From patchwork Tue Jan 20 11:23:46 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79145
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0BA8BD2ED0F
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4236.1768908267767989558
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=bt99kjV8;
 spf=pass (domain: smile.fr, ip: 209.85.128.47,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f47.google.com with SMTP id
 5b1f17b1804b1-4801bc32725so25334885e9.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908266; x=1769513066;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=STf2tGsCTPByRsiUufELAmHRNxtfM1g3wgDWaIsRHE0=;
        b=bt99kjV8FT6qMSzH/FedJQLrZvvE6Nub6GJsuVsCupC42eYgvuaiouIi7S+0KyzX/2
         F0FrHX++vCZmp3rSKrYkk0+hhOextOc7XgurDnOoAzzYls+40ku7z8/6xesHhFwedxIH
         6WfDc5sz6QJHyDPRV9ENkq8YDDpsYRhsiVqaA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908266; x=1769513066;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=STf2tGsCTPByRsiUufELAmHRNxtfM1g3wgDWaIsRHE0=;
        b=lkdJc2ZSGNfSWqcX5oKG7796BC/rc5mrLn7p6XtUg6WfMbNycwIBwJpeOmcIyLqADz
         NlvlVZTfB9CnlbLZ+eEmq9FbXSgVCsZ9CD9LnaJ0ReZsul8RaIFgjEO3Lb4bHYcfoHBD
         wBK5GNjqANK+waA5jQMNnhVk5RAEzCMv16ilJY6belKzX6n6C3dZrxZTCWN/gLAmz1iT
         POQduhmXW7onOWtW/d2fJvx5KrXJHuUPhG6IarWechUYiVGr1NjMwbaMoCLFYSoZzcb2
         ZqbnHL+1tz0zYbf6CB5nepNjbUYZY698h36QleEFWP6Nlp/1kP1eKpOmo2W79gPLqp/p
         brDw==
X-Gm-Message-State: AOJu0YyBgFRHPUmcgyaICjkIn2R7RsaqKJl+x5sgfkoWm651LcM6f0cR
	7mqi8SeRienBgyAL/21Im3QF5enDmAspgRiJbY2dYMuXlAljYOQoQBeHZjgijUw9siVBU3XXD4u
	cv/v7
X-Gm-Gg: AY/fxX5IIFgaMw/jRQtO+DgWLiO06pNBW+anXFbUvcYMZVHt1pPYmadwCt/DEHrkWzd
	XFw9W40BBG5Y7GwnW8jWmRSqs/xUfrlPXWuxl7VSbDQ92S9v7on5nOX9yJoAdCJuHPcXuGRMLJo
	qTgTIJFfuhIqfb/hiyIS+uTd3+jMDiWafo9rdwuzOfgsgzNQoKN2ZIDpg6N0bkBz+pr0kE26vU9
	g5v+MgsxHhNIr6nnG+UUAryQqxLXivMQdxMk/B0SIJojKbreQpdSq2h9cqyBJi7OD91bx4e2eLN
	fsQWdzqIeJYchyWb/QESSDRNvHKul9+TEe1YWWhSeCYYAfuzttHtuS5JUeP+8fkpofsk8DUa2sR
	OyVgBhplmo12GwdSnFEn4GVFlq70MPwJG5tSsuoT4lONNmKVncZUpCR81wLjZTbOExDg4evYnlf
	aroDJZMY7eQZTIMjqf5bdA7gkK6tvJBUmN2HtzQtxKj5zTjczfF/lZT81nFLlA0emxGjwcZkWp8
	fV/35EkKO9U8LtXBvsYzw==
X-Received: by 2002:a05:600c:4691:b0:480:1c10:5633 with SMTP id
 5b1f17b1804b1-4803b9d6ad6mr50473055e9.26.1768908265674;
        Tue, 20 Jan 2026 03:24:25 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.24
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:24 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 01/15] util-linux: patch CVE-2025-14104
Date: Tue, 20 Jan 2026 12:23:46 +0100
Message-ID: 
 <6d4a4ef3014e6fcf66c7835ef71eebc7319bb575.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229661

From: Peter Marko <peter.marko@siemens.com>

Pick patches per [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-14104

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-core/util-linux/util-linux.inc   |  2 ++
 .../util-linux/CVE-2025-14104-01.patch        | 33 +++++++++++++++++++
 .../util-linux/CVE-2025-14104-02.patch        | 28 ++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
 create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index e7a3c5be9f..3135bbb7c6 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -21,6 +21,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
            file://0001-tests-helpers-test_sigstate.c-explicitly-reset-SIGIN.patch \
            file://0001-include-mount-api-utils-avoid-using-sys-mount.h.patch \
+           file://CVE-2025-14104-01.patch \
+           file://CVE-2025-14104-02.patch \
            "
 
 SRC_URI[sha256sum] = "be9ad9a276f4305ab7dd2f5225c8be1ff54352f565ff4dede9628c1aaa7dec57"
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
new file mode 100644
index 0000000000..23677345c9
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch
@@ -0,0 +1,33 @@
+From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Date: Sat, 24 May 2025 03:16:09 +0100
+Subject: [PATCH] Update setpwnam.c
+
+CVE: CVE-2025-14104
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/aaa9e718c88d6916b003da7ebcfe38a3c88df8e6]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ login-utils/setpwnam.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 3e3c1abde..95e470b5a 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ 		}
+ 
+ 		/* Is this the username we were sent to change? */
+-		if (!found && linebuf[namelen] == ':' &&
+-		    !strncmp(linebuf, pwd->pw_name, namelen)) {
+-			/* Yes! So go forth in the name of the Lord and
+-			 * change it!  */
++		if (!found &&
++		    strncmp(linebuf, pwd->pw_name, namelen) == 0 &&
++		    strlen(linebuf) > namelen &&
++		    linebuf[namelen] == ':') {
++			/* Yes! But this time let’s not walk past the end of the buffer
++			 * in the name of the Lord, SUID, or anything else. */
+ 			if (putpwent(pwd, fp) < 0)
+ 				goto fail;
+ 			found = 1;
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
new file mode 100644
index 0000000000..9d21db2743
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch
@@ -0,0 +1,28 @@
+From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Date: Mon, 26 May 2025 10:06:02 +0100
+Subject: [PATCH] Update bufflen
+
+Update buflen
+
+CVE: CVE-2025-14104
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/9a36d77012c4c771f8d51eba46b6e62c29bf572a]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ login-utils/setpwnam.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 95e470b5a..7778e98f7 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ 		goto fail;
+ 
+ 	namelen = strlen(pwd->pw_name);
+-
++	if (namelen > buflen)
++		buflen += namelen;
+ 	linebuf = malloc(buflen);
+ 	if (!linebuf)
+ 		goto fail;

From patchwork Tue Jan 20 11:23:47 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79150
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6A08FD2ED1A
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4237.1768908268467843593
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=yjODJ1k6;
 spf=pass (domain: smile.fr, ip: 209.85.221.53,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f53.google.com with SMTP id
 ffacd0b85a97d-4359249bbacso201893f8f.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908267; x=1769513067;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ouxhyF1Zrlteu9EMDm5g6DFnJUAmtjmSFz1dGl+WH94=;
        b=yjODJ1k6VPA05wGEpda/QP6vWg7EFddTIKEoHElwomc5SN5HKgRwa3psOgA/r+kNo9
         GTBk6V94ECsvqx71hRCiVN+zBB27qudBDd73gviLNxMoiuzU9Lgu55KJaa4m5of2NVt4
         eynVgLgQ58LaqLwjryca58wHa37kV+StlapL0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908267; x=1769513067;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=ouxhyF1Zrlteu9EMDm5g6DFnJUAmtjmSFz1dGl+WH94=;
        b=LI4ELatLNZgvCVpeaQ7+AnlhqHAhnnkoCVljXnbCgfkvPP2+KVAgC7gxbTjZ/lkCcF
         3Te1Uzuue+1hM+S9ct2MQrg2uLLebZ6xM2lOU7LG9oVjlzCZTatbWj488jDrHkByuSqd
         KDHJsqeEtgrR5YVaAgim6qP+EQKwTJ56PmyBBaCibcmf3KeLsydafl3y+PP4PPDNl8DG
         brJi8CfcAziEPD2EP/07+kCw2g9n4fUPFZDijz0VcAxHdZ2Y46eMUu+IR67fqfbszAyy
         n/miqcIaCgHD8T20XNP2VI4zln9vEur0z4/leq2WUzaeWEHVKJWAcA2tBOyQwm2SXZe9
         FSAw==
X-Gm-Message-State: AOJu0Yw5hkDwVoUJp3G6b3fkt7IER0XadP19ozVHfx0j2lJaRZPYlt/q
	g9W9kwbWywMW6D004P9lmhhnCMPn2Piqz/uTUwHex2pv2k72jZxmJe52oiPZQ4nBz4z4cKFaTCm
	Q/V+3
X-Gm-Gg: AZuq6aILIPWHkKy53ajjLM4u80V86skmOdx6jK9GNsIp9330GJnw/34A3NWIKCtCo/X
	CC+7AQc6SUTMonvlCpXtuSoVXhdUCYGwur8sm32Zf/XfmpBXHx6HewcIIqApgGE2czc2qe/EmhW
	o9VhkWxIx8UPLksmIL6PAVJl4KR4QDWS44dqEspc98amIKmrMMgLDIFona+Kwpc4KgDy1mQXXre
	ncbKW9nClong8z03jUNmbd8OnOsv6WhRdBfaXBtoNYirpsHNfEuRGAyXRLzs3d9HMUiyCByC0Pd
	hnl1TaKCo9J5lh736PP2rz1chDR+xNFQrGwDR2pIKmquffltDGlVlWfANIKLMcl+LRPLC/JCWrz
	P+pHxc22JMMHbPfbw+SJIcmx9o5cAZKNlq9fAYSH72ORWd7hiVNqL/67ny6KEr8CArk7UT6ohYh
	slTVhhx9GQju2JPYRPXN1JFphmUUA5VX3x/wi7Gc35lvl53meXB87wCn/1hm8kWRHd7jgYh6Mnu
	QUOwV/nA0Wt6Tn2hBkFpA==
X-Received: by 2002:a5d:64c5:0:b0:432:5b18:2cc3 with SMTP id
 ffacd0b85a97d-434cc998591mr24278236f8f.4.1768908266383;
        Tue, 20 Jan 2026 03:24:26 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.25
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:25 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 02/15] gnupg: patch CVE-2025-68973
Date: Tue, 20 Jan 2026 12:23:47 +0100
Message-ID: 
 <42828c49520b7548abb93644fb29ab33408d029f.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229662

From: Peter Marko <peter.marko@siemens.com>

Pick patch from 2.4 branch per [1].
2.5 branch already reworked this and patch from that didn't apply.

[1] https://security-tracker.debian.org/tracker/CVE-2025-68973

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../gnupg/gnupg/CVE-2025-68973.patch          | 108 ++++++++++++++++++
 meta/recipes-support/gnupg/gnupg_2.5.11.bb    |   1 +
 2 files changed, 109 insertions(+)
 create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch

diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
new file mode 100644
index 0000000000..1d5225361b
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
@@ -0,0 +1,108 @@
+From 4ecc5122f20e10c17172ed72f4fa46c784b5fb48 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 23 Oct 2025 11:36:04 +0200
+Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser.
+
+* g10/armor.c (armor_filter): Fix faulty double increment.
+
+* common/iobuf.c (underflow_target): Assert that the filter
+implementations behave well.
+--
+
+This fixes a bug in a code path which can only be reached with special
+crafted input data and would then error out at an upper layer due to
+corrupt input (every second byte in the buffer is unitialized
+garbage).  No fuzzing has yet hit this case and we don't have a test
+case for this code path.  However memory corruption can never be
+tolerated as it always has the protential for remode code execution.
+
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073
+which fixed
+Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f
+Backported-from-master: 115d138ba599328005c5321c0ef9f00355838ca9
+
+The bug was introduced on 1999-01-07 by me:
+* armor.c: Rewrote large parts.
+which I fixed on 1999-03-02 but missed to fix the other case:
+* armor.c (armor_filter): Fixed armor bypassing.
+
+Below is base64+gzipped test data which can be used with valgrind to
+show access to uninitalized memory in write(2) in the unpatched code.
+
+--8<---------------cut here---------------start------------->8---
+H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze
+a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA==
+--8<---------------cut here---------------end--------------->8---
+
+CVE: CVE-2025-68973
+Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ common/iobuf.c | 8 +++++++-
+ g10/armor.c    | 4 ++--
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/common/iobuf.c b/common/iobuf.c
+index 748e6935d..2497713c1 100644
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -2041,6 +2041,8 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
+ 	rc = 0;
+       else
+       {
++        size_t tmplen;
++
+ 	/* If no buffered data and drain buffer has been setup, and drain
+ 	 * buffer is largish, read data directly to drain buffer. */
+ 	if (a->d.len == 0
+@@ -2053,8 +2055,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
+ 	      log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n",
+ 			 a->no, a->subno, (ulong)len);
+ 
+-	    rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
++            tmplen = len;  /* Used to check for bugs in the filter.  */
++            rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ 			    a->e_d.buf, &len);
++            log_assert (len <= tmplen);
+ 	    a->e_d.used = len;
+ 	    len = 0;
+ 	  }
+@@ -2064,8 +2068,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
+ 	      log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n",
+ 			 a->no, a->subno, (ulong)len);
+ 
++            tmplen = len;  /* Used to check for bugs in the filter.  */
+ 	    rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ 			    &a->d.buf[a->d.len], &len);
++            log_assert (len <= tmplen);
+ 	  }
+       }
+       a->d.len += len;
+diff --git a/g10/armor.c b/g10/armor.c
+index 81af15339..f8cfa86db 100644
+--- a/g10/armor.c
++++ b/g10/armor.c
+@@ -1312,8 +1312,8 @@ armor_filter( void *opaque, int control,
+ 	n = 0;
+ 	if( afx->buffer_len ) {
+             /* Copy the data from AFX->BUFFER to BUF.  */
+-	    for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
+-		buf[n++] = afx->buffer[afx->buffer_pos++];
++            for(; n < size && afx->buffer_pos < afx->buffer_len;)
++                buf[n++] = afx->buffer[afx->buffer_pos++];
+ 	    if( afx->buffer_pos >= afx->buffer_len )
+ 		afx->buffer_len = 0;
+ 	}
diff --git a/meta/recipes-support/gnupg/gnupg_2.5.11.bb b/meta/recipes-support/gnupg/gnupg_2.5.11.bb
index 9cc063f837..753eea6276 100644
--- a/meta/recipes-support/gnupg/gnupg_2.5.11.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.5.11.bb
@@ -19,6 +19,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/"
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://0002-use-pkgconfig-instead-of-npth-config.patch \
            file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
+           file://CVE-2025-68973.patch \
            "
 SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
                                 file://relocate.patch"

From patchwork Tue Jan 20 11:23:48 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79151
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 77141D2ED1B
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4157.1768908268949995878
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:29 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=fGEpJSdd;
 spf=pass (domain: smile.fr, ip: 209.85.221.53,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f53.google.com with SMTP id
 ffacd0b85a97d-42fbbc3df8fso2837712f8f.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908267; x=1769513067;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=vpVdgLaol2e6pe9gMBkTIgjSHdSYcksJ2/uVwqIx+U8=;
        b=fGEpJSddoF0VuzUAeHCX4w5U5oPq67MaKA+E9wq+E9vlo3ojCeLggwjA6sXhPd9zGO
         sizLdclQ61aOjje456Fa/1Vkhod5CfgCoMMBPEEDkjj8biHaKYTDK2FH1ibUDaJypxhU
         LRastC1LwJ0ERV95mAQP7sWG/gdABDlj6oaXw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908267; x=1769513067;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=vpVdgLaol2e6pe9gMBkTIgjSHdSYcksJ2/uVwqIx+U8=;
        b=ujtgWw2nWRORPZQDIQCuCEqOrp1+7WqYVBf3yQjlYJQHkJyUNJNZbs/DAV7DKnBHtl
         W33stlzLkneS6VPEApGsHSahrmLlSIrqKCFzBEB9N7C8/MRiJwwX9ioz03RcTNOXZuTc
         s2VCczmH3Lal4GjWdkhk8rRauI+5XLmUcbg5J9XYdIqjBQFwUptldDk/jUkg97UWJLC7
         iuekLV1Pj3ZwvU0vyyNH+kwNYMQ5Xzdf85v1UKHPmxV8BYNIWtEMjrJblONTe4Slke2/
         qbpj5DOyHYplV41elEmf84A49vmqwGaL4OJsQBB1vL1Rtz/nWPXNciQV86r0LPBs6Zwc
         XmHg==
X-Gm-Message-State: AOJu0YyRMsFeDOKlw5CL9qll2H48xk3hZBPO6hnG6cl0pHzTY1MgEpa+
	r5pfaUa04n57DHrgEzOtyjcsnjCTkMeORzCezkKALr5vUu9kfXCuim+cp2eOTMa8/5oq65L1mym
	pS3At
X-Gm-Gg: AZuq6aIMdVWroZ2SWdRK+oDrTNbn9cnZKI12BD1pwuq/uEtUa/yVE0J/Wzp4akSrGGG
	KujQo9NKpW7nQDtClzDFYkTQ0+zI9wWgP6kHlTZ0Kf2ZX36I18m7wi5Vl2tkW2KgzH3GHdq3TP/
	uU8Hd6uJCVtjY5XnwGiyXBM0U5PCumIA63fIe7GQFUGYzbihDa+EnQ9AYf5MlYZ1PYYpIXWT2Q6
	a8uj+cLOO047eG4mc/hIZPvOq/hWIQ28ZYZzqmigIe+MhhXB8uoo0jGs6CcQVRfZVYqutuP1Tck
	ArYuouPuAg3/sMOzdp0cOUMebpczvgTB7EJ3Kb6ZK8/h3XL5cA25/o5dNK2cHehE53PGP50PiUo
	SV4WWtwPZ77x93XSmF8iByKeZ4JG0TZnfcheL9SVZP3/dNCQpDPu3hTn32J9aTEE2xo5Qft/ues
	OZdmGlOF/HuLFGcvvbntR9UULwCUeBmsA7JM8LlwjN7Ta8PCPQa2fokxzxX4bp08nYmHsLkPiFL
	zkFxSuTn8NUOw8C6uUnhQ==
X-Received: by 2002:a5d:55c8:0:b0:435:95ce:84cd with SMTP id
 ffacd0b85a97d-43595ce8500mr672838f8f.54.1768908266968;
        Tue, 20 Jan 2026 03:24:26 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:26 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 03/15] libpng: upgrade 1.6.52 -> 1.6.53
Date: Tue, 20 Jan 2026 12:23:48 +0100
Message-ID: 
 <c689e7db6f4a01e0c81765e112371f64c4bf8221.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229663

From: Alexander Kanavin <alex@linutronix.de>

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../libpng/{libpng_1.6.52.bb => libpng_1.6.53.bb}               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-multimedia/libpng/{libpng_1.6.52.bb => libpng_1.6.53.bb} (97%)

diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.52.bb b/meta/recipes-multimedia/libpng/libpng_1.6.53.bb
similarity index 97%
rename from meta/recipes-multimedia/libpng/libpng_1.6.52.bb
rename to meta/recipes-multimedia/libpng/libpng_1.6.53.bb
index fba6e77b1c..956cd243b1 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.52.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.53.bb
@@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
            file://run-ptest \
 "
 
-SRC_URI[sha256sum] = "36bd726228ec93a3b6c22fdb49e94a67b16f2fe9b39b78b7cb65772966661ccc"
+SRC_URI[sha256sum] = "1d3fb8ccc2932d04aa3663e22ef5ef490244370f4e568d7850165068778d98d4"
 
 MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/"
 

From patchwork Tue Jan 20 11:23:49 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79149
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 52459D2ED19
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com
 [209.85.221.42])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4238.1768908269472261090
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:29 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=E90MN611;
 spf=pass (domain: smile.fr, ip: 209.85.221.42,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f42.google.com with SMTP id
 ffacd0b85a97d-4358fb60802so304465f8f.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908267; x=1769513067;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/hkz7Dio3/ObY/XQ91Chi2v3BC4f0tVxlbubtOBy2m0=;
        b=E90MN611kMqPR2ZTIXVkQw4f6IJ3PetpKUidQned66tM4U/AG4zmkvCWkti2uCfxH5
         IM+P/dVanidsTOZCP8clLsn3EB/70ujuIU5wnkjp1p375V5WkV9E8n6EWI4yXtIwMUcL
         gkImVfbVeHCINz5oGEpyGE4KX1vPqCh24nZt0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908267; x=1769513067;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=/hkz7Dio3/ObY/XQ91Chi2v3BC4f0tVxlbubtOBy2m0=;
        b=RYeBs+Ynp0jVtwWjDTnfGSW6g8uE9mxOniNYV3TRXTsLOnpcIueTuSYatmBavZVP7h
         2cPRu4o6ITJl+xFdhOw/BjE9FlZ7VWODcrD2JJr38xfUtZiqlGJKMaK17mtX4Rg08x5F
         7td4C1pLDAal6g8JjpAumoumaqCX+m28FZ/ET3DppUnmUNqUJBpq6r0iNa5X0DHEsu3j
         KiYrUgwQf7gkcfBBXmVD7LoUHfQvmtMCZvJUux0L1GahYqiEnub/BNoyoFihVC4mbB6g
         LtA1Rk8Gf3i/CQSD/BvM6GdyrLn/yfAclQsffFlNFEoCLycs4EQKAnArDeqVDbtxDt9j
         W5tQ==
X-Gm-Message-State: AOJu0YzZ+NBM5Sf6sxyYiO9kw6Uexh7bbyJniLfjRVvOkvlS/1GFzpWy
	8szeV1HO0QnwgizjdyGPg7eJDkqfr27DK4fIk7j50ppOfW/sIyRGOP9ggSqXYttZqeQqpiSXOxe
	eaIwU
X-Gm-Gg: AZuq6aIMMoLxSXEOxNPshawfWZWhqei//HRFAPdmC43ONci2FEAGhAi5ijX8knHMjZS
	xbYb+32NGVcUdtKSN5AmKER8sHeyqE+WoVpUvDci0G0gzYB8NBeG4lSLOhZ/YOZd9XZgIGXRfdK
	CC8kAPHeqYTE+e/Z/5amfuqZg6I+62uHL5+kss0oVGegG61yXAZX+a6ARtgax0uhUL08F+D8BCA
	MPjKWZDqAnAB3PSihlaDcz68+QavbGDAHbR7wn7VO3TWxuduHUQxUWhx9AfsEq4YsrOTS5zmcsJ
	2bsXELd2U2aYE+01PC6+dwV0KgT6uX82MmP420o/4mnouBxcJ85MUqKRETA2qnJdFUBwhW/5ze0
	K0CnypEBJjy/sAs/av1pzA+h3NhFh5u/lgD+ieRgIl4aBQDsiou8GJufMFvAB1OR3NP8SG3nyy5
	+Z6j232RcR77g0WuxJbQ107cCVDTZBPOcV53DVmM8Q65NcCalRCrXO3ZqrMzpqmQ3hrqhSRJdpO
	RtuGLKnqiJCrclJN4RkBxwGhSk2hlg/
X-Received: by 2002:a05:6000:1843:b0:429:d3c9:b8af with SMTP id
 ffacd0b85a97d-435695655a9mr20037653f8f.25.1768908267569;
        Tue, 20 Jan 2026 03:24:27 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.27
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:27 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 04/15] pseudo: Update to pull in openat2 and
 efault return code changes
Date: Tue, 20 Jan 2026 12:23:49 +0100
Message-ID: 
 <815c15ce5c8046718cadd82cdd5cd3d394d6987b.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229664

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Pulls in the following fixes:

 * makewrappers: Enable a new efault option
 * ports/linux/openat2: Add dummy wrapper
 * test-syscall: Add a syscall test
 * ports/linux/pseudo_wrappers: Avoid openat2 usage via syscall

which should fix issues with the tar CVE fix on Centos/Alma/Rocky 9 distros
that uses openat2 as well as the efault issue breaking rust based uutils.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51f1388dd1679a28ec3ca468cf16aa0ea32bccf9)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index c18318bd53..a1a00d1a95 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "d1db9c219abf92f15303486a409292237f1fc790"
+SRCREV = "9ce8c09980af23ebd4ebf072010469882d0459a6"
 PV = "1.9.2+git"
 
 # largefile and 64bit time_t support adds these macros via compiler flags globally

From patchwork Tue Jan 20 11:23:50 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79147
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 33808D2ED18
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com
 [209.85.221.51])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4240.1768908270133907424
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:30 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=lvMnz4h/;
 spf=pass (domain: smile.fr, ip: 209.85.221.51,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f51.google.com with SMTP id
 ffacd0b85a97d-432da746749so2716718f8f.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908268; x=1769513068;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6nsHFJJyhFfxcust3IyUfFncMeTpvs6PKeoV94eZSl8=;
        b=lvMnz4h/7n1WidbICaFMAgdtjr9oLvDtP/Osig20djOYhhspvXeIT6KDamy4+Nf3gG
         eMQoTA2CcWQOjV91gWenKS6/pLf5dmRbqzu+YQoUoLskpbgnDgdr9DSXCdALYSRdObLr
         l5JsfvSs+E/JsqFLLrEA8HajBFXcyYA6AM9rA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908268; x=1769513068;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=6nsHFJJyhFfxcust3IyUfFncMeTpvs6PKeoV94eZSl8=;
        b=OkGEUane1B+cjPj/N+7jKG62PmNm5oxRP/+3SG8Y1/bSrot3D8V4n/cf47cZJUteGW
         Fbey/I3hgJw+Y0r61yypCEAaT1nS8G9gd0y9nIHMBIgHDSG/pZVz3RUWifb8QoAWRjvY
         CGhydJOVBngn/bgWPz+m/FFnEL02mKUliCEntIuQP07b28vXCr4lm1CIZf5wc+PiAk5z
         20C5Uzsg5YrkeWMYaAoz4qnIyxtybIRB0Ei85UWQTSCLGX1O4/F7lS6XKqAJEwRyAf1o
         Hyo6ChvMLpJq1hBI/ZnC7DGM6uD+G0tlsZRMEgzm1infTtWxMdSR3qRMFqlSiAiE9aGg
         CSiA==
X-Gm-Message-State: AOJu0YztUnX0Hp9Sjpyu6P5nzt3ocCnZLZt7Aqlv2BBuuOIYg1IdetTg
	bs3NSUofd72RfzRjRua2Vps3AZjqMgP9TAvyLs+EZojEFmPquz2MCkR5UzmlXGxFvlrXr2NjDW+
	x5BYK
X-Gm-Gg: AZuq6aKj/SYfFzcyOS3xMnC6FTT7lhIENfUgXMK/hs4UhsqS67ZGGQvWhqzFDk897r2
	3mZQd7Yw0rmSOjrzQURUgPFXr5FpEjbGeeGa932ijzt9zzX15wBM82LrNPuDIK6rGz6QazpDWXw
	1Ohj0ofyScUSaxIDE1YzAqEDUT4nkSE6VAEAceKxKvh+nn8vWGHkDSw8ZOENbSnTJCbbMP0msNV
	IzzhrhBm0R4WQEZsSOvym06ixTzKb8uQ0ueQHZuTO2xoh2cZFCKSFG4jaDCIwAGswkE26RDouDr
	VU8T6F/YACB4UYOFm67304GQKJSh8WVmHxdIf5wzEPojiYCN8YeynqcJGx1YVd4Xcwo0Vxu1/rZ
	ra1ChewaJ+SOeGv0xlRjBd388Jow4WOHjjwIqSjjn49TaqkO//djJsK4aknjK1QRQVjpMA2U/aZ
	0J/e9NZWidO7NCnBh96KhLv/OBM31cQ4z8SGdA2Q37ZHTHYpY/DVetGqOi4OCudo+rzLfWAt4Zm
	n1AOG1K+sy07t68w/nfeLqtXFq3Fnai
X-Received: by 2002:a5d:5f96:0:b0:431:a0:7de0 with SMTP id
 ffacd0b85a97d-43569bc1928mr18502923f8f.35.1768908268121;
        Tue, 20 Jan 2026 03:24:28 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.27
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:27 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 05/15] pseudo: Update to pull in 'makewrappers:
 Fix EFAULT implementation'
Date: Tue, 20 Jan 2026 12:23:50 +0100
Message-ID: 
 <bf84ec942686138421cf69cc3fc5d62f970118e9.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229665

From: Richard Purdie <richard.purdie@linuxfoundation.org>

The pseudo update was causing hangs in builds, pull in the fix.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8acdbefd0a148c8b7713f46066ae8489984c5d2d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index a1a00d1a95..19b0d29b71 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "9ce8c09980af23ebd4ebf072010469882d0459a6"
+SRCREV = "125b020dd2bc46baa37a80784704e382732357b4"
 PV = "1.9.2+git"
 
 # largefile and 64bit time_t support adds these macros via compiler flags globally

From patchwork Tue Jan 20 11:23:51 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79148
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 49239D2ED17
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com
 [209.85.128.42])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4160.1768908270670495442
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:30 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=d0riLOuG;
 spf=pass (domain: smile.fr, ip: 209.85.128.42,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f42.google.com with SMTP id
 5b1f17b1804b1-4801eb2c0a5so33462895e9.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908269; x=1769513069;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=pPEcn3n9pZCwg+CuFT/EK68DS0Pl4FNwm2NbBmAVswM=;
        b=d0riLOuGIew9goQC4r53PRwW+WDWrq1i3Hiuh5MgSNONcDpxO3zt2S1DwlyzoUgeNq
         KTwju2KogU+kD0i/zgzA5HUXMcRvP2TOqtE9ugsM/wZFBSwtYN7ww3KY7Sgylw26uY5P
         erfmpGQ5Lm5ogxiBJg2ZYrBEncGga6nTjlWZs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908269; x=1769513069;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=pPEcn3n9pZCwg+CuFT/EK68DS0Pl4FNwm2NbBmAVswM=;
        b=npCm0ooxPXu4PyR7ZPE3ENk28/7+9ZIl/t4yLUfxE0lHnzXv9yHaOClCSw5qFBAykb
         +/P+Frgq/RsCiFj+MHS566L1J8vnIh8jnc8ea6mT86zx7mimw3JAIIvBZckdw/55OA/3
         SNbS+2lMUPUDO+XRJvIArtmaAeIhRahxNxfOdzzNsrQDE3eB+vMf5PthmEuQKu78IRf7
         Yxcu/QorW6P8GeVmn8mLVBrGEiKkZ5ZNaT8IJc9P6pHbnArDJ1lgjG/we/cYK/cAAAKl
         0beqBubjZkL9PMV29845+LybgaL+42AWF4+X6wVF348OXgBF3v9U1aXjO93skZuoUsJV
         riQQ==
X-Gm-Message-State: AOJu0Yx0q39c/hkN8MnAQq1rR82dBklVNBm3ii+2NxsV1Pb1bSRwYTwC
	ZKipHj1rnqsUzFlBMGUquIWV3jeC1YIdgByiMfnW/R2+mygDlA7GXtc8mCTIOAGyqGv6yPdzCVo
	qRGL5
X-Gm-Gg: AY/fxX61+Mhkr5yJUK0KZMy0TjaZb+QlxC8StamP/INRv/FsUAOuD6unawiJ4rJBjys
	m2pIsM1aZ+h9TZM5ovZvmU/YmiAtUbFNPFukorFZGWyjAYw7U0tjBrb6PkGuHZP03ZkzWeJggA0
	oy39Xs5cnOa4j8ecLicZJBiAJkyqej8pr2yG013RbdjXfd0M058S0EujO/v+mEZY5Xk/pqk+KMS
	AEAhOGjWFKuSoQH3xz/WNThU5/xpO+1Hqfa7jLu6kK5hz46s4Bd9G70aT9WAJhHlVAD+yITdWQW
	Vzv6Mx7ZiYQyAba9ojkfCHALESkaCH+oNar73XBZlG7PN1kIOC3f+UqxotBjxM2St0Un1IaINph
	QXBsbM17ccEVNhjQzzVxKquXKL1pqWCLkKLc5FDZOwtWOug3aArciaKmuHwOKCvC/QTnqfDWUxs
	aLk4RUSdOq5WpAN5LNhTHkf6hEXictZIaDYVq9sZCV31KV/1qLVn1k6q27t6jK2M/eAFJ+ugOOv
	yEk16OuHo/JVpn918eR1g==
X-Received: by 2002:a05:600c:414f:b0:480:20f1:7abd with SMTP id
 5b1f17b1804b1-48020f17c12mr141500745e9.31.1768908268647;
        Tue, 20 Jan 2026 03:24:28 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:28 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 06/15] ffmpeg: add a (possible) build race fix
Date: Tue, 20 Jan 2026 12:23:51 +0100
Message-ID: 
 <f7a10e2dd2cae4be6e5d18f239f4e6422bc2ffd7.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229666

From: Alexander Kanavin <alex@linutronix.de>

There's been an intermittent build fail that looks like a race:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=16000

While I can't say for sure if this is fixing the issue,
there's no harm in adding a backport that rearranges the
faulty code, and someone can then try to add a real fix on top
of it. Or the race goes away and we're good.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9dbd2141b52b24421927d64cd74ec43f6085c4f2)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 ...s-Fix-double-build-by-disabling-.d-f.patch | 78 +++++++++++++++++++
 meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb  |  4 +-
 2 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-fftools-resources-Fix-double-build-by-disabling-.d-f.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-fftools-resources-Fix-double-build-by-disabling-.d-f.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-fftools-resources-Fix-double-build-by-disabling-.d-f.patch
new file mode 100644
index 0000000000..20009c1022
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-fftools-resources-Fix-double-build-by-disabling-.d-f.patch
@@ -0,0 +1,78 @@
+From a789ffae9de93eb70c355a81f9dd2ebf5d6b17a7 Mon Sep 17 00:00:00 2001
+From: softworkz <softworkz@hotmail.com>
+Date: Mon, 23 Jun 2025 14:56:19 +0200
+Subject: [PATCH] fftools/resources: Fix double-build by disabling .d file
+ generation
+
+Signed-off-by: softworkz <softworkz@hotmail.com>
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f52d9dd8693bc4628520258f18f89b4a3bf85533]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ ffbuild/common.mak         |  6 ++----
+ fftools/Makefile           |  1 +
+ fftools/resources/Makefile | 12 +++++++++---
+ 3 files changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/ffbuild/common.mak b/ffbuild/common.mak
+index ddf4892..81e8a46 100644
+--- a/ffbuild/common.mak
++++ b/ffbuild/common.mak
+@@ -229,11 +229,9 @@ SKIPHEADERS += $(ARCH_HEADERS:%=$(ARCH)/%) $(SKIPHEADERS-)
+ SKIPHEADERS := $(SKIPHEADERS:%=$(SUBDIR)%)
+ HOBJS        = $(filter-out $(SKIPHEADERS:.h=.h.o),$(ALLHEADERS:.h=.h.o))
+ PTXOBJS      = $(filter %.ptx.o,$(OBJS))
+-RESOURCEOBJS = $(filter %.css.o %.html.o,$(OBJS))
+ $(HOBJS):     CCFLAGS += $(CFLAGS_HEADERS)
+ checkheaders: $(HOBJS)
+-.SECONDARY:   $(HOBJS:.o=.c) $(PTXOBJS:.o=.c) $(PTXOBJS:.o=.gz) $(PTXOBJS:.o=) $(RESOURCEOBJS:.o=.c) $(RESOURCEOBJS:%.css.o=%.css.min) $(RESOURCEOBJS:%.css.o=%.css.min.gz) $(RESOURCEOBJS:%.html.o=%.html.gz) $(RESOURCEOBJS:.o=)
+-
++.SECONDARY:   $(HOBJS:.o=.c) $(PTXOBJS:.o=.c) $(PTXOBJS:.o=.gz) $(PTXOBJS:.o=)
+ alltools: $(TOOLS)
+ 
+ $(HOSTOBJS): %.o: %.c
+@@ -252,7 +250,7 @@ $(TOOLOBJS): | tools
+ 
+ OUTDIRS := $(OUTDIRS) $(dir $(OBJS) $(HOBJS) $(HOSTOBJS) $(SHLIBOBJS) $(STLIBOBJS) $(TESTOBJS))
+ 
+-CLEANSUFFIXES     = *.d *.gcda *.gcno *.h.c *.ho *.map *.o *.objs *.pc *.ptx *.ptx.gz *.ptx.c *.ver *.version *.html.gz *.html.c *.css.gz *.css.c  *$(DEFAULT_X86ASMD).asm *~ *.ilk *.pdb
++CLEANSUFFIXES     = *.d *.gcda *.gcno *.h.c *.ho *.map *.o *.objs *.pc *.ptx *.ptx.gz *.ptx.c *.ver *.version *.html.gz *.html.c *.css.min.gz *.css.min *.css.c  *$(DEFAULT_X86ASMD).asm *~ *.ilk *.pdb
+ LIBSUFFIXES       = *.a *.lib *.so *.so.* *.dylib *.dll *.def *.dll.a
+ 
+ define RULES
+diff --git a/fftools/Makefile b/fftools/Makefile
+index b3c08ae..bdb44fc 100644
+--- a/fftools/Makefile
++++ b/fftools/Makefile
+@@ -36,6 +36,7 @@ OBJS-ffmpeg +=                  \
+     fftools/textformat/tw_buffer.o    \
+     fftools/textformat/tw_stdout.o    \
+     $(OBJS-resman)                    \
++    $(RESOBJS)                        \
+ 
+ OBJS-ffprobe +=                       \
+     fftools/textformat/avtextformat.o \
+diff --git a/fftools/resources/Makefile b/fftools/resources/Makefile
+index 8579a52..3c93648 100644
+--- a/fftools/resources/Makefile
++++ b/fftools/resources/Makefile
+@@ -4,10 +4,16 @@ clean::
+ vpath %.html $(SRC_PATH)
+ vpath %.css  $(SRC_PATH)
+ 
+-# Uncomment to prevent deletion during build
+-#.PRECIOUS: %.css.c %.css.min %.css.gz %.css.min.gz %.html.gz %.html.c
+-
+ OBJS-resman +=                     \
+     fftools/resources/resman.o     \
++
++
++RESOBJS +=                         \
+     fftools/resources/graph.html.o \
+     fftools/resources/graph.css.o  \
++
++
++$(RESOBJS): CCDEP       =
++$(RESOBJS): CC_DEPFLAGS =
++
++.SECONDARY: $(RESOBJS:.o=.gz) $(RESOBJS:.o=.c) $(RESOBJS:%.css.o=%.css.min) $(RESOBJS:%.css.o=%.css.min.gz) $(RESOBJS:%.html.o=%.html.gz) $(RESOBJS:.o=)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb
index ecaced7690..5e8d7bde55 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb
@@ -22,7 +22,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02 \
                     "
 
-SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz"
+SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
+           file://0001-fftools-resources-Fix-double-build-by-disabling-.d-f.patch \
+           "
 
 SRC_URI[sha256sum] = "b2751fccb6cc4c77708113cd78b561059b6fa904b24162fa0be2d60273d27b8e"
 

From patchwork Tue Jan 20 11:23:52 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79146
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 33765D2ED16
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com
 [209.85.128.53])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4161.1768908271185082069
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:31 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=AVfwwDE4;
 spf=pass (domain: smile.fr, ip: 209.85.128.53,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f53.google.com with SMTP id
 5b1f17b1804b1-47edd6111b4so47320965e9.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908269; x=1769513069;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6ka4VfRrbTEdIjhOQzmp+kFlQeiNqXiZkdU1c0mYem4=;
        b=AVfwwDE4pubPUNs/26GGQxAnE/MoLOqYPWLVTzGeQYRb0N0fyMY9gdNu1wVkpw6pI0
         WQrNhhULhNNz1QN9w7klthdq/t5EQtmN43xfS1TzR55I2E5UuT6kAq8gfuVTw5ObyPam
         94hsa6dKMjSX5L5clLdhEkt+bZrSB3TGRIus0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908269; x=1769513069;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=6ka4VfRrbTEdIjhOQzmp+kFlQeiNqXiZkdU1c0mYem4=;
        b=iBQFoqCKejI4Ee4PwVNk7Nt2eoQgGyrdVJKj/rsMbFoiYGUdik5v+N/6q9KJ/xfB1Y
         FfZKOMi0Hk93fZZrD1ZIFAJmQgKuJfLS9qNKI34auLfUIeh/ioTxzahxkPI3plK6AKQ9
         7mfz1TtgwVNZhUOzGZquuPJxypZpFrrDFlaQJzTRu0c0GllAuZUCrHZa4Q6DvIi3vmrL
         OjmNlTSUY0yO2nbxgmHqz+L0J7IxN7AjfQOV1DuyrUriEPM2FTdQyZT+AXmGSCrh2o2i
         oHuPf0ocHE/CsmbGBvTLx9DlFQRYVaR8A2EWAjCEaktVa6YGob5CLz+Z87ZElk+2zThU
         5qpA==
X-Gm-Message-State: AOJu0Yw00lq2gfyO3SrN816RqomNAri+zdyV77/CfQnptiM+ayaTOfJ2
	zJpdFV9cHRq1S5e0vfV5I2AkNPagG8swo1D08kDqErd6i7GQzgE0zp3Z3JXcfd0/9e9UOGoR6LW
	/4Dqp
X-Gm-Gg: AY/fxX7iZUo48xkz+KxkHpw2+6pt42H9TPaPb6IOGRjQEnHT2G7YcBpOvWk37mmTrmR
	kJdiY126HP3ydDobpRswB9bPONYBVZ+JjeS+GvJ6Q3c1nhUlQ3FNfhQUYbcNBKS89wx9jntS7l2
	G6I/BAfRgHslo9pHzlTC3+BO3WHLfoCFd9u1MyJH1h9Q6nFFXlotzypEKrkIf2+7z+Aq+zMsNPD
	Git9u9gMduOBOQodMhW77t4FILiCXj37hQpt50Chx3swS/1PEyR3XYbKgTEfxVuXF15kjjeIweh
	tdwadNwtoWcp72bOuLts4hkxqYVjdovldTGnpDhvoEIgjQOgUVq/zEVJXQExS/nodvSq1eX72H0
	rOL5I72VR6aaWK1mlvJAo5g5YVM7/6ygNoGYTI6kQQxE8U1sYrB7My5ulr0zNA1uTBl7RQATZ9i
	DHuC2m+L7yhDB9YpnHTDT1aNu+E+66Rqvv+W3cZtjBoGTis8y4nnGnQKM4HzBE4O2AHu9cIUlht
	/aJeoct+c4GtSawIx39AQZmiwq2/7dg
X-Received: by 2002:a05:600c:1c13:b0:47e:e414:b915 with SMTP id
 5b1f17b1804b1-48028a65fb7mr125999795e9.2.1768908269287;
        Tue, 20 Jan 2026 03:24:29 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:28 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 07/15] ffmpeg: fix a build race,
 hopefully for real this time
Date: Tue, 20 Jan 2026 12:23:52 +0100
Message-ID: 
 <21ecf1b5a0b6b664234f6d3bd39bf411ef57448e.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229667

From: Alexander Kanavin <alex@linutronix.de>

This should address [YOCTO #16000].

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 86396b85b4e8f6748885710e50428271cd3493a8)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 ...k-Consolidate-pattern-rules-for-comp.patch | 106 ++++++++++++++++++
 ...ak-ensure-target-directories-are-cre.patch |  43 +++++++
 meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb  |   2 +
 3 files changed, 151 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-ffbuild-commonmak-Consolidate-pattern-rules-for-comp.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0002-ffbuild-common.mak-ensure-target-directories-are-cre.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-ffbuild-commonmak-Consolidate-pattern-rules-for-comp.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-ffbuild-commonmak-Consolidate-pattern-rules-for-comp.patch
new file mode 100644
index 0000000000..6af9254d95
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-ffbuild-commonmak-Consolidate-pattern-rules-for-comp.patch
@@ -0,0 +1,106 @@
+From 95f1f05409fceb8b3615fa618554667a238f99a5 Mon Sep 17 00:00:00 2001
+From: softworkz <softworkz@hotmail.com>
+Date: Tue, 27 May 2025 23:24:20 +0200
+Subject: [PATCH] ffbuild/commonmak: Consolidate pattern rules for compression
+
+This commit simplifies and consolidates all the rules around
+ptx and resource file compression.
+
+Signed-off-by: softworkz <softworkz@hotmail.com>
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a125f5db03b86c03fffb9598bd6e2026ba2c7a97]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ ffbuild/common.mak | 43 +++++++++++++++++--------------------------
+ 1 file changed, 17 insertions(+), 26 deletions(-)
+
+diff --git a/ffbuild/common.mak b/ffbuild/common.mak
+index 81e8a46..0a60d01 100644
+--- a/ffbuild/common.mak
++++ b/ffbuild/common.mak
+@@ -115,6 +115,12 @@ COMPILE_LASX = $(call COMPILE,CC,LASXFLAGS)
+ $(BIN2CEXE): ffbuild/bin2c_host.o
+ 	$(HOSTLD) $(HOSTLDFLAGS) $(HOSTLD_O) $^ $(HOSTEXTRALIBS)
+ 
++RUN_BIN2C = $(BIN2C) $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) $@ $(subst .,_,$(basename $(notdir $@)))
++RUN_GZIP  = $(M)gzip -nc9 $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) >$@
++RUN_MINIFY = $(M)sed 's!/\\*.*\\*/!!g' $< | tr '\n' ' ' | tr -s ' ' | sed 's/^ //; s/ $$//' > $@
++%.gz: TAG = GZIP
++%.min: TAG = MINIFY
++
+ %.metal.air: %.metal
+ 	$(METALCC) $< -o $@
+ 
+@@ -122,61 +128,46 @@ $(BIN2CEXE): ffbuild/bin2c_host.o
+ 	$(METALLIB) --split-module-without-linking $< -o $@
+ 
+ %.metallib.c: %.metallib $(BIN2CEXE)
+-	$(BIN2C) $< $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ 
+ %.ptx: %.cu $(SRC_PATH)/compat/cuda/cuda_runtime.h
+ 	$(COMPILE_NVCC)
+ 
+ ifdef CONFIG_PTX_COMPRESSION
+-%.ptx.gz: TAG = GZIP
+ %.ptx.gz: %.ptx
+-	$(M)gzip -nc9 $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) >$@
++	$(RUN_GZIP)
+ 
+ %.ptx.c: %.ptx.gz $(BIN2CEXE)
+-	$(BIN2C) $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ else
+ %.ptx.c: %.ptx $(BIN2CEXE)
+-	$(BIN2C) $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ endif
+ 
+-# 1) Preprocess CSS to a minified version
+-%.css.min: TAG = SED
+ %.css.min: %.css
+-	$(M)sed 's!/\\*.*\\*/!!g' $< \
+-	| tr '\n' ' ' \
+-	| tr -s ' ' \
+-	| sed 's/^ //; s/ $$//' \
+-	> $@
++	$(RUN_MINIFY)
+ 
+ ifdef CONFIG_RESOURCE_COMPRESSION
+ 
+-# 2) Gzip the minified CSS
+-%.css.min.gz: TAG = GZIP
+ %.css.min.gz: %.css.min
+-	$(M)gzip -nc9 $< > $@
++	$(RUN_GZIP)
+ 
+-# 3) Convert the gzipped CSS to a .c array
+ %.css.c: %.css.min.gz $(BIN2CEXE)
+-	$(BIN2C) $< $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ 
+-# 4) Gzip the HTML file (no minification needed)
+-%.html.gz: TAG = GZIP
+ %.html.gz: %.html
+-	$(M)gzip -nc9 $< > $@
++	$(RUN_GZIP)
+ 
+-# 5) Convert the gzipped HTML to a .c array
+ %.html.c: %.html.gz $(BIN2CEXE)
+-	$(BIN2C) $< $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ 
+ else   # NO COMPRESSION
+ 
+-# 2) Convert the minified CSS to a .c array
+ %.css.c: %.css.min $(BIN2CEXE)
+-	$(BIN2C) $< $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ 
+-# 3) Convert the plain HTML to a .c array
+ %.html.c: %.html $(BIN2CEXE)
+-	$(BIN2C) $< $@ $(subst .,_,$(basename $(notdir $@)))
++	$(RUN_BIN2C)
+ endif
+ 
+ clean::
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0002-ffbuild-common.mak-ensure-target-directories-are-cre.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0002-ffbuild-common.mak-ensure-target-directories-are-cre.patch
new file mode 100644
index 0000000000..a27e30f710
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0002-ffbuild-common.mak-ensure-target-directories-are-cre.patch
@@ -0,0 +1,43 @@
+From 6cd4855ea3dd62e6eb36c0796f8cd7bd4aaae05c Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Thu, 11 Dec 2025 19:55:46 +0100
+Subject: [PATCH] ffbuild/common.mak: ensure target directories are created
+ before running shell redirects into them
+
+Otherwise, occasional build races have been observed:
+https://autobuilder.yoctoproject.org/valkyrie/#/builders/37/builds/3001/steps/13/logs/stdio
+
+/bin/sh: 4: cannot create fftools/resources/graph.css.min: Directory nonexistent
+mkdir -p fftools/graph
+/bin/sh: 1: cannot create fftools/resources/graph.html.gz: Directory nonexistent
+make: *** [/srv/pokybuild/.../ffmpeg-8.0.1/ffbuild/common.mak:165: fftools/resources/graph.html.gz] Error 2
+make: *** Waiting for unfinished jobs....
+make: *** [/srv/pokybuild/.../ffmpeg-8.0.1/ffbuild/common.mak:145: fftools/resources/graph.css.min] Error 2
+
+There's a separate rule for making those directories, but unfortunately
+it's racing with the rules that expect the directories to exist. Rather
+than add a Makefile dependency, I've injected the dir creation directly
+in front of commands that can otherwise fail - a proper fix would probably
+add the rule rather.
+
+Upstream-Status: Submitted [by email to ffmpeg-devel@ffmpeg.org,softworkz@hotmail.com,kasper93@gmail.com]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ ffbuild/common.mak | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ffbuild/common.mak b/ffbuild/common.mak
+index 0a60d01..346bb0a 100644
+--- a/ffbuild/common.mak
++++ b/ffbuild/common.mak
+@@ -116,8 +116,8 @@ $(BIN2CEXE): ffbuild/bin2c_host.o
+ 	$(HOSTLD) $(HOSTLDFLAGS) $(HOSTLD_O) $^ $(HOSTEXTRALIBS)
+ 
+ RUN_BIN2C = $(BIN2C) $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) $@ $(subst .,_,$(basename $(notdir $@)))
+-RUN_GZIP  = $(M)gzip -nc9 $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) >$@
+-RUN_MINIFY = $(M)sed 's!/\\*.*\\*/!!g' $< | tr '\n' ' ' | tr -s ' ' | sed 's/^ //; s/ $$//' > $@
++RUN_GZIP  = mkdir -p $(dir $@) && $(M)gzip -nc9 $(patsubst $(SRC_PATH)/%,$(SRC_LINK)/%,$<) >$@
++RUN_MINIFY = mkdir -p $(dir $@) && $(M)sed 's!/\\*.*\\*/!!g' $< | tr '\n' ' ' | tr -s ' ' | sed 's/^ //; s/ $$//' > $@
+ %.gz: TAG = GZIP
+ %.min: TAG = MINIFY
+ 
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb
index 5e8d7bde55..fdc16598d4 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb
@@ -24,6 +24,8 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://0001-fftools-resources-Fix-double-build-by-disabling-.d-f.patch \
+           file://0001-ffbuild-commonmak-Consolidate-pattern-rules-for-comp.patch \
+           file://0002-ffbuild-common.mak-ensure-target-directories-are-cre.patch \
            "
 
 SRC_URI[sha256sum] = "b2751fccb6cc4c77708113cd78b561059b6fa904b24162fa0be2d60273d27b8e"

From patchwork Tue Jan 20 11:23:53 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79143
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1EE4DD2ED15
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com
 [209.85.128.48])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4162.1768908271782690624
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=JhdrjVm9;
 spf=pass (domain: smile.fr, ip: 209.85.128.48,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f48.google.com with SMTP id
 5b1f17b1804b1-47ee3a63300so49560435e9.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908270; x=1769513070;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Qf7r5P8R6uL8XQgSzye11t9Rcr9MLD3C5DxPyoZco2k=;
        b=JhdrjVm97tq/uLOsfC/hxVTFK2zR0exiAklDXjmgO+ukcxWB5OUF11H49/fx1+16pG
         Yb5EHL/kagFUkDk/uB1OAsr4/VDK8HGSzi/9Tq/sBYEzJBB57RQw7ULtkmhfVT1inh1Q
         lkL/ycGZ6vXB8pPQMufQ739wRyfd86vhRH4rg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908270; x=1769513070;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=Qf7r5P8R6uL8XQgSzye11t9Rcr9MLD3C5DxPyoZco2k=;
        b=aVsWpLGtyi2c+poVT+of6IFN4h6n+pDDqIboDzEoEt0qEx+7Eje/lwcQdF7tpnjgoS
         +RG+lQDdoYco15hZiMa0TIR9o/xX8EaxPurn0y6y7gt2szsQoRBYCiMcMiPlwThnzXhK
         pk15yyIIH5+ECCwnTx3J8dZdm1weGF+ZNDaqyGRR7k4Kb39/ORzpYqnhZnyuVBu8s9ue
         f/KuyQPpEDx9/gsudG450n6Kj1u12sxCCh3rAbtG5tt5hyx+LiBCA8bgJmaTSEhP+Hzb
         9QP3rIbkB/rFbR6AsMtFy3pc0PLwuVoTzSVbM5mEjmr7NAbMKyYTlmvwEYvqc9XHpy+5
         R1/g==
X-Gm-Message-State: AOJu0YysmOB0eMo5+7wgij4vN+Tjd5Vs2zGRa0BhdPrmI2GlLjH+uuje
	Ci/oHwnmYgdqSBCNsRYnFBTpi4N/GK0U+0IByVe0kVwWRUN4dJkZkFSnkdj5amrlSaqblxp8qn8
	C8puu
X-Gm-Gg: AY/fxX6N+/BRtmTe+KsRIJl7bqT1UyBcRqy/Jth77bG1B8ZCO3JB4wWH89QLdWf9Keb
	hbErk+EX7Co/BlGmlUIsQYoE2ap1jYrh5q4rmgt+iDegTgE+n1WkTey3QjxBVbH474tne7RM29w
	JJdNiEIfV/fhy+my4sAOWSdlGbb6TymDdA456EiU0NSpQetn+IJAihxLDd9y93r0zQ53puM2a+H
	8oAQW9jux496YpNjGxXGPV5RMOJBQyluPi4RRZqmov10LRW7y8rZNdRQaEM/ybZ0ew+U460JWqc
	zsmpM/AskyOtLQ1akaDkO8EH8T8ILro7xhS1RYhjQtnaCSEBPxhr4ON7rqhI3jjQ+pz3jUSowgU
	Gx8nMgI3rJUp826pw/AXMMgzjig87WeJx/VSOxpZFB8XbkIWTaT0d21wTAVXIys/XBSx1SsnwRX
	KaxmZV4Fyw2z6PV1Zitw9IhAw5oWoR65L1xIkz0B6wKGRy8NDubQPTdnx9Ry5gGCWe97dKF8MTO
	CO0e86xPFe/yP0/ulVedsHuoWHk5wbp
X-Received: by 2002:a05:600c:4e15:b0:480:19ed:7efa with SMTP id
 5b1f17b1804b1-4803e8020fdmr21318485e9.36.1768908269800;
        Tue, 20 Jan 2026 03:24:29 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:29 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 08/15] selftest: devtool: Set PATH when running
 pseudo
Date: Tue, 20 Jan 2026 12:23:53 +0100
Message-ID: 
 <842f5a492d79f218e81c48acd02b6e06eaab0f70.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229668

From: Paul Barker <paul@pbarker.dev>

When running pseudo outside of bitbake, we need to use the same PATH as
we would use if we were running inside bitbake instead of the host
environment's PATH.

This is particularly important on Ubuntu 25.10 where 'ls' on this host's
PATH is provided by uutils and we have setup links in HOSTTOOLS_DIR to
ensure that the gnu coreutils implementation is used instead.

Fixes [YOCTO #16099]

Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8a264cb75ab456c22568b135c473064553e5321b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/lib/oeqa/selftest/cases/devtool.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 8d7e984753..c7bd1831a9 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -1843,11 +1843,12 @@ class DevtoolDeployTargetTests(DevtoolBase):
                 result = runCmd('ssh %s root@%s %s' % (sshargs, qemu.ip, testcommand))
                 # Check if it deployed all of the files with the right ownership/perms
                 # First look on the host - need to do this under pseudo to get the correct ownership/perms
-                bb_vars = get_bb_vars(['D', 'FAKEROOTENV', 'FAKEROOTCMD'], testrecipe)
+                bb_vars = get_bb_vars(['D', 'FAKEROOTENV', 'FAKEROOTCMD', 'PATH'], testrecipe)
                 installdir = bb_vars['D']
                 fakerootenv = bb_vars['FAKEROOTENV']
                 fakerootcmd = bb_vars['FAKEROOTCMD']
-                result = runCmd('%s %s find . -type f -exec ls -l {} \\;' % (fakerootenv, fakerootcmd), cwd=installdir)
+                path = bb_vars['PATH']
+                result = runCmd('PATH="%s" %s %s find . -type f -exec ls -l {} \\;' % (path, fakerootenv, fakerootcmd), cwd=installdir)
                 filelist1 = self._process_ls_output(result.output)
 
                 # Now look on the target

From patchwork Tue Jan 20 11:23:54 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79144
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1BDE5D2ED13
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4242.1768908272292366330
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=r3vdpZVi;
 spf=pass (domain: smile.fr, ip: 209.85.128.54,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f54.google.com with SMTP id
 5b1f17b1804b1-47ee301a06aso49164305e9.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908270; x=1769513070;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=h4XmcVxtoZGwu7MIe3A5UxcBHlD04m+rvAP56mN5duY=;
        b=r3vdpZViI8G2mwIrRpTrNK9oPCav60rqvixI44FEEne8vGhRvP+zOQdhvVh2nwdfNj
         sLhZnMSASRTo93XFvsXl/rIvcjkie0xLI6YvJY/Lev/iYBhlQcxLaE/5YvSdubx4G4P4
         RJupEyYPCk5UfXVnP1iMZewcKz6+lvSlJ4Es8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908270; x=1769513070;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=h4XmcVxtoZGwu7MIe3A5UxcBHlD04m+rvAP56mN5duY=;
        b=uJXa5sdujeZvUOSLndQIUgY1gCygHlOlWvDfJEKLg2c7nlVcY9bCod51WqQPYlOTJd
         sWhRgL+aCLNPkPWu1XsDU1AjiuczfmbVLi43FyooQH/JLdriHqIhdb6ntkWM1TxZhSip
         17ROrThr/vNexoEyWAFqxjXCLhIzr8nUqHxXzgPnoqKneA4QbBrI3aBsStq0uKsY40Q6
         P95uWpYV1FBLVWOSFnyah7+Swzx6KJ3zksTpPwCA9YYuqWUeZDbOLoG0XJ0Fr1lKZ3lu
         aLyDtNZcVQXrr12D586D8TKSlZMFS9z0ZaQvyse2H6d6tU1NIV8CCUlCMk8o+n79XuZw
         4ngA==
X-Gm-Message-State: AOJu0YyG48grTUDj/nA/VnmqsRYwpQo/TobW2zcPnavHjUYoEIqFduli
	RkCrkmk2R6zrYMHJM8nvlGKSFM7/dtweLsfdRf4u2vG4lzL9ncylF14A+Q9U1jJyT/w/9AN1mUC
	QLfRB
X-Gm-Gg: AY/fxX44Q01NiYoHYukw5WE6iewwOcLKfvKNRrh9W/hmMlAmIwp81L5moAmHUTDIgHF
	DAlzxeKmG0ktJAeURSpmHGG0KcUUsHSJOKjSZo1wLuEeSac/40C+ejPRg+Dg2xHCByJafM9eq0B
	hAehROUSX1si8i8CZdczeQmGNf/yl1KDO5U2Jqge6oAco/ZDkjaymBlB73DiVaMt86IRD+6fQxv
	du5KJVF3Q4n8C982H07nWtubbipUYL1LPtla6gLQn0Ulq2U0nJ1Qk58Yp36iGsXy2lXcOg4EV0j
	twCPYAV7dfw4+WqyCixMyyefSYKGHwutOx/Up5RWB9OE5CNloNEjL3zNKxQ0iXYngJmUzsCOfo8
	rMYbZc7g7TcDJpp3vVOqp/YaHrDGby9F8k5Hu/o/RPoJo2//WKrGpM8DWwoAmQITUSeGDTRURqC
	587/G4DtozD2nb8vejBRQohHsDRYiylRHw1qAdRiAhPW0c6ozfp7c+kJnyyIwxJY+kg9CXE6Ebh
	2DaoCb48xKsqOEGmXRX6A==
X-Received: by 2002:a05:600c:8685:b0:47a:975b:e3e6 with SMTP id
 5b1f17b1804b1-4801eb035e1mr119617085e9.18.1768908270444;
        Tue, 20 Jan 2026 03:24:30 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:29 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 09/15] curl: patch CVE-2025-13034
Date: Tue, 20 Jan 2026 12:23:54 +0100
Message-ID: 
 <db4e7bba77db09f1e53a92077a55fb4588fe4f3a.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229669

From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-13034.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-13034.patch            | 37 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-13034.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-13034.patch b/meta/recipes-support/curl/curl/CVE-2025-13034.patch
new file mode 100644
index 0000000000..0c3fe42509
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-13034.patch
@@ -0,0 +1,37 @@
+From 3d91ca8cdb3b434226e743946d428b4dd3acf2c9 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 14 Nov 2025 16:42:23 +0100
+Subject: [PATCH] vquic-tls/gnutls: call Curl_gtls_verifyserver unconditionally
+
+Closes #19531
+
+CVE: CVE-2025-13034
+Upstream-Status: Backport [https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vquic/vquic-tls.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/vquic/vquic-tls.c b/lib/vquic/vquic-tls.c
+index f4ef06c33b..46bb4c7d4c 100644
+--- a/lib/vquic/vquic-tls.c
++++ b/lib/vquic/vquic-tls.c
+@@ -168,13 +168,11 @@ CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx,
+   (void)conn_config;
+   result = Curl_ossl_check_peer_cert(cf, data, &ctx->ossl, peer);
+ #elif defined(USE_GNUTLS)
+-  if(conn_config->verifyhost) {
+-    result = Curl_gtls_verifyserver(cf, data, ctx->gtls.session,
+-                                    conn_config, &data->set.ssl, peer,
+-                                    data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
+-    if(result)
+-      return result;
+-  }
++  result = Curl_gtls_verifyserver(cf, data, ctx->gtls.session,
++                                  conn_config, &data->set.ssl, peer,
++                                  data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
++  if(result)
++    return result;
+ #elif defined(USE_WOLFSSL)
+   (void)data;
+   if(conn_config->verifyhost) {
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index 352f407d28..edae6ebb95 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -14,6 +14,7 @@ SRC_URI = " \
     file://run-ptest \
     file://disable-tests \
     file://no-test-timeout.patch \
+    file://CVE-2025-13034.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Tue Jan 20 11:23:55 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79141
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0F53AD2ED12
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com
 [209.85.128.48])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4164.1768908272911993506
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:33 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=SstLQTsA;
 spf=pass (domain: smile.fr, ip: 209.85.128.48,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f48.google.com with SMTP id
 5b1f17b1804b1-4801d7c72a5so27091105e9.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908271; x=1769513071;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=iCkZXbOYUY+8jeD7PaJWMDhrICPXKTTbVmavTeFyM6k=;
        b=SstLQTsAvhaqDDUaNTvVCUmG/Tcpf6BHau60y7V5JPz8KIqJ6t0EWN++44LXJf48ET
         gmhz7Agd613B1uvnNk5n4i85pUmMGijkSxK9BJHbgcN+8mthnnKwK7LobozxHTESZHsY
         Fy/L5IgjMq3+7B3xismFeM4FNp39wohgj76n4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908271; x=1769513071;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=iCkZXbOYUY+8jeD7PaJWMDhrICPXKTTbVmavTeFyM6k=;
        b=hTG4baPjvxOZrUGeVdyiLgJkSpy3eoaQzBu8BQIDHEYtTt+XCV8FZ60IPeTbERjv4R
         i4SBWbc+YZZbEoEym2k6X05AXevzwEQHsGjrpHXlB5h1wIFw/US0zDkosQavXTW1EUl3
         IoOpVxbJJWX4khGxZM8H6mXOguhC8aXgnl/O7QONjxSbblxnjYhAwCiAVahY3nCFxAAI
         /BO9ESc4WtkyqeUqBT75Q/Yztt9bK/UDtvDGArd0vD3bKchEcZGc6N/6ohtUXDX/f6Ze
         1AyxU73waTY/ueoRHit+PSfDw8xLRpXS833bemn8eZwH7+c+xiuFU/hKrzwflTu6wgbR
         aw6A==
X-Gm-Message-State: AOJu0YxNzdfAOr36Yf7G6rnJ8HPhFPzub9sv3HjGeXqtFicpHiW7ra+W
	jytkGTs+v6gNP0//Vd+T7aoVyWiYJ/gj82Fd1vgBDCLpKigHVPN2XFgaWoZ/GFH2Si7GIBGsOr5
	Xg5Ii
X-Gm-Gg: AY/fxX7hS6xwqqnO/jWdFbWrXVqjj0XLS6Yw7C+pZRgNdSCA3bie3bymtVBn9VB5xyP
	xL9iJvp7TZ0TVURcNobpiTuvonuKXeXhJT2xJEx0jziWmqKO4HAC6BWeaptThmsTfEySb9wb118
	9ViRlOr25GV66yipqCUAlBF95NGt1h9H1OQytoRDjdTlnsGtPGWgYfTU2C5eXo8eQxzntX+y23H
	+RdXiv0rxBBNeEq04RDA97n9f4uuoPWaa2buYWRDjWLMDc87PeDR+8TENwSrdD9AhPrI3WGmrZB
	6eZ2Sme5DWe+Lk2Oq/z5lb6ImzlKcXYhLIzT/gMbdKy02XnJN4ykLV9Dpc/fqfpNQlXlW6BVNWp
	wEjIduFmvxd+WTNCp33Bq8gWHh3koT4GUw7AihmW1GEIr+7RFe4ySLolmeDnwxaAuJ8M9Z3epbw
	z3zZzJPbdvXOvUJO5cTRAMNqM4snr7Q4e5GijQ87qbJcVNL1UfEMnJoR22XtegNAaX8/BN69dCi
	2Pr2H+Ut7vdBFKOxocKoA==
X-Received: by 2002:a05:600c:45d1:b0:477:7ae0:cd6e with SMTP id
 5b1f17b1804b1-4801eab5602mr171787235e9.5.1768908270913;
        Tue, 20 Jan 2026 03:24:30 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:30 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 10/15] curl: patch CVE-2025-14017
Date: Tue, 20 Jan 2026 12:23:55 +0100
Message-ID: 
 <f2b04c009267a57f97918787283b9a629cb50298.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229670

From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-14017.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-14017.patch            | 116 ++++++++++++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |   1 +
 2 files changed, 117 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-14017.patch b/meta/recipes-support/curl/curl/CVE-2025-14017.patch
new file mode 100644
index 0000000000..79be357ded
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-14017.patch
@@ -0,0 +1,116 @@
+From 39d1976b7f709a516e3243338ebc0443bdd8d56d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 4 Dec 2025 00:14:20 +0100
+Subject: [PATCH] ldap: call ldap_init() before setting the options
+
+Closes #19830
+
+CVE: CVE-2025-14017
+Upstream-Status: Backport [https://github.com/curl/curl/commit/39d1976b7f709a516e3243338ebc0443bdd8d56d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/ldap.c | 50 +++++++++++++++++++-------------------------------
+ 1 file changed, 19 insertions(+), 31 deletions(-)
+
+diff --git a/lib/ldap.c b/lib/ldap.c
+index 63b2cbc414..0911a9239a 100644
+--- a/lib/ldap.c
++++ b/lib/ldap.c
+@@ -382,16 +382,29 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+     passwd = conn->passwd;
+   }
+ 
++#ifdef USE_WIN32_LDAP
++  if(ldap_ssl)
++    server = ldap_sslinit(host, (curl_ldap_num_t)ipquad.remote_port, 1);
++  else
++#else
++    server = ldap_init(host, (curl_ldap_num_t)ipquad.remote_port);
++#endif
++  if(!server) {
++    failf(data, "LDAP: cannot setup connect to %s:%u",
++          conn->host.dispname, ipquad.remote_port);
++    result = CURLE_COULDNT_CONNECT;
++    goto quit;
++  }
++
+ #ifdef LDAP_OPT_NETWORK_TIMEOUT
+-  ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
++  ldap_set_option(server, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
+ #endif
+-  ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
++  ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+ 
+   if(ldap_ssl) {
+ #ifdef HAVE_LDAP_SSL
+ #ifdef USE_WIN32_LDAP
+     /* Win32 LDAP SDK does not support insecure mode without CA! */
+-    server = ldap_sslinit(host, (curl_ldap_num_t)ipquad.remote_port, 1);
+     ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
+ #else /* !USE_WIN32_LDAP */
+     int ldap_option;
+@@ -411,7 +424,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+         goto quit;
+       }
+       infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca);
+-      rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
++      rc = ldap_set_option(server, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca);
+       if(rc != LDAP_SUCCESS) {
+         failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
+               ldap_err2string(rc));
+@@ -423,20 +436,13 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+     else
+       ldap_option = LDAP_OPT_X_TLS_NEVER;
+ 
+-    rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
++    rc = ldap_set_option(server, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option);
+     if(rc != LDAP_SUCCESS) {
+       failf(data, "LDAP local: ERROR setting cert verify mode: %s",
+             ldap_err2string(rc));
+       result = CURLE_SSL_CERTPROBLEM;
+       goto quit;
+     }
+-    server = ldap_init(host, ipquad.remote_port);
+-    if(!server) {
+-      failf(data, "LDAP local: Cannot connect to %s:%u",
+-            conn->host.dispname, ipquad.remote_port);
+-      result = CURLE_COULDNT_CONNECT;
+-      goto quit;
+-    }
+     ldap_option = LDAP_OPT_X_TLS_HARD;
+     rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option);
+     if(rc != LDAP_SUCCESS) {
+@@ -445,16 +451,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+       result = CURLE_SSL_CERTPROBLEM;
+       goto quit;
+     }
+-#if 0
+-    rc = ldap_start_tls_s(server, NULL, NULL);
+-    if(rc != LDAP_SUCCESS) {
+-      failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
+-            ldap_err2string(rc));
+-      result = CURLE_SSL_CERTPROBLEM;
+-      goto quit;
+-    }
+-#endif
+-
+ #else /* !LDAP_OPT_X_TLS */
+     (void)ldap_option;
+     (void)ldap_ca;
+@@ -473,15 +469,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
+     result = CURLE_NOT_BUILT_IN;
+     goto quit;
+   }
+-  else {
+-    server = ldap_init(host, (curl_ldap_num_t)ipquad.remote_port);
+-    if(!server) {
+-      failf(data, "LDAP local: Cannot connect to %s:%u",
+-            conn->host.dispname, ipquad.remote_port);
+-      result = CURLE_COULDNT_CONNECT;
+-      goto quit;
+-    }
+-  }
++
+ #ifdef USE_WIN32_LDAP
+   ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+   rc = ldap_win_bind(data, server, user, passwd);
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index edae6ebb95..e0a9bae23d 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     file://disable-tests \
     file://no-test-timeout.patch \
     file://CVE-2025-13034.patch \
+    file://CVE-2025-14017.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Tue Jan 20 11:23:56 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79153
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7D23ED2ED1D
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com
 [209.85.221.42])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4166.1768908273503879804
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:33 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=fxEgNR3Z;
 spf=pass (domain: smile.fr, ip: 209.85.221.42,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f42.google.com with SMTP id
 ffacd0b85a97d-42fb6ce71c7so4638887f8f.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908272; x=1769513072;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=c01D/i4oW4SDXN+QEBgr4YOMlMNO/06UoXQ9QD8PhUw=;
        b=fxEgNR3ZxW4dFxG31EVtvHCXLQiTEf7bD7g6SiOeMSS8tFT9T5kMbtSBIFQHd9LvAm
         rGksOFpZrRHx2VDEiV2ziHLPmafw3FDY+b0Dhx9OwmUMg2vxJ2mS37Yn8nyxKF0E2uSq
         lNQbFTqJQ9XsG/HJLP3OTi8R+Y9w2Gwj+ndsY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908272; x=1769513072;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=c01D/i4oW4SDXN+QEBgr4YOMlMNO/06UoXQ9QD8PhUw=;
        b=Ut7ezooWGqZmUtJ9IrSHtskkop8hiSnxXUfHQh4Lsqg1VHwm1yFjSJToAnX1gH7+UE
         ZJXtlKJsKeheMjA8YN0fTuE1wKe9+7NK2XqRxHOaXCl/+4cW/54mceHz0rlwL0HJ+Zx9
         AJbK7ewKHVIPvP6ORsEMIe56leyUcy9Uvz/ne+aj810YhNe+PTNUyZguLNEIZhg+d4dx
         GlF/7+xUMSs24TAgeuDdMB6Y5ldUNCUMiH4eAiKcIC++Af4W0HXac8VsyV1PzC7+NA6r
         oWJx7dx9t5Hs6KmnaVJZuqGyFOCks6LUV1Hx2TjG1gGRsY8cQqMWZXgbukrleMqnJ7tQ
         N5ug==
X-Gm-Message-State: AOJu0YxPZ3NlTXZSOWcM8N/Yiz5QyNKMdc7tssyFN1t697LFoEF7hsER
	2myspzeMJZ4wlP9GNC7+DOMmhFvwsV9aRi3U/neJRP8YrJ1nkvMm0EPZjssC+UHP0pXakZLzU6Z
	wD2A+
X-Gm-Gg: AZuq6aK4slwDZtQkJ+bdQTVR7O6nGPAkZ4ZK7DB+384nMFtl00za8hY4lLisbZdQHeT
	AQA8yHbI4qls3qV8NP9Vab1h9+y8XRXmtXQT9Hnvr1M75nU5P/uWG75pLMKorZPgdrf0HJjYgF0
	DGAae91olDELwA4A1AbjYztHckS+OFSvrmwKm1DV0h06bT+Md7nJcLmyxKsexm28iTAcIft02jA
	CsMHwx/G5FNGT+ZMmd3R0zYjUuD5R9AWSCfYF1T4VDei8+QKNBcVIinGqj8eBdwGYG563nJnEeg
	cDJLsm7VToxf4Xyjuyv+6dtSmZAeiRebNYZWLb8dUGcHkKlh4dkoYIDvlfeXgYyToB19t4e/vGZ
	WttDFLePJaM5BW4XdxxTQujAgyAabcVOsQ10lVB0Vgw1cZzzeFieNhZ9uI3LEvm8q+CetVY5CwW
	swxcFf2kC9k6shPl/t2wi5G6IW25hCrIe+fWzFmC2siQ9K/SA78CX6kxnRbvd+zTzJGyqS7E4/n
	rBb8IKFC6OB3OLOTFwpwkEKqKlUPpv7
X-Received: by 2002:a05:6000:400f:b0:431:8f8:7f31 with SMTP id
 ffacd0b85a97d-43569bd6a3fmr20280275f8f.56.1768908271603;
        Tue, 20 Jan 2026 03:24:31 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:31 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 11/15] curl: patch CVE-2025-14524
Date: Tue, 20 Jan 2026 12:23:56 +0100
Message-ID: 
 <9c1402e7b38194b7daf1ddffe79a5f8dfe3d3ae4.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229671

From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-14524.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-14524.patch            | 40 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-14524.patch b/meta/recipes-support/curl/curl/CVE-2025-14524.patch
new file mode 100644
index 0000000000..c70dd0a04d
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-14524.patch
@@ -0,0 +1,40 @@
+From 1a822275d333dc6da6043497160fd04c8fa48640 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 10 Dec 2025 11:40:47 +0100
+Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer
+
+Closes #19933
+
+CVE: CVE-2025-14524
+Upstream-Status: Backport [https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/curl_sasl.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
+index 3e4bafc19a..b93bafbefa 100644
+--- a/lib/curl_sasl.c
++++ b/lib/curl_sasl.c
+@@ -456,7 +456,9 @@ static bool sasl_choose_ntlm(struct Curl_easy *data, struct sasl_ctx *sctx)
+ 
+ static bool sasl_choose_oauth(struct Curl_easy *data, struct sasl_ctx *sctx)
+ {
+-  const char *oauth_bearer = data->set.str[STRING_BEARER];
++  const char *oauth_bearer =
++    (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
++    data->set.str[STRING_BEARER] : NULL;
+ 
+   if(sctx->user && oauth_bearer &&
+      (sctx->enabledmechs & SASL_MECH_OAUTHBEARER)) {
+@@ -481,7 +483,9 @@ static bool sasl_choose_oauth(struct Curl_easy *data, struct sasl_ctx *sctx)
+ 
+ static bool sasl_choose_oauth2(struct Curl_easy *data, struct sasl_ctx *sctx)
+ {
+-  const char *oauth_bearer = data->set.str[STRING_BEARER];
++  const char *oauth_bearer =
++    (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
++    data->set.str[STRING_BEARER] : NULL;
+ 
+   if(sctx->user && oauth_bearer &&
+      (sctx->enabledmechs & SASL_MECH_XOAUTH2)) {
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index e0a9bae23d..ad9b7c9ab7 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -16,6 +16,7 @@ SRC_URI = " \
     file://no-test-timeout.patch \
     file://CVE-2025-13034.patch \
     file://CVE-2025-14017.patch \
+    file://CVE-2025-14524.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Tue Jan 20 11:23:57 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79152
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88E33D2ED1C
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:34 +0000 (UTC)
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com
 [209.85.221.44])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4167.1768908273991089872
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:34 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=2j6xkd0/;
 spf=pass (domain: smile.fr, ip: 209.85.221.44,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f44.google.com with SMTP id
 ffacd0b85a97d-42fb2314eb0so4271513f8f.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908272; x=1769513072;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=90ZvZMaaJ1sabYIEZdeZgTGC8ZA4Xpf9i/L6Cdqd4KU=;
        b=2j6xkd0/UREaRSSeYOwQnq5IewV2uTWFUmUwIjWur0pB4cjdvNco2PlbhpbM0aTYzn
         vg3szQC/TYt9CUF4BFhKyrnvDcjL7MC/ZS5pDa7Rmwh4U/3w9PWequHjxU8yQe6HYCTA
         S9IumUNzLO43PahQIUtyjVCZAsb6oxUsc3gxM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908272; x=1769513072;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=90ZvZMaaJ1sabYIEZdeZgTGC8ZA4Xpf9i/L6Cdqd4KU=;
        b=FX98mg8E/5PJDC4YJ9RsR4FZJY1uSI0/kkS+xO7rdORUsUV21DRgLCYrk3rh6DPSiA
         sWW87LQG8WGl8ffD9VFz7FLrLq+2Z/K88R9A5FAdZeWj6cdd8qPyvGZYo0Yu2pM8tekn
         Wgvph8Y9xKl5quHtdbBb692y6lW/9EkHpuVw6GJWFxlIVCa+HDnn0rKoicOCfHBOSvVj
         +91Lu9tCvK45cOu5O/60PoAu7rC4SNLfsugkvorQMktckuZIFHO5en+ZE4SLnfL8JRFb
         4zV0u8Y/JYBr+AC3QRelk7oDOMDowWctgbrK8j9MoPJ8fa7mI7VutNZVteHK/BXOd2Ij
         fWVA==
X-Gm-Message-State: AOJu0YyhxfXww6MxO87DH3vfCFzIHyHMv53inSjH409dAqmnZ4nt9cJW
	V7fLY7vrpXVNJ3zQ8WbnhJp0Hye0H58Injd145xGEzoN9ude9+JV8cNgAelLemuJjMX2OukAh1I
	VlmsP
X-Gm-Gg: AZuq6aLpAoQ++fLeNGQkVDA/khsKSCT0cGLadnbTDPRhM4aJVb0PyN+QEagAZ+NK/A1
	safnPgjSvVnsajNrFy8kvxQSQZlnJta4j87kx4ctRao3ZthI3WJ3rOg/6nnfnK5KvacJPYuFhkm
	BMawGsVgS2smqtsxKvsZFZlkqm5kBjXy5j7NHpTpOzaI0Vp+oWEq3rKGgc1Zk2JwiAJU1CHCL2Z
	hAH/9FI5KOaAkW6vzJ+mb/L/mVWuV6C2RA1LJuT3AoeOxnLtFr6ps0aiw9DSDsRbmgTxTId6h9q
	FSS1zqaE714gxm7jBCexwKiIRBKs8uaUW9FnNOK/7O42kQxTLyPkYfO+2t1HreXrtY7ksEtq4nC
	Dr9ymHWAs5dDPXNcgYdYU5vmBGTq+nVDe4+wZeFzNZDyNn1FybGz2fBv7OpTD4GSNXQwzyCkPMg
	iLd14iN7rtqr4FPG9XEs6/ImWPuwLeR8dzpOp2Sz4Pao0i+8eGNp66JUaBaXXLnf8413O2e26IE
	7aSSf+FlZwJ4JEA2LQYPAmWkYjxranC
X-Received: by 2002:a5d:5d8a:0:b0:430:fdb8:8510 with SMTP id
 ffacd0b85a97d-4358ff3212cmr2468319f8f.24.1768908272127;
        Tue, 20 Jan 2026 03:24:32 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.31
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:31 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 12/15] curl: patch CVE-2025-14819
Date: Tue, 20 Jan 2026 12:23:57 +0100
Message-ID: 
 <2aa6e662c52bddae3d64672d498e9841d51c19dd.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229672

From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-14819.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-14819.patch            | 73 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |  1 +
 2 files changed, 74 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14819.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-14819.patch b/meta/recipes-support/curl/curl/CVE-2025-14819.patch
new file mode 100644
index 0000000000..204f1d48f4
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-14819.patch
@@ -0,0 +1,73 @@
+From cd046f6c93b39d673a58c18648d8906e954c4f5d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 17 Dec 2025 10:54:16 +0100
+Subject: [PATCH] openssl: toggling CURLSSLOPT_NO_PARTIALCHAIN makes a
+ different CA cache
+
+Reported-by: Stanislav Fort
+
+Closes #20009
+
+CVE: CVE-2025-14819
+Upstream-Status: Backport [https://github.com/curl/curl/commit/cd046f6c93b39d673a58c18648d8906e954c4f5d]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vtls/openssl.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index a7f169d641..7563d9a090 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -3560,6 +3560,7 @@ struct ossl_x509_share {
+   X509_STORE *store;    /* cached X509 store or NULL if none */
+   struct curltime time; /* when the cached store was created */
+   BIT(store_is_empty);  /* no certs/paths/blobs are in the store */
++  BIT(no_partialchain); /* keep partial chain state */
+ };
+ 
+ static void oss_x509_share_free(void *key, size_t key_len, void *p)
+@@ -3594,12 +3595,16 @@ ossl_cached_x509_store_expired(const struct Curl_easy *data,
+ 
+ static bool
+ ossl_cached_x509_store_different(struct Curl_cfilter *cf,
++                                             const struct Curl_easy *data,
+                                  const struct ossl_x509_share *mb)
+ {
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
++  struct ssl_config_data *ssl_config =
++    Curl_ssl_cf_get_config(cf, CURL_UNCONST(data));
++  if(mb->no_partialchain != ssl_config->no_partialchain)
++    return TRUE;
+   if(!mb->CAfile || !conn_config->CAfile)
+     return mb->CAfile != conn_config->CAfile;
+-
+   return strcmp(mb->CAfile, conn_config->CAfile);
+ }
+ 
+@@ -3618,7 +3623,7 @@ static X509_STORE *ossl_get_cached_x509_store(struct Curl_cfilter *cf,
+                                  sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL;
+   if(share && share->store &&
+      !ossl_cached_x509_store_expired(data, share) &&
+-     !ossl_cached_x509_store_different(cf, share)) {
++     !ossl_cached_x509_store_different(cf, data, share)) {
+     store = share->store;
+     *pempty = share->store_is_empty;
+   }
+@@ -3657,6 +3662,8 @@ static void ossl_set_cached_x509_store(struct Curl_cfilter *cf,
+ 
+   if(X509_STORE_up_ref(store)) {
+     char *CAfile = NULL;
++    struct ssl_config_data *ssl_config =
++      Curl_ssl_cf_get_config(cf, CURL_UNCONST(data));
+ 
+     if(conn_config->CAfile) {
+       CAfile = strdup(conn_config->CAfile);
+@@ -3675,6 +3682,7 @@ static void ossl_set_cached_x509_store(struct Curl_cfilter *cf,
+     share->store = store;
+     share->store_is_empty = is_empty;
+     share->CAfile = CAfile;
++    share->no_partialchain = ssl_config->no_partialchain;
+   }
+ }
+ 
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index ad9b7c9ab7..948769e0fb 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -17,6 +17,7 @@ SRC_URI = " \
     file://CVE-2025-13034.patch \
     file://CVE-2025-14017.patch \
     file://CVE-2025-14524.patch \
+    file://CVE-2025-14819.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Tue Jan 20 11:23:58 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79155
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 81C80D2ED12
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:44 +0000 (UTC)
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4243.1768908274428093724
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:34 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=LpBJWtQ3;
 spf=pass (domain: smile.fr, ip: 209.85.128.54,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wm1-f54.google.com with SMTP id
 5b1f17b1804b1-47f5c2283b6so34481995e9.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908272; x=1769513072;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VPulKy/C1VP+9SqSVi1V+0QH8p350DhbDOk/pYXHLhI=;
        b=LpBJWtQ3uQWHkc2+w+qRs5+6YT9eaFaj4M4hX1JN05U6OmWfkbTVjCkwBbd3lpulBt
         k0K0nAUEIqQjrmtJusQK8zjves78m4y3HWjmAuaF4vOI8VNnBmmbedNQhYCHGgeuGOM4
         fTbiSMNQ+n9VHPKVRGEhgbMp/vQnyCwYWx+WI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908272; x=1769513072;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=VPulKy/C1VP+9SqSVi1V+0QH8p350DhbDOk/pYXHLhI=;
        b=LQ9EPFFbvyhHv807KUkLrJntO9EqYzncmx1de6Rr7QyyBXJ6eYae8Xuf6LxaSetkR7
         VbIbQxXcxO5uFYEt9Vfdk9FF7y9BdOMafbNJtj5Y6D8R/3rh/dXTrvxnU0ylmJguulHT
         1IGfuLd5dLGgpCYYa7gp3e+tIXEMfrt3pjUCRQvWdHJGOsjGPhPqpkGCV1LZZB7lA/eT
         QBognYmtXY/nsfVmJ23OUaO3vd2ZJwjbuxMpXOWjUunLNC8vZLYq38O3qAkHmhHIlw1Z
         iLbPdiaAfS2lDGA+cUYsQ+HWjZebZsVtvoT4VdN9pF6eovt+bixzzcdLRudQqcSF7mdj
         qmnQ==
X-Gm-Message-State: AOJu0YwBpQyp5aBsuocBgnFeZJbLChxTcS9EhgX6+l3rc+jEFZocxYFL
	evBrc2qTjGk2v8kaXPefhC96JWDVa+tT9KUl/n123xsm5Mdwu155T6l8vkYVHHZf4vvH98PIcC+
	lDaKR
X-Gm-Gg: AY/fxX5xIzTSsNQwH3PSS+bZhIgYHmZ3528E4cz0uzhnqbnO+qEk7SxEAwYK5tiPl+r
	UFCW3Ojjf2/uiPnU9E+CdUb7847D8QJFzcCVwij9s9NqLafUZHSR8KI/nUi8UrBxbHm+R9Ffqxi
	mKCYy7AIUUwXa4s9HDLDmAw++kIGmLGusaxtMg5yJwW2HHDCiS47UfkYooDTU6BOr1XZFxn8nmt
	/NepB53GaciLgNUPT4BHo1cJb9gPuGx3/7u82xl+7TpFiVa0QZY8imIlQqcAtFLufM9RMG4Xjb8
	sLx9cZVKR+BMfL2vKZHlNvK5vI9xhqa/3laARVGm+YvaKJE/hcv6fH8FRhsdNDIJTwrhjitJqA2
	KYTi427Xt0Fsf32vYu/nsIJ3Rte3870dR5rF0vHn7jI+5JaLpLzqPhTApFGbhfexO+29bsa1o3H
	bop5qCjiqGZFGJmWP7TZlxmktVFyntNcqpSKoqYOl9Av/y54YDckFTnN0Q7eqDzsY0pt9zfZ2r9
	BqW2x1kNywcaqij1PInaA==
X-Received: by 2002:a05:600c:a310:b0:47e:e712:aa88 with SMTP id
 5b1f17b1804b1-4803e7f0e2cmr17489565e9.31.1768908272543;
        Tue, 20 Jan 2026 03:24:32 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:32 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 13/15] curl: patch CVE-2025-15079
Date: Tue, 20 Jan 2026 12:23:58 +0100
Message-ID: 
 <48aab84b3f6d0ba5850f11aa4d90d26f23ae9915.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229673

From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-15079.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-15079.patch            | 32 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-15079.patch b/meta/recipes-support/curl/curl/CVE-2025-15079.patch
new file mode 100644
index 0000000000..2320e56d68
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-15079.patch
@@ -0,0 +1,32 @@
+From adca486c125d9a6d9565b9607a19dce803a8b479 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 24 Dec 2025 17:47:03 +0100
+Subject: [PATCH] libssh: set both knownhosts options to the same file
+
+Reported-by: Harry Sintonen
+
+Closes #20092
+
+CVE: CVE-2025-15079
+Upstream-Status: Backport [https://github.com/curl/curl/commit/adca486c125d9a6d9565b9607a19dce803a8b479]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vssh/libssh.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 7d5905c83d..98c109ab59 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -2670,6 +2670,11 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done)
+     infof(data, "Known hosts: %s", data->set.str[STRING_SSH_KNOWNHOSTS]);
+     rc = ssh_options_set(sshc->ssh_session, SSH_OPTIONS_KNOWNHOSTS,
+                          data->set.str[STRING_SSH_KNOWNHOSTS]);
++    if(rc == SSH_OK)
++      /* libssh has two separate options for this. Set both to the same file
++         to avoid surprises */
++      rc = ssh_options_set(sshc->ssh_session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
++                           data->set.str[STRING_SSH_KNOWNHOSTS]);
+     if(rc != SSH_OK) {
+       failf(data, "Could not set known hosts file path");
+       return CURLE_FAILED_INIT;
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index 948769e0fb..a0022f3a3f 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -18,6 +18,7 @@ SRC_URI = " \
     file://CVE-2025-14017.patch \
     file://CVE-2025-14524.patch \
     file://CVE-2025-14819.patch \
+    file://CVE-2025-15079.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Tue Jan 20 11:23:59 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79156
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 881FCD2ED0F
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:44 +0000 (UTC)
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com
 [209.85.221.43])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.4168.1768908275061883636
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:35 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=AaDuFRJL;
 spf=pass (domain: smile.fr, ip: 209.85.221.43,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f43.google.com with SMTP id
 ffacd0b85a97d-432755545fcso2994928f8f.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908273; x=1769513073;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=caeEUam+4SDwAj9PiXIWQvz7DkU63+3j1U9pf3E76+Y=;
        b=AaDuFRJL1IqIem97TiaAleMZ4ZKsxGDiXjOakiGQ3oPyLO+A1X1yts7C5/CleXWOVa
         bKmvtGZv7VFaSfYVANMAVxGJrBspPMLPBGstqDuyAQAr/WcvESaTY/tWogCUgeiHfkT8
         im7wCNkh+YV+GcyECbelJj0zxAWpmU7SnHF8c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908273; x=1769513073;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=caeEUam+4SDwAj9PiXIWQvz7DkU63+3j1U9pf3E76+Y=;
        b=RTFWf3RdFLxq9oOVJyFFdyZXEhcTeSoBz+1lSplUMtIfmRrZ1Tr5xY2muIV9D5bHhs
         UuqQfHeujmjYXfkFjWFT408A1zp6p8fHYA7jYBuNOQmvue8tOvI2xSt/vR53xwfj0m2g
         nOVEZ1t2n/wEGP64/a4PjqGg32Gq9O+SVmbhgYy+0u66p2fYWggSBtdRfKpWHu/IfpAd
         ZrKknn3NtkbSICSxBTvyS+7I5pGBig7xnnjhf5aSjaBjFmbhHkTB9YdKmg38wJAFoHcc
         dY7fjC0l0TdrwBQ+XcuFTCDKrPCVRRCE+Qu7kVcV1xYk3BcXMtVHXS9eKvtIKcfIbfeE
         CQ4A==
X-Gm-Message-State: AOJu0YwI7tV0Pfi5yvIy9TTcP30LjCmFNZozYwWocilxtgW2ZIb+Ixeg
	9292jwcYasdLUWRjKMYLtHNM1RoibzMBKKSDahPsfIZGMZ3QYp6xO/PGS6VlW+I+Pvq9bhTImr6
	4rTgA
X-Gm-Gg: AZuq6aJsfDSa2GMEDS8pZFlTYbCqg5ZnKLRjRvscJEFBlKK5lQovbC8YrQv5/Hz564t
	RssH2kZT1P6FJYG1ihya/n1M+9c1A1AAcGFfrmXKZtmOYWMcqDBczMcg5y+EGZtPo77qJBmSoN+
	b74EV0UXAHLrun8utxpOcosJoHYdLoK033+FXNntZehs1bMfwhWtMeNyK7xiS2GuQoWz1JhxcRo
	+uGiCvd7+NT8rovG2L+addxyAMA0/jHYvSScdnOzHxqwSNHtWLwd8ko+SIr1EJQT7artFYpkKuv
	MbOcH3l4JdmaPtYaWcFNaFAx9zDsfWL3WzOll6RuD0S0s9u/qYWl8kicXGXTbp23A5yXtfHYydV
	EwTMFIqyqz08sfuPBwjo6SFABVI6SW1YZsamG0vynzc8na1p+D815x9SpHiQIanOkNtyFjTXtCA
	RZDLq4WGLS74AKC3bbTt93PEQYBYd7utxc67ufD9f4mDiZUV4lIpYWocgB/ynLV6rt3B4p+LSYS
	cpwEFxzFKzYYFCXam0zYg==
X-Received: by 2002:a5d:5f94:0:b0:431:1d4:3a8a with SMTP id
 ffacd0b85a97d-43569972d22mr17455393f8f.7.1768908273089;
        Tue, 20 Jan 2026 03:24:33 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.32
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:32 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 14/15] curl: patch CVE-2025-15224
Date: Tue, 20 Jan 2026 12:23:59 +0100
Message-ID: 
 <d6ba218162c400acb8d60dd795d2d3ba20b1fb8f.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229674

From: Peter Marko <peter.marko@siemens.com>

Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-15224.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-15224.patch            | 31 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.17.0.bb      |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-15224.patch b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
new file mode 100644
index 0000000000..a8308b87a1
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
@@ -0,0 +1,31 @@
+From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Mon, 29 Dec 2025 16:56:39 +0100
+Subject: [PATCH] libssh: require private key or user-agent for public key auth
+
+Closes #20110
+
+CVE: CVE-2025-15224
+Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vssh/libssh.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 5d5125b526..bde6355f73 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -935,7 +935,11 @@ static int myssh_in_AUTHLIST(struct Curl_easy *data,
+           "keyboard-interactive, " : "",
+           sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD ?
+           "password": "");
+-  if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
++  /* For public key auth we need either the private key or
++     CURLSSH_AUTH_AGENT. */
++  if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
++    (data->set.str[STRING_SSH_PRIVATE_KEY] ||
++     (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
+     myssh_to(data, sshc, SSH_AUTH_PKEY_INIT);
+     infof(data, "Authentication using SSH public key file");
+   }
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
index a0022f3a3f..739838c3e8 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -19,6 +19,7 @@ SRC_URI = " \
     file://CVE-2025-14524.patch \
     file://CVE-2025-14819.patch \
     file://CVE-2025-15079.patch \
+    file://CVE-2025-15224.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \

From patchwork Tue Jan 20 11:24:00 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoann Congal <yoann.congal@smile.fr>
X-Patchwork-Id: 79154
Return-Path: <yoann.congal@smile.fr>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 81964D2ECF7
	for <webhook@archiver.kernel.org>; Tue, 20 Jan 2026 11:24:44 +0000 (UTC)
Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com
 [209.85.221.44])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.4245.1768908275595273540
 for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:35 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@smile.fr header.s=google header.b=xSD0FE8t;
 spf=pass (domain: smile.fr, ip: 209.85.221.44,
 mailfrom: yoann.congal@smile.fr)
Received: by mail-wr1-f44.google.com with SMTP id
 ffacd0b85a97d-42fbbc3df8fso2837812f8f.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 20 Jan 2026 03:24:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smile.fr; s=google; t=1768908274; x=1769513074;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=IjYg8/cKk0NNwhQAPrABSAmyDrCqhO1DyhX1lDbRscE=;
        b=xSD0FE8t7GvpHp+rBS1eGykUf0f2cpLIU3+xbtNiY9IOimtOlCzWkG2vVHars/XcbU
         2fPLSTMalv78LlAiTGWjtpHnD7y85NviLzojQ01HxuPR0sMvxELjaEppflGzRmEGM+u1
         P5sznvHaDUnZHxRuXCUVnxxdHc/dAFo5Co4Ns=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768908274; x=1769513074;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=IjYg8/cKk0NNwhQAPrABSAmyDrCqhO1DyhX1lDbRscE=;
        b=b/Rmb9XLRF0IFtxiTeD4XVYTjCvC/mr3pqzW7Jmq7xAcgsG14y5KTizrMeOL5MDJVz
         ecvGXWXhf6O8U+0YXzN2zHnn++8QXn3UQhwHsoSlbAAt6v+20OcHO9rpK3nzy8Pu5eF3
         vZYe47F1JTNsfRPIQJvY/jMlXhjGJNQSq5ZW6CILRNnQmKxRxCoHW1SXGNSeBk9oH/xN
         G4lkxyu5kezPez1NWStFVsDZ4KSY6uJRUyMWvO0KBDP017JV/1D6iW7N/+HaCgkMOtHm
         jBNBkONwv+TUCBmM6n5vE3tK9aZjSwcR1XMflUPbWqsAho15+dnnUBRFA/At1L6jM0Rf
         PBBQ==
X-Gm-Message-State: AOJu0YwtzfyLoclLqdwXibhOMr9b85sqsWb9Jutgc/tRq57Z/SvXrRid
	P5zSyx0zg3aaISpVh9S6astSloSwCY5W7WFkEyUQzQLzooElJlQdfJIYCl/n5Bejknn+zeVWvok
	DYBCF
X-Gm-Gg: AZuq6aJhO6nWP1VWeH1MGvZ3TFs1cOX+pATTljedUtKfy2E1NMopoOGCrndLcyUDpru
	ukXIqyWDh7y/coChmRo5vzmck4oe9nEiMbpJFXvoZjgCHPULGJQjHI/ix0SA9g3R7q0xGaUe8uD
	b9jzzaN3ihMZTHmgq9AtwgX1uli9DvgsLrsxT6HXEWh20dJ+NltBSSWYNBP8YcIV7hs9RNZ07hK
	g7BpMURX9JXbhWP+zavycD3q8f7tp3iWRVcKU8Xk5y+fR5WnzRcMxQJa8A6FwCM9v3WCEHbK73B
	Ygnktf+SnjXOcecnrHG/611H/uq0CzKhnQE98H8F+jOraXdX9UtUuQXT3Fh7aJOj3ADS5ym0atw
	APtqO5Gp+96j2SqhEmbBwWOr1ql7bs7HuoiYOV7gbPFfP6PEsWYiQWxS+RO0EVZVfO6cpRpQlYl
	TsnyYKOm1+k3uTGxzD7qRvN/zLrcx3tbYhXXbDEYuurytWWfPmZG2fbYAhCbeCoAAfwNdbCor3V
	ZlsqViiNBsIiN2FCEM6Nw==
X-Received: by 2002:a5d:5f43:0:b0:430:f3fb:35ea with SMTP id
 ffacd0b85a97d-4358ff44565mr2126793f8f.18.1768908273704;
        Tue, 20 Jan 2026 03:24:33 -0800 (PST)
Received: from FRSMI25-LASER.idf.intranet
 (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-43569921df9sm29558435f8f.3.2026.01.20.03.24.33
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 20 Jan 2026 03:24:33 -0800 (PST)
From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 15/15] libarchive: upgrade 3.8.4 -> 3.8.5
Date: Tue, 20 Jan 2026 12:24:00 +0100
Message-ID: 
 <e7891f39ae90d1c23bfcb59af0064591513a671d.1768906687.git.yoann.congal@smile.fr>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <cover.1768906687.git.yoann.congal@smile.fr>
References: <cover.1768906687.git.yoann.congal@smile.fr>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 20 Jan 2026 11:24:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/229675

From: Peter Marko <peter.marko@siemens.com>

Fixes regression of fix for CVE-2025-60753

Release notes [1]:
Libarchive 3.8.5 is a bugfix release.
Notable bugxies:
* bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix (#2809)
* various small bugfixes in code and documentation

[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.5

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../libarchive/{libarchive_3.8.4.bb => libarchive_3.8.5.bb}     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/libarchive/{libarchive_3.8.4.bb => libarchive_3.8.5.bb} (96%)

diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.4.bb b/meta/recipes-extended/libarchive/libarchive_3.8.5.bb
similarity index 96%
rename from meta/recipes-extended/libarchive/libarchive_3.8.4.bb
rename to meta/recipes-extended/libarchive/libarchive_3.8.5.bb
index e89638f5c6..fcfaf5d231 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.8.4.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.5.bb
@@ -32,7 +32,7 @@ EXTRA_OECONF += "--enable-largefile --without-iconv"
 SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz"
 UPSTREAM_CHECK_URI = "https://www.libarchive.org/"
 
-SRC_URI[sha256sum] = "b2c75b132a0ec43274d2867221befcb425034cd038e465afbfad09911abb1abb"
+SRC_URI[sha256sum] = "8a60f3a7bfd59c54ce82ae805a93dba65defd04148c3333b7eaa2102f03b7ffd"
 
 inherit autotools update-alternatives pkgconfig