Contains fixes for CVE-2025-54764 and CVE-2025-59438
Also, add the recipe to the ptest image list, because it was missing.
Ptests passed successfully.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* 0002-Instead-of-doing-preprocessor-magic-just-output-off_.patch was
applied upstream as 64667fe63ba9dd78adb9c4abf04bc3e4e25a0fd7
* 0005-common.h-replace-getline-with-fgets.patch was applied upstream as
38a6e3e29d90e11c3d5147e609d7b8e021b2cabf
* Updated all other patches due to patch fuzz
* ubihealthd fails to build with type mismatch errors, because it is not
used, it gets disabled.
```
In file included from /build/tmp/work/x86-64-v3-poky-linux/ubi-utils-klibc/2.0.2/recipe-sysroot/usr/lib/klibc/include/sys/signalfd.h:22,
from ../sources/ubi-utils-klibc-2.0.2/ubi-utils/ubihealthd.c:16:
/build/tmp/work/x86-64-v3-poky-linux/ubi-utils-klibc/2.0.2/recipe-sysroot/usr/lib/klibc/include/bits/types/sigset_t.h:7:20: error: conflicting types for 'sigse
t_t'; have '__sigset_t'
7 | typedef __sigset_t sigset_t;
| ^~~~~~~~
In file included from /build/tmp/work/x86-64-v3-poky-linux/ubi-utils-klibc/2.0.2/recipe-sysroot/usr/lib/klibc/include/signal.h:14,
from /build/tmp/work/x86-64-v3-poky-linux/ubi-utils-klibc/2.0.2/recipe-sysroot/usr/lib/klibc/include/sys/poll.h:10,
from /build/tmp/work/x86-64-v3-poky-linux/ubi-utils-klibc/2.0.2/recipe-sysroot/usr/lib/klibc/include/poll.h:1,
from ../sources/ubi-utils-klibc-2.0.2/ubi-utils/ubihealthd.c:6:
/build/tmp/work/x86-64-v3-poky-linux/ubi-utils-klibc/2.0.2/recipe-sysroot/usr/lib/klibc/include/arch/x86_64/klibc/archsignal.h:13:23: note: previous declaratio
n of 'sigset_t' with type 'sigset_t' {aka 'long unsigned int'}
13 | typedef unsigned long sigset_t;
| ^~~~~~~~
```
* add new package for ubiscan
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently tinyxml2 is built with meson, which doesn't generate files in /usr/lib/cmake
Use cmake instead. This will generate files in both /usr/lib/cmake and /usr/lib/pkgconfig
and allow cmake projects to find libtinyxml2.
Avoids errors such as:
| CMake Error at CMakeLists.txt:11 (find_package):
| By not providing "FindTinyXML2.cmake" in CMAKE_MODULE_PATH this project has
| asked CMake to find a package configuration file provided by "TinyXML2",
| but CMake did not find one.
|
| Could not find a package configuration file provided by "TinyXML2" with any
| of the following names:
|
| TinyXML2Config.cmake
| tinyxml2-config.cmake
|
| Add the installation prefix of "TinyXML2" to CMAKE_PREFIX_PATH or set
| "TinyXML2_DIR" to a directory containing one of the above files. If
| "TinyXML2" provides a separate development package or SDK, be sure it has
| been installed.
|
|
| -- Configuring incomplete, errors occurred!
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tests are supposed to work now - they were not moved to the correct
ptest list with the last update.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Pick patches as listed in NVD CVE report.
Note that Debian lists one of the patches as introducing the
vulnerability. This is against what the original report [1] says.
Also the commit messages provide hints that the first patch fixes this
issue and second is fixing problem with the first patch.
[1] https://jvn.jp/en/jp/JVN19358384/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* https://github.com/squid-cache/squid/releases/tag/SQUID_7_3
- Regression Bug 5520: ERR_INVALID_URL for CONNECT host with leading digit
- Quit NTLM authenticate() on missing NTLM authorization header
- Fix Auth::User::absorb() IP list transfer logic
- Fix type mismatch in new/delete of addrinfo::ai_addr
- Fix libntlmauth string parsing on big-endian machines
- ... and some code cleanups
- ... and some CI improvements
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add patch that restores user intent in serial setup handling. Upstream
commit 77320571e63c ignores user input when RS485 was pre-configured,
breaking loopback and flow-control tests.
This patch ensures RS485 can be explicitly controlled while still
respecting pre-existing configurations when appropriate.
Signed-off-by: Vitor Soares <vitor.soares@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libxml-libxml-perl recipe is currently skipped. Remove it from the ptest
lists as well.
This should fix these warnings from AB[0]:
WARNING: Nothing RPROVIDES 'libxml-libxml-perl-ptest' (but virtual:mcextend:libxml-libxml-perl:/srv/pokybuild/yocto-worker/meta-oe-mirror/build/meta-openembedded/meta-perl/recipes-core/images/meta-perl-image-ptest.bb RDEPENDS on or otherwise requires it)
libxml-libxml-perl RPROVIDES libxml-libxml-perl-ptest but was skipped: Recipe will be skipped because: Not compatible with latest libxml
NOTE: Runtime target 'libxml-libxml-perl-ptest' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['libxml-libxml-perl-ptest']
WARNING: Nothing RPROVIDES 'meta-perl-image-ptest-libxml-libxml-perl'
No eligible RPROVIDERs exist for 'meta-perl-image-ptest-libxml-libxml-perl'
NOTE: Runtime target 'meta-perl-image-ptest-libxml-libxml-perl' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['meta-perl-image-ptest-libxml-libxml-perl']
[0]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/82/builds/494/steps/13/logs/stdio
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.Fix following dovecot.service starting error.
dovecot[364]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 48: cert_file: open(/etc/dovecot/ssl-cert.pem) failed: No such file or directory
systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
systemd[1]: dovecot.service: Failed with result 'exit-code'.
2. There is no need to do "touch ${D}/etc/dovecot/dovecot.conf" as it was created by dovecot after dovecot was upgraded to 2.4.1-4.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Remove 0002-fluid_synth_nwrite_float-Allow-zero-pointer-for-left.patch
It doesn't apply anymore and following the according pull request the
issue seems to be fixed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe was moved from tarballs to git in the 17.00.0006 upgrade,
but the recipe failed to set SRCREV. This meant bitbake had to look up
the tag name on every parse.
Set SRCREV, and remove the now-obsolete SRC_URI[sha256sum].
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a stable bugfix release, with the following changes:
Fixed a crash at startup in Hearts of Iron IV
Fixed mouse movement in Heroes of Might and Magic III
Fixed crash under Wayland with Heavy Gear 2
Fixed crash at shutdown in Sim City 3000
Fixed stuck mouse cursor in Seven Kingdoms
Added a fast path for SDL_MapRGB() and SDL_MapRGBA()
Fixed the colorspace for YUV to RGB conversion
Fixed deadlock when opening audio on some systems
Added logging when games are launched with DEBUG_INVOCATION=1
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a stable bugfix release, with the following changes:
Improved validation and fixed memory leaks in the GPU subsystem
Fixed a delay at shutdown when the mouse is grabbed under X11
Do full rectangle intersection for empty rectangles
Fixed destination coordinates when using scale with the software renderer
Clipboard callbacks are only called with the mime types they expect
Fixed the Moonlander MK1 Keyboard being detected as a controller
Fixed the 8BitDo Ultimate 2C Wireless Controller showing up twice on some systems
Added a Linux mapping for the 8BitDo Pro 3 controller
Fixed getting keyboard events from gamepads on iOS 26
Added support for the Zenaim Arcade Controller
Fixed emulated touch on Android
Added a workaround for the Android 14 OS bug "java.lang.NullPointerException android.view.View.onResolvePointerIcon"
Fixed page alignment for the Android release archive
Corrected texture colors on PS2
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use gcc to compile failed for 32 bit arm target
$ echo 'MACHINE = "qemuarm"' >> conf/local.conf
$ bitbake nodejs
...
2645 | );
| ^
../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16'
2643 | vcgeq_u8(input, vdupq_n_u8(' ')),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| uint8x16_t
...
Use '-flax-vector-conversions' to permit conversions between vectors
with differing element types or numbers of subparts
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 49.1
~~~~~~~~~~~~
Released: 2025-10-10
This is a stable release with the following changes:
* Fixed search for additional packages requested by other apps
* Fixed update notifications, which could be missed sometimes
This release also updates translations:
* Bulgarian (twlvnn kraftwerk)
* Catalan (Jordi Mas i Hernandez)
* Chinese (Taiwan) (Cheng-Chia Tseng)
* Esperanto (Kristjan SCHMIDT)
* German (Tim Sabsch)
* Hungarian (Balázs Meskó)
* Interlingua (International Auxiliary Language Association) (Emilio Sepúlveda)
* Occitan (post 1500) (Quentin PAGÈS)
* Portuguese (Hugo Carvalho)
* Uighur (Abduqadir Abliz)
Version 49.0
~~~~~~~~~~~~
Released: 2025-09-12
This is a stable release with the following changes:
* Flag flatpak gpg-agent socket permission as potentially unsafe
* Do not animate featured carousel when animations are disabled
This release also updates translations:
* Basque (Asier Saratsua Garmendia)
* Catalan (Jordi Mas i Hernandez)
* Danish (Alan Mortensen)
* Dutch (Nathan Follens)
* English (United Kingdom) (Andi Chandler)
* Esperanto (Kristjan SCHMIDT)
* Finnish (Jiri Grönroos)
* Galician (Fran Diéguez)
* Georgian (Ekaterine Papava)
* Hebrew (Yaron Shahrabani)
* Hungarian (Balázs Úr)
* Korean (Seong-ho Cho)
* Lithuanian (Aurimas Aurimas Černius)
* Persian (Danial Behzadi)
* Portuguese (Brazil) (Juliano de Souza Camargo)
* Romanian (Antonio Marin)
* Russian (Artur S0)
* Spanish (Daniel Mustieles)
* Swedish (Anders Jonsson)
* Turkish (Sabri Ünal)
* Ukrainian (Yuri Chornoivan)
Version 49~rc
~~~~~~~~~~~~~
Released: 2025-08-29
This is an unstable release with the following changes:
* Show past updates in rpm-ostree plugin
* Always include Flatpak system installation
* Correct total review counter
* Support external release notes in AppStream data
* Support light/dark screenshots in AppStream data
This release also updates translations:
* Catalan (Jordi Mas)
* Chinese (China) (Luming Zh)
* Czech (Daniel Rusek)
* Dutch (Nathan Follens)
* Galician (Fran Diéguez)
* Japanese (Jun Oyamada)
* Persian (Danial Behzadi)
* Polish (Piotr Drąg)
* Russian (Artur S0)
* Slovenian (Martin)
Version 49~beta
~~~~~~~~~~~~~~~
Released: 2025-08-01
This is an unstable release with the following changes:
* Fix read of hardware support tags from app metainfo
* Switch to systemd-based startup
This release also updates translations:
* Chinese (Taiwan) (Cheng-Chia Tseng)
* Friulian (Fabio Tomat)
* Japanese (Takayuki Kusano)
* Romanian (Antonio Marin)
* Russian (Artur S0)
Version 49~alpha
~~~~~~~~~~~~~~~~
Released: 2025-06-27
This is an unstable release with the following changes:
* Improve contrast of some app safety ratings in dark mode
* Improve error handling when fetching app reviews
* Improve memory fragmentation after checking for updates
* Rewrite threading model for better performance
* Provide feedback in the UI after submitting a review
* Fix crash on application shutdown
* Disallow running gnome-software as root user
This release also updates translations:
* Belarusian (Vasil Pupkin)
* Chinese (Taiwan) (Cheng-Chia Tseng)
* Czech (Daniel Rusek)
* English (United Kingdom) (Andi Chandler)
* Friulian (Fabio Tomat)
* German (Philipp Kiemle, Martin Wagner)
* Interlingua (International Auxiliary Language Association) (Emilio Sepúlveda)
* Japanese (Makoto Sakaguchi)
* Kabyle (Athmane MOKRAOUI)
* Latvian (Rūdolfs Mazurs)
* Nepali (Pawan Chitrakar)
* Panjabi (A S Alam)
* Portuguese (Brazil) (Álvaro Burns)
* Romanian (Antonio Marin)
* Slovenian (Martin)
* Turkish (Emin Tufan Çetin)
* Ukrainian (Yuri Chornoivan)
* Uzbek (Baxrom Raxmatov)
* Vietnamese (Cas Pascal)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes in 49.0
=================
- Minor code style cleanups
- Translation updates
Changes in 49.rc
=================
No changes
Changes in 49.beta
=================
- Improve detection of apps' metadata
- Improvements to the Global Shortcuts portal
- Add support for Papers as a print previewer
- Fix a wrong function signature in the USB portal
- Translation updates
Changes in 49.alpha
=================
- Translation updates
Signed-off-by: Khem Raj <raj.khem@gmail.com>
mctp-2.4 was released. It includes a previously submitted patch,
so drop that.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Handles CVE-2025-62168.
Remove CVE patch included in this release.
Refresh remaining patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-Fix-compilation-with-musl.patch is obsolete due to
948ecf8 ("hash: include util.h for MIN macro") included in chrony since
version 3.5.
From chrony's NEWS [1] for the 4.8 release:
Enhancements
------------
* Add maxunreach option to limit selection of unreachable sources
* Add -u option to chronyc to drop root privileges (default chronyc user
is set by configure script)
Bug fixes
---------
* Hide chronyc socket to mitigate unsafe permissions change
* Fix refclock extpps option to work on Linux >= 6.15
* Validate refclock samples for reachability updates
[1] https://chrony-project.org/news.html
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Compilation fails due to undefined types 'uint16_t' and 'uint32_t' in
zip_writer.h. These types are used in struct members but are not recognized
because the required header <cstdint> is not included. This results in
errors such as:
error: 'uint16_t' does not name a type
error: 'uint32_t' does not name a type
Added '#include <cstdint>' to zip_writer.h to ensure fixed-width integer
types are properly defined.
Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Major Changes in 0.16:
Added
Added DMA-BUF encoder support for GStreamer 1.24+
Implemented hardware-accelerated encoding for Intel GPUs
Added environment variable SPICE_CONVERTER_PREFERRED_FORMAT to override converter format
Multi-plane GL scanout support (new spice_qxl_gl_scanout2())
Changed
Improved memslot to preserve address bits for ARM64 TBI/AMD UAI/Intel LAM
Optimized BGR24/BGRX32 conversion when JCS_EXTENSIONS is defined
Removed GStreamer 0.10 support
Send real time to client, instead of synchronizing on both ends, attempting to fix latency issue
Fixes
Fixes a GL_DRAW cookie assertion race
Add SSL_OP_NO_RENEGOTIATION fallback path, fixing w/LibreSSL 3.7.2 builds
Fix Win32 builds
Fix TCP_NOPUSH usage on Darwin
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Major changes in 0.14.5
=======================
* Add SPICE_MSG_DISPLAY_GL_SCANOUT2_UNIX
* Fix for Windows Arm64 build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The build fails due to a macro redefinition conflict for `unreachable()`.
GCC 15.2.0 defines `unreachable()` in `stddef.h`, and `libunwind_i.h` also
defines it based on the presence of `HAVE__BUILTIN_UNREACHABLE`. This causes
a redefinition error when building with `-Werror`.
Added a guard around the `unreachable()` macro definition in `libunwind_i.h`
to ensure it is only defined if not already present.
Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The build fails with a compiler error due to a macro redefinition of 'write'
to '___xxx_write'. This macro substitution interferes with the standard C++
library's definition of std::basic_ostream::write, leading to a mismatch
between function declarations and definitions in <ostream.tcc>.
Wrap the `#undef write` and `#define write ___xxx_write` directives with
`#if defined(__ANDROID__)` to ensure they are only applied when building
for
Android.
Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The ImageMagick 7 suite installs multiple tool symlinks (animate, convert,
identify, etc.) each implemented by their corresponding *.im7 binaries.
The main 'magick' CLI wrapper binary was not included in the ALTERNATIVE list,
This leave '/usr/bin/magick' missing in the image causing scripts and ptests
that rely on the primary 'magick' CLI to fail.
Signed-off-by: AshishKumar Mishra <ashishkumar.mishra@bmwtechworks.in>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The `gpsmon` tool is really deprecated now, after years of its use being
discouraged. The `cgps` tool can be used as a replacement, with the
added benefit that it's more power-efficient because it doesn't reparse
with a slightly different parses like `gpsmon` did.
Drop patch that was applied upstream in https://gitlab.com/gpsd/gpsd/-/merge_requests/406
Upstream changelog:
3.26.1: 17 May 2025
Increment libgps version
Update Debian Trixie in build.adoc
Fix buffer overrun in cgps.
Make gpsmon deprecation slightly more obvious.
Fix some *BSD compiler warnings
Fix numerous typos.
3.26: 11 May 2025
Handle NTRIPv2 that comes in "chunks".
Add many UBX decodes. Mostly in ubxtool, some in gpsd.
Improve TSIP and UBX initialization.
Gather Antenna Status (ant_stat) and Jamming (jam) and send to JSON.
Always build u-blox, RTCM104V2, RTCM104V3 drivers.
Add partial support for badly documented ALLYSTAR GNSS messages.
Add minimal support for Unicore GNSS messages.
Add minimal support for CASIC GNSS messages.
Add minimal support for buggy Inertial Sense GNSS messages.
Try to work better as non-root using non-standard "capabilities".
Add SUBSYSTEM=gnss rule to gpsd.rules
Moved ntploggps from NTPSec to GPSD and renamed to gpslogntp.
Fix many build, Coverity, and Codacy warnings.
Improved Python interface for the lexer.
Add support for new BeiDou PRNs and subframes.
Officially deprecate gpsmon.
Improve support for NMEA 4.11 (a stealthy moving target).
Remove Oceanserver IMU support. Never worked well.
Always with build ubx, NMEA 103, rtcm104v2 and rtcm104v3 support.
Add support for jamming detection.
Add Go client example.
Add support for RTCM3.2
Note: The new "chunk" code led to a short lived bug that led to
CVE-2023-43628, a buffer overrun. That bug never appeared in
any gpsd release.
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- 'setup.py' was missing from the source distribution.
- Fixed test in main.yml.
- Moved tests into subfolder.
- Re-organised files.
- Updated to Unicode 17.0.0.
- Enable free-threading support in cibuildwheel in another place.
- Enable free-threading support in cibuildwheel.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Allow copy to pass different types per column, as long as the database can convert them.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-build_support-fix-cross-compilation-error-when-CC-is.patch
removed since it's included in 1.3.2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
