| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69228
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69227
Backport the patch that is referenced by teh NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69226
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69225
Backport the patch that is referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69224
Backport the patch indicated by the NVD advisory.
Only a part of the tests were backported, because some of the
new tests require a compression method that is not supported
yet by this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gimp 3.0.8's meson file detects the presence of libunwind incorrectly,
making it fail on some platforms, even when libunwind is explicitly disabled:
| <snip>i686-oe-linux-musl-ld: app/core/libappcore.a.p/gimpbacktrace-linux.c.o: in function `gimp_backtrace_get_address_info':
| /usr/src/debug/gimp/3.0.8/../sources/gimp-3.0.8/app/core/gimpbacktrace-linux.c:708:(.text+0xbd7): undefined reference to `_ULx86_init_local'
This backported patch fixes this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Reviewed-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
The original SRC_URI's certificate has expired - change it to a working URL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a1baa1c027cba6ba86d92b4ad5c2db0b7bba0d1f)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
The old URL is inoperable since a while - switch to Ubuntu's mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d99c82c0883b3bda89976af17f4114f292f71221)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
The old URL is gone - switch to a working mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fd562c65c60edd774a36860b6daed485247d4bfb)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
The old URL is gone - set a working mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 47efd1f9b8c61d4516cc4f6937431e004c5de856)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
It seems that it won't be fixed, because there is nothing to fix.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the December 2025 security release that the nodejs team released
January 13, 2026.
3 high severity issues.
4 medium severity issues.
1 low severity issue.
High priority fixes:
CVE-2025-55131
CVE-2025-55130
CVE-2025-59465
Medium priority fixes:
CVE-2025-59466
CVE-2025-59464
CVE-2026-21636 *
CVE-2026-21637
Low priority fixes:
CVE-2025-55132
* note that this medium priority CVE only effects Nodejs v25.
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066
The vulnerable code was introduced in version 4.12[1], and
the recipe version is not vulnerable yet. Due to this,
ignore this CVE.
[1]: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503
Pick the patch that explicitly refernces the CVE ID in its message.
(The NVD advisory mentions only the cups-filters patch, but
the developer indicated the CVE ID in the libcupsfilters patch also)
Between this recipe version and the patch the project has decided to
eliminate c++ from the project, and use c only. The patch however
is straightforward enough that it could be backported with very small
modifications.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600
Backport the patch from the PR that is referenced in the NVD advisory.
Note that there are two PRs mentioned: one is the fix, and the other
is just readme update with the CVE ID. The latter wasn't backported.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: change license url to https://imagemagick.org/license/
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c2b4809fe8bb2eaa3ce99807dcafae7aaa880f4b)
Contains fixes for CVE-2026-22770, CVE-2026-23874, CVE-2026-23876
and CVE-2026-23952.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67269
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268
Pick the patch that is referenced by the NVD advisory.
The original commit also contains a lot of commenting style
changes (// vs /* */) and whitespace changes which were removed from
the backport.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059
The patch that is referenced by the NVD report has been backported[1]
to the recipe version, and is included already.
[1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/c9eb407485f6c085adf70c8a334f75ea31565c60
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove cve fixes which are included in this release
- remove the fix for bzip2. meson.build was improved so this is not
required anymore
- inherit bash-completion
This releases contains a lot of bugfixes. The below list is not
exhaustive.
Core:
- Font handling improvements:
* Font loading on start massively sped up.
* As an exception, Skia font family (apparently quite common on macOS)
is special-cased because it behaves weirdly and was not working with
current font handling.
* Various other fixes related to font handling.
* We now wait for fonts to be fully loaded before loading any file.
- Command Line Interface:
* Option -i / --no-interface is not shown anymore on `gimp-console`
binary (it can still be used — it does nothing there anyway —, which
allows to use the same sets of option with the GUI binary, and also
so that existing shell scripts don't break).
* Option --show-debug-menu is not hidden anymore for discoverability.
* The `gimp-3.0` executable can now run with --no-interface even when
no display is available (ex: virtual terminal with no window
manager/compositor, containers, etc.). This used to only work with
`gimp-console-3.0` executable.
- Windows:
* output CLI messages to the parent console like Linux and macOS.
* Ctrl+C signals are now correctly handled in the attached console.
* The attached console supports color too.
* Interpreters are run conditionally if running in console.
- macOS: default to "quartz" Input Method for emoji keyboard support.
- Wayland: wait before we get our first surface before listing input
devices to work around a Wayland limitation and GTK bug.
- Default "Search" feature in GTK3 is now disabled in the component
editor in the Channels dockable.
- Several fixes related to Quick Mask handling.
- Fixed some cases where config migration from GIMP 2 to GIMP 3 was
problematic.
- Several buggy undo cases were fixed.
- Several fixes related to pass-through group layers.
- Export will now be properly triggered even if no drawables are
selected (this is not a requirement anymore with GIMP 3 API).
- Path import and export respectively from and to SVG improved.
- Serialize colors in legacy GimpRGB format into a XCF when the XCF
version is older than GIMP 3 for backward compatibility.
Tools:
- Symmetry: fix initial stroke symmetry when using pixmap brushes.
- Move tool: fixed weird position jumps in some cases.
Graphical User Interface:
- Center buttons in overlay dialogs.
- Headerbar's (when titlebar and menubar are merged) button colors
now match our theme.
- Dialogs' header icon and view will now scale based on custom icon
size.
- Resize dialog: Canvas Size fill combo set to insensitive if layers
won't be resized.
- Navigation and Selection editor will now properly match the theme
(in particular, in dark mode, they won't show large bright area).
- Do not show outlines when hovering the absent "Fx" icon anymore,
which was confusing people into making it look like you could click
and interact with this empty area.
Plug-ins:
- Fixes on: OpenRaster export, TIFF import, Map Object, PDF export,
Gradient Flare, ANI export, Script-Fu, DDS export, Fractal Explorer,
PSP import, ICO import, XWD import, PSD import, WebP export, ICNS
import, Gimpressionist, JPEG 2000 import, Busy Dialog.
- Scale entries have been replaced by spin scale widgets in a bunch of
plug-ins.
- Fixed vulnerabilities: ZDI-CAN-28376, ZDI-CAN-28311, ZDI-CAN-28273,
ZDI-CAN-28158, ZDI-CAN-28232, ZDI-CAN-28265, ZDI-CAN-28530,
ZDI-CAN-28248, PSP issue 15732.
- Script-Fu improved to not initialize UI code unnecessarily (and
therefore make it unusable on systems without a display).
API:
- libgimp:
* Fixes where made in libgimp metadata object.
* Make GExiv2Metadata as parent of GimpMetadata visible to
Gobject-Introspection tools (bindings were missing this
information).
* Fixes made on: gimp_drawable_get_thumbnail(),
gimp_drawable_get_sub_thumbnail(), gimp_drawable_filter_new(),
gimp_proc_view_new(), gimp_procedure_set_sensitivity_mask(),
gimp_procedure_dialog_get_spin_scale().
* Remove thumbnail metadata before writing it on export, to make
sure we don't cary on metadata written by other software in
thumbnails.
- libgimpconfig:
* Improve error messaging on config deserialization.
* Fix gimp_config_serialize_value() when serializing file objects.
* New functions: gimp_config_get_xcf_version() and
gimp_config_set_xcf_version().
- libgimpcolor:
* gimp_color_is_perceptually_identical() docs clarified.
- libgimpbase:
* The host config directory is now shown in MSIX.
* The host config directory is now shown in flatpak.
- libgimpwidgets:
* Fixes made on: GimpLabelEntry, gimp_widget_free_native_handle().
- libgimpcolor:
* New function: gimp_cairo_surface_get_buffer()
* Deprecated function: gimp_cairo_surface_create_buffer() in favor
of gimp_cairo_surface_get_buffer().
The function implementation was also changed so that it does not
necessarily return a linear-memory backed buffer anymore (it
might, but developers should not have any expectation about this).
Build:
- Third-party binary plug-in support in the Snap backported from the
original third-party snap.
- Snap package for release is now created and submitted on a release
pipeline.
- Release URLs added to AppStream metadata.
- We do not build GEGL with Matting Levin for Windows builds anymore
because of crashes.
- Flatpak nightly builds will now show a pseudo-release visible with
`flatpak list`, showing proper version information.
- Windows installer now has a dark mode.
- Update changelog on MS Store (MSIX) releases.
- AppImage now ships with full MIDI support.
- Make it clearer that GExiv2 0.15.0 and over are incompatible
(because of API breakage).
- Improve build to ensure that the language list (shown in
Preferences) is localized during compilation. This also means that a
build machine should be set up for localization at build time when
optional language selection is enabled.
- We now require the generic C++14 standard, and not the GNU variant
anymore.
- MSVC support added.
- Various tweaks which used to be required to make packages work as
relocatable builds were dropped since babl and GEGL now have a
relocatable option working also on Linux.
- The `man` page of GIMP binaries was updated.
- The `gimp-console` binary is now shipped in the Flatpak.
- macOS pipeline added in our Gitlab CI.
- Make sure that harfbuzz is built with libgraphite2 shaper on macOS.
- Generate file associations for macOS automatically.
- A Bash completion file was added for `gimp` and `gimp-console`
binaries.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f8fcc9ccf529455c992e79fc13e77dfc1a8dd9d9)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15270
Pick the patch that mentions this vulnerbaility explicitly
in its description.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15269
Pick the patch that refers to this vulnerability ID explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275
Pick the patch that mentions this vulnerability ID explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15279
Pick the patch that mentions this vulnerability ID explicitly.
Also, this patch has caused some regression - pick the patch also
that fixed that regression.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The checksums are wrong and thus this fails to build.
Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc5132edf7c7464371122ea9af871406fa66635a)
Also rename the license file to avoid clashing with the previous
version in DL_DIR.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes: #1023
Upstream seems to have regenerated the archive, as the checksum no
longer matches the one specified in the recipe:
|WARNING: hdf5-2.0.0-r0 do_fetch: Checksum failure encountered with download of https://support.hdfgroup.org/releases/hdf5/v2_0/v2_0_0/downloads/hdf5-2.0.0.tar.gz - will attempt other sources if available
|WARNING: hdf5-2.0.0-r0 do_fetch: Checksum mismatch for local file /buildcache/downloads/hdf5-2.0.0.tar.gz
|Cleaning and trying again.
|WARNING: hdf5-2.0.0-r0 do_fetch: Renaming /buildcache/downloads/hdf5-2.0.0.tar.gz to /buildcache/downloads/hdf5-2.0.0.tar.gz_bad-checksum_a7a8f43e76e825ea22234bc735d5b184e880d305e33e4c9bb93a3912421c9973
|ERROR: hdf5-2.0.0-r0 do_fetch: Checksum failure fetching https://support.hdfgroup.org/releases/hdf5/v2_0/v2_0_0/downloads/hdf5-2.0.0.tar.gz
|ERROR: hdf5-2.0.0-r0 do_fetch: Bitbake Fetcher Error: ChecksumError('Checksum mismatch!\nFile: \'/buildcache/downloads/hdf5-2.0.0.tar.gz\' has sha256 checksum \'a7a8f43e76e825ea22234bc735d5b184e880d305e33e4c9bb93a3912421c9973\' when \'6e45a4213cb11bb5860)
|ERROR: Logfile of failure stored in: /home/tgamblin/workspace/yocto/openembedded-core/build/tmp/work/x86-64-v3-poky-linux/hdf5/2.0.0/temp/log.do_fetch.2054297
However, the tarballs look identical. Update the hash and be explicit
about downloadfilename to avoid any mirroring issues. A note has been
left that this measure can be removed with a future upgrade.
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f0f02434c892769a307edc6728dd667f9c31a1d1)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
| |
Solves CVE-2026-0994.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change log:
https://github.com/protocolbuffers/protobuf/releases/tag/v33.2
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-42822
Pick the patch the references the github advisory[1] and the cve ID also from
the nvd report. The patch is a backported version of the patch referenced by
the nvd report.
[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit a9fa1c5c2a83d301aa004cd16d18a516ae383042)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184
Pick the patch that is associated with the github advisory[1], which is
a backported version of the patch that is referenced by the nvd report.
[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 259e4f9266680f4afd2c54a3a4a6358151edf41b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit f81041bb39d0fb10bbf3c0edcae47a65c573088c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 2578e5c17d95cdb56e3d85cecaf541d7473122f9)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 8ffd8f29d5f055e390d4475c99f2d2c22f9797d9)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 31694c82e3269855fe6a9cc3614f66c4e1067589)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 64ee8f84c4edfb4d0b9b2e299e1a1afe6a6168e0)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 71e9d02b125578593eebde2422223a9ede7265f6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 19e076e66b3e3230b1fa05580e64de45a832ab13)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 63b5fff9755a5849a0bbfba5447e117130efcf54)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit a6efc5b2850036cadb044eb8de8bde2e54c97c28)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 1cb08277fe367850eb130c0995d85dca8e609787)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-61099
https://nvd.nist.gov/vuln/detail/CVE-2025-61100
https://nvd.nist.gov/vuln/detail/CVE-2025-61101
https://nvd.nist.gov/vuln/detail/CVE-2025-61102
https://nvd.nist.gov/vuln/detail/CVE-2025-61103
https://nvd.nist.gov/vuln/detail/CVE-2025-61104
https://nvd.nist.gov/vuln/detail/CVE-2025-61105
https://nvd.nist.gov/vuln/detail/CVE-2025-61106
https://nvd.nist.gov/vuln/detail/CVE-2025-61107
The NVD advisory refernces a PR[1] that contains only an unfinished, and
ultimately unmerged attempt at the fixes. The actual solution comes from
a different PR[2]. These patches are 3 commits from that PR. The last
commit wasn't backported, because it is just code formatting.
[1]: https://github.com/FRRouting/frr/pull/19480
[2]: https://github.com/FRRouting/frr/pull/19983
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3cd47f72ad8d3889e2ef44c63ce6414cb1a9964d)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8cab2b2977f7cfbbf7bf1aa617070163e2eaf002)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8da9f2fea2e4c2f525e9357814f21b70669b8d8b)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
The "develop" branch doesn't exist anymore, the used revision can be
found on the "main" branch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 21df5861c7e03af154b18573939649ae65dcaa92)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 050ffcdea2b2ac3fcfb5bc5f39d64b60b2dd1dca)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix is included via commit [1].
[1] https://github.com/nginx/nginx/commit/fbbbf189dadf3bd59c2462af68c16f2c2874d4ee
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5d3936d5dd0489a984e37cc00b59e6a05d9541ac)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
nginx has a long history, and has used multiple CPEs
over time. Set CVE_PRODUCT to reflect current and historic
vendor:product pairs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d25aadbbb53d54382b4b82b1f78a69d4d117fd28)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop CVE patch which has been integrated into this new version.
Solves:
* CVE-2025-53859
CHANGES:
https://nginx.org/en/CHANGES-1.28
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 222c6425644a39c9b7757792b47e500ca55f85b0)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6f68f5fce766096b9d086093ca0435bc5904b8e7)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
