[OE-core][whinlatter v2 00/16] Patch review

[Yoann Congal <yoann.congal@smile.fr>]

This is an updated patch review request with added patches.

v1: https://lore.kernel.org/openembedded-core/cover.1772700454.git.yoann.congal@smile.fr/T/#u
v1->v2: added patches:
* python3-urllib3: patch CVE-2025-66471
* lz4: Remove a reference to the rejected CVE-2025-62813
* avahi: Remove a reference to the rejected CVE-2021-36217
* create-pull-request: Keep commit hash to be pulled in cover email

Please review this set of changes for whinlatter and have comments back
by end of day Monday, March 9.

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3334

The following changes since commit 45cba1329d541fdc5857d6df2624b34c91133f7a:

  build-appliance-image: Update to whinlatter head revisions (2026-02-27 17:46:44 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-nut

for you to fetch changes up to cfc0e446a1ad57e710d2c82914211f9bcdc4a752:

  python3-urllib3: patch CVE-2025-66471 (2026-03-06 00:48:43 +0100)

----------------------------------------------------------------

Adarsh Jagadish Kamini (1):
  python3-pip: Backport fix CVE-2026-1703

Ankur Tyagi (1):
  wireless-regdb: upgrade 2025.10.07 -> 2026.02.04

Antonin Godard (1):
  python3: skip flaky test_default_timeout test

Benjamin Robin (Schneider Electric) (2):
  avahi: Remove a reference to the rejected CVE-2021-36217
  lz4: Remove a reference to the rejected CVE-2025-62813

Hugo SIMELIERE (2):
  zlib: Fix CVE-2026-27171
  harfbuzz: Fix CVE-2026-22693

Paul Barker (1):
  create-pull-request: Keep commit hash to be pulled in cover email

Peter Marko (4):
  linux-yocto: apply cve-exclusions also to rt and tiny recipe variants
  cve-exclusions: set status for 5 CVEs
  ffmpeg: set status for CVE-2025-12343
  python3-urllib3: patch CVE-2025-66471

Shaik Moin (1):
  gdk-pixbuf: Fix CVE-2025-6199

Vijay Anusuri (1):
  gnutls: Fix CVE-2025-14831

Yoann Congal (2):
  README: Add whinlatter subject-prefix to git-send-email suggestion
  b4-config: add send-prefixes for whinlatter

 .b4-config                                    |   1 +
 README.OE-Core.md                             |   2 +-
 .../avahi/files/local-ping.patch              |   1 -
 .../zlib/zlib/CVE-2026-27171.patch            |  63 ++
 meta/recipes-core/zlib/zlib_1.3.1.bb          |   1 +
 .../python/python3-pip/CVE-2026-1703.patch    |  41 +
 .../python/python3-pip_25.2.bb                |   4 +-
 .../python3-urllib3/CVE-2025-66471.patch      | 926 ++++++++++++++++++
 .../python/python3-urllib3_2.5.0.bb           |   1 +
 ...kip-flaky-test_default_timeout-tests.patch |  49 +
 .../python/python3_3.13.11.bb                 |   1 +
 .../gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch |  36 +
 .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb          |   1 +
 .../harfbuzz/files/CVE-2026-22693.patch       |  33 +
 .../harfbuzz/harfbuzz_11.4.5.bb               |   4 +-
 meta/recipes-kernel/linux/cve-exclusion.inc   |  16 +
 .../linux/linux-yocto-rt_6.12.bb              |   1 +
 .../linux/linux-yocto-rt_6.16.bb              |   1 +
 .../linux/linux-yocto-tiny_6.12.bb            |   1 +
 .../linux/linux-yocto-tiny_6.16.bb            |   1 +
 ....10.07.bb => wireless-regdb_2026.02.04.bb} |   2 +-
 meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb  |   1 +
 .../gnutls/gnutls/CVE-2025-14831-1.patch      | 119 +++
 .../gnutls/gnutls/CVE-2025-14831-10.patch     | 424 ++++++++
 .../gnutls/gnutls/CVE-2025-14831-2.patch      |  66 ++
 .../gnutls/gnutls/CVE-2025-14831-3.patch      |  30 +
 .../gnutls/gnutls/CVE-2025-14831-4.patch      |  45 +
 .../gnutls/gnutls/CVE-2025-14831-5.patch      | 205 ++++
 .../gnutls/gnutls/CVE-2025-14831-6.patch      | 505 ++++++++++
 .../gnutls/gnutls/CVE-2025-14831-7.patch      | 124 +++
 .../gnutls/gnutls/CVE-2025-14831-8.patch      | 155 +++
 .../gnutls/gnutls/CVE-2025-14831-9.patch      | 110 +++
 meta/recipes-support/gnutls/gnutls_3.8.10.bb  |  10 +
 ...13.patch => fix-null-error-handling.patch} |   1 -
 meta/recipes-support/lz4/lz4_1.10.0.bb        |   2 +-
 scripts/create-pull-request                   |   2 +-
 36 files changed, 2977 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch
 create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch
 create mode 100644 meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch
 create mode 100644 meta/recipes-graphics/harfbuzz/files/CVE-2026-22693.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2025.10.07.bb => wireless-regdb_2026.02.04.bb} (94%)
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-10.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch
 rename meta/recipes-support/lz4/lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} (99%)