From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F02BAD2ECF7 for ; Tue, 20 Jan 2026 13:38:15 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6465.1768916285463963380 for ; Tue, 20 Jan 2026 05:38:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=pPTp9Fwj; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47ee301a06aso50646575e9.0 for ; Tue, 20 Jan 2026 05:38:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916283; x=1769521083; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=GmINQwgmYKePf3O9IyFxrytdJ89b5Oj88kg+hmdsa/E=; b=pPTp9FwjHa6QKSl4eMyrwQUrstW/3RtLIZZ/x57yrNp7CW2+VtO4uxE9tfb7GhIjvn HYc+J7SYNvz8hWUsZKRKjxT2v8yHKelZH/7T3x1ZP68/pqQ9XEsEpvkEXbT9v/CHc20b bYmxVHsNjIvW/VdpSTOtPZa5I1HyYlBmt5NwI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916283; x=1769521083; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GmINQwgmYKePf3O9IyFxrytdJ89b5Oj88kg+hmdsa/E=; b=o3eelAdfGYwCg/4ThWF6mOryNCVZWPPyEbFWZWV/t/0q6XGR/NzZxjb+LIl5uQS2J2 i28+un6qh2gPvO58Ec8ufqr6C5mWB8lJ0XLIzRGeqULlvDgzBuKH2PUPhj8USUVYGIPD df4rk4lSAOS0KiohiJJtLMFtjRMiO/AIg7zAN5FJMzY99U/e0QiC5tMUrei7DevjZozI g89OjhCsHnqlE4OrzXCoJ3DBXQFLFJpzM4BPTejBIBTL0WYbTIh0NK7DnTFJtR0NStUY i+rFR/O61T82fsezgtgJThe7AzlB9goBu1E8KgRPEdtYq36hWoXajNIrY7BvSnNVs1jn ZGqg== X-Gm-Message-State: AOJu0YwaUh8u8RYYclKI/mIFNT25i8tL/l+RZd4tm19u+8xVePW+o82V l0kw7qXT6Rr5r+1cU8J0RnOJv9DdxWYtJcDMkyzf2JPGE5FdmCej2yhPM0sxyKVEHcI1W9DP1WJ 1eyx0 X-Gm-Gg: AY/fxX7R+4XlqVYH3D7/mAwKiElUhBSrEHu23GF/Oyr/E9wYFcSJjBLZmpHVX2uHc0m EogdZv58IMl0qfhgm6bNCPG2hq50W0mat9ZYuTLnAdBpgCh2ix727BSFm9cg7euSJp3OcVB7qDD PMNN5Q7yT5wm7P9ZYAB153mGiq1OPbYNe4kxaxbm2fDr9VmUnOgBrP1x/IZ/vUtq8clYlsYYuFL LzIe/UN5rhK46R9QNVGArfBz2IBwbyFQey/lyPCMmXaoEClcqJotvQnrJxwhZe/Q2C5tlFRfbW1 GQCWVrBo+C6BxmBJP22CJVlAtHbUkmsamffOpPz+MC1USz7/AQPPgP2wbwH9OzMopTRv3lCHfTG qkJ/9z2UNhpN5fEK2TGHWQh5nUebQNZyCQdRVWlNucX0drbDkKft/6XaVVtp53O3fb00Ce6DAso h9xwSi0mQfWmFDS6wSKpORUaIE0JrFbmYJ+BA+eaSv/MI0Ck1Zdo/Qru5KXvwoPmYLwNjdebCdY ElwfpnqX/hOE6NyQxbbIw== X-Received: by 2002:a05:600c:1d15:b0:477:5ad9:6df1 with SMTP id 5b1f17b1804b1-4803caa7f4dmr30433095e9.3.1768916283371; Tue, 20 Jan 2026 05:38:03 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:03 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 00/26] Patch review Date: Tue, 20 Jan 2026 14:37:22 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229706 Please review this set of changes for kirkstone and have comments back by end of day Thursday, January 22. This is the last patch review request for kirkstone 4.0.33 before it is built on monday: In addition to normal CVE fixes: * pseudo upgrade to fix 16117 – AB-INT: do_package: Error executing a python function in exec_func_python() autogenerated https://bugzilla.yoctoproject.org/show_bug.cgi?id=16117 * A oeqa fix for 16137 – AB-INT: core-image-sato.bb:do_testsdk fails on ftpmirror.gnu.org returning 502 Bad Gateway https://bugzilla.yoctoproject.org/show_bug.cgi?id=16137 Passed (with rebuild) a-full on autobuilder: * https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3090 * via poky-contrib stable/kirkstone-nut : * OE-core tip is at https://git.yoctoproject.org/poky-contrib/commit/?h=stable/kirkstone-nut&id=08f446ecb3d3b78daaf8e5b90dec1bff6cb1d5d8 * meta-mingw failed https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3115 * Bug is: #16145 – [kirkstone] AB-INT: mingw-sdktest fail with "wine %CC" returning 1 * then, with the same commits, meta-mingw was successfully rebuilt https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3119 The following changes since commit 0057fc49725db8637656fac10631d8f89799bad3: go: Fix CVE-2025-61729 (2025-12-29 08:48:27 -0800) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut for you to fetch changes up to 20ff1a4ac744855b54952d7fad7424696500a230: oeqa: Use 2.14 release of cpio instead of 2.13 (2026-01-19 23:44:02 +0100) ---------------------------------------------------------------- Hitendra Prajapati (1): python3: fix CVE-2025-13836 Khem Raj (1): oeqa: Use 2.14 release of cpio instead of 2.13 Paul Barker (1): pseudo: Add hard sstate dependencies for pseudo-native Peter Marko (17): util-linux: patch CVE-2025-14104 glib-2.0: patch CVE-2025-13601 glib-2.0: patch CVE-2025-14087 glib-2.0: patch CVE-2025-14512 qemu: ignore CVE-2025-54566 and CVE-2025-54567 cups: patch CVE-2025-58436 cups: patch CVE-2025-61915 cups: allow unknown directives in conf files dropbear: patch CVE-2019-6111 python3-urllib3: patch CVE-2025-66418 libpcap: patch CVE-2025-11961 libpcap: patch CVE-2025-11964 libarchive: fix CVE-2025-60753 regression curl: patch CVE-2025-14017 curl: patch CVE-2025-15079 curl: patch CVE-2025-15224 gnupg: patch CVE-2025-68973 Richard Purdie (4): pseudo: Upgrade to version 1.9.1 pseudo: Update to pull in memleak fix pseudo: Update to pull in openat2 and efault return code changes pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' Robert Yang (1): pseudo: 1.9.0 -> 1.9.2 Vijay Anusuri (1): binutils: Fix CVE-2025-1181 meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +- meta/lib/oeqa/sdk/cases/buildcpio.py | 4 +- meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +- .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++ .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++ .../libpcap/libpcap/CVE-2025-11964.patch | 33 + .../libpcap/libpcap_1.10.1.bb | 3 + meta/recipes-core/dropbear/dropbear.inc | 1 + .../dropbear/dropbear/CVE-2019-6111.patch | 157 +++++ .../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 ++++ .../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++ .../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 ++ .../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 +++++++ .../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++ .../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 ++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 6 + meta/recipes-core/util-linux/util-linux.inc | 2 + .../util-linux/CVE-2025-14104-01.patch | 33 + .../util-linux/CVE-2025-14104-02.patch | 28 + .../binutils/binutils-2.38.inc | 2 + .../binutils/binutils/CVE-2025-1181-pre.patch | 149 +++++ .../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++ .../0001-configure-Prune-PIE-flags.patch | 44 -- .../pseudo/files/glibc238.patch | 65 -- .../pseudo/files/older-glibc-symbols.patch | 4 +- meta/recipes-devtools/pseudo/pseudo.inc | 7 + meta/recipes-devtools/pseudo/pseudo_git.bb | 6 +- .../python3-urllib3/CVE-2025-66418.patch | 70 ++ .../python/python3-urllib3_1.26.20.bb | 1 + .../python/python3/CVE-2025-13836.patch | 163 +++++ .../python/python3_3.10.19.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 3 + meta/recipes-extended/cups/cups.inc | 3 + ...pping-scheduler-on-unknown-directive.patch | 43 ++ .../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++ .../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++ ...25-60753.patch => CVE-2025-60753-01.patch} | 0 .../libarchive/CVE-2025-60753-02.patch | 46 ++ .../libarchive/libarchive_3.6.2.bb | 3 +- .../curl/curl/CVE-2025-14017.patch | 115 ++++ .../curl/curl/CVE-2025-15079.patch | 32 + .../curl/curl/CVE-2025-15224.patch | 31 + meta/recipes-support/curl/curl_7.82.0.bb | 3 + .../gnupg/gnupg/CVE-2025-68973.patch | 108 +++ meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 + 45 files changed, 3763 insertions(+), 120 deletions(-) create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch delete mode 100644 meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch create mode 100644 meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch => CVE-2025-60753-01.patch} (100%) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch