From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][wrynose 00/55] Patch review
Date: Mon, 6 Jul 2026 00:40:50 +0200 [thread overview]
Message-ID: <cover.1783289522.git.yoann.congal@smile.fr> (raw)
Please review this set of changes for wrynose and have comments back by
end of day Tuesday, July 7. Since this is a relatively big series, if
you plan to review it but need more time to do so, ping me and I'll
delay the pull-request.
Notable changes:
* kernel upgrade -> v6.18.35 cherry-picked from master
* clang/llvm upgrade -> 22.1.18 (following master)
* Licensing fixes
A previous version of the series, with 4 more patches that I removed and
should not change test outcome, passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4151
* oe-selftest-armhost failed with Bug 16236 - AB-INT: test_list_pkg_files: ResourceWarning: unclosed transport
retried as https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/4280
I've started a new build with this version of the series:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/4156
The following changes since commit 5d1aa5c806c061a2994f4decb59016610f093213:
build-appliance-image: Update to wrynose head revisions (2026-06-24 14:17:46 +0100)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/wrynose-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/wrynose-nut
for you to fetch changes up to 728e70d7c681402d8e797691825bfd9929aa79cb:
clang/llvm: Upgrade to 22.1.8 release (2026-07-06 00:04:52 +0200)
----------------------------------------------------------------
Alexander Kanavin (1):
strace: remove skip-bpf.patch
Anil Dongare (4):
cargo: Fix CVE-2026-5222
cargo: Fix CVE-2026-5223
cups: fix CVE-2026-27447
cups: fix CVE-2026-41079
Anton Skorup (1):
libxml2: patch CVE-2026-11979
Ashishkumar Parmar (3):
qemu: Fix CVE-2026-2243
qemu: Fix CVE-2026-0665
qemu: Fix CVE-2025-14876
Bruce Ashfield (8):
linux-yocto/6.18: update to v6.18.25
linux-yocto/6.18: update to v6.18.26
linux-yocto/6.18: update to v6.18.28
linux-yocto/6.18: update to v6.18.32
linux-yocto/6.18: qat/intel configuration warning fixes
linux-yocto/6.18: update to v6.18.33
linux-yocto/6.18: update to v6.18.34
linux-yocto/6.18: update to v6.18.35
Daniel Turull (3):
libssh2: fix CVE-2026-55200
libssh2: fix CVE-2026-55199
bc: set CVE_PRODUCT
Deepesh Varatharajan (1):
clang/llvm: Upgrade to 22.1.8 release
Hiago De Franco (1):
nospdx: also drop do_create_recipe_sbom
Himanshu Jadon (1):
tar: Fix CVE-2026-5704
Hitendra Prajapati (2):
vim: fix for CVE-2026-41411 & CVE-2026-44656
vim: fix for CVE-2026-45130 & CVE-2026-46483
Jaipaul Cheernam (2):
binutils: Fix CVE-2026-6846
cmake-native: prevent host libidn2 contamination
Jinwang Li (1):
bluez5: fix set volume failure
João Marcos Costa (1):
ptest-packagelists.inc: disable glib-2.0 for RISCV64
Khem Raj (1):
baremetal-helloworld: Fix override order
Kris Gavvala (1):
python3: skiptest tracemalloc_track_race
Mengshi Wu (1):
bluez5: fix gatt cache sync issue
Nate Kent (1):
sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers
Otavio Salvador (1):
quota: use native rpcgen and a single-word RPCGEN_CPP
Peter Kjellerstedt (1):
common-licenses/PHP-3.0: Correct the license text
Richard Purdie (3):
libxpm: upgrade 3.5.18 -> 3.5.19
python3-click: Fixes for new pytest and flaky ptest
sstate: Reduce native sysroot execution race potential
Roland Kovacs (1):
gnupg: fix CVE-2026-57062
Ross Burton (2):
tcl: disable the timer tests in run-ptest
libjitterentropy: fix license statement
Sai Sneha (1):
i2c-tools: add LGPL-2.1-or-later license for libi2c
Shubham Pushpkar (1):
libsolv: Fix CVE-2026-9149
Siva Balasubramanian (1):
qemuboot.bbclass: add missing task dependency on kernel deploy
Theo Gaige (Schneider Electric) (5):
dhcpcd: patch CVE-2026-56113
dhcpcd: patch CVE-2026-56114
dhcpcd: patch CVE-2026-56116
dhcpcd: patch CVE-2026-56117
perl: patch CVE-2026-8376
Walter Werner Schneider (1):
devtool: provide explicit error for missing "script" command
Wei Deng (1):
bluez5: set L2CAP IMTU for OBEX profile listeners
Wei Gao (1):
dmidecode: fix x86-only tools being installed on ARM targets
Xiaozhan Li (1):
texinfo: add missing perl module runtime dependencies
Xiuzhuo Shang (1):
bluez5: Fix sending extra bytes with MGMT_OP_ADD_EXT_ADV_DATA
Yoann Congal (1):
dropbear: Add missing WTFPL & Unlicense in LICENSE and
LIC_FILES_CHKSUM
meta/classes-global/sstate.bbclass | 4 +
meta/classes-recipe/nospdx.bbclass | 1 +
meta/classes-recipe/qemuboot.bbclass | 1 +
meta/conf/distro/include/maintainers.inc | 2 +-
.../distro/include/ptest-packagelists.inc | 4 +-
meta/files/common-licenses/PHP-3.0 | 76 +--
meta/recipes-connectivity/bluez5/bluez5.inc | 4 +
...sending-extra-bytes-with-MGMT_OP_ADD.patch | 33 ++
...2CAP-IMTU-for-OBEX-profile-listeners.patch | 118 ++++
...x-stored-gatt-cache-DB-Hash-value-no.patch | 84 +++
...t-volume-failure-with-invalid-device.patch | 46 ++
.../dhcpcd/dhcpcd_10.3.1.bb | 4 +
.../dhcpcd/files/CVE-2026-56113.patch | 92 +++
.../dhcpcd/files/CVE-2026-56114.patch | 34 ++
.../dhcpcd/files/CVE-2026-56116.patch | 31 +
.../dhcpcd/files/CVE-2026-56117.patch | 167 ++++++
.../recipes-core/dropbear/dropbear_2025.89.bb | 8 +-
.../libxml/libxml2/CVE-2026-11979.patch | 81 +++
meta/recipes-core/libxml/libxml2_2.15.2.bb | 1 +
.../meta/nativesdk-buildtools-perl-dummy.bb | 2 +
.../binutils/binutils-2.46.inc | 1 +
.../binutils/binutils/CVE-2026-6846.patch | 59 ++
meta/recipes-devtools/clang/common-clang.inc | 2 +-
meta/recipes-devtools/clang/common.inc | 2 +-
.../cmake/cmake-native_4.3.1.bb | 1 +
.../dmidecode/dmidecode_3.7.bb | 1 +
.../i2c-tools/i2c-tools_4.4.bb | 5 +-
.../perl/files/CVE-2026-8376-01.patch | 62 ++
.../perl/files/CVE-2026-8376-02.patch | 49 ++
meta/recipes-devtools/perl/perl_5.42.0.bb | 2 +
...7494c991c9197902fdf4995e11b2da3e9762.patch | 173 ++++++
.../python/python3-click/pytest-fix.patch | 29 +
.../python/python3-click_8.3.1.bb | 1 +
.../recipes-devtools/python/python3_3.14.5.bb | 7 +
meta/recipes-devtools/qemu/qemu.inc | 4 +
.../qemu/qemu/CVE-2025-14876_p1.patch | 52 ++
.../qemu/qemu/CVE-2025-14876_p2.patch | 56 ++
.../qemu/qemu/CVE-2026-0665.patch | 38 ++
.../qemu/qemu/CVE-2026-2243.patch | 45 ++
.../rust/files/CVE-2026-5222.patch | 92 +++
.../rust/files/CVE-2026-5223.patch | 125 ++++
meta/recipes-devtools/rust/rust-source.inc | 2 +
.../strace/strace/skip-bpf.patch | 25 -
meta/recipes-devtools/strace/strace_6.19.bb | 1 -
meta/recipes-devtools/tcltk/tcl/run-ptest | 2 +
meta/recipes-devtools/tcltk8/tcl8/run-ptest | 2 +
.../baremetal-helloworld_git.bb | 2 +-
meta/recipes-extended/bc/bc_1.08.2.bb | 3 +
meta/recipes-extended/cups/cups.inc | 4 +
.../cups/CVE-2026-27447-regression_p1.patch | 46 ++
.../cups/CVE-2026-27447-regression_p2.patch | 58 ++
.../cups/cups/CVE-2026-27447.patch | 120 ++++
.../cups/cups/CVE-2026-41079.patch | 73 +++
.../libsolv/libsolv/CVE-2026-9149.patch | 152 +++++
.../libsolv/libsolv_0.7.36.bb | 1 +
meta/recipes-extended/quota/quota_4.11.bb | 6 +-
meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +-
.../tar/tar/CVE-2026-5704-dependent_p1.patch | 484 +++++++++++++++
.../tar/tar/CVE-2026-5704-dependent_p2.patch | 169 ++++++
.../tar/tar/CVE-2026-5704-regression.patch | 176 ++++++
.../tar/tar/CVE-2026-5704.patch | 556 ++++++++++++++++++
meta/recipes-extended/tar/tar_1.35.bb | 4 +
meta/recipes-extended/texinfo/texinfo_7.3.bb | 4 +
.../{libxpm_3.5.18.bb => libxpm_3.5.19.bb} | 2 +-
.../linux/linux-yocto-rt_6.18.bb | 6 +-
.../linux/linux-yocto-tiny_6.18.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_6.18.bb | 24 +-
.../gnupg/gnupg/CVE-2026-57062.patch | 43 ++
meta/recipes-support/gnupg/gnupg_2.5.17.bb | 1 +
.../libjitterentropy_3.6.3.bb | 3 +-
.../libssh2/libssh2/CVE-2026-55199.patch | 44 ++
.../libssh2/libssh2/CVE-2026-55200.patch | 36 ++
.../recipes-support/libssh2/libssh2_1.11.1.bb | 2 +
.../vim/files/CVE-2026-41411.patch | 75 +++
.../vim/files/CVE-2026-44656.patch | 124 ++++
.../vim/files/CVE-2026-45130.patch | 115 ++++
.../vim/files/CVE-2026-46483.patch | 77 +++
meta/recipes-support/vim/vim.inc | 4 +
scripts/lib/devtool/__init__.py | 3 +
79 files changed, 3938 insertions(+), 118 deletions(-)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-advertising-Fix-sending-extra-bytes-with-MGMT_OP_ADD.patch
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-profile-Set-L2CAP-IMTU-for-OBEX-profile-listeners.patch
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-src-device-Fix-stored-gatt-cache-DB-Hash-value-no.patch
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-transport-Fix-set-volume-failure-with-invalid-device.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56116.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-11979.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch
create mode 100644 meta/recipes-devtools/python/python3-click/ffcc7494c991c9197902fdf4995e11b2da3e9762.patch
create mode 100644 meta/recipes-devtools/python/python3-click/pytest-fix.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch
create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5222.patch
create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5223.patch
delete mode 100644 meta/recipes-devtools/strace/strace/skip-bpf.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-27447-regression_p1.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-27447-regression_p2.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-27447.patch
create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-41079.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/CVE-2026-9149.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704.patch
rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.18.bb => libxpm_3.5.19.bb} (88%)
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-41411.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-44656.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-45130.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-46483.patch
next reply other threads:[~2026-07-05 22:42 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:40 Yoann Congal [this message]
2026-07-05 22:40 ` [OE-core][wrynose 01/55] bluez5: fix set volume failure Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 02/55] bluez5: Fix sending extra bytes with MGMT_OP_ADD_EXT_ADV_DATA Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 03/55] bluez5: fix gatt cache sync issue Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 04/55] bluez5: set L2CAP IMTU for OBEX profile listeners Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 05/55] linux-yocto/6.18: update to v6.18.25 Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 06/55] linux-yocto/6.18: update to v6.18.26 Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 07/55] linux-yocto/6.18: update to v6.18.28 Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 08/55] linux-yocto/6.18: update to v6.18.32 Yoann Congal
2026-07-05 22:40 ` [OE-core][wrynose 09/55] linux-yocto/6.18: qat/intel configuration warning fixes Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 10/55] linux-yocto/6.18: update to v6.18.33 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 11/55] linux-yocto/6.18: update to v6.18.34 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 12/55] linux-yocto/6.18: update to v6.18.35 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 13/55] libssh2: fix CVE-2026-55200 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 14/55] libssh2: fix CVE-2026-55199 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 15/55] binutils: Fix CVE-2026-6846 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 16/55] cmake-native: prevent host libidn2 contamination Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 17/55] libxpm: upgrade 3.5.18 -> 3.5.19 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 18/55] cargo: Fix CVE-2026-5222 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 19/55] cargo: Fix CVE-2026-5223 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 20/55] qemu: Fix CVE-2026-2243 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 21/55] qemu: Fix CVE-2026-0665 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 22/55] qemu: Fix CVE-2025-14876 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 23/55] vim: fix for CVE-2026-41411 & CVE-2026-44656 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 24/55] vim: fix for CVE-2026-45130 & CVE-2026-46483 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 25/55] cups: fix CVE-2026-27447 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 26/55] cups: fix CVE-2026-41079 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 27/55] libsolv: Fix CVE-2026-9149 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 28/55] gnupg: fix CVE-2026-57062 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 29/55] tar: Fix CVE-2026-5704 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 30/55] dhcpcd: patch CVE-2026-56113 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 31/55] dhcpcd: patch CVE-2026-56114 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 32/55] dhcpcd: patch CVE-2026-56116 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 33/55] dhcpcd: patch CVE-2026-56117 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 34/55] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 35/55] texinfo: add missing perl module runtime dependencies Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 36/55] perl: patch CVE-2026-8376 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 37/55] python3: skiptest tracemalloc_track_race Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 38/55] common-licenses/PHP-3.0: Correct the license text Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 39/55] quota: use native rpcgen and a single-word RPCGEN_CPP Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 40/55] python3-click: Fixes for new pytest and flaky ptest Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 41/55] i2c-tools: add LGPL-2.1-or-later license for libi2c Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 42/55] strace: remove skip-bpf.patch Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 43/55] devtool: provide explicit error for missing "script" command Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 44/55] sstate: Reduce native sysroot execution race potential Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 45/55] tcl: disable the timer tests in run-ptest Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 46/55] libjitterentropy: fix license statement Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 47/55] ptest-packagelists.inc: disable glib-2.0 for RISCV64 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 48/55] nospdx: also drop do_create_recipe_sbom Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 49/55] dmidecode: fix x86-only tools being installed on ARM targets Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 50/55] qemuboot.bbclass: add missing task dependency on kernel deploy Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 51/55] baremetal-helloworld: Fix override order Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 52/55] bc: set CVE_PRODUCT Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 53/55] libxml2: patch CVE-2026-11979 Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 54/55] dropbear: Add missing WTFPL & Unlicense in LICENSE and LIC_FILES_CHKSUM Yoann Congal
2026-07-05 22:41 ` [OE-core][wrynose 55/55] clang/llvm: Upgrade to 22.1.8 release Yoann Congal
2026-07-06 8:42 ` [OE-core][wrynose 00/55] Patch review Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1783289522.git.yoann.congal@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox