deleted file mode 100644
@@ -1,34 +0,0 @@
-From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001
-From: Jaroslav Kysela <perex@perex.cz>
-Date: Thu, 29 Jan 2026 16:51:09 +0100
-Subject: [PATCH] topology: decoder - add boundary check for channel mixer
- count
-
-Malicious binary topology file may cause heap corruption.
-
-CVE: CVE-2026-25068
-
-Signed-off-by: Jaroslav Kysela <perex@perex.cz>
-
-Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- src/topology/ctl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/topology/ctl.c b/src/topology/ctl.c
-index a0c24518..322c461c 100644
---- a/src/topology/ctl.c
-+++ b/src/topology/ctl.c
-@@ -1250,6 +1250,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
- if (mc->num_channels > 0) {
- map = tplg_calloc(heap, sizeof(*map));
- map->num_channels = mc->num_channels;
-+ if (map->num_channels > SND_TPLG_MAX_CHAN ||
-+ map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
-+ snd_error(TOPOLOGY, "mixer: unexpected channel count %d", map->num_channels);
-+ return -EINVAL;
-+ }
- for (i = 0; i < map->num_channels; i++) {
- map->channel[i].reg = mc->channel[i].reg;
- map->channel[i].shift = mc->channel[i].shift;
similarity index 91%
rename from meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb
rename to meta/recipes-multimedia/alsa/alsa-lib_1.2.16.bb
@@ -10,8 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
"
SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2"
-SRC_URI += "file://CVE-2026-25068.patch"
-SRC_URI[sha256sum] = "7b079d614d582cade7ab8db2364e65271d0877a37df8757ac4ac0c8970be861e"
+SRC_URI[sha256sum] = "122b1e3166d55fe19bcde656535d7a36f2ab10e66c72c6ad2f43f20ffded0a96"
inherit autotools pkgconfig
Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *alsa-lib* to *1.2.16* has Succeeded. Next steps: - apply the patch: git am 0001-alsa-lib-upgrade-1.2.15.3-1.2.16.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 352b73d08dd87ce9aa0db8eeb82db5f3bd24bf0e Mon Sep 17 00:00:00 2001 From: Upgrade Helper <auh@yoctoproject.org> Date: Thu, 11 Jun 2026 13:34:59 +0000 Subject: [PATCH] alsa-lib: upgrade 1.2.15.3 -> 1.2.16 --- .../alsa/alsa-lib/CVE-2026-25068.patch | 34 ------------------- ...lsa-lib_1.2.15.3.bb => alsa-lib_1.2.16.bb} | 3 +- 2 files changed, 1 insertion(+), 36 deletions(-) delete mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch rename meta/recipes-multimedia/alsa/{alsa-lib_1.2.15.3.bb => alsa-lib_1.2.16.bb} (91%)