On Tue May 5, 2026 at 6:57 PM CEST, Fabien Thomas via lists.openembedded.org wrote: > Please review this set of changes for scarthgap and have comments back by > end of day Thursday, May 6. Please note a correction to my previous email. Comments are expected by Thurday May 7, not 6.
My apologies, > > Passed a-full on autobuilder: > https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3774 > > The following changes since commit dc2df90b1d4f71023169d492f3819326e0e6c055: > > liburcu: upgrade 0.14.0 -> 0.14.2 (2026-04-24 16:06:21 +0200) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut > > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut > > for you to fetch changes up to 3c2f2b6f7af2bb743655859b64faae4786080cb9: > > libsoup: fix CVE-2025-32049 (2026-05-05 13:01:04 +0200) > > ---------------------------------------------------------------- > > Adarsh Jagadish Kamini (2): > binutils: fix CVE-2025-69647 > binutils: fix CVE-2025-69648 > > Bruce Ashfield (3): > linux-yocto/6.6: update to v6.6.124 > linux-yocto/6.6: update to v6.6.126 > linux-yocto/6.6: update to v6.6.127 > > Changqing Li (2): > libsoup: fix CVE-2025-14523 > libsoup: fix CVE-2025-32049 > > Fabien Thomas (1): > ghostscript: Pin to C17 std > > Himanshu Jadon (1): > apt: Add CVE_PRODUCT to support product name > > Hitendra Prajapati (3): > rsync: fix for CVE-2026-41035 > systemd: fix for CVE-2026-40225 > systemd: fix for CVE-2026-40226 > > Hongxu Jia (3): > u-boot: fix CVE-2025-24857 > ovmf: fix CVE-2025-2296 > ovmf: fix CVE-2024-38798 > > Hugo SIMELIERE (3): > expat: patch CVE-2026-32776 > expat: patch CVE-2026-32777 > expat: patch CVE-2026-32778 > > Jhonata Poma-Hansen (1): > dbus: gate user-session PACKAGECONFIG on systemd in DISTRO_FEATURES > > Martin Jansa (1): > ghostscript: fix build with gcc-15 on host > > Sudhir Dumbhare (1): > libpng: fix CVE-2026-33636 > > Vijay Anusuri (2): > avahi: Fix CVE-2026-34933 > gdk-pixbuf: Fix CVE-2026-5201 > > .../u-boot/files/CVE-2025-24857.patch | 42 + > meta/recipes-bsp/u-boot/u-boot-common.inc | 4 +- > meta/recipes-connectivity/avahi/avahi_0.8.bb | 2 + > .../avahi/files/CVE-2026-34933-1.patch | 108 +++ > .../avahi/files/CVE-2026-34933-2.patch | 96 +++ > meta/recipes-core/dbus/dbus_1.14.10.bb | 2 +- > .../expat/expat/CVE-2026-32776.patch | 91 +++ > .../expat/expat/CVE-2026-32777-01.patch | 49 ++ > .../expat/expat/CVE-2026-32777-02.patch | 66 ++ > .../expat/expat/CVE-2026-32778-01.patch | 91 +++ > .../expat/expat/CVE-2026-32778-02.patch | 61 ++ > meta/recipes-core/expat/expat_2.6.4.bb | 5 + > ...mdSev-Halt-on-failed-blob-allocation.patch | 159 ++++ > .../ovmf/ovmf/CVE-2024-38798.patch | 116 +++ > .../ovmf/ovmf/CVE-2025-2296-1.patch | 762 ++++++++++++++++++ > .../ovmf/ovmf/CVE-2025-2296-2.patch | 175 ++++ > .../ovmf/ovmf/CVE-2025-2296-3.patch | 42 + > .../ovmf/ovmf/CVE-2025-2296-4.patch | 34 + > .../ovmf/ovmf/CVE-2025-2296-5.patch | 36 + > .../ovmf/ovmf/CVE-2025-2296-6.patch | 54 ++ > .../ovmf/ovmf/CVE-2025-2296-7.patch | 124 +++ > .../ovmf/ovmf/CVE-2025-2296-8.patch | 125 +++ > .../ovmf/ovmf/CVE-2025-2296-9.patch | 108 +++ > meta/recipes-core/ovmf/ovmf_git.bb | 11 + > .../systemd/systemd/CVE-2026-40225-01.patch | 131 +++ > .../systemd/systemd/CVE-2026-40225-02.patch | 39 + > .../systemd/systemd/CVE-2026-40226-01.patch | 63 ++ > .../systemd/systemd/CVE-2026-40226-02.patch | 39 + > meta/recipes-core/systemd/systemd_255.21.bb | 4 + > meta/recipes-devtools/apt/apt_2.6.1.bb | 3 + > .../binutils/binutils-2.42.inc | 2 + > .../binutils/binutils/CVE-2025-69647.patch | 85 ++ > .../binutils/binutils/CVE-2025-69648.patch | 190 +++++ > .../rsync/files/CVE-2026-41035.patch | 39 + > meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + > ...Fix-compatibility-with-C23-compilers.patch | 67 ++ > .../ghostscript/ghostscript_10.05.1.bb | 3 + > .../gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch | 44 + > .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 + > .../linux/linux-yocto-rt_6.6.bb | 6 +- > .../linux/linux-yocto-tiny_6.6.bb | 6 +- > meta/recipes-kernel/linux/linux-yocto_6.6.bb | 28 +- > .../libpng/files/CVE-2026-33636.patch | 99 +++ > .../libpng/libpng_1.6.42.bb | 1 + > .../libsoup-3.4.4/CVE-2025-14523.patch | 715 ++++++++++++++++ > .../libsoup-3.4.4/CVE-2025-32049-1.patch | 229 ++++++ > .../libsoup-3.4.4/CVE-2025-32049-2.patch | 34 + > .../libsoup-3.4.4/CVE-2025-32049-3.patch | 134 +++ > .../libsoup-3.4.4/CVE-2025-32049-4.patch | 292 +++++++ > meta/recipes-support/libsoup/libsoup_3.4.4.bb | 5 + > 50 files changed, 4601 insertions(+), 22 deletions(-) > create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2025-24857.patch > create mode 100644 > meta/recipes-connectivity/avahi/files/CVE-2026-34933-1.patch > create mode 100644 > meta/recipes-connectivity/avahi/files/CVE-2026-34933-2.patch > create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32776.patch > create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777-01.patch > create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32777-02.patch > create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778-01.patch > create mode 100644 meta/recipes-core/expat/expat/CVE-2026-32778-02.patch > create mode 100644 > meta/recipes-core/ovmf/ovmf/0001-AmdSev-Halt-on-failed-blob-allocation.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2024-38798.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-1.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-2.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-3.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-4.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-5.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-6.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-7.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-8.patch > create mode 100644 meta/recipes-core/ovmf/ovmf/CVE-2025-2296-9.patch > create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-01.patch > create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40225-02.patch > create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40226-01.patch > create mode 100644 meta/recipes-core/systemd/systemd/CVE-2026-40226-02.patch > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch > create mode 100644 meta/recipes-devtools/rsync/files/CVE-2026-41035.patch > create mode 100644 > meta/recipes-extended/ghostscript/ghostscript/0001-Bug-708160-Fix-compatibility-with-C23-compilers.patch > create mode 100644 > meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2026-5201.patch > create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33636.patch > create mode 100644 > meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-14523.patch > create mode 100644 > meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-1.patch > create mode 100644 > meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-2.patch > create mode 100644 > meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-3.patch > create mode 100644 > meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32049-4.patch -- Fabien Thomas Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236518): https://lists.openembedded.org/g/openembedded-core/message/236518 Mute This Topic: https://lists.openembedded.org/mt/119164862/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
