[meta-oe,scarthgap,v2,v2,00/18] patch CVE

Message ID	20251014233233.304125-1-ankur.tyagi85@gmail.com
Headers	show Return-Path: <ankur.tyagi85@gmail.com> ip: 209.85.215.176, mailfrom: ankur.tyagi85@gmail.com) From: Ankur Tyagi <ankur.tyagi85@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 00/18] patch CVE Date: Wed, 15 Oct 2025 12:32:11 +1300 Message-ID: <20251014233233.304125-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	patch CVE \| expand [meta-oe,scarthgap,v2,v2,00/18] patch CVE [meta-oe,scarthgap,v2,v2,01/18] dash: set CVE_PRODUCT [meta-oe,scarthgap,v2,v2,02/18] libppd: patch CVE-2024-47175 [meta-oe,scarthgap,v2,v2,03/18] hdf5: patch CVE-2025-2923 [meta-oe,scarthgap,v2,v2,04/18] hdf5: patch CVE-2025-2924 [meta-oe,scarthgap,v2,v2,05/18] hdf5: patch CVE-2025-2925 [meta-oe,scarthgap,v2,v2,06/18] hdf5: patch CVE-2025-6269 [meta-oe,scarthgap,v2,v2,07/18] libcupsfilters: patch CVE-2024-47076 [meta-oe,scarthgap,v2,v2,08/18] libraw: patch CVE-2025-43961 CVE-2025-43962 [meta-oe,scarthgap,v2,v2,09/18] libraw: patch CVE-2025-43963 [meta-oe,scarthgap,v2,v2,10/18] libraw: patch CVE-2025-43964 [meta-oe,scarthgap,v2,v2,11/18] zlog: fix CVE-2024-22857 [meta-oe,scarthgap,v2,v2,12/18] exiv2: patch CVE-2025-26623 [meta-oe,scarthgap,v2,v2,13/18] exiv2: patch CVE-2025-54080 [meta-oe,scarthgap,v2,v2,14/18] exiv2: patch CVE-2025-55304 [meta-oe,scarthgap,v2,v2,15/18] gattlib: mark CVE-2019-6498 as fixed [meta-oe,scarthgap,v2,v2,16/18] influxdb: Do not remove non-existing files [meta-oe,scarthgap,v2,v2,17/18] influxdb: Update CVE status for CVE-2019-10329 [meta-oe,scarthgap,v2,v2,18/18] jasper: upgrade to 4.1.2 release

Message ID

20251014233233.304125-1-ankur.tyagi85@gmail.com

Headers

From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 00/18] patch CVE
Date: Wed, 15 Oct 2025 12:32:11 +1300
Message-ID: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

patch CVE | expand

Message

Ankur Tyagi Oct. 14, 2025, 11:32 p.m. UTC

changes in v2:
- fixed UNPACKDIR usage in influxdb
- removed jasper v4.1.1

Ankur Tyagi (11):
  libppd: patch CVE-2024-47175
  hdf5: patch CVE-2025-2923
  hdf5: patch CVE-2025-2924
  hdf5: patch CVE-2025-2925
  hdf5: patch CVE-2025-6269
  libcupsfilters: patch CVE-2024-47076
  libraw: patch CVE-2025-43961 CVE-2025-43962
  libraw: patch CVE-2025-43963
  libraw: patch CVE-2025-43964
  zlog: fix CVE-2024-22857
  jasper: upgrade to 4.1.2 release

Gyorgy Sarvari (3):
  exiv2: patch CVE-2025-26623
  exiv2: patch CVE-2025-54080
  exiv2: patch CVE-2025-55304

Khem Raj (1):
  influxdb: Do not remove non-existing files

Ninette Adhikari (1):
  influxdb: Update CVE status for CVE-2019-10329

Peter Marko (2):
  dash: set CVE_PRODUCT
  gattlib: mark CVE-2019-6498 as fixed

 .../gattlib/gattlib_git.bb                    |   2 +
 .../recipes-dbs/influxdb/influxdb_1.8.10.bb   |   9 +-
 ...E-2024-22857-buffer-overflow-patched.patch |  31 +
 meta-oe/recipes-extended/zlog/zlog_1.2.16.bb  |   4 +-
 .../{jasper_4.1.1.bb => jasper_4.1.2.bb}      |   3 +-
 .../libcupsfilters/0001-CVE-2024-47076.patch  |  38 ++
 .../cups/libcupsfilters_2.0.0.bb              |   1 +
 .../cups/libppd/0001-CVE-2024-47175.patch     | 600 ++++++++++++++++++
 meta-oe/recipes-printing/cups/libppd_2.0.0.bb |   5 +-
 meta-oe/recipes-shells/dash/dash_0.5.12.bb    |   2 +
 ...ppendIccProfile-to-fix-quadratic-per.patch |  96 +++
 .../exiv2/exiv2/0001-CVE-2025-54080-fix.patch |  77 +++
 .../0001-Revert-fix-copy-constructors.patch   |  82 +++
 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb |   6 +-
 .../hdf5/files/0001-CVE-2025-2923.patch       |  67 ++
 .../hdf5/files/0002-CVE-2025-2924.patch       |  39 ++
 .../hdf5/files/0003-CVE-2025-2925.patch       |  53 ++
 .../0004-CVE-2025-6269-OSV-2023-77.patch      | 294 +++++++++
 meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb |   4 +
 .../0001-CVE-2025-43961-CVE-2025-43962.patch  | 108 ++++
 .../libraw/libraw/0002-CVE-2025-43963.patch   |  40 ++
 .../libraw/libraw/0003-CVE-2025-43964.patch   |  29 +
 .../recipes-support/libraw/libraw_0.21.2.bb   |   7 +-
 23 files changed, 1589 insertions(+), 8 deletions(-)
 create mode 100644 meta-oe/recipes-extended/zlog/zlog/0001-CVE-2024-22857-buffer-overflow-patched.patch
 rename meta-oe/recipes-graphics/jasper/{jasper_4.1.1.bb => jasper_4.1.2.bb} (89%)
 create mode 100644 meta-oe/recipes-printing/cups/libcupsfilters/0001-CVE-2024-47076.patch
 create mode 100644 meta-oe/recipes-printing/cups/libppd/0001-CVE-2024-47175.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/0001-Add-new-method-appendIccProfile-to-fix-quadratic-per.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/0001-Revert-fix-copy-constructors.patch
 create mode 100644 meta-oe/recipes-support/hdf5/files/0001-CVE-2025-2923.patch
 create mode 100644 meta-oe/recipes-support/hdf5/files/0002-CVE-2025-2924.patch
 create mode 100644 meta-oe/recipes-support/hdf5/files/0003-CVE-2025-2925.patch
 create mode 100644 meta-oe/recipes-support/hdf5/files/0004-CVE-2025-6269-OSV-2023-77.patch
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0001-CVE-2025-43961-CVE-2025-43962.patch
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch