mbox

[whinlatter,00/16] Pull request (cover letter only)

Message ID cover.1773140572.git.yoann.congal@smile.fr
State Not Applicable, archived
Headers show

Pull-request

https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next

Message

Yoann Congal March 10, 2026, 11:05 a.m. UTC 
Those are the patches from the last patch review:
https://lore.kernel.org/openembedded-core/cover.1772780989.git.yoann.congal@smile.fr/#r

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3341

The following changes since commit 45cba1329d541fdc5857d6df2624b34c91133f7a:

  build-appliance-image: Update to whinlatter head revisions (2026-02-27 17:46:44 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next

for you to fetch changes up to cfc0e446a1ad57e710d2c82914211f9bcdc4a752:

  python3-urllib3: patch CVE-2025-66471 (2026-03-06 00:48:43 +0100)

----------------------------------------------------------------

Adarsh Jagadish Kamini (1):
  python3-pip: Backport fix CVE-2026-1703

Ankur Tyagi (1):
  wireless-regdb: upgrade 2025.10.07 -> 2026.02.04

Antonin Godard (1):
  python3: skip flaky test_default_timeout test

Benjamin Robin (Schneider Electric) (2):
  avahi: Remove a reference to the rejected CVE-2021-36217
  lz4: Remove a reference to the rejected CVE-2025-62813

Hugo SIMELIERE (2):
  zlib: Fix CVE-2026-27171
  harfbuzz: Fix CVE-2026-22693

Paul Barker (1):
  create-pull-request: Keep commit hash to be pulled in cover email

Peter Marko (4):
  linux-yocto: apply cve-exclusions also to rt and tiny recipe variants
  cve-exclusions: set status for 5 CVEs
  ffmpeg: set status for CVE-2025-12343
  python3-urllib3: patch CVE-2025-66471

Shaik Moin (1):
  gdk-pixbuf: Fix CVE-2025-6199

Vijay Anusuri (1):
  gnutls: Fix CVE-2025-14831

Yoann Congal (2):
  README: Add whinlatter subject-prefix to git-send-email suggestion
  b4-config: add send-prefixes for whinlatter

 .b4-config                                    |   1 +
 README.OE-Core.md                             |   2 +-
 .../avahi/files/local-ping.patch              |   1 -
 .../zlib/zlib/CVE-2026-27171.patch            |  63 ++
 meta/recipes-core/zlib/zlib_1.3.1.bb          |   1 +
 .../python/python3-pip/CVE-2026-1703.patch    |  41 +
 .../python/python3-pip_25.2.bb                |   4 +-
 .../python3-urllib3/CVE-2025-66471.patch      | 926 ++++++++++++++++++
 .../python/python3-urllib3_2.5.0.bb           |   1 +
 ...kip-flaky-test_default_timeout-tests.patch |  49 +
 .../python/python3_3.13.11.bb                 |   1 +
 .../gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch |  36 +
 .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb          |   1 +
 .../harfbuzz/files/CVE-2026-22693.patch       |  33 +
 .../harfbuzz/harfbuzz_11.4.5.bb               |   4 +-
 meta/recipes-kernel/linux/cve-exclusion.inc   |  16 +
 .../linux/linux-yocto-rt_6.12.bb              |   1 +
 .../linux/linux-yocto-rt_6.16.bb              |   1 +
 .../linux/linux-yocto-tiny_6.12.bb            |   1 +
 .../linux/linux-yocto-tiny_6.16.bb            |   1 +
 ....10.07.bb => wireless-regdb_2026.02.04.bb} |   2 +-
 meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb  |   1 +
 .../gnutls/gnutls/CVE-2025-14831-1.patch      | 119 +++
 .../gnutls/gnutls/CVE-2025-14831-10.patch     | 424 ++++++++
 .../gnutls/gnutls/CVE-2025-14831-2.patch      |  66 ++
 .../gnutls/gnutls/CVE-2025-14831-3.patch      |  30 +
 .../gnutls/gnutls/CVE-2025-14831-4.patch      |  45 +
 .../gnutls/gnutls/CVE-2025-14831-5.patch      | 205 ++++
 .../gnutls/gnutls/CVE-2025-14831-6.patch      | 505 ++++++++++
 .../gnutls/gnutls/CVE-2025-14831-7.patch      | 124 +++
 .../gnutls/gnutls/CVE-2025-14831-8.patch      | 155 +++
 .../gnutls/gnutls/CVE-2025-14831-9.patch      | 110 +++
 meta/recipes-support/gnutls/gnutls_3.8.10.bb  |  10 +
 ...13.patch => fix-null-error-handling.patch} |   1 -
 meta/recipes-support/lz4/lz4_1.10.0.bb        |   2 +-
 scripts/create-pull-request                   |   2 +-
 36 files changed, 2977 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch
 create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch
 create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch
 create mode 100644 meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch
 create mode 100644 meta/recipes-graphics/harfbuzz/files/CVE-2026-22693.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2025.10.07.bb => wireless-regdb_2026.02.04.bb} (94%)
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-10.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch
 rename meta/recipes-support/lz4/lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} (99%)

Comments

Paul Barker March 10, 2026, noon UTC | #1 
On Tue, 2026-03-10 at 12:05 +0100, Yoann Congal via
lists.openembedded.org wrote:
> Those are the patches from the last patch review:
> https://lore.kernel.org/openembedded-core/cover.1772780989.git.yoann.congal@smile.fr/#r
> 
> Passed a-full on autobuilder:
> https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3341
> 
> The following changes since commit 45cba1329d541fdc5857d6df2624b34c91133f7a:
> 
>   build-appliance-image: Update to whinlatter head revisions (2026-02-27 17:46:44 +0000)
> 
> are available in the Git repository at:
> 
>   https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
>   https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next
> 
> for you to fetch changes up to cfc0e446a1ad57e710d2c82914211f9bcdc4a752:
> 
>   python3-urllib3: patch CVE-2025-66471 (2026-03-06 00:48:43 +0100)
> 
> ----------------------------------------------------------------
> 
> Adarsh Jagadish Kamini (1):
>   python3-pip: Backport fix CVE-2026-1703
> 
> Ankur Tyagi (1):
>   wireless-regdb: upgrade 2025.10.07 -> 2026.02.04
> 
> Antonin Godard (1):
>   python3: skip flaky test_default_timeout test
> 
> Benjamin Robin (Schneider Electric) (2):
>   avahi: Remove a reference to the rejected CVE-2021-36217
>   lz4: Remove a reference to the rejected CVE-2025-62813
> 
> Hugo SIMELIERE (2):
>   zlib: Fix CVE-2026-27171
>   harfbuzz: Fix CVE-2026-22693
> 
> Paul Barker (1):
>   create-pull-request: Keep commit hash to be pulled in cover email
> 
> Peter Marko (4):
>   linux-yocto: apply cve-exclusions also to rt and tiny recipe variants
>   cve-exclusions: set status for 5 CVEs
>   ffmpeg: set status for CVE-2025-12343
>   python3-urllib3: patch CVE-2025-66471
> 
> Shaik Moin (1):
>   gdk-pixbuf: Fix CVE-2025-6199
> 
> Vijay Anusuri (1):
>   gnutls: Fix CVE-2025-14831
> 
> Yoann Congal (2):
>   README: Add whinlatter subject-prefix to git-send-email suggestion
>   b4-config: add send-prefixes for whinlatter

There are two large CVE patches in this series:

- CVE-2025-66471 has been adequately discussed.

- CVE-2025-14831 was also a patched with a large delta from several
  upstream commits in Ubuntu and in CentOS Stream 10, so we're in line
  with what others are backporting.

So, LGTM.

Best regards,