Mostly CVE fixes and a few bug fix only upgrades. There's a new recipe for python3-backports-zstd that introduces this module for Python 3.12 which didn't have this.
Tested locally and on autobuilder: https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1538 The following changes since commit ae7dfb12245c7f9b9a353499e2688015bd4e6413: jq: Stick to C17 until next release (2026-05-05 06:57:17 +0530) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap for you to fetch changes up to d8cc4e44001c7257273d290ce8c4496e93d32841: postgresql: upgrade 16.12 -> 16.14 (2026-05-25 08:05:43 +0530) ---------------------------------------------------------------- Ankur Tyagi (8): exiftool: ignore CVE-2026-7580 firewalld: upgrade 1.3.2 -> 1.3.4 frr: patch CVE-2026-28532 lcms: patch CVE-2026-41254 lcms: patch CVE-2026-42798 postfix: upgrade 3.8.12 -> 3.8.16 nanomsg: upgrade 1.2.1 -> 1.2.2 postgresql: upgrade 16.12 -> 16.14 Gyorgy Sarvari (1): python3-ecdsa: set CVE_PRODUCT Het Patel (3): abseil-cpp: Add CVE_PRODUCT to support product name onig: Add CVE_PRODUCT to support product name open-vm-tools: Add entry to CVE_PRODUCT to support the product name Hitendra Prajapati (2): wireshark: fix for CVE-2025-13946 strongswan: fix for CVE-2026-35334 Hugo SIMELIERE (Schneider Electric) (5): nss: Fix CVE-2026-2781 dnsmasq: Fix CVE-2026-4891 dnsmasq: Fix CVE-2026-4892 dnsmasq: Fix CVE-2026-4893 dnsmasq: Fix CVE-2026-5172 Jason Schonberg (1): php: upgrade 8.2.30 -> 8.2.31 Jérémie Dautheribes (Schneider Electric ) (1): python3-backports-zstd: add recipe Liyin Zhang (1): apache2: upgrade 2.4.66 -> 2.4.67 Peter Marko (1): python-grpcio(-tools): add grpc:grpc to cve product Sudhir Dumbhare (1): libssh: set status for CVE-2025-14821 Theo Gaige (1): dash: fix CVE-2026-31323 Theo Gaige (Schneider Electric) (4): nginx: patch CVE-2026-40701 nginx: patch CVE-2026-42934 nginx: patch CVE-2026-42945 nginx: patch CVE-2026-42946 ...{firewalld_1.3.2.bb => firewalld_1.3.4.bb} | 2 +- .../{nanomsg_1.2.1.bb => nanomsg_1.2.2.bb} | 2 +- .../{postfix_3.8.12.bb => postfix_3.8.16.bb} | 2 +- .../frr/frr/CVE-2026-28532.patch | 309 ++++++++++++++++++ .../recipes-protocols/frr/frr_9.1.3.bb | 1 + .../recipes-support/dnsmasq/dnsmasq_2.90.bb | 4 + .../dnsmasq/files/CVE-2026-4891.patch | 44 +++ .../dnsmasq/files/CVE-2026-4892.patch | 41 +++ .../dnsmasq/files/CVE-2026-4893.patch | 38 +++ .../dnsmasq/files/CVE-2026-5172.patch | 39 +++ .../open-vm-tools/open-vm-tools_12.3.5.bb | 2 +- .../strongswan/CVE-2026-35334.patch | 255 +++++++++++++++ .../strongswan/strongswan_5.9.14.bb | 1 + .../wireshark/files/CVE-2025-13946.patch | 51 +++ .../wireshark/wireshark_4.2.14.bb | 1 + .../files/0001-Add-support-for-RISC-V.patch | 7 +- .../files/0002-Improve-reproducibility.patch | 7 +- ...c-bypass-autoconf-2.69-version-check.patch | 11 +- ...-config_info.c-not-expose-build-info.patch | 9 +- ...gresql-fix-ptest-failure-of-sysviews.patch | 7 +- .../postgresql/files/not-check-libperl.patch | 9 +- ...ostgresql_16.12.bb => postgresql_16.14.bb} | 2 +- .../abseil-cpp/abseil-cpp_20240116.3.bb | 3 + .../recipes-devtools/perl/exiftool_12.72.bb | 1 + .../php/{php_8.2.30.bb => php_8.2.31.bb} | 2 +- .../dash/dash/CVE-2026-31323.patch | 43 +++ meta-oe/recipes-shells/dash/dash_0.5.12.bb | 5 +- .../lcms/lcms/CVE-2026-41254_1.patch | 30 ++ .../lcms/lcms/CVE-2026-41254_2.patch | 36 ++ .../lcms/lcms/CVE-2026-42798.patch | 38 +++ meta-oe/recipes-support/lcms/lcms_2.16.bb | 6 +- .../recipes-support/libssh/libssh_0.10.6.bb | 2 + .../nss/nss/CVE-2026-2781.patch | 36 ++ meta-oe/recipes-support/nss/nss_3.98.bb | 1 + meta-oe/recipes-support/onig/onig_6.9.9.bb | 3 + ...ake-license-entries-compatible-with-.patch | 38 +++ ...s.toml-lower-setuptools-requirements.patch | 31 ++ .../python/python3-backports-zstd_1.5.0.bb | 21 ++ .../python/python3-ecdsa_0.19.0.bb | 2 + .../python/python3-grpcio-tools_1.62.2.bb | 2 + .../python/python3-grpcio_1.62.2.bb | 2 + .../{apache2_2.4.66.bb => apache2_2.4.67.bb} | 2 +- .../nginx/nginx-1.24.0/CVE-2026-40701.patch | 73 +++++ .../nginx/nginx-1.24.0/CVE-2026-42934.patch | 79 +++++ .../nginx/nginx-1.24.0/CVE-2026-42945.patch | 46 +++ .../nginx-1.24.0/CVE-2026-42946-01.patch | 46 +++ .../nginx-1.24.0/CVE-2026-42946-02.patch | 91 ++++++ .../recipes-httpd/nginx/nginx_1.24.0.bb | 5 + 48 files changed, 1445 insertions(+), 43 deletions(-) rename meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/{firewalld_1.3.2.bb => firewalld_1.3.4.bb} (99%) rename meta-networking/recipes-connectivity/nanomsg/{nanomsg_1.2.1.bb => nanomsg_1.2.2.bb} (94%) rename meta-networking/recipes-daemons/postfix/{postfix_3.8.12.bb => postfix_3.8.16.bb} (99%) create mode 100644 meta-networking/recipes-protocols/frr/frr/CVE-2026-28532.patch create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch create mode 100644 meta-networking/recipes-support/strongswan/strongswan/CVE-2026-35334.patch create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_16.12.bb => postgresql_16.14.bb} (86%) rename meta-oe/recipes-devtools/php/{php_8.2.30.bb => php_8.2.31.bb} (99%) create mode 100644 meta-oe/recipes-shells/dash/dash/CVE-2026-31323.patch create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch create mode 100644 meta-oe/recipes-support/nss/nss/CVE-2026-2781.patch create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd/0001-pyproject.toml-make-license-entries-compatible-with-.patch create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd/0002-pyprojects.toml-lower-setuptools-requirements.patch create mode 100644 meta-python/recipes-devtools/python/python3-backports-zstd_1.5.0.bb rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.66.bb => apache2_2.4.67.bb} (99%) create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-40701.patch create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42934.patch create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42945.patch create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42946-01.patch create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.24.0/CVE-2026-42946-02.patch -- 2.54.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#127200): https://lists.openembedded.org/g/openembedded-devel/message/127200 Mute This Topic: https://lists.openembedded.org/mt/119481333/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
