StringFuncs.c: In function ‘SplitStringByWhitespace’:
StringFuncs.c:113:15: error: variable ‘Item’ set but not used [-Werror=unused-but-set-variable=]
113 | UINTN Item;
| ^~~~
- A new sample demonstrating the rasterization order attachment access extension (#1492).
- Broken documentation link to GitHub repo fixed (#1506).
- Vulkan SDK updated to 1.4.341 (#1477).
Benjamin Robin [Fri, 10 Apr 2026 13:10:46 +0000 (15:10 +0200)]
webkitgtk: Remove escaping of the plus sign in `CVE_PRODUCT`
The `+` character is now properly escaped by `cve_check.cpe_escape()`
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Fri, 10 Apr 2026 13:10:45 +0000 (15:10 +0200)]
gtk+: Remove escaping of the plus sign in `CVE_PRODUCT`
The `+` character is now properly escaped by `cve_check.cpe_escape()`
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Fri, 10 Apr 2026 13:10:44 +0000 (15:10 +0200)]
cve_check: do not break old CVE_PRODUCT with escaped +
For now, until all layer are fixed, replace already escaped plus (+)
with a simple + before doing the escaping.
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Fri, 10 Apr 2026 13:10:43 +0000 (15:10 +0200)]
cve_check: Improve escaping of special characters in CPE 2.3
According to the NISTIR 7695 specification [1], multiple characters
require escaping when using formatted strings (e.g., `cpe:2.3:...`),
which use backslash escaping. In "Figure 6-3. ABNF for Formatted String
Binding"", the characters that need escaping are referenced by "escape",
"special", and "punc". More characters must be escaped than just
`\`, `?`, `*`, `:`, and `+`.
Additionally, use `maketrans()` with `translate()`, which is more
efficient than a simple `replace()`.
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Sun, 12 Apr 2026 15:03:23 +0000 (17:03 +0200)]
libpng: upgrade 1.6.55 -> 1.6.56
Release notes [1]:
* Fixed CVE-2026-33416 (high severity):
Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`.
(Reported by Halil Oktay and Ryo Shimada;
fixed by Halil Oktay and Cosmin Truta.)
* Fixed CVE-2026-33636 (high severity):
Out-of-bounds read/write in the palette expansion on ARM Neon.
(Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.)
* Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers.
(Contributed by Halil Oktay.)
* Fixed stale `info_ptr->palette` after in-place gamma and background
transforms.
* Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path.
(Contributed by Yuelin Wang.)
* Fixed wrong background color in colormap read.
(Contributed by Yuelin Wang.)
* Fixed dead loop in sPLT write.
(Contributed by Yuelin Wang.)
* Added missing null pointer checks in four public API functions.
(Contributed by Yuelin Wang.)
* Validated shift bit depths in `png_set_shift` to prevent infinite loop.
(Contributed by Yuelin Wang.)
* Avoided undefined behavior in library and tests.
* Deprecated the hardly-ever-tested POINTER_INDEXING config option.
* Added negative-stride test coverage for the simplified API.
* Fixed memory leaks and API misuse in oss-fuzz.
(Contributed by Owen Sanzas.)
* Implemented various fixes and improvements in oss-fuzz.
(Contributed by Bob Friesenhahn and Philippe Antoine.)
* Performed various refactorings and cleanups.
Martin Jansa [Sun, 12 Apr 2026 10:57:50 +0000 (12:57 +0200)]
apr: remove -std=gnu23 from apr_rules.mk to fix reproducibility
With the updated ax_prog_cc_for_build.m4 from
apr: fix build with autoconf-2.73
it now correctly detects -std=gnu23 usability on host gcc and doesn't
try to use it e.g. with gcc-13 which doesn't support it, but that causes
build reproducibility issue between builds on such hosts as
CC_FOR_BUILD is included in installed /usr/share/build-1/apr_rules.mk
https://valkyrie.yocto.io/pub/repro-fail/oe-reproducible-20260412-a5w4mcrk/packages/diff-html/
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
useradd.bbclass: allow inheriting with only USERADD_DEPENDS set
When a recipe inherits useradd and only sets USERADD_DEPENDS (to depend
on users/groups created by another recipe), without creating any
users/groups itself, the parse-time sanity check incorrectly throws a
fatal error about missing USERADD_PACKAGES.
Skip the USERADD_PACKAGES/USERADD_PARAM validation when USERADD_DEPENDS
is set but USERADD_PACKAGES is not, since the recipe only needs build
dependency tracking, not user/group creation.
gstreamer1.0-plugins-bad: Add fdkaac as a package feature
This adds support for building gstfdkaac, which is the GStreamer element
that wraps the fdk-aac AAC encoding library from Fraunhofer. fdk-aac is
available in meta-multimedia.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
weston: backport gl-shaders fix to avoid shader compiler crashes
Some GPU shader compilers do not optimize away unused YUV shader
uniforms, even when the associated code paths are unreachable. This can cause
Weston to hit assertion failures at runtime on non-Mesa platforms, despite
working correctly on Mesa-based drivers.
Backport the upstream gl-shaders fix to restore stable behavior across
GPU drivers.
oe-selftest/cpp-example: fix conf file ownership with static UIDs/GIDs
test_devtool_ide_sdk_none_qemu builds an image containing both
cmake-example and meson-example, starts a QEMU instance, then uses
devtool ide-sdk + devtool deploy-target to rebuild and redeploy each
recipe in turn. The test verifies that /etc/<recipe>.conf is owned by
the matching user both before and after each deploy cycle.
The test was failing with:
/etc/meson-example.conf not owned by user meson-example: got cmake-example
During do_install, pseudo resolves ${BPN} to a UID by looking up
/etc/passwd in the recipe's own isolated RECIPE_SYSROOT. Since the
sysroots are independent, both cmake-example and meson-example each
see themselves as the first --system user and get the same UID (e.g.
100). Both ${D} trees therefore contain files with UID 100. In the
final rootfs cmake-example is allocated UID 100 and meson-example UID
101. Files packaged for meson-example still carry UID 100, so stat
reports them as owned by cmake-example.
A pkg_postinst chown would fix the rootfs, but devtool deploy-target
is a plain tar pipe over SSH with no package-manager involvement - it
never runs pkg_postinst. Whatever UID is embedded in ${D} is what
lands on the target. Not sure how this could be fixed with dynamic UIDs.
A clean solution is to make every recipe sysroot and the final image
agree on the same UIDs from the start, i.e. static IDs.
Fix:
- Enable USERADDEXTENSION = "useradd-staticids" in _write_bb_config so
the test builds with static IDs for the duration of the test.
- Add cmake-example (UID/GID 533) and meson-example (UID/GID 534) to
meta-selftest/files/static-passwd and static-group.
- Expand the comment in cpp-example.inc's do_install to document the
static-ID requirement so future readers understand why the -o/-g
flags work correctly only under useradd-staticids.
- Fix a copy-paste error in the in-test comment (said
"meson-example.conf ... cmake-example user" for the cmake block).
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oe-selftest: devtool: use assertRegex to match test output for meson
Replace strict string matching with assertRegex to allow for flexible
whitespace in the "Fail: 0" output from meson tests. This improves test
robustness against formatting changes.
This issue was discovered with scarthgap.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oe-selftest: devtool: GDB breakpoint after std::vector is constructed
Change the GDB breakpoint from line 55 to 56 in cpp-example.cpp so that
the std::vector constructor has already executed when GDB stops. This
ensures that inspecting the vector with GDB works as intended also with
older GDB versions (e.g. on scarthgap).
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This does not build on hosts with gcc <= 13 which does not have std=gnu23
dialect option e.g. ubuntu 24.04, especially with clang which does not
default to gnu23 yet like gcc-15, so autoconf 2.73 decided to enforce the
standard with clang which then spills into CC_FOR_BUILD as well without
this patch
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This does not build on hosts with gcc <= 13 which does not have std=gnu23
dialect option e.g. ubuntu 24.04, especially with clang which does not
default to gnu23 yet like gcc-15, so autoconf 2.73 decided to enforce the
standard with clang which then spills into CC_FOR_BUILD as well without
this patch
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This does not build on hosts with gcc <= 13 which does not have std=gnu23
dialect option e.g. ubuntu 24.04, especially with clang which does not
default to gnu23 yet like gcc-15, so autoconf 2.73 decided to enforce the
standard with clang which then spills into CC_FOR_BUILD as well without
this patch
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GCC-15 has switched to using C23 by default, we have been selectively
disabling warnings as errors to get by, however with autoconf 2.72 adding
-std=gnu23 it now gets enabled for every compiler and clang-22 is more
obidient and has dropped support for K&R C completely. db5 code has a lot
of K&R C prototypes and it starts to fail vigorously. We can not keep
working around with out uplifting sources to be compliant with newer C
standard like C23.
Therefore pin the cflags to use C99 standard as this package expects.
Drop the code to disable warnings as errors selectively instead add a
fix for addressing implicit int warnings
- 0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch since
it was a backport and is now included in 3.14.4.
- 0001-test_pyrepl-skip-test_pyrepl_eio.patch, the test for which was
determined flaky and dropped upstream in commit 9743d88334ad.
e9846648fd61 [RISCV] Use a vector MemVT when converting store+extractelt into a vector store. (#190107) c55c1c1140e1 [TargetLowering] Speculative fix for a non-determinism issue between different compilers. (#190219) 151b4a3bafdd [clang-repl] Use canonical types in QualTypeToString (#190528) 0fecbff69a53 [clang] Fix issues with const/pure on varargs function. (#190252) ae980d3b4df7 [lldb] Iterate over a copy of the ModuleList in SearchFilter (#189009) 307a11d7aa62 [Flang] Fix lowering failure for some constructs inside a CHANGE TEAM (#184342) cd7f7379a016 [AArch64][llvm] Fix encoding for `stshh` instruction (#189588) 4250a0fc5de9 [RISCV] Fix stackmap shadow trimming NOP size for compressed targets (#189774) da8a5b950c7d [flang] Update Flang Extension doc to reflect previous change (#188088) 0626016c5b90 [LoongArch] Implement canMergeStoresTo to avoid crash while NoImplicitFloat attribute is set (#188005) bc44e9b80349 [Hexagon] Use __HVX_IEEE_FP__ to guard protos that need -mhvx-ieee-fp (#184422) e6e59749af18 [Hexagon] Define __HVX_IEEE_FP__ when -mhvx-ieee-fp is enabled (#183829) dc9d64aad7a9 [lld][COFF] Restore `lto-embed-bitcode` and `-fembed-bitcode` Bitcode Embedding Features (#188398) 8fef0fb1a2de [clang-repl] Fix C89 incompatible keywords (#189432) 7b6514cd3089 [sanitizer_common] [Darwin] Adopt _dyld_get_dyld_header (#182943) 24b53fbc67d9 [X86] Improve illegal return type handling in FastISel (#186723) cc87fcfeef54 [AccelTable] Pre-compute entry pool offsets for DW_IDX_parent. NFC (#188915) 561944ebcbd1 [lit] Explicitly unset timer to free thread stack (#188717) 58468775a5e2 [lit] dealloc ApplyResult objects as they're waited on (#188642) 719a040bf13f [lit] Stop holding subprocess objects open in TimeoutHelper (#186712) b8918e6248a8 [LoongArch] Fix incorrect reciprocal sqrt estimate semantics (#187621) 62b14a88906d [MC,clang] Fix -Wa,--noexecstack not emitting .note.GNU-stack (#187880) 4bae0d33b2a4 [ARM] Fix incorrect post increment from Or (#188036) d033ffe4eeb4 [ARM] Regenerate vld2.ll test. NFC 5f04300518b5 [AArch64] Use an unknown size for memcpy ops with non-constant sizes. (#187445) f6198f61b2bd [Hexagon] Fix truncation to boolean vector that need widening (#182528) 240f42d95f51 [Hexagon] Fix 64-bit funnel shift miscompilation with register shift amounts (#183669) a6cd46b239c7 [Hexagon] Fix B0 macro conflict between hexagon_types.h and termios.h (#184539) 4592b0b6388d [libunwind] Fix building on OpenBSD / FreeBSD aarch64 (#188397) cf542a3d9c00 [lldb] use the Py_REFCNT() macro instead of directly accessing member (#188161) d40e60759077 [LoongArch] Fix incorrect indexing of incoming byval arguments in tail call eligibility check (#188006) b68aafeb0dc1 [clang][AST] Preserve qualifiers in getFullyQualifiedType for AutoType (#187717) 55b442495879 [Clang] Fix a concept subsumption bug when template depths are adjusted (#186735) 7b593cd6c0df Bump version to 22.1.3
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko [Wed, 8 Apr 2026 05:57:30 +0000 (07:57 +0200)]
openssl: upgrade 3.5.5 -> 3.5.6
Release information [1]:
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this release is Medium.
This release incorporates the following bug fixes and mitigations:
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. (CVE-2026-31790)
* Fixed loss of key agreement group tuple structure when the DEFAULT keyword is used in
the server-side configuration of the key-agreement group list. (CVE-2026-2673)
* Fixed potential use-after-free in DANE client code. (CVE-2026-28387)
* Fixed NULL pointer dereference when processing a delta CRL. (CVE-2026-28388)
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. (CVE-2026-28389)
* Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. (CVE-2026-28390)
* Fixed heap buffer overflow in hexadecimal conversion. (CVE-2026-31789)
autoconf 2.73 enforces C23 and adds -std=gnu23 but it leaks it into
CC_FOR_BUILD as well, which bites on systems with GCC < 14 where this
option does not exist.
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ce1013a197 tests: fix tst-rseq with Linux 7.0 60cabd0464 riscv: Resolve calls to memcpy using memcpy-generic in early startup 02ffd413cf elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen 2695314378 elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso dd9945c0ba resolv: Check hostname for validity (CVE-2026-4438) 5c6fca0c62 resolv: Count records correctly (CVE-2026-4437) 2be6cf2e75 posix: Run tst-wordexp-reuse-mem test 305ce0b588 aarch64: Tests for locking GCS 2ee41ba6ec aarch64: Lock GCS status at startup fa4a40c7d4 tests: aarch64: fix makefile dependencies for dlopen tests for BTI 9898ea58b5 malloc: Avoid accessing /sys/kernel/mm files c3ceb93dc4 Add BZ 33904 entry to NEWS 911bd469f8 debug: Fix build with --enable-fortify-source=1 (BZ 33904) 48f5a05a7a nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940) d6cb7ce0e9 Linux: In getlogin_r, use utmp fallback only for specific errors 140c760d71 nss: Introduce dedicated struct nss_database_for_fork type
commit - 2be6cf2e75 posix: Run tst-wordexp-reuse-mem test
Fixes Makefile dependency to ensure the testcase is executed.
Passing new testcase:
+PASS: posix/tst-wordexp-reuse-mem
commit - dd9945c0ba resolv: Check hostname for validity (CVE-2026-4438)
Adds validation for hostname parsing and introduces a regression test.
Passing new testcase:
+PASS: resolv/tst-resolv-invalid-ptr
commit - 5c6fca0c62 resolv: Count records correctly (CVE-2026-4437)
Fixes DNS answer section parsing and adds a regression test.
Passing new testcase:
+PASS: resolv/tst-resolv-dns-section
commit - 48f5a05a7a nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)
Fixes null pointer dereference and improves NSS handling.
Added testcase:
UNSUPPORTED: nss/tst-nss-malloc-failure-getlogin_r
Signed-off-by: Hemanth Kumar M D <Hemanth.KumarMD@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 31 Mar 2026 13:24:29 +0000 (14:24 +0100)]
classes/cve-check: remove class
It's been long known that the cve-check class in oe-core is not that
usable in the real world, for more details see "Future of CVE scanning
in Yocto"[1]. This mail proposed an alternative direction that included
a CVE scanning tool that can be ran both during the build and afterwards,
so that periodic scans of a previously build image is possible.
Last year, Bootlin wrote sbom-cve-check[2] and I compared this to my
proposal in "Comparing cve-check with sbom-cve-check"[3], concluding
that this is likely the missing piece.
Support for sbom-cve-check has been merged into oe-core, and the
cve-check class is now obsolete. So that we don't have to maintain it for
the four-year lifecycle of the Wrynose release, delete it.
This patch also deletes the database fetcher recipes, and the test cases
that were specific to cve-check. Note that the oe.cve_check library
still exists as this is used by the SPDX classes.
classes-global/package: Ensure -src package is handled in signatures
populate_packages() will automatically insert a -src package if
PACKAGE_DEBUG_SPLIT_STYLE is "debug-with-srcpkg", even if there is not
-src package in PACKAGES. However, when the -src package is not in
PACKAGES, it is not accounted for in the task signatures which results
in errors.
[YOCTO #16238]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 9 Apr 2026 16:26:22 +0000 (17:26 +0100)]
classes/sbom-cve-check: add variable to control the scope of the CVE scan
Unless told otherwise, sbom-cve-check will only report on issues found
in target recipes. Whilst this is the behaviour we want for image-based
scanning, it's not the designed bevhaviour for recipe-based scanning.
Add a new variable SBOM_CVE_CHECK_SCAN_SCOPE that is used as the value
passed with --export-process-native. Default this to "target" so the
normal behaviour is unchanged, but set it to "both" in the
sbom-cve-check-recipe class.
Richard Purdie [Wed, 8 Apr 2026 07:13:13 +0000 (08:13 +0100)]
oeqa: Drop /git/ from our urls
Using /git/ in our urls is rather old school and not the preferred format now.
Update the urls to the preferred form even if the other ones still work.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 8 Apr 2026 06:45:09 +0000 (07:45 +0100)]
selftest/scripts: Update old git protocol references
git protocol accesses to our infrastructure are currently struggling and this
has highlighted a number of places we're making those obsolete access forms.
Update them to use https instead of the git protocol since it is preferred
and more reliable.
The devtool test needed quoting to handle the ';' in the url. The -f option
to devtool also shows a deprecation warning so remove that.
There were internal references to git protocol urls inside the nested git
submodules test report, which means those repos need updating to use
new git revisions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
docbook-xsl-stylesheets: Use str:replace from exslt.org to implement string.subst
Developement for docbook stylesheets has moved to github
there are newer releases available too which include this fix, however
for now nearing 6.0 release this is least intrusive way to move forward
Cargo Changes:
https://doc.rust-lang.org/nightly/cargo/CHANGELOG.html#cargo-1941-2026-03-26 Fixes: CVE-2026-33055 and CVE-2026-33056
Test results:
No changes
Matt Madison [Sun, 5 Apr 2026 13:40:49 +0000 (06:40 -0700)]
systemd: fix packaging of 'run0'
The 'run0' command was introduced with systemd v256. Its
implementation is in the 'systemd-run' program, with
${bindir}/run0 installed as a symlink to that program.
However, when the upgrade to v256 was done (in commit 89b75b46371d5e9172cb496b461824d8551a2af5), the run0 symlink
wasn't packaged into systemd-extra-utils (where systemd-run
is packaged), introducing a hard RDEPENDS from systemd ->
systemd-extra-utils due to the symlink.
Fix this, and return to the softer RRECOMMENDS dependency
between systemd and systemd-extra-utils, by packaging run0
into systemd-extra-utils.
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0:
* b2a3b2e: Back to development after 1.28.0
* 6ec50ef: tutorials/android: bump up ndkVersion to 29
* 4f6b36b: gst-examples/webrtc: fix error reported with android NDK 29
* 425d36f: gst-examples: webrtc: Update Rust dependencies
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 6376a84: modules: dist common files from monorepo root
* 57be895: devtools: dots-viewer: Update Rust dependencies
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 6376a84: modules: dist common files from monorepo root
* 012b257: rtspclientsink: don't error out when stream transport
notifies timeout
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* c2ef75a: rtsp-stream: Clear send_thread when it's freed
* 20d3e66: rtsp-client: Lock media when unlinking session medias
* 0882b60: gst: Fix a couple of const correctness bugs around strchr()
usage
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* 539aaa1: python: Caps constructor has a single optional argument
* 18d4781: python: Structure constructor has a single required argument
* 6f21099: python: Add type hints for MapInfo members
* 0df78d0: python: Remove duplicated TestDoubleRange
* d4af24c: python: Add type hint for public fields
* 5f4fe17: python: int|float type is redundant and cause linter issue
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* c43f2b2: python: Add item type annotation to Iterator class
* 49ca53f: python: Make Gst.Bin iterable
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* be2f846: avviddec: Allow stride changes for some decoders
* f0bfd0c: avviddec: Handle field/order changes in mixed interlace mode
* f717c6e: avviddec: Simplify picture_changed helper function
* 0f77771: gst: fix author name: add missing closing angle bracket
* d125725: gst: also adapt author names in the gst_plugins_cache.json
files
* 92ba6c2: avviddec: Don't increment the AVCodecContext frame counter
* 529e7a6: avauddec: Don't increment the AVCodecContext frame counter
* aa02005: avviddec: Forward any ready video frames on gap events
* 0a6950d: gst-libav: avvidcmp: set colorimetry on AVFrame
* adc82d2: libav: Don't process lines that won't be outputted
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* 60c9be9: avviddec: Simplify conditional code in context handling
* b6fbaaf: avviddec: Improve renegotiation debug message
* d94518f: avviddec: Fix handling of mixed interlaced content
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 80cd0ee: avviddec: Refcount codec frame associated with video frame
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* 8f9c0ad: asfdemux: Error out on files with more than 32 streams
* cb184da: rmdemux: Check if new video fragment overflows the fragment
storage before storing it
* 3bcbda6: rmdemux: Avoid integer overflow when checking if enough data
is available for video fragment
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 37274be: gst-plugins-ugly: update translations
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* 99c68cb: meson: Fix libxml2 not building due to wrong option type
* e973899: cudaupload, cudadownload: Fix CUDA/GL interop copy path
* 83b8417: webrtc: sink floating refs of ICE transports
* 887f2bf: ajasink: Only allow 6 / 8 / 16 audio channels
* a74bd95: mpegtspacketizer: Handle clock change/resets without skew
correction
* 956e714: mxfdemux: fix gst_mxf_demux_pad_get_stream_time ()
* 73bc4b8: tsdemux: Fix Continuity Counter handling
* 3795ca5: tsdemux: Simplify initial packet handling
* 150a7e4: mxfdemux: always send a segment before sending eos or
segment-done
* 3fdc449: codectimestamper: Fix latency query handling
* 530a52f: vtdec: Always reset flushing flag in flush()
* 4dfe11e: vtdec: Fix a very slight race in handle_frame() when
flushing
* 0a5e48c: vtdec: Make sure to reset last flow return when flushing
* ae04185: vtdec: Implement drain() to allow reverse playback
* 9e0e66f: webrtcbin: Check the presence of encoding-name fields in
answer caps
* fe28caa: vadisplay: Fix a couple of new const-ness warnings around
strstr() usage
* b88511e: classifiertensordecoder: Fix uninitialized variable compiler
warning
* 9924971: gstplay: fix reference counting
* f721368: v4l2: Add support for AV1 V4l2 decoder
* 0fd06de: vulkan/ios: Fix scaling and resizing with UIView
* 0708627: audiobuffersplit: Correctly calculate adapter start/end
running time for negative rates
* 9ae3903: audiobuffersplit: Use the output segment for output related
calculations
* 1a9c31f: audiobuffersplit: Don't use floating point divisions
unnecessarily
* 5e9ff8c: audiobuffersplit: Log if an input buffer has the discont
flag set or not
* 2ded76c: audiobuffersplit: Send any pending segment before
EOS/SEGMENT_DONE
* 72b9964: audiobuffersplit: Handle SEGMENT_DONE the same way as EOS
* 1f43861: audiobuffersplit: Convert gap events to silence buffers
* 16a2fef: audiobuffersplit: Implement negative rates correctly
* 6c6aba2: mpeghdec: memory leak fix in MPEG-H Audio decoder plugin
* 63e8a3b: vtdec: Don't re-create session if only the framerate changed
* 9e17a28: audiobuffersplit: fix reverse playback
* 59a7e80: vtdec: Add more debug logging
* 321c742: vtdec: Fix race condition when negotiating during playback
* 030cfc1: wayland: Fix CLAMP operation of maxFALL and maxCLL
* 705376e: objectdetectionoverlay: add support for rotated bounding
boxes
* d2aae83: cea608mux: fix overflow when calculating output PTS
* 05d821e: siren: remove trailing space from klass
* 24d4d91: openni2src: remove trailing space from desc
* 2700371: smoothstreaming: remove trailing space from desc
* d5e0ba7: gst-plugins-bad: remove trailing spaces: update
gst_plugins_cache.json
* f7f24fc: zebrastripe: adapt klass to recommendation
* d032f3c: fieldanalysis: adapt klass to recommendation
* 3c06dee: dtls: fix author name: add missing angle brackets
* 0f77771: gst: fix author name: add missing closing angle bracket
* 4506913: gst-plugins: fix author name: correct incomplete or wrong
emails
* d125725: gst: also adapt author names in the gst_plugins_cache.json
files
* c20ae61: videocodectestsink: fix typo in klass
* b463b8f: unixfdsrc: adapt klass "Src" to "Source"
* 8aa4eff: avtpsrc: adapt klass "Src" to "Source"
* e6348c3: rtpsrc: adapt klass "Src" to "Source"
* d21129f: frei0r-src: adapt klass "Src" to "Source"
* 78ce4b2: tsmux: reduce noise for DEBUG log level
* 5b40409: openh264enc: skip drain for baseline profile
* 53a95b2: openh264enc: remove broken drain and simplify handle_frame
* fafeaef: ajasinkcombiner: Only forward the segment events from the
video sinkpad
* 988666b: meson: Add a subproject for providing the LunarG MoltenVK
SDK
* 5084c9b: vulkan: load video function pointers conditionally based on
codec operation
* 011a06b: waylandsink: make gst_wl_window_commit_buffer handle NULL
buffers
* f201683: vtdec: Fix CM memory leak due to incorrect unref
* 930b4aa: zxing: Minimal support for compiling with zxing-cpp 3.x
* 51f45dc: vabasetransform: copy buffer's metadata at copy when import
buffer
* dbefb70: zxing: Fix version check for zxing-cpp 3.0.1
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* 2601491: vtdec: Avoid busy looping when queue length is smaller than
DPB size
* b76fe59: ladspa: Fix macOS detection
* 291e479: meson: Deprecate `system = 'ios'` in cross files, use
subsystem
* 4aa405d: applemedia: Stop using HAVE_IOS, use TARGET_OS_* macros
instead
* b4eaad5: avfdeviceprovider: AVCaptureDevice manufacturer is more
widely available
* 38655e0: applemedia: Enable EAGL support on tvOS too
* 25fbfd3: vtdec: VTRegisterSupplementalVideoDecoderIfAvailable is
widely available
* e833ae2: vtdec: Software decoders are now more widely available
* 082bc62: avfvideosrc: Add support for newer iOS 17+ APIs
* 190153c: vtenc: Fix build with tvOS
* 1c213de: applemedia: Disable avfvideosrc and avfdeviceprovider on
tvOS/watchOS
* 7807e72: vtdec: Check for AV1 and VP9 support once
* 9d8e01f: macos: Stop using HAVE_OSX, use built-in macros instead
* 86b0957: frie0r, ladspa: Stop using G_MODULE_SUFFIX
* 149cc0e: vtdec: Fix GstVideoCodecState leak
* 2f5b70e: asiosink: Fill silence when paused
* ad31d52: applemedia: elements can now be individually registered with
gst-full
* 8074134: h264,h265ccextractor: Fix framerate in initial caps
* 2efd57c: ccconverter: Reset counters on flush-stop
* af04ec5: vkav1dec: fix to set SavedOrderHints properly
* a10695e: v4l2codecs: Add short and long term controls in linux
headers
* 1721252: h265parser: Store raw short/long term RPS sets
* 8788a6c: codecs: h265dec: Parse extended SPS information
* 54994bb: v4l2codecs: Set long and short term RPS controls
* c22cdd5: build: codecs: Add AV1 decoder to the GIR includes
* 81b283e: build: codecs: Small style improvement
* d795915: build: codecparsers: Install some newly introduce API
headers
* 0fd74d0: build: codecparsers: Create a GIR file needed for since
marking
* 3686103: codec: h265decoder: Fix annotation and constify return value
* 1768b12: build: codecs: Add gir dependency to the new GstCodecParsers
gir
* 282fd81: codecparsers: h265/vc1: Add missing namespace to some
defines
* 9579389: codecparsers: Fix annotation warnings reported at GIR
constructions
* 947d59f: doc: codecparsers: Switch to gi-index
* 13b57d5: meson: Explicitly use cpp_std=c++11 for decklink
* 1ff173e: vavp8enc: set color format chroma
* c1ee041: tensordecoders: fix wrong dims_order check
* cbd357d: onnx: set dims_order on GstTensor
* 94c24fe: vtdec: Fix return value in flush()
* e5f8ddf: vtdec: Make sure VT thread won't get stuck after a
downstream error
* a1c2bb8: vtenc: Make sure draining actually drains all frames, port
fixes from vtdec, unify naming
* 3313eab: vtdec: Fix wrong DPB size check in the output loop
* ab5cead: vtdec: Calculate DTS offset correctly
* 673922a: applemedia: Sort sources list, fix indentation
* 1205741: applemedia: Fix broken HAVE_VIDEOTOOLBOX_10_9_6 define
* c1772be: applemedia: Remove outdated HAVE_VIDEOTOOLBOX define
* 8bcac75: applemedia: Get rid of AVFoundation-related defines
* 68c0b40: avfvideosrc: Small fixes to the plugin header
* 1758e23: applemedia: Small simplifications to the vulkan checks
* 561bfde: dvbsuboverlay: Mark parsed byte array as const
* 69a2c1c: dvbsuboverlay: Add missing bounds checks to the parser
everywhere
* cfb98fe: dvbsuboverlay: Avoid integer overflows and unreasonably
large displays/regions
* fcd957d: libs: jpegparser: boundary checks before copying it
* 8a26fa7: h266parser: Validate tile index bounds in picture partition
parsing
* 080ac76: h266parser: Fix APS ID bounds check in APS parsing
* 00a086a: h266parser: Fix out of bounds write when parsing pic_timing
SEI
* 5285725: h265parser: Validate num_decoding_units_minus1 in pic_timing
SEI
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 6a3b3b6: av1parse: Add the GstAV1ParseStreamFormat enum and helper
functions
* 5b115b5: av1parse: Split the stream format and alignment logic
* 3b7e321: svtav1: fix "Level of parallelism" property type
discrepencies
* 74e26cf: dashsink: test: use playbin3 for DASH playback verification
* b99ef73: dashsink: guard splitmuxsink removal in release_pad during
dispose
* 31a80ef: vulkan: Fix libMoltenVK.dylib not found when installed
* 216d38a: all: GThreadFunc return type fixes
* 9bd09cc: srtpenc: preserve ROC when master key is updated for an
ongoing session
* 7e5161c: av1dec: Enable VIDEO_META and VIDEO_ALIGNMENT for pool
* b72d4cd: av1parse: Fix the consumed typo in _read_leb128
* 47002f8: av1parse: Fix a latent wrong setting of cll in
update_src_caps
* 0426e58: decklinkvideosink: fix element leak in decklink callback
* 16b556c: soundtouch: Only allow up to 192kHz and 16 channels
* 4520fe5: gdppay: Fix null pointer dereference on duplicated caps
event
* cf7ec94: h264parse: Do not update valid DTS and duration
* d850e77: h265parse: Update buffer duration only when it's invalid
* eb67339: vtdec: Store supplemental codec support in a global variable
* fb821c3: onnx: set default pixel-aspect-ratio
* 8e2db48: tflite: set PAR to 1:1 by default
* b5fa0db: vulkan: Clear mutex when GstVulkanImageMemory is freed
* be3a040: h264parser: Fix memory leak in gst_h264_parser_parse_nal()
* 18dd8d6: tsmux: Fix integer overflow in SCTE35 NULL interval
* 95b4388: gst-plugins-bad: update translations
* 07c0ecc: dtls: unregister signal handlers from connection
* e8b7cc0: vp9parse, av1parse: Remove segment clipping to let
downstream handle frame boundaries
* 259d5e7: vtdec: Do not hold the stream lock when pushing out frames
* 72afb2c: nice: Fix leak of nice thread
* 391d843: vulkanvp9dec: Fix case in device-specific factory name
* 09872a7: wasapi2sink: Ignore device errors from default device
* 5d165e6: mxfdemux: reject corrupted index entry
* a277cb4: mxfdemux: add reversed temporal offset bound check
* 384e65b: waylandsink: fix waylandsink crash when call window flush
* 9552c85: wlwindow: fix viewport source outside buffer when play
resolution change stream
* 8320b8d: vtdec: Supplemental VideoToolbox decoders now registered via
vtutil helper
* dea92e8: vkswapper/vksink: Don't advertise unsupported formats
* c8a404b: shm: fix shmsink exit code 1 on clean shutdown
* 5dfb388: wayland: display: Add protection when replacing wl_output
* 0882b60: gst: Fix a couple of const correctness bugs around strchr()
usage
* 5ed6a6d: wasapi2: Log target device information
* b05db6e: sctp: Set number of outgoing & incoming streams to the same
value
* 6e69d47: applemedia/vtdec: handle decoder error status for iOS
* cf067cc: applemedia/vtenc: make sure to NULL terminate the level
string
* 299ffee: vtenc: restart even if VTCompressionSessionCompleteFrames
fails
* a8d3ce8: vtdec: Also reset session when output_callback gets a
kVTVideoDecoderMalfunctionErr
* 63efa3c: waylandsink: Properly reset the tag orientation
* 701194a: nvcodec: Add capability caching to speed up plugin
initialization
* 18851f9: vtdec: Don't leak RGBA64_LE caps during class init
* 327188d: vtdec: Fix incorrect setting of bitfield / flag
* b5af409: vtdec: Invert order of output caps to match our preference
* e265144: macos: Set activation policy in vulkansink (MoltenVK)
* f9cc731: jp2kdecimator: Fix some possible integer overflows in size
checks
* e900fe1: jp2kdecimator: Avoid integer overflows and divisions by zero
on invalid tile configurations
* ad02aae: h264parse: Remove pointless allocation failure handling
* 43a89cd: h264parse: Avoid NULL pointer dereferences when freeing
partially parsed SPS/MVC data
* c2690af: h266parser: Avoid integer overflow when parsing profile /
tier / level
* 845e9cf: av1parse: Avoid signed 32 bit integer overflow when parsing
LEB128 values
* f9d57db: av1parse: Be more explicit about available data when parsing
LEB128 values
* 6e84260: av1parse: Allow G_MAXUINT32 as LEB128 encoded value
* 00d6368: av1parse: Correctly reject LEB128 values where the 8th byte
has the high bit set
* 871ac21: vmncdec: Set cursormask to NULL to prevent double free
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* 99c68cb: meson: Fix libxml2 not building due to wrong option type
* 8388e74: qtdemux: Improve debug output around seek event handling
* db3c0c6: qtdemux: Rename last mention of last_stop to position
* 19e3c57: qtdemux: Set the segment position to the start on EOS in
reverse playback mode
* 5c681d2: v4l2: Add v4l2av1dec stateful decoder support
* 6438539: v4l2: update gst plugins cache
* d3c0283: vpxdec: Support downstream pools with alignment requirements
* 0edccca: qtdemux: Don't ignore flow return when pushing queued
buffers downstream
* ff3edfc: qtdemux: Make sure to not output the same samples multiple
times in reverse playback mode
* d415a2b: qtdemux: Push raw audio/video buffers downstream in reverse
order if rate < 0
* e1c1979: wavpackparse: Parse 32 bit sample rate and channel masks
* 74d8469: wavpackparse: Print hexadecimal numbers with leading zeroes
for easier reading
* d296187: wavpackparse: Sync flags with latest wavpack
* 4ad4418: wavpackparse: Include sample type (int / float / dsd) in the
caps
* 6631df5: wavpackparse: Correctly parse and advertise depth vs. width
* f4d6909: wavpackdec: Set OPEN_NORMALIZE flag to normalize floating
point samples into the [-1,1] range
* 7005bb5: wavpackdec: Allow up to 4096 channels and up to maximum
sample rate
* 7514ac2: wavpackdec: Re-create wavpack decoder on caps changes
* 2cda74a: wavpackdec: Output 24 bit samples as actual 24 bit samples
* 69e76ae: wavpackdec: Allocate output buffer via the base class
* 293e350: wavpackdec: Output 18 and 20 bit as their corresponding
formats
* 4d3bdcb: wavpackenc: Extend caps a bit
* c5143e8: wavpackenc: Map buffer readwrite for channel reordering
* 3db67a3: wavpackenc: Add support for S8/S16/S18/S20/S24/S32 and F32
samples
* 4704dfe: wavpack: Update plugin docs cache
* d333aeb: qml6glsrc: Fix rendering of scene with clipped items
* ee8e500: qml6glsrc: Fix scraping of QQuickWindow content
* 2b09aec: rtpsource: Add locking for receive reports table
* eaadb4d: gst-plugins-good: fix author name: Kentaro Fukuchi
* 0f77771: gst: fix author name: add missing closing angle bracket
* e92f814: rtph263pay: fix author name: where not separated by ','
* 4506913: gst-plugins: fix author name: correct incomplete or wrong
emails
* d125725: gst: also adapt author names in the gst_plugins_cache.json
files
* f68c471: rtpptdemux/rtpssrcdemux: adapt klass "Demux" to "Demuxer"
* 75ae4d7: gstrtspsrc: Set new mki in the encoder upon crypto update
* 09635fe: rtspsrc: Memory leak in gst_rtspsrc_close() when
GST_RTSP_EEOF error occurs
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* 291e479: meson: Deprecate `system = 'ios'` in cross files, use
subsystem
* 88febbc: osxaudio: Stop using HAVE_IOS, use TARGET_OS_* macros
instead
* c3b73e9: qtdemux: Fix out-of-bounds read when parsing PlayReady DRM
UUIDs
* b4558a4: rtpqdm2depay: error out if anyone tries to use this element
* 1171ae8: wavparse: Remove pointless duplicated GST_ROUND_UP_2()
* 3564405: wavparse: Use unsigned integers for data sizes
* c73a1f4: wavparse: Use GST_ROUND_UP_2() in two more places instead of
a manual implementation
* 8822ee3: wavparse: Define maximum chunk size in a single place
* 081484e: wavparse: Avoid integer overflow and out-of-bounds read when
parsing adtl chunks
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 5ee8c64: rtptwcc: fix feedback packet count wrapping at 255
* 216d38a: all: GThreadFunc return type fixes
* 180a877: rtph264depay: fix invalid memory access in
gst_rtp_h264_finish_fragmentation_unit
* d824117: Qt6GLVideoItem: caps update fixed
* d6ed0a0: qtdemux: fix invalid WebVTT timestamps
* b8436bf: wavparse: Avoid overflow in length when setting
ignore-length=true
* 586ff9c: wavparse: Fix parsing of RF64 wave files
* b08a64e: rgvolume: don't apply dBSPL reference level compensation for
LUFS values
* 9ca0bd6: hlsdemux2: fix seekable range for live HLS streams
* 100a0e6: qtdemux: Don't immediately push segment after moov in push
mode for fmp4
* 95919fa: wavenc: Skip writing empty LIST INFO chunk
* e717c43: gst-plugins-good: update translations
* 1ac03ff: qtdemux: fix handling of in-between fragments without tfdt
* 457b197: qtdemux: Preserve Metas and Flags when doing row alignment
* 27a9cc0: qtdemux: Avoid integer overflows when handling transform
matrices
* 1279ec9: qtdemux: Don't store 64 bit integers in 32 bit integers to
avoid overflows
* 0871bb2: qtdemux: Check that big enough stco/stsz are available when
parsing sample tables
* 160bba0: qtdemux: Error out instead of trying to handle a truncated
stts box
* b73c493: audioinvert: fix float truncation in transform_float
* bcc8c6e: qmlglsink: Fix for caps tracking on multiple setCaps calls
* 5ebb94c: qt6: Avoid parsing caps on every buffer
* 49bab9c: qt5: Avoid parsing caps on every buffer
* c4f56c0: rtspsrc: Discard early data in ONVIF mode
* 86e640a: rtspsrc: Fix const-correctness issue around strchr() usage
* 48cefc4: flvmux: fix race condition on caps get and check
* dbd4cb4: qtdemux: Avoid division by zero if 0 audio channels are
signalled
* 10fd1ab: qtdemux: Validate chnl defined layout before using it to
index the layouts array
* 3441881: qtdemux: Avoid out-of-bounds reads and writes of 64 item
audio channel positions array
* dc7ab66: qtdemux: Fix bit pattern check for omitted audio channels
map
* bad6721: qtdemux: Add various integer overflow and bounds checks to
uncompressed video handling
* 8aed48f: flvdemux: Avoid assertions on corrupted streams
* 35a905a: wavparse: Fix integer overflow when checking available
buffer size for reading cues
* 0d819ce: wavparse: Use prepend+reverse instead of append when
building the cues list
* 6db6dd0: matroskademux: Add missing parenthesis when calculating bz2
buffer sizes
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* e2c7b85: input-selector: add pad release stress test
* 6cb0626: input-selector: add test eos for remaining non active pad
* c4f4ad2: typefindfunctions: Promote y4m_typefind
* 62629e5: decodebin3: Ensure input->collection is always coherent
* cad6787: decodebin3: Improve handling collection change on existing
pad
* 7365663: rtp: Add mappings for H266 and AV1 encoding-names
* 3d82e94: base: Fix a couple of new const-ness warnings around
strstr() usage
* 848766d: gl: Fix explicit enabling of EAGL support on iOS
* 47576c7: eagl: Auto-resize when the UIView window is resized
* 4faeb36: audiorate: Handle SEGMENT_DONE the same way as EOS
* 2a7e50c: videodecoder: Handle recovery from temporary reordered
output
* d6fb546: playsink: unref color balance channels with g_object_unref()
* efc09c7: decodebin3: Fix switch to smaller collections
* acbe1ed: rtsp: Validate transport parameter parsing in RFC 2326
* 746553b: glsrcbin: adapt klass "Src" to "Source"
* a02c813: audiodecoder: Only forward gap events immediately if no
frames are pending
* 045b7a0: videodecoder: Move gap event handling into a helper function
* ff28f77: videodecoder: Don't directly forward gap events if the
decoder is not drained
* b1c6307: videofilter: Add VIDEO_ALIGNMENT to downstream pool
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* c6ea1f1: compositor: Do copy_metas also for background frame
* 291e479: meson: Deprecate `system = 'ios'` in cross files, use
subsystem
* d765ba7: eagl: Add support for tvOS
* 507fa0a: gstgl: Fix incorrect usage of G_MODULE_SUFFIX on macOS
* e14eecd: video-converter: Do not transform_metas with 0 width or
height
* 133c200: meson: Fix building of examples/gl/qt/qglwtextureshare
* 377a41d: riff: Correctly check that enough RGB palette data is
available
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* de557ba: glcolorconvert: Fix NULL pointer dereference on buffers
without video meta
* 216d38a: all: GThreadFunc return type fixes
* ecbaac1: rtpbuffer: Add validation for CSRC list length
* 8b1dec6: rtcp: Fix buffer overread in SDES packet parsing
* 3e5ac12: opusenc: Use correct memcpy() size when copying Vorbis
channel positions
* 8b4ea49: video-converter: fix I420/A420/AYUV BGRA/ARGB output on
big-endian
* cad4597: videorate: Fix unrestored caps on backward PTS
* ae535bd: video: fix too small default stride for UYVP with odd widths
* 6c2d5bd: gl: upload: Optimize EGL format check when there is no
context
* 8112ede: gl: upload: Fix linking glupload with restrictive caps
filter
* 5daccd1: gst-plugins-base: update translations
* 69d7aed: compositor: move gst_compositor_init_blend() to element
class_init
* 2f35652: rtsp: gstrtspurl: Parse URL having user without password
* ae8c618: videodecoder: Fix different seqnum error
* 9e4e4a3: audiodecoder: Fix different seqnum error
* 13f2638: base: audioencoder: Remove fixed caps from srcpad
* 9379c4a: exiftag: Unmap buffer if parsing a rational number gives a
zero denominator
* 87c7096: playback: Make sure to check for empty/any caps before
getting the first structure
* add1c1f: parsebin: Remove pointless casts
* 2a437f9: exiftag: Ignore invalid fractions with numerator/denominator
G_MININT
* 9949c53: audio-resampler-neon: read array operand by hand
* d33fc55: subparse: Replace a `g_strv_length()` in a loop header with
more efficient code
* a41cbb4: subparse: Replace regex string matching / replacing with
plain C string parsing
* 3a81eb4: subparse: Fix handling of closing of multi-byte tags
* 12fc1ed: subparse: Avoid NULL-pointer dereferences in mdvdsub parsing
code
* 7617d9e: typefind: Avoid signed 32 bit integer overflow when parsing
AV1 LEB128 values
* b86af52: typefind: Use a byte reader for parsing AV1 bitstreams
* d9c7e28: typefind: Allow G_MAXUINT32 as LEB128 encoded value when
parsing AV1 bitstreams
* 1f78c53: typefind: Remove dead code in AV1 LEB128 parser
* 66044db: exiftag: Use g_malloc() instead of malloc()
* aeef929: exiftag: Add missing bounds check and integer overflow
protections in various places
* e47f697: exiftag: Parse sensitivity value with the correct number of
bits and endianness
* 7f6db3d: subparse: Fix integer overflow when calculating qttext
timestamp
* 5e78c44: audio-resampler-neon: read array operand by hand, part 2
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes since 1.28.0
* b2a3b2e: Back to development after 1.28.0
* f8b4f2a: input-selector: fix race condition selecting next active pad
* 193b858: input-selector: gracefully handle active pad disappearance
* 52f8be4: input-selector: don't consider pad being released checking
for eos
* c711f7c: input-selector: fix regression receiving eos event
* 3d48df2: input-selector: don't wait for active pad when eos
(active-segment mode)
* 583ae1a: typefindhelper: EOS case explained in more details
* 305fb65: gst: Fix a couple of new const-ness warnings around strstr()
usage
* 88cdc0d: ptpclock: Fix potential out-of-bounds read when parsing
ANNOUNCE messages
* 443fb64: ptpclock: Fix copy-paste mistake in error messages
* c520284: ptpclock: Initialize PTP message to avoid invalid
uninitialized variable warning
* f8f0df1: caps: gst_caps_append_structure should not allow NULL
structure
* d08ede5: aggregator: Various introspection annotations / docs fixes
for vfuncs
* 1a98767: filesink: Add debug category to file write helper
* 1f415d1: filesink: Report write error correctly on Windows
* 1aa6b48: multiqueue: reverse playback: use segment stop position as
start time
* c7e0e43: aggregator: Handle gap event before segment
* 816e87b: bitwriter: Steal owned data in reset_and_get_data()
* 7c2da22: tests: bitwriter: Fix leak in test
* 835da19: modules: Remove NEWS from git which is generated from full
release notes
* 201b14e: modules: remove RELEASE from git, will be generated from
template on dist
* 7694a7d: modules: remove subproject README.md from git
* 6376a84: modules: dist common files from monorepo root
* 291e479: meson: Deprecate `system = 'ios'` in cross files, use
subsystem
* d609133: gstcheck: Disable fork on tvOS and watchOS
* 55bea0a: gstreamer: Stop using deprecated G_MODULE_SUFFIX
* 020a8fd: registry: Skip .dSYM bundles when loading plugins, try 2
* d8b40e3: gst-stats: Also allow ANSI colored logs without 0x in front
of the thread id
* c21305a: gst: Add explanatory comment to call_async implementation
* dcb37e2: Release 1.28.1
* 32113a6: Back to development after 1.28.1
* 216d38a: all: GThreadFunc return type fixes
* e76eebd: registry: Skip recursion into and from .dSYM bundles
* 9a94133: filesink: Fix wrong open() in overwrite mode
* 749cbe0: baseparse: Preserve upstream buffer duration if possible
* f71eb59: bin: iterator is not nullable
* 1b3939b: baseparse: Fix out_buffer leak in frame_free and missing ref
in frame_copy
* 1afd273: gstreamer: update translations
* cf7231d: queue: Fix potential use-after-free in log function
* 43421c2: Release 1.28.2
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Wed, 8 Apr 2026 03:20:23 +0000 (05:20 +0200)]
gstreamer1.0: upgrade 1.26.9 -> 1.28.0
0002-tests-add-support-for-install-the-tests.patch
refreshed for 1.28.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Wed, 8 Apr 2026 03:20:21 +0000 (05:20 +0200)]
gstreamer1.0-python: upgrade 1.26.9 -> 1.28.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* The closedcaption plugin no longer depends on cairo and pango.
* Explicitly disable new plugins that require external dependencies:
* hip
* mpeghdec
* tflite
* tflite-edgetpu
* tflite-vsi
* vmaf
* wpe2
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Wed, 8 Apr 2026 03:20:16 +0000 (05:20 +0200)]
gstreamer1.0-libav: upgrade 1.26.9 -> 1.28.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Wed, 8 Apr 2026 03:20:15 +0000 (05:20 +0200)]
gst-examples: upgrade 1.26.9 -> 1.28.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Wed, 8 Apr 2026 03:20:14 +0000 (05:20 +0200)]
gst-devtools: upgrade 1.26.9 -> 1.28.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Xiangyu Chen [Thu, 26 Feb 2026 08:19:37 +0000 (16:19 +0800)]
grub: update search parameter
Grub would report an error message in boot stage as below:
"error: no such device: ((hd0,gpt1)/EFI/BOOT)/EFI/BOOT/grub.cfg"
Consequently, the root variable is not set, and the intended protection
against cross-device configuration loading (the purpose of the original 2014 commit)
is lost.
The most robust fix is to use the --hint parameter.
This separates the search target from the device hint, avoiding
fragile string concatenation and supporting both prefixed and
non-prefixed $cmdpath formats.
Ricardo Salveti [Tue, 31 Mar 2026 22:36:02 +0000 (19:36 -0300)]
busybox: enable mkfs.vfat via config fragment
Enable busybox’s mkfs.vfat (mkdosfs) implementation using a dedicated
mkdosfs.cfg config fragment.
While dosfstools provides mkfs.vfat and is available through
update-alternatives, it is licensed under GPLv3. Busybox also includes a
lightweight mkfs.vfat implementation that is suitable for minimal images
and systems relying primarily on busybox utilities.
Upgrade to latest revision of 1.24.0.
- Drop patches included in this release.
- Add patch to fix test-groff not found in cross-compilation.
- Add patch to use SOURCE_DATE_EPOCH in gropdf for reproducible PDF generation.
- COPYING, LICENSES: Refresh GPLv3 text.
- Fix sample code included in the documentation of the
webkit_user_content_manager_register_script_message_handler()
function.
- Fix MP4 muxing when using GStreamer 1.28.
- Fix WebAudio not resuming correctly after using window.alert()
- Fix WebAudio producing incorrect output in some cases due to
incorrect sample buffer management.
- Fix several crashes and rendering issues.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jörg Sommer [Sat, 28 Mar 2026 21:04:18 +0000 (22:04 +0100)]
icu: Workaround buildpaths QA check, if TMPDIR is /build/tmp
The file udatatst.c really contains the string /build/tmp. When building
with kas-container the build directory is /build and hence the TMPDIR
becomes /build/tmp. This triggers the QA check *buildpaths*. To work around
this, slightly modify the string in the source code.
Fix several issues with double quotes in kernel command line
- Kernel options like 'opt="value"' were breaking the parser,
causing the whole reminder of the command line to be ignored.
The code only supported 'opt="word1 word2..."
- Setting variables without removing quotes in the value
- Setting variables to values with spaces without enclosing
the value with quotes. This caused execution errors evaluating
expressions like:
bootparam_opt=word1 word2
The first fix is particularly needed for people using the kernel
"bootconfig" configuration parameters to add options to the kernel
command line:
This mechanism systematically adds quotes around options
with values, for example:
init="/sbin/preinit"
Without the fix, the wrong init program can be started from the
initramfs and debug messages are ignored when "debug" is
present after "init" in the kernel command line.
For readability and performance sake, also use shell variable operators
instead of "sed" to remove leading and trailing quotes.
Tested both on host and target machines.
With the below kernel command line:
rootwait init="/sbin/preinit" debug root=/dev/mmcblk0p2 console=ttymxc0 dyndbg="file drivers/usb/core/hub.c +pltf" quiet
The following variables are set:
bootparam_rootwait="true"
bootparam_init="/sbin/preinit"
bootparam_root="/dev/mmcblk0p2"
bootparam_debug="true"
bootparam_console="ttymxc0"
bootparam_dyndbg="file drivers/usb/core/hub.c +pltf"
bootparam_quiet="true"
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patrick Wicki [Thu, 26 Mar 2026 16:06:50 +0000 (17:06 +0100)]
systemd: backport fix for tpm2 without efi support
See https://github.com/systemd/systemd/pull/41231 or the patch commit
message for details. The regression affects v259.1 to 259.5 as well as
v260.1. Requested a backport to v259 but for now a patch is needed.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Latest autoconf is splitting long cmd lines in config.status
it generates using sed/awk to have compatibility with
platform like HPUX,Solaris,AIX which is understandable given
autotools try to achieve wider portability, however, this does
mean that in OE builds we might get these newlines added in
places dividing commands including buildpaths in them and the
methods deployed to scrub them from output artifacts will fail
since the string is now on two lines resulting in build QA to
pass but the strings do sneak in affecting reproducibility
one such example is e2tools recipe in meta-filesystems and there
perhaps are more
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As of ghostscript 10.06.0 the build is good with C23[1] and our cross
compiler is 15.2, so we can stop adding -std=gnu17 to the target CFLAGS.
However, our buildtools are currently using GCC 14.2 which has the
interesting behaviour that it has a -std=gnu23 option but does not then
actually claim to support C23:
This then interacts badly with autoconf 2.73 which tells the compiler to
use C23, breaking stdpre.h which handles a number of different
compilers and C standards.
A bug has been filed with ghostscript[2] to try and handle this this
case in the source, but a workaround is to tell the native compiles to
explicitly use C17.
Martin Jansa [Thu, 2 Apr 2026 00:14:58 +0000 (02:14 +0200)]
native/cross: ar wrapper: don't prepend 'D' when @<file> is used
In some cases bazel-native build calls ar with
@<file> - read options from <file>
syntax, where the ar params are generated in *.param file by
separate bazel action before ar is called.
Unfortunately this intercept breaks that syntax by prepending D like:
Don't try to inject D into first line of @<file>, lets assume the caller
uses D already (bazel uses 'rcsD' by default).
* Ar flags for combining object files into archives. If this is not set, it
* defaults to "rcsD".
* TODO(b/37271982): Remove after blaze with ar action_config release
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sets the correct license for the libgcc-src package. Note that even
though the package is not in PACKAGES, it is implicitly added when
PACKAGE_DEBUG_SPLIT_STYLE is "debug-with-srcpkg" (the default). This
was likely not noticed sooner because the fix to allow the code to
detect this was relatively recent in 1816c5a5e7 ("lib/package: Check
incompatible licenses at packaging time")
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Apr 2026 16:23:37 +0000 (17:23 +0100)]
busybox: fix DISTRO_FEATURES detection
Changes to how DISTRO_FEATURES is evaluated meant that busybox was using
a partial DISTRO_FEATURES and thus disabling features it should not be.
This is due to the use of immediate assignments which are evaulated
before the final value is calculated (by anonymous Python in base.bbclass).
Remove entirely DO_IPv4/DO_IPv6 as they're used once, replacing with
inline bb.utils.contains_any().
Remove the immediate assignments to OE_FEATURES/OE_DEL so that they are
evaluated on use. The evaluation is expensive, but it only happens once.
[1] oe-core 159148f4de ("meta: Support opting out of any distro features")
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Apr 2026 21:02:26 +0000 (22:02 +0100)]
classes/sbom-cve-check-recipe: add recipe-scanning class
Add a second sbom-cve-check class that scans the recipe-SBOM, unlike
sbom-cve-check.bbclass which scans specifically an image's SBOM.
In most cases, image-derived SBOM scanning is preferred as this is able
to analyse the actual content of the image, e.g. reporting just the
kernel issues that have actually been compiled into the image (for
linux-yocto 6.18.19, this reduces the CVE count from 108 to 52).
However, for metrics or other specific purposes it might be useful to
scan a recipe-SPDX, so add a class that can do this.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 7 Apr 2026 21:02:25 +0000 (22:02 +0100)]
classes/sbom-cve-check: extract common functionality to a -common.bbclass
Extract the common configuration variables and run_sbom_cve_check() that
actually invokes sbom-cve-check to a separate class, so that other
classes that are not tied to image generation can use the same logic.
No code changes, just movement.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Benjamin Robin [Tue, 7 Apr 2026 21:02:21 +0000 (22:02 +0100)]
sbom-cve-check-update-db: Fix unpack removing other databases
Previously, `UNPACKDIR` was set to `${SBOM_CVE_CHECK_DEPLOY_DB_DIR}`,
which points to the `./databases/` directory and may contain multiple
databases. Since `do_unpack` cleans the `${UNPACKDIR}` directory,
`UNPACKDIR` must only contain a single database.
To address this, set `UNPACKDIR` to
`${SBOM_CVE_CHECK_DEPLOY_DB_DIR}/${SBOM_CVE_CHECK_DB_NAME}` and
configure `destsuffix` to an empty string. However, it is currently not
possible to set `BB_GIT_DEFAULT_DESTSUFFIX` to an empty string, so
`destsuffix` is configured through the SRC_URI instead.
Signed-off-by: Benjamin Robin <benjamin.robin@bootlin.com> Tested-by: Antonin Godard <antonin.godard@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The `do_populate_lic` task was failing because it runs after `do_patch`,
but the indirect dependency on `do_unpack` was lost when the `do_patch`
task was deleted.
It is safe, and even preferable, to retain the `do_patch` task, as this
allows users to apply patches to their CVE databases.
When "wic create ..." is invoked with a bare *wks name (i.e. without the
`.wks` extension), wic calls engine.py:find_canned_images() to find the
fully qualified *wks file. This function searches every directory formed by:
- permutating all BBLAYERS with `/wic`
- permutating all BBLAYERS with `/scripts/lib/wic/canned-wks`
- checking `<scripts_path>/lib/wic/canned-wks`
Where `<scripts_path>` is the directory containing the wic program.
When wic is part of oe-core, the last search path succeeds in finding
the canned *wks files in `<topdir>/scripts/lib/wic/canned-wks` (since
the wic program is found in oe-core's `<topdir>/scripts` directory, and
`<topdir>/scripts` is not a BBLAYER).
However, once wic is removed from oe-core, this algorithm will not find
these bare *wks files in any of the above-mentioned search paths since
the oe-core layer will no longer be the home of the wic program, and the
canned *wks files are not located in any directory relative to BBLAYERS.
Since these *wks files are specific to oe-core's meta layer, they should
stay with this layer. Therefore move the *wks files so they exist in one
of the locations searched relative to oe-core/meta's BBLAYERS.
NOTE: this patch is in preparation for removing wic from oe-core
the wic oe-selftests work fine with this patch being added now
[RP: Updated meta/wic -> meta/files/wic] Reviewed-by: Bruce Ashfield <bruce.ashfield@gmail.com> Reviewed-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
