The original tarball URL no longer provides version 1.7.3 or any other
historical releases.To ensure reproducible builds, the source has been
switched to the official GitHub repository.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The git server at git.pengutronix.de no longer supports the git
protocol, so switch to https.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/valkey-io/valkey/releases/tag/8.1.1
Security fixes
(CVE-2025-21605) Limit output buffer for unauthenticated clients
Bug fixes
Fix the build on less common platforms in zmalloc.c
Fix: add samples to stream object consumer trees
Fix crash during TLS handshake with I/O threads
Fix cluster slot stats assertion during promotion of replica
Fix panic in primary when blocking shutdown after previous block with
timeout
Ignore stale gossip packets that arrive out of order
Fix incorrect lag reported in XINFO GROUPS
Fix engine crash on module client blocking during keyspace events
Avoid shard id update of replica if not matching with primary shard id
Only enable defrag for vendored jemalloc
Allow scripts to support null characters again
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ChangeLog:
https://github.com/redis/redis/releases/tag/7.2.8
Update urgency: SECURITY: There are security fixes in the release.
Security fixes
==================
* (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers
Bug fixes
=================
* #12817, #12905 Fix race condition issues between the main thread and module threads
* #13863 RANDOMKEY - infinite loop during client pause
* #13877 ShardID inconsistency when both primary and replica support it
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The upstream code basically hard-code libdir to /usr/lib. This was
hidden by the upstream non-reproducible path existence check.
Improve the reproducibility patch to use the cmake variables derived
from $libdir and $datadir :
CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_DATAROOTDIR.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reported-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Imported the submitted patch from:
https://savannah.gnu.org/bugs/?66845
to fix:
http://errors.yoctoproject.org/Errors/Details/851187/
../../enscript-1.6.6/compat/regex.c:3565:13: error: too many arguments to function 're_match_2_internal'; expected 0, have 8
3565 | val = re_match_2_internal (bufp, string1, size1, string2, size2,
| ^~~~~~~~~~~~~~~~~~~ ~~~~
* Modified the Upstream-Status since the same content as
0001-getopt-Include-string.h-for-strcmp-stcncmp-functions.patch is already in the backport.
Signed-off-by: mark.yang <mark.yang@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Main problem with ptest for this component is that it uses cmake's
FetchContent and CPM to get dependencies.
This adds lot of ugly code to the recipe including conditional patch.
Second big problem is that tests need BIT7Z_DISABLE_USE_STD_FILESYSTEM
which uses test library. This means that when building with ptests, the
code is significantly different than when building without it.
But in production case we don't want to use testing library...
This is known at upstream and will be fixed eventually as github CI is
failing on this too when submitting unrelated patches upstream.
Other considerations:
* created patch for new cmake option to pass path to test data on target
* created patch for new cmake option to pass path to lib7zip on target
* skipped test which consumes too much RAM (it passes if machine has
plenty of RAM)
* testdata contains files for other architectures, so INSANE_SKIP is
needed for ptest package
* created patch for tests failing with musl
Tests usually take 9s on my build machine so added them to fast ptests.
However since the dependency 7zip recipe does not build on 64-bit
architectures, I could not add it to PTESTS_FAST_META_OE.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
bit7z is a cross-platform C++ static library that allows the
compression/extraction of archive files through a clean and simple
wrapper interface to the dynamic libraries from the 7-Zip project.
It supports compression and extraction to and from the filesystem or
the memory, reading archives metadata, updating existing ones,
creating multi-volume archives, operation progress callbacks, and many
other functionalities.
Recipe comments:
* 2 patches needed for successful build+ptest were submitted upstream
* to upstream dependency inclusion patch we'd have to completely rework
dependency handling and would be probably against their concepts
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is needed for bit7z recipe.
But in general, using 7-zip as a library also requires headers.
Leave our Windows headers.
Install also readme as it contains version information and is used by
bit7z.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable c++11-narrowing-const-reference warning as error
Fixes
git/extensions/standard-processors/utils/JoltUtils.cpp:498:23: error: non-constant-expression cannot be narrowed from type 'unsigned long long' to 'unsigned int' in initializer list [-Wc++11-narrowing-const-reference]
return ResultT{{std::stoull(std::string{idx_begin, it}), {}}, it};
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Always print icons double-quoted
- Also support SVG icons when the image library supports it natively.
- Mark the WindowList as a toplevel and redirect its input to the listbox.
- Fix compiling without internationalization for icewm-menu-fdo.
- Also update the server time before setting focus to the topWindow.
- Try not to go backwards in our notion of the X server time.
- Only save event time when it is non-zero.
- Add updateServerTime to class declaration in header.
- Use the window handle when retrieving the user time.
- Fix off-by-one errors in the QuickSwitch bottom right border
- Log the keycode as a decimal.
- Improve readability in SwitchWindow::resize.
- Ignore key releases and modifier presses in the top window key handler.
- Remove the incompatible cmake_path from the po CMakefile.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- New option '--bad-sector-data'.
- main_common.cc (format_num3): New function.
- mapbook.cc (input_pos_error): Print pos and size aligned.
- ddrescue.texi: Document use of -p and -x with --domain-mapfile.
- block.h: Rename to mapfile.h.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog
modernise CMakeLists.txt
Use cmake TIMESTAMP function to be more portable and to allow for reproducible builds
fixed: potential null deref. closes#556
python 3.13 compatibility
added: vs2022 support
fixed: creating (unsigned) windows installer
fixed: nsis installer not creating start menu icons and uninstaller
bump to .net framework 4.5 and .net 8.0
fixed: null terminate .net device language field. added CecLogicalAddresses::Unset()
fixed: don't call the config updated callback if nothing has changed. auto set wake devices or activate source so these values match what happens on the tv
fixed: tv would power on even if the options to power on were disabled in cec-tray
changed/fixed: windows installer, eventghost plugin, .net libraries, python imports, debug builds
fixed: use input() for python3 and raw_input() for python2
changed: debian python install to match arch specific too
fixed: libusb0.dll wasn't included in the installer
fixed: remove call to PyEcal_InitThreads(). swig already includes SWIG_PYTHON_INITIALIZE_THREADS in SWIG_init()
CheckPlatformSupport.cmake: various improvements
Ease copy-paste by invoking apt noninteractively
Rename COPYING to LICENSE.md so follow standard naming conversion
cecloader.h: fix null return
Mark all devices as inactive when new active source is unknown
Fix use after free in callbacks with results.
Add a commandHandler callback to allow external libs to handle CEC commands themselves.
Remove debug printfs.
Attempt to fix race condition when freeing the callback wrapper.
Allow command handler callback to intercept broadcast messages and fix inconsistent callback wrapper deletion again.
Remove useless mutex.
Remove useless 'keepResult' parameter and make sure the CCallbackWrap is only deleted once even in case of timeout.
Fix Python module import
fix assert issue with systemd udev
tegra-cec support. closes#636
Add support for Windows ARM64.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upstream does not in fact use autotools, so remove the inherit.
Also, clean up a oe_runmake to not require a subshell.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upstream does not in fact use autotools, so remove the inherit and
implement the required do_install directly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upstream does not in fact use autotools, so remove the inherit and
implement the required do_install.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upstream does not in fact use autotools, so remove the inherit.
Also remove the redundant cmake-native DEPENDS, as this upstream doesn't
use cmake either.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upstream does not in fact use autotools, so remove the inherit and
clean up do_compile().
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since the recipe tries to list every single option, add this one which
is missing. It is enabled by default in cmake to enabling it by default
in package config retains current settings.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add library to packaged files to fix:
ERROR: fluentbit-3.2.8-r0 do_package: QA Issue: fluentbit: Files/directories were installed but not shipped in any package:
/usr/lib/fluent-bit
/usr/lib/fluent-bit/libfluent-bit.so
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
fluentbit: 2 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add valgrind dependency to fix:
fatal error: valgrind/valgrind.h: No such file or directory
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These manipulate compiler flags instead of using what yocto provides.
* "coverage" adds paths to binaries and thus causes buildpaths errors
* "small" strips binaries, so causes already-stripped error.
* DEBUG_BUILD is the correct way to enable debug/release flags in yocto
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Handle CVE-2024-50608 and CVE-2024-50609 (in 3.2.7).
Drop two patches addressed upstream.
Refresh remaining patches.
zstd is now bundled without possibility to unbundle.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
"devtool latest-version fluentbit" shows currently:
INFO: Latest version: 20220215
which is something old.
This change switches it to:
INFO: Latest version: 3.2.8
which was released on 2025-02-27.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This ensures that version number is not required to be computed on fly
which is required when using sources from git, and it gets it wrong which
get encoded as UNKNOWN in .pc files and packages like usbguard fail to
find the version number of libqb and fails to configure
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* remove b76e3c578f1e9f582e9c28f50d82b1f569602075.patch, already in
1.9.0
* set AUTOTOOLS_AUXDIR
Upstream commit [99275bf1 Remove autogenerated files] remove aux dir
conftools, which causes do_configure failed with error:
error: required file 'conftools/config.rpath' not found
set the correct AUTOTOOLS_AUXDIR to fix it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Now hiredis can be used not only with Redis, but also with Valkey, an
open source key/value datastore that is fully compatible with Redis. As
Redis changed its license, many users have switched to Valkey. Add
RPROVIDES virtual-redis in both redis and valkey, and set it as the
runtime dependency of hiredis.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Praveen Kumar
Jiaying Song
Zhang Peng
Yi Zhao
Peter Marko
Changqing Li
Bastian Krause
Wang Mingyu
Vijay Anusuri
Yoann Congal
mark.yang
Randy MacLeod
Niko Mauno
Khem Raj
Markus Volk
Martin Jansa
Richard Purdie
Ross Burton