* [OE-core][whinlatter 00/22] Pull request (cover letter only)
@ 2026-02-09 9:58 Yoann Congal
2026-02-09 10:45 ` Yoann Congal
0 siblings, 1 reply; 3+ messages in thread
From: Yoann Congal @ 2026-02-09 9:58 UTC (permalink / raw)
To: openembedded-core; +Cc: Paul Barker
Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1770109549.git.yoann.congal@smile.fr/T/#t
(with added cherry-pick info, where appropriate)
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3181
The following changes since commit fa31089d48cac2aa11279e932a77f4dbdc02c02d:
libarchive: upgrade 3.8.4 -> 3.8.5 (2026-01-26 08:44:38 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next
for you to fetch changes up to 7ffbe7bb6e262a410afac64c5211df0d52c202c7:
inetutils: patch CVE-2026-24061 (2026-02-09 01:51:46 +0100)
----------------------------------------------------------------
Hugo SIMELIERE (1):
libtasn1: Fix CVE-2025-13151
Jiaying Song (1):
grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663
CVE-2025-61664
Ken Kurematsu (1):
libtheora: set CVE_PRODUCT
Khai Dang (1):
docbook-xml-dtd4: fix the fetching failure
Mark Hatle (1):
dpkg: Fix ADMINDIR
Mathieu Dubois-Briand (2):
oeqa/gitarchive: Fix git push URL parameter
oeqa/gitarchive: Push tag before copying log files
Peter Marko (13):
go: upgrade 1.25.5 -> 1.25.6
zlib: ignore CVE-2026-22184
python3-urllib3: patch CVE-2026-21441
glibc: stable 2.42 branch updates
dropbear: patch CVE-2025-14282
libpng: upgrade 1.6.53 -> 1.6.54
glib-2.0: patch CVE-2026-0988
libxml2: patch CVE-2026-0989
libxml2: patch CVE-2026-0990
libxml2: patch CVE-2026-0992
libxml2: add follow-up patch for CVE-2026-0992
expat: upgrade 2.7.3 -> 2.7.4
inetutils: patch CVE-2026-24061
Richard Purdie (2):
scripts/oe-git-archive: Ensure new push parameter is specified
pseudo: Update to 1.9.3 release
meta/lib/oe/package_manager/deb/__init__.py | 4 +
.../oeqa/selftest/cases/gitarchivetests.py | 4 +-
meta/lib/oeqa/utils/gitarchive.py | 8 +-
.../grub/files/CVE-2025-54770.patch | 41 +++
.../grub/files/CVE-2025-61661.patch | 40 +++
.../grub/files/CVE-2025-61662.patch | 72 ++++
.../grub/files/CVE-2025-61663_61664.patch | 64 ++++
meta/recipes-bsp/grub/grub2.inc | 4 +
.../inetutils/CVE-2026-24061-01.patch | 38 ++
.../inetutils/CVE-2026-24061-02.patch | 82 +++++
.../inetutils/inetutils_2.6.bb | 2 +
.../dropbear/dropbear/CVE-2025-14282-01.patch | 280 +++++++++++++++
.../dropbear/dropbear/CVE-2025-14282-02.patch | 97 +++++
.../dropbear/dropbear/CVE-2025-14282-03.patch | 282 +++++++++++++++
.../dropbear/dropbear/CVE-2025-14282-04.patch | 72 ++++
.../dropbear/dropbear/CVE-2025-14282-05.patch | 46 +++
.../recipes-core/dropbear/dropbear_2025.88.bb | 5 +
.../expat/{expat_2.7.3.bb => expat_2.7.4.bb} | 2 +-
.../glib-2.0/files/CVE-2026-0988.patch | 58 +++
meta/recipes-core/glib-2.0/glib.inc | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
.../libxml/libxml2/CVE-2026-0989.patch | 309 ++++++++++++++++
.../libxml/libxml2/CVE-2026-0990.patch | 76 ++++
.../libxml/libxml2/CVE-2026-0992-01.patch | 49 +++
.../libxml/libxml2/CVE-2026-0992-02.patch | 336 ++++++++++++++++++
.../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++
meta/recipes-core/libxml/libxml2_2.14.6.bb | 5 +
meta/recipes-core/zlib/zlib_1.3.1.bb | 2 +
.../docbook-xml/docbook-xml-dtd4_4.5.bb | 10 +-
...-dirs.c-set_rootfs-was-not-checking-.patch | 46 +++
meta/recipes-devtools/dpkg/dpkg_1.22.21.bb | 1 +
.../go/{go-1.25.5.inc => go-1.25.6.inc} | 2 +-
...e_1.25.5.bb => go-binary-native_1.25.6.bb} | 6 +-
..._1.25.5.bb => go-cross-canadian_1.25.6.bb} | 0
...{go-cross_1.25.5.bb => go-cross_1.25.6.bb} | 0
...osssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} | 0
...runtime_1.25.5.bb => go-runtime_1.25.6.bb} | 0
...ent-based-hash-generation-less-pedan.patch | 8 +-
...ng-cgo-on-386-call-C-sigaction-funct.patch | 4 +-
...d-go-make-GOROOT-precious-by-default.patch | 2 +-
.../go/{go_1.25.5.bb => go_1.25.6.bb} | 0
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python3-urllib3/CVE-2026-21441.patch | 111 ++++++
.../python/python3-urllib3_2.5.0.bb | 1 +
.../{libpng_1.6.53.bb => libpng_1.6.54.bb} | 4 +-
.../libtheora/libtheora_1.2.0.bb | 2 +
.../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++
.../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 +
scripts/lib/resulttool/store.py | 9 +-
scripts/oe-git-archive | 2 +-
51 files changed, 2228 insertions(+), 31 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch
rename meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} (92%)
create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch
rename meta/recipes-devtools/go/{go-1.25.5.inc => go-1.25.6.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.5.bb => go-binary-native_1.25.6.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.5.bb => go-cross-canadian_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.5.bb => go_1.25.6.bb} (100%)
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch
rename meta/recipes-multimedia/libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} (94%)
create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core][whinlatter 00/22] Pull request (cover letter only)
2026-02-09 9:58 [OE-core][whinlatter 00/22] Pull request (cover letter only) Yoann Congal
@ 2026-02-09 10:45 ` Yoann Congal
2026-02-11 10:20 ` Paul Barker
0 siblings, 1 reply; 3+ messages in thread
From: Yoann Congal @ 2026-02-09 10:45 UTC (permalink / raw)
To: Yoann Congal, openembedded-core; +Cc: Paul Barker, Yogesh Tyagi
On Mon Feb 9, 2026 at 10:58 AM CET, Yoann Congal wrote:
> Those are the patches from the last patch review:
> https://lore.kernel.org/openembedded-core/cover.1770109549.git.yoann.congal@smile.fr/T/#t
> (with added cherry-pick info, where appropriate)
>
> Passed a-full on autobuilder:
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3181
As Paul wrote on IRC, I forgot to mention that the meta-intel build
failed. But, IMHO it should not prevent the merge:
* meta-intel build also fail on master currently: See the latest nightly:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/41/builds/2992
=> This new failure is not related to this series
* I notified the maintainer (Yogesh Tyagi, CC'd) last week, he is
working on reproducing & fixing it.
> The following changes since commit fa31089d48cac2aa11279e932a77f4dbdc02c02d:
>
> libarchive: upgrade 3.8.4 -> 3.8.5 (2026-01-26 08:44:38 +0000)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next
>
> for you to fetch changes up to 7ffbe7bb6e262a410afac64c5211df0d52c202c7:
>
> inetutils: patch CVE-2026-24061 (2026-02-09 01:51:46 +0100)
>
> ----------------------------------------------------------------
>
> Hugo SIMELIERE (1):
> libtasn1: Fix CVE-2025-13151
>
> Jiaying Song (1):
> grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663
> CVE-2025-61664
>
> Ken Kurematsu (1):
> libtheora: set CVE_PRODUCT
>
> Khai Dang (1):
> docbook-xml-dtd4: fix the fetching failure
>
> Mark Hatle (1):
> dpkg: Fix ADMINDIR
>
> Mathieu Dubois-Briand (2):
> oeqa/gitarchive: Fix git push URL parameter
> oeqa/gitarchive: Push tag before copying log files
>
> Peter Marko (13):
> go: upgrade 1.25.5 -> 1.25.6
> zlib: ignore CVE-2026-22184
> python3-urllib3: patch CVE-2026-21441
> glibc: stable 2.42 branch updates
> dropbear: patch CVE-2025-14282
> libpng: upgrade 1.6.53 -> 1.6.54
> glib-2.0: patch CVE-2026-0988
> libxml2: patch CVE-2026-0989
> libxml2: patch CVE-2026-0990
> libxml2: patch CVE-2026-0992
> libxml2: add follow-up patch for CVE-2026-0992
> expat: upgrade 2.7.3 -> 2.7.4
> inetutils: patch CVE-2026-24061
>
> Richard Purdie (2):
> scripts/oe-git-archive: Ensure new push parameter is specified
> pseudo: Update to 1.9.3 release
>
> meta/lib/oe/package_manager/deb/__init__.py | 4 +
> .../oeqa/selftest/cases/gitarchivetests.py | 4 +-
> meta/lib/oeqa/utils/gitarchive.py | 8 +-
> .../grub/files/CVE-2025-54770.patch | 41 +++
> .../grub/files/CVE-2025-61661.patch | 40 +++
> .../grub/files/CVE-2025-61662.patch | 72 ++++
> .../grub/files/CVE-2025-61663_61664.patch | 64 ++++
> meta/recipes-bsp/grub/grub2.inc | 4 +
> .../inetutils/CVE-2026-24061-01.patch | 38 ++
> .../inetutils/CVE-2026-24061-02.patch | 82 +++++
> .../inetutils/inetutils_2.6.bb | 2 +
> .../dropbear/dropbear/CVE-2025-14282-01.patch | 280 +++++++++++++++
> .../dropbear/dropbear/CVE-2025-14282-02.patch | 97 +++++
> .../dropbear/dropbear/CVE-2025-14282-03.patch | 282 +++++++++++++++
> .../dropbear/dropbear/CVE-2025-14282-04.patch | 72 ++++
> .../dropbear/dropbear/CVE-2025-14282-05.patch | 46 +++
> .../recipes-core/dropbear/dropbear_2025.88.bb | 5 +
> .../expat/{expat_2.7.3.bb => expat_2.7.4.bb} | 2 +-
> .../glib-2.0/files/CVE-2026-0988.patch | 58 +++
> meta/recipes-core/glib-2.0/glib.inc | 1 +
> meta/recipes-core/glibc/glibc-version.inc | 2 +-
> meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
> .../libxml/libxml2/CVE-2026-0989.patch | 309 ++++++++++++++++
> .../libxml/libxml2/CVE-2026-0990.patch | 76 ++++
> .../libxml/libxml2/CVE-2026-0992-01.patch | 49 +++
> .../libxml/libxml2/CVE-2026-0992-02.patch | 336 ++++++++++++++++++
> .../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++
> meta/recipes-core/libxml/libxml2_2.14.6.bb | 5 +
> meta/recipes-core/zlib/zlib_1.3.1.bb | 2 +
> .../docbook-xml/docbook-xml-dtd4_4.5.bb | 10 +-
> ...-dirs.c-set_rootfs-was-not-checking-.patch | 46 +++
> meta/recipes-devtools/dpkg/dpkg_1.22.21.bb | 1 +
> .../go/{go-1.25.5.inc => go-1.25.6.inc} | 2 +-
> ...e_1.25.5.bb => go-binary-native_1.25.6.bb} | 6 +-
> ..._1.25.5.bb => go-cross-canadian_1.25.6.bb} | 0
> ...{go-cross_1.25.5.bb => go-cross_1.25.6.bb} | 0
> ...osssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} | 0
> ...runtime_1.25.5.bb => go-runtime_1.25.6.bb} | 0
> ...ent-based-hash-generation-less-pedan.patch | 8 +-
> ...ng-cgo-on-386-call-C-sigaction-funct.patch | 4 +-
> ...d-go-make-GOROOT-precious-by-default.patch | 2 +-
> .../go/{go_1.25.5.bb => go_1.25.6.bb} | 0
> meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
> .../python3-urllib3/CVE-2026-21441.patch | 111 ++++++
> .../python/python3-urllib3_2.5.0.bb | 1 +
> .../{libpng_1.6.53.bb => libpng_1.6.54.bb} | 4 +-
> .../libtheora/libtheora_1.2.0.bb | 2 +
> .../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++
> .../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 +
> scripts/lib/resulttool/store.py | 9 +-
> scripts/oe-git-archive | 2 +-
> 51 files changed, 2228 insertions(+), 31 deletions(-)
> create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch
> create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
> create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
> create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
> create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch
> create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch
> create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch
> create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch
> create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch
> create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch
> create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch
> rename meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} (92%)
> create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
> create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
> create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch
> rename meta/recipes-devtools/go/{go-1.25.5.inc => go-1.25.6.inc} (91%)
> rename meta/recipes-devtools/go/{go-binary-native_1.25.5.bb => go-binary-native_1.25.6.bb} (79%)
> rename meta/recipes-devtools/go/{go-cross-canadian_1.25.5.bb => go-cross-canadian_1.25.6.bb} (100%)
> rename meta/recipes-devtools/go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} (100%)
> rename meta/recipes-devtools/go/{go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} (100%)
> rename meta/recipes-devtools/go/{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} (100%)
> rename meta/recipes-devtools/go/{go_1.25.5.bb => go_1.25.6.bb} (100%)
> create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch
> rename meta/recipes-multimedia/libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} (94%)
> create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core][whinlatter 00/22] Pull request (cover letter only)
2026-02-09 10:45 ` Yoann Congal
@ 2026-02-11 10:20 ` Paul Barker
0 siblings, 0 replies; 3+ messages in thread
From: Paul Barker @ 2026-02-11 10:20 UTC (permalink / raw)
To: Yoann Congal, Richard Purdie; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 8448 bytes --]
On Mon, 2026-02-09 at 11:45 +0100, Yoann Congal wrote:
> On Mon Feb 9, 2026 at 10:58 AM CET, Yoann Congal wrote:
> > Those are the patches from the last patch review:
> > https://lore.kernel.org/openembedded-core/cover.1770109549.git.yoann.congal@smile.fr/T/#t
> > (with added cherry-pick info, where appropriate)
> >
> > Passed a-full on autobuilder:
> > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3181
> As Paul wrote on IRC, I forgot to mention that the meta-intel build
> failed. But, IMHO it should not prevent the merge:
> * meta-intel build also fail on master currently: See the latest nightly:
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/41/builds/2992
> => This new failure is not related to this series
> * I notified the maintainer (Yogesh Tyagi, CC'd) last week, he is
> working on reproducing & fixing it.
Hi Richard, Yoann,
The build issue in meta-intel has been reported upstream:
https://github.com/intel/media-driver/issues/1984
I agree we can merge this since it's clear that none of the patches in
this series caused the issue.
The following changes since commit fa31089d48cac2aa11279e932a77f4dbdc02c02d:
libarchive: upgrade 3.8.4 -> 3.8.5 (2026-01-26 08:44:38 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib pbarker/whinlatter
for you to fetch changes up to 000a044d285d93ded3280f27360165c943bb5d7e:
inetutils: patch CVE-2026-24061 (2026-02-10 21:15:17 +0000)
----------------------------------------------------------------
Hugo SIMELIERE (1):
libtasn1: Fix CVE-2025-13151
Jiaying Song (1):
grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664
Ken Kurematsu (1):
libtheora: set CVE_PRODUCT
Khai Dang (1):
docbook-xml-dtd4: fix the fetching failure
Mark Hatle (1):
dpkg: Fix ADMINDIR
Mathieu Dubois-Briand (2):
oeqa/gitarchive: Fix git push URL parameter
oeqa/gitarchive: Push tag before copying log files
Peter Marko (13):
go: upgrade 1.25.5 -> 1.25.6
zlib: ignore CVE-2026-22184
python3-urllib3: patch CVE-2026-21441
glibc: stable 2.42 branch updates
dropbear: patch CVE-2025-14282
libpng: upgrade 1.6.53 -> 1.6.54
glib-2.0: patch CVE-2026-0988
libxml2: patch CVE-2026-0989
libxml2: patch CVE-2026-0990
libxml2: patch CVE-2026-0992
libxml2: add follow-up patch for CVE-2026-0992
expat: upgrade 2.7.3 -> 2.7.4
inetutils: patch CVE-2026-24061
Richard Purdie (2):
scripts/oe-git-archive: Ensure new push parameter is specified
pseudo: Update to 1.9.3 release
meta/lib/oe/package_manager/deb/__init__.py | 4 +
meta/lib/oeqa/selftest/cases/gitarchivetests.py | 4 +-
meta/lib/oeqa/utils/gitarchive.py | 8 +-
meta/recipes-bsp/grub/files/CVE-2025-54770.patch | 41 +++
meta/recipes-bsp/grub/files/CVE-2025-61661.patch | 40 +++
meta/recipes-bsp/grub/files/CVE-2025-61662.patch | 72 +++++
.../grub/files/CVE-2025-61663_61664.patch | 64 ++++
meta/recipes-bsp/grub/grub2.inc | 4 +
.../inetutils/inetutils/CVE-2026-24061-01.patch | 38 +++
.../inetutils/inetutils/CVE-2026-24061-02.patch | 82 +++++
.../inetutils/inetutils_2.6.bb | 2 +
.../dropbear/dropbear/CVE-2025-14282-01.patch | 280 +++++++++++++++++
.../dropbear/dropbear/CVE-2025-14282-02.patch | 97 ++++++
.../dropbear/dropbear/CVE-2025-14282-03.patch | 282 +++++++++++++++++
.../dropbear/dropbear/CVE-2025-14282-04.patch | 72 +++++
.../dropbear/dropbear/CVE-2025-14282-05.patch | 46 +++
meta/recipes-core/dropbear/dropbear_2025.88.bb | 5 +
.../expat/{expat_2.7.3.bb => expat_2.7.4.bb} | 2 +-
.../glib-2.0/files/CVE-2026-0988.patch | 58 ++++
meta/recipes-core/glib-2.0/glib.inc | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
.../libxml/libxml2/CVE-2026-0989.patch | 309 +++++++++++++++++++
.../libxml/libxml2/CVE-2026-0990.patch | 76 +++++
.../libxml/libxml2/CVE-2026-0992-01.patch | 49 +++
.../libxml/libxml2/CVE-2026-0992-02.patch | 336 +++++++++++++++++++++
.../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++
meta/recipes-core/libxml/libxml2_2.14.6.bb | 5 +
meta/recipes-core/zlib/zlib_1.3.1.bb | 2 +
.../docbook-xml/docbook-xml-dtd4_4.5.bb | 10 +-
...tions-dirs.c-set_rootfs-was-not-checking-.patch | 46 +++
meta/recipes-devtools/dpkg/dpkg_1.22.21.bb | 1 +
.../go/{go-1.25.5.inc => go-1.25.6.inc} | 2 +-
...native_1.25.5.bb => go-binary-native_1.25.6.bb} | 6 +-
...adian_1.25.5.bb => go-cross-canadian_1.25.6.bb} | 0
.../go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} | 0
...go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} | 0
.../{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} | 0
...-content-based-hash-generation-less-pedan.patch | 8 +-
...n-using-cgo-on-386-call-C-sigaction-funct.patch | 4 +-
...06-cmd-go-make-GOROOT-precious-by-default.patch | 2 +-
.../go/{go_1.25.5.bb => go_1.25.6.bb} | 0
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python/python3-urllib3/CVE-2026-21441.patch | 111 +++++++
.../python/python3-urllib3_2.5.0.bb | 1 +
.../libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} | 4 +-
.../libtheora/libtheora_1.2.0.bb | 2 +
.../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++
meta/recipes-support/gnutls/libtasn1_4.20.0.bb | 1 +
scripts/lib/resulttool/store.py | 9 +-
scripts/oe-git-archive | 2 +-
51 files changed, 2228 insertions(+), 31 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch
rename meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} (92%)
create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch
rename meta/recipes-devtools/go/{go-1.25.5.inc => go-1.25.6.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.5.bb => go-binary-native_1.25.6.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.5.bb => go-cross-canadian_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.5.bb => go_1.25.6.bb} (100%)
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch
rename meta/recipes-multimedia/libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} (94%)
create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
Best regards,
--
Paul Barker
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-02-11 10:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-09 9:58 [OE-core][whinlatter 00/22] Pull request (cover letter only) Yoann Congal
2026-02-09 10:45 ` Yoann Congal
2026-02-11 10:20 ` Paul Barker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox