Re: [oe] [PATCH 00/32] Scarthgap pull request

Tue, 20 Jan 2026 08:33:18 -0800 

merged now, thanks Anuj

On Mon, Jan 19, 2026 at 8:05 PM Anuj Mittal <[email protected]>
wrote:

> Please merge these changes in scarthgap. Tested on AB and locally.
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1257
>
> The following changes since commit
> 2df869df1c3fa74103098bba65c06e55d0d3664a:
>
>   freerdp3: drop CVE-2025-68118 patch (2026-01-13 06:53:10 +0530)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap
>
> https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap
>
> Anil Dongare (1):
>   php 8.2.29: CVE-2025-14177
>
> Ankur Tyagi (22):
>   gimp: upgrade 2.10.36 -> 2.10.38
>   gimp: patch CVE-2025-14422
>   gimp: patch CVE-2025-14425
>   gimp: ignore CVE-2025-48796
>   gimp: patch CVE-2025-5473
>   python3-aiohttp: upgrade 3.9.4 -> 3.9.5
>   python3-aiohttp: patch CVE-2024-52304
>   python3-cob2: upgrade 5.6.3 -> 5.6.4
>   python3-configobj: patch CVE-2023-26112
>   python3-eventlet: patch CVE-2025-58068
>   python3-marshmallow: upgrade 3.21.1 -> 3.21.3
>   python3-pymongo: upgrade 4.6.1 -> 4.6.3
>   python3-tornado: patch CVE-2025-47287
>   python3-tornado: patch CVE-2025-67724
>   python3-tornado: patch CVE-2025-67726
>   python3-tqdm: upgrade 4.66.2 -> 4.66.3
>   python3-werkzeug: ignore CVE-2025-66221 and CVE-2026-21860
>   python3-virtualenv: upgrade 20.25.0 -> 20.25.3
>   gpsd: patch CVE-2025-67268
>   gpsd: patch CVE-2025-67269
>   frr: patch multiple CVEs
>   fluidsynth: patch CVE-2025-56225
>
> Gyorgy Sarvari (5):
>   python3-ldap: set CVE_PRODUCT
>   python3-ldap: upgrade 3.4.4 -> 3.4.5
>   boinc-client: set CVE_PRODUCT
>   boinc-client: mark CVE-2013-2018 patched
>   lmdb: patch CVE-2026-22185
>
> Jackson (1):
>   tcpreplay 4.4.4: Fix CVE-2025-9384
>
> Peter Marko (1):
>   gimp: ignore CVE-2007-3741
>
> Wang Mingyu (1):
>   openfortivpn: upgrade 1.22.0 -> 1.22.1
>
> Yoann Congal (1):
>   boinc-client: fix hostname reproducibility
>
>  .../gimp/gimp/CVE-2025-14422.patch            |  64 ++++
>  .../gimp/gimp/CVE-2025-14425.patch            |  70 +++++
>  .../gimp/gimp/CVE-2025-5473.patch             |  38 +++
>  .../gimp/{gimp_2.10.36.bb => gimp_2.10.38.bb} |  11 +-
>  .../fluidsynth/CVE-2025-56225.patch           |  25 ++
>  .../fluidsynth/fluidsynth_2.3.4.bb            |   1 +
>  ...tivpn_1.22.0.bb => openfortivpn_1.22.1.bb} |   2 +-
>  ...1102-61103-61104-61105-61106-61107_1.patch |  37 +++
>  ...1102-61103-61104-61105-61106-61107_2.patch | 273 ++++++++++++++++++
>  ...1102-61103-61104-61105-61106-61107_3.patch |  78 +++++
>  ...1102-61103-61104-61105-61106-61107_4.patch | 119 ++++++++
>  .../recipes-protocols/frr/frr_9.1.3.bb        |   4 +
>  .../tcpreplay/tcpreplay/CVE-2025-9384.patch   |  38 +++
>  .../tcpreplay/tcpreplay_4.4.4.bb              |   1 +
>  .../lmdb/files/CVE-2026-22185.patch           |  31 ++
>  meta-oe/recipes-dbs/lmdb/lmdb_0.9.31.bb       |   1 +
>  .../php/php/CVE-2025-14177.patch              |  84 ++++++
>  meta-oe/recipes-devtools/php/php_8.2.29.bb    |   1 +
>  .../boinc/boinc-client_7.20.5.bb              |   9 +-
>  .../gpsd/gpsd/CVE-2025-67268.patch            | 214 ++++++++++++++
>  .../gpsd/gpsd/CVE-2025-67269.patch            | 150 ++++++++++
>  meta-oe/recipes-navigation/gpsd/gpsd_3.24.bb  |   2 +
>  .../python3-aiohttp/CVE-2024-52304.patch      | 124 ++++++++
>  ...http_3.9.4.bb => python3-aiohttp_3.9.5.bb} |   4 +-
>  ...-cbor2_5.6.3.bb => python3-cbor2_5.6.4.bb} |   2 +-
>  .../python3-configobj/CVE-2023-26112.patch    |  25 ++
>  .../python/python3-configobj_5.0.8.bb         |   2 +
>  .../python3-eventlet/CVE-2025-58068.patch     |  42 +++
>  .../python/python3-eventlet_0.36.1.bb         |   2 +
>  ....21.1.bb => python3-marshmallow_3.21.3.bb} |   2 +-
>  ...ongo_4.6.1.bb => python3-pymongo_4.6.3.bb} |   2 +-
>  .../python3-tornado/CVE-2025-47287.patch      | 232 +++++++++++++++
>  .../python3-tornado/CVE-2025-67724.patch      | 118 ++++++++
>  .../python3-tornado/CVE-2025-67726.patch      |  99 +++++++
>  .../python/python3-tornado_6.4.2.bb           |   5 +
>  ...-tqdm_4.66.2.bb => python3-tqdm_4.66.3.bb} |   2 +-
>  ....25.0.bb => python3-virtualenv_20.25.3.bb} |   2 +-
>  .../python/python3-werkzeug_3.0.6.bb          |   3 +
>  ...n3-ldap_3.4.4.bb => python3-ldap_3.4.5.bb} |  10 +-
>  39 files changed, 1915 insertions(+), 14 deletions(-)
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch
>  create mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-5473.patch
>  rename meta-gnome/recipes-gimp/gimp/{gimp_2.10.36.bb => gimp_2.10.38.bb}
> (82%)
>  create mode 100644
> meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth/CVE-2025-56225.patch
>  rename meta-networking/recipes-connectivity/openfortivpn/{
> openfortivpn_1.22.0.bb => openfortivpn_1.22.1.bb} (93%)
>  create mode 100644
> meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_1.patch
>  create mode 100644
> meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_2.patch
>  create mode 100644
> meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_3.patch
>  create mode 100644
> meta-networking/recipes-protocols/frr/frr/CVE-2025-61099-61100-61101-61102-61103-61104-61105-61106-61107_4.patch
>  create mode 100644
> meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-9384.patch
>  create mode 100644 meta-oe/recipes-dbs/lmdb/files/CVE-2026-22185.patch
>  create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2025-14177.patch
>  create mode 100644
> meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch
>  create mode 100644
> meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch
>  create mode 100644
> meta-python/recipes-devtools/python/python3-aiohttp/CVE-2024-52304.patch
>  rename meta-python/recipes-devtools/python/{python3-aiohttp_3.9.4.bb =>
> python3-aiohttp_3.9.5.bb} (81%)
>  rename meta-python/recipes-devtools/python/{python3-cbor2_5.6.3.bb =>
> python3-cbor2_5.6.4.bb} (89%)
>  create mode 100644
> meta-python/recipes-devtools/python/python3-configobj/CVE-2023-26112.patch
>  create mode 100644
> meta-python/recipes-devtools/python/python3-eventlet/CVE-2025-58068.patch
>  rename meta-python/recipes-devtools/python/{python3-marshmallow_3.21.1.bb
> => python3-marshmallow_3.21.3.bb} (92%)
>  rename meta-python/recipes-devtools/python/{python3-pymongo_4.6.1.bb =>
> python3-pymongo_4.6.3.bb} (90%)
>  create mode 100644
> meta-python/recipes-devtools/python/python3-tornado/CVE-2025-47287.patch
>  create mode 100644
> meta-python/recipes-devtools/python/python3-tornado/CVE-2025-67724.patch
>  create mode 100644
> meta-python/recipes-devtools/python/python3-tornado/CVE-2025-67726.patch
>  rename meta-python/recipes-devtools/python/{python3-tqdm_4.66.2.bb =>
> python3-tqdm_4.66.3.bb} (81%)
>  rename meta-python/recipes-devtools/python/{python3-virtualenv_20.25.0.bb
> => python3-virtualenv_20.25.3.bb} (85%)
>  rename meta-python/recipes-networking/python/{python3-ldap_3.4.4.bb =>
> python3-ldap_3.4.5.bb} (74%)
>
> --
> 2.52.0
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123676): 
https://lists.openembedded.org/g/openembedded-devel/message/123676
Mute This Topic: https://lists.openembedded.org/mt/117358663/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to