diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc index d64ab0092d..7bffaa70e1 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-09-19 16:30:35.921888+00:00 for version 6.4.14 +# Generated at 2023-09-30 07:22:32.115009+00:00 for version 6.4.15 python check_kernel_cve_status_version() { - this_version = "6.4.14" + this_version = "6.4.15" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -3450,6 +3450,8 @@ CVE_STATUS[CVE-2020-36691] = "fixed-version: Fixed from version 5.8rc1" CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10" +CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1" + CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1" CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5" @@ -4644,7 +4646,7 @@ CVE_STATUS[CVE-2023-1192] = "fixed-version: Fixed from version 6.4rc1" # CVE-2023-1193 has no known resolution -# CVE-2023-1194 has no known resolution +CVE_STATUS[CVE-2023-1194] = "fixed-version: Fixed from version 6.4rc6" CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3" @@ -5034,6 +5036,12 @@ CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.4.12" CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.4.10" +# CVE-2023-42752 needs backporting (fixed from 6.4.16) + +# CVE-2023-42753 needs backporting (fixed from 6.4.16) + +CVE_STATUS[CVE-2023-42755] = "fixed-version: Fixed from version 6.3rc1" + CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1" CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18" @@ -5058,3 +5066,7 @@ CVE_STATUS[CVE-2023-4611] = "cpe-stable-backport: Backported in 6.4.8" # CVE-2023-4921 needs backporting (fixed from 6.6rc1) +# CVE-2023-5158 has no known resolution + +# CVE-2023-5197 needs backporting (fixed from 6.6rc3) + diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb index aacbea40c0..07e852d584 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.4.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "06b99074bdc85095a2b3411dcade4a64a8e8f7c0" -SRCREV_meta ?= "f12230a4c8a427af642be8196828a23f4562bc86" +SRCREV_machine ?= "40f6eb23017e1bb31c63e980b6d11bc8e917824b" +SRCREV_meta ?= "b1e8a40393e0ac784e05a45ee90b6680e3b53263" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.4.14" +LINUX_VERSION ?= "6.4.15" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb index c3a7a16342..74b830afb4 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.4.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.4.inc -LINUX_VERSION ?= "6.4.14" +LINUX_VERSION ?= "6.4.15" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_meta ?= "f12230a4c8a427af642be8196828a23f4562bc86" +SRCREV_machine ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_meta ?= "b1e8a40393e0ac784e05a45ee90b6680e3b53263" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/meta/recipes-kernel/linux/linux-yocto_6.4.bb index e959b2a88f..d17f05eba4 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.4.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.4/standard/base" KBRANCH:qemuloongarch64 ?= "v6.4/standard/base" KBRANCH:qemumips64 ?= "v6.4/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "0194f88dc4ac51536f9bb2bf751d256bc5fe5d69" -SRCREV_machine:qemuarm64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemuloongarch64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemumips ?= "179200623f949dde2afeca75943700a2cd0684ab" -SRCREV_machine:qemuppc ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemuriscv64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemuriscv32 ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemux86 ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemux86-64 ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_machine:qemumips64 ?= "4ce1ab0a4fce437802b0f7305289b036ffb4ccae" -SRCREV_machine ?= "800df81fa2a8bacd6487a19115b3f89f34620249" -SRCREV_meta ?= "f12230a4c8a427af642be8196828a23f4562bc86" +SRCREV_machine:qemuarm ?= "47cff83414374714b911719ba588aa6e2816956b" +SRCREV_machine:qemuarm64 ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemuloongarch64 ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemumips ?= "d3a6c87612629a4c1f722b7d93e9a04aec7b22a4" +SRCREV_machine:qemuppc ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemuriscv64 ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemuriscv32 ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemux86 ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemux86-64 ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_machine:qemumips64 ?= "da59fe1c279b1be0b6b51dc503fe6500fdf84671" +SRCREV_machine ?= "3f60b22a4257993a1e389d46d1204a0f580fc99e" +SRCREV_meta ?= "b1e8a40393e0ac784e05a45ee90b6680e3b53263" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "babc8be398c3a0701e52582f93bfba946e9e5f8e" +SRCREV_machine:class-devupstream ?= "f60d5fd5e950c89a38578ae6f25877de511bb031" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.4/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.4.14" +LINUX_VERSION ?= "6.4.15" PV = "${LINUX_VERSION}+git"