| Message ID | cover.1757666820.git.anuj.mittal@intel.com |
|---|---|
| State | New |
| Headers | show |
Merged now, Thanks Anuj On Fri, Sep 12, 2025 at 2:06 AM Anuj Mittal <anuj.mittal@intel.com> wrote: > > Please merge these changes. Tested using qemux86-64 and qemuarm64. > > The following changes since commit c29a18fa39ede952f3f6108ec007c1906e2d9a0d: > > mbedtls: drop tag parameter from SRC_URI. (2025-08-18 08:35:05 -0700) > > are available in the Git repository at: > > https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap > https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap > > Alexandre Truong (1): > hunspell-dictionaries: switch branch from master to main > > Changqing Li (1): > luajit: fix several CVEs > > Deepak Rathore (1): > protobuf 4.25.8: Mark CVE-2024-7254 as patched > > Gyorgy Sarvari (1): > poppler: fix typos in CVE-2025-52886-0001.patch > > Hitendra Prajapati (1): > libssh: fix CVE-2025-4877 > > Jan Vermaete (1): > python3-werkzeug: added python3-difflib as RDEPENDS > > Jiaying Song (1): > v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit > > Martin Jansa (1): > abseil-cpp: fix build with gcc-15 on host > > Martin Schwan (1): > linuxptp: Add systemd instance specifier for ptp4l dependency > > Michael Opdenacker (1): > kernel-hardening-checker: backport recipe > > Peter Marko (1): > nginx: patch CVE-2025-53859 > > Praveen Kumar (1): > php: upgrade 8.2.28 -> 8.2.29 > > Randolph Sapp (1): > vulkan-cts: allow vulkan versions > 1.3 > > Roland Kovacs (1): > jq: add Upstream-Status and CVE tags into .patch files > > Yogita Urade (2): > poppler: fix CVE-2025-50420 > postgresql: upgrade 16.9 -> 16.10 > > Zhang Peng (8): > gnuplot: fix CVE-2025-3359 > gnuplot: fix CVE-2025-31176 > gnuplot: fix CVE-2025-31177 > gnuplot: fix CVE-2025-31178 > gnuplot: fix CVE-2025-31179 > gnuplot: fix CVE-2025-31180 > gnuplot: fix CVE-2025-31181 > iperf3: fix CVE-2025-54349 > > .../iperf3/iperf3/CVE-2025-54349.patch | 97 +++++++++++ > .../recipes-benchmark/iperf3/iperf3_3.18.bb | 1 + > .../linuxptp/systemd/phc2sys@.service.in | 4 +- > ...c-bypass-autoconf-2.69-version-check.patch | 4 +- > ...postgresql_16.9.bb => postgresql_16.10.bb} | 4 +- > ...r-internal-Explicitly-include-cstdin.patch | 34 ++++ > .../abseil-cpp/abseil-cpp_20240116.3.bb | 1 + > .../jq/jq/CVE-2024-23337.patch | 3 + > .../jq/jq/CVE-2024-53427.patch | 3 + > .../jq/jq/CVE-2025-48060.patch | 3 + > .../luajit/luajit/CVE-2024-25176.patch | 32 ++++ > .../luajit/luajit/CVE-2024-25177.patch | 47 +++++ > .../luajit/luajit/CVE-2024-25178.patch | 162 ++++++++++++++++++ > meta-oe/recipes-devtools/luajit/luajit_git.bb | 3 + > .../php/{php_8.2.28.bb => php_8.2.29.bb} | 2 +- > .../protobuf/protobuf_4.25.8.bb | 2 + > .../gnuplot/gnuplot/CVE-2025-31176.patch | 86 ++++++++++ > .../gnuplot/gnuplot/CVE-2025-31177.patch | 40 +++++ > .../gnuplot/gnuplot/CVE-2025-31178.patch | 95 ++++++++++ > .../gnuplot/gnuplot/CVE-2025-31179.patch | 35 ++++ > .../gnuplot/gnuplot/CVE-2025-31180.patch | 43 +++++ > .../gnuplot/gnuplot/CVE-2025-31181.patch | 43 +++++ > .../gnuplot/gnuplot/CVE-2025-3359.patch | 67 ++++++++ > .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 7 + > ...e-CTS-with-unknown-versions-of-Vulka.patch | 41 +++++ > .../vk-gl-cts/vulkan-cts_1.3.7.3.bb | 1 + > ...on.build-fix-arm-_TIME_BITS-64-error.patch | 38 ++++ > .../v4l2apps/v4l-utils_1.26.1.bb | 5 +- > ...ject.toml-fix-up-license-information.patch | 31 ++++ > ...-relax-setuptool-version-requirement.patch | 29 ++++ > .../kernel-hardening-checker_0.6.10.2.bb | 41 +++++ > .../hunspell/hunspell-dictionaries.bb | 2 +- > .../libssh/libssh/CVE-2025-4877.patch | 57 ++++++ > .../recipes-support/libssh/libssh_0.10.6.bb | 1 + > .../poppler/poppler/CVE-2025-50420.patch | 38 ++++ > .../poppler/poppler/CVE-2025-52886-0001.patch | 144 ++++++++-------- > .../poppler/poppler_23.04.0.bb | 1 + > .../python/python3-werkzeug_3.0.6.bb | 1 + > .../nginx/files/CVE-2025-53859.patch | 131 ++++++++++++++ > meta-webserver/recipes-httpd/nginx/nginx.inc | 1 + > 40 files changed, 1293 insertions(+), 87 deletions(-) > create mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch > rename meta-oe/recipes-dbs/postgresql/{postgresql_16.9.bb => postgresql_16.10.bb} (75%) > create mode 100644 meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-PR-1739-container-internal-Explicitly-include-cstdin.patch > create mode 100644 meta-oe/recipes-devtools/luajit/luajit/CVE-2024-25176.patch > create mode 100644 meta-oe/recipes-devtools/luajit/luajit/CVE-2024-25177.patch > create mode 100644 meta-oe/recipes-devtools/luajit/luajit/CVE-2024-25178.patch > rename meta-oe/recipes-devtools/php/{php_8.2.28.bb => php_8.2.29.bb} (99%) > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31176.patch > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31178.patch > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch > create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-3359.patch > create mode 100644 meta-oe/recipes-graphics/vk-gl-cts/vulkan-cts/0001-Allow-running-the-CTS-with-unknown-versions-of-Vulka.patch > create mode 100644 meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0003-meson.build-fix-arm-_TIME_BITS-64-error.patch > create mode 100644 meta-oe/recipes-security/kernel-hardening-checker/files/0001-pyproject.toml-fix-up-license-information.patch > create mode 100644 meta-oe/recipes-security/kernel-hardening-checker/files/0002-pyproject.toml-relax-setuptool-version-requirement.patch > create mode 100644 meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.2.bb > create mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2025-4877.patch > create mode 100644 meta-oe/recipes-support/poppler/poppler/CVE-2025-50420.patch > create mode 100755 meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch >
Please merge these changes. Tested using qemux86-64 and qemuarm64. The following changes since commit c29a18fa39ede952f3f6108ec007c1906e2d9a0d: mbedtls: drop tag parameter from SRC_URI. (2025-08-18 08:35:05 -0700) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap Alexandre Truong (1): hunspell-dictionaries: switch branch from master to main Changqing Li (1): luajit: fix several CVEs Deepak Rathore (1): protobuf 4.25.8: Mark CVE-2024-7254 as patched Gyorgy Sarvari (1): poppler: fix typos in CVE-2025-52886-0001.patch Hitendra Prajapati (1): libssh: fix CVE-2025-4877 Jan Vermaete (1): python3-werkzeug: added python3-difflib as RDEPENDS Jiaying Song (1): v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit Martin Jansa (1): abseil-cpp: fix build with gcc-15 on host Martin Schwan (1): linuxptp: Add systemd instance specifier for ptp4l dependency Michael Opdenacker (1): kernel-hardening-checker: backport recipe Peter Marko (1): nginx: patch CVE-2025-53859 Praveen Kumar (1): php: upgrade 8.2.28 -> 8.2.29 Randolph Sapp (1): vulkan-cts: allow vulkan versions > 1.3 Roland Kovacs (1): jq: add Upstream-Status and CVE tags into .patch files Yogita Urade (2): poppler: fix CVE-2025-50420 postgresql: upgrade 16.9 -> 16.10 Zhang Peng (8): gnuplot: fix CVE-2025-3359 gnuplot: fix CVE-2025-31176 gnuplot: fix CVE-2025-31177 gnuplot: fix CVE-2025-31178 gnuplot: fix CVE-2025-31179 gnuplot: fix CVE-2025-31180 gnuplot: fix CVE-2025-31181 iperf3: fix CVE-2025-54349 .../iperf3/iperf3/CVE-2025-54349.patch | 97 +++++++++++ .../recipes-benchmark/iperf3/iperf3_3.18.bb | 1 + .../linuxptp/systemd/phc2sys@.service.in | 4 +- ...c-bypass-autoconf-2.69-version-check.patch | 4 +- ...postgresql_16.9.bb => postgresql_16.10.bb} | 4 +- ...r-internal-Explicitly-include-cstdin.patch | 34 ++++ .../abseil-cpp/abseil-cpp_20240116.3.bb | 1 + .../jq/jq/CVE-2024-23337.patch | 3 + .../jq/jq/CVE-2024-53427.patch | 3 + .../jq/jq/CVE-2025-48060.patch | 3 + .../luajit/luajit/CVE-2024-25176.patch | 32 ++++ .../luajit/luajit/CVE-2024-25177.patch | 47 +++++ .../luajit/luajit/CVE-2024-25178.patch | 162 ++++++++++++++++++ meta-oe/recipes-devtools/luajit/luajit_git.bb | 3 + .../php/{php_8.2.28.bb => php_8.2.29.bb} | 2 +- .../protobuf/protobuf_4.25.8.bb | 2 + .../gnuplot/gnuplot/CVE-2025-31176.patch | 86 ++++++++++ .../gnuplot/gnuplot/CVE-2025-31177.patch | 40 +++++ .../gnuplot/gnuplot/CVE-2025-31178.patch | 95 ++++++++++ .../gnuplot/gnuplot/CVE-2025-31179.patch | 35 ++++ .../gnuplot/gnuplot/CVE-2025-31180.patch | 43 +++++ .../gnuplot/gnuplot/CVE-2025-31181.patch | 43 +++++ .../gnuplot/gnuplot/CVE-2025-3359.patch | 67 ++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 7 + ...e-CTS-with-unknown-versions-of-Vulka.patch | 41 +++++ .../vk-gl-cts/vulkan-cts_1.3.7.3.bb | 1 + ...on.build-fix-arm-_TIME_BITS-64-error.patch | 38 ++++ .../v4l2apps/v4l-utils_1.26.1.bb | 5 +- ...ject.toml-fix-up-license-information.patch | 31 ++++ ...-relax-setuptool-version-requirement.patch | 29 ++++ .../kernel-hardening-checker_0.6.10.2.bb | 41 +++++ .../hunspell/hunspell-dictionaries.bb | 2 +- .../libssh/libssh/CVE-2025-4877.patch | 57 ++++++ .../recipes-support/libssh/libssh_0.10.6.bb | 1 + .../poppler/poppler/CVE-2025-50420.patch | 38 ++++ .../poppler/poppler/CVE-2025-52886-0001.patch | 144 ++++++++-------- .../poppler/poppler_23.04.0.bb | 1 + .../python/python3-werkzeug_3.0.6.bb | 1 + .../nginx/files/CVE-2025-53859.patch | 131 ++++++++++++++ meta-webserver/recipes-httpd/nginx/nginx.inc | 1 + 40 files changed, 1293 insertions(+), 87 deletions(-) create mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_16.9.bb => postgresql_16.10.bb} (75%) create mode 100644 meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-PR-1739-container-internal-Explicitly-include-cstdin.patch create mode 100644 meta-oe/recipes-devtools/luajit/luajit/CVE-2024-25176.patch create mode 100644 meta-oe/recipes-devtools/luajit/luajit/CVE-2024-25177.patch create mode 100644 meta-oe/recipes-devtools/luajit/luajit/CVE-2024-25178.patch rename meta-oe/recipes-devtools/php/{php_8.2.28.bb => php_8.2.29.bb} (99%) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31176.patch create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31178.patch create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-3359.patch create mode 100644 meta-oe/recipes-graphics/vk-gl-cts/vulkan-cts/0001-Allow-running-the-CTS-with-unknown-versions-of-Vulka.patch create mode 100644 meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0003-meson.build-fix-arm-_TIME_BITS-64-error.patch create mode 100644 meta-oe/recipes-security/kernel-hardening-checker/files/0001-pyproject.toml-fix-up-license-information.patch create mode 100644 meta-oe/recipes-security/kernel-hardening-checker/files/0002-pyproject.toml-relax-setuptool-version-requirement.patch create mode 100644 meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.2.bb create mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2025-4877.patch create mode 100644 meta-oe/recipes-support/poppler/poppler/CVE-2025-50420.patch create mode 100755 meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch