There are multiple vendors for yasm:
$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm
Both products refer to the same application
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2)
There are some unrelated software called "links", which cases
false-positive CVEs to be reported by the CVE checker.
Set the vendor/product pairs that were historically used with
CVEs for this software.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62a5309732)
CVE-2022-3734 only affects Windows.
CVE-2022-0543 affects only packages that were packaged for Debian and
Debian-derivative distros.
Neither of these issues is present in upstream Redis.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This upgrade contains a list of vunerability fixes: CVE-2025-49844,
CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-32023,
CVE-2025-48367, CVE-2025-21605, CVE-2024-46981, CVE-2024-31449,
CVE-2024-31228, CVE-2023-45145, CVE-2022-24834
Dropped the CVE patches that are included above.
Release notes: https://github.com/redis/redis/blob/6.2.21/00-RELEASENOTES
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
CVE-2022-3734 only affects Windows.
CVE-2022-0543 affects only packages that were packaged for Debian and
Debian-derivative distros.
Neither of these issues is present in upstream Redis.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8f1269507a)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32815
Pick the patch from the PR mentioned in he nvd report.
This patch is a combination of 3 commits, which are so
small, that it is still very readable in this form also.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is gentoo specific CVE.
NVD tracks this as version-less CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 36a7e409d8)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Current version (1.6.9) is not affected. Issue was addressed in version 1.3.0
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 17bcf478a5)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Backport of the commit 96b97c0c64 from master
This patch enables ptest for imagemagick, improving test coverage for
continuous integration and runtime validation.
No functional changes are introduced to the core package.
The logic used is :
- We check if the required tools are present or not
- We used convert to create an raw RGB file
- The created RGB is then converted to PNG using convert
- We re-gerenate RGB from PNG and compare the original and re-generated RGB
- Enabled the ptest in ptest-packagelists-meta-oe.inc as
suggested by Gyorgy Sarvari and incorporated logging suggestion
- This was done as standard imagemagick test like drawtest requires manual
internetion to verify the file.
Signed-off-by: AshishKumar Mishra <ashishkumar.mishra@bmwtechworks.in>
Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The ${STAGING_LIBDIR} used in scarthgap doesn't catch this, because
in kirkstone without usrmerge libcap is installed in base_libdir which
is different from libdir.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* after buildpath warnings fix from:
https://git.openembedded.org/meta-openembedded/commit/?id=eeef1fddd9052bed4b1a91565260518eb042fed2
the LibwebsocketsTargets.cmake ends with:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/libcap.so;-lpthread"
instead of:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/OE/build/.../libwebsockets/4.3.3/lib32-recipe-sysroot/usr/lib/libcap.so;-lpthread"
which causes e.g. mosquitto to fail in do_compile with:
ninja: error: '/libcap.so', needed by 'src/mosquitto', missing and no known rule to make it
* this happens only when libwebsocket is built with libcap enabled
(by libcap in DEPENDS)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In order to remove absolute paths from the cmake artifacts, paths from
the `$lib` folder should also be stripped off, otherwise internally
linked libraries (e.g. libz) may appear.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Saravanan
Peter Marko
Ninette Adhikari
Naman Jain
Zhang Peng
AshishKumar Mishra
Divya Chellam
Martin Jansa
Gerard Salvatella