[scarthgap,00/33] Patch review

Please review this set of changes for scarthgap and have comments back by end of day Friday, August 29 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2277 The following changes since commit 93c7489d843a0e46fe4fc685b356d0ae885300d7: build-appliance-image: Update to scarthgap head revision (2025-08-22 06:02:51 -0700) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut Archana Polampalli (3): go: fix CVE-2025-4674 ffmpeg: upgrade 6.1.2 -> 6.1.3 ffmpeg: fix CVE-2025-1594 Hitendra Prajapati (1): gstreamer1.0-plugins-base: fix CVE-2025-47807 Jiaying Song (1): ruby-ptest : some ptest fixes Khem Raj (9): ncurses: Pin to C17 standard unzip: Fix build with GCC-15 m4: Stick to C17 standard gmp: Fix build with GCC15/C23 gmp: Fix build with older gcc versions gdbm: Use C11 standard unifdef: Don't use C23 constexpr keyword libtirpc: Fix build with gcc-15/C23 cpio: Pin to use C17 std Martin Jansa (8): cmake: fix build with gcc-15 on host git: fix build with gcc-15 on host pkgconfig: fix build with gcc-15 libgpg-error: fix build with gcc-15 rust-llvm: fix build with gcc-15 elfutils: fix build with gcc-15 binutils: fix build with gcc-15 dbus-glib: fix build with gcc-15 Michael Halstead (2): yocto-uninative: Update to 4.8 for GCC 15.1 yocto-uninative: Update to 4.9 for glibc 2.42 Peter Marko (8): qemu: set status of CVE-2024-7730 to fixed go-binary-native: ignore CVE-2025-0913 glib-2.0: patch CVE-2025-7039 glib-2.0: patch CVE-2025-6052 dpkg: patch CVE-2025-6297 libarchive: patch regression of patch for CVE-2025-5918 vim: upgrade 9.1.1198 -> 9.1.1652 sudo: remove devtool FIXME comment Praveen Kumar (1): go: fix CVE-2025-47907 meta/conf/distro/include/yocto-uninative.inc | 10 +- .../dbus-glib/fix-build-with-gcc-15.patch | 37 + meta/recipes-core/dbus/dbus-glib_0.112.bb | 1 + .../glib-2.0/glib-2.0/CVE-2025-6052-01.patch | 69 ++ .../glib-2.0/glib-2.0/CVE-2025-6052-02.patch | 97 +++ .../glib-2.0/glib-2.0/CVE-2025-6052-03.patch | 35 + .../glib-2.0/glib-2.0/CVE-2025-7039.patch | 43 + meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 4 + meta/recipes-core/ncurses/ncurses.inc | 4 + .../binutils/binutils-2.42.inc | 4 + ...nu23-compatibility-wrt-static_assert.patch | 89 ++ ...ngs-when-building-gprofng-with-Clang.patch | 767 ++++++++++++++++++ ...gnu23-compatibility-wrt-unprototyped.patch | 606 ++++++++++++++ ...021-gprofng-fix-build-with-std-gnu23.patch | 196 +++++ meta/recipes-devtools/cmake/cmake.inc | 1 + .../0001-cppdap-fix-build-with-gcc-15.patch | 30 + .../dpkg/dpkg/CVE-2025-6297.patch | 125 +++ meta/recipes-devtools/dpkg/dpkg_1.22.0.bb | 1 + .../elfutils/elfutils_0.191.bb | 1 + .../files/0007-Fix-build-with-gcc-15.patch | 72 ++ ...ndex-pack-rename-struct-thread_local.patch | 67 ++ .../git/0001-reflog-rename-unreachable.patch | 40 + meta/recipes-devtools/git/git_2.44.4.bb | 2 + meta/recipes-devtools/go/go-1.22.12.inc | 3 + .../go/go-binary-native_1.22.12.bb | 1 + .../go/go/CVE-2025-4674.patch | 332 ++++++++ .../go/go/CVE-2025-47907-pre.patch | 233 ++++++ .../go/go/CVE-2025-47907.patch | 328 ++++++++ meta/recipes-devtools/m4/m4-1.4.19.inc | 3 + ...0001-Do-not-use-bool-as-a-field-name.patch | 36 + .../pkgconfig/pkgconfig_git.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 2 + ..._rm_r_no_permissions-test-under-root.patch | 30 + meta/recipes-devtools/ruby/ruby/run-ptest | 2 +- meta/recipes-devtools/ruby/ruby_3.3.5.bb | 7 +- ...36-Add-cstdint-to-SmallVector-101761.patch | 28 + ...cstdint-in-AMDGPUMCTargetDesc-101766.patch | 23 + ...-include-to-X86MCTargetDesc.h-123320.patch | 32 + .../recipes-devtools/rust/rust-llvm_1.75.0.bb | 8 +- ...0001-Don-t-use-C23-constexpr-keyword.patch | 57 ++ meta/recipes-devtools/unifdef/unifdef_2.12.bb | 3 +- meta/recipes-extended/cpio/cpio_2.15.bb | 3 + .../libarchive/CVE-2025-5918-0003.patch | 51 ++ .../libarchive/libarchive_3.7.9.bb | 1 + ...rations-to-allow-compile-with-gcc-15.patch | 64 ++ ...d-key_call-declarations-to-allow-com.patch | 60 ++ .../libtirpc/libtirpc_1.3.4.bb | 2 + meta/recipes-extended/sudo/sudo_1.9.17p1.bb | 52 -- meta/recipes-extended/unzip/unzip/gcc15.patch | 18 + meta/recipes-extended/unzip/unzip_6.0.bb | 1 + .../ffmpeg/ffmpeg/CVE-2023-49501.patch | 30 - .../ffmpeg/ffmpeg/CVE-2023-49502.patch | 107 --- .../ffmpeg/ffmpeg/CVE-2023-50007.patch | 78 -- .../ffmpeg/ffmpeg/CVE-2023-50008.patch | 29 - .../ffmpeg/ffmpeg/CVE-2024-31578.patch | 49 -- .../ffmpeg/ffmpeg/CVE-2024-31582.patch | 34 - .../ffmpeg/ffmpeg/CVE-2024-35367.patch | 47 -- .../ffmpeg/ffmpeg/CVE-2024-35368.patch | 41 - .../ffmpeg/ffmpeg/CVE-2025-0518.patch | 34 - .../ffmpeg/ffmpeg/CVE-2025-1594.patch | 105 +++ .../ffmpeg/ffmpeg/CVE-2025-22919.patch | 39 - .../{ffmpeg_6.1.2.bb => ffmpeg_6.1.3.bb} | 13 +- .../CVE-2025-47807.patch | 49 ++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + meta/recipes-support/gdbm/gdbm_1.23.bb | 4 + ...n-prototype-in-acinclude.m4-for-C23-.patch | 25 + ...d-parameter-names-in-prototype-for-g.patch | 50 ++ meta/recipes-support/gmp/gmp_6.3.0.bb | 2 + ...oid-use-of-nullptr-for-an-identifier.patch | 52 ++ .../libgpg-error/libgpg-error_1.48.bb | 1 + ...src-Makefile-improve-reproducibility.patch | 10 +- .../vim/files/disable_acl_header_check.patch | 12 +- .../vim/files/no-path-adjust.patch | 2 +- meta/recipes-support/vim/vim.inc | 7 +- 74 files changed, 3926 insertions(+), 577 deletions(-) create mode 100644 meta/recipes-core/dbus/dbus-glib/fix-build-with-gcc-15.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-6052-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-6052-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-6052-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-7039.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0018-opcodes-fix-std-gnu23-compatibility-wrt-static_assert.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0019-Fix-32097-Warnings-when-building-gprofng-with-Clang.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0020-gprofng-fix-std-gnu23-compatibility-wrt-unprototyped.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0021-gprofng-fix-build-with-std-gnu23.patch create mode 100644 meta/recipes-devtools/cmake/cmake/0001-cppdap-fix-build-with-gcc-15.patch create mode 100644 meta/recipes-devtools/dpkg/dpkg/CVE-2025-6297.patch create mode 100644 meta/recipes-devtools/elfutils/files/0007-Fix-build-with-gcc-15.patch create mode 100644 meta/recipes-devtools/git/git/0001-index-pack-rename-struct-thread_local.patch create mode 100644 meta/recipes-devtools/git/git/0001-reflog-rename-unreachable.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2025-4674.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47907-pre.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2025-47907.patch create mode 100644 meta/recipes-devtools/pkgconfig/pkgconfig/0001-Do-not-use-bool-as-a-field-name.patch create mode 100644 meta/recipes-devtools/ruby/ruby/0007-Skip-test_rm_r_no_permissions-test-under-root.patch create mode 100644 meta/recipes-devtools/rust/rust-llvm/0036-Add-cstdint-to-SmallVector-101761.patch create mode 100644 meta/recipes-devtools/rust/rust-llvm/0037-Include-cstdint-in-AMDGPUMCTargetDesc-101766.patch create mode 100644 meta/recipes-devtools/rust/rust-llvm/0038-Add-missing-include-to-X86MCTargetDesc.h-123320.patch create mode 100644 meta/recipes-devtools/unifdef/unifdef/0001-Don-t-use-C23-constexpr-keyword.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-0003.patch create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Update-declarations-to-allow-compile-with-gcc-15.patch create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0002-update-signal-and-key_call-declarations-to-allow-com.patch create mode 100644 meta/recipes-extended/unzip/unzip/gcc15.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-1594.patch delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch rename meta/recipes-multimedia/ffmpeg/{ffmpeg_6.1.2.bb => ffmpeg_6.1.3.bb} (95%) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch create mode 100644 meta/recipes-support/gmp/gmp/0001-Complete-function-prototype-in-acinclude.m4-for-C23-.patch create mode 100644 meta/recipes-support/gmp/gmp/0001-acinclude.m4-Add-parameter-names-in-prototype-for-g.patch create mode 100644 meta/recipes-support/libgpg-error/libgpg-error/0001-Avoid-use-of-nullptr-for-an-identifier.patch

Message ID	cover.1756329972.git.steve@sakoman.com
State	Not Applicable, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.174, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 00/33] Patch review Date: Wed, 27 Aug 2025 14:29:07 -0700 Message-ID: <cover.1756329972.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

[scarthgap,00/33] Patch review

Pull-request

Message