With the current recipe I am getting
```
gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory
```
on my aarch64 machine
This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries
Instead of copying the binary just directly execute it
Additionally remove the unnecessary download of the prebuilt gn binary
Signed-off-by: Willi Ye <zye2@snap.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Labeled adb binary
- Moved adb shell from initrc_t to unconfined_t
- meta-selinux does not provide adb domain added policy in meta-oe
instead of refpolicy: SELinuxProject/refpolicy#1085
Signed-off-by: Gargi Misra <gmisra@qti.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: copyright years refreshed
Removed patch included in this release
Add path to fix compilation with gcc on aarch64
Changelog:
https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE
Changes:
Version 1.0.21
- security fix for the crypto_core_ed25519_is_valid_point() function
- new crypto_ipcrypt_* functions
- sodium_bin2ip and sodium_ip2bin helper functions
- XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions
Version 1.0.20-stable
- XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues
- The Fil-C compiler is supported out of the box
- The CompCert compiler is supported out of the box
- MSVC 2026 (Visual Studio 2026) is now supported
- Zig builds now support FreeBSD targets
- Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers
- Android binaries have been added to the NuGet package
- Windows ARM binaries have been added to the NuGet package
- The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes.
- The library can now be compiled with Zig 0.15 and Zig 0.16
- Zig builds now generate position-independent static libraries by default on targets that support PIC
- arm64e builds have been added to the XCFramework packages
- XCFramework packages are now full builds instead of minimal builds
- MSVC builds have been enabled for ARM64
- iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script
- Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options.
- Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup
- ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero
- A cross-compilation issue with old clang versions has been fixed
- JavaScript: support for Cloudflare Workers has been added
- JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes
- A compilation issue with old toolchains on Solaris has been fixed
- crypto_aead_aes256gcm_is_available is exported to JavaScript
- libsodium is now compatible with Emscripten 4.x
- Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete
- Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2026-32239 and CVE-2026-32240
Also, mark these CVEs explicitly patched, because NVD tracks them
without version info at this time.
Shortlog:
https://github.com/capnproto/capnproto/compare/v1.0.2...v1.4.0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a recipe for the cxx crate, which provides a safe and efficient
bridge for interoperability between Rust and C++ code. It allows
defining the FFI boundary in a shared Rust module and generates
compatible bindings for both languages during the build process.
The crate is implemented in Rust and supports zero-overhead FFI with
common Rust and C++ standard library types.
More information: https://crates.io/crates/cxx
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gcc complains about:
| ../../sources/gd-2.3.3/src/gd_filename.c: In function 'ftype':
| ../../sources/gd-2.3.3/src/gd_filename.c:99:9: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
| 99 | ext = strrchr(filename, '.');
| | ^
| cc1: all warnings being treated as errors
Even the newest git master commit does not fix this.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Without xz present, compilation fails with the following error:
| <...>/x86_64-oe-linux-ld: warning: liblzma.so.5, needed by <...>/libbcc.so, not found (try using -rpath or -rpath-link)
| <...>/x86_64-oe-linux-ld: <...>/libbcc.so: undefined reference to `lzma_code@XZ_5.0'
| <...>/x86_64-oe-linux-ld: <...>/libbcc.so: undefined reference to `lzma_end@XZ_5.0'
| <...>/x86_64-oe-linux-ld: <...>/libbcc.so: undefined reference to `lzma_stream_decoder@XZ_5.0'
| collect2: error: ld returned 1 exit status
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Building android-tools v29.0.6.r14 with glibc 2.43 fails due to ISO C23
changes to strchr(). Add a patch to update the affected libunwind sources
to use const pointer types to fix this build failure.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fastfetch is a customisable tool for displaying system information in a
terminal.
Signed-off-by: Tafil Avdyli <tafil@tafhub.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Building krb5 with glibc 2.43 fails due to ISO C23 changes to strchr() and
related search functions. Backport the upstream fix that updates code to
use correct pointer types and adjusts function signatures accordingly.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.5.4
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade gosu from 1.17 to 1.19.
Add extra tag=${PV} parameter in SRC_URI to ensure we're at the
correct srcrev.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In this new version, we need to 'rewrite-time' first as
it's a build host tool that is used during the actual build.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following two patches are dropped as they have already been
in the new version:
- 0001-exe-Makefile.am-add-CROSS_LAUNCHER-to-run-odbc_confi.patch
- CVE-2024-1013.patch
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove patch, the change is already in code.
Changelog:
https://github.com/PJK/libcbor/releases/tag/v0.13.0
Changed:
- Fix small typo in release script
- Fix failing 32 bit tests due to cmocka macro repeating stack pushes
- Set cmake_minimum_required to 3.5
- Fix float_ctrl ctrl assertions failing in debug mode
- Check in vscode setup
- Add CBOR sequences example
- Add riscv64 config to CircleCI
- Add a test for malformed definite maps
- Add [[nodiscard]] support and auto-update to C23 in cmake
- Configure ctest on to export the test results to CircleCI
- Revamp the introduction doc into a more useful crash course
- Add OSX asan/lsan supression config
- Add cbor_copy_definite
- Improve handling and coverage reporting of exhaustive enum switches
- Add references to readme
- Update python deps and related docs
- Link tutorial in readme (and fix embedded RST formatting)
- Add a doc note on lto linking
- Add a doc for the reference count in cbor_array_set().
- Add gh link to docs
- Add #355 to changelog
- Bump version to 0.13.0
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapt patch 0007-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch
to new version of the code. Remove code which not exist and adapt to
new code.
Changelog:
v3.121:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html
Bugs:
- update vendored zlib to v1.3.2.
- Revert the unnecessary changes to intel-gcm-wrap.gyp.
- Use C fallback for AES-GCM on MinGW builds.
- fix ML-KEM PCT.
- Extend NSS Fuzzing docs.
- avoid integer overflow in platform-independent ghash.
- Fix errant whitespace in OISTE Server Root RSA G1 nickname.
- fix build with glibc-2.43 assignment discards ‘const’ qualifier from pointer.
- add gcm.gyp dependency for Solaris SPARC builds.
- Set nssckbi version to 2.84.
- Add e-Szigno TLS Root CA 2023 to NSS.
- allow manual selection of CPU_ARCH=x86_64 and ppc64 in coreconf/Darwin.mk.
- Update cryptofuzz version.
- Paranoia assert.
- Darwin compatibility for intel-aes.S and intel-gcm.S.
- rename intel-{aes,gcm}.s to .S.
- rename C files for platform-specific ghash implementations.
- simplify compilation of platform-specific GCM and GHASH.
- FORWARD_NULL null deref of worker in p7decode.c (sec_pkcs7_decoder_abort_digests).
- Out-of-Bounds Read in ML-DSA Private Key Parsing (zero-length privateKey).
v3.120:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_120.html
Bugs:
- Fix docs generation bug.
- CID 1678226: Dereferencing null pointer plaintext.data().
- Run PKCS12 fuzz target with –fuzz=tls in CI.
- Allowing RT be started several times.
- move linux decision and build tasks to d2g worker pools.
v3.119.1:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119_1.html
Bugs:
- restore coreconf/Darwin.mk behavior for intel archs.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Added a buffer that limits/deduplicates active dns requests
- Properly handle libcurl reuse of sockets
- Added SocketManager to handle reuse of uninterested fd's by the kernel
- Removed old work-arounds in epoll and force stricter handling of errors
- Allow disabling of stream buffering for plaintext logs
- Fix some compile warnings
- Fix use after free in UdnsResolver::try_resolve_numeric
- Fix crash in DhtRouter::bootstrap
- Fix key/value pairs in Lua
- Expand '~/' to $HOME in session path.
- dht_add_peer_node is empty, use dht_add_bootstrap_node instead
- Re-send smkx on SIGWINCH to fix arrow keys after terminal reattach
- Allow dht bootstrap nodes to be added when dht is off.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Fixed a bug in the JP2 encoder that caused incorrect handling of
opacity components in some cases.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* client: Fix use-after-free when creating async proxy failed
* daemon: Fix race on subscribers list when on thread
* ftp: Validate fe_size when parsing symlink target
* ftp: Check localtime() return value before use
* CVE-2026-28295: ftp: Use control connection address for PASV data
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters
* gphoto2: Use g_try_realloc() instead of g_realloc()
* cdda: Reject path traversal in mount URI host
* client: Fail when URI has invalid UTF-8 chars
* Some other fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
### Changed
--------------
- Using long node names in combination with the fdp layout algorithm no longer
results in truncated generated names.
- Vertical centering of text within HTML-like table cells has been improved.
- The existing ability to provide a numeric parameter to '-v'
to specify verbosity level are newly documented in 'dot --help'.
### Fixed
------------
- 'gvmap' no longer dereferences a null pointer when reading position-less
graphs.
- 'gvmap' no longer crashes when adding coordinate data.
- 'mm2gv' no longer accepts input matrices with non-'real' element type.
Previously these would be accepted but processed incorrectly leading to
out-of-bounds memory reads and writes.
- The 'Tcldot_Init', 'Tcldot_builtin_Init', and 'Tcldot_SafeInit' symbols in
'tcldot.dll' are externally visible on Windows. #2809
- The 'Tclpathplan_Init' and 'Tclpathplan_SafeInit' symbols in 'tclpathplan.dll'
are externally visible on Windows. #2809
- The Autotools build system more consistently uses '$PYTHON3' instead of
'python3' when invoking Python. This ensures developers are more easily able
to control the Python installation in use from the top level.
- The Autotools build system explicitly links against libglu libraries when
linking against libglut.
- Corrected time formatting in verbose info/debug messages (enabled by -v).
Previously, minutes was missing, showing HH:SS instead of HH:MM:SS.
- Further parts of the network simplex algorithm have been rewritten in a
non-recursive style. This allows processing larger graphs that previously
caused stack overflows. #2782
- Canonicalizing an empty string or a string entirely made up of characters
needing escaping no longer triggers an out-of-bounds memory write. This was a
regression in Graphviz 13.0.1. #2743
- An off-by-one error in the network simplex algorithm has been corrected. This
could have led to suboptimal layout in some edge cases. This was a regression
in Graphviz 13.0.0.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
x11 is moved in comit [1], but when DISTRO_FEATURES contains
opengl, but not contains x11, bitbake gtkmm4 reports:
ERROR: Nothing PROVIDES 'atkmm' (but /build/layers/meta-openembedded/meta-oe/recipes-gnome/gtk+/gtkmm4_4.20.0.bb DEPENDS on or otherwise requires it)
atkmm was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
[1] https://git.openembedded.org/meta-openembedded/commit/?id=2cd317e9551492a64fddf2fb535333eb7e3f7fef
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport three upstream patches that refactor thermald to support
non-Intel architectures, including ARM platforms. These commits were
merged upstream after the 2.5.11 release and are required to enable
correct thermal management on non-x86 SoCs.
Also update COMPATIBLE_HOST to allow building thermald on both Intel
and ARM hosts.
Upstream patches:
- Backport from commit 4cf42fc89ccdbcecdcd30b32a7ca8040be55c253
- Backport from commit 857fbdf3e9079cec04bfa5fe7a93a432485b5cab
- Backport from commit 1931a12e7e44b6b85a02a5d8158829eff4b9cc92
Signed-off-by: Priyansh Jain <priyansh.jain@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 2.12.1
Bug solution: tests during append of existing raw log are less strict now.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
