a1b17511ca
corosync: upgrade 3.1.6 -> 3.1.9
...
dbus dir was changed from sysconfdir to datadir
drop unused configure code
License-Update: copyright years refreshed
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 950c603f21ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
64f9120014
corosync: fix upstream version check
...
github-releases is needed that it work at all:
ERROR: Automatic discovery of latest version/revision failed - you must provide a version using the --version/-V option, or for recipes that fetch from an SCM such as git, the --srcrev/-S option.
UPSTREAM_CHECK_GITTAGREGEX is needed to get correct version, otherwise:
$ devtool latest-version corosync
...
INFO: Current version: 3.1.6
INFO: Latest version: 414.336.75.75.75
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 9aed476a90ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
68f8ea24d0
corosync: reproducibility issue
...
Corosync is not reproducible due to change of value
in NETSNMP_SYS_CONTACT which is set in net-snmp:
NETSNMP_SYS_CONTACT = "$ME@$LOC"
$ME = whoami
$LOC assigned domain name from /etc/resolv.conf
Use build in'--with-sys-contact' to overwrite it
https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/30/steps/28/logs/stdio
CC: Yoann Congal <yoann.congal@smile.fr >
CC: Randy MacLeod <randy.macleod@windriver.com >
Signed-off-by: Christos Gavros <gavrosc@yahoo.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit bb138b9f6bankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:33 +08:00
b03f8e79af
redis: upgrade 7.2.8 -> 7.2.11
...
ChangeLog:
https://github.com/redis/redis/releases/tag/7.2.9
https://github.com/redis/redis/releases/tag/7.2.10
https://github.com/redis/redis/releases/tag/7.2.11
https://github.com/redis/redis/compare/7.2.8...7.2.11
7.2.11
Security fixes
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
7.2.10
Security fixes
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
7.2.9
Security fixes
(CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE
Dropped CVE-2025-32023.patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
7a17429d34
freerdp3: patch CVE-2024-32662
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32662
Pick the patch that is mentioned in the above vulnerability report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
d577aca11c
freerdp3: patch CVE-2024-32661
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32661
Pick the patch that is mentioned in the above vulnerability report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
6acb319466
freerdp3: patch CVE-2024-32660
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32660
Pick the patch that is mentioned in the above CVE report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
a682f5efd0
freerdp3: patch CVE-2025-32659
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32659
Pick the commit that mentioned in the above CVE report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
95d7b8e7d5
freerdp3: patch CVE-2024-32658
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32658
Pick the commit that is marked to resolve the related github advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
3fab129346
freerdp3: patch CVE-2024-32460
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32460
Pick the commit that marked as a solution for the related github advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
3bc45c028e
freerdp3: patch CVE-2024-32459
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32459
Pick the patch that is marked to resolve the related github advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
df276ba913
freerdp3: patch CVE-2024-32458
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32458
Pick the commit that is marked to resolve the related github advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
057e1f5d06
freerdp3: patch CVE-2024-32040
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32040
Pick the patch that is marked to resolve the related github advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:32 +08:00
ca2667f23a
freerdp3: patch CVE-2024-32039 and CVE-2024-32041
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32039
https://nvd.nist.gov/vuln/detail/CVE-2024-32041
Pick the patch that is marked as fixing the related github advisory.
The same commit fixes both vulnerabilities.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
0e314d0f4c
freerdp3: set CVE_PRODUCT
...
CPE does not contain mnajor version number, so set VE product to just
freerdp.
Without this there are no (fixed) CVEs in reports.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4058959d6cskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
9b07679a55
freerdp: mark CVE-2024-32662 as fixed
...
2.x is not affected, bug was introduced in 3.0.0.
See e.g. https://security-tracker.debian.org/tracker/CVE-2024-32662
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a7f2051068skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
0095a1e3c3
freerdp: patch CVE-2024-32661
...
Pick commit [1] as mentioned in [2] or [3].
[1] https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-32661
[3] https://security-tracker.debian.org/tracker/CVE-2024-32661
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c91d6a2c65skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
19565142f8
freerdp: Upgrade 2.11.2 -> 2.11.7
...
Partially backport a fix to build with gcc-14
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4b14dacf55skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
5b3e9e377c
evince: Update status for CVE-2011-0433 and CVE-2011-5244
...
The current version 46.0 is not affected by the issues.
Both issues have been fixed in commit [0].
The fix is in effect since early versions of evince (3.1.2).
Thus, both can be safely ignored.
[0]: https://gitlab.gnome.org/GNOME/evince/-/commit/efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr >
Reviewed-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 492b1b1adcskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
efa1ef31f4
etcd: patch CVE-2023-32082
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-32082
Pick the patch mentioned in the details of the report. (It was backported
to the 3.5 tree)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
d27a9c3b6e
emlog: set CVE_PRODUCT
...
This will remove false-positive CVE-2024-50655 from reports.
There are different emlog components from other vendors around.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d8d45d9093skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
fe8e7d62aa
poppler: Fix CVE-2025-43718
...
Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408
Reference: https://ubuntu.com/security/CVE-2025-43718
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
0d59e9acda
xsp: CVE status update for CVE-2006-2658
...
The recipe used in the `meta-openembedded` is a different xsp package compared to the one which has the CVE issue.
Package used in `meta-embedded`: maemo xsp http://repository.maemo.org/pool/maemo/ossw/source/x/xsp/
Package with CVE issue: mono xsp https://github.com/mono/xsp
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 3cb411a057skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:31 +08:00
adf3b111c3
jasper: patch CVE-2025-8837
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837
Pick the patch from the details of the above link.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
10196085ab
jasper: patch CVE-2025-8836
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8836
Pick the patch mentioned in the details of the above link.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
7c893fb155
jasper: patch CVE-2025-8835
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8835
Pick the patch from the details of the above link.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
a2a174aafc
iperf2: ignore irrelevant CVEs
...
These CVEs are for iperf3 - which is a similar application in its goals (and name),
but an independent project from this, and the projects are independent implementations
also, they share no common code.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit aedf74e082skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
46091f4925
open-vm-tools: fix CVE-2025-41244
...
VMware Aria Operations and VMware Tools contain a local privilege
escalation vulnerability. A malicious local actor with non-administrative
privileges having access to a VM with VMware Tools installed and managed
by Aria Operations with SDMP enabled may exploit this vulnerability
to escalate privileges to root on the same VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-41244
Upstream-patch:
https://github.com/vmware/open-vm-tools/commit/7ed196cf01f8acd09011815a605b6733894b8aab
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
4d28ff8b34
tokyocabinet: fix license
...
The application is distributed under the LGPL license, not GPL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8fd2b5c5b2anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
630a852aa4
tokyocabinet: switch to working SRC_URI
...
The original source seems to be long gone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
693a7500ba
pm-qa: update git fetch protocol
...
Apparently the git repo in the SRC_URI stopped supporting git
protocol. Switch to https to be able to fetch the source successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
a8484babb6
uim: Stick to C17
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5cac401d00anuj.mittal@intel.com >
2025-10-29 23:07:07 +08:00
84f8102ada
audiofile: patch CVE-2017-6839
...
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 88faae83b2skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:11:25 +08:00
f95b8652fd
audiofile: patch CVE-2017-6831
...
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9d668989b1skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:11:24 +08:00
f9c6481dc0
audiofile: fix multiple CVEs
...
CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 75f2bd2b3bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:11:24 +08:00
9328cb8675
audiofile: patch CVE-2017-6829
...
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f29fbaa465skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:11:24 +08:00
e8474b925f
audiofile: fix multiple CVEs
...
CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 634cbcb91cskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:11:24 +08:00
065ff23049
dovecot: patch CVE-2022-30550
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30550
Pick the commit referenced in https://www.openwall.com/lists/oss-security/2022/07/08/1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:53 +08:00
64981bc057
civetweb: patch CVE-2025-55763
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55763
Pick the relevant commit from https://github.com/civetweb/civetweb/pull/1347/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:34 +08:00
baf3635c7d
apache2: ignore irrelevant CVEs
...
Ignore a number of CVEs for this recipe (because they are for another software,
outdated version, or because they affect only non-Linux platforms). This commit
is a backport of a number of commits from the master branch (which uses the same
version of the recipe):
0e7733f1b81b86a60f6259d3949e3e1b86a60f62da2b5e8b930e7733f1b8skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:21 +08:00
1c7b78eb6c
ace: ignore CVE-2009-1147
...
This CVE is for vmware ace.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:09:45 +08:00
9da44cc133
mariadb: correct STACK_DIRECTION setting
...
STACK_DIRECTION = 1 means stack grow upwards
STACK_DIRECTION = -1 means stack grow downwards
In the majority of modern architectures, stack grows downwards. So set
STACK_DIRECTION = 1 is not right. But the failure is not exposed before,
mysqld can start normally, and simple runtime operation like create db,
table, select info, works well. But it is exposed after commit [1] is
merged, mysqld will start failed with error:
2025-02-12 3:18:19 0 [ERROR] Could not open mysql.plugin table: "Thread stack overrun: 16752824 bytes used of a 299008 byte stack, and 81920 bytes needed
Since commit [2], mariadb started to determine the default
STACK_DIRECTION in CMake based on the ISA, and we have set correct
CMAKE_SYSTEM_PROCESSOR in cmake.bbclass, so just don't pass it.
[1] https://github.com/MariaDB/server/commit/bddbef3573349b0565c43c27beba47c89358f39f
[2] https://github.com/MariaDB/server/commit/d0abbdf56e11ccc88447c1dc80caaf355c94be3b
[3] https://jira.mariadb.org/browse/MDEV-36051
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cdd8b41d6eanuj.mittal@intel.com >
2025-10-06 16:08:57 +08:00
1dfa9a4db6
thrift: fix build with gcc 15
...
Cherry-pick a patch adding missing cstdint include for int64_t in
Mutex.h
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:08:31 +08:00
92b5724cef
srecord: fix build failure with gcc-15
...
srecord/input/file/hp64k.h:82:21: error: ‘uint16_t’ has not been declared
82 | bool read_u16be(uint16_t *dest);
| ^~~~~~~~
/home/abuild/rpmbuild/BUILD/srecord-1.65.0-build/srecord-1.65.0-Source/./srecord/input/file/hp64k.h:1:1: note: ‘uint16_t’ is defined in header ‘<cstdint>’; this is probably fixable by adding ‘#include <cstdint>’
+++ |+#include <cstdint>
1 | //
make[2]: *** [srecord/CMakeFiles/lib_srecord.dir/build.make:222: srecord/CMakeFiles/lib_srecord.dir/arglex/tool/input.cc.o] Error 1
* From gcc 13, cstdint header must be explicitly included for uint_X data types.
* See also: https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes
Signed-off-by: mark.yang <mark.yang@lge.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:08:10 +08:00
e6df081618
udisks2: upgrade 2.10.1 -> 2.10.2
...
This patch addresses below CVE's:
CVE-2025-6019
CVE-2025-8067
Changelog:
https://github.com/storaged-project/udisks/releases
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:06:34 +08:00
177686278f
libusbgx: fix gadget-stop install
...
It was by mistake installed gadget-start instead.
Signed-off-by: Grygorii Tertychnyi <grembeter@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b8e970395ekekiefer@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:06:21 +08:00
a4f61ba2e0
collectd: set working SRC_URI
...
The project started to outsource the source hosting to Google storage
and Github.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:06:17 +08:00
e9dc408e74
indent: fix CVE-2024-0911
...
Backport a fix from upstream to resolve CVE-2024-0911
https://git.savannah.gnu.org/git/indent.git feb2b646e6c3a05018e132515c5eda98ca13d50d
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit 26ef6a9c2dskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:05:53 +08:00
d181391f33
indent: fix CVE-2023-40305
...
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace
in indent.c via a crafted file.
Reference:
https://savannah.gnu.org/bugs/index.php?64503
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
(cherry picked from commit 7da6cb848bskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:05:53 +08:00
00a0fcfd72
psqlodbc: set valid SRC_URI
...
The old URI stopped working.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:05:46 +08:00
Peter Marko
Christos Gavros
Vijay Anusuri
Gyorgy Sarvari
Khem Raj
Alexandre Truong
Ninette Adhikari
Rajeshkumar Ramasamy
Changqing Li
Adrian Freihofer
mark.yang
Saravanan
Grygorii Tertychnyi
hongxu
Yogita Urade