From: Jeremy Rosen <jeremy.rosen@smile.fr>
To: openembedded-core@lists.openembedded.org
Cc: Paul Barker <paul@pbarker.dev>
Subject: [OE-core][scarthgap 00/21] Patch review
Date: Fri, 12 Jun 2026 16:25:50 +0200 [thread overview]
Message-ID: <cover.1781270474.git.jeremy.rosen@smile.fr> (raw)
(Acting as LTS maintainer in training, process has been reviewed by
Yoann Congal)
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 16.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3980
The following changes since commit e2864ea1ac022e43af92badc701fa1e2a9571f46:
pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
for you to fetch changes up to 5e138a5cfb868b2b545161cb2cc706ccde307512:
meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-12 11:50:34 +0200)
----------------------------------------------------------------
Enrico Jörns (1):
devtool: prevent 'devtool modify -n' from corrupting kernel Git repos
Hugo SIMELIERE (Schneider Electric) (3):
busybox: Fix CVE-2026-29004
xz: Fix CVE-2026-34743
util-linux: Fix CVE-2026-27456
João Marcos Costa (Schneider Electric) (1):
meta/lib/oe/package.py: fix path to kernel sources in
save_debugsources_info
Sudhir Dumbhare (1):
nfs-utils: fix CVE-2025-12801
Theo Gaige (Schneider Electric) (14):
go: patch CVE-2026-27142
go: patch CVE-2026-32280
go: patch CVE-2026-32283
go: patch CVE-2026-32289
go: patch CVE-2026-33811
go: patch CVE-2026-39817
go: patch CVE-2026-39819
go: patch CVE-2026-39820
go: patch CVE-2026-39825
go: patch CVE-2026-39826
go: patch CVE-2026-42499
go: patch CVE-2026-42501
go: patch CVE-2026-42504
go: patch CVE-2026-42507
Zahir Hussain (1):
libpng: Fix CVE-2026-33416
meta/classes/create-spdx-2.2.bbclass | 2 +-
meta/lib/oe/package.py | 4 +-
.../nfs-utils/CVE-2025-12801-build-fix.patch | 44 ++
.../CVE-2025-12801-dependent_p1.patch | 71 +++
.../CVE-2025-12801-dependent_p2.patch | 81 +++
.../CVE-2025-12801-dependent_p3.patch | 185 +++++++
.../CVE-2025-12801-dependent_p4.patch | 468 ++++++++++++++++++
.../nfs-utils/nfs-utils/CVE-2025-12801.patch | 254 ++++++++++
.../nfs-utils/nfs-utils_2.6.4.bb | 6 +
.../busybox/busybox/CVE-2026-29004-01.patch | 41 ++
.../busybox/busybox/CVE-2026-29004-02.patch | 46 ++
meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
meta/recipes-core/util-linux/util-linux.inc | 1 +
.../util-linux/CVE-2026-27456.patch | 115 +++++
meta/recipes-devtools/go/go-1.22.12.inc | 14 +
.../go/go/CVE-2026-27142.patch | 386 +++++++++++++++
.../go/go/CVE-2026-32280.patch | 289 +++++++++++
.../go/go/CVE-2026-32283.patch | 177 +++++++
.../go/go/CVE-2026-32289.patch | 217 ++++++++
.../go/go/CVE-2026-33811.patch | 46 ++
.../go/go/CVE-2026-39817.patch | 105 ++++
.../go/go/CVE-2026-39819.patch | 48 ++
.../go/go/CVE-2026-39820.patch | 112 +++++
.../go/go/CVE-2026-39825.patch | 104 ++++
.../go/go/CVE-2026-39826.patch | 65 +++
.../go/go/CVE-2026-42499.patch | 91 ++++
.../go/go/CVE-2026-42501.patch | 127 +++++
.../go/go/CVE-2026-42504.patch | 58 +++
.../go/go/CVE-2026-42507.patch | 160 ++++++
.../xz/xz/CVE-2026-34743.patch | 68 +++
meta/recipes-extended/xz/xz_5.4.7.bb | 1 +
.../libpng/files/CVE-2026-33416-01.patch | 143 ++++++
.../libpng/files/CVE-2026-33416-02.patch | 53 ++
.../libpng/files/CVE-2026-33416-03.patch | 163 ++++++
.../libpng/files/CVE-2026-33416-04.patch | 53 ++
.../libpng/libpng_1.6.42.bb | 4 +
scripts/lib/devtool/standard.py | 3 +-
37 files changed, 3803 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-build-fix.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p4.patch
create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2026-27456.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27142.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32280.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32289.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39817.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39819.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39820.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39825.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39826.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42499.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42501.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42504.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42507.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2026-34743.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-01.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-02.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-03.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-04.patch
--
2.53.0
next reply other threads:[~2026-06-12 14:26 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 14:25 Jeremy Rosen [this message]
2026-06-12 14:25 ` [OE-core][scarthgap 01/21] libpng: Fix CVE-2026-33416 Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 02/21] busybox: Fix CVE-2026-29004 Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 03/21] nfs-utils: fix CVE-2025-12801 Jeremy Rosen
2026-06-15 7:59 ` Paul Barker
2026-06-16 7:43 ` [scarthgap " Sudhir Dumbhare
2026-06-16 20:29 ` Paul Barker
2026-06-12 14:25 ` [OE-core][scarthgap 04/21] xz: Fix CVE-2026-34743 Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 05/21] util-linux: Fix CVE-2026-27456 Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 06/21] devtool: prevent 'devtool modify -n' from corrupting kernel Git repos Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 07/21] go: patch CVE-2026-27142 Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 08/21] go: patch CVE-2026-32280 Jeremy Rosen
2026-06-12 14:25 ` [OE-core][scarthgap 09/21] go: patch CVE-2026-32283 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 10/21] go: patch CVE-2026-32289 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 11/21] go: patch CVE-2026-33811 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 12/21] go: patch CVE-2026-39817 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 13/21] go: patch CVE-2026-39819 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 14/21] go: patch CVE-2026-39820 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 15/21] go: patch CVE-2026-39825 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 16/21] go: patch CVE-2026-39826 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 17/21] go: patch CVE-2026-42499 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 18/21] go: patch CVE-2026-42501 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 19/21] go: patch CVE-2026-42504 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 20/21] go: patch CVE-2026-42507 Jeremy Rosen
2026-06-12 14:26 ` [OE-core][scarthgap 21/21] meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info Jeremy Rosen
-- strict thread matches above, loose matches on Subject: below --
2025-11-22 22:14 [OE-core][scarthgap 00/21] Patch review Steve Sakoman
2024-07-04 12:26 Steve Sakoman
2024-06-01 12:24 Steve Sakoman
2024-05-20 13:33 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1781270474.git.jeremy.rosen@smile.fr \
--to=jeremy.rosen@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul@pbarker.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox