Vijay Anusuri
1ad0d777d1
strongswan: Fix CVE-2026-25075
...
Pick patch according to [1]
[1] https://download.strongswan.org/security/CVE-2026-25075/
[2] https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:48 +05:30
Markus Volk
4feb9130b0
flatpak: add PACKAGECONFIG for dconf
...
Disable by default to avoid a requirement for meta-gnome
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:48 +05:30
Hitendra Prajapati
4810cd8c5b
python3-cbor2: patch CVE-2026-26209
...
Backport the patch[1] which fixes this vulnerability as mentioned in the
comment[3].
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26209
[1] e61a5f365bfb4ee1612ahttps://github.com/agronholm/cbor2/pull/275
Dropped changes to the changelog from the original commit.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:47 +05:30
Vijay Anusuri
b13ae5a8eb
giflib: Fix CVE-2026-23868
...
Pick patch according to [1]
[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:47 +05:30
Vijay Anusuri
57fc94a42d
libssh: Fix CVE-2026-0966
...
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-0966
[2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:47 +05:30
Vijay Anusuri
3b8e032dbc
libssh: Fix CVE-2026-0964
...
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-0964
[2] https://www.libssh.org/security/advisories/CVE-2026-0964.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:46 +05:30
Martin Jansa
0e43651ad3
freerdp: remove 0001-Fix-const-qualifier-error.patch
...
Instead of fixing the build with clang this is now breaking it after 2.11.8 commit:
67818bddb3martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-03 15:00:40 +05:30
Matthias Proske
06f846a325
bluealsa: fix QA issue staticdev
...
When building bluealsa with building static libraries NOT disabled, you
get the following error:
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found,
failing task.
Fix this by explicitly putting these files in the -staticdev package.
Signed-off-by: Matthias Proske <matthias.p@variscite.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1a9744b3caanuj.mittal@oss.qualcomm.com >
2026-03-24 15:53:24 +05:30
Martin Jansa
acbcafe3f5
krb5: fix build with gcc-15
...
* fixes:
http://errors.yoctoproject.org/Errors/Details/848727/
ss_internal.h:88:6: error: conflicting types for 'ss_delete_info_dir'; have 'void(void)'
88 | void ss_delete_info_dir();
| ^~~~~~~~~~~~~~~~~~
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f26536c2f6anuj.mittal@oss.qualcomm.com >
2026-03-24 15:51:50 +05:30
Aviv Daum
4439caa199
lldpd: fix xml PACKAGECONFIG dependency
...
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com >
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit cec3e0fd96anuj.mittal@oss.qualcomm.com >
2026-03-24 15:48:20 +05:30
Gyorgy Sarvari
2ca25f2279
libde265: patch CVE-2025-61147
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147
Backport the patch referenced by the NVD advisory.
Note that this is a partial backport - only the parts that are
used by the application, and without pulling in c++17 headers.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:16 +05:30
Gyorgy Sarvari
54c8a4ad6c
mariadb: upgrade 10.11.12 -> 10.11.16
...
10.11 is an LTS version of MariaDB. This upgrade is part of that commitment.
Release notes:
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.16
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.14
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.13
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:15 +05:30
Gyorgy Sarvari
bd41441bf3
libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837
Both vulnerabilities have been fixed in 0.10.5.
Relevant commits:
CVE-2025-12474: 5ce68976a536b0cecaa1skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:15 +05:30
Sujeet Nayak
76abb03c21
libnice: make crypto library configurable via PACKAGECONFIG
...
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com >
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:15 +05:30
Hitendra Prajapati
808d3a73de
python3-pillow: fix CVE-2026-25990
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990
Backport commit[1] which fixes this vulnerability as mentioned NVD report in [2].
[1] 9000313cc5https://nvd.nist.gov/vuln/detail/CVE-2026-25990
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:14 +05:30
Hitendra Prajapati
d3a45ead9c
python3-pyjwt: Fix CVE-2026-32597
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32597
Backport commit[1] which fixes this vulnerability as mentioned in [2].
[1] 051ea341b5https://security-tracker.debian.org/tracker/CVE-2026-32597
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:14 +05:30
Gyorgy Sarvari
d5de98d28b
capnproto: patch CVE-2026-32239 and CVE-2026-32240
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240
Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:13 +05:30
Gyorgy Sarvari
86dc3a4fe4
openjpeg: patch CVE-2023-39327
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit fdddf2bdd3bhabu.bindu@kpit.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:13 +05:30
Gyorgy Sarvari
2a5987979a
hiawatha: fix SRC_URI
...
The tarball was moved to a new folder on the source server.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:12 +05:30
Gyorgy Sarvari
b79eee49df
imagemagick: patch CVE-2025-69204
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:12 +05:30
Gyorgy Sarvari
1c317cf2c8
imagemagick: patch CVE-2025-68950
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68950
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:11 +05:30
Gyorgy Sarvari
8d896ff2ae
imagemagick: patch CVE-2025-68618
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618
Backport the commit that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:11 +05:30
Gyorgy Sarvari
14bb7501b0
exiv2: patch CVE-2026-27631
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Backport the patches referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:10 +05:30
Gyorgy Sarvari
3175de6547
exiv2: patch CVE-2026-27596
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596
Backport the commits referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:10 +05:30
Gyorgy Sarvari
7e66b15669
exiv2: patch CVE-2026-25884
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884
Backport the commits referenced by the NVD advisory.
One of the patches contain some binary data (for test data),
which needs to be applied with git PATCHTOOL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:10 +05:30
Gyorgy Sarvari
75e3ed1850
ettercap: patch CVE-2026-3603
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:09 +05:30
Vijay Anusuri
59b94e41bf
libssh: Fix CVE-2026-3731
...
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-3731
[2] https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:09 +05:30
Hitendra Prajapati
a88f173ed0
wireshark: Fix CVE-2026-0960
...
Pick patch from [1] also mentioned in [2]
[1] https://gitlab.com/wireshark/wireshark/-/issues/20944
[2] https://security-tracker.debian.org/tracker/CVE-2026-0960
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:08 +05:30
Gyorgy Sarvari
af2304fcb9
php: upgrade 8.2.29 -> 8.2.30
...
Drop patches that are included in this release.
Changes: https://www.php.net/ChangeLog-8.php#8.2.30
- Curl: Fix curl build and test failures with version 8.16.
- Opcache: Reset global pointers to prevent use-after-free in zend_jit_status().
- PDO: PDO quoting result null deref - CVE-2025-14180
- Null byte termination in dns_get_record()
- Heap buffer overflow in array_merge() - CVE-2025-14178
- Information Leak of Memory in getimagesize - CVE-2025-14177
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:08 +05:30
Hitendra Prajapati
e7a359838c
wireshark: Fix CVE-2026-3201
...
Pick patch from [1] also mentioned in [2]
[1] https://gitlab.com/wireshark/wireshark/-/issues/20972
[2] https://security-tracker.debian.org/tracker/CVE-2026-3201
More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:07 +05:30
Christos Gavros
b48d119e50
nativesdk-pistache: dependency with brotli
...
Building of nativesdk-pistache aborted due to
missing dependency with brotli.
Fixed by extending brotli recipe to build nativesdk
Signed-off-by: Christos Gavros <gavrosc@yahoo.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cf95ee0ff5deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:07 +05:30
Deepak Rathore
6dd3de0d5d
yasm: extend recipe for nativesdk builds
...
Some SDK dependency chains require yasm to be available
as SDK artifacts. The current metadata only partially provides this,
which can lead to dependency resolution failures when this recipe is pulled
into SDK-oriented builds.
This change does not alter target package behavior; it only enables required
nativesdk variant for build and SDK integration paths.
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:06 +05:30
Gyorgy Sarvari
29e835b9b7
vlc: ignore CVE-2026-26227 and CVE-2026-26228
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227
https://nvd.nist.gov/vuln/detail/CVE-2026-26228
Both vulnerabilities affect only the Android version of VLC, not
the other ones. Because of this, ignore these CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:06 +05:30
Gyorgy Sarvari
67d0242d70
gimp: add additional patch for CVE-2026-0797
...
There is an additional patch for CVE-2026-0797, which is not mentioned
in the CVE advisory, nor in the related issue nor in the related PR, however
both the change, and the commit message shows that this is a continuation
of the original fix, which was incomplete.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:05 +05:30
Peter Marko
ada8211493
sassc: ignore CVE-2022-43357
...
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.
[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
are not present in this repository.
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] https://github.com/sass/libsass/issues/3177
[3] https://github.com/sass/libsass/pull/3184
[4] https://github.com/sass/sassc/
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 576b84263bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:05 +05:30
Peter Marko
604a54d742
spice: set CVE-2016-2150 status to fixed
...
Debian has fixed this CVE with [1].
That patch is taken from [2].
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13
v0.13.1-190-g69628ea1
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13
v0.13.2
[1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/
[2] 69628ea137peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e44f3251b5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:04 +05:30
Peter Marko
bc575f49a2
spice: ignore CVE-2016-0749
...
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] 6b32af3e17359ac42a7apeter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 073e845274skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:04 +05:30
Peter Marko
0e38edb85d
spice-gtk: mark CVE-2012-4425 as fixed
...
It is fixed by [1] since 0.15.3.
NVD tracks this CVE as version-less.
[1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7e17f8cec0skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:03 +05:30
Gyorgy Sarvari
213a390d5d
streamripper: ignore CVE-2020-37065
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1571c1a8e5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:03 +05:30
Gyorgy Sarvari
67a8fe4a1a
python3-django: upgrade 4.2.28 -> 4.2.29
...
Contains fiuxes for CVE-2026-25673 and CVE-2026-25674.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:03 +05:30
Gyorgy Sarvari
c73a2a0435
protobuf: ignore CVE-2026-0994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 398fa05aa8skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:02 +05:30
Gyorgy Sarvari
24e8a09f65
libjxl: upgrade 0.10.2 -> 0.10.5
...
Bug fix release, mostly CVE fixes.
Drop patches that are included.
Changelog:
0.10.5:
fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
fix number of channels for gray-to-gray color transform (CVE-2026-1837)
djxl: reject decoding JXL files if "packed" representation size overflows size_t
0.10.4:
Huffman lookup table size fix (CVE-2024-11403)
Check height limit in modular trees (CVE-2024-11498)
0.10.3:
fixed decoding of some special images
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:02 +05:30
Gyorgy Sarvari
a0a3169b2b
keepalived: patch CVE-2024-41184
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184
Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:01 +05:30
Gyorgy Sarvari
ad6ea218ae
gnome-shell: ignore CVE-2021-3982
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982
The vulnerability is about a privilege escalation, in case
the host distribution sets CAP_SYS_NICE capability on the
gnome-shell binary.
OE distros don't do that, and due to this this recipe is not
affected by this issue. The CVE is ignored.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4d6e24106cskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:01 +05:30
Gyorgy Sarvari
1a6816e20f
gimp: patch CVE-2026-2048
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2048
Pick the patch from the relevant upstream issue[1];
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:00 +05:30
Gyorgy Sarvari
fb8e5b9659
gimp: ignore CVE-2026-2047
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047
The vulnerability exists in ICNS importer, which was first introduced in
version 3.0 [1], and the code is not present in the recipe version.
Due to this, ignore this CVE.
[1]: 00232e1787skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:51:51 +05:30
Gyorgy Sarvari
210ce6945c
gimp: patch CVE-2026-2045
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2045
Pick the patch associated with the relevant upstream issue[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:06 +05:30
Gyorgy Sarvari
276a3b7195
gimp: patch CVE-2026-2044
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2044
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:05 +05:30
Gyorgy Sarvari
74f6a2e5ac
gimp: patch CVE-2026-0797
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797
The patch referenced in the NVD report looks incorrect.
This change in this patch was taken from the related upstream issue[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:05 +05:30
Gyorgy Sarvari
3dd2d0dc98
gimp: patch CVE-2025-2761
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761
Pick the patch from the relevant upstream bug[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:04 +05:30
