mbox

[scarthgap,00/21] Patch review

Message ID cover.1781270474.git.jeremy.rosen@smile.fr
State Not Applicable, archived
Headers show

Pull-request

https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut

Message

Jeremy Rosen June 12, 2026, 2:25 p.m. UTC 
(Acting as LTS maintainer in training, process has been reviewed by
Yoann Congal)

Please review this set of changes for scarthgap and have comments back by 
end of day Tuesday, June 16.                                                                                                                                                                                                              
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3980

The following changes since commit e2864ea1ac022e43af92badc701fa1e2a9571f46:

  pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

for you to fetch changes up to 5e138a5cfb868b2b545161cb2cc706ccde307512:

  meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-12 11:50:34 +0200)

----------------------------------------------------------------

Enrico Jörns (1):
  devtool: prevent 'devtool modify -n' from corrupting kernel Git repos

Hugo SIMELIERE (Schneider Electric) (3):
  busybox: Fix CVE-2026-29004
  xz: Fix CVE-2026-34743
  util-linux: Fix CVE-2026-27456

João Marcos Costa (Schneider Electric) (1):
  meta/lib/oe/package.py: fix path to kernel sources in
    save_debugsources_info

Sudhir Dumbhare (1):
  nfs-utils: fix CVE-2025-12801

Theo Gaige (Schneider Electric) (14):
  go: patch CVE-2026-27142
  go: patch CVE-2026-32280
  go: patch CVE-2026-32283
  go: patch CVE-2026-32289
  go: patch CVE-2026-33811
  go: patch CVE-2026-39817
  go: patch CVE-2026-39819
  go: patch CVE-2026-39820
  go: patch CVE-2026-39825
  go: patch CVE-2026-39826
  go: patch CVE-2026-42499
  go: patch CVE-2026-42501
  go: patch CVE-2026-42504
  go: patch CVE-2026-42507

Zahir Hussain (1):
  libpng: Fix CVE-2026-33416

 meta/classes/create-spdx-2.2.bbclass          |   2 +-
 meta/lib/oe/package.py                        |   4 +-
 .../nfs-utils/CVE-2025-12801-build-fix.patch  |  44 ++
 .../CVE-2025-12801-dependent_p1.patch         |  71 +++
 .../CVE-2025-12801-dependent_p2.patch         |  81 +++
 .../CVE-2025-12801-dependent_p3.patch         | 185 +++++++
 .../CVE-2025-12801-dependent_p4.patch         | 468 ++++++++++++++++++
 .../nfs-utils/nfs-utils/CVE-2025-12801.patch  | 254 ++++++++++
 .../nfs-utils/nfs-utils_2.6.4.bb              |   6 +
 .../busybox/busybox/CVE-2026-29004-01.patch   |  41 ++
 .../busybox/busybox/CVE-2026-29004-02.patch   |  46 ++
 meta/recipes-core/busybox/busybox_1.36.1.bb   |   2 +
 meta/recipes-core/util-linux/util-linux.inc   |   1 +
 .../util-linux/CVE-2026-27456.patch           | 115 +++++
 meta/recipes-devtools/go/go-1.22.12.inc       |  14 +
 .../go/go/CVE-2026-27142.patch                | 386 +++++++++++++++
 .../go/go/CVE-2026-32280.patch                | 289 +++++++++++
 .../go/go/CVE-2026-32283.patch                | 177 +++++++
 .../go/go/CVE-2026-32289.patch                | 217 ++++++++
 .../go/go/CVE-2026-33811.patch                |  46 ++
 .../go/go/CVE-2026-39817.patch                | 105 ++++
 .../go/go/CVE-2026-39819.patch                |  48 ++
 .../go/go/CVE-2026-39820.patch                | 112 +++++
 .../go/go/CVE-2026-39825.patch                | 104 ++++
 .../go/go/CVE-2026-39826.patch                |  65 +++
 .../go/go/CVE-2026-42499.patch                |  91 ++++
 .../go/go/CVE-2026-42501.patch                | 127 +++++
 .../go/go/CVE-2026-42504.patch                |  58 +++
 .../go/go/CVE-2026-42507.patch                | 160 ++++++
 .../xz/xz/CVE-2026-34743.patch                |  68 +++
 meta/recipes-extended/xz/xz_5.4.7.bb          |   1 +
 .../libpng/files/CVE-2026-33416-01.patch      | 143 ++++++
 .../libpng/files/CVE-2026-33416-02.patch      |  53 ++
 .../libpng/files/CVE-2026-33416-03.patch      | 163 ++++++
 .../libpng/files/CVE-2026-33416-04.patch      |  53 ++
 .../libpng/libpng_1.6.42.bb                   |   4 +
 scripts/lib/devtool/standard.py               |   3 +-
 37 files changed, 3803 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-build-fix.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p4.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2026-27456.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27142.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32280.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32289.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39817.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39819.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39820.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39825.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39826.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42499.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42501.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42504.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42507.patch
 create mode 100644 meta/recipes-extended/xz/xz/CVE-2026-34743.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-01.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-02.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-03.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-04.patch