From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/15] Patch review
Date: Tue, 10 Jun 2025 12:38:06 -0700 [thread overview]
Message-ID: <cover.1749584149.git.steve@sakoman.com> (raw)
Please review this set of hcanges for kirkstone and have comments back by
end of day Thursday, June 12
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1770
The following changes since commit 415e73d53e5342f3f6ff6acd521ded2df3fbca1f:
nfs-utils: don't use signals to shut down nfs server. (2025-05-29 08:22:59 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
ghostscript: fix CVE-2025-48708
ffmpeg: upgrade 5.0.1 -> 5.0.3
ffmpeg: fix CVE-2025-22919
ffmpeg: fix CVE-2025-22921
Deepesh Varatharajan (1):
binutils: Fix CVE-2025-5244 & CVE-2025-5245
Divya Chellam (2):
screen: fix CVE-2025-46802
screen: fix CVE-2025-46804
Harish Sadineni (1):
binutils: add CVE-2025-1182 patch file to SRC_URI
Hitendra Prajapati (1):
icu: fix CVE-2025-5222
Jiaying Song (1):
taglib: fix CVE-2023-47466
Martin Jansa (1):
kernel.bbclass: add original package name to RPROVIDES for -image and
-base
Peter Marko (1):
python3: upgrade 3.10.16 -> 3.10.18
Vijay Anusuri (3):
libsoup-2.4: Backport auth tests for CVE-2025-32910
python3-setuptools: Fix CVE-2025-47273
git: Fix CVE-2024-50349 and CVE-2024-52006
meta/classes/kernel.bbclass | 3 +-
.../binutils/binutils-2.38.inc | 3 +
.../binutils/0040-CVE-2025-1182.patch | 18 +-
.../binutils/0041-CVE-2025-5244.patch | 25 ++
.../binutils/0042-CVE-2025-5245.patch | 38 +++
.../git/git/CVE-2024-50349-0001.patch | 100 ++++++
.../git/git/CVE-2024-50349-0002.patch | 321 ++++++++++++++++++
.../git/git/CVE-2024-52006.patch | 165 +++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 3 +
.../CVE-2025-47273-pre1.patch | 54 +++
.../python3-setuptools/CVE-2025-47273.patch | 59 ++++
.../python/python3-setuptools_59.5.0.bb | 2 +
...ib-termcap-to-linker-flags-to-avoid-.patch | 2 +-
...hell-version-of-python-config-that-w.patch | 2 +-
...file-do-not-compile-.pyc-in-parallel.patch | 2 +-
...sts-due-to-load-variability-on-YP-AB.patch | 6 +-
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
...asename-to-replace-CC-for-checking-c.patch | 16 +-
...detect-multiarch-paths-when-cross-co.patch | 2 +-
...orlines-skip-due-to-load-variability.patch | 2 +-
...report-missing-dependencies-for-disa.patch | 2 +-
...up.py-do-not-add-a-curses-include-pa.patch | 4 +-
.../python/python3/CVE-2025-0938.patch | 131 -------
.../python3/avoid_warning_about_tkinter.patch | 2 +-
.../python/python3/makerace.patch | 2 +-
...{python3_3.10.16.bb => python3_3.10.18.bb} | 3 +-
.../ghostscript/CVE-2025-48708.patch | 46 +++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../screen/screen/CVE-2025-46802.patch | 146 ++++++++
.../screen/screen/CVE-2025-46804.patch | 131 +++++++
meta/recipes-extended/screen/screen_4.9.0.bb | 2 +
.../ffmpeg/ffmpeg/CVE-2024-36613.patch | 18 +-
.../ffmpeg/ffmpeg/CVE-2025-22919.patch | 41 +++
.../ffmpeg/ffmpeg/CVE-2025-22921.patch | 34 ++
.../{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} | 9 +-
.../icu/icu/CVE-2025-5222.patch | 164 +++++++++
meta/recipes-support/icu/icu_70.1.bb | 1 +
...ckport-auth-tests-for-CVE-2025-32910.patch | 76 +++++
.../libsoup/libsoup-2.4_2.74.2.bb | 1 +
.../taglib/files/CVE-2023-47466.patch | 38 +++
meta/recipes-support/taglib/taglib_1.12.bb | 4 +-
41 files changed, 1500 insertions(+), 181 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0041-CVE-2025-5244.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0042-CVE-2025-5245.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-52006.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-0938.patch
rename meta/recipes-devtools/python/{python3_3.10.16.bb => python3_3.10.18.bb} (99%)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-48708.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} (96%)
create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/Backport-auth-tests-for-CVE-2025-32910.patch
create mode 100644 meta/recipes-support/taglib/files/CVE-2023-47466.patch
--
2.43.0
next reply other threads:[~2025-06-10 19:38 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 19:38 Steve Sakoman [this message]
2025-06-10 19:38 ` [OE-core][kirkstone 01/15] ghostscript: fix CVE-2025-48708 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 02/15] icu: fix CVE-2025-5222 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 03/15] libsoup-2.4: Backport auth tests for CVE-2025-32910 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 04/15] taglib: fix CVE-2023-47466 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 05/15] ffmpeg: upgrade 5.0.1 -> 5.0.3 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 06/15] ffmpeg: fix CVE-2025-22919 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 07/15] ffmpeg: fix CVE-2025-22921 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 08/15] binutils: add CVE-2025-1182 patch file to SRC_URI Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 09/15] python3-setuptools: Fix CVE-2025-47273 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 10/15] binutils: Fix CVE-2025-5244 & CVE-2025-5245 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 11/15] screen: fix CVE-2025-46802 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 12/15] screen: fix CVE-2025-46804 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 13/15] git: Fix CVE-2024-50349 and CVE-2024-52006 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 14/15] python3: upgrade 3.10.16 -> 3.10.18 Steve Sakoman
2025-06-10 19:38 ` [OE-core][kirkstone 15/15] kernel.bbclass: add original package name to RPROVIDES for -image and -base Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-05-13 19:07 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2025-02-27 17:39 Steve Sakoman
2024-09-23 13:13 Steve Sakoman
2024-03-20 16:09 Steve Sakoman
2023-12-08 2:33 Steve Sakoman
2023-05-09 22:32 Steve Sakoman
2023-05-06 15:24 Steve Sakoman
2022-07-27 0:40 Steve Sakoman
2022-06-19 19:30 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1749584149.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.