11 files changed, 142 insertions, 11 deletions

diff --git a/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch b/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch
index 721225c8b3..380e425f25 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch
+++ b/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch
@@ -16,8 +16,8 @@ diff --git a/meson.build b/meson.build
 index 4e48f8c64c..d5dce47015 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -765,7 +765,7 @@ zlib = dependency('zlib')
- MIMEtypes += 'image/x-psp'
+@@ -777,7 +777,7 @@ zlib = dependency('zlib')
+ zlib = dependency('zlib')
  
  # Compiler-provided headers can't be found in crossroads environment
 -if not meson.is_cross_build()
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.4.bb b/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb
index e2ad29eb98..9f38cdcd03 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.4.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb
@@ -5,7 +5,7 @@ LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c678957b0c8e964aa6c70fd77641a71e"
 
 DEPENDS = " \
-    appstream-glib \
+    appstream \
     atk \
     babl \
     bzip2 \
@@ -56,13 +56,12 @@ GIDOCGEN_MESON_OPTION = "gi-docgen"
 GIDOCGEN_MESON_ENABLE_FLAG = "enabled"
 GIDOCGEN_MESON_DISABLE_FLAG = "disabled"
 
-SRC_URI = "gitsm://gitlab.gnome.org/GNOME/gimp.git;protocol=https;branch=master"
+SRC_URI = "https://download.gimp.org/gimp/v3.0/${BP}.tar.xz"
 SRC_URI += "file://0001-gimp-cross-compile-fix-for-bz2.patch"
 SRC_URI += "file://0002-meson.build-reproducibility-fix.patch"
 SRC_URI += "file://0001-meson.build-dont-check-for-lgi.patch"
 SRC_URI += "file://0001-meson.build-require-iso-codes-native.patch"
-SRCREV = "c1901c5be644ab8dcaf779b1f383bf5370bc90c6"
-
+SRC_URI[sha256sum] = "246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b"
 
 PACKAGECONFIG[aa] = "-Daa=enabled,-Daa=disabled,aalib"
 PACKAGECONFIG[alsa] = "-Dalsa=enabled,-Dalsa=disabled,alsa-lib"
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
new file mode 100644
index 0000000000..2340d8ed75
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch
@@ -0,0 +1,35 @@
+From 1126140b8f5ece18c58640725f0e4c08e5ec97b0 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Sat, 15 Nov 2025 13:34:15 +0100
+Subject: [PATCH] A potential null pointer difference is that the return value
+ of the hash may be null. This fixes CVE-2021-33456.
+
+From: lixuebing <lixuebing@cqsoftware.com.cn>
+Date: Mon, 25 Aug 2025 13:51:28 +0800
+Subject: Fix null-pointer-dereference in hash
+Bug: https://github.com/yasm/yasm/issues/175
+Origin: https://github.com/yasm/yasm/pull/290
+
+CVE: CVE-2021-33456
+Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/290]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ modules/preprocs/nasm/nasm-pp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
+index f9f92dd1..473d98c1 100644
+--- a/modules/preprocs/nasm/nasm-pp.c
++++ b/modules/preprocs/nasm/nasm-pp.c
+@@ -1102,6 +1102,10 @@ hash(char *s)
+ {
+     unsigned int h = 0;
+     unsigned int i = 0;
++    /* Check if the input string is NULL to avoid null pointer dereference */
++    if (s == NULL) {
++        return 0;
++    }
+     /*
+      * Powers of three, mod 31.
+      */
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
new file mode 100644
index 0000000000..ebae250ff9
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch
@@ -0,0 +1,34 @@
+From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Sat, 15 Nov 2025 13:30:12 +0100
+Subject: [PATCH] Handle file descriptors with nonexisting env names better. 
+ Avoid writing past allocated memory.
+
+This fixes CVE-2021-33464.
+Author: Petter Reinholdtsen <pere@debian.org>
+Bug: https://github.com/yasm/yasm/issues/164
+Bug-Debian: https://bugs.debian.org/1016353
+Forwarded: https://github.com/yasm/yasm/issues/164
+Last-Update: 2025-04-30
+
+CVE: CVE-2021-33464
+Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ modules/preprocs/nasm/nasm-pp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c
+index 512f02c3..f9f92dd1 100644
+--- a/modules/preprocs/nasm/nasm-pp.c
++++ b/modules/preprocs/nasm/nasm-pp.c
+@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
+             error(ERR_WARNING, "environment variable `%s' does not exist",
+                   p1+1);
+             *p2 = '%';
+-            p1 = p2+1;
++            pb = p1 = p2+1;
+             continue;
+         }
+         /* need to expand */
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
new file mode 100644
index 0000000000..58b4ed1996
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch
@@ -0,0 +1,39 @@
+From 81c1b7b0a28f052eaadddcb010944bf67e6ae257 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Sat, 15 Nov 2025 13:24:21 +0100
+Subject: [PATCH] Make sure CPU feature parsing use large enough string buffer.
+  Fixes CVE-2023-29579.
+
+Author: Petter Reinholdtsen <pere@debian.org>
+Bug: https://github.com/yasm/yasm/issues/214
+Bug-Debian: https://bugs.debian.org/1035951
+Forwarded:  https://github.com/yasm/yasm/issues/214
+Last-Update: 2025-04-30
+
+This patch is taken from Debian:
+https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/
+
+CVE: CVE-2023-29579
+Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/214]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ modules/arch/x86/x86arch.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/modules/arch/x86/x86arch.c b/modules/arch/x86/x86arch.c
+index bac11774..58327958 100644
+--- a/modules/arch/x86/x86arch.c
++++ b/modules/arch/x86/x86arch.c
+@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_valparamhead *valparams,
+                 yasm_error_set(YASM_ERROR_SYNTAX,
+                                N_("invalid argument to [%s]"), "CPU");
+             else {
+-                char strcpu[16];
+-                sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu));
++                char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */
++                assert(8*sizeof(unsigned long) <= 64);
++                snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu));
+                 yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu));
+             }
+         } else
diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb
index 68895a1697..6ddd94621a 100644
--- a/meta-oe/recipes-devtools/yasm/yasm_git.bb
+++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb
@@ -14,7 +14,10 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
            file://0001-yasm-Set-build-date-to-SOURCE_DATE_EPOCH.patch \
            file://0002-yasm-Use-BUILD_DATE-for-reproducibility.patch \
            file://0001-bitvect-fix-build-with-gcc-15.patch \
-"
+           file://CVE-2023-29579.patch \
+           file://CVE-2021-33464.patch \
+           file://CVE-2021-33456.patch \
+           "
 
 
 inherit autotools gettext python3native
@@ -33,3 +36,5 @@ do_configure:prepend() {
 CVE_STATUS_GROUPS += "CVE_STATUS_HASH_UPDATE"
 CVE_STATUS_HASH_UPDATE = "CVE-2021-33454 CVE-2023-31975 CVE-2023-37732"
 CVE_STATUS_HASH_UPDATE[status] = "fixed-version: patched in current git hash"
+
+CVE_PRODUCT += "tortall:yasm yasm_project:yasm"
diff --git a/meta-oe/recipes-support/googlebenchmark/googlebenchmark_1.9.4.bb b/meta-oe/recipes-support/googlebenchmark/googlebenchmark_1.9.4.bb
index 4558aa13d6..7f6755d51e 100644
--- a/meta-oe/recipes-support/googlebenchmark/googlebenchmark_1.9.4.bb
+++ b/meta-oe/recipes-support/googlebenchmark/googlebenchmark_1.9.4.bb
@@ -7,13 +7,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 SRC_URI = "git://github.com/google/benchmark.git;protocol=https;branch=main;tag=v${PV}"
 SRCREV = "eddb0241389718a23a42db6af5f0164b6e0139af"
 
-
 EXTRA_OECMAKE = " \
     -DBUILD_SHARED_LIBS=yes \
     -DBENCHMARK_ENABLE_TESTING=no \
     -DCMAKE_BUILD_TYPE=Release \
 "
 
+# Needed with glibc 2.43 which also defines __COUNTER__ now
+CXXFLAGS += "-Wno-c2y-extensions"
+
 inherit cmake
 
 FILES:${PN}-dev += "${libdir}/cmake"
diff --git a/meta-oe/recipes-support/links/links.inc b/meta-oe/recipes-support/links/links.inc
index d772d54aff..a255f0ba6b 100644
--- a/meta-oe/recipes-support/links/links.inc
+++ b/meta-oe/recipes-support/links/links.inc
@@ -14,4 +14,6 @@ PACKAGECONFIG ??= ""
 PACKAGECONFIG[bzip2] = "--with-bzip2,--without-bzip2,bzip2"
 PACKAGECONFIG[lzma] = "--with-lzma,--without-lzma,xz"
 
+CVE_PRODUCT = "twibright_labs:links twibright:links links:links"
+
 inherit autotools pkgconfig
diff --git a/meta-oe/recipes-support/links/links_2.29.bb b/meta-oe/recipes-support/links/links_2.29.bb
index 311d84e484..e3a15d1819 100644
--- a/meta-oe/recipes-support/links/links_2.29.bb
+++ b/meta-oe/recipes-support/links/links_2.29.bb
@@ -9,5 +9,3 @@ EXTRA_OECONF = "--enable-graphics \
                 --without-directfb --without-pmshell --without-atheos \
                 --without-x"
 SRC_URI[sha256sum] = "22aa96c0b38e1a6f8f7ed9d7a4167a47fc37246097759ef6059ecf8f9ead7998"
-
-CVE_STATUS[CVE-2008-3319] = "cpe-incorrect: The recipe used in the `meta-openembedded` is a different links package compared to the one which has the CVE issue."
diff --git a/meta-python/recipes-devtools/python/python3-icontract_2.6.6.bb b/meta-python/recipes-devtools/python/python3-icontract_2.7.2.bb
index 5075a1a6a1..b906be4ac2 100644
--- a/meta-python/recipes-devtools/python/python3-icontract_2.6.6.bb
+++ b/meta-python/recipes-devtools/python/python3-icontract_2.7.2.bb
@@ -7,7 +7,7 @@ PR = "r0"
 
 inherit pypi setuptools3
 PYPI_PACKAGE = "icontract"
-SRC_URI[sha256sum] = "c1fd55c7709ef18a2ee64313fe863be2668b53060828fcca3525051160c92691"
+SRC_URI[sha256sum] = "281ec16f1d09bbcca7a4227e82cd10b4d5fb291f638df77c29b7acf493dd3178"
 
 RDEPENDS:${PN} += "python3-asttokens"
 
diff --git a/meta-python/recipes-devtools/python/python3-rich-toolkit_0.15.1.bb b/meta-python/recipes-devtools/python/python3-rich-toolkit_0.15.1.bb
new file mode 100644
index 0000000000..b649d41575
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-rich-toolkit_0.15.1.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Rich toolkit for building command-line applications"
+HOMEPAGE = "https://github.com/patrick91/rich-toolkit"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://pyproject.toml;md5=29c91c89ee62891477a1476375143bef;beginline=6;endline=6"
+
+SRC_URI[sha256sum] = "6f9630eb29f3843d19d48c3bd5706a086d36d62016687f9d0efa027ddc2dd08a"
+
+inherit pypi python_hatchling ptest-python-pytest
+
+PYPI_PACKAGE = "rich_toolkit"
+
+RDEPENDS:${PN} = "\
+    python3-click \
+    python3-rich \
+    python3-typing-extensions \
+    python3-inline-snapshot \
+"