Openembedded Core Discussions
 help / color / mirror / Atom feed
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/25] Patch review
Date: Thu,  9 Jul 2026 12:06:16 +0200	[thread overview]
Message-ID: <cover.1783590688.git.yoann.congal@smile.fr> (raw)

Please review this set of changes for scarthgap and have comments back by
end of day Friday, July 10. This is a bit shorter period than usual,
ping me if you need more time (I've spent some time to understand the
below AB error).

*Somewhat* passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4178
3 sub builds failed:
* oe-selftest-armhost#4305
* oe-selftest-debian#4250
* oe-selftest-fedora#4075
Sadly, I did not got successful retries. I think this is related to:
15289 – [scarthgap] AB-INT: sstatetests.SStatePrintdiff.test_gcc_runtime_vs_gcc_source failure
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15289
I'm still trying to understand what is happening but now I think this
issue is *NOT* related to this series. The main issue for this series is
that it prevented to fully run the oe-selftests. I plan to get a
green-ish build before doing the pull-request.

The following changes since commit 2814f0962f56c8d1afa4de76d2895ba9b5cb767d:

  build-appliance-image: Update to scarthgap head revisions (2026-07-02 13:50:35 +0100)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

for you to fetch changes up to 728706a9dc79a8c70429b805fc40429bcd8e09fc:

  cve-update: Avoid NFS caching issues (2026-07-08 16:32:46 +0200)

----------------------------------------------------------------

Adarsh Jagadish Kamini (1):
  curl: fix CVE-2026-6276

Anil Dongare (2):
  cargo: Fix CVE-2026-5222
  cargo: Fix CVE-2026-5223

Ashishkumar Parmar (3):
  qemu: Fix CVE-2025-14876
  qemu: Fix CVE-2026-0665
  qemu: Fix CVE-2026-2243

Benjamin Robin (Schneider Electric) (1):
  openssh: CVE-2026-35387 patch also fixes CVE-2026-35414

Daniel Turull (2):
  libssh2: fix CVE-2026-55200
  libssh2: fix CVE-2026-55199

Esa Jaaskela (1):
  linux-yocto/6.6: update CVE exclusions (6.6.142)

Harish Sadineni (1):
  binutils: Add CVE-2025-69646 to "CVE:" tag

Himanshu Jadon (1):
  tar: Fix CVE-2026-5704

Hitendra Prajapati (4):
  vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177
  vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656
  vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130
  vim: Security fix for CVE-2026-28420 & CVE-2026-46483

Jaipaul Cheernam (1):
  curl: fix CVE-2026-5773 - wrong reuse of SMB connection

Jakub Szczudlo (1):
  libgcrypt: upgrade 1.10.3 -> 1.10.4

Nate Kent (1):
  sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers

Paul Barker (1):
  cve-update: Avoid NFS caching issues

Shubham Pushpkar (1):
  binutils: Fix CVE-2026-6846

Theo Gaige (Schneider Electric) (4):
  dhcpcd: patch CVE-2026-56113
  dhcpcd: patch CVE-2026-56114
  dhcpcd: patch CVE-2026-56117
  perl: patch CVE-2026-8376

 .../dhcpcd/dhcpcd_10.0.6.bb                   |    3 +
 .../dhcpcd/files/CVE-2026-56113.patch         |   92 +
 .../dhcpcd/files/CVE-2026-56114.patch         |   34 +
 .../dhcpcd/files/CVE-2026-56117.patch         |  167 +
 ...ch => CVE-2026-35414-CVE-2026-35387.patch} |    2 +-
 .../openssh/openssh_9.6p1.bb                  |    2 +-
 .../meta/cve-update-nvd2-native.bb            |    9 +-
 .../binutils/binutils-2.42.inc                |    1 +
 .../binutils/binutils/CVE-2025-69648.patch    |    2 +-
 .../binutils/binutils/CVE-2026-6846.patch     |   57 +
 .../perl/files/CVE-2026-8376-01.patch         |   62 +
 .../perl/files/CVE-2026-8376-02.patch         |   49 +
 meta/recipes-devtools/perl/perl_5.38.4.bb     |    2 +
 meta/recipes-devtools/qemu/qemu.inc           |    4 +
 .../qemu/qemu/CVE-2025-14876_p1.patch         |   52 +
 .../qemu/qemu/CVE-2025-14876_p2.patch         |   56 +
 .../qemu/qemu/CVE-2026-0665.patch             |   38 +
 .../qemu/qemu/CVE-2026-2243.patch             |   45 +
 .../rust/files/CVE-2026-5222.patch            |   92 +
 .../rust/files/CVE-2026-5223.patch            |  114 +
 meta/recipes-devtools/rust/rust-source.inc    |    2 +
 meta/recipes-extended/sudo/sudo_1.9.17p2.bb   |    2 +-
 .../tar/tar/CVE-2026-5704-dependent_p1.patch  |  484 +++
 .../tar/tar/CVE-2026-5704-dependent_p2.patch  |  169 +
 .../tar/tar/CVE-2026-5704-regression.patch    |  176 +
 .../tar/tar/CVE-2026-5704.patch               |  556 +++
 meta/recipes-extended/tar/tar_1.35.bb         |    4 +
 .../linux/cve-exclusion_6.6.inc               | 3418 +++++++++++++----
 .../curl/curl/CVE-2026-5773.patch             |   40 +
 .../curl/curl/CVE-2026-6276.patch             |  135 +
 meta/recipes-support/curl/curl_8.7.1.bb       |    2 +
 ...ilding-error-with-O2-in-sysroot-path.patch |   64 -
 ...r-handle-substitution-in-sed-command.patch |   49 +
 ...ibgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} |    4 +-
 .../libssh2/libssh2/CVE-2026-55199.patch      |   44 +
 .../libssh2/libssh2/CVE-2026-55200.patch      |   36 +
 .../recipes-support/libssh2/libssh2_1.11.1.bb |    2 +
 .../vim/files/CVE-2026-28417.patch            |   92 +
 .../vim/files/CVE-2026-28420.patch            |  162 +
 .../vim/files/CVE-2026-28421.patch            |  148 +
 .../vim/files/CVE-2026-32249.patch            |  117 +
 .../vim/files/CVE-2026-34714.patch            |  109 +
 .../vim/files/CVE-2026-34982.patch            |  105 +
 .../vim/files/CVE-2026-35177.patch            |   60 +
 .../vim/files/CVE-2026-41411.patch            |   75 +
 .../vim/files/CVE-2026-44656.patch            |  130 +
 .../vim/files/CVE-2026-45130.patch            |  115 +
 .../vim/files/CVE-2026-46483.patch            |   77 +
 meta/recipes-support/vim/vim.inc              |   11 +
 49 files changed, 6449 insertions(+), 822 deletions(-)
 create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch
 create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch
 create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch
 rename meta/recipes-connectivity/openssh/openssh/{CVE-2026-35387.patch => CVE-2026-35414-CVE-2026-35387.patch} (99%)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch
 create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch
 create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch
 create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5222.patch
 create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5223.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-5773.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-6276.patch
 delete mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
 create mode 100644 meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch
 rename meta/recipes-support/libgcrypt/{libgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} (92%)
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch
 create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-28417.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-28420.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-28421.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-32249.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-34714.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-34982.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-35177.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-41411.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-44656.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-45130.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-46483.patch



             reply	other threads:[~2026-07-09 10:07 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-09 10:06 Yoann Congal [this message]
2026-07-09 10:06 ` [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 02/25] libssh2: fix CVE-2026-55199 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 03/25] tar: Fix CVE-2026-5704 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 04/25] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 05/25] curl: fix CVE-2026-5773 - wrong reuse of SMB connection Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag Yoann Congal
2026-07-14 12:54   ` Paul Barker
2026-07-09 10:06 ` [OE-core][scarthgap 07/25] dhcpcd: patch CVE-2026-56113 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 08/25] dhcpcd: patch CVE-2026-56114 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 09/25] dhcpcd: patch CVE-2026-56117 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 10/25] vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 11/25] vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 12/25] vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 13/25] vim: Security fix for CVE-2026-28420 & CVE-2026-46483 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 14/25] perl: patch CVE-2026-8376 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 15/25] curl: fix CVE-2026-6276 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 16/25] linux-yocto/6.6: update CVE exclusions (6.6.142) Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 17/25] binutils: Fix CVE-2026-6846 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 18/25] qemu: Fix CVE-2025-14876 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 19/25] qemu: Fix CVE-2026-0665 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 20/25] qemu: Fix CVE-2026-2243 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 21/25] cargo: Fix CVE-2026-5222 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 22/25] cargo: Fix CVE-2026-5223 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 23/25] openssh: CVE-2026-35387 patch also fixes CVE-2026-35414 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 24/25] libgcrypt: upgrade 1.10.3 -> 1.10.4 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 25/25] cve-update: Avoid NFS caching issues Yoann Congal
  -- strict thread matches above, loose matches on Subject: below --
2026-06-05 22:33 [OE-core][scarthgap 00/25] Patch review Yoann Congal
2026-02-09  9:28 Yoann Congal
2025-01-04 13:41 Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1783590688.git.yoann.congal@smile.fr \
    --to=yoann.congal@smile.fr \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox