Venkatasainath Ravikanti
32c83597c2
syslog-ng: update config version to match installed binary
...
syslog-ng 4.6.0 ships with Config version 4.2, but the configuration
files still declare @version: 3.36. This causes two warnings at startup:
WARNING: Configuration file format is too old, syslog-ng is running
in compatibility mode
WARNING: Your configuration file uses an obsoleted keyword
Update the @version to 4.2 to match the binary's config version.
Also replace the deprecated stats_freq() option with the modern
stats(freq()) syntax, and add @include "scl.conf" for the systemd
config to align with current upstream recommendations.
These changes mirror what was done in fee1274169 ("syslog-ng: upgrade
4.7.0 -> 4.8.1") for the master branch, adapted for the 4.6.0 version
on scarthgap.
Signed-off-by: Venkatasainath Ravikanti <venkatasainath.ravikanti@windriver.com >
Assisted-by: Kiro:claude-sonnet-4
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-07-01 08:29:35 +05:30
Naman Jain
8d7e7fa162
libssh: ignore CVE-2025-14821
...
Ignore CVE-2025-14821 as it is only applicable
for windows.
Reference: [https://security-tracker.debian.org/tracker/CVE-2025-14821 ]
Signed-off-by: Naman Jain <naman.jain@partner.bmw.de >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-06-09 11:37:19 +05:30
Hugo SIMELIERE (Schneider Electric)
59f8c396f9
nss: Fix CVE-2026-2781
...
Pick patch from [1] as 3.9X upstream mirror backport of [2] mentioned in Debian report in [3].
[1] https://github.com/nss-dev/nss/commit/870d3b013e6b39540d14e67b3db89da5a96381bf
[2] https://hg-edge.mozilla.org/projects/nss/rev/245385e16fa6
[3] https://security-tracker.debian.org/tracker/CVE-2026-2781
Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com >
Reviewed-by: Bruno VERNAY <bruno.vernay@se.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-05-21 09:56:15 +05:30
Sudhir Dumbhare
9f70f8d461
libssh: set status for CVE-2025-14821
...
The vulnerability is Windows-specific and depends on loading
configuration from C:\etc, which does not apply to Linux/Yocto builds
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-14821
https://github.com/advisories/GHSA-5jf9-8f86-jhvw
https://www.libssh.org/security/advisories/CVE-2025-14821.txt
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-05-21 08:57:48 +05:30
Ankur Tyagi
100da99a04
lcms: patch CVE-2026-42798
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-42798
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-05-21 08:57:46 +05:30
Ankur Tyagi
49a682f2ed
lcms: patch CVE-2026-41254
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-41254
Backport the patches referenced by the NVD advisory.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-05-21 08:57:46 +05:30
Het Patel
aaa594e19e
onig: Add CVE_PRODUCT to support product name
...
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.
Signed-off-by: Het Patel <hetpat@cisco.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7bc5268662 )
Signed-off-by: Himanshu Jadon <hjadon@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-05-21 08:57:43 +05:30
Mikko Rapeli
a9b7af632e
onig: fix gcc 15 build
...
With backport from upstream 6.9.10.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 12:56:07 +05:30
Ankur Tyagi
955189fbcb
libssh: Fix CVE-2026-0965
...
Backport the patch [1] as mentioned in [2]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76
[2] https://security-tracker.debian.org/tracker/CVE-2026-0965
Ptests passed:
root@qemux86:~# ptest-runner libssh
START: ptest-runner
2026-04-28T04:44
BEGIN: /usr/lib/libssh/ptest
...
...
DURATION: 269
END: /usr/lib/libssh/ptest
2026-04-28T04:49
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Ankur Tyagi
0f64da2ab9
libssh: patch CVE-2026-0967
...
Backport patch [1] as mentioned in [2]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15
[2] https://security-tracker.debian.org/tracker/CVE-2026-0967
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Ankur Tyagi
015b974b6b
libssh: patch CVE-2026-0968
...
Backport patches [1] and [2] as mentioned in [3]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9
[2] https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03
[3] https://security-tracker.debian.org/tracker/CVE-2026-0968
Certain functions from sftp.c were moved to a new file sftp_common.c
in version 0.11.0 by following commit:
https://git.libssh.org/projects/libssh.git/commit/src/sftp_common.c?id=c3e03ab4651e4f3382e3a51c0273ade894f0c48a
This is the backport of the changes using the original file sftp.c
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Ankur Tyagi
9a19b0f3cb
opensc: patch CVE-2025-66215
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66215
Backport the patches referenced by the PR[1] mentioned in the nvd.
Dropped the formatting commit from the backport.
[1] https://github.com/OpenSC/OpenSC/pull/3436
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Ankur Tyagi
91858e7ff9
opensc: patch CVE-2025-66038
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66038
Backport the patch referenced by the wiki[1] mentioned in the nvd.
[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Ankur Tyagi
a02592adda
opensc: patch CVE-2025-66037
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66037
Backport the patch referenced by the wiki[1] mentioned in the nvd.
[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Ankur Tyagi
886f7d221a
opensc: patch CVE-2025-49010
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49010
Backport the patch referenced by the wiki[1] mentioned in the nvd.
[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Libo Chen
c40989630d
hdf5: fix CVE-2025-6857
...
According to [1], A vulnerability has been found in HDF5 1.14.6 and
classified as problematic. Affected by this vulnerability is the function
H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to
stack-based buffer overflow. It is possible to launch the attack on the
local host. The exploit has been disclosed to the public and may be used.
Backport patch [2] from upstream to fix CVE-2025-6857
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6857
[2] https://github.com/HDFGroup/hdf5/commit/a8ceb1d95bb997f548c1129363dad53c18540096
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Libo Chen
4ab556ad1e
hdf5: fix CVE-2025-2308
...
According to [1], A vulnerability, which was classified as critical, was
found in HDF5 1.14.6. This affects the function
H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter.
The manipulation leads to heap-based buffer overflow. An attack has to be
approached locally. The exploit has been disclosed to the public and may be
used. The vendor plans to fix this issue in an upcoming release.
Backport patch [2] from upstream to fix CVE-2025-2308
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2308
[2] https://github.com/HDFGroup/hdf5/commit/2ce7fdc4cf147d280aa6d49686297faacc250e40
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:29 +05:30
Naman Jain
098a230565
imagemagick: Fix CVEs
...
Fix the following CVEs-
CVE-2026-24481 CVE-2026-25638 CVE-2026-25794 CVE-2026-25795
CVE-2026-25796 CVE-2026-25797 CVE-2026-25798 CVE-2026-25799
CVE-2026-25897 CVE-2026-25898 CVE-2026-25965 CVE-2026-25966
CVE-2026-25967 CVE-2026-25968 CVE-2026-25969 CVE-2026-25970
CVE-2026-25982 CVE-2026-25985 CVE-2026-25986 CVE-2026-25987
CVE-2026-25988 CVE-2026-26066 CVE-2026-26283 CVE-2026-26284
CVE-2026-26983
Signed-off-by: Naman Jain <namanj1@kpit.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-29 10:14:24 +05:30
Libo Chen
6f240eceb0
hdf5: fix CVE-2025-2309
...
According to [1], A vulnerability has been found in HDF5 1.14.6 and
classified as critical. This vulnerability affects the function
H5T__bit_copy of the component Type Conversion Logic. The manipulation
leads to heap-based buffer overflow. Local access is required to approach
this attack. The exploit has been disclosed to the public and may be used.
The real existence of this vulnerability is still doubted at the moment.
The vendor plans to fix this issue in an upcoming release.
Backport patch [2] from upstream to fix CVE-2025-2309
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2309
[2] https://github.com/HDFGroup/hdf5/commit/9d90b21ef5c5373978014f1a711795aa653bd9a1
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-15 14:12:18 +05:30
Libo Chen
69fcb4d4b1
hdf5: fix CVE-2025-44905
...
According to [1], hdf5 v1.14.6 was discovered to contain a heap buffer
overflow via the H5Z__filter_scaleoffset function.
Backport patch [2] from upstream to fix CVE-2025-44905
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-44905
[2] https://github.com/HDFGroup/hdf5/commit/42588aeba786a121fec1fbad72cf39d8f60a4983
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-15 14:12:18 +05:30
Libo Chen
c96f578f10
hdf5: fix CVE-2025-2310
...
According to [1], A vulnerability was found in HDF5 1.14.6 and classified
as critical. This issue affects the function H5MM_strndup of the component
Metadata Attribute Decoder. The manipulation leads to heap-based buffer
overflow. Attacking locally is a requirement. The exploit has been
disclosed to the public and may be used.
Backport patch [2] from upstream to fix CVE-2025-2310
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2310
[2] https://github.com/HDFGroup/hdf5/commit/6c86f97e03c6dc7d7bd2bae9acc422bdc3438ff4
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-15 14:12:18 +05:30
Libo Chen
43572581cf
hdf5: fix CVE-2025-2153
...
According to [1], A vulnerability, which was classified as critical, was
found in HDF5 1.14.6. Affected is the function H5SM_delete of the file
H5SM.c of the component h5 File Handler. The manipulation leads to
heap-based buffer overflow. It is possible to launch the attack remotely.
The complexity of an attack is rather high. The exploitability is told to
be difficult. The exploit has been disclosed to the public and may be used.
Backport patch [2] from upstream to fix CVE-2025-2153
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-2153
[2] https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-15 14:12:15 +05:30
Ankur Tyagi
964432f3af
libraw: ignore CVE-2026-5318
...
Vulnerability exists in the function which was added in version 0.22.0[1]
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-5318
[1] https://github.com/LibRaw/LibRaw/commit/12b0e5d60c57bb795382fda8494fc45f683550b8
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
6d5a42a5e0
freerdp3: fix CVE-2026-33984
...
Detaisl: https://nvd.nist.gov/vuln/detail/CVE-2026-33984
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
262e656885
freerdp3: fix CVE-2026-31897
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31897
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
73ae0a8034
freerdp3: fix CVE-2026-31806
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31806
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
7025c461c7
freerdp3: fix CVE-2026-29776
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29776
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
1bc75cd389
freerdp3: fix CVE-2026-29775
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29775
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
2d96f24f2d
freerdp3: fix CVE-2026-29774
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29774
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
53ab8b4a5a
freerdp3: fix CVE-2026-24683
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24683
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
2beb2f81e7
freerdp3: fix CVE-2026-24682
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24682
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
799cfe0cfa
freerdp3: fix CVE-2026-24681
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24681
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
b343c96d52
freerdp3: fix CVE-2026-24680 and CVE-2026-27950
...
There was only SDL2 client until commit[1] created SDL2 and SDL3 clients
from version 3.6.0 onwards.
[1] https://github.com/FreeRDP/FreeRDP/commit/8281186a6d9dad20e8345d85a1732e2974636555
Details:
https://nvd.nist.gov/vuln/detail/CVE-2026-24680
https://nvd.nist.gov/vuln/detail/CVE-2026-27950
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
27ba3fb054
freerdp3: fix CVE-2026-24679
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24679
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
09cd8e482a
freerdp3: ignore CVE-2026-24677 and CVE-2026-24678
...
Both vulnerabilities exists in the functions which were added in
version 3.6.0[1]
Details:
https://nvd.nist.gov/vuln/detail/CVE-2026-24677
https://nvd.nist.gov/vuln/detail/CVE-2026-24678
[1] https://github.com/FreeRDP/FreeRDP/commit/a81d111ac4023d31e10ebf579fa34c93bf56bce5
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
8cc0cd3deb
freerdp3: fix CVE-2026-24676
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24676
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
4784f85b09
freerdp3: fix CVE-2026-24675
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24675
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
c9763be62b
freerdp3: fix CVE-2026-24491
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24491
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
a0221753e4
freerdp3: fix CVE-2026-23948
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23948
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
21af1f7e13
freerdp3: fix CVE-2026-33952
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33952
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Ankur Tyagi
421f659e20
freerdp3: fix CVE-2026-25941
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25941
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-13 12:40:21 +05:30
Vijay Anusuri
57fc94a42d
libssh: Fix CVE-2026-0966
...
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-0966
[2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:47 +05:30
Vijay Anusuri
3b8e032dbc
libssh: Fix CVE-2026-0964
...
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-0964
[2] https://www.libssh.org/security/advisories/CVE-2026-0964.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:46 +05:30
Martin Jansa
0e43651ad3
freerdp: remove 0001-Fix-const-qualifier-error.patch
...
Instead of fixing the build with clang this is now breaking it after 2.11.8 commit:
https://github.com/FreeRDP/FreeRDP/commit/67818bddb31900cdf3acb26cb0b673cc90b71cc9
freerdp/2.11.8/git/client/Wayland/wlfreerdp.c:637:19: error: incompatible function pointer types assigning to 'OBJECT_NEW_FN' (aka 'void *(*)(const void *)') from 'void *(void *)' [-Wincompatible-function-pointer-types]
637 | obj->fnObjectNew = uwac_event_clone;
| ^ ~~~~~~~~~~~~~~~~
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:40 +05:30
Sujeet Nayak
76abb03c21
libnice: make crypto library configurable via PACKAGECONFIG
...
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com >
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:15 +05:30
Gyorgy Sarvari
b79eee49df
imagemagick: patch CVE-2025-69204
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:12 +05:30
Gyorgy Sarvari
1c317cf2c8
imagemagick: patch CVE-2025-68950
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68950
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:11 +05:30
Gyorgy Sarvari
8d896ff2ae
imagemagick: patch CVE-2025-68618
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618
Backport the commit that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:11 +05:30
Gyorgy Sarvari
14bb7501b0
exiv2: patch CVE-2026-27631
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Backport the patches referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:10 +05:30
Gyorgy Sarvari
3175de6547
exiv2: patch CVE-2026-27596
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596
Backport the commits referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:10 +05:30