From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/38] Patch review
Date: Tue, 24 Feb 2026 15:23:52 +0100 [thread overview]
Message-ID: <cover.1771942869.git.yoann.congal@smile.fr> (raw)
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, February 26.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3274
The following changes since commit e2994ca0076ec99038790e7a40936236a5078135:
build-appliance-image: Update to kirkstone head revision (2026-01-26 18:54:26 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
for you to fetch changes up to fd883ff6432946d23d923a9be1cd2cb1f001c732:
u-boot: move CVE patch out of u-boot-common.inc (2026-02-23 23:57:02 +0100)
----------------------------------------------------------------
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.32
Amaury Couderc (2):
avahi: patch CVE-2025-68468
avahi: patch CVE-2025-68471
Ankur Tyagi (2):
avahi: patch CVE-2025-68276
avahi: patch CVE-2026-24401
Bruce Ashfield (5):
linux-yocto/5.15: update to v5.15.195
linux-yocto/5.15: update to v5.15.196
linux-yocto/5.15: update to v5.15.197
linux-yocto/5.15: update to v5.15.198
linux-yocto/5.15: update to v5.15.199
Fabio Berton (1):
classes/buildhistory: Do not sign buildhistory commits
Hugo SIMELIERE (1):
libtasn1: Fix CVE-2025-13151
Peter Marko (20):
zlib: ignore CVE-2026-22184
python3: patch CVE-2025-13837
python3: patch CVE-2025-12084
libxml2: patch CVE-2026-0990
libxml2: patch CVE-2026-0992
libxml2: add follow-up patch for CVE-2026-0992
expat: patch CVE-2026-24515
expat: patch CVE-2026-25210
inetutils: patch CVE-2026-24061
libpng: patch CVE-2026-22695
libpng: patch CVE-2026-22801
libpng: patch CVE-2026-25646
glib-2.0: patch CVE-2026-0988
glib-2.0: patch CVE-2026-1484
glib-2.0: patch CVE-2026-1485
glib-2.0: patch CVE-2026-1489
ffmpeg: set status of CVE-2025-25468 and CVE-2025-25469
vim: ignore CVE-2025-66476
harfbuzz: ignore CVE-2026-22693
glibc: stable 2.35 branch updates
Richard Purdie (2):
pseudo: Update to 1.9.3 release
pseudo: Update to include an openat2 fix
Scott Murray (1):
u-boot: move CVE patch out of u-boot-common.inc
Vijay Anusuri (2):
openssl: upgrade 3.0.18 -> 3.0.19
bind: Upgrade 9.18.41 -> 9.18.44
Yoann Congal (1):
pseudo: Update to include a fix for systems with kernel <5.6
meta/classes/buildhistory.bbclass | 2 +-
meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +-
meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 +
meta/recipes-connectivity/avahi/avahi_0.8.bb | 4 +
.../avahi/files/CVE-2025-68276.patch | 65 ++++
.../avahi/files/CVE-2025-68468.patch | 32 ++
.../avahi/files/CVE-2025-68471.patch | 36 ++
.../avahi/files/CVE-2026-24401.patch | 74 ++++
.../bind/{bind_9.18.41.bb => bind_9.18.44.bb} | 2 +-
.../inetutils/CVE-2026-24061-01.patch | 38 ++
.../inetutils/CVE-2026-24061-02.patch | 82 +++++
.../inetutils/inetutils_2.2.bb | 2 +
.../openssl/openssl/CVE-2023-50781-1.patch | 46 ++-
.../openssl/openssl/CVE-2023-50781-2.patch | 112 +++---
.../openssl/openssl/CVE-2023-50781-3.patch | 16 +-
.../{openssl_3.0.18.bb => openssl_3.0.19.bb} | 2 +-
.../expat/expat/CVE-2026-24515.patch | 43 +++
.../expat/expat/CVE-2026-25210-01.patch | 27 ++
.../expat/expat/CVE-2026-25210-02.patch | 37 ++
.../expat/expat/CVE-2026-25210-03.patch | 28 ++
meta/recipes-core/expat/expat_2.5.0.bb | 4 +
.../glib-2.0/glib-2.0/CVE-2026-0988.patch | 58 ++++
.../glib-2.0/glib-2.0/CVE-2026-1484-01.patch | 48 +++
.../glib-2.0/glib-2.0/CVE-2026-1484-02.patch | 45 +++
.../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +++
.../glib-2.0/glib-2.0/CVE-2026-1489-01.patch | 42 +++
.../glib-2.0/glib-2.0/CVE-2026-1489-02.patch | 30 ++
.../glib-2.0/glib-2.0/CVE-2026-1489-03.patch | 290 ++++++++++++++++
.../glib-2.0/glib-2.0/CVE-2026-1489-04.patch | 68 ++++
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 8 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.35.bb | 3 +-
.../libxml/libxml2/CVE-2026-0990.patch | 76 ++++
.../libxml/libxml2/CVE-2026-0992-01.patch | 49 +++
.../libxml/libxml2/CVE-2026-0992-02.patch | 325 ++++++++++++++++++
.../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 4 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 2 +
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python/python3/CVE-2025-12084.patch | 171 +++++++++
.../python/python3/CVE-2025-13837.patch | 162 +++++++++
.../python/python3_3.10.19.bb | 2 +
.../harfbuzz/harfbuzz_4.0.1.bb | 3 +
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +
.../libpng/files/CVE-2026-22695.patch | 77 +++++
.../libpng/files/CVE-2026-22801.patch | 164 +++++++++
.../libpng/files/CVE-2026-25646.patch | 61 ++++
.../libpng/libpng_1.6.39.bb | 3 +
.../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++
.../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 +
meta/recipes-support/vim/vim_9.1.bb | 3 +
scripts/install-buildtools | 4 +-
55 files changed, 2391 insertions(+), 121 deletions(-)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch
rename meta/recipes-connectivity/bind/{bind_9.18.41.bb => bind_9.18.44.bb} (97%)
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.18.bb => openssl_3.0.19.bb} (99%)
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-01.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-02.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch
create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
next reply other threads:[~2026-02-24 14:25 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-24 14:23 Yoann Congal [this message]
2026-02-24 14:23 ` [OE-core][kirkstone 01/38] zlib: ignore CVE-2026-22184 Yoann Congal
2026-02-24 14:23 ` [OE-core][kirkstone 02/38] python3: patch CVE-2025-13837 Yoann Congal
2026-02-24 14:23 ` [OE-core][kirkstone 03/38] python3: patch CVE-2025-12084 Yoann Congal
2026-02-24 14:23 ` [OE-core][kirkstone 04/38] libxml2: patch CVE-2026-0990 Yoann Congal
2026-02-24 14:23 ` [OE-core][kirkstone 05/38] libxml2: patch CVE-2026-0992 Yoann Congal
2026-02-24 14:23 ` [OE-core][kirkstone 06/38] libxml2: add follow-up patch for CVE-2026-0992 Yoann Congal
2026-02-24 14:23 ` [OE-core][kirkstone 07/38] expat: patch CVE-2026-24515 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 08/38] expat: patch CVE-2026-25210 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 09/38] openssl: upgrade 3.0.18 -> 3.0.19 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 10/38] inetutils: patch CVE-2026-24061 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 11/38] scripts/install-buildtools: Update to 4.0.32 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 12/38] linux-yocto/5.15: update to v5.15.195 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 13/38] linux-yocto/5.15: update to v5.15.196 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 14/38] linux-yocto/5.15: update to v5.15.197 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 15/38] linux-yocto/5.15: update to v5.15.198 Yoann Congal
2026-02-24 14:32 ` Patchtest results for " patchtest
2026-02-24 14:24 ` [OE-core][kirkstone 16/38] linux-yocto/5.15: update to v5.15.199 Yoann Congal
2026-02-24 14:32 ` Patchtest results for " patchtest
2026-02-24 14:24 ` [OE-core][kirkstone 17/38] bind: Upgrade 9.18.41 -> 9.18.44 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 18/38] libpng: patch CVE-2026-22695 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 19/38] libpng: patch CVE-2026-22801 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 20/38] libpng: patch CVE-2026-25646 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 21/38] classes/buildhistory: Do not sign buildhistory commits Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 22/38] glib-2.0: patch CVE-2026-0988 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 23/38] glib-2.0: patch CVE-2026-1484 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 24/38] glib-2.0: patch CVE-2026-1485 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 25/38] glib-2.0: patch CVE-2026-1489 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 26/38] ffmpeg: set status of CVE-2025-25468 and CVE-2025-25469 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 27/38] vim: ignore CVE-2025-66476 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 28/38] avahi: patch CVE-2025-68276 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 29/38] avahi: patch CVE-2025-68468 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 30/38] avahi: patch CVE-2025-68471 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 31/38] avahi: patch CVE-2026-24401 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 32/38] pseudo: Update to 1.9.3 release Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 33/38] pseudo: Update to include an openat2 fix Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 34/38] pseudo: Update to include a fix for systems with kernel <5.6 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 35/38] harfbuzz: ignore CVE-2026-22693 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 36/38] glibc: stable 2.35 branch updates Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 37/38] libtasn1: Fix CVE-2025-13151 Yoann Congal
2026-02-24 14:24 ` [OE-core][kirkstone 38/38] u-boot: move CVE patch out of u-boot-common.inc Yoann Congal
-- strict thread matches above, loose matches on Subject: below --
2024-12-04 17:53 [OE-core][kirkstone 00/38] Patch review Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1771942869.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox