meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

Author	SHA1	Message	Date
Gyorgy Sarvari	0be619859e	tigervnc: sync xserver code with oe-core TigerVNC compiles its own xserver. Synchronize the xserver version with oe-core. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `fadb9c0570`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:49 +05:30
Gyorgy Sarvari	d5f3269b90	tigervnc: fix typo in CVE_STATUS Forgot to add the CVE- prefix in previous patch. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `2f913279d4`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:49 +05:30
Gyorgy Sarvari	e370d2f41f	fio: ignore CVE-2025-10824 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824 The upstream maintainer wasn't able to reproduce the issue[1], and the related bug is closed without further action. [1]: https://github.com/axboe/fio/issues/1981 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `a275078cbe`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:48 +05:30
Gyorgy Sarvari	c0a63f5222	dovecot: patch CVE-2025-30189 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 Pick the patches referenced by the advisory[1] from the Full Disclosure list. [1]: https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:48 +05:30
Gyorgy Sarvari	af7857e40c	cups-filters: patch CVE-2025-64524 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524 Pick the patch mentioned in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `056ee43dd1`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:47 +05:30
Gyorgy Sarvari	6a2e51e989	cifs-utils: patch CVE-2025-2312 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312 Pick the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:47 +05:30
Jason Schonberg	1a7e2ac776	c-ares: upgrade 1.34.5 -> 1.34.6 Drop memory leak patch which has already been included in this new version. The new version also includes a fix for CVE 2025-62408. Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `996768e080`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:46 +05:30
Gyorgy Sarvari	efde0fec54	minio: ignore irrelevant CVEs The minio umbrella covers multiple projects. The recipe itself builds "minio client", which is a set of basic tools to query data from "minio server" - like ls, mv, find... The CVEs were files against minio server. Looking at the go mod list, this recipe doesn't use minio server even as a build dependency - so ignore the CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `df462075be`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:46 +05:30
Gyorgy Sarvari	0c577a8001	accountsservice: ignore CVE-2023-3297 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297 The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is not present in the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `071a45c9d7`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:21 +05:30
Gyorgy Sarvari	a8a70d3893	fex: ignore unrelated CVEs These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b990486203`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-05 07:25:18 +05:30
Mingli Yu	a4e768dcfa	bpftool-native: Empty DEBUG_PREFIX_MAP_EXTRA Most host gcc doesn't support -fcanon-prefix-map right now, so empty DEBUG_PREFIX_MAP_EXTRA to fix the below build error. \| gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `31a08525be`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 16:54:28 +05:30
Khem Raj	14b2443bc1	libplist: Fix buildpaths in ptests Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> (cherry picked from commit `3a6b83c075`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 16:53:43 +05:30
Viswanath Kraleti	ce1a2719f2	gflags: switch Git branch from master to main Update SRC_URI to use the 'main' branch instead of 'master' since the upstream GitHub repository has renamed its default branch. Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:05:06 +05:30
Leon Anavi	16316689b0	python3-huey: Upgrade 2.5.4 -> 2.5.5 Upgrade to release 2.5.5: - Fix for pypi Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `7954f37b3c`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:27 +05:30
Leon Anavi	afeafe9ac3	python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2 Upgrade to release 3.1.2: - Fix pickling of abstract base classes containing type annotations for Python 3.14. License-Update: Use file LICENSE Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b428f67575`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:27 +05:30
Leon Anavi	2ded78c56b	python3-polyline: Upgrade 2.0.3 -> 2.0.4 Upgrade to release 2.0.4: - Add py.typed marker Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `71055538b5`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:27 +05:30
Wang Mingyu	1f836596b9	python3-sqlparse: upgrade 0.5.3 -> 0.5.4 Changelog: ============= Enhancements --------------- * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an '--in-place' flag for in-place editing * Add 'ATTACH' and 'DETACH' to PostgreSQL keywords * Add 'INTERSECT' to close keywords in WHERE clause * Support 'REGEXP BINARY' comparison operator Bug Fixes ---------- * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks * Fix splitting on semicolons inside BEGIN...END blocks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `705abb20c1`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:26 +05:30
Wang Mingyu	5f28ef7349	python3-pymodbus: upgrade 3.11.3 -> 3.11.4 Changelog: full support for python 3.14 and a number of packages (like mypy) have been updated. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b745baf478`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:26 +05:30
Wang Mingyu	6e0c4cd1a5	python3-pybcj: upgrade 1.0.6 -> 1.0.7 Changelog: ============ - Support for python 3.14 - ci: fix test and release workflows Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `797e29ed42`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:25 +05:30
Wang Mingyu	0912147bde	python3-gmpy2: upgrade 2.2.1 -> 2.2.2 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `e274146fa4`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:25 +05:30
Wang Mingyu	8197b4ba79	python3-eventlet: upgrade 0.40.3 -> 0.40.4 Changelog: ============ * Remove legacy setuptools configuration files * add 3.14 to supported versions * Emit warning on startup that eventlet is deprecated * Fix Python 3.14 on macOS * Workaround for #1068 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `768580103b`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:24 +05:30
Ankur Tyagi	4ef895e04c	python3-django: upgrade 4.2.25 -> 4.2.26 Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.26/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `5551a12170`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:24 +05:30
Ankur Tyagi	1a96475ce5	python3-django: upgrade 5.2.7 -> 5.2.8 Release Notes: https://docs.djangoproject.com/en/dev/releases/5.2.8/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `8247a68d54`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:23 +05:30
Wang Mingyu	0e313f5b73	python3-rich-argparse: upgrade 1.7.1 -> 1.7.2 Changelog: Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `18aaa7d8a6`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:23 +05:30
Wang Mingyu	93be4fae40	python3-moteus: upgrade 0.3.95 -> 0.3.96 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `ddca2bae90`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:22 +05:30
Wang Mingyu	f54fe07115	python3-gpt-image: upgrade 0.9.0 -> 0.9.1 Changelog: Partition commit offset calculation License-Update: file type changed to "ASCII text" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `dc53efed84`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:22 +05:30
Khem Raj	7c5fd57f84	e2tools: Fix buildpaths in ptests Currently the path checks are escaping QA check for buildpath detection but config.status still has paths which show up in reproduciblity failures, comparing build in path A and build in path B, content of config.status don't end up same. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `0856c56132`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:21 +05:30
Wang Mingyu	1de4f92214	nautilus: upgrade 49.1 -> 49.2 * Bugfixes: - Fix handling of unset XDG directories - Reduce memory usage of thumbnails by correct scaling - Fix potential rescaling of item when switching to cut icon - Fix crash on empty file lists in drops - Correct sorting of loopback devices - Don't skip the first file from operation progress monitoring Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `90343e1990`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:21 +05:30
Gyorgy Sarvari	aa45e41705	gupnp-tools: upgrade 0.12.1 -> 0.12.2 Changelog: - Common: - Remove deprecated libxml calls - AV CP: - Remove some stray debug output - EventDumper: - Code cleanup - Uploader: - Fix parsing the Browse result Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `25540bf356`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:21 +05:30
Gyorgy Sarvari	dc5e6e348e	gupnp-av: upgrade 0.14.1 -> 0.14.4 Drop patch that is included in this release. Changelog: 0.14.4: - Move documentation to gi-docgen 0.14.3: - CI fixes 0.14.2: - xml: Fix compatibility with libxml2 2.12.x - Add missing array annotation - build: Fix Requires: line of pkg-config file - Loosen restriction on dc:date verification Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b8d9e45b69`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:20 +05:30
Gyorgy Sarvari	4ae00d401c	gupnp: upgrade 1.6.6 -> 1.6.9 Drop patch that was incorporated in this release. Changelog: 1.6.9: - Linux-CM: Fix a potential memory leak - Fix documentation link for libsoup - Fix unnecessary g_thread_unref in tests - Fix issues with Since: in documentation 1.6.8: - ServiceProxyAction: Remove some left-over debug output - ServiceProxyAction: Stop leaking the HTTP response - Docs: Fix various issues - ServiceProxyAction: Add get_value_as() - Linux-CM: Silence a false-positive with scan-build 1.6.7: - Fix compatiblity with libxml2 2.12.x - Improve reproducability - ControlPoint: Fix re-scan - ContextManager: Fix boot-id update - Context: Fix crash if served URI is not an IP address Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `dd108a46f8`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:20 +05:30
Gyorgy Sarvari	b3eb875f50	gssdp: upgrade 1.6.3 -> 1.6.4 Drop patch that was incorporated in this release. Shortlog (without CI-changes): client: Format Since/Deprecated versions in a way gi-docgen can parse Fix template to use local mirror gssdp-enums.c.template: use basename instead of filename resource-browser: Make regex pattern static Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `a78826db86`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:19 +05:30
Mingli Yu	7301de982a	openipmi: Pass BUILD_CFLAGS to BUILD_CC * The option -fcanon-prefix-map is added to CFLAGS after the commit [1] introduced and result in the below build error. Making all in sdrcomp make[3]: Entering directory '/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37/lanserv/sdrcomp' aarch64-wrs-linux-gcc -mcpu=cortex-a57+crc -mbranch-protection=standard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot -DHAVE_CONFIG_H -I. -I../.. -DSTATEDIR='"/var"' -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c -o sdrcomp.o sdrcomp.c gcc -o sdrcomp_build ../../lanserv/sdrcomp/sdrcomp.c -O2 -g -fcanon-prefix-map -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/sources/OpenIPMI-2.0.37=/usr/src/debug/openipmi/2.0.37 -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot= -ffile-prefix-map=/tmp/work/cortexa57-wrs-linux/openipmi/2.0.37/recipe-sysroot-native= -pipe -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wsign-compare -I../../include -I../../lanserv -I../../utils -lm gcc: error: unrecognized command-line option ‘-fcanon-prefix-map’; did you mean ‘-fmacro-prefix-map=’? * Pass BUILD_CFLAGS for BUILD_CC to fix the above build issue. [1] https://git.openembedded.org/openembedded-core/commit/?id=3dbc4a79f01ebfc54da024c1460c06772659088d Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `c41fb791fa`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 14:00:19 +05:30
Peter Marko	d80916b4dc	libcoap: upgrade 4.3.5 -> 4.3.5a Changelog [1]: * Fixes the following CVEs CVE-2025-59391 CVE-2025-65494 CVE-2025-65495 CVE-2025-65496 CVE-2025-65497 CVE-2025-65498 CVE-2025-65499 CVE-2025-65500 CVE-2025-65501 * CVE-2025-50518 not fixed as user application error. * Support for Mbed TLS 3.6.3. * Support for RIOT update changes. * Fixes for later CI environment builds. * Critical reported bugs fixed. Add tag to SRC_URI for hash verification. License-Update: copyright years refreshed [2] [1] https://github.com/obgm/libcoap/blob/v4.3.5a/ChangeLog [2] https://github.com/obgm/libcoap/commit/993c12ac92ce6a24a409924fe78a5c0fe7246699 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6a9cc44a92`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:21 +05:30
Wang Mingyu	3cadf1e0c7	postfix: upgrade 3.10.5 -> 3.10.6 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `cde1da5ec1`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:20 +05:30
Wang Mingyu	10c0a22f9a	libdaq: upgrade 3.0.22 -> 3.0.23 Changelog: api: add tcp flag in DAQ flow stats Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `8c3baf61d0`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:20 +05:30
Liu Yiding	2e4f464335	pgpool2: 4.6.3 -> 4.6.4 Drop 0001-snprintf-Add-math.h-to-ensure-isnan-and-isinf-are-de.patch and v1-0001-Make-time-calculations-always-long-long.patch as those were merged upstream. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `7fb4910ccb`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:19 +05:30
Wang Mingyu	394b23d027	openvpn: upgrade 2.6.15 -> 2.6.16 Code maintenance / Compat changes --------------------------------- - adapt to new "encrypt-then-mac" cipher suites in OpenSSL 3.6.0 - these need special handling which we don't do, so the t_lpback self-test failed on them. Exclude from list of allowed ciphers, as there is no strong reason today to make OpenVPN use these. - fix various compile-time warnings Documentation updates --------------------- - fix outdated and non-HTTPS URLs throughout the tree (doxygen, warnings, manpage, ...) Bugfixes -------- - Fix memcmp check for the hmac verification in the 3way handshake. This bug renders the HMAC based protection against state exhaustion on receiving spoofed TLS handshake packets in the OpenVPN server inefficient. CVE: 2025-13086 - fix invalid pointer creation in tls_pre_decrypt() - technically this is a memory over-read issue, in practice, the compilers optimize it away so no negative effects could be observed. - Windows: in the interactive service, fix the "undo DNS config" handling. - Windows: in the interactive service, disallow using of "stdin" for the config file, unless the caller is authorized OpenVPN Administrator - Windows: in the interactive service, change all netsh calls to use interface index and not interface name - sidesteps all possible attack avenues with special characters in interface names. - Windows: in the interactive service, improve error handling in some "unlikely to happen" paths. - auth plugin/script handling: properly check for errors in creation on $auth_failed_reason_file (arf). - for incoming TCP connections, close-on-exec option was applied to the wrong socket fd, leaking socket FDs to child processes. - sitnl: set close-on-exec flag on netlink socket - ssl_mbedtls: fix missing perf_pop() call (optional performance profiling) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `351ac66213`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:19 +05:30
Valeria Petrov	436dc00649	apache2: upgrade 2.4.65 -> 2.4.66 Security fixes: - CVE-2025-66200 - CVE-2025-65082 - CVE-2025-59775 - CVE-2025-58098 - CVE-2025-55753 See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `220835dac9`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:18 +05:30
Wang Mingyu	d104f0cc04	swagger-ui: upgrade 5.30.2 -> 5.30.3 Changelog: ========== - deps: update vulnerable @release-it/conventional-changelog to 10.0.2 - deps: update vulnerable dependencies (js-yaml & glob) - utils: handle sanitizing multi-level relative paths Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `fad70abdb3`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:18 +05:30
Wang Mingyu	0f0a0857ed	fcgi: upgrade 2.4.6 -> 2.4.7 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `39f1d58d2b`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:17 +05:30
Changqing Li	4299b96547	libmng: correct version of libmng Current version is 2.0.3, the lastrelease of libmng is in 2015, add a patch to fix it Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `c91f9c0a4b`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:17 +05:30
Changqing Li	0a7cfae22a	version-check.conf: mute version mismatch warning for bpftrace bpftrace set the version by "git describe --dirty", since we have local patch for bpftrace, '-dirty' will be added into the version, set CHECK_VERSION_PV to mute the version mismatch warning Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `219328f37c`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:16 +05:30
Changqing Li	f09c088416	version-check.conf: mute version mismatch warning for flite * flite --version return 1 block version output for check-version-mismatch.bbclass * even with version output flite-2.2-current, regular version match regexp cannot match the version so mute version mismatch warning for flite Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `d819512cb3`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:16 +05:30
Wang Mingyu	ea6ee29f35	psqlodbc: upgrade 17.00.0006 -> 17.00.0007 add-expected-output-file-for-descrec-test.patch removed since it's included in 17.00.0007 psqlodbc-fix-for-ptest-support.patch refreshed for 17.00.0007 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `967e5c9e0f`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:15 +05:30
Wang Mingyu	801e58ad7f	libnice: upgrade 0.1.22 -> 0.1.23 License-Update: Add SPDX-License-Identifier for added clarity Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `58974f72d1`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:15 +05:30
Wang Mingyu	c9f06184c0	asyncmqtt: upgrade 10.2.5 -> 10.2.6 Changelog: ============== * Removed unintentional copy requiment from some of async functions parameter. * Fixed Heap-use-after-free during broker shutdown. * Rifined documents. * Added TLS Websocket verify none port to broker for browser. * Added Cerfiticate file's digitalSignature to keyUsage. * Fixed wss connection from Web Browser handshake failed problem. * Changed trial broker on `async-mqtt.redboltz.net` ws and wss port. * ws was 10080 but Chrome block it by default. Updated to 80. * wss was 10443 but Chrome doesn't block it by default. But for consistency, updated to 443. * system_test still uses 10080 and 10443 to avoid conflict. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `43779307f4`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:15 +05:30
Changqing Li	48583153fe	hdf5: inherit pkgconfig inherit pkgconfig, and fix install conflict when enable multilib, this can also improve reproducibility Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `a2f2c06ec8`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:14 +05:30
Yi Zhao	25172ad273	crash: add zlib-native to depends for crash-cross Fix the following error when using buildtools-extended: va_server.c:20:10: fatal error: zlib.h: No such file or directory 20 \| #include <zlib.h> \| ^~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `bd745115de`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:14 +05:30
Khem Raj	2e5f52deaa	fuse3: Fix build with clang on riscv32 Clang needs 64-bit atomics on rv32 here and builtins does not have them so help it by linking with libatomic Fixes riscv32-yoe-linux-musl-ld.lld: error: undefined symbol: __atomic_fetch_add_8 Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `e3257c3360`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:13 +05:30

... 2 3 4 5 6 ...

36355 Commits