Fixes:
- Accept NMEA GGA sentences with 11 or more parts (needed 14 or more
previously)
- Use async D-bus 'Set' methods to set client properties in libgeoclue to
improve robustness
- Do not change Client Location property on updates which are below threshold
to avoid leaking location to D-bus
- Ignore wired WPA interfaces when finding an interface for WiFi scanning
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The CPE parsing in oe-core's cve_check.py now handles escapes correctly[1]
so we don't need to escape in CVE_PRODUCT.
[1] oe-core 3c73dafd03b ("cve_check: Improve escaping of special characters in CPE 2.3")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The CPE parsing in oe-core's cve_check.py now handles escapes correctly[1]
so we don't need to escape in CVE_PRODUCT.
[1] oe-core 3c73dafd03b ("cve_check: Improve escaping of special characters in CPE 2.3")
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
1.Drop openct as it is unmaintained upstream.
2.Remove openct in meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
We add x11 into REQUIRED_DISTRO_FEATURES because one of the dependency
gtkmm4 require x11, now, gtkmm4 don't require x11, so remove x11 from
REQUIRED_DISTRO_FEATURES
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Contains fix for CVE-2026-34080. Since it is tracked without version info
by NVD, mark it explicitily as patched.
Drop the patch that is included in this release.
While here, also add the recipe to the ptest list - it's a fast one,
runs under a second.
Changelog:
- Drop the autotools build system
- Unbreak the CI
- Prevent a crash on disconnect
- Fix building with glibc >= 2.43
- Fix the eavesdrop filtering to prevent message interception
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Contains fixes for CVE-2026-34078 and CVE-2026-34079
Add explicit CVE_STATUS tags for these CVEs, because they are tracked
without version info by NVD at this time.
Changelog:
17.6:
Bug fixes:
- Fix the remaining regression for Chromium based browsers by not leaking file
descriptors down to wrapped command
- Fix a regression when installing extra-data without a runtime, which is the
case for openh264
- Fix the remaining regression for Epiphany by ignoring unusable sandbox-expose
paths for sub-sandboxes in the portal
- Fix the installed tests by allowing to add a new ref to an existing temporary
ostree repo
- Avoid closing fds 0/1/2 when they are used as a bad argument to flatpak-run,
and reduce duplication in handling file descriptor arguments
Enhancements:
- Disable auto-pin in flatpak-repair to preserve the pin state across
re-installs
- Small improvements for the tests
17.5:
Bug fixes:
- Fix regressions caused by the sandbox escape security fix, which impact some
browsers, browser-based apps and Steam (#6577, #6569, #6576, #6574)
Enhancements:
- Expand test coverage of flatpak-run features used by flatpak-portal (#6573)
17.4:
Security fixes:
- Fix a complete sandbox escape which leads to host file access and code
execution in the host context (CVE-2026-34078)
- Prevent arbitrary file deletion on the host filesystem (CVE-2026-34079)
- Prevent arbitrary read-access to files in the system-helper context
(GHSA-2fxp-43j9-pwvc)
- Prevent orphaning cross-user pull operations (GHSA-89xm-3m96-w3jg)
Enhancements:
- Enable ntsync unconditionally
- Automatic branch following for extensions to ensure that "no-autodownload"
extensions stay functional after an update that requires a new branch
- Translation updates: eo, kk, sr, zh_CN
Bug fixes:
- Prevent CPR sequence from showing up in the terminal
- Fix a crash for apps/runtimes with multiarch permission
- Fixes for Coverity warnings
- Add test-preinstall.sh to the test matrix source
- Fix a test message to refer to "systemd-localed" instead of "located"
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
fixes
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'ITT_DoOneTimeInitialization' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'TBB_runtime_interface_version' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'get_memcpy_largest_cachelinesize' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'get_memcpy_largest_cache_size' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'get_mem_ops_method' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'init_mem_ops_method' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'irc__get_msg' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'irc__print' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'override_mem_ops_method' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'set_memcpy_largest_cachelinesize' failed: symbol not defined
| aarch64-yoe-linux-ld.lld: error: version script assignment of 'local' to symbol 'set_memcpy_largest_cache_size' failed: symbol not defined
| aarch64-yoe-linux-clang: error: linker command failed with exit code 1 (use -v to see invocation)
| [45/49] Linking CXX shared library clang_22.1_cxx11_64_release/libtbb.so.12.17
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop the upstream applied patches
Add patches to fix build with clang-22
Bump PE to account for version going from 7.x to 0.8
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
On hosts with gcc-13 it was trying to use -std=gnu23 and failing
with unrecognized command-line option (gnu23 needs gcc-14 and newer)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
The not aligned value of CONFIGURATION_FILES_DIR makes the configuration
file install path is different with the default configuration file path
from where the application to read, then make the service dlt/dlt-system
not works well.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Crow is a C++ framework for creating HTTP or Websocket web services.
Disable tests as they are using CPM (Cmake Dependency Manager), which
would be downloading the test dependencies in configuration step.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Bug-fix release addressing several issues discovered during an
AI-augmented security audit. The most severe bug was found in the C
extension code of the python bindings - which also get an update - but
there were some memory leaks and integer overflow bugs in the core C
library as well as in tools and DBus daemon.
Full changelog:
Bug fixes:
- fix buffer over-read bugs when translating uAPI structs to library types
- fix variable and argument types where necessary
- sanitize values returned by the kernel to avoid potential buffer overflows
- fix memory leaks in gpio-tools
- add missing return value checks in gpio-tools
- fix period parsing in gpio-tools
- use correct loop counter in error path in gpio-manager
Improvements:
- make tests work with newer coreutils by removing cases checking tools'
behavior on SIGINT which stopped working due to changes in behavior of the
timeout tool
Also: drop the patch that's now upstream from the recipe.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Feature: Skip the systemd inhibitor when performing CriticalPowerAction
- Feature: Introduce "Auto" CriticalPowerAction using systemd-logind Sleep()
- Fix: Test CanPowerOff() availability before calling PowerOff()
- Fix: Add charge limit support for systems providing only charge_control_end_threshold
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
===========
- Non-animated images can now be loaded as single frame animations
- Fixed animated WebP frame composition
- Fixed potential buffer overflow in tRNS handling
- Fixed out of bounds read in XCF image loader (CVE-2026-35444)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
- Fix: unmap when surface is immediately requested to close after opening
- Fix: time out after 1 second of waiting for configure
- Fix: edge cases around montiros changing while being mapped
- gtk-priv: rename ast.py -> c_ast.py to avoid name collision with std lib
- Compat: bump supported GTK to v3.24.52
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog:
==========
* Update tests to reflect the %f/%F changes implemented in v3.12
* Disallow %f and %n format specifiers in --action and --info strings;
abort with an error message if those are encountered. Use %F and %N
instead. Rationale: %f and %n do not escape shell-specific syntax and
are thus a security risk when passing untrusted file names to feh. %F and
%N, which have been available since v2.3 (Feb 2012), do escape
shell-specific syntax. Migration path: Replace %f (or '%f') and %n (or
'%n') with %F and %N (without '') in --action and --info commands.
* Fix formatting in man page for groff 1.23.0+
* Do not skip URLs when '--sort mtime' or similar are used
* Define '_GNU_SOURCE' macro for mkstemps usage (if enabled)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Fixes
======
- Added missing <cstdint> includes.
- Fixed suppression of empty variadic macro arguments warning on Clang <19.
- Fixed catch_discover_tests failing during PRE_TEST discovery if a target does
not have discoverable tests.
- Fixed build of the main library failing with CATCH_CONFIG_PREFIX_ALL defined.
- JUnit reporter outputs single failed (errored/skipped) assertion per test
case.
Improvements =============
- The default implementation of --list-tags and --list-listeners has a quiet
variant.
- Suppressed the new Clang warning about __COUNTER__ usage.
- Line-wrapping counts utf-8 codepoints instead of bytes.
- Combining character sequences are still miscounted, but Catch2 does not aim
to fully support Unicode.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Wang Mingyu
Ross Burton
Zheng Ruoqin
Changqing Li
Gyorgy Sarvari
Khem Raj
Jörg Sommer
Martin Jansa
Jason Schonberg
Gargi Misra
Peter Marko
Yi Zhao
Bartosz Golaszewski