| Message ID | cover.1775578386.git.yoann.congal@smile.fr |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
Hi Yoann, On Tue, 7 Apr, 2026, 9:46 pm Yoann Congal via lists.openembedded.org, <yoann.congal=smile.fr@lists.openembedded.org> wrote: > Please review this set of changes for kirkstone and have comments back by > end of day Wednesday, April 8. > > Please note: > - This will be the last review cycle for kirkstone. > - If you expect a patch to get merged and it is not in this series ping > me as soon as possible. > - Some patches look OK to me and are included here but will only be > merged if some patches are sent/fixed in more recent branches: > - Pending an equivalent patch sent for scarthgap: > - ncurses: fix for CVE-2025-69720 > - Pending an equivalent patch sent for whinlatter: > - libarchive: Fix CVE-2026-4111 > > --> Libarchive 3.8.6 upgrade patch submitted for whinlatter. This upgrade > fixes CVE-2026-4111 . > Passed a-full on autobuilder: > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3612 > > v2->v3: > - Added ncurses:·fix·for·CVE-2025-69720 to the series > > v1->v2: > - replaced "python3: Fix CVE-2025-15282" with > "python3: upgrade 3.10.19 -> 3.10.20" > - Those patches are not held anymore since equivalent patches have been > sent to more recent branches: > - curl: patch CVE-2026-3784 > - curl: patch CVE-2026-3783 > - curl: patch CVE-2026-1965 > - vim: Fix CVE-2026-33412 > > The following changes since commit > c4194cadb1180da37514c55cd97827eb0269c8e2: > > build-appliance-image: Update to kirkstone head revision (2026-03-20 > 09:58:53 +0000) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib > stable/kirkstone-nut > > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut > > for you to fetch changes up to 94df79c304f692b0108155e04905180cdf92b2cd: > > scripts/install-buildtools: Update to 4.0.34 (2026-04-07 09:14:47 +0200) > > ---------------------------------------------------------------- > > Bruce Ashfield (2): > linux-yocto/5.15: update to v5.15.200 > linux-yocto/5.15: update to v5.15.201 > > Fabien Thomas (1): > README.OE-Core: update contributor links and add kirkstone prefix > > Hitendra Prajapati (2): > vim: Fix CVE-2026-33412 > ncurses: fix for CVE-2025-69720 > > Jinfeng Wang (1): > tzdata/tzcode-native: upgrade 2025c -> 2026a > > Paul Barker (1): > create-pull-request: Keep commit hash to be pulled in cover email > > Peter Marko (1): > libtheora: mark CVE-2024-56431 as not vulnerable yet > > Vijay Anusuri (10): > tzdata,tzcode-native: Upgrade 2025b -> 2025c > python3: upgrade 3.10.19 -> 3.10.20 > python3-pyopenssl: Fix CVE-2026-27448 > python3-pyopenssl: Fix CVE-2026-27459 > libarchive: Fix CVE-2026-4111 > sqlite3: Fix CVE-2025-70873 > curl: patch CVE-2025-14524 > curl: patch CVE-2026-1965 > curl: patch CVE-2026-3783 > curl: patch CVE-2026-3784 > > Yoann Congal (1): > scripts/install-buildtools: Update to 4.0.34 > > README.OE-Core.md | 10 +- > .../ncurses/files/CVE-2025-69720.patch | 42 ++ > .../ncurses/ncurses_6.3+20220423.bb | 1 + > .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++ > .../python3-pyopenssl/CVE-2026-27459.patch | 106 +++++ > .../python/python3-pyopenssl_22.0.0.bb | 5 + > .../python/python3/CVE-2025-12084.patch | 171 -------- > .../python/python3/CVE-2025-13836.patch | 163 -------- > .../python/python3/CVE-2025-13837.patch | 162 -------- > .../python/python3/CVE-2025-6075.patch | 364 ------------------ > ...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +- > .../libarchive/CVE-2026-4111-1.patch | 32 ++ > .../libarchive/CVE-2026-4111-2.patch | 308 +++++++++++++++ > .../libarchive/libarchive_3.6.2.bb | 2 + > meta/recipes-extended/timezone/timezone.inc | 6 +- > .../linux/linux-yocto-rt_5.15.bb | 6 +- > .../linux/linux-yocto-tiny_5.15.bb | 6 +- > meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- > .../libtheora/libtheora_1.1.1.bb | 3 + > .../curl/curl/CVE-2025-14524.patch | 42 ++ > .../curl/curl/CVE-2026-1965-1.patch | 98 +++++ > .../curl/curl/CVE-2026-1965-2.patch | 29 ++ > .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++ > .../curl/curl/CVE-2026-3783.patch | 157 ++++++++ > .../curl/curl/CVE-2026-3784.patch | 73 ++++ > meta/recipes-support/curl/curl_7.82.0.bb | 6 + > .../sqlite/files/CVE-2025-70873.patch | 33 ++ > meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + > .../vim/files/CVE-2026-33412.patch | 61 +++ > meta/recipes-support/vim/vim.inc | 1 + > scripts/create-pull-request | 2 +- > scripts/install-buildtools | 4 +- > 32 files changed, 1224 insertions(+), 893 deletions(-) > create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch > create mode 100644 > meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch > create mode 100644 > meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch > delete mode 100644 > meta/recipes-devtools/python/python3/CVE-2025-12084.patch > delete mode 100644 > meta/recipes-devtools/python/python3/CVE-2025-13836.patch > delete mode 100644 > meta/recipes-devtools/python/python3/CVE-2025-13837.patch > delete mode 100644 > meta/recipes-devtools/python/python3/CVE-2025-6075.patch > rename meta/recipes-devtools/python/{python3_3.10.19.bb => > python3_3.10.20.bb} (98%) > create mode 100644 > meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch > create mode 100644 > meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch > create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch > create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#234753): > https://lists.openembedded.org/g/openembedded-core/message/234753 > Mute This Topic: https://lists.openembedded.org/mt/118710539/7301997 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > vanusuri@mvista.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Tue Apr 7, 2026 at 8:14 PM CEST, Vijay Anusuri wrote: > Hi Yoann, > > > > On Tue, 7 Apr, 2026, 9:46 pm Yoann Congal via lists.openembedded.org, > <yoann.congal=smile.fr@lists.openembedded.org> wrote: > >> Please review this set of changes for kirkstone and have comments back by >> end of day Wednesday, April 8. >> >> Please note: >> - This will be the last review cycle for kirkstone. >> - If you expect a patch to get merged and it is not in this series ping >> me as soon as possible. >> - Some patches look OK to me and are included here but will only be >> merged if some patches are sent/fixed in more recent branches: >> - Pending an equivalent patch sent for scarthgap: >> - ncurses: fix for CVE-2025-69720 >> - Pending an equivalent patch sent for whinlatter: >> - libarchive: Fix CVE-2026-4111 >> > --> Libarchive 3.8.6 upgrade patch submitted for whinlatter. This upgrade > fixes CVE-2026-4111 . That's right: [OE-core][whinlatter][patch] libarchive: upgrade 3.8.5 -> 3.8.6 - Vijay Anusuri https://lore.kernel.org/openembedded-core/20260406065532.1259890-1-vanusuri@mvista.com/ (I did not make the connection) Thanks! > > Passed a-full on autobuilder: >> https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3612 >> >> v2->v3: >> - Added ncurses:·fix·for·CVE-2025-69720 to the series >> >> v1->v2: >> - replaced "python3: Fix CVE-2025-15282" with >> "python3: upgrade 3.10.19 -> 3.10.20" >> - Those patches are not held anymore since equivalent patches have been >> sent to more recent branches: >> - curl: patch CVE-2026-3784 >> - curl: patch CVE-2026-3783 >> - curl: patch CVE-2026-1965 >> - vim: Fix CVE-2026-33412 >> >> The following changes since commit >> c4194cadb1180da37514c55cd97827eb0269c8e2: >> >> build-appliance-image: Update to kirkstone head revision (2026-03-20 >> 09:58:53 +0000) >> >> are available in the Git repository at: >> >> https://git.openembedded.org/openembedded-core-contrib >> stable/kirkstone-nut >> >> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut >> >> for you to fetch changes up to 94df79c304f692b0108155e04905180cdf92b2cd: >> >> scripts/install-buildtools: Update to 4.0.34 (2026-04-07 09:14:47 +0200) >> >> ---------------------------------------------------------------- >> >> Bruce Ashfield (2): >> linux-yocto/5.15: update to v5.15.200 >> linux-yocto/5.15: update to v5.15.201 >> >> Fabien Thomas (1): >> README.OE-Core: update contributor links and add kirkstone prefix >> >> Hitendra Prajapati (2): >> vim: Fix CVE-2026-33412 >> ncurses: fix for CVE-2025-69720 >> >> Jinfeng Wang (1): >> tzdata/tzcode-native: upgrade 2025c -> 2026a >> >> Paul Barker (1): >> create-pull-request: Keep commit hash to be pulled in cover email >> >> Peter Marko (1): >> libtheora: mark CVE-2024-56431 as not vulnerable yet >> >> Vijay Anusuri (10): >> tzdata,tzcode-native: Upgrade 2025b -> 2025c >> python3: upgrade 3.10.19 -> 3.10.20 >> python3-pyopenssl: Fix CVE-2026-27448 >> python3-pyopenssl: Fix CVE-2026-27459 >> libarchive: Fix CVE-2026-4111 >> sqlite3: Fix CVE-2025-70873 >> curl: patch CVE-2025-14524 >> curl: patch CVE-2026-1965 >> curl: patch CVE-2026-3783 >> curl: patch CVE-2026-3784 >> >> Yoann Congal (1): >> scripts/install-buildtools: Update to 4.0.34 >> >> README.OE-Core.md | 10 +- >> .../ncurses/files/CVE-2025-69720.patch | 42 ++ >> .../ncurses/ncurses_6.3+20220423.bb | 1 + >> .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++ >> .../python3-pyopenssl/CVE-2026-27459.patch | 106 +++++ >> .../python/python3-pyopenssl_22.0.0.bb | 5 + >> .../python/python3/CVE-2025-12084.patch | 171 -------- >> .../python/python3/CVE-2025-13836.patch | 163 -------- >> .../python/python3/CVE-2025-13837.patch | 162 -------- >> .../python/python3/CVE-2025-6075.patch | 364 ------------------ >> ...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +- >> .../libarchive/CVE-2026-4111-1.patch | 32 ++ >> .../libarchive/CVE-2026-4111-2.patch | 308 +++++++++++++++ >> .../libarchive/libarchive_3.6.2.bb | 2 + >> meta/recipes-extended/timezone/timezone.inc | 6 +- >> .../linux/linux-yocto-rt_5.15.bb | 6 +- >> .../linux/linux-yocto-tiny_5.15.bb | 6 +- >> meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- >> .../libtheora/libtheora_1.1.1.bb | 3 + >> .../curl/curl/CVE-2025-14524.patch | 42 ++ >> .../curl/curl/CVE-2026-1965-1.patch | 98 +++++ >> .../curl/curl/CVE-2026-1965-2.patch | 29 ++ >> .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++ >> .../curl/curl/CVE-2026-3783.patch | 157 ++++++++ >> .../curl/curl/CVE-2026-3784.patch | 73 ++++ >> meta/recipes-support/curl/curl_7.82.0.bb | 6 + >> .../sqlite/files/CVE-2025-70873.patch | 33 ++ >> meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + >> .../vim/files/CVE-2026-33412.patch | 61 +++ >> meta/recipes-support/vim/vim.inc | 1 + >> scripts/create-pull-request | 2 +- >> scripts/install-buildtools | 4 +- >> 32 files changed, 1224 insertions(+), 893 deletions(-) >> create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch >> create mode 100644 >> meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch >> create mode 100644 >> meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch >> delete mode 100644 >> meta/recipes-devtools/python/python3/CVE-2025-12084.patch >> delete mode 100644 >> meta/recipes-devtools/python/python3/CVE-2025-13836.patch >> delete mode 100644 >> meta/recipes-devtools/python/python3/CVE-2025-13837.patch >> delete mode 100644 >> meta/recipes-devtools/python/python3/CVE-2025-6075.patch >> rename meta/recipes-devtools/python/{python3_3.10.19.bb => >> python3_3.10.20.bb} (98%) >> create mode 100644 >> meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch >> create mode 100644 >> meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch >> create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch >> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch >> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch >> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch >> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch >> create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch >> create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch >> create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#234753): >> https://lists.openembedded.org/g/openembedded-core/message/234753 >> Mute This Topic: https://lists.openembedded.org/mt/118710539/7301997 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ >> vanusuri@mvista.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> >>
Please review this set of changes for kirkstone and have comments back by end of day Wednesday, April 8. Please note: - This will be the last review cycle for kirkstone. - If you expect a patch to get merged and it is not in this series ping me as soon as possible. - Some patches look OK to me and are included here but will only be merged if some patches are sent/fixed in more recent branches: - Pending an equivalent patch sent for scarthgap: - ncurses: fix for CVE-2025-69720 - Pending an equivalent patch sent for whinlatter: - libarchive: Fix CVE-2026-4111 Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3612 v2->v3: - Added ncurses:·fix·for·CVE-2025-69720 to the series v1->v2: - replaced "python3: Fix CVE-2025-15282" with "python3: upgrade 3.10.19 -> 3.10.20" - Those patches are not held anymore since equivalent patches have been sent to more recent branches: - curl: patch CVE-2026-3784 - curl: patch CVE-2026-3783 - curl: patch CVE-2026-1965 - vim: Fix CVE-2026-33412 The following changes since commit c4194cadb1180da37514c55cd97827eb0269c8e2: build-appliance-image: Update to kirkstone head revision (2026-03-20 09:58:53 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut for you to fetch changes up to 94df79c304f692b0108155e04905180cdf92b2cd: scripts/install-buildtools: Update to 4.0.34 (2026-04-07 09:14:47 +0200) ---------------------------------------------------------------- Bruce Ashfield (2): linux-yocto/5.15: update to v5.15.200 linux-yocto/5.15: update to v5.15.201 Fabien Thomas (1): README.OE-Core: update contributor links and add kirkstone prefix Hitendra Prajapati (2): vim: Fix CVE-2026-33412 ncurses: fix for CVE-2025-69720 Jinfeng Wang (1): tzdata/tzcode-native: upgrade 2025c -> 2026a Paul Barker (1): create-pull-request: Keep commit hash to be pulled in cover email Peter Marko (1): libtheora: mark CVE-2024-56431 as not vulnerable yet Vijay Anusuri (10): tzdata,tzcode-native: Upgrade 2025b -> 2025c python3: upgrade 3.10.19 -> 3.10.20 python3-pyopenssl: Fix CVE-2026-27448 python3-pyopenssl: Fix CVE-2026-27459 libarchive: Fix CVE-2026-4111 sqlite3: Fix CVE-2025-70873 curl: patch CVE-2025-14524 curl: patch CVE-2026-1965 curl: patch CVE-2026-3783 curl: patch CVE-2026-3784 Yoann Congal (1): scripts/install-buildtools: Update to 4.0.34 README.OE-Core.md | 10 +- .../ncurses/files/CVE-2025-69720.patch | 42 ++ .../ncurses/ncurses_6.3+20220423.bb | 1 + .../python3-pyopenssl/CVE-2026-27448.patch | 125 ++++++ .../python3-pyopenssl/CVE-2026-27459.patch | 106 +++++ .../python/python3-pyopenssl_22.0.0.bb | 5 + .../python/python3/CVE-2025-12084.patch | 171 -------- .../python/python3/CVE-2025-13836.patch | 163 -------- .../python/python3/CVE-2025-13837.patch | 162 -------- .../python/python3/CVE-2025-6075.patch | 364 ------------------ ...{python3_3.10.19.bb => python3_3.10.20.bb} | 6 +- .../libarchive/CVE-2026-4111-1.patch | 32 ++ .../libarchive/CVE-2026-4111-2.patch | 308 +++++++++++++++ .../libarchive/libarchive_3.6.2.bb | 2 + meta/recipes-extended/timezone/timezone.inc | 6 +- .../linux/linux-yocto-rt_5.15.bb | 6 +- .../linux/linux-yocto-tiny_5.15.bb | 6 +- meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +- .../libtheora/libtheora_1.1.1.bb | 3 + .../curl/curl/CVE-2025-14524.patch | 42 ++ .../curl/curl/CVE-2026-1965-1.patch | 98 +++++ .../curl/curl/CVE-2026-1965-2.patch | 29 ++ .../curl/curl/CVE-2026-3783-pre1.patch | 66 ++++ .../curl/curl/CVE-2026-3783.patch | 157 ++++++++ .../curl/curl/CVE-2026-3784.patch | 73 ++++ meta/recipes-support/curl/curl_7.82.0.bb | 6 + .../sqlite/files/CVE-2025-70873.patch | 33 ++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + .../vim/files/CVE-2026-33412.patch | 61 +++ meta/recipes-support/vim/vim.inc | 1 + scripts/create-pull-request | 2 +- scripts/install-buildtools | 4 +- 32 files changed, 1224 insertions(+), 893 deletions(-) create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-12084.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-6075.patch rename meta/recipes-devtools/python/{python3_3.10.19.bb => python3_3.10.20.bb} (98%) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-1.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4111-2.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-1965-2.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783-pre1.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3784.patch create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-70873.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-33412.patch