summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
* poco: patch CVE-2025-6375scarthgap-nextPeter Marko2025-08-022-0/+35
| | | | | | | | | Pick commit mentioned in [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6375 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poco: ignore additional failing testsPeter Marko2025-08-021-3/+18
| | | | | | | These tests are failing and thus preventing verification of new patches. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* minifi-cpp: patch spdlog CVE-2025-6140Peter Marko2025-08-022-0/+36
| | | | | | | Same patch as in spdlog recipe. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spdlog: patch CVE-2025-6140Peter Marko2025-08-022-1/+38
| | | | | | | | | | | Pick commit [1] mentioned in [2] as listed in [3]. [1] https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094 [2] https://github.com/gabime/spdlog/issues/3360 [3] https://nvd.nist.gov/vuln/detail/CVE-2025-6140 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poppler: fix CVE-2025-52886Yogita Urade2025-08-023-0/+4385
| | | | | | | | | | | | | | | | | | | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-52886 https://security-tracker.debian.org/tracker/CVE-2025-52886 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: File conflicts for multilibGuocai He2025-08-021-2/+5
| | | | | | | | | | | File conflicts between attempted installs of mariadb and lib32-mariadb Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (master rev: ddd322323eba44542b6b631d455e3298c50c4535) Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kmsxx: Revert to using original name for kmstestSwamil Jain2025-08-021-7/+0
| | | | | | | | | | | | | | | | | Earlier both libdrm[1] and kmsxx[2] projects used to provide a binary program called kmstest. To avoid the clash, the kmsxx recipe was updated to rename this binary to kmsxxtest during installation. However libdrm project has now removed kmstest[3] and hence there is no clash in naming anymore, so revert back to original name of binary i.e. kmstest. [1]: https://gitlab.freedesktop.org/mesa/libdrm.git [2]: https://github.com/tomba/kmsxx [3]: https://gitlab.freedesktop.org/mesa/libdrm.git commit: 2b997bb4bb688be00620887c8646ff24ccb9396b Signed-off-by: Swamil Jain <s-jain1@ti.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* mariadb: upgrade 10.11.9 -> 10.11.12Yogita Urade2025-08-026-87/+16
| | | | | | | | | | | | | | | | | This upgrade includes fix for CVE-2023-52969, CVE-2023-52970 and CVE-2023-52971 Changelog: https://mariadb.com/kb/en/mariadb-10-11-12-changelog/ refresh 0001-Add-missing-includes-cstdint-and-cstdio.patch Droped mm_malloc.patch and ppc-remove-glibc-dep.patch (Commit ID: https://github.com/MariaDB/server/commit/dff354e7df2fa774ce4da77202a17e2cae99ac59) as these changes are available in 10.11.12 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libssh: fix CVE-2025-5351 & CVE-2025-5372Hitendra Prajapati2025-08-023-0/+190
| | | | | | | | * CVE-2025-5351 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256 * CVE-2025-5372 - Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* softhsm: correct the SRC_URIGuocai He2025-08-021-1/+1
| | | | | | | The old SRC_URI is not available. Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: fix CVE-2025-32023Hitendra Prajapati2025-08-022-0/+219
| | | | | | | Upstream-Status: Backport from https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* thrift: correct the SRC_URIGuocai He2025-08-021-1/+1
| | | | | | | The tarball of version 0.20.0 can not be found on old SRC_URI. Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libconfig: correct the SRC_URIGuocai He2025-07-101-1/+1
| | | | | | | The old SRC_URI is not available. Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* jq-1.7.1: Backport multiple CVE fixesRoland Kovacs2025-07-104-0/+360
| | | | | | | | | | | | CVE: CVE-2024-23337 CVE: CVE-2024-53427 CVE: CVE-2025-48060 Patches CVE-2024-23337.patch and CVE-2024-53427.patch are backported from jq-1.8.0, and CVE-2025-48060.patch is backported from jq-1.8.1. Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* udisks2: Hardening measure of CVE-2025-6019Changqing Li2025-07-062-0/+52
| | | | | | | | | | | | Refer [1], CVE-2025-6019 is strongly related to udisk daemon, and this is a hardening measure related to this. [1] https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt [2] https://security-tracker.debian.org/tracker/CVE-2025-6019 [3] https://ubuntu.com/blog/udisks-libblockdev-lpe-vulnerability-fixes-available Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libblockdev: fix CVE-2025-6019Changqing Li2025-07-062-0/+32
| | | | | | | | | | | | | | | | | | | | | | CVE-2025-6019: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. Refer: https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libssh: fix CVE-2025-5318Hitendra Prajapati2025-07-062-0/+32
| | | | | | | Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* protobuf: upgrade from 4.25.3 to 4.25.8Chen Qi2025-07-062-796/+1
| | | | | | | | | | | | 0001-Add-recursion-check-when-parsing-unknown-fields-in-J.patch is dropped because it has been in new version. This upgrade also fixes CVE-2025-4565. The fix commit is as below: d31100c91 Manually backport recursion limit enforcement to 25.x Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* imagemagick: guard sed operations in do_install for optional filesSana Kazi2025-06-231-6/+17
| | | | | | | | | | | | | When PACKAGECONFIG options like 'cxx' 'webp' and 'xml' are disabled, certain files such as Magick++-config.im7, configure.xml, or delegates.xml are not installed. Unconditionally running sed on these files results in errors during do_install Error: sed: can't read .../image/usr/bin/Magick++-config.im7: No such file or directory Signed-off-by: Nikhil R <nikhilr5@kpit.com> Signed-off-by: Sana Kazi <sanakazi720@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: upgrade 16.8 -> 16.9Yogita Urade2025-06-232-3/+3
| | | | | | | | | | | | | Includes fix for CVE-2025-4207 Release notes: https://www.postgresql.org/docs/release/16.9/ 0003-configure.ac-bypass-autoconf-2.69-version-check.patch Refreshed for 16.9 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* canutils: use https instead of git protocolBastian Krause2025-06-231-1/+1
| | | | | | | | The git server at git.pengutronix.de no longer supports the git protocol, so switch to https. Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libsocketcan: use https instead of git protocolBastian Krause2025-06-231-1/+1
| | | | | | | | The git server at git.pengutronix.de no longer supports the git protocol, so switch to https. Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* redis: upgrade 7.2.7 -> 7.2.8Vijay Anusuri2025-06-2310-1/+1
| | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/redis/redis/releases/tag/7.2.8 Update urgency: SECURITY: There are security fixes in the release. Security fixes ================== * (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers Bug fixes ================= * #12817, #12905 Fix race condition issues between the main thread and module threads * #13863 RANDOMKEY - infinite loop during client pause * #13877 ShardID inconsistency when both primary and replica support it Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lmsensors: Fix build without sensordLeonard Anderweit2025-06-231-2/+3
| | | | | | | | | | | | | | | | | | | When building with sensord disabled (PACKAGECONFIG = ""), do_install would fail because it tried to build sensord which was skiped in do_compile. Error log: make: *** No rule to make target 'rrd.h', needed by 'prog/sensord/rrd.rd'. Stop. Avoid building sensord in do_install by explicitly setting PROG_EXTRA. (master rev: fc88c96c4e40d9dbc6097c4679ac79ed55356730) Fixes: 86b20b84ec27 (lmsensors: Clean stale files for sensord to avoid incorrect GCC header dependencies) Signed-off-by: Leonard Anderweit <l.anderweit@phytec.de> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* can-utils: handle CAN_ERR_CNT correctlyJeroen Hofstee2025-05-212-0/+71
| | | | | | | | If CAN_ERR_CNT is set, the snprintf_can_error_frame() bails out, as it cannot decode CAN_ERR_CNT. Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* syslog-ng: fix CVE-2024-47619Yogita Urade2025-05-212-0/+293
| | | | | | | | | | | | | | | | | | | syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47619 Upstream patch: https://github.com/syslog-ng/syslog-ng/commit/12a0624e4c275f14cee9a6b4f36e714d2ced8544 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* iperf3: upgrade 3.16 -> 3.18Zhang Peng2025-05-212-34/+3
| | | | | | | | | | | | | | License-Update: Copyright year updated to 2024. Include security update: CVE-2024-26306 and CVE-2024-53580 drop backported patch: do-not-listen-to-old-udp-prot-listener.patch ChangeLog: https://github.com/esnet/iperf/releases/tag/3.18 https://github.com/esnet/iperf/releases/tag/3.17.1 https://github.com/esnet/iperf/releases/tag/3.17 Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poppler: fix CVE-2025-43903Yogita Urade2025-05-173-0/+126
| | | | | | | | | | | | | | | | | | | NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903-0001 is the dependent commit and CVE-2025-43903-0002 is the actual CVE fix. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-43903 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/33672ca1b6670f7378e24f6d475438f7f5d86b05 https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poppler: fix CVE-2025-32365Yogita Urade2025-05-172-0/+42
| | | | | | | | | | | | | | | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-32365 Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* poppler: fix CVE-2025-32364Yogita Urade2025-05-172-0/+29
| | | | | | | | | | | | | | | A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-32364 Upstream patch: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmodbus: ignore CVE-2023-26793 and CVE-2024-34244Peter Marko2025-05-171-0/+3
| | | | | | | | | See discussions in closed/rejected issues linked from NVD CVE reports: * CVE-2023-26793: https://github.com/stephane/libmodbus/issues/683#issuecomment-2615601890 * CVE-2024-34244: https://github.com/stephane/libmodbus/issues/743#issuecomment-2222214256 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* can-utils: fix printing / reading timestampsJeroen Hofstee2025-05-172-1/+425
| | | | | | | Backport a patch to correctly handle 64bit timestamps. Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nodejs: backport a patch to prevent brotli crashing nodejsJeroen Hofstee2025-05-172-0/+65
| | | | | | | | | | | Brotli can crash nodejs (on ARM), because the memory allocated for brotli wasn't properly aligned. https://github.com/google/brotli/issues/1159 https://github.com/nodejs/node/commit/dc035bbc9b310ff8067bc0dad22230978489c061 Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* iniparser: Fix CVE-2025-0633Soumya Sambu2025-04-262-0/+38
| | | | | | | | | | | | | | | Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory References: https://nvd.nist.gov/vuln/detail/CVE-2025-0633 https://ubuntu.com/security/CVE-2025-0633 Upstream patch: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lmsensors: Clean stale files for sensord to avoid incorrect GCC header ↵Haixiao Yan2025-04-161-1/+4
| | | | | | | | | | | | | | | | | | | | | | dependencies After upgrading GCC—for example, from 14.1.0 to 14.2.0—building lmsensors that was previously compiled with GCC 14.1.0 may fail with an error like: lmsensors/3.6.0/recipe-sysroot-native/usr/lib/x86_64-wrs-linux/gcc/x86_64-wrs-linux/ 14.1.0/include/stddef.h can't find, which is needed by 'prog/sensord/args.rd'. This occurs because prog/sensord/args.rd still references stale headers from the older GCC version. The root cause is that stale *.rd and *.ro files under prog/sensord are not properly cleaned during do_configure. This patch ensures those files are removed to prevent broken dependencies when GCC is upgraded. Also remove the same statement in do_compile. (master rev: 86b20b84ec278cacf4975b7933d46b894d74796e) Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* php: Upgrade 8.2.26 -> 8.2.28Soumya Sambu2025-04-161-1/+1
| | | | | | | | | | | Includes fix for - CVE-2025-1219, CVE-2025-1736, CVE-2025-1861, CVE-2025-1734 and CVE-2025-1217 Changelog: https://www.php.net/ChangeLog-8.php#8.2.28 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sharutils: Let POSIX_SHELL be overridable from environmentKhem Raj2025-04-162-0/+50
| | | | | | | | This helps fix WARNING: sharutils-4.15.2-r0 do_package_qa: QA Issue: File /usr/bin/shar in package sharutils contains reference to TMPDIR Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* gcab: fix buildpaths QA issueMartin Jansa2025-04-162-0/+38
| | | | | | Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* nana: Fix buildpaths warning.Wang Mingyu2025-04-161-0/+6
| | | | | | | | | | WARNING: nana-2.5+git-r0 do_package_qa: QA Issue: File /usr/bin/nana-c++lg in package nana contains reference to TMPDIR File /usr/bin/nana-clg in package nana contains reference to TMPDIR File /usr/bin/nana in package nana contains reference to TMPDIR [buildpaths] Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* lprng: Specify target paths for needed utilitiesKhem Raj2025-04-161-1/+3
| | | | | | | | | | | | | pr,openssl,chown,chgrp are guessed during configure and they are found on host, sometimes under native sysroot and some under HOSTTOOLS which is not right, therefore point to target locations of these tools Fixes all errors like below File /usr/sbin/lprng_certs in package lprng contains reference to TMPDIR Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* boinc-client: Fix contains reference to TMPDIR [buildpaths] warningalperak2025-04-161-0/+4
| | | | | | | | WARNING: boinc-client-7.20.5-r0 do_package_qa: QA Issue: File /usr/include/boinc/svn_version.h in package boinc-client-dev contains reference to TMPDIR [buildpaths] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* hplip: Fix contains reference to TMPDIR [buildpaths] warningalperak2025-04-161-1/+1
| | | | | | | | | | Make sure that the OE provided CFLAGS are passed to the compiler. WARNING: hplip-3.22.10-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/cupsext.so in package hplip contains reference to TMPDIR [buildpaths] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* perfetto: Fix contains reference to TMPDIR [buildpaths] warningalperak2025-04-161-2/+2
| | | | | | | | WARNING:perfetto-31.0-r0 do_package_qa: QA Issue: File /usr/bin/.debug/tracebox in package perfetto-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* ldns: Fix buildpaths QA issuesKhem Raj2025-04-161-1/+2
| | | | | | | | | | MJ: Backported from 'ldns: Upgrade to 1.8.4' commit without the upgrade. Fix buildpaths QA errors while here Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* botan: Make it reproducibleKhem Raj2025-04-161-4/+4
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* mongodb: update to 4.4.29Awais Belal2025-03-272-32/+3
| | | | | | | Move on to 4.4.29 and drop a patch that is not applicable anymore. Signed-off-by: Awais Belal <awais.belal@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krb5: fix CVE-2025-24528Divya Chellam2025-03-272-0/+69
| | | | | | | | | | | | | | | | In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash. Reference: https://security-tracker.debian.org/tracker/CVE-2025-24528 Upstream-patch: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* netplan: Fix CVE-2022-4968Jinfeng Wang2025-03-232-0/+453
| | | | | | | | | | | Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-4968 Upstream-patch: https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgpiod: fix gpiod-cxx-test failed test caseLibo Chen2025-03-232-0/+40
| | | | | | | | Patch from: https://web.git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/commit/?id=3e224d885b1de54fe5510b9c5e7296260a1a4507 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* postgresql: upgrade 16.5 -> 16.8Vijay Anusuri2025-03-232-3/+3
| | | | | | | | | | | | | | | License-Update: Update license year to 2025 Includes fix for CVE-2025-1094 Changelog: https://www.postgresql.org/docs/release/16.8/ Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch for 16.8 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-09-20 10:03:13 +0000