Changelog:
6.2.19:
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
6.2.20:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade includes fixes for the following vulnerabilities:
CVE-2025-31176
CVE-2025-31178
CVE-2025-31179
CVE-2025-31180
CVE-2025-31181
This release supports qt4, qt5 and qt6 (the last one is new in this release).
There are 2 qt PACKAGECONFIGs now: qt5 and qt6 - they are mutually exclusive.
Since it is being touched, also fix lua PACKAGECONFIG, which requires lua-native
at build time.
Changelog:
http://gnuplot.info/ReleaseNotes_6_0_3.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upgrade contains fixes for the following vulenrabilities:
CVE-2025-8835, CVE-2025-8836, CVE-2025-8837
Changelog:
4.2.8:
Fixed a bug in the JPC decoder that could cause bad memory accesses
if the debug level is set sufficiently high.
4.2.7:
Added some missing range checking on several coding parameters in the
JPC encoder.
4.2.6:
Added a check for a missing color component in the jas_image_chclrspc
function.
Fixed a minor build problem related to the use of -Wstrict-prototypes
with Clang.
4.2.5:
Made a change to a configuration header file in order to avoid
undesirable compiler warnings when JasPer is used in C++ code
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs are for iperf3 - which is a similar application in its goals (and name),
but an independent project from this, and the projects are independent implementations
also, they share no common code.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release contains fixes for the following vulnerabilities:
CVE-2025-53014, CVE-2025-53015, CVE-2025-53019, CVE-2025-53101,
CVE-2025-55004, CVE-2025-55005, CVE-2025-55154, CVE-2025-55160,
CVE-2025-55212, CVE-2025-55298, CVE-2025-57803, CVE-2025-57807
Also remove jp2 PACKAGECONFIG: it was superseded by openjpeg
PACKAGECONFIG, which also provides jpeg 2000 support.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It's an optional dependency for pandas to provide ODS reader
and writer support. It complements spreadsheet support along
with python3-xlrd and python3-openpyxl, both of which are
part of meta-python already.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.25:
- Bump minimum Python version to 3.11
- Upgrade code to Python 3.11
- Move to pixi/uv/ruff
- Refactor compat to make it easier to test
- Implemented several pixi environment and tasks to simplify
development
- Add docs to the functions in pint.testing
- Fix round function returning float instead of int
- Fix return type of PlainQuantity.to
- Update constants to CODATA 2022 recommended values
- Fixed issue with .to_compact and Magnitudes with uncertainties
/ Quantities with units
- Fixed issue in unit conversion which led to loss of precision
when using decimal
- Add conductivity dimension
- Add absorbance unit and dimension
- Add membrane filtration flux and permeability dimensionality,
and shorthand "LMH"
- Fix find_shortest_path to use breadth first search
- Fix typo in pyproject.toml: rename AS_MIP to HAS_MIP so that
MIP support is correctly detected
- Fix handling of extra arguments in conversion with enabled
contexts
- Fix swapped left and right arguments in interp
- Fix formatted scientific notation bug in Python 3.13
- Fix ability to add dB units, and to add dB (dimensionless) to
referenced dB units, such as dBm or dBW
- Improve pressure unit definitions in default definition file
- Avoid and document known issues with MIP during install, testing
and runtime
- Fix issue with Dask by restricting its version to < 2025.3.0
- Skip false xfail tests linked to a known numpy issue
- Improve Contributing documentation
- Add Quantity.to_unprefixed` and `ito_unprefixed methods that
remove SI prefixes without converting to base units
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.3.92:
- Implement servo.inertia_feedforward for calculating a feedforward
term based on the control acceleration
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.8.0:
- Drop tomli in pyproject.toml
- Add scene status (active + last_recall) fields
- Update various models
- Add a few missing models to complete MotionAware
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.21.0:
- The reusable-cibuildwheel.yml workflow has been refactored to be
more generic and ci-cd.yml now holds all the configuration toggles
- When building wheels, the source distribution is now passed
directly to the cibuildwheel invocation
- Added CI for Python 3.14
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added a new patch to avoid unexporting some environment variables that are set
by the recipe explicitly, to avoid the following build error:
| Loading env...
| 'bootstrap-emacs' -batch --no-site-file --no-site-lisp -batch -l ja-dic-cnv \
| -f batch-skkdic-convert -dir "../../sources/emacs-29.2/leim/../lisp/leim/ja-dic" --no-reduction "../../sources/emacs-29.2/leim/SKK-DIC/SKK-JISYO.L"
<...>
| Error: <RECIP_SYSROOT_NATIVE>/usr/share/emacs/29.2/etc/charsets: No such file or directory
Changelogs:
29.2 - 29.4: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.29
30.1 - 30.2: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.30
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the recipes listed in OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES has
supported reproducibility, update OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES
to latest
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The type of new_value is either `npy_timedelta' or `int64_t'
In build/pandas/_libs/tslibs/timedeltas.cpython-313-x86_64-linux-gnu.so.p/pandas/_libs/tslibs/timedeltas.pyx.c
..
npy_timedelta __pyx_v_new_value;
...
In build/pandas/_libs/tslibs/timedeltas.cpython-313-x86_64-linux-gnu.so.p/pandas/_libs/tslibs/timedeltas.pyx.c
...
__pyx_t_5numpy_int64_t __pyx_v_new_value;
...
Explicitly define it as int64_t to assure the generated source is
reproducibility between builds
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
meson's rtti detection logic fails especially with
clang which disables rtti by default. The test is
triggerred in one of taisei's submodules especially
this commit [1], I think it should be something in
meson to fix in its rtti detection logic
Similarily LTO is only enabled when it is in distro
features, clang disables support for LTO in toolchain
when its not in distro features and linking fails since
it can not find linker plugin.
[1] https://github.com/taisei-project/basis_universal/commit/851bfc63fd0f9d00dd1a21fb542a9b8c0f7d06ec
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Stable release with fixes
Fixed the macOS build crashing on startup.
Fixed audio distortion when the audio device uses a sample rate other than 48 kHz.
Fixed the internal mixer_chunksize setting being ignored. This resulted in a larger audio buffer than intended, increasing latency.
Fixed some minor SDL3 migration issues, particularly in handling of IO errors.
Fixed mimalloc being built incorrectly as a subproject.
Debugging symbols for the official builds are now available as a separate download.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gyorgy Sarvari
Zoltán Böszörményi
Leon Anavi
Dmitry Baryshkov
Jason Schonberg
Tom Geelen
Hongxu Jia
Khem Raj