From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 0/5] Patch review
Date: Tue, 1 Apr 2025 12:59:17 -0700 [thread overview]
Message-ID: <cover.1743537463.git.steve@sakoman.com> (raw)
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, April 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1310
The following changes since commit 2f242f2a269bb18aab703f685e27f9c3ba761db8:
cve-update-nvd2-native: handle missing vulnStatus (2025-03-31 08:26:56 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Martin Jansa (1):
mc: set ac_cv_path_ZIP to avoid buildpaths QA issues
Michael Halstead (1):
yocto-uninative: Update to 4.7 for glibc 2.41
Peter Marko (2):
expat: patch CVE-2024-8176
freetype: follow-up patch for CVE-2025-27363
Virendra Thakur (1):
rust-cross-canadian: Set CVE_STATUS ignore for CVE-2024-43402
meta/conf/distro/include/yocto-uninative.inc | 10 +-
...ests-Cover-indirect-entity-recursion.patch | 103 ++
.../expat/expat/CVE-2024-8176-01.patch | 1477 +++++++++++++++++
.../expat/expat/CVE-2024-8176-02.patch | 248 +++
meta/recipes-core/expat/expat_2.6.4.bb | 3 +
.../rust/rust-cross-canadian.inc | 4 +
meta/recipes-extended/mc/mc_4.8.31.bb | 1 +
.../freetype/freetype/CVE-2025-27363.patch | 33 +
.../freetype/freetype_2.13.2.bb | 4 +-
9 files changed, 1877 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-core/expat/expat/0001-tests-Cover-indirect-entity-recursion.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-01.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2024-8176-02.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch
--
2.43.0
next reply other threads:[~2025-04-01 19:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 19:59 Steve Sakoman [this message]
2025-04-01 19:59 ` [OE-core][scarthgap 1/5] expat: patch CVE-2024-8176 Steve Sakoman
2025-04-01 19:59 ` [OE-core][scarthgap 2/5] freetype: follow-up patch for CVE-2025-27363 Steve Sakoman
2025-04-01 19:59 ` [OE-core][scarthgap 3/5] rust-cross-canadian: Set CVE_STATUS ignore for CVE-2024-43402 Steve Sakoman
2025-04-01 19:59 ` [OE-core][scarthgap 4/5] yocto-uninative: Update to 4.7 for glibc 2.41 Steve Sakoman
2025-04-01 19:59 ` [OE-core][scarthgap 5/5] mc: set ac_cv_path_ZIP to avoid buildpaths QA issues Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-12-29 23:07 [OE-core][scarthgap 0/5] Patch review Steve Sakoman
2025-09-04 15:22 Steve Sakoman
2025-03-21 15:04 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1743537463.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox