### Changed
--------------
- Using long node names in combination with the fdp layout algorithm no longer
results in truncated generated names.
- Vertical centering of text within HTML-like table cells has been improved.
- The existing ability to provide a numeric parameter to '-v'
to specify verbosity level are newly documented in 'dot --help'.
### Fixed
------------
- 'gvmap' no longer dereferences a null pointer when reading position-less
graphs.
- 'gvmap' no longer crashes when adding coordinate data.
- 'mm2gv' no longer accepts input matrices with non-'real' element type.
Previously these would be accepted but processed incorrectly leading to
out-of-bounds memory reads and writes.
- The 'Tcldot_Init', 'Tcldot_builtin_Init', and 'Tcldot_SafeInit' symbols in
'tcldot.dll' are externally visible on Windows. #2809
- The 'Tclpathplan_Init' and 'Tclpathplan_SafeInit' symbols in 'tclpathplan.dll'
are externally visible on Windows. #2809
- The Autotools build system more consistently uses '$PYTHON3' instead of
'python3' when invoking Python. This ensures developers are more easily able
to control the Python installation in use from the top level.
- The Autotools build system explicitly links against libglu libraries when
linking against libglut.
- Corrected time formatting in verbose info/debug messages (enabled by -v).
Previously, minutes was missing, showing HH:SS instead of HH:MM:SS.
- Further parts of the network simplex algorithm have been rewritten in a
non-recursive style. This allows processing larger graphs that previously
caused stack overflows. #2782
- Canonicalizing an empty string or a string entirely made up of characters
needing escaping no longer triggers an out-of-bounds memory write. This was a
regression in Graphviz 13.0.1. #2743
- An off-by-one error in the network simplex algorithm has been corrected. This
could have led to suboptimal layout in some edge cases. This was a regression
in Graphviz 13.0.0.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
x11 is moved in comit [1], but when DISTRO_FEATURES contains
opengl, but not contains x11, bitbake gtkmm4 reports:
ERROR: Nothing PROVIDES 'atkmm' (but /build/layers/meta-openembedded/meta-oe/recipes-gnome/gtk+/gtkmm4_4.20.0.bb DEPENDS on or otherwise requires it)
atkmm was skipped: one of 'wayland x11' needs to be in DISTRO_FEATURES
[1] https://git.openembedded.org/meta-openembedded/commit/?id=2cd317e9551492a64fddf2fb535333eb7e3f7fef
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Backport three upstream patches that refactor thermald to support
non-Intel architectures, including ARM platforms. These commits were
merged upstream after the 2.5.11 release and are required to enable
correct thermal management on non-x86 SoCs.
Also update COMPATIBLE_HOST to allow building thermald on both Intel
and ARM hosts.
Upstream patches:
- Backport from commit 4cf42fc89ccdbcecdcd30b32a7ca8040be55c253
- Backport from commit 857fbdf3e9079cec04bfa5fe7a93a432485b5cab
- Backport from commit 1931a12e7e44b6b85a02a5d8158829eff4b9cc92
Signed-off-by: Priyansh Jain <priyansh.jain@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 2.12.1
Bug solution: tests during append of existing raw log are less strict now.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog:
https://github.com/rikyoz/bit7z/releases/tag/v4.0.11
2. Drop following patches as they were merged upstream.
0001-Fix-reinterpret-cast-compiler-errors.patch
0001-Fix-int8_t-storage-in-BitPropVariant-on-Arm-architec.patch
0001-Allow-running-tests-on-target-when-cross-compiling.patch
0001-Allow-specifying-path-to-7z-library-in-tests.patch
0001-Fix-tests-with-musl.patch
3. Adjust Ptest SRCREV to adopt to latest bit7z
SRCREV_filesystem refer to bit7z-4.0.11/cmake/Dependencies.cmake
SRCREV_catch2 refer to bit7z-4.0.11/tests/CMakeLists.txt
SRCHASH_CPM and TAG_CPM refer to bit7z-4.0.11/cmake/Dependencies.cmake
4.cmake/Dependencies.cmake has redefined to check and download CPM_${CPM_DOWNLOAD_VERSION}.cmake file to
CPM_SOURCE_CACHE, so it will show error in do_configure as ./build/cpm_cache/cpm/CPM_0.42.0.cmake is empty
| -- Downloading CPM.cmake to ...bit7z/4.0.11/build/cpm_cache/cpm/CPM_0.42.0.cmake
| CMake Error at cmake/Dependencies.cmake:15 (file):
| file DOWNLOAD cannot compute hash on failed download
|
| from url: "https://github.com/cpm-cmake/CPM.cmake/releases/download/v0.42.0/CPM.cmake"
| status: [6;"Could not resolve hostname"]
So change ${B}/cmake to ${B}/cpm_cache/cpm/ to fix this issue.
./build/cpm_cache/cpm/CPM_0.42.0.cmake
5. Add 0001-cmake-disable-filesystem-gitclone.patch to fix filesystem git clone error
Fix error log as following:
| fatal: unable to access 'https://github.com/rikyoz/filesystem.git/': Could not resolve host: github.com
| Had to git clone more than once: 3 times.
| CMake Error at bit7z/4.0.11/build/_deps/ghc_filesystem-subbuild/ghc_filesystem-populate-prefix/tmp/ghc_filesystem-populate-gitclone.cmake:50 (message):
| Failed to clone repository: 'https://github.com/rikyoz/filesystem.git'
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Do not pass qrtr=false explicitly since recipe enables or disables it
based on the PACKAGECONFIG value. Also, use += with EXTRA_OEMESON.
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
SPDM emulator implementation based on libspdm.
It provides requester and responder tools used for
testing SPDM protocol communication.
Upstream: https://github.com/DMTF/spdm-emu
Signed-off-by: Jino Abraham <jinoabraham26@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tag is not on any branch.
Add tag to SRC_URI.
Changelog:
https://github.com/zchunk/zchunk/compare/1.5.2...1.5.3
Changes:
- update to 1.5.3
- rename internal close() functions to close_zck_component to avoid POSIX conflict on AIX
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add 'tag' to SRC_URI
Changelog:
https://github.com/stephane/libmodbus/releases/tag/v3.1.12
Changes:
- Fix FD_SET overflow when socket fd >= FD_SETSIZE.
- Check dest pointer not null and nb in read functions.
- NULL check for src and nb < 1 validation in write functions.
- modbus_reply: don't compute address for FC 0x07/0x11.
- Use O_NONBLOCK instead of deprecated O_NDELAY
- Explicit cast for Coverity CID 416366.
- Document required buffer size of modbus_receive.
- Document macros for error codes corresponding to Modbus exceptions
- Fix example of modbus_rtu_set_serial_mode
- Test filesystem provides symlink in autogen.sh
- Sync API signatures with the documentation.
- Many documentation fixes and typo corrections.
- Add coverage target and helper script.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.11.0
Highlights
- kafka-source(): The new kafka() source can directly fetch log messages from the Apache Kafka message bus using the librdkafka client.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/eclipse-paho/paho.mqtt.cpp/releases/tag/v1.6.0
Changes:
- Bumped Paho C submodule to v1.3.16 and updated directory name to externals/paho.mqtt.c
- Some significant performance increases (lower latency) for connect and publish
- Fixed topic_matcher and topic_filter to properly match parent with multi-level ('#') wildcard.
- Slight optimization of topic_filter to do simple string comparison if the filter does not contain wildcards.
- Set a minimum version for Paho C in the CMake file. Report the version found.
- .deb version properly set, and add architecture name to .deb file
- remove const from connect_options_builder 'move' constructor
- fix potential deadlock in thread_queue on capacity increase.
- Incorrect default retain value in a will options constructor
- prevent undefined behaviour on empty topic matching
- Sync reconnect example crashes on first reconnect
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
https://github.com/eclipse-paho/paho.mqtt.c/releases/tag/v1.3.16
Changes:
- Bumped minimum CMake to v3.12
- Consolidated "Event" thread signaling object.
- Reduce latency on connect #1430
- Fixed warning in Window build for TCP_NODELAY
- Added a .clang-format file and bash script to run it
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removed patch included in this release
Changelog: https://github.com/akheron/jansson/releases/tag/v2.15.0
Features:
- Add support for realloc by adding json_set_alloc_funcs2, json_get_alloc_funcs2
Fixes:
- Optimize serializatio
- Fix docstrings in hashtable.h
Build:
- Use target-based cmake settings
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tag is not on any branch.
Changelog:
https://github.com/fluent/fluent-bit/releases?q=4.2.3.1
Changes:
- release: update to 4.2.3
- copyright: update year to 2026
- filter_kubernetes: fix parser annotation leak
- github: scripts: commit_linter: Handle bin prefix for fluent-bit.c
- bin: Handle CONT signal properly under leaks command
- filter_wasm: Handle group metadata
- cmake: kafka: fix OAuth Bearer detection on Windows
- maintenance: update branch and security EOL info
- github: scripts: commit_prefix_check: add config format rules on linter
- readme: update active branch 4.2
- out_opentelemetry: on HTTP/2, read and process gRPC status code
- config_format: cf_yaml: Align the behavior of dirname against POSIX [Backport to 4.2]
- filter_log_to_metrics: fix initialization and exception cleanup
- out_stackdriver: clean up oauth2 cache lifecycle
- filter_kubernetes: Adjust cleanup ordering to avoid use-after-free [4.2 backport]
- in_winevtlog: Add text format for event rendering [Backport to 4.2]
- in_tail: Add skipped_lines counter [Backport to 4.2]
- in_splunk: Implement handling remote addr feature [Backport to 4.2]
- aws: switch AWS Endpoints for European Souvereign Cloud [4.2 backport]
- plugin_proxy: enable event_type specification for proxy plugins (4.2 Backport)
- in_splunk: Plug memory issues [Backport to 4.2]
- dockerfiles: install minimum components and avoiding to use includeRecommended
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925
The vulnerability has been fixed since 7.0.18[1], however NVD
tracks this CVE without version information.
[1]: 89dec866ec
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs were ignored because they were tracked by NVD using
incorrect version information. Since then this information seems
to be reflected correctly, it is not needed to ignore them explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
- Upstream has removed incorrect gplv3 text from the license (because agplv3
is the correct), which changed the checksum
- The recipe had incorrect license indication. Redis 8 is not BSD licensed,
but depending on the user's choice, it's agplv3 or sspl (or custom redis
license, which is not added to the list)
Changelogs:
8.0.6:
- Security fix: A user can manipulate data read by a connection by
injecting \r\n sequences into a Redis error reply
8.0.5:
Bugfixes:
- HGETEX - potential crash when FIELDS is used and numfields is missing
- Potential crash on HyperLogLog with 2GB+ entries
- Cuckoo filter - Division by zero in Cuckoo filter insertion
- Cuckoo filter - Counter overflow
- Bloom filter - Arbitrary memory read/write with invalid filter
- Bloom filter - Out-of-bounds access with empty chain
- Bloom filter - Restore invalid filter [We thank AWS security for
responsibly disclosing the security bug]
- Top-k - Out-of-bounds access
8.0.4:
Security fixes
- (CVE-2025-49844) A Lua script may lead to remote code execution
- (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
- (CVE-2025-46818) A Lua script can be executed in the context of another user
- (CVE-2025-46819) LUA out-of-bound read
New Features
- VSIM: new EPSILON argument to specify maximum distance
Bug fixes
- Potential use-after-free after pubsub and Lua defrag
- Potential crash on Lua script defrag
- HINCRBYFLOAT removes field expiration on replica
- Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE
- Endless client blocking for blocking commands
- Vector sets - RDB format is not compatible with big endian machines
- EVAL crash when error table is empty
- Gracefully handle short read errors for hashes with TTL during full sync
8.0.3:
Security fixes
- (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
- (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
New Features
- VSIM: Add new WITHATTRIBS to return the JSON attribute associated with an element
Bug fixes
- A short read may lead to an exit() on a replica
- db->expires is not defragmented
8.0.2:
Security fixes
- (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE
Bug fixes
- Cron-based timers run twice as fast when active defrag is enabled
Other general improvements
- LOLWUT for Redis 8
8.0.1:
Performance and resource utilization improvements
- Vector sets - faster VSIM FILTER parsing
Bug fixes
- Query Engine - revert default policy search-on-timeout to RETURN
- Query Engine - @__key on FT.AGGREGATE used as reserved field name preventing access to Redis keyspace
- Query Engine - crash when calling FT.CURSOR DEL while retrieving from the CURSOR
Notes
- Fixed wrong text in the license files
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fixes for CVE-2026-27596, CVE-2026-25884 and CVE-2026-27631.
Ptests passed successfully.
Changelog:
Fix leak
CI: update mac runner for 0.28.x branch
Add some new cameras and lenses
Make DataValue::value_ public
fix reading mp4 url box nested in non video/audio track
fix: do not add target exiv2lib if the target already exists
Add size checks to avoid large memory allocations
Fix size calculation in XmpTextValue::size()
Avoid calling std::find or std::string with an invalid range
Backport all changes in .github/workflows from main to 0.28.x
Fix out-of-bounds read in CrwMap::decode0x0805
Fix UBSAN false positive
Upload crash files when fuzzing fails
Remove nightly release
Fix regression in Canon lens detection
fix wrong timescale used to calculate fps
Remove nightly release vestiges
conan: update dependencies
Add Tamron 18-400mm on Nikon D90
Add Ricoh GR IV HDF and Monochrome IDs
Refresh translations
Add build provenance attestation
Add fuzz target for previews
Align some docs to main
Update README.md
add enforce to prevent integer overflow
Add enforce to check for integer overflow
Release Exiv2 version 0.28.8
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fixes CVE-2026-3102
Changelog:
13.52:
- Added a number of new XMP tags written by Adobe software
- Added UTF-16 support for a few different metadata types in which only UCS-2
was previously implemented
- Added a few more Canon FlashModel values and decode FlashModel for the
5DmkII
- Added a new Canon LensType
- Added some missing file attribute bits to two of the new LNK tags
- Decode internal serial number for the 5DmkII
- Decode another OwnerName for the 5DmkII
- Decode some timed GPS for a couple of new DJI drones
- Enable WindowsLongPath by default only if Win32::API is available
- Renamed the Pentax K3III AFInfo tag to AFInfoK3III
13.51:
- Added a new Nikon LensID
- Decode more tags from Windows LNK files
- Decode another LIGOGPSINFO variant
- Decode some new Canon tags
- Decode some new Nikon tags
- Split decoding on Nikon BurstGroupID into separate tags
- Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4
videos introduced in 13.45
- Fixed bug generating the default-language version of
QuickTime:LocationInformation
13.50:
- Added a few new Sony lenses
- Added a couple of new Canon lenses
- Decode another Samsung trailer tag
- Decode BlackLevels from some Canon CRW files
- Updated Sony maker note decoding for the ILCE-7M5
- Patched potential MacOS security issue
- Fixed -list options so reading image files beforehand doesn't add tags to
the output when running multiple commands using the -execute feature
13.49:
- Decode a couple of new Samsung trailer tags
- Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the
changes can be worked through in detail
- Fixed problem where Google Photos had problems displaying ExifTool-edited
HEIC MotionPhoto images. Files written by older versions of ExifTool may be
repaired by re-writing with 13.49 or later
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves USDT probe test failures on ARM64 platforms.
Without these changes, the .note.stapsdt section containing probe
information was missing entirely on ARM64, causing test failures when
attempting to find and attach to USDT probes in the BCC test suite.
Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5491]
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop the patch that is included in this release.
Actually that is also the changelog since the previous version - there
were no other changes beside the accepted patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fio 3.40 added the commit 4175f4dbec5d ("oslib: blkzoned: add
blkzoned_move_zone_wp() helper function") which uses
FALLOC_FL_ZERO_RANGE which in a musl build is undefined without
including its header.
Backport the upstream fix.
Signed-off-by: Max Krummenacher <max.oss.09@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rtla source code is present in the kernel source tree at tools/tracing/rtla.
There is another build option for rtla to enable bpf bindings, this was
not a quick one to get working and left as a future improvement.
Makefile for rtla has evolved in newer kernels (v6.9). Some fixes needed for
support with older kernels. This commit was tested against 6.18 and 6.8.
Also add rtla to packagegroup-meta-oe-benchmarks.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When having a DEPENDS against cpupower it need to leave its header files.
Remove that cleanup that has been present since the beginning of the recipe
without any (to me) known reason.
cpupower ship a systemd service and config file in kernel source tree
since kernel 6.16. Package them as a separate package cpupower-systemd to
be installed if wanted.
Add cpupower to packagegroup-meta-oe to be included in builds of all
packages.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This version has been EOL since the end of February. There is a recipe
available for v8, which is still supported.
Drop this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libcppconnman is a C++ library to control ConnMan via D-Bus. It exposes
simple aync methods to perform all the controls that ConnMan allow via
D-Bus.
Signed-off-by: Andrea Ricchi <andrea.ricchi@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The PKCS#11 provider has a mechanism [1] to support older applications
which have not yet migrated to the OSSL_STORE API [2]. It works by
encoding the 'pkcs11:' URI into a PEM file and passing that to an
application as a file. From the application's perspective it loads the
private key from a file, but OpenSSL will transparently use select the
provider to access it via PKCS#11 instead.
Instead of upstream's Python-based tool [3] (which would pull in
asn1crypto as a dependency), we just generate the ASN.1 for the PEM
using OpenSSL's 'asn1parse -genconf'.
It has been tested with RAUC, U-Boot's mkimage (for signed FITs) and
NXP's CST.
[1] https://github.com/latchset/pkcs11-provider/blob/main/docs/provider-pkcs11.7.md#use-in-older-applications-uris-in-pem-files
[2] https://docs.openssl.org/master/man7/ossl_store/
[3] https://github.com/latchset/pkcs11-provider/blob/main/tools/uri2pem.py
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OpenSSL 4.0 will drop support for engines and use providers instead.
To access SoftHSM and other PKCS#11 modules via the provider API, we
rely on https://github.com/latchset/pkcs11-provider, which is already
available as via pkcs11-provider recipe.
We enable this provider by using a specific OpenSSL config when signing.
This means that recipes inheriting this class can decide whether they
want to use the engine or provider to access the key.
SoftHSM seems to produce broken keys when calling the C_CopyObject, so
disable caching in the provider for now.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-43023, and support for many new printers.
Drop patches that are included in this release (or the underlying problem
was solved on another way)
Changelog: https://developers.hp.com/hp-linux-imaging-and-printing/release_notes
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
