meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-06-09 22:31:05 +00:00

Author	SHA1	Message	Date
Wang Mingyu	4beb45b615	microsoft-gsl: upgrade 4.2.0 -> 4.2.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1d33fb39d9700a125a02d5bbd8292db2756b6f6c) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:15 +05:30
Dmitry Baryshkov	cce0f2d7cd	vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 Upgrade Vulkan CTS to the point release, fixing several tests. While we are at it, refresh Vulkan-Video-Samples patches. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 374949c531de346739efc4e8e7ca79d7b81f270a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:14 +05:30
Jiaying Song	a1a87ebf04	minicoredumper: fix 2038 year problem in timestamp handling The minicoredumper has multiple 2038 year problems where 'long' type variables and strtol() function calls cause overflow on 32-bit systems when handling timestamps after 2038-01-19. This leads to incorrect timestamp formatting in core dump directory names (e.g., sleep40s.20380119.031407+0000.598). Fix by changing 'long timestamp' to 'time_t timestamp' and replacing strtol() with strtoll() to properly handle 64-bit timestamps on 32-bit systems. Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b5685fb375d01d2a146c1707a6f290fad195826f) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:14 +05:30
Wang Mingyu	199ca0c29d	usb-modeswitch: upgrade 2.6.1 -> 2.6.2 0001-Fix-build-with-gcc-15.patch removed since it's included in 2.6.2 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dfbe08b6c3d842bf4add77580a579f76a1cd4cee) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:13 +05:30
Wang Mingyu	5a9ced1fd5	usb-modeswitch-data: upgrade 20191128 -> 20251207 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8f2c436db5b4e6ba59550ad63f73a61dd459ba45) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:13 +05:30
Wang Mingyu	650978be5c	libsdl3: upgrade 3.2.26 -> 3.2.28 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 26e3ef119b00bf1910306a2153891140a3df2389) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:12 +05:30
Liu Yiding	cb3faee20b	liblognorm: upgrade 2.0.7 -> 2.0.8 Change log ========== Version 2.0.8, 2025-12-04 - fix potential segfault on some platforms Thanks to Julian Thomas for a fix - fix memory leak when a custom type in rules does not match Thanks to Meric Sentunali for the fix and Julian Thomas for alerting me of the missing merge. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c627784366f53c880719994e09f393265d894d35) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:12 +05:30
Wang Mingyu	6d4fdf7f7e	parallel: upgrade 20251022 -> 20251122 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c9c4b5a88718822697ad41d86b8b89961fb23c10) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:12 +05:30
Wang Mingyu	f2c80b13c4	python3-psycopg: upgrade 3.2.12 -> 3.2.13 Changelog: ============== - Show the host name in the error message in case of name resolution error - Fix Cursor.copy() and AsyncCursor.copy() to hold the connection lock for the entire operation, preventing concurrent access issues - Fix GSSAPI check with C extension built with libpq < v16 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4b297312d7d256ddbca007f9fbdb1daa337fe431) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:11 +05:30
Peter Marko	c870a26c00	libcoap: set CVE version suffix CVE metrics currently report CVE-2025-34468 as open. CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher version, however by default cve-check only compares numbers. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:11 +05:30
Peter Marko	08d81e661e	libsodium: patch CVE-2025-69277 Pick patch per [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-69277 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:10 +05:30
Peter Marko	0d737e1419	net-snmp: patch CVE-2025-68615 Pick patch per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-68615 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:07 +05:30
Gyorgy Sarvari	c6849e7529	python3-django: upgrade 5.2.8 -> 5.2.9 Includes fix for CVE-2025-13372 and CVE-2025-64460 Changelog: https://github.com/django/django/blob/5.2.9/docs/releases/5.2.9.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2538918df1826b965215e0441c7aa6d0958f1911) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:59 +05:30
Gyorgy Sarvari	9a6b60af3e	python3-django: upgrade 4.2.26 -> 4.2.27 Contains fix for CVE-2025-13372 and CVE-2025-64460 Changelog: https://github.com/django/django/blob/4.2.27/docs/releases/4.2.27.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fae6fe9b4156fae7696a7978700c823f414da8f7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:58 +05:30
Gyorgy Sarvari	b964b9858b	python3-configobj: ignore CVE-2023-26112 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 The used version (5.0.9) contains the fix[1] already - ignore the CVE. [1]: `7c618b0bba` Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:58 +05:30
Gyorgy Sarvari	e51133657a	postgresql: upgrade 17.6 -> 17.7 It contains fixes for CVE-2025-12817 and CVE-2025-12818. Changelog: https://www.postgresql.org/docs/release/17.7/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8217b90e941619820c88dbdb4db5e35d171a4157) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:57 +05:30
Gyorgy Sarvari	7c1e9999d0	php: upgrade 8.4.15 -> 8.4.16 This is a bugfix release, containing fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180. Changelog: https://www.php.net/ChangeLog-8.php#8.4.16 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:57 +05:30
Gyorgy Sarvari	303f5afacf	openvpn: upgrade 2.6.16 -> 2.6.17 Contains fix for CVE-2025-13751 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:56 +05:30
Hugo SIMELIERE	925318887e	libwebsockets: fix CVE-2025-11678 Backport a fix from Debian: https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch Upstream commit: `2bb9598562` Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 5fab8bd31b32892acf3d8b56b240a7958890beac) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:56 +05:30
Hugo SIMELIERE	9570160dae	libwebsockets: fix CVE-2025-11677 Backport a fix from Debian: https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11677.patch Upstream commit: `2f082ec312` Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit da04d7003e65af77667e2c18fa988f0ada62f744) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:55 +05:30
Gyorgy Sarvari	94e21ed9b5	libcoap: ignore CVE-2025-50518 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518 The vulnerability is disputed by upstream, because the vulnerability requires a user error, incorrect library usage. See also an upstream discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 598176e1cb6c928e322e26d358e8d01ba9d5af0a) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:55 +05:30
Gyorgy Sarvari	b8127adea4	imagemagick: upgrade 7.1.2-8 -> 7.1.2-12 Contains fix for CVE-2025-65955 and CVE-2025-69204. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:54 +05:30
Gyorgy Sarvari	a06ce2aa74	gimp: patch CVE-2025-14425 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14425 Backport the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 49732c90c0a4e1b3fc3679456ce2bd2819b144d0) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:54 +05:30
Gyorgy Sarvari	f9add3e25a	gimp: patch CVE-2025-14424 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b16c1a543ac5e997d6d3aa27978393106d5a8937) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:53 +05:30
Gyorgy Sarvari	732aa8f936	gimp: patch CVE-2025-14423 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 Pick the patch references by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6aa5720e76d632f62f53ed7be7fe649138fbd55c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:53 +05:30
Gyorgy Sarvari	b680240a03	gimp: patch CVE-2025-14422 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a0b41204afe57f9b2b3f2e8ff496be72d04e0eb7) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:53 +05:30
Gyorgy Sarvari	ed4878b3bc	freerdp3: ignore CVE-2025-68118 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 It is a Windows only vulnerability, ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:52 +05:30
Ankur Tyagi	22b7851cde	fetchmail: patch CVE-2025-61962 Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 0d9da1105276f04cb23046de5f31fc75f09e2e89) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:52 +05:30
Gyorgy Sarvari	0827d22e4c	civetweb: ignore CVE-2025-9648 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648 It is already fixed in the currently used version. Also, update CVE-2025-55763's status to "fixed-version" (so it will be marked as "Patched" in the CVE report instead of "Ignored") Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit bfb76da63bd141173aeb71ce91c336b8aa557a5f) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:51 +05:30
Gyorgy Sarvari	670aa709fb	tigervnc: ignore CVE-2025-26594...26601 Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26594 https://nvd.nist.gov/vuln/detail/CVE-2025-26595 https://nvd.nist.gov/vuln/detail/CVE-2025-26596 https://nvd.nist.gov/vuln/detail/CVE-2025-26597 https://nvd.nist.gov/vuln/detail/CVE-2025-26598 https://nvd.nist.gov/vuln/detail/CVE-2025-26599 https://nvd.nist.gov/vuln/detail/CVE-2025-26600 https://nvd.nist.gov/vuln/detail/CVE-2025-26601 TigerVNC compiles its own xserver, this is why these CVEs are associated with it - despite the vulnerabilities being in xserver. All of these vulnerabilities were fixed by the same PR[1], which has been part of xserver since version 21.1.16 (the currently used xserver version in TigerVNC is 21.1.18). Due to this, ignore these vulnerabilities, and just mark them as patched. [1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 4924e89bb77fe5486063229c50039a458d60f8ea) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:51 +05:30
Gyorgy Sarvari	62a12a32a8	tigervnc: ignore CVE-2023-6478 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478 TigerVNC compiles its own xserver, this is why this CVE is associated with it - despite the vulnerability being in xserver. The vulnerability was fixed by [1] (from the nvd report), which has been backported[2] to the xserver version used by the recipe - so ignore the CVE, since it's patched already. [1]: `14f480010a` [2]: `58e83c6839` Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 62a78f8ba7c8bd229cc82cf81bcc6a6d8116ebca) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:50 +05:30
Gyorgy Sarvari	dc575822b2	tigervnc: ignore CVE-2023-6377 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377 TigerVNC compiles its own xserver, this is why this CVE is associated with it - despite the vulnerability being in xserver. The vulnerability was fixed by [1] (from the nvd report), which has been backported[2] to the xserver version used by the recipe - so ignore the CVE, since it's patched already. [1]: `0c1a93d319` [2]: `a7bda3080d` Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f691f2178b15eec22f09a1c17b9945fad4e330e6) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:50 +05:30
Gyorgy Sarvari	0be619859e	tigervnc: sync xserver code with oe-core TigerVNC compiles its own xserver. Synchronize the xserver version with oe-core. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit fadb9c05709dae9e817a50e4d99093d4e2937933) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:49 +05:30
Gyorgy Sarvari	d5f3269b90	tigervnc: fix typo in CVE_STATUS Forgot to add the CVE- prefix in previous patch. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2f913279d4926ab92b97ffbb7c53031835b393bd) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:49 +05:30
Gyorgy Sarvari	e370d2f41f	fio: ignore CVE-2025-10824 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824 The upstream maintainer wasn't able to reproduce the issue[1], and the related bug is closed without further action. [1]: https://github.com/axboe/fio/issues/1981 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a275078cbeaa0fafcfa4eb60ca69f05a8fe3df99) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:48 +05:30
Gyorgy Sarvari	c0a63f5222	dovecot: patch CVE-2025-30189 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 Pick the patches referenced by the advisory[1] from the Full Disclosure list. [1]: https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:48 +05:30
Gyorgy Sarvari	af7857e40c	cups-filters: patch CVE-2025-64524 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 056ee43dd1d0e46a9b40339e877a4bf76cf8196b) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:47 +05:30
Gyorgy Sarvari	6a2e51e989	cifs-utils: patch CVE-2025-2312 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312 Pick the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:47 +05:30
Jason Schonberg	1a7e2ac776	c-ares: upgrade 1.34.5 -> 1.34.6 Drop memory leak patch which has already been included in this new version. The new version also includes a fix for CVE 2025-62408. Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 996768e0800a008e06d6c8d305f443198d4df847) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:46 +05:30
Gyorgy Sarvari	efde0fec54	minio: ignore irrelevant CVEs The minio umbrella covers multiple projects. The recipe itself builds "minio client", which is a set of basic tools to query data from "minio server" - like ls, mv, find... The CVEs were files against minio server. Looking at the go mod list, this recipe doesn't use minio server even as a build dependency - so ignore the CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit df462075be855c60117af661dbce1836c652fc16) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:46 +05:30
Gyorgy Sarvari	0c577a8001	accountsservice: ignore CVE-2023-3297 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297 The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is not present in the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 071a45c9d76c9a222c8fbaa50089a8af44f44e74) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:21 +05:30
Gyorgy Sarvari	a8a70d3893	fex: ignore unrelated CVEs These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b990486203b8eca688cfb6fc9bebf8b138e0b334) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-05 07:25:18 +05:30
Mingli Yu	a4e768dcfa	bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRA Most host gcc doesn't support -fcanon-prefix-map right now, so empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error. \| gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 31a08525bedd960c21214f84c256f67c6090bb5a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 16:54:28 +05:30
Khem Raj	14b2443bc1	libplist: Fix buildpaths in ptests Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> (cherry picked from commit 3a6b83c075e606c1bf2b46b9c51bbe22ff4c72c6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 16:53:43 +05:30
Viswanath Kraleti	ce1a2719f2	gflags: switch Git branch from master to main Update SRC_URI to use the 'main' branch instead of 'master' since the upstream GitHub repository has renamed its default branch. Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:05:06 +05:30
Leon Anavi	16316689b0	python3-huey: Upgrade 2.5.4 -> 2.5.5 Upgrade to release 2.5.5: - Fix for pypi Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7954f37b3ca479b4b086e887afc7ddc03d7f9eb2) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:27 +05:30
Leon Anavi	afeafe9ac3	python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2 Upgrade to release 3.1.2: - Fix pickling of abstract base classes containing type annotations for Python 3.14. License-Update: Use file LICENSE Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b428f675752f1f83bed691cb9b58adf48212aaea) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:27 +05:30
Leon Anavi	2ded78c56b	python3-polyline: Upgrade 2.0.3 -> 2.0.4 Upgrade to release 2.0.4: - Add py.typed marker Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 71055538b53c2fd60ea9c3a84a6d01fab5fa58ae) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:27 +05:30
Wang Mingyu	1f836596b9	python3-sqlparse: upgrade 0.5.3 -> 0.5.4 Changelog: ============= Enhancements --------------- * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an '--in-place' flag for in-place editing * Add 'ATTACH' and 'DETACH' to PostgreSQL keywords * Add 'INTERSECT' to close keywords in WHERE clause * Support 'REGEXP BINARY' comparison operator Bug Fixes ---------- * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks * Fix splitting on semicolons inside BEGIN...END blocks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 705abb20c1ec1d780183eef9ffd2a02894ef42e6) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:26 +05:30
Wang Mingyu	5f28ef7349	python3-pymodbus: upgrade 3.11.3 -> 3.11.4 Changelog: full support for python 3.14 and a number of packages (like mypy) have been updated. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b745baf4784f01b1eed82607d0d69004df6ed025) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:26 +05:30

1 2 3 4 5 ...

36337 Commits