summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
* Revert "minizip: upgrade 1.3.1 -> 1.3.2"master-nextKhem Raj3 hours1-2/+2
| | | | This reverts commit 0aaec1940711c0ba9792a56071b32a2801dcf61e.
* minizip: upgrade 1.3.1 -> 1.3.2Wang Mingyu3 hours1-2/+2
| | | | | | | License-Update: "Version 1.1, February 14h, 2010" removed Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fvwm,xscreensaver: Remove xuser-account runtime depKhem Raj3 hours2-4/+0
| | | | | | Its needed after merge of xuser-account recipe with xserver-nodm-init Signed-off-by: Khem Raj <raj.khem@gmail.com>
* canopenterm: Workaround cmake hangKhem Raj3 hours1-3/+4
| | | | | | | | | * Disable BUILD_YOCTO to avoid cmake hang * Add needed build fixes and always use gcc since clang emits additional errors which can not be fixed without major surgery Signed-off-by: Khem Raj <raj.khem@gmail.com>
* canopenterm: Upgrade to 1.0.14Khem Raj3 hours1-4/+3
| | | | | | | Changes https://github.com/CANopenTerm/CANopenTerm/releases/tag/v1.0.14 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* wtmpdb: add DEBUG_PREFIX_MAP to LDFLAGS to fix qa errorGyorgy Sarvari3 hours1-0/+2
| | | | | | | | | | Fixes qa error: ERROR: wtmpdb-0.11.0-r0 do_package_qa: QA Issue: File /usr/bin/.debug/wtmpdb in package wtmpdb-dbg contains reference to TMPDIR [buildpaths] ERROR: wtmpdb-0.11.0-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libwtmpdb.so.0.11.0 in package wtmpdb-dbg contains reference to TMPDIR [buildpaths] ERROR: wtmpdb-0.11.0-r0 do_package_qa: QA Issue: File /usr/lib/security/.debug/pam_wtmpdb.so in package wtmpdb-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libssh: drop obsolete CVE_STATUS variablesGyorgy Sarvari3 hours1-3/+0
| | | | | | | | Since adding these statuses NVD corrected their DB, and now both CVEs are tracked with the correct version. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bpftool: add missing build dependencyGyorgy Sarvari3 hours1-1/+1
| | | | | | | | | | Add openssl as a dependency. Fixes compilation error: | sign.c:16:10: fatal error: openssl/opensslv.h: No such file or directory | 16 | #include <openssl/opensslv.h> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* transmission: upgrade 4.1.0 -> 4.1.1Gyorgy Sarvari3 hours1-1/+3
| | | | | | | | | | | Also disable running clang-tidy on the code. On one hand the cmake script is trying to run the target version of it, and on the other hand it is not needed for compiling it, it is intended for upstream developers. Changelog: https://github.com/transmission/transmission/releases/tag/4.1.1 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* sysdig: upgrade 0.28.0 -> 0.39.0Liu Yiding3 hours5-85/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade sysdig to solve build failure after upgrading valijson to 1.1.0. 1.Changelog https://github.com/draios/sysdig/releases/tag/0.39.0 2.Update 0001-cmake-Pass-PROBE_NAME-via-CFLAGS.patch for 0.39.0 3.Remove following patches as merged upstream 0001-Add-cstdint-for-uintXX_t-types.patch 0001-libsinsp-fix-build-with-gcc-15.patch 4.Add 0001-Avoid-duplicate-operations-of-add_library.patch to fix do_configure errors -- Existing strlcat found, will *not* use local definition CMake Error at falcosecurity-libs/userspace/libscap/CMakeLists.txt:64 (add_library): add_library cannot create target "scap_error" because another target with the same name already exists. The existing target is a static library 5.Add CMAKE option -DBUILD_SYSDIG_MODERN_BPF=OFF to fix bpf header file not found issue sysdig/0.39.0/recipe-sysroot/usr/include/bits/syscall.h:23:10: fatal error: 'bits/syscall-32.h' file not found | 23 | #include <bits/syscall-32.h> 6.Add do_configure:prepend() function and CFLAGS/CXXFLAGS to fix header file not found issue sysdig/0.39.0/sources/sysdig-0.39.0/falcosecurity-libs/userspace/libscap/engine/kmod/scap_kmod.c:30:10: fatal error: driver_config.h: No such file or directory | 30 | #include <driver_config.h> 7.Add do_compile:append() function to fix do_package QA Issue Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fwupd-efi: upgrade 1.7 -> 1.8Ankur Tyagi3 hours1-8/+2
| | | | | | | | | | Also include tag in the SRC_URI Release Notes: https://github.com/fwupd/fwupd-efi/releases/tag/1.8 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* agent-proxy: Ensure that OE cflags are passed properly to buildKhem Raj3 hours1-1/+1
| | | | | | | | | | | Current builds were extracting the relevance from LDFLAGS, which is not the right thing to do. cflags carry the right elements to ensure reproducibility with OE, so ensure its respected by makefile Fixes WARNING: agent-proxy-1.97-r0 do_package_qa: QA Issue: File /usr/bin/.debug/agent-proxy in package agent-proxy-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Khem Raj <raj.khem@gmail.com>
* memstat: Pass OE environment CFLAGS to makefileKhem Raj3 hours2-0/+31
| | | | | | Helps with reproducible builds Signed-off-by: Khem Raj <raj.khem@gmail.com>
* qad: add patch to build with glibc 2.43Gyorgy Sarvari3 hours2-1/+32
| | | | | | | | | | As the subject says. Fixes compilation error: | ../sources/qad-0.0+git/src/server.c:212:22: error: initialization discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] | 212 | char *pLastSlash = strrchr(url, '/'); Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* conserver: Add recipe for remote console serverJörg Sommer3 hours4-0/+191
| | | | | | | | The patches are required to build with detached build directory and cross-compiling. Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spectre-meltdown-checker: Update 0.46 -> gitJörg Sommer3 hours1-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The git repo gained some bugfixes, esp. for arm32. But there was no release since mid 2023. So, use the git repo. a20641f fix: handle non-numeric ARM CPU architecture values d550ea8 fix: harmless 'dmesg: write error' that could happen on some systems 8e33a1d fix: set cpu_* vars to a default value 68b4617 update: fwdb from v345+i20251110+4df2 to v347+i20251110+615b, 2 microcode changes 9fed5ce update: fwdb from v344+i20250811+1523 to v345+i20251110+4df2, 45 microcode changes 72bce72 chore: really fix autoupdate workflow to avoid useless PRs 5f18e67 chore: fix autoupdate workflow a8466b7 fix CVE-2017-5715 reporting when IBRS_FW is enabled b99be23 update: fwdb from v296+i20240514+988c to v344+i20250811+1523, 128 microcode changes ee4cfd0 chore: add autoupdate workflow for fwdb c2c60e0 chore: fix recent shellcheck warnings bae43d8 Replace head -1 by head -n1 34c6095 fix: Linux 6.9+ changed some config options names (#490) e806e4b chore: docker compose v2 388d44e Fix Retpoline detection for Linux 6.9+ (issue #490) bd0c7c9 fix: typo introduced by #483, fixes #486 d70e4c2 fwdb: update to v296+i20240514+988c 4e29fb5 fix: ucode_platformid_mask is hexa (fixes #485) 0f2edb1 feat: blacklist some more microcodes (fixes #475) 8ac2539 fix: microcode check now supports pf_mask (fixes #482) 97f4d5f feat(reptar): add detection and mitigation of Reptar 9b7b09a fix(inception): continued mitigation detection c94811e fix(inception): Zen1/2 results based on kernel mitigations 3e67047 feat(inception): README ecee757 feat(inception): kernel checks + sbpb support detection fb6933d feat(inception): Zen1/2 IBPB and SMT checks dc6921a feat(inception): handle sysfs interface 3167762 feat(inception): start supporting AMD inception 44223c5 fix: bsd: kernel version detection dbe208f enh: downfall: detect kernel mitigation without sysfs aca4e2a enh: move root warning to the bottom c1c1ac4 feat(downfall): detection of the kernel mitigation relying on dmesg ba0daa6 feat: downfall: add kernel soft mitigation support check 227c0aa feat(downfall): add downfall checks 8ba3751 fwdb: update to latest Intel ucode versions d013c0a doc: add kernel src as additional ucode version source cbe8ba1 fix: inteldb: cpuid 0x00090660 and 0x000A0680 9c2587b enh: when CPUID can't be read, built it by ourselves 2a5ddc8 feat: add Intel known affected processors DB 2ef6c1c enh: factorize file download func 3c22401 chore: update disclaimer and FAQ Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* minicoredumper: backport patch to build with glibc 2.43Gyorgy Sarvari3 hours2-0/+45
| | | | | | | | | | | | As the subject says. Fixes compilation error: | ../../../sources/minicoredumper-2.0.7/src/coreinject/main.c: In function 'inject_data': | ../../../sources/minicoredumper-2.0.7/src/coreinject/main.c:248:11: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] | 248 | p = strrchr(b_fname, '/'); Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* liboauth2: Backport a patch to build with glibc 2.43Peter Kjellerstedt3 hours2-1/+34
| | | | | | | | Also remove PV. There is no need to set PV since the version is in the recipe file name. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cjose: Remove PVPeter Kjellerstedt3 hours1-1/+0
| | | | | | | There is no need to set PV since the version is in the recipe file name. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* luaposix: Upgrade to 36.3HEADmasterKhem Raj45 hours1-4/+4
| | | | | | | | | | Fix build with lua 5.5 License-Update: bump copyright years to 2025 [1] [1] https://github.com/luaposix/luaposix/commit/07cf96f23c10ad01736205e6ca18375a208d05bf Signed-off-by: Khem Raj <raj.khem@gmail.com>
* links,links-x11: Upgrade to 3.20Khem Raj45 hours4-2/+35
| | | | | | Fix build with glibc 2.43+ Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libfaketime: Upgrade to 0.9.11Khem Raj45 hours3-50/+40
| | | | | | | | | | | | | | Fix build with glibc 2.43+ Changes: Fixed various cross-platform compile-time issues Honor nanosecond parameters/fields in relevant system calls Limited improvements to enhance compatibility with other LD_PRELOAD libraries Added selected more intercepted system calls Unset FAKETIME_SHARED automatically for child processes when enabling FAKETIME_FLSHM=1 Disable shared memory for child processes through FAKETIME_DISABLE_SHM=1 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: update for wrynose release seriesKhem Raj46 hours1-1/+1
| | | | | | Drop walnascar from supported release series Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libgpiod: fix gpio-tools tests failure with new coreutilsBartosz Golaszewski46 hours2-1/+87
| | | | | | | | | | | | | openembedded-core updated to coreutils v9.10 in which commit 8c2461933411 ("timeout: honor ignored signal dispositions") changed the behavior of timeout. It will no longer propagate SIGINT to background shell jobs which breaks test-cases for gpio-tools which verify that they exit correctly after receiving SIGINT. This backports the patch sent upstream that removed the offending test-cases as we already have a similar set of tests for SIGTERM. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* dlt-daemon: upgrade 2.18.10 to 3.0.0Changqing Li46 hours10-260/+1088
| | | | | | | | | | | | | | | | | | | | | Changes: https://github.com/COVESA/dlt-daemon/releases Remove patches already in 3.0.0: 544.patch 567.patch 0001-CMakeLists-txt-make-DLT_WatchdogSec-can-be-set-by-user.patch 0003-allow-build-with-cmake-4.patch Add patches to fix build failures 0001-Fix-compile-failure-related-to-gzlog.patch 0001-Fix-kinds-of-build-failure.patch 0001-Fix-build-failures.patch 0001-fix-build-failure-when-systemd-is-enabled.patch 0001-Fix-build-failure-with-glibc-2.43.patch Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* android-tools-conf-configfs: make USB gadget IDs configurableViswanath Kraleti46 hours1-3/+6
| | | | | | | | | | | | | | The android-gadget-setup script currently hardcodes the USB vendor ID, product ID, and configuration string. This makes it difficult for BSP layers to customize USB gadget identity with platform specific values. Introduce variables for the vendor ID, product ID, and configuration string when populating the configfs attributes. This allows machine or distro specific overrides via `/etc/android-gadget-setup.machine`, while preserving the existing default values. Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fd-find: update 10.3.0 -> 10.4.2Deepesh Varatharajan46 hours3-161/+199
| | | | | | | | Changes are here: https://github.com/sharkdp/fd/compare/v10.3.0...v10.4.2 Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* unixodbc: mark CVE-2024-1013 patchedGyorgy Sarvari46 hours1-0/+2
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-1013 The vulnerability has been patched since 2.3.13[1], however NVD tracks it without version info. Due to this, mark it patched explicitly. [1]: https://github.com/lurcher/unixODBC/commit/249bfcc511e89431b910ce2c62ae0b62bb9cc214 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* exiv2: mark CVE-2026-27631 patchedGyorgy Sarvari46 hours1-0/+2
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631 Though NVD indicates that 0.28.8 is still vulnerable, that does not seem to be the case: the fix that is referenced by the advisory has been backported[1] to this verison. Due to this, mark this CVE as patched. [1]: https://github.com/Exiv2/exiv2/commit/21d129c842212c198dd887dbaafc5ce734e9dfad Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libsodium: mark CVE-2025-69277 patchedGyorgy Sarvari46 hours1-0/+2
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69277 The vulnerability has been fixed[1] since version 1.0.20, but NVD tracks it without version info. Mark it patched explicitly. [1]: https://github.com/jedisct1/libsodium/commit/f2da4cd8cb26599a0285a6ab0c02948e361a674a Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libwebsockets: upgrade 4.5.2 -> 4.5.7Peter Marko46 hours1-1/+1
| | | | | | | Update to latest v4.5-stable patch level. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freerdp3: upgrade 3.23.0 -> 3.24.0Gyorgy Sarvari46 hours1-1/+3
| | | | | | | | | | | | | | | | | | Contains many bugfixes and CVE fixes: https://github.com/FreeRDP/FreeRDP/releases/tag/3.24.0 Added build option to use internal rc4 and md4 ciphers: this is due to a recent change in oe-core. OpenSSL's legacy ciphers (like RC4 and MD4) are now disabled by default (with 'legacy' PACKAGECONFIG), however FreeRDP3 relies on them. To ensure that the required ciphers are available, build the recipe with this ciphers' internal implementations instead of expecting OpenSSL to support them. Ptests passed successfully. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* imagemagick: upgrade 7.1.2-16 -> 7.1.2-17Gyorgy Sarvari46 hours1-1/+1
| | | | | | | | Contains bugfixes and a couple of CVE fixes: https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* glibmm-2.68: upgrade 2.80.0 to 2.86.0Changqing Li46 hours1-3/+3
| | | | | | | | | | | | License-Update: Remove obsolete FSF address NEWS: https://gitlab.gnome.org/GNOME/glibmm/-/blob/2.86.0/NEWS [1] https://github.com/GNOME/glibmm/commit/727b086bc5bc29fbbfb3fb90198499364cc65dac Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opengl-es-cts: upgrade 3.2.13.0 -> 3.2.14.0Dmitry Baryshkov46 hours2-9/+9
| | | | | | | | Upgrade OpenGL ES CTS to the last release, mostly bringing up fixes for the existing tests. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* vulkan-cts: upgrade 1.4.5.1 -> 1.4.5.2Dmitry Baryshkov46 hours2-2/+2
| | | | | | | Upgrade Vulkan CTS, fixing several small issues in the tests. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* redis 8: Update licenceDaniel McGregor46 hours2-1/+164
| | | | | | | | | | Redis 8.0 and later are tri-licensed, the licence options are: * Redis Source Available License v2 * Server Side Public License v1.0 * GNU Affero GPL v3.0 Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libfido2-initial: new recipeDan McGregor46 hours1-0/+40
| | | | | | | | | | | | | | | | | Use this recipe to break a circular dependency between libfido2 and systemd when systemd's fido PACKAGECONFIG is enabled. systemd depends on libfido2, and libfido2 depends on udev provided by systemd. However, systemd only depends on the headers provided by libfido2 and its pkgconf data. systemd uses only the datatypes provided, and opportunistically enables fido support if libfido2 is found. This recipe provides only the headers and pkgconf data. This is sufficient to allow systemd to build support for libfido2. It only works with a related change I've submitted to openembedded core. Signed-off-by: Dan McGregor <danmcgr@protonmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bpftrace: Update the runtime dependenciesPeter Kjellerstedt46 hours1-6/+5
| | | | | | | | * bash and python3 are only needed by the ptest package. * xz appears to not be needed at all. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* perfetto: Don't copy gn native binaryWilli Ye46 hours1-10/+1
| | | | | | | | | | | | | | | With the current recipe I am getting ``` gn: error while loading shared libraries: libc++abi.so.1: cannot open shared object file: No such file or directory ``` on my aarch64 machine This is due to gn having a relative library runpath causing the interpreter not finding the shared libraries Instead of copying the binary just directly execute it Additionally remove the unnecessary download of the prebuilt gn binary Signed-off-by: Willi Ye <zye2@snap.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* refpolicy-targeted: Added sepolicy for adb serviceGargi Misra46 hours2-0/+81
| | | | | | | | | | - Labeled adb binary - Moved adb shell from initrc_t to unconfined_t - meta-selinux does not provide adb domain added policy in meta-oe instead of refpolicy: SELinuxProject/refpolicy#1085 Signed-off-by: Gargi Misra <gmisra@qti.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libsodium: upgrade 1.0.20 -> 1.0.21Andrej Kozemcak46 hours3-65/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | License-Update: copyright years refreshed Removed patch included in this release Add path to fix compilation with gcc on aarch64 Changelog: https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE Changes: Version 1.0.21 - security fix for the crypto_core_ed25519_is_valid_point() function - new crypto_ipcrypt_* functions - sodium_bin2ip and sodium_ip2bin helper functions - XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions Version 1.0.20-stable - XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues - The Fil-C compiler is supported out of the box - The CompCert compiler is supported out of the box - MSVC 2026 (Visual Studio 2026) is now supported - Zig builds now support FreeBSD targets - Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers - Android binaries have been added to the NuGet package - Windows ARM binaries have been added to the NuGet package - The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes. - The library can now be compiled with Zig 0.15 and Zig 0.16 - Zig builds now generate position-independent static libraries by default on targets that support PIC - arm64e builds have been added to the XCFramework packages - XCFramework packages are now full builds instead of minimal builds - MSVC builds have been enabled for ARM64 - iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script - Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options. - Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup - ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero - A cross-compilation issue with old clang versions has been fixed - JavaScript: support for Cloudflare Workers has been added - JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes - A compilation issue with old toolchains on Solaris has been fixed - crypto_aead_aes256gcm_is_available is exported to JavaScript - libsodium is now compatible with Emscripten 4.x - Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete - Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation. Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* luajit: Update to latest on v2.1 branchChangqing Li46 hours1-1/+0
| | | | | | | License-Update: copyright year updated Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* atkmm: upgrade 2.28.2 to 2.28.4Changqing Li46 hours1-1/+1
| | | | | | | | NEWS: https://gitlab.gnome.org/GNOME/atkmm/-/blob/atkmm-2-28/NEWS Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* glibmm: upgrade 2.66.7 to 2.66.8Changqing Li46 hours1-1/+1
| | | | | | | | NEWS: https://gitlab.gnome.org/GNOME/glibmm/-/blob/2.66.8/NEWS Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* capnproto: upgrade 1.0.2 -> 1.4.0Gyorgy Sarvari46 hours1-2/+5
| | | | | | | | | | | | | Contains fix for CVE-2026-32239 and CVE-2026-32240 Also, mark these CVEs explicitly patched, because NVD tracks them without version info at this time. Shortlog: https://github.com/capnproto/capnproto/compare/v1.0.2...v1.4.0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hstr: upgrade 3.1.0 to 3.2.0Changqing Li46 hours1-2/+2
| | | | | | | | Full Changelog: https://github.com/dvorka/hstr/compare/3.1...v3.2 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* librust-cxx: Add librust-cxx recipeDeepesh Varatharajan46 hours2-0/+166
| | | | | | | | | | | | | | | Add a recipe for the cxx crate, which provides a safe and efficient bridge for interoperability between Rust and C++ code. It allows defining the FFI boundary in a shared Rust module and generates compatible bindings for both languages during the build process. The crate is implemented in Rust and supports zero-overhead FFI with common Rust and C++ standard library types. More information: https://crates.io/crates/cxx Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* libnice: make crypto library configurable via PACKAGECONFIGSujeet Nayak46 hours1-1/+4
| | | | | | | | | | Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting to gnutls. This allows users to select openssl as an alternative crypto library by setting PACKAGECONFIG. Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com> Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gd: Add patch to fix compiler error about missing constJörg Sommer46 hours2-0/+24
| | | | | | | | | | | | | | | Gcc complains about: | ../../sources/gd-2.3.3/src/gd_filename.c: In function 'ftype': | ../../sources/gd-2.3.3/src/gd_filename.c:99:9: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] | 99 | ext = strrchr(filename, '.'); | | ^ | cc1: all warnings being treated as errors Even the newest git master commit does not fix this. Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-03-20 19:59:20 +0000