* [OE-core][scarthgap 00/20] Pull request (cover letter only)
@ 2026-06-16 16:32 Yoann Congal
0 siblings, 0 replies; only message in thread
From: Yoann Congal @ 2026-06-16 16:32 UTC (permalink / raw)
To: openembedded-core; +Cc: Paul Barker
Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1781270474.git.jeremy.rosen@smile.fr/
... with "nfs-utils: fix CVE-2025-12801" removed,
see https://lore.kernel.org/openembedded-core/8dd3e431cafdd364285eeaa79bf89507a4f4c6a1.camel@pbarker.dev/
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/4001
qemuarm64-ptest got impacted by 16267 – [scarthgap] AB-INT PTEST: python3 failure (test_wrong_cert_tls13)
Succesfully rebuilt in https://autobuilder.yoctoproject.org/valkyrie/?#/builders/61/builds/3824>
The following changes since commit e2864ea1ac022e43af92badc701fa1e2a9571f46:
pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next
for you to fetch changes up to dd74c1388d5bfefd2adcdb6abd622297138e2eb1:
meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-15 11:54:08 +0200)
----------------------------------------------------------------
Enrico Jörns (1):
devtool: prevent 'devtool modify -n' from corrupting kernel Git repos
Hugo SIMELIERE (Schneider Electric) (3):
busybox: Fix CVE-2026-29004
xz: Fix CVE-2026-34743
util-linux: Fix CVE-2026-27456
João Marcos Costa (Schneider Electric) (1):
meta/lib/oe/package.py: fix path to kernel sources in
save_debugsources_info
Theo Gaige (Schneider Electric) (14):
go: patch CVE-2026-27142
go: patch CVE-2026-32280
go: patch CVE-2026-32283
go: patch CVE-2026-32289
go: patch CVE-2026-33811
go: patch CVE-2026-39817
go: patch CVE-2026-39819
go: patch CVE-2026-39820
go: patch CVE-2026-39825
go: patch CVE-2026-39826
go: patch CVE-2026-42499
go: patch CVE-2026-42501
go: patch CVE-2026-42504
go: patch CVE-2026-42507
Zahir Hussain (1):
libpng: Fix CVE-2026-33416
meta/classes/create-spdx-2.2.bbclass | 2 +-
meta/lib/oe/package.py | 4 +-
.../busybox/busybox/CVE-2026-29004-01.patch | 41 ++
.../busybox/busybox/CVE-2026-29004-02.patch | 46 +++
meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
meta/recipes-core/util-linux/util-linux.inc | 1 +
.../util-linux/CVE-2026-27456.patch | 115 ++++++
meta/recipes-devtools/go/go-1.22.12.inc | 14 +
.../go/go/CVE-2026-27142.patch | 386 ++++++++++++++++++
.../go/go/CVE-2026-32280.patch | 289 +++++++++++++
.../go/go/CVE-2026-32283.patch | 177 ++++++++
.../go/go/CVE-2026-32289.patch | 217 ++++++++++
.../go/go/CVE-2026-33811.patch | 46 +++
.../go/go/CVE-2026-39817.patch | 105 +++++
.../go/go/CVE-2026-39819.patch | 48 +++
.../go/go/CVE-2026-39820.patch | 112 +++++
.../go/go/CVE-2026-39825.patch | 104 +++++
.../go/go/CVE-2026-39826.patch | 65 +++
.../go/go/CVE-2026-42499.patch | 91 +++++
.../go/go/CVE-2026-42501.patch | 127 ++++++
.../go/go/CVE-2026-42504.patch | 58 +++
.../go/go/CVE-2026-42507.patch | 160 ++++++++
.../xz/xz/CVE-2026-34743.patch | 68 +++
meta/recipes-extended/xz/xz_5.4.7.bb | 1 +
.../libpng/files/CVE-2026-33416-01.patch | 143 +++++++
.../libpng/files/CVE-2026-33416-02.patch | 53 +++
.../libpng/files/CVE-2026-33416-03.patch | 163 ++++++++
.../libpng/files/CVE-2026-33416-04.patch | 53 +++
.../libpng/libpng_1.6.42.bb | 4 +
scripts/lib/devtool/standard.py | 3 +-
30 files changed, 2694 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2026-27456.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27142.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32280.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32289.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39817.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39819.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39820.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39825.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39826.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42499.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42501.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42504.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42507.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2026-34743.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-01.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-02.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-03.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-04.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-16 16:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-16 16:32 [OE-core][scarthgap 00/20] Pull request (cover letter only) Yoann Congal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox