From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/15] Patch review
Date: Tue, 29 Apr 2025 19:59:48 -0700 [thread overview]
Message-ID: <cover.1745981742.git.steve@sakoman.com> (raw)
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, May 1
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1498
The following changes since commit 87cadf62ba0d6b0fc3dc0151a5d320919b7eb1ab:
bluez5: add missing tools to noinst-tools package (2025-04-22 10:32:27 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Alexander Kanavin (1):
perlcross: update 1.5.2 -> 1.6
Archana Polampalli (2):
perlcross: 1.6 -> 1.6.2
perl: upgrade 5.38.2 -> 5.38.4
Changqing Li (4):
initscripts: add function
log_success_msg/log_failure_msg/log_warning_msg
buildtools-tarball: move setting of envvars to respective envfile
buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS
buildtools-tarball: Make buildtools respects host CA certificates
Peter Marko (5):
ppp: patch CVE-2024-58250
libxml2: patch CVE-2025-32414
libxml2: patch CVE-2025-32415
glib-2.0: patch CVE-2025-3360
Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR"
Priyal Doshi (1):
tzdata/tzcode-native: upgrade 2025a -> 2025b
Shubham Kulkarni (1):
libpam: Update fix for CVE-2024-10041
Soumya Sambu (1):
git: Upgrade 2.44.1 -> 2.44.3
.../openssl/files/environment.d-openssl.sh | 22 +-
.../ppp/ppp/CVE-2024-58250.patch | 194 ++++++++++++++++++
meta/recipes-connectivity/ppp/ppp_2.5.0.bb | 2 +-
.../glib-2.0/glib-2.0/CVE-2025-3360-01.patch | 57 +++++
.../glib-2.0/glib-2.0/CVE-2025-3360-02.patch | 53 +++++
.../glib-2.0/glib-2.0/CVE-2025-3360-03.patch | 36 ++++
.../glib-2.0/glib-2.0/CVE-2025-3360-04.patch | 76 +++++++
.../glib-2.0/glib-2.0/CVE-2025-3360-05.patch | 57 +++++
.../glib-2.0/glib-2.0/CVE-2025-3360-06.patch | 50 +++++
meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 8 +-
.../initscripts/initscripts-1.0/functions | 21 ++
.../initscripts/initscripts_1.0.bb | 1 -
.../libxml/libxml2/CVE-2025-32414.patch | 74 +++++++
.../libxml/libxml2/CVE-2025-32415.patch | 39 ++++
meta/recipes-core/libxml/libxml2_2.12.10.bb | 2 +
meta/recipes-core/meta/buildtools-tarball.bb | 29 ++-
.../meta/cve-update-nvd2-native.bb | 2 -
.../git/git/environment.d-git.sh | 19 ++
.../git/{git_2.44.1.bb => git_2.44.3.bb} | 10 +-
...ile-check-the-file-if-patched-or-not.patch | 3 +-
...oss-add-LDFLAGS-when-linking-libperl.patch | 9 +-
.../perl-cross/files/determinism.patch | 41 ++--
...{perlcross_1.5.2.bb => perlcross_1.6.2.bb} | 2 +-
.../perl/{perl_5.38.2.bb => perl_5.38.4.bb} | 2 +-
.../environment.d-python3-requests.sh | 11 +
.../python/python3-requests_2.32.3.bb | 11 +
...024-10041.patch => CVE-2024-10041-1.patch} | 0
.../pam/libpam/CVE-2024-10041-2.patch | 77 +++++++
meta/recipes-extended/pam/libpam_1.5.3.bb | 3 +-
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../curl/curl/environment.d-curl.sh | 19 ++
meta/recipes-support/curl/curl_8.7.1.bb | 9 +
32 files changed, 899 insertions(+), 46 deletions(-)
create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
create mode 100644 meta/recipes-devtools/git/git/environment.d-git.sh
rename meta/recipes-devtools/git/{git_2.44.1.bb => git_2.44.3.bb} (93%)
rename meta/recipes-devtools/perl-cross/{perlcross_1.5.2.bb => perlcross_1.6.2.bb} (92%)
rename meta/recipes-devtools/perl/{perl_5.38.2.bb => perl_5.38.4.bb} (99%)
create mode 100644 meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
rename meta/recipes-extended/pam/libpam/{CVE-2024-10041.patch => CVE-2024-10041-1.patch} (100%)
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch
create mode 100644 meta/recipes-support/curl/curl/environment.d-curl.sh
--
2.43.0
next reply other threads:[~2025-04-30 3:00 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-30 2:59 Steve Sakoman [this message]
2025-04-30 2:59 ` [OE-core][scarthgap 01/15] libpam: Update fix for CVE-2024-10041 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 02/15] ppp: patch CVE-2024-58250 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 03/15] libxml2: patch CVE-2025-32414 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 04/15] libxml2: patch CVE-2025-32415 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 05/15] glib-2.0: patch CVE-2025-3360 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 06/15] git: Upgrade 2.44.1 -> 2.44.3 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 07/15] perlcross: update 1.5.2 -> 1.6 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 08/15] perlcross: 1.6 -> 1.6.2 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 09/15] perl: upgrade 5.38.2 -> 5.38.4 Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 10/15] tzdata/tzcode-native: upgrade 2025a -> 2025b Steve Sakoman
2025-04-30 2:59 ` [OE-core][scarthgap 11/15] initscripts: add function log_success_msg/log_failure_msg/log_warning_msg Steve Sakoman
2025-04-30 3:00 ` [OE-core][scarthgap 12/15] buildtools-tarball: move setting of envvars to respective envfile Steve Sakoman
2025-04-30 3:00 ` [OE-core][scarthgap 13/15] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS Steve Sakoman
2025-04-30 3:00 ` [OE-core][scarthgap 14/15] buildtools-tarball: Make buildtools respects host CA certificates Steve Sakoman
2025-04-30 3:00 ` [OE-core][scarthgap 15/15] Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR" Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2026-03-20 0:28 [OE-core][scarthgap 00/15] Patch review Yoann Congal
2025-01-13 20:46 Steve Sakoman
2025-01-13 22:32 ` [scarthgap " Adrian Freihofer
2025-01-14 15:56 ` [OE-core] " Steve Sakoman
2025-01-14 16:31 ` Adrian Freihofer
2024-12-04 20:36 [OE-core][scarthgap " Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1745981742.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox