Building the recipe on x86 platform fails with the following error:
| ../../git/src/utils.c: In function 'get_uint64':
| ../../git/src/utils.c:105:18: error: passing argument 1 of 'str_toul' from incompatible pointer type [-Wincompatible-pointer-types]
| 105 | str_toul(&defval, p, NULL, 16);
Upstream has already changed this function to avoid overflow due to the
size difference in the pointer - this change backports that patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
A fix was sent in:
https://lists.openembedded.org/g/openembedded-devel/message/116537
but it causes issues with clang as well as older gcc as reported on
ML and also in upstream PR:
https://github.com/openlink/iODBC/pull/111
Use gnu17 until this is properly resolved to avoid:
http://errors.yoctoproject.org/Errors/Details/852861/
In file included from ../../libiodbc-3.52.16/iodbc/execute.c:94:
../../libiodbc-3.52.16/iodbc/execute.c: In function '_ReBindParam':
../../libiodbc-3.52.16/iodbc/execute.c:643:49: error: too many arguments to function 'hproc3'; expected 0, have 8
643 | CALL_DRIVER (pstmt->hdbc, pstmt, retcode, hproc3,
| ^~~~~~
http://errors.yoctoproject.org/Errors/Details/853276/
../../libiodbc-3.52.16/iodbcinst/unicode.c: In function 'dm_AtoUW':
../../libiodbc-3.52.16/iodbcinst/unicode.c:1565:16: error: initialization of 'ucs4_t *' {aka 'unsigned int *'} from incompatible pointer type 'wchar_t *' {aka 'long int *'} [-Wincompatible-pointer-types]
1565 | ucs4_t *us = dest;
| ^~~~
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It was missing as the recipe is using --with-tirpc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapted for Walnascar
Signed-off-by: Gyorgy Sarvari <gyorgy.sarvari@gmail.com>
The currently generated LibVNCServerTargets.cmake will include the
following 'set_target_properties':
set_target_properties(LibVNCServer::vncclient PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
INTERFACE_LINK_LIBRARIES "systemd;/usr/lib/libz.so;/usr/lib/liblzo2.so;/usr/lib/libjpeg.so;/usr/lib/libgcrypt.so;/usr/lib/libgnutls.so"
)
INTERFACE_LINK_LIBRARIES here points to absolute paths which hardcodes
the library paths. From CMake doc [1]:
Note that it is not advisable to populate the INTERFACE_LINK_LIBRARIES
of a target with absolute paths to dependencies. That would hard-code
into installed packages the library file paths for dependencies as
found on the machine the package was made on.
This breaks krfb build (kde desktop sharing server) since CMake cannot
find these libraries. Removing the absolute paths solves the issue.
Note: I also added a 'inherit pkgconfig' since libvncserver uses it to
detect libsystemd presence.
1: https://cmake.org/cmake/help/latest/prop_tgt/INTERFACE_LINK_LIBRARIES.html
Signed-off-by: Marc Ferland <marc.ferland@sonatest.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2156942867)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is required in order to build krdp (KDE's remote desktop
integration).
The do_configure task for krdp expects both 'winpr-makecert3' and
'winpr-hash3' to be present, failure to do so results in:
| CMake Error at /path/to/krdp/6.4.4/recipe-sysroot/usr/lib/cmake/WinPR3/WinPRTargets.cmake:98 (message):
| The imported target "winpr-makecert" references the file
|
| "/path/to/krdp/6.4.4/recipe-sysroot/usr/bin/winpr-makecert3"
|
| but this file does not exist. Possible reasons include:
|
| * The file was deleted, renamed, or moved to another location.
|
| * An install or uninstall procedure did not complete successfully.
|
| * The installation package was faulty and contained
|
| "/path/to/6.4.4/recipe-sysroot/usr/lib/cmake/WinPR3/WinPRTargets.cmake"
|
| but not all the files it references.
|
| Call Stack (most recent call first):
| /path/to/krdp/6.4.4/recipe-sysroot/usr/lib/cmake/WinPR3/WinPRConfig.cmake:44 (include)
| /path/to/krdp/6.4.4/recipe-sysroot-native/usr/share/cmake-3.31/Modules/CMakeFindDependencyMacro.cmake:76 (find_package)
| /path/to/krdp/6.4.4/recipe-sysroot/usr/lib/cmake/FreeRDP3/FreeRDPConfig.cmake:2 (find_dependency)
| CMakeLists.txt:45 (find_package)
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Marc Ferland <marc.ferland@sonatest.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6c30f47645)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is a small version bump. It includes to following two
commits to fix CVE-2025-4565.
05ba1a810 Add recursion depth limits to pure python
1ef3f01c4 Internal pure python fixes
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
When building an SDK with lcov included, gcov isn't included in the SDK
by default. Running lcov to generate coverage fails, because it tries to
use the gcov binary from the host system instead and that cause problems
if the gcc versions do not match.
Signed-off-by: Jef Driesen <jefdriesen@telenet.be>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* Security:
* CVE-2025-4877 - Write beyond bounds in binary to base64 conversion
* CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file()
* CVE-2025-5318 - Likely read beyond bounds in sftp server handle management
* CVE-2025-5351 - Double free in functions exporting keys
* CVE-2025-5372 - ssh_kdf() returns a success code on certain failures
* CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding
* CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL
* Compatibility
* Fixed compatibility with CPM.cmake
* Compatibility with OpenSSH 10.0
* Tests compatibility with new Dropbear releases
* Removed p11-kit remoting from the pkcs11 testsuite
* Bugfixes
* Implement missing packet filter for DH GEX
* Properly process the SSH2_MSG_DEBUG message
* Allow escaping quotes in quoted arguments to ssh configuration
* Do not fail with unknown match keywords in ssh configuration
* Process packets before selecting signature algorithm during authentication
* Do not fail hard when the SFTP status message is not sent by noncompliant
servers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This upgrade includes fix for CVE-2025-50420.
poppler 25.08.0 changelog:
==========================
core:
* FormWidgetSignature::signDocumentWithAppearance: add imagePath parameter
* Fix parsing Distinguished Names that end with a hex string
* Fix crashes in malformed documents
glib:
* Add poppler_page_render_transparent_selection()
* Add missing since to the documentation
poppler 25.07.0 changelog:
==========================
core:
* Changed rendering of malformed documents to mimic what Adobe Reader does. Issue #1602
* Improvemenst in signature validation in the NSS backend
* Add more detailed output when signing fails
* Internal code improvements
* Fix crashes in malformed documents
utils:
* pdfsig: command line option for allowing PGP signatures in GnuPG backend
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original source URL is unavailable, so it has been replaced with the
official GitHub repository.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original tarball URL no longer provides version 1.7.3 or any other
historical releases.To ensure reproducible builds, the source has been
switched to the official GitHub repository.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original tarball URL is no longer valid, as it has been moved to an
archive location. This update points to the new location.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
PHP has removed the --with-zlib-dir configure option since that is now
taken over by pkg-config, this breaks building PHP on Walnascar when zip
is enabled via PACKAGECONFIG.
So remove it.
Signed-off-by: Gijs Peskens <gijs.peskens@munisense.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 90fa225b86)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
* Remove GLIBC_64BIT_TIME_FLAGS="" to enable _TIME_BITS=64 by default,
which avoids the following QA issue during builds on 32-bit systems:
WARNING: lib32-v4l-utils-1.24.1+git-r0 do_package_qa: QA Issue: /usr/bin/cec-compliance uses 32-bit api 'time'
* Undefine _TIME_BITS to fix the build error:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Remove unsupported '-mcpu=octeontx2+crypto' from BINDGEN_EXTRA_CLANG_ARGS
as clang does not recognize 'octeontx2' as a valid target CPU, causing
bindgen to fail when generating Rust bindings.
Since bindgen only parses headers using Clang, CPU-specific options
like -mcpu are generally unnecessary.
Fixes build failure:
| error: unsupported argument 'octeontx2+crypto' to option '-mcpu='
| error: unknown target CPU 'octeontx2'
Signed-off-by: Bo Sun <bo.sun.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix do_package_qa error by removing ${RECIPE_SYSROOT} from the installed xmlsec1-gnutls.pc file.
This ensures the generated .pc file does not leak build-time paths, complying with QA checks.
Fixes QA error:
ERROR: xmlsec1-1.3.7-r0.wr2500 do_package_qa: QA Issue: File /usr/lib/pkgconfig/xmlsec1-gnutls.pc in package xmlsec1-dev contains reference to TMPDIR [buildpaths]
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix HOMEPAGE
License Update: COPYING.GPL - whitespace changes and change of address of the
Free Software Foundation. COPYING.LGPL - whitespace changes and change of
address of the Free Software Foundation.
| checking for itstool... no
| configure: error: itstool not found
add itstool-native to DEPENDS to address configure failure.
| ERROR: glade-3.36.0-r0 do_configure: QA Issue: AM_GNU_GETTEXT used but no inherit gettext [configure-gettext]
inherit gettext to address QA error.
The code of gladeui/glade-command.c has changed from using
G_OBJECT (prop) to GLADE_PROPERTY (prop)
G_OBJECT (widget) to GLADE_WIDGET (widget)
thus resolving the incompatible pointer types seen in glade 3.22.2.
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(master: ecca54d930)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/valkey-io/valkey/releases/tag/8.1.1
Security fixes
(CVE-2025-21605) Limit output buffer for unauthenticated clients
Bug fixes
Fix the build on less common platforms in zmalloc.c
Fix: add samples to stream object consumer trees
Fix crash during TLS handshake with I/O threads
Fix cluster slot stats assertion during promotion of replica
Fix panic in primary when blocking shutdown after previous block with
timeout
Ignore stale gossip packets that arrive out of order
Fix incorrect lag reported in XINFO GROUPS
Fix engine crash on module client blocking during keyspace events
Avoid shard id update of replica if not matching with primary shard id
Only enable defrag for vendored jemalloc
Allow scripts to support null characters again
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.5
Security:
CVE-2025-31498. A use-after-free bug has been uncovered in read_answers() that was introduced in v1.32.3. Please see GHSA-6hxc-62jh-p29v
Changes:
Restore Windows XP support. PR #958
Bugfixes:
A missing mutex initialization would make busy polling for configuration changes (platforms other than Windows, Linux, MacOS) eat too much CPU PR #974
Pkgconfig may be generated wrong for static builds in relation to -pthread PR #965
Localhost resolution can fail if only one address family is in /etc/hosts PR #947
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog: https://github.com/c-ares/c-ares/releases/tag/v1.34.4
Changes:
QNX Port: Port to QNX 8, add primary config reading support, add CI build. PR #934, PR #937, PR #938
Bugfixes:
Empty TXT records were not being preserved. PR #922
docs: update deprecation notices for ares_create_query() and ares_mkquery(). PR #910
license: some files weren't properly updated. PR #920
Fix bind local device regression from 1.34.0. PR #929, PR #931, PR #935
CMake: set policy version to prevent deprecation warnings. PR #932
CMake: shared and static library names should be the same on unix platforms like autotools uses. PR #933
Update to latest autoconf archive macros for enhanced system compatibility. PR #936
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
==========
https://github.com/jqlang/jq/releases/tag/jq-1.8.0
Security fixes
* CVE-2024-23337: Fix signed integer overflow in jvp_array_write and jvp_object_rehash. @itchyny de21386
The fix for this issue now limits the maximum size of arrays and objects to 536870912 (2^29) elements.
* CVE-2024-53427: Reject NaN with payload while parsing JSON. @itchyny a09a4df
The fix for this issue now drops support for NaN with payload in JSON (like NaN123).
Other JSON extensions like NaN and Infinity are still supported.
* CVE-2025-48060: Fix heap buffer overflow in jv_string_vfmt. @itchyny c6e0416
* Fix use of uninitialized value in check_literal. @itchyny #3324
* Fix segmentation fault on strftime/1, strflocaltime/1. @itchyny #3271
* Fix unhandled overflow in @base64d. @emanuele6 #3080
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Praveen Kumar
Gyorgy Sarvari
Martin Jansa
Khem Raj
Hitendra Prajapati
Wang Mingyu
Marc Ferland
Chen Qi
Jef Driesen
Yogita Urade
Peter Marko
Jinfeng Wang
Jason Schonberg
Jiaying Song
Gijs Peskens
Jeroen Hofstee
Zhang Peng
Bo Sun
Yi Zhao
Changqing Li
Bastian Krause
Vijay Anusuri