Le mar. 20 janv. 2026 à 14:38, Yoann Congal <[email protected]> a écrit :
> Please review this set of changes for kirkstone and have comments back by > end of day Thursday, January 22. > > This is the last patch review request for kirkstone 4.0.33 before it is > built on monday: In addition to normal CVE fixes: > * pseudo upgrade to fix 16117 – AB-INT: do_package: Error executing a > python function in exec_func_python() autogenerated > https://bugzilla.yoctoproject.org/show_bug.cgi?id=16117 > * A oeqa fix for 16137 – AB-INT: core-image-sato.bb:do_testsdk fails on > ftpmirror.gnu.org returning 502 Bad Gateway > https://bugzilla.yoctoproject.org/show_bug.cgi?id=16137 > > Passed (with rebuild) a-full on autobuilder: > * https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3090 > * via poky-contrib stable/kirkstone-nut : > * OE-core tip is at > https://git.yoctoproject.org/poky-contrib/commit/?h=stable/kirkstone-nut&id=08f446ecb3d3b78daaf8e5b90dec1bff6cb1d5d8 > * meta-mingw failed > https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3115 > * Bug is: #16145 – [kirkstone] AB-INT: mingw-sdktest fail with "wine > %CC" returning 1 > * then, with the same commits, meta-mingw was successfully rebuilt > https://autobuilder.yoctoproject.org/valkyrie/?#/builders/7/builds/3119 I have now re-run a successful a-full test https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3097 with the v2 of "python3-urllib3: patch CVE-2025-66418" https://lists.openembedded.org/g/openembedded-core/topic/kirkstone_patch_v2/117362843 The tip of the stable/kirkstone-nut is now at https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=1ce772b2fd97d2e8364a602fdd313355f2df967e > The following changes since commit > 0057fc49725db8637656fac10631d8f89799bad3: > > go: Fix CVE-2025-61729 (2025-12-29 08:48:27 -0800) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib > stable/kirkstone-nut > > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut > > for you to fetch changes up to 20ff1a4ac744855b54952d7fad7424696500a230: > > oeqa: Use 2.14 release of cpio instead of 2.13 (2026-01-19 23:44:02 > +0100) > > ---------------------------------------------------------------- > > Hitendra Prajapati (1): > python3: fix CVE-2025-13836 > > Khem Raj (1): > oeqa: Use 2.14 release of cpio instead of 2.13 > > Paul Barker (1): > pseudo: Add hard sstate dependencies for pseudo-native > > Peter Marko (17): > util-linux: patch CVE-2025-14104 > glib-2.0: patch CVE-2025-13601 > glib-2.0: patch CVE-2025-14087 > glib-2.0: patch CVE-2025-14512 > qemu: ignore CVE-2025-54566 and CVE-2025-54567 > cups: patch CVE-2025-58436 > cups: patch CVE-2025-61915 > cups: allow unknown directives in conf files > dropbear: patch CVE-2019-6111 > python3-urllib3: patch CVE-2025-66418 > libpcap: patch CVE-2025-11961 > libpcap: patch CVE-2025-11964 > libarchive: fix CVE-2025-60753 regression > curl: patch CVE-2025-14017 > curl: patch CVE-2025-15079 > curl: patch CVE-2025-15224 > gnupg: patch CVE-2025-68973 > > Richard Purdie (4): > pseudo: Upgrade to version 1.9.1 > pseudo: Update to pull in memleak fix > pseudo: Update to pull in openat2 and efault return code changes > pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' > > Robert Yang (1): > pseudo: 1.9.0 -> 1.9.2 > > Vijay Anusuri (1): > binutils: Fix CVE-2025-1181 > > meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +- > meta/lib/oeqa/sdk/cases/buildcpio.py | 4 +- > meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +- > .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++ > .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++ > .../libpcap/libpcap/CVE-2025-11964.patch | 33 + > .../libpcap/libpcap_1.10.1.bb | 3 + > meta/recipes-core/dropbear/dropbear.inc | 1 + > .../dropbear/dropbear/CVE-2019-6111.patch | 157 +++++ > .../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 ++++ > .../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++ > .../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 ++ > .../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 +++++++ > .../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++ > .../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 ++ > meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 6 + > meta/recipes-core/util-linux/util-linux.inc | 2 + > .../util-linux/CVE-2025-14104-01.patch | 33 + > .../util-linux/CVE-2025-14104-02.patch | 28 + > .../binutils/binutils-2.38.inc | 2 + > .../binutils/binutils/CVE-2025-1181-pre.patch | 149 +++++ > .../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++ > .../0001-configure-Prune-PIE-flags.patch | 44 -- > .../pseudo/files/glibc238.patch | 65 -- > .../pseudo/files/older-glibc-symbols.patch | 4 +- > meta/recipes-devtools/pseudo/pseudo.inc | 7 + > meta/recipes-devtools/pseudo/pseudo_git.bb | 6 +- > .../python3-urllib3/CVE-2025-66418.patch | 70 ++ > .../python/python3-urllib3_1.26.20.bb | 1 + > .../python/python3/CVE-2025-13836.patch | 163 +++++ > .../python/python3_3.10.19.bb | 1 + > meta/recipes-devtools/qemu/qemu.inc | 3 + > meta/recipes-extended/cups/cups.inc | 3 + > ...pping-scheduler-on-unknown-directive.patch | 43 ++ > .../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++ > .../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++ > ...25-60753.patch => CVE-2025-60753-01.patch} | 0 > .../libarchive/CVE-2025-60753-02.patch | 46 ++ > .../libarchive/libarchive_3.6.2.bb | 3 +- > .../curl/curl/CVE-2025-14017.patch | 115 ++++ > .../curl/curl/CVE-2025-15079.patch | 32 + > .../curl/curl/CVE-2025-15224.patch | 31 + > meta/recipes-support/curl/curl_7.82.0.bb | 3 + > .../gnupg/gnupg/CVE-2025-68973.patch | 108 +++ > meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 + > 45 files changed, 3763 insertions(+), 120 deletions(-) > create mode 100644 > meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch > create mode 100644 > meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch > create mode 100644 > meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch > create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch > create mode 100644 > meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch > create mode 100644 > meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch > delete mode 100644 > meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch > delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch > create mode 100644 > meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch > create mode 100644 > meta/recipes-devtools/python/python3/CVE-2025-13836.patch > create mode 100644 > meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch > create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch > rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch > => CVE-2025-60753-01.patch} (100%) > create mode 100644 > meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch > create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch > create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch > > -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#229786): https://lists.openembedded.org/g/openembedded-core/message/229786 Mute This Topic: https://lists.openembedded.org/mt/117362629/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
