[OE-core][walnascar 00/15] Patch review

[Steve Sakoman <steve@sakoman.com>]

Please review this set of changes for walnascar and have comments back by
end of day Wednesday, July 16

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2000

The following changes since commit c855be07828c9cff3aa7ddfa04eb0c4df28658e4:

  build-appliance-image: Update to walnascar head revision (2025-07-04 07:52:57 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/walnascar-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/walnascar-nut

Archana Polampalli (1):
  openssl: upgrade 3.4.1 -> 3.4.2

Changqing Li (4):
  icu: fix CVE-2025-5222
  libsoup-2.4: fix CVE-2025-4945
  libsoup: fix CVE-2025-4945
  mingetty: fix do_package warning

Divya Chellam (1):
  libarchive: fix CVE-2025-5915

Khem Raj (2):
  webkitgtk: Fix build break on non-arm/non-x86 systems
  webkitgtk: Use gcc to compile for arm target

Peter Marko (1):
  python3: update CVE product

Praveen Kumar (1):
  sudo: upgrade 1.9.17 -> 1.9.17p1

Wang Mingyu (3):
  sudo: upgrade 1.9.16p2 -> 1.9.17
  libpam: upgrade 1.7.0 -> 1.7.1
  ruby: upgrade 3.4.3 -> 3.4.4

Yogesh Tyagi (1):
  ltp: backport patch to fix compilation error for Skylake
    -march=x86-64-v3

Yogita Urade (1):
  webkitgtk: upgrade 2.48.1 -> 2.48.2

 .../{openssl_3.4.1.bb => openssl_3.4.2.bb}    |   2 +-
 .../recipes-devtools/python/python3_3.13.4.bb |   2 +-
 ...Obey-LDFLAGS-for-the-link-of-libruby.patch |   6 +-
 ...eproducible-change-fixing-784225-too.patch |   6 +-
 .../ruby/{ruby_3.4.3.bb => ruby_3.4.4.bb}     |   2 +-
 .../libarchive/libarchive/CVE-2025-5915.patch | 217 ++++++++++++++++++
 .../libarchive/libarchive_3.7.9.bb            |   5 +-
 ...cve-2015-3290-Disable-AVX-for-x86_64.patch |  42 ++++
 meta/recipes-extended/ltp/ltp_20250130.bb     |   1 +
 .../mingetty/mingetty_1.08.bb                 |   2 +-
 ...ect-check-for-existence-of-two-prepr.patch |  40 ----
 .../pam/{libpam_1.7.0.bb => libpam_1.7.1.bb}  |   3 +-
 ...o.conf.in-fix-conflict-with-multilib.patch |   6 +-
 meta/recipes-extended/sudo/sudo.inc           |   2 +-
 .../{sudo_1.9.16p2.bb => sudo_1.9.17p1.bb}    |   2 +-
 ...ebkitgtk_2.48.1.bb => webkitgtk_2.48.2.bb} |   4 +-
 .../icu/icu/CVE-2025-5222.patch               | 166 ++++++++++++++
 meta/recipes-support/icu/icu_76-1.bb          |   1 +
 .../libsoup/libsoup-2.4/CVE-2025-4945.patch   | 117 ++++++++++
 .../libsoup/libsoup-2.4_2.74.3.bb             |   1 +
 .../libsoup/libsoup/CVE-2025-4945.patch       | 118 ++++++++++
 meta/recipes-support/libsoup/libsoup_3.6.5.bb |   1 +
 22 files changed, 686 insertions(+), 60 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.4.1.bb => openssl_3.4.2.bb} (99%)
 rename meta/recipes-devtools/ruby/{ruby_3.4.3.bb => ruby_3.4.4.bb} (98%)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5915.patch
 create mode 100644 meta/recipes-extended/ltp/ltp/0001-cve-2015-3290-Disable-AVX-for-x86_64.patch
 delete mode 100644 meta/recipes-extended/pam/libpam/0001-meson.build-correct-check-for-existence-of-two-prepr.patch
 rename meta/recipes-extended/pam/{libpam_1.7.0.bb => libpam_1.7.1.bb} (97%)
 rename meta/recipes-extended/sudo/{sudo_1.9.16p2.bb => sudo_1.9.17p1.bb} (96%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.48.1.bb => webkitgtk_2.48.2.bb} (97%)
 create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-4945.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-4945.patch

-- 
2.43.0