mbox

[00/45] Whinlatter pull request

Message ID cover.1773213012.git.anuj.mittal@oss.qualcomm.com
State New
Headers show

Pull-request

https://git.openembedded.org/meta-openembedded-contrib stable/whinlatter-next

Message

Anuj Mittal March 11, 2026, 7:36 a.m. UTC 
Please merge these changes in whinlatter. Tested on autobuilder and
locally.

https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1345

The following changes since commit 12fc4c6584e001f89108a6691ccf2028eb05ed5a:

  tomoyo-tools: update SRC_URI (2026-02-24 18:46:45 +0530)

are available in the Git repository at:

  https://git.openembedded.org/meta-openembedded-contrib stable/whinlatter-next
  https://git.openembedded.org/meta-openembedded-contrib/log/?h=stable/whinlatter-next

Ankur Tyagi (12):
  wolfssl: patch CVE-2025-13912
  wolfssl: patch CVE-2025-7395
  wolfssl: patch CVE-2025-7394
  postgresql: upgrade 17.7 -> 17.8
  libjxl: upgrade 0.11.1 -> 0.11.2
  xrdp: patch CVE-2025-68670
  valkey: upgrade 8.1.4 -> 8.1.6
  python3-greenlet: upgrade 3.2.4 -> 3.2.5
  libde265: upgrade 1.0.15 -> 1.0.16
  frr: upgrade 10.4.2 -> 10.4.3
  nopoll: upgrade 0.4.7.b429 -> 0.4.9.b462
  open62541: upgrade 1.3.15 -> 1.3.17

Anuj Mittal (1):
  systemd-netlogd: upgrade 1.4.4 -> 1.4.5

Daniel Klauer (1):
  nbench-byte: Fix sysinfo generation in parallel build

Gyorgy Sarvari (17):
  nginx: patch CVE-2026-1642
  openjpeg: patch CVE-2023-39327
  protobuf: ignore CVE-2026-0994
  gnome-shell: ignore CVE-2021-3982
  gimp: ignore already fixed CVEs
  minidlna: ignore CVE-2024-51442
  python3-werkzeug: upgrade 3.1.5 -> 3.1.6
  libheif: patch CVE-2025-68431
  python3-nltk: upgrade 3.9.2 -> 3.9.3
  python3-pillow: patch CVE-2026-25990
  streamripper: ignore CVE-2020-37065
  unbound: patch CVE-2025-5994
  python3-protobuf: mark CVE-2026-0994 patched
  exiftool: ignore CVE-2026-3102
  libmediaart-2.0: upgrade 1.9.6 -> 1.9.7
  libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
  zabbix: mark CVE-2026-23925 as patched

Jason Schonberg (1):
  nopoll: Upgrade to 0.4.7.b429

Leon Anavi (3):
  python3-filelock: Upgrade 3.20.1 -> 3.20.2
  python3-filelock: Upgrade 3.20.2 -> 3.20.3
  python3-flask: Upgrade 3.1.2 -> 3.1.3

Liu Yiding (2):
  networkmanager: upgrade 1.52.0 -> 1.52.2
  networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5

Markus Volk (1):
  pipewire: update 1.4.9 -> 1.4.10

Peter Kjellerstedt (1):
  ceres-solver: Don't fail if .git/hooks/commit-msg can't be touched

Tafil Avdyli (1):
  python3-pybind11-json: fix Targets.cmake trying to reference host

Wang Mingyu (5):
  python3-filelock: upgrade 3.20.0 -> 3.20.1
  python3-sqlparse: upgrade 0.5.4 -> 0.5.5
  imagemagick: upgrade 7.1.2-13 -> 7.1.2-15
  libcacard: upgrade 2.8.1 -> 2.8.2
  postfix: upgrade 3.10.6 -> 3.10.8

 meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb    |   5 +-
 .../gnome-shell/gnome-shell_48.3.bb           |   1 +
 ...{libde265_1.0.15.bb => libde265_1.0.16.bb} |   4 +-
 .../libheif/libheif/CVE-2025-68431.patch      |  26 ++
 .../libheif/libheif_1.20.2.bb                 |   4 +-
 .../recipes-multimedia/minidlna/minidlna.inc  |   1 +
 .../{pipewire_1.4.9.bb => pipewire_1.4.10.bb} |   2 +-
 .../streamripper/streamripper_1.64.6.bb       |   2 +
 ...-2.0_1.9.6.bb => libmediaart-2.0_1.9.7.bb} |   2 +-
 ....3.bb => networkmanager-openvpn_1.12.5.bb} |   4 +-
 ...ger_1.52.0.bb => networkmanager_1.52.2.bb} |   4 +-
 .../wolfssl/files/CVE-2025-13912.patch        | 439 ++++++++++++++++++
 .../wolfssl/files/CVE-2025-7394-1.patch       |  46 ++
 .../wolfssl/files/CVE-2025-7394-2.patch       | 276 +++++++++++
 .../wolfssl/files/CVE-2025-7394-3.patch       | 125 +++++
 .../wolfssl/files/CVE-2025-7394-4.patch       |  88 ++++
 .../wolfssl/files/CVE-2025-7394-5.patch       |  42 ++
 .../wolfssl/files/CVE-2025-7394-6.patch       |  49 ++
 .../wolfssl/files/CVE-2025-7395-1.patch       |  85 ++++
 .../wolfssl/files/CVE-2025-7395-2.patch       |  28 ++
 .../wolfssl/files/CVE-2025-7395-3.patch       |  26 ++
 .../wolfssl/files/CVE-2025-7395-4.patch       |  27 ++
 .../wolfssl/wolfssl_5.8.0.bb                  |  11 +
 .../{postfix_3.10.6.bb => postfix_3.10.8.bb}  |   2 +-
 .../frr/{frr_10.4.2.bb => frr_10.4.3.bb}      |   2 +-
 ...oll_0.4.6.b400.bb => nopoll_0.4.9.b462.bb} |   3 +-
 ...pen62541_1.3.15.bb => open62541_1.3.17.bb} |   2 +-
 ...{libcacard_2.8.1.bb => libcacard_2.8.2.bb} |   4 +-
 .../unbound/unbound/CVE-2025-5994.patch       | 279 +++++++++++
 .../recipes-support/unbound/unbound_1.22.0.bb |   1 +
 ...sysinfo-generation-in-parallel-build.patch |  69 +++
 .../sysinfo.sh-Fix-typo-in-rm-command.patch   |  27 ++
 .../nbench-byte/nbench-byte_2.2.3.bb          |   4 +-
 .../zabbix/zabbix_7.0.19.bb                   |   2 +
 .../files/0001-tcl.m4-Recognize-tclsh9.patch  |   2 +-
 .../files/0002-Improve-reproducibility.patch  |   9 +-
 ...c-bypass-autoconf-2.69-version-check.patch |   6 +-
 ...-config_info.c-not-expose-build-info.patch |   4 +-
 ...gresql-fix-ptest-failure-of-sysviews.patch |   5 +-
 .../postgresql/files/not-check-libperl.patch  |   6 +-
 ...{postgresql_17.7.bb => postgresql_17.8.bb} |   4 +-
 .../recipes-devtools/perl/exiftool_13.42.bb   |   2 +
 .../protobuf/protobuf_6.31.1.bb               |   2 +
 .../{valkey_8.1.4.bb => valkey_8.1.6.bb}      |   4 +-
 .../openjpeg/openjpeg/CVE-2023-39327.patch    |  50 ++
 .../openjpeg/openjpeg_2.5.4.bb                |   1 +
 .../{libjxl_0.11.1.bb => libjxl_0.11.2.bb}    |   7 +-
 .../ceres-solver/ceres-solver_2.2.0.bb        |   2 +-
 ...ck_7.1.2-13.bb => imagemagick_7.1.2-15.bb} |   2 +-
 ...logd_1.4.4.bb => systemd-netlogd_1.4.5.bb} |   4 +-
 .../xrdp/xrdp/CVE-2025-68670.patch            |  78 ++++
 meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb   |   1 +
 ...k_3.20.0.bb => python3-filelock_3.20.3.bb} |   2 +-
 ...-flask_3.1.2.bb => python3-flask_3.1.3.bb} |   4 +-
 ...let_3.2.4.bb => python3-greenlet_3.2.5.bb} |   2 +-
 .../python3-pillow/CVE-2026-25990.patch       | 151 ++++++
 .../python/python3-pillow_12.0.0.bb           |   5 +
 .../python/python3-protobuf_6.33.5.bb         |   1 +
 ...p-PYTHON_INCLUDE_DIRS-from-interface.patch |  34 ++
 .../python/python3-pybind11-json_0.2.15.bb    |   3 +-
 ...rse_0.5.4.bb => python3-sqlparse_0.5.5.bb} |   2 +-
 ...eug_3.1.5.bb => python3-werkzeug_3.1.6.bb} |   2 +-
 ...n3-nltk_3.9.2.bb => python3-nltk_3.9.3.bb} |   2 +-
 .../nginx/files/CVE-2026-1642.patch           |  46 ++
 .../recipes-httpd/nginx/nginx_1.29.1.bb       |   1 +
 65 files changed, 2082 insertions(+), 54 deletions(-)
 rename meta-multimedia/recipes-multimedia/libde265/{libde265_1.0.15.bb => libde265_1.0.16.bb} (90%)
 create mode 100644 meta-multimedia/recipes-multimedia/libheif/libheif/CVE-2025-68431.patch
 rename meta-multimedia/recipes-multimedia/pipewire/{pipewire_1.4.9.bb => pipewire_1.4.10.bb} (99%)
 rename meta-multimedia/recipes-support/libmediaart/{libmediaart-2.0_1.9.6.bb => libmediaart-2.0_1.9.7.bb} (90%)
 rename meta-networking/recipes-connectivity/networkmanager/{networkmanager-openvpn_1.12.3.bb => networkmanager-openvpn_1.12.5.bb} (91%)
 rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.52.0.bb => networkmanager_1.52.2.bb} (99%)
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-13912.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-1.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-2.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-3.patch
 create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7395-4.patch
 rename meta-networking/recipes-daemons/postfix/{postfix_3.10.6.bb => postfix_3.10.8.bb} (99%)
 rename meta-networking/recipes-protocols/frr/{frr_10.4.2.bb => frr_10.4.3.bb} (99%)
 rename meta-networking/recipes-protocols/nopoll/{nopoll_0.4.6.b400.bb => nopoll_0.4.9.b462.bb} (84%)
 rename meta-networking/recipes-protocols/opcua/{open62541_1.3.15.bb => open62541_1.3.17.bb} (98%)
 rename meta-networking/recipes-support/spice/{libcacard_2.8.1.bb => libcacard_2.8.2.bb} (82%)
 create mode 100644 meta-networking/recipes-support/unbound/unbound/CVE-2025-5994.patch
 create mode 100644 meta-oe/recipes-benchmark/nbench-byte/nbench-byte/Makefile-Fix-sysinfo-generation-in-parallel-build.patch
 create mode 100644 meta-oe/recipes-benchmark/nbench-byte/nbench-byte/sysinfo.sh-Fix-typo-in-rm-command.patch
 rename meta-oe/recipes-dbs/postgresql/{postgresql_17.7.bb => postgresql_17.8.bb} (76%)
 rename meta-oe/recipes-extended/valkey/{valkey_8.1.4.bb => valkey_8.1.6.bb} (97%)
 create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2023-39327.patch
 rename meta-oe/recipes-multimedia/libjxl/{libjxl_0.11.1.bb => libjxl_0.11.2.bb} (90%)
 rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.2-13.bb => imagemagick_7.1.2-15.bb} (99%)
 rename meta-oe/recipes-support/systemd-netlogd/{systemd-netlogd_1.4.4.bb => systemd-netlogd_1.4.5.bb} (91%)
 create mode 100644 meta-oe/recipes-support/xrdp/xrdp/CVE-2025-68670.patch
 rename meta-python/recipes-devtools/python/{python3-filelock_3.20.0.bb => python3-filelock_3.20.3.bb} (87%)
 rename meta-python/recipes-devtools/python/{python3-flask_3.1.2.bb => python3-flask_3.1.3.bb} (81%)
 rename meta-python/recipes-devtools/python/{python3-greenlet_3.2.4.bb => python3-greenlet_3.2.5.bb} (81%)
 create mode 100644 meta-python/recipes-devtools/python/python3-pillow/CVE-2026-25990.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-pybind11-json/0001-CMakeLists-drop-PYTHON_INCLUDE_DIRS-from-interface.patch
 rename meta-python/recipes-devtools/python/{python3-sqlparse_0.5.4.bb => python3-sqlparse_0.5.5.bb} (82%)
 rename meta-python/recipes-devtools/python/{python3-werkzeug_3.1.5.bb => python3-werkzeug_3.1.6.bb} (90%)
 rename meta-python/recipes-devtools/python3-nltk/{python3-nltk_3.9.2.bb => python3-nltk_3.9.3.bb} (88%)
 create mode 100644 meta-webserver/recipes-httpd/nginx/files/CVE-2026-1642.patch