Re: [OE-core][whinlatter 00/20] Pull request (cover letter only)

[Paul Barker <paul@pbarker.dev>]

[-- Attachment #1: Type: text/plain, Size: 7089 bytes --]

On Tue, 2026-02-17 at 11:24 +0100, Yoann Congal via
lists.openembedded.org wrote:
> Those are the patches from the last patch review:
> https://lore.kernel.org/openembedded-core/cover.1770968514.git.yoann.congal@smile.fr/T/#t
> with backported "pseudo: Update to include an openat2 fix" to fix #16143
> (AB-INT: do_image_wic: tar command return exit status 2)
> 
> Passed a-full on autobuilder (with errors):
> https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3229
> * meta-intel failed with #16172 – intel-media-driver: ninja: posix_spawn: Argument list too long
>   * This failure is independent of this patch series.
> * oe-selftest-fedora failed on a temporary github glitch (502 Bad Gateway or Proxy Error)
>   * https://autobuilder.yoctoproject.org/valkyrie/?#/builders/48/builds/3104
>   * Successfully retried in https://autobuilder.yoctoproject.org/valkyrie/?#/builders/48/builds/3106

Both of the above look ok to me, they shouldn't block this merge.

The following changes since commit 000a044d285d93ded3280f27360165c943bb5d7e:

  inetutils: patch CVE-2026-24061 (2026-02-10 21:15:17 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib pbarker/whinlatter

for you to fetch changes up to 4ce61fbd915b3c78461d04194b3405e4d8e98e63:

  pseudo: Update to include an openat2 fix (2026-02-17 15:21:33 +0000)

----------------------------------------------------------------
Adarsh Jagadish Kamini (1):
      avahi: Backport fix CVE-2025-68276

Aleksandar Nikolic (1):
      scripts/install-buildtools: Update to 5.3.1

Amaury Couderc (2):
      avahi: patch CVE-2025-68468
      avahi: patch CVE-2025-68471

Ankur Tyagi (3):
      mobile-broadband-provider-info: upgrade 20250613 -> 20251101
      avahi: patch CVE-2026-24401
      vim: ignore CVE-2025-66476

Bruce Ashfield (2):
      linux-yocto/6.12: update to v6.12.69
      linux-yocto/6.12: update CVE exclusions (6.12.69)

Dragomir, Daniel (2):
      wic/engine: fix copying directories into wic image with ext* partition
      oeqa/selftest/wic: test recursive dir copy on ext partitions

Hongxu Jia (2):
      webkitgtk: workaround compile failure for large debug symbols
      webkitgtk: upgrade 2.50.0 -> 2.50.4

Paul Barker (2):
      devtool: deploy: Run pseudo with correct PATH
      devtool: deploy: Reset PATH after strip_execs

Peter Marko (4):
      openssl: upgrade 3.5.4 -> 3.5.5
      ffmpeg: ignore 10 CVEs
      libsndfile1: patch CVE-2025-56226
      go: upgrade 1.25.6 -> 1.25.7

Richard Purdie (1):
      pseudo: Update to include an openat2 fix

 meta/conf/distro/include/yocto-space-optimize.inc  |     3 -
 meta/lib/oeqa/selftest/cases/wic.py                |    65 +
 meta/recipes-connectivity/avahi/avahi_0.8.bb       |     4 +
 .../avahi/files/CVE-2025-68276.patch               |    68 +
 .../avahi/files/CVE-2025-68468.patch               |    32 +
 .../avahi/files/CVE-2025-68471.patch               |    36 +
 .../avahi/files/CVE-2026-24401.patch               |    74 +
 ... => mobile-broadband-provider-info_20251101.bb} |     2 +-
 ...ndshake-history-reporting-when-test-fails.patch |    23 +-
 .../0001-extend-check_cwm-test-timeout.patch       |     2 +-
 .../openssl/{openssl_3.5.4.bb => openssl_3.5.5.bb} |     2 +-
 .../go/{go-1.25.6.inc => go-1.25.7.inc}            |     2 +-
 ...native_1.25.6.bb => go-binary-native_1.25.7.bb} |     6 +-
 ...adian_1.25.6.bb => go-cross-canadian_1.25.7.bb} |     0
 .../go/{go-cross_1.25.6.bb => go-cross_1.25.7.bb}  |     0
 ...go-crosssdk_1.25.6.bb => go-crosssdk_1.25.7.bb} |     0
 .../{go-runtime_1.25.6.bb => go-runtime_1.25.7.bb} |     0
 .../go/{go_1.25.6.bb => go_1.25.7.bb}              |     0
 meta/recipes-devtools/pseudo/pseudo_git.bb         |     2 +-
 meta/recipes-kernel/linux/cve-exclusion_6.12.inc   | 13004 +++++++++++--------
 meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb   |     6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb |     6 +-
 meta/recipes-kernel/linux/linux-yocto_6.12.bb      |    28 +-
 meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb       |     7 +
 .../libsndfile/libsndfile1/CVE-2025-56226-01.patch |    36 +
 .../libsndfile/libsndfile1/CVE-2025-56226-02.patch |    43 +
 .../libsndfile/libsndfile1_1.2.2.bb                |     2 +
 ...-variable-to-control-macro-__PAS_ALWAYS_I.patch |     8 +-
 ...Introspection.cmake-prefix-variables-obta.patch |     2 +-
 ...rrors-on-RISCV-https-bugs.webkit.org-show.patch |     4 +-
 .../webkit/webkitgtk/fix-ftbfs-riscv64.patch       |    24 +-
 .../webkit/webkitgtk/fix-musl-compilation.patch    |    94 -
 ...nstanceof_handler_for_32-bit_C-loop_build.patch |   122 -
 .../webkit/webkitgtk/reproducibility.patch         |     2 +-
 meta/recipes-sato/webkit/webkitgtk/sys_futex.patch |    11 +-
 .../webkit/webkitgtk/t6-not-declared.patch         |     6 +-
 .../{webkitgtk_2.50.0.bb => webkitgtk_2.50.4.bb}   |    15 +-
 meta/recipes-support/vim/vim_9.1.bb                |     2 +
 scripts/install-buildtools                         |     4 +-
 scripts/lib/devtool/__init__.py                    |     3 +-
 scripts/lib/devtool/deploy.py                      |     9 +-
 scripts/lib/wic/engine.py                          |    63 +-
 42 files changed, 8391 insertions(+), 5431 deletions(-)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch
 rename meta/recipes-connectivity/mobile-broadband-provider-info/{mobile-broadband-provider-info_20250613.bb => mobile-broadband-provider-info_20251101.bb} (91%)
 rename meta/recipes-connectivity/openssl/{openssl_3.5.4.bb => openssl_3.5.5.bb} (99%)
 rename meta/recipes-devtools/go/{go-1.25.6.inc => go-1.25.7.inc} (91%)
 rename meta/recipes-devtools/go/{go-binary-native_1.25.6.bb => go-binary-native_1.25.7.bb} (79%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.25.6.bb => go-cross-canadian_1.25.7.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.25.6.bb => go-cross_1.25.7.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.25.6.bb => go-crosssdk_1.25.7.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.25.6.bb => go-runtime_1.25.7.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.25.6.bb => go_1.25.7.bb} (100%)
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch
 create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/fix-musl-compilation.patch
 delete mode 100644 meta/recipes-sato/webkit/webkitgtk/fix_op_instanceof_handler_for_32-bit_C-loop_build.patch
 rename meta/recipes-sato/webkit/{webkitgtk_2.50.0.bb => webkitgtk_2.50.4.bb} (93%)

Best regards,

-- 
Paul Barker


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]