License-Update: copyright year bump.
Changelog:
1.29.5:
- Security: an attacker might inject plain text data in the response
from an SSL backend (CVE-2026-1642).
- Bugfix: use-after-free might occur after switching to the next gRPC
or HTTP/2 backend.
- Bugfix: an invalid HTTP/2 request might be sent after switching to
the next upstream.
- Bugfix: a response with multiple ranges might be larger than the
source response.
- Bugfix: fixed setting HTTP_HOST when proxying to FastCGI, SCGI, and
uwsgi backends.
- Bugfix: fixed warning when compiling with MSVC 2022 x86.
- Change: the logging level of the "ech_required" SSL error has been
lowered from "crit" to "info".
1.29.4:
- Feature: the ngx_http_proxy_module supports HTTP/2.
- Feature: Encrypted ClientHello TLS extension support when using
OpenSSL ECH feature branch; the "ssl_ech_file" directive.
Thanks to Stephen Farrell.
- Change: validation of host and port in the request line, "Host"
header field, and ":authority" pseudo-header field has been changed
to follow RFC 3986.
- Change: now a single LF used as a line terminator in a chunked
request or response body is considered an error.
- Bugfix: when using HTTP/3 with OpenSSL 3.5.1 or newer a segmentation
fault might occur in a worker process; the bug had appeared in
1.29.1.
Thanks to Jan Svojanovsky.
- Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
1.29.3:
- Feature: the "add_header_inherit" and "add_trailer_inherit"
directives.
- Feature: the $request_port and $is_request_port variables.
- Feature: the $ssl_sigalg and $ssl_client_sigalg variables.
- Feature: the "volatile" parameter of the "geo" directive.
- Feature: now certificate compression is available with BoringSSL.
- Bugfix: now certificate compression is disabled with OCSP stapling.
1.29.2
- Feature: now nginx can be built with AWS-LC.
Thanks Samuel Chiang.
- Bugfix: now the "ssl_protocols" directive works in a virtual server
different from the default server when using OpenSSL 1.1.1 or newer.
- Bugfix: SSL handshake always failed when using TLSv1.3 with OpenSSL
and client certificates and resuming a session with a different SNI
value; the bug had appeared in 1.27.4.
- Bugfix: the "ignoring stale global SSL error" alerts might appear in
logs when using QUIC and the "ssl_reject_handshake" directive; the
bug had appeared in 1.29.0.
Thanks to Vladimir Homutov.
- Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
- Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
- Bugfix: in SSL certificate caching during reconfiguration.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Security: an attacker might inject plain text data in the response
from an SSL backend (CVE-2026-1642).
- Bugfix: use-after-free might occur after switching to the next gRPC
or HTTP/2 backend.
- Bugfix: fixed warning when compiling with MSVC 2022 x86.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The llhttp vendored dependency of nodejs takes advantage of Arm NEON
instructions when they are available, however they are detected by
checking for an outdated CPU feature macro: it checks for __ARM_NEON__,
however it is not defined by new compilers for aarch64, rather they
set __ARM_NEON. The Arm C extension guide[1] refers to __ARM_NEON macro
aswell.
This patch changes the detection to check for both macros when detecting
the availability of NEON instructions.
The code this patch modifies is generated, so the patch itself isn't
suitable for upstream submission, as the root cause of the error is
in the generator itself. A PR has been submitted[2] to the generator
project to rectify this issue.
[1]: https://developer.arm.com/documentation/ihi0053/d/ - pdf, section 6.9
[2]: https://github.com/nodejs/llparse/pull/84
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The llhttp dependency of nodejs uses NEON intrinsics when they
are available, however some of these calls are incorrect: they
the call they use don't match the parameters passed, and so
the compilation fail (unless the error is suppressed):
| ../deps/llhttp/src/llhttp.c: In function 'llhttp__internal__run':
| ../deps/llhttp/src/llhttp.c:2645:9: note: use '-flax-vector-conversions' to permit conversions between vectors with differing element types or numbers of subparts
| 2645 | );
| | ^
| ../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16'
| 2643 | vcgeq_u8(input, vdupq_n_u8(' ')),
There is a patch upstream that fixes it (though it is not merged
yet). This patch is a port of that fix.
This allows us to remove the extra CFLAGS also from the recipe that
suppressed this error.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The rsyslog recipe incorrectly passes the permission mode as a
positional argument to install -d. In this form, the value is treated
as a directory name rather than as a mode, which will create an additional directory
and may result in unexpected behavior during installation.
Use the -m option to ensure the directory is created with the intended
permissions.
Signed-off-by: Mikhail Anikin <mikhail.anikin@solid-run.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In Yocto builds, zstd is built via Makefile and does not install
CMake package configuration files. As a result, Findzstd.cmake
fails to detect ZSTD_INCLUDE_DIRS.
Add pkg-config based detection as a fallback to properly locate
zstd headers and libraries.
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The project Makefile uses a script (sysinfo.sh) to non-atomically generate
two .c files (sysinfo.c, sysinfoc.c) which are then included in the build.
Since the script always overwrites both .c files, the Makefile should only
invoke it once, not twice in parallel. Otherwise the .c files may be
corrupted and cause random build failures in parallel builds.
Requires at least GNU make 4.3, for Grouped Targets support [1].
[1] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Reviewed-by: Silvio Fricke <silvio.fricke@gin.de>
Signed-off-by: Daniel Klauer <daniel.klauer@gin.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some new tests expect the PWD to be writable, however this is not the case
when running the tests in $PTEST_PATH with a non-root user. This patch
makes it writable.
Ptests passed, however there is a flaky test. Upstream has a bug[1]
about it:
Ran 18651 tests in 144.573s
OK (skipped=1396, expected failures=5)
Changes:
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207,
CVE-2026-1285, CVE-2026-2187 and CVE-2026-1312
[1]: https://code.djangoproject.com/ticket/36770
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dropped patch that is included in this release.
Ptests passed:
Ran 18131 tests in 450.882s
OK (skipped=1389, expected failures=5)
Changelog:
5.2.11:
Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285,
CVE-2026-1287 and CVE-2026-1312
5.2.10:
* Fixed a bug in Django 5.2 where data exceeding max_length was silently
truncated by QuerySet.bulk_create on PostgreSQL.
* Fixed a bug where management command colorized help (introduced in
Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In case nghttp2 and/or libuv PACKAGECONFIGs are enabled, nodejs
will build some binaries for the build system also, linking to
native binaries and using headers from the native sysroot.
However in case the dependencies are missing from the native sysroot,
then it falls back to the build system's sysroot, and use the files
that it can find there. If the build system doesn't have nghttp2/libuv
installed, then compilation fails:
libuv:
../tools/executable_wrapper.h:5:10: fatal error: uv.h: No such file or directory
ngtthp2:
<...snip...>/build/tmp/hosttools/ld: cannot find -lnghttp2: No such file or directory
To avoid falling back to the build system's sysroot, add the missing
libuv-native and nghttp2-native dependencies.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The FastCV stub dlopen()'s libfastcvopt.so.1, but if it is not present,
it is not a fatal error for the rest of the plugins. Downgrate RDEPENDS
to RRECOMMENDS. While we are at it, drop the dependency from the
PACKAGECONFIG, it is handled in the python code.
Fixes: b77403017b ("opencv: fill in missing FastCV gaps")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop patch that is included in this release.
Changes (note that there were no intermediate releases):
40.10:
This release includes a fix for the broken GNOME Extensions link and
several translation updates.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop patch that's included in this release.
Changes:
- Fix double g_error_free call in remote_close_callback
- Fix build with taglib 2.0
- Set project gnu++11 c++ language version explicitely
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
Version 44.4
- Support TryExec for thumbnailers
- Translation updates
Version 44.3
- Fix CI regression for release upload
Version 44.2
- Stop using ratio character for time in the wall-clock
- Fix variable initialization
- General CI cleanups
- Only parse XML files as slideshows
- Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Submitted fix: https://github.com/HewlettPackard/netperf/pull/94
Fix for multiple definition error:
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:<snip>/src/nettest_bsd.c:302: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:<snip>/src/nettest_bsd.c:289: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:233: multiple definition of `signal_set'; nettest_bsd.o:<snip>/src/nettest_bsd.c:302: first defined here
| <snip>/ld: nettest_omni.o:<snip>/src/nettest_omni.c:191: multiple definition of `interval_count'; nettest_bsd.o:<snip>/src/nettest_bsd.c:289: first defined here
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The old SRC_URI has became inaccessible a while ago.
This patch switches to Debian mirror.
The file contents are identical to the previous source,
except for the top level debian folder, which is not present
in the new tarball (but it is mostly useful for Debian
packagers, and not used for compilation).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If there is no mate_grammar.c, it will cause exit code 1 by "test -e" as following:
WARNING: exit code 1 from a shell command.
So use "if" instead of "test"
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The cmake files should be included in the glaze-dev package.
Without this patch, an application using the following
find_package(glaze)
target_link_libraries(myprogram PUBLIC glaze::glaze)
Would fail with the following error (with tmpdir redacted)
CMake Error in deps/vesl/src/Platform/CMakeLists.txt:
Imported target "glaze::glaze" includes non-existent path
"$TMPDIR/recipe-sysroot/usr/share/include"
in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:
* The path was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and references files it does not
provide.
Signed-off-by: Frede Hoey Braendstrup <frederikbraendstrup@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.ChangeLog
https://github.com/transmission/transmission/releases/tag/4.1.0
2. Remove following patches as they were merged upstream
0001-build-bump-CMake-version-to-3.10-4.patch
0001-miniupnpc-bump-CMake-version-to-3.14.patch
0001-build-set-minimum-required-CMake-to-3.5.patch
3. Change LICENSE Checksum as Copyright year has changed.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Also remove the old mime-types recipe, which is the old name
of media-types.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Instead of PROVIDING mime-support, it should RPROVIDE the same package.
It allows adding "mime-support" to IMAGE_INSTALL to get a similar
behavior than before mime-support recipe was split into two differently
named recipes.
Also, rename the recipe's folder to match the recipe name.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The same recipe is already provided, sourced from Fedora.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Without ${MLPREFIX} in the PACKAGECONFIG runtime field, building the
multilib variant forms a dependency to the non-multilib variant of
certain packages.
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- chore: rm support for Python 3.9+ bump Numba
- feat: numba on python 3.14
- fix: pass atol, rtol and equal_nan as kwargs to awkward's isclose
method
- docs: copyright should only include the year of creation
- chore: pytest log_level is better than log_cli_level
- chore: test on python 3.14
- chore: test on free-threaded Python
License-Update: Include the year of creation only
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.ChangeLog
Fix readthedocs
2.Remove following patches as they were merged upstream
use-poetry-core.patch
208.patch
3.Change license checksum as position of License Info has changed in PKG-INFO file.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 9.0.2:
- Avoid memory leak of new argv when HEXPIRE commands target only
non-exiting fields
- Fix HINCRBY and HINCRBYFLOAT to update volatile key tracking
- Avoid empty hash object when HSETEX added no fields
- Fix case-sensitive check for the FNX and FXX arguments in HSETEX
- Prevent assertion in active expiration job after a hash with
volatile fields is overwritten
- Fix HRANDFIELD to return null response when no field could be
found
- Fix HEXPIRE to not delete items when validation rules fail and
expiration is in the past
- Fix how hash is handling overriding of expired fields overwrite
- HSETEX - Always issue keyspace notifications after validation
- Make zero a valid TTL for hash fields during import mode and data
loading
- Trigger prepareCommand on argc change in module command filters
- Restrict TTL from being negative and avoid crash in import-mode
- Fix chained replica crash when doing dual channel replication
- Skip slot cache optimization for AOF client to prevent key
duplication and data corruption
- Fix used_memory_dataset underflow due to miscalculated
used_memory_overhead
- Avoid duplicate calculations of network-bytes-out in slot stats
with copy-avoidance
- Fix XREAD returning error on empty stream with + ID
- Track reply bytes in I/O threads if commandlog-reply-larger-than
is -1
- This makes it possible to mitigate a performance regression in
9.0.1 caused by the related bug fix
Fixes references to TMPDIR [buildpaths] and avoids [already-stripped].
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Remove upstreamed patch (commit ID: a1fc510a)
- backspace_sends_delete is now a runtime option as
of commit 0d6d85a8b865cac17529d049ae9a561db782ac59
- The kmscon.conf file in the source is renamed to kms.conf.example
To keep the same behavior as the previous versions, kms.conf.example
is moved to ${sysconfdir}/kmscon/kmscon.conf before running sed.
- The render-engine config option has been removed as of commit
59eef2a154f78101195ad8ff08376e2418e773f0.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
