17006 Commits

Author SHA1 Message Date
Deepesh Varatharajan e93799db0e nushell: upgrade 0.111.0 -> 0.114.1
Update nushell from 0.111.0 to 0.114.1.

Highlights across v0.112.0 - v0.114.1:

New features:
- Sharper type system with pipeline-aware type inference
- Runtime type checking (enforce-runtime-annotations) now on
  by default
- POSIX '--' end-of-options support for all command types
- 'run' command to use scripts as pipeline stages
- Semantic Versioning support (into semver, semver bump, etc.)
- KDL format support (to kdl, from kdl)
- Set operation commands (union, intersect, difference,
  combinations, permutations)
- 'idx' command family for fast in-memory filesystem indexing
- 'peek' command to inspect stream metadata
- Fish-style abbreviation expansion
- 'random pass' password generator
- 'commandline complete' for programmatic completions access
- Polars upgraded to 0.54 with map-batches and bitwise commands
- New experimental globbing engine (dc-glob)

Breaking changes:
- Submodules no longer implicitly imported
- enforce-runtime-annotations enabled by default
- Reedline vi mode overhaul with visual mode
- from xlsx/from ods reworked (removed --header-row, added
  --noheaders and --first-row)
- Error 'details' field replaces 'json' field in catch blocks
- parse no longer implicitly splits byte streams into lines
- Deprecated str upcase/str downcase replaced by
  str uppercase/str lowercase

Notable bug fixes:
- Fix uninitialized value in let_cxx_string! on panic
- Fix nested update with closure for table columns
- Fix flatten conflicting column renaming
- Fix float ranges (0.1..0.3 now produces [0.1, 0.2, 0.3])
- Fix aliases breaking when shadowed variables
- Fix math abs panic on i64::MIN
- Prevent SIGABRT on terminal close
- Fix try blocks executing code twice
- Fix closure input type incorrectly inheriting from scope
- Better assignment error messages for type mismatches
- Fix for loop variable type inference with union iterables

v0.114.1 is a patch release fixing issues with the new
enforce-runtime-annotations default behavior.

Assisted-by: Kiro CLI 2.12.0 (AI assistant)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-14 10:25:16 -07:00
Deepesh Varatharajan cac9189f1d librust-cxx: upgrade 1.0.194 -> 1.0.197
Update cxx crate from 1.0.194 to 1.0.197.

Changes in this update:

v1.0.195:
- Fix use of uninitialized value in let_cxx_string! on panic
  inside initialization expression

v1.0.196:
- Migrate to Rust 2024 edition

v1.0.197:
- Restore RefUnwindSafe for let_cxx_string in async contexts
- Use link_deps in Cargo bazel metadata

Assisted-by: Kiro CLI 2.12.0 (AI assistant)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-14 10:25:16 -07:00
Priyansh Jain 9288bef519 thermald: upgrade to 2.5.12
- Upgrade to 2.5.12
- Rename recipe to thermald_2.5.12.bb
- Drop backport patches as they are included in 2.5.12 release:
  - 0001-Refactor-Intel-specific-logic-into-separate-files.patch
  - 0002-Invoke-parser_init-before-platform_match.patch
  - 0003-Add-ARM-backend-and-enable-ARM-platform-detection.patch

Upstream 2.5.12 includes platform support refactoring (including ARM
path), additional CPU IDs, parser/data-vault robustness improvements,
and security/hardening fixes in config/sysfs handling.

Changes since v1:
- Add ;tag=v${PV} to SRC_URI for tag validation

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-14 10:25:16 -07:00
Khem Raj 1656c0abb5 bpftrace: fix patch context so -fno-stack-protector applies to test object
The 0003 patch that links the data_source test carrier binary without
the host runtime also adds -fno-stack-protector to the object compile
line, needed because host gcc toolchains default to
-fstack-protector-strong and the -nostdlib link then fails with:

  data_source.c:212: undefined reference to `__stack_chk_fail'

However patch 0001 (DEBUG_PREFIX_MAP) runs first in SRC_URI and rewrites
the same compile line to insert ${DEBUG_PREFIX_MAP_LIST}, so 0003's
first hunk no longer matched the tree and the -fno-stack-protector flag
was silently dropped from the object compile (it only landed on the
link line). Rebase 0003's first hunk onto the post-0001 context so the
flag is applied where it is needed.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-12 17:39:44 -07:00
Khem Raj 00e7a91180 sysdig: Use LuaJIT headers to match the linked LuaJIT library
csysdig fails to link when stock Lua is also present in the sysroot:

  ld.lld: error: undefined symbol: luaL_openselectedlibs
  >>> referenced by chisel.cpp:1190
  ld.lld: error: undefined symbol: lua_pcallk
  ld.lld: error: undefined symbol: lua_setglobal

sysdig's chisel code does #include "lua.h" and links against LuaJIT
(lua${JIT}), but the recipe-sysroot also carries stock Lua headers
(openembedded-core lua installs lua.h into ${includedir}). Those headers
win the include search over ${includedir}/luajit-2.1, so the chisel
objects are compiled against stock Lua while the binary links
libluajit-5.1.so. In Lua >= 5.4.4 luaL_openlibs is a macro for
luaL_openselectedlibs and lua_setglobal/lua_pcallk are real symbols,
none of which LuaJIT (a Lua 5.1 ABI) provides, hence the undefined
references. -DLUA_INCLUDE_DIR does not help: sysdig's luajit.cmake only
consults it in its stock-Lua fallback, not when it finds LuaJIT.

Prepend ${STAGING_INCDIR}/luajit-2.1 to CFLAGS/CXXFLAGS. These land in
CMAKE_CXX_FLAGS, which precede CMake's generated -I includes, so LuaJIT's
lua.h is found first and matches the linked library.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-12 17:39:43 -07:00
Khem Raj e8b8f3ddd9 bpftrace: link test data source binary without host runtime
The build host HOME directory check recently added to OE-Core's
buildpaths QA test flags the ptest gtest binary:

WARNING: bpftrace-0.25.1-r0 do_package_qa: QA Issue: File
/usr/lib/bpftrace/ptest/tests/bpftrace_test in package bpftrace-ptest
contains a reference to the build host HOME directory. [buildpaths]

WARNING: bpftrace-0.25.1-r0 do_package_qa: QA Issue: File
/usr/lib/bpftrace/ptest/tests/.debug/bpftrace_test in package
bpftrace-dbg contains a reference to the build host HOME directory.
[buildpaths]

cmake/BuildBPF.cmake links the intermediate DWARF carrier binary
data_source_exe with the plain build host gcc, which bakes the host
dynamic loader's absolute path into the PT_INTERP segment. With a
distro gcc that is an innocuous /lib64/ld-linux-x86-64.so.2, but when
the host toolchain is a buildtools-extended/SDK gcc installed under
the build user's home directory (as on the autobuilder workers), it
is a $HOME-prefixed path like

  /srv/pokybuild/.../buildtools/sysroots/x86_64-pokysdk-linux/lib/ld-linux-x86-64.so.2

The executable is then embedded byte-for-byte into bpftrace_test via
embed()/xxd (tests/data/CMakeLists.txt), so the path ends up in the
test binary's .rodata, triggering the bpftrace-ptest warning. And
because cmake/Embed.tmpl declares the embedded blob as a constexpr
array, gcc additionally copies its contents into .debug_info as
DW_AT_const_value, which is how the same string survives
objcopy --only-keep-debug into the split debug file, triggering the
bpftrace-dbg warning. This is the same embedding mechanism that
previously leaked TMPDIR paths, fixed for the compile step by the
DEBUG_PREFIX_MAP patch; the link step was still leaking.

The tests only write this binary to a temp file and use it as a
uprobe target (tests/dwarf_common.h), parsing its DWARF and symbols;
it is never executed. So link it with -nostdlib -no-pie -Wl,--entry=0:
no interpreter, no host crt objects, no dynamic segment, and thus
nothing host-specific in the embedded blob. Function symbols, DWARF
type information and the pahole -J BTF encoding step are unaffected,
and the field_analyser_dwarf ptests still pass.

Because the object is now linked -nostdlib it must not reference the
libc stack-protector runtime. Host gcc toolchains that default to
-fstack-protector-strong (e.g. Debian/Ubuntu and the Yocto
autobuilder workers) otherwise leave an undefined reference and the
link fails:

  ld: data_source.o: in function `main':
  data_source.c:212: undefined reference to `__stack_chk_fail'
  collect2: error: ld returned 1 exit status

Compile the object and link the binary with -fno-stack-protector; the
canary is irrelevant to a DWARF/BTF carrier that is never run.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-12 17:39:43 -07:00
Khem Raj ebde9459c8 sysdig: Fix intermittent missing libsinsp/libscap headers on rebuild
do_compile could fail with many:

  fatal error: 'libsinsp/sinsp.h' file not found
  fatal error: 'sinsp.h' file not found
  fatal error: 'libscap/strl.h' file not found

across all userspace/sysdig objects, even though the headers exist in
the fetched falcosecurity-libs source.

The add_library de-duplication patch guarded the libscap/libsinsp
modules with a HAVE_LIBSCAP/HAVE_LIBSINSP flag set as CACHE INTERNAL.
Because that value persists in CMakeCache, ninja's build-time
regeneration rule (cmake --regenerate-during-build, which fires whenever
a CMake input's timestamp changes between do_configure and do_compile)
re-runs cmake with the flag already true. The libscap/libsinsp
add_subdirectory() is then skipped, dropping the scap/sinsp targets and
their PUBLIC include directories, so target_link_libraries(sysdig sinsp)
degrades to a bare -lsinsp with no header propagation.

Guard on target existence (if(NOT TARGET scap|sinsp)) instead. Target
existence is global within a single cmake run -- so it still prevents
the duplicate add_library -- but is not persisted across runs, so the
modules are correctly re-processed on every regeneration.

Verified: a build-time cmake regeneration now keeps the libsinsp/libscap
object rules and falcosecurity-libs include paths in build.ninja, and a
full clean build plus a post-touch recompile both succeed.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-12 17:39:43 -07:00
Antonios Christidis 1e4599311b opencl-cts: Suppress -Wfree-nonheap-object compiler warning
Suppress warnings from -Wfree-nonheap-object check. The warning occurs during
std::vector cleanup when deallocating memory with offset pointers for
test "compare_pointers" only on 32 bit platforms.

/recipe-sysroot/usr/include/c++/16.1.0/bits/new_allocator.h:183:66: error: 'void operator delete(void*, std::size_t)' called on pointer '__result' with nonzero offset 24 [-Werror=free-nonheap-object]
  183 |         _GLIBCXX_OPERATOR_DELETE(_GLIBCXX_SIZED_DEALLOC(__p, __n));
      |                                                                  ^
/test_conformance/generic_address_space/basic_tests.cpp: In function 'int test_compare_pointers(cl_device_id, cl_context, cl_command_queue, int)':
/test_common/harness/testHarness.h:151:9: note: declared here
  151 |     int test_##name(cl_device_id device, cl_context context,                   \
      |         ^~~~~
/test_common/harness/testHarness.h:154:29: note: in expansion of macro 'REGISTER_TEST_VERSION'
  154 | #define REGISTER_TEST(name) REGISTER_TEST_VERSION(name, Version(1, 2))
      |                             ^~~~~~~~~~~~~~~~~~~~~
/test_conformance/generic_address_space/basic_tests.cpp:776:1: note: in expansion of macro 'REGISTER_TEST'
  776 | REGISTER_TEST(compare_pointers)
      | ^~~~~~~~~~~~~

Signed-off-by: Antonios Christidis <a-christidis@ti.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-12 17:39:43 -07:00
Khem Raj 9da1a500c8 postgresql: adapt to systemd-systemctl-native merge into systemd-tools-native
oe-core merged systemd-systemctl-native into systemd-tools-native and moved
the PACKAGE_WRITE_DEPS on the native systemctl out of systemd.bbclass into
systemd itself. As a result:

- The PACKAGECONFIG[systemd] dependency on systemd-systemctl-native no longer
  resolves ("Nothing PROVIDES systemd-systemctl-native"). systemctl is a
  rootfs-time tool and was never needed to build postgresql, so drop it from
  the build dependencies.
- The pkg_postinst runs systemctl at rootfs time when both systemd and
  sysvinit are enabled. Since systemd.bbclass no longer adds the native tool
  to PACKAGE_WRITE_DEPS, declare it explicitly (as systemd-tools-native),
  guarded by the same DISTRO_FEATURES condition, mirroring how oe-core's
  keymaps/initscripts recipes handle it.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-11 21:06:09 -07:00
Peter Kjellerstedt 6c10e92dcc pegtl: Correct the license to BSL-1.0
The license was changed from MIT to BSL-1.0 in release 4.0.0.

Also set SUMMARY instead of DESCRIPTION, and fix some whitespace.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-11 17:51:59 -07:00
Khem Raj eb86706cf0 uim: fix cross-build segfault by loading native plugins in uim-module-manager
The target build runs uim-module-manager (from uim-native, via PATH) to
generate scm/installed-modules.scm. Module registration makes the tool
uim_init() and dlopen the uim C plugins found in LIBUIM_PLUGIN_LIB_DIR,
which scm/Makefile hardcodes to the target build's uim/.libs. The native
uim-module-manager therefore loads target objects (and, transitively, the
target libuim) into the native process, which crashes do_compile when the
build host ABI differs from the target:

  make[1]: *** [Makefile:869: installed-modules.scm] Segmentation fault

seen building for x86-64-v3-poky-linux on an x86-64 host.

Make LIBUIM_PLUGIN_LIB_DIR overridable in scm/Makefile.am and point it at
the native plugin directory (${STAGING_LIBDIR_NATIVE}/uim/plugin) for the
target build, so the native tool loads compatible native plugins. The
generated installed-modules.scm is architecture independent, so the result
is unchanged. The native build is unaffected (the patch and override are
class-target only).

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-10 19:39:15 -07:00
Khem Raj 7ff163dd54 fex: force use of bundled fmt to fix build against fmt 12.2.0
FEX-2607 formats std::byte spans via fmt::join, which its pinned bundled
fmt 12.1.0 supports but oe-core's fmt 12.2.0 rejects, breaking do_compile:

  fmt/base.h: error: implicit instantiation of undefined template
  'fmt::detail::type_is_unformattable_for<fmt::join_view<...std::byte*...>, char>'
  ninja: build stopped: subcommand failed.

The recipe already dropped fmt from DEPENDS to build the bundled copy, but
FEX only falls back to External/fmt when find_package(fmt) fails. fmt-native
is still pulled in as a transitive native dependency, and OE's
CMAKE_FIND_ROOT_PATH includes the native sysroot for packages, so
find_package(fmt) resolves against recipe-sysroot-native and the target
compile picks up the incompatible fmt 12.2.0 headers.

Set CMAKE_DISABLE_FIND_PACKAGE_fmt=ON so find_package(fmt) reports not-found
and FEX builds the bundled fmt 12.1.0.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-10 18:32:41 -07:00
Khem Raj 5c93a46759 fex: Upgrade to FEX-2607 release
Bump the FEX srcrev to the FEX-2607 tag and resync the vendored externals
to that release's submodule pointers: drop jemalloc (non-glibc) and
robin-map, which upstream replaced with rpmalloc and unordered_dense.

Additional build fixes required by this release:

- Disable FEX's internal ccache (-DENABLE_CCACHE=OFF); it collides with
  OE's ccache class and double-wraps the compiler.
- Build fmt from the bundled External/fmt submodule instead of the system
  copy. FEX-2607 formats std::byte spans via fmt::join, which its pinned
  fmt 12.1.0 supports but oe-core's newer fmt 12.2.0 rejects.
- Stop FEX from stripping binaries at link time so OE can split out debug
  information and the already-stripped QA check passes.

Built for qemuarm64.

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-09 09:11:14 -07:00
Wang Mingyu 1d4b9aa359 upower: upgrade 1.91.2 -> 1.91.3
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:07 -07:00
Wang Mingyu 041e9b73bb ssh-audit: upgrade 3.3.0 -> 3.9.0
License-Update: Copyright year updated to 2026

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:06 -07:00
Wang Mingyu 43fc425c32 smarty: upgrade 5.8.3 -> 5.8.4
Changelog:
============
- Fixed a 'TypeError' on PHP 8 when 'Security::$static_classes' was set to a
  non-array value (e.g. the string ''none'') to disable static class access;
  any non-array value now cleanly denies access. Use 'Security::$static_classes =
  null' to disable access to all static classes.
- Security: the built-in 'stream:' resource type now validates the nested
  stream wrapper against the security policy, so a template such as
  'stream:php://filter/...' can no longer bypass 'Security::$streams' (including
  'Security::$streams = null') to read local files

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:06 -07:00
Wang Mingyu d75934eb18 rabbitmq-c: upgrade 0.16.0 -> 0.17.0
Changelog:
===========
- Fix size_t overflow in 'amqp_decode_bytes' bounds check leading to
  out-of-bounds read (GHSA-jgjf-7fwf-f3c7, #888)
- Fix heap buffer overflow in 'amqp_frame_to_bytes' for oversized body frames
  (GHSA-hfjv-vcp3-39wh, #892)
- 'librabbitmq-tools' fall back to the 'AMQP_URL' environment variable when no
  connection options are given on the command line (#887)
- Fix undefined behavior in 'amqp_decode_properties' when decoding
  content-header property flags (#883, #885)
- Fix 'ioctlsocket' type mismatch on Windows (#890)
- Document buffer lifetime requirement of 'amqp_decode_table''s encoded buffer
  to prevent use-after-free misuse (#895)
- 'librabbitmq-tools' now enable default SSL certificate verification paths
  unless '--no-default-cert-paths' is passed (fixes #868, #893)
- Building the tools now requires POPT v1.14 or newer

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:06 -07:00
Wang Mingyu 9a28381414 ostree: upgrade 2026.1 -> 2026.2
0001-trivial-httpd-Fix-const-correctness-of-slash-pointer.patch
removed since it's included in 2026.2

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:03 -07:00
Wang Mingyu 0c7930db93 ndctl: upgrade v84 -> v85
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:03 -07:00
Wang Mingyu 837affbf94 mm-common: upgrade 1.0.7 -> 1.0.8
Changelog:
============
* doc-reference.am: Distribute .svg files from the HTML directory
* Add skeletonmm/tools/generate_from_gir.sh
* Allow -Duse-network=if-no-local-tag-file (new default value)
* Replace gtkmm.org by gtkmm.gnome.org.
* Require meson >= 0.62.0

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:03 -07:00
Wang Mingyu 851b222a4a libxmp: upgrade 4.7.0 -> 4.7.1
Changelog:
==========
- Add xmp_set_player(ctx, XMP_PLAYER_DEFPAN, 50) to relevant examples
  in libxmp.rst and in the examples directory, clarify it must be
  used BEFORE calling xmp_load_module, and recommend its usage.
- Fix crashes and other bugs in the smix API.
- Rewrite the smix API WAV loader to support stereo samples.
- Fix XM channel default instrument memory (should be no instrument).
- Fix IT high offset being applied when no Oxx effect is present.
- Fix IT offsets >length setting the offset to sample end instead of 0
  in new effects mode.
- Fix conversion of MED synth/hybrid finetune.
- Fix Magnetic Fields Packer track loading and optimize tracks.
- Fix path_join when loading a module from the current directory.
- Fix loading truncated Startrekker AM instruments.
- Startrekker AM instruments now take precedence over sampled
  instruments in the same slot (fixes GTS/fa.worse face.mod and
  WOTW/intro 12.mod).
- Fix StarTrekker AM instrument envelope, P.FALL, and FQ toneporta
  bugs by reimplementing these features using extras (fixes
  Epsilon (ES)/frankie.mod, WOTW/intro 12.mod, maybe others).
- Allow Archimedes MUSX modules to load if the SDAT instrument
  subchunk is broken (fixes 5-OverPar).
- Fix various -fsanitize=shift-base warnings:
- Prevent overflow read in lha depacker pm2 decoder.
- Add OS/2 EMX makefiles for KLIBC environment. Build tested under linux
  using cross-os2emx toolchain at https://github.com/komh/cross-os2emx
- Build the PDF without date information to improve reproducibility.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:02 -07:00
Wang Mingyu 15024435a7 libsdl3: upgrade 3.4.10 -> 3.4.12
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:02 -07:00
Wang Mingyu c63bd731e4 imagemagick: upgrade 7.1.2-26 -> 7.1.2-27
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:02 -07:00
Wang Mingyu 73e6c67465 graphviz: upgrade 15.0.0 -> 15.1.0
Changelog:
=============
- When using the fdp layout algorithm ('dot -Kfdp …' or 'fdp …'), a new command
  line option '-Lm…' is supported for controlling the "m-limit".
- The vt plugin has a new option for using Unicode octant characters to render
  8-pixels-per-cell output, '-Tvt-8up2'.
- When building from source from a Git checkout, builds with
  '--disable-python'/'--disable-python3' once again work.
- Gvedit no longer leaves temporary files on disk when previewing.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:02 -07:00
Wang Mingyu 57de930d76 geoclue: upgrade 2.8.1 -> 2.8.2
Fixes:
- Accept NMEA GGA sentences with 11 or more parts (needed 14 or more previously)
- Use async D-bus 'Set' methods to set client properties in libgeoclue to improve robustness
- Do not change Client Location property on updates which are below threshold to avoid leaking location to D-bus
- Ignore wired WPA interfaces when finding an interface for WiFi scanning

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:02 -07:00
Wang Mingyu b5741b081f ctags: upgrade 6.2.20260628.0 -> 6.2.20260705.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:01 -07:00
Wang Mingyu c75b94b284 bcc: upgrade 0.36.1 -> 0.37.0
0001-Add-ARM64-syscall-prefix-detection-in-C-API.patch
0002-Add-riscv-syscall-prefix-detection-in-C-API.patch
0003-folly-tracing-Remove-x86-specific-naming-from-tracin.patch
0004-folly-tracing-Add-ARM-and-AArch64-support-to-static-.patch
0001-Fix-build-with-LLVM-22.patch
removed since they're included in 0.37.0

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-08 11:05:01 -07:00
Jason Schonberg 0770ef4043 c-ares: upgrade 1.34.6 -> 1.34.8
Version 1.34.8 is a bug fix (a regression that shipped with version 1.34.7)

Version  1.34.7 is a security fix addressing memory leaks, null pointer
  dereferences, denial of service, use after free etc.  Fixes CVE-2026-33630

Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.8
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.7

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 22:18:49 -07:00
Alex Kiernan 4c9bde7759 minisign: Add recipe
Dead-simple Ed25519 file signing tool.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 11:22:40 -07:00
Jason Schonberg 34b5cd16f1 php: upgrade 8.5.7 -> 8.5.8
This is a security release.

Changelog: https://www.php.net/ChangeLog-8.php#8.5.8

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:30:26 -07:00
Wang Mingyu d064444785 fastfetch: drop drm-amdgpu and split vaapi into va-drm/va-x11
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:30:26 -07:00
Ross Burton f39021c5df uutils-coreutils: delete .cargo/config.toml
This file hardcodes a specific compiler for aarch64-linux builds, which
is not the compiler that we provide.  As it's otherwise useless, we can
just delete the file.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:02 -07:00
Etienne Cordonnier 9aef1f7ee6 ttf-noto-emoji: upgrade 20200916 -> 2.051
- NotoEmoji-Regular.ttf was removed upstream in https://github.com/googlefonts/noto-emoji/commit/1442f6acc8463c428c8b38fc558e87c28d8efa5b
- A new COLRv1 format is provided, with a smaller file-size

Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Bartosz Golaszewski 9796702aa7 libgpiod: update to v2.3.1
This bugfix release addresses several build issues after the transision
to meson. These bugs didn't really affect the yocto recipe but let's
update the package for completness.

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:01 -07:00
Trevor Woerner e5ba52fcca gd: add missing library deps to PACKAGECONFIG entries
The PACKAGECONFIG entries introduced by the conversion were all missing
their build-dependency in the third field (the only exception was raqm,
which already had libraqm there).  As a result the hard-coded DEPENDS
line was compensating by always pulling in every library regardless of
which features were actually selected.

Evidence from the configure logs confirms which libraries were found or
missed across the three configurations:

  pre-conversion:
    checking for zlib... yes
    checking for libpng... yes
    checking for freetype2 >= 9.8.3... yes
    checking for libjpeg... yes
    checking for libtiff-4... yes

  post-conversion, unfixed (zlib, png, and tiff checks absent entirely):
    checking for freetype2 >= 9.8.3... yes
    checking for libjpeg... yes

  post-conversion, fixed:
    checking for zlib... yes
    checking for libpng... yes
    checking for freetype2 >= 9.8.3... yes
    checking for libjpeg... yes
    checking for libtiff-4... yes

Add the correct Yocto package name to the third field of every entry:
  avif       -> libavif
  fontconfig -> fontconfig
  freetype   -> freetype
  heif       -> libheif
  jpeg       -> jpeg
  liq        -> libimagequant
  png        -> libpng
  tiff       -> tiff
  webp       -> libwebp
  x          -> virtual/libx11
  xpm        -> libxpm
  zlib       -> zlib

With the dependencies now managed by PACKAGECONFIG, the unconditional
DEPENDS assignment is redundant and can be removed.

Fixes: be9f029b6c ("gd: Support PACKAGECONFIG")
AI-Generated: codex/claude-sonnet 4.6 (high)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Trevor Woerner fcf56020b9 gd: restore png, zlib, and tiff in the default PACKAGECONFIG
Before the PACKAGECONFIG conversion, png, zlib, and tiff support was
always enabled: those libraries were in DEPENDS and autoconf picked
them up automatically because no --without-* flag was passed for them.
The conversion introduced a regression by not including them in the
default PACKAGECONFIG, causing the mechanism to emit --without-png,
--without-zlib, and --without-tiff, silently disabling those features.

Evidence from the configure logs:

  pre-conversion:
    --with-jpeg=<sysroot>/usr/lib/.. --with-freetype=yes
    --without-fontconfig --without-webp --without-xpm --without-x
    (no --with/--without for png, zlib, or tiff; autoconf detects them)

  post-conversion, unfixed:
    --with-freetype --with-jpeg
    --without-png --without-tiff --without-zlib   <-- regression

  post-conversion, fixed:
    --with-freetype --with-jpeg
    --with-png --with-tiff --with-zlib             <-- restored

Add png, zlib, and tiff to the default PACKAGECONFIG so the out-of-
the-box feature set is unchanged from before the conversion.

Fixes: be9f029b6c ("gd: Support PACKAGECONFIG")
AI-Generated: codex/claude-sonnet 4.6 (high)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Michael Fitzmayer 8cc4e2f214 canvenient: update to version 1.02
- New API function: can_find_interfaces_mask()

License-Update: update year in copyright

Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Michael Fitzmayer ae8eecd7c8 canopenterm: update to version 2.03
License-Update: copyright year span has been updated.

- Added new script to interface CiA 305: Layer setting services (LSS)
- New API function to set baud rate: can_set_baudrate()
- Remove usage of white text-color

Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Wang Mingyu c564a7e833 tigervnc: Fix do_configure Error
update version of xorg-xserver according to oe-core
WARNING: tigervnc-1.16.2-r0 do_configure: TigerVNC xorg-server version (21.1.22) is different from oe-core's xorg-xserver version (21.1.23)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Claus Stovgaard da27b5fb74 android-tools: fix native build
The native tools include compilation of zip_writter, where it include
gtest/gtest_prod.h. So native build need to depend on gtest-native.

Signed-off-by: Claus Stovgaard <claus@stovgaard.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-07 00:29:00 -07:00
Khem Raj 155fd062e2 pcp: Add readline-native and ncurses-native to pcp-native DEPENDS
pcp-native compiles the pcp sources src/pmns/lex.l which does
'#include <readline/readline.h>'. The native recipe only depended on
python3/setuptools/flex/bison, so with the header search correctly
limited to the sysroot
0001-configure-Limit-the-header-search-to-sysroot.patch
the build fails on hosts without readline development headers installed:

    lex.l:25:10: fatal error: readline/readline.h: No such file or directory

Depend on readline-native (and ncurses-native, which readline links
against) so the headers and libraries come from the native sysroot
rather than the build host, mirroring the target recipe DEPENDS. This
makes the native build reproducible and host independent.

Verified by building pcp-native from scratch

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-07-01 00:05:35 -07:00
Khem Raj 63a5292025 crash: Fix cross compilation for 32-bit arm
The upstream crash Makefile CONF_TARGET_ARCH mapping (used when
CROSS_COMPILE is set) enumerates most of OE supported arches
but omits 32-bit arm. Building with CROSS_COMPILE=arm-*
therefore aborts at Makefile parse time:

    Makefile:75: *** The current Arch(arm) does not support cross compilation.  Stop.

ARM is already a valid crash target (defs.h/configure.c), so add a patch
mapping the normalized "arm" arch to CONF_TARGET_ARCH=ARM like every
other supported arch.

Verified by cross building crash for qemuarm (arm-yoe-linux-gnueabi-):

Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Cc: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>
2026-06-30 23:37:18 -07:00
Qliangw cd75edf25d libuio: fix FILE descriptor leak
The function uio_line_from_file() fails to close the FILE pointer
when fgets() returns NULL, causing a file descriptor leak.

This can be triggered when reading from /sys files that return
empty content, leading to resource exhaustion over time.

Fix this by using goto-based error handling to ensure fclose()
is called on all exit paths.

Signed-off-by: Qliangw <qili00001@gmail.com>
2026-06-30 23:37:18 -07:00
Tim Orling f1e12abbd3 valkey: upgrade 9.0.4 -> 9.1.0
* Refresh lua-update-Makefile-to-use-environment-build-setting.patch
* Use ${@oe.utils.trim_version(d.getVar('PV'), 2)} to dynamically
  determine branch= in SRC_URI

Valkey 9.1.0 GA - Released Tue May 19 2026
---------------------

Upgrade urgency LOW: This is the first stable release of Valkey 9.1.

* Security fixes
  - (CVE-2026-23479) Use-After-Free in unblock client flow
  - (CVE-2026-25243) Invalid Memory Access in RESTORE command
  - (CVE-2026-23631) Use-after-free when full sync occurs during a
    yielding Lua/function execution

* New Features and enhanced behavior
  - Add cluster bus network traffic usage metric in bytes by @hpatro
    (#3396)
  - Reduce latency spikes during rehashing via incremental page release
    by @chzhoo (#3481)

* Bug Fixes
  - Fix(syncio): Set errno on EOF in syncRead and propagate to
    conn->last by @abmathur-ie (#3580)
  - Fix GEOSEARCH BYPOLYGON leak on invalid COUNT by @bandalgomsu (#3568)
  - Handle NULL pointer in streamTrim listpack delta calculation by
    @smkher (#3591)
  - Fixes server crash when RDMA benchmark clients disconnect by
    @quanyeyang (#3448)
  - Fix the memory leak in valkey-benchmark by @nmvk (#3643)

Release announcment:
https://valkey.io/blog/valkey-9-1-delivers-improvements-in-security-performance-and-more/

For full comparison of changes, see:
https://github.com/valkey-io/valkey/compare/9.0.4...9.1.0

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 23:35:39 -07:00
Wang Mingyu aa4d8aea4b xclock: upgrade 1.1.1 -> 1.2.0
License-Update: Removed the words "All rights reserved"

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu 17d8f29cf6 uthash: upgrade 2.3.0 -> 2.4.0
License-Update: Copyright year updated to 2026

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu e6fd95cd39 smarty: upgrade 5.8.0 -> 5.8.3
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:24 -07:00
Wang Mingyu 69779c01a9 rasdaemon: upgrade 0.8.4 -> 0.8.5
Changelog:
===========
* rasdaemon: Add NVIDIA non-standard CPER decoder (Vera and Grace)
* rasdaemon: Add Intel Diamond Rapids, Granite Rapids, Sierra Forest, and Clearwater Forest support
* rasdaemon: Add Zhaoxin CPUs support for MCE record events
* rasdaemon: Fix uuid_le() buffer size calculation and SQLite API return code checks
* rasdaemon: Allow built-in or modules EDAC in status checks
* rasdaemon: Add RERI handler implementation
* ras-mc-ctl: Consolidate error counts by DIMM label
* ras-mc-ctl: Fix signal events query column
* ras-mc-ctl: Fix mc_event_trigger.local reference
* ras-mc-ctl: Correct --error-count alignment output
* ras-events: Fix event file endianness handling
* ras-aer-handler: Add support for AER triggers
* tracing: Address deprecated /sys/kernel/debug/tracing path
* ras-page-isolation.c: Clean up compiler warning
* types.c: Add missing newline at end of file
* Documentation: Update README.md and SECURITY.md

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:23 -07:00
Wang Mingyu d848372302 nano: upgrade 9.0 -> 9.1
Changelog:
==========
- When searching, the viewport is placed snug left where possible.
- The ability to read and write files in old Mac format was removed
  (that is: files that use a lone carriage return as line ending).
- The ^T toggle between WhereIs and GotoLine has been dropped.
- When --backup is active, in some situations no backup was made,
  or it had a wrong timestamp.  Both issues are fixed now.
- When nano crashes or is killed, any .save file is not chmodded
  to the permissions of the base file, nor chowned to its owner.
- M-Ins and M-Del have become rebindable.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:20 -07:00
Wang Mingyu 3772428e99 libass: upgrade 0.17.4 -> 0.17.5
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-06-30 14:31:19 -07:00