From patchwork Mon Feb 2 16:37:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80254 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71DBBE7DEF7 for ; Mon, 2 Feb 2026 16:37:19 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.57420.1770050237679138043 for ; Mon, 02 Feb 2026 08:37:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HHoJc/yV; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47ee937ecf2so39723715e9.0 for ; Mon, 02 Feb 2026 08:37:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050236; x=1770655036; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=WkvszOsFlcL462+M/rvk0apByoITa+uutHQrkvCykS8=; b=HHoJc/yVSpzkruvdecbK96Vl5Jo42d9nJ8bQdDp6hbxNdx/b6XBDxbw6m3mhocEPj5 /Z4kmayUgE9u5FfvouFfKE+mTBSX1r0fnN5Tj54Yg6Pga73XFUJNt2DqhjYn/74W7P+p JPyfzO0mMHTV7FVTZ8uvD1yYorjJ72jO7X6BxLIULw5p8EQc5Esfd053Jt6qFmEhBVFr cf7qA0nL8A3uOkJXhsTLgNRtLErtsvWI0cSAHmugegeYk0A8/r/9gxCqEEo2vpQN3m/r R+v7pSUzUBVb6tReZ5UyrJtsXH8IogAdPPzU2bPwM0zjioIGZ015QnjXS5WGd84dt2Yn i7Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050236; x=1770655036; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WkvszOsFlcL462+M/rvk0apByoITa+uutHQrkvCykS8=; b=Ay7ykOr9zku/Kh9252G1Oq+AuH/kUQsuFMhPoC6CrhG4IDPR8prhEWFB98EyaUBNZ2 PQLeK4DVimVVvG/05EeqKnZiFjxPWWRZGHb8ASeun6GCKvKvvPluj9uMrGZUeF7OPKuI mJfoRRwjr0PkiGO4+YtkKWmOygMiTOyqH+fhkUF5zNOiw3/HdBEkJOeMH0pCBggkediu V0oDg+lefCsZVJSlTDYMcfq8pDrsPHxQRggEHXW9OP80kP2Y2bt7jZujxWYo8dTIlB0/ ESeVaekuGDrAK8j0K6LdQx2G2Ur0vayoOue6rblXmYncagX6+lsvz+X6ZFlsrcaJ9vgJ Enkg== X-Gm-Message-State: AOJu0YywRP3iCeujRBPLJSK45LOQNLZt51dKVh1SrITQ4GNFMBUizewS +XZMSUVvMGQHgaHqxbVf0KN7IpSZUfdYbjqMC1pDMbIVda+CWbM2HWQndy8T5w== X-Gm-Gg: AZuq6aJmuV/D7DCuicO7BLLd4vrObQipw9znn9GCIe+JAB17t9sR5r4/7SNuTC9HxMs ABOXVWFX9HRVywVUm5iv8evRjhDakli8gnCDSbofXOW3Zmxng8Gw952gAEIXJnTRs1wFqGYH13v nKFuTa6tas64cNgqBS+Ly+8M0ib4qVAaV6bYOqNWZpybgzelupqaxcnXDM7JH380AlQpd1T0F/2 eyI0mGbt71WH9/A9XxHFTFAU+0idD8b70zLCg8yl/aHJnfKkxbrMAGd1Wh5NCs4PqkLq5z00X4Y Jg87qTwmR4mEznv4yxSU0+PXyI1fm6PhlrYUKGMnVax1TNFfu5NqSuEP3B1lj4YgNpj1VwDQp7C LZ/c3aMJiaHgarNYVqQcfEpN9+EHMTEYy7J5/IDWRWivU1WmR/0m2lzyQqrTzhpOHS5wgcodLiy Tc4Hzou08+abb3O5UOKTY= X-Received: by 2002:a05:600c:35c6:b0:46f:a2ba:581f with SMTP id 5b1f17b1804b1-48305150654mr456955e9.16.1770050235741; Mon, 02 Feb 2026 08:37:15 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:15 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-gnome][PATCH 1/9] gimp: mark CVE-2025-15059 patched Date: Mon, 2 Feb 2026 17:37:06 +0100 Message-ID: <20260202163714.2359370-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124062 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059 The patch that is referenced by the NVD report has been backported[1] to the recipe version, and is included already. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/c9eb407485f6c085adf70c8a334f75ea31565c60 Signed-off-by: Gyorgy Sarvari --- meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb index a5e892c508..863d9a1667 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb @@ -134,3 +134,4 @@ RDEPENDS:${PN} = "mypaint-brushes-1.0 glib-networking python3-pygobject" CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" CVE_STATUS[CVE-2025-8672] = "not-applicable-config: the vulnerability only affects MacOS" +CVE_STATUS[CVE-2025-15059] = "fixed-version: The issue is fixed since v3.0.8" From patchwork Mon Feb 2 16:37:07 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80256 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7973BE7DF04 for ; Mon, 2 Feb 2026 16:37:19 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.57081.1770050238156143298 for ; Mon, 02 Feb 2026 08:37:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=VyRqPFgJ; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-48039fdc8aeso27940965e9.3 for ; Mon, 02 Feb 2026 08:37:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050236; x=1770655036; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hslOqK7Ad0YHbOK8qBMW8qjDEzRpaLkggCyDusBd9QU=; b=VyRqPFgJ1p9PuD/OIi5j5IwYvWq/zqfDQSObPY1YRU7YKM4Repluzl4sMfEicJkEwB +lJEBdWgOeJ5ZGW9k3oR8jHKYltydbi8BIxQt5DI7eXh3LS+qGeawv+im2YIeqSbOFqF NBpAGTZDu4oGu9aZ0NeuoP3Z9kRSDTLF7DrybZvqbbrS6y+0At5J5HN1/4Kf8IxM5C4y ocoFzZS9xZrvtyYriahv2OoY7yuPRqf16vI4gAVIxBMnUnvtO9Eoi6J2B7Hw2HMXM00w UXu0u+/UtOxf18l269iaM1eTo1dsYBfOr/smuWHiEHNqhwBTGlkpPXre04q896USG04z CW5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050236; x=1770655036; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hslOqK7Ad0YHbOK8qBMW8qjDEzRpaLkggCyDusBd9QU=; b=dPyDkXd2p/TdvdMierKs2tdDglQtIIc9kIELrj1jeW9QyW5xceHp9jTejRawU8xJxg LunKvHABEEiGFwQ2XeJOGpyK7j9YbhZYFg1ig03L+dGr+DL4fOLTlU+00QqkV/wy0LRQ Gnuq7TXhL7tjKmuDXcEOqhSkJ07e05t38rfvDfMuuVyZac18HDj7VR2r44h9KK1FWDI4 7rhHiwTC5nfJl45Z+UbhS/EUqpDjrta96D2L+v4q451tX4oDXCBB6OmzczwD1Pzeo4LM zCffgqOteF6DuCZz8w9H3Kr7ZLWEHxX61Ne0HOz+7ndsTcLdjR693jVWWsWLO1QG8Dh0 k/dA== X-Gm-Message-State: AOJu0YwpcrC0MfFeDxr/e/cfrOs4OtQtbSsHdsNA8mi4lVSJWiF4Fap3 +STksCiwF/wNNOKuD/JztE3wnxY5BQDLToHUQog4MdQSdT+pFDBmMpAcdgEEWQ== X-Gm-Gg: AZuq6aIAPT6IX9iLIv+010J+hiY725jJDv9EmoJiYwHiYBEhcq14eSwhHOtNOjNbVBK JfR8vOuvcyZXBZ92eEn4v5ZdnupjdjiJQnpGybj0rSxZ0efGHbgRQS53AXezIvKqWHTQ+D8UvcU zifSDjlYVrYZ1yyZIpet5Dmuohn7eur09lyDSK+8OPhogeCXEZQzq667BNF5WKTDE0H79znZ1yF 9+lwR9kcUuE9Jv/WA0rwL6RdWvVyCUX3FlpNWMr5kYTJmVykPHiIicLxPlnW9TFgJNcmiTVmrya yhfD3rShFA7QlSwAx5kXOHFByTOhBrHSu8/v61oWODZ8sf+GvHStzmHDuDez0QtGZs/aczw0WV2 SZ4ZM2CioLTrmU1kv8SSqt3HzrrQp6fwweJvnp6gcQexzvJQZ6hvd7ICDwlB8d3cKhcsnBqOHMe Ls5md1pQTO X-Received: by 2002:a05:600c:c0cd:b0:471:700:f281 with SMTP id 5b1f17b1804b1-482db623765mr141184105e9.25.1770050236402; Mon, 02 Feb 2026 08:37:16 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:16 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-webserver][PATCH 2/9] hiawatha: upgrade 11.7 -> 11.8 Date: Mon, 2 Feb 2026 17:37:07 +0100 Message-ID: <20260202163714.2359370-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124063 Drop patches that are included in this release. Changes: * mbed TLS updated to 3.6.4. * Small bugfixes. Signed-off-by: Gyorgy Sarvari --- ..._-nonstring-to-remove-unterminated-s.patch | 43 ------------------- ...ute__-nonstring-with-macro-MBEDTLS_A.patch | 42 ------------------ ...BEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch | 33 -------------- .../{hiawatha_11.7.bb => hiawatha_11.8.bb} | 5 +-- 4 files changed, 1 insertion(+), 122 deletions(-) delete mode 100644 meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch delete mode 100644 meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch delete mode 100644 meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch rename meta-webserver/recipes-httpd/hiawatha/{hiawatha_11.7.bb => hiawatha_11.8.bb} (89%) diff --git a/meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch b/meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch deleted file mode 100644 index 5a9c719b6d..0000000000 --- a/meta-webserver/recipes-httpd/hiawatha/files/0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 56b26ede007453a4ee9832076597e82d2a903700 Mon Sep 17 00:00:00 2001 -From: Felix Conway -Date: Wed, 11 Jun 2025 16:04:06 +0100 -Subject: [PATCH 1/2] Add __attribute__ ((nonstring)) to remove - unterminated-string-initialization warning - -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/pull/10216] -Signed-off-by: Felix Conway -Signed-off-by: Khem Raj ---- - library/ssl_tls13_keys.c | 3 ++- - library/ssl_tls13_keys.h | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c -index 739414e..375814c 100644 ---- a/library/ssl_tls13_keys.c -+++ b/library/ssl_tls13_keys.c -@@ -81,7 +81,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = - * the HkdfLabel structure on success. - */ - --static const char tls13_label_prefix[6] = "tls13 "; -+/* We need to tell the compiler that we meant to leave out the null character. */ -+static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; - - #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ - (2 /* expansion length */ \ -diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h -index d3a4c6c..95cde7a 100644 ---- a/library/ssl_tls13_keys.h -+++ b/library/ssl_tls13_keys.h -@@ -40,8 +40,9 @@ - - #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - -+/* We need to tell the compiler that we meant to leave out the null character. */ - #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ -- const unsigned char name [sizeof(string) - 1]; -+ const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); - - union mbedtls_ssl_tls13_labels_union { - MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch b/meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch deleted file mode 100644 index 2f94cee277..0000000000 --- a/meta-webserver/recipes-httpd/hiawatha/files/0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 91ec670d3f6399510995dedbf99dca2e7e9bd2d8 Mon Sep 17 00:00:00 2001 -From: Felix Conway -Date: Thu, 12 Jun 2025 11:28:56 +0100 -Subject: [PATCH 2/2] Replace __attribute__((nonstring)) with macro - MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING - -This macro applies __attribute__((nonstring)) when using a compiler that supports it - -Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/pull/10216] -Signed-off-by: Felix Conway -Signed-off-by: Khem Raj ---- - library/ssl_tls13_keys.c | 2 +- - library/ssl_tls13_keys.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c -index 375814c..621a7d5 100644 ---- a/library/ssl_tls13_keys.c -+++ b/library/ssl_tls13_keys.c -@@ -82,7 +82,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = - */ - - /* We need to tell the compiler that we meant to leave out the null character. */ --static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; -+static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 "; - - #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ - (2 /* expansion length */ \ -diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h -index 95cde7a..3aa94d7 100644 ---- a/library/ssl_tls13_keys.h -+++ b/library/ssl_tls13_keys.h -@@ -42,7 +42,7 @@ - - /* We need to tell the compiler that we meant to leave out the null character. */ - #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ -- const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); -+ const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING; - - union mbedtls_ssl_tls13_labels_union { - MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch b/meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch deleted file mode 100644 index 6e2d9eb5f1..0000000000 --- a/meta-webserver/recipes-httpd/hiawatha/files/define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch +++ /dev/null @@ -1,33 +0,0 @@ -Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING -This macro applies __attribute__((nonstring)) when using a compiler that supports it - -Upstream-Status: Backport [https://github.com/Mbed-TLS/TF-PSA-Crypto/commit/996f4fa3a2fbe8792ed3efd1bcb3657001f35ae1] - -Signed-off-by: Felix Conway -Signed-off-by: Khem Raj - ---- a/library/ssl_tls13_keys.h -+++ b/library/ssl_tls13_keys.h -@@ -7,6 +7,22 @@ - #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) - #define MBEDTLS_SSL_TLS1_3_KEYS_H - -+/* GCC >= 15 has a warning 'unterminated-string-initialization' which complains if you initialize -+ * a string into an array without space for a terminating NULL character. In some places in the -+ * codebase this behaviour is intended, so we add the macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING -+ * to suppress the warning in these places. -+ */ -+#if defined(__has_attribute) -+#if __has_attribute(nonstring) -+#define MBEDTLS_HAS_ATTRIBUTE_NONSTRING -+#endif /* __has_attribute(nonstring) */ -+#endif /* __has_attribute */ -+#if defined(MBEDTLS_HAS_ATTRIBUTE_NONSTRING) -+#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING __attribute__((nonstring)) -+#else -+#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING -+#endif /* MBEDTLS_HAS_ATTRIBUTE_NONSTRING */ -+ - /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at - * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union - * below. */ diff --git a/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb b/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.8.bb similarity index 89% rename from meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb rename to meta-webserver/recipes-httpd/hiawatha/hiawatha_11.8.bb index 4e7e5fa31d..720c292026 100644 --- a/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.7.bb +++ b/meta-webserver/recipes-httpd/hiawatha/hiawatha_11.8.bb @@ -7,14 +7,11 @@ DEPENDS = "libxml2 libxslt virtual/crypt" SECTION = "net" SRC_URI = "https://hiawatha.leisink.net/files/hiawatha-${PV}.tar.gz \ - file://0001-Add-__attribute__-nonstring-to-remove-unterminated-s.patch;patchdir=mbedtls \ - file://0002-Replace-__attribute__-nonstring-with-macro-MBEDTLS_A.patch;patchdir=mbedtls \ - file://define-MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING.patch;patchdir=mbedtls \ file://hiawatha-init \ file://hiawatha.service \ " -SRC_URI[sha256sum] = "8bc180ae3b986d02466f081efeefdb1595d96783f581fded2a9b198752ab7ae1" +SRC_URI[sha256sum] = "1376763750fb9a88a780bac6aba8707bc2a78f8ee089c62d433e50216a5183bd" INITSCRIPT_NAME = "hiawatha" INITSCRIPT_PARAMS = "defaults 70" From patchwork Mon Feb 2 16:37:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80255 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 74F5FE7DF03 for ; Mon, 2 Feb 2026 16:37:19 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.57421.1770050238903657854 for ; Mon, 02 Feb 2026 08:37:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FePasm2+; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4806e0f6b69so34365025e9.3 for ; Mon, 02 Feb 2026 08:37:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050237; x=1770655037; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wHHhhzYZgameLcJAFMBUJziV9geO6jEeMnOcLLVesAE=; b=FePasm2+R5h0tzTnxSXGc610ESPhDsc8jeECgtJWaEOqv/ccN/o35C6X4gZBeGjZu1 vPTwz8flTy4RgSvld9qTRlGdrBO4XPgL6ZRF0lHXxYB/oCzR82pE/yJCtcgwUM8eapEX 3N29zjtxjFt3PsYyBc2if8USwFQxMkkrGmiotmnTv5EwsKfJ2L7aymbs5rvdptmJ37T6 FGwN/VkJLBUMnGRetQsgGUTYrTmfndyCmg4/T8Am/zgixTe7WrlG3qj2uFzsDme7p+gm pL7Hz5E3RudJu+yafhEnOANFu2ePVuvOnHuRa51MsBr8iCQZu5gwTM4h9QpQbeQrBSem NADg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050237; x=1770655037; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=wHHhhzYZgameLcJAFMBUJziV9geO6jEeMnOcLLVesAE=; b=EzizpC+ty7EI3Anpv+HhshkMxaOcjU38amBAXJ/J6tZ4/fuWxQ1yLSBRmD2pUIYfrg t4oc3zwSjAbO0B/cjZdFOwLSlduVG4s4eRBE/4hoB8cGnDgSDd1bbVx18CO8nbDWRiZM goJHta9FF4T9aJ6/4g/M3FcXlIO1R0LO4Ws92J9cn377/bbNvrSvTtdhhso+iFagixnU +CEJ0SOmChK/yeZAe+MTMpgWu7i77fr5Q2fohomA3V+Cz3zwYWcItaogNgvBznyp0C7y 6CO9fihlhwwXSzq89T0e0fomVda6icAe5Xk7RiOHITSSS7Te/MY4PaJ9ZGEF2dEwaeTj onFw== X-Gm-Message-State: AOJu0Yyr6A3zkCXe05pDrMBBf62/JgvyIa/ZZZUe1vOGZYOxTy+5v6Gc dcoM2bG8F+dnedbwkMufKLgdwwl5swo/9vJrbYLK1I5ge4lR7M1OxtvNZFfg5w== X-Gm-Gg: AZuq6aJ6YICvyVlUt/OBqA4U5LfUi64pC4iZwxPVz9chlqFDAB0fz2H3QrFC1ZbR4YO DDLmbmXEbMWm8EyvIcC2atacwksL+bVDRb0M9h2bTPFtrLALemmhT+7QhznfESIWNKepFY+XAg7 zZZ8rNtjEYaOfg9QxQp/boxvlmX+W0mh8RB2YSmgfjWPJhvZETVPYsDyguY9DxGoVTW29K63ozu q0szmOddvDeuK2MRYn5iYvDrVfm82oS0mYDTjoKKsIaAkgbhpuDeZgVw2+jESNF1DFxJzIMT6cG KjfwTF2jf8E68IFT8oxto3GNXa6ODroMGzHchNYBCpzJLnylvTU6grLoxrQfuIbwI4fBXIrrmHQ MDRZNgpn2dOXpOirtMv5qwXY/0HlVC4QIDX+vISBb6GnXQzHvHQWX/MSeBwPORYO88bIRULeBSR tcwGywEB5rju36DjTZbiA= X-Received: by 2002:a05:600c:6214:b0:479:3a86:dc1f with SMTP id 5b1f17b1804b1-482db4973c7mr148016175e9.37.1770050237082; Mon, 02 Feb 2026 08:37:17 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:16 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 3/9] libcdio: upgrade 2.2.0 -> 2.3.0 Date: Mon, 2 Feb 2026 17:37:08 +0100 Message-ID: <20260202163714.2359370-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124064 Includes fix for CVE-2024-36600 Changelog: https://github.com/libcdio/libcdio/releases/tag/2.3.0 Signed-off-by: Gyorgy Sarvari --- .../libcdio/{libcdio_2.2.0.bb => libcdio_2.3.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-multimedia/libcdio/{libcdio_2.2.0.bb => libcdio_2.3.0.bb} (92%) diff --git a/meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb b/meta-oe/recipes-multimedia/libcdio/libcdio_2.3.0.bb similarity index 92% rename from meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb rename to meta-oe/recipes-multimedia/libcdio/libcdio_2.3.0.bb index c443d9b891..11e84c6505 100644 --- a/meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb +++ b/meta-oe/recipes-multimedia/libcdio/libcdio_2.3.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.bz2" -SRC_URI[sha256sum] = "6f8fbdf4d189cf63f2a7a1549c516cd720c7b222c7aaadbc924a26e745a48539" +SRC_URI[sha256sum] = "53e83d284667535a767fd2d31edad1a6701591960459df373a10f1f21e80a7ed" inherit autotools pkgconfig github-releases From patchwork Mon Feb 2 16:37:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 615D5E7DF05 for ; Mon, 2 Feb 2026 16:37:29 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.57082.1770050239449847727 for ; Mon, 02 Feb 2026 08:37:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=e7354XaK; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-48069a48629so48520105e9.0 for ; Mon, 02 Feb 2026 08:37:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050238; x=1770655038; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uzASdk4Kt4LZ9Z77B4fEvpaNxzaUh1PYHkafMic3wjY=; b=e7354XaKthxJdoxibjc0vKrq5lsWUiSowZfP8/++/1PkgyH1xciJZQGZiaNY63MXJO YYBG5L1iAtj3eW2zIg698y5W76NiahUYmesQXbmy7StAARASX2KKqtRGEIa/1ZTKrT81 F0DB22G1mCFLTrj4nXs5kzudLbktcq8CeMwYfg6hNqo00HmwAACL9WtXGstCExuqeVhe UM/VIzc4YIwtJOExIaRfVS3TYLpqQGnE89M7Sxg1/O//LhClXltnSXJrqGbu+cv8OtJN QEdDZA7PtQBM+nh+qDHUW8egQQo1cNNXh65IF2F0WHdaP6NNAtZ5YmvldJVBYaESri8k 7HQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050238; x=1770655038; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uzASdk4Kt4LZ9Z77B4fEvpaNxzaUh1PYHkafMic3wjY=; b=C63jkB3JZo/LgiNOuVPuhoY58wM3KleX9c9jbgT4QyUdnII4YcTMEl/7R8sCec9FKv DcXrBtjUIPJvyNin6XKz8gA8lLeXPpzYEbpoWAtPEpJZe4/LmanoY16PlrXJytR+GN6b j1YkeZ7U5msSISL4Q8Z2GzIAT/y1eszNASDqC+3LuA3tgBA2JbPMUfGCJyhH8mPQNr31 eG4ov3H62iWawLGqS+bksClo3gVASgHtHhPB8ESJjGNfYtxD0nB2N0NLBzyQZBe5laYW xY8qRH1FDWl0EBXasCdtsAvnsEJHwgFSnOU1DffgHKdr3JUbSdPBvNSylTAm3y50BgBW z3Sg== X-Gm-Message-State: AOJu0YzCd98Gbqcyib6iVCVNqVU4ULAI6J4yIsFfhSZtpepWhA3tX4+z d159D4oxF54Jq63onQPWyeLGLQw7aPZtuF5MrNKT6w7x6yYTU10CMd+qoErMsg== X-Gm-Gg: AZuq6aKQSDYDaH/D+8WL62zZuKwOkqsu+T9Q2BlyjATXjdkI7u0iaZNptvMYhvO4hrL teRZEVoXKbOm7+OKJT8USdOC9yJLPUtfg7Bb4nLgcVRRDo9ojwy73Erqoo39RZwz4y5teVdkqoN L4oe7yG3Mqmuq82fm3ifDE61mIpyICDYytkccoRWau7AStPe0gXT3G4QIxPxGY4B2m5UangG7K3 JD4fBtHt/qFOHnMxKZSXrQu6rD1Oe6qe5SmgDiDLogLYnVyrlIlAHNjH+F5HPxekopNZYJ+kirL xrooIZll7O99y6jSZJxBulMgLvTTZKDg2mCk8DHQDql+/oRpSRyl7bw3V6IhQ92TyboC38PXuRV MGpzWPPi1jOnAz2nu9Yc+SCLPLqT1YoSGuYHSNbM8oGYGy1IZJY1vstim+aPsEpNKZwGfqCYXQs BAQk+97etg X-Received: by 2002:a05:600c:c0cd:b0:47d:6856:9bd9 with SMTP id 5b1f17b1804b1-482db623c40mr102926565e9.23.1770050237722; Mon, 02 Feb 2026 08:37:17 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:17 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 4/9] libcupsfilters: patch CVE-2025-64503 Date: Mon, 2 Feb 2026 17:37:09 +0100 Message-ID: <20260202163714.2359370-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124065 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503 Pick the patch that explicitly refernces the CVE ID in its message. (The NVD advisory mentions only the cups-filters patch, but the developer indicated the CVE ID in the libcupsfilters patch also) Between this recipe version and the patch the project has decided to eliminate c++ from the project, and use c only. The patch however is straightforward enough that it could be backported with very small modifications. Signed-off-by: Gyorgy Sarvari --- .../cups/libcupsfilters/CVE-2025-64503.patch | 47 +++++++++++++++++++ .../cups/libcupsfilters_2.1.1.bb | 8 ++-- 2 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch diff --git a/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch b/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch new file mode 100644 index 0000000000..b70586296e --- /dev/null +++ b/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch @@ -0,0 +1,47 @@ +From da9a7db3b9125c87b11c43b05354ca2eb21ed684 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Mon, 10 Nov 2025 21:10:56 +0100 +Subject: [PATCH] Fix out-of-bounds write in cfFilterPDFToRaster() + +From: Till Kamppeter + +PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated. + +Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m + +https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 + +Fixes CVE-2025-64503 + +CVE: CVE-2025-64503 +Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f] +Signed-off-by: Gyorgy Sarvari +--- + cupsfilters/pdftoraster.cxx | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/cupsfilters/pdftoraster.cxx b/cupsfilters/pdftoraster.cxx +index 0235b54..09583df 100644 +--- a/cupsfilters/pdftoraster.cxx ++++ b/cupsfilters/pdftoraster.cxx +@@ -1606,6 +1606,20 @@ out_page(pdftoraster_doc_t *doc, + l = inputPageBox.height(); + if (l < 0) + l = -l; ++ ++ // ++ // Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt ++ // https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 ++ // ++ if (doc->header.cupsPageSize[0] > 14400) { ++ fprintf(stderr, "ERROR: Page width is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[0]); ++ doc->header.cupsPageSize[0] = 14400; ++ } ++ if (doc->header.cupsPageSize[1] > 14400) { ++ fprintf(stderr, "ERROR: Page height is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[1]); ++ doc->header.cupsPageSize[1] = 14400; ++ } ++ + if (rotate == 90 || rotate == 270) + doc->header.cupsPageSize[0] = l; + else diff --git a/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb b/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb index 51d8c4f18b..311f33e134 100644 --- a/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb +++ b/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb @@ -5,10 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aab2024bd2a475438a154cd1640c9684" DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff" -SRC_URI = " \ - https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \ - file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ -" +SRC_URI = "https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \ + file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ + file://CVE-2025-64503.patch \ + " SRC_URI[sha256sum] = "6c303e36cfde05a6c88fb940c62b6a18e7cdbfb91f077733ebc98f104925ce36" inherit autotools gettext pkgconfig github-releases From patchwork Mon Feb 2 16:37:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80257 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 614C4E7DF04 for ; Mon, 2 Feb 2026 16:37:29 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.57422.1770050240074494710 for ; Mon, 02 Feb 2026 08:37:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mCdPw7es; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-4801d7c72a5so37051775e9.0 for ; Mon, 02 Feb 2026 08:37:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050238; x=1770655038; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iGQTci1xhp2DZJBm01lcqe7Y+Kwqa/QPdgypCTPEuBk=; b=mCdPw7esVBmbwfVx1CW6v63SE5g3BTFwmoHQ01N8zjjRfKr4ydKPfz9frZcb6fnShQ fHx9Dmn1b+tn0GhE96I2KJQTT75pFyyt7Tt1x5fM/tW53ukaiqUEJ51DALrQna25n2A5 kNYV81mru0IPOAqytwjkoNoT7vvBXHa2Rr8NhOXvRr0O0Mf4mmjbEktRlhr5Q9SPcI3J HyoKBTaUQB3PwaCk0KeCy/ym3ZE9eDicsKV9d8oCCKEdPulWOdTk9STuGUjqa4zNalp/ qQPs1ZNVmcH19rx0B+fXxa3DiS5pD3WHhujphvoWN9UY7iZd5HBCSHTD005BQ5x4UcSY Rvew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050238; x=1770655038; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=iGQTci1xhp2DZJBm01lcqe7Y+Kwqa/QPdgypCTPEuBk=; b=S5Un6dVki1SzxJ/wEpshKsxLoUs/HRf5/VKSYywIDxWsyCQCL0loWJOBd2CHghnkv3 j+ie98vO0zewrfSDjnqnvFKVAUxBXKy205QQ0RepD+OEkCZRip3cv7noSPPPM4LCwRtk EQ1HqJtt2/EoLFpkby12GbpENnmDoC5NVrW8lCk5H25sfryCIAN+xVf7nWMSoEjMvS7m +hTgKIH9WEdG/7j9oJyM7V1fiek5xeBZHnqHUFRyv8nPMcZheA+H6M3J/11JVQxVUQhT sBaIy2gEP/TVQxpWq/tHi4usnUWmn1PJ+Sanzg20c/BEGoltvEjzh6fFd5yagIVFjPYB uRzg== X-Gm-Message-State: AOJu0YzNmkHl+N5lyTR/vnTyc5X/PrtAND2paE3V0h88Xb+3ma/DrbqJ 4Me/DpoTd+vE1TjydYxmWW3cXaOl1RUiPmlnuNRjeSuSkje1+tiv4Ifomksi1A== X-Gm-Gg: AZuq6aJe0LrusO1WsLZLxkVPNxU3aswnkPOO0mRejZ+yGJ+pGiGS4WKywu8C9BKTcqs Ydt9PGWhznFYNNR8SadLDsEG1Odkw0oQR7Me15SJzkc6JqfwzizuSi2tI7QSv9hh6Gft0RrS91I gw3yJOz+YAU40f0IPcnRdwbWAc9dFyV6ZVx9gF72nBTHUMtwmehoctdLjWZUlaz/71m9X8ggwRK PkItVdAptYjfbnyiL0+dAqDZQvumNym6JzqCmqqk3kK1LKpz8FgyluxFy4vUBgCrP90RbzjNbh/ qzS6armdWiUC0XvxXEahkT4MjGUFfsE3XqDvUvBUCC8vtpLVVfXN14TbCnB7vyqEQ+Tq/34+s2H wMVmXORxD9hwy4QP2rAjpEta/JQvJlV1w2hmoy+l0ybG2osxxkTNCJq/iMgtQ+DVP/Y2Vh/MyDa syo2RG74GbksYaY8+LiiE= X-Received: by 2002:a05:600c:46c8:b0:47e:e949:37e8 with SMTP id 5b1f17b1804b1-482db4ed389mr176255725e9.30.1770050238370; Mon, 02 Feb 2026 08:37:18 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:18 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 5/9] ndpi: ignore CVE-2025-25066 Date: Mon, 2 Feb 2026 17:37:10 +0100 Message-ID: <20260202163714.2359370-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124066 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066 The vulnerable code was introduced in version 4.12[1], and the recipe version is not vulnerable yet. Due to this, ignore this CVE for now, until the recipe is upgraded. Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-support/ntopng/ndpi_4.2.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-networking/recipes-support/ntopng/ndpi_4.2.bb b/meta-networking/recipes-support/ntopng/ndpi_4.2.bb index f0175167a4..077b270ecc 100644 --- a/meta-networking/recipes-support/ntopng/ndpi_4.2.bb +++ b/meta-networking/recipes-support/ntopng/ndpi_4.2.bb @@ -25,3 +25,6 @@ do_configure:prepend() { EXTRA_OEMAKE = " \ libdir=${libdir} \ " + +# remove this CVE_STATUS, when the recipe is updated to 4.12 or newer +CVE_STATUS[CVE-2025-25066] = "cpe-incorrect: Version 4.2 is not vulnerable yet" From patchwork Mon Feb 2 16:37:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A827E7DF09 for ; Mon, 2 Feb 2026 16:37:29 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.57084.1770050240787073225 for ; Mon, 02 Feb 2026 08:37:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GihLcyaU; spf=pass (domain: gmail.com, ip: 209.85.128.50, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4806e0f6b69so34365245e9.3 for ; Mon, 02 Feb 2026 08:37:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050239; x=1770655039; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gSBhBTi690esTVECfHEuHn1K7Q4BdKWr4bAGqiwq5ns=; b=GihLcyaUlF5ihn9aIrEQ7fr14VQ9kERlXQs959ocN3YyyAx9FomTW22EMscNuisEbY 88EwWq/Ic2DCYrFGc6nms1wc5UKYUUGwboLOSWtDrKLW59ST2xv1aXOBZQFrsZY5c+/S +OPCEhlMzUdotyQVzn/522oYMlpRnIZsEE6CU1zdQv3rhNXWVx+42e9HDrU5nOjl6V0+ ao4MFSYTkO9E7Xf4dPR+83r8ovmaQJe5/+YOzZRjCkDYnTXYh9QeGZJoIsrcQBrdWspQ +EDX6l1oywWmToHQrFwHobirXv7DVZa3RYGFQKoB9ifR/8HZKB4ewpzdhgYqBPBxkGG2 2qdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050239; x=1770655039; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=gSBhBTi690esTVECfHEuHn1K7Q4BdKWr4bAGqiwq5ns=; b=eoVqafUTNy97ieGkNMQL+JzRwQrxVOQGpIaP2HmlJsauNEp0pmmhpbS62n8LDnkZnH uo8fivCqWozpvyFFDJu1uxWWcCYR3x245Lzx2fj84g775Cq6UZf/aBCOw7Fcbzy6/vXH 8Ve+9jXxiXrAi+xk9op3ivtivvAxJMF3hvBdMKxNzjTjR0ZXjxUBLv2bjgQfYblz7hL6 HzxdtKRztC1nnObvRJxMaNu1ELDY+bcwaEd6Kst+7ktzsjQGxQuDm5SmxzvC2nZ8Uskp QzAeNLnQQNyOZkSc7nqMmpZf8lM/jmjLm3B7tQGnaU/9Ramauwx34AI1mtBo2nufZR/p SNkg== X-Gm-Message-State: AOJu0YxPiiGgWRr+/Hf0CIktLxlVoVCbWQcUqXHftKEUK9H/CcML67BM ALhBaZhXCJH0niLUJnQr086Z1W1WdlCm0LhsPFhYfyg2LuKBZ1qeSsHagOlgYw== X-Gm-Gg: AZuq6aL8bf2Q3CZiwjGU2aJeWWjl5uSBw691O9WWFeTvI+m6UE33mH/IXjJw4CgMMSN 72DX8iPXo0OrYzPjckatArdpLudCTvxVDiCEc6AMk2BzESFWKCZQfAmB/40Z/3Htem7dhz00ZXn 8SMgsQNqCMKZNoj5JUawvMsNxbwNAJBfY8pJnswhCSpaVd01VXRWVXt1RBwTC1JnKAIm8N5Dp0T iIDvYvsWbpBE1w/pPvkNjU7xfdarGu4ymfFpxBONCGRqNcbiatv4GVTHfa8H2urF106WIm7xfyT fXnzhJPGmgVO27r+H/qKIqnIL124WPgsa62wkvp8+p5OYn0b++5tiUzZnTTvIaDcVy/vTCYUib9 jjqH+WIHhTcQtO2E49YbSdTgLdjL7ER5AxiFHtrDoPJzfc+2X1PdxdNUM/1PJXz1CdyNfWZf+87 ++7i0UPzdS X-Received: by 2002:a05:600c:6610:b0:477:a1a2:d829 with SMTP id 5b1f17b1804b1-482db4520f2mr136228595e9.13.1770050239019; Mon, 02 Feb 2026 08:37:19 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:18 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 6/9] proftpd: ignore CVE-2021-47865 Date: Mon, 2 Feb 2026 17:37:11 +0100 Message-ID: <20260202163714.2359370-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124067 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865 This CVE was opened based on a 5 years old Github issue[1], and has been made public recently. The CVE wasn't officially disputed (yet?), but based on the description and the given PoC the application is working as expected. The vulnerability description and the PoC basically configures proftpd to accept maximum x connections, and then when the user tries to open x + 1 concurrent connections, it refuses new connections over the configured limit. See also discussion in the Github issue. It seems that it won't be fixed, because there is nothing to fix. [1]: https://github.com/proftpd/proftpd/issues/1298 Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb index 65dd2f9561..d64e0a0495 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb @@ -25,6 +25,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+\w?))" CVE_VERSION_SUFFIX = "alphabetical" CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" +CVE_STATUS[CVE-2021-47865] = "upstream-wontfix: it is not a vulnerability but inproper configuration" EXTRA_OECONF += "--enable-largefile INSTALL=install" From patchwork Mon Feb 2 16:37:12 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80262 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB080E7DF0A for ; Mon, 2 Feb 2026 16:37:29 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.57085.1770050241513419823 for ; Mon, 02 Feb 2026 08:37:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=U9EDz2q3; spf=pass (domain: gmail.com, ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-47ee07570deso38951405e9.1 for ; Mon, 02 Feb 2026 08:37:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050240; x=1770655040; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Tkjjj0WCudB6H8eTkGVvH0GMcErXyqBuQk6SfG2VsDA=; b=U9EDz2q3/BPaexgwivq7IIdGylF3Tzk9bMelBtK75rOagSbX7zJPObrWL79sFwATE5 +kV+WcsgDFmrRNqgyjDmiRe96xvl59zFluAiPy70QRcsswpfgUqXadbuWtWhVtnFitTz YU0xoxS9bKIPBw/7ICbb24UtlfiDbH50d6SksX5YQrxYn7Tkhyk5XYckBvIkfRFA1E41 r53jx5QAEAE6syYlTOfbOxrtAgrp9vQo8+aLgdHofjpps9K7NHMQuhMKtUcedy268lZN UfK2etQ79RR8khRa2J6z66Irljf+WPxkQMYWf2p15eglSCyXAy/upELSxb9BMdVAeS97 WH9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050240; x=1770655040; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Tkjjj0WCudB6H8eTkGVvH0GMcErXyqBuQk6SfG2VsDA=; b=oLrIOCCPEaLcIf+w9AttPcma9g+8rprNIbEIy2GkN9irKI1RbddJy4zAwsVbXSle7l FmCu0OJHHe5kqcv1lIBTyxtsqN4Yzu2b9rtWy4QN7jw8jLJmmhYwZ9EafGcsA8l4SBRS JReVT/m+eTxiDwWhzYT+f1xmBO8BjW2mPFvRb/CiEOryzLPGroS49mQ6VgvrWOEgAAdt Mwh26A1sdPu1wngbx/9GApotHwauQXI6bVtCu6FIWJc4Di7X2A3QZKUNyhSxAfmBsGFP WjXz+4q4hKkdOW1zQgQLHBZe0y4dikruQqvsh5nklgGUic+82uG6WGqCiUJywtuPvD3t UYHg== X-Gm-Message-State: AOJu0Yx9lkDCle4+tutEEln3sgEzrOreKdx8ZtfJdJwGV4fBPx4p7U/N lkbBrgqRRp6wt4qojfvR2E9BorWgb5ZxyppNBDo6Szx0lpfSkK5RJ7G38IM/sA== X-Gm-Gg: AZuq6aLUu0iUWZgYEwaQV4F8YEHIackxQizs7/nzOjPRKK1les8/OvA3M65MXInbgh+ sJ02fHAse0H1HGjuIlpu5QQCSFul4hSKAYpZ3wTL7nJbrkFrbfDEO2TItiSpmBEirfhY/IsjhEk Jg4FEXfznWda6GmBfB2ur4r2oasMTFxdz7igwlRxM3pgy1A81frCjIsHcDdzCyQoc6xdVjAcfzZ GJ83HnPLeFjEnIRTo+QEugdoyncaYFUcwv1VK2nvX/LN4y0G+vtkay8VrebqEpb9AfuUPYYdD1d zs4E/o7ksk5X5mQi98w5WedGUcDuNVnEHTcQSDmCQlFCiG2Su0F1Pa7ONVPSEONzu3cKwOravla WZ7+F3+njIC1hwF/HAy6szDK4WkXoFLlFzJGOqZ6pq/3THiyIFNIUdKCO7H++tHfa+Sqzyu3f2m +BorBl7odU X-Received: by 2002:a05:600c:3e1b:b0:477:a978:3a7b with SMTP id 5b1f17b1804b1-482db491ea2mr154891425e9.22.1770050239773; Mon, 02 Feb 2026 08:37:19 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:19 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 7/9] python3-pyjwt: ignore CVE-2025-45768 Date: Mon, 2 Feb 2026 17:37:12 +0100 Message-ID: <20260202163714.2359370-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124068 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-45768 The CVE is disputed: though the vulnerability is there, but it comes from incorrect configuration of the library by the main application. Due to this, ignore this CVE. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb index 37675f1b63..0a928dc2fa 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb @@ -9,6 +9,8 @@ SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9 PYPI_PACKAGE = "pyjwt" CVE_PRODUCT = "pyjwt" +CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly" + inherit pypi python_setuptools_build_meta RDEPENDS:${PN} = "\ From patchwork Mon Feb 2 16:37:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 984F0E7DF0C for ; Mon, 2 Feb 2026 16:37:29 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.57086.1770050242117849550 for ; Mon, 02 Feb 2026 08:37:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=l2Fnu+0s; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4801bc32725so35355915e9.0 for ; Mon, 02 Feb 2026 08:37:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050240; x=1770655040; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UpCQzsd3KFNCqdZeXsYOV9DDhxK9ncFX+nAHDb22RPQ=; b=l2Fnu+0sMm4CjgjCh8Vk+kA2GKCAgqHLQ7X4iNodlRhVz3UUo0JaQzxSPiH+M+EGYx kBZFdsSSo2pYcO3A5Urj37hOmUvRi4XWDXt1ZQ87Pz95u7Ou4IZEWWQ5jHusU3hrBDxU N8YtEKcOxHwZ9SJjk5Vp5Bn3yw2CF3GhZLhItEI5xHp4DxC+b+sSS4p3l2fWtd+JekKc ZgDQoYH8VtydCx/PXXk5rLFx2Rbd+MHJD4G5CqCBIediHcS8fK6JxBJ9vocZ6Gjc4Kgm NDtsUyLY9VsA7WM8S01Mwtc/zjmY4WUWfSzk51jSAUHdxTuuJzd1NlgAe2ojthuEwUpE sd0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050240; x=1770655040; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=UpCQzsd3KFNCqdZeXsYOV9DDhxK9ncFX+nAHDb22RPQ=; b=mQ3PN6tdHbxMyqtcNKMpBs5dKMgUa1W3GlGzIEIRguTHIWU2a8k3nP+VLcwzHf+5vV DhG4gKD2VY3JWNwM9mikxrSERmnlULerdaY22Pzd0LzHu9gkeWTHSL/lkR0dAGKvjQ2+ APTkiqwSqw0qMsYPxvZoJiBXVur/o+ryZUiC0A1eYeLR9JLfPVP2cfU75NM+QyUQ9BtY tQLS3zubId4WA0ezrzjkh+jJQyQMnPrcnMvlzs2lNSS0LLlalqv3m1x40XxO1leWN/gx LDCwWB5Dvw7MmR05laYGULnYCNHQYI+AjYB2KNpOU8gFMqWpEs47u//0qKvOmLl3DWSF 4ruw== X-Gm-Message-State: AOJu0Yw9v/poEdbAFwDtcIGL4JC/y6J6UmGBICEbmdctGpdbNhXtYfjq u2tMrCMeSJqvc8zT9AcCELXgzq898szk7EajZs4UqyCqeg85+zQZN6xql7DEOg== X-Gm-Gg: AZuq6aJCVqlQJUDVgzHFhN1A2oNExX9GrGLi2LJLNuHq73cLX+QzI+dOO4x+HuLrdTM NTHdJ/VJ0RiRvOI3GJi5ECZyRTCaNck9/nv4xGduj8hDmiJR/Y4C0iZlRr167nMAGWBIX6uJpOb M/K6POees+f+6HSxf81MKV1rgLIZJsIKwyYLvGtksy44tC0RNgN9nO6ztodBxJ2BH9aTM1eMOcA vDGY6B689GBiMwX/w3s1SUVp3DPQwLMfRwyubHi7mmQUNcZlZgc9Lx5WMxqpC3o2CjXfJV0WU5k JYQfJQdzJbqV/yMe5yfaPyLe8nWA7odV9VHJx3o4WUlQbqy4ej2mFVLvnLQOVcmxh2sn225tAiY unCtLMpo/PJmz8pHdY3WsfKN4w4CS8TWLQHjMarrs/zy1DADmREuPJhN0zd3gnCaQvNFlupg90N WqwJUe1XFZ X-Received: by 2002:a05:600c:4ec7:b0:47d:586e:2fea with SMTP id 5b1f17b1804b1-482db46b38dmr163285955e9.15.1770050240423; Mon, 02 Feb 2026 08:37:20 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:20 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 8/9] python3-pyjwt: upgrade 2.10.1 -> 2.11.0 Date: Mon, 2 Feb 2026 17:37:13 +0100 Message-ID: <20260202163714.2359370-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124069 Changelog: https://github.com/jpadilla/pyjwt/releases/tag/2.11.0 - Fixed type error in comment - Make note of use of leeway with nbf - Validate key against allowed types for Algorithm family - Add iterator for PyJWKSet - Add iss, issuer type checks - Improve typing/logic for options in decode, decode_complete; Improve docs - Map algorithm=None to "none" - Correct PyJWKClient.get_signing_key_from_jwt annotation - Fixed doc string typo in _validate_jti() function - Update SECURITY.md - Typing fix: use float instead of int for lifespan and timeout - Fix TYP header documentation - doc: Document claims sub and jti - Resolve package build warnings - Support Python 3.14, and test against PyPy 3.10+ - Fix a SyntaxWarning caused by invalid escape sequences - Standardize CHANGELOG links to PRs - Migrate from pep517, which is deprecated, to build - Fix incorrectly-named test suite function - Fix Read the Docs builds - Escalate test suite warnings to errors - Add pyupgrade as a pre-commit hook - Simplify the test suite decorators - Improve coverage config and eliminate unused test suite code - Build a shared wheel once in the test suite - Thoroughly test type annotations, and resolve errors - Fix leeway value in usage documentation Signed-off-by: Gyorgy Sarvari --- .../python/{python3-pyjwt_2.10.1.bb => python3-pyjwt_2.11.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-pyjwt_2.10.1.bb => python3-pyjwt_2.11.0.bb} (87%) diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.11.0.bb similarity index 87% rename from meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb rename to meta-python/recipes-devtools/python/python3-pyjwt_2.11.0.bb index 0a928dc2fa..4e81efe45f 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.11.0.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://github.com/jpadilla/pyjwt" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" -SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953" +SRC_URI[sha256sum] = "35f95c1f0fbe5d5ba6e43f00271c275f7a1a4db1dab27bf708073b75318ea623" PYPI_PACKAGE = "pyjwt" CVE_PRODUCT = "pyjwt" From patchwork Mon Feb 2 16:37:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7878FE7DF08 for ; Mon, 2 Feb 2026 16:37:29 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.57425.1770050242847130752 for ; Mon, 02 Feb 2026 08:37:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Et4qC8ZH; spf=pass (domain: gmail.com, ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47f5c2283b6so38347545e9.1 for ; Mon, 02 Feb 2026 08:37:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770050241; x=1770655041; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qeV4k0BbL18oICRxKEs3AyFncv6H5tjhRyfGn4OSYo4=; b=Et4qC8ZH9kssvjxXysKxBn56GHjnRv7rp/E2yIPav6IBf2EMqwKNSnDGM5JYUbVGM+ r37OLPpdGX2hKQUTZvhkcCdNPH+tW5TZkLoHckJngodKIH4Ybpg75gYRfYd889/o3Isk EHenEP7Epbm+pNndb5WXXM4QsJ476IrNFa9PuqwzSj7p40aCFAmNQgmOzlRckP5sdohY l7aboFyumViwwwNzEWTCqEW+C4CxI4LZEXFLEu1jWfrs7LLs+EUUBFRyyBr915bB4K+p 6XuP7+QKRLqwcM3rwGW4nm+0eHor/8UXE34SEHM5gUUBugbV1xDpcXoO49w/Z8l6lY8/ cz4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770050241; x=1770655041; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qeV4k0BbL18oICRxKEs3AyFncv6H5tjhRyfGn4OSYo4=; b=HJhZQ/QDmRcNHIzKSSPC4YXILrIDGk9qDtlNZ3riGZRBBvFIiTwVeJ903imMhHCV5L GhiT5LMAY53A0QZCHQQyrV4Q5i6javCLpv41gjSO4dllNpmTgRb42ziL4NIu8yQ5fBWP 40o2cYB62ZzJpQKf+lSRGmaIMI+0vS2YWB2snk9dpvQCSQwxhG847/rq6qoMSXgmCbXM 0u5FXj2V0nwk4JIsu5mP3gPfjdxuukdLdTDC2f1xfjtNs3a/sNs0uGfNJ6BYQqQUxlo+ Y5cg/3DWu72gKKaOOki3EOi2ldZBtZKdMf3xtiJnK+rqKaoUCg6uNSUQLXKd8bQPeMui 2xJw== X-Gm-Message-State: AOJu0YzQWeosvsPBxB0ZiSoIQCEUsaLJW2nxdQSZVB/zADgUG71q1p8F bphop77OTpTCNQaLf+ENRRA7XytzcsjOQci6J9QiGqYoh3IhHxHtFYCRgkQ3dQ== X-Gm-Gg: AZuq6aLiEG0LJN5D2Fi4amFRlt+DkzAT/0ZSjedLdNt13iI2j8m3hVRMAWER2zoT5qQ ST+dKJsf7Qii4/hWrqbK8Xb6fz9rxtCfU0ItY6xN3C2umSN72n7JpIZsX7Fx2AtWyrgslHBHivW sV96Us+RjKFz1fvoxmue4SfmUvqPAh1s3Iwxm9fgNJUHKuxW2i5mp6LtK+3oibYo2OX0RrmbOSD of8bu6A/Rzs7Trilb18oiRs+A2Hqk6xGR+FER/GC9UqzQhoRnXZWOyM3ryOY4K9kpxwfskyhRWz H6qaBPr0m3YHSWOq2crjRmWNYPhhxdfG8jZIGTS+SPGRGhXx+NptKwQdgguHDzZjbbXaCCmciAc t8GaN2yL1/trVHX/kmhvfdJwMoYxRtvaY0mqJQ/ogv02TqjAawK+shAu5Cw/Nd+eDxciH+QNE1R 2E9QVym9/o X-Received: by 2002:a05:600d:844f:10b0:46e:6d5f:f68 with SMTP id 5b1f17b1804b1-482e31d240fmr121776965e9.12.1770050241074; Mon, 02 Feb 2026 08:37:21 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483051372cdsm451395e9.13.2026.02.02.08.37.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 08:37:20 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 9/9] xrdp: upgrade 0.10.4.1 -> 0.10.5 Date: Mon, 2 Feb 2026 17:37:14 +0100 Message-ID: <20260202163714.2359370-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202163714.2359370-1-skandigraun@gmail.com> References: <20260202163714.2359370-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 16:37:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124070 Contains fix for CVE-2025-68670. Drop patch that is included in this release. Changelog: Security fixes: - CVE-2025-68670 New features: - It is now possible to start the xrdp daemon entirely unprivileged from the service manager. If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details. - TLS pre-master secrets can now be recorded for packet captures - Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers - Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control - Updated Xorg paths in sesman.ini to include more recent distros - Add Slovenian keyboard - xrdpapi: Add a way to monitor connect/disconnect events Bug fixes: - Allow an empty X11 UTF8_STRING to be pasted to the clipboard - Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding - Fix a regression introduced in v0.10.x related to PAM groups handling - Inconsistencies with [MS-RDPBCGR] have been addressed - A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed - Prevent some possible crashes when the RFX encoder is resized - Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly - Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly - Do not overwrite a VNC port set by the user when not using sesman - Fix regression from 0.9.x when freerdp client uses /workarea - Fixes a crash where a resize is attempted with drdynvc disabled - getgrouplist() now compiles on MacOS - Various Coverity warnings have been addressed - Documentation improvements Internal changes: - An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed Signed-off-by: Gyorgy Sarvari --- .../xrdp/xrdp/fix-compiling-with-musl.patch | 27 ------------------- .../xrdp/{xrdp_0.10.4.1.bb => xrdp_0.10.5.bb} | 4 +-- 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch rename meta-oe/recipes-support/xrdp/{xrdp_0.10.4.1.bb => xrdp_0.10.5.bb} (96%) diff --git a/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch b/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch deleted file mode 100644 index c716229ab6..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch +++ /dev/null @@ -1,27 +0,0 @@ - -sys/signal.h does almost the same in both glibc and musl: it includes "signal.h" - -However with musl there is also a warning macro about this, which is interpreted as -an error during building. - -Fixes error: - -| In file included from ../../sources/xrdp-0.10.4.1/waitforx/waitforx.c:5: -| <...>/usr/include/sys/signal.h:1:2: error: #warning redirecting incorrect #include to [-Werror=cpp] -| 1 | #warning redirecting incorrect #include to -| | ^~~~~~~ -| cc1: all warnings being treated as errors - -Upstream-Status: Submitted [https://github.com/neutrinolabs/xrdp/pull/3678] -Signed-off-by: Gyorgy Sarvari - ---- ./waitforx/waitforx.c.orig 2025-11-25 14:38:46.464337398 +0100 -+++ ./waitforx/waitforx.c 2025-11-25 14:38:52.007441093 +0100 -@@ -2,7 +2,6 @@ - #include - #include - #include --#include - #include - - #include "config_ac.h" diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb b/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb similarity index 96% rename from meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb rename to meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb index 8203ada8e5..8d7c5807f2 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb @@ -17,9 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ file://0001-mark-count-with-unused-attribute.patch \ " -SRC_URI:append:libc-musl = " file://fix-compiling-with-musl.patch" - -SRC_URI[sha256sum] = "52eadf3e86c57be0de0b9d5c184b52a7946a070746d3eb04b5089dd6d42f8f5f" +SRC_URI[sha256sum] = "9abc96d164de4b1c40e2f3f537d0593d052a640cf3388978c133715ea69fb123" UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases" UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)"