* [OE-core][scarthgap 00/44] Pull request (cover letter only)
@ 2026-02-27 9:24 Yoann Congal
0 siblings, 0 replies; only message in thread
From: Yoann Congal @ 2026-02-27 9:24 UTC (permalink / raw)
To: openembedded-core; +Cc: Paul Barker
Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1771943404.git.yoann.congal@smile.fr/T/#t
Passed a-full on autobuilder (no change since patch review request):
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3276
The following changes since commit a1f4ae4e569bc0e36c27c1e4651e502e54d63b28:
build-appliance-image: Update to scarthgap head revision (2026-02-16 09:52:44 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 5.0.15
Amaury Couderc (2):
avahi: patch CVE-2025-68468
avahi: patch CVE-2025-68471
Ankur Tyagi (4):
avahi: patch CVE-2025-68276
avahi: patch CVE-2026-24401
mobile-broadband-provider-info: upgrade 20240407 -> 20251101
vim: ignore CVE-2025-66476
Benjamin Robin (Schneider Electric) (1):
spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX
Bruce Ashfield (7):
linux-yocto/6.6: update to v6.6.112
linux-yocto/6.6: update to v6.6.114
linux-yocto/6.6: update to v6.6.116
linux-yocto/6.6: update to v6.6.118
linux-yocto/6.6: update to v6.6.119
linux-yocto/6.6: update to v6.6.120
linux-yocto/6.6: update to v6.6.123
Daniel Dragomir (1):
wic/engine: error on old host debugfs for standalone directory copy
Deepak Rathore (7):
go 1.22.12: Fix CVE-2025-61730
go 1.22.12: Fix CVE-2025-61726
go 1.22.12: Fix CVE-2025-61728
go 1.22.12: Fix CVE-2025-61731
go 1.22.12: Fix CVE-2025-68119
go 1.22.12: Fix CVE-2025-61732
go 1.22.12: Fix CVE-2025-68121
Dragomir, Daniel (2):
wic/engine: fix copying directories into wic image with ext* partition
oeqa/selftest/wic: test recursive dir copy on ext partitions
Fabio Berton (1):
classes/buildhistory: Do not sign buildhistory commits
Hitendra Prajapati (2):
openssl: fix CVE-2025-15468
openssl: fix CVE-2025-69419
Ming Liu (1):
weston: fix a touch-calibrator issue
Peter Marko (10):
libsndfile1: patch CVE-2025-56226
libpng: patch CVE-2026-25646
glib-2.0: patch CVE-2026-1484
glib-2.0: patch CVE-2026-1485
glib-2.0: patch CVE-2026-1489
ffmpeg: ignore CVE-2025-1594
libtheora: mark CVE-2024-56431 as not vulnerable yet
ffmpeg: set status of CVE-2025-25468
gnupg: patch CVE-2025-68973
alsa-lib: patch CVE-2026-25068
Pratik Farkase (1):
libevent: merge inherit statements
Richard Purdie (1):
go-vendor: Fix absolute paths issue
Vijay Anusuri (1):
bind: Upgrade 9.18.41 -> 9.18.44
Yoann Congal (2):
pseudo: Update to include a fix for systems with kernel <5.6
u-boot: move CVE patches out of the common .inc file
meta/classes/buildhistory.bbclass | 2 +-
meta/classes/go-vendor.bbclass | 6 +-
meta/lib/oe/spdx30_tasks.py | 8 +-
meta/lib/oeqa/selftest/cases/wic.py | 65 ++
meta/recipes-bsp/u-boot/u-boot-common.inc | 12 +-
meta/recipes-bsp/u-boot/u-boot_2024.01.bb | 10 +
meta/recipes-connectivity/avahi/avahi_0.8.bb | 4 +
.../avahi/files/CVE-2025-68276.patch | 65 ++
.../avahi/files/CVE-2025-68468.patch | 32 +
.../avahi/files/CVE-2025-68471.patch | 36 +
.../avahi/files/CVE-2026-24401.patch | 74 ++
.../bind/{bind_9.18.41.bb => bind_9.18.44.bb} | 2 +-
.../mobile-broadband-provider-info_git.bb | 4 +-
.../openssl/openssl/CVE-2025-15468.patch | 39 +
.../openssl/openssl/CVE-2025-69419.patch | 61 ++
.../openssl/openssl_3.2.6.bb | 2 +
.../glib-2.0/glib-2.0/CVE-2026-1484-01.patch | 48 +
.../glib-2.0/glib-2.0/CVE-2026-1484-02.patch | 45 +
.../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +
.../glib-2.0/glib-2.0/CVE-2026-1489-01.patch | 42 +
.../glib-2.0/glib-2.0/CVE-2026-1489-02.patch | 30 +
.../glib-2.0/glib-2.0/CVE-2026-1489-03.patch | 290 ++++++
.../glib-2.0/glib-2.0/CVE-2026-1489-04.patch | 68 ++
meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 7 +
meta/recipes-devtools/go/go-1.22.12.inc | 10 +
.../go/go/CVE-2025-61726.patch | 196 +++++
.../go/go/CVE-2025-61728.patch | 171 ++++
.../go/go/CVE-2025-61730.patch | 460 ++++++++++
.../go/go/CVE-2025-61731.patch | 70 ++
.../go/go/CVE-2025-61732.patch | 53 ++
.../go/go/CVE-2025-68119-dependent.patch | 175 ++++
.../go/go/CVE-2025-68119.patch | 828 ++++++++++++++++++
.../go/go/CVE-2025-68121_p1.patch | 253 ++++++
.../go/go/CVE-2025-68121_p2.patch | 385 ++++++++
.../go/go/CVE-2025-68121_p3.patch | 82 ++
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
...ator-Regularise-surface-view-mapping.patch | 78 ++
.../recipes-graphics/wayland/weston_13.0.1.bb | 1 +
.../linux/linux-yocto-rt_6.6.bb | 6 +-
.../linux/linux-yocto-tiny_6.6.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +-
.../alsa/alsa-lib/CVE-2026-25068.patch | 34 +
.../alsa/alsa-lib_1.2.11.bb | 1 +
.../recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 3 +-
.../libpng/files/CVE-2026-25646.patch | 61 ++
.../libpng/libpng_1.6.42.bb | 1 +
.../libsndfile1/CVE-2025-56226-01.patch | 36 +
.../libsndfile1/CVE-2025-56226-02.patch | 43 +
.../libsndfile/libsndfile1_1.2.2.bb | 2 +
.../libtheora/libtheora_1.1.1.bb | 2 +
.../gnupg/gnupg/CVE-2025-68973.patch | 108 +++
meta/recipes-support/gnupg/gnupg_2.4.8.bb | 1 +
.../libevent/libevent_2.1.12.bb | 4 +-
meta/recipes-support/vim/vim_9.1.bb | 2 +
scripts/install-buildtools | 4 +-
scripts/lib/wic/engine.py | 92 +-
56 files changed, 4132 insertions(+), 62 deletions(-)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch
rename meta/recipes-connectivity/bind/{bind_9.18.41.bb => bind_9.18.44.bb} (97%)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61726.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61728.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61730.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61731.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61732.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68119-dependent.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68119.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p1.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p2.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-68121_p3.patch
create mode 100644 meta/recipes-graphics/wayland/weston/0001-touch-calibrator-Regularise-surface-view-mapping.patch
create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-01.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2025-56226-02.patch
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-02-27 9:24 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-27 9:24 [OE-core][scarthgap 00/44] Pull request (cover letter only) Yoann Congal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox