From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone v4 00/30] Patch review
Date: Fri, 10 Apr 2026 01:10:00 +0200 [thread overview]
Message-ID: <cover.1775775154.git.yoann.congal@smile.fr> (raw)
Please review this set of changes for kirkstone and have comments back by
Friday, April 10 (10:00:00 UTC). I'm aware this is a bit short. Ping me
if you plan to review and need more time.
Please note: This will be the last review cycle for kirkstone.
A previous version of the branch passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3631
Impacted by #15467 – AB-INT PTEST: tcl ptest failure: in http11.test.
I backported the fix, and restarted the build:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3635
v3->v4:
- Added a backport to fix #15467:
- tcl: skip http11 tests
- Added vim CVE fixes:
- vim: Fix CVE-2026-28419
- vim: Fix CVE-2026-28418
- vim: Fix CVE-2026-26269
- vim: Fix CVE-2026-25749
- Added fixes for shutdown git protocol on YP/OE repos:
- selftest/scripts: Update old git protocol references
- recipetool: Recognise https://git. as git urls
- scripts: Default to https git protocol for YP/OE repos
- oeqa/sdk: Default to https git protocol for YP/OE repos
- oeqa/manual: Default to https git protocol for YP/OE repos
- recipes: Default to https git protocol for YP/OE repos
v2->v3:
- Added ncurses:·fix·for·CVE-2025-69720 to the series
v1->v2:
- replaced "python3: Fix CVE-2025-15282" with
"python3: upgrade 3.10.19 -> 3.10.20"
- Those patches are not held anymore since equivalent patches have been
sent to more recent branches:
- curl: patch CVE-2026-3784
- curl: patch CVE-2026-3783
- curl: patch CVE-2026-1965
- vim: Fix CVE-2026-33412
The following changes since commit c4194cadb1180da37514c55cd97827eb0269c8e2:
build-appliance-image: Update to kirkstone head revision (2026-03-20 09:58:53 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
for you to fetch changes up to f2bc121f821f684a541b1f4e317078c50d29c389:
scripts/install-buildtools: Update to 4.0.34 (2026-04-10 00:51:17 +0200)
----------------------------------------------------------------
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.200
linux-yocto/5.15: update to v5.15.201
Fabien Thomas (1):
README.OE-Core: update contributor links and add kirkstone prefix
Hitendra Prajapati (6):
vim: Fix CVE-2026-33412
ncurses: fix for CVE-2025-69720
vim: Fix CVE-2026-25749
vim: Fix CVE-2026-26269
vim: Fix CVE-2026-28418
vim: Fix CVE-2026-28419
Jinfeng Wang (1):
tzdata/tzcode-native: upgrade 2025c -> 2026a
Paul Barker (1):
create-pull-request: Keep commit hash to be pulled in cover email
Peter Marko (1):
libtheora: mark CVE-2024-56431 as not vulnerable yet
Richard Purdie (2):
recipetool: Recognise https://git. as git urls
selftest/scripts: Update old git protocol references
Ross Burton (1):
tcl: skip http11 tests
Vijay Anusuri (10):
tzdata,tzcode-native: Upgrade 2025b -> 2025c
python3: upgrade 3.10.19 -> 3.10.20
python3-pyopenssl: Fix CVE-2026-27448
python3-pyopenssl: Fix CVE-2026-27459
libarchive: Fix CVE-2026-4111
sqlite3: Fix CVE-2025-70873
curl: patch CVE-2025-14524
curl: patch CVE-2026-1965
curl: patch CVE-2026-3783
curl: patch CVE-2026-3784
Yoann Congal (5):
recipes: Default to https git protocol for YP/OE repos
oeqa/manual: Default to https git protocol for YP/OE repos
oeqa/sdk: Default to https git protocol for YP/OE repos
scripts: Default to https git protocol for YP/OE repos
scripts/install-buildtools: Update to 4.0.34
README.OE-Core.md | 10 +-
.../devtool/devtool-upgrade-test2_git.bb | 2 +-
.../devtool-upgrade-test2_git.bb.upgraded | 2 +-
meta/lib/oeqa/manual/crops.json | 2 +-
meta/lib/oeqa/manual/eclipse-plugin.json | 2 +-
.../oeqa/manual/toaster-unmanaged-mode.json | 2 +-
.../oeqa/sdk/buildtools-docs-cases/build.py | 2 +-
meta/lib/oeqa/selftest/cases/devtool.py | 4 +-
meta/lib/oeqa/selftest/cases/externalsrc.py | 2 +-
meta/lib/oeqa/selftest/cases/fetch.py | 2 +
meta/lib/oeqa/selftest/cases/recipetool.py | 8 +-
meta/lib/oeqa/selftest/cases/sstatetests.py | 2 +-
meta/recipes-core/dbus-wait/dbus-wait_git.bb | 2 +-
.../images/build-appliance-image_15.0.0.bb | 2 +-
.../ncurses/files/CVE-2025-69720.patch | 42 ++
.../ncurses/ncurses_6.3+20220423.bb | 1 +
meta/recipes-core/psplash/psplash_git.bb | 2 +-
.../update-rc.d/update-rc.d_0.8.bb | 2 +-
meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
.../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++
.../python3-pyopenssl/CVE-2026-27459.patch | 106 +++++
.../python/python3-pyopenssl_22.0.0.bb | 5 +
.../python/python3/CVE-2025-12084.patch | 171 --------
.../python/python3/CVE-2025-13836.patch | 163 --------
.../python/python3/CVE-2025-13837.patch | 162 --------
.../python/python3/CVE-2025-6075.patch | 364 ------------------
...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +-
meta/recipes-devtools/tcltk/tcl/run-ptest | 4 +-
.../libarchive/CVE-2026-4111-1.patch | 32 ++
.../libarchive/CVE-2026-4111-2.patch | 308 +++++++++++++++
.../libarchive/libarchive_3.6.2.bb | 2 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../libfakekey/libfakekey_git.bb | 2 +-
.../libmatchbox/libmatchbox_1.12.bb | 2 +-
.../matchbox-wm/matchbox-wm_1.2.2.bb | 2 +-
.../xcursor-transparent-theme_git.bb | 2 +-
.../kern-tools/kern-tools-native_git.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-dev.bb | 4 +-
.../linux/linux-yocto-rt_5.10.bb | 4 +-
.../linux/linux-yocto-rt_5.15.bb | 10 +-
.../linux/linux-yocto-tiny_5.10.bb | 4 +-
.../linux/linux-yocto-tiny_5.15.bb | 10 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 4 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 30 +-
.../libtheora/libtheora_1.1.1.bb | 3 +
.../matchbox-config-gtk_0.2.bb | 2 +-
.../matchbox-desktop/matchbox-desktop_2.2.bb | 2 +-
.../matchbox-keyboard_0.1.1.bb | 2 +-
.../matchbox-panel-2/matchbox-panel-2_2.11.bb | 2 +-
.../matchbox-terminal_0.2.bb | 2 +-
.../matchbox-theme-sato_0.2.bb | 2 +-
.../sato-screenshot/sato-screenshot_0.3.bb | 2 +-
.../settings-daemon/settings-daemon_0.0.2.bb | 2 +-
.../curl/curl/CVE-2025-14524.patch | 42 ++
.../curl/curl/CVE-2026-1965-1.patch | 98 +++++
.../curl/curl/CVE-2026-1965-2.patch | 29 ++
.../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++
.../curl/curl/CVE-2026-3783.patch | 157 ++++++++
.../curl/curl/CVE-2026-3784.patch | 73 ++++
meta/recipes-support/curl/curl_7.82.0.bb | 6 +
.../ptest-runner/ptest-runner_2.4.2.bb | 2 +-
.../sqlite/files/CVE-2025-70873.patch | 33 ++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 +
.../vim/files/CVE-2026-25749.patch | 64 +++
.../vim/files/CVE-2026-26269.patch | 150 ++++++++
.../vim/files/CVE-2026-28418.patch | 78 ++++
.../vim/files/CVE-2026-28419.patch | 86 +++++
.../vim/files/CVE-2026-33412.patch | 61 +++
meta/recipes-support/vim/vim.inc | 5 +
scripts/combo-layer.conf.example | 4 +-
scripts/contrib/patchtest.sh | 4 +-
scripts/create-pull-request | 2 +-
scripts/install-buildtools | 4 +-
scripts/lib/recipetool/create.py | 2 +-
74 files changed, 1662 insertions(+), 947 deletions(-)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch
create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch
rename meta/recipes-devtools/python/{python3_3.10.19.bb => python3_3.10.20.bb} (98%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-25749.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-26269.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28418.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28419.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch
next reply other threads:[~2026-04-09 23:11 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 23:10 Yoann Congal [this message]
2026-04-09 23:10 ` [OE-core][kirkstone v4 01/30] linux-yocto/5.15: update to v5.15.200 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 02/30] linux-yocto/5.15: update to v5.15.201 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 03/30] create-pull-request: Keep commit hash to be pulled in cover email Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 04/30] README.OE-Core: update contributor links and add kirkstone prefix Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 05/30] libtheora: mark CVE-2024-56431 as not vulnerable yet Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 06/30] tzdata,tzcode-native: Upgrade 2025b -> 2025c Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 07/30] tzdata/tzcode-native: upgrade 2025c -> 2026a Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 08/30] python3: upgrade 3.10.19 -> 3.10.20 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 09/30] python3-pyopenssl: Fix CVE-2026-27448 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 10/30] python3-pyopenssl: Fix CVE-2026-27459 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 11/30] libarchive: Fix CVE-2026-4111 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 12/30] vim: Fix CVE-2026-33412 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 13/30] sqlite3: Fix CVE-2025-70873 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 14/30] curl: patch CVE-2025-14524 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 15/30] curl: patch CVE-2026-1965 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 16/30] curl: patch CVE-2026-3783 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 17/30] curl: patch CVE-2026-3784 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 18/30] ncurses: fix for CVE-2025-69720 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 19/30] recipes: Default to https git protocol for YP/OE repos Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 20/30] oeqa/manual: " Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 21/30] oeqa/sdk: " Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 22/30] scripts: " Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 23/30] recipetool: Recognise https://git. as git urls Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 24/30] selftest/scripts: Update old git protocol references Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 25/30] vim: Fix CVE-2026-25749 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 26/30] vim: Fix CVE-2026-26269 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 27/30] vim: Fix CVE-2026-28418 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 28/30] vim: Fix CVE-2026-28419 Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 29/30] tcl: skip http11 tests Yoann Congal
2026-04-09 23:10 ` [OE-core][kirkstone v4 30/30] scripts/install-buildtools: Update to 4.0.34 Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1775775154.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox