e930b71d14
openjpeg: fix for CVE-2025-54874
...
Upstream-Status: Backport https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 5d0643f194anuj.mittal@intel.com >
2025-09-23 16:30:12 +08:00
d9e2cae64f
cjson 1.7.18: Fix CVE-2025-57052
...
Upstream Repository: https://github.com/DaveGamble/cJSON.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57052
Type: Security Fix
CVE: CVE-2025-57052
Score: 9.8
Patch: https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:16:33 +08:00
a5de2a5728
apache2: upgrade 2.4.64 - 2.4.65
...
fixes CVE-2025-54090
Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.65
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:09:56 +08:00
49aa81f2d5
libssh 0.10.6: Fix CVE-2025-8114
...
Upstream Repository: https://git.libssh.org/projects/libssh.git/
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8114
Type: Security Fix
CVE: CVE-2025-8114
Score: 4.7
Patch: https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb
Signed-off-by: Anil Dongare <adongare@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:08:04 +08:00
385b1baa2b
meta-oe: image: optionally remove RAW image after sparse image creation
...
When creating sparse images, the RAW image is no longer needed in
some workflows such as Android and CI pipelines. These RAW images
can be multi-GB artifacts and consume significant disk space.
This change introduces a configuration option
`DELETE_RAWIMAGE_AFTER_SPARSE_CMD` which, when set to "1",
removes the RAW image after sparse image generation.
This reduces disk usage in builds where sparse images are the
final deliverables and RAW images are not required.
Default behavior is unchanged: RAW images are kept unless the
variable is explicitly enabled:
DELETE_RAWIMAGE_AFTER_SPARSE_CMD = "1" # Delete RAW image
DELETE_RAWIMAGE_AFTER_SPARSE_CMD = "0" # Default behavior
(cherry-picked from f5246b7df4emailaddress.ashish@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:08:04 +08:00
5856e22d34
gutenprint: 5.3.5
...
This fixes an installation error:
| make[5]: Entering directory '.../tmp/work/corei7-64-oe-linux/gutenprint/5.3.4/build/src/cups'
| chmod 700 .../tmp/work/corei7-64-oe-linux/gutenprint/5.3.4/image/usr/libexec/cups/backend/backend_gutenprint
| chmod: cannot access '.../tmp/work/corei7-64-oe-linux/gutenprint/5.3.4/image/usr/libexec/cups/backend/backend_gutenprint': No such file or directory
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:08:00 +08:00
c85ecb6a43
gutenprint: fix a build race-condition
...
Gutenprint install hooks run in parallel but depend on each other. This
is a race condition and might trigger a build failure (e.g on AB [0]):
| chmod 700 $WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint
| chmod: cannot access '$WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint': Not a directory
| make[5]: *** [Makefile:2166: install-exec-hook] Error 1
Fixes this by adding an explicit dependency between the dependent
targets.
[0]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/46/steps/33/logs/stdio
Signed-off-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:02:51 +08:00
95f7aea47c
wxwidgets: fix CVE-2024-58249
...
CVE-2024-58249:
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-58249 ]
Upstream patches:
[https://github.com/wxWidgets/wxWidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(walnascar rev: d3d3df49d5peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:02:32 +08:00
8bdec6baaa
wxwidgets: upgrade 3.2.1 -> 3.2.6
...
ChangeLog:
https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.2.6/docs/changes.txt
* Drop 0001-locale-Avoid-using-glibc-specific-defines-on-musl.patch as
it has been merged upstream
* Refresh patches
* Add UPSTREAM_CHECK_GITTAGREGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(master rev: 903ed68669peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:02:32 +08:00
40db628f58
python3-posix-ipc: fix runtime error
...
Fix follow runtime error: ./build_support/src/sniff_mq_prio_max:
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by
./build_support/src/sniff_mq_prio_max)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:01:46 +08:00
92730597e9
iperf3: fix CVE-2025-54350
...
CVE-2025-54350:
In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion
failure and application exit upon a malformed authentication attempt.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-54350 ]
Upstream patches:
[https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 10:00:37 +08:00
db93848ead
nodejs: fix build with gcc-15 on host
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 09:59:39 +08:00
3702195a7e
libssh: fix CVE-2025-5987
...
A flaw was found in libssh when using the ChaCha20 cipher with the
OpenSSL library. If an attacker manages to exhaust the heap space,
this error is not detected and may lead to libssh using a partially
initialized cipher context. This occurs because the OpenSSL error
code returned aliases with the SSH_OK code, resulting in libssh not
properly detecting the error returned by the OpenSSL library.
This issue can lead to undefined behavior, including compromised
data confidentiality and integrity or crashes.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5987
Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=90b4845e0c98574bbf7bea9e97796695f064bf57
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 09:59:05 +08:00
71b601e3d7
libssh: fix CVE-2025-4878
...
A vulnerability was found in libssh, where an uninitialized variable
exists under certain conditions in the privatekey_from_file() function.
This flaw can be triggered if the file specified by the filename doesn't
exist and may lead to possible signing failures or heap corruption.
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-4878
Upstream-patches:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-23 09:57:53 +08:00
b9fb6556a3
protobuf 4.25.8: Mark CVE-2024-7254 as patched
...
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-7254
Type: Security Fix
CVE: CVE-2024-7254
Score: 8.7
Patch: https://github.com/protocolbuffers/protobuf/commit/850fcce9176e
Analysis:
The original fix [1] for CVE-2024-7254 is listed in the NVD security
tracker (https://nvd.nist.gov/vuln/detail/CVE-2024-7254 ) and was
subsequently backported to the v4.25.8 version via commit [2].
Hence, this CVE is considered patched in the current source.
Reference:
[1] https://github.com/protocolbuffers/protobuf/commit/cc8b3483a558
[2] https://github.com/protocolbuffers/protobuf/commit/850fcce9176e (v4.25.8)
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
10fc221938
linuxptp: Add systemd instance specifier for ptp4l dependency
...
Add the instance specifier to the ptp4l dependency for the phc2sys
service, so the corresponding service is automatically started
correctly. This fixes the following error messages, when starting the
phc2sys@... service:
Failed to restart phc2sys@eth0.service: Unit ptp4l.service not found.
Signed-off-by: Martin Schwan <m.schwan@phytec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 31f0b9d3d5anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
2222925e92
kernel-hardening-checker: backport recipe
...
This recipe is a Scarthgap backport of kernel-hardening-checker_0.6.10.2.bb
in the master branch as of August 19, 2025.
Tested on qemux86-64 and on beaglebone-yocto
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
f2b163a416
poppler: fix typos in CVE-2025-52886-0001.patch
...
There were a some accidenal typos in the CVE-2025-52886-0001.patch file
that introduced a number of syntactical errors in the qt5/src/poppler-annotation.cc
file, which failed the compilation, in case qt5 PACKAGECONFIG is enabled.
This change fixes these typos. Since qt6 is not enabled in the recipe,
only the qt5 related parts were verified.
While reworking the backport, unfortunately some line number differences
were introduced, which inflate the size of this patch - just scroll
past those.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:13 +08:00
2ffcfd6a34
iperf3: fix CVE-2025-54349
...
CVE-2025-54349:
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant
heap-based buffer overflow.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-54349 ]
Upstream patches:
[https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
fddaa45a87
gnuplot: fix CVE-2025-31181
...
CVE-2025-31181:
A flaw was found in gnuplot. The X11_graphics() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31181 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
732f5800cf
gnuplot: fix CVE-2025-31180
...
CVE-2025-31180:
A flaw was found in gnuplot. The CANVAS_text() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31180 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
02d046e20d
gnuplot: fix CVE-2025-31179
...
CVE-2025-31179:
A flaw was found in gnuplot. The xstrftime() function may lead to a
segmentation fault, causing a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31179 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
3d810d7d3b
gnuplot: fix CVE-2025-31178
...
CVE-2025-31178:
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a
segmentation fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31178 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b78cc829a18e9436daaa859c96f3970157f3171e/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
dd4b10de44
gnuplot: fix CVE-2025-31177
...
CVE-2025-31177:
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31177 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
a3826c4999
gnuplot: fix CVE-2025-31176
...
CVE-2025-31176:
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation
fault and cause a system crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31176 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
9d3537ef42
gnuplot: fix CVE-2025-3359
...
CVE-2025-3359:
A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal
may jeopardize the environment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-3359 ]
Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/ ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:12 +08:00
a8fdc03123
libssh: fix CVE-2025-4877
...
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
97e9dee283
nginx: patch CVE-2025-53859
...
Pick patch from nginx site which is also mentioned in [1].
[1] https://security-tracker.debian.org/tracker/CVE-2025-53859
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
3ef67c94da
hunspell-dictionaries: switch branch from master to main
...
The repository of dictionaries doesn't have a branch named master. So, the
branch is switched to main.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr >
Reviewed-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
d90b295188
abseil-cpp: fix build with gcc-15 on host
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
938c8d28a2
postgresql: upgrade 16.9 -> 16.10
...
Includes fix for CVE-2025-8713, CVE-2025-8714, CVE-2025-8715
License-Update: Align organization wording in copyright statement
Changelog:
https://www.postgresql.org/docs/release/16.10/
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch
for 16.10
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
c316f92599
poppler: fix CVE-2025-50420
...
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/a7025904e3330dd6cf95f3664ef6fc77034cc5e1
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
b484df6361
python3-werkzeug: added python3-difflib as RDEPENDS
...
File "/usr/lib/python3.12/site-packages/werkzeug/routing/exceptions.py", line 3, in <module>
import difflib
ModuleNotFoundError: No module named 'difflib'
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
dcef3fff75
vulkan-cts: allow vulkan versions > 1.3
...
Backport a patch from upstream that allows vulkan-cts to work with
Vulkan version greater than 1.3. Previously any unknown Vulkan versions
will return 0 when we attempt to locate the minimum version with
minVulkanAPIVersion.
Signed-off-by: Randolph Sapp <rs@ti.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:11 +08:00
1095ea81ed
luajit: fix several CVEs
...
Fix CVE-2024-25176, CVE-2024-25177, CVE-2024-25178
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:10 +08:00
e099b1462d
jq: add Upstream-Status and CVE tags into .patch files
...
v1 version was merged instead of v2 from:
https://lists.openembedded.org/g/openembedded-devel/message/118302
add missing Upstream-Status and CVE tags from v2.
Signed-off-by: Roland Kovacs <roland.kovacs@est.tech >
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:10 +08:00
3fbbd2c080
php: upgrade 8.2.28 -> 8.2.29
...
This upgrade fixes below CVEs.
CVE-2025-1735
CVE-2025-6491
CVE-2025-1220
Changelog: https://www.php.net/ChangeLog-8.php#8.2.29
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-12 08:15:06 +08:00
2a7a09ff10
v4l-utils: Fix QA and build errors related to _TIME_BITS on 32-bit
...
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-09-11 16:58:30 +08:00
c29a18fa39
mbedtls: drop tag parameter from SRC_URI.
...
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-08-18 08:35:05 -07:00
205638f9ed
poco: patch CVE-2025-6375
...
Pick commit mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
37b138014b
poco: ignore additional failing tests
...
These tests are failing and thus preventing verification of new patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
e67921006f
minifi-cpp: patch spdlog CVE-2025-6140
...
Same patch as in spdlog recipe.
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
1fb0820868
spdlog: patch CVE-2025-6140
...
Pick commit [1] mentioned in [2] as listed in [3].
[1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094
[2] https://github.com/gabime/spdlog/issues/3360
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
ba84c52d55
libcoap: patch CVE-2024-31031
...
Pick commit [1] from [2] which fixes [3] as listed in [4].
[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
c8a1b909ec
poppler: fix CVE-2025-52886
...
Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std::atomic_int` for reference counting. Because
`std::atomic_int` is only 32 bits, it is possible to overflow
the reference count and trigger a use-after-free. Version 25.06.0
patches the issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-52886
https://security-tracker.debian.org/tracker/CVE-2025-52886
Upstream patches:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
21e370fd3c
open-vm-tools: fix CVE-2025-22247
...
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247
Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
c781171d34
mariadb: File conflicts for multilib
...
File conflicts between attempted installs of mariadb and lib32-mariadb
Signed-off-by: Guocai He <guocai.he.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(master rev: ddd322323eguocai.he.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
958ef90ab0
kmsxx: Revert to using original name for kmstest
...
Earlier both libdrm[1] and kmsxx[2] projects used to provide a binary
program called kmstest. To avoid the clash, the kmsxx recipe was
updated to rename this binary to kmsxxtest during installation. However
libdrm project has now removed kmstest[3] and hence there is no clash
in naming anymore, so revert back to original name of binary i.e.
kmstest.
[1]: https://gitlab.freedesktop.org/mesa/libdrm.git
[2]: https://github.com/tomba/kmsxx
[3]: https://gitlab.freedesktop.org/mesa/libdrm.git
commit: 2b997bb4bb688be00620887c8646ff24ccb9396b
Signed-off-by: Swamil Jain <s-jain1@ti.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
7b57b8f106
mariadb: upgrade 10.11.9 -> 10.11.12
...
This upgrade includes fix for CVE-2023-52969, CVE-2023-52970
and CVE-2023-52971
Changelog:
https://mariadb.com/kb/en/mariadb-10-11-12-changelog/
refresh 0001-Add-missing-includes-cstdint-and-cstdio.patch
Droped mm_malloc.patch and ppc-remove-glibc-dep.patch (Commit ID:
https://github.com/MariaDB/server/commit/dff354e7df2fa774ce4da77202a17e2cae99ac59 )
as these changes are available in 10.11.12
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
1b222113dc
libssh: fix CVE-2025-5351 & CVE-2025-5372
...
* CVE-2025-5351 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256
* CVE-2025-5372 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
Hitendra Prajapati
Shubham Pushpkar
Archana Polampalli
Anil Dongare
AshishKumar Mishra
Zoltán Böszörményi
Yoann Congal
Zhang Peng
Yi Zhao
Haixiao Yan
Martin Jansa
Divya Chellam
Deepak Rathore
Martin Schwan
Michael Opdenacker
Gyorgy Sarvari
Peter Marko
Alexandre Truong
Yogita Urade
Jan Vermaete
Randolph Sapp
Changqing Li
Roland Kovacs
Praveen Kumar
Jiaying Song
kjlau0112
Guocai He
Swamil Jain