diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 90b07f0da5..c8ae38b599 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-09-19 16:30:43.403752+00:00 for version 6.1.51 +# Generated at 2023-09-30 07:24:11.683650+00:00 for version 6.1.52 python check_kernel_cve_status_version() { - this_version = "6.1.51" + this_version = "6.1.52" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -3450,6 +3450,8 @@ CVE_STATUS[CVE-2020-36691] = "fixed-version: Fixed from version 5.8rc1" CVE_STATUS[CVE-2020-36694] = "fixed-version: Fixed from version 5.10" +CVE_STATUS[CVE-2020-36766] = "fixed-version: Fixed from version 5.9rc1" + CVE_STATUS[CVE-2020-3702] = "fixed-version: Fixed from version 5.12rc1" CVE_STATUS[CVE-2020-4788] = "fixed-version: Fixed from version 5.10rc5" @@ -4644,7 +4646,7 @@ CVE_STATUS[CVE-2023-1192] = "cpe-stable-backport: Backported in 6.1.33" # CVE-2023-1193 has no known resolution -# CVE-2023-1194 has no known resolution +CVE_STATUS[CVE-2023-1194] = "cpe-stable-backport: Backported in 6.1.34" CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed from version 6.1rc3" @@ -5034,6 +5036,12 @@ CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45" CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45" +# CVE-2023-42752 needs backporting (fixed from 6.1.53) + +# CVE-2023-42753 needs backporting (fixed from 6.1.53) + +# CVE-2023-42755 needs backporting (fixed from 6.1.55) + CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1" CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18" @@ -5054,7 +5062,11 @@ CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards" # CVE-2023-4623 needs backporting (fixed from 6.1.53) -# CVE-2023-4881 needs backporting (fixed from 6.6rc1) +# CVE-2023-4881 needs backporting (fixed from 6.1.54) -# CVE-2023-4921 needs backporting (fixed from 6.6rc1) +# CVE-2023-4921 needs backporting (fixed from 6.1.54) + +# CVE-2023-5158 has no known resolution + +# CVE-2023-5197 needs backporting (fixed from 6.6rc3) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb index 5a42da2019..05e0b69331 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "ad7c05a03b8d70ee30ecce783a861cb96ea258cf" -SRCREV_meta ?= "f845a7f37d7114230d6609e2bd630070f2f6cd9b" +SRCREV_machine ?= "7327e7ab3b5508182380405a51f2657f5bf669b4" +SRCREV_meta ?= "9e389e7f44a22bc637328f15e106f6d60631780e" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.1;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.1.51" +LINUX_VERSION ?= "6.1.52" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb index 3fd9a0e2a9..942aa48c02 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.1.inc -LINUX_VERSION ?= "6.1.51" +LINUX_VERSION ?= "6.1.52" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_meta ?= "f845a7f37d7114230d6609e2bd630070f2f6cd9b" +SRCREV_machine ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_meta ?= "9e389e7f44a22bc637328f15e106f6d60631780e" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb index 3798ae3db9..000317379f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.1/standard/base" KBRANCH:qemuloongarch64 ?= "v6.1/standard/base" KBRANCH:qemumips64 ?= "v6.1/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "8c81de99a4b9f69345873b06077f9d4e1321298e" -SRCREV_machine:qemuarm64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemuloongarch64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemumips ?= "733cb5842aeac106f5606df4da7c64a180f0c500" -SRCREV_machine:qemuppc ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemuriscv64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemuriscv32 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemux86 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemux86-64 ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_machine:qemumips64 ?= "1c11fe963667e9380725bef0650aeaea8544ea8b" -SRCREV_machine ?= "526b5bf2f74f881356bce8b44840dc86785fb7bf" -SRCREV_meta ?= "f845a7f37d7114230d6609e2bd630070f2f6cd9b" +SRCREV_machine:qemuarm ?= "3028542fe5ece9dd32c8e3b9b14b2c9f4c9cafac" +SRCREV_machine:qemuarm64 ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemuloongarch64 ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemumips ?= "33c0b5a0c1af6abb4dee11ffa5ece66ffd01d3c8" +SRCREV_machine:qemuppc ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemuriscv64 ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemuriscv32 ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemux86 ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemux86-64 ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_machine:qemumips64 ?= "ee418f38dbc9794b7976ad11fd74f5a3490c7c5e" +SRCREV_machine ?= "b3879adf00e338e66e92431a434fa2549ac88b83" +SRCREV_meta ?= "9e389e7f44a22bc637328f15e106f6d60631780e" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "c2cbfe5f51227dfe6ef7be013f0d56a32c040faa" +SRCREV_machine:class-devupstream ?= "59b13c2b647e464dd85622c89d7f16c15d681e96" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.1/base" @@ -45,7 +45,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA SRC_URI += "file://0001-perf-cpumap-Make-counter-as-unsigned-ints.patch" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.1.51" +LINUX_VERSION ?= "6.1.52" PV = "${LINUX_VERSION}+git"