[scarthgap,00/18] Patch review

Message ID	cover.1766524798.git.steve@sakoman.com
State	Not Applicable, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.177, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 00/18] Patch review Date: Tue, 23 Dec 2025 13:22:06 -0800 Message-ID: <cover.1766524798.git.steve@sakoman.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit

Message ID

cover.1766524798.git.steve@sakoman.com

State

Not Applicable, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 00/18] Patch review
Date: Tue, 23 Dec 2025 13:22:06 -0800
Message-ID: <cover.1766524798.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman Dec. 23, 2025, 9:22 p.m. UTC

Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, December 30

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2919

The following changes since commit 2b3d2b671a149cbeea2bdc9ba42192da2015c3b7:

  Revert "lib/oe/go: document map_arch, and raise an error on unknown architecture" (2025-12-11 13:41:59 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adarsh Jagadish Kamini (1):
  rsync: fix CVE-2025-10158

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 5.0.14

Daniel Turull (1):
  cmake-native: fix CVE-2025-9301

Deepak Rathore (2):
  cups 2.4.11: Fix CVE-2025-58436
  cups 2.4.11: Fix CVE-2025-61915

Deepesh Varatharajan (1):
  binutils: Fix CVE-2025-11494

Enrico Jörns (1):
  cml1.bbclass: use consistent make flags for menuconfig

Jiaying Song (1):
  python3-urllib3: fix CVE-2025-66418 CVE-2025-66471

Kai Kang (1):
  qemu: fix CVE-2025-12464

Kamel Bouhara (Schneider Electric) (3):
  kernel.bbclass: Add task to export kernel configuration to SPDX
  spdx30_tasks: Add support for exporting PACKAGECONFIG to SPDX
  oeqa/selftest: oe-selftest: Add SPDX tests for kernel config and
    PACKAGECONFIG

Martin Jansa (1):
  cross.bbclass: Propagate dependencies to outhash

Mingli Yu (2):
  libxslt: Fix CVE-2025-11731
  ruby: Upgrade 3.3.5 -> 3.3.10

Moritz Haase (1):
  curl: Use host CA bundle by default for native(sdk) builds

Yash Shinde (2):
  binutils: fix CVE-2025-11839
  binutils: fix CVE-2025-11840

 meta/classes-recipe/cml1.bbclass              |   2 +-
 meta/classes-recipe/cross.bbclass             |  36 +
 meta/classes-recipe/kernel.bbclass            |  67 +-
 meta/classes/create-spdx-3.0.bbclass          |  11 +
 meta/lib/oe/spdx30_tasks.py                   |  20 +
 meta/lib/oeqa/selftest/cases/spdx.py          |  57 ++
 .../binutils/binutils-2.42.inc                |   3 +
 .../binutils/0028-CVE-2025-11494.patch        |  43 ++
 .../binutils/0029-CVE-2025-11839.patch        |  32 +
 .../binutils/0030-CVE-2025-11840.patch        |  37 +
 .../cmake/cmake-native_3.28.3.bb              |   1 +
 .../python3-urllib3/CVE-2025-66418.patch      |  80 +++
 .../python3-urllib3/CVE-2025-66471.patch      | 585 ++++++++++++++++
 .../python/python3-urllib3_2.2.2.bb           |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2025-12464.patch            |  70 ++
 .../rsync/files/CVE-2025-10158.patch          |  36 +
 meta/recipes-devtools/rsync/rsync_3.2.7.bb    |   1 +
 .../ruby/ruby/CVE-2025-27219.patch            |  31 -
 .../ruby/ruby/CVE-2025-27220.patch            |  78 ---
 .../ruby/ruby/CVE-2025-27221-0001.patch       |  57 --
 .../ruby/ruby/CVE-2025-27221-0002.patch       |  73 --
 .../ruby/{ruby_3.3.5.bb => ruby_3.3.10.bb}    |   6 +-
 meta/recipes-extended/cups/cups.inc           |   2 +
 .../cups/cups/CVE-2025-58436.patch            | 635 ++++++++++++++++++
 .../cups/cups/CVE-2025-61915.patch            | 491 ++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  11 +-
 .../libxslt/files/CVE-2025-11731.patch        |  42 ++
 .../recipes-support/libxslt/libxslt_1.1.43.bb |   3 +-
 scripts/install-buildtools                    |   4 +-
 30 files changed, 2263 insertions(+), 254 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0028-CVE-2025-11494.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0029-CVE-2025-11839.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0030-CVE-2025-11840.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2025-10158.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27219.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27220.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0001.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2025-27221-0002.patch
 rename meta/recipes-devtools/ruby/{ruby_3.3.5.bb => ruby_3.3.10.bb} (95%)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch
 create mode 100644 meta/recipes-support/libxslt/files/CVE-2025-11731.patch

[scarthgap,00/18] Patch review

Pull-request

Message