This upgrade contains fixes for CVE-2025-48174 and CVE-2025-48175.
Changelog: https://github.com/AOMediaCodec/libavif/blob/v1.3.0/CHANGELOG.md
Libyuv support is currently disabled, because its dependency (libyuv) is not provided
by neither oe-core nor meta-oe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upgrade contains fixes for the following vulenrabilities:
CVE-2025-8835, CVE-2025-8836, CVE-2025-8837
Changelog:
4.2.8:
Fixed a bug in the JPC decoder that could cause bad memory accesses
if the debug level is set sufficiently high.
4.2.7:
Added some missing range checking on several coding parameters in the
JPC encoder.
4.2.6:
Added a check for a missing color component in the jas_image_chclrspc
function.
Fixed a minor build problem related to the use of -Wstrict-prototypes
with Clang.
4.2.5:
Made a change to a configuration header file in order to avoid
undesirable compiler warnings when JasPer is used in C++ code
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs are for iperf3 - which is a similar application in its goals (and name),
but an independent project from this, and the projects are independent implementations
also, they share no common code.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This release contains fixes for the following vulnerabilities:
CVE-2025-53014, CVE-2025-53015, CVE-2025-53019, CVE-2025-53101,
CVE-2025-55004, CVE-2025-55005, CVE-2025-55154, CVE-2025-55160,
CVE-2025-55212, CVE-2025-55298, CVE-2025-57803, CVE-2025-57807
Also remove jp2 PACKAGECONFIG: it was superseded by openjpeg
PACKAGECONFIG, which also provides jpeg 2000 support.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It's an optional dependency for pandas to provide ODS reader
and writer support. It complements spreadsheet support along
with python3-xlrd and python3-openpyxl, both of which are
part of meta-python already.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.25:
- Bump minimum Python version to 3.11
- Upgrade code to Python 3.11
- Move to pixi/uv/ruff
- Refactor compat to make it easier to test
- Implemented several pixi environment and tasks to simplify
development
- Add docs to the functions in pint.testing
- Fix round function returning float instead of int
- Fix return type of PlainQuantity.to
- Update constants to CODATA 2022 recommended values
- Fixed issue with .to_compact and Magnitudes with uncertainties
/ Quantities with units
- Fixed issue in unit conversion which led to loss of precision
when using decimal
- Add conductivity dimension
- Add absorbance unit and dimension
- Add membrane filtration flux and permeability dimensionality,
and shorthand "LMH"
- Fix find_shortest_path to use breadth first search
- Fix typo in pyproject.toml: rename AS_MIP to HAS_MIP so that
MIP support is correctly detected
- Fix handling of extra arguments in conversion with enabled
contexts
- Fix swapped left and right arguments in interp
- Fix formatted scientific notation bug in Python 3.13
- Fix ability to add dB units, and to add dB (dimensionless) to
referenced dB units, such as dBm or dBW
- Improve pressure unit definitions in default definition file
- Avoid and document known issues with MIP during install, testing
and runtime
- Fix issue with Dask by restricting its version to < 2025.3.0
- Skip false xfail tests linked to a known numpy issue
- Improve Contributing documentation
- Add Quantity.to_unprefixed` and `ito_unprefixed methods that
remove SI prefixes without converting to base units
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.3.92:
- Implement servo.inertia_feedforward for calculating a feedforward
term based on the control acceleration
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.8.0:
- Drop tomli in pyproject.toml
- Add scene status (active + last_recall) fields
- Update various models
- Add a few missing models to complete MotionAware
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.21.0:
- The reusable-cibuildwheel.yml workflow has been refactored to be
more generic and ci-cd.yml now holds all the configuration toggles
- When building wheels, the source distribution is now passed
directly to the cibuildwheel invocation
- Added CI for Python 3.14
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe to build a small OpenCL benchmark program to measure peak
GPU/CPU performance.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade includes fixes for CVE-2025-26623, CVE-2025-54080
and CVE-2025-55304.
Changelog:
https://github.com/Exiv2/exiv2/blob/v0.28.7/doc/ChangeLog
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vulnerability only affects MacOS: https://nvd.nist.gov/vuln/detail/CVE-2025-8672
While touching it, also remove an outdated CVE_STATUS, which has been reported against
a very old version of the application.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added a new patch to avoid unexporting some environment variables that are set
by the recipe explicitly, to avoid the following build error:
| Loading env...
| 'bootstrap-emacs' -batch --no-site-file --no-site-lisp -batch -l ja-dic-cnv \
| -f batch-skkdic-convert -dir "../../sources/emacs-29.2/leim/../lisp/leim/ja-dic" --no-reduction "../../sources/emacs-29.2/leim/SKK-DIC/SKK-JISYO.L"
<...>
| Error: <RECIP_SYSROOT_NATIVE>/usr/share/emacs/29.2/etc/charsets: No such file or directory
Changelogs:
29.2 - 29.4: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.29
30.1 - 30.2: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS.30
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This update contains a fix for CVE-2025-55763.
License-Update: copyright year bump to 2025.
Shortlog since last update:
5864b55a94...b6ef58f4c4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Due to the recipes listed in OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES has
supported reproducibility, update OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES
to latest
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The type of new_value is either `npy_timedelta' or `int64_t'
In build/pandas/_libs/tslibs/timedeltas.cpython-313-x86_64-linux-gnu.so.p/pandas/_libs/tslibs/timedeltas.pyx.c
..
npy_timedelta __pyx_v_new_value;
...
In build/pandas/_libs/tslibs/timedeltas.cpython-313-x86_64-linux-gnu.so.p/pandas/_libs/tslibs/timedeltas.pyx.c
...
__pyx_t_5numpy_int64_t __pyx_v_new_value;
...
Explicitly define it as int64_t to assure the generated source is
reproducibility between builds
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Implement the SOURCE_DATE_EPOCH specification[1] for reproducible
builds. If SOURCE_DATE_EPOCH is set, use it as timestamp instead of the
current time.
[1] https://reproducible-builds.org/specs/source-date-epoch/
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to make the generated library be reproducible, build wheel
in source dir other than tmp dir (/tmp/xxxxxx), then yocto toolchain's
option -fdebug-prefix-map could work as expected
Note: To support reproducible, it also requires oe-core commit [1] to be merged
[1] https://git.openembedded.org/openembedded-core/commit/?id=61d98d12eca1c7bdf3b7387a820c83d3b8fad965
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to make the generated library be reproducible, build wheel
in source dir other than tmp dir (/tmp/xxxxxx), then yocto toolchain's
option -fdebug-prefix-map could work as expected
Note: To support reproducible, it also requires oe-core commit [1] to be merged
[1] https://git.openembedded.org/openembedded-core/commit/?id=61d98d12eca1c7bdf3b7387a820c83d3b8fad965
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In order to make the generated library be reproducible, build wheel
in source dir other than tmp dir (/tmp/xxxxxx), then yocto toolchain's
option -fdebug-prefix-map could work as expected
Note: To support reproducibility, it also requires oe-core commit [1] to be merged
[1] https://git.openembedded.org/openembedded-core/commit/?id=61d98d12eca1c7bdf3b7387a820c83d3b8fad965
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
meson's rtti detection logic fails especially with
clang which disables rtti by default. The test is
triggerred in one of taisei's submodules especially
this commit [1], I think it should be something in
meson to fix in its rtti detection logic
Similarily LTO is only enabled when it is in distro
features, clang disables support for LTO in toolchain
when its not in distro features and linking fails since
it can not find linker plugin.
[1] 851bfc63fd
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Stable release with fixes
Fixed the macOS build crashing on startup.
Fixed audio distortion when the audio device uses a sample rate other than 48 kHz.
Fixed the internal mixer_chunksize setting being ignored. This resulted in a larger audio buffer than intended, increasing latency.
Fixed some minor SDL3 migration issues, particularly in handling of IO errors.
Fixed mimalloc being built incorrectly as a subproject.
Debugging symbols for the official builds are now available as a separate download.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Prebuilts shipped with sources is a x86_64 binary which works ok
on x86_64 build hosts, but we do have arm64 hosts quite commonly
used to build OE these days, where this fails miserably. Therefore
use the gn from gn-native, so we can get it targtted correctly for
build host architecture.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Ross Burton <ross.burton@arm.com>
In some cases (most notably when running mysqldump),
the server crashes in the my_convert() function, in
a code protected by
#if defined(__i386__) || defined(__x86_64__)
...
#endif
The crash does not happen with the generic code.
Remove the x86[-64] specific optimization.
This change was endorsed in
https://jira.mariadb.org/browse/MDEV-37786
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
