Changelog:
============
* Default headers (such as "Content-Type", "Date" and "Server") are now stripped
from recorded files regardless of header name case. Previously, responses recorded from
servers that send lowercase header names (for example over HTTP/2) kept these redundant
headers in the generated file.
* Fixed 'query_param_matcher' mutating the caller's params dict when numeric
values are provided.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
- Add Latvian language localization
- Add i18n support for naturalsize() and French translation
- Performance improvements: 1.07x - 8.4x
- Lazy imports for Python 3.15+
- Drop experimental Python 3.13 free-threaded
- Refactor: simplify scientific() and extract _SUPERSCRIPT_MAP constant
- Fix naturalsize() rounding rollover at unit boundaries
- Carry metric() to the next SI prefix when rounding reaches 1000
- Stop printing two minus signs in fractional for a negative mixed number
- Return an empty string from natural_list() for an empty list
- Handle tz-aware datetimes in naturalday() and naturaldate()
- Fix Arabic translation
- Fix Spanish large number translations to use long scale
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
- Ensure we use a safe name for long postgres queue names. PG has a 63 byte
limit on the channel name.
- Ensure recycled worker threads no longer leak their LISTEN connections
w/Postgres.
- Add first-class Postgres support: PostgresHuey. Workers use LISTEN/NOTIFY
when a task is enqueued, giving Redis-like dequeue latency without polling,
and dequeues use select ... for update skip locked so any number of consumers
can share one database (requires psycopg 3.2+).
- The django.tasks backend is now also compatible with the django-tasks
backport package, extending support to pre-6.0 Django.
- Use an explicit fork multiprocessing context for process workers, rather than
setting the global start-method from the consumer entry-points. Fixes -k
process on MacOS 3.8+ / Linux 3.14+ when the consumer is started via the
huey_consumer console-script or a programmatic create_consumer().run().
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Fix: compute valid ISO 7064 Mod 11,10 check digit for de_DE vat_id
- Add es_MX automotive license plate provider
- Add sr_BA SSN provider
- Update providers job, phone_number, bank and ssn
- Update phone number test regex
- Update outdated Korean locale names
- Fix: prevent infinite recursion in _safe_random_int when both bounds collapse to the same integer
- Add mk_MK (Macedonian) locale
- CI: run PR checks against PR code instead of base branch.
- Fix: raise NotImplementedError in bank() for locales without banks data
- Fix outdated links in README credits section
- Bump actions/cache from 5 to 6
- Bump actions/checkout from 6 to 7
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
- Fixed the decoder registering 6-byte strings in the string reference
namespace at indices 65536–4294967295 where the encoder does not,
desynchronising the namespace and resolving later string references to the
wrong value
- Fixed the IPv4/IPv6 network decoders (tags 52 and 54) silently truncating an
address byte string that is longer than the address size instead of rejecting
it as malformed
- Fixed quadratic decoding time for indefinite-length and large definite-length
byte and text strings, caused by concatenating each chunk onto the
accumulated result with + instead of building the result once
- Fixed datetime_as_timestamp encoding whole-second datetimes before 1970 or
after 2106 as floats instead of integers, because the timestamp was narrowed
through an unsigned 32-bit integer
- Fixed the encoder measuring text strings by code point count instead of UTF-8
byte length when deciding whether to add them to the string reference
namespace, desynchronising it from the decoder (which counts bytes) and
corrupting later string references for non-ASCII strings
- Fixed the decoder rejecting scoped IPv6 addresses (tag 54) with a
CBORDecodeError reading invalid types in input array; the encoder emits them
as [address, null, zone id] but the decoder only handled the network and
interface array forms, so a scoped ~ipaddress.IPv6Address could not be decoded
back
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Use defaultdict to help with performance
- Simplify _interleave_addrinfos family grouping
- Collapse collect-then-remove pattern in utils helpers
- Merge identical except blocks in _connect_sock cleanup
- Add python 3.14 support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
0001-trivial-httpd-Fix-const-correctness-of-slash-pointer.patch
removed since it's included in 2026.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Add xmp_set_player(ctx, XMP_PLAYER_DEFPAN, 50) to relevant examples
in libxmp.rst and in the examples directory, clarify it must be
used BEFORE calling xmp_load_module, and recommend its usage.
- Fix crashes and other bugs in the smix API.
- Rewrite the smix API WAV loader to support stereo samples.
- Fix XM channel default instrument memory (should be no instrument).
- Fix IT high offset being applied when no Oxx effect is present.
- Fix IT offsets >length setting the offset to sample end instead of 0
in new effects mode.
- Fix conversion of MED synth/hybrid finetune.
- Fix Magnetic Fields Packer track loading and optimize tracks.
- Fix path_join when loading a module from the current directory.
- Fix loading truncated Startrekker AM instruments.
- Startrekker AM instruments now take precedence over sampled
instruments in the same slot (fixes GTS/fa.worse face.mod and
WOTW/intro 12.mod).
- Fix StarTrekker AM instrument envelope, P.FALL, and FQ toneporta
bugs by reimplementing these features using extras (fixes
Epsilon (ES)/frankie.mod, WOTW/intro 12.mod, maybe others).
- Allow Archimedes MUSX modules to load if the SDAT instrument
subchunk is broken (fixes 5-OverPar).
- Fix various -fsanitize=shift-base warnings:
- Prevent overflow read in lha depacker pm2 decoder.
- Add OS/2 EMX makefiles for KLIBC environment. Build tested under linux
using cross-os2emx toolchain at https://github.com/komh/cross-os2emx
- Build the PDF without date information to improve reproducibility.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
* Fix typo in Makefile.PL
* Compress::Raw::Zlib version 2.222 required--this is only version 2.221
Update to version 2.223
* Tag `:constants` no longer exports all constants Fixes#78, #64
* Bump actions/checkout from 6 to 7
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
=============
- When using the fdp layout algorithm ('dot -Kfdp …' or 'fdp …'), a new command
line option '-Lm…' is supported for controlling the "m-limit".
- The vt plugin has a new option for using Unicode octant characters to render
8-pixels-per-cell output, '-Tvt-8up2'.
- When building from source from a Git checkout, builds with
'--disable-python'/'--disable-python3' once again work.
- Gvedit no longer leaves temporary files on disk when previewing.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fixes:
- Accept NMEA GGA sentences with 11 or more parts (needed 14 or more previously)
- Use async D-bus 'Set' methods to set client properties in libgeoclue to improve robustness
- Do not change Client Location property on updates which are below threshold to avoid leaking location to D-bus
- Ignore wired WPA interfaces when finding an interface for WiFi scanning
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
0001-Add-ARM64-syscall-prefix-detection-in-C-API.patch
0002-Add-riscv-syscall-prefix-detection-in-C-API.patch
0003-folly-tracing-Remove-x86-specific-naming-from-tracin.patch
0004-folly-tracing-Add-ARM-and-AArch64-support-to-static-.patch
0001-Fix-build-with-LLVM-22.patch
removed since they're included in 0.37.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 1.23.1.
New features:
- FFmpeg decoder plugin gains AV1, VVC, JPEG, and JPEG 2000/HTJ2K
decoding
- SVT-AV1 encoder: new tune=iq and ms-ssim tune parameters
- C++ API: added getters/setters for the CLLI and MDCV HDR metadata
boxes
- Sequence decoder now scales the alpha auxiliary track to the main
image size
Bug fixes:
- Fixed pixi box writing for multi-channel images
- Corrected the placement of the TAI clock_type field into the top
2 bits
- Empty/unset plugin directory is no longer scanned
Security fixes:
- CVE-TBD (GHSA-jc8f-p23p-5hjg) Integer underflow in Fraction
constructor via double clap transform application
- CVE-TBD (GHSA-73p7-m7gg-w2jv) Out-of-bounds read in uncompressed
unci tile range slicing
= CVE-TBD (GHSA-xpw3-9rhw-482x) Heap out of bounds write in libheif
uncompressed encoder when writing images with mismatched
auxiliary alpha dimensions
- CVE-TBD (GHSA-9ww4-9v47-m7pj) Reachable assertion in
HeifContext::get_track() aborts on a valid-but-empty HEIF
sequence file
- (GHSA-46rp-pcq2-rpmr) Heap out-of-bounds write in the
uncompressed encoder for RRGGBB images with interleaved bit-depth
lower or equal to 8
Remove CVE-2026-3949.patch because the fix has been included in
the source code for this release of libheif.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add a new recipe for flaky, plugin for pytest that automatically
reruns flaky tests. It is required by pycurl tests.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 7.47.0:
- Use dynamic SSL ports in certificate tests
- Harden test_clear_assignment_inside_socket_callback_resets_socketp
test
- Rename index field to idx in HstsIndex to avoid shadowing
- Fix test_callbacks_non_minus_one_return_continues_transfer on macOS
- Use PYCURL_REQUIRE_HANDLE and PYCURL_REQUIRE_NOT_RUNNING instead of
magic numbers
- Convert pycurl to a Python package with the C extension renamed to
pycurl._pycurl
- Fix flaky CONNECT_ONLY send/recv tests by waiting on active socket
readiness instead of sleeping after EAGAIN
- Add PyMutex support on Python 3.13+
- Modernize ssh_key_cb_test and use a local SFTP server
- Use set instead of dict for saving refs to easy objects in multi
- Make closed as property instead a method
- Add free-threaded CPython support
- Add AsyncCurlMulti
- Fix flaky memory_mgmt callback
- Add libcurl strerror wrappers (easy/multi/share/url)
- Modernize write/header tests
- Implement Curl multi notify API
- Pin socket callback tests to IPv4 to handle dual-stack localhost
resolution
- Integrate notify in AsyncCurlMulti
- Review GIL management
- Capture more expected warnings during tests
- Fix/update/remove some examples
- Fix truncated timeout value in multi timer callback
- Fix incorrect argument type in debug callback
- Fix some reference leaks
- Ensure errors are logged in progress/xferinfo callbacks
- Support zero-copy write/header callbacks
- Evolve CurlShare with share()/unshare(), Python-level thread safety,
and CURLSHcode error propagation
- Fix test_default_mode_autopongs_server_ping with libcurl 8.21.0
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 3.29.6:
- serialise singleton construction in FileLockMeta
- _util: drop the dead st_mtime=0 short-circuit in
raise_on_not_writable_file
- test: silence fork DeprecationWarning on 3.15
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The upstream tarball fetched from pypi contains `.hash` files like these:
$ cat aiohttp/.hash/hdrs.py.hash
a46ad6c3a2faf8d26a2c6afc1a2210ce379a23f2799fce7b26a01f6ce5a40642 /home/runner/work/aiohttp/aiohttp/aiohttp/hdrs.py
These file trigger the relatively new HOME buildpath check _if_ the recipe
happens to be built by someone with HOME set to /home/runner
(for example someone building in a GitHub workflow):
ERROR: python3-aiohttp-3.14.1-r0 do_package_qa: QA Issue:
File /usr/lib/python3.14/site-packages/aiohttp/.hash/hdrs.py.hash
in package python3-aiohttp contains a reference to the build host HOME directory.
If upstream hardcodes a directory path that matches your home,
you can set OEQA_BUILDPATHS_SKIP = "/home/runner" in the recipe. [buildpaths]
Follow the suggested fix of setting `OEQA_BUILDPATHS_SKIP`.
See also openembedded-core commit ee29a9132a ("oeqa: allow exceptions in
buildpath HOME checks") for an example of `OEQA_BUILDPATHS_SKIP` used.
Signed-off-by: Leonard Göhrs <l.goehrs@pengutronix.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
python3-sqlite is required by the NDB code, irrespective of ptest:
File "/usr/lib/python3.14/site-packages/pyroute2/__init__.py", line 31, in <module>
File "/usr/lib/python3.14/site-packages/pyroute2/ipdb/__init__.py", line 16, in <module>
File "/usr/lib/python3.14/site-packages/pyroute2/ndb/main.py", line 317, in <module>
File "/usr/lib/python3.14/site-packages/pyroute2/ndb/task_manager.py", line 9, in <module>
File "/usr/lib/python3.14/site-packages/pyroute2/ndb/schema.py", line 99, in <module>
ModuleNotFoundError: No module named 'sqlite3'
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Analysis:
- The Mbed TLS advisory states the issue occurs when LLVM
select-optimize is enabled. [1]
- The same advisory also states that Arm/x86 builds with
MBEDTLS_HAVE_ASM enabled are not affected. The default mbedtls
configuration in this branch enables MBEDTLS_HAVE_ASM.
- NVD also describes the issue as occurring only with LLVM's
select-optimize feature. [2]
- The mbedtls recipes now evaluate the effective build flags across
target, native, and nativesdk variants, handle the supported
-mllvm spellings, and only mark the CVE unpatched when the
vulnerable LLVM option combination is explicitly enabled and the
Arm/x86 MBEDTLS_HAVE_ASM carve-out does not apply.
- When those conditions are not met, the current mbedtls build
configuration is not affected.
- Hence ignoring/deferred the CVE for now.
Reference:
[1] https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-compiler-induced-constant-time-violations/
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-66442
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This file hardcodes a specific compiler for aarch64-linux builds, which
is not the compiler that we provide. As it's otherwise useless, we can
just delete the file.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
nasm is an x86 assembler, so only depend on it (and work around the
build paths errors) on x86-64 (the assembler fastpaths are explicitly
64-bit only).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Inherit ptest and include tests for genson. The PyPI package
omits files for testing so use the GitHub source instead.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 1.4.0:
- add enum support, activated per node by seed schemas
- Performance: strategy deduplication when defining custom
SchemaBuilder classes is now O(n) instead of O(n2)
- include the complete, runnable test suite in the source
distribution
- Bugfix: fix "noting to do" typo in the CLI error message
and remove dead code
- Docs: document the required-dropping behavior and the
builder-merge gotcha; explain why same-type inputs merge
rather than producing anyOf; add a NoRequiredObject example
for suppressing required
- declare python_requires >= 3.10, matching the tested Python
versions
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 5.9.0:
- zuul: Use openstack-python3-next-jobs template
- Do not install code to build release notes
- Drop support for Python 3.10
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 7.15.0:
- Since 7.14.0, reporting commands implicitly combine parallel data
files. Now those commands have a new option --keep-combined to retain
the data files after combining them instead of the default, which is
to delete them.
- Fix: the LCOV report would incorrectly count excluded functions as
uncovered, as described in issue 2205. This is now fixed thanks to
Martin Kuntz Jacobsen.
- When running your program, coverage now correctly sets
yourmodule.__spec__.loader as strongly recommended, avoiding the
deprecation warning.
- Fix: with Python 3.10, running with the -I (isolated mode) option
didn't correctly omit the current directory from the module search
path. That is now fixed thanks to Ilia Sorokin.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Upgrade to release 6.2.3:
- Fix quadratic expansion of comma-separated range lists for a large
speed-up on expressions with many ranges.
- Reject a zero step (e.g. 5-5/0) in equal and reversed cron ranges
instead of silently accepting it.
- Fix expand_from_start_time month low-bound off-by-one so stepped
month ranges start on the correct month.
- Fix zizmor-reported security findings in GitHub Actions workflows.
- Bump pinned build and CI dependencies via dependabot.
- Upgrade locked development and build dependencies (uv lock --upgrade).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This bugfix release addresses several build issues after the transision
to meson. These bugs didn't really affect the yocto recipe but let's
update the package for completness.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>