mbox

[scarthgap,00/31] Pull request (cover letter only)

Message ID cover.1778577638.git.yoann.congal@smile.fr
State Not Applicable, archived
Headers show

Pull-request

https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next

Message

Yoann Congal May 12, 2026, 9:25 a.m. UTC 
Those are the patches from the last two patch reviews:
* https://lore.kernel.org/openembedded-core/cover.1777995876.git.fabien.thomas@smile.fr/T/#u
  * Already sent as pull request: https://lore.kernel.org/openembedded-core/cover.1778186461.git.yoann.congal@smile.fr/
* https://lore.kernel.org/openembedded-core/cover.1778198884.git.yoann.congal@smile.fr/T/#t
I've combined the 2 series in this pull request.

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3794

The following changes since commit dc2df90b1d4f71023169d492f3819326e0e6c055:

  liburcu: upgrade 0.14.0 -> 0.14.2 (2026-04-24 16:06:21 +0200)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next

for you to fetch changes up to 7952d214393b6c5230ba115f63b6f6d245a728bc:

  glibc: Fix recipe bug that disabled stack protector (2026-05-08 01:06:24 +0200)

----------------------------------------------------------------

Adarsh Jagadish Kamini (2):
  binutils: fix CVE-2025-69647
  binutils: fix CVE-2025-69648

Bruce Ashfield (3):
  linux-yocto/6.6: update to v6.6.124
  linux-yocto/6.6: update to v6.6.126
  linux-yocto/6.6: update to v6.6.127

Changqing Li (2):
  libsoup: fix CVE-2025-14523
  libsoup: fix CVE-2025-32049

Fabien Thomas (1):
  ghostscript: Pin to C17 std

Himanshu Jadon (1):
  apt: Add CVE_PRODUCT to support product name

Hitendra Prajapati (7):
  rsync: fix for CVE-2026-41035
  systemd: fix for CVE-2026-40225
  systemd: fix for CVE-2026-40226
  libarchive: fix for CVE-2026-4426
  vim: fix for CVE-2026-39881
  sudo: fix for CVE-2026-35535
  inetutils: fix for CVE-2026-32772

Hongxu Jia (3):
  u-boot: fix CVE-2025-24857
  ovmf: fix CVE-2025-2296
  ovmf: fix CVE-2024-38798

Hugo SIMELIERE (3):
  expat: patch CVE-2026-32776
  expat: patch CVE-2026-32777
  expat: patch CVE-2026-32778

Ivan Nestlerode (1):
  glibc: Fix recipe bug that disabled stack protector

Jhonata Poma-Hansen (1):
  dbus: gate user-session PACKAGECONFIG on systemd in DISTRO_FEATURES

Martin Jansa (1):
  ghostscript: fix build with gcc-15 on host

Moritz Haase (1):
  devtool: Disable gpg signing when setting up source tree repos

Peter Marko (1):
  coreutils: set CVE_PRODUCT

Sudhir Dumbhare (1):
  libpng: fix CVE-2026-33636

Vijay Anusuri (2):
  avahi: Fix CVE-2026-34933
  gdk-pixbuf: Fix CVE-2026-5201

Xiangyu Chen (1):
  grub: update search parameter

 meta/recipes-bsp/grub/files/cfg               |   2 +-
 .../u-boot/files/CVE-2025-24857.patch         |  42 +
 meta/recipes-bsp/u-boot/u-boot-common.inc     |   4 +-
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   2 +
 .../avahi/files/CVE-2026-34933-1.patch        | 108 +++
 .../avahi/files/CVE-2026-34933-2.patch        |  96 +++
 .../inetutils/inetutils/CVE-2026-32772.patch  | 172 ++++
 .../inetutils/inetutils_2.5.bb                |   1 +
 meta/recipes-core/coreutils/coreutils_9.4.bb  |   2 +
 meta/recipes-core/dbus/dbus_1.14.10.bb        |   2 +-
 .../expat/expat/CVE-2026-32776.patch          |  91 +++
 .../expat/expat/CVE-2026-32777-01.patch       |  49 ++
 .../expat/expat/CVE-2026-32777-02.patch       |  66 ++
 .../expat/expat/CVE-2026-32778-01.patch       |  91 +++
 .../expat/expat/CVE-2026-32778-02.patch       |  61 ++
 meta/recipes-core/expat/expat_2.6.4.bb        |   5 +
 meta/recipes-core/glibc/glibc.inc             |   3 -
 ...mdSev-Halt-on-failed-blob-allocation.patch | 159 ++++
 .../ovmf/ovmf/CVE-2024-38798.patch            | 116 +++
 .../ovmf/ovmf/CVE-2025-2296-1.patch           | 762 ++++++++++++++++++
 .../ovmf/ovmf/CVE-2025-2296-2.patch           | 175 ++++
 .../ovmf/ovmf/CVE-2025-2296-3.patch           |  42 +
 .../ovmf/ovmf/CVE-2025-2296-4.patch           |  34 +
 .../ovmf/ovmf/CVE-2025-2296-5.patch           |  36 +
 .../ovmf/ovmf/CVE-2025-2296-6.patch           |  54 ++
 .../ovmf/ovmf/CVE-2025-2296-7.patch           | 124 +++
 .../ovmf/ovmf/CVE-2025-2296-8.patch           | 125 +++
 .../ovmf/ovmf/CVE-2025-2296-9.patch           | 108 +++
 meta/recipes-core/ovmf/ovmf_git.bb            |  11 +
 .../systemd/systemd/CVE-2026-40225-01.patch   | 131 +++
 .../systemd/systemd/CVE-2026-40225-02.patch   |  39 +
 .../systemd/systemd/CVE-2026-40226-01.patch   |  63 ++
 .../systemd/systemd/CVE-2026-40226-02.patch   |  39 +
 meta/recipes-core/systemd/systemd_255.21.bb   |   4 +
 meta/recipes-devtools/apt/apt_2.6.1.bb        |   3 +
 .../binutils/binutils-2.42.inc                |   2 +
 .../binutils/binutils/CVE-2025-69647.patch    |  85 ++
 .../binutils/binutils/CVE-2025-69648.patch    | 190 +++++
 .../rsync/files/CVE-2026-41035.patch          |  39 +
 meta/recipes-devtools/rsync/rsync_3.2.7.bb    |   1 +
 ...Fix-compatibility-with-C23-compilers.patch |  67 ++
 .../ghostscript/ghostscript_10.05.1.bb        |   3 +
 .../libarchive/libarchive/CVE-2026-4426.patch |  58 ++
 .../libarchive/libarchive_3.7.9.bb            |   1 +
 .../sudo/files/CVE-2026-35535.patch           | 150 ++++
 meta/recipes-extended/sudo/sudo_1.9.17p2.bb   |   1 +
 .../gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch |  44 +
 .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb          |   1 +
 .../linux/linux-yocto-rt_6.6.bb               |   6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  |  28 +-
 .../libpng/files/CVE-2026-33636.patch         |  99 +++
 .../libpng/libpng_1.6.42.bb                   |   1 +
 .../libsoup-3.4.4/CVE-2025-14523.patch        | 715 ++++++++++++++++
 .../libsoup-3.4.4/CVE-2025-32049-1.patch      | 229 ++++++
 .../libsoup-3.4.4/CVE-2025-32049-2.patch      |  34 +
 .../libsoup-3.4.4/CVE-2025-32049-3.patch      | 134 +++
 .../libsoup-3.4.4/CVE-2025-32049-4.patch      | 292 +++++++
 meta/recipes-support/libsoup/libsoup_3.4.4.bb |   5 +
 .../vim/files/CVE-2026-39881.patch            | 248 ++++++
 meta/recipes-support/vim/vim.inc              |   1 +
 scripts/lib/devtool/__init__.py               |   2 +-
 62 files changed, 5237 insertions(+), 27 deletions(-)
 create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2025-24857.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-34933-1.patch
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-34933-2.patch
 create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-32772.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32776.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777-02.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778-02.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-AmdSev-Halt-on-failed-blob-allocation.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2024-38798.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-1.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-2.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-3.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-4.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-5.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-6.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-7.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-8.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-9.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40226-01.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40226-02.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2026-41035.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-Bug-708160-Fix-compatibility-with-C23-compilers.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4426.patch
 create mode 100644 meta/recipes-extended/sudo/files/CVE-2026-35535.patch
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33636.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-14523.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-1.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-2.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-3.patch
 create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-4.patch
 create mode 100644 meta/recipes-support/vim/files/CVE-2026-39881.patch