mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
30,682 Commits 64 Branches 0 Tags
eb338ebb606f22363be5b4114e25a10b494b4f55
Commit Graph

30682 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ankur Tyagi eb338ebb60 civetweb: patch CVE-2025-9648 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-9648

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 11:45:21 +05:30
Ankur Tyagi 1c7b69ee0b editorconfig-core-c: patch CVE-2024-53849 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-53849

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 11:45:21 +05:30
Ankur Tyagi d9148434ad flatpak: patch CVE-2024-42472 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-42472

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 11:45:21 +05:30
Ankur Tyagi af50080591 libcupsfilters: patch CVE-2025-57812 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-57812

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 11:45:20 +05:30
Ankur Tyagi a0292cd209 jasper: patch CVE-2024-31744 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-31744

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 11:45:20 +05:30
Kai Kang 1fea09e692 mbedtls: fix CVE-2025-47917 
CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.

Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-17 11:45:16 +05:30
Vijay Anusuri b4812b18ee proftpd: Fix CVE-2023-48795 
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 6c8ae54fc3)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:02:03 +05:30
Hitendra Prajapati 5775e1a643 wireshark: fix CVE-2025-13499 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:02:02 +05:30
Viswanath Kraleti d9e1f6f274 gflags: switch Git branch from master to main 
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.

Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:00:54 +05:30
Sudhir Dumbhare e0dbf0bcd3 hdf5 1.14.4-3: fix CVE-2025-2912 
Upstream Repository: https://github.com/HDFGroup/hdf5.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2912
Type: Security Fix
CVE: CVE-2025-2912
Score: 4.8
Patch: https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a

Analysis:
- CVE-2025-2913 was previously fixed by [1], which is also addresses CVE-2025-2912
  as noted in [4].
- NVD [2] references the GitHub discussion [3] for CVE-2025-2912, and we successfully
  reproduced the issue following the steps outlined there.
- Applied the fix from [4] and verified resolution using the reproduction steps.
- The same patch [4] is already included in OE-scarthgap [5] for CVE-2025-2913.
- Therefore, reused the patch from [5] to resolve CVE-2025-2912.

References:
[1] https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-2912
[3] https://github.com/HDFGroup/hdf5/issues/5370#issue-2917388806
[4] https://github.com/HDFGroup/hdf5/issues/5370#issuecomment-3542881855
[5] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/hdf5?h=scarthgap&id=b42e6eb3e51a

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:00:53 +05:30
Valeria Petrov c223262bd7 apache2: upgrade 2.4.65 -> 2.4.66 
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753

See: http://www.apache.org/dist/httpd/CHANGES_2.4.66

Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:00:53 +05:30
Ankur Tyagi 91ea5aa570 libavif: patch CVE-2025-48174 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-48174

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:00:53 +05:30
Ankur Tyagi b7fd86557f smarty: update CVE_PRODUCT 
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-11 08:00:23 +05:30
Wang Mingyu 47b2afbc12 corosync: upgrade 3.1.9 -> 3.1.10 
CVE-2025-30472.patch
removed since it's included in 3.1.10

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7915bcecf5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-09 07:01:20 +05:30
Ankur Tyagi 873297afaa python3-django: upgrade 5.0.11 -> 5.0.14 
Drop patch merged in the upstream.

Release notes:
https://docs.djangoproject.com/en/dev/releases/5.0.12/
https://docs.djangoproject.com/en/dev/releases/5.0.13/
https://docs.djangoproject.com/en/dev/releases/5.0.14/

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-09 07:01:20 +05:30
Peter Marko 4d1817df45 nftables: remove python dependency from main package 
The recipe splits python code to nftables-python package, however
setuptools classes add the dependency to main package.
Since nftables-python package already has python3-core explicit
dependency, remove it from the main package.

(From meta-openembedded rev: 331126a6d0)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-09 07:01:16 +05:30
Vijay Anusuri 7ed4330bcf net-snmp: Update Upstream-status in the net-snmp-5.9.4-kernel-6.7.patch 
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-05 17:46:29 +05:30
Khem Raj bd2cabff81 net-snmp: Fix a crash and support for 6.7+ kernel 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from 8147a884c6)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-05 17:46:28 +05:30
Deepak Rathore b09a12e166 hdf5 1.14.4-3: Fix CVE tag format in patches 
- The CVE tags in multiple hdf5 patches were using comma-separated
format which caused false positives in CVE reports.
- Multiple CVEs should be separated by space in CVE-ID.patch file as
per recipe style guide in Yocto documentation so CVE report tool can
scan those CVEs and mark it as patched.

Fixed the following patches:
- CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch
- CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch
- CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch

Reference:
- https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#cve-patches

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-05 17:46:25 +05:30
Gyorgy Sarvari a9fa1c5c2a xrdp: patch CVE-2023-42822 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-42822

Pick the patch the references the github advisory[1] and the cve ID also from
the nvd report. The patch is a backported version of the patch referenced by
the nvd report.

[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:11 +05:30
Gyorgy Sarvari 259e4f9266 xrdp: patch CVE-2023-40184 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184

Pick the patch that is associated with the github advisory[1], which is
a backported version of the patch that is referenced by the nvd report.

[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:11 +05:30
Gyorgy Sarvari f81041bb39 xrdp: patch CVE-2022-23493 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:10 +05:30
Gyorgy Sarvari 2578e5c17d xrdp: patch CVE-2022-23484 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:10 +05:30
Gyorgy Sarvari 8ffd8f29d5 xrdp: patch CVE-2022-23483 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:09 +05:30
Gyorgy Sarvari 31694c82e3 xrdp: patch CVE-2022-23482 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:09 +05:30
Gyorgy Sarvari 64ee8f84c4 xrdp: patch CVE-2022-23481 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:08 +05:30
Gyorgy Sarvari 71e9d02b12 xrdp: patch CVE-2022-23480 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:08 +05:30
Gyorgy Sarvari 19e076e66b xrdp: patch CVE-2022-23479 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:07 +05:30
Gyorgy Sarvari 63b5fff975 xrdp: patch CVE-2022-23478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:07 +05:30
Gyorgy Sarvari a6efc5b285 xrdp: patch CVE-2022-23477 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:06 +05:30
Gyorgy Sarvari 1cb08277fe xrdp: patch CVE-2022-23468 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-04 14:10:02 +05:30
Anuj Mittal 5a52615450 pidgin: fix reproducibility issues 
Backport changes fixing reproducibility issues from master:

    9697fd958e      Yoann Congal    pidgin: Upgrade to 2.14.13

Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 11:23:31 +05:30
yuyu 9e4f627941 trace-cmd: Update SRC_URI to use HTTPS protocol 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f00b6ad12f)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:37:26 +05:30
Yi Zhao 7e74032909 crash: add zlib-native to depends for crash-cross 
Fix the following error when using buildtools-extended:

va_server.c:20:10: fatal error: zlib.h: No such file or directory
   20 | #include <zlib.h>
      |          ^~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bd745115de)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:34:21 +05:30
Gyorgy Sarvari 9100a5369d nbdkit: patch CVE-2025-47712 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47712

Pick the patch from the project's repository which explicitly
mentions this vulnerability ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:34 +05:30
Gyorgy Sarvari ffb8d52fae nbdkit: patch CVE-2025-47711 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47711

Pick the patch from the repository which explicitly mentions
this CVE ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:34 +05:30
Gyorgy Sarvari 8f602e1cfa redis: handle CVE-2025-27151 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151

In redis 7 this is already patched[1], and the recipe contains the
fix.
For redis 6 backport the relevant patch (which is referenced in the
nvd report)

[1]: https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:33 +05:30
Gyorgy Sarvari ac19cd99a8 redis: ignore CVE-2022-0543 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0543

The issue is specific to the version packaged by Debian, it can be ignored.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:33 +05:30
Gyorgy Sarvari ed345fca57 yasm: patch CVE-2021-33456 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1e2731fce0)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:32 +05:30
Gyorgy Sarvari 782c49a05a yasm: patch CVE-2021-33464 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:32 +05:30
Gyorgy Sarvari 138ac945d9 yasm: patch CVE-2023-29579 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cc30757a7f)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:31 +05:30
Gyorgy Sarvari 05fd7d83ff yasm: add alternative CVE_PRODUCT 
There are multiple vendors for yasm:

$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm

Both products refer to the same application

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:31 +05:30
Kai Kang 0ad67b4bd2 libtracefs: avoid run bison 
There is a rare compile failure

| In file included from sqlhist-parse.h:25,
|                  from tracefs-sqlhist.c:17:
| sqlhist.tab.h:120:8: error: unterminated comment
|   120 | #endif /* !YY_TRACEFS_SQLHIST_TAB_H_INCLUDED  */
|       |        ^

Backport patch to avoid run bison that not re-gerate sqlhist.tab.h.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-03 10:31:28 +05:30
Gyorgy Sarvari 89a01c3d9a cockpit: set correct CVE_PRODUCT 
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit af4df551ee)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-28 11:27:05 -08:00
Pavel Zhukov 2e0e65ecaa fbida: Require opengl feature for pdf only 
Don't require it for entire distro if pdf package config disabled.

Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f22451b51b)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-28 11:27:05 -08:00
Gyorgy Sarvari 9f031e8d0f links: set CVE_PRODUCT 
There are some unrelated software called "links", which cases
false-positive CVEs to be reported by the CVE checker.

Set the vendor/product pairs that were historically used with
CVEs for this software.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62a5309732)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-28 11:26:58 -08:00
Peter Marko 2e768a8261 uw-imap: patch CVE-2018-19518 
Take patch from Debian from
https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f7c1e6bd1)
Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-25 17:14:44 +05:30
Yoann Congal 77536efcb0 zfs: fix host-related reproducibility 
The zfs package content varies depending the host distro.
To fix this, force target distribution ("vendor") to Debian to match
default values for things like: NFS server service name, bash completion
path, configuration files, ...
The Debian values do match the OpenEmbedded ones.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4990a36eb4)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-25 17:12:52 +05:30
Khem Raj e6a44bc7eb ot-br-posix: Define config files explicitly 
Otherwise it picks up from build area with absolute paths into builddir

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0439d42c55)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-25 17:12:18 +05:30
Hugo SIMELIERE 5fab8bd31b libwebsockets: fix CVE-2025-11678 
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch
Upstream commit:
https://github.com/warmcat/libwebsockets/commit/2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-11-21 11:06:18 +05:30