[wrynose][PATCH 00/29] Wrynose pull request

[wrynose][PATCH 00/29] Wrynose pull request

[Anuj Mittal]

Includes some build and CVE fixes and some upgrades that included only bug fixes.

Tested locally and on autobuilder.

https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1526

The following changes since commit 420222862f5a6d95023b8f5f3b7e1808b2264ef9:

  networkmanager: re-implement the vala detection (2026-04-24 18:39:52 -0700)

are available in the Git repository at:

  https://git.openembedded.org/meta-openembedded-contrib anujm/wrynose
  https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/wrynose

for you to fetch changes up to 9af4488d46cb4fd4c0d2d64820c86225ebd6ac71:

  libtsm: upgrade 4.4.3 -> 4.5.0 (2026-05-17 11:52:30 +0530)

----------------------------------------------------------------

Adam Duskett (1):
  kmscon: upgrade 9.3.3 -> 9.3.5

Changqing Li (1):
  postfix: make it can compile with linux 7.x

Ernest Van Hoecke (1):
  jsoncpp: Fix C++11 ABI breakage when compiled with C++17

Fabian Pflug (1):
  pkcs11-provider: fix build error on 32 bit systems

Gianfranco Costamagna (1):
  vboxguestdrivers: Upgrade to 7.2.8

Gyorgy Sarvari (1):
  libcoap: mark CVE-2026-29013 patched

Hongxu Jia (1):
  thin-provisioning-tools: fix compile failure on 32bit BSPs

Jason Schonberg (2):
  xfdesktop: upgrade 4.20.1 -> 4.20.2
  orage: upgrade 4.20.2 -> 4.20.3

Jiaying Song (1):
  python3-blivet: switch from setuptools3_legacy to
    python_setuptools_build_meta

Liu Yiding (1):
  eog: Add HOMEPAGE

Liyin Zhang (1):
  apache2: upgrade 2.4.66 -> 2.4.67

Peter Marko (1):
  cryptsetup: update udev package config

Ross Burton (1):
  iwd: depend on the regulatory database

Wang Mingyu (10):
  bubblewrap: upgrade 0.11.1 -> 0.11.2
  fastfetch: upgrade 2.61.0 -> 2.62.1
  imagemagick: upgrade 7.1.2-19 -> 7.1.2-21
  strongswan: upgrade 6.0.5 -> 6.0.6
  valkey: upgrade 9.0.3 -> 9.0.4
  libauthen-sasl-perl: upgrade 2.1800 -> 2.2000
  hunspell: upgrade 1.7.2 -> 1.7.3
  znc: upgrade 1.10.1 -> 1.10.2
  python3-ujson: upgrade 5.12.0 -> 5.12.1
  libtsm: upgrade 4.4.3 -> 4.5.0

Yi Zhao (4):
  webkitgtk3: fix build on riscv64
  proftpd: upgrade 1.3.9 -> 1.3.9a
  postfix: upgrade 3.10.8 -> 3.10.9
  nftables: improve reproducibility

Zhang Xiao (1):
  python3-aspectlib: Fix pytest compatibility

 meta-gnome/recipes-gnome/eog/eog_49.3.bb      |   2 +
 .../files/0001-Fix-build-with-musl.patch      |  50 +++
 ...kedefs-Account-for-linux-7.x-version.patch |  47 +++
 .../{postfix_3.10.8.bb => postfix_3.10.9.bb}  |   4 +-
 .../{proftpd_1.3.9.bb => proftpd_1.3.9a.bb}   |   4 +-
 .../libcoap/libcoap_4.3.5b.bb                 |   1 +
 ...URCE_DATE_EPOCH-for-build-time-stamp.patch |  41 ++
 .../recipes-filter/nftables/nftables_1.1.6.bb |   1 +
 .../znc/{znc_1.10.1.bb => znc_1.10.2.bb}      |   2 +-
 ...trongswan_6.0.5.bb => strongswan_6.0.6.bb} |   2 +-
 meta-oe/recipes-connectivity/iwd/iwd_3.12.bb  |   1 +
 .../cryptsetup/cryptsetup_2.8.6.bb            |   2 +-
 ...akage-when-compiled-with-C-17-1668-1.patch | 368 ++++++++++++++++++
 .../recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb |   1 +
 .../{valkey_9.0.3.bb => valkey_9.0.4.bb}      |   2 +-
 .../{kmscon_9.3.3.bb => kmscon_9.3.5.bb}      |   2 +-
 .../{libtsm_4.4.3.bb => libtsm_4.5.0.bb}      |   2 +-
 ...blewrap_0.11.1.bb => bubblewrap_0.11.2.bb} |   2 +-
 ...astfetch_2.61.0.bb => fastfetch_2.62.1.bb} |   2 +-
 .../{hunspell_1.7.2.bb => hunspell_1.7.3.bb}  |   4 +-
 ...ck_7.1.2-19.bb => imagemagick_7.1.2-21.bb} |   2 +-
 ...-Fix-i686-build-failures-in-cipher.c.patch |  62 +++
 .../pkcs11-provider/pkcs11-provider_1.2.bb    |   1 +
 .../thin-provisioning-tools_1.3.1.bb          |   4 +-
 ...ers_7.2.6.bb => vboxguestdrivers_7.2.8.bb} |   2 +-
 .../webkitgtk/webkitgtk3_2.50.6.bb            |   4 +
 ....1800.bb => libauthen-sasl-perl_2.2000.bb} |   2 +-
 ...-aspectlib-backport-fix-for-selftest.patch |  37 ++
 .../python/python3-aspectlib_2.0.0.bb         |   1 +
 ...json_5.12.0.bb => python3-ujson_5.12.1.bb} |   2 +-
 .../python-blivet/python3-blivet_3.13.2.bb    |   2 +-
 .../{apache2_2.4.66.bb => apache2_2.4.67.bb}  |   2 +-
 .../{orage_4.20.2.bb => orage_4.20.3.bb}      |   2 +-
 ...fdesktop_4.20.1.bb => xfdesktop_4.20.2.bb} |   2 +-
 34 files changed, 642 insertions(+), 23 deletions(-)
 create mode 100644 meta-networking/recipes-daemons/postfix/files/0001-Fix-build-with-musl.patch
 create mode 100644 meta-networking/recipes-daemons/postfix/files/0001-makedefs-Account-for-linux-7.x-version.patch
 rename meta-networking/recipes-daemons/postfix/{postfix_3.10.8.bb => postfix_3.10.9.bb} (98%)
 rename meta-networking/recipes-daemons/proftpd/{proftpd_1.3.9.bb => proftpd_1.3.9a.bb} (98%)
 create mode 100644 meta-networking/recipes-filter/nftables/nftables/0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch
 rename meta-networking/recipes-irc/znc/{znc_1.10.1.bb => znc_1.10.2.bb} (94%)
 rename meta-networking/recipes-support/strongswan/{strongswan_6.0.5.bb => strongswan_6.0.6.bb} (99%)
 create mode 100644 meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch
 rename meta-oe/recipes-extended/valkey/{valkey_9.0.3.bb => valkey_9.0.4.bb} (98%)
 rename meta-oe/recipes-graphics/kmscon/{kmscon_9.3.3.bb => kmscon_9.3.5.bb} (97%)
 rename meta-oe/recipes-graphics/libtsm/{libtsm_4.4.3.bb => libtsm_4.5.0.bb} (95%)
 rename meta-oe/recipes-security/bubblewrap/{bubblewrap_0.11.1.bb => bubblewrap_0.11.2.bb} (90%)
 rename meta-oe/recipes-support/fastfetch/{fastfetch_2.61.0.bb => fastfetch_2.62.1.bb} (98%)
 rename meta-oe/recipes-support/hunspell/{hunspell_1.7.2.bb => hunspell_1.7.3.bb} (89%)
 rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.2-19.bb => imagemagick_7.1.2-21.bb} (99%)
 create mode 100644 meta-oe/recipes-support/pkcs11-provider/files/0001-Fix-i686-build-failures-in-cipher.c.patch
 rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_7.2.6.bb => vboxguestdrivers_7.2.8.bb} (97%)
 rename meta-perl/recipes-perl/libauthen/{libauthen-sasl-perl_2.1800.bb => libauthen-sasl-perl_2.2000.bb} (92%)
 create mode 100644 meta-python/recipes-devtools/python/python3-aspectlib/0001-python3-aspectlib-backport-fix-for-selftest.patch
 rename meta-python/recipes-devtools/python/{python3-ujson_5.12.0.bb => python3-ujson_5.12.1.bb} (88%)
 rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.66.bb => apache2_2.4.67.bb} (99%)
 rename meta-xfce/recipes-apps/orage/{orage_4.20.2.bb => orage_4.20.3.bb} (88%)
 rename meta-xfce/recipes-xfce/xfdesktop/{xfdesktop_4.20.1.bb => xfdesktop_4.20.2.bb} (88%)

-- 
2.53.0

[wrynose][meta-networking][PATCH 01/29] libcoap: mark CVE-2026-29013 patched

[Anuj Mittal]

From: Gyorgy Sarvari <skandigraun@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29013

The current recipe version contains the fix referenced by the
NVD report. Mark the CVE as patched, because NVD tracks it without
version info.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 39e99ad532807f99eecb8f80fc3415ec5a9d773e)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb
index e7279013ed..7ea3eba1b0 100644
--- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb
+++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5b.bb
@@ -64,3 +64,4 @@ FILES:${PN}-bin = "${bindir}"
 FILES:${PN}-dev += "${datadir}/${BPN}/examples"
 
 CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"
+CVE_STATUS[CVE-2026-29013] = "fixed-version: fixed in 4.3.5b"
-- 
2.53.0

[wrynose][meta-python][PATCH 02/29] python3-aspectlib: Fix pytest compatibility

[Anuj Mittal]

From: Zhang Xiao <xiao.zhang@windriver.com>

Partially backport upstream commit to fix pytest compatibility issue.

Fixes pytest errors e.g.
  | pytest.PytestRemovedIn9Warning: The (path: py.path.local) argument is deprecated, please use (collection_path: pathlib.Path)
  | see https://docs.pytest.org/en/latest/deprecations.html#py-path-local-arguments-for-hooks-replaced-with-pathlib-path
  | ERROR: Exit status is 1

Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit d389ed9e3342aadcca29a18340b4fe07924ad69e)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 ...-aspectlib-backport-fix-for-selftest.patch | 37 +++++++++++++++++++
 .../python/python3-aspectlib_2.0.0.bb         |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta-python/recipes-devtools/python/python3-aspectlib/0001-python3-aspectlib-backport-fix-for-selftest.patch

diff --git a/meta-python/recipes-devtools/python/python3-aspectlib/0001-python3-aspectlib-backport-fix-for-selftest.patch b/meta-python/recipes-devtools/python/python3-aspectlib/0001-python3-aspectlib-backport-fix-for-selftest.patch
new file mode 100644
index 0000000000..05d7b63126
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-aspectlib/0001-python3-aspectlib-backport-fix-for-selftest.patch
@@ -0,0 +1,37 @@
+From 2e007c5c3ed048491c29e37991e6788f41728b31 Mon Sep 17 00:00:00 2001
+From: Ionel Cristian Mărieș <contact@ionelmc.ro>
+Date: Fri, 24 Apr 2026 13:17:54 +0000
+Subject: [PATCH] python3-aspectlib: backport fix for selftest
+
+Partial backport of upstream commit b85abdb056("Fix some cleanup regressions")
+
+Changes excluded:
+The stacklevel assertion updates in test_aspectlib.py and
+test_integrations.py are omitted. These are specific to upstream's
+test suite configuration and cause failures in this environment
+without providing functional value to the core library.
+
+Upstream-Status: Backport [https://github.com/ionelmc/python-aspectlib/commit/b85abdb0565d1598ce56bd49d49dc709d4e16081]
+
+Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
+---
+ tests/conftest.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/tests/conftest.py b/tests/conftest.py
+index ee54d9d..29caa50 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -1,5 +1,6 @@
+-def pytest_ignore_collect(path, config):
+-    basename = path.basename
++from pathlib import Path
+ 
+-    if 'pytestsupport' in basename:
++
++def pytest_ignore_collect(collection_path: Path, config):
++    if 'pytestsupport' in collection_path.__fspath__():
+         return True
+-- 
+2.53.0
+
diff --git a/meta-python/recipes-devtools/python/python3-aspectlib_2.0.0.bb b/meta-python/recipes-devtools/python/python3-aspectlib_2.0.0.bb
index 854a14441c..7bfee7ff7a 100644
--- a/meta-python/recipes-devtools/python/python3-aspectlib_2.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-aspectlib_2.0.0.bb
@@ -8,6 +8,7 @@ HOMEPAGE = "https://github.com/ionelmc/python-aspectlib"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=80721ace117fd1f814049ecb81c6be76"
 
+SRC_URI += "file://0001-python3-aspectlib-backport-fix-for-selftest.patch"
 SRC_URI[sha256sum] = "a4b461b9da0b531aebcb93efcde3de808a72c60226dd8d902c467d13faf7ce92"
 
 inherit ptest-python-pytest pypi setuptools3
-- 
2.53.0

[wrynose][meta-python][PATCH 03/29] python3-blivet: switch from setuptools3_legacy to python_setuptools_build_meta

[Anuj Mittal]

From: Jiaying Song <jiaying.song.cn@windriver.com>

Upstream blivet 3.13.2 ships a pyproject.toml declaring
setuptools.build_meta as its PEP 517 build backend. Update the recipe to
use the correct build class to resolve the pep517-backend QA warning.

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 17850288474672b6939204b16898e26389664bbb)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../recipes-extended/python-blivet/python3-blivet_3.13.2.bb     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-python/recipes-extended/python-blivet/python3-blivet_3.13.2.bb b/meta-python/recipes-extended/python-blivet/python3-blivet_3.13.2.bb
index a159979b73..69ec8c0487 100644
--- a/meta-python/recipes-extended/python-blivet/python3-blivet_3.13.2.bb
+++ b/meta-python/recipes-extended/python-blivet/python3-blivet_3.13.2.bb
@@ -17,7 +17,7 @@ SRC_URI += "\
 "
 SRC_URI[sha256sum] = "6d8374d05eeab513b2a26cf01267e853df7b31e13ad1a1ba7d73a856190d0518"
 
-inherit pypi features_check systemd setuptools3_legacy
+inherit pypi features_check systemd python_setuptools_build_meta
 
 REQUIRED_DISTRO_FEATURES = "systemd"
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 04/29] vboxguestdrivers: Upgrade to 7.2.8

[Anuj Mittal]

From: Gianfranco Costamagna <locutusofborg@debian.org>

Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit fbe399b23017fd9e7ccb26324f9eb6c3e88e6cc4)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../{vboxguestdrivers_7.2.6.bb => vboxguestdrivers_7.2.8.bb}    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_7.2.6.bb => vboxguestdrivers_7.2.8.bb} (97%)

diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.2.6.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.2.8.bb
similarity index 97%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.2.6.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.2.8.bb
index ac941de811..6b6a2f23ff 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.2.6.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_7.2.8.bb
@@ -15,7 +15,7 @@ VBOX_NAME = "VirtualBox-${PV}"
 SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
     file://Makefile.utils \
 "
-SRC_URI[sha256sum] = "c58443a0e6fcc7fc7e84c1011a10823b3540c6a2b8f2e27c4d8971272baf09f7"
+SRC_URI[sha256sum] = "0642ed4a12b7204cd30c0abbc2c10c1cc7ad55ce1756a01e86a16d4b6b066592"
 
 S ?= "${UNPACKDIR}/vbox_module"
 S:task-unpack = "${UNPACKDIR}/${VBOX_NAME}"
-- 
2.53.0

[wrynose][meta-xfce][PATCH 05/29] xfdesktop: upgrade 4.20.1 -> 4.20.2

[Anuj Mittal]

From: Jason Schonberg <schonm@gmail.com>

Changelog: https://gitlab.xfce.org/xfce/xfdesktop/-/tags/xfdesktop-4.20.2

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit ee2048e9dfd60d4ea747d832889ccdb6af427476)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../xfdesktop/{xfdesktop_4.20.1.bb => xfdesktop_4.20.2.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-xfce/recipes-xfce/xfdesktop/{xfdesktop_4.20.1.bb => xfdesktop_4.20.2.bb} (88%)

diff --git a/meta-xfce/recipes-xfce/xfdesktop/xfdesktop_4.20.1.bb b/meta-xfce/recipes-xfce/xfdesktop/xfdesktop_4.20.2.bb
similarity index 88%
rename from meta-xfce/recipes-xfce/xfdesktop/xfdesktop_4.20.1.bb
rename to meta-xfce/recipes-xfce/xfdesktop/xfdesktop_4.20.2.bb
index 5cd0213951..996330cc45 100644
--- a/meta-xfce/recipes-xfce/xfdesktop/xfdesktop_4.20.1.bb
+++ b/meta-xfce/recipes-xfce/xfdesktop/xfdesktop_4.20.2.bb
@@ -24,7 +24,7 @@ inherit xfce features_check
 
 REQUIRED_DISTRO_FEATURES = "x11"
 
-SRC_URI[sha256sum] = "acccde849265bbf4093925ba847977b7abf70bb2977e4f78216570e887c157b8"
+SRC_URI[sha256sum] = "1d9bd76015fb6e9aca05e73cd998c7c66ed4fc8c10b626e08fc2eb7c39df3f7b"
 
 PACKAGECONFIG ??= "notify"
 PACKAGECONFIG[notify] = "-Dnotifications=enabled,-Dnotifications=disabled,libnotify"
-- 
2.53.0

[wrynose][meta-oe][PATCH 06/29] webkitgtk3: fix build on riscv64

[Anuj Mittal]

From: Yi Zhao <yi.zhao@windriver.com>

Fix the following build failure:
Source/ThirdParty/skia/modules/skcms/src/Transform_inl.h:810:71:
error: cannot tail-call: tail call production failed
  810 |         DECLARE_STAGE(name, arg, [[clang::musttail]] return (*list.fn)(list, ctx, src, dst, \
      |                                                             ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
  811 |                                                                        r, g, b, a, i))
      |                                                                        ~~~~~~~~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit e2655772498b06bf3fbd56b365b347cb130bb843)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb
index c3f736568f..67f95620fd 100644
--- a/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb
+++ b/meta-oe/recipes-support/webkitgtk/webkitgtk3_2.50.6.bb
@@ -113,6 +113,10 @@ CXXFLAGS:append:arc = " -mlong-calls"
 # Needed for non-mesa graphics stacks when x11 is disabled
 CXXFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}"
 
+# Fix Source/ThirdParty/skia/modules/skcms/src/Transform_inl.h:810:71:
+# error: cannot tail-call: tail call production failed
+CXXFLAGS:append:riscv64 = " -DSKCMS_HAS_MUSTTAIL=0"
+
 # Javascript JIT is not supported on powerpc
 EXTRA_OECMAKE:append:powerpc = " -DENABLE_JIT=OFF "
 EXTRA_OECMAKE:append:powerpc64 = " -DENABLE_JIT=OFF "
-- 
2.53.0

[wrynose][meta-gnome][PATCH 07/29] eog: Add HOMEPAGE

[Anuj Mittal]

From: Liu Yiding <liuyd.fnst@fujitsu.com>

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 76b27162f9e612d8f117df312d39a56ad66ce589)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-gnome/recipes-gnome/eog/eog_49.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-gnome/recipes-gnome/eog/eog_49.3.bb b/meta-gnome/recipes-gnome/eog/eog_49.3.bb
index d67c3733af..eee6c14459 100644
--- a/meta-gnome/recipes-gnome/eog/eog_49.3.bb
+++ b/meta-gnome/recipes-gnome/eog/eog_49.3.bb
@@ -1,4 +1,6 @@
 SUMMARY = "This is the Eye of GNOME, an image viewer program."
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/eog"
+
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 08/29] bubblewrap: upgrade 0.11.1 -> 0.11.2

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
===========
- bug fix: CVE-2026-41163
- enhancement : New build option -Dsupport_setuid, which if set to false (which
  is the default) disables the support for setuid.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 8cb0926b53d6b129fc301588cc64f23c8e977d8d)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../bubblewrap/{bubblewrap_0.11.1.bb => bubblewrap_0.11.2.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-security/bubblewrap/{bubblewrap_0.11.1.bb => bubblewrap_0.11.2.bb} (90%)

diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.11.1.bb b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.11.2.bb
similarity index 90%
rename from meta-oe/recipes-security/bubblewrap/bubblewrap_0.11.1.bb
rename to meta-oe/recipes-security/bubblewrap/bubblewrap_0.11.2.bb
index 0db94b40fa..7e63435e90 100644
--- a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.11.1.bb
+++ b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.11.2.bb
@@ -8,7 +8,7 @@ DEPENDS = "libcap"
 SRC_URI = " \
     https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
 "
-SRC_URI[sha256sum] = "c1b7455a1283b1295879a46d5f001dfd088c0bb0f238abb5e128b3583a246f71"
+SRC_URI[sha256sum] = "69abc30005d2186baf7737feacd8da35633b93cf5af38838ecff17c5f8e924f6"
 
 inherit meson bash-completion github-releases manpages pkgconfig
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 09/29] fastfetch: upgrade 2.61.0 -> 2.62.1

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
==========
- Fixes Host module not working on some devices
- Logos : Adds EN-OS, LimeOS, Redrose and Uzbek

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit e61d33aa5306b856eecbe912b42db4685e0515cc)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../fastfetch/{fastfetch_2.61.0.bb => fastfetch_2.62.1.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-support/fastfetch/{fastfetch_2.61.0.bb => fastfetch_2.62.1.bb} (98%)

diff --git a/meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb b/meta-oe/recipes-support/fastfetch/fastfetch_2.62.1.bb
similarity index 98%
rename from meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb
rename to meta-oe/recipes-support/fastfetch/fastfetch_2.62.1.bb
index 8db0b608f1..160ac87bcb 100644
--- a/meta-oe/recipes-support/fastfetch/fastfetch_2.61.0.bb
+++ b/meta-oe/recipes-support/fastfetch/fastfetch_2.62.1.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2090e7d93df7ad5a3d41f6fb4226ac76"
 DEPENDS = "yyjson"
 
 SRC_URI = "git://github.com/fastfetch-cli/fastfetch.git;protocol=https;branch=master;tag=${PV}"
-SRCREV = "e5d600600614f5496b02907a11a7bc80c369d266"
+SRCREV = "4a61cdb1c9e4044ee959751e00bac1266dc6ebf9"
 
 inherit cmake pkgconfig
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 10/29] imagemagick: upgrade 7.1.2-19 -> 7.1.2-21

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 963f73979dd6dfd9359fded795e968de31b66acc)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../{imagemagick_7.1.2-19.bb => imagemagick_7.1.2-21.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.2-19.bb => imagemagick_7.1.2-21.bb} (99%)

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-21.bb
similarity index 99%
rename from meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb
rename to meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-21.bb
index 18c23cb0d4..bfcdb2495d 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-19.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-21.bb
@@ -17,7 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://imagemagick-ptest.sh \
 "
 
-SRCREV = "9fbd2b79450e930edb95e8158d412e57a7b27e83"
+SRCREV = "c86de049cefb8dd739e16f0e2fdc1ef8d2006d59"
 
 inherit autotools pkgconfig update-alternatives ptest
 export ac_cv_sys_file_offset_bits = "64"
-- 
2.53.0

[wrynose][meta-networking][PATCH 11/29] strongswan: upgrade 6.0.5 -> 6.0.6

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
===========
- CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of
  the supported_versions extension in TLS that can result in an infinite loop.
- CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin
  related to the processing of encrypted PKCS#7 containers that can result in
  a crash.
- CVE-2026-35330 - Fixed a vulnerability in in libsimaka related to the
  processing of certain EAP-SIM/AKA attributes that can result in an infinite
  loop or a heap-based buffer overflow and potentially remote code execution.
- CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to
  the processing of X.509 name constraints that can allow authentication with
  certificates that violate the constraints.
- CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of
  ECDH public values in TLS < 1.3 that can result in a crash.
- CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing
  of RADIUS attributes that can result in an infinite loop or an out-of-bounds
  read that may cause a crash.
- CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA
  decryption that can result in a crash.
- Made the Botan RNG types used/provided by the botan plugin configurable.
- The fix for the vulnerability in the constraints plugin now causes all
  certificates that contain excluded name constraints of type directoryName (DN)
  to get rejected.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b05b177ae5473395ab2fe6f341c0efd129dcfb68)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../strongswan/{strongswan_6.0.5.bb => strongswan_6.0.6.bb}     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/strongswan/{strongswan_6.0.5.bb => strongswan_6.0.6.bb} (99%)

diff --git a/meta-networking/recipes-support/strongswan/strongswan_6.0.5.bb b/meta-networking/recipes-support/strongswan/strongswan_6.0.6.bb
similarity index 99%
rename from meta-networking/recipes-support/strongswan/strongswan_6.0.5.bb
rename to meta-networking/recipes-support/strongswan/strongswan_6.0.6.bb
index 405080070c..daa6552899 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_6.0.5.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_6.0.6.bb
@@ -10,7 +10,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss',
 
 SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2"
 
-SRC_URI[sha256sum] = "437460893655d6cfbc2def79d2da548cb5175b865520c507201ab2ec2e7895d9"
+SRC_URI[sha256sum] = "07df7cedae56a7f3bb07e66d21a1f9f87e961db70e99184e11d3819413e4f87c"
 
 UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
 
-- 
2.53.0

[wrynose][meta-webserver][PATCH 12/29] apache2: upgrade 2.4.66 -> 2.4.67

[Anuj Mittal]

From: Liyin Zhang <liyin.zhang.cn@windriver.com>

Security fixes:
- CVE-2026-34059
- CVE-2026-34032
- CVE-2026-33857
- CVE-2026-33523
- CVE-2026-33007
- CVE-2026-33006
- CVE-2026-29169
- CVE-2026-29168
- CVE-2026-28780
- CVE-2026-24072
- CVE-2026-23918

See: https://archive.apache.org/dist/httpd/CHANGES_2.4.67

Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 3ec333fc064b0088649a3dbfb69e3f3dd06e93bd)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../apache2/{apache2_2.4.66.bb => apache2_2.4.67.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.66.bb => apache2_2.4.67.bb} (99%)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.67.bb
similarity index 99%
rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb
rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.67.bb
index 630c6f3b1b..082f533c85 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.66.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.67.bb
@@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \
            "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[sha256sum] = "94d7ff2b42acbb828e870ba29e4cbad48e558a79c623ad3596e4116efcfea25a"
+SRC_URI[sha256sum] = "66cd206637b0d5c446fa7dabe75fe03525da8fb55855876c46288cd88b136aa4"
 
 S = "${UNPACKDIR}/httpd-${PV}"
 
-- 
2.53.0

[wrynose][meta-networking][PATCH 13/29] postfix: make it can compile with linux 7.x

[Anuj Mittal]

From: Changqing Li <changqing.li@windriver.com>

Fix compile failure on host with linux 7.x

| DEBUG: Executing shell function do_compile
| NOTE: make -j 64 OPT= DEBUG= OPTS= makefiles
| make -f Makefile.in MAKELEVEL= Makefiles
| (echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makedefs.tmp
| ATTENTION:
| ATTENTION: Unknown system type: Linux 7.0.0-14-generic
| ATTENTION:
| make: *** [Makefile.in:33: Makefiles] Error 1
| make: *** [Makefile:22: makefiles] Error 2
| ERROR: oe_runmake failed

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit a1503aa0f27f66c731b73db9a8cb8c2547f3f32b)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 ...kedefs-Account-for-linux-7.x-version.patch | 47 +++++++++++++++++++
 .../recipes-daemons/postfix/postfix_3.10.8.bb |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/postfix/files/0001-makedefs-Account-for-linux-7.x-version.patch

diff --git a/meta-networking/recipes-daemons/postfix/files/0001-makedefs-Account-for-linux-7.x-version.patch b/meta-networking/recipes-daemons/postfix/files/0001-makedefs-Account-for-linux-7.x-version.patch
new file mode 100644
index 0000000000..4bc59ace7d
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/0001-makedefs-Account-for-linux-7.x-version.patch
@@ -0,0 +1,47 @@
+From 5466d510dfbc2b7a81dcf766f83d2c89066c0446 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 11 May 2026 18:16:07 +0000
+Subject: [PATCH] makedefs: Account for linux 7.x version
+
+Major version has bumped to 7, update the scripts
+
+Upstream-Status: Backport [The latest stable version 3.11 already fixed]
+
+Refer:
+https://www.ftp.saix.net/MTA/postfix/index.html
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ makedefs            | 2 +-
+ src/util/sys_defs.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/makedefs b/makedefs
+index 74b103d..fe8c618 100644
+--- a/makedefs
++++ b/makedefs
+@@ -625,7 +625,7 @@ EOF
+ 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ 		: ${PLUGIN_LD="${CC-gcc} -shared"}
+ 		;;
+-    Linux.[3456].*)
++    Linux.[34567].*)
+ 		SYSTYPE=LINUX$RELEASE_MAJOR
+ 		case "$CCARGS" in
+ 		 *-DNO_DB*) ;;
+diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
+index 70aab23..c5472eb 100644
+--- a/src/util/sys_defs.h
++++ b/src/util/sys_defs.h
+@@ -763,7 +763,7 @@ extern int initgroups(const char *, int);
+   * LINUX.
+   */
+ #if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) \
+-	|| defined(LINUX6)
++	|| defined(LINUX6) || defined(LINUX7)
+ #define SUPPORTED
+ #define UINT32_TYPE	unsigned int
+ #define UINT16_TYPE	unsigned short
+-- 
+2.53.0
+
diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb b/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb
index a66ecc0b5d..6b82c04fbe 100644
--- a/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb
+++ b/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P
            file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \
            file://0004-Fix-icu-config.patch \
            file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \
+           file://0001-makedefs-Account-for-linux-7.x-version.patch \
            "
 
 SRC_URI[sha256sum] = "31d4b3eb8093d823b5a151f571719ff7c0462571bc95e6440d87ca525bfb096c"
-- 
2.53.0

[wrynose][meta-networking][PATCH 14/29] proftpd: upgrade 1.3.9 -> 1.3.9a

[Anuj Mittal]

From: Yi Zhao <yi.zhao@windriver.com>

Security fix: CVE-2026-42167

ChangeLog:
https://github.com/proftpd/proftpd/blob/1.3.9/NEWS

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 7381ae9d2409bbf7c358db4834741651fd1e740d)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../proftpd/{proftpd_1.3.9.bb => proftpd_1.3.9a.bb}           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-networking/recipes-daemons/proftpd/{proftpd_1.3.9.bb => proftpd_1.3.9a.bb} (98%)

diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9a.bb
similarity index 98%
rename from meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb
rename to meta-networking/recipes-daemons/proftpd/proftpd_1.3.9a.bb
index d64e0a0495..2e164a574b 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9a.bb
@@ -4,8 +4,8 @@ HOMEPAGE = "http://www.proftpd.org"
 LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=fb0d1484d11915fa88a6a7702f1dc184"
 
-SRCREV = "ae25959adb05ae1d6ebfa1f36bf778c9c34e9410"
-BRANCH = "${PV}"
+SRCREV = "ec8a5544e81df54e202f52f1f70d206439389577"
+BRANCH = "1.3.9"
 
 SRC_URI = "git://github.com/proftpd/proftpd.git;branch=${BRANCH};protocol=https;tag=v${PV} \
            file://basic.conf.patch \
-- 
2.53.0

[wrynose][meta-oe][PATCH 15/29] cryptsetup: update udev package config

[Anuj Mittal]

From: Peter Marko <peter.marko@siemens.com>

Commit 1ca8df16af411871e10f268064570146cdef54cb fixed a build problem in
wrong way. Relevant rules from lvm2-udevrules were merged into
libdevmapper (which was previously pulled by the rules package), however
instead of that, the whole lvm2 package was added as dependency (which
then pulls the needed libdevmapper).
That is a huge package completely unneeded and due to that, this new
dependency was later changed to recommendation.

Switch to libdevmapper instead of whole lvm2.
Keep recommendation for now as it gives more flexibility.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit a5e9c8141a0533545e87f69d57d399acc2b3910b)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.8.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.8.6.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.8.6.bb
index c74b7a1f35..c754131e3f 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.8.6.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.8.6.bb
@@ -57,7 +57,7 @@ PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
 PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption"
 PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
 PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
-PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,,udev lvm2"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,,udev libdevmapper"
 PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
 # gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
 # recognized.
-- 
2.53.0

[wrynose][meta-networking][PATCH 16/29] postfix: upgrade 3.10.8 -> 3.10.9

[Anuj Mittal]

From: Yi Zhao <yi.zhao@windriver.com>

Security fix: CVE-2026-43964

Add a patch to fix build with musl.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 7c6ce9d10011094591a4449a977e5760d38711e8)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../files/0001-Fix-build-with-musl.patch      | 50 +++++++++++++++++++
 .../{postfix_3.10.8.bb => postfix_3.10.9.bb}  |  3 +-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-daemons/postfix/files/0001-Fix-build-with-musl.patch
 rename meta-networking/recipes-daemons/postfix/{postfix_3.10.8.bb => postfix_3.10.9.bb} (98%)

diff --git a/meta-networking/recipes-daemons/postfix/files/0001-Fix-build-with-musl.patch b/meta-networking/recipes-daemons/postfix/files/0001-Fix-build-with-musl.patch
new file mode 100644
index 0000000000..d09418eaac
--- /dev/null
+++ b/meta-networking/recipes-daemons/postfix/files/0001-Fix-build-with-musl.patch
@@ -0,0 +1,50 @@
+From cbe5ba0deeba6329eed63eade06bb8c062d0d445 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Fri, 8 May 2026 22:39:54 +0800
+Subject: [PATCH] Fix build with musl
+
+Guard glibc-specific version check with __GLIBC__ macro. When building
+with musl, __GLIBC__ is not defined, so the preprocessor previously fell
+through to the #else branch and defined NO_SNPRINTF, causing a build
+error:
+
+vbuf_print.c: In function 'vbuf_print':
+vbuf_print.c:208:46: error: macro 'VBUF_SNPRINTF' passed 5 arguments, but takes just 4
+  208 |                     VSTRING_ADDNUM(fmt, width);
+      |                                              ^
+vbuf_print.c:126:9: note: macro 'VBUF_SNPRINTF' defined here
+  126 | #define VBUF_SNPRINTF(bp, sz, fmt, arg) do { \
+      |         ^~~~~~~~~~~~~
+
+Wrap the entire block in #ifdef __GLIBC__ so that neither branch
+is entered on musl.
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/util/sys_defs.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
+index 74319f2..6d3c7d2 100644
+--- a/src/util/sys_defs.h
++++ b/src/util/sys_defs.h
+@@ -794,12 +794,14 @@ extern int initgroups(const char *, int);
+ #define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases"
+ #define NATIVE_COMMAND_DIR "/usr/sbin"
+ #define NATIVE_DAEMON_DIR "/usr/libexec/postfix"
++#ifdef __GLIBC__
+ #if HAVE_GLIBC_API_VERSION_SUPPORT(2, 1)
+ #define SOCKADDR_SIZE	socklen_t
+ #define SOCKOPT_SIZE	socklen_t
+ #else
+ #define NO_SNPRINTF
+ #endif
++#endif
+ #ifndef NO_IPV6
+ #define HAS_IPV6
+ #if HAVE_GLIBC_API_VERSION_SUPPORT(2, 4)
+-- 
+2.34.1
+
diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb b/meta-networking/recipes-daemons/postfix/postfix_3.10.9.bb
similarity index 98%
rename from meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb
rename to meta-networking/recipes-daemons/postfix/postfix_3.10.9.bb
index 6b82c04fbe..633e4a7a0d 100644
--- a/meta-networking/recipes-daemons/postfix/postfix_3.10.8.bb
+++ b/meta-networking/recipes-daemons/postfix/postfix_3.10.9.bb
@@ -27,9 +27,10 @@ SRC_URI = "http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P
            file://0004-Fix-icu-config.patch \
            file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \
            file://0001-makedefs-Account-for-linux-7.x-version.patch \
+           file://0001-Fix-build-with-musl.patch \
            "
 
-SRC_URI[sha256sum] = "31d4b3eb8093d823b5a151f571719ff7c0462571bc95e6440d87ca525bfb096c"
+SRC_URI[sha256sum] = "d4b4daab0af2e0c16c0d2d5ac3c7680d5ebd2001ea054f7f2a601c759801bc13"
 
 UPSTREAM_CHECK_URI = "https://www.postfix.org/announcements.html"
 UPSTREAM_CHECK_REGEX = "postfix-(?P<pver>\d+(\.\d+)+)"
-- 
2.53.0

[wrynose][meta-oe][PATCH 17/29] jsoncpp: Fix C++11 ABI breakage when compiled with C++17

[Anuj Mittal]

From: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>

When jsoncpp is built with C++17, 1.9.7 drops several legacy overloads
that C++11 consumers can still link against.

Backport the upstream fix to restore compatibility.

Fixes errors such as:
|  undefined reference to `Json::Value::operator[](char const*)'

Patch can be dropped when we move to 1.9.8.

Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 9be9388574bbddcd6f51ffa0f006e42a11ddcf81)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 ...akage-when-compiled-with-C-17-1668-1.patch | 368 ++++++++++++++++++
 .../recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb |   1 +
 2 files changed, 369 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch

diff --git a/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch b/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch
new file mode 100644
index 0000000000..887bf14d2a
--- /dev/null
+++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch
@@ -0,0 +1,368 @@
+From c67034e4b4c722579ee15fddb8e4af8f04252b08 Mon Sep 17 00:00:00 2001
+From: Jordan Bayles <bayles.jordan@gmail.com>
+Date: Thu, 9 Apr 2026 10:37:08 -0700
+Subject: [PATCH] Fix C++11 ABI breakage when compiled with C++17 #1668 (#1675)
+
+When JSONCPP_HAS_STRING_VIEW was defined, the library dropped the
+`const char*` and `const String&` overloads for `operator[]`, `get`,
+`removeMember`, and `isMember`, breaking ABI compatibility for projects
+consuming the library with C++11.
+
+This change unconditionally declares and defines the legacy overloads
+so they are always exported, restoring compatibility.
+
+This commit completely eliminates the ABI breakage that occurs across
+C++ standard boundaries when using `std::string_view`.
+
+Previously, when the library was built with C++17+, CMake would leak
+`JSONCPP_HAS_STRING_VIEW=1` as a PUBLIC definition. A C++11 consumer
+would receive this definition, attempt to parse the header, and fail
+with compiler errors because `std::string_view` is not available in
+their environment.
+
+Conversely, if the library was built in C++11 (without `string_view`
+symbols), a C++17 consumer would naturally define
+`JSONCPP_HAS_STRING_VIEW` based on `__cplusplus` inside `value.h`. The
+consumer would then call the declared `string_view` methods, resulting
+in linker errors because the methods weren't compiled into the library.
+
+By moving all `std::string_view` overloads directly into `value.h` as
+`inline` methods that delegate to the fundamental
+`const char*, const char*` methods:
+1. The consumer's compiler dictates whether the overloads are visible
+   (via `__cplusplus >= 201703L`).
+2. The consumer compiles the inline wrappers locally, removing any
+   reliance on the library's exported symbols for `std::string_view`.
+3. CMake no longer needs to pollute the consumer's environment with
+   PUBLIC compile definitions.
+
+Backported only the library/header changes. Upstream CI and example
+test additions are omitted.
+
+Upstream-Status: Backport [https://github.com/open-source-parsers/jsoncpp/commit/c67034e4b4c722579ee15fddb8e4af8f04252b08]
+Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>
+---
+ include/json/value.h        | 54 ++++++++++++++++++++----------
+ src/lib_json/CMakeLists.txt |  9 -----
+ src/lib_json/json_value.cpp | 66 -------------------------------------
+ 3 files changed, 36 insertions(+), 93 deletions(-)
+
+diff --git a/include/json/value.h b/include/json/value.h
+index f32f45609365..2007e6b4251d 100644
+--- a/include/json/value.h
++++ b/include/json/value.h
+@@ -357,7 +357,8 @@ public:
+   Value(const StaticString& value);
+   Value(const String& value);
+ #ifdef JSONCPP_HAS_STRING_VIEW
+-  Value(std::string_view value);
++  inline Value(std::string_view value)
++      : Value(value.data(), value.data() + value.length()) {}
+ #endif
+   Value(bool value);
+   Value(std::nullptr_t ptr) = delete;
+@@ -405,7 +406,14 @@ public:
+   /** Get string_view of string-value.
+    *  \return false if !string. (Seg-fault if str is NULL.)
+    */
+-  bool getString(std::string_view* str) const;
++  inline bool getString(std::string_view* str) const {
++    char const* begin;
++    char const* end;
++    if (!getString(&begin, &end))
++      return false;
++    *str = std::string_view(begin, static_cast<size_t>(end - begin));
++    return true;
++  }
+ #endif
+   Int asInt() const;
+   UInt asUInt() const;
+@@ -496,12 +504,19 @@ public:
+ #ifdef JSONCPP_HAS_STRING_VIEW
+   /// Access an object value by name, create a null member if it does not exist.
+   /// \param key may contain embedded nulls.
+-  Value& operator[](std::string_view key);
++  inline Value& operator[](std::string_view key) {
++    return resolveReference(key.data(), key.data() + key.length());
++  }
+   /// Access an object value by name, returns null if there is no member with
+   /// that name.
+   /// \param key may contain embedded nulls.
+-  const Value& operator[](std::string_view key) const;
+-#else
++  inline const Value& operator[](std::string_view key) const {
++    Value const* found = find(key.data(), key.data() + key.length());
++    if (!found)
++      return nullSingleton();
++    return *found;
++  }
++#endif
+   /// Access an object value by name, create a null member if it does not exist.
+   /// \note Because of our implementation, keys are limited to 2^30 -1 chars.
+   /// Exceeding that will cause an exception.
+@@ -516,7 +531,6 @@ public:
+   /// that name.
+   /// \param key may contain embedded nulls.
+   const Value& operator[](const String& key) const;
+-#endif
+   /** \brief Access an object value by name, create a null member if it does not
+    * exist.
+    *
+@@ -533,8 +547,10 @@ public:
+ #ifdef JSONCPP_HAS_STRING_VIEW
+   /// Return the member named key if it exist, defaultValue otherwise.
+   /// \note deep copy
+-  Value get(std::string_view key, const Value& defaultValue) const;
+-#else
++  inline Value get(std::string_view key, const Value& defaultValue) const {
++    return get(key.data(), key.data() + key.length(), defaultValue);
++  }
++#endif
+   /// Return the member named key if it exist, defaultValue otherwise.
+   /// \note deep copy
+   Value get(const char* key, const Value& defaultValue) const;
+@@ -542,7 +558,6 @@ public:
+   /// \note deep copy
+   /// \param key may contain embedded nulls.
+   Value get(const String& key, const Value& defaultValue) const;
+-#endif
+   /// Return the member named key if it exist, defaultValue otherwise.
+   /// \note deep copy
+   /// \note key may contain embedded nulls.
+@@ -588,13 +603,14 @@ public:
+   /// \pre type() is objectValue or nullValue
+   /// \post type() is unchanged
+ #if JSONCPP_HAS_STRING_VIEW
+-  void removeMember(std::string_view key);
+-#else
++  inline void removeMember(std::string_view key) {
++    removeMember(key.data(), key.data() + key.length(), nullptr);
++  }
++#endif
+   void removeMember(const char* key);
+   /// Same as removeMember(const char*)
+   /// \param key may contain embedded nulls.
+   void removeMember(const String& key);
+-#endif
+   /** \brief Remove the named map member.
+    *
+    *  Update 'removed' iff removed.
+@@ -602,13 +618,14 @@ public:
+    *  \return true iff removed (no exceptions)
+    */
+ #if JSONCPP_HAS_STRING_VIEW
+-  bool removeMember(std::string_view key, Value* removed);
+-#else
++  inline bool removeMember(std::string_view key, Value* removed) {
++    return removeMember(key.data(), key.data() + key.length(), removed);
++  }
++#endif
+   bool removeMember(String const& key, Value* removed);
+   /// Same as removeMember(const char* begin, const char* end, Value* removed),
+   /// but 'key' is null-terminated.
+   bool removeMember(const char* key, Value* removed);
+-#endif
+   /// Same as removeMember(String const& key, Value* removed)
+   bool removeMember(const char* begin, const char* end, Value* removed);
+   /** \brief Remove the indexed array element.
+@@ -622,15 +639,16 @@ public:
+ #ifdef JSONCPP_HAS_STRING_VIEW
+   /// Return true if the object has a member named key.
+   /// \param key may contain embedded nulls.
+-  bool isMember(std::string_view key) const;
+-#else
++  inline bool isMember(std::string_view key) const {
++    return isMember(key.data(), key.data() + key.length());
++  }
++#endif
+   /// Return true if the object has a member named key.
+   /// \note 'key' must be null-terminated.
+   bool isMember(const char* key) const;
+   /// Return true if the object has a member named key.
+   /// \param key may contain embedded nulls.
+   bool isMember(const String& key) const;
+-#endif
+   /// Same as isMember(String const& key)const
+   bool isMember(const char* begin, const char* end) const;
+
+diff --git a/src/lib_json/CMakeLists.txt b/src/lib_json/CMakeLists.txt
+index 03e9335525ca..a0695e9eba83 100644
+--- a/src/lib_json/CMakeLists.txt
++++ b/src/lib_json/CMakeLists.txt
+@@ -131,9 +131,6 @@ if(BUILD_SHARED_LIBS)
+
+     target_compile_features(${SHARED_LIB} PUBLIC ${REQUIRED_FEATURES})
+
+-    if(JSONCPP_HAS_STRING_VIEW)
+-        target_compile_definitions(${SHARED_LIB} PUBLIC JSONCPP_HAS_STRING_VIEW=1)
+-    endif()
+
+     target_include_directories(${SHARED_LIB} PUBLIC
+         $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
+@@ -168,9 +165,6 @@ if(BUILD_STATIC_LIBS)
+
+     target_compile_features(${STATIC_LIB} PUBLIC ${REQUIRED_FEATURES})
+
+-    if(JSONCPP_HAS_STRING_VIEW)
+-        target_compile_definitions(${STATIC_LIB} PUBLIC JSONCPP_HAS_STRING_VIEW=1)
+-    endif()
+
+     target_include_directories(${STATIC_LIB} PUBLIC
+         $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
+@@ -198,9 +192,6 @@ if(BUILD_OBJECT_LIBS)
+
+     target_compile_features(${OBJECT_LIB} PUBLIC ${REQUIRED_FEATURES})
+
+-    if(JSONCPP_HAS_STRING_VIEW)
+-        target_compile_definitions(${OBJECT_LIB} PUBLIC JSONCPP_HAS_STRING_VIEW=1)
+-    endif()
+
+     target_include_directories(${OBJECT_LIB} PUBLIC
+         $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
+diff --git a/src/lib_json/json_value.cpp b/src/lib_json/json_value.cpp
+index 74f77896fa7b..a8eb72d6b75f 100644
+--- a/src/lib_json/json_value.cpp
++++ b/src/lib_json/json_value.cpp
+@@ -441,14 +441,6 @@ Value::Value(const String& value) {
+       value.data(), static_cast<unsigned>(value.length()));
+ }
+
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-Value::Value(std::string_view value) {
+-  initBasic(stringValue, true);
+-  value_.string_ = duplicateAndPrefixStringValue(
+-      value.data(), static_cast<unsigned>(value.length()));
+-}
+-#endif
+-
+ Value::Value(const StaticString& value) {
+   initBasic(stringValue);
+   value_.string_ = const_cast<char*>(value.c_str());
+@@ -656,21 +648,6 @@ bool Value::getString(char const** begin, char const** end) const {
+   return true;
+ }
+
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-bool Value::getString(std::string_view* str) const {
+-  if (type() != stringValue)
+-    return false;
+-  if (value_.string_ == nullptr)
+-    return false;
+-  const char* begin;
+-  unsigned length;
+-  decodePrefixedString(this->isAllocated(), this->value_.string_, &length,
+-                       &begin);
+-  *str = std::string_view(begin, length);
+-  return true;
+-}
+-#endif
+-
+ String Value::asString() const {
+   switch (type()) {
+   case nullValue:
+@@ -1190,17 +1167,6 @@ Value* Value::demand(char const* begin, char const* end) {
+                       "objectValue or nullValue");
+   return &resolveReference(begin, end);
+ }
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-const Value& Value::operator[](std::string_view key) const {
+-  Value const* found = find(key.data(), key.data() + key.length());
+-  if (!found)
+-    return nullSingleton();
+-  return *found;
+-}
+-Value& Value::operator[](std::string_view key) {
+-  return resolveReference(key.data(), key.data() + key.length());
+-}
+-#else
+ const Value& Value::operator[](const char* key) const {
+   Value const* found = find(key, key + strlen(key));
+   if (!found)
+@@ -1221,7 +1187,6 @@ Value& Value::operator[](const char* key) {
+ Value& Value::operator[](const String& key) {
+   return resolveReference(key.data(), key.data() + key.length());
+ }
+-#endif
+
+ Value& Value::operator[](const StaticString& key) {
+   return resolveReference(key.c_str());
+@@ -1261,18 +1226,12 @@ Value Value::get(char const* begin, char const* end,
+   Value const* found = find(begin, end);
+   return !found ? defaultValue : *found;
+ }
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-Value Value::get(std::string_view key, const Value& defaultValue) const {
+-  return get(key.data(), key.data() + key.length(), defaultValue);
+-}
+-#else
+ Value Value::get(char const* key, Value const& defaultValue) const {
+   return get(key, key + strlen(key), defaultValue);
+ }
+ Value Value::get(String const& key, Value const& defaultValue) const {
+   return get(key.data(), key.data() + key.length(), defaultValue);
+ }
+-#endif
+
+ bool Value::removeMember(const char* begin, const char* end, Value* removed) {
+   if (type() != objectValue) {
+@@ -1288,31 +1247,13 @@ bool Value::removeMember(const char* begin, const char* end, Value* removed) {
+   value_.map_->erase(it);
+   return true;
+ }
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-bool Value::removeMember(std::string_view key, Value* removed) {
+-  return removeMember(key.data(), key.data() + key.length(), removed);
+-}
+-#else
+ bool Value::removeMember(const char* key, Value* removed) {
+   return removeMember(key, key + strlen(key), removed);
+ }
+ bool Value::removeMember(String const& key, Value* removed) {
+   return removeMember(key.data(), key.data() + key.length(), removed);
+ }
+-#endif
+-
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-void Value::removeMember(std::string_view key) {
+-  JSON_ASSERT_MESSAGE(type() == nullValue || type() == objectValue,
+-                      "in Json::Value::removeMember(): requires objectValue");
+-  if (type() == nullValue)
+-    return;
+
+-  CZString actualKey(key.data(), unsigned(key.length()),
+-                     CZString::noDuplication);
+-  value_.map_->erase(actualKey);
+-}
+-#else
+ void Value::removeMember(const char* key) {
+   JSON_ASSERT_MESSAGE(type() == nullValue || type() == objectValue,
+                       "in Json::Value::removeMember(): requires objectValue");
+@@ -1323,7 +1264,6 @@ void Value::removeMember(const char* key) {
+   value_.map_->erase(actualKey);
+ }
+ void Value::removeMember(const String& key) { removeMember(key.c_str()); }
+-#endif
+
+ bool Value::removeIndex(ArrayIndex index, Value* removed) {
+   if (type() != arrayValue) {
+@@ -1353,18 +1293,12 @@ bool Value::isMember(char const* begin, char const* end) const {
+   Value const* value = find(begin, end);
+   return nullptr != value;
+ }
+-#ifdef JSONCPP_HAS_STRING_VIEW
+-bool Value::isMember(std::string_view key) const {
+-  return isMember(key.data(), key.data() + key.length());
+-}
+-#else
+ bool Value::isMember(char const* key) const {
+   return isMember(key, key + strlen(key));
+ }
+ bool Value::isMember(String const& key) const {
+   return isMember(key.data(), key.data() + key.length());
+ }
+-#endif
+
+ Value::Members Value::getMemberNames() const {
+   JSON_ASSERT_MESSAGE(
+--
+2.43.0
diff --git a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb
index 797f093f33..354f4e9115 100644
--- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb
+++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb
@@ -15,6 +15,7 @@ PE = "1"
 
 SRCREV = "3455302847cf1e4671f1d8f5fa953fd46a7b1404"
 SRC_URI = "git://github.com/open-source-parsers/jsoncpp;branch=master;protocol=https;tag=${PV} \
+           file://0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch \
            file://run-ptest \
            "
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 18/29] pkcs11-provider: fix build error on 32 bit systems

[Anuj Mittal]

From: Fabian Pflug <f.pflug@pengutronix.de>

PKCS11 Provider did not build on 32 bit systems. Fixed Upstream with
https://github.com/openssl-projects/pkcs11-provider/pull/689

Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 3608cfdc5b3374ffe31bae81ce25ec69d9d20252)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 ...-Fix-i686-build-failures-in-cipher.c.patch | 62 +++++++++++++++++++
 .../pkcs11-provider/pkcs11-provider_1.2.bb    |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 meta-oe/recipes-support/pkcs11-provider/files/0001-Fix-i686-build-failures-in-cipher.c.patch

diff --git a/meta-oe/recipes-support/pkcs11-provider/files/0001-Fix-i686-build-failures-in-cipher.c.patch b/meta-oe/recipes-support/pkcs11-provider/files/0001-Fix-i686-build-failures-in-cipher.c.patch
new file mode 100644
index 0000000000..479608b8f3
--- /dev/null
+++ b/meta-oe/recipes-support/pkcs11-provider/files/0001-Fix-i686-build-failures-in-cipher.c.patch
@@ -0,0 +1,62 @@
+From aec4fe7e3c4d18cd5d0f98168df5884a141c6b69 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 19 Feb 2026 16:08:56 -0500
+Subject: [PATCH] Fix i686 build failures in cipher.c
+
+Update AEAD functions to use CK_ULONG pointers for lengths and
+introduce a temporary size_t variable for OSSL_PARAM calls. This
+corrects pointer type mismatches that caused build failures in
+Fedora Rawhide i686 scratch builds.
+
+Upstream-Status: Backport [aec4fe7e3c4d18cd5d0f98168df5884a141c6b69]
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ src/cipher.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/cipher.c b/src/cipher.c
+index faaa51b..4ccd3ad 100644
+--- a/src/cipher.c
++++ b/src/cipher.c
+@@ -867,7 +867,7 @@ static CK_RV tls_aead_get_data(CK_MECHANISM_PTR mech, data_buffer *explicitiv,
+ 
+ static CK_RV tls_pre_aead(struct p11prov_cipher_ctx *cctx,
+                           const unsigned char **in, size_t *inl,
+-                          unsigned char **out, size_t *outl)
++                          unsigned char **out, CK_ULONG *outl)
+ {
+     data_buffer iv = { 0 };
+     data_buffer tag = { 0 };
+@@ -906,7 +906,7 @@ static CK_RV tls_pre_aead(struct p11prov_cipher_ctx *cctx,
+ }
+ 
+ static CK_RV tls_post_aead(struct p11prov_cipher_ctx *cctx, unsigned char *out,
+-                           size_t *outl)
++                           CK_ULONG *outl)
+ {
+     data_buffer explicitiv = { 0 };
+     data_buffer tag = { 0 };
+@@ -1475,15 +1475,16 @@ static int p11prov_common_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+                 return RET_OSSL_ERR;
+             }
+ 
+-            int ret = OSSL_PARAM_get_octet_string(
+-                p, (void **)&gcm->pIv, gcm->ulIvLen, &gcm->ulIvFixedBits);
++            size_t iv_size;
++            int ret = OSSL_PARAM_get_octet_string(p, (void **)&gcm->pIv,
++                                                  gcm->ulIvLen, &iv_size);
+             if (ret != RET_OSSL_OK || gcm->pIv == NULL) {
+                 P11PROV_raise(ctx->provctx, CKR_HOST_MEMORY,
+                               "Memory allocation failed");
+                 return RET_OSSL_ERR;
+             }
+ 
+-            gcm->ulIvFixedBits = BYTES_TO_BITS(gcm->ulIvFixedBits);
++            gcm->ulIvFixedBits = BYTES_TO_BITS(iv_size);
+             gcm->ivGenerator = CKG_GENERATE_COUNTER;
+         } else {
+             P11PROV_raise(ctx->provctx, CKR_MECHANISM_PARAM_INVALID,
+-- 
+2.47.3
+
diff --git a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb
index 1bdb4445e5..d95706d9e3 100644
--- a/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb
+++ b/meta-oe/recipes-support/pkcs11-provider/pkcs11-provider_1.2.bb
@@ -19,6 +19,7 @@ SRCREV = "c7a5c8b62a0ff012b16574f01651254ef7e664ee"
 
 SRC_URI = "git://github.com/latchset/${BPN}.git;branch=main;protocol=https"
 
+SRC_URI += "file://0001-Fix-i686-build-failures-in-cipher.c.patch"
 
 inherit meson pkgconfig
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 19/29] kmscon: upgrade 9.3.3 -> 9.3.5

[Anuj Mittal]

From: Adam Duskett <adam.duskett@amarulasolutions.com>

Changelog:
https://github.com/kmscon/kmscon/releases/tag/v9.3.5

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit f36312669ce6c501c603e4cbfbe1cf6112d0f146)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../kmscon/{kmscon_9.3.3.bb => kmscon_9.3.5.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-graphics/kmscon/{kmscon_9.3.3.bb => kmscon_9.3.5.bb} (97%)

diff --git a/meta-oe/recipes-graphics/kmscon/kmscon_9.3.3.bb b/meta-oe/recipes-graphics/kmscon/kmscon_9.3.5.bb
similarity index 97%
rename from meta-oe/recipes-graphics/kmscon/kmscon_9.3.3.bb
rename to meta-oe/recipes-graphics/kmscon/kmscon_9.3.5.bb
index 46550bb6d1..b730faf414 100644
--- a/meta-oe/recipes-graphics/kmscon/kmscon_9.3.3.bb
+++ b/meta-oe/recipes-graphics/kmscon/kmscon_9.3.5.bb
@@ -21,7 +21,7 @@ DEPENDS = "\
 "
 
 SRC_URI = "git://github.com/kmscon/kmscon;protocol=https;branch=main;tag=v${PV}"
-SRCREV = "03e50c7db0489daaa41b5f62946fd6aaeab63a6e"
+SRCREV = "a8832afb1dcca5bb4c0476d4c13c7239fecbd93a"
 
 inherit meson pkgconfig systemd
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 20/29] thin-provisioning-tools: fix compile failure on 32bit BSPs

[Anuj Mittal]

From: Hongxu Jia <hongxu.jia@windriver.com>

$ echo 'MACHINE = "qemux86"' >> conf/local.conf
$ bitbake thin-provisioning-tools
```
error[E0080]: index out of bounds: the length is 1 but the index is 4
--> tmp/work/core2-32-wrs-linux/thin-provisioning-tools/1.3.1/build/target/release/build/devicemapper-sys-f88f57f28cd965d2/out/dm-bindings.rs:3:8718
|
3 | ...usize] ; ["Alignment of dm_ioctl"] [:: std :: mem :: align_of :: < dm_ioctl > () - 4usize] ; ["Offset of field: dm_ioctl::version"...
|             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ evaluation of `_` failed here
```

Inherit siteinfo to use SITEINFO_BITS replace TUNE_FEATURES
to test 32bit BSPs

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 4fe6bf337a732e3efd2c14472a8991f0d4eefec7)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../thin-provisioning-tools/thin-provisioning-tools_1.3.1.bb  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_1.3.1.bb b/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_1.3.1.bb
index 4d8d2a04df..bdfadc04e8 100644
--- a/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_1.3.1.bb
+++ b/meta-oe/recipes-support/thin-provisioning-tools/thin-provisioning-tools_1.3.1.bb
@@ -10,7 +10,7 @@ SRC_URI = " \
     git://github.com/device-mapper-utils/thin-provisioning-tools;branch=main;protocol=https;tag=v${PV} \
     file://0001-Use-portable-atomics-crate.patch \
     file://disable-cargo-metadata.patch \
-    ${@bb.utils.contains('TUNE_FEATURES', '32', \
+    ${@bb.utils.contains('SITEINFO_BITS', '32', \
         'file://dms-no-layout-check.patch;patchdir=${CARGO_VENDORING_DIRECTORY}/devicemapper-sys-0.3.3', \
         '', d)} \
     "
@@ -19,7 +19,7 @@ SRCREV = "8b663fb4c6fb8e52ca06cea57b986c5ba45f668d"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
 
 inherit cargo cargo-update-recipe-crates
-inherit pkgconfig
+inherit pkgconfig siteinfo
 
 DEPENDS += "udev libdevmapper libdevmapper-native clang-native"
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 21/29] iwd: depend on the regulatory database

[Anuj Mittal]

From: Ross Burton <ross.burton@arm.com>

Doing wifi without the regulatory database is not good, so add a runtime
dependency to iwd to ensure that it gets pulled into the image for the
kernel drivers to use.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 51ed0fcecd3c3a7138319b3e3bcb6315add30356)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-connectivity/iwd/iwd_3.12.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-connectivity/iwd/iwd_3.12.bb b/meta-oe/recipes-connectivity/iwd/iwd_3.12.bb
index a53137537e..073814d89d 100644
--- a/meta-oe/recipes-connectivity/iwd/iwd_3.12.bb
+++ b/meta-oe/recipes-connectivity/iwd/iwd_3.12.bb
@@ -59,4 +59,5 @@ RRECOMMENDS:${PN} = "\
     kernel-module-pkcs7-message \
     kernel-module-pkcs8-key-parser \
     kernel-module-x509-key-parser \
+    wireless-regdb-static \
 "
-- 
2.53.0

[wrynose][meta-oe][PATCH 22/29] valkey: upgrade 9.0.3 -> 9.0.4

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
============
(CVE-2026-23479) Use-After-Free in unblock client flow
(CVE-2026-25243) Invalid Memory Access in RESTORE command
(CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit d47ea6487bec792fc3eb01909e4426cb610f22d7)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../valkey/{valkey_9.0.3.bb => valkey_9.0.4.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-extended/valkey/{valkey_9.0.3.bb => valkey_9.0.4.bb} (98%)

diff --git a/meta-oe/recipes-extended/valkey/valkey_9.0.3.bb b/meta-oe/recipes-extended/valkey/valkey_9.0.4.bb
similarity index 98%
rename from meta-oe/recipes-extended/valkey/valkey_9.0.3.bb
rename to meta-oe/recipes-extended/valkey/valkey_9.0.4.bb
index 1842befdee..93e37a922a 100644
--- a/meta-oe/recipes-extended/valkey/valkey_9.0.3.bb
+++ b/meta-oe/recipes-extended/valkey/valkey_9.0.4.bb
@@ -15,7 +15,7 @@ SRC_URI = "git://github.com/valkey-io/valkey.git;branch=9.0;protocol=https;tag=$
            file://0001-src-Do-not-reset-FINAL_LIBS.patch \
            file://GNU_SOURCE-7.patch \
            "
-SRCREV = "6e63ad9ccdceea562a6ea9ea9df9160c0d1109d6"
+SRCREV = "1cbee84ba69b54c3510597965fc4320ce716a6f4"
 
 RPROVIDES:${PN} = "virtual-redis"
 
-- 
2.53.0

[wrynose][meta-perl][PATCH 23/29] libauthen-sasl-perl: upgrade 2.1800 -> 2.2000

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

[Added]
   - Documentation for the security layer
[Fixed]
  - CVE-2025-40918 (Insecure source of randomness),
    required addition of dependency on Crypt::URandom
  - Several public functions missing from the API documentation
[Changed]
  - Modules Authen::SASL::Perl::CRAM_MD5, Authen::SASL::Perl::DIGEST_MD5
    and Authen::SASL::CRAM_MD5 marked as deprecated based on the respective
    RFC documents; thanks to @robrwo for the suggestion and @neustradamus
    for the pointers to the documentation
  - Update module metadata to point to the new 'perl-authen-sasl' org
    on GitHub to which the modules moved
  - Use VERSION declarations in 'package' statements, since our minimum
    Perl version is 5.14 anyway

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit bfd93bafbba771386dde525fdc6202b21f0e85fb)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 ...authen-sasl-perl_2.1800.bb => libauthen-sasl-perl_2.2000.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-perl/recipes-perl/libauthen/{libauthen-sasl-perl_2.1800.bb => libauthen-sasl-perl_2.2000.bb} (92%)

diff --git a/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.1800.bb b/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.2000.bb
similarity index 92%
rename from meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.1800.bb
rename to meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.2000.bb
index 46a8506f10..5b8699e88b 100644
--- a/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.1800.bb
+++ b/meta-perl/recipes-perl/libauthen/libauthen-sasl-perl_2.2000.bb
@@ -14,7 +14,7 @@ RDEPENDS:${PN} = "libdigest-hmac-perl"
 SRC_URI = "${CPAN_MIRROR}/authors/id/E/EH/EHUELS/Authen-SASL-${PV}.tar.gz \
            file://run-ptest \
           "
-SRC_URI[sha256sum] = "0b03686bddbbf7d5c6548e468d079a4051c9b73851df740ae28cfd2db234e922"
+SRC_URI[sha256sum] = "8cdf5a7f185448b614471675dae5b26f8c6e330b62264c3ff5d91172d6889b99"
 
 S = "${UNPACKDIR}/Authen-SASL-${PV}"
 
-- 
2.53.0

[wrynose][meta-oe][PATCH 24/29] hunspell: upgrade 1.7.2 -> 1.7.3

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
===========
- Fix stack-buffer-overflow in Hunzip::getline
- Fix stack overflow in compound_check on Hungarian dictionaries
  under certain conditions
- Fix UB when SFX condition starts with '^' (#1095)
- Bounds-check continuation bytes in u8_u16 (#1110)
- oss-fuzz timeout/OOM hardenings
- Fix #715 CHECKCOMPOUNDCASE considers digits uppercase
- Fix #748 hzip: cannot write file
- Fix #1024 std::string bounds check
- Fix #1044 tools/analyze crash
- Fix #1076 flags 65520/65521 wrongly rejected
- Fix #1058 don't suggest the input word as its own correction
- Fix #1002 exact word marked as a near miss
- Fix tdf#125600 dotted-I regression
- Partial Unicode table refresh for Mc combining marks (#1057)
- Add Hunspell_add_with_flags / Hunspell::add_with_flags
- New SPELL_BEST_SUG flag, MAXBREAKDEPTH limit
- Replace clock() with std::chrono for suggestion time limits (#716)
- Improve exception safety (#587)
- Document analyze/stem/generate requirements (#554)
- Report iconv direction on private dic load failures (#619)
- Show dic load errors unconditionally (#1012)
- Rename es_EU to eu (#1113)
- Build fixes: out-of-tree, Windows ARM64, MSVC hzip tmpfile (#919),
  --disable-shared with mingw32 (#698), iconv on msys2 (#723),
  ncurses with separate tinfo
- New fuzzers: hzfuzzer, persdicfuzzer, parserfuzzer, affdicfuzzer
- Coverity-flagged fixes
- Merge in weblate translations

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit dad06c74bb94e509ecb03b89fb6655cc67604968)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../hunspell/{hunspell_1.7.2.bb => hunspell_1.7.3.bb}         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-support/hunspell/{hunspell_1.7.2.bb => hunspell_1.7.3.bb} (89%)

diff --git a/meta-oe/recipes-support/hunspell/hunspell_1.7.2.bb b/meta-oe/recipes-support/hunspell/hunspell_1.7.3.bb
similarity index 89%
rename from meta-oe/recipes-support/hunspell/hunspell_1.7.2.bb
rename to meta-oe/recipes-support/hunspell/hunspell_1.7.3.bb
index 67a51f5c9f..94ed985c42 100644
--- a/meta-oe/recipes-support/hunspell/hunspell_1.7.2.bb
+++ b/meta-oe/recipes-support/hunspell/hunspell_1.7.3.bb
@@ -6,8 +6,8 @@ LIC_FILES_CHKSUM = " \
     file://COPYING.LESSER;md5=c96ca6c1de8adc025adfada81d06fba5 \
 "
 
-SRCREV = "2969be996acad84b91ab3875b1816636fe61a40e"
-SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https"
+SRCREV = "c5f98152a274e25b5107101104bef632b83a0cc9"
+SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=v${PV}"
 
 
 inherit autotools pkgconfig gettext
-- 
2.53.0

[wrynose][meta-xfce][PATCH 25/29] orage: upgrade 4.20.2 -> 4.20.3

[Anuj Mittal]

From: Jason Schonberg <schonm@gmail.com>

- Fixed use-after-free in sound command execution (Issues #47 and #48).

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 3bdbc82938282afc6d49c3bf25beb2d0db073b6c)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../recipes-apps/orage/{orage_4.20.2.bb => orage_4.20.3.bb}     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-xfce/recipes-apps/orage/{orage_4.20.2.bb => orage_4.20.3.bb} (88%)

diff --git a/meta-xfce/recipes-apps/orage/orage_4.20.2.bb b/meta-xfce/recipes-apps/orage/orage_4.20.3.bb
similarity index 88%
rename from meta-xfce/recipes-apps/orage/orage_4.20.2.bb
rename to meta-xfce/recipes-apps/orage/orage_4.20.3.bb
index 461e471146..d3727f25df 100644
--- a/meta-xfce/recipes-apps/orage/orage_4.20.2.bb
+++ b/meta-xfce/recipes-apps/orage/orage_4.20.3.bb
@@ -7,7 +7,7 @@ DEPENDS = "gtk+ xfce4-panel libical popt"
 
 inherit xfce-app mime-xdg
 
-SRC_URI[sha256sum] = "6bfd3da084c2977fb5cee26c8e94bf55e358da8e86dd2a83c6fa9174f24672a1"
+SRC_URI[sha256sum] = "d9f6a3bcd1fdcd83d8277bc1996684a02d06ef60492b69c2404815f3314d640e"
 
 PACKAGECONFIG ??= "notify"
 PACKAGECONFIG[notify] = "--enable-libnotify,--disable-libnotify,libnotify"
-- 
2.53.0

[wrynose][meta-networking][PATCH 26/29] znc: upgrade 1.10.1 -> 1.10.2

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
=============
- Fix build with SWIG 4.4.
- Fix build in the event some parts of Boost are installed but Boost.Locale is not.
- Make GetClient() work in the OnClientGetSASLMechanisms module callback.
- Stop accidentally requiring new perl 5.35.1, regression from 1.10.0.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 8b4ce3276c57cf2408f97a26a91464263e971e49)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../recipes-irc/znc/{znc_1.10.1.bb => znc_1.10.2.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-irc/znc/{znc_1.10.1.bb => znc_1.10.2.bb} (94%)

diff --git a/meta-networking/recipes-irc/znc/znc_1.10.1.bb b/meta-networking/recipes-irc/znc/znc_1.10.2.bb
similarity index 94%
rename from meta-networking/recipes-irc/znc/znc_1.10.1.bb
rename to meta-networking/recipes-irc/znc/znc_1.10.2.bb
index 4477068bba..7793813234 100644
--- a/meta-networking/recipes-irc/znc/znc_1.10.1.bb
+++ b/meta-networking/recipes-irc/znc/znc_1.10.2.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 DEPENDS = "zlib"
 SRC_URI = "gitsm://github.com/znc/znc.git;branch=master;protocol=https;tag=${BP}"
 
-SRCREV = "29694fd26f5e9ec46731ee13bf66224181984966"
+SRCREV = "59af2206c62724eec0d8c43d3c1c0b70610ca1d9"
 
 inherit cmake pkgconfig
 
-- 
2.53.0

[wrynose][meta-python][PATCH 27/29] python3-ujson: upgrade 5.12.0 -> 5.12.1

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
==========
- Fix encoding ref leak with non-English character
- Fix memory leak when ujson.dump() is unable to write to its file

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 6887661fec82e3472553ec982c49fef36f8023cf)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../python/{python3-ujson_5.12.0.bb => python3-ujson_5.12.1.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-ujson_5.12.0.bb => python3-ujson_5.12.1.bb} (88%)

diff --git a/meta-python/recipes-devtools/python/python3-ujson_5.12.0.bb b/meta-python/recipes-devtools/python/python3-ujson_5.12.1.bb
similarity index 88%
rename from meta-python/recipes-devtools/python/python3-ujson_5.12.0.bb
rename to meta-python/recipes-devtools/python/python3-ujson_5.12.1.bb
index 14b8049f3d..8f8c6e23d4 100644
--- a/meta-python/recipes-devtools/python/python3-ujson_5.12.0.bb
+++ b/meta-python/recipes-devtools/python/python3-ujson_5.12.1.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "UltraJSON is an ultra fast JSON encoder and decoder written in pu
 LICENSE = "BSD-3-Clause & TCL"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=1e3768cfe2662fa77c49c9c2d3804d87"
 
-SRC_URI[sha256sum] = "14b2e1eb528d77bc0f4c5bd1a7ebc05e02b5b41beefb7e8567c9675b8b13bcf4"
+SRC_URI[sha256sum] = "5b7e96406c301a1366534479a7352ec40ec68bb327c0c119091635acd5925e35"
 
 inherit pypi ptest-python-pytest python_setuptools_build_meta
 
-- 
2.53.0

[wrynose][meta-networking][PATCH 28/29] nftables: improve reproducibility

[Anuj Mittal]

From: Yi Zhao <yi.zhao@windriver.com>

Use SOURCE_DATE_EPOCH to set MAKE_STAMP instead of using the current
time, thereby improving reproducibility.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit a3b407c9821509388fd4abd10b9f4c9fbf28cdaf)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 ...URCE_DATE_EPOCH-for-build-time-stamp.patch | 41 +++++++++++++++++++
 .../recipes-filter/nftables/nftables_1.1.6.bb |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta-networking/recipes-filter/nftables/nftables/0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch

diff --git a/meta-networking/recipes-filter/nftables/nftables/0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch b/meta-networking/recipes-filter/nftables/nftables/0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch
new file mode 100644
index 0000000000..f52ff28b21
--- /dev/null
+++ b/meta-networking/recipes-filter/nftables/nftables/0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch
@@ -0,0 +1,41 @@
+From fde27e62b241fb7d96de36a2fd6d7879c24f5de6 Mon Sep 17 00:00:00 2001
+From: Jeremy Sowden <jeremy@azazel.net>
+Date: Wed, 28 Jan 2026 18:31:07 +0000
+Subject: [PATCH] build: support `SOURCE_DATE_EPOCH` for build time-stamp
+
+In order to support reproducible builds, set the build time-stamp to the value
+of the environment variable, `SOURCE_DATE_EPOCH`, if set, and fall back to
+calling `date`, otherwise.
+
+Link: https://reproducible-builds.org/docs/source-date-epoch/
+Fixes: 64c07e38f049 ("table: Embed creating nft version into userdata")
+Reported-by: Arnout Engelen <arnout@bzzt.net>
+Closes: https://github.com/NixOS/nixpkgs/issues/478048
+Suggested-by: Philipp Bartsch <phil@grmr.de>
+Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+
+Upstream-Status: Backport [https://git.netfilter.org/nftables/commit/?id=ca86f206c92704170a295b8dc7a41f6448835dde]
+[Adjust patch for 1.1.6]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6825474..527049f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -165,7 +165,7 @@ AC_CONFIG_COMMANDS([nftversion.h], [
+ ])
+ # Current date should be fetched exactly once per build,
+ # so have 'make' call date and pass the value to every 'gcc' call
+-AC_SUBST([MAKE_STAMP], ["\$(shell date +%s)"])
++AC_SUBST([MAKE_STAMP], ["${SOURCE_DATE_EPOCH:-$(date +%s)}"])
+ 
+ AC_ARG_ENABLE([distcheck],
+ 	      AS_HELP_STRING([--enable-distcheck], [Build for distcheck]),
+-- 
+2.34.1
+
diff --git a/meta-networking/recipes-filter/nftables/nftables_1.1.6.bb b/meta-networking/recipes-filter/nftables/nftables_1.1.6.bb
index d27e60a18d..cc57db3c81 100644
--- a/meta-networking/recipes-filter/nftables/nftables_1.1.6.bb
+++ b/meta-networking/recipes-filter/nftables/nftables_1.1.6.bb
@@ -12,6 +12,7 @@ DEPENDS = "libmnl libnftnl bison-native \
            ${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}"
 
 SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.xz \
+           file://0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch \
            file://run-ptest \
           "
 SRC_URI[sha256sum] = "372931bda8556b310636a2f9020adc710f9bab66f47efe0ce90bff800ac2530c"
-- 
2.53.0

[wrynose][meta-oe][PATCH 29/29] libtsm: upgrade 4.4.3 -> 4.5.0

[Anuj Mittal]

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
=============
- Support for terminal bell and keyboard LEDs
- Fix build musl
- test/vte: fix memory leak in vte tests
- Refactor scrollback and selection
- screen: Fix wrong attribute for new cells when resizing
- Fix remove from sb
- Fix get next line
- Fix scrollback position
- test: robustness, make the test faster.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 6d7794e799c5c7a9c5ee4ef578706b1228ef20a6)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../libtsm/{libtsm_4.4.3.bb => libtsm_4.5.0.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-graphics/libtsm/{libtsm_4.4.3.bb => libtsm_4.5.0.bb} (95%)

diff --git a/meta-oe/recipes-graphics/libtsm/libtsm_4.4.3.bb b/meta-oe/recipes-graphics/libtsm/libtsm_4.5.0.bb
similarity index 95%
rename from meta-oe/recipes-graphics/libtsm/libtsm_4.4.3.bb
rename to meta-oe/recipes-graphics/libtsm/libtsm_4.5.0.bb
index 8168360dec..9e999fe970 100644
--- a/meta-oe/recipes-graphics/libtsm/libtsm_4.4.3.bb
+++ b/meta-oe/recipes-graphics/libtsm/libtsm_4.5.0.bb
@@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "\
 DEPENDS = "xkeyboard-config"
 
 SRC_URI = "git://github.com/kmscon/libtsm;protocol=https;branch=main;tag=v${PV}"
-SRCREV = "6cdacfc452bf29d98e297fe3a96e55e94a88ce3e"
+SRCREV = "556373437d1c5f57f4dfc7c6cc1330e5088a4174"
 
 inherit meson pkgconfig
 
-- 
2.53.0

Re: [oe] [wrynose][PATCH 00/29] Wrynose pull request

[Khem Raj]

[-- Attachment #1: Type: text/plain, Size: 7639 bytes --]

Installed now. Thanks Anuj.

On Sun, May 17, 2026 at 1:24 AM Anuj Mittal via lists.openembedded.org
<anuj.mittal=oss.qualcomm.com@lists.openembedded.org> wrote:

> Includes some build and CVE fixes and some upgrades that included only bug
> fixes.
>
> Tested locally and on autobuilder.
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1526
>
> The following changes since commit
> 420222862f5a6d95023b8f5f3b7e1808b2264ef9:
>
>   networkmanager: re-implement the vala detection (2026-04-24 18:39:52
> -0700)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/meta-openembedded-contrib anujm/wrynose
>
> https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/wrynose
>
> for you to fetch changes up to 9af4488d46cb4fd4c0d2d64820c86225ebd6ac71:
>
>   libtsm: upgrade 4.4.3 -> 4.5.0 (2026-05-17 11:52:30 +0530)
>
> ----------------------------------------------------------------
>
> Adam Duskett (1):
>   kmscon: upgrade 9.3.3 -> 9.3.5
>
> Changqing Li (1):
>   postfix: make it can compile with linux 7.x
>
> Ernest Van Hoecke (1):
>   jsoncpp: Fix C++11 ABI breakage when compiled with C++17
>
> Fabian Pflug (1):
>   pkcs11-provider: fix build error on 32 bit systems
>
> Gianfranco Costamagna (1):
>   vboxguestdrivers: Upgrade to 7.2.8
>
> Gyorgy Sarvari (1):
>   libcoap: mark CVE-2026-29013 patched
>
> Hongxu Jia (1):
>   thin-provisioning-tools: fix compile failure on 32bit BSPs
>
> Jason Schonberg (2):
>   xfdesktop: upgrade 4.20.1 -> 4.20.2
>   orage: upgrade 4.20.2 -> 4.20.3
>
> Jiaying Song (1):
>   python3-blivet: switch from setuptools3_legacy to
>     python_setuptools_build_meta
>
> Liu Yiding (1):
>   eog: Add HOMEPAGE
>
> Liyin Zhang (1):
>   apache2: upgrade 2.4.66 -> 2.4.67
>
> Peter Marko (1):
>   cryptsetup: update udev package config
>
> Ross Burton (1):
>   iwd: depend on the regulatory database
>
> Wang Mingyu (10):
>   bubblewrap: upgrade 0.11.1 -> 0.11.2
>   fastfetch: upgrade 2.61.0 -> 2.62.1
>   imagemagick: upgrade 7.1.2-19 -> 7.1.2-21
>   strongswan: upgrade 6.0.5 -> 6.0.6
>   valkey: upgrade 9.0.3 -> 9.0.4
>   libauthen-sasl-perl: upgrade 2.1800 -> 2.2000
>   hunspell: upgrade 1.7.2 -> 1.7.3
>   znc: upgrade 1.10.1 -> 1.10.2
>   python3-ujson: upgrade 5.12.0 -> 5.12.1
>   libtsm: upgrade 4.4.3 -> 4.5.0
>
> Yi Zhao (4):
>   webkitgtk3: fix build on riscv64
>   proftpd: upgrade 1.3.9 -> 1.3.9a
>   postfix: upgrade 3.10.8 -> 3.10.9
>   nftables: improve reproducibility
>
> Zhang Xiao (1):
>   python3-aspectlib: Fix pytest compatibility
>
>  meta-gnome/recipes-gnome/eog/eog_49.3.bb      |   2 +
>  .../files/0001-Fix-build-with-musl.patch      |  50 +++
>  ...kedefs-Account-for-linux-7.x-version.patch |  47 +++
>  .../{postfix_3.10.8.bb => postfix_3.10.9.bb}  |   4 +-
>  .../{proftpd_1.3.9.bb => proftpd_1.3.9a.bb}   |   4 +-
>  .../libcoap/libcoap_4.3.5b.bb                 |   1 +
>  ...URCE_DATE_EPOCH-for-build-time-stamp.patch |  41 ++
>  .../recipes-filter/nftables/nftables_1.1.6.bb |   1 +
>  .../znc/{znc_1.10.1.bb => znc_1.10.2.bb}      |   2 +-
>  ...trongswan_6.0.5.bb => strongswan_6.0.6.bb} |   2 +-
>  meta-oe/recipes-connectivity/iwd/iwd_3.12.bb  |   1 +
>  .../cryptsetup/cryptsetup_2.8.6.bb            |   2 +-
>  ...akage-when-compiled-with-C-17-1668-1.patch | 368 ++++++++++++++++++
>  .../recipes-devtools/jsoncpp/jsoncpp_1.9.7.bb |   1 +
>  .../{valkey_9.0.3.bb => valkey_9.0.4.bb}      |   2 +-
>  .../{kmscon_9.3.3.bb => kmscon_9.3.5.bb}      |   2 +-
>  .../{libtsm_4.4.3.bb => libtsm_4.5.0.bb}      |   2 +-
>  ...blewrap_0.11.1.bb => bubblewrap_0.11.2.bb} |   2 +-
>  ...astfetch_2.61.0.bb => fastfetch_2.62.1.bb} |   2 +-
>  .../{hunspell_1.7.2.bb => hunspell_1.7.3.bb}  |   4 +-
>  ...ck_7.1.2-19.bb => imagemagick_7.1.2-21.bb} |   2 +-
>  ...-Fix-i686-build-failures-in-cipher.c.patch |  62 +++
>  .../pkcs11-provider/pkcs11-provider_1.2.bb    |   1 +
>  .../thin-provisioning-tools_1.3.1.bb          |   4 +-
>  ...ers_7.2.6.bb => vboxguestdrivers_7.2.8.bb} |   2 +-
>  .../webkitgtk/webkitgtk3_2.50.6.bb            |   4 +
>  ....1800.bb => libauthen-sasl-perl_2.2000.bb} |   2 +-
>  ...-aspectlib-backport-fix-for-selftest.patch |  37 ++
>  .../python/python3-aspectlib_2.0.0.bb         |   1 +
>  ...json_5.12.0.bb => python3-ujson_5.12.1.bb} |   2 +-
>  .../python-blivet/python3-blivet_3.13.2.bb    |   2 +-
>  .../{apache2_2.4.66.bb => apache2_2.4.67.bb}  |   2 +-
>  .../{orage_4.20.2.bb => orage_4.20.3.bb}      |   2 +-
>  ...fdesktop_4.20.1.bb => xfdesktop_4.20.2.bb} |   2 +-
>  34 files changed, 642 insertions(+), 23 deletions(-)
>  create mode 100644
> meta-networking/recipes-daemons/postfix/files/0001-Fix-build-with-musl.patch
>  create mode 100644
> meta-networking/recipes-daemons/postfix/files/0001-makedefs-Account-for-linux-7.x-version.patch
>  rename meta-networking/recipes-daemons/postfix/{postfix_3.10.8.bb =>
> postfix_3.10.9.bb} (98%)
>  rename meta-networking/recipes-daemons/proftpd/{proftpd_1.3.9.bb =>
> proftpd_1.3.9a.bb} (98%)
>  create mode 100644
> meta-networking/recipes-filter/nftables/nftables/0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch
>  rename meta-networking/recipes-irc/znc/{znc_1.10.1.bb => znc_1.10.2.bb}
> (94%)
>  rename meta-networking/recipes-support/strongswan/{strongswan_6.0.5.bb
> => strongswan_6.0.6.bb} (99%)
>  create mode 100644
> meta-oe/recipes-devtools/jsoncpp/jsoncpp/0001-Fix-C-11-ABI-breakage-when-compiled-with-C-17-1668-1.patch
>  rename meta-oe/recipes-extended/valkey/{valkey_9.0.3.bb =>
> valkey_9.0.4.bb} (98%)
>  rename meta-oe/recipes-graphics/kmscon/{kmscon_9.3.3.bb =>
> kmscon_9.3.5.bb} (97%)
>  rename meta-oe/recipes-graphics/libtsm/{libtsm_4.4.3.bb =>
> libtsm_4.5.0.bb} (95%)
>  rename meta-oe/recipes-security/bubblewrap/{bubblewrap_0.11.1.bb =>
> bubblewrap_0.11.2.bb} (90%)
>  rename meta-oe/recipes-support/fastfetch/{fastfetch_2.61.0.bb =>
> fastfetch_2.62.1.bb} (98%)
>  rename meta-oe/recipes-support/hunspell/{hunspell_1.7.2.bb =>
> hunspell_1.7.3.bb} (89%)
>  rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.2-19.bb =>
> imagemagick_7.1.2-21.bb} (99%)
>  create mode 100644
> meta-oe/recipes-support/pkcs11-provider/files/0001-Fix-i686-build-failures-in-cipher.c.patch
>  rename meta-oe/recipes-support/vboxguestdrivers/{
> vboxguestdrivers_7.2.6.bb => vboxguestdrivers_7.2.8.bb} (97%)
>  rename meta-perl/recipes-perl/libauthen/{libauthen-sasl-perl_2.1800.bb
> => libauthen-sasl-perl_2.2000.bb} (92%)
>  create mode 100644
> meta-python/recipes-devtools/python/python3-aspectlib/0001-python3-aspectlib-backport-fix-for-selftest.patch
>  rename meta-python/recipes-devtools/python/{python3-ujson_5.12.0.bb =>
> python3-ujson_5.12.1.bb} (88%)
>  rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.66.bb =>
> apache2_2.4.67.bb} (99%)
>  rename meta-xfce/recipes-apps/orage/{orage_4.20.2.bb => orage_4.20.3.bb}
> (88%)
>  rename meta-xfce/recipes-xfce/xfdesktop/{xfdesktop_4.20.1.bb =>
> xfdesktop_4.20.2.bb} (88%)
>
> --
> 2.53.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#127013):
> https://lists.openembedded.org/g/openembedded-devel/message/127013
> Mute This Topic: https://lists.openembedded.org/mt/119355181/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 15193 bytes --]