7529c8a3bd
python3-protobuf: upgrade 6.33.1 -> 6.33.2
...
Change log:
https://github.com/protocolbuffers/protobuf/releases/tag/v33.2
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:13:01 +05:30
9e35ca9108
xrdp: patch CVE-2023-42822
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-42822
Pick the patch the references the github advisory[1] and the cve ID also from
the nvd report. The patch is a backported version of the patch referenced by
the nvd report.
[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit a9fa1c5c2askandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:13:00 +05:30
c3964035a8
xrdp: patch CVE-2023-40184
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184
Pick the patch that is associated with the github advisory[1], which is
a backported version of the patch that is referenced by the nvd report.
[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 259e4f9266skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:13:00 +05:30
56c1ffb74f
xrdp: patch CVE-2022-23493
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit f81041bb39skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:59 +05:30
57d69cc4d4
xrdp: patch CVE-2022-23484
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 2578e5c17dskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:59 +05:30
d999dd3cc4
xrdp: patch CVE-2022-23483
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 8ffd8f29d5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:59 +05:30
2f2e3c16c0
xrdp: patch CVE-2022-23482
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 31694c82e3skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:58 +05:30
5655e97093
xrdp: patch CVE-2022-23481
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 64ee8f84c4skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:58 +05:30
563d8052cf
xrdp: patch CVE-2022-23480
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 71e9d02b12skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:57 +05:30
40fd2c8704
xrdp: patch CVE-2022-23479
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 19e076e66bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:57 +05:30
c1f03cbf71
xrdp: patch CVE-2022-23478
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 63b5fff975skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:56 +05:30
72c3d49f78
xrdp: patch CVE-2022-23477
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit a6efc5b285skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:56 +05:30
c7570405e8
xrdp: patch CVE-2022-23468
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
(cherry picked from commit 1cb08277feskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:55 +05:30
508aa14cd8
frr: patch CVE-2025-61099..61107
...
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-61099
https://nvd.nist.gov/vuln/detail/CVE-2025-61100
https://nvd.nist.gov/vuln/detail/CVE-2025-61101
https://nvd.nist.gov/vuln/detail/CVE-2025-61102
https://nvd.nist.gov/vuln/detail/CVE-2025-61103
https://nvd.nist.gov/vuln/detail/CVE-2025-61104
https://nvd.nist.gov/vuln/detail/CVE-2025-61105
https://nvd.nist.gov/vuln/detail/CVE-2025-61106
https://nvd.nist.gov/vuln/detail/CVE-2025-61107
The NVD advisory refernces a PR[1] that contains only an unfinished, and
ultimately unmerged attempt at the fixes. The actual solution comes from
a different PR[2]. These patches are 3 commits from that PR. The last
commit wasn't backported, because it is just code formatting.
[1]: https://github.com/FRRouting/frr/pull/19480
[2]: https://github.com/FRRouting/frr/pull/19983
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3cd47f72adskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-02 08:12:52 +05:30
16cd5b1b8d
libowfat: update SRC_URI
...
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8cab2b2977anuj.mittal@oss.qualcomm.com >
2026-01-21 10:28:20 +05:30
0f00860e5f
ncp: update SRC_URI
...
The https link does not work anymore, it just refuses the connection.
http still works though.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8da9f2fea2anuj.mittal@oss.qualcomm.com >
2026-01-21 10:28:09 +05:30
7856298b5f
softhsm: fix SRC_URI branch
...
The "develop" branch doesn't exist anymore, the used revision can be
found on the "main" branch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 21df5861c7anuj.mittal@oss.qualcomm.com >
2026-01-21 10:27:40 +05:30
8fdc4a1e4b
recipes-core/toybox: Switch SRC_URI to HTTPS for reliable fetch
...
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 050ffcdea2anuj.mittal@oss.qualcomm.com >
2026-01-21 10:22:57 +05:30
8462fe14b8
nginx: ignore CVE-2025-53859 for 1.28.1
...
Fix is included via commit [1].
[1] https://github.com/nginx/nginx/commit/fbbbf189dadf3bd59c2462af68c16f2c2874d4ee
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5d3936d5ddankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:24 +05:30
23efe27897
nginx: set CVE_PRODUCT
...
nginx has a long history, and has used multiple CPEs
over time. Set CVE_PRODUCT to reflect current and historic
vendor:product pairs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d25aadbbb5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:24 +05:30
5acd5f7386
nginx: upgrade 1.28.0 -> 1.28.1
...
Drop CVE patch which has been integrated into this new version.
Solves:
* CVE-2025-53859
CHANGES:
https://nginx.org/en/CHANGES-1.28
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 222c642564ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:24 +05:30
a7e34f3531
python3-scapy: set CVE_PRODUCT
...
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6f68f5fce7ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:23 +05:30
8c482ca886
tinyproxy: patch CVE-2025-63938
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7981f52062ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:23 +05:30
3c515557c4
dante: Add _GNU_SOURCE for musl builds
...
This helps build fixes e.g. cpuset_t definitions etc.
glibc builds have _GNU_SOURCE defined inherently.
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 848bac20eaankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:22 +05:30
b42c7fbb73
dante: upgrade 1.4.3 -> 1.4.4
...
License-Update: copyright year bump
Changelog:
- Fix potential security issue CVE-2024-54662, related to "socksmethod"
use in client/hostid-rules.
- Add a missing call to setgroups(2).
- Patch to fix compilation with libminiupnp 2.2.8.
- Client connectchild optimizations.
- Client SIGIO handling improvements.
- Various configure/build fixes.
- Updated to support TCP_EXP1 version of TCP hostid format.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9f12c5fbc6ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:22 +05:30
d11b64e25e
frr: upgrade 10.4.1 -> 10.4.2
...
Release Notes:
https://github.com/FRRouting/frr/releases/tag/frr-10.4.2
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:21 +05:30
8d54f36c15
xerces-c: set CVE_PRODUCT
...
The related CVEs are tracked with "xerces-c\+\+" (sic).
See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2;
apache|xerces-c\+\+|29
apache|xerces-j|2
apache|xerces2_java|3
redhat|xerces|3
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 29a272744aankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:21 +05:30
6df897e314
lmdb: patch CVE-2026-22185
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22185
Pick the patch that is mentioned as a solution in the related upstream bug[1].
[1]: https://bugs.openldap.org/show_bug.cgi?id=10421
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e0f86a4a7fankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:20 +05:30
d30b9a5419
boinc-client: mark CVE-2013-2018 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2013-2018
According to oss-security email[1], version 7.0.45 included
the fixes[2][3][4]
[1]: https://www.openwall.com/lists/oss-security/2013/04/29/11
[2]: https://github.com/BOINC/boinc/commit/6e205de096da83b12ffb2f0183b43e51261eb0c4
[3]: https://github.com/BOINC/boinc/commit/e8d6c33fe158129a5616e18eb84a7a9d44aca15f
[4]: https://github.com/BOINC/boinc/commit/ce3110489bc139b8218252ba1cb0862d69f72ae3
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 2a78ad8813ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:20 +05:30
b6a71017ab
influxdb: ignore CVE-2024-30896
...
As mentioned in the comment[1], vulnerability is in
/api/v2/authorizations API which only exists in 2.x, 1.x is not affected.
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30896
[1] https://github.com/influxdata/influxdb/issues/24797#issuecomment-2514690740
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 2f1d7a8597ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:20 +05:30
6d6dbabb28
boinc-client: set CVE_PRODUCT
...
The relevant CVEs are tracked with underscore in their name.
See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%boinc%' group by 1, 2;
berkeley|boinc_client|2
berkeley|boinc_forum|1
universityofcalifornia|boinc_client|165
universityofcalifornia|boinc_server|5
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 31de060b48ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:19 +05:30
9cb5abd34b
asyncmqtt: set CVE_PRODUCT
...
The CVEs are tracked with an underscore in the product name:
sqlite> select * from PRODUCTs where product like '%async%mq%';
CVE-2025-65503|redboltz|async_mqtt|10.2.5|=||
This patch sets the correct CVE_PRODUCT.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4da079d7f5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:17:19 +05:30
835f1ef688
libcereal: set CVE_PRODUCT
...
The relevant CVEs are associated with usc:cereal CPE.
See CVE db query:
sqlite> select * from PRODUCTS where PRODUCT like '%cereal%';
CVE-2020-11104|usc|cereal|||1.3.0|<=
CVE-2020-11105|usc|cereal|||1.3.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6e936626cbankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:20 +05:30
57b188f8bc
raptor2: set CVE_PRODUCT
...
All relevant CVEs are files against these CPEs.
See CVE db query (zediious vendor is not relevant):
sqlite> select * from PRODUCTs where PRODUCT like '%raptor%' and vendor <> 'symantec' and product <> 'velociraptor';
CVE-2012-0037|librdf|raptor|||2.0.7|<
CVE-2017-18926|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2020-25713|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2023-49078|zediious|raptor-web|0.4.4|=||
CVE-2024-57822|librdf|raptor_rdf_syntax_library|||2.0.16|<=
CVE-2024-57823|librdf|raptor_rdf_syntax_library|||2.0.16|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 15aca0b2faankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:20 +05:30
5c64a792b6
libsdl3: upgrade 3.2.28 -> 3.2.30
...
Changelog:
https://github.com/libsdl-org/SDL/releases/tag/release-3.2.30
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a524aaddacankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:19 +05:30
351df9d54e
libjxl: Fix build error with arm and musl
...
Build fails for qemuarm with musl with following error:
/build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc
| error: out of range pc-relative fixup value
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 63ae47a70dankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:19 +05:30
6cb598129d
mozjs-128: Fix build error with arm and musl
...
Build fails for qemuarm with musl with following error:
mozglue/misc/StackWalk.o: in function `unwind_callback(_Unwind_Context*, void*)':
| /usr/src/debug/mozjs-128/128.5.2/mozglue/misc/StackWalk.cpp:810:(.text._ZL15unwind_callbackP15_Unwind_ContextPv+0x4): undefined reference to `_Unwind_GetIP'
Referenced commit[1] for the fix, also refreshed patches.
[1] https://github.com/OSSystems/meta-browser/commit/bb8662912354dae13634c0ec35c3803c344b1e72
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 30942cebe8ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:18 +05:30
91193c97a3
libsdl3-image: upgrade 3.2.4 -> 3.2.6
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Release Notes:
https://github.com/libsdl-org/SDL_image/releases/tag/release-3.2.6
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:18 +05:30
6d1c5be67b
smarty: extend CVE_PRODUCT
...
Some CVEs assign smarty-php as the vendor to the corresponding CPE.
E.g CVE-2024-35226[1] is tracked with smarty-php:smarty by mitre
(NVD tracks it without CPE).
[1]: https://cveawg.mitre.org/api/cve/CVE-2024-35226
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1aee6a403cankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:18 +05:30
f3407694b8
vboxguestdrivers: Upgrade to 7.2.4
...
This is a maintenance release. The following items were fixed or added:
GUI: Fixed VirtualBox VM Manager crash when host was resuming from sleep (github:gh-121, github:gh-170)
GUI: Updated native language support for Traditional Chinese, Greek, Swedish, Hungarian and Indonesian translations
NAT: Fixed issue when multiple port forwarding rules affected NAT functionality (github:gh-232)
Linux host and guest: Introduced initial support for kernel 6.18
Linux Guest Additions: Introduced additional fixes for RHEL 9.6 and 9.7 kernels (github:GH-12)
Windows Guest Additions: Introduced additional fixes for issue when installation was failing in Windows XP SP2 guest (github:GH-142)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Cc: Bruce Ashfield <bruce.ashfield@gmail.com >
(cherry picked from commit 0ecf2814b2ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:17 +05:30
1b5228dcce
libdecor: upgrade 0.2.4 -> 0.2.5
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Changelog:
https://gitlab.freedesktop.org/libdecor/libdecor/-/compare/0.2.4...0.2.5?from_project_id=18349
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:17 +05:30
d879c37905
cryptsetup: upgrade 2.8.1 -> 2.8.3
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6f41c5872dankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:16 +05:30
5508b827fb
nodejs: remove extra CVE_PRODUCT
...
CVE_PRODUCT is specified twice - the second instance only duplicates one
value from the first instance.
Remove this extra CVE_PRODUCT.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6ff9252484ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:16 +05:30
441cf7db11
php: upgrade 8.4.16 -> 8.4.17
...
Changelog: https://www.php.net/ChangeLog-8.php#8.4.17
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:15 +05:30
4beb45b615
microsoft-gsl: upgrade 4.2.0 -> 4.2.1
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1d33fb39d9ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:15 +05:30
cce0f2d7cd
vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2
...
Upgrade Vulkan CTS to the point release, fixing several tests. While we
are at it, refresh Vulkan-Video-Samples patches.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 374949c531ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:14 +05:30
a1a87ebf04
minicoredumper: fix 2038 year problem in timestamp handling
...
The minicoredumper has multiple 2038 year problems where 'long' type
variables and strtol() function calls cause overflow on 32-bit systems
when handling timestamps after 2038-01-19.
This leads to incorrect timestamp formatting in core dump directory
names (e.g., sleep40s.20380119.031407+0000.598).
Fix by changing 'long timestamp' to 'time_t timestamp' and replacing
strtol() with strtoll() to properly handle 64-bit timestamps on
32-bit systems.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b5685fb375ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:14 +05:30
199ca0c29d
usb-modeswitch: upgrade 2.6.1 -> 2.6.2
...
0001-Fix-build-with-gcc-15.patch
removed since it's included in 2.6.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dfbe08b6c3ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:13 +05:30
5a9ced1fd5
usb-modeswitch-data: upgrade 20191128 -> 20251207
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8f2c436db5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:13 +05:30
650978be5c
libsdl3: upgrade 3.2.26 -> 3.2.28
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 26e3ef119bankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-01-20 10:15:12 +05:30
Liu Yiding
Gyorgy Sarvari
Sanjay Chitroda
Peter Marko
Jason Schonberg
Khem Raj
Ankur Tyagi
Wang Mingyu
Dmitry Baryshkov
Jiaying Song