There is no reason to apply them only to single version when they apply
properly to all versions.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
It contains Security fixes for CVE-2026-2003, CVE-2026-2004,
CVE-2026-2005, CVE-2026-2006 and CVE-2026-2007.
It also contains other bug fixes and for more details refer Release note.
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.21
Release notes: https://www.postgresql.org/docs/release/14.21/
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-38171
This is the same as CVE-2021-30860, but that one was primarily filed
against Apple software (and some other related projects).
The patch that fixes this vulenrability is already added to the recipe,
just extend its CVE tag
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887
The vulnerability is about the default (example) configurations,
which place cache files into the /tmp folder, that is world-writeable.
The recommendation would be to place them to a more secure folder.
The recipe however does not install these example configurations,
and as such it is not vulnerable either.
Just to make sure, patch these folders to a non-tmp folder
(and also install that folder, empty).
Some more discussion about the vulnerability:
https://bugzilla.suse.com/show_bug.cgi?id=48161
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dd81ffdb68)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
While using devtool to check available versions, I noticed a 301 http error.
Specifically :
$ devtool latest-version libxfce4ui
Resolving archive.xfce.org (archive.xfce.org)... 217.70.191.87
Connecting to archive.xfce.org (archive.xfce.org)|217.70.191.87|:80... connected
.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://archive.xfce.org/src/xfce/libxfce4ui/4.20/ [following]
With this patch, we change to make the SRC_URI an https request.
A similar patch is already in master - commit 8089168196
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
oe-core has a newer version of xserver than this recipe used to compile
TigerVNC with. This recipe updates xserver to the same version, 21.1.18.
TigerVNC only started to support this xserver version 2 versions later,
with 1.13. Due to this 3 commits were backported that add the missing
changes.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Pick patch from PR in NVD report.
It is the only code change in 33.5 release.
Skip the test file change as it's not shipped in python module sources.
Resolve formatting-only conflict.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38394
The CVE has the disputed flag. The project maintainers claim that the issue
is not in gnome-setttings-daemon. If the vulnerability needs to be handled
in gnome-settings-daemon, than it is a new feature rather than a vulnerability fix.
Due to this, ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268
Pick the patch that is referenced by the NVD advisory.
The original commit also contains a lot of commenting style
changes (// vs /* */) and whitespace changes which were removed from
the backport.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
I just put it on the ignore list.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Add "Open with" right click item and dialog
- Add a command-line option for setting default sort method
- Add Ctrl+A accelerator for the treeview
- Add option to show file size in binary or decimal
- Cosmetic changes for search entry and delete dialog
- Fix Ctrl+H not always toggling hidden files
- Fix DE detection when launched from Electron apps
- Fix exo file manager lookup for non-existent keys
- Fix file manager lookup outside of Xfce
- Fix GNOME DE detection in Ubuntu
- Improve application menu appearance
- Improve default width for the sidebar
- Prepend the project root directory to sys.path
- Support running without Xfconf (no preference saving)
- Switch to using the super() method
- Use correct executable for elementary Files
- Translation Updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix releases. Note that there were no 42.3 and 42.4 releases.
42.6:
* Fix crash when pasting invalid clipboard data. CVE-2022-37290
42.5:
* Really fix the cropped compress format popover on X11
* Fix behavior inconsistencies with new tabs
* Fix memory leaks and missing signal disconnections
* Translation updates
42.2:
* Close broken link message dialog on response
* Fix crash when opening new window from pathbar
* Fix remote filesystem check
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
1.50.7:
* client: Prevent returning invalid mount cache entries
* dav: Fix authentication issues when DNS-SD URIs are used
* nfs: Fix IPv6 URI handling
* sftp/ftp: Ensure that is-symlink is always set to avoid warnings
* Translation updates
1.50.6:
* udisks2: Disconnect signal handlers to fix crashes when unmounting
* fuse: Include missing locale.h header
* Translation updates
1.50.5:
* smbbrowse: Fix empty device listing after unrelated mount failure
* udisks: Fix missing unmount notifications
* trash: Fix nfs4 and cifs monitoring
* smb: Allow renaming a file to the same name with a different case
* mtp: Emit delete event on device disconnection
* trash: Fix wrongly reported item-count
* Some other fixes and improvements
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
When gstreamer PACKAGECONFIG is enabled, packaging fails with the following error:
ERROR: gtk4-4.6.9-r0 do_package: QA Issue: gtk4: Files/directories were installed but not shipped in any package:
/usr/lib/gtk-4.0/4.0.0/media/libmedia-gstreamer.so
Fix it by packaging this file also.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Peter Marko
Ankur Tyagi
Zahir Hussain
Hitendra Prajapati
Gyorgy Sarvari
Jason Schonberg
Rohini Sangam
Vijay Anusuri
zhengruoqin