summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Revert "minizip: upgrade 1.3.1 -> 1.3.2"Khem Raj2026-04-011-2/+2
| | | | This reverts commit 0aaec1940711c0ba9792a56071b32a2801dcf61e.
* minizip: upgrade 1.3.1 -> 1.3.2Wang Mingyu2026-04-011-2/+2
| | | | | | | License-Update: "Version 1.1, February 14h, 2010" removed Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vsftpd: Fix multilib install conflictsZheng Ruoqin2026-04-011-1/+2
| | | | | | | | | | Fix following error when multilib is used: Running transaction test Error: Transaction test error: file /etc/pam.d/vsftpd conflicts between attempted installs of vsftpd-3.0.5-r0.x86_64_v3 and lib32-vsftpd-3.0.5-r0.core2_32 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* thunar: upgrade 4.21.4 -> 4.21.5Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============ - Popup menu at tab label on keybord activated - Add keyboard support for context menu on terminal - Add keyboard support for history menu on back and forward buttons - Add keyboard support for context menu on toolbar - Popup menu on tree view item for keyboard activated - Popup menu at focused widget on keyboard activated - Disable overlay scrolling by default (#367) - Wrap long filenames in error dialogs (#1412) - Limit filname length for create/rename (#1812) - Add fallback for backdrop highlight color - Properties dialog - add separator for fs data - Show filesystem type in preferences - At tooltips to 'Capacity' and 'Usage' (#1806) - Show as well 'usable' size in 'Capacity' row (#1806) - Differ between total and usable fs space (#1806) - Add help text for URL arguments - Call xfconf_shutdown before exit - Store pending column size changes on close (#1318) - Use GtkTreeModelFilter for tree view side pane (#1460) - Tree-view pane: Fix wrong selection on open new window - Prevent shortcuts view focus lost (#1675) - Add 'grab_focus' parameter to 'set directory' calls (#1675) - Expose drag-drop-mode in preferences - Init media_fs_uuids on startup - Never ask twice on replace/overwrite (#1794) - Fix translations for XML file (#1790) - Improve statusbar loading text (#1787) - Detect CDROM media changes using ID_FD_UUID udev property - Add %d to strings to fix some transl. (#939) - Pass current dir to catfish (#1785) - Ignore G_IO_ERROR_NOT_SUPPORTED (#1782) - Show selection busy information on statusbar Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* thingsboard-gateway: upgrade 3.8.2 -> 3.8.3Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* sip: upgrade 6.15.2 -> 6.15.3Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* setxkbmap: upgrade 1.3.4 -> 1.3.5Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-werkzeug: upgrade 3.1.6 -> 3.1.7Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | Changelog: ========== - parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. - WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. - Transfer-Encoding is parsed as a set. - Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. - Fix multipart form parser handling of newline at boundary. - Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. - merge_slashes merges any number of consecutive slashes. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-tomli: upgrade 2.4.0 -> 2.4.1Wang Mingyu2026-04-011-1/+1
| | | | | | | | Changelog: Limit number of parts of a TOML key to address quadratic time complexity Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-sentry-sdk: upgrade 2.55.0 -> 2.56.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | Changelog: ========= - (asgi) Add option to disable suppressing chained exceptions - (logging) Separate ignore lists for events/breadcrumbs and sentry logs - Set exception info on streaming span when applicable - Patch AsyncStream.close() and AsyncMessageStream.close() to finish spans - Patch Stream.close() and MessageStream.close() to finish spans - (starlette) Catch Jinja2Templates ImportError - Add note on AI PRs to CONTRIBUTING.md - Pin GitHub Actions to full-length commit SHAs - Add -latest alias for each integration test suite - Use date-based branch names for toxgen PRs - Update test matrix with new releases (03/19) - Add client report tests for span streaming Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-regex: upgrade 2026.2.28 -> 2026.3.32Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-redis: upgrade 7.3.0 -> 7.4.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | Changelog: ========== - Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999) - Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998) - Refactored connection count and SCH metric collection (#4001) - Refactored health check logic for MultiDBClient (#3994) - Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-pyais: upgrade 2.20.0 -> 2.20.1Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | this release reduces the supply chain attack surface - pins dependencies - pins workflows - adds a SHA256 hash sum for deployed artifacts - migrates to PyPI trusted publishing Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-marshmallow: upgrade 4.2.2 -> 4.2.3Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | Changelog: =========== - Make marshmallow.fields.Number and marshmallow.fields.Mapping abstract base classes to prevent using them within Schemas - Allow required to be set on marshmallow.fields.Contant - Fix marshmallow.validate.OneOf emitting extra pairs when labels outnumber choices - Fix behavior when passing a dot-delimited attribute name to partial for a key with data_key set - Fix Enum field by-name lookup to only return actual members - marshmallow.fields.DateTime with format="timestamp_ms" properly rejects bool values - Fix typing of error_essages argument to marshmallow.fields.Field - Add ipaddress.* to marshmallow.Schema.TYPE_MAPPING - Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-ipython: upgrade 9.11.0 -> 9.12.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-gunicorn: upgrade 25.1.0 -> 25.3.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug Fixes ========== - HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558) - ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk - HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561) - Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556) - Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563) - uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. - FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. Previously only supported old-style __getitem__ iteration which broke code explicitly using iter() or next(). Security ============= - ASGI Parser Header Validation: Add security checks per RFC 9110/9112: - Reject duplicate Content-Length headers - Reject requests with both Content-Length and Transfer-Encoding - Reject chunked transfer encoding in HTTP/1.0 - Reject stacked chunked encoding - Validate Transfer-Encoding values - Strict chunk size validation Changes ========== - Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection - ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser - Docker Images: Update to Python 3.14 New Features ============ - Fast HTTP Parser (gunicorn_h1c 0.6.0): Integrate new exception types and limit parameters from gunicorn_h1c 0.6.0 for both WSGI and ASGI workers - Requires gunicorn_h1c >= 0.6.0 for http_parser='fast' - Falls back to Python parser in auto mode if version not met - Proper HTTP status codes for limit errors (414, 431) Performance ============ - ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance - Callback-based parsing with direct bytearray buffer operations - Use bytearray.find() directly instead of converting to bytes first - Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs O(n)) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-fsspec: upgrade 2026.2.0 -> 2026.3.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-fastapi: upgrade 0.135.1 -> 0.135.2Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-faker: upgrade 40.11.0 -> 40.12.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | Changelog: Add address providers for ar_DZ and fr_DZ locale Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-eth-utils: upgrade 5.3.1 -> 6.0.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-eth-typing: upgrade 5.2.1 -> 6.0.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-eth-hash: upgrade 0.7.1 -> 0.8.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-dateparser: upgrade 1.3.0 -> 1.4.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security fixes: ================= - Remove import-time loading of timezone offset data from pickle to prevent unsafe deserialization from packaged data - Replace eval() use when parsing no_word_spacing with strict boolean parsing to prevent code execution from locale metadata (#1056) New features: ============= - Add support for expressions like "N {interval} from now" in English (#1271) - Add support for the en-US locale (#1222) Fixes: ======== - Honor REQUIRE_PARTS for ambiguous month-number inputs by retrying with a year-biased DATE_ORDER (#1298) - Fix parsing word-number relative phrases such as "two days later" (#1316) - Allow md5hash to work in FIPS environments (#1267) Improvements: ============= - Add Bosnian Cyrillic (ijekavica) date translations (#1293) - Add a new browser-based demo to the project documentation (#1306) - Update installation documentation to replace setup.py install guidance - Add a project security policy Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-cmake: upgrade 4.2.3 -> 4.3.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | Changelog: docs: mention Windows ARM in README Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-bleak: upgrade 3.0.0 -> 3.0.1Wang Mingyu2026-04-011-1/+1
| | | | | | | | Changelog: Fixed AttributeError in start_notify() and stop_notify() on Android. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-anyio: upgrade 4.12.1 -> 4.13.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: =========== - Dropped support for Python 3.9 - Added a ttl parameter to the anyio.functools.lru_cache wrapper - Widened the type annotations of file I/O streams to accept IO[bytes] instead of just BinaryIO - Fixed anyio.Path not being compatible with Python 3.15 due to the removal of pathlib.Path.is_reserved() and the addition of pathlib.Path.__vfspath__() - Fixed the BrokenResourceError raised by the asyncio SocketStream not having the original exception as its cause - Fixed the TypeError raised when using "func" as a parameter name in pytest.mark.parametrize when using the pytest plugin - Fixed the pytest plugin not running tests that had the anyio marker added programmatically via pytest_collection_modifyitems - Fixed cancellation exceptions leaking from a CancelScope on asyncio when they are contained in an exception group alongside non-cancellation exceptions - Fixed Condition.wait() not passing on a notification when the task is cancelled but already received a notification - Fixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* python3-aiohttp: upgrade 3.13.3 -> 3.13.4Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* parallel: upgrade 20260222 -> 20260322Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ngtcp2: upgrade 1.21.0 -> 1.22.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libwebsockets: upgrade 4.5.7 -> 4.5.8Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libharu: upgrade 2.4.5 -> 2.4.6Wang Mingyu2026-04-011-2/+2
| | | | | | | | | | | | | | | | Changelog: =========== - TTF security fixes - Fix #334 - HPDF_FAILD_TO_ALLOC_MEM missing - Compatibility with Higher version of Delphi - Remove restriction on user password to be different from owner password - Fix various typos - Fix Build error for Win32 (x86) due to modifier mismatch #350 - CMakeLists.txt: install docs and bindings to DOCDIR - Adapt CMake scripts for WebAssembly compilation Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* libgedit-gfls: upgrade 0.3.1 -> 0.4.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* jsoncons: upgrade 1.5.0 -> 1.6.0Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | Changelog: ============ - Git PR #673: Fix warning for non clang builds on linux - Git Issue #675: std::chrono conversion does not compile with libc++ - Git PR #679: Fix double colon in url generator - Git PR #680: Added missing space after "found" in maximum_validator - Git PR #685: optimize semantic_tag::noesc write_string - Git PR #687: jmespath: allow rhs_expression in a keyvalue - expression - Git PR #688,#689: jmespath: where possible without losing information, - store the result of ceil and floor as basic_json integer values - rather than double values. - Added toon-format extension Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* glaze: upgrade 7.2.1 -> 7.2.2Wang Mingyu2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | Improvements ============= error_on_missing_array_elements option Glaze vs Boost.Beast HTTP server benchmarks and optimizations custom optional support Add clang-cl CI workflow Make REST router more like a map and allow overwriting routes Fixes ====== YAML fix for generic_u64 and generic_i64 format_context to support specifying YAML in opts format field glz::patch support for all glz::generic_ types Avoid erroring on nullable value types Fix GNU-style flag passing to MSVC frontend Nullable value write skipping Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* gegl: upgrade 0.4.68 -> 0.4.70Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* gedit: upgrade 49.0 -> 50.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* fastfetch: upgrade 2.60.0 -> 2.61.0Wang Mingyu2026-04-011-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* debootstrap: upgrade 1.0.142 -> 1.0.143Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* ctags: upgrade 6.2.20260322.0 -> 6.2.20260329.0Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* b4: upgrade 0.15.0 -> 0.15.1Wang Mingyu2026-04-011-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* audit: upgrade 4.1.3 -> 4.1.4Wang Mingyu2026-04-012-6/+6
| | | | | | | | | | | | | | | | | | | | | 0001-Fixed-swig-host-contamination-issue.patch refreshed for 4.1.4 Changelog: =========== - Update syscalls and io_uring tables for the 7.0 kernel - Code cleanups - Avoid blocking auditd while handling disk space alerts - Tighten auditctl permission checks and rule deletion handling - Fix ausearch and auparse parsing for several newer record types - Prevent queue resize races in audisp and oversize records in af_unix - Fix memory safety issues in auparse and the audisp filter plugin - Improve reliability of audisp-remote, auplugin, and the ids plugin - Fix stats collection and parsing in the audisp-statsd plugin - Refresh ausearch and aureport man pages Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nss: upgrade 3.121 -> 3.122Jason Schonberg2026-04-011-1/+1
| | | | | | | Changelog: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* giflib: upgrade 5.2.2 -> 6.1.2Gyorgy Sarvari2026-04-012-37/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was merged upstream. License update: a copyright line was removed. The license is still MIT. Changes: Version 6.1.2 ============= Code Fixes ---------- * Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild, but not the core library - library clients need not be alarned. Version 6.1.1 ============= This release bumps the major version, but only one entry point - EGifSpew() - has changed signature and behavior (in order to be able to pass out a detailed error code). The internal error codes in the E_GIF_ERR series have changed value so none of them collides with GIF_ERROR. This code has been systematically audited and hardened wuth ChatGPT-5.2. The only library fixes reported by users or found by robot were for some memory leaks that could only triggered by severely malformed GIFs. Other bugs are edge-case failures in the CLI tools. The gif2rbg CLI tool has been moved to the "obsolete" bin, because its only deployment case in 2026 is as a piñata at fuzzer parties. Warning: the CLI tools in the obsolete category will soon be removed from the distribution entirely. The maintainer is tired of fielding junk bugs filed against them by would-be coup-counters who found yet another edge case, and the rest of the world doesn't need noisy CVEs that aren't actually DoS or security issues for giflib clients. Code Fixes ---------- * Fix for CVE-2021-40633. * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #171 ImageMagick required to build giflib on non-Darwin Platforms * Fix SF bug #172 Incorrect object files in shared libutil on darwin * Fix SF bug #173 installation of manual pages and html documentation * Fix SF bug #175 Memory leaks in gifecho.c's main() and in gifalloc.c's GifMakeMapObject * Fix SF bug #177 wrong pointer used in giftool getbool * Fix SF bug #179 Path Traversal vulnerability * Fix SF bug #180: -Wformat-truncation likely pointing out an actual bug * Fix SF bug #182 out‐of‐bounds writes in Icon2Gif * Fix SF bug #184 uninitialized buffer in DumpScreen2RGB * Fix SF bug #185 integer overflow in gifbg.c * Fix SF bug #186 integer overflow in Icon2Gif * Fix SF bug #187: CVE-2025-31344 * Fix SF bug #170 Tests failing on Ubuntu Noble, giftext buffer overflow * Fix SF bug #165 EGifSpew leaks GifFileOut->SColorMap * Fix SF bug #162 detected memory leaks in GifMakeSavedImage giflib/gifalloc.c * Fix SF bug #161 detected memory leaks in EGifOpenFileHandle giflib/egif_lib.c * Fix SF bug #142 ABI break public symbol GifQuantizeBuffer Other bugs that duplicate these have breen addressesed by these fixes * SF bug #156 EGifSpew leaks SavedImages (and more); won't fix, caller might want to write a GIF, modify the in-memory data, then write again. Tests ----- Test suite now emits TAP (Test Anything Protocol). Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* canopenterm: Update to intermediate version 2.01Michael Fitzmayer2026-04-011-2/+2
| | | | | | | | - Intermediate release to be able to use a proper version tag in the Yocto recipe. Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* canopenterm: update to version 2.00Michael Fitzmayer2026-04-012-40/+5
| | | | | | | | | | - Switched to a new versioning scheme: 1.0.13 -> 2.00 - Reworked CAN interface handling by migrating to the CANvenient abstraction layer - Improved/updated auto-completion using isocline - Various bug fixes Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* canvenient: update to version 1.01Michael Fitzmayer2026-04-011-0/+41
| | | | | | | | | - Add versioning - New version to be able to use a proper version tag in the Yocto recipe Signed-off-by: Michael Fitzmayer <mail@michael-fitzmayer.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: remove (another) obsolete CLAGS extensionGyorgy Sarvari2026-04-011-7/+0
| | | | | | | | | | The incompatible pointer warning/error has been fixed upstream[1], no need for custom CFLAGS for this anymore. [1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/43bcfbcdf5e255544adee3d02d0e98efa088c5d3 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* networkmanager: remove obsolete CLAGS extensionGyorgy Sarvari2026-04-011-7/+0
| | | | | | | | | | Compilation with musl has been fixed by upstream[1], no need for custom CFLAGS for this anymore. [1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/d38b5d92ee66b0243fd5ea6d8fdf58a456e3a5f4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* zabbix: ignore multiple CVEsGyorgy Sarvari2026-04-011-0/+4
| | | | | | | | | | | | | | | | | CVE-2026-23919: Has been fixed since version 7.0.19[1], mark it as patched CVE-2026-23920: Has been fixed since version 7.0.22[2], mark it as patched CVE-2026-23921: Has been fixed since version 7.0.22[3], mark it as patched CVE-2026-23923: The vulnerable code isn't present in 7.0 yet, it is specific to 7.4 versions. Compare the fix[4] in 7.4, which is changes code that doesn't exist in the recipe version. Ignore this CVE due to this. [1]: https://support.zabbix.com/browse/ZBX-27638 [2]: https://support.zabbix.com/browse/ZBX-27639 [3]: https://support.zabbix.com/browse/ZBX-27640 [4]: https://github.com/zabbix/zabbix/commit/043c28c2083bf8ea596966f2b6b51a26de7deca3 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* zabbix: upgrade 7.0.23 -> 7.0.24Gyorgy Sarvari2026-04-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: - reverted the custom-on-fail discard value behavior so that it now correctly discards the value instead of resetting the error state and recalculating dependent items - added possibility to switch SSO user on internal login failures - improved trigger-related postprocessing after configuration cache sync - fixed graph rendering for items using throttling - updated man page and help message for zabbix_js - improved Device status mapping and added trigger for Meraki template - updated maximum supported TimescaleDB version to 2.25 - fixed script macros expanding via Zabbix proxy during autoregistration - fixed dependent item error message clearing in preprocessing - fixed incorrect filter being applied when switching subfilters in multiple tabs in Data collection->Hosts->Items, Monitoring->Hosts->Graphs - fixed regexp runtime error when processing log* items with unspecified encoding by sanitizing invalid UTF-8 - fixed inability to delete host, user, or template groups when accordingly hosts, users, or templates belonging to them were previously deleted in parallel requests - improved Teams Workflow webhook to use ALERT.SENDTO macro - fixed redirect link when deleting host or template from item or item prototype list - fixed snmp cache housekeeping not to interrupt scheduling - fixed system.run not terminating commands correctly on Zabbix agent 2 - fixed showing some selected value by default for Map navigation tree widget if listener does not exist - fixed multiple event generation not to generate changelog entries on new events - fixed compilation of Zabbix agent on HP-UX 11.23 (ia64) - fixed "daylight saving time" error for scheduled reports - fixed inability to return "not supported" via user parameters - fixed discovery uniqueness criteria bug - updated documentation links for Create template group and Create host group - fixed checkboxes "SSL verify peer" and "SSL verify host" not being selected when corresponding label is clicked in media type form - fixed message box display bug in Monitoring problems page Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-21 20:14:17 +0000