From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Cc: Paul Barker <paul@pbarker.dev>
Subject: [OE-core][scarthgap 00/20] Pull request (cover letter only)
Date: Tue, 16 Jun 2026 18:32:05 +0200 [thread overview]
Message-ID: <cover.1781627207.git.yoann.congal@smile.fr> (raw)
Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1781270474.git.jeremy.rosen@smile.fr/
... with "nfs-utils: fix CVE-2025-12801" removed,
see https://lore.kernel.org/openembedded-core/8dd3e431cafdd364285eeaa79bf89507a4f4c6a1.camel@pbarker.dev/
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/4001
qemuarm64-ptest got impacted by 16267 – [scarthgap] AB-INT PTEST: python3 failure (test_wrong_cert_tls13)
Succesfully rebuilt in https://autobuilder.yoctoproject.org/valkyrie/?#/builders/61/builds/3824>
The following changes since commit e2864ea1ac022e43af92badc701fa1e2a9571f46:
pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next
for you to fetch changes up to dd74c1388d5bfefd2adcdb6abd622297138e2eb1:
meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-15 11:54:08 +0200)
----------------------------------------------------------------
Enrico Jörns (1):
devtool: prevent 'devtool modify -n' from corrupting kernel Git repos
Hugo SIMELIERE (Schneider Electric) (3):
busybox: Fix CVE-2026-29004
xz: Fix CVE-2026-34743
util-linux: Fix CVE-2026-27456
João Marcos Costa (Schneider Electric) (1):
meta/lib/oe/package.py: fix path to kernel sources in
save_debugsources_info
Theo Gaige (Schneider Electric) (14):
go: patch CVE-2026-27142
go: patch CVE-2026-32280
go: patch CVE-2026-32283
go: patch CVE-2026-32289
go: patch CVE-2026-33811
go: patch CVE-2026-39817
go: patch CVE-2026-39819
go: patch CVE-2026-39820
go: patch CVE-2026-39825
go: patch CVE-2026-39826
go: patch CVE-2026-42499
go: patch CVE-2026-42501
go: patch CVE-2026-42504
go: patch CVE-2026-42507
Zahir Hussain (1):
libpng: Fix CVE-2026-33416
meta/classes/create-spdx-2.2.bbclass | 2 +-
meta/lib/oe/package.py | 4 +-
.../busybox/busybox/CVE-2026-29004-01.patch | 41 ++
.../busybox/busybox/CVE-2026-29004-02.patch | 46 +++
meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
meta/recipes-core/util-linux/util-linux.inc | 1 +
.../util-linux/CVE-2026-27456.patch | 115 ++++++
meta/recipes-devtools/go/go-1.22.12.inc | 14 +
.../go/go/CVE-2026-27142.patch | 386 ++++++++++++++++++
.../go/go/CVE-2026-32280.patch | 289 +++++++++++++
.../go/go/CVE-2026-32283.patch | 177 ++++++++
.../go/go/CVE-2026-32289.patch | 217 ++++++++++
.../go/go/CVE-2026-33811.patch | 46 +++
.../go/go/CVE-2026-39817.patch | 105 +++++
.../go/go/CVE-2026-39819.patch | 48 +++
.../go/go/CVE-2026-39820.patch | 112 +++++
.../go/go/CVE-2026-39825.patch | 104 +++++
.../go/go/CVE-2026-39826.patch | 65 +++
.../go/go/CVE-2026-42499.patch | 91 +++++
.../go/go/CVE-2026-42501.patch | 127 ++++++
.../go/go/CVE-2026-42504.patch | 58 +++
.../go/go/CVE-2026-42507.patch | 160 ++++++++
.../xz/xz/CVE-2026-34743.patch | 68 +++
meta/recipes-extended/xz/xz_5.4.7.bb | 1 +
.../libpng/files/CVE-2026-33416-01.patch | 143 +++++++
.../libpng/files/CVE-2026-33416-02.patch | 53 +++
.../libpng/files/CVE-2026-33416-03.patch | 163 ++++++++
.../libpng/files/CVE-2026-33416-04.patch | 53 +++
.../libpng/libpng_1.6.42.bb | 4 +
scripts/lib/devtool/standard.py | 3 +-
30 files changed, 2694 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2026-27456.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27142.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32280.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32289.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39817.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39819.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39820.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39825.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39826.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42499.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42501.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42504.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42507.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2026-34743.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-01.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-02.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-03.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-04.patch
reply other threads:[~2026-06-16 16:32 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1781627207.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul@pbarker.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox