Changelog:
==========
- Various fixes ported from the development branch.
- Closed bugs and merge requests:
* gi/arg-cache.cpp: Fix building on Visual Studio
* doc: Reflect support for constructor with GObject
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 757dedbc811bf3f09e259353a943effd1ae16733)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
===========
- Various fixes ported from the development branch.
- Closed bugs and merge requests:
* Compilation error: call to deleted function 'js_value_to_c'
* jsapi-util-strings: Ignore locale to compute the upper case of a
char (i.e. fix implicit properties on Turkish locale)
* Fix memory leak when passing a "transfer none" GBytes parameter to a
native function
* arg-cache: Do not leak an interface info structures on Callbacks
* test-ci: Ignore safe directory errors on CI
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 352fb4051f2584e4f28fc60348772dc99df29b7d)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The source repo has been moved to github.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 49c7edb304c010620a8c8f344f9cc4b7c3707480)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case ldap PACKAGECONFIG is enabled, packaging fails with the following error:
ERROR: krb5-1.17.2-r0 do_package: QA Issue: krb5: Files/directories were installed but not shipped in any package:
/usr/lib/libkdb_ldap.so.1.0
/usr/lib/libkdb_ldap.so.1
Fix it by adding the file to the krb5-kdc-ldap package (the same that
Debian also uses to ship this file).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
78ceba024b
Reference:
https://security-tracker.debian.org/tracker/CVE-2025-24528
Upstream-patch:
78ceba024b
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It fails to build fltk-native on Ubuntu 20.04 with glibc 2.31:
| /path_to/tmp/hosttools/ld: lib/libfltk.a(Fl_Native_File_Chooser.cxx.o): in function `fl_dlopen(char const*, char const*)':
| Fl_Native_File_Chooser.cxx:(.text+0x61a): undefined reference to `dlopen'
| /path_to/tmp/hosttools/ld: lib/libfltk.a(Fl_Native_File_Chooser.cxx.o): in function `Fl_GTK_File_Chooser::probe_for_GTK_libs()':
| Fl_Native_File_Chooser.cxx:(.text+0xf92): undefined reference to `dlerror'
The original fix in fltk-native recipe does not work any more because '-ldl'
appears before lib/libfltk.a and causes dlopen() unresolved. The reason why it
doesn't fail on other hosts is that the functions dlopen(), dlerror() etc. have
been moved to libc.so since glibc 2.34 via the commits in glibc:
0c1c3a771e dlfcn: Move dlopen into libc
add8d7ea01 dlfcn: Move dlvsym into libc
6dfc0207eb dlfcn: Move dlinfo into libc
492560a32e dlfcn: Move dladdr1 into libc
6a1ed32789 dlfcn: Move dlmopen into libc
77f876c0e3 dlfcn: Move dlsym into libc
602252b553 dlfcn: Move dladdr into libc
d8cce17d2a dlfcn: Move dlclose into libc
Append 'dl' to fltk link items explictly to fix the error.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e3606c223e8195dc57a41c64ca670958f1809d6f)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is a better place to fetch the srpm as it is fedora's location
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e36553fcd9b98889fc356a2517645c030f8315e9)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
0001-Move-the-function-cd_icc_create_from_edid-to-avoid-u.patch
refreshed for 1.4.7
Changelog:
===========
- Add various hardenings to the systemd service
- Always close the ICC profile when loading fails
- Avoid destructing LCMS plugin twice with lcms 2.14
- Do not make state files executable in tmpfiles.d/colord.conf
- Fix a double free spotted by Coverity
- Fix an error check when parsing the DTP94 data
- Fix a -Wincompatible-pointer-types warning
- Fix potential crash when reading from broken Huey hardware
- Set FILE_OFFSET_BITS explicitly
- Use a 64-bit time_t
- Use thread context for Gamut Alarm codes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f016f77796504de03a4148a13383fd9fd5754a73)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
==========
Bugfixes:
- Add missing copyright notices
- Add Spyder X entry
- Document where to send patches
- Don't use exact floating point comparisons
- Drop option for removed reverse engineering tools
- Drop references to hughski.com
- Fix a small memory leak in sqlite3_exec()
- Fix typo in device-removed signal documentation
- Make introspection optional in meson
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 706cfeb2504ebec37872e6ee051a5b07385412b7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
===========
* Fix quadratic complexity bug with repeated '![[]()'.
Resolves CVE-2023-22486. Add new pathological test.
* Allow declarations with no space, as per spec
* Set 'enumi*' counter correctly in LaTeX output
* Allow '<!DOCTYPE' to be case-insensitive.
existing spec.)
* Fixed HTML comment scanning. Need to handle this case: '<!--> and -->'.
Since the scanner finds the longest match, we had to
move some of the logic outside of the scanner.
* Fix quadratic parsing issue with repeated '<!--' (this was not
introduced by the previous fix, and not in a released version of cmark).
Resolves CVE-2023-22484. Add new pathological test.
* Update HTML comment scanner to accord with commonmark/commonmark-spec#713
* Pathological tests: half the number of repetitions, and the timeout.
This reduces the time needed for the pathological tests.
* Shrink 'struct cmark_node' (#446). The 'internal_offset' member is
only used for headings and can be moved to 'struct cmark_heading'.
This reduces the size of 'struct cmark_node' from 112 to 104 bytes on
64-bit systems.
* Add '-Wstrict-prototypes' and fix offending functions.
* Fix quadratic behavior involving 'get_containing_block' (#431).
Instead of searching for the containing block, update the tight list
status when entering a child of a list item or exiting a list.
* Fix 'pathological_tests.py'
- Use a multiprocessing.Queue to actually get results from spawned
tests processes.
- Fix the 'allowed_failures' test.
- Truncate actual output when printed.
- Prepare for testing pathological behavior of the Commonmark renderer.
* Fix source position bug with backticks
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 69aea3d8f7d84b4214948c0553fe1744f254bbf6)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
* This is a minor release, specifically addressing known issues with the 1.11.2 release, but also contains version bumps and doc fixes.
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1552304bf3cd1abc403dd8cd1b4ed5cd646c64b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Apparently the git repo in the SRC_URI stopped supporting git
protocol. Switch to https to be able to fetch the source successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
When performing devtool check-upgrade-status, UNKNOWN_BROKEN status appears.
On the upstream source repository, releases are not identified by tags. So,
UPSTREAM_CHECK_COMMITS is set to 1, to find the latest upstream update.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 16688b0f565badadace8732840f0ff01718cc87c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe currently indicates that the cukinia package is licensed
under both GPLv3 AND Apache 2.0 licenses, but the upstream specifies
using it under GPLv3 OR Apache 2.0 license, is user's choice.
Signed-off-by: Philip-Dylan Gleonec <philip-dylan.gleonec@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cb8908b91ead37c5d74b44f949c12c33354956a7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* it rdepends on TUNE_PKGARCH libgpiod-tools so it cannot be allarch
(or cukinia->libgpiod-tools needs to be added to SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS)
bitbake-diffsigs \
sstate-before/mako/all-webos-linux/cukinia/0.6.2.do_package_write_ipk.sigdata.630262028cb276fdac170d30a265aa72d4249f84a264e11ea676a5ab38f1cacc \
sstate-before/qemux86-64/all-webos-linux/cukinia/0.6.2.do_package_write_ipk.sigdata.5d193e43c71f1270d36075be6124bb70585bb682771cff644349c4a7ffd13605
Hash for task dependency libgpiod:do_packagedata changed from d3dffb55884b89470065c3eaf046563e2f306706400be396b022a470ceca1916 to 76e47aed399fdbd14db3c4b75ef2b83298322429f111175d4ca4f3f4c67eebf0
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1db563c31023bb64d94d34807547baf1d4f2923c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The cukinia statement `cukinia_gpio_libgpiod` requires the `gpioinfo`
command. Alternatively, the deprecated sysfs GPIO API can be used with
`cukinia_gpio_sysfs`.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit deaa4c111fd3cb12dd7d6cba0550316d71dd8b07)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The recipe installs a shell script which does not depend on the
architecture. Inheriting allarch will make sure that the recipe is
built only once accross different architectures.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 97c9e5c38d87785c80f824969eb530bcafcbf401)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changes:
cukinia: add /proc/cmdline parameter check
cukinia: add test suite and class to csv
cukinia: add kernel config check in boot partition
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit daf73e7279da15ad2c29d95f9a8f01658a81f5d5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
v2.13.10:
Fixes:
-Fixed issue with catch_discover_tests when there is multiple of 256 tests (#2401, #2503)
-Catch2-provided main and wmain are explicitly marked as __cdecl when compiled with MSVC (#2486, #2487)
-Improved break-into-debugger behaviour for ARM Macs. It should now be possible to step execution after the break (#2422)
-Replaced deprecated std::aligned_storage (#2419, #2420)
v2.13.9:
Fixes:
-Fixed issue with -# (filename-as-tag) flag when __FILE__ expands into filename without directories (#2328, #2393)
-Fixed CAPTURE macro not being variadic when disabled through CATCH_CONFIG_DISABLE (#2316, #2378)
v2.13.8:
Fixes:
-Made Approx::operator() const (#2288)
-Improved pkg-config files (#2284)
-Fixed warning suppression leaking out of Catch2 when compiled with clang.exe (#2280)
-The macro-generated names for things like TEST_CASE no longer create reserved identifiers (#2336)
Improvements:
-Clang-tidy should no longer warn about missing virtual dispatch in FilterGenerator's constructor (#2314)
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bdab916b1fd70ce9196aedac319df5dd8b6dd15)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Use sed to change scripts to reference ${baselib}. The
former set of scripts modified was incomplete.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1cc72c41af0c6a55a10be9158a2f856b02a56282)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Twisted is an event-based framework for internet applications. Prior to version
23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web
will process the requests asynchronously without guaranteeing the response order.
If one of the endpoints is controlled by an attacker, the attacker can delay the
response on purpose to manipulate the response of the second request when a
victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a
patch for this issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-46137https://security-tracker.debian.org/tracker/CVE-2023-46137
Upstream patch:
1e6e9d23ca
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability.
If application code allows an attacker to control the redirect URL this vulnerability
may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.
This vulnerability is fixed in 24.7.0rc1.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41810
Upstream patch:
046a164f89
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
In case the iso_639_xml and iso_3166_xml files are not present on the build machine,
then meson fails the compilation - however these files are used only during runtime.
To avoid this, add a patch not to check the existence of these files during building,
but also specify where these files will be located using build arguments.
This patch is a backport from master branch 73c46b265d1cb35c43956d1723c338a137f6ef56
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Poppler is a PDF rendering library. Versions prior to 25.06.0
use `std::atomic_int` for reference counting. Because
`std::atomic_int` is only 32 bits, it is possible to overflow
the reference count and trigger a use-after-free. Version 25.06.0
patches the issue.
CVE-2025-52886-0001 and CVE-2025-52886-0002 are dependent commits
while rest are actual CVE fixes.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-52886https://security-tracker.debian.org/tracker/CVE-2025-52886
Upstream patches:
d35e11a8f8af3e1e1a353449a16d3bac36affcc8
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4
allows attackers to crash the application via crafted tcprewrite command.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>