Changelog:
============
- Increase minimum required CMake version to 3.5, update Googletest to 1.13
- Bazel module builds
- node/convert: Enable the template specialization for std::string_view properly when the library is compiled by MSVC on Windows
- CMake: Allow to disable uninstall
- Update cmakelists to use system googletest if available
- Fix indentation of empty flow sequences
- Add option YAML_ENABLE_PIC
- fix: use C locale by default
- Use FetchContent_MakeAvailable
- fix: parse files with '\r' symbols as line ending correctly
- fix(src): avoid possible infinite loop in LoadAll()
- missing keys should throw InvalidNode, not BadConversion
- fix: prettier floating point numbers
- Optimization of merge memories
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Security fixes
-----------------
(CVE-2025-67733) RESP Protocol Injection via Lua error_reply
(CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message
(CVE-2026-27623) Reset request type after handling empty requests
Bug fixes
------------
Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand
Fix server assert on ACL LOAD when current user loses permission to channels
Fix bug causing no response flush sometimes when IO threads are busy
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Retain Error.pgconn when raising a single exception for multiple connection attempt errors
- Return a proper error when server sends ErrorResponse for a Sync after a Parse
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade thermald to release 2.5.11.
This update includes the following changes:
- Clang-tidy fixes
- Added support for Wildcat Lake platform
- Fixes for CVE related to symbolic link exploitations
- D-Bus interface fixes
- Removal of power group handling after Thermal Monitor support deprecation
Signed-off-by: Priyansh Jain <priyansh.jain@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Release notes [1]:
* improved code for ZIP, CPIO, RAR, UFD, QCOW, Compound.
* 7-Zip File Manager: improved sorting order of the file list. It uses
file name as secondary sorting key.
* 7-Zip File Manager: improved Benchmark to support systems with more
than 64 CPU threads.
* the bug was fixed: 7-Zip could not correctly extract TAR archives
containing sparse files.
* some bugs were fixed.
License-Update: copyright years refreshed
[1] https://github.com/ip7z/7zip/releases/tag/26.00
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add also native class to support building the library for the host
system to use it e.g. with the newer dynamic SDK.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog:
Support i.MX952 15x15 EVK with Power group updated.
2. Update 0001-CMakeLists-do-not-use-vendored-libcurl.patch for 1.1.128
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
While touching this recipe, also switch to FreeRDP3 dependency,
which is still maintained, opposed to v2.
Changelogs:
https://gitlab.com/Remmina/Remmina/-/releases
1.4.43:
Add minimal macOS build support
Revert "Added kerberos-config plug"
Fix issue preventing SPICE plugin from being loaded
Do not calculate monitor shift if using freerdp_settings_set_monitor_def_array_sorted
1.4.42:
add option to enforce IPvX preference
Fix ssh x11 forwarding crashing in nixos
Add support for smartcard authentication
Add option to delay floating toolbar popup
Update FreeRDP checks to newer version
Fix typo
Update AppStream metadata !2684
update ffmpeg
Create named SPICE connection
Fix session stuck problem with KeePassXC
default dynamic resolution when supported issue
toolbar disappearance in some multi-monitor situations
Enable AAD support in Flatpak build
Create viewonly mode button on rcw toolbar
Permit css customization in scrolled window mode
src/remmina_ssh.c: zero-initialize RemminaSFTP structs
[plugins/rdp] fix memory leaks
Strip whitespace from quickconnect
[cmake] mark include_directories SYSTEM
[rdp] fix FreeRDP_MonitorLocalShift[XY]
fix various compiler warnings
UI: move view_toggle_button on the left
bug: double free on remmina_string_array_free
run update-translations.sh
Avoid Gettext incorrectly considering c-format
Disable save password prompt on quick connect authentication prompts
fix UB when connecting by link-local address
Added kerberos-tickets plug
Added kerberos-config plug
Fix floating toolbar popup regression in multimonitor
1.4.41:
Update keyboard mapping
Fix segfault that could happen when attempting to save a connection profile
Add ifdef to allow compilation without libssh
Add environment variable to prevent openssl config issue
Update snap to latest FreeRDP version
Toggle sending null or empty password when field is left blank
Add checks to allow FreeRDP2 compatibility
Fix KeyStroke function for SPICE plugin
Raise max length of username field to 300 from 100
Allow use of ssh command line arguments to create ssh connections
Fix use of default_value in remmina_file_get_int
Implement VNC connection timeout
Fix warnings
Prevent crash when pasting an image using RDP if gdk_pixbuf_save_to_buffer fails
Properly save and load color themes !2662
Fix Flatpak crash when moving floating tool bar
Save unlock password when set outside of the preferences menu
Update CMAKE_PREFIX_PATH in snapcraft.yaml
Properly implement keyboard interactive ssh authentication
Made hiding connection profile name on floating toolbar optional
Add a local terminal plugin
Allow Flatpak build to run commands
Allow users to connect to multiple connections or groups of connects at once
Create autostart directory if it does not exist.
Fix autostart directory create for flatpak.
Python Wrapper plugin: Fix typo + add comment for edge-case hinting that the plugin needs to be installed
Several small fixes and improving group connections
1.4.40:
Fix invalid free causing crash with sending keystrokes and clipboard contents
Fix SEGV when removing a non-exitend connection
Adjust floating toolbar to take up less space
Fix issue with multimonitor configuration needed for FreeRDP versions after 3.10.x
Add option to allow ssh-rsa keys to be used for ssh connections
Only set the max width and height to full monitor if using multimonitor
Fix typo
Revert calls back to uint
Fix issue with RDP scaling on connect
Add option to force multimonitor mode
Added the options to start connections in fullscreen mode and/or with dynamic resolution enabled for protocols that support the options
Allow empty passwords to be passed to FreeRDP
Allow import/export of ssh tunnel settings
hide local cursor when showing remote cursor
1.4.39:
Fix bug passing wrong value in SPICE plugin (Breaking compilation on some distributions)
1.4.38:
Add option to automatically copy ssh text when selected
Allow -c to work with www plugin
Don't prompt about closing connections with no connections
Mainly fixing memory leaks and some small bugs
1.4.37:
Implement horizontal smooth scrolling in RDP
Allow -c to work with www plugin
Add ability to lock message panels to one side of the window
fix dangling pointer in ssh_options_get_port invocation
Revert "[REM-2854] Add timeout option to handle VNC disconnects"
Fix OpenSSL include dir
Revert "[REM-3121] Handle GotFrameBufferUpdate on its own thread to prevent freeze"
fix compile warning that is failure with newer gcc versions
Add null check to prevent crash when pasting empty clipbaord
[REM-3086] Remove support for FreeRDP_SupportMonitorLayoutPdu to prevent loss of keyboard with xrdp
Don't rely on padding characters to be present to try decrypting passwords
Add option to immediately close VNC windows when they fail to...
Allow Remmina to use plugins immediately on download without needing a restart
Add plugin api to allow Remmina to display if a profile is...
Fix error message for failed RDP connection
Add more detail to bug report to make certain issues easier to solve
Resize icons to fit flatpak specifications
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This version has been EOL for a year now. There are recipes for two other,
still maintained versions in the layer.
Drop this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- 282 new ATRs
- pcsc_scan: display what the program expect from the user
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- os_stub/openssllib: Allow building with older OpenSSL versions
- Ignore MSVC warning when compiling OpenSSL
- Bring fixes from main to 3.8
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Improve as_date narrowing conversion from C4244 warning
- update trait dependencies to support CMake v4
- Fix linter error
- Update workflows for new GitHub Action Runner Images
- Support passing ssl library key handles to algorithms
- Update CMP0135 to new behaviour
- Fix error in CMake config-file package
- CMake: synchronize cmake_minimum_required from main CMakeLists.txt
- Reduce usage of std::time_t, std::chrono::system_clock::to_time_t and
system_clock::from_time_t in order to get correct dates when working with a
32bit application
- Fix set_expires_in not accepting non-default Period
- AppVeyor Warnings
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Fix afskmdm shutdown issues
- Fix a crash if gensio_acc_disable() is called more than once.
- Allow the pcre2 package to be used.
- Fix a locking issue in cm108gpio.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Support DOS-style \r\n line breaks when loading filelists. Note that
they will be saved with UNIX-style \n line breaks regardless of input
format. This is intentional.
* Fix --action, --info, --title and similar commands hard-coding the
maximum length of the formatted output to 4095 characters.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Fix license checksum: Copyright year has been changed
- Add support for av1 and jxl
- libavif is in meta-multimedia -> disable av1 by default
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the following error:
ERROR: core-image-minimal-1.0-r0 do_rootfs: Postinstall scriptlets of ['tigervnc'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CPEs are registered for iperf_project2:iperf2 in addition to
iperf_project:iperf. By changing CVE_PRODUCT to an appends, this ensures
that both iperf and iperf2 CPEs are used for CVE matching.
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-2568
This commit mostly just tries to add some info to this issue, in the
hope that it will save some time for others who try to investigate it.
This CVE most probably will stay open in meta-oe in the foreseeable future,
although it can be mitigated reasonably easily by the users of the layer.
The description of the vulnerability is short enough that it can be
reproduced here: "pkexec, when used with --user nonpriv, allows local
users to escape to the parent session via a crafted TIOCSTI ioctl call,
which pushes characters to the terminal's input buffer."
The general consensus amongst developers/major distros[1][2][3] seems to be that
it should be mitigated on the kernel side, to not allow non-privileged
users to fake input.
To this end, the kernel has introduced a new config in v6.2, called
CONFIG_LEGACY_TIOCSTI - when it is enabled, non-privileged used can
also fake input. It is however by default enabled (and it is also enabled
in the kernels shipped in oe-core, at least at the time of writing this).
Disabling this kernel config is considered to be the mitigation, to allow
input-faking only by privileged users.
[1]: https://security-tracker.debian.org/tracker/CVE-2016-2568
[2]: https://bugzilla.suse.com/show_bug.cgi?id=968674
[3]: https://marc.info/?t=145694748900001&r=1&w=2 / https://marc.info/?l=util-linux-ng&m=145702209921574&w=2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22853
The vulnerable feature was introduced in v3.9.0[1], the
recipe version is not affected. Ignore this CVE.
[1]: a4bd5ba886
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22852
The related github advisory[1] comes with an analysis of the
vulnerability, including pointing to the vulnerable code
snippet. Backported the commit that touched the mentioned
code part in the fixed version, and is in line with the
description of the issue.
Ptests passed successfully.
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe gets CVEs with two CPEs: hplip and linux_imaging_and_printing.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from PRODUCTs where PRODUCT in ('hplip', 'linux_imaging_and_printing');
CVE-2009-0122|hp|hplip|2.7.7|=||
CVE-2009-0122|hp|hplip|2.8.2|=||
CVE-2015-0839|hp|linux_imaging_and_printing|||3.17.7|<=
CVE-2025-43023|hp|linux_imaging_and_printing|||3.25.2|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This out-of-tree kernel module was mainlined in Linux 5.10.
The previous LTS kernel, 5.4 is EOL, and oe-core ships with newer
kernels - there is no need to keep this recipe around.
It also has an explicit SKIP_RECIPE tag, it wasn't tested since
a long time.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
