From: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
To: openembedded-devel@lists.openembedded.org, raj.khem@gmail.com
Subject: [PATCH 00/29] Scarthgap pull request
Date: Mon, 25 May 2026 19:56:56 +0530 [thread overview]
Message-ID: <cover.1779718757.git.anuj.mittal@oss.qualcomm.com> (raw)
Mostly CVE fixes and a few bug fix only upgrades. There's a new recipe for
python3-backports-zstd that introduces this module for Python 3.12 which didn't
have this.
Tested locally and on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1538
The following changes since commit ae7dfb12245c7f9b9a353499e2688015bd4e6413:
jq: Stick to C17 until next release (2026-05-05 06:57:17 +0530)
are available in the Git repository at:
https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap
for you to fetch changes up to d8cc4e44001c7257273d290ce8c4496e93d32841:
postgresql: upgrade 16.12 -> 16.14 (2026-05-25 08:05:43 +0530)
----------------------------------------------------------------
Ankur Tyagi (8):
exiftool: ignore CVE-2026-7580
firewalld: upgrade 1.3.2 -> 1.3.4
frr: patch CVE-2026-28532
lcms: patch CVE-2026-41254
lcms: patch CVE-2026-42798
postfix: upgrade 3.8.12 -> 3.8.16
nanomsg: upgrade 1.2.1 -> 1.2.2
postgresql: upgrade 16.12 -> 16.14
Gyorgy Sarvari (1):
python3-ecdsa: set CVE_PRODUCT
Het Patel (3):
abseil-cpp: Add CVE_PRODUCT to support product name
onig: Add CVE_PRODUCT to support product name
open-vm-tools: Add entry to CVE_PRODUCT to support the product name
Hitendra Prajapati (2):
wireshark: fix for CVE-2025-13946
strongswan: fix for CVE-2026-35334
Hugo SIMELIERE (Schneider Electric) (5):
nss: Fix CVE-2026-2781
dnsmasq: Fix CVE-2026-4891
dnsmasq: Fix CVE-2026-4892
dnsmasq: Fix CVE-2026-4893
dnsmasq: Fix CVE-2026-5172
Jason Schonberg (1):
php: upgrade 8.2.30 -> 8.2.31
Jérémie Dautheribes (Schneider Electric ) (1):
python3-backports-zstd: add recipe
Liyin Zhang (1):
apache2: upgrade 2.4.66 -> 2.4.67
Peter Marko (1):
python-grpcio(-tools): add grpc:grpc to cve product
Sudhir Dumbhare (1):
libssh: set status for CVE-2025-14821
Theo Gaige (1):
dash: fix CVE-2026-31323
Theo Gaige (Schneider Electric) (4):
nginx: patch CVE-2026-40701
nginx: patch CVE-2026-42934
nginx: patch CVE-2026-42945
nginx: patch CVE-2026-42946
...{firewalld_1.3.2.bb => firewalld_1.3.4.bb} | 2 +-
.../{nanomsg_1.2.1.bb => nanomsg_1.2.2.bb} | 2 +-
.../{postfix_3.8.12.bb => postfix_3.8.16.bb} | 2 +-
.../frr/frr/CVE-2026-28532.patch | 309 ++++++++++++++++++
.../recipes-protocols/frr/frr_9.1.3.bb | 1 +
.../recipes-support/dnsmasq/dnsmasq_2.90.bb | 4 +
.../dnsmasq/files/CVE-2026-4891.patch | 44 +++
.../dnsmasq/files/CVE-2026-4892.patch | 41 +++
.../dnsmasq/files/CVE-2026-4893.patch | 38 +++
.../dnsmasq/files/CVE-2026-5172.patch | 39 +++
.../open-vm-tools/open-vm-tools_12.3.5.bb | 2 +-
.../strongswan/CVE-2026-35334.patch | 255 +++++++++++++++
.../strongswan/strongswan_5.9.14.bb | 1 +
.../wireshark/files/CVE-2025-13946.patch | 51 +++
.../wireshark/wireshark_4.2.14.bb | 1 +
.../files/0001-Add-support-for-RISC-V.patch | 7 +-
.../files/0002-Improve-reproducibility.patch | 7 +-
...c-bypass-autoconf-2.69-version-check.patch | 11 +-
...-config_info.c-not-expose-build-info.patch | 9 +-
...gresql-fix-ptest-failure-of-sysviews.patch | 7 +-
.../postgresql/files/not-check-libperl.patch | 9 +-
...ostgresql_16.12.bb => postgresql_16.14.bb} | 2 +-
.../abseil-cpp/abseil-cpp_20240116.3.bb | 3 +
.../recipes-devtools/perl/exiftool_12.72.bb | 1 +
.../php/{php_8.2.30.bb => php_8.2.31.bb} | 2 +-
.../dash/dash/CVE-2026-31323.patch | 43 +++
meta-oe/recipes-shells/dash/dash_0.5.12.bb | 5 +-
.../lcms/lcms/CVE-2026-41254_1.patch | 30 ++
.../lcms/lcms/CVE-2026-41254_2.patch | 36 ++
.../lcms/lcms/CVE-2026-42798.patch | 38 +++
meta-oe/recipes-support/lcms/lcms_2.16.bb | 6 +-
.../recipes-support/libssh/libssh_0.10.6.bb | 2 +
.../nss/nss/CVE-2026-2781.patch | 36 ++
meta-oe/recipes-support/nss/nss_3.98.bb | 1 +
meta-oe/recipes-support/onig/onig_6.9.9.bb | 3 +
...ake-license-entries-compatible-with-.patch | 38 +++
...s.toml-lower-setuptools-requirements.patch | 31 ++
.../python/python3-backports-zstd_1.5.0.bb | 21 ++
.../python/python3-ecdsa_0.19.0.bb | 2 +
.../python/python3-grpcio-tools_1.62.2.bb | 2 +
.../python/python3-grpcio_1.62.2.bb | 2 +
.../{apache2_2.4.66.bb => apache2_2.4.67.bb} | 2 +-
.../nginx/nginx-1.24.0/CVE-2026-40701.patch | 73 +++++
.../nginx/nginx-1.24.0/CVE-2026-42934.patch | 79 +++++
.../nginx/nginx-1.24.0/CVE-2026-42945.patch | 46 +++
.../nginx-1.24.0/CVE-2026-42946-01.patch | 46 +++
.../nginx-1.24.0/CVE-2026-42946-02.patch | 91 ++++++
.../recipes-httpd/nginx/nginx_1.24.0.bb | 5 +
48 files changed, 1445 insertions(+), 43 deletions(-)
rename meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/{firewalld_1.3.2.bb => firewalld_1.3.4.bb} (99%)
rename meta-networking/recipes-connectivity/nanomsg/{nanomsg_1.2.1.bb => nanomsg_1.2.2.bb} (94%)
rename meta-networking/recipes-daemons/postfix/{postfix_3.8.12.bb => postfix_3.8.16.bb} (99%)
create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2026-28532.patch
create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch
create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch
create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch
create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch
create mode 100644 meta-networking/recipes-support/strongswan/strongswan/CVE-2026-35334.patch
create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch
rename meta-oe/recipes-dbs/postgresql/{postgresql_16.12.bb => postgresql_16.14.bb} (86%)
rename meta-oe/recipes-devtools/php/{php_8.2.30.bb => php_8.2.31.bb} (99%)
create mode 100644 meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch
create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch
create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch
create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd/0001-pyproject.toml-make-license-entries-compatible-with-.patch
create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd/0002-pyprojects.toml-lower-setuptools-requirements.patch
create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd_1.5.0.bb
rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.66.bb => apache2_2.4.67.bb} (99%)
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-40701.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42934.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42945.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42946-01.patch
create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42946-02.patch
--
2.54.0
next reply other threads:[~2026-05-25 14:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-25 14:26 Anuj Mittal [this message]
2026-05-31 9:55 ` [PATCH 00/29] Scarthgap pull request Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1779718757.git.anuj.mittal@oss.qualcomm.com \
--to=anuj.mittal@oss.qualcomm.com \
--cc=openembedded-devel@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox