| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
In postgresql sysview ptest are failing due to hidden debug info in pg_config table.
The information is hidden due to existing patch 0001-config_info.c-not-expose-build-info.patch
So for passing the test we need to reduce the row count in the sysviews test.
Also for test results to be shown as pass we need to reduce the row count for
the expected count in the sysviews.out file.
Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Flatbuffers contains a library and a schema compiler. The package
contains cmake files to discover the libraries and the compiler tool.
Currently, all of these cmake files are installed into the target
sysroot. However, the compiler utility isn't installed into the sysroot
(as it is not runnable on the build machine).
When an application that depends on flatbuffers gets built, it uses
flatbuffers' exported cmake targets to configure the project. One of the
exported targets is FlatcTarget.cmake which expects to see flatc binary
in /usr/bin of the sysroot. Since binaries for target don't end up in
target sysroot, cmake configuration fails.
This patch addresses this problem of flatbuffers' build infrastructure
in cross-compiling environments. By removing FlatcTarget.cmake for
target builds from the sysroot we essentially skip this step of
flatbuffers' configuration.
Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de>
Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix buffer handling of syslog and timestamp parsers.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-38725
https://github.com/syslog-ng/syslog-ng/releases
https://github.com/syslog-ng/syslog-ng/pull/4110
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1,
an authenticated user can trigger XSS by
uploading a crafted .sql file through the drag-and-drop interface.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-25727
Upstream patch:
https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Ptest for duktape executes below tests:
1. hello - a helloworld example is basic compilation test
that test the APIs - duk_get_top(), duk_push_c_function(),
duk_eval_string()
2. eval - a very simple for evaluating expressions from
command line which test the APIs - duk_push_string(),
duk_insert(), duk_join(), duk_pop()
3. evloop - a basic eventloop implementation test
that test the APIs - duk_is_object(), duk_compile()
duk_push_c_function(), duk_safe_call()
Test Summary:
Execution time = 46 sec
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3277a81937bee01437a7ca8634e0f056e318f21b)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
(cherry picked from commit 5f935c35de9ea620bcbf0d55b096b1a328563a8a)
Signed-off-by: Sana.Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Nikhil R <nikhilar2410@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Backport patch [1] to fix CVE-2022-47015 [2].
[1] https://github.com/MariaDB/server/commit/b98375f9df0
[2] https://jira.mariadb.org/browse/MDEV-29644
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-Fix-for-Issue-31.patch
removed since it's included in 0.33
Changelog:
=========
- Update for windows github CI
- Remove duplicit 'LICENSE' key
- Remove EUMM Remove version check
- #31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0)
- support passphase protected private key load
- fix 'unsupported encryption' error on old library versions
- Clarify croak message for missing passphrase on older cyphers
- More structs opaqued in LibreSSL 3.5
- Use a macro for dealing with older SSL lacking macros
- more CI fixups. Drop testing for 5.10 and 5.8. Something is broken upstream.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a97f771d35d85dfa0a428fbeea7405ad9754a5f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* monkey-project.com doesn't resolve anymore
* use v1.6.9 tag from github
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d04444509a220fcb61496d7e64f3ba09c647543b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 16c5d44d421a10510e7d31f9368df5a9560ddd05)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8f44a8894f1e24cc7c59250e5dd07e1cc420430a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The patch is modified by removing irrelevant and conflicting
CHANGELOG entry.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Backport based on https://github.com/c-ares/c-ares/issues/496
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Security Fixes:
CVE-2022-46392:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
CVE-2022-46393:
https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to the upstream [1], the bug happens only if the programmer
does not follow the API definition.
[1] https://github.com/akheron/jansson/issues/548
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit e0e79bbde23f17185cc59908fee97c0cea098428)
[Fixup for Kirkstone context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upgrade mariadb to 10.7.8 [1].
[1] https://mariadb.com/kb/en/mariadb-10-7-8-release-notes
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Links from https://nvd.nist.gov/vuln/detail/CVE-2019-11331 lead to
conclusion that this is how icurrent ntp protocol is designed.
New RFC is propsed for future but it will not be compatible with current
one.
See https://support.f5.com/csp/article/K09940637
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
truncated without the initial logfile being truncated.
- mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
allow connections of any age to be reused. Up to now, a negative value
was handled as an error when parsing the configuration file. PR 66421.
- mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
of headers.
- mod_md:
- Enabling ED25519 support and certificate transparency information when
building with libressl v3.5.0 and newer.
- MDChallengeDns01 can now be configured for individual domains.
- Fixed a bug that caused the challenge
teardown not being invoked as it should.
- mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
reported in access logs and error documents. The processing of the
reset was correct, only unneccesary reporting was caused.
- mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f8b54b5243c9effb66d5685463b87767e753b843)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
systemd-tmpfiles[181]: /etc/tmpfiles.d/apache2-volatile.conf:1:
Line references path below legacy directory /var/run/, updating /var/run/apache2 -> /run/apache2;
please update the tmpfiles.d/ drop-in file accordingly.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f018a6bb3b8400a19cd35b76809edcd545975465)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The following CVEs fixed in this version:
CVE-2023-23918
CVE-2023-23919
CVE-2023-23920
CVE-2023-23936
CVE-2023-24807
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The header-only package cannot be included in the SDK without marking
the main package with ALLOW_EMPTY.
Fixes rootfs problem:
```
The following packages have unmet dependencies:
imx-gpu-sdk : Depends: nlohmann-json but it is not installable
E: Unable to correct problems, you have held broken packages.
```
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f9c9e7a448b9d9f7d54bbf09970223db467eedb2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upgrade php to 8.1.16 [1].
[1] https://www.php.net/ChangeLog-8.php#8.1.16
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Includes fix for CVE-2023-0286
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
An integer overflow was addressed with improved input validation. This
issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS
14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted
PDF may lead to arbitrary code execution. Apple is aware of a report that
this issue may have been actively exploited.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-30860
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
liblockfile do_install task will fail since syntax error when ldconfig
is not installed on the host.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove branch 2.2.x from SRC_URI as fluidsynth github removed the branch.
The SRCREV is on master branch.
Signed-off-by: Preeti Sachan <preeti.sachan@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 534d04af483d5f3d4fc73162c110449f169677a5)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ba5a86a51a459581d8f39afd95ddd27cca5def83)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Backport a patch to fix c++17 build with clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9b6baed24d5efe0820266ccf3567bcff42701a01)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9ed1e62bbb17c66f8ab3d0601d4968e4b034484a)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 02fc7f371d957cbe47f3e1a9f659eccb923306cb)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 7b0e71e00 ("python3-pillow: add ptest support", 2023-01-31)
added tk to RDEPENDS:${PN}-ptest. Which cause this error on non x11
builds:
ERROR: Nothing RPROVIDES 'tk' (but meta-openembedded/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb
RDEPENDS on or otherwise requires it) tk was skipped: missing required
distro feature 'x11' (not in DISTRO_FEATURES)
NOTE: Runtime target 'tk' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['tk']
NOTE: Runtime target 'iotmanager' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['iotmanager', 'python3-pillow', 'tk']
ERROR: Required build target 'update-runtime' has no buildable providers.
Missing or unbuildable dependency chain was:
['update-runtime', 'runtime-image', 'iotmanager', 'python3-pillow', 'tk']
Add tk dependency only if DISTRO_FEATURES includes x11
(cherry picked from commit 6e8c90560e0aa8fe2ebfb791985cb75fd7490527)
Signed-off-by: Geoff Parker <geoffrey.parker@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-41974
NOTE: The actual fixes for this CVE are upstream commits [1] and [2]. However,
they are part of a larger patchset which has a lot of dependencies and cannot
be backported easily to older multipath-tools versions. Upstream discussion [3]
indicates that there is a custom patch available for old versions ([4]).
Ubuntu, Debian and Suse applied this patch to their 0.7.xx and
0.8.xx releases ([4], [5]), so we add it as well.
[1] https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6
[2] https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c
[3] https://github.com/opensvc/multipath-tools/issues/59
[4] https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c
[5] http://launchpadlibrarian.net/634132876/multipath-tools_0.7.4-2ubuntu3.1_0.7.4-2ubuntu3.2.diff.gz
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz
is just redirect to unsafe github archives which are regenerated from time to
time.
* We do have src-uri-bad QA check which prevents to use github archives in SRC_URI
since 2019:
https://github.com/openembedded/openembedded-core/commit/21f84fcdd659544437fe393285c407e1e9432043
but this cannot catch such redirects, see:
$ wget https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-878.30.4.tar.gz
--2023-01-31 10:06:02-- https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-878.30.4.tar.gz
Resolving opensource.apple.com (opensource.apple.com)... 17.253.73.203, 17.253.73.206, 2a01:b740:a26:f000::5, ...
Connecting to opensource.apple.com (opensource.apple.com)|17.253.73.203|:443... connected.
HTTP request sent, awaiting response... 302 Redirect
Location: https://github.com/apple-oss-distributions/mDNSResponder/archive/refs/tags/mDNSResponder-878.30.4.tar.gz [following]
--2023-01-31 10:06:02-- https://github.com/apple-oss-distributions/mDNSResponder/archive/refs/tags/mDNSResponder-878.30.4.tar.gz
Resolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/apple-oss-distributions/mDNSResponder/tar.gz/refs/tags/mDNSResponder-878.30.4 [following]
--2023-01-31 10:06:02-- https://codeload.github.com/apple-oss-distributions/mDNSResponder/tar.gz/refs/tags/mDNSResponder-878.30.4
Resolving codeload.github.com (codeload.github.com)... 140.82.121.10
Connecting to codeload.github.com (codeload.github.com)|140.82.121.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Saving to: ?mDNSResponder-878.30.4.tar.gz?
* The tarball was regenerated recently as discussed in:
https://github.com/orgs/community/discussions/45830
* Use top-level directory in S to fix DEBUG_PREFIX_MAP usage
like the version in master does, the only exception here is that
there still was top-level Makefile (which fails to set VER with:
Makefile:26: *** missing separator. Stop.
so use the simple one like newer version in master)
* it's already included in master as part of version upgrade in:
https://github.com/openembedded/meta-openembedded/commit/ec96eb577bd518b89e2e7834bd569ba269df458f
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* https://exiv2.org/releases returns 404 now, use github releases
* it's already fixed in master with upgrade to 0.27.6 in:
https://git.openembedded.org/meta-openembedded/commit/?id=00a7d4b284c1afccfa26021111384d2184b82e5b
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change OS_TEST to be soft assignment so that the cross-compilation
doens't fail with the errors like (note the difference in CPU tags):
| make[4]: *** No rule to make target
'../certhigh/Linux3.4_x86_64_glibc_PTH_64_OPT.OBJ/certhtml.o', needed by
'Linux3.4_aarch64_glibc_PTH_64_OPT.OBJ/libnss3.so'. Stop.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Add fix created after latest release (10.8.4).
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://downloads.apache.org/httpd/CHANGES_2.4.55
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cba6df61c7cbc4446aab09eb11673bcb6c581307)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 02c53492ea4085ba13ff73063d6f9144dad5a627)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-42917
https://www.suse.com/de-de/security/cve/CVE-2022-42917.html
https://bugzilla.suse.com/show_bug.cgi?id=1204124
Patch from:
[1] https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624
[2] https://github.com/FRRouting/frr/commit/6031b8a3224cde14fd1df6e60855310f97942ff9
Per [2], update frr.pam to eliminate the warning issued by pam:
vtysh[485]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] flags=0
service=[frr] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2022-41860:
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option,
the server will try to look that option up in the internal dictionaries.
This lookup will fail, but the SIM code will not check for that failure.
Instead, it will dereference a NULL pointer, and cause the server to
crash.
CVE-2022-41861:
A flaw was found in freeradius. A malicious RADIUS client or home server
can send a malformed abinary attribute which can cause the server to
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-41860
https://nvd.nist.gov/vuln/detail/CVE-2022-41861
Patches from:
CVE-2022-41860:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708
CVE-2022-41861:
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From ec97a83702704bb02b00358c0d26e78294ad3254 Mon Sep 17 00:00:00 2001
From: Federico Pellegrin <fede@evolware.org>
Date: Thu, 6 Oct 2022 14:17:21 +0200
Subject: [kirkstone][PATCH] chrony: add pkgconfig class as pkg-config is
explicitly searched for
The configure script present in chrony will explicitly look for
pkg-config and without the pkgconfig class it will fail:
Checking for pkg-config : No
This then affects the possibility (via image features or bbappend)
to use features based on nettle/gnutls/nss which strictly require
pkgconfig to be present and working.
Signed-off-by: Federico Pellegrin <fede@evolware.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
ptest results:
====== 3600 passed, 324 skipped, 2 xfailed, 1 xpassed in 74.41s (0:01:14) ======
for qemux86-64 with 2 GB RAM which is the same as seen on master.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add initial pillow ptest support.
The ptest result is:
====== 3600 passed 324 skipped, 2 xfailed, 1 xpassed in 62.41s (0:01:02) ======
for qemux86-64 with 2 GB RAM.
The skipped tests as summarized with:
# ptest-runner python3-pillow | tee log
# grep SKIPP log | cut -d"(" -f2- | cut -d")" -f1 | cut -d" " -f1 | sort | uniq -c| sort -n | tail -4
12 webp
13 Tk
14 Qt
84 raqm
Webp was explicityly disabled in 2018 in:
6cb4e90fc python3-pillow: add 5.4.1
I didn't test Tk or Qt and there isn't yet a recipe for libraqm:
https://github.com/HOST-Oman/libraqm
a library that encapsulates the logic for complex text layout.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7b0e71e00ce1b003c96ef38ead72a9e02555afbe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Updated: copyright year updated to 2023
Changelog:
==========
Fixed null pointer dereference crash with malformed font #6846
Return from ImagingFill early if image has a zero dimension #6842
Reversed deprecations for Image constants, except for duplicate Resampling attributes #6830
Improve exception traceback readability #6836
Do not attempt to read IFD1 if absent #6840
Fixed writing int as ASCII tag #6800
If available, use wl-paste or xclip for grabclipboard() on Linux #6783
Added signed option when saving JPEG2000 images #6709
Patch OpenJPEG to include ARM64 fix #6718
Added support for I;16 modes in putdata() #6825
Added conversion from RGBa to RGB #6708
Added DDS support for uncompressed L and LA images #6820
Added LightSource tag values to ExifTags #6749
Fixed PyAccess after changing ICO size #6821
Do not use EXIF from info when saving PNG images #6819
Fixed saving EXIF data to MPO #6817
Added Exif hide_offsets() #6762
Only compare to previous frame when checking for duplicate GIF frames while saving #6787
Always initialize all plugins in registered_extensions() #6811
Ignore non-opaque WebP background when saving as GIF #6792
Only set tile in ImageFile __setstate__ #6793
When reading BLP, do not trust JPEG decoder to determine image is CMYK #6767
Added IFD enum to ExifTags #6748
Fixed bug combining GIF frame durations #6779
Support saving JPEG comments #6774
Added getxmp() to WebPImagePlugin #6758
Added "exact" option when saving WebP #6747
Use fractional coordinates when drawing text #6722
Fixed writing int as BYTE tag #6740
Added MP Format Version when saving MPO #6735
Added Interop to ExifTags #6724
CVE-2007-4559 patch when building on Windows #6704
Fix compiler warning: accessing 64 bytes in a region of size 48 #6714
Use verbose flag for pip install #6713
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b73867b9d77e8050c20dc28ec449572f2185cb2a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]
Initialize libtiff buffer when saving #6699 [radarhere]
Inline fname2char to fix memory leak #6329 [nulano]
Fix memory leaks related to text features #6330 [nulano]
Use double quotes for version check on old CPython on Windows #6695 [hugovk]
Remove backup implementation of Round for Windows platforms #6693 [cgohlke]
Fixed set_variation_by_name offset #6445 [radarhere]
Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]
Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]
Added ExifTags enums #6630 [radarhere]
Do not modify previous frame when calculating delta in PNG #6683 [radarhere]
Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]
Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]
Added GPS TIFF tag info #6661 [radarhere]
Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]
Do not attempt normalization if mode is already normal #6644 [radarhere]
Fixed seeking to an L frame in a GIF #6576 [radarhere]
Consider all frames when selecting mode for PNG save_all #6610 [radarhere]
Don't reassign crc on ChunkStream close #6627 [wiredfool, radarhere]
Raise a warning if NumPy failed to raise an error during conversion #6594 [radarhere]
Show all frames in ImageShow #6611 [radarhere]
Allow FLI palette chunk to not be first #6626 [radarhere]
If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [radarhere]
Round box position to integer when pasting embedded color #6517 [radarhere, nulano]
Removed EXIF prefix when saving WebP #6582 [radarhere]
Pad IM palette to 768 bytes when saving #6579 [radarhere]
Added DDS BC6H reading #6449 [ShadelessFox, REDxEYE, radarhere]
Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [JayWiz, radarhere]
Raise an error when allocating translucent color to RGB palette #6654 [jsbueno, radarhere]
Added reading of TIFF child images #6569 [radarhere]
Improved ImageOps palette handling #6596 [PososikTeam, radarhere]
Defer parsing of palette into colors #6567 [radarhere]
Apply transparency to P images in ImageTk.PhotoImage #6559 [radarhere]
Use rounding in ImageOps contain() and pad() #6522 [bibinhashley, radarhere]
Fixed GIF remapping to palette with duplicate entries #6548 [radarhere]
Allow remap_palette() to return an image with less than 256 palette entries #6543 [radarhere]
Corrected BMP and TGA palette size when saving #6500 [radarhere]
Do not call load() before draft() in Image.thumbnail #6539 [radarhere]
Copy palette when converting from P to PA #6497 [radarhere]
Allow RGB and RGBA values for PA image putpixel #6504 [radarhere]
Removed support for tkinter in PyPy before Python 3.6 #6551 [nulano]
Do not use CCITTFaxDecode filter if libtiff is not available #6518 [radarhere]
Fallback to not using mmap if buffer is not large enough #6510 [radarhere]
Fixed writing bytes as ASCII tag #6493 [radarhere]
Open 1 bit EPS in mode 1 #6499 [radarhere]
Removed support for tkinter before Python 1.5.2 #6549 [radarhere]
Allow default ImageDraw font to be set #6484 [radarhere, hugovk]
Save 1 mode PDF using CCITTFaxDecode filter #6470 [radarhere]
Added support for RGBA PSD images #6481 [radarhere]
Parse orientation from XMP tag contents #6463 [bigcat88, radarhere]
Added support for reading ATI1/ATI2 (BC4/BC5) DDS images #6457 [REDxEYE, radarhere]
Do not clear GIF tile when checking number of frames #6455 [radarhere]
Support saving multiple MPO frames #6444 [radarhere]
Do not double quote Pillow version for setuptools >= 60 #6450 [radarhere]
Added ABGR BMP mask mode #6436 [radarhere]
Fixed PSDraw rectangle #6429 [radarhere]
Raise ValueError if PNG sRGB chunk is truncated #6431 [radarhere]
Handle missing Python executable in ImageShow on macOS #6416 [bryant1410, radarhere]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4e075c7dc81c4d2824094f9d3523cf16719be9a7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
Fixed null check for fribidi_version_info in FriBiDi shim
Added GIF decompression bomb check
Handle PCF fonts files with less than 256 characters
Improved GIF optimize condition
Reverted to array_interface with the release of NumPy 1.23
Pad PCX palette to 768 bytes when saving
Fixed bug with rounding pixels to palette colors
Use gnome-screenshot on Linux if available
Fixed loading L mode BMP RLE8 images
Fixed incorrect operator in ImageCms error
Limit FPX tile size to avoid extending outside image
Added support for decoding plain PPM formats
Added apply_transparency()
Fixed behaviour change from endian fix
Use python3
Allow remapping P images with RGBA palettes
Revert "Skip test_realloc_overflow unless libtiff 4.0.4 or higher"
[pre-commit.ci] pre-commit autoupdate
Only import ImageFont in ImageDraw when necessary
Fixed drawing translucent 1px high polygons
Pad COLORMAP to 768 items when saving TIFF
Fix P -> PA conversion
Once exif data is parsed, do not reload unless it changes
Only try to connect discontiguous corners at the end of edges
Improve transparency handling when saving GIF images
Do not update GIF frame position until local image is found
Netscape GIF extension belongs after the global color table
Only write GIF comments at the beginning of the file
Separate multiple GIF comment blocks with newlines
Always use GIF89a for comments
Ignore compression value from BMP info dictionary when saving as TIFF
If font is file-like object, do not re-read from object to get variant
Raise ValueError when trying to access internal fp after close
Support more affine expression forms in im.point()
Include 'twine check' in 'make sdist'
Ensure that furthest v is set in quantize2
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* 16.18.0 (npm 8.19.2) introduced a regression in git+ssh urls
- https://github.com/nodejs/node/issues/44992
- https://github.com/npm/cli/pull/5761
https://nodejs.org/ko/blog/release/v16.19.0/
License-Update: Clarify vendored OpenSSL Toolkit is OpenSSL and SSLeay
License-Update: JS Foundation -> OpenJS Foundation
https://github.com/nodejs/node/commit/e7ed56f501389978e4619ab697a812631c4061ff
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
