1. Changelog:
https://github.com/rikyoz/bit7z/releases/tag/v4.0.11
2. Drop following patches as they were merged upstream.
0001-Fix-reinterpret-cast-compiler-errors.patch
0001-Fix-int8_t-storage-in-BitPropVariant-on-Arm-architec.patch
0001-Allow-running-tests-on-target-when-cross-compiling.patch
0001-Allow-specifying-path-to-7z-library-in-tests.patch
0001-Fix-tests-with-musl.patch
3. Adjust Ptest SRCREV to adopt to latest bit7z
SRCREV_filesystem refer to bit7z-4.0.11/cmake/Dependencies.cmake
SRCREV_catch2 refer to bit7z-4.0.11/tests/CMakeLists.txt
SRCHASH_CPM and TAG_CPM refer to bit7z-4.0.11/cmake/Dependencies.cmake
4.cmake/Dependencies.cmake has redefined to check and download CPM_${CPM_DOWNLOAD_VERSION}.cmake file to
CPM_SOURCE_CACHE, so it will show error in do_configure as ./build/cpm_cache/cpm/CPM_0.42.0.cmake is empty
| -- Downloading CPM.cmake to ...bit7z/4.0.11/build/cpm_cache/cpm/CPM_0.42.0.cmake
| CMake Error at cmake/Dependencies.cmake:15 (file):
| file DOWNLOAD cannot compute hash on failed download
|
| from url: "https://github.com/cpm-cmake/CPM.cmake/releases/download/v0.42.0/CPM.cmake"
| status: [6;"Could not resolve hostname"]
So change ${B}/cmake to ${B}/cpm_cache/cpm/ to fix this issue.
./build/cpm_cache/cpm/CPM_0.42.0.cmake
5. Add 0001-cmake-disable-filesystem-gitclone.patch to fix filesystem git clone error
Fix error log as following:
| fatal: unable to access 'https://github.com/rikyoz/filesystem.git/': Could not resolve host: github.com
| Had to git clone more than once: 3 times.
| CMake Error at bit7z/4.0.11/build/_deps/ghc_filesystem-subbuild/ghc_filesystem-populate-prefix/tmp/ghc_filesystem-populate-gitclone.cmake:50 (message):
| Failed to clone repository: 'https://github.com/rikyoz/filesystem.git'
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Do not pass qrtr=false explicitly since recipe enables or disables it
based on the PACKAGECONFIG value. Also, use += with EXTRA_OEMESON.
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
SPDM emulator implementation based on libspdm.
It provides requester and responder tools used for
testing SPDM protocol communication.
Upstream: https://github.com/DMTF/spdm-emu
Signed-off-by: Jino Abraham <jinoabraham26@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tag is not on any branch.
Add tag to SRC_URI.
Changelog:
https://github.com/zchunk/zchunk/compare/1.5.2...1.5.3
Changes:
- update to 1.5.3
- rename internal close() functions to close_zck_component to avoid POSIX conflict on AIX
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add 'tag' to SRC_URI
Changelog:
https://github.com/stephane/libmodbus/releases/tag/v3.1.12
Changes:
- Fix FD_SET overflow when socket fd >= FD_SETSIZE.
- Check dest pointer not null and nb in read functions.
- NULL check for src and nb < 1 validation in write functions.
- modbus_reply: don't compute address for FC 0x07/0x11.
- Use O_NONBLOCK instead of deprecated O_NDELAY
- Explicit cast for Coverity CID 416366.
- Document required buffer size of modbus_receive.
- Document macros for error codes corresponding to Modbus exceptions
- Fix example of modbus_rtu_set_serial_mode
- Test filesystem provides symlink in autogen.sh
- Sync API signatures with the documentation.
- Many documentation fixes and typo corrections.
- Add coverage target and helper script.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.11.0
Highlights
- kafka-source(): The new kafka() source can directly fetch log messages from the Apache Kafka message bus using the librdkafka client.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/eclipse-paho/paho.mqtt.cpp/releases/tag/v1.6.0
Changes:
- Bumped Paho C submodule to v1.3.16 and updated directory name to externals/paho.mqtt.c
- Some significant performance increases (lower latency) for connect and publish
- Fixed topic_matcher and topic_filter to properly match parent with multi-level ('#') wildcard.
- Slight optimization of topic_filter to do simple string comparison if the filter does not contain wildcards.
- Set a minimum version for Paho C in the CMake file. Report the version found.
- .deb version properly set, and add architecture name to .deb file
- remove const from connect_options_builder 'move' constructor
- fix potential deadlock in thread_queue on capacity increase.
- Incorrect default retain value in a will options constructor
- prevent undefined behaviour on empty topic matching
- Sync reconnect example crashes on first reconnect
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/eclipse-paho/paho.mqtt.c/releases/tag/v1.3.16
Changes:
- Bumped minimum CMake to v3.12
- Consolidated "Event" thread signaling object.
- Reduce latency on connect #1430
- Fixed warning in Window build for TCP_NODELAY
- Added a .clang-format file and bash script to run it
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removed patch included in this release
Changelog: https://github.com/akheron/jansson/releases/tag/v2.15.0
Features:
- Add support for realloc by adding json_set_alloc_funcs2, json_get_alloc_funcs2
Fixes:
- Optimize serializatio
- Fix docstrings in hashtable.h
Build:
- Use target-based cmake settings
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tag is not on any branch.
Changelog:
https://github.com/fluent/fluent-bit/releases?q=4.2.3.1
Changes:
- release: update to 4.2.3
- copyright: update year to 2026
- filter_kubernetes: fix parser annotation leak
- github: scripts: commit_linter: Handle bin prefix for fluent-bit.c
- bin: Handle CONT signal properly under leaks command
- filter_wasm: Handle group metadata
- cmake: kafka: fix OAuth Bearer detection on Windows
- maintenance: update branch and security EOL info
- github: scripts: commit_prefix_check: add config format rules on linter
- readme: update active branch 4.2
- out_opentelemetry: on HTTP/2, read and process gRPC status code
- config_format: cf_yaml: Align the behavior of dirname against POSIX [Backport to 4.2]
- filter_log_to_metrics: fix initialization and exception cleanup
- out_stackdriver: clean up oauth2 cache lifecycle
- filter_kubernetes: Adjust cleanup ordering to avoid use-after-free [4.2 backport]
- in_winevtlog: Add text format for event rendering [Backport to 4.2]
- in_tail: Add skipped_lines counter [Backport to 4.2]
- in_splunk: Implement handling remote addr feature [Backport to 4.2]
- aws: switch AWS Endpoints for European Souvereign Cloud [4.2 backport]
- plugin_proxy: enable event_type specification for proxy plugins (4.2 Backport)
- in_splunk: Plug memory issues [Backport to 4.2]
- dockerfiles: install minimum components and avoiding to use includeRecommended
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925
The vulnerability has been fixed since 7.0.18[1], however NVD
tracks this CVE without version information.
[1]: 89dec866ec
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs were ignored because they were tracked by NVD using
incorrect version information. Since then this information seems
to be reflected correctly, it is not needed to ignore them explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
- Upstream has removed incorrect gplv3 text from the license (because agplv3
is the correct), which changed the checksum
- The recipe had incorrect license indication. Redis 8 is not BSD licensed,
but depending on the user's choice, it's agplv3 or sspl (or custom redis
license, which is not added to the list)
Changelogs:
8.0.6:
- Security fix: A user can manipulate data read by a connection by
injecting \r\n sequences into a Redis error reply
8.0.5:
Bugfixes:
- HGETEX - potential crash when FIELDS is used and numfields is missing
- Potential crash on HyperLogLog with 2GB+ entries
- Cuckoo filter - Division by zero in Cuckoo filter insertion
- Cuckoo filter - Counter overflow
- Bloom filter - Arbitrary memory read/write with invalid filter
- Bloom filter - Out-of-bounds access with empty chain
- Bloom filter - Restore invalid filter [We thank AWS security for
responsibly disclosing the security bug]
- Top-k - Out-of-bounds access
8.0.4:
Security fixes
- (CVE-2025-49844) A Lua script may lead to remote code execution
- (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
- (CVE-2025-46818) A Lua script can be executed in the context of another user
- (CVE-2025-46819) LUA out-of-bound read
New Features
- VSIM: new EPSILON argument to specify maximum distance
Bug fixes
- Potential use-after-free after pubsub and Lua defrag
- Potential crash on Lua script defrag
- HINCRBYFLOAT removes field expiration on replica
- Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE
- Endless client blocking for blocking commands
- Vector sets - RDB format is not compatible with big endian machines
- EVAL crash when error table is empty
- Gracefully handle short read errors for hashes with TTL during full sync
8.0.3:
Security fixes
- (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
- (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
New Features
- VSIM: Add new WITHATTRIBS to return the JSON attribute associated with an element
Bug fixes
- A short read may lead to an exit() on a replica
- db->expires is not defragmented
8.0.2:
Security fixes
- (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE
Bug fixes
- Cron-based timers run twice as fast when active defrag is enabled
Other general improvements
- LOLWUT for Redis 8
8.0.1:
Performance and resource utilization improvements
- Vector sets - faster VSIM FILTER parsing
Bug fixes
- Query Engine - revert default policy search-on-timeout to RETURN
- Query Engine - @__key on FT.AGGREGATE used as reserved field name preventing access to Redis keyspace
- Query Engine - crash when calling FT.CURSOR DEL while retrieving from the CURSOR
Notes
- Fixed wrong text in the license files
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fixes for CVE-2026-27596, CVE-2026-25884 and CVE-2026-27631.
Ptests passed successfully.
Changelog:
Fix leak
CI: update mac runner for 0.28.x branch
Add some new cameras and lenses
Make DataValue::value_ public
fix reading mp4 url box nested in non video/audio track
fix: do not add target exiv2lib if the target already exists
Add size checks to avoid large memory allocations
Fix size calculation in XmpTextValue::size()
Avoid calling std::find or std::string with an invalid range
Backport all changes in .github/workflows from main to 0.28.x
Fix out-of-bounds read in CrwMap::decode0x0805
Fix UBSAN false positive
Upload crash files when fuzzing fails
Remove nightly release
Fix regression in Canon lens detection
fix wrong timescale used to calculate fps
Remove nightly release vestiges
conan: update dependencies
Add Tamron 18-400mm on Nikon D90
Add Ricoh GR IV HDF and Monochrome IDs
Refresh translations
Add build provenance attestation
Add fuzz target for previews
Align some docs to main
Update README.md
add enforce to prevent integer overflow
Add enforce to check for integer overflow
Release Exiv2 version 0.28.8
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fixes CVE-2026-3102
Changelog:
13.52:
- Added a number of new XMP tags written by Adobe software
- Added UTF-16 support for a few different metadata types in which only UCS-2
was previously implemented
- Added a few more Canon FlashModel values and decode FlashModel for the
5DmkII
- Added a new Canon LensType
- Added some missing file attribute bits to two of the new LNK tags
- Decode internal serial number for the 5DmkII
- Decode another OwnerName for the 5DmkII
- Decode some timed GPS for a couple of new DJI drones
- Enable WindowsLongPath by default only if Win32::API is available
- Renamed the Pentax K3III AFInfo tag to AFInfoK3III
13.51:
- Added a new Nikon LensID
- Decode more tags from Windows LNK files
- Decode another LIGOGPSINFO variant
- Decode some new Canon tags
- Decode some new Nikon tags
- Split decoding on Nikon BurstGroupID into separate tags
- Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4
videos introduced in 13.45
- Fixed bug generating the default-language version of
QuickTime:LocationInformation
13.50:
- Added a few new Sony lenses
- Added a couple of new Canon lenses
- Decode another Samsung trailer tag
- Decode BlackLevels from some Canon CRW files
- Updated Sony maker note decoding for the ILCE-7M5
- Patched potential MacOS security issue
- Fixed -list options so reading image files beforehand doesn't add tags to
the output when running multiple commands using the -execute feature
13.49:
- Decode a couple of new Samsung trailer tags
- Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the
changes can be worked through in detail
- Fixed problem where Google Photos had problems displaying ExifTool-edited
HEIC MotionPhoto images. Files written by older versions of ExifTool may be
repaired by re-writing with 13.49 or later
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves USDT probe test failures on ARM64 platforms.
Without these changes, the .note.stapsdt section containing probe
information was missing entirely on ARM64, causing test failures when
attempting to find and attach to USDT probes in the BCC test suite.
Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5491]
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop the patch that is included in this release.
Actually that is also the changelog since the previous version - there
were no other changes beside the accepted patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fio 3.40 added the commit 4175f4dbec5d ("oslib: blkzoned: add
blkzoned_move_zone_wp() helper function") which uses
FALLOC_FL_ZERO_RANGE which in a musl build is undefined without
including its header.
Backport the upstream fix.
Signed-off-by: Max Krummenacher <max.oss.09@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rtla source code is present in the kernel source tree at tools/tracing/rtla.
There is another build option for rtla to enable bpf bindings, this was
not a quick one to get working and left as a future improvement.
Makefile for rtla has evolved in newer kernels (v6.9). Some fixes needed for
support with older kernels. This commit was tested against 6.18 and 6.8.
Also add rtla to packagegroup-meta-oe-benchmarks.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When having a DEPENDS against cpupower it need to leave its header files.
Remove that cleanup that has been present since the beginning of the recipe
without any (to me) known reason.
cpupower ship a systemd service and config file in kernel source tree
since kernel 6.16. Package them as a separate package cpupower-systemd to
be installed if wanted.
Add cpupower to packagegroup-meta-oe to be included in builds of all
packages.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This version has been EOL since the end of February. There is a recipe
available for v8, which is still supported.
Drop this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libcppconnman is a C++ library to control ConnMan via D-Bus. It exposes
simple aync methods to perform all the controls that ConnMan allow via
D-Bus.
Signed-off-by: Andrea Ricchi <andrea.ricchi@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The PKCS#11 provider has a mechanism [1] to support older applications
which have not yet migrated to the OSSL_STORE API [2]. It works by
encoding the 'pkcs11:' URI into a PEM file and passing that to an
application as a file. From the application's perspective it loads the
private key from a file, but OpenSSL will transparently use select the
provider to access it via PKCS#11 instead.
Instead of upstream's Python-based tool [3] (which would pull in
asn1crypto as a dependency), we just generate the ASN.1 for the PEM
using OpenSSL's 'asn1parse -genconf'.
It has been tested with RAUC, U-Boot's mkimage (for signed FITs) and
NXP's CST.
[1] https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md#use-in-older-applications-uris-in-pem-files
[2] https://docs.openssl.org/master/man7/ossl_store/
[3] https://github.com/latchset/pkcs11-provider/blob/main/tools/uri2pem.py
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OpenSSL 4.0 will drop support for engines and use providers instead.
To access SoftHSM and other PKCS#11 modules via the provider API, we
rely on https://github.com/latchset/pkcs11-provider, which is already
available as via pkcs11-provider recipe.
We enable this provider by using a specific OpenSSL config when signing.
This means that recipes inheriting this class can decide whether they
want to use the engine or provider to access the key.
SoftHSM seems to produce broken keys when calling the C_CopyObject, so
disable caching in the provider for now.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-43023, and support for many new printers.
Drop patches that are included in this release (or the underlying problem
was solved on another way)
Changelog: https://developers.hp.com/hp-linux-imaging-and-printing/release_notes
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Nushell is a modern, cross-platform shell and programming language.
It is designed to work with structured data rather than plain text, and takes
inspiration from traditional shells like bash, object-based shells like
PowerShell, gradually typed languages such as TypeScript, functional
programming, and systems programming.
Add recipe for the latest release
- Written in Rust
- Combines a full-featured shell with a rich, structured programming language
- Operates on structured data instead of plain text
- Provides clear error messages and strong IDE support
- Designed for modern, cross-platform workflows
More information: https://crates.io/crates/nu
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The riscv64 is now in COMPATIBLE_HOST of valgrind.
The armv4/armv5/armv6 are not in COMPATIBLE_HOST of valgrind.
Update the settings accordingly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rrdtool package configuration 'graph' relies on graphical support. Ignore
it if none of x11 org wayland is in the distro features.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The NEON SIMD fast path in the bundled llhttp calls
__builtin_ctzll(match_mask) without checking if match_mask is zero.
When all 16 bytes in a NEON register are valid header value characters,
match_mask is 0. Calling __builtin_ctzll(0) is undefined behavior.
GCC at -O2 exploits this by optimizing "if (match_len != 16)" to
always-true, causing HTTP 400 Bad Request for any header value longer
than 16 characters on ARM targets with NEON enabled.
Fix by explicitly checking for match_mask == 0 and setting
match_len = 16. This bug affects both aarch64 and armv7 NEON targets.
The code this patch modifies is generated, so the patch itself isn't
suitable for upstream submission, as the root cause of the error is
in the generator itself. The fix has been merged upstream[1] in
llparse 7.3.1 and is included in llhttp 9.3.1. This patch can be
dropped when nodejs updates its bundled llhttp to >= 9.3.1.
[1]: https://github.com/nodejs/llparse/pull/83
Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The .git/hooks/commit-msg Git hook may already exist and not be
writable. E.g., in our environment it is a symbolic link to a script in
/usr/share.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
live555 is an old project, it has multiple CPEs associated with.
Set the ones in CVE_PRODUCT that are still active.
See CVE db query:
sqlite> select vendor, product, count(*) from products where vendor like '%live555%' or product like '%live555%' group by 1, 2;
live555|liblivemedia|1
live555|live555|7
live555|live555_media_server|2
live555|media_server|1
live555|streaming_media|160
All of them are relevant to this recipe, although media_server hasn't been used since 2007,
that one wasn't set.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
