From: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
To: openembedded-devel@lists.openembedded.org
Subject: [PATCH 00/47] Scarthgap pull request
Date: Wed, 15 Apr 2026 18:02:40 +0530 [thread overview]
Message-ID: <cover.1776247700.git.anuj.mittal@oss.qualcomm.com> (raw)
Please merge these changes in scarthgap. Tested locally and on autobuilder.
https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1469
The following changes since commit 1ad0d777d1de1769e5995eb806f7ae5c15d0be54:
strongswan: Fix CVE-2026-25075 (2026-04-03 15:00:48 +0530)
are available in the Git repository at:
https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap
for you to fetch changes up to 5124ac4a658899158f4a7a2ddf1d2ca931ec7d0e:
nginx: fix CVE-2026-28753 (2026-04-15 14:12:18 +0530)
----------------------------------------------------------------
Ankur Tyagi (32):
abseil-cpp: ignore CVE-2025-0838
freerdp3: fix CVE-2026-25941
freerdp3: fix CVE-2026-33952
freerdp3: fix CVE-2026-23948
freerdp3: fix CVE-2026-24491
freerdp3: fix CVE-2026-24675
freerdp3: fix CVE-2026-24676
freerdp3: ignore CVE-2026-24677 and CVE-2026-24678
freerdp3: fix CVE-2026-24679
freerdp3: fix CVE-2026-24680 and CVE-2026-27950
freerdp3: fix CVE-2026-24681
freerdp3: fix CVE-2026-24682
freerdp3: fix CVE-2026-24683
freerdp3: fix CVE-2026-29774
freerdp3: fix CVE-2026-29775
freerdp3: fix CVE-2026-29776
freerdp3: fix CVE-2026-31806
freerdp3: fix CVE-2026-31897
freerdp3: fix CVE-2026-33984
libde265: upgrade 1.0.12 -> 1.0.16
libraw: ignore CVE-2026-5318
libvncserver: fix CVE-2026-32853
libvncserver: fix CVE-2026-32854
nodejs: upgrade 20.20.0 -> 20.20.2
python3-django: upgrade 4.2.29 -> 4.2.30
python3-ecdsa: fix CVE-2026-33936
python3-flask: upgrade 3.0.2 -> 3.0.3
python3-tornado: fix CVE-2026-35536
python3-werkzeug: ignore CVE-2026-27199
nginx: fix CVE-2026-27651
nginx: fix CVE-2026-27654
nginx: fix CVE-2026-28753
Guocai He (1):
yasm: fix CVE-2021-33454
Gyorgy Sarvari (2):
giflib: patch CVE-2025-31344
mbedtls: upgrade 3.6.5 -> 3.6.6
Haixiao Yan (3):
python3-django: fix CVE-2025-64459
python3-django: fix CVE-2025-57833
python3-django: fix CVE-2025-59681
Hitendra Prajapati (2):
nginx: Fix for CVE-2026-27784
nginx: Fix for CVE-2026-28755
Jackson James (1):
unbound: Fix CVE-2025-11411
Jinfeng Wang (1):
nmap: rename enum PCAP_SOCKET
Libo Chen (4):
hdf5: fix CVE-2025-2153
hdf5: fix CVE-2025-2310
hdf5: fix CVE-2025-44905
hdf5: fix CVE-2025-2309
Peter Marko (1):
grpc: set status for CVE-2026-33186
.../libde265/libde265/CVE-2023-43887.patch | 39 -
.../libde265/libde265/CVE-2023-47471.patch | 42 -
...{libde265_1.0.12.bb => libde265_1.0.16.bb} | 4 +-
.../{mbedtls_3.6.5.bb => mbedtls_3.6.6.bb} | 2 +-
.../unbound/0001-CVE-2025-11411-1.patch | 1874 +++++++++++++++++
.../unbound/0002-CVE-2025-11411-2.patch | 153 ++
.../unbound/unbound/CVE-2025-11411.patch | 48 -
.../recipes-support/unbound/unbound_1.19.3.bb | 3 +-
.../abseil-cpp/abseil-cpp_20240116.3.bb | 2 +
.../giflib/giflib/CVE-2025-31344.patch | 28 +
.../recipes-devtools/giflib/giflib_5.2.2.bb | 3 +-
meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb | 2 +
.../{nodejs_20.20.0.bb => nodejs_20.20.2.bb} | 4 +-
.../yasm/yasm/CVE-2021-33454.patch | 29 +
meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 +
.../libvncserver/CVE-2026-32853.patch | 76 +
.../libvncserver/CVE-2026-32854.patch | 66 +
.../libvncserver/libvncserver_0.9.14.bb | 5 +-
.../files/nmap-rename-enum-PCAP_SOCKET.patch | 81 +
meta-oe/recipes-security/nmap/nmap_7.80.bb | 1 +
.../freerdp/freerdp3/CVE-2026-23948.patch | 55 +
.../freerdp/freerdp3/CVE-2026-24491.patch | 52 +
.../freerdp/freerdp3/CVE-2026-24675.patch | 32 +
.../freerdp/freerdp3/CVE-2026-24676.patch | 34 +
.../freerdp/freerdp3/CVE-2026-24679.patch | 44 +
.../CVE-2026-24680_CVE-2026-27950.patch | 24 +
.../freerdp/freerdp3/CVE-2026-24681.patch | 26 +
.../freerdp/freerdp3/CVE-2026-24682.patch | 31 +
.../freerdp/freerdp3/CVE-2026-24683.patch | 114 +
.../freerdp/freerdp3/CVE-2026-25941.patch | 28 +
.../freerdp/freerdp3/CVE-2026-29774.patch | 75 +
.../freerdp/freerdp3/CVE-2026-29775.patch | 30 +
.../freerdp/freerdp3/CVE-2026-29776.patch | 30 +
.../freerdp/freerdp3/CVE-2026-31806.patch | 36 +
.../freerdp/freerdp3/CVE-2026-31897.patch | 28 +
.../freerdp/freerdp3/CVE-2026-33952.patch | 38 +
.../freerdp/freerdp3/CVE-2026-33984.patch | 34 +
.../recipes-support/freerdp/freerdp3_3.4.0.bb | 19 +
.../hdf5/files/CVE-2025-2153.patch | 51 +
.../hdf5/files/CVE-2025-2309.patch | 41 +
.../hdf5/files/CVE-2025-2310.patch | 37 +
.../hdf5/files/CVE-2025-44905.patch | 46 +
meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb | 4 +
.../recipes-support/libraw/libraw_0.21.2.bb | 2 +
.../0001-lower-setuptools-requirements.patch | 0
.../CVE-2025-57833.patch | 88 +
.../CVE-2025-59681.patch | 178 ++
.../CVE-2025-64459-1.patch | 57 +
.../CVE-2025-64459-2.patch | 63 +
...ngo_4.2.29.bb => python3-django_4.2.30.bb} | 2 +-
.../python/python3-django_5.0.14.bb | 7 +-
.../python/python3-ecdsa/CVE-2026-33936.patch | 56 +
.../python/python3-ecdsa_0.19.0.bb | 1 +
...-flask_3.0.2.bb => python3-flask_3.0.3.bb} | 4 +-
.../python3-tornado/CVE-2026-35536.patch | 155 ++
.../python/python3-tornado_6.4.2.bb | 1 +
.../python/python3-werkzeug_3.0.6.bb | 1 +
.../nginx/files/CVE-2026-27784.patch | 88 +
.../nginx/nginx-1.24.0/CVE-2026-27651.patch | 34 +
.../nginx/nginx-1.24.0/CVE-2026-27654.patch | 81 +
.../nginx/nginx-1.24.0/CVE-2026-28753.patch | 93 +
.../nginx/nginx-1.24.0/CVE-2026-28755.patch | 48 +
.../nginx/nginx-1.25.5/CVE-2026-28755.patch | 48 +
meta-webserver/recipes-httpd/nginx/nginx.inc | 1 +
.../recipes-httpd/nginx/nginx_1.24.0.bb | 8 +-
.../recipes-httpd/nginx/nginx_1.25.5.bb | 2 +
66 files changed, 4247 insertions(+), 143 deletions(-)
delete mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch
delete mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch
rename meta-multimedia/recipes-multimedia/libde265/{libde265_1.0.12.bb => libde265_1.0.16.bb} (84%)
rename meta-networking/recipes-connectivity/mbedtls/{mbedtls_3.6.5.bb => mbedtls_3.6.6.bb} (98%)
create mode 100644 meta-networking/recipes-support/unbound/unbound/0001-CVE-2025-11411-1.patch
create mode 100644 meta-networking/recipes-support/unbound/unbound/0002-CVE-2025-11411-2.patch
delete mode 100644 meta-networking/recipes-support/unbound/unbound/CVE-2025-11411.patch
create mode 100644 meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch
rename meta-oe/recipes-devtools/nodejs/{nodejs_20.20.0.bb => nodejs_20.20.2.bb} (98%)
create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch
create mode 100644 meta-oe/recipes-graphics/libvncserver/libvncserver/CVE-2026-32853.patch
create mode 100644 meta-oe/recipes-graphics/libvncserver/libvncserver/CVE-2026-32854.patch
create mode 100644 meta-oe/recipes-security/nmap/files/nmap-rename-enum-PCAP_SOCKET.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-23948.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24491.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24676.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24679.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24681.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24682.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24683.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-25941.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29774.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29775.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31806.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-31897.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33952.patch
create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-33984.patch
create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2153.patch
create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2309.patch
create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-2310.patch
create mode 100644 meta-oe/recipes-support/hdf5/files/CVE-2025-44905.patch
rename meta-python/recipes-devtools/python/{python3-django-4.2.29 => python3-django-4.2.30}/0001-lower-setuptools-requirements.patch (100%)
create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-57833.patch
create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-59681.patch
create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-1.patch
create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64459-2.patch
rename meta-python/recipes-devtools/python/{python3-django_4.2.29.bb => python3-django_4.2.30.bb} (82%)
create mode 100644 meta-python/recipes-devtools/python/python3-ecdsa/CVE-2026-33936.patch
rename meta-python/recipes-devtools/python/{python3-flask_3.0.2.bb => python3-flask_3.0.3.bb} (80%)
create mode 100644 meta-python/recipes-devtools/python/python3-tornado/CVE-2026-35536.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/files/CVE-2026-27784.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-27651.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-27654.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-28753.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-28755.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.25.5/CVE-2026-28755.patch
--
2.53.0
next reply other threads:[~2026-04-15 12:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 12:32 Anuj Mittal [this message]
2026-04-15 14:58 ` [oe] [PATCH 00/47] Scarthgap pull request Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1776247700.git.anuj.mittal@oss.qualcomm.com \
--to=anuj.mittal@oss.qualcomm.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.