782d9564e8
linux-atm: fix SRC_URI
...
The previous one stopped working
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-04-23 20:12:51 +02:00
e2988d39a1
strongswan: Fix CVE-2026-25075
...
Pick patch according to [1]
[1] https://download.strongswan.org/security/CVE-2026-25075/
[2] https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-04-07 10:35:53 +02:00
2fd8d7e485
wireshark: fix CVE-2025-5601
...
Pick patch from [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-5601
[2] https://gitlab.com/wireshark/wireshark/-/issues/20509
More details :
https://nvd.nist.gov/vuln/detail/CVE-2025-5601
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-25 08:41:41 +01:00
1bdff724ed
lldpd: fix xml PACKAGECONFIG dependency
...
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-13 05:57:22 +01:00
9b58919732
ettercap: patch CVE-2026-3603
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-11 14:39:51 +01:00
bd5d3494e4
memcached: patch CVE-2023-46853
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-46853
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-07 21:05:26 +01:00
5307edaa60
memcached: patch CVE-2023-46852
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-46852
Backport the patch that is referenced by the NVD advisory.
The test extension was not backported, because the modified testcase
does not exist in the recipe version yet.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-07 21:05:17 +01:00
e01fd0c490
opem-vm-tools: ignore multiple CVEs
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2014-4199
https://nvd.nist.gov/vuln/detail/CVE-2014-4200
https://nvd.nist.gov/vuln/detail/CVE-2022-22943
https://nvd.nist.gov/vuln/detail/CVE-2022-22977
https://nvd.nist.gov/vuln/detail/CVE-2022-31693
https://nvd.nist.gov/vuln/detail/CVE-2023-34057
The fixes for the first two vulnerabilities are already present in the
used version.
As identified by Redhat:
CVE-2014-4199: it has been fixed since version 9.10.2[1]
CVE-2014-4200: it has been fixed since version 9.4.6[2]
CVE-2022-22943, CVE-2022-22977 and CVE-2022-31693 affect only Windows.
CVE-2023-34059 affects only Windows and MacOS.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4199
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4200
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-07 21:04:47 +01:00
331ff3f94b
dovecot: patch CVE-2021-29157
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-29157
Backport the patch that it used by Debian[1] to fix this CVE.
[1]: https://sources.debian.org/src/dovecot/1%3A2.3.13%2Bdfsg1-2%2Bdeb11u1/debian/patches
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 17:00:35 +01:00
cdc87f8f3b
ndpi: ignore CVE-2025-25066
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066
The vulnerable code was introduced in v4.12[1], and is not
present in the recipe version. Due to this, ignore the CVE.
[1]: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
b3c43cc096
quagga: ignore CVE-2021-44038
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44038
The main point of the vulnerability is that the application
comes with its own systemd unit files, which execute chmod and chown
commands upon start on some files. So when the services are
restarted (e.g. after an update), these unit files can be tricked
to change the permissions on a malicious file.
However OE does not use these unit files - the recipe comes
with its own custom unit files, and chown/chmod isn't used
at all.
Due to this, ignore this vulnerability.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
3054edf8bb
quagga: patch CVE-2017-3224
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-3224
Quagga is an abandoned project, but it is not without a successor.
Frr (or Frrouting) is a fork of Quagga, and they have fixed this
vulnerability. That patch from Frr was ported to Quagga.
The Frr patch mentions this CVE ID explicitly, and also Debian
has identified it as the correct patch[1].
[1]: https://security-tracker.debian.org/tracker/CVE-2017-3224
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
5b9b91b0e2
keepalived: patch CVE-2024-41184
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184
Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
a9f06b91a0
libconfuse: patch CVE-2022-40320
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-40320
Pick the patch that was marked to resolve the github bug in the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
00e263ed58
dante: patch CVE-2024-54662
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-54662
This backported patch was taken from upstream's website[1],
where they identify it as the solution for this vulnerability
[1]: https://www.inet.no/dante/ (bottom, "advisories" section)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
3e3bd7acfc
dovecot: ignore CVE-2025-30189
...
Vulnerable versions are 2.4.0, 2.4.1 according to the full disclosure[1]
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189
[1] https://seclists.org/fulldisclosure/2025/Oct/29
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:34 +01:00
42774277a4
wireshark: Fix multiple CVEs
...
Backport fixes for :
* CVE-2024-8645 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/8e5f8de8836d3a81276ae5b9bf78cbac58bb6108
* CVE-2026-0960 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/f31123dcdbac37272046b58b2f7941bc7fb42934
* CVE-2025-13945 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/9139917bd8e2c80a5db7079993d5528db74e3519
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-19 12:03:21 +01:00
d27a3be1f6
ez-ipupdate: patch CVE-2003-0887
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dd81ffdb68skandigraun@gmail.com >
2026-02-13 17:03:50 +01:00
f8c8241198
strongswan: Security fix for CVE-2025-62291
...
CVE fixed:
- CVE-2025-62291 strongswan: Arbitrary Code Execution and Denial of Service via crafted EAP-MSCHAPv2 message
Upstream-Status: Backport from https://download.strongswan.org/security/CVE-2025-62291/strongswan-4.4.0-6.0.2_eap_mschapv2_failure_request_len.patch
Signed-off-by: Rohini Sangam <rsangam@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-11 19:52:14 +01:00
c40873cb69
libiec61850: patch CVE-2024-45970
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45970
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
90575e38b7
libiec61850: patch CVE-2024-45969
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45969
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
ef6ef1492c
frr: ignore CVE-2023-3748, CVE-2023-41359..61
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3748
https://nvd.nist.gov/vuln/detail/CVE-2023-41359
https://nvd.nist.gov/vuln/detail/CVE-2023-41360
https://nvd.nist.gov/vuln/detail/CVE-2023-41361
Regarding CVE-2023-3748:
Based on Debian's investigation, the vulnerability was solved by [1].
However that vulnerable code that was fixed was introduced after the
recipe version, only in version 8.4.0[2].
Since the recipe version isn't affected by this CVE, ignore it.
Regarding CVE-2023-41359:
The pull request[3] referenced by the NVD report references another pull
request[4] which was opened to backport the fix. The conversion on this
PR confirms that the vulnerable feature was introduced in 8.5.
Due to this, ignore this CVE.
Regarding CVE-2023-41360:
The vulnerable code was introduced[5] in version 8.4.0, and the
recipe version is not vulnerable.
Due to this ignore this CVE.
Regarding CVE-2023-41361:
The vulnerable code was introduced[6] in version 9.0 and the recipe
version is not vulnerable.
Due to this ignore this CVE.
[1]: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085
[2]: https://github.com/FRRouting/frr/commit/54a3e60b3ebd3621c4dd90b0b49e8e36e4e100d8
[3]: https://github.com/FRRouting/frr/pull/14232
[4]: https://github.com/FRRouting/frr/pull/15927
[5]: https://github.com/FRRouting/frr/commit/f1aa49293a4a8302b70989aaa9ceb715385c3a7e
[6]: https://github.com/FRRouting/frr/commit/234f6fd4f4804bb17bd8cbb1dd91994a914f38d2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
8c092c4a82
proftpd: ignore CVE-2021-47865
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
I just put it on the ignore list.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
f1cfd1ec5d
openvpn: ignore CVE-2024-4877 and CVE-2025-13751
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-4877
https://nvd.nist.gov/vuln/detail/CVE-2025-13751
The vulnerabilities are specific to Windows platform, not relevant to OE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:28 +01:00
eb933671af
tcpreplay 4.4.4: Fix CVE-2025-9384
...
There is a NULL Pointer Dereference in ports2PORT when the user passes ill-formatted
portmap string to tcprewrite with option -r or --portmap
Upstream Repository: https://github.com/appneta/tcpreplay.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9384
CVE: CVE-2025-9384
Signed-off-by: Jackson <jacksonj2@kpit.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:28 +01:00
6d01018250
python3-ldap: patch CVE-2025-61912
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61912
Pick the patch that's mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-20 18:22:05 +01:00
3a9a13832b
python3-ldap: patch CVE-2025-61911
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61911
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-20 18:22:04 +01:00
e660c4f8dc
squid: upgrade 4.15 -> 4.17
...
These are bugfix releases.
Changelogs:
4.17:
- WCCP: Validate packets better
4.16:
- Regression Fix: --with-valgrind-debug build broken since 4.15
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
- Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
- Bug 4528: ICAP transactions quit on async DNS lookups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-20 18:22:02 +01:00
c021875bc4
memcached: ignore disputed CVE-2022-26635
...
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 889ccce684skandigraun@gmail.com >
2026-01-09 14:18:32 +01:00
be06039718
wireshark: ignore CVE-2024-24476, CVE-2024-24478 and CVE-2024-24479
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-24476
https://nvd.nist.gov/vuln/detail/CVE-2024-24478
https://nvd.nist.gov/vuln/detail/CVE-2024-24479
Upstream disputes all three vulnerabilities[1]. Looking at the history,
even though they were valid issues for some period of time, none of
them made it to an actual stable release: the vulnerabilities were
caused, caught and fixed in the same development cycle between two
releases.
CVE-2024-24476: vulnerability introduced with[2], fixed with[3]
CVE-2024-24478: vulnerability introduced with[4], fixed with[5]
CVE-2024-24479: vulnerability introduced with[6], fixed with[7]
Ignore all three of these vulnerabilities, as they are not present
in the used recipe version.
[1]: https://www.wireshark.org/docs/relnotes/wireshark-4.2.4.html
[2]: https://github.com/wireshark/wireshark/commit/395e3b6cb595bfc610f3c26e7e9eb1f8729fd952
[3]: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78
[4]: https://github.com/wireshark/wireshark/commit/a9a62ff576ae79e0d6afb3214a5d409ec4cdf9d7
[5]: https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef
[6]: https://github.com/wireshark/wireshark/commit/53ec634ac2bf5f87a594aa72f16ca21c25a146a9
[7]: https://github.com/wireshark/wireshark/commit/c3720cff158c265dec2a0c6104b1d65954ae6bfd
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-09 14:18:22 +01:00
bca7f71ca2
wireshark: upgrade 3.4.12 -> 3.4.16
...
These are all bugfix releases.
Drop CVE-2022-3190.patch, as it is included in 3.4.16.
Changelogs:
3.4.13: https://www.wireshark.org/docs/relnotes/wireshark-3.4.13.html
3.4.14: https://www.wireshark.org/docs/relnotes/wireshark-3.4.14.html
3.4.15: https://www.wireshark.org/docs/relnotes/wireshark-3.4.15.html
3.4.16: https://www.wireshark.org/docs/relnotes/wireshark-3.4.16.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-09 14:17:57 +01:00
634719db25
wireshark: fix CVE-2025-11626
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/513e5d49724f4a0695c5d2a08ce422c09cb999c8
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-09 08:29:04 +01:00
61ca38f45d
openflow: don't overwrite CVE_CHECK_IGNORE
...
The recipe contains two CVE_CHECK_IGNORE declarations, and the second
one overwrites the first one - however the first one is also important.
Instead of overwriting it, just append them to each other. Also, move the
operations closer to each other, so it's easier to see what's going on.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
42e868a468
net-snmp: Fix for CVE-2025-68615
...
Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/b4e6f826d9ddcc2d72eac432746807e1234266db
Reference: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
fa7d1a059e
tinyproxy: patch CVE-2025-63938
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938
Pick the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
60f0e23124
lldpd: patch CVE-2021-43612
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-43612
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
6b7a0197f9
proftpd: set status of CVE-2001-0027
...
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 03a1b56bc7skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
71adc2f371
civetweb: patch CVE-2025-9648
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-9648
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit eb338ebb60skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
6d28476b74
nbdkit: remove unused patch
...
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
2ab2b60609
nbdkit: patch CVE-2025-47712
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47712
Pick the patch from the project's repository which explicitly
mentions this vulnerability ID.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
4a97186719
nbdkit: patch CVE-2025-47711
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47711
Pick the patch from the repository which explicitly mentions
this CVE ID.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
360720faba
mtr: patch CVE-2025-49809
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49809
Pick the patch mentioned in the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:56:58 +01:00
8611f92c20
proftpd: patch CVE-2024-48651
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651
Backport the patch mentioned in the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-17 15:38:00 +01:00
ea388c67e4
wireshark: fix CVE-2025-13499
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-16 08:41:05 +01:00
b1e0fadb72
mbedtls: fix CVE-2025-47917
...
CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.
Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.
Signed-off-by: Kai Kang <kai.kang@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-16 08:39:06 +01:00
4437919060
znc: patch CVE-2024-39844
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844
Pick the patch that is mentioned in the oss-security[1] advisory
[1]: https://www.openwall.com/lists/oss-security/2024/07/03/9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-14 16:18:46 +01:00
bc55ba3d8c
babeld: fix installation with usrmerge
...
In case usrmerge DISTRO_FEATURE is enabled, the recipe installed
the application to /bin folder, which is however a symlink to /usr/bin,
so the installation ultimately failed.
To fix this, set the correct prefix for the installation.
This is a partial backport of f91983f1f3skandigraun@gmail.com >
2025-12-02 13:54:02 +01:00
b5a19849c5
usbredir: patch CVE-2021-3700
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3700
Pick the patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:57 +01:00
eeda504ce9
usrsctp: patch CVE-2019-20503
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-20503
Pick the patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:57 +01:00
665e1cad14
spice: correct SRC_URI
...
The previous repository was moved to freedesktop's gitlab instance
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-17 09:08:37 +01:00
Gyorgy Sarvari
Vijay Anusuri
Hitendra Prajapati
Aviv Daum
Ankur Tyagi
Rohini Sangam
Jackson
Peter Marko
Kai Kang