Changelog:
==========
- build fix with newer compilers
- builds again on Solaris
- some code cleanup, which prevented build with newer compilers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog:
https://github.com/flatpak/flatpak/releases/tag/1.17.2
2. Update 0001-flatpak-pc-add-pc_sysrootdir.patch for 1.17.2
3. Remove http_backend related options as it was removed in 1.17.2
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-src-config.h-Enable-HAVE_ARM_NEON-on-AArch64.patch
removed since it's included in 9.0.1
Changelog:
===========
- Authenticate slot migration client on source node to internal user
- Bug fix: reset io_last_written on c->buf resize to prevent stale pointers
- Sentinel: fix regression requiring "+failover" ACL in failover path
- Cluster: Avoid usage of light weight messages to nodes with not ready bidirectional links
- Send duplicate multi meet packet only for node which supports it in mixed clusters
- Fix: LTRIM should not call signalModifiedKey when no elements are removed
- Fix build on some 32-bit ARM by only using NEON on AArch64
- Fix deadlock in IO-thread shutdown during panic
- Fix COMMANDLOG large-reply when using reply copy avoidance
- Fix CLUSTER SLOTS crash when called from module timer callback
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...
The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ripgrep is a fast, line-oriented search tool written in Rust.
Add recipe for the latest release (15.1.0)
- Recursively searches the current directory using a regex pattern
- Respects .gitignore rules
- Provides first-class support on Linux
- 'rg' is significantly faster than grep
More information: https://crates.io/crates/ripgrep
Upstream Benchmarks:
Task ripgrep GNU grep Speedup vs grep
Basic search (Unicode) 536 lines, 0.082s 536 lines, 0.273s ripgrep ~3.3× faster
Ignoring gitignore files 447 lines, 0.063s 447 lines, 0.674s ripgrep ~10× faster
Large single file (~13GB) 7882 lines, 1.042s 7882 lines, 6.577s ripgrep ~6.3× faster
Bechmarks inside qemu (ripgrep built from this recipe):
Tool & Command Real Time User Time Sys Time Speedup vs grep
ripgrep (rg "printf" /usr) 0.496 s 0.511 s 0.604 s 3.1× faster
grep (grep -R "printf" /usr) 1.533 s 0.633 s 0.897 s —
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fd is a simple, fast and user-friendly alternative to 'find' written in rust.
Add recipe for the latest release (10.3.0)
- Ignores hidden and .gitignore files by default
- Supports regular expressions and highlights matches
- Faster and easier to use than traditional 'find'
More information: https://crates.io/crates/fd-find
Upstream Benchmarks:
Tool & Command Time (mean ± σ) Range (min … max) Speedup vs find
fd -u '[0-9]\.jpg$' ~ 854.8 ms ± 10.0 ms 839.2 ms … 868.9 ms ~13x faster
find ~ -iname '*[0-9].jpg' 11.226 s ± 0.104 s 11.119 s … 11.466 s —
Bechmarks inside qemu (fd built from this recipe):
Tool & Command Real Time User Time Sys Time Speedup vs find
fd (fd /path/to/search) 2.115 s 2.660 s 5.083 s ≈2.1× faster
find (find /path/to/search) 4.401 s 1.607 s 2.788 s —
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change log
==========
Version 2.0.8, 2025-12-04
- fix potential segfault on some platforms
Thanks to Julian Thomas for a fix
- fix memory leak when a custom type in rules does not match
Thanks to Meric Sentunali for the fix and Julian Thomas for alerting
me of the missing merge.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Refine the CVE_STATUS description for CVE-2022-0543 to provide
a more precise explanation of this Debian-specific vulnerability.
The vulnerability originates from Debian's packaging methodology,
which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack),
enabling Lua sandbox escape. Upstream Redis builds, including
those built by Yocto/OpenEmbedded, utilize embedded Lua from the
deps/ directory and are therefore not affected by this issue.
It is also fixed in Debian with this commit:
c7fd665150
References:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://nvd.nist.gov/vuln/detail/CVE-2022-0543
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Colortails is like the tail command line utility but with colors.
Add recipe for the latest release 0.3.5:
- Print error messages to stderr
- Fix memory leaks and Valgrind warnings
- Improve detection of file truncation due to log rotation
- Fix ./autogen.sh on macOS
- Avoid emitting excessive color sequences
- Output ansi reset code when the program is interrupted
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
With https://github.com/fluent/fluent-bit/pull/9572 it is now possible
to unbundle these and use the system libs instead.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This upgrade is mostly bug fixes according to:
https://github.com/rsyslog/librelp/blob/master/ChangeLog
but there is one new API:
add ability to communicate source port back to caller
Drop the backported patch:
0001-Fix-function-inline-errors-in-debug-optimization-Og.patch
Drop patches merged upstream:
0001-tests-Include-missing-sys-time.h.patch
-> 8c96857 tests: Include missing sys/time.h
0001-relp-fix-build-against-upcoming-gcc-14-Werror-calloc.patch
-> baf992f relp: fix build against upcoming `gcc-14` ...
0001-tests-Fix-callback-prototype.patch
-> a4cb0bd tests: Fix callback prototype
0001-tcp-fix-some-compiler-warnings-with-enable-tls-opens.patch
-> 6e9b27f tcp: fix some compiler warnings with enable-tls-openssl
Ptest for qemux86-64, qemuarm64 with glibc and musl:
TOTAL: 30
PASS: 27
SKIP: 3
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 9.0.0:
- HSETEX with FXX should not create an object if it does not exist
- Fix crash when aborting a slot migration while child snapshot is
active
- Fix double MOVED reply on unblock at failover
- Fix memory leak with CLIENT LIST/KILL duplicate filters
- Fix incorrect accounting after completed atomic slot migration
- Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD
- Fix invalid memory address caused by hashtable shrinking during
safe iteration
Replace dependency hiredis with libvalkey.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Full Changelog:
https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
Avoid buildpath error:
QA Issue: File /usr/lib/rsyslog/ptest/tests/.deps/liboverride_getaddrinfo_la-override_getaddrinfo.Plo
These .deps directories are created at configure time and mainly used
in an interactive development environment. Remove test/.deps to eliminate
the error.
Drop: use-pkgconfig-to-check-libgcrypt.patch
since it's implemented upstream by:
85e03c0e8 Replace libgcrypt-config with pkg-config
8ba35bf6c Add missing libraries to pkg-config call
as per: https://github.com/rsyslog/rsyslog/pull/5406/commits
For musl, drop: 0001-Include-sys-time-h.patch
which oddly doesn't seem to be required to build any of: qemux86-64, qemuarm64,
and qemuarm.
Rebase other patches as needed.
ptest results for qemux86-64/kvm with extra FS space and 2 GB RAM:
Version | Total | Passed | Failed | Skipped
8.2506 | 485 | 479 | 0 | 6
8.2510 | 497 | 491 | 0 | 6
rsyslog works when built with musl but there are lots of ptest failures:
Version | Total | Passed | Failed | Skipped
8.2506 | 485 | 306 | 172 | 7
8.2510 | 497 | 310 | 180 | 7
Note that with this update the results are similarily bad. If someone is
interested and has time, they can work on improving the musl ptest results.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This avoid overridding the original PACKAGE_BEFORE_PN value could be
set in bbclasses.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.4.0:
- bd_nvme_connect() now defaults to port 4420 or 8009 for discovery
NQN respectively when
- configure.ac: fix bashism
- smart: Use drive self-assessment as an overall status
- nvme: Default to well-known tr_svcid values when not specified
- nvme: Handle memory allocation failures from _nvme_alloc()
- crypto: Add a function to set persistent flags for LUKS
- tests: Various minor mptovements
Drop CVE-2025-6019.patch because the change has been merged in
the upstream and it is included in version 3.4.0.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-checkpc-Do-not-define-Mail_fd-multiple-times.patch
removed since it's included in 3.9.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-3243
The issue is about file permissions: by default rsyslog creates world-readable
files. In case a log message contains some sensitive information, then that's
exposed to every user on the system.
However the rsyslog.conf file that is shipped with the recipe solves it: it
already sets non-world-readable default permissions on all files, so this
vulnerability is fixed in the default OE recipe.
See also this package in OpenSuse[1], where it is solved the same way.
[1]: https://build.opensuse.org/requests/619439/changes (rsyslog.conf.in)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct
latest stable verison.
Before the patch:
$ devtool latest-version smartmontools
INFO: Current version: 7.5
INFO: Latest version:
After the patch:
$ devtool latest-version smartmontools
INFO: Current version: 7.5
INFO: Latest version: 7.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Replace '/usr/bin/env python' with '/usr/bin/env python3' in the scripts
under ${libexecdir}/minifi-python-examples.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes for CVE 46817[1], 46818[2], 47819[3] are included in the used version
[1] fc282edb61
[2] dccb672d83
[3] 2802b52b55
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
When xxhash was included indirectly, there is a QA issue
at do_package_qa
...
|ERROR: QA Issue: /usr/lib64/libyang.so.3.9.13 contained in package
libyang requires libxxhash.so.0()(64bit), but no providers found in
RDEPENDS:libyang? [file-rdeps]
...
Explicitly add xxhash to DEPENDS, then:
...log.do_configure...
-- Found XXHash: build/tmp/work/x86-64-v3-wrs-linux/libyang/3.13.5/recipe-sysroot/usr/include
-- Hash algorithm: xxhash
...log.do_configure...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
