summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* vorbis-tools: patch CVE-2023-43361Peter Marko2025-02-042-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is inactive project, so no official CVE fix will be available anymore. That however does not mean that there is no fix available. Following tries to prove that patch provided here is valid. NVD CVE report [1] links issue [2] where this is reported. Based on the report, fix was proposed in [3]. There was some review however the patch autor was not active. [4] was later created trying to adddress the comments, but the project was not active anymore. In this PR the patch was shrunk to a one-liner in discussion. I have tested the poc and it is real. The patch fixes it, while not breaking the execution if good file path is provided as argument. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361 [2] https://github.com/xiph/vorbis-tools/issues/41 [3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 [4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 67d94fecb0dbd4f979b09a439c614ee4f01fc0c2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* audiofile: patch CVE-2017-6839Peter Marko2025-02-042-0/+127
| | | | | | | | | | Use patch from buildroot: https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 88faae83b2b0e68827c457f4f348f7d7868f5258) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* audiofile: patch CVE-2017-6831Peter Marko2025-02-042-0/+47
| | | | | | | | | | Use patch from buildroot: https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9d668989b1447fb19aff55c1a47acdf8d4e8c5e2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* audiofile: fix multiple CVEsPeter Marko2025-02-042-0/+80
| | | | | | | | | | | | CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838 Use patch from buildroot: https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 75f2bd2b3b145d8282db9926d8212c6d81bde99e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* audiofile: patch CVE-2017-6829Peter Marko2025-02-042-0/+44
| | | | | | | | | | Use patch from buildroot: https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f29fbaa4650201a059c65572947ed8faa991fcd8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* audiofile: fix multiple CVEsPeter Marko2025-02-042-0/+46
| | | | | | | | | | | | CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837 Use patch from buildroot: https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 634cbcb91c3ab7154e0cda707663a1e4aa500f4a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* procmail: patch CVE-2017-16844.Peter Marko2025-02-042-0/+21
| | | | | | | | | | Take patch from Debian. https://sources.debian.org/data/main/p/procmail/3.22-26%2Bdeb10u1/debian/patches/30 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 3d97f4c13d5f5810659e107f6461f0b63f6fa92a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* procmail: patch CVE-2014-3618Peter Marko2025-02-042-1/+32
| | | | | | | | | | | Take patch from Debian. https://sources.debian.org/data/main/p/procmail/3.22-20%2Bdeb7u1/debian/patches/CVE-2014-3618.patch Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 8378820dab0b6955fb0e2b27f24a1626f9124e5b) [Fixup for styhead context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtinyxml2: set CVE product to tinyxml2Jörg Sommer2025-02-041-0/+1
| | | | | | | | | | | This library gets tracked with the product name tinyxml2: https://nvd.nist.gov/products/cpe/detail/5A6C04CB-E6AD-4740-882A-34620AEC060A Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1c60b8ccf7a011fcac05714fc29d47bbc21c5ea3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lapack: fix TMPDIR reference in do_package_qaZhang Peng2025-02-041-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | When building the `lapack` package, the following QA error occurs: "File /usr/lib64/libblas.so.3.12.0 in package lapack contains reference to TMPDIR [buildpaths]" The issue arises because the `xerbla.o` object file embeds the absolute host path of `xerbla.f`. This occurs during compilation, where the build command in `build.make` (generated by CMake) specifies: `gfortran -c <absolute path>/xerbla.f -o`. As a result, the absolute path is included in `xerbla.o`. Unfortunately, `gfortran` does not support flags like `-fdebug-prefix-map` or `-ffile-prefix-map` to remove such paths. To resolve this, the fix involves replacing the absolute path of `xerbla.f` in the generated `build.make` file with a relative path before the compilation step. This ensures that the resulting `xerbla.o` does not contain any references to TMPDIR, passing the `do_package_qa` check. For ptest code, the solution is to replace `${WORKDIR}` with `../../..` in the generated `build.make` files located in the TESTING directory. Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b617496fb08950c155e75c8f21bafb10e301095c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtinyxml: patch CVE-2023-34194Peter Marko2025-02-042-0/+32
| | | | | | | | | | Take patch from Debian: https://salsa.debian.org/debian/tinyxml/-/commit/2366e1f23d059d4c20c43c54176b6bd78d6a83fc Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f4a6966bf0cc48ee7fa83c64c2eec2c4fbf91eb4) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtinyxml: patch CVE-2021-42260Peter Marko2025-02-042-1/+30
| | | | | | | | | | | Take patch from Debian: https://salsa.debian.org/debian/tinyxml/-/commit/38db99c12e43d7d6e349403ce4d39a706708603d Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 066cf35ae588ef5f81266b216624b95d37777661) [Fixup for styhead context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtinyxml: set CVE product to tinyxmlJörg Sommer2025-02-041-0/+1
| | | | | | | | | | | This library gets tracked with the product name tinyxml: https://nvd.nist.gov/products/cpe/detail/95BDA29F-257C-4C44-8847-25CFC107228D Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c5ef63d685b291b648c364dcd880dca39b13b538) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mpd: Upgrade mpd to 0.23.16Khem Raj2025-02-042-54/+1
| | | | | | | | | | | | | | | | | - Release Notes * database - fix integer overflows with 64-bit inode numbers * filter - ffmpeg: fix for filters producing no output * support libfmt 11 * support ICU 76 - Drop ICU-76 support patch its already in this release Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e7ca3cedb0ada5363db24d1ba7256544732173d7) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gphoto2: Fix /usr/bin/gphoto2 runtime errorHieu Van Nguyen2025-02-041-4/+2
| | | | | | | | | | | | | | After fixing the TMPDIR [buildpaths] warning, a segmentation fault while running gphoto2 command. It seems 'sed' is primarily designed for text processing. When running 'sed' on a binary, it may overwrite or corrupt critical parts of the binary. > root@qemux86-64:~# gphoto2 -v > Segmentation fault Signed-off-by: Hieu Van Nguyen <hieu2.nguyen@lge.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmodule-build-tiny-perl: fix QA Issue: TMPDIR [buildpaths]J. S.2025-01-161-0/+7
| | | | | | | Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c395f5e477b94fafb509e1348e4fb09e0e56be45) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtml-tree-perl: fix QA Issue: TMPDIR [buildpaths]J. S.2025-01-161-0/+7
| | | | | | | Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5f471132db6df673bbc2c9d7e03f3a049401cfa8) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtml-tree-perl: update HOMEPAGEJ. S.2025-01-161-1/+1
| | | | | | | Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 6623b2f4eade658d45a0728a3c04ab243b7385de) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtml-tree-perl: Drop unnecessary SRC_URI md5sumJ. S.2025-01-161-1/+0
| | | | | | | Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 877a913c197aee3feca9f1cd93268035fb52706c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mpd: Fix build with icu 76+Khem Raj2025-01-162-0/+53
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 81a0d778f33fd5716c1c1eb19ffada4b94e1df31) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gimp: fix gimptool buildpaths errorsYoann Congal2025-01-162-0/+106
| | | | | | | | | | | | | gimptool is used in GIMP plugin compilation. It does need a CC definition, provide it as the current CC with "--sysroot=..." removed. gimptool also need the gimp .pc file which is in gimp-dev. Split gimptool in its own package to avoid circular dependencies. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 061f5c7f82b905f3a75183852b3a8fbff7e50e17) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ghex,gnome-chess,gnome-photos: Add missing dep on itstool-nativeKhem Raj2025-01-163-1/+3
| | | | | | | | Fixes build issues in these recipe in meta-gnome Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit af6858aa3729a81780f2ec113c095f7f0c87c226) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* eog: add itstool-native dependencyMarkus Volk2025-01-161-0/+1
| | | | | | | | | | | | | fixes: | ../eog-47.0/help/meson.build:45:6: ERROR: Program 'itstool' not found or not executable | | A full log can be found at /home/flk/poky/build/tmp/work/corei7-64-poky-linux/eog/47.0/build/meson-logs/meson-log.txt | ERROR: meson failed Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit b523303f785c459e2f9232af45504863564ad7b9) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* geary: add itstool-native dependencyMarkus Volk2025-01-161-0/+1
| | | | | | | | | | | | | fixes: | Configuring org.gnome.Geary.service using configuration | Program itstool found: NO | | ../git/help/meson.build:21:6: ERROR: Program 'itstool' not found or not executable Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 34962ffbbef0a7b8af82121655ec78a4b7c7e055) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: upgrade 4.2.8 -> 4.2.9Peter Marko2025-01-161-1/+1
| | | | | | | | | | | | | Solves CVE-2024-9781 Release notes: https://www.wireshark.org/docs/relnotes/wireshark-4.2.7.html https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 2d3988f7b611f0ccf0ea4dff8fb7bd15b4dc8860) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: upgrade 8.2.20 -> 8.2.26Peter Marko2025-01-168-11/+12
| | | | | | | | | | | | | | | | | | Solves dozens of vulnerabilities. See https://php.watch/versions/8.2/releases/8.2.21 https://php.watch/versions/8.2/releases/8.2.22 https://php.watch/versions/8.2/releases/8.2.23 https://php.watch/versions/8.2/releases/8.2.24 https://php.watch/versions/8.2/releases/8.2.25 https://php.watch/versions/8.2/releases/8.2.26 Removes CVE-2024-11233, CVE-2024-11234 and CVE-2024-11236 from current cve metrics. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit eea7188a24eed79113ea363b9343c0579937ff77) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: upgrade 16.4 -> 16.5Yogita Urade2025-01-162-4/+4
| | | | | | | | | | | | | | | | Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978 and CVE-2024-10979 Changelog: https://www.postgresql.org/docs/release/16.5/ 0003-configure.ac-bypass-autoconf-2.69-version-check.patch Refreshed for 16.5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 54bbf1a630d9d4bf70afa4b184ac790b51d09d65) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* emlog: set CVE_PRODUCTPeter Marko2025-01-161-0/+2
| | | | | | | | | | This will remove false-positive CVE-2024-50655 from reports. There are different emlog components from other vendors around. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d8d45d909315f5c784234261bb3e97d2e1f0a102) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* memcached: ignore disputed CVE-2022-26635Peter Marko2025-01-161-0/+2
| | | | | | | | | | | | | | | | Per [1] this is a problem of applications using memcached inproperly. This should not be a CVE against php-memcached, but for whatever software the issue was actually found in. php-memcached and libmemcached provide a VERIFY_KEY flag if they're too lazy to filter untrusted user input. [1] https://github.com/php-memcached-dev/php-memcached/issues/519 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 889ccce6848276fa68b3736b345552a533bc6bd2) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: ignore disputed CVE CVE-2007-0086Peter Marko2025-01-161-0/+1
| | | | | | | | | | | | | | | | | | This CVE is officially disputed by Redhat with official statement in https://nvd.nist.gov/vuln/detail/CVE-2007-0086 Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit da2b5e8b93c248363581b1bd4ff67ff1d8357c41) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spice-gtk: mark CVE-2012-4425 as fixedPeter Marko2025-01-161-0/+2
| | | | | | | | | | | | It is fixed by [1] since 0.15.3. NVD tracks this CVE as version-less. [1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7e17f8cec02d20813fb8368ccc1c5ae27b291383) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: ignore CVE-2022-0543Peter Marko2025-01-161-0/+1
| | | | | | | | | | This is Debian-specific CVE. NVD tracks this CVE as version-less. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 87a1bcc14985dcb00081f7434697ff7576c8302f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* monkey: ignore CVE-2013-1771Peter Marko2025-01-161-0/+1
| | | | | | | | | | This is gentoo specific CVE. NVD tracks this as version-less CVE. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 36a7e409d8dcee804f911174291a0c72b8037934) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gattlib: mark CVE-2019-6498 as fixedPeter Marko2025-01-161-0/+2
| | | | | | | | | | | | | | | | Our hash does not point to exact tag and CVE patch is already in. We use: 33a8a275928b186381bb0aea0f9778e330e57ec3 Fix: https://github.com/labapart/gattlib/commit/60b813a770e42fdb0e85c1d2da7a55327784b8d6 git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6 v0.2-262-g33a8a27 v0.2-85-g60b813a Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e5a12d52522f10026570a5c48d6662a5359c4887) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spice: ignore CVE-2016-0749Peter Marko2025-01-161-0/+1
| | | | | | | | | | | | | NVD tracks this as version-less CVE for spice. It was fixed by [1] and [2] included in 0.13.2. [1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e [2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 073e8452748132a93103e5db32dc9980c84d201c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: remove old version references from CVEsPeter Marko2025-01-161-7/+7
| | | | | | | | | | These were not updated on recipe upgrade. To make maintenance easier, remove exact versions. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 0e7733f1b8f51949ec91d82267d5d864ac0be16a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apache2: ignore CVE-1999-0678 and CVE-1999-1412Peter Marko2025-01-161-0/+2
| | | | | | | | | These CVEs are specific to Debian and MAC OS X respectively. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1b86a60f6283b08acadc50914075d93dd362700b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nginx: Upgrade mainline release version 1.27.1 -> 1.27.3Derek Straka2025-01-161-2/+2
| | | | | | | | | License-Update: License file negative and empty space changes Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 1f4b413ebe623810007d430a73cc6f8a26c8f578) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ace: ignore CVE-2009-1147Peter Marko2025-01-161-0/+2
| | | | | | | | | This CVE is for vmware ace. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9bd6efd135efcc2e50837a8e70298ddef9e2f432) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bridge-utils: add CVE_PRODUCTBenjamin Bouvier2025-01-161-0/+2
| | | | | | | | | | Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure CVE filtering and not be disturb by futur potential false-positive CVEs. Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit d03002f19cc56a7386db5a88217c59ea71fded05) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dash: set CVE_PRODUCTPeter Marko2025-01-161-0/+2
| | | | | | | | | | | | | | | | | This removes false positive CVE-2024-21485 from cve reports. $ sqlite3 nvdcve_2-2.db sqlite> select * from products where product = 'dash'; CVE-2009-0854|dash|dash|0.5.4|=|| CVE-2024-21485|plotly|dash|||2.13.0|< CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|< Our dash:dash did not reach major version 1 yet. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e1427013e01df44b9275908f7605e8e25fc3fd83) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ntfs-3g-ntfsprogs: fix CVE-2023-52890Hongxu Jia2025-01-162-0/+43
| | | | | | | | | | | Backport fix from upstream https://github.com/tuxera/ntfs-3g/commit/75dcdc2cf37478fad6c0e3427403d198b554951d Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c452799c4df849b3e573e9e4cb937ca7a474ec30) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* wireshark: use inherit_defer for conditional casesGhislain Mangé2025-01-161-1/+1
| | | | | | | | | | | | | Conditionnal inherit may be missed when PACKAGECONFIG qt5 is activated after this inherit, eg in .bbappend. see patch [0] [0]: https://lists.openembedded.org/g/bitbake-devel/message/16815 Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 97318e27ebf9f528acf77fb0759c332bd83adb4b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* proftpd: set status of CVE-2001-0027Peter Marko2025-01-161-0/+2
| | | | | | | | | | | | | | | | | | | | | This ancient CVE [1] is unversioned ("*") in NVD DB. "mod_sqlpw module in ProFTPD does not reset a cached password..." Looking at history and changelog, the module was removed [2] around the time when this CVE was published, likely as reaction to this CVE. "mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the distribution. They are currently unmaintained and have numerous bugs." Note: It was later re-introduced as mod_sql when it got fixed under new maintainer. [1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027 [2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 03a1b56bc7ce88a3b0ad6790606b0498899cc1e3) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Ensure compatibility with ARMv9 by updating .arch directiveRuiqiang Hao2025-01-162-0/+45
| | | | | | | | | | | | | | | | | | | The pmem_cvap() function currently uses the '.arch armv8.2-a' directive for the 'dc cvap' instruction. This will cause build errors below when compiling for ARMv9 systems. Update the '.arch' directive to 'armv9.4-a' to ensure compatibility with ARMv9 architectures. {standard input}: Assembler messages: {standard input}:169: Error: selected processor does not support `retaa' {standard input}:286: Error: selected processor does not support `retaa' make[2]: *** [storage/innobase/CMakeFiles/innobase_embedded.dir/build.make: 1644: storage/innobase/CMakeFiles/innobase_embedded.dir/sync/cache.cc.o] Error 1 Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit aa667cbe219d207412fb5d89182887759fd63bc7) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: Fix build with clang-20/trunkKhem Raj2025-01-162-0/+27
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5de95a5b7af6da3784498398181d156b948f049f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* abseil-cpp: Do not leak -Wnon-virtual-dtor into the .pc filesPeter Kjellerstedt2025-01-162-0/+31
| | | | | | | | | | | The -Wnon-virtual-dtor flag was unintentionally added to the .pc files, which causes problems when abseil is used by C code: cc1: error: command-line option '-Wnon-virtual-dtor' is valid for C++/ObjC++ but not for C [-Werror] Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lvm2: Remove the lvm2-udevrules packageFredrik Hugosson2024-11-251-5/+11
| | | | | | | | | | | | | | | | | | | | Add the specific udev rules needed for device mapper notifications to the libdevmapper package. This is needed to get notifications for device mapping to work with systemd. Move the remaining udev rules files to the lvm2 package as there is no real reason to have them packaged separately. List all udev files explicitly in the FILES variables so that someone will have to make an active decision where to package any new udev files added in the future. Co-authored-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Fredrik Hugosson <fredrik.hugosson@axis.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-alembic: upgrade 1.13.2 -> 1.13.3Wang Mingyu2024-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - Render if_exists and if_not_exists parameters in CreateTableOp, CreateIndexOp, DropTableOp and DropIndexOp in an autogenerate context. - Enhance version_locations parsing to handle paths containing newlines. - Added support for Operations.create_table.if_not_exists and Operations.drop_table.if_exists, adding similar functionality to render IF [NOT] EXISTS for table operations in a similar way as with indexes. - The pin for setuptools<69.3 in pyproject.toml has been removed. MJ: https://git.openembedded.org/meta-openembedded/commit/?h=styhead&id=4441545a5dc75120bb4e839d71c6f8fc500e917f was backported into styhead causing: | ERROR Missing dependencies: | setuptools<69.3,>=61.0 | WARNING: exit code 1 from a shell command. this upgrade resolves this issue (see last item in changelog) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pdm-build-locked: Add recipeKhem Raj2024-11-251-0/+13
| | | | | | | | | | | | | | | | | * backporting new recipes is against stable policy, but https://git.openembedded.org/meta-openembedded/commit/?h=styhead&id=cb58461c8f9067247d630ec385851ed9c3889f79 was backported and added this dependency, so now styhead is failing with: ERROR: Nothing PROVIDES 'python3-pdm-build-locked-native' (but meta-oe/meta-python/recipes-devtools/python/python3-pdm_2.19.1.bb DEPENDS on or otherwise requires it). Close matches: python3-build-native python3-filelock-native python3-pdm-backend-native Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>