732aa8f936
gimp: patch CVE-2025-14423
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423
Pick the patch references by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6aa5720e76skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:53 +05:30
b680240a03
gimp: patch CVE-2025-14422
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422
Pick the patch referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a0b41204afskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:53 +05:30
ed4878b3bc
freerdp3: ignore CVE-2025-68118
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118
It is a Windows only vulnerability, ignore it.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:52 +05:30
22b7851cde
fetchmail: patch CVE-2025-61962
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 0d9da11052skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:52 +05:30
0827d22e4c
civetweb: ignore CVE-2025-9648
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648
It is already fixed in the currently used version.
Also, update CVE-2025-55763's status to "fixed-version" (so it will be
marked as "Patched" in the CVE report instead of "Ignored")
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bfb76da63bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:51 +05:30
670aa709fb
tigervnc: ignore CVE-2025-26594...26601
...
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601
TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.
All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).
Due to this, ignore these vulnerabilities, and just mark them as patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4924e89bb7skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:51 +05:30
62a12a32a8
tigervnc: ignore CVE-2023-6478
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478
TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.
The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 62a78f8ba7skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:50 +05:30
dc575822b2
tigervnc: ignore CVE-2023-6377
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377
TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.
The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f691f2178bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:50 +05:30
0be619859e
tigervnc: sync xserver code with oe-core
...
TigerVNC compiles its own xserver. Synchronize the xserver version
with oe-core.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fadb9c0570skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:49 +05:30
d5f3269b90
tigervnc: fix typo in CVE_STATUS
...
Forgot to add the CVE- prefix in previous patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 2f913279d4skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:49 +05:30
e370d2f41f
fio: ignore CVE-2025-10824
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824
The upstream maintainer wasn't able to reproduce the issue[1],
and the related bug is closed without further action.
[1]: https://github.com/axboe/fio/issues/1981
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a275078cbeskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:48 +05:30
c0a63f5222
dovecot: patch CVE-2025-30189
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189
Pick the patches referenced by the advisory[1] from the Full Disclosure list.
[1]: https://seclists.org/fulldisclosure/2025/Oct/29
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:48 +05:30
af7857e40c
cups-filters: patch CVE-2025-64524
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524
Pick the patch mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 056ee43dd1skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:47 +05:30
6a2e51e989
cifs-utils: patch CVE-2025-2312
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312
Pick the patch that is referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:47 +05:30
1a7e2ac776
c-ares: upgrade 1.34.5 -> 1.34.6
...
Drop memory leak patch which has already been included in this new version.
The new version also includes a fix for CVE 2025-62408.
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 996768e080skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:46 +05:30
efde0fec54
minio: ignore irrelevant CVEs
...
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...
The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit df462075beskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:46 +05:30
0c577a8001
accountsservice: ignore CVE-2023-3297
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297
The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is
not present in the recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 071a45c9d7skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-06 18:07:21 +05:30
a8a70d3893
fex: ignore unrelated CVEs
...
These CVEs were filed for "Fram's Fast File Exchange" application, which
has the same abbreviated name as fex. Currently this recipe has no historical
CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore
these irrelevant CVEs explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b990486203skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-05 07:25:18 +05:30
a4e768dcfa
bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRA
...
Most host gcc doesn't support -fcanon-prefix-map right now, so
empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error.
| gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’?
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 31a08525beankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 16:54:28 +05:30
14b2443bc1
libplist: Fix buildpaths in ptests
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com >
(cherry picked from commit 3a6b83c075ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 16:53:43 +05:30
ce1a2719f2
gflags: switch Git branch from master to main
...
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:05:06 +05:30
16316689b0
python3-huey: Upgrade 2.5.4 -> 2.5.5
...
Upgrade to release 2.5.5:
- Fix for pypi
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7954f37b3cankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:27 +05:30
afeafe9ac3
python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2
...
Upgrade to release 3.1.2:
- Fix pickling of abstract base classes containing type annotations
for Python 3.14.
License-Update: Use file LICENSE
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b428f67575ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:27 +05:30
2ded78c56b
python3-polyline: Upgrade 2.0.3 -> 2.0.4
...
Upgrade to release 2.0.4:
- Add py.typed marker
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 71055538b5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:27 +05:30
1f836596b9
python3-sqlparse: upgrade 0.5.3 -> 0.5.4
...
Changelog:
=============
Enhancements
---------------
* Add support for Python 3.14.
* Add type annotations to top-level API functions and include py.typed marker
for PEP 561 compliance, enabling type checking with mypy and other tools
* Add pre-commit hook support. sqlparse can now be used as a pre-commit hook
to automatically format SQL files. The CLI now supports multiple files and
an '--in-place' flag for in-place editing
* Add 'ATTACH' and 'DETACH' to PostgreSQL keywords
* Add 'INTERSECT' to close keywords in WHERE clause
* Support 'REGEXP BINARY' comparison operator
Bug Fixes
----------
* Add additional protection against denial of service attacks when parsing
very large lists of tuples. This enhances the existing recursion protections
with configurable limits for token processing to prevent DoS through
algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,
MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)
if needed for legitimate large SQL statements.
* Remove shebang from cli.py and remove executable flag
* Fix strip_comments not removing all comments when input contains only
comments
* Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END
blocks
* Fix splitting on semicolons inside BEGIN...END blocks
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 705abb20c1ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:26 +05:30
5f28ef7349
python3-pymodbus: upgrade 3.11.3 -> 3.11.4
...
Changelog:
full support for python 3.14 and a number of packages (like mypy) have been updated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b745baf478ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:26 +05:30
6e0c4cd1a5
python3-pybcj: upgrade 1.0.6 -> 1.0.7
...
Changelog:
============
- Support for python 3.14
- ci: fix test and release workflows
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 797e29ed42ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:25 +05:30
0912147bde
python3-gmpy2: upgrade 2.2.1 -> 2.2.2
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e274146fa4ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:25 +05:30
8197b4ba79
python3-eventlet: upgrade 0.40.3 -> 0.40.4
...
Changelog:
============
* Remove legacy setuptools configuration files
* add 3.14 to supported versions
* Emit warning on startup that eventlet is deprecated
* Fix Python 3.14 on macOS
* Workaround for #1068
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 768580103bankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:24 +05:30
4ef895e04c
python3-django: upgrade 4.2.25 -> 4.2.26
...
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.26/
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5551a12170ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:24 +05:30
1a96475ce5
python3-django: upgrade 5.2.7 -> 5.2.8
...
Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.2.8/
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8247a68d54ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:23 +05:30
0e313f5b73
python3-rich-argparse: upgrade 1.7.1 -> 1.7.2
...
Changelog:
Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 18aaa7d8a6ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:23 +05:30
93be4fae40
python3-moteus: upgrade 0.3.95 -> 0.3.96
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ddca2bae90ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:22 +05:30
f54fe07115
python3-gpt-image: upgrade 0.9.0 -> 0.9.1
...
Changelog:
Partition commit offset calculation
License-Update: file type changed to "ASCII text"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dc53efed84ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:22 +05:30
7c5fd57f84
e2tools: Fix buildpaths in ptests
...
Currently the path checks are escaping QA check for buildpath detection but config.status
still has paths which show up in reproduciblity failures, comparing build in path A and
build in path B, content of config.status don't end up same.
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0856c56132ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:21 +05:30
1de4f92214
nautilus: upgrade 49.1 -> 49.2
...
* Bugfixes:
- Fix handling of unset XDG directories
- Reduce memory usage of thumbnails by correct scaling
- Fix potential rescaling of item when switching to cut icon
- Fix crash on empty file lists in drops
- Correct sorting of loopback devices
- Don't skip the first file from operation progress monitoring
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 90343e1990ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:21 +05:30
aa45e41705
gupnp-tools: upgrade 0.12.1 -> 0.12.2
...
Changelog:
- Common:
- Remove deprecated libxml calls
- AV CP:
- Remove some stray debug output
- EventDumper:
- Code cleanup
- Uploader:
- Fix parsing the Browse result
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 25540bf356ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:21 +05:30
dc5e6e348e
gupnp-av: upgrade 0.14.1 -> 0.14.4
...
Drop patch that is included in this release.
Changelog:
0.14.4:
- Move documentation to gi-docgen
0.14.3:
- CI fixes
0.14.2:
- xml: Fix compatibility with libxml2 2.12.x
- Add missing array annotation
- build: Fix Requires: line of pkg-config file
- Loosen restriction on dc:date verification
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b8d9e45b69ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:20 +05:30
4ae00d401c
gupnp: upgrade 1.6.6 -> 1.6.9
...
Drop patch that was incorporated in this release.
Changelog:
1.6.9:
- Linux-CM: Fix a potential memory leak
- Fix documentation link for libsoup
- Fix unnecessary g_thread_unref in tests
- Fix issues with Since: in documentation
1.6.8:
- ServiceProxyAction: Remove some left-over debug output
- ServiceProxyAction: Stop leaking the HTTP response
- Docs: Fix various issues
- ServiceProxyAction: Add get_value_as()
- Linux-CM: Silence a false-positive with scan-build
1.6.7:
- Fix compatiblity with libxml2 2.12.x
- Improve reproducability
- ControlPoint: Fix re-scan
- ContextManager: Fix boot-id update
- Context: Fix crash if served URI is not an IP address
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dd108a46f8ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:20 +05:30
b3eb875f50
gssdp: upgrade 1.6.3 -> 1.6.4
...
Drop patch that was incorporated in this release.
Shortlog (without CI-changes):
client: Format Since/Deprecated versions in a way gi-docgen can parse
Fix template to use local mirror
gssdp-enums.c.template: use basename instead of filename
resource-browser: Make regex pattern static
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a78826db86ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:19 +05:30
7301de982a
openipmi: Pass BUILD_CFLAGS to BUILD_CC
...
* The option -fcanon-prefix-map is added to CFLAGS after the commit [1]
introduced and result in the below build error.
Making all in sdrcomp
make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp'
aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c
gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm
gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’?
* Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue.
[1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c41fb791faankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 14:00:19 +05:30
d80916b4dc
libcoap: upgrade 4.3.5 -> 4.3.5a
...
Changelog [1]:
* Fixes the following CVEs
CVE-2025-59391
CVE-2025-65494
CVE-2025-65495
CVE-2025-65496
CVE-2025-65497
CVE-2025-65498
CVE-2025-65499
CVE-2025-65500
CVE-2025-65501
* CVE-2025-50518 not fixed as user application error.
* Support for Mbed TLS 3.6.3.
* Support for RIOT update changes.
* Fixes for later CI environment builds.
* Critical reported bugs fixed.
Add tag to SRC_URI for hash verification.
License-Update: copyright years refreshed [2]
[1] https://github.com/obgm/libcoap/blob/v4.3.5a/ChangeLog
[2] https://github.com/obgm/libcoap/commit/993c12ac92ce6a24a409924fe78a5c0fe7246699
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6a9cc44a92ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:21 +05:30
3cadf1e0c7
postfix: upgrade 3.10.5 -> 3.10.6
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cde1da5ec1ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:20 +05:30
10c0a22f9a
libdaq: upgrade 3.0.22 -> 3.0.23
...
Changelog:
api: add tcp flag in DAQ flow stats
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8c3baf61d0ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:20 +05:30
2e4f464335
pgpool2: 4.6.3 -> 4.6.4
...
Drop 0001-snprintf-Add-math.h-to-ensure-isnan-and-isinf-are-de.patch and
v1-0001-Make-time-calculations-always-long-long.patch as those were merged upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7fb4910ccbankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:19 +05:30
394b23d027
openvpn: upgrade 2.6.15 -> 2.6.16
...
Code maintenance / Compat changes
---------------------------------
- adapt to new "encrypt-then-mac" cipher suites in OpenSSL 3.6.0 - these
need special handling which we don't do, so the t_lpback self-test
failed on them. Exclude from list of allowed ciphers, as there is no
strong reason today to make OpenVPN use these.
- fix various compile-time warnings
Documentation updates
---------------------
- fix outdated and non-HTTPS URLs throughout the tree (doxygen, warnings,
manpage, ...)
Bugfixes
--------
- Fix memcmp check for the hmac verification in the 3way handshake.
This bug renders the HMAC based protection against state exhaustion on
receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
CVE: 2025-13086
- fix invalid pointer creation in tls_pre_decrypt() - technically this is
a memory over-read issue, in practice, the compilers optimize it away
so no negative effects could be observed.
- Windows: in the interactive service, fix the "undo DNS config" handling.
- Windows: in the interactive service, disallow using of "stdin" for the
config file, unless the caller is authorized OpenVPN Administrator
- Windows: in the interactive service, change all netsh calls to use
interface index and not interface name - sidesteps all possible attack
avenues with special characters in interface names.
- Windows: in the interactive service, improve error handling in
some "unlikely to happen" paths.
- auth plugin/script handling: properly check for errors in creation on
$auth_failed_reason_file (arf).
- for incoming TCP connections, close-on-exec option was applied to
the wrong socket fd, leaking socket FDs to child processes.
- sitnl: set close-on-exec flag on netlink socket
- ssl_mbedtls: fix missing perf_pop() call (optional performance profiling)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 351ac66213ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:19 +05:30
436dc00649
apache2: upgrade 2.4.65 -> 2.4.66
...
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753
See: http://www.apache.org/dist/httpd/CHANGES_2.4.66
Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 220835dac9ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:18 +05:30
d104f0cc04
swagger-ui: upgrade 5.30.2 -> 5.30.3
...
Changelog:
==========
- deps: update vulnerable @release-it/conventional-changelog to 10.0.2
- deps: update vulnerable dependencies (js-yaml & glob)
- utils: handle sanitizing multi-level relative paths
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fad70abdb3ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:18 +05:30
0f0a0857ed
fcgi: upgrade 2.4.6 -> 2.4.7
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 39f1d58d2bankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:17 +05:30
4299b96547
libmng: correct version of libmng
...
Current version is 2.0.3, the lastrelease of libmng is in 2015,
add a patch to fix it
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c91f9c0a4bankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 13:57:17 +05:30
Gyorgy Sarvari
Ankur Tyagi
Jason Schonberg
Mingli Yu
Khem Raj
Viswanath Kraleti
Leon Anavi
Wang Mingyu
Peter Marko
Liu Yiding
Valeria Petrov
Changqing Li