systemd_user_unitdir is the right variable to use
Fixes
ERROR: xdg-user-dirs-0.19-r0 do_package: QA Issue: xdg-user-dirs: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/systemd
/usr/lib/systemd/user
/usr/lib/systemd/user/xdg-user-dirs.service
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
xdg-user-dirs: 4 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fixes:
ERROR: nodejs-22.21.1-r0 do_patch: Applying patch '0001-deps-disable-io_uring-support-in-libuv.patch' on target directory '/build/tmp/work/core2-32-poky-linux/nodejs/22.21.1/sources/node-v22.21.1'
CmdError('quilt --quiltrc /build/tmp/work/core2-32-poky-linux/nodejs/22.21.1/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch 0001-deps-disable-io_uring-support-in-libuv.patch
can't find file to patch at input line 27
The sources which related to libuv as deps/uv/ are removed in prune_sources
when depends on libuv.
So postpone prune_sources execute at do_patch phase to fix the gap.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the December 2025 security release that the nodejs team released
January 13, 2026.
3 high severity issues.
4 medium severity issues.
1 low severity issue.
High priority fixes:
CVE-2025-55131
CVE-2025-55130
CVE-2025-59465
Medium priority fixes:
CVE-2025-59466
CVE-2025-59464
CVE-2026-21636 *
CVE-2026-21637
Low priority fixes:
CVE-2025-55132
* note that this medium priority CVE only effects Nodejs v25.
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Add an extra check for completeness only.
- Fix a signed integer overflow which could trigger a FPE_INTOVF
- Fix Microsoft'2 MHC2 private tag
- Added projects for XCode 26 & Visual Studio 2026
- Added documentation for PCS illuminants and chromatic adaptation
- Check for a possible out-of-bounds in softproofing transforms when using cmsCreateExtendedTransform
- Fix for a out-of-bound read, issue #522
- Add an extra check for out-of-bounds read when misusing a support function
- avoid divide by zero, special case from spec. notes on CAM02
- Fix CGATS parser bug when number has a "+" sign
- Fix a typo when handling a special case for BPC
- Fixed a loss of precision when Lab16 is used as input color space on integer transforms
- Fixes hypotetical corrupted pointer in non-happy path. Cannot happen in real world
- Fix a theoretical memory leak.
- Add support of localized descriptions in v2 profiles for MacOS
- Mark some tables as const
- Make the param of cmsCreateLab4Profile() to refer to the media white instead of the illuminant
- fix a warning in unit tests
- Remove redundant check. Fixes#497
- Update autotools
- fix plugins soname + add oklab to transicc (experimental)
- meson: ability to disable .so.version libraries
- Fix black point detection when using darker colorant.
- testcms2.c: Fix incorrect string comparisons
- Fix CICp tag size.
- Fix broken linkicc
- meson: Bump minimum Meson version to 0.52 for visibility:hidden
- meson: Disable unused fs import
- Add a guard against a wrong use of flags
- Fix for #469 heap buffer overflow on convert_utf16_to_utf32()
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog
Features:
* Add a systemd service to run xdg-user-dirs-update
* Add initial Meson buildsystem support
Bugfixes:
* Fix autopoint invocation
Miscellaneous:
* Updated translations
* Update automake boilerplate
* Update information in README
2. Add pkgconfig to solvo following configure error:
../sources/xdg-user-dirs-0.19/configure: line 9319: syntax error near unexpected token `systemd,'
../sources/xdg-user-dirs-0.19/configure: line 9319: `PKG_CHECK_EXISTS(systemd,'
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Disable build-testing for now, as this would require 'googletest' dependency
v1.4.6
References | Description | Author(s)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The old SRC_URI stopped working (its certificate expired), and the recipe
defaulted to OE mirrors.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with "xerces-c\+\+" (sic).
See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2;
apache|xerces-c\+\+|29
apache|xerces-j|2
apache|xerces2_java|3
redhat|xerces|3
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.Changelogs
https://github.com/opencv/opencv/wiki/OpenCV-Change-Logs#version4130
2.Remove following patches as they have been merged in upstream.
27691.patch
0001-Renamed-templated-BlocksCompensator-feed-method-to-e.patch
3.After upgrading to 4.13.0, WITH_KLEIDICV is ON as default in aarch64,
so build kleidicv along with openCV in aarch64.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with underscore in their name.
See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%boinc%' group by 1, 2;
berkeley|boinc_client|2
berkeley|boinc_forum|1
universityofcalifornia|boinc_client|165
universityofcalifornia|boinc_server|5
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs are tracked with an underscore in the product name:
sqlite> select * from PRODUCTs where product like '%async%mq%';
CVE-2025-65503|redboltz|async_mqtt|10.2.5|=||
This patch sets the correct CVE_PRODUCT.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Lennart Poettering stopped maintaining libcanberra over a decade ago but it is still
maintained by the debian gnome-team.
Most notable improvement is that building the libcanberra-gtk3-module doesn't depend
on gtk2 anymore and thus libcanberra isn't dependent on x11 to build support for gtk3
- fetch source from salsa.debian.org, use git for it
- remove outdated patches
- dont build gtk+ module by default anymore
- simplify packaging
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are associated with usc:cereal CPE.
See CVE db query:
sqlite> select * from PRODUCTS where PRODUCT like '%cereal%';
CVE-2020-11104|usc|cereal|||1.3.0|<=
CVE-2020-11105|usc|cereal|||1.3.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
FEX Release FEX-2601
ARM64Emitter
Force NOP padding to be enabled (9e8915e)
Arm64Emitter
Initial work for LoadConstant padding audit (d582356)
BranchOps
Use RIP relocs for direct branch targets (c57df73)
CMake
Move CMakeModules to Data/CMake (651ef64)
Fix mingw if host has libxxhash-dev installed (900c179)
Support overriding version/hash via CMake args (19d3450)
CodeCache
Fix misparenthesized expression in SaveData() (9101e70)
Rebase block entrypoint info (5747d1c)
Make LoadData Thread argument an optional pointer (bc069f2)
Implement automatic cache generation (eb425fe)
Implement runtime cache validation (93f6a8c)
Trigger delayed cache loading for the main executables and its interpreter (71c8436)
Implement cache loading (ec67670)
Common
Use LOCALAPPDATA for GetCacheDirectory on WOW64/ARM64EC (499970d)
Config
Remove stdout from OutputLog (e1c6a91)
Dispatcher
Silence warning on ARM64EC (9a12868)
FEXCore
Cleanup pointers structure (b29a78c)
Fixes circular dependency with thunk callback (5627ddf)
Switch constant emission to default to NoPad (2b4492c)
Revert literal optimization from #4884 (da46d51)
FEXOfflineCompiler
Implement SyscallHandler::LookupExecutableFileSection (5ca549e)
FEXServer
Add protocol interface to request code cache population (805a4c1)
Frontend
Only decode REX if it is at the correct location (c8d72ea)
Also fetch relocations and section bounds when validating (0a18ea8)
ImageTracker
Load AOT images (a3779be)
Load PE relocations when generating code caches (b87bb1d)
Support codemap file generation (c54dfd9)
Track loaded PE images for LookupExecutableFileSection (212a3f4)
Interpreter
Moves around the thread and ELF initialization code (ed1d495)
JIT
Fixes typo (c4258be)
LinuxSyscalls
x32
Fixes fcntl assert (6c06f47)
LookupCache
Fix mistake in nested CacheBlockMapping call (a957f1f)
OpcodeDispatcher
Explicitly calculate flags after _TelemetrySetValue (281981e)
Relocations
Disable 6-byte size optimization in InsertGuestRIPMove (c7eb4c8)
Switch to robin_map to improve lookup perf (4889596)
SHMStats
Avoid ISB usage when stats are disabled (6a49b8c)
Scripts
Have InstallFEX check kernel version (b407688)
Steam
Don't let the FEXServer inherit FEXServerManager's original stdout (53925dc)
Syscalls
Fix DEBUG_STRACE printing (e859109)
Thunks
Vulkan
Update for v1.4.337 (668e027)
Tools
pidof
Fixes FEXpidof after #5097 (7e4e017)
VDSO
Forgot to remove a if check (144c4bf)
WOW64
Lock the JIT context and block suspend during context operations (a25d90d)
WinAPI
Implement Sleep (37b0e9e)
Windows
Improve handling of RWX memory (d592e2a)
Invalidate code in freed memory after the free syscall (cb7de45)
Fix RtlWaitOnAddress signature (f098b41)
Implement _[w]sopen file APIs (f819999)
Introduce ImageTracker for tracking per-loaded-image data (dc764db)
Switch GetSection/ExecutableFilePath to returning full paths (956f97e)
Split out CRT/WinAPI reimplementation (ebdbf58)
WritePriorityMutex
Add some more documentation (9fa8148)
Fix rare case of dropped read waiter wakes (ce9824a)
Misc
[cmake] explicit platform and bit-width checks (dbd802c)
[cmake] more parenthesis cleanups, linker gc module, more same-line stuff (1f6b3d5)
[cmake] refactor: compiler and architecture handling (51f6722)
[cmake] better option descriptions + more consistent language (9c0c969)
Constant audit (fd2ee4e)
_Constant audit (851fbae)
First round of LoadConstant auditing (5bbbe4d)
[cmake] Use a Find module for xxhash (5a47565)
[cmake] do not use uppercase command names (f24f88e)
[cmake] reduce usage of trivial variables (0edf961)
[cmake] prefer end parenthesis on same line, no space after some calls (b41b967)
[cmake] FEXCore: further reduce library redundancy (f153d86)
[cmake] propagate -ISource to all Tools (bd8f6f1)
[cmake] use MINGW builtin rather than custom detection (7cdef04)
Some minor NFC (974ba78)
Guest relocation support (fef1993)
Various trivial fixes for #5106 (296988b)
code-format-helper: Update urllib3 dependency (2e2563a)
github
steamrt4
Additional comments (bf9ab7f)
unittests
ASM
Adds test for flags clobber in TelemetrySetValue (eb27576)
Test 32-bit displacement encoding (d197300)
FEXLinuxTests
Fix gcc build (fedebf4)
Force clang building for tests (62383a1)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
All relevant CVEs are files against these CPEs.
See CVE db query (zediious vendor is not relevant):
sqlite> select * from PRODUCTs where PRODUCT like '%raptor%' and vendor <> 'symantec' and product <> 'velociraptor';
CVE-2012-0037|librdf|raptor|||2.0.7|<
CVE-2017-18926|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2020-25713|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2023-49078|zediious|raptor-web|0.4.4|=||
CVE-2024-57822|librdf|raptor_rdf_syntax_library|||2.0.16|<=
CVE-2024-57823|librdf|raptor_rdf_syntax_library|||2.0.16|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- switch to meson buildsystem
- pavucontrol now requires gtk4 and thus requires gpu acceleration
- remove patch. Meanwhile libcanberra is optional and build doesn't
fail without anymore
- pavucontrol was migrated from intltool to gettext
- add packageconfigs for libcanberra and lynx to have both disabled
by default
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Y4M loader: add support for 10-bit 4:4:4
- Y4M loader: add support for 10-bit 4:2:2
- Y4M loader: add example for 8-bit mono
- Y4M loader: add support for 10-bit mono
- Y4M loader: fix support for full-range mono
- Y4M loader: fix support for odd dimensions
- Y4M loader: add support for 12/14/16-bit mono
- test/images: Remove intermediate generated file
- imlib2_view: Set title
- imlib2_view: Scale image when resizing window
- imlib2_view: A couple of fixes to previous commit
- test_load_2: Add new y4m test images
- test_load_2: Add more new y4m test images
- test_load_2: Add more new y4m test images
- autofoo: Use AM_LIBTOOLFLAGS, not LIBTOOLFLAGS
- gradients: Fix rendering of gradients in larger images
- imlib2_conv: Fix constness warning
- gradients: Better gradients with angles
- Compile cleanly with -Wdouble-promotion
- XPM loader: Add missing progress callback on incomplete image data
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Build fails for qemuarm with musl with following error:
/build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc
| error: out of range pc-relative fixup value
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Build fails for qemuarm with musl with following error:
mozglue/misc/StackWalk.o: in function `unwind_callback(_Unwind_Context*, void*)':
| /usr/src/debug/mozjs-128/128.5.2/mozglue/misc/StackWalk.cpp:810:(.text._ZL15unwind_callbackP15_Unwind_ContextPv+0x4): undefined reference to `_Unwind_GetIP'
Referenced commit[1] for the fix, also refreshed patches.
[1] bb86629123
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: updated contributors.
Changelog:
==========
- Bump bundled {fmt} library to 12.1.0
- Fix the %z formatter (UTC offset):
- Windows: Replaced implementation for better accuracy and speed
- FreeBSD: Fixed incorrect implementation
- Fixed issue where the offset was not displaying as +00:00 when the formatter
was configured to show UTC time.
- Removed unreliable fallback for Unix systems lacking tm_gmtoff. If
compilation fails on such platforms, use SPDLOG_NO_TZ_OFFSET=ON (%z will
display +??:?? instead of compilation error).
- Set CMAKE_BUILD_TYPE only in top-level project
- Change access scope for ANSI target_file_ from private to protected
- Fix UWP detection
- Fix include <fcntl.h> in tcp_client.h to avoid compilation failures
- Tests: Fix unit tests to respect default level names
- Docs: Fix misleading comment in blocking_queue header
- Fix sign-compare warning
- Fix sign conversion warnings in qt_sinks.h
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Features
---------
Added timestamp helper commands
Use separate thread for saving session data
Run multiple session save requests in parallel
Changed magnet metadata handling and added 'magnet.path.set'
Optimizations
-------------
Use map rather than vector for Poll tables
Bug Fixes
-----------
Convert IPv4in6 addresses to IPv4 in outgoing handshakes
Force clear bitfield ranges of downloads that get hashed
Use CURLOPT_CLOSESOCKETFUNCTION to properly handle libcurl closing sockets before CURL_POLL_REMOVE
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Build:
** New "-Dmbim_groupname=<name>" meson build option to restrict MBIM kernel
device access to a given Unix group and root. The access check works
in parallel to the "-Dmbim_username" option; passing either check allows
access to the kernel device (eg, logical OR).
* New Intel AT Tunnel service, including the following operations:
* MBIM_CID_INTEL_AT_TUNNEL_AT_COMMAND
* Extended the SMS service:
* MBIM_CID_SMS_CONFIGURATION now supports notifications
* mbimcli:
** New '--sms-query-configuration' and '--sms-query-message-store-status'
actions
** New '--atds-query-rat' and '--atds-query-operators' actions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Replace pass 5 of copying with a sweeping phase after trimming.
* New option '-N, --no-sweep' to disable reading of skipped areas.
Reassign short name '-N' from option '--no-trim' to '--no-sweep'.
* main.cc. Make '--size=output' use the size of outfile.
(do_rescue): Make '-x 0' extend outfile to size of infile.
* main_common.cc (strtoll_): New function accepting underscores.
* rescuebook.cc (fcopy_non_tried, rcopy_non_tried): Limit pass 2 to
blocks adjacent to a finished block. (Delimit bad area as a whole).
(trim_errors): Trim only edges adjacent to a finished block.
Initial skip size now defaults to (infile_size / 32_768).
Only retrim blocks adjacent to a non-tried or finished block.
(update_rates): Don't force update of a_rate, c_rate, ts.
(Rescuebook): Estimate remaining time from last 60 seconds.
* genbook.cc (format_time), loggers.cc (format_time_dhms): Add years.
* loggers.cc (Event_logger): Add finished_size, a_rate, read errors.
* ddrescuelog.cc: New option '-H, --make-test'.
* ddrescue.texi: Document rescue with lziprecover's recovery record.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
During the compile step, CMake will attempt to generate a test
certificate with openssl-native using a hard-coded path to the openssl
config:
openssl req -config /etc/ssl/openssl.cnf ...
Thus using the build host's openssl config. If the build host's openssl
is configured with options that openssl-native does not understand or
accept, the test certificate will not be generated:
[log.do_configure on openSUSE 16.0]
Searching for OpenSSL executable and dlls
OpenSSL executable: .../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/recipe-sysroot-native/usr/bin/openssl
GENCERTS = 1
Generating SSL Certificates for the test-server...
Error configuring OpenSSL modules
4037413D467F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../sources/openssl-3.5.4/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes
4037413D467F0000:error:0700006D:configuration file routines:module_run:module initialization error:../sources/openssl-3.5.4/crypto/conf/conf_mod.c:288:module=alg_section, value=evp_properties retcode=-1
CMake Warning at lib/tls/CMakeLists.txt:528 (message):
!!! Failed to generate SSL certificate for Test Server!!!:
OpenSSL return code = 1
and the subsequent do_install() step will fail:
| CMake Error at test-apps/cmake_install.cmake:126 (file):
| file INSTALL cannot find
| ".../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/build/libwebsockets-test-server.key.pem":
| No such file or directory.
ERROR: Task (.../layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.2.bb:do_install) failed with exit code '1'
Fix the location where CMake looks for the openssl.cnf file in order
to use the one that comes with the openssl-native that will be used to
generate the certificate. Thus ensuring that they are in step in terms
of which configuration options will be acceptable.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
