CVE-2022-3734 only affects Windows.
CVE-2022-0543 affects only packages that were packaged for Debian and
Debian-derivative distros.
Neither of these issues is present in upstream Redis.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The fix has been backported by upstream, and it is included in the used
version: d0eeee6e31
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The fix has been backported to both redis versions by upstream, and
both versions contain it already.
For 6.2.20 [1] contains the backported fix.
For 7.2.11 [2] contains the backported fix.
[1]: 5e93f9cb9d
[2]: 42fb340ce4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
6.2.19:
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
6.2.20:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove obsolete CVE_STATUS variable: CVE-2016-4983 is marked for v2.3.
Drop 0001-not-check-pandoc.patch because it became obsolete, pandoc is
not used anymore.
Drop 1ccd5b54a408d12fce0c94ab0bbaedbb5ef69830.patch, because it is
included in this release.
Add a backported patch to fix compiling with musl.
Changelog:
2.4: https://github.com/dovecot/core/releases/tag/2.4.0
2.4.1: https://github.com/dovecot/core/releases/tag/2.4.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade includes fixes for the following vulnerabilities:
CVE-2025-31176
CVE-2025-31178
CVE-2025-31179
CVE-2025-31180
CVE-2025-31181
This release supports qt4, qt5 and qt6 (the last one is new in this release).
There are 2 qt PACKAGECONFIGs now: qt5 and qt6 - they are mutually exclusive.
Since it is being touched, also fix lua PACKAGECONFIG, which requires lua-native
at build time.
Changelog:
http://gnuplot.info/ReleaseNotes_6_0_3.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade contains fixes for CVE-2025-48174 and CVE-2025-48175.
Changelog: https://github.com/AOMediaCodec/libavif/blob/v1.3.0/CHANGELOG.md
Libyuv support is currently disabled, because its dependency (libyuv) is not provided
by neither oe-core nor meta-oe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upgrade contains fixes for the following vulenrabilities:
CVE-2025-8835, CVE-2025-8836, CVE-2025-8837
Changelog:
4.2.8:
Fixed a bug in the JPC decoder that could cause bad memory accesses
if the debug level is set sufficiently high.
4.2.7:
Added some missing range checking on several coding parameters in the
JPC encoder.
4.2.6:
Added a check for a missing color component in the jas_image_chclrspc
function.
Fixed a minor build problem related to the use of -Wstrict-prototypes
with Clang.
4.2.5:
Made a change to a configuration header file in order to avoid
undesirable compiler warnings when JasPer is used in C++ code
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs are for iperf3 - which is a similar application in its goals (and name),
but an independent project from this, and the projects are independent implementations
also, they share no common code.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release contains fixes for the following vulnerabilities:
CVE-2025-53014, CVE-2025-53015, CVE-2025-53019, CVE-2025-53101,
CVE-2025-55004, CVE-2025-55005, CVE-2025-55154, CVE-2025-55160,
CVE-2025-55212, CVE-2025-55298, CVE-2025-57803, CVE-2025-57807
Also remove jp2 PACKAGECONFIG: it was superseded by openjpeg
PACKAGECONFIG, which also provides jpeg 2000 support.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It's an optional dependency for pandas to provide ODS reader
and writer support. It complements spreadsheet support along
with python3-xlrd and python3-openpyxl, both of which are
part of meta-python already.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.25:
- Bump minimum Python version to 3.11
- Upgrade code to Python 3.11
- Move to pixi/uv/ruff
- Refactor compat to make it easier to test
- Implemented several pixi environment and tasks to simplify
development
- Add docs to the functions in pint.testing
- Fix round function returning float instead of int
- Fix return type of PlainQuantity.to
- Update constants to CODATA 2022 recommended values
- Fixed issue with .to_compact and Magnitudes with uncertainties
/ Quantities with units
- Fixed issue in unit conversion which led to loss of precision
when using decimal
- Add conductivity dimension
- Add absorbance unit and dimension
- Add membrane filtration flux and permeability dimensionality,
and shorthand "LMH"
- Fix find_shortest_path to use breadth first search
- Fix typo in pyproject.toml: rename AS_MIP to HAS_MIP so that
MIP support is correctly detected
- Fix handling of extra arguments in conversion with enabled
contexts
- Fix swapped left and right arguments in interp
- Fix formatted scientific notation bug in Python 3.13
- Fix ability to add dB units, and to add dB (dimensionless) to
referenced dB units, such as dBm or dBW
- Improve pressure unit definitions in default definition file
- Avoid and document known issues with MIP during install, testing
and runtime
- Fix issue with Dask by restricting its version to < 2025.3.0
- Skip false xfail tests linked to a known numpy issue
- Improve Contributing documentation
- Add Quantity.to_unprefixed` and `ito_unprefixed methods that
remove SI prefixes without converting to base units
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.3.92:
- Implement servo.inertia_feedforward for calculating a feedforward
term based on the control acceleration
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.8.0:
- Drop tomli in pyproject.toml
- Add scene status (active + last_recall) fields
- Update various models
- Add a few missing models to complete MotionAware
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.21.0:
- The reusable-cibuildwheel.yml workflow has been refactored to be
more generic and ci-cd.yml now holds all the configuration toggles
- When building wheels, the source distribution is now passed
directly to the cibuildwheel invocation
- Added CI for Python 3.14
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe to build a small OpenCL benchmark program to measure peak
GPU/CPU performance.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade includes fixes for CVE-2025-26623, CVE-2025-54080
and CVE-2025-55304.
Changelog:
https://github.com/Exiv2/exiv2/blob/v0.28.7/doc/ChangeLog
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vulnerability only affects MacOS: https://nvd.nist.gov/vuln/detail/CVE-2025-8672
While touching it, also remove an outdated CVE_STATUS, which has been reported against
a very old version of the application.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added a new patch to avoid unexporting some environment variables that are set
by the recipe explicitly, to avoid the following build error:
| Loading env...
| 'bootstrap-emacs' -batch --no-site-file --no-site-lisp -batch -l ja-dic-cnv \
| -f batch-skkdic-convert -dir "../../sources/emacs-29.2/leim/../lisp/leim/ja-dic" --no-reduction "../../sources/emacs-29.2/leim/SKK-DIC/SKK-JISYO.L"
<...>
| Error: <RECIP_SYSROOT_NATIVE>/usr/share/emacs/29.2/etc/charsets: No such file or directory
Changelogs:
29.2 - 29.4: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.29
30.1 - 30.2: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.30
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This update contains a fix for CVE-2025-55763.
License-Update: copyright year bump to 2025.
Shortlog since last update:
5864b55a94...b6ef58f4c4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the recipes listed in OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES has
supported reproducibility, update OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES
to latest
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The type of new_value is either `npy_timedelta' or `int64_t'
In build/pandas/_libs/tslibs/timedeltas.cpython-313-x86_64-linux-gnu.so.p/pandas/_libs/tslibs/timedeltas.pyx.c
..
npy_timedelta __pyx_v_new_value;
...
In build/pandas/_libs/tslibs/timedeltas.cpython-313-x86_64-linux-gnu.so.p/pandas/_libs/tslibs/timedeltas.pyx.c
...
__pyx_t_5numpy_int64_t __pyx_v_new_value;
...
Explicitly define it as int64_t to assure the generated source is
reproducibility between builds
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
