From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/19] Patch review
Date: Mon, 29 Jun 2026 16:19:45 +0200 [thread overview]
Message-ID: <cover.1782742373.git.yoann.congal@smile.fr> (raw)
Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, July 1.
Some patches are aimed at progressing toward Ubuntu 26.04 support:
* gawk: use native gawk when building glibc and grub
* grub/glibc: Bump versions to resolve hashequiv/reproducibility issues
* gawk: trim native build configuration
* gawk-native: fix gcc-15/C23 compilation issues
Improving the NVD CVE data fetching:
* cve-update-nvd2-native: allow setting resultsPerPage
NOTE: This patch does not exist in more recent branches
(cve-update-nvd2-native was drop in favor of git based fetching)
Move away from /git/ in URLs for oe/yp.org servers:
* oeqa: Drop /git/ from our urls
* recipetool: Recognise https://git. as git urls
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4103
The following changes since commit 737293bead3e7b994347e47f09bc69437479d50c:
linux-yocto/6.6: address ltp hang (2026-06-23 20:33:35 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-review
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-review
for you to fetch changes up to 54ce24005721f5c82d42242524eaed93c8cbeafa:
recipetool: Recognise https://git. as git urls (2026-06-29 11:31:24 +0200)
----------------------------------------------------------------
Alexander Kanavin (1):
gawk: use native gawk when building glibc and grub
Amaury Couderc (1):
python3: fix CVE-2026-4224
Anil Dongare (1):
libusb1: fix CVE-2026-23679 and CVE-2026-47104
Awais B (1):
cve-update-nvd2-native: allow setting resultsPerPage
Harish Sadineni (1):
binutils: Fix for CVE-2025-69648 and CVE-2025-69646
Hitendra Prajapati (2):
libsoup: fix for CVE-2025-11021
libsoup: fix for CVE-2026-2369
Richard Purdie (3):
grub/glibc: Bump versions to resolve hashequiv/reproducibility issues
oeqa: Drop /git/ from our urls
recipetool: Recognise https://git. as git urls
Ross Burton (1):
gawk: trim native build configuration
Sudhir Dumbhare (1):
nfs-utils: fix CVE-2025-12801
Theo Gaige (Schneider Electric) (1):
go: patch CVE-2026-27145
Vijay Anusuri (5):
xwayland: Fix CVE-2026-33999
xwayland: Fix CVE-2026-34000
xwayland: Fix CVE-2026-34001
xwayland: Fix CVE-2026-34002
xwayland: Fix CVE-2026-34003
Yoann Congal (1):
gawk-native: fix gcc-15/C23 compilation issues
.../recipes-test/gitrepotest/gitrepotest.bb | 2 +-
.../gitunpackoffline/gitunpackoffline.inc | 4 +-
.../lib/oeqa/manual/toaster-managed-mode.json | 6 +-
meta/lib/oeqa/sdkext/cases/devtool.py | 4 +-
meta/lib/oeqa/selftest/cases/devtool.py | 4 +-
meta/lib/oeqa/selftest/cases/recipetool.py | 2 +-
meta/recipes-bsp/grub/grub2.inc | 6 +-
.../nfs-utils/CVE-2025-12801-build-fix.patch | 44 ++
.../CVE-2025-12801-dependent_p1.patch | 450 +++++++++++++++++
.../CVE-2025-12801-dependent_p2.patch | 81 +++
.../CVE-2025-12801-dependent_p3.patch | 181 +++++++
.../CVE-2025-12801-dependent_p4.patch | 468 ++++++++++++++++++
.../nfs-utils/nfs-utils/CVE-2025-12801.patch | 254 ++++++++++
.../nfs-utils/nfs-utils_2.6.4.bb | 6 +
meta/recipes-core/glibc/glibc.inc | 6 +-
.../meta/cve-update-nvd2-native.bb | 13 +
.../binutils/binutils-2.42.inc | 2 +-
...ch => CVE-2025-69646_CVE-2025-69648.patch} | 2 +-
meta/recipes-devtools/go/go-1.22.12.inc | 1 +
.../go/go/CVE-2026-27145.patch | 96 ++++
.../python/python3/CVE-2026-4224.patch | 121 +++++
.../python/python3_3.12.13.bb | 1 +
.../0001-Fix-some-C23-compilatio-issues.patch | 35 ++
meta/recipes-extended/gawk/gawk_5.3.0.bb | 15 +-
.../xwayland/xwayland/CVE-2026-33999.patch | 49 ++
.../xwayland/xwayland/CVE-2026-34000.patch | 72 +++
.../xwayland/xwayland/CVE-2026-34001.patch | 104 ++++
.../xwayland/xwayland/CVE-2026-34002.patch | 93 ++++
.../xwayland/xwayland/CVE-2026-34003-1.patch | 113 +++++
.../xwayland/xwayland/CVE-2026-34003-2.patch | 223 +++++++++
.../xwayland/xwayland_23.2.5.bb | 6 +
.../libsoup-3.4.4/CVE-2025-11021.patch | 57 +++
.../libsoup/libsoup-3.4.4/CVE-2026-2369.patch | 32 ++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 2 +
...-2026-23679_CVE-2026-47104-dependent.patch | 46 ++
.../CVE-2026-23679_CVE-2026-47104.patch | 88 ++++
meta/recipes-support/libusb/libusb1_1.0.27.bb | 2 +
scripts/lib/recipetool/create.py | 2 +-
38 files changed, 2676 insertions(+), 17 deletions(-)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-build-fix.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p4.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
rename meta/recipes-devtools/binutils/binutils/{CVE-2025-69648.patch => CVE-2025-69646_CVE-2025-69648.patch} (99%)
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27145.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4224.patch
create mode 100644 meta/recipes-extended/gawk/gawk/0001-Fix-some-C23-compilatio-issues.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-33999.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34000.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34001.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34002.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34003-1.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34003-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-11021.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2026-2369.patch
create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104-dependent.patch
create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch
next reply other threads:[~2026-06-29 14:20 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-29 14:19 Yoann Congal [this message]
2026-06-29 14:19 ` [OE-core][scarthgap 01/19] gawk: use native gawk when building glibc and grub Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 02/19] grub/glibc: Bump versions to resolve hashequiv/reproducibility issues Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 03/19] gawk: trim native build configuration Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 04/19] gawk-native: fix gcc-15/C23 compilation issues Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 05/19] libsoup: fix for CVE-2025-11021 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 06/19] libsoup: fix for CVE-2026-2369 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 07/19] go: patch CVE-2026-27145 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 08/19] binutils: Fix for CVE-2025-69648 and CVE-2025-69646 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 09/19] xwayland: Fix CVE-2026-33999 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 10/19] xwayland: Fix CVE-2026-34000 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 11/19] xwayland: Fix CVE-2026-34001 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 12/19] xwayland: Fix CVE-2026-34002 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 13/19] xwayland: Fix CVE-2026-34003 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 14/19] libusb1: fix CVE-2026-23679 and CVE-2026-47104 Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 15/19] nfs-utils: fix CVE-2025-12801 Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 16/19] cve-update-nvd2-native: allow setting resultsPerPage Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 17/19] python3: fix CVE-2026-4224 Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 18/19] oeqa: Drop /git/ from our urls Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 19/19] recipetool: Recognise https://git. as git urls Yoann Congal
-- strict thread matches above, loose matches on Subject: below --
2025-11-11 14:58 [OE-core][scarthgap 00/19] Patch review Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1782742373.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.