This is Debian-specific CVE.
NVD tracks this CVE as version-less.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is gentoo specific CVE.
NVD tracks this as version-less CVE.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Our hash does not point to exact tag and CVE patch is already in.
We use: 33a8a275928b186381bb0aea0f9778e330e57ec3
Fix: 60b813a770
git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6
v0.2-262-g33a8a27
v0.2-85-g60b813a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] 6b32af3e17
[2] 359ac42a7a
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These were not updated on recipe upgrade.
To make maintenance easier, remove exact versions.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
These CVEs are specific to Debian and MAC OS X respectively.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
According to DOC/readme.txt [1]:
7-Zip and p7zip
===============
Now there are two different ports of 7-Zip for Linux/macOS:
1) p7zip - another port of 7-Zip for Linux, made by an independent developer.
The latest version of p7zip now is 16.02, and that p7zip 16.02 is outdated now.
http://sourceforge.net/projects/p7zip/
2) 7-Zip for Linux/macOS - this package - it's new code with all changes from latest 7-Zip for Windows
Add recipe 7-zip [2] to instead of recipe p7zip[3] in which the upstream is dead since 2016
Use git repo to instead of tarball
Drop obsolete patches
- CVE-2016-9296.patch
- CVE-2017-17969.patch
- CVE-2018-5996.patch
- change_numMethods_from_bool_to_unsigned.patch
- 0001-Fix-two-buffer-overflow-vulnerabilities.patch
- 0001-Fix-narrowing-errors-Wc-11-narrowing.patch
License-Update: DOC/License.txt: Add BSD-2-Clause & BSD-3-Clause
The codec libraries was removed since 21.02 [4]
Refer debian to compile 7-zip [5]
Add link 7z.so to lib7z.so and create wrapper to command 7z
which required running with absolute path to link the library 7z.so
[1] https://salsa.debian.org/debian/7zip/-/blob/master/DOC/readme.txt?ref_type=heads
[2] https://sourceforge.net/projects/p7zip/
[3] https://www.7-zip.org/
[4] 6c6ed1eba9
[5] https://salsa.debian.org/debian/7zip/-/blob/master/debian/rules
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade xfce4-panel from 4.18.6 to 4.20.0:
* add dependency libxfce4windowing
* set GDBUS_CODEGEN for configure
* rebase patches as well
The change log is at:
https://gitlab.xfce.org/xfce/xfce4-panel/-/blob/master/NEWS
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade xfdesktop from 4.18.1 to 4.20.0:
* add dependency libxfce4windowing
* set variables from glib-2.0.pc in EXTRA_OECONF since paths have been
removed from the .pc file in oe-core
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for libxfce4windowing 4.20.0 which is required by other xfce4
components such as xfce4-session, xfdesktop etc.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade xfce4-dev-tools from 4.18.1 to 4.20.0:
* add dependency meson-native
The change log is at:
https://gitlab.xfce.org/xfce/xfce4-dev-tools/-/blob/master/NEWS
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update xfconf from 4.18.2 to 4.20.0:
* update EXTRA_OECONF to remove legacy perl setting, and add config for
gdbug-codegen
The change log is at:
https://gitlab.xfce.org/xfce/xfconf/-/blob/master/NEWS
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-detect-correct-openssl-3.x.patch
removed since it's included in 0.4.13
Changelog:
=========
- Increased maximum PIN length
- Fixed several memory leaks
- Don't include libp11.rc VERSIONINFO into pkcs11
- Reimplement CI with GitHub Actions
- Improved tests
- Added static ENGINE (libpkcas11.a) build
- Added a workaround broken foreign key handling in OpenSSL
3.0.12-3.0.13, 3.1.4-3.1.5, 3.2.0-3.2.1
- Added a workaround for conflicting atexit() callbacks
- Always login with PIN If FORCE_LOGIN is specified in openssl config
- Added OAEP support to RSA_private_decrypt
- Added PKCS11_enumerate_*_ext functions
- Fixed non-null-terminated label padding
- Fixed several object management issues
- Deferred libp11 initialization until needed
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Update tumbler from 4.18.0 to 4.20.0. And set variable GDBUS_CODEGEN for
configure.
Change log is at:
https://gitlab.xfce.org/xfce/tumbler/-/blob/master/NEWS
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Use _stricmp() instead of strcasecmp() on Windows
- Accept --help & --version as aliases to -help & -version
- evargs.c: constify pointer arguments that aren't modified
- evargs.c: Use standard strchr() instead of deprecated index()
- Remove detectableRepeat variable
- Assume target platforms have strcasecmp now
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.74
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Avoid crash when converting dict with circular reference
- ci: use pixi in CI
- Mention nanobind's solution
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fix memory not released on error return from pb_decode_ex()
- Fix deprecated MakeClass() call in generator
- Fix compiler error with enums and --c-style
- Fix version conflict with bazel build rules
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed: If the ping statement did not explicitly specify an outgoing address
but a previous ping statement did, the same address was shared by both
statements.
- Fixed: Monit may crash upon stopping if the ping statement is used in
conjunction with the address option.
- Fixed: If a directory is set in the 'allow' option of the 'set httpd'
statement, instead of file or string, Monit hangs on start.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-fix-command-bin-findmnt-bin-lsblk-bin-sort-not-found.patch
removed since it's included in 2.03.29
Changelog:
===========
* Fix renaming of raid sub LVs when converting a volume to raid (2.03.28).
* Fix segfault/VG write error for raid LV 'lvextend -i|--stripes -I|--stripesize'.
* Add configure --enable/disable-sd-notify to control lvmlockd build with sd-notify.
* Allow test mode when lvmlockd is built without dlm support.
* Add a note about RAID + integrity synchronization to lvmraid(7) man page.
* Add a function for running lvconvert --repair on RAID LVs to lvmdbusd.
* Improve option section of man pages for listing commands ({pv,lv,vg}{s,display}).
* And some cleanup mostly in test code.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Fix database inconsistency resulting from some patterns of folder
updates, and possible resulting CPU churn.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Socket code has been moved to libimobiledevice-glue library
- Code cleanup (clang-tidy) and improvements
- autoconf: Fix clang-16 breakage
- Add libusbmuxd_version() function to interface
- iproxy: Use updated socket_create API to listen on IPv4 and IPv6 with a single socket
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changes:
* Revert back API change around PLIST_DATA to use char* again
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-CMakeLists.txt-respect-CMAKE_INSTALL_LIBDIR-for-mult.patc
refreshed for 6.0.2
0001-cmake-Test-for-sys-uio.h.patch
removed since it's included in 6.0.2
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Support for building the SWIG-generated R language bindings has been
integrated into the CMake build system. This is controllable by the
'-DENABLE_R={AUTO|ON|OFF}' option.
- A sandboxing wrapper, 'dot_sandbox', is now included with Graphviz. Users
should prefer their platform's native security solutions, but if nothing
better is available this wrapper offers safe processing of untrusted inputs in
some scenarios.
- JPEG images without an 'APP0' leading segment are supported for use in 'src'
fields and friends. Previously Graphviz was overly strict with the types of
JPEGs it would recognize.
- The GVPR library program 'depath' no longer acts on previously deleted nodes,
causing unpredictable results.
- Void-typed function parameters ('int foo(void bar)') and variables 'void baz;'
in GVPR are gracefully rejected.
- Input that induce a set node height but no set node width no longer crash with
the failure "Assertion failed: '(r->boundary[i] <= r->boundary[NUMDIMS + i])',
function RTreeInsert". It is typically not obvious to users when their input
falls into this situation, hence why the assertion message is quoted here.
- Strings containing double quote characters preceded by escape sequences (e.g.
'\n"') are once again correctly escaped in dot or canonical output.
- 'dot_builtins' no longer lists duplicate format options in its error messages.
- A precision error that resulted in truncated edge lines has been corrected.
This was a regression in Graphviz 12.0.0.
- The xlib plugin ('-Tx11') resets its initialization state during finalization.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Removed ACE_make_checked_array_iterator that used deprecated stdext::checked_array_iterator
- Embarcadero C++ Builder bcc64x compiler support has been updated to match the C++Builder 12.2 release
- Added support for Linux platforms that use musl-libc instead of glibc
- Improved QNX support
- Add support for std::string_view to CDR classes
- Define ACE_HAS_CPP23 when we have a C++23 capable C++ compiler
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Drop 0001-Remove-builddir-and-srcdir-paths-from-test-binaries.patch
peas-demo is not built anymore
- Add patch to disable the broken check for lgi
lgi does not support pkgconfig but it hasn't changed version since 2017
- Remove gtk+3 from depends and dont inherit gtk-icon-cache to not pull it
in again indirectly
- g-i is not required anymore and will be built depending on DISTRO_FEATURES
- Dont package the loaders into separate packages to reduce required RDEPENDS.
If a loader is not wanted on target it will be better to remove the according
PACKAGECONFIG option to also remove the dependencies?
- Move libpeas recipe to meta-gnome
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
