The related CVEs are tracked with "xerces-c\+\+" (sic).
See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2;
apache|xerces-c\+\+|29
apache|xerces-j|2
apache|xerces2_java|3
redhat|xerces|3
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
FEX Release FEX-2601
ARM64Emitter
Force NOP padding to be enabled (9e8915e)
Arm64Emitter
Initial work for LoadConstant padding audit (d582356)
BranchOps
Use RIP relocs for direct branch targets (c57df73)
CMake
Move CMakeModules to Data/CMake (651ef64)
Fix mingw if host has libxxhash-dev installed (900c179)
Support overriding version/hash via CMake args (19d3450)
CodeCache
Fix misparenthesized expression in SaveData() (9101e70)
Rebase block entrypoint info (5747d1c)
Make LoadData Thread argument an optional pointer (bc069f2)
Implement automatic cache generation (eb425fe)
Implement runtime cache validation (93f6a8c)
Trigger delayed cache loading for the main executables and its interpreter (71c8436)
Implement cache loading (ec67670)
Common
Use LOCALAPPDATA for GetCacheDirectory on WOW64/ARM64EC (499970d)
Config
Remove stdout from OutputLog (e1c6a91)
Dispatcher
Silence warning on ARM64EC (9a12868)
FEXCore
Cleanup pointers structure (b29a78c)
Fixes circular dependency with thunk callback (5627ddf)
Switch constant emission to default to NoPad (2b4492c)
Revert literal optimization from #4884 (da46d51)
FEXOfflineCompiler
Implement SyscallHandler::LookupExecutableFileSection (5ca549e)
FEXServer
Add protocol interface to request code cache population (805a4c1)
Frontend
Only decode REX if it is at the correct location (c8d72ea)
Also fetch relocations and section bounds when validating (0a18ea8)
ImageTracker
Load AOT images (a3779be)
Load PE relocations when generating code caches (b87bb1d)
Support codemap file generation (c54dfd9)
Track loaded PE images for LookupExecutableFileSection (212a3f4)
Interpreter
Moves around the thread and ELF initialization code (ed1d495)
JIT
Fixes typo (c4258be)
LinuxSyscalls
x32
Fixes fcntl assert (6c06f47)
LookupCache
Fix mistake in nested CacheBlockMapping call (a957f1f)
OpcodeDispatcher
Explicitly calculate flags after _TelemetrySetValue (281981e)
Relocations
Disable 6-byte size optimization in InsertGuestRIPMove (c7eb4c8)
Switch to robin_map to improve lookup perf (4889596)
SHMStats
Avoid ISB usage when stats are disabled (6a49b8c)
Scripts
Have InstallFEX check kernel version (b407688)
Steam
Don't let the FEXServer inherit FEXServerManager's original stdout (53925dc)
Syscalls
Fix DEBUG_STRACE printing (e859109)
Thunks
Vulkan
Update for v1.4.337 (668e027)
Tools
pidof
Fixes FEXpidof after #5097 (7e4e017)
VDSO
Forgot to remove a if check (144c4bf)
WOW64
Lock the JIT context and block suspend during context operations (a25d90d)
WinAPI
Implement Sleep (37b0e9e)
Windows
Improve handling of RWX memory (d592e2a)
Invalidate code in freed memory after the free syscall (cb7de45)
Fix RtlWaitOnAddress signature (f098b41)
Implement _[w]sopen file APIs (f819999)
Introduce ImageTracker for tracking per-loaded-image data (dc764db)
Switch GetSection/ExecutableFilePath to returning full paths (956f97e)
Split out CRT/WinAPI reimplementation (ebdbf58)
WritePriorityMutex
Add some more documentation (9fa8148)
Fix rare case of dropped read waiter wakes (ce9824a)
Misc
[cmake] explicit platform and bit-width checks (dbd802c)
[cmake] more parenthesis cleanups, linker gc module, more same-line stuff (1f6b3d5)
[cmake] refactor: compiler and architecture handling (51f6722)
[cmake] better option descriptions + more consistent language (9c0c969)
Constant audit (fd2ee4e)
_Constant audit (851fbae)
First round of LoadConstant auditing (5bbbe4d)
[cmake] Use a Find module for xxhash (5a47565)
[cmake] do not use uppercase command names (f24f88e)
[cmake] reduce usage of trivial variables (0edf961)
[cmake] prefer end parenthesis on same line, no space after some calls (b41b967)
[cmake] FEXCore: further reduce library redundancy (f153d86)
[cmake] propagate -ISource to all Tools (bd8f6f1)
[cmake] use MINGW builtin rather than custom detection (7cdef04)
Some minor NFC (974ba78)
Guest relocation support (fef1993)
Various trivial fixes for #5106 (296988b)
code-format-helper: Update urllib3 dependency (2e2563a)
github
steamrt4
Additional comments (bf9ab7f)
unittests
ASM
Adds test for flags clobber in TelemetrySetValue (eb27576)
Test 32-bit displacement encoding (d197300)
FEXLinuxTests
Fix gcc build (fedebf4)
Force clang building for tests (62383a1)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Added a number of new values for some Sony tags
- Added a few new button functions for the Nikon Z9
- Added some Nikon subject detection values
- Added a new Canon SubjectSwitching value
- Decode Ricoh APP7 maker notes
- Patched to allow a specific PreviewImage to be written to a DNG file
containing multiple previews
- Fixed minor error when writing some DJI DNG files
- Fixed bug reading large Protobuf integers on 32-bit systems
- API Changes:
- Added SystemTimeRes option
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Added read support for Kandao KVAR files
- Added a few new Panasonic tags
- Added a new XMP-crs tag
- Added a few new Matroska tags
- Added a few values related to the new RAW file types for the Sony ILCE-7M5
- Decode a few new PhaseOne tags
- Decode timed GPS and other metadata from Kandao MP4 videos
- Improvements to family 1 and 5 groups for tags in Matroska videos, and
prioritize top-level tags when duplicates exist
- Assume a default TimecodeScale of 1ms for MKV videos
- Patched to avoid runtime warning when parsing corrupted QuickTime data
- Fixed decoding of ShutterCount for Sony ILCE-7M
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE_PRODUCT is specified twice - the second instance only duplicates one
value from the first instance.
Remove this extra CVE_PRODUCT.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Base64 encoding now runs after compression, consistent with other
post-compression encryption/encoding options.
- Documentation updated to reflect that compression can be combined with
encryption/encoding.
- Compression now precedes encryption so both can be enabled together.
- Signing passphrases are masked in stored metadata.
- Added coverage for combined encryption + compression flows.
- Access archive name from script
- pre-extraction script execution in combination with --notemp
-Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs were filed for "Fram's Fast File Exchange" application, which
has the same abbreviated name as fex. Currently this recipe has no historical
CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore
these irrelevant CVEs explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* PR #246: Make ldns_calc_keytag() available for CDNSKEY RR
* PR #247: Make ldns_key_rr2ds() available for CDNSKEY RR
* PR #248: Make ldns_rr_compare_{ds,ds_dnskey}() available for
CDS and CDNSKEY RRs.
* PR #245: Make drill trace use IPv6 when used with -6
* Fix#254: Unquoted "value" rdata for CAA records fail to validate.
Follows the long string unquoted syntax from RFC8659, section 4.1.1.
* Fix#266: ldns-read-zone -u fails if a type is the only type in a
window and the type modulo 256 is equal to zero.
* Fix#271: Intermittent build failure with multi-job
builds (make -j).
* Add ldns-verify-zone -s option. It checks all signature results,
instead of passing by when one RRSIG validates. That prints output
for spurious RRSIGs, the failures for them.
* Fix RR types NSAP-PTR, GPOS and RESINFO to print unquoted strings.
* Fix memory leak when trying to read zones that have equal RRs.
the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR
when an already existing RR is tried to be added. This is a API
change, hence this also bumps the version to 1.9.0
* PR #282: ensure returning pkt with LDNS_STATUS_OK.
* PR #286: Fix RR Type AMTRELAY type nogateway, to print relay '.',
and memory leaks in parsing it.
* DSYNC is no longer a draft RR type and compiled by default
* RFC 9824 support: Compact Denial of Existence in DNSSEC
* The HHIT and BRID draft RR types
* PR #249: If RNG is already seeded, return early.
* PR #221: Improve error messages.
* PR #256: Use SWIG_AppendOutput to support swig 4.3
* PR #188: Homogenize paths for source files during compilation
* Fix#283: ldns-walk fails after update from 1.8.3 to 1.8.4
* PR #200: Allow compiled tests to link to ldns statically via
environment variable.
* PR #220: Optionally exclude ZONEMD RRs in ldns-compare-zone
* Fix#285: A WALLET RR breaks TXT signing.
* Fix#287: ldns-verify-zone hangs with missing NSEC3 RRs.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Added support for a couple of new Android QuickTime Keys tags
- Added date/time formatting for RIFF DateCreated
- Added ability to read/write (but not create/delete) the HEIF Mirroring tag
- Added a new SonyModelID
- Added a new Canon LensType
- Decode ShutterCount for the Canon EOS R6 Mark III
- Decode another Samsung trailer tag
- Convert invalid Panasonic AFPointPosition to 'n/a'
- Fixed issue extracting timed GPS from some Wolfbox G900 MP4 videos
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Left to its own volition, configure goes on a hunt in
usual paths in /usr which means it pokes at build system
for sendmail existence. This could also be under different
paths e.g. /usr/lib or /usr/sbin depending upong build distro
The paths where sendmail will be installed on target is
usual paths e.g. /bin or /usr/bin on OE, which are added
to program search paths anyway.
This fixes reproducibility issues, since this string gets
its way into the PHP binaries.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog:
https://github.com/php/php-src/releases/tag/php-8.5.0
2. Remove opcache-related options as it was not in 8.5.0.
3. Fix FILES:${PN}-fpm to resolve following error:
ERROR: php-8.5.0-r0 do_package: QA Issue: php: Files/directories were installed but not shipped in any package:
/usr/share/php
/usr/share/php/fpm
/usr/share/php/fpm/status.html
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Add -e switch to select an escape sequence other than Ctrl+\
- More portable TTY settings
- Better error and signal handling
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Yasm was introduced as a rewrite of nasm, however its commits
have dried up over the years, while its unmitigated CVEs keep
piling up. Also, nasm is a healthier project with regular
contributions still.
There are no known recipes depending on yasm.
Let's remove it.
Cc: Ross Burton <ross.burton@arm.com>
Cc: Yogesh Tyagi <yogesh.tyagi@intel.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
- Show the host name in the error message in case of name resolution error
- Fix Cursor.copy() and AsyncCursor.copy() to hold the connection lock for the
entire operation, preventing concurrent access issues
- Fix GSSAPI check with C extension built with libpq < v16
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 13.42:
- Added warning if tag arguments come before -csv= or -json= in
a command
- Added a new CanonModelID and RFLensType (thanks Norbert Wasser)
- Added ability to read XML as a block from Sony MP4 videos
- Added "EOS" to the R5 Mark II CanonModelID string
- Decode ReEditData in Samsung trailer
- Decode a couple more Sony rtmd tags from MP4 videos
- Tolerate some types of trailer corruption as caused by Samsung
Gallery
- Restrict decoding of MetaImageSize to HEIC files only
- Fixed issue writing Keys tags to Sony PMW-EX1R videos
- Fixed behaviour of CSV/JSON import when specifying tags to import
into an existing list, or when importing ValueConv values (ie.
"TAG#"), or when specifying a group name of "All"
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
According to [1][2], generate phar.php during cross-compile can't be
done, but upstream test res of $(TEST_PHP_EXECUTABLE) is not suitable
for Yocto.
Explicitly set TEST_PHP_EXECUTABLE_RES = "1" to not generate phar.php
for target recipe
Drop 0005-sapi-cli-config.m4-fix-build-directory.patch which is obsolete
for generating phar.php
After apply this commit
...log.do_compile...
Generating phar.php
Skipping phar.php generating during cross compilation
Generating phar.phar
Skipping phar.phar generating during cross compilation
...log.do_compile...
Then php supports reproducible build
[1] https://github.com/php/php-src/issues/11099
[2] https://github.com/php/php-src/commit/93fa9613e162d1a0e8479ba83c4b6a399846e209
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are multiple vendors for yasm:
$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm
Both products refer to the same application
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fex is a fast usermode x86 and x86-64 emulator for Arm64 Linux
It is used by 'valve' to run windows games on snapdragon
Compilation requires TOOLCHAIN = "clang"
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct
latest stable verison.
Before the patch:
$ devtool latest-version php
INFO: Current version: 8.4.14
INFO: Latest version:
After the patch:
$ devtool latest-version php
INFO: Current version: 8.4.14
INFO: Latest version: 8.4.14
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct
latest stable verison.
Before the patch:
$ devtool latest-version abseil-cpp
INFO: Current version: 20250814.1
INFO: Latest version:
After the patch:
$ devtool latest-version abseil-cpp
INFO: Current version: 20250814.1
INFO: Latest version: 20250814.1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Added CI job to publish GitHub release
- Maintenance to Fedora CI infrastructure
- Reference validation using contains() result rather than exception handling
- add support for $defs instead of definitions
- Apply clang-format / fix "test / Check pre-commit" failures
- Adding verbose error messages for logical combinations
- fix: issue-311
- Fix cmake install target on windows
- error-messages: Numeric limit errors should show maximum precision
- Add Fedora packaging
- Improve and fix bugs in Conanfile
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
* It has cmake 4 fixes
* Drop all patches, they are no more needed
* Fix build with glibc-2.43/c23
* Enabled on riscv64, since libunwind now supports it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The tk.tcl file was missing on the rootfs.
File "/usr/lib/python3.13/tkinter/__init__.py", line 2459, in __init__
self.tk = _tkinter.create(screenName, baseName, className, interactive, wantobjects, useTk, sync, use)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_tkinter.TclError: Can't find a usable tk.tcl in the following directories:
//zipfs:/app/tk_library //zipfs:/lib/tk/tk_library //zipfs:/lib/tk /usr/lib/tk9.0 /usr/lib/tcl9.0/tk9.0 /usr/lib/tk9.0 /usr/lib/tk9.0 /lib/tk9.0 /usr/library
By disabling the zipfs options the tk.tcl is in the rootfs.
Debian did also disable this option.
@see: https://sources.debian.org/src/tk9.0/9.0.2-1/debian/rules#L39
Tested on Walnascar. But master does have the same version of Tk.
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop patch that is incorporated in this release.
Changelog:
0.29.2
* Request serde's std feature to avoid issues with newer toml versions.
0.29.1
* enum: Track dependencies properly in enumerations.
* constant: Handle cfg in associated constants.
* Remove "display" feature from the toml crate
* Fix incorrect detection of duplicated constants
* docs: Correct after_include type in example config (fix)
* cargo update
* Update toml to 0.9
0.29.0
* Support no-export annotation for statics and functions.
* Fixed conditional fields of constexpr literal structs
* Add rename rule for generated associated constant
* Upgrade heck to 0.5
* Add support for an optional nullable attribute
* docs.md: Fix deprecated_with_note and deprecated_variant_with_note being spelled as 'notes'
* Fix generic with "void" default
* Fixed error generation of structures using the keyword as inside arrays
* Added test for unsafe(no_mangle) attribute
* Fixed handling of trait methods containing the unsafe attribute
* Rename -Zparse-only
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use gcc to compile failed for 32 bit arm target
$ echo 'MACHINE = "qemuarm"' >> conf/local.conf
$ bitbake nodejs
...
2645 | );
| ^
../deps/llhttp/src/llhttp.c:2643:11: error: incompatible type for argument 1 of 'vandq_u16'
2643 | vcgeq_u8(input, vdupq_n_u8(' ')),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| uint8x16_t
...
Use '-flax-vector-conversions' to permit conversions between vectors
with differing element types or numbers of subparts
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Wang Mingyu
Gyorgy Sarvari
Markus Volk
Liu Yiding
Jason Schonberg
Yi Zhao
Khem Raj
Leon Anavi
Hongxu Jia
Jan Vermaete
Michael Wyraz
Ankur Tyagi