The processing time for parsing some invalid inputs scales non-linearly with
respect to the size of the input. This affects programs which parse untrusted PEM inputs.
(From OE-Core rev: 228e4aa70743b92eaf1abd5526827b34b33f3419)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The Parse function permits values other than IPv6 addresses to be included
in square brackets within the host component of a URL. RFC 3986 permits
IPv6 addresses to be included within the host component, enclosed within
square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames
must not appear within square brackets. Parse did not enforce this requirement.
(From OE-Core rev: c5fc59eb87d0f92ba8596b7848d16d59773582a0)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When Conn.Handshake fails during ALPN negotiation the error contains attacker
controlled information (the ALPN protocols sent by the client) which is not escaped.
(From OE-Core rev: e734cf62f24640d116c901dd97e09ddbb1f0cc4f)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Validating certificate chains which contain DSA public keys can cause
programs to panic, due to a interface cast that assumes they implement
the Equal method. This affects programs which validate arbitrary certificate chains.
(From OE-Core rev: b532fa208d0b102326642a2fba8b17661a14307e)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Due to the design of the name constraint checking algorithm, the processing
time of some inputs scals non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
(From OE-Core rev: ce1626d1f1e232bc6da81e89088d0c0f5f3c52b4)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Parsing a maliciously crafted DER payload could allocate large amounts of memory,
causing memory exhaustion.
(From OE-Core rev: f27acc863ee34b56e2c49dc96ad2b58fb35e2d46)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Per [1] this CVE applies only when wolfssl backed is used.
8.17.0 removed WolfSSL support completely.
[1] https://curl.se/docs/CVE-2025-10966.html
(From OE-Core rev: 3de9b86c295c88005d4df53e5137bb09ea104ed0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When recreating the uri in wget's checkstatus method, we only use the
scheme, host and path. This completely strips the query parameters from
the final URI and potentially breaks the checking functionality for
URLs that require query parameters (such as the AZ fetcher with SAS
token).
This bug was resolved on master in
`096301250455e2a83bdd818a56317c62436c9981`.
This patch is adapted to the scarthgap branch.
CC: Steve Sakoman <steve@sakoman.com>
(Bitbake rev: 8dcf084522b9c66a6639b5f117f554fde9b6b45a)
Signed-off-by: Philippe-Alexandre Mathieu <pamathieu@poum.ca>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is the following warning when executing to bitbake linux-yocto:
bitbake/lib/bb/fetch2/__init__.py:464: DeprecationWarning: 'count' is passed as positional argument
This is because the 4th parameter of re.sub(pattern, repl, string, count=0, flags=0)
is a keyword parameter. We use keyword arguments for parameters that are not positional.
(Bitbake rev: c2a54aceab4c75cea6f8be16fe6d0caed12b32c4)
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
kernel commit bfb713ea53c7 ("perf tools: Fix arm64 build by generating unistd_64.h")
introduces a new dependency on source files for arm64, specifically
include/uapi/asm-generic.
Build fails with:
[..]/perf/1.0/perf-1.0/scripts/Makefile.asm-headers:33: [...]/perf/1.0/perf-1.0/include/uapi/asm-generic/Kbuild: No such file or directory
make[4]: *** No rule to make target '[...]/perf/1.0/perf-1.0/include/uapi/asm-generic/Kbuild'. Stop.
Add the directory to PERF_SRC.
Fix whitespace error while at it.
(From OE-Core rev: 06d4981313ce67a8d53b1c14be9845b4b5a9f4cf)
Signed-off-by: Yannic Moog <y.moog@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Passing params as numbers to hwclock is broken in util-linux 2.39.3 due
to wrong pointer handling. So backport the fix from upstream included
since util-linux 2.41.
(From OE-Core rev: 3d8f88906f5560286462eaf55226b872e2805df7)
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
An error occurred in backport commit
649147913e89cd8f7390cb17cd0be94c9710ffa6. The test file
is empty and has no functionality at all.
(From OE-Core rev: 0539a7869c4a3e28b3e7d0ab93fe07bfb9462d13)
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick commit per NVD CVE report.
Note that there were two patches for this, first [1] and then [2].
The second patch moved the original patch to different location.
Cherry-pick of second patch is successful leaving out the code removing
the code from first location, so the patch attached here is not
identical to the upstream commit but is identical to applying both and
merging them to a single patch.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1108620d7a521f1c85d2f629031ce0fbae14e331
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0
(From OE-Core rev: 98df728e6136d04af0f4922b7ffbeffb704de395)
(From OE-Core rev: b220cccdab44bc707d2c934a3ea81d20b67d14b0)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick patches as listed in NVD CVE report.
Note that Debian lists one of the patches as introducing the
vulnerability. This is against what the original report [1] says.
Also the commit messages provide hints that the first patch fixes this
issue and second is fixing problem with the first patch.
[1] https://jvn.jp/en/jp/JVN19358384/
(From OE-Core rev: a157719ab349d9393d5a640bb2e45fc2489d5338)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Added by commit e478550c8cd8 ("openssl/fontconfig/bzip2: Use relative
symlinks instead of absolute ones (using a new class)") in OE-Core.
(From yocto-docs rev: a8687e4bb2e822670b6ad110613a12fa02943d3d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit c0dc554eba7d421023ecc68a70b7a19df38628b0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Mention the use of USE_NLS, INHIBIT_DEFAULT_DEPS and the cross-canadian
class.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: b16f19e8004d571e7a6eadfa34983781ba6a7634)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d877e54f1c85cefc00dd674d60f2db81446bd95a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Part of bitbake.conf, this variable allowing to enable or disable
translation was undocumented. Add a entry to the glossary.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 675b776390c8079deb8f1912dac44b574688a9c7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 92a55345a56b5038c0344669daaa7a3a99dd0fc0)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Can be used in recipes that want to explicitly skip Ccache support when
the ccache class is enabled.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: e4fb6cd20955046a397b63bfe57f6cb4020b9cbb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b1b4adc8d4d9d23ff6fd91bca632bb0f5277e72b)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- drop references to obsolete tar packaging format
- add references to apt and dpkg utilities for .deb packaging
- add reference to alternative "dnf" .rpm packaging
(From yocto-docs rev: d1331418317576b569ea2b046adf46ec7af8a15a)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit d4374ac86ebe7980908ed905018ccfb773ac666e)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This variable does not apply to the scope of a single recipe, but rather
to the scope of the entire layer.
(From yocto-docs rev: a86f2e5d291b86dbf56aefab08f4d3b0e5529801)
Signed-off-by: João Marcos Costa <joaomarcos.costa@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit eec26e11adb6e3a9c4f53f825b9a1730c9ddee12)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current autobuilder cluster is at valkyrie.yocto.io, published files
on autobuilder.yocto.io will be missing or out-of-date.
(From yocto-docs rev: b3b95e590248025d59a7cef311bb0abf207e72fb)
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 9ed06c070e309b52f1dbf8877867dcede79f4cb6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Extend the documentation of the uninative class based on [1].
[1]: https://lore.kernel.org/r/061e6150ce177221f7b6ee8754b03a20347a92c3.camel@linuxfoundation.org
Co-developed-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From yocto-docs rev: 0193bfa7966f301e46253e25eaa0482aeb21d9d4)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 68996f0f3bf882714e8d96a0aa7b2492fe16d0c3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is for the tool which is removed in v4.6.0 via [1] and
re-introduced again in v4.7.0 via [2].
[1] eab89a627f
[2] 9ab54a8580
(From OE-Core rev: 1ff4b39374a5b328069a928e7234c3397769dc6f)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE: CVE-2025-8225
It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.
* dwarf.c (process_debug_info): Don't test num_debug_info_entries
to determine whether debug_information has been allocated,
test alloc_num_debug_info_entries.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]
(From OE-Core rev: 7feed679262025b8405488d064e2c546a3ed7a0c)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE: CVE-2025-11081
Trying to dump .sframe in a PE file results in a segfault accessing
elf_section_data.
* objdump (dump_sframe_section, dump_dwarf_section): Don't access
elf_section_type without first checking the file is ELF.
PR 33406 SEGV in dump_dwarf_section
[https://sourceware.org/bugzilla/show_bug.cgi?id=33406]
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b]
(From OE-Core rev: 6ed800208a56d69faf4a1b3458caa8d412f01b89)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Prevent attackers to cause a denial of service (application crash) or
possibly have unspecified other impact when the application processes
untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in
lib/lz4frame.c mishandles NULL checks.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-62813
Upstream patch:
f64efec011
(From OE-Core rev: 0a63e3e120cc6958e2963a3ad510ec7c03f1adae)
Signed-off-by: David Nyström <david.nystrom@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In native/nativesdk builds, sysconfdir refers to a recipe sysroot
directory, which will disappear once the workdir is cleaned up, breaking
libcurl's HTTPS connections.
By simply not setting --with-ca-bundle at all in non-target builds, curl
defaults to the host system's CA certificates, which is desirable anyways
to allow builds in environments that require local CA certificates.
(From OE-Core rev: 4909a46e93ba774c960c3d3c277e2a669af3fea6)
(From OE-Core rev: 0f98fecda8a0436f760e6fd9f3b7eb510e5258b8)
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When building an image including iptable built with the libnftnl
PACKAGECONFIG, one hits
Downloading file:.../oe-rootfs-repo/armv8a/libkmod2 * check_data_file_clashes: Package iptables wants to install file .../rootfs/etc/ethertypes
But that file is already provided by package * netbase
This used to be handled by
0003-Makefile.am-do-not-install-etc-ethertypes.patch, but that patch
got removed with the 1.8.9->1.8.10 upgrade (commit 4616ada82e70).
I think the rationale for dropping the patch was wrong; the commit log
talks about xtables.conf, which is indeed gone from upstream, but said
patch didn't change anything about xtables.conf, it did
-dist_conf_DATA = etc/ethertypes etc/xtables.conf
+dist_conf_DATA = etc/xtables.conf
However, instead of patching iptables to not install ethertypes, and
having to forward-port that patch, it is much simpler to just remove
the file in this do_install:append.
(From OE-Core rev: a970b6c927fb4c04473484f6e4b0a9853c8a5896)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is a bug in GStreamer 1.22 that prevents video playback when
some of the v4l2codecs are paired with sinks that do not support
GstVideoMeta. This is the case of the Qt 6.9 sink used by some
of the Qt components.
For example, when the v4l2codecs-vp8dec decoder is paired with
QMediaPlayer, video playback fails to start with the following error:
WARN videodecoder gstvideodecoder.c:4409:gst_video_decoder_negotiate_pool: Subclass failed to decide allocation
ERROR videodecoder gstvideodecoder.c:4635:gst_video_decoder_allocate_output_buffer: Failed to allocate the buffer..
WARN videodecoder gstvideodecoder.c:4409:gst_video_decoder_negotiate_pool: Subclass failed to decide allocation
WARN matroskademux matroska-demux.c:6131:gst_matroska_demux_loop: error: Internal data stream error.
WARN matroskademux matroska-demux.c:6131:gst_matroska_demux_loop: error: streaming stopped, reason not-negotiated (-4)
This problem is already fixed in GStreamer 1.24, so backport the fix.
This fixes the buffer allocation failure for H.264, H.265, and VP8.
CC: Steve Sakoman <steve@sakoman.com>
CC: Anuj Mittal <anuj.mittal@intel.com>
(From OE-Core rev: 1be0de000bb852f1acc9644c1cb702336d7fdd61)
Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability, which was classified as problematic, has been found in GNU elfutils
0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the
component eu-strip. The manipulation leads to denial of service. The attack needs to
be approached locally. The exploit has been disclosed to the public and may be used.
The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is
recommended to apply a patch to fix this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-1377
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba
(From OE-Core rev: ae89d0c2ca49c40429f787577d280b5886f42cc1)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability classified as problematic was found in GNU elfutils 0.192. This
vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c
of the component eu-strip. The manipulation leads to denial of service. It is
possible to launch the attack on the local host. The complexity of an attack is
rather high. The exploitation appears to be difficult. The exploit has been
disclosed to the public and may be used. The name of the patch is
b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to
fix this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-1376
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918
(From OE-Core rev: 06e3cd0891f553b0ed036d9247dfa7c5ed814d78)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pick patch from PR mentioning this CVE [1]
It's a complex patch so I have checked diff of 2.6.4 and commit before
these patches landed. There were no changes in memory allocations.
Also version in scarthgap is still not that much different from current
upstream master.
Ptests pass.
Also picked one documentation commit (-00) to resolve patch conflict.
Following conflicts were resolved manually:
* commit "mass-cppcheck.sh: Activate in-code suppression comments" was
skipped as it only edited github actions not yet available in 2.6.4
* commit "lib: Implement tracking of dynamic memory allocations"
ale had conflict in github actions not yet available in 2.6.4
* commit "fuzz: Be robust towards NULL return from XML_ExternalEntityParserCreate"
edited file "expat/fuzz/xml_lpm_fuzzer.cpp" which is not present in
our version yet. Since we're not using fuzzying, this is not needed.
* the final changelog commit needed lot conflict resolution actions
Finally picked PR fixing regression [2] together with two minor commits
to have a clean cherry-picks.
Also here the Changes commit needed conflict resolution.
[1] https://github.com/libexpat/libexpat/pull/1034
[2] https://github.com/libexpat/libexpat/pull/1048
(From OE-Core rev: 684d3cdbc08ce41dc1f92e1f228eee34bc2bc1fe)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2025-6018 is a local privilege escalation in PAM that requires
`user_readenv=1` to be enabled in the PAM configuration. The default
configuration does not enable reading user environment files (user_readenv
is 0 by default). Hence this vulnerability cannot be exploited using the
default configuration.
(From OE-Core rev: 3f2a9ad03326dc87681cf47ed5f73712ebaa624c)
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The filename is outdated as its version was already bumped and there are
also different files for different feed choices.
Use glob to match any available file.
(From yocto-docs rev: 6cd7492bf83232744390f34e496367e94b63e701)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If SLIRP is being used instead of TAP for networking to the guest then
the target IP will be localhost. There's no point in pinging localhost
to see if the target is up but whilst you'd think it is harmless, in
some containers ping doesn't actually have enough rights to work:
ping: socktype: SOCK_RAW
ping: socket: Operation not permitted
ping: => missing cap_net_raw+p capability or setuid?
Look at the target address and if it's localhost or 127.0.0.* return
immediately.
(Backport from OE-Core rev: a06ef43d2a50e16c32bd6edbdc7b32c3528687d5)
(From OE-Core rev: 649147913e89cd8f7390cb17cd0be94c9710ffa6)
Signed-off-by: Michael Haener <michael.haener@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is a bug libicu that causes libicu to be installed incorrectly when
the build system uses long paths (more than 512 chars).
This condition is not very difficult to trigger on a OE build system
due to the long paths an the deep of the directories that are usually
generated by default.
Also the bug is very subtle and won't be detected by the QA post-install
processes because what this bug causes is that a different version of
libicudata.so.X.Y (one without data) is installed instead of the one
containing the data, but there won't be any file missed on the installation
(just that it installed the wrong one).
See: https://unicode-org.atlassian.net/browse/ICU-22813
This patch backports the fix from upstream/main
(From OE-Core rev: 67d1352873957decacde30ff208fb7bb635b0c5d)
(From OE-Core rev: 0860992436092f7651e22e2b894f0d0a365a9bb0)
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Benjamin Hahn <B.Hahn@phytec.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Drop upstreamed patch and refresh remaining patches.
Release information:
* https://www.python.org/downloads/release/python-31212/
* The release you're looking at is Python 3.12.12, a security bugfix
release for the legacy 3.12 series.
Handles CVE-2025-59375.
(From OE-Core rev: f1234b8451ba843b5f9ec1d2066c21f54d6bc3b8)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
655054d2c3c1 Linux 6.6.111
3d3abf3f7e8b KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
284e67a93b8c net/9p: fix double req put in p9_fd_cancelled
ab172f4f4262 crypto: rng - Ensure set_ent is always present
f5f235be7612 riscv: mm: Do not restrict mmap address based on hint
1602c9b4578a riscv: mm: Use hint address in mmap if available
e242e52fdfe4 driver core/PM: Set power.no_callbacks along with power.no_pm
e857421992ce staging: axis-fifo: flush RX FIFO on read errors
a3c71d6c8332 staging: axis-fifo: fix TX handling on copy_from_user() failure
6d953e9d3981 staging: axis-fifo: fix maximum TX packet length check
bfeea103cad9 serial: stm32: allow selecting console when the driver is module
cb7630e714d6 hid: fix I2C read buffer overflow in raw_event() for mcp2221
dc4874366cf6 ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
647410a7da46 ALSA: usb-audio: Kill timer properly at removal
97e87f367c91 platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list
bf28f5db40d5 can: rcar_canfd: Fix controller mode setting
e93af787187e can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
03510f5fce33 btrfs: ref-verify: handle damaged extent root tree
bcccd0220751 ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
081f14b9a3eb perf subcmd: avoid crash in exclude_cmds when excludes is empty
6d59f7467f83 platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list
4b91d0c5781a dm-integrity: limit MAX_TAG_SIZE to 255
7f7187118bb5 ASoC: amd: acp: Adjust pdm gain value
8281c2a63bbc wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
96dc17ae64b1 USB: serial: option: add SIMCom 8230C compositions
228d06c4cbfc media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
71ed8b81a490 media: tuner: xc5000: Fix use-after-free in xc5000_release
f82dc869220d media: tunner: xc5000: Refactor firmware load
250b6e009ff9 KVM: arm64: Fix softirq masking in FPSIMD register saving sequence
(From OE-Core rev: 2a947cb13d0d46747f14aa6a1aa39a486459ee8a)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:
f34f16e5c6323 Linux 6.6.109
eb53056323f13 drm/i915/backlight: Return immediately when scale() finds invalid parameters
4529bb0b6be3d minmax.h: remove some #defines that are only expanded once
1a899044a0f5a minmax.h: simplify the variants of clamp()
9955044f552b5 minmax.h: move all the clamp() definitions after the min/max() ones
26c3d697becf3 minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
511e7d2e4d51f minmax.h: reduce the #define expansion of min(), max() and clamp()
85d619594313e minmax.h: update some comments
6012f69bf7495 minmax.h: add whitespace around operators and after commas
46648b94e6ebb minmax: fix up min3() and max3() too
f0be4c5dc213d minmax: improve macro expansion and type checking
7194a302345da minmax: don't use max() in situations that want a C constant expression
bb63c996c2db0 minmax: simplify min()/max()/clamp() implementation
6183c6579356a minmax: make generic MIN() and MAX() macros available everywhere
c0c83f4cd074b i40e: add validation for ring_len param
6e4251690710d i40e: increase max descriptors for XL710
7ea47a560a7a3 drm/ast: Use msleep instead of mdelay for edid read
ed6fa21f68973 gpiolib: Extend software-node support to support secondary software-nodes
457d2c5e112fd loop: Avoid updating block size under exclusive owner
78f579cb7d825 mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
e7a85efb873fa mm: migrate_device: use more folio in migrate_device_finalize()
684a9a995748c ARM: bcm: Select ARM_GIC_V3 for ARCH_BRCMSTB
53888cd32a3f6 s390/cpum_cf: Fix uninitialized warning after backport of ce971233242b
09e3bda3a7ba2 fbcon: Fix OOB access in font allocation
adac90bb1aaf4 fbcon: fix integer overflow in fbcon_do_set_font
c9c2a51f91aea mm/hugetlb: fix folio is still mapped when deleted
df1fa034c0fc2 kmsan: fix out-of-bounds access to shadow memory
cab278cead49a afs: Fix potential null pointer dereference in afs_put_server
58d304a89178d ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address
3887f3814c0e7 tracing: dynevent: Add a missing lockdown check on dynevent
8703940bd30b5 crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
b769490521cf9 i40e: improve VF MAC filters accounting
b247cdd04750e i40e: add mask to apply valid bits for itr_idx
edecce7abd715 i40e: add max boundary check for VF filters
e748f1ee493f8 i40e: fix validation of VF state in get resources
3883e9702b6a4 i40e: fix input validation logic for action_meta
2cc26dac0518d i40e: fix idx validation in config queues msg
50a1e2f50f6c2 i40e: fix idx validation in i40e_validate_queue_map
3cefd898b7aa1 HID: asus: add support for missing PX series fn keys
ba7bcfd52c66d smb: client: fix wrong index reference in smb2_compound_op()
348736955ed6c futex: Prevent use-after-free during requeue-PI
6ffa6b5bc861a drm/gma500: Fix null dereference in hdmi teardown
df2c071061ed5 octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
7b209698e648b net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port
816d30afbad52 net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
a7a2b29c1ee44 net: dsa: lantiq_gswip: do also enable or disable cpu port
be0bd592298f8 selftests: fib_nexthops: Fix creation of non-FDB nexthops
24046d31f6f92 nexthop: Forbid FDB status change while nexthop is in a group
31ae2fbc9fcb9 net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS
98a76bd96f382 bnxt_en: correct offset handling for IPv6 destination address
82a1463c968b1 vhost: Take a reference on the task in struct vhost_task.
bcce99f613163 Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
6a0070c5c3ad3 Bluetooth: hci_sync: Fix hci_resume_advertising_sync
c957284701353 ethernet: rvu-af: Remove slash from the driver name
17edec1830e48 can: peak_usb: fix shift-out-of-bounds issue
3664ae91b26d1 can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
2e423e1990f39 can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
be1b25005fd0f can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
cbc1de71766f3 can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
0baf92d0b1590 xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
f64abeebf763c bpf: Reject bpf_timer for PREEMPT_RT
865eec09b6e44 can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
210b91bfe355b wifi: virt_wifi: Fix page fault on connect
c5be7edd42602 smb: server: don't use delayed_work for post_recv_credits_work
6017196aabf1d cpufreq: Initialize cpufreq-based invariance before subsys
35bb271de241d ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients
ebe7a2e46d189 arm64: dts: imx8mp: Correct thermal sensor index
1744aff07b833 mm: folio_may_be_lru_cached() unless folio_test_large()
d37ec803b2813 mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
768c44cc8b638 mm/gup: check ref_count instead of lru before migration
dc58ab1eb90c9 mm: add folio_expected_ref_count() for reference count calculation
4ed203f79821c mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked"
df2580fbcedea IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
943754ad81131 ALSA: usb-audio: Add mute TLV for playback volumes on more devices
0aac2fa4d0c75 ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
ea6016c9ec61d ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
b61b90b07416f i2c: designware: Add quirk for Intel Xe
41ea28a2de255 mmc: sdhci-cadence: add Mobileye eyeQ support
306697a775fbc usb: core: Add 0x prefix to quirks debug output
dc77154e83048 ALSA: usb-audio: Fix build with CONFIG_INPUT=n
a3961b1f7f79e ALSA: usb-audio: Convert comma to semicolon
d04d301614630 ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
8fa69bd18148e ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
9db2614986bd0 ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
e8c605fece5b9 ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
bafc648b82c3b ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
08a96e22bd37f ALSA: usb-audio: Fix block comments in mixer_quirks
18f9e77de5272 firewire: core: fix overlooked update of subsystem ABI version
ca3e48e96816c scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE
(From OE-Core rev: 5234d795417f97cfce7bcd891e7bdeabc6f36e9e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
