From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Cc: Paul Barker <paul@pbarker.dev>
Subject: [OE-core][whinlatter 00/22] Pull request (cover letter only)
Date: Mon, 9 Feb 2026 10:58:33 +0100 [thread overview]
Message-ID: <cover.1770630733.git.yoann.congal@smile.fr> (raw)
Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1770109549.git.yoann.congal@smile.fr/T/#t
(with added cherry-pick info, where appropriate)
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3181
The following changes since commit fa31089d48cac2aa11279e932a77f4dbdc02c02d:
libarchive: upgrade 3.8.4 -> 3.8.5 (2026-01-26 08:44:38 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next
for you to fetch changes up to 7ffbe7bb6e262a410afac64c5211df0d52c202c7:
inetutils: patch CVE-2026-24061 (2026-02-09 01:51:46 +0100)
----------------------------------------------------------------
Hugo SIMELIERE (1):
libtasn1: Fix CVE-2025-13151
Jiaying Song (1):
grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663
CVE-2025-61664
Ken Kurematsu (1):
libtheora: set CVE_PRODUCT
Khai Dang (1):
docbook-xml-dtd4: fix the fetching failure
Mark Hatle (1):
dpkg: Fix ADMINDIR
Mathieu Dubois-Briand (2):
oeqa/gitarchive: Fix git push URL parameter
oeqa/gitarchive: Push tag before copying log files
Peter Marko (13):
go: upgrade 1.25.5 -> 1.25.6
zlib: ignore CVE-2026-22184
python3-urllib3: patch CVE-2026-21441
glibc: stable 2.42 branch updates
dropbear: patch CVE-2025-14282
libpng: upgrade 1.6.53 -> 1.6.54
glib-2.0: patch CVE-2026-0988
libxml2: patch CVE-2026-0989
libxml2: patch CVE-2026-0990
libxml2: patch CVE-2026-0992
libxml2: add follow-up patch for CVE-2026-0992
expat: upgrade 2.7.3 -> 2.7.4
inetutils: patch CVE-2026-24061
Richard Purdie (2):
scripts/oe-git-archive: Ensure new push parameter is specified
pseudo: Update to 1.9.3 release
meta/lib/oe/package_manager/deb/__init__.py | 4 +
.../oeqa/selftest/cases/gitarchivetests.py | 4 +-
meta/lib/oeqa/utils/gitarchive.py | 8 +-
.../grub/files/CVE-2025-54770.patch | 41 +++
.../grub/files/CVE-2025-61661.patch | 40 +++
.../grub/files/CVE-2025-61662.patch | 72 ++++
.../grub/files/CVE-2025-61663_61664.patch | 64 ++++
meta/recipes-bsp/grub/grub2.inc | 4 +
.../inetutils/CVE-2026-24061-01.patch | 38 ++
.../inetutils/CVE-2026-24061-02.patch | 82 +++++
.../inetutils/inetutils_2.6.bb | 2 +
.../dropbear/dropbear/CVE-2025-14282-01.patch | 280 +++++++++++++++
.../dropbear/dropbear/CVE-2025-14282-02.patch | 97 +++++
.../dropbear/dropbear/CVE-2025-14282-03.patch | 282 +++++++++++++++
.../dropbear/dropbear/CVE-2025-14282-04.patch | 72 ++++
.../dropbear/dropbear/CVE-2025-14282-05.patch | 46 +++
.../recipes-core/dropbear/dropbear_2025.88.bb | 5 +
.../expat/{expat_2.7.3.bb => expat_2.7.4.bb} | 2 +-
.../glib-2.0/files/CVE-2026-0988.patch | 58 +++
meta/recipes-core/glib-2.0/glib.inc | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
.../libxml/libxml2/CVE-2026-0989.patch | 309 ++++++++++++++++
.../libxml/libxml2/CVE-2026-0990.patch | 76 ++++
.../libxml/libxml2/CVE-2026-0992-01.patch | 49 +++
.../libxml/libxml2/CVE-2026-0992-02.patch | 336 ++++++++++++++++++
.../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++
meta/recipes-core/libxml/libxml2_2.14.6.bb | 5 +
meta/recipes-core/zlib/zlib_1.3.1.bb | 2 +
.../docbook-xml/docbook-xml-dtd4_4.5.bb | 10 +-
...-dirs.c-set_rootfs-was-not-checking-.patch | 46 +++
meta/recipes-devtools/dpkg/dpkg_1.22.21.bb | 1 +
.../go/{go-1.25.5.inc => go-1.25.6.inc} | 2 +-
...e_1.25.5.bb => go-binary-native_1.25.6.bb} | 6 +-
..._1.25.5.bb => go-cross-canadian_1.25.6.bb} | 0
...{go-cross_1.25.5.bb => go-cross_1.25.6.bb} | 0
...osssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} | 0
...runtime_1.25.5.bb => go-runtime_1.25.6.bb} | 0
...ent-based-hash-generation-less-pedan.patch | 8 +-
...ng-cgo-on-386-call-C-sigaction-funct.patch | 4 +-
...d-go-make-GOROOT-precious-by-default.patch | 2 +-
.../go/{go_1.25.5.bb => go_1.25.6.bb} | 0
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python3-urllib3/CVE-2026-21441.patch | 111 ++++++
.../python/python3-urllib3_2.5.0.bb | 1 +
.../{libpng_1.6.53.bb => libpng_1.6.54.bb} | 4 +-
.../libtheora/libtheora_1.2.0.bb | 2 +
.../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++
.../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 +
scripts/lib/resulttool/store.py | 9 +-
scripts/oe-git-archive | 2 +-
51 files changed, 2228 insertions(+), 31 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch
rename meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} (92%)
create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch
rename meta/recipes-devtools/go/{go-1.25.5.inc => go-1.25.6.inc} (91%)
rename meta/recipes-devtools/go/{go-binary-native_1.25.5.bb => go-binary-native_1.25.6.bb} (79%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.25.5.bb => go-cross-canadian_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} (100%)
rename meta/recipes-devtools/go/{go_1.25.5.bb => go_1.25.6.bb} (100%)
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch
rename meta/recipes-multimedia/libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} (94%)
create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
next reply other threads:[~2026-02-09 9:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 9:58 Yoann Congal [this message]
2026-02-09 10:45 ` [OE-core][whinlatter 00/22] Pull request (cover letter only) Yoann Congal
2026-02-11 10:20 ` Paul Barker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1770630733.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul@pbarker.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox