From patchwork Fri Jan 19 21:14:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38074 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BBE4C47DB7 for ; Fri, 19 Jan 2024 21:14:26 +0000 (UTC) Received: from mail-vs1-f47.google.com (mail-vs1-f47.google.com [209.85.217.47]) by mx.groups.io with SMTP id smtpd.web11.5982.1705698863494152813 for ; Fri, 19 Jan 2024 13:14:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GYp8Pwl/; spf=pass (domain: gmail.com, ip: 209.85.217.47, mailfrom: bruce.ashfield@gmail.com) Received: by mail-vs1-f47.google.com with SMTP id ada2fe7eead31-4674ca1a2dbso407497137.0 for ; Fri, 19 Jan 2024 13:14:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698862; x=1706303662; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U1jKqvXbBHpg2smRQ5G3ZXh2TwDIoPFz1pVkHS7bing=; b=GYp8Pwl/GIpQ4v2M1c9kHNHujs63XOLgOJULz4CTCBFaecf5Met6w8JClM05/Tfkh3 kxp5tQmTYWcbOCoSyA1aKxQ/CZOhqcADQk0VlGM/tjsGSPsF87FtPnvOA/5RUIRBdwf6 7iz4jFA9rp8wPOudAu3x7yGYFvEMyyqKn7+FIBJMt1gQODfpXhDbQEzf9MaZzN98xOEx zqGe5wezp6+rMhaMsfOLFSoXaqqU5giDO+dOLIx6lZlm0xfhaS6pWrDu5xh1LII+R0WF NadIyJeQS45O5xj9ezJK1TXG8ECfTMJsfqDafaWJkeVQTVGjIKAEzjo5stc+MZksLQyq nKHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698862; x=1706303662; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U1jKqvXbBHpg2smRQ5G3ZXh2TwDIoPFz1pVkHS7bing=; b=PdSyZV7PtWA2My399R9r3dX48smBz/YWdMyhqN2vhMqv/Kt8k91L9a6+ZxbOnsNpVN Q6spe12/SpfvhyyXFjtwGtVrxvUsNHNUO4tjbL2tF6xcjlhLjCYQ/uU+cMdFvXf7sp+Z +lLdb3v9PTEFpTnCTvLDWky9BSN6RhyruOnJPLaIXS+tPP1yOUu6GD+NbCUZRc2guXLi fU37RXvdSY6KnFM64ZRR2r9diCMiFQA8UzgCFag+4Imb2S47Kpqb98Cg+bxm7J4Hac9/ JnfRFuIB+RuMDq0yjYPi7oAq5wY5y166qjXEc4h0V46g5VyHoJR7DGF1OYQGwl2lmN3M mLZw== X-Gm-Message-State: AOJu0YynhsG1zdUYsFMpKARDyyQg92FSoqtgbeLWRAWnRXINyij1WM7y K/w0Vcf2PeQd1ajVnN4hBzwVeMA55tKS6D6SCuswMAMMvKBNvHdYKx2Xr/hByGk= X-Google-Smtp-Source: AGHT+IGr2eUgMfvcHAkiT+YQoFVeJXaLBH9DTCWcfk/2jwuJpA8kLUYbW3h+myCKfDjGbmV4gzmU3w== X-Received: by 2002:a05:6102:549e:b0:468:1c37:39fd with SMTP id bk30-20020a056102549e00b004681c3739fdmr471392vsb.3.1705698862306; Fri, 19 Jan 2024 13:14:22 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:21 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 01/11] linux-yocto/6.6: update to v6.6.11 Date: Fri, 19 Jan 2024 16:14:09 -0500 Message-Id: <4953e0f4131f65afc67e406d4c1eea2a90661771.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194067 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 22852eaf43ec Linux 6.6.11 e53b78e3cfb1 media: qcom: camss: Comment CSID dt_id field c897fb3da8a7 cxl/memdev: Hold region_rwsem during inject and clear poison ops 0a460481df43 cxl/hdm: Fix a benign lockdep splat c56f610fe947 cxl: Add cxl_num_decoders_committed() usage to cxl_test 2e22a9095fe3 mmc: sdhci-sprd: Fix eMMC init failure after hw reset 73432eb655a8 mmc: core: Cancel delayed work before releasing host 882ab492767a mmc: rpmb: fixes pause retune on all RPMB partitions. 1f1e1d8006ba mmc: meson-mx-sdhc: Fix initialization frozen issue ceb3af686015 drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR fd3247512698 drm/amd/display: add nv12 bounding box 039c4551438e drm/amdgpu: skip gpu_info fw loading on navi12 2247df454c7b mm: fix unmap_mapping_range high bits shift bug b240a3ef3d91 i2c: core: Fix atomic xfer check for non-preempt config dfb8a426e030 x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect d44bd49abe3d firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards e73022d60017 mm/mglru: skip special VMAs in lru_gen_look_around() 22c8e0b87bcb net: constify sk_dst_get() and __sk_dst_get() argument f797a2f74a8e net: libwx: fix memory leak on free page 51079378514d cxl/pmu: Ensure put_device on pmu devices 95b3904a261a net: prevent mss overflow in skb_segment() e1b45baa2e38 powerpc/pseries/vas: Migration suspend waits for no in-progress open windows 24f855a88c95 RISCV: KVM: update external interrupt atomically for IMSIC swfile 443860676828 dmaengine: fsl-edma: fix wrong pointer check in fsl_edma3_attach_pd() 7734bb38104a dmaengine: idxd: Protect int_handle field in hw descriptor 1695423c9630 drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml e4a5b2f60e06 kernel/resource: Increment by align value in get_free_mem_region() 4c269350e3c6 cxl/core: Always hold region_rwsem while reading poison lists 07f9a20b899a cxl: Add cxl_decoders_committed() helper 9826255cdec6 drm/amd/display: Increase num voltage states to 40 93d67b62c768 drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled c33fc69553b2 clk: rockchip: rk3128: Fix SCLK_SDMMC's clock name b58d2fc1f94d clk: rockchip: rk3128: Fix aclk_peri_src's parent 09aa95c0e714 phy: sunplus: return negative error code in sp_usb_phy_probe c7573ba35562 phy: mediatek: mipi: mt8183: fix minimal supported frequency 9cdfbfc652ac iommu/vt-d: Support enforce_cache_coherency only for empty domains 41294f9d1782 iio: imu: adis16475: use bit numbers in assign_bit() 634d43a2dafa dmaengine: fsl-edma: Add judgment on enabling round robin arbitration df9e5371221f dmaengine: fsl-edma: Do not suspend and resume the masked dma channel when the system is sleeping 2bd6f2164821 dmaengine: ti: k3-psil-am62a: Fix SPI PDMA data 6c9e7caeb29a dmaengine: ti: k3-psil-am62: Fix SPI PDMA data a7ccc9d9001b phy: ti: gmii-sel: Fix register offset when parent is not a syscon node 42db0099eca3 KVM: s390: vsie: fix wrong VIR 37 when MSO is used b649a7fe9a8b riscv: don't probe unaligned access speed if already done 5d1e4e5fd1e9 rcu/tasks-trace: Handle new PF_IDLE semantics b3ffc1167584 rcu/tasks: Handle new PF_IDLE semantics 547c59c83abf rcu: Introduce rcu_cpu_online() 39d04e558882 rcu: Break rcu_node_0 --> &rq->__lock order 17f449600a98 ACPI: thermal: Fix acpi_thermal_unregister_thermal_zone() cleanup 04ebb29dc9aa RDMA/mlx5: Fix mkey cache WQ flush eaab31dceb11 clk: si521xx: Increase stack based print buffer size in probe 94eacb45d816 vfio/mtty: Overhaul mtty interrupt handling 6feb483ab744 crypto: hisilicon/qm - fix EQ/AEQ interrupt issue bcf6fe34a314 crypto: qat - fix double free during reset 64170e83ae89 crypto: xts - use 'spawn' for underlying single-block cipher 3f1800cade99 bpftool: Align output skeleton ELF code 0b39339f8afa bpftool: Fix -Wcast-qual warning 030346df8cc4 tcp: derive delack_max from rto_min 88a884dec104 media: qcom: camss: Fix genpd cleanup 3c97918a8a65 media: qcom: camss: Fix V4L2 async notifier error path f302f37f1630 xsk: add multi-buffer support for sockets sharing umem bf07fda050c8 mm/memory-failure: pass the folio and the page to collect_procs() 393155f9b265 mm: convert DAX lock/unlock page to lock/unlock folio 200bc3661325 net: Implement missing SO_TIMESTAMPING_NEW cmsg support ea37c4b61107 bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() 428ae1b99fce net: ravb: Wait for operating mode to be applied ba75a06fa273 asix: Add check for usbnet_get_endpoints 67a4a2589db0 octeontx2-af: Re-enable MAC TX in otx2_stop processing f725e894b123 octeontx2-af: Always configure NIX TX link credits based on max frame size 511e4a579624 net/smc: fix invalid link access in dumping SMC-R connections ed192246db75 net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues 3ffd05c2cccd virtio_net: fix missing dma unmap for resize e2e5c2a3f90f virtio_net: avoid data-races on dev->stats fields 6d2e4e56576f apparmor: Fix move_mount mediation by detecting if source is detached 1d95d871f907 igc: Fix hicredit calculation 17f5cfeb15d6 i40e: Restore VF MSI-X state during PCI reset 1ee4eb8024ee ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux 3d5a6ed6aa43 ASoC: meson: g12a-toacodec: Fix event generation 28fdf45be31f ASoC: meson: g12a-tohdmitx: Validate written enum values 97ee19ff4914 ASoC: meson: g12a-toacodec: Validate written enum values d715f2949a9c i40e: fix use-after-free in i40e_aqc_add_filters() d5e0bb03d99c net: Save and restore msg_namelen in sock_sendmsg 9824064683a7 netfilter: nft_immediate: drop chain reference counter on error 97cbb828482a netfilter: nf_nat: fix action not being set for all ct states d4969c264d91 net: bcmgenet: Fix FCS generation for fragmented skbuffs 9f2e244bfc9e sfc: fix a double-free bug in efx_probe_filters 015414fdc068 ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init 4d9b792986dd selftests: bonding: do not set port down when adding to bond 742e4af3d7d7 net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) d090faafd954 r8169: Fix PCI error on system resume 4083c9bc3809 net: sched: em_text: fix possible memory leak in em_text_destroy() 463fe6953f3b mlxbf_gige: fix receive packet race condition ad0ea7a29031 ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset 4deed2c6027b ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable 38036a739ef1 igc: Check VLAN EtherType mask 08144bac8d23 igc: Check VLAN TCI mask 4109b21e785c igc: Report VLAN EtherType matching back to user 0ec87fc8be95 i40e: Fix filter input checks to prevent config with invalid values a659ce14c776 ice: Shut down VSI with "link-down-on-close" enabled 49b1e2aa233c ice: Fix link_down_on_close message 03ed388f9bb8 drm/i915/perf: Update handling of MMIO triggered reports c3d24a3d380b drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern 029d4ab2b772 octeontx2-af: Fix marking couple of structure as __packed fb195df90544 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local d27e2798e3ea netfilter: nf_tables: set transport offset from mac header for netdev/egress 8b410abf1729 drm/bridge: ps8640: Fix size mismatch warning w/ len 1688af7d86ed drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer ce5b06e2a7bb drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer ad1220bb4bcf wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ f8d0c6d1992c accel/qaic: Implement quirk for SOC_HW_VERSION efcedd56998b accel/qaic: Fix GEM import path code 30912a7f64de KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL 30aae98b75b4 cifs: do not depend on release_iface for maintaining iface_list 40fc7dfd17ec cifs: cifs_chan_is_iface_active should be called with chan_lock held feef4dc27da0 drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE 8cc22ba3f77c Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" c25546cac381 mptcp: prevent tcp diag from closing listener subflows 67df4c4a4854 drm/amd/display: pbn_div need be updated for hotplug event 0c0192321762 ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 855c75f35020 ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook 0fc0d040f430 ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series 0ccbd44d7d72 ALSA: hda/tas2781: remove sound controls in unbind cb7a397dbb7e ALSA: hda/tas2781: move set_drv_data outside tasdevice_init aee67bbe969d ALSA: hda/tas2781: do not use regcache da89365158f6 keys, dns: Fix missing size check of V1 server-list header c9a51ebb4bac Linux 6.6.10 9b603077e29c Revert "platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe" b7f1c01b55ad netfilter: nf_tables: skip set commit for deleted/destroyed sets e904e81fd3c2 wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) d673099085dd wifi: cfg80211: fix CQM for non-range use ccd48707d511 tracing: Fix blocked reader of snapshot buffer a12754a8f5ac ftrace: Fix modification of direct_function hash while in use baa88944038b ring-buffer: Fix wake ups when buffer_percent is set to 100 c62b9a2daf28 Revert "nvme-fc: fix race between error recovery and creating association" d16c5d215b53 mm/memory-failure: check the mapcount of the precise page 8c7da70d9ae4 mm/memory-failure: cast index to loff_t before shifting it 07550b1461d4 mm: migrate high-order folios in swap cache correctly d16eb52c176c mm/filemap: avoid buffered read/write race to read inconsistent data 09141f08fdf6 selftests: secretmem: floor the memory size to the multiple of page_size 2c30b8b105d6 maple_tree: do not preallocate nodes for slot stores 11d41d01c088 platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe 7d5f219f1ef6 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() 33fd5fb1258b platform/x86/intel/pmc: Move GBE LTR ignore to suspend callback 91dcd5ee1e11 platform/x86/intel/pmc: Allow reenabling LTRs 8663b99c38a6 platform/x86/intel/pmc: Add suspend callback b5f63f5e8a68 block: renumber QUEUE_FLAG_HW_WC cf742d095585 mptcp: fix inconsistent state on fastopen race 44ee4764c60a mptcp: fix possible NULL pointer dereference on close 34c7757aa561 mptcp: refactor sndbuf auto-tuning 183c8972b6a6 linux/export: Ensure natural alignment of kcrctab array 466e9af15507 linux/export: Fix alignment for 64-bit ksymtab entries 7844d7d8d8af kexec: select CRYPTO from KEXEC_FILE instead of depending on it 78422b744ad9 kexec: fix KEXEC_FILE dependencies 28d6cde17f21 virtio_ring: fix syncs DMA memory with different direction 9a4987444330 fs: cifs: Fix atime update check 23171df51f60 client: convert to new timestamp accessors 5b5599a7eee5 fs: new accessor methods for atime and mtime 861eaba7ca6c ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() ab5a0a1c40be ksmbd: lazy v2 lease break on smb2_write() 3c1e602a34e1 ksmbd: send v2 lease break notification for directory 572388ff429a ksmbd: downgrade RWH lease caching state to RH for directory d7af4e499c30 ksmbd: set v2 lease capability bc025d49c507 ksmbd: set epoch in create context v2 lease 3da84670973b ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error b06c96373179 ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId fa86141f357f ksmbd: release interim response after sending status pending response e4ae19537558 ksmbd: move oplock handling after unlock parent dir f263652dc6c9 ksmbd: separately allocate ci per dentry 8d69547b94e0 ksmbd: prevent memory leak on error return cdb93ef9cfcc ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() b48bb8c2ecdb ksmbd: no need to wait for binded connection termination at logoff 0bd595cb8e8b ksmbd: add support for surrogate pair conversion dca63bad3950 ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() 31c453b3743f ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() d73737884ea4 ksmbd: reorganize ksmbd_iov_pin_rsp() 3ba08c420d05 ksmbd: Remove unused field in ksmbd_user struct Signed-off-by: Bruce Ashfield --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 90e5ead1f4..2094613aa0 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "7e43b4538ce1a9084c4a5f1b22372c98aa888958" -SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34" +SRCREV_machine ?= "3e67e7e050ae8af74f9158dc71f952539f1516e5" +SRCREV_meta ?= "25ae36cd00a816ba8aab368a443cab1c166e3c2f" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.9" +LINUX_VERSION ?= "6.6.11" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 5d87855a27..842e9c7693 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.9" +LINUX_VERSION ?= "6.6.11" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34" +SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_meta ?= "25ae36cd00a816ba8aab368a443cab1c166e3c2f" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index dbe4db9514..9dae76e9a3 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "b0567ccb83b03434efe6bc00d7d672a59d50b82a" -SRCREV_machine:qemuarm64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemuloongarch64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemumips ?= "df19050d1276ce9418652a39c31b77925b18fb17" -SRCREV_machine:qemuppc ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemuriscv64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemuriscv32 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemux86 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemux86-64 ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_machine:qemumips64 ?= "2cab83c3f46765b9390918a91c4fc64a873a3443" -SRCREV_machine ?= "ff7ae7b32324226330214197e9b849d1aa35accd" -SRCREV_meta ?= "11390e802ca72f3549b9356f036b17e54afd7a34" +SRCREV_machine:qemuarm ?= "53699f09df655724152c7c82ce94ebbe8a0a4fd4" +SRCREV_machine:qemuarm64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemuloongarch64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemumips ?= "cc1dc06263a8d1c9d78dadc4045fbd47469b791c" +SRCREV_machine:qemuppc ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemuriscv64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemuriscv32 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemux86 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemux86-64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_machine:qemumips64 ?= "cbf59cfe385657b0ee385264be2fcf785f6f1959" +SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" +SRCREV_meta ?= "25ae36cd00a816ba8aab368a443cab1c166e3c2f" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "5e9df83a705290c4d974693097df1da9cbe25854" +SRCREV_machine:class-devupstream ?= "22852eaf43ec64b7dc0aa72687b22237b65a88f9" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.9" +LINUX_VERSION ?= "6.6.11" PV = "${LINUX_VERSION}+git" From patchwork Fri Jan 19 21:14:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38072 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6EA5CC47DD9 for ; Fri, 19 Jan 2024 21:14:26 +0000 (UTC) Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) by mx.groups.io with SMTP id smtpd.web10.6079.1705698864623395340 for ; Fri, 19 Jan 2024 13:14:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FDqxqZeg; spf=pass (domain: gmail.com, ip: 209.85.219.54, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-681922a61baso10591816d6.1 for ; Fri, 19 Jan 2024 13:14:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698864; x=1706303664; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2uOkWQOHLvdPLh+ZsbI6rNNLBzEtIO5g/pUgzc5zENo=; b=FDqxqZeg30SkKK37rW3QVqVLOJnvVYUKPtC20FHQPmtNSVVjtDc7iKxL+PPlJGDbM0 wg0X3UAFnB3trwHybYgd7ZeZG2eDZv/VftfIkcr6yizQngmyjT/0U2LS/w4tNmUxUE9y gVIWkzXapnNRPFz9yg3HgpuTpSUzxEDX6C3dGT/9CqMqWESz+RxKUnpWaqtzq54mnBiV B7NpUf6LxrIfV1v/JQT94SExqtEFVRaQvg8+TOGSOVHNVDzr/dlMc1GFgWfLnSGaOlnk xPIuRFZ+5PusVwCSMmpmqf2x4MLkW9vOFWJFPqw+Z2d3tFvm1uCIXD+RVpioRw2yIt1m hQeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698864; x=1706303664; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2uOkWQOHLvdPLh+ZsbI6rNNLBzEtIO5g/pUgzc5zENo=; b=TIQLrtwMQ1qSwqVcSBIRi5A0Ryvynuuvr+WFx84eWP0vRd31BQnMu/7dzKE728R/vp w7d0OCj6w2FXY1j7wyrtv2eYqyMLrvunnhjnm7cXorj0sQEwJDjoVEUX3qLO2cE1bvLp 3zZBUD/BYLkW2A8QQaZQtvSVjS2/WbblXUHDxBXjN0Xh794Oe3kSQICGs2rSykBSp+V7 5cLbiA9crb8JB4SQ5cfxQ28h2Yb8sYwLH2h7yPQ+cn5KjkAVaI3pV9np5GDc99SqAqxj c9mXIfJ7xxrSm4pnAzvNujsBRTubbHXuLjM6SaB7+gkqLXfaT/8kTbE3gmdsAK1BFRy3 TdOw== X-Gm-Message-State: AOJu0Ywe73uY8R0+zJDFfosUoTT3XFUkwcd9pIhtyJ4xGaI+So96wMLW cN+jb1h85MyPmpC0GIGljKQCWmBOM1dO16E9X9oP6T3/R1Hd3dBePBVKRocdi2Y= X-Google-Smtp-Source: AGHT+IEmGpAFWRtVi5xzSsPYg9R7KTOS4ZNhslq1t/WE9LKZWcZxO0FrDKWeMTQuAAnKaSrAD7wWEg== X-Received: by 2002:a05:6214:29ef:b0:682:4c34:90d2 with SMTP id jv15-20020a05621429ef00b006824c3490d2mr638561qvb.7.1705698863639; Fri, 19 Jan 2024 13:14:23 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:22 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 02/11] linux-yocto/6.6: update CVE exclusions Date: Fri, 19 Jan 2024 16:14:10 -0500 Message-Id: <724d8f54fcd82f4d9488843c4473d8ea90a05bec.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194068 From: Bruce Ashfield Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 27Dec23 Date: Wed, 27 Dec 2023 19:47:13 -0500 ] Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/cve-exclusion_6.6.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index ee7df04c4a..2b74d3585d 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-03 18:54:52.866645+00:00 for version 6.6.9 +# Generated at 2024-01-11 15:23:15.711210+00:00 for version 6.6.11 python check_kernel_cve_status_version() { - this_version = "6.6.9" + this_version = "6.6.11" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) From patchwork Fri Jan 19 21:14:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38076 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C818C47DB7 for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45]) by mx.groups.io with SMTP id smtpd.web11.5983.1705698866195659846 for ; Fri, 19 Jan 2024 13:14:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Tn7tbvY3; spf=pass (domain: gmail.com, ip: 209.85.219.45, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-6818aa08a33so8916246d6.0 for ; Fri, 19 Jan 2024 13:14:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698865; x=1706303665; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ndGFy+OjU4asqQVGV1kSBxt7BVIUk9sVVgMYHHfPmaE=; b=Tn7tbvY38AjMis9t0ZQ0cs5SN+lmHcGM4XbvmfGpxb0VEIw2tzt7lEM1X3IRPKd2ZQ +sEe74ybLXlJKyQTC9yHnvHJq4u4DpoyFwiZhLqFGf3Uxbz+3hJslHkARmtSTyDAL+Ps w3qOflLxnpAoieKcUx+Pzp4GlbvWF6/yBBUqjzWdR2g/8oPmx31IMm9PB26gBOm3Eed2 p5c1jwaghf0eyZ5q2eGJJZOWmzFOSFG4KibnsvqAgA8gzFPeaZD9vAJj7mU9d8Pgy/j7 EN7fbrVzbJrEHAfEtK2WYI7NQ3obbzo36sA1D+Hf7Zhb0dR0/7PJAfTt+gDrMulid5TD M+ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698865; x=1706303665; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ndGFy+OjU4asqQVGV1kSBxt7BVIUk9sVVgMYHHfPmaE=; b=NEA9cMvGANN33iCqpJIXhUlKC/RKZ8YtZ7880RKt+inhMSp3nm6YfK++0BRlnFQ1ga zdxdUwwRFNNtansBDl/s2ktySKk/kumrXOutr9uotJ6oNBQh8D5MVt+bUYeVe6JKWwsD qX18zYzg4JLhKFzWeQy/bPBvme4fEjstRYQIimzIs7cG2PtH/fkOWceMjSPTxzZzaSrw 5NheMQ3JC6s+NNKGYzzgvQaRZOq7CrzNiMIQwebRettk83enQ3/pQfkL0FqvyJnwCl0p rBCDuFoGK/FUvJMhKFHAOHJs4nzC6sHzq2XzQe4pDVX09upgnbR860TsmQRXnMhdy7lq Ik3w== X-Gm-Message-State: AOJu0YzptfIgfYM+Y+4c23fB7koJ0oQGlEt29Z01IdKSreETtmEfL5lF OmjjcpksN7LtLnuKHP/1bp9mzlG1Ly5+xYtUrGVyLOb1U8Y6oG3OBCPknqjPIzQ= X-Google-Smtp-Source: AGHT+IHS8ZRuBOvxCdQ5+KcIKbXE3pSz7VJRzIDtRH7olukGPc93LrE/mu06R4FZfeGQ3nd4hg5FDQ== X-Received: by 2002:a0c:9a4d:0:b0:685:57ac:ca28 with SMTP id q13-20020a0c9a4d000000b0068557acca28mr54131qvd.13.1705698865077; Fri, 19 Jan 2024 13:14:25 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:24 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 03/11] linux-yocto/6.1: update to v6.1.72 Date: Fri, 19 Jan 2024 16:14:11 -0500 Message-Id: <04004b294cb44ac23c74e12feadab7e076ff9e54.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194069 From: Bruce Ashfield Updating linux-yocto/6.1 to the latest korg -stable release that comprises the following commits: 7c58bfa711cb Linux 6.1.72 2dbe25ae06e6 Revert "interconnect: qcom: sm8250: Enable sync_state" f73a374c1969 smb3: Replace smb2pdu 1-element arrays with flex-arrays ec162546a733 media: qcom: camss: Comment CSID dt_id field a5c3f2b4cee7 bpf: syzkaller found null ptr deref in unix_bpf proto add 15db682980fc bpf: Fix a verifier bug due to incorrect branch offset comparison with cpu=v4 7cbdf36eabf3 net/sched: act_ct: Always fill offloading tuple iifidx 2be4e8ac2d16 net/sched: act_ct: additional checks for outdated flows 87318b7e374c f2fs: compress: fix to assign compress_level for lz4 correctly 397f719037c2 genirq/affinity: Only build SMP-only helper functions on SMP kernels 28c9222e29e5 mmc: sdhci-sprd: Fix eMMC init failure after hw reset 2813a434d461 mmc: core: Cancel delayed work before releasing host 575e127041f2 mmc: rpmb: fixes pause retune on all RPMB partitions. 9c5efaa09b31 mmc: meson-mx-sdhc: Fix initialization frozen issue 48e1d426f452 drm/amd/display: add nv12 bounding box 11c3510d1d4d drm/amdgpu: skip gpu_info fw loading on navi12 dafdeb7b91f1 mm: fix unmap_mapping_range high bits shift bug 08038069c237 i2c: core: Fix atomic xfer check for non-preempt config 53b42cb33fb1 x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect d1db1ef5e633 firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards 09a44d994bfe ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg() 820a7802f25a btrfs: mark the len field in struct btrfs_ordered_sum as unsigned ab220f4f5c70 btrfs: fix qgroup_free_reserved_data int overflow 0f74dde5be2c octeontx2-af: Support variable number of lmacs 7d3912613d5b octeontx2-af: Fix pause frame configuration a29b15cc68a6 net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table 2bb4ecb3349c netfilter: flowtable: GC pushes back packets to classic path df01de08b411 net/sched: act_ct: Fix promotion of offloaded unreplied tuple 87466a374571 net/sched: act_ct: offload UDP NEW connections 8b160f2fba77 netfilter: flowtable: cache info of last offload c29a7656f8a2 netfilter: flowtable: allow unidirectional rules e681f711e9e8 net: sched: call tcf_ct_params_free to free params in tcf_ct_init d49bf9c1ceb3 mm/memory_hotplug: fix error handling in add_memory_resource() 4666f003afff mm/memory_hotplug: add missing mem_hotplug_lock a576780a2a66 lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly f33b27f5c3de genirq/affinity: Move group_cpus_evenly() into lib/ 617ba3735d3b genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly aeeb4e4e49f8 genirq/affinity: Don't pass irq_affinity_desc array to irq_build_affinity_masks 9e84d7bb1505 genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks a1dcd1794730 genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks f4fe76467e7b ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 aee609302d65 firmware: arm_scmi: Fix frequency truncation by promoting multiplier type 90d1f74c3cf6 bpf, sockmap: af_unix stream sockets need to hold ref for pair sock 5ff1682fec18 ethtool: don't propagate EOPNOTSUPP from dumps e570b1508753 dpaa2-eth: recycle the RX buffer only after all processing done 5b8938fc7d00 net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats e88275ce7e7b smb: client: fix missing mode bits for SMB symlinks bf223fd4d914 block: update the stable_writes flag in bdev_add a8e4300ae58d filemap: add a per-mapping stable writes flag d0eafc763135 mm, netfs, fscache: stop read optimisation when folio removed from pagecache bceff380f361 mm: merge folio_has_private()/filemap_release_folio() call pairs 8b6b3ecf0c13 memory-failure: convert truncate_error_page() to use folio a6f440f3b956 khugepage: replace try_to_release_page() with filemap_release_folio() 4c78612e5fbc ext4: convert move_extent_per_page() to use folios b92a8f591ca8 media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 710f70555d5b media: camss: sm8250: Virtual channels for CSID c96a4f936008 selftests: mptcp: set FAILING_LINKS in run_tests 4b85e920afc8 selftests: mptcp: fix fastclose with csum failure 336d1ee07efb f2fs: set the default compress_level on ioctl 1ff3f5ef284b f2fs: assign default compression level 55d3f41e5583 f2fs: convert to use bitmap API 84a8d913fb53 f2fs: clean up i_compress_flag and i_compress_level usage 2c14f4991610 s390/cpumf: support user space events for counting a1a1e5ce88a7 s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() 31051f722db2 net/mlx5: Increase size of irq name buffer b5c8e0ff76d1 blk-mq: make sure active queue usage is held for bio_integrity_prep() 803fb6109fcf bpf: fix precision backtracking instruction iteration b08acd5c4602 bpf: handle ldimm64 properly in check_cfg() 2c795ce09042 bpf: Support new 32bit offset jmp instruction b1c780ed3c22 bpf: clean up visit_insn()'s instruction processing 97bb6dab0172 bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() 8266c47d04b2 bpf: remove unnecessary prune and jump points 743f3548d301 bpf: decouple prune and jump points eb4f2e17886a fbdev: imsttfb: fix double free in probe() f2a79f3651a5 fbdev: imsttfb: Release framebuffer and dealloc cmap on error path 51a1b943022f arm64: dts: qcom: sdm845: Fix PSCI power domain names 5db8b93cbe2d arm64: dts: qcom: sdm845: align RPMh regulator nodes with bindings 343bb27e3152 wifi: iwlwifi: yoyo: swap cdb and jacket bits values 158b71f3a9fa udp: annotate data-races around udp->encap_type 8d929b6c1114 udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO b680a907d17c udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags 753886c0b994 udp: move udp->gro_enabled to udp->udp_flags a01cff15ccdc udp: move udp->no_check6_rx to udp->udp_flags 50e41aa9ea0d udp: move udp->no_check6_tx to udp->udp_flags e2a4392b61f6 udp: introduce udp->udp_flags 2489502fb1f5 ipv4, ipv6: Use splice_eof() to flush 4713b7c7568b splice, net: Add a splice_eof op to file-ops and socket-ops ac8c69e448f7 udp: Convert udp_sendpage() to use MSG_SPLICE_PAGES 6bcc79a4e760 net: Declare MSG_SPLICE_PAGES internal sendmsg() flag 89b51e70e5e3 bpf, x86: save/restore regs with BPF_DW size 4ee461c5dc99 bpf, x86: Simplify the parsing logic of structure parameters 605c8d8f9966 bpf, x64: Fix tailcall infinite loop 5573fdbc3423 srcu: Fix callbacks acceleration mishandling abc3e3fb71a5 cpu/SMT: Make SMT control more robust against enumeration failures 482fa21635c8 cpu/SMT: Create topology_smt_thread_allowed() a364c18553d0 selftests: secretmem: floor the memory size to the multiple of page_size c38c5cfd3ed7 net: Implement missing SO_TIMESTAMPING_NEW cmsg support 14937f47a48f bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() 55fbcd83aaca net: ravb: Wait for operating mode to be applied 8a09b0f01c40 asix: Add check for usbnet_get_endpoints db9c4a1f37ee octeontx2-af: Re-enable MAC TX in otx2_stop processing b67e7d78e48a octeontx2-af: Always configure NIX TX link credits based on max frame size 84c3833a93bb net/smc: fix invalid link access in dumping SMC-R connections 0af75845ff5e net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues 9b0504292237 igc: Fix hicredit calculation 7663226274af i40e: Restore VF MSI-X state during PCI reset 5735f529e318 ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux 8719838c126a ASoC: meson: g12a-toacodec: Fix event generation 5de3c8496e77 ASoC: meson: g12a-tohdmitx: Validate written enum values 95b4d4093ac0 ASoC: meson: g12a-toacodec: Validate written enum values 2f3b6e8600c9 i40e: fix use-after-free in i40e_aqc_add_filters() 72fa66177859 net: Save and restore msg_namelen in sock_sendmsg 81f8a995ebc8 netfilter: nft_immediate: drop chain reference counter on error bb1bf97fa187 net: bcmgenet: Fix FCS generation for fragmented skbuffs e75715e1c2e5 sfc: fix a double-free bug in efx_probe_filters 725d44e49fb5 ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init 85f6fae44bba selftests: bonding: do not set port down when adding to bond 3edd66bd4e42 net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) ac5fde92b510 net: annotate data-races around sk->sk_bind_phc c48fcb4f4906 net: annotate data-races around sk->sk_tsflags 5d586f7ca0fc net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps b2130366a952 can: raw: add support for SO_MARK 633a49e34b32 r8169: Fix PCI error on system resume 565460e180d9 net: sched: em_text: fix possible memory leak in em_text_destroy() ac5cbe931c43 mlxbf_gige: fix receive packet race condition 6d7f45492706 ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset 811604fb02c4 ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable c3a37dc15685 igc: Check VLAN EtherType mask 6edff0b8381c igc: Check VLAN TCI mask d27b98f4aeae igc: Report VLAN EtherType matching back to user e76d1913f6a8 i40e: Fix filter input checks to prevent config with invalid values 188c9970d05e ice: Shut down VSI with "link-down-on-close" enabled 83b80170b7fa ice: Fix link_down_on_close message f3f6a23e054c drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern 6cf7235bc1fb octeontx2-af: Fix marking couple of structure as __packed a4b0a9b80a96 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local 282e3fb61285 netfilter: nf_tables: set transport offset from mac header for netdev/egress 9487cc4c90fb netfilter: use skb_ip_totlen and iph_totlen 5f523f1beb46 drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer 3da4868907da wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ 493d556278a3 KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL 3152a7d361c6 cifs: do not depend on release_iface for maintaining iface_list 5982a625fc0d cifs: cifs_chan_is_iface_active should be called with chan_lock held 4afcb82518b9 drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE b9c370b61d73 Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" af9a5307656d mptcp: prevent tcp diag from closing listener subflows 105063f7f441 ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 0fa3cf2d151e ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook beda900d3aaf ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series 9539e3b56e0d block: Don't invalidate pagecache for invalid falloc modes 079eefaecfd7 keys, dns: Fix missing size check of V1 server-list header 38fb82ecd144 Linux 6.1.71 74c4c7d57cf2 Revert "platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe" 7709b16bdbd5 tracing/kprobes: Fix symbol counting logic by looking at modules as well 9dd295341dc1 kallsyms: Make module_kallsyms_on_each_symbol generally available 29cb16577189 device property: Allow const parameter to dev_fwnode() e7b04372179e spi: Constify spi parameters of chip select APIs f9a01938e079 NFSD: fix possible oops when nfsd/pool_stats is closed. 899ac41804d8 ring-buffer: Fix slowpath of interrupted event 0105571f80ed netfilter: nf_tables: skip set commit for deleted/destroyed sets 4768430d5a69 ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() f33c4e4cabce tracing: Fix blocked reader of snapshot buffer 09640899e6b7 ring-buffer: Fix wake ups when buffer_percent is set to 100 4ee9d9291b95 mm/memory-failure: check the mapcount of the precise page fb21c9780a31 mm/memory-failure: cast index to loff_t before shifting it be72d197b228 mm: migrate high-order folios in swap cache correctly a8df791470fb mm/filemap: avoid buffered read/write race to read inconsistent data b954b92ef08f platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe 7a3bbbadac4b ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() b9c5f0fd5cd5 block: renumber QUEUE_FLAG_HW_WC e21b5fc5b887 spi: atmel: Fix clock issue when using devices with different polarities 025cf65f68d4 spi: Add APIs in spi core to set/get spi->chip_select and spi->cs_gpiod 64a4eb2982db spi: Reintroduce spi_set_cs_timing() 95e21657ffe9 linux/export: Ensure natural alignment of kcrctab array bb4f791cb2de nfsd: call nfsd_last_thread() before final nfsd_put() 03d68ffc48b9 nfsd: separate nfsd_last_thread() from nfsd_put() 481561a431ff iio: imu: adis16475: add spi_device_id table 027eaeaf3294 spi: Introduce spi_get_device_match_data() helper 457a219c8453 usb: fotg210-hcd: delete an incorrect bounds test 119127273b5d ARM: dts: Fix occasional boot hang for am3 usb 98235bc13aa8 ksmbd: fix wrong allocation size update in smb2_open() 04b8e04f8f89 ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() 34f7d5b5c972 ksmbd: lazy v2 lease break on smb2_write() 500c7a5e9af8 ksmbd: send v2 lease break notification for directory 1993959460c0 ksmbd: downgrade RWH lease caching state to RH for directory 2fcb46df3460 ksmbd: set v2 lease capability 3eddc811a7c8 ksmbd: set epoch in create context v2 lease 52a32eafd0a5 ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error 0bc46c2370ee ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId d9aa5c19084e ksmbd: release interim response after sending status pending response 013bf453af0d ksmbd: move oplock handling after unlock parent dir 20dd92c23756 ksmbd: separately allocate ci per dentry d5651972e5c5 ksmbd: fix possible deadlock in smb2_open aabc944ebf08 ksmbd: prevent memory leak on error return b4a269bb89dd ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() 699ad8d03cc5 ksmbd: no need to wait for binded connection termination at logoff 3cf44550814c ksmbd: add support for surrogate pair conversion d26e024a5ead ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() 5113f7222554 ksmbd: fix recursive locking in vfs helpers 42e56982bed1 ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() 533e6dc4469f ksmbd: reorganize ksmbd_iov_pin_rsp() 1d95c5a54184 ksmbd: Remove unused field in ksmbd_user struct 5929e98f3bb7 ksmbd: fix potential double free on smb2_read_pipe() error path a7aae713eaf2 ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() 943cebf9ea34 ksmbd: fix wrong error response status by using set_smb2_rsp_status() 7b58ee8d0b91 ksmbd: fix race condition between tree conn lookup and disconnect 0090f0bfc225 ksmbd: fix race condition from parallel smb2 lock requests 6584ca894f30 ksmbd: fix race condition from parallel smb2 logoff requests b3a843caed29 ksmbd: fix race condition with fp 7345f5dbf66d ksmbd: check iov vector index in ksmbd_conn_write() 8beae8a0a065 ksmbd: return invalid parameter error response if smb2 request is invalid e523a26c0567 ksmbd: fix passing freed memory 'aux_payload_buf' b4b3fd1a95b4 ksmbd: remove unneeded mark_inode_dirty in set_info_sec() 1ee419e08fa1 ksmbd: remove experimental warning 83b01f7330d7 ksmbd: add missing calling smb2_set_err_rsp() on error 422c0cd01693 ksmbd: Fix one kernel-doc comment c20105a8975c ksmbd: fix `force create mode' and `force directory mode' f8cf1ebb7de6 ksmbd: fix wrong interim response on compound 9f297df20d93 ksmbd: add support for read compound 673e60c69124 ksmbd: switch to use kmemdup_nul() helper 0a9b91f45e88 ksmbd: check if a mount point is crossed during path lookup d782f42eed93 ksmbd: Fix unsigned expression compared with zero 48cc49384048 ksmbd: Replace one-element array with flexible-array member 63fbfd212c82 ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() e7ab53bd81b0 ksmbd: Replace the ternary conditional operator with min() 143da652cee8 ksmbd: use kvzalloc instead of kvmalloc de43cdaa88c2 ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void deb79f20be21 ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() fe7977b872a6 ksmbd: use kzalloc() instead of __GFP_ZERO 294a275f374b ksmbd: remove unused ksmbd_tree_conn_share function b069977b2b47 ksmbd: add mnt_want_write to ksmbd vfs functions 13a5045011ec ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() 1524884c3efb ksmbd: call putname after using the last component 30a1344198aa ksmbd: fix uninitialized pointer read in smb2_create_link() 6d4e21e369f3 ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() 6927ffe7479c ksmbd: fix racy issue from using ->d_parent and ->d_name 6e99fbb4296a fs: introduce lock_rename_child() helper 965eb8650737 ksmbd: remove unused compression negotiate ctx packing 49d9f6ad1ee0 ksmbd: avoid duplicate negotiate ctx offset increments 2182d96ec0b7 ksmbd: set NegotiateContextCount once instead of every inc 8d271ef5e5ca ksmbd: delete asynchronous work from list 4ef3fd2f85bb ksmbd: remove unused is_char_allowed function 226aaaa59365 ksmbd: Fix parameter name and comment mismatch e8c49f9364c5 ksmbd: Fix spelling mistake "excceed" -> "exceeded" ada8bcc48acd ksmbd: update Kconfig to note Kerberos support and fix indentation 5c0306b0abcd ksmbd: Remove duplicated codes b6502c34cf30 ksmbd: fix typo, syncronous->synchronous 052b41ef2abe ksmbd: Implements sess->rpc_handle_list as xarray 264547e13f80 ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs 87ffbb9e24ba ksmbd: Fix resource leak in smb2_lock() d847b7588341 ksmbd: use F_SETLK when unlocking a file 343d667deee1 ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share ab69d3e8f7a0 ksmbd: replace one-element arrays with flexible-array members Signed-off-by: Bruce Ashfield --- .../linux/linux-yocto-rt_6.1.bb | 6 ++-- .../linux/linux-yocto-tiny_6.1.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.1.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 3dbec14af8..2d471e3ee3 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "c7164e4299dfbd93c9ec4f9bd307ebbb88aa6b71" -SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288" +SRCREV_machine ?= "6d67557b912380b57b6081da7ac106e9c003f4d1" +SRCREV_meta ?= "dd140f6b950d56c837dc464af8f2a2a53af24fbf" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.70" +LINUX_VERSION ?= "6.1.72" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index 01641a8462..3314e7b2f1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.70" +LINUX_VERSION ?= "6.1.72" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288" +SRCREV_machine ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_meta ?= "dd140f6b950d56c837dc464af8f2a2a53af24fbf" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb index fc7bed9fcd..fd018db6ed 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "b763843c7f0f71c1488daf5d7453656360bfd217" -SRCREV_machine:qemuarm64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemuloongarch64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemumips ?= "f72c516f5594f4eef9c26d380abf60768695c7da" -SRCREV_machine:qemuppc ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemuriscv64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemuriscv32 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemux86 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemux86-64 ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_machine:qemumips64 ?= "951e24cce7143380de09baa2d1d59062a969d021" -SRCREV_machine ?= "7d183bf1b0b8ded0b2a8a352aa75729a37293b1e" -SRCREV_meta ?= "4fe5dc52631f3b990aefbb3f97330137c4ebb288" +SRCREV_machine:qemuarm ?= "4b6d6ef48b0d11dfdcdc9ae25e1c83be9396a116" +SRCREV_machine:qemuarm64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemuloongarch64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemumips ?= "8a0e36da16bca1553532936c198c43362be35a82" +SRCREV_machine:qemuppc ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemuriscv64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemuriscv32 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemux86 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemux86-64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_machine:qemumips64 ?= "3407157586b654c9932356124429ee9dc9f56f18" +SRCREV_machine ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" +SRCREV_meta ?= "dd140f6b950d56c837dc464af8f2a2a53af24fbf" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "a507f147e6f06e86b7649b46bc1d3caa34b196d6" +SRCREV_machine:class-devupstream ?= "7c58bfa711cb556ef1edc48e7dfa6d84e5fb8912" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -45,7 +45,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.70" +LINUX_VERSION ?= "6.1.72" PV = "${LINUX_VERSION}+git" From patchwork Fri Jan 19 21:14:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38083 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3248C48277 for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-qv1-f44.google.com (mail-qv1-f44.google.com [209.85.219.44]) by mx.groups.io with SMTP id smtpd.web10.6081.1705698866720425084 for ; Fri, 19 Jan 2024 13:14:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BiVtN7mN; spf=pass (domain: gmail.com, ip: 209.85.219.44, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qv1-f44.google.com with SMTP id 6a1803df08f44-6806914dba7so6707616d6.2 for ; Fri, 19 Jan 2024 13:14:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698866; x=1706303666; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tJU/Lr6hhLd58bClo6cE49xbqTWVrgP9KKcaDIuI/EQ=; b=BiVtN7mNZNK/6uIS83fCn6V5Zs58hG7C1qBSi22El09d0pndO/dfl8V7n7mnsjoF3J Pd9/h9Zrb0FXaNZzDiz9Xl6NjgscPb0sayfKa7PfkAV6gsqDa+CWhmbIwdGdmQrP53Uf MTt0Pdo5rSZWwcGeNbk7ug7b/sme1Qimdeg02Uy3g9Q/5mEv8I4vLH+9pZXp733eArwi a33zduQDaH2uDXgLkmVhFPkCrxVgi1g98qX7nYO20972y0ffygbgR4hsQkedas5h6s6p 71+xAXOD4iOLIX1KbYmpUR6oW9aTZwbkYOh+g3NnWNvSX4HVWeHO7dBM1zPoqWjAWX+W Na7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698866; x=1706303666; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tJU/Lr6hhLd58bClo6cE49xbqTWVrgP9KKcaDIuI/EQ=; b=hvNeGATk2fQ4Zn92yeTZ8KmGWa9W4lYgsSGyzi+Z6boPnLnYD+sy5fCRIObmQm/ZwY UOI13TvE0k4lZy6ES4uvkM4nY5IzG8CDXlV6z9lOJO7PHuQEvxW0iFwG1HjHwvWWvSSF MShrWOvILcy5LxA1+HmvNp8ihkoH1Qr1KQ8sFL5a0NQfopBvBJnmMUGxS3rFDgT5sNA6 zxLPITRDOCPSojW8fW+3aDvJGCHen4FiDppohK47ODbtD4exPLZ8GwTyt4kCGcuMkvOK jr//abis80qhDxvkW/icin1G2IF1f5EU0/uz5DnVendccQdZtxeEksVMDlLjXqt8YFd1 8cpA== X-Gm-Message-State: AOJu0Yyb5Taz+z6LL0jlGenbuQvVN5sUiFkJyZAEkDHQ1F8p+u3/pE5+ L/Ow3dlVt9v7f5lDDkBxdYBjBKThEZ07O47PHTAH0uL/9o+MSz/SiCiOiOVzWtg= X-Google-Smtp-Source: AGHT+IHriAONRowfm637eFxHmlAG5ni5lk/kW3BY0n8tkQ2XRhj8O6KbgAgqw3m5UagnQBHD5Kl4aA== X-Received: by 2002:a05:6214:21e3:b0:681:8739:9171 with SMTP id p3-20020a05621421e300b0068187399171mr507039qvj.119.1705698865763; Fri, 19 Jan 2024 13:14:25 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:25 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 04/11] linux-yocto/6.1: update CVE exclusions Date: Fri, 19 Jan 2024 16:14:12 -0500 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194070 From: Bruce Ashfield Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 27Dec23 Date: Wed, 27 Dec 2023 19:47:13 -0500 ] Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 8d345831d3..9e0c5bc49e 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70 +# Generated at 2024-01-11 18:31:26.124059+00:00 for version 6.1.72 python check_kernel_cve_status_version() { - this_version = "6.1.70" + this_version = "6.1.72" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) From patchwork Fri Jan 19 21:14:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38079 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A892C47DDC for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-qt1-f171.google.com (mail-qt1-f171.google.com [209.85.160.171]) by mx.groups.io with SMTP id smtpd.web11.5984.1705698867638950593 for ; Fri, 19 Jan 2024 13:14:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VZKkoz18; spf=pass (domain: gmail.com, ip: 209.85.160.171, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qt1-f171.google.com with SMTP id d75a77b69052e-4298e866cd6so7950541cf.0 for ; Fri, 19 Jan 2024 13:14:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698867; x=1706303667; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nGwT3zd/Pq09ufo4QbSVzfxgITgB5SB97+YwYkNoKcI=; b=VZKkoz18oYUe6jtxKKFDH1aY0oSjVZ414X7GEt8vEae7H9lQ3krb2c+XF8EOejlpkF LdJE9v31FdKXXUFrZJHAcObJ0eV1TGZKKbl7XcZaL/nRLB7zYYkATawuaXbF0f0Yxjjr GcUAXdDzOf818uU+cCiFSWISsE4dXARht78qKR41mgC5rW3zvV4+d7Q/FKSzayYepj2v 2ln+wU9HvUsNX6Ddo2Jhq6RggEbg4Gdocf+giK/25vqFjPfIMKxWtBWYu0NiIeC/YlRF dBizsNW2xM2vxQc7QrAyaBkB9NQe5hxM17p594N8KX0UmVD4PJCHV6Inw0fqyMKses5s IdvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698867; x=1706303667; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nGwT3zd/Pq09ufo4QbSVzfxgITgB5SB97+YwYkNoKcI=; b=tSwh5SOIZuMkVqNkBWJbLFUQjUxeXnQfsLDX+mgs44H2DZNze4ispz/F6L6Iw64T2l 5ORTU+IrNiKjz8X0CV/gUOg/zLXvT7CqCy/x3OIqmjxdlZ2kIdzK/OKoAQoFvWfOVXnX cIqjnFkRZPTIDH4xEUCth6LI0Fs18lgR1hhTPjomrX7q85KQjfFxcM0Cn0I0hoFSu2sy MwGGnKcqdFOr6mp7Laqa3+BEOLSo920zaXSrwBzAguamEIfF0NUOhEwoNHdmw2npcEeE Jl0leG9pSEbeRy913AwaxneAWNUpDxF31Ul6deEfWtP3w9g4ybprJ2oT8PvN9ZQuSbKx /JEA== X-Gm-Message-State: AOJu0Yx+1KAuj3bpnSwBfHAcuhGDOBHhmJwOobzY3ArQ8qxJL82F2wt0 va0J1TCd12T6/Jpx1wLsvxjTmoNY7pIVowmmMsOMgs2hFcqnd479 X-Google-Smtp-Source: AGHT+IE6hVX8mryqJvo61SjkaY6pslH6s9Ndof4086vnIMdjV0UXPqczyQ4xJ8nedctyQB7xGVhoxg== X-Received: by 2002:a05:6214:5289:b0:681:77e3:e3ac with SMTP id kj9-20020a056214528900b0068177e3e3acmr602863qvb.89.1705698866606; Fri, 19 Jan 2024 13:14:26 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:26 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 05/11] linux-yocto/6.6: cfg: arm: introduce page size fragments Date: Fri, 19 Jan 2024 16:14:13 -0500 Message-Id: <4611ede535afa80d6a746647b79c961859908808.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194071 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 1/1 [ Author: Ross Burton Email: ross.burton@arm.com Subject: arch/arm: add fragments to explicitly select 4/16/64 KB pages on arm64 Date: Tue, 9 Jan 2024 13:33:06 +0000 Linux on aarch64 supports various page sizes. The default is 4KB but there can be performance improvements in many workloads with larger pages. Signed-off-by: Ross Burton Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 2094613aa0..324494f122 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -15,7 +15,7 @@ python () { } SRCREV_machine ?= "3e67e7e050ae8af74f9158dc71f952539f1516e5" -SRCREV_meta ?= "25ae36cd00a816ba8aab368a443cab1c166e3c2f" +SRCREV_meta ?= "399295102a9b0db007323d12f561ecfd5782dcf0" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index 842e9c7693..b839bac95d 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -18,7 +18,7 @@ KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_meta ?= "25ae36cd00a816ba8aab368a443cab1c166e3c2f" +SRCREV_meta ?= "399295102a9b0db007323d12f561ecfd5782dcf0" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 9dae76e9a3..7c5d5f25d1 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" SRCREV_machine:qemux86-64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" SRCREV_machine:qemumips64 ?= "cbf59cfe385657b0ee385264be2fcf785f6f1959" SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_meta ?= "25ae36cd00a816ba8aab368a443cab1c166e3c2f" +SRCREV_meta ?= "399295102a9b0db007323d12f561ecfd5782dcf0" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same From patchwork Fri Jan 19 21:14:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38082 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2A59C47DDE for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) by mx.groups.io with SMTP id smtpd.web11.5985.1705698868850935069 for ; Fri, 19 Jan 2024 13:14:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XQQuew2k; spf=pass (domain: gmail.com, ip: 209.85.160.173, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-429fc7a1eacso10554151cf.2 for ; Fri, 19 Jan 2024 13:14:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698868; x=1706303668; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iZSoorzBu0LauDTvS7VWHc8L/VpKE8V4LtxBKbbasCI=; b=XQQuew2kAl22Agcq/AjtG8Q6i2h8lSZOOXJDUHGq6Vs2FOsjIm6c1317ydryJSgscz lBl1WZQzrJm14DBEBxmAWzq1L/VJ1fihTIf53HlTnfR3+usaf5/D4dHzFdAvz72rahT1 +mXFaTh3YUNbKi4Df4VkC71x2gn1PAtBFksTUdGZjiu643LT9Bw7KbhOKPLTBAbs0na1 1MxX5aYF4lxwAupzCCvv/mGLmWeeqE/62WoANaonQYXKizY7FatcCSpf8DSY9rHXad5S O33Otyjk5DZxCLwq3L+WW8tpzORXl7reRqsAQXi+uyE2GifdMwXFa9gIepemdcv2MDzh vg1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698868; x=1706303668; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iZSoorzBu0LauDTvS7VWHc8L/VpKE8V4LtxBKbbasCI=; b=hf+/izwuLbk0M+DHxkSxv9aGNCOc/22hu/4kFWr1+bAoXvh4PcvI1XHz+uSNNGrg8/ h5Y0AhStfcFPSVB3x/yEvorVjsiFm8UXW3UvDAkVqPsoc5m5RrkGulJoJgm+jV2UF1UK pwFYsjnPzJNkSSLmBWYvr06cbtitntDQ7z9sI3AP6wAToaUyMfZo8Xb5CvbkRP43sI0l QAaPsA1vhq99bFKti5vedixr9NPIJ+BZjP07iPt56NBl2ooMA6ncmMQAflwbBFRzVsHu Qh22lVwupP2/elMGVO35OyegDWt/378Eh4fnuO0yAD02j5N1nPSyrCcNcv2LCBBcfG8m kY5A== X-Gm-Message-State: AOJu0YwKVGR588FnVbYbhy1UV62nxTzeJRJeCrhGssDoT23YbFWyI790 HCASGBj0nbbkwOYhho8IhniGEbUcO/zvAksKYzGzUNi86ivA4YaFJ14quJibmfQ= X-Google-Smtp-Source: AGHT+IHfCELLzjrur5vpl7XPk9xd7stq7suhTi26AdQrzh3wsWHhlgZcny1sOfVnt9xTCrKZCT6v0w== X-Received: by 2002:a05:6214:d8e:b0:681:78cf:1ed5 with SMTP id e14-20020a0562140d8e00b0068178cf1ed5mr569798qve.50.1705698867881; Fri, 19 Jan 2024 13:14:27 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:27 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 06/11] linux-yocto/6.6: security/cfg: add configs to harden protection Date: Fri, 19 Jan 2024 16:14:14 -0500 Message-Id: <7806857399611e78c1705b34b7fcf3bec68ae405.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194072 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 1/1 [ Author: Xiangyu Chen Email: xiangyu.chen@windriver.com Subject: feature/security: add configs to harden protection Date: Tue, 16 Jan 2024 18:22:31 +0800 Add some configs to harden protection: CONFIG_HW_RANDOM_TPM=y Exposing the TPM's Random Number Generator as a hwrng device. CONFIG_DEBUG_WX=y Warn on W+X mappings at boot. CONFIG_SECURITY_DMESG_RESTRICT=y Restrict unprivileged access to the kernel syslog. CONFIG_LDISC_AUTOLOAD=n Disable automatically load TTY Line Disciplines. Signed-off-by: Xiangyu Chen Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 324494f122..308beb9bc1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -15,7 +15,7 @@ python () { } SRCREV_machine ?= "3e67e7e050ae8af74f9158dc71f952539f1516e5" -SRCREV_meta ?= "399295102a9b0db007323d12f561ecfd5782dcf0" +SRCREV_meta ?= "268af5402032d35347f7d949673250b9bcc3a389" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index b839bac95d..f32e58f418 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -18,7 +18,7 @@ KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_meta ?= "399295102a9b0db007323d12f561ecfd5782dcf0" +SRCREV_meta ?= "268af5402032d35347f7d949673250b9bcc3a389" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 7c5d5f25d1..0d16fac054 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" SRCREV_machine:qemux86-64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" SRCREV_machine:qemumips64 ?= "cbf59cfe385657b0ee385264be2fcf785f6f1959" SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_meta ?= "399295102a9b0db007323d12f561ecfd5782dcf0" +SRCREV_meta ?= "268af5402032d35347f7d949673250b9bcc3a389" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same From patchwork Fri Jan 19 21:14:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38081 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 758CFC47E49 for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) by mx.groups.io with SMTP id smtpd.web11.5986.1705698869899161975 for ; Fri, 19 Jan 2024 13:14:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nmuKKkdg; spf=pass (domain: gmail.com, ip: 209.85.219.174, mailfrom: bruce.ashfield@gmail.com) Received: by mail-yb1-f174.google.com with SMTP id 3f1490d57ef6-dc2308fe275so1145647276.1 for ; Fri, 19 Jan 2024 13:14:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698869; x=1706303669; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=J2R02UepQ+XCiGnutFSW2R6GlACuGb1pZL6xvOphVpw=; b=nmuKKkdgYz3FLifHar6mDJsLk4Uh4wbRIP/np5j82iIHCr+O0oBpG8icgm5tmYcETG 9KXxwLtGl4KcODp890PjDkPZ0vhwF2W72IvBngvGOZtlByVinxIg6mCTQcmogdpI/x1Y RVc94DVvMYBzvfotp/riMu0wuxgeRrObEcPMCMqC82U/LLeWk03cHRASTq5N0YT+c2br r4SVzBAlVSn4aKYes2dnE1jkEeyVuFqhw8GXCyfwXjMLoNETWJunPZlv/h85Hnmpi3t6 FAX4a010MtkE5YHswPtk1G/pBD2Bn9ErAJBAdoCn9+VLL6PqK/+Ko0xHBgItHVcigAQJ 1yPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698869; x=1706303669; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J2R02UepQ+XCiGnutFSW2R6GlACuGb1pZL6xvOphVpw=; b=fwsakApmtStSLXoPkVD5tQmrCNAEWfHsk/MOYyu7NN8+dYZtVvHK7Ln0OUkFhQQGqj q2Sj5C6DpJEA4QJgs/5+wuI4vLw2NyKslA7L/2LmtiU/44Pg9jwc6iWMZPBYPCfRwLUl tgvtuy5CQoE8AEm+m6y6ows4CCu+nlwzLXrURnp88UhO1YENb3tscUZOxEo/9vvHNMEV v0GzyHExT3QX+eRD0XKFtOIIw6hl4r1yjTcvKppWEB0VInSKZEFr4F9uBoOPXRQ2RFi2 HPElOxlskgKRxiiLdQ70K1GFkBZALdXQ7BbFGMeyWkSNtTr8KaHD5y/j6kggcGiAH6q9 apuw== X-Gm-Message-State: AOJu0Yw6TeZv2yXyRLJU2Krm6raHLZ6+tpH19uJfQeQN6TYHVeIHUthX SfeVkHsK7sbtEcjw36HHqtCjErn5px82UbT3OmWXJNfdvBy3GmdPujEXK99jTTM= X-Google-Smtp-Source: AGHT+IEXX7rT/sdRsnIGUFpYLJck5A1lUCLn+fwlOkj8xjiZz9iPhhz1hiJJ6rTlsWnoCltblIn96g== X-Received: by 2002:a25:bf91:0:b0:dc2:2f9c:bfa1 with SMTP id l17-20020a25bf91000000b00dc22f9cbfa1mr509853ybk.8.1705698868979; Fri, 19 Jan 2024 13:14:28 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:28 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 07/11] linux-yocto/6.1: security/cfg: add configs to harden protection Date: Fri, 19 Jan 2024 16:14:15 -0500 Message-Id: <309df25db3eb44693830d364ea9f10e4563c2ec2.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194073 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 1/1 [ Author: Xiangyu Chen Email: xiangyu.chen@windriver.com Subject: feature/security: add configs to harden protection Date: Tue, 16 Jan 2024 18:22:31 +0800 Add some configs to harden protection: CONFIG_HW_RANDOM_TPM=y Exposing the TPM's Random Number Generator as a hwrng device. CONFIG_DEBUG_WX=y Warn on W+X mappings at boot. CONFIG_SECURITY_DMESG_RESTRICT=y Restrict unprivileged access to the kernel syslog. CONFIG_LDISC_AUTOLOAD=n Disable automatically load TTY Line Disciplines. Signed-off-by: Xiangyu Chen Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield --- meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_6.1.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 2d471e3ee3..857197b211 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -15,7 +15,7 @@ python () { } SRCREV_machine ?= "6d67557b912380b57b6081da7ac106e9c003f4d1" -SRCREV_meta ?= "dd140f6b950d56c837dc464af8f2a2a53af24fbf" +SRCREV_meta ?= "74fa91143e9076e0d1d5ff0cca93987b3330bf27" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index 3314e7b2f1..55f78404b1 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -18,7 +18,7 @@ KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_meta ?= "dd140f6b950d56c837dc464af8f2a2a53af24fbf" +SRCREV_meta ?= "74fa91143e9076e0d1d5ff0cca93987b3330bf27" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb index fd018db6ed..a75efe66de 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" SRCREV_machine:qemux86-64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" SRCREV_machine:qemumips64 ?= "3407157586b654c9932356124429ee9dc9f56f18" SRCREV_machine ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_meta ?= "dd140f6b950d56c837dc464af8f2a2a53af24fbf" +SRCREV_meta ?= "74fa91143e9076e0d1d5ff0cca93987b3330bf27" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same From patchwork Fri Jan 19 21:14:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38080 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 684FCC47DDB for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) by mx.groups.io with SMTP id smtpd.web10.6082.1705698871191259133 for ; Fri, 19 Jan 2024 13:14:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jZ5ndWoB; spf=pass (domain: gmail.com, ip: 209.85.219.50, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6818f3cf006so5418356d6.2 for ; Fri, 19 Jan 2024 13:14:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698870; x=1706303670; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lklcJTVt5f+HyFHmLxMjg05HCbwISGGs6NTUhzHZfYY=; b=jZ5ndWoBf41gN1VJtctbe3bvDMpJ20aKR4RZ7qVLLO8lHIP+59IGBni6qHAA095C1g SkzqjLJNZ9A8Z/Rz+tD5AU963Np5pBde7o9xJbHrm/jLST8wEKGP3vtKK8ApATF0AXnF GTuPJh5smSd5gPu8Os9cFQZlEee18LSQer3XGt5vO3ostL0Htn40Urf+YZhzmOCiQyWN mu3x2/uEJD7CYwR0SH5Ud8cWr05HLBGi9pMR6uMjzuV/0HAhJGD5VLSpJOkyG0+d/wsy 3fXLxnjf1FHI7yhmlh9T3z2rtjojIEx37UiFZR3CHkEtOVk/OF2/YmDpkzjke7lA/1gp vk3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698870; x=1706303670; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lklcJTVt5f+HyFHmLxMjg05HCbwISGGs6NTUhzHZfYY=; b=IWsdjCyhBLeg5raovpXCjVOi1x9+8xBeNamDcuXgHwuRx+2XnKJEkevUxErHpy6DUn wfY9eR01JKtPuSafFRzGrzioGZv9pyDcFHBYfhrl1O7wad/90c0V1qUaXy9HexzVvF5S WUtJ6YYY4VF/ybycJ3Oq3R1KE73Z0e8um+3eGmbUXr5Ddtuaf8CAwor9lStfc2DUlASX mJRhKfb5kFrDdTlRJcO6H9LAbQFrR30yDsfVpZtI23RnNHVf+2mh6J898cuVwk1p8sag xf0WU2aaTEUvI/2n/vetuuy3ZPmA3xK/3X+usk0/U9DDj1i9blTpcC56BOKOibbUn9kf 3sUw== X-Gm-Message-State: AOJu0Yz/PaNckOFIumNgdEj0pqvihaOwjUbrqx0b0k61d+CPvCOSoXNx nVWsh2GbJAxFNETYOj2QpzCXM38VYzJIm2dGNbcjeQXKudwPaDzcHauTVeyi/6k= X-Google-Smtp-Source: AGHT+IEkPzeGavrdpTmZjipNUaA7Jl8jt4isx3mrhxZlfT1qDd0uKrWcFGk5cUqO/8osTT2NHG3VKg== X-Received: by 2002:a05:6214:dc5:b0:681:87dc:c80a with SMTP id 5-20020a0562140dc500b0068187dcc80amr560836qvt.118.1705698870130; Fri, 19 Jan 2024 13:14:30 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:29 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 08/11] linux-yocto/6.6: update to v6.6.12 Date: Fri, 19 Jan 2024 16:14:16 -0500 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194074 From: Bruce Ashfield Updating linux-yocto/6.6 to the latest korg -stable release that comprises the following commits: 47345b4264bc Linux 6.6.12 edbc56139579 nfsd: drop the nfsd_put helper Signed-off-by: Bruce Ashfield --- .../linux/linux-yocto-rt_6.6.bb | 6 ++-- .../linux/linux-yocto-tiny_6.6.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb index 308beb9bc1..d30389124b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "3e67e7e050ae8af74f9158dc71f952539f1516e5" -SRCREV_meta ?= "268af5402032d35347f7d949673250b9bcc3a389" +SRCREV_machine ?= "59ee8cb752a7e280cfe2d480964aa5b6c74e4203" +SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.6.11" +LINUX_VERSION ?= "6.6.12" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb index f32e58f418..628a7cbd82 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.6.inc -LINUX_VERSION ?= "6.6.11" +LINUX_VERSION ?= "6.6.12" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_meta ?= "268af5402032d35347f7d949673250b9bcc3a389" +SRCREV_machine ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb index 0d16fac054..ab72df5c61 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base" KBRANCH:qemuloongarch64 ?= "v6.6/standard/base" KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "53699f09df655724152c7c82ce94ebbe8a0a4fd4" -SRCREV_machine:qemuarm64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemuloongarch64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemumips ?= "cc1dc06263a8d1c9d78dadc4045fbd47469b791c" -SRCREV_machine:qemuppc ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemuriscv64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemuriscv32 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemux86 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemux86-64 ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_machine:qemumips64 ?= "cbf59cfe385657b0ee385264be2fcf785f6f1959" -SRCREV_machine ?= "1c28ec6773065e82643c9ec1cb7dd2bd8ab1f929" -SRCREV_meta ?= "268af5402032d35347f7d949673250b9bcc3a389" +SRCREV_machine:qemuarm ?= "f50c6da5bec6481c9fd5618176c768d4ff7afcdd" +SRCREV_machine:qemuarm64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemuloongarch64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemumips ?= "0175e713ae72f9b4ed10d1702ab9386d294fe96c" +SRCREV_machine:qemuppc ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemuriscv64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemuriscv32 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemux86 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemux86-64 ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_machine:qemumips64 ?= "d41c8b84fcfcb4c2dd8eb856172cdc2b6a1bd342" +SRCREV_machine ?= "195b2994f955071be3dd16ff61127dbc6b2e0069" +SRCREV_meta ?= "48f7c852bd375b9340c68897ccd87ad89ead5f38" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "22852eaf43ec64b7dc0aa72687b22237b65a88f9" +SRCREV_machine:class-devupstream ?= "47345b4264bc394a8d16bb16e8e7744965fa3934" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.6/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.6.11" +LINUX_VERSION ?= "6.6.12" PV = "${LINUX_VERSION}+git" From patchwork Fri Jan 19 21:14:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38077 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6852CC47DDF for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) by mx.groups.io with SMTP id smtpd.web11.5987.1705698872347170246 for ; Fri, 19 Jan 2024 13:14:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WZhGyD35; spf=pass (domain: gmail.com, ip: 209.85.128.177, mailfrom: bruce.ashfield@gmail.com) Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-5e89ba9810aso10680377b3.2 for ; Fri, 19 Jan 2024 13:14:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698871; x=1706303671; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nLxN/xbvEYt6tw0W4xvhwKYUh4nAbcq3EL2DuhrUCzU=; b=WZhGyD35hx7VmBKHJKxgrzhvGHsywdWhfCdi+RAZJdC55XB+AvUm2YDs/1np1eD6zS PTAy4onjgBYaVzL6NBBYRHkpTDQDSD9xtKO2ynWP8k9A966HMKVs46cK9p/5RsWYkrxz erBbZ8wpq3DNcjuemlUNi3LH4ujr6OpciflEMMBLlmX5Vrkg1IO6j1IKEvTZ+Ax8GnyF fpcLenGoKyDs+jN7Zjl5BleuntOgCO2JzRg572e7bOEGnZH5vcR1wxMgkE9DWWmbMtlh hxXzY+jf9pMFDdhclQybA8JQ9XtpiCNz1Wv7xkSijiHo6h5bPyplRwc/duV9P+z2QknT VVcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698871; x=1706303671; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nLxN/xbvEYt6tw0W4xvhwKYUh4nAbcq3EL2DuhrUCzU=; b=a5hEynpsavgsvhKxTXUl1YPZvkdQewsQk9KXzd8B/k1dI8HLOK3EDjpqWt2DVqT7A8 Zoz2GIzyHD+Dg9MlhUmpJUL0l09kuf0CIiA55eeg01D2PCsuwsYI4Xx3K9hkVNNftSq9 5SdcnDOsGnAewVr9ULppGAmpB1Y5qteoagd5d67DAqNIWlWs3yBGs1U6uQdZr2yQ4KLK sdxOHbjz8Z+B+ccgI1W7id+YppV75aekhqr0767iHISkvFu+X6JBpGm3SxgMgVo4mRZS 5vdVOus2f9xKwGQYKtV10v0qtmeBIYeLu9LiOqul+mzRFA9nNhPNGUfGYdP5qPBglwHN yVaA== X-Gm-Message-State: AOJu0Yxmfq9q0F8+4tvw5umniNy/COBxj58YIx6josDkiUM2botA6Zrd FFuEIOGL4XKRU6m2GbJT6yS0WiPfyZ2cUEaxhlCHfnqOGSJcJzlM7nETYQeWi0Q= X-Google-Smtp-Source: AGHT+IGS7syvAPmULHxe901NjTzmjz8dYh/LP6HUQc7EYE6mbNcYGy9RCPfYskejzQ+6MtorKyIFrQ== X-Received: by 2002:a25:8e12:0:b0:dc2:2816:a693 with SMTP id p18-20020a258e12000000b00dc22816a693mr503927ybl.110.1705698871411; Fri, 19 Jan 2024 13:14:31 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:30 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 09/11] linux-yocto/6.6: update CVE exclusions Date: Fri, 19 Jan 2024 16:14:17 -0500 Message-Id: <15028acbd9c71b6a5146f4041194a144a52a0328.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194075 From: Bruce Ashfield Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 15Jan24 Date: Mon, 15 Jan 2024 12:48:45 -0500 ] Signed-off-by: Bruce Ashfield --- .../linux/cve-exclusion_6.6.inc | 30 +++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index 2b74d3585d..3a4451b6f8 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-11 15:23:15.711210+00:00 for version 6.6.11 +# Generated at 2024-01-18 21:07:26.764606+00:00 for version 6.6.12 python check_kernel_cve_status_version() { - this_version = "6.6.11" + this_version = "6.6.12" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4584,6 +4584,8 @@ CVE_STATUS[CVE-2022-48425] = "fixed-version: Fixed from version 6.4rc1" CVE_STATUS[CVE-2022-48502] = "fixed-version: Fixed from version 6.2rc1" +CVE_STATUS[CVE-2022-48619] = "fixed-version: Fixed from version 5.18rc1" + CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1" CVE_STATUS[CVE-2023-0045] = "fixed-version: Fixed from version 6.2rc3" @@ -4666,6 +4668,8 @@ CVE_STATUS[CVE-2023-1382] = "fixed-version: Fixed from version 6.1rc7" CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4" +# CVE-2023-1476 has no known resolution + CVE_STATUS[CVE-2023-1513] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4" @@ -5114,7 +5118,7 @@ CVE_STATUS[CVE-2023-5090] = "fixed-version: Fixed from version 6.6rc7" CVE_STATUS[CVE-2023-5158] = "fixed-version: Fixed from version 6.6rc5" -# CVE-2023-51779 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-51779] = "cpe-stable-backport: Backported in 6.6.9" CVE_STATUS[CVE-2023-5178] = "fixed-version: Fixed from version 6.6rc7" @@ -5136,6 +5140,8 @@ CVE_STATUS[CVE-2023-5972] = "fixed-version: Fixed from version 6.6rc7" CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5" +CVE_STATUS[CVE-2023-6040] = "fixed-version: Fixed from version 5.18rc1" + CVE_STATUS[CVE-2023-6111] = "cpe-stable-backport: Backported in 6.6.3" CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.6.4" @@ -5144,8 +5150,12 @@ CVE_STATUS[CVE-2023-6176] = "fixed-version: Fixed from version 6.6rc2" # CVE-2023-6238 has no known resolution +# CVE-2023-6270 has no known resolution + # CVE-2023-6356 has no known resolution +CVE_STATUS[CVE-2023-6531] = "cpe-stable-backport: Backported in 6.6.7" + # CVE-2023-6535 has no known resolution # CVE-2023-6536 has no known resolution @@ -5154,13 +5164,13 @@ CVE_STATUS[CVE-2023-6546] = "fixed-version: Fixed from version 6.5rc7" CVE_STATUS[CVE-2023-6560] = "cpe-stable-backport: Backported in 6.6.5" -# CVE-2023-6606 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-6606] = "cpe-stable-backport: Backported in 6.6.9" # CVE-2023-6610 needs backporting (fixed from 6.7rc7) CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.6.7" -# CVE-2023-6679 needs backporting (fixed from 6.7rc6) +CVE_STATUS[CVE-2023-6679] = "fixed-version: only affects 6.7rc1 onwards" CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.6.7" @@ -5170,3 +5180,13 @@ CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.6.5" # CVE-2023-7042 has no known resolution +CVE_STATUS[CVE-2023-7192] = "fixed-version: Fixed from version 6.3rc1" + +CVE_STATUS[CVE-2024-0193] = "cpe-stable-backport: Backported in 6.6.10" + +CVE_STATUS[CVE-2024-0340] = "fixed-version: Fixed from version 6.4rc6" + +CVE_STATUS[CVE-2024-0443] = "fixed-version: Fixed from version 6.4rc7" + +# Skipping dd=CVE-2023-1476, no affected_versions + From patchwork Fri Jan 19 21:14:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38078 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A846C47DD9 for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com [209.85.219.43]) by mx.groups.io with SMTP id smtpd.web11.5988.1705698873959393391 for ; Fri, 19 Jan 2024 13:14:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LdSfDaU9; spf=pass (domain: gmail.com, ip: 209.85.219.43, mailfrom: bruce.ashfield@gmail.com) Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-6818aa08a33so8916936d6.0 for ; Fri, 19 Jan 2024 13:14:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698873; x=1706303673; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vjDXpTlTtiQeKjZxnghHHrEVUcdZPAyeQjCMFLa0GvY=; b=LdSfDaU9k4++hbiHVW3dt+l4Vn4J/nXkrc8hG9lIYsjXQ0CkwBqgX7z3roKAl7ZQlN UgSsMyH9FFBSB27Cw23czr6v+gHCZLYjg7ueidQiTWkiGZFJ88xZ1sr6LZ4x8tE/+RfV 7uri3S1tC5G2P/Fee+IPxyoA0HBJJzXENLE4rHWI9SNCBST2XdrrauOvIgOJ/l/JJWRm sA5UXxy/VqCNzDos14MC18BHpoMYE/yxFbESsNbJbKy1flfnnp8vlFIjheokwOo8xuR2 MsQ7Ct/H3JlRsgprWIvziYoZ6jd7Lhw4VVv+Qs7XGDT80tnznkshE804I++yGK3i1Fup U02Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698873; x=1706303673; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vjDXpTlTtiQeKjZxnghHHrEVUcdZPAyeQjCMFLa0GvY=; b=CfbwwUh1knHQOznfQzsroPhmp16mXQNAlFHJIi2ruIZM66DvAzo5Q+imqo/6v+9akg 8pn+tZv4XZTafzhXoZNJzOad0zYbwI/uA2FIgRP1iI8RKNBYGao/B75DeXMN/MsdqUg7 rl+IlUSXOmNmMG9ztfx3Dt29K9aOdHTv1E1WUvuxJqxxcSm/B6tGAKWo0dDf4L0Yuexx U83k+9JLVjWtNdgLS0aDY/5dl/1vUaL4m23xk/JYbdeCT86w3DgGq05CGDEm4juAzv81 y+CoNJ3J3ZAuznzUf2Crw8pA6yialfPIZzIg8fE1tsxoFk7RUrVgUcE3mX1LRCP/gnIx N74w== X-Gm-Message-State: AOJu0Yx7Uk4H4xifG5DKZdJgOC+enp4oE0IkQaFJkEmSuGQibG19qaiE zbRdxyYB9r3pkhhBnSPWVlLdHQCV0tcJMENArcZtUGMaZnU0WfddWBacwckS4C8= X-Google-Smtp-Source: AGHT+IGSULtGNfRGTflqzYLa2FhHO0793g07CRGp1UF+nAjlSBylxle2v1pkt7V74GSHmHQCap5RsA== X-Received: by 2002:a05:6214:2582:b0:682:c9b9:7164 with SMTP id fq2-20020a056214258200b00682c9b97164mr790487qvb.35.1705698872889; Fri, 19 Jan 2024 13:14:32 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:32 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 10/11] linux-yocto/6.1: update to v6.1.73 Date: Fri, 19 Jan 2024 16:14:18 -0500 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194076 From: Bruce Ashfield Updating linux-yocto/6.1 to the latest korg -stable release that comprises the following commits: fec3b1451d5f Linux 6.1.73 f9ee31dc7fcd cifs: fix flushing folio regression for 6.1 backport 0f22c8a6efe6 ipv6: remove max_size check inline with ipv4 b2c545c39877 Revert "nfsd: separate nfsd_last_thread() from nfsd_put()" db5f2f4db8b7 Revert "nfsd: call nfsd_last_thread() before final nfsd_put()" Signed-off-by: Bruce Ashfield --- .../linux/linux-yocto-rt_6.1.bb | 6 ++-- .../linux/linux-yocto-tiny_6.1.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.1.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 857197b211..06c07b70c8 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "6d67557b912380b57b6081da7ac106e9c003f4d1" -SRCREV_meta ?= "74fa91143e9076e0d1d5ff0cca93987b3330bf27" +SRCREV_machine ?= "6fd0860ac9846438f226257ab515bcd612fdc379" +SRCREV_meta ?= "40dede8a165ea5894f172fede6baa0dd94d23fec" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.72" +LINUX_VERSION ?= "6.1.73" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index 55f78404b1..e391074f8b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.72" +LINUX_VERSION ?= "6.1.73" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_meta ?= "74fa91143e9076e0d1d5ff0cca93987b3330bf27" +SRCREV_machine ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_meta ?= "40dede8a165ea5894f172fede6baa0dd94d23fec" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb index a75efe66de..f520954646 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "4b6d6ef48b0d11dfdcdc9ae25e1c83be9396a116" -SRCREV_machine:qemuarm64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemuloongarch64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemumips ?= "8a0e36da16bca1553532936c198c43362be35a82" -SRCREV_machine:qemuppc ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemuriscv64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemuriscv32 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemux86 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemux86-64 ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_machine:qemumips64 ?= "3407157586b654c9932356124429ee9dc9f56f18" -SRCREV_machine ?= "d08880e7ec70e70249f80b8305da8e90bd47c606" -SRCREV_meta ?= "74fa91143e9076e0d1d5ff0cca93987b3330bf27" +SRCREV_machine:qemuarm ?= "45e6b64447b888e94af6fa8529cf976bf8116624" +SRCREV_machine:qemuarm64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemuloongarch64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemumips ?= "90ea25826ce7ef511d0d93ae33c3888f3b583bf3" +SRCREV_machine:qemuppc ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemuriscv64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemuriscv32 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemux86 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemux86-64 ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_machine:qemumips64 ?= "59248cf67c17a987f898d9d0c81292cb5fcda858" +SRCREV_machine ?= "6c78fd37122b29c40bd8bb6f43aaa1ba7d6fb53a" +SRCREV_meta ?= "40dede8a165ea5894f172fede6baa0dd94d23fec" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "7c58bfa711cb556ef1edc48e7dfa6d84e5fb8912" +SRCREV_machine:class-devupstream ?= "fec3b1451d5febbc9e04250f879c10f8952e6bed" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -45,7 +45,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.72" +LINUX_VERSION ?= "6.1.73" PV = "${LINUX_VERSION}+git" From patchwork Fri Jan 19 21:14:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Ashfield X-Patchwork-Id: 38075 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C7D5C4725D for ; Fri, 19 Jan 2024 21:14:36 +0000 (UTC) Received: from mail-oo1-f44.google.com (mail-oo1-f44.google.com [209.85.161.44]) by mx.groups.io with SMTP id smtpd.web10.6085.1705698874852339689 for ; Fri, 19 Jan 2024 13:14:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NySWkjmF; spf=pass (domain: gmail.com, ip: 209.85.161.44, mailfrom: bruce.ashfield@gmail.com) Received: by mail-oo1-f44.google.com with SMTP id 006d021491bc7-5988e55ede0so575006eaf.2 for ; Fri, 19 Jan 2024 13:14:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705698874; x=1706303674; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+fssa4lRJslytQrgOecXVwjZKhrT10p7DLTgf/0QJ4I=; b=NySWkjmFNtXZNlvy8ViO1bIL6dOCKR0ecEEqi1lxncZPKf2fVHtKMMqgnEjIunNE5o 2Y/de7zJisKlZeuT2pk6pTnoDfKtktBbyiraPBtHgxmp6AzveTVR6dhjR++6Te5KYxt9 hbo5hG7AmZHwYQQ6bTstZRulHDPLeT5yzEz55jp22r+KB7xLyyeqEK/dDYyxCTrAxqOS V7psiSbGHQzGAa1AVtJ+McobmErdAN+tXWC/ogTQ57CXbmi8b+4b4XVw9ekUrhsaxMnI nrv3yNEYLXlBAH8bASpRK22DNOGiPJto6M18DXc59Xi6y3e70oWVgu3ZgQcOBPppq3Xc TUSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705698874; x=1706303674; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+fssa4lRJslytQrgOecXVwjZKhrT10p7DLTgf/0QJ4I=; b=bKAQ/nxOF2Tf5nPaXLoMA6wM4yBMqPuEOt9zaIKdQXWJgLKrdNvqUdDrYl7RviW28E UNpSLibr4F0Tw365yJJf30lB2v+cv96wjQYDHt0D8EUarGwj+QJOz3w7fWl1ljff9Pdg 3VGnbMldb+0J/YAeM63GS7dKt152DBp5Ms3OM6l5SXO/hS7Kr7fTW7N8MWvSGZNp6nlZ PJrAZBacngFtbmrI5DJsflZQj3Lm1lXETSn/peIjyAwFJK17xQexYPHPxiCajebbEZB3 rzvgh+Uvh3cV/ezkTCMc75iRfUI/INL+o68oB59RI4tXDYN69OuBlWoMY9+Rmq0EpVVK MzBA== X-Gm-Message-State: AOJu0Yys5pVdMsFBwbF12zYNGVHKpuifc6PYXHREsloxSKb63x7SvNAF 9La0GXw3iy791JxPdL/x78oWkumUxZbzRgDxgQy0C3PzxS2B2m1A X-Google-Smtp-Source: AGHT+IGYt2Srn/IFbiMNLyCd5rHbZ7F9NS9V/B4eODcnKoCipTMraedm7H/Bin7ZGc6sUvOZ1VJbzg== X-Received: by 2002:a05:6358:5e15:b0:176:1472:429a with SMTP id q21-20020a0563585e1500b001761472429amr375252rwn.64.1705698873912; Fri, 19 Jan 2024 13:14:33 -0800 (PST) Received: from bruce-XPS-8940.. ([174.112.183.231]) by smtp.gmail.com with ESMTPSA id mk13-20020a056214580d00b0068178f50102sm33552qvb.25.2024.01.19.13.14.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jan 2024 13:14:33 -0800 (PST) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 11/11] linux-yocto/6.1: update CVE exclusions Date: Fri, 19 Jan 2024 16:14:19 -0500 Message-Id: <3fb37bf22503d9fd70f5213a940e220dc873250a.1705698717.git.bruce.ashfield@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Jan 2024 21:14:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/194077 From: Bruce Ashfield Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 15Jan24 Date: Mon, 15 Jan 2024 12:48:45 -0500 ] Signed-off-by: Bruce Ashfield --- .../linux/cve-exclusion_6.1.inc | 34 +++++++++++++++---- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 9e0c5bc49e..04fd2c021d 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-01-11 18:31:26.124059+00:00 for version 6.1.72 +# Generated at 2024-01-18 21:10:06.148505+00:00 for version 6.1.73 python check_kernel_cve_status_version() { - this_version = "6.1.72" + this_version = "6.1.73" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4584,6 +4584,8 @@ CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in 6.1.33" CVE_STATUS[CVE-2022-48502] = "cpe-stable-backport: Backported in 6.1.40" +CVE_STATUS[CVE-2022-48619] = "fixed-version: Fixed from version 5.18rc1" + CVE_STATUS[CVE-2023-0030] = "fixed-version: Fixed from version 5.0rc1" CVE_STATUS[CVE-2023-0045] = "cpe-stable-backport: Backported in 6.1.5" @@ -4644,7 +4646,7 @@ CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in 6.1.16" CVE_STATUS[CVE-2023-1192] = "cpe-stable-backport: Backported in 6.1.33" -# CVE-2023-1193 needs backporting (fixed from 6.3rc6) +CVE_STATUS[CVE-2023-1193] = "cpe-stable-backport: Backported in 6.1.71" CVE_STATUS[CVE-2023-1194] = "cpe-stable-backport: Backported in 6.1.34" @@ -4666,6 +4668,8 @@ CVE_STATUS[CVE-2023-1382] = "fixed-version: Fixed from version 6.1rc7" CVE_STATUS[CVE-2023-1390] = "fixed-version: Fixed from version 5.11rc4" +# CVE-2023-1476 has no known resolution + CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in 6.1.13" CVE_STATUS[CVE-2023-1582] = "fixed-version: Fixed from version 5.17rc4" @@ -5088,7 +5092,7 @@ CVE_STATUS[CVE-2023-45871] = "cpe-stable-backport: Backported in 6.1.53" CVE_STATUS[CVE-2023-45898] = "fixed-version: only affects 6.5rc1 onwards" -# CVE-2023-4610 needs backporting (fixed from 6.4) +CVE_STATUS[CVE-2023-4610] = "fixed-version: only affects 6.4rc1 onwards" CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards" @@ -5114,7 +5118,7 @@ CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" -# CVE-2023-51779 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-51779] = "cpe-stable-backport: Backported in 6.1.70" CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60" @@ -5136,6 +5140,8 @@ CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards" # CVE-2023-6039 needs backporting (fixed from 6.5rc5) +CVE_STATUS[CVE-2023-6040] = "fixed-version: Fixed from version 5.18rc1" + CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65" @@ -5144,8 +5150,12 @@ CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" # CVE-2023-6238 has no known resolution +# CVE-2023-6270 has no known resolution + # CVE-2023-6356 has no known resolution +CVE_STATUS[CVE-2023-6531] = "cpe-stable-backport: Backported in 6.1.68" + # CVE-2023-6535 has no known resolution # CVE-2023-6536 has no known resolution @@ -5154,13 +5164,13 @@ CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47" # CVE-2023-6560 needs backporting (fixed from 6.7rc4) -# CVE-2023-6606 needs backporting (fixed from 6.7rc7) +CVE_STATUS[CVE-2023-6606] = "cpe-stable-backport: Backported in 6.1.70" # CVE-2023-6610 needs backporting (fixed from 6.7rc7) CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68" -# CVE-2023-6679 needs backporting (fixed from 6.7rc6) +CVE_STATUS[CVE-2023-6679] = "fixed-version: only affects 6.7rc1 onwards" CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68" @@ -5170,3 +5180,13 @@ CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66" # CVE-2023-7042 has no known resolution +CVE_STATUS[CVE-2023-7192] = "cpe-stable-backport: Backported in 6.1.18" + +CVE_STATUS[CVE-2024-0193] = "fixed-version: only affects 6.5rc6 onwards" + +# CVE-2024-0340 needs backporting (fixed from 6.4rc6) + +CVE_STATUS[CVE-2024-0443] = "fixed-version: only affects 6.2rc1 onwards" + +# Skipping dd=CVE-2023-1476, no affected_versions +