Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next 2025-08-02T17:37:04+00:00 2025-08-02T17:37:04+00:00 Peter Marko peter.marko@siemens.com 2025-07-13T09:48:12+00:00 urn:sha1:205638f9edf8e1aa1fbcf28555625fe56f2701a5 Pick commit mentioned in [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Peter Marko peter.marko@siemens.com 2025-07-13T09:48:11+00:00 urn:sha1:37b138014be204014ee3df784a4d1c9d0f4dba23 These tests are failing and thus preventing verification of new patches. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Peter Marko peter.marko@siemens.com 2025-07-12T12:56:57+00:00 urn:sha1:e67921006fa5b0be862de0d4afe7de4d988f9d28 Same patch as in spdlog recipe. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Peter Marko peter.marko@siemens.com 2025-07-12T12:56:56+00:00 urn:sha1:1fb08208681dd042d35b22c521208044b1cf3500 Pick commit [1] mentioned in [2] as listed in [3]. [1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094 [2] https://github.com/gabime/spdlog/issues/3360 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Peter Marko peter.marko@siemens.com 2025-07-12T09:45:32+00:00 urn:sha1:ba84c52d551eaeb9a642b3360fc63719abe06983 Pick commit [1] from [2] which fixes [3] as listed in [4]. [1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928 [2] https://github.com/obgm/libcoap/pull/1352 [3] https://github.com/obgm/libcoap/issues/1351 [4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Yogita Urade yogita.urade@windriver.com 2025-07-11T11:28:42+00:00 urn:sha1:c8a1b909ec78973c9de668d92d9b39a5b005c6d8 Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-52886 https://security-tracker.debian.org/tracker/CVE-2025-52886 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Hitendra Prajapati hprajapati@mvista.com 2025-07-11T06:01:13+00:00 urn:sha1:21e370fd3c60ef59216a7633c4bbd2356ea92a6b VMware Tools contains an insecure file handling vulnerability. \xa0A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-22247 Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Guocai He guocai.he.cn@windriver.com 2025-07-23T02:18:37+00:00 urn:sha1:c781171d34dc4e1b4074c48b5e392198c0458498 File conflicts between attempted installs of mariadb and lib32-mariadb Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (master rev: ddd322323eba44542b6b631d455e3298c50c4535) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Swamil Jain s-jain1@ti.com 2025-07-21T17:32:58+00:00 urn:sha1:958ef90ab0e83ba7cdc8b1a4abcc34fb2b1d5c0e Earlier both libdrm[1] and kmsxx[2] projects used to provide a binary program called kmstest. To avoid the clash, the kmsxx recipe was updated to rename this binary to kmsxxtest during installation. However libdrm project has now removed kmstest[3] and hence there is no clash in naming anymore, so revert back to original name of binary i.e. kmstest. [1]: https://gitlab.freedesktop.org/mesa/libdrm.git [2]: https://github.com/tomba/kmsxx [3]: https://gitlab.freedesktop.org/mesa/libdrm.git commit: 2b997bb4bb688be00620887c8646ff24ccb9396b Signed-off-by: Swamil Jain <s-jain1@ti.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-08-02T17:37:04+00:00 Yogita Urade yogita.urade@windriver.com 2025-07-21T09:40:53+00:00 urn:sha1:7b57b8f1069f29981623ee30c6dd24b7781ed958 This upgrade includes fix for CVE-2023-52969, CVE-2023-52970 and CVE-2023-52971 Changelog: https://mariadb.com/kb/en/mariadb-10-11-12-changelog/ refresh 0001-Add-missing-includes-cstdint-and-cstdio.patch Droped mm_malloc.patch and ppc-remove-glibc-dep.patch (Commit ID: https://github.com/MariaDB/server/commit/dff354e7df2fa774ce4da77202a17e2cae99ac59) as these changes are available in 10.11.12 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>