meta-openembedded: Merge latest upstream#116
Open
Shreejit-03 wants to merge 27 commits into
Open
Conversation
Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog: Fix possible failures when extracting metadata from EPUB, ODF and OOXML documents Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 5a08d78) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
0001-Use-aml-v1.patch refreshed for 0.9.6 Changelog: =========== - auth: rsa-aes: Fix potential buffer overflow - auth: vencrypt: Reject excessively long usernames and passwords Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 9222ec0) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog: ============ - Fixed snapshot comparison for dicts where keys are dataclass instances (or other custom objects used as dict keys), which previously caused corrupted snapshots - either collapsing multiple entries into one or appending duplicate keys on subsequent runs - Fixed tuple snapshot updates to compare elements positionally rather than using sequence alignment, so existing expressions (e.g. 3 + 3) are preserved when elements are removed from or added to a tuple. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit fe086de) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 6321202) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog: Fixed IndexError raised from check_signature_compatible when the subject method has no positional parameters Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 537a4c4) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog: ========== - Fix bug in redis version parsing when using Elasticache or any other that sends major/minor. redis-py incorrectly parses these as floats because there's only a single decimal, so the version check was breaking. - Rename max task option --max-tasks (previously was --max_tasks). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit c14a56b) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
https://docs.djangoproject.com/en/dev/releases/5.2.14/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit ef903fc) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
https://docs.djangoproject.com/en/dev/releases/6.0.5/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 2f64c27) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 137e8d2) Bugfixes and performance improvements: https://github.com/swagger-api/swagger-ui/releases/tag/v5.32.3 https://github.com/swagger-api/swagger-ui/releases/tag/v5.32.4 https://github.com/swagger-api/swagger-ui/releases/tag/v5.32.5 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit a86ee0d) Bugfix release https://github.com/swagger-api/swagger-ui/releases/tag/v5.32.6 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 5063ac8) Bug and security fixes ImageMagick/ImageMagick@7.1.2-21...7.1.2-22 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 84d4d96) https://github.com/rikyoz/bit7z/releases/tag/v4.0.12 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 03255a8) https://github.com/uriparser/uriparser/blob/uriparser-1.0.1/ChangeLog Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog: ============== * Fixed: [CVE-2026-44927] Stop truncating 'ptrdiff_t' to 'int' * Fixed: [CVE-2026-44928] Fix 'EqualsUri' with regard to '.absolutePath' * Fixed: Fix OOM related memory leak in 'CopyUriMm' * Improved: Simplify internal function 'CompareRange' into 'RangeEquals' * Improved: Make function 'RangeEquals' use size_t' internally * Soname: 3:2:2 - see https://verbump.de/ for what these numbers do Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit a0589ae) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Refreshed 0003-configure.ac-bypass-autoconf-2.69-version-check.patch for 17.10 Includes fix for CVE-2026-6472, CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6476, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6637, CVE-2026-6638 CVE-2026-6575 Release Notes: https://www.postgresql.org/docs/release/17.10/ Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 83cad39) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* Fix: + Fix out-of-bound read access when removing VLAN tag (CVE-2026-46433, openembedded#787) + Reject 0-length management address in LLDP + Fix race condition when creating the control socket + Fix FDP MAC address + Fix memory leak in the BSD bridge query path + Fix duplicate management addresses when merging EDP VLAN frames Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 74cd808) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4891 ] Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit a9de48a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4892 ] Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 21c3d7e) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4893 ] Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit b4c4853) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-5172 ] Signed-off-by: Abhishek Bachiphale <Abhishek.Bachiphale@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 44c8962) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
PipeWire 1.6.5 (2026-05-13)
This is a bugfix release that is API and ABI compatible with the previous
1.6.x releases.
Highlights
- Fix muted output in some cases.
- Removed the pipe filter in filter-graph.
- More fixes and improvements.
PipeWire
- Fix an issue in pw-filter where it could end up in a loop where buffers
are stuck on a port and the port becomes silent. (#5249)
Modules
- Improve ROC receiver start/stop, fixes memory leaks. (#5250)
- Remove the pipe filter from filter-graph, it's broken by design and a
security nightmare.
- Fix the midi buffer size in jack-tunnel.
SPA
- Rate limit out-of-buffers errors. (#5249)
- Partially revert the line-out mute patch, it seems to break things and leave
audio muted when plugging-unplugging jacks. (#5246)
- Improve renegotiation in audioconvert when the graph rate changes and the
resampler was disabled. (#4933).
- Fix potential crash in alsa when logging.
Pulse-server
- A whole bunch of extra security checks and hardening fixes.
Older versions:
PipeWire 1.6.4 (2026-04-22)
This is a bugfix release that is API and ABI compatible with the previous
1.6.x releases.
Highlights
- Small improvements and seqfault fixes.
- Try to not emit ports that JACK doesn't understand. Fixes glitches in
ardour and other JACK apps.
PipeWire
- Refuse to load plugins and crash when pw_init() was not called. (!2784)
SPA
- Fix LADSPA plugin loading, support LADSPA_PATH ending with /
- Fix segfault in alsa-seq when removing devices in some cases. (#5221)
- Allow negative gain in mixer. (#5228)
- Improve alsa-seq port names, add : between client and port. (#5229)
- ACP: don’t override user-selected port on availability changes.
Bluetooth
- Backport some important fixes and minor improvements.
JACK
- Ignore non DSP ports to avoid emitting extra callbacks.
GStreamer
- Fix crop metadata.
Tools
- Fix WAVEX saving in pw-cat. (#5233)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit babcd87)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Bug and security fixes ImageMagick/ImageMagick@7.1.2-22...7.1.2-23 PTEST passed: root@qemuarm64:~# ptest-runner imagemagick START: ptest-runner 2026-05-23T03:43 BEGIN: /usr/lib/imagemagick/ptest ... ... DURATION: 1 END: /usr/lib/imagemagick/ptest 2026-05-23T03:43 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
With this upgrade, nodejs updated the llhttp dependency to version 9.3.1 So some of the patches are nolonger necessary. Changelog: https://github.com/nodejs/node/releases/tag/v22.22.3 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit ea56a5e) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
zlib compression was introduced in version 9.3.3. However, when cross-compiling kmscon for an architecture other than x86_64, the genunifont executable tries to use the build-systems zlib instead of the hosts zlib. This leads to the following error during compiling: libz.so: error adding symbols: file in wrong format Fix this by adding a new native zlib dependency specifically for the genunifont executable. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 72154f3) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
The dynamic-layers/clang-layer/ directory does not exist under meta-oe. Remove the stale BBFILES_DYNAMIC references as they match nothing. Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit a07b2dd) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge latest from upstream. No conflicts.
Justification
AB#3738533
Testing
@ni/rtos