75e3ed1850
ettercap: patch CVE-2026-3603
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:09 +05:30
59b94e41bf
libssh: Fix CVE-2026-3731
...
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-3731
[2] https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:09 +05:30
a88f173ed0
wireshark: Fix CVE-2026-0960
...
Pick patch from [1] also mentioned in [2]
[1] https://gitlab.com/wireshark/wireshark/-/issues/20944
[2] https://security-tracker.debian.org/tracker/CVE-2026-0960
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:08 +05:30
af2304fcb9
php: upgrade 8.2.29 -> 8.2.30
...
Drop patches that are included in this release.
Changes: https://www.php.net/ChangeLog-8.php#8.2.30
- Curl: Fix curl build and test failures with version 8.16.
- Opcache: Reset global pointers to prevent use-after-free in zend_jit_status().
- PDO: PDO quoting result null deref - CVE-2025-14180
- Null byte termination in dns_get_record()
- Heap buffer overflow in array_merge() - CVE-2025-14178
- Information Leak of Memory in getimagesize - CVE-2025-14177
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:08 +05:30
e7a359838c
wireshark: Fix CVE-2026-3201
...
Pick patch from [1] also mentioned in [2]
[1] https://gitlab.com/wireshark/wireshark/-/issues/20972
[2] https://security-tracker.debian.org/tracker/CVE-2026-3201
More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:07 +05:30
b48d119e50
nativesdk-pistache: dependency with brotli
...
Building of nativesdk-pistache aborted due to
missing dependency with brotli.
Fixed by extending brotli recipe to build nativesdk
Signed-off-by: Christos Gavros <gavrosc@yahoo.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cf95ee0ff5deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:07 +05:30
6dd3de0d5d
yasm: extend recipe for nativesdk builds
...
Some SDK dependency chains require yasm to be available
as SDK artifacts. The current metadata only partially provides this,
which can lead to dependency resolution failures when this recipe is pulled
into SDK-oriented builds.
This change does not alter target package behavior; it only enables required
nativesdk variant for build and SDK integration paths.
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:06 +05:30
29e835b9b7
vlc: ignore CVE-2026-26227 and CVE-2026-26228
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227
https://nvd.nist.gov/vuln/detail/CVE-2026-26228
Both vulnerabilities affect only the Android version of VLC, not
the other ones. Because of this, ignore these CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:06 +05:30
67d0242d70
gimp: add additional patch for CVE-2026-0797
...
There is an additional patch for CVE-2026-0797, which is not mentioned
in the CVE advisory, nor in the related issue nor in the related PR, however
both the change, and the commit message shows that this is a continuation
of the original fix, which was incomplete.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:05 +05:30
ada8211493
sassc: ignore CVE-2022-43357
...
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.
[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
are not present in this repository.
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] https://github.com/sass/libsass/issues/3177
[3] https://github.com/sass/libsass/pull/3184
[4] https://github.com/sass/sassc/
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 576b84263bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:05 +05:30
604a54d742
spice: set CVE-2016-2150 status to fixed
...
Debian has fixed this CVE with [1].
That patch is taken from [2].
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13
v0.13.1-190-g69628ea1
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13
v0.13.2
[1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e44f3251b5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:04 +05:30
bc575f49a2
spice: ignore CVE-2016-0749
...
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 073e845274skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:04 +05:30
0e38edb85d
spice-gtk: mark CVE-2012-4425 as fixed
...
It is fixed by [1] since 0.15.3.
NVD tracks this CVE as version-less.
[1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7e17f8cec0skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:03 +05:30
213a390d5d
streamripper: ignore CVE-2020-37065
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1571c1a8e5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:03 +05:30
67a8fe4a1a
python3-django: upgrade 4.2.28 -> 4.2.29
...
Contains fiuxes for CVE-2026-25673 and CVE-2026-25674.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:03 +05:30
c73a2a0435
protobuf: ignore CVE-2026-0994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 398fa05aa8skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:02 +05:30
24e8a09f65
libjxl: upgrade 0.10.2 -> 0.10.5
...
Bug fix release, mostly CVE fixes.
Drop patches that are included.
Changelog:
0.10.5:
fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
fix number of channels for gray-to-gray color transform (CVE-2026-1837)
djxl: reject decoding JXL files if "packed" representation size overflows size_t
0.10.4:
Huffman lookup table size fix (CVE-2024-11403)
Check height limit in modular trees (CVE-2024-11498)
0.10.3:
fixed decoding of some special images
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:02 +05:30
a0a3169b2b
keepalived: patch CVE-2024-41184
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184
Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:01 +05:30
ad6ea218ae
gnome-shell: ignore CVE-2021-3982
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982
The vulnerability is about a privilege escalation, in case
the host distribution sets CAP_SYS_NICE capability on the
gnome-shell binary.
OE distros don't do that, and due to this this recipe is not
affected by this issue. The CVE is ignored.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4d6e24106cskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:01 +05:30
1a6816e20f
gimp: patch CVE-2026-2048
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2048
Pick the patch from the relevant upstream issue[1];
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:52:00 +05:30
fb8e5b9659
gimp: ignore CVE-2026-2047
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047
The vulnerability exists in ICNS importer, which was first introduced in
version 3.0 [1], and the code is not present in the recipe version.
Due to this, ignore this CVE.
[1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:51:51 +05:30
210ce6945c
gimp: patch CVE-2026-2045
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2045
Pick the patch associated with the relevant upstream issue[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:06 +05:30
276a3b7195
gimp: patch CVE-2026-2044
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2044
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:05 +05:30
74f6a2e5ac
gimp: patch CVE-2026-0797
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797
The patch referenced in the NVD report looks incorrect.
This change in this patch was taken from the related upstream issue[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:05 +05:30
3dd2d0dc98
gimp: patch CVE-2025-2761
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761
Pick the patch from the relevant upstream bug[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:04 +05:30
50d7ec475b
gimp: patch CVE-2025-2760
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2760
Use the fixes from Debian.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:04 +05:30
42d1f2f681
gimp: patch CVE-2025-15059
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:03 +05:30
077dad4b6d
gimp: ignore CVE-2025-14424
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424
The vulnerbaility was introduced in version 3.0.0, with commit[1].
The recipe version isn't vulnerable - ignore this CVE.
[1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/a0fc5a025ae3579609730ebabc3c84146385da76
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:03 +05:30
e7dcdee568
freerdp: upgrade 2.11.7 -> 2.11.8
...
Drop patch that is included in this release.
Changelog: https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.8
Backported #12319 bugfixes from 3.x
Fix incompatible pointer type issues
X11: fix pointer/integer type mismatch
Warn backport
[core] eliminate rdpRdp::instance
X11 client: ignore grab related LeaveNotify events
[winpr,pubsub] add NULL parameter checks
fix: correct server port assignment logic
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:47:02 +05:30
a831c03427
exiftool: ignore CVE-2026-3102
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102
The vulnerability impacts only MacOS - ignore it.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-24 08:46:57 +05:30
1bdb7dc121
mbedtls: Do not set LIB_INSTALL_DIR to an absolute path to make MbedTLSTargets.cmake relocateable
...
Signed-off-by: haonguyen-qualgo <hao.nna@qualgo.net >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-23 14:14:58 +05:30
4d3e2639de
source-han-sans-*-fonts: rename downloaded files in SRC_URI
...
In commit [0], we've switched away from SVN fetcher in SRC_URI.
The archives downloaded are named SourceHanSans*.zip
They are named this way regardless of the version 1.004 or 2.004.
So when the new archives checksums are tested, the fetcher will
look for the old archives with the same name in the DL_DIR.
>From [1], there are checksum failures due to given checksums not
matching the ones in DL_DIR. Thus, downloaded archives are renamed
following their package name and version.
[0]: https://git.openembedded.org/meta-openembedded/commit/?id=36a1e36e1272ca50e5dba0c4cf25ee3ff8b8f1c9
[1]: https://autobuilder.yoctoproject.org/typhoon/#/builders/156/builds/367/steps/16/logs/errors
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr >
Reviewed-by: Yoann Congal <yoann.congal@smile.fr >
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 08e414d496anuj.mittal@oss.qualcomm.com >
2026-03-03 13:08:08 +05:30
6ce6448ebc
README: update listed maintainer
...
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:58:47 +05:30
2160609b5b
wireshark 4.2.14: Fix CVE-2026-0962
...
Upstream Repository: https://gitlab.com/wireshark/wireshark.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0962
Type: Security Fix
CVE: CVE-2026-0962
Score: 6.5
Patch: https://gitlab.com/wireshark/wireshark/-/commit/825b83e1ed14
Signed-off-by: Anil Dongare <adongare@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:45:44 +05:30
4e4ad54c9a
fcgi: add follow-up patch for CVE-2025-23016
...
New release [1] added additional fir for this CVE.
[1] https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:00:46 +05:30
c88db38ad6
python3-pybind11-json: fix Targets.cmake trying to reference host
...
The resulting pybind11_jsonTargets.cmake in the dev-package adds an
absolute path to python include directories in the target properties:
set_target_properties(pybind11_json PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "/usr/include/python3.13;${_IMPORT_PREFIX}/include"
)
The patch removes ${PYTHON_INCLUDE_DIRS} which is set by pybind11 from
set_target_properties to remove the poisonous host path.
Signed-off-by: Tafil Avdyli <tafil@tafhub.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0332dae9bbtafil@tafhub.de >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:00:45 +05:30
560eef1dc2
nodejs: add missing Upstream-Status
...
The patch was introduced in:
https://git.openembedded.org/meta-openembedded/commit/?h=scarthgap&id=3f9623aaefed5b070294a0d52a54a50ea709b389
and it's the only one in missing it (as default ERROR_QA in scarthgap
doesn't have patch-status).
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:00:45 +05:30
83e564a365
nginx: patch CVE-2026-1642
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-1642
Pick the commit that was identified by the reporter on the oss-sec
mailing list[1]
[1]: https://www.openwall.com/lists/oss-security/2026/02/05/1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:00:44 +05:30
8c9f62ea1b
postgresql: upgrade 16.11 -> 16.12
...
License-Update: Update license year to 2026
Includes fix for CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006
Changelog:
https://www.postgresql.org/docs/release/16.12/
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch for
16.12
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:00:44 +05:30
c9662d5451
dovecot: ignore CVE-2025-30189
...
Vulnerable versions are 2.4.0, 2.4.1 according to the full disclosure[1]
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189
[1] https://seclists.org/fulldisclosure/2025/Oct/29
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-25 13:00:40 +05:30
f243689cda
python3-m2crypto: fix python3-m2crypto-native do_configure:prepend()
...
The recent workaround for https://github.com/swiftlang/swift/issues/69311
breaks python3-m2crypto-native, with error about missing e_os2.h file in
recipe-sysroot-native.
Apply do_configure:prepend to class-target only to fix.
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c1693752d7anuj.mittal@oss.qualcomm.com >
2026-02-25 12:36:08 +05:30
50292b4331
polkit: Switch PAM files to common-*
...
Add a new OS option to polkit meson: "openembedded" and use this to
set PAM include to common-* which matches OE-Core libpam.
This also may fix a non-reproducibility since polkit meson system tried
to detect the host (compiling) OS and changed PAM config from the
detected value.
Fixes: https://github.com/openembedded/meta-openembedded/issues/860
Signed-off-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9bdff5feb6anuj.mittal@oss.qualcomm.com >
2026-02-25 10:37:54 +05:30
26fe9ce9f1
nbench-byte: Fix sysinfo generation in parallel build
...
The project Makefile uses a script (sysinfo.sh) to non-atomically generate
two .c files (sysinfo.c, sysinfoc.c) which are then included in the build.
Since the script always overwrites both .c files, the Makefile should only
invoke it once, not twice in parallel. Otherwise the .c files may be
corrupted and cause random build failures in parallel builds.
Requires at least GNU make 4.3, for Grouped Targets support [1].
[1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Reviewed-by: Silvio Fricke <silvio.fricke@gin.de >
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit add2d94ab7anuj.mittal@oss.qualcomm.com >
2026-02-25 10:27:47 +05:30
ec0469748b
nodejs: fix gcc compile failed for 32 bit arm target
...
Use gcc to compile failed for 32 bit arm target
$ echo 'MACHINE = "qemuarm"' >> conf/local.conf
$ bitbake nodejs
...
2645 | );
| ^
../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16'
2643 | vcgeq_u8(input, vdupq_n_u8(' ')),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| uint8x16_t
...
Use '-flax-vector-conversions' to permit conversions between vectors
with differing element types or numbers of subparts
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit fe7aaabb1cskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 15:59:04 +05:30
3f9623aaef
nodejs: upgrade 20.18.2 -> 20.20.0
...
Part of nodejs LTS release, contains many security- and bugfixes.
Ptests passed successfully.
Full changelog:
https://github.com/nodejs/node/blob/v20.x/doc/changelogs/CHANGELOG_V20.md
Dropped patches that are included in this release.
Added 0001-Revert-stop-using-deprecated-ares_query.patch:
Nodejs has changed a deprecated c-ares call to a newer version,
however this newer method is not available in the c-ares shipped
in meta-oe, and it failed to compile (the new call was added to c-ares
in v1.28.0, but Scarthgap comes with v1.27.0). This patch reverts this
failing commit completely. Based on the PR/issue discussions, the
only goal was to eliminate deprecation warnings. There seem to be
no logic change from this change.
License-Update:
- The license file was regenerated, to ensure it is up to date.
It contains all licenses from all vendored dependecies. This
resulted in adding nlohmann-json license to the file, which
is MIT. There were already other MIT dependencies, so this
didn't change the overall license declaration.
- base64 related license was removed, because base64 code was
simplified, so it doesn't depend on this library anymore.
(It was BSD-2-Clause, but there ar other dependencies using
this license, so the overall license didn't change)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 15:58:49 +05:30
11dfc31f83
gnome-commander: upgrade 1.16.1 -> 1.16.2
...
Drop patch that is included in this version.
Changes:
- Fix double g_error_free call in remote_close_callback
- Fix build with taglib 2.0
- Set project gnu++11 c++ language version explicitely
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 13:38:13 +05:30
6d53b607b2
python3-django: upgrade 4.2.27 -> 4.2.28
...
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207,
CVE-2026-1285, CVE-2026-1287 and CVE-2026-1312
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 13:38:13 +05:30
7e98075d47
tigervnc: mark CVE-2024-0408 and CVE-2024-0409 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-0408
https://nvd.nist.gov/vuln/detail/CVE-2024-0409
Both of these vulnerabilities were fixed[1][2] in xserver 21.1.11,
just mark them patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8d825f72da71d6c38cbb02cf2ee2dd9e0e0f50f2
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a4f0e9466f3bc7073a8f0c28a581211c2d7adf0e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 13:38:13 +05:30
b64c7c68a0
gnome-text-editor: upgrade 46.1 -> 46.3
...
Changelog:
===========
- Fix a trivial build error when -Werror=implicit-function-declaration is
- specified.
- Fix an issue with cancellation of closing a page
- Try harder to ensure a buffer disposes associated resources when
the page is closed.
- Translation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0562755261skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 13:38:13 +05:30
fe4ef3f878
eog: upgrade 45.3 -> 45.4
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4181632bc1skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-12 13:38:13 +05:30
Gyorgy Sarvari
Vijay Anusuri
Hitendra Prajapati
Christos Gavros
Deepak Rathore
Peter Marko
haonguyen-qualgo
Alexandre Truong
Anuj Mittal
Anil Dongare
Tafil Avdyli
Martin Jansa
Ankur Tyagi
Geoff Parker
Yoann Congal
Daniel Klauer
Hongxu Jia
Wang Mingyu