* [OE-core][scarthgap 0/5] Patch review
@ 2025-03-21 15:04 Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 1/5] xserver-xorg: mark CVEs fixed in 21.1.16 as fixed Steve Sakoman
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-03-21 15:04 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, March 25
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1237
The following changes since commit 1be6d83466e3a0da4222ba502c2a86c25c835a35:
Revert "gcc-cross-canadian.inc: Fix buildpaths error for pthread.h" (2025-03-20 07:31:40 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Denys Dmytriyenko (2):
gcc: unify cleanup of include-fixed, apply to cross-canadian
nativesdk-libtool: sanitize the script, remove buildpaths
Makarios Christakis (1):
icu: Adjust ICU_DATA_DIR path on big endian targets
Peter Marko (1):
xserver-xorg: mark CVEs fixed in 21.1.16 as fixed
Vijay Anusuri (1):
libxslt: upgrade 1.1.39 -> 1.1.43
meta/recipes-devtools/gcc/gcc-common.inc | 4 +++
.../gcc/gcc-cross-canadian.inc | 2 ++
meta/recipes-devtools/gcc/gcc-cross.inc | 2 +-
meta/recipes-devtools/gcc/gcc-target.inc | 31 +------------------
.../recipes-devtools/libtool/libtool_2.4.7.bb | 15 +--------
.../libtool/nativesdk-libtool_2.4.7.bb | 1 +
.../libtool/remove-buildpaths.inc | 13 ++++++++
.../xorg-xserver/xserver-xorg.inc | 4 +++
meta/recipes-support/icu/icu_74-2.bb | 2 +-
.../{libxslt_1.1.39.bb => libxslt_1.1.43.bb} | 4 +--
10 files changed, 30 insertions(+), 48 deletions(-)
create mode 100644 meta/recipes-devtools/libtool/remove-buildpaths.inc
rename meta/recipes-support/libxslt/{libxslt_1.1.39.bb => libxslt_1.1.43.bb} (91%)
--
2.43.0
^ permalink raw reply [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 1/5] xserver-xorg: mark CVEs fixed in 21.1.16 as fixed
2025-03-21 15:04 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
@ 2025-03-21 15:04 ` Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 2/5] libxslt: upgrade 1.1.39 -> 1.1.43 Steve Sakoman
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-03-21 15:04 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
These are tracked as versionless redhat CVEs in NVD DB.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index e2754426cf..815be6a498 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -177,3 +177,7 @@ python populate_packages:prepend() {
}
CVE_STATUS[CVE-2023-5574] = "${@bb.utils.contains('PACKAGECONFIG', 'xvfb', 'unpatched', 'not-applicable-config: specific to Xvfb', d)}"
+
+CVE_STATUS_GROUPS = "CVE_STATUS_REDHAT"
+CVE_STATUS_REDHAT = "CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601"
+CVE_STATUS_REDHAT[status] = "fixed-version: these are tracked as versionless redhat CVEs in NVD DB, fixed in 21.1.16"
--
2.43.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 2/5] libxslt: upgrade 1.1.39 -> 1.1.43
2025-03-21 15:04 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 1/5] xserver-xorg: mark CVEs fixed in 21.1.16 as fixed Steve Sakoman
@ 2025-03-21 15:04 ` Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 3/5] icu: Adjust ICU_DATA_DIR path on big endian targets Steve Sakoman
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-03-21 15:04 UTC (permalink / raw)
To: openembedded-core
From: Vijay Anusuri <vanusuri@mvista.com>
Include fixes for CVE-2024-24855 and CVE-2024-55549
Release Notes:
https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43
Remove mem-debug option [1]
[1] https://gitlab.gnome.org/GNOME/libxslt/-/commit/c65a7c05f98ea4e9fae1247510b45db9dd3ec907
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libxslt/{libxslt_1.1.39.bb => libxslt_1.1.43.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/libxslt/{libxslt_1.1.39.bb => libxslt_1.1.43.bb} (91%)
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.39.bb b/meta/recipes-support/libxslt/libxslt_1.1.43.bb
similarity index 91%
rename from meta/recipes-support/libxslt/libxslt_1.1.39.bb
rename to meta/recipes-support/libxslt/libxslt_1.1.43.bb
index 2cc0c84bec..d251fa8122 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.39.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.43.bb
@@ -15,7 +15,7 @@ DEPENDS = "libxml2"
SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz"
-SRC_URI[sha256sum] = "2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0"
+SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"
UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -37,7 +37,7 @@ do_configure:prepend () {
touch ${S}/doc/xsltproc.1
}
-EXTRA_OECONF = "--without-python --without-debug --without-mem-debug --without-crypto"
+EXTRA_OECONF = "--without-python --without-debug --without-crypto"
# older versions of this recipe had ${PN}-utils
RPROVIDES:${PN}-bin += "${PN}-utils"
RCONFLICTS:${PN}-bin += "${PN}-utils"
--
2.43.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 3/5] icu: Adjust ICU_DATA_DIR path on big endian targets
2025-03-21 15:04 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 1/5] xserver-xorg: mark CVEs fixed in 21.1.16 as fixed Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 2/5] libxslt: upgrade 1.1.39 -> 1.1.43 Steve Sakoman
@ 2025-03-21 15:04 ` Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 4/5] gcc: unify cleanup of include-fixed, apply to cross-canadian Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 5/5] nativesdk-libtool: sanitize the script, remove buildpaths Steve Sakoman
4 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-03-21 15:04 UTC (permalink / raw)
To: openembedded-core
From: Makarios Christakis <makchrbiz@gmail.com>
On big-endian systems the preprocessor define ICU_DATA_DIR
is currently being set to a path ending with the ${PV} of
the recipe.
The PV version string has changed to a '-' separator
since oe-core commit cebe8439cdc656d53355506a31a3782312bf03c5
whereas the build system installs the data files into a
path ending with the dot-separated version of ICU.
This causes the ICU data file to not be detected at runtime,
consequently breaking any dependant applications.
We therefore substitute ${PV} with the dot-separated version
string of ICU, as returned from the icu_install_folder function,
on the ICU_DATA_DIR define on big-endian targets.
Signed-off-by: Makarios Christakis <makchrbiz@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 28cdc0110def011e3d690da1d591076385267ef7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/icu/icu_74-2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/icu/icu_74-2.bb b/meta/recipes-support/icu/icu_74-2.bb
index 53853e24a5..3a4e197308 100644
--- a/meta/recipes-support/icu/icu_74-2.bb
+++ b/meta/recipes-support/icu/icu_74-2.bb
@@ -26,7 +26,7 @@ EXTRA_OECONF:class-native = "--disable-icu-config"
EXTRA_OECONF:class-nativesdk = "--with-cross-build=${STAGING_ICU_DIR_NATIVE} --disable-icu-config"
EXTRA_OECONF:append:class-target = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'be', ' --with-data-packaging=archive', '', d)}"
-TARGET_CXXFLAGS:append = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'be', ' -DICU_DATA_DIR=\\""${datadir}/${BPN}/${PV}\\""', '', d)}"
+TARGET_CXXFLAGS:append = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'be', ' -DICU_DATA_DIR=\\""${datadir}/${BPN}/${@icu_install_folder(d)}\\""', '', d)}"
ASNEEDED = ""
--
2.43.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 4/5] gcc: unify cleanup of include-fixed, apply to cross-canadian
2025-03-21 15:04 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-03-21 15:04 ` [OE-core][scarthgap 3/5] icu: Adjust ICU_DATA_DIR path on big endian targets Steve Sakoman
@ 2025-03-21 15:04 ` Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 5/5] nativesdk-libtool: sanitize the script, remove buildpaths Steve Sakoman
4 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-03-21 15:04 UTC (permalink / raw)
To: openembedded-core
From: Denys Dmytriyenko <denys@konsulko.com>
Since target and cross variants were already doing similar cleanup
of include-fixed headers, as those aren't used, unify the code and
also apply the same to cross-canadian variant.
Some of those header files get processed with a tool that leaves
absolute buildpaths inside the file's commented section, causing
QA errors. Since those aren't used, let's remove them.
This may be a temporary solution until the tool itself gets fixed
to not embed absolute buildpaths in the header files:
https://lists.openembedded.org/g/openembedded-core/topic/107268307
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-common.inc | 4 +++
.../gcc/gcc-cross-canadian.inc | 2 ++
meta/recipes-devtools/gcc/gcc-cross.inc | 2 +-
meta/recipes-devtools/gcc/gcc-target.inc | 31 +------------------
4 files changed, 8 insertions(+), 31 deletions(-)
diff --git a/meta/recipes-devtools/gcc/gcc-common.inc b/meta/recipes-devtools/gcc/gcc-common.inc
index 7f5cc109e6..01de93cc3c 100644
--- a/meta/recipes-devtools/gcc/gcc-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-common.inc
@@ -138,3 +138,7 @@ remove_sysroot_paths_from_checksum_options () {
sed -i "s@${DEBUG_PREFIX_MAP}@@g" ${B}/gcc/checksum-options
sed -i "s@$stagingdir@$replacement@g" ${B}/gcc/checksum-options
}
+
+cleanup_installed_include_fixed () {
+ find ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed -type f -not -name "README" -not -name limits.h -not -name syslimits.h | xargs rm -f
+}
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
index adcaef2b0f..69ca18bf6e 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian.inc
@@ -174,6 +174,8 @@ do_install () {
done
done
done
+
+ cleanup_installed_include_fixed
}
ELFUTILS = "nativesdk-elfutils"
diff --git a/meta/recipes-devtools/gcc/gcc-cross.inc b/meta/recipes-devtools/gcc/gcc-cross.inc
index 1dbb6dc42b..9c8cc94c3a 100644
--- a/meta/recipes-devtools/gcc/gcc-cross.inc
+++ b/meta/recipes-devtools/gcc/gcc-cross.inc
@@ -108,7 +108,7 @@ do_install () {
cp ${S}/libquadmath/quadmath.h ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/
cp ${S}/libquadmath/quadmath_weak.h ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include/
- find ${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed -type f -not -name "README" -not -name limits.h -not -name syslimits.h | xargs rm -f
+ cleanup_installed_include_fixed
# install LTO linker plugins where binutils tools can find it
install -d ${D}${libdir}/bfd-plugins
diff --git a/meta/recipes-devtools/gcc/gcc-target.inc b/meta/recipes-devtools/gcc/gcc-target.inc
index f51d94cd65..08141f32e6 100644
--- a/meta/recipes-devtools/gcc/gcc-target.inc
+++ b/meta/recipes-devtools/gcc/gcc-target.inc
@@ -206,37 +206,8 @@ do_install () {
install -d ${D}${libdir}/bfd-plugins
ln -sf ${libexecdir}/gcc/${TARGET_SYS}/${BINV}/liblto_plugin.so ${D}${libdir}/bfd-plugins/liblto_plugin.so
chown -R root:root ${D}
-}
-do_install:append () {
- #
- # Thefixinc.sh script, run on the gcc's compile phase, looks into sysroot header
- # files and places the modified files into
- # {D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed folder. This makes the
- # build not deterministic. The following code prunes all those headers
- # except those under include-fixed/linux, *limits.h and README, yielding
- # the same include-fixed folders no matter what sysroot
-
- include_fixed="${D}${libdir}/gcc/${TARGET_SYS}/${BINV}/include-fixed"
- for f in $(find ${include_fixed} -type f); do
- case $f in
- */include-fixed/linux/*)
- continue
- ;;
- */include-fixed/*limits.h)
- continue
- ;;
- */include-fixed/README)
- continue
- ;;
- *)
- # remove file and directory if empty
- bbdebug 2 "Pruning $f"
- rm $f
- find $(dirname $f) -maxdepth 0 -empty -exec rmdir {} \;
- ;;
- esac
- done
+ cleanup_installed_include_fixed
}
# Installing /usr/lib/gcc/* means we'd have two copies, one from gcc-cross
--
2.43.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 5/5] nativesdk-libtool: sanitize the script, remove buildpaths
2025-03-21 15:04 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
` (3 preceding siblings ...)
2025-03-21 15:04 ` [OE-core][scarthgap 4/5] gcc: unify cleanup of include-fixed, apply to cross-canadian Steve Sakoman
@ 2025-03-21 15:04 ` Steve Sakoman
4 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-03-21 15:04 UTC (permalink / raw)
To: openembedded-core
From: Denys Dmytriyenko <denys@konsulko.com>
Use the same sed command to sanitize libtool script for target recipe
and nativesdk one. Otherwise fails with buildpaths QA error:
ERROR: nativesdk-libtool-2.5.0-r0 do_package_qa: QA Issue: File /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/usr/bin/libtool in package nativesdk-libtool contains reference to TMPDIR [buildpaths]
(From OE-Core rev: f08df9adf290fb6cbebff24df6bbbbe8e5ce95e0)
Upstream-Status: Backport[https://git.yoctoproject.org/poky/commit/?id=89e184da6c9d95a99fd34334df5ac6c5ae87f13a]
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89e184da6c9d95a99fd34334df5ac6c5ae87f13a)
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/libtool/libtool_2.4.7.bb | 15 +--------------
.../libtool/nativesdk-libtool_2.4.7.bb | 1 +
.../libtool/remove-buildpaths.inc | 13 +++++++++++++
3 files changed, 15 insertions(+), 14 deletions(-)
create mode 100644 meta/recipes-devtools/libtool/remove-buildpaths.inc
diff --git a/meta/recipes-devtools/libtool/libtool_2.4.7.bb b/meta/recipes-devtools/libtool/libtool_2.4.7.bb
index 44a4950574..c1e315aece 100644
--- a/meta/recipes-devtools/libtool/libtool_2.4.7.bb
+++ b/meta/recipes-devtools/libtool/libtool_2.4.7.bb
@@ -1,4 +1,5 @@
require libtool-${PV}.inc
+require remove-buildpaths.inc
SRC_URI += "file://multilib.patch"
@@ -15,20 +16,6 @@ SYSROOT_DIRS_IGNORE += " \
ACLOCALEXTRAPATH:class-target = ""
-do_install:append () {
- sed -e 's@--sysroot=${STAGING_DIR_HOST}@@g' \
- -e "s@${DEBUG_PREFIX_MAP}@@g" \
- -e 's@${STAGING_DIR_HOST}@@g' \
- -e 's@${STAGING_DIR_NATIVE}@@g' \
- -e 's@^\(sys_lib_search_path_spec="\).*@\1${libdir} ${base_libdir}"@' \
- -e 's@^\(compiler_lib_search_dirs="\).*@\1${libdir} ${base_libdir}"@' \
- -e 's@^\(compiler_lib_search_path="\).*@\1${libdir} ${base_libdir}"@' \
- -e 's@^\(predep_objects="\).*@\1"@' \
- -e 's@^\(postdep_objects="\).*@\1"@' \
- -e "s@${HOSTTOOLS_DIR}/@@g" \
- -i ${D}${bindir}/libtool
-}
-
inherit multilib_script
MULTILIB_SCRIPTS = "${PN}:${bindir}/libtool"
diff --git a/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb b/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb
index 86c55ded7b..ac460decf6 100644
--- a/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb
+++ b/meta/recipes-devtools/libtool/nativesdk-libtool_2.4.7.bb
@@ -1,4 +1,5 @@
require libtool-${PV}.inc
+require remove-buildpaths.inc
FILESEXTRAPATHS =. "${FILE_DIRNAME}/libtool:"
diff --git a/meta/recipes-devtools/libtool/remove-buildpaths.inc b/meta/recipes-devtools/libtool/remove-buildpaths.inc
new file mode 100644
index 0000000000..1ca95aeace
--- /dev/null
+++ b/meta/recipes-devtools/libtool/remove-buildpaths.inc
@@ -0,0 +1,13 @@
+do_install:append () {
+ sed -e 's@--sysroot=${STAGING_DIR_HOST}@@g' \
+ -e "s@${DEBUG_PREFIX_MAP}@@g" \
+ -e 's@${STAGING_DIR_HOST}@@g' \
+ -e 's@${STAGING_DIR_NATIVE}@@g' \
+ -e 's@^\(sys_lib_search_path_spec="\).*@\1${libdir} ${base_libdir}"@' \
+ -e 's@^\(compiler_lib_search_dirs="\).*@\1${libdir} ${base_libdir}"@' \
+ -e 's@^\(compiler_lib_search_path="\).*@\1${libdir} ${base_libdir}"@' \
+ -e 's@^\(predep_objects="\).*@\1"@' \
+ -e 's@^\(postdep_objects="\).*@\1"@' \
+ -e "s@${HOSTTOOLS_DIR}/@@g" \
+ -i ${D}${bindir}/libtool
+}
--
2.43.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 0/5] Patch review
@ 2025-04-01 19:59 Steve Sakoman
0 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-04-01 19:59 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, April 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1310
The following changes since commit 2f242f2a269bb18aab703f685e27f9c3ba761db8:
cve-update-nvd2-native: handle missing vulnStatus (2025-03-31 08:26:56 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Martin Jansa (1):
mc: set ac_cv_path_ZIP to avoid buildpaths QA issues
Michael Halstead (1):
yocto-uninative: Update to 4.7 for glibc 2.41
Peter Marko (2):
expat: patch CVE-2024-8176
freetype: follow-up patch for CVE-2025-27363
Virendra Thakur (1):
rust-cross-canadian: Set CVE_STATUS ignore for CVE-2024-43402
meta/conf/distro/include/yocto-uninative.inc | 10 +-
...ests-Cover-indirect-entity-recursion.patch | 103 ++
.../expat/expat/CVE-2024-8176-01.patch | 1477 +++++++++++++++++
.../expat/expat/CVE-2024-8176-02.patch | 248 +++
meta/recipes-core/expat/expat_2.6.4.bb | 3 +
.../rust/rust-cross-canadian.inc | 4 +
meta/recipes-extended/mc/mc_4.8.31.bb | 1 +
.../freetype/freetype/CVE-2025-27363.patch | 33 +
.../freetype/freetype_2.13.2.bb | 4 +-
9 files changed, 1877 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-core/expat/expat/0001-tests-Cover-indirect-entity-recursion.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-01.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-02.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
--
2.43.0
^ permalink raw reply [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 0/5] Patch review
@ 2025-09-04 15:22 Steve Sakoman
0 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-09-04 15:22 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Monday, September 9
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2314
The following changes since commit a19afb7db1b9995ce433f8bfeb5406c9fd1fdc19:
sudo: remove devtool FIXME comment (2025-08-27 10:17:41 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Deepak Rathore (1):
default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue
Hongxu Jia (1):
rpm: keep leading `/' from sed operation
Kyungjik Min (1):
pulseaudio: Add audio group explicitly
Stanislav Vovk (1):
libpam: fix CVE-2024-10963
Vrushti Dabhi (1):
curl: update CVE_STATUS for CVE-2025-5025
meta-selftest/files/static-group | 1 +
.../distro/include/default-distrovars.inc | 2 +-
meta/lib/oeqa/sdk/buildtools-cases/https.py | 4 +-
meta/recipes-devtools/rpm/rpm_4.19.1.1.bb | 6 +-
.../pam/libpam/CVE-2024-10963.patch | 265 ++++++++++++++++++
meta/recipes-extended/pam/libpam_1.5.3.bb | 1 +
.../pulseaudio/pulseaudio.inc | 2 +-
meta/recipes-support/curl/curl_8.7.1.bb | 2 +-
8 files changed, 275 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10963.patch
--
2.43.0
^ permalink raw reply [flat|nested] 9+ messages in thread
* [OE-core][scarthgap 0/5] Patch review
@ 2025-12-29 23:07 Steve Sakoman
0 siblings, 0 replies; 9+ messages in thread
From: Steve Sakoman @ 2025-12-29 23:07 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have commments back by
end of day Wednesday, December 31
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2954
The following changes since commit dccb7a185fe58a97f33e219b4db283ff4a2071d7:
cross.bbclass: Propagate dependencies to outhash (2025-12-23 06:28:05 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Changqing Li (1):
libsoup: fix CVE-2025-12105
Jiaying Song (1):
grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663
CVE-2025-61664
Vijay Anusuri (3):
go: Update CVE-2025-58187
go: Fix CVE-2025-61727
go: Fix CVE-2025-61729
.../grub/files/CVE-2025-54770.patch | 41 ++
.../grub/files/CVE-2025-61661.patch | 40 ++
.../grub/files/CVE-2025-61662.patch | 72 +++
.../grub/files/CVE-2025-61663_61664.patch | 64 +++
meta/recipes-bsp/grub/grub2.inc | 4 +
meta/recipes-devtools/go/go-1.22.12.inc | 5 +-
...025-58187.patch => CVE-2025-58187-1.patch} | 0
.../go/go/CVE-2025-58187-2.patch | 516 ++++++++++++++++++
.../go/go/CVE-2025-61727.patch | 226 ++++++++
.../go/go/CVE-2025-61729.patch | 174 ++++++
.../libsoup-3.4.4/CVE-2025-12105.patch | 34 ++
meta/recipes-support/libsoup/libsoup_3.4.4.bb | 1 +
12 files changed, 1176 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
rename meta/recipes-devtools/go/go/{CVE-2025-58187.patch => CVE-2025-58187-1.patch} (100%)
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58187-2.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61727.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61729.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-12105.patch
--
2.43.0
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-12-29 23:08 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-21 15:04 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 1/5] xserver-xorg: mark CVEs fixed in 21.1.16 as fixed Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 2/5] libxslt: upgrade 1.1.39 -> 1.1.43 Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 3/5] icu: Adjust ICU_DATA_DIR path on big endian targets Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 4/5] gcc: unify cleanup of include-fixed, apply to cross-canadian Steve Sakoman
2025-03-21 15:04 ` [OE-core][scarthgap 5/5] nativesdk-libtool: sanitize the script, remove buildpaths Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-04-01 19:59 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
2025-09-04 15:22 Steve Sakoman
2025-12-29 23:07 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox