Openembedded Core Discussions
 help / color / mirror / Atom feed
* [OE-core][scarthgap 00/19] Patch review
@ 2026-06-29 14:19 Yoann Congal
  2026-06-29 14:19 ` [OE-core][scarthgap 01/19] gawk: use native gawk when building glibc and grub Yoann Congal
                   ` (18 more replies)
  0 siblings, 19 replies; 21+ messages in thread
From: Yoann Congal @ 2026-06-29 14:19 UTC (permalink / raw)
  To: openembedded-core

Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, July 1.

Some patches are aimed at progressing toward Ubuntu 26.04 support:
* gawk: use native gawk when building glibc and grub
* grub/glibc: Bump versions to resolve hashequiv/reproducibility issues
* gawk: trim native build configuration
* gawk-native: fix gcc-15/C23 compilation issues

Improving the NVD CVE data fetching:
* cve-update-nvd2-native: allow setting resultsPerPage
  NOTE: This patch does not exist in more recent branches
		(cve-update-nvd2-native was drop in favor of git based fetching)

Move away from /git/ in URLs for oe/yp.org servers:
* oeqa: Drop /git/ from our urls
* recipetool: Recognise https://git. as git urls

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4103

The following changes since commit 737293bead3e7b994347e47f09bc69437479d50c:

  linux-yocto/6.6: address ltp hang (2026-06-23 20:33:35 +0200)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-review
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-review

for you to fetch changes up to 54ce24005721f5c82d42242524eaed93c8cbeafa:

  recipetool: Recognise https://git. as git urls (2026-06-29 11:31:24 +0200)

----------------------------------------------------------------

Alexander Kanavin (1):
  gawk: use native gawk when building glibc and grub

Amaury Couderc (1):
  python3: fix CVE-2026-4224

Anil Dongare (1):
  libusb1: fix CVE-2026-23679 and CVE-2026-47104

Awais B (1):
  cve-update-nvd2-native: allow setting resultsPerPage

Harish Sadineni (1):
  binutils: Fix for CVE-2025-69648 and CVE-2025-69646

Hitendra Prajapati (2):
  libsoup: fix for CVE-2025-11021
  libsoup: fix for CVE-2026-2369

Richard Purdie (3):
  grub/glibc: Bump versions to resolve hashequiv/reproducibility issues
  oeqa: Drop /git/ from our urls
  recipetool: Recognise https://git. as git urls

Ross Burton (1):
  gawk: trim native build configuration

Sudhir Dumbhare (1):
  nfs-utils: fix CVE-2025-12801

Theo Gaige (Schneider Electric) (1):
  go: patch CVE-2026-27145

Vijay Anusuri (5):
  xwayland: Fix CVE-2026-33999
  xwayland: Fix CVE-2026-34000
  xwayland: Fix CVE-2026-34001
  xwayland: Fix CVE-2026-34002
  xwayland: Fix CVE-2026-34003

Yoann Congal (1):
  gawk-native: fix gcc-15/C23 compilation issues

 .../recipes-test/gitrepotest/gitrepotest.bb   |   2 +-
 .../gitunpackoffline/gitunpackoffline.inc     |   4 +-
 .../lib/oeqa/manual/toaster-managed-mode.json |   6 +-
 meta/lib/oeqa/sdkext/cases/devtool.py         |   4 +-
 meta/lib/oeqa/selftest/cases/devtool.py       |   4 +-
 meta/lib/oeqa/selftest/cases/recipetool.py    |   2 +-
 meta/recipes-bsp/grub/grub2.inc               |   6 +-
 .../nfs-utils/CVE-2025-12801-build-fix.patch  |  44 ++
 .../CVE-2025-12801-dependent_p1.patch         | 450 +++++++++++++++++
 .../CVE-2025-12801-dependent_p2.patch         |  81 +++
 .../CVE-2025-12801-dependent_p3.patch         | 181 +++++++
 .../CVE-2025-12801-dependent_p4.patch         | 468 ++++++++++++++++++
 .../nfs-utils/nfs-utils/CVE-2025-12801.patch  | 254 ++++++++++
 .../nfs-utils/nfs-utils_2.6.4.bb              |   6 +
 meta/recipes-core/glibc/glibc.inc             |   6 +-
 .../meta/cve-update-nvd2-native.bb            |  13 +
 .../binutils/binutils-2.42.inc                |   2 +-
 ...ch => CVE-2025-69646_CVE-2025-69648.patch} |   2 +-
 meta/recipes-devtools/go/go-1.22.12.inc       |   1 +
 .../go/go/CVE-2026-27145.patch                |  96 ++++
 .../python/python3/CVE-2026-4224.patch        | 121 +++++
 .../python/python3_3.12.13.bb                 |   1 +
 .../0001-Fix-some-C23-compilatio-issues.patch |  35 ++
 meta/recipes-extended/gawk/gawk_5.3.0.bb      |  15 +-
 .../xwayland/xwayland/CVE-2026-33999.patch    |  49 ++
 .../xwayland/xwayland/CVE-2026-34000.patch    |  72 +++
 .../xwayland/xwayland/CVE-2026-34001.patch    | 104 ++++
 .../xwayland/xwayland/CVE-2026-34002.patch    |  93 ++++
 .../xwayland/xwayland/CVE-2026-34003-1.patch  | 113 +++++
 .../xwayland/xwayland/CVE-2026-34003-2.patch  | 223 +++++++++
 .../xwayland/xwayland_23.2.5.bb               |   6 +
 .../libsoup-3.4.4/CVE-2025-11021.patch        |  57 +++
 .../libsoup/libsoup-3.4.4/CVE-2026-2369.patch |  32 ++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   2 +
 ...-2026-23679_CVE-2026-47104-dependent.patch |  46 ++
 .../CVE-2026-23679_CVE-2026-47104.patch       |  88 ++++
 meta/recipes-support/libusb/libusb1_1.0.27.bb |   2 +
 scripts/lib/recipetool/create.py              |   2 +-
 38 files changed, 2676 insertions(+), 17 deletions(-)
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-build-fix.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p4.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
 rename meta/recipes-devtools/binutils/binutils/{CVE-2025-69648.patch => CVE-2025-69646_CVE-2025-69648.patch} (99%)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27145.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-4224.patch
 create mode 100644 meta/recipes-extended/gawk/gawk/0001-Fix-some-C23-compilatio-issues.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-33999.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34000.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34001.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34002.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34003-1.patch
 create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2026-34003-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-11021.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2026-2369.patch
 create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104-dependent.patch
 create mode 100644 meta/recipes-support/libusb/libusb1/CVE-2026-23679_CVE-2026-47104.patch



^ permalink raw reply	[flat|nested] 21+ messages in thread
* [OE-core][scarthgap 00/19] Patch review
@ 2025-11-11 14:58 Steve Sakoman
  0 siblings, 0 replies; 21+ messages in thread
From: Steve Sakoman @ 2025-11-11 14:58 UTC (permalink / raw)
  To: openembedded-core

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, September 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2708

The following changes since commit 06d4981313ce67a8d53b1c14be9845b4b5a9f4cf:

  perf: add arm64 source files for unistd_64.h (2025-11-03 07:45:57 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (3):
  ca-certificates: get sources from debian tarballs
  ca-certificates: submit sysroot patch upstream, drop
    default-sysroot.patch
  xf86-video-intel: correct SRC_URI as freedesktop anongit is down

Ankur Tyagi (2):
  webkitgtk: upgrade 2.44.3 -> 2.44.4
  wireless-regdb: upgrade 2024.10.07 -> 2025.10.07

Archana Polampalli (7):
  go: fix CVE-2025-58185
  go: fix CVE-2025-58187
  go: fix CVE-2025-58188
  go: fix CVE-2025-58189
  go: fix CVE-2025-47912
  go: fix CVE-2025-61723
  go: fix CVE-2025-61724

Gyorgy Sarvari (1):
  ca-certificates: fix on-target postinstall script

Peter Marko (1):
  curl: ignore CVE-2025-10966

Richard Purdie (2):
  ca-certificates: upgrade 20240203 -> 20241223
  oeqa/selftest/devtool: Update after upstream repo changes

Theodore A. Roth (2):
  ca-certificates: update 20211016 -> 20240203
  ca-certificates: Add comment for provenance of SRCREV

Wang Mingyu (1):
  ca-certificates: upgrade 20241223 -> 20250419

 meta/lib/oeqa/selftest/cases/devtool.py       |   8 +-
 meta/recipes-devtools/go/go-1.22.12.inc       |   7 +
 .../go/go/CVE-2025-47912.patch                | 226 ++++++++++++
 .../go/go/CVE-2025-58185.patch                | 142 +++++++
 .../go/go/CVE-2025-58187.patch                | 349 ++++++++++++++++++
 .../go/go/CVE-2025-58188.patch                | 194 ++++++++++
 .../go/go/CVE-2025-58189.patch                |  50 +++
 .../go/go/CVE-2025-61723.patch                | 223 +++++++++++
 .../go/go/CVE-2025-61724.patch                |  75 ++++
 .../xorg-driver/xf86-video-intel_git.bb       |   2 +-
 ....10.07.bb => wireless-regdb_2025.10.07.bb} |   2 +-
 ...ebkitgtk_2.44.3.bb => webkitgtk_2.44.4.bb} |   2 +-
 ...ertdata2pem.py-print-a-warning-for-e.patch |  21 +-
 ...icates-don-t-use-Debianisms-in-run-p.patch |  20 +-
 ...2-update-ca-certificates-use-SYSROOT.patch |  46 ---
 ...icates-use-relative-symlinks-from-ET.patch |  18 +-
 .../ca-certificates/default-sysroot.patch     |  50 ---
 ...0211016.bb => ca-certificates_20250419.bb} |  19 +-
 meta/recipes-support/curl/curl_8.7.1.bb       |   1 +
 19 files changed, 1311 insertions(+), 144 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47912.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58185.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58187.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58188.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58189.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61723.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61724.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.10.07.bb => wireless-regdb_2025.10.07.bb} (94%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.44.3.bb => webkitgtk_2.44.4.bb} (98%)
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
 rename meta/recipes-support/ca-certificates/{ca-certificates_20211016.bb => ca-certificates_20250419.bb} (84%)

-- 
2.43.0



^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2026-06-29 14:20 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-29 14:19 [OE-core][scarthgap 00/19] Patch review Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 01/19] gawk: use native gawk when building glibc and grub Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 02/19] grub/glibc: Bump versions to resolve hashequiv/reproducibility issues Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 03/19] gawk: trim native build configuration Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 04/19] gawk-native: fix gcc-15/C23 compilation issues Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 05/19] libsoup: fix for CVE-2025-11021 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 06/19] libsoup: fix for CVE-2026-2369 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 07/19] go: patch CVE-2026-27145 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 08/19] binutils: Fix for CVE-2025-69648 and CVE-2025-69646 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 09/19] xwayland: Fix CVE-2026-33999 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 10/19] xwayland: Fix CVE-2026-34000 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 11/19] xwayland: Fix CVE-2026-34001 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 12/19] xwayland: Fix CVE-2026-34002 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 13/19] xwayland: Fix CVE-2026-34003 Yoann Congal
2026-06-29 14:19 ` [OE-core][scarthgap 14/19] libusb1: fix CVE-2026-23679 and CVE-2026-47104 Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 15/19] nfs-utils: fix CVE-2025-12801 Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 16/19] cve-update-nvd2-native: allow setting resultsPerPage Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 17/19] python3: fix CVE-2026-4224 Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 18/19] oeqa: Drop /git/ from our urls Yoann Congal
2026-06-29 14:20 ` [OE-core][scarthgap 19/19] recipetool: Recognise https://git. as git urls Yoann Congal
  -- strict thread matches above, loose matches on Subject: below --
2025-11-11 14:58 [OE-core][scarthgap 00/19] Patch review Steve Sakoman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox