3c1286f8b3
nginx: patch CVE-2026-1642
...
Pick patch accorting to [1].
[1] https://security-tracker.debian.org/tracker/CVE-2026-1642
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:34 +01:00
3e3bd7acfc
dovecot: ignore CVE-2025-30189
...
Vulnerable versions are 2.4.0, 2.4.1 according to the full disclosure[1]
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189
[1] https://seclists.org/fulldisclosure/2025/Oct/29
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:34 +01:00
33822593e5
rocksdb: Add an option to set static library
...
Modify the CMakeLists.txt to add an Option for
STATIC target import, as available for shared library.
Link: https://github.com/facebook/rocksdb/pull/12890
Configure static library as option, default to ON.
Provides option to make it off thru PACKCONFIG, if needed.
Signed-off-by: Bhabu Bindu <bindu.bhabu@kpit.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 233079a41cakuster808@gmail.com >
(cherry picked from commit 72018ca1b1zahir.basha@kpit.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:34 +01:00
631e0ac2f0
postgresql: upgrade 14.20 -> 14.21
...
It contains Security fixes for CVE-2026-2003, CVE-2026-2004,
CVE-2026-2005, CVE-2026-2006 and CVE-2026-2007.
It also contains other bug fixes and for more details refer Release note.
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.21
Release notes: https://www.postgresql.org/docs/release/14.21/
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:29 +01:00
42774277a4
wireshark: Fix multiple CVEs
...
Backport fixes for :
* CVE-2024-8645 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/8e5f8de8836d3a81276ae5b9bf78cbac58bb6108
* CVE-2026-0960 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/f31123dcdbac37272046b58b2f7941bc7fb42934
* CVE-2025-13945 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/9139917bd8e2c80a5db7079993d5528db74e3519
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-19 12:03:21 +01:00
8a598a2bc9
poppler: mark CVE-2022-38171 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-38171
This is the same as CVE-2021-30860, but that one was primarily filed
against Apple software (and some other related projects).
The patch that fixes this vulenrability is already added to the recipe,
just extend its CVE tag
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-15 15:30:54 +01:00
c1eda860f4
python3-django: upgrade 4.2.27 -> 4.2.28
...
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207,
CVE-2026-1285, CVE-2026-1287 and CVE-2026-1312
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-15 15:30:54 +01:00
b54893d226
mercurial: ignore CVE-2022-43410
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-43410
The vulnerability affects only the Mercurial Jenkins plugin, which
is a different project. This CVE can be ignored in this recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-15 15:30:54 +01:00
122941ea98
libebml: patch CVE-2015-8791
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-8791
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-15 15:30:49 +01:00
d27a3be1f6
ez-ipupdate: patch CVE-2003-0887
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dd81ffdb68skandigraun@gmail.com >
2026-02-13 17:03:50 +01:00
6f0602375b
Use https when accessing archive.xfce.org
...
While using devtool to check available versions, I noticed a 301 http error.
Specifically :
$ devtool latest-version libxfce4ui
Resolving archive.xfce.org (archive.xfce.org)... 217.70.191.87
Connecting to archive.xfce.org (archive.xfce.org)|217.70.191.87|:80... connected
.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://archive.xfce.org/src/xfce/libxfce4ui/4.20/ [following]
With this patch, we change to make the SRC_URI an https request.
A similar patch is already in master - commit 8089168196schonm@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-12 08:40:56 +01:00
f8c8241198
strongswan: Security fix for CVE-2025-62291
...
CVE fixed:
- CVE-2025-62291 strongswan: Arbitrary Code Execution and Denial of Service via crafted EAP-MSCHAPv2 message
Upstream-Status: Backport from https://download.strongswan.org/security/CVE-2025-62291/strongswan-4.4.0-6.0.2_eap_mschapv2_failure_request_len.patch
Signed-off-by: Rohini Sangam <rsangam@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-11 19:52:14 +01:00
518ff6ef48
mariadb: Fix CVE-2025-30693
...
Upstream-Status: Backport from https://github.com/MariaDB/server/commit/1c9f64e54ffb109bb6cf6a189e863bfa54e46510
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-11 11:30:12 +01:00
8e5a4c1a26
tigervnc: mark CVE-2024-0408 and CVE-2024-0409 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-0408
https://nvd.nist.gov/vuln/detail/CVE-2024-0409
Both of these vulnerabilities were fixed[1][2] in xserver 21.1.11,
just mark them patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8d825f72da71d6c38cbb02cf2ee2dd9e0e0f50f2
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a4f0e9466f3bc7073a8f0c28a581211c2d7adf0e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:16:53 +01:00
84457b29af
tigervnc: ignore CVE-2025-26594...26601
...
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601
TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.
All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).
Due to this, ignore these vulnerabilities, and just mark them as patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4924e89bb7skandigraun@gmail.com >
2026-02-10 00:16:43 +01:00
e51b233d2e
tigervnc: ignore CVE-2023-6478
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478
TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.
The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 62a78f8ba7skandigraun@gmail.com >
2026-02-10 00:16:33 +01:00
03a67156a4
tigervnc: ignore CVE-2023-6377
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377
TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.
The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f691f2178bskandigraun@gmail.com >
2026-02-10 00:16:21 +01:00
c0766dbf4b
tigervnc: sync xserver component with oe-core
...
oe-core has a newer version of xserver than this recipe used to compile
TigerVNC with. This recipe updates xserver to the same version, 21.1.18.
TigerVNC only started to support this xserver version 2 versions later,
with 1.13. Due to this 3 commits were backported that add the missing
changes.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:16:12 +01:00
4ae1930999
sox: patch CVE-2019-8354
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-8354
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2019-8354
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:15:56 +01:00
d782346939
sox: patch CVE-2019-13590
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13590
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2019-13590
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:14:56 +01:00
417d194dbe
sox: mark CVE-2019-1010004 as patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004
The description mentions that this vulnerability overlaps with CVE-2017-18189,
and Debian's investigation[1] confirms that it is solved by the same commit.
Add the ID to the CVE tag of CVE-2017-18189.patch.
[1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:14:46 +01:00
15a5b7a668
sox: patch CVE-2017-18189
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-18189
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-18189
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:14:37 +01:00
add3e267bf
sox: patch CVE-2017-15642
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15642
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-15642
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:14:27 +01:00
23dcf5a6e9
sox: patch CVE-2017-15372
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15372
Pick the patch that was indeitified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-15372
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:14:17 +01:00
f9d6eb7ebd
sox: patch CVE-2017-15371
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15371
Pick the patch that was identified by Debian[1] to fix the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-15371
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:14:07 +01:00
c21ca07c18
sox: patch CVE-2017-15370
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15370
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-15370
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:13:58 +01:00
f38680dcee
sox: patch CVE-2017-11359
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11359
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-11359
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:13:49 +01:00
e672fee7eb
sox: patch CVE-2017-11358
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11358
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-11358
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:13:34 +01:00
83498ed818
sox: patch CVE-2017-11332
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11332
Pick the patch that was identified by Debian[1] as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2017-11332
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:13:25 +01:00
9492cdbbf8
python3-protobuf: patch CVE-2026-0994
...
Pick patch from PR in NVD report.
It is the only code change in 33.5 release.
Skip the test file change as it's not shipped in python module sources.
Resolve formatting-only conflict.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-03 19:53:58 +01:00
a817392c05
faad2: patch CVE-2021-32276
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32276
Pick the patches from the PR[1] that resolved the issue[2] referenced by
the NVD advisory.
[1]: https://github.com/knik0/faad2/pull/66
[2]: https://github.com/knik0/faad2/issues/58
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-01 15:30:31 +01:00
c95de73853
python3-pymongo: upgrade 4.1.0 -> 4.1.1
...
Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-1-1-released/157895
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5bfe98cb40skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
0f26b38ebc
python3-pymongo: patch CVE-2024-5629
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5629
Backport the patch that is indicated to solve the issue based on the
upstream project's Jira ticket[1] (which comes from the NVD report).
[1]: https://jira.mongodb.org/browse/PYTHON-4305
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
c40873cb69
libiec61850: patch CVE-2024-45970
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45970
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
90575e38b7
libiec61850: patch CVE-2024-45969
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45969
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
fd620677ce
python3-ecdsa: ignore CVE-2024-23342
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-23342
The issue won't be fixed, because it is not in the scope of the
project. See also the discussion in the relevant Github issue[1].
[1]: https://github.com/tlsfuzzer/python-ecdsa/issues/330
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
44247b3cb0
libass: patch CVE-2020-24994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-24994
Backport the commit that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
ef6ef1492c
frr: ignore CVE-2023-3748, CVE-2023-41359..61
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3748
https://nvd.nist.gov/vuln/detail/CVE-2023-41359
https://nvd.nist.gov/vuln/detail/CVE-2023-41360
https://nvd.nist.gov/vuln/detail/CVE-2023-41361
Regarding CVE-2023-3748:
Based on Debian's investigation, the vulnerability was solved by [1].
However that vulnerable code that was fixed was introduced after the
recipe version, only in version 8.4.0[2].
Since the recipe version isn't affected by this CVE, ignore it.
Regarding CVE-2023-41359:
The pull request[3] referenced by the NVD report references another pull
request[4] which was opened to backport the fix. The conversion on this
PR confirms that the vulnerable feature was introduced in 8.5.
Due to this, ignore this CVE.
Regarding CVE-2023-41360:
The vulnerable code was introduced[5] in version 8.4.0, and the
recipe version is not vulnerable.
Due to this ignore this CVE.
Regarding CVE-2023-41361:
The vulnerable code was introduced[6] in version 9.0 and the recipe
version is not vulnerable.
Due to this ignore this CVE.
[1]: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085
[2]: https://github.com/FRRouting/frr/commit/54a3e60b3ebd3621c4dd90b0b49e8e36e4e100d8
[3]: https://github.com/FRRouting/frr/pull/14232
[4]: https://github.com/FRRouting/frr/pull/15927
[5]: https://github.com/FRRouting/frr/commit/f1aa49293a4a8302b70989aaa9ceb715385c3a7e
[6]: https://github.com/FRRouting/frr/commit/234f6fd4f4804bb17bd8cbb1dd91994a914f38d2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
702efc091e
gnome-settings-daemon: ignore CVE-2024-38394
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38394
The CVE has the disputed flag. The project maintainers claim that the issue
is not in gnome-setttings-daemon. If the vulnerability needs to be handled
in gnome-settings-daemon, than it is a new feature rather than a vulnerability fix.
Due to this, ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
bcac2eef54
gpsd: patch CVE-2025-67268
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268
Pick the patch that is referenced by the NVD advisory.
The original commit also contains a lot of commenting style
changes (// vs /* */) and whitespace changes which were removed from
the backport.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
363dc629d4
python3-twitter: mark CVE-2012-5825 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825
The Debian bugtracker[1] indicated that the issue is tracked by
upstream in github[2] (with a difference CVE ID, but same issue),
where the vulnerability was confirmed. Later in the same github issue
the solution is confirmed: the project switched to use the requests
library, which doesn't suffer from this vulnerability.
Due to this mark the CVE as patched.
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444
[2]: https://github.com/tweepy/tweepy/issues/279
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3ee544e759skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
8c092c4a82
proftpd: ignore CVE-2021-47865
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
I just put it on the ignore list.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
510ac35c7d
libvncserver: patch CVE-2020-29260
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-29260
Pick the patch referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
7b9138a24d
catfish: upgrade 4.16.3 -> 4.16.4
...
Changelog:
- Add "Open with" right click item and dialog
- Add a command-line option for setting default sort method
- Add Ctrl+A accelerator for the treeview
- Add option to show file size in binary or decimal
- Cosmetic changes for search entry and delete dialog
- Fix Ctrl+H not always toggling hidden files
- Fix DE detection when launched from Electron apps
- Fix exo file manager lookup for non-existent keys
- Fix file manager lookup outside of Xfce
- Fix GNOME DE detection in Ubuntu
- Improve application menu appearance
- Improve default width for the sidebar
- Prepend the project root directory to sys.path
- Support running without Xfconf (no preference saving)
- Switch to using the super() method
- Use correct executable for elementary Files
- Translation Updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
4416006616
nautilus: upgrade 42.1.1 -> 42.6
...
Bugfix releases. Note that there were no 42.3 and 42.4 releases.
42.6:
* Fix crash when pasting invalid clipboard data. CVE-2022-37290
42.5:
* Really fix the cropped compress format popover on X11
* Fix behavior inconsistencies with new tabs
* Fix memory leaks and missing signal disconnections
* Translation updates
42.2:
* Close broken link message dialog on response
* Fix crash when opening new window from pathbar
* Fix remote filesystem check
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
8cf36e2d06
libadwaita: upgrade 1.1.1 -> 1.1.7
...
Bugfix releases.
Changelog:
Version 1.1.7:
- AdwCarousel
- Fix allocation
- AdwFlap
- Add a missing setter annotation for :fold-policy
- Correctly measure separator
- Avoid notify emissions in dispose()
- AdwLeaflet
- Fix can-unfold=false
- AdwSpringAnimation
- Fix critical damping velocity
- AdwSwipeable
- Fix get_swipe_area() fallback
- AdwTabBar
- Fix clipped labels
- AdwToastOverlay
- Don't focus buttons on click
- Demo
- Open primary menu with F10
- Fix the switch on the avatar page
- Stylesheet
- Fix GtkLevelBar fill colors
- Fix dependency names in docs
- Memory leak fixes
Version 1.1.6:
- AdwAvatar
- Correctly redraw on custom image changes
- AdwFlap
- Fix natural width with fold-policy=never
- AdwSplitButton
- Don't make dropdown insensitive when the button is
- AdwTabBar
- Fix focus handling
- Fix autoscroll for non-local drags
- AdwToastOverlay
- Clarify documentation
- Stylesheet
- Fix GtkSpinButton inside toolbars
Version 1.1.5:
- AdwCarousel
- Fix a crash when removing a child while it's animating
- AdwSqueezer
- Sizing fixes
- AdwTabBar
- Fix long press handling
- Fix a crash when clicking empty space while a tab is animating
- AdwTabView
- Fix set_menu_model() input check
Version 1.1.4:
- AdwAvatar
- Fix draw_to_texture() with rectangular avatars
- AdwTabBar
- Fix squished or clipped text with gtk-hint-font-metrics=0
- AdwShadowHelper
- Fix warnings when drawing vertical shadow
- AdwSwipeTracker
- Fix swipe speed on GTK 4.7.x
- Fix criticals with GTK 4.7.x
Version 1.1.3:
- AdwLeaflet
- Fix a broken link in docs
- AdwPreferencesGroup
- Fix accessibility labels
- AdwToast
- Fix the example in docs
- Stylesheet
- Add missing borders in high contrast version
Version 1.1.2:
- AdwLeaflet
- Fix child sizing with fold-threshold-policy=natural
- AdwStyleManager
- Correctly handle removing a GdkDisplay
- AdwSwipeTracker
- Fix a memory leak
- Fix high contrast setting name when using a portal
- AdwTabBar
- Fix middle click when inside GtkWindowHandle
- Stylesheet
- Fix action row title and subtitle inside GtkHeaderBar
- Fix progressbar.osd overriding text color
- Ensure active states consistently work with touchscreens
- Fix GtkDropDown visual glitch when pressed on touchscreen
- Translation updates:
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
cbe365e262
gvfs: upgrade 1.50.4 -> 1.50.7
...
Changelog:
1.50.7:
* client: Prevent returning invalid mount cache entries
* dav: Fix authentication issues when DNS-SD URIs are used
* nfs: Fix IPv6 URI handling
* sftp/ftp: Ensure that is-symlink is always set to avoid warnings
* Translation updates
1.50.6:
* udisks2: Disconnect signal handlers to fix crashes when unmounting
* fuse: Include missing locale.h header
* Translation updates
1.50.5:
* smbbrowse: Fix empty device listing after unrelated mount failure
* udisks: Fix missing unmount notifications
* trash: Fix nfs4 and cifs monitoring
* smb: Allow renaming a file to the same name with a different case
* mtp: Emit delete event on device disconnection
* trash: Fix wrongly reported item-count
* Some other fixes and improvements
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
293f6f9384
gtk4: fix qa error with gstreamer PACKAGECONFIG
...
When gstreamer PACKAGECONFIG is enabled, packaging fails with the following error:
ERROR: gtk4-4.6.9-r0 do_package: QA Issue: gtk4: Files/directories were installed but not shipped in any package:
/usr/lib/gtk-4.0/4.0.0/media/libmedia-gstreamer.so
Fix it by packaging this file also.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
a12e4bd30e
gtksourceview5: upgrade 5.4.1 -> 5.4.2
...
Changelog:
* Updated languages: c.lang, perl.lang
* Updated style-schemes: Adwaita-dark, solarized-light, solarized-dark
* Updated translations: Friulian
* Gutter renderers are now provided a prelight quark for lines when the
pointer is over the gutter.
* Hover assistants now avoid synthesized motion which is used much more
often in GTK 4 when dealing with crossing-events.
* Hover assistants will now dismiss themselves when the cursor moves.
* GtkSourceMap has reduced how often it needs to do allocation by ignoring
spurious notify::upper and value-changed signals from GtkTextView's
vertical GtkAdjustment.
* The testsuite has gained some correctness improvements thanks to
issues pointed out by Sébastien Wilmet.
* The Vim emulation's register implementation is now shared between buffers
as it would be expected in Vim.
* Snippets have gained some robustness improvements including the ability
to simplify results from the snippet parser, more defensive behavior,
and being lazier when possible.
* Tabbing through focus-positions in snippets will now immediately jump
to the new position if scrolling is required instead of animating as
it results in better placement of tooltip assistants.
* Assistants including completion, hover, and interactive tooltips now
reduce how often they request presentation and position calculation from
GDK and ultimately display servers such as Wayland.
* Completion windows now take the size of the gutter into account when
calculating their position relative to the parent GtkWindow so that the
typed-text column remains aligned with typed text in the source view.
* Completion has gained robustness improvements to do less work when
possible and avoid spinning the frame-clock which could happen in
certain scenarios.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
c7c94b5421
gtksourceview4: upgrade 4.8.2 -> 4.8.4
...
Changelog:
4.8.3:
* Adds support for more Pango font-variants
* Style updates to solarized-dark, solarized-light
* Language updates to lean, rst, c, gtk-doc, javascript, and json
* Translation updates
4.8.4:
* Style updates to kate, classic, tango
* Language updates to vala, python3, c, cuda, latex
* Add unit tests for language specs
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
Peter Marko
Ankur Tyagi
Zahir Hussain
Hitendra Prajapati
Gyorgy Sarvari
Jason Schonberg
Rohini Sangam
Vijay Anusuri
zhengruoqin