30377 Commits

Author SHA1 Message Date
Gyorgy Sarvari
293446bfa9
mod-dnssd: update SRC_URI
Upstream repository url changed.

Fixes unsuccessful fetch warning.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 10c13bf1fbe18ee51b27d6538df5058879ef1d3b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:15 +08:00
Wang Mingyu
9a3078e6fe
rp-pppoe: update SRC_URI
Upstream repository url changed.

Fixes unsuccessful fetch warning.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c400aca52a19d74bcc05873eaad8265ecd024d9b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:15 +08:00
Jeroen Knoops
429e7401a2
nng: Rename default branch of github.com:nanomsg/nng.git
Default branch is renamed from `master` to `main`. Commitshas are the
same.

Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 58679b6a515b51d28c480836ad598fca6f0cc655)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:14 +08:00
Wang Mingyu
371879bee7
geoip: fix do_fetch error
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat;')

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aadc2ac9dc49dfb5a2066401f22e7b553b324313)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:14 +08:00
Khem Raj
c5e3b885f2
gtkwave: Add libtirpc to depends
It was missing as the recipe is using --with-tirpc

Signed-off-by: Khem Raj <raj.khem@gmail.com>

Adapted for Walnascar
Signed-off-by: Gyorgy Sarvari <gyorgy.sarvari@gmail.com>
(cherry picked from commit 8832aa3ca83d6a2f705d4aa48496f8bd12c9cc15)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:14 +08:00
Marc Ferland
a05db3fd5c
libvncserver: fix generated LibVNCServerTargets.cmake
The currently generated LibVNCServerTargets.cmake will include the
following 'set_target_properties':

    set_target_properties(LibVNCServer::vncclient PROPERTIES
      INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
      INTERFACE_LINK_LIBRARIES "systemd;/usr/lib/libz.so;/usr/lib/liblzo2.so;/usr/lib/libjpeg.so;/usr/lib/libgcrypt.so;/usr/lib/libgnutls.so"
    )

INTERFACE_LINK_LIBRARIES here points to absolute paths which hardcodes
the library paths. From CMake doc [1]:

    Note that it is not advisable to populate the INTERFACE_LINK_LIBRARIES
    of a target with absolute paths to dependencies. That would hard-code
    into installed packages the library file paths for dependencies as
    found on the machine the package was made on.

This breaks krfb build (kde desktop sharing server) since CMake cannot
find these libraries. Removing the absolute paths solves the issue.

Note: I also added a 'inherit pkgconfig' since libvncserver uses it to
detect libsystemd presence.

1: https://cmake.org/cmake/help/latest/prop_tgt/INTERFACE_LINK_LIBRARIES.html

Signed-off-by: Marc Ferland <marc.ferland@sonatest.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 215694286716cf83bf9e52c5e61b4cbc861098fc)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:13 +08:00
Jef Driesen
fd29867987
lcov: Add missing RDEPENDS for nativesdk
When building an SDK with lcov included, gcov isn't included in the SDK
by default. Running lcov to generate coverage fails, because it tries to
use the gcov binary from the host system instead and that cause problems
if the gcc versions do not match.

Signed-off-by: Jef Driesen <jefdriesen@telenet.be>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 0cd6283a4174453ac8d927d917268ba0c3161a02)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:13 +08:00
Peter Marko
2392237655
fcgi: patch CVE-2025-23016
Pick commit referencing this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 6e86e0dd54e1ca7459f3e1afebf24f5437d8b586)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:13 +08:00
Peter Marko
06a0862287
fontforge: patch CVE-2024-25081 and CVE-2024-25082
Pick commit from PR [1] linked from [2] and [3] which mlso entions both
these CVEs.

[1] https://github.com/fontforge/fontforge/pull/5367
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-25081
[3] https://nvd.nist.gov/vuln/detail/CVE-2024-25082

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 1e6dbd183bc7e5dd7681fd5ae65f043cc8641a1d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:12 +08:00
Hitendra Prajapati
e930b71d14
openjpeg: fix for CVE-2025-54874
Upstream-Status: Backport f809b80c67

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 5d0643f194e9a7ed77eddbdc1d106536df2eb488)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 16:30:12 +08:00
Shubham Pushpkar
d9e2cae64f
cjson 1.7.18: Fix CVE-2025-57052
Upstream Repository: https://github.com/DaveGamble/cJSON.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57052
Type: Security Fix
CVE: CVE-2025-57052
Score: 9.8
Patch: https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa

Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:16:33 +08:00
Archana Polampalli
a5de2a5728
apache2: upgrade 2.4.64 - 2.4.65
fixes CVE-2025-54090

Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.65

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:09:56 +08:00
Anil Dongare
49aa81f2d5
libssh 0.10.6: Fix CVE-2025-8114
Upstream Repository: https://git.libssh.org/projects/libssh.git/

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8114
Type: Security Fix
CVE: CVE-2025-8114
Score: 4.7
Patch: https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb

Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:08:04 +08:00
AshishKumar Mishra
385b1baa2b
meta-oe: image: optionally remove RAW image after sparse image creation
When creating sparse images, the RAW image is no longer needed in
some workflows such as Android and CI pipelines. These RAW images
can be multi-GB artifacts and consume significant disk space.

This change introduces a configuration option
`DELETE_RAWIMAGE_AFTER_SPARSE_CMD` which, when set to "1",
removes the RAW image after sparse image generation.

This reduces disk usage in builds where sparse images are the
final deliverables and RAW images are not required.

Default behavior is unchanged: RAW images are kept unless the
variable is explicitly enabled:

    DELETE_RAWIMAGE_AFTER_SPARSE_CMD = "1"   # Delete RAW image
    DELETE_RAWIMAGE_AFTER_SPARSE_CMD = "0"   # Default behavior

(cherry-picked from f5246b7df447ac76ec04c6e5add398862d1c9ccd in master )

Signed-off-by: AshishKumar Mishra <emailaddress.ashish@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:08:04 +08:00
Zoltán Böszörményi
5856e22d34
gutenprint: 5.3.5
This fixes an installation error:

| make[5]: Entering directory '.../tmp/work/corei7-64-oe-linux/gutenprint/5.3.4/build/src/cups'
| chmod 700 .../tmp/work/corei7-64-oe-linux/gutenprint/5.3.4/image/usr/libexec/cups/backend/backend_gutenprint
| chmod: cannot access '.../tmp/work/corei7-64-oe-linux/gutenprint/5.3.4/image/usr/libexec/cups/backend/backend_gutenprint': No such file or directory

Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:08:00 +08:00
Yoann Congal
c85ecb6a43
gutenprint: fix a build race-condition
Gutenprint install hooks run in parallel but depend on each other. This
is a race condition and might trigger a build failure (e.g on AB [0]):
| chmod 700 $WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint
| chmod: cannot access '$WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint': Not a directory
| make[5]: *** [Makefile:2166: install-exec-hook] Error 1

Fixes this by adding an explicit dependency between the dependent
targets.

[0]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/46/steps/33/logs/stdio

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:02:51 +08:00
Zhang Peng
95f7aea47c
wxwidgets: fix CVE-2024-58249
CVE-2024-58249:
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-58249]

Upstream patches:
[f2918a9ac8]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

(walnascar rev: d3d3df49d5f6e8747c0b04100c4f708b4cafbbd4)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:02:32 +08:00
Yi Zhao
8bdec6baaa
wxwidgets: upgrade 3.2.1 -> 3.2.6
ChangeLog:
https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.2.6/docs/changes.txt

* Drop 0001-locale-Avoid-using-glibc-specific-defines-on-musl.patch as
  it has been merged upstream
* Refresh patches
* Add UPSTREAM_CHECK_GITTAGREGEX

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

(master rev: 903ed68669550ccae20bcd0c18c26d0c336da810)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:02:32 +08:00
Haixiao Yan
40db628f58
python3-posix-ipc: fix runtime error
Fix follow runtime error: ./build_support/src/sniff_mq_prio_max:
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by
./build_support/src/sniff_mq_prio_max)

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:01:46 +08:00
Zhang Peng
92730597e9
iperf3: fix CVE-2025-54350
CVE-2025-54350:
In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion
failure and application exit upon a malformed authentication attempt.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-54350]

Upstream patches:
[4eab661da0]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 10:00:37 +08:00
Martin Jansa
db93848ead
nodejs: fix build with gcc-15 on host
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 09:59:39 +08:00
Divya Chellam
3702195a7e
libssh: fix CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the
OpenSSL library. If an attacker manages to exhaust the heap space,
this error is not detected and may lead to libssh using a partially
initialized cipher context. This occurs because the OpenSSL error
code returned aliases with the SSH_OK code, resulting in libssh not
properly detecting the error returned by the OpenSSL library.
This issue can lead to undefined behavior, including compromised
data confidentiality and integrity or crashes.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5987

Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=90b4845e0c98574bbf7bea9e97796695f064bf57

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 09:59:05 +08:00
Divya Chellam
71b601e3d7
libssh: fix CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable
exists under certain conditions in the privatekey_from_file() function.
This flaw can be triggered if the file specified by the filename doesn't
exist and may lead to possible signing failures or heap corruption.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-4878

Upstream-patches:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-23 09:57:53 +08:00
Deepak Rathore
b9fb6556a3
protobuf 4.25.8: Mark CVE-2024-7254 as patched
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-7254
Type: Security Fix
CVE: CVE-2024-7254
Score: 8.7
Patch: https://github.com/protocolbuffers/protobuf/commit/850fcce9176e

Analysis:
The original fix [1] for CVE-2024-7254 is listed in the NVD security
tracker (https://nvd.nist.gov/vuln/detail/CVE-2024-7254) and was
subsequently backported to the v4.25.8 version via commit [2].
Hence, this CVE is considered patched in the current source.

Reference:
[1] https://github.com/protocolbuffers/protobuf/commit/cc8b3483a558
[2] https://github.com/protocolbuffers/protobuf/commit/850fcce9176e (v4.25.8)

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:13 +08:00
Martin Schwan
10fc221938
linuxptp: Add systemd instance specifier for ptp4l dependency
Add the instance specifier to the ptp4l dependency for the phc2sys
service, so the corresponding service is automatically started
correctly. This fixes the following error messages, when starting the
phc2sys@... service:

    Failed to restart phc2sys@eth0.service: Unit ptp4l.service not found.

Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31f0b9d3d51a65b1c3d63eb6520e7ab174a8550c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:13 +08:00
Michael Opdenacker
2222925e92
kernel-hardening-checker: backport recipe
This recipe is a Scarthgap backport of kernel-hardening-checker_0.6.10.2.bb
in the master branch as of August 19, 2025.

Tested on qemux86-64 and on beaglebone-yocto

Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:13 +08:00
Gyorgy Sarvari
f2b163a416
poppler: fix typos in CVE-2025-52886-0001.patch
There were a some accidenal typos in the CVE-2025-52886-0001.patch file
that introduced a number of syntactical errors in the qt5/src/poppler-annotation.cc
file, which failed the compilation, in case qt5 PACKAGECONFIG is enabled.

This change fixes these typos. Since qt6 is not enabled in the recipe,
only the qt5 related parts were verified.

While reworking the backport, unfortunately some line number differences
were introduced, which inflate the size of this patch - just scroll
past those.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:13 +08:00
Zhang Peng
2ffcfd6a34
iperf3: fix CVE-2025-54349
CVE-2025-54349:
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant
heap-based buffer overflow.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-54349]

Upstream patches:
[4e5313bab0]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
fddaa45a87
gnuplot: fix CVE-2025-31181
CVE-2025-31181:
A flaw was found in gnuplot. The X11_graphics() function may lead to a
segmentation fault and cause a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31181]

Upstream patches:
[af96c2c1b2/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
732f5800cf
gnuplot: fix CVE-2025-31180
CVE-2025-31180:
A flaw was found in gnuplot. The CANVAS_text() function may lead to a
segmentation fault and cause a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31180]

Upstream patches:
[b2343fd02c/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
02d046e20d
gnuplot: fix CVE-2025-31179
CVE-2025-31179:
A flaw was found in gnuplot. The xstrftime() function may lead to a
segmentation fault, causing a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31179]

Upstream patches:
[ed647df512/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
3d810d7d3b
gnuplot: fix CVE-2025-31178
CVE-2025-31178:
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a
segmentation fault and cause a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31178]

Upstream patches:
[b78cc829a1/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
dd4b10de44
gnuplot: fix CVE-2025-31177
CVE-2025-31177:
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31177]

Upstream patches:
[226809aebb/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
a3826c4999
gnuplot: fix CVE-2025-31176
CVE-2025-31176:
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation
fault and cause a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31176]

Upstream patches:
[b456a3ef61/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Zhang Peng
9d3537ef42
gnuplot: fix CVE-2025-3359
CVE-2025-3359:
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal
may jeopardize the environment.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-3359]

Upstream patches:
[a5897feadc/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:12 +08:00
Hitendra Prajapati
a8fdc03123
libssh: fix CVE-2025-4877
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Peter Marko
97e9dee283
nginx: patch CVE-2025-53859
Pick patch from nginx site which is also mentioned in [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-53859

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Alexandre Truong
3ef67c94da
hunspell-dictionaries: switch branch from master to main
The repository of dictionaries doesn't have a branch named master. So, the
branch is switched to main.

Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Martin Jansa
d90b295188
abseil-cpp: fix build with gcc-15 on host
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Yogita Urade
938c8d28a2
postgresql: upgrade 16.9 -> 16.10
Includes fix for CVE-2025-8713, CVE-2025-8714, CVE-2025-8715

License-Update: Align organization wording in copyright statement

Changelog:
https://www.postgresql.org/docs/release/16.10/

Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch
for 16.10

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Yogita Urade
c316f92599
poppler: fix CVE-2025-50420
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420

Upstream patch:
a7025904e3

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Jan Vermaete
b484df6361
python3-werkzeug: added python3-difflib as RDEPENDS
File "/usr/lib/python3.12/site-packages/werkzeug/routing/exceptions.py", line 3, in <module>
    import difflib
ModuleNotFoundError: No module named 'difflib'

Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Randolph Sapp
dcef3fff75
vulkan-cts: allow vulkan versions > 1.3
Backport a patch from upstream that allows vulkan-cts to work with
Vulkan version greater than 1.3. Previously any unknown Vulkan versions
will return 0 when we attempt to locate the minimum version with
minVulkanAPIVersion.

Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:11 +08:00
Changqing Li
1095ea81ed
luajit: fix several CVEs
Fix CVE-2024-25176, CVE-2024-25177, CVE-2024-25178

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:10 +08:00
Roland Kovacs
e099b1462d
jq: add Upstream-Status and CVE tags into .patch files
v1 version was merged instead of v2 from:
https://lists.openembedded.org/g/openembedded-devel/message/118302
add missing Upstream-Status and CVE tags from v2.

Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:10 +08:00
Praveen Kumar
3fbbd2c080
php: upgrade 8.2.28 -> 8.2.29
This upgrade fixes below CVEs.
CVE-2025-1735
CVE-2025-6491
CVE-2025-1220

Changelog: https://www.php.net/ChangeLog-8.php#8.2.29

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-12 08:15:06 +08:00
Jiaying Song
2a7a09ff10
v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
  which avoids the following QA issue during builds on 32-bit systems:

  WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'

* Undefine _TIME_BITS to fix the build error:

  /usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-09-11 16:58:30 +08:00
kjlau0112
c29a18fa39
mbedtls: drop tag parameter from SRC_URI.
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-08-18 08:35:05 -07:00
Peter Marko
205638f9ed poco: patch CVE-2025-6375
Pick commit mentioned in [1].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-08-02 13:37:04 -04:00
Peter Marko
37b138014b poco: ignore additional failing tests
These tests are failing and thus preventing verification of new patches.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-08-02 13:37:04 -04:00