Changelog:
===============
Fix for XPath 1.0 processing of schema annotated XML data
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
- Fix: complex conditionals within a line might cause a KeyError when using sys.monitoring
- Fix: we can now measure coverage for code in Python archive (.par) files.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
* Adds support for Python 3.13.
* Drops support for (end-of-life) Python 3.8.
* Fixes an error with conflicting kwargs between AsyncToSync and the wrapped
function.
* Fixes Local isolation between asyncio Tasks.
* Fixes a reference cycle in Local
* Fixes a deadlock in CurrentThreadExecutor with nested async_to_sync -> sync_to_async -> async_to_sync -> create_task calls.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===============
- Added decorator functionality to Signal as a convenient way to add a callback
- Improved type safety by allowing callback parameters to be type checked
(typing-extensions is now required for Python <3.13). Parameters for a Signal
callback should now be defined like Signal[int, str]
- Removed the sphinxcontrib-asyncio documentation dependency.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Security:
* CVE-2025-4877 - Write beyond bounds in binary to base64 conversion
* CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file()
* CVE-2025-5318 - Likely read beyond bounds in sftp server handle management
* CVE-2025-5351 - Double free in functions exporting keys
* CVE-2025-5372 - ssh_kdf() returns a success code on certain failures
* CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding
* CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL
* Compatibility
* Fixed compatibility with CPM.cmake
* Compatibility with OpenSSH 10.0
* Tests compatibility with new Dropbear releases
* Removed p11-kit remoting from the pkcs11 testsuite
* Bugfixes
* Implement missing packet filter for DH GEX
* Properly process the SSH2_MSG_DEBUG message
* Allow escaping quotes in quoted arguments to ssh configuration
* Do not fail with unknown match keywords in ssh configuration
* Process packets before selecting signature algorithm during authentication
* Do not fail hard when the SFTP status message is not sent by noncompliant
servers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix autoptr usage
* Raise critical on finalization of thread-pool-scheduler which should
not happen in proper usage of libdex
* Avoid extra pointer chase when dispatching to thread pool workers
* Don't dispatch blocks while on fibers, wait for scheduler
* Fix leak of unix signal futures
* Improve management of fiber run queues
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Use 'lvconvert --repair' to repair raid arrays with transiently lost devices.
* Override 'LC_NUMERIC' locale if unsuitable for 'json_std' report format.
* Fail 'dm_report_group_create' if radix char from locale unsuitable for 'json_std'.
* Escape the escape character itself on JSON report format output.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- decode: add check for ipv4 fragmentation for decode_ip
- example: added IP configs for other systems
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
- appwin: Put each window in its own group
- widget: improve pointer accuracy on recent versions of GTK
- Fix erroneous error message when writing empty files
- ci: Do not explicitly define tarball-artifact-path
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update:
===============
Update COPYING with current FSF contact information
Include the most recent GPLv2 version
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
This avoids rpmlint errors like E: incorrect-fsf-address
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fix auto-detection of CPU temp on Ampere boards
- Fixed floating_humanizer() to work correctly when numeric delimiter isn't a dot.
- Add command line option to set an inital filter
- Make 100ms the minimal refresh rate. Exit gracefully if integer conversion in CLI parser fails.
- Lock/unlock config to avoid infinite recursio
- Fix incorrect positioning and start symbol of second title
- Fix dangling reference warnings for GCC 13 and later
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Make connection notifications transient
- StatusNotifierItem: announce children-display
- Manager: Hide bt status switch when PowerManager is not available
- Handling for new StatusNotifierWatcher
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 25.6.1:
- new: announcement of upcoming (but not yet effective) new AI
policy clarifying matter with respect to AI assisted
contributions
- fix: update license file to include contributors (#188)
- fix: remove obsolete dependency on six (#186)
- fix: update pypy version in CI workflow (#187)
- fix: setupcfg.py:508: SetuptoolsDeprecationWarning: The
license_file parameter is deprecated, use license_files instead.
- Copyrights transferred from Crossbar.io Technologies GmbH (Germany)
to typedef int GmbH (Germany)
License-Update: Update license file to include contributors
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 7.3.2:
- Embedded arguments matching only after replacing variables do not
work with Run Keyword or setup/teardown
- French Etant donne, Et and Mais BDD prefixes don't work with
keyword names starting with que or qu'
- Messages and keywords by listener end_test method override
original body when using JSON outputs if test has teardown
- --flattenkeywords doesn't work with JSON outputs
- --flattenkeywords doesn't remove GROUP, VAR or RETURN
- ExecutionResult ignores include_keywords argument with JSON outputs
- Suite teardown failures are not handled properly with JSON outputs
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update python3-moteus to the latest release.
Since no formal changelog is available, here's the git shortlog of the
moteus python library [1] for the corresponding release:
Josh Pieper (2):
Add some more register definitions
Add --version options to moteus_tool and tview
[1] https://github.com/mjbots/moteus/commits/main/lib/python
Signed-off-by: Richard Leitner <dev@g0hl1n.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The network access during compile task has been resolved now.
Change-Id: Id7a8510ae1095a2430d26015bdd6cc54b633781f
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the GO_SRCURI_DESTSUFFIX convenience variable for the Go main module
in the SRC_URI variable.
Signed-off-by: Christian Lindeberg <christian.lindeberg@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removing all the S = ${WORKDIR}/git assignments works because BB_GIT_DEFAULT_DESTSUFFIX
is set to match S from bitbake.conf (which itself is set to match typical tarball
releases).
ERROR: influxdb-1.8.10-r0 do_unpack: Recipes that set S = "${WORKDIR}/git" or S = "${UNPACKDIR}/git" should remove that assignment, as S set by bitbake.conf in oe-core now works.
Signed-off-by: Alper Ak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use the go module fetcher instead of allowing network access during the
compile task.
Apply patch to replace github.com/pkg/term with github.com/kraj/term
unconditionally to avoid conditional module dependencies.
Reorder variables according to the recipe style guide.
Signed-off-by: Christian Lindeberg <christian.lindeberg@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for release 1.7.1:
- Fix TypeError on nightly builds (Python 3.14.0a7+) due to new
HelpFormatter arguments. The console parameter is now keyword-only.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.6.1:
- Migrate setup.py to pyproject.toml
Fixes:
WARNING: python3-progress-1.6.1-r0 do_check_backend: QA Issue:
inherits setuptools3 but has pyproject.toml with
setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This updates to a revision that has PR1260, which uses ELF entries to
get dependencies instead of (cross-)ldd. This makes it useable as a tool
to generate initramfses using cross tools, in e.g. do_rootfs.
Since this is not using a tagged release and changes the base logic, add
it as a non-default option using DEFAULT_PREFERENCE = -1.
Extend to native(-sdk) to accomplish just that.
The host-built initramfs (using a custom bbclass) as well as the
on-target built initramfs have been tested on qrb2210-rb1-core-kit and
qcs6490-rb3gen-core-kit machines and work as intented.
Signed-off-by: Koen Kooi <koen.kooi@oss.qualcomm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gutenprint install hooks run in parallel but depend on each other. This
is a race condition and might trigger a build failure (e.g on AB [0]):
| chmod 700 $WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint
| chmod: cannot access '$WORKDIR/image/usr/libexec/cups/backend/backend_gutenprint': Not a directory
| make[5]: *** [Makefile:2166: install-exec-hook] Error 1
Fixes this by adding an explicit dependency between the dependent
targets.
[0]: https://autobuilder.yoctoproject.org/valkyrie/#/builders/87/builds/46/steps/33/logs/stdio
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
clang is fussy and this package is old. It should perhaps
be removed but this keeps it going so let it be.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Hardcoded path works only when target is x86_64, but fails for other
architectures, loosen the search path regexp
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes
QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is a security update.
There are fixes for memory leaks, segfaults and CVEs.
CVE-2025-1735
CVE-2025-1220
CVE-2025-6491
Changelog: https://www.php.net/ChangeLog-8.php#8.4.10
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The commits have been merged upstream, but there hasn't been a release
containing them yet (last upstream release was years ago). Pulling them in
unblocks builds with CMake 4+ in the context of a patch series bumping CMake to
4.0.3 in openembedded-core (see [0]).
[0]: https://lists.openembedded.org/g/openembedded-core/topic/113946576
CC: antonin.godard@bootlin.com
CC: alex.kanavin@gmail.com
Signed-off-by: Moritz Haase <Moritz.Haase@bmw.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The systemd target `usb-gadget.target` is triggered by udev when a UDC
first comes up. It can happen that by the time gadget-start runs, this
UDC has been removed from the system again.
Have the gadget-start script exit with status 1 when `ls /sys/class/udc`
returns nothing.
Causing a service failure when no UDC is detected and no default was
given, allows the service to be restarted by a udev rule calling the
service (and not the target since those are not reentrant) directly. On
its own this patch will not do much.
For example, we saw such a situation using the DWC3 USB controller and
usb-conn-gpio kernel modules as loadables. By the time of the DWC3 init,
udev was active, and during init DWC3 started the USB OTG port in device
mode. If a pen drive was plugged in at boot, it would quickly switch to
host mode right after initialisation, emitting another udev event for
the removal of the UDC. The systemd target as thus reached, but by the
time gadget-start ran, the UDC was gone.
dwc3 init usb-conn-gpio role switch
│ │
▼ ▼
udev: add UDC─┐ udev: del UDC─────►/sys/class/udc empty
│ │
│ x
│ │
│ ▼
└────────────►usb-gadget.target─────►gadget-start
Signed-off-by: Ernest Van Hoecke <ernest.vanhoecke@toradex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Ensure that wayland-scanner is added to dependencies
Create protocols directory as well where the .c files generated
during build are emitted into.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
openssl-native is compiled with a engine path /not/builtin
and the config file provides the actual path.
The configure script looks up this not working path.
To make it work, provide the runtime path via configure argument.
Signed-off-by: Denis OSTERLAND-HEIM <denis.osterland@diehl.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
