Bug fixes:
=========
* Reset disposition of 'SIGCHLD', restoring normal subprocess management
if bwrap was run from a process that was ignoring that signal,
such as Erlang or volumeicon
* Don't ignore '--userns 0', '--userns2 0' or '--pidns 0' if used
Note that using a fd number >= 3 for these purposes is still
preferred, to avoid confusion with the stdin, stdout, stderr
that will be inherited by the command inside the container.
* Fix grammar in an error message
* Fix a broken link in the documentation
Internal changes:
==================
* Enable user namespaces in Github Actions configuration, fixing a CI
regression with newer Ubuntu
* Clarify comments
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fix following system unsafe warning
/usr/lib/systemd/system/openct.service:10: Unit uses KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Update comment to use correct recipe name
(librust-cxx instead of cxx).
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
sd is a fast, intuitive, and user-friendly alternative to sed, written in Rust.
Add recipe for the latest release (1.1.0).
- Uses a simple and readable search-and-replace syntax, reducing the complexity
of sed commands.
- Fully supports regular expressions, Unicode, and preserves line endings.
- Faster, safer, and easier to use than traditional sed for common text
manipulation tasks.
More information: https://github.com/chmln/sd
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It fails to run `bitbake -p` for qemuppc64 with errors:
ERROR: /path_to/meta-oe/recipes-security/spdm-emu/spdm-emu_git.bb:
unsupported architecture 'powerpc64le'
ERROR: /path_to/meta-oe/recipes-support/libspdm/libspdm_3.8.2.bb:
unsupported architecture 'powerpc64le'
Add qemuppc64 default TARGET_ARCH to the arch map.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
bpftrace-ptest requires bpftool which is not compatible with powerpc64.
So remove sub-package bpftrace-ptest for powerpc64 & powerpc64le.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Bug- and security-fix release. Shortlog:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-17...7.1.2-18
Also remove the obsolete CVE_STATUS assignments - all of these have been corrected
at NVD, and they are tracked with a version/CPE that mirror the real vulnerability
state of the recipe.
While at it, also corrected the reason for the remaining CVE_STATUS assignments.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* refresh patches
* remove workaround for cppunit-dev needed only in 1.15.0
Release Notes [1]:
This is a bugfix and maintenance release that also introduces a few new
features.
Security Fixes:
* CVE-2026-32776 (NULL function pointer dereference)
* CVE-2026-32777 (infinite loop)
* CVE-2026-32778 (NULL dereference on OOM retry)
[1] https://github.com/pocoproject/poco/releases/tag/poco-1.15.1-release
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Inherit python3targetconfig so that cross python3-config is used instead
of native.
This fixes the below error when building on a 64 bit host for a 32 bit
target:
| In file included from /workspaces/yocto/build/tmp/work/core2-32-poky-linux/libgpiod/1.6.5/recipe-sysroot-native/usr/include/python3.14/Python.h:72,
| from ../../../sources/libgpiod-1.6.5/bindings/python/gpiodmodule.c:8:
| /workspaces/yocto/build/tmp/work/core2-32-poky-linux/libgpiod/1.6.5/recipe-sysroot-native/usr/include/python3.14/pyport.h:429:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| 429 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| | ^~~~~
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com>
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Just remapping TMPDIR to TARGET_DBGSRC_DIR results in the files that
end up in the -src package containing lines such as
#line 196 "/usr/src/debug/fluentbit/4.0.1//work/cortexa76-oe-linux/fluentbit/4.0.1/sources/fluentbit-4.0.1/lib/cmetrics/src/cmt_decode_prometheus.l"
#line 1561 "/usr/src/debug/fluentbit/4.0.1//work/cortexa76-oe-linux/fluentbit/4.0.1/build/lib/cmetrics/cmt_decode_prometheus_parser.c"
By instead remapping both B and S, we strip more of the irrelevant
part of WORKDIR, and one ends up with line directives in the -src
package that actually match the source files' location in that
package:
#line 196 "/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/src/cmt_decode_prometheus.l"
#line 1561 "/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/cmt_decode_prometheus_parser.c"
$ find packages-split/fluentbit-src/ -name cmt_decode_prometheus*.[cl] | sort
packages-split/fluentbit-src/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/cmt_decode_prometheus_lexer.c
packages-split/fluentbit-src/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/cmt_decode_prometheus_parser.c
packages-split/fluentbit-src/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/src/cmt_decode_prometheus.c
packages-split/fluentbit-src/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/src/cmt_decode_prometheus.l
packages-split/fluentbit-src/usr/src/debug/fluentbit/4.0.1/lib/cmetrics/src/cmt_decode_prometheus_remote_write.c
and that also matches the remapping that the compiler is instructed to
do via the -ffile-prefix-map mechanism.
Signed-off-by: Rasmus Villemoes <ravi@prevas.dk>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
oe-core just moved from pkgconfig to pkgconf, which has broken the
ptest buikd due to how fragile the compilation was.
This will be revisited to build the tests properly, but for now simply
disable the ptests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
oe-core just moved from pkgconfig to pkgconf, which has broken the
ptest buikd due to how fragile the compilation was.
This will be revisited to build the tests properly, but for now simply
disable the ptests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add ptest infrastructure to run the PostgreSQL standard regression test
suite (pg_regress) on the target system.
Test logs:
root@qemux86-64:~# ptest-runner postgresql
START: ptest-runner
2026-03-24T02:42
BEGIN: /usr/lib64/postgresql/ptest
.....
**if all pass **
PASS: - event_trigger_login 1901 ms
PASS: - fast_default 9459 ms
PASS: - tablespace 16542 ms
PASS: all tests passed
**if have fail**
FAIL: create_type 1763 ms
PASS: create_schema 2123 ms
PASS: - tablespace 23226 ms
FAIL: some tests failed
waiting for server to shut down.... done
server stopped
DURATION: 853
END: /usr/lib64/postgresql/ptest
2026-03-24T02:56
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
opusfile comes from meta-multimedia and meta-oe does
not depend on it, for keeping layer compatible, it
must be kept disabled
Fixes YP Compatible checks
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Cc: Markus Volk <f_l_k@t-online.de>
Added tag to SRC_URI.
Release information [1]:
1.9.7: Bugfixes, build system cleanups
What's Changed
* Fixes PreventInSourceBuilds.cmake to work with add_subdirectory by @morbo84 in #1383
* json_value.cpp bug in the edges of uint/int by @YaalLek in #1519
* Release 1.9.6 and move versions to 1.9.7 by @baylesj in #1566
* Fixed work secure_allocator on old compiers by @TsynkPavel in #1478
* Fix flag -DJSONCPP_USE_SECURE_MEMORY:BOOL=TRUE by @tfc in #1567
* fix(build): remove check_required_components for meson build by @chenrui333 in #1570
* the cgi module was removed from Python3.13 by @a-detiste in #1578
* Fix name of static library when targeting MinGW. by @mmuetzel in #1579
* Fix comparison warnings caused by 54fc4e2 by @JensMertelmeyer in #1575
* Drop pre-C++11 alternatives by @BillyDonahue in #1593
* feat: support std::string_view in Value API by @evalon32 in #1584
* Added Value::findType with String key by @SwintonStreet in #1574
* Set up for Bazel module builds. by @bcsgh in #1597
* Add a BUILD.bazel file for //example. by @bcsgh in #1602
* Fix "include what you use" issue by @victorvianna in #1625
* Make the build configuration under Bazel more correct. by @bcsgh in #1600
* Add Bazel tests by @bcsgh in #1601
* Return false in Reader::readValue when stack limit is exceeded by @xuhdev in #1619
* Remove deprecated/removed clang-tidy key AnalyzeTemporaryDtors (#1614) by @bmagistro in #1615
* [docs] Consuming JSONCpp via Conan package manager by @uilianries in #1622
* Cleanup README.md, fix broken link. by @baylesj in #1633
* Add gcovr.cfg to fix CI coverage merge errors by @baylesj in #1635
* Remove build directory exclusion from gcovr config by @baylesj in #1640
* Add test for allowDroppedNullPlaceholders by @baylesj in #1648
* Prevent test colision when running in parallel via RESOURCE_LOCK by @marty1885 in #1637
* fixup project version updater by @baylesj in #1649
* Update README with project status and focus by @baylesj in #1639
* Adding a cmake option to exclude the jsoncpp files from install. by @nv-jdeligiannis in #1596
* Change stack depth limit to 256 by @baylesj in #1657
* Fix uninitialized CMake variable in version.in by @baylesj in #1658
* Fix CMake deprecation warning for compatibility with CMake < 3.10 by @baylesj in #1659
* Scope JSON_DLL_BUILD to shared lib target only by @baylesj in #1660
* Fix number parsing failing under non-C locales by @baylesj in #1662
* Reject unescaped control characters in JSON strings by @baylesj in #1663
* Fix MSAN issue in #1626 by @baylesj in #1654
* Fix string_view ABI mismatch between library and consumers by @baylesj in #1661
* Revert "Fix number parsing failing under non-C locales" by @baylesj in #1664
* Fix use-after-free in Reader::parse(std::istream&) by @baylesj in #1665
* Update bazel config for 9.x by @keith in #1655
[1] https://github.com/open-source-parsers/jsoncpp/releases/tag/1.9.7
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Added tag to SRC_URI.
Release notes [1]:
Add lvmlockd compare and write, index man pages, and a lot of fixes.
* Add atomic leases using Compare and Write (CAW) to lvmlockd.
* Add lvm-index(7), lvm-categories(7) and lvm-args(7) man pages.
* Use temporary activations for integrity, writecache, thin and VDO pool conv
preventing interference.
* Fix `vgreduce --removemissing --force` infinite loop for raid/mirror snapshot.
* Improve RAID LV health report to distinguish 'refresh needed' from 'repair needed'.
* Support `--interval +N` to delay first poll in pvmove and lvpoll.
* Show active cache mode in kernel table line with `lvs -o kernel_cache_mode`.
* Reject lvreduce of CoW snapshot COW store when it would truncate exception data.
* Skip filesystem resize handling for CoW snapshot COW store LVs in lvresize.
* Fix vgsplit to not fail on no active LV on a PV being split to an existing VG.
* Preserve file desciptors with CLOEXEC opened in library constructors.
* Add lvmpolld 'cmd' log keyword to enable verbose lvpoll output.
* Add `activate_lv_temporary()` to consolidate `LV_TEMPORARY` and sync handling.
* Add missing sync in `add_mirror_log()` and `activate_and_wipe_lv_list()`.
* Fix cachevol cmeta/cdata device offsets.
* Fix pofile generation to include SOURCES2 binaries and update xgettext options.
[1] https://github.com/lvmteam/lvm2/releases/tag/v2_03_39
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
newer gnulib-tool wrappers try to run a sibling Python
launcher file, .gnulib-tool.py, when Python 3 is available.
In current gnulib, that file is a real part of the tree,
and gnulib-tool will exec "$prog.py" in that mode
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* https://github.com/jthornber/thin-provisioning-tools#project-hosting says:
The upstream repository has been moved to device-mapper-utils[1], an
organization established to collect utilities for various device mapper
targets. While the original repository remains mirrored, we recommend
cloning from the new location[2] for better long-term maintenance.
[1]: https://github.com/device-mapper-utils/
[2]: https://github.com/device-mapper-utils/thin-provisioning-tools
* 0001-Define-more-ioctl-codes-on-riscv32gc-unknown-linux-g.patch got merged
upstream in rust-lang/libc.
* dependency rio got dropped in 1.3.0
* The new patch disable-cargo-metadata enables the feature of devicemapper,
because the build fails otherwise.
* On 32 bit architectures, the new patch dms-no-layout-check disables checks
from bindgen they always fail.
From thin-provisioning-tools-1.3.1/CHANGES:
v1.3.1
======
- Improve thin_ls performance using the optimized approach from thin_check
v1.3.0
======
- Improve thin_check performance with an optimized I/O strategy and more
memory-efficient data structures.
- Rewrite AsyncIoEngine using tokio IoUring, removing the rio dependency
- Enhance thin_check with edge-case fixes, including space map boundary checks
- Update thin_explore to use ratatui, replacing the archived tui crate
v1.2.2
=======
- Fix command line parsing for era_invalidate --metadata-snapshot
v1.2.1
=======
- Fix incorrect number of data blocks in thin_shrink's output superblock
v1.2.0
=======
- Remove atty and safemem dependencies due to security concerns
- Remove unused threaded btree walk code
- Change BTreeWalker constructor to take IoEngine by reference for simplicity
(breaking change)
- Update fixedbitset and few other dependencies with required code changes
Cc: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
libsdl3-mixer has initially released
- binaries in wavpack-bin are only needed at runtime but cmake checks
for them during compilation and fails because they are (presumably
intentionally) not present in the target sysroot. Workround this issue
by touching the necessary files to please cmake.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Cryptographic library that exclusively contains
Quantum resistant cryptographic algorithms. It is lean has minimal dependencies,
supports stack-only operation and provides optimized implementations for
ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more
Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Adds ptest support for xdg-dbus-proxy.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Since adding these statuses NVD corrected their DB, and now both CVEs are
tracked with the correct version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also disable running clang-tidy on the code. On one hand the cmake script is trying to run
the target version of it, and on the other hand it is not needed for compiling it,
it is intended for upstream developers.
Changelog: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade sysdig to solve build failure after upgrading valijson to 1.1.0.
1.Changelog
https://github.com/draios/sysdig/releases/tag/0.39.0
2.Update 0001-cmake-Pass-PROBE_NAME-via-CFLAGS.patch for 0.39.0
3.Remove following patches as merged upstream
0001-Add-cstdint-for-uintXX_t-types.patch
0001-libsinsp-fix-build-with-gcc-15.patch
4.Add 0001-Avoid-duplicate-operations-of-add_library.patch to fix do_configure errors
-- Existing strlcat found, will *not* use local definition
CMake Error at falcosecurity-libs/userspace/libscap/CMakeLists.txt:64 (add_library):
add_library cannot create target "scap_error" because another target with
the same name already exists. The existing target is a static library
5.Add CMAKE option -DBUILD_SYSDIG_MODERN_BPF=OFF to fix bpf header file not found issue
sysdig/0.39.0/recipe-sysroot/usr/include/bits/syscall.h:23:10: fatal error: 'bits/syscall-32.h' file not found
| 23 | #include <bits/syscall-32.h>
6.Add do_configure:prepend() function and CFLAGS/CXXFLAGS to fix header file not found issue
sysdig/0.39.0/sources/sysdig-0.39.0/falcosecurity-libs/userspace/libscap/engine/kmod/scap_kmod.c:30:10: fatal error: driver_config.h: No such file or directory
| 30 | #include <driver_config.h>
7.Add do_compile:append() function to fix do_package QA Issue
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Current builds were extracting the relevance from LDFLAGS, which is
not the right thing to do. cflags carry the right elements to ensure
reproducibility with OE, so ensure its respected by makefile
Fixes
WARNING: agent-proxy-1.97-r0 do_package_qa: QA Issue: File /usr/bin/.debug/agent-proxy in package agent-proxy-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The patches are required to build with detached build directory and
cross-compiling.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
