Please merge these changes in scarthgap. Tested locally and on AB. There are a few unresolved buildpaths warning in scarthgap but they are not related to these proposed changes.
https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1243 The following changes since commit 2b26d30fc7f478f5735d514f0c1bc28f6a4148b6: atop: patch CVE-2025-31160 (2025-12-30 07:08:16 +0530) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap Ankur Tyagi (19): cifs-utils: patch CVE-2025-2312 frr: ignore CVE-2024-44070 libcoap: patch CVE-2025-34468 mtr: patch CVE-2025-49809 open62541: patch CVE-2024-53429 proftpd: patch CVE-2024-48651 znc: patch CVE-2024-39844 tinyproxy: patch CVE-2025-63938 wolfssl: patch CVE-2025-7394 libde265: patch CVE-2023-43887 libde265: patch CVE-2023-47471 vlc: patch CVE-2024-46461 opusfile: patch CVE-2022-47021 freerdp3: ignore CVE-2025-68118 influxdb: ignore CVE-2024-30896 krb5: ignore CVE-2025-3576 libwebsockets: ignore CVE-2025-1866 usb-modeswitch: upgrade 2.6.1 -> 2.6.2 usb-modeswitch-data: upgrade 20191128 -> 20251207 Colin McAllister (2): nginx: upgrade 1.25.4 -> 1.25.5 nginx: Fix CVE-2025-23419 for 1.25.5 Gyorgy Sarvari (18): imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 imagemagick: mark CVE-2023-5341 as patched imagemagick: patch CVE-2025-53014 imagemagick: patch CVE-2025-53015 imagemagick: patch CVE-2025-53019 imagemagick: patch CVE-2025-53101 imagemagick: patch CVE-2025-55004 imagemagick: patch CVE-2025-55005 imagemagick: patch CVE-2025-55154 imagemagick: patch CVE-2025-55160 imagemagick: patch CVE-2025-55212 imagemagick: patch CVE-2025-57803 imagemagick: patch CVE-2025-57807 imagemagick: patch CVE-2025-62171 imagemagick: patch CVE-2025-65955 dante: upgrade 1.4.3 -> 1.4.4 libao: ignore CVE-2017-11548 freerdp3: drop CVE-2025-68118 patch Katariina Lounento (1): libtar: patch CVEs Khem Raj (1): dante: Add _GNU_SOURCE for musl builds Naman Jain (1): unbound: Fix CVE-2025-5994 Peter Marko (6): net-snmp: patch CVE-2025-68615 sox: extend CVE_PRODUCT libsodium: patch CVE-2025-69277 networkmanager: upgrade 1.46.0 -> 1.46.6 synergy: patch CVE-2020-15117 id3lib: mark CVE-2007-4460 as fixed Sanjay Chitroda (1): recipes-core/toybox: Switch SRC_URI to HTTPS for reliable fetch Vijay Anusuri (1): python3-cbor2: Fix CVE-2025-64076 Wang Mingyu (1): libvpx: upgrade 1.14.0 -> 1.14.1 .../recipes-multimedia/libao/libao_1.2.0.bb | 2 + .../libde265/libde265/CVE-2023-43887.patch | 39 +++ .../libde265/libde265/CVE-2023-47471.patch | 42 +++ .../libde265/libde265_1.0.12.bb | 5 +- .../opusfile/opusfile/CVE-2022-47021.patch | 45 +++ .../opusfile/opusfile_0.12.bb | 4 +- .../recipes-multimedia/sox/sox_14.4.2.bb | 2 + .../vlc/vlc/CVE-2024-46461.patch | 44 +++ .../recipes-multimedia/vlc/vlc_3.0.20.bb | 1 + ...ger_1.46.0.bb => networkmanager_1.46.6.bb} | 4 +- .../wolfssl/files/CVE-2025-7394-1.patch | 46 +++ .../wolfssl/files/CVE-2025-7394-2.patch | 275 +++++++++++++++ .../wolfssl/files/CVE-2025-7394-3.patch | 125 +++++++ .../wolfssl/files/CVE-2025-7394-4.patch | 85 +++++ .../wolfssl/files/CVE-2025-7394-5.patch | 40 +++ .../wolfssl/files/CVE-2025-7394-6.patch | 48 +++ .../wolfssl/wolfssl_5.7.2.bb | 6 + .../proftpd/files/CVE-2024-48651.patch | 320 ++++++++++++++++++ .../recipes-daemons/proftpd/proftpd_1.3.7f.bb | 1 + .../libcoap/libcoap/CVE-2025-34468.patch | 127 +++++++ .../recipes-devtools/libcoap/libcoap_4.3.4.bb | 1 + .../recipes-irc/znc/znc/CVE-2024-39844.patch | 62 ++++ meta-networking/recipes-irc/znc/znc_1.8.2.bb | 1 + .../dante/{dante_1.4.3.bb => dante_1.4.4.bb} | 6 +- .../recipes-protocols/frr/frr_9.1.3.bb | 2 + .../net-snmp/net-snmp/CVE-2025-68615.patch | 33 ++ .../net-snmp/net-snmp_5.9.4.bb | 1 + .../opcua/open62541/CVE-2024-53429.patch | 44 +++ .../opcua/open62541_1.3.8.bb | 1 + .../cifs/cifs-utils/CVE-2025-2312.patch | 136 ++++++++ .../recipes-support/cifs/cifs-utils_7.0.bb | 4 +- .../mtr/mtr/CVE-2025-49809.patch | 39 +++ .../recipes-support/mtr/mtr_0.95.bb | 4 +- .../tinyproxy/tinyproxy/CVE-2025-63938.patch | 42 +++ .../tinyproxy/tinyproxy_1.11.1.bb | 1 + .../unbound/unbound/CVE-2025-5994.patch | 275 +++++++++++++++ .../recipes-support/unbound/unbound_1.19.3.bb | 1 + .../recipes-connectivity/krb5/krb5_1.21.3.bb | 2 + .../libwebsockets/libwebsockets_4.3.3.bb | 2 + meta-oe/recipes-core/toybox/toybox_0.8.11.bb | 2 +- .../libsodium/libsodium/CVE-2025-69277.patch | 61 ++++ .../libsodium/libsodium_1.0.19.bb | 4 +- .../recipes-dbs/influxdb/influxdb_1.8.10.bb | 1 + .../recipes-multimedia/id3lib/id3lib_3.8.3.bb | 2 + ...ibvpx-configure-support-blank-prefix.patch | 8 +- .../{libvpx_1.14.0.bb => libvpx_1.14.1.bb} | 2 +- .../freerdp/freerdp3/CVE-2025-68118.patch | 57 ---- .../recipes-support/freerdp/freerdp3_3.4.0.bb | 3 +- .../imagemagick/CVE-2025-53014.patch | 25 ++ .../imagemagick/CVE-2025-53015.patch | 51 +++ .../imagemagick/CVE-2025-53019.patch | 26 ++ .../imagemagick/CVE-2025-53101.patch | 54 +++ .../imagemagick/CVE-2025-55004.patch | 65 ++++ .../imagemagick/CVE-2025-55005.patch | 34 ++ .../imagemagick/CVE-2025-55154.patch | 79 +++++ .../imagemagick/CVE-2025-55160.patch | 159 +++++++++ .../imagemagick/CVE-2025-55212.patch | 29 ++ .../imagemagick/CVE-2025-57803.patch | 60 ++++ .../imagemagick/CVE-2025-57807.patch | 45 +++ .../imagemagick/CVE-2025-62171.patch | 26 ++ .../imagemagick/CVE-2025-65955.patch | 25 ++ .../imagemagick/imagemagick_7.1.1.bb | 21 +- ...-missing-prototype-compiler-warnings.patch | 53 +++ ...ix-invalid-memory-de-reference-issue.patch | 44 +++ ...escriptor-leaks-reported-by-cppcheck.patch | 101 ++++++ ...0006-fix-memleak-on-tar_open-failure.patch | 26 ++ ...ix-memleaks-in-libtar-sample-program.patch | 119 +++++++ ...ng-a-static-buffer-in-th_get_pathnam.patch | 89 +++++ ...-for-NULL-before-freeing-th_pathname.patch | 30 ++ ...-stdlib.h-for-malloc-in-lib-decode.c.patch | 26 ++ ...amming-mistakes-detected-by-static-a.patch | 100 ++++++ .../libtar/files/CVE-2013-4420.patch | 160 +++++++++ ...-33640-CVE-2021-33645-CVE-2021-33646.patch | 42 +++ .../files/CVE-2021-33643-CVE-2021-33644.patch | 52 +++ .../recipes-support/libtar/libtar_1.2.20.bb | 12 + .../synergy/synergy/CVE-2020-15117.patch | 48 +++ .../recipes-support/synergy/synergy_git.bb | 1 + ...128.bb => usb-modeswitch-data_20251207.bb} | 3 +- ...witch_2.6.1.bb => usb-modeswitch_2.6.2.bb} | 2 +- .../python/python3-cbor2/CVE-2025-64076.patch | 91 +++++ .../python/python3-cbor2_5.6.3.bb | 1 + .../CVE-2025-23419.patch | 0 .../nginx/nginx-1.25.5/CVE-2025-23419.patch | 119 +++++++ meta-webserver/recipes-httpd/nginx/nginx.inc | 1 + .../recipes-httpd/nginx/nginx_1.24.0.bb | 3 +- .../{nginx_1.25.4.bb => nginx_1.25.5.bb} | 2 +- 86 files changed, 3800 insertions(+), 82 deletions(-) create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch create mode 100644 meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch create mode 100644 meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.46.0.bb => networkmanager_1.46.6.bb} (98%) create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-1.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-2.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-3.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-4.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-5.patch create mode 100644 meta-networking/recipes-connectivity/wolfssl/files/CVE-2025-7394-6.patch create mode 100644 meta-networking/recipes-daemons/proftpd/files/CVE-2024-48651.patch create mode 100644 meta-networking/recipes-devtools/libcoap/libcoap/CVE-2025-34468.patch create mode 100644 meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch rename meta-networking/recipes-protocols/dante/{dante_1.4.3.bb => dante_1.4.4.bb} (88%) create mode 100644 meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2025-68615.patch create mode 100644 meta-networking/recipes-protocols/opcua/open62541/CVE-2024-53429.patch create mode 100644 meta-networking/recipes-support/cifs/cifs-utils/CVE-2025-2312.patch create mode 100644 meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch create mode 100644 meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch create mode 100644 meta-networking/recipes-support/unbound/unbound/CVE-2025-5994.patch create mode 100644 meta-oe/recipes-crypto/libsodium/libsodium/CVE-2025-69277.patch rename meta-oe/recipes-multimedia/webm/{libvpx_1.14.0.bb => libvpx_1.14.1.bb} (96%) delete mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53014.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53015.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53019.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-53101.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55004.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55005.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55154.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55160.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-55212.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57803.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-57807.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-62171.patch create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2025-65955.patch create mode 100644 meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch create mode 100644 meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch create mode 100644 meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch create mode 100644 meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch create mode 100644 meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch create mode 100644 meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch create mode 100644 meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch create mode 100644 meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch create mode 100644 meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch create mode 100644 meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch create mode 100644 meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch rename meta-oe/recipes-support/usb-modeswitch/{usb-modeswitch-data_20191128.bb => usb-modeswitch-data_20251207.bb} (77%) rename meta-oe/recipes-support/usb-modeswitch/{usb-modeswitch_2.6.1.bb => usb-modeswitch_2.6.2.bb} (91%) create mode 100644 meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-64076.patch rename meta-webserver/recipes-httpd/nginx/{files => nginx-1.24.0}/CVE-2025-23419.patch (100%) create mode 100644 meta-webserver/recipes-httpd/nginx/nginx-1.25.5/CVE-2025-23419.patch rename meta-webserver/recipes-httpd/nginx/{nginx_1.25.4.bb => nginx_1.25.5.bb} (74%) -- 2.52.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123393): https://lists.openembedded.org/g/openembedded-devel/message/123393 Mute This Topic: https://lists.openembedded.org/mt/117238126/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
