[OE-core][whinlatter 0/7] Pull request (cover letter only)

[OE-core][whinlatter 0/7] Pull request (cover letter only)

[Yoann Congal]

Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1773257124.git.yoann.congal@smile.fr/
extended with "[whinlatter][PATCH] scripts/install-buildtools: Update to 5.3.2"
https://lore.kernel.org/openembedded-core/20260312231730.751467-1-yoann.congal@smile.fr/T/#u

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3400

The following changes since commit 96d653f64e6eaa919dd1f62193a5a96f43430dc4:

  build-appliance-image: Update to whinlatter head revisions (2026-03-10 11:53:11 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next

for you to fetch changes up to 59bf0f60bf2fd424509fb077e187fce64d1c4695:

  scripts/install-buildtools: Update to 5.3.2 (2026-03-13 00:17:05 +0100)

----------------------------------------------------------------

Livin Sunny (1):
  busybox: Fixes CVE-2025-60876

Martin Jansa (1):
  lsb.py: strip ' from os-release file

Peter Marko (3):
  inetutils: patch CVE-2026-28372
  libpam: set status for CVE-2024-10041
  go: upgrade 1.25.7 -> 1.25.8

Vijay Anusuri (1):
  freetype: Fix CVE-2026-23865

Yoann Congal (1):
  scripts/install-buildtools: Update to 5.3.2

 meta/lib/oe/lsb.py                            |  2 +-
 .../inetutils/inetutils/CVE-2026-28372.patch  | 86 +++++++++++++++++++
 .../inetutils/inetutils_2.6.bb                |  1 +
 .../busybox/busybox/CVE-2025-60876.patch      | 42 +++++++++
 meta/recipes-core/busybox/busybox_1.37.0.bb   |  1 +
 .../go/{go-1.25.7.inc => go-1.25.8.inc}       |  2 +-
 ...e_1.25.7.bb => go-binary-native_1.25.8.bb} |  6 +-
 ..._1.25.7.bb => go-cross-canadian_1.25.8.bb} |  0
 ...{go-cross_1.25.7.bb => go-cross_1.25.8.bb} |  0
 ...osssdk_1.25.7.bb => go-crosssdk_1.25.8.bb} |  0
 ...runtime_1.25.7.bb => go-runtime_1.25.8.bb} |  0
 .../go/{go_1.25.7.bb => go_1.25.8.bb}         |  0
 meta/recipes-extended/pam/libpam_1.7.1.bb     |  2 +
 .../freetype/freetype/CVE-2026-23865.patch    | 54 ++++++++++++
 .../freetype/freetype_2.13.3.bb               |  4 +-
 scripts/install-buildtools                    |  4 +-
 16 files changed, 196 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-28372.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-60876.patch
 rename meta/recipes-devtools/go/{go-1.25.7.inc => go-1.25.8.inc} (91%)
 rename meta/recipes-devtools/go/{go-binary-native_1.25.7.bb => go-binary-native_1.25.8.bb} (79%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.25.7.bb => go-cross-canadian_1.25.8.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.25.7.bb => go-cross_1.25.8.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.25.7.bb => go-crosssdk_1.25.8.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.25.7.bb => go-runtime_1.25.8.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.25.7.bb => go_1.25.8.bb} (100%)
 create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2026-23865.patch

[OE-core][whinlatter 0/7] Pull request (cover letter only)

[Yoann Congal]

Those are the patches from the last patch review (no change):
https://lore.kernel.org/openembedded-core/cover.1774047909.git.yoann.congal@smile.fr/

Passed a-full on autobuilder with 1 AB-INT failure:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3471
* meta-arm failed (reported to the meta-arm ML:
  * AB-INT failure in whinlatter/edk2-firmware do_compile https://lists.yoctoproject.org/g/meta-arm/message/6967
  * Successfully retried as https://autobuilder.yoctoproject.org/valkyrie/#/builders/75/builds/3303

The following changes since commit ab57471acad7ce2a037480dc7b301104620f1ebf:

  build-appliance-image: Update to whinlatter head revisions (2026-03-16 11:05:22 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next

for you to fetch changes up to 2d6383491f4246a93e1a49a9fe258d873adf8b76:

  curl: patch CVE-2026-3805 (2026-03-19 08:45:38 +0100)

----------------------------------------------------------------

Krupal Ka Patel (2):
  python3-setuptools: drop Windows launcher executables on non-mingw
    builds
  python3-pip: drop unused Windows distlib launcher templates

Peter Marko (4):
  curl: patch CVE-2026-1965
  curl: patch CVE-2026-3783
  curl: patch CVE-2026-3784
  curl: patch CVE-2026-3805

Vijay Anusuri (1):
  inetutils: Fix CVE-2026-32746

 .../inetutils/inetutils/CVE-2026-32746.patch  |  40 +++++
 .../inetutils/inetutils_2.6.bb                |   1 +
 .../python/python3-pip_25.2.bb                |   9 +
 .../python/python3-setuptools_80.9.0.bb       |   9 +
 ...d-macros-warnings-and-related-tidy-u.patch |  44 +++++
 .../curl/curl/CVE-2026-1965-01.patch          | 138 +++++++++++++++
 .../curl/curl/CVE-2026-1965-02.patch          |  29 ++++
 .../curl/curl/CVE-2026-3783.patch             | 148 ++++++++++++++++
 .../curl/curl/CVE-2026-3784-02.patch          | 162 ++++++++++++++++++
 .../curl/curl/CVE-2026-3805.patch             |  67 ++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |   6 +
 11 files changed, 653 insertions(+)
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-32746.patch
 create mode 100644 meta/recipes-support/curl/curl/0001-build-fix-Wunused-macros-warnings-and-related-tidy-u.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-01.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-02.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784-02.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3805.patch