Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 398fa05aa8bf7ce17dc40ed99edfc6a88feeb541)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184
Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982
The vulnerability is about a privilege escalation, in case
the host distribution sets CAP_SYS_NICE capability on the
gnome-shell binary.
OE distros don't do that, and due to this this recipe is not
affected by this issue. The CVE is ignored.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4d6e24106c78eed3b9d9a36115df8d2f057f5178)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047
The vulnerability exists in ICNS importer, which was first introduced in
version 3.0 [1], and the code is not present in the recipe version.
Due to this, ignore this CVE.
[1]: 00232e1787
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2760
Use the fixes from Debian.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424
The vulnerbaility was introduced in version 3.0.0, with commit[1].
The recipe version isn't vulnerable - ignore this CVE.
[1]: a0fc5a025a
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Drop patch that is included in this release.
Changelog: https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.8
Backported #12319 bugfixes from 3.x
Fix incompatible pointer type issues
X11: fix pointer/integer type mismatch
Warn backport
[core] eliminate rdpRdp::instance
X11 client: ignore grab related LeaveNotify events
[winpr,pubsub] add NULL parameter checks
fix: correct server port assignment logic
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
In commit [0], we've switched away from SVN fetcher in SRC_URI.
The archives downloaded are named SourceHanSans*.zip
They are named this way regardless of the version 1.004 or 2.004.
So when the new archives checksums are tested, the fetcher will
look for the old archives with the same name in the DL_DIR.
>From [1], there are checksum failures due to given checksums not
matching the ones in DL_DIR. Thus, downloaded archives are renamed
following their package name and version.
[0]: https://git.openembedded.org/meta-openembedded/commit/?id=36a1e36e1272ca50e5dba0c4cf25ee3ff8b8f1c9
[1]: https://autobuilder.yoctoproject.org/typhoon/#/builders/156/builds/367/steps/16/logs/errors
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 08e414d496206d0959c2663fad7214596fad3cef)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The resulting pybind11_jsonTargets.cmake in the dev-package adds an
absolute path to python include directories in the target properties:
set_target_properties(pybind11_json PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "/usr/include/python3.13;${_IMPORT_PREFIX}/include"
)
The patch removes ${PYTHON_INCLUDE_DIRS} which is set by pybind11 from
set_target_properties to remove the poisonous host path.
Signed-off-by: Tafil Avdyli <tafil@tafhub.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0332dae9bb2ff79e4a4faa45c42d96e0dccee4db)
Signed-off-by: Tafil Avdyli <tafil@tafhub.de>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The recent workaround for https://github.com/swiftlang/swift/issues/69311
breaks python3-m2crypto-native, with error about missing e_os2.h file in
recipe-sysroot-native.
Apply do_configure:prepend to class-target only to fix.
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c1693752d79b27a02a109dd76fe346cbcf860b14)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Add a new OS option to polkit meson: "openembedded" and use this to
set PAM include to common-* which matches OE-Core libpam.
This also may fix a non-reproducibility since polkit meson system tried
to detect the host (compiling) OS and changed PAM config from the
detected value.
Fixes: https://github.com/openembedded/meta-openembedded/issues/860
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9bdff5feb60994d4ed3a0123b9977c6c6643a242)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The project Makefile uses a script (sysinfo.sh) to non-atomically generate
two .c files (sysinfo.c, sysinfoc.c) which are then included in the build.
Since the script always overwrites both .c files, the Makefile should only
invoke it once, not twice in parallel. Otherwise the .c files may be
corrupted and cause random build failures in parallel builds.
Requires at least GNU make 4.3, for Grouped Targets support [1].
[1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Reviewed-by: Silvio Fricke <silvio.fricke@gin.de>
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit add2d94ab7d4170cece4e20af829a7221c572d5f)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Part of nodejs LTS release, contains many security- and bugfixes.
Ptests passed successfully.
Full changelog:
https://github.com/nodejs/node/blob/v20.x/doc/changelogs/CHANGELOG_V20.md
Dropped patches that are included in this release.
Added 0001-Revert-stop-using-deprecated-ares_query.patch:
Nodejs has changed a deprecated c-ares call to a newer version,
however this newer method is not available in the c-ares shipped
in meta-oe, and it failed to compile (the new call was added to c-ares
in v1.28.0, but Scarthgap comes with v1.27.0). This patch reverts this
failing commit completely. Based on the PR/issue discussions, the
only goal was to eliminate deprecation warnings. There seem to be
no logic change from this change.
License-Update:
- The license file was regenerated, to ensure it is up to date.
It contains all licenses from all vendored dependecies. This
resulted in adding nlohmann-json license to the file, which
is MIT. There were already other MIT dependencies, so this
didn't change the overall license declaration.
- base64 related license was removed, because base64 code was
simplified, so it doesn't depend on this library anymore.
(It was BSD-2-Clause, but there ar other dependencies using
this license, so the overall license didn't change)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Drop patch that is included in this version.
Changes:
- Fix double g_error_free call in remote_close_callback
- Fix build with taglib 2.0
- Set project gnu++11 c++ language version explicitely
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog:
===========
- Fix a trivial build error when -Werror=implicit-function-declaration is
- specified.
- Fix an issue with cancellation of closing a page
- Try harder to ensure a buffer disposes associated resources when
the page is closed.
- Translation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 05627552612ead8bec55ebac7633ff6a017aaa6e)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4181632bc18930e6b92f14f058e154681e57e0a0)
Changes:
- Regenerate thumbnails on save
- Use "fast" content type as fallback if normal content type
is unavailable
- docs: Replace dead links to developer-old.gnome.org (Andre Klapper)
- Updated translations
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changes (note that there were no intermediate releases):
40.10:
This release includes a fix for the broken GNOME Extensions link and
several translation updates.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changes:
ver 46.2:
This version contains a fix for the devices page staying empty on load
in some circumstances, as well as translation updates.
ver 46.1:
This version contains translation updates and a bug fix for some device
icons not appearing correctly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
In case "profiler" PACKAGECONFIG is enabled, the build fails with
the following error:
| ninja: error: '/usr/share/dbus-1/interfaces/org.gnome.Sysprof3.Profiler.xml', needed by 'src/meta-dbus-sysprof3-profiler.c', missing and no known rule to make it
meson.build script is looking explicitly for a required file using the
sysroot of the build system instead of ${RECIPE_SYSROOT}. To avoid this,
patch meson.build to prefix this path with ${RECIPE_SYSROOT}.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ead8f7b3273965f383ec4999bb38e87ba37daf61)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Contains many bugfixes: https://gitlab.gnome.org/GNOME/mutter/-/blob/46.9/NEWS
46.9
====
* Support presentation-time version 2
* Honor wl_surface.offset on cursor surfaces
* Fix crash
46.8
====
* Use BT709 coefficients and limited range for YUV conversion by defaults
* Also request high priority secondary EGL context
* Fix applying initial _NET_WM_WINDOW_OPACITY on Xwayland
* Misc. bug fixes and cleanups
46.7
====
* Default to high thread instead of realtime priority for KMS thread
* Fix updating cursor immediately when starting window drag
* Prefer GPUs with built-in panels connected as primary GPU
* Fix cursor glitches when using virtual monitors
* Ensure frame events are sent for cursor surfaces
* Allow BGRX8888 format on big endian
* Fix touchscreen drag-and-drop on wayland
* Fixed crashes
* Misc. bug fixes and cleanups
46.6
====
* Fix grabbing tablet devices
* Fix explicit sync with virtual monitors w/o pipewire streams
* Improve detecting preferred primary devices
* Fixed crashes
* Misc. bug fixes and cleanups
46.5:
* Fix drag and drop between X11 and wayland clients
* Fix drag and drop from grabbing popups
* Fix EGLDevice support
* Fix frozen cursor on some hybrid machines
* Fix touch window dragging with pointer lock enabled
* Fix propagating tablet device removals to clients
* Fix tablet input in maximized windows
* Reduce damage on window movement
* Fix frozen cursor after suspend
* Fix using modifiers on multi-GPU setups
* Fixed crashes
* Misc. bug fixes and cleanups
46.4:
* Fix nested popovers on wayland
* Misc. bug fixes and cleanups
46.3.1:
* Fix visibility of Xwayland windows
* Misc. bug fixes
46.3:
* Fix performance issues with second virtual monitor
* Fix missing unmap animation of some windows
* Fix placement/resizing regression
* Fix possible out of sync primary selections and clipboard
* Fix ibus support in popups
* Fix hardware accelerated rendering when headless
* Add back support for legacy X11 cursor themes
* Fix preedit offsets
* Use character offsets to specify surrounding text
* Don't force titlebar on screen on all interactive resizes
* Fixed crashes
* Misc. bug fixes and cleanups
46.2:
* Fix hardware cursor with non-atomic KMS drivers
* Fix night light state getting stuck on monitor changes
* Fix sending preferred buffer transform
* Fix key press events with immediate release being ignored
* Fix unsetting clipboard on screen lock
* Fix wrong input region of undecorated X11 windows
* Fix windows potentially shrinking unexpectedly on configure
* Fix popup menus sometimes closing immediately
* Fixed crashes
* Misc. bug fixes and cleanups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
0001-fix-reproducibility.patch
refreshed for 3.7.3
Changelog:
============
* Fix possible crashes handling live changes to extractor
configuration
* Make it easier to run tracker-extract-3 under Valgrind
* Plug a leak on misdetected JPEG files
* Many further metadata extraction tests
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9cc20a0203ebbf052aa70856436a6b265cd3fbeb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
