From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/24] Patch review
Date: Thu, 9 Oct 2025 12:30:44 -0700 [thread overview]
Message-ID: <cover.1760038088.git.steve@sakoman.com> (raw)
Please review this set of changes for kirkstone and have comments back by
end of day Monday, October 13
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2552
The following changes since commit 2285f30e643f52511c328e4f6e1f0c042bea4110:
libhandy: update git branch name (2025-09-30 06:42:16 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.30
Archana Polampalli (2):
go: fix CVE-2025-47906
openssl: upgrade 3.0.17 -> 3.0.18
AshishKumar Mishra (2):
systemd: backport fix for handle USE_NLS from master
p11-kit: backport fix for handle USE_NLS from master
Deepesh Varatharajan (1):
glibc: stable 2.35 branch updates
Gyorgy Sarvari (1):
conf/bitbake.conf: use gnu mirror instead of main server
Peter Marko (10):
busybox: patch CVE-2025-46394
gstreamer1.0: ignore CVEs fixed in plugins
gstreamer1.0: ignore CVE-2025-2759
grub: ignore CVE-2024-2312
ghostscript: patch CVE-2025-59798
ghostscript: patch CVE-2025-59799
ghostscript: patch CVE-2025-59800
pulseaudio: ignore CVE-2024-11586
ffmpeg: ignore CVE-2023-6603
ffmpeg: mark CVE-2023-6601 as patched
Steve Sakoman (2):
selftest/cases/meta_ide.py: use use gnu mirror instead of main server
oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
Theo GAIGE (1):
libxml2: fix CVE-2025-9714
Vijay Anusuri (4):
gstreamer1.0-plugins-bad: Fix CVE-2025-3887
libxslt: Patch for CVE-2025-7424
tiff: Fix CVE-2025-8961
tiff: Fix CVE-2025-9165
meta/conf/bitbake.conf | 2 +-
meta/lib/oeqa/sdk/cases/buildcpio.py | 2 +-
meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
meta/recipes-bsp/grub/grub2.inc | 2 +
.../{openssl_3.0.17.bb => openssl_3.0.18.bb} | 2 +-
.../busybox/busybox/CVE-2025-46394-01.patch | 57 ++++++
.../busybox/busybox/CVE-2025-46394-02.patch | 32 ++++
meta/recipes-core/busybox/busybox_1.35.0.bb | 2 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../libxml/libxml2/CVE-2025-9714.patch | 117 ++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
meta/recipes-core/systemd/systemd_250.14.bb | 1 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2025-47906.patch | 171 ++++++++++++++++++
.../ghostscript/CVE-2025-59798.patch | 134 ++++++++++++++
.../ghostscript/CVE-2025-59799.patch | 41 +++++
.../ghostscript/CVE-2025-59800.patch | 36 ++++
.../ghostscript/ghostscript_9.55.0.bb | 3 +
...602-CVE-2023-6604-CVE-2023-6605-0002.patch | 2 +-
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 4 +
.../CVE-2025-3887-1.patch | 50 +++++
.../CVE-2025-3887-2.patch | 93 ++++++++++
.../gstreamer1.0-plugins-bad_1.20.7.bb | 2 +
.../gstreamer/gstreamer1.0_1.20.7.bb | 15 +-
.../libtiff/tiff/CVE-2025-8961.patch | 74 ++++++++
.../libtiff/tiff/CVE-2025-9165.patch | 32 ++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
.../pulseaudio/pulseaudio.inc | 3 +
.../libxslt/libxslt/CVE-2025-7424.patch | 105 +++++++++++
.../recipes-support/libxslt/libxslt_1.1.35.bb | 1 +
.../recipes-support/p11-kit/p11-kit_0.24.1.bb | 1 +
scripts/install-buildtools | 4 +-
32 files changed, 985 insertions(+), 11 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} (99%)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-9714.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47906.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8961.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-7424.patch
--
2.43.0
next reply other threads:[~2025-10-09 19:31 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-09 19:30 Steve Sakoman [this message]
2025-10-09 19:30 ` [OE-core][kirkstone 01/24] libxml2: fix CVE-2025-9714 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 02/24] gstreamer1.0-plugins-bad: Fix CVE-2025-3887 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 03/24] busybox: patch CVE-2025-46394 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 04/24] libxslt: Patch for CVE-2025-7424 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 05/24] tiff: Fix CVE-2025-8961 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 06/24] tiff: Fix CVE-2025-9165 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 07/24] gstreamer1.0: ignore CVEs fixed in plugins Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 08/24] gstreamer1.0: ignore CVE-2025-2759 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 09/24] grub: ignore CVE-2024-2312 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 10/24] ghostscript: patch CVE-2025-59798 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 11/24] ghostscript: patch CVE-2025-59799 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 12/24] ghostscript: patch CVE-2025-59800 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 13/24] pulseaudio: ignore CVE-2024-11586 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 14/24] ffmpeg: ignore CVE-2023-6603 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 15/24] ffmpeg: mark CVE-2023-6601 as patched Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 16/24] go: fix CVE-2025-47906 Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 17/24] scripts/install-buildtools: Update to 4.0.30 Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 18/24] openssl: upgrade 3.0.17 -> 3.0.18 Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 19/24] glibc: stable 2.35 branch updates Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 20/24] systemd: backport fix for handle USE_NLS from master Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 21/24] p11-kit: " Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 22/24] conf/bitbake.conf: use gnu mirror instead of main server Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 23/24] selftest/cases/meta_ide.py: use " Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 24/24] oeqa/sdk/cases/buildcpio.py: " Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-09-07 14:20 [OE-core][kirkstone 00/24] Patch review Steve Sakoman
2022-08-27 18:25 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1760038088.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.