Please merge these changes in scarthgap. Tested locally with qemuarm/qemuarm64/qemux86-64 and on autobuilder.
https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1305 The following changes since commit 7a5075cef77b5f7af454e9868e1d0019f2fd1394: gnome-keyring: set CVE_PRODUCT (2026-01-26 11:16:37 +0530) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap Anil Dongare (2): php 8.2.29: Fix CVE-2025-14178 php 8.2.29: Fix CVE-2025-14180 Gyorgy Sarvari (52): sox: patch CVE-2017-11332 sox: patch CVE-2017-11358 sox: patch CVE-2017-11359 sox: patch CVE-2017-15370 sox: patch CVE-2017-15371 sox: patch CVE-2017-15372 sox: patch CVE-2017-15642 sox: patch CVE-2017-18189 sox: mark CVE-2019-1010004 as patched sox: patch CVE-2019-13590 sox: patch CVE-2019-8354 tigervnc: sync xserver component with oe-core tigervnc: ignore CVE-2014-8241 tigervnc: ignore CVE-2023-6377 tigervnc: ignore CVE-2023-6478 tigervnc: ignore CVE-2025-26594...26601 fontforge: patch CVE-2025-15279 fontforge: patch CVE-2025-15275 fontforge: patch CVE-2025-15269 fontforge: patch CVE-2025-15270 ez-ipupdate: patch CVE-2003-0887 freerdp: ignore CVE-2025-68118 gimp: ignore CVE-2025-14423 gnome-settings-daemon: ignore CVE-2024-38394 imagemagick: patch CVE-2025-66628 libcupsfilters: patch CVE-2025-64503 mongodb: upgrade 4.4.29 -> 4.4.30 mongodb: ignore CVE-2025-14911 netdata: ignore CVE-2024-32019 proftpd: ignore CVE-2021-47865 python3-aiohttp: patch CVE-2025-69225 python3-aiohttp: patch CVE-2025-69226 python3-aiohttp: patch CVE-2025-69228 python3-django: patch CVE-2025-64460 raptor2: patch CVE-2024-57822 and CVE-2024-57823 python3-tornado: mark CVE-2025-67725 patched python3-virtualenv: patch CVE-2026-22702 gnome-desktop: upgrade 44.0 -> 44.4 gtksourceview5: upgrade 5.12.0 -> 5.12.1 gnuchess: upgrade 6.2.9 -> 6.2.11 gnome-calculator: upgrade 46.0 -> 46.2 gdm: upgrade 46.0 -> 46.2 mutter: upgrade 46.1 -> 46.9 mutter: fix profiler PACKAGECONFIG gnome-bluetooth: upgrade 46.0 -> 46.2 gnome-shell-extensions: upgrade 46.1 -> 46.4 nautilus: upgrade 45.1 -> 45.2.1 gnome-tweaks: upgrade 40.0 -> 40.10 tigervnc: mark CVE-2024-0408 and CVE-2024-0409 patched python3-django: upgrade 4.2.27 -> 4.2.28 gnome-commander: upgrade 1.16.1 -> 1.16.2 nodejs: upgrade 20.18.2 -> 20.20.0 Hitendra Prajapati (1): wireshark: fix for CVE-2026-0959 Hongxu Jia (1): nodejs: fix gcc compile failed for 32 bit arm target Jan Vermaete (1): python3-protobuf: added python3-ctypes as RDEPENDS Jason Schonberg (2): libmodule-build-tiny-perl: fix reference to TMPDIR Use https when accessing archive.xfce.org Khem Raj (1): libgweather4: Upgrade to 4.4.4 Markus Volk (1): gnome-disk-utility: update 46.0 -> 46.1 Peter Marko (3): python3-m2crypto: workaround for swig issue with sys/types.h python3-protobuf: patch CVE-2026-0994 gdm: add missing json-glib dependency Tero Kinnunen (1): python3-watchdog: Remove obsolete dependencies Wang Mingyu (7): tracker: upgrade 3.7.1 -> 3.7.2 tracker: upgrade 3.7.2 -> 3.7.3 tracker-miners: upgrade 3.7.1 -> 3.7.2 tracker-miners: upgrade 3.7.2 -> 3.7.3 gnome-keyring: upgrade 46.1 -> 46.2 eog: upgrade 45.3 -> 45.4 gnome-text-editor: upgrade 46.1 -> 46.3 alperak (1): python3-eventlet: switch to PEP-517 build backend meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 3 +- .../eog/{eog_45.3.bb => eog_45.4.bb} | 2 +- .../gdm/{gdm_46.0.bb => gdm_46.2.bb} | 3 +- ...etooth_46.0.bb => gnome-bluetooth_46.2.bb} | 2 +- ...lator_46.0.bb => gnome-calculator_46.2.bb} | 2 +- ...ve-register-storage-class-classifier.patch | 149 ------------- .../{gnuchess_6.2.9.bb => gnuchess_6.2.11.bb} | 7 +- ...001-Build-fix-needed-with-taglib-2.0.patch | 37 ---- ...er_1.16.1.bb => gnome-commander_1.16.2.bb} | 3 +- ...-desktop_44.0.bb => gnome-desktop_44.4.bb} | 2 +- ...ity_46.0.bb => gnome-disk-utility_46.1.bb} | 2 +- ...-keyring_46.1.bb => gnome-keyring_46.2.bb} | 2 +- .../gnome-settings-daemon_46.0.bb | 2 + ...46.1.bb => gnome-shell-extensions_46.4.bb} | 2 +- ...itor_46.1.bb => gnome-text-editor_46.3.bb} | 2 +- ...eson-fix-invalid-positional-argument.patch | 33 --- ...e-tweaks_40.0.bb => gnome-tweaks_40.10.bb} | 3 +- ...ew5_5.12.0.bb => gtksourceview5_5.12.1.bb} | 2 +- ...eather4_4.4.2.bb => libgweather4_4.4.4.bb} | 8 +- ...-Dont-use-system-sysprof-dbus-folder.patch | 35 +++ .../mutter/{mutter_46.1.bb => mutter_46.9.bb} | 4 +- .../{nautilus_45.1.bb => nautilus_45.2.1.bb} | 7 +- ...to-a-fixed-path-instead-of-a-host-pa.patch | 15 +- .../0001-fix-reproducibility.patch | 105 +++++---- ...iners_3.7.1.bb => tracker-miners_3.7.3.bb} | 2 +- .../{tracker_3.7.1.bb => tracker_3.7.3.bb} | 2 +- .../sox/sox/CVE-2017-11332.patch | 28 +++ .../sox/sox/CVE-2017-11358.patch | 29 +++ .../sox/sox/CVE-2017-11359.patch | 30 +++ .../sox/sox/CVE-2017-15370.patch | 29 +++ .../sox/sox/CVE-2017-15371.patch | 40 ++++ .../sox/sox/CVE-2017-15372.patch | 100 +++++++++ .../sox/sox/CVE-2017-15642.patch | 35 +++ .../sox/sox/CVE-2017-18189.patch | 34 +++ .../sox/sox/CVE-2019-13590.patch | 34 +++ .../sox/sox/CVE-2019-8354.patch | 29 +++ .../recipes-multimedia/sox/sox_14.4.2.bb | 10 + .../ez-ipupdate/ez-ipupdate_3.0.11b7.bb | 7 + .../ez-ipupdate/files/CVE-2003-0887.patch | 158 ++++++++++++++ .../recipes-daemons/proftpd/proftpd_1.3.7f.bb | 1 + .../wireshark/files/CVE-2026-0959.patch | 65 ++++++ .../wireshark/wireshark_4.2.14.bb | 1 + .../recipes-dbs/mongodb/mongodb_git.bb | 7 +- .../oe-npm-cache | 0 ....18.bb => nodejs-oe-cache-native_20.20.bb} | 0 ...e-running-gyp-files-for-bundled-deps.patch | 46 ---- ...ert-stop-using-deprecated-ares_query.patch | 164 +++++++++++++++ ...4-Do-not-use-mminimal-toc-with-clang.patch | 27 ++- .../0001-src-fix-build-with-GCC-15.patch | 33 --- .../nodejs/nodejs/182d9c05e78.patch | 182 ---------------- .../nodejs/zlib-fix-pointer-alignment.patch | 64 ------ .../{nodejs_20.18.2.bb => nodejs_20.20.0.bb} | 13 +- .../php/php/CVE-2025-14178.patch | 65 ++++++ .../php/php/CVE-2025-14180.patch | 69 ++++++ meta-oe/recipes-devtools/php/php_8.2.29.bb | 2 + .../fontforge/fontforge/CVE-2025-15269.patch | 35 +++ .../fontforge/fontforge/CVE-2025-15270.patch | 44 ++++ .../fontforge/fontforge/CVE-2025-15275.patch | 33 +++ .../fontforge/CVE-2025-15279-1.patch | 41 ++++ .../fontforge/CVE-2025-15279-2.patch | 34 +++ .../fontforge/fontforge_20230101.bb | 8 +- ...ncrease-supported-Xorg-version-to-1..patch | 29 +++ ...server21.1.1.patch-Add-Xorg-21-patch.patch | 95 +++++++++ .../files/0001-xvnc-adapt-for-1.21.patch | 46 ++++ .../tigervnc/tigervnc_1.11.0.bb | 47 +++-- .../cups/libcupsfilters/CVE-2025-64503.patch | 45 ++++ .../cups/libcupsfilters_2.0.0.bb | 12 +- .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + .../imagemagick/CVE-2025-66628.patch | 27 +++ .../imagemagick/imagemagick_7.1.1.bb | 1 + .../raptor2/raptor2/CVE-2024-57822.patch | 44 ++++ .../raptor2/raptor2/CVE-2024-57823.patch | 31 +++ .../recipes-support/raptor2/raptor2_2.0.16.bb | 2 + .../libmodule-build-tiny-perl_0.047.bb | 7 + .../python3-aiohttp/CVE-2025-69225.patch | 49 +++++ .../python3-aiohttp/CVE-2025-69226.patch | 134 ++++++++++++ .../python3-aiohttp/CVE-2025-69228.patch | 48 +++++ .../python/python3-aiohttp_3.9.5.bb | 7 +- .../0001-lower-setuptools-requirements.patch | 0 .../CVE-2025-64460.patch | 199 ++++++++++++++++++ ...ngo_4.2.27.bb => python3-django_4.2.28.bb} | 2 +- .../python/python3-django_5.0.14.bb | 1 + .../python/python3-eventlet_0.36.1.bb | 4 +- .../python/python3-m2crypto_0.40.1.bb | 5 + .../python3-protobuf/CVE-2026-0994.patch | 47 +++++ .../python/python3-protobuf_4.25.8.bb | 3 + .../python3-tornado/CVE-2025-67726.patch | 2 +- .../python3-virtualenv/CVE-2026-22702.patch | 60 ++++++ .../python/python3-virtualenv_20.25.3.bb | 1 + .../python/python3-watchdog_4.0.0.bb | 9 +- .../netdata/netdata_1.44.3.bb | 2 + meta-xfce/classes/thunar-plugin.bbclass | 2 +- meta-xfce/classes/xfce-app.bbclass | 2 +- meta-xfce/classes/xfce-panel-plugin.bbclass | 2 +- meta-xfce/classes/xfce.bbclass | 2 +- .../xfce4-panel-profiles_1.0.14.bb | 2 +- .../xfwm4-themes/xfwm4-themes_4.10.0.bb | 2 +- .../vala/xfce4-vala_4.10.3.bb | 2 +- .../diskperf/xfce4-diskperf-plugin_2.7.0.bb | 2 +- .../netload/xfce4-netload-plugin_1.4.1.bb | 2 +- .../xfce4-dev-tools/xfce4-dev-tools_4.18.0.bb | 2 +- 101 files changed, 2210 insertions(+), 703 deletions(-) rename meta-gnome/recipes-gnome/eog/{eog_45.3.bb => eog_45.4.bb} (88%) rename meta-gnome/recipes-gnome/gdm/{gdm_46.0.bb => gdm_46.2.bb} (94%) rename meta-gnome/recipes-gnome/gnome-bluetooth/{gnome-bluetooth_46.0.bb => gnome-bluetooth_46.2.bb} (91%) rename meta-gnome/recipes-gnome/gnome-calculator/{gnome-calculator_46.0.bb => gnome-calculator_46.2.bb} (88%) delete mode 100644 meta-gnome/recipes-gnome/gnome-chess/gnuchess/0001-Remove-register-storage-class-classifier.patch rename meta-gnome/recipes-gnome/gnome-chess/{gnuchess_6.2.9.bb => gnuchess_6.2.11.bb} (55%) delete mode 100644 meta-gnome/recipes-gnome/gnome-commander/gnome-commander/0001-Build-fix-needed-with-taglib-2.0.patch rename meta-gnome/recipes-gnome/gnome-commander/{gnome-commander_1.16.1.bb => gnome-commander_1.16.2.bb} (86%) rename meta-gnome/recipes-gnome/gnome-desktop/{gnome-desktop_44.0.bb => gnome-desktop_44.4.bb} (92%) rename meta-gnome/recipes-gnome/gnome-disk-utility/{gnome-disk-utility_46.0.bb => gnome-disk-utility_46.1.bb} (91%) rename meta-gnome/recipes-gnome/gnome-keyring/{gnome-keyring_46.1.bb => gnome-keyring_46.2.bb} (94%) rename meta-gnome/recipes-gnome/gnome-shell/{gnome-shell-extensions_46.1.bb => gnome-shell-extensions_46.4.bb} (84%) rename meta-gnome/recipes-gnome/gnome-text-editor/{gnome-text-editor_46.1.bb => gnome-text-editor_46.3.bb} (83%) delete mode 100644 meta-gnome/recipes-gnome/gnome-tweaks/gnome-tweaks/0002-meson-fix-invalid-positional-argument.patch rename meta-gnome/recipes-gnome/gnome-tweaks/{gnome-tweaks_40.0.bb => gnome-tweaks_40.10.bb} (84%) rename meta-gnome/recipes-gnome/gtksourceview/{gtksourceview5_5.12.0.bb => gtksourceview5_5.12.1.bb} (91%) rename meta-gnome/recipes-gnome/libgweather/{libgweather4_4.4.2.bb => libgweather4_4.4.4.bb} (75%) create mode 100644 meta-gnome/recipes-gnome/mutter/files/0001-Dont-use-system-sysprof-dbus-folder.patch rename meta-gnome/recipes-gnome/mutter/{mutter_46.1.bb => mutter_46.9.bb} (95%) rename meta-gnome/recipes-gnome/nautilus/{nautilus_45.1.bb => nautilus_45.2.1.bb} (81%) rename meta-gnome/recipes-gnome/tracker/{tracker-miners_3.7.1.bb => tracker-miners_3.7.3.bb} (97%) rename meta-gnome/recipes-gnome/tracker/{tracker_3.7.1.bb => tracker_3.7.3.bb} (94%) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11332.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15371.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15372.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15642.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch create mode 100644 meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2026-0959.patch rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-20.18 => nodejs-oe-cache-20.20}/oe-npm-cache (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_20.18.bb => nodejs-oe-cache-native_20.20.bb} (100%) delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-Revert-stop-using-deprecated-ares_query.patch delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/0001-src-fix-build-with-GCC-15.patch delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/182d9c05e78.patch delete mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/zlib-fix-pointer-alignment.patch rename meta-oe/recipes-devtools/nodejs/{nodejs_20.18.2.bb => nodejs_20.20.0.bb} (95%) create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14178.patch create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch create mode 100644 meta-oe/recipes-graphics/tigervnc/files/0001-xorg-version.h-Increase-supported-Xorg-version-to-1..patch create mode 100644 meta-oe/recipes-graphics/tigervnc/files/0001-xserver21.1.1.patch-Add-Xorg-21-patch.patch create mode 100644 meta-oe/recipes-graphics/tigervnc/files/0001-xvnc-adapt-for-1.21.patch create mode 100644 meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-66628.patch create mode 100644 meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch create mode 100644 meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69226.patch create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69228.patch rename meta-python/recipes-devtools/python/{python3-django-4.2.27 => python3-django-4.2.28}/0001-lower-setuptools-requirements.patch (100%) create mode 100644 meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64460.patch rename meta-python/recipes-devtools/python/{python3-django_4.2.27.bb => python3-django_4.2.28.bb} (82%) create mode 100644 meta-python/recipes-devtools/python/python3-protobuf/CVE-2026-0994.patch create mode 100644 meta-python/recipes-devtools/python/python3-virtualenv/CVE-2026-22702.patch -- 2.53.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124412): https://lists.openembedded.org/g/openembedded-devel/message/124412 Mute This Topic: https://lists.openembedded.org/mt/117836487/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
