[scarthgap,0/5] Patch review

Message ID	cover.1767049440.git.steve@sakoman.com
State	Not Applicable, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 0/5] Patch review Date: Mon, 29 Dec 2025 15:07:34 -0800 Message-ID: <cover.1767049440.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1767049440.git.steve@sakoman.com

State

Not Applicable, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 0/5] Patch review
Date: Mon, 29 Dec 2025 15:07:34 -0800
Message-ID: <cover.1767049440.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Steve Sakoman Dec. 29, 2025, 11:07 p.m. UTC

Please review this set of changes for scarthgap and have commments back by
end of day Wednesday, December 31

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2954

The following changes since commit dccb7a185fe58a97f33e219b4db283ff4a2071d7:

  cross.bbclass: Propagate dependencies to outhash (2025-12-23 06:28:05 -0800)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Changqing Li (1):
  libsoup: fix CVE-2025-12105

Jiaying Song (1):
  grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663
    CVE-2025-61664

Vijay Anusuri (3):
  go: Update CVE-2025-58187
  go: Fix CVE-2025-61727
  go: Fix CVE-2025-61729

 .../grub/files/CVE-2025-54770.patch           |  41 ++
 .../grub/files/CVE-2025-61661.patch           |  40 ++
 .../grub/files/CVE-2025-61662.patch           |  72 +++
 .../grub/files/CVE-2025-61663_61664.patch     |  64 +++
 meta/recipes-bsp/grub/grub2.inc               |   4 +
 meta/recipes-devtools/go/go-1.22.12.inc       |   5 +-
 ...025-58187.patch => CVE-2025-58187-1.patch} |   0
 .../go/go/CVE-2025-58187-2.patch              | 516 ++++++++++++++++++
 .../go/go/CVE-2025-61727.patch                | 226 ++++++++
 .../go/go/CVE-2025-61729.patch                | 174 ++++++
 .../libsoup-3.4.4/CVE-2025-12105.patch        |  34 ++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   1 +
 12 files changed, 1176 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
 rename meta/recipes-devtools/go/go/{CVE-2025-58187.patch => CVE-2025-58187-1.patch} (100%)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-58187-2.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61727.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2025-61729.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-12105.patch

[scarthgap,0/5] Patch review

Pull-request

Message