[OE-core][whinlatter 00/11] Patch review

[Yoann Congal <yoann.congal@smile.fr>]

Please review this set of changes for whinlatter and have comments back by
end of day Friday, January 9.

Note that this series contains the revert of 2 commits (merged on
whinlatter before they were on master)

Passed a-full on autobuilder(*):

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3002

The following changes since commit 6c4c6d39ea3202d756acc13f8ce81b114a468541:

  cups: upgrade from 2.4.14 to 2.4.15 (2025-12-29 09:49:31 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-nut

Alexander Kanavin (1):
  glib-2.0: upgrade 2.86.1 -> 2.86.3

Peter Marko (8):
  dropbear: patch CVE-2019-6111
  sqlite3: mark CVE-2025-29087 as patched
  python3-urllib3: patch CVE-2025-66418
  python3-urllib3: patch CVE-2025-66471
  python3: upgrade 3.13.9 -> 3.13.11
  libarchive: upgrade 3.8.3 -> 3.8.4
  libpng: upgrade 1.6.51 -> 1.6.52
  libpcap: upgrade 1.10.5 -> 1.10.6

Yoann Congal (2):
  Revert "populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain
    in locked sigs"
  Revert "create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for
    eSDK installation"

 .../create-spdx-image-3.0.bbclass             |   2 +-
 meta/classes-recipe/populate_sdk_ext.bbclass  |   9 -
 .../{libpcap_1.10.5.bb => libpcap_1.10.6.bb}  |   2 +-
 .../dropbear/dropbear/CVE-2019-6111.patch     | 157 +++
 .../recipes-core/dropbear/dropbear_2025.88.bb |   1 +
 ...t-write-bindir-into-pkg-config-files.patch |  10 +-
 ...0001-Fix-DATADIRNAME-on-uclibc-Linux.patch |   2 +-
 ...-gio-querymodules-as-libexec_PROGRAM.patch |   6 +-
 ...ng-about-deprecated-paths-in-schemas.patch |   2 +-
 ...ces.c-comment-out-a-build-host-only-.patch |   2 +-
 ...on-Run-atomics-test-on-clang-as-well.patch |   6 +-
 ...ot-enable-pidfd-features-on-native-g.patch |   6 +-
 ...dcode-python-path-into-various-tools.patch |   2 +-
 .../glib-2.0/files/relocate-modules.patch     |   8 +-
 .../glib-2.0/files/skip-timeout.patch         |   2 +-
 ...l_2.86.1.bb => glib-2.0-initial_2.86.3.bb} |   0
 ...{glib-2.0_2.86.1.bb => glib-2.0_2.86.3.bb} |   0
 meta/recipes-core/glib-2.0/glib.inc           |   2 +-
 .../python3-urllib3/CVE-2025-66418.patch      |  74 ++
 .../python3-urllib3/CVE-2025-66471.patch      | 930 ++++++++++++++++++
 .../python/python3-urllib3_2.5.0.bb           |   5 +
 .../{python3_3.13.9.bb => python3_3.13.11.bb} |   2 +-
 ...ibarchive_3.8.3.bb => libarchive_3.8.4.bb} |   2 +-
 .../{libpng_1.6.51.bb => libpng_1.6.52.bb}    |   2 +-
 .../sqlite/files/CVE-2025-3277.patch          |   1 +
 25 files changed, 1197 insertions(+), 38 deletions(-)
 rename meta/recipes-connectivity/libpcap/{libpcap_1.10.5.bb => libpcap_1.10.6.bb} (95%)
 create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch
 rename meta/recipes-core/glib-2.0/{glib-2.0-initial_2.86.1.bb => glib-2.0-initial_2.86.3.bb} (100%)
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.86.1.bb => glib-2.0_2.86.3.bb} (100%)
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch
 rename meta/recipes-devtools/python/{python3_3.13.9.bb => python3_3.13.11.bb} (99%)
 rename meta/recipes-extended/libarchive/{libarchive_3.8.3.bb => libarchive_3.8.4.bb} (96%)
 rename meta/recipes-multimedia/libpng/{libpng_1.6.51.bb => libpng_1.6.52.bb} (97%)