| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This addresses meson 0.61 issues.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
With this version of meson the patch is no longer needed.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
This version of meson checks for gkd-pixbuf utilities
regardless of whether demos are enabled or not.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Restored ABI compatibility with version 8.0.x
Fixed chrono formatting on big endian systems
Fixed a linkage error with mingw
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Fix timeout handling for asynchronous method calls
Add support for unregistering signal handler
Add support for chrono literals in sdbus-c++-xml2cpp generator
Additional little fixes and improvements in code, build system, and documentation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This is needed to get the vala gir files created (needed e.g. to build geary).
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
This is needed to get the vala gir files created (needed e.g. to build geary).
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
[Please note: This e-mail is from an EXTERNAL e-mail address]
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.5.3:
- Pick up custom urlconf set by Django middlewares from request
if any
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.9.2:
- Enhanced log output when connecting to servers that do not
support server-sig-algs extensions, making the new-as-of-2.9
defaulting to SHA2 pubkey algorithms more obvious when it
kicks in.
- Connecting to servers which support server-sig-algs but which
have no overlap between that list and what a Paramiko client
supports, now raise an exception instead of defaulting to
rsa-sha2-512 (since the use of server-sig-algs allows us to
know what the server supports).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.0.4:
- Revamp Python build system to fix multiple build problems
- Update config.yml
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 9.0.0:
- Restrict builtins for ImageMath.eval()
- Ensure JpegImagePlugin stops at the end of a truncated file
- Fixed ImagePath.Path array handling
- Remove consecutive duplicate tiles that only differ by their
offset
- Removed redundant part of condition
- Explicitly enable strip chopping for large uncompressed TIFFs
- Use the Windows method to get TCL functions on Cygwin
- Changed error type to allow for incremental WebP parsing
- Improved I;16 operations on big endian
- Ensure that BMP pixel data offset does not ignore palette
- Limit quantized palette to number of colors
- Use latin1 encoding to decode bytes
- Fixed palette index for zeroed color in FASTOCTREE quantize
- When saving RGBA to GIF, make use of first transparent palette
entry
- Pass SAMPLEFORMAT to libtiff
- Added rounding when converting P and PA
- Improved putdata() documentation and data handling
- Exclude carriage return in PDF regex to help prevent ReDoS
- Image.NONE is only used for resampling and dithers
- Fixed freeing pointer in ImageDraw.Outline.transform
- Add Tidelift alignment action and badge
- Replaced further direct invocations of setup.py
- Added ImageShow support for xdg-open
- Switched from deprecated "setup.py install" to "pip install ."
- Support 16-bit grayscale ImageQt conversion
- Fixed raising OSError in _safe_read when size is greater than
SAFEBLOCK
- Convert subsequent GIF frames to RGB or RGBA
- WebP: Fix memory leak during decoding on failure
- Do not prematurely return in ImageFile when saving to stdout
- Added support for top right and bottom right TGA orientations
- Corrected ICNS file length in header
- Block tile TIFF tags when saving
- Added line width argument to ImageDraw polygon
- Do not redeclare class each time when converting to NumPy
- Only prevent repeated polygon pixels when drawing with
transparency
- Fix pushes_fd method signature
- Add support for pickling TrueType fonts
- Only prefer command line tools SDK on macOS over default
MacOSX SDK
- Fix compilation on 64-bit Termux
- Replace 'setup.py sdist' with '-m build --sdist'
- Use declarative package configuration
- Use title for display in ImageShow
- Fix for PyQt6
- Rename master to main
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
changelog:
====================================================================
see changes at
https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md
Features
analyticsadmin: update the api 981bbe3 (4d5c983)
artifactregistry: update the api 0d1152f (4d5c983)
content: update the api 195bfc2 (4d5c983)
datapipelines: update the api 3bb1937 (4d5c983)
dataproc: update the api 2fc3a16 (4d5c983)
datastream: update the api d51a6ee (4d5c983)
displayvideo: update the api 459a636 (4d5c983)
drive: update the api 92ec7cf (4d5c983)
eventarc: update the api 8fd4b62 (4d5c983)
metastore: update the api b7f92e4 (4d5c983)
ondemandscanning: update the api e8a2008 (4d5c983)
osconfig: update the api 974f389 (4d5c983)
privateca: update the api f48c528 (4d5c983)
recaptchaenterprise: update the api edd3d24 (4d5c983)
redis: update the api 0a68f42 (4d5c983)
run: update the api 59c518f (4d5c983)
sasportal: update the api 1517d9d (4d5c983)
servicedirectory: update the api 298a0e1 (4d5c983)
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
changelog:
Fix support for Sanic v21.9.0 and up
Include example code in flake8 pass
Remove unused __version__ constant #262
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
| |
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
changelogs:
=============================================================
Truncate input after cursor. Fixes #351 (#352)
Support of path completion in fish #327 (#359)
Drop support for Python 2.7 and 3.5 (#361)
Add support for Python 3.10 (#356)
Test, documentation, and release infrastructure improvements
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
changelogs:
Support multiple Kafka servers
Include example code in flake8 pass
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check the return value in subprocess to guarantee the subprocess
execute successfully or not as after [1] introduced to limit the
netowork, there some difference during do_compile phase as below.
Before the change
# python
Python 3.8.10 (default, Nov 26 2021, 20:14:08)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> cmd = "pkg-config --modversion libxml-2.0"
>>> p = subprocess.Popen(cmd, shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>>> stdout_data, errors = p.communicate()
>>> print(stdout_data)
b'2.9.12\n'
>>> print(errors)
b''
>>>
After the change
# python
Python 3.8.10 (default, Nov 26 2021, 20:14:08)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import subprocess
>>> cmd = "pkg-config --modversion libxml-2.0"
>>> p = subprocess.Popen(cmd, shell=True,stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>>> stdout_data, errors = p.communicate()
>>> print(stdout_data)
b'2.9.12\n'
>>> print(errors)
b'do_ypcall: clnt_call: RPC: Unable to send; errno = Network is unreachable\n'
>>>
[1] https://git.openembedded.org/bitbake/commit/?id=0746b6a2a32fec4c18bf1a52b1454ca4c04bf543
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.7.1:
- Fix broken link to packaging tutorial
- Add support for core metadata version 2.2, defined in PEP 643.
- Add support for Python 3.10
- Show more helpful messages for invalid passwords
- Allow the --skip-existing option to work with GCP Artifact
Registry
- Add a helpful error message when an upload fails due to missing
a trailing slash in the URL
- Generalize --verbose suggestion when an upload fails
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 0.9.12:
- Remove Cyclic references (memory leak)
- Add left & right shift operations (<< and >>)
- Switch to GH actions & CodeCov.io for CI tests
- Add extra contributors details
- Reformat w/ Black + isort, and have linting of those in CI
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.3.0:
- Do not install C sources with binary distributions
- Dropped Python 3.6 support
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.2.0:
- SVCB and HTTPS records have been updated to track the evolving
draft standard.
- The ZONEMD type has been added.
- The resolver now returns a LifetimeTimeout exception which
includes an error trace like the NoNameservers exception. This
class is a subclass of dns.exception.Timeout for backwards
compatibility.
- DNS-over-HTTPS will try to use HTTP/2 if the httpx and h2
packages are installed.
- DNS-over-HTTPS is now supported for asynchronous queries and
resolutions.
- dns.zonefile.read_rrsets() has been added, which allows rrsets
in zonefile format, or a restrition of it, to be read. This
function is useful for applications that want to read DNS data
in text format, but do not want to use a Zone.
- On Windows systems, if the WMI module is available, the resolver
will retrieve the nameserver from WMI instead of trying to
figure it out by reading the registry. This may lead to more
accurate results in some cases.
- The CERT rdatatype now supports certificate types IPKIX, ISPKI,
IPGP, ACPKIX, and IACPKIX.
- The CDS rdatatype now allows digest type 0.
- Dnspython zones now enforces that a node is either a CNAME node
or an "other data" node. A CNAME node contains only CNAME,
RRSIG(CNAME), NSEC, RRSIG(NSEC), NSEC3, or RRSIG(NSEC3) rdatasets.
An "other data" node contains any rdataset other than a CNAME or
RRSIG(CNAME) rdataset. The enforcement is "last update wins". For
example, if you have a node which contains a CNAME rdataset, and
then add an MX rdataset to it, then the CNAME rdataset will be
deleted. Likewise if you have a node containing an MX rdataset
and add a CNAME rdataset, the MX rdataset will be deleted.
- Extended DNS Errors, as specified in RFC 8914, are now supported.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 1.1.1:
- Fix packet length representation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 5.1.1:
- Fix so that cythonized functions can be decorated
- Fix an issue in the decorator_apply example
- Fix issues with decorator.contextmanager
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
| |
Upgrade to release 3.1.6.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
JQ has gone through more than 3 years of code changes and has had
significant performance improvements since the last release. The team is
still figuring out a new release process. Use the latest git commit to
pull in these changes.
Signed-off-by: William A. Kennington III <wak@google.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
-New: Add a read-only option to the set httpd statement. The option can be used
on the TCP socket, the unix socket, or both.
-Changed: Issue #1011: The include statement was limited to 512 files, increase
the limit to 1024 files.
-Fixed: The disk read and write bytes didn't show up in M/Monit for Monit 5.27.0
or later.
-Fixed: Issue #998: Monit 5.29.0 may fail to compile on platforms without the
monotonic clock support.
-Fixed: Issue #1002: 32-bit Linux machines with more then 4GB of RAM reported
wrong system memory size and swap size values.
-Fixed: Issue #1005: When the port statement was used with the generic protocol
test and the target server returned zeros in response, Monit >= 5.20.0 may crash.
-Fixed: Issue #1009: When one executes an action via the Monit HTML GUI (uses a
POST request), the Monit HTTP server will redirect the browser back to the base
URL, so the browser won't perform the POST request again on an automatic page
refresh, which is performed to poll for status changes.
-Fixed: Issue #1015: The set httpd statement supports only one address option.
Display warning if multiple address options are used.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refresh automake_foreign.patch
License-Update: year updated to 2022.
Changelog:
=========
-Added TTF_GetFreeTypeVersion() and TTF_GetHarfBuzzVersion()
-Added support for Signed Distance Field rendering with TTF_SetFontSDF() and
TTF_GetFontSDF()
-Added optional DPI-scaling of fonts, with the following new functions:
TTF_OpenFontDPI()
TTF_OpenFontIndexDPI()
TTF_OpenFontDPIRW()
TTF_OpenFontIndexDPIRW()
TTF_SetFontSizeDPI()
-Added 32-bit character support with:
TTF_GlyphIsProvided32()
TTF_GlyphMetrics32()
TTF_RenderGlyph32_Solid()
TTF_RenderGlyph32_Shaded()
TTF_RenderGlyph32_Blended()
TTF_GetFontKerningSizeGlyphs32()
-Added functions to set direction and script when using Harfbuzz:
TTF_SetDirection()
TTF_SetScript()
-Added extended API for text measurement:
TTF_MeasureText()
TTF_MeasureUTF8()
TTF_MeasureUNICODE()
-Added TTF_SetFontSize() to set font size dynamically
-Added 'Shaded' and 'Solid' text wrapped functions:
TTF_RenderText_Solid_Wrapped()
TTF_RenderUTF8_Solid_Wrapped()
TTF_RenderUNICODE_Solid_Wrapped()
TTF_RenderText_Shaded_Wrapped()
TTF_RenderUTF8_Shaded_Wrapped()
TTF_RenderUNICODE_Shaded_Wrapped()
-Added TTF_HINTING_LIGHT_SUBPIXEL for better results at small text sizes at a
performance cost
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix-typo.patch
f1eb4bc7ccb09cd8d19ab641ee37637f8c34d16d.patch
removed since they're included in 3.1.7
Changelog:
=========
modbus_reply: fix copy & paste error in sanity check
Add SECURITY.md
Fix typo in comment
Replace obsolete AC_PROG_CC_STDC by AC_PROG_CC
Fix position of CC flags in documentation
Remove duplicate ';'
Add the baud rate of 256k for Windows
cosmetic changes in man page standardizing itemization
Fix many typos
Replace .dir-locals.el (Emacs) by .editorconfig
Include the test LICENSE in tarball
Install the NEWS and AUTHORS files
Update README.md
docs: fix simple typo, reponse -> response
Add modbus_[get|set]_indication_timeout to doc build
Fix warning issues
Move malloc before starting unit tests
Fixed MODBUS_GET_* macros in case of negative values
SPDX: change LGPL-2.1+ to LGPL-2.1-or-later
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update:
"org.cups.cupsd.Notifier.xml" changed to "utils/org.cups.cupsd.Notifier.xml"
"GNU Library" changed to "GNU Library General"
"GNU Lesser" changed to "GNU Lesser General"
Changelog:
URL of issues <https://github.com/OpenPrinting/cups-filters/pull/#####>
=========
Bug fix release, containing backports of many of the bugs recently fixed during
the preparation of the cups-filters 2.x release.
Important is that cups-browsed's queue naming is aligned with CUPS' temporary
queue naming now and several bugs affecting driverless printing are fixed.
-libcupsfilters: Let PPD generator take default ColorModel from printer
(CUPS issue #277).
-Braille: In vectortopdf check inkscape version to call inkscape with the
correct command line (Issue #315, Pull request #443).
-Build system: Make missing DejaVuSans.ttf non-fatal in ./configure as the font
is only needed for test programs, not for actual use of cups-filters
(Issue #411).
-libcupsfilters: In imagetoraster() fixed crash with SGray (Issue #435).
-cups-browsed: Naming of local queues is matched to CUPS' current naming of
temporary queues (no leading or trailing underscores), to avoid duplicates in
print dialogs which support CUPS' temporary queues.
-libcupsfilters: Make cupsRasterParseIPPOptions() work correctly with PPDs
(Issue #436).
-libcupsfilters: Let colord_get_profile_for_device_id() not return empty file
name, to avoid error messages in CUPS error_log.
-foomatic-rip: Debug message was wrongly sent to stdout and not to log
(Issue #422).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Stable security bug-fix release that fixes CVE-2021-4122.
All users of cryptsetup 2.4.x must upgrade to this version.
Changes since version 2.4.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix possible attacks against data confidentiality through LUKS2 online
reencryption extension crash recovery (CVE-2021-4122).
An attacker can modify on-disk metadata to simulate decryption in
progress with crashed (unfinished) reencryption step and persistently
decrypt part of the LUKS device.
This attack requires repeated physical access to the LUKS device but
no knowledge of user passphrases.
The decryption step is performed after a valid user activates
the device with a correct passphrase and modified metadata.
There are no visible warnings for the user that such recovery happened
(except using the luksDump command). The attack can also be reversed
afterward (simulating crashed encryption from a plaintext) with
possible modification of revealed plaintext.
The size of possible decrypted data depends on configured LUKS2 header
size (metadata size is configurable for LUKS2).
With the default parameters (16 MiB LUKS2 header) and only one
allocated keyslot (512 bit key for AES-XTS), simulated decryption with
checksum resilience SHA1 (20 bytes checksum for 4096-byte blocks),
the maximal decrypted size can be over 3GiB.
The attack is not applicable to LUKS1 format, but the attacker can
update metadata in place to LUKS2 format as an additional step.
For such a converted LUKS2 header, the keyslot area is limited to
decrypted size (with SHA1 checksums) over 300 MiB.
The issue is present in all cryptsetup releases since 2.2.0.
Versions 1.x, 2.0.x, and 2.1.x are not affected, as these do not
contain LUKS2 reencryption extension.
The problem was caused by reusing a mechanism designed for actual
reencryption operation without reassessing the security impact for new
encryption and decryption operations. While the reencryption requires
calculating and verifying both key digests, no digest was needed to
initiate decryption recovery if the destination is plaintext (no
encryption key). Also, some metadata (like encryption cipher) is not
protected, and an attacker could change it. Note that LUKS2 protects
visible metadata only when a random change occurs. It does not protect
against intentional modification but such modification must not cause
a violation of data confidentiality.
The fix introduces additional digest protection of reencryption
metadata. The digest is calculated from known keys and critical
reencryption metadata. Now an attacker cannot create correct metadata
digest without knowledge of a passphrase for used keyslots.
For more details, see LUKS2 On-Disk Format Specification version 1.1.0.
The former reencryption operation (without the additional digest) is no
longer supported (reencryption with the digest is not backward
compatible). You need to finish in-progress reencryption before
updating to new packages. The alternative approach is to perform
a repair command from the updated package to recalculate reencryption
digest and fix metadata.
The reencryption repair operation always require a user passphrase.
WARNING: Devices with older reencryption in progress can be no longer
activated without performing the action mentioned above.
Encryption in progress can be detected by running the luksDump command
(output includes reencrypt keyslot with reencryption parameters). Also,
during the active reencryption, no keyslot operations are available
(change of passphrases, etc.).
The issue was found by Milan Broz as cryptsetup maintainer.
Other changes
~~~~~~~~~~~~~
* Add configure option --disable-luks2-reencryption to completely disable
LUKS2 reencryption code.
When used, the libcryptsetup library can read metadata with
reencryption code, but all reencryption API calls and cryptsetup
reencrypt commands are disabled.
Devices with online reencryption in progress cannot be activated.
This option can cause some incompatibilities. Please use with care.
* Improve internal metadata validation code for reencryption metadata.
* Add updated documentation for LUKS2 On-Disk Format Specification
version 1.1.0 (with reencryption extension description and updated
metadata description). See docs/on-disk-format-luks2.pdf or online
version in https://gitlab.com/cryptsetup/LUKS2-docs repository.
* Fix support for bitlk (BitLocker compatible) startup key with new
metadata entry introduced in Windows 11.
* Fix space restriction for LUKS2 reencryption with data shift.
The code required more space than was needed.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
