merge: Currency merge with upstream master branch#110
Draft
erickshepherdNI wants to merge 1246 commits into
Draft
merge: Currency merge with upstream master branch#110erickshepherdNI wants to merge 1246 commits into
erickshepherdNI wants to merge 1246 commits into
Conversation
Keep the knob disabled by default, as it will need c runtime to provide profiling runtime, which is not compiled into compiler-rt by default. So it ends up with build failures e.g. | aarch64-yoe-linux-ld.lld: error: cannot open /mnt/b/yoe/master/kas-build/tmp/work/cortexa72-yoe-linux/liboauth2/2.2.0/recipe-sysroot/usr/lib/clang/22.1.3/lib/aarch64-yoe-linux/libclang_rt.profile.a: No such file or directory | aarch64-yoe-linux-clang: error: linker command failed with exit code 1 (use -v to see invocation) Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
… type Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This brings fixes to build with clang-22 and C23 support Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23 compiler support, avoiding potential build failures as the package is not yet fully ported to support C23 standard. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23 compiler support, avoiding potential build failures as the package is not yet fully ported to support C23 standard. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Contains fix for CVE-2026-30656. Also mark this CVE as patched explicitly, as NVD tracks it without version info. Drop patches that are included in this release. Changelog: https://github.com/axboe/fio/releases/tag/fio-3.42 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> fio Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947 Backport the patch that is referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979 Backport the patch that is referenced by the NVD advisory.y Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-41254 Backport the patches referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Contains fix fox CVE-2026-29013 Shortlog: obgm/libcoap@v4.3.5a...v4.3.5b Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Drop patches that were merged in this release. Changelog: - --get-exif , --get-all-exif added - --reverse modifier option added for fileoperations commands - kill -USR2 can now stop --capture-movie - updated translations Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40333 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40334 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40335 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40336 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40338 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40339 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40340 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40341 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911 https://nvd.nist.gov/vuln/detail/CVE-2026-21413 Both CVEs are tracked with incorrect version info: NVD indicates that 0.22.1 is explicitly vulnerable, but the fixes are actually included in this release. Relevant commits: CVE-2026-20911: LibRaw/LibRaw@5357bb5 CVE-2026-21413: LibRaw/LibRaw@75ed2c1 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
SRC_URI[md5sum] has been deprecated and replace it with SRC_URI[sha256sum] for proper integrity verification. Signed-off-by: Haiqing Bai <haiqing.bai@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
- add patches to fix compilation
- add runtime dependency for python3-pycairo
Overview of Changes from GIMP 3.2.2 to GIMP 3.2.4
=================================================
Core:
- The "edit-fill-*" actions will now behave accordingly on specific
cases. E.g. it will skip layers which can't be filled (content-lock
layers and link layers) and it will fill the expected way
non-rasterized text and vector layers.
- Images opened through command lines are not considered stray images
anymore on exit when run without a GUI (scripts, etc.).
- We improved the support of the process temporary folder, so that we
can avoid clashes when several users run GIMP on a same computer.
Furthermore the temporary folder is now deleted at startup (unless
it is not empty, which it should be).
- XCF opened as layers will now always create new layers named as in
the source XCF, even if the source XCF had only a single layer.
- The "layers-resize" now only works on raster layers.
- The "Layers to Image Size" and "Resize Layer to Selection" actions
will only work on raster layers too.
Tool
- Text tool:
* When editing text, prioritize our global actions when a
shortcut matches, before sending the hit keys to the IME (Input
Method Engine). Otherwise some IME may consume our keys and block
custom shortcuts (e.g. Alt+key events are often used to trigger
special characters on macOS or Windows and may block core
actions).
* Prevent font size jumping to 0 when using shortcuts on selected
text.
- Selection tools: when moving a floating layer or selection,
temporarily disable the marching ants outline. Among other reasons,
it improves performance.
- Select by Color tool: optimized processing when working in Intersect
mode.
- Crop tool: non-raster layers are not rasterized anymore.
- Text tool: on-canvas GUI is now properly positioned when rotating
the canvas.
Plug-Ins:
- Improve import of: APNG, PAA, PNG, DDS, PSP, PNM, PSD, JIF, PVR
texture, TIM, XWD, SFW, ORA.
- Improved PDF export.
- file-compressor: improved error messaging.
- New Windows WIA scanner plug-in, replacing the now deprecated TWAIN
scanner plug-in (which is not shipped in our Windows packages
anymore as it depends on dropped 32-bit Windows platform).
- Script-Fu: several deprecated functions now cleaned out from
scripts.
- Filmstrip: the created image will now have the dirty flag set.
API:
- libgimp/PDB:
* libgimp/PDB functions gimp_context_set_line_width_unit() and
gimp_vector_layer_set_stroke_width_unit() now accept pixel as input unit.
* Improved error handling in gimp_temp_file().
* New function: gimp_resources_loaded()
- libgimp:
* A function gimp_env_exit() was added, but same as gimp_env_init(),
it is not declared in public headers and should never be used by
plug-ins. It is considered private.
* gimp_quit() function is deprecated.
- PDB:
* (gimp-quit) procedure (without libgimp wrapper) is deprecated.
Translations:
- New Lao translation.
Build:
- Many build warnings are being cleaned out.
- New jobs are being set up with -Werror progressively as we weed out
existing build warnings.
- The issue bot will now run and create reports when specific jobs
fail.
- New rules to generate Markdown versions of our man pages for the
website.
Overview of Changes from GIMP 3.2.0 to GIMP 3.2.2
=================================================
Core:
- We removed support for a separate folder for loading 32-bit binaries
on 64-bit Windows. This was being used for core plug-ins for the
TWAIN plug-in only.
- Various fixes related to the new non-destructive layer types, or to
non-destructive layer effects.
- More robust handling of Procreate and SwatchBooker palettes.
- Fix scaling paths when importing SVG as paths.
- We now support reading the documentation being installed in the user
config directory in the `help/` subdirectory.
- Histogram dialog: the unique color count feature now takes into
account any selection.
Graphical User Interface:
- Theme fixes.
- Various text fixed for better localization.
- Display the "Tab" shortcut for the "Hide Docks" action, even though
it is not a real global shortcut (it only works on the canvas).
- Metadata Rotation import dialog: you can now click the preview for
Original and Rotated images in the Metadata Rotation Import Dialog,
and have it open the image rotated as shown in the preview.
Plug-Ins:
- Tile: carry over the source image's profile to the newly created
image.
- Improve support of: FITS, TIM, PAA, ICNS, PVR, SFW, JIF, PSP, PSD
Translations:
- Serbian Cyrillic now has upstream support in InnoSetup (in their
"Unofficial" list still, which means it is less verified). Our
installer now has Serbian Cyrillic localization too.
Build:
- NM environment variable is now used in priority for the `nm` tool
used for the build. This check is stored from configure-time
environment.
- Windows x86 32-bit pipeline has now been decommissioned from our CI.
This implies that 32-bit builds won't be available anymore in our
Windows installer, just as was already the case on the Windows Store.
- Meson build:
* New boolean option -Dtwain-unmaintained: this puts our TWAIN
plug-in behind a disabled-by-default flag, because this plug-in
only made sense in 32-bit. The next step will be to replace it by
a WIA plug-in.
* Option -Dwin32-32bits-dll-folder removed.
- GIMP can now be built fully without patches on macOS. The in-house
macOS build is slowly moving to become our main CI for this OS and
for making the release DMGs.
- Snap: enable MIDI (Alsa) support.
- AppImage: enable "Send by email".
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Shortlog: monkey/monkey@v1.8.4...v1.8.7 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
These patches are about a number of CVEs files against the application: CVE-2025-63649, CVE-2025-63650, CVE-2025-63651, CVE-2025-63652, CVE-2025-63653, CVE-2025-63655, CVE-2025-63656, CVE-2025-63657 and CVE-2025-63658. These patches are taken from a pull request[1] that is referenced in the relevant bug report[2]. The patches don't target specific CVEs on separately, but they fix a number of CVEs altogether. Based on upstream analysis (in the linked issue) a number of these CVEs are duplicates of each other and/or not exploitable. The valid CVEs are fixed by these patches. I haven't added specific CVE info to the patches, one hand because of the above, it is hard to separate the patches by CVE, and secondarily because NVD tracks these CVEs with incorrect version info: NVD considers 1.8.6 fully fixed, even though the patches are only in the master branch, untagged at this time. After updating the recipe to 1.8.6+, the vulnerabilites will disappear from the CVE report due to this. [1]: monkey/monkey#434 [2]: monkey/monkey#426 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Minizip release v1.3.2 is missing required ints.h header that causes build failure on components using it: | ../../../../../recipe-sysroot/usr/include/minizip/ioapi.h:74:10: fatal error: ints.h: No such file or directory | 74 | #include "ints.h" | | ^~~~~~~~ Backport fix from madler/zlib@cb14dc9 Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog: ============ - Fix :class:'~validators.Disabled' validation with provided formdata. - End support for Python 3.9, start support for Python 3.14. - Add Tamil and Serbian translations. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog: ============ - Fix off-by-one bug in SCgiTask::event_read - Don't use std::scoped_lock in CurlStack as it doesn't support unlocking just one mutex - Don't throw when DhtSearch is not found in DhtServer Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog: ============ (CVE-2026-23479) Use-After-Free in unblock client flow (CVE-2026-25243) Invalid Memory Access in RESTORE command (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog: ============= - Fix build with SWIG 4.4. - Fix build in the event some parts of Boost are installed but Boost.Locale is not. - Make GetClient() work in the OnClientGetSASLMechanisms module callback. - Stop accidentally requiring new perl 5.35.1, regression from 1.10.0. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Changelog: https://github.com/webmin/webmin/releases/tag/2.641 Changelog: https://github.com/webmin/webmin/releases/tag/2.640 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Add a systemd PACKAGECONFIG option to install nftables systemd unit files. When "systemd" is present in DISTRO_FEATURES, the option is enabled and the service is installed but disabled by default. Signed-off-by: Piotr Wejman <piotr.wejman@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
PKCS11 Provider did not build on 32 bit systems. Fixed Upstream with openssl-projects/pkcs11-provider#689 Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
When jsoncpp is built with C++17, 1.9.7 drops several legacy overloads that C++11 consumers can still link against. Backport the upstream fix to restore compatibility. Fixes errors such as: | undefined reference to `Json::Value::operator[](char const*)' Patch can be dropped when we move to 1.9.8. Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
With this upgrade, nodejs updated the llhttp dependency to version 9.3.1 So some of the patches are nolonger necessary. Changelog: https://github.com/nodejs/node/releases/tag/v22.22.3 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
4.21.1 (2026-03-29) ====== - Rename bookmarks to favorites - Avoid crash when resetting items frecency - Add Name field and column to Custom Actions tab - Add merge request template - build: Fix typo in optimization level - search: Only fuzzy search by app name and command - fuzzy search: Optimize - Correctly load symbolic icons - Add option to clear frecency history (ni#102) - Add css class for easier theming (ni#107) - Make item description slightly transparent (ni#99) - README.md: Add uninstall info - Update README after switchover to meson - Remove autotools build - Translation Updates: Albanian, Amharic, Arabic, Armenian (Armenia), Asturian, Basque, Belarusian, Bulgarian, Catalan, Chinese (China), Chinese (Hong Kong), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, Eastern Armenian, English (Australia), English (Canada), English (United Kingdom), Estonian, Finnish, French, Galician, Georgian, German, Greek, Hebrew, Hindi, Hungarian, Icelandic, Indonesian, Interlingue, Italian, Japanese, Kazakh, Korean, Lithuanian, Malay, Norwegian Bokmål, Norwegian Nynorsk, Occitan (post 1500), Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Tatar, Thai, Turkish, Ukrainian, Uyghur, Vietnamese Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* Refresh patch to mute patch-fuzz
* Remove 0001-makedefs-Account-for-linux-7.x-version.patch
* This upgrade include the following commit, which make postfix can
compile on latest stable ubuntu 26.04, which have Linux 7.x kernel
Postfix works on Linux 7.x kernels. Frank Scheiner. Files:
makedefs, util/sys_defs.h.
Changes:
https://www.ftp.saix.net/MTA/postfix/official/postfix-3.11.2.HISTORY
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
We have replaced p7zip more than 2 years, do not make 7zip provide p7zip any more, then CVE scan on p7zip would be skipped Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Doing wifi without the regulatory database is not good, so add a runtime dependency to iwd to ensure that it gets pulled into the image for the kernel drivers to use. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This was previously in oe-core but is being removed as it is no longer used by anything in that layer. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This was previously in oe-core but is being removed as it is no longer used by anything in that layer. Some changes were made in the process of moving the recipe to meta-oe: - Inherit gnomebase, as this is a GNOME package - Download the release tarball instead of a git clone - Set the correct license, this is -or-later not -only. Add handy.h to the license checksum to provide verification. The final output is identical to the recipe in oe-core. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Remove obsolete libdazzle and geocode-glib dependencies, these have been removed upstream. Change the DISTRO_FEATURES check so that opengl is required and any of the GTK3DISTROFEATURES (x11 wayland) are present, as GTK 4 needs opengl and supports either x11 or wayland. Drop the sed on the generated enums, the generated files have relative paths in now. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This was removed when file-roller was ported to GTK 4. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
libhandy was removed when g-s-m ported to GTK 4. gnome-common is not required now that g-s-m uses Meson not autoconf. polkit was removed in g-s-m 3.36 (March 2020). Update the DISTRO_FEATURES check, polkit isn't required but opengl is via GTK 4. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
libhandy was removed when g-s-m ported to GTK 4. Update the DISTRO_FEATURES checks to use GTK3DISTROFEATURES. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
merge: Currency merge with upstream master branch
No conflicts
AB#3738531
Testing