From: Gyorgy Sarvari <skandigraun@gmail.com>
To: steve@sakoman.com, openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][scarthgap 00/18] Patch review
Date: Sun, 12 Oct 2025 21:02:12 +0200 [thread overview]
Message-ID: <b4728274-d6cd-4fd8-b26b-ceef7811ffa0@gmail.com> (raw)
In-Reply-To: <cover.1760064493.git.steve@sakoman.com>
On 10/10/25 04:50, Steve Sakoman via lists.openembedded.org wrote:
> Please review this set of changes for scarthgap and have comments back by
> end of day Monday, October 13
>
> Passed a-full on autobuilder:
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2553
This didn't pass... though I guess it's some infra problem?
> The following changes since commit 2696c50af9946f425ccaf7d0e7e0eb3fd87c36bb:
>
> expect: fix native build with GCC 15 (2025-10-02 08:40:43 -0700)
>
> are available in the Git repository at:
>
> https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
>
> Aleksandar Nikolic (1):
> scripts/install-buildtools: Update to 5.0.12
>
> Archana Polampalli (1):
> go: fix CVE-2025-47906
>
> Deepesh Varatharajan (1):
> glibc: stable 2.39 branch updates
>
> Gyorgy Sarvari (1):
> conf/bitbake.conf: use gnu mirror instead of main server
>
> Hitendra Prajapati (1):
> grub2: mark CVE-2024-2312 as not applicable
>
> Peter Marko (10):
> busybox: patch CVE-2025-46394
> gstreamer1.0: ignore CVEs fixed in plugins
> gstreamer1.0: ignore CVE-2025-2759
> ghostscript: patch CVE-2025-59798
> ghostscript: patch CVE-2025-59799
> ghostscript: patch CVE-2025-59800
> expat: follow-up for CVE-2024-8176
> tiff: ignore 5 CVEs
> ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases
> openssl: upgrade 3.2.4 -> 3.2.6
>
> Ross Burton (1):
> pulseaudio: ignore CVE-2024-11586
>
> Steve Sakoman (2):
> selftest/cases/meta_ide.py: use use gnu mirror instead of main server
> oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
>
> meta/conf/bitbake.conf | 2 +-
> meta/lib/oeqa/sdk/cases/buildcpio.py | 2 +-
> meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
> meta/recipes-bsp/grub/grub2.inc | 1 +
> .../openssl/openssl/CVE-2025-27587-1.patch | 1918 -----------------
> .../openssl/openssl/CVE-2025-27587-2.patch | 129 --
> .../{openssl_3.2.4.bb => openssl_3.2.6.bb} | 4 +-
> .../busybox/busybox/CVE-2025-46394-01.patch | 57 +
> .../busybox/busybox/CVE-2025-46394-02.patch | 32 +
> meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
> .../expat/expat/CVE-2024-8176-03.patch | 35 +
> .../expat/expat/CVE-2024-8176-04.patch | 115 +
> .../expat/expat/CVE-2024-8176-05.patch | 78 +
> meta/recipes-core/expat/expat_2.6.4.bb | 3 +
> meta/recipes-core/glibc/glibc-version.inc | 4 +-
> meta/recipes-devtools/go/go-1.22.12.inc | 1 +
> .../go/go/CVE-2025-47906.patch | 183 ++
> .../ghostscript/CVE-2025-59798.patch | 134 ++
> .../ghostscript/CVE-2025-59799.patch | 41 +
> .../ghostscript/CVE-2025-59800.patch | 36 +
> .../ghostscript/ghostscript_10.05.1.bb | 3 +
> .../recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb | 4 +
> .../gstreamer/gstreamer1.0_1.22.12.bb | 19 +-
> meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 4 +
> .../pulseaudio/pulseaudio.inc | 2 +
> scripts/install-buildtools | 4 +-
> 26 files changed, 754 insertions(+), 2061 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
> rename meta/recipes-connectivity/openssl/{openssl_3.2.4.bb => openssl_3.2.6.bb} (98%)
> create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
> create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
> create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-03.patch
> create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-04.patch
> create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-05.patch
> create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47906.patch
> create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
> create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
> create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#224644): https://lists.openembedded.org/g/openembedded-core/message/224644
> Mute This Topic: https://lists.openembedded.org/mt/115683663/6084445
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
next prev parent reply other threads:[~2025-10-12 19:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-10 2:50 [OE-core][scarthgap 00/18] Patch review Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 01/18] busybox: patch CVE-2025-46394 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 02/18] grub2: mark CVE-2024-2312 as not applicable Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 03/18] gstreamer1.0: ignore CVEs fixed in plugins Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 04/18] gstreamer1.0: ignore CVE-2025-2759 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 05/18] ghostscript: patch CVE-2025-59798 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 06/18] ghostscript: patch CVE-2025-59799 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 07/18] ghostscript: patch CVE-2025-59800 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 08/18] expat: follow-up for CVE-2024-8176 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 09/18] pulseaudio: ignore CVE-2024-11586 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 10/18] tiff: ignore 5 CVEs Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 11/18] ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 12/18] go: fix CVE-2025-47906 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 13/18] glibc: stable 2.39 branch updates Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 14/18] scripts/install-buildtools: Update to 5.0.12 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 15/18] openssl: upgrade 3.2.4 -> 3.2.6 Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 16/18] conf/bitbake.conf: use gnu mirror instead of main server Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 17/18] selftest/cases/meta_ide.py: use " Steve Sakoman
2025-10-10 2:50 ` [OE-core][scarthgap 18/18] oeqa/sdk/cases/buildcpio.py: " Steve Sakoman
2025-10-12 19:02 ` Gyorgy Sarvari [this message]
2025-10-12 19:19 ` [OE-core][scarthgap 00/18] Patch review Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-12-23 21:22 Steve Sakoman
2024-10-15 18:50 Steve Sakoman
2024-08-21 12:50 Steve Sakoman
2024-08-04 17:09 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b4728274-d6cd-4fd8-b26b-ceef7811ffa0@gmail.com \
--to=skandigraun@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=steve@sakoman.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox