[kirkstone,00/24] Patch review

Message ID	cover.1760038088.git.steve@sakoman.com
State	Not Applicable, archived
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.180, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 00/24] Patch review Date: Thu, 9 Oct 2025 12:30:44 -0700 Message-ID: <cover.1760038088.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1760038088.git.steve@sakoman.com

State

Not Applicable, archived

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/24] Patch review
Date: Thu,  9 Oct 2025 12:30:44 -0700
Message-ID: <cover.1760038088.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman Oct. 9, 2025, 7:30 p.m. UTC

Please review this set of changes for kirkstone and have comments back by
end of day Monday, October 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2552

The following changes since commit 2285f30e643f52511c328e4f6e1f0c042bea4110:

  libhandy: update git branch name (2025-09-30 06:42:16 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.30

Archana Polampalli (2):
  go: fix CVE-2025-47906
  openssl: upgrade 3.0.17 -> 3.0.18

AshishKumar Mishra (2):
  systemd: backport fix for handle USE_NLS from master
  p11-kit: backport fix for handle USE_NLS from master

Deepesh Varatharajan (1):
  glibc: stable 2.35 branch updates

Gyorgy Sarvari (1):
  conf/bitbake.conf: use gnu mirror instead of main server

Peter Marko (10):
  busybox: patch CVE-2025-46394
  gstreamer1.0: ignore CVEs fixed in plugins
  gstreamer1.0: ignore CVE-2025-2759
  grub: ignore CVE-2024-2312
  ghostscript: patch CVE-2025-59798
  ghostscript: patch CVE-2025-59799
  ghostscript: patch CVE-2025-59800
  pulseaudio: ignore CVE-2024-11586
  ffmpeg: ignore CVE-2023-6603
  ffmpeg: mark CVE-2023-6601 as patched

Steve Sakoman (2):
  selftest/cases/meta_ide.py: use use gnu mirror instead of main server
  oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

Theo GAIGE (1):
  libxml2: fix CVE-2025-9714

Vijay Anusuri (4):
  gstreamer1.0-plugins-bad: Fix CVE-2025-3887
  libxslt: Patch for CVE-2025-7424
  tiff: Fix CVE-2025-8961
  tiff: Fix CVE-2025-9165

 meta/conf/bitbake.conf                        |   2 +-
 meta/lib/oeqa/sdk/cases/buildcpio.py          |   2 +-
 meta/lib/oeqa/selftest/cases/meta_ide.py      |   2 +-
 meta/recipes-bsp/grub/grub2.inc               |   2 +
 .../{openssl_3.0.17.bb => openssl_3.0.18.bb}  |   2 +-
 .../busybox/busybox/CVE-2025-46394-01.patch   |  57 ++++++
 .../busybox/busybox/CVE-2025-46394-02.patch   |  32 ++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   2 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../libxml/libxml2/CVE-2025-9714.patch        | 117 ++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   1 +
 meta/recipes-core/systemd/systemd_250.14.bb   |   1 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.21/CVE-2025-47906.patch           | 171 ++++++++++++++++++
 .../ghostscript/CVE-2025-59798.patch          | 134 ++++++++++++++
 .../ghostscript/CVE-2025-59799.patch          |  41 +++++
 .../ghostscript/CVE-2025-59800.patch          |  36 ++++
 .../ghostscript/ghostscript_9.55.0.bb         |   3 +
 ...602-CVE-2023-6604-CVE-2023-6605-0002.patch |   2 +-
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb |   4 +
 .../CVE-2025-3887-1.patch                     |  50 +++++
 .../CVE-2025-3887-2.patch                     |  93 ++++++++++
 .../gstreamer1.0-plugins-bad_1.20.7.bb        |   2 +
 .../gstreamer/gstreamer1.0_1.20.7.bb          |  15 +-
 .../libtiff/tiff/CVE-2025-8961.patch          |  74 ++++++++
 .../libtiff/tiff/CVE-2025-9165.patch          |  32 ++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   2 +
 .../pulseaudio/pulseaudio.inc                 |   3 +
 .../libxslt/libxslt/CVE-2025-7424.patch       | 105 +++++++++++
 .../recipes-support/libxslt/libxslt_1.1.35.bb |   1 +
 .../recipes-support/p11-kit/p11-kit_0.24.1.bb |   1 +
 scripts/install-buildtools                    |   4 +-
 32 files changed, 985 insertions(+), 11 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} (99%)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-9714.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47906.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8961.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-7424.patch

[kirkstone,00/24] Patch review

Pull-request

Message