The tag is not on any branch.
Changelog:
https://github.com/fluent/fluent-bit/releases?q=4.2.3.1
Changes:
- release: update to 4.2.3
- copyright: update year to 2026
- filter_kubernetes: fix parser annotation leak
- github: scripts: commit_linter: Handle bin prefix for fluent-bit.c
- bin: Handle CONT signal properly under leaks command
- filter_wasm: Handle group metadata
- cmake: kafka: fix OAuth Bearer detection on Windows
- maintenance: update branch and security EOL info
- github: scripts: commit_prefix_check: add config format rules on linter
- readme: update active branch 4.2
- out_opentelemetry: on HTTP/2, read and process gRPC status code
- config_format: cf_yaml: Align the behavior of dirname against POSIX [Backport to 4.2]
- filter_log_to_metrics: fix initialization and exception cleanup
- out_stackdriver: clean up oauth2 cache lifecycle
- filter_kubernetes: Adjust cleanup ordering to avoid use-after-free [4.2 backport]
- in_winevtlog: Add text format for event rendering [Backport to 4.2]
- in_tail: Add skipped_lines counter [Backport to 4.2]
- in_splunk: Implement handling remote addr feature [Backport to 4.2]
- aws: switch AWS Endpoints for European Souvereign Cloud [4.2 backport]
- plugin_proxy: enable event_type specification for proxy plugins (4.2 Backport)
- in_splunk: Plug memory issues [Backport to 4.2]
- dockerfiles: install minimum components and avoiding to use includeRecommended
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
gdm requires dbus-run-session and fails to run
org.freedeskktop.systemd1 if using dbus-broker
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The cmake files files installed by this recipe check the existence of
the binaries in ${bindir}, and throw a fatal error in case it cannot
find the expexted files.
Due to this, it is not possible to include aom in other cmake project,
because it errors out:
The imported target "AOM::aomdec" references the file
|
| ".../recipe-sysroot/usr/bin/aomdec"
|
| but this file does not exist. Possible reasons include: ...
To avoid this error, incldue the content of bindir in the sysroot.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
1.21.2:
- build script for JS/WASM now supports building with JPEG2000
and "ISO23001-17 Uncompressed" support.
- image sequence SAI data now works when using the OpenH264 decoder plugin
1.21.1:
- This patch release only fixes a build error with some GCC versions
because of a missing #include.
1.21.0:
- CVE-2025-68431 fixed
- This release adds full support for reading and writing HEIF image sequences.
- libheif will now encode HEIF image sequences with all included codecs.
- Since HEIF image sequences are very similar to MP4 videos, this new version
is also capable of decoding most MP4 videos (without audio, of course).
- Support for image sequences with alpha channels. For most codecs, the alpha
channel will be stored in a separate, auxiliary, monochrome track. For
ISO/IEC 23001-17 (uncompressed) streams, the alpha channel is stored in
the main video track.
- Support for sequence track edit lists to define the number of sequence
repetitions (without actually repeating the video data).
- New encoder plugin using x264 to write H.264-compressed video streams and images.
- The FFmpeg decoder plugin will now decode both H.265 and H.264.
- Support for HEIF text items and language properties
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Major changes in 1.58.2
=======================
* client: Fix use-after-free when creating async proxy failed (Ondrej Holy)
* daemon: Fix race on subscribers list when on thread (Ondrej Holy)
* ftp: Validate fe_size when parsing symlink target (Ondrej Holy)
* ftp: Check localtime() return value before use (Ondrej Holy)
* CVE-2026-28295: ftp: Use control connection address for PASV data (Ondrej Holy)
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters (Ondrej Holy)
* gphoto2: Use g_try_realloc() instead of g_realloc() (Ondrej Holy)
* cdda: Reject path traversal in mount URI host (Ondrej Holy)
* client: Fail when URI has invalid UTF-8 chars (Ondrej Holy)
* Some other fixes (correctmost, Ondrej Holy)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The BPN = libwnck is confusing since it should be libwnck3, use GNOMEBN to
replace BPN to make the SRC_URI work.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs were ignored because they were tracked by NVD using
incorrect version information. Since then this information seems
to be reflected correctly, it is not needed to ignore them explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
- Upstream has removed incorrect gplv3 text from the license (because agplv3
is the correct), which changed the checksum
- The recipe had incorrect license indication. Redis 8 is not BSD licensed,
but depending on the user's choice, it's agplv3 or sspl (or custom redis
license, which is not added to the list)
Changelogs:
8.0.6:
- Security fix: A user can manipulate data read by a connection by
injecting \r\n sequences into a Redis error reply
8.0.5:
Bugfixes:
- HGETEX - potential crash when FIELDS is used and numfields is missing
- Potential crash on HyperLogLog with 2GB+ entries
- Cuckoo filter - Division by zero in Cuckoo filter insertion
- Cuckoo filter - Counter overflow
- Bloom filter - Arbitrary memory read/write with invalid filter
- Bloom filter - Out-of-bounds access with empty chain
- Bloom filter - Restore invalid filter [We thank AWS security for
responsibly disclosing the security bug]
- Top-k - Out-of-bounds access
8.0.4:
Security fixes
- (CVE-2025-49844) A Lua script may lead to remote code execution
- (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
- (CVE-2025-46818) A Lua script can be executed in the context of another user
- (CVE-2025-46819) LUA out-of-bound read
New Features
- VSIM: new EPSILON argument to specify maximum distance
Bug fixes
- Potential use-after-free after pubsub and Lua defrag
- Potential crash on Lua script defrag
- HINCRBYFLOAT removes field expiration on replica
- Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE
- Endless client blocking for blocking commands
- Vector sets - RDB format is not compatible with big endian machines
- EVAL crash when error table is empty
- Gracefully handle short read errors for hashes with TTL during full sync
8.0.3:
Security fixes
- (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
- (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
New Features
- VSIM: Add new WITHATTRIBS to return the JSON attribute associated with an element
Bug fixes
- A short read may lead to an exit() on a replica
- db->expires is not defragmented
8.0.2:
Security fixes
- (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE
Bug fixes
- Cron-based timers run twice as fast when active defrag is enabled
Other general improvements
- LOLWUT for Redis 8
8.0.1:
Performance and resource utilization improvements
- Vector sets - faster VSIM FILTER parsing
Bug fixes
- Query Engine - revert default policy search-on-timeout to RETURN
- Query Engine - @__key on FT.AGGREGATE used as reserved field name preventing access to Redis keyspace
- Query Engine - crash when calling FT.CURSOR DEL while retrieving from the CURSOR
Notes
- Fixed wrong text in the license files
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fixes for CVE-2026-27596, CVE-2026-25884 and CVE-2026-27631.
Ptests passed successfully.
Changelog:
Fix leak
CI: update mac runner for 0.28.x branch
Add some new cameras and lenses
Make DataValue::value_ public
fix reading mp4 url box nested in non video/audio track
fix: do not add target exiv2lib if the target already exists
Add size checks to avoid large memory allocations
Fix size calculation in XmpTextValue::size()
Avoid calling std::find or std::string with an invalid range
Backport all changes in .github/workflows from main to 0.28.x
Fix out-of-bounds read in CrwMap::decode0x0805
Fix UBSAN false positive
Upload crash files when fuzzing fails
Remove nightly release
Fix regression in Canon lens detection
fix wrong timescale used to calculate fps
Remove nightly release vestiges
conan: update dependencies
Add Tamron 18-400mm on Nikon D90
Add Ricoh GR IV HDF and Monochrome IDs
Refresh translations
Add build provenance attestation
Add fuzz target for previews
Align some docs to main
Update README.md
add enforce to prevent integer overflow
Add enforce to check for integer overflow
Release Exiv2 version 0.28.8
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also fixes CVE-2026-3102
Changelog:
13.52:
- Added a number of new XMP tags written by Adobe software
- Added UTF-16 support for a few different metadata types in which only UCS-2
was previously implemented
- Added a few more Canon FlashModel values and decode FlashModel for the
5DmkII
- Added a new Canon LensType
- Added some missing file attribute bits to two of the new LNK tags
- Decode internal serial number for the 5DmkII
- Decode another OwnerName for the 5DmkII
- Decode some timed GPS for a couple of new DJI drones
- Enable WindowsLongPath by default only if Win32::API is available
- Renamed the Pentax K3III AFInfo tag to AFInfoK3III
13.51:
- Added a new Nikon LensID
- Decode more tags from Windows LNK files
- Decode another LIGOGPSINFO variant
- Decode some new Canon tags
- Decode some new Nikon tags
- Split decoding on Nikon BurstGroupID into separate tags
- Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4
videos introduced in 13.45
- Fixed bug generating the default-language version of
QuickTime:LocationInformation
13.50:
- Added a few new Sony lenses
- Added a couple of new Canon lenses
- Decode another Samsung trailer tag
- Decode BlackLevels from some Canon CRW files
- Updated Sony maker note decoding for the ILCE-7M5
- Patched potential MacOS security issue
- Fixed -list options so reading image files beforehand doesn't add tags to
the output when running multiple commands using the -execute feature
13.49:
- Decode a couple of new Samsung trailer tags
- Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the
changes can be worked through in detail
- Fixed problem where Google Photos had problems displaying ExifTool-edited
HEIC MotionPhoto images. Files written by older versions of ExifTool may be
repaired by re-writing with 13.49 or later
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This resolves USDT probe test failures on ARM64 platforms.
Without these changes, the .note.stapsdt section containing probe
information was missing entirely on ARM64, causing test failures when
attempting to find and attach to USDT probes in the BCC test suite.
Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5491]
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop the patch that is included in this release.
Actually that is also the changelog since the previous version - there
were no other changes beside the accepted patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
- Added abilty to build and run in a docker container
- kas is the default symbol lookup method now
- Fix building without libtool installed
- Misc fixes for kas lookup logic
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It is fetched from git, so the checksums are not doing anything.
While touching it, switch to the project's own license file instead
of using a generic one from the COMMON_LICENSE_DIR.
The license itself has not changed, still gpl 2.0, only.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a bugfix release. Changes:
- USB HID dissector memory exhaustion. CVE-2026-3201.
- NTS-KE dissector crash. CVE-2026-3202.
- RF4CE Profile dissector crash. CVE-2026-3203.
- Wireshark doesn’t start if Npcap is configured with
"Restrict Npcap driver’s Access to Administrators only"
- PQC signature algorithm not reported in signature_algorithms.
- Unexpected JA4 ALPN values when space characters sent.
- Expert Info seems to have quadratic performance (gets slower and slower)
- IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded.
- TShark and editcap fails with segmentation fault when output format (-F) set to blf.
- Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee
Direct Tunneling Zigbee NWK PDUs NULL hash table]
- Wiretap writes pcapng custom options with string values invalidly.
- RDM status in Output Status (GoodOutputB) field incorrectly
decoded in Art-Net PollReply dissector.
- Wiretap writes invalid pcapng Darwin option blocks.
- TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to
incorrect expectation of TYPE_VARLEN (MaxLen)
- Only first HTTP POST is parsed inside SOCKS with "Decode As".
- TShark: Bogus "Dissector bug" messages generated in pipelines
where something after tshark exits before reading all its input.
- New Diameter RAT-Types in TS 29.212 not decoded.
- Malformed packet error on Trigger HE Basic frames.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fio 3.40 added the commit 4175f4dbec5d ("oslib: blkzoned: add
blkzoned_move_zone_wp() helper function") which uses
FALLOC_FL_ZERO_RANGE which in a musl build is undefined without
including its header.
Backport the upstream fix.
Signed-off-by: Max Krummenacher <max.oss.09@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
rtla source code is present in the kernel source tree at tools/tracing/rtla.
There is another build option for rtla to enable bpf bindings, this was
not a quick one to get working and left as a future improvement.
Makefile for rtla has evolved in newer kernels (v6.9). Some fixes needed for
support with older kernels. This commit was tested against 6.18 and 6.8.
Also add rtla to packagegroup-meta-oe-benchmarks.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When having a DEPENDS against cpupower it need to leave its header files.
Remove that cleanup that has been present since the beginning of the recipe
without any (to me) known reason.
cpupower ship a systemd service and config file in kernel source tree
since kernel 6.16. Package them as a separate package cpupower-systemd to
be installed if wanted.
Add cpupower to packagegroup-meta-oe to be included in builds of all
packages.
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ngtcp2 project is an effort to implement IETF QUIC protocol
It is a dependency of the new Samba recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
HTTP/3 library written in C
A new dependency for Samba recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Ptests passed successfully.
Changelog: https://docs.djangoproject.com/en/6.0/releases/6.0.3/
- Fix CVE-2026-25673 and CVE-2026-25674
- Fixed NameError when inspecting functions making use of deferred
annotations in Python 3.14
- Fixed AttributeError when subclassing builtin lookups and neglecting
to override as_sql() to accept any sequence
- Fixed TypeError when deprecation warnings are emitted in environments
importing Django by namespace
- Fixed a visual regression where fieldset legends were misaligned in
the admin.
- Prevented the django.tasks.signals.task_finished signal from writing
extraneous log messages when no exceptions are encountered
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This version has been EOL since the end of February. There is a recipe
available for v8, which is still supported.
Drop this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libcppconnman is a C++ library to control ConnMan via D-Bus. It exposes
simple aync methods to perform all the controls that ConnMan allow via
D-Bus.
Signed-off-by: Andrea Ricchi <andrea.ricchi@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
OpenSSL 4.0 will drop support for engines and use providers instead.
To access SoftHSM and other PKCS#11 modules via the provider API, we
rely on https://github.com/latchset/pkcs11-provider, which is already
available as via pkcs11-provider recipe.
We enable this provider by using a specific OpenSSL config when signing.
This means that recipes inheriting this class can decide whether they
want to use the engine or provider to access the key.
SoftHSM seems to produce broken keys when calling the C_CopyObject, so
disable caching in the provider for now.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-fix-allow-64-bit-time_t-on-32-bit-systems-in-test_is.patch
0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch
removed since they're included in 0.47.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
MAIL: wangmy@fujitsu.com
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Andrej Kozemcak
Gyorgy Sarvari
Markus Volk
Ankur Tyagi
Sairamreddy Bojja
Zhang Peng
Robert Yang
Harish Sadineni
Jason Schonberg
G B
Max Krummenacher
Peter Bergin
Martin Jansa
Andrea Ricchi
Mingli Yu
Fabian Pflug
Jan Luebbe
Wang Mingyu