip templates check for packet offload tunnel mode
719918fc88df xfrm6: fix uninitialized saddr in xfrm6_get_saddr()
d0559d07afab ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
85c9daa1f831 ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
a4557dc20df4 rtc: zynqmp: correct frequency value
61bd8787c605 drm/amd/display: Remove conditional for shaper 3DLUT power-on
0b284a7ce311 btrfs: replace BUG() with error handling in __btrfs_balance()
8995fc0e00b3 ALSA: usb-audio: Add sanity check for OOB writes at silencing
6a997eb80644 drm/radeon: Add HAINAN clock adjustment
5b9af0342402 drm/amdgpu: Add HAINAN clock adjustment
c26bde6301f2 ALSA: usb-audio: Update the number of packets properly at receiving
d2e92247b24a drm/amdgpu: Adjust usleep_range in fence wait
068dee782c8c drm/amd/display: Avoid updating surface with the same surface under MPO
1a7f1116c7f8 ARM: 9467/1: mm: Don't use %pK through printk
44373b1e9c12 include: uapi: netfilter_bridge.h: Cover for musl libc
9f33e83c8393 thermal: int340x: Fix sysfs group leak on DLVR registration failure
e1dc45d97975 libceph: define and enforce CEPH_MAX_KEY_LEN
a87a445ac1d9 ceph: supply snapshot context in ceph_uninline_data()
2f5c626ea792 fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra()
ad0d779cdc26 fs/ntfs3: drop preallocated clusters for sparse and compressed files
8d8c70b57dbe fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
af839013c70a fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
68e32694be23 fs: ntfs3: check return value of indx_find to avoid infinite loop
6dedf0369f2a MIPS: Loongson: Make cpumask_of_node() robust against NUMA_NO_NODE
da08099d5f7a iio: magnetometer: Remove IRQF_ONESHOT
53f2152b48d5 iio: Use IRQF_NO_THREAD
be5465701341 Revert "mfd: da9052-spi: Change read-mask to write-mask"
dc3bc979814b phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
afb941338c8e phy: mvebu-cp110-utmi: fix dr_mode property read from dts
d476130e53d3 watchdog: imx7ulp_wdt: handle the nowayout option
0883ddd583ed binder: don't use %pK through printk
1d7120244b54 fix it87_wdt early reboot by reporting running timer
4ff5ab3e7141 serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done
8311bb40698b staging: rtl8723bs: fix memory leak on failure path
03a2f7f9864c misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
ece3722169ba misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()
c219c20cc357 dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings
f89324e2e09d dmaengine: sun6i: Choose appropriate burst length under maxburst
f9305dda5015 fpga: of-fpga-region: Fail if any bridge is missing
b2bbcaa36c1a usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs
32ccda4895ba serial: 8250_dw: handle clock enable errors in runtime_resume
52b42c24750a staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure
cd496527efa8 soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15)
3be7beef4a05 m68k: nommu: fix memmove() with differently aligned src and dest for 68000
6ce681cf8082 clk: microchip: core: correct return value on *_get_parent()
e2809ad08252 mailbox: sprd: clear delivery flag before handling TX done
4c4679b31b9d remoteproc: mediatek: Break lock dependency to `prepare_lock`
332fb842181e mailbox: sprd: mask interrupts that are not handled
17ee46882b3e mailbox: imx: Skip the suspend flag for i.MX7ULP
51edcbd17c8d mailbox: pcc: Remove spurious IRQF_ONESHOT usage
f720e653aa1a remoteproc: imx_dsp_rproc: Skip RP_MBOX_SUSPEND_SYSTEM when mailbox TX channel is uninitialized
cb6c4aa73491 tracing: Fix false sharing in hwlat get_sample()
9566c87101b2 vhost: fix caching attributes of MMIO regions by setting them explicitly
f1bf5ebd5fda scsi: buslogic: Reduce stack usage
d16337560750 hisi_acc_vfio_pci: update status after RAS error
559e227b1df7 ata: libata: avoid long timeouts on hot-unplugged SATA DAS
55de264a4d32 RDMA/rtrs-clt: For conn rejection use actual err number
3819890d6ab2 nfc: nxp-nci: remove interrupt trigger type
392e3d44841d myri10ge: avoid uninitialized variable use
6e2a6100ac5b PCI: Mark Nvidia GB10 to avoid bus reset
846b226065fe PCI: Add ACS quirk for Qualcomm Hamoa & Glymur
ec494c0260bf PCI: Enable ACS after configuring IOMMU for OF platforms
a2376e912723 PCI: Fix pci_slot_lock () device locking
f5ea62163a78 PCI: Mark ASM1164 SATA controller to avoid bus reset
391200c274e9 net/rds: Clear reconnect pending bit
f713dcd2ce83 vmw_vsock: bypass false-positive Wnonnull warning with gcc-16
7a8acafd45a9 net: usb: sr9700: remove code to drive nonexistent multicast filter
87465580215c wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg()
b015d4c70c9a wifi: rtw89: pci: restore LDO setting after device resume
d9b549b6951b octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
37f4e6804d98 Bluetooth: btusb: Add device ID for Realtek RTL8761BU
c051ef2f61f4 Bluetooth: btusb: Add new VID/PID for RTL8852CE
07960da05c0d Bluetooth: hci_conn: use mod_delayed_work for active mode timeout
c06dbfd954c9 Bluetooth: hci_conn: Set link_policy on incoming ACL connections
9eaeba5600e5 ipv4: fib: Annotate access to struct fib_alias.fa_state.
31d4bb68f436 wifi: iwlegacy: add missing mutex protection in il3945_store_measurement()
941e3066441c wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power()
2ace7ac88cb0 net: hns3: extend HCLGE_FD_AD_QID to 11 bits
d5cd3bb7794e ipv4: igmp: annotate data-races around idev->mr_maxdelay
ab2848d3783a gro: change the BUG_ON() in gro_pull_from_frag0()
f0f729bdffb0 net/rds: No shortcut out of RDS_CONN_ERROR
db62e9f44838 wifi: iwlwifi: mvm: check the validity of noa_len
116bc0980e91 net: usb: r8152: fix transmit queue timeout
f4bf64072c36 openrisc: define arch-specific version of nop()
07a9b32eaae7 netfilter: xt_tcpmss: check remaining length before reading optlen
89f50775d883 netfilter: nf_conntrack: Add allow_clash to generic protocol handler
99c75e53cec0 ext4: mark group extend fast-commit ineligible
0d5fcb063cda ext4: move ext4_percpu_param_init() before ext4_mb_init()
83b074b69022 ext4: mark group add fast-commit ineligible
46ed4e9c8d30 ipv6: exthdrs: annotate data-race over multiple sysctl
55170230de66 ipv6: annotate data-races in ip6_multipath_hash_{policy,fields}()
f73528f140f1 wifi: ath12k: fix preferred hardware mode calculation
c5547727bd1c wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
ddfe47664cc6 PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
d880c9b73890 wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode
f2f65b28d802 iommu/amd: move wait_on_sem() out of spinlock
5bfb25495e39 wifi: libertas: fix WARNING in usb_tx_block
9ff4843e6ea3 iommu/arm-smmu-v3: Improve CMDQ lock fairness and efficiency
4f9e7ca933a9 dm: remove fake timeout to avoid leak request
df379f57c2cd dm: replace -EEXIST with -EBUSY
dd181178c245 wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H
a96d161cfdb1 wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
9fdce77e38c1 wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero
f70fcbc2ac7c jfs: nlink overflow in jfs_rename
68f7fc769243 jfs: Add missing set_freezable() for freezable kthread
34506cb119bb ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio
8fb5c4c979ae modpost: Amend ppc64 save/restfpr symnames for -Os build
fecfe41f7ed0 ASoC: es8328: Add error unwind in resume
18c67fb3750b hwmon: (f71882fg) Add F81968 support
f8ddbe303419 hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE
2d48f60307e6 ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe()
3383271464b7 spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end
19513daa8d13 ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio
d1b6536ac20d gpio: aspeed-sgpio: Change the macro to support deferred probe
98c0e07dc7d6 ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro
49afc2e5bfae HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
4df1e6252d07 HID: multitouch: add eGalaxTouch EXC3188 support
876bb1eabdb1 media: rkisp1: Fix filter mode register configuration
ac2d898da509 drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release
80b8b0df370f drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts
ec40702029b0 drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
af67b50311e7 virt: vbox: uapi: Mark inner unions in packed structs as packed
34eae7e0ab61 hyper-v: Mark inner union in hv_kvp_exchg_msg_value as packed
bbfaa5761f58 drm: Account property blob allocations to memcg
e97de3e924b3 drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map()
30aaed311f97 media: v4l2-async: Fix error handling on steps after finding a match
4010e596d23c media: cx25821: Fix a resource leak in cx25821_dev_setup()
33af366211ee media: solo6x10: Check for out of bounds chip_id
4ba5c7a1aade media: pvrusb2: fix URB leak in pvr2_send_request_ex
45d9a0cd1b88 media: adv7180: fix frame interval in progressive mode
f5a5a824f0ac media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START
81bc7d5e7897 spi: spi-mem: Limit octal DTR constraints to octal DTR situations
822530fb85d8 ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug
21f6e02a1910 ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
04184bcb50f5 HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards
55462d16cb9c drm/amdgpu: avoid a warning in timedout job handler
40e0b938db37 drm/amdgpu: add support for HDP IP version 6.1.1
b0d35bc9c159 media: mediatek: vcodec: Don't try to decode 422/444 VP9
38ef3e1e1e9b media: omap3isp: set initial format
d490523d2374 media: omap3isp: isppreview: always clamp in preview_try_format()
a9d1d7d27151 media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
2663ef70c612 drm/v3d: Set DMA segment size to avoid debug warnings
50e8aac244e7 spi: stm32: fix Overrun issue at < 8bpw
8b971c21603a media: dvb-core: dmxdevfilter must always flush bufs
b2a97f2259f6 spi-geni-qcom: use xfer->bits_per_word for can_dma()
5d0814ad6654 spi-geni-qcom: initialize mode related registers to 0
ac9a7c329a56 drm/display/dp_mst: Add protection against 0 vcpi
afa0bfe1437d parisc: Prevent interrupts during reboot
12535a5d5d64 arm64: tegra: smaug: Add usb-role-switch support
1da904e84de6 pstore: ram_core: fix incorrect success return when vmap() fails
a4345acbe390 char: tpm: cr50: Remove IRQF_ONESHOT
3e656f767407 mailbox: bcm-ferxrm-mailbox: Use default primary handler
7b9394e49720 crypto: hisilicon/qm - move the barrier before writing to the mailbox register
5f007c6acaa7 PCI/MSI: Unmap MSI-X region on error
f557c206c32e clocksource/drivers/timer-integrator-ap: Add missing Kconfig dependency on OF
6f113ab549b8 clocksource/drivers/sh_tmu: Always leave device running after probe
c8a34bceefbc bpf: verifier improvement in 32bit shift sign extension pattern
47bbd0cb7db3 sparc: don't reference obsolete termio struct for TC* constants
6aa04820dbfe sparc: Synchronize user stack on fork and clone
648aa7ce0bd8 blk-mq-debugfs: add missing debugfs_mutex in blk_mq_debugfs_register_hctxs()
9150176cbf71 xenbus: Use .freeze/.thaw to handle xenbus devices
2050a5cff32c perf/cxlpmu: Replace IRQF_ONESHOT with IRQF_NO_THREAD
84a17b7b292d s390/perf: Disable register readout on sampling events
bafd4aa1908a cpufreq: dt-platdev: Block the driver from probing on more QC platforms
a61c1bc84c4a md-cluster: fix NULL pointer dereference in process_metadata_update
b4a0b646cc28 ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
01e8751b37a3 ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
64eb63f573f4 EFI/CPER: don't go past the ARM processor CPER record buffer
e0ec99115e13 APEI/GHES: ensure that won't go past CPER allocated record
5a9b1dda8481 EFI/CPER: don't dump the entire memory region
6ea4b7bc2e7b x86/xen/pvh: Enable PAE mode for 32-bit guest only when CONFIG_X86_PAE is set
30868a6a5238 rnbd-srv: Zero the rsp buffer before using it
fd7e360845d3 arm64: Add support for TSV110 Spectre-BHB mitigation
94ab05af1d96 perf/arm-cmn: Support CMN-600AE
61cd0b287fb9 s390/purgatory: Add -Wno-default-const-init-unsafe to KBUILD_CFLAGS
7823e09a68b5 tools/power cpupower: Reset errno before strtoull()
93e8e3ee165a smb: client: prevent races in ->query_interfaces()
e428670cfb29 gfs2: fiemap page fault fix
048b58edc57d smb: client: add proper locking around ses->iface_last_update
8b5dcfa97bf3 btrfs: handle user interrupt properly in btrfs_trim_fs()
2bb588cede1c minix: Add required sanity checking to minix_check_superblock()
43ccadb866de i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr()
de9affb698d5 hfsplus: pretend special inodes as regular files
f5d27ad99fca audit: add missing syscalls to read class
c1b6227555c5 fs/buffer: add alert in try_to_free_buffers() for folios without buffers
bccd4ebbdac3 hfsplus: fix volume corruption issue for generic/498
91e27bc79c3b audit: add fchmodat2() to change attributes class
4bde6678bc54 rtc: interface: Alarm race handling should not discard preceding error
4927e2d29b74 libperf build: Always place libperf includes first
5cf6e76e4f4f libperf: Don't remove -g when EXTRA_CFLAGS are used
66e9b70c64df libsubcmd: Fix null intersection case in exclude_cmds()
56042755b72f perf callchain: Fix srcline printing with inlines
eddddf4ed7f6 perf unwind-libdw: Fix invalid reference counts
985d844a5997 perf test stat tests: Fix for virtualized machines
fa99e8717a68 perf test stat: Update test expectations and events
8f36abf181c2 ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names
f939f666ec02 ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names
ce18fa88b154 ASoC: dt-bindings: asahi-kasei,ak4458: set unevaluatedProperties:false
655c9ba9915f SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path
df10f23defff SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths
97503a852d3b ata: libata-scsi: refactor ata_scsi_translate()
51680e9a1680 ata: pata_ftide010: Fix some DMA timings
f18f70123962 ext4: use optimized mballoc scanning regardless of inode format
4a79fde8db7e ext4: fix memory leak in ext4_ext_shift_extents()
93b2ebbbcb2e ext4: don't cache extent during splitting extent
c0155dee51b9 MIPS: Work around LLVM bug when gp is used as global register variable
c941c268ad00 drm/amd/display: Use same max plane scaling limits for all 64 bpp formats
da0959402742 ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk
5fed5f6c6a02 x86/hyperv: Fix error pointer dereference
1ee1d006c9fe btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found
b7bc182ec184 efi: Fix reservation of unaccepted memory table
3222c8020aeb s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n
9e5cb7e67fbd spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()
a98d73dcc339 spi: wpcm-fiu: Simplify with dev_err_probe()
978137e940de spi: wpcm-fiu: Fix uninitialized res
87e463136302 spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
971bf8e61e9b drm/amdkfd: Fix watch_id bounds checking in debug address watch v2
17e94789c216 drm/amdkfd: fix debug watchpoints for logical devices
e975148b2c29 ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init
3a2f5a21285b drm/i915/acpi: free _DSM package when no connectors
29b2fbe3498d ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()
f8a5426652bd drm/amdgpu: Fix memory leak in amdgpu_ras_init()
e87c73a80a12 drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
8dc6beca70f0 apparmor: fix aa_label to return state from compount and component match
b25298e89a29 apparmor: fix invalid deref of rawdata when export_binary is unset
dbbe0a2e3e4b apparmor: make label_match return a consistent value
0563743d3f70 apparmor: remove apply_modes_to_perms from label_match
32928c1749e8 apparmor: refcount the pdb
f89b657e1785 apparmor: provide separate audit messages for file and policy checks
e78e00cf9eba apparmor: use passed in gfp flags in aa_alloc_null()
1f736dfe27c8 apparmor: fix rlimit for posix cpu timers
24bb7d11dc30 apparmor: return -ENOMEM in unpack_perms_table upon alloc failure
0dc19bca2260 apparmor: fix NULL sock in aa_sock_file_perm
a4ff9e4f4ad4 net/mlx5: Fix multiport device check over light SFs
f94a0de7b9f3 bonding: alb: fix UAF in rlb_arp_recv during bond up/down
8bc48c4fb636 octeontx2-af: Fix default entries mcam entry action
3f483a90634d inet: move icmp_global_{credit,stamp} to a separate cache line
c9141a794fdc cache: add __cacheline_group_{begin, end}_aligned() (+ couple more)
8dacf34eb427 netns-ipv4: reorganize netns_ipv4 fast path variables
1402ebe132a9 cache: enforce cache groups
4ec8a98b3dc3 tcp: Set pingpong threshold via sysctl
b4d5e97679bc tcp: defer regular ACK while processing socket backlog
22023ffad74c icmp: prevent possible overflow in icmp_global_allow()
b0da61015db2 icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns
e0987b6c3b34 icmp: move icmp_global.credit and icmp_global.stamp to per netns storage
19c7d8ac5198 macvlan: observe an RCU grace period in macvlan_common_newlink() error path
b5c84070333a ping: annotate data-races in ping_lookup()
6b6b2fbd66d8 bpftool: Fix truncated netlink dumps
db4636748c22 ipv6: fix a race in ip6_sock_set_v6only()
7017745068a9 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
9464ca7a6e56 net: remove WARN_ON_ONCE when accessing forward path array
60e921703943 netfilter: nf_conntrack_h323: don't pass uninitialised l3num value
f199874c199b selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with br_netfilter enabled
3c2b767a8ae2 selftests: forwarding: vxlan_bridge_1d: fix test failure with br_netfilter enabled
d0fdad1bdd21 net: bridge: mcast: always update mdb_n_entries for vlan contexts
779a9ae0ef22 net/rds: rds_sendmsg should not discard payload_len
88b0fced1bbb xen-netback: reject zero-queue configuration from guest
163d04897e57 net: usb: catc: enable basic endpoint checking
b067e6c7973b net: sparx5/lan969x: fix PTP clock max_adj value
bcc60ad129ae ipv6: Fix out-of-bound access in fib6_add_rt2node().
cc1b179f778f net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
357a3544a385 net: mscc: ocelot: split xmit into FDMA and register injection paths
487fac2388ad net: mscc: ocelot: extract ocelot_xmit_timestamp() helper
d6f03772d9c0 net: sparx5/lan969x: fix DWRR cost max to match hardware register width
9eefda7a03ef selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2
5c577ac939bc cpuidle: Skip governor when only one idle state is available
7bb9178df6f0 ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
d389943443c5 selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT
2efc98314a61 selftests/memfd: delete unused declarations
d809ee17c0d1 kbuild: Add objtool to top-level clean target
e156a104ba26 powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check
727992102836 ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs
a584b9d1059b fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot
71c8b966ec56 fs/ntfs3: prevent infinite loops caused by the next valid being the same
fb2d7c30d030 io_uring/cancel: de-unionize file and user_data in struct io_cancel_data
533d495f15e4 dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
592833ea0051 dmaengine: fsl-edma-main: Convert to platform remove callback returning void
a489f1fd52bc backlight: qcom-wled: Change PM8950 WLED configurations
82f2eaab2f94 backlight: qcom-wled: Support ovp values for PMI8994
97790c9b255d leds: qcom-lpg: Check the return value of regmap_bulk_write()
99cc7352156c pinctrl: single: fix refcount leak in pcs_add_gpio_func()
eccf17c0a801 pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
e8e960c3d23f iio: sca3000: Fix a resource leak in sca3000_probe()
43b6f69e1806 ovl: Fix uninit-value in ovl_fill_real
d26685b2d9ad pinctrl: equilibrium: Fix device node reference leak in pinbank_init()
4f531b1a5468 usb: bdc: fix sleep during atomic
c5bde5357e10 drivers: iio: mpu3050: use dev_err_probe for regulator request
29040d42d641 mfd: simple-mfd-i2c: Add Delta TN48M CPLD support
fd1a3a0b98a9 mfd: simple-mfd-i2c: Keep compatible strings in alphabetical order
d9e5d3e1924a mfd: simple-mfd-i2c: Add SpacemiT P1 support
07fb61ff35fd mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA
b07aa526d053 mfd: simple-mfd-i2c: Add MAX77705 support
3ea01691738b mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure
9c858ef369bb Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms"
b359ca27c589 coresight: etm3x: Fix cpulocked warning on cpuhp
2fad88d7760c watchdog: starfive-wdt: Fix PM reference leak in probe error path
7281a0c907cc iio: pressure: mprls0025pa: fix scan_type struct
6dd1e95cc554 mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
24ec8015beca serial: SH_SCI: improve "DMA support" prompt
c233e1e81873 serial: imx: change SERIAL_IMX_CONSOLE to bool
65f2c608096d staging: greybus: lights: avoid NULL deref
e230aee60444 dma: dma-axi-dmac: fix SW cyclic transfers
6be32baf6541 dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
06c8ed283635 clk: mediatek: Fix error handling in runtime PM setup
547ae2f17349 clk: qcom: gfx3d: add parent to parent request map
bb5de8aca640 clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
ae56e2c27f6d clk: Move clk_{save,restore}_context() to COMMON_CLK section
d81b51c8a7ed clk: qcom: gcc-ipq5018: flag sleep clock as critical
048fbee3e431 clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
df1c437bfca4 clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
915e7579855e clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops
d31b1b143819 clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops
45a013dabc5f clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops
ac003c1a80d9 clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
1e1664eb6f24 clk: qcom: rcg2: compute 2d using duty fraction directly
8cb92d27454e clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs
3e5349e54113 fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
68dae7b64c31 fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings()
ca81f7811dfe tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros
7e6556e9329b tracing: Properly process error handling in event_hist_trigger_parse()
aa6e847e2795 fs/nfs: Fix readdir slow-start regression
c1f244f7868c nvdimm: virtio_pmem: serialize flush requests
25d623f0d77c scsi: csiostor: Fix dereference of null pointer rn
94a6c85a68bc scsi: ufs: host: mediatek: Require CONFIG_PM
fdf1188cfa80 scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()
8e3d91135417 pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN
34276d267742 RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc
685163733ed1 power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
d2a6ca4c0748 mtd: spinand: Fix kernel doc
9fbbd62436ce mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions()
5f1a84bb4a95 cxl: Fix premature commit_end increment on decoder commit failure
db830aea65e4 RDMA/core: add rdma_rw_max_sge() helper for SQ sizing
6faf28106ea1 svcrdma: Reduce the number of rdma_rw contexts per-QP
63a45e2a1264 svcrdma: Increase the per-transport rw_ctx count
46ccddede7be svcrdma: Clean up comment in svc_rdma_accept()
4965711d22a0 svcrdma: Remove queue-shortening warnings
91cb7ff68604 RDMA/core: Fix a couple of obvious typos in comments
756c93d6df7c RDMA/rxe: Fix race condition in QP timer handlers
bf1feed1a788 RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send
0f5e62ea5c43 mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
1733d168099e crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails
2abf05a122cf crypto: ccp - Factor out ring destroy handling to a helper
b2e7e269aba9 crypto: ccp - Move direct access to some PSP registers out of TEE
54541017ac6a crypto: ccp - Add an S4 restore flow
21f422a86ded mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper
bc779d426ef1 tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus()
26793db60925 RDMA/rxe: Fix double free in rxe_srq_from_init
9a0323f5e54e RDMA/rtrs-srv: fix SG mapping
86183153c299 power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()
3af85f239648 power: supply: bq27xxx: fix wrong errno when bus ops are unsupported
7ac6501b587c power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write
2078830c32d1 power: supply: sbs-battery: Fix use-after-free in power_supply_changed()
af261f218a76 power: supply: rt9455: Fix use-after-free in power_supply_changed()
77ea437faa4c power: supply: goldfish: Fix use-after-free in power_supply_changed()
cbb9b07f88a9 power: supply: cpcap-battery: Fix use-after-free in power_supply_changed()
0de95d29d847 power: supply: bq25980: Fix use-after-free in power_supply_changed()
cb5c743936ed power: supply: bq256xx: Fix use-after-free in power_supply_changed()
697bb5dc0cb4 power: supply: act8945a: Fix use-after-free in power_supply_changed()
f50433f2603d power: supply: ab8500: Fix use-after-free in power_supply_changed()
2ad50784c9eb RDMA/hns: Notify ULP of remaining soft-WCs during reset
70a5eb757ace RDMA/hns: Fix WQ_MEM_RECLAIM warning
2fb573fa9d71 IB/cache: update gid cache on client reregister event
04b41f1d0e33 RDMA/rtrs: server: remove dead code
d858a1d814d3 octeontx2-pf: Unregister devlink on probe failure
320b54651a59 ionic: Rate limit unknown xcvr type messages
69042a930eae octeon_ep: ensure dbell BADDR updation
664355e6f130 octeon_ep: set backpressure watermark for RX queues
dc4d11c5f316 octeon_ep: disable per ring interrupts
2c33c53a9c8c octeon_ep: support Octeon CN10K devices
a40e276b9696 octeon_ep: restructured interrupt handlers
77c641b3bd4e octeon_ep: support to fetch firmware info
331e2b705163 serial: caif: fix use-after-free in caif_serial ldisc_close()
2c1f59005da9 xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path
d621dd67a72d net: Switch to skb_dstref_steal/skb_dstref_restore for ip_route_input callers
31ca4fbf56d1 net: Add skb_dstref_steal and skb_dstref_restore
dea1465394ff net: sunhme: Fix sbus regression
e3f80666c273 net: atm: fix crash due to unvalidated vcc pointer in sigd_send()
e131aac543cd smb: client: correct value for smbd_max_fragmented_recv_size
0e64bd46a04a procfs: fix missing RCU protection when reading real_parent in do_task_stat()
6dc10494cfe2 net: hns3: fix double free issue for tx spare buffer
44b2256b17f1 PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
f1535d56fc3f netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
f7eb1903c6e0 netfilter: nft_counter: fix reset of counters on 32bit archs
cfe35cb86256 netfilter: nft_set_hash: fix get operation on big endian
77eef9f2eef0 nfc: hci: shdlc: Stop timers and work before freeing context
db76b75ede38 inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
43f4661e9b2c bonding: only set speed/duplex to unknown, if getting speed failed
8b5ed7c5417b octeontx2-af: Fix PF driver crash with kexec kernel booting
cf5967514735 mptcp: fix receive space timestamp initialization
2622f355e621 of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy()
e7c1e60802d8 ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit()
7dc4778ee848 ipc: don't audit capability check in ipc_permissions()
2c80b0974047 PCI/ACPI: Restrict program_hpx_type2() to AER bits
89db6475c0b4 PCI: Add defines for bridge window indexing
82bd7f9d08ce PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
1f5438cb5d78 PCI: Log bridge info when first enumerating bridge
f49c44723a70 PCI: Log bridge windows conditionally
988b8b98103c PCI: Supply bridge device, not secondary bus, to read window details
7fd6672a1bb0 PCI: Move pci_read_bridge_windows() below individual window accessors
a79a3d1fd32c PCI: Initialize RCB from pci_configure_device()
a7c08278f2d0 wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump()
62c2290dc976 tcp: tcp_tx_timestamp() must look at the rtx queue
d3b7ffa90f61 fat: avoid parent link count underflow in rmdir
243f71ed873f nfsd: never defer requests during idmap lookup
0114244ec49a dm: use bio_clone_blkg_association
c93f23375d8c iommu/vt-d: Flush cache for PASID table before using it
bff7ac6b98fa PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
af0f0d30fd02 kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup()
ecb0af907733 module: add helper function for reading module_buildid()
767f1a8c8483 netfilter: nf_conncount: fix tracking of connections from localhost
abaa1508d5db netfilter: nft_compat: add more restrictions on netlink attributes
0792ad077d77 netfilter: nf_conncount: increase the connection clean up limit to 64
d12e9e90632c netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH
5802782366ba netfilter: nf_tables: reset table validation state on abort
4d7a05da767e wifi: cfg80211: stop NAN and P2P in cfg80211_leave
11f832532440 mctp i2c: initialise event handler read bytes
f03666259d22 net: mctp-i2c: fix duplicate reception of old data
37ccd48cf35f quota: fix livelock between quotactl and freeze_super
96ac80ce22bc PCI/portdrv: Fix potential resource leak
cf7e6dbb51a7 PCI: Do not attempt to set ExtTag for VFs
a4176432d41e Documentation: tracing: Add PCI tracepoint documentation
60b896647d88 Documentation: trace: Refactor toctree
b2f972293451 docs: fix WARNING document not included in any toctree
bd43a6e85779 Documentation: tracing: Add ring-buffer mapping
baa42b756d18 PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails
d8e7624e2113 PCI/PM: Avoid redundant delays on D3hot->D3cold
63d3556c9a8e Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
24c190a5a24e PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
f448acd86835 Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
1ae5fd122398 spi: tools: Add include folder to .gitignore
169ae51f31b0 platform/chrome: cros_ec_lightbar: Fix response size initialization
e3311645c7c1 media: uvcvideo: Fix allocation for small frame sizes
01fe5a26ccc6 platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev
0347548ccf07 drm/msm/a2xx: fix pixel shader start on A225
661152ffb0f2 media: ccs: Accommodate C-PHY into the calculation
e7815709bc97 drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x
33acf9a4d6eb HID: playstation: Add missing check for input_ff_create_memless
f0a6e4b27bad regulator: core: move supply check earlier in set_machine_constraints()
2d5b17e8364b drm/msm/disp/dpu: add merge3d support for sc7280
83d3d9ec347a drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init
f721f873d3e1 ASoC: nau8821: Fixup nau8821_enable_jack_detect()
88a6bed89eb8 ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
e19f5b5d1059 ASoC: nau8821: Consistently clear interrupts before unmasking
1c7ee23dfcd1 smack: /smack/doi: accept previously used values
661d87242dd6 smack: /smack/doi must be > 0
34bacb3cc343 workqueue: Process rescuer work items one-by-one using a cursor
c906c9d81fdf workqueue: Only assign rescuer work when really needed
c17f947a6fca workqueue: Factor out assign_rescuer_work()
e3b15841172e arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions
4ffe98b89c9c arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1
c77d1b2f5e51 arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0
1895ad99349e arm64: dts: amlogic: g12: assign the MMC A signal clock
44cd81bbb21b arm64: dts: amlogic: g12: assign the MMC B and C signal clocks
6a47c69a8bba arm64: dts: amlogic: gx: assign the MMC signal clocks
59f3138d11cc arm64: dts: amlogic: axg: assign the MMC signal clocks
716c8ebe0409 arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree node
8461f646f68a ARM: dts: lpc32xx: Set motor PWM #pwm-cells property value to 3 cells
87a1f93986aa powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling
06195456c4e4 soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
993d41578772 soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe
c43e0a0353e5 powerpc/uaccess: Move barrier_nospec() out of allow_read_{from/write}_user()
ac2c85d2a2f6 ARM: dts: allwinner: sun5i-a13-utoo-p66: delete "power-gpios" property
dc62cf0814fa arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on
1aeb4ed95c3f arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on
93aaa53ecf20 arm64: dts: qcom: sdm630: fix gpu_speed_bin size
e15f1e18cdf4 clk: qcom: Return correct error code in qcom_cc_probe_by_index()
458f7417fae0 arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings
063898a3f9ac EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size()
e37f5e05b5bc EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size()
8afa17757873 soc: qcom: smem: handle ENOMEM error during probe
cff0ef043e16 pstore/ram: fix buffer overflow in persistent_ram_save_old()
8ad5577b2d4a sched/rt: Skip currently executing CPU in rto_next_cpu()
322154c3981e mfd: wm8350-core: Use IRQF_ONESHOT
3db9471b23f5 EDAC/altera: Remove IRQF_ONESHOT
adb69cc223d7 scsi: efct: Use IRQF_ONESHOT and default primary handler
ddc34a1b8550 bpf: Fix bpf_xdp_store_bytes proto for read-only arg
74081d6c1da1 crypto: hisilicon/trng - support tfms sharing the device
260a9e382996 crypto: hisilicon/trng - modifying the order of header files
9681044e45c9 bpf, sockmap: Fix FIONREAD for sockmap
acaf1ea47bbf bpf, sockmap: Fix incorrect copied_seq calculation
7111701a09cc hrtimer: Fix trace oddity
33a30bf9e0d4 crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable
6eae58af0c31 crypto: hisilicon/zip - adjust the way to obtain the req in the callback function
ab8b2eaf7add crypto: hisilicon/zip - remove zlib and gzip
70b2f4fc1ede crypto: hisilicon/zip - support deflate algorithm
0aa430f4661d crypto: octeontx - fix dma_free_coherent() size
53e97a309cc3 crypto: cavium - fix dma_free_coherent() size
2b757fea9f4f ARM: VDSO: Patch out __vdso_clock_getres() if unavailable
e1767524765e libbpf: Fix OOB read in btf_dump_get_bitfield_value
542bf32cf757 selftests/bpf: veristat: fix printing order in output_stats()
6e6abc72accf crypto: qat - fix warning on adf_pfvf_pf_proto.c
abb6e07f46a7 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()
27d7a35b8052 PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
70e8af620210 perf: arm_spe: Properly set hw.state on failures
3deb7b6a2e31 PM: wakeup: Handle empty list in wakeup_sources_walk_start()
d6749d0b8ddc Partial revert "x86/xen: fix balloon target initialization for PVH dom0"
ef3b74d20f5e x86/xen: make some functions static
31cac6acf77e ublk: Validate SQE128 flag before accessing the cmd
8f3d79abdec0 iomap: fix submission side handling of completion side errors
597ec9e7f5cc md/raid10: fix any_working flag handling in raid10_sync_request
72b2db83705b cpuidle: governors: menu: Always check timers with tick stopped
0add3e6f91aa cpuidle: menu: Cleanup after loadavg removal
ca762fa01f64 io_uring/sync: validate passed in offset
f2cf475d23b8 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()
9cc9efa703f0 xen/virtio: Don't use grant-dma-ops when running as Dom0
7425453ea16d smb: client: fix potential UAF and double free in smb2_open_file()
e3d1fd084319 btrfs: fix block_group_tree dirty_list corruption
46fb7ee9f852 btrfs: qgroup: return correct error when deleting qgroup relation item
a51cff9be046 tpm: st33zp24: Fix missing cleanup on get_burstcount() error
948966e546f2 tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure
20ac431e02dc i3c: dw: Initialize spinlock to avoid upsetting lockdep
d87268326b27 gfs2: Fix use-after-free in iomap inline data write path
4991b13cc9f1 gfs2: Add metapath_dibh helper
7e3b7a47867a gfs2: Retries missing in gfs2_{rename,exchange}
b68be2b8b564 i3c: master: Update hot-join flag only on success
5560116126da fs: add <linux/init_task.h> for 'init_fs'
4b2a0a4e9428 i3c: Move device name assignment after i3c_bus_init
e2647d540bea audit: move the compat_xxx_class[] extern declarations to audit_arch.h
979c708e6c9d rcu: Fix rcu_read_unlock() deadloop due to softirq
dffd52d0d14e rcu: Remove local_irq_save/restore() in rcu_preempt_deferred_qs_handler()
3ccd035ef99d rcu: Refactor expedited handling check in rcu_read_unlock_special()
6cc7a424a39a rcu/exp: Move expedited kthread worker creation functions above rcutree_prepare_cpu()
cb9eaff659dd rcu: s/boost_kthread_mutex/kthread_mutex
7b57ada854b3 hfsplus: return error when node already exists in hfs_bnode_create
2e000d8a5306 auxdisplay: arm-charlcd: fix release_mem_region() size
a6a3e4af1099 RDMA/umad: Reject negative data_len in ib_umad_write
ffba40b67663 RDMA/siw: Fix potential NULL pointer dereference in header processing
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 8685e5cbf6d..8250679ed0f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "c45743dc8dc2ddfbe7bd165997e1f7cf887fa6b7"
-SRCREV_meta ?= "45f69741c733e066ed1a12b6025e347e5cd6063e"
+SRCREV_machine ?= "8751b899ea5af349e8570e8985365290efa5e7d6"
+SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.127"
+LINUX_VERSION ?= "6.6.129"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index d6a9afdf17e..bd4a10b5640 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.127"
+LINUX_VERSION ?= "6.6.129"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "8247922ff493e4fef938ce36562cac9c0cce86aa"
-SRCREV_meta ?= "45f69741c733e066ed1a12b6025e347e5cd6063e"
+SRCREV_machine ?= "d82c6cc64c037058c6bfd630f2d2604a38684c7d"
+SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 92ad6afa3a5..58a72979c53 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "aa66687c1abe2afe2ee6c00c36bfaaf3d5d9636c"
-SRCREV_machine:qemuarm64 ?= "cf88783fdb92901d9d228afb7d700c6575742f1b"
-SRCREV_machine:qemuloongarch64 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemumips ?= "cbd6f9a670486dcd83ef0f8b90a75b2b7b44b447"
-SRCREV_machine:qemuppc ?= "bce75aa765505d7db3bb1bfefb5d3f524a1a5b64"
-SRCREV_machine:qemuriscv64 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemuriscv32 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemux86 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemux86-64 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemumips64 ?= "4cc6d51a6f63436a37c3ba4ea2da93c7fd3240b4"
-SRCREV_machine ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_meta ?= "45f69741c733e066ed1a12b6025e347e5cd6063e"
+SRCREV_machine:qemuarm ?= "539bf858552c12417a449646d0cad5e53e038aa0"
+SRCREV_machine:qemuarm64 ?= "e4153b3c5bff6c503990c35826d84a034d2d7a33"
+SRCREV_machine:qemuloongarch64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemumips ?= "d5da07b097555f20280b2484da875c93f1494d48"
+SRCREV_machine:qemuppc ?= "9434ddc68ebc90e9336d4cc6f642aa82c0da023c"
+SRCREV_machine:qemuriscv64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemuriscv32 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemux86 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemux86-64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemumips64 ?= "e6f498c7aa6909c17b90b50267d1577ddc19c0d6"
+SRCREV_machine ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "7a137e9bfa0e1919555d60f9dc0c05a7a5ba75d0"
+SRCREV_machine:class-devupstream ?= "4fc00fe35d46b4fc8dac2eb543a0e3d44bb15f47"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.127"
+LINUX_VERSION ?= "6.6.129"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 29/41] linux-yocto/6.6: update to v6.6.130
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (27 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 28/41] linux-yocto/6.6: update to v6.6.129 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 30/41] linux-yocto/6.6: update to v6.6.132 Yoann Congal
` (11 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
c09fbcd31ae6 Linux 6.6.130
1dacf6b3718a xen/privcmd: add boot control for restricted usage in domU
1879319d790f xen/privcmd: restrict usage in unprivileged domU
2cf5eff223fc tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure
c1bfc25d62d8 lib/bootconfig: check xbc_init_node() return in override path
df1f4a7d9cf6 drm/i915/gt: Check set_default_submission() before deferencing
b0158d9d6f4e ksmbd: fix use-after-free in durable v2 replay of active file handles
806f13752652 ksmbd: fix use-after-free of share_conf in compound request
87158a633e9a drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr()
6ec8f8ebd023 mtd: rawnand: brcmnand: skip DMA during panic write
a80291e577b4 mtd: rawnand: serialize lock/unlock against other NAND operations
69aece634a7e i2c: cp2615: fix serial string NULL-deref at probe
2aeb380c731f i2c: cp2615: replace deprecated strncpy with strscpy
7864c667aed0 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
c51957601d32 x86/platform/uv: Handle deconfigured sockets
197fc4dda1c0 i2c: pxa: defer reset on Armada 3700 when recovery is used
c40387488be0 i2c: fsi: Fix a potential leak in fsi_i2c_probe()
994b301a217f USB: serial: f81232: fix incomplete serial port generation
2124d82fd25e Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
eec4d5758f33 drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug
5b0578a9a9ec hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit()
5fcef2e370f3 hwmon: (pmbus/mp2975) Add error check for pmbus_read_word_data() return value
b61529c357f1 icmp: fix NULL pointer dereference in icmp_tag_validation()
1a0c3c7b5b14 net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths
ff0c54f088f7 net: mvpp2: guard flow control update with global_tx_fc in buffer switching
224f4678812e nfnetlink_osf: validate individual option lengths in fingerprints
adee3436ccd2 netfilter: nf_tables: release flowtable after rcu grace period on error
d016c216bc75 netfilter: bpf: defer hook memory release until rcu readers are done
0a3f8cd3f370 net: bonding: fix NULL deref in bond_debug_rlb_hash_show
a05a2149386f udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
3dffc083292e net/mlx5e: Fix race condition during IPSec ESN update
99aaee927800 net/mlx5e: Prevent concurrent access to IPSec ASO context
7712b5ff6967 net/mlx5: qos: Restrict RTNL area to avoid a lock cycle
5da8009be419 net: macb: fix uninitialized rx_fs_lock
edf4c2aaee08 ACPI: processor: Fix previous acpi_processor_errata_piix4() fix
a6dc74209462 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
0a4da176ae4b wifi: mac80211: fix NULL deref in mesh_matches_local()
58f74dc73d1b iavf: fix VLAN filter lost on add/delete race
fb602ed4b19e igc: fix missing update of skb->tail in igc_xmit_frame()
4de6a43e8ecf net: usb: aqc111: Do not perform PM inside suspend callback
a73d95b57bf9 clsact: Fix use-after-free in init/destroy rollback asymmetry
125f932a76a9 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
f1c7701d3ac9 net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
21c89a0a8de7 net/sched: teql: Fix double-free in teql_master_xmit
f00fc26c8a06 net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()
39f2d86f2ddd PM: runtime: Fix a race condition related to device removal
fd8278ffba49 sched: idle: Consolidate the handling of two special cases
249e90557158 net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown
fcdf56bbdade net: bcmgenet: increase WoL poll timeout
f5e4f4e4cdb7 netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
262beb78e95e netfilter: xt_time: use unsigned int for monthday bit shift
63b8097cea19 netfilter: xt_CT: drop pending enqueued packets on template removal
e68a8db3a054 netfilter: nft_ct: drop pending enqueued packets on removal
b477ef7fa612 netfilter: nft_ct: add seqadj extension for natted connections
52235bf88159 netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case
528b4509c9df netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()
f04cc86d5990 netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()
9e5021a90653 netfilter: ctnetlink: remove refcounting in expectation dumpers
a75d3be96d70 mpls: add missing unregister_netdevice_notifier to mpls_init
0c9fb70a206a net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
e160b869b0a8 Bluetooth: qca: fix ROM version reading on WCN3998 chips
11a87dd5df42 Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user
45ebe5b90020 Bluetooth: HIDP: Fix possible UAF
f35209cf4826 Bluetooth: hci_sync: Fix hci_le_create_conn_sync
2d3deaa162a7 Bluetooth: ISO: Fix defer tests being unstable
e7899dc538f3 Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy
c02860835673 Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU
b5c20c899246 Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU
d30acb4ecbe2 firmware: arm_scpi: Fix device_node reference leak in probe path
37e776e2e0a5 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
256f7d4c1123 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.
d21923a8059f soc: fsl: qbman: fix race condition in qman_destroy_fq
d0a466caf4ac cache: ax45mp: Fix device node reference leak in ax45mp_cache_init()
ccb2262681d6 btrfs: tree-checker: fix misleading root drop_level error message
56e72c8b02d9 btrfs: log new dentries when logging parent dir of a conflicting inode
df656e45774f drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END}
9085ad02eff0 drm/amdgpu: apply state adjust rules to some additional HAINAN vairants
41b0edc1be8d drm/radeon: apply state adjust rules to some additional HAINAN vairants
2a28ad57d12e drm/amdgpu/mmhub3.0: add bounds checking for cid
46411902afd1 drm/amdgpu/mmhub3.0.2: add bounds checking for cid
0fabdcd12c29 drm/amdgpu/mmhub3.0.1: add bounds checking for cid
6b257be5d3ad drm/amdgpu/mmhub2.3: add bounds checking for cid
aa3c80150b0e drm/amdgpu/mmhub2.0: add bounds checking for cid
9f41b9f82ecf drm/amdgpu/gmc9.0: add bounds checking for cid
447f2c6ef11c serial: uartlite: fix PM runtime usage count underflow on probe
59e13f1c9a8c serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY
d2719a0a9c34 serial: 8250: Fix TX deadlock when using DMA
092cb022a454 serial: 8250_pci: add support for the AX99100
85654456e394 iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry
d8570211a2b1 mtd: Avoid boot crash in RedBoot partition table parser
2a79fd98b961 mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init()
d55ff6f213be mtd: rawnand: pl353: make sure optimal timings are applied
f13100b1f5f1 spi: fix statistics allocation
6bbd385b30c7 spi: fix use-after-free on controller registration failure
9443202d9138 pmdomain: bcm: bcm2835-power: Increase ASB control timeout
4ada013fd7da mmc: sdhci: fix timing selection for 1-bit bus width
451816d430b3 mmc: sdhci-pci-gli: fix GL9750 DMA write corruption
0c5026178856 net: macb: Reinitialize tx/rx queue pointer registers and rx ring during resume
fbbd4c07a537 net: macb: Introduce gem_init_rx_ring()
2fd0bdd49e57 net: macb: queue tie-off or disable during WOL suspend
8afb437ea1f7 nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
1ada20331f2d batman-adv: avoid OGM aggregation when skb tailroom is insufficient
fc77e0a5600e iio: light: bh1780: fix PM runtime leak on error path
64ad49597d14 btrfs: fix transaction abort on file creation due to name hash collision
b19c0465e4da btrfs: fix transaction abort on set received ioctl due to item overflow
6bce705b699c btrfs: fix transaction abort when snapshotting received subvolumes
3f04f871a1d4 kprobes: Remove unneeded warnings from __arm_kprobe_ftrace()
61cfa81f19b9 kprobes: Remove unneeded goto
6ebef4a220a1 ksmbd: unset conn->binding on failed binding request
9229709ec8bf smb: client: fix krb5 mount with username option
807bd1258453 Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access
dd3b221e2107 Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
935c716be860 parisc: Flush correct cache in cacheflush() syscall
5653af416a48 net: macb: fix use-after-free access to PTP clock
70662874f646 NFC: nxp-nci: allow GPIOs to sleep
67f2796354bf LoongArch: Give more information if kmem access failed
e48bf8f1d2b1 nvdimm/bus: Fix potential use after free in asynchronous initialization
41f6ba6c98a6 sunrpc: fix cache_request leak in cache_release
d1a19217995d NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd
439a6728ec46 io_uring/kbuf: check if target buffer list is still legacy on recycle
d77401968c78 mm/mempolicy: fix wrong mmap_read_unlock() in migrate_to_node()
8e7715193e5a s390/zcrypt: Enable AUTOSEL_DOM for CCA serialnr sysfs attribute
2c5c0f4dc8cc s390/stackleak: Fix __stackleak_poison() inline assembly constraint
3e0619a2a61b s390/xor: Fix xor_xc_2() inline assembly constraints
1b3ff4d88b50 mptcp: pm: in-kernel: always set ID as avail when rm endp
268fd5502281 net: stmmac: remove support for lpi_intr_o
fbab8c08e1a6 binfmt_misc: restore write access before closing files opened by open_exec()
8c1befea57db sched/fair: Fix pelt clock sync when entering idle
d1365d2abfaf f2fs: zone: fix to avoid inconsistence in between SIT and SSA
3da45ec1e485 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
8af210df4f71 platform/x86/amd/pmc: Add support for Van Gogh SoC
9c05cd8f4232 x86/uprobes: Fix XOL allocation failure for 32-bit tasks
1b24d3e8792b drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
2e147aa3169b drm/exynos: vidi: fix to avoid directly dereferencing user pointer
21ca24ba51a2 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
e1903358b215 drm/amdgpu: Add basic validation for RAS header
ce63943f9bce l2tp: do not use sock_hold() in pppol2tp_session_get_sock()
da249eb3206c drm/amd/pm: Use pm_display_cfg in legacy DPM (v2)
b3367ee3e557 drm/amd/display: Add pixel_clock to amd_pp_display_configuration
ec2b34acb189 net: dsa: properly keep track of conduit reference
0643aa246819 bpf: Forget ranges when refining tnum after JSET
2cbef9ea5a0a net: fix segmentation of forwarding fraglist GRO
e19201b0c67d net: gso: fix tcp fraglist segmentation after pull from frag_list
1f2b859225eb net: add support for segmenting TCP fraglist GSO packets
9b03768037d9 tracing: Add recursion protection in kernel stack trace recording
eba0c75670c0 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
33743ec6679a riscv: Sanitize syscall table indexing under speculation
4357e02cafab btrfs: do not strictly require dirty metadata threshold for metadata writepages
bfc717be833f iomap: allocate s_dio_done_wq for async reads as well
a426f29ac3fa rxrpc: Fix data-race warning and potential load/store tearing
fc3454a20bef x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler
03c29d6d3719 x86/sev: Harden #VC instruction emulation somewhat
f69fec628756 ipv6: use RCU in ip6_xmit()
897d9006e75f dm-verity: disable recursive forward error correction
0464bf75590d rxrpc: Fix recvmsg() unconditional requeue
1b0edd6022a3 ext4: always allocate blocks only from groups inode can use
90336fc3d6f5 eth: bnxt: always recalculate features after XDP clearing, fix null-deref
1e3769aa0946 usb: typec: ucsi: Move unregister out of atomic section
c57387d447a2 pNFS: Fix a deadlock when returning a delegation during open()
a4810f8beb01 NFS: Fix a deadlock involving nfs_release_folio()
1562138b9cab nfs: pass explicit offset/count to trace events
815db2363e51 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
64d8abd8c530 btrfs: fix NULL dereference on root when tracing inode eviction
54322d95309d arm64: mm: Don't remap pgtables for allocate vs populate
6a36c8e88af7 arm64: mm: Batch dsb and isb when populating pgtables
37413d064396 arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
7d115eb231a6 net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz
9dcd86cb22e1 btrfs: always fallback to buffered write if the inode requires checksum
dbc4e10619ed ext4: fix dirtyclusters double decrement on fs shutdown
db489778e6f2 f2fs: fix to avoid migrating empty section
5d305a95130a net/tcp-md5: Fix MAC comparison to be constant-time
307afccb751f ksmbd: Compare MACs in constant time
946054b773ed smb: client: Compare MACs in constant time
26a29582980b xfs: ensure dquot item is deleted from AIL only after log shutdown
50c0e03072fc xfs: fix integer overflow in bmap intent sort comparator
2bfc83cee05f crypto: atmel-sha204a - Fix OOM ->tfm_count leak
0629a1a187e4 cifs: open files should not hold ref on superblock
0a47c3889fcd net: macb: Shuffle the tx ring before enabling tx
0bc70491e466 drm/bridge: ti-sn65dsi83: halve horizontal syncs for dual LVDS output
920467466d2d drm/msm: Fix dma_free_attrs() buffer size
fec5c70b82af ksmbd: Don't log keys in SMB3 signing and encryption key generation
d1cdf0c63947 iomap: reject delalloc mappings during writeback
0ba544dacec2 mm/kfence: fix KASAN hardware tag faults during late enablement
816fa1dfae45 KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
5d1e72015b90 KVM: SVM: Add a helper to look up the max physical ID for AVIC
32ca7117e153 KVM: SVM: Limit AVIC physical max index based on configured max_vcpu_ids
d146f2775804 usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling
c24c06ed1849 can: gs_usb: gs_can_open(): always configure bitrates before starting device
dfc314d7c767 net/sched: act_gate: snapshot parameters with RCU on replace
0be8c9627556 kbuild: Leave objtool binary around with 'make clean'
2d53b863b401 selftests: mptcp: join: check RM_ADDR not sent over same subflow
1ec68e2096ef selftests: mptcp: add a check for 'add_addr_accepted'
05799c2f1ca5 mptcp: pm: in-kernel: always mark signal+subflow endp as used
a29641dc1267 mptcp: pm: avoid sending RM_ADDR over same subflow
7f3b7dc8c6ca drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink
c33523b8fd2d net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
71511dae56a7 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
f9f1660b7ffc x86/sev: Allow IBPB-on-Entry feature for SNP guests
c8ddb2d30d03 platform/x86: hp-bioscfg: Support allocations of larger data
3c5c818c78b0 wifi: libertas: fix use-after-free in lbs_free_adapter()
cf29329a13df ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths
ca049ef5c8c7 gve: defer interrupt enabling until NAPI registration
212b9632718c drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD
3161ae587816 i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor
0911fd8e400e i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort
dcd66a0c0388 i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors
5c485bc32551 iio: imu: inv_icm42600: fix odr switch to the same value
27c324ef1638 iio: gyro: mpu3050-i2c: fix pm_runtime error handling
2a86a396aa00 iio: gyro: mpu3050-core: fix pm_runtime error handling
10ea2df061f3 iio: buffer: Fix wait_queue not being removed
dd7b7093bb77 iio: chemical: bme680: Fix measurement wait duration calculation
342e5f67fb99 iio: potentiometer: mcp4131: fix double application of wiper shift
dcdf1e92674e iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()
5a3952ba82f8 iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas()
fa87bb35b917 iio: frequency: adf4377: Fix duplicated soft reset mask
8f9fca12f2f3 iio: dac: ds4424: reject -128 RAW value
fa6fd9aec721 btrfs: abort transaction on failure to update root in the received subvol ioctl
40f7c69eb00d smb: client: fix iface port assignment in parse_server_interfaces
438e77435aee smb: client: fix in-place encryption corruption in SMB2_write()
dcd1f1321034 smb: client: fix atomic open with O_DIRECT & O_SYNC
2ca6bdf449b1 lib/bootconfig: check bounds before writing in __xbc_open_brace()
bbdb80f29ee9 lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after()
f59193807211 x86/apic: Disable x2apic on resume if the kernel expects so
35e3ec8e589b scsi: core: Fix error handling for scsi_alloc_sdev()
cc7d44c59ea5 lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error
b373ff56ed2d s390/dasd: Copy detected format information to secondary device
3a67baa8eec4 s390/dasd: Move quiesce state with pprc swap
41e91dff2d39 xfs: fix undersized l_iclog_roundoff values
eaaaa3abbb20 cifs: make default value of retrans as zero
e9311e199ac6 tracing: Fix trace_buf_size= cmdline parameter with sizes >= 2G
aeb7255531ba drm/i915: Fix potential overflow of shmem scatterlist length
624f991cac21 drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding
2550d63cc350 drm/amd: Set num IP blocks to 0 if discovery fails
c658c1c85ec2 drm/amdgpu: Fix use-after-free race in VM acquire
3704ac6a0d9a net: dsa: microchip: Fix error path in PTP IRQ setup
81431da77792 net: ethernet: arc: emac: quiesce interrupts before requesting IRQ
599625881978 net: ncsi: fix skb leak in error paths
302fef75512b ksmbd: fix use-after-free by using call_rcu() for oplock_info
b720c84087cb smb: server: fix use-after-free in smb2_open()
bf4d66d72e4a ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
d156b1c24f72 pmdomain: bcm: bcm2835-power: Fix broken reset status read
57e35502faa9 parisc: Check kernel mapping earlier at bootup
344fde7a3dc0 parisc: Fix initial page table creation for boot
52db5ef163c9 hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
7003352d4327 arm64: mm: Add PTE_DIRTY back to PAGE_KERNEL* to fix kexec/hibernation
fad178ae8949 nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
5699359529c6 parisc: Increase initial mapping to 64 MB with KALLSYMS
f3ca45673dab batman-adv: Avoid double-rtnl_lock ELP metric worker
422b4524320c tracing: Fix syscall events activation by ensuring refcount hits zero
9298b0806923 ice: fix retry for AQ command 0x06EE
5138cd978bab net: mana: Ring doorbell at 4 CQ wraparounds
1a6da3dbb998 media: dvb-net: fix OOB access in ULE extension header tables
768f25613a9f staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie
740bca8bbdb7 staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()
627cf4d1f0ea ixgbevf: fix link setup issue
aac3ac27e6da ice: reintroduce retry mechanism for indirect AQ
1fc8c3a0d249 irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports
3cfdf8d27b66 device property: Allow secondary lookup in fwnode_get_next_child_node()
54f2f0591216 drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
98310fe3a2a7 drm/bridge: samsung-dsim: Fix memory leak in error path
f3333543326c Revert "tcpm: allow looking for role_sw device in the main node"
70c78429ef38 scsi: hisi_sas: Fix NULL pointer exception during user_scan()
8be15087d037 scsi: hisi_sas: Use macro instead of magic number
228c626df8d5 scsi: hisi_sas: Add time interval between two H2D FIS following soft reset spec
a6a894413b04 scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend
069307ae8cb9 i3c: dw-i3c-master: Set SIR_REJECT in DAT on device attach and reattach
7d86de3847c5 time/jiffies: Mark jiffies_64_to_clock_t() notrace
657dc653b06a ceph: fix memory leaks in ceph_mdsc_build_path()
b3f5513141ec ceph: fix i_nlink underrun during async unlink
59c7bf668c20 libceph: admit message frames only in CEPH_CON_S_OPEN state
5f2806684b05 libceph: Use u32 for non-negative values in ceph_monmap_decode()
50156622eb08 libceph: prevent potential out-of-bounds reads in process_message_header()
3e2e36e9b9f3 libceph: reject preamble if control segment is empty
8bb87547e92d libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
8b6767e4141b kprobes: avoid crash when rmmod/insmod after ftrace killed
a360d3815aae tipc: fix divide-by-zero in tipc_sk_filter_connect()
a8e9cab16771 ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start
270277c2ab63 mmc: core: Avoid bitfield RMW for claim/retune flags
d8f20b282418 mm/kfence: disable KFENCE upon KASAN HW tags enablement
f36ab071abd0 mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index()
b88ce81232bb mm/tracing: rss_stat: ensure curr is false from kthread context
155f471e38aa usb: image: mdc800: kill download URB on timeout
e7b3d154eb08 usb: mdc800: handle signal and read racing
9c6159d5b72d usb: renesas_usbhs: fix use-after-free in ISR during device removal
4ee3062bf2c9 usb: class: cdc-wdm: fix reordering issue in read code path
659c0c7d50a4 USB: core: Limit the length of unkillable synchronous timeouts
39bd4097292f USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts
fc26e98b6cb8 USB: usbcore: Introduce usb_bulk_msg_killable()
2872b67951fe usb: roles: get usb role switch from parent only for usb-b-connector
52950203880b usb: cdc-acm: Restore CAP_BRK functionnality to CH343
24aa4caf7f95 usb: core: don't power off roothub PHYs if phy_set_mode() fails
19ef3da0a82d usb: misc: uss720: properly clean up reference in uss720_probe()
f1c8b8183abc usb: dwc3: pci: add support for the Intel Nova Lake -H
939e3d17b843 usb: yurex: fix race in probe
b2dd9abf8c06 usb: xhci: Prevent interrupt storm on host controller error (HCE)
2e2baa8fb5aa usb: xhci: Fix memory leak in xhci_disable_slot()
2f2418efd495 USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed
9105f4d74762 usb/core/quirks: Add Huawei ME906S-device to wakeup quirk
551f82df759c USB: add QUIRK_NO_BOS for video capture several devices
ad4394f269dc KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC
22bd6fea06bc ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA
af834b026bfc net: usb: lan78xx: skip LTM configuration for LAN7850
2aaf0a7be0b8 net: usb: lan78xx: fix TX byte statistics for small packets
e94d81319259 net: usb: lan78xx: fix silent drop of packets with checksum errors
c5c5a6c53cf3 ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces
629cf09464cf ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()
3dfd1328c052 cgroup: fix race between task migration and iteration
343d4b4a21a5 Revert "arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on"
ce0caaed5940 usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()
3e2f1628faa3 octeontx2-af: devlink: fix NIX RAS reporter to use RAS interrupt status
e4a4ca0b69c5 octeontx2-af: devlink health: use retained error fmsg API
fa3183e7c748 octeontx2-af: devlink: fix NIX RAS reporter recovery condition
cf6099ef493b net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled
764039ff6515 ASoC: detect empty DMI strings
35c7624d30cb ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition
e15b56da10b5 ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address()
0a1fc25deaba e1000/e1000e: Fix leak in DMA error cleanup
e611b36efca1 i40e: fix src IP mask checks and memcpy argument names in cloud filter
628773eba024 nvme-pci: Fix race bug in nvme_poll_irqdisable()
83e6edd63583 nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set
f691272c3e8c sched: idle: Make skipping governor callbacks more consistent
ac8f2dfcecbd regulator: pca9450: Correct interrupt type
28986d1c093f regulator: pca9450: Make IRQ optional
540803559993 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
4a1f6ee69267 netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()
47b1c5d1b094 netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path
9b94f0e42ed2 netfilter: x_tables: guard option walkers against 1-byte tail reads
0a55d62cdb62 netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()
61243ff7e757 amd-xgbe: prevent CRC errors during RX adaptation with AN disabled
df65ae0f1330 amd-xgbe: fix link status handling in xgbe_rx_adaptation
86f5334fcb48 mctp: route: hold key->lock in mctp_flow_prepare_output()
a3a1ea5d1f8d can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value
d7900a43b0a3 mctp: i2c: fix skb memory leak in receive path
8460187b4852 serial: caif: hold tty->link reference in ldisc_open and ser_release
bba6c0806a8c net: sfp: improve Huawei MA5671a fixup
17f69ee2ed08 net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick
2369830617a5 net: sfp: improve Nokia GPON sfp fixup
783025a3babb net: sfp: re-implement ignoring the hardware TX_FAULT signal
d9744892b8ed ASoC: simple-card-utils: fix graph_util_is_ports0() for DT overlays
e03f8d141911 ASoC: simple-card-utils: use __free(device_node) for device node
317a9298c54b ASoC: soc-core: flush delayed work before removing DAIs and widgets
8b76136bd446 ASoC: soc-core: drop delayed_work_pending() check before flush
59b06d8b9bdb net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
383b37c04a48 net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery
957d2a58f7f8 net/mlx5: Fix deadlock between devlink lock and esw->wq
87db2efa8327 net/mlx5: Query to see if host PF is disabled
0e4dd5078b0c net/mlx5: IFC updates for disabled host PF
11762a893ffc bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states
43723dff1a59 drm/msm/dsi: fix pclk rate calculation for bonded dsi
7c370f2cb7fc drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations
c58dcaac49b6 net: dsa: realtek: rtl8365mb: remove ifOutDiscards from rx_packets
74c39a47856b xprtrdma: Decrement re_receiving on the early exit paths
2f91ef68d0ed smb/server: Fix another refcount leak in smb2_open()
fd4ff8c64639 powerpc: 83xx: km83xx: Fix keymile vendor prefix
a971ce3a39e5 remoteproc: mediatek: Unprepare SCP clock during system suspend
f3394234b849 remoteproc: sysmon: Correct subsys_name_len type in QMI request
80bc3c57dd32 powerpc/uaccess: Fix inline assembly for clang build on PPC32
9e5df7e19c44 ALSA: usb-audio: Check max frame size for implicit feedback mode, too
8d66e46ff0f4 ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0
32af15506450 scsi: ufs: core: Fix shift out of bounds when MAXQ=32
0614f5618c24 scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()
7b640a732689 ASoC: cs42l43: Report insert for exotic peripherals
f43a420065f0 ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table
80e35a0a8ab5 scsi: ses: Fix devices attaching to different hosts
486519660bd9 ACPI: OSI: Add DMI quirk for Acer Aspire One D255
b006c61a5d97 wifi: mac80211: set default WMM parameters on all links
d7963d6997fe unshare: fix unshare_fs() handling
7da755e0d02e scsi: mpi3mr: Add NULL checks when resetting request and reply queues
5bb47c03024e ACPI: PM: Save NVS memory on Lenovo G70-35
e7919a293f9b scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT
ae10787d955f apparmor: fix race between freeing data and fs accessing it
6ef1f2926c41 apparmor: fix race on rawdata dereference
f90e3ecd9e1e apparmor: fix differential encoding verification
17debf558602 apparmor: fix unprivileged local user can do privileged policy management
55ef2af7490a apparmor: Fix double free of ns_name in aa_replace_profiles()
7c7cf05e0606 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
5a184f7cbdea apparmor: fix side-effect bug in match_char() macro usage
3f8699b3ee0c apparmor: fix: limit the number of levels of policy namespaces
33959a491e9f apparmor: replace recursive profile removal with iterative approach
663ce34786e7 apparmor: fix memory leak in verify_header
07cf6320f40e apparmor: validate DFA start states are in bounds in unpack_pdb
7f4d6a5d3429 net: tcp: accept old ack during closing
5a110ddcc99b net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks
59c15b9cc453 tracing: Add NULL pointer check to trigger_data_free()
c7919c1c1d80 selftest/arm64: Fix sve2p1_sigill() to hwcap test
a0fb59f527d0 xdp: produce a warning when calculated tailroom is negative
d5f7daed130c i40e: use xdp.frame_sz as XDP RxQ info frag_size
7b9c0ee7fed9 i40e: fix registering XDP RxQ info
183f940bdf90 xsk: introduce helper to determine rxq->frag_size
8701504563fa xdp: use modulo operation to calculate XDP frag tailroom
5b1449301ca0 net/sched: act_ife: Fix metalist update behavior
b299121e7453 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
5f93e6b4d12b net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
a12cdaa3375f net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
29629dd7d373 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()
3cdb52d6eba0 net: stmmac: Fix error handling in VLAN add and delete paths
722a28b635ec nfc: rawsock: cancel tx_work before socket teardown
edc188322caa nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback
dcbcccfc5195 nfc: nci: free skb on nci_transceive early error paths
f7d8b5d649dd net: nfc: nci: Fix zero-length proprietary notifications
dbd58b0730aa net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
e42ff5abbd14 nvme: fix memory allocation in nvme_pr_read_keys()
be3b61ebcafe nvme: reject invalid pr_read_keys() num_keys values
5d53fe502ef4 drm/sched: Fix kernel-doc warning for drm_sched_job_done()
0c3dce09e8ef amd-xgbe: fix sleep while atomic on suspend/resume
581800298313 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
db93ff008d2e smb/client: fix buffer size for smb311_posix_qinfo in SMB311_posix_query_info()
99acd1ea3499 smb/client: fix buffer size for smb311_posix_qinfo in smb2_compound_op()
9b02c5c4147f bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
4bb55e430d82 bpf: export bpf_link_inc_not_zero.
39959a7d3efe xen/acpi-processor: fix _CST detection using undersized evaluation buffer
8babb2714033 net/rds: Fix circular locking dependency in rds_tcp_tune
11fc15378e87 indirect_call_wrapper: do not reevaluate function pointer
7ae7b093b7db wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
a6605f619131 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
aca4c9e4901b wifi: wlcore: Fix a locking bug
78bb63bbabb3 wifi: cw1200: Fix locking in error paths
3bf4ee25f051 octeon_ep: avoid compiler and IQ/OQ reordering
4818b80d20de octeon_ep: Relocate counter updates before NAPI
5c262bd0e393 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
f8db044a0a47 net: dsa: realtek: rtl8365mb: fix rtl8365mb_phy_ocp_write return value
14cecde3eb07 kunit: tool: copy caller args in run_kernel to prevent mutation
eb5632fae6a3 rust: kunit: fix warning when !CONFIG_PRINTK
b73832292cd9 can: mcp251x: fix deadlock in error path of mcp251x_open
70e951afad4c can: bcm: fix locking for bcm_op runtime updates
b4d1e6d27f93 amd-xgbe: fix MAC_TCR_SS register width for 2.5G and 10M speeds
622062f24644 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
c7becfe3e604 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
420bc92cc966 dpaa2-switch: do not clear any interrupts automatically
fb64be8e20dc xsk: Fix zero-copy AF_XDP fragment drop
5172adf9efb8 xsk: Fix fragment node deletion to prevent buffer leak
eb66c67b0847 xsk: s/free_list_node/list_node/
560c974b7ccd xsk: Get rid of xdp_buff_xsk::xskb_list_node
4e58b99c3c33 net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table
391396b5052d drm/solomon: Fix page start when updating rectangle in page addressing mode
352d940bcdbd drm/ssd130x: Replace .page_height field in device info with a constant
3327bb9d474d drm/ssd130x: Store the HW buffer in the driver-private CRTC state
be3079b7a328 drm/ssd130x: Use bool for ssd130x_deviceinfo flags
9328cc4e511c e1000e: clear DPG_EN after reset to avoid autonomous power-gating
337ecf555a4b hwmon: (it87) Check the it87_lock() return value
95b14ecc5688 pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()
cc06e3f73390 platform/x86: thinkpad_acpi: Fix errors reading battery thresholds
896449ad9053 pinctrl: equilibrium: fix warning trace on load
27fad3a507d6 pinctrl: equilibrium: rename irq_chip function callbacks
70cde1f24ffb hwmon: (aht10) Fix initialization commands for AHT20
166678027ad4 hwmon: (aht10) Add support for dht20
cc7f6f0a2666 ARM: clean up the memset64() C wrapper
ec312cb9bd97 selftests: mptcp: join: check removing signal+subflow endp
047de213219d selftests: mptcp: more stable simult_flows tests
7c01b680beaf scsi: core: Fix refcount leak for tagset_refcnt
3990f352bb0a smb: client: Don't log plaintext credentials in cifs_set_cifscreds
f65c92e81cb4 smb: client: fix broken multichannel with krb5+signing
874c47503e0f smb: client: fix cifs_pick_channel when channels are equally loaded
6f1d1614f841 drbd: fix null-pointer dereference on local read error
e91d8d6565b7 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
6b847d65f5b0 Squashfs: check metadata block offset is within range
e8ef82cb6443 scsi: target: Fix recursive locking in __configfs_open_file()
7dbffffd5761 net/sched: ets: fix divide by zero in the offload path
1b1fac4c7a3a RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
d0148965dbca IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
22a9adea7e26 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
650981e718e6 wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
fa18639deab4 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
129c8bb320a7 wifi: radiotap: reject radiotap with unknown bits
a0c6ae2ea845 ALSA: usb-audio: Use correct version for UAC3 header validation
cf48c2d1db3a platform/x86: dell-wmi: Add audio/mic mute key codes
411ba3cd837f platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
6a25e2527928 x86/efi: defer freeing of boot services memory
6e330889e6c8 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
888f164453f2 can: usb: f81604: handle bulk write errors properly
9b740ff5bc64 can: usb: f81604: handle short interrupt urb messages properly
f6e90c113c92 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
13b646eec3ba can: ucan: Fix infinite loop from zero-length messages
54ee74307165 can: usb: f81604: correctly anchor the urb in the read bulk callback
1818974e1b5e can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
7f8505c7ce3f net: usb: pegasus: validate USB endpoints
12c0243de0ae net: usb: kalmia: validate USB endpoints
72f90f481c6a net: usb: kaweth: validate USB endpoints
d1f6d20b3c26 nfc: pn533: properly drop the usb interface reference on disconnect
af050ab44fa1 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
5f8463e43720 eventpoll: Fix integer overflow in ep_loop_check_proc()
1b3ae721257e drm/amdgpu: keep vga memory on MacBooks with switchable graphics
aa7f9ef72eae drm/amd: Drop special case for yellow carp without discovery
4b4eee6d0c00 net: arcnet: com20020-pci: fix support for 2.5Mbit cards
efc159492b5c ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314
f3cb23e1fcf3 hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race
020bfaac6cb4 ALSA: hda/conexant: Add quirk for HP ZBook Studio G4
c676ab65519c drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected()
d637f6ec149f usb: cdns3: fix role switching during resume
3de5fd27af5b usb: cdns3: call cdns_power_is_lost() only once in cdns_resume()
3097fb95e244 usb: cdns3: remove redundant if branch
7b900a94d716 clk: tegra: tegra124-emc: fix device leak on set_rate()
8acf534d5a58 arm64: dts: rockchip: Fix rk356x PCIe range mappings
3469112edc5c mfd: omap-usb-host: Fix OF populate on driver rebind
1d4ea57730bf mfd: omap-usb-host: Convert to platform remove callback returning void
59b76ae68764 mfd: qcom-pm8xxx: Fix OF populate on driver rebind
a97ff3b70ff5 mfd: qcom-pm8xxx: Convert to platform remove callback returning void
57e83bfbe1e4 ext4: fix e4b bitmap inconsistency reports
e33256b2f927 ext4: convert bd_buddy_page to bd_buddy_folio
ccab2af6c19f ext4: convert bd_bitmap_page to bd_bitmap_folio
ceee57fd7207 ext4: delete redundant calculations in ext4_mb_get_buddy_page_lock()
31c4c67dec33 mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
c42ffd816c0f mailbox: Allow controller specific mapping using fwnode
cfdb216691ec mailbox: Use guard/scoped_guard for con_mutex
bef5ecf09d70 mailbox: Use dev_err when there is error
5e99cbdfcd15 mailbox: remove unused header files
235359afbe0a mailbox: sort headers alphabetically
97b60acdca6f mailbox: don't protect of_parse_phandle_with_args with con_mutex
49ada773c180 mailbox: Use of_property_match_string() instead of open-coding
dc7c9b9d03a5 ext4: drop extent cache when splitting extent fails
f0931a5c1700 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
67cdb7bd7442 ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O
11406eb96a19 ext4: correct the comments place for EXT4_EXT_MAY_ZEROOUT
ed0096fc86b2 ext4: get rid of ppath in ext4_ext_handle_unwritten_extents()
d7b04ea31c6e ext4: get rid of ppath in ext4_ext_convert_to_initialized()
c24ce099bea9 ext4: get rid of ppath in ext4_convert_unwritten_extents_endio()
147a6a2725b1 ext4: get rid of ppath in ext4_split_convert_extents()
cda8a34348d7 ext4: get rid of ppath in ext4_split_extent()
58ddae5d77b1 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1
e766534911b3 ext4: subdivide EXT4_EXT_DATA_VALID1
ffb68fc57207 ext4: get rid of ppath in ext4_split_extent_at()
fb138df7d886 ext4: get rid of ppath in ext4_ext_insert_extent()
8f6e910852d8 ext4: get rid of ppath in ext4_ext_create_new_leaf()
cafb151eb180 ext4: get rid of ppath in ext4_find_extent()
a4a7024448ab bus: omap-ocp2scp: fix OF populate on driver rebind
e4be2bd01a76 bus: omap-ocp2scp: Convert to platform remove callback returning void
43bb0a265b26 drm/tegra: dsi: fix device leak on probe
ec3be7dc9391 KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
5e8bf325ed12 KVM: x86: WARN if a vCPU gets a valid wakeup that KVM can't yet inject
ca921be7a117 media: tegra-video: Fix memory leak in __tegra_channel_try_format()
7a9c901edcaf media: tegra-video: Use accessors for pad config 'try_*' fields
32a1889f7bb0 KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR
469a8a038d8b KVM: x86: Rename KVM_MSR_RET_INVALID to KVM_MSR_RET_UNSUPPORTED
626ccc6daa7a KVM: x86: Fix KVM_GET_MSRS stack info leak
fa0e278a1230 PCI: Use resource_set_range() that correctly sets ->end
ffe8617e2e5b resource: Add resource set range and size helpers
fffdb0fece19 PCI: Use resource names in PCI log messages
bc440d87e655 PCI: Update BAR # and window messages
b9eccd59697f memory: mtk-smi: fix device leak on larb probe
b16599fedf49 memory: mtk-smi: fix device leaks on common probe
646ac65db6c1 memory: mtk-smi: Convert to platform remove callback returning void
5f5997339cf0 PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value
8a95fb9df110 bpf: Fix stack-out-of-bounds write in devmap
dfe079bb6ab3 btrfs: fix compat mask in error messages in btrfs_check_features()
a1b82706c233 btrfs: fix warning in scrub_verify_one_metadata()
6eac621b2deb btrfs: fix objectid value in error message in check_extent_data_ref()
ad567ccfd90c btrfs: fix incorrect key offset in error message in check_dev_extent_item()
ab69bf6f8970 btrfs: add support for inserting raid stripe extents
cbca08a23773 btrfs: read raid stripe tree from disk
fff272a83847 btrfs: add raid stripe tree definitions
9895ddc5efec btrfs: move btrfs_extref_hash into inode-item.h
d928f8aec88d btrfs: remove btrfs_crc32c wrapper
971658d3932b btrfs: move btrfs_crc32c_final into free-space-cache.c
37fc52528383 ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put()
996d43a72d11 ALSA: pci: hda: use snd_kcontrol_chip()
4f8d58123378 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
949e15a8dbde ALSA: usb-audio: Use inclusive terms
6ec99e9c90f4 ALSA: usb-audio: Cap the packet size pre-calculations
133c3f3dde72 scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume
0990188985f5 rseq: Clarify rseq registration rseq_size bound check comment
7b2c39f7bada ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices
8b00427317ba scsi: pm8001: Fix use-after-free in pm8001_queue_command()
be4c63507aca scsi: lpfc: Properly set WC for DPP mapping
2edbd1733091 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
0bd326dffd9e drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
7e55d0788b36 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
2106a0153b5d drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 8250679ed0f..ae78c91f64c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "8751b899ea5af349e8570e8985365290efa5e7d6"
-SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
+SRCREV_machine ?= "aa09ac001c2f96bd4ba32ba47e84e02db0f6ceed"
+SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.129"
+LINUX_VERSION ?= "6.6.130"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index bd4a10b5640..0bc45ffd642 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.129"
+LINUX_VERSION ?= "6.6.130"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "d82c6cc64c037058c6bfd630f2d2604a38684c7d"
-SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
+SRCREV_machine ?= "2bf97eeefd96e27a2195cb4757c13110e92afcc6"
+SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 58a72979c53..ce599405446 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "539bf858552c12417a449646d0cad5e53e038aa0"
-SRCREV_machine:qemuarm64 ?= "e4153b3c5bff6c503990c35826d84a034d2d7a33"
-SRCREV_machine:qemuloongarch64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemumips ?= "d5da07b097555f20280b2484da875c93f1494d48"
-SRCREV_machine:qemuppc ?= "9434ddc68ebc90e9336d4cc6f642aa82c0da023c"
-SRCREV_machine:qemuriscv64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemuriscv32 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemux86 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemux86-64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemumips64 ?= "e6f498c7aa6909c17b90b50267d1577ddc19c0d6"
-SRCREV_machine ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
+SRCREV_machine:qemuarm ?= "b4e8a23613e117b5803dae49e8d4d562c37bd8a3"
+SRCREV_machine:qemuarm64 ?= "236dabe34ed663918803f17cbda90a1d6ac39922"
+SRCREV_machine:qemuloongarch64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemumips ?= "8022cb3ada420a7a3508dcd0a00e7367a0b08e52"
+SRCREV_machine:qemuppc ?= "77817988bcc71ba230e44d14e2d1c66837543dc9"
+SRCREV_machine:qemuriscv64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemuriscv32 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemux86 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemux86-64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemumips64 ?= "7ffb3cfb496703be3c0951bf54eb6ce69fdd1a1e"
+SRCREV_machine ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "4fc00fe35d46b4fc8dac2eb543a0e3d44bb15f47"
+SRCREV_machine:class-devupstream ?= "c09fbcd31ae6d71e7c69545839bec92d8e15c13b"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.129"
+LINUX_VERSION ?= "6.6.130"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 30/41] linux-yocto/6.6: update to v6.6.132
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (28 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 29/41] linux-yocto/6.6: update to v6.6.130 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 31/41] linux-yocto/6.6: update to v6.6.134 Yoann Congal
` (10 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
08667c1437c07 Linux 6.6.132
866c39b567bde Revert "rust: pin-init: add references to previously initialized fields"
e7ccb57fe7164 Revert "rust: pin-init: internal: init: document load-bearing fact of field accessors"
29242a6238213 Linux 6.6.131
e10af36ac3f7b tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses.
de7c0c04ad868 futex: Clear stale exiting pointer in futex_lock_pi() retry path
37cf97e37498a dmaengine: idxd: Fix freeing the allocated ida too late
509ff03a3f188 dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API
e3387416ad6b2 btrfs: fix lost error when running device stats on multiple devices fs
94054ffd311a1 btrfs: fix leak of kobject name for sub-group space_info
1ddab07bf2ed5 btrfs: fix super block offset in error message in btrfs_validate_super()
5a0538380d29e dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA
ab4a8624b999a dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction
26271695302c8 dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA
a3142cc1581a5 dmaengine: xilinx: xilinx_dma: Fix dma_device directions
4b6e1da50b22e dmaengine: xilinx: xdma: Fix regmap init error handling
afc39537cddcb dmaengine: dw-edma: Fix multiple times setting of the CYCLE_STATE and CYCLE_BIT bits for HDMA.
5893ae3b4591b phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types()
54d77cc0c40ca dmaengine: idxd: Fix memory leak when a wq is reset
2bb9e9e93adff dmaengine: idxd: Fix not releasing workqueue on .release()
cfadf46a67b68 erofs: fix "BUG: Bad page state in z_erofs_do_read_page"
75669e987137f xfs: save ailp before dropping the AIL lock in push callbacks
7121b22b0bac8 xfs: avoid dereferencing log items after push callbacks
aba546061341b mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
2efbc838a26d3 nvme: fix admin queue leak on controller reset
5a1e865e51063 xattr: switch to CLASS(fd)
bb42e9627aa92 libbpf: Fix -Wdiscarded-qualifiers under C23
4913592a3358f gfs2: Fix unlikely race in gdlm_put_lock
8c93e73af8563 mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode
8cdc84415a4d2 mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode
0890fba6129dc rust: pin-init: internal: init: document load-bearing fact of field accessors
c28fc9b0dbc7a rust: pin-init: add references to previously initialized fields
ef41a85a55022 tracing: Fix potential deadlock in cpu hotplug with osnoise
5a9f33294cc04 tracing: Switch trace_osnoise.c code over to use guard() and __free()
c9b95ef6f5039 ksmbd: fix memory leaks and NULL deref in smb2_lock()
9e785f004cbc5 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
d3c4458707e70 powerpc64/bpf: do not increment tailcall count when prog is NULL
d419788a834f7 arm64: dts: imx8mn-tqma8mqnl: fix LDO5 power off
1c82f863f090a ext4: always drain queued discard work in ext4_mb_release()
ca99cbcc316cd ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths
c84c0272e0b66 ext4: fix the might_sleep() warnings in kvfree()
9449f99ba04f5 ext4: fix use-after-free in update_super_work when racing with umount
b77de3fceafbb ext4: reject mount if bigalloc with s_first_data_block != 0
2d31a5073f86a ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()
ecc50bfca9b5c ext4: avoid infinite loops caused by residual data
65c6c30ce6362 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
df3cecfc5036f ext4: make recently_deleted() properly work with lazy itable initialization
2b7bf66a09873 ext4: fix fsync(2) for nojournal mode
850e68a1d3b06 ext4: fix stale xarray tags after writeback
699bac4d4c951 ext4: convert inline data to extents when truncate exceeds inline size
17c21b951e87c ext4: fix journal credit check when setting fscrypt context
813f372a3b8aa xfs: fix ri_total validation in xlog_recover_attri_commit_pass2
d38135af04a3a xfs: stop reclaim before pushing AIL during unmount
f458dceaa6a35 LoongArch: Workaround LS2K/LS7A GPU DMA hang bug
ebf6860ef7093 dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock
79c4796b2711e dmaengine: sh: rz-dmac: Protect the driver specific lists
75552b2c17124 irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment
d536a00f1b451 jbd2: gracefully abort on checkpointing state corruptions
fd28c56186991 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
78c8b090a3d5c net: macb: Use dev_consume_skb_any() to free TX SKBs
d20d3eedbd04e scsi: ses: Handle positive SCSI error from ses_recv_diag()
4ed727e35b0ab scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
c9e137c26cd45 alarmtimer: Fix argument order in alarm_timer_forward()
5c8ecdcfbfb0b erofs: add GFP_NOIO in the bio completion if needed
a58d298a83a3a s390/entry: Scrub r12 register on kernel entry
fedd2e1630cac virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
1a0d9083c24fb media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
ebdd28353b958 hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible()
7c0666a26b290 hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature
844a18493173f hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes
d4f4364974460 KVM: arm64: Discard PC update state on vcpu reset
501559fbe2097 platform/x86: ISST: Correct locked bit width
2e2c7a6b2958e cpufreq: conservative: Reset requested_freq on limits change
cb3d6efa78460 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
54ecdf76a55e7 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
9e7f353710f85 ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload
a2842de6856a7 ALSA: firewire-lib: fix uninitialized local variable
6fafc4c4238e5 ksmbd: do not expire session on binding failure
358cdaa1f7fbf ksmbd: fix potencial OOB in get_file_all_info() for compound requests
c3a89e3ec1ccf ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
a11911d94c032 s390/barrier: Make array_index_mask_nospec() __always_inline
7a5260fbc6e79 s390/syscalls: Add spectre boundary for syscall dispatch table
adb25339b6611 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
ffd860907d0cb ASoC: adau1372: Fix clock leak on PLL lock failure
94577b2e936f0 ASoC: adau1372: Fix unchecked clk_prepare_enable() return value
227b7e14ae408 sysctl: fix uninitialized variable in proc_do_large_bitmap
6ec394998c42a hwmon: (adm1177) fix sysfs ABI violation and current unit conversion
e23602eb07797 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
9c886e63b6965 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
d997deaa7de36 ASoC: Intel: catpt: Fix the device initialization
9014a30df4365 spi: sn-f-ospi: Fix resource leak in f_ospi_probe()
b5f87d8493f54 PM: hibernate: Drain trailing zero pages on userspace restore
8dda015822771 PM: hibernate: Don't ignore return from set_memory_ro()
6a492d10c2f88 drm/i915/gmbus: fix spurious timeout on 512-byte burst reads
daf1396e8f42a x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size
8212295549e47 scsi: scsi_transport_sas: Fix the maximum channel scanning issue
ad5085d7ef1c5 RDMA/irdma: Return EINVAL for invalid arp index error
acb060bc2609c RDMA/irdma: Fix deadlock during netdev reset with active connections
45897c22a93ec RDMA/irdma: Remove reset check from irdma_modify_qp_to_err()
2175c64d27e27 RDMA/irdma: Clean up unnecessary dereference of event->cm_node
18386d84d2ad3 RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce()
d783393d2122b RDMA/irdma: Update ibqp state to error if QP is already in error state
af310407f79d5 RDMA/irdma: Initialize free_qp completion before using it
e82f2775b50cc RDMA/rw: Fall back to direct SGE on MR pool exhaustion
96c60fb6896e6 regmap: Synchronize cache for the page selector
9524634194516 net: macb: use the current queue number for stats
fcec5ce2d73a4 netfilter: ctnetlink: use netlink policy range checks
fe463e76c9b4b netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
168145c874446 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
c6a503a9f4deb netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
a8365d1064ded netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
2dcf324855c34 tls: Purge async_hold in tls_decrypt_async_wait()
6fba3c3d48c92 Bluetooth: btusb: clamp SCO altsetting table indices
52667c859fe33 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
5f84e845648df Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
8d83194e8a880 Bluetooth: hci_sync: Remove remaining dependencies of hci_request
0ee469ba7c58c Bluetooth: Remove 3 repeated macro definitions
50c1e5fc7c444 Bluetooth: L2CAP: Fix send LE flow credits in ACL link
acfb29f82223e dma-mapping: add missing `inline` for `dma_free_attrs`
47d5f290fab3c net: enetc: fix the output issue of 'ethtool --show-ring'
2297e38114316 udp: Fix wildcard bind conflict check when using hash2
5b5af243e566b tcp: optimize inet_use_bhash2_on_bind()
79a5c9344eaaf tcp: Rearrange tests in inet_csk_bind_conflict().
34f5fe33e43bc tcp: Use bhash2 for v4-mapped-v6 non-wildcard address.
654386baef228 net: fix fanout UAF in packet_release() via NETDEV_UP race
a8ec35bb7b503 ipv6: Don't remove permanent routes with exceptions from tb6_gc_hlist.
9241d441feb40 ipv6: Remove permanent routes from tb6_gc_hlist when all exceptions expire.
6ae421f59bf80 ice: use ice_update_eth_stats() for representor stats
0677d6bf6e853 platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen
b04420f5b9315 rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size
81acbd345d405 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
c1f97152df8df openvswitch: validate MPLS set/set_masked payload length
42f0d3d812096 openvswitch: defer tunnel netdev_put to RCU release
4c3e25a7b711a net: openvswitch: Avoid releasing netdev before teardown completes
eb435d150ca74 nfc: nci: fix circular locking dependency in nci_close_device
cfd863d4a3f2e ionic: fix persistent MAC address override on PF
a4fd36bb000db pinctrl: mediatek: common: Fix probe failure for devices without EINT
a04a760c06bb5 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
28904375d54b4 Bluetooth: hci_ll: Fix firmware leak on error path
45aaca995e4a7 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
477ad49760720 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
a4bda464c0deb can: statistics: add missing atomic access in hot path
d6923498e972b dma: swiotlb: add KMSAN annotations to swiotlb_bounce()
d3225e6b9bd51 af_key: validate families in pfkey_send_migrate()
6a3ec6efbc4f9 esp: fix skb leak with espintcp and async crypto
e17b0106447ed xfrm: Fix the usage of skb->sk
86f130cf52504 xfrm: call xdo_dev_state_delete during state update
7aac2b997e614 spi: intel-pci: Add support for Nova Lake mobile SPI flash
56bc8de780720 usb: core: new quirk to handle devices with zero configurations
1eed0199dbf41 objtool: Handle Clang RSP musical chairs
006ce15577e76 ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390
f264d4e3a9261 ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk
c57276ced3c32 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
2635d0c715f3f HID: apple: avoid memory leak in apple_report_fixup()
d9365789a6fd7 dma-buf: Include ioctl.h in UAPI header
9d43a897a9122 ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits()
cb4954fc2520d ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg()
082f15d288732 module: Fix kernel panic when a symbol st_shndx is out of bounds
f18c38cb24c9c HID: asus: add xg mobile 2023 external hardware support
4d36b7ad2c18b HID: mcp2221: cancel last I2C command on read error
952e41b0f9238 net: usb: r8152: add TRENDnet TUC-ET2G
7edfe4346b052 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
eac08882569bc HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2
6f12734c4b619 nvme-pci: ensure we're polling a polled queue
50063c576c6ed platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10
0ab508ace30c7 platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1
94cfabcf28209 nvme-fabrics: use kfree_sensitive() for DHCHAP secrets
c69b5dd587f6f nvme-pci: cap queue creation to used queues
79dc4ced3bb62 platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list
f20f17cffbe34 HID: asus: avoid memory leak in asus_report_fixup()
694ea55f1b1c7 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
d47bba0cfdd4c bpf: Release module BTF IDR before module unload
0f46fd10de29e sh: platform_early: remove pdev->driver_override check
0af982240b8f4 hwmon: axi-fan: don't use driver_override as IRQ name
e73121faf530e hwmon: (axi-fan-control) Make use of dev_err_probe()
50fe5fbf98290 hwmon: (axi-fan-control) Use device firmware agnostic API
bd738f986f6a0 cxl/hdm: Avoid incorrect DVSEC fallback when HDM decoders are enabled
656f35b463995 perf: Make sure to use pmu_ctx->pmu for groups
79cda13757901 perf: Extract a few helpers
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index ae78c91f64c..c58279873e6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "aa09ac001c2f96bd4ba32ba47e84e02db0f6ceed"
-SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
+SRCREV_machine ?= "a6a88382093932d5f963f38334035221c0b8344e"
+SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.130"
+LINUX_VERSION ?= "6.6.132"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0bc45ffd642..58fd5a57b84 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.130"
+LINUX_VERSION ?= "6.6.132"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "2bf97eeefd96e27a2195cb4757c13110e92afcc6"
-SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
+SRCREV_machine ?= "ff381816e34f3ed488248a69843227160f7ede06"
+SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index ce599405446..633abb36ddb 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "b4e8a23613e117b5803dae49e8d4d562c37bd8a3"
-SRCREV_machine:qemuarm64 ?= "236dabe34ed663918803f17cbda90a1d6ac39922"
-SRCREV_machine:qemuloongarch64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemumips ?= "8022cb3ada420a7a3508dcd0a00e7367a0b08e52"
-SRCREV_machine:qemuppc ?= "77817988bcc71ba230e44d14e2d1c66837543dc9"
-SRCREV_machine:qemuriscv64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemuriscv32 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemux86 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemux86-64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemumips64 ?= "7ffb3cfb496703be3c0951bf54eb6ce69fdd1a1e"
-SRCREV_machine ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
+SRCREV_machine:qemuarm ?= "ecff059b6885829e70f8a0fa96956e330b3dc8a4"
+SRCREV_machine:qemuarm64 ?= "a2808cd3d14323f1be06f83c084f7ccc19346305"
+SRCREV_machine:qemuloongarch64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemumips ?= "e785bf4e3c24d0f6a02c1c12c4b636eaaa539f19"
+SRCREV_machine:qemuppc ?= "f1e47cb079d5fa8a5f22f795bd4130dc001babab"
+SRCREV_machine:qemuriscv64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemuriscv32 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemux86 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemux86-64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemumips64 ?= "6357451678385be03d1f7d60d0f8868aa7514418"
+SRCREV_machine ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "c09fbcd31ae6d71e7c69545839bec92d8e15c13b"
+SRCREV_machine:class-devupstream ?= "08667c1437c07ce2e5d323165031ae152d6f061a"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.130"
+LINUX_VERSION ?= "6.6.132"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 31/41] linux-yocto/6.6: update to v6.6.134
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (29 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 30/41] linux-yocto/6.6: update to v6.6.132 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 32/41] linux-yocto/6.6: update to v6.6.135 Yoann Congal
` (9 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
8cee53b8eaeb5 Linux 6.6.134
6b63a54a790a6 net: sfp: Fix Ubiquiti U-Fiber Instant SFP module on mvneta
79bc854d44f9f MPTCP: fix lock class name family in pm_nl_create_listen_socket
83170a05908b6 ext4: handle wraparound when searching for blocks for indirect mapped blocks
a070d5a872ffe ext4: publish jinode after initialization
e2316c5d759d3 dmaengine: fsl-edma: fix channel parameter config for fixed channel requests
72c0f5de91098 dmaengine: fsl-edma: change to guard(mutex) within fsl_edma3_xlate()
892ba47ef7140 x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling()
7ddcf4a245c1c mm/huge_memory: fix folio isn't locked in softleaf_to_folio()
15f5241d5a523 scsi: target: tcm_loop: Drain commands in target_reset handler
d88541ffd56d6 net: mana: fix use-after-free in add_adev() error path
ed71cf465c75f net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback
a2d3c892115e1 net: macb: Move devm_{free,request}_irq() out of spin lock area
9e7d5b7581ce1 iio: imu: inv_icm42600: fix odr switch when turning buffer off
d1e3aa80e6e04 wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free
c6da4fed7537a usb: gadget: f_uac1_legacy: validate control request size
cb5316b37288a usb: gadget: f_rndis: Protect RNDIS options with mutex
75776a055b656 usb: gadget: f_subset: Fix unbalanced refcnt in geth_free
c78e463ee134b usb: gadget: uvc: fix NULL pointer dereference during unbind race
f6813c2b2ae78 usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop
3db70e16fccb4 LoongArch: vDSO: Emit GNU_EH_FRAME correctly
cddea0c721106 gfs2: Validate i_depth for exhash directories
514784b8951e7 gfs2: Improve gfs2_consist_inode() usage
3a9fd45afadec btrfs: do not free data reservation in fallback from inline due to -ENOSPC
681377e4e229d btrfs: fix the qgroup data free range for inline data extents
f5b469a84400a usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer
5aa776c8615be USB: dummy-hcd: Fix interrupt synchronization error
791966f85b439 USB: dummy-hcd: Fix locking/synchronization error
2516336e825fc thunderbolt: Fix property read in nhi_wake_supported()
4b8e527aca357 misc: fastrpc: possible double-free of cctx->remote_heap
9e796001af97a thermal: core: Fix thermal zone device registration error path
e208c45c63258 gpio: mxc: map Both Edge pad wakeup to Rising Edge
da39ee627fd82 cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path
8a71911fc7eee net: ftgmac100: fix ring allocation unwind on open failure
602596c69a70e vxlan: validate ND option lengths in vxlan_na_create
28a371be901ef counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member
885aa739a07ab counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
6cea34d7ec682 netfilter: ipset: drop logically empty buckets in mtype_del
aca0938d0bb44 nvmem: imx: assign nvmem_cell_info::raw_len
eeb496e82b916 dt-bindings: connector: add pd-disable dependency
1603dd471f477 comedi: me4000: Fix potential overrun of firmware buffer
c16ac4e173a05 comedi: me_daq: Fix potential overrun of firmware buffer
f517646e008fe comedi: ni_atmio16d: Fix invalid clean-up after failed attach
c01bcc67a9a69 comedi: Reinit dev->spinlock between attachments to low-level drivers
d5d9df8b08d68 comedi: dt2815: add hardware detection to prevent crash
787c21d2cc13b cdc-acm: new quirk for EPSON HMD
e0bfd6d4dc77a bridge: br_nd_send: validate ND option lengths
2e5cbab8ccbfc fork: defer linking file vma until vma is fully initialized
13e8e5bd99849 vfio/pci: Insert full vma on mmap'd MMIO fault
1a0a115843ec4 vfio/pci: Use unmap_mapping_range()
764438b5c5d15 vfio: Create vfio_fs_type with inode per device
cfca84f5986af usb: cdns3: gadget: fix state inconsistency on gadget init failure
9ab9b0e5fcdac usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
beab10429439e usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()
af1e68c43ed88 usb: ehci-brcm: fix sleep during atomic
95e09b07e5029 usb: usbtmc: Flush anchored URBs in usbtmc_release
aaeae6533d77e usb: ulpi: fix double free in ulpi_register_interface() error path
a6f374ba81dde usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive
1f83e4f8509aa iio: gyro: mpu3050: Fix out-of-sequence free_irq()
2a4537653d200 iio: gyro: mpu3050: Move iio_device_register() to correct location
8f237c408f300 iio: gyro: mpu3050: Fix irq resource leak
a09171d3f23e1 iio: gyro: mpu3050: Fix incorrect free_irq() variable
4cda5db84e917 iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only
11aaba2824a14 iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin()
dae6048cb63fe iio: light: vcnl4035: fix scan buffer on big-endian
13f4f2d046661 iio: dac: ad5770r: fix error return in ad5770r_read_raw()
97d908087e85c iio: accel: fix ADXL355 temperature signature value
81b90c03dd65f Input: xpad - add support for Razer Wolverine V3 Pro
6260b66c005fa Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode
92b1a92857002 Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table
a6d5d972460ca Input: synaptics-rmi4 - fix a locking bug in an error path
fa64aab25aba4 iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()
624e292e74769 USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam
619d8d1cc4688 USB: serial: option: add support for Rolling Wireless RW135R-GL
d3f78e9cd0bbe USB: serial: io_edgeport: add support for Blackbox IC135A
beadc871ccf86 drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP
32ac48642e71e drm/ast: dp501: Fix initialization of SCU2C
7759f105e9c89 iio: adc: ti-adc161s626: fix buffer read on big-endian
43fa022b56dcd mips: mm: Allocate tlb_vpn array atomically
37ae8fadc74ed hwmon: (occ) Fix division by zero in occ_show_power_1()
4c10f326f628e MIPS: Fix the GCC version check for `__multi3' workaround
91649c02c1baa Bluetooth: SMP: force responder MITM requirements before building the pairing response
b1c6a8e554a39 Bluetooth: SMP: derive legacy responder STK authentication from MITM state
c8859675f1cf9 ALSA: ctxfi: Fix missing SPDIFI1 index handling
a82c1bce2d129 ALSA: caiaq: fix stack out-of-bounds read in init_card
2de70a6149e03 USB: serial: option: add MeiG Smart SRM825WN
ffbed27ba15ef wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()
9907ac9b9a18b wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation
489f2ef2b9088 drm/ioc32: stop speculation on the drm_compat_ioctl path
0320474d92c69 riscv: kgdb: fix several debug register assignment bugs
e01779a5c0283 mips: ralink: update CPU clock index
649ceac79c831 hwmon: (occ) Fix missing newline in occ_show_extended()
164a1b397da0c hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify()
cb048be568a85 dt-bindings: gpio: fix microchip #interrupt-cells
220f29e819244 hwmon: (pxe1610) Check return value of page-select write in probe
2dd67966f39a2 accel/qaic: Handle DBC deactivation if the owner went away
690509a2eea89 iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one
8755066f7bd0f bpf: reject direct access to nullable PTR_TO_BUF pointers
5e4ee5dbea134 ipv6: avoid overflows in ip6_datagram_send_ctl()
36a5d17d7ddad net: hsr: fix VLAN add unwind on slave errors
4a09f72007201 net/sched: cls_flow: fix NULL pointer dereference on shared blocks
18328eff2f97d net/sched: cls_fw: fix NULL pointer dereference on shared blocks
1734bd85c5e0a net/x25: Fix overflow when accumulating packets
143d4fa68ae9e net/x25: Fix potential double free of skb
1fc7fbac8b98f net/mlx5: Avoid "No data available" when FW version queries fail
7129632cab3e4 net/mlx5: lag: Check for LAG device before creating debugfs
e1f6f47d6e60d net: macb: properly unregister fixed rate clocks
b3f799cdf830d net: macb: fix clk handling on PCI glue driver removal
a14b568633486 net/sched: sch_netem: fix out-of-bounds access in packet corruption
8d597e3e74027 bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().
6b0a8de67ac0c rds: ib: reject FRMR registration before IB connection is established
244b639e6a3a8 Bluetooth: MGMT: validate mesh send advertising payload length
5fb69e1eeea9d Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt
f71695e81f4cb Bluetooth: MGMT: validate LTK enc_size on load
adb90cd0f9f7a Bluetooth: SCO: fix race conditions in sco_sock_connect()
2504ce3fc39ed Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate
4b12a3cc3f075 netfilter: nf_tables: reject immediate NF_QUEUE verdict
f00ac65c90ea4 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
2ea0f35f235f7 netfilter: ctnetlink: ignore explicit helper on new expectations
a76157a1eee5f netfilter: nf_conntrack_expect: store netns and zone in expectation
e7ccaa0a62a8f netfilter: nf_conntrack_expect: use expect->helper
d81c3205085b5 netfilter: nf_conntrack_expect: honor expectation helper field
2898080c054ea netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent
2cf2737c85a2b netfilter: nf_conntrack_helper: pass helper to expect cleanup
1b842ade214b9 netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr
c2d4a3abb15ca netfilter: x_tables: ensure names are nul-terminated
607245c4dbb86 netfilter: nfnetlink_log: account for netlink header size
5382bb03e9c33 netfilter: flowtable: strictly check for maximum number of actions
6c7fbdb8ffde6 net: ipv6: flowlabel: defer exclusive option free until RCU teardown
b99d82706bd15 bpf: Fix regsafe() for pointers to packet
236b564165b49 net: xilinx: axienet: Correct BD length masks to match AXIDMA IP spec
2c1fadd221b21 NFC: pn533: bound the UART receive buffer
e35f5195cd44f net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak
7d9f2f4aabd11 ipv6: prevent possible UaF in addrconf_permanent_addr()
584d8648f859f ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure
c56f78614e778 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
658261898130d bridge: br_nd_send: linearize skb before parsing ND options
a0c4ce9900a10 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
3d5127d998de6 ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
c64dc67d70da6 tg3: Fix race for querying speed/duplex
d1b041080086e net/ipv6: ioam6: prevent schema length wraparound in trace fill
7f56d87e527bb net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
0fda873092b54 net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak
3e52e1b121c28 net: fec: fix the PTP periodic output sysfs interface
7cdf2c6381b21 crypto: af-alg - fix NULL pointer dereference in scatterwalk
31022cfde5235 crypto: caam - fix overflow on long hmac keys
a7ecf06d3ee06 crypto: caam - fix DMA corruption on long hmac keys
4073217be3df0 wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session
18e28353074a3 wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation
12322d8654cf9 wifi: ath11k: skip status ring entry processing
90afe0af4452b dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning
ea553dfb630e1 spi: geni-qcom: Check DMA interrupts early in ISR
295f8075d0044 btrfs: reject root items with drop_progress and zero drop_level
b404e6b9863ea i2c: tegra: Don't mark devices with pins as IRQ safe
c7a27bb4d0f65 HID: multitouch: Check to ensure report responses match the request
e9126544fd779 objtool: Fix Clang jump table detection
960159a9f8468 tg3: replace placeholder MAC address with device property
c9fc98beeedf0 btrfs: don't take device_list_mutex when querying zone info
b256d055da472 atm: lec: fix use-after-free in sock_def_readable()
8bd690ac12423 HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq
7b56b67776520 arm64/scs: Fix handling of advance_loc4
80de0a9581338 Linux 6.6.133
9a3a2ae5efbbc xattr: switch to CLASS(fd)
16d41d32b7c76 Revert "xattr: switch to CLASS(fd)"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index c58279873e6..6440d0babbe 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "a6a88382093932d5f963f38334035221c0b8344e"
-SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
+SRCREV_machine ?= "fda570bd42ccafdd93a2bc4eae0ab36a4084031e"
+SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.132"
+LINUX_VERSION ?= "6.6.134"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 58fd5a57b84..deb59431454 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.132"
+LINUX_VERSION ?= "6.6.134"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "ff381816e34f3ed488248a69843227160f7ede06"
-SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
+SRCREV_machine ?= "990b12e4095890d00a1c42ee5643443f1491dc0e"
+SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 633abb36ddb..11efb351e97 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "ecff059b6885829e70f8a0fa96956e330b3dc8a4"
-SRCREV_machine:qemuarm64 ?= "a2808cd3d14323f1be06f83c084f7ccc19346305"
-SRCREV_machine:qemuloongarch64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemumips ?= "e785bf4e3c24d0f6a02c1c12c4b636eaaa539f19"
-SRCREV_machine:qemuppc ?= "f1e47cb079d5fa8a5f22f795bd4130dc001babab"
-SRCREV_machine:qemuriscv64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemuriscv32 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemux86 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemux86-64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemumips64 ?= "6357451678385be03d1f7d60d0f8868aa7514418"
-SRCREV_machine ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
+SRCREV_machine:qemuarm ?= "55c82e0b84e8892add226263bb00dfaef810f487"
+SRCREV_machine:qemuarm64 ?= "c3b5dcdca64f2d9d5dfd9808b2ec4d1363ddc5c2"
+SRCREV_machine:qemuloongarch64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemumips ?= "065d9d6fa1db8f762b740b0fac999e8d68b3afcf"
+SRCREV_machine:qemuppc ?= "dd0d7b2a25b1fc953887f6d32247c58b19f23e73"
+SRCREV_machine:qemuriscv64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemuriscv32 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemux86 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemux86-64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemumips64 ?= "5546a26cb003a61697b9c748e80c964188dbde1b"
+SRCREV_machine ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "08667c1437c07ce2e5d323165031ae152d6f061a"
+SRCREV_machine:class-devupstream ?= "8cee53b8eaeb5d1f7c97b7f2381653ed00ffc26b"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.132"
+LINUX_VERSION ?= "6.6.134"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 32/41] linux-yocto/6.6: update to v6.6.135
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (30 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 31/41] linux-yocto/6.6: update to v6.6.134 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 33/41] linux-yocto/6.6: update to v6.6.136 Yoann Congal
` (8 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
9760bf04666d Linux 6.6.135
53b86879e92b Revert "PCI: Enable ACS after configuring IOMMU for OF platforms"
9853917f9edf rxrpc: Fix missing error checks for rxkad encryption/decryption failure
1355eb244aa5 rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING)
9ce36d28f67c rxrpc: fix reference count leak in rxrpc_server_keyring()
47073aab8a3a rxrpc: reject undecryptable rxkad response tickets
b8f66447448d rxrpc: Only put the call ref if one was acquired
f1a7a3ab0f35 rxrpc: Fix key reference count leak from call->key
93fc15be44a3 rxrpc: Fix call removal to use RCU safe deletion
e63265f188ea net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
88591194df73 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
b7b8012193fd net: stmmac: fix integer underflow in chain mode
9a56735581d5 net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure
6468cab1173f mmc: vub300: fix NULL-deref on disconnect
80fd0de89805 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
0985b18c95eb net/mlx5: Update the list of the PCI supported devices
ca3f48c3567d drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
2f55b58b5a0b batman-adv: hold claim backbone gateways by reference
2eb9d67704ca net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
0e43e0a3c940 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
d3de72e2a2b9 EDAC/mc: Fix error path ordering in edac_mc_alloc()
672b526def1f X.509: Fix out-of-bounds access when parsing extensions
69d61639bc7e batman-adv: reject oversized global TT response buffers
07cb6c72e66b nfc: pn533: allocate rx skb before consuming bytes
0f36273a4b24 arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges
e3d84395a16d arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity
e85ee7bd042c arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V
03c00ef6d6df Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower"
4bf41c2731a0 wifi: brcmsmac: Fix dma_free_coherent() size
3bcf7aca63f0 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
c221ed63a276 xfrm: clear trailing padding in build_polexpire()
070abdf1b043 netfilter: nft_ct: fix use-after-free in timeout object destroy
533e0a0454d0 Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug"
32bad10de347 netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR
84d458018b14 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
3e9bf8c3ba89 Revert "mptcp: add needs_id for netlink appending addr"
8ec6a58586f1 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
e8984f068e90 virtio_net: clamp rss_max_key_size to NETDEV_RSS_KEY_LEN
0dc539b888fb scsi: ufs: core: Fix use-after free in init error and remove paths
146e25625378 ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
811b3dccfb0a MIPS: mm: Rewrite TLB uniquification for the hidden bit feature
591f030449ad MIPS: mm: Suppress TLB uniquification on EHINV hardware
8a4de6bcaf01 MIPS: Always record SEGBITS in cpu_data.vmbits
00a4b91f8fac Input: uinput - take event lock when submitting FF request "event"
546c18a14924 Input: uinput - fix circular locking dependency with ff-core
3fd6547f5b8a mptcp: fix slab-use-after-free in __inet_lookup_established
673d2a3eef6e net: rfkill: prevent unlimited numbers of rfkill events from being created
e0c8542c3d09 xfrm_user: fix info leak in build_report()
1de5c76bf40e wifi: rt2x00usb: fix devres lifetime
066c760acead lib/crypto: chacha: Zeroize permuted_state before it leaves scope
91f02726b220 x86/CPU: Fix FPDSS on Zen1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 6440d0babbe..fab90bcc14d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "fda570bd42ccafdd93a2bc4eae0ab36a4084031e"
-SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
+SRCREV_machine ?= "796ebf5cd0bb25e473fead08d0e3c8c1b68f0676"
+SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.134"
+LINUX_VERSION ?= "6.6.135"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index deb59431454..80234909a32 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.134"
+LINUX_VERSION ?= "6.6.135"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "990b12e4095890d00a1c42ee5643443f1491dc0e"
-SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
+SRCREV_machine ?= "8c3e42c1177c1cf7f4b028ffe1ddacf5a7e8b018"
+SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 11efb351e97..43d0ad9c8ee 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "55c82e0b84e8892add226263bb00dfaef810f487"
-SRCREV_machine:qemuarm64 ?= "c3b5dcdca64f2d9d5dfd9808b2ec4d1363ddc5c2"
-SRCREV_machine:qemuloongarch64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemumips ?= "065d9d6fa1db8f762b740b0fac999e8d68b3afcf"
-SRCREV_machine:qemuppc ?= "dd0d7b2a25b1fc953887f6d32247c58b19f23e73"
-SRCREV_machine:qemuriscv64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemuriscv32 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemux86 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemux86-64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemumips64 ?= "5546a26cb003a61697b9c748e80c964188dbde1b"
-SRCREV_machine ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
+SRCREV_machine:qemuarm ?= "e3d837b99e32b26f86c7e0c956787aa7ac11cbc8"
+SRCREV_machine:qemuarm64 ?= "440d78702ecd1f42162acba37434033a5ca903cb"
+SRCREV_machine:qemuloongarch64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemumips ?= "8692ec9071ca8f4432c2c3409bf79240f34a7af5"
+SRCREV_machine:qemuppc ?= "d49f40c6896b5d1ac37a84564ed7ab5b7a839519"
+SRCREV_machine:qemuriscv64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemuriscv32 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemux86 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemux86-64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemumips64 ?= "91b8fff701cdc434e211a58915886224eb6e0d1a"
+SRCREV_machine ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "8cee53b8eaeb5d1f7c97b7f2381653ed00ffc26b"
+SRCREV_machine:class-devupstream ?= "9760bf04666dfe154161d49b6207c3486685bf29"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.134"
+LINUX_VERSION ?= "6.6.135"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 33/41] linux-yocto/6.6: update to v6.6.136
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (31 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 32/41] linux-yocto/6.6: update to v6.6.135 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 34/41] linux-yocto/6.6: update to v6.6.137 Yoann Congal
` (7 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
142cd8382222 Linux 6.6.136
deeaba4c54ae md/raid1: fix data lost for writemostly rdev
1fa36cf495b0 rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
09427bcb1715 crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed
b5c14bd4da1f crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed
607ba280f2ad crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed
c89c768734f3 crypto: testmgr - Hide ENOENT errors better
695cac6ed284 crypto: testmgr - Hide ENOENT errors
74e2db36fe50 net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()
f6634af5de72 ALSA: caiaq: take a reference on the USB device in create_card()
86fc28191418 ALSA: usb-audio: apply quirk for MOONDROP JU Jiu
ef57cd3329b4 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
8d5729350b23 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
ffbce350c6fd ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment
a34d456934fe smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path
b53b8e98c233 smb: client: require a full NFS mode SID before reading mode bits
0521a67e4b0f smb: server: fix max_connections off-by-one in tcp accept path
97f8d2648ef4 smb: server: fix active_num_conn leak on transport allocation failure
b3e0e7dd53f1 fuse: quiet down complaints in fuse_conn_limit_write
f1441a1ecace fuse: Check for large folio with SPLICE_F_MOVE
d23ad78bfd20 fuse: reject oversized dirents in page cache
a76c1cad4e80 f2fs: fix to avoid memory leak in f2fs_rename()
f90b8a1798b7 fs/ntfs3: validate rec->used in journal-replay file record check
a6bcf8010af0 rxrpc: only handle RESPONSE during service challenge
d6a76b3600e1 rxrpc: Fix anonymous key handling
6669cf805940 scripts/dtc: Remove unused dts_version in dtc-lexer.l
cf044df0901f Revert "wifi: cfg80211: stop NAN and P2P in cfg80211_leave"
e2c9dc6b6e96 ocfs2: fix out-of-bounds write in ocfs2_write_end_inline
37f074e65f24 ocfs2: validate inline data i_size during inode read
4bf8cd09f427 ocfs2: add inline inode consistency check to ocfs2_validate_inode_block()
c98b6fa86b33 rxrpc: Fix key quota calculation for multitoken keys
e297bb2c2568 KVM: x86: Use __DECLARE_FLEX_ARRAY() for UAPI structures with VLAs
f363c496e203 scripts: generate_rust_analyzer.py: define scripts
ceb73484e720 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
7ad01905831c net: annotate data-races around sk->sk_{data_ready,write_space}
fa5d5baf67f6 i40e: Fix preempt count leak in napi poll tracepoint
71ca90c26eef net: ethernet: mtk_eth_soc: initialize PPE per-tag-layer MTU registers
f77b51bcee7b wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
10f4ff4baeb6 md/raid1,raid10: don't ignore IO flags
50352fc10392 ipv6: add NULL checks for idev in SRv6 paths
e238ab12556b PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
ebc8815a917f Revert "perf unwind-libdw: Fix invalid reference counts"
45cbaf5c7cdc media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
e3957eb26a3d media: vidtv: fix pass-by-value structs causing MSAN warnings
7318e3549518 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
cb8092038e95 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
47fa09fe7f3e bcache: fix cached_dev.sb_bio use-after-free and crash
e88354b381e2 ALSA: 6fire: fix use-after-free on disconnect
b5d141ea15f1 media: em28xx: fix use-after-free in em28xx_v4l2_open()
9a9bdaf9dc42 media: mediatek: vcodec: fix use-after-free in encoder release path
17cb7957c979 media: vidtv: fix nfeeds state corruption on start_streaming failure
115a5266749d mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
cec74b2ab7df mm/kasan: fix double free for kasan pXds
887632163b54 ASoC: qcom: q6apm: move component registration to unmanaged version
dc6a6c3db3a4 KVM: x86: Use scratch field in MMIO fragment to hold small write values
24b1e0d5d254 checkpatch: add support for Assisted-by tag
e0c211a0c261 ice: Fix memory leak in ice_set_ringparam()
e6661add2d9c nf_tables: nft_dynset: fix possible stateful expression memleak in error path
aaba6ee63ba6 blktrace: fix __this_cpu_read/write in preemptible context
9df613ef6e8e nfc: nci: complete pending data exchange on device close
4604b7b4eee6 net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr()
5afb9356a2e5 KVM: nVMX: Fold requested virtual interrupt check into has_nested_events()
002a73470b56 net: add proper RCU protection to /proc/net/ptype
f9d4b618f1b9 iio: common: st_sensors: Fix use of uninitialize device structs
36f127b971c0 btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io()
128b03ccb258 net: skb: fix cross-cache free of KFENCE-allocated skb head
b670833749ff KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
6575f9fbf084 ocfs2: handle invalid dinode in ocfs2_group_extend
6f072daefcab ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
4b80b5a838a3 ocfs2: fix possible deadlock between unlink and dio_end_io_write
b7efb4c94797 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
426ef05e82ee dcache: Limit the minimal number of bucket to two
452894005b4a ALSA: ctxfi: Limit PTP to a single page
6718df49e5a7 Docs/admin-guide/mm/damon/reclaim: warn commit_inputs vs param updates race
554391e7da68 USB: serial: option: add Telit Cinterion FN990A MBIM composition
779412e0e391 staging: sm750fb: fix division by zero in ps_to_hz()
f632987306bc wifi: rtw88: fix device leak on probe failure
e2f8c5d134f7 scripts: generate_rust_analyzer.py: avoid FD leak
cce24f70090e fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
301857c5ac27 usb: port: add delay after usb_hub_set_port_power()
8fb82e3555a7 USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen
9dec3276d122 usb: storage: Expand range of matched versions for VL817 quirks entry
885c8591784d usbip: validate number_of_packets in usbip_pack_ret_submit()
745a535461bb ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
b5b5d5936a50 ksmbd: require 3 sub-authorities before reading sub_auth[2]
4b73376feecb ksmbd: validate EaNameLength in smb2_get_ea()
bfbc74df8bbe smb: client: fix off-by-8 bounds check in check_wsl_eas()
1b2bfedccc4f usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
9ceff1251904 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
0f156bb5334e usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
859a239d58a8 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
f856f4b6efd5 ALSA: fireworks: bound device-supplied status before string array lookup
63c11b19cdc1 drm/vc4: platform_get_irq_byname() returns an int
2819f34e08bd NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
d4e1946bea8d net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
932ae5309e53 HID: core: clamp report_size in s32ton() to avoid undefined shift
c8cc765253ad HID: alps: fix NULL pointer dereference in alps_raw_event()
c65ee4d3be5d staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
fa00738ab30b i2c: s3c24xx: check the size of the SMBUS message before using it
5e9cfffad898 can: raw: fix ro->uniq use-after-free in raw_rcv()
0eb1263a3b8c nfc: llcp: add missing return after LLCP_CLOSED checks
e2e0e7884314 drm/i915/psr: Do not use pipe_src as borders for SU area
7ab1832fe163 objtool: Remove max symbol name length limitation
29d39948ce52 ALSA: usb-audio: Improve Focusrite sample rate filtering
c5e918390002 netfilter: conntrack: add missing netlink policy validations
e86ab1e56613 crypto: algif_aead - Fix minimum RX size check for decryption
cfab2c817d2e perf/x86/intel/uncore: Skip discovery table for offline dies
1981e469558b gpio: tegra: fix irq_release_resources calling enable instead of disable
9ccce02d5013 l2tp: Drop large packets with UDP encap
ae8343a19ccb net: ipa: fix event ring index not programmed for IPA v5.0+
a7d326dfb13b net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+
b9232421a77a af_unix: read UNIX_DIAG_VFS data under unix_state_lock
00e1d650fa4b net: txgbe: leave space for null terminators on property_entry
288138418bef netfilter: ip6t_eui64: reject invalid MAC header for all packets
36bf0d98e180 netfilter: xt_multiport: validate range encoding in checkentry
368c22aea490 netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator
730663352c91 ipvs: fix NULL deref in ip_vs_add_service error path
c4d93470aff0 selftests: net: bridge_vlan_mcast: wait for h1 before querier check
d3125c541a96 xfrm_user: fix info leak in build_mapping()
b66920a3348c xfrm: Wait for RCU readers during policy netns exit
a55793e5a97d xsk: validate MTU against usable frame size on bind
81ab60836b27 xsk: fix XDP_UMEM_SG_FLAG issues
cfcc8a82ad03 xsk: respect tailroom for ZC setups
a03975beb9f6 xsk: tighten UMEM headroom validation to account for tailroom and min frame
c9eef0760db4 e1000: check return value of e1000_read_eeprom
d8a747057a17 ixgbevf: add missing negotiate_features op to Hyper-V ops table
feba4907c302 tracing/probe: reject non-closed empty immediate strings
7a01c81120f5 dt-bindings: net: Fix Tegra234 MGBE PTP clock
366f890831ff net: stmmac: Fix PTP ref clock for Tegra234
d8c2aa3c4a1e nfc: s3fwrn5: allocate rx skb before consuming bytes
47a8bf52156a ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
363a38044b8c net: lapbether: handle NETDEV_PRE_TYPE_CHANGE
eb3765b90eb8 net: sched: act_csum: validate nested VLAN headers
a6566cd33f6f eventpoll: defer struct eventpoll free to RCU grace period
34160cca50ec drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock
dd5c49787a32 drm/vc4: Fix a memory leak in hang state error path
a812008fe3a0 drm/vc4: Fix memory leak of BO array in hang state
5befb65dca90 drm/vc4: Release runtime PM reference after binding V3D
96f71e3a7f9b PCI: hv: Set default NUMA node to 0 for devices without affinity info
6948caaff66d arm64: dts: imx8mq: Set the correct gpu_ahb clock frequency
d4d11b70a30f soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching
f0288da67320 ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J
3ec7437e9d11 wifi: brcmfmac: validate bsscfg indices in IF events
cf50a1178dfc ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585
e6a445513fbc HID: roccat: fix use-after-free in roccat_report_event
40f40229baa7 ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10
e73692e0e271 HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3
a9098b43562f platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug
36af81124ca8 pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer)
b17dcf3c9cb4 ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx
5d4fe469fe7d fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath
7b73bea718fe ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex
e51cd8954919 ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list
b6ba1eacf276 wifi: wl1251: validate packet IDs before indexing tx_frames
d7b59c2e6109 ALSA: hda/realtek: add quirk for Framework F111:000F
fa4f1f52528c netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
b345586c9fe8 ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx
c09a7446aab5 btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
aa77bd6d08f0 can: mcp251x: add error handling for power enable in open and resume
5c37bd025068 ASoC: SOF: topology: reject invalid vendor array size in token parser
64e4ced7dd47 ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF
719df67c2003 ALSA: asihpi: avoid write overflow check warning
384c3f844f53 media: rkvdec: reduce stack usage in rkvdec_init_v4l2_vp9_count_tbl()
e0c656cbb2a7 ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC
1e1015643535 ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk
2cd86c2cd771 ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA
62298a48f8b8 RDMA/irdma: Fix double free related to rereg_user_mr
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 4 +--
.../linux/linux-yocto-tiny_6.6.bb | 4 +--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 26 +++++++++----------
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index fab90bcc14d..22af5c2a99e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "796ebf5cd0bb25e473fead08d0e3c8c1b68f0676"
+SRCREV_machine ?= "99c037f00af27169304f268e388fa3fc65688633"
SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.135"
+LINUX_VERSION ?= "6.6.136"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 80234909a32..1153249b8d8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.135"
+LINUX_VERSION ?= "6.6.136"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,7 +17,7 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "8c3e42c1177c1cf7f4b028ffe1ddacf5a7e8b018"
+SRCREV_machine ?= "4aa4f6df28cc4541355f39ce0c40237408690c14"
SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 43d0ad9c8ee..f2307dd6e05 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,17 +18,17 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "e3d837b99e32b26f86c7e0c956787aa7ac11cbc8"
-SRCREV_machine:qemuarm64 ?= "440d78702ecd1f42162acba37434033a5ca903cb"
-SRCREV_machine:qemuloongarch64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemumips ?= "8692ec9071ca8f4432c2c3409bf79240f34a7af5"
-SRCREV_machine:qemuppc ?= "d49f40c6896b5d1ac37a84564ed7ab5b7a839519"
-SRCREV_machine:qemuriscv64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemuriscv32 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemux86 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemux86-64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemumips64 ?= "91b8fff701cdc434e211a58915886224eb6e0d1a"
-SRCREV_machine ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemuarm ?= "9d8556efa4dbd3ee1cfac4af6426a8476637fcef"
+SRCREV_machine:qemuarm64 ?= "aaa7c5002cfdf0f46dcf9239f3074aee1e29741d"
+SRCREV_machine:qemuloongarch64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemumips ?= "d9adf59334edff1b09b883ea5717895e9735aa13"
+SRCREV_machine:qemuppc ?= "52b968d255a67240a548e64e784d3f5269ca3894"
+SRCREV_machine:qemuriscv64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemuriscv32 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemux86 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemux86-64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemumips64 ?= "746738b15a00d5d36105d09ea0f259f44be48ad5"
+SRCREV_machine ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
@@ -36,7 +36,7 @@ SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "9760bf04666dfe154161d49b6207c3486685bf29"
+SRCREV_machine:class-devupstream ?= "142cd8382222d9b135e0029da6830e5e30444d34"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.135"
+LINUX_VERSION ?= "6.6.136"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 34/41] linux-yocto/6.6: update to v6.6.137
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (32 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 33/41] linux-yocto/6.6: update to v6.6.136 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 35/41] linux-yocto/6.6: update to v6.6.138 Yoann Congal
` (6 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
258cf62a6dfde Linux 6.6.137
4b4defd2fce3f Buffer overflow in drivers/xen/sys-hypervisor.c
402d84ad9e89b xen/privcmd: fix double free via VMA splitting
710a4ce5d7afd crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
3ef530ef5585f crypto: authencesn - Fix src offset when decrypting in-place
d0c4ff6812386 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
60c798725c966 crypto: authenc - use memcpy_sglist() instead of null skcipher
c2138c9bd02af crypto: algif_aead - snapshot IV for async AEAD requests
3115af9644c34 crypto: algif_aead - Revert to operating out-of-place
dbea57c08acfc crypto: algif_aead - use memcpy_sglist() instead of null skcipher
9ec26b5d193c9 crypto: scatterwalk - Backport memcpy_sglist()
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 22af5c2a99e..bbcf3122ea1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "99c037f00af27169304f268e388fa3fc65688633"
-SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
+SRCREV_machine ?= "da5f16c9d10d53af703c809e864c09df336edfb7"
+SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.136"
+LINUX_VERSION ?= "6.6.137"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 1153249b8d8..c5c6f88781c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.136"
+LINUX_VERSION ?= "6.6.137"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "4aa4f6df28cc4541355f39ce0c40237408690c14"
-SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
+SRCREV_machine ?= "cd2288c19d6b729b3c7b2b620eb9c311116c72f1"
+SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index f2307dd6e05..358b6a7760b 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "9d8556efa4dbd3ee1cfac4af6426a8476637fcef"
-SRCREV_machine:qemuarm64 ?= "aaa7c5002cfdf0f46dcf9239f3074aee1e29741d"
-SRCREV_machine:qemuloongarch64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemumips ?= "d9adf59334edff1b09b883ea5717895e9735aa13"
-SRCREV_machine:qemuppc ?= "52b968d255a67240a548e64e784d3f5269ca3894"
-SRCREV_machine:qemuriscv64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemuriscv32 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemux86 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemux86-64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemumips64 ?= "746738b15a00d5d36105d09ea0f259f44be48ad5"
-SRCREV_machine ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
+SRCREV_machine:qemuarm ?= "eb708bdc972fc5dc22cdcbf3d3dbdb81e1450fd9"
+SRCREV_machine:qemuarm64 ?= "eafa49201e224e87ad20cf849dead88aec204e68"
+SRCREV_machine:qemuloongarch64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemumips ?= "b75949027e1e8c8c90998ee144c6b97aa2fbf561"
+SRCREV_machine:qemuppc ?= "1b302e1b1463e28dd8d446754cc3140e935ceec6"
+SRCREV_machine:qemuriscv64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemuriscv32 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemux86 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemux86-64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemumips64 ?= "620abbeb29fcd44655d2de94ae7a7fff7656ed01"
+SRCREV_machine ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "142cd8382222d9b135e0029da6830e5e30444d34"
+SRCREV_machine:class-devupstream ?= "258cf62a6dfde3c6a39d120a56a298f2ed6a8901"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.136"
+LINUX_VERSION ?= "6.6.137"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 35/41] linux-yocto/6.6: update to v6.6.138
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (33 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 34/41] linux-yocto/6.6: update to v6.6.137 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 36/41] linux-yocto/6.6: update to v6.6.140 Yoann Congal
` (5 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
3b9f64db04968 Linux 6.6.138
50ed1e7873100 xfrm: esp: avoid in-place decrypt on shared skb frags
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index bbcf3122ea1..68c3c07ef63 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "da5f16c9d10d53af703c809e864c09df336edfb7"
-SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
+SRCREV_machine ?= "9708fab99d7eb8962dda82d642c468a32b6682fa"
+SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.137"
+LINUX_VERSION ?= "6.6.138"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index c5c6f88781c..52d89c713df 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.137"
+LINUX_VERSION ?= "6.6.138"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "cd2288c19d6b729b3c7b2b620eb9c311116c72f1"
-SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
+SRCREV_machine ?= "72c2c9b6014dd199bb70e07e19931b8691fa08e1"
+SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 358b6a7760b..e077808f288 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "eb708bdc972fc5dc22cdcbf3d3dbdb81e1450fd9"
-SRCREV_machine:qemuarm64 ?= "eafa49201e224e87ad20cf849dead88aec204e68"
-SRCREV_machine:qemuloongarch64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemumips ?= "b75949027e1e8c8c90998ee144c6b97aa2fbf561"
-SRCREV_machine:qemuppc ?= "1b302e1b1463e28dd8d446754cc3140e935ceec6"
-SRCREV_machine:qemuriscv64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemuriscv32 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemux86 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemux86-64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemumips64 ?= "620abbeb29fcd44655d2de94ae7a7fff7656ed01"
-SRCREV_machine ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
+SRCREV_machine:qemuarm ?= "9d8edc5598e5c5f17ce696ce032e8dc654858450"
+SRCREV_machine:qemuarm64 ?= "c6600bc98dbafed4fcbd6f1204da6b41ef5feec2"
+SRCREV_machine:qemuloongarch64 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemumips ?= "97c272b944970f93ef93eb87f54899ccb26671f1"
+SRCREV_machine:qemuppc ?= "8dfba699cafc5b5d5f50cb8f270db9b8ae112571"
+SRCREV_machine:qemuriscv64 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemuriscv32 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemux86 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemux86-64 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemumips64 ?= "2744d8ab5ccca406c0acc17c414ff4c8e186708f"
+SRCREV_machine ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "258cf62a6dfde3c6a39d120a56a298f2ed6a8901"
+SRCREV_machine:class-devupstream ?= "3b9f64db049687c0d38b4b3ef2f297f0642179af"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.137"
+LINUX_VERSION ?= "6.6.138"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 36/41] linux-yocto/6.6: update to v6.6.140
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (34 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 35/41] linux-yocto/6.6: update to v6.6.138 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 37/41] linux-yocto/6.6: update to v6.6.141 Yoann Congal
` (4 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
eac8889a3a1c Linux 6.6.140
4c3ed344a970 smb: client: use kzalloc to zero-initialize security descriptor buffer
2074dfffad76 Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete
b94588f5a697 crypto: nx - fix context leak in nx842_crypto_free_ctx
d7e42dc47beb Bluetooth: MGMT: Fix memory leak in set_ssp_complete
f7c14993dc2f mtd: spi-nor: sst: Fix SST write failure
5bb5faff4837 drm/amdgpu/vcn4: Avoid overflow on msg bound check
1936310f68c5 drm/amdgpu/vcn3: Avoid overflow on msg bound check
9b2c795bb2c6 vsock/virtio: fix length and offset in tap skb for split packets
65c484726e74 vsock/virtio: fix accept queue count leak on transport mismatch
a998a7e250bf vsock: fix buffer size clamping order
944d76f749dd KVM: arm64: Wake-up from WFI when iqrchip is in userspace
83ce43a21bb7 ceph: only d_add() negative dentries when they are unhashed
09a69a3d8f97 usb: dwc3: Move GUID programming after PHY initialization
033c80d80fd1 tracing/probes: Limit size of event probe to 3K
f5ee467b5676 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
6b57d6e4c302 batman-adv: tp_meter: fix tp_num leak on kmalloc failure
79bc0eaeef2c batman-adv: stop tp_meter sessions during mesh teardown
c2287250ba69 pwm: imx-tpm: Count the number of enabled channels in probe
3666c037fbde mtd: spi-nor: sst: Fix write enable before AAI sequence
b7cd63d13fae mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`
0000a7780e0e ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
b32f4cd81ef5 mm/damon/reclaim: detect and use fresh enabled and kdamond_pid values
8e7317598d72 usb: typec: tcpm: reset internal port states on soft reset AMS
2b26b1ec4c1d mm/damon/lru_sort: detect and use fresh enabled and kdamond_pid values
0dd8917f35da mm/damon/core: implement damon_kdamond_pid()
7c504ffab3ef rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
cfa4267b5075 mm/damon/core: disallow time-quota setting zero esz
172dcb67dd35 bonding: fix use-after-free due to enslave fail after slave array update
cf1fd517f892 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
c0428a22daf6 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
594973a2e549 fbcon: Avoid OOB font access if console rotation fails
f4b177f96955 spi: microchip-core-qspi: fix controller deregistration
091499f90e09 spi: microchip-core-qspi: Use helper function devm_clk_get_enabled()
420d6f5e3fb4 mm/hugetlb_cma: round up per_node before logging it
fa7aaaed583a spi: uniphier: fix controller deregistration
3e272e6be1a2 spi: uniphier: Simplify clock handling with devm_clk_get_enabled()
c9577d966503 spi: uniphier: switch to use modern name
664b60985a77 spi: tegra20-sflash: fix controller deregistration
4541a6cbec27 spi: tegra114: fix controller deregistration
df771f250402 spi: sun6i: fix controller deregistration
9da85b209f26 spi: sun6i: switch to use modern name
7fd0c4fd2185 spi: zynq-qspi: fix controller deregistration
dc2044ef3647 spi: zynq-qspi: Simplify clock handling with devm_clk_get_enabled()
ae6ee9f16538 spi: zynq-qspi: switch to use modern name
db96551920e2 spi: ti-qspi: fix controller deregistration
25ba53c43f30 spi: spi-ti-qspi: switch to use modern name
3b6cededf65a spi: spi-ti-qspi: Convert to platform remove callback returning void
1cdba535877d spi: sun4i: fix controller deregistration
79a38ff2bd3d spi: sun4i: switch to use modern name
904ff4e79961 spi: syncuacer: fix controller deregistration
5bbe69946620 spi: synquacer: switch to use modern name
6823f730bf19 Bluetooth: hci_conn: fix potential UAF in create_big_sync
b4a53add2fa8 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
0555d4f52623 xfrm: ah: account for ESN high bits in async callbacks
9d3968c48367 net: ipv6: stop checking crypto_ahash_alignmask
0841fc6a36c3 net: ipv4: stop checking crypto_ahash_alignmask
7e78a5bcbd65 ALSA: seq: Fix UMP group 16 filtering
dbacde3d4755 ALSA: seq: Notify client and port info changes
3915715273cd ALSA: core: Serialize deferred fasync state checks
fe337552143f ALSA: misc: Use guard() for spin locks
409fb34c1860 ALSA: hda: cs35l56: Propagate ASP TX source control errors
247ed8a969f9 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
e1c50b273298 net: stmmac: Prevent NULL deref when RX memory exhausted
8a2c91de61ff net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY()
6a74af77eba5 net: stmmac: avoid shadowing global buf_sz
2adbfca7452e crypto: caam - guard HMAC key hex dumps in hash_digest_key
f3a3e2dac5ec printk: add print_hex_dump_devel()
43a878639b90 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
6923cde8dc1d crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
268ae55a4c4f crypto: nx - Migrate to scomp API
c5fa7465794c crypto: nx - Avoid -Wflex-array-member-not-at-end warning
bf96052d617b ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id()
e1c24ce7573d wifi: rtl8xxxu: fix potential use of uninitialized value
3ca80e3012c8 hfsplus: fix held lock freed on hfsplus_fill_super()
61a790974ff7 hfsplus: fix uninit-value by validating catalog record size
82fb9da6477d xfs: fix a resource leak in xfs_alloc_buftarg()
b58baa1d50aa mmc: core: Optimize time for secure erase/trim for some Kingston eMMCs
058b451b1039 udf: fix partition descriptor append bookkeeping
401a49b7f26e firmware: google: framebuffer: Do not unregister platform device
2a40f8bc9bb7 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
a2c817c62943 spi: fix resource leaks on device setup failure
4c4641366143 net: qrtr: ns: Limit the total number of nodes
0dbec101a707 net: qrtr: ns: Limit the maximum number of lookups
e6f6cd501fb5 net: qrtr: ns: Limit the maximum server registration per node
0b9e4bbfb7c9 net: bridge: use a stable FDB dst snapshot in RCU readers
218b772e4815 net: mctp: fix don't require received header reserved bits to be zero
6a2d6273b6c3 RDMA/mana_ib: Disable RX steering on RSS QP destroy
8d4edc89bf71 sched: Use u64 for bandwidth ratio calculations
ede9eca9701d block: relax pgmap check in bio_add_page for compatible zone device pages
18d6a7c9e4e6 media: rc: igorplugusb: heed coherency rules
69b3a50dee62 ALSA: aoa: Skip devices with no codecs in i2sbus_resume()
32fbdb6d6718 media: rc: ttusbir: respect DMA coherency rules
35bcafc82254 ALSA: aoa: i2sbus: clear stale prepared state
a045146109ea ALSA: aoa: Use guard() for mutex locks
07f9bff69da8 ipmi:ssif: Clean up kthread on errors
1f5e011fc8c8 ipmi:ssif: Fix a shutdown race
37a430a2d4e6 thermal: core: Fix thermal zone governor cleanup issues
78509c488c5d PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete
801000afc9c9 wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling
b3303d6e92f6 wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor
b968db3b8b4f wifi: mt76: connac: introduce helper for mt7925 chipset
8dc5b98c20aa arm64/mm: Enable batched TLB flush in unmap_hotplug_range()
bf477abd448c lib: test_hmm: evict device pages on file close to avoid use-after-free
11869ce402d9 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
7edd983e42ee f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally
35baa66a8cd7 ksmbd: replace connection list with hash table
b0b3d62d7230 ksmbd: use msleep instaed of schedule_timeout_interruptible()
1171f329cf1c f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
8e47d297e7cf smb: client: validate the whole DACL before rewriting it in cifsacl
325d4ac11f52 ksmbd: require minimum ACE size in smb_check_perm_dacl()
1593ddb37bd1 smb: common: change the data type of num_aces to le16
795dddb10687 smb: move some duplicate definitions to common/smbacl.h
65419eb4259a batman-adv: bla: put backbone reference on failed claim hash insert
7b8fbcee3184 batman-adv: bla: only purge non-released claims
368449e467d5 batman-adv: bla: prevent use-after-free when deleting claims
aafcbaf1159e batman-adv: stop caching unowned originator pointers in BAT IV
e4a3c4a4c8f6 batman-adv: reject new tp_meter sessions during teardown
f61499359fa5 batman-adv: fix integer overflow on buff_pos
1bfb06ecb00f sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
ee4c7a919761 drm/amdgpu/pm: align Hawaii mclk workaround with radeon
a103f1192dc7 drm/amdgpu/pm: add missing revision check for CI
4f7ca00fa91d drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
b5de35bafcd3 drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in KIQ
91fbb5e635c8 drm/amdgpu: zero-initialize GART table on allocation
b8cbc52c73fa drm/radeon: add missing revision check for CI
91c6dc5a4169 drm/amdkfd: validate SVM ioctl nattr against buffer size
6b992591e04f drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
638d3e0b9eb7 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
c72a8b4dc6d5 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
944db9cfa537 drm/amdgpu/vce: Prevent partial address patches
1dc005775fb5 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
0fb5cb556b24 drm/amdgpu: Add bounds checking to ib_{get,set}_value
4a8093c7def1 drm/amdkfd: Add upper bound check for num_of_nodes
1db431380879 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
01eea4d12fb6 spi: cadence: fix unclocked access on unbind
31e7dd252bf7 spi: cadence: fix controller deregistration
bb6b50f709c5 spi: mpc52xx: fix use-after-free on unbind
59abb878f5a6 spi: orion: fix clock imbalance on registration failure
678a461af304 spi: orion: fix runtime pm leak on unbind
1f120e1a3e1e spi: imx: fix runtime pm leak on probe deferral
17aa64b8fe3e spi: img-spfi: fix controller deregistration
77defd64b405 spi: rspi: fix controller deregistration
c6f82bd90a71 spi: sprd: fix controller deregistration
6dd37ce42ac7 spi: coldfire-qspi: fix controller deregistration
3ad32a7140eb spi: bcmbca-hsspi: fix controller deregistration
562d954a1449 spi: fsl: fix controller deregistration
59da4cdd0c7b spi: sh-hspi: fix controller deregistration
863edec24c1d spi: mtk-nor: fix controller deregistration
4ea9a1ad663c spi: omap2-mcspi: fix controller deregistration
89c0a7762104 spi: fsl-espi: fix controller deregistration
2be39222d6ca spi: s3c64xx: fix controller deregistration
b9d4b9c3457c spi: dln2: fix controller deregistration
951694f9fab9 media: omap3isp: drop the use count of v4l2 pipeline
e85f1e23168f media: i2c: ov08d10: fix image vertical start setting
0b49f5dabc3a media: staging: imx: request mbus_config in csi_start
2dde85b42abd media: i2c: imx412: Assert reset GPIO during probe
97dbf8e69f3a media: dib8000: avoid division by 0 in dib8000_set_dds()
492c5292540f media: pci: zoran: fix potential memory leak in zoran_probe()
f3290d970bbe platform/x86: hp-wmi: Ignore backlight and FnLock events
3ce8f3057c51 media: saa7164: add ioremap return checks and cleanups
55be73783f11 spi: at91-usart: fix controller deregistration
70c2ee9cab5c spi: qup: fix controller deregistration
5a531cbb3bce spi: lantiq-ssc: fix controller deregistration
38321b03b8c2 regulator: bd9571mwv: fix OF node reference imbalance
0da216314247 regulator: act8945a: fix OF node reference imbalance
feb17524aa4e media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
da769e8f8e34 regulator: rk808: fix OF node reference imbalance
5b7471dce523 media: rc: streamzap: Error handling in probe
0cc9251833bf media: rc: xbox_remote: heed DMA restrictions
cd8f1633c3e8 regulator: max77650: fix OF node reference imbalance
e46b3b0c9c44 regulator: mt6357: fix OF node reference imbalance
8c7a281a9922 staging: media: atomisp: Disallow all private IOCTLs
f367ddf1299e spi: atmel: fix controller deregistration
725b90ce70a7 spi: bcm63xx: fix controller deregistration
fd10fb4c33bd media: i2c: ov8856: free control handler on error in ov8856_init_controls()
6467d656e689 media: uvcvideo: Enable VB2_DMABUF for metadata stream
0bc4cf1a6ba0 HID: playstation: Clamp num_touch_reports
df870e104571 exit: Sleep at TASK_IDLE when waiting for application core dump
0b8167e83647 LoongArch: Use per-root-bridge PCIH flag to skip mem resource fixup
07d190e4ec68 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
db7f65df10bd KVM: arm64: Fix initialisation order in __pkvm_init_finalise()
70d12291805a KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value
42dd1c91f993 f2fs: fix node_cnt race between extent node destroy and writeback
88b98e3cfb92 f2fs: fix incorrect multidevice info in trace_f2fs_map_blocks()
72ec0749a1ba f2fs: fix fiemap boundary handling when read extent cache is incomplete
a2bcf16cdf79 f2fs: add READ_ONCE() for i_blocks in f2fs_update_inode()
ebeb70e29e37 mptcp: fix scheduling with atomic in timestamp sockopt
a79bafdd4b63 mptcp: sockopt: set timestamp flags on subflow socket, not msk
bd36fb4f9446 mptcp: use MPTCP_RST_EMPTCP for ACK HMAC validation failure
23e881c7fedb mptcp: use MPJoinSynAckHMacFailure for SynAck HMAC failure
114b4a6d4ede mptcp: fastclose msk when linger time is 0
ecc36a82ecfc RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
e3dc3a2fb05f RDMA/rxe: Reject unknown opcodes before ICRC processing
539cabb7b2d8 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
e01a957561f6 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
a13c2ac4d480 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
c5dc30da9900 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
92582c6978d9 power: supply: max17042: avoid overflow when determining health
27f7c024ede4 PCI/AER: Stop ruling out unbound devices as error source
3937fa851992 PCI/AER: Clear only error bits in PCIe Device Status
b1e9f2d58707 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
971f17f5d910 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
ba7f71b6161c smb: client: validate dacloffset before building DACL pointers
ef6495d4df6e smb/client: fix out-of-bounds read in symlink_data()
dffb44b2e06a smb/client: fix out-of-bounds read in smb2_compound_op()
e5c93847bf03 s390/debug: Reject zero-length input in debug_input_flush_fn()
fb4ae739811d RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
c741433f6c8d openvswitch: vport: fix self-deadlock on release of tunnel ports
9a4d7222c095 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
d525ecf92228 nvme-apple: drop invalid put of admin queue reference count
4af2e558e6fd md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
2ae0afd98432 libceph: Fix slab-out-of-bounds access in auth message processing
470822125b62 lib/scatterlist: fix temp buffer in extract_user_to_sg()
3f17500e86d7 lib/scatterlist: fix length calculations in extract_kvec_to_sg
2aa77a18dc7f lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
bb0988ed4f2e isofs: validate block number from NFS file handle in isofs_export_iget
c9b37c8b73f6 isofs: validate Rock Ridge CE continuation extent against volume size
5489c98bc681 dm-verity-fec: correctly reject too-small hash devices
2e28bb9cc39f dm-verity-fec: correctly reject too-small FEC devices
ae9cd0b46b18 eventfs: Hold eventfs_mutex and SRCU when remount walks events
f0b0b09d9840 dm: fix a buffer overflow in ioctl processing
16fc9f57b5d7 dm: don't report warning when doing deferred remove
12161e03d33a dm-thin: fix metadata refcount underflow
c2670ec4aa49 btrfs: fix double free in create_space_info() error path
f7126b0b2455 ASoC: qcom: q6apm: remove child devices when apm is removed
3141d8b00cad ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
cb25b46a8dbe ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop
ef1b78a68675 ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error
a06bd365a587 ASoC: fsl_easrc: fix comment typo
d91e616474c6 ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table
88f32a6806c8 cpuidle: powerpc: avoid double clear when breaking snooze
47bc7a03449c clk: microchip: mpfs-ccc: fix out of bounds access during output registration
be8af24ff376 clk: imx: imx8-acm: fix flags for acm clocks
d79e92161b65 spi: topcliff-pch: fix use-after-free on unbind
5f08cbdce0f3 thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp
c040f6c5402c thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata
50dfaf4a0277 udf: reject descriptors with oversized CRC length
82bc89fbb82d ibmveth: Disable GSO for packets with small MSS
9415a3fbf677 hv_sock: fix ARM64 support
a0ea2ee6ec05 gpio: of: clear OF_POPULATED on hog nodes in remove path
476254a6c87c extcon: ptn5150: handle pending IRQ events during system resume
2a5ed5055d1e cifs: change_conf needs to be called for session setup
ff519f87c36b cifs: abort open_cached_dir if we don't request leases
3d2ecbd444b0 block: add pgmap check to biovec_phys_mergeable
0d7e7235bc54 af_unix: Reject SIOCATMARK on non-stream sockets
d6c7f32094d6 hwmon: (corsair-psu) Close HID device on probe errors
39f0604bf1ae clk: rk808: fix OF node reference imbalance
0fc5303fa33d hwmon: (ltc2992) Fix u32 overflow in power read path
66daaf79de20 hwmon: (ltc2992) Clamp threshold writes to hardware range
c9a3b2fb4003 parisc: Fix IRQ leak in LASI driver
f94450ce5053 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler
21d70744e6d3 net/rds: handle zerocopy send cleanup before the message is queued
eca62bb0569d ip6_gre: Use cached t->net in ip6erspan_changelink().
d3bd80404979 net: libwx: fix VF illegal register access
6162e8212e88 sound: ua101: fix division by zero at probe
0653c0516234 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
9a80c458320e mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
895ebbedf883 fanotify: fix false positive on permission events
f39501ea776f staging: vme_user: fix root device leak on init failure
1108b8722b9f spi: s3c64xx: fix NULL-deref on driver unbind
487f65651549 spi: zynqmp-gqspi: fix controller deregistration
5105f3e6b2df Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
ab77c8bc3026 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
6cb7f67bc28d Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
1e1e509b6fd2 Bluetooth: virtio_bt: validate rx pkt_type header length
ed41c81d30b2 Bluetooth: virtio_bt: clamp rx length before skb_put
4aec732807c5 selinux: prune /sys/fs/selinux/disable
01231051fa45 selinux: shrink critical section in sel_write_load()
ebd425067290 selinux: don't reserve xattr slot when we won't fill it
c2efc4956981 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
3bf4e93ed085 xfrm: provide message size for XFRM_MSG_MAPPING
0f39c2626617 powerpc/kdump: fix KASAN sanitization flag for core_$(BITS).o
cdbd10975b96 ALSA: firewire-tascam: Do not drop unread control events
b0c0d44adb55 usb: ulpi: fix memory leak on ulpi_register() error paths
20284bf5cc84 USB: serial: option: add Telit Cinterion LE910Cx compositions
9b92535cb729 USB: omap_udc: DMA: Don't enable burst 4 mode
91c3634bc6ac ALSA: usb-audio: Fix UAC3 cluster descriptor size check
e0e3dcf48189 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
a3c42466f45c ALSA: usb-audio: midi2: Restart output URBs on resume
d06d937b0a4c usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
6e29c32a2721 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
ed4168d1a50f wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
c3d7b90dc950 wifi: b43: enforce bounds check on firmware key index in b43_rx()
fe75fa1ac9a9 wifi: mac80211: remove station if connection prep fails
83226c71af53 wifi: ath5k: do not access array OOB
95fcb436586d wifi: rsi: fix kthread lifetime race between self-exit and external-stop
03584528bfff wifi: mac80211: drop stray 'static' from fast-RX rx_result
1baaeb6adecb wifi: b43legacy: enforce bounds check on firmware key index in RX path
d04bc2355392 wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work
e451c325b000 wifi: mt76: mt7921: fix a potential clc buffer length underflow
640b4c00fb0e exit: prevent preemption of oopsing TASK_DEAD task
e4bbd3521db0 bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
aa71ab2cc929 selftests/bpf: validate fake register spill/fill precision backtracking logic
2fcd619caecb bpf: handle fake register spill to stack with BPF_ST_MEM instruction
f013c1dafe93 selftests/bpf: validate precision logic in partial_stack_load_preserves_zeros
c05c8db19cd3 bpf: track aligned STACK_ZERO cases as imprecise spilled registers
9d2cf5a4a378 selftests/bpf: validate zero preservation for sub-slot loads
d3b398ee3404 bpf: preserve constant zero when doing partial register restore
6d40191708e1 selftests/bpf: validate STACK_ZERO is preserved on subreg spill
57f41f1eac13 bpf: preserve STACK_ZERO slots on partial reg spills
c994886689fe selftests/bpf: add stack access precision test
e4da60feca4d bpf: support non-r10 register spill/fill to/from stack in precision tracking
36aa34f42cb6 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
898a1751b620 KVM: SVM: check validity of VMCB controls when returning from SMM
695b491dc3f2 dmaengine: idxd: Fix leaking event log memory
5ba95b119aa7 dmaengine: idxd: Fix crash when the event log is disabled
0305e7118451 net: txgbe: fix RTNL assertion warning when remove module
db104b0d8a78 flow_dissector: do not dissect PPPoE PFC frames
da54b3039d43 net: Fix icmp host relookup triggering ip_rt_bug
d51bf43193b1 iommu/amd: serialize sequence allocation under concurrent TLB invalidations
c28c87d9a389 iommu/amd: Use atomic64_inc_return() in iommu.c
488e386484ec KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
4772032a2c62 rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
4d08401aa13f ext4: validate p_idx bounds in ext4_ext_correct_indexes
e3bf143b1e98 rxrpc: Fix potential UAF after skb_unshare() failure
0d645c6d13fa spi: meson-spicc: Fix double-put in remove path
e2c2b044458c x86/shstk: Prevent deadlock during shstk sigreturn
21159d8b335a drm/amd/display: Do not skip unrelated mode changes in DSC validation
c79cf4232160 x86: shadow stacks: proper error handling for mmap lock
4a0bb8f9f71b spi: rockchip: fix controller deregistration
327a64241f30 ASoC: SOF: Don't allow pointer operations on unconfigured streams
cf3eb7c8e705 iommufd: Fix a race with concurrent allocation and unmap
3bb92bac4e27 ACPI: video: force native backlight on HP OMEN 16 (8A44)
95242430c136 ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug
419d6c640da7 ACPI: scan: Use acpi_dev_put() in object add error paths
4f312c30f036 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
ce905b65e649 ipmi:si: Return state to normal if message allocation fails
2418e4b21fb1 ipmi: Check event message buffer response for bad data
67c44e0deba9 ipmi: Add limits to event and receive message requests
1f678d13e939 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
bffef0acec9c netfilter: reject zero shift in nft_bitwise
6bd17925bd68 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
50c6a1f05973 ALSA: caiaq: fix usb_dev refcount leak on probe failure
be0376affcaf drm/amdgpu: fix zero-size GDS range init on RDNA4
8e8be63465a5 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
e4389fb74cec ALSA: caiaq: Don't abort when no input device is available
be62c8bb03b6 ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path
68532b09cbfc driver core: Add kernel-doc for DEV_FLAG_COUNT enum value
b69933e97efe crypto: authencesn - reject short ahash digests during instance creation
e3cebcde0114 seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode
262152ec3710 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
8a1fc8d698ac rtmutex: Use waiter::task instead of current in remove_waiter()
a954061b334e ntfs3: fix integer overflow in run_unpack() volume boundary check
bf7ac4a1d3bf ntfs3: add buffer boundary checks to run_unpack()
98f4ba3480b9 ktest: Fix the month in the name of the failure directory
9d8fd84aab19 IB/core: Fix zero dmac race in neighbor resolution
35f6b3281efd dm mirror: fix integer overflow in create_dirty_log()
c5a45d14234b crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
5281e6e23023 crypto: atmel-tdes - fix DMA sync direction
3061c9bfb3f5 crypto: ccree - fix a memory leak in cc_mac_digest()
5b71db0780f1 crypto: hisilicon - Fix dma_unmap_single() direction
3f92c1de3bf1 crypto: atmel-ecc - Release client on allocation failure
b63f1e2f0e31 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
d78ee361b365 crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit
4b7d07747400 can: ucan: fix devres lifetime
204028af77a2 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
6cbf21775ee6 taskstats: set version in TGID exit notifications
ab5fdcd53564 tcp: call sk_data_ready() after listener migration
8bcc1cd237ab inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
33698bd1b2db md/raid5: validate payload size before accessing journal metadata
09880592f5a9 md/raid5: fix soft lockup in retry_aligned_read()
1bc1107a3a40 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
ab6da97bc310 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
8bbed28f6b42 io_uring/poll: fix multishot recv missing EOF on wakeup race
d26f8c361f75 mtd: docg3: fix use-after-free in docg3_release()
980d6ba22747 mtd: docg3: Convert to platform remove callback returning void
ddb188b88d55 KVM: nSVM: Add missing consistency check for nCR3 validity
23ccf4affa6c KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
de6d8562a9cf KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT
c0095cef7303 KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT
83754e459c4b KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID)
ddc242a7bb44 KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN
d218a0e8a63c KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT
263640149d81 KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode
36f36a6e4e74 KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
3ac9d4241d20 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
1709418535a8 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
702ce67817de KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
15003179c74d KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state
35053cdec119 KVM: x86: Defer non-architectural deliver of exception payload to userspace read
f3deabe0f5ac userfaultfd: allow registration of ranges below mmap_min_addr
14c643ecdc42 mm/damon/core: use time_in_range_open() for damos quota window start
d975c077fbdc rtc: ntxec: fix OF node reference imbalance
f92cc1d2c0b4 tpm: tpm_tis: stop transmit if retries are exhausted
2e0fd1cb4de4 tpm: tpm_tis: add error logging for data transfer
a866e2b1c65e crypto: talitos - rename first/last to first_desc/last_desc
00463d5f864a crypto: talitos - fix SEC1 32k ahash request limitation
a72815210182 arm64: dts: ti: am62-verdin: Enable pullup for eMMC data pins
00b1d0f4e7bb mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration
0aaa43198645 mmc: block: use single block write in retry
fdabbc881930 randomize_kstack: Maintain kstack_offset per task
c03556448d47 power: supply: axp288_charger: Do not cancel work before initializing it
703fb43600c2 LoongArch: Show CPU vulnerabilites correctly
41aec1d85b88 tpm: avoid -Wunused-but-set-variable
64282a745897 extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
4b2738b93eda libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
92e7c209036d ipv4: icmp: validate reply type before using icmp_pointers
2fd4f8b74930 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
3e75d06cf3e4 drm/arcpgu: fix device node leak
fa0c4283efef net: ks8851: Avoid excess softirq scheduling
640a7631d31d net: ks8851: Reinstate disabling of BHs around IRQ handler
f0858e1d5624 net/smc: avoid early lgr access in smc_clc_wait_msg
e98bd8888e3f net: txgbe: fix firmware version check
8fdbb6262a4a net: rds: fix MR cleanup on copy error
ff78ed177a66 net: qrtr: ns: Free the node during ctrl_cmd_bye()
4069329eeba0 tools/accounting: handle truncated taskstats netlink messages
d61482be4aae rxrpc: Fix re-decryption of RESPONSE packets
f1c6bd0cc786 rxrpc: Fix rxkad crypto unalignment handling
c4b8f32e73ea rxrpc: Fix memory leaks in rxkad_verify_response()
97a97090872f iio: adc: ad7768-1: fix one-shot mode data acquisition
528763fd6bb8 ALSA: pcmtest: Fix resource leaks in module init error paths
c21ef73713eb ALSA: pcmtest: fix reference leak on failed device registration
99c8060c3b33 ALSA: 6fire: Fix input volume change detection
f537e3ad6960 ALSA: caiaq: Handle probe errors properly
f4dfbdc1be34 ALSA: caiaq: Fix control_put() result and cache rollback
e794e1763e80 ALSA: core: Fix potential data race at fasync handling
fafab8b3cd57 io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE
cf522703d4f1 io_uring/poll: fix signed comparison in io_poll_get_ownership()
89ca27d6d3b2 iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned()
44100ed1bdce io_uring/timeout: check unused sqe fields
2f4809a879f0 rbd: fix null-ptr-deref when device_add_disk() fails
1627d6060b45 selftests/mqueue: Fix incorrectly named file
5d1451cb2cf6 remoteproc: xlnx: Only access buffer information if IPI is buffered
c9d2f7b9c38c parisc: _llseek syscall is only available for 32-bit userspace
1b4039d8f4f6 nvme: respect NVME_QUIRK_DISABLE_WRITE_ZEROES when wzsl is set
86bffea0b9f2 nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4
ec7f47706269 mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused
965d6162dd88 md/raid10: fix deadlock with check operation and nowait requests
222055e6b406 erofs: fix the out-of-bounds nameoff handling for trailing dirents
8555d6990432 ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes
25ded535ee26 ALSA: ctxfi: Add fallback to default RSR for S/PDIF
831074ec21b4 ALSA: aoa: i2sbus: fix OF node lifetime handling
32e0b9255726 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
0f313eb6a8f6 net: qrtr: ns: Fix use-after-free in driver remove()
3a5023627ab9 media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe()
4a34fd6b04f9 lib/ts_kmp: fix integer overflow in pattern length calculation
a34d96381bf8 Revert "ALSA: usb: Increase volume range that triggers a warning"
72099f015d3c PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
2209fdae5c2f media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
e9ae00490d47 net: strparser: fix skb_head leak in strp_abort_strp()
914c6456fcfc net: caif: clear client service pointer on teardown
1fbe46d2b727 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
42dc622776f3 media: amphion: Fix race between m2m job_abort and device_run
0ba03e06f037 of: unittest: fix use-after-free in testdrv_probe()
9f1cbca178c0 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
9337ed5e777e f2fs: fix to detect potential corrupted nid in free_nid_list
f99165ef0677 spi: imx: fix use-after-free on unbind
8c43ed08643a um: drivers: call kernel_strrchr() explicitly in cow_user.c
cc9b6303e7ea wifi: rtw88: check for PCI upstream bridge existence
2d1f18efccdb zram: do not forget to endio for partial discard requests
108f2cd13577 LoongArch: Add spectre boundry for syscall dispatch table
29166a0e732f driver core: Don't let a device probe until it's ready
886f97fa59d0 ocfs2: split transactions in dio completion to avoid credit exhaustion
17b399cbb9fa device property: Make modifications of fwnode "flags" thread safe
abc6bdcbc045 regset: use kvzalloc() for regset_get_alloc()
e620378aab78 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
be7c5dcfd3c7 drm/amdgpu: Use vmemdup_array_user in amdgpu_bo_create_list_entry_array
c7f4dad62813 padata: Remove comment for reorder_work
a11a12a9880a padata: Fix pd UAF once and for all
0b60eb04b852 Bluetooth: MGMT: Fix possible UAFs
d0b27c41aa09 firmware: google: framebuffer: Do not mark framebuffer as busy
fd19eb1c7504 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
a672682d39dd ibmasm: fix OOB reads in command_file_write due to missing size checks
fc7e9a74e322 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
28a2e047d037 leds: qcom-lpg: Check for array overflow when selecting the high resolution
fa297e919d16 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
8775fa6e2914 ALSA: usb-audio: Evaluate packsize caps at the right place
e3a0ebd80ae6 usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change
82d050713073 usb: chipidea: otg: not wait vbus drop if use role_switch
8429841d12ca usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable()
d1905dbbb7c0 ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch
610ba605a4f7 ALSA: usb-audio: Avoid false E-MU sample-rate notifications
ab5ba9fd1387 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
4d922539ad7d Linux 6.6.139
ff6fc65b3bf7 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
8f907d345bae ptrace: slightly saner 'get_dumpable()' logic
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 68c3c07ef63..d8d3d69f197 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "9708fab99d7eb8962dda82d642c468a32b6682fa"
-SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
+SRCREV_machine ?= "742fd3c3537c966272314e48f67397f0e1d622d7"
+SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.138"
+LINUX_VERSION ?= "6.6.140"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 52d89c713df..0fd9c36bd80 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.138"
+LINUX_VERSION ?= "6.6.140"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "72c2c9b6014dd199bb70e07e19931b8691fa08e1"
-SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
+SRCREV_machine ?= "cd0d6d62e0e4ff344241d89f37cd6d305e1afb85"
+SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index e077808f288..dc978f240e6 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "9d8edc5598e5c5f17ce696ce032e8dc654858450"
-SRCREV_machine:qemuarm64 ?= "c6600bc98dbafed4fcbd6f1204da6b41ef5feec2"
-SRCREV_machine:qemuloongarch64 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemumips ?= "97c272b944970f93ef93eb87f54899ccb26671f1"
-SRCREV_machine:qemuppc ?= "8dfba699cafc5b5d5f50cb8f270db9b8ae112571"
-SRCREV_machine:qemuriscv64 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemuriscv32 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemux86 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemux86-64 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemumips64 ?= "2744d8ab5ccca406c0acc17c414ff4c8e186708f"
-SRCREV_machine ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
+SRCREV_machine:qemuarm ?= "0aa210fedb89bfb9577bc20b56cc674437f85843"
+SRCREV_machine:qemuarm64 ?= "655d3dc028f830d71d9565ec8302a0e339a2de2f"
+SRCREV_machine:qemuloongarch64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemumips ?= "b547c71f2db45462626f69a4e4bffad43ffaeddc"
+SRCREV_machine:qemuppc ?= "c1de905a03cfd9cf9de51657e7fd20ec6fb7d078"
+SRCREV_machine:qemuriscv64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemuriscv32 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemux86 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemux86-64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemumips64 ?= "6f0fadc3449cfed9ceac3cce845dfb9b70f9affd"
+SRCREV_machine ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "3b9f64db049687c0d38b4b3ef2f297f0642179af"
+SRCREV_machine:class-devupstream ?= "eac8889a3a1c81d7113cc4656b9420e84c379cf5"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.138"
+LINUX_VERSION ?= "6.6.140"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 37/41] linux-yocto/6.6: update to v6.6.141
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (35 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 36/41] linux-yocto/6.6: update to v6.6.140 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 38/41] linux-yocto/6.6: update to v6.6.142 Yoann Congal
` (3 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
0a40c6fbd105 Linux 6.6.141
f9957ea12103 netfs: Fix potential uninitialised var in netfs_extract_user_iter()
989214c66884 net: skbuff: propagate shared-frag marker through frag-transfer helpers
78bf6b6bb195 net: skbuff: preserve shared-frag marker during coalescing
9115669faedc net/rds: reset op_nents when zerocopy page pin fails
864889ea15f0 mptcp: pm: ADD_ADDR rtx: resched blocked ADD_ADDR quicker
013dcdc19615 mptcp: pm: ADD_ADDR rtx: fix potential data-race
b21823f637e0 spi: sifive: fix controller deregistration
524202b00b91 spi: sifive: Simplify clock handling with devm_clk_get_enabled()
bf76b4a58c1a media: nxp: imx8-isi: Reduce minimum queued buffers from 2 to 0
9c7c941d2242 spi: st-ssc4: fix controller deregistration
d8cd9fb5e655 spi: st-ssc4: switch to use modern name
a7fb771314fb ksmbd: validate inherited ACE SID length
190e570cc0fc RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
8358a142f2a1 f2fs: fix false alarm of lockdep on cp_global_sem lock
6b050c4cfade f2fs: fix incorrect file address mapping when inline inode is unwritten
f63201f674ee mptcp: pm: kernel: correctly retransmit ADD_ADDR ID 0
93a9014029e4 mptcp: pm: prio: skip closed subflows
0750c7935feb mptcp: fix rx timestamp corruption on fastopen
11fdbd033e4c mptcp: drop __mptcp_fastopen_gen_msk_ackseq()
7d7c9f0fcd19 RDMA/mana: Validate rx_hash_key_len
cc3c0a0f9657 btrfs: fix missing last_unlink_trans update when removing a directory
397418a9456c btrfs: use btrfs inodes in btrfs_rmdir() to avoid so much usage of BTRFS_I()
546ca2e3e55a btrfs: use inode already stored in local variable at btrfs_rmdir()
39aba0e6d5aa smb: client: Use FullSessionKey for AES-256 encryption key derivation
cea7d2688ded drm/v3d: Reject empty multisync extension to prevent infinite loop
958e032618c8 eventfs: Use list_add_tail_rcu() for SRCU-protected children list
d2a675f2e238 btrfs: fix double free in create_space_info_sub_group() error path
1ce1ec384486 btrfs: remove fs_info argument from btrfs_sysfs_add_space_info_type()
707cb5df3eab pmdomain: core: Fix detach procedure for virtual devices in genpd
c7d1eb27cf37 drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init
4e04b564c005 drm/gma500/oaktrail_lvds: fix hang on init failure
63a2b5906e15 drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup
4eb9d07b219f drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout()
e5eb0a29a8aa drm/i915: skip __i915_request_skip() for already signaled requests
2776f9016f1b iommu/vt-d: Disable DMAR for Intel Q35 IGFX
534ebc08df97 libceph: handle rbtree insertion error in decode_choose_args()
ea0d42137f0c libceph: Fix potential out-of-bounds access in crush_decode()
d7a65a34d245 libceph: Fix potential null-ptr-deref in decode_choose_args()
0d2dd7e6bb74 libceph: Fix potential out-of-bounds access in osdmap_decode()
bcbbdae1b88f netfs: fix error handling in netfs_extract_user_iter()
cad72955f8fb powerpc/warp: Fix error handling in pika_dtm_thread
d6bda9df0c0a io-wq: check that the predecessor is hashed in io_wq_remove_pending()
4bfdcefdaa60 ceph: fix a buffer leak in __ceph_setxattr()
3d3b2b01a3e7 ALSA: usb-audio: Bound MIDI endpoint descriptor scans
fafc97bd01e4 ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
7eaa514be4c0 drm/i915/dp: Fix VSC dynamic range signaling for RGB formats
b41598bf54b3 smb/client: fix possible infinite loop and oob read in symlink_data()
a1d4f3d3c0dc ASoC: SOF: Intel: hda: Fix NULL pointer dereference
0f9ac21618c0 ASoC: SOF: Intel: hda-dai: add support for dspless mode beyond HDAudio
1eda406a9432 ASoC: SOF: Intel: hda-dai: remove dspless special case
e3ccb11fc824 netfilter: nf_tables: unconditionally bump set->nelems before insertion
dde6eca9afae KVM: x86: Fix Xen hypercall tracepoint argument assignment
a99a25db131e KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic
01b71b930f15 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
5b6da42fd804 audit: enforce AUDIT_LOCKED for AUDIT_TRIM and AUDIT_MAKE_EQUIV
810d382802a5 net: atlantic: preserve PCI wake-from-D3 on shutdown when WOL enabled
ecca618e1e33 netfilter: nft_ct: fix missing expect put in obj eval
151ee470edc3 audit: fix incorrect inheritable capability in CAPSET records
b92e124ef30a netfilter: nf_conntrack_sip: get helper before allocating expectation
0088b3328a6f workqueue: Fix wq->cpu_pwq leak in alloc_and_link_pwqs() WQ_UNBOUND path
a5712dc25d14 i40e: Cleanup PTP pins on probe failure
e4c4a5074532 crypto: af_alg - Cap AEAD AD length to 0x80000000
fa6794c968d4 bonding: fix NULL pointer dereference in actor_port_prio setting
044dcbcb19c3 netconsole: avoid out-of-bounds access on empty string in trim_newline()
feb754bde3ef net/sched: sch_pie: annotate more data-races in pie_dump_stats()
bf3962084183 ksmbd: validate response sizes in ipc_validate_msg()
52b9f8099369 net: bcmgenet: fix leaking free_bds
dda1a2e898ad net: bcmgenet: Initialize u64 stats seq counter
f17a4850d1ce crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
d65a64755a3d smb: client: fix OOB reads parsing symlink error response
ba302d3abb82 smb: client: correctly handle ErrorContextData as a flexible array
2c7d07892ef8 Revert "crypto: nx - Migrate to scomp API"
6c9970847516 Revert "crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx"
cb4634cb537b Revert "crypto: nx - fix context leak in nx842_crypto_free_ctx"
02ecc0978c45 ntfs: ->d_compare() must not block
9ccd0c1686c3 net/sched: cls_flower: revert unintended changes
131e50acfeed sfc: fix error code in efx_devlink_info_running_versions()
688f12aa4451 net: tls: fix strparser anchor skb leak on offload RX setup failure
3ad2471e61e9 ice: fix NULL pointer dereference in ice_reset_all_vfs()
bee6158b8a36 iavf: add VIRTCHNL_OP_ADD_VLAN to success completion handler
b90697dd4b45 iavf: wait for PF confirmation before removing VLAN filters
5936b7f29a38 iavf: stop removing VLAN filters from PF on interface down
ee587b3b97b7 iavf: rename IAVF_VLAN_IS_NEW to IAVF_VLAN_ADDING
3b7265b3a82f bonding: 3ad: implement proper RCU rules for port->aggregator
2353f43d7ee7 bonding: print churn state via netlink
fcf04d6f6943 bonding: add support for per-port LACP actor priority
60fcd5af8279 net: bonding: add broadcast_neighbor option for 802.3ad
ee2217012b3a bonding: 802.3ad replace MAC_ADDRESS_EQUAL with __agg_has_partner
71d591d33dc4 drm/amd/display: Read EDID from VBIOS embedded panel info
3dce88cf11d7 drm/amd/display: Allow DCE link encoder without AUX registers
e3f95b1ba242 futex: Prevent lockup in requeue-PI during signal/ timeout wakeup
d68f753d89f4 ALSA: hda/conexant: Fix missing error check for jack detection
539604dcbf41 ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87
35b7210e15a6 ALSA: hda/conexant: fix some typos
3eaf81c3553e netconsole: propagate device name truncation in dev_name_store()
3bc2c51a9ba1 net: netconsole: move newline trimming to function
003b52afba79 net/sched: sch_cake: annotate data-races in cake_dump_stats() (V)
a0f4e4e8e0f5 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
0928f17e86a5 ipv6: rename and move ip6_dst_lookup_tunnel()
3bab544ae1e1 ipv4: add new arguments to udp_tunnel_dst_lookup()
f933e5a43732 ipv4: remove "proto" argument from udp_tunnel_dst_lookup()
0379c21610f0 ipv4: rename and move ip_route_output_tunnel()
5cb1dd7093d3 sctp: discard stale INIT after handshake completion
043e4b649b4b netfilter: skip recording stale or retransmitted INIT
e3610ad82ebd ASoC: codecs: ab8500: Fix casting of private data
b884ff67d62e drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring
d4e0172a1b61 drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring
ee035a9d3eed drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring
63691e396105 drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring
f675801889b2 drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring
c12a5d35033c drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring
e74fc9c72c1b drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings
2c6fb056567e drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings
f264019be80d drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings
b233ba52fd2e net: phy: dp83869: fix setting CLK_O_SEL field.
47d017fe3159 net: mctp i2c: check length before marking flow active
924b961d293c ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams
9247d59ca15b neigh: let neigh_xmit take skb ownership
dbe42409bfeb neighbour: add RCU protection to neigh_tables[]
ec2501e361b0 net/sched: taprio: fix NULL pointer dereference in class dump
0d0dd383ac4d NFC: trf7970a: Ignore antenna noise when checking for RF field
17e23e815008 net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit
5db090ca07b2 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
3db8d078f7f6 vrf: Fix a potential NPD when removing a port from a VRF
d4f8505517ff net/sched: sch_fq_pie: annotate data-races in fq_pie_dump_stats()
229ad4b2dd86 net/sched: sch_choke: annotate data-races in choke_dump_stats()
bd426bda5741 net/sched: netem: check for negative latency and jitter
5c4fe716511d net/sched: netem: fix slot delay calculation overflow
3a3698b96688 net/sched: netem: validate slot configuration
116f10027e61 net/sched: netem: only reseed PRNG when seed is explicitly provided
39a66e83ea41 net/sched: netem: fix queue limit check to include reordered packets
d2a74e0ea346 net/sched: netem: fix probability gaps in 4-state loss model
818f7673ed7f netdevsim: zero initialize struct iphdr in dummy sk_buff
47421f8401fc cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
ea6e650b079e arm64/scs: Fix potential sign extension issue of advance_loc4
b933de804c84 drm/sysfb: ofdrm: fix PCI device reference leaks
8524b1c04adc spi: rockchip: Read ISR, not IMR, to detect cs-inactive IRQ
ea2ecd29b8f4 netfilter: nf_conntrack_sip: don't use simple_strtoul
82664d0f1ba2 netfilter: xt_policy: fix strict mode inbound policy matching
f60bc289c555 drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs (v2)
da602e831334 drm/amdgpu/uvd3.1: Don't validate the firmware when already validated
03011db69f5e drm/amdgpu: fix spelling typos
8c4254c8f583 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
1b8595d126ea nvme-pci: fix missed admin queue sq doorbell write
ad9973df8e0e netfilter: arp_tables: fix IEEE1394 ARP payload parsing
d7c8f95f599b nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
cbf460bf9492 tracing: branch: Fix inverted check on stat tracer registration
f8f643d5ebef btrfs: fix double-decrement of bytes_may_use in submit_one_async_extent()
03d3739a830e mailbox: mailbox-test: make data_ready a per-instance variable
75a365c69bb7 mailbox: mailbox-test: initialize struct earlier
3afca89fae50 mailbox: mailbox-test: don't free the reused channel
14aed0d4e583 mailbox: add sanity check for channel array
0a0ac6cd2e46 cgroup/rdma: fix integer overflow in rdmacg_try_charge()
81c9e7e4030e mailbox: mailbox-test: free channels on probe error
0d2edd20b61b fbdev: offb: fix PCI device reference leak on probe failure
86094f62ba21 rtc: abx80x: Disable alarm feature if no interrupt attached
a11372a8b1ce fs/adfs: validate nzones in adfs_validate_bblk()
0897ccf6e930 vhost_net: fix sleeping with preempt-disabled in vhost_net_busy_poll()
0274f24485fc tipc: fix double-free in tipc_buf_append()
0ace0ce02911 nfp: fix swapped arguments in nfp_encode_basic_qdr() calls
6bedc3ff4ba4 net: dsa: realtek: rtl8365mb: fix mode mask calculation
d394093ed06e net/sched: sch_sfb: annotate data-races in sfb_dump_stats()
86a6243d8654 net/sched: sch_red: annotate data-races in red_dump_stats()
717bec018ce1 net/sched: sch_fq_codel: remove data-races from fq_codel_dump_stats()
7bdb2b038c35 net/sched: sch_pie: annotate data-races in pie_dump_stats()
046b2d8c9606 net_sched: sch_hhf: annotate data-races in hhf_dump_stats()
b6ba93a7b71e net/rds: zero per-item info buffer before handing it to visitors
1ff46c9915c1 ksmbd: scope conn->binding slowpath to bound sessions only
407b6e699ba8 ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open
27fca12b9c2c ksmbd: destroy async_ida in ksmbd_conn_free()
8a3cd890fd2a ksmbd: add support for supplementary groups
234681c54581 ksmbd: Use struct_size() to improve smb_direct_rdma_xmit()
1f3235364037 ksmbd: destroy tree_conn_ida in ksmbd_session_destroy()
8db8727ea8d1 arm64: dts: meson-gxl-p230: fix ethernet PHY interrupt number
37537e42e6df slip: bound decode() reads against the compressed packet length
c6980e8b1a86 slip: reject VJ receive packets on instances with no rstate array
5d05de2f0928 netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check
32e50f92c7cf netfilter: nfnetlink_osf: fix out-of-bounds read on option matching
5241a3ab2c77 ipvs: fix MTU check for GSO packets in tunnel mode
cbeb259f3138 netfilter: xtables: restrict several matches to inet family
1c9fb8aeed06 netfilter: conntrack: remove sprintf usage
8def8fbd23f4 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
554cc061ca13 netfilter: nft_osf: restrict it to ipv4
f9ef3db77a38 openvswitch: cap upcall PID array size and pre-size vport replies
8a5e840babc5 pppoe: drop PFC frames
d67fbc6dea5d sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
0069813e6ca9 ipv6: fix possible UAF in icmpv6_rcv()
733a1b310297 e1000e: Unroll PTP in probe error handling
8a254c6db3ee i40e: don't advertise IFF_SUPP_NOFCS
ca6f9d9aee54 ice: fix double-free of tx_buf skb
a753619ffecf ice: Remove jumbo_remove step from TX path
982a56c888d3 tcp: annotate data-races around tp->plb_rehash
993847e92765 tcp: annotate data-races around (tp->write_seq - tp->snd_nxt)
a445beb84c83 tcp: annotate data-races around tp->dsack_dups
60db862ea01e tcp: annotate data-races around tp->bytes_retrans
3e1b40e4f186 tcp: annotate data-races around tp->bytes_sent
409a02760834 tcp: add data-race annotations around tp->data_segs_out and tp->total_retrans
eee072fe16c6 net/sched: taprio: fix use-after-free in advance_sched() on schedule switch
aaac3bed0342 nexthop: fix IPv6 route referencing IPv4 nexthop
616db97e3aff net/sched: sch_cake: fix NAT destination port not being updated in cake_update_flowkeys
497925275838 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
f250c3772dd7 arm64: dts: imx8mm-tqma8mqml: Correct PAD settings for PMIC_nINT
0fa0bcdebeb0 arm64: dts: imx8mn-tqma8mqnl: Correct PAD settings for PMIC_nINT
3098c905af2f arm64: dts: imx8mm-emtop-som: Correct PAD settings for PMIC_nINT
6d9f35fe4638 PCMCIA: Fix garbled log messages for KERN_CONT
ca962d175543 arm64: dts: imx8mp-data-modul-edm-sbc: Correct PAD settings for PMIC_nINT
7adb32513191 arm64: dts: imx8mp-dhcom-som: Correct PAD settings for PMIC_nINT
640aea541eba arm64: dts: imx8mp-icore-mx8mp: Correct PAD settings for PMIC_nINT
1f285713fb8d arm64: dts: imx8mp-debix-som-a: Correct PAD settings for PMIC_nINT
827ccceff758 arm64: dts: imx8mp-debix-model-a: Correct PAD settings for PMIC_nINT
eecee15e263c crypto: ccp - copy IV using skcipher ivsize
f19a744d5271 crypto: sa2ul - Fix AEAD fallback algorithm names
424df78c8a64 drm/i915/wm: Verify the correct plane DDB entry
ed5ca5d5b97c drm/i915: Loop over all active pipes in intel_mbus_dbox_update
c2577b18c6e2 drm/i915: Extract intel_dbuf_mdclk_cdclk_ratio_update()
c5de9ff7939b drm/i915: Simplify watermark state checker calling convention
73abb7c1fffd drm/i915: Constify watermark state checker
cea15f66b7b6 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
756d1a3954fe f2fs: Use sysfs_emit_at() to simplify code
21fe517179f3 clk: visconti: pll: initialize clk_init_data to zero
caa74d80d749 lib/hexdump: print_hex_dump_bytes() calls print_hex_dump_debug()
db62a24a07b3 clk: qcom: dispcc-sc7180: Add missing MDSS resets
5db0537ddef4 dt-bindings: clock: qcom,dispcc-sc7180: Define MDSS resets
166db4ebae34 clk: xgene: Fix mapping leak in xgene_pllclk_init()
bf94322387ab clk: qoriq: avoid format string warning
4ba394f83b3c clk: imx8mq: Correct the CSI PHY sels
a778bbd3ab28 clk: imx: imx6q: Fix device node reference leak in of_assigned_ldb_sels()
0d2ba7e2e4c6 clk: imx: imx6q: Fix device node reference leak in pll6_bypassed()
235c36a86cb7 clk: qcom: dispcc-sm8250: Enable parents for pixel clocks
081d334fe42d clk: qcom: dispcc-sm8250: Use shared ops on the mdss vsync clk
d18b05a09142 clk: qcom: gcc-sc8180x: Use retention for PCIe power domains
9b54ebbe5d2f clk: qcom: gcc-sc8180x: Use retention for USB power domains
a4cee425ae6b clk: qcom: gcc-sc8180x: Add missing GDSCs
9109efceb709 dt-bindings: clock: qcom,gcc-sc8180x: Add missing GDSCs
d7aef29573c7 scsi: target: core: Fix integer overflow in UNMAP bounds check
b6007cfea4ed clk: qcom: dispcc-sc8280xp: remove CLK_SET_RATE_PARENT from byte_div_clk_src dividers
c5f4a211e82d scsi: sg: Resolve soft lockup issue when opening /dev/sgX
d85a906b4e51 scsi: sg: Fix sysctl sg-big-buff register during sg_init()
f9c921fd5264 scsi: sg: Make sg_sysfs_class constant
fa4e1c583c9d clk: qcom: dispcc-sm8450: use RCG2 ops for DPTX1 AUX clock source
137b5918931d RDMA/core: Prefer NLA_NUL_STRING
ba0843c19558 platform/x86: dell-wmi-sysman: bound enumeration string aggregation
622754397ac5 platform/x86: dell_rbu: avoid uninit value usage in packet_size_write()
0b11fcbe80a5 fs/ntfs3: terminate the cached volume label after UTF-8 conversion
a7fd0d0cb43f nfs/blocklayout: Fix compilation error (`make W=1`) in bl_write_pagelist()
ccfa51ea8a40 mfd: mc13xxx-core: Fix memory leak in mc13xxx_add_subdevice_pdata()
3d0e610c43cb platform/x86: panasonic-laptop: Fix OPTD notifier registration and cleanup
fed8b8f33a46 tty: hvc_iucv: fix off-by-one in number of supported devices
61599d438e2d leds: lgm-sso: Remove duplicate assignments for priv->mmap
bc7998e70fa7 platform/surface: surfacepro3_button: Drop wakeup source on remove
e87c4c0095ac backlight: sky81452-backlight: Check return value of devm_gpiod_get_optional() in sky81452_bl_parse_dt()
c5be52529ad8 dev_printk: add new dev_err_probe() helpers
10bb319b0b18 i3c: mipi-i3c-hci: fix IBI payload length calculation for final status
54dc499e5cb3 perf util: Kill die() prototype, dead for a long time
2f3548314715 ipmi: ssif_bmc: change log level to dbg in irq callback
bffedb7a72e6 ipmi: ssif_bmc: fix message desynchronization after truncated response
7d2a487c275c ipmi: ssif_bmc: fix missing check for copy_to_user() partial failure
128845823138 perf expr: Return -EINVAL for syntax error in expr__find_ids()
ea0078135c6a perf lock: Fix option value type in parse_max_stack
9bab7d2a2850 pinctrl: abx500: Fix type of 'argument' variable
92170bd2eadd perf: tools: cs-etm: Fix print issue for Coresight debug in ETE/TRBE trace
aceabce300c3 perf branch: Avoid incrementing NULL
8fe5240c7bd8 pinctrl: cy8c95x0: Avoid returning positive values to user space
03e71cc07cba pinctrl: cy8c95x0: Unify messages with help of dev_err_probe()
091709439f88 pinctrl: cy8c95x0: remove duplicate error message
a79fdd593c84 pinctrl: pinctrl-pic32: Fix resource leak
d216b34a9f69 bpf, arm32: Reject BPF-to-BPF calls and callbacks in the JIT
699e16e65962 bpf: allow UTF-8 literals in bpf_bprintf_prepare()
520454e83971 bpf: Fix NULL deref in map_kptr_match_type for scalar regs
2f954f8a04b7 bpf: Fix precedence bug in convert_bpf_ld_abs alignment check
d0d124dbcef9 bpf, sockmap: Take state lock for af_unix iter
a94d3dd78ee8 bpf, sockmap: Fix af_unix null-ptr-deref in proto update
3cef33b9813b bpf, sockmap: Fix af_unix iter deadlock
7fd3b41260c6 bpf, arm64: Fix off-by-one in check_imm signed range check
ad4505d2ab3a HID: usbhid: fix deadlock in hid_post_reset()
5897c1dd1bfe mtd: rawnand: sunxi: fix sunxi_nfc_hw_ecc_read_extra_oob
295757c3b9de mtd: parsers: ofpart: call of_node_get() for dedicated subpartitions
560c0456e613 mtd: parsers: ofpart: call of_node_put() only in ofpart_fail path
cca2c083cfcb mtd: spi-nor: swp: check SR_TB flag when getting tb_mask
b194ae62e9e7 mtd: spi-nor: update spi_nor_fixups::post_sfdp() documentation
301e85ff299b mtd: spi-nor: sfdp: introduce smpt_map_id fixup hook
2e472d2bdc14 mtd: spi-nor: sfdp: introduce smpt_read_dummy fixup hook
036a794e7d7f mtd: spi-nor: core: correct the op.dummy.nbytes when check read operations
fab6b870dfe6 dt-bindings: interrupt-controller: arm,gic-v3: Fix EPPI range
ba91de4f0f98 mtd: physmap_of_gemini: Fix disabled pinctrl state check
033939479b10 HID: asus: do not abort probe when not necessary
08c4fa3f5a9b HID: asus: make asus_resume adhere to linux kernel coding standards
5dcb51558e78 ima: check return value of crypto_shash_final() in boot aggregate
9399a9298935 tracing: Rebuild full_name on each hist_field_name() call
c258fbf57113 soundwire: cadence: Clear message complete before signaling waiting thread
0b73d5dfa3fe dmaengine: mxs-dma: Fix missing return value from of_dma_controller_register()
5acbbb205a1c soundwire: bus: demote UNATTACHED state warnings to dev_dbg()
faa66f358d30 dmaengine: dw-axi-dmac: Remove unnecessary return statement from void function
b9ae3942deec ocfs2: validate group add input before caching
bb3c54d1e715 ocfs2: validate bg_bits during freefrag scan
d919b905939e ocfs2: fix listxattr handling when the buffer is full
f1e38ba97b1a ARM: dts: imx27-eukrea: replace interrupts with interrupts-extended
064494145a70 arm64/xor: fix conflicting attributes for xor_block_template
08c073e8f8d5 ARM: OMAP1: Fix DEBUG_LL and earlyprintk on OMAP16XX
96a30f7cb8e0 arm64: dts: qcom: sm8250: Add missing CPU7 3.09GHz OPP
ccff9145cd52 soc: qcom: aoss: compare against normalized cooling state
d672c7623306 soc: qcom: llcc: fix v1 SB syndrome register offset
819d8ebad320 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
f37de46149db ocfs2/dlm: validate qr_numregions in dlm_match_regions()
813a47b03090 unshare: fix nsproxy leak in ksys_unshare() on set_cred_ucounts() failure
39a8c0df2d5a soc/tegra: cbb: Set ERD on resume for err interrupt
b87992ddf49a arm64: dts: imx8qxp-mek: switch Type-C connector power-role to dual
7d6481cf2987 arm64: dts: qcom: sdm845-xiaomi-beryllium: Mark l1a regulator as powered during boot
03d523e50662 arm64: dts: qcom: sm7225-fairphone-fp4: Fix conflicting bias pinctrl
a37e61cde05a arm64: dts: qcom: sm8550: Enable UHS-I SDR50 and SDR104 SD card modes
7ce6aa2eca26 arm64: dts: qcom: sm8450: Enable UHS-I SDR50 and SDR104 SD card modes
1563a05cf920 arm64: dts: qcom: sm8550: Fix xo clock supply of platform SD host controller
4322d8c7af96 arm64: dts: qcom: sm8550: Fix GIC_ITS range length
97bacd872319 arm64: dts: qcom: sm8450: Fix GIC_ITS range length
1e014285a3cd soc: qcom: ocmem: return -EPROBE_DEFER is ocmem is not available
9f54516bce15 soc: qcom: ocmem: register reasons for probe deferrals
d45c46c0e84f soc: qcom: ocmem: use scoped device node handling to simplify error paths
1637ce361b1d soc: qcom: ocmem: make the core clock optional
2ecad03d6c5d arm64: dts: qcom: msm8953-xiaomi-daisy: fix backlight
5a0dcba6178f arm64: dts: qcom: msm8953-xiaomi-vince: correct wled ovp value
5b94fe0879bc arm64: dts: mediatek: mt7986a: Fix gpio-ranges pin count
167e5fa8feee arm64: dts: mediatek: mt6795: Fix gpio-ranges pin count
fe1d1423c524 iommufd: vfio compatibility extension check for noiommu mode
700e54a2beba arm64: dts: imx8mp-evk: Enable pull select bit for PCIe regulator GPIO (M.2 W_DISABLE1)
036f599234e4 arm64: dts: imx8-apalis: Fix LEDs name collision
cecc17692ebf memory: tegra30-emc: Fix dll_change check
7e19e72f3064 memory: tegra124-emc: Fix dll_change check
c13c938a8058 ARM: dts: mediatek: mt7623: fix efuse fallback compatible
8fcefe840fa8 ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
8be69e9245f8 efi/capsule-loader: fix incorrect sizeof in phys array reallocation
233a0945a4b1 gfs2: prevent NULL pointer dereference during unmount
bf5fcd9c37c2 gfs2: add some missing log locking
6678dde26570 quota: Fix race of dquot_scan_active() with quota deactivation
f57b68b36571 ktest: Run POST_KTEST hooks on failure and cancellation
aa6b9e38086c ktest: Honor empty per-test option overrides
5bddd0d3a926 ktest: Avoid undef warning when WARNINGS_FILE is unset
232d67974a61 gfs2: Call unlock_new_inode before d_instantiate
18216b8ab690 crypto: jitterentropy - replace long-held spinlock with mutex
f57498d2bf16 dm cache: fix missing return in invalidate_committed's error path
3a77b05ff2c4 ALSA: sc6000: Keep the programmed board state in card-private data
dcbc2e2b2434 ALSA: sc6000: Use standard print API
3e79a563377a spi: mtk-snfi: unregister ECC engine on probe failure and remove() callback
fa7881f3b627 PCI: dwc: Apply ECRC workaround to DesignWare 5.00a as well
bf98711d2f33 PCI: tegra194: Use DWC IP core version
5d9c9dfef907 PCI: tegra194: Allow system suspend when the Endpoint link is not up
2c87f49f2082 PCI: tegra194: Disable direct speed change for Endpoint mode
272e9c4bcae8 PCI: tegra194: Use devm_gpiod_get_optional() to parse "nvidia,refclk-select"
997122b96544 PCI: tegra194: Disable PERST# IRQ only in Endpoint mode
39564f51567e PCI: tegra194: Don't force the device into the D0 state before L2
e81f33968542 PCI: tegra194: Rename 'root_bus' to 'root_port_bus' in tegra_pcie_downstream_dev_to_D0()
fdb9c5a3a627 PCI: tegra194: Disable LTSSM after transition to Detect on surprise link down
8aa59b1e53a7 PCI: tegra194: Increase LTSSM poll time on surprise link down
8f26b92dc606 PCI: tegra194: Fix polling delay for L2 state
9e225563c5a9 ASoC: SOF: compress: return the configured codec from get_params
2721d23db2e9 ALSA: scarlett2: Add missing sentinel initializer field
7e805fdb16dc selftest: memcg: skip memcg_sock test if address family not supported
05a3fd57cdfa Documentation: fix a hugetlbfs reservation statement
11a810989a4d selftests/mm: skip migration tests if NUMA is unavailable
07a5ecb94768 PCI: mediatek-gen3: Prevent leaking IRQ domains when IRQ not found
0afb2eca25be PCI: Enable AtomicOps only if Root Port supports them
9f1daac27ca2 ASoC: rsnd: Fix potential out-of-bounds access of component_dais[]
5f1035ba3ed9 crypto: qat - use swab32 macro
1ac96689ce29 ASoC: qcom: qdsp6: topology: check widget type before accessing data
d39e8c3724a6 ASoC: fsl_easrc: Change the type for iec958 channel status controls
4d427d3f507a ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits()
a2e9527bc88e ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits()
4428887805ef ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put()
0dddb5642d64 ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put()
ceb388682ea1 ASoC: fsl_micfil: Fix event generation in micfil_quality_set()
4605327fd688 ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state()
a6bc5432055b ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode()
62c4ab11840d ASoC: fsl_micfil: Fix event generation in hwvad_put_enable()
6adc82ff2f20 ASoC: fsl_micfil: Add access property for "VAD Detected"
4ba05463862c pmdomain: imx: scu-pd: Fix device_node reference leak during ->probe()
3a73abb39037 pmdomain: ti: omap_prm: Fix a reference leak on device node
bad87bdd52f5 drm/msm/a6xx: Use barriers while updating HFI Q headers
98fce340ec48 drm/msm/shrinker: Fix can_block() logic
679a533d2235 drm/msm/a6xx: Fix HLSQ register dumping
f101e4ebf1fc ASoC: SOF: Intel: hda: Place check before dereference
2958b391d9c5 ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}')
ad08dd4476eb drm/amd/pm/smu7: Add SCLK cap for quirky Hawaii board
ef1c7aaa1319 drm/amd/pm/ci: Fill DW8 fields from SMC
9e6d83f651ac drm/amd/pm/ci: Clear EnabledForActivity field for memory levels
4cf77e3298e4 drm/amd/pm/ci: Fix powertune defaults for Hawaii 0x67B0
37f93b3159fa drm/amd/pm/smu7: Fix SMU7 voltage dependency on display clock
cc88a98c873b drm/amd/pm/ci: Disable MCLK DPM on problematic CI ASICs
33da7d5b6a50 drm/amd/pm/ci: Use highest MCLK on CI when MCLK DPM is disabled
9a7f12105f0e ALSA: core: Validate compress device numbers without dynamic minors
0558d1b0b5f0 drm/panel: simple: Correct G190EAN01 prepare timing
c4fc7ed73a0a drm/panel: sharp-ls043t1le01: make use of prepare_prev_first
97d360a0112e drm/msm/dsi: rename MSM8998 DSI version from V2_2_0 to V2_0_0
af6825d3e446 drm/msm/dsi: add the missing parameter description
9830999c9e06 drm/msm/dpu: fix mismatch between power and frequency
94d99e853617 spi: hisi-kunpeng: prevent infinite while() loop in hisi_spi_flush_fifo
8ebaa3deb04f drm/amdgpu/gfx10: look at the right prop for gfx queue priority
a6d44f477000 padata: Put CPU offline callback in ONLINE section to allow failure
0e664e99abb4 padata: Remove cpu online check from cpu add and removal
39024f54f098 crypto: atmel-aes - guard unregister on error in atmel_aes_register_algs
59fce560694d crypto: atmel - Use unregister_{aeads,ahashes,skciphers}
60c571a7d8d0 crypto: atmel - Remove cfb and ofb
3cd5cae11afa fbdev: matroxfb: Mark variable with __maybe_unused to avoid W=1 build break
6f866e941a7e dm init: ensure device probing has finished in dm-mod.waitfor=
5af3d8f2acb6 drm/amdgpu: Add default case in DVI mode validation
ef0d045ebbaf drm/sun4i: Fix resource leaks
6040b24095a8 spi: fsl-qspi: Use reinit_completion() for repeated operations
dc97ec849559 drm/bridge: cadence: cdns-mhdp8546-core: Handle HDCP state in bridge atomic check
b01a582c8c6f drm/bridge: cadence: cdns-mhdp8546-core: Add mode_valid hook to drm_bridge_funcs
5302015daf26 drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()
d4ac87567f86 dm log: fix out-of-bounds write due to region_count overflow
15c30997dca6 dm cache metadata: fix memory leak on metadata abort retry
2ebe1ab83292 platform/chrome: chromeos_tbmc: Drop wakeup source on remove
12105c7f1837 dm cache: fix dirty mapping checking in passthrough mode switching
89e04987574a dm cache: support shrinking the origin device
d90accff225f dm cache: fix concurrent write failure in passthrough mode
ac5ee9944389 dm cache policy smq: fix missing locks in invalidating cache blocks
ecb10c193cbe dm cache: fix write hang in passthrough mode
ceff6df26691 dm cache: fix write path cache coherency in passthrough mode
0aa745fea1f8 dm cache: fix null-deref with concurrent writes in passthrough mode
002a5f925d42 ASoC: sti: use managed regmap_field allocations
686a6b305ec8 ASoC: sti: Return errors from regmap_field_alloc()
cf615b90a11a drm/sun4i: backend: fix error pointer dereference
d8a541906860 drm/komeda: fix integer overflow in AFBC framebuffer size check
866d3d9b8775 net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master
1943e71a0d6a sctp: fix missing encap_port propagation for GSO fragments
cc4dead22ede net: phy: qcom: at803x: Use the correct bit to disable extended next page
22f22f1346b4 net: phy: move at803x PHY driver to dedicated directory
e30356c3cf2f net: phy: add Rust Asix PHY driver
014860036d1f net: phy: aquantia: move to separate directory
77a853aec710 Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
6b4d226d01ab Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER
a673cf6c4ac7 Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error
315acf971d75 Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU
0a04db240eff bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
61a9b216ca5b net/mlx5e: IPsec, fix ASO poll timeout with read_poll_timeout_atomic()
02c1256f1990 net/mlx5e: Fix features not applied during netdev registration
4f1ca61e5311 dt-bindings: net: dsa: nxp,sja1105: make spi-cpol optional for sja1110
b3682e7ad450 net: ipa: Fix decoding EV_PER_EE for IPA v5.0+
f7361841d0ce net: ipa: Fix programming of QTIME_TIMESTAMP_CFG
954745d0223e ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
e19c5ed9f192 bpf: Fix OOB in pcpu_init_value
07035306bf72 net/rds: Restrict use of RDS/IB to the initial network namespace
2c7883d606aa net/rds: Optimize rds_ib_laddr_check
f23424a0ddad net/sched: act_ct: Only release RCU read lock after ct_ft
e9cf4018d742 net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf
f4ed5d750b4a 6pack: propagage new tty types
b1f7158a86f3 bpf: Fix RCU stall in bpf_fd_array_map_clear()
8849b50e81a2 netfilter: nft_fwd_netdev: check ttl/hl before forwarding
9ca570236cc0 netfilter: xt_socket: enable defrag after all other checks
e8206538cbaf net: bcmgenet: fix racing timeout handler
1b0865a6efce net: bcmgenet: switch to use 64bit statistics
991cd78f95f2 net: bcmgenet: support reclaiming unsent Tx packets
355b61569e84 net: bcmgenet: move DESC_INDEX flow to ring 0
df3a1bb0ae1a net: bcmgenet: add bcmgenet_has_* helpers
d650d12d58ef net: bcmgenet: Remove custom ndo_poll_controller()
2a7459017042 net: bcmgenet: fix off-by-one in bcmgenet_put_txcb
03d97b558d80 arm64: kexec: Remove duplicate allocation for trans_pgd
0e72fd7f05ae ACPI: AGDI: fix missing newline in error message
3ff85ae79e1a bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
26b380a3ca0b bpf: Drop task_to_inode and inet_conn_established from lsm sleepable hooks
d3f280be48f1 wifi: brcmfmac: Fix error pointer dereference
a713b72ff88c bpf: Fix stale offload->prog pointer after constant blinding
b4b5a20bed82 bpf: fix end-of-list detection in cgroup_storage_get_next_key()
1aa61a6f42ad macvlan: annotate data-races around port->bc_queue_len_used
0adec27bde44 selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15
81bc3a2ccc37 selftests/powerpc: Re-order *FLAGS to follow lib.mk
7ca35863213c powerpc/crash: fix backup region offset update to elfcorehdr
6e474972b85e r8152: fix incorrect register write to USB_UPHY_XTAL
ea04b9881534 wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap()
571a05ea1baa bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
eefe0c2ea2c3 bpf, devmap: Remove unnecessary if check in for loop
6d5202409467 wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()
66f2a0becd35 wifi: mt76: mt7996: fix struct mt7996_mcu_uni_event
6cf44608d5e6 arm64: cpufeature: Make PMUVer and PerfMon unsigned
63fe66f10283 wifi: mt76: mt7996: fix FCS error flag check in RX descriptor
4dd75a78cdfb wifi: mt76: mt7915: fix use_cts_prot support
382cbdf6e484 wifi: mt76: mt7615: fix use_cts_prot support
c8e46d0664c4 wifi: mt76: mt7921: Reset ampdu_state state in case of failure in mt76_connac2_tx_check_aggr()
231b895daa02 module: Fix freeing of charp module parameters when CONFIG_SYSFS=n
e6962cb18a89 params: Replace __modinit with __init_or_module
edc90a12073b s390/bpf: Zero-extend bpf prog return values and kfunc arguments
e70b9c2292cc dpaa2: compile dpaa2 even CONFIG_FSL_DPAA2_ETH=n
6e8d309bc69b dpaa2: add independent dependencies for FSL_DPAA2_SWITCH
c7ad31fb948f bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap
5d81743ee3cc bpf: Add CHECKSUM_COMPLETE to bpf test progs
008c456b76e9 wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
255cc1d30f32 wifi: mwifiex: Fix memory leak in mwifiex_11n_aggregate_pkt()
a5af71c6181e firmware: dmi: Correct an indexing error in dmi.h
240f832a9c20 locking: Fix rwlock support in <linux/spinlock_up.h>
ca2d280b9b38 hrtimer: Reduce trace noise in hrtimer_start()
ece8be21d8c9 hrtimer: Avoid pointless reprogramming in __hrtimer_start_range_ns()
16774f7333fc hrtimers: Update the return type of enqueue_hrtimer()
b54f14e1460c irqchip/irq-pic32-evic: Address warning related to wrong printf() formatter
c4295487124f s390/cio: use generic driver_override infrastructure
9d606425a752 s390/cio: convert sprintf()/snprintf() to sysfs_emit()
3d0cfecf4ff7 s390/cio: make sch->lock spinlock pointer a member
6325eea40a95 debugfs: fix placement of EXPORT_SYMBOL_GPL for debugfs_create_str()
f9c489418b8e debugfs: check for NULL pointer in debugfs_create_str()
fc6ecb4b8ef9 thermal/drivers/spear: Fix error condition for reading st,thermal-flags
f75ea8cdca54 devres: fix missing node debug info in devm_krealloc()
d172f1c8a8b3 ACPI: x86: cmos_rtc: Improve coordination with ACPI TAD driver
9a6f4d85a016 ACPI: x86: cmos_rtc: Clean up address space handler driver
da8255040938 pstore/ram: fix resource leak when ioremap() fails
4048ed98860d blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()
b88f905d4449 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
5dd9d864eb96 loop: fix partition scan race between udev and loop_reread_partitions()
282e06e6d494 drbd: Balance RCU calls in drbd_adm_dump_devices()
131ea3e57fc2 fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START
467289e0d0f2 blk-cgroup: wait for blkcg cleanup before initializing new disk
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index d8d3d69f197..5fcf0f81d7c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "742fd3c3537c966272314e48f67397f0e1d622d7"
-SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
+SRCREV_machine ?= "7bb6512fc5dc7b1191867beadc83b3ce216a2037"
+SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.140"
+LINUX_VERSION ?= "6.6.141"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0fd9c36bd80..0bd1ae9ad2d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.140"
+LINUX_VERSION ?= "6.6.141"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "cd0d6d62e0e4ff344241d89f37cd6d305e1afb85"
-SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
+SRCREV_machine ?= "90e2be4f80d73789176eab3679ef12ec164d594f"
+SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index dc978f240e6..f684fac7242 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "0aa210fedb89bfb9577bc20b56cc674437f85843"
-SRCREV_machine:qemuarm64 ?= "655d3dc028f830d71d9565ec8302a0e339a2de2f"
-SRCREV_machine:qemuloongarch64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemumips ?= "b547c71f2db45462626f69a4e4bffad43ffaeddc"
-SRCREV_machine:qemuppc ?= "c1de905a03cfd9cf9de51657e7fd20ec6fb7d078"
-SRCREV_machine:qemuriscv64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemuriscv32 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemux86 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemux86-64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemumips64 ?= "6f0fadc3449cfed9ceac3cce845dfb9b70f9affd"
-SRCREV_machine ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
+SRCREV_machine:qemuarm ?= "b3697b53304c9f2c0e7e46a22549ed9d64a110ca"
+SRCREV_machine:qemuarm64 ?= "302113f65bb9cbd9afdb476222cc1fa596e36855"
+SRCREV_machine:qemuloongarch64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemumips ?= "a6b8c8416a2074c8e14eeeeb36a0e5bd0f2add92"
+SRCREV_machine:qemuppc ?= "413e2245480aec98a737ab657322180581a496f5"
+SRCREV_machine:qemuriscv64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemuriscv32 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemux86 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemux86-64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemumips64 ?= "257558ce69f7bdbc571cb1b2d9eb35890747fd02"
+SRCREV_machine ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "eac8889a3a1c81d7113cc4656b9420e84c379cf5"
+SRCREV_machine:class-devupstream ?= "0a40c6fbd105802fbbcaadca249e0948fbf8095a"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.140"
+LINUX_VERSION ?= "6.6.141"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 38/41] linux-yocto/6.6: update to v6.6.142
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (36 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 37/41] linux-yocto/6.6: update to v6.6.141 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 39/41] lttng-modules: Fix trace_hrtimer_start build failure Yoann Congal
` (2 subsequent siblings)
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
924b4a879cbb Linux 6.6.142
cefa4265b111 security/keys: fix missed RCU read section on lookup
105c6a594b3f LoongArch: kprobes: Fix handling of fatal unrecoverable recursions
1f9c82855641 net: gro: don't merge zcopy skbs
f504118252af pds_core: ensure null-termination for firmware version strings
d3f3d6fa0cad pds_core: add an error code check in pdsc_dl_info_get
01f7f893d5e1 net: mana: validate rx_req_idx to prevent out-of-bounds array access
3dee2fe0c818 ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove()
d798b25c24f4 gpio: cdev: check if uAPI v2 config attributes are correctly zeroed
0f1fd5e83f0b gpiolib: cdev: use !mem_is_zero() instead of memchr_inv(s, 0, n)
cd87492b79d1 string: add mem_is_zero() helper to check if memory area is all zeros
c9ea01768903 bpf, skmsg: fix verdict sk_data_ready racing with ktls rx
40fc66218ad1 net: ag71xx: check error for platform_get_irq
2a1905730e0c Bluetooth: btmtk: fix urb->setup_packet leak in error paths
f04578422154 Bluetooth: btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c
73377cf3056a Bluetooth: btmtk: rename btmediatek_data
aa58d8366269 Bluetooth: btusb: mediatek: refactor the function btusb_mtk_reset
b748250d778e Bluetooth: btmtk: add the function to get the fw name
e91687643c44 tracing: Avoid NULL return from hist_field_name() on truncation
8ba1c4ddbb1c ALSA: seq: Serialize UMP output teardown with event_input
e5604a480487 ALSA: seq: ump: Use guard() for locking
b6d3d3816c67 ptrace: Convert ptrace_attach() to use lock guards
60ef1675b652 pds_core: fix debugfs_lookup dentry leak and error handling
3231aff8ab26 pds_core: fix error handling in pdsc_devcmd_wait
1900ca8acb92 bridge: mcast: Fix a possible use-after-free when removing a bridge port
6e79715b7b8a net: bridge: Flush multicast groups when snooping is disabled
00904a73272b RDMA/rtrs: Fix use-after-free in path file creation cleanup
a7685f4d90c1 platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL
527a7990e663 platform/x86: intel-hid: Check ACPI_HANDLE() against NULL
6ea1690b24e9 platform/x86: hp_accel: Check ACPI_COMPANION() against NULL
32ba2ce2b15f platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL
566f42fb67a7 net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer
314a94c47d28 net: dsa: mt7530: preserve VLAN tags on trapped link-local frames
1bddf306212a net: dsa: mt7530: rename mt753x_bpdu_port_fw enum to mt753x_to_cpu_fw
d2be607d042d net: dsa: mt7530: fix FDB entries not aging out with short timeout
69a0885079c9 wifi: ath11k: fix peer resolution on rx path when peer_id=0
070e40acc59e drm/msm/snapshot: fix dumping of the unaligned regions
dd844b31f4ea spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache()
5c54c482934b net/mlx5: Do not restore destination-less TC rules
d65b279a1898 tls: Preserve sk_err across recvmsg() when data has been copied
1822997aa8c2 x86/xen: Fix xen_e820_swap_entry_with_ram()
06cc5ad2c112 net: phy: DP83TC811: add reading of abilities
d04494596b5e net: phy: c45: add genphy_c45_pma_read_ext_abilities() function
acdc12b71c9a net: tls: prevent chain-after-chain in plain text SG
131ef12057d9 net: tls: fix off-by-one in sg_chain entry count for wrapped sk_msg ring
d38ba387244e net/smc: reject CHID-0 ACCEPT that matches an empty ism_dev slot
a09d07ac45e2 powerpc/time: Remove redundant preempt_disable|enable() calls from arch_irq_work_raise()
7256e54583ae drm/msm: Fix iommu_map_sgtable() return value check and avoid WARN
567b5e976e2e drm/msm/dsi: don't dump registers past the mapped region
b40e10c72df5 ethtool: fix ethnl_bitmap32_not_zero() bit interval semantics
720c76b930c5 net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
9baafc2fea09 accel/qaic: Add overflow check to remap_pfn_range during mmap
f775be13d342 HID: quirks: really enable the intended work around for appledisplay
a5db6a7c062f wifi: ath11k: fix error path leak in ath11k_tm_cmd_wmi_ftm()
3d675896ea03 wifi: ath11k: fix error path leaks in some WMI WOW calls
b77be98447c4 net: ethernet: cs89x0: remove stale CONFIG_MACH_MX31ADS reference
78cf08b3be47 net: ethernet: cortina: Carry over frag counter
68c9c3ac9ce5 net: ethernet: cortina: Drop half-assembled SKB
3b249988d774 net: ethernet: cortina: Make RX SKB per-port
00efe58bbdcc netfs: Fix overrun check in netfs_extract_user_iter()
0df68fd72b2a zonefs: handle integer overflow in zonefs_fname_to_fno
eef4f71b46a9 irq_work: Fix use-after-free in irq_work_single() on PREEMPT_RT
6760af11a26e irqchip/ath79-cpu: Remove unused function
6af5fd2ffda1 phy: marvell: mvebu-a3700-utmi: fix incorrect USB2_PHY_CTRL register access
b0cc58e8f749 net: lan966x: avoid unregistering netdev on register failure
9e1c9b957344 ice: fix locking in ice_dcb_rebuild()
07d77d774f71 tcp: Fix imbalanced icsk_accept_queue count.
08d355936fcf test_kprobes: clear kprobes between test runs
8a5f01446021 kprobes: skip non-symbol addresses in kprobe_add_ksym_blacklist()
99948d73a8c7 netfilter: x_tables: unregister the templates first
26b2290baaf6 btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()
542b49d2cf12 ALSA: hda: cs35l56: Put ACPI device after setting companion
508b1193d63b ARM: integrator: Fix early initialization
fb3ff02dd444 pinctrl: qcom: Fix wakeirq map by removing disconnected irqs for sm8150
7d694570281a kunit: config: KUNIT_DEBUGFS should depend on DEBUG_FS
0df3f3031517 kunit: config: Enable KUNIT_DEBUGFS by default
8b0f4e3b7ad6 firmware: arm_ffa: Skip free_pages on RX buffer alloc failure
adfff93d08a2 firmware: arm_ffa: Check for NULL FF-A ID table while driver registration
58ab91af4124 HID: uclogic: Fix regression of input name assignment
a2d1c819348b hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors
20d626463e3f hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe()
cba4f1122dfb hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe()
6b5573b63e30 hwmon: (pmbus/adm1266) don't clobber GPIO bits before PDIO read in get_multiple
4d1da9a6be5a hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR
60c4b9fe1a3d hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer
d94ceb16e55b hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer
f85c81e93dbd hwmon: (pmbus/adm1266) reject implausible blackbox record_count
025cfc7a09c5 hwmon: (pmbus/adm1266) seed timestamp from the real-time clock
32edd2a28e11 batman-adv: tt: fix negative tt_buff_len
22d59c72f4a4 batman-adv: tt: fix negative last_changeset_len
c2c88736022c batman-adv: tp_meter: fix race condition in send error reporting
0b1bedf114ea batman-adv: tp_meter: fix tp_vars reference leak in receiver shutdown
53f931e0146a batman-adv: tp_meter: avoid use of uninit sender vars
48663158222b batman-adv: bla: fix report_work leak on backbone_gw purge
b54e459cf869 batman-adv: frag: disallow unicast fragment in fragment
c1bac194733a batman-adv: fix tp_meter counter underflow during shutdown
f653b040dad1 batman-adv: fix fragment reassembly length accounting
866ac1d57040 batman-adv: dat: handle forward allocation error
6de089b545db batman-adv: clear current gateway during teardown
70bcb678561f batman-adv: mcast: fix use-after-free in orig_node RCU release
90c398e822ca drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async
fb30a3890d62 drm/amd/display: Validate GPIO pin LUT table size before iterating
266b21b57fbb drm/amd/display: Fix integer overflow in bios_get_image()
e4d3d33ab7bd drm/bridge: megachips: remove bridge when irq request fails
25473edcdaef drm/bridge: it66121: acquire reset GPIO in probe
21ab64c77a30 drm/virtio: use uninterruptible resv lock for plane updates
371f53925a67 device property: set fwnode->secondary to NULL in fwnode_init()
fb3539b367f5 LoongArch: Remove unused code to avoid build warning
14553be882d9 RDMA/siw: Reject MPA FPDU length underflow before signed receive math
f2dc841d7dc9 spi: ti-qspi: fix use-after-free after DMA setup failure
450c319dd04d spi: sprd: fix error pointer deref after DMA setup failure
309c6058622d scsi: isci: Fix use-after-free in device removal path
9d5ae6b8d9ec phy: tegra: xusb: Fix per-pad high-speed termination calibration
45760b72e84c spi: qup: fix error pointer deref after DMA setup failure
3c83a6912c24 drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe
dab9f93251b2 KVM: arm64: vgic-its: Reject restored DTE with out-of-range num_eventid_bits
e0790046f6be arm64: probes: Handle probes on hinted conditional branch instructions
f383cff9fb38 tracing: Do not call map->ops->elt_free() if elt_alloc() fails
bdc349a87f1f cifs: Fix busy dentry used after unmounting
1ced0f5a851f wifi: cfg80211: advance loop vars in cfg80211_merge_profile()
a3a4366731a5 ice: fix setting promisc mode while adding VID filter
add70e2682c0 ixgbevf: fix use-after-free in VEPA multicast source pruning
3c5411fa4944 ipv4: raw: reject IP_HDRINCL packets with ihl < 5
f50c3ff97c83 wifi: ath11k: clear shared SRNG pointer state on restart
ce29d3bf79a2 vsock/virtio: reset connection on receiving queue overflow
cc27e989a5df vsock/vmci: fix UAF when peer resets connection during handshake
273a1481c556 ring-buffer: Fix reporting of missed events in iterator
3904b993cc17 qed: fix double free in qed_cxt_tables_alloc()
c161ad9157f5 netfilter: nft_inner: Fix IPv6 inner_thoff desync
c281e018af98 netfilter: ipset: stop hash:* range iteration at end
1e5e20031c5e netfilter: nf_queue: hold bridge skb->dev while queued
41ec2e242f17 netfilter: ip6t_hbh: reject oversized option lists
16bd798cb6d8 net: ifb: report ethtool stats over num_tx_queues
289499907399 net: bcmgenet: keep RBUF EEE/PM disabled
8420aa490041 phonet/pep: disable BH around forwarded sk_receive_skb()
be43e6b40431 Bluetooth: serialize accept_q access
a143ce77a529 Bluetooth: MGMT: validate Add Extended Advertising Data length
9d20d48be2c4 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
fe69f634b076 Bluetooth: bnep: Fix UAF read of dev->name
3af41ee7ebec Bluetooth: ISO: drop ISO_END frames received without prior ISO_START
5d86d2f1b4d9 Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()
6f63a60580eb net: wwan: iosm: fix potential memory leaks in ipc_imem_init()
686b4283f82c drivers/base/memory: fix memory block reference leak in poison accounting
29cd94e678fc efi: Allocate runtime workqueue before ACPI init
7b6f8c8eb93f ALSA: asihpi: Fix potential OOB array access at reading cache
41a766c64729 ALSA: pcm: Don't setup bogus iov_iter for silencing
dade81458966 ALSA: ua101: Reject too-short USB descriptors
0dbf64c50244 hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX
adcfb16ae402 smb/server: promote S_DEL_ON_CLS to S_DEL_PENDING when close
7df1df6f40c0 smb: client: protect tc_count increment in smb2_find_smb_sess_tcon_unlocked()
9d378e17c864 ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
e43cb36d4d78 ksmbd: fix null pointer dereference in compare_guid_key()
082351f9d400 mm/damon/sysfs-schemes: call missing mem_cgroup_iter_break()
31527d80234c sysfs: don't remove existing directory on update failure
ad7520628c74 Revert "af_unix: Reject SIOCATMARK on non-stream sockets"
f624070c322d Revert "s390/cio: Update purge function to unregister the unused subchannels"
7963b6141b4c Revert "ice: Remove jumbo_remove step from TX path"
6331b0f7b71e Revert "ice: fix double-free of tx_buf skb"
2035acfb1722 smb: client: reject userspace cifs.spnego descriptions
3106f326f67c af_unix: Give up GC if MSG_PEEK intervened.
3a436932eb39 ksmbd: close durable scavenger races against m_fp_list lookups
712cdf917e77 ksmbd: validate owner of durable handle on reconnect
7f0cb478703c ksmbd: add durable scavenger timer
50a23fa28e76 ksmbd: avoid reclaiming expired durable opens by the client
2682bf9a804b Revert "x86/vdso: Fix output operand size of RDPID"
ba5b43db126a wifi: mac80211: check tdls flag in ieee80211_tdls_oper
a052c2d8399a s390/debug: Reject zero-length input before trimming a newline
492349e5e4a3 driver core: platform: use generic driver_override infrastructure
64a3ee535bd7 driver core: generalize driver_override in struct device
fabfed1afe27 spi: spidev: fix lock inversion between spi_lock and buf_lock
6a3af482188f mptcp: pm: ADD_ADDR rtx: free sk if last
9426265e157d mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
19a3ec9ef176 mptcp: pm: ADD_ADDR rtx: allow ID 0
b386aa38b81d mptcp: sync the msk->sndbuf at accept() time
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 6 ++--
.../linux/linux-yocto-tiny_6.6.bb | 6 ++--
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++----------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 5fcf0f81d7c..c7f8b73fa94 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "7bb6512fc5dc7b1191867beadc83b3ce216a2037"
-SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
+SRCREV_machine ?= "422bdbd919836dc6565f5bbeb5b662b9c52dc038"
+SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
-LINUX_VERSION ?= "6.6.141"
+LINUX_VERSION ?= "6.6.142"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0bd1ae9ad2d..151d63c8a20 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.6.inc
-LINUX_VERSION ?= "6.6.141"
+LINUX_VERSION ?= "6.6.142"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "90e2be4f80d73789176eab3679ef12ec164d594f"
-SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
+SRCREV_machine ?= "597d6818e83dc368f871fccf981a2a54a93196d0"
+SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index f684fac7242..4288688afed 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "b3697b53304c9f2c0e7e46a22549ed9d64a110ca"
-SRCREV_machine:qemuarm64 ?= "302113f65bb9cbd9afdb476222cc1fa596e36855"
-SRCREV_machine:qemuloongarch64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemumips ?= "a6b8c8416a2074c8e14eeeeb36a0e5bd0f2add92"
-SRCREV_machine:qemuppc ?= "413e2245480aec98a737ab657322180581a496f5"
-SRCREV_machine:qemuriscv64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemuriscv32 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemux86 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemux86-64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemumips64 ?= "257558ce69f7bdbc571cb1b2d9eb35890747fd02"
-SRCREV_machine ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
+SRCREV_machine:qemuarm ?= "860f859f5e469702d108e6ce9d3affaca072cfa3"
+SRCREV_machine:qemuarm64 ?= "60caa07a883ec933fad7aadaa2eb67a16c207906"
+SRCREV_machine:qemuloongarch64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemumips ?= "6895489ba64aa274deea1687100068d4afddaec4"
+SRCREV_machine:qemuppc ?= "5a29f898aaae6bd0e12bdaeed596f40ab6fec468"
+SRCREV_machine:qemuriscv64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemuriscv32 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemux86 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemux86-64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemumips64 ?= "44180b7d240f83de490ab570bc092afe5d123207"
+SRCREV_machine ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
# meta SRCREV as the linux-yocto-standard builds. Select your version using the
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "0a40c6fbd105802fbbcaadca249e0948fbf8095a"
+SRCREV_machine:class-devupstream ?= "924b4a879cbb75aef37c160b955b92f6894b11a4"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v6.6/base"
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.141"
+LINUX_VERSION ?= "6.6.142"
PV = "${LINUX_VERSION}+git"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 39/41] lttng-modules: Fix trace_hrtimer_start build failure
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (37 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 38/41] linux-yocto/6.6: update to v6.6.142 Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 40/41] linux-yocto/6.6: genericarm64 fix configuration audit warning Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 41/41] linux-yocto/6.6: address ltp hang Yoann Congal
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: He Zhe <zhe.he@windriver.com>
Fix the following build failure
probes/../../include/lttng/tracepoint-event-impl.h:133:6: error: conflicting
types for 'trace_hrtimer_start'; have 'void(struct hrtimer *, enum hrtimer_mode)'
133 | void trace_##_name(_proto);
| ^~~~~~
Signed-off-by: He Zhe <zhe.he@windriver.com>
[YC: backported from wrynose commit e32cbc177dae ("lttng-modules: Fix
trace_hrtimer_start build failure").
This is a partial backport of commit 7dae5f40e394 ("lttng-modules:
fix build against kernel 7.1+")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...ce-trace-noise-in-hrtimer_start-v7.1.patch | 103 ++++++++++++++++++
.../lttng/lttng-modules_2.13.12.bb | 6 +-
2 files changed, 107 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
new file mode 100644
index 00000000000..e9124b4f87a
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
@@ -0,0 +1,103 @@
+From c370026b0a077ba9491b07c559b343fde6353074 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 25 May 2026 10:38:18 -0400
+Subject: [PATCH] fix: hrtimer: Reduce trace noise in hrtimer_start() (v7.1)
+
+
+See upstream commit:
+
+ commit f2e388a019e4cf83a15883a3d1f1384298e9a6aa
+ Author: Thomas Gleixner <tglx@kernel.org>
+ Date: Tue Feb 24 17:36:59 2026 +0100
+
+ hrtimer: Reduce trace noise in hrtimer_start()
+
+ hrtimer_start() when invoked with an already armed timer traces like:
+
+ <comm>-.. [032] d.h2. 5.002263: hrtimer_cancel: hrtimer= ....
+ <comm>-.. [032] d.h1. 5.002263: hrtimer_start: hrtimer= ....
+
+ Which is incorrect as the timer doesn't get canceled. Just the expiry time
+ changes. The internal dequeue operation which is required for that is not
+ really interesting for trace analysis. But it makes it tedious to keep real
+ cancellations and the above case apart.
+
+ Remove the cancel tracing in hrtimer_start() and add a 'was_armed'
+ indicator to the hrtimer start tracepoint, which clearly indicates what the
+ state of the hrtimer is when hrtimer_start() is invoked:
+
+ <comm>-.. [032] d.h1. 6.200103: hrtimer_start: hrtimer= .... was_armed=0
+ <comm>-.. [032] d.h1. 6.200558: hrtimer_start: hrtimer= .... was_armed=1
+
+Change-Id: I37ee0ae0af665a51fd4f92adffb6b1dcb2ecd9d2
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/b77f94c7a7109e70a97bf936b72d66d611187d61]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+[YC: Backport: revert usage of non-defined-yet ctf_enum]
+Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
+---
+ include/instrumentation/events/timer.h | 39 ++++++++++++++++++++++++--
+ 1 file changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/include/instrumentation/events/timer.h b/include/instrumentation/events/timer.h
+index bd21c03..9d4476a 100644
+--- a/include/instrumentation/events/timer.h
++++ b/include/instrumentation/events/timer.h
+@@ -203,12 +203,43 @@ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_init,
+ )
+ )
+
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(7,1,0) || \
++ LTTNG_KERNEL_RANGE(7,0,10, 7,1,0) || \
++ LTTNG_KERNEL_RANGE(6,18,33, 6,19,0) || \
++ LTTNG_KERNEL_RANGE(6,12,91, 6,13,0) || \
++ LTTNG_KERNEL_RANGE(6,6,141, 6,7,0))
+ /**
+ * hrtimer_start - called when the hrtimer is started
+- * @timer: pointer to struct hrtimer
++ * @hrtimer: pointer to struct hrtimer
++ * @mode: the hrtimers mode
++ * @was_armed: Was armed when hrtimer_start*() was invoked
+ */
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,16,0) || \
++LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
++
++ timer_hrtimer_start,
++
++ TP_PROTO(struct hrtimer *hrtimer, enum hrtimer_mode mode, bool was_armed),
++
++ TP_ARGS(hrtimer, mode, was_armed),
++
++ TP_FIELDS(
++ ctf_integer_hex(void *, hrtimer, hrtimer)
++ ctf_integer_hex(void *, function, hrtimer->function)
++ ctf_integer(s64, expires,
++ lttng_ktime_get_tv64(hrtimer_get_expires(hrtimer)))
++ ctf_integer(s64, softexpires,
++ lttng_ktime_get_tv64(hrtimer_get_softexpires(hrtimer)))
++ ctf_integer(enum hrtimer_mode, mode, mode)
++ ctf_integer(bool, was_armed, was_armed)
++ )
++)
++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,16,0) || \
+ LTTNG_RT_KERNEL_RANGE(4,14,0,0, 4,15,0,0))
++/**
++ * hrtimer_start - called when the hrtimer is started
++ * @hrtimer: pointer to struct hrtimer
++ * @mode: the hrtimers mode
++ */
+ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+
+ timer_hrtimer_start,
+@@ -228,6 +259,10 @@ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+ )
+ )
+ #else
++/**
++ * hrtimer_start - called when the hrtimer is started
++ * @hrtimer: pointer to struct hrtimer
++ */
+ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+
+ timer_hrtimer_start,
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
index 34aff1ba8df..b29d73aa89e 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
@@ -15,10 +15,12 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0003-Fix-mm_compaction_migratepages-changed-in-linux-6.9-.patch \
file://0004-Fix-dev_base_lock-removed-in-linux-6.9-rc1.patch \
file://0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch \
- "
+ "
# Use :append here so that the patch is applied also when using devupstream
-SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch"
+SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch \
+ file://0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch \
+ "
SRC_URI[sha256sum] = "d85fcb66c7bd31003ab8735e8c77700e5e4f417b4c22fe1f20112cf435abad79"
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 40/41] linux-yocto/6.6: genericarm64 fix configuration audit warning
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (38 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 39/41] lttng-modules: Fix trace_hrtimer_start build failure Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
2026-06-23 22:26 ` [OE-core][scarthgap v2 41/41] linux-yocto/6.6: address ltp hang Yoann Congal
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Bruce Ashfield
Email: bruce.ashfield@gmail.com
Subject: genericarm64/serial: change SERIAL_IMX_CONSOLE to =y
Date: Fri, 19 Jun 2026 00:54:55 +0200
With the following upstream commit, this option is no longer
tristate, so we set it to =y instead:
commit 3f8b835a63341163da0400befb3c6e8f6d4085da
Author: Randy Dunlap <rdunlap@infradead.org>
Date: Sat Jan 10 15:26:40 2026 -0800
serial: imx: change SERIAL_IMX_CONSOLE to bool
[ Upstream commit 79527d86ba91c2d9354832d19fd12b3baa66bd10 ]
SERIAL_IMX_CONSOLE is a build option for the imx driver (SERIAL_IMX).
It does not build a separate console driver file, so it can't be built
as a module since it isn't built at all.
Change the Kconfig symbol from tristate to bool and update the help
text accordingly.
Fixes: 0db4f9b91c86 ("tty: serial: imx: enable imx serial console port as module")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://patch.msgid.link/20260110232643.3533351-2-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
(cherry picked from commit 465cb5bcefd72f429e0b3ad6ab5b3fcff5b390fc)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index c7f8b73fa94..67fb5141ce0 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -15,7 +15,7 @@ python () {
}
SRCREV_machine ?= "422bdbd919836dc6565f5bbeb5b662b9c52dc038"
-SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
+SRCREV_meta ?= "4a6f16d14b76e28ab7615c88e2fbdf95ee15fc98"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 151d63c8a20..7b4f0430a60 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine ?= "597d6818e83dc368f871fccf981a2a54a93196d0"
-SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
+SRCREV_meta ?= "4a6f16d14b76e28ab7615c88e2fbdf95ee15fc98"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 4288688afed..3261ad6ac3f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
SRCREV_machine:qemux86-64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
SRCREV_machine:qemumips64 ?= "44180b7d240f83de490ab570bc092afe5d123207"
SRCREV_machine ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
-SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
+SRCREV_meta ?= "4a6f16d14b76e28ab7615c88e2fbdf95ee15fc98"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
^ permalink raw reply related [flat|nested] 42+ messages in thread* [OE-core][scarthgap v2 41/41] linux-yocto/6.6: address ltp hang
2026-06-23 22:25 [OE-core][scarthgap v2 00/41] Patch review Yoann Congal
` (39 preceding siblings ...)
2026-06-23 22:26 ` [OE-core][scarthgap v2 40/41] linux-yocto/6.6: genericarm64 fix configuration audit warning Yoann Congal
@ 2026-06-23 22:26 ` Yoann Congal
40 siblings, 0 replies; 42+ messages in thread
From: Yoann Congal @ 2026-06-23 22:26 UTC (permalink / raw)
To: openembedded-core
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Integrating the following commit(s) to linux-yocto/6.6:
1/1 [
Author: Baokun Li
Email: libaokun1@huawei.com
Subject: ext4: get rid of ppath in get_ext_path()
Date: Thu, 22 Aug 2024 10:35:32 +0800
The use of path and ppath is now very confusing, so to make the code more
readable, pass path between functions uniformly, and get rid of ppath.
After getting rid of ppath in get_ext_path(), its caller may pass an error
pointer to ext4_free_ext_path(), so it needs to teach ext4_free_ext_path()
and ext4_ext_drop_refs() to skip the error pointer. No functional changes.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Tested-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://patch.msgid.link/20240822023545.1994557-13-libaokun@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
[YC: more detail at https://lore.kernel.org/openembedded-core/DJGKEQF8GRU1.RF7JY64COTAA@smile.fr/T/#u]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/linux-yocto-rt_6.6.bb | 2 +-
.../linux/linux-yocto-tiny_6.6.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 22 +++++++++----------
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 67fb5141ce0..c3200cfd3fe 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,7 +14,7 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "422bdbd919836dc6565f5bbeb5b662b9c52dc038"
+SRCREV_machine ?= "1ceada58731a98237f70384921758a4df3951960"
SRCREV_meta ?= "4a6f16d14b76e28ab7615c88e2fbdf95ee15fc98"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 7b4f0430a60..563598a2bde 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -17,7 +17,7 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine ?= "597d6818e83dc368f871fccf981a2a54a93196d0"
+SRCREV_machine ?= "66e051144e21d531fa26ef67476dfdefbfc119a2"
SRCREV_meta ?= "4a6f16d14b76e28ab7615c88e2fbdf95ee15fc98"
PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 3261ad6ac3f..07a06f18529 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,17 +18,17 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
KBRANCH:qemuloongarch64 ?= "v6.6/standard/base"
KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "860f859f5e469702d108e6ce9d3affaca072cfa3"
-SRCREV_machine:qemuarm64 ?= "60caa07a883ec933fad7aadaa2eb67a16c207906"
-SRCREV_machine:qemuloongarch64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
-SRCREV_machine:qemumips ?= "6895489ba64aa274deea1687100068d4afddaec4"
-SRCREV_machine:qemuppc ?= "5a29f898aaae6bd0e12bdaeed596f40ab6fec468"
-SRCREV_machine:qemuriscv64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
-SRCREV_machine:qemuriscv32 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
-SRCREV_machine:qemux86 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
-SRCREV_machine:qemux86-64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
-SRCREV_machine:qemumips64 ?= "44180b7d240f83de490ab570bc092afe5d123207"
-SRCREV_machine ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemuarm ?= "d81ffd8843535762fecf5aa5fb2ca7d2c4343038"
+SRCREV_machine:qemuarm64 ?= "1f7f3a52dacadfcc75863f25252a534b06fdaeeb"
+SRCREV_machine:qemuloongarch64 ?= "a8a7d078f151a24e01d4501853c88c6b08c9cad9"
+SRCREV_machine:qemumips ?= "4410226fddf113b89cceb26e7ee5ca5bb70c55fb"
+SRCREV_machine:qemuppc ?= "8f8faf1fe9183f295901f8f2b8916ff54f4a4bfb"
+SRCREV_machine:qemuriscv64 ?= "a8a7d078f151a24e01d4501853c88c6b08c9cad9"
+SRCREV_machine:qemuriscv32 ?= "a8a7d078f151a24e01d4501853c88c6b08c9cad9"
+SRCREV_machine:qemux86 ?= "a8a7d078f151a24e01d4501853c88c6b08c9cad9"
+SRCREV_machine:qemux86-64 ?= "a8a7d078f151a24e01d4501853c88c6b08c9cad9"
+SRCREV_machine:qemumips64 ?= "14ca63e9f1ce2090e189c16b1024ed3df8f833f0"
+SRCREV_machine ?= "a8a7d078f151a24e01d4501853c88c6b08c9cad9"
SRCREV_meta ?= "4a6f16d14b76e28ab7615c88e2fbdf95ee15fc98"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
^ permalink raw reply related [flat|nested] 42+ messages in thread