This is an updated patch review request with added patches. v1: https://lore.kernel.org/openembedded-core/[email protected]/T/#u v1->v2: added patches: * python3-urllib3: patch CVE-2025-66471 * lz4: Remove a reference to the rejected CVE-2025-62813 * avahi: Remove a reference to the rejected CVE-2021-36217 * create-pull-request: Keep commit hash to be pulled in cover email
Please review this set of changes for whinlatter and have comments back by end of day Monday, March 9. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3334 The following changes since commit 45cba1329d541fdc5857d6df2624b34c91133f7a: build-appliance-image: Update to whinlatter head revisions (2026-02-27 17:46:44 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/whinlatter-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-nut for you to fetch changes up to cfc0e446a1ad57e710d2c82914211f9bcdc4a752: python3-urllib3: patch CVE-2025-66471 (2026-03-06 00:48:43 +0100) ---------------------------------------------------------------- Adarsh Jagadish Kamini (1): python3-pip: Backport fix CVE-2026-1703 Ankur Tyagi (1): wireless-regdb: upgrade 2025.10.07 -> 2026.02.04 Antonin Godard (1): python3: skip flaky test_default_timeout test Benjamin Robin (Schneider Electric) (2): avahi: Remove a reference to the rejected CVE-2021-36217 lz4: Remove a reference to the rejected CVE-2025-62813 Hugo SIMELIERE (2): zlib: Fix CVE-2026-27171 harfbuzz: Fix CVE-2026-22693 Paul Barker (1): create-pull-request: Keep commit hash to be pulled in cover email Peter Marko (4): linux-yocto: apply cve-exclusions also to rt and tiny recipe variants cve-exclusions: set status for 5 CVEs ffmpeg: set status for CVE-2025-12343 python3-urllib3: patch CVE-2025-66471 Shaik Moin (1): gdk-pixbuf: Fix CVE-2025-6199 Vijay Anusuri (1): gnutls: Fix CVE-2025-14831 Yoann Congal (2): README: Add whinlatter subject-prefix to git-send-email suggestion b4-config: add send-prefixes for whinlatter .b4-config | 1 + README.OE-Core.md | 2 +- .../avahi/files/local-ping.patch | 1 - .../zlib/zlib/CVE-2026-27171.patch | 63 ++ meta/recipes-core/zlib/zlib_1.3.1.bb | 1 + .../python/python3-pip/CVE-2026-1703.patch | 41 + .../python/python3-pip_25.2.bb | 4 +- .../python3-urllib3/CVE-2025-66471.patch | 926 ++++++++++++++++++ .../python/python3-urllib3_2.5.0.bb | 1 + ...kip-flaky-test_default_timeout-tests.patch | 49 + .../python/python3_3.13.11.bb | 1 + .../gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch | 36 + .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 + .../harfbuzz/files/CVE-2026-22693.patch | 33 + .../harfbuzz/harfbuzz_11.4.5.bb | 4 +- meta/recipes-kernel/linux/cve-exclusion.inc | 16 + .../linux/linux-yocto-rt_6.12.bb | 1 + .../linux/linux-yocto-rt_6.16.bb | 1 + .../linux/linux-yocto-tiny_6.12.bb | 1 + .../linux/linux-yocto-tiny_6.16.bb | 1 + ....10.07.bb => wireless-regdb_2026.02.04.bb} | 2 +- meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.bb | 1 + .../gnutls/gnutls/CVE-2025-14831-1.patch | 119 +++ .../gnutls/gnutls/CVE-2025-14831-10.patch | 424 ++++++++ .../gnutls/gnutls/CVE-2025-14831-2.patch | 66 ++ .../gnutls/gnutls/CVE-2025-14831-3.patch | 30 + .../gnutls/gnutls/CVE-2025-14831-4.patch | 45 + .../gnutls/gnutls/CVE-2025-14831-5.patch | 205 ++++ .../gnutls/gnutls/CVE-2025-14831-6.patch | 505 ++++++++++ .../gnutls/gnutls/CVE-2025-14831-7.patch | 124 +++ .../gnutls/gnutls/CVE-2025-14831-8.patch | 155 +++ .../gnutls/gnutls/CVE-2025-14831-9.patch | 110 +++ meta/recipes-support/gnutls/gnutls_3.8.10.bb | 10 + ...13.patch => fix-null-error-handling.patch} | 1 - meta/recipes-support/lz4/lz4_1.10.0.bb | 2 +- scripts/create-pull-request | 2 +- 36 files changed, 2977 insertions(+), 8 deletions(-) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66471.patch create mode 100644 meta/recipes-devtools/python/python3/0001-Skip-flaky-test_default_timeout-tests.patch create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch create mode 100644 meta/recipes-graphics/harfbuzz/files/CVE-2026-22693.patch rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2025.10.07.bb => wireless-regdb_2026.02.04.bb} (94%) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-10.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch rename meta/recipes-support/lz4/lz4/{CVE-2025-62813.patch => fix-null-error-handling.patch} (99%)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232539): https://lists.openembedded.org/g/openembedded-core/message/232539 Mute This Topic: https://lists.openembedded.org/mt/118167197/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
