| Message ID | cover.1768880370.git.anuj.mittal@oss.qualcomm.com |
|---|---|
| State | New |
| Headers | show |
merged now, thanks Anuj On Mon, Jan 19, 2026 at 8:05 PM Anuj Mittal <anuj.mittal@oss.qualcomm.com> wrote: > Please merge these changes in scarthgap. Tested on AB and locally. > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1257 > > The following changes since commit > 2df869df1c3fa74103098bba65c06e55d0d3664a: > > freerdp3: drop CVE-2025-68118 patch (2026-01-13 06:53:10 +0530) > > are available in the Git repository at: > > https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap > > https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap > > Anil Dongare (1): > php 8.2.29: CVE-2025-14177 > > Ankur Tyagi (22): > gimp: upgrade 2.10.36 -> 2.10.38 > gimp: patch CVE-2025-14422 > gimp: patch CVE-2025-14425 > gimp: ignore CVE-2025-48796 > gimp: patch CVE-2025-5473 > python3-aiohttp: upgrade 3.9.4 -> 3.9.5 > python3-aiohttp: patch CVE-2024-52304 > python3-cob2: upgrade 5.6.3 -> 5.6.4 > python3-configobj: patch CVE-2023-26112 > python3-eventlet: patch CVE-2025-58068 > python3-marshmallow: upgrade 3.21.1 -> 3.21.3 > python3-pymongo: upgrade 4.6.1 -> 4.6.3 > python3-tornado: patch CVE-2025-47287 > python3-tornado: patch CVE-2025-67724 > python3-tornado: patch CVE-2025-67726 > python3-tqdm: upgrade 4.66.2 -> 4.66.3 > python3-werkzeug: ignore CVE-2025-66221 and CVE-2026-21860 > python3-virtualenv: upgrade 20.25.0 -> 20.25.3 > gpsd: patch CVE-2025-67268 > gpsd: patch CVE-2025-67269 > frr: patch multiple CVEs > fluidsynth: patch CVE-2025-56225 > > Gyorgy Sarvari (5): > python3-ldap: set CVE_PRODUCT > python3-ldap: upgrade 3.4.4 -> 3.4.5 > boinc-client: set CVE_PRODUCT > boinc-client: mark CVE-2013-2018 patched > lmdb: patch CVE-2026-22185 > > Jackson (1): > tcpreplay 4.4.4: Fix CVE-2025-9384 > > Peter Marko (1): > gimp: ignore CVE-2007-3741 > > Wang Mingyu (1): > openfortivpn: upgrade 1.22.0 -> 1.22.1 > > Yoann Congal (1): > boinc-client: fix hostname reproducibility > > .../gimp/gimp/CVE-2025-14422.patch | 64 ++++ > .../gimp/gimp/CVE-2025-14425.patch | 70 +++++ > .../gimp/gimp/CVE-2025-5473.patch | 38 +++ > .../gimp/{gimp_2.10.36.bb => gimp_2.10.38.bb} | 11 +- > .../fluidsynth/CVE-2025-56225.patch | 25 ++ > .../fluidsynth/fluidsynth_2.3.4.bb | 1 + > ...tivpn_1.22.0.bb => openfortivpn_1.22.1.bb} | 2 +- > ...1102-61103-61104-61105-61106-61107_1.patch | 37 +++ > ...1102-61103-61104-61105-61106-61107_2.patch | 273 ++++++++++++++++++ > ...1102-61103-61104-61105-61106-61107_3.patch | 78 +++++ > ...1102-61103-61104-61105-61106-61107_4.patch | 119 ++++++++ > .../recipes-protocols/frr/frr_9.1.3.bb | 4 + > .../tcpreplay/tcpreplay/CVE-2025-9384.patch | 38 +++ > .../tcpreplay/tcpreplay_4.4.4.bb | 1 + > .../lmdb/files/CVE-2026-22185.patch | 31 ++ > meta-oe/recipes-dbs/lmdb/lmdb_0.9.31.bb | 1 + > .../php/php/CVE-2025-14177.patch | 84 ++++++ > meta-oe/recipes-devtools/php/php_8.2.29.bb | 1 + > .../boinc/boinc-client_7.20.5.bb | 9 +- > .../gpsd/gpsd/CVE-2025-67268.patch | 214 ++++++++++++++ > .../gpsd/gpsd/CVE-2025-67269.patch | 150 ++++++++++ > meta-oe/recipes-navigation/gpsd/gpsd_3.24.bb | 2 + > .../python3-aiohttp/CVE-2024-52304.patch | 124 ++++++++ > ...http_3.9.4.bb => python3-aiohttp_3.9.5.bb} | 4 +- > ...-cbor2_5.6.3.bb => python3-cbor2_5.6.4.bb} | 2 +- > .../python3-configobj/CVE-2023-26112.patch | 25 ++ > .../python/python3-configobj_5.0.8.bb | 2 + > .../python3-eventlet/CVE-2025-58068.patch | 42 +++ > .../python/python3-eventlet_0.36.1.bb | 2 + > ....21.1.bb => python3-marshmallow_3.21.3.bb} | 2 +- > ...ongo_4.6.1.bb => python3-pymongo_4.6.3.bb} | 2 +- > .../python3-tornado/CVE-2025-47287.patch | 232 +++++++++++++++ > .../python3-tornado/CVE-2025-67724.patch | 118 ++++++++ > .../python3-tornado/CVE-2025-67726.patch | 99 +++++++ > .../python/python3-tornado_6.4.2.bb | 5 + > ...-tqdm_4.66.2.bb => python3-tqdm_4.66.3.bb} | 2 +- > ....25.0.bb => python3-virtualenv_20.25.3.bb} | 2 +- > .../python/python3-werkzeug_3.0.6.bb | 3 + > ...n3-ldap_3.4.4.bb => python3-ldap_3.4.5.bb} | 10 +- > 39 files changed, 1915 insertions(+), 14 deletions(-) > create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch > create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch > create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-5473.patch > rename meta-gnome/recipes-gimp/gimp/{gimp_2.10.36.bb => gimp_2.10.38.bb} > (82%) > create mode 100644 > meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth/CVE-2025-56225.patch > rename meta-networking/recipes-connectivity/openfortivpn/{ > openfortivpn_1.22.0.bb => openfortivpn_1.22.1.bb} (93%) > create mode 100644 > meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_1.patch > create mode 100644 > meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_2.patch > create mode 100644 > meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_3.patch > create mode 100644 > meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_4.patch > create mode 100644 > meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch > create mode 100644 meta-oe/recipes-dbs/lmdb/files/CVE-2026-22185.patch > create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14177.patch > create mode 100644 > meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch > create mode 100644 > meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch > rename meta-python/recipes-devtools/python/{python3-aiohttp_3.9.4.bb => > python3-aiohttp_3.9.5.bb} (81%) > rename meta-python/recipes-devtools/python/{python3-cbor2_5.6.3.bb => > python3-cbor2_5.6.4.bb} (89%) > create mode 100644 > meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch > rename meta-python/recipes-devtools/python/{python3-marshmallow_3.21.1.bb > => python3-marshmallow_3.21.3.bb} (92%) > rename meta-python/recipes-devtools/python/{python3-pymongo_4.6.1.bb => > python3-pymongo_4.6.3.bb} (90%) > create mode 100644 > meta-python/recipes-devtools/python/python3-tornado/CVE-2025-47287.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-tornado/CVE-2025-67724.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-tornado/CVE-2025-67726.patch > rename meta-python/recipes-devtools/python/{python3-tqdm_4.66.2.bb => > python3-tqdm_4.66.3.bb} (81%) > rename meta-python/recipes-devtools/python/{python3-virtualenv_20.25.0.bb > => python3-virtualenv_20.25.3.bb} (85%) > rename meta-python/recipes-networking/python/{python3-ldap_3.4.4.bb => > python3-ldap_3.4.5.bb} (74%) > > -- > 2.52.0 > >
Please merge these changes in scarthgap. Tested on AB and locally. https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1257 The following changes since commit 2df869df1c3fa74103098bba65c06e55d0d3664a: freerdp3: drop CVE-2025-68118 patch (2026-01-13 06:53:10 +0530) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap Anil Dongare (1): php 8.2.29: CVE-2025-14177 Ankur Tyagi (22): gimp: upgrade 2.10.36 -> 2.10.38 gimp: patch CVE-2025-14422 gimp: patch CVE-2025-14425 gimp: ignore CVE-2025-48796 gimp: patch CVE-2025-5473 python3-aiohttp: upgrade 3.9.4 -> 3.9.5 python3-aiohttp: patch CVE-2024-52304 python3-cob2: upgrade 5.6.3 -> 5.6.4 python3-configobj: patch CVE-2023-26112 python3-eventlet: patch CVE-2025-58068 python3-marshmallow: upgrade 3.21.1 -> 3.21.3 python3-pymongo: upgrade 4.6.1 -> 4.6.3 python3-tornado: patch CVE-2025-47287 python3-tornado: patch CVE-2025-67724 python3-tornado: patch CVE-2025-67726 python3-tqdm: upgrade 4.66.2 -> 4.66.3 python3-werkzeug: ignore CVE-2025-66221 and CVE-2026-21860 python3-virtualenv: upgrade 20.25.0 -> 20.25.3 gpsd: patch CVE-2025-67268 gpsd: patch CVE-2025-67269 frr: patch multiple CVEs fluidsynth: patch CVE-2025-56225 Gyorgy Sarvari (5): python3-ldap: set CVE_PRODUCT python3-ldap: upgrade 3.4.4 -> 3.4.5 boinc-client: set CVE_PRODUCT boinc-client: mark CVE-2013-2018 patched lmdb: patch CVE-2026-22185 Jackson (1): tcpreplay 4.4.4: Fix CVE-2025-9384 Peter Marko (1): gimp: ignore CVE-2007-3741 Wang Mingyu (1): openfortivpn: upgrade 1.22.0 -> 1.22.1 Yoann Congal (1): boinc-client: fix hostname reproducibility .../gimp/gimp/CVE-2025-14422.patch | 64 ++++ .../gimp/gimp/CVE-2025-14425.patch | 70 +++++ .../gimp/gimp/CVE-2025-5473.patch | 38 +++ .../gimp/{gimp_2.10.36.bb => gimp_2.10.38.bb} | 11 +- .../fluidsynth/CVE-2025-56225.patch | 25 ++ .../fluidsynth/fluidsynth_2.3.4.bb | 1 + ...tivpn_1.22.0.bb => openfortivpn_1.22.1.bb} | 2 +- ...1102-61103-61104-61105-61106-61107_1.patch | 37 +++ ...1102-61103-61104-61105-61106-61107_2.patch | 273 ++++++++++++++++++ ...1102-61103-61104-61105-61106-61107_3.patch | 78 +++++ ...1102-61103-61104-61105-61106-61107_4.patch | 119 ++++++++ .../recipes-protocols/frr/frr_9.1.3.bb | 4 + .../tcpreplay/tcpreplay/CVE-2025-9384.patch | 38 +++ .../tcpreplay/tcpreplay_4.4.4.bb | 1 + .../lmdb/files/CVE-2026-22185.patch | 31 ++ meta-oe/recipes-dbs/lmdb/lmdb_0.9.31.bb | 1 + .../php/php/CVE-2025-14177.patch | 84 ++++++ meta-oe/recipes-devtools/php/php_8.2.29.bb | 1 + .../boinc/boinc-client_7.20.5.bb | 9 +- .../gpsd/gpsd/CVE-2025-67268.patch | 214 ++++++++++++++ .../gpsd/gpsd/CVE-2025-67269.patch | 150 ++++++++++ meta-oe/recipes-navigation/gpsd/gpsd_3.24.bb | 2 + .../python3-aiohttp/CVE-2024-52304.patch | 124 ++++++++ ...http_3.9.4.bb => python3-aiohttp_3.9.5.bb} | 4 +- ...-cbor2_5.6.3.bb => python3-cbor2_5.6.4.bb} | 2 +- .../python3-configobj/CVE-2023-26112.patch | 25 ++ .../python/python3-configobj_5.0.8.bb | 2 + .../python3-eventlet/CVE-2025-58068.patch | 42 +++ .../python/python3-eventlet_0.36.1.bb | 2 + ....21.1.bb => python3-marshmallow_3.21.3.bb} | 2 +- ...ongo_4.6.1.bb => python3-pymongo_4.6.3.bb} | 2 +- .../python3-tornado/CVE-2025-47287.patch | 232 +++++++++++++++ .../python3-tornado/CVE-2025-67724.patch | 118 ++++++++ .../python3-tornado/CVE-2025-67726.patch | 99 +++++++ .../python/python3-tornado_6.4.2.bb | 5 + ...-tqdm_4.66.2.bb => python3-tqdm_4.66.3.bb} | 2 +- ....25.0.bb => python3-virtualenv_20.25.3.bb} | 2 +- .../python/python3-werkzeug_3.0.6.bb | 3 + ...n3-ldap_3.4.4.bb => python3-ldap_3.4.5.bb} | 10 +- 39 files changed, 1915 insertions(+), 14 deletions(-) create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-5473.patch rename meta-gnome/recipes-gimp/gimp/{gimp_2.10.36.bb => gimp_2.10.38.bb} (82%) create mode 100644 meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth/CVE-2025-56225.patch rename meta-networking/recipes-connectivity/openfortivpn/{openfortivpn_1.22.0.bb => openfortivpn_1.22.1.bb} (93%) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_1.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_2.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_3.patch create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_4.patch create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch create mode 100644 meta-oe/recipes-dbs/lmdb/files/CVE-2026-22185.patch create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14177.patch create mode 100644 meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch create mode 100644 meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch rename meta-python/recipes-devtools/python/{python3-aiohttp_3.9.4.bb => python3-aiohttp_3.9.5.bb} (81%) rename meta-python/recipes-devtools/python/{python3-cbor2_5.6.3.bb => python3-cbor2_5.6.4.bb} (89%) create mode 100644 meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch create mode 100644 meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch rename meta-python/recipes-devtools/python/{python3-marshmallow_3.21.1.bb => python3-marshmallow_3.21.3.bb} (92%) rename meta-python/recipes-devtools/python/{python3-pymongo_4.6.1.bb => python3-pymongo_4.6.3.bb} (90%) create mode 100644 meta-python/recipes-devtools/python/python3-tornado/CVE-2025-47287.patch create mode 100644 meta-python/recipes-devtools/python/python3-tornado/CVE-2025-67724.patch create mode 100644 meta-python/recipes-devtools/python/python3-tornado/CVE-2025-67726.patch rename meta-python/recipes-devtools/python/{python3-tqdm_4.66.2.bb => python3-tqdm_4.66.3.bb} (81%) rename meta-python/recipes-devtools/python/{python3-virtualenv_20.25.0.bb => python3-virtualenv_20.25.3.bb} (85%) rename meta-python/recipes-networking/python/{python3-ldap_3.4.4.bb => python3-ldap_3.4.5.bb} (74%)