[OE-core] [AUH] alsa-lib: upgrading to 1.2.16.1 SUCCEEDED

Auto Upgrade Helper via lists.openembedded.org Sun, 14 Jun 2026 22:18:54 -0700

Hello,

this email is a notification from the Auto Upgrade Helper
that the automatic attempt to upgrade the recipe(s) *alsa-lib* to *1.2.16.1* 
has Succeeded.


Next steps:
    - apply the patch: git am 0001-alsa-lib-upgrade-1.2.15.3-1.2.16.1.patch
    - check the changes to upstream patches and summarize them in the commit 
message,
    - compile an image that contains the package
    - perform some basic sanity tests
    - amend the patch and sign it off: git commit -s --reset-author --amend
    - send it to the appropriate mailing list

Alternatively, if you believe the recipe should not be upgraded at this time,
you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that
automatic upgrades would no longer be attempted.

Please review the attached files for further information and build/update 
failures.
Any problem please file a bug at 
https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler

Regards,
The Upgrade Helper

-- >8 --
>From 70220d7ce8f71876d7bb080433916250b0d02194 Mon Sep 17 00:00:00 2001
From: Upgrade Helper <[email protected]>
Date: Mon, 15 Jun 2026 05:15:18 +0000
Subject: [PATCH] alsa-lib: upgrade 1.2.15.3 -> 1.2.16.1

---
 .../alsa/alsa-lib/CVE-2026-25068.patch        | 34 -------------------
 ...a-lib_1.2.15.3.bb => alsa-lib_1.2.16.1.bb} |  3 +-
 2 files changed, 1 insertion(+), 36 deletions(-)
 delete mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
 rename meta/recipes-multimedia/alsa/{alsa-lib_1.2.15.3.bb => 
alsa-lib_1.2.16.1.bb} (91%)

diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch 
b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
deleted file mode 100644
index 9bb24c24e2..0000000000
--- a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001
-From: Jaroslav Kysela <[email protected]>
-Date: Thu, 29 Jan 2026 16:51:09 +0100
-Subject: [PATCH] topology: decoder - add boundary check for channel mixer
- count
-
-Malicious binary topology file may cause heap corruption.
-
-CVE: CVE-2026-25068
-
-Signed-off-by: Jaroslav Kysela <[email protected]>
-
-Upstream-Status: Backport 
[https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40]
-Signed-off-by: Peter Marko <[email protected]>
----
- src/topology/ctl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/topology/ctl.c b/src/topology/ctl.c
-index a0c24518..322c461c 100644
---- a/src/topology/ctl.c
-+++ b/src/topology/ctl.c
-@@ -1250,6 +1250,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
-       if (mc->num_channels > 0) {
-               map = tplg_calloc(heap, sizeof(*map));
-               map->num_channels = mc->num_channels;
-+              if (map->num_channels > SND_TPLG_MAX_CHAN ||
-+                  map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
-+                      snd_error(TOPOLOGY, "mixer: unexpected channel count 
%d", map->num_channels);
-+                      return -EINVAL;
-+              }
-               for (i = 0; i < map->num_channels; i++) {
-                       map->channel[i].reg = mc->channel[i].reg;
-                       map->channel[i].shift = mc->channel[i].shift;
diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb 
b/meta/recipes-multimedia/alsa/alsa-lib_1.2.16.1.bb
similarity index 91%
rename from meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb
rename to meta/recipes-multimedia/alsa/alsa-lib_1.2.16.1.bb
index 1ebb356925..0c81e3cb3b 100644
--- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.15.3.bb
+++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.16.1.bb
@@ -10,8 +10,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
                     "
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2";
-SRC_URI += "file://CVE-2026-25068.patch"
-SRC_URI[sha256sum] = 
"7b079d614d582cade7ab8db2364e65271d0877a37df8757ac4ac0c8970be861e"
+SRC_URI[sha256sum] = 
"f740db7f488255944ffd4428416ee3390a96742856916433df468c281436480e"
 
 inherit autotools pkgconfig
 
-- 
2.47.1

0001-alsa-lib-upgrade-1.2.15.3-1.2.16.1.patch
Description: Binary data

packages/x86-64-v3-poky-linux/alsa-lib/alsa-conf: PV changed from "1.2.15.3" to 
"1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-conf: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-dbg: PV changed from "1.2.15.3" 
to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-dbg: PKGSIZE changed from 
4410376 to 4436128 (+1%)
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-dbg: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-dev: PV changed from "1.2.15.3" 
to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-dev: PKGSIZE changed from 
506634 to 506701 (+0%)
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-dev: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-doc: PV changed from "1.2.15.3" 
to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-doc: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-locale: PV changed from 
"1.2.15.3" to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-locale: PKGV changed from 
1.2.15.3 [default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-src: PV changed from "1.2.15.3" 
to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-src: PKGSIZE changed from 
3601800 to 3621363 (+1%)
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-src: FILELIST: directory 
renamed /usr/src/debug/alsa-lib/1.2.15.3/src/control -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/control, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/mixer -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/mixer, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/seq -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/seq, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/hwdep -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/hwdep, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/timer -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/timer, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/rawmidi -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/rawmidi, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/include/sound/uapi -> 
/usr/src/debug/alsa-lib/1.2.16.1/include/sound/uapi, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/include -> 
/usr/src/debug/alsa-lib/1.2.16.1/include, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/sr
 c -> /usr/src/debug/alsa-lib/1.2.16.1/src, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/topology -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/topology, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/src/pcm -> 
/usr/src/debug/alsa-lib/1.2.16.1/src/pcm, directory renamed 
/usr/src/debug/alsa-lib/1.2.15.3/aserver -> 
/usr/src/debug/alsa-lib/1.2.16.1/aserver, removed 
"/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/ucm_cond.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/ucm_subs.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/utils.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/parser.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/main.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/ucm_include.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/ucm_exec.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/ucm_regex.c 
/usr/src/debug/alsa-lib/1.2.15.3/src/ucm/ucm_local.h", added 
"/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_cond.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_subs.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/utils
 .c /usr/src/debug/alsa-lib/1.2.16.1/src/ucm/parser.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/main.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_include.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_repeat.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_exec.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_regex.c 
/usr/src/debug/alsa-lib/1.2.16.1/src/ucm/ucm_local.h"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-src: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-staticdev: PV changed from 
"1.2.15.3" to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib-staticdev: PKGV changed from 
1.2.15.3 [default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib: PV changed from "1.2.15.3" to 
"1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib: PKGSIZE changed from 1215130 
to 1227418 (+1%)
packages/x86-64-v3-poky-linux/alsa-lib/alsa-lib: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/alsa-server: PV changed from "1.2.15.3" 
to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/alsa-server: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib: SRC_URI changed from 
"https://www.alsa-project.org/files/pub/lib/alsa-lib-1.2.15.3.tar.bz2 
file://CVE-2026-25068.patch" to 
"https://www.alsa-project.org/files/pub/lib/alsa-lib-1.2.16.1.tar.bz2";
packages/x86-64-v3-poky-linux/alsa-lib: PV changed from "1.2.15.3" to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib: PKGV changed from 1.2.15.3 [default] to 
1.2.16.1 [default]
packages/x86-64-v3-poky-linux/alsa-lib/libatopology: PV changed from "1.2.15.3" 
to "1.2.16.1"
packages/x86-64-v3-poky-linux/alsa-lib/libatopology: PKGV changed from 1.2.15.3 
[default] to 1.2.16.1 [default]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#238807): 
https://lists.openembedded.org/g/openembedded-core/message/238807
Mute This Topic: https://lists.openembedded.org/mt/119811274/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [AUH] alsa-lib: upgrading to 1.2.16.1 SUCCEEDED

Reply via email to