Merged now thanks Anuj On Mon, Feb 16, 2026, 1:55 AM Anuj Mittal via lists.openembedded.org <[email protected]> wrote:
> Please merge these changes in scarthgap. Tested locally with > qemuarm/qemuarm64/qemux86-64 and on autobuilder. > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1305 > > The following changes since commit > 7a5075cef77b5f7af454e9868e1d0019f2fd1394: > > gnome-keyring: set CVE_PRODUCT (2026-01-26 11:16:37 +0530) > > are available in the Git repository at: > > https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap > > https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap > > Anil Dongare (2): > php 8.2.29: Fix CVE-2025-14178 > php 8.2.29: Fix CVE-2025-14180 > > Gyorgy Sarvari (52): > sox: patch CVE-2017-11332 > sox: patch CVE-2017-11358 > sox: patch CVE-2017-11359 > sox: patch CVE-2017-15370 > sox: patch CVE-2017-15371 > sox: patch CVE-2017-15372 > sox: patch CVE-2017-15642 > sox: patch CVE-2017-18189 > sox: mark CVE-2019-1010004 as patched > sox: patch CVE-2019-13590 > sox: patch CVE-2019-8354 > tigervnc: sync xserver component with oe-core > tigervnc: ignore CVE-2014-8241 > tigervnc: ignore CVE-2023-6377 > tigervnc: ignore CVE-2023-6478 > tigervnc: ignore CVE-2025-26594...26601 > fontforge: patch CVE-2025-15279 > fontforge: patch CVE-2025-15275 > fontforge: patch CVE-2025-15269 > fontforge: patch CVE-2025-15270 > ez-ipupdate: patch CVE-2003-0887 > freerdp: ignore CVE-2025-68118 > gimp: ignore CVE-2025-14423 > gnome-settings-daemon: ignore CVE-2024-38394 > imagemagick: patch CVE-2025-66628 > libcupsfilters: patch CVE-2025-64503 > mongodb: upgrade 4.4.29 -> 4.4.30 > mongodb: ignore CVE-2025-14911 > netdata: ignore CVE-2024-32019 > proftpd: ignore CVE-2021-47865 > python3-aiohttp: patch CVE-2025-69225 > python3-aiohttp: patch CVE-2025-69226 > python3-aiohttp: patch CVE-2025-69228 > python3-django: patch CVE-2025-64460 > raptor2: patch CVE-2024-57822 and CVE-2024-57823 > python3-tornado: mark CVE-2025-67725 patched > python3-virtualenv: patch CVE-2026-22702 > gnome-desktop: upgrade 44.0 -> 44.4 > gtksourceview5: upgrade 5.12.0 -> 5.12.1 > gnuchess: upgrade 6.2.9 -> 6.2.11 > gnome-calculator: upgrade 46.0 -> 46.2 > gdm: upgrade 46.0 -> 46.2 > mutter: upgrade 46.1 -> 46.9 > mutter: fix profiler PACKAGECONFIG > gnome-bluetooth: upgrade 46.0 -> 46.2 > gnome-shell-extensions: upgrade 46.1 -> 46.4 > nautilus: upgrade 45.1 -> 45.2.1 > gnome-tweaks: upgrade 40.0 -> 40.10 > tigervnc: mark CVE-2024-0408 and CVE-2024-0409 patched > python3-django: upgrade 4.2.27 -> 4.2.28 > gnome-commander: upgrade 1.16.1 -> 1.16.2 > nodejs: upgrade 20.18.2 -> 20.20.0 > > Hitendra Prajapati (1): > wireshark: fix for CVE-2026-0959 > > Hongxu Jia (1): > nodejs: fix gcc compile failed for 32 bit arm target > > Jan Vermaete (1): > python3-protobuf: added python3-ctypes as RDEPENDS > > Jason Schonberg (2): > libmodule-build-tiny-perl: fix reference to TMPDIR > Use https when accessing archive.xfce.org > > Khem Raj (1): > libgweather4: Upgrade to 4.4.4 > > Markus Volk (1): > gnome-disk-utility: update 46.0 -> 46.1 > > Peter Marko (3): > python3-m2crypto: workaround for swig issue with sys/types.h > python3-protobuf: patch CVE-2026-0994 > gdm: add missing json-glib dependency > > Tero Kinnunen (1): > python3-watchdog: Remove obsolete dependencies > > Wang Mingyu (7): > tracker: upgrade 3.7.1 -> 3.7.2 > tracker: upgrade 3.7.2 -> 3.7.3 > tracker-miners: upgrade 3.7.1 -> 3.7.2 > tracker-miners: upgrade 3.7.2 -> 3.7.3 > gnome-keyring: upgrade 46.1 -> 46.2 > eog: upgrade 45.3 -> 45.4 > gnome-text-editor: upgrade 46.1 -> 46.3 > > alperak (1): > python3-eventlet: switch to PEP-517 build backend > > meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 3 +- > .../eog/{eog_45.3.bb => eog_45.4.bb} | 2 +- > .../gdm/{gdm_46.0.bb => gdm_46.2.bb} | 3 +- > ...etooth_46.0.bb => gnome-bluetooth_46.2.bb} | 2 +- > ...lator_46.0.bb => gnome-calculator_46.2.bb} | 2 +- > ...ve-register-storage-class-classifier.patch | 149 ------------- > .../{gnuchess_6.2.9.bb => gnuchess_6.2.11.bb} | 7 +- > ...001-Build-fix-needed-with-taglib-2.0.patch | 37 ---- > ...er_1.16.1.bb => gnome-commander_1.16.2.bb} | 3 +- > ...-desktop_44.0.bb => gnome-desktop_44.4.bb} | 2 +- > ...ity_46.0.bb => gnome-disk-utility_46.1.bb} | 2 +- > ...-keyring_46.1.bb => gnome-keyring_46.2.bb} | 2 +- > .../gnome-settings-daemon_46.0.bb | 2 + > ...46.1.bb => gnome-shell-extensions_46.4.bb} | 2 +- > ...itor_46.1.bb => gnome-text-editor_46.3.bb} | 2 +- > ...eson-fix-invalid-positional-argument.patch | 33 --- > ...e-tweaks_40.0.bb => gnome-tweaks_40.10.bb} | 3 +- > ...ew5_5.12.0.bb => gtksourceview5_5.12.1.bb} | 2 +- > ...eather4_4.4.2.bb => libgweather4_4.4.4.bb} | 8 +- > ...-Dont-use-system-sysprof-dbus-folder.patch | 35 +++ > .../mutter/{mutter_46.1.bb => mutter_46.9.bb} | 4 +- > .../{nautilus_45.1.bb => nautilus_45.2.1.bb} | 7 +- > ...to-a-fixed-path-instead-of-a-host-pa.patch | 15 +- > .../0001-fix-reproducibility.patch | 105 +++++---- > ...iners_3.7.1.bb => tracker-miners_3.7.3.bb} | 2 +- > .../{tracker_3.7.1.bb => tracker_3.7.3.bb} | 2 +- > .../sox/sox/CVE-2017-11332.patch | 28 +++ > .../sox/sox/CVE-2017-11358.patch | 29 +++ > .../sox/sox/CVE-2017-11359.patch | 30 +++ > .../sox/sox/CVE-2017-15370.patch | 29 +++ > .../sox/sox/CVE-2017-15371.patch | 40 ++++ > .../sox/sox/CVE-2017-15372.patch | 100 +++++++++ > .../sox/sox/CVE-2017-15642.patch | 35 +++ > .../sox/sox/CVE-2017-18189.patch | 34 +++ > .../sox/sox/CVE-2019-13590.patch | 34 +++ > .../sox/sox/CVE-2019-8354.patch | 29 +++ > .../recipes-multimedia/sox/sox_14.4.2.bb | 10 + > .../ez-ipupdate/ez-ipupdate_3.0.11b7.bb | 7 + > .../ez-ipupdate/files/CVE-2003-0887.patch | 158 ++++++++++++++ > .../recipes-daemons/proftpd/proftpd_1.3.7f.bb | 1 + > .../wireshark/files/CVE-2026-0959.patch | 65 ++++++ > .../wireshark/wireshark_4.2.14.bb | 1 + > .../recipes-dbs/mongodb/mongodb_git.bb | 7 +- > .../oe-npm-cache | 0 > ....18.bb => nodejs-oe-cache-native_20.20.bb} | 0 > ...e-running-gyp-files-for-bundled-deps.patch | 46 ---- > ...ert-stop-using-deprecated-ares_query.patch | 164 +++++++++++++++ > ...4-Do-not-use-mminimal-toc-with-clang.patch | 27 ++- > .../0001-src-fix-build-with-GCC-15.patch | 33 --- > .../nodejs/nodejs/182d9c05e78.patch | 182 ---------------- > .../nodejs/zlib-fix-pointer-alignment.patch | 64 ------ > .../{nodejs_20.18.2.bb => nodejs_20.20.0.bb} | 13 +- > .../php/php/CVE-2025-14178.patch | 65 ++++++ > .../php/php/CVE-2025-14180.patch | 69 ++++++ > meta-oe/recipes-devtools/php/php_8.2.29.bb | 2 + > .../fontforge/fontforge/CVE-2025-15269.patch | 35 +++ > .../fontforge/fontforge/CVE-2025-15270.patch | 44 ++++ > .../fontforge/fontforge/CVE-2025-15275.patch | 33 +++ > .../fontforge/CVE-2025-15279-1.patch | 41 ++++ > .../fontforge/CVE-2025-15279-2.patch | 34 +++ > .../fontforge/fontforge_20230101.bb | 8 +- > ...ncrease-supported-Xorg-version-to-1..patch | 29 +++ > ...server21.1.1.patch-Add-Xorg-21-patch.patch | 95 +++++++++ > .../files/0001-xvnc-adapt-for-1.21.patch | 46 ++++ > .../tigervnc/tigervnc_1.11.0.bb | 47 +++-- > .../cups/libcupsfilters/CVE-2025-64503.patch | 45 ++++ > .../cups/libcupsfilters_2.0.0.bb | 12 +- > .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + > .../imagemagick/CVE-2025-66628.patch | 27 +++ > .../imagemagick/imagemagick_7.1.1.bb | 1 + > .../raptor2/raptor2/CVE-2024-57822.patch | 44 ++++ > .../raptor2/raptor2/CVE-2024-57823.patch | 31 +++ > .../recipes-support/raptor2/raptor2_2.0.16.bb | 2 + > .../libmodule-build-tiny-perl_0.047.bb | 7 + > .../python3-aiohttp/CVE-2025-69225.patch | 49 +++++ > .../python3-aiohttp/CVE-2025-69226.patch | 134 ++++++++++++ > .../python3-aiohttp/CVE-2025-69228.patch | 48 +++++ > .../python/python3-aiohttp_3.9.5.bb | 7 +- > .../0001-lower-setuptools-requirements.patch | 0 > .../CVE-2025-64460.patch | 199 ++++++++++++++++++ > ...ngo_4.2.27.bb => python3-django_4.2.28.bb} | 2 +- > .../python/python3-django_5.0.14.bb | 1 + > .../python/python3-eventlet_0.36.1.bb | 4 +- > .../python/python3-m2crypto_0.40.1.bb | 5 + > .../python3-protobuf/CVE-2026-0994.patch | 47 +++++ > .../python/python3-protobuf_4.25.8.bb | 3 + > .../python3-tornado/CVE-2025-67726.patch | 2 +- > .../python3-virtualenv/CVE-2026-22702.patch | 60 ++++++ > .../python/python3-virtualenv_20.25.3.bb | 1 + > .../python/python3-watchdog_4.0.0.bb | 9 +- > .../netdata/netdata_1.44.3.bb | 2 + > meta-xfce/classes/thunar-plugin.bbclass | 2 +- > meta-xfce/classes/xfce-app.bbclass | 2 +- > meta-xfce/classes/xfce-panel-plugin.bbclass | 2 +- > meta-xfce/classes/xfce.bbclass | 2 +- > .../xfce4-panel-profiles_1.0.14.bb | 2 +- > .../xfwm4-themes/xfwm4-themes_4.10.0.bb | 2 +- > .../vala/xfce4-vala_4.10.3.bb | 2 +- > .../diskperf/xfce4-diskperf-plugin_2.7.0.bb | 2 +- > .../netload/xfce4-netload-plugin_1.4.1.bb | 2 +- > .../xfce4-dev-tools/xfce4-dev-tools_4.18.0.bb | 2 +- > 101 files changed, 2210 insertions(+), 703 deletions(-) > rename meta-gnome/recipes-gnome/eog/{eog_45.3.bb => eog_45.4.bb} (88%) > rename meta-gnome/recipes-gnome/gdm/{gdm_46.0.bb => gdm_46.2.bb} (94%) > rename meta-gnome/recipes-gnome/gnome-bluetooth/{gnome-bluetooth_46.0.bb > => gnome-bluetooth_46.2.bb} (91%) > rename meta-gnome/recipes-gnome/gnome-calculator/{ > gnome-calculator_46.0.bb => gnome-calculator_46.2.bb} (88%) > delete mode 100644 > meta-gnome/recipes-gnome/gnome-chess/gnuchess/0001-Remove-register-storage-class-classifier.patch > rename meta-gnome/recipes-gnome/gnome-chess/{gnuchess_6.2.9.bb => > gnuchess_6.2.11.bb} (55%) > delete mode 100644 > meta-gnome/recipes-gnome/gnome-commander/gnome-commander/0001-Build-fix-needed-with-taglib-2.0.patch > rename meta-gnome/recipes-gnome/gnome-commander/{ > gnome-commander_1.16.1.bb => gnome-commander_1.16.2.bb} (86%) > rename meta-gnome/recipes-gnome/gnome-desktop/{gnome-desktop_44.0.bb => > gnome-desktop_44.4.bb} (92%) > rename meta-gnome/recipes-gnome/gnome-disk-utility/{ > gnome-disk-utility_46.0.bb => gnome-disk-utility_46.1.bb} (91%) > rename meta-gnome/recipes-gnome/gnome-keyring/{gnome-keyring_46.1.bb => > gnome-keyring_46.2.bb} (94%) > rename meta-gnome/recipes-gnome/gnome-shell/{ > gnome-shell-extensions_46.1.bb => gnome-shell-extensions_46.4.bb} (84%) > rename meta-gnome/recipes-gnome/gnome-text-editor/{ > gnome-text-editor_46.1.bb => gnome-text-editor_46.3.bb} (83%) > delete mode 100644 > meta-gnome/recipes-gnome/gnome-tweaks/gnome-tweaks/0002-meson-fix-invalid-positional-argument.patch > rename meta-gnome/recipes-gnome/gnome-tweaks/{gnome-tweaks_40.0.bb => > gnome-tweaks_40.10.bb} (84%) > rename meta-gnome/recipes-gnome/gtksourceview/{gtksourceview5_5.12.0.bb > => gtksourceview5_5.12.1.bb} (91%) > rename meta-gnome/recipes-gnome/libgweather/{libgweather4_4.4.2.bb => > libgweather4_4.4.4.bb} (75%) > create mode 100644 > meta-gnome/recipes-gnome/mutter/files/0001-Dont-use-system-sysprof-dbus-folder.patch > rename meta-gnome/recipes-gnome/mutter/{mutter_46.1.bb => mutter_46.9.bb} > (95%) > rename meta-gnome/recipes-gnome/nautilus/{nautilus_45.1.bb => > nautilus_45.2.1.bb} (81%) > rename meta-gnome/recipes-gnome/tracker/{tracker-miners_3.7.1.bb => > tracker-miners_3.7.3.bb} (97%) > rename meta-gnome/recipes-gnome/tracker/{tracker_3.7.1.bb => > tracker_3.7.3.bb} (94%) > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11332.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11359.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15370.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15371.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15372.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-15642.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-13590.patch > create mode 100644 > meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch > create mode 100644 > meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch > create mode 100644 > meta-networking/recipes-support/wireshark/files/CVE-2026-0959.patch > rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-20.18 => > nodejs-oe-cache-20.20}/oe-npm-cache (100%) > rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_20.18.bb > => nodejs-oe-cache-native_20.20.bb} (100%) > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0001-Disable-running-gyp-files-for-bundled-deps.patch > create mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0001-Revert-stop-using-deprecated-ares_query.patch > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/0001-src-fix-build-with-GCC-15.patch > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/182d9c05e78.patch > delete mode 100644 > meta-oe/recipes-devtools/nodejs/nodejs/zlib-fix-pointer-alignment.patch > rename meta-oe/recipes-devtools/nodejs/{nodejs_20.18.2.bb => > nodejs_20.20.0.bb} (95%) > create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14178.patch > create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch > create mode 100644 > meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch > create mode 100644 > meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch > create mode 100644 > meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch > create mode 100644 > meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch > create mode 100644 > meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch > create mode 100644 > meta-oe/recipes-graphics/tigervnc/files/0001-xorg-version.h-Increase-supported-Xorg-version-to-1..patch > create mode 100644 > meta-oe/recipes-graphics/tigervnc/files/0001-xserver21.1.1.patch-Add-Xorg-21-patch.patch > create mode 100644 > meta-oe/recipes-graphics/tigervnc/files/0001-xvnc-adapt-for-1.21.patch > create mode 100644 > meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch > create mode 100644 > meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-66628.patch > create mode 100644 > meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57822.patch > create mode 100644 > meta-oe/recipes-support/raptor2/raptor2/CVE-2024-57823.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69226.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69228.patch > rename meta-python/recipes-devtools/python/{python3-django-4.2.27 => > python3-django-4.2.28}/0001-lower-setuptools-requirements.patch (100%) > create mode 100644 > meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-64460.patch > rename meta-python/recipes-devtools/python/{python3-django_4.2.27.bb => > python3-django_4.2.28.bb} (82%) > create mode 100644 > meta-python/recipes-devtools/python/python3-protobuf/CVE-2026-0994.patch > create mode 100644 > meta-python/recipes-devtools/python/python3-virtualenv/CVE-2026-22702.patch > > -- > 2.53.0 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124431): https://lists.openembedded.org/g/openembedded-devel/message/124431 Mute This Topic: https://lists.openembedded.org/mt/117836487/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
