[kirkstone,00/10] Patch review

Message ID	cover.1766525021.git.steve@sakoman.com
State	Not Applicable, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.179, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 00/10] Patch review Date: Tue, 23 Dec 2025 13:25:51 -0800 Message-ID: <cover.1766525021.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1766525021.git.steve@sakoman.com

State

Not Applicable, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/10] Patch review
Date: Tue, 23 Dec 2025 13:25:51 -0800
Message-ID: <cover.1766525021.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman Dec. 23, 2025, 9:25 p.m. UTC

Please review this set of hcanges for kirkstone and have comments back by
end of day Tuesday, December 30

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/2920

The following changes since commit 2ed3f8b938579dbbb804e04c45a968cc57761db7:

  build-appliance-image: Update to kirkstone head revision (2025-12-12 08:52:06 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.31

Changqing Li (1):
  libsoup: fix CVE-2025-12105

Deepesh Varatharajan (1):
  binutils: Fix CVE-2025-11494

Kai Kang (1):
  qemu: fix CVE-2025-12464

Libo Chen (1):
  go: Fix CVE-2023-39323

Liyin Zhang (1):
  rsync: fix CVE-2025-10158

Martin Jansa (1):
  cross.bbclass: Propagate dependencies to outhash

Mingli Yu (1):
  libxslt: Fix CVE-2025-11731

Yash Shinde (2):
  binutils: fix CVE-2025-11839
  binutils: fix CVE-2025-11840

 meta/classes/cross.bbclass                    | 36 ++++++++++
 .../binutils/binutils-2.38.inc                |  3 +
 .../binutils/0048-CVE-2025-11494.patch        | 43 ++++++++++++
 .../binutils/0049-CVE-2025-11839.patch        | 32 +++++++++
 .../binutils/0050-CVE-2025-11840.patch        | 37 ++++++++++
 meta/recipes-devtools/go/go-1.17.13.inc       |  1 +
 .../go/go-1.21/CVE-2023-39323.patch           | 55 +++++++++++++++
 meta/recipes-devtools/qemu/qemu.inc           |  1 +
 .../qemu/qemu/CVE-2025-12464.patch            | 70 +++++++++++++++++++
 .../rsync/files/CVE-2025-10158.patch          | 36 ++++++++++
 meta/recipes-devtools/rsync/rsync_3.2.7.bb    |  1 +
 .../libsoup/libsoup/CVE-2025-12105.patch      | 34 +++++++++
 meta/recipes-support/libsoup/libsoup_3.0.7.bb |  1 +
 .../libxslt/libxslt/CVE-2025-11731.patch      | 42 +++++++++++
 .../recipes-support/libxslt/libxslt_1.1.35.bb |  1 +
 scripts/install-buildtools                    |  4 +-
 16 files changed, 395 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0049-CVE-2025-11839.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0050-CVE-2025-11840.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-39323.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2025-10158.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-12105.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch

[kirkstone,00/10] Patch review

Pull-request

Message