From: "Yoann Congal" <yoann.congal@smile.fr>
To: "Vijay Anusuri" <vanusuri@mvista.com>
Cc: "Patches and discussions about the oe-core layer"
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core][kirkstone v3 00/19] Patch review
Date: Tue, 07 Apr 2026 23:10:15 +0200 [thread overview]
Message-ID: <DHN8BSK6TPNF.3URJSKNIEGULG@smile.fr> (raw)
In-Reply-To: <CANQUz18ce-pbkn8-N6AorS8a5w5B8FJAtt9_dFXKnCUMSncvMQ@mail.gmail.com>
On Tue Apr 7, 2026 at 8:14 PM CEST, Vijay Anusuri wrote:
> Hi Yoann,
>
>
>
> On Tue, 7 Apr, 2026, 9:46 pm Yoann Congal via lists.openembedded.org,
> <yoann.congal=smile.fr@lists.openembedded.org> wrote:
>
>> Please review this set of changes for kirkstone and have comments back by
>> end of day Wednesday, April 8.
>>
>> Please note:
>> - This will be the last review cycle for kirkstone.
>> - If you expect a patch to get merged and it is not in this series ping
>> me as soon as possible.
>> - Some patches look OK to me and are included here but will only be
>> merged if some patches are sent/fixed in more recent branches:
>> - Pending an equivalent patch sent for scarthgap:
>> - ncurses: fix for CVE-2025-69720
>> - Pending an equivalent patch sent for whinlatter:
>> - libarchive: Fix CVE-2026-4111
>>
> --> Libarchive 3.8.6 upgrade patch submitted for whinlatter. This upgrade
> fixes CVE-2026-4111 .
That's right:
[OE-core][whinlatter][patch] libarchive: upgrade 3.8.5 -> 3.8.6 - Vijay Anusuri
https://lore.kernel.org/openembedded-core/20260406065532.1259890-1-vanusuri@mvista.com/
(I did not make the connection)
Thanks!
>
> Passed a-full on autobuilder:
>> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3612
>>
>> v2->v3:
>> - Added ncurses:·fix·for·CVE-2025-69720 to the series
>>
>> v1->v2:
>> - replaced "python3: Fix CVE-2025-15282" with
>> "python3: upgrade 3.10.19 -> 3.10.20"
>> - Those patches are not held anymore since equivalent patches have been
>> sent to more recent branches:
>> - curl: patch CVE-2026-3784
>> - curl: patch CVE-2026-3783
>> - curl: patch CVE-2026-1965
>> - vim: Fix CVE-2026-33412
>>
>> The following changes since commit
>> c4194cadb1180da37514c55cd97827eb0269c8e2:
>>
>> build-appliance-image: Update to kirkstone head revision (2026-03-20
>> 09:58:53 +0000)
>>
>> are available in the Git repository at:
>>
>> https://git.openembedded.org/openembedded-core-contrib
>> stable/kirkstone-nut
>>
>> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
>>
>> for you to fetch changes up to 94df79c304f692b0108155e04905180cdf92b2cd:
>>
>> scripts/install-buildtools: Update to 4.0.34 (2026-04-07 09:14:47 +0200)
>>
>> ----------------------------------------------------------------
>>
>> Bruce Ashfield (2):
>> linux-yocto/5.15: update to v5.15.200
>> linux-yocto/5.15: update to v5.15.201
>>
>> Fabien Thomas (1):
>> README.OE-Core: update contributor links and add kirkstone prefix
>>
>> Hitendra Prajapati (2):
>> vim: Fix CVE-2026-33412
>> ncurses: fix for CVE-2025-69720
>>
>> Jinfeng Wang (1):
>> tzdata/tzcode-native: upgrade 2025c -> 2026a
>>
>> Paul Barker (1):
>> create-pull-request: Keep commit hash to be pulled in cover email
>>
>> Peter Marko (1):
>> libtheora: mark CVE-2024-56431 as not vulnerable yet
>>
>> Vijay Anusuri (10):
>> tzdata,tzcode-native: Upgrade 2025b -> 2025c
>> python3: upgrade 3.10.19 -> 3.10.20
>> python3-pyopenssl: Fix CVE-2026-27448
>> python3-pyopenssl: Fix CVE-2026-27459
>> libarchive: Fix CVE-2026-4111
>> sqlite3: Fix CVE-2025-70873
>> curl: patch CVE-2025-14524
>> curl: patch CVE-2026-1965
>> curl: patch CVE-2026-3783
>> curl: patch CVE-2026-3784
>>
>> Yoann Congal (1):
>> scripts/install-buildtools: Update to 4.0.34
>>
>> README.OE-Core.md | 10 +-
>> .../ncurses/files/CVE-2025-69720.patch | 42 ++
>> .../ncurses/ncurses_6.3+20220423.bb | 1 +
>> .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++
>> .../python3-pyopenssl/CVE-2026-27459.patch | 106 +++++
>> .../python/python3-pyopenssl_22.0.0.bb | 5 +
>> .../python/python3/CVE-2025-12084.patch | 171 --------
>> .../python/python3/CVE-2025-13836.patch | 163 --------
>> .../python/python3/CVE-2025-13837.patch | 162 --------
>> .../python/python3/CVE-2025-6075.patch | 364 ------------------
>> ...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +-
>> .../libarchive/CVE-2026-4111-1.patch | 32 ++
>> .../libarchive/CVE-2026-4111-2.patch | 308 +++++++++++++++
>> .../libarchive/libarchive_3.6.2.bb | 2 +
>> meta/recipes-extended/timezone/timezone.inc | 6 +-
>> .../linux/linux-yocto-rt_5.15.bb | 6 +-
>> .../linux/linux-yocto-tiny_5.15.bb | 6 +-
>> meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
>> .../libtheora/libtheora_1.1.1.bb | 3 +
>> .../curl/curl/CVE-2025-14524.patch | 42 ++
>> .../curl/curl/CVE-2026-1965-1.patch | 98 +++++
>> .../curl/curl/CVE-2026-1965-2.patch | 29 ++
>> .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++
>> .../curl/curl/CVE-2026-3783.patch | 157 ++++++++
>> .../curl/curl/CVE-2026-3784.patch | 73 ++++
>> meta/recipes-support/curl/curl_7.82.0.bb | 6 +
>> .../sqlite/files/CVE-2025-70873.patch | 33 ++
>> meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
>> .../vim/files/CVE-2026-33412.patch | 61 +++
>> meta/recipes-support/vim/vim.inc | 1 +
>> scripts/create-pull-request | 2 +-
>> scripts/install-buildtools | 4 +-
>> 32 files changed, 1224 insertions(+), 893 deletions(-)
>> create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch
>> create mode 100644
>> meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
>> create mode 100644
>> meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
>> delete mode 100644
>> meta/recipes-devtools/python/python3/CVE-2025-12084.patch
>> delete mode 100644
>> meta/recipes-devtools/python/python3/CVE-2025-13836.patch
>> delete mode 100644
>> meta/recipes-devtools/python/python3/CVE-2025-13837.patch
>> delete mode 100644
>> meta/recipes-devtools/python/python3/CVE-2025-6075.patch
>> rename meta/recipes-devtools/python/{python3_3.10.19.bb =>
>> python3_3.10.20.bb} (98%)
>> create mode 100644
>> meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch
>> create mode 100644
>> meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch
>> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch
>> create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch
>> create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#234753):
>> https://lists.openembedded.org/g/openembedded-core/message/234753
>> Mute This Topic: https://lists.openembedded.org/mt/118710539/7301997
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
>> vanusuri@mvista.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>>
--
Yoann Congal
Smile ECS
prev parent reply other threads:[~2026-04-07 21:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 16:15 [OE-core][kirkstone v3 00/19] Patch review Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 01/19] linux-yocto/5.15: update to v5.15.200 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 02/19] linux-yocto/5.15: update to v5.15.201 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 03/19] create-pull-request: Keep commit hash to be pulled in cover email Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 04/19] README.OE-Core: update contributor links and add kirkstone prefix Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 05/19] libtheora: mark CVE-2024-56431 as not vulnerable yet Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 06/19] tzdata,tzcode-native: Upgrade 2025b -> 2025c Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 07/19] tzdata/tzcode-native: upgrade 2025c -> 2026a Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 08/19] python3: upgrade 3.10.19 -> 3.10.20 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 09/19] python3-pyopenssl: Fix CVE-2026-27448 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 10/19] python3-pyopenssl: Fix CVE-2026-27459 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 11/19] libarchive: Fix CVE-2026-4111 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 12/19] vim: Fix CVE-2026-33412 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 13/19] sqlite3: Fix CVE-2025-70873 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 14/19] curl: patch CVE-2025-14524 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 15/19] curl: patch CVE-2026-1965 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 16/19] curl: patch CVE-2026-3783 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 17/19] curl: patch CVE-2026-3784 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 18/19] ncurses: fix for CVE-2025-69720 Yoann Congal
2026-04-07 16:15 ` [OE-core][kirkstone v3 19/19] scripts/install-buildtools: Update to 4.0.34 Yoann Congal
2026-04-07 18:14 ` [OE-core][kirkstone v3 00/19] Patch review Vijay Anusuri
2026-04-07 21:10 ` Yoann Congal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DHN8BSK6TPNF.3URJSKNIEGULG@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
--cc=vanusuri@mvista.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox