b9fb6556a3
protobuf 4.25.8: Mark CVE-2024-7254 as patched
...
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-7254
Type: Security Fix
CVE: CVE-2024-7254
Score: 8.7
Patch: https://github.com/protocolbuffers/protobuf/commit/850fcce9176e
Analysis:
The original fix [1] for CVE-2024-7254 is listed in the NVD security
tracker (https://nvd.nist.gov/vuln/detail/CVE-2024-7254 ) and was
subsequently backported to the v4.25.8 version via commit [2].
Hence, this CVE is considered patched in the current source.
Reference:
[1] https://github.com/protocolbuffers/protobuf/commit/cc8b3483a558
[2] https://github.com/protocolbuffers/protobuf/commit/850fcce9176e (v4.25.8)
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
10fc221938
linuxptp: Add systemd instance specifier for ptp4l dependency
...
Add the instance specifier to the ptp4l dependency for the phc2sys
service, so the corresponding service is automatically started
correctly. This fixes the following error messages, when starting the
phc2sys@... service:
Failed to restart phc2sys@eth0.service: Unit ptp4l.service not found.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31f0b9d3d5anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
2222925e92
kernel-hardening-checker: backport recipe
...
This recipe is a Scarthgap backport of kernel-hardening-checker_0.6.10.2.bb
in the master branch as of August 19, 2025.
Tested on qemux86-64 and on beaglebone-yocto
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
f2b163a416
poppler: fix typos in CVE-2025-52886-0001.patch
...
There were a some accidenal typos in the CVE-2025-52886-0001.patch file
that introduced a number of syntactical errors in the qt5/src/poppler-annotation.cc
file, which failed the compilation, in case qt5 PACKAGECONFIG is enabled.
This change fixes these typos. Since qt6 is not enabled in the recipe,
only the qt5 related parts were verified.
While reworking the backport, unfortunately some line number differences
were introduced, which inflate the size of this patch - just scroll
past those.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
2ffcfd6a34
iperf3: fix CVE-2025-54349
...
CVE-2025-54349:
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant
heap-based buffer overflow.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-54349 ]
Upstream patches:
[https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
fddaa45a87
gnuplot: fix CVE-2025-31181
...
CVE-2025-31181:
A flaw was found in gnuplot. The X11_graphics() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31181 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
732f5800cf
gnuplot: fix CVE-2025-31180
...
CVE-2025-31180:
A flaw was found in gnuplot. The CANVAS_text() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31180 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
02d046e20d
gnuplot: fix CVE-2025-31179
...
CVE-2025-31179:
A flaw was found in gnuplot. The xstrftime() function may lead to a
segmentation fault, causing a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31179 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
3d810d7d3b
gnuplot: fix CVE-2025-31178
...
CVE-2025-31178:
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31178 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b78cc829a18e9436daaa859c96f3970157f3171e/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
dd4b10de44
gnuplot: fix CVE-2025-31177
...
CVE-2025-31177:
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31177 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
a3826c4999
gnuplot: fix CVE-2025-31176
...
CVE-2025-31176:
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation
fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31176 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
9d3537ef42
gnuplot: fix CVE-2025-3359
...
CVE-2025-3359:
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal
may jeopardize the environment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-3359 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
a8fdc03123
libssh: fix CVE-2025-4877
...
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
97e9dee283
nginx: patch CVE-2025-53859
...
Pick patch from nginx site which is also mentioned in [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-53859
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
3ef67c94da
hunspell-dictionaries: switch branch from master to main
...
The repository of dictionaries doesn't have a branch named master. So, the
branch is switched to main.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr >
Reviewed-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
d90b295188
abseil-cpp: fix build with gcc-15 on host
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
938c8d28a2
postgresql: upgrade 16.9 -> 16.10
...
Includes fix for CVE-2025-8713, CVE-2025-8714, CVE-2025-8715
License-Update: Align organization wording in copyright statement
Changelog:
https://www.postgresql.org/docs/release/16.10/
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch
for 16.10
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
c316f92599
poppler: fix CVE-2025-50420
...
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/a7025904e3330dd6cf95f3664ef6fc77034cc5e1
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
b484df6361
python3-werkzeug: added python3-difflib as RDEPENDS
...
File "/usr/lib/python3.12/site-packages/werkzeug/routing/exceptions.py", line 3, in <module>
import difflib
ModuleNotFoundError: No module named 'difflib'
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
dcef3fff75
vulkan-cts: allow vulkan versions > 1.3
...
Backport a patch from upstream that allows vulkan-cts to work with
Vulkan version greater than 1.3. Previously any unknown Vulkan versions
will return 0 when we attempt to locate the minimum version with
minVulkanAPIVersion.
Signed-off-by: Randolph Sapp <rs@ti.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
1095ea81ed
luajit: fix several CVEs
...
Fix CVE-2024-25176, CVE-2024-25177, CVE-2024-25178
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:10 +08:00
e099b1462d
jq: add Upstream-Status and CVE tags into .patch files
...
v1 version was merged instead of v2 from:
https://lists.openembedded.org/g/openembedded-devel/message/118302
add missing Upstream-Status and CVE tags from v2.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech >
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:10 +08:00
3fbbd2c080
php: upgrade 8.2.28 -> 8.2.29
...
This upgrade fixes below CVEs.
CVE-2025-1735
CVE-2025-6491
CVE-2025-1220
Changelog: https://www.php.net/ChangeLog-8.php#8.2.29
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:06 +08:00
2a7a09ff10
v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit
...
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-11 16:58:30 +08:00
c29a18fa39
mbedtls: drop tag parameter from SRC_URI.
...
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-08-18 08:35:05 -07:00
205638f9ed
poco: patch CVE-2025-6375
...
Pick commit mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
37b138014b
poco: ignore additional failing tests
...
These tests are failing and thus preventing verification of new patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
e67921006f
minifi-cpp: patch spdlog CVE-2025-6140
...
Same patch as in spdlog recipe.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
1fb0820868
spdlog: patch CVE-2025-6140
...
Pick commit [1] mentioned in [2] as listed in [3].
[1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094
[2] https://github.com/gabime/spdlog/issues/3360
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
ba84c52d55
libcoap: patch CVE-2024-31031
...
Pick commit [1] from [2] which fixes [3] as listed in [4].
[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
c8a1b909ec
poppler: fix CVE-2025-52886
...
Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std::atomic_int` for reference counting. Because
`std::atomic_int` is only 32 bits, it is possible to overflow
the reference count and trigger a use-after-free. Version 25.06.0
patches the issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-52886
https://security-tracker.debian.org/tracker/CVE-2025-52886
Upstream patches:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
21e370fd3c
open-vm-tools: fix CVE-2025-22247
...
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247
Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
c781171d34
mariadb: File conflicts for multilib
...
File conflicts between attempted installs of mariadb and lib32-mariadb
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(master rev: ddd322323eguocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
958ef90ab0
kmsxx: Revert to using original name for kmstest
...
Earlier both libdrm[1] and kmsxx[2] projects used to provide a binary
program called kmstest. To avoid the clash, the kmsxx recipe was
updated to rename this binary to kmsxxtest during installation. However
libdrm project has now removed kmstest[3] and hence there is no clash
in naming anymore, so revert back to original name of binary i.e.
kmstest.
[1]: https://gitlab.freedesktop.org/mesa/libdrm.git
[2]: https://github.com/tomba/kmsxx
[3]: https://gitlab.freedesktop.org/mesa/libdrm.git
commit: 2b997bb4bb688be00620887c8646ff24ccb9396b
Signed-off-by: Swamil Jain <s-jain1@ti.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
7b57b8f106
mariadb: upgrade 10.11.9 -> 10.11.12
...
This upgrade includes fix for CVE-2023-52969, CVE-2023-52970
and CVE-2023-52971
Changelog:
https://mariadb.com/kb/en/mariadb-10-11-12-changelog/
refresh 0001-Add-missing-includes-cstdint-and-cstdio.patch
Droped mm_malloc.patch and ppc-remove-glibc-dep.patch (Commit ID:
https://github.com/MariaDB/server/commit/dff354e7df2fa774ce4da77202a17e2cae99ac59 )
as these changes are available in 10.11.12
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
1b222113dc
libssh: fix CVE-2025-5351 & CVE-2025-5372
...
* CVE-2025-5351 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256
* CVE-2025-5372 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
2c9126bd0d
mbedtls: upgrade 3.6.3.1 -> 3.6.4
...
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087
The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
[1] https://github.com/Mbed-TLS/mbedtls/commit/8cf5666a174237998a7965e284d7ba8c1655d16d
[2] https://github.com/Mbed-TLS/mbedtls/commit/c90c6d8ff787ab8787d9373b0e662a95ed1f4dae
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
6dedea4262
mbedtls: upgrade 3.6.3 -> 3.6.3.1
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:34:07 -04:00
ec1f3712f2
softhsm: correct the SRC_URI
...
The old SRC_URI is not available.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:21 -04:00
e66e64ee63
redis: fix CVE-2025-32023
...
Upstream-Status: Backport from https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:18 -04:00
fb6424156a
postfix: fix rootfs file difference
...
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:14 -04:00
c672757f81
apache2: Upgrade 2.4.62 -> 2.4.64
...
This upgrade incorporates the fixes for CVE-2025-53020, CVE-2025-49812,
CVE-2025-49630, CVE-2025-23048, CVE-2024-47252, CVE-2024-43394,
CVE-2024-43204, CVE-2024-42516 and other bugfixes.
Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.64
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:10 -04:00
1e80bb4b03
proftpd: Fix CVE-2023-51713
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&id=730e44900a0a86265bad93a16b5a5ff344a07266
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:06 -04:00
b5b11c1cc0
thrift: correct the SRC_URI
...
The tarball of version 0.20.0 can not be found on old SRC_URI.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:02 -04:00
e8fd97d86a
xfce4 update HOMEPAGEs
...
https://goodies.xfce.org/ states "Starting this month (November 2019), a project is starting
to migrate the goodies.xfce.org documentation to https://docs.xfce.org/start . The goal is to
remove deprecated projects and, eventually, de-commission the goodies.xfce.org URLs. Additional
information will be posted on https://wiki.xfce.org/projects/goodies-decomm/start as the project
proceeds."
This patch updates the URLs being used in the HOMEPAGEs to reflect where the address is actually
resolving.
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:29:57 -04:00
3b6e1fa190
logcheck: correct the SRC_URI
...
In http://ftp.debian.org/debian/pool/main/l/logcheck/ , the
tarball of version 1.4.3 is not available.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:41 -04:00
dde4e6d41b
libconfig: correct the SRC_URI
...
The old SRC_URI is not available.
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:37 -04:00
bf0a439694
python3-h5py: backport fixes for incompatible-pointer-types issues
...
Needed in scarthgap for native build on hosts with gcc-14 and newer.
It was in master since:
https://git.openembedded.org/meta-openembedded/diff/meta-python/recipes-devtools/python/python3-h5py_3.11.0.bb?id=f0c767407d033e3f39ceeccc2f7e03a1ca7a6443
and then removed as fixed in 3.11.0 by:
https://git.openembedded.org/meta-openembedded/commit/?id=4b990b6dbabaeb65df5bf46546a873c69032a040
but scarthgap has older 3.10.0, backport necessary changes.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:34 -04:00
3d03058fe2
jq-1.7.1: Backport multiple CVE fixes
...
CVE: CVE-2024-23337
CVE: CVE-2024-53427
CVE: CVE-2025-48060
Patches CVE-2024-23337.patch and CVE-2024-53427.patch are backported from
jq-1.8.0, and CVE-2025-48060.patch is backported from jq-1.8.1.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:23:11 -04:00
4a58c21334
tcpreplay: fix CVE-2024-22654
...
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:13:26 -04:00
Deepak Rathore
Martin Schwan
Michael Opdenacker
Gyorgy Sarvari
Zhang Peng
Hitendra Prajapati
Peter Marko
Alexandre Truong
Martin Jansa
Yogita Urade
Jan Vermaete
Randolph Sapp
Changqing Li
Roland Kovacs
Praveen Kumar
Jiaying Song
kjlau0112
Guocai He
Swamil Jain
Guðni Már Gilbert
Wang Mingyu
Jinfeng Wang
Vijay Anusuri
J. S.
Archana Polampalli