7b1c9fa6fb
ImageMagick: Fix CVE-2025-55160
...
Backport the fix for CVE-2025-55160
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da ]
Add below patch to fix
0003-ImageMagick-Fix-CVE-2025-55160.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:48 +01:00
bbcd2ab724
ImageMagick: Fix CVE-2025-53101
...
Backport the fix for CVE-2025-53101
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 ]
Add below patch to fix
0002-ImageMagick-Fix-CVE-2025-53101.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:47 +01:00
520f64ef3c
ImageMagick: Fix CVE-2025-53014
...
Backport the fix for CVE-2025-53014
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 ]
Add below patch to fix CVE-2025-53014
0001-ImageMagick-Fix-CVE-2025-53014.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:46 +01:00
cac725f7d2
gflags: switch Git branch from master to main
...
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 19:22:39 +01:00
46a6fbcdcb
apache2: upgrade 2.4.65 -> 2.4.66
...
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753
See: http://www.apache.org/dist/httpd/CHANGES_2.4.66
Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 19:21:36 +01:00
97d4be2839
gupnp-igd: add ptest support
...
Execution takes around 10 seconds.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 19:34:22 +01:00
590afd1a98
gupnp-av: add ptest support
...
It takes around a second to execute the suite.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 65c2f6de55skandigraun@gmail.com >
2025-12-06 19:34:21 +01:00
535fc775a6
gupnp: add ptest support
...
It takes almost 50 seconds on my machine to execute.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e7878d69abskandigraun@gmail.com >
2025-12-06 19:34:20 +01:00
ff2b74df62
gssdp: add ptest support
...
It is quick, it finished under 20 seconds on my machine.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 27865a96d5skandigraun@gmail.com >
2025-12-06 19:34:19 +01:00
d95d7c8e7b
xrdp: add ptest support
...
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.
The recipe requires pam DISTRO_FEATURE to be present.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 54ca51b6c6skandigraun@gmail.com >
2025-12-06 19:34:17 +01:00
dcc7681d01
xrdp: patch CVE-2022-23493
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:13 +01:00
fc2c0460ab
xrdp: patch CVE-2022-23484
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:11 +01:00
e89a73a759
xrdp: patch CVE-2022-23483
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:10 +01:00
e0e34a0615
xrdp: patch CVE-2022-23481
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:09 +01:00
07291c5d65
xrdp: patch CVE-2022-23480
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:09 +01:00
d2a493539f
xrdp: patch CVE-2022-23479
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:08 +01:00
444c8f69d2
xrdp: patch CVE-2022-23478
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:07 +01:00
74b0b81579
xrdp: patch CVE-2022-23477
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:06 +01:00
5709e8f6ec
xrdp: patch CVE-2022-23468
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:05 +01:00
f218f0373f
xrdp: upgrade 0.9.18 -> 0.9.18.1
...
Contains fix for CVE-2022-23613
Changelog: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.18.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-06 17:33:04 +01:00
e2da1298ac
python3-django: fix CVE-2025-32873
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32873
Upstream-patch:
https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c/
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-05 15:29:59 +01:00
ee59faebac
python3-django: fix CVE-2024-53907
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907
Upstream-patch:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b/
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-05 15:29:58 +01:00
64e4cf9933
python3-django: fix CVE-2024-41991
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41991
Upstream-patch:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-05 15:29:55 +01:00
edb07bc11e
scsirastools: Fix build with usrmerge
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4448cd9ee7skandigraun@gmail.com >
2025-12-02 13:54:27 +01:00
4a70d6f944
gradm: fix installation with usrmerge enabled
...
In case usrmerge DISTRO_FEATURE is enabled, the recipe installs its
binaries into /sbin folder, which however supposed to be a symlink
to /usr/sbin folder, thus ultimately failing the installation.
To avoid this problem, backport a patch from master branch that allows
specifying the installation location.
This is a partial backport of 682657248cskandigraun@gmail.com >
2025-12-02 13:54:16 +01:00
bc55ba3d8c
babeld: fix installation with usrmerge
...
In case usrmerge DISTRO_FEATURE is enabled, the recipe installed
the application to /bin folder, which is however a symlink to /usr/bin,
so the installation ultimately failed.
To fix this, set the correct prefix for the installation.
This is a partial backport of f91983f1f3skandigraun@gmail.com >
2025-12-02 13:54:02 +01:00
6416254c0b
fontforge: patch CVE-2024-25081 and CVE-2024-25082
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-25081
https://nvd.nist.gov/vuln/detail/CVE-2024-25082
The same patch fixes both vulnerabilities.
Take the patch from the pull request that is referenced by the
nv report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 20:48:08 +01:00
2491ea2ffb
fontforge: patch CVE-2020-5395, CVE-2020-25690 and CVE-2020-5496
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-5395
https://nvd.nist.gov/vuln/detail/CVE-2020-25690
https://nvd.nist.gov/vuln/detail/CVE-2020-5496
The same patch fixes all three.
The patch for CVE-2020-25690 is mentioned in the RedHat bug, which is
referenced in the nvd report.
The patch for CVE-2020-5395 is mentioned in the Github issue that
is referenced in the nvd report.
The patch for CVE-2020-5496 is mentioned in the comments of the issue
that is linked in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 20:48:07 +01:00
48d2305f48
fontforge: ignore CVE-2019-15785
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15785
The vulnerability is not present in the currently used version, so
ignore it.
Current version: 20190801
First vulnerable version: 20190813
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 20:48:06 +01:00
67bb8e4b16
yasm: patch CVE-2021-33456
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465
The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1e2731fce0
2025-11-30 20:48:05 +01:00
68a44fe280
yasm: patch CVE-2021-33464
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464
The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 66a0b01b52
2025-11-30 20:48:04 +01:00
5fb0376aed
yasm: patch CVE-2023-29579
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579
The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cc30757a7f
2025-11-30 20:48:03 +01:00
b6eb044866
yasm: add alternative CVE_PRODUCT
...
There are multiple vendors for yasm:
$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm
Both products refer to the same application
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 93f85e4fd2
2025-11-30 20:48:01 +01:00
8b438a9d7b
python3-django: fix CVE-2024-39330
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39330
Upstream-patch:
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:36 +01:00
740980aaba
python3-django: fix CVE-2024-39329
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39329
Upstream-patch:
https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:34 +01:00
21d389c8f9
python3-django: fix CVE-2025-57833
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-57833
Upstream-patch:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:32 +01:00
0b554678b6
python3-django: fix CVE-2024-56374
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-56374
Upstream-patch:
https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:31 +01:00
540b79e3ee
python3-django: fix CVE-2025-26699
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-26699
Upstream-patch:
https://github.com/django/django/commit/e88f7376fe68dbf4ebaf11fad1513ce700b45860
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:30 +01:00
666ec505b4
python3-django: fix CVE-2024-27351
...
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-27351
Upstream-patch:
https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:29 +01:00
d4a5c4cf6c
python3-django: upgrade 4.2.17 -> 4.2.26
...
Fixes CVE-2025-64459, CVE-2025-64458, CVE-2025-59682, CVE-2025-59681,
CVE-2025-57833, CVE-2025-48432, CVE-2025-32873, CVE-2025-26699, CVE-2024-56374
and other bug fixes.
Release notes:
https://docs.djangoproject.com/en/dev/releases/4.2.18/
https://docs.djangoproject.com/en/dev/releases/4.2.19/
https://docs.djangoproject.com/en/dev/releases/4.2.20/
https://docs.djangoproject.com/en/dev/releases/4.2.21/
https://docs.djangoproject.com/en/dev/releases/4.2.22/
https://docs.djangoproject.com/en/dev/releases/4.2.23/
https://docs.djangoproject.com/en/dev/releases/4.2.24/
https://docs.djangoproject.com/en/dev/releases/4.2.25/
https://docs.djangoproject.com/en/dev/releases/4.2.26/
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:28 +01:00
252b82edd5
python3-django: upgrade 3.2.23 -> 3.2.25
...
Fixes CVE-2024-27351, CVE-2024-24680 and other bugfixes.
Release notes:
https://docs.djangoproject.com/en/dev/releases/3.2.24/
https://docs.djangoproject.com/en/dev/releases/3.2.25/
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:16:24 +01:00
a12478e722
libraw: patch CVE-2025-43964
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43964
Pick the patch that is referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
0e30e2ab37
libraw: patch CVE-2025-43963
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43963
Pick the patch that is referenced in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
cb0fcd1ae4
libraw: patch CVE-2025-43961 and CVE-2025-43962
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43961
https://nvd.nist.gov/vuln/detail/CVE-2025-43962
Pick the patch that is mentioned by the nvd reports - the
same patch fixes both vulnerabilities.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
309e9688d5
libraw: patch CVE-2023-1729
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1729
Pick the patch that is mentioned to solve the issue in the issue
linked from the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
730f4c000c
libraw: ignore CVE-2020-35535
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35535
The fix is already included in the used revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
298f329594
libraw: ignore CVE-2020-35534
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35534
The fix is already included in the currently used revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
ce9b6df403
libraw: ignore CVE-2020-35533
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35533
The fix is already included in the currently used revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
73891ac756
libraw: ignore CVE-2020-35532
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35532
The fix is already included in the currently used revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
34f34b93d9
libraw: ignore CVE-2020-35531
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-35531
The fix is already included in the currently used revision.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-11-30 15:13:58 +01:00
Divyanshu Rathore
Viswanath Kraleti
Valeria Petrov
Gyorgy Sarvari
Saravanan
Khem Raj