[OE-core][scarthgap 00/25] Patch review

Yoann Congal via lists.openembedded.org Mon, 09 Feb 2026 01:29:27 -0800

Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, February 11.


Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3183

The following changes since commit d50e4680ed6f930582d907b37c9ed545a89f5c27:

  build-appliance-image: Update to scarthgap head revision (2026-01-26 09:50:47 
+0000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
  
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut

Adarsh Jagadish Kamini (1):
  python-urllib3: Backport fix for CVE-2026-21441

Amaury Couderc (1):
  curl: patch CVE-2025-14524

Ankur Tyagi (2):
  ffmpeg: upgrade 6.1.3 -> 6.1.4
  ffmpeg: ignore CVE-2025-25469

Benjamin Robin (Schneider Electric) (1):
  meta/classes: fix missing vardeps for CVE status variables

Daniel Turull (1):
  improve_kernel_cve_report: add script for postprocesing of kernel CVE
    data

Fred Bacon (1):
  lighttpd: Fix trailing slash on files in mod_dirlisting

Hitendra Prajapati (1):
  curl: fix CVE-2025-10148

Hugo SIMELIERE (1):
  libtasn1: Fix CVE-2025-13151

Ken Kurematsu (1):
  libtheora: set CVE_PRODUCT

Khai Dang (1):
  docbook-xml-dtd4: fix the fetching failure

Peter Marko (12):
  expat: patch CVE-2026-24515
  expat: patch CVE-2026-25210
  glib-2.0: patch CVE-2026-0988
  libpng: patch CVE-2026-22695
  libpng: patch CVE-2026-22801
  libxml2: patch CVE-2026-0989
  libxml2: patch CVE-2026-0990
  libxml2: patch CVE-2026-0992
  libxml2: add follow-up patch for CVE-2026-0992
  python3: patch CVE-2025-13837
  zlib: ignore CVE-2026-22184
  glibc: stable 2.39 branch updates

Richard Purdie (1):
  pseudo: Update to 1.9.3 release

Vijay Anusuri (1):
  inetutils: Fix CVE-2026-24061

 meta/classes/create-spdx-2.2.bbclass          |   1 +
 meta/classes/create-spdx-3.0.bbclass          |   2 +
 meta/classes/cve-check.bbclass                |   1 +
 meta/classes/vex.bbclass                      |   1 +
 .../inetutils/CVE-2026-24061-1.patch          |  41 ++
 .../inetutils/CVE-2026-24061-2.patch          |  85 ++++
 .../inetutils/inetutils_2.5.bb                |   2 +
 .../expat/expat/CVE-2026-24515-01.patch       |  43 ++
 .../expat/expat/CVE-2026-24515-02.patch       | 117 +++++
 .../expat/expat/CVE-2026-25210-01.patch       |  27 +
 .../expat/expat/CVE-2026-25210-02.patch       |  38 ++
 .../expat/expat/CVE-2026-25210-03.patch       |  28 ++
 meta/recipes-core/expat/expat_2.6.4.bb        |   5 +
 .../glib-2.0/glib-2.0/CVE-2026-0988.patch     |  58 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb |   1 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 meta/recipes-core/glibc/glibc_2.39.bb         |   2 +-
 .../libxml/libxml2/CVE-2026-0989.patch        | 309 ++++++++++++
 .../libxml/libxml2/CVE-2026-0990.patch        |  76 +++
 .../libxml/libxml2/CVE-2026-0992-01.patch     |  49 ++
 .../libxml/libxml2/CVE-2026-0992-02.patch     | 323 ++++++++++++
 .../libxml/libxml2/CVE-2026-0992-03.patch     |  33 ++
 meta/recipes-core/libxml/libxml2_2.12.10.bb   |   5 +
 meta/recipes-core/zlib/zlib_1.3.1.bb          |   1 +
 .../docbook-xml/docbook-xml-dtd4_4.5.bb       |  10 +-
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   4 +-
 .../python3-urllib3/CVE-2026-21441.patch      | 105 ++++
 .../python/python3-urllib3_2.2.2.bb           |   1 +
 .../python/python3/CVE-2025-13837.patch       | 162 ++++++
 .../python/python3_3.12.12.bb                 |   1 +
 .../lighttpd/0001-mod_dirlisting.patch        |  48 ++
 .../lighttpd/lighttpd_1.4.74.bb               |   1 +
 .../ffmpeg/ffmpeg/CVE-2024-35365.patch        |  62 ---
 .../ffmpeg/ffmpeg/CVE-2024-36618.patch        |  36 --
 .../ffmpeg/ffmpeg/CVE-2025-1594.patch         | 105 ----
 .../{ffmpeg_6.1.3.bb => ffmpeg_6.1.4.bb}      |   7 +-
 .../libpng/files/CVE-2026-22695.patch         |  77 +++
 .../libpng/files/CVE-2026-22801.patch         | 173 +++++++
 .../libpng/libpng_1.6.42.bb                   |   2 +
 .../libtheora/libtheora_1.1.1.bb              |   2 +
 .../curl/curl/CVE-2025-10148.patch            |  57 +++
 .../curl/curl/CVE-2025-14524.patch            |  44 ++
 meta/recipes-support/curl/curl_8.7.1.bb       |   2 +
 .../gnutls/libtasn1/CVE-2025-13151.patch      |  30 ++
 .../recipes-support/gnutls/libtasn1_4.20.0.bb |   1 +
 scripts/contrib/improve_kernel_cve_report.py  | 467 ++++++++++++++++++
 46 files changed, 2431 insertions(+), 216 deletions(-)
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-1.patch
 create mode 100644 
meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-2.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515-02.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-01.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-02.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-03.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
 create mode 100644 
meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch
 create mode 100644 
meta/recipes-extended/lighttpd/lighttpd/0001-mod_dirlisting.patch
 delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
 delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
 delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-1594.patch
 rename meta/recipes-multimedia/ffmpeg/{ffmpeg_6.1.3.bb => ffmpeg_6.1.4.bb} 
(98%)
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch
 create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-10148.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch
 create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
 create mode 100755 scripts/contrib/improve_kernel_cve_report.py

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#230751): 
https://lists.openembedded.org/g/openembedded-core/message/230751
Mute This Topic: https://lists.openembedded.org/mt/117716593/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][scarthgap 00/25] Patch review

Reply via email to