From: patrick.vogelaar.dev@mailbox.org
To: yoann.congal@smile.fr,
"Yoann Congal via lists.openembedded.org"
<yoann.congal=smile.fr@lists.openembedded.org>,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][scarthgap 00/44] Patch review
Date: Wed, 25 Feb 2026 18:12:02 +0100 (CET) [thread overview]
Message-ID: <362912505.617728.1772039522960@app.mailbox.org> (raw)
In-Reply-To: <1977023397.617077.1772038793631@app.mailbox.org>
Hi,
I am a bit unsure about the openssl patches. I am not questioning them technically but if it is the right way to patch openssl 3.2 since it is EOL [1].
Wouldn't it be better, as suggested in [1], to upgrade to either version 3.6.x (EOL 1st November 2026) or version 3.5.x (EOL April 2030 -> LTS).
If you agree with that, I would prepare a patch. Just let me know hte preffered version, since I am a bit unsure how this is usually handled on a LTS version.
[1] https://openssl-library.org/post/2025-11-25-eol-32/
Best Regards
Patrick
> patrick.vogelaar@mailbox.org hat am 25.02.2026 17:59 CET geschrieben:
>
>
> Hi,
>
> I am a bit unsure about the openssl patches. I am not questioning them technically but if it is the right way to patch openssl 3.2 since it is EOL [1].
>
> Wouldn't it be better, as suggested in [1], to upgrade to either version 3.6.x (EOL 1st November 2026) or version 3.5.x (EOL April 2030 -> LTS).
>
> If you agree with that, I would prepare a patch. Just let me know hte preffered version, since I am a bit unsure how this is usually handled on a LTS version.
>
> [1] https://openssl-library.org/post/2025-11-25-eol-32/
>
> Best Regards
> Patrick
>
>
> > Yoann Congal via lists.openembedded.org <yoann.congal=smile.fr@lists.openembedded.org> hat am 24.02.2026 15:31 CET geschrieben:
> >
> >
> > Please review this set of changes for scarthgap and have comments back by
> > end of day Thursday, February 26.
> >
> > Passed a-full on autobuilder:
> > https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3276
> >
> > The following changes since commit a1f4ae4e569bc0e36c27c1e4651e502e54d63b28:
> >
> > build-appliance-image: Update to scarthgap head revision (2026-02-16 09:52:44 +0000)
> >
> > are available in the Git repository at:
> >
> > https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
> > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
> >
> > for you to fetch changes up to 94a2960e1ae3923599affb6b227ef3f1870f5633:
> >
> > u-boot: move CVE patches out of the common .inc file (2026-02-24 10:34:08 +0100)
> >
> > ----------------------------------------------------------------
> >
> > Aleksandar Nikolic (1):
> > scripts/install-buildtools: Update to 5.0.15
> >
> > Amaury Couderc (2):
> > avahi: patch CVE-2025-68468
> > avahi: patch CVE-2025-68471
> >
> > Ankur Tyagi (4):
> > avahi: patch CVE-2025-68276
> > avahi: patch CVE-2026-24401
> > mobile-broadband-provider-info: upgrade 20240407 -> 20251101
> > vim: ignore CVE-2025-66476
> >
> > Benjamin Robin (Schneider Electric) (1):
> > spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX
> >
> > Bruce Ashfield (7):
> > linux-yocto/6.6: update to v6.6.112
> > linux-yocto/6.6: update to v6.6.114
> > linux-yocto/6.6: update to v6.6.116
> > linux-yocto/6.6: update to v6.6.118
> > linux-yocto/6.6: update to v6.6.119
> > linux-yocto/6.6: update to v6.6.120
> > linux-yocto/6.6: update to v6.6.123
> >
> > Daniel Dragomir (1):
> > wic/engine: error on old host debugfs for standalone directory copy
> >
> > Deepak Rathore (7):
> > go 1.22.12: Fix CVE-2025-61730
> > go 1.22.12: Fix CVE-2025-61726
> > go 1.22.12: Fix CVE-2025-61728
> > go 1.22.12: Fix CVE-2025-61731
> > go 1.22.12: Fix CVE-2025-68119
> > go 1.22.12: Fix CVE-2025-61732
> > go 1.22.12: Fix CVE-2025-68121
> >
> > Dragomir, Daniel (2):
> > wic/engine: fix copying directories into wic image with ext* partition
> > oeqa/selftest/wic: test recursive dir copy on ext partitions
> >
> > Fabio Berton (1):
> > classes/buildhistory: Do not sign buildhistory commits
> >
> > Hitendra Prajapati (2):
> > openssl: fix CVE-2025-15468
> > openssl: fix CVE-2025-69419
> >
> > Ming Liu (1):
> > weston: fix a touch-calibrator issue
> >
> > Peter Marko (10):
> > libsndfile1: patch CVE-2025-56226
> > libpng: patch CVE-2026-25646
> > glib-2.0: patch CVE-2026-1484
> > glib-2.0: patch CVE-2026-1485
> > glib-2.0: patch CVE-2026-1489
> > ffmpeg: ignore CVE-2025-1594
> > libtheora: mark CVE-2024-56431 as not vulnerable yet
> > ffmpeg: set status of CVE-2025-25468
> > gnupg: patch CVE-2025-68973
> > alsa-lib: patch CVE-2026-25068
> >
> > Pratik Farkase (1):
> > libevent: merge inherit statements
> >
> > Richard Purdie (1):
> > go-vendor: Fix absolute paths issue
> >
> > Vijay Anusuri (1):
> > bind: Upgrade 9.18.41 -> 9.18.44
> >
> > Yoann Congal (2):
> > pseudo: Update to include a fix for systems with kernel <5.6
> > u-boot: move CVE patches out of the common .inc file
> >
> > meta/classes/buildhistory.bbclass | 2 +-
> > meta/classes/go-vendor.bbclass | 6 +-
> > meta/lib/oe/spdx30_tasks.py | 8 +-
> > meta/lib/oeqa/selftest/cases/wic.py | 65 ++
> > meta/recipes-bsp/u-boot/u-boot-common.inc | 12 +-
> > meta/recipes-bsp/u-boot/u-boot_2024.01.bb | 10 +
> > meta/recipes-connectivity/avahi/avahi_0.8.bb | 4 +
> > .../avahi/files/CVE-2025-68276.patch | 65 ++
> > .../avahi/files/CVE-2025-68468.patch | 32 +
> > .../avahi/files/CVE-2025-68471.patch | 36 +
> > .../avahi/files/CVE-2026-24401.patch | 74 ++
> > .../bind/{bind_9.18.41.bb => bind_9.18.44.bb} | 2 +-
> > .../mobile-broadband-provider-info_git.bb | 4 +-
> > .../openssl/openssl/CVE-2025-15468.patch | 39 +
> > .../openssl/openssl/CVE-2025-69419.patch | 61 ++
> > .../openssl/openssl_3.2.6.bb | 2 +
> > .../glib-2.0/glib-2.0/CVE-2026-1484-01.patch | 48 +
> > .../glib-2.0/glib-2.0/CVE-2026-1484-02.patch | 45 +
> > .../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +
> > .../glib-2.0/glib-2.0/CVE-2026-1489-01.patch | 42 +
> > .../glib-2.0/glib-2.0/CVE-2026-1489-02.patch | 30 +
> > .../glib-2.0/glib-2.0/CVE-2026-1489-03.patch | 290 ++++++
> > .../glib-2.0/glib-2.0/CVE-2026-1489-04.patch | 68 ++
> > meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 7 +
> > meta/recipes-devtools/go/go-1.22.12.inc | 10 +
> > .../go/go/CVE-2025-61726.patch | 196 +++++
> > .../go/go/CVE-2025-61728.patch | 171 ++++
> > .../go/go/CVE-2025-61730.patch | 460 ++++++++++
> > .../go/go/CVE-2025-61731.patch | 70 ++
> > .../go/go/CVE-2025-61732.patch | 53 ++
> > .../go/go/CVE-2025-68119-dependent.patch | 175 ++++
> > .../go/go/CVE-2025-68119.patch | 828 ++++++++++++++++++
> > .../go/go/CVE-2025-68121_p1.patch | 253 ++++++
> > .../go/go/CVE-2025-68121_p2.patch | 385 ++++++++
> > .../go/go/CVE-2025-68121_p3.patch | 82 ++
> > meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
> > ...ator-Regularise-surface-view-mapping.patch | 78 ++
> > .../recipes-graphics/wayland/weston_13.0.1.bb | 1 +
> > .../linux/linux-yocto-rt_6.6.bb | 6 +-
> > .../linux/linux-yocto-tiny_6.6.bb | 6 +-
> > meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +-
> > .../alsa/alsa-lib/CVE-2026-25068.patch | 34 +
> > .../alsa/alsa-lib_1.2.11.bb | 1 +
> > .../recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 3 +-
> > .../libpng/files/CVE-2026-25646.patch | 61 ++
> > .../libpng/libpng_1.6.42.bb | 1 +
> > .../libsndfile1/CVE-2025-56226-01.patch | 36 +
> > .../libsndfile1/CVE-2025-56226-02.patch | 43 +
> > .../libsndfile/libsndfile1_1.2.2.bb | 2 +
> > .../libtheora/libtheora_1.1.1.bb | 2 +
> > .../gnupg/gnupg/CVE-2025-68973.patch | 108 +++
> > meta/recipes-support/gnupg/gnupg_2.4.8.bb | 1 +
> > .../libevent/libevent_2.1.12.bb | 4 +-
> > meta/recipes-support/vim/vim_9.1.bb | 2 +
> > scripts/install-buildtools | 4 +-
> > scripts/lib/wic/engine.py | 92 +-
> > 56 files changed, 4132 insertions(+), 62 deletions(-)
> > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch
> > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch
> > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch
> > create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch
> > rename meta/recipes-connectivity/bind/{bind_9.18.41.bb => bind_9.18.44.bb} (97%)
> > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch
> > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch
> > create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61726.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61728.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61730.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61731.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61732.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68119-dependent.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68119.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p1.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p2.patch
> > create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p3.patch
> > create mode 100644 meta/recipes-graphics/wayland/weston/0001-touch-calibrator-Regularise-surface-view-mapping.patch
> > create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
> > create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch
> > create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch
> > create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch
> > create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
> >
next prev parent reply other threads:[~2026-02-25 17:12 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-24 14:31 [OE-core][scarthgap 00/44] Patch review Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 01/44] pseudo: Update to include a fix for systems with kernel <5.6 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 02/44] avahi: patch CVE-2025-68276 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 03/44] avahi: patch CVE-2025-68468 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 04/44] avahi: patch CVE-2025-68471 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 05/44] avahi: patch CVE-2026-24401 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 06/44] libsndfile1: patch CVE-2025-56226 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 07/44] mobile-broadband-provider-info: upgrade 20240407 -> 20251101 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 08/44] vim: ignore CVE-2025-66476 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 09/44] wic/engine: fix copying directories into wic image with ext* partition Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 10/44] oeqa/selftest/wic: test recursive dir copy on ext partitions Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 11/44] linux-yocto/6.6: update to v6.6.112 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 12/44] linux-yocto/6.6: update to v6.6.114 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 13/44] linux-yocto/6.6: update to v6.6.116 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 14/44] linux-yocto/6.6: update to v6.6.118 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 15/44] linux-yocto/6.6: update to v6.6.119 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 16/44] linux-yocto/6.6: update to v6.6.120 Yoann Congal
2026-02-24 14:48 ` Patchtest results for " patchtest
2026-02-24 14:31 ` [OE-core][scarthgap 17/44] linux-yocto/6.6: update to v6.6.123 Yoann Congal
2026-02-24 14:48 ` Patchtest results for " patchtest
2026-02-24 14:31 ` [OE-core][scarthgap 18/44] weston: fix a touch-calibrator issue Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 19/44] libevent: merge inherit statements Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 20/44] go 1.22.12: Fix CVE-2025-61730 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 21/44] go 1.22.12: Fix CVE-2025-61726 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 22/44] go 1.22.12: Fix CVE-2025-61728 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 23/44] go 1.22.12: Fix CVE-2025-61731 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 24/44] go 1.22.12: Fix CVE-2025-68119 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 25/44] go 1.22.12: Fix CVE-2025-61732 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 26/44] go 1.22.12: Fix CVE-2025-68121 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 27/44] bind: Upgrade 9.18.41 -> 9.18.44 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 28/44] spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 29/44] go-vendor: Fix absolute paths issue Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 30/44] libpng: patch CVE-2026-25646 Yoann Congal
2026-02-24 14:31 ` [OE-core][scarthgap 31/44] classes/buildhistory: Do not sign buildhistory commits Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 32/44] openssl: fix CVE-2025-15468 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 33/44] openssl: fix CVE-2025-69419 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 34/44] scripts/install-buildtools: Update to 5.0.15 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 35/44] wic/engine: error on old host debugfs for standalone directory copy Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 36/44] glib-2.0: patch CVE-2026-1484 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 37/44] glib-2.0: patch CVE-2026-1485 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 38/44] glib-2.0: patch CVE-2026-1489 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 39/44] ffmpeg: ignore CVE-2025-1594 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 40/44] libtheora: mark CVE-2024-56431 as not vulnerable yet Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 41/44] ffmpeg: set status of CVE-2025-25468 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 42/44] gnupg: patch CVE-2025-68973 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 43/44] alsa-lib: patch CVE-2026-25068 Yoann Congal
2026-02-24 14:32 ` [OE-core][scarthgap 44/44] u-boot: move CVE patches out of the common .inc file Yoann Congal
2026-02-25 16:59 ` [OE-core][scarthgap 00/44] Patch review patrick.vogelaar
2026-02-25 17:12 ` patrick.vogelaar.dev [this message]
2026-02-25 17:19 ` Marko, Peter
2026-02-25 21:23 ` Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=362912505.617728.1772039522960@app.mailbox.org \
--to=patrick.vogelaar.dev@mailbox.org \
--cc=openembedded-core@lists.openembedded.org \
--cc=yoann.congal=smile.fr@lists.openembedded.org \
--cc=yoann.congal@smile.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox