(Acting as LTS maintainer in training, process has been reviewed by
Yoann Congal)
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 16.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3980
The following changes since commit e2864ea1ac022e43af92badc701fa1e2a9571f46:
pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
for you to fetch changes up to 5e138a5cfb868b2b545161cb2cc706ccde307512:
meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info
(2026-06-12 11:50:34 +0200)
----------------------------------------------------------------
Enrico Jörns (1):
devtool: prevent 'devtool modify -n' from corrupting kernel Git repos
Hugo SIMELIERE (Schneider Electric) (3):
busybox: Fix CVE-2026-29004
xz: Fix CVE-2026-34743
util-linux: Fix CVE-2026-27456
João Marcos Costa (Schneider Electric) (1):
meta/lib/oe/package.py: fix path to kernel sources in
save_debugsources_info
Sudhir Dumbhare (1):
nfs-utils: fix CVE-2025-12801
Theo Gaige (Schneider Electric) (14):
go: patch CVE-2026-27142
go: patch CVE-2026-32280
go: patch CVE-2026-32283
go: patch CVE-2026-32289
go: patch CVE-2026-33811
go: patch CVE-2026-39817
go: patch CVE-2026-39819
go: patch CVE-2026-39820
go: patch CVE-2026-39825
go: patch CVE-2026-39826
go: patch CVE-2026-42499
go: patch CVE-2026-42501
go: patch CVE-2026-42504
go: patch CVE-2026-42507
Zahir Hussain (1):
libpng: Fix CVE-2026-33416
meta/classes/create-spdx-2.2.bbclass | 2 +-
meta/lib/oe/package.py | 4 +-
.../nfs-utils/CVE-2025-12801-build-fix.patch | 44 ++
.../CVE-2025-12801-dependent_p1.patch | 71 +++
.../CVE-2025-12801-dependent_p2.patch | 81 +++
.../CVE-2025-12801-dependent_p3.patch | 185 +++++++
.../CVE-2025-12801-dependent_p4.patch | 468 ++++++++++++++++++
.../nfs-utils/nfs-utils/CVE-2025-12801.patch | 254 ++++++++++
.../nfs-utils/nfs-utils_2.6.4.bb | 6 +
.../busybox/busybox/CVE-2026-29004-01.patch | 41 ++
.../busybox/busybox/CVE-2026-29004-02.patch | 46 ++
meta/recipes-core/busybox/busybox_1.36.1.bb | 2 +
meta/recipes-core/util-linux/util-linux.inc | 1 +
.../util-linux/CVE-2026-27456.patch | 115 +++++
meta/recipes-devtools/go/go-1.22.12.inc | 14 +
.../go/go/CVE-2026-27142.patch | 386 +++++++++++++++
.../go/go/CVE-2026-32280.patch | 289 +++++++++++
.../go/go/CVE-2026-32283.patch | 177 +++++++
.../go/go/CVE-2026-32289.patch | 217 ++++++++
.../go/go/CVE-2026-33811.patch | 46 ++
.../go/go/CVE-2026-39817.patch | 105 ++++
.../go/go/CVE-2026-39819.patch | 48 ++
.../go/go/CVE-2026-39820.patch | 112 +++++
.../go/go/CVE-2026-39825.patch | 104 ++++
.../go/go/CVE-2026-39826.patch | 65 +++
.../go/go/CVE-2026-42499.patch | 91 ++++
.../go/go/CVE-2026-42501.patch | 127 +++++
.../go/go/CVE-2026-42504.patch | 58 +++
.../go/go/CVE-2026-42507.patch | 160 ++++++
.../xz/xz/CVE-2026-34743.patch | 68 +++
meta/recipes-extended/xz/xz_5.4.7.bb | 1 +
.../libpng/files/CVE-2026-33416-01.patch | 143 ++++++
.../libpng/files/CVE-2026-33416-02.patch | 53 ++
.../libpng/files/CVE-2026-33416-03.patch | 163 ++++++
.../libpng/files/CVE-2026-33416-04.patch | 53 ++
.../libpng/libpng_1.6.42.bb | 4 +
scripts/lib/devtool/standard.py | 3 +-
37 files changed, 3803 insertions(+), 4 deletions(-)
create mode 100644
meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-build-fix.patch
create mode 100644
meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p1.patch
create mode 100644
meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p2.patch
create mode 100644
meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p3.patch
create mode 100644
meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801-dependent_p4.patch
create mode 100644
meta/recipes-connectivity/nfs-utils/nfs-utils/CVE-2025-12801.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2026-27456.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27142.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32280.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32289.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39817.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39819.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39820.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39825.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39826.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42499.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42501.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42504.patch
create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42507.patch
create mode 100644 meta/recipes-extended/xz/xz/CVE-2026-34743.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-01.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-02.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-03.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-04.patch
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#238622):
https://lists.openembedded.org/g/openembedded-core/message/238622
Mute This Topic: https://lists.openembedded.org/mt/119774416/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
