summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* fatresize: set correct LICENSEGyorgy Sarvari2025-09-261-1/+1
| | | | | | | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 86980f2df271c4a798efe9fc40023b2db6911f47) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* yaffs2-utils: update SRC_URIYi Zhao2025-09-261-2/+1
| | | | | | | | | The source repo has been moved to github. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 49c7edb304c010620a8c8f344f9cc4b7c3707480) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* sshfs-fuse: upgrade 3.7.2 -> 3.7.3Wang Mingyu2025-09-261-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f50cffbd022d119ced5e750e75566e7eeda5f07f) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* krb5: fix packaging with ldap PACKAGECONFIGGyorgy Sarvari2025-09-261-1/+2
| | | | | | | | | | | | | In case ldap PACKAGECONFIG is enabled, packaging fails with the following error: ERROR: krb5-1.17.2-r0 do_package: QA Issue: krb5: Files/directories were installed but not shipped in any package: /usr/lib/libkdb_ldap.so.1.0 /usr/lib/libkdb_ldap.so.1 Fix it by adding the file to the krb5-kdc-ldap package (the same that Debian also uses to ship this file). Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* krb5: fix CVE-2025-24528Divya Chellam2025-09-262-0/+69
| | | | | | | | | | | | | | | | | | In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash. https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 Reference: https://security-tracker.debian.org/tracker/CVE-2025-24528 Upstream-patch: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cjson 1.7.18: Fix CVE-2025-57052Shubham Pushpkar2025-09-232-1/+36
| | | | | | | | | | | | | Upstream Repository: https://github.com/DaveGamble/cJSON.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57052 Type: Security Fix CVE: CVE-2025-57052 Score: 9.8 Patch: https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* php: upgrade 8.1.31 -> 8.1.33Soumya Sambu2025-09-231-1/+1
| | | | | | | | | | | | Includes fix for CVE-2025-1735, CVE-2025-6491, CVE-2025-1220, CVE-2025-1861, CVE-2025-1219, CVE-2025-1217, CVE-2025-1734 and CVE-2025-1736. Changelog: https://www.php.net/ChangeLog-8.php#8.1.33 https://www.php.net/ChangeLog-8.php#8.1.32 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hddtemp: Add missing prototype for ata_get_powermode in sata.cKhem Raj2025-09-192-0/+34
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fdb8bc38b1e959006a0a5d98c84c8443c785e49d) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* gnulib: Update SRC_URIMingli Yu2025-09-191-1/+1
| | | | | | | | | Update the SRC_URI to fix the do_fetch warning. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 37d158db78cda787a5833c098423650b8caba0fa) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* fltk: upgrade 1.3.8 -> 1.3.9Yi Zhao2025-09-192-2/+3
| | | | | | | | | | Release Notes: https://www.fltk.org/articles.php?L1898 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7e124168f9134ab77910f262d3d0b0e49b1c3e4a) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* fltk-native: fix libdl link issueKai Kang2025-09-192-3/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It fails to build fltk-native on Ubuntu 20.04 with glibc 2.31: | /path_to/tmp/hosttools/ld: lib/libfltk.a(Fl_Native_File_Chooser.cxx.o): in function `fl_dlopen(char const*, char const*)': | Fl_Native_File_Chooser.cxx:(.text+0x61a): undefined reference to `dlopen' | /path_to/tmp/hosttools/ld: lib/libfltk.a(Fl_Native_File_Chooser.cxx.o): in function `Fl_GTK_File_Chooser::probe_for_GTK_libs()': | Fl_Native_File_Chooser.cxx:(.text+0xf92): undefined reference to `dlerror' The original fix in fltk-native recipe does not work any more because '-ldl' appears before lib/libfltk.a and causes dlopen() unresolved. The reason why it doesn't fail on other hosts is that the functions dlopen(), dlerror() etc. have been moved to libc.so since glibc 2.34 via the commits in glibc: 0c1c3a771e dlfcn: Move dlopen into libc add8d7ea01 dlfcn: Move dlvsym into libc 6dfc0207eb dlfcn: Move dlinfo into libc 492560a32e dlfcn: Move dladdr1 into libc 6a1ed32789 dlfcn: Move dlmopen into libc 77f876c0e3 dlfcn: Move dlsym into libc 602252b553 dlfcn: Move dladdr into libc d8cce17d2a dlfcn: Move dlclose into libc Append 'dl' to fltk link items explictly to fix the error. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e3606c223e8195dc57a41c64ca670958f1809d6f) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* ctapi-common: Use archives.fedoraproject.org to fetch srpmKhem Raj2025-09-191-3/+3
| | | | | | | | This is a better place to fetch the srpm as it is fedora's location Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e36553fcd9b98889fc356a2517645c030f8315e9) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* ctapi-common: Point to working SRC_URI locationsKhem Raj2025-09-191-4/+3
| | | | | | | | Drop md5sum checksum Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7687cb73b26e09c566adecb4e5ac71a270800004) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* colord-native: upgrade 1.4.6 -> 1.4.7Wang Mingyu2025-09-192-8/+5
| | | | | | | | | | | | | | | | | | | | | | | | 0001-Move-the-function-cd_icc_create_from_edid-to-avoid-u.patch refreshed for 1.4.7 Changelog: =========== - Add various hardenings to the systemd service - Always close the ICC profile when loading fails - Avoid destructing LCMS plugin twice with lcms 2.14 - Do not make state files executable in tmpfiles.d/colord.conf - Fix a double free spotted by Coverity - Fix an error check when parsing the DTP94 data - Fix a -Wincompatible-pointer-types warning - Fix potential crash when reading from broken Huey hardware - Set FILE_OFFSET_BITS explicitly - Use a 64-bit time_t - Use thread context for Gamut Alarm codes Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f016f77796504de03a4148a13383fd9fd5754a73) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* colord: upgrade 1.4.5 -> 1.4.6Wang Mingyu2025-09-191-2/+2
| | | | | | | | | | | | | | | | | | | | Changelog: ========== Bugfixes: - Add missing copyright notices - Add Spyder X entry - Document where to send patches - Don't use exact floating point comparisons - Drop option for removed reverse engineering tools - Drop references to hughski.com - Fix a small memory leak in sqlite3_exec() - Fix typo in device-removed signal documentation - Make introspection optional in meson Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 706cfeb2504ebec37872e6ee051a5b07385412b7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cmark: upgrade 0.30.2 -> 0.30.3Wang Mingyu2025-09-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== * Fix quadratic complexity bug with repeated '![[]()'. Resolves CVE-2023-22486. Add new pathological test. * Allow declarations with no space, as per spec * Set 'enumi*' counter correctly in LaTeX output * Allow '<!DOCTYPE' to be case-insensitive. existing spec.) * Fixed HTML comment scanning. Need to handle this case: '<!--> and -->'. Since the scanner finds the longest match, we had to move some of the logic outside of the scanner. * Fix quadratic parsing issue with repeated '<!--' (this was not introduced by the previous fix, and not in a released version of cmark). Resolves CVE-2023-22484. Add new pathological test. * Update HTML comment scanner to accord with commonmark/commonmark-spec#713 * Pathological tests: half the number of repetitions, and the timeout. This reduces the time needed for the pathological tests. * Shrink 'struct cmark_node' (#446). The 'internal_offset' member is only used for headings and can be moved to 'struct cmark_heading'. This reduces the size of 'struct cmark_node' from 112 to 104 bytes on 64-bit systems. * Add '-Wstrict-prototypes' and fix offending functions. * Fix quadratic behavior involving 'get_containing_block' (#431). Instead of searching for the containing block, update the tight list status when entering a child of a list item or exiting a list. * Fix 'pathological_tests.py' - Use a multiprocessing.Queue to actually get results from spawned tests processes. - Fix the 'allowed_failures' test. - Truncate actual output when printed. - Prepare for testing pathological behavior of the Commonmark renderer. * Fix source position bug with backticks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 69aea3d8f7d84b4214948c0553fe1744f254bbf6) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* bdwgc: Fix typo in EXTRA_OECONF and remove unneeded extra CFLAGSIvan Maidanski2025-09-181-3/+1
| | | | | | | | | * fix typo in "--enable-cplusplus" * "-D_GNU_SOURCE -DNO_GETCONTEXT -DSEARCH_FOR_DATA_START -DUSE_MMAP -DHAVE_DL_ITERATE_PHDR" not needed any more Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d7d0d550d0874a5002e63a23804811a766f7a07b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* avro-c: upgrade 1.11.2 -> 1.11.3alperak2025-09-181-1/+1
| | | | | | | | | | | Changelog: * This is a minor release, specifically addressing known issues with the 1.11.2 release, but also contains version bumps and doc fixes. Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e1552304bf3cd1abc403dd8cd1b4ed5cd646c64b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* avro-c: upgrade 1.11.1 -> 1.11.2Wang Mingyu2025-09-181-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 52f35e40106858842c23c31169a98c8862c66e6d) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* avro-c: upgrade 1.11.0 -> 1.11.1wangmy2025-09-181-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d6a30ef441adfb4e92dbc689266b61192c4add3b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* augeas: Check for __GLIBC__ to use gnu extention for strerror_rKhem Raj2025-09-183-34/+67
| | | | | | | | Merge .bb and .inc Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit aca683fb18c3a62874e6687e36fb4c35a25d0615) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* testfloat: update UPSTREAM_CHECK_* variables to fix devtool upgradesYoann Congal2025-09-181-0/+1
| | | | | | | | | | Update UPSTREAM_CHECK_* variables to fix UNKNOWN_BROKEN status with devtool check-upgrade-status. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr> (cherry picked from commit 21e3280fad93fc906aa9f488ea10adb71f7de86e) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* pm-qa: update git fetch protocolGyorgy Sarvari2025-09-181-1/+1
| | | | | | | Apparently the git repo in the SRC_URI stopped supporting git protocol. Switch to https to be able to fetch the source successfully. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* fb-test: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN statusAlexandre Truong2025-09-181-0/+3
| | | | | | | | | | | | When performing devtool check-upgrade-status, UNKNOWN_BROKEN status appears. On the upstream source repository, releases are not identified by tags. So, UPSTREAM_CHECK_COMMITS is set to 1, to find the latest upstream update. Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr> Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 16688b0f565badadace8732840f0ff01718cc87c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* readme: update maintainerGyorgy Sarvari2025-09-1811-5/+12
| | | | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cukinia: Fix license fieldPhilip-Dylan Gleonec2025-09-181-1/+1
| | | | | | | | | | | The recipe currently indicates that the cukinia package is licensed under both GPLv3 AND Apache 2.0 licenses, but the upstream specifies using it under GPLv3 OR Apache 2.0 license, is user's choice. Signed-off-by: Philip-Dylan Gleonec <philip-dylan.gleonec@savoirfairelinux.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit cb8908b91ead37c5d74b44f949c12c33354956a7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cukinia: drop allarchMartin Jansa2025-09-181-2/+0
| | | | | | | | | | | | | | | * it rdepends on TUNE_PKGARCH libgpiod-tools so it cannot be allarch (or cukinia->libgpiod-tools needs to be added to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS) bitbake-diffsigs \ sstate-before/mako/all-webos-linux/cukinia/0.6.2.do_package_write_ipk.sigdata.630262028cb276fdac170d30a265aa72d4249f84a264e11ea676a5ab38f1cacc \ sstate-before/qemux86-64/all-webos-linux/cukinia/0.6.2.do_package_write_ipk.sigdata.5d193e43c71f1270d36075be6124bb70585bb682771cff644349c4a7ffd13605 Hash for task dependency libgpiod:do_packagedata changed from d3dffb55884b89470065c3eaf046563e2f306706400be396b022a470ceca1916 to 76e47aed399fdbd14db3c4b75ef2b83298322429f111175d4ca4f3f4c67eebf0 Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1db563c31023bb64d94d34807547baf1d4f2923c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cukinia: add libgpiod-tools to RRECOMMENDSEnguerrand de Ribaucourt2025-09-181-0/+2
| | | | | | | | | | The cukinia statement `cukinia_gpio_libgpiod` requires the `gpioinfo` command. Alternatively, the deprecated sysfs GPIO API can be used with `cukinia_gpio_sysfs`. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit deaa4c111fd3cb12dd7d6cba0550316d71dd8b07) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cukinia: inherit allarchEnguerrand de Ribaucourt2025-09-181-0/+2
| | | | | | | | | | The recipe installs a shell script which does not depend on the architecture. Inheriting allarch will make sure that the recipe is built only once accross different architectures. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 97c9e5c38d87785c80f824969eb530bcafcbf401) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cukinia: upgrade 0.6.1 -> 0.6.2Enguerrand de Ribaucourt2025-09-181-1/+1
| | | | | | | | | | Changes: cukinia: add /proc/cmdline parameter check cukinia: add test suite and class to csv cukinia: add kernel config check in boot partition Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit daf73e7279da15ad2c29d95f9a8f01658a81f5d5) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cukinia: upgrade 0.6.0 -> 0.6.1Wang Mingyu2025-09-181-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5f2c3b32dd8f40b67eabc2da98cd279a570cb8d2) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* cpputest: add possibility to build extensionsPeter Marko2025-09-181-1/+3
| | | | | | | Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c0402f7c47188cef1d6afc68c0427124940ea57) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* catch2: upgrade 2.13.7 -> 2.13.10alperak2025-09-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | v2.13.10: Fixes: -Fixed issue with catch_discover_tests when there is multiple of 256 tests (#2401, #2503) -Catch2-provided main and wmain are explicitly marked as __cdecl when compiled with MSVC (#2486, #2487) -Improved break-into-debugger behaviour for ARM Macs. It should now be possible to step execution after the break (#2422) -Replaced deprecated std::aligned_storage (#2419, #2420) v2.13.9: Fixes: -Fixed issue with -# (filename-as-tag) flag when __FILE__ expands into filename without directories (#2328, #2393) -Fixed CAPTURE macro not being variadic when disabled through CATCH_CONFIG_DISABLE (#2316, #2378) v2.13.8: Fixes: -Made Approx::operator() const (#2288) -Improved pkg-config files (#2284) -Fixed warning suppression leaking out of Catch2 when compiled with clang.exe (#2280) -The macro-generated names for things like TEST_CASE no longer create reserved identifiers (#2336) Improvements: -Clang-tidy should no longer warn about missing virtual dispatch in FilterGenerator's constructor (#2314) Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1bdab916b1fd70ce9196aedac319df5dd8b6dd15) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* bats: use baselibJoe Slater2025-09-181-4/+5
| | | | | | | | | | Use sed to change scripts to reference ${baselib}. The former set of scripts modified was incomplete. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1cc72c41af0c6a55a10be9158a2f856b02a56282) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* python3-twisted: Fix CVE-2023-46137Soumya Sambu2025-09-182-1/+198
| | | | | | | | | | | | | | | | | | | | Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2023-46137 https://security-tracker.debian.org/tracker/CVE-2023-46137 Upstream patch: https://github.com/twisted/twisted/commit/1e6e9d23cac59689760558dcb6634285e694b04c Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* python3-twisted: Fix CVE-2024-41810Soumya Sambu2025-09-182-1/+111
| | | | | | | | | | | | | | | | | Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41810 Upstream patch: https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* readme: update maintainerGyorgy Sarvari2025-09-1611-12/+12
| | | | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* geary: don't check iso codes xml at build timeGyorgy Sarvari2025-09-062-1/+35
| | | | | | | | | | | | In case the iso_639_xml and iso_3166_xml files are not present on the build machine, then meson fails the compilation - however these files are used only during runtime. To avoid this, add a patch not to check the existence of these files during building, but also specify where these files will be located using build arguments. This patch is a backport from master branch 73c46b265d1cb35c43956d1723c338a137f6ef56 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hunspell-dictionaries: fix SRC_URIGyorgy Sarvari2025-09-061-1/+1
| | | | | | The master branch has been renamed to main. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* poppler: fix CVE-2025-52886Yogita Urade2025-09-065-0/+4707
| | | | | | | | | | | | | | | | | | | | | | | | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. CVE-2025-52886-0001 and CVE-2025-52886-0002 are dependent commits while rest are actual CVE fixes. References: https://nvd.nist.gov/vuln/detail/CVE-2025-52886 https://security-tracker.debian.org/tracker/CVE-2025-52886 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d35e11a8f84d396a9d9ef43ef852d377adc3830a https://gitlab.freedesktop.org/poppler/poppler/-/commit/af3e1e1a3577c4e1c66cbe69ebdc6a632038e299 https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* tcpreplay: fix CVE-2023-43279Archana Polampalli2025-09-062-0/+37
| | | | | | | | Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* apache2: upgrade 2.4.62 -> 2.4.65Archana Polampalli2025-09-061-1/+1
| | | | | | | | | | | | This upgrade incorporates the fixes for CVE-2025-53020, CVE-2025-49812, CVE-2025-49630, CVE-2025-23048, CVE-2024-47252, CVE-2024-43394, CVE-2024-43204, CVE-2024-42516, CVE-2025-54090 and other bugfixes. Changelog: https://www.apachelounge.com/Changelog-2.4.html Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* openjpeg: Fix CVE-2025-50952Vijay Anusuri2025-09-062-0/+33
| | | | | | | | Upstream commit: https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* packagegroup-meta-filesystems: fix build issueVyacheslav Yurkov2025-09-061-0/+1
| | | | | | | | | | The packagegroup has to be arch dependent to address build failure: ERROR: packagegroup-meta-filesystems-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (fuse to libfuse2) ERROR: packagegroup-meta-filesystems-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (fuse-dev to libfuse-dev) Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libssh: fix CVE-2025-4877Hitendra Prajapati2025-09-062-0/+58
| | | | | | | Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libnet: backport patch to remove configure time SOCK_PACKET checkGuocai He2025-09-062-0/+252
| | | | | | | | | | | | | Backport [1] to fix the do_configure error like below: checking for packet socket (PF_PACKET)... ./pf_packet-test: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found [1] https://github.com/libnet/libnet/commit/19979c4541ddcc817c64ea911a309ee71a8cc250 Signed-off-by: Qi Chen <Qi.Chen@windriver.com> Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* unixodbc: fix odbc.pc file generationGuocai He2025-09-062-1/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The build process currently succeeds but the odbc.pc file is not correctly generated. The error message is like below in log.do_compile and log.do_install: /bin/bash: line 1: ../exe/odbc_config: cannot execute binary file: Exec format error I can see the message comes from the following line in exe/Makefile.am: @sed "s![@]ODBC_ULEN[@]!`$(top_builddir)/exe/odbc_config$(EXEEXT) --ulen`!" \ $(top_builddir)/DriverManager/odbc.pc > $(top_builddir)/exe/odbc.pc.tmp It's running the exe/odbc_config program we built out. But the binary is for the target platform and if we run it on the build host, we get that error message. The resulting ulen and build_cflags in the final odbc.pc file are also empty. Fix the issue by using qemu usermode to launch the target binary. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (master rev: 4cbd72f7b942af44da0704f66c1b0feef8699fe6) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* unixodbc: Fix install conflict when enable multilib.Wang Mingyu2025-09-061-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Error: Transaction test error: file /usr/include/unixODBC/config.h conflicts between attempted installs of unixodbc-dev-2.3.11-r0.aarch64 and lib32-unixodbc-dev-2.3.11-r0.armv7ahf_neon   file /usr/include/unixODBC/unixodbc_conf.h conflicts between attempted installs of unixodbc-dev-2.3.11-r0.aarch64 and lib32-unixodbc-dev-2.3.11-r0.armv7ahf_neon   file /usr/include/unixodbc.h conflicts between attempted installs of unixodbc-dev-2.3.11-r0.aarch64 and lib32-unixodbc-dev-2.3.11-r0.armv7ahf_neon The differences of config.h are as follows: @@ -14,7 +14,7 @@ /* #undef C_ALLOCA */ /* Lib directory */ -#define DEFLIB_PATH "/usr/lib64" +#define DEFLIB_PATH "/usr/lib" /* Using perdriver iconv */ /* #undef ENABLE_DRIVER_ICONV */ @@ -275,7 +275,7 @@ #define INCLUDE_PREFIX "/usr/include" /* Lib directory */ -#define LIB_PREFIX "/usr/lib64" +#define LIB_PREFIX "/usr/lib" /* Define to the sub-directory where libtool stores uninstalled libraries. */ #define LT_OBJDIR ".libs/" @@ -311,7 +311,7 @@ #define PACKAGE_VERSION "2.3.11" /* Platform is 64 bit */ -#define PLATFORM64 /**/ +/* #undef PLATFORM64 */ /* Install prefix */ #define PREFIX "/usr" @@ -323,10 +323,10 @@ #define SHLIBEXT ".so" /* The size of `long', as computed by sizeof. */ -#define SIZEOF_LONG 8 +#define SIZEOF_LONG 4 /* The size of `long int', as computed by sizeof. */ -#define SIZEOF_LONG_INT 8 +#define SIZEOF_LONG_INT 4 /* If using the C implementation of alloca, define if you know the direction of stack growth for your system; otherwise it will be @@ -351,7 +351,7 @@ #define SYSTEM_FILE_PATH "/etc" /* Lib path */ -#define SYSTEM_LIB_PATH "/usr/lib64" +#define SYSTEM_LIB_PATH "/usr/lib" /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. This macro is obsolete. */ @@ -383,7 +383,7 @@ /* #undef _ALL_SOURCE */ /* Number of bits in a file offset, on hosts where this is settable. */ -/* #undef _FILE_OFFSET_BITS */ +#define _FILE_OFFSET_BITS 64 /* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ /* #undef _LARGEFILE_SOURCE */ The differences of unixodbc_conf.h are as follows: @@ -19,7 +19,7 @@ /* #undef C_ALLOCA */ /* Lib directory */ -#define DEFLIB_PATH "/usr/lib64" +#define DEFLIB_PATH "/usr/lib" /* Using perdriver iconv */ /* #undef ENABLE_DRIVER_ICONV */ @@ -342,7 +342,7 @@ #define INCLUDE_PREFIX "/usr/include" /* Lib directory */ -#define LIB_PREFIX "/usr/lib64" +#define LIB_PREFIX "/usr/lib" /* Define if the OS needs help to load dependent libraries for dlopen(). */ /* #undef LTDL_DLOPEN_DEPLIBS */ @@ -396,7 +396,7 @@ /* Define to the version of this package. */ /* Platform is 64 bit */ -#define PLATFORM64 /**/ +/* #undef PLATFORM64 */ /* Install prefix */ #define PREFIX "/usr" @@ -408,7 +408,7 @@ #define SHLIBEXT ".so" /* The size of `long', as computed by sizeof. */ -#define SIZEOF_LONG 8 +#define SIZEOF_LONG 4 /* If using the C implementation of alloca, define if you know the direction of stack growth for your system; otherwise it will be @@ -431,7 +431,7 @@ #define SYSTEM_FILE_PATH "/etc" /* Lib path */ -#define SYSTEM_LIB_PATH "/usr/lib64" +#define SYSTEM_LIB_PATH "/usr/lib" /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ #define TIME_WITH_SYS_TIME 1 The differences of unixodbc.h are as follows: @@ -14,4 +14,4 @@ #define HAVE_UNISTD_H 1 /* Define to the value of sizeof(long) */ -#define SIZEOF_LONG_INT 8 +#define SIZEOF_LONG_INT 4 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (master rev: b3d875df4d6023835e2272a630df3b90c48f5bb9) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* nginx: patch CVE-2025-53859 in stablePeter Marko2025-09-062-0/+132
| | | | | | | | | Pick patch from nginx site which is also mentioned in [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-53859 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* json-schema-validator: Remove absolute path in INSTALL_CMAKE_DIRYoungseok Jeong2025-09-062-0/+46
| | | | | | | | | | | | | Can't found properly in the sysroot dir due to the absolute path in INSTALL_CMAKE_DIR. Fixes: The imported target "nlohmann_json_schema_validator" references the file "/usr/lib/libnlohmann_json_schema_validator.so.2.1.0" but this file does not exist. Signed-off-by: Youngseok Jeong <youngseok1.jeong@lge.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>