Please review this set of changes for scarthgap and have comments back by end of day Thursday, May 6.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3774 The following changes since commit dc2df90b1d4f71023169d492f3819326e0e6c055: liburcu: upgrade 0.14.0 -> 0.14.2 (2026-04-24 16:06:21 +0200) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut for you to fetch changes up to 3c2f2b6f7af2bb743655859b64faae4786080cb9: libsoup: fix CVE-2025-32049 (2026-05-05 13:01:04 +0200) ---------------------------------------------------------------- Adarsh Jagadish Kamini (2): binutils: fix CVE-2025-69647 binutils: fix CVE-2025-69648 Bruce Ashfield (3): linux-yocto/6.6: update to v6.6.124 linux-yocto/6.6: update to v6.6.126 linux-yocto/6.6: update to v6.6.127 Changqing Li (2): libsoup: fix CVE-2025-14523 libsoup: fix CVE-2025-32049 Fabien Thomas (1): ghostscript: Pin to C17 std Himanshu Jadon (1): apt: Add CVE_PRODUCT to support product name Hitendra Prajapati (3): rsync: fix for CVE-2026-41035 systemd: fix for CVE-2026-40225 systemd: fix for CVE-2026-40226 Hongxu Jia (3): u-boot: fix CVE-2025-24857 ovmf: fix CVE-2025-2296 ovmf: fix CVE-2024-38798 Hugo SIMELIERE (3): expat: patch CVE-2026-32776 expat: patch CVE-2026-32777 expat: patch CVE-2026-32778 Jhonata Poma-Hansen (1): dbus: gate user-session PACKAGECONFIG on systemd in DISTRO_FEATURES Martin Jansa (1): ghostscript: fix build with gcc-15 on host Sudhir Dumbhare (1): libpng: fix CVE-2026-33636 Vijay Anusuri (2): avahi: Fix CVE-2026-34933 gdk-pixbuf: Fix CVE-2026-5201 .../u-boot/files/CVE-2025-24857.patch | 42 + meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +- meta/recipes-connectivity/avahi/avahi_0.8.bb | 2 + .../avahi/files/CVE-2026-34933-1.patch | 108 +++ .../avahi/files/CVE-2026-34933-2.patch | 96 +++ meta/recipes-core/dbus/dbus_1.14.10.bb | 2 +- .../expat/expat/CVE-2026-32776.patch | 91 +++ .../expat/expat/CVE-2026-32777-01.patch | 49 ++ .../expat/expat/CVE-2026-32777-02.patch | 66 ++ .../expat/expat/CVE-2026-32778-01.patch | 91 +++ .../expat/expat/CVE-2026-32778-02.patch | 61 ++ meta/recipes-core/expat/expat_2.6.4.bb | 5 + ...mdSev-Halt-on-failed-blob-allocation.patch | 159 ++++ .../ovmf/ovmf/CVE-2024-38798.patch | 116 +++ .../ovmf/ovmf/CVE-2025-2296-1.patch | 762 ++++++++++++++++++ .../ovmf/ovmf/CVE-2025-2296-2.patch | 175 ++++ .../ovmf/ovmf/CVE-2025-2296-3.patch | 42 + .../ovmf/ovmf/CVE-2025-2296-4.patch | 34 + .../ovmf/ovmf/CVE-2025-2296-5.patch | 36 + .../ovmf/ovmf/CVE-2025-2296-6.patch | 54 ++ .../ovmf/ovmf/CVE-2025-2296-7.patch | 124 +++ .../ovmf/ovmf/CVE-2025-2296-8.patch | 125 +++ .../ovmf/ovmf/CVE-2025-2296-9.patch | 108 +++ meta/recipes-core/ovmf/ovmf_git.bb | 11 + .../systemd/systemd/CVE-2026-40225-01.patch | 131 +++ .../systemd/systemd/CVE-2026-40225-02.patch | 39 + .../systemd/systemd/CVE-2026-40226-01.patch | 63 ++ .../systemd/systemd/CVE-2026-40226-02.patch | 39 + meta/recipes-core/systemd/systemd_255.21.bb | 4 + meta/recipes-devtools/apt/apt_2.6.1.bb | 3 + .../binutils/binutils-2.42.inc | 2 + .../binutils/binutils/CVE-2025-69647.patch | 85 ++ .../binutils/binutils/CVE-2025-69648.patch | 190 +++++ .../rsync/files/CVE-2026-41035.patch | 39 + meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + ...Fix-compatibility-with-C23-compilers.patch | 67 ++ .../ghostscript/ghostscript_10.05.1.bb | 3 + .../gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch | 44 + .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 + .../linux/linux-yocto-rt_6.6.bb | 6 +- .../linux/linux-yocto-tiny_6.6.bb | 6 +- meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +- .../libpng/files/CVE-2026-33636.patch | 99 +++ .../libpng/libpng_1.6.42.bb | 1 + .../libsoup-3.4.4/CVE-2025-14523.patch | 715 ++++++++++++++++ .../libsoup-3.4.4/CVE-2025-32049-1.patch | 229 ++++++ .../libsoup-3.4.4/CVE-2025-32049-2.patch | 34 + .../libsoup-3.4.4/CVE-2025-32049-3.patch | 134 +++ .../libsoup-3.4.4/CVE-2025-32049-4.patch | 292 +++++++ meta/recipes-support/libsoup/libsoup_3.4.4.bb | 5 + 50 files changed, 4601 insertions(+), 22 deletions(-) create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2025-24857.patch create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-34933-1.patch create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2026-34933-2.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32776.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777-01.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777-02.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778-01.patch create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778-02.patch create mode 100644 meta/recipes-core/ovmf/ovmf/0001-AmdSev-Halt-on-failed-blob-allocation.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2024-38798.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-1.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-2.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-3.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-4.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-5.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-6.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-7.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-8.patch create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-9.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40226-01.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40226-02.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2026-41035.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-Bug-708160-Fix-compatibility-with-C23-compilers.patch create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33636.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-14523.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-2.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-3.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-4.patch
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236491): https://lists.openembedded.org/g/openembedded-core/message/236491 Mute This Topic: https://lists.openembedded.org/mt/119164862/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
