f4dca597c9
exiftool: ignore CVE-2026-3102
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3102
The vulnerability impacts only MacOS - ignore it.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:33 +05:30
6bb74fff88
python3-protobuf: mark CVE-2026-0994 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
It is fixed already in the currently used version, however NVD tracks
it without any version info, so it still shows up in CVE reports.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:32 +05:30
7b418ef060
unbound: patch CVE-2025-5994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5994
Backport the patch[1] provided by upstream, which is linked in
the upstream advisory[2] referenced by the NVD report.
Tests passed successfully in a locally prepared ptest image.
[1]: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-5994_2.diff
[1]: https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:32 +05:30
c3185de08d
streamripper: ignore CVE-2020-37065
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 1571c1a8e5skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:31 +05:30
9fcdfa8b22
python3-pillow: patch CVE-2026-25990
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990
Backport the patch referenced by the NVD advisory.
Note that the patch contain some new binary test data, which
requires "git" PATCHTOOL - other tools fail to apply binary patches.
All ptests passed successfully:
Testsuite summary
TOTAL: 5011
PASS: 4577
SKIP: 431
XFAIL: 3
FAIL: 0
XPASS: 0
ERROR: 0
DURATION: 59
END: /usr/lib/python3-pillow/ptest
2026-03-06T17:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:31 +05:30
a892f6cfc9
python3-nltk: upgrade 3.9.2 -> 3.9.3
...
Contains fix for CVE-2026-14009.
Changelog:
* Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader
* Block path traversal/arbitrary reads in nltk.data for protocol-less refs
* Block path traversal/abs paths in corpus readers and FS pointers
* Validate external StanfordSegmenter JARs using SHA256
* Add optional sandbox enforcement for filestring()
* Maintenance: downloader/zipped models, CI/tooling updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 14d464c150skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:30 +05:30
7d3016495f
libheif: patch CVE-2025-68431
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68431
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:30 +05:30
258cdd1e07
imagemagick: upgrade 7.1.2-13 -> 7.1.2-15
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 853aecb2f9skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-09 07:49:26 +05:30
843542472e
ceres-solver: Don't fail if .git/hooks/commit-msg can't be touched
...
The .git/hooks/commit-msg Git hook may already exist and not be
writable. E.g., in our environment it is a symbolic link to a script in
/usr/share.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a22fe21c59anuj.mittal@oss.qualcomm.com >
2026-03-06 10:13:27 +05:30
d925b85aee
python3-flask: Upgrade 3.1.2 -> 3.1.3
...
Upgrade to release 3.1.3:
- The session is marked as accessed for operations that only access
the keys but not the values, such as in and len.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0badc6de53ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:14 +05:30
b75a502874
python3-werkzeug: upgrade 3.1.5 -> 3.1.6
...
Contains fix for CVE-2026-27199
Changelog: safe_join on Windows does not allow special devices names in multi-segment paths
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 9cbc4befe5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:14 +05:30
34c62e2edf
python3-sqlparse: upgrade 0.5.4 -> 0.5.5
...
Changelog:
==========
* Fix DoS protection to raise SQLParseError instead of silently returning None
when grouping limits are exceeded
* Fix splitting of BEGIN TRANSACTION statements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 48617f7032ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:13 +05:30
f21e5cdea1
python3-greenlet: upgrade 3.2.4 -> 3.2.5
...
Fix a crash on Python 3.9 if there are active greenlets during interpreter shutdown
https://greenlet.readthedocs.io/en/latest/changes.html#id4
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:13 +05:30
6928c475f2
python3-filelock: Upgrade 3.20.2 -> 3.20.3
...
Upgrade to release 3.20.3:
- Fix TOCTOU symlink vulnerability in SoftFileLock
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:12 +05:30
21f3c64e8e
python3-filelock: Upgrade 3.20.1 -> 3.20.2
...
Upgrade to release 3.20.2:
- Support Unix systems without O_NOFOLLOW
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8b5e1f5dbfankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:12 +05:30
6829eda4e2
python3-filelock: upgrade 3.20.0 -> 3.20.1
...
Changelog:
CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c2710a2df9ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:11 +05:30
d25f3ab33a
valkey: upgrade 8.1.4 -> 8.1.6
...
Includes fix for CVE-2026-21863, CVE-2025-67733 and various bug fixes.
Also include tag in the SRC_URI.
https://github.com/valkey-io/valkey/releases/tag/8.1.5
https://github.com/valkey-io/valkey/releases/tag/8.1.6
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:11 +05:30
78a373916b
nbench-byte: Fix sysinfo generation in parallel build
...
The project Makefile uses a script (sysinfo.sh) to non-atomically generate
two .c files (sysinfo.c, sysinfoc.c) which are then included in the build.
Since the script always overwrites both .c files, the Makefile should only
invoke it once, not twice in parallel. Otherwise the .c files may be
corrupted and cause random build failures in parallel builds.
Requires at least GNU make 4.3, for Grouped Targets support [1].
[1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Reviewed-by: Silvio Fricke <silvio.fricke@gin.de >
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit add2d94ab7anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:10 +05:30
9783e418db
xrdp: patch CVE-2025-68670
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68670
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:10 +05:30
24abd61c54
minidlna: ignore CVE-2024-51442
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442
The description of the vulnerability says "attacker [...] execute arbitrary
OS commands via a specially crafted minidlna.conf configuration file".
There is no official fix for this CVE, and upstream seems to be inactive
for the past 3 years.
The reason for ignoring this CVE is that the referenced minidlna.conf
file is in the /etc folder, and the file is not world-writable. Which
means that this vulnerability can be exploited only when someone is
root - but if the attacker is already root, they don't need to resort
to minidlna config-file modifications to execute any command they want.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:09 +05:30
4660316de2
gimp: ignore already fixed CVEs
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797
https://nvd.nist.gov/vuln/detail/CVE-2026-2044
https://nvd.nist.gov/vuln/detail/CVE-2026-2045
https://nvd.nist.gov/vuln/detail/CVE-2026-2047
https://nvd.nist.gov/vuln/detail/CVE-2026-2048
All these CVEs are already fixed in the recipe version, however
NVD tracks them currently without CPE info. Ignore them.
Relevant upstream commits:
CVE-2026-0797: https://gitlab.gnome.org/GNOME/gimp/-/commit/ca449c745d58daa3f4b1ed4c2030d35d401a009d
Note that the commit referenced by NVD is incorrect. This commit
was identified from the relevant upstream Gitlab issue:
https://gitlab.gnome.org/GNOME/gimp/-/issues/15555
CVE-2026-2044: https://gitlab.gnome.org/GNOME/gimp/-/commit/3b5f9ec2b4c03cf4a51a5414f2793844c26747e5
CVE-2026-2045: https://gitlab.gnome.org/GNOME/gimp/-/commit/bb896f67942557658b3fbfc67a1c073775c002c7
CVE-2026-2047: https://gitlab.gnome.org/GNOME/gimp/-/commit/5873e16f80cf4152d25a4c86b08553008a331e90
CVE-2026-2048: https://gitlab.gnome.org/GNOME/gimp/-/commit/fa69ac5ec5692f675de5c50a6df758f7d3e45117
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:09 +05:30
12845752e1
gnome-shell: ignore CVE-2021-3982
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982
The vulnerability is about a privilege escalation, in case
the host distribution sets CAP_SYS_NICE capability on the
gnome-shell binary.
OE distros don't do that, and due to this this recipe is not
affected by this issue. The CVE is ignored.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:09 +05:30
592de481e6
libjxl: upgrade 0.11.1 -> 0.11.2
...
- fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
- fix number of channels for gray-to-gray color transform (CVE-2026-1837)
- djxl: reject decoding JXL files if "packed" representation size overflows
size_t
https://github.com/libjxl/libjxl/releases/tag/v0.11.2
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:08 +05:30
1a18d1ac74
protobuf: ignore CVE-2026-0994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:08 +05:30
3ad174f956
postgresql: upgrade 17.7 -> 17.8
...
License-Update: Update license year to 2026
Refreshed patches for version 17.8
Includes fix for CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006
Release Notes:
https://www.postgresql.org/docs/release/17.8/
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:07 +05:30
fdddf2bdd3
openjpeg: patch CVE-2023-39327
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:07 +05:30
d811647686
nginx: patch CVE-2026-1642
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-1642
Note: this is only for v1.29.1.
v1.28.x recipe contains this fix already.
Pick the commit that was identified by the reporter on the oss-sec
mailing list[1]
[1]: https://www.openwall.com/lists/oss-security/2026/02/05/1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:06 +05:30
ed8e7c6fb5
wolfssl: patch CVE-2025-7394
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394
Backport patches from the PR[1][2][3] mentioned in the changelog[4].
[1] https://github.com/wolfSSL/wolfssl/pull/8849
[2] https://github.com/wolfSSL/wolfssl/pull/8867
[3] https://github.com/wolfSSL/wolfssl/pull/8898
[4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025
Dropped changes to github workflow and tests during backport.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:06 +05:30
4243e66245
wolfssl: patch CVE-2025-7395
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395
Backport patches from the PR[1] mentioned in the changelog[2]
[1] github.com/wolfSSL/wolfssl/pull/8833
[2] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:05 +05:30
6781da83ae
wolfssl: patch CVE-2025-13912
...
Backport changes from PR[1] mentioned in nvd[2]
[1] https://github.com/wolfSSL/wolfssl/pull/9148
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-13912
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:05 +05:30
9039381ef0
systemd-netlogd: upgrade 1.4.4 -> 1.4.5
...
Fixes build with 32 bit machines.
- Fix build on 32-bit with 64-bit time_t by @cgzones in #136
- Misc by @cgzones in #137
- Add terminating newline also for TLS connections by @Googulator in #139
- Add RFC5425 length field by @derobert in #140
- Correct examples for ExcludeSyslogFacility and ExcludeSyslogLevel by @ngraziano in #141
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:04 +05:30
a82f3ae1f3
python3-pybind11-json: fix Targets.cmake trying to reference host
...
The resulting pybind11_jsonTargets.cmake in the dev-package adds an
absolute path to python include directories in the target properties:
set_target_properties(pybind11_json PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "/usr/include/python3.13;${_IMPORT_PREFIX}/include"
)
The patch removes ${PYTHON_INCLUDE_DIRS} which is set by pybind11 from
set_target_properties to remove the poisonous host path.
Signed-off-by: Tafil Avdyli <tafil@tafhub.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0332dae9bbtafil@tafhub.de >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-06 10:09:01 +05:30
12fc4c6584
tomoyo-tools: update SRC_URI
...
The previous one became inaccessible.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-24 18:46:45 +05:30
35db95f565
nginx: upgrade 1.28.1 -> 1.28.2
...
Changelog:
- Security: an attacker might inject plain text data in the response
from an SSL backend (CVE-2026-1642).
- Bugfix: use-after-free might occur after switching to the next gRPC
or HTTP/2 backend.
- Bugfix: fixed warning when compiling with MSVC 2022 x86.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:36:46 +05:30
24a99d095d
php: upgrade 8.4.17 -> 8.4.18
...
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.4.18
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:36:42 +05:30
6763e7828d
libtracefs: upgrade 1.8.2 -> 1.8.3
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 0fbbddd537https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/tag/?h=libtracefs-1.8.3
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:34 +05:30
980fca8629
usbids: upgrade 2025.09.15 -> 2025.12.13
...
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5aca0a216dankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:34 +05:30
f11e6285f8
minizip-ng: 4.0.8 -> 4.0.10
...
1.Changelog:
https://github.com/zlib-ng/minizip-ng/releases/tag/4.0.10
2.Remove 0001-crypt.h-Remove-register-keyword.patch as it was merged upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5f6dbb284aankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:33 +05:30
a96f3a8194
paho-mqtt-c: upgrade 1.3.14 -> 1.3.15
...
Drop patch to fix gcc15 compatibility - the problem has been solved by upstream.
Changelog:
- Update getaddrinfo options to support IPv6 hostname resolution
- Removed unnecessary _WIN64 conditional checks
- Fixed condition variable timed wait
- Support tls:// prefix
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cb9d043f46ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:33 +05:30
0831fc038d
libx86-1: upgrade 1.1 -> 1.1.1
...
Bugfix release, mostly with patches applied from other distros.
Also fixes the SRC_URI which became inaccessible over time.
Drop patches that are included in this release.
Shortlog:
https://gitlab.archlinux.org/grawlinson/libx86/-/compare/v1.1...v1.1.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 19fdc49db3ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:32 +05:30
1597f7ba50
libsdl2-compat: update 2.32.58 -> 2.32.62
...
Changelog:
2.32.62:
This is a stable bugfix release, with the following changes:
Improved support for GNU/Hurd
Fixed crash if hidapi strings are not available
2.32.60:
This is a stable bugfix release, with the following changes:
Fixed crash at startup in Dwarf Fortress
Fixed crash at startup in Stellaris
Fixed mouse stuttering in Amiberry
Fixed the viewport not being reset when the window is resized
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Adapted for Whinlatter to keep x11 in REQUIRED_DISTRO_FEATURES
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:32 +05:30
f195fb8e78
cryptsetup: upgrade 2.8.3 -> 2.8.4
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Stable bug-fix release
https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.8.4/docs/v2.8.4-ReleaseNotes?ref_type=tags
(cherry picked from commit 9111684d67ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:31 +05:30
a876a9549e
python3-django: upgrade 4.2.27 -> 4.2.28
...
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207,
CVE-2026-1285, CVE-2026-1287 and CVE-2026-1312
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:31 +05:30
52ad98a187
python3-django: upgrade 5.2.9 -> 5.2.11
...
Changelog:
5.2.11:
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285,
CVE-2026-1287 and CVE-2026-1312
5.2.10:
* Fixed a bug in Django 5.2 where data exceeding max_length was silently
truncated by QuerySet.bulk_create on PostgreSQL.
* Fixed a bug where management command colorized help (introduced in
Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:31 +05:30
5329a32c57
python3-watchdog: Remove obsolete dependencies
...
Python watchdog has removed all dependencies except optional `pyyaml`
dependency for `watchmedo` utility, like follows [1]:
* pathtools dependency was removed in 1.0.0
* python-argh dependency removed in 2.1.6
* requests was never a dependency
* pyyaml only needed for extras (`watchmedo`) and may not be strictly necessary
[1] https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst
Signed-off-by: Tero Kinnunen <tero.kinnunen@vaisala.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:30 +05:30
9a026112a5
gnome-desktop: upgrade 44.1 -> 44.4
...
Changes:
Version 44.4
- Support TryExec for thumbnailers
- Translation updates
Version 44.3
- Fix CI regression for release upload
Version 44.2
- Stop using ratio character for time in the wall-clock
- Fix variable initialization
- General CI cleanups
- Only parse XML files as slideshows
- Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:30 +05:30
e23c3d78ff
wireshark: patch CVE-2026-0962
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0962
Backport the commit that is referenced in the related gitlab issue[1].
[1]: https://gitlab.com/wireshark/wireshark/-/issues/20945
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:29 +05:30
b6fe5458db
python3-python-multipart: patch CVE-2026-24486
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24486
Pick the patch that is referenced by the NVD advisory.
Ptests passed successfully:
Testsuite summary
TOTAL: 121
PASS: 121
SKIP: 0
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
DURATION: 2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:29 +05:30
80a5465833
redis: ignore CVE-2025-46686
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686
Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.
See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 868b4b2959skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:28 +05:30
effd66ea21
raptor2: patch CVE-2024-57822 and CVE-2024-57823
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-57822
https://nvd.nist.gov/vuln/detail/CVE-2024-57823
Pick the patches mentioned in the github issue[1] mentioned
in the NVD advisories (both of them are covered by the same issue)
[1]: https://github.com/dajobe/raptor/issues/70
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit dc2c6a514eskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-02-19 08:20:28 +05:30
Gyorgy Sarvari
Wang Mingyu
Peter Kjellerstedt
Leon Anavi
Ankur Tyagi
Daniel Klauer
Anuj Mittal
Tafil Avdyli
Jason Schonberg
Liu Yiding
Markus Volk
Tero Kinnunen