Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=whinlatter 2026-04-24T15:43:21+00:00 2026-04-24T15:43:21+00:00 Jörg Sommer joerg.sommer@navimatix.de 2026-04-16T05:29:20+00:00 urn:sha1:d861698ab8d4bbdda13f93747390f3f095f1f48f In case $sbindir = $bindir we have to pass this setting to make. Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit d09f50438f5d6bda37413e583776f177c3ccd343) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:21+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-20T06:27:37+00:00 urn:sha1:c72fd80a5c2b949fae7b5431d7af4be4f9425bb0 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979 Backport the patch that is referenced by the NVD advisory.y Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 2b1e34f0f51b103fa37f163cdccdeebf821ac7c1) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:21+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-20T06:27:36+00:00 urn:sha1:2732cd42eca8956097cd30758d313f4b215deffd Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 8d399af3337b25d71f8cd4308b9788ac4e88b730) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-20T06:27:35+00:00 urn:sha1:f251c270256ff57bd1621415b4445e5f4b178c34 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947 Backport the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 525e18ce214213193d9a280de3bfd2deb847110e) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-20T06:27:34+00:00 urn:sha1:c5475650885213ef6e8be8de60ae536e7d360e07 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit e94ab85126f12d77253107084dc8463c79b3e776) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Peter Kjellerstedt pkj@axis.com 2026-04-08T17:47:32+00:00 urn:sha1:1574d0ed556b3afcaa28b956ba4a93462ad3d22a There is a bug (see https://github.com/jqlang/jq/issues/434), which results in an empty version being used if autoreconf is run on the jq sources when using a release tar ball. The incorrect assumption is that autoreconf is only used when fetching the code using Git. The empty version results in an incorrect libjq.pc file being created where the version is not set, which results in, e.g., `pkgconf --libs 'libjq > 1.6'` failing even if version 1.8.1 of jq is actually installed. Switch to fetching the code using Git to workaround the bug. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit ed33569f822a3a8d41f82f6980a046d17aca37d5) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Jason Schonberg schonm@gmail.com 2026-04-11T15:46:58+00:00 urn:sha1:4c4eaf1d21613ee31b45eeced70cf65479c44ed2 This is a bug fix release. Changelog: https://www.php.net/ChangeLog-8.php#8.4.20 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-09T08:36:45+00:00 urn:sha1:a23083428f9a494e42d0d1fbc1af6743e65cf003 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 Backport the commit that mentions this CVE ID explicitly in its message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-04-07T09:19:13+00:00 urn:sha1:6c4868d3f7a9d60a1cc22a8a273ae5e5c59c199f All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712, which does not affect v22 series, because it was introduced in a later version[2]. All these CVEs are tracked without version info by NVD at the time of creating this patch. [1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md [2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-24T15:43:20+00:00 Jason Schonberg schonm@gmail.com 2026-04-07T09:19:12+00:00 urn:sha1:2c70222d32886a2f8f6698c2a563e9ea61cd791b This is the March 2026 security release. 2 high severity issues. 5 medium severity issues. 2 low severity issues. High priority fixes: CVE-2026-21637 CVE-2026-21710 Medium priority fixes: CVE-2026-21711 (affects only nodejs v25) CVE-2026-21712 (affects only nodejs v24 & v25) CVE-2026-21713 CVE-2026-21714 CVE-2026-21717 Low priority fixes: CVE-2026-21715 CVE-2026-21716 https://nodejs.org/en/blog/vulnerability/march-2026-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit d32cd27eaaa13b296c268df234d2fb2cefa62946) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>