[scarthgap,00/15] Patch review

Message ID	cover.1745981742.git.steve@sakoman.com
State	Not Applicable, archived
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.180, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 00/15] Patch review Date: Tue, 29 Apr 2025 19:59:48 -0700 Message-ID: <cover.1745981742.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1745981742.git.steve@sakoman.com

State

Not Applicable, archived

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/15] Patch review
Date: Tue, 29 Apr 2025 19:59:48 -0700
Message-ID: <cover.1745981742.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman April 30, 2025, 2:59 a.m. UTC

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, May 1

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1498

The following changes since commit 87cadf62ba0d6b0fc3dc0151a5d320919b7eb1ab:

  bluez5: add missing tools to noinst-tools package (2025-04-22 10:32:27 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Alexander Kanavin (1):
  perlcross: update 1.5.2 -> 1.6

Archana Polampalli (2):
  perlcross: 1.6 -> 1.6.2
  perl: upgrade 5.38.2 -> 5.38.4

Changqing Li (4):
  initscripts: add function
    log_success_msg/log_failure_msg/log_warning_msg
  buildtools-tarball: move setting of envvars to respective envfile
  buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS
  buildtools-tarball: Make buildtools respects host CA certificates

Peter Marko (5):
  ppp: patch CVE-2024-58250
  libxml2: patch CVE-2025-32414
  libxml2: patch CVE-2025-32415
  glib-2.0: patch CVE-2025-3360
  Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR"

Priyal Doshi (1):
  tzdata/tzcode-native: upgrade 2025a -> 2025b

Shubham Kulkarni (1):
  libpam: Update fix for CVE-2024-10041

Soumya Sambu (1):
  git: Upgrade 2.44.1 -> 2.44.3

 .../openssl/files/environment.d-openssl.sh    |  22 +-
 .../ppp/ppp/CVE-2024-58250.patch              | 194 ++++++++++++++++++
 meta/recipes-connectivity/ppp/ppp_2.5.0.bb    |   2 +-
 .../glib-2.0/glib-2.0/CVE-2025-3360-01.patch  |  57 +++++
 .../glib-2.0/glib-2.0/CVE-2025-3360-02.patch  |  53 +++++
 .../glib-2.0/glib-2.0/CVE-2025-3360-03.patch  |  36 ++++
 .../glib-2.0/glib-2.0/CVE-2025-3360-04.patch  |  76 +++++++
 .../glib-2.0/glib-2.0/CVE-2025-3360-05.patch  |  57 +++++
 .../glib-2.0/glib-2.0/CVE-2025-3360-06.patch  |  50 +++++
 meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb |   8 +-
 .../initscripts/initscripts-1.0/functions     |  21 ++
 .../initscripts/initscripts_1.0.bb            |   1 -
 .../libxml/libxml2/CVE-2025-32414.patch       |  74 +++++++
 .../libxml/libxml2/CVE-2025-32415.patch       |  39 ++++
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |   2 +
 meta/recipes-core/meta/buildtools-tarball.bb  |  29 ++-
 .../meta/cve-update-nvd2-native.bb            |   2 -
 .../git/git/environment.d-git.sh              |  19 ++
 .../git/{git_2.44.1.bb => git_2.44.3.bb}      |  10 +-
 ...ile-check-the-file-if-patched-or-not.patch |   3 +-
 ...oss-add-LDFLAGS-when-linking-libperl.patch |   9 +-
 .../perl-cross/files/determinism.patch        |  41 ++--
 ...{perlcross_1.5.2.bb => perlcross_1.6.2.bb} |   2 +-
 .../perl/{perl_5.38.2.bb => perl_5.38.4.bb}   |   2 +-
 .../environment.d-python3-requests.sh         |  11 +
 .../python/python3-requests_2.32.3.bb         |  11 +
 ...024-10041.patch => CVE-2024-10041-1.patch} |   0
 .../pam/libpam/CVE-2024-10041-2.patch         |  77 +++++++
 meta/recipes-extended/pam/libpam_1.5.3.bb     |   3 +-
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../curl/curl/environment.d-curl.sh           |  19 ++
 meta/recipes-support/curl/curl_8.7.1.bb       |   9 +
 32 files changed, 899 insertions(+), 46 deletions(-)
 create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
 create mode 100644 meta/recipes-devtools/git/git/environment.d-git.sh
 rename meta/recipes-devtools/git/{git_2.44.1.bb => git_2.44.3.bb} (93%)
 rename meta/recipes-devtools/perl-cross/{perlcross_1.5.2.bb => perlcross_1.6.2.bb} (92%)
 rename meta/recipes-devtools/perl/{perl_5.38.2.bb => perl_5.38.4.bb} (99%)
 create mode 100644 meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
 rename meta/recipes-extended/pam/libpam/{CVE-2024-10041.patch => CVE-2024-10041-1.patch} (100%)
 create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch
 create mode 100644 meta/recipes-support/curl/curl/environment.d-curl.sh

[scarthgap,00/15] Patch review

Pull-request

Message