Please review this set of changes for scarthgap and have comments back by end of day Tuesday, March 31.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3546 Note: This particular build had a gnutls patch that I removed because it needed a small change[0]. Build (currently running) without the gnutls patch: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3551 [0]: https://lore.kernel.org/openembedded-core/[email protected]/T/#t The following changes since commit 41597b5260fb5ca811d0fb4ae7e65246d61734eb: Revert "scripts/install-buildtools: Update to 5.0.16" (2026-03-26 09:48:20 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut for you to fetch changes up to e6f3b2e043259650d80fb6f761797c5cf5587eb5: python3-pyopenssl: Fix CVE-2026-27459 (2026-03-30 00:09:38 +0200) ---------------------------------------------------------------- Hitendra Prajapati (2): libxml-parser-perl: fix for CVE-2006-10003 busybox: fix for CVE-2026-26157, CVE-2026-26158 João Marcos Costa (Schneider Electric) (1): spdx: add option to include only compiled sources Martin Jansa (3): dtc: backport fix for build with glibc-2.43 elfutils: don't add -Werror to avoid discarded-qualifiers binutils: backport patch to fix build with glibc-2.43 on host Michael Halstead (2): yocto-uninative: Update to 5.0 for needed patchelf updates yocto-uninative: Update to 5.1 for glibc 2.43 Nguyen Dat Tho (1): python3-cryptography: Fix CVE-2026-26007 Paul Barker (1): tzdata,tzcode-native: Upgrade 2025b -> 2025c Richard Purdie (1): pseudo: Add fix for glibc 2.43 Sunil Dora (1): rust: Enable dynamic linking with llvm Vijay Anusuri (3): python3-pyopenssl: Fix CVE-2026-27448 python3-pyopenssl: Fix CVE-2026-27459 gnutls: Fix CVE-2025-14831 sureshha (1): systemd: backport patch to fix journal-file issue meta/classes/spdx-common.bbclass | 3 + meta/conf/distro/include/yocto-uninative.inc | 10 +- meta/lib/oe/spdx30_tasks.py | 12 + .../CVE-2026-26157-CVE-2026-26158-01.patch | 198 +++++++ .../CVE-2026-26157-CVE-2026-26158-02.patch | 37 ++ meta/recipes-core/busybox/busybox_1.36.1.bb | 2 + ...not-trigger-assertion-on-removed-or-.patch | 65 +++ meta/recipes-core/systemd/systemd_255.21.bb | 1 + .../binutils/binutils-2.42.inc | 1 + ...tect-against-standard-library-macros.patch | 31 ++ .../elfutils/elfutils_0.191.bb | 1 + ...001-config-eu.am-do-not-force-Werror.patch | 34 ++ .../libxml-parser-perl/CVE-2006-10003.patch | 73 +++ .../perl/libxml-parser-perl_2.47.bb | 1 + meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- .../python3-cryptography/CVE-2026-26007.patch | 149 ++++++ .../python/python3-cryptography_42.0.5.bb | 1 + .../python3-pyopenssl/CVE-2026-27448.patch | 124 +++++ .../python3-pyopenssl/CVE-2026-27459.patch | 109 ++++ .../python/python3-pyopenssl_24.0.0.bb | 5 + meta/recipes-devtools/rust/rust_1.75.0.bb | 2 + meta/recipes-extended/timezone/timezone.inc | 6 +- .../0001-Fix-discarded-const-qualifiers.patch | 85 +++ meta/recipes-kernel/dtc/dtc_1.7.0.bb | 1 + .../gnutls/gnutls/CVE-2025-14831-1.patch | 61 +++ .../gnutls/gnutls/CVE-2025-14831-2.patch | 30 ++ .../gnutls/gnutls/CVE-2025-14831-3.patch | 45 ++ .../gnutls/gnutls/CVE-2025-14831-4.patch | 200 +++++++ .../gnutls/gnutls/CVE-2025-14831-5.patch | 500 ++++++++++++++++++ .../gnutls/gnutls/CVE-2025-14831-6.patch | 119 +++++ .../gnutls/gnutls/CVE-2025-14831-7.patch | 150 ++++++ .../gnutls/gnutls/CVE-2025-14831-8.patch | 105 ++++ .../gnutls/gnutls/CVE-2025-14831-9.patch | 437 +++++++++++++++ meta/recipes-support/gnutls/gnutls_3.8.4.bb | 9 + 34 files changed, 2600 insertions(+), 9 deletions(-) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-26157-CVE-2026-26158-01.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-26157-CVE-2026-26158-02.patch create mode 100644 meta/recipes-core/systemd/systemd/0023-journal-file-do-not-trigger-assertion-on-removed-or-.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0022-gprofng-protect-against-standard-library-macros.patch create mode 100644 meta/recipes-devtools/elfutils/files/0001-config-eu.am-do-not-force-Werror.patch create mode 100644 meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27448.patch create mode 100644 meta/recipes-devtools/python/python3-pyopenssl/CVE-2026-27459.patch create mode 100644 meta/recipes-kernel/dtc/dtc/0001-Fix-discarded-const-qualifiers.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#234158): https://lists.openembedded.org/g/openembedded-core/message/234158 Mute This Topic: https://lists.openembedded.org/mt/118570877/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
