[01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16

Message ID	20260610094932.2264-1-wangmy@fujitsu.com
State	New
Headers	show Return-Path: <wangmy@fujitsu.com> ip: 207.54.90.47, mailfrom: wangmy@fujitsu.com) From: Wang Mingyu < wangmy@fujitsu.com> To: openembedded-core@lists.openembedded.org Cc: Wang Mingyu <wangmy@fujitsu.com> Subject: [OE-core] [PATCH 01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16 Date: Wed, 10 Jun 2026 17:49:16 +0800 Message-ID: <20260610094932.2264-1-wangmy@fujitsu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16 \| expand [01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16 [02/16] alsa-utils: upgrade 1.2.15.2 -> 1.2.16 [03/16] barebox-tools: upgrade 2026.04.0 -> 2026.06.0 [04/16] btrfs-tools: upgrade 6.19.1 -> 7.0 [05/16] dos2unix: upgrade 7.5.5 -> 7.5.6 [06/16] dropbear: upgrade 2025.89 -> 2026.91 [07/16] fastfloat: upgrade 8.2.5 -> 8.2.8 [08/16] file: upgrade 5.47 -> 5.48 [09/16] fontconfig: upgrade 2.17.1 -> 2.18.1 [10/16] ghostscript: upgrade 10.07.0 -> 10.07.1 [11/16] gpgme: upgrade 2.0.1 -> 2.1.0 [12/16] harfbuzz: upgrade 14.2.0 -> 14.2.1 [13/16] hwdata: upgrade 0.406 -> 0.408 [14/16] kbd: upgrade 2.9.0 -> 2.10.0 [15/16] mesa: upgrade 26.0.6 -> 26.1.2,26.0.6 -> 26.1.2 [16/16] sbom-cve-check-update-nvd-native: upgrade 2026.05.07-000006 -> 2026.06.09-000006

Message ID

20260610094932.2264-1-wangmy@fujitsu.com

State

New

Headers

From: Wang Mingyu < wangmy@fujitsu.com>
To: openembedded-core@lists.openembedded.org
Cc: Wang Mingyu <wangmy@fujitsu.com>
Subject: [OE-core] [PATCH 01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16
Date: Wed, 10 Jun 2026 17:49:16 +0800
Message-ID: <20260610094932.2264-1-wangmy@fujitsu.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16 | expand

Commit Message

Wang Mingyu June 10, 2026, 9:49 a.m. UTC

From: Wang Mingyu <wangmy@fujitsu.com>

CVE-2026-25068.patch
removed since it's included in 1.2.16

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
 .../alsa/alsa-lib/CVE-2026-25068.patch        | 34 -------------------
 ...lsa-lib_1.2.15.3.bb => alsa-lib_1.2.16.bb} |  3 +-
 2 files changed, 1 insertion(+), 36 deletions(-)
 delete mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
 rename meta/recipes-multimedia/alsa/{alsa-lib_1.2.15.3.bb => alsa-lib_1.2.16.bb} (91%)

diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
deleted file mode 100644
index 9bb24c24e2..0000000000
--- a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
+++ /dev/null
@@ -1,34 +0,0 @@ 
-From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001
-From: Jaroslav Kysela <perex@perex.cz>
-Date: Thu, 29 Jan 2026 16:51:09 +0100
-Subject: [PATCH] topology: decoder - add boundary check for channel mixer
- count
-
-Malicious binary topology file may cause heap corruption.
-
-CVE: CVE-2026-25068
-
-Signed-off-by: Jaroslav Kysela <perex@perex.cz>
-
-Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- src/topology/ctl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/topology/ctl.c b/src/topology/ctl.c
-index a0c24518..322c461c 100644
---- a/src/topology/ctl.c
-+++ b/src/topology/ctl.c
-@@ -1250,6 +1250,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
- 	if (mc->num_channels > 0) {
- 		map = tplg_calloc(heap, sizeof(*map));
- 		map->num_channels = mc->num_channels;
-+		if (map->num_channels > SND_TPLG_MAX_CHAN ||
-+		    map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
-+			snd_error(TOPOLOGY, "mixer: unexpected channel count %d", map->num_channels);
-+			return -EINVAL;
-+		}
- 		for (i = 0; i < map->num_channels; i++) {
- 			map->channel[i].reg = mc->channel[i].reg;
- 			map->channel[i].shift = mc->channel[i].shift;
diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb b/meta/recipes-multimedia/alsa/alsa-lib_1.2.16.bb
similarity index 91%
rename from meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb
rename to meta/recipes-multimedia/alsa/alsa-lib_1.2.16.bb
index 1ebb356925..25b2dcde17 100644
--- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb
+++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.16.bb
@@ -10,8 +10,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
                     "
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2"
-SRC_URI += "file://CVE-2026-25068.patch"
-SRC_URI[sha256sum] = "7b079d614d582cade7ab8db2364e65271d0877a37df8757ac4ac0c8970be861e"
+SRC_URI[sha256sum] = "122b1e3166d55fe19bcde656535d7a36f2ab10e66c72c6ad2f43f20ffded0a96"
 
 inherit autotools pkgconfig

[01/16] alsa-lib: upgrade 1.2.15.3 -> 1.2.16

Commit Message

Patch