[whinlatter,00/15] Pull request (cover letter only)

Message ID	cover.1775724198.git.yoann.congal@smile.fr
State	Not Applicable, archived
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.221.67, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Cc: Paul Barker <paul@pbarker.dev> Subject: [OE-core][whinlatter 00/15] Pull request (cover letter only) Date: Thu, 9 Apr 2026 10:45:02 +0200 Message-ID: <cover.1775724198.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit

Message ID

cover.1775724198.git.yoann.congal@smile.fr

State

Not Applicable, archived

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Cc: Paul Barker <paul@pbarker.dev>
Subject: [OE-core][whinlatter 00/15] Pull request (cover letter only)
Date: Thu,  9 Apr 2026 10:45:02 +0200
Message-ID: <cover.1775724198.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Message

Yoann Congal April 9, 2026, 8:45 a.m. UTC

Those are the patches from the last patch review (no changes):
https://lore.kernel.org/openembedded-core/cover.1775106968.git.yoann.congal@smile.fr/T/#t

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3571

The following changes since commit f74c948779850a9759d8b24bb83bb661ff85def4:

  curl: patch CVE-2026-3805 (2026-03-25 08:17:01 +0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next

for you to fetch changes up to e8a3acb03d4c466cd08e358953df15746cb5aaca:

  vim: Fix CVE-2026-26269 (2026-04-02 00:08:06 +0200)

----------------------------------------------------------------

Andrej Kozemcak (1):
  ca-certificates: upgrade 20250419 -> 20260223

Anil Dongare (2):
  vim: Fix CVE-2026-25749
  vim: Fix CVE-2026-26269

Changqing Li (1):
  libsoup: fix CVE-2025-32049/CVE-2026-1539

Deepak Rathore (3):
  expat: Fix CVE-2026-32776
  expat: Fix CVE-2026-32777
  expat: Fix CVE-2026-32778

Jinfeng Wang (1):
  tzdata/tzcode-native: upgrade 2025c -> 2026a

Logan Gallois (1):
  oe-setup-build: TEMPLATECONF were not applied correctly

Paul Barker (1):
  tzdata,tzcode-native: Upgrade 2025b -> 2025c

Vijay Anusuri (2):
  python3-pyopenssl: Fix CVE-2026-27448
  python3-pyopenssl: Fix CVE-2026-27459

Wang Mingyu (3):
  ccache: upgrade 4.12.2 -> 4.12.3
  libsoup: upgrade 3.6.5 -> 3.6.6
  libxmlb: upgrade 0.3.24 -> 0.3.25

 .../expat/expat/CVE-2026-32776.patch          |  90 ++++++
 .../expat/expat/CVE-2026-32777_p1.patch       |  48 +++
 .../expat/expat/CVE-2026-32777_p2.patch       |  65 ++++
 .../expat/expat/CVE-2026-32778_p1.patch       |  90 ++++++
 .../expat/expat/CVE-2026-32778_p2.patch       |  59 ++++
 meta/recipes-core/expat/expat_2.7.4.bb        |   5 +
 .../{ccache_4.12.2.bb => ccache_4.12.3.bb}    |   4 +-
 .../python3-pyopenssl/CVE-2026-27448.patch    | 125 ++++++++
 .../python3-pyopenssl/CVE-2026-27459.patch    | 109 +++++++
 .../python/python3-pyopenssl_25.1.0.bb        |   5 +
 meta/recipes-extended/timezone/timezone.inc   |   6 +-
 .../{libxmlb_0.3.24.bb => libxmlb_0.3.25.bb}  |   2 +-
 ...0250419.bb => ca-certificates_20260223.bb} |   2 +-
 .../libsoup/libsoup/CVE-2025-32049-1.patch    | 229 ++++++++++++++
 .../libsoup/libsoup/CVE-2025-32049-2.patch    |  34 ++
 .../libsoup/libsoup/CVE-2025-32049-3.patch    | 133 ++++++++
 .../libsoup/libsoup/CVE-2025-32049-4.patch    | 291 ++++++++++++++++++
 .../libsoup/libsoup/CVE-2026-1539.patch       |  97 ++++++
 .../{libsoup_3.6.5.bb => libsoup_3.6.6.bb}    |   9 +-
 .../vim/files/CVE-2026-25749.patch            |  64 ++++
 .../vim/files/CVE-2026-26269.patch            | 150 +++++++++
 meta/recipes-support/vim/vim.inc              |   2 +
 scripts/oe-setup-build                        |   2 +-
 23 files changed, 1612 insertions(+), 9 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32776.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777_p1.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777_p2.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778_p1.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778_p2.patch
 rename meta/recipes-devtools/ccache/{ccache_4.12.2.bb => ccache_4.12.3.bb} (88%)
 create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch
 create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch
 rename meta/recipes-gnome/libxmlb/{libxmlb_0.3.24.bb => libxmlb_0.3.25.bb} (93%)
 rename meta/recipes-support/ca-certificates/{ca-certificates_20250419.bb => ca-certificates_20260223.bb} (97%)
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32049-4.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2026-1539.patch
 rename meta/recipes-support/libsoup/{libsoup_3.6.5.bb => libsoup_3.6.6.bb} (85%)
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-25749.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-26269.patch

[whinlatter,00/15] Pull request (cover letter only)

Pull-request

Message