summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* memcached: upgrade 1.6.17 -> 1.6.33Peter Marko2024-12-203-116/+10
| | | | | | | | | Solves CVE-2023-46852 and CVE-2023-46853. Upgrade done via "devtool upgrade". Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memcached: add UPSTREAM_CHECK_URIPeter Marko2024-12-201-0/+2
| | | | | | | | Download URL is not listable so devtool upgrade fails. Using homepage works as it contains link to latest release, Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: mark CVE-2024-8443 as fixedPeter Marko2024-12-201-0/+2
| | | | | | | | | | | | | | | | | NVD tracks this CVE as version-less. Per [1] this is fixed by following commits: $ git tag --contains b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc 0.26.0 0.26.0-rc1 $ git tag --contains 02e847458369c08421fd2d5e9a16a5f272c2de9e 0.26.0 0.26.0-rc1 [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2024-8443 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: upgrade 0.25.1 -> 0.26.0Peter Marko2024-12-201-2/+2
| | | | | | | | Solves CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619 and CVE-2024-45620. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* postgresql: upgrade 16.4 -> 16.5Yogita Urade2024-12-202-4/+4
| | | | | | | | | | | | | | Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978 and CVE-2024-10979 Changelog: https://www.postgresql.org/docs/release/16.5/ 0003-configure.ac-bypass-autoconf-2.69-version-check.patch Refreshed for 16.5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* 7zip: Fix build with clangKhem Raj2024-12-202-18/+32
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfce4-pulseaudio-plugin: Fix build with libwindowing 4.19.6Khem Raj2024-12-192-0/+26
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* emlog: set CVE_PRODUCTPeter Marko2024-12-191-0/+2
| | | | | | | | This will remove false-positive CVE-2024-50655 from reports. There are different emlog components from other vendors around. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memcached: ignore disputed CVE-2022-26635Peter Marko2024-12-191-0/+2
| | | | | | | | | | | | | | Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] https://github.com/php-memcached-dev/php-memcached/issues/519 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* swagger-ui: mark CVE-2016-1000229 as fixedPeter Marko2024-12-191-0/+2
| | | | | | | | as per https://github.com/swagger-api/swagger-ui/issues/1865 NVD tracks this CVE as version-less. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: ignore disputed CVE CVE-2007-0086Peter Marko2024-12-191-0/+1
| | | | | | | | | | | | | | | | This CVE is officially disputed by Redhat with official statement in https://nvd.nist.gov/vuln/detail/CVE-2007-0086 Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice-gtk: mark CVE-2012-4425 as fixedPeter Marko2024-12-191-0/+2
| | | | | | | | | | It is fixed by [1] since 0.15.3. NVD tracks this CVE as version-less. [1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* redis: ignore CVE-2022-0543Peter Marko2024-12-191-0/+1
| | | | | | | | This is Debian-specific CVE. NVD tracks this CVE as version-less. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* monkey: ignore CVE-2013-1771Peter Marko2024-12-191-0/+1
| | | | | | | | This is gentoo specific CVE. NVD tracks this as version-less CVE. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gattlib: mark CVE-2019-6498 as fixedPeter Marko2024-12-191-0/+2
| | | | | | | | | | | | | | Our hash does not point to exact tag and CVE patch is already in. We use: 33a8a275928b186381bb0aea0f9778e330e57ec3 Fix: https://github.com/labapart/gattlib/commit/60b813a770e42fdb0e85c1d2da7a55327784b8d6 git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6 v0.2-262-g33a8a27 v0.2-85-g60b813a Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spice: ignore CVE-2016-0749Peter Marko2024-12-191-0/+1
| | | | | | | | | | | NVD tracks this as version-less CVE for spice. It was fixed by [1] and [2] included in 0.13.2. [1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e [2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: remove old version references from CVEsPeter Marko2024-12-191-7/+7
| | | | | | | | These were not updated on recipe upgrade. To make maintenance easier, remove exact versions. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: ignore CVE-1999-0678 and CVE-1999-1412Peter Marko2024-12-191-0/+2
| | | | | | | These CVEs are specific to Debian and MAC OS X respectively. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ace: ignore CVE-2009-1147Peter Marko2024-12-191-0/+2
| | | | | | | This CVE is for vmware ace. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* android-tools: fix warning: library search path "/usr/lib/p7zip" is unsafe ↵Hongxu Jia2024-12-191-11/+18
| | | | | | | | | for cross-compilation Refresh local patch to remove '-L/usr/lib/p7zip' Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Update p7zip to 7zipHongxu Jia2024-12-194-5/+5
| | | | | | | | Due to commit [Use 7zip 2409 to replace p7zip 16.02] applied, update affected recipes Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Use 7zip 24.09 to replace p7zip 16.02Hongxu Jia2024-12-1910-461/+111
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to DOC/readme.txt [1]: 7-Zip and p7zip =============== Now there are two different ports of 7-Zip for Linux/macOS: 1) p7zip - another port of 7-Zip for Linux, made by an independent developer. The latest version of p7zip now is 16.02, and that p7zip 16.02 is outdated now. http://sourceforge.net/projects/p7zip/ 2) 7-Zip for Linux/macOS - this package - it's new code with all changes from latest 7-Zip for Windows Add recipe 7-zip [2] to instead of recipe p7zip[3] in which the upstream is dead since 2016 Use git repo to instead of tarball Drop obsolete patches - CVE-2016-9296.patch - CVE-2017-17969.patch - CVE-2018-5996.patch - change_numMethods_from_bool_to_unsigned.patch - 0001-Fix-two-buffer-overflow-vulnerabilities.patch - 0001-Fix-narrowing-errors-Wc-11-narrowing.patch License-Update: DOC/License.txt: Add BSD-2-Clause & BSD-3-Clause The codec libraries was removed since 21.02 [4] Refer debian to compile 7-zip [5] Add link 7z.so to lib7z.so and create wrapper to command 7z which required running with absolute path to link the library 7z.so [1] https://salsa.debian.org/debian/7zip/-/blob/master/DOC/readme.txt?ref_type=heads [2] https://sourceforge.net/projects/p7zip/ [3] https://www.7-zip.org/ [4] https://github.com/p7zip-project/p7zip/commit/6c6ed1eba9ff0c0ded9323600f1f3c686d6b6692 [5] https://salsa.debian.org/debian/7zip/-/blob/master/debian/rules Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfce4-panel: 4.18.6 -> 4.20.0Kai Kang2024-12-193-38/+36
| | | | | | | | | | | | | | | Upgrade xfce4-panel from 4.18.6 to 4.20.0: * add dependency libxfce4windowing * set GDBUS_CODEGEN for configure * rebase patches as well The change log is at: https://gitlab.xfce.org/xfce/xfce4-panel/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfdesktop: 4.18.1 -> 4.20.0Kai Kang2024-12-191-1/+8
| | | | | | | | | | | Upgrade xfdesktop from 4.18.1 to 4.20.0: * add dependency libxfce4windowing * set variables from glib-2.0.pc in EXTRA_OECONF since paths have been removed from the .pc file in oe-core Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libxfce4windowing: add recipeKai Kang2024-12-191-0/+24
| | | | | | | | Add recipe for libxfce4windowing 4.20.0 which is required by other xfce4 components such as xfce4-session, xfdesktop etc. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfce4-dev-tools: 4.18.1 -> 4.20.0Kai Kang2024-12-191-3/+3
| | | | | | | | | | | | | Upgrade xfce4-dev-tools from 4.18.1 to 4.20.0: * add dependency meson-native The change log is at: https://gitlab.xfce.org/xfce/xfce4-dev-tools/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfwm4: 4.19.0 -> 4.20.0Kai Kang2024-12-191-1/+1
| | | | | | | | | | | | | | | | | 4.20.0 (2024-12-15) ====== - Translation Updates: Finnish, Portuguese, Romanian 4.19.1 (2024-12-01) ====== - I18n: Update po/LINGUAS list - hints: Fix buffer overflow in XChangeProperty - Translation Updates: Finnish, Kurdish, Polish, Sinhala, Telugu, Vietnamese Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfce4-settings: 4.18.3 -> 4.20.0Kai Kang2024-12-192-44/+8
| | | | | | | | | | | | | | | | Upgrade xfce4-settings from 4.18.3 to 4.20.0: * remove patch which has been applied in upstream already https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/d1a04d4 * set GDBUS_CODEGEN in EXTRA_OECONF * add PACKAGECONFIG wayland The change log is at: https://gitlab.xfce.org/xfce/xfce4-settings/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfconf: 4.18.2 -> 4.20.0Kai Kang2024-12-191-3/+5
| | | | | | | | | | | | | | Update xfconf from 4.18.2 to 4.20.0: * update EXTRA_OECONF to remove legacy perl setting, and add config for gdbug-codegen The change log is at: https://gitlab.xfce.org/xfce/xfconf/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libnfs: Add gnutls build time dependencyKhem Raj2024-12-191-0/+2
| | | | | | It does not build without it. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* lua-lgi: Disable on architecture without luajit portKhem Raj2024-12-191-0/+6
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libp11: update 0.4.12 -> 0.4.13Wang Mingyu2024-12-192-32/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | 0001-detect-correct-openssl-3.x.patch removed since it's included in 0.4.13 Changelog: ========= - Increased maximum PIN length - Fixed several memory leaks - Don't include libp11.rc VERSIONINFO into pkcs11 - Reimplement CI with GitHub Actions - Improved tests - Added static ENGINE (libpkcas11.a) build - Added a workaround broken foreign key handling in OpenSSL 3.0.12-3.0.13, 3.1.4-3.1.5, 3.2.0-3.2.1 - Added a workaround for conflicting atexit() callbacks - Always login with PIN If FORCE_LOGIN is specified in openssl config - Added OAEP support to RSA_private_decrypt - Added PKCS11_enumerate_*_ext functions - Fixed non-null-terminated label padding - Fixed several object management issues - Deferred libp11 initialization until needed Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libpeas: Disable lua support on architectures without luajit portKhem Raj2024-12-191-0/+5
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gpiod-sysfs-proxy: update v0.1.1 -> v0.1.2Bartosz Golaszewski2024-12-191-1/+1
| | | | | | | Small bugfix release addressing some corner-cases spotted in testing. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-oe: Remove libpeas from packagegroup-meta-oe-gnomeKhem Raj2024-12-191-1/+0
| | | | | | all libpeas recipes are in meta-gnome now. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gedit: build with libpeas-1Markus Volk2024-12-191-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* eog: build with libpeas-1Markus Volk2024-12-191-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* geary: build with libpeas-1Markus Volk2024-12-191-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* packagegroup-meta-oe: adjust after libpeas updateMarkus Volk2024-12-191-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfce4-power-manager: 4.18.2 -> 4.20.0Kai Kang2024-12-191-3/+6
| | | | | | | | | | | | | | | | | Upgrade xfce4-power-manager from 4.18.2 to 4.20.0: * remove configure option `--enable-network-manager` which has been removed from upstream https://gitlab.xfce.org/xfce/xfce4-power-manager/-/commit/cc9921a * set variable GDBUS_CODEGEN for configure * add PACKAGECONFIG wayland The change log is at: https://gitlab.xfce.org/xfce/xfce4-power-manager/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xfce4-appfinder: 4.19.3 -> 4.20.0Kai Kang2024-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | 4.20.0 (2024-12-15) ====== - Translation Updates: Finnish, Hebrew, Polish, Ukrainian 4.19.4 (2024-12-01) ====== - Fix buffer overflow and leaks (#92) - I18n: Update po/LINGUAS list - Translation Updates: Albanian, Amharic, Arabic, Armenian (Armenia), Asturian, Basque, Belarusian, Bulgarian, Catalan, Chinese (China), Chinese (Hong Kong), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, Eastern Armenian, English (Australia), English (Canada), English (United Kingdom), Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hindi, Hungarian, Icelandic, Indonesian, Interlingue, Italian, Japanese, Kazakh, Korean, Lithuanian, Malay, Norwegian Bokmål, Norwegian Nynorsk, Occitan (post 1500), Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Telugu, Thai, Turkish, Ukrainian, Uyghur, Vietnamese Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tumbler: 4.18.0 -> 4.20.0Kai Kang2024-12-191-1/+3
| | | | | | | | | | | | Update tumbler from 4.18.0 to 4.20.0. And set variable GDBUS_CODEGEN for configure. Change log is at: https://gitlab.xfce.org/xfce/tumbler/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* thunar-volman: 4.18.0 -> 4.20.0Kai Kang2024-12-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 4.20.0 (2024-12-15) ====== - Translation Updates: Finnish, Portuguese 4.19.1 (2024-12-01) ====== - Translation Updates: Spanish, Vietnamese 4.19.0 (2024-11-01) ====== - build: Fix deprecation warning - build: Bump requirements for Xfce 4.20 - build: Use XDT_VERSION_INIT and get rid of configure.ac.in - README: correct documentation URL - settings: make `option_entries` NULL-terminated - tvm-input-device: Avoid criticals when ID_MODEL missing (#25) - I18n: Update po/LINGUAS list - build: Get rid of intltool - Add icons at missing sizes, clean up SVG metadata - Declare use of function (fixes #24) - settings: Fix critical warning when closing embedded dialog - Update bug report address - Translation Updates: Asturian, Croatian, English (Canada), Greek, Italian, Polish, Portuguese, Russian Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* thunar: 4.19.0 -> 4.20.0Kai Kang2024-12-191-1/+1
| | | | | | | | | Upgrade thunar from 4.19.0 to 4.20.0. The change log is at: https://gitlab.xfce.org/xfce/thunar/-/blob/master/NEWS Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xkbevd: upgrade 1.1.5 -> 1.1.6Wang Mingyu2024-12-191-1/+1
| | | | | | | | | | | | | | Changelog: ========== - Use _stricmp() instead of strcasecmp() on Windows - Accept --help & --version as aliases to -help & -version - evargs.c: constify pointer arguments that aren't modified - evargs.c: Use standard strchr() instead of deprecated index() - Remove detectableRepeat variable - Assume target platforms have strcasecmp now Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tinysparql: upgrade 3.8.1 -> 3.8.2Wang Mingyu2024-12-192-5/+5
| | | | | | | | | | | | | 0001-fix-reproducibility.patch refreshed for 3.8.2 Changelog: =========== * Hide again unintentionally leaked tracker_http_* symbols * Doc building improvements Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* stunnel: upgrade 5.73 -> 5.74Wang Mingyu2024-12-192-5/+5
| | | | | | | | | | | | | | | fix-openssl-no-des.patch refreshed for 5.74 * Bugfixes - Fixed a stapling cache deallocation crash. - Fixed "redirect" with protocol negotiation. * Features - "protocolHost" support for "socks" protocol clients. - More detailed logs in OpenSSL 3.0 or later. Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pybind11-json: upgrade 0.2.14 -> 0.2.15Wang Mingyu2024-12-191-1/+1
| | | | | | | | | | | Changelog: ========== - Avoid crash when converting dict with circular reference - ci: use pixi in CI - Mention nanobind's solution Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openjpeg: upgrade 2.5.2 -> 2.5.3Wang Mingyu2024-12-191-1/+1
| | | | | | | | Changelog: https://github.com/uclouvain/openjpeg/blob/v2.5.3/NEWS.md Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nanopb-generator(-runtime): upgrade 0.4.9 -> 0.4.9.1Wang Mingyu2024-12-193-2/+2
| | | | | | | | | | | | Changelog: ========== - Fix memory not released on error return from pb_decode_ex() - Fix deprecated MakeClass() call in generator - Fix compiler error with enums and --c-style - Fix version conflict with bazel build rules Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-08 19:07:11 +0000