License-Update: Re-scope secondary licenses [1]
Release information [2]:
This is release 1.80.0 (glimmering) of gRPC Core.
Core
* [ssl] Implement TLS private key signer in Python. (#41701)
* [TLS Credentials]: Private Key Offload Implementation. (#41606)
* Fix max sockaddr struct size on OpenBSD. (#40454)
* [core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#41432)
* [TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#41484)
* [Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#41324)
* [EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#41502)
* [RR and WRR] enable change to connect from a random index. (#41472)
* [xds] Implement gRFC A101. (#41051)
C++
* [C++] Add SNI override option to C++ channel credentials options API. (#41460)
[1] fb53717dfa
[2] https://github.com/grpc/grpc/releases/tag/v1.80.0
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Update comment to use correct recipe name
(librust-cxx instead of cxx).
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
oe-core just moved from pkgconfig to pkgconf, which has broken the
ptest buikd due to how fragile the compilation was.
This will be revisited to build the tests properly, but for now simply
disable the ptests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Added tag to SRC_URI.
Release information [1]:
1.9.7: Bugfixes, build system cleanups
What's Changed
* Fixes PreventInSourceBuilds.cmake to work with add_subdirectory by @morbo84 in #1383
* json_value.cpp bug in the edges of uint/int by @YaalLek in #1519
* Release 1.9.6 and move versions to 1.9.7 by @baylesj in #1566
* Fixed work secure_allocator on old compiers by @TsynkPavel in #1478
* Fix flag -DJSONCPP_USE_SECURE_MEMORY:BOOL=TRUE by @tfc in #1567
* fix(build): remove check_required_components for meson build by @chenrui333 in #1570
* the cgi module was removed from Python3.13 by @a-detiste in #1578
* Fix name of static library when targeting MinGW. by @mmuetzel in #1579
* Fix comparison warnings caused by 54fc4e2 by @JensMertelmeyer in #1575
* Drop pre-C++11 alternatives by @BillyDonahue in #1593
* feat: support std::string_view in Value API by @evalon32 in #1584
* Added Value::findType with String key by @SwintonStreet in #1574
* Set up for Bazel module builds. by @bcsgh in #1597
* Add a BUILD.bazel file for //example. by @bcsgh in #1602
* Fix "include what you use" issue by @victorvianna in #1625
* Make the build configuration under Bazel more correct. by @bcsgh in #1600
* Add Bazel tests by @bcsgh in #1601
* Return false in Reader::readValue when stack limit is exceeded by @xuhdev in #1619
* Remove deprecated/removed clang-tidy key AnalyzeTemporaryDtors (#1614) by @bmagistro in #1615
* [docs] Consuming JSONCpp via Conan package manager by @uilianries in #1622
* Cleanup README.md, fix broken link. by @baylesj in #1633
* Add gcovr.cfg to fix CI coverage merge errors by @baylesj in #1635
* Remove build directory exclusion from gcovr config by @baylesj in #1640
* Add test for allowDroppedNullPlaceholders by @baylesj in #1648
* Prevent test colision when running in parallel via RESOURCE_LOCK by @marty1885 in #1637
* fixup project version updater by @baylesj in #1649
* Update README with project status and focus by @baylesj in #1639
* Adding a cmake option to exclude the jsoncpp files from install. by @nv-jdeligiannis in #1596
* Change stack depth limit to 256 by @baylesj in #1657
* Fix uninitialized CMake variable in version.in by @baylesj in #1658
* Fix CMake deprecation warning for compatibility with CMake < 3.10 by @baylesj in #1659
* Scope JSON_DLL_BUILD to shared lib target only by @baylesj in #1660
* Fix number parsing failing under non-C locales by @baylesj in #1662
* Reject unescaped control characters in JSON strings by @baylesj in #1663
* Fix MSAN issue in #1626 by @baylesj in #1654
* Fix string_view ABI mismatch between library and consumers by @baylesj in #1661
* Revert "Fix number parsing failing under non-C locales" by @baylesj in #1664
* Fix use-after-free in Reader::parse(std::istream&) by @baylesj in #1665
* Update bazel config for 9.x by @keith in #1655
[1] https://github.com/open-source-parsers/jsoncpp/releases/tag/1.9.7
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The android-gadget-setup script currently hardcodes the USB vendor ID,
product ID, and configuration string. This makes it difficult for BSP
layers to customize USB gadget identity with platform specific values.
Introduce variables for the vendor ID, product ID, and configuration
string when populating the configfs attributes. This allows machine
or distro specific overrides via `/etc/android-gadget-setup.machine`,
while preserving the existing default values.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the current recipe I am getting
```
gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory
```
on my aarch64 machine
This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries
Instead of copying the binary just directly execute it
Additionally remove the unnecessary download of the prebuilt gn binary
Signed-off-by: Willi Ye <zye2@snap.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2026-32239 and CVE-2026-32240
Also, mark these CVEs explicitly patched, because NVD tracks them
without version info at this time.
Shortlog:
https://github.com/capnproto/capnproto/compare/v1.0.2...v1.4.0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a recipe for the cxx crate, which provides a safe and efficient
bridge for interoperability between Rust and C++ code. It allows
defining the FFI boundary in a shared Rust module and generates
compatible bindings for both languages during the build process.
The crate is implemented in Rust and supports zero-overhead FFI with
common Rust and C++ standard library types.
More information: https://crates.io/crates/cxx
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.5.4
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fixes CVE-2026-3102
Changelog:
13.52:
- Added a number of new XMP tags written by Adobe software
- Added UTF-16 support for a few different metadata types in which only UCS-2
was previously implemented
- Added a few more Canon FlashModel values and decode FlashModel for the
5DmkII
- Added a new Canon LensType
- Added some missing file attribute bits to two of the new LNK tags
- Decode internal serial number for the 5DmkII
- Decode another OwnerName for the 5DmkII
- Decode some timed GPS for a couple of new DJI drones
- Enable WindowsLongPath by default only if Win32::API is available
- Renamed the Pentax K3III AFInfo tag to AFInfoK3III
13.51:
- Added a new Nikon LensID
- Decode more tags from Windows LNK files
- Decode another LIGOGPSINFO variant
- Decode some new Canon tags
- Decode some new Nikon tags
- Split decoding on Nikon BurstGroupID into separate tags
- Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4
videos introduced in 13.45
- Fixed bug generating the default-language version of
QuickTime:LocationInformation
13.50:
- Added a few new Sony lenses
- Added a couple of new Canon lenses
- Decode another Samsung trailer tag
- Decode BlackLevels from some Canon CRW files
- Updated Sony maker note decoding for the ILCE-7M5
- Patched potential MacOS security issue
- Fixed -list options so reading image files beforehand doesn't add tags to
the output when running multiple commands using the -execute feature
13.49:
- Decode a couple of new Samsung trailer tags
- Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the
changes can be worked through in detail
- Fixed problem where Google Photos had problems displaying ExifTool-edited
HEIC MotionPhoto images. Files written by older versions of ExifTool may be
repaired by re-writing with 13.49 or later
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The NEON SIMD fast path in the bundled llhttp calls
__builtin_ctzll(match_mask) without checking if match_mask is zero.
When all 16 bytes in a NEON register are valid header value characters,
match_mask is 0. Calling __builtin_ctzll(0) is undefined behavior.
GCC at -O2 exploits this by optimizing "if (match_len != 16)" to
always-true, causing HTTP 400 Bad Request for any header value longer
than 16 characters on ARM targets with NEON enabled.
Fix by explicitly checking for match_mask == 0 and setting
match_len = 16. This bug affects both aarch64 and armv7 NEON targets.
The code this patch modifies is generated, so the patch itself isn't
suitable for upstream submission, as the root cause of the error is
in the generator itself. The fix has been merged upstream[1] in
llparse 7.3.1 and is included in llhttp 9.3.1. This patch can be
dropped when nodejs updates its bundled llhttp to >= 9.3.1.
[1]: https://github.com/nodejs/llparse/pull/83
Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Retain Error.pgconn when raising a single exception for multiple connection attempt errors
- Return a proper error when server sends ErrorResponse for a Sync after a Parse
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add also native class to support building the library for the host
system to use it e.g. with the newer dynamic SDK.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Improve as_date narrowing conversion from C4244 warning
- update trait dependencies to support CMake v4
- Fix linter error
- Update workflows for new GitHub Action Runner Images
- Support passing ssl library key handles to algorithms
- Update CMP0135 to new behaviour
- Fix error in CMake config-file package
- CMake: synchronize cmake_minimum_required from main CMakeLists.txt
- Reduce usage of std::time_t, std::chrono::system_clock::to_time_t and
system_clock::from_time_t in order to get correct dates when working with a
32bit application
- Fix set_expires_in not accepting non-default Period
- AppVeyor Warnings
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
According to the recipe style guide, SRCREV should be placed
below SRC_URI.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A native version of libtoml11 may be needed for recipes such
as dnf5 in the future. Add it now.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Checking for PTEST_ENABLED 1 is the preferred method for enabling
and disabling ptests for packages.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Using gitsm also allows for the revmoval of SRCREV_json and SRCREV_doctest.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change "Submitted" in 0001-Remove-whitespace-in-operator.patch to "Backport"
with the appropraite link to the relevant commit hash.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Shellcheck -oall warnings fixed:
- exit 1 if `cd tests` failes (SC2164)
- Double quote `./${atest}` to prevent globbing and word splitting. (SC2086)
- Check the test exit code directly intead of using $? (SC2181)
Other fixes:
- The shebang sould traditionally be /usr/bin/env sh in case
sh is not located in /bin.
- Do not remove tests.log for every test.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.5.3
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The llhttp vendored dependency of nodejs takes advantage of Arm NEON
instructions when they are available, however they are detected by
checking for an outdated CPU feature macro: it checks for __ARM_NEON__,
however it is not defined by new compilers for aarch64, rather they
set __ARM_NEON. The Arm C extension guide[1] refers to __ARM_NEON macro
aswell.
This patch changes the detection to check for both macros when detecting
the availability of NEON instructions.
The code this patch modifies is generated, so the patch itself isn't
suitable for upstream submission, as the root cause of the error is
in the generator itself. A PR has been submitted[2] to the generator
project to rectify this issue.
[1]: https://developer.arm.com/documentation/ihi0053/d/ - pdf, section 6.9
[2]: https://github.com/nodejs/llparse/pull/84
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The llhttp dependency of nodejs uses NEON intrinsics when they
are available, however some of these calls are incorrect: they
the call they use don't match the parameters passed, and so
the compilation fail (unless the error is suppressed):
| ../deps/llhttp/src/llhttp.c: In function 'llhttp__internal__run':
| ../deps/llhttp/src/llhttp.c:2645:9: note: use '-flax-vector-conversions' to permit conversions between vectors with differing element types or numbers of subparts
| 2645 | );
| | ^
| ../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16'
| 2643 | vcgeq_u8(input, vdupq_n_u8(' ')),
There is a patch upstream that fixes it (though it is not merged
yet). This patch is a port of that fix.
This allows us to remove the extra CFLAGS also from the recipe that
suppressed this error.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In case nghttp2 and/or libuv PACKAGECONFIGs are enabled, nodejs
will build some binaries for the build system also, linking to
native binaries and using headers from the native sysroot.
However in case the dependencies are missing from the native sysroot,
then it falls back to the build system's sysroot, and use the files
that it can find there. If the build system doesn't have nghttp2/libuv
installed, then compilation fails:
libuv:
../tools/executable_wrapper.h:5:10: fatal error: uv.h: No such file or directory
ngtthp2:
<...snip...>/build/tmp/hosttools/ld: cannot find -lnghttp2: No such file or directory
To avoid falling back to the build system's sysroot, add the missing
libuv-native and nghttp2-native dependencies.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch isn't intended to introduce new behavior, rather it
changes the order of some existing LDFLAGS to fix a workaround that
stopped working at some point in the past.
LDFLAGS:x86 contains libatomic, because linking with this library
is required for this platform.
However when gyp links, it invokes the following (pseudo-)command:
$LD $LDFLAGS $RESOURCES_TO_LINK $EXTRA_LIBS $EXTRA_LDFLAGS
The EXTRA* arguments are coming from the gyp config. Since
LDFLAGS appears very early in the command, libatomic also
appears early amongst the resources, and the linker couldn't
find the relevant symbols when compiled for x86 platform (as
it was processed the very last):
| [...] undefined reference to `__atomic_compare_exchange'
Using this patch the library appears at the end, along with
the other EXTRA_LIBS, after the list of linked resources,
allowing linking to succeed.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
