| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Release notes:
https://github.com/uutils/coreutils/releases/tag/0.7.0
Changes are here:
https://github.com/uutils/coreutils/compare/0.6.0...0.7.0
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Do not pass qrtr=false explicitly since recipe enables or disables it
based on the PACKAGECONFIG value. Also, use += with EXTRA_OEMESON.
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.9.0:
- 1.9.0
- Remove Python 3.8 support (EOL), add Python 3.13 (5f25030)
- Remove localhost and 127.0.0.1 from default NO_PROXY list (#994)
- Support IPv6 CIDRs in the no_proxy option (#1033)
- Fix thread safety condition in `teardown()` to improve `run_forever()` (#1015)
- Fix #1024 by chunking data, recursion in on_error callback, thread leak in `_stop_ping_thread()`, avoid implicit None in `recv()` (#1036)
- Avoid bare except clauses for better error handling (#1036)
- Fix async (#983)
- Resolve mypy type errors (#996, #1006, 813d570)
- Test coverage improvements (#1035, #1036)
- flake8 linting improvements (#1034)
- 1.8.0
- Added `on_reconnect` parameter to WebSocketApp to handle callback ambiguity (#972)
- Improve handling of SSLEOFError and use reconnect bool (#961)
- Minor linting and docs CI build upgrades (981c00e, 75ba91a, bec2608)
License-Update: copyright years refreshed
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Allow newer PyJWT versions for branch 5.3
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
bugfix: retry_limit was never actually triggered during the data transfer phase because errors never accumulated, and
enhancement: replace 3x getc() calls with a single recv() call, reducing timing and failed packets when using fast serial lines without flow control.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
SPDM emulator implementation based on libspdm.
It provides requester and responder tools used for
testing SPDM protocol communication.
Upstream: https://github.com/DMTF/spdm-emu
Signed-off-by: Jino Abraham <jinoabraham26@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed patch included in this release
Changelogs
v1.78.1:
https://github.com/grpc/grpc/releases/tag/v1.78.1
v1.78.0:
https://github.com/grpc/grpc/releases/tag/v1.78.0
C++:
- adding address_sorting dep in naming test build
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tag is not on any branch.
Add tag to SRC_URI.
Changelog:
https://github.com/zchunk/zchunk/compare/1.5.2...1.5.3
Changes:
- update to 1.5.3
- rename internal close() functions to close_zck_component to avoid POSIX conflict on AIX
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'tag' to SRC_URI
Changelog:
https://github.com/stephane/libmodbus/releases/tag/v3.1.12
Changes:
- Fix FD_SET overflow when socket fd >= FD_SETSIZE.
- Check dest pointer not null and nb in read functions.
- NULL check for src and nb < 1 validation in write functions.
- modbus_reply: don't compute address for FC 0x07/0x11.
- Use O_NONBLOCK instead of deprecated O_NDELAY
- Explicit cast for Coverity CID 416366.
- Document required buffer size of modbus_receive.
- Document macros for error codes corresponding to Modbus exceptions
- Fix example of modbus_rtu_set_serial_mode
- Test filesystem provides symlink in autogen.sh
- Sync API signatures with the documentation.
- Many documentation fixes and typo corrections.
- Add coverage target and helper script.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.11.0
Highlights
- kafka-source(): The new kafka() source can directly fetch log messages from the Apache Kafka message bus using the librdkafka client.
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: update GPLv2 COPYING document
Some terminology and FSF address changes since the GPLv2
https://github.com/squid-cache/squid/commit/4c5fbc7e8db25352722de4ebe7fe1cab904b62b6
Remove lines from patch, which modify not exist code.
Changelog:
https://github.com/squid-cache/squid/releases/tag/SQUID_7_4
Changes:
- Do not create world-readable directories
- digest_edirectory_auth: Fix LDAPS memory leaks
- snmplib: Improve handling of zero-length ASN OCTET STRINGs
- Debug tls_read_method()/tls_write_method() errors
- ICMP: Harden echo paths, fix overflows, UB, and leaks
- Set SSL_OP_LEGACY_SERVER_CONNECT when peeking at servers
- security_file_certgen: Fix OPENSSL_malloc()/free(3) mismatch
- Detect FreeBSD ports Heimdal package
- Remove SQUID_CHECK_KRB5_HEIMDAL_BROKEN_KRB5_H macro
- Remove SQUID_CHECK_KRB5_SOLARIS_BROKEN_KRB5_H macro
- ext_kerberos_ldap_group_acl: Do not prohibit all LDFLAGS
- negotiate_sspi_auth: Respond with ERR when FormatMessage() fails
- ... and some code cleanups
- ... and some CI improvements
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://github.com/pocoproject/poco/releases/tag/poco-1.15.0-release
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://github.com/eclipse-paho/paho.mqtt.cpp/releases/tag/v1.6.0
Changes:
- Bumped Paho C submodule to v1.3.16 and updated directory name to externals/paho.mqtt.c
- Some significant performance increases (lower latency) for connect and publish
- Fixed topic_matcher and topic_filter to properly match parent with multi-level ('#') wildcard.
- Slight optimization of topic_filter to do simple string comparison if the filter does not contain wildcards.
- Set a minimum version for Paho C in the CMake file. Report the version found.
- .deb version properly set, and add architecture name to .deb file
- remove const from connect_options_builder 'move' constructor
- fix potential deadlock in thread_queue on capacity increase.
- Incorrect default retain value in a will options constructor
- prevent undefined behaviour on empty topic matching
- Sync reconnect example crashes on first reconnect
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://github.com/eclipse-paho/paho.mqtt.c/releases/tag/v1.3.16
Changes:
- Bumped minimum CMake to v3.12
- Consolidated "Event" thread signaling object.
- Reduce latency on connect #1430
- Fixed warning in Window build for TCP_NODELAY
- Added a .clang-format file and bash script to run it
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://git.netfilter.org/libnetfilter_conntrack/log/?h=libnetfilter_conntrack-1.1.1
Changes:
- libnetfilter_conntrack: bump version to 1.1.1
- src: add support for CTA_TIMESTAMP_EVENT
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed patch included in this release
Changelog: https://github.com/akheron/jansson/releases/tag/v2.15.0
Features:
- Add support for realloc by adding json_set_alloc_funcs2, json_get_alloc_funcs2
Fixes:
- Optimize serializatio
- Fix docstrings in hashtable.h
Build:
- Use target-based cmake settings
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tag is not on any branch.
Changelog:
https://github.com/fluent/fluent-bit/releases?q=4.2.3.1
Changes:
- release: update to 4.2.3
- copyright: update year to 2026
- filter_kubernetes: fix parser annotation leak
- github: scripts: commit_linter: Handle bin prefix for fluent-bit.c
- bin: Handle CONT signal properly under leaks command
- filter_wasm: Handle group metadata
- cmake: kafka: fix OAuth Bearer detection on Windows
- maintenance: update branch and security EOL info
- github: scripts: commit_prefix_check: add config format rules on linter
- readme: update active branch 4.2
- out_opentelemetry: on HTTP/2, read and process gRPC status code
- config_format: cf_yaml: Align the behavior of dirname against POSIX [Backport to 4.2]
- filter_log_to_metrics: fix initialization and exception cleanup
- out_stackdriver: clean up oauth2 cache lifecycle
- filter_kubernetes: Adjust cleanup ordering to avoid use-after-free [4.2 backport]
- in_winevtlog: Add text format for event rendering [Backport to 4.2]
- in_tail: Add skipped_lines counter [Backport to 4.2]
- in_splunk: Implement handling remote addr feature [Backport to 4.2]
- aws: switch AWS Endpoints for European Souvereign Cloud [4.2 backport]
- plugin_proxy: enable event_type specification for proxy plugins (4.2 Backport)
- in_splunk: Plug memory issues [Backport to 4.2]
- dockerfiles: install minimum components and avoiding to use includeRecommended
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: copyright years refreshed
Changelogs:
Asio 1.36.0:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_36_0
- Fixed an issue, introduced in Asio 1.35.0, that prevented the creation of internal threads required for running some asynchronous operations on a thread_pool.
- Fixed co_spawn to adhere to the asynchronous operation requirement for non-reentrant invocation of the completion handler.
- Added the [[noreturn]] attribute to asio::detail::throw_exception.
- Fixed compilation errors in channel<void(error_code)> and concurrent_channel<void(error_code)>.
- Fixed a compilation issue with the Bullseye compiler.
- Fixed an awaitable coroutine compile error with the clang shipped with MSVC.
- Fixed support for platforms that don't define SA_NOCLDWAIT.
- Worked around a warning that occurs when building with _FORTIFY_SOURCE on recent g++.
- Added a documentation note on basic_signal_set async signal safety.
Asio 1.35.0:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_35_0
Asio 1.34.2:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_34_2
Asio 1.34.1:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_34_1
Asio 1.34.0:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_34_0
Asio 1.33.0:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_33_0
Asio 1.32.0:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_32_0
Asio 1.31.0:
https://think-async.com/Asio/asio-1.36.0/doc/asio/history.html#asio.history.asio_1_31_0
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
48.7
====
* Fix wrong network icon on connectivity loss [Antoine; !3910]
* Sort session list on login screen by display name [Balló; !3920]
* Add extended OSK layouts for German and Austrian [Leonidas; !3923]
* Fix leaving VPN auth helper zombie processes [Michael; !3926]
* Fix freeze on modifier-only layout switch shortcut [Sebastian; !3939]
* Fix glitch in list search results [Florian; !3951]
* Fix swipe gestures behaving erroneously in RTL locales [Florian; !3967]
* Fix misplaced separator in dash after unpinning running app [Raghuveer; !1973]
* Fixed crash [Sebastian; !3933]
* Misc. bug fixes and cleanups [Sebastian, Leonidas, Florian, Jonas,
ClarityStorm, Alessandro, Marco, Adrian, Carlos; !3922, !3925, !3931, !3927,
!3932, !3924, !3937, !3940, !3942, !3946, !3943, !3950, !3708, !3917, !3971]
Contributors:
Leonidas Adaktylos, Alessandro Bono, Michael Catanzaro, ClarityStorm,
Carlos Garnacho, Balló György, Raghuveer Kasaraneni, Sebastian Keller,
Antoine Lassagne, Florian Müllner, Marco Trevisan (Treviño), Adrian Vovk,
Jonas Ådahl
Translators:
Antonio Marin [ro]
48.6
====
* Fix key focus on choice list on login screen [Marco; !3849]
* Fix animation glitch when cancelling overview search [Noam; !3888]
* Also send activation token for notifications without app [Marco; !3891]
* Update keyboard indicator on modifier-only layout switches [Carlos; !3895]
* Improve accessibility of screenshot UI [Lukáš; !3908]
* Improve Hindi bolnagri input with on-screen keyboard [Mike; !3911]
* Do not expire notifications that are about to show [Marco; !3905]
* Misc. bug fixes and cleanups [SimonMaracine, Daniel, Marco; !3894, !3892,
!3907, !3904]
Contributors:
Mike FABIAN, Carlos Garnacho, Noam Raz, SimonMaracine,
Marco Trevisan (Treviño), Lukáš Tyrychtr, Daniel van Vugt
Translators:
Abduqadir Abliz [ug]
48.5
====
* Fix connecting to WPA(2) Enterprise networks [Mitchell; !3834]
* Improve order in which extensions are enabled/disabled [Kyrill; !3835]
* Account for scaling when setting cursor location from ibus [Takao; !3729]
* Do not reset the unlock prompt on every tap [Marco; !3852]
* Improve legacy tray icon support [Marco; !3818]
* Fix misplaced background menu [Jonas; !3863]
* Fix layout of app search results in RTL locales [Khalid; !3851]
* Fix notification banners sometimes getting stuck [everyx; !3861]
* Fixed crashes [Johannes, Daniel, Jonas, Alessandro; !3839, !3809, !3872]
* Plugged leak [Sebastian; !3854]
* Misc. bug fixes and cleanups [Michael, Marco, Philip, Jonas; !3813, !3846,
!3853, !3220, !3850, !3855, !3869]
Contributors:
Khalid Abu Shawarib, Alessandro Astone, Mitchell Augustin, Michael Catanzaro,
Jonas Dreßler, everyx, Takao Fujiwara, Sebastian Keller, Johannes Maibaum,
Marco Trevisan (Treviño), Daniel van Vugt, Philip Withnall, Kyrill Zorin,
Jonas Ådahl
Translators:
Cheng-Chia Tseng [zh_TW], Philipp Kiemle [de], Aefgh Threenine [th],
Jiri Grönroos [fi]
48.4
====
* Fix taking interactive screenshots via D-Bus [Florian; !3803]
* Fix pointer scaling glitches in magnifier [Marco; !475]
* Fix drawing glitch in sliders in RTL locales [Sebastian, Khalid; !3817]
* Misc. bug fixes and cleanups [Marco, Sebastian, Florian, Mike, Jonas; !3785,
!3798, !3799, !3816, !3796, !3750]
Contributors:
Khalid Abu Shawarib, Jonas Dreßler, Mike FABIAN, Sebastian Keller,
Florian Müllner, Marco Trevisan (Treviño)
Translators:
Aefgh Threenine [th]
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
gdm requires dbus-run-session and fails to run
org.freedeskktop.systemd1 if using dbus-broker
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0.4.9
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.9.txt
0.4.8
-----
Stable release with bug fixing, support for Debian Buster, Debian Bullseye and Ubuntu Focal
https://github.com/ASPLes/nopoll/blob/master/doc/release-notes/nopoll-0.4.8.txt
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23925
The vulnerability has been fixed since 7.0.18[1], however NVD
tracks this CVE without version information.
[1]: https://github.com/zabbix/zabbix/commit/89dec866ec7f8230b25f06ac000575e3b7bd4025
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This update contains many bugfixes.
Changelog: https://github.com/zabbix/zabbix/blob/7.0.23/ChangeLog
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837
Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport an upstream PipeWire fix into meta-multimedia to correct
UNIX socket path comparison in is_socket_unix() and to preserve
LISTEN_FDS when using sd_listen_fds().
The previous behavior could mis-detect valid systemd-activated sockets
and break subsequent invocations because LISTEN_FDS was unset, even
though the code path can be executed more than once.
Link: https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/f4e174870eb8cbe60c922d3bf181f3eb2347523c
Signed-off-by: Sairamreddy Bojja <sbojja@qti.qualcomm.com>
Signed-off-by: Mohammad Rafi Shaik <mohammad.rafi.shaik@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cmake files files installed by this recipe check the existence of
the binaries in ${bindir}, and throw a fatal error in case it cannot
find the expexted files.
Due to this, it is not possible to include aom in other cmake project,
because it errors out:
The imported target "AOM::aomdec" references the file
|
| ".../recipe-sysroot/usr/bin/aomdec"
|
| but this file does not exist. Possible reasons include: ...
To avoid this error, incldue the content of bindir in the sysroot.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
1.21.2:
- build script for JS/WASM now supports building with JPEG2000
and "ISO23001-17 Uncompressed" support.
- image sequence SAI data now works when using the OpenH264 decoder plugin
1.21.1:
- This patch release only fixes a build error with some GCC versions
because of a missing #include.
1.21.0:
- CVE-2025-68431 fixed
- This release adds full support for reading and writing HEIF image sequences.
- libheif will now encode HEIF image sequences with all included codecs.
- Since HEIF image sequences are very similar to MP4 videos, this new version
is also capable of decoding most MP4 videos (without audio, of course).
- Support for image sequences with alpha channels. For most codecs, the alpha
channel will be stored in a separate, auxiliary, monochrome track. For
ISO/IEC 23001-17 (uncompressed) streams, the alpha channel is stored in
the main video track.
- Support for sequence track edit lists to define the number of sequence
repetitions (without actually repeating the video data).
- New encoder plugin using x264 to write H.264-compressed video streams and images.
- The FFmpeg decoder plugin will now decode both H.265 and H.264.
- Support for HEIF text items and language properties
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Major changes in 1.58.2
=======================
* client: Fix use-after-free when creating async proxy failed (Ondrej Holy)
* daemon: Fix race on subscribers list when on thread (Ondrej Holy)
* ftp: Validate fe_size when parsing symlink target (Ondrej Holy)
* ftp: Check localtime() return value before use (Ondrej Holy)
* CVE-2026-28295: ftp: Use control connection address for PASV data (Ondrej Holy)
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters (Ondrej Holy)
* gphoto2: Use g_try_realloc() instead of g_realloc() (Ondrej Holy)
* cdda: Reject path traversal in mount URI host (Ondrej Holy)
* client: Fail when URI has invalid UTF-8 chars (Ondrej Holy)
* Some other fixes (correctmost, Ondrej Holy)
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
The BPN = libwnck is confusing since it should be libwnck3, use GNOMEBN to
replace BPN to make the SRC_URI work.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
These CVEs were ignored because they were tracked by NVD using
incorrect version information. Since then this information seems
to be reflected correctly, it is not needed to ignore them explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227
https://nvd.nist.gov/vuln/detail/CVE-2026-26228
Both vulnerabilities affect only the Android version of VLC, not
the other ones. Because of this, ignore these CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update:
- Upstream has removed incorrect gplv3 text from the license (because agplv3
is the correct), which changed the checksum
- The recipe had incorrect license indication. Redis 8 is not BSD licensed,
but depending on the user's choice, it's agplv3 or sspl (or custom redis
license, which is not added to the list)
Changelogs:
8.0.6:
- Security fix: A user can manipulate data read by a connection by
injecting \r\n sequences into a Redis error reply
8.0.5:
Bugfixes:
- HGETEX - potential crash when FIELDS is used and numfields is missing
- Potential crash on HyperLogLog with 2GB+ entries
- Cuckoo filter - Division by zero in Cuckoo filter insertion
- Cuckoo filter - Counter overflow
- Bloom filter - Arbitrary memory read/write with invalid filter
- Bloom filter - Out-of-bounds access with empty chain
- Bloom filter - Restore invalid filter [We thank AWS security for
responsibly disclosing the security bug]
- Top-k - Out-of-bounds access
8.0.4:
Security fixes
- (CVE-2025-49844) A Lua script may lead to remote code execution
- (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
- (CVE-2025-46818) A Lua script can be executed in the context of another user
- (CVE-2025-46819) LUA out-of-bound read
New Features
- VSIM: new EPSILON argument to specify maximum distance
Bug fixes
- Potential use-after-free after pubsub and Lua defrag
- Potential crash on Lua script defrag
- HINCRBYFLOAT removes field expiration on replica
- Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE
- Endless client blocking for blocking commands
- Vector sets - RDB format is not compatible with big endian machines
- EVAL crash when error table is empty
- Gracefully handle short read errors for hashes with TTL during full sync
8.0.3:
Security fixes
- (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
- (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
New Features
- VSIM: Add new WITHATTRIBS to return the JSON attribute associated with an element
Bug fixes
- A short read may lead to an exit() on a replica
- db->expires is not defragmented
8.0.2:
Security fixes
- (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE
Bug fixes
- Cron-based timers run twice as fast when active defrag is enabled
Other general improvements
- LOLWUT for Redis 8
8.0.1:
Performance and resource utilization improvements
- Vector sets - faster VSIM FILTER parsing
Bug fixes
- Query Engine - revert default policy search-on-timeout to RETURN
- Query Engine - @__key on FT.AGGREGATE used as reserved field name preventing access to Redis keyspace
- Query Engine - crash when calling FT.CURSOR DEL while retrieving from the CURSOR
Notes
- Fixed wrong text in the license files
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fixes for CVE-2026-27596, CVE-2026-25884 and CVE-2026-27631.
Ptests passed successfully.
Changelog:
Fix leak
CI: update mac runner for 0.28.x branch
Add some new cameras and lenses
Make DataValue::value_ public
fix reading mp4 url box nested in non video/audio track
fix: do not add target exiv2lib if the target already exists
Add size checks to avoid large memory allocations
Fix size calculation in XmpTextValue::size()
Avoid calling std::find or std::string with an invalid range
Backport all changes in .github/workflows from main to 0.28.x
Fix out-of-bounds read in CrwMap::decode0x0805
Fix UBSAN false positive
Upload crash files when fuzzing fails
Remove nightly release
Fix regression in Canon lens detection
fix wrong timescale used to calculate fps
Remove nightly release vestiges
conan: update dependencies
Add Tamron 18-400mm on Nikon D90
Add Ricoh GR IV HDF and Monochrome IDs
Refresh translations
Add build provenance attestation
Add fuzz target for previews
Align some docs to main
Update README.md
add enforce to prevent integer overflow
Add enforce to check for integer overflow
Release Exiv2 version 0.28.8
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also fixes CVE-2026-3102
Changelog:
13.52:
- Added a number of new XMP tags written by Adobe software
- Added UTF-16 support for a few different metadata types in which only UCS-2
was previously implemented
- Added a few more Canon FlashModel values and decode FlashModel for the
5DmkII
- Added a new Canon LensType
- Added some missing file attribute bits to two of the new LNK tags
- Decode internal serial number for the 5DmkII
- Decode another OwnerName for the 5DmkII
- Decode some timed GPS for a couple of new DJI drones
- Enable WindowsLongPath by default only if Win32::API is available
- Renamed the Pentax K3III AFInfo tag to AFInfoK3III
13.51:
- Added a new Nikon LensID
- Decode more tags from Windows LNK files
- Decode another LIGOGPSINFO variant
- Decode some new Canon tags
- Decode some new Nikon tags
- Split decoding on Nikon BurstGroupID into separate tags
- Fixed round-off error in GPSDateTime seconds for camm6 metadata in MP4
videos introduced in 13.45
- Fixed bug generating the default-language version of
QuickTime:LocationInformation
13.50:
- Added a few new Sony lenses
- Added a couple of new Canon lenses
- Decode another Samsung trailer tag
- Decode BlackLevels from some Canon CRW files
- Updated Sony maker note decoding for the ILCE-7M5
- Patched potential MacOS security issue
- Fixed -list options so reading image files beforehand doesn't add tags to
the output when running multiple commands using the -execute feature
13.49:
- Decode a couple of new Samsung trailer tags
- Disabled decoding of MenuSettings for the Nikon Z6III firmware 2.0 until the
changes can be worked through in detail
- Fixed problem where Google Photos had problems displaying ExifTool-edited
HEIC MotionPhoto images. Files written by older versions of ExifTool may be
repaired by re-writing with 13.49 or later
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
It is fixed already in the currently used version, however NVD tracks
it without any version info, so it still shows up in CVE reports.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Contains many CVE and bugfixes.
Changelog: https://github.com/FreeRDP/FreeRDP/releases/tag/3.23.0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This resolves USDT probe test failures on ARM64 platforms.
Without these changes, the .note.stapsdt section containing probe
information was missing entirely on ARM64, causing test failures when
attempting to find and attach to USDT probes in the BCC test suite.
Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5491]
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes issue where bpf.get_syscall_fnname() on riscv64 returns bare syscall
name instead of the prefixed _riscv_sys variant, causing kprobe
attachment failures.
Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5490]
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes issue where bpf.get_syscall_fnname() on ARM64 returns bare syscall name
instead of the prefixed _arm64_sys variant, causing kprobe attachment failures.
Now detects ARM64 prefix alongside x64 (x64_sys) and generic (sys) prefixes.
Upstream-Status: Submitted [https://github.com/iovisor/bcc/pull/5489]
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files
Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Drop the patch that is included in this release.
Actually that is also the changelog since the previous version - there
were no other changes beside the accepted patch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changes:
- Added abilty to build and run in a docker container
- kas is the default symbol lookup method now
- Fix building without libtool installed
- Misc fixes for kas lookup logic
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The last release was almost a decade ago, but there are quite
a few commits that were added to the project since that.
Instead of waiting for a new release, use the tip of the repository.
Changelog:
https://github.com/jpbarrette/curlpp/compare/v0.8.1...ec1b66e699557cd9d608d322c013a1ebda16bd08
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is fetched from git, so the checksums are not doing anything.
While touching it, switch to the project's own license file instead
of using a generic one from the COMMON_LICENSE_DIR.
The license itself has not changed, still gpl 2.0, only.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v51 series will get support only for about 2 more years, but v62
just started its ~4 years long support cycle.
Drop patches that are included in this release, or were solved on another
way by upstream.
Changelog:
62.0: https://github.com/linux-rdma/rdma-core/releases/tag/v62.0
61.0: https://github.com/linux-rdma/rdma-core/releases/tag/v61.0
60.0: https://github.com/linux-rdma/rdma-core/releases/tag/v60.0
59.0: https://github.com/linux-rdma/rdma-core/releases/tag/v59.0
58.0: https://github.com/linux-rdma/rdma-core/releases/tag/v58.0
57.0: https://github.com/linux-rdma/rdma-core/releases/tag/v57.0
56.0: https://github.com/linux-rdma/rdma-core/releases/tag/v56.0
55.0: https://github.com/linux-rdma/rdma-core/releases/tag/v55.0
54.0: https://github.com/linux-rdma/rdma-core/releases/tag/v54.0
53.0: https://github.com/linux-rdma/rdma-core/releases/tag/v53.0
52.0: https://github.com/linux-rdma/rdma-core/releases/tag/v52.0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The patch removed manual generation completely from the build scripts,
however upstream has added a configure option in version 1.11.0[1] to
do it in a more gentle way.
Drop the patch, and use the configure option instead.
[1]: https://github.com/tinyproxy/tinyproxy/commit/5ba958829f73ecc02658a46f5b1bba5ffed2281d
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bugfix release. Changes:
- USB HID dissector memory exhaustion. CVE-2026-3201.
- NTS-KE dissector crash. CVE-2026-3202.
- RF4CE Profile dissector crash. CVE-2026-3203.
- Wireshark doesn’t start if Npcap is configured with
"Restrict Npcap driver’s Access to Administrators only"
- PQC signature algorithm not reported in signature_algorithms.
- Unexpected JA4 ALPN values when space characters sent.
- Expert Info seems to have quadratic performance (gets slower and slower)
- IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded.
- TShark and editcap fails with segmentation fault when output format (-F) set to blf.
- Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee
Direct Tunneling Zigbee NWK PDUs NULL hash table]
- Wiretap writes pcapng custom options with string values invalidly.
- RDM status in Output Status (GoodOutputB) field incorrectly
decoded in Art-Net PollReply dissector.
- Wiretap writes invalid pcapng Darwin option blocks.
- TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to
incorrect expectation of TYPE_VARLEN (MaxLen)
- Only first HTTP POST is parsed inside SOCKS with "Decode As".
- TShark: Bogus "Dissector bug" messages generated in pipelines
where something after tshark exits before reading all its input.
- New Diameter RAT-Types in TS 29.212 not decoded.
- Malformed packet error on Trigger HE Basic frames.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
