| Message ID | cover.1768914702.git.yoann.congal@smile.fr |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
Le mar. 20 janv. 2026 à 14:38, Yoann Congal <yoann.congal@smile.fr> a écrit : > Please review this set of changes for kirkstone and have comments back by > end of day Thursday, January 22. > > This is the last patch review request for kirkstone 4.0.33 before it is > built on monday: In addition to normal CVE fixes: > * pseudo upgrade to fix 16117 – AB-INT: do_package: Error executing a > python function in exec_func_python() autogenerated > https://bugzilla.yoctoproject.org/show_bug.cgi?id=16117 > * A oeqa fix for 16137 – AB-INT: core-image-sato.bb:do_testsdk fails on > ftpmirror.gnu.org returning 502 Bad Gateway > https://bugzilla.yoctoproject.org/show_bug.cgi?id=16137 > > Passed (with rebuild) a-full on autobuilder: > * https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3090 > * via poky-contrib stable/kirkstone-nut : > * OE-core tip is at > https://git.yoctoproject.org/poky-contrib/commit/?h=stable/kirkstone-nut&id=08f446ecb3d3b78daaf8e5b90dec1bff6cb1d5d8 > * meta-mingw failed > https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3115 > * Bug is: #16145 – [kirkstone] AB-INT: mingw-sdktest fail with "wine > %CC" returning 1 > * then, with the same commits, meta-mingw was successfully rebuilt > https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3119 I have now re-run a successful a-full test https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3097 with the v2 of "python3-urllib3: patch CVE-2025-66418" https://lists.openembedded.org/g/openembedded-core/topic/kirkstone_patch_v2/117362843 The tip of the stable/kirkstone-nut is now at https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=1ce772b2fd97d2e8364a602fdd313355f2df967e > The following changes since commit > 0057fc49725db8637656fac10631d8f89799bad3: > > go: Fix CVE-2025-61729 (2025-12-29 08:48:27 -0800) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib > stable/kirkstone-nut > > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut > > for you to fetch changes up to 20ff1a4ac744855b54952d7fad7424696500a230: > > oeqa: Use 2.14 release of cpio instead of 2.13 (2026-01-19 23:44:02 > +0100) > > ---------------------------------------------------------------- > > Hitendra Prajapati (1): > python3: fix CVE-2025-13836 > > Khem Raj (1): > oeqa: Use 2.14 release of cpio instead of 2.13 > > Paul Barker (1): > pseudo: Add hard sstate dependencies for pseudo-native > > Peter Marko (17): > util-linux: patch CVE-2025-14104 > glib-2.0: patch CVE-2025-13601 > glib-2.0: patch CVE-2025-14087 > glib-2.0: patch CVE-2025-14512 > qemu: ignore CVE-2025-54566 and CVE-2025-54567 > cups: patch CVE-2025-58436 > cups: patch CVE-2025-61915 > cups: allow unknown directives in conf files > dropbear: patch CVE-2019-6111 > python3-urllib3: patch CVE-2025-66418 > libpcap: patch CVE-2025-11961 > libpcap: patch CVE-2025-11964 > libarchive: fix CVE-2025-60753 regression > curl: patch CVE-2025-14017 > curl: patch CVE-2025-15079 > curl: patch CVE-2025-15224 > gnupg: patch CVE-2025-68973 > > Richard Purdie (4): > pseudo: Upgrade to version 1.9.1 > pseudo: Update to pull in memleak fix > pseudo: Update to pull in openat2 and efault return code changes > pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' > > Robert Yang (1): > pseudo: 1.9.0 -> 1.9.2 > > Vijay Anusuri (1): > binutils: Fix CVE-2025-1181 > > meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +- > meta/lib/oeqa/sdk/cases/buildcpio.py | 4 +- > meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +- > .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++ > .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++ > .../libpcap/libpcap/CVE-2025-11964.patch | 33 + > .../libpcap/libpcap_1.10.1.bb | 3 + > meta/recipes-core/dropbear/dropbear.inc | 1 + > .../dropbear/dropbear/CVE-2019-6111.patch | 157 +++++ > .../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 ++++ > .../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++ > .../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 ++ > .../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 +++++++ > .../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++ > .../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 ++ > meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 6 + > meta/recipes-core/util-linux/util-linux.inc | 2 + > .../util-linux/CVE-2025-14104-01.patch | 33 + > .../util-linux/CVE-2025-14104-02.patch | 28 + > .../binutils/binutils-2.38.inc | 2 + > .../binutils/binutils/CVE-2025-1181-pre.patch | 149 +++++ > .../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++ > .../0001-configure-Prune-PIE-flags.patch | 44 -- > .../pseudo/files/glibc238.patch | 65 -- > .../pseudo/files/older-glibc-symbols.patch | 4 +- > meta/recipes-devtools/pseudo/pseudo.inc | 7 + > meta/recipes-devtools/pseudo/pseudo_git.bb | 6 +- > .../python3-urllib3/CVE-2025-66418.patch | 70 ++ > .../python/python3-urllib3_1.26.20.bb | 1 + > .../python/python3/CVE-2025-13836.patch | 163 +++++ > .../python/python3_3.10.19.bb | 1 + > meta/recipes-devtools/qemu/qemu.inc | 3 + > meta/recipes-extended/cups/cups.inc | 3 + > ...pping-scheduler-on-unknown-directive.patch | 43 ++ > .../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++ > .../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++ > ...25-60753.patch => CVE-2025-60753-01.patch} | 0 > .../libarchive/CVE-2025-60753-02.patch | 46 ++ > .../libarchive/libarchive_3.6.2.bb | 3 +- > .../curl/curl/CVE-2025-14017.patch | 115 ++++ > .../curl/curl/CVE-2025-15079.patch | 32 + > .../curl/curl/CVE-2025-15224.patch | 31 + > meta/recipes-support/curl/curl_7.82.0.bb | 3 + > .../gnupg/gnupg/CVE-2025-68973.patch | 108 +++ > meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 + > 45 files changed, 3763 insertions(+), 120 deletions(-) > create mode 100644 > meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch > create mode 100644 > meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch > create mode 100644 > meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch > create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch > create mode 100644 > meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch > create mode 100644 > meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch > delete mode 100644 > meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch > delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch > create mode 100644 > meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch > create mode 100644 > meta/recipes-devtools/python/python3/CVE-2025-13836.patch > create mode 100644 > meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch > create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch > rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch > => CVE-2025-60753-01.patch} (100%) > create mode 100644 > meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch > create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch > >
Please review this set of changes for kirkstone and have comments back by end of day Thursday, January 22. This is the last patch review request for kirkstone 4.0.33 before it is built on monday: In addition to normal CVE fixes: * pseudo upgrade to fix 16117 – AB-INT: do_package: Error executing a python function in exec_func_python() autogenerated https://bugzilla.yoctoproject.org/show_bug.cgi?id=16117 * A oeqa fix for 16137 – AB-INT: core-image-sato.bb:do_testsdk fails on ftpmirror.gnu.org returning 502 Bad Gateway https://bugzilla.yoctoproject.org/show_bug.cgi?id=16137 Passed (with rebuild) a-full on autobuilder: * https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3090 * via poky-contrib stable/kirkstone-nut : * OE-core tip is at https://git.yoctoproject.org/poky-contrib/commit/?h=stable/kirkstone-nut&id=08f446ecb3d3b78daaf8e5b90dec1bff6cb1d5d8 * meta-mingw failed https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3115 * Bug is: #16145 – [kirkstone] AB-INT: mingw-sdktest fail with "wine %CC" returning 1 * then, with the same commits, meta-mingw was successfully rebuilt https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3119 The following changes since commit 0057fc49725db8637656fac10631d8f89799bad3: go: Fix CVE-2025-61729 (2025-12-29 08:48:27 -0800) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut for you to fetch changes up to 20ff1a4ac744855b54952d7fad7424696500a230: oeqa: Use 2.14 release of cpio instead of 2.13 (2026-01-19 23:44:02 +0100) ---------------------------------------------------------------- Hitendra Prajapati (1): python3: fix CVE-2025-13836 Khem Raj (1): oeqa: Use 2.14 release of cpio instead of 2.13 Paul Barker (1): pseudo: Add hard sstate dependencies for pseudo-native Peter Marko (17): util-linux: patch CVE-2025-14104 glib-2.0: patch CVE-2025-13601 glib-2.0: patch CVE-2025-14087 glib-2.0: patch CVE-2025-14512 qemu: ignore CVE-2025-54566 and CVE-2025-54567 cups: patch CVE-2025-58436 cups: patch CVE-2025-61915 cups: allow unknown directives in conf files dropbear: patch CVE-2019-6111 python3-urllib3: patch CVE-2025-66418 libpcap: patch CVE-2025-11961 libpcap: patch CVE-2025-11964 libarchive: fix CVE-2025-60753 regression curl: patch CVE-2025-14017 curl: patch CVE-2025-15079 curl: patch CVE-2025-15224 gnupg: patch CVE-2025-68973 Richard Purdie (4): pseudo: Upgrade to version 1.9.1 pseudo: Update to pull in memleak fix pseudo: Update to pull in openat2 and efault return code changes pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' Robert Yang (1): pseudo: 1.9.0 -> 1.9.2 Vijay Anusuri (1): binutils: Fix CVE-2025-1181 meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +- meta/lib/oeqa/sdk/cases/buildcpio.py | 4 +- meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +- .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++ .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++ .../libpcap/libpcap/CVE-2025-11964.patch | 33 + .../libpcap/libpcap_1.10.1.bb | 3 + meta/recipes-core/dropbear/dropbear.inc | 1 + .../dropbear/dropbear/CVE-2019-6111.patch | 157 +++++ .../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 ++++ .../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++ .../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 ++ .../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 +++++++ .../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++ .../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 ++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 6 + meta/recipes-core/util-linux/util-linux.inc | 2 + .../util-linux/CVE-2025-14104-01.patch | 33 + .../util-linux/CVE-2025-14104-02.patch | 28 + .../binutils/binutils-2.38.inc | 2 + .../binutils/binutils/CVE-2025-1181-pre.patch | 149 +++++ .../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++ .../0001-configure-Prune-PIE-flags.patch | 44 -- .../pseudo/files/glibc238.patch | 65 -- .../pseudo/files/older-glibc-symbols.patch | 4 +- meta/recipes-devtools/pseudo/pseudo.inc | 7 + meta/recipes-devtools/pseudo/pseudo_git.bb | 6 +- .../python3-urllib3/CVE-2025-66418.patch | 70 ++ .../python/python3-urllib3_1.26.20.bb | 1 + .../python/python3/CVE-2025-13836.patch | 163 +++++ .../python/python3_3.10.19.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 3 + meta/recipes-extended/cups/cups.inc | 3 + ...pping-scheduler-on-unknown-directive.patch | 43 ++ .../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++ .../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++ ...25-60753.patch => CVE-2025-60753-01.patch} | 0 .../libarchive/CVE-2025-60753-02.patch | 46 ++ .../libarchive/libarchive_3.6.2.bb | 3 +- .../curl/curl/CVE-2025-14017.patch | 115 ++++ .../curl/curl/CVE-2025-15079.patch | 32 + .../curl/curl/CVE-2025-15224.patch | 31 + meta/recipes-support/curl/curl_7.82.0.bb | 3 + .../gnupg/gnupg/CVE-2025-68973.patch | 108 +++ meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 + 45 files changed, 3763 insertions(+), 120 deletions(-) create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch delete mode 100644 meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch create mode 100644 meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch => CVE-2025-60753-01.patch} (100%) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch