There is a bug (see https://github.com/jqlang/jq/issues/434), which
results in an empty version being used if autoreconf is run on the jq
sources when using a release tar ball. The incorrect assumption is that
autoreconf is only used when fetching the code using Git.
The empty version results in an incorrect libjq.pc file being created
where the version is not set, which results in, e.g.,
`pkgconf --libs 'libjq > 1.6'` failing even if version 1.8.1 of jq is
actually installed.
Switch to fetching the code using Git to workaround the bug.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patch that was merged upstream.
License update: a copyright line was removed. The license is still MIT.
Changes:
Version 6.1.2
=============
Code Fixes
----------
* Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
but not the core library - library clients need not be alarned.
Version 6.1.1
=============
This release bumps the major version, but only one entry point -
EGifSpew() - has changed signature and behavior (in order to be able
to pass out a detailed error code). The internal error
codes in the E_GIF_ERR series have changed value so none of them
collides with GIF_ERROR.
This code has been systematically audited and hardened wuth
ChatGPT-5.2. The only library fixes reported by users or found by
robot were for some memory leaks that could only triggered by severely
malformed GIFs. Other bugs are edge-case failures in the CLI tools.
The gif2rbg CLI tool has been moved to the "obsolete" bin, because its
only deployment case in 2026 is as a piñata at fuzzer parties.
Warning: the CLI tools in the obsolete category will soon be removed
from the distribution entirely. The maintainer is tired of fielding
junk bugs filed against them by would-be coup-counters who found yet
another edge case, and the rest of the world doesn't need noisy CVEs
that aren't actually DoS or security issues for giflib clients.
Code Fixes
----------
* Fix for CVE-2021-40633.
* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap
* Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms
* Fix SF bug #172 Incorrect object files in shared libutil on darwin
* Fix SF bug #173 installation of manual pages and html documentation
* Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject
* Fix SF bug #177 wrong pointer used in giftool getbool
* Fix SF bug #179 Path Traversal vulnerability
* Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug
* Fix SF bug #182 out‐of‐bounds writes in Icon2Gif
* Fix SF bug #184 uninitialized buffer in DumpScreen2RGB
* Fix SF bug #185 integer overflow in gifbg.c
* Fix SF bug #186 integer overflow in Icon2Gif
* Fix SF bug #187: CVE-2025-31344
* Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow
* Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap
* Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c
* Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c
* Fix SF bug #142 ABI break public symbol GifQuantizeBuffer
Other bugs that duplicate these have breen addressesed by these fixes
* SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller
might want to write a GIF, modify the in-memory data, then write
again.
Tests
-----
Test suite now emits TAP (Test Anything Protocol).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- Add versioning
- New version to be able to use a proper version tag
in the Yocto recipe
Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
While in this case `SYSROOT_PREPROCESS_FUNCS:class-target +=` wouldn't
result in any unwanted override, there is no guarantee there won't be a
change, which would be hidden by this override. To avoid any surprises
in the future let's use `:append:class-target =` syntax here.
Signed-off-by: Michal Sieron <michalwsieron@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Isocline is a pure C library that can be used as an alternative to the GNU readline library.
Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
License-Update: Re-scope secondary licenses [1]
Release information [2]:
This is release 1.80.0 (glimmering) of gRPC Core.
Core
* [ssl] Implement TLS private key signer in Python. (#41701)
* [TLS Credentials]: Private Key Offload Implementation. (#41606)
* Fix max sockaddr struct size on OpenBSD. (#40454)
* [core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#41432)
* [TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#41484)
* [Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#41324)
* [EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#41502)
* [RR and WRR] enable change to connect from a random index. (#41472)
* [xds] Implement gRFC A101. (#41051)
C++
* [C++] Add SNI override option to C++ channel credentials options API. (#41460)
[1] https://github.com/grpc/grpc/commit/fb53717dfa6b264e7f930bb5e9a7e5c86a31ed9e
[2] https://github.com/grpc/grpc/releases/tag/v1.80.0
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
oe-core just moved from pkgconfig to pkgconf, which has broken the
ptest buikd due to how fragile the compilation was.
This will be revisited to build the tests properly, but for now simply
disable the ptests.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Added tag to SRC_URI.
Release information [1]:
1.9.7: Bugfixes, build system cleanups
What's Changed
* Fixes PreventInSourceBuilds.cmake to work with add_subdirectory by @morbo84 in #1383
* json_value.cpp bug in the edges of uint/int by @YaalLek in #1519
* Release 1.9.6 and move versions to 1.9.7 by @baylesj in #1566
* Fixed work secure_allocator on old compiers by @TsynkPavel in #1478
* Fix flag -DJSONCPP_USE_SECURE_MEMORY:BOOL=TRUE by @tfc in #1567
* fix(build): remove check_required_components for meson build by @chenrui333 in #1570
* the cgi module was removed from Python3.13 by @a-detiste in #1578
* Fix name of static library when targeting MinGW. by @mmuetzel in #1579
* Fix comparison warnings caused by 54fc4e2 by @JensMertelmeyer in #1575
* Drop pre-C++11 alternatives by @BillyDonahue in #1593
* feat: support std::string_view in Value API by @evalon32 in #1584
* Added Value::findType with String key by @SwintonStreet in #1574
* Set up for Bazel module builds. by @bcsgh in #1597
* Add a BUILD.bazel file for //example. by @bcsgh in #1602
* Fix "include what you use" issue by @victorvianna in #1625
* Make the build configuration under Bazel more correct. by @bcsgh in #1600
* Add Bazel tests by @bcsgh in #1601
* Return false in Reader::readValue when stack limit is exceeded by @xuhdev in #1619
* Remove deprecated/removed clang-tidy key AnalyzeTemporaryDtors (#1614) by @bmagistro in #1615
* [docs] Consuming JSONCpp via Conan package manager by @uilianries in #1622
* Cleanup README.md, fix broken link. by @baylesj in #1633
* Add gcovr.cfg to fix CI coverage merge errors by @baylesj in #1635
* Remove build directory exclusion from gcovr config by @baylesj in #1640
* Add test for allowDroppedNullPlaceholders by @baylesj in #1648
* Prevent test colision when running in parallel via RESOURCE_LOCK by @marty1885 in #1637
* fixup project version updater by @baylesj in #1649
* Update README with project status and focus by @baylesj in #1639
* Adding a cmake option to exclude the jsoncpp files from install. by @nv-jdeligiannis in #1596
* Change stack depth limit to 256 by @baylesj in #1657
* Fix uninitialized CMake variable in version.in by @baylesj in #1658
* Fix CMake deprecation warning for compatibility with CMake < 3.10 by @baylesj in #1659
* Scope JSON_DLL_BUILD to shared lib target only by @baylesj in #1660
* Fix number parsing failing under non-C locales by @baylesj in #1662
* Reject unescaped control characters in JSON strings by @baylesj in #1663
* Fix MSAN issue in #1626 by @baylesj in #1654
* Fix string_view ABI mismatch between library and consumers by @baylesj in #1661
* Revert "Fix number parsing failing under non-C locales" by @baylesj in #1664
* Fix use-after-free in Reader::parse(std::istream&) by @baylesj in #1665
* Update bazel config for 9.x by @keith in #1655
[1] https://github.com/open-source-parsers/jsoncpp/releases/tag/1.9.7
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The android-gadget-setup script currently hardcodes the USB vendor ID,
product ID, and configuration string. This makes it difficult for BSP
layers to customize USB gadget identity with platform specific values.
Introduce variables for the vendor ID, product ID, and configuration
string when populating the configfs attributes. This allows machine
or distro specific overrides via `/etc/android-gadget-setup.machine`,
while preserving the existing default values.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With the current recipe I am getting
```
gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory
```
on my aarch64 machine
This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries
Instead of copying the binary just directly execute it
Additionally remove the unnecessary download of the prebuilt gn binary
Signed-off-by: Willi Ye <zye2@snap.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add a recipe for the cxx crate, which provides a safe and efficient
bridge for interoperability between Rust and C++ code. It allows
defining the FFI boundary in a shared Rust module and generates
compatible bindings for both languages during the build process.
The crate is implemented in Rust and supports zero-overhead FFI with
common Rust and C++ standard library types.
More information: https://crates.io/crates/cxx
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fixes CVE-2026-3102
Changelog:
13.52:
- Added a number of new XMP tags written by Adobe software
- Added UTF-16 support for a few different metadata types in which only UCS-2
was previously implemented
- Added a few more Canon FlashModel values and decode FlashModel for the
5DmkII
- Added a new Canon LensType
- Added some missing file attribute bits to two of the new LNK tags
- Decode internal serial number for the 5DmkII
- Decode another OwnerName for the 5DmkII
- Decode some timed GPS for a couple of new DJI drones
- Enable WindowsLongPath by default only if Win32::API is available
- Renamed the Pentax K3III AFInfo tag to AFInfoK3III
13.51:
- Added a new Nikon LensID
- Decode more tags from Windows LNK files
- Decode another LIGOGPSINFO variant
- Decode some new Canon tags
- Decode some new Nikon tags
- Split decoding on Nikon BurstGroupID into separate tags
- Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4
videos introduced in 13.45
- Fixed bug generating the default-language version of
QuickTime:LocationInformation
13.50:
- Added a few new Sony lenses
- Added a couple of new Canon lenses
- Decode another Samsung trailer tag
- Decode BlackLevels from some Canon CRW files
- Updated Sony maker note decoding for the ILCE-7M5
- Patched potential MacOS security issue
- Fixed -list options so reading image files beforehand doesn't add tags to
the output when running multiple commands using the -execute feature
13.49:
- Decode a couple of new Samsung trailer tags
- Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the
changes can be worked through in detail
- Fixed problem where Google Photos had problems displaying ExifTool-edited
HEIC MotionPhoto images. Files written by older versions of ExifTool may be
repaired by re-writing with 13.49 or later
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The NEON SIMD fast path in the bundled llhttp calls
__builtin_ctzll(match_mask) without checking if match_mask is zero.
When all 16 bytes in a NEON register are valid header value characters,
match_mask is 0. Calling __builtin_ctzll(0) is undefined behavior.
GCC at -O2 exploits this by optimizing "if (match_len != 16)" to
always-true, causing HTTP 400 Bad Request for any header value longer
than 16 characters on ARM targets with NEON enabled.
Fix by explicitly checking for match_mask == 0 and setting
match_len = 16. This bug affects both aarch64 and armv7 NEON targets.
The code this patch modifies is generated, so the patch itself isn't
suitable for upstream submission, as the root cause of the error is
in the generator itself. The fix has been merged upstream[1] in
llparse 7.3.1 and is included in llhttp 9.3.1. This patch can be
dropped when nodejs updates its bundled llhttp to >= 9.3.1.
[1]: https://github.com/nodejs/llparse/pull/83
Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Retain Error.pgconn when raising a single exception for multiple connection attempt errors
- Return a proper error when server sends ErrorResponse for a Sync after a Parse
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add also native class to support building the library for the host
system to use it e.g. with the newer dynamic SDK.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Improve as_date narrowing conversion from C4244 warning
- update trait dependencies to support CMake v4
- Fix linter error
- Update workflows for new GitHub Action Runner Images
- Support passing ssl library key handles to algorithms
- Update CMP0135 to new behaviour
- Fix error in CMake config-file package
- CMake: synchronize cmake_minimum_required from main CMakeLists.txt
- Reduce usage of std::time_t, std::chrono::system_clock::to_time_t and
system_clock::from_time_t in order to get correct dates when working with a
32bit application
- Fix set_expires_in not accepting non-default Period
- AppVeyor Warnings
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A native version of libtoml11 may be needed for recipes such
as dnf5 in the future. Add it now.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changqing Li
Peter Kjellerstedt
Gyorgy Sarvari
Wang Mingyu
Michael Fitzmayer
Michal Sieron
Peter Marko
Khem Raj
Deepesh Varatharajan
Jason Schonberg
Ross Burton
Khem Raj
Viswanath Kraleti
Willi Ye
Andrej Kozemcak
Telukula Jeevan Kumar Sahu
Het Patel
Adrian Freihofer
Adam Duskett