Those are the patches from the last patch review: https://lore.kernel.org/openembedded-core/[email protected]/ ... with "nfs-utils: fix CVE-2025-12801" removed, see https://lore.kernel.org/openembedded-core/[email protected]/
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/4001 qemuarm64-ptest got impacted by 16267 – [scarthgap] AB-INT PTEST: python3 failure (test_wrong_cert_tls13) Succesfully rebuilt in https://autobuilder.yoctoproject.org/valkyrie/?#/builders/61/builds/3824> The following changes since commit e2864ea1ac022e43af92badc701fa1e2a9571f46: pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-next https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-next for you to fetch changes up to dd74c1388d5bfefd2adcdb6abd622297138e2eb1: meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-15 11:54:08 +0200) ---------------------------------------------------------------- Enrico Jörns (1): devtool: prevent 'devtool modify -n' from corrupting kernel Git repos Hugo SIMELIERE (Schneider Electric) (3): busybox: Fix CVE-2026-29004 xz: Fix CVE-2026-34743 util-linux: Fix CVE-2026-27456 João Marcos Costa (Schneider Electric) (1): meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info Theo Gaige (Schneider Electric) (14): go: patch CVE-2026-27142 go: patch CVE-2026-32280 go: patch CVE-2026-32283 go: patch CVE-2026-32289 go: patch CVE-2026-33811 go: patch CVE-2026-39817 go: patch CVE-2026-39819 go: patch CVE-2026-39820 go: patch CVE-2026-39825 go: patch CVE-2026-39826 go: patch CVE-2026-42499 go: patch CVE-2026-42501 go: patch CVE-2026-42504 go: patch CVE-2026-42507 Zahir Hussain (1): libpng: Fix CVE-2026-33416 meta/classes/create-spdx-2.2.bbclass | 2 +- meta/lib/oe/package.py | 4 +- .../busybox/busybox/CVE-2026-29004-01.patch | 41 ++ .../busybox/busybox/CVE-2026-29004-02.patch | 46 +++ meta/recipes-core/busybox/busybox_1.36.1.bb | 2 + meta/recipes-core/util-linux/util-linux.inc | 1 + .../util-linux/CVE-2026-27456.patch | 115 ++++++ meta/recipes-devtools/go/go-1.22.12.inc | 14 + .../go/go/CVE-2026-27142.patch | 386 ++++++++++++++++++ .../go/go/CVE-2026-32280.patch | 289 +++++++++++++ .../go/go/CVE-2026-32283.patch | 177 ++++++++ .../go/go/CVE-2026-32289.patch | 217 ++++++++++ .../go/go/CVE-2026-33811.patch | 46 +++ .../go/go/CVE-2026-39817.patch | 105 +++++ .../go/go/CVE-2026-39819.patch | 48 +++ .../go/go/CVE-2026-39820.patch | 112 +++++ .../go/go/CVE-2026-39825.patch | 104 +++++ .../go/go/CVE-2026-39826.patch | 65 +++ .../go/go/CVE-2026-42499.patch | 91 +++++ .../go/go/CVE-2026-42501.patch | 127 ++++++ .../go/go/CVE-2026-42504.patch | 58 +++ .../go/go/CVE-2026-42507.patch | 160 ++++++++ .../xz/xz/CVE-2026-34743.patch | 68 +++ meta/recipes-extended/xz/xz_5.4.7.bb | 1 + .../libpng/files/CVE-2026-33416-01.patch | 143 +++++++ .../libpng/files/CVE-2026-33416-02.patch | 53 +++ .../libpng/files/CVE-2026-33416-03.patch | 163 ++++++++ .../libpng/files/CVE-2026-33416-04.patch | 53 +++ .../libpng/libpng_1.6.42.bb | 4 + scripts/lib/devtool/standard.py | 3 +- 30 files changed, 2694 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-01.patch create mode 100644 meta/recipes-core/busybox/busybox/CVE-2026-29004-02.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2026-27456.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27142.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32280.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32289.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-33811.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39817.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39819.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39820.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39825.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-39826.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42499.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42501.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42504.patch create mode 100644 meta/recipes-devtools/go/go/CVE-2026-42507.patch create mode 100644 meta/recipes-extended/xz/xz/CVE-2026-34743.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-01.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-02.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-03.patch create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-33416-04.patch
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238917): https://lists.openembedded.org/g/openembedded-core/message/238917 Mute This Topic: https://lists.openembedded.org/mt/119836508/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
