a3826c4999
gnuplot: fix CVE-2025-31176
...
CVE-2025-31176:
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation
fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31176 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
9d3537ef42
gnuplot: fix CVE-2025-3359
...
CVE-2025-3359:
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal
may jeopardize the environment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-3359 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
a8fdc03123
libssh: fix CVE-2025-4877
...
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
97e9dee283
nginx: patch CVE-2025-53859
...
Pick patch from nginx site which is also mentioned in [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-53859
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
3ef67c94da
hunspell-dictionaries: switch branch from master to main
...
The repository of dictionaries doesn't have a branch named master. So, the
branch is switched to main.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr >
Reviewed-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
d90b295188
abseil-cpp: fix build with gcc-15 on host
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
938c8d28a2
postgresql: upgrade 16.9 -> 16.10
...
Includes fix for CVE-2025-8713, CVE-2025-8714, CVE-2025-8715
License-Update: Align organization wording in copyright statement
Changelog:
https://www.postgresql.org/docs/release/16.10/
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch
for 16.10
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
c316f92599
poppler: fix CVE-2025-50420
...
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/a7025904e3330dd6cf95f3664ef6fc77034cc5e1
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
b484df6361
python3-werkzeug: added python3-difflib as RDEPENDS
...
File "/usr/lib/python3.12/site-packages/werkzeug/routing/exceptions.py", line 3, in <module>
import difflib
ModuleNotFoundError: No module named 'difflib'
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
dcef3fff75
vulkan-cts: allow vulkan versions > 1.3
...
Backport a patch from upstream that allows vulkan-cts to work with
Vulkan version greater than 1.3. Previously any unknown Vulkan versions
will return 0 when we attempt to locate the minimum version with
minVulkanAPIVersion.
Signed-off-by: Randolph Sapp <rs@ti.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
1095ea81ed
luajit: fix several CVEs
...
Fix CVE-2024-25176, CVE-2024-25177, CVE-2024-25178
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:10 +08:00
e099b1462d
jq: add Upstream-Status and CVE tags into .patch files
...
v1 version was merged instead of v2 from:
https://lists.openembedded.org/g/openembedded-devel/message/118302
add missing Upstream-Status and CVE tags from v2.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech >
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:10 +08:00
3fbbd2c080
php: upgrade 8.2.28 -> 8.2.29
...
This upgrade fixes below CVEs.
CVE-2025-1735
CVE-2025-6491
CVE-2025-1220
Changelog: https://www.php.net/ChangeLog-8.php#8.2.29
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:06 +08:00
2a7a09ff10
v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit
...
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-11 16:58:30 +08:00
c29a18fa39
mbedtls: drop tag parameter from SRC_URI.
...
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-08-18 08:35:05 -07:00
205638f9ed
poco: patch CVE-2025-6375
...
Pick commit mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
37b138014b
poco: ignore additional failing tests
...
These tests are failing and thus preventing verification of new patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
e67921006f
minifi-cpp: patch spdlog CVE-2025-6140
...
Same patch as in spdlog recipe.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
1fb0820868
spdlog: patch CVE-2025-6140
...
Pick commit [1] mentioned in [2] as listed in [3].
[1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094
[2] https://github.com/gabime/spdlog/issues/3360
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
ba84c52d55
libcoap: patch CVE-2024-31031
...
Pick commit [1] from [2] which fixes [3] as listed in [4].
[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
c8a1b909ec
poppler: fix CVE-2025-52886
...
Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std::atomic_int` for reference counting. Because
`std::atomic_int` is only 32 bits, it is possible to overflow
the reference count and trigger a use-after-free. Version 25.06.0
patches the issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-52886
https://security-tracker.debian.org/tracker/CVE-2025-52886
Upstream patches:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
21e370fd3c
open-vm-tools: fix CVE-2025-22247
...
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247
Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
c781171d34
mariadb: File conflicts for multilib
...
File conflicts between attempted installs of mariadb and lib32-mariadb
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(master rev: ddd322323eguocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
958ef90ab0
kmsxx: Revert to using original name for kmstest
...
Earlier both libdrm[1] and kmsxx[2] projects used to provide a binary
program called kmstest. To avoid the clash, the kmsxx recipe was
updated to rename this binary to kmsxxtest during installation. However
libdrm project has now removed kmstest[3] and hence there is no clash
in naming anymore, so revert back to original name of binary i.e.
kmstest.
[1]: https://gitlab.freedesktop.org/mesa/libdrm.git
[2]: https://github.com/tomba/kmsxx
[3]: https://gitlab.freedesktop.org/mesa/libdrm.git
commit: 2b997bb4bb688be00620887c8646ff24ccb9396b
Signed-off-by: Swamil Jain <s-jain1@ti.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
7b57b8f106
mariadb: upgrade 10.11.9 -> 10.11.12
...
This upgrade includes fix for CVE-2023-52969, CVE-2023-52970
and CVE-2023-52971
Changelog:
https://mariadb.com/kb/en/mariadb-10-11-12-changelog/
refresh 0001-Add-missing-includes-cstdint-and-cstdio.patch
Droped mm_malloc.patch and ppc-remove-glibc-dep.patch (Commit ID:
https://github.com/MariaDB/server/commit/dff354e7df2fa774ce4da77202a17e2cae99ac59 )
as these changes are available in 10.11.12
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
1b222113dc
libssh: fix CVE-2025-5351 & CVE-2025-5372
...
* CVE-2025-5351 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256
* CVE-2025-5372 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
2c9126bd0d
mbedtls: upgrade 3.6.3.1 -> 3.6.4
...
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087
The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
[1] https://github.com/Mbed-TLS/mbedtls/commit/8cf5666a174237998a7965e284d7ba8c1655d16d
[2] https://github.com/Mbed-TLS/mbedtls/commit/c90c6d8ff787ab8787d9373b0e662a95ed1f4dae
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
6dedea4262
mbedtls: upgrade 3.6.3 -> 3.6.3.1
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:34:07 -04:00
ec1f3712f2
softhsm: correct the SRC_URI
...
The old SRC_URI is not available.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:21 -04:00
e66e64ee63
redis: fix CVE-2025-32023
...
Upstream-Status: Backport from https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:18 -04:00
fb6424156a
postfix: fix rootfs file difference
...
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:14 -04:00
c672757f81
apache2: Upgrade 2.4.62 -> 2.4.64
...
This upgrade incorporates the fixes for CVE-2025-53020, CVE-2025-49812,
CVE-2025-49630, CVE-2025-23048, CVE-2024-47252, CVE-2024-43394,
CVE-2024-43204, CVE-2024-42516 and other bugfixes.
Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.64
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:10 -04:00
1e80bb4b03
proftpd: Fix CVE-2023-51713
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&id=730e44900a0a86265bad93a16b5a5ff344a07266
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:06 -04:00
b5b11c1cc0
thrift: correct the SRC_URI
...
The tarball of version 0.20.0 can not be found on old SRC_URI.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:02 -04:00
e8fd97d86a
xfce4 update HOMEPAGEs
...
https://goodies.xfce.org/ states "Starting this month (November 2019), a project is starting
to migrate the goodies.xfce.org documentation to https://docs.xfce.org/start . The goal is to
remove deprecated projects and, eventually, de-commission the goodies.xfce.org URLs. Additional
information will be posted on https://wiki.xfce.org/projects/goodies-decomm/start as the project
proceeds."
This patch updates the URLs being used in the HOMEPAGEs to reflect where the address is actually
resolving.
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:29:57 -04:00
3b6e1fa190
logcheck: correct the SRC_URI
...
In http://ftp.debian.org/debian/pool/main/l/logcheck/ , the
tarball of version 1.4.3 is not available.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:41 -04:00
dde4e6d41b
libconfig: correct the SRC_URI
...
The old SRC_URI is not available.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:37 -04:00
bf0a439694
python3-h5py: backport fixes for incompatible-pointer-types issues
...
Needed in scarthgap for native build on hosts with gcc-14 and newer.
It was in master since:
https://git.openembedded.org/meta-openembedded/diff/meta-python/recipes-devtools/python/python3-h5py_3.11.0.bb?id=f0c767407d033e3f39ceeccc2f7e03a1ca7a6443
and then removed as fixed in 3.11.0 by:
https://git.openembedded.org/meta-openembedded/commit/?id=4b990b6dbabaeb65df5bf46546a873c69032a040
but scarthgap has older 3.10.0, backport necessary changes.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:34 -04:00
3d03058fe2
jq-1.7.1: Backport multiple CVE fixes
...
CVE: CVE-2024-23337
CVE: CVE-2024-53427
CVE: CVE-2025-48060
Patches CVE-2024-23337.patch and CVE-2024-53427.patch are backported from
jq-1.8.0, and CVE-2025-48060.patch is backported from jq-1.8.1.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:11 -04:00
4a58c21334
tcpreplay: fix CVE-2024-22654
...
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:13:26 -04:00
6885bcddd4
wireshark: upgrade 4.2.9 -> 4.2.12
...
releasenote:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.11.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.10.html
Includes security fix CVE-2025-5601
License-Update: Update GPL copies for FSF no longer having an address
Link: https://github.com/wireshark/wireshark/commit/18e4db97c424c11cb26fa7fef97b95dd3d001bb1
The 4.2.9 was not longer available at the original SRC_URI.
At the new SRC_URI all version of the wireshark releases are available.
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:05:56 -04:00
e82141507c
phpmyadmin: upgrade 5.2.1 -> 5.2.2
...
License-Update: License year updated
This upgrade include security fix for:
CVE-2025-24529
CVE-2025-24530
Release note:
https://www.phpmyadmin.net/news/2025/1/21/phpMyAdmin-522-is-released/
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:04:33 -04:00
f282322123
udisks2: Hardening measure of CVE-2025-6019
...
Refer [1], CVE-2025-6019 is strongly related to udisk daemon, and
this is a hardening measure related to this.
[1] https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
[2] https://security-tracker.debian.org/tracker/CVE-2025-6019
[3] https://ubuntu.com/blog/udisks-libblockdev-lpe-vulnerability-fixes-available
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-06 19:47:17 -04:00
d2054d5887
libblockdev: fix CVE-2025-6019
...
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-06 19:47:13 -04:00
7f20709055
python3-pylint: correct the SRC_URI
...
In the SRC_URI, the branch of maintenance/3.1.x has been reomved,
which will cause do fetch error. So update as "branch=main"
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-06 19:47:09 -04:00
c32d12b950
libssh: fix CVE-2025-5318
...
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-06 19:46:54 -04:00
f69d50cfe0
python3-protobuf: upgrade from 4.25.3 to 4.25.8
...
protobuf has upgraded to 4.25.8. Sync with it.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-06 19:46:44 -04:00
7c3e7a6d5d
protobuf: upgrade from 4.25.3 to 4.25.8
...
0001-Add-recursion-check-when-parsing-unknown-fields-in-J.patch is
dropped because it has been in new version.
This upgrade also fixes CVE-2025-4565. The fix commit is as below:
d31100c91 Manually backport recursion limit enforcement to 25.x
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-06 19:46:40 -04:00
727811eaf2
imagemagick: guard sed operations in do_install for optional files
...
When PACKAGECONFIG options like 'cxx' 'webp' and 'xml' are disabled,
certain files such as Magick++-config.im7, configure.xml, or
delegates.xml are not installed. Unconditionally running sed
on these files results in errors during do_install
Error:
sed: can't read .../image/usr/bin/Magick++-config.im7: No such file or directory
Signed-off-by: Nikhil R <nikhilr5@kpit.com >
Signed-off-by: Sana Kazi <sanakazi720@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-06-23 17:03:24 -04:00
5dfaf0e236
postgresql: upgrade 16.8 -> 16.9
...
Includes fix for CVE-2025-4207
Release notes:
https://www.postgresql.org/docs/release/16.9/
0003-configure.ac-bypass-autoconf-2.69-version-check.patch
Refreshed for 16.9
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-06-23 17:03:21 -04:00
Zhang Peng
Hitendra Prajapati
Peter Marko
Alexandre Truong
Martin Jansa
Yogita Urade
Jan Vermaete
Randolph Sapp
Changqing Li
Roland Kovacs
Praveen Kumar
Jiaying Song
kjlau0112
Guocai He
Swamil Jain
Guðni Már Gilbert
Wang Mingyu
Jinfeng Wang
Vijay Anusuri
J. S.
Archana Polampalli
Chen Qi
Sana Kazi