> -----Original Message----- > From: Yoann Congal <[email protected]> > Sent: Tuesday, February 24, 2026 0:02 > To: Marko, Peter (FT D EU SK BFS1) <[email protected]>; > [email protected]; [email protected] > Subject: Re: [OE-core] [kirkstone][PATCH] ffmpeg: ignore CVE-2025-25469 > > On Mon Feb 23, 2026 at 6:49 PM CET, Peter Marko wrote: > > > > > >> -----Original Message----- > >> From: [email protected] <openembedded- > >> [email protected]> On Behalf Of Yoann Congal via > >> lists.openembedded.org > >> Sent: Monday, February 23, 2026 18:05 > >> To: [email protected]; openembedded- > [email protected] > >> Subject: Re: [OE-core] [kirkstone][PATCH] ffmpeg: ignore CVE-2025-25469 > >> > >> On Mon Feb 23, 2026 at 5:54 PM CET, Colin McAllister via > >> lists.openembedded.org wrote: > >> > Missing free introduced by commit d38fc25 and fixed by commit d5873be. > >> > The first version tag that contains both commits is in n8.0, so no > >> > ffmpeg release is vulnerable. > >> > > >> > Signed-off-by: Colin Pinnell McAllister <[email protected]> > >> > Change-Id: I91f0aaad8ddcfaa2acac541470aebc9abe88b0d4 > >> Hello, > >> > >> This was already sent: https://lore.kernel.org/openembedded- > >> core/[email protected]/ > >> > >> I'm reviewing the kirkstone patches now, I will send this soon. > > > > Hello Yoann, > > > > Thanks for updating the branch. > > > > I'm missing following patches from me in stable/kirkstone-nut > > * https://lists.openembedded.org/g/openembedded-core/message/229377 > > * https://lists.openembedded.org/g/openembedded-core/message/229378 > As said in the other thread, I've taken those. > > > * https://lists.openembedded.org/g/openembedded-core/message/229938 > > Also following patch for CVE currently open in metrics is missing: > > * https://lists.openembedded.org/g/openembedded-core/message/229875 > ... I also taken those two > > > The two libpng patches I'll rebase and resend later today. > > It's a bit hard to send patches without conflicts when the nut branch is > > being > updated so infrequently... > > Yeah I noticed, sorry about that. I'll try to merge more frequently from now > on. >
I think that frequent picking of incoming patches to publicly visible branch where contributors can rebase upon is the important thing. Detailed review and merge activities usually takes some effort and can be done less frequently (dropping some of the patches in the process). Let's see what can be achieved. Peter > Thanks Peter! > > > Thanks, > > Peter > > > >> > >> And, by the way, please remove the "Change-Id:" line. I guess it's a > >> by-product of you internal review tool? > >> > >> Thanks! > >> > --- > >> > meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +++++ > >> > 1 file changed, 5 insertions(+) > >> > > >> > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb > >> > b/meta/recipes- > >> multimedia/ffmpeg/ffmpeg_5.0.3.bb > >> > index d64b97e787..eb21cde89a 100644 > >> > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb > >> > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb > >> > @@ -105,6 +105,11 @@ CVE_CHECK_IGNORE += "CVE-2022-3341" > >> > # bugfix: > >> > https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841 > >> d3d1fa7f3 > >> > CVE_CHECK_IGNORE += "CVE-2023-6603" > >> > > >> > +# Vulnerable code not present in any release > >> > +# introduced: > >> > https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d38fc25519cf12a9212dadcba1258f > >> c176ffbade > >> > +# bugfix: > >> > https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd > >> 4b12e0efcd > >> > +CVE_CHECK_IGNORE += "CVE-2025-25469" > >> > + > >> > # Build fails when thumb is enabled: > >> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 > >> > ARM_INSTRUCTION_SET:armv4 = "arm" > >> > ARM_INSTRUCTION_SET:armv5 = "arm" > >> > >> > >> -- > >> Yoann Congal > >> Smile ECS > > > -- > Yoann Congal > Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231718): https://lists.openembedded.org/g/openembedded-core/message/231718 Mute This Topic: https://lists.openembedded.org/mt/117960328/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
