| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
With this version of meson the patch is no longer needed.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This version of meson checks for gkd-pixbuf utilities
regardless of whether demos are enabled or not.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Restored ABI compatibility with version 8.0.x
Fixed chrono formatting on big endian systems
Fixed a linkage error with mingw
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Fix timeout handling for asynchronous method calls
Add support for unregistering signal handler
Add support for chrono literals in sdbus-c++-xml2cpp generator
Additional little fixes and improvements in code, build system, and documentation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This is needed to get the vala gir files created (needed e.g. to build geary).
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This is needed to get the vala gir files created (needed e.g. to build geary).
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
[Please note: This e-mail is from an EXTERNAL e-mail address]
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.5.3:
- Pick up custom urlconf set by Django middlewares from request
if any
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.9.2:
- Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it
kicks in.
- Connecting to servers which support server-sig-algs but which
have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to
know what the server supports).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.0.4:
- Revamp Python build system to fix multiple build problems
- Update config.yml
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 9.0.0:
- Restrict builtins for ImageMath.eval()
- Ensure JpegImagePlugin stops at the end of a truncated file
- Fixed ImagePath.Path array handling
- Remove consecutive duplicate tiles that only differ by their
offset
- Removed redundant part of condition
- Explicitly enable strip chopping for large uncompressed TIFFs
- Use the Windows method to get TCL functions on Cygwin
- Changed error type to allow for incremental WebP parsing
- Improved I;16 operations on big endian
- Ensure that BMP pixel data offset does not ignore palette
- Limit quantized palette to number of colors
- Use latin1 encoding to decode bytes
- Fixed palette index for zeroed color in FASTOCTREE quantize
- When saving RGBA to GIF, make use of first transparent palette
entry
- Pass SAMPLEFORMAT to libtiff
- Added rounding when converting P and PA
- Improved putdata() documentation and data handling
- Exclude carriage return in PDF regex to help prevent ReDoS
- Image.NONE is only used for resampling and dithers
- Fixed freeing pointer in ImageDraw.Outline.transform
- Add Tidelift alignment action and badge
- Replaced further direct invocations of setup.py
- Added ImageShow support for xdg-open
- Switched from deprecated "setup.py install" to "pip install ."
- Support 16-bit grayscale ImageQt conversion
- Fixed raising OSError in _safe_read when size is greater than
SAFEBLOCK
- Convert subsequent GIF frames to RGB or RGBA
- WebP: Fix memory leak during decoding on failure
- Do not prematurely return in ImageFile when saving to stdout
- Added support for top right and bottom right TGA orientations
- Corrected ICNS file length in header
- Block tile TIFF tags when saving
- Added line width argument to ImageDraw polygon
- Do not redeclare class each time when converting to NumPy
- Only prevent repeated polygon pixels when drawing with
transparency
- Fix pushes_fd method signature
- Add support for pickling TrueType fonts
- Only prefer command line tools SDK on macOS over default
MacOSX SDK
- Fix compilation on 64-bit Termux
- Replace 'setup.py sdist' with '-m build --sdist'
- Use declarative package configuration
- Use title for display in ImageShow
- Fix for PyQt6
- Rename master to main
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
changelog:
====================================================================
see changes at
https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md
Features
analyticsadmin: update the api 981bbe3 (4d5c983)
artifactregistry: update the api 0d1152f (4d5c983)
content: update the api 195bfc2 (4d5c983)
datapipelines: update the api 3bb1937 (4d5c983)
dataproc: update the api 2fc3a16 (4d5c983)
datastream: update the api d51a6ee (4d5c983)
displayvideo: update the api 459a636 (4d5c983)
drive: update the api 92ec7cf (4d5c983)
eventarc: update the api 8fd4b62 (4d5c983)
metastore: update the api b7f92e4 (4d5c983)
ondemandscanning: update the api e8a2008 (4d5c983)
osconfig: update the api 974f389 (4d5c983)
privateca: update the api f48c528 (4d5c983)
recaptchaenterprise: update the api edd3d24 (4d5c983)
redis: update the api 0a68f42 (4d5c983)
run: update the api 59c518f (4d5c983)
sasportal: update the api 1517d9d (4d5c983)
servicedirectory: update the api 298a0e1 (4d5c983)
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
changelog:
Fix support for Sanic v21.9.0 and up
Include example code in flake8 pass
Remove unused __version__ constant #262
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
| |
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
changelogs:
=============================================================
Truncate input after cursor. Fixes #351 (#352)
Support of path completion in fish #327 (#359)
Drop support for Python 2.7 and 3.5 (#361)
Add support for Python 3.10 (#356)
Test, documentation, and release infrastructure improvements
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
changelogs:
Support multiple Kafka servers
Include example code in flake8 pass
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the return value in subprocess to guarantee the subprocess
execute successfully or not as after [1] introduced to limit the
netowork, there some difference during do_compile phase as below.
Before the change
# python
Python 3.8.10 (default, Nov 26 2021, 20:14:08)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> cmd = "pkg-config --modversion libxml-2.0"
>>> p = subprocess.Popen(cmd, shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>>> stdout_data, errors = p.communicate()
>>> print(stdout_data)
b'2.9.12\n'
>>> print(errors)
b''
>>>
After the change
# python
Python 3.8.10 (default, Nov 26 2021, 20:14:08)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> cmd = "pkg-config --modversion libxml-2.0"
>>> p = subprocess.Popen(cmd, shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>>> stdout_data, errors = p.communicate()
>>> print(stdout_data)
b'2.9.12\n'
>>> print(errors)
b'do_ypcall: clnt_call: RPC: Unable to send; errno = Network is unreachable\n'
>>>
[1] https://git.openembedded.org/bitbake/commit/?id=0746b6a2a32fec4c18bf1a52b1454ca4c04bf543
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.7.1:
- Fix broken link to packaging tutorial
- Add support for core metadata version 2.2, defined in PEP 643.
- Add support for Python 3.10
- Show more helpful messages for invalid passwords
- Allow the --skip-existing option to work with GCP Artifact
Registry
- Add a helpful error message when an upload fails due to missing
a trailing slash in the URL
- Generalize --verbose suggestion when an upload fails
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 0.9.12:
- Remove Cyclic references (memory leak)
- Add left & right shift operations (<< and >>)
- Switch to GH actions & CodeCov.io for CI tests
- Add extra contributors details
- Reformat w/ Black + isort, and have linting of those in CI
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.3.0:
- Do not install C sources with binary distributions
- Dropped Python 3.6 support
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.2.0:
- SVCB and HTTPS records have been updated to track the evolving
draft standard.
- The ZONEMD type has been added.
- The resolver now returns a LifetimeTimeout exception which
includes an error trace like the NoNameservers exception. This
class is a subclass of dns.exception.Timeout for backwards
compatibility.
- DNS-over-HTTPS will try to use HTTP/2 if the httpx and h2
packages are installed.
- DNS-over-HTTPS is now supported for asynchronous queries and
resolutions.
- dns.zonefile.read_rrsets() has been added, which allows rrsets
in zonefile format, or a restrition of it, to be read. This
function is useful for applications that want to read DNS data
in text format, but do not want to use a Zone.
- On Windows systems, if the WMI module is available, the resolver
will retrieve the nameserver from WMI instead of trying to
figure it out by reading the registry. This may lead to more
accurate results in some cases.
- The CERT rdatatype now supports certificate types IPKIX, ISPKI,
IPGP, ACPKIX, and IACPKIX.
- The CDS rdatatype now allows digest type 0.
- Dnspython zones now enforces that a node is either a CNAME node
or an "other data" node. A CNAME node contains only CNAME,
RRSIG(CNAME), NSEC, RRSIG(NSEC), NSEC3, or RRSIG(NSEC3) rdatasets.
An "other data" node contains any rdataset other than a CNAME or
RRSIG(CNAME) rdataset. The enforcement is "last update wins". For
example, if you have a node which contains a CNAME rdataset, and
then add an MX rdataset to it, then the CNAME rdataset will be
deleted. Likewise if you have a node containing an MX rdataset
and add a CNAME rdataset, the MX rdataset will be deleted.
- Extended DNS Errors, as specified in RFC 8914, are now supported.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.1.1:
- Fix packet length representation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 5.1.1:
- Fix so that cythonized functions can be decorated
- Fix an issue in the decorator_apply example
- Fix issues with decorator.contextmanager
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
| |
Upgrade to release 3.1.6.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
JQ has gone through more than 3 years of code changes and has had
significant performance improvements since the last release. The team is
still figuring out a new release process. Use the latest git commit to
pull in these changes.
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
-New: Add a read-only option to the set httpd statement. The option can be used
on the TCP socket, the unix socket, or both.
-Changed: Issue #1011: The include statement was limited to 512 files, increase
the limit to 1024 files.
-Fixed: The disk read and write bytes didn't show up in M/Monit for Monit 5.27.0
or later.
-Fixed: Issue #998: Monit 5.29.0 may fail to compile on platforms without the
monotonic clock support.
-Fixed: Issue #1002: 32-bit Linux machines with more then 4GB of RAM reported
wrong system memory size and swap size values.
-Fixed: Issue #1005: When the port statement was used with the generic protocol
test and the target server returned zeros in response, Monit >= 5.20.0 may crash.
-Fixed: Issue #1009: When one executes an action via the Monit HTML GUI (uses a
POST request), the Monit HTTP server will redirect the browser back to the base
URL, so the browser won't perform the POST request again on an automatic page
refresh, which is performed to poll for status changes.
-Fixed: Issue #1015: The set httpd statement supports only one address option.
Display warning if multiple address options are used.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refresh automake_foreign.patch
License-Update: year updated to 2022.
Changelog:
=========
-Added TTF_GetFreeTypeVersion() and TTF_GetHarfBuzzVersion()
-Added support for Signed Distance Field rendering with TTF_SetFontSDF() and
TTF_GetFontSDF()
-Added optional DPI-scaling of fonts, with the following new functions:
TTF_OpenFontDPI()
TTF_OpenFontIndexDPI()
TTF_OpenFontDPIRW()
TTF_OpenFontIndexDPIRW()
TTF_SetFontSizeDPI()
-Added 32-bit character support with:
TTF_GlyphIsProvided32()
TTF_GlyphMetrics32()
TTF_RenderGlyph32_Solid()
TTF_RenderGlyph32_Shaded()
TTF_RenderGlyph32_Blended()
TTF_GetFontKerningSizeGlyphs32()
-Added functions to set direction and script when using Harfbuzz:
TTF_SetDirection()
TTF_SetScript()
-Added extended API for text measurement:
TTF_MeasureText()
TTF_MeasureUTF8()
TTF_MeasureUNICODE()
-Added TTF_SetFontSize() to set font size dynamically
-Added 'Shaded' and 'Solid' text wrapped functions:
TTF_RenderText_Solid_Wrapped()
TTF_RenderUTF8_Solid_Wrapped()
TTF_RenderUNICODE_Solid_Wrapped()
TTF_RenderText_Shaded_Wrapped()
TTF_RenderUTF8_Shaded_Wrapped()
TTF_RenderUNICODE_Shaded_Wrapped()
-Added TTF_HINTING_LIGHT_SUBPIXEL for better results at small text sizes at a
performance cost
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix-typo.patch
f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch
removed since they're included in 3.1.7
Changelog:
=========
modbus_reply: fix copy & paste error in sanity check
Add SECURITY.md
Fix typo in comment
Replace obsolete AC_PROG_CC_STDC by AC_PROG_CC
Fix position of CC flags in documentation
Remove duplicate ';'
Add the baud rate of 256k for Windows
cosmetic changes in man page standardizing itemization
Fix many typos
Replace .dir-locals.el (Emacs) by .editorconfig
Include the test LICENSE in tarball
Install the NEWS and AUTHORS files
Update README.md
docs: fix simple typo, reponse -> response
Add modbus_[get|set]_indication_timeout to doc build
Fix warning issues
Move malloc before starting unit tests
Fixed MODBUS_GET_* macros in case of negative values
SPDX: change LGPL-2.1+ to LGPL-2.1-or-later
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update:
"org.cups.cupsd.Notifier.xml" changed to "utils/org.cups.cupsd.Notifier.xml"
"GNU Library" changed to "GNU Library General"
"GNU Lesser" changed to "GNU Lesser General"
Changelog:
URL of issues <https://github.com/OpenPrinting/cups-filters/pull/#####>
=========
Bug fix release, containing backports of many of the bugs recently fixed during
the preparation of the cups-filters 2.x release.
Important is that cups-browsed's queue naming is aligned with CUPS' temporary
queue naming now and several bugs affecting driverless printing are fixed.
-libcupsfilters: Let PPD generator take default ColorModel from printer
(CUPS issue #277).
-Braille: In vectortopdf check inkscape version to call inkscape with the
correct command line (Issue #315, Pull request #443).
-Build system: Make missing DejaVuSans.ttf non-fatal in ./configure as the font
is only needed for test programs, not for actual use of cups-filters
(Issue #411).
-libcupsfilters: In imagetoraster() fixed crash with SGray (Issue #435).
-cups-browsed: Naming of local queues is matched to CUPS' current naming of
temporary queues (no leading or trailing underscores), to avoid duplicates in
print dialogs which support CUPS' temporary queues.
-libcupsfilters: Make cupsRasterParseIPPOptions() work correctly with PPDs
(Issue #436).
-libcupsfilters: Let colord_get_profile_for_device_id() not return empty file
name, to avoid error messages in CUPS error_log.
-foomatic-rip: Debug message was wrongly sent to stdout and not to log
(Issue #422).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Stable security bug-fix release that fixes CVE-2021-4122.
All users of cryptsetup 2.4.x must upgrade to this version.
Changes since version 2.4.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix possible attacks against data confidentiality through LUKS2 online
reencryption extension crash recovery (CVE-2021-4122).
An attacker can modify on-disk metadata to simulate decryption in
progress with crashed (unfinished) reencryption step and persistently
decrypt part of the LUKS device.
This attack requires repeated physical access to the LUKS device but
no knowledge of user passphrases.
The decryption step is performed after a valid user activates
the device with a correct passphrase and modified metadata.
There are no visible warnings for the user that such recovery happened
(except using the luksDump command). The attack can also be reversed
afterward (simulating crashed encryption from a plaintext) with
possible modification of revealed plaintext.
The size of possible decrypted data depends on configured LUKS2 header
size (metadata size is configurable for LUKS2).
With the default parameters (16 MiB LUKS2 header) and only one
allocated keyslot (512 bit key for AES-XTS), simulated decryption with
checksum resilience SHA1 (20 bytes checksum for 4096-byte blocks),
the maximal decrypted size can be over 3GiB.
The attack is not applicable to LUKS1 format, but the attacker can
update metadata in place to LUKS2 format as an additional step.
For such a converted LUKS2 header, the keyslot area is limited to
decrypted size (with SHA1 checksums) over 300 MiB.
The issue is present in all cryptsetup releases since 2.2.0.
Versions 1.x, 2.0.x, and 2.1.x are not affected, as these do not
contain LUKS2 reencryption extension.
The problem was caused by reusing a mechanism designed for actual
reencryption operation without reassessing the security impact for new
encryption and decryption operations. While the reencryption requires
calculating and verifying both key digests, no digest was needed to
initiate decryption recovery if the destination is plaintext (no
encryption key). Also, some metadata (like encryption cipher) is not
protected, and an attacker could change it. Note that LUKS2 protects
visible metadata only when a random change occurs. It does not protect
against intentional modification but such modification must not cause
a violation of data confidentiality.
The fix introduces additional digest protection of reencryption
metadata. The digest is calculated from known keys and critical
reencryption metadata. Now an attacker cannot create correct metadata
digest without knowledge of a passphrase for used keyslots.
For more details, see LUKS2 On-Disk Format Specification version 1.1.0.
The former reencryption operation (without the additional digest) is no
longer supported (reencryption with the digest is not backward
compatible). You need to finish in-progress reencryption before
updating to new packages. The alternative approach is to perform
a repair command from the updated package to recalculate reencryption
digest and fix metadata.
The reencryption repair operation always require a user passphrase.
WARNING: Devices with older reencryption in progress can be no longer
activated without performing the action mentioned above.
Encryption in progress can be detected by running the luksDump command
(output includes reencrypt keyslot with reencryption parameters). Also,
during the active reencryption, no keyslot operations are available
(change of passphrases, etc.).
The issue was found by Milan Broz as cryptsetup maintainer.
Other changes
~~~~~~~~~~~~~
* Add configure option --disable-luks2-reencryption to completely disable
LUKS2 reencryption code.
When used, the libcryptsetup library can read metadata with
reencryption code, but all reencryption API calls and cryptsetup
reencrypt commands are disabled.
Devices with online reencryption in progress cannot be activated.
This option can cause some incompatibilities. Please use with care.
* Improve internal metadata validation code for reencryption metadata.
* Add updated documentation for LUKS2 On-Disk Format Specification
version 1.1.0 (with reencryption extension description and updated
metadata description). See docs/on-disk-format-luks2.pdf or online
version in https://gitlab.com/cryptsetup/LUKS2-docs repository.
* Fix support for bitlk (BitLocker compatible) startup key with new
metadata entry introduced in Windows 11.
* Fix space restriction for LUKS2 reencryption with data shift.
The code required more space than was needed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
* initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6".
* core: better handle sd-resolved errors when resolving hostnames.
* nmcli: fix import WireGuard profile with DNS domain and address
family disabled.
* ndisc: send router solicitations before expiry.
* policy: send earlier the ip configs to the DNS manager.
* core: support linking with LLD 13.
* wireguard: importing wg-quick configuration files with nmcli
no longer sets a negative, exclusive "dns-priority". This plays
better with common split DNS setups that use systemd-resolved.
Adjust the "dns-priority" to your liking after import yourself.
* NetworkManager no longer listens for netlink events for traffic
control objects (qdiscs and filters).
* core: add internal nm-priv-helper service for separating privileges
and have a way to drop capabilities from NetworkManager daemon.
* bond: add support for setting queue-id of bond port.
* dns: support configuring DNS over TLS (DoT) with systemd-resolved.
* nmtui: add support for WireGuard profiles.
* nmcli: add aliases `nmcli device up|down` beside connect|disconnect.
* conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new
'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of
'nm_device_get_ports()' in libnm.
* nmcli: invoking nmcli command without arguments will now show 'default'
instead of null address in route4 or route6 section.
The following changes were backported to 1.32.x releases between 1.32.0
and 1.32.12 are also present in NetworkManager-1.34:
- 1.32.12:
* Fix wrong order of addresses when restarting NetworkManager.
* Preserve the IPv6 ff00::/8 route added by kernel in the local table,
necessary for multicast communication.
* Fix emitting the signal for changed metered status of devices.
* Fix applying the ethtool autonegotiation and speed settings.
* initrd: fix crash parsing plain '=' without key.
* cloud-setup: use suppress_prefixlength rule to honor
non-default-routes in the main table.
- 1.32.10:
* core: fix the order of IPv6 addresses changing on service restart.
* initrd: add command line option to configure link autonegotiation
and speed.
* ifcfg-rh: fix crash when parsing invalid DNS address.
* ifcfg-rh: extend ifup/ifdown scripts to work with connection profile
names.
* udev: also react to "move" (and "change") udev actions in our rules.
- 1.32.8:
* firewalld: configure zones on "Reloaded" signal.
* core: fix wrong MTU for bridge interfaces.
* cloud-setup: fix gateway address for Aliyun cloud.
- 1.32.6:
* core: fix adding stale local routes when address changes.
* initrd: tag generated profiles with origin in user data.
* core: introduce "allowed-connections" option to disallow
profiles on a device. This allows to filter out profiles
that originate from initrd.
* core: introduce "keep-configuration" device option to forcefully
activate a profile on start.
* dhcp: handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
* initrd: add "ib.pkey=" command line option
- 1.32.4:
* core: remove stale entries from "seen-bssids" and "timestamp"
files in "/var/lib/NetworkManager".
* bond: support the peer_notif_delay option.
* core: add ipv[46].required-timeout option to wait for IP
configuration while activating.
* core: send ARP announcements when there is carrier.
* core: start DHCPv6 when a prefix delegation is needed for shared
mode.
* firewall: fix nftables backend to create "ip" table for
IPv4 only.
* initrd: set required-timeout of 20 seconds for default IPv4 configuration
to opportunistically wait for IPv4.
* ifcfg: log warning about invalid keys in ifcfg files.
* ifcfg: reject non-UTF-8 from ifcfg files.
* nmcli: show DNS SEARCH field in device information.
* cloud-setup: add support for Aliyun cloud.
- 1.32.2:
* hostname: prefer IPv4 addresses for reverse DNS lookup.
* dhcp: ignore unauthenticated FORCERENEW messages with
internal, systemd-based DHCPv4 plugin (CVE-2020-13529).
This plugin is not used, unless the undocumented dhcp=systemd
option was set.
* cloud-setup: preserve IP addresses, routes and rules from
currently active connection profile.
* Various bugfixes and performance improvements.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
0001-Fix-a-lot-of-Werror-format-security-errors-in-printw.patch
removed since it is included in 0.95.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
BFD linker is crashing when using clang, workaround it by always using
lld when using clang on arm
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Embedded javascript engine, work is almost finished to have polkit
use it instead of mozjs, so add a recipe to be ready to switch:
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- Upgraded 0.2.5 to 0.2.18
- Deleted xorg-xrdp from PNBLACKLIST, because build error with openssl
3.0 of xrdp has beed fixed.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Fixed build error with openssl 3.0 according to the suggestion of upsream.
Please reference to https://github.com/neutrinolabs/xrdp/issues/2121.
- Upgraded from 0.9.17 to 0.9.18.
- git repository of xrdp has recursive sources, so, reference to Fedora, modified SRC_URI to a tarball download URL of github.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes:
WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php: ELF binary /usr/libexec/apache2/modules/libphp.so has relocations in .text [textrel]
WARNING: lib32-php-8.0.12-r0 do_package_qa: QA Issue: lib32-php-opcache: ELF binary /usr/lib/php8/extensions/no-debug-zts-20200930/opcache.so has relocations in .text [textrel]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the same approach as librsvg to disable 64-bit atomics on platforms
which have 32-bit pointers or are otherwise not supported.
https://github.com/crossbeam-rs/crossbeam/blob/master/no_atomic.rs
https://doc.rust-lang.org/std/sync/atomic/#portability
"PowerPC and MIPS platforms with 32-bit pointers do not have AtomicU64
or AtomicI64 types."
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.15.3:
- Fix swapping handlers
- Fix tests
- Readablregexps in generated code
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.2.0:
- Enforce validation for day=1. Before this release we used to
support day=0 and it was silently glided to day=1 to support
having both day in day in 4th field when it came to have
6fields cron forms (second repeat). It will now raises a
CroniterBadDateError.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.0.1:
- Bump (patch) version
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 0.17.2:
- Remove unecessary setuptools pin
- Switch to the modern python package build infrastructure
- Remove support for python 3.5 and earlier, including 2.7
- Add support for python 3.9 and 3.10
- Fix a conflict with django lock
- Add __version__ and __all__ attributes
- Fix a failure to parse README as utf-8
- Move from nosetest to pytest and cleanup testing infrastructure
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
