[OE-core][scarthgap 00/11] Patch review

[Steve Sakoman <steve@sakoman.com>]

Please review this set of changes for scarthgap and have comments back by
end of day Friday, August 1

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2114

The following changes since commit c374e6cfcdd2c8ba17d82ffcfdeb97d21144e2bf:

  mtools: upgrade 4.0.48 -> 4.0.49 (2025-07-25 06:13:34 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.11

Fabio Berton (1):
  linux-libc-headers: Fix invalid conversion in cn_proc.h

Peter Marko (9):
  gnutls: patch CVE-2025-32989
  gnutls: patch read buffer overrun in the "pre_shared_key" extension
  gnutls: patch reject zero-length version in certificate request
  gnutls: patch CVE-2025-32988
  gnutls: patch CVE-2025-32990
  gnutls: patch CVE-2025-6395
  ncurses: patch CVE-2025-6141
  libxml2: patch CVE-2025-6170
  glibc: fix CVE-2025-8058

 meta/recipes-core/glibc/glibc-version.inc     |    2 +-
 meta/recipes-core/glibc/glibc_2.39.bb         |    2 +-
 .../libxml/libxml2/CVE-2025-6170.patch        |  103 +
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |    1 +
 .../ncurses/files/CVE-2025-6141.patch         |   25 +
 meta/recipes-core/ncurses/ncurses_6.4.bb      |    1 +
 ...-Fix-invalid-conversion-in-cn_proc.h.patch |   40 +
 .../linux-libc-headers_6.6.bb                 |    1 +
 ...fer-overrun-in-the-pre_shared_key-ex.patch |   34 +
 ...-length-version-in-certificate-reque.patch |   37 +
 .../04939b75417cc95b7372c6f208c4bda4579bdc34  |  Bin 0 -> 1782 bytes
 .../3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2  |  Bin 0 -> 830 bytes
 .../5477db1bb507a35e8833c758ce344f4b5b246d8e  |  Bin 0 -> 111 bytes
 .../gnutls/gnutls/CVE-2025-32988.patch        |   58 +
 .../gnutls/gnutls/CVE-2025-32989.patch        |   50 +
 .../gnutls/gnutls/CVE-2025-32990.patch        | 2109 +++++++++++++++++
 .../gnutls/gnutls/CVE-2025-6395.patch         |  299 +++
 meta/recipes-support/gnutls/gnutls_3.8.4.bb   |   15 +
 scripts/install-buildtools                    |    4 +-
 19 files changed, 2777 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-6170.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-6141.patch
 create mode 100644 meta/recipes-kernel/linux-libc-headers/linux-libc-headers/0001-connector-Fix-invalid-conversion-in-cn_proc.h.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/04939b75417cc95b7372c6f208c4bda4579bdc34
 create mode 100644 meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2
 create mode 100644 meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-32988.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-32989.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-32990.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-6395.patch

-- 
2.43.0