Backport the fix for CVE-2025-62594
Changes are made with 7.0.10 version code and only required and
compatible code is taken into patch.
image-private.h:-
Integrated only the essential and compatible updates from the 7.0.10
upstream patch. Specifically, the changes related to the Macro's and
CastDoubleToPtrdiffT were adopted, as these updates are directly tied to
the vulnerability fix. The remaining modifications in this file were
excluded because they do not affect the execution paths relevant to our
codebase.
composite.c:-
This file was intentionally left unchanged. The upstream patch contains
only a formatting update (a trailing space adjustment) with no
functional relevance or security impact, so the change was not included
in our patch.
enhance.c:-
All functional hunks from the upstream vulnerability fix were applied.
These modifications directly contribute to addressing the CVE by
strengthening bounds handling and improving input validation in the
enhancement routines.
Signed-off-by: Shaik Moin <careers.myinfo@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Corrected the ssh_print_hexa to ssh_print_hash in the patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884
Backport the commits referenced by the NVD advisory.
Note that the regression tests are not included in this test. The
patch contains binary data, which cannot be applied with any of
the PATCHTOOLs in do_patch task.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* depends on libxi causing:
ERROR: Nothing PROVIDES 'libxi' (but /OE/build/luneos-nanbield/meta-openembedded/meta-oe/recipes-graphics/freeglut/freeglut_3.4.0.bb DEPENDS on or otherwise requires it)
libxi was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'freeglut', 'libxi']
for distros with opengl but without x11 in DISTRO_FEATURES
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37622
Pick the patch from the PR referenced by the NVD advisory.
Note that the regression test is not part of this patch,
as no patchtool could apply it in do_patch task.
The test patch was however manually applied during preparing
this patch, and all tests were executed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37621
Backport the patch that is referenced by the NVD advisory.
The regression test contains a binary patch, that couldn't be applied
in the do_patch task. Due to this the test was not backported. It was
however applied manually and executed successfully during the preparation
of this patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37620
Pick the patches from the PR that is referenced by the NVD advisory.
Two notes:
1. The regression test contains a binary patch, that couldn't be applied
in the do_patch task. Due to this the test was not backported. It was
however applied manually and executed successfully during the preparation
of this patch.
2. The commit changes some "unsigned" types to "size_t", which is not
included in this backport. They were already done by another patch (the
one for CVE-2021-34334).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37619
Pick the patch from the PR referenced by the NVD advisory.
Note that the regression test is not part of this patch,
as no patchtool could apply it in do_patch task.
The test patch was however manually applied during preparing
this patch, and all tests were executed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37618
Pick the patch from the PR that is referenced by the NVD advisory.
Note that the regression test was not backported, because it contains
a binary patch, that I couldn't apply with any of the patchtools
in the do_patch step. Before submission however I have applied the
patches, and ran all the tests successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37615https://nvd.nist.gov/vuln/detail/CVE-2021-37616
Backport the patches from the PR that is referenced by the NVD advisory.
Both CVEs are fixed by the same PR.
Note that the patch that added a regression test is not included. This
is because it contains a binary patch, which seems to be impossible
to apply with all patchtools during do_patch. Though it is not included
in this patch, it was applied manually during prepration, and all ptests
(including the new regression test) passed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It contains Security fixes for CVE-2026-2003, CVE-2026-2004,
CVE-2026-2005, CVE-2026-2006 and CVE-2026-2007.
It also contains other bug fixes and for more details refer Release note.
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.21
Release notes: https://www.postgresql.org/docs/release/14.21/
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-38171
This is the same as CVE-2021-30860, but that one was primarily filed
against Apple software (and some other related projects).
The patch that fixes this vulenrability is already added to the recipe,
just extend its CVE tag
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
oe-core has a newer version of xserver than this recipe used to compile
TigerVNC with. This recipe updates xserver to the same version, 21.1.18.
TigerVNC only started to support this xserver version 2 versions later,
with 1.13. Due to this 3 commits were backported that add the missing
changes.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Zahir Hussain
Shaik Moin
Bhabu Bindu
Tyler Park
Vijay Anusuri
Nitin Wankhade
Martin Jansa
Chen Qi
Hitendra Prajapati