mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity
36,458 Commits 64 Branches 0 Tags
c4b5bca1e86e481a0376881e5b5eaedfcbedc6bd
Commit Graph

15930 Commits

Author SHA1 Message Date
Gyorgy Sarvari c4b5bca1e8 botan: patch CVE-2026-32877 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32877

Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).

[1]: https://security-tracker.debian.org/tracker/CVE-2026-32877

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Deepak Rathore ab0866131d libssh: Fix CVE-2026-0965 
Pick the patch [1] as mentioned in [2]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76
[2] https://security-tracker.debian.org/tracker/CVE-2026-0965

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Deepak Rathore cdfa4084fe libssh: Fix CVE-2026-0967 
Pick the patch [1] as mentioned in [2]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15
[2] https://security-tracker.debian.org/tracker/CVE-2026-0967

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Deepak Rathore f516c3f209 libssh: Fix CVE-2026-0968 
Pick the patch [1] and [2] as mentioned in [3]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9
[2] https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03
[3] https://security-tracker.debian.org/tracker/CVE-2026-0968

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-24 21:13:20 +05:30
Gyorgy Sarvari e62e3f8f25 freeipmi: upgrade 1.6.16 -> 1.6.17 
Changes:
o Fix exploitable buffer overflows in the following ipmi-oem commands:
  - ipmi-oem dell get-last-post-code
  - ipmi-oem supermicro extra-firmware-info
  - ipmi-oem wistron read-proprietary-string
o Support --proxy in ipmiconsole.
o Fix mem-leak within libfreeipmi locate api.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 4b4c770ce5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi dba7c549bd tigervnc: patch CVE-2026-34352 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34352

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Ankur Tyagi 1ccaa949ea zabbix: ignore CVE-2026-23919 
It was fixed since version 7.0.19[1]

[1] https://support.zabbix.com/browse/ZBX-27638

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:47 +05:30
Wang Mingyu 4d1cb07307 openldap: upgrade 2.6.12 -> 2.6.13 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b089df410f)

Changelog:
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_13/CHANGES?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:38 +05:30
Wang Mingyu 95c6a65c69 openldap: upgrade 2.6.10 -> 2.6.12 
License-Update: Copyright year updated to 2026

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6c54894209)

Changelog:
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_12/CHANGES?ref_type=tags

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:38 +05:30
Wang Mingyu 6de735114a iwd: upgrade 3.11 -> 3.12 
Changelog:
===========
- Fix issue with handling expiration of PMKSA.
- Fix issue with handling uninitialized buffer and PMKID.
- Fix issue with checking for PKCS#8 key parser in unit tests.
- Fix issue with using -std=c23 compiler setting.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 7c5ec1fa02)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:38 +05:30
Markus Volk bdf97cd9d2 iwd: update 3.10 -> 3.11 
ver 3.11:
	Fix issue with interface registration before acquiring name.

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ac9041ed3e)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-04-21 08:57:38 +05:30
Wang Mingyu 16af6bba7d imapfilter: upgrade 2.8.3 -> 2.8.5 
License-Update: copyright year updated to 2026.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 89b961c889)

https://github.com/lefcha/imapfilter/blob/v2.8.5/NEWS

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Wang Mingyu b95d21b7aa jasper: upgrade 4.2.8 -> 4.2.9 
Changelog:
- Fixed a bug in the JP2 encoder that caused incorrect handling of
  opacity components in some cases.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 330ecdd2ad)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Sujeet Nayak 56f9f2dbd5 libnice: make crypto library configurable via PACKAGECONFIG 
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.

Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Peter Kjellerstedt 8bf79306ad bpftrace: Update the runtime dependencies 
* bash and python3 are only needed by the ptest package.
* xz appears to not be needed at all.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Mingli Yu 76bea270ec mariadb: Upgrade 11.4.9 -> 11.4.10 
Remove 0001-Remove-x86-specific-loop-in-my_convert.patch as it's fixed
in new version [1].

Remove 0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch
as its logic is included in new version [2].

Release note:
https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10

[1] https://github.com/MariaDB/server/commit/470487c
[2] https://github.com/MariaDB/server/commit/a61a746

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Gyorgy Sarvari 0efa1d57b6 imagemagick: upgrade 7.1.2-16 -> 7.1.2-17 
Contains bugfixes and a couple of CVE fixes:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Wang Mingyu e4a9ec5350 imagemagick: upgrade 7.1.2-15 -> 7.1.2-16 
Changelog:
===========
* client: Fix use-after-free when creating async proxy failed
* daemon: Fix race on subscribers list when on thread
* ftp: Validate fe_size when parsing symlink target
* ftp: Check localtime() return value before use
* CVE-2026-28295: ftp: Use control connection address for PASV data
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters
* gphoto2: Use g_try_realloc() instead of g_realloc()
* cdda: Reject path traversal in mount URI host
* client: Fail when URI has invalid UTF-8 chars
* Some other fixes

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Gyorgy Sarvari f38ff6e7d0 capnproto: patch CVE-2026-32239 and CVE-2026-32240 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240

Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Ankur Tyagi d7710fb408 php: upgrade 8.4.18 -> 8.4.19 
https://www.php.net/ChangeLog-8.php#8.4.19

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Wang Mingyu 62f49bed40 ser2net: upgrade 4.6.6 -> 4.6.7 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 23d4ba6b96)

ser2net is updated to fix some issues in reloading the configuration.
There were some situations that could cause crashes.
The bug was actually in gensio, but a workaround has been added to ser2net for
older versions of gensio.

https://github.com/cminyard/ser2net/releases/tag/v4.6.7

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Gyorgy Sarvari 1e8c1154e3 pcp: fix SRC_URI 
The branch where the revision was got deleted, so this is just a floating commit now.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:24 +05:30
Deepak Rathore 92bfb48d4c libssh: Fix CVE-2026-3731 
Pick the patch [1] and [2] as mentioned in [3]

[1] https://git.libssh.org/projects/libssh.git/commit/?id=f80670a7aba86cbb442c9b115c9eaf4ca04601b8
[2] https://git.libssh.org/projects/libssh.git/commit/?id=02c6f5f7ec8629a7cff6a28cde9701ab10304540
[3] https://security-tracker.debian.org/tracker/CVE-2026-3731

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:23 +05:30
Gyorgy Sarvari 0fd2ea7e0b exiv2: patch CVE-2026-27631 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631

Backport the patches referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:23 +05:30
Gyorgy Sarvari ab099baf93 exiv2: patch CVE-2026-27596 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596

Backport the commits referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:23 +05:30
Gyorgy Sarvari 18824f8a2d exiv2: patch CVE-2026-25884 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884

Backport the commits referenced by the NVD advisory.

One of the patches contain some binary data (for test data),
which needs to be applied with git PATCHTOOL..

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-26 10:29:23 +05:30
Gyorgy Sarvari 467427d3af zabbix: mark CVE-2026-23925 as patched 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925

The vulnerability has been fixed since 7.0.18[1], however NVD
tracks this CVE without version information.

[1]: https://github.com/zabbix/zabbix/commit/89dec866ec7f8230b25f06ac000575e3b7bd4025

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:04 +05:30
Gyorgy Sarvari 9f2fe367d8 libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837

Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 17:14:04 +05:30
Gyorgy Sarvari f4dca597c9 exiftool: ignore CVE-2026-3102 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102

The vulnerability impacts only MacOS - ignore it.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 07:49:33 +05:30
Wang Mingyu 258cdd1e07 imagemagick: upgrade 7.1.2-13 -> 7.1.2-15 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 853aecb2f9)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-09 07:49:26 +05:30
Peter Kjellerstedt 843542472e ceres-solver: Don't fail if .git/hooks/commit-msg can't be touched 
The .git/hooks/commit-msg Git hook may already exist and not be
writable. E.g., in our environment it is a symbolic link to a script in
/usr/share.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a22fe21c59)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:13:27 +05:30
Ankur Tyagi d25f3ab33a valkey: upgrade 8.1.4 -> 8.1.6 
Includes fix for CVE-2026-21863, CVE-2025-67733 and various bug fixes.

Also include tag in the SRC_URI.

https://github.com/valkey-io/valkey/releases/tag/8.1.5
https://github.com/valkey-io/valkey/releases/tag/8.1.6

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:11 +05:30
Daniel Klauer 78a373916b nbench-byte: Fix sysinfo generation in parallel build 
The project Makefile uses a script (sysinfo.sh) to non-atomically generate
two .c files (sysinfo.c, sysinfoc.c) which are then included in the build.
Since the script always overwrites both .c files, the Makefile should only
invoke it once, not twice in parallel. Otherwise the .c files may be
corrupted and cause random build failures in parallel builds.

Requires at least GNU make 4.3, for Grouped Targets support [1].

[1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html

Reviewed-by: Silvio Fricke <silvio.fricke@gin.de>
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit add2d94ab7)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:10 +05:30
Ankur Tyagi 9783e418db xrdp: patch CVE-2025-68670 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68670

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:10 +05:30
Ankur Tyagi 592de481e6 libjxl: upgrade 0.11.1 -> 0.11.2 
- fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
- fix number of channels for gray-to-gray color transform (CVE-2026-1837)
- djxl: reject decoding JXL files if "packed" representation size overflows
    size_t

https://github.com/libjxl/libjxl/releases/tag/v0.11.2

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:08 +05:30
Gyorgy Sarvari 1a18d1ac74 protobuf: ignore CVE-2026-0994 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994

The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).

Ignore this CVE in this recipe due to this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:08 +05:30
Ankur Tyagi 3ad174f956 postgresql: upgrade 17.7 -> 17.8 
License-Update: Update license year to 2026

Refreshed patches for version 17.8

Includes fix for CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006

Release Notes:
https://www.postgresql.org/docs/release/17.8/

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:07 +05:30
Gyorgy Sarvari fdddf2bdd3 openjpeg: patch CVE-2023-39327 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327

Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:07 +05:30
Anuj Mittal 9039381ef0 systemd-netlogd: upgrade 1.4.4 -> 1.4.5 
Fixes build with 32 bit machines.

- Fix build on 32-bit with 64-bit time_t by @cgzones in #136
- Misc by @cgzones in #137
- Add terminating newline also for TLS connections by @Googulator in #139
- Add RFC5425 length field by @derobert in #140
- Correct examples for ExcludeSyslogFacility and ExcludeSyslogLevel by @ngraziano in #141

Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-03-06 10:09:04 +05:30
Ankur Tyagi 12fc4c6584 tomoyo-tools: update SRC_URI 
The previous one became inaccessible.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-24 18:46:45 +05:30
Jason Schonberg 24a99d095d php: upgrade 8.4.17 -> 8.4.18 
This is a bug fix release.

Changelog: https://www.php.net/ChangeLog-8.php#8.4.18

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:36:42 +05:30
Wang Mingyu 6763e7828d libtracefs: upgrade 1.8.2 -> 1.8.3 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0fbbddd537)

Changes:
https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/tag/?h=libtracefs-1.8.3

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:34 +05:30
Jason Schonberg 980fca8629 usbids: upgrade 2025.09.15 -> 2025.12.13 
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5aca0a216d)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:34 +05:30
Liu Yiding f11e6285f8 minizip-ng: 4.0.8 -> 4.0.10 
1.Changelog:
  https://github.com/zlib-ng/minizip-ng/releases/tag/4.0.10

2.Remove 0001-crypt.h-Remove-register-keyword.patch as it was merged upstream.

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5f6dbb284a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:33 +05:30
Gyorgy Sarvari a96f3a8194 paho-mqtt-c: upgrade 1.3.14 -> 1.3.15 
Drop patch to fix gcc15 compatibility - the problem has been solved by upstream.

Changelog:
- Update getaddrinfo options to support IPv6 hostname resolution
- Removed unnecessary _WIN64 conditional checks
- Fixed condition variable timed wait
- Support tls:// prefix

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cb9d043f46)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:33 +05:30
Gyorgy Sarvari 0831fc038d libx86-1: upgrade 1.1 -> 1.1.1 
Bugfix release, mostly with patches applied from other distros.
Also fixes the SRC_URI which became inaccessible over time.
Drop patches that are included in this release.

Shortlog:
https://gitlab.archlinux.org/grawlinson/libx86/-/compare/v1.1...v1.1.1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 19fdc49db3)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:32 +05:30
Markus Volk 1597f7ba50 libsdl2-compat: update 2.32.58 -> 2.32.62 
Changelog:

2.32.62:
This is a stable bugfix release, with the following changes:
Improved support for GNU/Hurd
Fixed crash if hidapi strings are not available

2.32.60:
This is a stable bugfix release, with the following changes:
Fixed crash at startup in Dwarf Fortress
Fixed crash at startup in Stellaris
Fixed mouse stuttering in Amiberry
Fixed the viewport not being reset when the window is resized

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

Adapted for Whinlatter to keep x11 in REQUIRED_DISTRO_FEATURES
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:32 +05:30
Wang Mingyu f195fb8e78 cryptsetup: upgrade 2.8.3 -> 2.8.4 
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

Stable bug-fix release
https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.8.4/docs/v2.8.4-ReleaseNotes?ref_type=tags

(cherry picked from commit 9111684d67)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:31 +05:30
Gyorgy Sarvari 80a5465833 redis: ignore CVE-2025-46686 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686

Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.

See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 868b4b2959)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:28 +05:30
Gyorgy Sarvari effd66ea21 raptor2: patch CVE-2024-57822 and CVE-2024-57823 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-57822
https://nvd.nist.gov/vuln/detail/CVE-2024-57823

Pick the patches mentioned in the github issue[1] mentioned
in the NVD advisories (both of them are covered by the same issue)

[1]: https://github.com/dajobe/raptor/issues/70

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc2c6a514e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-02-19 08:20:28 +05:30