summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* postgresql: upgrade 17.6 -> 17.7Gyorgy Sarvari2026-01-062-3/+3
| | | | | | | | | | | | | It contains fixes for CVE-2025-12817 and CVE-2025-12818. Changelog: https://www.postgresql.org/docs/release/17.7/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8217b90e941619820c88dbdb4db5e35d171a4157) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.4.15 -> 8.4.16Gyorgy Sarvari2026-01-061-1/+1
| | | | | | | | | | This is a bugfix release, containing fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180. Changelog: https://www.php.net/ChangeLog-8.php#8.4.16 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openvpn: upgrade 2.6.16 -> 2.6.17Gyorgy Sarvari2026-01-061-1/+1
| | | | | | | Contains fix for CVE-2025-13751 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libwebsockets: fix CVE-2025-11678Hugo SIMELIERE2026-01-062-0/+129
| | | | | | | | | | | | | | Backport a fix from Debian: https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch Upstream commit: https://github.com/warmcat/libwebsockets/commit/2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 5fab8bd31b32892acf3d8b56b240a7958890beac) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libwebsockets: fix CVE-2025-11677Hugo SIMELIERE2026-01-062-0/+162
| | | | | | | | | | | | | | Backport a fix from Debian: https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11677.patch Upstream commit: https://github.com/warmcat/libwebsockets/commit/2f082ec31261f556969160143ba94875d783971a Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit da04d7003e65af77667e2c18fa988f0ada62f744) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libcoap: ignore CVE-2025-50518Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518 The vulnerability is disputed by upstream, because the vulnerability requires a user error, incorrect library usage. See also an upstream discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 598176e1cb6c928e322e26d358e8d01ba9d5af0a) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: upgrade 7.1.2-8 -> 7.1.2-12Gyorgy Sarvari2026-01-061-1/+1
| | | | | | | Contains fix for CVE-2025-65955 and CVE-2025-69204. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-14425Gyorgy Sarvari2026-01-062-0/+80
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14425 Backport the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 49732c90c0a4e1b3fc3679456ce2bd2819b144d0) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-14424Gyorgy Sarvari2026-01-062-0/+35
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b16c1a543ac5e997d6d3aa27978393106d5a8937) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-14423Gyorgy Sarvari2026-01-062-0/+107
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 Pick the patch references by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6aa5720e76d632f62f53ed7be7fe649138fbd55c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gimp: patch CVE-2025-14422Gyorgy Sarvari2026-01-062-5/+73
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a0b41204afe57f9b2b3f2e8ff496be72d04e0eb7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: ignore CVE-2025-68118Gyorgy Sarvari2026-01-061-0/+1
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 It is a Windows only vulnerability, ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fetchmail: patch CVE-2025-61962Ankur Tyagi2026-01-062-0/+52
| | | | | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 0d9da1105276f04cb23046de5f31fc75f09e2e89) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* civetweb: ignore CVE-2025-9648Gyorgy Sarvari2026-01-061-1/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648 It is already fixed in the currently used version. Also, update CVE-2025-55763's status to "fixed-version" (so it will be marked as "Patched" in the CVE report instead of "Ignored") Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bfb76da63bd141173aeb71ce91c336b8aa557a5f) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: ignore CVE-2025-26594...26601Gyorgy Sarvari2026-01-061-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26594 https://nvd.nist.gov/vuln/detail/CVE-2025-26595 https://nvd.nist.gov/vuln/detail/CVE-2025-26596 https://nvd.nist.gov/vuln/detail/CVE-2025-26597 https://nvd.nist.gov/vuln/detail/CVE-2025-26598 https://nvd.nist.gov/vuln/detail/CVE-2025-26599 https://nvd.nist.gov/vuln/detail/CVE-2025-26600 https://nvd.nist.gov/vuln/detail/CVE-2025-26601 TigerVNC compiles its own xserver, this is why these CVEs are associated with it - despite the vulnerabilities being in xserver. All of these vulnerabilities were fixed by the same PR[1], which has been part of xserver since version 21.1.16 (the currently used xserver version in TigerVNC is 21.1.18). Due to this, ignore these vulnerabilities, and just mark them as patched. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4924e89bb77fe5486063229c50039a458d60f8ea) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: ignore CVE-2023-6478Gyorgy Sarvari2026-01-061-0/+1
| | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478 TigerVNC compiles its own xserver, this is why this CVE is associated with it - despite the vulnerability being in xserver. The vulnerability was fixed by [1] (from the nvd report), which has been backported[2] to the xserver version used by the recipe - so ignore the CVE, since it's patched already. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632 [2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 62a78f8ba7c8bd229cc82cf81bcc6a6d8116ebca) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: ignore CVE-2023-6377Gyorgy Sarvari2026-01-061-0/+1
| | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377 TigerVNC compiles its own xserver, this is why this CVE is associated with it - despite the vulnerability being in xserver. The vulnerability was fixed by [1] (from the nvd report), which has been backported[2] to the xserver version used by the recipe - so ignore the CVE, since it's patched already. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd [2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f691f2178b15eec22f09a1c17b9945fad4e330e6) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: sync xserver code with oe-coreGyorgy Sarvari2026-01-061-2/+2
| | | | | | | | | | | TigerVNC compiles its own xserver. Synchronize the xserver version with oe-core. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fadb9c05709dae9e817a50e4d99093d4e2937933) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tigervnc: fix typo in CVE_STATUSGyorgy Sarvari2026-01-061-1/+1
| | | | | | | | | | Forgot to add the CVE- prefix in previous patch. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2f913279d4926ab92b97ffbb7c53031835b393bd) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fio: ignore CVE-2025-10824Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824 The upstream maintainer wasn't able to reproduce the issue[1], and the related bug is closed without further action. [1]: https://github.com/axboe/fio/issues/1981 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a275078cbeaa0fafcfa4eb60ca69f05a8fe3df99) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dovecot: patch CVE-2025-30189Gyorgy Sarvari2026-01-068-0/+489
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 Pick the patches referenced by the advisory[1] from the Full Disclosure list. [1]: https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cups-filters: patch CVE-2025-64524Gyorgy Sarvari2026-01-062-5/+87
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 056ee43dd1d0e46a9b40339e877a4bf76cf8196b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cifs-utils: patch CVE-2025-2312Gyorgy Sarvari2026-01-062-1/+138
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312 Pick the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* c-ares: upgrade 1.34.5 -> 1.34.6Jason Schonberg2026-01-062-23/+1
| | | | | | | | | | | | | | Drop memory leak patch which has already been included in this new version. The new version also includes a fix for CVE 2025-62408. Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 996768e0800a008e06d6c8d305f443198d4df847) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* minio: ignore irrelevant CVEsGyorgy Sarvari2026-01-061-0/+6
| | | | | | | | | | | | | | | | The minio umbrella covers multiple projects. The recipe itself builds "minio client", which is a set of basic tools to query data from "minio server" - like ls, mv, find... The CVEs were files against minio server. Looking at the go mod list, this recipe doesn't use minio server even as a build dependency - so ignore the CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df462075be855c60117af661dbce1836c652fc16) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* accountsservice: ignore CVE-2023-3297Gyorgy Sarvari2026-01-061-0/+2
| | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297 The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is not present in the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 071a45c9d76c9a222c8fbaa50089a8af44f44e74) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* fex: ignore unrelated CVEsGyorgy Sarvari2026-01-051-0/+6
| | | | | | | | | | | | | These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b990486203b8eca688cfb6fc9bebf8b138e0b334) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRAMingli Yu2025-12-171-0/+2
| | | | | | | | | | | | Most host gcc doesn't support -fcanon-prefix-map right now, so empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error. | gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 31a08525bedd960c21214f84c256f67c6090bb5a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libplist: Fix buildpaths in ptestsKhem Raj2025-12-171-4/+6
| | | | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> (cherry picked from commit 3a6b83c075e606c1bf2b46b9c51bbe22ff4c72c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gflags: switch Git branch from master to mainViswanath Kraleti2025-12-171-1/+1
| | | | | | | | Update SRC_URI to use the 'main' branch instead of 'master' since the upstream GitHub repository has renamed its default branch. Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-huey: Upgrade 2.5.4 -> 2.5.5Leon Anavi2025-12-171-1/+1
| | | | | | | | | | | | Upgrade to release 2.5.5: - Fix for pypi Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7954f37b3ca479b4b086e887afc7ddc03d7f9eb2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2Leon Anavi2025-12-171-6/+3
| | | | | | | | | | | | | | | Upgrade to release 3.1.2: - Fix pickling of abstract base classes containing type annotations for Python 3.14. License-Update: Use file LICENSE Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b428f675752f1f83bed691cb9b58adf48212aaea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-polyline: Upgrade 2.0.3 -> 2.0.4Leon Anavi2025-12-171-1/+1
| | | | | | | | | | | | Upgrade to release 2.0.4: - Add py.typed marker Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 71055538b53c2fd60ea9c3a84a6d01fab5fa58ae) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-sqlparse: upgrade 0.5.3 -> 0.5.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============= Enhancements --------------- * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an '--in-place' flag for in-place editing * Add 'ATTACH' and 'DETACH' to PostgreSQL keywords * Add 'INTERSECT' to close keywords in WHERE clause * Support 'REGEXP BINARY' comparison operator Bug Fixes ---------- * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks * Fix splitting on semicolons inside BEGIN...END blocks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 705abb20c1ec1d780183eef9ffd2a02894ef42e6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pymodbus: upgrade 3.11.3 -> 3.11.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: full support for python 3.14 and a number of packages (like mypy) have been updated. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b745baf4784f01b1eed82607d0d69004df6ed025) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-pybcj: upgrade 1.0.6 -> 1.0.7Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | Changelog: ============ - Support for python 3.14 - ci: fix test and release workflows Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 797e29ed4222dad9539f72c846e3435c92d50604) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-gmpy2: upgrade 2.2.1 -> 2.2.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e274146fa454127ca6483a02f6a4c30ac733fa3c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-eventlet: upgrade 0.40.3 -> 0.40.4Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | Changelog: ============ * Remove legacy setuptools configuration files * add 3.14 to supported versions * Emit warning on startup that eventlet is deprecated * Fix Python 3.14 on macOS * Workaround for #1068 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 768580103b8df1bf41ffb3f2f81c141057c2d0d9) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 4.2.25 -> 4.2.26Ankur Tyagi2025-12-171-2/+2
| | | | | | | | | | | Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.26/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5551a12170f347cd9e50d2c57fefa3967a4f80c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-django: upgrade 5.2.7 -> 5.2.8Ankur Tyagi2025-12-171-1/+1
| | | | | | | | | | | Release Notes: https://docs.djangoproject.com/en/dev/releases/5.2.8/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8247a68d540ed9154cecf92f4e4612f1c0ba0490) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-rich-argparse: upgrade 1.7.1 -> 1.7.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | Changelog: Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 18aaa7d8a6f326c13d3963ac7501ce54aaa066e0) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-moteus: upgrade 0.3.95 -> 0.3.96Wang Mingyu2025-12-171-1/+1
| | | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ddca2bae90f702c45a1c84e4af5fc086d52aaa50) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* python3-gpt-image: upgrade 0.9.0 -> 0.9.1Wang Mingyu2025-12-171-2/+2
| | | | | | | | | | | | | Changelog: Partition commit offset calculation License-Update: file type changed to "ASCII text" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dc53efed84fd3c0239edea5aeba789a3b626edfe) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* e2tools: Fix buildpaths in ptestsKhem Raj2025-12-171-1/+15
| | | | | | | | | | | Currently the path checks are escaping QA check for buildpath detection but config.status still has paths which show up in reproduciblity failures, comparing build in path A and build in path B, content of config.status don't end up same. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0856c5613234c61d809b9c983bc45c750144ebd8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nautilus: upgrade 49.1 -> 49.2Wang Mingyu2025-12-171-1/+1
| | | | | | | | | | | | | | | | * Bugfixes: - Fix handling of unset XDG directories - Reduce memory usage of thumbnails by correct scaling - Fix potential rescaling of item when switching to cut icon - Fix crash on empty file lists in drops - Correct sorting of loopback devices - Don't skip the first file from operation progress monitoring Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 90343e19902d5bb341461d1e7255b5829c894a85) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp-tools: upgrade 0.12.1 -> 0.12.2Gyorgy Sarvari2025-12-171-1/+1
| | | | | | | | | | | | | | | | | | Changelog: - Common: - Remove deprecated libxml calls - AV CP: - Remove some stray debug output - EventDumper: - Code cleanup - Uploader: - Fix parsing the Browse result Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 25540bf356b601a4fa6f49c6f935f49f899c616a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp-av: upgrade 0.14.1 -> 0.14.4Gyorgy Sarvari2025-12-172-49/+3
| | | | | | | | | | | | | | | | | | | | | Drop patch that is included in this release. Changelog: 0.14.4: - Move documentation to gi-docgen 0.14.3: - CI fixes 0.14.2: - xml: Fix compatibility with libxml2 2.12.x - Add missing array annotation - build: Fix Requires: line of pkg-config file - Loosen restriction on dc:date verification Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b8d9e45b6912800c0d78f3cc6b53160cec79f28c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gupnp: upgrade 1.6.6 -> 1.6.9Gyorgy Sarvari2025-12-172-36/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was incorporated in this release. Changelog: 1.6.9: - Linux-CM: Fix a potential memory leak - Fix documentation link for libsoup - Fix unnecessary g_thread_unref in tests - Fix issues with Since: in documentation 1.6.8: - ServiceProxyAction: Remove some left-over debug output - ServiceProxyAction: Stop leaking the HTTP response - Docs: Fix various issues - ServiceProxyAction: Add get_value_as() - Linux-CM: Silence a false-positive with scan-build 1.6.7: - Fix compatiblity with libxml2 2.12.x - Improve reproducability - ControlPoint: Fix re-scan - ContextManager: Fix boot-id update - Context: Fix crash if served URI is not an IP address Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dd108a46f88102a998a71c41f14ee6aec1ea90ea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* gssdp: upgrade 1.6.3 -> 1.6.4Gyorgy Sarvari2025-12-172-36/+1
| | | | | | | | | | | | | | | | Drop patch that was incorporated in this release. Shortlog (without CI-changes): client: Format Since/Deprecated versions in a way gi-docgen can parse Fix template to use local mirror gssdp-enums.c.template: use basename instead of filename resource-browser: Make regex pattern static Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a78826db861060ac04a27ea5b388c48dd668c7a6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openipmi: Pass BUILD_CFLAGS to BUILD_CCMingli Yu2025-12-172-0/+36
| | | | | | | | | | | | | | | | | | | | * The option -fcanon-prefix-map is added to CFLAGS after the commit [1] introduced and result in the below build error. Making all in sdrcomp make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp' aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? * Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue. [1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c41fb791faaebf9e86b021d039d860ccf5ff45f1) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-22 00:36:53 +0000