[kirkstone,00/18] Patch review

Message ID	cover.1775435063.git.yoann.congal@smile.fr
State	Not Applicable, archived
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 00/18] Patch review Date: Mon, 6 Apr 2026 08:26:29 +0200 Message-ID: <cover.1775435063.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit

Message ID

cover.1775435063.git.yoann.congal@smile.fr

State

Not Applicable, archived

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 00/18] Patch review
Date: Mon,  6 Apr 2026 08:26:29 +0200
Message-ID: <cover.1775435063.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Message

Yoann Congal April 6, 2026, 6:26 a.m. UTC

Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, April 8.

Please note:
- This will be the last review cycle for kirkstone.
- If you expect a patch to get merged and it is not in this series ping
  me as soon as possible.
- Some patches look OK to me and are included here but will only be
  merged if some patches are sent/fixed in more recent branches:
  - Pending a fix for the scarthgap branch:
    - curl: patch CVE-2026-3784
    - curl: patch CVE-2026-3783
    - curl: patch CVE-2026-1965
  - Pending an equivalement patch sent for whinlatter:
    - vim: Fix CVE-2026-33412
    - libarchive: Fix CVE-2026-4111
  - Pending an equivalement patch sent for whinlatter and scarthgap
    - python3: Fix CVE-2025-15282

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3603

The following changes since commit c4194cadb1180da37514c55cd97827eb0269c8e2:

  build-appliance-image: Update to kirkstone head revision (2026-03-20 09:58:53 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

for you to fetch changes up to 38444a1a8eb2575e2ad273a922d9793e10c3858c:

  scripts/install-buildtools: Update to 4.0.34 (2026-04-06 00:08:58 +0200)

----------------------------------------------------------------

Bruce Ashfield (2):
  linux-yocto/5.15: update to v5.15.200
  linux-yocto/5.15: update to v5.15.201

Fabien Thomas (1):
  README.OE-Core: update contributor links and add kirkstone prefix

Hitendra Prajapati (1):
  vim: Fix CVE-2026-33412

Jinfeng Wang (1):
  tzdata/tzcode-native: upgrade 2025c -> 2026a

Paul Barker (1):
  create-pull-request: Keep commit hash to be pulled in cover email

Peter Marko (1):
  libtheora: mark CVE-2024-56431 as not vulnerable yet

Vijay Anusuri (10):
  tzdata,tzcode-native: Upgrade 2025b -> 2025c
  python3: Fix CVE-2025-15282
  python3-pyopenssl: Fix CVE-2026-27448
  python3-pyopenssl: Fix CVE-2026-27459
  libarchive: Fix CVE-2026-4111
  sqlite3: Fix CVE-2025-70873
  curl: patch CVE-2025-14524
  curl: patch CVE-2026-1965
  curl: patch CVE-2026-3783
  curl: patch CVE-2026-3784

Yoann Congal (1):
  scripts/install-buildtools: Update to 4.0.34

 README.OE-Core.md                             |  10 +-
 .../python3-pyopenssl/CVE-2026-27448.patch    | 125 +++++++
 .../python3-pyopenssl/CVE-2026-27459.patch    | 106 ++++++
 .../python/python3-pyopenssl_22.0.0.bb        |   5 +
 .../python/python3/CVE-2025-15282.patch       |  68 ++++
 .../python/python3_3.10.19.bb                 |   1 +
 .../libarchive/CVE-2026-4111-1.patch          |  32 ++
 .../libarchive/CVE-2026-4111-2.patch          | 308 ++++++++++++++++++
 .../libarchive/libarchive_3.6.2.bb            |   2 +
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../linux/linux-yocto-rt_5.15.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.15.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_5.15.bb |  26 +-
 .../libtheora/libtheora_1.1.1.bb              |   3 +
 .../curl/curl/CVE-2025-14524.patch            |  42 +++
 .../curl/curl/CVE-2026-1965-1.patch           |  98 ++++++
 .../curl/curl/CVE-2026-1965-2.patch           |  29 ++
 .../curl/curl/CVE-2026-3783-pre1.patch        |  66 ++++
 .../curl/curl/CVE-2026-3783.patch             | 157 +++++++++
 .../curl/curl/CVE-2026-3784.patch             |  73 +++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   6 +
 .../sqlite/files/CVE-2025-70873.patch         |  33 ++
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   1 +
 .../vim/files/CVE-2026-33412.patch            |  61 ++++
 meta/recipes-support/vim/vim.inc              |   1 +
 scripts/create-pull-request                   |   2 +-
 scripts/install-buildtools                    |   4 +-
 27 files changed, 1249 insertions(+), 28 deletions(-)
 create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
 create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-15282.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch

[kirkstone,00/18] Patch review

Pull-request

Message