23680 Commits

Author SHA1 Message Date
Divya Chellam
4cf505e5e5 krb5: fix CVE-2025-24528
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.

78ceba024b

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-24528

Upstream-patch:
78ceba024b

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-26 13:17:09 +02:00
Shubham Pushpkar
24d495df72 cjson 1.7.18: Fix CVE-2025-57052
Upstream Repository: https://github.com/DaveGamble/cJSON.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57052
Type: Security Fix
CVE: CVE-2025-57052
Score: 9.8
Patch: https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa

Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-23 09:07:36 +02:00
Soumya Sambu
13130163ab php: upgrade 8.1.31 -> 8.1.33
Includes fix for CVE-2025-1735, CVE-2025-6491, CVE-2025-1220, CVE-2025-1861,
CVE-2025-1219, CVE-2025-1217, CVE-2025-1734 and CVE-2025-1736.

Changelog:
https://www.php.net/ChangeLog-8.php#8.1.33
https://www.php.net/ChangeLog-8.php#8.1.32

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-23 08:59:41 +02:00
Khem Raj
e7021d8f78 hddtemp: Add missing prototype for ata_get_powermode in sata.c
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fdb8bc38b1e959006a0a5d98c84c8443c785e49d)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:58:31 +02:00
Mingli Yu
0b02a2b912 gnulib: Update SRC_URI
Update the SRC_URI to fix the do_fetch warning.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 37d158db78cda787a5833c098423650b8caba0fa)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:58:31 +02:00
Yi Zhao
46a3fd1743 fltk: upgrade 1.3.8 -> 1.3.9
Release Notes:
https://www.fltk.org/articles.php?L1898

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7e124168f9134ab77910f262d3d0b0e49b1c3e4a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:58:31 +02:00
Kai Kang
fe1f061641 fltk-native: fix libdl link issue
It fails to build fltk-native on Ubuntu 20.04 with glibc 2.31:

| /path_to/tmp/hosttools/ld: lib/libfltk.a(Fl_Native_File_Chooser.cxx.o): in function `fl_dlopen(char const*, char const*)':
| Fl_Native_File_Chooser.cxx:(.text+0x61a): undefined reference to `dlopen'
| /path_to/tmp/hosttools/ld: lib/libfltk.a(Fl_Native_File_Chooser.cxx.o): in function `Fl_GTK_File_Chooser::probe_for_GTK_libs()':
| Fl_Native_File_Chooser.cxx:(.text+0xf92): undefined reference to `dlerror'

The original fix in fltk-native recipe does not work any more because '-ldl'
appears before lib/libfltk.a and causes dlopen() unresolved. The reason why it
doesn't fail on other hosts is that the functions dlopen(), dlerror() etc. have
been moved to libc.so since glibc 2.34 via the commits in glibc:

0c1c3a771e dlfcn: Move dlopen into libc
add8d7ea01 dlfcn: Move dlvsym into libc
6dfc0207eb dlfcn: Move dlinfo into libc
492560a32e dlfcn: Move dladdr1 into libc
6a1ed32789 dlfcn: Move dlmopen into libc
77f876c0e3 dlfcn: Move dlsym into libc
602252b553 dlfcn: Move dladdr into libc
d8cce17d2a dlfcn: Move dlclose into libc

Append 'dl' to fltk link items explictly to fix the error.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e3606c223e8195dc57a41c64ca670958f1809d6f)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:58:31 +02:00
Khem Raj
9d2fd9b6d0 ctapi-common: Use archives.fedoraproject.org to fetch srpm
This is a better place to fetch the srpm as it is fedora's location

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e36553fcd9b98889fc356a2517645c030f8315e9)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:58:31 +02:00
Khem Raj
0694ea04e0 ctapi-common: Point to working SRC_URI locations
Drop md5sum checksum

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7687cb73b26e09c566adecb4e5ac71a270800004)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:58:31 +02:00
Wang Mingyu
fb87b71a02 colord-native: upgrade 1.4.6 -> 1.4.7
0001-Move-the-function-cd_icc_create_from_edid-to-avoid-u.patch
refreshed for 1.4.7

Changelog:
===========
- Add various hardenings to the systemd service
- Always close the ICC profile when loading fails
- Avoid destructing LCMS plugin twice with lcms 2.14
- Do not make state files executable in tmpfiles.d/colord.conf
- Fix a double free spotted by Coverity
- Fix an error check when parsing the DTP94 data
- Fix a -Wincompatible-pointer-types warning
- Fix potential crash when reading from broken Huey hardware
- Set FILE_OFFSET_BITS explicitly
- Use a 64-bit time_t
- Use thread context for Gamut Alarm codes

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f016f77796504de03a4148a13383fd9fd5754a73)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:51:46 +02:00
Wang Mingyu
03749ec664 colord: upgrade 1.4.5 -> 1.4.6
Changelog:
==========
Bugfixes:
 - Add missing copyright notices
 - Add Spyder X entry
 - Document where to send patches
 - Don't use exact floating point comparisons
 - Drop option for removed reverse engineering tools
 - Drop references to hughski.com
 - Fix a small memory leak in sqlite3_exec()
 - Fix typo in device-removed signal documentation
 - Make introspection optional in meson

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 706cfeb2504ebec37872e6ee051a5b07385412b7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:51:39 +02:00
Wang Mingyu
eb8dfb2c71 cmark: upgrade 0.30.2 -> 0.30.3
Changelog:
===========
  * Fix quadratic complexity bug with repeated '![[]()'.
    Resolves CVE-2023-22486. Add new pathological test.

  * Allow declarations with no space, as per spec

  * Set 'enumi*' counter correctly in LaTeX output

  * Allow '<!DOCTYPE' to be case-insensitive.
    existing spec.)

  * Fixed HTML comment scanning. Need to handle this case: '<!--> and -->'.
    Since the scanner finds the longest match, we had to
    move some of the logic outside of the scanner.

  * Fix quadratic parsing issue with repeated '<!--' (this was not
    introduced by the previous fix, and not in a released version of cmark).
    Resolves CVE-2023-22484. Add new pathological test.

  * Update HTML comment scanner to accord with commonmark/commonmark-spec#713

  * Pathological tests: half the number of repetitions, and the timeout.
    This reduces the time needed for the pathological tests.

  * Shrink 'struct cmark_node' (#446). The 'internal_offset' member is
    only used for headings and can be moved to 'struct cmark_heading'.
    This reduces the size of 'struct cmark_node' from 112 to 104 bytes on
    64-bit systems.

  * Add '-Wstrict-prototypes' and fix offending functions.

  * Fix quadratic behavior involving 'get_containing_block' (#431).
    Instead of searching for the containing block, update the tight list
    status when entering a child of a list item or exiting a list.

  * Fix 'pathological_tests.py'
    - Use a multiprocessing.Queue to actually get results from spawned
      tests processes.
    - Fix the 'allowed_failures' test.
    - Truncate actual output when printed.
    - Prepare for testing pathological behavior of the Commonmark renderer.

  * Fix source position bug with backticks

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 69aea3d8f7d84b4214948c0553fe1744f254bbf6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-19 15:51:19 +02:00
Ivan Maidanski
8bd5100b42 bdwgc: Fix typo in EXTRA_OECONF and remove unneeded extra CFLAGS
* fix typo in "--enable-cplusplus"
* "-D_GNU_SOURCE -DNO_GETCONTEXT -DSEARCH_FOR_DATA_START -DUSE_MMAP -DHAVE_DL_ITERATE_PHDR" not needed any more

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d7d0d550d0874a5002e63a23804811a766f7a07b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:50:00 +02:00
alperak
bc0fb4d568 avro-c: upgrade 1.11.2 -> 1.11.3
Changelog:

* This is a minor release, specifically addressing known issues with the 1.11.2 release, but also contains version bumps and doc fixes.

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1552304bf3cd1abc403dd8cd1b4ed5cd646c64b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:50:00 +02:00
Wang Mingyu
caf2c230c2 avro-c: upgrade 1.11.1 -> 1.11.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 52f35e40106858842c23c31169a98c8862c66e6d)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:50:00 +02:00
wangmy
bcadc3962d avro-c: upgrade 1.11.0 -> 1.11.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d6a30ef441adfb4e92dbc689266b61192c4add3b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:50:00 +02:00
Khem Raj
56093c6c1f augeas: Check for __GLIBC__ to use gnu extention for strerror_r
Merge .bb and .inc

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aca683fb18c3a62874e6687e36fb4c35a25d0615)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:50:00 +02:00
Yoann Congal
aaea7c1349 testfloat: update UPSTREAM_CHECK_* variables to fix devtool upgrades
Update UPSTREAM_CHECK_* variables to fix UNKNOWN_BROKEN status with devtool
check-upgrade-status.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
(cherry picked from commit 21e3280fad93fc906aa9f488ea10adb71f7de86e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:50:00 +02:00
Gyorgy Sarvari
eb322a5d69 pm-qa: update git fetch protocol
Apparently the git repo in the SRC_URI stopped supporting git
protocol. Switch to https to be able to fetch the source successfully.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:49:56 +02:00
Alexandre Truong
cdaef4097d fb-test: include UPSTREAM_CHECK_COMMITS to fix UNKNOWN_BROKEN status
When performing devtool check-upgrade-status, UNKNOWN_BROKEN status appears.
On the upstream source repository, releases are not identified by tags. So,
UPSTREAM_CHECK_COMMITS is set to 1, to find the latest upstream update.

Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 16688b0f565badadace8732840f0ff01718cc87c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 13:16:18 +02:00
Gyorgy Sarvari
d6fb7f426b readme: update maintainer
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:49:40 +02:00
Philip-Dylan Gleonec
974f15b1a8 cukinia: Fix license field
The recipe currently indicates that the cukinia package is licensed
under both GPLv3 AND Apache 2.0 licenses, but the upstream specifies
using it under GPLv3 OR Apache 2.0 license, is user's choice.

Signed-off-by: Philip-Dylan Gleonec <philip-dylan.gleonec@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cb8908b91ead37c5d74b44f949c12c33354956a7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:44:04 +02:00
Martin Jansa
b13d85379f cukinia: drop allarch
* it rdepends on TUNE_PKGARCH libgpiod-tools so it cannot be allarch
  (or cukinia->libgpiod-tools needs to be added to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS)

  bitbake-diffsigs \
    sstate-before/mako/all-webos-linux/cukinia/0.6.2.do_package_write_ipk.sigdata.630262028cb276fdac170d30a265aa72d4249f84a264e11ea676a5ab38f1cacc \
    sstate-before/qemux86-64/all-webos-linux/cukinia/0.6.2.do_package_write_ipk.sigdata.5d193e43c71f1270d36075be6124bb70585bb682771cff644349c4a7ffd13605
  Hash for task dependency libgpiod:do_packagedata changed from d3dffb55884b89470065c3eaf046563e2f306706400be396b022a470ceca1916 to 76e47aed399fdbd14db3c4b75ef2b83298322429f111175d4ca4f3f4c67eebf0

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1db563c31023bb64d94d34807547baf1d4f2923c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:57 +02:00
Enguerrand de Ribaucourt
db86493987 cukinia: add libgpiod-tools to RRECOMMENDS
The cukinia statement `cukinia_gpio_libgpiod` requires the `gpioinfo`
command. Alternatively, the deprecated sysfs GPIO API can be used with
`cukinia_gpio_sysfs`.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit deaa4c111fd3cb12dd7d6cba0550316d71dd8b07)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:50 +02:00
Enguerrand de Ribaucourt
8aca18fe33 cukinia: inherit allarch
The recipe installs a shell script which does not depend on the
architecture. Inheriting allarch will make sure that the recipe is
built only once accross different architectures.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 97c9e5c38d87785c80f824969eb530bcafcbf401)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:43 +02:00
Enguerrand de Ribaucourt
1ef08b7a0a cukinia: upgrade 0.6.1 -> 0.6.2
Changes:
    cukinia: add /proc/cmdline parameter check
    cukinia: add test suite and class to csv
    cukinia: add kernel config check in boot partition
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit daf73e7279da15ad2c29d95f9a8f01658a81f5d5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:36 +02:00
Wang Mingyu
727066f75c cukinia: upgrade 0.6.0 -> 0.6.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5f2c3b32dd8f40b67eabc2da98cd279a570cb8d2)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:29 +02:00
Peter Marko
ca277f3e78 cpputest: add possibility to build extensions
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8c0402f7c47188cef1d6afc68c0427124940ea57)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:22 +02:00
alperak
a2d885c08a catch2: upgrade 2.13.7 -> 2.13.10
v2.13.10:
    Fixes:

        -Fixed issue with catch_discover_tests when there is multiple of 256 tests (#2401, #2503)
        -Catch2-provided main and wmain are explicitly marked as __cdecl when compiled with MSVC (#2486, #2487)
        -Improved break-into-debugger behaviour for ARM Macs. It should now be possible to step execution after the break (#2422)
        -Replaced deprecated std::aligned_storage (#2419, #2420)

v2.13.9:
    Fixes:

        -Fixed issue with -# (filename-as-tag) flag when __FILE__ expands into filename without directories (#2328, #2393)
        -Fixed CAPTURE macro not being variadic when disabled through CATCH_CONFIG_DISABLE (#2316, #2378)

v2.13.8:
    Fixes:

        -Made Approx::operator() const (#2288)
        -Improved pkg-config files (#2284)
        -Fixed warning suppression leaking out of Catch2 when compiled with clang.exe (#2280)
        -The macro-generated names for things like TEST_CASE no longer create reserved identifiers (#2336)

    Improvements:

        -Clang-tidy should no longer warn about missing virtual dispatch in FilterGenerator's constructor (#2314)

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bdab916b1fd70ce9196aedac319df5dd8b6dd15)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:14 +02:00
Joe Slater
6bcb03ca25 bats: use baselib
Use sed to change scripts to reference ${baselib}.  The
former set of scripts modified was incomplete.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1cc72c41af0c6a55a10be9158a2f856b02a56282)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 11:43:00 +02:00
Soumya Sambu
84206e7917 python3-twisted: Fix CVE-2023-46137
Twisted is an event-based framework for internet applications. Prior to version
23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web
will process the requests asynchronously without guaranteeing the response order.
If one of the endpoints is controlled by an attacker, the attacker can delay the
response on purpose to manipulate the response of the second request when a
victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a
patch for this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46137
https://security-tracker.debian.org/tracker/CVE-2023-46137

Upstream patch:
1e6e9d23ca

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 09:53:56 +02:00
Soumya Sambu
7ca4d7761b python3-twisted: Fix CVE-2024-41810
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability.
If application code allows an attacker to control the redirect URL this vulnerability
may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.
This vulnerability is fixed in 24.7.0rc1.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41810

Upstream patch:
046a164f89

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-18 09:53:18 +02:00
Gyorgy Sarvari
5c13812501 readme: update maintainer
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-16 09:04:49 +02:00
Gyorgy Sarvari
be6024e133 geary: don't check iso codes xml at build time
In case the iso_639_xml and iso_3166_xml files are not present on the build machine,
then meson fails the compilation - however these files are used only during runtime.

To avoid this, add a patch not to check the existence of these files during building,
but also specify where these files will be located using build arguments.

This patch is a backport from master branch 73c46b265d1cb35c43956d1723c338a137f6ef56

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 17:14:27 +02:00
Gyorgy Sarvari
bd7690a479 hunspell-dictionaries: fix SRC_URI
The master branch has been renamed to main.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:59 +02:00
Yogita Urade
110e57abb5 poppler: fix CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std::atomic_int` for reference counting. Because
`std::atomic_int` is only 32 bits, it is possible to overflow
the reference count and trigger a use-after-free. Version 25.06.0
patches the issue.

CVE-2025-52886-0001 and CVE-2025-52886-0002 are dependent commits
while rest are actual CVE fixes.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-52886
https://security-tracker.debian.org/tracker/CVE-2025-52886

Upstream patches:
d35e11a8f8
af3e1e1a35
3449a16d3b
ac36affcc8

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:59 +02:00
Archana Polampalli
f8c52b138b tcpreplay: fix CVE-2023-43279
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4
allows attackers to crash the application via crafted tcprewrite command.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:59 +02:00
Archana Polampalli
a2c4c10aed apache2: upgrade 2.4.62 -> 2.4.65
This upgrade incorporates the fixes for CVE-2025-53020, CVE-2025-49812,
CVE-2025-49630, CVE-2025-23048, CVE-2024-47252, CVE-2024-43394,
CVE-2024-43204, CVE-2024-42516, CVE-2025-54090 and other bugfixes.

Changelog:
https://www.apachelounge.com/Changelog-2.4.html

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:59 +02:00
Vijay Anusuri
10b6475cf2 openjpeg: Fix CVE-2025-50952
Upstream commit:
d903fbb4ab

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:59 +02:00
Vyacheslav Yurkov
75133b7be5 packagegroup-meta-filesystems: fix build issue
The packagegroup has to be arch dependent to address build failure:
ERROR: packagegroup-meta-filesystems-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (fuse to libfuse2)
ERROR: packagegroup-meta-filesystems-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (fuse-dev to libfuse-dev)

Signed-off-by: Vyacheslav Yurkov <Vyacheslav.Yurkov@bruker.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:59 +02:00
Hitendra Prajapati
f3a6203fa0 libssh: fix CVE-2025-4877
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:52 +02:00
Guocai He
1282441198 libnet: backport patch to remove configure time SOCK_PACKET check
Backport [1] to fix the do_configure error like below:

  checking for packet socket (PF_PACKET)... ./pf_packet-test:
  /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found

[1] 19979c4541

Signed-off-by: Qi Chen <Qi.Chen@windriver.com>
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Guocai He
afb55dd330 unixodbc: fix odbc.pc file generation
The build process currently succeeds but the odbc.pc file is not correctly
generated.

The error message is like below in log.do_compile and log.do_install:

  /bin/bash: line 1: ../exe/odbc_config: cannot execute binary file: Exec format error

I can see the message comes from the following line in exe/Makefile.am:

@sed "s![@]ODBC_ULEN[@]!`$(top_builddir)/exe/odbc_config$(EXEEXT) --ulen`!" \
          $(top_builddir)/DriverManager/odbc.pc > $(top_builddir)/exe/odbc.pc.tmp

It's running the exe/odbc_config program we built out. But the binary is for the target
platform and if we run it on the build host, we get that error message. The resulting ulen
and build_cflags in the final odbc.pc file are also empty.

Fix the issue by using qemu usermode to launch the target binary.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

(master rev: 4cbd72f7b942af44da0704f66c1b0feef8699fe6)

Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Wang Mingyu
969a286f49 unixodbc: Fix install conflict when enable multilib.
Error: Transaction test error:
   file /usr/include/unixODBC/config.h conflicts between attempted installs of unixodbc-dev-2.3.11-r0.aarch64 and lib32-unixodbc-dev-2.3.11-r0.armv7ahf_neon
   file /usr/include/unixODBC/unixodbc_conf.h conflicts between attempted installs of unixodbc-dev-2.3.11-r0.aarch64 and lib32-unixodbc-dev-2.3.11-r0.armv7ahf_neon
   file /usr/include/unixodbc.h conflicts between attempted installs of unixodbc-dev-2.3.11-r0.aarch64 and lib32-unixodbc-dev-2.3.11-r0.armv7ahf_neon

 The differences of config.h are as follows:
 @@ -14,7 +14,7 @@
  /* #undef C_ALLOCA */

  /* Lib directory */
 -#define DEFLIB_PATH "/usr/lib64"
 +#define DEFLIB_PATH "/usr/lib"

  /* Using perdriver iconv */
  /* #undef ENABLE_DRIVER_ICONV */
 @@ -275,7 +275,7 @@
  #define INCLUDE_PREFIX "/usr/include"

  /* Lib directory */
 -#define LIB_PREFIX "/usr/lib64"
 +#define LIB_PREFIX "/usr/lib"

  /* Define to the sub-directory where libtool stores uninstalled libraries. */
  #define LT_OBJDIR ".libs/"
 @@ -311,7 +311,7 @@
  #define PACKAGE_VERSION "2.3.11"

  /* Platform is 64 bit */
 -#define PLATFORM64 /**/
 +/* #undef PLATFORM64 */

  /* Install prefix */
  #define PREFIX "/usr"
 @@ -323,10 +323,10 @@
  #define SHLIBEXT ".so"

  /* The size of `long', as computed by sizeof. */
 -#define SIZEOF_LONG 8
 +#define SIZEOF_LONG 4

  /* The size of `long int', as computed by sizeof. */
 -#define SIZEOF_LONG_INT 8
 +#define SIZEOF_LONG_INT 4

  /* If using the C implementation of alloca, define if you know the
     direction of stack growth for your system; otherwise it will be
 @@ -351,7 +351,7 @@
  #define SYSTEM_FILE_PATH "/etc"

  /* Lib path */
 -#define SYSTEM_LIB_PATH "/usr/lib64"
 +#define SYSTEM_LIB_PATH "/usr/lib"

  /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. This
     macro is obsolete. */
 @@ -383,7 +383,7 @@
  /* #undef _ALL_SOURCE */

  /* Number of bits in a file offset, on hosts where this is settable. */
 -/* #undef _FILE_OFFSET_BITS */
 +#define _FILE_OFFSET_BITS 64

  /* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
  /* #undef _LARGEFILE_SOURCE */

 The differences of unixodbc_conf.h are as follows:
 @@ -19,7 +19,7 @@
  /* #undef C_ALLOCA */

  /* Lib directory */
 -#define DEFLIB_PATH "/usr/lib64"
 +#define DEFLIB_PATH "/usr/lib"

  /* Using perdriver iconv */
  /* #undef ENABLE_DRIVER_ICONV */
 @@ -342,7 +342,7 @@
  #define INCLUDE_PREFIX "/usr/include"

  /* Lib directory */
 -#define LIB_PREFIX "/usr/lib64"
 +#define LIB_PREFIX "/usr/lib"

  /* Define if the OS needs help to load dependent libraries for dlopen(). */
  /* #undef LTDL_DLOPEN_DEPLIBS */
 @@ -396,7 +396,7 @@
  /* Define to the version of this package. */

  /* Platform is 64 bit */
 -#define PLATFORM64 /**/
 +/* #undef PLATFORM64 */

  /* Install prefix */
  #define PREFIX "/usr"
 @@ -408,7 +408,7 @@
  #define SHLIBEXT ".so"

  /* The size of `long', as computed by sizeof. */
 -#define SIZEOF_LONG 8
 +#define SIZEOF_LONG 4

  /* If using the C implementation of alloca, define if you know the
     direction of stack growth for your system; otherwise it will be
 @@ -431,7 +431,7 @@
  #define SYSTEM_FILE_PATH "/etc"

  /* Lib path */
 -#define SYSTEM_LIB_PATH "/usr/lib64"
 +#define SYSTEM_LIB_PATH "/usr/lib"

  /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
  #define TIME_WITH_SYS_TIME 1

 The differences of unixodbc.h are as follows:
 @@ -14,4 +14,4 @@
  #define HAVE_UNISTD_H 1

  /* Define to the value of sizeof(long) */
 -#define SIZEOF_LONG_INT 8
 +#define SIZEOF_LONG_INT 4

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

(master rev: b3d875df4d6023835e2272a630df3b90c48f5bb9)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Peter Marko
7d213b2366 nginx: patch CVE-2025-53859 in stable
Pick patch from nginx site which is also mentioned in [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-53859

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Youngseok Jeong
1289dd19f7 json-schema-validator: Remove absolute path in INSTALL_CMAKE_DIR
Can't found properly in the sysroot dir due to the absolute path in
INSTALL_CMAKE_DIR.

Fixes:
The imported target "nlohmann_json_schema_validator" references the file
"/usr/lib/libnlohmann_json_schema_validator.so.2.1.0"
but this file does not exist.

Signed-off-by: Youngseok Jeong <youngseok1.jeong@lge.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Vijay Anusuri
28798fac9f postgresql: upgrade 14.18 -> 14.19
Includes fix for CVE-2025-8713, CVE-2025-8714, CVE-2025-8715

License-Update: Align organization wording in copyright statement

Changelog:
https://www.postgresql.org/docs/release/14.19/

0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.19

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Yogita Urade
244f64762e poppler: fix CVE-2025-50420
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420

Upstream patch:
a7025904e3

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Peter Marko
0c7a5712be fcgi: patch CVE-2025-23016
Pick commit referencing this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00
Peter Marko
7e7d7b39d6 python3-protobuf: patch CVE-2025-4565
This CVE fix was added to protobuf recipe but since it's patching python
code, it should have been submitted to python3-protobuf.
Take the patch from protobuf recipe and adapt to python3-protobuf.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2025-09-06 16:27:30 +02:00