The CVEs are tracked with an underscore in the product name:
sqlite> select * from PRODUCTs where product like '%async%mq%';
CVE-2025-65503|redboltz|async_mqtt|10.2.5|=||
This patch sets the correct CVE_PRODUCT.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/nanomsg/nanomsg/releases/tag/1.2.2
Drop 0001-allow-build-with-cmake-4.patch as the issue has been fixed
upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tests take less than a second to execute.
The current source distribution is missing a test file,
which I added with a patch. The problem is already solved
by upstream just not tagged yet - the patch can be dropped
with the next update.
Sample output:
root@qemux86-64:~# ptest-runner
START: ptest-runner
2026-01-09T17:11
BEGIN: /usr/lib/python3-send2trash/ptest
SKIP: tests/test_plat_win.py:tests/test_plat_win.py # SKIP Skipping windows-only tests
PASS: tests/test_plat_other.py:test_trash
PASS: tests/test_plat_other.py:test_multitrash
PASS: tests/test_plat_other.py:test_trash_bytes
PASS: tests/test_plat_other.py:test_trash_unicode
PASS: tests/test_plat_other.py:test_trash_topdir
PASS: tests/test_plat_other.py:test_trash_topdir_fallback
PASS: tests/test_plat_other.py:test_trash_topdir_failure
PASS: tests/test_plat_other.py:test_trash_symlink
PASS: tests/test_script_main.py:test_trash
PASS: tests/test_script_main.py:test_no_args
============================================================================
Testsuite summary
DURATION: 1
END: /usr/lib/python3-send2trash/ptest
2026-01-09T17:11
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Lennart Poettering stopped maintaining libcanberra over a decade ago but it is still
maintained by the debian gnome-team.
Most notable improvement is that building the libcanberra-gtk3-module doesn't depend
on gtk2 anymore and thus libcanberra isn't dependent on x11 to build support for gtk3
- fetch source from salsa.debian.org, use git for it
- remove outdated patches
- dont build gtk+ module by default anymore
- simplify packaging
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 8.5:
Breaking changes:
- The option --lcov-test-name doesn't accept values with spaces
anymore.
- The option --lcov-format-1.x is deprecated and mapped to
--lcov-format-version=1.x.
- Changes to HTML templates.
New features and notable changes:
- Due to added support for LLVM source based code coverage format
some configuration file keys got changed. The old gcov named
options are still supported but they also affect the LLVM
toolchain.
Bug fixes and small improvements:
- Fix coveralls report if there are several coverage elements per
line.
- Fix not excluded conditions if branches are excluded by comments.
- Fix reported excluded branches in LCOV report.
- Fix exclusion filter --gcov-exclude.
- Add --json-trace-data-source to include the trace data source in
the JSON report independent from --verbose.
- Remove generated gcov files on error and catch additional gcov
error message.
- Change default HTML theme excluded line color.
- Move theme colors to a separate CSS file so they can be overridden
with a simple --html-template-dir directory with only the
style.colors.css file.
- Fix regular expression for detecting a version mismatch between
gcc and gcov.
- Improve logging messages for GCOV execution errors to not print
information twice and add trace messages for gcov execution.
- Fix handling of lines after function specialization.
- Improve performance by changing logging messages (level and lazy
interpolation).
- Fix text report for covered decisions.
- Fix runtime problem introduced with 8.4.
- Fix wrong entries in data source attribute of JSON report.
- Fix nested HTML report without coverage data.
- Add warning if coverage data is empty.
- Add warning if function lines are missing in external generated
GCOV files.
- Extend support for zipped reports. If last suffix is .xz then
LZMA is used to compress the report.
- Fix function exclusion in report generation.
- Do not ignore lines without functions, e.g. from inlined code.
- Ignore all whitespaces instead of only spaces for detection of
noncode lines.
- Add support for temporary merging line coverage objects without
modifying the data model.
- Change internal behavior of --exclude-function-lines to exclude
the line of function definition instead of removing it completely.
- Ensure that all functions have a line coverage element in LCOV
report.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.3.0:
- Add arguments validation for schemas and validation methods (by
validation contexts)
- Add custom XPath parser for find/findall/iterfind APIs on schemas
for match singleton sequence also if position is a number greater
than 1 in predicate expression
- Improve build of XSD elements and groups, using a three-state
built flag for components
- Extend and fix memory tests (Python 3.14+ seems to consume more
memory)
- Drop support for Python 3.9 and add development support for
Python 3.15
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2025.12.0:
- fsspec.parquet to support filters and multiple files
- passing withdirs in aync _glob()
- fix _rm_file/_rm redirection in async
- allow arrowFile to be seekable
- add size attribute to arrowFile
- support py3.14 and drop 3.9
- avoid ruff warning
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.21.1:
- Fix escaping in help text when rich is installed but not used.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825
The Debian bugtracker[1] indicated that the issue is tracked by
upstream in github[2] (with a difference CVE ID, but same issue),
where the vulnerability was confirmed. Later in the same github issue
the solution is confirmed: the project switched to use the requests
library, which doesn't suffer from this vulnerability.
Due to this mark the CVE as patched.
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444
[2]: https://github.com/tweepy/tweepy/issues/279
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694
The vulnerability was reported to the project[1], and the commit[2] that
resolved the issue has been part of the project since version 0.11.7.
Mark the CVE as patched due to this.
[1]: https://github.com/Kludex/uvicorn/issues/723
[2]: 895807f94e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are associated with usc:cereal CPE.
See CVE db query:
sqlite> select * from PRODUCTS where PRODUCT like '%cereal%';
CVE-2020-11104|usc|cereal|||1.3.0|<=
CVE-2020-11105|usc|cereal|||1.3.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Dont remove libcanberra dependency. Meanwhile it can be built without
pulling in gtk2
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
FEX Release FEX-2601
ARM64Emitter
Force NOP padding to be enabled (9e8915e)
Arm64Emitter
Initial work for LoadConstant padding audit (d582356)
BranchOps
Use RIP relocs for direct branch targets (c57df73)
CMake
Move CMakeModules to Data/CMake (651ef64)
Fix mingw if host has libxxhash-dev installed (900c179)
Support overriding version/hash via CMake args (19d3450)
CodeCache
Fix misparenthesized expression in SaveData() (9101e70)
Rebase block entrypoint info (5747d1c)
Make LoadData Thread argument an optional pointer (bc069f2)
Implement automatic cache generation (eb425fe)
Implement runtime cache validation (93f6a8c)
Trigger delayed cache loading for the main executables and its interpreter (71c8436)
Implement cache loading (ec67670)
Common
Use LOCALAPPDATA for GetCacheDirectory on WOW64/ARM64EC (499970d)
Config
Remove stdout from OutputLog (e1c6a91)
Dispatcher
Silence warning on ARM64EC (9a12868)
FEXCore
Cleanup pointers structure (b29a78c)
Fixes circular dependency with thunk callback (5627ddf)
Switch constant emission to default to NoPad (2b4492c)
Revert literal optimization from #4884 (da46d51)
FEXOfflineCompiler
Implement SyscallHandler::LookupExecutableFileSection (5ca549e)
FEXServer
Add protocol interface to request code cache population (805a4c1)
Frontend
Only decode REX if it is at the correct location (c8d72ea)
Also fetch relocations and section bounds when validating (0a18ea8)
ImageTracker
Load AOT images (a3779be)
Load PE relocations when generating code caches (b87bb1d)
Support codemap file generation (c54dfd9)
Track loaded PE images for LookupExecutableFileSection (212a3f4)
Interpreter
Moves around the thread and ELF initialization code (ed1d495)
JIT
Fixes typo (c4258be)
LinuxSyscalls
x32
Fixes fcntl assert (6c06f47)
LookupCache
Fix mistake in nested CacheBlockMapping call (a957f1f)
OpcodeDispatcher
Explicitly calculate flags after _TelemetrySetValue (281981e)
Relocations
Disable 6-byte size optimization in InsertGuestRIPMove (c7eb4c8)
Switch to robin_map to improve lookup perf (4889596)
SHMStats
Avoid ISB usage when stats are disabled (6a49b8c)
Scripts
Have InstallFEX check kernel version (b407688)
Steam
Don't let the FEXServer inherit FEXServerManager's original stdout (53925dc)
Syscalls
Fix DEBUG_STRACE printing (e859109)
Thunks
Vulkan
Update for v1.4.337 (668e027)
Tools
pidof
Fixes FEXpidof after #5097 (7e4e017)
VDSO
Forgot to remove a if check (144c4bf)
WOW64
Lock the JIT context and block suspend during context operations (a25d90d)
WinAPI
Implement Sleep (37b0e9e)
Windows
Improve handling of RWX memory (d592e2a)
Invalidate code in freed memory after the free syscall (cb7de45)
Fix RtlWaitOnAddress signature (f098b41)
Implement _[w]sopen file APIs (f819999)
Introduce ImageTracker for tracking per-loaded-image data (dc764db)
Switch GetSection/ExecutableFilePath to returning full paths (956f97e)
Split out CRT/WinAPI reimplementation (ebdbf58)
WritePriorityMutex
Add some more documentation (9fa8148)
Fix rare case of dropped read waiter wakes (ce9824a)
Misc
[cmake] explicit platform and bit-width checks (dbd802c)
[cmake] more parenthesis cleanups, linker gc module, more same-line stuff (1f6b3d5)
[cmake] refactor: compiler and architecture handling (51f6722)
[cmake] better option descriptions + more consistent language (9c0c969)
Constant audit (fd2ee4e)
_Constant audit (851fbae)
First round of LoadConstant auditing (5bbbe4d)
[cmake] Use a Find module for xxhash (5a47565)
[cmake] do not use uppercase command names (f24f88e)
[cmake] reduce usage of trivial variables (0edf961)
[cmake] prefer end parenthesis on same line, no space after some calls (b41b967)
[cmake] FEXCore: further reduce library redundancy (f153d86)
[cmake] propagate -ISource to all Tools (bd8f6f1)
[cmake] use MINGW builtin rather than custom detection (7cdef04)
Some minor NFC (974ba78)
Guest relocation support (fef1993)
Various trivial fixes for #5106 (296988b)
code-format-helper: Update urllib3 dependency (2e2563a)
github
steamrt4
Additional comments (bf9ab7f)
unittests
ASM
Adds test for flags clobber in TelemetrySetValue (eb27576)
Test 32-bit displacement encoding (d197300)
FEXLinuxTests
Fix gcc build (fedebf4)
Force clang building for tests (62383a1)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
All relevant CVEs are files against these CPEs.
See CVE db query (zediious vendor is not relevant):
sqlite> select * from PRODUCTs where PRODUCT like '%raptor%' and vendor <> 'symantec' and product <> 'velociraptor';
CVE-2012-0037|librdf|raptor|||2.0.7|<
CVE-2017-18926|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2020-25713|librdf|raptor_rdf_syntax_library|2.0.15|=||
CVE-2023-49078|zediious|raptor-web|0.4.4|=||
CVE-2024-57822|librdf|raptor_rdf_syntax_library|||2.0.16|<=
CVE-2024-57823|librdf|raptor_rdf_syntax_library|||2.0.16|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- switch to meson buildsystem
- pavucontrol now requires gtk4 and thus requires gpu acceleration
- remove patch. Meanwhile libcanberra is optional and build doesn't
fail without anymore
- pavucontrol was migrated from intltool to gettext
- add packageconfigs for libcanberra and lynx to have both disabled
by default
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
'pavucontrol-6' requires gtk4 and thus also needs gpu acceleration
Only recommend to install pavucontrol if it would run
- remove x11 from DISTRO_FEATURES. There's no direct dependency on it
- add PACKAFECONFIG for libcanberra
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Y4M loader: add support for 10-bit 4:4:4
- Y4M loader: add support for 10-bit 4:2:2
- Y4M loader: add example for 8-bit mono
- Y4M loader: add support for 10-bit mono
- Y4M loader: fix support for full-range mono
- Y4M loader: fix support for odd dimensions
- Y4M loader: add support for 12/14/16-bit mono
- test/images: Remove intermediate generated file
- imlib2_view: Set title
- imlib2_view: Scale image when resizing window
- imlib2_view: A couple of fixes to previous commit
- test_load_2: Add new y4m test images
- test_load_2: Add more new y4m test images
- test_load_2: Add more new y4m test images
- autofoo: Use AM_LIBTOOLFLAGS, not LIBTOOLFLAGS
- gradients: Fix rendering of gradients in larger images
- imlib2_conv: Fix constness warning
- gradients: Better gradients with angles
- Compile cleanly with -Wdouble-promotion
- XPM loader: Add missing progress callback on incomplete image data
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Hypothesis Python module applies a 200ms default timeout value on
the tests, that can be violated too easily in qemu without kvm support.
Hypothesis however also has a feature, that in case it is running in a CI
environment, it expects that the host has more load, and it removes this
deadline.
To switch to the CI profile and relax the execution timeouts, this patch
defines the "CI" environment variable in the run-ptest script.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Build fails for qemuarm with musl with following error:
/build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc
| error: out of range pc-relative fixup value
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Build fails for qemuarm with musl with following error:
mozglue/misc/StackWalk.o: in function `unwind_callback(_Unwind_Context*, void*)':
| /usr/src/debug/mozjs-128/128.5.2/mozglue/misc/StackWalk.cpp:810:(.text._ZL15unwind_callbackP15_Unwind_ContextPv+0x4): undefined reference to `_Unwind_GetIP'
Referenced commit[1] for the fix, also refreshed patches.
[1] bb86629123
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0
[1]: 84c53958de
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: updated contributors.
Changelog:
==========
- Bump bundled {fmt} library to 12.1.0
- Fix the %z formatter (UTC offset):
- Windows: Replaced implementation for better accuracy and speed
- FreeBSD: Fixed incorrect implementation
- Fixed issue where the offset was not displaying as +00:00 when the formatter
was configured to show UTC time.
- Removed unreliable fallback for Unix systems lacking tm_gmtoff. If
compilation fails on such platforms, use SPDLOG_NO_TZ_OFFSET=ON (%z will
display +??:?? instead of compilation error).
- Set CMAKE_BUILD_TYPE only in top-level project
- Change access scope for ANSI target_file_ from private to protected
- Fix UWP detection
- Fix include <fcntl.h> in tcp_client.h to avoid compilation failures
- Tests: Fix unit tests to respect default level names
- Docs: Fix misleading comment in blocking_queue header
- Fix sign-compare warning
- Fix sign conversion warnings in qt_sinks.h
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Features
---------
Added timestamp helper commands
Use separate thread for saving session data
Run multiple session save requests in parallel
Changed magnet metadata handling and added 'magnet.path.set'
Optimizations
-------------
Use map rather than vector for Poll tables
Bug Fixes
-----------
Convert IPv4in6 addresses to IPv4 in outgoing handshakes
Force clear bitfield ranges of downloads that get hashed
Use CURLOPT_CLOSESOCKETFUNCTION to properly handle libcurl closing sockets before CURL_POLL_REMOVE
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Build:
** New "-Dmbim_groupname=<name>" meson build option to restrict MBIM kernel
device access to a given Unix group and root. The access check works
in parallel to the "-Dmbim_username" option; passing either check allows
access to the kernel device (eg, logical OR).
* New Intel AT Tunnel service, including the following operations:
* MBIM_CID_INTEL_AT_TUNNEL_AT_COMMAND
* Extended the SMS service:
* MBIM_CID_SMS_CONFIGURATION now supports notifications
* mbimcli:
** New '--sms-query-configuration' and '--sms-query-message-store-status'
actions
** New '--atds-query-rat' and '--atds-query-operators' actions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Allow stacking TLS layers with SSL_usebio
This also allows LWP (after patches) to access https site through TLS
enabled proxy
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
