mbox

[00/49] Scarthgap pull request

Message ID cover.1774420778.git.anuj.mittal@oss.qualcomm.com
State New, archived
Headers show

Pull-request

https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap

Message

Anuj Mittal March 25, 2026, 6:42 a.m. UTC 
Please merge these changes in scarthgap. Tested with qemux86, qemu86-64,
qemuarm and qemuarm64 locally and on autobuilder.

https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1392

The following changes since commit 4d3e2639dec542b58708244662d5ce36810fc510:

  source-han-sans-*-fonts: rename downloaded files in SRC_URI (2026-03-03 13:08:08 +0530)

are available in the Git repository at:

  https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
  https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap

for you to fetch changes up to 06f846a325fde423bb0a6d49d771d8c1e144d7eb:

  bluealsa: fix QA issue staticdev (2026-03-24 15:53:24 +0530)

----------------------------------------------------------------

Aviv Daum (1):
  lldpd: fix xml PACKAGECONFIG dependency

Christos Gavros (1):
  nativesdk-pistache: dependency with brotli

Deepak Rathore (1):
  yasm: extend recipe for nativesdk builds

Gyorgy Sarvari (33):
  exiftool: ignore CVE-2026-3102
  freerdp: upgrade 2.11.7 -> 2.11.8
  gimp: ignore CVE-2025-14424
  gimp: patch CVE-2025-15059
  gimp: patch CVE-2025-2760
  gimp: patch CVE-2025-2761
  gimp: patch CVE-2026-0797
  gimp: patch CVE-2026-2044
  gimp: patch CVE-2026-2045
  gimp: ignore CVE-2026-2047
  gimp: patch CVE-2026-2048
  gnome-shell: ignore CVE-2021-3982
  keepalived: patch CVE-2024-41184
  libjxl: upgrade 0.10.2 -> 0.10.5
  protobuf: ignore CVE-2026-0994
  python3-django: upgrade 4.2.28 -> 4.2.29
  streamripper: ignore CVE-2020-37065
  gimp: add additional patch for CVE-2026-0797
  vlc: ignore CVE-2026-26227 and CVE-2026-26228
  php: upgrade 8.2.29 -> 8.2.30
  ettercap: patch CVE-2026-3603
  exiv2: patch CVE-2026-25884
  exiv2: patch CVE-2026-27596
  exiv2: patch CVE-2026-27631
  imagemagick: patch CVE-2025-68618
  imagemagick: patch CVE-2025-68950
  imagemagick: patch CVE-2025-69204
  hiawatha: fix SRC_URI
  openjpeg: patch CVE-2023-39327
  capnproto: patch CVE-2026-32239 and CVE-2026-32240
  libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
  mariadb: upgrade 10.11.12 -> 10.11.16
  libde265: patch CVE-2025-61147

Hitendra Prajapati (4):
  wireshark: Fix CVE-2026-3201
  wireshark: Fix CVE-2026-0960
  python3-pyjwt: Fix CVE-2026-32597
  python3-pillow: fix CVE-2026-25990

Martin Jansa (1):
  krb5: fix build with gcc-15

Matthias Proske (1):
  bluealsa: fix QA issue staticdev

Peter Marko (4):
  spice-gtk: mark CVE-2012-4425 as fixed
  spice: ignore CVE-2016-0749
  spice: set CVE-2016-2150 status to fixed
  sassc: ignore CVE-2022-43357

Sujeet Nayak (1):
  libnice: make crypto library configurable via PACKAGECONFIG

Vijay Anusuri (1):
  libssh: Fix CVE-2026-3731

haonguyen-qualgo (1):
  mbedtls: Do not set LIB_INSTALL_DIR to an absolute path to make
    MbedTLSTargets.cmake relocateable

 .../gimp/gimp/CVE-2025-15059.patch            |    33 +
 .../gimp/gimp/CVE-2025-2760-1.patch           |    38 +
 .../gimp/gimp/CVE-2025-2760-2.patch           |    84 +
 .../gimp/gimp/CVE-2025-2761.patch             |    34 +
 .../gimp/gimp/CVE-2026-0797-1.patch           |    91 +
 .../gimp/gimp/CVE-2026-0797-2.patch           |    62 +
 .../gimp/gimp/CVE-2026-2044.patch             |    28 +
 .../gimp/gimp/CVE-2026-2045.patch             |    36 +
 .../gimp/gimp/CVE-2026-2048.patch             |    84 +
 meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb  |    13 +-
 .../gnome-shell/gnome-shell_46.1.bb           |     1 +
 .../bluealsa/bluealsa_git.bb                  |     1 +
 .../libde265/libde265/CVE-2025-61147.patch    |    84 +
 .../libde265/libde265_1.0.12.bb               |     3 +-
 .../streamripper/streamripper_1.64.6.bb       |     2 +
 .../recipes-multimedia/vlc/vlc_3.0.20.bb      |     3 +
 .../mbedtls/mbedtls_2.28.10.bb                |     2 -
 .../mbedtls/mbedtls_3.6.5.bb                  |     2 -
 .../keepalived/CVE-2024-41184-1.patch         |    98 +
 .../keepalived/CVE-2024-41184-2.patch         |    88 +
 .../keepalived/CVE-2024-41184-3.patch         |    94 +
 .../keepalived/CVE-2024-41184-4.patch         |    33 +
 .../keepalived/keepalived_2.2.8.bb            |     4 +
 .../recipes-daemons/lldpd/lldpd_1.0.18.bb     |     2 +-
 .../ettercap/ettercap/CVE-2026-3606.patch     |    48 +
 .../ettercap/ettercap_0.8.3.1.bb              |     4 +-
 .../recipes-support/spice/spice-gtk_0.42.bb   |     2 +
 .../recipes-support/spice/spice_git.bb        |     2 +
 .../wireshark/files/CVE-2026-0960.patch       |    43 +
 .../wireshark/files/CVE-2026-3201.patch       |    55 +
 .../wireshark/wireshark_4.2.14.bb             |     2 +
 ...nate-old-style-function-declarations.patch | 10803 ++++++++++++++++
 .../recipes-connectivity/krb5/krb5_1.21.3.bb  |     1 +
 ...10.11.12.bb => mariadb-native_10.11.16.bb} |     0
 meta-oe/recipes-dbs/mysql/mariadb.inc         |     2 +-
 ...ck-if-syscall-exists-before-using-it.patch |     8 +-
 ...Lists.txt-fix-gen_lex_hash-not-found.patch |     6 +-
 ...ariadb_10.11.12.bb => mariadb_10.11.16.bb} |     0
 .../CVE-2026-32239_CVE-2026-32240.patch       |   160 +
 .../capnproto/capnproto_1.0.2.bb              |     4 +-
 .../recipes-devtools/perl/exiftool_12.72.bb   |     2 +
 .../php/php/CVE-2025-14177.patch              |    84 -
 .../php/php/CVE-2025-14178.patch              |    65 -
 .../php/php/CVE-2025-14180.patch              |    69 -
 .../php/{php_8.2.29.bb => php_8.2.30.bb}      |     5 +-
 .../protobuf/protobuf_4.25.8.bb               |     2 +
 meta-oe/recipes-devtools/yasm/yasm_git.bb     |     2 +-
 .../recipes-extended/brotli/brotli_1.1.0.bb   |     2 +-
 .../openjpeg/openjpeg/CVE-2023-39327.patch    |    51 +
 .../openjpeg/openjpeg_2.5.4.bb                |     1 +
 .../libjxl/libjxl/CVE-2024-11403.patch        |    70 -
 .../libjxl/libjxl/CVE-2024-11498.patch        |   113 -
 .../{libjxl_0.10.2.bb => libjxl_0.10.5.bb}    |    10 +-
 .../exiv2/exiv2/CVE-2026-25884-1.patch        |    69 +
 .../exiv2/exiv2/CVE-2026-25884-2.patch        |    25 +
 .../exiv2/exiv2/CVE-2026-27596-1.patch        |    71 +
 .../exiv2/exiv2/CVE-2026-27596-2.patch        |    24 +
 .../exiv2/exiv2/CVE-2026-27631-1.patch        |    63 +
 .../exiv2/exiv2/CVE-2026-27631-2.patch        |    26 +
 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb |     8 +
 .../0001-Fixed-compilation-warnings.patch     |    27 -
 .../{freerdp_2.11.7.bb => freerdp_2.11.8.bb}  |     3 +-
 .../imagemagick/CVE-2025-68618.patch          |   109 +
 .../imagemagick/CVE-2025-68950.patch          |    25 +
 .../imagemagick/CVE-2025-69204.patch          |    71 +
 .../imagemagick/imagemagick_7.1.1.bb          |     3 +
 .../recipes-support/libnice/libnice_0.1.22.bb |     5 +-
 .../libssh/libssh/CVE-2026-3731-1.patch       |    44 +
 .../libssh/libssh/CVE-2026-3731-2.patch       |   102 +
 .../recipes-support/libssh/libssh_0.10.6.bb   |     2 +
 meta-oe/recipes-support/sass/sassc_git.bb     |     2 +
 .../0001-lower-setuptools-requirements.patch  |     0
 ...ngo_4.2.28.bb => python3-django_4.2.29.bb} |     2 +-
 .../python3-pillow/CVE-2026-25990.patch       |    91 +
 .../python/python3-pillow_10.3.0.bb           |     1 +
 .../python/python3-pyjwt/CVE-2026-32597.patch |   216 +
 .../python/python3-pyjwt_2.8.0.bb             |     1 +
 .../recipes-httpd/hiawatha/hiawatha_10.12.bb  |     2 +-
 78 files changed, 13067 insertions(+), 461 deletions(-)
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2760-1.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2760-2.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-0797-1.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-0797-2.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-2044.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-2045.patch
 create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-2048.patch
 create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch
 create mode 100644 meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-1.patch
 create mode 100644 meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-2.patch
 create mode 100644 meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-3.patch
 create mode 100644 meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-4.patch
 create mode 100644 meta-networking/recipes-support/ettercap/ettercap/CVE-2026-3606.patch
 create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2026-0960.patch
 create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch
 create mode 100644 meta-oe/recipes-connectivity/krb5/krb5/0001-Eliminate-old-style-function-declarations.patch
 rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.11.12.bb => mariadb-native_10.11.16.bb} (100%)
 rename meta-oe/recipes-dbs/mysql/{mariadb_10.11.12.bb => mariadb_10.11.16.bb} (100%)
 create mode 100644 meta-oe/recipes-devtools/capnproto/capnproto/CVE-2026-32239_CVE-2026-32240.patch
 delete mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14177.patch
 delete mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14178.patch
 delete mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch
 rename meta-oe/recipes-devtools/php/{php_8.2.29.bb => php_8.2.30.bb} (98%)
 create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
 delete mode 100644 meta-oe/recipes-multimedia/libjxl/libjxl/CVE-2024-11403.patch
 delete mode 100644 meta-oe/recipes-multimedia/libjxl/libjxl/CVE-2024-11498.patch
 rename meta-oe/recipes-multimedia/libjxl/{libjxl_0.10.2.bb => libjxl_0.10.5.bb} (87%)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-1.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-2.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-1.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-2.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-1.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-2.patch
 delete mode 100644 meta-oe/recipes-support/freerdp/freerdp/0001-Fixed-compilation-warnings.patch
 rename meta-oe/recipes-support/freerdp/{freerdp_2.11.7.bb => freerdp_2.11.8.bb} (97%)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68950.patch
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch
 create mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2026-3731-1.patch
 create mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2026-3731-2.patch
 rename meta-python/recipes-devtools/python/{python3-django-4.2.28 => python3-django-4.2.29}/0001-lower-setuptools-requirements.patch (100%)
 rename meta-python/recipes-devtools/python/{python3-django_4.2.28.bb => python3-django_4.2.29.bb} (82%)
 create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-pyjwt/CVE-2026-32597.patch

Comments

Khem Raj March 25, 2026, 2:58 p.m. UTC | #1 
applied now, Thanks Anuj

On Tue, Mar 24, 2026 at 11:43 PM Anuj Mittal via lists.openembedded.org
<anuj.mittal=oss.qualcomm.com@lists.openembedded.org> wrote:

> Please merge these changes in scarthgap. Tested with qemux86, qemu86-64,
> qemuarm and qemuarm64 locally and on autobuilder.
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1392
>
> The following changes since commit
> 4d3e2639dec542b58708244662d5ce36810fc510:
>
>   source-han-sans-*-fonts: rename downloaded files in SRC_URI (2026-03-03
> 13:08:08 +0530)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
>
> https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap
>
> for you to fetch changes up to 06f846a325fde423bb0a6d49d771d8c1e144d7eb:
>
>   bluealsa: fix QA issue staticdev (2026-03-24 15:53:24 +0530)
>
> ----------------------------------------------------------------
>
> Aviv Daum (1):
>   lldpd: fix xml PACKAGECONFIG dependency
>
> Christos Gavros (1):
>   nativesdk-pistache: dependency with brotli
>
> Deepak Rathore (1):
>   yasm: extend recipe for nativesdk builds
>
> Gyorgy Sarvari (33):
>   exiftool: ignore CVE-2026-3102
>   freerdp: upgrade 2.11.7 -> 2.11.8
>   gimp: ignore CVE-2025-14424
>   gimp: patch CVE-2025-15059
>   gimp: patch CVE-2025-2760
>   gimp: patch CVE-2025-2761
>   gimp: patch CVE-2026-0797
>   gimp: patch CVE-2026-2044
>   gimp: patch CVE-2026-2045
>   gimp: ignore CVE-2026-2047
>   gimp: patch CVE-2026-2048
>   gnome-shell: ignore CVE-2021-3982
>   keepalived: patch CVE-2024-41184
>   libjxl: upgrade 0.10.2 -> 0.10.5
>   protobuf: ignore CVE-2026-0994
>   python3-django: upgrade 4.2.28 -> 4.2.29
>   streamripper: ignore CVE-2020-37065
>   gimp: add additional patch for CVE-2026-0797
>   vlc: ignore CVE-2026-26227 and CVE-2026-26228
>   php: upgrade 8.2.29 -> 8.2.30
>   ettercap: patch CVE-2026-3603
>   exiv2: patch CVE-2026-25884
>   exiv2: patch CVE-2026-27596
>   exiv2: patch CVE-2026-27631
>   imagemagick: patch CVE-2025-68618
>   imagemagick: patch CVE-2025-68950
>   imagemagick: patch CVE-2025-69204
>   hiawatha: fix SRC_URI
>   openjpeg: patch CVE-2023-39327
>   capnproto: patch CVE-2026-32239 and CVE-2026-32240
>   libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
>   mariadb: upgrade 10.11.12 -> 10.11.16
>   libde265: patch CVE-2025-61147
>
> Hitendra Prajapati (4):
>   wireshark: Fix CVE-2026-3201
>   wireshark: Fix CVE-2026-0960
>   python3-pyjwt: Fix CVE-2026-32597
>   python3-pillow: fix CVE-2026-25990
>
> Martin Jansa (1):
>   krb5: fix build with gcc-15
>
> Matthias Proske (1):
>   bluealsa: fix QA issue staticdev
>
> Peter Marko (4):
>   spice-gtk: mark CVE-2012-4425 as fixed
>   spice: ignore CVE-2016-0749
>   spice: set CVE-2016-2150 status to fixed
>   sassc: ignore CVE-2022-43357
>
> Sujeet Nayak (1):
>   libnice: make crypto library configurable via PACKAGECONFIG
>
> Vijay Anusuri (1):
>   libssh: Fix CVE-2026-3731
>
> haonguyen-qualgo (1):
>   mbedtls: Do not set LIB_INSTALL_DIR to an absolute path to make
>     MbedTLSTargets.cmake relocateable
>
>  .../gimp/gimp/CVE-2025-15059.patch            |    33 +
>  .../gimp/gimp/CVE-2025-2760-1.patch           |    38 +
>  .../gimp/gimp/CVE-2025-2760-2.patch           |    84 +
>  .../gimp/gimp/CVE-2025-2761.patch             |    34 +
>  .../gimp/gimp/CVE-2026-0797-1.patch           |    91 +
>  .../gimp/gimp/CVE-2026-0797-2.patch           |    62 +
>  .../gimp/gimp/CVE-2026-2044.patch             |    28 +
>  .../gimp/gimp/CVE-2026-2045.patch             |    36 +
>  .../gimp/gimp/CVE-2026-2048.patch             |    84 +
>  meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb  |    13 +-
>  .../gnome-shell/gnome-shell_46.1.bb           |     1 +
>  .../bluealsa/bluealsa_git.bb                  |     1 +
>  .../libde265/libde265/CVE-2025-61147.patch    |    84 +
>  .../libde265/libde265_1.0.12.bb               |     3 +-
>  .../streamripper/streamripper_1.64.6.bb       |     2 +
>  .../recipes-multimedia/vlc/vlc_3.0.20.bb      |     3 +
>  .../mbedtls/mbedtls_2.28.10.bb                |     2 -
>  .../mbedtls/mbedtls_3.6.5.bb                  |     2 -
>  .../keepalived/CVE-2024-41184-1.patch         |    98 +
>  .../keepalived/CVE-2024-41184-2.patch         |    88 +
>  .../keepalived/CVE-2024-41184-3.patch         |    94 +
>  .../keepalived/CVE-2024-41184-4.patch         |    33 +
>  .../keepalived/keepalived_2.2.8.bb            |     4 +
>  .../recipes-daemons/lldpd/lldpd_1.0.18.bb     |     2 +-
>  .../ettercap/ettercap/CVE-2026-3606.patch     |    48 +
>  .../ettercap/ettercap_0.8.3.1.bb              |     4 +-
>  .../recipes-support/spice/spice-gtk_0.42.bb   |     2 +
>  .../recipes-support/spice/spice_git.bb        |     2 +
>  .../wireshark/files/CVE-2026-0960.patch       |    43 +
>  .../wireshark/files/CVE-2026-3201.patch       |    55 +
>  .../wireshark/wireshark_4.2.14.bb             |     2 +
>  ...nate-old-style-function-declarations.patch | 10803 ++++++++++++++++
>  .../recipes-connectivity/krb5/krb5_1.21.3.bb  |     1 +
>  ...10.11.12.bb => mariadb-native_10.11.16.bb} |     0
>  meta-oe/recipes-dbs/mysql/mariadb.inc         |     2 +-
>  ...ck-if-syscall-exists-before-using-it.patch |     8 +-
>  ...Lists.txt-fix-gen_lex_hash-not-found.patch |     6 +-
>  ...ariadb_10.11.12.bb => mariadb_10.11.16.bb} |     0
>  .../CVE-2026-32239_CVE-2026-32240.patch       |   160 +
>  .../capnproto/capnproto_1.0.2.bb              |     4 +-
>  .../recipes-devtools/perl/exiftool_12.72.bb   |     2 +
>  .../php/php/CVE-2025-14177.patch              |    84 -
>  .../php/php/CVE-2025-14178.patch              |    65 -
>  .../php/php/CVE-2025-14180.patch              |    69 -
>  .../php/{php_8.2.29.bb => php_8.2.30.bb}      |     5 +-
>  .../protobuf/protobuf_4.25.8.bb               |     2 +
>  meta-oe/recipes-devtools/yasm/yasm_git.bb     |     2 +-
>  .../recipes-extended/brotli/brotli_1.1.0.bb   |     2 +-
>  .../openjpeg/openjpeg/CVE-2023-39327.patch    |    51 +
>  .../openjpeg/openjpeg_2.5.4.bb                |     1 +
>  .../libjxl/libjxl/CVE-2024-11403.patch        |    70 -
>  .../libjxl/libjxl/CVE-2024-11498.patch        |   113 -
>  .../{libjxl_0.10.2.bb => libjxl_0.10.5.bb}    |    10 +-
>  .../exiv2/exiv2/CVE-2026-25884-1.patch        |    69 +
>  .../exiv2/exiv2/CVE-2026-25884-2.patch        |    25 +
>  .../exiv2/exiv2/CVE-2026-27596-1.patch        |    71 +
>  .../exiv2/exiv2/CVE-2026-27596-2.patch        |    24 +
>  .../exiv2/exiv2/CVE-2026-27631-1.patch        |    63 +
>  .../exiv2/exiv2/CVE-2026-27631-2.patch        |    26 +
>  meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb |     8 +
>  .../0001-Fixed-compilation-warnings.patch     |    27 -
>  .../{freerdp_2.11.7.bb => freerdp_2.11.8.bb}  |     3 +-
>  .../imagemagick/CVE-2025-68618.patch          |   109 +
>  .../imagemagick/CVE-2025-68950.patch          |    25 +
>  .../imagemagick/CVE-2025-69204.patch          |    71 +
>  .../imagemagick/imagemagick_7.1.1.bb          |     3 +
>  .../recipes-support/libnice/libnice_0.1.22.bb |     5 +-
>  .../libssh/libssh/CVE-2026-3731-1.patch       |    44 +
>  .../libssh/libssh/CVE-2026-3731-2.patch       |   102 +
>  .../recipes-support/libssh/libssh_0.10.6.bb   |     2 +
>  meta-oe/recipes-support/sass/sassc_git.bb     |     2 +
>  .../0001-lower-setuptools-requirements.patch  |     0
>  ...ngo_4.2.28.bb => python3-django_4.2.29.bb} |     2 +-
>  .../python3-pillow/CVE-2026-25990.patch       |    91 +
>  .../python/python3-pillow_10.3.0.bb           |     1 +
>  .../python/python3-pyjwt/CVE-2026-32597.patch |   216 +
>  .../python/python3-pyjwt_2.8.0.bb             |     1 +
>  .../recipes-httpd/hiawatha/hiawatha_10.12.bb  |     2 +-
>  78 files changed, 13067 insertions(+), 461 deletions(-)
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-15059.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2760-1.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2760-2.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-2761.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-0797-1.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-0797-2.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-2044.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-2045.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2026-2048.patch
>  create mode 100644
> meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch
>  create mode 100644
> meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-1.patch
>  create mode 100644
> meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-2.patch
>  create mode 100644
> meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-3.patch
>  create mode 100644
> meta-networking/recipes-daemons/keepalived/keepalived/CVE-2024-41184-4.patch
>  create mode 100644
> meta-networking/recipes-support/ettercap/ettercap/CVE-2026-3606.patch
>  create mode 100644
> meta-networking/recipes-support/wireshark/files/CVE-2026-0960.patch
>  create mode 100644
> meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch
>  create mode 100644
> meta-oe/recipes-connectivity/krb5/krb5/0001-Eliminate-old-style-function-declarations.patch
>  rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.11.12.bb =>
> mariadb-native_10.11.16.bb} (100%)
>  rename meta-oe/recipes-dbs/mysql/{mariadb_10.11.12.bb =>
> mariadb_10.11.16.bb} (100%)
>  create mode 100644
> meta-oe/recipes-devtools/capnproto/capnproto/CVE-2026-32239_CVE-2026-32240.patch
>  delete mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14177.patch
>  delete mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14178.patch
>  delete mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch
>  rename meta-oe/recipes-devtools/php/{php_8.2.29.bb => php_8.2.30.bb}
> (98%)
>  create mode 100644
> meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
>  delete mode 100644
> meta-oe/recipes-multimedia/libjxl/libjxl/CVE-2024-11403.patch
>  delete mode 100644
> meta-oe/recipes-multimedia/libjxl/libjxl/CVE-2024-11498.patch
>  rename meta-oe/recipes-multimedia/libjxl/{libjxl_0.10.2.bb =>
> libjxl_0.10.5.bb} (87%)
>  create mode 100644
> meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-1.patch
>  create mode 100644
> meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884-2.patch
>  create mode 100644
> meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-1.patch
>  create mode 100644
> meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27596-2.patch
>  create mode 100644
> meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-1.patch
>  create mode 100644
> meta-oe/recipes-support/exiv2/exiv2/CVE-2026-27631-2.patch
>  delete mode 100644
> meta-oe/recipes-support/freerdp/freerdp/0001-Fixed-compilation-warnings.patch
>  rename meta-oe/recipes-support/freerdp/{freerdp_2.11.7.bb =>
> freerdp_2.11.8.bb} (97%)
>  create mode 100644
> meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68618.patch
>  create mode 100644
> meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-68950.patch
>  create mode 100644
> meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-69204.patch
>  create mode 100644
> meta-oe/recipes-support/libssh/libssh/CVE-2026-3731-1.patch
>  create mode 100644
> meta-oe/recipes-support/libssh/libssh/CVE-2026-3731-2.patch
>  rename meta-python/recipes-devtools/python/{python3-django-4.2.28 =>
> python3-django-4.2.29}/0001-lower-setuptools-requirements.patch (100%)
>  rename meta-python/recipes-devtools/python/{python3-django_4.2.28.bb =>
> python3-django_4.2.29.bb} (82%)
>  create mode 100644
> meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch
>  create mode 100644
> meta-python/recipes-devtools/python/python3-pyjwt/CVE-2026-32597.patch
>
> --
> 2.53.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#125601):
> https://lists.openembedded.org/g/openembedded-devel/message/125601
> Mute This Topic: https://lists.openembedded.org/mt/118497268/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>