| Message ID | cover.1772923420.git.yoann.congal@smile.fr |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
On Sat, 2026-03-07 at 23:52 +0100, Yoann Congal via lists.openembedded.org wrote: > Note: this series contains a major OpenSSL upgrade (agreed by YP TSC). > > Please review this set of changes for scarthgap and have comments back by > end of day Tuesday, March 10. > > Passed a-full on autobuilder: > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3349 > (Ignore the warning about Centos Stream9, its support is a work in progress for scarthgap) > > I also did a full meta-oe build (to check for build failure with the > OpenSSL upgrade) > https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1342 > (the warnings are unrelated to this series) > > The following changes since commit a9a785d7fa0cfe2a9087dbcde0ef9f0d2a441375: > > build-appliance-image: Update to scarthgap head revision (2026-02-27 17:45:15 +0000) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut > > for you to fetch changes up to fd8a140eb0742bbc12a23e36c9d24378bc0f462d: > > busybox: Fixes CVE-2025-60876 (2026-03-06 23:58:42 +0100) > > ---------------------------------------------------------------- > > Hugo SIMELIERE (2): > zlib: Fix CVE-2026-27171 > harfbuzz: Fix CVE-2026-22693 > > Livin Sunny (1): > busybox: Fixes CVE-2025-60876 > > Paul Barker (1): > create-pull-request: Keep commit hash to be pulled in cover email > > Peter Marko (3): > ffmpeg: set status for CVE-2025-10256 > ffmpeg: set status for CVE-2025-12343 > openssl: upgrade 3.2.6 -> 3.5.5 > > Shaik Moin (1): > gdk-pixbuf: Fix CVE-2025-6199 > > Tom Hochstein (1): > uboot-config: Fix devtool modify > > Yoann Congal (2): > scripts/install-buildtools: Update to 5.0.16 > README: Add scarthgap subject-prefix to git-send-email suggestion Hi Yoann, We need to make sure that the openssl update is clearly announced in the weekly status and the release notes for 5.0.17. Otherwise, all LGTM! Best regards,
Note: this series contains a major OpenSSL upgrade (agreed by YP TSC). Please review this set of changes for scarthgap and have comments back by end of day Tuesday, March 10. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3349 (Ignore the warning about Centos Stream9, its support is a work in progress for scarthgap) I also did a full meta-oe build (to check for build failure with the OpenSSL upgrade) https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1342 (the warnings are unrelated to this series) The following changes since commit a9a785d7fa0cfe2a9087dbcde0ef9f0d2a441375: build-appliance-image: Update to scarthgap head revision (2026-02-27 17:45:15 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut for you to fetch changes up to fd8a140eb0742bbc12a23e36c9d24378bc0f462d: busybox: Fixes CVE-2025-60876 (2026-03-06 23:58:42 +0100) ---------------------------------------------------------------- Hugo SIMELIERE (2): zlib: Fix CVE-2026-27171 harfbuzz: Fix CVE-2026-22693 Livin Sunny (1): busybox: Fixes CVE-2025-60876 Paul Barker (1): create-pull-request: Keep commit hash to be pulled in cover email Peter Marko (3): ffmpeg: set status for CVE-2025-10256 ffmpeg: set status for CVE-2025-12343 openssl: upgrade 3.2.6 -> 3.5.5 Shaik Moin (1): gdk-pixbuf: Fix CVE-2025-6199 Tom Hochstein (1): uboot-config: Fix devtool modify Yoann Congal (2): scripts/install-buildtools: Update to 5.0.16 README: Add scarthgap subject-prefix to git-send-email suggestion README.OE-Core.md | 2 +- meta/classes-recipe/uboot-config.bbclass | 2 +- .../openssl/files/environment.d-openssl.sh | 9 ++- ...ke-history-reporting-when-test-fails.patch | 32 ++++---- ...1-Configure-do-not-tweak-mips-cflags.patch | 4 +- ...sysroot-and-debug-prefix-map-from-co.patch | 26 ++++--- .../0001-extend-check_cwm-test-timeout.patch | 32 ++++++++ .../openssl/openssl/CVE-2024-41996.patch | 44 ----------- .../openssl/openssl/CVE-2025-15468.patch | 39 ---------- .../openssl/openssl/CVE-2025-69419.patch | 61 --------------- .../{openssl_3.2.6.bb => openssl_3.5.5.bb} | 75 ++++++++++++------- .../busybox/busybox/CVE-2025-60876.patch | 42 +++++++++++ meta/recipes-core/busybox/busybox_1.36.1.bb | 1 + .../zlib/zlib/CVE-2026-27171.patch | 63 ++++++++++++++++ meta/recipes-core/zlib/zlib_1.3.1.bb | 1 + .../gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch | 36 +++++++++ .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 + .../harfbuzz/files/CVE-2026-22693.patch | 33 ++++++++ .../harfbuzz/harfbuzz_8.3.0.bb | 4 +- .../recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 +- scripts/create-pull-request | 2 +- scripts/install-buildtools | 4 +- 22 files changed, 305 insertions(+), 210 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch rename meta/recipes-connectivity/openssl/{openssl_3.2.6.bb => openssl_3.5.5.bb} (76%) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-60876.patch create mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch create mode 100644 meta/recipes-graphics/harfbuzz/files/CVE-2026-22693.patch