Age | Commit message (Collapse) | Author |
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
===========
* Fix parsing of ID3v2.2 frames.
* Tolerate MP4 files with unknown atom types as generated by Android tools.
* Support setting properties with arbitrary names in MP4 tags.
* Windows: Fix "-p" option in tagwriter example.
* Support building with older utfcpp versions.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
===========
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* Adjust shell script to allow Bash in other locations
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* ppc.h: use mftb on ppc
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Fix: urcu-wait: add missing futex.h include
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Revert "compiler.h: Introduce caa_unqual_scalar_typeof"
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
==========
* Allow HTTP/2 to be used with non-HTTP proxies
* Strictly forbid NUL bytes in headers
* Fix minor leaks
* Add 'SOUP_METHOD_PATCH'
* websocket: Add 'SoupWebsocketConnection:keepalive-pong-timeout' property
* Increase maxmimum size of HTTP headers
* Fix 'soup_uri_copy()' in Vala
* Fix leak in 'soup_message_new_from_encoded_form()'
* multipart: Improve handling of messages missing termination
* logger: Fix request filter function being called with response user data
* logger: Fix response bodies never being logged if request bodies aren't
* logger: Add Soup-Host to logged headers for when Host is missing
* cookies: Fix incorrect logic in determining same-site cookies
* cookie-jar-db: Explicitly handle old databases lacking same-site column
* cookies: Limit the Max-Age to 1 year
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
===========
- Don't crash when attempting to hashing symlinks with targets that point to
a directory.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refreshed patch 0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
Includes security fix
CVE-2023-49582
changelog:
https://downloads.apache.org/apr/CHANGES-APR-1.7
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This option was incorrectly removed in the recent upgrade. We don't use/need
the static library so disable the build of it to save time/disk usage.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The autobuilder was seeing an intermittent reproducbility issue in lz4 with
regard to symbol ordering in the static library. Add a patch to fix this which
has been submitted upstream.
Fix the SRC_URI whitespace and cleanup the patch directory naming whilst here.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes CVE-fix for CVE-2024-43790 and CVE-2024-43802
Changes between 9.1.0682 -> 9.1.0698
====================================
https://github.com/vim/vim/compare/v9.1.0682...v9.1.0698
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lz4 is a new required dependency.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop most EXTRA_OEMAKE settings as no longer necessary.
(makefiles use weak assignments and shell variables then
take precedence).
License-Update: clarification that it's gpl2-or-later.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is similar CVE as the previous ones from the same author.
https://github.com/yaml/libyaml/issues/303 explain why this is misuse
(or wrong use) of libyaml.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This CVE affects google cloud services that utilize libcurl wrongly.
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix compile failure with musl
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove mem-debug option [1]
[1] https://gitlab.gnome.org/GNOME/libxslt/-/commit/c65a7c05f98ea4e9fae1247510b45db9dd3ec907
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Rebase pkgconfig.patch
* No license change, just update copyright years:
2001-2023 -> 2001-2024
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a patch to disable a failing test that is proving difficult
to investigate.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
aea9f42 ptest_list_remove: Fix pointer adjustment of prev and next
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes CVE-fix for CVE-2024-41957, CVE-2024-41965 and CVE-2024-43374
Changes between 9.1.0114 -> 9.1.0682
====================================
https://github.com/vim/vim/compare/v9.1.0114...v9.1.0682
Note:
====
Removed patch "vim-add-knob-whether-elf.h-are-checked.patch" as libelf checks are removed from configure.ac as per
commit https://github.com/vim/vim/commit/1acc67ac4412aa9a75d1c58ebf93f2b29585a960
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
- fixes a crash when using Hspell to check Hebrew, when the
application passes characters that cannot be mapped to ISO-8859-8.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
=========
* Also catch RuntimeError when importing PyPDF so that PyPDF or,
crucially, its transitive dependencies do not cause diffoscope to traceback at
runtime and build time.
* Factor out a method for stripping ANSI escapes.
* Strip ANSI escapes from the output of Procyon.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refer [1], people.redhat.com has certificate issue, so update SRC_URI
to fix do_fetch warning
[1] https://github.com/stevegrubb/libcap-ng/issues/56
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This update contains minor features, bugfixes, and addresses several CVEs:
* https://curl.se/docs/CVE-2024-6197.html
* https://curl.se/docs/CVE-2024-6874.html
* https://curl.se/docs/CVE-2024-7264.html
Full relese notes available at https://curl.se/ch/8.9.1.html
Backport a patch to fix a SIGPIPE issue found shortly after release:
https://curl.se/mail/distros-2024-08/0002.html
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the same problem as already ignored CVE-2024-35328.
See laso this comment in addition:
https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
148de08220c0ad390ec533e452cbaad7a9338204 adapted the recipe to
accomodate the newly introduced configure options for the various
authentication schemes supported by curl. However, support for these was
not added for the -native and -nativesdk variants of the recipe.
Fix this and introduce a PACKAGECONFIG variable for the flags common to
all recipe variants to avoid such regressions in the future.
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Patch 'libassuan-add-pkgconfig-support.patch' had to be adjusted to
apply on top of 3.0.1. While doing so, the format was updated so that
it'll work more easily with git.
Changelog (git log --oneline libassuan-2.5.7..libassuan-3.0.1):
c9e9027 (tag: libassuan-3.0.1) Release 3.0.1
9e90c79 Post release updates
0351ecf (tag: libassuan-3.0.0) Release 3.0.0
1fe7aa3 Add release targets
6bef35b Update copyright notices
87f92fe Add new socket flags "linger" and "reuseaddr".
24f05d6 Spell fix in gpg-error.m4 from GnuPG.
577c1cd m4: Update gpg-error.m4.
db27c94 libassuan.m4: Fix setting/using GPG_ERROR_CONFIG.
ee9167c Always append the process identification to hello line.
d5e0aa3 Modify documentation for new release.
c1bbbe8 Fix the previous commit.
1c27538 m4: Include _AM_PATH_GPGRT_CONFIG definition.
6756482 tests: Cleanup mention of removed variable
a8c38df doc: Minor style fixes.
76816b1 build: Change the default for --with-libtool-modification.
d63bf50 build: Update libtool-patch.sed from libgpg-error.
9bb7a2a build: New configure option --with-libtool-modification.
ce35bd9 Add NEWS entries for 2.5.6 from libassuan 2.5 branch.
b975f9a Fix for v2 support: ASSUAN_REALLY_REQUIRE_V2_NPTH_SYSTEM_HOOKS
bb7aa0e New function: assuan_control.
9ce1b41 libassuan.m4: Allow use of libassuan 3 for API of version 2.
c6ae222 Update NEWS.
bf25d0e Add new pipe functions to control its server process.
c14409b socket: Don't call pre/post_syscall for bind.
dd7e0c5 build: Prepare release with API change.
c4687db Update NEWS.
782d5f8 Expose assuan_sock_accept function.
703b410 Add _assuan_pre_syscall / _assuan_post_syscall to _assuan_sock_*.
5de5774 Support larger greeting message.
413b294 Next release will be 3.0
049b800 Flush data before clearing the confidential flag.
2f0232b w32: Fix closing for non-socket HANDLE.
592f6bb w32: Fix hello_line parsing for fd passing.
c69578b w32: Always include process information in HELLO.
efccdb3 w32: Fix error return for sending fd.
8d83aea Allow use of global system hooks with API version 2.
af34d84 doc: Update documentation for the method spawn and waitpid.
316fae4 w32: File handle passing to server is now supported.
5d1cdaa Don't use ASSUAN_INVALID_PID for assuan_pid_t value.
6350f79 w32: Cleaner semantics for PID and Process handle.
f3b3ddf Fix comments.
18edc4f Fix wrong return type for functions.
6957813 tests: Use -no-fast-install LDFLAGS for Windows.
9ecbd8e Deprecate ASSUAN_SYSTEM_NPTH.
1eb66ef Allow NULL for system_hooks.
620acf6 Fix the previous commit.
223cc95 Fix calling gpgrt_get_syscall_clamp.
fb5d02d tests: Fix for POSIX machine.
7191c12 w32: Fix test header file for 64-bit Windows.
f2d829e w32: Fix pipeconnect test program for Windows.
295e334 w32: Minor fixes for ifdef/endif for W32 and W64.
17055e1 w32: Fix the semantics of sending FD, it's Windows HANDLE.
9110945 Implement timeout in assuan_sock_connect_byname.
3d8195e build: Update gpg-error.m4.
e4e54fb w32: Fix assuan_socket_connect.
a720b6c Fix make dist target
523e3cb w32: Fix confusion between process ID and process HANDLE.
05eb70c doc: Update the description about pkg-config.
ba84b78 w32: Have PROCESS_HANDLE in struct assuan_context_s.
7e6f3f0 tests: Use common code for Windows.
8962c1e tests: Add fdpassing-socket.sh script.
3297e45 w32: Support fd passing through socket.
a1f4804 w32: Support fd passing through pipe.
07adf41 Show the pid of listening process in the hello line.
870fdcf w32: Support sendfd/recvfd through pipe connection.
ce794a0 w32: Add SENDFD internal command.
27acee6 client: Only call _assuan_waitpid when it's not socket.
d769ec2 build: Prefer gpgrt-config when available.
62547ec w32: Fix make dist
6d5a2b1 Fix an explanation for socket on Windows.
0c22952 build: Update gpg-error.m4.
df6aec5 build: Remove WindowsCE support from mkheader.
6bc8a10 Silence compiler warnings.
e3b1e38 Drop WindowsCE support.
6da6a3d build: Update config.guess, config.sub, and config.rpath.
3156f29 build: Update gpg-error.m4.
5277f24 Fix the previous commit.
97516d6 Don't access NULL by wipememory.
2e310bb tests: Remove dead code
850f404 config: Remove 18 years unused variable
70b465e tests: Avoid leaking file descriptors on errors
2a5550b client: Handle inquiry from server with CONFIDENTIAL.
aafbde9 struct assuan_context_s: Move boolean fields to flags.
fd1ac5c client: Wipe the inbound buffer when CONFIDENTIAL.
89e8f26 server,client: Wipe the outbound buffer when CONFIDENTIAL.
d812e28 server: Wipe out the memory used by assuan_inquire if CONFIDENTIAL.
84ae2b1 Add assuan_sock_accept function.
c93eb90 w32: Store a flag if it's socket or not in Assuan CTX.
5b77d39 Fix API break.
9260fb1 build: Remove unused putc_unlocked.c.
0fae582 Take advantage of gpgrt_get_syscall_clamp function.
a43090e build: Fix listing m4 files.
28a40a2 w32: Fix assuan_socket_connect_fd to be usable.
a054a0a build: Better cross build support.
a8125eb Fix internal socket API to be consistent for SOCKET.
9de02ca build: When no gpg-error-config, not install libassuan-config.
eeda9ac Remove GNU Pth support.
564e0d9 w32: Fix definition of type to be generated into assuan.h.
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The install function already removes the executable bit on these tools
so that perl, python, awk and csh don't become dependencies. The INSANE_SKIP
therefore isn't needed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This will enable building the libAppStreamQt library. This is required
by the 'discover' application from the meta-kde layer.
Signed-off-by: Marc Ferland <marc.ferland@sonatest.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a bug libicu that causes libicu to be installed incorrectly when
the build system uses long paths (more than 512 chars).
This condition is not very difficult to trigger on a OE build system
due to the long paths an the deep of the directories that are usually
generated by default.
Also the bug is very subtle and won't be detected by the QA post-install
processes because what this bug causes is that a different version of
libicudata.so.X.Y (one without data) is installed instead of the one
containing the data, but there won't be any file missed on the installation
(just that it installed the wrong one).
See: https://unicode-org.atlassian.net/browse/ICU-22813
This patch backports the fix from upstream/main
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Set CVE_PRODUCT of libatomic-ops to match NVD entries.
Signed-off-by: Intaek Hwang <intaek.hwang@gehealthcare.com>
Signed-off-by: Maxin John <maxin.john@gehealthcare.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Set CVE_PRODUCT of mpfr as gnu_mpfr to match NVD entries.
Signed-off-by: Intaek Hwang <intaek.hwang@gehealthcare.com>
Signed-off-by: Maxin John <maxin.john@gehealthcare.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refresh patch for 1.0.3 release.
Signed-off-by: Marc Ferland <marc.ferland@sonatest.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refresh two patches to apply on top of 3.10.
11 of the ptests pass without the sc-valgrind.sh file, so make sure
that's copied to the image fo ptests.
Changelog: https://git.lysator.liu.se/nettle/nettle/-/blob/master/ChangeLog
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
git repo no longer has tags for recent versions which means
we had missed several of them, and wouldn't be able to get
notifications about any future releases.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the merged solution and drop the submited patch.
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
===========
- Update repology list
- Properly handle empty proxy ignore entry
- Add support for direct keyword in PAC
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use an existing defined CVE_CHECK_STATUSMAP key in
meta/lib/oe/cve_check.py in order to avoid following complaint from
BitBake:
WARNING: libyaml-native-0.2.5-r0 do_create_spdx: Invalid detail "wontfix" for CVE_STATUS[CVE-2024-35328] = "wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302", fallback to Unpatched
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This has not yet been disputed officially
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The gpgme-tool binary is licensed GPL-3.0-or-later. Split it out into
its own package that can be opted out of.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Provide references for how the SRCREV was arrived at for the 20240203
release.
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is open yet but seems to be disputed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Whilst bmaptool has a pyproject.toml that uses poetry, the setuptools
build path appears to be more complete. Upstream has moved to hatch and
removed setup.py entirely so the next release can drop this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|