From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/26] Patch review
Date: Tue, 23 Jun 2026 15:13:41 +0200 [thread overview]
Message-ID: <cover.1782220259.git.yoann.congal@smile.fr> (raw)
Please review this set of changes for scarthgap and have comments back by
end of day Thursday, June 25.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4064
* oe-selftest-armhost failed with 15560 – Corrupt sqlite database in CVE updates
retried in https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/4185
The following changes since commit d4950d6df0867dcd5c380d83ac4d138ec968e698:
python_setuptools_build_meta: clean the build directory in configure (2026-06-17 01:09:26 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-review
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-review
for you to fetch changes up to 8c56e85dd02063da5630c9b73fb242686a970e20:
rust,libstd-rs: set status for CVE-2024-3566 (2026-06-23 09:21:53 +0200)
----------------------------------------------------------------
Adarsh Jagadish Kamini (3):
openssh: fix CVE-2026-35386
libsolv: fix CVE-2026-9150
python3: CVE-2026-3087 not applicable
Deepak Rathore (2):
binutils: Fix CVE-2025-69644
qemu: Fix CVE-2024-6519
Himanshu Jadon (2):
apr-util: Add CVE_PRODUCT to support product name
apr: Add CVE_PRODUCT to support product name
Hitendra Prajapati (1):
libinput: fix for CVE-2026-50292
Jonas Munsin (1):
bzip2: set CVE_PRODUCT
Mark Hatle (1):
pseudo: Update to version 1.9.8
Naman Jain (1):
tiff: fix CVE-2026-4775
Peter Marko (1):
openssl: upgrade 3.5.6 -> 3.5.7
Ross Burton (2):
oeqa/core/runner: stub addDuration in OETestResult
classes/gtk-icon-cache: fix libdir passed to the postrm intercept
Shubham Pushpkar (1):
dpkg: Fix CVE-2026-2219
Sudhir Dumbhare (10):
go: fix CVE-2025-58183
go: fix CVE-2026-25679
go: fix CVE-2026-32288
python3: Fix CVE-2026-3644 and CVE-2026-0672
python3: Fix CVE-2026-4519 and CVE-2026-4786
python3: Fix CVE-2026-6019
python3: Fix CVE-2025-13462
go-binary-native: set status for CVE-2026-39836
go: set status for CVE-2026-39836
rust,libstd-rs: set status for CVE-2024-3566
Yoann Congal (1):
gdb: backport a patch to fix static_assert in recent GCC
meta/classes-recipe/gtk-icon-cache.bbclass | 2 +-
meta/lib/oeqa/core/runner.py | 4 +
...ch => CVE-2025-61984_CVE-2026-35386.patch} | 2 +-
.../openssh/openssh_9.6p1.bb | 2 +-
...1-Configure-do-not-tweak-mips-cflags.patch | 2 +-
.../{openssl_3.5.6.bb => openssl_3.5.7.bb} | 4 +-
.../binutils/binutils-2.42.inc | 2 +-
...ch => CVE-2025-69644-CVE-2025-69647.patch} | 3 +-
.../dpkg/dpkg/CVE-2026-2219.patch | 47 +++++
meta/recipes-devtools/dpkg/dpkg_1.22.0.bb | 1 +
meta/recipes-devtools/gdb/gdb.inc | 1 +
...gnu23-compatibility-wrt-static_asser.patch | 75 ++++++++
meta/recipes-devtools/go/go-1.22.12.inc | 4 +
.../go/go-binary-native_1.22.12.bb | 1 +
.../go/go/CVE-2025-58183.patch | 107 ++++++++++++
.../go/go/CVE-2026-25679.patch | 74 ++++++++
.../go/go/CVE-2026-32288.patch | 162 ++++++++++++++++++
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python/python3/CVE-2025-13462.patch | 142 +++++++++++++++
.../python3/CVE-2026-3644_CVE-2026-0672.patch | 154 +++++++++++++++++
.../python3/CVE-2026-4519_CVE-2026-4786.patch | 66 +++++++
.../python/python3/CVE-2026-4519_p1.patch | 107 ++++++++++++
.../python/python3/CVE-2026-4519_p2.patch | 159 +++++++++++++++++
.../python/python3/CVE-2026-6019_p1.patch | 133 ++++++++++++++
.../python/python3/CVE-2026-6019_p2.patch | 129 ++++++++++++++
.../python/python3_3.12.13.bb | 8 +
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2024-6519.patch | 51 ++++++
meta/recipes-devtools/rust/rust-source.inc | 1 +
meta/recipes-extended/bzip2/bzip2_1.0.8.bb | 2 +
.../libsolv/libsolv/CVE-2026-9150.patch | 68 ++++++++
.../libsolv/libsolv_0.7.28.bb | 1 +
.../wayland/libinput/CVE-2026-50292-01.patch | 109 ++++++++++++
.../wayland/libinput/CVE-2026-50292-02.patch | 99 +++++++++++
.../wayland/libinput_1.25.0.bb | 2 +
.../libtiff/tiff/CVE-2026-4775.patch | 59 +++++++
meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 1 +
meta/recipes-support/apr/apr-util_1.6.3.bb | 3 +
meta/recipes-support/apr/apr_1.7.5.bb | 3 +
39 files changed, 1785 insertions(+), 10 deletions(-)
rename meta/recipes-connectivity/openssh/openssh/{CVE-2025-61984.patch => CVE-2025-61984_CVE-2026-35386.patch} (99%)
rename meta/recipes-connectivity/openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} (98%)
rename meta/recipes-devtools/binutils/binutils/{CVE-2025-69647.patch => CVE-2025-69644-CVE-2025-69647.patch} (96%)
create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2026-2219.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0001-opcodes-fix-std-gnu23-compatibility-wrt-static_asser.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58183.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-25679.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32288.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13462.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-3644_CVE-2026-0672.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4519_CVE-2026-4786.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4519_p1.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4519_p2.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6019_p1.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6019_p2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-6519.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/CVE-2026-9150.patch
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2026-50292-01.patch
create mode 100644 meta/recipes-graphics/wayland/libinput/CVE-2026-50292-02.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2026-4775.patch
next reply other threads:[~2026-06-23 13:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 13:13 Yoann Congal [this message]
2026-06-23 13:13 ` [OE-core][scarthgap 01/26] pseudo: Update to version 1.9.8 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 02/26] openssh: fix CVE-2026-35386 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 03/26] tiff: fix CVE-2026-4775 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 04/26] go: fix CVE-2025-58183 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 05/26] go: fix CVE-2026-25679 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 06/26] go: fix CVE-2026-32288 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 07/26] binutils: Fix CVE-2025-69644 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 08/26] python3: Fix CVE-2026-3644 and CVE-2026-0672 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 09/26] python3: Fix CVE-2026-4519 and CVE-2026-4786 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 10/26] python3: Fix CVE-2026-6019 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 11/26] python3: Fix CVE-2025-13462 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 12/26] qemu: Fix CVE-2024-6519 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 13/26] dpkg: Fix CVE-2026-2219 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 14/26] libsolv: fix CVE-2026-9150 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 15/26] openssl: upgrade 3.5.6 -> 3.5.7 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 16/26] libinput: fix for CVE-2026-50292 Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 17/26] gdb: backport a patch to fix static_assert in recent GCC Yoann Congal
2026-06-23 13:13 ` [OE-core][scarthgap 18/26] oeqa/core/runner: stub addDuration in OETestResult Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 19/26] classes/gtk-icon-cache: fix libdir passed to the postrm intercept Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 20/26] python3: CVE-2026-3087 not applicable Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 21/26] bzip2: set CVE_PRODUCT Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 22/26] apr-util: Add CVE_PRODUCT to support product name Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 23/26] apr: " Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 24/26] go-binary-native: set status for CVE-2026-39836 Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 25/26] go: " Yoann Congal
2026-06-23 13:14 ` [OE-core][scarthgap 26/26] rust,libstd-rs: set status for CVE-2024-3566 Yoann Congal
-- strict thread matches above, loose matches on Subject: below --
2025-10-17 20:38 [OE-core][scarthgap 00/26] Patch review Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1782220259.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox