Contains fix for CVE-2025-61962.
License-Update: added a warning about linking against the newly relicensed WolfSSL.
Changelog: https://gitlab.com/fetchmail/fetchmail/-/blob/6.6.2/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The recipe had already an almost working ptest config which
wasn't enabled, it just needed some small fixes to make it work:
correct the output of the run-ptest script, and install some
extra testdata.
Execution is quick, single digit seconds:
root@qemux86-64:/usr/lib/unbound/ptest/tests# ptest-runner
START: ptest-runner
2025-12-16T11:53
BEGIN: /usr/lib/unbound/ptest
Start of unbound 1.24.2 unit test.
test authzone functions
test negative cache functions
test ub_random functions
[...many lines...]
PASS: ./testdata/val_unsecds_negcache.rpl
PASS: ./testdata/val_unsecds_qtypeds.rpl
PASS: ./testdata/val_wild_pos.rpl
PASS: ./testdata/version_bind.rpl
PASS: ./testdata/version_bind_hide.rpl
PASS: ./testdata/views.rpl
DURATION: 4
END: /usr/lib/unbound/ptest
2025-12-16T11:53
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518
The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Windows/interactive service: fix erroneous exit on error that could
be used by a local Windows users to achieve a local denial-of-service
(CVE-2025-13751)
- Windows/interactive service: improve service pipe robustness against
file access races (uuid) and access by unauthorized processes (ACL).
upgrade bundled build instruction (vcpkg and patch) for pkcs11-helper
to 1.31, fixing a parser bug
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...
The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Handles CVE-2025-11677, CVE-2025-11678, CVE-2025-11679 and
CVE-2025-11680.
* drop patches included in this release
* update license
* add packageconfig for examples as those don't build
License-Update: added new license, see:
https://libwebsockets.org/git/libwebsockets/commit?id=e3dca87f23e8f783e1008b54829b39f9d7b083df
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ends up in the native/nativesdk depchains especially when
building on arm64 build hosts.
Fixes errors e.g.
WARNING: Nothing RPROVIDES 'nativesdk-libopus-dev' (but virtual:nativesdk:/srv/build/yoe/sources/meta-openembedded/meta-oe/recipes-multimedia/libopus/libopus_1.5.2.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'nativesdk-libopus-dev'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes for 1.5.2 'Sonic':
--------------------------
1.5.2 is a minor release of dav1d, focused on maintenance:
- minor speed improvement in recon
- improvements on loongarch symboles visibility and asm
- mark C globals with small code model
- reduce the code size of the frame header parsing (OBU)
- minor fixes on tools and CI
- fix compilation with nasm 3.00
Copyright year has been changed:
04faac6900
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop memory leak patch which has already been included in this new version.
The new version also includes a fix for CVE 2025-62408.
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
352
Shown a warning if the last shutdown/reboot was unclean
Bug fixes and translation updates
351
Firewall ports can be deleted individually
350
networking: fix renaming of bridges and other groups (RHEL-117883)
bridge: fix OpenSSH_10.2p1 host key detection
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit 1175d5c8c1.
Since this recipe inherits bash-completion, adding
${datadir}/bash-completion to FILES:${PN} should not be needed (in
addition to being the wrong thing to do as the files are expected to be
packaged in the ${PN}-bash-completion package). The reason the problem
addressed in commit 1175d5c8c1 turned up
is due to the recent change to the bash-completion bbclass, where it
started to use PACKAGE_BEFORE_PN. This clashed with the lib_package
bbclass, which used to set rather than add to PACKAGE_BEFORE_PN, and
since it is inherited after bash-completion, it overrid what
bash-completion does.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are two different types of tags in glslang git repo. One is the
release tag of the project itself: 15.2.0, 14.3.0, etc. The other tag is
for Vulkan SDK: vulkan-sdk-1.4.309, vulkan-sdk-1.4.304.1, etc.
The vulkan sdk tag is used for glslang in openembedded-core because it
needs to update in locksetup with vulkan, which leads to a mismatch
between the runtime version and the build version. Set CHECK_VERSION_PV
for it to skip the version check.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade Vulkan CTS to the point release, fixing several tests. While we
are at it, refresh Vulkan-Video-Samples patches.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This helps tests not hitting timeout (120s default)
especially testmesg_stress test can timeout on slower machines
e.g. fully emulated ( non-kvm ) qemu machines e.g.
qemuarm64 on x86_64 machine.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When OpenCV is being built with the "fastcv" packageconfig, several
OpenCV libs are linked against the libfastcv.a. At runtime this lib will
dlopen(libfastcvopt.so.1), providing a fallback to slow algorithms, etc.
However as it is dlopen() rather than dynamic linking, there is no
runtime dependency.
In Yocto, if we enable a feature, we expect that all runtime
dependencies are pulled in. Utilize the qcom-fastcv-binaries recipe
provided by the meta-qcom layer and pull in libfastcvopt1 package as
required.
Cc: Pulkit Singh Tak <ptak@qti.qualcomm.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
