summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gimp: patch CVE-2025-14423Gyorgy Sarvari2026-01-062-0/+107
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 Pick the patch references by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6aa5720e76d632f62f53ed7be7fe649138fbd55c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-14422Gyorgy Sarvari2026-01-062-5/+73
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a0b41204afe57f9b2b3f2e8ff496be72d04e0eb7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: ignore CVE-2025-68118Gyorgy Sarvari2026-01-061-0/+1
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 It is a Windows only vulnerability, ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fetchmail: patch CVE-2025-61962Ankur Tyagi2026-01-062-0/+52
| | | | | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 0d9da1105276f04cb23046de5f31fc75f09e2e89) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* civetweb: ignore CVE-2025-9648Gyorgy Sarvari2026-01-061-1/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648 It is already fixed in the currently used version. Also, update CVE-2025-55763's status to "fixed-version" (so it will be marked as "Patched" in the CVE report instead of "Ignored") Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bfb76da63bd141173aeb71ce91c336b8aa557a5f) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: ignore CVE-2025-26594...26601Gyorgy Sarvari2026-01-061-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26594 https://nvd.nist.gov/vuln/detail/CVE-2025-26595 https://nvd.nist.gov/vuln/detail/CVE-2025-26596 https://nvd.nist.gov/vuln/detail/CVE-2025-26597 https://nvd.nist.gov/vuln/detail/CVE-2025-26598 https://nvd.nist.gov/vuln/detail/CVE-2025-26599 https://nvd.nist.gov/vuln/detail/CVE-2025-26600 https://nvd.nist.gov/vuln/detail/CVE-2025-26601 TigerVNC compiles its own xserver, this is why these CVEs are associated with it - despite the vulnerabilities being in xserver. All of these vulnerabilities were fixed by the same PR[1], which has been part of xserver since version 21.1.16 (the currently used xserver version in TigerVNC is 21.1.18). Due to this, ignore these vulnerabilities, and just mark them as patched. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4924e89bb77fe5486063229c50039a458d60f8ea) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: ignore CVE-2023-6478Gyorgy Sarvari2026-01-061-0/+1
| | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478 TigerVNC compiles its own xserver, this is why this CVE is associated with it - despite the vulnerability being in xserver. The vulnerability was fixed by [1] (from the nvd report), which has been backported[2] to the xserver version used by the recipe - so ignore the CVE, since it's patched already. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632 [2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 62a78f8ba7c8bd229cc82cf81bcc6a6d8116ebca) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: ignore CVE-2023-6377Gyorgy Sarvari2026-01-061-0/+1
| | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377 TigerVNC compiles its own xserver, this is why this CVE is associated with it - despite the vulnerability being in xserver. The vulnerability was fixed by [1] (from the nvd report), which has been backported[2] to the xserver version used by the recipe - so ignore the CVE, since it's patched already. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd [2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f691f2178b15eec22f09a1c17b9945fad4e330e6) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: sync xserver code with oe-coreGyorgy Sarvari2026-01-061-2/+2
| | | | | | | | | | | TigerVNC compiles its own xserver. Synchronize the xserver version with oe-core. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fadb9c05709dae9e817a50e4d99093d4e2937933) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: fix typo in CVE_STATUSGyorgy Sarvari2026-01-061-1/+1
| | | | | | | | | | Forgot to add the CVE- prefix in previous patch. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2f913279d4926ab92b97ffbb7c53031835b393bd) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fio: ignore CVE-2025-10824Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824 The upstream maintainer wasn't able to reproduce the issue[1], and the related bug is closed without further action. [1]: https://github.com/axboe/fio/issues/1981 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a275078cbeaa0fafcfa4eb60ca69f05a8fe3df99) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dovecot: patch CVE-2025-30189Gyorgy Sarvari2026-01-068-0/+489
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 Pick the patches referenced by the advisory[1] from the Full Disclosure list. [1]: https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cups-filters: patch CVE-2025-64524Gyorgy Sarvari2026-01-062-5/+87
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 056ee43dd1d0e46a9b40339e877a4bf76cf8196b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cifs-utils: patch CVE-2025-2312Gyorgy Sarvari2026-01-062-1/+138
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312 Pick the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* c-ares: upgrade 1.34.5 -> 1.34.6Jason Schonberg2026-01-062-23/+1
| | | | | | | | | | | | | | Drop memory leak patch which has already been included in this new version. The new version also includes a fix for CVE 2025-62408. Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 996768e0800a008e06d6c8d305f443198d4df847) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* minio: ignore irrelevant CVEsGyorgy Sarvari2026-01-061-0/+6
| | | | | | | | | | | | | | | | The minio umbrella covers multiple projects. The recipe itself builds "minio client", which is a set of basic tools to query data from "minio server" - like ls, mv, find... The CVEs were files against minio server. Looking at the go mod list, this recipe doesn't use minio server even as a build dependency - so ignore the CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df462075be855c60117af661dbce1836c652fc16) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* accountsservice: ignore CVE-2023-3297Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297 The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is not present in the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 071a45c9d76c9a222c8fbaa50089a8af44f44e74) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fex: ignore unrelated CVEsGyorgy Sarvari2026-01-051-0/+6
| | | | | | | | | | | | | These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b990486203b8eca688cfb6fc9bebf8b138e0b334) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRAMingli Yu2025-12-171-0/+2
| | | | | | | | | | | | Most host gcc doesn't support -fcanon-prefix-map right now, so empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error. | gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 31a08525bedd960c21214f84c256f67c6090bb5a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libplist: Fix buildpaths in ptestsKhem Raj2025-12-171-4/+6
| | | | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> (cherry picked from commit 3a6b83c075e606c1bf2b46b9c51bbe22ff4c72c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gflags: switch Git branch from master to mainViswanath Kraleti2025-12-171-1/+1
| | | | | | | | Update SRC_URI to use the 'main' branch instead of 'master' since the upstream GitHub repository has renamed its default branch. Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-huey: Upgrade 2.5.4 -> 2.5.5Leon Anavi2025-12-171-1/+1
| | | | | | | | | | | | Upgrade to release 2.5.5: - Fix for pypi Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7954f37b3ca479b4b086e887afc7ddc03d7f9eb2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2Leon Anavi2025-12-171-6/+3
| | | | | | | | | | | | | | | Upgrade to release 3.1.2: - Fix pickling of abstract base classes containing type annotations for Python 3.14. License-Update: Use file LICENSE Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b428f675752f1f83bed691cb9b58adf48212aaea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-polyline: Upgrade 2.0.3 -> 2.0.4Leon Anavi2025-12-171-1/+1
| | | | | | | | | | | | Upgrade to release 2.0.4: - Add py.typed marker Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 71055538b53c2fd60ea9c3a84a6d01fab5fa58ae) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-sqlparse: upgrade 0.5.3 -> 0.5.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============= Enhancements --------------- * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an '--in-place' flag for in-place editing * Add 'ATTACH' and 'DETACH' to PostgreSQL keywords * Add 'INTERSECT' to close keywords in WHERE clause * Support 'REGEXP BINARY' comparison operator Bug Fixes ---------- * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks * Fix splitting on semicolons inside BEGIN...END blocks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 705abb20c1ec1d780183eef9ffd2a02894ef42e6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pymodbus: upgrade 3.11.3 -> 3.11.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: full support for python 3.14 and a number of packages (like mypy) have been updated. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b745baf4784f01b1eed82607d0d69004df6ed025) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pybcj: upgrade 1.0.6 -> 1.0.7Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | Changelog: ============ - Support for python 3.14 - ci: fix test and release workflows Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 797e29ed4222dad9539f72c846e3435c92d50604) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-gmpy2: upgrade 2.2.1 -> 2.2.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e274146fa454127ca6483a02f6a4c30ac733fa3c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-eventlet: upgrade 0.40.3 -> 0.40.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | Changelog: ============ * Remove legacy setuptools configuration files * add 3.14 to supported versions * Emit warning on startup that eventlet is deprecated * Fix Python 3.14 on macOS * Workaround for #1068 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 768580103b8df1bf41ffb3f2f81c141057c2d0d9) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 4.2.25 -> 4.2.26Ankur Tyagi2025-12-171-2/+2
| | | | | | | | | | | Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.26/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5551a12170f347cd9e50d2c57fefa3967a4f80c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 5.2.7 -> 5.2.8Ankur Tyagi2025-12-171-1/+1
| | | | | | | | | | | Release Notes: https://docs.djangoproject.com/en/dev/releases/5.2.8/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8247a68d540ed9154cecf92f4e4612f1c0ba0490) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-rich-argparse: upgrade 1.7.1 -> 1.7.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 18aaa7d8a6f326c13d3963ac7501ce54aaa066e0) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-moteus: upgrade 0.3.95 -> 0.3.96Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ddca2bae90f702c45a1c84e4af5fc086d52aaa50) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-gpt-image: upgrade 0.9.0 -> 0.9.1Wang Mingyu2025-12-171-2/+2
| | | | | | | | | | | | | Changelog: Partition commit offset calculation License-Update: file type changed to "ASCII text" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dc53efed84fd3c0239edea5aeba789a3b626edfe) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* e2tools: Fix buildpaths in ptestsKhem Raj2025-12-171-1/+15
| | | | | | | | | | | Currently the path checks are escaping QA check for buildpath detection but config.status still has paths which show up in reproduciblity failures, comparing build in path A and build in path B, content of config.status don't end up same. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0856c5613234c61d809b9c983bc45c750144ebd8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nautilus: upgrade 49.1 -> 49.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | * Bugfixes: - Fix handling of unset XDG directories - Reduce memory usage of thumbnails by correct scaling - Fix potential rescaling of item when switching to cut icon - Fix crash on empty file lists in drops - Correct sorting of loopback devices - Don't skip the first file from operation progress monitoring Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 90343e19902d5bb341461d1e7255b5829c894a85) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp-tools: upgrade 0.12.1 -> 0.12.2Gyorgy Sarvari2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | Changelog: - Common: - Remove deprecated libxml calls - AV CP: - Remove some stray debug output - EventDumper: - Code cleanup - Uploader: - Fix parsing the Browse result Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 25540bf356b601a4fa6f49c6f935f49f899c616a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp-av: upgrade 0.14.1 -> 0.14.4Gyorgy Sarvari2025-12-172-49/+3
| | | | | | | | | | | | | | | | | | | | | Drop patch that is included in this release. Changelog: 0.14.4: - Move documentation to gi-docgen 0.14.3: - CI fixes 0.14.2: - xml: Fix compatibility with libxml2 2.12.x - Add missing array annotation - build: Fix Requires: line of pkg-config file - Loosen restriction on dc:date verification Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b8d9e45b6912800c0d78f3cc6b53160cec79f28c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp: upgrade 1.6.6 -> 1.6.9Gyorgy Sarvari2025-12-172-36/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was incorporated in this release. Changelog: 1.6.9: - Linux-CM: Fix a potential memory leak - Fix documentation link for libsoup - Fix unnecessary g_thread_unref in tests - Fix issues with Since: in documentation 1.6.8: - ServiceProxyAction: Remove some left-over debug output - ServiceProxyAction: Stop leaking the HTTP response - Docs: Fix various issues - ServiceProxyAction: Add get_value_as() - Linux-CM: Silence a false-positive with scan-build 1.6.7: - Fix compatiblity with libxml2 2.12.x - Improve reproducability - ControlPoint: Fix re-scan - ContextManager: Fix boot-id update - Context: Fix crash if served URI is not an IP address Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dd108a46f88102a998a71c41f14ee6aec1ea90ea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gssdp: upgrade 1.6.3 -> 1.6.4Gyorgy Sarvari2025-12-172-36/+1
| | | | | | | | | | | | | | | | Drop patch that was incorporated in this release. Shortlog (without CI-changes): client: Format Since/Deprecated versions in a way gi-docgen can parse Fix template to use local mirror gssdp-enums.c.template: use basename instead of filename resource-browser: Make regex pattern static Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a78826db861060ac04a27ea5b388c48dd668c7a6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openipmi: Pass BUILD_CFLAGS to BUILD_CCMingli Yu2025-12-172-0/+36
| | | | | | | | | | | | | | | | | | | | * The option -fcanon-prefix-map is added to CFLAGS after the commit [1] introduced and result in the below build error. Making all in sdrcomp make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp' aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? * Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue. [1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c41fb791faaebf9e86b021d039d860ccf5ff45f1) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libcoap: upgrade 4.3.5 -> 4.3.5aPeter Marko2025-12-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog [1]: * Fixes the following CVEs CVE-2025-59391 CVE-2025-65494 CVE-2025-65495 CVE-2025-65496 CVE-2025-65497 CVE-2025-65498 CVE-2025-65499 CVE-2025-65500 CVE-2025-65501 * CVE-2025-50518 not fixed as user application error. * Support for Mbed TLS 3.6.3. * Support for RIOT update changes. * Fixes for later CI environment builds. * Critical reported bugs fixed. Add tag to SRC_URI for hash verification. License-Update: copyright years refreshed [2] [1] https://github.com/obgm/libcoap/blob/v4.3.5a/ChangeLog [2] https://github.com/obgm/libcoap/commit/993c12ac92ce6a24a409924fe78a5c0fe7246699 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6a9cc44a92a1fb817d68de3190219626dcf96d2d) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* postfix: upgrade 3.10.5 -> 3.10.6Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit cde1da5ec1cc7d5edfab7f65d95dfb9afff09682) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libdaq: upgrade 3.0.22 -> 3.0.23Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: api: add tcp flag in DAQ flow stats Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c3baf61d0394c8698c935d43bd8267f41392590) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* pgpool2: 4.6.3 -> 4.6.4Liu Yiding2025-12-173-379/+1
| | | | | | | | | | | Drop 0001-snprintf-Add-math.h-to-ensure-isnan-and-isinf-are-de.patch and v1-0001-Make-time-calculations-always-long-long.patch as those were merged upstream. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7fb4910ccb6a156bf67eb773ff1b421b30536b58) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openvpn: upgrade 2.6.15 -> 2.6.16Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code maintenance / Compat changes --------------------------------- - adapt to new "encrypt-then-mac" cipher suites in OpenSSL 3.6.0 - these need special handling which we don't do, so the t_lpback self-test failed on them. Exclude from list of allowed ciphers, as there is no strong reason today to make OpenVPN use these. - fix various compile-time warnings Documentation updates --------------------- - fix outdated and non-HTTPS URLs throughout the tree (doxygen, warnings, manpage, ...) Bugfixes -------- - Fix memcmp check for the hmac verification in the 3way handshake. This bug renders the HMAC based protection against state exhaustion on receiving spoofed TLS handshake packets in the OpenVPN server inefficient. CVE: 2025-13086 - fix invalid pointer creation in tls_pre_decrypt() - technically this is a memory over-read issue, in practice, the compilers optimize it away so no negative effects could be observed. - Windows: in the interactive service, fix the "undo DNS config" handling. - Windows: in the interactive service, disallow using of "stdin" for the config file, unless the caller is authorized OpenVPN Administrator - Windows: in the interactive service, change all netsh calls to use interface index and not interface name - sidesteps all possible attack avenues with special characters in interface names. - Windows: in the interactive service, improve error handling in some "unlikely to happen" paths. - auth plugin/script handling: properly check for errors in creation on $auth_failed_reason_file (arf). - for incoming TCP connections, close-on-exec option was applied to the wrong socket fd, leaking socket FDs to child processes. - sitnl: set close-on-exec flag on netlink socket - ssl_mbedtls: fix missing perf_pop() call (optional performance profiling) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 351ac662131944f4c40ea8410a0077cc715053a2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* apache2: upgrade 2.4.65 -> 2.4.66Valeria Petrov2025-12-171-1/+1
| | | | | | | | | | | | | | | | | Security fixes: - CVE-2025-66200 - CVE-2025-65082 - CVE-2025-59775 - CVE-2025-58098 - CVE-2025-55753 See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 220835dac9a39dda9112dcd5383aafc9ad552590) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* swagger-ui: upgrade 5.30.2 -> 5.30.3Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | Changelog: ========== - deps: update vulnerable @release-it/conventional-changelog to 10.0.2 - deps: update vulnerable dependencies (js-yaml & glob) - utils: handle sanitizing multi-level relative paths Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fad70abdb36e42eda376fd5ed0275c1dfbdea403) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fcgi: upgrade 2.4.6 -> 2.4.7Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 39f1d58d2bdc189b65f7752122490c37898a52d8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libmng: correct version of libmngChangqing Li2025-12-172-1/+34
| | | | | | | | | | | Current version is 2.0.3, the lastrelease of libmng is in 2015, add a patch to fix it Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c91f9c0a4bd7175c108ff89d8e80a134c84d7e1a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-21 20:30:27 +0000