All of lore.kernel.org
 help / color / mirror / Atom feed
* [OE-core][scarthgap 00/17] Pull request (cover letter only)
@ 2026-07-02  8:10 Yoann Congal
  0 siblings, 0 replies; 2+ messages in thread
From: Yoann Congal @ 2026-07-02  8:10 UTC (permalink / raw)
  To: openembedded-core; +Cc: Paul Barker

Those are the patches from the last patch review:
https://lore.kernel.org/all/cover.1782742373.git.yoann.congal@smile.fr/
Following review, 2 patches where removed from the series:
* binutils: Fix for CVE-2025-69648 and CVE-2025-69646
* cve-update-nvd2-native: allow setting resultsPerPage

Passed a-full on autobuilder (without the 2 patches):
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/4113
* oe-selftest-debian failed with 15957 – AB-INT: concurrencytest errors
  retried as https://autobuilder.yoctoproject.org/valkyrie/?#/builders/35/builds/4179

The following changes since commit 737293bead3e7b994347e47f09bc69437479d50c:

  linux-yocto/6.6: address ltp hang (2026-06-23 20:33:35 +0200)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next

for you to fetch changes up to be8b46f3a31b679b5ab532dd6e16888f868ce076:

  recipetool: Recognise https://git. as git urls (2026-06-30 18:29:25 +0200)

----------------------------------------------------------------

Alexander Kanavin (1):
  gawk: use native gawk when building glibc and grub

Amaury Couderc (1):
  python3: fix CVE-2026-4224

Anil Dongare (1):
  libusb1: fix CVE-2026-23679 and CVE-2026-47104

Hitendra Prajapati (2):
  libsoup: fix for CVE-2025-11021
  libsoup: fix for CVE-2026-2369

Richard Purdie (3):
  grub/glibc: Bump versions to resolve hashequiv/reproducibility issues
  oeqa: Drop /git/ from our urls
  recipetool: Recognise https://git. as git urls

Ross Burton (1):
  gawk: trim native build configuration

Sudhir Dumbhare (1):
  nfs-utils: fix CVE-2025-12801

Theo Gaige (Schneider Electric) (1):
  go: patch CVE-2026-27145

Vijay Anusuri (5):
  xwayland: Fix CVE-2026-33999
  xwayland: Fix CVE-2026-34000
  xwayland: Fix CVE-2026-34001
  xwayland: Fix CVE-2026-34002
  xwayland: Fix CVE-2026-34003

Yoann Congal (1):
  gawk-native: fix gcc-15/C23 compilation issues

 .../recipes-test/gitrepotest/gitrepotest.bb   |   2 +-
 .../gitunpackoffline/gitunpackoffline.inc     |   4 +-
 .../lib/oeqa/manual/toaster-managed-mode.json |   6 +-
 meta/lib/oeqa/sdkext/cases/devtool.py         |   4 +-
 meta/lib/oeqa/selftest/cases/devtool.py       |   4 +-
 meta/lib/oeqa/selftest/cases/recipetool.py    |   2 +-
 meta/recipes-bsp/grub/grub2.inc               |   6 +-
 .../nfs-utils/CVE-2025-12801-build-fix.patch  |  44 ++
 .../CVE-2025-12801-dependent_p1.patch         | 450 +++++++++++++++++
 .../CVE-2025-12801-dependent_p2.patch         |  81 +++
 .../CVE-2025-12801-dependent_p3.patch         | 181 +++++++
 .../CVE-2025-12801-dependent_p4.patch         | 468 ++++++++++++++++++
 .../nfs-utils/nfs-utils/CVE-2025-12801.patch  | 254 ++++++++++
 .../nfs-utils/nfs-utils_2.6.4.bb              |   6 +
 meta/recipes-core/glibc/glibc.inc             |   6 +-
 meta/recipes-devtools/go/go-1.22.12.inc       |   1 +
 .../go/go/CVE-2026-27145.patch                |  96 ++++
 .../python/python3/CVE-2026-4224.patch        | 121 +++++
 .../python/python3_3.12.13.bb                 |   1 +
 .../0001-Fix-some-C23-compilatio-issues.patch |  35 ++
 meta/recipes-extended/gawk/gawk_5.3.0.bb      |  15 +-
 .../xwayland/xwayland/CVE-2026-33999.patch    |  49 ++
 .../xwayland/xwayland/CVE-2026-34000.patch    |  72 +++
 .../xwayland/xwayland/CVE-2026-34001.patch    | 104 ++++
 .../xwayland/xwayland/CVE-2026-34002.patch    |  93 ++++
 .../xwayland/xwayland/CVE-2026-34003-1.patch  | 113 +++++
 .../xwayland/xwayland/CVE-2026-34003-2.patch  | 223 +++++++++
 .../xwayland/xwayland_23.2.5.bb               |   6 +
 .../libsoup-3.4.4/CVE-2025-11021.patch        |  57 +++
 .../libsoup/libsoup-3.4.4/CVE-2026-2369.patch |  32 ++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   2 +
 ...-2026-23679_CVE-2026-47104-dependent.patch |  46 ++
 .../CVE-2026-23679_CVE-2026-47104.patch       |  88 ++++
 meta/recipes-support/libusb/libusb1_1.0.27.bb |   2 +
 scripts/lib/recipetool/create.py              |   2 +-
 35 files changed, 2661 insertions(+), 15 deletions(-)
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-build-fix.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p4.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27145.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4224.patch
 create mode 100644 meta/recipes-extended/gawk/gawk/0001-Fix-some-C23-compilatio-issues.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-33999.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34000.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34003-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34003-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-11021.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2026-2369.patch
 create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104-dependent.patch
 create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch



^ permalink raw reply	[flat|nested] 2+ messages in thread
* [OE-core][scarthgap 00/17] Pull request (cover letter only)
@ 2026-06-19  8:20 Yoann Congal
  0 siblings, 0 replies; 2+ messages in thread
From: Yoann Congal @ 2026-06-19  8:20 UTC (permalink / raw)
  To: openembedded-core; +Cc: Paul Barker

Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1781682189.git.yoann.congal@smile.fr/T/#t
but I removed the kernel upgrade which created warnings[0]. I sent a fix
for it[1].

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/4033
reproducible looks broken on Ubuntu 26.04 (patches welcome!).
I retried it on a different worker:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/37/builds/4202

[0]: https://autobuilder.yoctoproject.org/valkyrie/?#/builders/60/builds/3943
[1]: https://lists.yoctoproject.org/g/linux-yocto/message/16752

The following changes since commit dd74c1388d5bfefd2adcdb6abd622297138e2eb1:

  meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-15 11:54:08 +0200)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next

for you to fetch changes up to d4950d6df0867dcd5c380d83ac4d138ec968e698:

  python_setuptools_build_meta: clean the build directory in configure (2026-06-17 01:09:26 +0200)

----------------------------------------------------------------

Benjamin Robin (Schneider Electric) (2):
  avahi: Remove a reference to the rejected CVE-2021-36217
  meta: fix generation of kernel CONFIG_ in SPDX3

Hitendra Prajapati (6):
  go 1.22.12: fix CVE-2026-27140
  go 1.22.12: fix CVE-2026-27143, CVE-2026-27144
  qemu: fix for CVE-2025-11234
  libxml-parser-perl: fix for CVE-2006-10003
  python3: fix for CVE-2026-1502
  python3: fix CVE-2026-6100

Prabhudasu Vatala (1):
  conf/machine: fix typos in ARM and x86 README files

Ross Burton (3):
  setuptools3_legacy: ensure ${B} is clean
  setuptools3: clean the build directory in configure
  python_setuptools_build_meta: clean the build directory in configure

Vijay Anusuri (5):
  xserver-xorg: Fix CVE-2026-33999
  xserver-xorg: Fix CVE-2026-34000
  xserver-xorg: Fix CVE-2026-34001
  xserver-xorg: Fix CVE-2026-34002
  xserver-xorg: Fix CVE-2026-34003

 meta/classes-recipe/kernel.bbclass            |  27 ++-
 .../python_setuptools_build_meta.bbclass      |   4 +
 meta/classes-recipe/setuptools3.bbclass       |   3 +
 .../classes-recipe/setuptools3_legacy.bbclass |   1 +
 meta/conf/machine/include/arm/README          |   6 +-
 meta/conf/machine/include/x86/README          |   4 +-
 meta/lib/oeqa/selftest/cases/spdx.py          |   2 +-
 .../avahi/files/local-ping.patch              |   1 -
 meta/recipes-devtools/go/go-1.22.12.inc       |   3 +
 .../go/go/CVE-2026-27140.patch                |  58 +++++
 .../go/go/CVE-2026-27143.patch                | 165 +++++++++++++
 .../go/go/CVE-2026-27144.patch                | 125 ++++++++++
 .../libxml-parser-perl/CVE-2006-10003.patch   |  73 ++++++
 .../perl/libxml-parser-perl_2.47.bb           |   1 +
 .../python/python3/CVE-2026-1502.patch        | 113 +++++++++
 .../python/python3/CVE-2026-6100.patch        |  75 ++++++
 .../python/python3_3.12.13.bb                 |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   2 +
 .../qemu/qemu/CVE-2025-11234-01.patch         |  72 ++++++
 .../qemu/qemu/CVE-2025-11234-02.patch         | 174 ++++++++++++++
 .../xserver-xorg/CVE-2026-33999.patch         |  49 ++++
 .../xserver-xorg/CVE-2026-34000.patch         |  72 ++++++
 .../xserver-xorg/CVE-2026-34001.patch         | 104 ++++++++
 .../xserver-xorg/CVE-2026-34002.patch         |  93 ++++++++
 .../xserver-xorg/CVE-2026-34003-1.patch       | 113 +++++++++
 .../xserver-xorg/CVE-2026-34003-2.patch       | 223 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |   6 +
 27 files changed, 1552 insertions(+), 19 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27140.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27143.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27144.patch
 create mode 100644 meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-1502.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6100.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-11234-01.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-11234-02.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-33999.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34000.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34001.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34002.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-2.patch



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-07-02  8:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  8:10 [OE-core][scarthgap 00/17] Pull request (cover letter only) Yoann Congal
  -- strict thread matches above, loose matches on Subject: below --
2026-06-19  8:20 Yoann Congal

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.