4d1cb07307
openldap: upgrade 2.6.12 -> 2.6.13
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit b089df410fhttps://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_13/CHANGES?ref_type=tags
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
95c6a65c69
openldap: upgrade 2.6.10 -> 2.6.12
...
License-Update: Copyright year updated to 2026
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6c54894209https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_12/CHANGES?ref_type=tags
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
6de735114a
iwd: upgrade 3.11 -> 3.12
...
Changelog:
===========
- Fix issue with handling expiration of PMKSA.
- Fix issue with handling uninitialized buffer and PMKID.
- Fix issue with checking for PKCS#8 key parser in unit tests.
- Fix issue with using -std=c23 compiler setting.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 7c5ec1fa02ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
bdf97cd9d2
iwd: update 3.10 -> 3.11
...
ver 3.11:
Fix issue with interface registration before acquiring name.
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ac9041ed3eankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
16af6bba7d
imapfilter: upgrade 2.8.3 -> 2.8.5
...
License-Update: copyright year updated to 2026.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 89b961c889https://github.com/lefcha/imapfilter/blob/v2.8.5/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
b95d21b7aa
jasper: upgrade 4.2.8 -> 4.2.9
...
Changelog:
- Fixed a bug in the JP2 encoder that caused incorrect handling of
opacity components in some cases.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 330ecdd2adankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
56f9f2dbd5
libnice: make crypto library configurable via PACKAGECONFIG
...
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com >
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
8bf79306ad
bpftrace: Update the runtime dependencies
...
* bash and python3 are only needed by the ptest package.
* xz appears to not be needed at all.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
76bea270ec
mariadb: Upgrade 11.4.9 -> 11.4.10
...
Remove 0001-Remove-x86-specific-loop-in-my_convert.patch as it's fixed
in new version [1].
Remove 0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch
as its logic is included in new version [2].
Release note:
https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10
[1] https://github.com/MariaDB/server/commit/470487c
[2] https://github.com/MariaDB/server/commit/a61a746
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
0efa1d57b6
imagemagick: upgrade 7.1.2-16 -> 7.1.2-17
...
Contains bugfixes and a couple of CVE fixes:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
e4a9ec5350
imagemagick: upgrade 7.1.2-15 -> 7.1.2-16
...
Changelog:
===========
* client: Fix use-after-free when creating async proxy failed
* daemon: Fix race on subscribers list when on thread
* ftp: Validate fe_size when parsing symlink target
* ftp: Check localtime() return value before use
* CVE-2026-28295: ftp: Use control connection address for PASV data
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters
* gphoto2: Use g_try_realloc() instead of g_realloc()
* cdda: Reject path traversal in mount URI host
* client: Fail when URI has invalid UTF-8 chars
* Some other fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
f38ff6e7d0
capnproto: patch CVE-2026-32239 and CVE-2026-32240
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240
Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
d7710fb408
php: upgrade 8.4.18 -> 8.4.19
...
https://www.php.net/ChangeLog-8.php#8.4.19
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
62f49bed40
ser2net: upgrade 4.6.6 -> 4.6.7
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 23d4ba6b96https://github.com/cminyard/ser2net/releases/tag/v4.6.7
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
1e8c1154e3
pcp: fix SRC_URI
...
The branch where the revision was got deleted, so this is just a floating commit now.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
92bfb48d4c
libssh: Fix CVE-2026-3731
...
Pick the patch [1] and [2] as mentioned in [3]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=f80670a7aba86cbb442c9b115c9eaf4ca04601b8
[2] https://git.libssh.org/projects/libssh.git/commit/?id=02c6f5f7ec8629a7cff6a28cde9701ab10304540
[3] https://security-tracker.debian.org/tracker/CVE-2026-3731
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
0fd2ea7e0b
exiv2: patch CVE-2026-27631
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Backport the patches referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
ab099baf93
exiv2: patch CVE-2026-27596
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596
Backport the commits referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
18824f8a2d
exiv2: patch CVE-2026-25884
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884
Backport the commits referenced by the NVD advisory.
One of the patches contain some binary data (for test data),
which needs to be applied with git PATCHTOOL..
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:23 +05:30
467427d3af
zabbix: mark CVE-2026-23925 as patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925
The vulnerability has been fixed since 7.0.18[1], however NVD
tracks this CVE without version information.
[1]: https://github.com/zabbix/zabbix/commit/89dec866ec7f8230b25f06ac000575e3b7bd4025
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:04 +05:30
9f2fe367d8
libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837
Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 17:14:04 +05:30
f4dca597c9
exiftool: ignore CVE-2026-3102
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102
The vulnerability impacts only MacOS - ignore it.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:33 +05:30
258cdd1e07
imagemagick: upgrade 7.1.2-13 -> 7.1.2-15
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 853aecb2f9skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:26 +05:30
843542472e
ceres-solver: Don't fail if .git/hooks/commit-msg can't be touched
...
The .git/hooks/commit-msg Git hook may already exist and not be
writable. E.g., in our environment it is a symbolic link to a script in
/usr/share.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a22fe21c59anuj.mittal@oss.qualcomm.com >
2026-03-06 10:13:27 +05:30
d25f3ab33a
valkey: upgrade 8.1.4 -> 8.1.6
...
Includes fix for CVE-2026-21863, CVE-2025-67733 and various bug fixes.
Also include tag in the SRC_URI.
https://github.com/valkey-io/valkey/releases/tag/8.1.5
https://github.com/valkey-io/valkey/releases/tag/8.1.6
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:11 +05:30
78a373916b
nbench-byte: Fix sysinfo generation in parallel build
...
The project Makefile uses a script (sysinfo.sh) to non-atomically generate
two .c files (sysinfo.c, sysinfoc.c) which are then included in the build.
Since the script always overwrites both .c files, the Makefile should only
invoke it once, not twice in parallel. Otherwise the .c files may be
corrupted and cause random build failures in parallel builds.
Requires at least GNU make 4.3, for Grouped Targets support [1].
[1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Reviewed-by: Silvio Fricke <silvio.fricke@gin.de >
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit add2d94ab7anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:10 +05:30
9783e418db
xrdp: patch CVE-2025-68670
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68670
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:10 +05:30
592de481e6
libjxl: upgrade 0.11.1 -> 0.11.2
...
- fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
- fix number of channels for gray-to-gray color transform (CVE-2026-1837)
- djxl: reject decoding JXL files if "packed" representation size overflows
size_t
https://github.com/libjxl/libjxl/releases/tag/v0.11.2
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:08 +05:30
1a18d1ac74
protobuf: ignore CVE-2026-0994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:08 +05:30
3ad174f956
postgresql: upgrade 17.7 -> 17.8
...
License-Update: Update license year to 2026
Refreshed patches for version 17.8
Includes fix for CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006
Release Notes:
https://www.postgresql.org/docs/release/17.8/
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:07 +05:30
fdddf2bdd3
openjpeg: patch CVE-2023-39327
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:07 +05:30
9039381ef0
systemd-netlogd: upgrade 1.4.4 -> 1.4.5
...
Fixes build with 32 bit machines.
- Fix build on 32-bit with 64-bit time_t by @cgzones in #136
- Misc by @cgzones in #137
- Add terminating newline also for TLS connections by @Googulator in #139
- Add RFC5425 length field by @derobert in #140
- Correct examples for ExcludeSyslogFacility and ExcludeSyslogLevel by @ngraziano in #141
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:04 +05:30
12fc4c6584
tomoyo-tools: update SRC_URI
...
The previous one became inaccessible.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-24 18:46:45 +05:30
24a99d095d
php: upgrade 8.4.17 -> 8.4.18
...
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.4.18
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:36:42 +05:30
6763e7828d
libtracefs: upgrade 1.8.2 -> 1.8.3
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0fbbddd537https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/tag/?h=libtracefs-1.8.3
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:34 +05:30
980fca8629
usbids: upgrade 2025.09.15 -> 2025.12.13
...
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5aca0a216dankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:34 +05:30
f11e6285f8
minizip-ng: 4.0.8 -> 4.0.10
...
1.Changelog:
https://github.com/zlib-ng/minizip-ng/releases/tag/4.0.10
2.Remove 0001-crypt.h-Remove-register-keyword.patch as it was merged upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5f6dbb284aankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:33 +05:30
a96f3a8194
paho-mqtt-c: upgrade 1.3.14 -> 1.3.15
...
Drop patch to fix gcc15 compatibility - the problem has been solved by upstream.
Changelog:
- Update getaddrinfo options to support IPv6 hostname resolution
- Removed unnecessary _WIN64 conditional checks
- Fixed condition variable timed wait
- Support tls:// prefix
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cb9d043f46ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:33 +05:30
0831fc038d
libx86-1: upgrade 1.1 -> 1.1.1
...
Bugfix release, mostly with patches applied from other distros.
Also fixes the SRC_URI which became inaccessible over time.
Drop patches that are included in this release.
Shortlog:
https://gitlab.archlinux.org/grawlinson/libx86/-/compare/v1.1...v1.1.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 19fdc49db3ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:32 +05:30
1597f7ba50
libsdl2-compat: update 2.32.58 -> 2.32.62
...
Changelog:
2.32.62:
This is a stable bugfix release, with the following changes:
Improved support for GNU/Hurd
Fixed crash if hidapi strings are not available
2.32.60:
This is a stable bugfix release, with the following changes:
Fixed crash at startup in Dwarf Fortress
Fixed crash at startup in Stellaris
Fixed mouse stuttering in Amiberry
Fixed the viewport not being reset when the window is resized
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Adapted for Whinlatter to keep x11 in REQUIRED_DISTRO_FEATURES
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:32 +05:30
f195fb8e78
cryptsetup: upgrade 2.8.3 -> 2.8.4
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Stable bug-fix release
https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.8.4/docs/v2.8.4-ReleaseNotes?ref_type=tags
(cherry picked from commit 9111684d67ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:31 +05:30
80a5465833
redis: ignore CVE-2025-46686
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686
Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.
See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 868b4b2959skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:28 +05:30
effd66ea21
raptor2: patch CVE-2024-57822 and CVE-2024-57823
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-57822
https://nvd.nist.gov/vuln/detail/CVE-2024-57823
Pick the patches mentioned in the github issue[1] mentioned
in the NVD advisories (both of them are covered by the same issue)
[1]: https://github.com/dajobe/raptor/issues/70
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dc2c6a514eskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:28 +05:30
677f28e90b
ttf-vlgothic: fix SRC_URI
...
The old URL is inoperable since a while - switch to Ubuntu's mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d99c82c088anuj.mittal@oss.qualcomm.com >
2026-02-03 08:10:07 +05:30
35b59ba864
anthy: fix SRC_URI
...
The old URL is gone - switch to a working mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fd562c65c6anuj.mittal@oss.qualcomm.com >
2026-02-03 08:09:40 +05:30
1b80e12617
sblim-sfcc: fix SRC_URI
...
The old URL is gone - set a working mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 47efd1f9b8anuj.mittal@oss.qualcomm.com >
2026-02-03 08:09:14 +05:30
bbbc6c50d4
nodejs: upgrade 22.21.1 -> 22.22.0
...
This is the December 2025 security release that the nodejs team released
January 13, 2026.
3 high severity issues.
4 medium severity issues.
1 low severity issue.
High priority fixes:
CVE-2025-55131
CVE-2025-55130
CVE-2025-59465
Medium priority fixes:
CVE-2025-59466
CVE-2025-59464
CVE-2026-21636 *
CVE-2026-21637
Low priority fixes:
CVE-2025-55132
* note that this medium priority CVE only effects Nodejs v25.
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0bb156371eskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:27 +05:30
dfc0632585
libcupsfilters: patch CVE-2025-64503
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503
Pick the patch that explicitly refernces the CVE ID in its message.
(The NVD advisory mentions only the cups-filters patch, but
the developer indicated the CVE ID in the libcupsfilters patch also)
Between this recipe version and the patch the project has decided to
eliminate c++ from the project, and use c only. The patch however
is straightforward enough that it could be backported with very small
modifications.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:26 +05:30
fa4ceb7b5d
libcdio: patch CVE-2024-36600
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600
Backport the patch from the PR that is referenced in the NVD advisory.
Note that there are two PRs mentioned: one is the fix, and the other
is just readme update with the CVE ID. The latter wasn't backported.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:26 +05:30
9df99ae97a
imagemagick: upgrade 7.1.2-12 -> 7.1.2-13
...
License-Update: change license url to https://imagemagick.org/license/
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c2b4809fe8skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-03 08:07:25 +05:30
Wang Mingyu
Markus Volk
Sujeet Nayak
Peter Kjellerstedt
Mingli Yu
Gyorgy Sarvari
Ankur Tyagi
Deepak Rathore
Daniel Klauer
Anuj Mittal
Jason Schonberg
Liu Yiding