The git repo gained some bugfixes, esp. for arm32. But there was no release
since mid 2023. So, use the git repo.
a20641f fix: handle non-numeric ARM CPU architecture values
d550ea8 fix: harmless 'dmesg: write error' that could happen on some systems
8e33a1d fix: set cpu_* vars to a default value
68b4617 update: fwdb from v345+i20251110+4df2 to v347+i20251110+615b, 2 microcode changes
9fed5ce update: fwdb from v344+i20250811+1523 to v345+i20251110+4df2, 45 microcode changes
72bce72 chore: really fix autoupdate workflow to avoid useless PRs
5f18e67 chore: fix autoupdate workflow
a8466b7 fix CVE-2017-5715 reporting when IBRS_FW is enabled
b99be23 update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes
ee4cfd0 chore: add autoupdate workflow for fwdb
c2c60e0 chore: fix recent shellcheck warnings
bae43d8 Replace head -1 by head -n1
34c6095 fix: Linux 6.9+ changed some config options names (#490)
e806e4b chore: docker compose v2
388d44e Fix Retpoline detection for Linux 6.9+ (issue #490)
bd0c7c9 fix: typo introduced by #483, fixes#486
d70e4c2 fwdb: update to v296+i20240514+988c
4e29fb5 fix: ucode_platformid_mask is hexa (fixes#485)
0f2edb1 feat: blacklist some more microcodes (fixes#475)
8ac2539 fix: microcode check now supports pf_mask (fixes#482)
97f4d5f feat(reptar): add detection and mitigation of Reptar
9b7b09a fix(inception): continued mitigation detection
c94811e fix(inception): Zen1/2 results based on kernel mitigations
3e67047 feat(inception): README
ecee757 feat(inception): kernel checks + sbpb support detection
fb6933d feat(inception): Zen1/2 IBPB and SMT checks
dc6921a feat(inception): handle sysfs interface
3167762 feat(inception): start supporting AMD inception
44223c5 fix: bsd: kernel version detection
dbe208f enh: downfall: detect kernel mitigation without sysfs
aca4e2a enh: move root warning to the bottom
c1c1ac4 feat(downfall): detection of the kernel mitigation relying on dmesg
ba0daa6 feat: downfall: add kernel soft mitigation support check
227c0aa feat(downfall): add downfall checks
8ba3751 fwdb: update to latest Intel ucode versions
d013c0a doc: add kernel src as additional ucode version source
cbe8ba1 fix: inteldb: cpuid 0x00090660 and 0x000A0680
9c2587b enh: when CPUID can't be read, built it by ourselves
2a5ddc8 feat: add Intel known affected processors DB
2ef6c1c enh: factorize file download func
3c22401 chore: update disclaimer and FAQ
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since there are no sources being fetched, set S to UNPACKDIR to fix:
| WARNING: wowlan-udev-1.0-r0 do_unpack: wowlan-udev: the directory
| ${UNPACKDIR}/${BP} ... pointed to by the S variable doesn't exist
| - please set S within the recipe to point to where the source has
| been unpacked to.
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This avoids the following error:
In file included from spa/plugins/alsa/acp/compat.c:26:
spa/plugins/alsa/acp/compat.h: In function 'pa_path_get_filename':
spa/plugins/alsa/acp/compat.h:437:13: error: assignment discards
'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
437 | if ((fn = strrchr(p, PA_PATH_SEP_CHAR)))
| ^
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also remove PV. There is no need to set PV since the version is in the
recipe file name.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is no need to set PV since the version is in the recipe file name.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Beside the below changelog, it also allows compiling with the latest Setuptools.
Drop patches which became obsolete.
Changes:
- Ensure cec info is none if not supported
- Add some fast pre-commit checks
- Switch to ruff for checks and formatting
- add D24f-J09 to const.py
- Update const.py to include Lenovo Smart Display 10
- Avoid logging graceful disconnect as error
- Fix datetime deprecation
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix build with glibc 2.43+
Changes:
Fixed various cross-platform compile-time issues
Honor nanosecond parameters/fields in relevant system calls
Limited improvements to enhance compatibility with other LD_PRELOAD libraries
Added selected more intercepted system calls
Unset FAKETIME_SHARED automatically for child processes when enabling FAKETIME_FLSHM=1
Disable shared memory for child processes through FAKETIME_DISABLE_SHM=1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- remove two backport patches
PipeWire 1.6.2 (2026-03-16)
This is a bugfix release that is API and ABI compatible with the previous
1.6.x releases.
Highlights
- Fix a potential crash when the wrong memory was freed.
- Fix a optimization with shared memory over some links that could
cause errors later on.
- Fix SOFA filter and default control input in LADSPA and LV2.
- Some other small fixes and improvements.
PipeWire
- Remove an optimization to skip share mem in links, it causes problems
later on. (#5159)
Modules
- Don't try to free invalid memory or close invalid fds when the client
aborted before allocating buffer memory. (#5162)
SPA
- support ACP_IGNORE_DB in udev.
- Use 0x as a prefix for hex values.
- Mark Props as write-only in libcamera.
- Small optimization in the audio mixer.
- Fix initialization of control properties for SOFA and biquads in the
filter-graph. (#5152)
- Fix min/max default values for LADSPA and LV2.
JACK
- Fix jack_port_type_id(). Return values that are compatible with JACK1/2.
Older versions:
PipeWire 1.6.1 (2026-03-09)
This is a bugfix release that is API and ABI compatible with the previous
1.6.x releases.
Highlights
- Fix socket activation, which could cause a failure to start PipeWire in
some setups.
- Fix crashes in many JACK apps when nodes/ports are quickly added/removed
such as when there are notifications (like when changing the volume in
KDE).
- Fix playback of encoded formats in pw-cat again.
- Some other smaller fixes and improvements.
Modules
- Fix socket activation. (#5140)
- Remove node.link-group from driver nodes.
SPA
- Fix the libcamera stop sequence.
JACK
- Never return NULL from jack_port_by_id(). (#3512)
GStreamer
- Improve the timestamps on buffers.
Tools
- Fix playback of encoded formats. (#5155)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openembedded-core updated to coreutils v9.10 in which commit
8c2461933411 ("timeout: honor ignored signal dispositions") changed the
behavior of timeout. It will no longer propagate SIGINT to background
shell jobs which breaks test-cases for gpio-tools which verify that they
exit correctly after receiving SIGINT. This backports the patch sent
upstream that removed the offending test-cases as we already have a
similar set of tests for SIGTERM.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently, the build of wireshark fails with
ERROR: wireshark-1_4.6.3-r0 do_package_qa: QA Issue: /usr/lib/libwsutil.so.17.0.0 contained in package wireshark requires libxxhash.so.0()(64bit), but no providers found in RDEPENDS:wireshark? [file-rdeps]
ERROR: wireshark-1_4.6.3-r0 do_package_qa: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: /build/tmp/work/core2-64-poky-linux/wireshark/4.6.3/temp/log.do_package_qa.302606
ERROR: Task (/build/../work/layers-3rdparty/openembedded/meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb:do_package_qa) failed with exit code '1'
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch build system from setuptools3 to python_hatchling
Changelog:
https://github.com/redis/redis-py/releases
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The android-gadget-setup script currently hardcodes the USB vendor ID,
product ID, and configuration string. This makes it difficult for BSP
layers to customize USB gadget identity with platform specific values.
Introduce variables for the vendor ID, product ID, and configuration
string when populating the configfs attributes. This allows machine
or distro specific overrides via `/etc/android-gadget-setup.machine`,
while preserving the existing default values.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3949
Backport the patch that is referenced by the NVD report (in the description)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-1013
The vulnerability has been patched since 2.3.13[1], however
NVD tracks it without version info.
Due to this, mark it patched explicitly.
[1]: 249bfcc511
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2026-32597. Since NVD tracks this CVE
without version info, mark the CVE explicitly patched.
Changes:
2.12.1:
Add typing_extensions dependency for Python < 3.11
2.12.0:
chore(docs): fix docs build
Annotate PyJWKSet.keys for pyright
fix: close HTTPError to prevent ResourceWarning on Python 3.14
chore: remove superfluous constants
chore(tests): enable mypy
Bump actions/download-artifact from 7 to 8
fix: do not store reference to algorithms dict on PyJWK
Use PyJWK algorithm when encoding without explicit algorithm
Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. (CVE-2026-32597)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVE fix is correct, but the CVE ID contains a typo. The correct
ID is CVE-2026-3606.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Though NVD indicates that 0.28.8 is still vulnerable, that does
not seem to be the case: the fix that is referenced by the advisory
has been backported[1] to this verison. Due to this, mark this
CVE as patched.
[1]: 21d129c842
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69277
The vulnerability has been fixed[1] since version 1.0.20, but NVD
tracks it without version info. Mark it patched explicitly.
[1]: f2da4cd8cb
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- remove a backport patch
- rework the fix for host systems that dont provide iso-codes
- update mypaint-brushes dependency to 2.x
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains many bugfixes and CVE fixes:
https://github.com/FreeRDP/FreeRDP/releases/tag/3.24.0
Added build option to use internal rc4 and md4 ciphers: this is due
to a recent change in oe-core. OpenSSL's legacy ciphers (like RC4 and MD4)
are now disabled by default (with 'legacy' PACKAGECONFIG), however
FreeRDP3 relies on them.
To ensure that the required ciphers are available, build the
recipe with this ciphers' internal implementations instead of
expecting OpenSSL to support them.
Ptests passed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: updated to latest GPLv2 text version [1]
Changelog [2]
- Bug 5501: Squid may exit when ACLs decode an invalid URI
- ICP: Fix HttpRequest lifetime for ICP v3 queries
- ICP: Fix validation of packet sizes and URLs
- Do not escape malformed URI twice when sending ICP errors
- ... and some code, CI, and documentation cleanups
[1] 765c7f4e7f
[2] https://github.com/squid-cache/squid/releases/tag/SQUID_7_5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Squid tags are in form SQUID_<MAJ>_<MIN>.
This can also be seen in SRC_URI download link.
This change will make "devtool latest-version squid" correctly show 7.5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade OpenGL ES CTS to the last release, mostly bringing up fixes for
the existing tests.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade Vulkan CTS, fixing several small issues in the tests.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OE-Core has dropped gstreamer1.0-vaaapi, breaking spice-gtk. Drop the
dependency and, while we are at it, enable libva as a dependency, making
sure VA-API is enabled.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Redis 8.0 and later are tri-licensed, the licence options are:
* Redis Source Available License v2
* Server Side Public License v1.0
* GNU Affero GPL v3.0
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use this recipe to break a circular dependency between libfido2 and
systemd when systemd's fido PACKAGECONFIG is enabled. systemd depends
on libfido2, and libfido2 depends on udev provided by systemd. However,
systemd only depends on the headers provided by libfido2 and its pkgconf
data. systemd uses only the datatypes provided, and opportunistically
enables fido support if libfido2 is found.
This recipe provides only the headers and pkgconf data. This is
sufficient to allow systemd to build support for libfido2.
It only works with a related change I've submitted to openembedded core.
Signed-off-by: Dan McGregor <danmcgr@protonmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bash and python3 are only needed by the ptest package.
* xz appears to not be needed at all.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the current recipe I am getting
```
gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory
```
on my aarch64 machine
This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries
Instead of copying the binary just directly execute it
Additionally remove the unnecessary download of the prebuilt gn binary
Signed-off-by: Willi Ye <zye2@snap.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Labeled adb binary
- Moved adb shell from initrc_t to unconfined_t
- meta-selinux does not provide adb domain added policy in meta-oe
instead of refpolicy: SELinuxProject/refpolicy#1085
Signed-off-by: Gargi Misra <gmisra@qti.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Enable aptX/aptX-HD codec support in PipeWire's Bluetooth A2DP codec.
This allows A2DP streaming with aptX-capable headsets when libfreeaptx
is available.
Signed-off-by: Shuai Zhang <shuai.zhang@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a libfreeaptx recipe (LGPL-2.1+) to provide aptX/aptX-HD codec
support for Bluetooth A2DP audio codec.
Signed-off-by: Shuai Zhang <shuai.zhang@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0846
It has been fixed in version 3.9.3, however NVD tracks it
without CPE/version info.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
