[scarthgap,0/7] Patch review

Message ID	cover.1765553842.git.steve@sakoman.com
State	Not Applicable, archived
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.51, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 0/7] Patch review Date: Fri, 12 Dec 2025 07:39:53 -0800 Message-ID: <cover.1765553842.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1765553842.git.steve@sakoman.com

State

Not Applicable, archived

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 0/7] Patch review
Date: Fri, 12 Dec 2025 07:39:53 -0800
Message-ID: <cover.1765553842.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman Dec. 12, 2025, 3:39 p.m. UTC

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, December 16

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2849

The following changes since commit ef198b0c6063ede32cb93fe44eb89937c076a073:

  curl: Ensure 'CURL_CA_BUNDLE' from host env is indeed respected (2025-12-05 07:08:31 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Daniel Turull (1):
  classes/create-spdx-2.2: Define SPDX_VERSION to 2.2

Hitendra Prajapati (1):
  libxml2: Security fix for CVE-2025-7425

Peter Marko (3):
  libpng: patch CVE-2025-66293
  libmicrohttpd: disable experimental code by default
  Revert "lib/oe/go: document map_arch, and raise an error on unknown
    architecture"

Vijay Anusuri (2):
  libssh2: upgrade 1.11.0 -> 1.11.1
  libssh2: fix regression in KEX method validation (GH-1553)

 meta/classes/create-spdx-2.2.bbclass          |   2 +
 meta/lib/oe/go.py                             |   6 +-
 .../libxml/libxml2/CVE-2025-7425.patch        | 802 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |   1 +
 .../libpng/files/CVE-2025-66293-01.patch      |  60 ++
 .../libpng/files/CVE-2025-66293-02.patch      | 125 +++
 .../libpng/libpng_1.6.42.bb                   |   2 +
 .../libmicrohttpd/libmicrohttpd_1.0.1.bb      |   4 +
 ...rror-if-user-KEX-methods-are-invalid.patch |  73 ++
 .../libssh2/libssh2/CVE-2023-48795.patch      | 466 ----------
 .../{libssh2_1.11.0.bb => libssh2_1.11.1.bb}  |   6 +-
 11 files changed, 1073 insertions(+), 474 deletions(-)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-7425.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-66293-01.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-66293-02.patch
 create mode 100644 meta/recipes-support/libssh2/libssh2/0001-Return-error-if-user-KEX-methods-are-invalid.patch
 delete mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2023-48795.patch
 rename meta/recipes-support/libssh2/{libssh2_1.11.0.bb => libssh2_1.11.1.bb} (87%)

[scarthgap,0/7] Patch review

Pull-request

Message