0001-Fixed-swig-host-contamination-issue.patch
refreshed for 4.1.4
Changelog:
===========
- Update syscalls and io_uring tables for the 7.0 kernel
- Code cleanups
- Avoid blocking auditd while handling disk space alerts
- Tighten auditctl permission checks and rule deletion handling
- Fix ausearch and auparse parsing for several newer record types
- Prevent queue resize races in audisp and oversize records in af_unix
- Fix memory safety issues in auparse and the audisp filter plugin
- Improve reliability of audisp-remote, auplugin, and the ids plugin
- Fix stats collection and parsing in the audisp-statsd plugin
- Refresh ausearch and aureport man pages
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patch that was merged upstream.
License update: a copyright line was removed. The license is still MIT.
Changes:
Version 6.1.2
=============
Code Fixes
----------
* Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
but not the core library - library clients need not be alarned.
Version 6.1.1
=============
This release bumps the major version, but only one entry point -
EGifSpew() - has changed signature and behavior (in order to be able
to pass out a detailed error code). The internal error
codes in the E_GIF_ERR series have changed value so none of them
collides with GIF_ERROR.
This code has been systematically audited and hardened wuth
ChatGPT-5.2. The only library fixes reported by users or found by
robot were for some memory leaks that could only triggered by severely
malformed GIFs. Other bugs are edge-case failures in the CLI tools.
The gif2rbg CLI tool has been moved to the "obsolete" bin, because its
only deployment case in 2026 is as a piñata at fuzzer parties.
Warning: the CLI tools in the obsolete category will soon be removed
from the distribution entirely. The maintainer is tired of fielding
junk bugs filed against them by would-be coup-counters who found yet
another edge case, and the rest of the world doesn't need noisy CVEs
that aren't actually DoS or security issues for giflib clients.
Code Fixes
----------
* Fix for CVE-2021-40633.
* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap
* Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms
* Fix SF bug #172 Incorrect object files in shared libutil on darwin
* Fix SF bug #173 installation of manual pages and html documentation
* Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject
* Fix SF bug #177 wrong pointer used in giftool getbool
* Fix SF bug #179 Path Traversal vulnerability
* Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug
* Fix SF bug #182 out‐of‐bounds writes in Icon2Gif
* Fix SF bug #184 uninitialized buffer in DumpScreen2RGB
* Fix SF bug #185 integer overflow in gifbg.c
* Fix SF bug #186 integer overflow in Icon2Gif
* Fix SF bug #187: CVE-2025-31344
* Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow
* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap
* Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c
* Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c
* Fix SF bug #142 ABI break public symbol GifQuantizeBuffer
Other bugs that duplicate these have breen addressesed by these fixes
* SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller
might want to write a GIF, modify the in-memory data, then write
again.
Tests
-----
Test suite now emits TAP (Test Anything Protocol).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- Intermediate release to be able to use a proper version tag
in the Yocto recipe.
Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- Switched to a new versioning scheme: 1.0.13 -> 2.00
- Reworked CAN interface handling by migrating to the CANvenient abstraction layer
- Improved/updated auto-completion using isocline
- Various bug fixes
Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- Add versioning
- New version to be able to use a proper version tag
in the Yocto recipe
Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The incompatible pointer warning/error has been fixed upstream[1],
no need for custom CFLAGS for this anymore.
[1]: 43bcfbcdf5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Compilation with musl has been fixed by upstream[1], no need for custom
CFLAGS for this anymore.
[1]: d38b5d92ee
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
CVE-2026-23919: Has been fixed since version 7.0.19[1], mark it as patched
CVE-2026-23920: Has been fixed since version 7.0.22[2], mark it as patched
CVE-2026-23921: Has been fixed since version 7.0.22[3], mark it as patched
CVE-2026-23923: The vulnerable code isn't present in 7.0 yet, it is specific
to 7.4 versions. Compare the fix[4] in 7.4, which is changes code that doesn't
exist in the recipe version. Ignore this CVE due to this.
[1]: https://support.zabbix.com/browse/ZBX-27638
[2]: https://support.zabbix.com/browse/ZBX-27639
[3]: https://support.zabbix.com/browse/ZBX-27640
[4]: 043c28c208
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
- reverted the custom-on-fail discard value behavior so that it now correctly
discards the value instead of resetting the error state and recalculating dependent items
- added possibility to switch SSO user on internal login failures
- improved trigger-related postprocessing after configuration cache sync
- fixed graph rendering for items using throttling
- updated man page and help message for zabbix_js
- improved Device status mapping and added trigger for Meraki template
- updated maximum supported TimescaleDB version to 2.25
- fixed script macros expanding via Zabbix proxy during autoregistration
- fixed dependent item error message clearing in preprocessing
- fixed incorrect filter being applied when switching subfilters in multiple tabs
in Data collection->Hosts->Items, Monitoring->Hosts->Graphs
- fixed regexp runtime error when processing log* items with unspecified encoding
by sanitizing invalid UTF-8
- fixed inability to delete host, user, or template groups when accordingly hosts,
users, or templates belonging to them were previously deleted in parallel requests
- improved Teams Workflow webhook to use ALERT.SENDTO macro
- fixed redirect link when deleting host or template from item or item prototype list
- fixed snmp cache housekeeping not to interrupt scheduling
- fixed system.run not terminating commands correctly on Zabbix agent 2
- fixed showing some selected value by default for Map navigation tree
widget if listener does not exist
- fixed multiple event generation not to generate changelog entries on new events
- fixed compilation of Zabbix agent on HP-UX 11.23 (ia64)
- fixed "daylight saving time" error for scheduled reports
- fixed inability to return "not supported" via user parameters
- fixed discovery uniqueness criteria bug
- updated documentation links for Create template group and Create host group
- fixed checkboxes "SSL verify peer" and "SSL verify host" not being selected
when corresponding label is clicked in media type form
- fixed message box display bug in Monitoring problems page
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fix following error when multilib is used.
configure: WARNING: using cross tools not prefixed with host triplet
checking pkg-config is at least version 0.9.0... yes
configure: error: cannot find pkg-config package for libpcre
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Radiusd fails to start because the openssl legacy provider is no longer
built by default[1]:
$ radiusd -C -X
FreeRADIUS Version 3.2.8
[snip]
(TLS) Failed loading legacy provider
Add PACKAGECONFIG[legacy-openssl] to enable openssl legacy provider
support. When disabled, pass --enable-fips-workaround to configure
instead.
Backport two patches to fix the --enable-fips-workaround option.
[1] https://git.openembedded.org/openembedded-core/commit/?id=a150c3580f7f4962152444272c0fe07cfdb72df5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Beside other fixes, it contains a remediation for CVE-2026-25075
Changelog: https://github.com/strongswan/strongswan/releases/tag/6.0.5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
o Fix exploitable buffer overflows in the following ipmi-oem commands:
- ipmi-oem dell get-last-post-code
- ipmi-oem supermicro extra-firmware-info
- ipmi-oem wistron read-proprietary-string
o Support --proxy in ipmiconsole.
o Fix mem-leak within libfreeipmi locate api.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It isn't maintained anymore and requires workarounds when gnulib is
updated.
It was only used by libvirt and with the upstream [1] and meta-virt
changes to not require it anymore, this can be dropped.
[1] 35d5b26aa4
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* Use git instead of tarball in SRC_URI.
* Update configuration options.
* Clean up and refresh local patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The CVE is now tracked with a version by NVD, it is not needed
to ignore it explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The CVE is now tracked by NVD with a version that is earlier than
the recipe, the vulnerability doesn't show up in the CVE report
anymore.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
* Support Python 3.14
* Fix bug in Levenshtein distance when substitution_cost > 2
* Fix bug in Treebank detokeniser re quote ordering
* Fix bug in Jaro similarity for empty strings
* Several security enhancements
* Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
* Implement TextTiling vocabulary introduction method (Hearst 1997)
* Fix ALINE feature matrix errors and add comprehensive tests
* Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
* Let downloader fallback to md5 when sha256 is unavailable
* Several other minor bugfixes and code cleanups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This CVE is disputed, and it is now tracked with an old version
of the application, it doesn't show up in the CVE report anymore.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes:
- zlib is now a mandatory dependency
- freetype support added
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patch which is included in this release, and add a patch that
adapts a lua api call to the lua version that is used in OE.
License-Change: the unicode license text has been updated, there should
be no material change. However while examining these changes, I noticed
that some parts of the code are covered by licenses not mentined in the
recipe. It should reflect all licenses now.
Tis version contains fixes fox CVE-2025-59028, CVE-2025-59031, CVE-2026-24031,
CVE-2026-27859, CVE-2026-27860, CVE-2026-27857, CVE-2026-27856 and CVE-2026-27855
Changelog: https://github.com/dovecot/core/blob/main/NEWS
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
1.Changelog
https://github.com/arvidn/libtorrent/releases/tag/v2.0.12
2. Add 0001-Fix-Python3-site-packages-path-to-fix-package-QA-Iss.patch to fix package QA Issue:
libtorrent-rasterbar-2.0.12-r0 do_package: QA Issue: libtorrent-rasterbar: Files/directories were installed but not shipped in any package:
/lib/python3.14/site-packages/libtorrent.so
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Version 1.84.2
--------------
- Closed bugs and merge requests:
* GtkNotebook.pages GListModel is inaccessible from GJS [#686, !992, Philip
Chimento]
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Backport patch to make libtimezonemap port to libsoup3
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Refer [1], this can fix do_configure failure:
| checking for libsoup-3.0... no
| configure: error: Package requirements (libsoup-3.0) were not met:
|
| Package 'libsoup-3.0' not found
[1] 6ddabf52d5
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `SYSROOT_PREPROCESS_FUNCS:class-target +=` wouldn't
result in any unwanted override, there is no guarantee there won't be a
change, which would be hidden by this override. To avoid any surprises
in the future let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RPROVIDES:${PN}:class-native +=` wouldn't
result in any unwanted override, there is no guarantee there won't be a
change, which would be hidden by this override. To avoid any surprises
in the future let's use `:append:class-native =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Those LIC_FILES_CHKSUM:class-native(sdk) were actually overriding the
rest of LIC_FILES_CHKSUM.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Either I am missing something or it isn't needed in the build time and
should maybe be a RRECOMMENDS:${PN}?
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Cc: Stefan Wiehler <me@sephalon.net>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
It actually overrides value of FILES:${PN} instead of appending.
In this case SDKPATHNATIVE is the prefix so everything was still
working, but let's convert it to a proper conditional append.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
`EXTRA_OECONF:sh4 += "--disable-spinlocks"` was supposed to simply
disable unsupported spinlocks, but was also overriding other
configuration defined in EXTRA_OECONF above.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case override caused by `EXTRA_OEMESON:class-native +=` is
desirable, the `+=` can be confusing. Let's avoid that and use explicit
assignment.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RDEPENDS:class-target +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RRECOMMENDS:class-target +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `EXTRA_OEMESON:libc-musl +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:libc-musl =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `RRECOMMENDS:class-target +=` wouldn't result in any
unwanted override, there is no guarantee there won't be a change, which
would be hidden by this override. To avoid any surprises in the future
let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
