Handles CVE-2025-11677, CVE-2025-11678, CVE-2025-11679 and
CVE-2025-11680.
* drop patches included in this release
* update license
* add packageconfig for examples as those don't build
License-Update: added new license, see:
https://libwebsockets.org/git/libwebsockets/commit?id=e3dca87f23e8f783e1008b54829b39f9d7b083df
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ends up in the native/nativesdk depchains especially when
building on arm64 build hosts.
Fixes errors e.g.
WARNING: Nothing RPROVIDES 'nativesdk-libopus-dev' (but virtual:nativesdk:/srv/build/yoe/sources/meta-openembedded/meta-oe/recipes-multimedia/libopus/libopus_1.5.2.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'nativesdk-libopus-dev'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes for 1.5.2 'Sonic':
--------------------------
1.5.2 is a minor release of dav1d, focused on maintenance:
- minor speed improvement in recon
- improvements on loongarch symboles visibility and asm
- mark C globals with small code model
- reduce the code size of the frame header parsing (OBU)
- minor fixes on tools and CI
- fix compilation with nasm 3.00
Copyright year has been changed:
04faac6900
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop memory leak patch which has already been included in this new version.
The new version also includes a fix for CVE 2025-62408.
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.6
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
352
Shown a warning if the last shutdown/reboot was unclean
Bug fixes and translation updates
351
Firewall ports can be deleted individually
350
networking: fix renaming of bridges and other groups (RHEL-117883)
bridge: fix OpenSSH_10.2p1 host key detection
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit 1175d5c8c13d73568d4ab55a3cf628456fcc1a7d.
Since this recipe inherits bash-completion, adding
${datadir}/bash-completion to FILES:${PN} should not be needed (in
addition to being the wrong thing to do as the files are expected to be
packaged in the ${PN}-bash-completion package). The reason the problem
addressed in commit 1175d5c8c13d73568d4ab55a3cf628456fcc1a7d turned up
is due to the recent change to the bash-completion bbclass, where it
started to use PACKAGE_BEFORE_PN. This clashed with the lib_package
bbclass, which used to set rather than add to PACKAGE_BEFORE_PN, and
since it is inherited after bash-completion, it overrid what
bash-completion does.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are two different types of tags in glslang git repo. One is the
release tag of the project itself: 15.2.0, 14.3.0, etc. The other tag is
for Vulkan SDK: vulkan-sdk-1.4.309, vulkan-sdk-1.4.304.1, etc.
The vulkan sdk tag is used for glslang in openembedded-core because it
needs to update in locksetup with vulkan, which leads to a mismatch
between the runtime version and the build version. Set CHECK_VERSION_PV
for it to skip the version check.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade Vulkan CTS to the point release, fixing several tests. While we
are at it, refresh Vulkan-Video-Samples patches.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This helps tests not hitting timeout (120s default)
especially testmesg_stress test can timeout on slower machines
e.g. fully emulated ( non-kvm ) qemu machines e.g.
qemuarm64 on x86_64 machine.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When OpenCV is being built with the "fastcv" packageconfig, several
OpenCV libs are linked against the libfastcv.a. At runtime this lib will
dlopen(libfastcvopt.so.1), providing a fallback to slow algorithms, etc.
However as it is dlopen() rather than dynamic linking, there is no
runtime dependency.
In Yocto, if we enable a feature, we expect that all runtime
dependencies are pulled in. Utilize the qcom-fastcv-binaries recipe
provided by the meta-qcom layer and pull in libfastcvopt1 package as
required.
Cc: Pulkit Singh Tak <ptak@qti.qualcomm.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The minicoredumper has multiple 2038 year problems where 'long' type
variables and strtol() function calls cause overflow on 32-bit systems
when handling timestamps after 2038-01-19.
This leads to incorrect timestamp formatting in core dump directory
names (e.g., sleep40s.20380119.031407+0000.598).
Fix by changing 'long timestamp' to 'time_t timestamp' and replacing
strtol() with strtoll() to properly handle 64-bit timestamps on
32-bit systems.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This tweak was specific to clang-16, its no longer needed
moreover, setup.py is no longer there in latest 0.19.x
release
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relase Overview:
* BFD the ability to listen for specific VRFs only
- Configure which VRFs the BFD daemon will listen to. By default, BFD listens to all VRFs
present in the system, including the default VRF. Default VRF must be specified as `default`.
* BGP SRv6/MPLS coexistence
- Allow MPLS and SRv6 to coexist on the same L3VRF, even for a given prefix. This feature is
important in brown fields where some operators want to migrate from MPLS to SRv6 backbone.
* BGP SRv6 locator per VRF support
- Ability to choose SRv6 locator per VRF.
* BGP Error handling (RFC 7606) for iBGP peers
- Before 10.5.0, once we received a malformed packet between iBGP peers, we always reset the
session, and with this release, we handle malformed packets the same way as for eBGP
(by withdrawing or discarding the malformed packets).
* BGP IPv6 Link-Local Capability is disabled by default
- In 10.4.0, this capability was enabled by default for a “datacenter” profile, but it’s disabled
for 10.5.0 and will be backported to 10.4.2 as well. The problem arises when the receiver has
configured a route-map with `set ipv6 next-hop prefer-global` and we send only an IPv6 Link-Local
address; therefore, it was decided to revert it to be disabled by default.
* BGP BGPID Next-Hop Characteristic
- In some cases, the BGP speaker sending a route might encode only a link-local address and no
global address. To provide uniqueness in this case, it is sufficient to associate the BGP
Identifier and AS Number of the route's sender. The BGP Identifier Characteristic
(BGPID) provides a way to convey this information if required.
* BGP EVPN flooding per VNI support
- Add an ability to adjust BUM flooding per VNI, instead of just globally. E.g., disable flooding
only for an arbitrary VNI.
* BGP RPKI strict mode
- RPKI strict mode prevents BGP from establishing a session if no RPKI cache server
is connected.
* BGP rejects AS_SET by default**
- Until 10.5.0, it was disabled by default, and since RFC 9774 was published, we switched this on
by default (to reject).
* BGP has lots of improvements for Graceful-Restart**
* PIM/PIMv6 route-map support to allow users to filter IGMP/MLD joins using source, group, and
interface combinations
* Support for multiple SRv6 locators
- This extends the SRv6 SID Manager to add support for multiple locators.
* Zebra 16-bit next hop weights support
- The weights used in ECMP’s consistent hashing have been widened from 8 bits to 16 bits since
the 6.12 Linux kernel.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog
- The project has been completely refactored to use the Zstandard implementation from the standard library ([PEP-784](https://peps.python.org/pep-0784/))
- The refactor has some minor impact on public APIs, such as changing the exception raised on invalid input
2. Drop 0001-Bump-setuptools-dependency-from-74-to-89.patch as setuptools in requires was removed in pyproject.toml
3. HOMEPAGE has been changed to https://github.com/Rogdham/pyzstd.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: the project was relicensed from GPL-2 to GPL-3
Inludes fixes for the following vulnerabilities:
CVE-2025-7394, CVE-2025-7395, CVE-2025-7396, CVE-2025-12888, CVE-2025-11936,
CVE-2025-11935, CVE-2025-11934, CVE-2025-11933, CVE-2025-11932, CVE-2025-11931,
CVE-2025-12889
Drop patch that is incorporated in this release.
Changelog: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md
Ptests passed:
START: ptest-runner
2025-12-09T18:23
BEGIN: /usr/lib/wolfssl/ptest
Wolfssl ptest logs are stored in /tmp/wolfss_temp.6rsnys/ptest.log
Test script returned: 0
unit_test: Success for all configured tests.
PASS: Wolfssl
DURATION: 13
END: /usr/lib/wolfssl/ptest
2025-12-09T18:23
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ripgrep is a fast, line-oriented search tool written in Rust.
Add recipe for the latest release (15.1.0)
- Recursively searches the current directory using a regex pattern
- Respects .gitignore rules
- Provides first-class support on Linux
- 'rg' is significantly faster than grep
More information: https://crates.io/crates/ripgrep
Upstream Benchmarks:
Task ripgrep GNU grep Speedup vs grep
Basic search (Unicode) 536 lines, 0.082s 536 lines, 0.273s ripgrep ~3.3× faster
Ignoring gitignore files 447 lines, 0.063s 447 lines, 0.674s ripgrep ~10× faster
Large single file (~13GB) 7882 lines, 1.042s 7882 lines, 6.577s ripgrep ~6.3× faster
Bechmarks inside qemu (ripgrep built from this recipe):
Tool & Command Real Time User Time Sys Time Speedup vs grep
ripgrep (rg "printf" /usr) 0.496 s 0.511 s 0.604 s 3.1× faster
grep (grep -R "printf" /usr) 1.533 s 0.633 s 0.897 s —
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fd is a simple, fast and user-friendly alternative to 'find' written in rust.
Add recipe for the latest release (10.3.0)
- Ignores hidden and .gitignore files by default
- Supports regular expressions and highlights matches
- Faster and easier to use than traditional 'find'
More information: https://crates.io/crates/fd-find
Upstream Benchmarks:
Tool & Command Time (mean ± σ) Range (min … max) Speedup vs find
fd -u '[0-9]\.jpg$' ~ 854.8 ms ± 10.0 ms 839.2 ms … 868.9 ms ~13x faster
find ~ -iname '*[0-9].jpg' 11.226 s ± 0.104 s 11.119 s … 11.466 s —
Bechmarks inside qemu (fd built from this recipe):
Tool & Command Real Time User Time Sys Time Speedup vs find
fd (fd /path/to/search) 2.115 s 2.660 s 5.083 s ≈2.1× faster
find (find /path/to/search) 4.401 s 1.607 s 2.788 s —
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
