summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* hdf5: patch CVE-2025-6269Ankur Tyagi2025-10-132-0/+295
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-6269 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-2925Ankur Tyagi2025-10-132-0/+54
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-2925 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-2924Ankur Tyagi2025-10-132-0/+40
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-2924 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* hdf5: patch CVE-2025-2923Ankur Tyagi2025-10-132-0/+68
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-2923 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libraw: patch CVE-2025-43964Ankur Tyagi2025-10-132-0/+30
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-43964 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libraw: patch CVE-2025-43963Ankur Tyagi2025-10-132-0/+41
| | | | | | | Details https://nvd.nist.gov/vuln/detail/CVE-2025-43963 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libraw: patch CVE-2025-43961 CVE-2025-43962Ankur Tyagi2025-10-132-1/+112
| | | | | | | | | Details - https://nvd.nist.gov/vuln/detail/CVE-2025-43961 - https://nvd.nist.gov/vuln/detail/CVE-2025-43962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-57807Gyorgy Sarvari2025-10-132-0/+47
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807 Pick the commit mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-57803Gyorgy Sarvari2025-10-132-0/+62
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57803 Pick the commit mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55212Gyorgy Sarvari2025-10-132-0/+57
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212 Pick the patch that mentions the related github advisory in its commit message. Also backport the missing function that the fix uses. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55160Gyorgy Sarvari2025-10-132-0/+162
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55160 Pick the commit that mentions the related github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55154Gyorgy Sarvari2025-10-132-0/+81
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55154 Pick the commit that mentions the related github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55005Gyorgy Sarvari2025-10-132-0/+37
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005 Pick the patch that mentions the relevant github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-55004Gyorgy Sarvari2025-10-132-0/+65
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004 Pick the patch that mentions the relevant github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53101Gyorgy Sarvari2025-10-132-0/+53
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53101 Pick the patch mentioned in the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53019Gyorgy Sarvari2025-10-132-0/+27
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019 Pick the patch mentioned in the related github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53015Gyorgy Sarvari2025-10-133-0/+74
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015 Pick the patches that are mentioned in the relevant github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: patch CVE-2025-53014Gyorgy Sarvari2025-10-132-1/+28
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014 Pick the patch mentioned in the related Github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* exiv2: patch CVE-2025-55304Gyorgy Sarvari2025-10-132-0/+97
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55304 Backport patch mentioned in the details of the vulnerability. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* exiv2: patch CVE-2025-54080Gyorgy Sarvari2025-10-132-0/+78
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-54080 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* exiv2: patch CVE-2025-26623Gyorgy Sarvari2025-10-132-1/+85
| | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26623 Apply the first to PRs from the relevant issue. (The second PR adds a test, and the 3rd PR tries to reimplement correctly the feature that introduced the vulnerability: it is switching some raw pointers to smart pointers. It was not picked because the 1. In the original issue it is stated that the first PR itself fixes the vulnerability 2. The patch doesn't apply clean due to the time gap between our and their version 3. The behavior of the application does not change ) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-39331Gyorgy Sarvari2025-10-132-0/+72
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39331 Pick the patch that's mentioned in thee details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30205Gyorgy Sarvari2025-10-132-0/+39
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30205 Pick the patch that's in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30204Gyorgy Sarvari2025-10-132-0/+61
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30204 Pick the patch that's mentioned in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30203Gyorgy Sarvari2025-10-132-0/+28
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30203 Pick the patch mentioned in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* emacs: patch CVE-2024-30202Gyorgy Sarvari2025-10-132-0/+48
| | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30202 Backport the patch mentioned in the details of the link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libgpiod: update to v2.2.2Bartosz Golaszewski2025-10-131-1/+1
| | | | | | | | | | | This is a bugfix release addressing issues in tools and core library. No API changes. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6914e20d63ab1c4378fc23ebd71b000be5fa131a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libcanberra: Fix sound not playing on Colibri iMX8XPatrick Zacharias2025-10-132-0/+43
| | | | | | | | | | | | | | Canberra does not specify a buffer size, which leads to ALSA rejecting the settings. By specfiying a buffer time of 500ms and a period time with a fourth of that, an appropriate buffer size can be calculated. This behaviour is mimicked from aplay for compatibility. Signed-off-by: Patrick Zacharias <1475802+Fighter19@users.noreply.github.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9d2dc82fcb598e17069855985c56952b1fec3184) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* imagemagick: guard sed operations in do_install for optional filesSana Kazi2025-10-131-6/+17
| | | | | | | | | | | | | | | | When PACKAGECONFIG options like 'cxx' 'webp' and 'xml' are disabled, certain files such as Magick++-config.im7, configure.xml, or delegates.xml are not installed. Unconditionally running sed on these files results in errors during do_install Error: sed: can't read .../image/usr/bin/Magick++-config.im7: No such file or directory Signed-off-by: Nikhil R <nikhilr5@kpit.com> Signed-off-by: Sana Kazi <sanakazi720@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 27469599fa6302a90af252c5148daef26c4b2e81) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* daemonize: update to latest revisionGyorgy Sarvari2025-10-132-48/+1
| | | | | | | | | | | | Drop a patch that has been incorporated into this version. (That is also the changelog - the only change is the accepted patch) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a5cfc39eceb8d5bd0e563458e2d55e7c51cd6beb) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libusbgx: fix example gadget startDenis OSTERLAND-HEIM2025-10-131-1/+1
| | | | | | | | | | | | | | | From variables docu: > Setting it to "0" does not disable inhibition. > Only the empty string will disable inhibition. That means in case of examples enabled we need "" and if not "1" to disable update-rc.d. Signed-off-by: Denis OSTERLAND-HEIM <denis.osterland@diehl.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0ae908de1a5ea3de90e6051f038b3836c7027b0c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* opencv: Support building for nativePeter Kjellerstedt2025-10-011-5/+10
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* glog: Support building for nativePeter Kjellerstedt2025-10-011-0/+2
| | | | | | | This is needed to build opencv-native. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* udisks2: upgrade 2.10.1 -> 2.10.2Saravanan2025-10-011-2/+1
| | | | | | | | | | | | This patch addresses below CVE's: CVE-2025-6019 CVE-2025-8067 Changelog: https://github.com/storaged-project/udisks/releases Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libssh: upgrade 0.11.2 -> 0.11.3Wang Mingyu2025-10-011-1/+1
| | | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* tokyocabinet: fix licenseGyorgy Sarvari2025-10-011-1/+1
| | | | | | The application is distributed under the LGPL license, not GPL. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* tokyocabinet: switch to working SRC_URIGyorgy Sarvari2025-10-011-1/+1
| | | | | | The original source seems to be long gone. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* webkitgtk3: fix do_configure error on beaglebone-yoctoJiaying Song2025-09-181-12/+0
| | | | | | | | | | | | | | | | | | | | | | * According to latest comment [1] and the mentioned pull request [2], build an ENABLE(WEBASSEMBLY) && !ENABLE(JIT) configuration is supported, so original issue already fixed in current version, the EXTRA_OECMAKE setting is not needed anymore. * This EXTRA_OECMAKE setting causes following configure error on beaglebone-yocto, remove the setting to let the configure process decide the configuration: CMake Error at Source/cmake/WebKitFeatures.cmake:312 (message): ENABLE_JIT conflicts with ENABLE_C_LOOP.You must disable one or the other. [YOCTO #15254] [1] https://github.com/WebKit/WebKit/pull/17447 [2] https://github.com/WebKit/WebKit/pull/17688 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* webkitgtk3: fix build failure with DEBUG_BUILD enabledJiaying Song2025-09-182-1/+77
| | | | | | | | | | | | | | | | | It fails to compile webkitgtk when debug build enabled: | /path_to//tmp/work/core2-64-poky-linux/webkitgtk3/2.48.1/webkitgtk-2.48.1/Source/bmalloc/libpas/src/libpas/bmalloc_heap_config.h:82:36: error: inlining failed in call to 'always_inline' 'pas_page_base* bmalloc_heap_config_page_header(uintptr_t)': function not considered for inlining | 82 | PAS_BASIC_HEAP_CONFIG_DECLARATIONS(bmalloc, BMALLOC); | | Add a cmake variable WEBKIT_NO_INLINE_HINTS to disable gcc function attribute `always_inline` when debug build is enabled. And adjust indent as well. Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* fix: CVE-2025-53644Praveen Kumar2025-09-182-0/+30
| | | | | | | | | | | | | | | | OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-53644 Upstream-patch: https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466 Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libiodbc: use gnu17 and ignore incompatible-pointer-types to allow building ↵Martin Jansa2025-09-141-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | with gcc-15 A fix was sent in: https://lists.openembedded.org/g/openembedded-devel/message/116537 but it causes issues with clang as well as older gcc as reported on ML and also in upstream PR: https://github.com/openlink/iODBC/pull/111 Use gnu17 until this is properly resolved to avoid: http://errors.yoctoproject.org/Errors/Details/852861/ In file included from ../../libiodbc-3.52.16/iodbc/execute.c:94: ../../libiodbc-3.52.16/iodbc/execute.c: In function '_ReBindParam': ../../libiodbc-3.52.16/iodbc/execute.c:643:49: error: too many arguments to function 'hproc3'; expected 0, have 8 643 | CALL_DRIVER (pstmt->hdbc, pstmt, retcode, hproc3, | ^~~~~~ http://errors.yoctoproject.org/Errors/Details/853276/ ../../libiodbc-3.52.16/iodbcinst/unicode.c: In function 'dm_AtoUW': ../../libiodbc-3.52.16/iodbcinst/unicode.c:1565:16: error: initialization of 'ucs4_t *' {aka 'unsigned int *'} from incompatible pointer type 'wchar_t *' {aka 'long int *'} [-Wincompatible-pointer-types] 1565 | ucs4_t *us = dest; | ^~~~ Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* freerdp3: add bindir to SYSROOT_DIRSMarc Ferland2025-09-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is required in order to build krdp (KDE's remote desktop integration). The do_configure task for krdp expects both 'winpr-makecert3' and 'winpr-hash3' to be present, failure to do so results in: | CMake Error at /path/to/krdp/6.4.4/recipe-sysroot/usr/lib/cmake/WinPR3/WinPRTargets.cmake:98 (message): | The imported target "winpr-makecert" references the file | | "/path/to/krdp/6.4.4/recipe-sysroot/usr/bin/winpr-makecert3" | | but this file does not exist. Possible reasons include: | | * The file was deleted, renamed, or moved to another location. | | * An install or uninstall procedure did not complete successfully. | | * The installation package was faulty and contained | | "/path/to/6.4.4/recipe-sysroot/usr/lib/cmake/WinPR3/WinPRTargets.cmake" | | but not all the files it references. | | Call Stack (most recent call first): | /path/to/krdp/6.4.4/recipe-sysroot/usr/lib/cmake/WinPR3/WinPRConfig.cmake:44 (include) | /path/to/krdp/6.4.4/recipe-sysroot-native/usr/share/cmake-3.31/Modules/CMakeFindDependencyMacro.cmake:76 (find_package) | /path/to/krdp/6.4.4/recipe-sysroot/usr/lib/cmake/FreeRDP3/FreeRDPConfig.cmake:2 (find_dependency) | CMakeLists.txt:45 (find_package) | | | -- Configuring incomplete, errors occurred! Signed-off-by: Marc Ferland <marc.ferland@sonatest.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6c30f47645c3c16b81801d4427d04c2385daa4cd) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* lcov: Add missing RDEPENDS for nativesdkJef Driesen2025-09-071-0/+6
| | | | | | | | | | When building an SDK with lcov included, gcov isn't included in the SDK by default. Running lcov to generate coverage fails, because it tries to use the gcov binary from the host system instead and that cause problems if the gcc versions do not match. Signed-off-by: Jef Driesen <jefdriesen@telenet.be> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* libssh: upgrade 0.11.1 -> 0.11.2Wang Mingyu2025-09-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management * CVE-2025-5351 - Double free in functions exporting keys * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* c-ares: backport a patch for a memory leakJason Schonberg2025-09-062-0/+22
| | | | | Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* poppler: upgrade 25.06.0 -> 25.08.0Yogita Urade2025-09-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This upgrade includes fix for CVE-2025-50420. poppler 25.08.0 changelog: ========================== core: * FormWidgetSignature::signDocumentWithAppearance: add imagePath parameter * Fix parsing Distinguished Names that end with a hex string * Fix crashes in malformed documents glib: * Add poppler_page_render_transparent_selection() * Add missing since to the documentation poppler 25.07.0 changelog: ========================== core: * Changed rendering of malformed documents to mimic what Adobe Reader does. Issue #1602 * Improvemenst in signature validation in the NSS backend * Add more detailed output when signing fails * Internal code improvements * Fix crashes in malformed documents utils: * pdfsig: command line option for allowing PGP signatures in GnuPG backend Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* syslog-ng: upgrade 4.8.1 -> 4.8.2Praveen Kumar2025-07-271-1/+1
| | | | | | | | | | Includes fix for CVE-2024-47619 Release notes: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2 Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poco: patch CVE-2025-6375Peter Marko2025-07-272-0/+35
| | | | | | | | | Pick commit mentioned in [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spdlog: patch CVE-2025-6140Peter Marko2025-07-272-1/+49
| | | | | | | | | | | Pick commit [1] mentioned in [2] as listed in [3]. [1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094 [2] https://github.com/gabime/spdlog/issues/3360 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poppler: upgrade 25.04.0 -> 25.06.0Yogita Urade2025-07-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Includes fix for CVE-2025-52886 poppler 25.06.0 changelog: ========================== core: * Fix writing dates back to file * Internal code improvements * Fix crashes in malformed documents glib: * Add the ink annotation type * Add missing autopointers definitions utils: * pdfsig: Add assert-signer feature * pdfsig: Return error code on error poppler 25.05.0 changelog: ========================== core: * Fix re-fetching after xref reconstruction. Issue #1584 * Fix compilation with ENABLE_ZLIB_UNCOMPRESS=ON * Various annotation improvements. Issues #642, #1558, #1055 * CairoFontEngine: invalidate broken embedded fonts. Issue #1453 * Splash: Performance improvements * Internal code improvements glib: * Small signature improvements Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>