Changelog:
=============
- MIX_DestroyTrack may now be called from a mixer callback
- Fixed WAV decoding on big-endian systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Fixed sonames generation when using autotools
- Recovered an undocumented memory write feature lost because a "security" report.
- Fixed documentation pointers on visual studio project.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Fixes media length detection for Chrome on Linux (Media, Linux)
- Fixes segmentation fault when specifying unsupported modules on command line
- Disables usage of Netlink for Wi-Fi detection on s390x architectures (Wifi, Linux)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The dynamic-layers/clang-layer/ directory does not exist under meta-oe.
Remove the stale BBFILES_DYNAMIC references as they match nothing.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
A buffer overflow in dnsmasq’s extract_addresses() function allows
an attacker to trigger a heap out-of-bounds read and crash by
exploiting a malformed DNS response, enabling extract_name()
to advance the pointer past the record’s end.
Reference:
[ https://nvd.nist.gov/vuln/detail/CVE-2026-5172 ]
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
dnsmasqs extract_name() function can be abused to cause a heap buffer
overflow, allowing an attacker to inject false DNS cache entries,
which could result in DNS lookups to redirect to an attacker-controlled
IP address, or to cause a DoS.
Reference:
[ https://nvd.nist.gov/vuln/detail/CVE-2026-2291 ]
Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
PipeWire 1.6.5 (2026-05-13)
This is a bugfix release that is API and ABI compatible with the previous
1.6.x releases.
Highlights
- Fix muted output in some cases.
- Removed the pipe filter in filter-graph.
- More fixes and improvements.
PipeWire
- Fix an issue in pw-filter where it could end up in a loop where buffers
are stuck on a port and the port becomes silent. (#5249)
Modules
- Improve ROC receiver start/stop, fixes memory leaks. (#5250)
- Remove the pipe filter from filter-graph, it's broken by design and a
security nightmare.
- Fix the midi buffer size in jack-tunnel.
SPA
- Rate limit out-of-buffers errors. (#5249)
- Partially revert the line-out mute patch, it seems to break things and leave
audio muted when plugging-unplugging jacks. (#5246)
- Improve renegotiation in audioconvert when the graph rate changes and the
resampler was disabled. (#4933).
- Fix potential crash in alsa when logging.
Pulse-server
- A whole bunch of extra security checks and hardening fixes.
Older versions:
PipeWire 1.6.4 (2026-04-22)
This is a bugfix release that is API and ABI compatible with the previous
1.6.x releases.
Highlights
- Small improvements and seqfault fixes.
- Try to not emit ports that JACK doesn't understand. Fixes glitches in
ardour and other JACK apps.
PipeWire
- Refuse to load plugins and crash when pw_init() was not called. (!2784)
SPA
- Fix LADSPA plugin loading, support LADSPA_PATH ending with /
- Fix segfault in alsa-seq when removing devices in some cases. (#5221)
- Allow negative gain in mixer. (#5228)
- Improve alsa-seq port names, add : between client and port. (#5229)
- ACP: don’t override user-selected port on availability changes.
Bluetooth
- Backport some important fixes and minor improvements.
JACK
- Ignore non DSP ports to avoid emitting extra callbacks.
GStreamer
- Fix crop metadata.
Tools
- Fix WAVEX saving in pw-cat. (#5233)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patches to support newer toolchains added overtime
Add consolidated patch to support cross compiling
Use github for SRC_URI
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
libhandy was removed when g-s-m ported to GTK 4.
Update the DISTRO_FEATURES checks to use GTK3DISTROFEATURES.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
libhandy was removed when g-s-m ported to GTK 4.
gnome-common is not required now that g-s-m uses Meson not autoconf.
polkit was removed in g-s-m 3.36 (March 2020).
Update the DISTRO_FEATURES check, polkit isn't required but opengl is
via GTK 4.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Remove obsolete libdazzle and geocode-glib dependencies, these have been
removed upstream.
Change the DISTRO_FEATURES check so that opengl is required and any of
the GTK3DISTROFEATURES (x11 wayland) are present, as GTK 4 needs opengl
and supports either x11 or wayland.
Drop the sed on the generated enums, the generated files have relative
paths in now.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This was previously in oe-core but is being removed as it is no longer
used by anything in that layer. Some changes were made in the process of
moving the recipe to meta-oe:
- Inherit gnomebase, as this is a GNOME package
- Download the release tarball instead of a git clone
- Set the correct license, this is -or-later not -only. Add handy.h to
the license checksum to provide verification.
The final output is identical to the recipe in oe-core.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This was previously in oe-core but is being removed as it is no longer
used by anything in that layer.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Doing wifi without the regulatory database is not good, so add a runtime
dependency to iwd to ensure that it gets pulled into the image for the
kernel drivers to use.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
We have replaced p7zip more than 2 years, do not make 7zip provide
p7zip any more, then CVE scan on p7zip would be skipped
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* Refresh patch to mute patch-fuzz
* Remove 0001-makedefs-Account-for-linux-7.x-version.patch
* This upgrade include the following commit, which make postfix can
compile on latest stable ubuntu 26.04, which have Linux 7.x kernel
Postfix works on Linux 7.x kernels. Frank Scheiner. Files:
makedefs, util/sys_defs.h.
Changes:
https://www.ftp.saix.net/MTA/postfix/official/postfix-3.11.2.HISTORY
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
When jsoncpp is built with C++17, 1.9.7 drops several legacy overloads
that C++11 consumers can still link against.
Backport the upstream fix to restore compatibility.
Fixes errors such as:
| undefined reference to `Json::Value::operator[](char const*)'
Patch can be dropped when we move to 1.9.8.
Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add a systemd PACKAGECONFIG option to install nftables systemd unit files.
When "systemd" is present in DISTRO_FEATURES, the option is enabled and
the service is installed but disabled by default.
Signed-off-by: Piotr Wejman <piotr.wejman@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
=============
- Fix build with SWIG 4.4.
- Fix build in the event some parts of Boost are installed but Boost.Locale is not.
- Make GetClient() work in the OnClientGetSASLMechanisms module callback.
- Stop accidentally requiring new perl 5.35.1, regression from 1.10.0.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
============
(CVE-2026-23479) Use-After-Free in unblock client flow
(CVE-2026-25243) Invalid Memory Access in RESTORE command
(CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Wang Mingyu
Jiaying Song
Abhishek Bachiphale
Adam Duskett
Markus Volk
Khem Raj
Ross Burton
Hongxu Jia
Changqing Li
Jason Schonberg
Ernest Van Hoecke
Fabian Pflug
Piotr Wejman