* https://github.com/jthornber/thin-provisioning-tools#project-hosting says:
The upstream repository has been moved to device-mapper-utils[1], an
organization established to collect utilities for various device mapper
targets. While the original repository remains mirrored, we recommend
cloning from the new location[2] for better long-term maintenance.
[1]: https://github.com/device-mapper-utils/
[2]: https://github.com/device-mapper-utils/thin-provisioning-tools
* 0001-Define-more-ioctl-codes-on-riscv32gc-unknown-linux-g.patch got merged
upstream in rust-lang/libc.
* dependency rio got dropped in 1.3.0
* The new patch disable-cargo-metadata enables the feature of devicemapper,
because the build fails otherwise.
* On 32 bit architectures, the new patch dms-no-layout-check disables checks
from bindgen they always fail.
From thin-provisioning-tools-1.3.1/CHANGES:
v1.3.1
======
- Improve thin_ls performance using the optimized approach from thin_check
v1.3.0
======
- Improve thin_check performance with an optimized I/O strategy and more
memory-efficient data structures.
- Rewrite AsyncIoEngine using tokio IoUring, removing the rio dependency
- Enhance thin_check with edge-case fixes, including space map boundary checks
- Update thin_explore to use ratatui, replacing the archived tui crate
v1.2.2
=======
- Fix command line parsing for era_invalidate --metadata-snapshot
v1.2.1
=======
- Fix incorrect number of data blocks in thin_shrink's output superblock
v1.2.0
=======
- Remove atty and safemem dependencies due to security concerns
- Remove unused threaded btree walk code
- Change BTreeWalker constructor to take IoEngine by reference for simplicity
(breaking change)
- Update fixedbitset and few other dependencies with required code changes
Cc: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
libsdl3-mixer has initially released
- binaries in wavpack-bin are only needed at runtime but cmake checks
for them during compilation and fails because they are (presumably
intentionally) not present in the target sysroot. Workround this issue
by touching the necessary files to please cmake.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Cryptographic library that exclusively contains
Quantum resistant cryptographic algorithms. It is lean has minimal dependencies,
supports stack-only operation and provides optimized implementations for
ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more
Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Adds ptest support for xdg-dbus-proxy.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Since adding these statuses NVD corrected their DB, and now both CVEs are
tracked with the correct version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also disable running clang-tidy on the code. On one hand the cmake script is trying to run
the target version of it, and on the other hand it is not needed for compiling it,
it is intended for upstream developers.
Changelog: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade sysdig to solve build failure after upgrading valijson to 1.1.0.
1.Changelog
https://github.com/draios/sysdig/releases/tag/0.39.0
2.Update 0001-cmake-Pass-PROBE_NAME-via-CFLAGS.patch for 0.39.0
3.Remove following patches as merged upstream
0001-Add-cstdint-for-uintXX_t-types.patch
0001-libsinsp-fix-build-with-gcc-15.patch
4.Add 0001-Avoid-duplicate-operations-of-add_library.patch to fix do_configure errors
-- Existing strlcat found, will *not* use local definition
CMake Error at falcosecurity-libs/userspace/libscap/CMakeLists.txt:64 (add_library):
add_library cannot create target "scap_error" because another target with
the same name already exists. The existing target is a static library
5.Add CMAKE option -DBUILD_SYSDIG_MODERN_BPF=OFF to fix bpf header file not found issue
sysdig/0.39.0/recipe-sysroot/usr/include/bits/syscall.h:23:10: fatal error: 'bits/syscall-32.h' file not found
| 23 | #include <bits/syscall-32.h>
6.Add do_configure:prepend() function and CFLAGS/CXXFLAGS to fix header file not found issue
sysdig/0.39.0/sources/sysdig-0.39.0/falcosecurity-libs/userspace/libscap/engine/kmod/scap_kmod.c:30:10: fatal error: driver_config.h: No such file or directory
| 30 | #include <driver_config.h>
7.Add do_compile:append() function to fix do_package QA Issue
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Current builds were extracting the relevance from LDFLAGS, which is
not the right thing to do. cflags carry the right elements to ensure
reproducibility with OE, so ensure its respected by makefile
Fixes
WARNING: agent-proxy-1.97-r0 do_package_qa: QA Issue: File /usr/bin/.debug/agent-proxy in package agent-proxy-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The patches are required to build with detached build directory and
cross-compiling.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The git repo gained some bugfixes, esp. for arm32. But there was no release
since mid 2023. So, use the git repo.
a20641f fix: handle non-numeric ARM CPU architecture values
d550ea8 fix: harmless 'dmesg: write error' that could happen on some systems
8e33a1d fix: set cpu_* vars to a default value
68b4617 update: fwdb from v345+i20251110+4df2 to v347+i20251110+615b, 2 microcode changes
9fed5ce update: fwdb from v344+i20250811+1523 to v345+i20251110+4df2, 45 microcode changes
72bce72 chore: really fix autoupdate workflow to avoid useless PRs
5f18e67 chore: fix autoupdate workflow
a8466b7 fix CVE-2017-5715 reporting when IBRS_FW is enabled
b99be23 update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes
ee4cfd0 chore: add autoupdate workflow for fwdb
c2c60e0 chore: fix recent shellcheck warnings
bae43d8 Replace head -1 by head -n1
34c6095 fix: Linux 6.9+ changed some config options names (#490)
e806e4b chore: docker compose v2
388d44e Fix Retpoline detection for Linux 6.9+ (issue #490)
bd0c7c9 fix: typo introduced by #483, fixes#486
d70e4c2 fwdb: update to v296+i20240514+988c
4e29fb5 fix: ucode_platformid_mask is hexa (fixes#485)
0f2edb1 feat: blacklist some more microcodes (fixes#475)
8ac2539 fix: microcode check now supports pf_mask (fixes#482)
97f4d5f feat(reptar): add detection and mitigation of Reptar
9b7b09a fix(inception): continued mitigation detection
c94811e fix(inception): Zen1/2 results based on kernel mitigations
3e67047 feat(inception): README
ecee757 feat(inception): kernel checks + sbpb support detection
fb6933d feat(inception): Zen1/2 IBPB and SMT checks
dc6921a feat(inception): handle sysfs interface
3167762 feat(inception): start supporting AMD inception
44223c5 fix: bsd: kernel version detection
dbe208f enh: downfall: detect kernel mitigation without sysfs
aca4e2a enh: move root warning to the bottom
c1c1ac4 feat(downfall): detection of the kernel mitigation relying on dmesg
ba0daa6 feat: downfall: add kernel soft mitigation support check
227c0aa feat(downfall): add downfall checks
8ba3751 fwdb: update to latest Intel ucode versions
d013c0a doc: add kernel src as additional ucode version source
cbe8ba1 fix: inteldb: cpuid 0x00090660 and 0x000A0680
9c2587b enh: when CPUID can't be read, built it by ourselves
2a5ddc8 feat: add Intel known affected processors DB
2ef6c1c enh: factorize file download func
3c22401 chore: update disclaimer and FAQ
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also remove PV. There is no need to set PV since the version is in the
recipe file name.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is no need to set PV since the version is in the recipe file name.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix build with glibc 2.43+
Changes:
Fixed various cross-platform compile-time issues
Honor nanosecond parameters/fields in relevant system calls
Limited improvements to enhance compatibility with other LD_PRELOAD libraries
Added selected more intercepted system calls
Unset FAKETIME_SHARED automatically for child processes when enabling FAKETIME_FLSHM=1
Disable shared memory for child processes through FAKETIME_DISABLE_SHM=1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openembedded-core updated to coreutils v9.10 in which commit
8c2461933411 ("timeout: honor ignored signal dispositions") changed the
behavior of timeout. It will no longer propagate SIGINT to background
shell jobs which breaks test-cases for gpio-tools which verify that they
exit correctly after receiving SIGINT. This backports the patch sent
upstream that removed the offending test-cases as we already have a
similar set of tests for SIGTERM.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The android-gadget-setup script currently hardcodes the USB vendor ID,
product ID, and configuration string. This makes it difficult for BSP
layers to customize USB gadget identity with platform specific values.
Introduce variables for the vendor ID, product ID, and configuration
string when populating the configfs attributes. This allows machine
or distro specific overrides via `/etc/android-gadget-setup.machine`,
while preserving the existing default values.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-1013
The vulnerability has been patched since 2.3.13[1], however
NVD tracks it without version info.
Due to this, mark it patched explicitly.
[1]: 249bfcc511
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Though NVD indicates that 0.28.8 is still vulnerable, that does
not seem to be the case: the fix that is referenced by the advisory
has been backported[1] to this verison. Due to this, mark this
CVE as patched.
[1]: 21d129c842
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69277
The vulnerability has been fixed[1] since version 1.0.20, but NVD
tracks it without version info. Mark it patched explicitly.
[1]: f2da4cd8cb
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains many bugfixes and CVE fixes:
https://github.com/FreeRDP/FreeRDP/releases/tag/3.24.0
Added build option to use internal rc4 and md4 ciphers: this is due
to a recent change in oe-core. OpenSSL's legacy ciphers (like RC4 and MD4)
are now disabled by default (with 'legacy' PACKAGECONFIG), however
FreeRDP3 relies on them.
To ensure that the required ciphers are available, build the
recipe with this ciphers' internal implementations instead of
expecting OpenSSL to support them.
Ptests passed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade OpenGL ES CTS to the last release, mostly bringing up fixes for
the existing tests.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade Vulkan CTS, fixing several small issues in the tests.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Redis 8.0 and later are tri-licensed, the licence options are:
* Redis Source Available License v2
* Server Side Public License v1.0
* GNU Affero GPL v3.0
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use this recipe to break a circular dependency between libfido2 and
systemd when systemd's fido PACKAGECONFIG is enabled. systemd depends
on libfido2, and libfido2 depends on udev provided by systemd. However,
systemd only depends on the headers provided by libfido2 and its pkgconf
data. systemd uses only the datatypes provided, and opportunistically
enables fido support if libfido2 is found.
This recipe provides only the headers and pkgconf data. This is
sufficient to allow systemd to build support for libfido2.
It only works with a related change I've submitted to openembedded core.
Signed-off-by: Dan McGregor <danmcgr@protonmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bash and python3 are only needed by the ptest package.
* xz appears to not be needed at all.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the current recipe I am getting
```
gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory
```
on my aarch64 machine
This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries
Instead of copying the binary just directly execute it
Additionally remove the unnecessary download of the prebuilt gn binary
Signed-off-by: Willi Ye <zye2@snap.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Labeled adb binary
- Moved adb shell from initrc_t to unconfined_t
- meta-selinux does not provide adb domain added policy in meta-oe
instead of refpolicy: SELinuxProject/refpolicy#1085
Signed-off-by: Gargi Misra <gmisra@qti.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: copyright years refreshed
Removed patch included in this release
Add path to fix compilation with gcc on aarch64
Changelog:
https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE
Changes:
Version 1.0.21
- security fix for the crypto_core_ed25519_is_valid_point() function
- new crypto_ipcrypt_* functions
- sodium_bin2ip and sodium_ip2bin helper functions
- XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions
Version 1.0.20-stable
- XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues
- The Fil-C compiler is supported out of the box
- The CompCert compiler is supported out of the box
- MSVC 2026 (Visual Studio 2026) is now supported
- Zig builds now support FreeBSD targets
- Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers
- Android binaries have been added to the NuGet package
- Windows ARM binaries have been added to the NuGet package
- The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes.
- The library can now be compiled with Zig 0.15 and Zig 0.16
- Zig builds now generate position-independent static libraries by default on targets that support PIC
- arm64e builds have been added to the XCFramework packages
- XCFramework packages are now full builds instead of minimal builds
- MSVC builds have been enabled for ARM64
- iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script
- Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options.
- Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup
- ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero
- A cross-compilation issue with old clang versions has been fixed
- JavaScript: support for Cloudflare Workers has been added
- JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes
- A compilation issue with old toolchains on Solaris has been fixed
- crypto_aead_aes256gcm_is_available is exported to JavaScript
- libsodium is now compatible with Emscripten 4.x
- Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete
- Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2026-32239 and CVE-2026-32240
Also, mark these CVEs explicitly patched, because NVD tracks them
without version info at this time.
Shortlog:
https://github.com/capnproto/capnproto/compare/v1.0.2...v1.4.0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a recipe for the cxx crate, which provides a safe and efficient
bridge for interoperability between Rust and C++ code. It allows
defining the FFI boundary in a shared Rust module and generates
compatible bindings for both languages during the build process.
The crate is implemented in Rust and supports zero-overhead FFI with
common Rust and C++ standard library types.
More information: https://crates.io/crates/cxx
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
