summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* flatpak: add PACKAGECONFIG for dconfMarkus Volk2026-04-031-2/+1
| | | | | | | | Disable by default to avoid a requirement for meta-gnome Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-cbor2: patch CVE-2026-26209Hitendra Prajapati2026-04-033-0/+886
| | | | | | | | | | | | | | | | Backport the patch[1] which fixes this vulnerability as mentioned in the comment[3]. Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26209 [1] https://github.com/agronholm/cbor2/commit/e61a5f365ba610d5907a0ae1bc72769bba34294b [2] https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824 (pre patch) [3] https://github.com/agronholm/cbor2/pull/275 Dropped changes to the changelog from the original commit. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* giflib: Fix CVE-2026-23868Vijay Anusuri2026-04-032-0/+35
| | | | | | | | | | Pick patch according to [1] [1] https://www.facebook.com/security/advisories/cve-2026-23868 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: Fix CVE-2026-0966Vijay Anusuri2026-04-034-0/+174
| | | | | | | | | | Pick commits according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-0966 [2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: Fix CVE-2026-0964Vijay Anusuri2026-04-032-0/+47
| | | | | | | | | | Pick commits according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-0964 [2] https://www.libssh.org/security/advisories/CVE-2026-0964.txt Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp: remove 0001-Fix-const-qualifier-error.patchMartin Jansa2026-04-032-58/+0
| | | | | | | | | | | | Instead of fixing the build with clang this is now breaking it after 2.11.8 commit: https://github.com/FreeRDP/FreeRDP/commit/67818bddb31900cdf3acb26cb0b673cc90b71cc9 freerdp/2.11.8/git/client/Wayland/wlfreerdp.c:637:19: error: incompatible function pointer types assigning to 'OBJECT_NEW_FN' (aka 'void *(*)(const void *)') from 'void *(void *)' [-Wincompatible-function-pointer-types] 637 | obj->fnObjectNew = uwac_event_clone; | ^ ~~~~~~~~~~~~~~~~ Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* bluealsa: fix QA issue staticdevMatthias Proske2026-03-241-0/+1
| | | | | | | | | | | | | | | | | | | | | When building bluealsa with building static libraries NOT disabled, you get the following error: ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package contains static .a library: bluealsa path '/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev] ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package contains static .a library: bluealsa path '/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev] ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found, failing task. Fix this by explicitly putting these files in the -staticdev package. Signed-off-by: Matthias Proske <matthias.p@variscite.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1a9744b3cabd440ff0cece448a3b9717da8cfd97) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* krb5: fix build with gcc-15Martin Jansa2026-03-242-0/+10804
| | | | | | | | | | | | | | | * fixes: http://errors.yoctoproject.org/Errors/Details/848727/ ss_internal.h:88:6: error: conflicting types for 'ss_delete_info_dir'; have 'void(void)' 88 | void ss_delete_info_dir(); | ^~~~~~~~~~~~~~~~~~ ... Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f26536c2f6f0617610fca95e5bb6953e843f9288) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* lldpd: fix xml PACKAGECONFIG dependencyAviv Daum2026-03-241-1/+1
| | | | | | | | | | | | | | The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a valid dependency in OE. Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the correct provider. Signed-off-by: Aviv Daum <aviv.daum@gmail.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit cec3e0fd96650a133c6b0d60eb2b52d1aa7cd742) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libde265: patch CVE-2025-61147Gyorgy Sarvari2026-03-242-1/+86
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147 Backport the patch referenced by the NVD advisory. Note that this is a partial backport - only the parts that are used by the application, and without pulling in c++17 headers. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* mariadb: upgrade 10.11.12 -> 10.11.16Gyorgy Sarvari2026-03-245-8/+8
| | | | | | | | | | | | | 10.11 is an LTS version of MariaDB. This upgrade is part of that commitment. Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.16 https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15 https://mariadb.com/docs/release-notes/community-server/10.11/10.11.14 https://mariadb.com/docs/release-notes/community-server/10.11/10.11.13 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libjxl: mark CVE-2025-12474 and CVE-2026-1837 patchedGyorgy Sarvari2026-03-241-0/+3
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474 https://nvd.nist.gov/vuln/detail/CVE-2026-1837 Both vulnerabilities have been fixed in 0.10.5. Relevant commits: CVE-2025-12474: https://github.com/libjxl/libjxl/commit/5ce68976a5abfaea7b3086036ab9f6543ab5b29e CVE-2026-1837: https://github.com/libjxl/libjxl/commit/36b0cecaa12f643d03c16bd32e5f83775c912b07 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libnice: make crypto library configurable via PACKAGECONFIGSujeet Nayak2026-03-241-1/+4
| | | | | | | | | | | Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting to gnutls. This allows users to select openssl as an alternative crypto library by setting PACKAGECONFIG. Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com> Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pillow: fix CVE-2026-25990Hitendra Prajapati2026-03-242-0/+92
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990 Backport commit[1] which fixes this vulnerability as mentioned NVD report in [2]. [1] https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa [2] https://nvd.nist.gov/vuln/detail/CVE-2026-25990 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pyjwt: Fix CVE-2026-32597Hitendra Prajapati2026-03-242-0/+217
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32597 Backport commit[1] which fixes this vulnerability as mentioned in [2]. [1] https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92 [2] https://security-tracker.debian.org/tracker/CVE-2026-32597 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* capnproto: patch CVE-2026-32239 and CVE-2026-32240Gyorgy Sarvari2026-03-242-1/+163
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239 https://nvd.nist.gov/vuln/detail/CVE-2026-32240 Backport the patch that is referenced by the NVD advisories. (Same patch for both vulnerabilities) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openjpeg: patch CVE-2023-39327Gyorgy Sarvari2026-03-242-0/+52
| | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327 Take the patch that is used by OpenSUSE to mitigate this vulnerability. Upstream seems to be unresponsive to this issue. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit fdddf2bdd3dea0ac53effbae904b4dcf0e8adf45) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hiawatha: fix SRC_URIGyorgy Sarvari2026-03-241-1/+1
| | | | | | | The tarball was moved to a new folder on the source server. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: patch CVE-2025-69204Gyorgy Sarvari2026-03-242-0/+72
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: patch CVE-2025-68950Gyorgy Sarvari2026-03-242-0/+26
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68950 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: patch CVE-2025-68618Gyorgy Sarvari2026-03-242-0/+110
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618 Backport the commit that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiv2: patch CVE-2026-27631Gyorgy Sarvari2026-03-243-0/+91
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631 Backport the patches referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiv2: patch CVE-2026-27596Gyorgy Sarvari2026-03-243-0/+97
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596 Backport the commits referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiv2: patch CVE-2026-25884Gyorgy Sarvari2026-03-243-0/+98
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884 Backport the commits referenced by the NVD advisory. One of the patches contain some binary data (for test data), which needs to be applied with git PATCHTOOL. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* ettercap: patch CVE-2026-3603Gyorgy Sarvari2026-03-242-1/+51
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606 Pick the commit that is marked to solve the related Github issue[1]. Its commit message also references the CVE ID explicitly. [1]: https://github.com/Ettercap/ettercap/issues/1297 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: Fix CVE-2026-3731Vijay Anusuri2026-03-243-0/+148
| | | | | | | | | | Pick commits according to [1] [1] https://security-tracker.debian.org/tracker/CVE-2026-3731 [2] https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark: Fix CVE-2026-0960Hitendra Prajapati2026-03-242-0/+44
| | | | | | | | | | Pick patch from [1] also mentioned in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20944 [2] https://security-tracker.debian.org/tracker/CVE-2026-0960 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.2.29 -> 8.2.30Gyorgy Sarvari2026-03-244-222/+1
| | | | | | | | | | | | | | | Drop patches that are included in this release. Changes: https://www.php.net/ChangeLog-8.php#8.2.30 - Curl: Fix curl build and test failures with version 8.16. - Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). - PDO: PDO quoting result null deref - CVE-2025-14180 - Null byte termination in dns_get_record() - Heap buffer overflow in array_merge() - CVE-2025-14178 - Information Leak of Memory in getimagesize - CVE-2025-14177 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark: Fix CVE-2026-3201Hitendra Prajapati2026-03-242-0/+56
| | | | | | | | | | | | Pick patch from [1] also mentioned in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20972 [2] https://security-tracker.debian.org/tracker/CVE-2026-3201 More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nativesdk-pistache: dependency with brotliChristos Gavros2026-03-241-1/+1
| | | | | | | | | | | | Building of nativesdk-pistache aborted due to missing dependency with brotli. Fixed by extending brotli recipe to build nativesdk Signed-off-by: Christos Gavros <gavrosc@yahoo.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit cf95ee0ff541289c9423e463b1ee607b642ad1f0) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* yasm: extend recipe for nativesdk buildsDeepak Rathore2026-03-241-1/+1
| | | | | | | | | | | | | Some SDK dependency chains require yasm to be available as SDK artifacts. The current metadata only partially provides this, which can lead to dependency resolution failures when this recipe is pulled into SDK-oriented builds. This change does not alter target package behavior; it only enables required nativesdk variant for build and SDK integration paths. Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* vlc: ignore CVE-2026-26227 and CVE-2026-26228Gyorgy Sarvari2026-03-241-0/+3
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227 https://nvd.nist.gov/vuln/detail/CVE-2026-26228 Both vulnerabilities affect only the Android version of VLC, not the other ones. Because of this, ignore these CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: add additional patch for CVE-2026-0797Gyorgy Sarvari2026-03-243-1/+64
| | | | | | | | | | There is an additional patch for CVE-2026-0797, which is not mentioned in the CVE advisory, nor in the related issue nor in the related PR, however both the change, and the commit message shows that this is a continuation of the original fix, which was incomplete. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* sassc: ignore CVE-2022-43357Peter Marko2026-03-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] https://github.com/sass/libsass/issues/3177 [3] https://github.com/sass/libsass/pull/3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 576b84263bac4dda26d84d116a9e7628a126f866) Scarthgap has also the fixed libsass version (3.6.6), the CVE can be considered fixed. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* spice: set CVE-2016-2150 status to fixedPeter Marko2026-03-241-0/+1
| | | | | | | | | | | | | | | | | | | Debian has fixed this CVE with [1]. That patch is taken from [2]. .../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13 v0.13.1-190-g69628ea1 .../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13 v0.13.2 [1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/ [2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e44f3251b552773fe9346fdf7aab244377cf6007) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* spice: ignore CVE-2016-0749Peter Marko2026-03-241-0/+1
| | | | | | | | | | | | | | NVD tracks this as version-less CVE for spice. It was fixed by [1] and [2] included in 0.13.2. [1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e [2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 073e8452748132a93103e5db32dc9980c84d201c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* spice-gtk: mark CVE-2012-4425 as fixedPeter Marko2026-03-241-0/+2
| | | | | | | | | | | | | It is fixed by [1] since 0.15.3. NVD tracks this CVE as version-less. [1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7e17f8cec02d20813fb8368ccc1c5ae27b291383) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* streamripper: ignore CVE-2020-37065Gyorgy Sarvari2026-03-241-0/+2
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065 The vulnerability is about a 3rd party Windows-only GUI frontend for the streamripper library, and not for the CLI application that the recipe builds. Due to this ignore this CVE. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1571c1a8e5e876db9db744d0a3e3256ac585242b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 4.2.28 -> 4.2.29Gyorgy Sarvari2026-03-242-1/+1
| | | | | | | Contains fiuxes for CVE-2026-25673 and CVE-2026-25674. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* protobuf: ignore CVE-2026-0994Gyorgy Sarvari2026-03-241-0/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994 The vulnerability impacts only the python bindings of protobuf, which is in a separate recipe (python3-protobuf, where it is patched). Ignore this CVE in this recipe due to this. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 398fa05aa8bf7ce17dc40ed99edfc6a88feeb541) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libjxl: upgrade 0.10.2 -> 0.10.5Gyorgy Sarvari2026-03-243-188/+2
| | | | | | | | | | | | | | | | | | | | | Bug fix release, mostly CVE fixes. Drop patches that are included. Changelog: 0.10.5: fix tile dimension in low memory rendering pipeline (CVE-2025-12474) fix number of channels for gray-to-gray color transform (CVE-2026-1837) djxl: reject decoding JXL files if "packed" representation size overflows size_t 0.10.4: Huffman lookup table size fix (CVE-2024-11403) Check height limit in modular trees (CVE-2024-11498) 0.10.3: fixed decoding of some special images Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* keepalived: patch CVE-2024-41184Gyorgy Sarvari2026-03-245-0/+317
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184 Backport the patches referenced by upstream in the bug mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gnome-shell: ignore CVE-2021-3982Gyorgy Sarvari2026-03-241-0/+1
| | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982 The vulnerability is about a privilege escalation, in case the host distribution sets CAP_SYS_NICE capability on the gnome-shell binary. OE distros don't do that, and due to this this recipe is not affected by this issue. The CVE is ignored. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4d6e24106c78eed3b9d9a36115df8d2f057f5178) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2026-2048Gyorgy Sarvari2026-03-242-0/+85
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2048 Pick the patch from the relevant upstream issue[1]; [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: ignore CVE-2026-2047Gyorgy Sarvari2026-03-241-0/+1
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047 The vulnerability exists in ICNS importer, which was first introduced in version 3.0 [1], and the code is not present in the recipe version. Due to this, ignore this CVE. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2026-2045Gyorgy Sarvari2026-03-242-0/+37
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2045 Pick the patch associated with the relevant upstream issue[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2026-2044Gyorgy Sarvari2026-03-242-0/+29
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2044 Pick the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2026-0797Gyorgy Sarvari2026-03-242-0/+92
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797 The patch referenced in the NVD report looks incorrect. This change in this patch was taken from the related upstream issue[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-2761Gyorgy Sarvari2026-03-242-0/+35
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761 Pick the patch from the relevant upstream bug[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-2760Gyorgy Sarvari2026-03-243-0/+124
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2760 Use the fixes from Debian. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>