mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
36,226 Commits 64 Branches 0 Tags
0d737e14194f80f7e8047988da7dfed3c0596a39
Commit Graph

36226 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Marko 0d737e1419 net-snmp: patch CVE-2025-68615 
Pick patch per [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-68615

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:07 +05:30
Gyorgy Sarvari c6849e7529 python3-django: upgrade 5.2.8 -> 5.2.9 
Includes fix for CVE-2025-13372 and CVE-2025-64460

Changelog: https://github.com/django/django/blob/5.2.9/docs/releases/5.2.9.txt

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2538918df1)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:59 +05:30
Gyorgy Sarvari 9a6b60af3e python3-django: upgrade 4.2.26 -> 4.2.27 
Contains fix for CVE-2025-13372 and CVE-2025-64460

Changelog: https://github.com/django/django/blob/4.2.27/docs/releases/4.2.27.txt

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fae6fe9b41)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:58 +05:30
Gyorgy Sarvari b964b9858b python3-configobj: ignore CVE-2023-26112 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112

The used version (5.0.9) contains the fix[1] already - ignore the CVE.

[1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:58 +05:30
Gyorgy Sarvari e51133657a postgresql: upgrade 17.6 -> 17.7 
It contains fixes for CVE-2025-12817 and CVE-2025-12818.

Changelog:
https://www.postgresql.org/docs/release/17.7/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8217b90e94)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:57 +05:30
Gyorgy Sarvari 7c1e9999d0 php: upgrade 8.4.15 -> 8.4.16 
This is a bugfix release, containing fixes for CVE-2025-14177,
CVE-2025-14178 and CVE-2025-14180.

Changelog: https://www.php.net/ChangeLog-8.php#8.4.16

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:57 +05:30
Gyorgy Sarvari 303f5afacf openvpn: upgrade 2.6.16 -> 2.6.17 
Contains fix for CVE-2025-13751

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:56 +05:30
Hugo SIMELIERE 925318887e libwebsockets: fix CVE-2025-11678 
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch
Upstream commit:
https://github.com/warmcat/libwebsockets/commit/2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 5fab8bd31b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:56 +05:30
Hugo SIMELIERE 9570160dae libwebsockets: fix CVE-2025-11677 
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11677.patch
Upstream commit:
https://github.com/warmcat/libwebsockets/commit/2f082ec31261f556969160143ba94875d783971a

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit da04d7003e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:55 +05:30
Gyorgy Sarvari 94e21ed9b5 libcoap: ignore CVE-2025-50518 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:55 +05:30
Gyorgy Sarvari b8127adea4 imagemagick: upgrade 7.1.2-8 -> 7.1.2-12 
Contains fix for CVE-2025-65955 and CVE-2025-69204.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:54 +05:30
Gyorgy Sarvari a06ce2aa74 gimp: patch CVE-2025-14425 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14425

Backport the patch referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 49732c90c0)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:54 +05:30
Gyorgy Sarvari f9add3e25a gimp: patch CVE-2025-14424 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424

Pick the patch referenced by the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b16c1a543a)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:53 +05:30
Gyorgy Sarvari 732aa8f936 gimp: patch CVE-2025-14423 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423

Pick the patch references by the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6aa5720e76)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:53 +05:30
Gyorgy Sarvari b680240a03 gimp: patch CVE-2025-14422 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422

Pick the patch referenced by the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a0b41204af)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:53 +05:30
Gyorgy Sarvari ed4878b3bc freerdp3: ignore CVE-2025-68118 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118

It is a Windows only vulnerability, ignore it.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:52 +05:30
Ankur Tyagi 22b7851cde fetchmail: patch CVE-2025-61962 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 0d9da11052)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:52 +05:30
Gyorgy Sarvari 0827d22e4c civetweb: ignore CVE-2025-9648 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648

It is already fixed in the currently used version.

Also, update CVE-2025-55763's status to "fixed-version" (so it will be
marked as "Patched" in the CVE report instead of "Ignored")

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bfb76da63b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:51 +05:30
Gyorgy Sarvari 670aa709fb tigervnc: ignore CVE-2025-26594...26601 
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601

Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601

TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.

All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).

Due to this, ignore these vulnerabilities, and just mark them as patched.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4924e89bb7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:51 +05:30
Gyorgy Sarvari 62a12a32a8 tigervnc: ignore CVE-2023-6478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62a78f8ba7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:50 +05:30
Gyorgy Sarvari dc575822b2 tigervnc: ignore CVE-2023-6377 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f691f2178b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:50 +05:30
Gyorgy Sarvari 0be619859e tigervnc: sync xserver code with oe-core 
TigerVNC compiles its own xserver. Synchronize the xserver version
with oe-core.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fadb9c0570)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:49 +05:30
Gyorgy Sarvari d5f3269b90 tigervnc: fix typo in CVE_STATUS 
Forgot to add the CVE- prefix in previous patch.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2f913279d4)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:49 +05:30
Gyorgy Sarvari e370d2f41f fio: ignore CVE-2025-10824 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824

The upstream maintainer wasn't able to reproduce the issue[1],
and the related bug is closed without further action.

[1]: https://github.com/axboe/fio/issues/1981

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a275078cbe)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:48 +05:30
Gyorgy Sarvari c0a63f5222 dovecot: patch CVE-2025-30189 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189

Pick the patches referenced by the advisory[1] from the Full Disclosure list.

[1]: https://seclists.org/fulldisclosure/2025/Oct/29

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:48 +05:30
Gyorgy Sarvari af7857e40c cups-filters: patch CVE-2025-64524 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524

Pick the patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 056ee43dd1)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:47 +05:30
Gyorgy Sarvari 6a2e51e989 cifs-utils: patch CVE-2025-2312 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312

Pick the patch that is referenced by the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:47 +05:30
Jason Schonberg 1a7e2ac776 c-ares: upgrade 1.34.5 -> 1.34.6 
Drop memory leak patch which has already been included in this new version.

The new version also includes a fix for CVE 2025-62408.

Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 996768e080)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:46 +05:30
Gyorgy Sarvari efde0fec54 minio: ignore irrelevant CVEs 
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...

The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df462075be)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:46 +05:30
Gyorgy Sarvari 0c577a8001 accountsservice: ignore CVE-2023-3297 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297

The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is
not present in the recipe.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 071a45c9d7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:21 +05:30
Gyorgy Sarvari a8a70d3893 fex: ignore unrelated CVEs 
These CVEs were filed for "Fram's Fast File Exchange" application, which
has the same abbreviated name as fex. Currently this recipe has no historical
CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore
these irrelevant CVEs explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b990486203)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-05 07:25:18 +05:30
Mingli Yu a4e768dcfa bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRA 
Most host gcc doesn't support -fcanon-prefix-map right now, so
empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error.
 | gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’?

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31a08525be)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 16:54:28 +05:30
Khem Raj 14b2443bc1 libplist: Fix buildpaths in ptests 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
(cherry picked from commit 3a6b83c075)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 16:53:43 +05:30
Viswanath Kraleti ce1a2719f2 gflags: switch Git branch from master to main 
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.

Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:05:06 +05:30
Leon Anavi 16316689b0 python3-huey: Upgrade 2.5.4 -> 2.5.5 
Upgrade to release 2.5.5:

- Fix for pypi

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7954f37b3c)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:27 +05:30
Leon Anavi afeafe9ac3 python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2 
Upgrade to release 3.1.2:

- Fix pickling of abstract base classes containing type annotations
  for Python 3.14.

License-Update: Use file LICENSE

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b428f67575)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:27 +05:30
Leon Anavi 2ded78c56b python3-polyline: Upgrade 2.0.3 -> 2.0.4 
Upgrade to release 2.0.4:

- Add py.typed marker

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 71055538b5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:27 +05:30
Wang Mingyu 1f836596b9 python3-sqlparse: upgrade 0.5.3 -> 0.5.4 
Changelog:
=============
Enhancements
---------------
* Add support for Python 3.14.
* Add type annotations to top-level API functions and include py.typed marker
  for PEP 561 compliance, enabling type checking with mypy and other tools
* Add pre-commit hook support. sqlparse can now be used as a pre-commit hook
  to automatically format SQL files. The CLI now supports multiple files and
  an '--in-place' flag for in-place editing
* Add 'ATTACH' and 'DETACH' to PostgreSQL keywords
* Add 'INTERSECT' to close keywords in WHERE clause
* Support 'REGEXP BINARY' comparison operator

Bug Fixes
----------
* Add additional protection against denial of service attacks when parsing
  very large lists of tuples. This enhances the existing recursion protections
  with configurable limits for token processing to prevent DoS through
  algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,
  MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)
  if needed for legitimate large SQL statements.
* Remove shebang from cli.py and remove executable flag
* Fix strip_comments not removing all comments when input contains only
  comments
* Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END
  blocks
* Fix splitting on semicolons inside BEGIN...END blocks

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 705abb20c1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:26 +05:30
Wang Mingyu 5f28ef7349 python3-pymodbus: upgrade 3.11.3 -> 3.11.4 
Changelog:
 full support for python 3.14 and a number of packages (like mypy) have been updated.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b745baf478)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:26 +05:30
Wang Mingyu 6e0c4cd1a5 python3-pybcj: upgrade 1.0.6 -> 1.0.7 
Changelog:
============
- Support for python 3.14
- ci: fix test and release workflows

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 797e29ed42)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:25 +05:30
Wang Mingyu 0912147bde python3-gmpy2: upgrade 2.2.1 -> 2.2.2 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e274146fa4)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:25 +05:30
Wang Mingyu 8197b4ba79 python3-eventlet: upgrade 0.40.3 -> 0.40.4 
Changelog:
============
* Remove legacy setuptools configuration files
* add 3.14 to supported versions
* Emit warning on startup that eventlet is deprecated
* Fix Python 3.14 on macOS
* Workaround for #1068

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 768580103b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:24 +05:30
Ankur Tyagi 4ef895e04c python3-django: upgrade 4.2.25 -> 4.2.26 
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.26/

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5551a12170)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:24 +05:30
Ankur Tyagi 1a96475ce5 python3-django: upgrade 5.2.7 -> 5.2.8 
Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.2.8/

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8247a68d54)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:23 +05:30
Wang Mingyu 0e313f5b73 python3-rich-argparse: upgrade 1.7.1 -> 1.7.2 
Changelog:
 Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 18aaa7d8a6)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:23 +05:30
Wang Mingyu 93be4fae40 python3-moteus: upgrade 0.3.95 -> 0.3.96 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ddca2bae90)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:22 +05:30
Wang Mingyu f54fe07115 python3-gpt-image: upgrade 0.9.0 -> 0.9.1 
Changelog:
  Partition commit offset calculation

License-Update: file type changed to "ASCII text"

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc53efed84)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:22 +05:30
Khem Raj 7c5fd57f84 e2tools: Fix buildpaths in ptests 
Currently the path checks are escaping QA check for buildpath detection but config.status
still has paths which show up in reproduciblity failures, comparing build in path A and
build in path B, content of config.status don't end up same.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0856c56132)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:21 +05:30
Wang Mingyu 1de4f92214 nautilus: upgrade 49.1 -> 49.2 
* Bugfixes:
- Fix handling of unset XDG directories
- Reduce memory usage of thumbnails by correct scaling
- Fix potential rescaling of item when switching to cut icon
- Fix crash on empty file lists in drops
- Correct sorting of loopback devices
- Don't skip the first file from operation progress monitoring

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 90343e1990)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:21 +05:30
Gyorgy Sarvari aa45e41705 gupnp-tools: upgrade 0.12.1 -> 0.12.2 
Changelog:
- Common:
    - Remove deprecated libxml calls
- AV CP:
    - Remove some stray debug output
- EventDumper:
    - Code cleanup
- Uploader:
    - Fix parsing the Browse result

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 25540bf356)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:00:21 +05:30