6de735114a
iwd: upgrade 3.11 -> 3.12
...
Changelog:
===========
- Fix issue with handling expiration of PMKSA.
- Fix issue with handling uninitialized buffer and PMKID.
- Fix issue with checking for PKCS#8 key parser in unit tests.
- Fix issue with using -std=c23 compiler setting.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 7c5ec1fa02ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
bdf97cd9d2
iwd: update 3.10 -> 3.11
...
ver 3.11:
Fix issue with interface registration before acquiring name.
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ac9041ed3eankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
8bcdb0cc1d
bluealsa: fix QA issue staticdev
...
When building bluealsa with building static libraries NOT disabled, you
get the following error:
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found,
failing task.
Fix this by explicitly putting these files in the -staticdev package.
Signed-off-by: Matthias Proske <matthias.p@variscite.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1a9744b3caanuj.mittal@oss.qualcomm.com >
2026-03-26 10:31:48 +05:30
40642ec810
python3-gpiod: update to v2.4.1
...
Bug-fix release addressing a memory leak and a couple minor issues.
We now ship the license file with the dist tarball so update the recipe
to take this into account. While at it: trim the LICENSE value to only
include LGPL-v2.1-or-later as the other two licenses cover tests and
text files.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f75f4164fdankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
adb631c144
lldpd: fix xml PACKAGECONFIG dependency
...
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com >
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
16af6bba7d
imapfilter: upgrade 2.8.3 -> 2.8.5
...
License-Update: copyright year updated to 2026.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 89b961c889https://github.com/lefcha/imapfilter/blob/v2.8.5/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
b95d21b7aa
jasper: upgrade 4.2.8 -> 4.2.9
...
Changelog:
- Fixed a bug in the JP2 encoder that caused incorrect handling of
opacity components in some cases.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 330ecdd2adankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
bddcebdc4b
libde265: patch CVE-2025-61147
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147
Backport the patch referenced by the NVD advisory.
Note that this is a partial backport - only the parts that are
used by the application, and without pulling in c++17 headers.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
56f9f2dbd5
libnice: make crypto library configurable via PACKAGECONFIG
...
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com >
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
8bf79306ad
bpftrace: Update the runtime dependencies
...
* bash and python3 are only needed by the ptest package.
* xz appears to not be needed at all.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
76bea270ec
mariadb: Upgrade 11.4.9 -> 11.4.10
...
Remove 0001-Remove-x86-specific-loop-in-my_convert.patch as it's fixed
in new version [1].
Remove 0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch
as its logic is included in new version [2].
Release note:
https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10
[1] https://github.com/MariaDB/server/commit/470487c
[2] https://github.com/MariaDB/server/commit/a61a746
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
6e9eff155e
python3-marshmallow: mark CVE-2025-68480 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68480
The vulnerability has been fixed in version 4.1.2[1], however
NVD tracks this CVE without version info. Mark it as patched explicitly.
[1]: https://github.com/marshmallow-code/marshmallow/commit/d24a0c9df061c4daa92f71cf85aca25b83eee508
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
0efa1d57b6
imagemagick: upgrade 7.1.2-16 -> 7.1.2-17
...
Contains bugfixes and a couple of CVE fixes:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
e4a9ec5350
imagemagick: upgrade 7.1.2-15 -> 7.1.2-16
...
Changelog:
===========
* client: Fix use-after-free when creating async proxy failed
* daemon: Fix race on subscribers list when on thread
* ftp: Validate fe_size when parsing symlink target
* ftp: Check localtime() return value before use
* CVE-2026-28295: ftp: Use control connection address for PASV data
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters
* gphoto2: Use g_try_realloc() instead of g_realloc()
* cdda: Reject path traversal in mount URI host
* client: Fail when URI has invalid UTF-8 chars
* Some other fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
eb76962875
python3-tornado: upgrade 6.5.4 -> 6.5.5
...
Security fixes including CVE-2026-31958
https://www.tornadoweb.org/en/stable/releases/v6.5.5.html
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
dbde84f17b
python3-pyjwt: Fix CVE-2026-32597
...
Details https://nvd.nist.gov/vuln/detail/CVE-2026-32597
Backport commit[1] which fixes this vulnerability as mentioned in changelog[2]
Dropped changes to the changelog, version bump and tests during backport.
[1] https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92
[2] https://github.com/jpadilla/pyjwt/blob/2.12.0/CHANGELOG.rst
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
f38ff6e7d0
capnproto: patch CVE-2026-32239 and CVE-2026-32240
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240
Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
d7710fb408
php: upgrade 8.4.18 -> 8.4.19
...
https://www.php.net/ChangeLog-8.php#8.4.19
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
62f49bed40
ser2net: upgrade 4.6.6 -> 4.6.7
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 23d4ba6b96https://github.com/cminyard/ser2net/releases/tag/v4.6.7
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
1e8c1154e3
pcp: fix SRC_URI
...
The branch where the revision was got deleted, so this is just a floating commit now.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
b8d1c9b659
hiawatha: fix SRC_URI
...
The tarball was moved to a new folder on the source server.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
92bfb48d4c
libssh: Fix CVE-2026-3731
...
Pick the patch [1] and [2] as mentioned in [3]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=f80670a7aba86cbb442c9b115c9eaf4ca04601b8
[2] https://git.libssh.org/projects/libssh.git/commit/?id=02c6f5f7ec8629a7cff6a28cde9701ab10304540
[3] https://security-tracker.debian.org/tracker/CVE-2026-3731
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
0fd2ea7e0b
exiv2: patch CVE-2026-27631
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Backport the patches referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
ab099baf93
exiv2: patch CVE-2026-27596
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596
Backport the commits referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
18824f8a2d
exiv2: patch CVE-2026-25884
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884
Backport the commits referenced by the NVD advisory.
One of the patches contain some binary data (for test data),
which needs to be applied with git PATCHTOOL..
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
51be807682
ettercap: patch CVE-2026-3603
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
d7546078a9
python3-django: upgrade 4.2.28 -> 4.2.29
...
Contains fixes for CVE-2026-25673 and CVE-2026-25674.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
c08b3e9d8f
python3-django: upgrade 5.2.11 -> 5.2.12
...
Ptests passed successfully.
Changelog: https://docs.djangoproject.com/en/6.0/releases/5.2.12/
- Fixed CVE-2026-25673 and CVE-2026-25674
- Fixed NameError when inspecting functions making use of deferred
annotations in Python 3.14.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
dd54c60cb3
zfs: upgrade 2.2.8 -> 2.2.9
...
Also include tag in the SRC_URI and refreshed patches.
Backported patch 0004-linux-use-sys-stat.h-instead-of-linux-stat.h.patch
to resolve build failure with musl.
Release Notes:
https://github.com/openzfs/zfs/releases/tag/zfs-2.2.9
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
6f6a7b518e
owfs: upgrade 3.2p3 -> 3.2p4
...
Drop patch that's included in this release.
Changelog:
v3.2p4 is mainly a bugfix & cleanup release.
Enhancements
Add support for InfernoEmbedded soft-devices (GH-21)
Bug fixes
Fix bug (GH-55) related to split packet (GH-64)
Fix copy paste bug (474f06d)
Add \r to Http header to satisfy RFC2616 specification (GH-20)
Maintenance
build system cleanup (GH-72, GH-27, GH-16)
Fix missing files in source distribution (GH-70, GH-69)
Fix compilation with GCC10 (GH-62)
Minor fixes
Fix typos (GH-43 GH-23)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 58259850feankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
ef3c6b8db7
packagegroups: fix foldername
...
The correct folder name is "packagegroups", not "packageconfigs".
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 93e33ae809ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
79ff65043e
btrfsmaintenance: upgrade 0.5 -> 0.5.2
...
1.Changelog:
fix syntax error in run_task, preventing jobs to start
start scrub jobs sequentially if RAID5 or RAID6 data profile is found
fix btrfsmaintenance-refresh.service description
2.Update 0001-change-sysconfig-path-to-etc-default.patch for 0.5.2
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7adb1a61d2ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
6f989b75a0
postfix: upgrade 3.10.6 -> 3.10.8
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 09cc9579d4https://www.postfix.org/announcements/postfix-3.10.7.html
https://www.postfix.org/announcements/postfix-3.10.8.html
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:08 +05:30
e771677d73
libcacard: upgrade 2.8.1 -> 2.8.2
...
Changelog:
==========
- Sort certificates by underlying objects CKA_ID to provide deterministic
object order
- Avoid using uninitialized memory
- Improve test coverage and build scripts
- Improve compatibility with modern compilers (avoid strict warnings)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bf0ea3fc28ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:07 +05:30
bcc33ac73b
open62541: upgrade 1.3.15 -> 1.3.17
...
Release Notes:
https://github.com/open62541/open62541/releases/tag/v1.3.17
https://github.com/open62541/open62541/releases/tag/v1.3.16
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:07 +05:30
509063a7cc
networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5
...
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fcebca61e5https://github.com/NetworkManager/NetworkManager-openvpn/blob/1.12.5/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:06 +05:30
e8a99f2978
networkmanager: upgrade 1.52.0 -> 1.52.2
...
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 14c9d10173https://github.com/NetworkManager/NetworkManager/blob/1.52.2/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:06 +05:30
a38694da2b
nopoll: upgrade 0.4.7.b429 -> 0.4.9.b462
...
0.4.9
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.9.txt
0.4.8
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.8.txt
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:05 +05:30
5672114d58
nopoll: Upgrade to 0.4.7.b429
...
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5f7c5c6641https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.7.txt
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:05 +05:30
32ad58ec4e
frr: upgrade 10.4.2 -> 10.4.3
...
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-10.4.3
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:05 +05:30
467427d3af
zabbix: mark CVE-2026-23925 as patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925
The vulnerability has been fixed since 7.0.18[1], however NVD
tracks this CVE without version information.
[1]: https://github.com/zabbix/zabbix/commit/89dec866ec7f8230b25f06ac000575e3b7bd4025
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:04 +05:30
9f2fe367d8
libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837
Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:04 +05:30
2216b029ff
pipewire: update 1.4.9 -> 1.4.10
...
PipeWire 1.4.10 (2026-01-16)
This is a small bugfix release that is API and ABI compatible with
previous 1.x releases.
Highlights
- Fix a regression in restoring volumes on nodes.
- Clean up timed out stream on pulse-server.
- Backport filter-graph channel support.
- More small fixes and improvements.
PipeWire
- Backport the timer queue from 1.5.
modules
- Fix module leak in module-eq. (#5045 )
- Fix profiling of multiple drivers when profile.interval.ms is
set. (#5061 )
- Allow both sink and source pulse tunnels with the same name.
(#5079 )
SPA
- Emit props events in all cases. (#4610 )
- Backport some filter-graph changes to make it adapt better to the
number of channels of the stream.
- Fix some port errors in filter-graph. (#4700 )
- Avoid a memcpy in the convolver.
- Handle some DBus errors better instead of crashing.
- Fix AVX2 functions and flags. (#5072 )
- Limit resampler phases to avoid crashes (#5073 )
- Support some more channel downmix positions.
pulse-server
- Clean up timed out streams. (#4901 )
- Add message to force mono mixdown.
GStreamer
- Avoid scaling overflow in the clock.
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b7bd06e9b4ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:03 +05:30
b4c7c6ca2a
libmediaart-2.0: upgrade 1.9.6 -> 1.9.7
...
This is a bugfix release, fixing some memory leaks and compiler warning
(and it also has a couple of commits related to the project's own CI system,
which doesn't affect the application)
Changelog: https://gitlab.gnome.org/GNOME/libmediaart/-/blob/master/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3f6b25f18aankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:03 +05:30
3e7a57da7f
libde265: upgrade 1.0.15 -> 1.0.16
...
Also included tag in the SRC_URI.
This release fixes some rare decoding errors and some build issues.
Changelog:
https://github.com/strukturag/libde265/compare/v1.0.15...v1.0.16
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 625a2be8a8ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:13:59 +05:30
f4dca597c9
exiftool: ignore CVE-2026-3102
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102
The vulnerability impacts only MacOS - ignore it.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:33 +05:30
6bb74fff88
python3-protobuf: mark CVE-2026-0994 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
It is fixed already in the currently used version, however NVD tracks
it without any version info, so it still shows up in CVE reports.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:32 +05:30
7b418ef060
unbound: patch CVE-2025-5994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5994
Backport the patch[1] provided by upstream, which is linked in
the upstream advisory[2] referenced by the NVD report.
Tests passed successfully in a locally prepared ptest image.
[1]: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-5994_2.diff
[1]: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:32 +05:30
c3185de08d
streamripper: ignore CVE-2020-37065
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1571c1a8e5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:31 +05:30
9fcdfa8b22
python3-pillow: patch CVE-2026-25990
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990
Backport the patch referenced by the NVD advisory.
Note that the patch contain some new binary test data, which
requires "git" PATCHTOOL - other tools fail to apply binary patches.
All ptests passed successfully:
Testsuite summary
TOTAL: 5011
PASS: 4577
SKIP: 431
XFAIL: 3
FAIL: 0
XPASS: 0
ERROR: 0
DURATION: 59
END: /usr/lib/python3-pillow/ptest
2026-03-06T17:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:31 +05:30
Wang Mingyu
Markus Volk
Matthias Proske
Bartosz Golaszewski
Aviv Daum
Gyorgy Sarvari
Sujeet Nayak
Peter Kjellerstedt
Mingli Yu
Ankur Tyagi
Deepak Rathore
Liu Yiding
Jason Schonberg