mbox

[00/29] Scarthgap pull request

Message ID cover.1779718757.git.anuj.mittal@oss.qualcomm.com
State New
Headers show

Pull-request

https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap

Message

Anuj Mittal May 25, 2026, 2:26 p.m. UTC 
Mostly CVE fixes and a few bug fix only upgrades. There's a new recipe for
python3-backports-zstd that introduces this module for Python 3.12 which didn't
have this.

Tested locally and on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1538

The following changes since commit ae7dfb12245c7f9b9a353499e2688015bd4e6413:

  jq: Stick to C17 until next release (2026-05-05 06:57:17 +0530)

are available in the Git repository at:

  https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
  https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap

for you to fetch changes up to d8cc4e44001c7257273d290ce8c4496e93d32841:

  postgresql: upgrade 16.12 -> 16.14 (2026-05-25 08:05:43 +0530)

----------------------------------------------------------------

Ankur Tyagi (8):
  exiftool: ignore CVE-2026-7580
  firewalld: upgrade 1.3.2 -> 1.3.4
  frr: patch CVE-2026-28532
  lcms: patch CVE-2026-41254
  lcms: patch CVE-2026-42798
  postfix: upgrade 3.8.12 -> 3.8.16
  nanomsg: upgrade 1.2.1 -> 1.2.2
  postgresql: upgrade 16.12 -> 16.14

Gyorgy Sarvari (1):
  python3-ecdsa: set CVE_PRODUCT

Het Patel (3):
  abseil-cpp: Add CVE_PRODUCT to support product name
  onig: Add CVE_PRODUCT to support product name
  open-vm-tools: Add entry to CVE_PRODUCT to support the product name

Hitendra Prajapati (2):
  wireshark: fix for CVE-2025-13946
  strongswan: fix for CVE-2026-35334

Hugo SIMELIERE (Schneider Electric) (5):
  nss: Fix CVE-2026-2781
  dnsmasq: Fix CVE-2026-4891
  dnsmasq: Fix CVE-2026-4892
  dnsmasq: Fix CVE-2026-4893
  dnsmasq: Fix CVE-2026-5172

Jason Schonberg (1):
  php: upgrade 8.2.30 -> 8.2.31

Jérémie Dautheribes (Schneider Electric ) (1):
  python3-backports-zstd: add recipe

Liyin Zhang (1):
  apache2: upgrade 2.4.66 -> 2.4.67

Peter Marko (1):
  python-grpcio(-tools): add grpc:grpc to cve product

Sudhir Dumbhare (1):
  libssh: set status for CVE-2025-14821

Theo Gaige (1):
  dash: fix CVE-2026-31323

Theo Gaige (Schneider Electric) (4):
  nginx: patch CVE-2026-40701
  nginx: patch CVE-2026-42934
  nginx: patch CVE-2026-42945
  nginx: patch CVE-2026-42946

 ...{firewalld_1.3.2.bb => firewalld_1.3.4.bb} |   2 +-
 .../{nanomsg_1.2.1.bb => nanomsg_1.2.2.bb}    |   2 +-
 .../{postfix_3.8.12.bb => postfix_3.8.16.bb}  |   2 +-
 .../frr/frr/CVE-2026-28532.patch              | 309 ++++++++++++++++++
 .../recipes-protocols/frr/frr_9.1.3.bb        |   1 +
 .../recipes-support/dnsmasq/dnsmasq_2.90.bb   |   4 +
 .../dnsmasq/files/CVE-2026-4891.patch         |  44 +++
 .../dnsmasq/files/CVE-2026-4892.patch         |  41 +++
 .../dnsmasq/files/CVE-2026-4893.patch         |  38 +++
 .../dnsmasq/files/CVE-2026-5172.patch         |  39 +++
 .../open-vm-tools/open-vm-tools_12.3.5.bb     |   2 +-
 .../strongswan/CVE-2026-35334.patch           | 255 +++++++++++++++
 .../strongswan/strongswan_5.9.14.bb           |   1 +
 .../wireshark/files/CVE-2025-13946.patch      |  51 +++
 .../wireshark/wireshark_4.2.14.bb             |   1 +
 .../files/0001-Add-support-for-RISC-V.patch   |   7 +-
 .../files/0002-Improve-reproducibility.patch  |   7 +-
 ...c-bypass-autoconf-2.69-version-check.patch |  11 +-
 ...-config_info.c-not-expose-build-info.patch |   9 +-
 ...gresql-fix-ptest-failure-of-sysviews.patch |   7 +-
 .../postgresql/files/not-check-libperl.patch  |   9 +-
 ...ostgresql_16.12.bb => postgresql_16.14.bb} |   2 +-
 .../abseil-cpp/abseil-cpp_20240116.3.bb       |   3 +
 .../recipes-devtools/perl/exiftool_12.72.bb   |   1 +
 .../php/{php_8.2.30.bb => php_8.2.31.bb}      |   2 +-
 .../dash/dash/CVE-2026-31323.patch            |  43 +++
 meta-oe/recipes-shells/dash/dash_0.5.12.bb    |   5 +-
 .../lcms/lcms/CVE-2026-41254_1.patch          |  30 ++
 .../lcms/lcms/CVE-2026-41254_2.patch          |  36 ++
 .../lcms/lcms/CVE-2026-42798.patch            |  38 +++
 meta-oe/recipes-support/lcms/lcms_2.16.bb     |   6 +-
 .../recipes-support/libssh/libssh_0.10.6.bb   |   2 +
 .../nss/nss/CVE-2026-2781.patch               |  36 ++
 meta-oe/recipes-support/nss/nss_3.98.bb       |   1 +
 meta-oe/recipes-support/onig/onig_6.9.9.bb    |   3 +
 ...ake-license-entries-compatible-with-.patch |  38 +++
 ...s.toml-lower-setuptools-requirements.patch |  31 ++
 .../python/python3-backports-zstd_1.5.0.bb    |  21 ++
 .../python/python3-ecdsa_0.19.0.bb            |   2 +
 .../python/python3-grpcio-tools_1.62.2.bb     |   2 +
 .../python/python3-grpcio_1.62.2.bb           |   2 +
 .../{apache2_2.4.66.bb => apache2_2.4.67.bb}  |   2 +-
 .../nginx/nginx-1.24.0/CVE-2026-40701.patch   |  73 +++++
 .../nginx/nginx-1.24.0/CVE-2026-42934.patch   |  79 +++++
 .../nginx/nginx-1.24.0/CVE-2026-42945.patch   |  46 +++
 .../nginx-1.24.0/CVE-2026-42946-01.patch      |  46 +++
 .../nginx-1.24.0/CVE-2026-42946-02.patch      |  91 ++++++
 .../recipes-httpd/nginx/nginx_1.24.0.bb       |   5 +
 48 files changed, 1445 insertions(+), 43 deletions(-)
 rename meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/{firewalld_1.3.2.bb => firewalld_1.3.4.bb} (99%)
 rename meta-networking/recipes-connectivity/nanomsg/{nanomsg_1.2.1.bb => nanomsg_1.2.2.bb} (94%)
 rename meta-networking/recipes-daemons/postfix/{postfix_3.8.12.bb => postfix_3.8.16.bb} (99%)
 create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2026-28532.patch
 create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch
 create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch
 create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch
 create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch
 create mode 100644 meta-networking/recipes-support/strongswan/strongswan/CVE-2026-35334.patch
 create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch
 rename meta-oe/recipes-dbs/postgresql/{postgresql_16.12.bb => postgresql_16.14.bb} (86%)
 rename meta-oe/recipes-devtools/php/{php_8.2.30.bb => php_8.2.31.bb} (99%)
 create mode 100644 meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch
 create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
 create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
 create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch
 create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd/0001-pyproject.toml-make-license-entries-compatible-with-.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd/0002-pyprojects.toml-lower-setuptools-requirements.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd_1.5.0.bb
 rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.66.bb => apache2_2.4.67.bb} (99%)
 create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-40701.patch
 create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42934.patch
 create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42945.patch
 create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42946-01.patch
 create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42946-02.patch