Changqing Li
b4284b3eb2
libsoup-2.4: fix CVE-2025-4476
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
(From OE-Core rev: 2be01469687f30f33b768164f66916b081cc8c62)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:58 -07:00
Changqing Li
09407f375d
libsoup-2.4: fix CVE-2025-4948
...
Refer:
http://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: d5af0295d26f8967dfe49a53ffa6f275e249d087)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:58 -07:00
Changqing Li
3aa44948cb
libsoup-2.4: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: 33bf900bcb563c5769b75e69059751f969a8771f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:58 -07:00
Changqing Li
6a19b931f0
libsoup-2.4: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
(From OE-Core rev: e6d9dd16d9b70cc8d3a9ca8b2fc542d547b456b9)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:57 -07:00
Hitendra Prajapati
467cc32439
libsoup-2.4: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27af
2025-06-25 08:11:57 -07:00
Changqing Li
16168960c4
libsoup: fix CVE-2025-4948
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
(From OE-Core rev: 95383d7d95631a4c3b385a073ce1deff744bf725)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:57 -07:00
Changqing Li
f9f25b4fd6
libsoup: fix CVE-2025-46421
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
(From OE-Core rev: 388453296c32759623ed35a8142c6af2df7f30b0)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:57 -07:00
Changqing Li
f9ae7a93d4
libsoup: fix CVE-2025-32051
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/401
(From OE-Core rev: 4af9a40f53a6a9607999f0f4b28d2ce1eaf325a2)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:57 -07:00
Changqing Li
3fc748ecd7
libsoup: fix CVE-2025-32907
...
Refer:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
(From OE-Core rev: e31c9f12193d040480eca6a4be6a9ec6675b19f8)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-25 08:11:57 -07:00
Hitendra Prajapati
64327d7000
libsoup: Fix CVE-2025-4969
...
Upstream-Status: Backport from 07b94e27af
2025-06-25 08:11:57 -07:00
Ashish Sharma
41197b0df6
libsoup: patch CVE-2025-4476
...
Upstream-Status: Backport [e64c221f9c
2025-06-25 08:11:57 -07:00
Guocai He
91d538d055
babeltrace/libatomic-ops: correct the SRC_URI
...
The old SRC_URIs are not available and need to update.
(From OE-Core rev: 94d24ff01573dc1d65078c92150dc252b3e9b145)
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-20 08:06:30 -07:00
Vijay Anusuri
bb706cfe48
libsoup: Fix CVE-2025-46420
...
Upstream-Status: Backport
[c9083869ec
2025-06-20 08:06:29 -07:00
Vijay Anusuri
cecdcf3428
libsoup: Fix CVE-2025-32053
...
Upstream-Status: Backport
[eaed42ca8d
2025-06-20 08:06:29 -07:00
Vijay Anusuri
dd4d1b28e3
libsoup-2.4: Fix CVE-2025-32053
...
Upstream-Status: Backport
[eaed42ca8d
2025-06-20 08:06:29 -07:00
Vijay Anusuri
c2489908d7
libsoup: Fix CVE-2025-32052
...
Upstream-Status: Backport
[f182429e5b
2025-06-20 08:06:29 -07:00
Vijay Anusuri
4976dc40af
libsoup-2.4: Fix CVE-2025-32052
...
Upstream-Status: Backport
[f182429e5b
2025-06-20 08:06:29 -07:00
Vijay Anusuri
8bce7467dc
libsoup: Fix CVE-2025-32050
...
Upstream-Status: Backport
[9bb0a55de5
2025-06-20 08:06:29 -07:00
Vijay Anusuri
ca51d99bf3
libsoup-2.4: Fix CVE-2025-32050
...
Upstream-Status: Backport
[9bb0a55de5
2025-06-20 08:06:29 -07:00
Vijay Anusuri
07f522869c
libsoup: Fix CVE-2025-2784
...
Upstream-Status: Backport
[242a10fbb1c415ad0b67https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
(From OE-Core rev: b51135e1f7eaa20c97e54f5c52b98963819127e9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-20 08:06:29 -07:00
Vijay Anusuri
f49fc9966d
libsoup-2.4: Fix CVE-2025-2784
...
Upstream-Status: Backport
[242a10fbb1c415ad0b67https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
(From OE-Core rev: 5cea727e87489b144cba9b2aa491d0c90f34f93d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-20 08:06:29 -07:00
Jiaying Song
179c5dc17f
taglib: fix CVE-2023-47466
...
TagLib before 2.0 allows a segmentation violation and application crash
during tag writing via a crafted WAV file in which an id3 chunk is the
only valid chunk.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-47466
Upstream patch:
dfa33bec08
2025-06-13 08:42:35 -07:00
Vijay Anusuri
9a368c7b92
libsoup-2.4: Backport auth tests for CVE-2025-32910
...
libsoup-2.74.2/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'?
Fix auth-test.c compilation failure caused by CVE-2025-32910 patch
Link: 9af7d0fc75
2025-06-13 08:42:34 -07:00
Hitendra Prajapati
e35c7960a7
icu: fix CVE-2025-5222
...
Upstream-Status: Backport from 2c667e31cf
2025-06-13 08:42:34 -07:00
Vijay Anusuri
ef632f4693
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit 5bfcf81575https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8996e178264cf6bf9b69365172f43a5ee8e9f727)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-28 08:46:32 -07:00
Vijay Anusuri
cbbea14280
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3d
2025-05-28 08:46:32 -07:00
Vijay Anusuri
d8278fd9f9
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66
2025-05-28 08:46:32 -07:00
Vijay Anusuri
21bb9c063b
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit e40df6d48a405a8a3459ea16eeacb0https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: b65e3d3a4dc2375d9bb81c7a91c84139cc667a47)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-28 08:46:32 -07:00
Ashish Sharma
0f58759f1b
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [c9083869ec
2025-05-28 08:46:32 -07:00
Vijay Anusuri
45c3cde26b
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[5bfcf81575
2025-05-16 08:58:06 -07:00
Vijay Anusuri
3f1cc96cb9
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3d
2025-05-16 08:58:06 -07:00
Vijay Anusuri
d8c4c5ea04
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66
2025-05-16 08:58:06 -07:00
Vijay Anusuri
fe91f67d38
libsoup: Fix CVE-2025-32910
...
Upstream-Status: Backport from
e40df6d48a405a8a3459ea16eeacb0
2025-05-16 08:58:06 -07:00
Vijay Anusuri
cc7f7f1c29
libsoup: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 491373828c1c66030fb41687f9a42b9e4deb010b)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-16 08:58:06 -07:00
Vijay Anusuri
dc621121b1
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39
2025-05-16 08:58:06 -07:00
Vijay Anusuri
14f293eecf
libsoup: update fix CVE-2024-52532
...
Upstream-Status: Backport from 4c9e75c667
2025-05-16 08:58:06 -07:00
Vijay Anusuri
e07ed2059c
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: ad1244ee75b4169eab21c2c8744b86342b32dd07)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-16 08:58:06 -07:00
Vijay Anusuri
6b27d84c2c
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39
2025-05-16 08:58:06 -07:00
Vijay Anusuri
02c2876c5e
libsoup-2.4: Update fix CVE-2024-52532
...
Upstream-Status: Backport from 4c9e75c667
2025-05-16 08:58:06 -07:00
Peter Marko
ade4d1829a
sqlite3: patch CVE-2025-29088
...
Pick commit [1] mentioned in [2].
[1] 56d2fd008bhttps://nvd.nist.gov/vuln/detail/CVE-2025-29088
(From OE-Core rev: 70d2d56f89d6f4589d65a0b4f0cbda20d2172167)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-02 08:12:41 -07:00
Yogita Urade
b5b884bc1a
curl: ignore CVE-2025-0725
...
CVE-2025-0725 can only trigger for curl when using a runtime
zlib version 1.2.0.3 or older and kirkstone supports
zlib 1.2.11 version, hence ignore cve for kirkstone.
Reference:
https://curl.se/docs/CVE-2025-0725.html
https://git.openembedded.org/openembedded-core/commit/?h=scarthgap&id=8c3b4a604b40260e7ca9575715dd8017e17d35c0
(From OE-Core rev: 9077246122b1284e8b6430384cccaf6f0b6c80c3)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-11 08:36:02 -07:00
Vijay Anusuri
e4721dd506
vim: Upgrade 9.1.1115 -> 9.1.1198
...
This includes CVE-fix for CVE-2025-27423 and CVE-2025-29768
Changes between 9.1.1115 -> 9.1.1198
====================================
https://github.com/vim/vim/compare/v9.1.1115...v9.1.1198
(From OE-Core rev: 0ace90f2918496ceae32aebea05bb826d1e3dad6)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8e540bd287fd56e3a714f81395b59dd508a6d957)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-01 09:02:41 -07:00
Vijay Anusuri
4df4248036
libxslt: Fix for CVE-2025-24855
...
Upstream-Commit: c7c7f1f78d
2025-03-27 08:16:30 -07:00
Vijay Anusuri
0490768a25
libxslt: Fix for CVE-2024-55549
...
Upstream-Commit: 46041b65f2
2025-03-27 08:16:30 -07:00
Divya Chellam
b210ed67de
vim: Upgrade 9.1.1043 -> 9.1.1115
...
This includes CVE-fix for CVE-2025-26603 and CVE-2025-1215
Changes between 9.1.1043 -> 9.1.1115
====================================
https://github.com/vim/vim/compare/v9.1.1043...v9.1.1115
(From OE-Core rev: acb88b244e89bc1300a24f60d0a44c21e0ab1af6)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-19 07:13:17 -07:00
Vijay Anusuri
3cd40cac2b
libtasn1: upgrade 4.19.0 -> 4.20.0
...
* Noteworthy changes in release 4.20.0 (2025-02-01) [stable]
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
OF elements
License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025
(From OE-Core rev: 0ff5d08053d92eeae5b2a23f8e0d7a280488723c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-13 08:50:03 -07:00
Jiaying Song
a84c9d6623
boost: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
WARNING: boost-native-1.86.0-r0 do_fetch: Checksum failure encountered with download of https://boostorg.jfrog.io/artifactory/main/release/1.86.0/source/boost_1_86_0.tar.bz2 - will attempt other sources if available
(From OE-Core rev: 3b4c5ce6b89477307f3a2c30c7e275473b0c9f00)
Signed-off-by: Jiaying Song <jsong-cn@ala-lpggp7.wrs.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
backport to kirkstone.
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-04 08:46:02 -08:00
Divya Chellam
3a36dce7e5
vim: Upgrade 9.1.0764 -> 9.1.1043
...
This includes CVE-fix for CVE-2025-22134 and CVE-2025-24014
Changes between 9.1.0764 -> 9.1.1043
====================================
https://github.com/vim/vim/compare/v9.1.0764...v9.1.1043
(From OE-Core rev: 73b5570a16708d1e749b1ec525299d10557cbf56)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-28 06:51:35 -08:00
Hitendra Prajapati
be7617de69
libcap: fix CVE-2025-1390
...
Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878
(From OE-Core rev: 142715b83fb2c5f4dfeeab2c6e7feccecd1ca46f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-28 06:51:35 -08:00
Archana Polampalli
0730523542
gnutls: fix CVE-2024-12243
...
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing.
Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate
data can take excessive time, leading to increased resource consumption.
This flaw allows a remote attacker to send a specially crafted certificate, causing
GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
(From OE-Core rev: 5fbe46de6d2e3862316cf486503f18e616c3c0a7)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-24 07:00:53 -08:00
