summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* jasper: upgrade 4.2.8 -> 4.2.9Wang Mingyu2026-03-261-1/+1
| | | | | | | | | | | | Changelog: - Fixed a bug in the JP2 encoder that caused incorrect handling of opacity components in some cases. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 330ecdd2ad03225db3cd0933f1083abed8598a98) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libde265: patch CVE-2025-61147Gyorgy Sarvari2026-03-262-1/+87
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147 Backport the patch referenced by the NVD advisory. Note that this is a partial backport - only the parts that are used by the application, and without pulling in c++17 headers. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libnice: make crypto library configurable via PACKAGECONFIGSujeet Nayak2026-03-261-1/+4
| | | | | | | | | | | Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting to gnutls. This allows users to select openssl as an alternative crypto library by setting PACKAGECONFIG. Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com> Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* bpftrace: Update the runtime dependenciesPeter Kjellerstedt2026-03-261-6/+5
| | | | | | | | * bash and python3 are only needed by the ptest package. * xz appears to not be needed at all. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* mariadb: Upgrade 11.4.9 -> 11.4.10Mingli Yu2026-03-265-143/+1
| | | | | | | | | | | | | | | | | | Remove 0001-Remove-x86-specific-loop-in-my_convert.patch as it's fixed in new version [1]. Remove 0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch as its logic is included in new version [2]. Release note: https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10 [1] https://github.com/MariaDB/server/commit/470487c [2] https://github.com/MariaDB/server/commit/a61a746 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-marshmallow: mark CVE-2025-68480 patchedGyorgy Sarvari2026-03-261-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68480 The vulnerability has been fixed in version 4.1.2[1], however NVD tracks this CVE without version info. Mark it as patched explicitly. [1]: https://github.com/marshmallow-code/marshmallow/commit/d24a0c9df061c4daa92f71cf85aca25b83eee508 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: upgrade 7.1.2-16 -> 7.1.2-17Gyorgy Sarvari2026-03-261-1/+1
| | | | | | | | Contains bugfixes and a couple of CVE fixes: https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: upgrade 7.1.2-15 -> 7.1.2-16Wang Mingyu2026-03-261-1/+1
| | | | | | | | | | | | | | | | | | | Changelog: =========== * client: Fix use-after-free when creating async proxy failed * daemon: Fix race on subscribers list when on thread * ftp: Validate fe_size when parsing symlink target * ftp: Check localtime() return value before use * CVE-2026-28295: ftp: Use control connection address for PASV data * CVE-2026-28296: ftp: Reject paths containing CR/LF characters * gphoto2: Use g_try_realloc() instead of g_realloc() * cdda: Reject path traversal in mount URI host * client: Fail when URI has invalid UTF-8 chars * Some other fixes Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-tornado: upgrade 6.5.4 -> 6.5.5Ankur Tyagi2026-03-261-1/+1
| | | | | | | | | Security fixes including CVE-2026-31958 https://www.tornadoweb.org/en/stable/releases/v6.5.5.html Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pyjwt: Fix CVE-2026-32597Ankur Tyagi2026-03-262-0/+81
| | | | | | | | | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2026-32597 Backport commit[1] which fixes this vulnerability as mentioned in changelog[2] Dropped changes to the changelog, version bump and tests during backport. [1] https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92 [2] https://github.com/jpadilla/pyjwt/blob/2.12.0/CHANGELOG.rst Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* capnproto: patch CVE-2026-32239 and CVE-2026-32240Gyorgy Sarvari2026-03-262-1/+163
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239 https://nvd.nist.gov/vuln/detail/CVE-2026-32240 Backport the patch that is referenced by the NVD advisories. (Same patch for both vulnerabilities) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.18 -> 8.4.19Ankur Tyagi2026-03-261-1/+1
| | | | | | | https://www.php.net/ChangeLog-8.php#8.4.19 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* ser2net: upgrade 4.6.6 -> 4.6.7Wang Mingyu2026-03-261-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 23d4ba6b96833ce3305a47d63657ae7b46101dd3) ser2net is updated to fix some issues in reloading the configuration. There were some situations that could cause crashes. The bug was actually in gensio, but a workaround has been added to ser2net for older versions of gensio. https://github.com/cminyard/ser2net/releases/tag/v4.6.7 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* pcp: fix SRC_URIGyorgy Sarvari2026-03-261-1/+1
| | | | | | | The branch where the revision was got deleted, so this is just a floating commit now. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hiawatha: fix SRC_URIGyorgy Sarvari2026-03-261-1/+1
| | | | | | | The tarball was moved to a new folder on the source server. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: Fix CVE-2026-3731Deepak Rathore2026-03-263-0/+139
| | | | | | | | | | | Pick the patch [1] and [2] as mentioned in [3] [1] https://git.libssh.org/projects/libssh.git/commit/?id=f80670a7aba86cbb442c9b115c9eaf4ca04601b8 [2] https://git.libssh.org/projects/libssh.git/commit/?id=02c6f5f7ec8629a7cff6a28cde9701ab10304540 [3] https://security-tracker.debian.org/tracker/CVE-2026-3731 Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiv2: patch CVE-2026-27631Gyorgy Sarvari2026-03-263-0/+91
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631 Backport the patches referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiv2: patch CVE-2026-27596Gyorgy Sarvari2026-03-263-0/+97
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596 Backport the commits referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiv2: patch CVE-2026-25884Gyorgy Sarvari2026-03-263-1/+100
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884 Backport the commits referenced by the NVD advisory. One of the patches contain some binary data (for test data), which needs to be applied with git PATCHTOOL.. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* ettercap: patch CVE-2026-3603Gyorgy Sarvari2026-03-262-1/+51
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606 Pick the commit that is marked to solve the related Github issue[1]. Its commit message also references the CVE ID explicitly. [1]: https://github.com/Ettercap/ettercap/issues/1297 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 4.2.28 -> 4.2.29Gyorgy Sarvari2026-03-261-1/+1
| | | | | | | Contains fixes for CVE-2026-25673 and CVE-2026-25674. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 5.2.11 -> 5.2.12Gyorgy Sarvari2026-03-261-1/+1
| | | | | | | | | | | | Ptests passed successfully. Changelog: https://docs.djangoproject.com/en/6.0/releases/5.2.12/ - Fixed CVE-2026-25673 and CVE-2026-25674 - Fixed NameError when inspecting functions making use of deferred annotations in Python 3.14. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* zfs: upgrade 2.2.8 -> 2.2.9Ankur Tyagi2026-03-265-16/+98
| | | | | | | | | | | | | Also include tag in the SRC_URI and refreshed patches. Backported patch 0004-linux-use-sys-stat.h-instead-of-linux-stat.h.patch to resolve build failure with musl. Release Notes: https://github.com/openzfs/zfs/releases/tag/zfs-2.2.9 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* owfs: upgrade 3.2p3 -> 3.2p4Gyorgy Sarvari2026-03-263-51/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that's included in this release. Changelog: v3.2p4 is mainly a bugfix & cleanup release. Enhancements Add support for InfernoEmbedded soft-devices (GH-21) Bug fixes Fix bug (GH-55) related to split packet (GH-64) Fix copy paste bug (474f06d) Add \r to Http header to satisfy RFC2616 specification (GH-20) Maintenance build system cleanup (GH-72, GH-27, GH-16) Fix missing files in source distribution (GH-70, GH-69) Fix compilation with GCC10 (GH-62) Minor fixes Fix typos (GH-43 GH-23) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 58259850fe6302a752548e910198fa080b49ea66) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* packagegroups: fix foldernameGyorgy Sarvari2026-03-261-0/+0
| | | | | | | | | | The correct folder name is "packagegroups", not "packageconfigs". Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 93e33ae8090ad30bb1a145e0fbb677e3e51a0ca4) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* btrfsmaintenance: upgrade 0.5 -> 0.5.2Liu Yiding2026-03-262-11/+11
| | | | | | | | | | | | | | | 1.Changelog: fix syntax error in run_task, preventing jobs to start start scrub jobs sequentially if RAID5 or RAID6 data profile is found fix btrfsmaintenance-refresh.service description 2.Update 0001-change-sysconfig-path-to-etc-default.patch for 0.5.2 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7adb1a61d26d14132f98c5373d2cee2e91b84361) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* postfix: upgrade 3.10.6 -> 3.10.8Wang Mingyu2026-03-091-1/+1
| | | | | | | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 09cc9579d41843bcb74ab7f6f052517d282d6613) Release Notes: https://www.postfix.org/announcements/postfix-3.10.7.html https://www.postfix.org/announcements/postfix-3.10.8.html Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libcacard: upgrade 2.8.1 -> 2.8.2Wang Mingyu2026-03-091-2/+2
| | | | | | | | | | | | | | | | Changelog: ========== - Sort certificates by underlying objects CKA_ID to provide deterministic object order - Avoid using uninitialized memory - Improve test coverage and build scripts - Improve compatibility with modern compilers (avoid strict warnings) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bf0ea3fc286a432e6eb6c1e538d4db4a7455d7f4) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* open62541: upgrade 1.3.15 -> 1.3.17Ankur Tyagi2026-03-091-1/+1
| | | | | | | | | Release Notes: https://github.com/open62541/open62541/releases/tag/v1.3.17 https://github.com/open62541/open62541/releases/tag/v1.3.16 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5Liu Yiding2026-03-091-1/+3
| | | | | | | | | | | | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fcebca61e5cec25f4e34aefa8967cf71a07704ec) Release Notes: https://github.com/NetworkManager/NetworkManager-openvpn/blob/1.12.5/NEWS Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* networkmanager: upgrade 1.52.0 -> 1.52.2Liu Yiding2026-03-091-2/+2
| | | | | | | | | | | | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 14c9d10173aa57ab780bdcf83dbc8859f90291e4) Release Notes: https://github.com/NetworkManager/NetworkManager/blob/1.52.2/NEWS Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nopoll: upgrade 0.4.7.b429 -> 0.4.9.b462Ankur Tyagi2026-03-091-1/+1
| | | | | | | | | | | | | | | 0.4.9 ----- Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.9.txt 0.4.8 ----- Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.8.txt Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nopoll: Upgrade to 0.4.7.b429Jason Schonberg2026-03-091-2/+1
| | | | | | | | | | | | | | Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5f7c5c664162f0e08363783acb7756e9cbfb2cc5) Stable release with bug fixing, support for Debian Stretch and Ubuntu Bionic Release Notes: https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.7.txt Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* frr: upgrade 10.4.2 -> 10.4.3Ankur Tyagi2026-03-091-1/+1
| | | | | | | | Release Notes: https://github.com/FRRouting/frr/releases/tag/frr-10.4.3 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* zabbix: mark CVE-2026-23925 as patchedGyorgy Sarvari2026-03-091-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925 The vulnerability has been fixed since 7.0.18[1], however NVD tracks this CVE without version information. [1]: https://github.com/zabbix/zabbix/commit/89dec866ec7f8230b25f06ac000575e3b7bd4025 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libjxl: mark CVE-2025-12474 and CVE-2026-1837 patchedGyorgy Sarvari2026-03-091-0/+3
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474 https://nvd.nist.gov/vuln/detail/CVE-2026-1837 Both CVEs have been fixed in v0.11.2, but NVD tracks these vulnerabilities without version information. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* pipewire: update 1.4.9 -> 1.4.10Markus Volk2026-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PipeWire 1.4.10 (2026-01-16) This is a small bugfix release that is API and ABI compatible with previous 1.x releases. Highlights - Fix a regression in restoring volumes on nodes. - Clean up timed out stream on pulse-server. - Backport filter-graph channel support. - More small fixes and improvements. PipeWire - Backport the timer queue from 1.5. modules - Fix module leak in module-eq. (#5045) - Fix profiling of multiple drivers when profile.interval.ms is set. (#5061) - Allow both sink and source pulse tunnels with the same name. (#5079) SPA - Emit props events in all cases. (#4610) - Backport some filter-graph changes to make it adapt better to the number of channels of the stream. - Fix some port errors in filter-graph. (#4700) - Avoid a memcpy in the convolver. - Handle some DBus errors better instead of crashing. - Fix AVX2 functions and flags. (#5072) - Limit resampler phases to avoid crashes (#5073) - Support some more channel downmix positions. pulse-server - Clean up timed out streams. (#4901) - Add message to force mono mixdown. GStreamer - Avoid scaling overflow in the clock. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b7bd06e9b4ff1bf55b5ba8943c2547ec8ff6dba7) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libmediaart-2.0: upgrade 1.9.6 -> 1.9.7Gyorgy Sarvari2026-03-091-1/+1
| | | | | | | | | | | | | | This is a bugfix release, fixing some memory leaks and compiler warning (and it also has a couple of commits related to the project's own CI system, which doesn't affect the application) Changelog: https://gitlab.gnome.org/GNOME/libmediaart/-/blob/master/NEWS Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3f6b25f18a00e46bc3b0a72fb8c2f39b28e191a3) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libde265: upgrade 1.0.15 -> 1.0.16Ankur Tyagi2026-03-091-2/+2
| | | | | | | | | | | | | | | Also included tag in the SRC_URI. This release fixes some rare decoding errors and some build issues. Changelog: https://github.com/strukturag/libde265/compare/v1.0.15...v1.0.16 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 625a2be8a8fff0ff8705bf35a858f832e5a27660) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiftool: ignore CVE-2026-3102Gyorgy Sarvari2026-03-091-0/+2
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102 The vulnerability impacts only MacOS - ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-protobuf: mark CVE-2026-0994 patchedGyorgy Sarvari2026-03-091-0/+1
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994 It is fixed already in the currently used version, however NVD tracks it without any version info, so it still shows up in CVE reports. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* unbound: patch CVE-2025-5994Gyorgy Sarvari2026-03-092-0/+280
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5994 Backport the patch[1] provided by upstream, which is linked in the upstream advisory[2] referenced by the NVD report. Tests passed successfully in a locally prepared ptest image. [1]: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-5994_2.diff [1]: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* streamripper: ignore CVE-2020-37065Gyorgy Sarvari2026-03-091-0/+2
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065 The vulnerability is about a 3rd party Windows-only GUI frontend for the streamripper library, and not for the CLI application that the recipe builds. Due to this ignore this CVE. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1571c1a8e5e876db9db744d0a3e3256ac585242b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pillow: patch CVE-2026-25990Gyorgy Sarvari2026-03-092-0/+156
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990 Backport the patch referenced by the NVD advisory. Note that the patch contain some new binary test data, which requires "git" PATCHTOOL - other tools fail to apply binary patches. All ptests passed successfully: Testsuite summary TOTAL: 5011 PASS: 4577 SKIP: 431 XFAIL: 3 FAIL: 0 XPASS: 0 ERROR: 0 DURATION: 59 END: /usr/lib/python3-pillow/ptest 2026-03-06T17:58 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-nltk: upgrade 3.9.2 -> 3.9.3Gyorgy Sarvari2026-03-091-1/+1
| | | | | | | | | | | | | | | | | | Contains fix for CVE-2026-14009. Changelog: * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader * Block path traversal/arbitrary reads in nltk.data for protocol-less refs * Block path traversal/abs paths in corpus readers and FS pointers * Validate external StanfordSegmenter JARs using SHA256 * Add optional sandbox enforcement for filestring() * Maintenance: downloader/zipped models, CI/tooling updates Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 14d464c15094d1758dc14706646a8aa645a3bf34) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libheif: patch CVE-2025-68431Gyorgy Sarvari2026-03-092-1/+29
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68431 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: upgrade 7.1.2-13 -> 7.1.2-15Wang Mingyu2026-03-091-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 853aecb2f9d8ff277c8e47499bbc24f9595e603e) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* ceres-solver: Don't fail if .git/hooks/commit-msg can't be touchedPeter Kjellerstedt2026-03-061-1/+1
| | | | | | | | | | | The .git/hooks/commit-msg Git hook may already exist and not be writable. E.g., in our environment it is a symbolic link to a script in /usr/share. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a22fe21c597b1f7439d863342591d7947ec2ccca) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-flask: Upgrade 3.1.2 -> 3.1.3Leon Anavi2026-03-061-2/+2
| | | | | | | | | | | | | Upgrade to release 3.1.3: - The session is marked as accessed for operations that only access the keys but not the values, such as in and len. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0badc6de53e06045d943143ef70773d6959f1a08) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-werkzeug: upgrade 3.1.5 -> 3.1.6Gyorgy Sarvari2026-03-061-1/+1
| | | | | | | | | | | | Contains fix for CVE-2026-27199 Changelog: safe_join on Windows does not allow special devices names in multi-segment paths Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9cbc4befe55716bfcf60616cd695318a5477b32d) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 02:24:28 +0000