Update nushell from 0.111.0 to 0.114.1.
Highlights across v0.112.0 - v0.114.1:
New features:
- Sharper type system with pipeline-aware type inference
- Runtime type checking (enforce-runtime-annotations) now on
by default
- POSIX '--' end-of-options support for all command types
- 'run' command to use scripts as pipeline stages
- Semantic Versioning support (into semver, semver bump, etc.)
- KDL format support (to kdl, from kdl)
- Set operation commands (union, intersect, difference,
combinations, permutations)
- 'idx' command family for fast in-memory filesystem indexing
- 'peek' command to inspect stream metadata
- Fish-style abbreviation expansion
- 'random pass' password generator
- 'commandline complete' for programmatic completions access
- Polars upgraded to 0.54 with map-batches and bitwise commands
- New experimental globbing engine (dc-glob)
Breaking changes:
- Submodules no longer implicitly imported
- enforce-runtime-annotations enabled by default
- Reedline vi mode overhaul with visual mode
- from xlsx/from ods reworked (removed --header-row, added
--noheaders and --first-row)
- Error 'details' field replaces 'json' field in catch blocks
- parse no longer implicitly splits byte streams into lines
- Deprecated str upcase/str downcase replaced by
str uppercase/str lowercase
Notable bug fixes:
- Fix uninitialized value in let_cxx_string! on panic
- Fix nested update with closure for table columns
- Fix flatten conflicting column renaming
- Fix float ranges (0.1..0.3 now produces [0.1, 0.2, 0.3])
- Fix aliases breaking when shadowed variables
- Fix math abs panic on i64::MIN
- Prevent SIGABRT on terminal close
- Fix try blocks executing code twice
- Fix closure input type incorrectly inheriting from scope
- Better assignment error messages for type mismatches
- Fix for loop variable type inference with union iterables
v0.114.1 is a patch release fixing issues with the new
enforce-runtime-annotations default behavior.
Assisted-by: Kiro CLI 2.12.0 (AI assistant)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
csysdig fails to link when stock Lua is also present in the sysroot:
ld.lld: error: undefined symbol: luaL_openselectedlibs
>>> referenced by chisel.cpp:1190
ld.lld: error: undefined symbol: lua_pcallk
ld.lld: error: undefined symbol: lua_setglobal
sysdig's chisel code does #include "lua.h" and links against LuaJIT
(lua${JIT}), but the recipe-sysroot also carries stock Lua headers
(openembedded-core lua installs lua.h into ${includedir}). Those headers
win the include search over ${includedir}/luajit-2.1, so the chisel
objects are compiled against stock Lua while the binary links
libluajit-5.1.so. In Lua >= 5.4.4 luaL_openlibs is a macro for
luaL_openselectedlibs and lua_setglobal/lua_pcallk are real symbols,
none of which LuaJIT (a Lua 5.1 ABI) provides, hence the undefined
references. -DLUA_INCLUDE_DIR does not help: sysdig's luajit.cmake only
consults it in its stock-Lua fallback, not when it finds LuaJIT.
Prepend ${STAGING_INCDIR}/luajit-2.1 to CFLAGS/CXXFLAGS. These land in
CMAKE_CXX_FLAGS, which precede CMake's generated -I includes, so LuaJIT's
lua.h is found first and matches the linked library.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
do_compile could fail with many:
fatal error: 'libsinsp/sinsp.h' file not found
fatal error: 'sinsp.h' file not found
fatal error: 'libscap/strl.h' file not found
across all userspace/sysdig objects, even though the headers exist in
the fetched falcosecurity-libs source.
The add_library de-duplication patch guarded the libscap/libsinsp
modules with a HAVE_LIBSCAP/HAVE_LIBSINSP flag set as CACHE INTERNAL.
Because that value persists in CMakeCache, ninja's build-time
regeneration rule (cmake --regenerate-during-build, which fires whenever
a CMake input's timestamp changes between do_configure and do_compile)
re-runs cmake with the flag already true. The libscap/libsinsp
add_subdirectory() is then skipped, dropping the scap/sinsp targets and
their PUBLIC include directories, so target_link_libraries(sysdig sinsp)
degrades to a bare -lsinsp with no header propagation.
Guard on target existence (if(NOT TARGET scap|sinsp)) instead. Target
existence is global within a single cmake run -- so it still prevents
the duplicate add_library -- but is not persisted across runs, so the
modules are correctly re-processed on every regeneration.
Verified: a build-time cmake regeneration now keeps the libsinsp/libscap
object rules and falcosecurity-libs include paths in build.ninja, and a
full clean build plus a post-touch recompile both succeed.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The license was changed from MIT to BSL-1.0 in release 4.0.0.
Also set SUMMARY instead of DESCRIPTION, and fix some whitespace.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
0001-trivial-httpd-Fix-const-correctness-of-slash-pointer.patch
removed since it's included in 2026.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: copyright year span has been updated.
- Added new script to interface CiA 305: Layer setting services (LSS)
- New API function to set baud rate: can_set_baudrate()
- Remove usage of white text-color
Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The function uio_line_from_file() fails to close the FILE pointer
when fgets() returns NULL, causing a file descriptor leak.
This can be triggered when reading from /sys files that return
empty content, leading to resource exhaustion over time.
Fix this by using goto-based error handling to ensure fclose()
is called on all exit paths.
Signed-off-by: Qliangw <qili00001@gmail.com>
* Refresh lua-update-Makefile-to-use-environment-build-setting.patch
* Use ${@oe.utils.trim_version(d.getVar('PV'), 2)} to dynamically
determine branch= in SRC_URI
Valkey 9.1.0 GA - Released Tue May 19 2026
---------------------
Upgrade urgency LOW: This is the first stable release of Valkey 9.1.
* Security fixes
- (CVE-2026-23479) Use-After-Free in unblock client flow
- (CVE-2026-25243) Invalid Memory Access in RESTORE command
- (CVE-2026-23631) Use-after-free when full sync occurs during a
yielding Lua/function execution
* New Features and enhanced behavior
- Add cluster bus network traffic usage metric in bytes by @hpatro
(#3396)
- Reduce latency spikes during rehashing via incremental page release
by @chzhoo (#3481)
* Bug Fixes
- Fix(syncio): Set errno on EOF in syncRead and propagate to
conn->last by @abmathur-ie (#3580)
- Fix GEOSEARCH BYPOLYGON leak on invalid COUNT by @bandalgomsu (#3568)
- Handle NULL pointer in streamTrim listpack delta calculation by
@smkher (#3591)
- Fixes server crash when RDMA benchmark clients disconnect by
@quanyeyang (#3448)
- Fix the memory leak in valkey-benchmark by @nmvk (#3643)
Release announcment:
https://valkey.io/blog/valkey-9-1-delivers-improvements-in-security-performance-and-more/
For full comparison of changes, see:
https://github.com/valkey-io/valkey/compare/9.0.4...9.1.0
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Fix initramfs switch-root failure
- Add haveged-initramfs.service for use inside the initramfs (without --no-command, without PrivateNetwork=true)
- Update dracut module to install the initramfs-specific service file
- Fix 100% CPU spin when --no-command is used
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
GCC 16 emits a spurious -Wmaybe-uninitialized for the exception helper
constructors in reply.h, and the project builds with -Werror:
src/sw/redis++/reply.h:54:60: error: '<unknown>' may be used uninitialized
[-Werror=maybe-uninitialized]
cc1plus: all warnings being treated as errors
Add -Wno-error=maybe-uninitialized for the gcc toolchain.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The shipped Makefile errors out
'You must run ./configure before make'
when Make.inc/src/config.h are missing, so the 'make clean' run by
autotools_preconfigure fails before configure has run.
Set CLEANBROKEN to skip that clean.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fmt renamed its default branch master -> main, so the SRCREV was
unreachable.
Also retarget 0001-Fix-build-with-gcc-16 to
minifi-api/include/minifi-cpp/core/RepositoryMetricsSource.h after
the source-tree restructure in 0.99.2.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Refresh the cross-compile configure.ac patch for 4.0.0. Its configure.ac
now requires the xcursor pkg-config module in the core PKG_CHECK_MODULES,
which the recipe never depended on, so do_configure fails:
checking for fontconfig xrender xcomposite xcursor xdamage xfixes xext x11... no
configure: error: Package requirements (...) were not met:
Package 'xcursor' not found
Add libxcursor to DEPENDS.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable the new default-on impstats-push feature, which needs protoc-c,
libprotobuf-c and snappy that are not wired up in this recipe.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Regenerate 0001-hiredis-use-default-CC and
0004-src-Do-not-reset-FINAL_LIBS so they apply without fuzz (patch-fuzz
is a fatal QA error).
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Regenerate configure.patch, which hardcoded version 3.25.8 and had stale
context, so it applies without fuzz.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop the no-longer-needed 0001-Fix-parallel-build-problems.patch,
0002-fix-reproducibility.patch and
0001-Fix-a-lot-of-Werror-format-security.patch.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changes in 1.18.0
~~~~~~~~~~~~~~~~~
Released: 2026-06-08
Enhancements:
* Improve error handling and printed output of `flatpak-coredumpctl` (#6649,
#6680)
* Support the AMD vendor specific compute interface (`/dev/kfd`) via the DRI
device permission (#6648)
* Improve the output of `flatpak update` with failure causes (#6657)
* Improve startup time for fish shell integration (#6635)
* Translation updates: zh_CN (#6671)
Bug fixes:
* Fix building when HAVE_LIBSYSTEMD but not USE_SYSTEM_HELPER is defined (#6652)
* Ignore system bus failures in parental controls check (#6663)
* Fix some return values and replace deprecated `GTimeVal` with
`g_get_real_time()` (#6646)
* Suppress an unused-result warning in the tests (#6655)
Changes in 1.17.7
~~~~~~~~~~~~~~~~~~
Released: 2026-05-06
Enhancements:
* Add the new permission conditionals `has-usb-device` and `has-usb-portal` to
allow apps to drop --device=all and --device=usb permissions (#6560)
* Always send the `Flatpak-Upgrade-From` header when updating instead of
freshly installing, to improve the quality of statistics (#6626)
* Improve how the absence of the system repo is handled (#6621)
* Changes to repos are now more atomic which helps to avoid them being in an
invalid state. This could be observed when importing the GPG key failed,
because the system clock was wrong. (#6547)
* A function to report the age of the configuration was added to libflatpak,
which will help GNOME Software to prevent unnecessary work (#6532)
* Improvements to the build system (#6614, #6610)
* Improve various tests (#6604, #6606, #6619, #6617, #6605, #6625)
* Translation updates: tr (#6629), zh_CN (#6630)
Bug fixes:
* Fix a regression in handling of the fallback-x11 permission, which was
affecting overrides from Flatseal (#6632)
* Fix a memory leak in the Flatpak portal (#6613)
* Install SELinux configuration files to the right directory (#6622)
* Silence wrong `lseek()` errors when creating sub-sandboxes (#6609)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Changelog:
===========
- Add --no-command / -C flag to disable command mode at runtime
- Disable command mode in haveged.service and haveged-once.service
- Enable PrivateNetwork=true and remove ReadWritePaths=/dev/shm in service files
- Add PractRand example to man page
- Use O_EXCL with sem_open to prevent semaphore pre-planting attacks [pyllyukko]
- Recover stale semaphores after SIGKILL by unlinking and retrying
- Add sem_close before sem_unlink for proper cleanup ordering
- Fix compilation when NO_COMMAND_MODE is defined
- Fix out-of-bounds memory access in safein()/safeout() on socket errors
- Reject command socket connections from different user namespaces
- Use O_NOFOLLOW for PID file to prevent symlink attacks
- Open random device with O_CLOEXEC to prevent fd leak across execv
- Restrict semaphore permissions from 0644 to 0600
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade libsodium from 1.0.19 to 1.0.20 for minifi-cpp third party
dependency.
Updated below patch for upgrading:
0003-Fix-libsodium-build.patch
Removed below patch because it is in the new version:
0007-libsodium-aarch64-set-compiler-attributes-after-including-arm_.patcha
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Removed all the paths' changes in do_install because of the old test
by using "/usr/bin/minifi &" instead of "minifi.sh run &", which
doesn't define MINIFI_HOME as an environment var.
This causes minifi-cpp thinks MINIFI_PACKAGING_TYPE is RPM, and tries to
find files in different paths from TGZ, while yotco uses
MINIFI_PACKAGING_TYPE TGZ by default.
Correct test case and those changes aren't needed any more.
Fixes c0e52930a9 ("minifi-cpp: upgrade 0.99.1 -> 0.99.2")
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The build fails with
../sources/multitail-7.1.5/mt.c: In function 'do_color_print':
../sources/multitail-7.1.5/mt.c:712:25: warning: implicit declaration of function 'waddnwstr'; did you mean 'waddnstr'? [-Wimplicit-function-declarat
712 | waddnwstr(win -> win, &wcur, 1);
| ^~~~~~~~~
| waddnstr
I suspect it's due to gcc-16, because in a build environment with gcc-15 it
compiles. Upstream has already set a todo at this code line.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Improvements
================
- Increase required cmake version to 3.15
- Use ffc (pure-C99) as the RESP3 double parser instead of strtod
- FetchContent should not include cpack
- Add C++ compatibility to sds.h
- Apply FD_CLOEXEC on sockets
Bug Fixes
=============
- fix: add NULL check for c->funcs in redisReconnect
- Fix buffer overflow in tests.
Maintenance
===============
- Fix CI for macOS and docker based runs.
- Fix CI on MacOS runners.
- Define ssize_t as intptr_t in Windows
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The python bindings are built unconditionally, so using libpwquality
drags libpython3 and python3-core onto the image even when only the C
library or pam_pwquality is needed.
Add a "python3" PACKAGECONFIG for the bindings, enabled by default to
keep the current behaviour. The setuptools3-base inherit is deferred
and conditional on it. With python3 disabled, the package depends only
on cracklib and libc.
Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add recipe for edit 2.0.0, Microsoft's small terminal editor
written in rust.
Edit uses ICU for search/replace, which requires a non-standard
way to discover the ICU soname buildtime.
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
* Add ReadWritePaths=/dev/shm to systemd service for semaphore creation
under ProtectSystem=full sandboxing
* Fix privilege escalation via command socket (CVE-2026-41054)
* Check peer credentials before reading command (CVE-2026-41054)
* Handle failing opening of semaphore
* Fix /dev/shm permissions to use sticky bit
* Use chmod after mkdir to ensure correct /dev/shm permissions
* Update libtool: add lib64 search paths, remove dead code
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
We have replaced p7zip more than 2 years, do not make 7zip provide
p7zip any more, then CVE scan on p7zip would be skipped
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
(CVE-2026-23479) Use-After-Free in unblock client flow
(CVE-2026-25243) Invalid Memory Access in RESTORE command
(CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>