Upgrade to release 1.3.0:
- Convert the metadata into PEP 621 format
- Use pyproject.toml only
- Memory leak when multiple field is set to true in ack
- No exception raised when heartbeat timed out
- Wrong return type for basic_get
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2016-4049 is not affecting our version, so we can ignore it.
This is caused because the CPE in the NVD database doesn't specify
a vulnerable version range.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The following CVEs are already patched so we can ignore them:
- CVE-2016-0749
- CVE-2016-2150
- CVE-2018-10893
This is caused by inaccurate CPE in the NVD database.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 5.29.2:
- Only thread lock methods attempting to access the cache for the
caching middleware.
- Socket timeout when pushing a significant amount of data
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.41:
- support for python 3.11 added (__getstate__ behavior change)
- replaced travis CI by Github actions
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.3.3 and add runtime dependencies:
- Keccak backend was initialized every time it was called.
Now it's initialized only the first time it's called.
- Prune venv files from the release via MANIFEST.in
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Without CVE_PRODUCT set to apache:thrift cve-check was catching
CVEs form facebook:thrift that are not related with this product.
Now the report is correct.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade from 2021.8.22 to 2022.5.17.
This upgrade mainly include CVE fixes.
According to https://github.com/tuxera/ntfs-3g/releases:
"""
Changelog:
* Improved defence against maliciously tampered NTFS partitions
* Improved defence against improper use of options
* Updated the documentation
"""
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 22.5.1:
- new: WAMP Flatbuffers IDL and schema processing (experimental)
- new: WAMP-cryptosign trustroot (experimental)
- new: add wrapper type for CryptosignAuthextra
- fix: stricted type checking of Challenge; fix cryposign unit test
- new: more test coverage
- fix: reduce log noise
- fix: forward channel_binding selected in Component client
- new: expand ISigningKey to provide security_module/key_id
- fix: Component cryptosign test
- fix: add type hints; fix channel_binding
- new: work on federated realms and secmods
- new: rename to and work on a.w.CryptosignKey
- new: add bip44 for cryptosign test
- fix: remove all txaio.make_logger refs from generic code
- new: initial support for federated WAMP realms via
a.x.FederatedRealm/Seeder
- new: moved utility functions and unit tests for WAMP realm name
checking from Crossbar.io
- new: allow list of URLs for transports in a.t.component.Component
- new: add websocket_options to a.t.wamp.ApplicationRunner
- new: add stop_at_close flag in a.t.component.run
- fix: reduce log noise (regression) on ApplicationRunner Twisted
- new: allow max_retry_delay==0 for always-immediate auto-reconnect
in ApplicationRunner on Twisted
- new: add websocket_options to WAMP ApplicationRunner on Twisted
- new: more type hints and docs
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The upstream commit fcb676a79d introduced new option
WITH_DLT_ADAPTOR_UDP to select dlt-adaptor-udp.service instread of
WITH_DLT_ADAPTOR, so update the PACKAGECONFIG.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This product is not present in the NVD database but another
one with exactly the same name is in fact present. For that
reason cve-check is outputting CVEs that are unrelated so they
can be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Native python module of flatbuffer exists before it is split from
flatbuffers. So add it back.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update interpreter on shebang line of script yapp to fix qa error:
ERROR: QA Issue: : /work/x86_64-linux/libparse-yapp-perl-native/1.21-r0/sysroot-destdir
/work/x86_64-linux/libparse-yapp-perl-native/1.21-r0/recipe-sysroot-native/usr/bin/yapp
maximum shebang size exceeded, the maximum size is 128. [shebang-size]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update interpreter on shebang line in script use-devel-checklib to fix
QA error:
ERROR: QA Issue: : /work/x86_64-linux/libdev-checklib-perl-native/1.14-r0/sysroot-destdir/
work/x86_64-linux/libdev-checklib-perl-native/1.14-r0/recipe-sysroot-native/usr/bin/use-devel-checklib
maximum shebang size exceeded, the maximum size is 128. [shebang-size]
It also replace option '-w' on shebang line with 'use warnings;' that
old version env doesn't support multiple arguments.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update interpreter on shebang line in scripts to fix error:
ERROR: QA Issue: : /work/x86_64-linux/libdbi-perl-native/1.643-r0/sysroot-destdir/work/x86_64-linux/libdbi-perl-native/1.643-r0/recipe-sysroot-native/usr/bin/dbiproxy maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: QA Issue: : /work/x86_64-linux/libdbi-perl-native/1.643-r0/sysroot-destdir/work/x86_64-linux/libdbi-perl-native/1.643-r0/recipe-sysroot-native/usr/bin/dbiprof maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: QA Issue: : /work/x86_64-linux/libdbi-perl-native/1.643-r0/sysroot-destdir/work/x86_64-linux/libdbi-perl-native/1.643-r0/recipe-sysroot-native/usr/bin/dbilogstrip maximum shebang size exceeded, the maximum size is 128. [shebang-size]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
new features:
--------------
Add archive writing support for devices with composite firmware
Add a way to read device composite firmware in fwupdtool
Allow clients to opt-in to showing updates with user-solvable problems
Allow the device to pause polling when writing firmware
Export the system and device battery levels on the D-Bus interface
Log errors and warnings to the win32 eventlog when required
Add X-UsbReceiver as an update category with icon usb-receiver
fixes bugs:
-------------
Accurately return the last-set status to client tools
Allow dumping flashrom firmware using fwupdtool
Allow specifying a non-file D-Bus transport
Allow to request post actions from fwupdtool
Always be arch-explicit when installing OS deps
Be more resilient when restarting the Redfish BMC
Do not mark all Redfish updates as UPDATABLE
Do not use 'dongle' to describe USB receiver hardware
Download in-process when using fwupdtool
Fix a critical warning on failed modem update
Fix regression when probing PS175 devices
Hardcode the Redfish filedata name to firmware.bin
Set the Bluetooth version if REV has been set
Switch the Windows installer from NSIS to MSI
Use StartServiceCtrlDispatcherA for the daemon on Windows
Use the native certificate store on Windows
new support:
------------
Corsair KATAR PRO XT, SABRE PRO and KATAR PRO Wireless
HP Thunderbolt Dock G4
Lenovo ThinkPad Universal USB-C Dock
More PixArt wireless devices
More SunplusIT USB cameras
Some UFS devices
Steelseries Aerox 3 Wireless and Rival 3 Wireless
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-absl-always-use-asm-sgidefs.h.patch
refreshed for new verion.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
cve-check is not able to correctly identify many of the patched
CVEs because of the non standard version number. All the ignored
CVEs were manually checked with the NVD database and deemed not
applicable to the current version.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* smb: Rework anonymous handling to avoid EINVAL
* http: Unescape prefix to fix handling of encoded URIs
* build: Fix build without Avahi support
* dav: Drop user from URI as a workaround for Nextcloud bug
* dav: Port DNS-SD resolver to async API to fix hangs when mounting
* smb: Ignore EINVAL for kerberos/ccache login
* dav: Rewrite to libsoup async API to fix crashes
* dav: Do not lose userinfo when copying URIs
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
News in 5.4.2, 2022-06-12
-------------------------
* Updated languages: c.lang, perl.lang
* Updated style-schemes: Adwaita-dark, solarized-light, solarized-dark
* Updated translations: Friulian
* Gutter renderers are now provided a prelight quark for lines when the
pointer is over the gutter.
* Hover assistants now avoid synthesized motion which is used much more
often in GTK 4 when dealing with crossing-events.
* Hover assistants will now dismiss themselves when the cursor moves.
* GtkSourceMap has reduced how often it needs to do allocation by ignoring
spurious notify::upper and value-changed signals from GtkTextView's
vertical GtkAdjustment.
* The testsuite has gained some correctness improvements thanks to
issues pointed out by Sébastien Wilmet.
* The Vim emulation's register implementation is now shared between buffers
as it would be expected in Vim.
* Snippets have gained some robustness improvements including the ability
to simplify results from the snippet parser, more defensive behavior,
and being lazier when possible.
* Tabbing through focus-positions in snippets will now immediately jump
to the new position if scrolling is required instead of animating as
it results in better placement of tooltip assistants.
* Assistants including completion, hover, and interactive tooltips now
reduce how often they request presentation and position calculation from
GDK and ultimately display servers such as Wayland.
* Completion windows now take the size of the gutter into account when
calculating their position relative to the parent GtkWindow so that the
typed-text column remains aligned with typed text in the source view.
* Completion has gained robustness improvements to do less work when
possible and avoid spinning the frame-clock which could happen in
certain scenarios.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* Fix translations in GTKs own ui files
* Wayland:
- Fix a problem with the activation protocol
- Don't force the HighContrast icontheme
- Ensure that our cursor surfaces don't violate
protocol constraints
* Windows:
- Fix a problem with builtin icons if the
hicolor icontheme is not installed
* GtkFileChooser:
- Fix pasting text into the name field
* GtkText:
- Remove an assertion that is sometimes hit
* Accssibility:
- Fix a problem in the accessibility tree
* Translation updates:
Brazilian Portuguese
German
Persian
Polish
Portuguese
Russian
Swedish
Turkish
Ukrainian
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
• Fix a crash at shutdown after saving state. This didn't cause any data
loss, but could be annoying.
• Spellcheck underline fixes for various languages
• Various robustness fixes for GTK 4
• Fixes for inconsistent line-endings
• Translation updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This version fixes the display of devices with '&' in their names, and contains
updated translations.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
This release adds support for libsoup 3.x. To use the libsoup 3.x build,
applications will need to be adapted to look for the "-2.0" version of the API.
This allows both native and interpreted applications to select which version
of libsoup they want geocode-glib to use as the backend, and for both versions
to be installed in distributions.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Remove the backported patch mariadb-openssl3.patch as the logic
is included in the new version.
Add zstd to DEPENDS as below commit [1] introduced.
770cf22 CONC-575: Support for MySQL zstd compression
[1] 770cf2286a
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch is not only needed for target but also needed for native and
nativesdk variants.
Fixes
do_populate_sysroot: QA Issue: : /work/x86_64-linux/php-native/8.1.7-r0/sysroot-destdir/
work/x86_64-linux/php-native/8.1.7-r0/recipe-sysroot-native/usr/bin/phar.phar maximum shebang size exceeded, the ma
ximum size is 128. [shebang-size]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removed a patch that didn't apply to the new version.
Added three patches without changes from Fedora that allowed
the new version to compile.
See https://koji.fedoraproject.org/koji/buildinfo?buildID=1924183
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes build errors ( especially for arm arch )
| /mnt/b/yoe/master/build/tmp/work/cortexa15t2hf-neon-yoe-linux-musleabi/geos/3.9.3-r0/recipe-sysroot-native/usr/bin/arm-yoe-linux-musleabi/arm-yoe-linux-musleabi-ld: noding/.libs/libnoding.a(BasicSegmentString.o):(.data.rel.ro+0x24): multiple definition
of `typeinfo for geos::noding::BasicSegmentString'; .libs/inlines.o:(.data.rel.ro+0xac): first defined here
| /mnt/b/yoe/master/build/tmp/work/cortexa15t2hf-neon-yoe-linux-musleabi/geos/3.9.3-r0/recipe-sysroot-native/usr/bin/arm-yoe-linux-musleabi/arm-yoe-linux-musleabi-ld: noding/.libs/libnoding.a(BasicSegmentString.o):(.rodata+0x0): multiple definition of `t
ypeinfo name for geos::noding::BasicSegmentString'; .libs/inlines.o:(.rodata+0x4c): first defined here
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Zoltán Böszörményi <zboszor@gmail.com>
The cdra application is looking for the `regulatory.bin` file that is
installed by the `wireless-regdb` package, but that is not installed
because the RDEPENDS lists`wireless-regdb-static` (which conflicts with
`wireless-regdb`).
Changing RDEPENDS to use `wireless-regdb` instead of
`wireless-regdb-static` allows the cdra application to function
properly.
Example output before this fix was applied:
root@yocto:~# COUNTRY=US crda
failed to open db file: No such file or directory
root@yocto:~# COUNTRY=US strace crda
execve("/usr/sbin/crda", ["crda"], 0xbec80d70 /* 17 vars */) = 0
...
openat(AT_FDCWD, "/usr/local/lib/crda/regulatory.bin", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/crda/regulatory.bin", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/crda/regulatory.bin", O_RDONLY) = -1 ENOENT (No such file or directory)
...
write(3, "failed to open db file: No such "..., 50failed to open db file: No such file or directory
) = 50
close(3) = 0
exit_group(-2) = ?
+++ exited with 254 +++
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The service warned on startup about running in compatibility mode since the configuration version was "3.31" instead of "3.36".
Signed-off-by: Khem Raj <raj.khem@gmail.com>
