| Message ID | cover.1769137698.git.anuj.mittal@oss.qualcomm.com |
|---|---|
| State | Under Review, archived |
| Delegated to: | Anuj Mittal |
| Headers | show |
merged now thanks Anuj On Thu, Jan 22, 2026 at 7:11 PM Anuj Mittal <anuj.mittal@oss.qualcomm.com> wrote: > Please merge these changes in whinlatter. Tested on autobuilder and > locally. > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1259 > > The following changes since commit > c6849e7529727a2c9eca0f9220836bd0d69ce086: > > python3-django: upgrade 5.2.8 -> 5.2.9 (2026-01-06 18:07:59 +0530) > > are available in the Git repository at: > > https://git.openembedded.org/meta-openembedded-contrib > stable/whinlatter-next > > https://git.openembedded.org/meta-openembedded-contrib/log/?h=stable/whinlatter-next > > Ankur Tyagi (5): > php: upgrade 8.4.16 -> 8.4.17 > mozjs-128: Fix build error with arm and musl > libjxl: Fix build error with arm and musl > influxdb: ignore CVE-2024-30896 > frr: upgrade 10.4.1 -> 10.4.2 > > Dmitry Baryshkov (1): > vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 > > Gyorgy Sarvari (16): > nodejs: remove extra CVE_PRODUCT > smarty: extend CVE_PRODUCT > raptor2: set CVE_PRODUCT > libcereal: set CVE_PRODUCT > asyncmqtt: set CVE_PRODUCT > boinc-client: set CVE_PRODUCT > boinc-client: mark CVE-2013-2018 patched > lmdb: patch CVE-2026-22185 > xerces-c: set CVE_PRODUCT > dante: upgrade 1.4.3 -> 1.4.4 > tinyproxy: patch CVE-2025-63938 > python3-scapy: set CVE_PRODUCT > nginx: set CVE_PRODUCT > softhsm: fix SRC_URI branch > ncp: update SRC_URI > libowfat: update SRC_URI > > Jason Schonberg (1): > nginx: upgrade 1.28.0 -> 1.28.1 > > Jiaying Song (1): > minicoredumper: fix 2038 year problem in timestamp handling > > Khem Raj (2): > vboxguestdrivers: Upgrade to 7.2.4 > dante: Add _GNU_SOURCE for musl builds > > Liu Yiding (2): > liblognorm: upgrade 2.0.7 -> 2.0.8 > libsdl3: upgrade 3.2.28 -> 3.2.30 > > Peter Marko (4): > net-snmp: patch CVE-2025-68615 > libsodium: patch CVE-2025-69277 > libcoap: set CVE version suffix > nginx: ignore CVE-2025-53859 for 1.28.1 > > Sanjay Chitroda (1): > recipes-core/toybox: Switch SRC_URI to HTTPS for reliable fetch > > Wang Mingyu (9): > python3-psycopg: upgrade 3.2.12 -> 3.2.13 > parallel: upgrade 20251022 -> 20251122 > libsdl3: upgrade 3.2.26 -> 3.2.28 > usb-modeswitch-data: upgrade 20191128 -> 20251207 > usb-modeswitch: upgrade 2.6.1 -> 2.6.2 > microsoft-gsl: upgrade 4.2.0 -> 4.2.1 > cryptsetup: upgrade 2.8.1 -> 2.8.3 > libdecor: upgrade 0.2.4 -> 0.2.5 > libsdl3-image: upgrade 3.2.4 -> 3.2.6 > > .../libcoap/libcoap_4.3.5a.bb | 2 + > .../python/python3-scapy_2.6.1.bb | 2 + > .../dante/{dante_1.4.3.bb => dante_1.4.4.bb} | 6 +- > .../frr/{frr_10.4.1.bb => frr_10.4.2.bb} | 2 +- > .../net-snmp/net-snmp/CVE-2025-68615.patch | 33 +++++ > .../net-snmp/net-snmp_5.9.4.bb | 1 + > .../recipes-support/ncp/libowfat_0.32.bb | 2 +- > .../recipes-support/ncp/ncp_1.2.4.bb | 2 +- > .../tinyproxy/tinyproxy/CVE-2025-63938.patch | 43 ++++++ > .../tinyproxy/tinyproxy_1.11.2.bb | 1 + > .../asyncmqtt/asyncmqtt_10.2.6.bb | 2 + > meta-oe/recipes-core/toybox/toybox_0.8.13.bb | 2 +- > ...ryptsetup_2.8.1.bb => cryptsetup_2.8.3.bb} | 2 +- > .../libsodium/libsodium/CVE-2025-69277.patch | 61 ++++++++ > .../libsodium/libsodium_1.0.20.bb | 2 + > .../recipes-dbs/influxdb/influxdb_1.8.10.bb | 1 + > .../lmdb/files/CVE-2026-22185.patch | 31 +++++ > meta-oe/recipes-dbs/lmdb/lmdb_0.9.31.bb | 1 + > ...ft-gsl_4.2.0.bb => microsoft-gsl_4.2.1.bb} | 8 +- > .../recipes-devtools/nodejs/nodejs_22.21.1.bb | 2 - > .../php/{php_8.4.16.bb => php_8.4.17.bb} | 2 +- > ...pg_3.2.12.bb => python3-psycopg_3.2.13.bb} | 2 +- > .../xerces-c/xerces-c_3.3.0.bb | 2 + > .../boinc/boinc-client_7.20.5.bb | 4 + > ...iblognorm_2.0.7.bb => liblognorm_2.0.8.bb} | 3 +- > ...001-Cargo.toml-do-not-abort-on-panic.patch | 2 +- > ...nfigure-do-not-look-for-llvm-objdump.patch | 2 +- > ...o-not-try-to-find-a-suitable-upstrea.patch | 2 +- > .../mozjs-128/0004-use-asm-sgidefs.h.patch | 2 +- > ...2.patch => 0005-Add-RISCV32-support.patch} | 2 +- > ...x-one-occasionally-reproduced-confi.patch} | 2 +- > ...ewrite-cargo-host-linker-in-python3.patch} | 2 +- > ...e-stack-unwinder-like-glibc-therefo.patch} | 2 +- > ...om-firefox-bugzilla-to-fix-compile-.patch} | 2 +- > ...on-isn-t-available-in-ARMv5-or-v6-s.patch} | 2 +- > ...ith-icu-uc-to-fix-build-with-ICU-76.patch} | 2 +- > ...gc-and-riscv32gc-as-valid-architect.patch} | 38 +++-- > .../0013-Fix-build-error-with-musl.patch | 30 ++++ > .../mozjs/mozjs-128_128.5.2.bb | 17 +-- > ...allel_20251022.bb => parallel_20251122.bb} | 2 +- > .../{libdecor_0.2.4.bb => libdecor_0.2.5.bb} | 2 +- > ...-image_3.2.4.bb => libsdl3-image_3.2.6.bb} | 2 +- > .../{libsdl3_3.2.26.bb => libsdl3_3.2.30.bb} | 2 +- > ...01-decode-fix-build-on-ARMv7-targets.patch | 4 +- > ...ing-for-non-NEON-enabled-ARM-targets.patch | 73 +++++----- > .../vk-gl-cts/vulkan-cts-sources.inc | 2 +- > ...n-cts_1.4.4.0.bb => vulkan-cts_1.4.4.2.bb} | 2 +- > ...8-year-problem-in-timestamp-handling.patch | 55 ++++++++ > .../minicoredumper/minicoredumper_2.0.7.bb | 1 + > .../libjxl/libjxl_0.11.1.bb | 3 + > .../recipes-security/softhsm/softhsm_2.6.1.bb | 2 +- > .../libcereal/libcereal_1.3.2.bb | 2 + > .../recipes-support/raptor2/raptor2_2.0.16.bb | 2 + > .../recipes-support/smarty/smarty_5.6.0.bb | 2 +- > ...128.bb => usb-modeswitch-data_20251207.bb} | 2 +- > .../0001-Fix-build-with-gcc-15.patch | 51 ------- > ...witch_2.6.1.bb => usb-modeswitch_2.6.2.bb} | 6 +- > ...ers_7.2.2.bb => vboxguestdrivers_7.2.4.bb} | 2 +- > .../nginx/files/CVE-2025-53859.patch | 131 ------------------ > meta-webserver/recipes-httpd/nginx/nginx.inc | 2 + > .../recipes-httpd/nginx/nginx_1.28.0.bb | 7 - > .../recipes-httpd/nginx/nginx_1.28.1.bb | 7 + > 62 files changed, 404 insertions(+), 286 deletions(-) > rename meta-networking/recipes-protocols/dante/{dante_1.4.3.bb => > dante_1.4.4.bb} (88%) > rename meta-networking/recipes-protocols/frr/{frr_10.4.1.bb => > frr_10.4.2.bb} (99%) > create mode 100644 > meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch > create mode 100644 > meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch > rename meta-oe/recipes-crypto/cryptsetup/{cryptsetup_2.8.1.bb => > cryptsetup_2.8.3.bb} (98%) > create mode 100644 > meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch > create mode 100644 meta-oe/recipes-dbs/lmdb/files/CVE-2026-22185.patch > rename meta-oe/recipes-devtools/microsoft-gsl/{microsoft-gsl_4.2.0.bb => > microsoft-gsl_4.2.1.bb} (93%) > rename meta-oe/recipes-devtools/php/{php_8.4.16.bb => php_8.4.17.bb} > (99%) > rename meta-oe/recipes-devtools/python/{python3-psycopg_3.2.12.bb => > python3-psycopg_3.2.13.bb} (85%) > rename meta-oe/recipes-extended/liblognorm/{liblognorm_2.0.7.bb => > liblognorm_2.0.8.bb} (95%) > rename meta-oe/recipes-extended/mozjs/mozjs-128/{riscv32.patch => > 0005-Add-RISCV32-support.patch} (97%) > rename > meta-oe/recipes-extended/mozjs/mozjs-128/{0001-util.configure-fix-one-occasionally-reproduced-confi.patch > => 0006-util.configure-fix-one-occasionally-reproduced-confi.patch} (96%) > rename > meta-oe/recipes-extended/mozjs/mozjs-128/{0001-rewrite-cargo-host-linker-in-python3.patch > => 0007-Rewrite-cargo-host-linker-in-python3.patch} (97%) > rename > meta-oe/recipes-extended/mozjs/mozjs-128/{musl-disable-stackwalk.patch => > 0008-Musl-does-not-have-stack-unwinder-like-glibc-therefo.patch} (94%) > rename > meta-oe/recipes-extended/mozjs/mozjs-128/{0001-add-arm-to-list-of-mozinline.patch > => 0009-Backport-patch-from-firefox-bugzilla-to-fix-compile-.patch} (95%) > rename meta-oe/recipes-extended/mozjs/mozjs-128/{armv5.patch => > 0010-The-ISB-instruction-isn-t-available-in-ARMv5-or-v6-s.patch} (93%) > rename > meta-oe/recipes-extended/mozjs/mozjs-128/{0001-Link-with-icu-uc-to-fix-build-with-ICU-76.patch > => 0011-Link-with-icu-uc-to-fix-build-with-ICU-76.patch} (92%) > rename meta-oe/recipes-extended/mozjs/mozjs-128/{riscv.patch => > 0012-Recognise-riscv64gc-and-riscv32gc-as-valid-architect.patch} (60%) > create mode 100644 > meta-oe/recipes-extended/mozjs/mozjs-128/0013-Fix-build-error-with-musl.patch > rename meta-oe/recipes-extended/parallel/{parallel_20251022.bb => > parallel_20251122.bb} (93%) > rename meta-oe/recipes-graphics/libdecor/{libdecor_0.2.4.bb => > libdecor_0.2.5.bb} (94%) > rename meta-oe/recipes-graphics/libsdl3/{libsdl3-image_3.2.4.bb => > libsdl3-image_3.2.6.bb} (87%) > rename meta-oe/recipes-graphics/libsdl3/{libsdl3_3.2.26.bb => > libsdl3_3.2.30.bb} (97%) > rename meta-oe/recipes-graphics/vk-gl-cts/{vulkan-cts_1.4.4.0.bb => > vulkan-cts_1.4.4.2.bb} (94%) > create mode 100644 > meta-oe/recipes-kernel/minicoredumper/files/0002-Fix-2038-year-problem-in-timestamp-handling.patch > rename meta-oe/recipes-support/usb-modeswitch/{ > usb-modeswitch-data_20191128.bb => usb-modeswitch-data_20251207.bb} (84%) > delete mode 100644 > meta-oe/recipes-support/usb-modeswitch/usb-modeswitch/0001-Fix-build-with-gcc-15.patch > rename meta-oe/recipes-support/usb-modeswitch/{usb-modeswitch_2.6.1.bb > => usb-modeswitch_2.6.2.bb} (86%) > rename meta-oe/recipes-support/vboxguestdrivers/{ > vboxguestdrivers_7.2.2.bb => vboxguestdrivers_7.2.4.bb} (97%) > delete mode 100755 > meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch > delete mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb > create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb > > -- > 2.52.0 > >
Merged now thanks Anuj On Sun, Jan 25, 2026 at 9:25 PM Khem Raj <raj.khem@gmail.com> wrote: > merged now thanks Anuj > > On Thu, Jan 22, 2026 at 7:11 PM Anuj Mittal <anuj.mittal@oss.qualcomm.com> > wrote: > >> Please merge these changes in whinlatter. Tested on autobuilder and >> locally. >> >> https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1259 >> >> The following changes since commit >> c6849e7529727a2c9eca0f9220836bd0d69ce086: >> >> python3-django: upgrade 5.2.8 -> 5.2.9 (2026-01-06 18:07:59 +0530) >> >> are available in the Git repository at: >> >> https://git.openembedded.org/meta-openembedded-contrib >> stable/whinlatter-next >> >> https://git.openembedded.org/meta-openembedded-contrib/log/?h=stable/whinlatter-next >> >> Ankur Tyagi (5): >> php: upgrade 8.4.16 -> 8.4.17 >> mozjs-128: Fix build error with arm and musl >> libjxl: Fix build error with arm and musl >> influxdb: ignore CVE-2024-30896 >> frr: upgrade 10.4.1 -> 10.4.2 >> >> Dmitry Baryshkov (1): >> vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 >> >> Gyorgy Sarvari (16): >> nodejs: remove extra CVE_PRODUCT >> smarty: extend CVE_PRODUCT >> raptor2: set CVE_PRODUCT >> libcereal: set CVE_PRODUCT >> asyncmqtt: set CVE_PRODUCT >> boinc-client: set CVE_PRODUCT >> boinc-client: mark CVE-2013-2018 patched >> lmdb: patch CVE-2026-22185 >> xerces-c: set CVE_PRODUCT >> dante: upgrade 1.4.3 -> 1.4.4 >> tinyproxy: patch CVE-2025-63938 >> python3-scapy: set CVE_PRODUCT >> nginx: set CVE_PRODUCT >> softhsm: fix SRC_URI branch >> ncp: update SRC_URI >> libowfat: update SRC_URI >> >> Jason Schonberg (1): >> nginx: upgrade 1.28.0 -> 1.28.1 >> >> Jiaying Song (1): >> minicoredumper: fix 2038 year problem in timestamp handling >> >> Khem Raj (2): >> vboxguestdrivers: Upgrade to 7.2.4 >> dante: Add _GNU_SOURCE for musl builds >> >> Liu Yiding (2): >> liblognorm: upgrade 2.0.7 -> 2.0.8 >> libsdl3: upgrade 3.2.28 -> 3.2.30 >> >> Peter Marko (4): >> net-snmp: patch CVE-2025-68615 >> libsodium: patch CVE-2025-69277 >> libcoap: set CVE version suffix >> nginx: ignore CVE-2025-53859 for 1.28.1 >> >> Sanjay Chitroda (1): >> recipes-core/toybox: Switch SRC_URI to HTTPS for reliable fetch >> >> Wang Mingyu (9): >> python3-psycopg: upgrade 3.2.12 -> 3.2.13 >> parallel: upgrade 20251022 -> 20251122 >> libsdl3: upgrade 3.2.26 -> 3.2.28 >> usb-modeswitch-data: upgrade 20191128 -> 20251207 >> usb-modeswitch: upgrade 2.6.1 -> 2.6.2 >> microsoft-gsl: upgrade 4.2.0 -> 4.2.1 >> cryptsetup: upgrade 2.8.1 -> 2.8.3 >> libdecor: upgrade 0.2.4 -> 0.2.5 >> libsdl3-image: upgrade 3.2.4 -> 3.2.6 >> >> .../libcoap/libcoap_4.3.5a.bb | 2 + >> .../python/python3-scapy_2.6.1.bb | 2 + >> .../dante/{dante_1.4.3.bb => dante_1.4.4.bb} | 6 +- >> .../frr/{frr_10.4.1.bb => frr_10.4.2.bb} | 2 +- >> .../net-snmp/net-snmp/CVE-2025-68615.patch | 33 +++++ >> .../net-snmp/net-snmp_5.9.4.bb | 1 + >> .../recipes-support/ncp/libowfat_0.32.bb | 2 +- >> .../recipes-support/ncp/ncp_1.2.4.bb | 2 +- >> .../tinyproxy/tinyproxy/CVE-2025-63938.patch | 43 ++++++ >> .../tinyproxy/tinyproxy_1.11.2.bb | 1 + >> .../asyncmqtt/asyncmqtt_10.2.6.bb | 2 + >> meta-oe/recipes-core/toybox/toybox_0.8.13.bb | 2 +- >> ...ryptsetup_2.8.1.bb => cryptsetup_2.8.3.bb} | 2 +- >> .../libsodium/libsodium/CVE-2025-69277.patch | 61 ++++++++ >> .../libsodium/libsodium_1.0.20.bb | 2 + >> .../recipes-dbs/influxdb/influxdb_1.8.10.bb | 1 + >> .../lmdb/files/CVE-2026-22185.patch | 31 +++++ >> meta-oe/recipes-dbs/lmdb/lmdb_0.9.31.bb | 1 + >> ...ft-gsl_4.2.0.bb => microsoft-gsl_4.2.1.bb} | 8 +- >> .../recipes-devtools/nodejs/nodejs_22.21.1.bb | 2 - >> .../php/{php_8.4.16.bb => php_8.4.17.bb} | 2 +- >> ...pg_3.2.12.bb => python3-psycopg_3.2.13.bb} | 2 +- >> .../xerces-c/xerces-c_3.3.0.bb | 2 + >> .../boinc/boinc-client_7.20.5.bb | 4 + >> ...iblognorm_2.0.7.bb => liblognorm_2.0.8.bb} | 3 +- >> ...001-Cargo.toml-do-not-abort-on-panic.patch | 2 +- >> ...nfigure-do-not-look-for-llvm-objdump.patch | 2 +- >> ...o-not-try-to-find-a-suitable-upstrea.patch | 2 +- >> .../mozjs-128/0004-use-asm-sgidefs.h.patch | 2 +- >> ...2.patch => 0005-Add-RISCV32-support.patch} | 2 +- >> ...x-one-occasionally-reproduced-confi.patch} | 2 +- >> ...ewrite-cargo-host-linker-in-python3.patch} | 2 +- >> ...e-stack-unwinder-like-glibc-therefo.patch} | 2 +- >> ...om-firefox-bugzilla-to-fix-compile-.patch} | 2 +- >> ...on-isn-t-available-in-ARMv5-or-v6-s.patch} | 2 +- >> ...ith-icu-uc-to-fix-build-with-ICU-76.patch} | 2 +- >> ...gc-and-riscv32gc-as-valid-architect.patch} | 38 +++-- >> .../0013-Fix-build-error-with-musl.patch | 30 ++++ >> .../mozjs/mozjs-128_128.5.2.bb | 17 +-- >> ...allel_20251022.bb => parallel_20251122.bb} | 2 +- >> .../{libdecor_0.2.4.bb => libdecor_0.2.5.bb} | 2 +- >> ...-image_3.2.4.bb => libsdl3-image_3.2.6.bb} | 2 +- >> .../{libsdl3_3.2.26.bb => libsdl3_3.2.30.bb} | 2 +- >> ...01-decode-fix-build-on-ARMv7-targets.patch | 4 +- >> ...ing-for-non-NEON-enabled-ARM-targets.patch | 73 +++++----- >> .../vk-gl-cts/vulkan-cts-sources.inc | 2 +- >> ...n-cts_1.4.4.0.bb => vulkan-cts_1.4.4.2.bb} | 2 +- >> ...8-year-problem-in-timestamp-handling.patch | 55 ++++++++ >> .../minicoredumper/minicoredumper_2.0.7.bb | 1 + >> .../libjxl/libjxl_0.11.1.bb | 3 + >> .../recipes-security/softhsm/softhsm_2.6.1.bb | 2 +- >> .../libcereal/libcereal_1.3.2.bb | 2 + >> .../recipes-support/raptor2/raptor2_2.0.16.bb | 2 + >> .../recipes-support/smarty/smarty_5.6.0.bb | 2 +- >> ...128.bb => usb-modeswitch-data_20251207.bb} | 2 +- >> .../0001-Fix-build-with-gcc-15.patch | 51 ------- >> ...witch_2.6.1.bb => usb-modeswitch_2.6.2.bb} | 6 +- >> ...ers_7.2.2.bb => vboxguestdrivers_7.2.4.bb} | 2 +- >> .../nginx/files/CVE-2025-53859.patch | 131 ------------------ >> meta-webserver/recipes-httpd/nginx/nginx.inc | 2 + >> .../recipes-httpd/nginx/nginx_1.28.0.bb | 7 - >> .../recipes-httpd/nginx/nginx_1.28.1.bb | 7 + >> 62 files changed, 404 insertions(+), 286 deletions(-) >> rename meta-networking/recipes-protocols/dante/{dante_1.4.3.bb => >> dante_1.4.4.bb} (88%) >> rename meta-networking/recipes-protocols/frr/{frr_10.4.1.bb => >> frr_10.4.2.bb} (99%) >> create mode 100644 >> meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch >> create mode 100644 >> meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch >> rename meta-oe/recipes-crypto/cryptsetup/{cryptsetup_2.8.1.bb => >> cryptsetup_2.8.3.bb} (98%) >> create mode 100644 >> meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch >> create mode 100644 meta-oe/recipes-dbs/lmdb/files/CVE-2026-22185.patch >> rename meta-oe/recipes-devtools/microsoft-gsl/{microsoft-gsl_4.2.0.bb >> => microsoft-gsl_4.2.1.bb} (93%) >> rename meta-oe/recipes-devtools/php/{php_8.4.16.bb => php_8.4.17.bb} >> (99%) >> rename meta-oe/recipes-devtools/python/{python3-psycopg_3.2.12.bb => >> python3-psycopg_3.2.13.bb} (85%) >> rename meta-oe/recipes-extended/liblognorm/{liblognorm_2.0.7.bb => >> liblognorm_2.0.8.bb} (95%) >> rename meta-oe/recipes-extended/mozjs/mozjs-128/{riscv32.patch => >> 0005-Add-RISCV32-support.patch} (97%) >> rename >> meta-oe/recipes-extended/mozjs/mozjs-128/{0001-util.configure-fix-one-occasionally-reproduced-confi.patch >> => 0006-util.configure-fix-one-occasionally-reproduced-confi.patch} (96%) >> rename >> meta-oe/recipes-extended/mozjs/mozjs-128/{0001-rewrite-cargo-host-linker-in-python3.patch >> => 0007-Rewrite-cargo-host-linker-in-python3.patch} (97%) >> rename >> meta-oe/recipes-extended/mozjs/mozjs-128/{musl-disable-stackwalk.patch => >> 0008-Musl-does-not-have-stack-unwinder-like-glibc-therefo.patch} (94%) >> rename >> meta-oe/recipes-extended/mozjs/mozjs-128/{0001-add-arm-to-list-of-mozinline.patch >> => 0009-Backport-patch-from-firefox-bugzilla-to-fix-compile-.patch} (95%) >> rename meta-oe/recipes-extended/mozjs/mozjs-128/{armv5.patch => >> 0010-The-ISB-instruction-isn-t-available-in-ARMv5-or-v6-s.patch} (93%) >> rename >> meta-oe/recipes-extended/mozjs/mozjs-128/{0001-Link-with-icu-uc-to-fix-build-with-ICU-76.patch >> => 0011-Link-with-icu-uc-to-fix-build-with-ICU-76.patch} (92%) >> rename meta-oe/recipes-extended/mozjs/mozjs-128/{riscv.patch => >> 0012-Recognise-riscv64gc-and-riscv32gc-as-valid-architect.patch} (60%) >> create mode 100644 >> meta-oe/recipes-extended/mozjs/mozjs-128/0013-Fix-build-error-with-musl.patch >> rename meta-oe/recipes-extended/parallel/{parallel_20251022.bb => >> parallel_20251122.bb} (93%) >> rename meta-oe/recipes-graphics/libdecor/{libdecor_0.2.4.bb => >> libdecor_0.2.5.bb} (94%) >> rename meta-oe/recipes-graphics/libsdl3/{libsdl3-image_3.2.4.bb => >> libsdl3-image_3.2.6.bb} (87%) >> rename meta-oe/recipes-graphics/libsdl3/{libsdl3_3.2.26.bb => >> libsdl3_3.2.30.bb} (97%) >> rename meta-oe/recipes-graphics/vk-gl-cts/{vulkan-cts_1.4.4.0.bb => >> vulkan-cts_1.4.4.2.bb} (94%) >> create mode 100644 >> meta-oe/recipes-kernel/minicoredumper/files/0002-Fix-2038-year-problem-in-timestamp-handling.patch >> rename meta-oe/recipes-support/usb-modeswitch/{ >> usb-modeswitch-data_20191128.bb => usb-modeswitch-data_20251207.bb} (84%) >> delete mode 100644 >> meta-oe/recipes-support/usb-modeswitch/usb-modeswitch/0001-Fix-build-with-gcc-15.patch >> rename meta-oe/recipes-support/usb-modeswitch/{usb-modeswitch_2.6.1.bb >> => usb-modeswitch_2.6.2.bb} (86%) >> rename meta-oe/recipes-support/vboxguestdrivers/{ >> vboxguestdrivers_7.2.2.bb => vboxguestdrivers_7.2.4.bb} (97%) >> delete mode 100755 >> meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch >> delete mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb >> create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb >> >> -- >> 2.52.0 >> >>
Please merge these changes in whinlatter. Tested on autobuilder and locally. https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1259 The following changes since commit c6849e7529727a2c9eca0f9220836bd0d69ce086: python3-django: upgrade 5.2.8 -> 5.2.9 (2026-01-06 18:07:59 +0530) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib stable/whinlatter-next https://git.openembedded.org/meta-openembedded-contrib/log/?h=stable/whinlatter-next Ankur Tyagi (5): php: upgrade 8.4.16 -> 8.4.17 mozjs-128: Fix build error with arm and musl libjxl: Fix build error with arm and musl influxdb: ignore CVE-2024-30896 frr: upgrade 10.4.1 -> 10.4.2 Dmitry Baryshkov (1): vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 Gyorgy Sarvari (16): nodejs: remove extra CVE_PRODUCT smarty: extend CVE_PRODUCT raptor2: set CVE_PRODUCT libcereal: set CVE_PRODUCT asyncmqtt: set CVE_PRODUCT boinc-client: set CVE_PRODUCT boinc-client: mark CVE-2013-2018 patched lmdb: patch CVE-2026-22185 xerces-c: set CVE_PRODUCT dante: upgrade 1.4.3 -> 1.4.4 tinyproxy: patch CVE-2025-63938 python3-scapy: set CVE_PRODUCT nginx: set CVE_PRODUCT softhsm: fix SRC_URI branch ncp: update SRC_URI libowfat: update SRC_URI Jason Schonberg (1): nginx: upgrade 1.28.0 -> 1.28.1 Jiaying Song (1): minicoredumper: fix 2038 year problem in timestamp handling Khem Raj (2): vboxguestdrivers: Upgrade to 7.2.4 dante: Add _GNU_SOURCE for musl builds Liu Yiding (2): liblognorm: upgrade 2.0.7 -> 2.0.8 libsdl3: upgrade 3.2.28 -> 3.2.30 Peter Marko (4): net-snmp: patch CVE-2025-68615 libsodium: patch CVE-2025-69277 libcoap: set CVE version suffix nginx: ignore CVE-2025-53859 for 1.28.1 Sanjay Chitroda (1): recipes-core/toybox: Switch SRC_URI to HTTPS for reliable fetch Wang Mingyu (9): python3-psycopg: upgrade 3.2.12 -> 3.2.13 parallel: upgrade 20251022 -> 20251122 libsdl3: upgrade 3.2.26 -> 3.2.28 usb-modeswitch-data: upgrade 20191128 -> 20251207 usb-modeswitch: upgrade 2.6.1 -> 2.6.2 microsoft-gsl: upgrade 4.2.0 -> 4.2.1 cryptsetup: upgrade 2.8.1 -> 2.8.3 libdecor: upgrade 0.2.4 -> 0.2.5 libsdl3-image: upgrade 3.2.4 -> 3.2.6 .../libcoap/libcoap_4.3.5a.bb | 2 + .../python/python3-scapy_2.6.1.bb | 2 + .../dante/{dante_1.4.3.bb => dante_1.4.4.bb} | 6 +- .../frr/{frr_10.4.1.bb => frr_10.4.2.bb} | 2 +- .../net-snmp/net-snmp/CVE-2025-68615.patch | 33 +++++ .../net-snmp/net-snmp_5.9.4.bb | 1 + .../recipes-support/ncp/libowfat_0.32.bb | 2 +- .../recipes-support/ncp/ncp_1.2.4.bb | 2 +- .../tinyproxy/tinyproxy/CVE-2025-63938.patch | 43 ++++++ .../tinyproxy/tinyproxy_1.11.2.bb | 1 + .../asyncmqtt/asyncmqtt_10.2.6.bb | 2 + meta-oe/recipes-core/toybox/toybox_0.8.13.bb | 2 +- ...ryptsetup_2.8.1.bb => cryptsetup_2.8.3.bb} | 2 +- .../libsodium/libsodium/CVE-2025-69277.patch | 61 ++++++++ .../libsodium/libsodium_1.0.20.bb | 2 + .../recipes-dbs/influxdb/influxdb_1.8.10.bb | 1 + .../lmdb/files/CVE-2026-22185.patch | 31 +++++ meta-oe/recipes-dbs/lmdb/lmdb_0.9.31.bb | 1 + ...ft-gsl_4.2.0.bb => microsoft-gsl_4.2.1.bb} | 8 +- .../recipes-devtools/nodejs/nodejs_22.21.1.bb | 2 - .../php/{php_8.4.16.bb => php_8.4.17.bb} | 2 +- ...pg_3.2.12.bb => python3-psycopg_3.2.13.bb} | 2 +- .../xerces-c/xerces-c_3.3.0.bb | 2 + .../boinc/boinc-client_7.20.5.bb | 4 + ...iblognorm_2.0.7.bb => liblognorm_2.0.8.bb} | 3 +- ...001-Cargo.toml-do-not-abort-on-panic.patch | 2 +- ...nfigure-do-not-look-for-llvm-objdump.patch | 2 +- ...o-not-try-to-find-a-suitable-upstrea.patch | 2 +- .../mozjs-128/0004-use-asm-sgidefs.h.patch | 2 +- ...2.patch => 0005-Add-RISCV32-support.patch} | 2 +- ...x-one-occasionally-reproduced-confi.patch} | 2 +- ...ewrite-cargo-host-linker-in-python3.patch} | 2 +- ...e-stack-unwinder-like-glibc-therefo.patch} | 2 +- ...om-firefox-bugzilla-to-fix-compile-.patch} | 2 +- ...on-isn-t-available-in-ARMv5-or-v6-s.patch} | 2 +- ...ith-icu-uc-to-fix-build-with-ICU-76.patch} | 2 +- ...gc-and-riscv32gc-as-valid-architect.patch} | 38 +++-- .../0013-Fix-build-error-with-musl.patch | 30 ++++ .../mozjs/mozjs-128_128.5.2.bb | 17 +-- ...allel_20251022.bb => parallel_20251122.bb} | 2 +- .../{libdecor_0.2.4.bb => libdecor_0.2.5.bb} | 2 +- ...-image_3.2.4.bb => libsdl3-image_3.2.6.bb} | 2 +- .../{libsdl3_3.2.26.bb => libsdl3_3.2.30.bb} | 2 +- ...01-decode-fix-build-on-ARMv7-targets.patch | 4 +- ...ing-for-non-NEON-enabled-ARM-targets.patch | 73 +++++----- .../vk-gl-cts/vulkan-cts-sources.inc | 2 +- ...n-cts_1.4.4.0.bb => vulkan-cts_1.4.4.2.bb} | 2 +- ...8-year-problem-in-timestamp-handling.patch | 55 ++++++++ .../minicoredumper/minicoredumper_2.0.7.bb | 1 + .../libjxl/libjxl_0.11.1.bb | 3 + .../recipes-security/softhsm/softhsm_2.6.1.bb | 2 +- .../libcereal/libcereal_1.3.2.bb | 2 + .../recipes-support/raptor2/raptor2_2.0.16.bb | 2 + .../recipes-support/smarty/smarty_5.6.0.bb | 2 +- ...128.bb => usb-modeswitch-data_20251207.bb} | 2 +- .../0001-Fix-build-with-gcc-15.patch | 51 ------- ...witch_2.6.1.bb => usb-modeswitch_2.6.2.bb} | 6 +- ...ers_7.2.2.bb => vboxguestdrivers_7.2.4.bb} | 2 +- .../nginx/files/CVE-2025-53859.patch | 131 ------------------ meta-webserver/recipes-httpd/nginx/nginx.inc | 2 + .../recipes-httpd/nginx/nginx_1.28.0.bb | 7 - .../recipes-httpd/nginx/nginx_1.28.1.bb | 7 + 62 files changed, 404 insertions(+), 286 deletions(-) rename meta-networking/recipes-protocols/dante/{dante_1.4.3.bb => dante_1.4.4.bb} (88%) rename meta-networking/recipes-protocols/frr/{frr_10.4.1.bb => frr_10.4.2.bb} (99%) create mode 100644 meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch create mode 100644 meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch rename meta-oe/recipes-crypto/cryptsetup/{cryptsetup_2.8.1.bb => cryptsetup_2.8.3.bb} (98%) create mode 100644 meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch create mode 100644 meta-oe/recipes-dbs/lmdb/files/CVE-2026-22185.patch rename meta-oe/recipes-devtools/microsoft-gsl/{microsoft-gsl_4.2.0.bb => microsoft-gsl_4.2.1.bb} (93%) rename meta-oe/recipes-devtools/php/{php_8.4.16.bb => php_8.4.17.bb} (99%) rename meta-oe/recipes-devtools/python/{python3-psycopg_3.2.12.bb => python3-psycopg_3.2.13.bb} (85%) rename meta-oe/recipes-extended/liblognorm/{liblognorm_2.0.7.bb => liblognorm_2.0.8.bb} (95%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{riscv32.patch => 0005-Add-RISCV32-support.patch} (97%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{0001-util.configure-fix-one-occasionally-reproduced-confi.patch => 0006-util.configure-fix-one-occasionally-reproduced-confi.patch} (96%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{0001-rewrite-cargo-host-linker-in-python3.patch => 0007-Rewrite-cargo-host-linker-in-python3.patch} (97%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{musl-disable-stackwalk.patch => 0008-Musl-does-not-have-stack-unwinder-like-glibc-therefo.patch} (94%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{0001-add-arm-to-list-of-mozinline.patch => 0009-Backport-patch-from-firefox-bugzilla-to-fix-compile-.patch} (95%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{armv5.patch => 0010-The-ISB-instruction-isn-t-available-in-ARMv5-or-v6-s.patch} (93%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{0001-Link-with-icu-uc-to-fix-build-with-ICU-76.patch => 0011-Link-with-icu-uc-to-fix-build-with-ICU-76.patch} (92%) rename meta-oe/recipes-extended/mozjs/mozjs-128/{riscv.patch => 0012-Recognise-riscv64gc-and-riscv32gc-as-valid-architect.patch} (60%) create mode 100644 meta-oe/recipes-extended/mozjs/mozjs-128/0013-Fix-build-error-with-musl.patch rename meta-oe/recipes-extended/parallel/{parallel_20251022.bb => parallel_20251122.bb} (93%) rename meta-oe/recipes-graphics/libdecor/{libdecor_0.2.4.bb => libdecor_0.2.5.bb} (94%) rename meta-oe/recipes-graphics/libsdl3/{libsdl3-image_3.2.4.bb => libsdl3-image_3.2.6.bb} (87%) rename meta-oe/recipes-graphics/libsdl3/{libsdl3_3.2.26.bb => libsdl3_3.2.30.bb} (97%) rename meta-oe/recipes-graphics/vk-gl-cts/{vulkan-cts_1.4.4.0.bb => vulkan-cts_1.4.4.2.bb} (94%) create mode 100644 meta-oe/recipes-kernel/minicoredumper/files/0002-Fix-2038-year-problem-in-timestamp-handling.patch rename meta-oe/recipes-support/usb-modeswitch/{usb-modeswitch-data_20191128.bb => usb-modeswitch-data_20251207.bb} (84%) delete mode 100644 meta-oe/recipes-support/usb-modeswitch/usb-modeswitch/0001-Fix-build-with-gcc-15.patch rename meta-oe/recipes-support/usb-modeswitch/{usb-modeswitch_2.6.1.bb => usb-modeswitch_2.6.2.bb} (86%) rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_7.2.2.bb => vboxguestdrivers_7.2.4.bb} (97%) delete mode 100755 meta-webserver/recipes-httpd/nginx/files/CVE-2025-53859.patch delete mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.0.bb create mode 100644 meta-webserver/recipes-httpd/nginx/nginx_1.28.1.bb