[PATCH 00/18] Scarthgap pull request

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
To: raj.khem@gmail.com, openembedded-devel@lists.openembedded.org
Subject: [PATCH 00/18] Scarthgap pull request
Date: Mon, 26 Jan 2026 12:06:44 +0530	[thread overview]
Message-ID: <cover.1769409126.git.anuj.mittal@oss.qualcomm.com> (raw)

Please merge these changes in scarthgap. Tested locally and on
autobuilder.

https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1269

The following changes since commit 2759d8870ea387b76c902070bed8a6649ff47b56:

  php 8.2.29: CVE-2025-14177 (2026-01-19 12:15:49 +0530)

are available in the Git repository at:

  https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
  https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap

Ankur Tyagi (3):
  python3-aiohttp: patch CVE-2025-53643
  python3-cbor2: patch CVE-2025-68131
  python3-twisted: patch CVE-2024-41810

Archana Polampalli (1):
  tcpreplay: fix CVE-2025-51006

Gyorgy Sarvari (12):
  python3-django: upgrade 4.2.20 -> 4.2.27
  redis: ignore CVE-2025-46686
  strongswan: patch CVE-2025-62291
  python3-flask-cors: upgrade 4.0.0 -> 4.0.2
  python3-waitress: upgrade 3.0.0 -> 3.0.2
  python3-twitter: mark CVE-2012-5825 patched
  python3-m2crypto: ignore CVE-2009-0127
  python3-m2crypto: mark CVE-2020-25657 as patched
  openvpn: ignore CVE-2025-13751
  acpitool: update SRC_URI
  xerces-c: set CVE_PRODUCT
  gnome-keyring: set CVE_PRODUCT

Joao Marcos Costa (1):
  linuxptp: add missing prefix to CVE ID

Peter Marko (1):
  libmad: ignore CVE-2017-11552 and CVE-2018-7263

 .../gnome-keyring/gnome-keyring_46.1.bb       |   2 +
 .../recipes-support/openvpn/openvpn_2.6.14.bb |   1 +
 .../strongswan/CVE-2025-62291.patch           |  45 ++
 .../strongswan/strongswan_5.9.14.bb           |   3 +-
 .../tcpreplay/tcpreplay/CVE-2025-51006.patch  |  97 ++++
 .../tcpreplay/tcpreplay_4.4.4.bb              |   1 +
 .../recipes-bsp/acpitool/acpitool_0.5.1.bb    |   3 +-
 .../linuxptp/linuxptp_4.1.bb                  |   2 +-
 .../xerces-c/xerces-c_3.2.5.bb                |   2 +
 .../recipes-extended/redis/redis_6.2.21.bb    |   2 +
 .../recipes-extended/redis/redis_7.2.12.bb    |   2 +
 .../libmad/libmad_0.15.1b.bb                  |   3 +
 .../python3-aiohttp/CVE-2025-53643.patch      | 192 +++++++
 .../python/python3-aiohttp_3.9.5.bb           |   4 +-
 .../python/python3-cbor2/CVE-2025-68131.patch | 517 ++++++++++++++++++
 .../python/python3-cbor2_5.6.4.bb             |   1 +
 .../0001-lower-setuptools-requirements.patch  |  25 +
 ...ngo_4.2.20.bb => python3-django_4.2.27.bb} |   9 +-
 .../python3-flask-cors/CVE-2024-6221.patch    | 110 ----
 ...s_4.0.0.bb => python3-flask-cors_4.0.2.bb} |   8 +-
 .../python/python3-m2crypto_0.40.1.bb         |   3 +
 ...-41671-0002.patch => CVE-2024-41671.patch} |   4 +
 ...-41671-0001.patch => CVE-2024-41810.patch} |   6 +-
 .../python/python3-twisted_24.3.0.bb          |   4 +-
 .../python/python3-twitter_4.14.0.bb          |   2 +
 ...ess_3.0.0.bb => python3-waitress_3.0.2.bb} |   2 +-
 26 files changed, 922 insertions(+), 128 deletions(-)
 create mode 100644 meta-networking/recipes-support/strongswan/strongswan/CVE-2025-62291.patch
 create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-51006.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-53643.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.27/0001-lower-setuptools-requirements.patch
 rename meta-python/recipes-devtools/python/{python3-django_4.2.20.bb => python3-django_4.2.27.bb} (44%)
 delete mode 100644 meta-python/recipes-devtools/python/python3-flask-cors/CVE-2024-6221.patch
 rename meta-python/recipes-devtools/python/{python3-flask-cors_4.0.0.bb => python3-flask-cors_4.0.2.bb} (71%)
 rename meta-python/recipes-devtools/python/python3-twisted/{CVE-2024-41671-0002.patch => CVE-2024-41671.patch} (98%)
 rename meta-python/recipes-devtools/python/python3-twisted/{CVE-2024-41671-0001.patch => CVE-2024-41810.patch} (95%)
 rename meta-python/recipes-devtools/python/{python3-waitress_3.0.0.bb => python3-waitress_3.0.2.bb} (82%)

-- 
2.52.0

                 reply	other threads:[~2026-01-26  6:38 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1769409126.git.anuj.mittal@oss.qualcomm.com \
    --to=anuj.mittal@oss.qualcomm.com \
    --cc=openembedded-devel@lists.openembedded.org \
    --cc=raj.khem@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.