<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-gnome, branch yocto-4.0.29</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.29</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.29'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-07-18T15:32:26+00:00</updated>
<entry>
<title>gdk-pixbuf: fix CVE-2025-7345</title>
<updated>2025-07-18T15:32:26+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2025-07-14T12:18:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=de4b007ac0b3d3680e101f80f978e1040d51def3'/>
<id>urn:sha1:de4b007ac0b3d3680e101f80f978e1040d51def3</id>
<content type='text'>
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function
(io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing
maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding,
allowing out-of-bounds reads from heap memory, potentially causing application crashes or
arbitrary code execution.

(From OE-Core rev: 1803f965e4990be3fbdcd52544f0080e9c83800d)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>gcr: Fix LICENSE</title>
<updated>2024-09-16T13:09:56+00:00</updated>
<author>
<name>Niko Mauno</name>
<email>niko.mauno@vaisala.com</email>
</author>
<published>2024-09-06T15:17:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d720e4667fb0aff4b79e5d1fe05915be57c5e972'/>
<id>urn:sha1:d720e4667fb0aff4b79e5d1fe05915be57c5e972</id>
<content type='text'>
The contents of the COPYING file included in the current source code
package match those of LGPL-2.0 license, which seems to have been the
case since 2011 commit
https://gitlab.gnome.org/GNOME/gcr/-/commit/c6691faa0348ab087e99ab9bd9914e1d5e81fa14

(From OE-Core rev: f3ae58b741e4e6e3a5196ff75fcc4da6ee89d0b9)

(From OE-Core rev: 2db7a2538f7cbc54cbe6614a84ffc17bb422a4a8)

Signed-off-by: Niko Mauno &lt;niko.mauno@vaisala.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>gtk+3 : backport fix for CVE-2024-6655</title>
<updated>2024-08-08T16:03:45+00:00</updated>
<author>
<name>Ashish Sharma</name>
<email>asharma@mvista.com</email>
</author>
<published>2024-07-31T04:39:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ae4a66db4bd23f3b6ee71ff27986a6a3d2b84f66'/>
<id>urn:sha1:ae4a66db4bd23f3b6ee71ff27986a6a3d2b84f66</id>
<content type='text'>
stop looking for modules in cwd in gtk/gtkmodules.c.

Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/gtk+3.0/3.24.33-1ubuntu2.2]

(From OE-Core rev: 37b9eb01dc6342bc0308c9c970e3c379c83b706f)

Signed-off-by: Ashish Sharma &lt;asharma@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>gobject-introspection: Do not hardcode objdump name</title>
<updated>2024-06-26T12:04:39+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-06-11T14:01:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=af50c9154cd6cd9b94a98ed8231aab598bbb97d4'/>
<id>urn:sha1:af50c9154cd6cd9b94a98ed8231aab598bbb97d4</id>
<content type='text'>
Use OBJDUMP variable in the script, this helps in using the lddwrapper
with recipes which maybe using different objdump tools e.g.l
llvm-objdump or vice-versa

(From OE-Core rev: bbbb515f7df240b8679567cd3e04d6b4ccc65f6d)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit c04b3e0e371859c159b76bff87a5b1299b51d0c8)
Signed-off-by: Daiane Angolini &lt;daiane.angolini@foundries.io&gt;
Signed-off-by: Jose Quaresma &lt;jose.quaresma@foundries.io&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>librsvg: Fix do_package_qa error for librsvg</title>
<updated>2024-03-13T17:36:51+00:00</updated>
<author>
<name>Nikhil R</name>
<email>nikhilar2410@gmail.com</email>
</author>
<published>2024-03-08T05:02:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d9dd05b088218f22d995e596a792ebbd6775cb3d'/>
<id>urn:sha1:d9dd05b088218f22d995e596a792ebbd6775cb3d</id>
<content type='text'>
When using meta-rust layer for rust below
do_package_qa error in librsvg is observed

Fix the below error:
ERROR: librsvg-2.52.10-r0 do_package_qa: QA Issue: File /usr/bin/rsvg-convert in package rsvg doesn't have GNU_HASH (didn't pass LDFLAGS?) File /usr/bin/rsvg-convert in package rsvg doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags] ERROR: librsvg-2.52.10-r0 do_package_qa: Fatal QA errors were found, failing task.

(From OE-Core rev: 8829495c716d48bae47b5f738abb3c85ad3f21b1)

Signed-off-by: Nikhil R &lt;nikhil.r@kpit.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>librsvg: 2.52.7 -&gt; 2.52.10</title>
<updated>2023-08-26T14:24:02+00:00</updated>
<author>
<name>Chee Yang Lee</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2023-08-17T09:03:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9a4f730528f264bc5ddb1453299e458a2025c8a2'/>
<id>urn:sha1:9a4f730528f264bc5ddb1453299e458a2025c8a2</id>
<content type='text'>
upgrade include fix for CVE-2023-38633

(From OE-Core rev: 2ac80e25d85a4dba62813e28525a00f13922fd4b)

Signed-off-by: Chee Yang Lee &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>epiphany: Security fix for CVE-2023-26081</title>
<updated>2023-03-20T17:20:44+00:00</updated>
<author>
<name>Siddharth Doshi</name>
<email>sdoshi@mvista.com</email>
</author>
<published>2023-03-06T17:36:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=871137b98608ded9a249ce8e481d9dd8dc2d26f7'/>
<id>urn:sha1:871137b98608ded9a249ce8e481d9dd8dc2d26f7</id>
<content type='text'>
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
(From OE-Core rev: d5390008c3747073e4dfcc120b335d14dd0a08c9)

Signed-off-by: Siddharth Doshi &lt;sdoshi@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>gdk-pixbuf: do not use tools from gdk-pixbuf-native when building tests</title>
<updated>2023-02-15T21:46:56+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2023-01-26T20:27:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=60933752c05ade634354e01ff2e58bc81017dd56'/>
<id>urn:sha1:60933752c05ade634354e01ff2e58bc81017dd56</id>
<content type='text'>
The patch that allows to do so has not been accepted upstream, and wasn't correctly
working as it was running a native executable (gdk-pixbuf-query-loaders) with target .so plugins.

On the other hand, out of 20+ (currently 23) tests only three require
running binaries at build time to produce special test-specific input data:

cve-2015-4491
pixbuf-pixdata
pixbuf-resource

So let's simply omit these from the build: this can be done with a far
less invasive patch which has a chance of being accepted upstream.

gdk-pixbuf-print-mime-types is no longer installed
(the replaced patch was doing that).

(From OE-Core rev: d54e9eaff911fe834e3290a40924c7b3ca066216)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
(cherry picked from commit 0d926508e75095eb446699b612729d0243eacc91)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>gdk-pixbuf: upgrade 2.42.9 -&gt; 2.42.10</title>
<updated>2022-12-01T19:35:05+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2022-11-07T14:54:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5fc715e89efc5a497f8fbfbe3da6c7bd4503f119'/>
<id>urn:sha1:5fc715e89efc5a497f8fbfbe3da6c7bd4503f119</id>
<content type='text'>
2.42.10 (stable)
===

- Search for rst2man.py [!145, Matt Turner]
- Update the memory size limit for JPEG images [#216, #218]
- Translation updates

(From OE-Core rev: 58629c6c42f018b9faa200c39e819c2db38fd935)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
(cherry picked from commit 01e1828f8e5bcb0ad88b89fe783c2973480695bb)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>gcr: Define _GNU_SOURCE</title>
<updated>2022-09-03T12:09:49+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2022-08-24T06:34:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9ccb0bd0d5f57a30042374f5bd1591d89eeeea68'/>
<id>urn:sha1:9ccb0bd0d5f57a30042374f5bd1591d89eeeea68</id>
<content type='text'>
This ensures that definitions of functions e.g. getpass() are correctly
sourced from system headers, since it depends on feature test macros

(From OE-Core rev: 2363d69d687fc8e53a7c97bf5300e59c9a04f22e)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Luca Ceresoli &lt;luca.ceresoli@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 0d117e5d17c491e1d26aefb4b919410b07fd5347)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
