Please review this set of changes for kirkstone and have comments back by end of day Wednesday, March 18.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3429 This build was impacted by: * 16185 – AB-INT: failed connections to git.yoctoproject.org https://bugzilla.yoctoproject.org/show_bug.cgi?id=16185 * https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3403 * rebuilt successfully as https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3404 * https://autobuilder.yoctoproject.org/valkyrie/#/builders/78/builds/3404 * rebuilt successfully as https://autobuilder.yoctoproject.org/valkyrie/#/builders/78/builds/3405 * A random network glitch on github: * https://autobuilder.yoctoproject.org/valkyrie/#/builders/30/builds/3357 * rebuilt successfully as https://autobuilder.yoctoproject.org/valkyrie/#/builders/30/builds/3360 The following changes since commit 7b6c9faa301a6d058ca34e230586f6a81ffa3ffb: build-appliance-image: Update to kirkstone head revision (2026-02-27 15:59:49 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut for you to fetch changes up to ec995339f1f4143616f1b13814899acaf137b0b5: createrepo-c: Fix createrepo-c-native build on GCC14 hosts (e.g. Fedora 41) (2026-03-15 23:59:54 +0100) ---------------------------------------------------------------- Aleksandar Nikolic (1): scripts/install-buildtools: Update to 4.0.33 Hitendra Prajapati (1): libpam: fix CVE-2024-10963 Ken Kurematsu (1): libtheora: set CVE_PRODUCT Martin Jansa (2): libpam: re-add missing libgen include lsb.py: strip ' from os-release file Peter Marko (7): alsa-lib: patch CVE-2026-25068 ffmpeg: patch CVE-2025-10256 inetutils: patch CVE-2026-28372 busybox: patch CVE-2025-60876 tiff: patch CVE-2025-61143 tiff: patch CVE-2025-61144 tiff: set status of CVE-2025-61145 as fixed by patch for CVE-2025-8961 Shaik Moin (1): gdk-pixbuf: Fix CVE-2025-6199 Vijay Anusuri (1): python3-pip: Fix CVE-2026-1703 Yoann Congal (3): gtk+3: fix incompatible-pointer-types errors for native build on Fedora 41 libcomps: Fix libcomps-native build on GCC14 hosts (e.g. Fedora 41) createrepo-c: Fix createrepo-c-native build on GCC14 hosts (e.g. Fedora 41) meta/lib/oe/lsb.py | 2 +- .../inetutils/inetutils/CVE-2026-28372.patch | 86 +++++++ .../inetutils/inetutils_2.2.bb | 1 + .../busybox/busybox/CVE-2025-60876.patch | 38 +++ meta/recipes-core/busybox/busybox_1.35.0.bb | 1 + ...-proper-cast-for-PyMethodDef.ml_meth.patch | 41 ++++ .../createrepo-c/createrepo-c_0.19.0.bb | 1 + ...orrect-variable-for-category-and-env.patch | 48 ++++ .../libcomps/libcomps_0.1.18.bb | 1 + .../python/python3-pip/CVE-2026-1703.patch | 37 +++ .../python/python3-pip_22.0.3.bb | 1 + .../pam/libpam/CVE-2024-10963.patch | 229 ++++++++++++++++++ .../pam/libpam/CVE-2025-6020-01.patch | 4 +- meta/recipes-extended/pam/libpam_1.5.2.bb | 1 + .../gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch | 36 +++ .../gdk-pixbuf/gdk-pixbuf_2.42.10.bb | 1 + ...-type-when-calling-GtkWidget-methods.patch | 28 +++ ...ests-Add-GdkEvent-casts-in-testinput.patch | 48 ++++ meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb | 2 + .../alsa/alsa-lib/CVE-2026-25068.patch | 34 +++ .../alsa/alsa-lib_1.2.6.1.bb | 1 + .../ffmpeg/ffmpeg/CVE-2025-10256.patch | 31 +++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 1 + .../libtheora/libtheora_1.1.1.bb | 2 + .../libtiff/tiff/CVE-2025-61143.patch | 44 ++++ .../libtiff/tiff/CVE-2025-61144.patch | 27 +++ .../libtiff/tiff/CVE-2025-8961.patch | 1 + meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 + scripts/install-buildtools | 4 +- 29 files changed, 748 insertions(+), 5 deletions(-) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-28372.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-60876.patch create mode 100644 meta/recipes-devtools/createrepo-c/createrepo-c/0001-Use-proper-cast-for-PyMethodDef.ml_meth.patch create mode 100644 meta/recipes-devtools/libcomps/libcomps/0001-Fix-build-use-correct-variable-for-category-and-env.patch create mode 100644 meta/recipes-devtools/python/python3-pip/CVE-2026-1703.patch create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10963.patch create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch create mode 100644 meta/recipes-gnome/gtk+/gtk+3/0001-Use-the-right-type-when-calling-GtkWidget-methods.patch create mode 100644 meta/recipes-gnome/gtk+/gtk+3/0002-tests-Add-GdkEvent-casts-in-testinput.patch create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-10256.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-61144.patch
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233222): https://lists.openembedded.org/g/openembedded-core/message/233222 Mute This Topic: https://lists.openembedded.org/mt/118341911/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
