summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
...
* libtinyxml: set CVE product to tinyxmlJörg Sommer2025-01-031-0/+1
| | | | | | | | | This library gets tracked with the product name tinyxml: https://nvd.nist.gov/products/cpe/detail/95BDA29F-257C-4C44-8847-25CFC107228D Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* grpc: upgrade 1.66.1 -> 1.68.0Divya Chellam2025-01-031-2/+2
| | | | | | | | | | | | This includes CVE-fix for CVE-2024-11407 Changelog: ================================== https://github.com/grpc/grpc/releases/tag/v1.68.0 https://github.com/grpc/grpc/compare/v1.66.1...v1.68.0 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* botan: update 3.5.0 -> 3.6.1Ayoub Zaki2025-01-031-3/+16
| | | | | | | * update to latest 3.6.1 Version * add packaging for botan binary and botan-test tool Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bmap-writer: update to latest git versionAyoub Zaki2025-01-021-2/+2
| | | | | | | | | | | | | | * switch to libarchive to handle a larger decompression schemes * implement own sha256 hashing and drop openssl dependency * compute maximum buffer size before writing each range * bmap file optional: if not provided, it will be searched in the same path as the input * print time/speed of the writing operation Signed-off-by: Khem Raj <raj.khem@gmail.com>
* yyjson: add new recipeBartosz Szostak2025-01-021-0/+33
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ctre: add new recipeBartosz Szostak2025-01-021-0/+22
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* jsoncons: add new recipeBartosz Szostak2025-01-021-0/+15
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libbpf: upgrade 1.4.6 -> 1.4.7Yi Zhao2025-01-011-2/+2
| | | | | | | | ChangLog: https://github.com/libbpf/libbpf/releases/tag/v1.4.7 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pahole: upgrade 1.27 -> 1.28Yi Zhao2025-01-011-1/+1
| | | | | | | | ChangeLog: https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tree/changes-v1.28 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tigervnc: upgrade 1.14.0 -> 1.14.1Yi Zhao2025-01-011-3/+3
| | | | | | | | | | ChangeLog: https://github.com/TigerVNC/tigervnc/releases/tag/v1.14.1 * Update xorg-server to 21.1.15 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* openldap: upgrade 2.6.8 -> 2.6.9Yi Zhao2025-01-012-47/+1
| | | | | | | | | | | ChangeLog: https://www.openldap.org/software/release/changes.html Drop 0001-fix-incompatible-pointer-type-error.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* mce-inject: update to latest git revYi Zhao2025-01-011-1/+1
| | | | | | | 7668d820 simulate a MCE event happened during TDX guest context Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* eject: fix do_fetch errorJiaying Song2025-01-011-1/+1
| | | | | | | | | Change the SRC_URI to the correct value due to the following error: WARNING: eject-2.1.5-r0.wr2401 do_fetch: Failed to fetch URL http://sources.openembedded.org/eject-2.1.5.tar.gz, attempting MIRRORS if available Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nss: upgrade 3.103 -> 3.107Yi Zhao2025-01-018-39/+58
| | | | | | | * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nspr: upgrade 4.35 -> 4.36Yi Zhao2025-01-018-86/+71
| | | | | | | | | * Refresh patches. * Drop 0001-Fix-Wincompatible-function-pointer-types.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* parallel: upgrade 20241122 -> 20241222Wang Mingyu2024-12-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libsdl2-image: upgrade 2.8.3 -> 2.8.4Wang Mingyu2024-12-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* flatbuffers: upgrade 24.3.25 -> 24.12.23Wang Mingyu2024-12-301-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* doxygen: upgrade 1.12.0 -> 1.13.0Wang Mingyu2024-12-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ctags: upgrade 6.1.20241222.0 -> 6.1.20241229.0Wang Mingyu2024-12-301-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* poppler: upgrade 24.11.0 -> 24.12.0Changqing Li2024-12-292-1/+129
| | | | | | | | | | | * Upgrade 24.11.0 -> 24.12.0 * Backport patch 0001-Don-t-update-pdfsig.pot-when-POT-Creation-date-is-th.patch to fix a parallel build issue, refer [1] [1] https://gitlab.freedesktop.org/poppler/poppler/-/issues/1550 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* pahole: update COMPATIBLE_HOST settingHongxu Jia2024-12-281-2/+1
| | | | | | | | | | | | | | | | | Due to pahole build depend on pahole, and libbpf added more architectures to COMPATIBLE_HOST [1], add the same COMPATIBLE_HOST setting to pahole $ echo "MACHINE = 'qemuloongarch64'" >> conf/local.conf $ bitbake world ERROR: Nothing PROVIDES 'libbpf' (but meta-openembedded/meta-oe/recipes-devtools/pahole/pahole_1.27.bb DEPENDS on or otherwise requires it) libbpf was skipped: incompatible with host loongarch64-wrs-linux (not in COMPATIBLE_HOST) ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'pahole', 'libbpf'] [1] https://git.openembedded.org/meta-openembedded/commit/?id=bb8049afe96db57707afc259743e288bec456117 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* malcontent: update 0.12.0 -> 0.13.0Markus Volk2024-12-272-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Overview of changes in malcontent 0.13.0 ======================================== * Bugs fixed: - #48 Parental controls app: show the launcher, or merge into Settings? (Philip Withnall) - !172 Update fa.po - !173 Update Czech translation - !176 malcontent-control: Update metainfo file - !177 Update Swedish translation - !179 docs: Add list of legal references for relevant countries’ laws - !180 po: Update Slovenian translation - !181 Update Polish translation 240909 - !182 Add Chinese translation - !183 application: Fix opening Settings - !184 malcontent-control: Call setlocale() earlier to fix early i18n - !185 restrict-applications-selector: Fix pending changes being lost on search - !186 libmalcontent-ui: Port to libadwaita 1.6 - !187 app-filter: Fix logic for allowlist filtering on GAppInfo * Translation updates: - Chinese (China) (lumingzh) - Czech (AsciiWolf) - Persian (Danial Behzadi) - Polish (Piotr Drąg) - Slovenian (Martin Srebotnjak) - Swedish (Anders Jonsson) Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audiofile: patch CVE-2017-6839Peter Marko2024-12-272-0/+127
| | | | | | | | Use patch from buildroot: https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audiofile: patch CVE-2017-6831Peter Marko2024-12-272-0/+47
| | | | | | | | Use patch from buildroot: https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audiofile: fix multiple CVEsPeter Marko2024-12-272-0/+80
| | | | | | | | | | CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838 Use patch from buildroot: https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audiofile: patch CVE-2017-6829Peter Marko2024-12-272-0/+44
| | | | | | | | Use patch from buildroot: https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audiofile: fix multiple CVEsPeter Marko2024-12-272-0/+46
| | | | | | | | | | CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837 Use patch from buildroot: https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* limwmf: upgrade 0.2.8.4 -> 0.2.13Peter Marko2024-12-274-127/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ git log --oneline | grep CVE f58c813 merge in fixes for libgd CVE-2019-6978 407a58b CVE-2017-6362 dabcb8c CVE-2016-10168 b691e47 CVE-2016-10167 16919b4 CVE-2016-9317 2208b48 CVE-2016-9011 f47cbdf CVE-2015-4696 b5ae5d1 CVE-2015-4695 879d6bf CVE-2015-0848+CVE-2015-4588 44f37ac CVE-2009-3546 7bd8ce0 CVE-2007-2756 cfc0916 CVE-2007-3477 5ec7547 CVE-2007-3473 fdd21b1 CVE-2007-3472 5588450 CVE-2007-0455 2c84480 CVE-2009-1364, Use-after-free vulnerability b9cc022 CVE-2006-3376 Integer overflow in player.c Adaptations: * removed patches included in new version. * extended buildpaths fix to pc file * changed paths from libdir/gtk-2 to libdir/gdk-pixbuf-2.0 Test - built imagemagick (only recipe in meta-openembedded depending on libwmf) with wmf PACKAGECONFIG. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libwmf; switched to unofficial forkPeter Marko2024-12-271-7/+5
| | | | | | | | | | | | | Debian has switched to this fork in Bookworm. If contains dozens of CVE fixes and other bugfixes. This should make the maintenance of this package easier. The sources are identical to those abandoned in 2002: Only in .../tmp/work/core2-64-poky-linux/libwmf/0.2.8.4/libwmf-0.2.8.4/: autom4te.cache Only in /tmp/caolanm/libwmf/: .git Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* imagemagick: mark CVE-2023-5341 as fixedPeter Marko2024-12-271-0/+1
| | | | | | | | | | | | | | | This CVE is fixed by https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 It is tracked as 'fixed in next version' - 7.1.2 (which does not exist) in NVD DB. .../tmp/work/core2-64-poky-linux/imagemagick/7.1.1-43/git$ git describe aa673b2e4defc7cad5bec16c4fc8324f71e531f1 --tags 7.1.1-18-4-gaa673b2e4d .../tmp/work/core2-64-poky-linux/imagemagick/7.1.1-43/git$ git tag --contains aa673b2e4defc7cad5bec16c4fc8324f71e531f1 | head -n1 7.1.1-19 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* imagemagick: upgrade 7.1.1-26 -> 7.1.1-43Peter Marko2024-12-271-1/+1
| | | | | | | This fixes at least CVE-2024-41817 (in 7.1.1-36). Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* imagemagick: refactor so devtool upgrade worksPeter Marko2024-12-271-2/+3
| | | | | | | | * move version part after dash to PV * set git tag regex Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* procmail: patch CVE-2017-16844.Peter Marko2024-12-272-0/+21
| | | | | | | | Take patch from Debian. https://sources.debian.org/data/main/p/procmail/3.22-26%2Bdeb10u1/debian/patches/30 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* procmail: patch CVE-2014-3618Peter Marko2024-12-272-1/+32
| | | | | | | | Take patch from Debian. https://sources.debian.org/data/main/p/procmail/3.22-20%2Bdeb7u1/debian/patches/CVE-2014-3618.patch Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* id3lib: mark CVE-2007-4460 as fixedPeter Marko2024-12-271-0/+2
| | | | | | | | | | | | | | This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in SRC_URI. Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2. This can be verified by checking the debian/changelog within this patch or diffing [1] and [2] and verifying that this can be reverse-applied. [1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz [2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* uw-imap: patch CVE-2018-19518Peter Marko2024-12-272-0/+25
| | | | | | | | Take patch from Debian from https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* synergy: patch CVE-2020-15117Peter Marko2024-12-242-0/+49
| | | | | | | | | | | | | Pick commit based on [1]. Note that the pick is node from deskflow, which is open-source successor of synergy. If anyone uses thie recipe, it should be switched. [1] https://github.com/deskflow/deskflow/security/advisories/GHSA-chfm-333q-gfpp Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libconfuse: patch CVE-2022-40320Peter Marko2024-12-242-0/+43
| | | | | | | | | | | Pick patch per [1] poiting to [2] pointing to [3]. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-40320 [2] https://github.com/libconfuse/libconfuse/issues/163 [3] https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* uftrace: upgrade 0.16 -> 0.17Wang Mingyu2024-12-241-1/+1
| | | | | | | | | | | | | | | | | Changelog: =========== * New features Support watchpoint for global variables Show man pages for the given command Add utc_offset in the header info * Bug fixes Show arguments in libraries from dlopen Save debug info for libraries from dlopen Protect FD of communication channel from being closed Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tk: upgrade 9.0.0 -> 9.0.1Wang Mingyu2024-12-241-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* thingsboard-gateway: upgrade 3.5.1 -> 3.5.3.1Wang Mingyu2024-12-241-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sip: upgrade 6.9.0 -> 6.9.1Wang Mingyu2024-12-241-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-drgn: upgrade 0.0.29 -> 0.0.30Wang Mingyu2024-12-241-1/+1
| | | | | | | | Changelog: https://github.com/osandov/drgn/releases/tag/v0.0.30 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ostree: upgrade 2024.9 -> 2024.10Wang Mingyu2024-12-241-1/+1
| | | | | | | | | | | | | | | | | Changelog: ========== - prepare-root: Add composefs.enabled=verity - README: Update buildstream URL to new github repo - composefs: Ensure buffer is suitably aligned for struct fsverity_digest - core: Always sort incoming xattrs - Fix ci - sign-ed25519: Fix error message of validate_length - rofiles-fuse: when fuse execution fails, rofiles-fuse still returns exit code 0 - libostree/deploy: enable composefs by default - man: Note semantics combining root.transient with composefs.enabled Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nvmetcli: upgrade 0.7 -> 0.8Wang Mingyu2024-12-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Changelog: ============= - fix common misspellings from codespell project - nvmetcli: set up the target only after the network is configured - nvmetcli: fixup ana groupid setting for namespaces - Documentation: fix typo - nvmetcli: add a tcp example json - nvmetcli: Correct xrange usage for py3 - nvmetcli: Allow different devices for make test - nvmetcli: Report save name correctly - test_nvmet.py: test_invalid_input fails for py3 - nvme.py: Make modprobe work for kmod lib too - nvme.py: Sync the containing directory - nvme.py: Explicit close is redundant - nvmetcli: Improve IOError handling on restore - README: Update URL for configshell-fb - nvmetcli: don't remove ANA Group 1 on clear Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nano: upgrade 8.2 -> 8.3Wang Mingyu2024-12-241-1/+1
| | | | | | | | | | Changelog: ============ - A build failure with gcc-15 is fixed. - Several translations were updated. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libsdl2-image: upgrade 2.8.2 -> 2.8.3Wang Mingyu2024-12-241-1/+1
| | | | | | | | Changelog: Fixed handling of grayscale images with alpha Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* ctags: upgrade 6.1.20241215.0 -> 6.1.20241222.0Wang Mingyu2024-12-241-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sassc: ignore CVE-2022-43357Peter Marko2024-12-201-0/+2
| | | | | | | | | | | | | | | | | | | This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] https://github.com/sass/libsass/issues/3177 [3] https://github.com/sass/libsass/pull/3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-10 12:28:13 +0000