From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/24] Patch review
Date: Thu, 9 Oct 2025 12:30:44 -0700 [thread overview]
Message-ID: <cover.1760038088.git.steve@sakoman.com> (raw)
Please review this set of changes for kirkstone and have comments back by
end of day Monday, October 13
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2552
The following changes since commit 2285f30e643f52511c328e4f6e1f0c042bea4110:
libhandy: update git branch name (2025-09-30 06:42:16 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.30
Archana Polampalli (2):
go: fix CVE-2025-47906
openssl: upgrade 3.0.17 -> 3.0.18
AshishKumar Mishra (2):
systemd: backport fix for handle USE_NLS from master
p11-kit: backport fix for handle USE_NLS from master
Deepesh Varatharajan (1):
glibc: stable 2.35 branch updates
Gyorgy Sarvari (1):
conf/bitbake.conf: use gnu mirror instead of main server
Peter Marko (10):
busybox: patch CVE-2025-46394
gstreamer1.0: ignore CVEs fixed in plugins
gstreamer1.0: ignore CVE-2025-2759
grub: ignore CVE-2024-2312
ghostscript: patch CVE-2025-59798
ghostscript: patch CVE-2025-59799
ghostscript: patch CVE-2025-59800
pulseaudio: ignore CVE-2024-11586
ffmpeg: ignore CVE-2023-6603
ffmpeg: mark CVE-2023-6601 as patched
Steve Sakoman (2):
selftest/cases/meta_ide.py: use use gnu mirror instead of main server
oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server
Theo GAIGE (1):
libxml2: fix CVE-2025-9714
Vijay Anusuri (4):
gstreamer1.0-plugins-bad: Fix CVE-2025-3887
libxslt: Patch for CVE-2025-7424
tiff: Fix CVE-2025-8961
tiff: Fix CVE-2025-9165
meta/conf/bitbake.conf | 2 +-
meta/lib/oeqa/sdk/cases/buildcpio.py | 2 +-
meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +-
meta/recipes-bsp/grub/grub2.inc | 2 +
.../{openssl_3.0.17.bb => openssl_3.0.18.bb} | 2 +-
.../busybox/busybox/CVE-2025-46394-01.patch | 57 ++++++
.../busybox/busybox/CVE-2025-46394-02.patch | 32 ++++
meta/recipes-core/busybox/busybox_1.35.0.bb | 2 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../libxml/libxml2/CVE-2025-9714.patch | 117 ++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
meta/recipes-core/systemd/systemd_250.14.bb | 1 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2025-47906.patch | 171 ++++++++++++++++++
.../ghostscript/CVE-2025-59798.patch | 134 ++++++++++++++
.../ghostscript/CVE-2025-59799.patch | 41 +++++
.../ghostscript/CVE-2025-59800.patch | 36 ++++
.../ghostscript/ghostscript_9.55.0.bb | 3 +
...602-CVE-2023-6604-CVE-2023-6605-0002.patch | 2 +-
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 4 +
.../CVE-2025-3887-1.patch | 50 +++++
.../CVE-2025-3887-2.patch | 93 ++++++++++
.../gstreamer1.0-plugins-bad_1.20.7.bb | 2 +
.../gstreamer/gstreamer1.0_1.20.7.bb | 15 +-
.../libtiff/tiff/CVE-2025-8961.patch | 74 ++++++++
.../libtiff/tiff/CVE-2025-9165.patch | 32 ++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
.../pulseaudio/pulseaudio.inc | 3 +
.../libxslt/libxslt/CVE-2025-7424.patch | 105 +++++++++++
.../recipes-support/libxslt/libxslt_1.1.35.bb | 1 +
.../recipes-support/p11-kit/p11-kit_0.24.1.bb | 1 +
scripts/install-buildtools | 4 +-
32 files changed, 985 insertions(+), 11 deletions(-)
rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} (99%)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-9714.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47906.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8961.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-7424.patch
--
2.43.0
next reply other threads:[~2025-10-09 19:31 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-09 19:30 Steve Sakoman [this message]
2025-10-09 19:30 ` [OE-core][kirkstone 01/24] libxml2: fix CVE-2025-9714 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 02/24] gstreamer1.0-plugins-bad: Fix CVE-2025-3887 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 03/24] busybox: patch CVE-2025-46394 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 04/24] libxslt: Patch for CVE-2025-7424 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 05/24] tiff: Fix CVE-2025-8961 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 06/24] tiff: Fix CVE-2025-9165 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 07/24] gstreamer1.0: ignore CVEs fixed in plugins Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 08/24] gstreamer1.0: ignore CVE-2025-2759 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 09/24] grub: ignore CVE-2024-2312 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 10/24] ghostscript: patch CVE-2025-59798 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 11/24] ghostscript: patch CVE-2025-59799 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 12/24] ghostscript: patch CVE-2025-59800 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 13/24] pulseaudio: ignore CVE-2024-11586 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 14/24] ffmpeg: ignore CVE-2023-6603 Steve Sakoman
2025-10-09 19:30 ` [OE-core][kirkstone 15/24] ffmpeg: mark CVE-2023-6601 as patched Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 16/24] go: fix CVE-2025-47906 Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 17/24] scripts/install-buildtools: Update to 4.0.30 Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 18/24] openssl: upgrade 3.0.17 -> 3.0.18 Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 19/24] glibc: stable 2.35 branch updates Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 20/24] systemd: backport fix for handle USE_NLS from master Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 21/24] p11-kit: " Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 22/24] conf/bitbake.conf: use gnu mirror instead of main server Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 23/24] selftest/cases/meta_ide.py: use " Steve Sakoman
2025-10-09 19:31 ` [OE-core][kirkstone 24/24] oeqa/sdk/cases/buildcpio.py: " Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-09-07 14:20 [OE-core][kirkstone 00/24] Patch review Steve Sakoman
2022-08-27 18:25 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1760038088.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox