Note: this series contains a major OpenSSL upgrade (agreed by YP TSC). Please review this set of changes for scarthgap and have comments back by end of day Tuesday, March 10.
Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3349 (Ignore the warning about Centos Stream9, its support is a work in progress for scarthgap) I also did a full meta-oe build (to check for build failure with the OpenSSL upgrade) https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1342 (the warnings are unrelated to this series) The following changes since commit a9a785d7fa0cfe2a9087dbcde0ef9f0d2a441375: build-appliance-image: Update to scarthgap head revision (2026-02-27 17:45:15 +0000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut for you to fetch changes up to fd8a140eb0742bbc12a23e36c9d24378bc0f462d: busybox: Fixes CVE-2025-60876 (2026-03-06 23:58:42 +0100) ---------------------------------------------------------------- Hugo SIMELIERE (2): zlib: Fix CVE-2026-27171 harfbuzz: Fix CVE-2026-22693 Livin Sunny (1): busybox: Fixes CVE-2025-60876 Paul Barker (1): create-pull-request: Keep commit hash to be pulled in cover email Peter Marko (3): ffmpeg: set status for CVE-2025-10256 ffmpeg: set status for CVE-2025-12343 openssl: upgrade 3.2.6 -> 3.5.5 Shaik Moin (1): gdk-pixbuf: Fix CVE-2025-6199 Tom Hochstein (1): uboot-config: Fix devtool modify Yoann Congal (2): scripts/install-buildtools: Update to 5.0.16 README: Add scarthgap subject-prefix to git-send-email suggestion README.OE-Core.md | 2 +- meta/classes-recipe/uboot-config.bbclass | 2 +- .../openssl/files/environment.d-openssl.sh | 9 ++- ...ke-history-reporting-when-test-fails.patch | 32 ++++---- ...1-Configure-do-not-tweak-mips-cflags.patch | 4 +- ...sysroot-and-debug-prefix-map-from-co.patch | 26 ++++--- .../0001-extend-check_cwm-test-timeout.patch | 32 ++++++++ .../openssl/openssl/CVE-2024-41996.patch | 44 ----------- .../openssl/openssl/CVE-2025-15468.patch | 39 ---------- .../openssl/openssl/CVE-2025-69419.patch | 61 --------------- .../{openssl_3.2.6.bb => openssl_3.5.5.bb} | 75 ++++++++++++------- .../busybox/busybox/CVE-2025-60876.patch | 42 +++++++++++ meta/recipes-core/busybox/busybox_1.36.1.bb | 1 + .../zlib/zlib/CVE-2026-27171.patch | 63 ++++++++++++++++ meta/recipes-core/zlib/zlib_1.3.1.bb | 1 + .../gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch | 36 +++++++++ .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb | 1 + .../harfbuzz/files/CVE-2026-22693.patch | 33 ++++++++ .../harfbuzz/harfbuzz_8.3.0.bb | 4 +- .../recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 +- scripts/create-pull-request | 2 +- scripts/install-buildtools | 4 +- 22 files changed, 305 insertions(+), 210 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-extend-check_cwm-test-timeout.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-15468.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2025-69419.patch rename meta/recipes-connectivity/openssl/{openssl_3.2.6.bb => openssl_3.5.5.bb} (76%) create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-60876.patch create mode 100644 meta/recipes-core/zlib/zlib/CVE-2026-27171.patch create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch create mode 100644 meta/recipes-graphics/harfbuzz/files/CVE-2026-22693.patch
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232625): https://lists.openembedded.org/g/openembedded-core/message/232625 Mute This Topic: https://lists.openembedded.org/mt/118196383/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
