30978 Commits

Author SHA1 Message Date
Ankur Tyagi
07c2b52840 nodejs: upgrade 20.20.0 -> 20.20.2
License Update: Update minimatch to the Blue Oak Model License[1]

nodejs LTS releases containing security and bugfixes.

https://nodejs.org/en/blog/release/v20.20.1
https://nodejs.org/en/blog/release/v20.20.2

[1] f0ef221b0d

Ptests passed:

root@qemux86:~# ptest-runner nodejs
START: ptest-runner
2026-04-09T10:37
BEGIN: /usr/lib/nodejs/ptest
Running main() from /usr/src/debug/nodejs/20.20.2/deps/googletest/src/gtest_main.cc
[==========] Running 152 tests from 23 test suites.
[----------] Global test environment set-up.
...
...
[----------] Global test environment tear-down
[==========] 152 tests from 23 test suites ran. (30533 ms total)
[  PASSED  ] 152 tests.
PASS: nodejs
DURATION: 31
END: /usr/lib/nodejs/ptest
2026-04-09T10:37
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Gyorgy Sarvari
42bf9aa27a mbedtls: upgrade 3.6.5 -> 3.6.6
Contains fixes for CVE-2026-25833, CVE-2026-25834, CVE-2026-25835,
CVE-2026-34872, CVE-2026-34873, CVE-2026-34874 and CVE-2026-34875.

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6

Ptests passed:

root@qemux86:~# ptest-runner mbedtls
START: ptest-runner
2026-04-09T10:41
BEGIN: /usr/lib/mbedtls/ptest
...
...
DURATION: 508
END: /usr/lib/mbedtls/ptest
2026-04-09T10:49
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit fe1b038cd814102b317c6896f265019909a67de8)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
39924b5b88 libvncserver: fix CVE-2026-32854
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32854

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
c56964fcf2 libvncserver: fix CVE-2026-32853
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32853

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
964432f3af libraw: ignore CVE-2026-5318
Vulnerability exists in the function which was added in version 0.22.0[1]

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-5318

[1] 12b0e5d60c

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
d17d94e0e0 libde265: upgrade 1.0.12 -> 1.0.16
Dropped patches which are part of the upstream version.

https://github.com/strukturag/libde265/releases/tag/v1.0.16
https://github.com/strukturag/libde265/releases/tag/v1.0.15
https://github.com/strukturag/libde265/releases/tag/v1.0.14
https://github.com/strukturag/libde265/releases/tag/v1.0.13

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Gyorgy Sarvari
7e723ad1c7 giflib: patch CVE-2025-31344
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344

Backport the commit that mentions this CVE ID explicitly
in its message.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
6d5a42a5e0 freerdp3: fix CVE-2026-33984
Detaisl: https://nvd.nist.gov/vuln/detail/CVE-2026-33984

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
262e656885 freerdp3: fix CVE-2026-31897
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31897

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
73ae0a8034 freerdp3: fix CVE-2026-31806
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31806

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
7025c461c7 freerdp3: fix CVE-2026-29776
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29776

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
1bc75cd389 freerdp3: fix CVE-2026-29775
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29775

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
2d96f24f2d freerdp3: fix CVE-2026-29774
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29774

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
53ab8b4a5a freerdp3: fix CVE-2026-24683
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24683

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
2beb2f81e7 freerdp3: fix CVE-2026-24682
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24682

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
799cfe0cfa freerdp3: fix CVE-2026-24681
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24681

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
b343c96d52 freerdp3: fix CVE-2026-24680 and CVE-2026-27950
There was only SDL2 client until commit[1] created SDL2 and SDL3 clients
from version 3.6.0 onwards.
[1] 8281186a6d

Details:
https://nvd.nist.gov/vuln/detail/CVE-2026-24680
https://nvd.nist.gov/vuln/detail/CVE-2026-27950

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
27ba3fb054 freerdp3: fix CVE-2026-24679
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24679

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
09cd8e482a freerdp3: ignore CVE-2026-24677 and CVE-2026-24678
Both vulnerabilities exists in the functions which were added in
version 3.6.0[1]

Details:
https://nvd.nist.gov/vuln/detail/CVE-2026-24677
https://nvd.nist.gov/vuln/detail/CVE-2026-24678

[1] a81d111ac4

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
8cc0cd3deb freerdp3: fix CVE-2026-24676
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24676

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
4784f85b09 freerdp3: fix CVE-2026-24675
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24675
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
c9763be62b freerdp3: fix CVE-2026-24491
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24491

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
a0221753e4 freerdp3: fix CVE-2026-23948
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23948

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
21af1f7e13 freerdp3: fix CVE-2026-33952
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33952

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
421f659e20 freerdp3: fix CVE-2026-25941
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25941

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi
7cc6fe87bc abseil-cpp: ignore CVE-2025-0838
The commit[1] mentioned in the NVD[2] is part of the current version[3].

[1] 5a0e2cb5e3
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-0838
[3] 54fac219c4

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Hitendra Prajapati
d086d0b43e nginx: Fix for CVE-2026-28755
Pick patch from [1] which mentioned in debian report [2]
[1] 78f5814877
[2] https://security-tracker.debian.org/tracker/CVE-2026-28755

Note: Add different patch for both version to resolve fuzz issue.

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:15 +05:30
Hitendra Prajapati
9310c3b1a4 nginx: Fix for CVE-2026-27784
Pick patch from [1] which mentioned in debian report with [2]
[1] b23ac73b00
[2] https://security-tracker.debian.org/tracker/CVE-2026-27784

More details: https://nvd.nist.gov/vuln/detail/CVE-2026-27784

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:31:29 +05:30
Vijay Anusuri
1ad0d777d1
strongswan: Fix CVE-2026-25075
Pick patch according to [1]

[1] https://download.strongswan.org/security/CVE-2026-25075/
[2] https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:48 +05:30
Markus Volk
4feb9130b0
flatpak: add PACKAGECONFIG for dconf
Disable by default to avoid a requirement for meta-gnome

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:48 +05:30
Hitendra Prajapati
4810cd8c5b
python3-cbor2: patch CVE-2026-26209
Backport the patch[1] which fixes this vulnerability as mentioned in the
comment[3].

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26209

[1] e61a5f365b
[2] fb4ee1612a (pre patch)
[3] https://github.com/agronholm/cbor2/pull/275

Dropped changes to the changelog from the original commit.

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:47 +05:30
Vijay Anusuri
b13ae5a8eb
giflib: Fix CVE-2026-23868
Pick patch according to [1]

[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:47 +05:30
Vijay Anusuri
57fc94a42d
libssh: Fix CVE-2026-0966
Pick commits according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-0966
[2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:47 +05:30
Vijay Anusuri
3b8e032dbc
libssh: Fix CVE-2026-0964
Pick commits according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-0964
[2] https://www.libssh.org/security/advisories/CVE-2026-0964.txt

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:46 +05:30
Martin Jansa
0e43651ad3
freerdp: remove 0001-Fix-const-qualifier-error.patch
Instead of fixing the build with clang this is now breaking it after 2.11.8 commit:
67818bddb3

freerdp/2.11.8/git/client/Wayland/wlfreerdp.c:637:19: error: incompatible function pointer types assigning to 'OBJECT_NEW_FN' (aka 'void *(*)(const void *)') from 'void *(void *)' [-Wincompatible-function-pointer-types]
  637 |         obj->fnObjectNew = uwac_event_clone;
      |                          ^ ~~~~~~~~~~~~~~~~

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-03 15:00:40 +05:30
Matthias Proske
06f846a325 bluealsa: fix QA issue staticdev
When building bluealsa with building static libraries NOT disabled, you
get the following error:

ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found,
failing task.

Fix this by explicitly putting these files in the -staticdev package.

Signed-off-by: Matthias Proske <matthias.p@variscite.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a9744b3cabd440ff0cece448a3b9717da8cfd97)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 15:53:24 +05:30
Martin Jansa
acbcafe3f5 krb5: fix build with gcc-15
* fixes:
  http://errors.yoctoproject.org/Errors/Details/848727/

ss_internal.h:88:6: error: conflicting types for 'ss_delete_info_dir'; have 'void(void)'
   88 | void ss_delete_info_dir();
      |      ^~~~~~~~~~~~~~~~~~
...

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f26536c2f6f0617610fca95e5bb6953e843f9288)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 15:51:50 +05:30
Aviv Daum
4439caa199 lldpd: fix xml PACKAGECONFIG dependency
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.

Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.

Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit cec3e0fd96650a133c6b0d60eb2b52d1aa7cd742)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 15:48:20 +05:30
Gyorgy Sarvari
2ca25f2279
libde265: patch CVE-2025-61147
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147

Backport the patch referenced by the NVD advisory.

Note that this is a partial backport - only the parts that are
used by the application, and without pulling in c++17 headers.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:16 +05:30
Gyorgy Sarvari
54c8a4ad6c
mariadb: upgrade 10.11.12 -> 10.11.16
10.11 is an LTS version of MariaDB. This upgrade is part of that commitment.

Release notes:
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.16
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.14
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.13

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:15 +05:30
Gyorgy Sarvari
bd41441bf3
libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837

Both vulnerabilities have been fixed in 0.10.5.

Relevant commits:
CVE-2025-12474: 5ce68976a5
CVE-2026-1837: 36b0cecaa1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:15 +05:30
Sujeet Nayak
76abb03c21
libnice: make crypto library configurable via PACKAGECONFIG
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.

Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:15 +05:30
Hitendra Prajapati
808d3a73de
python3-pillow: fix CVE-2026-25990
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990

Backport commit[1] which fixes this vulnerability as mentioned NVD report in [2].

[1] 9000313cc5
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-25990

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:14 +05:30
Hitendra Prajapati
d3a45ead9c
python3-pyjwt: Fix CVE-2026-32597
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32597

Backport commit[1] which fixes this vulnerability as mentioned in [2].

[1] 051ea341b5
[2] https://security-tracker.debian.org/tracker/CVE-2026-32597

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:14 +05:30
Gyorgy Sarvari
d5de98d28b
capnproto: patch CVE-2026-32239 and CVE-2026-32240
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240

Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:13 +05:30
Gyorgy Sarvari
86dc3a4fe4
openjpeg: patch CVE-2023-39327
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327

Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit fdddf2bdd3dea0ac53effbae904b4dcf0e8adf45)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:13 +05:30
Gyorgy Sarvari
2a5987979a
hiawatha: fix SRC_URI
The tarball was moved to a new folder on the source server.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:12 +05:30
Gyorgy Sarvari
b79eee49df
imagemagick: patch CVE-2025-69204
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:12 +05:30
Gyorgy Sarvari
1c317cf2c8
imagemagick: patch CVE-2025-68950
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68950

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:11 +05:30
Gyorgy Sarvari
8d896ff2ae
imagemagick: patch CVE-2025-68618
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618

Backport the commit that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-03-24 08:52:11 +05:30