[kirkstone,00/38] Patch review

Please review this set of changes for kirkstone and have comments back by end of day Thursday, February 26. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3274 The following changes since commit e2994ca0076ec99038790e7a40936236a5078135: build-appliance-image: Update to kirkstone head revision (2026-01-26 18:54:26 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut for you to fetch changes up to fd883ff6432946d23d923a9be1cd2cb1f001c732: u-boot: move CVE patch out of u-boot-common.inc (2026-02-23 23:57:02 +0100) ---------------------------------------------------------------- Aleksandar Nikolic (1): scripts/install-buildtools: Update to 4.0.32 Amaury Couderc (2): avahi: patch CVE-2025-68468 avahi: patch CVE-2025-68471 Ankur Tyagi (2): avahi: patch CVE-2025-68276 avahi: patch CVE-2026-24401 Bruce Ashfield (5): linux-yocto/5.15: update to v5.15.195 linux-yocto/5.15: update to v5.15.196 linux-yocto/5.15: update to v5.15.197 linux-yocto/5.15: update to v5.15.198 linux-yocto/5.15: update to v5.15.199 Fabio Berton (1): classes/buildhistory: Do not sign buildhistory commits Hugo SIMELIERE (1): libtasn1: Fix CVE-2025-13151 Peter Marko (20): zlib: ignore CVE-2026-22184 python3: patch CVE-2025-13837 python3: patch CVE-2025-12084 libxml2: patch CVE-2026-0990 libxml2: patch CVE-2026-0992 libxml2: add follow-up patch for CVE-2026-0992 expat: patch CVE-2026-24515 expat: patch CVE-2026-25210 inetutils: patch CVE-2026-24061 libpng: patch CVE-2026-22695 libpng: patch CVE-2026-22801 libpng: patch CVE-2026-25646 glib-2.0: patch CVE-2026-0988 glib-2.0: patch CVE-2026-1484 glib-2.0: patch CVE-2026-1485 glib-2.0: patch CVE-2026-1489 ffmpeg: set status of CVE-2025-25468 and CVE-2025-25469 vim: ignore CVE-2025-66476 harfbuzz: ignore CVE-2026-22693 glibc: stable 2.35 branch updates Richard Purdie (2): pseudo: Update to 1.9.3 release pseudo: Update to include an openat2 fix Scott Murray (1): u-boot: move CVE patch out of u-boot-common.inc Vijay Anusuri (2): openssl: upgrade 3.0.18 -> 3.0.19 bind: Upgrade 9.18.41 -> 9.18.44 Yoann Congal (1): pseudo: Update to include a fix for systems with kernel <5.6 meta/classes/buildhistory.bbclass | 2 +- meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +- meta/recipes-bsp/u-boot/u-boot_2022.01.bb | 1 + meta/recipes-connectivity/avahi/avahi_0.8.bb | 4 + .../avahi/files/CVE-2025-68276.patch | 65 ++++ .../avahi/files/CVE-2025-68468.patch | 32 ++ .../avahi/files/CVE-2025-68471.patch | 36 ++ .../avahi/files/CVE-2026-24401.patch | 74 ++++ .../bind/{bind_9.18.41.bb => bind_9.18.44.bb} | 2 +- .../inetutils/CVE-2026-24061-01.patch | 38 ++ .../inetutils/CVE-2026-24061-02.patch | 82 +++++ .../inetutils/inetutils_2.2.bb | 2 + .../openssl/openssl/CVE-2023-50781-1.patch | 46 ++- .../openssl/openssl/CVE-2023-50781-2.patch | 112 +++--- .../openssl/openssl/CVE-2023-50781-3.patch | 16 +- .../{openssl_3.0.18.bb => openssl_3.0.19.bb} | 2 +- .../expat/expat/CVE-2026-24515.patch | 43 +++ .../expat/expat/CVE-2026-25210-01.patch | 27 ++ .../expat/expat/CVE-2026-25210-02.patch | 37 ++ .../expat/expat/CVE-2026-25210-03.patch | 28 ++ meta/recipes-core/expat/expat_2.5.0.bb | 4 + .../glib-2.0/glib-2.0/CVE-2026-0988.patch | 58 ++++ .../glib-2.0/glib-2.0/CVE-2026-1484-01.patch | 48 +++ .../glib-2.0/glib-2.0/CVE-2026-1484-02.patch | 45 +++ .../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +++ .../glib-2.0/glib-2.0/CVE-2026-1489-01.patch | 42 +++ .../glib-2.0/glib-2.0/CVE-2026-1489-02.patch | 30 ++ .../glib-2.0/glib-2.0/CVE-2026-1489-03.patch | 290 ++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2026-1489-04.patch | 68 ++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 8 + meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.35.bb | 3 +- .../libxml/libxml2/CVE-2026-0990.patch | 76 ++++ .../libxml/libxml2/CVE-2026-0992-01.patch | 49 +++ .../libxml/libxml2/CVE-2026-0992-02.patch | 325 ++++++++++++++++++ .../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++ meta/recipes-core/libxml/libxml2_2.9.14.bb | 4 + meta/recipes-core/zlib/zlib_1.2.11.bb | 2 + meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +- .../python/python3/CVE-2025-12084.patch | 171 +++++++++ .../python/python3/CVE-2025-13837.patch | 162 +++++++++ .../python/python3_3.10.19.bb | 2 + .../harfbuzz/harfbuzz_4.0.1.bb | 3 + .../linux/linux-yocto-rt_5.15.bb | 6 +- .../linux/linux-yocto-tiny_5.15.bb | 6 +- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- .../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 + .../libpng/files/CVE-2026-22695.patch | 77 +++++ .../libpng/files/CVE-2026-22801.patch | 164 +++++++++ .../libpng/files/CVE-2026-25646.patch | 61 ++++ .../libpng/libpng_1.6.39.bb | 3 + .../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++ .../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 + meta/recipes-support/vim/vim_9.1.bb | 3 + scripts/install-buildtools | 4 +- 55 files changed, 2391 insertions(+), 121 deletions(-) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68276.patch create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68468.patch create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-24401.patch rename meta/recipes-connectivity/bind/{bind_9.18.41.bb => bind_9.18.44.bb} (97%) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch rename meta/recipes-connectivity/openssl/{openssl_3.0.18.bb => openssl_3.0.19.bb} (99%) create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-01.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-02.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1484-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1489-04.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-25646.patch create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch

Message ID	cover.1771942869.git.yoann.congal@smile.fr
State	Not Applicable, archived
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 00/38] Patch review Date: Tue, 24 Feb 2026 15:23:52 +0100 Message-ID: <cover.1771942869.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

[kirkstone,00/38] Patch review

Pull-request

Message