mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
36,248 Commits 64 Branches 0 Tags
57b188f8bced8ab2be2a1ce2d1db06b6fcb7e519
Commit Graph

15844 Commits

Author SHA1 Message Date
Gyorgy Sarvari 57b188f8bc raptor2: set CVE_PRODUCT 
All relevant CVEs are files against these CPEs.

See CVE db query (zediious vendor is not relevant):

sqlite> select * from PRODUCTs where PRODUCT like '%raptor%' and vendor <> 'symantec' and product <> 'velociraptor';
CVE-2012-0037|librdf|raptor|||2.0.7|<
CVE-2017-18926|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2020-25713|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2023-49078|zediious|raptor-web|0.4.4|=||
CVE-2024-57822|librdf|raptor_rdf_syntax_library|||2.0.16|<=
CVE-2024-57823|librdf|raptor_rdf_syntax_library|||2.0.16|<=

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 15aca0b2fa)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:20 +05:30
Liu Yiding 5c64a792b6 libsdl3: upgrade 3.2.28 -> 3.2.30 
Changelog:
  https://github.com/libsdl-org/SDL/releases/tag/release-3.2.30

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a524aaddac)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:19 +05:30
Ankur Tyagi 351df9d54e libjxl: Fix build error with arm and musl 
Build fails for qemuarm with musl with following error:
/build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc
| error: out of range pc-relative fixup value

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 63ae47a70d)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:19 +05:30
Ankur Tyagi 6cb598129d mozjs-128: Fix build error with arm and musl 
Build fails for qemuarm with musl with following error:
mozglue/misc/StackWalk.o: in function `unwind_callback(_Unwind_Context*, void*)':
| /usr/src/debug/mozjs-128/128.5.2/mozglue/misc/StackWalk.cpp:810:(.text._ZL15unwind_callbackP15_Unwind_ContextPv+0x4): undefined reference to `_Unwind_GetIP'

Referenced commit[1] for the fix, also refreshed patches.

[1] https://github.com/OSSystems/meta-browser/commit/bb8662912354dae13634c0ec35c3803c344b1e72

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 30942cebe8)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:18 +05:30
Wang Mingyu 91193c97a3 libsdl3-image: upgrade 3.2.4 -> 3.2.6 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

Release Notes:
https://github.com/libsdl-org/SDL_image/releases/tag/release-3.2.6

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:18 +05:30
Gyorgy Sarvari 6d1c5be67b smarty: extend CVE_PRODUCT 
Some CVEs assign smarty-php as the vendor to the corresponding CPE.
E.g CVE-2024-35226[1] is tracked with smarty-php:smarty by mitre
(NVD tracks it without CPE).

[1]: https://cveawg.mitre.org/api/cve/CVE-2024-35226

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1aee6a403c)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:18 +05:30
Khem Raj f3407694b8 vboxguestdrivers: Upgrade to 7.2.4 
This is a maintenance release. The following items were fixed or added:

GUI: Fixed VirtualBox VM Manager crash when host was resuming from sleep (​github:gh-121, ​github:gh-170)
GUI: Updated native language support for Traditional Chinese, Greek, Swedish, Hungarian and Indonesian translations
NAT: Fixed issue when multiple port forwarding rules affected NAT functionality (​github:gh-232)
Linux host and guest: Introduced initial support for kernel 6.18
Linux Guest Additions: Introduced additional fixes for RHEL 9.6 and 9.7 kernels (​github:GH-12)
Windows Guest Additions: Introduced additional fixes for issue when installation was failing in Windows XP SP2 guest (​github:GH-142)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
(cherry picked from commit 0ecf2814b2)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:17 +05:30
Wang Mingyu 1b5228dcce libdecor: upgrade 0.2.4 -> 0.2.5 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

Changelog:
https://gitlab.freedesktop.org/libdecor/libdecor/-/compare/0.2.4...0.2.5?from_project_id=18349
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:17 +05:30
Wang Mingyu d879c37905 cryptsetup: upgrade 2.8.1 -> 2.8.3 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6f41c5872d)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:16 +05:30
Gyorgy Sarvari 5508b827fb nodejs: remove extra CVE_PRODUCT 
CVE_PRODUCT is specified twice - the second instance only duplicates one
value from the first instance.

Remove this extra CVE_PRODUCT.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6ff9252484)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:16 +05:30
Ankur Tyagi 441cf7db11 php: upgrade 8.4.16 -> 8.4.17 
Changelog: https://www.php.net/ChangeLog-8.php#8.4.17

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:15 +05:30
Wang Mingyu 4beb45b615 microsoft-gsl: upgrade 4.2.0 -> 4.2.1 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1d33fb39d9)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:15 +05:30
Dmitry Baryshkov cce0f2d7cd vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 
Upgrade Vulkan CTS to the point release, fixing several tests. While we
are at it, refresh Vulkan-Video-Samples patches.

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 374949c531)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:14 +05:30
Jiaying Song a1a87ebf04 minicoredumper: fix 2038 year problem in timestamp handling 
The minicoredumper has multiple 2038 year problems where 'long' type
variables and strtol() function calls cause overflow on 32-bit systems
when handling timestamps after 2038-01-19.

This leads to incorrect timestamp formatting in core dump directory
names (e.g., sleep40s.20380119.031407+0000.598).

Fix by changing 'long timestamp' to 'time_t timestamp' and replacing
strtol() with strtoll() to properly handle 64-bit timestamps on
32-bit systems.

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b5685fb375)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:14 +05:30
Wang Mingyu 199ca0c29d usb-modeswitch: upgrade 2.6.1 -> 2.6.2 
0001-Fix-build-with-gcc-15.patch
removed since it's included in 2.6.2

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dfbe08b6c3)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:13 +05:30
Wang Mingyu 5a9ced1fd5 usb-modeswitch-data: upgrade 20191128 -> 20251207 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8f2c436db5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:13 +05:30
Wang Mingyu 650978be5c libsdl3: upgrade 3.2.26 -> 3.2.28 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 26e3ef119b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:12 +05:30
Liu Yiding cb3faee20b liblognorm: upgrade 2.0.7 -> 2.0.8 
Change log
==========
Version 2.0.8, 2025-12-04
- fix potential segfault on some platforms
  Thanks to Julian Thomas for a fix
- fix memory leak when a custom type in rules does not match
  Thanks to Meric Sentunali for the fix and Julian Thomas for alerting
  me of the missing merge.

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c627784366)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:12 +05:30
Wang Mingyu 6d4fdf7f7e parallel: upgrade 20251022 -> 20251122 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c9c4b5a887)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:12 +05:30
Wang Mingyu f2c80b13c4 python3-psycopg: upgrade 3.2.12 -> 3.2.13 
Changelog:
==============
- Show the host name in the error message in case of name resolution error
- Fix Cursor.copy() and AsyncCursor.copy() to hold the connection lock for the
  entire operation, preventing concurrent access issues
- Fix GSSAPI check with C extension built with libpq < v16

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4b297312d7)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:11 +05:30
Peter Marko 08d81e661e libsodium: patch CVE-2025-69277 
Pick patch per [1].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-69277

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-20 10:15:10 +05:30
Gyorgy Sarvari e51133657a postgresql: upgrade 17.6 -> 17.7 
It contains fixes for CVE-2025-12817 and CVE-2025-12818.

Changelog:
https://www.postgresql.org/docs/release/17.7/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8217b90e94)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:57 +05:30
Gyorgy Sarvari 7c1e9999d0 php: upgrade 8.4.15 -> 8.4.16 
This is a bugfix release, containing fixes for CVE-2025-14177,
CVE-2025-14178 and CVE-2025-14180.

Changelog: https://www.php.net/ChangeLog-8.php#8.4.16

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:57 +05:30
Hugo SIMELIERE 925318887e libwebsockets: fix CVE-2025-11678 
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch
Upstream commit:
https://github.com/warmcat/libwebsockets/commit/2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 5fab8bd31b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:56 +05:30
Hugo SIMELIERE 9570160dae libwebsockets: fix CVE-2025-11677 
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11677.patch
Upstream commit:
https://github.com/warmcat/libwebsockets/commit/2f082ec31261f556969160143ba94875d783971a

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit da04d7003e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:55 +05:30
Gyorgy Sarvari b8127adea4 imagemagick: upgrade 7.1.2-8 -> 7.1.2-12 
Contains fix for CVE-2025-65955 and CVE-2025-69204.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:54 +05:30
Gyorgy Sarvari ed4878b3bc freerdp3: ignore CVE-2025-68118 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118

It is a Windows only vulnerability, ignore it.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:52 +05:30
Gyorgy Sarvari 670aa709fb tigervnc: ignore CVE-2025-26594...26601 
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601

Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601

TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.

All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).

Due to this, ignore these vulnerabilities, and just mark them as patched.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4924e89bb7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:51 +05:30
Gyorgy Sarvari 62a12a32a8 tigervnc: ignore CVE-2023-6478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62a78f8ba7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:50 +05:30
Gyorgy Sarvari dc575822b2 tigervnc: ignore CVE-2023-6377 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f691f2178b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:50 +05:30
Gyorgy Sarvari 0be619859e tigervnc: sync xserver code with oe-core 
TigerVNC compiles its own xserver. Synchronize the xserver version
with oe-core.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fadb9c0570)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:49 +05:30
Gyorgy Sarvari d5f3269b90 tigervnc: fix typo in CVE_STATUS 
Forgot to add the CVE- prefix in previous patch.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2f913279d4)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:49 +05:30
Gyorgy Sarvari e370d2f41f fio: ignore CVE-2025-10824 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824

The upstream maintainer wasn't able to reproduce the issue[1],
and the related bug is closed without further action.

[1]: https://github.com/axboe/fio/issues/1981

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a275078cbe)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:48 +05:30
Gyorgy Sarvari af7857e40c cups-filters: patch CVE-2025-64524 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524

Pick the patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 056ee43dd1)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:47 +05:30
Jason Schonberg 1a7e2ac776 c-ares: upgrade 1.34.5 -> 1.34.6 
Drop memory leak patch which has already been included in this new version.

The new version also includes a fix for CVE 2025-62408.

Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 996768e080)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:46 +05:30
Gyorgy Sarvari efde0fec54 minio: ignore irrelevant CVEs 
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...

The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df462075be)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-06 18:07:46 +05:30
Gyorgy Sarvari a8a70d3893 fex: ignore unrelated CVEs 
These CVEs were filed for "Fram's Fast File Exchange" application, which
has the same abbreviated name as fex. Currently this recipe has no historical
CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore
these irrelevant CVEs explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b990486203)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-05 07:25:18 +05:30
Mingli Yu a4e768dcfa bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRA 
Most host gcc doesn't support -fcanon-prefix-map right now, so
empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error.
 | gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’?

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31a08525be)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 16:54:28 +05:30
Khem Raj 14b2443bc1 libplist: Fix buildpaths in ptests 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
(cherry picked from commit 3a6b83c075)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 16:53:43 +05:30
Viswanath Kraleti ce1a2719f2 gflags: switch Git branch from master to main 
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.

Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 14:05:06 +05:30
Changqing Li 4299b96547 libmng: correct version of libmng 
Current version is 2.0.3, the lastrelease of libmng is in 2015,
add a patch to fix it

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c91f9c0a4b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:17 +05:30
Changqing Li 0a7cfae22a version-check.conf: mute version mismatch warning for bpftrace 
bpftrace set the version by "git describe --dirty", since we have local
patch for bpftrace, '-dirty' will be added into the version, set
CHECK_VERSION_PV to mute the version mismatch warning

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 219328f37c)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:16 +05:30
Changqing Li f09c088416 version-check.conf: mute version mismatch warning for flite 
* flite --version return 1 block version output for
  check-version-mismatch.bbclass
* even with version output flite-2.2-current, regular version match
  regexp cannot match the version

so mute version mismatch warning for flite

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d819512cb3)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:16 +05:30
Wang Mingyu ea6ee29f35 psqlodbc: upgrade 17.00.0006 -> 17.00.0007 
add-expected-output-file-for-descrec-test.patch
removed since it's included in 17.00.0007

psqlodbc-fix-for-ptest-support.patch
refreshed for 17.00.0007

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 967e5c9e0f)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:15 +05:30
Wang Mingyu 801e58ad7f libnice: upgrade 0.1.22 -> 0.1.23 
License-Update: Add SPDX-License-Identifier for added clarity

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 58974f72d1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:15 +05:30
Wang Mingyu c9f06184c0 asyncmqtt: upgrade 10.2.5 -> 10.2.6 
Changelog:
==============
* Removed unintentional copy requiment from some of async functions parameter.
* Fixed Heap-use-after-free during broker shutdown.
* Rifined documents.
* Added TLS Websocket verify none port to broker for browser.
* Added Cerfiticate file's digitalSignature to keyUsage.
* Fixed wss connection from Web Browser handshake failed problem.
* Changed trial broker on `async-mqtt.redboltz.net` ws and wss port.
  * ws was 10080 but Chrome block it by default. Updated to 80.
  * wss was 10443 but Chrome doesn't block it by default. But for consistency, updated to 443.
  * system_test still uses 10080 and 10443 to avoid conflict.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 43779307f4)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:15 +05:30
Changqing Li 48583153fe hdf5: inherit pkgconfig 
inherit pkgconfig, and fix install conflict when enable multilib, this
can also improve reproducibility

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a2f2c06ec8)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:14 +05:30
Yi Zhao 25172ad273 crash: add zlib-native to depends for crash-cross 
Fix the following error when using buildtools-extended:

va_server.c:20:10: fatal error: zlib.h: No such file or directory
   20 | #include <zlib.h>
      |          ^~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bd745115de)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:14 +05:30
Khem Raj 2e5f52deaa fuse3: Fix build with clang on riscv32 
Clang needs 64-bit atomics on rv32 here and builtins does
not have them so help it by linking with libatomic

Fixes
 riscv32-yoe-linux-musl-ld.lld: error: undefined symbol: __atomic_fetch_add_8

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e3257c3360)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:13 +05:30
yuyu 43c28a94a5 trace-cmd: Update SRC_URI to use HTTPS protocol 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f00b6ad12f)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 13:57:13 +05:30