summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tigervnc: fix typo in CVE_STATUSGyorgy Sarvari2026-01-061-1/+1
| | | | | | | | | | Forgot to add the CVE- prefix in previous patch. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2f913279d4926ab92b97ffbb7c53031835b393bd) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fio: ignore CVE-2025-10824Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824 The upstream maintainer wasn't able to reproduce the issue[1], and the related bug is closed without further action. [1]: https://github.com/axboe/fio/issues/1981 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a275078cbeaa0fafcfa4eb60ca69f05a8fe3df99) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dovecot: patch CVE-2025-30189Gyorgy Sarvari2026-01-068-0/+489
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 Pick the patches referenced by the advisory[1] from the Full Disclosure list. [1]: https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cups-filters: patch CVE-2025-64524Gyorgy Sarvari2026-01-062-5/+87
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 056ee43dd1d0e46a9b40339e877a4bf76cf8196b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cifs-utils: patch CVE-2025-2312Gyorgy Sarvari2026-01-062-1/+138
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312 Pick the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* c-ares: upgrade 1.34.5 -> 1.34.6Jason Schonberg2026-01-062-23/+1
| | | | | | | | | | | | | | Drop memory leak patch which has already been included in this new version. The new version also includes a fix for CVE 2025-62408. Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 996768e0800a008e06d6c8d305f443198d4df847) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* minio: ignore irrelevant CVEsGyorgy Sarvari2026-01-061-0/+6
| | | | | | | | | | | | | | | | The minio umbrella covers multiple projects. The recipe itself builds "minio client", which is a set of basic tools to query data from "minio server" - like ls, mv, find... The CVEs were files against minio server. Looking at the go mod list, this recipe doesn't use minio server even as a build dependency - so ignore the CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df462075be855c60117af661dbce1836c652fc16) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* accountsservice: ignore CVE-2023-3297Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297 The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is not present in the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 071a45c9d76c9a222c8fbaa50089a8af44f44e74) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fex: ignore unrelated CVEsGyorgy Sarvari2026-01-051-0/+6
| | | | | | | | | | | | | These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b990486203b8eca688cfb6fc9bebf8b138e0b334) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRAMingli Yu2025-12-171-0/+2
| | | | | | | | | | | | Most host gcc doesn't support -fcanon-prefix-map right now, so empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error. | gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 31a08525bedd960c21214f84c256f67c6090bb5a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libplist: Fix buildpaths in ptestsKhem Raj2025-12-171-4/+6
| | | | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> (cherry picked from commit 3a6b83c075e606c1bf2b46b9c51bbe22ff4c72c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gflags: switch Git branch from master to mainViswanath Kraleti2025-12-171-1/+1
| | | | | | | | Update SRC_URI to use the 'main' branch instead of 'master' since the upstream GitHub repository has renamed its default branch. Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-huey: Upgrade 2.5.4 -> 2.5.5Leon Anavi2025-12-171-1/+1
| | | | | | | | | | | | Upgrade to release 2.5.5: - Fix for pypi Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7954f37b3ca479b4b086e887afc7ddc03d7f9eb2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2Leon Anavi2025-12-171-6/+3
| | | | | | | | | | | | | | | Upgrade to release 3.1.2: - Fix pickling of abstract base classes containing type annotations for Python 3.14. License-Update: Use file LICENSE Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b428f675752f1f83bed691cb9b58adf48212aaea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-polyline: Upgrade 2.0.3 -> 2.0.4Leon Anavi2025-12-171-1/+1
| | | | | | | | | | | | Upgrade to release 2.0.4: - Add py.typed marker Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 71055538b53c2fd60ea9c3a84a6d01fab5fa58ae) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-sqlparse: upgrade 0.5.3 -> 0.5.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============= Enhancements --------------- * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an '--in-place' flag for in-place editing * Add 'ATTACH' and 'DETACH' to PostgreSQL keywords * Add 'INTERSECT' to close keywords in WHERE clause * Support 'REGEXP BINARY' comparison operator Bug Fixes ---------- * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks * Fix splitting on semicolons inside BEGIN...END blocks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 705abb20c1ec1d780183eef9ffd2a02894ef42e6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pymodbus: upgrade 3.11.3 -> 3.11.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: full support for python 3.14 and a number of packages (like mypy) have been updated. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b745baf4784f01b1eed82607d0d69004df6ed025) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pybcj: upgrade 1.0.6 -> 1.0.7Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | Changelog: ============ - Support for python 3.14 - ci: fix test and release workflows Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 797e29ed4222dad9539f72c846e3435c92d50604) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-gmpy2: upgrade 2.2.1 -> 2.2.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e274146fa454127ca6483a02f6a4c30ac733fa3c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-eventlet: upgrade 0.40.3 -> 0.40.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | Changelog: ============ * Remove legacy setuptools configuration files * add 3.14 to supported versions * Emit warning on startup that eventlet is deprecated * Fix Python 3.14 on macOS * Workaround for #1068 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 768580103b8df1bf41ffb3f2f81c141057c2d0d9) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 4.2.25 -> 4.2.26Ankur Tyagi2025-12-171-2/+2
| | | | | | | | | | | Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.26/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5551a12170f347cd9e50d2c57fefa3967a4f80c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 5.2.7 -> 5.2.8Ankur Tyagi2025-12-171-1/+1
| | | | | | | | | | | Release Notes: https://docs.djangoproject.com/en/dev/releases/5.2.8/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8247a68d540ed9154cecf92f4e4612f1c0ba0490) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-rich-argparse: upgrade 1.7.1 -> 1.7.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 18aaa7d8a6f326c13d3963ac7501ce54aaa066e0) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-moteus: upgrade 0.3.95 -> 0.3.96Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ddca2bae90f702c45a1c84e4af5fc086d52aaa50) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-gpt-image: upgrade 0.9.0 -> 0.9.1Wang Mingyu2025-12-171-2/+2
| | | | | | | | | | | | | Changelog: Partition commit offset calculation License-Update: file type changed to "ASCII text" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dc53efed84fd3c0239edea5aeba789a3b626edfe) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* e2tools: Fix buildpaths in ptestsKhem Raj2025-12-171-1/+15
| | | | | | | | | | | Currently the path checks are escaping QA check for buildpath detection but config.status still has paths which show up in reproduciblity failures, comparing build in path A and build in path B, content of config.status don't end up same. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0856c5613234c61d809b9c983bc45c750144ebd8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nautilus: upgrade 49.1 -> 49.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | * Bugfixes: - Fix handling of unset XDG directories - Reduce memory usage of thumbnails by correct scaling - Fix potential rescaling of item when switching to cut icon - Fix crash on empty file lists in drops - Correct sorting of loopback devices - Don't skip the first file from operation progress monitoring Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 90343e19902d5bb341461d1e7255b5829c894a85) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp-tools: upgrade 0.12.1 -> 0.12.2Gyorgy Sarvari2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | Changelog: - Common: - Remove deprecated libxml calls - AV CP: - Remove some stray debug output - EventDumper: - Code cleanup - Uploader: - Fix parsing the Browse result Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 25540bf356b601a4fa6f49c6f935f49f899c616a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp-av: upgrade 0.14.1 -> 0.14.4Gyorgy Sarvari2025-12-172-49/+3
| | | | | | | | | | | | | | | | | | | | | Drop patch that is included in this release. Changelog: 0.14.4: - Move documentation to gi-docgen 0.14.3: - CI fixes 0.14.2: - xml: Fix compatibility with libxml2 2.12.x - Add missing array annotation - build: Fix Requires: line of pkg-config file - Loosen restriction on dc:date verification Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b8d9e45b6912800c0d78f3cc6b53160cec79f28c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp: upgrade 1.6.6 -> 1.6.9Gyorgy Sarvari2025-12-172-36/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was incorporated in this release. Changelog: 1.6.9: - Linux-CM: Fix a potential memory leak - Fix documentation link for libsoup - Fix unnecessary g_thread_unref in tests - Fix issues with Since: in documentation 1.6.8: - ServiceProxyAction: Remove some left-over debug output - ServiceProxyAction: Stop leaking the HTTP response - Docs: Fix various issues - ServiceProxyAction: Add get_value_as() - Linux-CM: Silence a false-positive with scan-build 1.6.7: - Fix compatiblity with libxml2 2.12.x - Improve reproducability - ControlPoint: Fix re-scan - ContextManager: Fix boot-id update - Context: Fix crash if served URI is not an IP address Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dd108a46f88102a998a71c41f14ee6aec1ea90ea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gssdp: upgrade 1.6.3 -> 1.6.4Gyorgy Sarvari2025-12-172-36/+1
| | | | | | | | | | | | | | | | Drop patch that was incorporated in this release. Shortlog (without CI-changes): client: Format Since/Deprecated versions in a way gi-docgen can parse Fix template to use local mirror gssdp-enums.c.template: use basename instead of filename resource-browser: Make regex pattern static Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a78826db861060ac04a27ea5b388c48dd668c7a6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openipmi: Pass BUILD_CFLAGS to BUILD_CCMingli Yu2025-12-172-0/+36
| | | | | | | | | | | | | | | | | | | | * The option -fcanon-prefix-map is added to CFLAGS after the commit [1] introduced and result in the below build error. Making all in sdrcomp make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp' aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? * Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue. [1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c41fb791faaebf9e86b021d039d860ccf5ff45f1) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libcoap: upgrade 4.3.5 -> 4.3.5aPeter Marko2025-12-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog [1]: * Fixes the following CVEs CVE-2025-59391 CVE-2025-65494 CVE-2025-65495 CVE-2025-65496 CVE-2025-65497 CVE-2025-65498 CVE-2025-65499 CVE-2025-65500 CVE-2025-65501 * CVE-2025-50518 not fixed as user application error. * Support for Mbed TLS 3.6.3. * Support for RIOT update changes. * Fixes for later CI environment builds. * Critical reported bugs fixed. Add tag to SRC_URI for hash verification. License-Update: copyright years refreshed [2] [1] https://github.com/obgm/libcoap/blob/v4.3.5a/ChangeLog [2] https://github.com/obgm/libcoap/commit/993c12ac92ce6a24a409924fe78a5c0fe7246699 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6a9cc44a92a1fb817d68de3190219626dcf96d2d) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* postfix: upgrade 3.10.5 -> 3.10.6Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit cde1da5ec1cc7d5edfab7f65d95dfb9afff09682) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libdaq: upgrade 3.0.22 -> 3.0.23Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: api: add tcp flag in DAQ flow stats Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8c3baf61d0394c8698c935d43bd8267f41392590) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* pgpool2: 4.6.3 -> 4.6.4Liu Yiding2025-12-173-379/+1
| | | | | | | | | | | Drop 0001-snprintf-Add-math.h-to-ensure-isnan-and-isinf-are-de.patch and v1-0001-Make-time-calculations-always-long-long.patch as those were merged upstream. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7fb4910ccb6a156bf67eb773ff1b421b30536b58) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openvpn: upgrade 2.6.15 -> 2.6.16Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code maintenance / Compat changes --------------------------------- - adapt to new "encrypt-then-mac" cipher suites in OpenSSL 3.6.0 - these need special handling which we don't do, so the t_lpback self-test failed on them. Exclude from list of allowed ciphers, as there is no strong reason today to make OpenVPN use these. - fix various compile-time warnings Documentation updates --------------------- - fix outdated and non-HTTPS URLs throughout the tree (doxygen, warnings, manpage, ...) Bugfixes -------- - Fix memcmp check for the hmac verification in the 3way handshake. This bug renders the HMAC based protection against state exhaustion on receiving spoofed TLS handshake packets in the OpenVPN server inefficient. CVE: 2025-13086 - fix invalid pointer creation in tls_pre_decrypt() - technically this is a memory over-read issue, in practice, the compilers optimize it away so no negative effects could be observed. - Windows: in the interactive service, fix the "undo DNS config" handling. - Windows: in the interactive service, disallow using of "stdin" for the config file, unless the caller is authorized OpenVPN Administrator - Windows: in the interactive service, change all netsh calls to use interface index and not interface name - sidesteps all possible attack avenues with special characters in interface names. - Windows: in the interactive service, improve error handling in some "unlikely to happen" paths. - auth plugin/script handling: properly check for errors in creation on $auth_failed_reason_file (arf). - for incoming TCP connections, close-on-exec option was applied to the wrong socket fd, leaking socket FDs to child processes. - sitnl: set close-on-exec flag on netlink socket - ssl_mbedtls: fix missing perf_pop() call (optional performance profiling) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 351ac662131944f4c40ea8410a0077cc715053a2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* apache2: upgrade 2.4.65 -> 2.4.66Valeria Petrov2025-12-171-1/+1
| | | | | | | | | | | | | | | | | Security fixes: - CVE-2025-66200 - CVE-2025-65082 - CVE-2025-59775 - CVE-2025-58098 - CVE-2025-55753 See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 220835dac9a39dda9112dcd5383aafc9ad552590) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* swagger-ui: upgrade 5.30.2 -> 5.30.3Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | Changelog: ========== - deps: update vulnerable @release-it/conventional-changelog to 10.0.2 - deps: update vulnerable dependencies (js-yaml & glob) - utils: handle sanitizing multi-level relative paths Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fad70abdb36e42eda376fd5ed0275c1dfbdea403) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fcgi: upgrade 2.4.6 -> 2.4.7Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 39f1d58d2bdc189b65f7752122490c37898a52d8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libmng: correct version of libmngChangqing Li2025-12-172-1/+34
| | | | | | | | | | | Current version is 2.0.3, the lastrelease of libmng is in 2015, add a patch to fix it Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c91f9c0a4bd7175c108ff89d8e80a134c84d7e1a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* version-check.conf: mute version mismatch warning for bpftraceChangqing Li2025-12-171-0/+1
| | | | | | | | | | | | bpftrace set the version by "git describe --dirty", since we have local patch for bpftrace, '-dirty' will be added into the version, set CHECK_VERSION_PV to mute the version mismatch warning Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 219328f37cbf6aa4b2d7b77d21e00240543d73ad) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* version-check.conf: mute version mismatch warning for fliteChangqing Li2025-12-171-0/+1
| | | | | | | | | | | | | | | * flite --version return 1 block version output for check-version-mismatch.bbclass * even with version output flite-2.2-current, regular version match regexp cannot match the version so mute version mismatch warning for flite Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d819512cb3d9e58e7f664aa11cd00b797f219af7) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* psqlodbc: upgrade 17.00.0006 -> 17.00.0007Wang Mingyu2025-12-173-85/+17
| | | | | | | | | | | | | | add-expected-output-file-for-descrec-test.patch removed since it's included in 17.00.0007 psqlodbc-fix-for-ptest-support.patch refreshed for 17.00.0007 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 967e5c9e0f358af97477da66f3f8547fa19764bb) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libnice: upgrade 0.1.22 -> 0.1.23Wang Mingyu2025-12-171-3/+3
| | | | | | | | | | License-Update: Add SPDX-License-Identifier for added clarity Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 58974f72d122b78b7d65557e061677fafa83cc3e) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* asyncmqtt: upgrade 10.2.5 -> 10.2.6Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | Changelog: ============== * Removed unintentional copy requiment from some of async functions parameter. * Fixed Heap-use-after-free during broker shutdown. * Rifined documents. * Added TLS Websocket verify none port to broker for browser. * Added Cerfiticate file's digitalSignature to keyUsage. * Fixed wss connection from Web Browser handshake failed problem. * Changed trial broker on `async-mqtt.redboltz.net` ws and wss port. * ws was 10080 but Chrome block it by default. Updated to 80. * wss was 10443 but Chrome doesn't block it by default. But for consistency, updated to 443. * system_test still uses 10080 and 10443 to avoid conflict. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 43779307f45dae2b790e0cba906959950df85fb2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: inherit pkgconfigChangqing Li2025-12-171-1/+4
| | | | | | | | | | | inherit pkgconfig, and fix install conflict when enable multilib, this can also improve reproducibility Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a2f2c06ec813bfc93718b1851a207343aaa7c663) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* crash: add zlib-native to depends for crash-crossYi Zhao2025-12-171-0/+2
| | | | | | | | | | | | | | Fix the following error when using buildtools-extended: va_server.c:20:10: fatal error: zlib.h: No such file or directory 20 | #include <zlib.h> | ^~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bd745115de76de7242e3e7e69b29f1ae507fea13) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fuse3: Fix build with clang on riscv32Khem Raj2025-12-171-0/+3
| | | | | | | | | | | | | Clang needs 64-bit atomics on rv32 here and builtins does not have them so help it by linking with libatomic Fixes riscv32-yoe-linux-musl-ld.lld: error: undefined symbol: __atomic_fetch_add_8 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e3257c3360a732914ae02a07a7c0fe8c845a492f) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* trace-cmd: Update SRC_URI to use HTTPS protocolyuyu2025-12-171-1/+1
| | | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f00b6ad12f2fead06487711c48544b3dd62bb987) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 00:25:29 +0000