mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity
36,475 Commits 64 Branches 0 Tags
ae593252856ee3417bb76d47441db74af73f3484
Commit Graph

36475 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gyorgy Sarvari ae59325285 corosync: patch CVE-2026-35092 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35092

Pick the patch that mentions the CVE ID explicitly (the same commit
was identified by Debian also[1])

[1]: https://security-tracker.debian.org/tracker/CVE-2026-35092

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 5b72e39149 corosync: patch CVE-2026-35091 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35091

Pick the patch that mentions the CVE ID explicitly (it was identified
by Debian also as the fix[1])

[1]: https://security-tracker.debian.org/tracker/CVE-2026-35091

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 1f8d2c36c0 botan: patch CVE-2026-34582 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34582

Debian has identified[1] the PR that fixes this, however the url seems to have a
typo - it was PR number 5499[2], and not 5599[3]. (The backported commit's description matches
the CVE's description)

[1]: https://security-tracker.debian.org/tracker/CVE-2026-34582
[2]: https://github.com/randombit/botan/pull/5499
[3]: https://github.com/randombit/botan/pull/5599

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Jason Schonberg 4c4eaf1d21 php: upgrade 8.4.19 -> 8.4.20 
This is a bug fix release.

Changelog: https://www.php.net/ChangeLog-8.php#8.4.20

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari a23083428f giflib: patch CVE-2025-31344 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344

Backport the commit that mentions this CVE ID explicitly
in its message.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari fed5dab762 imagemagick: upgrade 7.1.2-17 -> 7.1.2-18 
Contains fixes for CVE-2026-33535 and CVE-2026-33536

Shortlog:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-17...7.1.2-18

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 873ae07e82 opensc: patch CVE-2025-66038 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66038

Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.

[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 73034a4fe1 opensc: patch CVE-2025-66037 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66037

Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.

[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 7c8dd8d492 opensc: patch CVE-2025-49010 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49010

Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.

[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 6c4868d3f7 nodejs: ignore fixed CVEs 
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Jason Schonberg 2c70222d32 nodejs: upgrade 22.22.1 -> 22.22.2 
This is the March 2026 security release.

  2 high severity issues.
  5 medium severity issues.
  2 low severity issues.

High priority fixes:
  CVE-2026-21637
  CVE-2026-21710

Medium priority fixes:
  CVE-2026-21711 (affects only nodejs v25)
  CVE-2026-21712 (affects only nodejs v24 & v25)
  CVE-2026-21713
  CVE-2026-21714
  CVE-2026-21717

Low priority fixes:
  CVE-2026-21715
  CVE-2026-21716

https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit d32cd27eaa)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Jason Schonberg de8e685a66 nodejs: upgrade 22.22.0 -> 22.22.1 
License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files
  Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96

Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit db05f827bb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Vijay Anusuri 25dbfb365a giflib: Fix CVE-2026-23868 
Pick patch according to [1]

[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari d994b091f6 dovecot: mark CVE-2026-0394 patched 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0394

As identified[1] by Debian, the recipe version already contains
the commits that fix this. Due to this mark it as patched.

[1]: https://security-tracker.debian.org/tracker/CVE-2026-0394

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 47ec93ee07 dovecot: patch CVE-2025-59031 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59031

Backport the patch that was identified[1] by Debian.

[1]: https://security-tracker.debian.org/tracker/CVE-2025-59031

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari b35ad41144 botan: patch CVE-2026-32884 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32884

The backported patch was selected based on the security.rst[1]
file of the project, that mentions the date of the fix. When
looked through the commits from that date, picked the one that's
description matches the CVE description.

The included test passed successfully (along with the other tests).

[1]: https://github.com/randombit/botan/blob/master/doc/security.rst

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari 70a903c888 botan: patch CVE-2026-32883 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32883

Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).

[1]: https://security-tracker.debian.org/tracker/CVE-2026-32883

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari c4b5bca1e8 botan: patch CVE-2026-32877 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32877

Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).

[1]: https://security-tracker.debian.org/tracker/CVE-2026-32877

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Deepak Rathore ab0866131d libssh: Fix CVE-2026-0965 
Pick the patch [1] as mentioned in [2]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76
[2] https://security-tracker.debian.org/tracker/CVE-2026-0965

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Deepak Rathore cdfa4084fe libssh: Fix CVE-2026-0967 
Pick the patch [1] as mentioned in [2]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15
[2] https://security-tracker.debian.org/tracker/CVE-2026-0967

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Deepak Rathore f516c3f209 libssh: Fix CVE-2026-0968 
Pick the patch [1] and [2] as mentioned in [3]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9
[2] https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03
[3] https://security-tracker.debian.org/tracker/CVE-2026-0968

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Liu Yiding 2d95f187bd gjs: upgrade 1.84.1 -> 1.84.2 
Version 1.84.2
--------------

- Closed bugs and merge requests:
  * GtkNotebook.pages GListModel is inaccessible from GJS [#686, !992, Philip
    Chimento]

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 3797a82fee)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari e62e3f8f25 freeipmi: upgrade 1.6.16 -> 1.6.17 
Changes:
o Fix exploitable buffer overflows in the following ipmi-oem commands:
  - ipmi-oem dell get-last-post-code
  - ipmi-oem supermicro extra-firmware-info
  - ipmi-oem wistron read-proprietary-string
o Support --proxy in ipmiconsole.
o Fix mem-leak within libfreeipmi locate api.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 4b4c770ce5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 24333410e6 strongswan: patch CVE-2026-25075 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25075

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi dba7c549bd tigervnc: patch CVE-2026-34352 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34352

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 1ccaa949ea zabbix: ignore CVE-2026-23919 
It was fixed since version 7.0.19[1]

[1] https://support.zabbix.com/browse/ZBX-27638

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 6f87a552ab wolfssl: patch CVE-2026-4395 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 99b851ae0e wolfssl: patch CVE-2026-4159 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4159

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 5a858b3578 wolfssl: patch CVE-2026-3547 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3547

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 60443c7d85 wolfssl: patch CVE-2026-3230 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3230

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi d0e8fba3a1 wolfssl: ptach CVE-2026-3229 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3229

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 40f7bfd054 wolfssl: patch CVE-2026-2646 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2646

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi e4fbbe5138 wolfssl: patch CVE-2026-0819 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0819

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi a3156b1afc libde265: patch CVE-2026-33165 
Backport the commit mentioned in the NVD

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33165

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Jason Schonberg 28ee87c6b5 Update README.md with branch name. 
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Zhang Peng 2a23ed7738 libwnck3: upgrade 43.2 -> 43.3 
Version 43.3
============
  * Fix clang warnings. (!66, !68)
  * Fix regression with class group and application names. (#166)

Drop ef0e40d59c32d7ebeb94d242436e3144cefc174a.patch,
already included in 43.3.

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 7d1d00858a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi d80c715ff6 gvfs: upgrade 1.58.2 -> 1.58.4 
Major changes in 1.58.4
=======================
* Re-release of 1.58.3 due to incorrect release tag; no code changes.

Major changes in 1.58.3
=======================
* CVE-2026-28296: ftp: Reject paths with CR/LF in g_vfs_ftp_file_new_from_ftp (Ondrej Holy)
* monitor: Do not load monitors when GIO_USE_VFS=local (Ondrej Holy)

https://gitlab.gnome.org/GNOME/gvfs/-/blob/1.58.4/NEWS?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Zhang Peng 49df15e47f gvfs: upgrade 1.58.1 -> 1.58.2 
Major changes in 1.58.2
=======================
* client: Fix use-after-free when creating async proxy failed (Ondrej Holy)
* daemon: Fix race on subscribers list when on thread (Ondrej Holy)
* ftp: Validate fe_size when parsing symlink target (Ondrej Holy)
* ftp: Check localtime() return value before use (Ondrej Holy)
* CVE-2026-28295: ftp: Use control connection address for PASV data (Ondrej Holy)
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters (Ondrej Holy)
* gphoto2: Use g_try_realloc() instead of g_realloc() (Ondrej Holy)
* cdda: Reject path traversal in mount URI host (Ondrej Holy)
* client: Fail when URI has invalid UTF-8 chars (Ondrej Holy)
* Some other fixes (correctmost, Ondrej Holy)

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 57045ecd65)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Wang Mingyu a95959990f gvfs: upgrade 1.58.0 -> 1.58.1 
Major changes in 1.58.1
=======================
* cdda: Fix duration of last track for some media
* build: Fix build when google option is disabled
* Fix various memory leaks
* Some other fixes
* Translation updates

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a216ab3f76)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Markus Volk 17d0c5d59c nautilus: update 49.4 -> 49.5 
Major Changes in 49.5
=====================
* Bugfixes:
- Avoid unnecessary delay before enabling Skip button (parzival)
- Fix crash when searching in Starred (Shivam)

* Translation updates (GNOME Translation Project contributors)

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 866d0d78d5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Wang Mingyu 2caf1ec273 nautilus: upgrade 49.3 -> 49.4 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7d09cfdb84)

Major Changes in 49.4
=====================
* Bugfixes:
- Fix crash with gone MTP devices (Adithya)
- Don't count children for autofs mountpoints (Ondrej Holy)
- Correctly check for invalid thumbnails (Khalid Abu Shawarib)
- Don't invalidate thumbnails on access (Khalid Abu Shawarib)
- Fix path for script run from Recent (Khalid Abu Shawarib)
- Fix icon cache (Khalid Abu Shawarib)
- Fix crash on trashing in bind mounts (Khalid Abu Shawarib)
- Fix dragged sidebar row margins  (Khalid Abu Shawarib)
- Fix handling of early rename popover closure (Alessandro Astone)

* Translation updates (GNOME Translation Project contributors)

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Wang Mingyu 5b783540e3 nautilus: upgrade 49.2 -> 49.3 
Changelog:
=========
- Don't waste resources on images with extreme dimensions
- Consider thumbnailing finished at correct time
- Redraw view when screen scale factor changes
- Fix potential outdated view item usage
- Correctly close mime type program chooser dialog

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ec8cdac89c)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi f6ba658a27 python3-apiflash: upgrade 3.0.0 -> 3.0.2 
https://github.com/apiflask/apiflask/releases/tag/3.0.1
https://github.com/apiflask/apiflask/releases/tag/3.0.2

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi afaedb6761 python3-alembic: add HOMEPAGE 
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 9fedb9a3e7 python3-aiofiles: fix HOMEPAGE 
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 797f437169 python3-astroid: upgrade 4.0.2 -> 4.0.4 
https://github.com/pylint-dev/astroid/releases/tag/v4.0.3
https://github.com/pylint-dev/astroid/releases/tag/v4.0.4

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Gyorgy Sarvari 23c99b8da4 nginx: upgrade 1.28.2 -> 1.28.3 
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
   request in a location with "alias", allowing an attacker to modify
   the source or destination path outside of the document root
   (CVE-2026-27654).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module on 32-bit platforms might cause a worker process
   crash, or might have potential other impact (CVE-2026-27784).

*) Security: processing of a specially crafted mp4 file by the
   ngx_http_mp4_module might cause a worker process crash, or might have
   potential other impact (CVE-2026-32647).

*) Security: a segmentation fault might occur in a worker process if the
   CRAM-MD5 or APOP authentication methods were used and authentication
   retry was enabled (CVE-2026-27651).

*) Security: an attacker might use PTR DNS records to inject data in
   auth_http requests, as well as in the XCLIENT command in the backend
   SMTP connection (CVE-2026-28753).

*) Security: SSL handshake might succeed despite OCSP rejecting a client
   certificate in the stream module (CVE-2026-28755).

*) Change: now nginx limits the size and rate of QUIC stateless reset
   packets.

*) Bugfix: receiving a QUIC packet by a wrong worker process could cause
   the connection to terminate.

*) Bugfix: in the ngx_http_mp4_module.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 34b3d0f491)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 37f60b95f0 nginx: upgrade 1.29.1 -> 1.29.2 
Changes with nginx 1.29.2

*) Feature: now nginx can be built with AWS-LC.
*) Bugfix: now the "ssl_protocols" directive works in a virtual server
   different from the default server when using OpenSSL 1.1.1 or newer.
*) Bugfix: SSL handshake always failed when using TLSv1.3 with OpenSSL
   and client certificates and resuming a session with a different SNI
   value; the bug had appeared in 1.27.4.
*) Bugfix: the "ignoring stale global SSL error" alerts might appear in
   logs when using QUIC and the "ssl_reject_handshake" directive; the
   bug had appeared in 1.29.0.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
   response header line.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
*) Bugfix: in SSL certificate caching during reconfiguration.

https://nginx.org/en/CHANGES

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Wang Mingyu 4d1cb07307 openldap: upgrade 2.6.12 -> 2.6.13 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b089df410f)

Changelog:
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_13/CHANGES?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:38 +05:30
Wang Mingyu 95c6a65c69 openldap: upgrade 2.6.10 -> 2.6.12 
License-Update: Copyright year updated to 2026

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6c54894209)

Changelog:
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_12/CHANGES?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:38 +05:30