38976 Commits

Author SHA1 Message Date
Leon Anavi 17afdec9d8 libheif: Upgrade 1.21.2 -> 1.23.1
Upgrade to release 1.23.1.

New features:
- FFmpeg decoder plugin gains AV1, VVC, JPEG, and JPEG 2000/HTJ2K
  decoding
- SVT-AV1 encoder: new tune=iq and ms-ssim tune parameters
- C++ API: added getters/setters for the CLLI and MDCV HDR metadata
  boxes
- Sequence decoder now scales the alpha auxiliary track to the main
  image size

Bug fixes:
- Fixed pixi box writing for multi-channel images
- Corrected the placement of the TAI clock_type field into the top
  2 bits
- Empty/unset plugin directory is no longer scanned

Security fixes:
- CVE-TBD (GHSA-jc8f-p23p-5hjg) Integer underflow in Fraction
  constructor via double clap transform application
- CVE-TBD (GHSA-73p7-m7gg-w2jv) Out-of-bounds read in uncompressed
  unci tile range slicing
= CVE-TBD (GHSA-xpw3-9rhw-482x) Heap out of bounds write in libheif
  uncompressed encoder when writing images with mismatched
  auxiliary alpha dimensions
- CVE-TBD (GHSA-9ww4-9v47-m7pj) Reachable assertion in
  HeifContext::get_track() aborts on a valid-but-empty HEIF
  sequence file
- (GHSA-46rp-pcq2-rpmr) Heap out-of-bounds write in the
  uncompressed encoder for RRGGBB images with interleaved bit-depth
  lower or equal to 8

Remove CVE-2026-3949.patch because the fix has been included in
the source code for this release of libheif.

This work was sponsored by GOVCERT.LU.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:41 -07:00
Leon Anavi 13b0363478 python3-pycurl: Enable tests
Inherit ptest, update runtime dependencies and include the tests
for pycurl.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:41 -07:00
Leon Anavi 175976dbf9 python3-flaky: Add recipe
Add a new recipe for flaky, plugin for pytest that automatically
reruns flaky tests. It is required by pycurl tests.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:41 -07:00
Leon Anavi a0e385b75b python3-pycurl: Upgrade 7.46.0 -> 7.47.0
Upgrade to release 7.47.0:

- Use dynamic SSL ports in certificate tests
- Harden test_clear_assignment_inside_socket_callback_resets_socketp
  test
- Rename index field to idx in HstsIndex to avoid shadowing
- Fix test_callbacks_non_minus_one_return_continues_transfer on macOS
- Use PYCURL_REQUIRE_HANDLE and PYCURL_REQUIRE_NOT_RUNNING instead of
  magic numbers
- Convert pycurl to a Python package with the C extension renamed to
  pycurl._pycurl
- Fix flaky CONNECT_ONLY send/recv tests by waiting on active socket
  readiness instead of sleeping after EAGAIN
- Add PyMutex support on Python 3.13+
- Modernize ssh_key_cb_test and use a local SFTP server
- Use set instead of dict for saving refs to easy objects in multi
- Make closed as property instead a method
- Add free-threaded CPython support
- Add AsyncCurlMulti
- Fix flaky memory_mgmt callback
- Add libcurl strerror wrappers (easy/multi/share/url)
- Modernize write/header tests
- Implement Curl multi notify API
- Pin socket callback tests to IPv4 to handle dual-stack localhost
  resolution
- Integrate notify in AsyncCurlMulti
- Review GIL management
- Capture more expected warnings during tests
- Fix/update/remove some examples
- Fix truncated timeout value in multi timer callback
- Fix incorrect argument type in debug callback
- Fix some reference leaks
- Ensure errors are logged in progress/xferinfo callbacks
- Support zero-copy write/header callbacks
- Evolve CurlShare with share()/unshare(), Python-level thread safety,
  and CURLSHcode error propagation
- Fix test_default_mode_autopongs_server_ping with libcurl 8.21.0

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:41 -07:00
Leon Anavi 38b4e99b5b python3-filelock: Upgrade 3.29.4 -> 3.29.6
Upgrade to release 3.29.6:

- serialise singleton construction in FileLockMeta
- _util: drop the dead st_mtime=0 short-circuit in
  raise_on_not_writable_file
- test: silence fork DeprecationWarning on 3.15

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:40 -07:00
Leonard Göhrs 7c601563fa python3-aiohttp: add buildpath HOME check exception due to upstream pkg
The upstream tarball fetched from pypi contains `.hash` files like these:

  $ cat aiohttp/.hash/hdrs.py.hash
  a46ad6c3a2faf8d26a2c6afc1a2210ce379a23f2799fce7b26a01f6ce5a40642  /home/runner/work/aiohttp/aiohttp/aiohttp/hdrs.py

These file trigger the relatively new HOME buildpath check _if_ the recipe
happens to be built by someone with HOME set to /home/runner
(for example someone building in a GitHub workflow):

  ERROR: python3-aiohttp-3.14.1-r0 do_package_qa: QA Issue:
  File /usr/lib/python3.14/site-packages/aiohttp/.hash/hdrs.py.hash
  in package python3-aiohttp contains a reference to the build host HOME directory.
  If upstream hardcodes a directory path that matches your home,
  you can set OEQA_BUILDPATHS_SKIP = "/home/runner" in the recipe. [buildpaths]

Follow the suggested fix of setting `OEQA_BUILDPATHS_SKIP`.
See also openembedded-core commit ee29a9132a ("oeqa: allow exceptions in
buildpath HOME checks") for an example of `OEQA_BUILDPATHS_SKIP` used.

Signed-off-by: Leonard Göhrs <l.goehrs@pengutronix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:40 -07:00
Alex Kiernan 6b5556bba4 python3-pyroute2: Add sqlite3 to RDEPENDS
python3-sqlite is required by the NDB code, irrespective of ptest:

  File "/usr/lib/python3.14/site-packages/pyroute2/__init__.py", line 31, in <module>
  File "/usr/lib/python3.14/site-packages/pyroute2/ipdb/__init__.py", line 16, in <module>
  File "/usr/lib/python3.14/site-packages/pyroute2/ndb/main.py", line 317, in <module>
  File "/usr/lib/python3.14/site-packages/pyroute2/ndb/task_manager.py", line 9, in <module>
  File "/usr/lib/python3.14/site-packages/pyroute2/ndb/schema.py", line 99, in <module>
ModuleNotFoundError: No module named 'sqlite3'

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:40 -07:00
Alex Kiernan 4c9bde7759 minisign: Add recipe
Dead-simple Ed25519 file signing tool.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:40 -07:00
Deepak Rathore 0eda0f3c55 mbedtls: set CVE_STATUS for CVE-2025-66442
Analysis:
- The Mbed TLS advisory states the issue occurs when LLVM
  select-optimize is enabled. [1]
- The same advisory also states that Arm/x86 builds with
  MBEDTLS_HAVE_ASM enabled are not affected. The default mbedtls
  configuration in this branch enables MBEDTLS_HAVE_ASM.
- NVD also describes the issue as occurring only with LLVM's
  select-optimize feature. [2]
- The mbedtls recipes now evaluate the effective build flags across
  target, native, and nativesdk variants, handle the supported
  -mllvm spellings, and only mark the CVE unpatched when the
  vulnerable LLVM option combination is explicitly enabled and the
  Arm/x86 MBEDTLS_HAVE_ASM carve-out does not apply.
- When those conditions are not met, the current mbedtls build
  configuration is not affected.
- Hence ignoring/deferred the CVE for now.

Reference:
[1] https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-compiler-induced-constant-time-violations/
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-66442

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:40 -07:00
Jason Schonberg 34b5cd16f1 php: upgrade 8.5.7 -> 8.5.8
This is a security release.

Changelog: https://www.php.net/ChangeLog-8.php#8.5.8

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:30:26 -07:00
Wang Mingyu d064444785 fastfetch: drop drm-amdgpu and split vaapi into va-drm/va-x11
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:30:26 -07:00
Ross Burton f39021c5df uutils-coreutils: delete .cargo/config.toml
This file hardcodes a specific compiler for aarch64-linux builds, which
is not the compiler that we provide.  As it's otherwise useless, we can
just delete the file.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:02 -07:00
Ross Burton 4182694dbb librav1e: make nasm dependency x86-specific
nasm is an x86 assembler, so only depend on it (and work around the
build paths errors) on x86-64 (the assembler fastpaths are explicitly
64-bit only).

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:02 -07:00
Jan Vermaete be38668908 python3-markdown-it-py: version bump 3.0.0 -> 4.2.0
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:02 -07:00
Leon Anavi ad51aba1a7 python3-genson: Enable tests
Inherit ptest and include tests for genson. The PyPI package
omits files for testing so use the GitHub source instead.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:02 -07:00
Leon Anavi 8e729d2423 python3-genson: Upgrade 1.3.0 -> 1.4.0
Upgrade to release 1.4.0:

- add enum support, activated per node by seed schemas
- Performance: strategy deduplication when defining custom
  SchemaBuilder classes is now O(n) instead of O(n2)
- include the complete, runnable test suite in the source
  distribution
- Bugfix: fix "noting to do" typo in the CLI error message
  and remove dead code
- Docs: document the required-dropping behavior and the
  builder-merge gotcha; explain why same-type inputs merge
  rather than producing anyOf; add a NoRequiredObject example
  for suppressing required
- declare python_requires >= 3.10, matching the tested Python
  versions

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:02 -07:00
Leon Anavi df857d0b27 python3-stevedore: Upgrade 5.8.0 -> 5.9.0
Upgrade to release 5.9.0:

- zuul: Use openstack-python3-next-jobs template
- Do not install code to build release notes
- Drop support for Python 3.10

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Leon Anavi 60e702c713 python3-coverage: Upgrade 7.14.3 -> 7.15.0
Upgrade to release 7.15.0:

- Since 7.14.0, reporting commands implicitly combine parallel data
  files. Now those commands have a new option --keep-combined to retain
  the data files after combining them instead of the default, which is
  to delete them.
- Fix: the LCOV report would incorrectly count excluded functions as
  uncovered, as described in issue 2205. This is now fixed thanks to
  Martin Kuntz Jacobsen.
- When running your program, coverage now correctly sets
  yourmodule.__spec__.loader as strongly recommended, avoiding the
  deprecation warning.
- Fix: with Python 3.10, running with the -I (isolated mode) option
  didn't correctly omit the current directory from the module search
  path. That is now fixed thanks to Ilia Sorokin.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Leon Anavi 4c1ec8349e python3-croniter: Upgrade 6.2.2 -> 6.2.3
Upgrade to release 6.2.3:

- Fix quadratic expansion of comma-separated range lists for a large
  speed-up on expressions with many ranges.
- Reject a zero step (e.g. 5-5/0) in equal and reversed cron ranges
  instead of silently accepting it.
- Fix expand_from_start_time month low-bound off-by-one so stepped
  month ranges start on the correct month.
- Fix zizmor-reported security findings in GitHub Actions workflows.
- Bump pinned build and CI dependencies via dependabot.
- Upgrade locked development and build dependencies (uv lock --upgrade).

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Etienne Cordonnier 9aef1f7ee6 ttf-noto-emoji: upgrade 20200916 -> 2.051
- NotoEmoji-Regular.ttf was removed upstream in https://github.com/googlefonts/noto-emoji/commit/1442f6acc8463c428c8b38fc558e87c28d8efa5b
- A new COLRv1 format is provided, with a smaller file-size

Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Bartosz Golaszewski 9796702aa7 libgpiod: update to v2.3.1
This bugfix release addresses several build issues after the transision
to meson. These bugs didn't really affect the yocto recipe but let's
update the package for completness.

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Harsh Rai 88409f1cde pipewire: add MP3 compressed offload support
Add a PipeWire Pulse virtual sink and forwarder for compressed offload, enabling MP3 compressed Pulse streams to be routed to a PAL compressed sink.

Signed-off-by: Harsh Rai <harsh.rai@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Jason Schonberg 2e079404da xfce4-panel : upgrade 4.21.1 -> 4.21.2
Drop backported patches which are already included in this version.

Update 0001-windowmenu-do-not-display-desktop-icon-when-no-windo.patch for member name
changes.

Changelog: https://gitlab.xfce.org/xfce/xfce4-panel/-/tags/xfce4-panel-4.21.2

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Trevor Woerner e5ba52fcca gd: add missing library deps to PACKAGECONFIG entries
The PACKAGECONFIG entries introduced by the conversion were all missing
their build-dependency in the third field (the only exception was raqm,
which already had libraqm there).  As a result the hard-coded DEPENDS
line was compensating by always pulling in every library regardless of
which features were actually selected.

Evidence from the configure logs confirms which libraries were found or
missed across the three configurations:

  pre-conversion:
    checking for zlib... yes
    checking for libpng... yes
    checking for freetype2 >= 9.8.3... yes
    checking for libjpeg... yes
    checking for libtiff-4... yes

  post-conversion, unfixed (zlib, png, and tiff checks absent entirely):
    checking for freetype2 >= 9.8.3... yes
    checking for libjpeg... yes

  post-conversion, fixed:
    checking for zlib... yes
    checking for libpng... yes
    checking for freetype2 >= 9.8.3... yes
    checking for libjpeg... yes
    checking for libtiff-4... yes

Add the correct Yocto package name to the third field of every entry:
  avif       -> libavif
  fontconfig -> fontconfig
  freetype   -> freetype
  heif       -> libheif
  jpeg       -> jpeg
  liq        -> libimagequant
  png        -> libpng
  tiff       -> tiff
  webp       -> libwebp
  x          -> virtual/libx11
  xpm        -> libxpm
  zlib       -> zlib

With the dependencies now managed by PACKAGECONFIG, the unconditional
DEPENDS assignment is redundant and can be removed.

Fixes: be9f029b6c ("gd: Support PACKAGECONFIG")
AI-Generated: codex/claude-sonnet 4.6 (high)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Trevor Woerner fcf56020b9 gd: restore png, zlib, and tiff in the default PACKAGECONFIG
Before the PACKAGECONFIG conversion, png, zlib, and tiff support was
always enabled: those libraries were in DEPENDS and autoconf picked
them up automatically because no --without-* flag was passed for them.
The conversion introduced a regression by not including them in the
default PACKAGECONFIG, causing the mechanism to emit --without-png,
--without-zlib, and --without-tiff, silently disabling those features.

Evidence from the configure logs:

  pre-conversion:
    --with-jpeg=<sysroot>/usr/lib/.. --with-freetype=yes
    --without-fontconfig --without-webp --without-xpm --without-x
    (no --with/--without for png, zlib, or tiff; autoconf detects them)

  post-conversion, unfixed:
    --with-freetype --with-jpeg
    --without-png --without-tiff --without-zlib   <-- regression

  post-conversion, fixed:
    --with-freetype --with-jpeg
    --with-png --with-tiff --with-zlib             <-- restored

Add png, zlib, and tiff to the default PACKAGECONFIG so the out-of-
the-box feature set is unchanged from before the conversion.

Fixes: be9f029b6c ("gd: Support PACKAGECONFIG")
AI-Generated: codex/claude-sonnet 4.6 (high)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Michael Fitzmayer 8cc4e2f214 canvenient: update to version 1.02
- New API function: can_find_interfaces_mask()

License-Update: update year in copyright

Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Michael Fitzmayer ae8eecd7c8 canopenterm: update to version 2.03
License-Update: copyright year span has been updated.

- Added new script to interface CiA 305: Layer setting services (LSS)
- New API function to set baud rate: can_set_baudrate()
- Remove usage of white text-color

Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Wang Mingyu c564a7e833 tigervnc: Fix do_configure Error
update version of xorg-xserver according to oe-core
WARNING: tigervnc-1.16.2-r0 do_configure: TigerVNC xorg-server version (21.1.22) is different from oe-core's xorg-xserver version (21.1.23)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Claus Stovgaard da27b5fb74 android-tools: fix native build
The native tools include compilation of zip_writter, where it include
gtest/gtest_prod.h. So native build need to depend on gtest-native.

Signed-off-by: Claus Stovgaard <claus@stovgaard.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Bartosz Golaszewski af37a6f0fb gpiod-sysfs-proxy: update to v1.0.2
This is a major release for gpiod-sysfs-proxy. Upstream now ships
systemd unit files so drop those from the recipe. The project was
updated to using the more modern pyfuse3 package. Other than that: it
works the same and passes the same set of tests. For sysvinit: some of
the command-line arguments are no longer supported in pyfuse3 so remove
them from the init script.

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:28:59 -07:00
Khem Raj 155fd062e2 pcp: Add readline-native and ncurses-native to pcp-native DEPENDS
pcp-native compiles the pcp sources src/pmns/lex.l which does
'#include <readline/readline.h>'. The native recipe only depended on
python3/setuptools/flex/bison, so with the header search correctly
limited to the sysroot
0001-configure-Limit-the-header-search-to-sysroot.patch
the build fails on hosts without readline development headers installed:

    lex.l:25:10: fatal error: readline/readline.h: No such file or directory

Depend on readline-native (and ncurses-native, which readline links
against) so the headers and libraries come from the native sysroot
rather than the build host, mirroring the target recipe DEPENDS. This
makes the native build reproducible and host independent.

Verified by building pcp-native from scratch

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-01 00:05:35 -07:00
Khem Raj 63a5292025 crash: Fix cross compilation for 32-bit arm
The upstream crash Makefile CONF_TARGET_ARCH mapping (used when
CROSS_COMPILE is set) enumerates most of OE supported arches
but omits 32-bit arm. Building with CROSS_COMPILE=arm-*
therefore aborts at Makefile parse time:

    Makefile:75: *** The current Arch(arm) does not support cross compilation.  Stop.

ARM is already a valid crash target (defs.h/configure.c), so add a patch
mapping the normalized "arm" arch to CONF_TARGET_ARCH=ARM like every
other supported arch.

Verified by cross building crash for qemuarm (arm-yoe-linux-gnueabi-):

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Cc: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>
2026-06-30 23:37:18 -07:00
Qliangw cd75edf25d libuio: fix FILE descriptor leak
The function uio_line_from_file() fails to close the FILE pointer
when fgets() returns NULL, causing a file descriptor leak.

This can be triggered when reading from /sys files that return
empty content, leading to resource exhaustion over time.

Fix this by using goto-based error handling to ensure fclose()
is called on all exit paths.

Signed-off-by: Qliangw <qili00001@gmail.com>
2026-06-30 23:37:18 -07:00
Tim Orling f1e12abbd3 valkey: upgrade 9.0.4 -> 9.1.0
* Refresh lua-update-Makefile-to-use-environment-build-setting.patch
* Use ${@oe.utils.trim_version(d.getVar('PV'), 2)} to dynamically
  determine branch= in SRC_URI

Valkey 9.1.0 GA - Released Tue May 19 2026
---------------------

Upgrade urgency LOW: This is the first stable release of Valkey 9.1.

* Security fixes
  - (CVE-2026-23479) Use-After-Free in unblock client flow
  - (CVE-2026-25243) Invalid Memory Access in RESTORE command
  - (CVE-2026-23631) Use-after-free when full sync occurs during a
    yielding Lua/function execution

* New Features and enhanced behavior
  - Add cluster bus network traffic usage metric in bytes by @hpatro
    (#3396)
  - Reduce latency spikes during rehashing via incremental page release
    by @chzhoo (#3481)

* Bug Fixes
  - Fix(syncio): Set errno on EOF in syncRead and propagate to
    conn->last by @abmathur-ie (#3580)
  - Fix GEOSEARCH BYPOLYGON leak on invalid COUNT by @bandalgomsu (#3568)
  - Handle NULL pointer in streamTrim listpack delta calculation by
    @smkher (#3591)
  - Fixes server crash when RDMA benchmark clients disconnect by
    @quanyeyang (#3448)
  - Fix the memory leak in valkey-benchmark by @nmvk (#3643)

Release announcment:
https://valkey.io/blog/valkey-9-1-delivers-improvements-in-security-performance-and-more/

For full comparison of changes, see:
https://github.com/valkey-io/valkey/compare/9.0.4...9.1.0

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 23:35:39 -07:00
Wang Mingyu aa4d8aea4b xclock: upgrade 1.1.1 -> 1.2.0
License-Update: Removed the words "All rights reserved"

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu 17d8f29cf6 uthash: upgrade 2.3.0 -> 2.4.0
License-Update: Copyright year updated to 2026

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu 39399bd1e4 swagger-ui: upgrade 5.32.7 -> 5.32.8
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu 1ab1ba1b9c smcroute: upgrade 2.5.7 -> 2.6.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu e6fd95cd39 smarty: upgrade 5.8.0 -> 5.8.3
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu 69779c01a9 rasdaemon: upgrade 0.8.4 -> 0.8.5
Changelog:
===========
* rasdaemon: Add NVIDIA non-standard CPER decoder (Vera and Grace)
* rasdaemon: Add Intel Diamond Rapids, Granite Rapids, Sierra Forest, and Clearwater Forest support
* rasdaemon: Add Zhaoxin CPUs support for MCE record events
* rasdaemon: Fix uuid_le() buffer size calculation and SQLite API return code checks
* rasdaemon: Allow built-in or modules EDAC in status checks
* rasdaemon: Add RERI handler implementation
* ras-mc-ctl: Consolidate error counts by DIMM label
* ras-mc-ctl: Fix signal events query column
* ras-mc-ctl: Fix mc_event_trigger.local reference
* ras-mc-ctl: Correct --error-count alignment output
* ras-events: Fix event file endianness handling
* ras-aer-handler: Add support for AER triggers
* tracing: Address deprecated /sys/kernel/debug/tracing path
* ras-page-isolation.c: Clean up compiler warning
* types.c: Add missing newline at end of file
* Documentation: Update README.md and SECURITY.md

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu 878e50cb2c python3-xxhash: upgrade 3.7.0 -> 3.8.0
Changelog:
==========
- Fix memory leak in copy() and new() when memory allocation fails (rare edge
  case)
- Fix seed/reset state initialization in xxh32 and xxh64 (unlikely to affect
  normal usage)
- Replace Py_BuildValue with PyLong_FromUnsignedLong/LongLong for performance
- Update README examples to use bytes literals
- Add CodSpeed performance benchmarks and CI workflow
- Build aarch64/armv7l on native Arm runners; test against Python 3.15.0-beta.2
- Speed up module-level one-shot digest(), intdigest(), and hexdigest()
  functions by switching them to METH_FASTCALL.
- Keep one-shot argument handling consistent with hash constructors, including
  positional and keyword input/seed arguments, duplicate argument errors, and
  oversized seed wrapping.
- Fix error handling in the xxh3_128 integer digest path so allocation failures
  are reported cleanly.
- Fix Python 3.8 builds by adding a PyModule_AddType compatibility fallback
  with correct reference counting.
- Correct type stubs for xxh64_digest(), xxh64_hexdigest(), and
  xxh64_intdigest(), they were incorrectly aliased to xxh3_64 functions.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu 2503e89f02 python3-wand: upgrade 0.7.1 -> 0.7.2
Changelog:
 Fixed de-synced offsets during file read operations.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu 96a8f3442c python3-typer: upgrade 0.26.7 -> 0.26.8
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu a7fadfcc98 python3-tox: upgrade 4.55.1 -> 4.56.1
Changelog:
============
- Fix type errors flagged by ty 0.0.43
- Drop obsolete ty: ignore directives
- docs: Use double backquotes for git command in development.rst
- docs: Fix indent misalignment in reference/config.rst
- docs: replace http://tox.readthedocs.org with https://tox.wiki
- fix(config): restore skip_missing_interpreters default to False
- feat(virtualenv): auto-pin virtualenv for end-of-life Python
- treat scalar string then/else as a single item in if-replace extend

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu f2fb6d3cba python3-regex: upgrade 2026.5.9 -> 2026.6.28
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu 91157eac19 python3-redis: upgrade 8.0.0 -> 8.0.1
Changelog:
============
- Fix Unix socket maintenance notification handling and tests
- Fix async cluster node connection release on write errors
- Fixed async MultiDBClient with underlying RedisCluster
- Fix hiredis readiness checks for high file descriptors
- fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys
- Fixing pubsub's listen method to be blocking.
- fix(asyncio): release pooled connection when Pipeline.reset() is cancelled
- Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() instead of a per-call selector
- Updating PyJWT dependency.
- Update CI badge in README.md
- Add missing url query argument parser for ssl_min_version
- ci: least-privilege permissions on spellcheck (read) and stale-issues (job-level write for actions/stale)
- Bumping github-versions actions
- Updating lib version + supported Redis versions in README.md + updating the Redis versions in CI test matrix

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:22 -07:00
Wang Mingyu 3ccda013a4 python3-pandas: upgrade 3.0.3 -> 3.0.4
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:22 -07:00
Wang Mingyu da5aa5c5cd python3-mlcommons-loadgen: upgrade 6.0.14 -> 6.0.15
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:22 -07:00
Wang Mingyu 4899405282 python3-ipython: upgrade 9.14.1 -> 9.15.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:22 -07:00
Wang Mingyu 69b5baba27 python3-httplib2: upgrade 0.31.2 -> 0.32.0
Changelog:
============
- Python support 3.8+ only
- decompression limited by size and ratio
- decoder foundation to support more compression algorithms

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:22 -07:00