16534 Commits

Author SHA1 Message Date
Wang Mingyu
c115689120
ostree: upgrade 2025.7 -> 2026.1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:33 -07:00
Wang Mingyu
d244f85aa0
nano: upgrade 8.7.1 -> 9.0
Changelog:
============
- When the cursor almost goes offscreen to the right, all lines are
  now scrolled sideways together, by just the amount needed to keep
  the cursor in view.  Use --solosidescroll or 'set solosidescroll'
  to get back the old, jerky, single-line horizontal scrolling.
- The viewport can be scrolled sideways (in steps of one tabsize)
  with M-< and M->.  See 'man nanorc' if M-< and M-> should switch
  between buffers (as they did earlier).
- M-Left, M-Right, M-Up, and M-Down have become rebindable.
- Stopping the recording of a macro immediately after starting it
  cancels the recording and leaves an existing macro in place.
- Feature toggles no longer break a chain of ^K cuts or M-6 copies,
  except the M-K cut-from-cursor toggle.
- With --mouse and --indicator, one can click in the scrollbar area
  to roughly navigate within the buffer.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:32 -07:00
Wang Mingyu
38402132a9
mpich: upgrade 5.0.0 -> 5.0.1
Changelog:
==========
- Fix bad cast in release-gather collectives that caused data loss
  issues on Big-Endian 64b arches (s390x)
- Fix issue with canceling MPI_ANY_SOURCE receive requests
- Fix configuration issue when C++ compiler does not support complex types
- Fix function signature issue in Hydra PBS support
- Fix crash in MPI_Allreduce with MPI_LOGICAL type
- Fix potential crash in multi-nic libfabric initialization
- Fix memory leaks in Level Zero and PMIx support
- Fix bug in CMA code when GPU support is enabled
- Fix potential shared memory collision between multiple singleton
  processes on the same node
- Add large count and other necessary aliases to ROMIO to avoid
  accidental profiling of internal MPI function usage
- Add missing error checks in rndv and colletive composition code
- Improve autogen.sh error message when autotools are too old

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:32 -07:00
Wang Mingyu
e5546d6d09
libsodium: upgrade 1.0.21 -> 1.0.22
0001-Fix-compilation-with-GCC-on-aarch64.patch
removed since it's included in 1.0.22

Changelog:
============
- Post-quantum key encapsulation is now available. ML-KEM768, the
  NIST-standardized lattice-based KEM, is accessible through the
  'crypto_kem_mlkem768_*()' functions.
- X-Wing, a hybrid KEM combining ML-KEM768 with X25519 for protection
  against both classical and quantum adversaries, is available through the
  'crypto_kem_*()' functions. X-Wing is the recommended KEM for most
  applications.
- SHA-3 hash functions are now available as 'crypto_hash_sha3256_*()'
  and 'crypto_hash_sha3512_*()', with both one-shot and streaming APIs.
- Performance: NEON optimizations for Argon2 on ARM platforms.
- Performance: SHA3 (Keccak1600) now leverages ARM SHA3 instructions when
  available on ARM platforms.
- Performance: WebAssembly SIMD implementations of Argon2 have been added.
- Emscripten: LTO is now disabled. With Emscripten 4, LTO produced
  WebAssembly modules with functions that ran significantly slower than
  without it.
- Emscripten: a new option allows compilation with SIMD support.
- Emscripten: native ESM module generation is now supported.
- JavaScript sumo builds now allow up to 80 MiB memory usage, so that
  'crypto_pwhash' with the interactive settings can be used in pure
  JavaScript, not just WebAssembly.
- XOF state alignment has been relaxed.
- 'crypto_core_keccak1600_state' has been added.
- Export missing 'crypto_ipcrypt_nd_keygen()' helper function.
- 'crypto_auth_hmacsha256_init' and 'crypto_auth_hmacsha512_init' now
  accept NULL key pointers (with a zero key length), for consistency with
  other '_init' functions.
- apple-xcframework: headers are now in a Clibsodium subdirectory
  to prevent module.modulemap collisions with other xcframeworks.
- Fixed compilation with GCC on aarch64 and gcc 4.x.
- On aarch64, aes256-gcm is now enabled even when not using clang,
  including MSVC.
- Added compatibility with Visual Studio 2026 when toolsets do not
  define PlatformToolsetVersion.
- Libsodium can be directly used as a dependency in a Zig project.
- Performance of MSVC builds has been improved.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:32 -07:00
Wang Mingyu
946243ec05
imagemagick: upgrade 7.1.2-18 -> 7.1.2-19
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:31 -07:00
Wang Mingyu
68f73e67d8
graphviz: upgrade 14.1.4 -> 14.1.5
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:31 -07:00
Wang Mingyu
cb7da084bc
glaze: upgrade 7.3.0 -> 7.3.3
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:30 -07:00
Wang Mingyu
f2df8812c4
geoclue: upgrade 2.8.0 -> 2.8.1
Fixes:
- Accept NMEA GGA sentences with 11 or more parts (needed 14 or more
  previously)
- Use async D-bus 'Set' methods to set client properties in libgeoclue to
  improve robustness
- Do not change Client Location property on updates which are below threshold
  to avoid leaking location to D-bus
- Ignore wired WPA interfaces when finding an interface for WiFi scanning

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:30 -07:00
Wang Mingyu
c3461d98fb
b4: upgrade 0.15.1 -> 0.15.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:30 -07:00
Ross Burton
4e07ea136a
webkitgtk3: fix escaping in CVE_PRODUCT
The CPE parsing in oe-core's cve_check.py now handles escapes correctly[1]
so we don't need to escape in CVE_PRODUCT.

[1] oe-core 3c73dafd03b ("cve_check: Improve escaping of special characters in CPE 2.3")

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:29 -07:00
Ross Burton
8093eeb036
xerces-c: fix escaping in CVE_PRODUCT
The CPE parsing in oe-core's cve_check.py now handles escapes correctly[1]
so we don't need to escape in CVE_PRODUCT.

[1] oe-core 3c73dafd03b ("cve_check: Improve escaping of special characters in CPE 2.3")

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 08:59:29 -07:00
Zheng Ruoqin
44a29c54f9
openct: Drop this recipe
1.Drop openct as it is unmaintained upstream.

2.Remove openct in meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 02:16:52 -07:00
Changqing Li
3c3e80d39d
pavucontrol: remove x11 from REQUIRED_DISTRO_FEATURES
We add x11 into REQUIRED_DISTRO_FEATURES because one of the dependency
gtkmm4 require x11, now, gtkmm4 don't require x11, so remove x11 from
REQUIRED_DISTRO_FEATURES

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 02:16:51 -07:00
Changqing Li
081a8b15b8
gtkmm4: remove x11 from REQUIRED_DISTRO_FEATURES
We add x11 into REQUIRED_DISTRO_FEATURES because one of the dependency
atkmm requires x11, refer [1], remove atkmm from dependency, and remove
x11 from REQUIRED_DISTRO_FEATURES

[1] 0fc81d346f

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 02:16:51 -07:00
Gyorgy Sarvari
bc788c6649
xdg-dbus-proxy: upgrade 0.1.6 -> 0.1.7
Contains fix for CVE-2026-34080. Since it is tracked without version info
by NVD, mark it explicitily as patched.

Drop the patch that is included in this release.

While here, also add the recipe to the ptest list - it's a fast one,
runs under a second.

Changelog:
- Drop the autotools build system
- Unbreak the CI
- Prevent a crash on disconnect
- Fix building with glibc >= 2.43
- Fix the eavesdrop filtering to prevent message interception

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-14 02:16:51 -07:00
Gyorgy Sarvari
b483760dba
nodejs: mark CVE-2026-21710 patched
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710

The CVE is fixed in the current recipe version[1], but NVD tracks it
without verison info.

Mark it as patched in the recipe.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-13 15:28:25 -07:00
Gyorgy Sarvari
4c8dec585a
minio: ignore irrelevant CVEs
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33419
https://nvd.nist.gov/vuln/detail/CVE-2026-34204

These CVEs were filed against minio server, but this recipe is for minio
client tools, which is a related, but different project.

Ignore these CVEs.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-13 15:28:24 -07:00
Gyorgy Sarvari
7355320e12
libraw: mark fixed CVEs patched
These CVEs have been fixed already in the current version, however
NVD tracks them with incorrect version information.

Commits that fix them:
CVE-2026-20884: aa4458eb51
CVE-2026-24450: c911c9b9ed

These commits were identified from the changelog of this version[1], which mentions the
Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]).

[1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1
[2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450
[3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-13 15:28:24 -07:00
Gyorgy Sarvari
15b3c0f141
flatpak: upgrade 1.17.3 -> 1.17.6
Contains fixes for CVE-2026-34078 and CVE-2026-34079

Add explicit CVE_STATUS tags for these CVEs, because they are tracked
without version info by NVD at this time.

Changelog:
17.6:
Bug fixes:
- Fix the remaining regression for Chromium based browsers by not leaking file
  descriptors down to wrapped command
- Fix a regression when installing extra-data without a runtime, which is the
  case for openh264
- Fix the remaining regression for Epiphany by ignoring unusable sandbox-expose
  paths for sub-sandboxes in the portal
- Fix the installed tests by allowing to add a new ref to an existing temporary
  ostree repo
- Avoid closing fds 0/1/2 when they are used as a bad argument to flatpak-run,
  and reduce duplication in handling file descriptor arguments

Enhancements:
- Disable auto-pin in flatpak-repair to preserve the pin state across
  re-installs
- Small improvements for the tests

17.5:
Bug fixes:
- Fix regressions caused by the sandbox escape security fix, which impact some
  browsers, browser-based apps and Steam (#6577, #6569, #6576, #6574)

Enhancements:
- Expand test coverage of flatpak-run features used by flatpak-portal (#6573)

17.4:
Security fixes:
- Fix a complete sandbox escape which leads to host file access and code
  execution in the host context (CVE-2026-34078)
- Prevent arbitrary file deletion on the host filesystem (CVE-2026-34079)
- Prevent arbitrary read-access to files in the system-helper context
  (GHSA-2fxp-43j9-pwvc)
- Prevent orphaning cross-user pull operations (GHSA-89xm-3m96-w3jg)

Enhancements:
- Enable ntsync unconditionally
- Automatic branch following for extensions to ensure that "no-autodownload"
  extensions stay functional after an update that requires a new branch
- Translation updates: eo, kk, sr, zh_CN

Bug fixes:
- Prevent CPR sequence from showing up in the terminal
- Fix a crash for apps/runtimes with multiarch permission
- Fixes for Coverity warnings
- Add test-preinstall.sh to the test matrix source
- Fix a test message to refer to "systemd-localed" instead of "located"

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-13 15:28:24 -07:00
Khem Raj
f58d124eb5
tbb: Fix build with LLD linker
fixes
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'ITT_DoOneTimeInitialization' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'TBB_runtime_interface_version' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'get_memcpy_largest_cachelinesize' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'get_memcpy_largest_cache_size' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'get_mem_ops_method' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'init_mem_ops_method' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'irc__get_msg' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'irc__print' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'override_mem_ops_method' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'set_memcpy_largest_cachelinesize' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'set_memcpy_largest_cache_size' failed: symbol not defined
| aarch64-yoe-linux-clang: error: linker command failed with exit code 1 (use -v to see invocation)
| [45/49] Linking CXX shared library clang_22.1_cxx11_64_release/libtbb.so.12.17

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-13 08:14:44 -07:00
Khem Raj
b65b0206b5
keyutils: Fix build with lld linker
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-13 07:59:59 -07:00
Jörg Sommer
174ab7dff1
atop: Fix binmerge
In case $sbindir = $bindir we have to pass this setting to make install.

Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-12 16:42:05 -07:00
Jörg Sommer
22e23418d2
atop: Add packages atop-acctd and atop-gpud
For some users these programmes might be useful.

Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-12 16:42:04 -07:00
Khem Raj
a2d9a9be5f
ltrace: Upgrade to 0.8.1 and clang build errors
Drop the upstream applied patches
Add patches to fix build with clang-22
Bump PE to account for version going from 7.x to 0.8

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-12 16:42:04 -07:00
Khem Raj
90609e9751
libwebsockets: Add missing dep on libcap when ssl is enabled
Disable tests, they do not build in cross-build environment

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-11 10:52:40 -07:00
Khem Raj
476b8eb5eb
log4c: convert K&R function declarations to ANSI C prototypes
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-11 08:44:33 -07:00
Khem Raj
f76f6ebdd1
dlt-daemon: Fix build with clang-22
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-11 08:44:33 -07:00
Wang Mingyu
dd14e74e49
minizip: upgrade 1.3.1 -> 1.3.2
License-Update: "Version 1.1, February 14h, 2010" removed

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-04-11 08:44:33 -07:00
Khem Raj
7eed950126
libtar: Fix build with clang-22 -std=gnu23
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-11 08:44:32 -07:00
Khem Raj
0bdda372d4
cyrus-sasl: Fix build with std=gnu23
clang has dropped K&R style with std=c23

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 17:25:50 -07:00
Martin Jansa
a8e0bd4d84
audit: fix build with autoconf-2.73
On hosts with gcc-13 it was trying to use -std=gnu23 and failing
with unrecognized command-line option (gnu23 needs gcc-14 and newer)

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 17:25:50 -07:00
Changqing Li
92637ef9eb
dlt-daemon: disable DLT_USE_IPv6
There is a bug when DLT_USE_IPv6 enabled, refer [1].  This make
dlt-adaptor-udp.service startup failed with error "Bind: Invalid
argument".  Disable DLT_USE_IPv6 to workaround the issue

[1] https://github.com/COVESA/dlt-daemon/issues/849

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 17:25:49 -07:00
Changqing Li
563b91e5ca
dlt-daemon: fix wrong CONFIGURATION_FILES_DIR
The not aligned value of CONFIGURATION_FILES_DIR makes the configuration
file install path is different with the default configuration file path
from where the application to read, then make the service dlt/dlt-system
not works well.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 17:25:49 -07:00
Jason Schonberg
abf8a5cfec
php: upgrade 8.5.4 -> 8.5.5
This is a bug fix release.

Changelog: https://www.php.net/ChangeLog-8.php#8.5.5

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 17:25:49 -07:00
Gargi Misra
dd96b8a81e
Revert "refpolicy-targeted: Added sepolicy for adb service"
This reverts commit 00616ccdaf0ce9e54ac7c75fabdb2d8f079c7578.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 08:03:23 -07:00
Gargi Misra
b9399b33ef
Revert "refpolicy-targeted: Add sepolicy for adb service"
This reverts commit 801addc52851b88b335d2349f6f7787b8200c95c.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 08:03:23 -07:00
Peter Marko
ecd5f090e8
libvarlink: add new recipe
Varlink C library and command line tool.

Remove unuseful vim integration.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 08:03:23 -07:00
Peter Marko
e820a14e07
ttyd: add new recipe
ttyd is a simple command-line tool for sharing terminal over the web.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 08:03:23 -07:00
Peter Marko
7c62c49ef4
crow: add new recipe
Crow is a C++ framework for creating HTTP or Websocket web services.

Disable tests as they are using CPM (Cmake Dependency Manager), which
would be downloading the test dependencies in configuration step.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 08:03:22 -07:00
Khem Raj
69b6ae56b7
ostree: Fix build with C23/glibc-2.43
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:59 -07:00
Yi Zhao
6b88305138
netplan upgrade 1.1.2 -> 1.2.1
ChangeLog:
https://github.com/canonical/netplan/releases/tag/1.2
https://github.com/canonical/netplan/releases/tag/1.2.1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:59 -07:00
Bartosz Golaszewski
f2c5f3fadc
libgpiod: update to v2.2.4
Bug-fix release addressing several issues discovered during an
AI-augmented security audit. The most severe bug was found in the C
extension code of the python bindings - which also get an update - but
there were some memory leaks and integer overflow bugs in the core C
library as well as in tools and DBus daemon.

Full changelog:

Bug fixes:
- fix buffer over-read bugs when translating uAPI structs to library types
- fix variable and argument types where necessary
- sanitize values returned by the kernel to avoid potential buffer overflows
- fix memory leaks in gpio-tools
- add missing return value checks in gpio-tools
- fix period parsing in gpio-tools
- use correct loop counter in error path in gpio-manager

Improvements:
- make tests work with newer coreutils by removing cases checking tools'
  behavior on SIGINT which stopped working due to changes in behavior of the
  timeout tool

Also: drop the patch that's now upstream from the recipe.

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:58 -07:00
Wang Mingyu
ffb7d752ff
upower: upgrade 1.91.1 -> 1.91.2
Changelog:
===========
- Feature: Skip the systemd inhibitor when performing CriticalPowerAction
- Feature: Introduce "Auto" CriticalPowerAction using systemd-logind Sleep()
- Fix: Test CanPowerOff() availability before calling PowerOff()
- Fix: Add charge limit support for systems providing only charge_control_end_threshold

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:58 -07:00
Wang Mingyu
8b19fe181e
spectre-meltdown-checker: upgrade 0.46 -> 26.26.0404682
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:58 -07:00
Wang Mingyu
5420abfbc4
rtorrent: upgrade 0.16.8 -> 0.16.9
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:58 -07:00
Wang Mingyu
13f7a66c6d
mstpd: upgrade 0.1.1 -> 0.2.0
Changelog:
============
- README.md: update IRC channel location
- ctl_socket_server: require root for changing configuration
- mstp: validate admin port path costs
- mstp: do not allow changing Bridge Hello Time
- mstp: do not overflow calculated root path costs
- mstp: increase maxHops limit to 100
- README.md: add packaging status
- README.md: update FID/MSTI limits
- README.md: clarify IVL/SVL and MSTI support in linux
- packet: set socket priority to TC_PRIO_CONTROL
- TCSM: fix infinite recursion for MSTI per-tree ports

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:54 -07:00
Wang Mingyu
e1f754198e
libtorrent: upgrade 0.16.8 -> 0.16.9
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:54 -07:00
Wang Mingyu
227dc3f381
libsdl3: upgrade 3.4.2 -> 3.4.4
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:54 -07:00
Wang Mingyu
dfe6b82cc1
libsdl3-image: upgrade 3.4.0 -> 3.4.2
Changelog:
===========
- Non-animated images can now be loaded as single frame animations
- Fixed animated WebP frame composition
- Fixed potential buffer overflow in tRNS handling
- Fixed out of bounds read in XCF image loader (CVE-2026-35444)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:54 -07:00
Wang Mingyu
9a4ee804f5
libsdl2-image: upgrade 2.8.8 -> 2.8.10
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-10 07:59:53 -07:00